From 53a5177a6848d35e442729d14da8558f6ea7695b Mon Sep 17 00:00:00 2001 From: Xavier Denis Date: Wed, 3 Jan 2024 20:55:43 +0000 Subject: [PATCH 1/3] wip --- creusot-contracts/src/logic/ord.rs | 8 +- creusot/src/backend/clone_map.rs | 4 +- creusot/src/backend/program.rs | 120 +++++++--- creusot/src/backend/term.rs | 91 ++++++-- creusot/src/translation.rs | 90 -------- creusot/src/translation/fmir.rs | 5 +- .../src/translation/function/terminator.rs | 11 +- creusot/src/translation/pearlite/normalize.rs | 8 +- prelude/numeric.mlw | 94 ++++++++ prelude/prelude.mlw | 186 ++++++++++++--- prelude/prelude/why3session.xml | 218 ++++++++++++++++++ prelude/prelude/why3shapes.gz | Bin 0 -> 2776 bytes why3/src/exp.rs | 2 + why3/src/name.rs | 10 + 14 files changed, 658 insertions(+), 189 deletions(-) create mode 100644 prelude/numeric.mlw create mode 100644 prelude/prelude/why3session.xml create mode 100644 prelude/prelude/why3shapes.gz diff --git a/creusot-contracts/src/logic/ord.rs b/creusot-contracts/src/logic/ord.rs index e5f9177019..a3f1619ff4 100644 --- a/creusot-contracts/src/logic/ord.rs +++ b/creusot-contracts/src/logic/ord.rs @@ -149,7 +149,7 @@ macro_rules! ord_logic_impl { #[trusted] #[open] #[ghost] - #[creusot::builtins = "int.Int.(<=)"] + #[creusot::builtins = "prelude.Int.le"] fn le_log(self, _: Self) -> bool { true } @@ -157,7 +157,7 @@ macro_rules! ord_logic_impl { #[trusted] #[open] #[ghost] - #[creusot::builtins = "int.Int.(<)"] + #[creusot::builtins = "prelude.Int.lt"] fn lt_log(self, _: Self) -> bool { true } @@ -165,7 +165,7 @@ macro_rules! ord_logic_impl { #[trusted] #[open] #[ghost] - #[creusot::builtins = "int.Int.(>=)"] + #[creusot::builtins = "prelude.Int.ge"] fn ge_log(self, _: Self) -> bool { true } @@ -173,7 +173,7 @@ macro_rules! ord_logic_impl { #[trusted] #[open] #[ghost] - #[creusot::builtins = "int.Int.(>)"] + #[creusot::builtins = "prelude.Int.gt"] fn gt_log(self, _: Self) -> bool { true } diff --git a/creusot/src/backend/clone_map.rs b/creusot/src/backend/clone_map.rs index 51e6d65c23..508911f348 100644 --- a/creusot/src/backend/clone_map.rs +++ b/creusot/src/backend/clone_map.rs @@ -30,7 +30,7 @@ use crate::{ // Prelude modules #[allow(dead_code)] -#[derive(Debug, Clone, PartialEq, Eq, Hash)] +#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)] pub enum PreludeModule { Float32, Float64, @@ -58,7 +58,7 @@ pub enum PreludeModule { } impl PreludeModule { - fn qname(&self) -> QName { + pub(crate) fn qname(&self) -> QName { match self { PreludeModule::Float32 => QName::from_string("prelude.Float32").unwrap(), PreludeModule::Float64 => QName::from_string("prelude.Float64").unwrap(), diff --git a/creusot/src/backend/program.rs b/creusot/src/backend/program.rs index d222fda01e..c5fea9d602 100644 --- a/creusot/src/backend/program.rs +++ b/creusot/src/backend/program.rs @@ -12,25 +12,21 @@ use crate::{ }, ctx::{BodyId, CloneMap, TranslationCtx}, translation::{ - binop_to_binop, - fmir::{ - self, Block, Branches, Expr, ExprKind, LocalDecls, Place, RValue, Statement, Terminator, - }, + fmir::{self, *}, function::{closure_contract, promoted, ClosureContract}, - unop_to_unop, }, util::{self, module_name, ItemType}, }; use rustc_hir::{def::DefKind, def_id::DefId, Unsafety}; use rustc_middle::{ - mir::{BasicBlock, BinOp}, - ty::TyKind, + mir::{self, BasicBlock, BinOp}, + ty::{Ty, TyKind}, }; use rustc_span::DUMMY_SP; -use rustc_type_ir::{IntTy, UintTy}; +use rustc_type_ir::{FloatTy, IntTy, UintTy}; use why3::{ declaration::{self, Attribute, CfgFunction, Decl, LetDecl, LetKind, Module, Predicate, Use}, - exp::{Constant, Exp, Pattern}, + exp::{Constant, Exp, Pattern, UnOp}, mlcfg, mlcfg::BlockId, Ident, QName, @@ -336,15 +332,12 @@ impl<'tcx> Expr<'tcx> { // Hack translate_ty(ctx, names, DUMMY_SP, ty); - Exp::BinaryOp( - binop_to_binop(ctx, ty, op), - Box::new(l.to_why(ctx, names, locals)), - Box::new(r.to_why(ctx, names, locals)), - ) - } - ExprKind::UnaryOp(op, ty, arg) => { - Exp::UnaryOp(unop_to_unop(ty, op), Box::new(arg.to_why(ctx, names, locals))) + let l = l.to_why(ctx, names, locals); + let r = r.to_why(ctx, names, locals); + + binop_to_binop(ty, op, l, r) } + ExprKind::UnaryOp(op, ty, arg) => unop_to_unop(ty, op, arg.to_why(ctx, names, locals)), ExprKind::Constructor(id, subst, args) => { let args = args.into_iter().map(|a| a.to_why(ctx, names, locals)).collect(); @@ -509,7 +502,7 @@ impl<'tcx> Terminator<'tcx> { }; } Terminator::Switch(_, brs) => match brs { - Branches::Int(brs, def) => { + Branches::Int(_, brs, def) => { if *def == from { *def = to }; @@ -519,7 +512,7 @@ impl<'tcx> Terminator<'tcx> { } } } - Branches::Uint(brs, def) => { + Branches::Uint(_, brs, def) => { if *def == from { *def = to }; @@ -580,12 +573,16 @@ impl<'tcx> Branches<'tcx> { discr: Exp, ) -> mlcfg::Terminator { use why3::mlcfg::Terminator::*; - match self { - Branches::Int(brs, def) => { + Branches::Int(ty, brs, def) => { brs.into_iter().rfold(Goto(BlockId(def.into())), |acc, (val, bb)| { Switch( - discr.clone().eq(Exp::Const(why3::exp::Constant::Int(val, None))), + binop_to_binop( + ty, + BinOp::Eq, + discr.clone(), + Exp::Const(Constant::Int(val, None)), + ), vec![ (Pattern::mk_true(), Goto(BlockId(bb.into()))), (Pattern::mk_false(), acc), @@ -593,10 +590,15 @@ impl<'tcx> Branches<'tcx> { ) }) } - Branches::Uint(brs, def) => { + Branches::Uint(ty, brs, def) => { brs.into_iter().rfold(Goto(BlockId(def.into())), |acc, (val, bb)| { Switch( - discr.clone().eq(Exp::Const(why3::exp::Constant::Uint(val, None))), + binop_to_binop( + ty, + BinOp::Eq, + discr.clone(), + Exp::Const(Constant::Uint(val, None)), + ), vec![ (Pattern::mk_true(), Goto(BlockId(bb.into()))), (Pattern::mk_false(), acc), @@ -731,7 +733,73 @@ impl<'tcx> Statement<'tcx> { } } -fn int_to_prelude(ity: IntTy) -> PreludeModule { +pub(crate) fn binop_to_binop(ty: Ty, op: mir::BinOp, left: Exp, right: Exp) -> Exp { + let prelude: PreludeModule = match ty.kind() { + TyKind::Int(ity) => int_to_prelude(*ity), + TyKind::Uint(uty) => uint_to_prelude(*uty), + TyKind::Float(FloatTy::F32) => PreludeModule::Float32, + TyKind::Float(FloatTy::F64) => PreludeModule::Float64, + _ => unreachable!("non-primitive type for binary operation {ty:?}"), + }; + + let mut module = prelude.qname(); + + match op { + BinOp::Add => module.push_ident("add"), + BinOp::AddUnchecked => module.push_ident("add"), + BinOp::Sub => module.push_ident("sub"), + BinOp::SubUnchecked => module.push_ident("sub"), + BinOp::Mul => module.push_ident("mul"), + BinOp::MulUnchecked => module.push_ident("mul"), + BinOp::Div => module.push_ident("div"), + BinOp::Rem => module.push_ident("rem"), + BinOp::BitXor => module.push_ident("bw_xor"), + BinOp::BitAnd => module.push_ident("bw_and"), + BinOp::BitOr => module.push_ident("bw_or"), + BinOp::Shl => module.push_ident("shl"), + BinOp::ShlUnchecked => module.push_ident("shl"), + BinOp::Shr => module.push_ident("shr"), + BinOp::ShrUnchecked => module.push_ident("shr"), + BinOp::Eq => module.push_ident("eq"), + BinOp::Lt => module.push_ident("lt"), + BinOp::Le => module.push_ident("le"), + BinOp::Ne => module.push_ident("ne"), + BinOp::Ge => module.push_ident("ge"), + BinOp::Gt => module.push_ident("gt"), + BinOp::Offset => unimplemented!("pointer offsets are unsupported"), + }; + + module = module.without_search_path(); + Exp::impure_qvar(module).app(vec![left, right]) +} + +pub(crate) fn unop_to_unop(ty: Ty, op: rustc_middle::mir::UnOp, e: Exp) -> Exp { + let prelude: PreludeModule = match ty.kind() { + TyKind::Int(ity) => int_to_prelude(*ity), + TyKind::Uint(uty) => uint_to_prelude(*uty), + TyKind::Float(FloatTy::F32) => PreludeModule::Float32, + TyKind::Float(FloatTy::F64) => PreludeModule::Float64, + TyKind::Bool => { + assert_eq!(op, mir::UnOp::Not); + PreludeModule::Bool + } + _ => unreachable!("non-primitive type for unary operation"), + }; + + let mut module = prelude.qname(); + + match op { + mir::UnOp::Not => Exp::UnaryOp(UnOp::Not, Box::new(e)), + mir::UnOp::Neg => { + module.push_ident("neg"); + + module = module.without_search_path(); + Exp::impure_qvar(module).app_to(e) + } + } +} + +pub(crate) fn int_to_prelude(ity: IntTy) -> PreludeModule { match ity { IntTy::Isize => PreludeModule::Isize, IntTy::I8 => PreludeModule::Int8, @@ -742,7 +810,7 @@ fn int_to_prelude(ity: IntTy) -> PreludeModule { } } -fn uint_to_prelude(ity: UintTy) -> PreludeModule { +pub(crate) fn uint_to_prelude(ity: UintTy) -> PreludeModule { match ity { UintTy::Usize => PreludeModule::Usize, UintTy::U8 => PreludeModule::UInt8, diff --git a/creusot/src/backend/term.rs b/creusot/src/backend/term.rs index 63759b1b67..ce6f10a810 100644 --- a/creusot/src/backend/term.rs +++ b/creusot/src/backend/term.rs @@ -6,6 +6,8 @@ use crate::{ util::get_builtin, }; use rustc_middle::ty::{EarlyBinder, Ty, TyKind}; +use rustc_span::Symbol; +use rustc_type_ir::FloatTy; use why3::{ exp::{BinOp, Binder, Constant, Exp, Pattern as Pat, Purity}, ty::Type, @@ -62,6 +64,7 @@ impl<'tcx> Lower<'_, 'tcx> { } TermKind::Var(v) => Exp::pure_var(util::ident_of(v)), TermKind::Binary { op, box lhs, box rhs } => { + let ty = lhs.ty; let lhs = self.lower_term(lhs); let rhs = self.lower_term(rhs); @@ -71,8 +74,6 @@ impl<'tcx> Lower<'_, 'tcx> { } match (op, self.pure) { - (Div, _) => Exp::pure_var("div".into()).app(vec![lhs, rhs]), - (Rem, _) => Exp::pure_var("mod".into()).app(vec![lhs, rhs]), (Eq | Ne | Lt | Le | Gt | Ge, Purity::Program) => { let (a, lhs) = if lhs.is_pure() { (lhs, None) @@ -86,9 +87,8 @@ impl<'tcx> Lower<'_, 'tcx> { (Exp::Var("b".into(), self.pure), Some(rhs)) }; - let op = binop_to_binop(op, Purity::Logic); let mut inner = - Exp::Pure(Box::new(Exp::BinaryOp(op, Box::new(a), Box::new(b)))); + binop_to_binop(self.ctx.tcx, self.names, op, ty, Purity::Logic, a, b); if let Some(lhs) = lhs { inner = Exp::Let { @@ -108,7 +108,7 @@ impl<'tcx> Lower<'_, 'tcx> { inner } - _ => Exp::BinaryOp(binop_to_binop(op, self.pure), Box::new(lhs), Box::new(rhs)), + _ => binop_to_binop(self.ctx.tcx, self.names, op, ty, self.pure, lhs, rhs), } } TermKind::Unary { op, box arg } => { @@ -338,7 +338,11 @@ impl<'tcx> Lower<'_, 'tcx> { use rustc_hir::def_id::DefId; use rustc_middle::ty::{subst::SubstsRef, TyCtxt}; -use super::{dependency::Dependency, Why3Generator}; +use super::{ + dependency::Dependency, + program::{int_to_prelude, uint_to_prelude}, + Why3Generator, +}; pub(crate) fn lower_literal<'tcx>( ctx: &mut TranslationCtx<'tcx>, @@ -377,23 +381,70 @@ pub(crate) fn lower_literal<'tcx>( } } -fn binop_to_binop(op: pearlite::BinOp, purity: Purity) -> why3::exp::BinOp { +fn binop_module<'tcx>(tcx: TyCtxt<'tcx>, ty: Ty<'tcx>, op: pearlite::BinOp) -> PreludeModule { + use pearlite::BinOp; + match ty.kind() { + TyKind::Int(ity) => int_to_prelude(*ity), + TyKind::Uint(uty) => uint_to_prelude(*uty), + TyKind::Float(FloatTy::F32) => PreludeModule::Float32, + TyKind::Float(FloatTy::F64) => PreludeModule::Float64, + TyKind::Adt(def, _) => { + if Some(def.did()) == tcx.get_diagnostic_item(Symbol::intern("creusot_int")) { + PreludeModule::Int + } else { + PreludeModule::Bool + } + } + TyKind::Bool => PreludeModule::Bool, + _ => { + assert!(matches!(op, BinOp::Eq | BinOp::Ne)); + PreludeModule::Bool + } + } +} + +fn binop_to_binop<'tcx>( + tcx: TyCtxt<'tcx>, + names: &mut CloneMap<'tcx>, + op: pearlite::BinOp, + ty: Ty<'tcx>, + purity: Purity, + left: Exp, + right: Exp, +) -> Exp { + let prelude = binop_module(tcx, ty, op); + names.import_prelude_module(prelude); + + let mut module = prelude.qname(); match (op, purity) { - (pearlite::BinOp::Add, _) => BinOp::Add, - (pearlite::BinOp::Sub, _) => BinOp::Sub, - (pearlite::BinOp::Mul, _) => BinOp::Mul, - (pearlite::BinOp::Lt, _) => BinOp::Lt, - (pearlite::BinOp::Le, _) => BinOp::Le, - (pearlite::BinOp::Gt, _) => BinOp::Gt, - (pearlite::BinOp::Ge, _) => BinOp::Ge, - (pearlite::BinOp::Eq, Purity::Logic) => BinOp::Eq, - (pearlite::BinOp::Ne, Purity::Logic) => BinOp::Ne, - (pearlite::BinOp::And, Purity::Logic) => BinOp::LogAnd, - (pearlite::BinOp::And, Purity::Program) => BinOp::LazyAnd, - (pearlite::BinOp::Or, Purity::Logic) => BinOp::LogOr, - (pearlite::BinOp::Or, Purity::Program) => BinOp::LazyOr, + (pearlite::BinOp::Add, _) => module.push_ident("add"), + (pearlite::BinOp::Sub, _) => module.push_ident("sub"), + (pearlite::BinOp::Mul, _) => module.push_ident("mul"), + (pearlite::BinOp::Div, _) => module.push_ident("div"), + (pearlite::BinOp::Rem, _) => module.push_ident("rem"), + (pearlite::BinOp::Lt, _) => module.push_ident("lt"), + (pearlite::BinOp::Le, _) => module.push_ident("le"), + (pearlite::BinOp::Gt, _) => module.push_ident("gt"), + (pearlite::BinOp::Ge, _) => module.push_ident("ge"), + (pearlite::BinOp::Eq, Purity::Logic) => return left.eq(right), + (pearlite::BinOp::Ne, Purity::Logic) => return left.neq(right), + (pearlite::BinOp::And, Purity::Logic) => { + return Exp::BinaryOp(BinOp::LogAnd, Box::new(left), Box::new(right)) + } + (pearlite::BinOp::And, Purity::Program) => { + return Exp::BinaryOp(BinOp::LazyAnd, Box::new(left), Box::new(right)) + } + (pearlite::BinOp::Or, Purity::Logic) => { + return Exp::BinaryOp(BinOp::LogOr, Box::new(left), Box::new(right)) + } + (pearlite::BinOp::Or, Purity::Program) => { + return Exp::BinaryOp(BinOp::LazyOr, Box::new(left), Box::new(right)) + } _ => unreachable!(), } + + module = module.without_search_path(); + Exp::pure_qvar(module).app(vec![left, right]) } pub(super) fn mk_binders(func: Exp, args: Vec) -> Exp { diff --git a/creusot/src/translation.rs b/creusot/src/translation.rs index e3e112275e..b49a095099 100644 --- a/creusot/src/translation.rs +++ b/creusot/src/translation.rs @@ -19,7 +19,6 @@ use crate::{ use ctx::TranslationCtx; use heck::ToUpperCamelCase; use rustc_hir::{def::DefKind, def_id::LOCAL_CRATE}; -use rustc_middle::ty::Ty; use std::{error::Error, io::Write}; use why3::{declaration::Module, mlcfg, Print}; @@ -131,95 +130,6 @@ pub(crate) fn after_analysis(ctx: TranslationCtx) -> Result<(), Box> Ok(()) } -use rustc_middle::mir; - -pub(crate) fn binop_to_binop(ctx: &mut TranslationCtx, ty: Ty, op: mir::BinOp) -> why3::exp::BinOp { - use why3::exp::BinOp; - match op { - mir::BinOp::Add => { - if ty.is_floating_point() { - BinOp::FloatAdd - } else { - BinOp::Add - } - } - mir::BinOp::Sub => { - if ty.is_floating_point() { - BinOp::FloatSub - } else { - BinOp::Sub - } - } - mir::BinOp::Mul => { - if ty.is_floating_point() { - BinOp::FloatMul - } else { - BinOp::Mul - } - } - mir::BinOp::Div => { - if ty.is_floating_point() { - BinOp::FloatDiv - } else { - BinOp::Div - } - } - mir::BinOp::Eq => { - if ty.is_floating_point() { - BinOp::FloatEq - } else { - BinOp::Eq - } - } - mir::BinOp::Lt => { - if ty.is_floating_point() { - BinOp::FloatLt - } else { - BinOp::Lt - } - } - mir::BinOp::Le => { - if ty.is_floating_point() { - BinOp::FloatLe - } else { - BinOp::Le - } - } - mir::BinOp::Gt => { - if ty.is_floating_point() { - BinOp::FloatGt - } else { - BinOp::Gt - } - } - mir::BinOp::Ge => { - if ty.is_floating_point() { - BinOp::FloatGe - } else { - BinOp::Ge - } - } - mir::BinOp::Ne => BinOp::Ne, - mir::BinOp::Rem => BinOp::Mod, - _ => ctx.crash_and_error( - rustc_span::DUMMY_SP, - &format!("unsupported binary operation: {:?}", op), - ), - } -} - -pub(crate) fn unop_to_unop(ty: Ty, op: rustc_middle::mir::UnOp) -> why3::exp::UnOp { - match op { - rustc_middle::mir::UnOp::Not => why3::exp::UnOp::Not, - rustc_middle::mir::UnOp::Neg => { - if ty.is_floating_point() { - why3::exp::UnOp::FloatNeg - } else { - why3::exp::UnOp::Neg - } - } - } -} fn print_crate>( out: &mut W, diff --git a/creusot/src/translation/fmir.rs b/creusot/src/translation/fmir.rs index 3bdf7a1c5e..83a00957d0 100644 --- a/creusot/src/translation/fmir.rs +++ b/creusot/src/translation/fmir.rs @@ -58,6 +58,7 @@ pub enum RValue<'tcx> { Expr(Expr<'tcx>), } + #[derive(Clone, Debug)] pub struct Expr<'tcx> { pub kind: ExprKind<'tcx>, @@ -138,8 +139,8 @@ pub enum Terminator<'tcx> { #[derive(Clone)] pub enum Branches<'tcx> { - Int(Vec<(i128, BasicBlock)>, BasicBlock), - Uint(Vec<(u128, BasicBlock)>, BasicBlock), + Int(Ty<'tcx>, Vec<(i128, BasicBlock)>, BasicBlock), + Uint(Ty<'tcx>, Vec<(u128, BasicBlock)>, BasicBlock), Constructor(AdtDef<'tcx>, SubstsRef<'tcx>, Vec<(VariantIdx, BasicBlock)>, BasicBlock), Bool(BasicBlock, BasicBlock), } diff --git a/creusot/src/translation/function/terminator.rs b/creusot/src/translation/function/terminator.rs index 42e4354f0d..3d6ba320ca 100644 --- a/creusot/src/translation/function/terminator.rs +++ b/creusot/src/translation/function/terminator.rs @@ -311,15 +311,12 @@ pub(crate) fn make_switch<'tcx>( ctx.crash_and_error(si.span, "Float patterns are currently unsupported") } TyKind::Uint(_) => { - let branches: Vec<(_, BasicBlock)> = - targets.iter().map(|(val, tgt)| (val, tgt)).collect(); - Terminator::Switch(discr, Branches::Uint(branches, targets.otherwise())) + let branches = targets.iter().map(|(val, tgt)| (val, tgt)).collect(); + Terminator::Switch(discr, Branches::Uint(switch_ty, branches, targets.otherwise())) } TyKind::Int(_) => { - let branches: Vec<(_, BasicBlock)> = - targets.iter().map(|(val, tgt)| (val as i128, tgt)).collect(); - - Terminator::Switch(discr, Branches::Int(branches, targets.otherwise())) + let branches = targets.iter().map(|(val, tgt)| (val as i128, tgt)).collect(); + Terminator::Switch(discr, Branches::Int(switch_ty, branches, targets.otherwise())) } ty => unimplemented!("{ty:?}"), } diff --git a/creusot/src/translation/pearlite/normalize.rs b/creusot/src/translation/pearlite/normalize.rs index 599b814e79..758275a3a0 100644 --- a/creusot/src/translation/pearlite/normalize.rs +++ b/creusot/src/translation/pearlite/normalize.rs @@ -79,13 +79,13 @@ fn optimize_builtin<'tcx>( Some(TermKind::Binary { op: BinOp::Rem, lhs: Box::new(args.remove(0)), rhs: Box::new(args.remove(0)) }) } else if builtin_attr == Some(Symbol::intern("neg_int")) { Some(TermKind::Unary { op: pearlite::UnOp::Neg, arg: Box::new(args.remove(0)) }) - } else if builtin_attr == Some(Symbol::intern("int.Int.(<=)")) { + } else if builtin_attr == Some(Symbol::intern("prelude.Int.(<=)")) { Some(TermKind::Binary { op: BinOp::Le, lhs: Box::new(args.remove(0)), rhs: Box::new(args.remove(0)) }) - } else if builtin_attr == Some(Symbol::intern("int.Int.(<)")) { + } else if builtin_attr == Some(Symbol::intern("prelude.Int.(<)")) { Some(TermKind::Binary { op: BinOp::Lt, lhs: Box::new(args.remove(0)), rhs: Box::new(args.remove(0)) }) - } else if builtin_attr == Some(Symbol::intern("int.Int.(>=)")) { + } else if builtin_attr == Some(Symbol::intern("prelude.Int.(>=)")) { Some(TermKind::Binary { op: BinOp::Ge, lhs: Box::new(args.remove(0)), rhs: Box::new(args.remove(0)) }) - } else if builtin_attr == Some(Symbol::intern("int.Int.(>)")) { + } else if builtin_attr == Some(Symbol::intern("prelude.Int.(>)")) { Some(TermKind::Binary { op: BinOp::Gt, lhs: Box::new(args.remove(0)), rhs: Box::new(args.remove(0)) }) } else if builtin_attr == Some(Symbol::intern("==")) { Some(TermKind::Binary { op: BinOp::Eq, lhs: Box::new(args.remove(0)), rhs: Box::new(args.remove(0)) }) diff --git a/prelude/numeric.mlw b/prelude/numeric.mlw new file mode 100644 index 0000000000..12ae7f0ba9 --- /dev/null +++ b/prelude/numeric.mlw @@ -0,0 +1,94 @@ +module BoundedInt + + use int.Int + + type t + + constant min : int + constant max : int + + function to_int (n:t) : int + meta coercion function to_int + meta "model_projection" function to_int + + val to_int (n:t) : int + ensures { result = n } + + predicate in_bounds (n:int) = min <= n <= max + + axiom to_int_in_bounds: forall n:t. in_bounds n + + val of_int (n:int) : t + requires { [@expl:integer overflow] in_bounds n } + ensures { result = n } + + val function add (a:t) (b:t) : t + requires { [@expl:integer overflow] in_bounds (a + b) } + ensures { result = a + b } + + val function sub (a:t) (b:t) : t + requires { [@expl:integer overflow] in_bounds (a - b) } + ensures { result = a - b } + + val function mul (a:t) (b:t) : t + requires { [@expl:integer overflow] in_bounds (a * b) } + ensures { result = a * b } + + val function neg (a:t) : t + requires { [@expl:integer overflow] in_bounds (- a) } + ensures { result = - a } + + axiom extensionality: forall x y: t. to_int x = to_int y -> x = y + + val function eq (a:t) (b:t) : bool + ensures { result <-> a = b } + ensures { to_int a = to_int b -> result } + + val function ne (a:t) (b:t) : bool + ensures { result <-> a <> b } + ensures { to_int a <> to_int b -> result } + + val function le (a:t) (b:t) : bool + ensures { result <-> to_int a <= to_int b } + + val function lt (a:t) (b:t) : bool + ensures { result <-> to_int a < to_int b } + + val function ge (a:t) (b:t) : bool + ensures { result <-> to_int a >= to_int b } + + val function gt (a:t) (b:t) : bool + ensures { result <-> to_int a > to_int b } + + use int.ComputerDivision + + val function div (a:t) (b:t) : t + requires { [@expl:division by zero] b <> 0 } + requires { [@expl:integer overflow] in_bounds (div a b) } + ensures { result = div a b } + + val function rem (a:t) (b:t) : t + requires { [@expl:division by zero] b <> 0 } + requires { [@expl:integer overflow] in_bounds (mod a b) } + ensures { result = mod a b } + +end + +module Unsigned + + use int.Int + + let constant min_unsigned : int = 0 + + clone export BoundedInt with + constant min = min_unsigned, axiom . + + constant zero_unsigned : t + + axiom zero_unsigned_is_zero : to_int zero_unsigned = 0 + + constant radix : int + + axiom radix_def : radix = max+1 + +end \ No newline at end of file diff --git a/prelude/prelude.mlw b/prelude/prelude.mlw index 47e8c058c3..b9b4f0c872 100644 --- a/prelude/prelude.mlw +++ b/prelude/prelude.mlw @@ -9,10 +9,6 @@ module Seq function to_owned (a : 'a) : 'a = a end -module Int - use export mach.int.Int -end - (* Rust primitive types *) module Opaque @@ -22,7 +18,7 @@ module Opaque end module Bool - let eqb (a : bool) (b : bool) : bool = + let function eqb (a : bool) (b : bool) : bool = ensures { result <-> a = b } match a, b with | True, True -> True @@ -34,6 +30,16 @@ module Bool ensures { result <-> a <> b } not (eqb a b) + + function eq [@inline:trivial] (a b : 'a) : bool = a = b + function ne [@inline:trivial] (a b : 'a) : bool = a <> b + + function and (a b : bool) : bool = a /\ b + function and2 (a b : bool) : bool = a && b + function or (a b : bool) : bool = a || b + function or2 (a b : bool) : bool = a || b + + let to_int (b : bool) : int = if b then 1 else 0 @@ -55,11 +61,34 @@ module Real end -(* Signed Integer *) -module IntSize - use export mach.int.Int64 - type isize = int64 +module Int + use mach.int.Int + + let function add [@inline:trivial] (a b : int) : int = a + b + let function sub [@inline:trivial] (a b : int) : int = a - b + let function mul [@inline:trivial] (a b : int) : int = a * b + let function div [@inline:trivial] (a b : int) : int + requires { b <> 0 } + = a / b + let function rem [@inline:trivial] (a b : int) : int + requires { b <> 0 } + = a % b + let function neg [@inline:trivial] (a : int) : int = - a + + let predicate (<) [@inline:trivial] a b = a < b + let predicate (<=) [@inline:trivial] a b = a <= b + let predicate (>) [@inline:trivial] a b = a > b + let predicate (>=) [@inline:trivial] a b = a >= b + + let predicate lt [@inline:trivial] (a b : int) : bool = a < b + let predicate le [@inline:trivial] (a b : int) : bool = a <= b + let predicate gt [@inline:trivial] (a b : int) : bool = a > b + let predicate ge [@inline:trivial] (a b : int) : bool = a >= b + let predicate eq [@inline:trivial] (a b : int) : bool = a = b + let predicate ne [@inline:trivial] (a b : int) : bool = a <> b end + +(* Signed Integer *) module Int8 use int.Int @@ -69,7 +98,7 @@ module Int8 let constant max_int8 : int = 0x7f function to_int (x : int8) : int = int8'int x - clone export mach.int.Bounded_int with + clone export numeric.BoundedInt with type t = int8, constant min = int8'minInt, constant max = int8'maxInt, @@ -77,6 +106,7 @@ module Int8 lemma to_int_in_bounds, lemma extensionality end + module Int16 use int.Int @@ -86,7 +116,7 @@ module Int16 let constant max_int16 : int = 0x7fff function to_int (x : int16) : int = int16'int x - clone export mach.int.Bounded_int with + clone export numeric.BoundedInt with type t = int16, constant min = int16'minInt, constant max = int16'maxInt, @@ -94,22 +124,59 @@ module Int16 lemma to_int_in_bounds, lemma extensionality end + module Int32 - use export mach.int.Int32 + use int.Int + + type int32 = < range -0x8000_0000 0x7fff_ffff > + + let constant min_int16 : int = - 0x8000_0000 + let constant max_int16 : int = 0x7fff_ffff + function to_int (x : int32) : int = int32'int x + + clone export numeric.BoundedInt with + type t = int32, + constant min = int32'minInt, + constant max = int32'maxInt, + function to_int = int32'int, + lemma to_int_in_bounds, + lemma extensionality + end + module Int64 - use export mach.int.Int64 + use int.Int + + type int64 = < range -0x8000_0000_0000_0000 0x7fff_ffff_ffff_ffff > + + let constant min_int64 : int = - 0x8000_0000_0000_0000 + let constant max_int64 : int = 0x7fff_ffff_ffff_ffff + function to_int (x : int64) : int = int64'int x + + clone export numeric.BoundedInt with + type t = int64, + constant min = int64'minInt, + constant max = int64'maxInt, + function to_int = int64'int, + lemma to_int_in_bounds, + lemma extensionality end + +module IntSize + use export Int64 + type isize = int64 +end + module Int128 use int.Int - type int128 = < range -0x80000000000000000000000000000000 0x7fffffffffffffffffffffffffffffff > + type int128 = < range -0x8000_0000_0000_0000_0000_0000_0000_0000 0x7fff_ffff_ffff_ffff_ffff_ffff_ffff_ffff > - let constant min_int128 : int = - 0x80000000000000000000000000000000 - let constant max_int128 : int = 0x7fffffffffffffffffffffffffffffff + let constant min_int128 : int = - 0x8000_0000_0000_0000_0000_0000_0000_0000 + let constant max_int128 : int = 0x7fff_ffff_ffff_ffff_ffff_ffff_ffff_ffff function to_int (x : int128) : int = int128'int x - clone export mach.int.Bounded_int with + clone export numeric.BoundedInt with type t = int128, constant min = int128'minInt, constant max = int128'maxInt, @@ -119,10 +186,7 @@ module Int128 end (* Unsigned Integers *) -module UIntSize - use export mach.int.UInt64 - type usize = uint64 -end + module UInt8 use int.Int @@ -132,14 +196,14 @@ module UInt8 let constant max_uint8 : int = 0xff function to_int (x : uint8) : int = uint8'int x - clone export mach.int.Bounded_int with + clone export numeric.Unsigned with type t = uint8, - constant min = uint8'minInt, constant max = uint8'maxInt, function to_int = uint8'int, lemma to_int_in_bounds, lemma extensionality end + module UInt16 use int.Int @@ -149,32 +213,64 @@ module UInt16 let constant max_uint16 : int = 0xffff function to_int (x : uint16) : int = uint16'int x - clone export mach.int.Bounded_int with + clone export numeric.Unsigned with type t = uint16, - constant min = uint16'minInt, constant max = uint16'maxInt, function to_int = uint16'int, lemma to_int_in_bounds, lemma extensionality end + module UInt32 - use export mach.int.UInt32 + use int.Int + + type uint32 = < range 0x0 0xffff_ffff > + + let constant min_uint32 : int = 0x0 + let constant max_uint32 : int = 0xffff_ffff + function to_int (x : uint32) : int = uint32'int x + + clone export numeric.Unsigned with + type t = uint32, + constant max = uint32'maxInt, + function to_int = uint32'int, + lemma to_int_in_bounds, + lemma extensionality end + module UInt64 - use export mach.int.UInt64 + use int.Int + + type uint64 = < range 0x0 0xffff_ffff_ffff_ffff > + + let constant min_uint64 : int = 0x0 + let constant max_uint64 : int = 0xffff_ffff_ffff_ffff + function to_int (x : uint64) : int = uint64'int x + + clone export numeric.Unsigned with + type t = uint64, + constant max = uint64'maxInt, + function to_int = uint64'int, + lemma to_int_in_bounds, + lemma extensionality +end + + +module UIntSize + use export UInt64 + type usize = uint64 end module UInt128 use int.Int - type uint128 = < range 0x0 0xffffffffffffffffffffffffffffffff > + type uint128 = < range 0x0 0xffff_ffff_ffff_ffff_ffff_ffff_ffff_ffff > - let constant min_uint128 : int = 0x00000000000000000000000000000000 - let constant max_uint128 : int = 0xffffffffffffffffffffffffffffffff + let constant min_uint128 : int = 0x0 + let constant max_uint128 : int = 0xffff_ffff_ffff_ffff_ffff_ffff_ffff_ffff function to_int (x : uint128) : int = uint128'int x - clone export mach.int.Bounded_int with + clone export numeric.Unsigned with type t = uint128, - constant min = uint128'minInt, constant max = uint128'maxInt, function to_int = uint128'int, lemma to_int_in_bounds, @@ -183,10 +279,32 @@ end (* Floats *) module Float32 - use export ieee_float.Float32 + use ieee_float.Float32 + + let function neg (x:t) : t = .- x + let function add (x y:t) : t = x .+ y + let function sub (x y:t) : t = x .- y + let function mul (x y:t) : t = x .* y + let function div (x y:t) : t = x ./ y + + let lt (x y : t) : bool = x .< y + let le (x y : t) : bool = x .< y + let gt (x y : t) : bool = x .> y + let ge (x y : t) : bool = x .>= y end module Float64 - use export ieee_float.Float64 + use ieee_float.Float64 + + let function neg (x:t) : t = .- x + let function add (x y:t) : t = x .+ y + let function sub (x y:t) : t = x .- y + let function mul (x y:t) : t = x .* y + let function div (x y:t) : t = x ./ y + + let lt (x y : t) : bool = x .< y + let le (x y : t) : bool = x .< y + let gt (x y : t) : bool = x .> y + let ge (x y : t) : bool = x .>= y end module Char diff --git a/prelude/prelude/why3session.xml b/prelude/prelude/why3session.xml new file mode 100644 index 0000000000..4989aa79da --- /dev/null +++ b/prelude/prelude/why3session.xml @@ -0,0 +1,218 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/prelude/prelude/why3shapes.gz b/prelude/prelude/why3shapes.gz new file mode 100644 index 0000000000000000000000000000000000000000..58544309ab434ba2bca612e86ce4232f0e19dd7a GIT binary patch literal 2776 zcmV;}3Mcg+iwFP!00000|E*bFkKMKreZRkA-`b`qKn}kPr)Ut=pn*l63cVWqbPU+* z#Jf(@{`w9jQ6een8Z`>odpXpZA$iC%9NqiJ?;f6icE6?tbNbgr=AH&H_xFgoG11qrZ_|$t`P1iz^sC=T zacGt1?Ed=pQ}LbHujP}^eUI<^$ZPM!->lHRZ;pjs+elAksFz0<-~U#|*cv~S@HCJ& z>*wZx&v9xMRz7KI>^Kbe@lz~=Y>hb>3#5K-!9J&tH~0SOt^f4pDL!NCMgIZ+Oo&Jy ze|h=$+nN6|UVY?Tj1xuj{=B2<-h?+zxC_YZF5dGOKQW}|FFS(mP2R@4fb{V`e)%wo zNxJWLgxH(1jdua*<2|K!lWK=n7gJKjZ_<-_)3{H1Z<^Nw*Hl)r7mvm68D258X&*U0 z0}VktnpX^K+DD?#Kts@u>lGuK_L1!~&=9mCd_^1?uMY;w*KXak52Q2bNnh-q^c6#! z_L1~6&=9mEeZ{b*eI)%1Gz9HPUooO-A4xw04M7{ySHzL@`d}b^?bc2EK)U2T>5JWy zzG7(8K9YV08iIDDuNc;}kEEZ0hM*nkD@HW!Bk5D>S~Cu7Ee zCe2r)--$2pn_CsVHoMt}9YdS;unQNUA?UsZJBBswVFNBeL(rZ59V43d!2Jbi2wI8X z5$bAg9qoI!ZrWysP%MSknr&&XMcdi~6J<-u*u|mH8f>ZYD4(b(p`Oyx-b0lhIZ?HQ z`l*j4Tcb?;Rrk1^Gc_gt2aKk%UE{xMcbBxrys{6a7uyy7w>CVqD}hpZx_1eCvAyA2 z1aFObweLzVw)fTUJ64KLkQ1o6>}*}zMMJlZUqSZdfeNEYutc3ePhd(h+d^9+!L&o( z2M!~e!-)S$pFh3*^7Q=v-BXHzl!u>j8NY85{OEpv^YjwvsPe9!+dBrGZ^c?;oGASi zHb(BnzEy0EaU%Cq*ciE2{8qL##);-nVPoW0_U8p&`(zaUR^l~=xz=}O5juZWi{-F5RwXWdhG#dNd2 zr|t^jopndu>t39wyE=F4zfkuTcHpv8_d4=X-4)#Ndamv(=s2!9j{6mLBkD@s-5cuO zF{pcc{cMaAb)Uk<$i2F^chJT-QTHiqjNGexdl7An6Lp`$#>lO@&tF;FC!@Nzm)6F( zqwdNgbk;p}SB&heM%}fmo5DSH*UclHbx++D)6M#xx+{ct)*W@PdvT)f>fEjWLfu!` zfy++a>&QoSS8&Jcxw@~Qx;YvBYjr%duj#MKEe3xF9 zsno`#Dtep>=CkhdYZolPQ5K^wB-1 zd57j>fGK^5fqSKQ!sY)$_!42L80*o;J-BJ=X$VqC7g_L0d&U8nmr_6sQpX2s$&G3u zGNU0T9)xpRWhIG-z(g`&SbE@=S-5#4XqG_>9-YIel<8!o%$lX3rIZiSiW~4mk`|0| z&PCGP(Cn39Im?_ZPhJMnrNinbAlO&xj=kIR|92|9Ai;xDY+?=BLwCZ#W^t- zy<|Zc#uRv*i;pu*S}H8%mNHABcx7#b&)gC10F(^42(5$Hp6lp5gV{^naBjFvZ4A#w z5R8~fBoY0h(k6f^FaQhqmsn~n)x}FCjdK^CGD&jcl2gNz48$lMAW1%Zu^aIm2XtIZ zmjvL!;Sh9+nFeDRmwAS13(A7DAT03WWrzX@IR`>BGg8Uu(9K027>-5t>}75=l!&-p zT&0ZM5Gj!q0Apgt-c(==H;q{amSLL|FJL55=P|KS?w!)$xZxm#Oe83#$m}IY?&=_(13DV~X#puB(H^Zdm!g6jovmA<75J|)1_++WgmcgdPdp|o@TlOx zaEA&^6RV6>m_n3QvUuTv#R@?rrb~kPl3>ClC1aL8VvVszmzf(?W_}DFnZvaQsy*OwW=u=WgThFWQ$)S! zCAj?d0f>;ADO{dbKKY2tG|oiKumTwJy3RmGZ#5_`wrNb)$(^oLmyAUwJFZqC$ zyI}srh1i{L04FH}4y zc(qWxTL5o$k1|1l#mJ4(N+k|>c^k~Dgd=HqA5pxJDBegE#7zfga03LSj1`0cyy`I* zNX|lz5?As-@m`@|HV1qp2(f: &mut T, trigger: &Trigger) { } impl Exp { + /// Creates a program expresion for a symbol `q` pub fn impure_qvar(q: QName) -> Self { Exp::QVar(q, Purity::Program) } + /// Creates a logic expresion for a symbol `q` pub fn impure_var(v: Ident) -> Self { Exp::Var(v, Purity::Program) } diff --git a/why3/src/name.rs b/why3/src/name.rs index d1c69902f1..23d800764b 100644 --- a/why3/src/name.rs +++ b/why3/src/name.rs @@ -96,6 +96,14 @@ impl QName { self.module.last() } + /// Returns the name for symbol `id` contianed in `self`. + pub fn push_ident(&mut self, id: impl Into) { + let old = std::mem::replace(&mut self.name, id.into()); + self.module.push(old); + } + + /// Return a qualified identifier for the module of `self`. + /// Turns `file.path.Module.foo` into `file.path.Module` pub fn module_qname(mut self) -> QName { assert!(!self.module.is_empty(), "ident has no module {:?}", self); let id = self.module.pop().unwrap(); @@ -103,6 +111,8 @@ impl QName { self } + /// Strips the file path portion of a module name, + /// Turning `file.path.Module.foo` into `Module.foo` pub fn without_search_path(mut self) -> QName { let mut i = 0; while i < self.module.len() { From efe3cc800a7435523adaaae9c52c4beac0e7864e Mon Sep 17 00:00:00 2001 From: Xavier Denis Date: Wed, 3 Jan 2024 22:38:27 +0000 Subject: [PATCH 2/3] Update tests --- .../bug/01_resolve_unsoundness.mlcfg | 17 +- creusot/tests/should_fail/bug/222.mlcfg | 12 +- creusot/tests/should_fail/bug/492.mlcfg | 4 + creusot/tests/should_fail/bug/692.mlcfg | 34 +- creusot/tests/should_fail/bug/695.mlcfg | 40 +- creusot/tests/should_fail/bug/subregion.mlcfg | 2 +- .../traits/17_impl_refinement.mlcfg | 14 +- creusot/tests/should_succeed/100doors.mlcfg | 40 +- .../should_succeed/100doors/why3session.xml | 2 +- .../should_succeed/100doors/why3shapes.gz | Bin 570 -> 593 bytes creusot/tests/should_succeed/all_zero.mlcfg | 13 +- .../should_succeed/all_zero/why3session.xml | 2 +- .../should_succeed/all_zero/why3shapes.gz | Bin 397 -> 397 bytes creusot/tests/should_succeed/bdd.mlcfg | 175 +++--- .../tests/should_succeed/bdd/why3session.xml | 432 ++++++++------- .../tests/should_succeed/bdd/why3shapes.gz | Bin 14306 -> 14663 bytes .../tests/should_succeed/binary_search.mlcfg | 84 +-- .../binary_search/why3session.xml | 64 +-- .../binary_search/why3shapes.gz | Bin 2291 -> 2575 bytes .../tests/should_succeed/bug/02_derive.mlcfg | 1 + .../tests/should_succeed/bug/181_ident.mlcfg | 2 +- creusot/tests/should_succeed/bug/195.mlcfg | 2 + creusot/tests/should_succeed/bug/206.mlcfg | 14 +- .../should_succeed/bug/206/why3session.xml | 4 +- .../should_succeed/bug/206/why3shapes.gz | Bin 204 -> 202 bytes creusot/tests/should_succeed/bug/217.mlcfg | 2 +- .../should_succeed/bug/217/why3shapes.gz | Bin 128 -> 127 bytes creusot/tests/should_succeed/bug/235.mlcfg | 2 +- .../should_succeed/bug/235/why3shapes.gz | Bin 104 -> 104 bytes creusot/tests/should_succeed/bug/256.mlcfg | 2 +- creusot/tests/should_succeed/bug/271.mlcfg | 10 +- creusot/tests/should_succeed/bug/387.mlcfg | 15 +- creusot/tests/should_succeed/bug/395.mlcfg | 6 +- .../should_succeed/bug/395/why3session.xml | 2 +- .../should_succeed/bug/395/why3shapes.gz | Bin 244 -> 285 bytes creusot/tests/should_succeed/bug/463.mlcfg | 28 +- .../should_succeed/bug/463/why3session.xml | 4 +- .../should_succeed/bug/463/why3shapes.gz | Bin 236 -> 245 bytes creusot/tests/should_succeed/bug/464.mlcfg | 1 + creusot/tests/should_succeed/bug/545.mlcfg | 2 +- .../should_succeed/bug/545/why3shapes.gz | Bin 111 -> 111 bytes creusot/tests/should_succeed/bug/552.mlcfg | 2 + .../should_succeed/bug/552/why3shapes.gz | Bin 194 -> 193 bytes creusot/tests/should_succeed/bug/564.mlcfg | 4 +- creusot/tests/should_succeed/bug/594.mlcfg | 13 +- creusot/tests/should_succeed/bug/653.mlcfg | 4 +- creusot/tests/should_succeed/bug/682.mlcfg | 17 +- .../should_succeed/bug/682/why3session.xml | 4 +- .../should_succeed/bug/682/why3shapes.gz | Bin 287 -> 292 bytes creusot/tests/should_succeed/bug/691.mlcfg | 2 + creusot/tests/should_succeed/bug/766.mlcfg | 2 + creusot/tests/should_succeed/bug/797.mlcfg | 2 +- creusot/tests/should_succeed/bug/874.mlcfg | 28 +- .../should_succeed/bug/874/why3session.xml | 14 +- .../should_succeed/bug/874/why3shapes.gz | Bin 1059 -> 1058 bytes .../tests/should_succeed/bug/eq_panic.mlcfg | 1 + .../should_succeed/bug/eq_panic/why3shapes.gz | Bin 168 -> 168 bytes .../should_succeed/bug/minus_assoc.mlcfg | 4 +- .../bug/minus_assoc/why3shapes.gz | Bin 105 -> 105 bytes .../tests/should_succeed/bug/pure_neq.mlcfg | 6 +- .../should_succeed/bug/pure_neq/why3shapes.gz | Bin 102 -> 101 bytes .../tests/should_succeed/bug/two_phase.mlcfg | 12 +- .../bug/two_phase/why3session.xml | 2 +- .../bug/two_phase/why3shapes.gz | Bin 283 -> 281 bytes creusot/tests/should_succeed/cell/01.mlcfg | 6 +- .../should_succeed/cell/01/why3session.xml | 2 +- .../should_succeed/cell/01/why3shapes.gz | Bin 186 -> 213 bytes creusot/tests/should_succeed/cell/02.mlcfg | 69 +-- .../should_succeed/cell/02/why3session.xml | 69 +-- .../should_succeed/cell/02/why3shapes.gz | Bin 2035 -> 2271 bytes .../tests/should_succeed/checked_ops.mlcfg | 498 ++++++++++-------- .../checked_ops/why3session.xml | 64 +-- .../should_succeed/checked_ops/why3shapes.gz | Bin 3916 -> 4156 bytes creusot/tests/should_succeed/clones/04.mlcfg | 8 +- .../should_succeed/closures/01_basic.mlcfg | 9 +- .../should_succeed/closures/02_nested.mlcfg | 4 + .../closures/03_generic_bound.mlcfg | 12 + .../closures/04_generic_closure.mlcfg | 12 + .../should_succeed/closures/05_map.mlcfg | 11 + .../should_succeed/closures/06_fn_specs.mlcfg | 23 + .../closures/06_fn_specs/why3session.xml | 15 +- .../closures/06_fn_specs/why3shapes.gz | Bin 731 -> 727 bytes .../closures/07_mutable_capture.mlcfg | 25 +- .../07_mutable_capture/why3session.xml | 4 +- .../closures/07_mutable_capture/why3shapes.gz | Bin 414 -> 419 bytes .../closures/08_multiple_calls.mlcfg | 3 + .../should_succeed/constrained_types.mlcfg | 7 +- .../constrained_types/why3session.xml | 2 +- .../constrained_types/why3shapes.gz | Bin 137 -> 136 bytes creusot/tests/should_succeed/drop_pair.mlcfg | 4 +- .../should_succeed/drop_pair/why3session.xml | 2 +- .../should_succeed/drop_pair/why3shapes.gz | Bin 139 -> 139 bytes creusot/tests/should_succeed/duration.mlcfg | 107 ++-- .../should_succeed/filter_positive.mlcfg | 116 ++-- .../filter_positive/why3session.xml | 7 +- .../filter_positive/why3shapes.gz | Bin 879 -> 904 bytes creusot/tests/should_succeed/hashmap.mlcfg | 77 ++- .../should_succeed/hashmap/why3session.xml | 419 ++++++++------- .../should_succeed/hashmap/why3shapes.gz | Bin 9856 -> 9686 bytes .../should_succeed/heapsort_generic.mlcfg | 171 +++--- creusot/tests/should_succeed/hillel.mlcfg | 282 ++++++---- creusot/tests/should_succeed/immut.mlcfg | 1 + .../tests/should_succeed/index_range.mlcfg | 254 +++++---- .../index_range/why3session.xml | 117 ++-- .../should_succeed/index_range/why3shapes.gz | Bin 4233 -> 4445 bytes .../inplace_list_reversal.mlcfg | 4 + .../inplace_list_reversal/why3session.xml | 2 +- .../inplace_list_reversal/why3shapes.gz | Bin 397 -> 398 bytes creusot/tests/should_succeed/instant.mlcfg | 123 +++-- .../should_succeed/invariant_moves.mlcfg | 16 +- .../tests/should_succeed/ite_normalize.mlcfg | 17 +- .../ite_normalize/why3session.xml | 24 +- .../ite_normalize/why3shapes.gz | Bin 1382 -> 1382 bytes .../should_succeed/iterators/01_range.mlcfg | 23 +- .../iterators/01_range/why3session.xml | 8 +- .../iterators/01_range/why3shapes.gz | Bin 928 -> 983 bytes .../iterators/02_iter_mut.mlcfg | 57 +- .../iterators/02_iter_mut/why3session.xml | 46 +- .../iterators/02_iter_mut/why3shapes.gz | Bin 3151 -> 3174 bytes .../iterators/03_std_iterators.mlcfg | 220 +++++--- .../03_std_iterators/why3session.xml | 103 ++-- .../iterators/03_std_iterators/why3shapes.gz | Bin 6297 -> 6342 bytes .../should_succeed/iterators/04_skip.mlcfg | 20 +- .../iterators/04_skip/why3session.xml | 12 +- .../iterators/04_skip/why3shapes.gz | Bin 1015 -> 1030 bytes .../should_succeed/iterators/05_map.mlcfg | 27 +- .../iterators/05_map/why3session.xml | 31 +- .../iterators/05_map/why3shapes.gz | Bin 5863 -> 5868 bytes .../iterators/06_map_precond.mlcfg | 95 ++-- .../iterators/06_map_precond/why3session.xml | 59 ++- .../iterators/06_map_precond/why3shapes.gz | Bin 8679 -> 8695 bytes .../should_succeed/iterators/07_fuse.mlcfg | 9 + .../iterators/07_fuse/why3session.xml | 6 +- .../iterators/07_fuse/why3shapes.gz | Bin 1380 -> 1379 bytes .../iterators/08_collect_extend.mlcfg | 42 +- .../08_collect_extend/why3session.xml | 94 ++-- .../iterators/08_collect_extend/why3shapes.gz | Bin 3530 -> 3536 bytes .../should_succeed/iterators/09_empty.mlcfg | 3 + .../iterators/09_empty/why3session.xml | 2 +- .../iterators/09_empty/why3shapes.gz | Bin 477 -> 476 bytes .../should_succeed/iterators/10_once.mlcfg | 5 + .../iterators/10_once/why3session.xml | 2 +- .../iterators/10_once/why3shapes.gz | Bin 806 -> 811 bytes .../should_succeed/iterators/11_repeat.mlcfg | 6 +- .../iterators/11_repeat/why3session.xml | 2 +- .../iterators/11_repeat/why3shapes.gz | Bin 503 -> 505 bytes .../should_succeed/iterators/12_zip.mlcfg | 6 +- .../iterators/12_zip/why3session.xml | 10 +- .../iterators/12_zip/why3shapes.gz | Bin 2038 -> 2041 bytes .../should_succeed/iterators/13_cloned.mlcfg | 6 +- .../iterators/13_cloned/why3session.xml | 4 +- .../iterators/13_cloned/why3shapes.gz | Bin 723 -> 720 bytes .../should_succeed/iterators/14_copied.mlcfg | 6 +- .../iterators/14_copied/why3session.xml | 4 +- .../iterators/14_copied/why3shapes.gz | Bin 723 -> 721 bytes .../iterators/15_enumerate.mlcfg | 14 +- .../iterators/15_enumerate/why3session.xml | 32 +- .../iterators/15_enumerate/why3shapes.gz | Bin 1733 -> 1759 bytes .../should_succeed/iterators/16_take.mlcfg | 12 +- .../iterators/16_take/why3session.xml | 12 +- .../iterators/16_take/why3shapes.gz | Bin 880 -> 917 bytes creusot/tests/should_succeed/knapsack.mlcfg | 133 ++--- .../tests/should_succeed/knapsack_full.mlcfg | 236 +++++---- .../should_succeed/lang/branch_borrow_2.mlcfg | 8 +- .../tests/should_succeed/lang/float_ops.mlcfg | 24 +- .../tests/should_succeed/lang/literals.mlcfg | 4 +- .../tests/should_succeed/lang/modules.mlcfg | 2 + .../should_succeed/lang/modules/why3shapes.gz | Bin 128 -> 128 bytes .../tests/should_succeed/lang/move_path.mlcfg | 1 + .../lang/promoted_constants.mlcfg | 5 +- .../tests/should_succeed/lang/while_let.mlcfg | 1 + .../lang/while_let/why3shapes.gz | Bin 144 -> 143 bytes .../tests/should_succeed/list_index_mut.mlcfg | 39 +- .../list_index_mut/why3session.xml | 6 +- .../list_index_mut/why3shapes.gz | Bin 719 -> 725 bytes .../should_succeed/list_reversal_lasso.mlcfg | 220 ++++---- creusot/tests/should_succeed/loop.mlcfg | 1 + .../tests/should_succeed/mapping_test.mlcfg | 24 +- .../mapping_test/why3session.xml | 4 +- .../should_succeed/mapping_test/why3shapes.gz | Bin 407 -> 412 bytes creusot/tests/should_succeed/match_int.mlcfg | 8 +- .../should_succeed/match_int/why3session.xml | 2 +- .../should_succeed/match_int/why3shapes.gz | Bin 175 -> 292 bytes creusot/tests/should_succeed/mc91.mlcfg | 12 +- .../tests/should_succeed/mc91/why3session.xml | 2 +- .../tests/should_succeed/mc91/why3shapes.gz | Bin 212 -> 256 bytes creusot/tests/should_succeed/mutex.mlcfg | 11 +- .../should_succeed/mutex/why3session.xml | 10 +- .../tests/should_succeed/mutex/why3shapes.gz | Bin 531 -> 555 bytes .../should_succeed/one_side_update.mlcfg | 1 + creusot/tests/should_succeed/option.mlcfg | 63 ++- .../should_succeed/option/why3session.xml | 4 +- .../tests/should_succeed/option/why3shapes.gz | Bin 490 -> 494 bytes creusot/tests/should_succeed/ord_trait.mlcfg | 45 +- .../should_succeed/ord_trait/why3session.xml | 10 +- .../should_succeed/ord_trait/why3shapes.gz | Bin 643 -> 653 bytes .../should_succeed/projection_toggle.mlcfg | 7 +- .../projection_toggle/why3session.xml | 4 +- .../projection_toggle/why3shapes.gz | Bin 565 -> 584 bytes .../tests/should_succeed/projections.mlcfg | 3 +- creusot/tests/should_succeed/prophecy.mlcfg | 1 + .../tests/should_succeed/red_black_tree.mlcfg | 162 +++++- .../tests/should_succeed/resolve_uninit.mlcfg | 3 +- .../resolve_uninit/why3session.xml | 2 +- .../resolve_uninit/why3shapes.gz | Bin 400 -> 420 bytes creusot/tests/should_succeed/result/own.mlcfg | 38 ++ .../tests/should_succeed/result/result.mlcfg | 84 +-- .../should_succeed/rusthorn/inc_max.mlcfg | 19 +- .../rusthorn/inc_max/why3session.xml | 4 +- .../rusthorn/inc_max/why3shapes.gz | Bin 452 -> 502 bytes .../should_succeed/rusthorn/inc_max_3.mlcfg | 30 +- .../rusthorn/inc_max_3/why3session.xml | 6 +- .../rusthorn/inc_max_3/why3shapes.gz | Bin 765 -> 841 bytes .../rusthorn/inc_max_many.mlcfg | 21 +- .../rusthorn/inc_max_many/why3session.xml | 8 +- .../rusthorn/inc_max_many/why3shapes.gz | Bin 590 -> 631 bytes .../rusthorn/inc_max_repeat.mlcfg | 32 +- .../rusthorn/inc_max_repeat/why3session.xml | 6 +- .../rusthorn/inc_max_repeat/why3shapes.gz | Bin 711 -> 761 bytes .../rusthorn/inc_some_2_list.mlcfg | 42 +- .../rusthorn/inc_some_2_list/why3session.xml | 12 +- .../rusthorn/inc_some_2_list/why3shapes.gz | Bin 969 -> 989 bytes .../rusthorn/inc_some_2_tree.mlcfg | 42 +- .../rusthorn/inc_some_2_tree/why3session.xml | 12 +- .../rusthorn/inc_some_2_tree/why3shapes.gz | Bin 1100 -> 1122 bytes .../rusthorn/inc_some_list.mlcfg | 35 +- .../rusthorn/inc_some_list/why3session.xml | 12 +- .../rusthorn/inc_some_list/why3shapes.gz | Bin 883 -> 904 bytes .../rusthorn/inc_some_tree.mlcfg | 35 +- .../rusthorn/inc_some_tree/why3session.xml | 12 +- .../rusthorn/inc_some_tree/why3shapes.gz | Bin 967 -> 991 bytes .../selection_sort_generic.mlcfg | 95 +++- creusot/tests/should_succeed/slices/01.mlcfg | 31 +- .../should_succeed/slices/01/why3session.xml | 6 +- .../should_succeed/slices/01/why3shapes.gz | Bin 612 -> 679 bytes .../tests/should_succeed/slices/02_std.mlcfg | 51 +- .../tests/should_succeed/sparse_array.mlcfg | 86 +-- .../sparse_array/why3session.xml | 63 ++- .../should_succeed/sparse_array/why3shapes.gz | Bin 3734 -> 3841 bytes creusot/tests/should_succeed/spec_tests.mlcfg | 2 + .../specification/division.mlcfg | 4 +- .../specification/division/why3session.xml | 2 +- .../specification/division/why3shapes.gz | Bin 173 -> 175 bytes .../should_succeed/specification/forall.mlcfg | 16 +- .../specification/forall/why3session.xml | 2 +- .../specification/forall/why3shapes.gz | Bin 130 -> 129 bytes .../specification/logic_call.mlcfg | 1 + .../specification/logic_call/why3session.xml | 2 +- .../specification/logic_call/why3shapes.gz | Bin 120 -> 120 bytes .../specification/logic_functions.mlcfg | 3 +- .../should_succeed/specification/model.mlcfg | 2 + .../tests/should_succeed/split_borrow.mlcfg | 2 + creusot/tests/should_succeed/sum.mlcfg | 28 +- .../tests/should_succeed/sum_of_odds.mlcfg | 46 +- .../tests/should_succeed/swap_borrows.mlcfg | 4 + .../swap_borrows/why3session.xml | 2 +- .../should_succeed/swap_borrows/why3shapes.gz | Bin 320 -> 321 bytes creusot/tests/should_succeed/switch.mlcfg | 3 +- .../tests/should_succeed/switch_struct.mlcfg | 4 +- .../should_succeed/syntax/02_operators.mlcfg | 69 +-- .../should_succeed/syntax/04_assoc_prec.mlcfg | 13 +- .../syntax/05_annotations.mlcfg | 1 + .../should_succeed/syntax/05_pearlite.mlcfg | 35 +- .../syntax/06_logic_function_contracts.mlcfg | 24 +- .../why3session.xml | 7 +- .../06_logic_function_contracts/why3shapes.gz | Bin 232 -> 231 bytes .../should_succeed/syntax/09_maintains.mlcfg | 9 +- .../syntax/09_maintains/why3session.xml | 11 +- .../syntax/09_maintains/why3shapes.gz | Bin 296 -> 298 bytes .../syntax/10_mutual_rec_types.mlcfg | 15 +- .../syntax/11_array_types.mlcfg | 8 +- .../syntax/11_array_types/why3session.xml | 4 +- .../syntax/11_array_types/why3shapes.gz | Bin 305 -> 319 bytes .../should_succeed/syntax/12_ghost_code.mlcfg | 19 +- .../syntax/12_ghost_code/why3session.xml | 4 +- .../syntax/12_ghost_code/why3shapes.gz | Bin 338 -> 355 bytes .../should_succeed/syntax/13_vec_macro.mlcfg | 27 +- .../syntax/13_vec_macro/why3session.xml | 2 +- .../syntax/13_vec_macro/why3shapes.gz | Bin 374 -> 375 bytes .../should_succeed/syntax/14_const_fns.mlcfg | 2 +- .../should_succeed/syntax/derive_macros.mlcfg | 29 +- .../syntax/derive_macros/why3session.xml | 20 +- .../syntax/derive_macros/why3shapes.gz | Bin 1090 -> 1090 bytes .../tests/should_succeed/take_first_mut.mlcfg | 23 +- .../take_first_mut/why3session.xml | 2 +- .../take_first_mut/why3shapes.gz | Bin 534 -> 532 bytes creusot/tests/should_succeed/trait_impl.mlcfg | 1 + creusot/tests/should_succeed/traits/02.mlcfg | 3 + .../should_succeed/traits/02/why3shapes.gz | Bin 144 -> 143 bytes creusot/tests/should_succeed/traits/03.mlcfg | 2 + creusot/tests/should_succeed/traits/04.mlcfg | 2 + creusot/tests/should_succeed/traits/09.mlcfg | 2 +- creusot/tests/should_succeed/traits/10.mlcfg | 1 + .../traits/13_assoc_types.mlcfg | 1 + .../traits/13_assoc_types/why3shapes.gz | Bin 187 -> 187 bytes .../traits/14_assoc_in_logic.mlcfg | 1 + .../traits/15_impl_interfaces.mlcfg | 2 + .../traits/16_impl_cloning.mlcfg | 3 + .../traits/16_impl_cloning/why3session.xml | 2 +- .../traits/16_impl_cloning/why3shapes.gz | Bin 148 -> 147 bytes .../should_succeed/traits/18_trait_laws.mlcfg | 20 +- .../traits/18_trait_laws/why3session.xml | 12 +- .../traits/18_trait_laws/why3shapes.gz | Bin 286 -> 287 bytes .../type_invariants/borrows.mlcfg | 53 +- .../type_invariants/generated.mlcfg | 2 +- .../type_invariants/generated/why3session.xml | 2 +- .../type_invariants/generated/why3shapes.gz | Bin 220 -> 221 bytes .../type_invariants/non_zero.mlcfg | 16 +- .../type_invariants/non_zero/why3session.xml | 12 +- .../type_invariants/non_zero/why3shapes.gz | Bin 365 -> 372 bytes .../type_invariants/vec_inv.mlcfg | 20 +- .../type_invariants/vec_inv/why3session.xml | 2 +- .../type_invariants/vec_inv/why3shapes.gz | Bin 283 -> 283 bytes creusot/tests/should_succeed/unnest.mlcfg | 3 +- .../should_succeed/unnest/why3session.xml | 2 +- .../tests/should_succeed/unnest/why3shapes.gz | Bin 192 -> 191 bytes creusot/tests/should_succeed/vecdeque.mlcfg | 28 +- .../should_succeed/vecdeque/why3session.xml | 68 +-- .../should_succeed/vecdeque/why3shapes.gz | Bin 1959 -> 1993 bytes creusot/tests/should_succeed/vector/01.mlcfg | 33 +- .../should_succeed/vector/01/why3session.xml | 2 +- .../should_succeed/vector/01/why3shapes.gz | Bin 649 -> 653 bytes .../should_succeed/vector/02_gnome.mlcfg | 88 +++- .../vector/02_gnome/why3session.xml | 82 +-- .../vector/02_gnome/why3shapes.gz | Bin 2304 -> 2378 bytes .../vector/03_knuth_shuffle.mlcfg | 43 +- .../vector/03_knuth_shuffle/why3session.xml | 2 +- .../vector/03_knuth_shuffle/why3shapes.gz | Bin 644 -> 644 bytes .../vector/04_binary_search.mlcfg | 58 +- .../vector/04_binary_search/why3session.xml | 2 +- .../vector/04_binary_search/why3shapes.gz | Bin 458 -> 478 bytes .../vector/05_binary_search_generic.mlcfg | 94 +++- .../05_binary_search_generic/why3session.xml | 114 ++-- .../05_binary_search_generic/why3shapes.gz | Bin 2496 -> 2684 bytes .../vector/06_knights_tour.mlcfg | 186 ++++--- .../should_succeed/vector/07_read_write.mlcfg | 21 +- .../vector/07_read_write/why3session.xml | 2 +- .../vector/07_read_write/why3shapes.gz | Bin 454 -> 455 bytes .../should_succeed/vector/08_haystack.mlcfg | 64 ++- .../vector/08_haystack/why3session.xml | 70 +-- .../vector/08_haystack/why3shapes.gz | Bin 2846 -> 2891 bytes .../should_succeed/vector/09_capacity.mlcfg | 22 +- .../vector/09_capacity/why3session.xml | 4 +- .../vector/09_capacity/why3shapes.gz | Bin 423 -> 424 bytes 344 files changed, 4854 insertions(+), 3293 deletions(-) diff --git a/creusot/tests/should_fail/bug/01_resolve_unsoundness.mlcfg b/creusot/tests/should_fail/bug/01_resolve_unsoundness.mlcfg index cd8333384e..578f0ff462 100644 --- a/creusot/tests/should_fail/bug/01_resolve_unsoundness.mlcfg +++ b/creusot/tests/should_fail/bug/01_resolve_unsoundness.mlcfg @@ -94,11 +94,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -116,11 +116,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module Alloc_Alloc_Global_Type type t_global = @@ -130,6 +130,7 @@ end module Alloc_Vec_Impl0_New_Interface type t use seq.Seq + use prelude.Int use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -214,6 +215,7 @@ module Alloc_Vec_Impl1_Push_Interface type a use prelude.Borrow use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv3 with type t = Seq.seq t @@ -273,6 +275,7 @@ end module C01ResolveUnsoundness_MakeVecOfSize use prelude.Int use prelude.UIntSize + use prelude.Bool use prelude.Borrow use seq.Seq clone CreusotContracts_Invariant_Inv_Interface as Inv3 with @@ -352,11 +355,11 @@ module C01ResolveUnsoundness_MakeVecOfSize goto BB2 } BB2 { - invariant { [#"../01_resolve_unsoundness.rs" 12 16 12 37] (0 : usize) <= i /\ i <= n }; + invariant { [#"../01_resolve_unsoundness.rs" 12 16 12 37] Int.le (0 : usize) i /\ Int.le i n }; goto BB3 } BB3 { - switch ([#"../01_resolve_unsoundness.rs" 13 10 13 16] i <= n) + switch ([#"../01_resolve_unsoundness.rs" 13 10 13 16] UIntSize.le i n) | False -> goto BB6 | True -> goto BB4 end @@ -369,7 +372,7 @@ module C01ResolveUnsoundness_MakeVecOfSize goto BB5 } BB5 { - i <- ([#"../01_resolve_unsoundness.rs" 15 8 15 14] i + ([#"../01_resolve_unsoundness.rs" 15 13 15 14] [#"../01_resolve_unsoundness.rs" 15 13 15 14] (1 : usize))); + i <- ([#"../01_resolve_unsoundness.rs" 15 8 15 14] UIntSize.add i ([#"../01_resolve_unsoundness.rs" 15 13 15 14] [#"../01_resolve_unsoundness.rs" 15 13 15 14] (1 : usize))); goto BB2 } BB6 { diff --git a/creusot/tests/should_fail/bug/222.mlcfg b/creusot/tests/should_fail/bug/222.mlcfg index e17b15fca8..bf9faa712c 100644 --- a/creusot/tests/should_fail/bug/222.mlcfg +++ b/creusot/tests/should_fail/bug/222.mlcfg @@ -35,10 +35,10 @@ module C222_A_IsTrue_Interface type self = self function is_true [#"../222.rs" 14 4 14 16] (_1 : ()) : () val is_true [#"../222.rs" 14 4 14 16] (_1 : ()) : () - ensures { [#"../222.rs" 13 14 13 34] Mktrue0.mktrue () <= 10 } + ensures { [#"../222.rs" 13 14 13 34] Int.le (Mktrue0.mktrue ()) 10 } ensures { result = is_true _1 } - axiom is_true_spec : forall _1 : () . [#"../222.rs" 13 14 13 34] Mktrue0.mktrue () <= 10 + axiom is_true_spec : forall _1 : () . [#"../222.rs" 13 14 13 34] Int.le (Mktrue0.mktrue ()) 10 end module C222_A_IsTrue type self @@ -48,10 +48,10 @@ module C222_A_IsTrue function is_true [#"../222.rs" 14 4 14 16] (_1 : ()) : () = [#"../222.rs" 15 8 15 10] () val is_true [#"../222.rs" 14 4 14 16] (_1 : ()) : () - ensures { [#"../222.rs" 13 14 13 34] Mktrue0.mktrue () <= 10 } + ensures { [#"../222.rs" 13 14 13 34] Int.le (Mktrue0.mktrue ()) 10 } ensures { result = is_true _1 } - axiom is_true_spec : forall _1 : () . [#"../222.rs" 13 14 13 34] Mktrue0.mktrue () <= 10 + axiom is_true_spec : forall _1 : () . [#"../222.rs" 13 14 13 34] Int.le (Mktrue0.mktrue ()) 10 end module C222_A_IsTrue_Impl type self @@ -59,7 +59,7 @@ module C222_A_IsTrue_Impl clone C222_A_Mktrue_Interface as Mktrue0 with type self = self let rec ghost function is_true [#"../222.rs" 14 4 14 16] (_1 : ()) : () - ensures { [#"../222.rs" 13 14 13 34] Mktrue0.mktrue () <= 10 } + ensures { [#"../222.rs" 13 14 13 34] Int.le (Mktrue0.mktrue ()) 10 } = [@vc:do_not_keep_trace] [@vc:sp] [#"../222.rs" 15 8 15 10] () @@ -171,6 +171,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -186,6 +187,7 @@ end module Core_Option_Impl0_Take_Interface type t use prelude.Borrow + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Core_Option_Option_Type.t_option t diff --git a/creusot/tests/should_fail/bug/492.mlcfg b/creusot/tests/should_fail/bug/492.mlcfg index 78ea48d2ea..ce463e9e40 100644 --- a/creusot/tests/should_fail/bug/492.mlcfg +++ b/creusot/tests/should_fail/bug/492.mlcfg @@ -34,6 +34,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -49,6 +50,7 @@ end module C492_ReborrowTuple_Interface type t use prelude.Borrow + use prelude.Bool use prelude.Int use prelude.UInt32 clone CreusotContracts_Invariant_Inv_Stub as Inv1 with @@ -66,6 +68,7 @@ module C492_ReborrowTuple use prelude.Int use prelude.UInt32 use prelude.Borrow + use prelude.Bool clone CreusotContracts_Invariant_Inv_Interface as Inv2 with type t = (borrowed t, uint32) clone TyInv_Trivial as TyInv_Trivial2 with @@ -144,6 +147,7 @@ end module CreusotContracts_Resolve_Impl0_Resolve type t1 type t2 + use prelude.Bool clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve1 with type self = t2 clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve0 with diff --git a/creusot/tests/should_fail/bug/692.mlcfg b/creusot/tests/should_fail/bug/692.mlcfg index ed0a9d337d..586ca22892 100644 --- a/creusot/tests/should_fail/bug/692.mlcfg +++ b/creusot/tests/should_fail/bug/692.mlcfg @@ -150,6 +150,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -160,6 +161,7 @@ module CreusotContracts_Std1_Ops_Impl2_FnMut_Stub type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -185,6 +187,7 @@ module CreusotContracts_Std1_Ops_Impl2_FnMut_Interface type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -218,6 +221,7 @@ module CreusotContracts_Std1_Ops_Impl2_FnMut type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -280,6 +284,7 @@ end module CreusotContracts_Std1_Ops_Impl2_FnOnce_Stub type args type f + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -304,6 +309,7 @@ end module CreusotContracts_Std1_Ops_Impl2_FnOnce_Interface type args type f + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -336,6 +342,7 @@ end module CreusotContracts_Std1_Ops_Impl2_FnOnce type args type f + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -569,6 +576,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce_Stub type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -596,6 +604,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce_Interface type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -631,6 +640,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -665,6 +675,7 @@ end module C692_Incorrect_Interface type c type b + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = b clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -689,6 +700,7 @@ end module C692_Incorrect type c type b + use prelude.Bool use prelude.Borrow clone CreusotContracts_Std1_Ops_Impl1_Unnest_Interface as Unnest0 with type args = (), @@ -867,6 +879,7 @@ module C692_ValidNormal_Closure2_Interface use prelude.Borrow use prelude.Int use prelude.UInt32 + use prelude.Bool clone CreusotContracts_Resolve_Impl1_Resolve_Stub as Resolve0 with type t = uint32 let function field_0 [#"../692.rs" 15 17 15 64] (self : c692_validnormal_closure2) : borrowed uint32 @@ -895,6 +908,7 @@ module C692_ValidNormal_Closure2 use prelude.Int use prelude.UInt32 use prelude.Borrow + use prelude.Bool clone CreusotContracts_Resolve_Impl1_Resolve as Resolve1 with type t = uint32 clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with @@ -963,6 +977,7 @@ module C692_ValidNormal_Closure1_Interface use export C692_ValidNormal_Closure1_Type use prelude.Int use prelude.UInt32 + use prelude.Bool use prelude.Borrow let function field_0 [#"../692.rs" 13 15 13 47] (self : c692_validnormal_closure1) : uint32 = [@vc:do_not_keep_trace] [@vc:sp] @@ -974,15 +989,15 @@ module C692_ValidNormal_Closure1_Interface predicate precondition [#"../692.rs" 13 15 13 47] (self : c692_validnormal_closure1) (_ : ()) = [#"../692.rs" 1 0 1 0] true predicate postcondition_once [#"../692.rs" 13 15 13 47] (self : c692_validnormal_closure1) (_ : ()) (result : bool) = - [#"../692.rs" 13 25 13 45] result = (field_0 self > (7 : uint32)) + [#"../692.rs" 13 25 13 45] result = Int.gt (field_0 self) (7 : uint32) predicate postcondition_mut [#"../692.rs" 13 15 13 47] (self : borrowed c692_validnormal_closure1) (_ : ()) (result : bool) = - [#"../692.rs" 1 0 1 0] result = (field_0 ( ^ self) > (7 : uint32)) /\ unnest ( * self) ( ^ self) + [#"../692.rs" 1 0 1 0] result = Int.gt (field_0 ( ^ self)) (7 : uint32) /\ unnest ( * self) ( ^ self) predicate postcondition [#"../692.rs" 13 15 13 47] (self : c692_validnormal_closure1) (_ : ()) (result : bool) = - [#"../692.rs" 13 25 13 45] result = (field_0 self > (7 : uint32)) + [#"../692.rs" 13 25 13 45] result = Int.gt (field_0 self) (7 : uint32) val c692_ValidNormal_Closure1 [#"../692.rs" 13 15 13 47] (_1 : c692_validnormal_closure1) : bool - ensures { [#"../692.rs" 13 25 13 45] result = (field_0 _1 > (7 : uint32)) } + ensures { [#"../692.rs" 13 25 13 45] result = Int.gt (field_0 _1) (7 : uint32) } end module C692_ValidNormal_Closure1 @@ -990,6 +1005,7 @@ module C692_ValidNormal_Closure1 use prelude.Int use prelude.UInt32 use prelude.Borrow + use prelude.Bool let function field_0 [#"../692.rs" 13 15 13 47] (self : c692_validnormal_closure1) : uint32 = [@vc:do_not_keep_trace] [@vc:sp] [#"../692.rs" 1 0 1 0] let C692_ValidNormal_Closure1 a = self in a @@ -1000,15 +1016,15 @@ module C692_ValidNormal_Closure1 predicate precondition [#"../692.rs" 13 15 13 47] (self : c692_validnormal_closure1) (_ : ()) = [#"../692.rs" 1 0 1 0] true predicate postcondition_once [#"../692.rs" 13 15 13 47] (self : c692_validnormal_closure1) (_ : ()) (result : bool) = - [#"../692.rs" 13 25 13 45] result = (field_0 self > (7 : uint32)) + [#"../692.rs" 13 25 13 45] result = Int.gt (field_0 self) (7 : uint32) predicate postcondition_mut [#"../692.rs" 13 15 13 47] (self : borrowed c692_validnormal_closure1) (_ : ()) (result : bool) = - [#"../692.rs" 1 0 1 0] result = (field_0 ( ^ self) > (7 : uint32)) /\ unnest ( * self) ( ^ self) + [#"../692.rs" 1 0 1 0] result = Int.gt (field_0 ( ^ self)) (7 : uint32) /\ unnest ( * self) ( ^ self) predicate postcondition [#"../692.rs" 13 15 13 47] (self : c692_validnormal_closure1) (_ : ()) (result : bool) = - [#"../692.rs" 13 25 13 45] result = (field_0 self > (7 : uint32)) + [#"../692.rs" 13 25 13 45] result = Int.gt (field_0 self) (7 : uint32) let rec cfg c692_ValidNormal_Closure1 [#"../692.rs" 13 15 13 47] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : c692_validnormal_closure1) : bool - ensures { [#"../692.rs" 13 25 13 45] result = (field_0 _1 > (7 : uint32)) } + ensures { [#"../692.rs" 13 25 13 45] result = Int.gt (field_0 _1) (7 : uint32) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : bool; @@ -1018,7 +1034,7 @@ module C692_ValidNormal_Closure1 goto BB0 } BB0 { - res <- ([#"../692.rs" 14 7 14 15] field_0 _1 > ([#"../692.rs" 14 11 14 15] [#"../692.rs" 14 11 14 15] (7 : uint32))); + res <- ([#"../692.rs" 14 7 14 15] UInt32.gt (field_0 _1) ([#"../692.rs" 14 11 14 15] [#"../692.rs" 14 11 14 15] (7 : uint32))); _0 <- res; return _0 } diff --git a/creusot/tests/should_fail/bug/695.mlcfg b/creusot/tests/should_fail/bug/695.mlcfg index 79d9910220..567fee3f8f 100644 --- a/creusot/tests/should_fail/bug/695.mlcfg +++ b/creusot/tests/should_fail/bug/695.mlcfg @@ -319,6 +319,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -329,6 +330,7 @@ module CreusotContracts_Std1_Ops_Impl2_FnMut_Stub type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -354,6 +356,7 @@ module CreusotContracts_Std1_Ops_Impl2_FnMut_Interface type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -387,6 +390,7 @@ module CreusotContracts_Std1_Ops_Impl2_FnMut type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -419,6 +423,7 @@ end module CreusotContracts_Std1_Ops_Impl2_FnOnce_Stub type args type f + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -443,6 +448,7 @@ end module CreusotContracts_Std1_Ops_Impl2_FnOnce_Interface type args type f + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -475,6 +481,7 @@ end module CreusotContracts_Std1_Ops_Impl2_FnOnce type args type f + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -708,6 +715,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce_Stub type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -735,6 +743,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce_Interface type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -770,6 +779,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -804,6 +814,7 @@ end module C695_InversedIf_Interface type c type b + use prelude.Bool clone CreusotContracts_Std1_Ops_Impl0_PostconditionOnce_Stub as PostconditionOnce0 with type args = bool, type f = b, @@ -832,6 +843,7 @@ end module C695_InversedIf type c type b + use prelude.Bool use prelude.Borrow clone CreusotContracts_Std1_Ops_Impl1_Unnest_Interface as Unnest0 with type args = (), @@ -1069,6 +1081,7 @@ module C695_Valid_Closure2_Interface use prelude.Borrow use prelude.Int use prelude.UInt32 + use prelude.Bool clone CreusotContracts_Resolve_Impl1_Resolve_Stub as Resolve0 with type t = uint32 let function field_0 [#"../695.rs" 19 17 19 64] (self : c695_valid_closure2) : borrowed uint32 @@ -1096,6 +1109,7 @@ module C695_Valid_Closure2 use prelude.Int use prelude.UInt32 use prelude.Borrow + use prelude.Bool clone CreusotContracts_Resolve_Impl1_Resolve as Resolve1 with type t = uint32 clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with @@ -1163,6 +1177,7 @@ module C695_Valid_Closure1_Interface use export C695_Valid_Closure1_Type use prelude.Int use prelude.UInt32 + use prelude.Bool use prelude.Borrow let function field_0 [#"../695.rs" 17 15 17 47] (self : c695_valid_closure1) : uint32 = [@vc:do_not_keep_trace] [@vc:sp] @@ -1174,14 +1189,14 @@ module C695_Valid_Closure1_Interface predicate precondition [#"../695.rs" 17 15 17 47] (self : c695_valid_closure1) (_ : ()) = [#"../695.rs" 1 0 1 0] true predicate postcondition_once [#"../695.rs" 17 15 17 47] (self : c695_valid_closure1) (_ : ()) (result : bool) = - [#"../695.rs" 17 25 17 45] result = (field_0 self > (7 : uint32)) + [#"../695.rs" 17 25 17 45] result = Int.gt (field_0 self) (7 : uint32) predicate postcondition_mut [#"../695.rs" 17 15 17 47] (self : borrowed c695_valid_closure1) (_ : ()) (result : bool) = - [#"../695.rs" 1 0 1 0] result = (field_0 ( ^ self) > (7 : uint32)) /\ unnest ( * self) ( ^ self) + [#"../695.rs" 1 0 1 0] result = Int.gt (field_0 ( ^ self)) (7 : uint32) /\ unnest ( * self) ( ^ self) predicate postcondition [#"../695.rs" 17 15 17 47] (self : c695_valid_closure1) (_ : ()) (result : bool) = - [#"../695.rs" 17 25 17 45] result = (field_0 self > (7 : uint32)) + [#"../695.rs" 17 25 17 45] result = Int.gt (field_0 self) (7 : uint32) val c695_Valid_Closure1 [#"../695.rs" 17 15 17 47] (_1 : c695_valid_closure1) : bool - ensures { [#"../695.rs" 17 25 17 45] result = (field_0 _1 > (7 : uint32)) } + ensures { [#"../695.rs" 17 25 17 45] result = Int.gt (field_0 _1) (7 : uint32) } end module C695_Valid_Closure1 @@ -1189,6 +1204,7 @@ module C695_Valid_Closure1 use prelude.Int use prelude.UInt32 use prelude.Borrow + use prelude.Bool let function field_0 [#"../695.rs" 17 15 17 47] (self : c695_valid_closure1) : uint32 = [@vc:do_not_keep_trace] [@vc:sp] [#"../695.rs" 1 0 1 0] let C695_Valid_Closure1 a = self in a @@ -1199,14 +1215,14 @@ module C695_Valid_Closure1 predicate precondition [#"../695.rs" 17 15 17 47] (self : c695_valid_closure1) (_ : ()) = [#"../695.rs" 1 0 1 0] true predicate postcondition_once [#"../695.rs" 17 15 17 47] (self : c695_valid_closure1) (_ : ()) (result : bool) = - [#"../695.rs" 17 25 17 45] result = (field_0 self > (7 : uint32)) + [#"../695.rs" 17 25 17 45] result = Int.gt (field_0 self) (7 : uint32) predicate postcondition_mut [#"../695.rs" 17 15 17 47] (self : borrowed c695_valid_closure1) (_ : ()) (result : bool) = - [#"../695.rs" 1 0 1 0] result = (field_0 ( ^ self) > (7 : uint32)) /\ unnest ( * self) ( ^ self) + [#"../695.rs" 1 0 1 0] result = Int.gt (field_0 ( ^ self)) (7 : uint32) /\ unnest ( * self) ( ^ self) predicate postcondition [#"../695.rs" 17 15 17 47] (self : c695_valid_closure1) (_ : ()) (result : bool) = - [#"../695.rs" 17 25 17 45] result = (field_0 self > (7 : uint32)) + [#"../695.rs" 17 25 17 45] result = Int.gt (field_0 self) (7 : uint32) let rec cfg c695_Valid_Closure1 [#"../695.rs" 17 15 17 47] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : c695_valid_closure1) : bool - ensures { [#"../695.rs" 17 25 17 45] result = (field_0 _1 > (7 : uint32)) } + ensures { [#"../695.rs" 17 25 17 45] result = Int.gt (field_0 _1) (7 : uint32) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : bool; @@ -1216,7 +1232,7 @@ module C695_Valid_Closure1 goto BB0 } BB0 { - res <- ([#"../695.rs" 18 7 18 15] field_0 _1 > ([#"../695.rs" 18 11 18 15] [#"../695.rs" 18 11 18 15] (7 : uint32))); + res <- ([#"../695.rs" 18 7 18 15] UInt32.gt (field_0 _1) ([#"../695.rs" 18 11 18 15] [#"../695.rs" 18 11 18 15] (7 : uint32))); _0 <- res; return _0 } @@ -1225,14 +1241,16 @@ end module C695_Valid_Interface use prelude.Int use prelude.UInt32 + use prelude.Bool val valid [#"../695.rs" 15 0 15 27] (n : uint32) : uint32 - ensures { [#"../695.rs" 14 10 14 71] n > (7 : uint32) /\ result = (2 : uint32) \/ n <= (7 : uint32) /\ result = (1 : uint32) } + ensures { [#"../695.rs" 14 10 14 71] Int.gt n (7 : uint32) /\ result = (2 : uint32) \/ Int.le n (7 : uint32) /\ result = (1 : uint32) } end module C695_Valid use prelude.Int use prelude.UInt32 use prelude.Borrow + use prelude.Bool clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with type t = uint32 clone C695_Valid_Closure2_Interface as Closure20 with @@ -1260,7 +1278,7 @@ module C695_Valid predicate Inv0.inv = Inv0.inv, predicate Inv1.inv = Inv1.inv let rec cfg valid [#"../695.rs" 15 0 15 27] [@cfg:stackify] [@cfg:subregion_analysis] (n : uint32) : uint32 - ensures { [#"../695.rs" 14 10 14 71] n > (7 : uint32) /\ result = (2 : uint32) \/ n <= (7 : uint32) /\ result = (1 : uint32) } + ensures { [#"../695.rs" 14 10 14 71] Int.gt n (7 : uint32) /\ result = (2 : uint32) \/ Int.le n (7 : uint32) /\ result = (1 : uint32) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : uint32; diff --git a/creusot/tests/should_fail/bug/subregion.mlcfg b/creusot/tests/should_fail/bug/subregion.mlcfg index 9453f5569a..d718b4a9ef 100644 --- a/creusot/tests/should_fail/bug/subregion.mlcfg +++ b/creusot/tests/should_fail/bug/subregion.mlcfg @@ -27,7 +27,7 @@ module Subregion_ListReversalH goto BB2 } BB2 { - switch ([#"../subregion.rs" 6 10 6 16] l <> ([#"../subregion.rs" 6 15 6 16] [#"../subregion.rs" 6 15 6 16] (0 : usize))) + switch ([#"../subregion.rs" 6 10 6 16] UIntSize.ne l ([#"../subregion.rs" 6 15 6 16] [#"../subregion.rs" 6 15 6 16] (0 : usize))) | False -> goto BB4 | True -> goto BB3 end diff --git a/creusot/tests/should_fail/traits/17_impl_refinement.mlcfg b/creusot/tests/should_fail/traits/17_impl_refinement.mlcfg index e004e4e86d..ad52729640 100644 --- a/creusot/tests/should_fail/traits/17_impl_refinement.mlcfg +++ b/creusot/tests/should_fail/traits/17_impl_refinement.mlcfg @@ -5,7 +5,7 @@ module C17ImplRefinement_Impl0_MyFunction_Interface use prelude.Borrow val my_function [#"../17_impl_refinement.rs" 14 4 14 34] (self : ()) : usize requires {[#"../17_impl_refinement.rs" 12 15 12 19] true} - ensures { [#"../17_impl_refinement.rs" 13 14 13 27] UIntSize.to_int result >= 15 } + ensures { [#"../17_impl_refinement.rs" 13 14 13 27] Int.ge (UIntSize.to_int result) 15 } end module C17ImplRefinement_Impl0_MyFunction @@ -14,7 +14,7 @@ module C17ImplRefinement_Impl0_MyFunction use prelude.Borrow let rec cfg my_function [#"../17_impl_refinement.rs" 14 4 14 34] [@cfg:stackify] [@cfg:subregion_analysis] (self : ()) : usize requires {[#"../17_impl_refinement.rs" 12 15 12 19] true} - ensures { [#"../17_impl_refinement.rs" 13 14 13 27] UIntSize.to_int result >= 15 } + ensures { [#"../17_impl_refinement.rs" 13 14 13 27] Int.ge (UIntSize.to_int result) 15 } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : usize; @@ -37,7 +37,7 @@ module C17ImplRefinement_Impl1_NeedFalse_Interface use prelude.Int function need_false [#"../17_impl_refinement.rs" 29 4 29 25] (y : uint64) : () val need_false [#"../17_impl_refinement.rs" 29 4 29 25] (y : uint64) : () - requires {[#"../17_impl_refinement.rs" 28 15 28 23] UInt64.to_int y >= 15} + requires {[#"../17_impl_refinement.rs" 28 15 28 23] Int.ge (UInt64.to_int y) 15} ensures { result = need_false y } end @@ -47,7 +47,7 @@ module C17ImplRefinement_Impl1_NeedFalse function need_false [#"../17_impl_refinement.rs" 29 4 29 25] (y : uint64) : () = [#"../17_impl_refinement.rs" 27 4 27 12] () val need_false [#"../17_impl_refinement.rs" 29 4 29 25] (y : uint64) : () - requires {[#"../17_impl_refinement.rs" 28 15 28 23] UInt64.to_int y >= 15} + requires {[#"../17_impl_refinement.rs" 28 15 28 23] Int.ge (UInt64.to_int y) 15} ensures { result = need_false y } end @@ -55,7 +55,7 @@ module C17ImplRefinement_Impl1_NeedFalse_Impl use prelude.UInt64 use prelude.Int let rec ghost function need_false [#"../17_impl_refinement.rs" 29 4 29 25] (y : uint64) : () - requires {[#"../17_impl_refinement.rs" 28 15 28 23] UInt64.to_int y >= 15} + requires {[#"../17_impl_refinement.rs" 28 15 28 23] Int.ge (UInt64.to_int y) 15} = [@vc:do_not_keep_trace] [@vc:sp] [#"../17_impl_refinement.rs" 27 4 27 12] () @@ -95,10 +95,10 @@ module C17ImplRefinement_Impl0 type t = (), predicate Inv0.inv = Inv0.inv, axiom . - goal my_function_refn : [#"../17_impl_refinement.rs" 14 4 14 34] forall self : () . Inv0.inv self -> (forall result : usize . UIntSize.to_int result >= 15 -> UIntSize.to_int result >= 10) + goal my_function_refn : [#"../17_impl_refinement.rs" 14 4 14 34] forall self : () . Inv0.inv self -> (forall result : usize . Int.ge (UIntSize.to_int result) 15 -> Int.ge (UIntSize.to_int result) 10) end module C17ImplRefinement_Impl1 use prelude.Int use prelude.UInt64 - goal need_false_refn : [#"../17_impl_refinement.rs" 29 4 29 25] forall x : uint64 . UInt64.to_int x >= 10 -> UInt64.to_int x >= 15 + goal need_false_refn : [#"../17_impl_refinement.rs" 29 4 29 25] forall x : uint64 . Int.ge (UInt64.to_int x) 10 -> Int.ge (UInt64.to_int x) 15 end diff --git a/creusot/tests/should_succeed/100doors.mlcfg b/creusot/tests/should_succeed/100doors.mlcfg index 35263c85b9..5e2564835b 100644 --- a/creusot/tests/should_succeed/100doors.mlcfg +++ b/creusot/tests/should_succeed/100doors.mlcfg @@ -79,6 +79,7 @@ end module CreusotContracts_Std1_Iter_Range_Impl0_Produces type idx use seq.Seq + use prelude.Bool use prelude.Int use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with @@ -88,7 +89,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Produces predicate produces (self : Core_Ops_Range_Range_Type.t_range idx) (visited : Seq.seq idx) (o : Core_Ops_Range_Range_Type.t_range idx) = - [#"../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) <= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) /\ (Seq.length visited > 0 -> DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) <= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end o)) /\ Seq.length visited = DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) - DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> DeepModel0.deep_model (Seq.get visited i) = DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) + i) + [#"../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ Int.le (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) /\ (Int.gt (Seq.length visited) 0 -> Int.le (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end o))) /\ Seq.length visited = Int.sub (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length visited) -> DeepModel0.deep_model (Seq.get visited i) = Int.add (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) i) val produces (self : Core_Ops_Range_Range_Type.t_range idx) (visited : Seq.seq idx) (o : Core_Ops_Range_Range_Type.t_range idx) : bool ensures { result = produces self visited o } @@ -169,11 +170,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -191,11 +192,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Resolve_Impl1_Resolve_Stub type t @@ -213,6 +214,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -314,6 +316,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve type t use prelude.Int use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -335,7 +338,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve predicate Inv1.inv = Inv1.inv, axiom . predicate resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) = - [#"../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Resolve0.resolve (IndexLogic0.index_logic self i) + [#"../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Resolve0.resolve (IndexLogic0.index_logic self i) val resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = resolve self } @@ -345,6 +348,7 @@ module Alloc_Vec_FromElem_Interface use seq.Seq use prelude.UIntSize use prelude.Int + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv2 with type t = Seq.seq t @@ -368,7 +372,7 @@ module Alloc_Vec_FromElem_Interface val from_elem (elem : t) (n : usize) : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) requires {Inv0.inv elem} ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 157 22 157 41] Seq.length (ShallowModel0.shallow_model result) = UIntSize.to_int n } - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 158 12 158 78] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> IndexLogic0.index_logic result i = elem } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 158 12 158 78] forall i : int . Int.le 0 i /\ Int.lt i (UIntSize.to_int n) -> IndexLogic0.index_logic result i = elem } ensures { Inv1.inv result } end @@ -749,6 +753,7 @@ module Alloc_Vec_Impl13_IndexMut_Interface type a use prelude.Borrow use seq.Seq + use prelude.Int use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv4 with @@ -832,6 +837,7 @@ module CreusotContracts_Std1_Iter_Impl0_IntoIterPost_Interface end module CreusotContracts_Std1_Iter_Impl0_IntoIterPost type i + use prelude.Bool predicate into_iter_post (self : i) (res : i) = [#"../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19] self = res val into_iter_post (self : i) (res : i) : bool @@ -990,6 +996,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Completed type idx use prelude.Borrow use prelude.Int + use prelude.Bool use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with type self = idx, @@ -998,7 +1005,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Completed clone CreusotContracts_Resolve_Impl1_Resolve_Stub as Resolve0 with type t = Core_Ops_Range_Range_Type.t_range idx predicate completed (self : borrowed (Core_Ops_Range_Range_Type.t_range idx)) = - [#"../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78] Resolve0.resolve self /\ DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start ( * self)) >= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end ( * self)) + [#"../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78] Resolve0.resolve self /\ Int.ge (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start ( * self))) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end ( * self))) val completed (self : borrowed (Core_Ops_Range_Range_Type.t_range idx)) : bool ensures { result = completed self } @@ -1026,7 +1033,7 @@ module CreusotContracts_Std1_Slice_Impl5_InBounds use prelude.UIntSize use seq.Seq predicate in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] UIntSize.to_int self < Seq.length seq + [#"../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] Int.lt (UIntSize.to_int self) (Seq.length seq) val in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) : bool ensures { result = in_bounds self seq } @@ -1053,6 +1060,7 @@ module CreusotContracts_Std1_Slice_Impl5_HasValue use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) = [#"../../../../creusot-contracts/src/std/slice.rs" 115 20 115 37] Seq.get seq (UIntSize.to_int self) = out val has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) : bool @@ -1081,8 +1089,9 @@ module CreusotContracts_Std1_Slice_Impl5_ResolveElswhere use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 122 8 122 96] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i + [#"../../../../creusot-contracts/src/std/slice.rs" 122 8 122 96] forall i : int . Int.le 0 i /\ i <> UIntSize.to_int self /\ Int.lt i (Seq.length old') -> Seq.get old' i = Seq.get fin i val resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) : bool ensures { result = resolve_elswhere self old' fin } @@ -1115,6 +1124,7 @@ module C100doors_F use prelude.Ghost use seq.Seq use prelude.Borrow + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Interface as Inv11 with type t = Seq.seq usize @@ -1398,31 +1408,31 @@ module C100doors_F goto BB15 } BB15 { - invariant { [#"../100doors.rs" 23 20 23 54] 1 <= UIntSize.to_int door /\ UIntSize.to_int door <= 100 + UIntSize.to_int pass }; + invariant { [#"../100doors.rs" 23 20 23 54] Int.le 1 (UIntSize.to_int door) /\ Int.le (UIntSize.to_int door) (Int.add 100 (UIntSize.to_int pass)) }; invariant { [#"../100doors.rs" 24 20 24 43] Seq.length (ShallowModel0.shallow_model door_open) = 100 }; goto BB16 } BB16 { - switch ([#"../100doors.rs" 25 14 25 25] door <= ([#"../100doors.rs" 25 22 25 25] [#"../100doors.rs" 25 22 25 25] (100 : usize))) + switch ([#"../100doors.rs" 25 14 25 25] UIntSize.le door ([#"../100doors.rs" 25 22 25 25] [#"../100doors.rs" 25 22 25 25] (100 : usize))) | False -> goto BB20 | True -> goto BB17 end } BB17 { - _26 <- ([#"../100doors.rs" 26 35 26 54] Index0.index ([#"../100doors.rs" 26 35 26 44] door_open) ([#"../100doors.rs" 26 45 26 53] door - ([#"../100doors.rs" 26 52 26 53] [#"../100doors.rs" 26 52 26 53] (1 : usize)))); + _26 <- ([#"../100doors.rs" 26 35 26 54] Index0.index ([#"../100doors.rs" 26 35 26 44] door_open) ([#"../100doors.rs" 26 45 26 53] UIntSize.sub door ([#"../100doors.rs" 26 52 26 53] [#"../100doors.rs" 26 52 26 53] (1 : usize)))); goto BB18 } BB18 { _31 <- Borrow.borrow_mut door_open; door_open <- ^ _31; - _30 <- ([#"../100doors.rs" 26 12 26 31] IndexMut0.index_mut _31 ([#"../100doors.rs" 26 22 26 30] door - ([#"../100doors.rs" 26 29 26 30] [#"../100doors.rs" 26 29 26 30] (1 : usize)))); + _30 <- ([#"../100doors.rs" 26 12 26 31] IndexMut0.index_mut _31 ([#"../100doors.rs" 26 22 26 30] UIntSize.sub door ([#"../100doors.rs" 26 29 26 30] [#"../100doors.rs" 26 29 26 30] (1 : usize)))); _31 <- any borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)); goto BB19 } BB19 { _30 <- { _30 with current = ([#"../100doors.rs" 26 12 26 54] not _26) }; assume { Resolve1.resolve _30 }; - door <- ([#"../100doors.rs" 27 12 27 24] door + pass); + door <- ([#"../100doors.rs" 27 12 27 24] UIntSize.add door pass); _11 <- ([#"../100doors.rs" 25 26 28 9] ()); goto BB15 } diff --git a/creusot/tests/should_succeed/100doors/why3session.xml b/creusot/tests/should_succeed/100doors/why3session.xml index fe70b3908f..3bbf954e41 100644 --- a/creusot/tests/should_succeed/100doors/why3session.xml +++ b/creusot/tests/should_succeed/100doors/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/100doors/why3shapes.gz b/creusot/tests/should_succeed/100doors/why3shapes.gz index 3e8e7cf6080b45a5e5a44ec6dea5af143d5a692e..fb1c96e7d7d67d59596d87ea9aefa485b4554f86 100644 GIT binary patch literal 593 zcmV-X0Wc<99CeU`O<0w(^hm- zE|%4y%$t8F&8ap`RU8efxUH;WT2^&ky_HBSl}X$DP3oHHW1|m%qwgn4P7xEq8MbQ2BNTxHq3Svtzla=%&s0 z;?kE)uG?#K+TfEbnWWv{gbc4-JxaTA#UcOe$}S8_-mPzw+dCoN*pZBF%nR=Zoap&S z&-47Ec%MIbQ8JpHcXEJJZ&lUaYA`UF50S`YndPfxoJA_9fL0(fl|)gJkO!d#r9o;4 fH24}ogV2eNb)-YBwA6uSR*S)3)4Xc>&IJGfJFF^r literal 570 zcmV-A0>%9wiwFP!00000|CLnBuA49r-RCRVrA<_cF}5L9?*c_a&Zets)YU};aT-(t zDUd|{`wp+%JnvOE=y)DyW{y34nmP5B_O^D8wyLwT`08k9_Ic9$p{zKf8x05$Mkr8> z&_i#866FXLsu60`BlOW9VSvF17q~c=a1pp3eS4wY7QdP;ac6m6p5k4(wmAY&Q^r}* z&@TKr4LhQ{kX26#+%4^^a(zf`jUZ?~NAM67g6={9M#RRmMGhA4Y!Ryq8aWbNFn6@_ zs+v!Bw{QM3IMbX*Zx1~DvY}=Cy)0}-Po|YR1=kJFw47Yn3WXYgWbH*bP`&Z9GfadQ*7wujqxpsDg+Q9oVSlv~vYCzdTF->LjDKpExNG#kzh!az&M` z%lv3j`CU1mlCrAGlU+}Dzccz#9V|tZ*S2-K{dtoW#1rYL%h0G))CZ@TMrQHm}A^$l{`?_yTuDkkZv))#MU+23kA^qst`$FO0v8fN(_ 1 + len ls + | AllZero_List_Type.C_Cons _ ls -> Int.add 1 (len ls) | AllZero_List_Type.C_Nil -> 0 end val len [#"../all_zero.rs" 13 4 13 23] (self : AllZero_List_Type.t_list) : int @@ -76,7 +76,7 @@ module AllZero_Impl0_Get = [#"../all_zero.rs" 22 8 28 9] match (self) with - | AllZero_List_Type.C_Cons x ls -> if ix = 0 then Core_Option_Option_Type.C_Some x else get ls (ix - 1) + | AllZero_List_Type.C_Cons x ls -> if ix = 0 then Core_Option_Option_Type.C_Some x else get ls (Int.sub ix 1) | AllZero_List_Type.C_Nil -> Core_Option_Option_Type.C_None end val get [#"../all_zero.rs" 21 4 21 40] (self : AllZero_List_Type.t_list) (ix : int) : Core_Option_Option_Type.t_option uint32 @@ -99,6 +99,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -108,13 +109,14 @@ end module AllZero_AllZero_Interface use prelude.Int use prelude.Borrow + use prelude.Bool use prelude.UInt32 use AllZero_List_Type as AllZero_List_Type use Core_Option_Option_Type as Core_Option_Option_Type clone AllZero_Impl0_Get_Stub as Get0 clone AllZero_Impl0_Len_Stub as Len0 val all_zero [#"../all_zero.rs" 34 0 34 29] (l : borrowed (AllZero_List_Type.t_list)) : () - ensures { [#"../all_zero.rs" 32 0 32 77] forall i : int . 0 <= i /\ i < Len0.len ( * l) -> Get0.get ( ^ l) i = Core_Option_Option_Type.C_Some (0 : uint32) } + ensures { [#"../all_zero.rs" 32 0 32 77] forall i : int . Int.le 0 i /\ Int.lt i (Len0.len ( * l)) -> Get0.get ( ^ l) i = Core_Option_Option_Type.C_Some (0 : uint32) } ensures { [#"../all_zero.rs" 33 10 33 34] Len0.len ( * l) = Len0.len ( ^ l) } end @@ -122,6 +124,7 @@ module AllZero_AllZero use prelude.Ghost use prelude.Borrow use prelude.Int + use prelude.Bool use prelude.UInt32 use AllZero_List_Type as AllZero_List_Type clone CreusotContracts_Resolve_Impl1_Resolve as Resolve2 with @@ -134,7 +137,7 @@ module AllZero_AllZero clone AllZero_Impl0_Get as Get0 clone AllZero_Impl0_Len as Len0 let rec cfg all_zero [#"../all_zero.rs" 34 0 34 29] [@cfg:stackify] [@cfg:subregion_analysis] (l : borrowed (AllZero_List_Type.t_list)) : () - ensures { [#"../all_zero.rs" 32 0 32 77] forall i : int . 0 <= i /\ i < Len0.len ( * l) -> Get0.get ( ^ l) i = Core_Option_Option_Type.C_Some (0 : uint32) } + ensures { [#"../all_zero.rs" 32 0 32 77] forall i : int . Int.le 0 i /\ Int.lt i (Len0.len ( * l)) -> Get0.get ( ^ l) i = Core_Option_Option_Type.C_Some (0 : uint32) } ensures { [#"../all_zero.rs" 33 10 33 34] Len0.len ( * l) = Len0.len ( ^ l) } = [@vc:do_not_keep_trace] [@vc:sp] @@ -158,7 +161,7 @@ module AllZero_AllZero goto BB2 } BB2 { - invariant { [#"../all_zero.rs" 39 4 41 88] (forall i : int . 0 <= i /\ i < Len0.len ( * loop_l) -> Get0.get ( ^ loop_l) i = Core_Option_Option_Type.C_Some (0 : uint32)) -> (forall i : int . 0 <= i /\ i < Len0.len ( * Ghost.inner old_l) -> Get0.get ( ^ Ghost.inner old_l) i = Core_Option_Option_Type.C_Some (0 : uint32)) }; + invariant { [#"../all_zero.rs" 39 4 41 88] (forall i : int . Int.le 0 i /\ Int.lt i (Len0.len ( * loop_l)) -> Get0.get ( ^ loop_l) i = Core_Option_Option_Type.C_Some (0 : uint32)) -> (forall i : int . Int.le 0 i /\ Int.lt i (Len0.len ( * Ghost.inner old_l)) -> Get0.get ( ^ Ghost.inner old_l) i = Core_Option_Option_Type.C_Some (0 : uint32)) }; invariant { [#"../all_zero.rs" 39 4 41 88] Len0.len ( ^ loop_l) = Len0.len ( * loop_l) -> Len0.len ( ^ Ghost.inner old_l) = Len0.len ( * Ghost.inner old_l) }; goto BB3 } diff --git a/creusot/tests/should_succeed/all_zero/why3session.xml b/creusot/tests/should_succeed/all_zero/why3session.xml index d01bdef724..5d5439c332 100644 --- a/creusot/tests/should_succeed/all_zero/why3session.xml +++ b/creusot/tests/should_succeed/all_zero/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/all_zero/why3shapes.gz b/creusot/tests/should_succeed/all_zero/why3shapes.gz index c0144b2aa2d7faa0ba8c0683f3a8bae33010b1a4..aeac1364cea6ab1b1acad5245d2c6076f69f0502 100644 GIT binary patch literal 397 zcmV;80doEyiwFP!00000|BaG8Z-X!phIf7iTU#cdKY&!~5Fw#5SGuvtA*PK=a0OA2 z`s-_hT?l2!f_xwE^B(p+Mq&Rczf~VzRo9<%`y9q$^b}-SCSPQuTKO(dZL2zjF^YUt z_%cE|Rm@>;k{{|aYY=uaE8p~4Riu#3#l|<7y$LH~(s|*vhJ%#c%1k_aj0#GOqEo$Y zt_mSBYO8~I&Kh$zrW1M4U8e_id^mquek|)#D;osMFby$+82t@j*w2DZ5%}1|mz0V) zgqR5I#v&^--S!Az&3tE?`#jczF-b=u!JTv7$;uQE@PvUwRkz*AG|yoiMo&SSrfR2Z-KaNpY8u@l9dD7p z*K@ubHK-{IyI_BIxuWOj8u&FmM@0Sf(=OdSj3l< zk~oBz2yA7M7O81Eq;xRzl``{jta@uAMGMyR~Ov_OH0BeFll@oxok z2jmlw3>jb9_wLamB<}IZ?~|dODqWAA`eHwIn&p?pgqiofZ&8@TvHxoVuy%%jsCaHBcC_Tjgi= UInt64.to_int Min0.mIN' /\ UInt64.to_int self * UInt64.to_int rhs <= UInt64.to_int Max0.mAX' -> UInt64.to_int result = UInt64.to_int self * UInt64.to_int rhs } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 145 16 149 18] UInt64.to_int self * UInt64.to_int rhs < UInt64.to_int Min0.mIN' -> (exists k : int . k > 0 /\ UInt64.to_int result = UInt64.to_int self * UInt64.to_int rhs + k * (UInt64.to_int Max0.mAX' - UInt64.to_int Min0.mIN' + 1)) } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 150 16 154 18] UInt64.to_int self * UInt64.to_int rhs > UInt64.to_int Max0.mAX' -> (exists k : int . k > 0 /\ UInt64.to_int result = UInt64.to_int self * UInt64.to_int rhs - k * (UInt64.to_int Max0.mAX' - UInt64.to_int Min0.mIN' + 1)) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 135 20 135 93] UInt64.to_int result = Int.add (EuclideanDivision.mod (Int.mul (UInt64.to_int self) (UInt64.to_int rhs)) (Power.power 2 (UInt32.to_int Bits0.bITS'))) (UInt64.to_int Min0.mIN') } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 138 16 141 18] Int.ge (Int.mul (UInt64.to_int self) (UInt64.to_int rhs)) (UInt64.to_int Min0.mIN') /\ Int.le (Int.mul (UInt64.to_int self) (UInt64.to_int rhs)) (UInt64.to_int Max0.mAX') -> UInt64.to_int result = Int.mul (UInt64.to_int self) (UInt64.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 145 16 149 18] Int.lt (Int.mul (UInt64.to_int self) (UInt64.to_int rhs)) (UInt64.to_int Min0.mIN') -> (exists k : int . Int.gt k 0 /\ UInt64.to_int result = Int.add (Int.mul (UInt64.to_int self) (UInt64.to_int rhs)) (Int.mul k (Int.add (Int.sub (UInt64.to_int Max0.mAX') (UInt64.to_int Min0.mIN')) 1))) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 150 16 154 18] Int.gt (Int.mul (UInt64.to_int self) (UInt64.to_int rhs)) (UInt64.to_int Max0.mAX') -> (exists k : int . Int.gt k 0 /\ UInt64.to_int result = Int.sub (Int.mul (UInt64.to_int self) (UInt64.to_int rhs)) (Int.mul k (Int.add (Int.sub (UInt64.to_int Max0.mAX') (UInt64.to_int Min0.mIN')) 1))) } end module Core_Num_Impl9_WrappingAdd_Interface @@ -489,14 +494,15 @@ module Core_Num_Impl9_WrappingAdd_Interface use prelude.UInt32 use int.Power use int.EuclideanDivision + use prelude.Bool clone Core_Num_Impl9_Max_Stub as Max0 clone Core_Num_Impl9_Min_Stub as Min0 clone Core_Num_Impl9_Bits_Stub as Bits0 val wrapping_add (self : uint64) (rhs : uint64) : uint64 - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 135 20 135 93] UInt64.to_int result = EuclideanDivision.mod (UInt64.to_int self + UInt64.to_int rhs) (Power.power 2 (UInt32.to_int Bits0.bITS')) + UInt64.to_int Min0.mIN' } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 138 16 141 18] UInt64.to_int self + UInt64.to_int rhs >= UInt64.to_int Min0.mIN' /\ UInt64.to_int self + UInt64.to_int rhs <= UInt64.to_int Max0.mAX' -> UInt64.to_int result = UInt64.to_int self + UInt64.to_int rhs } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 145 16 149 18] UInt64.to_int self + UInt64.to_int rhs < UInt64.to_int Min0.mIN' -> (exists k : int . k > 0 /\ UInt64.to_int result = UInt64.to_int self + UInt64.to_int rhs + k * (UInt64.to_int Max0.mAX' - UInt64.to_int Min0.mIN' + 1)) } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 150 16 154 18] UInt64.to_int self + UInt64.to_int rhs > UInt64.to_int Max0.mAX' -> (exists k : int . k > 0 /\ UInt64.to_int result = UInt64.to_int self + UInt64.to_int rhs - k * (UInt64.to_int Max0.mAX' - UInt64.to_int Min0.mIN' + 1)) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 135 20 135 93] UInt64.to_int result = Int.add (EuclideanDivision.mod (Int.add (UInt64.to_int self) (UInt64.to_int rhs)) (Power.power 2 (UInt32.to_int Bits0.bITS'))) (UInt64.to_int Min0.mIN') } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 138 16 141 18] Int.ge (Int.add (UInt64.to_int self) (UInt64.to_int rhs)) (UInt64.to_int Min0.mIN') /\ Int.le (Int.add (UInt64.to_int self) (UInt64.to_int rhs)) (UInt64.to_int Max0.mAX') -> UInt64.to_int result = Int.add (UInt64.to_int self) (UInt64.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 145 16 149 18] Int.lt (Int.add (UInt64.to_int self) (UInt64.to_int rhs)) (UInt64.to_int Min0.mIN') -> (exists k : int . Int.gt k 0 /\ UInt64.to_int result = Int.add (Int.add (UInt64.to_int self) (UInt64.to_int rhs)) (Int.mul k (Int.add (Int.sub (UInt64.to_int Max0.mAX') (UInt64.to_int Min0.mIN')) 1))) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 150 16 154 18] Int.gt (Int.add (UInt64.to_int self) (UInt64.to_int rhs)) (UInt64.to_int Max0.mAX') -> (exists k : int . Int.gt k 0 /\ UInt64.to_int result = Int.sub (Int.add (UInt64.to_int self) (UInt64.to_int rhs)) (Int.mul k (Int.add (Int.sub (UInt64.to_int Max0.mAX') (UInt64.to_int Min0.mIN')) 1))) } end module CreusotContracts_Std1_Tuples_Impl4_DeepModel_Stub @@ -543,8 +549,8 @@ module Bdd_Hashmap_Impl2_Hash_Interface type u type v use prelude.UInt64 - use prelude.Borrow use prelude.Int + use prelude.Borrow clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy1 with type self = v clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with @@ -782,6 +788,7 @@ end module CreusotContracts_Resolve_Impl0_Resolve type t1 type t2 + use prelude.Bool clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve1 with type self = t2 clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve0 with @@ -844,9 +851,10 @@ module Bdd_Impl6_ShallowModel end module Bdd_Impl7_Eq_Interface + use prelude.UInt64 + use prelude.Bool use prelude.Borrow use prelude.Int - use prelude.UInt64 use Bdd_Bdd_Type as Bdd_Bdd_Type clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with type t = Bdd_Bdd_Type.t_bdd, @@ -859,6 +867,7 @@ module Bdd_Impl7_Eq use prelude.Int use prelude.UInt64 use prelude.Borrow + use prelude.Bool use Bdd_Bdd_Type as Bdd_Bdd_Type clone Bdd_Impl5_DeepModel as DeepModel0 clone Bdd_Impl6_ShallowModel as ShallowModel1 with @@ -878,12 +887,13 @@ module Bdd_Impl7_Eq goto BB0 } BB0 { - _0 <- ([#"../bdd.rs" 203 8 203 21] Bdd_Bdd_Type.bdd_1 self = Bdd_Bdd_Type.bdd_1 o); + _0 <- ([#"../bdd.rs" 203 8 203 21] UInt64.eq (Bdd_Bdd_Type.bdd_1 self) (Bdd_Bdd_Type.bdd_1 o)); return _0 } end module Core_Cmp_Impls_Impl25_Eq_Interface + use prelude.Bool use prelude.Borrow use prelude.Int use prelude.UInt64 @@ -964,6 +974,7 @@ module CreusotContracts_Std1_Num_Impl10_DeepModel end module Bdd_Impl14_Eq_Interface + use prelude.Bool use prelude.Borrow use Bdd_NodeLog_Type as Bdd_NodeLog_Type use Bdd_Node_Type as Bdd_Node_Type @@ -978,6 +989,7 @@ module Bdd_Impl14_Eq use prelude.Borrow use prelude.Int use prelude.UInt64 + use prelude.Bool use Bdd_Bdd_Type as Bdd_Bdd_Type clone Bdd_Impl5_DeepModel as DeepModel4 clone CreusotContracts_Std1_Num_Impl10_DeepModel as DeepModel3 @@ -1154,14 +1166,15 @@ module Bdd_Impl14_Eq end module Core_Clone_Impls_Impl9_Clone_Interface + use prelude.UInt64 use prelude.Borrow use prelude.Int - use prelude.UInt64 val clone' (self : uint64) : uint64 ensures { [#"../../../../creusot-contracts/src/std/clone.rs" 7 0 20 1] result = self } end module Bdd_Impl0_Clone_Interface + use prelude.Bool use prelude.Borrow use Bdd_Bdd_Type as Bdd_Bdd_Type val clone' [#"../bdd.rs" 109 4 109 27] (self : Bdd_Bdd_Type.t_bdd) : Bdd_Bdd_Type.t_bdd @@ -1170,6 +1183,7 @@ module Bdd_Impl0_Clone_Interface end module Bdd_Impl0_Clone use prelude.Borrow + use prelude.Bool use Bdd_Bdd_Type as Bdd_Bdd_Type let rec cfg clone' [#"../bdd.rs" 109 4 109 27] [@cfg:stackify] [@cfg:subregion_analysis] (self : Bdd_Bdd_Type.t_bdd) : Bdd_Bdd_Type.t_bdd ensures { [#"../bdd.rs" 108 14 108 29] result = self } @@ -1187,6 +1201,7 @@ module Bdd_Impl0_Clone end module Bdd_Impl15_Clone_Interface + use prelude.Bool use prelude.Borrow use Bdd_Node_Type as Bdd_Node_Type val clone' [#"../bdd.rs" 90 24 90 29] (self : Bdd_Node_Type.t_node) : Bdd_Node_Type.t_node @@ -1197,6 +1212,7 @@ module Bdd_Impl15_Clone use prelude.Int use prelude.UInt64 use prelude.Borrow + use prelude.Bool use Bdd_Bdd_Type as Bdd_Bdd_Type clone Bdd_Impl0_Clone_Interface as Clone1 clone Core_Clone_Impls_Impl9_Clone_Interface as Clone0 @@ -1316,7 +1332,7 @@ module Bdd_Impl1_HashLog [#"../bdd.rs" 130 12 135 13] match (x) with | Bdd_NodeLog_Type.C_False -> 1 | Bdd_NodeLog_Type.C_True -> 2 - | Bdd_NodeLog_Type.C_If v childt childf -> mod (UInt64.to_int v + UInt64.to_int childt * 5 + UInt64.to_int childf * 7) (UInt64.to_int Max0.mAX' + 1) + | Bdd_NodeLog_Type.C_If v childt childf -> Int.rem (Int.add (Int.add (UInt64.to_int v) (Int.mul (UInt64.to_int childt) 5)) (Int.mul (UInt64.to_int childf) 7)) (Int.add (UInt64.to_int Max0.mAX') 1) end val hash_log [#"../bdd.rs" 128 4 128 44] (x : Bdd_NodeLog_Type.t_nodelog) : int ensures { result = hash_log x } @@ -1347,8 +1363,8 @@ module Bdd_Impl4_ShallowModel end module Bdd_Impl1_Hash_Interface use prelude.UInt64 - use prelude.Borrow use prelude.Int + use prelude.Borrow use Bdd_NodeLog_Type as Bdd_NodeLog_Type use Bdd_Node_Type as Bdd_Node_Type clone Bdd_Impl1_HashLog_Stub as HashLog0 @@ -1479,8 +1495,8 @@ module Bdd_Impl2_HashLog end module Bdd_Impl2_Hash_Interface use prelude.UInt64 - use prelude.Borrow use prelude.Int + use prelude.Borrow use Bdd_Bdd_Type as Bdd_Bdd_Type clone Bdd_Impl2_HashLog_Stub as HashLog0 clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with @@ -1565,10 +1581,10 @@ module Bdd_Impl8_Size_Interface use Bdd_Bdd_Type as Bdd_Bdd_Type function size [#"../bdd.rs" 224 4 224 24] (self : Bdd_Bdd_Type.t_bdd) : int val size [#"../bdd.rs" 224 4 224 24] (self : Bdd_Bdd_Type.t_bdd) : int - ensures { [#"../bdd.rs" 223 14 223 25] result >= 0 } + ensures { [#"../bdd.rs" 223 14 223 25] Int.ge result 0 } ensures { result = size self } - axiom size_spec : forall self : Bdd_Bdd_Type.t_bdd . [#"../bdd.rs" 223 14 223 25] size self >= 0 + axiom size_spec : forall self : Bdd_Bdd_Type.t_bdd . [#"../bdd.rs" 223 14 223 25] Int.ge (size self) 0 end module Bdd_Impl8_Size use prelude.Int @@ -1578,26 +1594,26 @@ module Bdd_Impl8_Size [#"../bdd.rs" 226 12 234 13] match (self) with | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_True) _ -> 0 | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_False) _ -> 0 - | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_If _ childt childf) _ -> let ht = size childt in let hf = size childf in 1 + ht + hf + | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_If _ childt childf) _ -> let ht = size childt in let hf = size childf in Int.add (Int.add 1 ht) hf end val size [#"../bdd.rs" 224 4 224 24] (self : Bdd_Bdd_Type.t_bdd) : int - ensures { [#"../bdd.rs" 223 14 223 25] result >= 0 } + ensures { [#"../bdd.rs" 223 14 223 25] Int.ge result 0 } ensures { result = size self } - axiom size_spec : forall self : Bdd_Bdd_Type.t_bdd . [#"../bdd.rs" 223 14 223 25] size self >= 0 + axiom size_spec : forall self : Bdd_Bdd_Type.t_bdd . [#"../bdd.rs" 223 14 223 25] Int.ge (size self) 0 end module Bdd_Impl8_Size_Impl use prelude.Int use Bdd_Node_Type as Bdd_Node_Type use Bdd_Bdd_Type as Bdd_Bdd_Type let rec ghost function size [#"../bdd.rs" 224 4 224 24] (self : Bdd_Bdd_Type.t_bdd) : int - ensures { [#"../bdd.rs" 223 14 223 25] result >= 0 } + ensures { [#"../bdd.rs" 223 14 223 25] Int.ge result 0 } = [@vc:do_not_keep_trace] [@vc:sp] [#"../bdd.rs" 226 12 234 13] match (self) with | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_True) _ -> 0 | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_False) _ -> 0 - | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_If _ childt childf) _ -> let ht = size childt in let hf = size childf in 1 + ht + hf + | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_If _ childt childf) _ -> let ht = size childt in let hf = size childf in Int.add (Int.add 1 ht) hf end end module Bdd_Impl8_Leastvar_Stub @@ -1625,8 +1641,8 @@ module Bdd_Impl8_Leastvar use Bdd_Bdd_Type as Bdd_Bdd_Type function leastvar [#"../bdd.rs" 239 4 239 28] (self : Bdd_Bdd_Type.t_bdd) : int = [#"../bdd.rs" 241 12 245 13] match (self) with - | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_True) _ -> UInt64.to_int Max0.mAX' + 1 - | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_False) _ -> UInt64.to_int Max0.mAX' + 1 + | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_True) _ -> Int.add (UInt64.to_int Max0.mAX') 1 + | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_False) _ -> Int.add (UInt64.to_int Max0.mAX') 1 | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_If v _ _) _ -> ShallowModel0.shallow_model v end val leastvar [#"../bdd.rs" 239 4 239 28] (self : Bdd_Bdd_Type.t_bdd) : int @@ -1693,6 +1709,7 @@ module Bdd_Impl10_IsValidBdd_Interface end module Bdd_Impl10_IsValidBdd use map.Map + use prelude.Bool use Bdd_NodeLog_Type as Bdd_NodeLog_Type use Bdd_Bdd_Type as Bdd_Bdd_Type use Bdd_Node_Type as Bdd_Node_Type @@ -1726,6 +1743,7 @@ module Bdd_Impl10_IsValidNode_Interface end module Bdd_Impl10_IsValidNode + use prelude.Bool use prelude.UInt64 use prelude.Int use Bdd_Bdd_Type as Bdd_Bdd_Type @@ -1737,7 +1755,7 @@ module Bdd_Impl10_IsValidNode [#"../bdd.rs" 318 12 327 13] match (n) with | Bdd_Node_Type.C_True -> true | Bdd_Node_Type.C_False -> true - | Bdd_Node_Type.C_If v childt childf -> Bdd_Bdd_Type.bdd_0 childt <> Bdd_Bdd_Type.bdd_0 childf /\ IsValidBdd0.is_valid_bdd self childt /\ IsValidBdd0.is_valid_bdd self childf /\ UInt64.to_int v < Leastvar0.leastvar childt /\ UInt64.to_int v < Leastvar0.leastvar childf + | Bdd_Node_Type.C_If v childt childf -> Bdd_Bdd_Type.bdd_0 childt <> Bdd_Bdd_Type.bdd_0 childf /\ IsValidBdd0.is_valid_bdd self childt /\ IsValidBdd0.is_valid_bdd self childf /\ Int.lt (UInt64.to_int v) (Leastvar0.leastvar childt) /\ Int.lt (UInt64.to_int v) (Leastvar0.leastvar childf) end val is_valid_node [#"../bdd.rs" 316 4 316 51] (self : Bdd_Context_Type.t_context) (n : Bdd_Node_Type.t_node) : bool ensures { result = is_valid_node self n } @@ -1755,6 +1773,7 @@ module Bdd_Impl9_Invariant_Interface end module Bdd_Impl9_Invariant + use prelude.Bool use prelude.Int use prelude.Ghost use map.Map @@ -1786,14 +1805,14 @@ module Bdd_Impl9_Invariant type ShallowModelTy0.shallowModelTy = Bdd_NodeLog_Type.t_nodelog predicate invariant' [#"../bdd.rs" 262 4 262 30] (self : Bdd_Context_Type.t_context) = [#"../bdd.rs" 264 12 288 19] (forall n : Bdd_NodeLog_Type.t_nodelog . match (Map.get (ShallowModel1.shallow_model (Bdd_Context_Type.context_hashcons self)) n) with - | Core_Option_Option_Type.C_Some b -> ShallowModel0.shallow_model (Bdd_Bdd_Type.bdd_0 b) = n /\ IsValidNode0.is_valid_node self (Bdd_Bdd_Type.bdd_0 b) /\ Bdd_Bdd_Type.bdd_1 b < Bdd_Context_Type.context_cnt self /\ Map.get (Ghost.inner (Bdd_Context_Type.context_hashcons_ghost self)) (Bdd_Bdd_Type.bdd_1 b) = Bdd_Bdd_Type.bdd_0 b + | Core_Option_Option_Type.C_Some b -> ShallowModel0.shallow_model (Bdd_Bdd_Type.bdd_0 b) = n /\ IsValidNode0.is_valid_node self (Bdd_Bdd_Type.bdd_0 b) /\ Int.lt (Bdd_Bdd_Type.bdd_1 b) (Bdd_Context_Type.context_cnt self) /\ Map.get (Ghost.inner (Bdd_Context_Type.context_hashcons_ghost self)) (Bdd_Bdd_Type.bdd_1 b) = Bdd_Bdd_Type.bdd_0 b | Core_Option_Option_Type.C_None -> true end) /\ (forall bm : uint64 . match (Map.get (ShallowModel2.shallow_model (Bdd_Context_Type.context_not_memo self)) bm) with | Core_Option_Option_Type.C_None -> true - | Core_Option_Option_Type.C_Some n -> let b = Bdd_Bdd_Type.C_Bdd (Map.get (Ghost.inner (Bdd_Context_Type.context_hashcons_ghost self)) bm) bm in IsValidBdd0.is_valid_bdd self n /\ IsValidBdd0.is_valid_bdd self b /\ (forall v : Map.map uint64 bool . Interp0.interp n v = (not Interp0.interp b v)) /\ Leastvar0.leastvar b <= Leastvar0.leastvar n + | Core_Option_Option_Type.C_Some n -> let b = Bdd_Bdd_Type.C_Bdd (Map.get (Ghost.inner (Bdd_Context_Type.context_hashcons_ghost self)) bm) bm in IsValidBdd0.is_valid_bdd self n /\ IsValidBdd0.is_valid_bdd self b /\ (forall v : Map.map uint64 bool . Interp0.interp n v = (not Interp0.interp b v)) /\ Int.le (Leastvar0.leastvar b) (Leastvar0.leastvar n) end) /\ (forall abm : (uint64, uint64) . match (Map.get (ShallowModel3.shallow_model (Bdd_Context_Type.context_and_memo self)) abm) with | Core_Option_Option_Type.C_None -> true - | Core_Option_Option_Type.C_Some n -> let a = Bdd_Bdd_Type.C_Bdd (Map.get (Ghost.inner (Bdd_Context_Type.context_hashcons_ghost self)) (let (a, _) = abm in a)) (let (a, _) = abm in a) in let b = Bdd_Bdd_Type.C_Bdd (Map.get (Ghost.inner (Bdd_Context_Type.context_hashcons_ghost self)) (let (_, a) = abm in a)) (let (_, a) = abm in a) in IsValidBdd0.is_valid_bdd self n /\ IsValidBdd0.is_valid_bdd self a /\ IsValidBdd0.is_valid_bdd self b /\ (forall v : Map.map uint64 bool . Interp0.interp n v = (Interp0.interp a v /\ Interp0.interp b v)) /\ (Leastvar0.leastvar a <= Leastvar0.leastvar n \/ Leastvar0.leastvar b <= Leastvar0.leastvar n) + | Core_Option_Option_Type.C_Some n -> let a = Bdd_Bdd_Type.C_Bdd (Map.get (Ghost.inner (Bdd_Context_Type.context_hashcons_ghost self)) (let (a, _) = abm in a)) (let (a, _) = abm in a) in let b = Bdd_Bdd_Type.C_Bdd (Map.get (Ghost.inner (Bdd_Context_Type.context_hashcons_ghost self)) (let (_, a) = abm in a)) (let (_, a) = abm in a) in IsValidBdd0.is_valid_bdd self n /\ IsValidBdd0.is_valid_bdd self a /\ IsValidBdd0.is_valid_bdd self b /\ (forall v : Map.map uint64 bool . Interp0.interp n v = (Interp0.interp a v /\ Interp0.interp b v)) /\ (Int.le (Leastvar0.leastvar a) (Leastvar0.leastvar n) \/ Int.le (Leastvar0.leastvar b) (Leastvar0.leastvar n)) end) val invariant' [#"../bdd.rs" 262 4 262 30] (self : Bdd_Context_Type.t_context) : bool ensures { result = invariant' self } @@ -1817,6 +1836,7 @@ module Bdd_Impl10_Grows use prelude.UInt64 use prelude.Int use map.Map + use prelude.Bool use Bdd_Bdd_Type as Bdd_Bdd_Type use Bdd_Node_Type as Bdd_Node_Type use Bdd_Hashmap_MyHashMap_Type as Bdd_Hashmap_MyHashMap_Type @@ -1828,7 +1848,7 @@ module Bdd_Impl10_Grows type DeepModelTy0.deepModelTy = Bdd_NodeLog_Type.t_nodelog use Bdd_Context_Type as Bdd_Context_Type predicate grows [#"../bdd.rs" 296 4 296 35] (self : borrowed (Bdd_Context_Type.t_context)) = - [#"../bdd.rs" 297 8 304 9] UInt64.to_int (Bdd_Context_Type.context_cnt ( * self)) <= UInt64.to_int (Bdd_Context_Type.context_cnt ( ^ self)) /\ (forall n : Bdd_NodeLog_Type.t_nodelog . match (Map.get (ShallowModel0.shallow_model (Bdd_Context_Type.context_hashcons ( * self))) n) with + [#"../bdd.rs" 297 8 304 9] Int.le (UInt64.to_int (Bdd_Context_Type.context_cnt ( * self))) (UInt64.to_int (Bdd_Context_Type.context_cnt ( ^ self))) /\ (forall n : Bdd_NodeLog_Type.t_nodelog . match (Map.get (ShallowModel0.shallow_model (Bdd_Context_Type.context_hashcons ( * self))) n) with | Core_Option_Option_Type.C_Some b -> Map.get (ShallowModel0.shallow_model (Bdd_Context_Type.context_hashcons ( ^ self))) n = Core_Option_Option_Type.C_Some b | Core_Option_Option_Type.C_None -> true end) @@ -2006,6 +2026,7 @@ module Bdd_Impl10_GrowsIsValidBdd_Impl end module Bdd_Impl10_GrowsTrans_Stub use prelude.Borrow + use prelude.Bool use Bdd_Context_Type as Bdd_Context_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = borrowed (Bdd_Context_Type.t_context) @@ -2015,6 +2036,7 @@ module Bdd_Impl10_GrowsTrans_Stub end module Bdd_Impl10_GrowsTrans_Interface use prelude.Borrow + use prelude.Bool use Bdd_Context_Type as Bdd_Context_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = borrowed (Bdd_Context_Type.t_context) @@ -2036,6 +2058,7 @@ module Bdd_Impl10_GrowsTrans_Interface end module Bdd_Impl10_GrowsTrans use prelude.Borrow + use prelude.Bool use Bdd_Context_Type as Bdd_Context_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = borrowed (Bdd_Context_Type.t_context) @@ -2059,6 +2082,7 @@ module Bdd_Impl10_GrowsTrans end module Bdd_Impl10_GrowsTrans_Impl use prelude.Borrow + use prelude.Bool use prelude.Int use prelude.UInt64 clone CreusotContracts_Std1_Num_Impl9_ShallowModel as ShallowModel6 @@ -2144,6 +2168,7 @@ module Bdd_Impl10_SetIrreleventVar_Stub use prelude.UInt64 use prelude.Int use map.Map + use prelude.Bool use Bdd_Bdd_Type as Bdd_Bdd_Type use Bdd_Context_Type as Bdd_Context_Type clone Bdd_Impl8_Interp_Stub as Interp0 @@ -2158,6 +2183,7 @@ module Bdd_Impl10_SetIrreleventVar_Interface use prelude.UInt64 use prelude.Int use map.Map + use prelude.Bool use Bdd_Bdd_Type as Bdd_Bdd_Type use Bdd_Context_Type as Bdd_Context_Type clone Bdd_Impl8_Interp_Stub as Interp0 @@ -2169,17 +2195,18 @@ module Bdd_Impl10_SetIrreleventVar_Interface val set_irrelevent_var [#"../bdd.rs" 351 4 351 87] (self : Bdd_Context_Type.t_context) (a : Bdd_Bdd_Type.t_bdd) (x : uint64) (v : Map.map uint64 bool) (b : bool) : () requires {[#"../bdd.rs" 348 15 348 35] IsValidBdd0.is_valid_bdd self a} - requires {[#"../bdd.rs" 349 15 349 32] UInt64.to_int x < Leastvar0.leastvar a} + requires {[#"../bdd.rs" 349 15 349 32] Int.lt (UInt64.to_int x) (Leastvar0.leastvar a)} requires {[#"../bdd.rs" 351 26 351 30] Inv0.inv self} ensures { [#"../bdd.rs" 350 14 350 50] Interp0.interp a v = Interp0.interp a (Map.set v x b) } ensures { result = set_irrelevent_var self a x v b } - axiom set_irrelevent_var_spec : forall self : Bdd_Context_Type.t_context, a : Bdd_Bdd_Type.t_bdd, x : uint64, v : Map.map uint64 bool, b : bool . ([#"../bdd.rs" 348 15 348 35] IsValidBdd0.is_valid_bdd self a) -> ([#"../bdd.rs" 349 15 349 32] UInt64.to_int x < Leastvar0.leastvar a) -> ([#"../bdd.rs" 351 26 351 30] Inv0.inv self) -> ([#"../bdd.rs" 350 14 350 50] Interp0.interp a v = Interp0.interp a (Map.set v x b)) + axiom set_irrelevent_var_spec : forall self : Bdd_Context_Type.t_context, a : Bdd_Bdd_Type.t_bdd, x : uint64, v : Map.map uint64 bool, b : bool . ([#"../bdd.rs" 348 15 348 35] IsValidBdd0.is_valid_bdd self a) -> ([#"../bdd.rs" 349 15 349 32] Int.lt (UInt64.to_int x) (Leastvar0.leastvar a)) -> ([#"../bdd.rs" 351 26 351 30] Inv0.inv self) -> ([#"../bdd.rs" 350 14 350 50] Interp0.interp a v = Interp0.interp a (Map.set v x b)) end module Bdd_Impl10_SetIrreleventVar use prelude.UInt64 use prelude.Int use map.Map + use prelude.Bool use Bdd_Node_Type as Bdd_Node_Type use Bdd_Bdd_Type as Bdd_Bdd_Type use Bdd_Context_Type as Bdd_Context_Type @@ -2197,17 +2224,18 @@ module Bdd_Impl10_SetIrreleventVar end val set_irrelevent_var [#"../bdd.rs" 351 4 351 87] (self : Bdd_Context_Type.t_context) (a : Bdd_Bdd_Type.t_bdd) (x : uint64) (v : Map.map uint64 bool) (b : bool) : () requires {[#"../bdd.rs" 348 15 348 35] IsValidBdd0.is_valid_bdd self a} - requires {[#"../bdd.rs" 349 15 349 32] UInt64.to_int x < Leastvar0.leastvar a} + requires {[#"../bdd.rs" 349 15 349 32] Int.lt (UInt64.to_int x) (Leastvar0.leastvar a)} requires {[#"../bdd.rs" 351 26 351 30] Inv0.inv self} ensures { [#"../bdd.rs" 350 14 350 50] Interp0.interp a v = Interp0.interp a (Map.set v x b) } ensures { result = set_irrelevent_var self a x v b } - axiom set_irrelevent_var_spec : forall self : Bdd_Context_Type.t_context, a : Bdd_Bdd_Type.t_bdd, x : uint64, v : Map.map uint64 bool, b : bool . ([#"../bdd.rs" 348 15 348 35] IsValidBdd0.is_valid_bdd self a) -> ([#"../bdd.rs" 349 15 349 32] UInt64.to_int x < Leastvar0.leastvar a) -> ([#"../bdd.rs" 351 26 351 30] Inv0.inv self) -> ([#"../bdd.rs" 350 14 350 50] Interp0.interp a v = Interp0.interp a (Map.set v x b)) + axiom set_irrelevent_var_spec : forall self : Bdd_Context_Type.t_context, a : Bdd_Bdd_Type.t_bdd, x : uint64, v : Map.map uint64 bool, b : bool . ([#"../bdd.rs" 348 15 348 35] IsValidBdd0.is_valid_bdd self a) -> ([#"../bdd.rs" 349 15 349 32] Int.lt (UInt64.to_int x) (Leastvar0.leastvar a)) -> ([#"../bdd.rs" 351 26 351 30] Inv0.inv self) -> ([#"../bdd.rs" 350 14 350 50] Interp0.interp a v = Interp0.interp a (Map.set v x b)) end module Bdd_Impl10_SetIrreleventVar_Impl use prelude.UInt64 use prelude.Int use map.Map + use prelude.Bool use Bdd_Bdd_Type as Bdd_Bdd_Type use Bdd_Hashmap_MyHashMap_Type as Bdd_Hashmap_MyHashMap_Type use Core_Option_Option_Type as Core_Option_Option_Type @@ -2267,7 +2295,7 @@ module Bdd_Impl10_SetIrreleventVar_Impl axiom . let rec ghost function set_irrelevent_var [#"../bdd.rs" 351 4 351 87] (self : Bdd_Context_Type.t_context) (a : Bdd_Bdd_Type.t_bdd) (x : uint64) (v : Map.map uint64 bool) (b : bool) : () requires {[#"../bdd.rs" 348 15 348 35] IsValidBdd0.is_valid_bdd self a} - requires {[#"../bdd.rs" 349 15 349 32] UInt64.to_int x < Leastvar0.leastvar a} + requires {[#"../bdd.rs" 349 15 349 32] Int.lt (UInt64.to_int x) (Leastvar0.leastvar a)} requires {[#"../bdd.rs" 351 26 351 30] Inv0.inv self} ensures { [#"../bdd.rs" 350 14 350 50] Interp0.interp a v = Interp0.interp a (Map.set v x b) } @@ -2278,6 +2306,7 @@ module Bdd_Impl10_SetIrreleventVar_Impl end end module Bdd_Impl10_DiscrValuation_Stub + use prelude.Bool use prelude.Int use map.Map use prelude.UInt64 @@ -2293,6 +2322,7 @@ module Bdd_Impl10_DiscrValuation_Stub end module Bdd_Impl10_DiscrValuation_Interface + use prelude.Bool use prelude.Int use map.Map use prelude.UInt64 @@ -2317,6 +2347,7 @@ module Bdd_Impl10_DiscrValuation_Interface axiom discr_valuation_spec : forall self : Bdd_Context_Type.t_context, a : Bdd_Bdd_Type.t_bdd, b : Bdd_Bdd_Type.t_bdd . ([#"../bdd.rs" 364 15 364 35] IsValidBdd0.is_valid_bdd self a) -> ([#"../bdd.rs" 365 15 365 35] IsValidBdd0.is_valid_bdd self b) -> ([#"../bdd.rs" 366 15 366 21] a <> b) -> ([#"../bdd.rs" 370 23 370 27] Inv0.inv self) -> ([#"../bdd.rs" 367 14 367 50] Interp0.interp a (discr_valuation self a b) <> Interp0.interp b (discr_valuation self a b)) end module Bdd_Impl10_DiscrValuation + use prelude.Bool use prelude.Int use map.Map use prelude.UInt64 @@ -2347,7 +2378,7 @@ module Bdd_Impl10_DiscrValuation ensures { [#"../bdd.rs" 367 14 367 50] Interp0.interp a result <> Interp0.interp b result } ensures { result = discr_valuation self a b } - axiom def : forall self : Bdd_Context_Type.t_context, a : Bdd_Bdd_Type.t_bdd, b : Bdd_Bdd_Type.t_bdd . discr_valuation self a b = ([#"../bdd.rs" 372 12 372 36] let _ = () in if Leastvar0.leastvar a < Leastvar0.leastvar b then + axiom def : forall self : Bdd_Context_Type.t_context, a : Bdd_Bdd_Type.t_bdd, b : Bdd_Bdd_Type.t_bdd . discr_valuation self a b = ([#"../bdd.rs" 372 12 372 36] let _ = () in if Int.lt (Leastvar0.leastvar a) (Leastvar0.leastvar b) then match (a) with | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_If v childt childf) _ -> if childf <> b then Map.set (discr_valuation self childf b) v false @@ -2357,7 +2388,7 @@ module Bdd_Impl10_DiscrValuation | _ -> Const.const true end else - if Leastvar0.leastvar a > Leastvar0.leastvar b then + if Int.gt (Leastvar0.leastvar a) (Leastvar0.leastvar b) then match (b) with | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_If v childt childf) _ -> if childf <> a then Map.set (discr_valuation self a childf) v false @@ -2383,6 +2414,7 @@ module Bdd_Impl10_DiscrValuation axiom discr_valuation_spec : forall self : Bdd_Context_Type.t_context, a : Bdd_Bdd_Type.t_bdd, b : Bdd_Bdd_Type.t_bdd . ([#"../bdd.rs" 364 15 364 35] IsValidBdd0.is_valid_bdd self a) -> ([#"../bdd.rs" 365 15 365 35] IsValidBdd0.is_valid_bdd self b) -> ([#"../bdd.rs" 366 15 366 21] a <> b) -> ([#"../bdd.rs" 370 23 370 27] Inv0.inv self) -> ([#"../bdd.rs" 367 14 367 50] Interp0.interp a (discr_valuation self a b) <> Interp0.interp b (discr_valuation self a b)) end module Bdd_Impl10_DiscrValuation_Impl + use prelude.Bool use prelude.Int use map.Map use prelude.UInt64 @@ -2458,12 +2490,12 @@ module Bdd_Impl10_DiscrValuation_Impl requires {[#"../bdd.rs" 366 15 366 21] a <> b} requires {[#"../bdd.rs" 370 23 370 27] Inv0.inv self} ensures { [#"../bdd.rs" 367 14 367 50] Interp0.interp a result <> Interp0.interp b result } - variant {[#"../bdd.rs" 368 14 368 33] Size0.size a + Size0.size b} + variant {[#"../bdd.rs" 368 14 368 33] Int.add (Size0.size a) (Size0.size b)} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../bdd.rs" 372 12 372 36] let _ = () in if let b = Leastvar0.leastvar b in let a = Leastvar0.leastvar a in pure {a < b} then + [#"../bdd.rs" 372 12 372 36] let _ = () in if let a' = Leastvar0.leastvar a in let b' = Leastvar0.leastvar b in Int.lt a' b' then match (a) with - | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_If v childt childf) _ -> if pure {childf <> b} then + | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_If v childt childf) _ -> if childf <> b then let a' = discr_valuation self childf b in Map.set a' v false else let a' = discr_valuation self childt b in Map.set a' v true @@ -2471,9 +2503,9 @@ module Bdd_Impl10_DiscrValuation_Impl | _ -> Const.const true end else - if let b = Leastvar0.leastvar b in let a = Leastvar0.leastvar a in pure {a > b} then + if let a' = Leastvar0.leastvar a in let b' = Leastvar0.leastvar b in Int.gt a' b' then match (b) with - | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_If v childt childf) _ -> if pure {childf <> a} then + | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_If v childt childf) _ -> if childf <> a then let a' = discr_valuation self a childf in Map.set a' v false else let a' = discr_valuation self a childt in Map.set a' v true @@ -2483,7 +2515,7 @@ module Bdd_Impl10_DiscrValuation_Impl else match (a) with | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_If v childta childfa) _ -> match (b) with - | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_If _ childtb childfb) _ -> if pure {childfa <> childfb} then + | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_If _ childtb childfb) _ -> if childfa <> childfb then let a' = discr_valuation self childfa childfb in Map.set a' v false else let a' = discr_valuation self childta childtb in Map.set a' v true @@ -2499,6 +2531,7 @@ module Bdd_Impl10_BddCanonical_Stub use map.Map use prelude.Int use prelude.UInt64 + use prelude.Bool use Bdd_Bdd_Type as Bdd_Bdd_Type use Bdd_Context_Type as Bdd_Context_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -2512,6 +2545,7 @@ module Bdd_Impl10_BddCanonical_Interface use map.Map use prelude.Int use prelude.UInt64 + use prelude.Bool use Bdd_Bdd_Type as Bdd_Bdd_Type use Bdd_Context_Type as Bdd_Context_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -2534,6 +2568,7 @@ module Bdd_Impl10_BddCanonical use map.Map use prelude.Int use prelude.UInt64 + use prelude.Bool use Bdd_Bdd_Type as Bdd_Bdd_Type clone Bdd_Impl8_Size_Stub as Size0 with axiom . @@ -2566,6 +2601,7 @@ module Bdd_Impl10_BddCanonical_Impl use map.Map use prelude.Int use prelude.UInt64 + use prelude.Bool clone CreusotContracts_Std1_Num_Impl9_ShallowModel as ShallowModel6 use Bdd_Bdd_Type as Bdd_Bdd_Type use Bdd_Hashmap_MyHashMap_Type as Bdd_Hashmap_MyHashMap_Type @@ -2800,6 +2836,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -2808,6 +2845,7 @@ module CreusotContracts_Resolve_Impl1_Resolve end module Bdd_Impl11_Hashcons_Interface use prelude.Borrow + use prelude.Bool use Bdd_Node_Type as Bdd_Node_Type use Bdd_Context_Type as Bdd_Context_Type use Bdd_Bdd_Type as Bdd_Bdd_Type @@ -2825,6 +2863,7 @@ module Bdd_Impl11_Hashcons_Interface end module Bdd_Impl11_Hashcons + use prelude.Bool use prelude.Borrow use prelude.Ghost use map.Map @@ -3036,7 +3075,7 @@ module Bdd_Impl11_Hashcons BB7 { self <- { self with current = (let Bdd_Context_Type.C_Context a b c d e f = * self in Bdd_Context_Type.C_Context a b _27 d e f) }; _27 <- any Ghost.ghost_ty (Map.map uint64 (Bdd_Node_Type.t_node)); - switch ([#"../bdd.rs" 448 11 448 34] Bdd_Context_Type.context_cnt ( * self) > ([#"../bdd.rs" 448 22 448 34] ([#"../bdd.rs" 448 22 448 30] [#"../bdd.rs" 448 22 448 30] (18446744073709551615 : uint64)) - ([#"../bdd.rs" 448 33 448 34] [#"../bdd.rs" 448 33 448 34] (1 : uint64)))) + switch ([#"../bdd.rs" 448 11 448 34] UInt64.gt (Bdd_Context_Type.context_cnt ( * self)) ([#"../bdd.rs" 448 22 448 34] UInt64.sub ([#"../bdd.rs" 448 22 448 30] [#"../bdd.rs" 448 22 448 30] (18446744073709551615 : uint64)) ([#"../bdd.rs" 448 33 448 34] [#"../bdd.rs" 448 33 448 34] (1 : uint64)))) | False -> goto BB11 | True -> goto BB8 end @@ -3052,7 +3091,7 @@ module Bdd_Impl11_Hashcons goto BB9 } BB11 { - self <- { self with current = (let Bdd_Context_Type.C_Context a b c d e f = * self in Bdd_Context_Type.C_Context a b c d e ([#"../bdd.rs" 454 8 454 21] Bdd_Context_Type.context_cnt ( * self) + ([#"../bdd.rs" 454 20 454 21] [#"../bdd.rs" 454 20 454 21] (1 : uint64)))) }; + self <- { self with current = (let Bdd_Context_Type.C_Context a b c d e f = * self in Bdd_Context_Type.C_Context a b c d e ([#"../bdd.rs" 454 8 454 21] UInt64.add (Bdd_Context_Type.context_cnt ( * self)) ([#"../bdd.rs" 454 20 454 21] [#"../bdd.rs" 454 20 454 21] (1 : uint64)))) }; assert { [@expl:type invariant] Inv0.inv self }; assume { Resolve0.resolve self }; _0 <- r1; @@ -3067,6 +3106,7 @@ module Bdd_Impl11_Node_Interface use prelude.Borrow use prelude.UInt64 use prelude.Int + use prelude.Bool use map.Map use Bdd_Bdd_Type as Bdd_Bdd_Type use Bdd_Context_Type as Bdd_Context_Type @@ -3079,7 +3119,7 @@ module Bdd_Impl11_Node_Interface val node [#"../bdd.rs" 465 4 465 87] (self : borrowed (Bdd_Context_Type.t_context)) (x : uint64) (childt : Bdd_Bdd_Type.t_bdd) (childf : Bdd_Bdd_Type.t_bdd) : Bdd_Bdd_Type.t_bdd requires {[#"../bdd.rs" 458 15 458 40] IsValidBdd0.is_valid_bdd ( * self) childt} requires {[#"../bdd.rs" 459 15 459 40] IsValidBdd0.is_valid_bdd ( * self) childf} - requires {[#"../bdd.rs" 460 15 460 63] UInt64.to_int x < Leastvar0.leastvar childt /\ UInt64.to_int x < Leastvar0.leastvar childf} + requires {[#"../bdd.rs" 460 15 460 63] Int.lt (UInt64.to_int x) (Leastvar0.leastvar childt) /\ Int.lt (UInt64.to_int x) (Leastvar0.leastvar childf)} requires {[#"../bdd.rs" 465 17 465 21] Inv0.inv self} ensures { [#"../bdd.rs" 461 14 461 26] Grows0.grows self } ensures { [#"../bdd.rs" 462 14 462 42] IsValidBdd0.is_valid_bdd ( ^ self) result } @@ -3088,13 +3128,14 @@ module Bdd_Impl11_Node_Interface else Interp0.interp childf v ) } - ensures { [#"../bdd.rs" 464 14 464 37] UInt64.to_int x <= Leastvar0.leastvar result } + ensures { [#"../bdd.rs" 464 14 464 37] Int.le (UInt64.to_int x) (Leastvar0.leastvar result) } end module Bdd_Impl11_Node use prelude.Borrow use prelude.Int use prelude.UInt64 + use prelude.Bool use map.Map use Bdd_Bdd_Type as Bdd_Bdd_Type use Bdd_NodeLog_Type as Bdd_NodeLog_Type @@ -3181,7 +3222,7 @@ module Bdd_Impl11_Node let rec cfg node [#"../bdd.rs" 465 4 465 87] [@cfg:stackify] [@cfg:subregion_analysis] (self : borrowed (Bdd_Context_Type.t_context)) (x : uint64) (childt : Bdd_Bdd_Type.t_bdd) (childf : Bdd_Bdd_Type.t_bdd) : Bdd_Bdd_Type.t_bdd requires {[#"../bdd.rs" 458 15 458 40] IsValidBdd0.is_valid_bdd ( * self) childt} requires {[#"../bdd.rs" 459 15 459 40] IsValidBdd0.is_valid_bdd ( * self) childf} - requires {[#"../bdd.rs" 460 15 460 63] UInt64.to_int x < Leastvar0.leastvar childt /\ UInt64.to_int x < Leastvar0.leastvar childf} + requires {[#"../bdd.rs" 460 15 460 63] Int.lt (UInt64.to_int x) (Leastvar0.leastvar childt) /\ Int.lt (UInt64.to_int x) (Leastvar0.leastvar childf)} requires {[#"../bdd.rs" 465 17 465 21] Inv1.inv self} ensures { [#"../bdd.rs" 461 14 461 26] Grows0.grows self } ensures { [#"../bdd.rs" 462 14 462 42] IsValidBdd0.is_valid_bdd ( ^ self) result } @@ -3190,7 +3231,7 @@ module Bdd_Impl11_Node else Interp0.interp childf v ) } - ensures { [#"../bdd.rs" 464 14 464 37] UInt64.to_int x <= Leastvar0.leastvar result } + ensures { [#"../bdd.rs" 464 14 464 37] Int.le (UInt64.to_int x) (Leastvar0.leastvar result) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : Bdd_Bdd_Type.t_bdd; @@ -3256,7 +3297,7 @@ module Bdd_Impl11_True_Interface ensures { [#"../bdd.rs" 472 14 472 26] Grows0.grows self } ensures { [#"../bdd.rs" 473 14 473 42] IsValidBdd0.is_valid_bdd ( ^ self) result } ensures { [#"../bdd.rs" 474 4 474 44] forall v : Map.map uint64 bool . Interp0.interp result v } - ensures { [#"../bdd.rs" 475 14 475 46] UInt64.to_int Max0.mAX' + 1 = Leastvar0.leastvar result } + ensures { [#"../bdd.rs" 475 14 475 46] Int.add (UInt64.to_int Max0.mAX') 1 = Leastvar0.leastvar result } end module Bdd_Impl11_True @@ -3342,7 +3383,7 @@ module Bdd_Impl11_True ensures { [#"../bdd.rs" 472 14 472 26] Grows0.grows self } ensures { [#"../bdd.rs" 473 14 473 42] IsValidBdd0.is_valid_bdd ( ^ self) result } ensures { [#"../bdd.rs" 474 4 474 44] forall v : Map.map uint64 bool . Interp0.interp result v } - ensures { [#"../bdd.rs" 475 14 475 46] UInt64.to_int Max0.mAX' + 1 = Leastvar0.leastvar result } + ensures { [#"../bdd.rs" 475 14 475 46] Int.add (UInt64.to_int Max0.mAX') 1 = Leastvar0.leastvar result } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : Bdd_Bdd_Type.t_bdd; @@ -3385,7 +3426,7 @@ module Bdd_Impl11_False_Interface ensures { [#"../bdd.rs" 480 14 480 26] Grows0.grows self } ensures { [#"../bdd.rs" 481 14 481 42] IsValidBdd0.is_valid_bdd ( ^ self) result } ensures { [#"../bdd.rs" 482 4 482 45] forall v : Map.map uint64 bool . not Interp0.interp result v } - ensures { [#"../bdd.rs" 483 14 483 46] UInt64.to_int Max0.mAX' + 1 = Leastvar0.leastvar result } + ensures { [#"../bdd.rs" 483 14 483 46] Int.add (UInt64.to_int Max0.mAX') 1 = Leastvar0.leastvar result } end module Bdd_Impl11_False @@ -3471,7 +3512,7 @@ module Bdd_Impl11_False ensures { [#"../bdd.rs" 480 14 480 26] Grows0.grows self } ensures { [#"../bdd.rs" 481 14 481 42] IsValidBdd0.is_valid_bdd ( ^ self) result } ensures { [#"../bdd.rs" 482 4 482 45] forall v : Map.map uint64 bool . not Interp0.interp result v } - ensures { [#"../bdd.rs" 483 14 483 46] UInt64.to_int Max0.mAX' + 1 = Leastvar0.leastvar result } + ensures { [#"../bdd.rs" 483 14 483 46] Int.add (UInt64.to_int Max0.mAX') 1 = Leastvar0.leastvar result } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : Bdd_Bdd_Type.t_bdd; @@ -3500,6 +3541,7 @@ module Bdd_Impl11_V_Interface use map.Map use prelude.Int use prelude.UInt64 + use prelude.Bool use Bdd_Bdd_Type as Bdd_Bdd_Type use Bdd_Context_Type as Bdd_Context_Type clone Bdd_Impl8_Interp_Stub as Interp0 @@ -3519,6 +3561,7 @@ module Bdd_Impl11_V use prelude.Int use prelude.UInt64 use map.Map + use prelude.Bool use Bdd_Bdd_Type as Bdd_Bdd_Type use Bdd_NodeLog_Type as Bdd_NodeLog_Type use Bdd_Node_Type as Bdd_Node_Type @@ -3661,6 +3704,7 @@ module Bdd_Impl11_Not_Interface use map.Map use prelude.Int use prelude.UInt64 + use prelude.Bool use Bdd_Bdd_Type as Bdd_Bdd_Type use Bdd_Context_Type as Bdd_Context_Type clone Bdd_Impl8_Size_Stub as Size0 with @@ -3677,7 +3721,7 @@ module Bdd_Impl11_Not_Interface ensures { [#"../bdd.rs" 498 14 498 26] Grows0.grows self } ensures { [#"../bdd.rs" 499 14 499 42] IsValidBdd0.is_valid_bdd ( ^ self) result } ensures { [#"../bdd.rs" 500 4 500 60] forall v : Map.map uint64 bool . Interp0.interp result v = (not Interp0.interp x v) } - ensures { [#"../bdd.rs" 501 14 501 47] Leastvar0.leastvar x <= Leastvar0.leastvar result } + ensures { [#"../bdd.rs" 501 14 501 47] Int.le (Leastvar0.leastvar x) (Leastvar0.leastvar result) } end module Bdd_Impl11_Not @@ -3685,6 +3729,7 @@ module Bdd_Impl11_Not use prelude.Int use prelude.UInt64 use map.Map + use prelude.Bool use Bdd_Bdd_Type as Bdd_Bdd_Type use Bdd_NodeLog_Type as Bdd_NodeLog_Type use Bdd_Node_Type as Bdd_Node_Type @@ -3837,7 +3882,7 @@ module Bdd_Impl11_Not ensures { [#"../bdd.rs" 498 14 498 26] Grows0.grows self } ensures { [#"../bdd.rs" 499 14 499 42] IsValidBdd0.is_valid_bdd ( ^ self) result } ensures { [#"../bdd.rs" 500 4 500 60] forall v : Map.map uint64 bool . Interp0.interp result v = (not Interp0.interp x v) } - ensures { [#"../bdd.rs" 501 14 501 47] Leastvar0.leastvar x <= Leastvar0.leastvar result } + ensures { [#"../bdd.rs" 501 14 501 47] Int.le (Leastvar0.leastvar x) (Leastvar0.leastvar result) } variant {[#"../bdd.rs" 502 14 502 22] Size0.size x} = [@vc:do_not_keep_trace] [@vc:sp] @@ -3996,7 +4041,7 @@ module CreusotContracts_Logic_Ord_Impl3_CmpLog use prelude.Int use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type function cmp_log (self : int) (o : int) : Core_Cmp_Ordering_Type.t_ordering = - [#"../../../../creusot-contracts/src/logic/ord.rs" 137 12 146 17] if self < o then + [#"../../../../creusot-contracts/src/logic/ord.rs" 137 12 146 17] if Int.lt self o then Core_Cmp_Ordering_Type.C_Less else if self = o then Core_Cmp_Ordering_Type.C_Equal else Core_Cmp_Ordering_Type.C_Greater @@ -4006,6 +4051,7 @@ module CreusotContracts_Logic_Ord_Impl3_CmpLog end module Core_Cmp_Impls_Impl63_Cmp_Interface + use prelude.Bool use prelude.Borrow use prelude.Int use prelude.UInt64 @@ -4195,6 +4241,7 @@ module Bdd_Impl11_And_Interface use map.Map use prelude.Int use prelude.UInt64 + use prelude.Bool use Bdd_Bdd_Type as Bdd_Bdd_Type use Bdd_Context_Type as Bdd_Context_Type clone Bdd_Impl8_Size_Stub as Size0 with @@ -4212,7 +4259,7 @@ module Bdd_Impl11_And_Interface ensures { [#"../bdd.rs" 522 14 522 26] Grows0.grows self } ensures { [#"../bdd.rs" 523 14 523 42] IsValidBdd0.is_valid_bdd ( ^ self) result } ensures { [#"../bdd.rs" 524 4 524 76] forall v : Map.map uint64 bool . Interp0.interp result v = (Interp0.interp a v /\ Interp0.interp b v) } - ensures { [#"../bdd.rs" 525 14 525 84] Leastvar0.leastvar a <= Leastvar0.leastvar result \/ Leastvar0.leastvar b <= Leastvar0.leastvar result } + ensures { [#"../bdd.rs" 525 14 525 84] Int.le (Leastvar0.leastvar a) (Leastvar0.leastvar result) \/ Int.le (Leastvar0.leastvar b) (Leastvar0.leastvar result) } end module Bdd_Impl11_And @@ -4220,6 +4267,7 @@ module Bdd_Impl11_And use prelude.Int use prelude.UInt64 use map.Map + use prelude.Bool use Bdd_Bdd_Type as Bdd_Bdd_Type use Bdd_NodeLog_Type as Bdd_NodeLog_Type use Bdd_Node_Type as Bdd_Node_Type @@ -4408,8 +4456,8 @@ module Bdd_Impl11_And ensures { [#"../bdd.rs" 522 14 522 26] Grows0.grows self } ensures { [#"../bdd.rs" 523 14 523 42] IsValidBdd0.is_valid_bdd ( ^ self) result } ensures { [#"../bdd.rs" 524 4 524 76] forall v : Map.map uint64 bool . Interp0.interp result v = (Interp0.interp a v /\ Interp0.interp b v) } - ensures { [#"../bdd.rs" 525 14 525 84] Leastvar0.leastvar a <= Leastvar0.leastvar result \/ Leastvar0.leastvar b <= Leastvar0.leastvar result } - variant {[#"../bdd.rs" 526 14 526 33] Size0.size a + Size0.size b} + ensures { [#"../bdd.rs" 525 14 525 84] Int.le (Leastvar0.leastvar a) (Leastvar0.leastvar result) \/ Int.le (Leastvar0.leastvar b) (Leastvar0.leastvar result) } + variant {[#"../bdd.rs" 526 14 526 33] Int.add (Size0.size a) (Size0.size b)} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : Bdd_Bdd_Type.t_bdd; @@ -4710,6 +4758,7 @@ module Bdd_Hashmap_Impl2 use prelude.Borrow use prelude.Int use prelude.UInt64 + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy1 with type self = v clone CreusotContracts_Model_DeepModel_DeepModel_Interface as DeepModel3 with @@ -4822,6 +4871,7 @@ module Bdd_Impl19 end module Bdd_Impl14 use prelude.Borrow + use prelude.Bool use Bdd_Bdd_Type as Bdd_Bdd_Type use Bdd_NodeLog_Type as Bdd_NodeLog_Type use Bdd_Node_Type as Bdd_Node_Type @@ -4840,8 +4890,9 @@ module Bdd_Impl14 end module Bdd_Impl7 use prelude.Borrow - use prelude.Int + use prelude.Bool use prelude.UInt64 + use prelude.Int use Bdd_Bdd_Type as Bdd_Bdd_Type clone Bdd_Impl5_DeepModel as DeepModel1 clone Bdd_Impl6_ShallowModel as ShallowModel1 with @@ -4864,6 +4915,7 @@ module Bdd_Impl7 end module Bdd_Impl15 use prelude.Borrow + use prelude.Bool use Bdd_Node_Type as Bdd_Node_Type clone CreusotContracts_Invariant_Inv_Interface as Inv1 with type t = Bdd_Node_Type.t_node @@ -4881,6 +4933,7 @@ module Bdd_Impl15 end module Bdd_Impl0 use prelude.Borrow + use prelude.Bool use Bdd_Bdd_Type as Bdd_Bdd_Type clone CreusotContracts_Invariant_Inv_Interface as Inv1 with type t = Bdd_Bdd_Type.t_bdd diff --git a/creusot/tests/should_succeed/bdd/why3session.xml b/creusot/tests/should_succeed/bdd/why3session.xml index a3650a77f4..5b463a2efa 100644 --- a/creusot/tests/should_succeed/bdd/why3session.xml +++ b/creusot/tests/should_succeed/bdd/why3session.xml @@ -2,191 +2,209 @@ + - - + - + - + - + - + - + - + + + + + + + + + + + + + + + + + + + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -195,40 +213,40 @@ - + - + - + - + - + - + - + - + - + - + @@ -241,59 +259,59 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -304,18 +322,18 @@ - + - + - + - + @@ -324,122 +342,122 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -448,97 +466,97 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -549,13 +567,13 @@ - + - + - + @@ -570,13 +588,13 @@ - + - + - + @@ -587,16 +605,16 @@ - + - + - + - + @@ -605,12 +623,16 @@ - + + + + + - + @@ -625,13 +647,13 @@ - + - + - + @@ -646,16 +668,12 @@ - + - - - - - + @@ -664,75 +682,53 @@ - + - + - - - - - - - - - - - + + + + + - - - - - - - - - - - + + + + + - - - - - - - - - - - - - - - + + + + + @@ -740,10 +736,10 @@ - + - + @@ -752,17 +748,17 @@ - + - + - + @@ -777,22 +773,22 @@ - + - + - + - + diff --git a/creusot/tests/should_succeed/bdd/why3shapes.gz b/creusot/tests/should_succeed/bdd/why3shapes.gz index d00db57426e2c1077c7d7cf70c57f3408b59b3bd..f89dfd0e6e93dac1d3a1405cfcd5b66ce1c031b0 100644 GIT binary patch literal 14663 zcmV-NIk?6jiwFP!00000|LuKQk6gKu-h2HDy|vu~1Kby5u7R?katUbkeVB`cpSnQu zkbMQKRo$g(N#kGdFUYg!Ihk2nMpAnOW#w7OU@#af8D##KAD_MbXZSt8efBOtynS{5 z=D$BP&wl)`SC4;$S8v`O*iC=M4}7>32XS*1{uUnZ?_RxmJa8HQ8Q%W$?)Ckzq09OA zyWj4+{Q96@hQHz6fs31$v%(_0{WFHpb;A=ozT)AxKVKiXs&A=Odl7!S{@*{0*Drtm zA@S?*E6S_HUcAKB9<*8Y>jef>{uBoKQVev(;PqJyP~{kd@b{XFjx_n?Ub*>c}Zt}JzMOk#bG#i>RmRR{@~_==|(x`GePDDb#q;HfqEGp z^4t5@?=pn@>hSzoxqo;@RY(~?iM)P&|GpP~wz}tkpgA4>@$hG+hBaW)w;G;=KY@Tz zKM)#nek0KBgFJ{o#?n89{0BYxDa5Y3;|DfeKtJ_3{Q3LqEYO6ye*V0K=Xdq}<9oEjr!A z_vcfS{oetZ`sbjppI1^XOX!0q2>w<7q?Z5NVwB9{&c0~i-1XFj0qf_~f?KuV!2Z+( zx2rZ*11Z)IRNoRewYoW7U9KPK7e|!m42q@#)8SRQOaFZJx+{3}qCQjOv&Z3?rAP0E zN^)L_wMt@MsXa4&B{qyzc~6RP7&y+ZdxclO8OH7fM(_DJT*qjGgnp#;``OI}mFVSA zr(REpxQc-95ph7|hRp8)tpBoo-He={Uf;jTKMZfFT|OW&ez#|Jc>1sQ!6aMZrMuzh(PChU=E-ahAN1iB0?aDltE0(=hO35lMydYMFTR5(UxU!-T%iRhOG zXX>;_Uxd`YOs|l-G+xuEWqO;mOFOh7(|2}`^pjYD?ZR2h^|Fx@lD%DUv)$cVMAJ*d zHnSn!7vivz?_(S;4czR8gzpmUY7uP!kLPLhkuYw(OZ1R`TTc_XMX=S($#BbAT4-o$ zC^e^w9}b5tuVog_?RYnX2RGqY@5Ib)gSR`63*~xp#gDJVXP8`>LtC)m9D^0rjxhM7 z$(1b(RP64yx#fY9Ht~xi=fmuY|+ob@vu z6fFIk$u;d21I4cY6Ua7&@P75Is*L(@5XuCU4w`6EZDGA2K_9CiDmxtB&m+pWul_HB zs8?^^g@;$+&EpRTHckxJr@v5KN*6!U#L6&H9A3ReQ1$v%cL&r_MjYhJ_EKCg-~CAM zfXKuB`?oZ&+&5eA@8%`1`ZB5qq^{eyydDAnjatHo$WDOqQNz<8r&e~Gdwd9Q-qNsO zO!C9;z)X#oP}=Zn4)UOh_QPX4m9SHZ>#2a53Ye+Dir$a!f&KGJRuJ>`5L>{*1&_ad z1nFt|XHE=ge*bc6#Z9faIU1)Rx+92g1Fe@QVTdCb6G?%_-K&R({5rqOZyr(T;XGwq zV=s3ad%4jVi8rw*`5|kztMPu=dKj;M1}*{Lm35mvMx#Spcr{+et6Fp-%`kfqKFA6N zS19wZO%DPUdQiXP^eFUCuEW3nEwSV0SG{;W>vDQP%Xtgy58~?ghdj-6{Jh;de|qa% zjq%nwUWv6&n_o{*EuN-YSl}H-;$4n+8%5CN=aV4$(?L@2FYlTPA9VO&!UsF_?St85 zi4W!zN5za?UANE=`v?7rE$Cs~`>Q6VmAF3)H{h-6M?d7Zf4-(UvPXLPq0RixYlWf6 zSh3wNAoB|#4|92gAQCsx{fFN6{k^{)rx1Gpke0WPt@Z+~sm0o{-Iu(_C(hg5BMXi0 z54&BXky*kbwyB*^^InY03|FsSJ;%RSYjVK1taHgzLv=;yhw+9QT33R>=odQX)d)X6 z-Vyrz=YHDTv?*Z(FB`;sPi}4P1>VQgCGA)+Y;;D@ocF3bbqK_0AXvRy)ss|j-Jx1h zjuokQlKMkeXS!o&-PsfT4fNGPsH4#kGyrPO(rR5#Q@x|{5HtdMUQt){%{dy2X*9yV zvYxd>^ZdiL$Ms9%wO4iGzuIGNh&hhfOb}lTHwrf|W>qXzIp#4*#2r}^H!ptfGXvIs zP=ht^m!Fk5Y?g3ytOfYi9bxTg{09U)Ze~aeT7o%7+7U%Z{=-eh8CUKsLVnIZC_lMy z3rx*H$YaJ)G}hy=h&g$Mr5eX915UEDDvi2$dI9O?oU*|5=DM*1xnuUa0`v#TSKgl8 zdL-bfPG$+W?ORSZm|Rr)@+-46KA$x!*+H(IOuPArEt-|A{}z`wJGOW12Cr%P*!XV3 z(;cKb#_9NxTVUC@EY(NR25su&Hjf`I+8n&|?$z7$K*jzH!>ZXJA%{_c^2&IUy!Gaq zv$<<7CWhfF*PPWDaB$6a8iK_>gfuOLG)vUG5c1y16J#z{fS66w>3>SB-M=n+&+igHK`N5Lz72&POhz314+38*V@Kam9 z#<0#ckvwV?+EqxhbfbRTEz%fFh?fhxDsNmK!Sr@}epV}VAJpQKVZoB~z+|5cr zssi13X2wXCW?xcxbN}X53a_tPjLKU&6bSeH9>71q{2g?^ex6uMmco$K^qS?Aj_+yw z{O;%bH@TK{2YXzQ!*Mz)X~LV_57I&2%u;EVbt$|)stcOlw1k)6AMSs^=#={iOoz{!$CH<%AzB)pyCa12|u>D;!Uk$$GLBsm2b}sU0>0p z%CF$t633RS)MG+0Ej;p@&-9Cf__)m{{?rr#Qi94l?Rf<_@nb(>dt`ol^b@pq1cy|9TKNL`9wWRg-&$v@_A7uC+ za|p-WBQ9&;4;sqt`X{g&g8Qe}9K-#g?2OWgP(N_69S7gR^nZW_{=n^=!2fcl&n*dQ zR))N&&2krlqD#5Q85{WSw>Pnj*b$!{!It3-A9WaaN193YJdbxMxvk7+W$Lu)tm{p3 zsPajA$N}jK#8J+G&f4ARv>XAwxqrO-E&p~uf%t9F>E#kcUuOSJoc!a8#=D~#r8qnz zFKG(7r_1v=hd134=ZlaIGt|O}#FOy)`{G?#;{1H@A?Af>&2zfue_y_v2L^oRi;)Z7 zPnImF6xzc-=JQg+!<+STQR{YH_uhVSw7@jH;6L>i@>0HgP7y=P(?qnu+4Jh>Pxl`I z&klK??;AWfzaPDqCol=+<6m!&k>ImywwN>EG`+E+d7b7sNpr#XUObr;HJ{b*cUbL8 zGOFENKYz0JpwOc#4_sVt=`1R6T4i0I(uEc5N|oyI6~#tgd5n{t;KXSHF`fcUe`+l zd%rZK_dHeT_tg@PcYM=Lm>R7A#^-(RdyS0m(cr?_pwfD7;+z5;yBHXPsEfvB&aDuPxOK1u@8KG%1sw`*H0IA z;i%(w%TpKj=K8dU1Q)-xMb<&|)@17aPUo)%7CsWs{TS?e5xmV<{dyVm4KlqcC?6pw zlaSCf@PEq5C&-B*TU+JCSIfq~vYg04PTYo^sQ%SbPTaPfxU+HsPofu;UP{Q1IV&iw z^D5le>9Zg4y=RYRw&0HY>q{mdDsa5HH`i^}f-Y(+CcJrHCs%3;&M+~s$R27~-?5{t zqPAJ3{!nHn<`=OLx&$s!pV>LO3rn6kX4XKHI-R#uH=zWv<+Ju|x zDce_6bu*Q+J3}P>L9v742PFDv?LRPI~vi`ii~gvDGpN7LP;Z& zurD_HDJsn&H)Oz=7xaqf_yj$GUE~O?K?`8>5WA%erRX>Pj^@C{D@!hK5)JdRYE~OzEU(7Qu z%_5Q24(%QEVazyCxNNP!NNmm?Q1Y)CGj3mwgIwo^TD~xE8%mF+ZhooeRScEu&eTCu zi?(JdDWUmAKdR%V-Q|dqL)6=i7xTTXP!^udz>9Gcw4r?A0Y5P$77shAX{GMu?q;>R z*Dr2bS}&zjz3g}K(w6&mFLiYy`d;c;FKKo8W+0P3nt^EfG(XKq@p7OIC=o#$#j$prq<8_(3Vc8LaSZs5`W zn|ZSHEVsw+GOC*xb#~T4>xk~hK~GDztNM!8L;EcCX%Owf3`3}nM^GKiPkr{^Fm|f0 z>#jylEe1}t)nD?%>ZlF09%=Fjcz0)s^7A)NmCA3QlPrY*-p#XJ>i&DuUyx0?)p@?v zdlKhfuCEsYUIq5$wmNMlXK0vmHb#xg$%~vNpRqx8vt6xPMSoHnb1ktcS2SaO$wq)) zs~pX*(^Ge;df|LqzYNdEV}VYvClvoO^-%CVQY@{+ND4Nh%U+(e3uc+H(d>d*q<7kcgTDRfFO z_d}ocF!NdaXR`V+r?WLybN0&&i*Y90o(cdihqcJo;H=Los8@vdu&UDMi%+w6^8ziy zV(=UndE}HO!OnTui)q+_-1K-z9uaH_e(>hne91Zg-ETstERF`f<#SBX$?YBXT7>b4 zi~jxQDHrQ^^MfvC?}!-sEHRFfJQ^`H?N_K94~7V*?pNqD9ox+jHxjflHfyBRV+=x< z>v&)+zev;XJz}?7^csrxFK(8rq&=Fedp;1t4H+TZIUm2&BCFJno)m6LigF<-+&mo9 z4bDJ{_4@EHv+~EJD802`lcMm!4cH(>S>F$&kb{7X$E?UTDI{B_EDWTO>sh@9ZY1^I zJ8F9hx!)aOc75XQBOeHe*6Z;|Z5F>xWZqw&)b{OtPqX_yr>UxhDJ~W4dZrY11J8vT zY4fpcBk&wIgI9FLIeh146nA9xc5tQ%S}_IF{(7cs_M>Hg6fFac?2(oe(tX%KIMWhr z-WZ;?dN81>;4{2hvnN+;+2yKtmT>WIuWR5N0^WB`&c;LTkH?Z}Yu^aYG(kRF*y!=A z6WgaG2k(!Ck?XZI-kag!7H_%Q%qaRZ=5pIBBWq>UFLeNp?K?BfBFV8ckLZls=*&zb z-n*mDJPygw^Uk>8;Z|pKZDv&Iv(D)4m5#NIX?+10-}hy(sMEL{o3p8#gA&twKF416 z-y#>X?#FA`s@)8)zQQlHwYFt&Z6J8>XYrbKIO>lL?LOos_C$V|S+SD};o*Fe;#oxZ zR)VG8OW2h9WWwf$mb>k5W{#(rCL8_6T%xC*{Jc$oQO=L+$z!^4cC2RDk(wD|GF-en zo=`q%E!VEK3a)`jM)ss53D?IZ~YO4%IkM-^Pmbt-<1aK3eK@ zTRZsy_0_U1yV;h#=~wa(v*k8!hXn|`xo*?PhFi-vyuF!H$Lq4lEV>vPZi_a2Z_#E* zM(CTW`57&0+gzivM-!0896~4UE!+~C5iqCCd|zO;>%s0#=jd9tpVH{(PE~zT&-Yu! zpleNA>#H7np?W5MF*zl)FNvK&RxZ-fXw%hRXkS+VM{NBJTfd2|Ut{YJ!VTEE8Mgfi zI_{v^^?bTU&t@pujHH?!G#}?{l*Qe6Bj~0n2h9n@c3+gQAp5DXSzpvJGr^m z^O5Sy0d1O<8=i}U;%l_c3~jzZ8yL#P&gxzV&%BH~wvm_n;h@*qrKCgphpQ;(cuiz; z_tSFPw0Eax(r=jau#f^LF4-mEx0X z&Ck^uDT6&l;cD4lQMj3+aGPsFgFAfalLjcKpjQ*Ns^FPMw0jcV9?162*8wqd3#8EH)_>(qjw?3Usk1|K;QLRUIpOpsr`;>m!eTEv}O}(2E zuZ%rrD^$2M=4#DCPh>7*c9?7E?!-XGoMW+u&cI^r4qdbSEQ{Hr4Y6%NEZ=9bLG69Q zfLOlIXydzaKrElw?SDPM-^vfY4vT$H)!B7Db+oRh+vBZ6%svClp}md1;pvLm2!Wp2 z)W*acD%>e|5wmTwnQ|AincCl**rPBoSi2)-EYC6+ifl3%BFsI)e;R9PxkY$9T``rG zlLs&y2e$2gw0y~Fj%fU8kHy9GVtnK{!$))-D`t9%R@_OZk zT`!%q_tlLnSAV{Fpn(YSb$<5yJs9cfeSbc=Hg~4wlbX8Nw_`=`Hxyi%@!xzIFb>Nb zYdu@S)@sO!#SmDuY1Pn(>zRGsU8P!>zzAZhrI3`&ED^vF@>$+F}{Z7$<^4; z38T(2hdSbfU0YnXlq9Wvx;^q(K3~hU{CZ|0ce!L?Rh!%qob_6!oO6jWjhoE&s^(l( z-=A{`?#&Tj#PR6A4URd=PoNdi&DHk7vrucrua0P-c03EUVe-}9o`CUHnS3&_;gbo{ zFiTf|ySrtpyQn+%ci+`F{0t}dC`_7fO|AWujRm#DsdS6StBDzp2>~{PRIUAm@Ciq6k?uv731G*Rg1Qj`9Y_^lz3HZ7-#{hV-)>A7f{NGwxiH zSKo&7t9Mn!abDAjw5IP{RcuE9kDC#II1vK;HC4qOr_9aWn;jE- zG7I+P%aa+h<208#9ce#~DrUSICmG5**l(B15PyjH`7-3+T5jOO3I%0W@pF@Fl5b9~ zNj`L~EnQId*O?63Sjw^@4oLWQN zsy168q=tXmTW9=f#MF#GYTKhsPulO9!VJZhxDdjNx;O_`pmq6a@m$Q3KHB>Ke06_Z zJg4-f>4aNPH*N7;)-yexkOZKIB!Ep$8S? z=uO-CyM;A0YsVRdhljI;dNV#erjRieXrquZ6NRc`UZ0{skB7}%HI0I*>z+KOuFAK~ zzZf7>SNe@Q46(4^&h~4Y^;@5D)t7e7~gO5ruYi z_bz!(>h3ed*%w{06kTyrbOpPaOhUgDIP7rPm~fT+cxS{Ab)Qx>W?$8qrK&L}RgD?& zopPd9=(tPJ**9Z+X~+0UL&jmrJ}P!OTCQC8LR`{|eF@=93E?Ltgv*E-RE_?7lZ1l@X$*q9P6Cl9)MB?q_8h?c8Jl9R5Db(W_l2X{TN-}8sU20Gy$6$)CwnI`1oaVu$ z98X@BC-Yi2>&=5wG<`lO?Gx48)|4^%+`Jfqn)+?}pcD*2+0s)?s@NR7!KYkB@8>!(8zc_H1gKQRnU3OS`m}_N2YEW<1k#??6+_4wfIRI9NF} zzK9`@70(pF4pDhex%qnKsa-US+3lm1o^ZVJCDgMw&n;QA{UuJeXwx1|8HeH7vd#YC z&7!tDT8Ih5vt{l6;Syu&$8^0q;NH()%|x&sL$jXu@WZp!@%DTB6I_MapK01oG3E8h z#c_|2>`h^dEjLXeUT&Fv-rkIRgcPZo4XfXN5wN+Qs_hoqJ!^J$5_M~Mn5E)!bGMKj zrs0Ok8Lqd?VcSep_cUFwMQCmipSnj#PkV&q+9D2ngxsK}7kh-!d7@j<#bF<#U z7}`x^cyOa7tkb9!Q8i#J`#DXT-E6%@Z+tU_yzShX*}@qUsQLC+GIG;tg>=5Iog2pC z#6sF>w7LE|Z2JM$q*KP7cf6pHae>GWt zGs3RN8O-a?Z$v%Xw|4pEWyJ=-tqbDj<_X|eIIix`G(taD*6!u><7LBvS65obz+%qY z*dkM>o!2bs7*lb^bTL0uxAIop@>_N#MN%eNE`0GN1(y-bSpn;r6L*oZXXaL4Wg}SX zR1iG-PAFB1=bkeoHJ{x!8NrbwP&etFPTi9K@41yStaw#-@20{u{Y zbj(ESoqopEEtj_(9pzUB?M0`g`ohxON_{JV46enkIBrVEjPrskO5QiZ(LnhtA8jmFNvC;{#U~6T?4e{BjbKO<-W11TXKi6x0*Yl(GggYjKw)^(Gi7g;=?eo+ z$hrvLMH76ME|$csNgzoP%*$uW-zrBXt=5S%uDQ<4^UQ?xF-yU^ShVCOKjRGS#Q3eo ze^zURq70ZcXRA^y0t_adG|Kp(UB~q^!)~>|)$Uf?TMcQ_w_4q5d8@?)1k%MYE*a8* zs@g(Az@Me$q?}<&J~QIh@H0TH^(-*1M24I|nsZbEBxcdsoGeoW1Xa$$2{vR|lE&cp z0Ks*+Q#q$Db|J80ONHYu0#$qm!F13tpi;KQ<$y3ca;8!d2q!BjeJM1bd8Z(Xps-}3 zbcM@exCB1|D;GGC+NfJ2PXS4?i$1cLqRL=G)0qMmlaWIkU<_>~wLSyHxS*L0T!Hsu z@gYU#i*`n+PQhsMfz;>VD9r;xmdKq^Rxt(@<+{kMRyp`+DyfaR2o$u5b4hnh2<1}> z9qF}VebzyPBW+LW3!yG+Tt$gPB3Wpij_DI2O0nvKtVDXm#96=ik8lGR$3lFx1DLP8ODFt@OeQP?htkiGL#>SVlf1Le=bNg6UjMk7nu zelTW<((0&fF*3sk=;h@SP|R`Y0rCr&?R*A*qgO$ILzofZ*GhSPDKsf!fTFhyeN?13 z;cP&vwUb&Z=evRO7XyUHQ8-MnS5PQWFt}&IS*N2*+?vMo{?@u%Ye{yj*#%WJ+!PKC z+%c7fw=O{%l`Qa$yzR2++4T}oosrPsE_w?C8#_q`Ru`uWv$oSPbO7bprO;e4aA|DU z`7Xg+gUi75B?+wsRFA821UQ!iOc=*3VQI3}MQQkL;MuGbw6hWz*kKf&0#h0e{`UbQ zj|(W~#67%>F4!DQ(Vhmvq1XI8D4l%QS(ZZXSPUMcqI?Iw$sLqXXJXI2mw*DzvVdv! z9ekMtPgoZ(E&LSEJL`3|WlmlS4N4lGj_S}u2@@blbq5a*7;@X$T*cF=CjjhpfM*Nj zwAD-nFl@q=H|Q(N$qnN0B$$XEbiycN46N`8)-e?5UHB;yj%BP)v$ODr*p9%%w}ReK zLPeE2gdW}?CWr<9IGjP=*LUXD>2tOp11ALhO^^ve48$lqIC@>i*an!T0ThA^cgD6k zCY9C&CO-#Y7zGp~N2COGB;lT#9+Vfip5J=5?*uR|B)k}eDGY+Bl@ah%;enbCn%c#w zcV3>?`$fW^2;BQ3I?gOPzR^QQle1Exi&F>v1=>GFnGq2oLSt~3l0(pCICt=wHT-bI zS&KgE(-tlzh>*z^!4`}+LPKVtK_XA&T(DU;&1D)5PMk*M6(G-Dj6uW4?K%mYWZ@H} z*-(0W5u3tECFfEiVAQco$*>4-Q!we^vP2VSodryH1{y~#84!XL$Rr|51z(H_4IvK! zu7+Q;$0_A#lSn~!E=X%r(7L0rI2%N#$-+1wnxJ?Wp%f!2LhQ*jJ_s(Eyh;Y%n-(y< zFuoe0oIt<8@zHWtAcD_0=ZI{ZHj&XHOfJbtvI$U?LMjt%NvXgKLD&NA%VE4Y1-KlI zPy|cyE}~<^^6PM;2^k!AmKys`NiF+`p0?Tvj2Yq$z$e&% zAiqKc-oZNJA(WWnf)#1w#V6Lo+f;X`zQ^-Ir*(aIy$a z3km>Tmk>dD8M8}W=7>_spr8(dc0{rG0Inh&{O87lVs*)bNio6OwgToHjBYwz;2dY0 zdprP30hR(R1z1XdX}l8G+Q6}3rW0M1#=vDX+;W5zh0d#PLW5v}L&tC^ng7IZ$=VXy zv+!J)N8n==bc0}8SeOCpvgnnLD)=oCidGC7RB4aHE;=PLO?W_`wQu z{ndC-S}0eFZacWiF~VU6IXi72HAQu{=Rr6NUlB)+_!dlv&_ywuI<4RY7ww<|y<-sM z9!LFEar71emV+hqq9BMi(jgiTa6(g7R`Az&1E+RSy`%7tu9HFcVMnLtL9!LK*apdIu8=Ix)(1!uhCM^TBW%%L3N{VTy(`CM7~tfzZ#vB%SVZ9EfW5?p9Kv`&UK zOxAcSWT!eAI^UU@9x^>$zZ$NzVvpEPWtuD#+=pyaiUNWqBf{REKaKsGILcVKOo;td z;K@RB>cDe^L*z2Eh#>m7fqgCfq7*7yY2cANL^cwt+Z!K62hAj;tutH*>+vy92Au)Y z^DcB+mjD(@O7N0Haf0JIO`zrHm`+Jugw0{edN`l7rk)aK!B}s=reNc#IsMs$8lgSo zD#ETn4|ND+f(TN0n&68}^46sNSOUuEyPy??N{~qrgw6=;&_$lDfveEKyH9BXt_E{4 zyR1}7%IL^oB%z{W5LpLdpMgbh1 zaw3XQXt^zzP$+kZX@)UVvdN$a5Dy?8K)il(BfKDd5Y9WzqSB6XMW8cV1vN01VC*a`p)BQ0RSt!zF%tcTWWx5iD2=mo zF1iFB{OQPGa<%Q?2GBr79*u#n(8YA6;s(R}B$$vGX+zOg7Q=w1HU^A|aib+%$z+2m z@exmgYvB|~UC{T~8J4tH8pMQZphc!wh`kAr87l;gpiI)1=uM`zSsijA!>2`8SPrP* zQNc~a-a#5Oqi_-tB+UkO$wF$Ak0v{zo(axx1!rT02*pk-Lf&@H01a*t+9d>c7Sz-k_txV#bR6&Zh}Y3W)*OLUBZkG$zH*vi)w7x)GEpf+WmQR*4x zo;{_JXd%h)Arh33fYpXPb`E_&5FV0=iB^o^bD{wNlmH0xEMT4mEDUIj&l7u9B6O={ zDq2&Z2BEv1NxDGki>P95q*MI!H5e3QOms4{q8!XwVlL5&moNr62-6z;%#DI4bj%T| z1S1BE0xnTn!gdGgatNZ5RTF6e5FQbf7(M{1C}j{0D*5@4kr_0ONjoSrDd0s!*a!MO z%LEg*4@3y8E{X|otxWJ1eu8IE zo}D5;3q#Zps>20<2&x4Ff1xS46F@Z@)bc+DQLC+n^niMuWn60*T286IpdTJY(Gca| z2C@b=0#;KY5`^JEbjTpyG86<_3{ufGWWOPVp~1VDJIa?)u%FNn2}CV|5^|)IJ;L(a zLK^A}#<AeKn*3$WT5qfFYno|1NK!a|PDHxsC;xwUQk9>O~vQ z;SDJfS_A&m8i}0431Jy@4y2eNcwlolh2$D{-ZoneR|w9_$G0K^TpmTsw3JEj;U;G% zd4w{Ci=b@Z3PKEF>03>$kcVIa#saKmpJvn%$Am1s^a3gv{!r+w(}?nE=Wqw>eFh7( zVkx`aewx)UigF1l*8`;1=uFTes}4aFY^An*Msc(R=TkVk2R3j%1w1|B0M>m25+F5m zopT|J#5&Z1rYo}J-zFf{1Qq$|qCl#7))K&zSpR`--~G7BTl0gD!O zB@-S#KxbgvwA2`MZD{S>K~U{ve(c!2C7Cu>5y{6rR?Cz8%hkVY$|Ik2CxW3 zBmxnM2u31;kqCW0u2~PA(7A}{#mYd7Q*fV3moy^Ogm7At^Cs)I4?v}jAGGrWq9`GX z5~3*K`AaAXN!US2NJ0BUP!3^+M3^DL+!D+!5y(g|xWphy+EPM0W4QPXJx~a|iiLNF zkllh<9L|F1f{Fp13bCfNOWM2g&GsNWTP)-St{Kfbd0H&8w84evWWZgm2j&~^MUWJr zm(FolLWbjmh|VA|&oDg^R=V}Veg{2CPN`r?HF^n^1CFxXc?69PaU2+}$^?|WRJ0=s z(4pidqAH1~N-B~UU;u^x?e?&f(1aKxTDgMfA8Gz9#Dsf6GuqX?mM~@CZx3N05cYAJ zq-TusTrFInl!H+4ds+0YhweM?rG8rqEv=m_a$l^0-ufacrn zAwuz@nP=!BV~F5fjI2{E7dY>Te(FSpH1<30Ax{NCXx4@Y!%B>lzDAQV4vO6*Ray_- zcizhYr@}B1k}w>elT@WEHp^f`;b2wc4&5nmXN*ifi~Cz z3k%4Ww$%f&1!N1z_FL%zZ6tDqDa2JFAR^Y@7*SO86hI@ouVZD+x7-6|g0e}{3YAI- z^#gQ8Or6lq#NwM*WbHTJ3)-5LJ8NvmZA?r6)5MI`wrJX*)nvxH@1Q5laI&^E5xDKDMQxuH#6*(AeE1jEX4y0N0^`IiY4Na>*>rI`5Brs(gd&tC8#*Y zndp>>9apqPiPnhfPHEcL=PX2-X~?y;fzGI52=YX1E%Ptb zdO*vH)(B{OFJhJmZ^L8=V31j9R^1E*vG{@*qz=xSCj`jVVQ4nRg1|g^M7EZ<{`)V8 zfhoyq1E&i9twLy>lLy~BMMpbP65S~b6sd~OJMHPA#!9qGz$zOTat_vYqJs>|pgMLM zn{P$2QPQCg9DcadI=GGwAt)s>8ALrbX{#3sEh@CAn88Qmqwpc#6W{TanMD%0yM?(o)(+F+n~&H=iof^5Pc_#%ppnmXx14cbB4!u zni9AMc8b$A_=B+fZp}U%??T=;0wbp+v~DI3PIj(yISP}S*8P%tKSnwd!j`0=W57bv z#HcxKj`9ln#-769^Xojz;AzkgiNNa+(qxgkP6bL%C|-B%Jd}NGzLim>^(hv7q)i

3=aqF$nz&o^q;nuzQYwA4Mte|re=sGLGI1l%+q#V0k6Y<~1NBGgjR!AbF4r*_zvl5|cBXfNoPNzyQ&eGPm*Ilk(O^TGR^R20R=kYh5LGTso$ zhunN!2`wP$=uFT-(mlTvdNI~{s|=&l`=Zd=D6cgFIjE&1%8)tt@hwo|4z#q1;AWm- zzEv{jvHMa{A3h3l9g zod_2YGEQ@FB4|^z?DwcDSX%`vt4K@10xQbAgbh-394{T=OUXE&U1M9?pOs1s3UcU# z%|0O}Ph8RASt`g0H8=-Hs2R42+UIv+>9||OHeCmj1v-FOP=Mt~^qHyPxw>GZ-;g+FQ& z9m$4x1_s2_VjZ2p8|l=rk0a4v%Nx#__77%ww8n_2GaUw$OEN(r;*;znN%U88lR+HC zl7>z2uEZpAXL58xcg&a${?^RJG7BR?+4{=joxyW($d~b8ODa0i&LtKi{K&3L9WAzH zhVVuskeQ*UHqeus=v7aEM&dK)k1`39X1I+?N1q+2W61+&(zwF)gsO4Js2aPED#_j# zN_qY6P|kFC8yuAES&6t2fpG`-p>s0BR;w99@C}AwCs6iZP|V;;(2?IIcRbS;f~Xy5 zvD38U$jf$6D(z@cw6uR&8kqJWN>^;q+A+lgONxOiDi%6-S-ABlyW(3Zk`Q zK5`tRrr#goo`KnzEk!Z<4G-B_R~&r7vI+gOjAKqFd1Y-d!FkbH%H@c#(ZxW*nA_>s zml#LJfC%&6Q2H1hCuX9DI5L%JSG>sEG8ULp#M`T^V{>4#T}Y?3}Z zCFsdxnUv}hqwNJ5++ht*K7nhp5haIY)ou%)WjvEJk&f)nT$kVsbeWgN0tTF8FY*IqKFD zX#x8YW9nHKjg%>6ZUo#0W1O~HsUp2hMTiNy`rPAbUEI$Jq)j;?K9Mp{ zEt^lEo}^zPO4^trx-J%}t?4{KKm~Qa#Q02kxD}p}!YJsZ@xpW>CrV*3po-9fr;bj- z_kB@8qi+RpH1x{?7!K*_uulP>)|#9kA8JzX?C1 zO=3@e}bOpY9XQ*L@zh29%#JK>g=4jW+rM)3?9*{o#Fn zokahHhxqJ2|6@VqZ5=3#FIx;016zI^?tFidxFx2U3z%m5f!c(zGf)h0_xiLK^lAHn zI@#xnd2F+F9jNoD|9qy=QD1GKHov)Sp!~tjhslk)$7jmN59;=&>aThhUgtLtFW+TS z$f~^hrvFXg?7_^znGu|rffEPW!103|fLtA(T$hK}*VLYj0gTAYmk;lI5A{_*?E3^EVu=E;*1p4`{>Z{Gvw{<=P;@B4>zS)V;C@87@g zAJ*%Gyde?~{H9XGp8oyG)MfwgfK2@dBSJ0os)asyg5a0DT8y$;+}WoMoV%Gw7_fdq zJ-Ag54jMyUaJ%YbHF#qEK=nOwQ$IJSKbPwV`soqpIfDtRz;t*~?$bYCyzB}dJ+05w z`0VZQ%+jNG!$)%d5o;fb`A6-U=|5t_Se5r=B8P$F?4~z`^*6)VJ;mrf8Hei_ZLrXf zyna8sx!@yuIeb&ECq!ID!1staAaYAC_W;p<)_&cNlAm5ayvjceZ>e8CATj=K&+72> zzuJ>$;d&<@G@}_8oNntq-F9Rx_?Q2Fn@G+Y`}P&Yq6MvD-!T zFa-}Q6VgaYd`<++Wd5H`l8H$f0u1UBEfFR;vNTWk#SHs^069 z;rN-Xz+fB5j{ncD>utjO)w60f>O<1f1nMaE0RYmvdO<2bHivaO9Ny0@>zfz}CY~6ZM228bJb#A2mGvaq4BaySJ~yt2ZQRp?g*gUK+@`FeLdUm z>)A$MWFJU84={#nk$aP0mJqfc#;ad}O2F?bw)E@@eGXmW&3GBFYRic);Y0Yq!v_&Q z$O;8l@v6Em!h>$>?>IaN{XH1?Q)26R!Bk@$l;E z*R6i}xF*UGsQ>ZuE$Jn_{Lr$R z`B!0RGJe?ZuYP}c^L8evvwrvm{gC&X>l=v>-GAsk+u!@^hR*~5J-&I{zFr_X^;pT= zeaU-#;=JEICSin^pcbTIj8?Ena4HdMPQ{o|U%hzo1pmEQvjZV!&6=i;D3%#JqPQA2 ztB>Fl`jmeD8R5srJ3^oT+9!CXB|nG57Bk;dbX%#w`*^yg9UF!XVgzM(D{|@(h|vqM zdbj#c(syfu>W6atkf@VH4_%!h$Ii&v(fkeU)j_DE!4SlMHJ50${!Y_(N5dg#0QCGr zU9mUkSS+T&2)pKa))D2i!!=T9_KYO$MNM$4%jJed<4DK^NyTuZaPxHbiKS1DB}@`) zN5RC+(_i~p?{%EhV9m+$vlfTV7H*EU;1qAKv34~20|Fj5Go%GgH5?=Dh@qqO;ilq@ zD|Z$lKNB7_pF*?+qUIpvvDhdY>2XxVoV&u(7smnvIkK})8gudV0?y6kWP#}IO%n!+ zx9m-Y=MR#v!a2M3Ncfx4HQ}cHmV@i1=#zf=g=-q0&N`IrAlLDu-F(Dm9ZJ^!7MFE6 z_H-QDuG#mtN!o;=J4khm&G92Q!>{jGsz>t!z3JoLjvsCHrpE_E^xeI9lU~zze}w9a zXUcjQZ6~i{Cn*|lp*Nd_-eM9Lz6!lr&F_ZLTc;rr?9)Tj(nC|{w^oP{0SDiNkF4bJ zYcfD;uuOYxWHmFrDcZF)C(X>-!ff~Cs?9T}ka2Y;)68&j$2R0r^Re9ptdbvG=w1`v znv7V`gOfDx*@j=*1T6-2ZiM7fpRlV!l8YNn+isI4T|zvoi1knA5=9NSp2<4hOQzKJ zFy@&xJ$K^`c;IeV>QZgz#xpafsWhjO!mEc@FH(4U)e=zNmIA@ICl3Jr0gmsW`x)ZI z+Cm{lq^=k(Cu)4p;wSgNKD^4cr90T;h8zLYQA-nE<$jC~vOduVb^I;m&PU%4OGhI7 z{`%p!hqt+#P2d1*zh*4~xW80@-Cyd19xhE)+cv9Xhglt4Us(_`OD$djm+)iDE?(77 zY@bR06z;*i_RP@r6-}4?17f?NgNPvJ-qWNP5i~%X7IP|~C-?vH@LR4bRWCjb7IAF& zb?+*Ux?TY5p^NaLCKuriuJ0MWefwX(=j+kLU5!f_1HsF|trK;O04&ChSn}pgemxlE z+8-fOu~4Bt{1JHio_Uh4D=NI#Y<(e}RTV?Qx|wsQej4e3q|IISVxb zH4m>}KfKS~55N7NMf>NqkJ%@oym%E}_Fd5WC=kEe8ZO?xrA57?ccQ%+h61GjguB@S zUwG9||M}`*?hzc3-jG>*@#ac^>ER zs$1fG5z=9XS{RXd6kdN{ybDX5pA7DH-iTHPr)&QA<-2(V&1Yc?#j5>;!ZPn}5C1iv zx)~ncuGdT&*>&xA`^C{J%kYB#(mRt&}KyqtE(qe`BGo-v4({=hki4CT^0O9ywrrPB|kKI_%QceH)|h%-d)Zh*Z+n$ zH;;@0__}Yt8(`d=4u5J&ZYca|r9CvKJJBe25U#Z=kBs5uaSV5JD$EpiH_jAx5oqFe zE7BD9_U3eWf)KU!MJ8MHCVrxRhxn^OvW}EyKZm$kBp)*gyjkWfgQjhX??*`QB)T+# z`B#))LvE=`udhyk|H;xT2kCVi(yRJcOX+pn((BGjFPv^KzP;>{%Rei=jd&FvstEju z-+Q)uW;l_c-dvK>R^WK^(CoIX7qu5e?(b{LUQ0HHbaPQ{(y+c~M^z}T$gkCYP<3JN zn`ke{76_Wr=Up^*OzZLMXW`lZH(SmO{_h*=`*GJ?^G>1Qfg;} zq&-M?kp7_9LGgorF6o7$ui+-VS{EDfTtmN&Gw7U6W8kZIFNT|jTX?s)e~bI3 zZSQ6kHRI<8vHJWVmY*L)`y9X9=eKpr`FYs!c zxi-~{nz2ap**M5`CZ&~_@>Yv~G|}zxMT#Nb#<1gA;n4}umr~Rmo`yG}eN-VWjLZKy~lN&?S>Rwl~)@U@(`VA1Y+i6Xuu7N~P zrJhkqi*V_fETwteRImWY&#zx zNBiwmBfM1vs<$7j^@Pl!?eAJYQ`3?dx+BH-+q`T$&1Q<+Op0A!jI|}CZW7Yf7Bk-0 z-}1J_tgQpCzE`x!))zHT14z5k`cKvI=&6JGr7tBL#!c15!qup$#h|ISq)3rm9kGGW zBS+o>-u)St{Q8aaq)OW7WJ)1`_w(wBx@n0l7qn7t5zn`%Cq?cx`evcpRaKvD8`9=% zhK{KUV6>&2Leg0!6B~>++qI`v=_hkBw+~w?MH9;xRE_u6<;cg72|m=^I8iun}4I?4&m^%k}@}4a{Pxe;3X9fZDxj=I7)o2Mot?8f~<0 zr2eoMq653> z@lc5%*b@8@!L@0Ub1}Q$gia*^4SFjMn4nXrJ5=f8#k;yoad=Np`j~Ru&Uo~$Oq(C) z?}!=tEHjQO1{yOo&%>TUM&;pT*;Z*O~kJ?w=_)f`NDs9-lUgRq-uE=)+9f@K?t=D1zBA}dZ~ zJ9nSBBX75ZG0n(|DRuTYGb^*78~dZ&*w5#4N0j>{fiR}!$)7fc=0VL_s}L!?SPLds zYpvy~50G&2ZjUrb3<2*+le5u~`=hZG*Ge0~(LHU04Xkf^{KA8|IjJ*vf2@YI2EWw9 z2Qxg}k}Oxd8I^t}T5fwOWNn7}wGF_rJu$`F*95E;EsrSJ5B|y|`nqoNQ5CS2uVyymu!2 zrw^Xj-rDZ7wUgj|ti@{?+h|8NEc{UD*0cNd%#)ok46o1Eyq!gJZ(&yIz4||?PuBl^ zXr;jZb{2YyX^PQr%piKAr{%x!{-x@5==cA=g_qDTJUtcZzvYUO` z+kRpFFk5Kjc38=r?xfbo?*-Pu|GUAArpwQS$qGaou5-x`Gj5bbGt_NV9!># z+P1e9Ze}ao=0eaA6(9QI1FB8vErqQXcxKW#RWY2lX>uX3wd7$NPuXDgCzgl_Pue88 zfu|I6Jn3uR<0<)o=WuA0_;&2s5gp&7L7Uc<-u|$dTwTncQvCD$(3Su+O&iblTn*bP z?eR$_eR{k;%cOrC`;Au946JF@@VMZuWdEMi+@I+$d41E*thBo8zJ)%wRclptJ&%D_ zfF8GP>rrr*^SEN1Y!=flsPQAy(@KPku)V#Di|PF^zk4r+y&a*y9jf)>@VYLa`gUaB z)4z`o$NAv;O>Hz3)eWuqs#)Kvx1}>!!{qM>YS^VU|8TKm>s@S9xb(#|e;a2LxQjO> z&a&R&&ATwdm`wpMLCofVmk_R|O21(cfad`E9%}QhaZrhne*1lOTrQ{1=ePJ^X#M2= zm;B~UL-1Yb(436uLcMv%GvN%h6R2 zX!G63aw8@wdit+FXs2(Z=4=_1IVyu{wAelI88q%=DYE-QG`^eYno6sTJr*T=aBs}j zT5KLEP{!;C)IjPaG{&40tA@@XR_zX?S$H^t3O`7 zra=htWxoFX0V4Ex+Mi5e%e`s!p{6e7?fA)u4Rcmzk~d%Gi^BrO+NzeYwcc@JxdWbS zS`{?nX68Y6*P#|px2;1FnDw&Yv<_9BdTpm|UDDfQfjDE*+uGv91iR~6>=6^h@Nk0* zh=XP;joRJJVz=EDtVOifsB_0FjW>M|*~gSKp|Cag#jjxjay9mI#;9|`p^hYB*YlPw z^GK_kZjU{d&sQrgznMA2T`5`k(580;XT4e}=Tc%!lP0shZaFv759i$fgE^9mIGzo+ zAu&g_2ejt7xtc!25o&Gn)e#TWP8^{&+`QVW@E>25DFPE45ttwgvkd09$t_#t;@gql z{b1hkGm_Y&Fj>AexAx017TgjiN-5r6O|p2*2S^!|Y8@z)M{>im9c~;cCz_t)NkeB+ z{3$7u8%Y`bmlhY{zlpgP7h|r)exTD(7;whj7j|fmF;*vR)%Wet9%G)wj(Pg)IyAxd zWJIhNJIJAl-O8fBjzjBSO_3S3XUJ5~ESPHU;t zS@zq}zKmDn1VdRT`t5R=-VfP6U#9z8%Lsf}d7yeJer_^N^3BOK$p_Nfk_6Rsove;M z-dw_W_t^0H<`VvNkjwu3rwud@ixc8*`eV7-usA-HOCSHGD0lETpD-{7|Nh|Gzc;nO zZW@e(8%Ls+7OV!M9S+f|0^rSu9pr*-?+>SVX#N+-#`QpPa(DRFXY;+`==hht)x%## zOwIV0y?T`CN&BNt@IbNEB82d?F1bMvXt{k_6Bn~Oj<%>jU$h_B#HlQ4It10zOmwHE@vuRwR!7k1x@V86Ywc|tF9yie1$?6pW-un! z@5$0$HSf-0nY&f8i#l0!w>T`5_gj&AOBd#A%)=7!>wYP}VKNxL?HWq!_bO}Y&2DAw ztp7!Yt(m3>@J%?`FW)LR68)=X?WQ=@H5aXhlgK_YLF07tAlW@;XB(E8FFM}Q@r63N zXmyC|je=L{pk5Jt&b5`rWC$m>~TMro<>zw5jLD!h%;MQf%a+QhF_hP7Y7Dt)rm=M;( z5(VRwM&m{PkLNy#zQ{$PB^vf zVEMs{gOx+)i!AimbWJJnklAl=V>nv&;H@<;%j%bwiAYD%dh)~ON@z*>3Vfwyq~|CsdhcGW<8(chi9wf;`g>Q zxC*mB__Q5$%Ii6g<8~t1JJ^=7ZaP@J+zKXmdoyk)Qe?t5Vu|)==vqLl+Qy>Y18HZ6 zNVkrM*)J|PHx|iZdT*HY;d;x-wtYu+`_tLoL~}R$*zH7m+D;_bes_V+NhOudT4d9ylwNDdDxi{sQFe| za-Gv@hDzdY?rw(@4QX4_=7R39MF?1vMH&Ch+W0rW=kwjq&bDX=L)E{{*3Ku*zy1F9 zzwW`#-}A@9UroW^j<8wuj}_7UJ$IIix`bV7e8tKG}# zuVxL0V_kWfi#Luj&4W&w=V$^`TF7EkVp3kKJ9#JW_#L}aM(eDyF9L?mFH5m-jOm~HG z8KpMNMPrQ8P~_6_Ywqs2z2oMN>#HcDH(io=>6A}h^eUEQgSH)aO0#Rh?zrz8d)6uM zHJYcuQ{h=Mu-250r5FWAV{s=qwbafeuM4;s8Jc+>fsD^u6fK!x@!EpV`c9}jAuAf- z1-x_AIYsY^=F(>iQn|`nX5+7=yp!Ti@;k}ygufH+PS`tP?!*j8z<1dS+3}=pE`@j! zWam}qOcWh}=sT&-01-JxX{ExiF1liv5ngdGE!b{(X9);CISZ!)10`g|G4L@$WH~n& z6520Pq!V35hF=6q6^KMmB}0rcNGjRv3fCz_+bNf0Maf+XO)CJ?#>!NTjFuG^g8;cE z3G^d)WwpJN<`j_PJIA#tE=K2=aVm+BRMIB+7_w27I(G(0f_g!cv=`p+AXOK<6|N{F zp_G!3tUd=PtE4)}TZR-v=%J22IS6s=tbq|=6&ZgKs32khZMJ0Z5|`2ni^0?2JfJ(L z2UcGOt%FQkYlOnkTdspj+C0S)!oc>+0m7gep1J^4b|Nvw08MzCtz=z+ z!LFRQcgmcBqXIAsBw8`T7>VS4kf1U#VGzvmf%E6!NN0sM-ig?Sz&VHBCM$wqo$fNk zt=E@JKtVd;0<(?ELdtW1W6{ADqhbu6l~g(JE``QA!!?{{@=kU^2+K7$(MRQAx}pyQ z=Pw4BIsw}ti%ej;c23w%@WRQ!z-#eLoY&$`^E=H*ca+~3SLjT(-b5IgV2xrDnTHgx zfEq5#rCwYw0hL*VJLx(G$?D*Eqr?Cts7~Z2b-tP!EiZ-UnKG)=@N7`O%!`N&iD`)( zy6K@&6&im8Km;F%XA~%f@6JJbLAsfBauGR}ALRd0Fe6-NmLkinVbfR_$N*)Fm;obX zt*!$BJk@znvQvn{B#gZ1T;>dp3zXD)??$So#swdWEMq2r3DEI7QjPB}xID>VBUfCd5)Idj?PPUfT#_L*xHW(>cSheCwI6OFm?@o51un5G4iP@&A6(Bl!OA8zQD^K0UI|*BqKqo$=mg6h zLIa?fO(viSx+VhMc~ge(FmM(zZeYP^(IIL_Cg4fz@t<7M=udiHcx(9W%<(@VWriaV z4u%6`8Ik1A2GO#Mv>Rvy#FP@jZbwoPk-p^2eL~2?5SmYvT7H?1Q*5BXEO=ey6HqA( zrAJoKnGzy`sF7F;nBojH&}SWT8fKA17{o0c2?6wp0*}O8Sc}Ig#8L?|@X@9X#O&f7b0?z}z+ zF*8qwu|VTJ)C)0B0R0>ZC=wco%{6Ce$83woOiiCE7?rTm7Ic4OO zWpnDCdX}H3chKi-%BpZkqu>VKO+&m2+_x*8EUkAW?wm4r%JwPU{}Px81WlTQ!_i2j z)wqBiw1~nGUt1*|$v8)d&jrnP$o~%!O3EV+f{~0Fb}CR@qzrtkArI?l-iZ)WUk@SJ zPB`Jhku`x&S$kPvf^)W6cQzZ{5E5SzA>`vhE6b3E1=Z%ha#TnaZQ>!Yh7kXH2qAvT z7U=|o(UMdWryPS;buj;kVPvcb!J{Ed`+7*hH+tAnSh>WC^aT#e!K4+Ykh@ybxCBr8 zRgvl-LI@=g1W@S91x;U+s5=B~Kvp+x6YlFG#gONEB!_VK9o#SS8xDbo!$qW^j1>(j z|8A71)?3A;!aFksf%hz(X6=qx`-kClm*$Ar|HOygc4?5#{%*9 z2>XL+h{+zguZS2#$gqfP(rJW&!NPKiBoY2t>r+57S`pJZSO4_fB6mk`v1<4iTN>b!%VI<%V zt%jeLY|_H7h?Iu^g|`#RcE&=;rRJui`32bbV0nuYr0WI#>mp{jcSRWIg3~nl3&pg` zc_$TDwjt)fK4K+@;yn@_t#$TEr3Bd*Nh^)WsyIKHhkhEZfU_B5H)z9)m5Se zaF%7FwL&KaOmbncc*bQZVq45XqKzN=4Vg2LIfLE^Lj&wIc&h*dd5AmR1@O<-s)h(8W5L%dL78 z%q|40V?^d*q463fz!@*C_Bv^%+RQb#Xm9nS;3An}H1SHs$e?^oQsZ95f)Bt7 zC&v$rguaq#>tN%8QNl#T#L^&)7aBuy4R?JfAm?Ptp{AUsYE56{!<07`pM+G5O@Vu( zm`|cBU6-_OS_Q7_M5|igAn}a%lin-VmK7Ex^n^K z2LlreS=3B&Zu>syN8v}}N8pD)st-$rQAs!i0;2eoJ4phByoMu>N32dOh=S7(mHlx1 zF!bT^gYkpk5bSX@SrHJ^iVQ0fk`2XV4?D{_{5xrIwX3jOpRGTZ5XMkO%Sy@4b&8h2 z10)OCH%o0%Sn$u=C(_cW5G7~WdSeU%K^7bfFi%DctyATxpda*y7zVBgeWE{({y1PF zmib(`q|CYqp$Q7KCq~oKxidflc|OwmI_)lK9p)?G5~z$0t}Yoaq6!&_mxe2hv6h9z zwgN7`9zH1}2DT+8?*c>a$$d1PRNgGUO{GEJ>DJk>XWtJR1DjKEN5?O?K5$Qh;*zolbvp$*q>2VW_0DXlmIS84cG<#Dpo^TeG^xQCpVSBPHr`PkCY6YI1Tc|Spb;h* zsyb=wGQv=`qxk4P1eNwOWL$y6_Bme=v0A|svI%r0>dc`~^aHraCdNJx4+upxV!SEe z`~)BFAS|#an(ES!Ik=ovu~rMx-3YW!;-Eo0;y|IfwFu>A;0~NnfLEfJ)_bMp_qF|)bR$@#Mql@f(D)4U(gF563f^wNt z`h%F>#F(-~_@RWAkPPrAiNJ$F5;V^h&cQNKNsbWEbUs+NSe)c}cTj z8v=^t5b6hjewIE102L0Z%nghVLQj|g1^a-ACUiD-p&10^7mzCa00~R5=othD35-B8 zxCh%H`-5d6mCP|A+|4W_doT(Ki5I@kb`l&4(uJe?DZoQ|f@}mo?4$ZbLWf+*Aq%5Q zWK)XB9WpZx0WSziZ7q+6fJ#R7Q5ruAKlF@hVyOIzil%@UjDmns5HJb?f-F20L7{I5 zw17YZec(t{QD{elLl`*y$@mAx5DfSZ zM(+rF;2Vrkg|Zf8f~F=b5(Zszsyu{Fz@SS`w9zI6dPiF}_%}-*hNy^um@cz|_?g2F zQl+O!x;UglZ5IQa*7r(Zq8(AJIH(XQm7ujzQL^%x<~(hy_lINto@tB>k*$gaHiMS# z5uXRAc#eVcwID;IQGEY&()?RtxJ4{DFow`LTOUXwnGYZ(Z&=(H23%m`Ay(& zX#X2?g({bW;|7_P4;VWH&hS^kv~hCZEdIhlwh&+-;PQ|Y=_zI|#sro!Lt@+T_un)P z(m;fq)g3Y`1m1{gSjSc3As3ypsFN%b0sOa4htjdrk-@SdBkW|(a6%n}?G~}4dF84L zNR}k+(4xI;RLfpz10D4pbec-#zft;FDBAjBL((L5I!UX#q>~FOp zkRf-O#i-h(C9K6aPe(zF6LN4qI-^}w(AR7`r4TZ3-DOpE!GH!08fdqc1|77KOcQ;e zgLe06@y*g#wLDU(8E3TVgIga$fxH1J;MwvC!@pblyh1!gMFtK+$SABrAB45xHw!>4v~qI%@(#1Q-%9r178J zZ_G6998B)KqXSxy9^_z=9As5!4X^d9zDVDWX=9L%Xxc;MJe@-V{V0m&)wxJ*@)C;h zrTW(vlBQgsI?bX%vChd*cpY<&K&x%k7GJFYB3;S|>*@3cIxVMjEJ{yBJv>HVP0RV6Fr6>1qcc*FNjn}-@&UL>;D-DY_mBwNaG^AL#-NMb>y9?M7nLi8l=Rh+Ckry~@&Jdt_ohS^aKnc<6CJlcV?5l#s@mI8c$!D%N%Daek34k<=Q zpwJkA-^8;|otzWOI%yJ}qh@#x(Cxs2>R2oqQGGjQj5+*R{22Vuy}C@-LIkSONa$SR zMjK1^8)0*H8Ki}wlI>&R>r97l6eqYvCV;>b&Pp>yW|Ui+S!tn^f9WWPUF&aTv7Ge=hWQ@2S&3aqbb_d6A!w161(7qz1e=;+Un8?w|hn$H-+b2pr zct8o$pqG1FAxY zGQysaZE;^F{$r_RYdfL45;`vE*jhnauc9`rOumZFay`P$Y~ogZJyr03MjmEoAW?LV z4Wb_=n4p7Zm8YnPGddu1#FKB}$@cM-_KS@9_lB>J83}-noX(z+b;Bd4BUj<@ENony z@Kqc5$`f)RzFZFb9pW4!H&VF}MdI*p#`s(~j9E+w&9Y;|E(%3EPcE6abq1k?*2vjm zdZTx6v`J`DVy5jjY`&Y~VwjdJLI5jiyMZr^2?bfEwLP7gsV9c2kAUkjSjiy$V;iZudc_gR3u^pCUA@ zhdAWID7Dbha_yrA-MHbZ?v_!S@Ukns%%75Hc%FqXIT$+qgOzA#tFX@oj11B!f0mDb zf`3L#E<-Mn4#Z|qbuW=&!`kVh9rLQ!8UIl_qv#|dL8T?im!deVhc!G!A2Q1#vu)U) zt}{gyha8zUp&QpZrc*EsL0obOtXa_8{XR}-jAhCqgyAxI8?55Vz{tYlKrb~0bi0o) zuQPB~!FWWoRzqbvM90~7i5mw53lE~%R`$*4jOsEBsj-NUCCpih5Rnpm>3rs*_XQ{U z_-E)$>VgW^hhlY?th2@VXtRf+OCNo2mu6=_JyLI2r+DT*Dp|OtH8G)R6Qe89b#R<^ zAO5H7j^iGzH*~IQWH4Ha=HjGDIjI6S?f3hBoc_@2Z=3&ACWN94?2wMoASkTOBJB6` z<#ou@re487zHoHlZ{R93QJlbk*$?Audp%m?_UGsk_uOSzq6lsGT`Z{->m(h);8n(u zUWD_XIRE9GR9(^1=|Bg$zcw#>ZA2vCgTv8Cx+q9(gkgj?VxHZ1vsq8t`!}}Zybezlo=!ss6Kcm z0@`xZm8^6zRPxxGq7Rx$qvO^PDZ?A1wPf^{u3Ux`u`H#xv!>pJk_A$wA_SQ@0qsaE z`GC|ZYp(mI{PKp1cSd(1YnW?z1q_zWNf#U8dM!eqzM-JbJ6KrBy^BKf2&qZXG1=)< z>R&I)eN$NtB|^!RIgrrEVh|8_$TvAM5ETVRr*EqI42aH6)v~i1h$3l28dZWt8mo%7 Q%q|-LKM{U3xt{j`0G)Lq%m4rY diff --git a/creusot/tests/should_succeed/binary_search.mlcfg b/creusot/tests/should_succeed/binary_search.mlcfg index ca05b33191..5d12499083 100644 --- a/creusot/tests/should_succeed/binary_search.mlcfg +++ b/creusot/tests/should_succeed/binary_search.mlcfg @@ -57,10 +57,10 @@ module BinarySearch_Impl0_LenLogic_Interface function len_logic [#"../binary_search.rs" 22 4 22 29] (self : BinarySearch_List_Type.t_list t) : int val len_logic [#"../binary_search.rs" 22 4 22 29] (self : BinarySearch_List_Type.t_list t) : int requires {[#"../binary_search.rs" 22 17 22 21] Inv0.inv self} - ensures { [#"../binary_search.rs" 21 14 21 25] result >= 0 } + ensures { [#"../binary_search.rs" 21 14 21 25] Int.ge result 0 } ensures { result = len_logic self } - axiom len_logic_spec : forall self : BinarySearch_List_Type.t_list t . ([#"../binary_search.rs" 22 17 22 21] Inv0.inv self) -> ([#"../binary_search.rs" 21 14 21 25] len_logic self >= 0) + axiom len_logic_spec : forall self : BinarySearch_List_Type.t_list t . ([#"../binary_search.rs" 22 17 22 21] Inv0.inv self) -> ([#"../binary_search.rs" 21 14 21 25] Int.ge (len_logic self) 0) end module BinarySearch_Impl0_LenLogic type t @@ -70,15 +70,15 @@ module BinarySearch_Impl0_LenLogic type t = BinarySearch_List_Type.t_list t function len_logic [#"../binary_search.rs" 22 4 22 29] (self : BinarySearch_List_Type.t_list t) : int = [#"../binary_search.rs" 23 8 26 9] match (self) with - | BinarySearch_List_Type.C_Cons _ ls -> 1 + len_logic ls + | BinarySearch_List_Type.C_Cons _ ls -> Int.add 1 (len_logic ls) | BinarySearch_List_Type.C_Nil -> 0 end val len_logic [#"../binary_search.rs" 22 4 22 29] (self : BinarySearch_List_Type.t_list t) : int requires {[#"../binary_search.rs" 22 17 22 21] Inv0.inv self} - ensures { [#"../binary_search.rs" 21 14 21 25] result >= 0 } + ensures { [#"../binary_search.rs" 21 14 21 25] Int.ge result 0 } ensures { result = len_logic self } - axiom len_logic_spec : forall self : BinarySearch_List_Type.t_list t . ([#"../binary_search.rs" 22 17 22 21] Inv0.inv self) -> ([#"../binary_search.rs" 21 14 21 25] len_logic self >= 0) + axiom len_logic_spec : forall self : BinarySearch_List_Type.t_list t . ([#"../binary_search.rs" 22 17 22 21] Inv0.inv self) -> ([#"../binary_search.rs" 21 14 21 25] Int.ge (len_logic self) 0) end module BinarySearch_Impl0_LenLogic_Impl type t @@ -92,11 +92,11 @@ module BinarySearch_Impl0_LenLogic_Impl axiom . let rec ghost function len_logic [#"../binary_search.rs" 22 4 22 29] (self : BinarySearch_List_Type.t_list t) : int requires {[#"../binary_search.rs" 22 17 22 21] Inv0.inv self} - ensures { [#"../binary_search.rs" 21 14 21 25] result >= 0 } + ensures { [#"../binary_search.rs" 21 14 21 25] Int.ge result 0 } = [@vc:do_not_keep_trace] [@vc:sp] [#"../binary_search.rs" 23 8 26 9] match (self) with - | BinarySearch_List_Type.C_Cons _ ls -> 1 + len_logic ls + | BinarySearch_List_Type.C_Cons _ ls -> Int.add 1 (len_logic ls) | BinarySearch_List_Type.C_Nil -> 0 end end @@ -134,7 +134,7 @@ module BinarySearch_Impl0_Get = [#"../binary_search.rs" 31 8 40 9] match (self) with - | BinarySearch_List_Type.C_Cons t ls -> if ix = 0 then Core_Option_Option_Type.C_Some t else get ls (ix - 1) + | BinarySearch_List_Type.C_Cons t ls -> if ix = 0 then Core_Option_Option_Type.C_Some t else get ls (Int.sub ix 1) | BinarySearch_List_Type.C_Nil -> Core_Option_Option_Type.C_None end val get [#"../binary_search.rs" 30 4 30 38] (self : BinarySearch_List_Type.t_list t) (ix : int) : Core_Option_Option_Type.t_option t @@ -163,6 +163,7 @@ module BinarySearch_Impl0_Index_Interface type t use prelude.UIntSize use prelude.Int + use prelude.Bool use prelude.Borrow use BinarySearch_List_Type as BinarySearch_List_Type clone CreusotContracts_Invariant_Inv_Stub as Inv2 with @@ -179,7 +180,7 @@ module BinarySearch_Impl0_Index_Interface predicate Inv0.inv = Inv2.inv, axiom . val index [#"../binary_search.rs" 45 4 45 40] (self : BinarySearch_List_Type.t_list t) (ix : usize) : t - requires {[#"../binary_search.rs" 43 15 43 37] UIntSize.to_int ix < LenLogic0.len_logic self} + requires {[#"../binary_search.rs" 43 15 43 37] Int.lt (UIntSize.to_int ix) (LenLogic0.len_logic self)} requires {[#"../binary_search.rs" 45 14 45 18] Inv0.inv self} ensures { [#"../binary_search.rs" 44 14 44 44] Core_Option_Option_Type.C_Some result = Get0.get self (UIntSize.to_int ix) } ensures { [#"../binary_search.rs" 45 38 45 40] Inv1.inv result } @@ -189,6 +190,7 @@ module BinarySearch_Impl0_Index type t use prelude.UIntSize use prelude.Int + use prelude.Bool use prelude.Borrow use BinarySearch_List_Type as BinarySearch_List_Type clone CreusotContracts_Invariant_Inv_Interface as Inv3 with @@ -229,7 +231,7 @@ module BinarySearch_Impl0_Index clone CreusotContracts_Resolve_Resolve_Resolve_Interface as Resolve0 with type self = BinarySearch_List_Type.t_list t let rec cfg index [#"../binary_search.rs" 45 4 45 40] [@cfg:stackify] [@cfg:subregion_analysis] (self : BinarySearch_List_Type.t_list t) (ix : usize) : t - requires {[#"../binary_search.rs" 43 15 43 37] UIntSize.to_int ix < LenLogic0.len_logic self} + requires {[#"../binary_search.rs" 43 15 43 37] Int.lt (UIntSize.to_int ix) (LenLogic0.len_logic self)} requires {[#"../binary_search.rs" 45 14 45 18] Inv0.inv self} ensures { [#"../binary_search.rs" 44 14 44 44] Core_Option_Option_Type.C_Some result = Get0.get self (UIntSize.to_int ix) } ensures { [#"../binary_search.rs" 45 38 45 40] Inv2.inv result } @@ -254,7 +256,7 @@ module BinarySearch_Impl0_Index goto BB1 } BB1 { - invariant { [#"../binary_search.rs" 49 20 49 39] UIntSize.to_int ix < LenLogic0.len_logic l }; + invariant { [#"../binary_search.rs" 49 20 49 39] Int.lt (UIntSize.to_int ix) (LenLogic0.len_logic l) }; invariant { [#"../binary_search.rs" 50 20 50 52] Get0.get self (UIntSize.to_int orig_ix) = Get0.get l (UIntSize.to_int ix) }; goto BB2 } @@ -272,7 +274,7 @@ module BinarySearch_Impl0_Index ls <- ([#"../binary_search.rs" 51 26 51 28] BinarySearch_List_Type.cons_1 l); assert { [@expl:type invariant] Inv0.inv l }; assume { Resolve0.resolve l }; - switch ([#"../binary_search.rs" 52 15 52 21] ix > ([#"../binary_search.rs" 52 20 52 21] [#"../binary_search.rs" 52 20 52 21] (0 : usize))) + switch ([#"../binary_search.rs" 52 15 52 21] UIntSize.gt ix ([#"../binary_search.rs" 52 20 52 21] [#"../binary_search.rs" 52 20 52 21] (0 : usize))) | False -> goto BB6 | True -> goto BB5 end @@ -286,7 +288,7 @@ module BinarySearch_Impl0_Index assert { [@expl:type invariant] Inv1.inv _17 }; assume { Resolve1.resolve _17 }; l <- ([#"../binary_search.rs" 53 20 53 24] _17); - ix <- ([#"../binary_search.rs" 54 16 54 23] ix - ([#"../binary_search.rs" 54 22 54 23] [#"../binary_search.rs" 54 22 54 23] (1 : usize))); + ix <- ([#"../binary_search.rs" 54 16 54 23] UIntSize.sub ix ([#"../binary_search.rs" 54 22 54 23] [#"../binary_search.rs" 54 22 54 23] (1 : usize))); goto BB1 } BB6 { @@ -319,9 +321,9 @@ module BinarySearch_Impl0_Len_Interface predicate Inv0.inv = Inv1.inv, axiom . val len [#"../binary_search.rs" 66 4 66 26] (self : BinarySearch_List_Type.t_list t) : usize - requires {[#"../binary_search.rs" 63 15 63 44] LenLogic0.len_logic self <= 1000000} + requires {[#"../binary_search.rs" 63 15 63 44] Int.le (LenLogic0.len_logic self) 1000000} requires {[#"../binary_search.rs" 66 12 66 16] Inv0.inv self} - ensures { [#"../binary_search.rs" 64 14 64 30] result >= (0 : usize) } + ensures { [#"../binary_search.rs" 64 14 64 30] Int.ge result (0 : usize) } ensures { [#"../binary_search.rs" 65 14 65 41] UIntSize.to_int result = LenLogic0.len_logic self } end @@ -358,9 +360,9 @@ module BinarySearch_Impl0_Len clone CreusotContracts_Resolve_Resolve_Resolve_Interface as Resolve0 with type self = BinarySearch_List_Type.t_list t let rec cfg len [#"../binary_search.rs" 66 4 66 26] [@cfg:stackify] [@cfg:subregion_analysis] (self : BinarySearch_List_Type.t_list t) : usize - requires {[#"../binary_search.rs" 63 15 63 44] LenLogic0.len_logic self <= 1000000} + requires {[#"../binary_search.rs" 63 15 63 44] Int.le (LenLogic0.len_logic self) 1000000} requires {[#"../binary_search.rs" 66 12 66 16] Inv0.inv self} - ensures { [#"../binary_search.rs" 64 14 64 30] result >= (0 : usize) } + ensures { [#"../binary_search.rs" 64 14 64 30] Int.ge result (0 : usize) } ensures { [#"../binary_search.rs" 65 14 65 41] UIntSize.to_int result = LenLogic0.len_logic self } = [@vc:do_not_keep_trace] [@vc:sp] @@ -380,7 +382,7 @@ module BinarySearch_Impl0_Len goto BB1 } BB1 { - invariant { [#"../binary_search.rs" 69 20 69 60] UIntSize.to_int len + LenLogic0.len_logic l = LenLogic0.len_logic self }; + invariant { [#"../binary_search.rs" 69 20 69 60] Int.add (UIntSize.to_int len) (LenLogic0.len_logic l) = LenLogic0.len_logic self }; goto BB2 } BB2 { @@ -396,7 +398,7 @@ module BinarySearch_Impl0_Len ls <- ([#"../binary_search.rs" 70 26 70 28] BinarySearch_List_Type.cons_1 l); assert { [@expl:type invariant] Inv0.inv l }; assume { Resolve0.resolve l }; - len <- ([#"../binary_search.rs" 71 12 71 20] len + ([#"../binary_search.rs" 71 19 71 20] [#"../binary_search.rs" 71 19 71 20] (1 : usize))); + len <- ([#"../binary_search.rs" 71 12 71 20] UIntSize.add len ([#"../binary_search.rs" 71 19 71 20] [#"../binary_search.rs" 71 19 71 20] (1 : usize))); assert { [@expl:type invariant] Inv1.inv ls }; assume { Resolve1.resolve ls }; l <- ([#"../binary_search.rs" 72 16 72 18] ls); @@ -468,8 +470,8 @@ module BinarySearch_Impl1_IsSorted clone BinarySearch_Impl0_Get_Stub as Get0 with type t = uint32 predicate is_sorted [#"../binary_search.rs" 88 4 88 30] (self : BinarySearch_List_Type.t_list uint32) = - [#"../binary_search.rs" 90 12 97 13] forall x2 : int . forall x1 : int . x1 <= x2 -> match ((Get0.get self x1, Get0.get self x2)) with - | (Core_Option_Option_Type.C_Some v1, Core_Option_Option_Type.C_Some v2) -> v1 <= v2 + [#"../binary_search.rs" 90 12 97 13] forall x2 : int . forall x1 : int . Int.le x1 x2 -> match ((Get0.get self x1, Get0.get self x2)) with + | (Core_Option_Option_Type.C_Some v1, Core_Option_Option_Type.C_Some v2) -> Int.le v1 v2 | (Core_Option_Option_Type.C_None, Core_Option_Option_Type.C_None) -> true | _ -> false end @@ -486,6 +488,7 @@ end module BinarySearch_BinarySearch_Interface use prelude.Int use prelude.UIntSize + use prelude.Bool use prelude.UInt32 use prelude.Borrow use BinarySearch_List_Type as BinarySearch_List_Type @@ -503,16 +506,17 @@ module BinarySearch_BinarySearch_Interface predicate Inv0.inv = Inv0.inv, axiom . val binary_search [#"../binary_search.rs" 109 0 109 72] (arr : BinarySearch_List_Type.t_list uint32) (elem : uint32) : Core_Result_Result_Type.t_result usize usize - requires {[#"../binary_search.rs" 102 11 102 39] LenLogic0.len_logic arr <= 1000000} + requires {[#"../binary_search.rs" 102 11 102 39] Int.le (LenLogic0.len_logic arr) 1000000} requires {[#"../binary_search.rs" 103 11 103 26] IsSorted0.is_sorted arr} ensures { [#"../binary_search.rs" 104 0 104 73] forall x : usize . result = Core_Result_Result_Type.C_Ok x -> Get0.get arr (UIntSize.to_int x) = Core_Option_Option_Type.C_Some elem } - ensures { [#"../binary_search.rs" 105 0 106 78] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . 0 <= UIntSize.to_int i /\ UIntSize.to_int i < UIntSize.to_int x -> GetDefault0.get_default arr (UIntSize.to_int i) (0 : uint32) <= elem) } - ensures { [#"../binary_search.rs" 107 0 108 90] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . UIntSize.to_int x < UIntSize.to_int i /\ UIntSize.to_int i < LenLogic0.len_logic arr -> elem < GetDefault0.get_default arr (UIntSize.to_int i) (0 : uint32)) } + ensures { [#"../binary_search.rs" 105 0 106 78] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . Int.le 0 (UIntSize.to_int i) /\ Int.lt (UIntSize.to_int i) (UIntSize.to_int x) -> Int.le (GetDefault0.get_default arr (UIntSize.to_int i) (0 : uint32)) elem) } + ensures { [#"../binary_search.rs" 107 0 108 90] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . Int.lt (UIntSize.to_int x) (UIntSize.to_int i) /\ Int.lt (UIntSize.to_int i) (LenLogic0.len_logic arr) -> Int.lt elem (GetDefault0.get_default arr (UIntSize.to_int i) (0 : uint32))) } end module BinarySearch_BinarySearch use prelude.Int use prelude.UIntSize + use prelude.Bool use prelude.UInt32 use prelude.Borrow clone CreusotContracts_Invariant_Inv_Interface as Inv2 with @@ -560,11 +564,11 @@ module BinarySearch_BinarySearch predicate Inv0.inv = Inv0.inv, predicate Inv1.inv = Inv1.inv let rec cfg binary_search [#"../binary_search.rs" 109 0 109 72] [@cfg:stackify] [@cfg:subregion_analysis] (arr : BinarySearch_List_Type.t_list uint32) (elem : uint32) : Core_Result_Result_Type.t_result usize usize - requires {[#"../binary_search.rs" 102 11 102 39] LenLogic0.len_logic arr <= 1000000} + requires {[#"../binary_search.rs" 102 11 102 39] Int.le (LenLogic0.len_logic arr) 1000000} requires {[#"../binary_search.rs" 103 11 103 26] IsSorted0.is_sorted arr} ensures { [#"../binary_search.rs" 104 0 104 73] forall x : usize . result = Core_Result_Result_Type.C_Ok x -> Get0.get arr (UIntSize.to_int x) = Core_Option_Option_Type.C_Some elem } - ensures { [#"../binary_search.rs" 105 0 106 78] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . 0 <= UIntSize.to_int i /\ UIntSize.to_int i < UIntSize.to_int x -> GetDefault0.get_default arr (UIntSize.to_int i) (0 : uint32) <= elem) } - ensures { [#"../binary_search.rs" 107 0 108 90] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . UIntSize.to_int x < UIntSize.to_int i /\ UIntSize.to_int i < LenLogic0.len_logic arr -> elem < GetDefault0.get_default arr (UIntSize.to_int i) (0 : uint32)) } + ensures { [#"../binary_search.rs" 105 0 106 78] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . Int.le 0 (UIntSize.to_int i) /\ Int.lt (UIntSize.to_int i) (UIntSize.to_int x) -> Int.le (GetDefault0.get_default arr (UIntSize.to_int i) (0 : uint32)) elem) } + ensures { [#"../binary_search.rs" 107 0 108 90] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . Int.lt (UIntSize.to_int x) (UIntSize.to_int i) /\ Int.lt (UIntSize.to_int i) (LenLogic0.len_logic arr) -> Int.lt elem (GetDefault0.get_default arr (UIntSize.to_int i) (0 : uint32))) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : Core_Result_Result_Type.t_result usize usize; @@ -588,7 +592,7 @@ module BinarySearch_BinarySearch goto BB1 } BB1 { - switch ([#"../binary_search.rs" 110 7 110 21] _10 = ([#"../binary_search.rs" 110 20 110 21] [#"../binary_search.rs" 110 20 110 21] (0 : usize))) + switch ([#"../binary_search.rs" 110 7 110 21] UIntSize.eq _10 ([#"../binary_search.rs" 110 20 110 21] [#"../binary_search.rs" 110 20 110 21] (0 : usize))) | False -> goto BB3 | True -> goto BB2 end @@ -606,30 +610,30 @@ module BinarySearch_BinarySearch goto BB5 } BB5 { - invariant { [#"../binary_search.rs" 116 16 116 63] 0 < UIntSize.to_int size /\ UIntSize.to_int size + UIntSize.to_int base <= LenLogic0.len_logic arr }; - invariant { [#"../binary_search.rs" 116 4 116 65] forall i : usize . i < base -> GetDefault0.get_default arr (UIntSize.to_int i) (0 : uint32) <= elem }; - invariant { [#"../binary_search.rs" 116 4 116 65] forall i : usize . UIntSize.to_int base + UIntSize.to_int size < UIntSize.to_int i /\ UIntSize.to_int i < LenLogic0.len_logic arr -> elem < GetDefault0.get_default arr (UIntSize.to_int i) (0 : uint32) }; + invariant { [#"../binary_search.rs" 116 16 116 63] Int.lt 0 (UIntSize.to_int size) /\ Int.le (Int.add (UIntSize.to_int size) (UIntSize.to_int base)) (LenLogic0.len_logic arr) }; + invariant { [#"../binary_search.rs" 116 4 116 65] forall i : usize . Int.lt i base -> Int.le (GetDefault0.get_default arr (UIntSize.to_int i) (0 : uint32)) elem }; + invariant { [#"../binary_search.rs" 116 4 116 65] forall i : usize . Int.lt (Int.add (UIntSize.to_int base) (UIntSize.to_int size)) (UIntSize.to_int i) /\ Int.lt (UIntSize.to_int i) (LenLogic0.len_logic arr) -> Int.lt elem (GetDefault0.get_default arr (UIntSize.to_int i) (0 : uint32)) }; goto BB6 } BB6 { - switch ([#"../binary_search.rs" 119 10 119 18] size > ([#"../binary_search.rs" 119 17 119 18] [#"../binary_search.rs" 119 17 119 18] (1 : usize))) + switch ([#"../binary_search.rs" 119 10 119 18] UIntSize.gt size ([#"../binary_search.rs" 119 17 119 18] [#"../binary_search.rs" 119 17 119 18] (1 : usize))) | False -> goto BB13 | True -> goto BB7 end } BB7 { - _25 <- ([#"../binary_search.rs" 120 19 120 27] ([#"../binary_search.rs" 120 26 120 27] [#"../binary_search.rs" 120 26 120 27] (2 : usize)) = ([#"../binary_search.rs" 120 19 120 27] [#"../binary_search.rs" 120 19 120 27] (0 : usize))); + _25 <- ([#"../binary_search.rs" 120 19 120 27] UIntSize.eq ([#"../binary_search.rs" 120 26 120 27] [#"../binary_search.rs" 120 26 120 27] (2 : usize)) ([#"../binary_search.rs" 120 19 120 27] [#"../binary_search.rs" 120 19 120 27] (0 : usize))); assert { [@expl:division by zero] [#"../binary_search.rs" 120 19 120 27] not _25 }; goto BB8 } BB8 { - half <- ([#"../binary_search.rs" 120 19 120 27] size / ([#"../binary_search.rs" 120 26 120 27] [#"../binary_search.rs" 120 26 120 27] (2 : usize))); - mid <- ([#"../binary_search.rs" 121 18 121 29] base + half); + half <- ([#"../binary_search.rs" 120 19 120 27] UIntSize.div size ([#"../binary_search.rs" 120 26 120 27] [#"../binary_search.rs" 120 26 120 27] (2 : usize))); + mid <- ([#"../binary_search.rs" 121 18 121 29] UIntSize.add base half); _32 <- ([#"../binary_search.rs" 123 19 123 33] Index0.index ([#"../binary_search.rs" 123 19 123 33] arr) mid); goto BB9 } BB9 { - switch ([#"../binary_search.rs" 123 18 123 40] _32 > elem) + switch ([#"../binary_search.rs" 123 18 123 40] UInt32.gt _32 elem) | False -> goto BB11 | True -> goto BB10 end @@ -645,7 +649,7 @@ module BinarySearch_BinarySearch BB12 { base <- _29; _29 <- any usize; - size <- ([#"../binary_search.rs" 124 8 124 20] size - half); + size <- ([#"../binary_search.rs" 124 8 124 20] UIntSize.sub size half); goto BB5 } BB13 { @@ -654,7 +658,7 @@ module BinarySearch_BinarySearch } BB14 { cmp <- _41; - switch ([#"../binary_search.rs" 128 7 128 18] cmp = elem) + switch ([#"../binary_search.rs" 128 7 128 18] UInt32.eq cmp elem) | False -> goto BB16 | True -> goto BB15 end @@ -664,13 +668,13 @@ module BinarySearch_BinarySearch goto BB20 } BB16 { - switch ([#"../binary_search.rs" 130 14 130 24] cmp < elem) + switch ([#"../binary_search.rs" 130 14 130 24] UInt32.lt cmp elem) | False -> goto BB18 | True -> goto BB17 end } BB17 { - _0 <- ([#"../binary_search.rs" 131 8 131 21] Core_Result_Result_Type.C_Err ([#"../binary_search.rs" 131 12 131 20] base + ([#"../binary_search.rs" 131 19 131 20] [#"../binary_search.rs" 131 19 131 20] (1 : usize)))); + _0 <- ([#"../binary_search.rs" 131 8 131 21] Core_Result_Result_Type.C_Err ([#"../binary_search.rs" 131 12 131 20] UIntSize.add base ([#"../binary_search.rs" 131 19 131 20] [#"../binary_search.rs" 131 19 131 20] (1 : usize)))); goto BB19 } BB18 { diff --git a/creusot/tests/should_succeed/binary_search/why3session.xml b/creusot/tests/should_succeed/binary_search/why3session.xml index 7ab8b6421d..5ae88e66ff 100644 --- a/creusot/tests/should_succeed/binary_search/why3session.xml +++ b/creusot/tests/should_succeed/binary_search/why3session.xml @@ -12,85 +12,85 @@ - + - + - + - + - + - + - + - + - + - - + + - - + + - + - - + + - - + + - - + + - - + + - + - - + + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/binary_search/why3shapes.gz b/creusot/tests/should_succeed/binary_search/why3shapes.gz index 4952e7c617510b3cc115e4b7869c48edf97786a5..f48aef92a2456d5eb360b396b06dba135e38c77a 100644 GIT binary patch literal 2575 zcmV+q3h?zGiwFP!00000|Fu|4kK?!zzWZ1BmSlqfEWR0J0vL@k*uY}X~$?C_<_V%Gok@aHnt11@%`qTRS!F>wn^_Oru?~f1vT+8)Oe_LH1 z-TvXrj%-)%KI~{iZg1SX9d)j48`$wpn&l07?{4mHjt}RryR_O6{QPBq*ui#llljH4 ze(9HP^8##FyPI`9p4Nx(aCbP~@0+3%(pop9JK7J~j%8EaK%UfhviNp&b5mH+vUjNI zKgW*&Kak;qHe8N(`-jU;-nvsb9}iz}sWSr^VABt7aSOn4upQ`dn%;Jn0NwNhw{?ee zKs^)bDu06Pzd>)@;WB(JInp|^ch#!t^4=X67rZNu)O}WyU$aDDAdrM z8NHHectlufpI0=fy3CVCWojW3A$+KF2{8Pb27`e00bE@Zn|X4V6SYF=6K z>dG=v3=_pJkv61vB5zFX3d3k55 zgEi$`O*vN6Ildgh1eV18z5Z4SmZ%rfsK(`-s)Cy?XwwC3I%zZgvFq`WQFXr^R_`Ds zorzJ|5eaQOwS7*}*Q~4dld4ay){y~F5sGS2PTe`^<3%4Y`m(Df%1XbYA=`2NFil`U z@?V_`pEzsC`LAYo?sVz}tla*5cRrpjp-t1PPp5!xZTA;U=&P(ePfz{l?tnDN+Iu^F zPsOLTOoTD*!eckik-eHvOz|>`9*AvWiYZ?T zt%lUJtHbg52?OejJMG=W1xNeKDg|I=(7ygiLbK8|$7r6zWN_Dp=sqJKYU$=x9nGAg2BDb99y(hnqRlm)s<^u>1?334z85{ zSTQ*e#WkMhE{CP-irs1hDTwZeuOW=8sS+dOku7?zzu&k!4rwp- z>12i+@o6>DHXlFL!{m!Dnql~^B6>F2M|E*rTDwB|jIHe9UoY?_8xEHR8x|&)t4p`n z239x@_u;fY;te()j$c=cer{-=#?q+T^6+`v5#^*uMOj(>Qa&?7yZ^FJm*lnoZT)*V z9n)&ZGuntW*N0D6)BKo-%1Ro;6C5AhA=b3d`=XvmoHL!NTo=MD_jLk3?%O$MjnK3_ z#pg}zFmRI{XEH^9VNTzjoa9b-+>}5mz_?>{2`9%)y~(3{ghwJvYiTBpkKMI2{|>=% zyowDpWK%YDq?@U4j`S7o$QIDKH#Yq_9obwcdjbqu5bF-UpQ>@TDdS`AW{$ju=VpX* zStv9Wk}LT4<&!4gubyZiO8$BtKG=j5y1d)h@uvkkV_m8hv`%33rAkicr5x`&=WzPs zy8F%xC7r&q_{f)wkGzt-SeohLR`=Mo-sC7rZS(unDc#h>Q8{CY`B%c9pGym$HO1}&3QO7%Nyi|Jlsm~+h zL@qP}=~A`nx}e8_BtZg(l^w4&^XE0EC#PRAYT`6de*NE$>dq9Fkc9u2Fne8IGA$i2 z%h-t7vB=uHxTc|53}bJReQp8;gqp?WSMj9Ort4$=!! z^_Dn!$qIE)Pjs2#HH%kSp#WC&l!%Y?D=miKv)W zBFZNFN>NvCJ*f-5f8)V_IDs@nhyN zGmBy}uROY|Jd{+GM|YLy`;bM|6k1eWVQZ4=P4%`su)GdlR4>7+K3Y9J*o8`?D??^> zR*2MHsaK`W7rO6Nc>1BVR)};5qyvoWeG_T6dxQLg8%7Xss&F>%F z>9;#X{Hgh{S`iYwG8)%~q3p4IxU z(3Q$-69NVz0rV_ok+f|T+%#F5wp4wGOx&L|4qQZ(NY@Zaype$+%s3OwXPJyz29^;^ z&38x+uHo2{HbOIxp!2O#ln2BrmS(S;e1gnarY%#Jp%(l^PWD>)x}_0s6$wK$MB<$D zfl(Tjgs6OI%NhL<6>TGwYME*x^9C_45XKHOOYqPbCgYl8P-x4Q<Izx6!2~!j*ysyb@w200^;-geXazW}Ihd3iW2{00Y(p7F#ErlMQQ_SwmGguP#xV6_#+6_wL>&_#C9{%R32&*_c`XIggkw!$ zO7k`Z6ERhIAC$!8TLR(FP#r`|smK4gOWH~;c`KsFO4GU^8b-5|Q8jLy|7Z;AmP8{k z@e#%(R%YD_3N8LRqFY7RidczSw3X@)DZ;>J1S=jPI;AO1Gz1L(#y8xfTYXZ5*;T>Y zs8bFLiNe^U-b=s`z*6n-hApx90>QF~>bk_Mm{s&`lnSRj0fQNyD^4L0g8`2lj2M8F zgs@i1DruFliqCnOX_#?@89W1wU~RN%u$s}p8_pebi5LB&!D?cau}Uup3C>G~7i2<- l5HgilAd%44U~m#9L=vKf)!b^9glM`f=l?IFhm0a30062;_eB5z literal 2291 zcmVDDx8?qm`x5rc=djyvwvYc>s^xG0SUmmL zZ62R%wqCdo?`!nz_S(^}d*`7RtF$IOyK&d|*W1Vax7uYIn%-?5YFMwXGq)V~pN6g5 zyaDS)eZ7p^-SQzk-al+VZhWs1(q1>j8iygTc{aq2uC5EE;~V67Oe z6|Wp7%MmnKpZAXYFg1XU1>$W!soVhIa{wz^O_MC1*~Q1x7!T@7H+e@-*0zMp-sz+FS|f4Z8uL;kr!Ec zUY`2S-2?N)I(RzGr{dFICYl1EXS^GB=W_R(zrsXtS~!;6xP2zOI=H)|?8j+;%0>S3 ztR!7LY`0%1DW2VK;~t-Aw0R%8oYi@8hTI3Q3O21km2kxyX# zrbDHKyFHXqd4!;;pW)O&Q^B3ItZvtnZ{B;%>5zVMdZ666wR@n5{jvKR`i;A8Coe79 z&GRN*jh4-y%fG^In|3?)L&+qXV|BQoarhW^%Prlm;=}gaVw#7a+(Uec^@V!eA9^Na zCinBEy@+W+yR&u89UO zVw;x$ETe$0RAro(Wok$JuzPl0J33#U@xqFtUactVNc3@;#gm8Jbg@bglAGNw-FM2F zSk10OVtV7DmIyZ!V5K|E%+}RizO;1X!*Gh8iVtr{5Dd z@s4qN164kIHsADC-Oud4JZ#jW6f4e)P4DC12i*PspBmHSv_>_epdZce85QAcl801HYL3}G@P){I(`V3@{k0U%VT#6YquVMzxWX5NhA+3vp=iT>3 z_XI2p`}d*f=K}p@yMHR~+jHugN_|0oTSnEc7e#SNx~|?Is_FE`H|V~wLUK6mh;e%y zu~n&+cGkCL#p7&U*ztX0Tme1#f=z_yUQe=M&He^2-8@;zWQ; zFN>*@mWzz({wOJ$RkN5k@#0K3g=KN4NX)p58z^ z|7o#kxNFFDC|GMlG|B`BsCi?fiKx6>Vg(gj7{#2{P8;K-lxPA*#bxBGMH3sPm!{H{ zs$?Z9PUO4+p;!=B>EHlpguuXA5mand%a;HZu*&x2(TS$5c&VW)hhI;RrFr-R(daOXfd6= zl~#d<%%x5+N-yZ#L`F4HXeE3Ig5DFBv~kcVdv(YvuoaM9m{L--E!~pAHZeLxlLT_8IIGZBXfC#syOs;h zWz%p@?&DTEM_A%*<8-jiQm~5Kikph-imQr~7UJX;$IIkHh`MPsT44Y=kIn_v5~2cd zshCRg1^l3js6|wcqiM8hkkUZ5nvqh$BRIVjyb}1MTD)$&Xr&B_TNQ(Ws3eoFWs+%5 zN6K0#JH-!au_1V65zsR09VHLL#yMq!M;;=}c_(xw)Q>6>#!(q+BN*ya-ZoMKQo(M{`A!mlprTxC04YlZ6%3VhDX0{yq^+c>BXO{*BVMwt=edX@Ui7+Q32{e&B;UCWW7`ymHZ{z8|r#iwj3HuU5-mjh%vD>Tv6?h z*e2~=Ays69`Xx5dYr{lG$<{<}Ohb<6mMe@*W2An=ml`Tf2G~lOIWJ>Mh{k!LWC|Qo z2aw)+PN&kT&L&>+o|cssmFAVk6GBWdUIIypO)$ZEhg5ZBV{HQtjAcnk=LD^@5OrG4 N{{T~_je7DP002bYa6AA2 diff --git a/creusot/tests/should_succeed/bug/02_derive.mlcfg b/creusot/tests/should_succeed/bug/02_derive.mlcfg index 883847a74d..ee796e43aa 100644 --- a/creusot/tests/should_succeed/bug/02_derive.mlcfg +++ b/creusot/tests/should_succeed/bug/02_derive.mlcfg @@ -52,6 +52,7 @@ module TyInv_Trivial end module C02Derive_Impl0 use prelude.Borrow + use prelude.Bool use C02Derive_Lit_Type as C02Derive_Lit_Type clone CreusotContracts_Invariant_Inv_Interface as Inv1 with type t = C02Derive_Lit_Type.t_lit diff --git a/creusot/tests/should_succeed/bug/181_ident.mlcfg b/creusot/tests/should_succeed/bug/181_ident.mlcfg index 33ff0081ba..a51cef692f 100644 --- a/creusot/tests/should_succeed/bug/181_ident.mlcfg +++ b/creusot/tests/should_succeed/bug/181_ident.mlcfg @@ -13,7 +13,7 @@ end module C181Ident_MaxInt use prelude.Int function max_int [#"../181_ident.rs" 8 0 8 37] (a : int) (b : int) : int = - [#"../181_ident.rs" 6 0 6 8] if a < b then b else a + [#"../181_ident.rs" 6 0 6 8] if Int.lt a b then b else a val max_int [#"../181_ident.rs" 8 0 8 37] (a : int) (b : int) : int ensures { result = max_int a b } diff --git a/creusot/tests/should_succeed/bug/195.mlcfg b/creusot/tests/should_succeed/bug/195.mlcfg index aee3c6796f..3ead1c8469 100644 --- a/creusot/tests/should_succeed/bug/195.mlcfg +++ b/creusot/tests/should_succeed/bug/195.mlcfg @@ -1,10 +1,12 @@ module C195_Example_Interface + use prelude.Bool val example [#"../195.rs" 4 0 4 40] (_example_parameter : bool) : () requires {[#"../195.rs" 3 11 3 51] _example_parameter = _example_parameter} end module C195_Example + use prelude.Bool let rec cfg example [#"../195.rs" 4 0 4 40] [@cfg:stackify] [@cfg:subregion_analysis] (_example_parameter : bool) : () requires {[#"../195.rs" 3 11 3 51] _example_parameter = _example_parameter} diff --git a/creusot/tests/should_succeed/bug/206.mlcfg b/creusot/tests/should_succeed/bug/206.mlcfg index 8eecf9c418..07e830bd98 100644 --- a/creusot/tests/should_succeed/bug/206.mlcfg +++ b/creusot/tests/should_succeed/bug/206.mlcfg @@ -113,11 +113,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -135,11 +135,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module TyInv_Trivial type t @@ -148,6 +148,7 @@ module TyInv_Trivial axiom inv_trivial : forall self : t . Inv0.inv self = true end module C206_U2_Stub + use prelude.Bool use seq.Seq use prelude.Int use prelude.UIntSize @@ -170,6 +171,7 @@ module C206_U2_Stub function u2 [#"../206.rs" 9 0 9 11] (a : C206_A_Type.t_a) : () end module C206_U2_Interface + use prelude.Bool use seq.Seq use prelude.Int use prelude.UIntSize @@ -197,6 +199,7 @@ module C206_U2_Interface axiom u2_spec : forall a : C206_A_Type.t_a . [#"../206.rs" 8 10 8 22] ShallowModel0.shallow_model (C206_A_Type.a_0 a) = ShallowModel0.shallow_model (C206_A_Type.a_0 a) end module C206_U2 + use prelude.Bool use seq.Seq use prelude.Int use prelude.UIntSize @@ -225,6 +228,7 @@ module C206_U2 axiom u2_spec : forall a : C206_A_Type.t_a . [#"../206.rs" 8 10 8 22] ShallowModel0.shallow_model (C206_A_Type.a_0 a) = ShallowModel0.shallow_model (C206_A_Type.a_0 a) end module C206_U2_Impl + use prelude.Bool use seq.Seq use prelude.Int use prelude.UIntSize @@ -302,6 +306,7 @@ module C206_U end module C206_Ex_Interface + use prelude.Bool use prelude.Borrow use C206_A_Type as C206_A_Type clone C206_U_Stub as U0 @@ -310,6 +315,7 @@ module C206_Ex_Interface end module C206_Ex + use prelude.Bool use prelude.Borrow use seq.Seq use prelude.Int diff --git a/creusot/tests/should_succeed/bug/206/why3session.xml b/creusot/tests/should_succeed/bug/206/why3session.xml index ffa6864da8..d1f3d4a833 100644 --- a/creusot/tests/should_succeed/bug/206/why3session.xml +++ b/creusot/tests/should_succeed/bug/206/why3session.xml @@ -7,12 +7,12 @@ - + - + diff --git a/creusot/tests/should_succeed/bug/206/why3shapes.gz b/creusot/tests/should_succeed/bug/206/why3shapes.gz index 6bd50039afdc32610e963afc704faf1308de6c7d..580ddcf9c902bc7acf1fc254c1e8976a7923e0c2 100644 GIT binary patch literal 202 zcmV;*05$&~iwFP!00000|80!R3c@fHMECiM?0l^9P83{-P~r~+cjYEcv``yu>*MpS zD1su)Vi?Yu=^Xb5IK>`cW7pTYU1EjjGc=r`Zm*6M??xRh5HxX2yB`iPN==h*SZOh!j)d(5Yl2ap$c!5BLssw2Z*_}Y?BdOPrpQ4I49Y_jVsJqAuYd1A+>^wD<#d$+$_<+&^*OB$>_M8VL*fC~VplN!^30001#tT{XY diff --git a/creusot/tests/should_succeed/bug/235.mlcfg b/creusot/tests/should_succeed/bug/235.mlcfg index 0b79581c1f..a36f1b96b9 100644 --- a/creusot/tests/should_succeed/bug/235.mlcfg +++ b/creusot/tests/should_succeed/bug/235.mlcfg @@ -14,7 +14,7 @@ module C235_F goto BB1 } BB1 { - invariant { [#"../235.rs" 6 16 6 22] 0 <= 1 }; + invariant { [#"../235.rs" 6 16 6 22] Int.le 0 1 }; goto BB2 } BB2 { diff --git a/creusot/tests/should_succeed/bug/235/why3shapes.gz b/creusot/tests/should_succeed/bug/235/why3shapes.gz index d59318adb9481c2b9b66c92c1ccd72936d685e97..e035dbf2befcd64a4a55ddf7075f6f317f2e7d27 100644 GIT binary patch delta 74 zcmV-Q0JZ;UXpkdC%t=i)NH+9@(vDD?E6iCTEx$-1jf>07!Z6vyGA$)3$u!B_$T->1 gG{wN!)GXD|(8Mw&$n+a diff --git a/creusot/tests/should_succeed/bug/256.mlcfg b/creusot/tests/should_succeed/bug/256.mlcfg index f0a73e1a73..524bd52282 100644 --- a/creusot/tests/should_succeed/bug/256.mlcfg +++ b/creusot/tests/should_succeed/bug/256.mlcfg @@ -16,7 +16,7 @@ module C256_U8Safe goto BB0 } BB0 { - _2 <- ([#"../256.rs" 4 12 4 17] u + ([#"../256.rs" 4 16 4 17] [#"../256.rs" 4 16 4 17] (0 : uint8))); + _2 <- ([#"../256.rs" 4 12 4 17] UInt8.add u ([#"../256.rs" 4 16 4 17] [#"../256.rs" 4 16 4 17] (0 : uint8))); _0 <- ([#"../256.rs" 3 22 5 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/bug/271.mlcfg b/creusot/tests/should_succeed/bug/271.mlcfg index f393fce4d4..60e6b7da78 100644 --- a/creusot/tests/should_succeed/bug/271.mlcfg +++ b/creusot/tests/should_succeed/bug/271.mlcfg @@ -44,9 +44,9 @@ module C271_Ex2 } BB0 { a <- ([#"../271.rs" 14 12 14 13] [#"../271.rs" 14 12 14 13] (0 : int32)); - switch (a = 0) + switch (Int32.eq a 0) | True -> goto BB1 - | False -> switch (a = 1) + | False -> switch (Int32.eq a 1) | True -> goto BB2 | False -> goto BB9 end @@ -99,11 +99,11 @@ module C271_Ex3 } BB0 { a <- ([#"../271.rs" 23 12 23 13] [#"../271.rs" 23 12 23 13] (0 : int32)); - switch (a = 0) + switch (Int32.eq a 0) | True -> goto BB1 - | False -> switch (a = 1) + | False -> switch (Int32.eq a 1) | True -> goto BB2 - | False -> switch (a = 2) + | False -> switch (Int32.eq a 2) | True -> goto BB4 | False -> goto BB11 end diff --git a/creusot/tests/should_succeed/bug/387.mlcfg b/creusot/tests/should_succeed/bug/387.mlcfg index f3e4fcb912..fbb03ac92b 100644 --- a/creusot/tests/should_succeed/bug/387.mlcfg +++ b/creusot/tests/should_succeed/bug/387.mlcfg @@ -144,6 +144,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_GeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_GeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -166,6 +167,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_LeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -188,6 +190,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_LtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -199,6 +202,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LtLog end module Core_Cmp_Ord_Max_Interface type self + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = self clone CreusotContracts_Logic_Ord_OrdLogic_LtLog_Stub as LtLog0 with @@ -264,9 +268,8 @@ module CreusotContracts_Logic_Ord_Impl3_GeLog_Interface end module CreusotContracts_Logic_Ord_Impl3_GeLog use prelude.Int - use int.Int function ge_log (self : int) (_2 : int) : bool = - Int.(>=) self _2 + Int.ge self _2 val ge_log (self : int) (_2 : int) : bool ensures { result = ge_log self _2 } @@ -284,9 +287,8 @@ module CreusotContracts_Logic_Ord_Impl3_LeLog_Interface end module CreusotContracts_Logic_Ord_Impl3_LeLog use prelude.Int - use int.Int function le_log (self : int) (_2 : int) : bool = - Int.(<=) self _2 + Int.le self _2 val le_log (self : int) (_2 : int) : bool ensures { result = le_log self _2 } @@ -304,9 +306,8 @@ module CreusotContracts_Logic_Ord_Impl3_LtLog_Interface end module CreusotContracts_Logic_Ord_Impl3_LtLog use prelude.Int - use int.Int function lt_log (self : int) (_2 : int) : bool = - Int.(<) self _2 + Int.lt self _2 val lt_log (self : int) (_2 : int) : bool ensures { result = lt_log self _2 } @@ -572,7 +573,7 @@ module C387_Impl0_Height goto BB7 } BB7 { - _0 <- ([#"../387.rs" 19 29 19 70] _4 + ([#"../387.rs" 19 69 19 70] [#"../387.rs" 19 69 19 70] (1 : uint64))); + _0 <- ([#"../387.rs" 19 29 19 70] UInt64.add _4 ([#"../387.rs" 19 69 19 70] [#"../387.rs" 19 69 19 70] (1 : uint64))); _4 <- any uint64; goto BB8 } diff --git a/creusot/tests/should_succeed/bug/395.mlcfg b/creusot/tests/should_succeed/bug/395.mlcfg index 0de1345424..b438c45433 100644 --- a/creusot/tests/should_succeed/bug/395.mlcfg +++ b/creusot/tests/should_succeed/bug/395.mlcfg @@ -22,17 +22,17 @@ module C395_SignedDivision y <- ([#"../395.rs" 5 12 5 13] [#"../395.rs" 5 12 5 13] (1 : int32)); _7 <- x; _8 <- y; - _9 <- ([#"../395.rs" 7 12 7 17] _8 = ([#"../395.rs" 7 12 7 17] [#"../395.rs" 7 12 7 17] (0 : int32))); + _9 <- ([#"../395.rs" 7 12 7 17] Int32.eq _8 ([#"../395.rs" 7 12 7 17] [#"../395.rs" 7 12 7 17] (0 : int32))); assert { [@expl:division by zero] [#"../395.rs" 7 12 7 17] not _9 }; goto BB1 } BB1 { - _12 <- ([#"../395.rs" 7 12 7 17] ([#"../395.rs" 7 12 7 17] _8 = ([#"../395.rs" 7 12 7 17] [#"../395.rs" 7 12 7 17] (-1 : int32))) && ([#"../395.rs" 7 12 7 17] _7 = ([#"../395.rs" 7 12 7 17] [#"../395.rs" 7 12 7 17] (-2147483648 : int32)))); + _12 <- ([#"../395.rs" 7 12 7 17] ([#"../395.rs" 7 12 7 17] Int32.eq _8 ([#"../395.rs" 7 12 7 17] [#"../395.rs" 7 12 7 17] (-1 : int32))) && ([#"../395.rs" 7 12 7 17] Int32.eq _7 ([#"../395.rs" 7 12 7 17] [#"../395.rs" 7 12 7 17] (-2147483648 : int32)))); assert { [@expl:Div overflow] [#"../395.rs" 7 12 7 17] not _12 }; goto BB2 } BB2 { - switch ([#"../395.rs" 7 4 7 24] not ([#"../395.rs" 7 12 7 23] ([#"../395.rs" 7 12 7 17] _7 / _8) = ([#"../395.rs" 7 21 7 23] [#"../395.rs" 7 21 7 23] (10 : int32)))) + switch ([#"../395.rs" 7 4 7 24] not ([#"../395.rs" 7 12 7 23] Int32.eq ([#"../395.rs" 7 12 7 17] Int32.div _7 _8) ([#"../395.rs" 7 21 7 23] [#"../395.rs" 7 21 7 23] (10 : int32)))) | False -> goto BB4 | True -> goto BB3 end diff --git a/creusot/tests/should_succeed/bug/395/why3session.xml b/creusot/tests/should_succeed/bug/395/why3session.xml index 947eb7e8fc..8f9e1dd208 100644 --- a/creusot/tests/should_succeed/bug/395/why3session.xml +++ b/creusot/tests/should_succeed/bug/395/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/bug/395/why3shapes.gz b/creusot/tests/should_succeed/bug/395/why3shapes.gz index a603ebb1a7f396fd084441103be0a57154bb5925..e486f38443df0155d41ce649dbadd8fddee9f28c 100644 GIT binary patch literal 285 zcmV+&0pk82iwFP!00000|9w)+YQr!Py!$J3Ya0mY=|`alQ!q7zp2}Xs+E!XYv1=>I z_g5=JY?siBb~M@@?P&G5WBv<&tY=p{c{lXWEM>c=1YbaK{FpAb-avHyS;>d6LeUCd zhC_;1e+A|HMqIVL4h-b6gK~k?d=6Pv zyK_L<9T&3QOQAEJt5oM?XG4s)ssPg2pTi2jy(OEQ+*?MyMw>48f^MKVE_x(HRCHh# z2j(VbKvxv?T~R)3#u@0fBuxMmh*&Fu$0*u)&%=bO1YX%`n3#8;z3qs|^<1SY@%{nCgs)H=g_geb8+tJOTg!u>XZ5 literal 244 zcmVR?QJY(@XJ^-Zcg=TpzG_ z$fYS0I@Il@!T4Wa`SqkJ9jg*!Gx+W%vZb+)bFJI~!v6^w@SZ uhEwD5knR_Te - + - + diff --git a/creusot/tests/should_succeed/bug/463/why3shapes.gz b/creusot/tests/should_succeed/bug/463/why3shapes.gz index 1d90afcf4f3edac5159b4f0131ec5d6a1b848a7b..bf864f399b34d338a5228ec24fc3b9a509dc7306 100644 GIT binary patch literal 245 zcmVEKMBN3h34YRz*i;)Jps$j%J zh2d3kD;XtUYLeso(Uy;2wTRc(6{lqwf;lAC literal 236 zcmVhhhi}Cz36I2i-{pv#gg;= zl?^V2oZbxcws}9%bjRP2=rhb|jMEp@^z=dSiaGYXJmMLgS4vgdx!Ssl m@*5+y7{F`LXt`AC49bEUxC9SEG4PJcn;?Jk)iJ?o0RR9)S#$pY diff --git a/creusot/tests/should_succeed/bug/464.mlcfg b/creusot/tests/should_succeed/bug/464.mlcfg index 8c95dec065..fb8de22889 100644 --- a/creusot/tests/should_succeed/bug/464.mlcfg +++ b/creusot/tests/should_succeed/bug/464.mlcfg @@ -100,6 +100,7 @@ module TyInv_Trivial axiom inv_trivial : forall self : t . Inv0.inv self = true end module C464_Impl1 + use prelude.Bool use C464_Struct_Type as C464_Struct_Type clone CreusotContracts_Invariant_Inv_Interface as Inv1 with type t = C464_Struct_Type.t_struct diff --git a/creusot/tests/should_succeed/bug/545.mlcfg b/creusot/tests/should_succeed/bug/545.mlcfg index 6c79fa5807..b4eb17e1ff 100644 --- a/creusot/tests/should_succeed/bug/545.mlcfg +++ b/creusot/tests/should_succeed/bug/545.mlcfg @@ -12,7 +12,7 @@ module C545_NegativeIsNegative goto BB0 } BB0 { - assert { [@expl:assertion] [#"../545.rs" 5 18 5 32] (0 : int32) > (-100 : int32) }; + assert { [@expl:assertion] [#"../545.rs" 5 18 5 32] Int.gt (0 : int32) (-100 : int32) }; _0 <- ([#"../545.rs" 4 30 6 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/bug/545/why3shapes.gz b/creusot/tests/should_succeed/bug/545/why3shapes.gz index ba5e195738f42d6ba8777cae9696b610ce83fb35..e03b6a164c1ad2944cfeb2b1e883b183f212796c 100644 GIT binary patch literal 111 zcmb2|=3oGW|E9+b`5F{>7!K@R|6+xj8f)W%)!q69rU8zTR~SD2^}AQ%+y1n~U*ktx z%%xi2j1AcbWv6ylJF>j)`FO6P_3+g%ZMsw6+BeAWxiqVHx}lfU-35!3PVZJ1OWEqQ OQJ_X~#s!;HpgjO74lwQj literal 111 zcmb2|=3oGW|E9+_@;Mj?FkJY%?~$9zq|02X8zO2NL(lEJ-+wA zHP^|eI%mU)Ms`I_ZKWCRUp^iSF0VVZ+S}uFJwu}M+O3;@?s~^#sedXZEPKw5wXxP~ P)SCFOap;^$0onrqiXXf!>4jGS694Yddrq~Ysi5s3B8Mgh5Q;U6yc=J%<*$XVNi&RuNQ5?FNJY4>< zY{9m~eJ * a } + requires {[#"../682.rs" 4 11 4 32] Int.le ( * a) (UInt64.div Max0.mAX' (2 : uint64))} + ensures { [#"../682.rs" 5 10 5 17] Int.gt ( ^ a) ( * a) } end module C682_AddSome @@ -50,8 +51,8 @@ module C682_AddSome clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with type t = uint64 let rec cfg add_some [#"../682.rs" 6 0 6 24] [@cfg:stackify] [@cfg:subregion_analysis] (a : borrowed uint64) : () - requires {[#"../682.rs" 4 11 4 32] * a <= div Max0.mAX' (2 : uint64)} - ensures { [#"../682.rs" 5 10 5 17] ^ a > * a } + requires {[#"../682.rs" 4 11 4 32] Int.le ( * a) (UInt64.div Max0.mAX' (2 : uint64))} + ensures { [#"../682.rs" 5 10 5 17] Int.gt ( ^ a) ( * a) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -60,7 +61,7 @@ module C682_AddSome goto BB0 } BB0 { - a <- { a with current = ([#"../682.rs" 7 4 7 11] * a + ([#"../682.rs" 7 10 7 11] [#"../682.rs" 7 10 7 11] (1 : uint64))) }; + a <- { a with current = ([#"../682.rs" 7 4 7 11] UInt64.add ( * a) ([#"../682.rs" 7 10 7 11] [#"../682.rs" 7 10 7 11] (1 : uint64))) }; assume { Resolve0.resolve a }; _0 <- ([#"../682.rs" 6 25 8 1] ()); return _0 @@ -73,7 +74,7 @@ module C682_Foo_Interface use prelude.UInt64 val foo [#"../682.rs" 12 0 12 23] (a : borrowed uint64) : () requires {[#"../682.rs" 10 11 10 21] * a = (3 : uint64)} - ensures { [#"../682.rs" 11 10 11 17] ^ a > * a } + ensures { [#"../682.rs" 11 10 11 17] Int.gt ( ^ a) ( * a) } end module C682_Foo @@ -88,7 +89,7 @@ module C682_Foo val Max0.mAX' = Max0.mAX' let rec cfg foo [#"../682.rs" 12 0 12 23] [@cfg:stackify] [@cfg:subregion_analysis] (a : borrowed uint64) : () requires {[#"../682.rs" 10 11 10 21] * a = (3 : uint64)} - ensures { [#"../682.rs" 11 10 11 17] ^ a > * a } + ensures { [#"../682.rs" 11 10 11 17] Int.gt ( ^ a) ( * a) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -112,7 +113,7 @@ module C682_Foo } BB2 { assume { Resolve0.resolve a }; - assert { [@expl:assertion] [#"../682.rs" 15 18 15 27] * a > Ghost.inner a_p }; + assert { [@expl:assertion] [#"../682.rs" 15 18 15 27] Int.gt ( * a) (Ghost.inner a_p) }; _0 <- ([#"../682.rs" 12 24 16 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/bug/682/why3session.xml b/creusot/tests/should_succeed/bug/682/why3session.xml index 2436709539..524ef6caad 100644 --- a/creusot/tests/should_succeed/bug/682/why3session.xml +++ b/creusot/tests/should_succeed/bug/682/why3session.xml @@ -7,12 +7,12 @@ - + - + diff --git a/creusot/tests/should_succeed/bug/682/why3shapes.gz b/creusot/tests/should_succeed/bug/682/why3shapes.gz index eec0f8f5d1087c27990f367db853f8784a9a5982..be112f1f49ee656da9c36b176b0ca2320e647c74 100644 GIT binary patch literal 292 zcmV+<0o(o`iwFP!00000|BaBlZo@DPMR$FLwzTe|hppHJIv53l80ai?NLoLht^LbU&Rx4lB6<|q?sBR z>=?S)O5VVe?-nWwV#-VQPjc}vzGoBYyt7fGGf^ZMUf z{Q6o8<~+rGGD|>9F4+lq7CC3%e-yku{;1{F{Fjdl0U@IpDO9-@06>l4%9Ko3jEbTv qO;vDAw*;BoXu@6Ym@B~&YM^99D+glDoUnlTmZ2}|Oq`%j0ssJj_KYC_ literal 287 zcmV+)0pR{0iwFP!00000|BaAKYr`-Qgzx?px}|k5mRItlGyzjEG4w2YYFJAvY8p$$ zPMp7AC-k8tJ>()WJ6a9%-NkHt$4?sBM8nv5_sB99-$%H@edl(WSj;EBsU(!KN}64R z1C4$=k%9)73b6IV;16UL{fA1?b`G~Hsb?=(osEZ3a?R@sJGW{5-kI^rd^u&|)AAx7 zO*e(3zIt8gw2ss>vwmP`%x3gG-Be?BJ`Xt`;Ktywy3+L-lT~&hrD;?2_ z5bf!+0ImX+o*>6F+xUCN(b3^Y9d8Z4Y^?WDl$xw8%7RiWttqsY0ssjm7j2uDkTbqc lq7rk+C6N}qz)S+6E_jw0l)~ynS_bPh`T_|1YokE|005!Xhk*b9 diff --git a/creusot/tests/should_succeed/bug/691.mlcfg b/creusot/tests/should_succeed/bug/691.mlcfg index 3942b0e124..6bb63aa0f3 100644 --- a/creusot/tests/should_succeed/bug/691.mlcfg +++ b/creusot/tests/should_succeed/bug/691.mlcfg @@ -62,6 +62,7 @@ module C691_Example_Closure0_Interface use prelude.Int use prelude.UInt32 use prelude.Borrow + use prelude.Bool use C691_Foo_Type as C691_Foo_Type let function field_0 [#"../691.rs" 10 12 10 39] (self : c691_example_closure0) : C691_Foo_Type.t_foo = [@vc:do_not_keep_trace] [@vc:sp] @@ -88,6 +89,7 @@ module C691_Example_Closure0 use prelude.Int use prelude.UInt32 use prelude.Borrow + use prelude.Bool use C691_Foo_Type as C691_Foo_Type let function field_0 [#"../691.rs" 10 12 10 39] (self : c691_example_closure0) : C691_Foo_Type.t_foo = [@vc:do_not_keep_trace] [@vc:sp] diff --git a/creusot/tests/should_succeed/bug/766.mlcfg b/creusot/tests/should_succeed/bug/766.mlcfg index 82656e3d0e..62f4e0bd10 100644 --- a/creusot/tests/should_succeed/bug/766.mlcfg +++ b/creusot/tests/should_succeed/bug/766.mlcfg @@ -34,6 +34,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -112,6 +113,7 @@ module C766_Trait_F_Interface type self type t type u + use prelude.Bool use prelude.Borrow clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy1 with type self = u diff --git a/creusot/tests/should_succeed/bug/797.mlcfg b/creusot/tests/should_succeed/bug/797.mlcfg index 3cca804b67..0f8a6c19d7 100644 --- a/creusot/tests/should_succeed/bug/797.mlcfg +++ b/creusot/tests/should_succeed/bug/797.mlcfg @@ -17,7 +17,7 @@ module C797_MakeMapping use prelude.Int use prelude.Mapping function make_mapping [#"../797.rs" 6 0 6 50] (_1 : ()) : Map.map (int, int) bool = - [#"../797.rs" 7 4 7 23] Mapping.from_fn (fun (_2 : (int, int)) -> let (x, y) = _2 in x + y = 0) + [#"../797.rs" 7 4 7 23] Mapping.from_fn (fun (_2 : (int, int)) -> let (x, y) = _2 in Int.add x y = 0) val make_mapping [#"../797.rs" 6 0 6 50] (_1 : ()) : Map.map (int, int) bool ensures { result = make_mapping _1 } diff --git a/creusot/tests/should_succeed/bug/874.mlcfg b/creusot/tests/should_succeed/bug/874.mlcfg index 1415a599f0..8a77ae5be6 100644 --- a/creusot/tests/should_succeed/bug/874.mlcfg +++ b/creusot/tests/should_succeed/bug/874.mlcfg @@ -99,11 +99,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -121,11 +121,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub type t @@ -206,6 +206,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve type t use prelude.Int use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -227,7 +228,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve predicate Inv1.inv = Inv1.inv, axiom . predicate resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) = - [#"../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Resolve0.resolve (IndexLogic0.index_logic self i) + [#"../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Resolve0.resolve (IndexLogic0.index_logic self i) val resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = resolve self } @@ -294,6 +295,7 @@ end module Alloc_Slice_Impl0_IntoVec_Interface type t type a + use prelude.Bool use prelude.Slice use seq.Seq use seq.Seq @@ -458,6 +460,7 @@ module Alloc_Vec_Impl18_Extend_Interface type i use seq.Seq use prelude.Borrow + use prelude.Bool clone Core_Num_Impl11_Max_Stub as Max0 use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type clone CreusotContracts_Invariant_Inv_Stub as Inv5 with @@ -596,6 +599,7 @@ end module CreusotContracts_Std1_Vec_Impl4_IntoIterPost type t type a + use prelude.Bool use seq.Seq use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with @@ -638,6 +642,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -666,6 +671,7 @@ module CreusotContracts_Std1_Vec_Impl8_Completed type a use prelude.Borrow use seq.Seq + use prelude.Bool use seq.Seq use Alloc_Vec_IntoIter_IntoIter_Type as Alloc_Vec_IntoIter_IntoIter_Type clone CreusotContracts_Model_Impl7_ShallowModel_Stub as ShallowModel0 with @@ -702,6 +708,7 @@ module CreusotContracts_Std1_Vec_Impl8_Produces type t type a use seq.Seq + use prelude.Bool use Alloc_Vec_IntoIter_IntoIter_Type as Alloc_Vec_IntoIter_IntoIter_Type clone CreusotContracts_Std1_Vec_Impl7_ShallowModel_Stub as ShallowModel0 with type t = t, @@ -745,6 +752,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Stub use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -759,6 +767,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -768,12 +777,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Slice_Impl0_ShallowModel type t @@ -781,6 +790,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -790,12 +800,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl8_ProducesRefl_Stub type t diff --git a/creusot/tests/should_succeed/bug/874/why3session.xml b/creusot/tests/should_succeed/bug/874/why3session.xml index 37cb2b794c..db1d8b6e1c 100644 --- a/creusot/tests/should_succeed/bug/874/why3session.xml +++ b/creusot/tests/should_succeed/bug/874/why3session.xml @@ -9,29 +9,29 @@ - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/bug/874/why3shapes.gz b/creusot/tests/should_succeed/bug/874/why3shapes.gz index b705eb41eab293b6bb239e323c814ca5a654f536..5eaf609f2e2ed7ba10c994d870e1481c885a96f2 100644 GIT binary patch literal 1058 zcmV+-1l{`|iwFP!00000|HW0!ZX-7gzWXVB+ctX$f|8z6oe-2N1KR@K%{$acMWv=HpKhN4f!o%iJ ziRCOj?Y8Ml%=-$$$Bz|OvQqcO2>mZ>`ZM)s?9Xuj>P$z!*I*op&ZFy)AD`O4D&0Hl zWe)->a}uetCs9`JBw_{PB&!O5qpmZ5HlNzhfva1ux6iA`ZOZEkFtpp%!=??7i{Cyh z!tL1pkobGi#T^+tX#9K1rYoT7Y}^2OnQk1k+_~?8OAd7#KIJy#b-NF%RoLxTEq5h~ z2va7AIAy{}#q@>qYx$v|IHH8}OMImia;BO+?Q-01(nHJRFdMcA!r@YZ=dN8P;V^*+ zxDYvMgQzBL81;8cfh)DZ75vZB_@OW0xwzeg6^LUk2ME8HQ!y7p+q_$Gm&&~|ibvBZ zQRl)tbE&7Itw1f#cERvD+*F_!A#NX^*1658JDsK5?%VLpR~P+m9R=#Il_gMjcXzX} z%lqy6kQwttH}M<91bD}OBBelG-cEbsSu*YE1k zp+Y^<@GITtVC#Lj^>)o>D6RVHCp{W@>9 zyLk+oRsOThn>3q2osp7?sv&Zg_&=i-pp1@n-AGxdxgxL7gYeElbs*44R+LD{ zm(e456ds%h>%qJwwzVobtu#vH6hY}=h=fUXqHK(9y4cpE@yLSmDF0cWM0FEGrY4G{ zwYJh~Nm*b`GDv}{%j4c96&Nc5hDf3oN`S5%HNjf2Kwyo7E|q$(Y@rn8jLOUiCg!(E zpfcztP?NcHkIdH-jslq+ksI00hYx6951J literal 1059 zcmV+;1l;={iwFP!00000|HW0!a^p4(zWXVB+ctY40RDFBgQpV@^8%Wl>Y*rdH#3f% z+FGaGr!OeWi6dFNX`4F2Ydka!_EBgIXtGr{FwHK``z}Zxt`zrIBS0o_uFG7 zRJ*MpQ%4%e}=mkXFB=41mj3_8C{3;@Yw!Y>E2nd zdJs^Vvq+Uai?VWO5i1a9SyccW_2)&{r0u8nbKvSWo88m;Vb`Qh1sK}h`hMGnhvlyy zmSHir-#7fb?Bb4$9W?$wXVVqXbT)2)e4TC_wA{JtflCgx2%l0L(xyFx^*ZeL>z2C` zMT996M4U2Vq+7$^M3JmGnuuG(mlS&VX$S&Zrp%y#S#n8n#?n@STqkwUZErgbMn z;AZXH^=#C@XTx)!&u(Wn`WxMuXP~$K9ddh2BbTq!gNOa#eSP7N#l`nRK*#dokoNtq z4jn4gBMraOeGazXg$4gss8;N=MpZx!O0Hda<>E>;p9pLr$GUan+0y`HEF1>fy=vKOeo zSH6UXcXHWxRxD2+F2v>QcZ5wH57ePsbu#;wS{4OE+4hr`9}ahB3fvW@zzvxKdu9sk z1XExK-DL$1m|_(Sm|_*b=N+)}g6U^q`Wi4j0;ZmUsVQJ;2uzJ8fmOpvU{#rfS@p|2 z@AmT;w(Imqo3_nt7K{)Lm?p&}qg7;dCYz#78B;P!%oTZs9)x$^dgHZMUV8GZ@?wT6 zMd@5jp?0|;w9Z(mY^|-uCSo%O?Lm2v9>@dxz*HnBDT=H?NzAo!Hj#~yG!vmI*Cb0M z+-mFN#&ZXl?DTWWKzOHBgqK`L1G9YQt|XkWYysI~q8$5~oNAXz9oB5Ib~>QN zJ`EOine+q>gJgSh+Hw z#Xb|B(~Gb|Pc&VI=&5(`Ta^7;tNgkB`vS|{iFYyaINTT$ y} + [#"../pure_neq.rs" 8 16 8 22] x <> y end diff --git a/creusot/tests/should_succeed/bug/pure_neq/why3shapes.gz b/creusot/tests/should_succeed/bug/pure_neq/why3shapes.gz index fdf5d8e08be43892386571c17fa26d2c84b58f7f..b09465d011bed511bb8e3104cc16b5f1b210e97f 100644 GIT binary patch delta 50 zcmYdGonWEcHZ3!4nJ3$_HcvIpWnye@D>cQ$92UAXha`8WJa%Dbb>?T*WAHs^mKwpp GzyJWc&JTG2 delta 51 zcmV-30L=eoW{@~8M#;$r7M4aPiHU~Bsg_BmDXB?jMrM` ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -175,11 +175,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub type t @@ -244,6 +244,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -286,8 +287,8 @@ module Alloc_Vec_Impl1_Len_Interface type a use prelude.UIntSize use seq.Seq - use prelude.Borrow use prelude.Int + use prelude.Borrow use seq.Seq use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with @@ -305,6 +306,7 @@ module Alloc_Vec_Impl1_Push_Interface type a use prelude.Borrow use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv3 with type t = Seq.seq t diff --git a/creusot/tests/should_succeed/bug/two_phase/why3session.xml b/creusot/tests/should_succeed/bug/two_phase/why3session.xml index 310ef881c9..5415cd7ce9 100644 --- a/creusot/tests/should_succeed/bug/two_phase/why3session.xml +++ b/creusot/tests/should_succeed/bug/two_phase/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/bug/two_phase/why3shapes.gz b/creusot/tests/should_succeed/bug/two_phase/why3shapes.gz index 83a203c1620a1391f113aad44075c57c77ac0b49..1a9ddb9eb714a1eff7a1cb0543f7ff56e9dfde68 100644 GIT binary patch literal 281 zcmV+!0p|W6iwFP!00000|8(q9$>n2PsH|o*z9`UN!DYW72AH z`}3P!*Fu*qBrq?`e3RrMCi4+L^-LB$&4aUh!b$uX`7a#o0!ejM6zC=yuuZ0rZZdpe?W^|o4kfV3aU_FlI>#jWeZw>X@k_X7sW*%&(zZ>HYLyK>~@1p7d z=e4hK(z7#*hN2GGKZZb*I9u1=<|I&7t`EJ66l92p2`H`V-}{B>ZgsFFRk?l&Oups?Z%Hwdp}q-z|Y9gDlX_4MA*ElB6udfn~2x5k0QZP=r)nG>tw;YoVF-v f!F69`R0uAKP+a9IQ>kK#swDaW-K2CL*#Q6mxrm6x literal 283 zcmV+$0p$K4iwFP!00000|8-;)6v1CG zT;e&t+i|ofYB$5jrM>G7YDmvW-@3h^L)iM0mSq6Xtg|C?G`S#%Ng^c~CM~ukW!hvB h? goto BB4 | True -> goto BB2 end } BB2 { - _6 <- ([#"../01.rs" 44 8 44 20] Set0.set ([#"../01.rs" 44 8 44 20] c) ([#"../01.rs" 44 14 44 19] v + ([#"../01.rs" 44 18 44 19] [#"../01.rs" 44 18 44 19] (2 : uint32)))); + _6 <- ([#"../01.rs" 44 8 44 20] Set0.set ([#"../01.rs" 44 8 44 20] c) ([#"../01.rs" 44 14 44 19] UInt32.add v ([#"../01.rs" 44 18 44 19] [#"../01.rs" 44 18 44 19] (2 : uint32)))); goto BB3 } BB3 { diff --git a/creusot/tests/should_succeed/cell/01/why3session.xml b/creusot/tests/should_succeed/cell/01/why3session.xml index ae42d1aaa4..9b94606f37 100644 --- a/creusot/tests/should_succeed/cell/01/why3session.xml +++ b/creusot/tests/should_succeed/cell/01/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/cell/01/why3shapes.gz b/creusot/tests/should_succeed/cell/01/why3shapes.gz index 6243584b42485adef9ca36e613f41cb9345698c0..dec83e0e66a087957fe90d06548b0c6ded7a9bbe 100644 GIT binary patch literal 213 zcmV;`04o0di)DQSreBBy*W@rE!}d=?%u^VK8Y}N+ zfB36Gm|=oLS@%*b#ttEFzSqErBcinvm@dwFGt}1qnefyN4pfG_UxBl!T1-IAmLpal zdVCE5NS)2ey&6}6`wi!-$cr*zQO`CiSC#-O`L){a67!1*iqK0bZCuPa?W3YKLOXj3pyG9mp zf!>FXv(4Czg#GU-EYnl6tYRPP^ml~w+Mr~r@uv}n>taUo1;zE3t&zE57h4Q#B$5|kf~4ycfpNp3OESx$3;-Y0J;1PTEF0MQCkX#fBK diff --git a/creusot/tests/should_succeed/cell/02.mlcfg b/creusot/tests/should_succeed/cell/02.mlcfg index d3d7eafe8d..b8e91e8e57 100644 --- a/creusot/tests/should_succeed/cell/02.mlcfg +++ b/creusot/tests/should_succeed/cell/02.mlcfg @@ -116,10 +116,10 @@ module C02_Fib val fib [#"../02.rs" 32 0 32 25] (i : int) : int ensures { result = fib i } - axiom def : forall i : int . fib i = ([#"../02.rs" 29 0 29 8] if i <= 0 then + axiom def : forall i : int . fib i = ([#"../02.rs" 29 0 29 8] if Int.le i 0 then 0 else - if i = 1 then 1 else fib (i - 1) + fib (i - 2) + if i = 1 then 1 else Int.add (fib (Int.sub i 1)) (fib (Int.sub i 2)) ) end module C02_Fib_Impl @@ -128,7 +128,11 @@ module C02_Fib_Impl variant {[#"../02.rs" 31 10 31 11] i} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../02.rs" 29 0 29 8] if pure {i <= 0} then 0 else if pure {i = 1} then 1 else fib (i - 1) + fib (i - 2) + [#"../02.rs" 29 0 29 8] if Int.le i 0 then + 0 + else + if i = 1 then 1 else Int.add (fib (Int.sub i 1)) (fib (Int.sub i 2)) + end module C02_LemmaFibBound_Stub use prelude.Int @@ -144,11 +148,11 @@ module C02_LemmaFibBound_Interface axiom . function lemma_fib_bound [#"../02.rs" 47 0 47 30] (i : int) : () val lemma_fib_bound [#"../02.rs" 47 0 47 30] (i : int) : () - requires {[#"../02.rs" 44 11 44 17] 0 <= i} - ensures { [#"../02.rs" 45 10 45 28] Fib0.fib i <= Power.power 2 i } + requires {[#"../02.rs" 44 11 44 17] Int.le 0 i} + ensures { [#"../02.rs" 45 10 45 28] Int.le (Fib0.fib i) (Power.power 2 i) } ensures { result = lemma_fib_bound i } - axiom lemma_fib_bound_spec : forall i : int . ([#"../02.rs" 44 11 44 17] 0 <= i) -> ([#"../02.rs" 45 10 45 28] Fib0.fib i <= Power.power 2 i) + axiom lemma_fib_bound_spec : forall i : int . ([#"../02.rs" 44 11 44 17] Int.le 0 i) -> ([#"../02.rs" 45 10 45 28] Int.le (Fib0.fib i) (Power.power 2 i)) end module C02_LemmaFibBound use prelude.Int @@ -157,16 +161,16 @@ module C02_LemmaFibBound axiom . function lemma_fib_bound [#"../02.rs" 47 0 47 30] (i : int) : () val lemma_fib_bound [#"../02.rs" 47 0 47 30] (i : int) : () - requires {[#"../02.rs" 44 11 44 17] 0 <= i} - ensures { [#"../02.rs" 45 10 45 28] Fib0.fib i <= Power.power 2 i } + requires {[#"../02.rs" 44 11 44 17] Int.le 0 i} + ensures { [#"../02.rs" 45 10 45 28] Int.le (Fib0.fib i) (Power.power 2 i) } ensures { result = lemma_fib_bound i } axiom def : forall i : int . lemma_fib_bound i = ([#"../02.rs" 43 0 43 8] if i = 0 then () else - if i = 1 then () else let _ = lemma_fib_bound (i - 2) in lemma_fib_bound (i - 1) + if i = 1 then () else let _ = lemma_fib_bound (Int.sub i 2) in lemma_fib_bound (Int.sub i 1) ) - axiom lemma_fib_bound_spec : forall i : int . ([#"../02.rs" 44 11 44 17] 0 <= i) -> ([#"../02.rs" 45 10 45 28] Fib0.fib i <= Power.power 2 i) + axiom lemma_fib_bound_spec : forall i : int . ([#"../02.rs" 44 11 44 17] Int.le 0 i) -> ([#"../02.rs" 45 10 45 28] Int.le (Fib0.fib i) (Power.power 2 i)) end module C02_LemmaFibBound_Impl use prelude.Int @@ -174,15 +178,15 @@ module C02_LemmaFibBound_Impl clone C02_Fib as Fib0 with axiom . let rec ghost function lemma_fib_bound [#"../02.rs" 47 0 47 30] (i : int) : () - requires {[#"../02.rs" 44 11 44 17] 0 <= i} - ensures { [#"../02.rs" 45 10 45 28] Fib0.fib i <= Power.power 2 i } + requires {[#"../02.rs" 44 11 44 17] Int.le 0 i} + ensures { [#"../02.rs" 45 10 45 28] Int.le (Fib0.fib i) (Power.power 2 i) } variant {[#"../02.rs" 46 10 46 11] i} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../02.rs" 43 0 43 8] if pure {i = 0} then + [#"../02.rs" 43 0 43 8] if i = 0 then () else - if pure {i = 1} then () else let _ = lemma_fib_bound (i - 2) in lemma_fib_bound (i - 1) + if i = 1 then () else let _ = lemma_fib_bound (Int.sub i 2) in lemma_fib_bound (Int.sub i 1) end module C02_LemmaMaxInt_Stub @@ -197,10 +201,10 @@ module C02_LemmaMaxInt_Interface use prelude.UIntSize function lemma_max_int [#"../02.rs" 62 0 62 22] (_1 : ()) : () val lemma_max_int [#"../02.rs" 62 0 62 22] (_1 : ()) : () - ensures { [#"../02.rs" 61 10 61 49] Power.power 2 63 < UIntSize.to_int (18446744073709551615 : usize) } + ensures { [#"../02.rs" 61 10 61 49] Int.lt (Power.power 2 63) (UIntSize.to_int (18446744073709551615 : usize)) } ensures { result = lemma_max_int _1 } - axiom lemma_max_int_spec : forall _1 : () . [#"../02.rs" 61 10 61 49] Power.power 2 63 < UIntSize.to_int (18446744073709551615 : usize) + axiom lemma_max_int_spec : forall _1 : () . [#"../02.rs" 61 10 61 49] Int.lt (Power.power 2 63) (UIntSize.to_int (18446744073709551615 : usize)) end module C02_LemmaMaxInt use int.Power @@ -208,10 +212,10 @@ module C02_LemmaMaxInt use prelude.UIntSize function lemma_max_int [#"../02.rs" 62 0 62 22] (_1 : ()) : () val lemma_max_int [#"../02.rs" 62 0 62 22] (_1 : ()) : () - ensures { [#"../02.rs" 61 10 61 49] Power.power 2 63 < UIntSize.to_int (18446744073709551615 : usize) } + ensures { [#"../02.rs" 61 10 61 49] Int.lt (Power.power 2 63) (UIntSize.to_int (18446744073709551615 : usize)) } ensures { result = lemma_max_int _1 } - axiom lemma_max_int_spec : forall _1 : () . [#"../02.rs" 61 10 61 49] Power.power 2 63 < UIntSize.to_int (18446744073709551615 : usize) + axiom lemma_max_int_spec : forall _1 : () . [#"../02.rs" 61 10 61 49] Int.lt (Power.power 2 63) (UIntSize.to_int (18446744073709551615 : usize)) end module C02_Fib_Type use prelude.Int @@ -352,11 +356,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -374,11 +378,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub type t @@ -654,7 +658,7 @@ module CreusotContracts_Std1_Slice_Impl5_InBounds use prelude.UIntSize use seq.Seq predicate in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) = - [#"../../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] UIntSize.to_int self < Seq.length seq + [#"../../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] Int.lt (UIntSize.to_int self) (Seq.length seq) val in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) : bool ensures { result = in_bounds self seq } @@ -687,6 +691,7 @@ module CreusotContracts_Std1_Slice_Impl5_HasValue use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) = [#"../../../../../creusot-contracts/src/std/slice.rs" 115 20 115 37] Seq.get seq (UIntSize.to_int self) = out val has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) : bool @@ -712,8 +717,8 @@ module C02_FibMemo_Interface clone C02_FibCell_Stub as FibCell0 val fib_memo [#"../02.rs" 95 0 95 50] (mem : Alloc_Vec_Vec_Type.t_vec (C02_Cell_Type.t_cell (Core_Option_Option_Type.t_option usize) (C02_Fib_Type.t_fib)) (Alloc_Alloc_Global_Type.t_global)) (i : usize) : usize requires {[#"../02.rs" 91 11 91 25] FibCell0.fib_cell mem} - requires {[#"../02.rs" 92 11 92 26] UIntSize.to_int i < Seq.length (ShallowModel0.shallow_model mem)} - requires {[#"../02.rs" 94 11 94 19] UIntSize.to_int i <= 63} + requires {[#"../02.rs" 92 11 92 26] Int.lt (UIntSize.to_int i) (Seq.length (ShallowModel0.shallow_model mem))} + requires {[#"../02.rs" 94 11 94 19] Int.le (UIntSize.to_int i) 63} ensures { [#"../02.rs" 93 10 93 28] UIntSize.to_int result = Fib0.fib (UIntSize.to_int i) } end @@ -824,8 +829,8 @@ module C02_FibMemo predicate Inv2.inv = Inv2.inv let rec cfg fib_memo [#"../02.rs" 95 0 95 50] [@cfg:stackify] [@cfg:subregion_analysis] (mem : Alloc_Vec_Vec_Type.t_vec (C02_Cell_Type.t_cell (Core_Option_Option_Type.t_option usize) (C02_Fib_Type.t_fib)) (Alloc_Alloc_Global_Type.t_global)) (i : usize) : usize requires {[#"../02.rs" 91 11 91 25] FibCell0.fib_cell mem} - requires {[#"../02.rs" 92 11 92 26] UIntSize.to_int i < Seq.length (ShallowModel0.shallow_model mem)} - requires {[#"../02.rs" 94 11 94 19] UIntSize.to_int i <= 63} + requires {[#"../02.rs" 92 11 92 26] Int.lt (UIntSize.to_int i) (Seq.length (ShallowModel0.shallow_model mem))} + requires {[#"../02.rs" 94 11 94 19] Int.le (UIntSize.to_int i) 63} ensures { [#"../02.rs" 93 10 93 28] UIntSize.to_int result = Fib0.fib (UIntSize.to_int i) } = [@vc:do_not_keep_trace] [@vc:sp] @@ -860,7 +865,7 @@ module C02_FibMemo end } BB3 { - switch ([#"../02.rs" 99 27 99 33] i = ([#"../02.rs" 99 32 99 33] [#"../02.rs" 99 32 99 33] (0 : usize))) + switch ([#"../02.rs" 99 27 99 33] UIntSize.eq i ([#"../02.rs" 99 32 99 33] [#"../02.rs" 99 32 99 33] (0 : usize))) | False -> goto BB8 | True -> goto BB7 end @@ -881,7 +886,7 @@ module C02_FibMemo goto BB16 } BB8 { - switch ([#"../02.rs" 101 22 101 28] i = ([#"../02.rs" 101 27 101 28] [#"../02.rs" 101 27 101 28] (1 : usize))) + switch ([#"../02.rs" 101 22 101 28] UIntSize.eq i ([#"../02.rs" 101 27 101 28] [#"../02.rs" 101 27 101 28] (1 : usize))) | False -> goto BB10 | True -> goto BB9 end @@ -899,15 +904,15 @@ module C02_FibMemo goto BB12 } BB12 { - _23 <- ([#"../02.rs" 106 16 106 36] fib_memo ([#"../02.rs" 106 25 106 28] mem) ([#"../02.rs" 106 30 106 35] i - ([#"../02.rs" 106 34 106 35] [#"../02.rs" 106 34 106 35] (1 : usize)))); + _23 <- ([#"../02.rs" 106 16 106 36] fib_memo ([#"../02.rs" 106 25 106 28] mem) ([#"../02.rs" 106 30 106 35] UIntSize.sub i ([#"../02.rs" 106 34 106 35] [#"../02.rs" 106 34 106 35] (1 : usize)))); goto BB13 } BB13 { - _27 <- ([#"../02.rs" 106 39 106 59] fib_memo ([#"../02.rs" 106 48 106 51] mem) ([#"../02.rs" 106 53 106 58] i - ([#"../02.rs" 106 57 106 58] [#"../02.rs" 106 57 106 58] (2 : usize)))); + _27 <- ([#"../02.rs" 106 39 106 59] fib_memo ([#"../02.rs" 106 48 106 51] mem) ([#"../02.rs" 106 53 106 58] UIntSize.sub i ([#"../02.rs" 106 57 106 58] [#"../02.rs" 106 57 106 58] (2 : usize)))); goto BB14 } BB14 { - fib_i <- ([#"../02.rs" 106 16 106 59] _23 + _27); + fib_i <- ([#"../02.rs" 106 16 106 59] UIntSize.add _23 _27); _23 <- any usize; _27 <- any usize; goto BB15 diff --git a/creusot/tests/should_succeed/cell/02/why3session.xml b/creusot/tests/should_succeed/cell/02/why3session.xml index c58f37826f..bab21f572c 100644 --- a/creusot/tests/should_succeed/cell/02/why3session.xml +++ b/creusot/tests/should_succeed/cell/02/why3session.xml @@ -4,63 +4,62 @@ - - + - + - + - - + + - - + + - + - + - + - + - + - + - + - + - + - + @@ -69,7 +68,7 @@ - + @@ -80,10 +79,14 @@ - - - - + + + + + + + + @@ -92,28 +95,28 @@ - - + + - + - - + + - + - + - - + + - + diff --git a/creusot/tests/should_succeed/cell/02/why3shapes.gz b/creusot/tests/should_succeed/cell/02/why3shapes.gz index 64684cde00cf090fee15767a0f6614543fbf055a..0472d53a5d524b9f068079f6ab9ea97cd1562167 100644 GIT binary patch literal 2271 zcmV<52q5<#iwFP!00000|Ls`GZW~Dwz4I%0>t!%NW<;)o=7A7olmMgWFpWarh+J&~ zluFiO|NcZ}Ev(`qO16A!Kp?ZSB44a8GN@mFUp{_z_vvx@H9b6To4fxk)$;e>7VZ!C z`0Q&Ic+J-Ck5yphyWfQU=FOjO)r!&gF42O0Skza`+&nDv)-T-3(O1p3TjyeI*8}Wi z4fIqn0vj=CQBHDq-+W6Cq>yo4uGKr-DIYemU+Nj}uF z=DjO?gt{4^#0Vw&Gon2sj?X}e121tXI&M07K89nLZg1U&P&dALzKe^eFK&DHwI*M? z6>nv`C0RZ!vBqI3YB4NjExQoy(%q-0&yG^K+cn=dw@pmDTDhlYv%PzAx9h)uS-0|s z0ymvP^w5j;svAEq_H z_C+wpwY+~CUIc}`(}5cyloo<%)XYlB6>o#pY7S|)bGPZXoa|$?JsCsZi=|PFG%P4; zo%N4&?1cRNLki7Z+&&SH79~#|Oq)EnT{u#*`RaDh>Ev;@u|*Vzg>tRIn@^vc$EQu3 z#f^0vU0y+1tmxBSZT@WTQv0wC>k#Eaq@j7`z}I9h_us6na(i2I-Q+)v&t( zEH!>0^n&eh+Eh3pcVsHO$y7KrRi7{wrl$UDYC`MU>`^a{3!`O3UjjXD*_kS$ntgms z52c>3a+llv$%53QF0RhKZ`QQaoT@PPn(UEA33*|7&hj-PimCfm#+X&b9%1 zMFctrr>7RjmEKv;7gytf;=%;2xumP}VydUzX^m|7dLQqGPlMgSp_=2uD!?!nK!=L1 z!71vjtQ&ENDvp>{P{p29^E~oNo+&E-gk=_%Miw!7rZcYh4Yil)#i#8uA28{k5dW+Y zH>$i-uV_bV52apcNRw>UaNsd*%<@$On?2F++GdKjX-!Azvj(`{N0go>5v_q=A1XMy zCcBw;$WaT;?G%yQDIzzAh};|{>Ep}!sd-yt^m#EqgUrVhsj0atD3?<+$b3ALm72?f zM3cR^UU%~}7wc0KRn4&zT9p-a;_YgEVOVR0|9kGvtFbkgJ}>*y%bfKEY{{an!3@5D zIqeJRPH0tDYVZZrMPEqx@^FfBm`?lE@py`|x4Vl*KdH{QsBN$kUkW+>j>0kIcsb-a zD`c2WD(gZ-+O4~mHzkQaU?I+))WE_nRun!}gPgHY&R8gpSa{Uf4q5o)ygtD~a(18~ zu#W7PDG2NZ3YKD{4sn@+_5uY>K{CYnk%IaR1yv`sDl0kGgS=c1az?>690UJKH${8} z|L|o;u;dS+Mm{)#{Iny;I-!=-#MqI4_A>wMHF=VIE;jv?{AHx_CLdBs~2E!sfpV?n%Mqx9*;mVs^dYP0#bLC2Pv@nBZw&BFO_A zS|%6aJ+z!d4~&;xyPeX9y6T+qYW8FY#;b$=y62~v@lzl1Q_uKG)(n&{%lGIaEfC*h zPFOET*7rlhi83!ox_hnX{l3sAa6R#%vlz|*u^y-}rk5Ik4k`1EdRGB!$C~lVVrRH- zJE69rbhAiT8s>6om;>(1k^808@YJ+;9_?DkYYp!U`6~r^vl! zAhQexT|_~XBvUpf#-oCzGL_O5mlYQk$BIM6dBs^}D^ux8RdNA3M=40L7g{*<7!yis zZ3-+I+E@asxUIOUI02~_u{_JsdQgICaxZJGQ_{9I%w+*ewphSl4TsrjudSCU#}qx+ zCV~bFOw(VGtiZur5V_AvF&kB+*mIMWK;h8_VNo;ATtO7&4_}Aqcuo;97){5S&6Y`m z4a{Ut$#s5-vO-E0RtOdH3Q2*jz*L|sP!-6xCHpmR@D+Vvx#N6d^~>FeKe(QIKN$ek##Y0J-oo$EXDm;~ckAc(Q>4t%h6* z{;pbyI$209(F-F&1QwW%5MzSKtha@s0)B#G0OnZ?7@5poNvmaY!ekVXnT!mIV*EL} ziHRZ#1KxRb)IwzxoT$l(w1PUeDcPkz@!pCPbp+=iamE~)h=xfjV=6P@9hIA13R?+N z$=7zT9F3DPyG%_$2`jmZ+!+;okb*@V;P~4u&CEdX45F|Cj0p@VUd{k2FX_G+p?@SA z7PLr=vFNR`9;K22Jfmh}sS`u=y$+!(p?-u|fv!HfQL{^#`jrjHsN5nK2m!s}gDd7c z3W=#Gm1dZ;cS7(?{>b*eiyXAdVu02^!ceCyV@6XKgygB&b7BhB5o;TU&w9|I-lISj z6%Sq3Hdw=A2Hy@5$^t_Klwl>|XYfOdpy&n#Pxo=4>Bp)>eNgjc=r)rhKV&7v zd+5`KlcPFDOFe)pPE$7s9_Xs3#-9ZAv(8&6$uWTr8VNBNx+J9%f^LmuvXm0@e&Trp zs8TL7P|Q;>loWK&J9Ly8K`aR=^V!_<23*L&7`k;Vqk$?~7F2H8O+$s$D#SACDX0{$ z6nm4s?SRH@aKKntJ=GBQR*NjwV~xuwFS_|UjY6QL>4 t_`T?nKr)TVbR9%0Jw;P6SHJ+7PBhS&rBaoWl@hOm`#)#Q_s}yU005QWOu_&F literal 2035 zcmV|FSKHfvE@}D8 zKNkL-|E(7hda?HJR#CLEP09V#=N94-C#4!!UWQdF*u$ z<0FhPmlKTI!KhKCj=efwA=}QO?Y!Y%j<0tCxXw2>e#4lXu>E?Q77zdRSGV7K-s2!a z)g46kc@nY5NmRX>MBVElG}rm|)5B-a3A?`De&5_|Q@-xWKWsNww-5ei{hy!KRsUGw zaxh3Arj(e2l$c#g%$O20rNp$9RI{_a^p=+&&GB*@IXI6^OaI5$FV|TxH0vBb9A;eX zQ@)F4dq2%b!f~e&tWso@5(bTMS_46iP&FI#^|imrH+A6{m#atP2BX$$r^W^r9I3(c zdtUa4{+GKPx3}r)fh%Rvax=ixg!!w5XCs?${`zZvbh+QSrizn5zWTfQ^m%*#u&J5b zIKMINm2AR_KmGg7$L(#d4_B3GEB}@KCH2$bwOD){-V6$Gq5z`;9PaM7V;vszr+l~E zavvz{_F@jRJzcSn@b-BT-nIzu9ybyj^QO0d;+{PA1|HGay93Yk2aX*wGlymY`}NRX zb$#||7W*7j8jj+K)MgH$nJM@8`L40({eH=M09ikk>5&PA$A52caz9d}C1V1CqfiaD z&v}0}t@qpYapKRct@<@`TUh&p(9R+$k3r>0{stKITReoBGejN3s1sK1<1hy1{r~OO z)=$;@`r|8jw2xCSkM_h9vq<$|XK&$x^?B%}xY+NIpAL4|gS$9F1$Ppu1_ZVTa|i@x z21F-7bP}tJzb;rk=;kF~Bhk{r~lv_5lERONsDKxgP1dHJ)K zG&w2haVMo7lvYhrlao@Nb&{3OA9<*!GjEhm4?WbQ-@|st^KU-IB_vwlIF@`L!(A-# zd@OOsCOPZG>q>l{3IF;N^VBs>`3fbUVJgC-`m$rB##6j_>9?-^~TPSVrRm zC9xG68h_7z)MtIMcdB&?)IIJx1wPR!5C^4IlXjf~&vyz|KD@(-`90$c8#uVJ?yEq} z*oBv4T@Ag>3|)4}938m8nnym=(ivOw1g7WEV})^VvB$Mwk19;fo(39CJ#1eXG^;Ru zQek>l80^7RVn0}`6=|q3-M%Q*$MrZ~9u+4JWmW|->WEXFV;+C!HgMPs1|EwiD$R`@ zqe@_R`LgHpWyea>d*@!_B(^q;%x2i}8lK>_7?ftUiLExzILXShVypB#DK@&;J4Njs z)e4-P(oZ<02BlS#c1H=~S*KX}!w9ZmT&AALj}ol&`_v53))M16bRRB9d*_3|%Io3R zfO^ig-va6xxcgf2=&H*-!_m%b@!7BeCn2LsS_Vbl3CJeeY?jc8 zMN&p+XESmmSE3_B&* zI=~KCh7LsMI@_6!I=zre3)DJU9ZZ%wND@?{bUbH$3S}up2d)F#f$4z$6pOvbx;s7* zP2!6LBuK%6@ID8de5zOyo()%o5S~a#r%Ea)2(qwX3nCzp%MDJx1W}l*2`NZtVgivv z6fOy`f=UTo91vCe$LAqxhX#xkDmlY}1P&*~D81DdjPtZa>`-9-dh{}lMfl9E7+q_7!T0;Fs z#&VW1lMDjMxJ04I5S-68Cmp3CYR2g8>;Wl@-l=G{kk<0KCS^*LeAc`@G%Z`UL-Q8K zf)LydFa(9lN^+nn1ZjagyfQ}nDQE7D>}h0+ksE~~rUV&Mq){tFoJ>t%t3CC$CNqrq(Fm;<4VB^MGDHmE2#XeQyUt$IEg16vX~SdWCFgiE%+9FuWC`B1CTvKFFB}0%#9*C5hb zoN*jr?mdB{Axnk=QX2lc(vDXS=qqMdw=@-%$BH4~cK7e0}hy_`(It{V`|nmjoTL RfoI;;{s%`a3HK=-002%`;Q{~v diff --git a/creusot/tests/should_succeed/checked_ops.mlcfg b/creusot/tests/should_succeed/checked_ops.mlcfg index d13910bb30..27dcf1f385 100644 --- a/creusot/tests/should_succeed/checked_ops.mlcfg +++ b/creusot/tests/should_succeed/checked_ops.mlcfg @@ -39,6 +39,7 @@ end module CreusotContracts_Resolve_Impl0_Resolve type t1 type t2 + use prelude.Bool clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve1 with type self = t2 clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve0 with @@ -72,14 +73,15 @@ module Core_Num_Impl6_Max (255 : uint8) end module Core_Num_Impl6_CheckedAdd_Interface + use prelude.Bool use prelude.UInt8 use prelude.Int clone Core_Num_Impl6_Max_Stub as Max0 clone Core_Num_Impl6_Min_Stub as Min0 use Core_Option_Option_Type as Core_Option_Option_Type val checked_add (self : uint8) (rhs : uint8) : Core_Option_Option_Type.t_option uint8 - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 124 20 125 89] (result = Core_Option_Option_Type.C_None) = (UInt8.to_int self + UInt8.to_int rhs < UInt8.to_int Min0.mIN' \/ UInt8.to_int self + UInt8.to_int rhs > UInt8.to_int Max0.mAX') } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 128 16 128 89] forall r : uint8 . result = Core_Option_Option_Type.C_Some r -> UInt8.to_int r = UInt8.to_int self + UInt8.to_int rhs } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 124 20 125 89] (result = Core_Option_Option_Type.C_None) = (Int.lt (Int.add (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') \/ Int.gt (Int.add (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX')) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 128 16 128 89] forall r : uint8 . result = Core_Option_Option_Type.C_Some r -> UInt8.to_int r = Int.add (UInt8.to_int self) (UInt8.to_int rhs) } end module CreusotContracts_Invariant_Inv_Stub @@ -103,6 +105,7 @@ module CreusotContracts_Invariant_Inv end module Core_Option_Impl0_Unwrap_Interface type t + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = t use Core_Option_Option_Type as Core_Option_Option_Type @@ -117,6 +120,7 @@ module Core_Option_Impl0_Unwrap_Interface end module Core_Option_Impl0_IsNone_Interface type t + use prelude.Bool use prelude.Borrow use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -143,25 +147,27 @@ module Core_Num_Impl6_WrappingAdd_Interface use prelude.UInt32 use int.Power use int.EuclideanDivision + use prelude.Bool clone Core_Num_Impl6_Max_Stub as Max0 clone Core_Num_Impl6_Min_Stub as Min0 clone Core_Num_Impl6_Bits_Stub as Bits0 val wrapping_add (self : uint8) (rhs : uint8) : uint8 - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 135 20 135 93] UInt8.to_int result = EuclideanDivision.mod (UInt8.to_int self + UInt8.to_int rhs) (Power.power 2 (UInt32.to_int Bits0.bITS')) + UInt8.to_int Min0.mIN' } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 138 16 141 18] UInt8.to_int self + UInt8.to_int rhs >= UInt8.to_int Min0.mIN' /\ UInt8.to_int self + UInt8.to_int rhs <= UInt8.to_int Max0.mAX' -> UInt8.to_int result = UInt8.to_int self + UInt8.to_int rhs } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 145 16 149 18] UInt8.to_int self + UInt8.to_int rhs < UInt8.to_int Min0.mIN' -> (exists k : int . k > 0 /\ UInt8.to_int result = UInt8.to_int self + UInt8.to_int rhs + k * (UInt8.to_int Max0.mAX' - UInt8.to_int Min0.mIN' + 1)) } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 150 16 154 18] UInt8.to_int self + UInt8.to_int rhs > UInt8.to_int Max0.mAX' -> (exists k : int . k > 0 /\ UInt8.to_int result = UInt8.to_int self + UInt8.to_int rhs - k * (UInt8.to_int Max0.mAX' - UInt8.to_int Min0.mIN' + 1)) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 135 20 135 93] UInt8.to_int result = Int.add (EuclideanDivision.mod (Int.add (UInt8.to_int self) (UInt8.to_int rhs)) (Power.power 2 (UInt32.to_int Bits0.bITS'))) (UInt8.to_int Min0.mIN') } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 138 16 141 18] Int.ge (Int.add (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') /\ Int.le (Int.add (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX') -> UInt8.to_int result = Int.add (UInt8.to_int self) (UInt8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 145 16 149 18] Int.lt (Int.add (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') -> (exists k : int . Int.gt k 0 /\ UInt8.to_int result = Int.add (Int.add (UInt8.to_int self) (UInt8.to_int rhs)) (Int.mul k (Int.add (Int.sub (UInt8.to_int Max0.mAX') (UInt8.to_int Min0.mIN')) 1))) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 150 16 154 18] Int.gt (Int.add (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX') -> (exists k : int . Int.gt k 0 /\ UInt8.to_int result = Int.sub (Int.add (UInt8.to_int self) (UInt8.to_int rhs)) (Int.mul k (Int.add (Int.sub (UInt8.to_int Max0.mAX') (UInt8.to_int Min0.mIN')) 1))) } end module Core_Num_Impl6_SaturatingAdd_Interface use prelude.UInt8 use prelude.Int + use prelude.Bool clone Core_Num_Impl6_Max_Stub as Max0 clone Core_Num_Impl6_Min_Stub as Min0 val saturating_add (self : uint8) (rhs : uint8) : uint8 - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 161 16 164 18] UInt8.to_int self + UInt8.to_int rhs >= UInt8.to_int Min0.mIN' /\ UInt8.to_int self + UInt8.to_int rhs <= UInt8.to_int Max0.mAX' -> UInt8.to_int result = UInt8.to_int self + UInt8.to_int rhs } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 166 16 166 85] UInt8.to_int self + UInt8.to_int rhs < UInt8.to_int Min0.mIN' -> UInt8.to_int result = UInt8.to_int Min0.mIN' } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 167 16 167 85] UInt8.to_int self + UInt8.to_int rhs > UInt8.to_int Max0.mAX' -> UInt8.to_int result = UInt8.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 161 16 164 18] Int.ge (Int.add (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') /\ Int.le (Int.add (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX') -> UInt8.to_int result = Int.add (UInt8.to_int self) (UInt8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 166 16 166 85] Int.lt (Int.add (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') -> UInt8.to_int result = UInt8.to_int Min0.mIN' } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 167 16 167 85] Int.gt (Int.add (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX') -> UInt8.to_int result = UInt8.to_int Max0.mAX' } end module Core_Num_Impl6_OverflowingAdd_Interface @@ -170,15 +176,16 @@ module Core_Num_Impl6_OverflowingAdd_Interface use prelude.UInt32 use int.Power use int.EuclideanDivision + use prelude.Bool clone Core_Num_Impl6_Max_Stub as Max0 clone Core_Num_Impl6_Min_Stub as Min0 clone Core_Num_Impl6_Bits_Stub as Bits0 val overflowing_add (self : uint8) (rhs : uint8) : (uint8, bool) - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 175 20 175 95] UInt8.to_int (let (a, _) = result in a) = EuclideanDivision.mod (UInt8.to_int self + UInt8.to_int rhs) (Power.power 2 (UInt32.to_int Bits0.bITS')) + UInt8.to_int Min0.mIN' } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 178 16 181 18] UInt8.to_int self + UInt8.to_int rhs >= UInt8.to_int Min0.mIN' /\ UInt8.to_int self + UInt8.to_int rhs <= UInt8.to_int Max0.mAX' -> UInt8.to_int (let (a, _) = result in a) = UInt8.to_int self + UInt8.to_int rhs } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 185 16 189 18] UInt8.to_int self + UInt8.to_int rhs < UInt8.to_int Min0.mIN' -> (exists k : int . k > 0 /\ UInt8.to_int (let (a, _) = result in a) = UInt8.to_int self + UInt8.to_int rhs + k * (UInt8.to_int Max0.mAX' - UInt8.to_int Min0.mIN' + 1)) } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 190 16 194 18] UInt8.to_int self + UInt8.to_int rhs > UInt8.to_int Max0.mAX' -> (exists k : int . k > 0 /\ UInt8.to_int (let (a, _) = result in a) = UInt8.to_int self + UInt8.to_int rhs - k * (UInt8.to_int Max0.mAX' - UInt8.to_int Min0.mIN' + 1)) } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 197 20 197 98] (let (_, a) = result in a) = (UInt8.to_int self + UInt8.to_int rhs < UInt8.to_int Min0.mIN' \/ UInt8.to_int self + UInt8.to_int rhs > UInt8.to_int Max0.mAX') } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 175 20 175 95] UInt8.to_int (let (a, _) = result in a) = Int.add (EuclideanDivision.mod (Int.add (UInt8.to_int self) (UInt8.to_int rhs)) (Power.power 2 (UInt32.to_int Bits0.bITS'))) (UInt8.to_int Min0.mIN') } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 178 16 181 18] Int.ge (Int.add (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') /\ Int.le (Int.add (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX') -> UInt8.to_int (let (a, _) = result in a) = Int.add (UInt8.to_int self) (UInt8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 185 16 189 18] Int.lt (Int.add (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') -> (exists k : int . Int.gt k 0 /\ UInt8.to_int (let (a, _) = result in a) = Int.add (Int.add (UInt8.to_int self) (UInt8.to_int rhs)) (Int.mul k (Int.add (Int.sub (UInt8.to_int Max0.mAX') (UInt8.to_int Min0.mIN')) 1))) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 190 16 194 18] Int.gt (Int.add (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX') -> (exists k : int . Int.gt k 0 /\ UInt8.to_int (let (a, _) = result in a) = Int.sub (Int.add (UInt8.to_int self) (UInt8.to_int rhs)) (Int.mul k (Int.add (Int.sub (UInt8.to_int Max0.mAX') (UInt8.to_int Min0.mIN')) 1))) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 197 20 197 98] (let (_, a) = result in a) = (Int.lt (Int.add (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') \/ Int.gt (Int.add (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX')) } end module TyInv_Trivial @@ -295,7 +302,7 @@ module CheckedOps_TestU8AddExample goto BB2 } BB2 { - switch ([#"../checked_ops.rs" 6 4 6 47] not ([#"../checked_ops.rs" 6 12 6 46] _4 = ([#"../checked_ops.rs" 6 44 6 46] [#"../checked_ops.rs" 6 44 6 46] (15 : uint8)))) + switch ([#"../checked_ops.rs" 6 4 6 47] not ([#"../checked_ops.rs" 6 12 6 46] UInt8.eq _4 ([#"../checked_ops.rs" 6 44 6 46] [#"../checked_ops.rs" 6 44 6 46] (15 : uint8)))) | False -> goto BB4 | True -> goto BB3 end @@ -325,7 +332,7 @@ module CheckedOps_TestU8AddExample goto BB9 } BB9 { - switch ([#"../checked_ops.rs" 9 4 9 39] not ([#"../checked_ops.rs" 9 12 9 38] _16 = ([#"../checked_ops.rs" 9 36 9 38] [#"../checked_ops.rs" 9 36 9 38] (15 : uint8)))) + switch ([#"../checked_ops.rs" 9 4 9 39] not ([#"../checked_ops.rs" 9 12 9 38] UInt8.eq _16 ([#"../checked_ops.rs" 9 36 9 38] [#"../checked_ops.rs" 9 36 9 38] (15 : uint8)))) | False -> goto BB11 | True -> goto BB10 end @@ -338,7 +345,7 @@ module CheckedOps_TestU8AddExample goto BB12 } BB12 { - switch ([#"../checked_ops.rs" 10 4 10 40] not ([#"../checked_ops.rs" 10 12 10 39] _21 = ([#"../checked_ops.rs" 10 38 10 39] [#"../checked_ops.rs" 10 38 10 39] (4 : uint8)))) + switch ([#"../checked_ops.rs" 10 4 10 40] not ([#"../checked_ops.rs" 10 12 10 39] UInt8.eq _21 ([#"../checked_ops.rs" 10 38 10 39] [#"../checked_ops.rs" 10 38 10 39] (4 : uint8)))) | False -> goto BB14 | True -> goto BB13 end @@ -351,7 +358,7 @@ module CheckedOps_TestU8AddExample goto BB15 } BB15 { - switch ([#"../checked_ops.rs" 12 4 12 41] not ([#"../checked_ops.rs" 12 12 12 40] _26 = ([#"../checked_ops.rs" 12 38 12 40] [#"../checked_ops.rs" 12 38 12 40] (15 : uint8)))) + switch ([#"../checked_ops.rs" 12 4 12 41] not ([#"../checked_ops.rs" 12 12 12 40] UInt8.eq _26 ([#"../checked_ops.rs" 12 38 12 40] [#"../checked_ops.rs" 12 38 12 40] (15 : uint8)))) | False -> goto BB17 | True -> goto BB16 end @@ -364,7 +371,7 @@ module CheckedOps_TestU8AddExample goto BB18 } BB18 { - switch ([#"../checked_ops.rs" 13 4 13 44] not ([#"../checked_ops.rs" 13 12 13 43] _31 = ([#"../checked_ops.rs" 13 40 13 43] [#"../checked_ops.rs" 13 40 13 43] (255 : uint8)))) + switch ([#"../checked_ops.rs" 13 4 13 44] not ([#"../checked_ops.rs" 13 12 13 43] UInt8.eq _31 ([#"../checked_ops.rs" 13 40 13 43] [#"../checked_ops.rs" 13 40 13 43] (255 : uint8)))) | False -> goto BB20 | True -> goto BB19 end @@ -377,7 +384,7 @@ module CheckedOps_TestU8AddExample goto BB21 } BB21 { - switch ([#"../checked_ops.rs" 16 12 16 23] (let (a, _) = res in a) = ([#"../checked_ops.rs" 16 21 16 23] [#"../checked_ops.rs" 16 21 16 23] (15 : uint8))) + switch ([#"../checked_ops.rs" 16 12 16 23] UInt8.eq (let (a, _) = res in a) ([#"../checked_ops.rs" 16 21 16 23] [#"../checked_ops.rs" 16 21 16 23] (15 : uint8))) | False -> goto BB22 | True -> goto BB23 end @@ -406,7 +413,7 @@ module CheckedOps_TestU8AddExample goto BB27 } BB27 { - switch ([#"../checked_ops.rs" 18 12 18 22] (let (a, _) = res1 in a) = ([#"../checked_ops.rs" 18 21 18 22] [#"../checked_ops.rs" 18 21 18 22] (4 : uint8))) + switch ([#"../checked_ops.rs" 18 12 18 22] UInt8.eq (let (a, _) = res1 in a) ([#"../checked_ops.rs" 18 21 18 22] [#"../checked_ops.rs" 18 21 18 22] (4 : uint8))) | False -> goto BB28 | True -> goto BB29 end @@ -521,7 +528,7 @@ module CheckedOps_TestU8AddOverflow goto BB5 } BB5 { - switch ([#"../checked_ops.rs" 25 4 25 43] not ([#"../checked_ops.rs" 25 12 25 42] _13 = ([#"../checked_ops.rs" 25 37 25 42] a - ([#"../checked_ops.rs" 25 41 25 42] [#"../checked_ops.rs" 25 41 25 42] (1 : uint8))))) + switch ([#"../checked_ops.rs" 25 4 25 43] not ([#"../checked_ops.rs" 25 12 25 42] UInt8.eq _13 ([#"../checked_ops.rs" 25 37 25 42] UInt8.sub a ([#"../checked_ops.rs" 25 41 25 42] [#"../checked_ops.rs" 25 41 25 42] (1 : uint8))))) | False -> goto BB7 | True -> goto BB6 end @@ -534,7 +541,7 @@ module CheckedOps_TestU8AddOverflow goto BB8 } BB8 { - switch ([#"../checked_ops.rs" 26 4 26 43] not ([#"../checked_ops.rs" 26 12 26 42] _21 = ([#"../checked_ops.rs" 26 39 26 42] [#"../checked_ops.rs" 26 39 26 42] (255 : uint8)))) + switch ([#"../checked_ops.rs" 26 4 26 43] not ([#"../checked_ops.rs" 26 12 26 42] UInt8.eq _21 ([#"../checked_ops.rs" 26 39 26 42] [#"../checked_ops.rs" 26 39 26 42] (255 : uint8)))) | False -> goto BB10 | True -> goto BB9 end @@ -547,7 +554,7 @@ module CheckedOps_TestU8AddOverflow goto BB11 } BB11 { - switch ([#"../checked_ops.rs" 28 12 28 26] (let (a, _) = res in a) = ([#"../checked_ops.rs" 28 21 28 26] a - ([#"../checked_ops.rs" 28 25 28 26] [#"../checked_ops.rs" 28 25 28 26] (1 : uint8)))) + switch ([#"../checked_ops.rs" 28 12 28 26] UInt8.eq (let (a, _) = res in a) ([#"../checked_ops.rs" 28 21 28 26] UInt8.sub a ([#"../checked_ops.rs" 28 25 28 26] [#"../checked_ops.rs" 28 25 28 26] (1 : uint8)))) | False -> goto BB12 | True -> goto BB13 end @@ -580,13 +587,15 @@ end module CheckedOps_TestU8WrappingAdd_Interface use prelude.UInt8 use prelude.Int + use prelude.Bool val test_u8_wrapping_add [#"../checked_ops.rs" 34 0 34 47] (a : uint8) (b : uint8) : uint8 - ensures { [#"../checked_ops.rs" 33 10 33 56] UInt8.to_int result = UInt8.to_int a + UInt8.to_int b \/ UInt8.to_int result = UInt8.to_int a + UInt8.to_int b - 256 } + ensures { [#"../checked_ops.rs" 33 10 33 56] UInt8.to_int result = Int.add (UInt8.to_int a) (UInt8.to_int b) \/ UInt8.to_int result = Int.sub (Int.add (UInt8.to_int a) (UInt8.to_int b)) 256 } end module CheckedOps_TestU8WrappingAdd use prelude.Int use prelude.UInt8 + use prelude.Bool clone Core_Num_Impl6_Max as Max0 clone Core_Num_Impl6_Min as Min0 clone Core_Num_Impl6_Bits as Bits0 @@ -595,7 +604,7 @@ module CheckedOps_TestU8WrappingAdd val Min0.mIN' = Min0.mIN', val Max0.mAX' = Max0.mAX' let rec cfg test_u8_wrapping_add [#"../checked_ops.rs" 34 0 34 47] [@cfg:stackify] [@cfg:subregion_analysis] (a : uint8) (b : uint8) : uint8 - ensures { [#"../checked_ops.rs" 33 10 33 56] UInt8.to_int result = UInt8.to_int a + UInt8.to_int b \/ UInt8.to_int result = UInt8.to_int a + UInt8.to_int b - 256 } + ensures { [#"../checked_ops.rs" 33 10 33 56] UInt8.to_int result = Int.add (UInt8.to_int a) (UInt8.to_int b) \/ UInt8.to_int result = Int.sub (Int.add (UInt8.to_int a) (UInt8.to_int b)) 256 } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : uint8; @@ -680,7 +689,7 @@ module CheckedOps_TestU8OverflowingAdd goto BB2 } BB2 { - switch ([#"../checked_ops.rs" 40 4 40 56] not ([#"../checked_ops.rs" 40 12 40 55] (let (a, _) = _7 in a) = _10)) + switch ([#"../checked_ops.rs" 40 4 40 56] not ([#"../checked_ops.rs" 40 12 40 55] UInt8.eq (let (a, _) = _7 in a) _10)) | False -> goto BB4 | True -> goto BB3 end @@ -717,14 +726,15 @@ module CheckedOps_TestU8OverflowingAdd end module Core_Num_Impl6_CheckedSub_Interface + use prelude.Bool use prelude.UInt8 use prelude.Int clone Core_Num_Impl6_Max_Stub as Max0 clone Core_Num_Impl6_Min_Stub as Min0 use Core_Option_Option_Type as Core_Option_Option_Type val checked_sub (self : uint8) (rhs : uint8) : Core_Option_Option_Type.t_option uint8 - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 124 20 125 89] (result = Core_Option_Option_Type.C_None) = (UInt8.to_int self - UInt8.to_int rhs < UInt8.to_int Min0.mIN' \/ UInt8.to_int self - UInt8.to_int rhs > UInt8.to_int Max0.mAX') } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 128 16 128 89] forall r : uint8 . result = Core_Option_Option_Type.C_Some r -> UInt8.to_int r = UInt8.to_int self - UInt8.to_int rhs } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 124 20 125 89] (result = Core_Option_Option_Type.C_None) = (Int.lt (Int.sub (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') \/ Int.gt (Int.sub (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX')) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 128 16 128 89] forall r : uint8 . result = Core_Option_Option_Type.C_Some r -> UInt8.to_int r = Int.sub (UInt8.to_int self) (UInt8.to_int rhs) } end module Core_Num_Impl6_WrappingSub_Interface @@ -733,25 +743,27 @@ module Core_Num_Impl6_WrappingSub_Interface use prelude.UInt32 use int.Power use int.EuclideanDivision + use prelude.Bool clone Core_Num_Impl6_Max_Stub as Max0 clone Core_Num_Impl6_Min_Stub as Min0 clone Core_Num_Impl6_Bits_Stub as Bits0 val wrapping_sub (self : uint8) (rhs : uint8) : uint8 - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 135 20 135 93] UInt8.to_int result = EuclideanDivision.mod (UInt8.to_int self - UInt8.to_int rhs) (Power.power 2 (UInt32.to_int Bits0.bITS')) + UInt8.to_int Min0.mIN' } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 138 16 141 18] UInt8.to_int self - UInt8.to_int rhs >= UInt8.to_int Min0.mIN' /\ UInt8.to_int self - UInt8.to_int rhs <= UInt8.to_int Max0.mAX' -> UInt8.to_int result = UInt8.to_int self - UInt8.to_int rhs } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 145 16 149 18] UInt8.to_int self - UInt8.to_int rhs < UInt8.to_int Min0.mIN' -> (exists k : int . k > 0 /\ UInt8.to_int result = UInt8.to_int self - UInt8.to_int rhs + k * (UInt8.to_int Max0.mAX' - UInt8.to_int Min0.mIN' + 1)) } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 150 16 154 18] UInt8.to_int self - UInt8.to_int rhs > UInt8.to_int Max0.mAX' -> (exists k : int . k > 0 /\ UInt8.to_int result = UInt8.to_int self - UInt8.to_int rhs - k * (UInt8.to_int Max0.mAX' - UInt8.to_int Min0.mIN' + 1)) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 135 20 135 93] UInt8.to_int result = Int.add (EuclideanDivision.mod (Int.sub (UInt8.to_int self) (UInt8.to_int rhs)) (Power.power 2 (UInt32.to_int Bits0.bITS'))) (UInt8.to_int Min0.mIN') } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 138 16 141 18] Int.ge (Int.sub (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') /\ Int.le (Int.sub (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX') -> UInt8.to_int result = Int.sub (UInt8.to_int self) (UInt8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 145 16 149 18] Int.lt (Int.sub (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') -> (exists k : int . Int.gt k 0 /\ UInt8.to_int result = Int.add (Int.sub (UInt8.to_int self) (UInt8.to_int rhs)) (Int.mul k (Int.add (Int.sub (UInt8.to_int Max0.mAX') (UInt8.to_int Min0.mIN')) 1))) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 150 16 154 18] Int.gt (Int.sub (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX') -> (exists k : int . Int.gt k 0 /\ UInt8.to_int result = Int.sub (Int.sub (UInt8.to_int self) (UInt8.to_int rhs)) (Int.mul k (Int.add (Int.sub (UInt8.to_int Max0.mAX') (UInt8.to_int Min0.mIN')) 1))) } end module Core_Num_Impl6_SaturatingSub_Interface use prelude.UInt8 use prelude.Int + use prelude.Bool clone Core_Num_Impl6_Max_Stub as Max0 clone Core_Num_Impl6_Min_Stub as Min0 val saturating_sub (self : uint8) (rhs : uint8) : uint8 - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 161 16 164 18] UInt8.to_int self - UInt8.to_int rhs >= UInt8.to_int Min0.mIN' /\ UInt8.to_int self - UInt8.to_int rhs <= UInt8.to_int Max0.mAX' -> UInt8.to_int result = UInt8.to_int self - UInt8.to_int rhs } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 166 16 166 85] UInt8.to_int self - UInt8.to_int rhs < UInt8.to_int Min0.mIN' -> UInt8.to_int result = UInt8.to_int Min0.mIN' } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 167 16 167 85] UInt8.to_int self - UInt8.to_int rhs > UInt8.to_int Max0.mAX' -> UInt8.to_int result = UInt8.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 161 16 164 18] Int.ge (Int.sub (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') /\ Int.le (Int.sub (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX') -> UInt8.to_int result = Int.sub (UInt8.to_int self) (UInt8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 166 16 166 85] Int.lt (Int.sub (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') -> UInt8.to_int result = UInt8.to_int Min0.mIN' } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 167 16 167 85] Int.gt (Int.sub (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX') -> UInt8.to_int result = UInt8.to_int Max0.mAX' } end module Core_Num_Impl6_OverflowingSub_Interface @@ -760,15 +772,16 @@ module Core_Num_Impl6_OverflowingSub_Interface use prelude.UInt32 use int.Power use int.EuclideanDivision + use prelude.Bool clone Core_Num_Impl6_Max_Stub as Max0 clone Core_Num_Impl6_Min_Stub as Min0 clone Core_Num_Impl6_Bits_Stub as Bits0 val overflowing_sub (self : uint8) (rhs : uint8) : (uint8, bool) - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 175 20 175 95] UInt8.to_int (let (a, _) = result in a) = EuclideanDivision.mod (UInt8.to_int self - UInt8.to_int rhs) (Power.power 2 (UInt32.to_int Bits0.bITS')) + UInt8.to_int Min0.mIN' } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 178 16 181 18] UInt8.to_int self - UInt8.to_int rhs >= UInt8.to_int Min0.mIN' /\ UInt8.to_int self - UInt8.to_int rhs <= UInt8.to_int Max0.mAX' -> UInt8.to_int (let (a, _) = result in a) = UInt8.to_int self - UInt8.to_int rhs } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 185 16 189 18] UInt8.to_int self - UInt8.to_int rhs < UInt8.to_int Min0.mIN' -> (exists k : int . k > 0 /\ UInt8.to_int (let (a, _) = result in a) = UInt8.to_int self - UInt8.to_int rhs + k * (UInt8.to_int Max0.mAX' - UInt8.to_int Min0.mIN' + 1)) } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 190 16 194 18] UInt8.to_int self - UInt8.to_int rhs > UInt8.to_int Max0.mAX' -> (exists k : int . k > 0 /\ UInt8.to_int (let (a, _) = result in a) = UInt8.to_int self - UInt8.to_int rhs - k * (UInt8.to_int Max0.mAX' - UInt8.to_int Min0.mIN' + 1)) } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 197 20 197 98] (let (_, a) = result in a) = (UInt8.to_int self - UInt8.to_int rhs < UInt8.to_int Min0.mIN' \/ UInt8.to_int self - UInt8.to_int rhs > UInt8.to_int Max0.mAX') } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 175 20 175 95] UInt8.to_int (let (a, _) = result in a) = Int.add (EuclideanDivision.mod (Int.sub (UInt8.to_int self) (UInt8.to_int rhs)) (Power.power 2 (UInt32.to_int Bits0.bITS'))) (UInt8.to_int Min0.mIN') } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 178 16 181 18] Int.ge (Int.sub (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') /\ Int.le (Int.sub (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX') -> UInt8.to_int (let (a, _) = result in a) = Int.sub (UInt8.to_int self) (UInt8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 185 16 189 18] Int.lt (Int.sub (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') -> (exists k : int . Int.gt k 0 /\ UInt8.to_int (let (a, _) = result in a) = Int.add (Int.sub (UInt8.to_int self) (UInt8.to_int rhs)) (Int.mul k (Int.add (Int.sub (UInt8.to_int Max0.mAX') (UInt8.to_int Min0.mIN')) 1))) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 190 16 194 18] Int.gt (Int.sub (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX') -> (exists k : int . Int.gt k 0 /\ UInt8.to_int (let (a, _) = result in a) = Int.sub (Int.sub (UInt8.to_int self) (UInt8.to_int rhs)) (Int.mul k (Int.add (Int.sub (UInt8.to_int Max0.mAX') (UInt8.to_int Min0.mIN')) 1))) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 197 20 197 98] (let (_, a) = result in a) = (Int.lt (Int.sub (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') \/ Int.gt (Int.sub (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX')) } end module CheckedOps_TestU8SubExample_Interface @@ -877,7 +890,7 @@ module CheckedOps_TestU8SubExample goto BB6 } BB6 { - switch ([#"../checked_ops.rs" 47 4 47 50] not ([#"../checked_ops.rs" 47 12 47 49] _10 = ([#"../checked_ops.rs" 47 46 47 49] [#"../checked_ops.rs" 47 46 47 49] (240 : uint8)))) + switch ([#"../checked_ops.rs" 47 4 47 50] not ([#"../checked_ops.rs" 47 12 47 49] UInt8.eq _10 ([#"../checked_ops.rs" 47 46 47 49] [#"../checked_ops.rs" 47 46 47 49] (240 : uint8)))) | False -> goto BB8 | True -> goto BB7 end @@ -890,7 +903,7 @@ module CheckedOps_TestU8SubExample goto BB9 } BB9 { - switch ([#"../checked_ops.rs" 49 4 49 40] not ([#"../checked_ops.rs" 49 12 49 39] _16 = ([#"../checked_ops.rs" 49 36 49 39] [#"../checked_ops.rs" 49 36 49 39] (251 : uint8)))) + switch ([#"../checked_ops.rs" 49 4 49 40] not ([#"../checked_ops.rs" 49 12 49 39] UInt8.eq _16 ([#"../checked_ops.rs" 49 36 49 39] [#"../checked_ops.rs" 49 36 49 39] (251 : uint8)))) | False -> goto BB11 | True -> goto BB10 end @@ -903,7 +916,7 @@ module CheckedOps_TestU8SubExample goto BB12 } BB12 { - switch ([#"../checked_ops.rs" 50 4 50 42] not ([#"../checked_ops.rs" 50 12 50 41] _21 = ([#"../checked_ops.rs" 50 38 50 41] [#"../checked_ops.rs" 50 38 50 41] (240 : uint8)))) + switch ([#"../checked_ops.rs" 50 4 50 42] not ([#"../checked_ops.rs" 50 12 50 41] UInt8.eq _21 ([#"../checked_ops.rs" 50 38 50 41] [#"../checked_ops.rs" 50 38 50 41] (240 : uint8)))) | False -> goto BB14 | True -> goto BB13 end @@ -916,7 +929,7 @@ module CheckedOps_TestU8SubExample goto BB15 } BB15 { - switch ([#"../checked_ops.rs" 52 4 52 40] not ([#"../checked_ops.rs" 52 12 52 39] _26 = ([#"../checked_ops.rs" 52 38 52 39] [#"../checked_ops.rs" 52 38 52 39] (0 : uint8)))) + switch ([#"../checked_ops.rs" 52 4 52 40] not ([#"../checked_ops.rs" 52 12 52 39] UInt8.eq _26 ([#"../checked_ops.rs" 52 38 52 39] [#"../checked_ops.rs" 52 38 52 39] (0 : uint8)))) | False -> goto BB17 | True -> goto BB16 end @@ -929,7 +942,7 @@ module CheckedOps_TestU8SubExample goto BB18 } BB18 { - switch ([#"../checked_ops.rs" 53 4 53 44] not ([#"../checked_ops.rs" 53 12 53 43] _31 = ([#"../checked_ops.rs" 53 40 53 43] [#"../checked_ops.rs" 53 40 53 43] (240 : uint8)))) + switch ([#"../checked_ops.rs" 53 4 53 44] not ([#"../checked_ops.rs" 53 12 53 43] UInt8.eq _31 ([#"../checked_ops.rs" 53 40 53 43] [#"../checked_ops.rs" 53 40 53 43] (240 : uint8)))) | False -> goto BB20 | True -> goto BB19 end @@ -942,7 +955,7 @@ module CheckedOps_TestU8SubExample goto BB21 } BB21 { - switch ([#"../checked_ops.rs" 56 12 56 24] (let (a, _) = res in a) = ([#"../checked_ops.rs" 56 21 56 24] [#"../checked_ops.rs" 56 21 56 24] (251 : uint8))) + switch ([#"../checked_ops.rs" 56 12 56 24] UInt8.eq (let (a, _) = res in a) ([#"../checked_ops.rs" 56 21 56 24] [#"../checked_ops.rs" 56 21 56 24] (251 : uint8))) | False -> goto BB22 | True -> goto BB23 end @@ -971,7 +984,7 @@ module CheckedOps_TestU8SubExample goto BB27 } BB27 { - switch ([#"../checked_ops.rs" 58 12 58 24] (let (a, _) = res1 in a) = ([#"../checked_ops.rs" 58 21 58 24] [#"../checked_ops.rs" 58 21 58 24] (240 : uint8))) + switch ([#"../checked_ops.rs" 58 12 58 24] UInt8.eq (let (a, _) = res1 in a) ([#"../checked_ops.rs" 58 21 58 24] [#"../checked_ops.rs" 58 21 58 24] (240 : uint8))) | False -> goto BB28 | True -> goto BB29 end @@ -1086,7 +1099,7 @@ module CheckedOps_TestU8SubOverflow goto BB5 } BB5 { - switch ([#"../checked_ops.rs" 65 4 65 47] not ([#"../checked_ops.rs" 65 12 65 46] _13 = ([#"../checked_ops.rs" 65 35 65 46] ([#"../checked_ops.rs" 65 35 65 42] ([#"../checked_ops.rs" 65 35 65 38] [#"../checked_ops.rs" 65 35 65 38] (255 : uint8)) - a) + ([#"../checked_ops.rs" 65 45 65 46] [#"../checked_ops.rs" 65 45 65 46] (1 : uint8))))) + switch ([#"../checked_ops.rs" 65 4 65 47] not ([#"../checked_ops.rs" 65 12 65 46] UInt8.eq _13 ([#"../checked_ops.rs" 65 35 65 46] UInt8.add ([#"../checked_ops.rs" 65 35 65 42] UInt8.sub ([#"../checked_ops.rs" 65 35 65 38] [#"../checked_ops.rs" 65 35 65 38] (255 : uint8)) a) ([#"../checked_ops.rs" 65 45 65 46] [#"../checked_ops.rs" 65 45 65 46] (1 : uint8))))) | False -> goto BB7 | True -> goto BB6 end @@ -1099,7 +1112,7 @@ module CheckedOps_TestU8SubOverflow goto BB8 } BB8 { - switch ([#"../checked_ops.rs" 66 4 66 39] not ([#"../checked_ops.rs" 66 12 66 38] _22 = ([#"../checked_ops.rs" 66 37 66 38] [#"../checked_ops.rs" 66 37 66 38] (0 : uint8)))) + switch ([#"../checked_ops.rs" 66 4 66 39] not ([#"../checked_ops.rs" 66 12 66 38] UInt8.eq _22 ([#"../checked_ops.rs" 66 37 66 38] [#"../checked_ops.rs" 66 37 66 38] (0 : uint8)))) | False -> goto BB10 | True -> goto BB9 end @@ -1112,7 +1125,7 @@ module CheckedOps_TestU8SubOverflow goto BB11 } BB11 { - switch ([#"../checked_ops.rs" 68 12 68 32] (let (a, _) = res in a) = ([#"../checked_ops.rs" 68 21 68 32] ([#"../checked_ops.rs" 68 21 68 28] ([#"../checked_ops.rs" 68 21 68 24] [#"../checked_ops.rs" 68 21 68 24] (255 : uint8)) - a) + ([#"../checked_ops.rs" 68 31 68 32] [#"../checked_ops.rs" 68 31 68 32] (1 : uint8)))) + switch ([#"../checked_ops.rs" 68 12 68 32] UInt8.eq (let (a, _) = res in a) ([#"../checked_ops.rs" 68 21 68 32] UInt8.add ([#"../checked_ops.rs" 68 21 68 28] UInt8.sub ([#"../checked_ops.rs" 68 21 68 24] [#"../checked_ops.rs" 68 21 68 24] (255 : uint8)) a) ([#"../checked_ops.rs" 68 31 68 32] [#"../checked_ops.rs" 68 31 68 32] (1 : uint8)))) | False -> goto BB12 | True -> goto BB13 end @@ -1145,13 +1158,15 @@ end module CheckedOps_TestU8WrappingSub_Interface use prelude.UInt8 use prelude.Int + use prelude.Bool val test_u8_wrapping_sub [#"../checked_ops.rs" 74 0 74 47] (a : uint8) (b : uint8) : uint8 - ensures { [#"../checked_ops.rs" 73 10 73 56] UInt8.to_int result = UInt8.to_int a - UInt8.to_int b \/ UInt8.to_int result = UInt8.to_int a - UInt8.to_int b + 256 } + ensures { [#"../checked_ops.rs" 73 10 73 56] UInt8.to_int result = Int.sub (UInt8.to_int a) (UInt8.to_int b) \/ UInt8.to_int result = Int.add (Int.sub (UInt8.to_int a) (UInt8.to_int b)) 256 } end module CheckedOps_TestU8WrappingSub use prelude.Int use prelude.UInt8 + use prelude.Bool clone Core_Num_Impl6_Max as Max0 clone Core_Num_Impl6_Min as Min0 clone Core_Num_Impl6_Bits as Bits0 @@ -1160,7 +1175,7 @@ module CheckedOps_TestU8WrappingSub val Min0.mIN' = Min0.mIN', val Max0.mAX' = Max0.mAX' let rec cfg test_u8_wrapping_sub [#"../checked_ops.rs" 74 0 74 47] [@cfg:stackify] [@cfg:subregion_analysis] (a : uint8) (b : uint8) : uint8 - ensures { [#"../checked_ops.rs" 73 10 73 56] UInt8.to_int result = UInt8.to_int a - UInt8.to_int b \/ UInt8.to_int result = UInt8.to_int a - UInt8.to_int b + 256 } + ensures { [#"../checked_ops.rs" 73 10 73 56] UInt8.to_int result = Int.sub (UInt8.to_int a) (UInt8.to_int b) \/ UInt8.to_int result = Int.add (Int.sub (UInt8.to_int a) (UInt8.to_int b)) 256 } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : uint8; @@ -1245,7 +1260,7 @@ module CheckedOps_TestU8OverflowingSub goto BB2 } BB2 { - switch ([#"../checked_ops.rs" 80 4 80 56] not ([#"../checked_ops.rs" 80 12 80 55] (let (a, _) = _7 in a) = _10)) + switch ([#"../checked_ops.rs" 80 4 80 56] not ([#"../checked_ops.rs" 80 12 80 55] UInt8.eq (let (a, _) = _7 in a) _10)) | False -> goto BB4 | True -> goto BB3 end @@ -1282,14 +1297,15 @@ module CheckedOps_TestU8OverflowingSub end module Core_Num_Impl6_CheckedMul_Interface + use prelude.Bool use prelude.UInt8 use prelude.Int clone Core_Num_Impl6_Max_Stub as Max0 clone Core_Num_Impl6_Min_Stub as Min0 use Core_Option_Option_Type as Core_Option_Option_Type val checked_mul (self : uint8) (rhs : uint8) : Core_Option_Option_Type.t_option uint8 - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 124 20 125 89] (result = Core_Option_Option_Type.C_None) = (UInt8.to_int self * UInt8.to_int rhs < UInt8.to_int Min0.mIN' \/ UInt8.to_int self * UInt8.to_int rhs > UInt8.to_int Max0.mAX') } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 128 16 128 89] forall r : uint8 . result = Core_Option_Option_Type.C_Some r -> UInt8.to_int r = UInt8.to_int self * UInt8.to_int rhs } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 124 20 125 89] (result = Core_Option_Option_Type.C_None) = (Int.lt (Int.mul (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') \/ Int.gt (Int.mul (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX')) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 128 16 128 89] forall r : uint8 . result = Core_Option_Option_Type.C_Some r -> UInt8.to_int r = Int.mul (UInt8.to_int self) (UInt8.to_int rhs) } end module Core_Num_Impl6_WrappingMul_Interface @@ -1298,25 +1314,27 @@ module Core_Num_Impl6_WrappingMul_Interface use prelude.UInt32 use int.Power use int.EuclideanDivision + use prelude.Bool clone Core_Num_Impl6_Max_Stub as Max0 clone Core_Num_Impl6_Min_Stub as Min0 clone Core_Num_Impl6_Bits_Stub as Bits0 val wrapping_mul (self : uint8) (rhs : uint8) : uint8 - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 135 20 135 93] UInt8.to_int result = EuclideanDivision.mod (UInt8.to_int self * UInt8.to_int rhs) (Power.power 2 (UInt32.to_int Bits0.bITS')) + UInt8.to_int Min0.mIN' } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 138 16 141 18] UInt8.to_int self * UInt8.to_int rhs >= UInt8.to_int Min0.mIN' /\ UInt8.to_int self * UInt8.to_int rhs <= UInt8.to_int Max0.mAX' -> UInt8.to_int result = UInt8.to_int self * UInt8.to_int rhs } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 145 16 149 18] UInt8.to_int self * UInt8.to_int rhs < UInt8.to_int Min0.mIN' -> (exists k : int . k > 0 /\ UInt8.to_int result = UInt8.to_int self * UInt8.to_int rhs + k * (UInt8.to_int Max0.mAX' - UInt8.to_int Min0.mIN' + 1)) } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 150 16 154 18] UInt8.to_int self * UInt8.to_int rhs > UInt8.to_int Max0.mAX' -> (exists k : int . k > 0 /\ UInt8.to_int result = UInt8.to_int self * UInt8.to_int rhs - k * (UInt8.to_int Max0.mAX' - UInt8.to_int Min0.mIN' + 1)) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 135 20 135 93] UInt8.to_int result = Int.add (EuclideanDivision.mod (Int.mul (UInt8.to_int self) (UInt8.to_int rhs)) (Power.power 2 (UInt32.to_int Bits0.bITS'))) (UInt8.to_int Min0.mIN') } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 138 16 141 18] Int.ge (Int.mul (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') /\ Int.le (Int.mul (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX') -> UInt8.to_int result = Int.mul (UInt8.to_int self) (UInt8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 145 16 149 18] Int.lt (Int.mul (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') -> (exists k : int . Int.gt k 0 /\ UInt8.to_int result = Int.add (Int.mul (UInt8.to_int self) (UInt8.to_int rhs)) (Int.mul k (Int.add (Int.sub (UInt8.to_int Max0.mAX') (UInt8.to_int Min0.mIN')) 1))) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 150 16 154 18] Int.gt (Int.mul (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX') -> (exists k : int . Int.gt k 0 /\ UInt8.to_int result = Int.sub (Int.mul (UInt8.to_int self) (UInt8.to_int rhs)) (Int.mul k (Int.add (Int.sub (UInt8.to_int Max0.mAX') (UInt8.to_int Min0.mIN')) 1))) } end module Core_Num_Impl6_SaturatingMul_Interface use prelude.UInt8 use prelude.Int + use prelude.Bool clone Core_Num_Impl6_Max_Stub as Max0 clone Core_Num_Impl6_Min_Stub as Min0 val saturating_mul (self : uint8) (rhs : uint8) : uint8 - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 161 16 164 18] UInt8.to_int self * UInt8.to_int rhs >= UInt8.to_int Min0.mIN' /\ UInt8.to_int self * UInt8.to_int rhs <= UInt8.to_int Max0.mAX' -> UInt8.to_int result = UInt8.to_int self * UInt8.to_int rhs } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 166 16 166 85] UInt8.to_int self * UInt8.to_int rhs < UInt8.to_int Min0.mIN' -> UInt8.to_int result = UInt8.to_int Min0.mIN' } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 167 16 167 85] UInt8.to_int self * UInt8.to_int rhs > UInt8.to_int Max0.mAX' -> UInt8.to_int result = UInt8.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 161 16 164 18] Int.ge (Int.mul (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') /\ Int.le (Int.mul (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX') -> UInt8.to_int result = Int.mul (UInt8.to_int self) (UInt8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 166 16 166 85] Int.lt (Int.mul (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') -> UInt8.to_int result = UInt8.to_int Min0.mIN' } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 167 16 167 85] Int.gt (Int.mul (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX') -> UInt8.to_int result = UInt8.to_int Max0.mAX' } end module Core_Num_Impl6_OverflowingMul_Interface @@ -1325,15 +1343,16 @@ module Core_Num_Impl6_OverflowingMul_Interface use prelude.UInt32 use int.Power use int.EuclideanDivision + use prelude.Bool clone Core_Num_Impl6_Max_Stub as Max0 clone Core_Num_Impl6_Min_Stub as Min0 clone Core_Num_Impl6_Bits_Stub as Bits0 val overflowing_mul (self : uint8) (rhs : uint8) : (uint8, bool) - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 175 20 175 95] UInt8.to_int (let (a, _) = result in a) = EuclideanDivision.mod (UInt8.to_int self * UInt8.to_int rhs) (Power.power 2 (UInt32.to_int Bits0.bITS')) + UInt8.to_int Min0.mIN' } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 178 16 181 18] UInt8.to_int self * UInt8.to_int rhs >= UInt8.to_int Min0.mIN' /\ UInt8.to_int self * UInt8.to_int rhs <= UInt8.to_int Max0.mAX' -> UInt8.to_int (let (a, _) = result in a) = UInt8.to_int self * UInt8.to_int rhs } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 185 16 189 18] UInt8.to_int self * UInt8.to_int rhs < UInt8.to_int Min0.mIN' -> (exists k : int . k > 0 /\ UInt8.to_int (let (a, _) = result in a) = UInt8.to_int self * UInt8.to_int rhs + k * (UInt8.to_int Max0.mAX' - UInt8.to_int Min0.mIN' + 1)) } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 190 16 194 18] UInt8.to_int self * UInt8.to_int rhs > UInt8.to_int Max0.mAX' -> (exists k : int . k > 0 /\ UInt8.to_int (let (a, _) = result in a) = UInt8.to_int self * UInt8.to_int rhs - k * (UInt8.to_int Max0.mAX' - UInt8.to_int Min0.mIN' + 1)) } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 197 20 197 98] (let (_, a) = result in a) = (UInt8.to_int self * UInt8.to_int rhs < UInt8.to_int Min0.mIN' \/ UInt8.to_int self * UInt8.to_int rhs > UInt8.to_int Max0.mAX') } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 175 20 175 95] UInt8.to_int (let (a, _) = result in a) = Int.add (EuclideanDivision.mod (Int.mul (UInt8.to_int self) (UInt8.to_int rhs)) (Power.power 2 (UInt32.to_int Bits0.bITS'))) (UInt8.to_int Min0.mIN') } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 178 16 181 18] Int.ge (Int.mul (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') /\ Int.le (Int.mul (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX') -> UInt8.to_int (let (a, _) = result in a) = Int.mul (UInt8.to_int self) (UInt8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 185 16 189 18] Int.lt (Int.mul (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') -> (exists k : int . Int.gt k 0 /\ UInt8.to_int (let (a, _) = result in a) = Int.add (Int.mul (UInt8.to_int self) (UInt8.to_int rhs)) (Int.mul k (Int.add (Int.sub (UInt8.to_int Max0.mAX') (UInt8.to_int Min0.mIN')) 1))) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 190 16 194 18] Int.gt (Int.mul (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX') -> (exists k : int . Int.gt k 0 /\ UInt8.to_int (let (a, _) = result in a) = Int.sub (Int.mul (UInt8.to_int self) (UInt8.to_int rhs)) (Int.mul k (Int.add (Int.sub (UInt8.to_int Max0.mAX') (UInt8.to_int Min0.mIN')) 1))) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 197 20 197 98] (let (_, a) = result in a) = (Int.lt (Int.mul (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Min0.mIN') \/ Int.gt (Int.mul (UInt8.to_int self) (UInt8.to_int rhs)) (UInt8.to_int Max0.mAX')) } end module CheckedOps_TestU8MulExample_Interface @@ -1425,7 +1444,7 @@ module CheckedOps_TestU8MulExample goto BB2 } BB2 { - switch ([#"../checked_ops.rs" 86 4 86 47] not ([#"../checked_ops.rs" 86 12 86 46] _4 = ([#"../checked_ops.rs" 86 44 86 46] [#"../checked_ops.rs" 86 44 86 46] (50 : uint8)))) + switch ([#"../checked_ops.rs" 86 4 86 47] not ([#"../checked_ops.rs" 86 12 86 46] UInt8.eq _4 ([#"../checked_ops.rs" 86 44 86 46] [#"../checked_ops.rs" 86 44 86 46] (50 : uint8)))) | False -> goto BB4 | True -> goto BB3 end @@ -1455,7 +1474,7 @@ module CheckedOps_TestU8MulExample goto BB9 } BB9 { - switch ([#"../checked_ops.rs" 89 4 89 39] not ([#"../checked_ops.rs" 89 12 89 38] _16 = ([#"../checked_ops.rs" 89 36 89 38] [#"../checked_ops.rs" 89 36 89 38] (50 : uint8)))) + switch ([#"../checked_ops.rs" 89 4 89 39] not ([#"../checked_ops.rs" 89 12 89 38] UInt8.eq _16 ([#"../checked_ops.rs" 89 36 89 38] [#"../checked_ops.rs" 89 36 89 38] (50 : uint8)))) | False -> goto BB11 | True -> goto BB10 end @@ -1468,7 +1487,7 @@ module CheckedOps_TestU8MulExample goto BB12 } BB12 { - switch ([#"../checked_ops.rs" 90 4 90 41] not ([#"../checked_ops.rs" 90 12 90 40] _21 = ([#"../checked_ops.rs" 90 37 90 40] [#"../checked_ops.rs" 90 37 90 40] (244 : uint8)))) + switch ([#"../checked_ops.rs" 90 4 90 41] not ([#"../checked_ops.rs" 90 12 90 40] UInt8.eq _21 ([#"../checked_ops.rs" 90 37 90 40] [#"../checked_ops.rs" 90 37 90 40] (244 : uint8)))) | False -> goto BB14 | True -> goto BB13 end @@ -1481,7 +1500,7 @@ module CheckedOps_TestU8MulExample goto BB15 } BB15 { - switch ([#"../checked_ops.rs" 92 4 92 41] not ([#"../checked_ops.rs" 92 12 92 40] _26 = ([#"../checked_ops.rs" 92 38 92 40] [#"../checked_ops.rs" 92 38 92 40] (50 : uint8)))) + switch ([#"../checked_ops.rs" 92 4 92 41] not ([#"../checked_ops.rs" 92 12 92 40] UInt8.eq _26 ([#"../checked_ops.rs" 92 38 92 40] [#"../checked_ops.rs" 92 38 92 40] (50 : uint8)))) | False -> goto BB17 | True -> goto BB16 end @@ -1494,7 +1513,7 @@ module CheckedOps_TestU8MulExample goto BB18 } BB18 { - switch ([#"../checked_ops.rs" 93 4 93 43] not ([#"../checked_ops.rs" 93 12 93 42] _31 = ([#"../checked_ops.rs" 93 39 93 42] [#"../checked_ops.rs" 93 39 93 42] (255 : uint8)))) + switch ([#"../checked_ops.rs" 93 4 93 43] not ([#"../checked_ops.rs" 93 12 93 42] UInt8.eq _31 ([#"../checked_ops.rs" 93 39 93 42] [#"../checked_ops.rs" 93 39 93 42] (255 : uint8)))) | False -> goto BB20 | True -> goto BB19 end @@ -1507,7 +1526,7 @@ module CheckedOps_TestU8MulExample goto BB21 } BB21 { - switch ([#"../checked_ops.rs" 96 12 96 23] (let (a, _) = res in a) = ([#"../checked_ops.rs" 96 21 96 23] [#"../checked_ops.rs" 96 21 96 23] (50 : uint8))) + switch ([#"../checked_ops.rs" 96 12 96 23] UInt8.eq (let (a, _) = res in a) ([#"../checked_ops.rs" 96 21 96 23] [#"../checked_ops.rs" 96 21 96 23] (50 : uint8))) | False -> goto BB22 | True -> goto BB23 end @@ -1536,7 +1555,7 @@ module CheckedOps_TestU8MulExample goto BB27 } BB27 { - switch ([#"../checked_ops.rs" 98 12 98 24] (let (a, _) = res1 in a) = ([#"../checked_ops.rs" 98 21 98 24] [#"../checked_ops.rs" 98 21 98 24] (244 : uint8))) + switch ([#"../checked_ops.rs" 98 12 98 24] UInt8.eq (let (a, _) = res1 in a) ([#"../checked_ops.rs" 98 21 98 24] [#"../checked_ops.rs" 98 21 98 24] (244 : uint8))) | False -> goto BB28 | True -> goto BB29 end @@ -1642,7 +1661,7 @@ module CheckedOps_TestU8MulZero goto BB2 } BB2 { - switch ([#"../checked_ops.rs" 103 4 103 45] not ([#"../checked_ops.rs" 103 12 103 44] _5 = ([#"../checked_ops.rs" 103 43 103 44] [#"../checked_ops.rs" 103 43 103 44] (0 : uint8)))) + switch ([#"../checked_ops.rs" 103 4 103 45] not ([#"../checked_ops.rs" 103 12 103 44] UInt8.eq _5 ([#"../checked_ops.rs" 103 43 103 44] [#"../checked_ops.rs" 103 43 103 44] (0 : uint8)))) | False -> goto BB4 | True -> goto BB3 end @@ -1655,7 +1674,7 @@ module CheckedOps_TestU8MulZero goto BB5 } BB5 { - switch ([#"../checked_ops.rs" 104 4 104 37] not ([#"../checked_ops.rs" 104 12 104 36] _12 = ([#"../checked_ops.rs" 104 35 104 36] [#"../checked_ops.rs" 104 35 104 36] (0 : uint8)))) + switch ([#"../checked_ops.rs" 104 4 104 37] not ([#"../checked_ops.rs" 104 12 104 36] UInt8.eq _12 ([#"../checked_ops.rs" 104 35 104 36] [#"../checked_ops.rs" 104 35 104 36] (0 : uint8)))) | False -> goto BB7 | True -> goto BB6 end @@ -1668,7 +1687,7 @@ module CheckedOps_TestU8MulZero goto BB8 } BB8 { - switch ([#"../checked_ops.rs" 105 4 105 39] not ([#"../checked_ops.rs" 105 12 105 38] _18 = ([#"../checked_ops.rs" 105 37 105 38] [#"../checked_ops.rs" 105 37 105 38] (0 : uint8)))) + switch ([#"../checked_ops.rs" 105 4 105 39] not ([#"../checked_ops.rs" 105 12 105 38] UInt8.eq _18 ([#"../checked_ops.rs" 105 37 105 38] [#"../checked_ops.rs" 105 37 105 38] (0 : uint8)))) | False -> goto BB10 | True -> goto BB9 end @@ -1681,7 +1700,7 @@ module CheckedOps_TestU8MulZero goto BB11 } BB11 { - switch ([#"../checked_ops.rs" 107 12 107 22] (let (a, _) = res in a) = ([#"../checked_ops.rs" 107 21 107 22] [#"../checked_ops.rs" 107 21 107 22] (0 : uint8))) + switch ([#"../checked_ops.rs" 107 12 107 22] UInt8.eq (let (a, _) = res in a) ([#"../checked_ops.rs" 107 21 107 22] [#"../checked_ops.rs" 107 21 107 22] (0 : uint8))) | False -> goto BB12 | True -> goto BB13 end @@ -1778,7 +1797,7 @@ module CheckedOps_TestU8OverflowingMul goto BB2 } BB2 { - switch ([#"../checked_ops.rs" 112 4 112 56] not ([#"../checked_ops.rs" 112 12 112 55] (let (a, _) = _7 in a) = _10)) + switch ([#"../checked_ops.rs" 112 4 112 56] not ([#"../checked_ops.rs" 112 12 112 55] UInt8.eq (let (a, _) = _7 in a) _10)) | False -> goto BB4 | True -> goto BB3 end @@ -1815,43 +1834,47 @@ module CheckedOps_TestU8OverflowingMul end module Core_Num_Impl6_CheckedDiv_Interface + use prelude.Bool use prelude.UInt8 use prelude.Int clone Core_Num_Impl6_Min_Stub as Min0 use Core_Option_Option_Type as Core_Option_Option_Type val checked_div (self : uint8) (rhs : uint8) : Core_Option_Option_Type.t_option uint8 ensures { [#"../../../../creusot-contracts/src/std/num.rs" 66 26 66 97] (result = Core_Option_Option_Type.C_None) = (UInt8.to_int rhs = 0 \/ UInt8.to_int self = UInt8.to_int Min0.mIN' /\ UInt8.to_int rhs = - 1) } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 68 16 68 85] forall r : uint8 . result = Core_Option_Option_Type.C_Some r -> UInt8.to_int r = div (UInt8.to_int self) (UInt8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 68 16 68 85] forall r : uint8 . result = Core_Option_Option_Type.C_Some r -> UInt8.to_int r = Int.div (UInt8.to_int self) (UInt8.to_int rhs) } end module Core_Num_Impl6_WrappingDiv_Interface use prelude.UInt8 use prelude.Int + use prelude.Bool clone Core_Num_Impl6_Min_Stub as Min0 val wrapping_div (self : uint8) (rhs : uint8) : uint8 requires {[#"../../../../creusot-contracts/src/std/num.rs" 73 27 73 36] UInt8.to_int rhs <> 0} ensures { [#"../../../../creusot-contracts/src/std/num.rs" 75 16 75 85] UInt8.to_int self = UInt8.to_int Min0.mIN' /\ UInt8.to_int rhs = - 1 -> UInt8.to_int result = UInt8.to_int self } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 77 26 77 89] UInt8.to_int self = UInt8.to_int Min0.mIN' /\ UInt8.to_int rhs = - 1 \/ UInt8.to_int result = div (UInt8.to_int self) (UInt8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 77 26 77 89] UInt8.to_int self = UInt8.to_int Min0.mIN' /\ UInt8.to_int rhs = - 1 \/ UInt8.to_int result = Int.div (UInt8.to_int self) (UInt8.to_int rhs) } end module Core_Num_Impl6_SaturatingDiv_Interface use prelude.UInt8 use prelude.Int + use prelude.Bool clone Core_Num_Impl6_Min_Stub as Min0 val saturating_div (self : uint8) (rhs : uint8) : uint8 requires {[#"../../../../creusot-contracts/src/std/num.rs" 82 27 82 36] UInt8.to_int rhs <> 0} ensures { [#"../../../../creusot-contracts/src/std/num.rs" 84 16 84 91] UInt8.to_int self = UInt8.to_int Min0.mIN' /\ UInt8.to_int rhs = - 1 -> UInt8.to_int result = UInt8.to_int Min0.mIN' } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 86 26 86 89] UInt8.to_int self = UInt8.to_int Min0.mIN' /\ UInt8.to_int rhs = - 1 \/ UInt8.to_int result = div (UInt8.to_int self) (UInt8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 86 26 86 89] UInt8.to_int self = UInt8.to_int Min0.mIN' /\ UInt8.to_int rhs = - 1 \/ UInt8.to_int result = Int.div (UInt8.to_int self) (UInt8.to_int rhs) } end module Core_Num_Impl6_OverflowingDiv_Interface use prelude.UInt8 use prelude.Int + use prelude.Bool clone Core_Num_Impl6_Min_Stub as Min0 val overflowing_div (self : uint8) (rhs : uint8) : (uint8, bool) requires {[#"../../../../creusot-contracts/src/std/num.rs" 91 27 91 36] UInt8.to_int rhs <> 0} ensures { [#"../../../../creusot-contracts/src/std/num.rs" 93 16 93 87] UInt8.to_int self = UInt8.to_int Min0.mIN' /\ UInt8.to_int rhs = - 1 -> UInt8.to_int (let (a, _) = result in a) = UInt8.to_int self } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 95 26 95 91] UInt8.to_int self = UInt8.to_int Min0.mIN' /\ UInt8.to_int rhs = - 1 \/ UInt8.to_int (let (a, _) = result in a) = div (UInt8.to_int self) (UInt8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 95 26 95 91] UInt8.to_int self = UInt8.to_int Min0.mIN' /\ UInt8.to_int rhs = - 1 \/ UInt8.to_int (let (a, _) = result in a) = Int.div (UInt8.to_int self) (UInt8.to_int rhs) } ensures { [#"../../../../creusot-contracts/src/std/num.rs" 97 26 97 74] (let (_, a) = result in a) = (UInt8.to_int self = UInt8.to_int Min0.mIN' /\ UInt8.to_int rhs = - 1) } end @@ -1949,7 +1972,7 @@ module CheckedOps_TestU8DivExample goto BB6 } BB6 { - switch ([#"../checked_ops.rs" 119 4 119 45] not ([#"../checked_ops.rs" 119 12 119 44] _10 = ([#"../checked_ops.rs" 119 43 119 44] [#"../checked_ops.rs" 119 43 119 44] (2 : uint8)))) + switch ([#"../checked_ops.rs" 119 4 119 45] not ([#"../checked_ops.rs" 119 12 119 44] UInt8.eq _10 ([#"../checked_ops.rs" 119 43 119 44] [#"../checked_ops.rs" 119 43 119 44] (2 : uint8)))) | False -> goto BB8 | True -> goto BB7 end @@ -1962,7 +1985,7 @@ module CheckedOps_TestU8DivExample goto BB9 } BB9 { - switch ([#"../checked_ops.rs" 120 4 120 37] not ([#"../checked_ops.rs" 120 12 120 36] _16 = ([#"../checked_ops.rs" 120 35 120 36] [#"../checked_ops.rs" 120 35 120 36] (2 : uint8)))) + switch ([#"../checked_ops.rs" 120 4 120 37] not ([#"../checked_ops.rs" 120 12 120 36] UInt8.eq _16 ([#"../checked_ops.rs" 120 35 120 36] [#"../checked_ops.rs" 120 35 120 36] (2 : uint8)))) | False -> goto BB11 | True -> goto BB10 end @@ -1975,7 +1998,7 @@ module CheckedOps_TestU8DivExample goto BB12 } BB12 { - switch ([#"../checked_ops.rs" 121 4 121 39] not ([#"../checked_ops.rs" 121 12 121 38] _21 = ([#"../checked_ops.rs" 121 37 121 38] [#"../checked_ops.rs" 121 37 121 38] (2 : uint8)))) + switch ([#"../checked_ops.rs" 121 4 121 39] not ([#"../checked_ops.rs" 121 12 121 38] UInt8.eq _21 ([#"../checked_ops.rs" 121 37 121 38] [#"../checked_ops.rs" 121 37 121 38] (2 : uint8)))) | False -> goto BB14 | True -> goto BB13 end @@ -1988,7 +2011,7 @@ module CheckedOps_TestU8DivExample goto BB15 } BB15 { - switch ([#"../checked_ops.rs" 123 12 123 22] (let (a, _) = res in a) = ([#"../checked_ops.rs" 123 21 123 22] [#"../checked_ops.rs" 123 21 123 22] (2 : uint8))) + switch ([#"../checked_ops.rs" 123 12 123 22] UInt8.eq (let (a, _) = res in a) ([#"../checked_ops.rs" 123 21 123 22] [#"../checked_ops.rs" 123 21 123 22] (2 : uint8))) | False -> goto BB16 | True -> goto BB17 end @@ -2099,12 +2122,12 @@ module CheckedOps_TestU8DivNoOverflow } BB2 { _13 <- b; - _14 <- ([#"../checked_ops.rs" 129 41 129 46] _13 = ([#"../checked_ops.rs" 129 41 129 46] [#"../checked_ops.rs" 129 41 129 46] (0 : uint8))); + _14 <- ([#"../checked_ops.rs" 129 41 129 46] UInt8.eq _13 ([#"../checked_ops.rs" 129 41 129 46] [#"../checked_ops.rs" 129 41 129 46] (0 : uint8))); assert { [@expl:division by zero] [#"../checked_ops.rs" 129 41 129 46] not _14 }; goto BB3 } BB3 { - switch ([#"../checked_ops.rs" 129 4 129 47] not ([#"../checked_ops.rs" 129 12 129 46] _7 = ([#"../checked_ops.rs" 129 41 129 46] a / _13))) + switch ([#"../checked_ops.rs" 129 4 129 47] not ([#"../checked_ops.rs" 129 12 129 46] UInt8.eq _7 ([#"../checked_ops.rs" 129 41 129 46] UInt8.div a _13))) | False -> goto BB5 | True -> goto BB4 end @@ -2118,12 +2141,12 @@ module CheckedOps_TestU8DivNoOverflow } BB6 { _24 <- b; - _25 <- ([#"../checked_ops.rs" 130 33 130 38] _24 = ([#"../checked_ops.rs" 130 33 130 38] [#"../checked_ops.rs" 130 33 130 38] (0 : uint8))); + _25 <- ([#"../checked_ops.rs" 130 33 130 38] UInt8.eq _24 ([#"../checked_ops.rs" 130 33 130 38] [#"../checked_ops.rs" 130 33 130 38] (0 : uint8))); assert { [@expl:division by zero] [#"../checked_ops.rs" 130 33 130 38] not _25 }; goto BB7 } BB7 { - switch ([#"../checked_ops.rs" 130 4 130 39] not ([#"../checked_ops.rs" 130 12 130 38] _19 = ([#"../checked_ops.rs" 130 33 130 38] a / _24))) + switch ([#"../checked_ops.rs" 130 4 130 39] not ([#"../checked_ops.rs" 130 12 130 38] UInt8.eq _19 ([#"../checked_ops.rs" 130 33 130 38] UInt8.div a _24))) | False -> goto BB9 | True -> goto BB8 end @@ -2137,12 +2160,12 @@ module CheckedOps_TestU8DivNoOverflow } BB10 { _35 <- b; - _36 <- ([#"../checked_ops.rs" 131 35 131 40] _35 = ([#"../checked_ops.rs" 131 35 131 40] [#"../checked_ops.rs" 131 35 131 40] (0 : uint8))); + _36 <- ([#"../checked_ops.rs" 131 35 131 40] UInt8.eq _35 ([#"../checked_ops.rs" 131 35 131 40] [#"../checked_ops.rs" 131 35 131 40] (0 : uint8))); assert { [@expl:division by zero] [#"../checked_ops.rs" 131 35 131 40] not _36 }; goto BB11 } BB11 { - switch ([#"../checked_ops.rs" 131 4 131 41] not ([#"../checked_ops.rs" 131 12 131 40] _30 = ([#"../checked_ops.rs" 131 35 131 40] a / _35))) + switch ([#"../checked_ops.rs" 131 4 131 41] not ([#"../checked_ops.rs" 131 12 131 40] UInt8.eq _30 ([#"../checked_ops.rs" 131 35 131 40] UInt8.div a _35))) | False -> goto BB13 | True -> goto BB12 end @@ -2156,7 +2179,7 @@ module CheckedOps_TestU8DivNoOverflow } BB14 { _48 <- b; - _49 <- ([#"../checked_ops.rs" 133 21 133 26] _48 = ([#"../checked_ops.rs" 133 21 133 26] [#"../checked_ops.rs" 133 21 133 26] (0 : uint8))); + _49 <- ([#"../checked_ops.rs" 133 21 133 26] UInt8.eq _48 ([#"../checked_ops.rs" 133 21 133 26] [#"../checked_ops.rs" 133 21 133 26] (0 : uint8))); assert { [@expl:division by zero] [#"../checked_ops.rs" 133 21 133 26] not _49 }; goto BB18 } @@ -2177,7 +2200,7 @@ module CheckedOps_TestU8DivNoOverflow end } BB18 { - switch ([#"../checked_ops.rs" 133 12 133 26] (let (a, _) = res in a) = ([#"../checked_ops.rs" 133 21 133 26] a / _48)) + switch ([#"../checked_ops.rs" 133 12 133 26] UInt8.eq (let (a, _) = res in a) ([#"../checked_ops.rs" 133 21 133 26] UInt8.div a _48)) | False -> goto BB15 | True -> goto BB16 end @@ -2269,14 +2292,15 @@ module Core_Num_Impl0_Max (127 : int8) end module Core_Num_Impl0_CheckedAdd_Interface + use prelude.Bool use prelude.Int8 use prelude.Int clone Core_Num_Impl0_Max_Stub as Max0 clone Core_Num_Impl0_Min_Stub as Min0 use Core_Option_Option_Type as Core_Option_Option_Type val checked_add (self : int8) (rhs : int8) : Core_Option_Option_Type.t_option int8 - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 124 20 125 89] (result = Core_Option_Option_Type.C_None) = (Int8.to_int self + Int8.to_int rhs < Int8.to_int Min0.mIN' \/ Int8.to_int self + Int8.to_int rhs > Int8.to_int Max0.mAX') } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 128 16 128 89] forall r : int8 . result = Core_Option_Option_Type.C_Some r -> Int8.to_int r = Int8.to_int self + Int8.to_int rhs } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 124 20 125 89] (result = Core_Option_Option_Type.C_None) = (Int.lt (Int.add (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') \/ Int.gt (Int.add (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX')) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 128 16 128 89] forall r : int8 . result = Core_Option_Option_Type.C_Some r -> Int8.to_int r = Int.add (Int8.to_int self) (Int8.to_int rhs) } end module Core_Num_Impl0_Bits_Stub @@ -2296,25 +2320,27 @@ module Core_Num_Impl0_WrappingAdd_Interface use prelude.UInt32 use int.Power use int.EuclideanDivision + use prelude.Bool clone Core_Num_Impl0_Max_Stub as Max0 clone Core_Num_Impl0_Min_Stub as Min0 clone Core_Num_Impl0_Bits_Stub as Bits0 val wrapping_add (self : int8) (rhs : int8) : int8 - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 135 20 135 93] Int8.to_int result = EuclideanDivision.mod (Int8.to_int self + Int8.to_int rhs) (Power.power 2 (UInt32.to_int Bits0.bITS')) + Int8.to_int Min0.mIN' } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 138 16 141 18] Int8.to_int self + Int8.to_int rhs >= Int8.to_int Min0.mIN' /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int Max0.mAX' -> Int8.to_int result = Int8.to_int self + Int8.to_int rhs } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 145 16 149 18] Int8.to_int self + Int8.to_int rhs < Int8.to_int Min0.mIN' -> (exists k : int . k > 0 /\ Int8.to_int result = Int8.to_int self + Int8.to_int rhs + k * (Int8.to_int Max0.mAX' - Int8.to_int Min0.mIN' + 1)) } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 150 16 154 18] Int8.to_int self + Int8.to_int rhs > Int8.to_int Max0.mAX' -> (exists k : int . k > 0 /\ Int8.to_int result = Int8.to_int self + Int8.to_int rhs - k * (Int8.to_int Max0.mAX' - Int8.to_int Min0.mIN' + 1)) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 135 20 135 93] Int8.to_int result = Int.add (EuclideanDivision.mod (Int.add (Int8.to_int self) (Int8.to_int rhs)) (Power.power 2 (UInt32.to_int Bits0.bITS'))) (Int8.to_int Min0.mIN') } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 138 16 141 18] Int.ge (Int.add (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') /\ Int.le (Int.add (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX') -> Int8.to_int result = Int.add (Int8.to_int self) (Int8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 145 16 149 18] Int.lt (Int.add (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') -> (exists k : int . Int.gt k 0 /\ Int8.to_int result = Int.add (Int.add (Int8.to_int self) (Int8.to_int rhs)) (Int.mul k (Int.add (Int.sub (Int8.to_int Max0.mAX') (Int8.to_int Min0.mIN')) 1))) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 150 16 154 18] Int.gt (Int.add (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX') -> (exists k : int . Int.gt k 0 /\ Int8.to_int result = Int.sub (Int.add (Int8.to_int self) (Int8.to_int rhs)) (Int.mul k (Int.add (Int.sub (Int8.to_int Max0.mAX') (Int8.to_int Min0.mIN')) 1))) } end module Core_Num_Impl0_SaturatingAdd_Interface use prelude.Int8 use prelude.Int + use prelude.Bool clone Core_Num_Impl0_Max_Stub as Max0 clone Core_Num_Impl0_Min_Stub as Min0 val saturating_add (self : int8) (rhs : int8) : int8 - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 161 16 164 18] Int8.to_int self + Int8.to_int rhs >= Int8.to_int Min0.mIN' /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int Max0.mAX' -> Int8.to_int result = Int8.to_int self + Int8.to_int rhs } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 166 16 166 85] Int8.to_int self + Int8.to_int rhs < Int8.to_int Min0.mIN' -> Int8.to_int result = Int8.to_int Min0.mIN' } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 167 16 167 85] Int8.to_int self + Int8.to_int rhs > Int8.to_int Max0.mAX' -> Int8.to_int result = Int8.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 161 16 164 18] Int.ge (Int.add (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') /\ Int.le (Int.add (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX') -> Int8.to_int result = Int.add (Int8.to_int self) (Int8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 166 16 166 85] Int.lt (Int.add (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') -> Int8.to_int result = Int8.to_int Min0.mIN' } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 167 16 167 85] Int.gt (Int.add (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX') -> Int8.to_int result = Int8.to_int Max0.mAX' } end module Core_Num_Impl0_OverflowingAdd_Interface @@ -2323,15 +2349,16 @@ module Core_Num_Impl0_OverflowingAdd_Interface use prelude.UInt32 use int.Power use int.EuclideanDivision + use prelude.Bool clone Core_Num_Impl0_Max_Stub as Max0 clone Core_Num_Impl0_Min_Stub as Min0 clone Core_Num_Impl0_Bits_Stub as Bits0 val overflowing_add (self : int8) (rhs : int8) : (int8, bool) - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 175 20 175 95] Int8.to_int (let (a, _) = result in a) = EuclideanDivision.mod (Int8.to_int self + Int8.to_int rhs) (Power.power 2 (UInt32.to_int Bits0.bITS')) + Int8.to_int Min0.mIN' } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 178 16 181 18] Int8.to_int self + Int8.to_int rhs >= Int8.to_int Min0.mIN' /\ Int8.to_int self + Int8.to_int rhs <= Int8.to_int Max0.mAX' -> Int8.to_int (let (a, _) = result in a) = Int8.to_int self + Int8.to_int rhs } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 185 16 189 18] Int8.to_int self + Int8.to_int rhs < Int8.to_int Min0.mIN' -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) = Int8.to_int self + Int8.to_int rhs + k * (Int8.to_int Max0.mAX' - Int8.to_int Min0.mIN' + 1)) } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 190 16 194 18] Int8.to_int self + Int8.to_int rhs > Int8.to_int Max0.mAX' -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) = Int8.to_int self + Int8.to_int rhs - k * (Int8.to_int Max0.mAX' - Int8.to_int Min0.mIN' + 1)) } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 197 20 197 98] (let (_, a) = result in a) = (Int8.to_int self + Int8.to_int rhs < Int8.to_int Min0.mIN' \/ Int8.to_int self + Int8.to_int rhs > Int8.to_int Max0.mAX') } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 175 20 175 95] Int8.to_int (let (a, _) = result in a) = Int.add (EuclideanDivision.mod (Int.add (Int8.to_int self) (Int8.to_int rhs)) (Power.power 2 (UInt32.to_int Bits0.bITS'))) (Int8.to_int Min0.mIN') } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 178 16 181 18] Int.ge (Int.add (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') /\ Int.le (Int.add (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX') -> Int8.to_int (let (a, _) = result in a) = Int.add (Int8.to_int self) (Int8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 185 16 189 18] Int.lt (Int.add (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') -> (exists k : int . Int.gt k 0 /\ Int8.to_int (let (a, _) = result in a) = Int.add (Int.add (Int8.to_int self) (Int8.to_int rhs)) (Int.mul k (Int.add (Int.sub (Int8.to_int Max0.mAX') (Int8.to_int Min0.mIN')) 1))) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 190 16 194 18] Int.gt (Int.add (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX') -> (exists k : int . Int.gt k 0 /\ Int8.to_int (let (a, _) = result in a) = Int.sub (Int.add (Int8.to_int self) (Int8.to_int rhs)) (Int.mul k (Int.add (Int.sub (Int8.to_int Max0.mAX') (Int8.to_int Min0.mIN')) 1))) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 197 20 197 98] (let (_, a) = result in a) = (Int.lt (Int.add (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') \/ Int.gt (Int.add (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX')) } end module CheckedOps_TestI8AddExample_Interface @@ -2429,7 +2456,7 @@ module CheckedOps_TestI8AddExample goto BB2 } BB2 { - switch ([#"../checked_ops.rs" 143 4 143 47] not ([#"../checked_ops.rs" 143 12 143 46] _4 = ([#"../checked_ops.rs" 143 44 143 46] [#"../checked_ops.rs" 143 44 143 46] (15 : int8)))) + switch ([#"../checked_ops.rs" 143 4 143 47] not ([#"../checked_ops.rs" 143 12 143 46] Int8.eq _4 ([#"../checked_ops.rs" 143 44 143 46] [#"../checked_ops.rs" 143 44 143 46] (15 : int8)))) | False -> goto BB4 | True -> goto BB3 end @@ -2476,7 +2503,7 @@ module CheckedOps_TestI8AddExample goto BB13 } BB13 { - switch ([#"../checked_ops.rs" 147 4 147 39] not ([#"../checked_ops.rs" 147 12 147 38] _22 = ([#"../checked_ops.rs" 147 36 147 38] [#"../checked_ops.rs" 147 36 147 38] (15 : int8)))) + switch ([#"../checked_ops.rs" 147 4 147 39] not ([#"../checked_ops.rs" 147 12 147 38] Int8.eq _22 ([#"../checked_ops.rs" 147 36 147 38] [#"../checked_ops.rs" 147 36 147 38] (15 : int8)))) | False -> goto BB15 | True -> goto BB14 end @@ -2489,7 +2516,7 @@ module CheckedOps_TestI8AddExample goto BB16 } BB16 { - switch ([#"../checked_ops.rs" 148 4 148 43] not ([#"../checked_ops.rs" 148 12 148 42] _27 = ([#"../checked_ops.rs" 148 38 148 42] [#"../checked_ops.rs" 148 38 148 42] (-126 : int8)))) + switch ([#"../checked_ops.rs" 148 4 148 43] not ([#"../checked_ops.rs" 148 12 148 42] Int8.eq _27 ([#"../checked_ops.rs" 148 38 148 42] [#"../checked_ops.rs" 148 38 148 42] (-126 : int8)))) | False -> goto BB18 | True -> goto BB17 end @@ -2502,7 +2529,7 @@ module CheckedOps_TestI8AddExample goto BB19 } BB19 { - switch ([#"../checked_ops.rs" 149 4 149 46] not ([#"../checked_ops.rs" 149 12 149 45] _32 = ([#"../checked_ops.rs" 149 42 149 45] [#"../checked_ops.rs" 149 42 149 45] (126 : int8)))) + switch ([#"../checked_ops.rs" 149 4 149 46] not ([#"../checked_ops.rs" 149 12 149 45] Int8.eq _32 ([#"../checked_ops.rs" 149 42 149 45] [#"../checked_ops.rs" 149 42 149 45] (126 : int8)))) | False -> goto BB21 | True -> goto BB20 end @@ -2515,7 +2542,7 @@ module CheckedOps_TestI8AddExample goto BB22 } BB22 { - switch ([#"../checked_ops.rs" 151 4 151 41] not ([#"../checked_ops.rs" 151 12 151 40] _37 = ([#"../checked_ops.rs" 151 38 151 40] [#"../checked_ops.rs" 151 38 151 40] (15 : int8)))) + switch ([#"../checked_ops.rs" 151 4 151 41] not ([#"../checked_ops.rs" 151 12 151 40] Int8.eq _37 ([#"../checked_ops.rs" 151 38 151 40] [#"../checked_ops.rs" 151 38 151 40] (15 : int8)))) | False -> goto BB24 | True -> goto BB23 end @@ -2528,7 +2555,7 @@ module CheckedOps_TestI8AddExample goto BB25 } BB25 { - switch ([#"../checked_ops.rs" 152 4 152 44] not ([#"../checked_ops.rs" 152 12 152 43] _42 = ([#"../checked_ops.rs" 152 40 152 43] [#"../checked_ops.rs" 152 40 152 43] (127 : int8)))) + switch ([#"../checked_ops.rs" 152 4 152 44] not ([#"../checked_ops.rs" 152 12 152 43] Int8.eq _42 ([#"../checked_ops.rs" 152 40 152 43] [#"../checked_ops.rs" 152 40 152 43] (127 : int8)))) | False -> goto BB27 | True -> goto BB26 end @@ -2541,7 +2568,7 @@ module CheckedOps_TestI8AddExample goto BB28 } BB28 { - switch ([#"../checked_ops.rs" 153 4 153 49] not ([#"../checked_ops.rs" 153 12 153 48] _47 = ([#"../checked_ops.rs" 153 44 153 48] [#"../checked_ops.rs" 153 44 153 48] (-128 : int8)))) + switch ([#"../checked_ops.rs" 153 4 153 49] not ([#"../checked_ops.rs" 153 12 153 48] Int8.eq _47 ([#"../checked_ops.rs" 153 44 153 48] [#"../checked_ops.rs" 153 44 153 48] (-128 : int8)))) | False -> goto BB30 | True -> goto BB29 end @@ -2554,7 +2581,7 @@ module CheckedOps_TestI8AddExample goto BB31 } BB31 { - switch ([#"../checked_ops.rs" 156 12 156 23] (let (a, _) = res in a) = ([#"../checked_ops.rs" 156 21 156 23] [#"../checked_ops.rs" 156 21 156 23] (15 : int8))) + switch ([#"../checked_ops.rs" 156 12 156 23] Int8.eq (let (a, _) = res in a) ([#"../checked_ops.rs" 156 21 156 23] [#"../checked_ops.rs" 156 21 156 23] (15 : int8))) | False -> goto BB32 | True -> goto BB33 end @@ -2583,7 +2610,7 @@ module CheckedOps_TestI8AddExample goto BB37 } BB37 { - switch ([#"../checked_ops.rs" 158 12 158 25] (let (a, _) = res1 in a) = ([#"../checked_ops.rs" 158 21 158 25] [#"../checked_ops.rs" 158 21 158 25] (-126 : int8))) + switch ([#"../checked_ops.rs" 158 12 158 25] Int8.eq (let (a, _) = res1 in a) ([#"../checked_ops.rs" 158 21 158 25] [#"../checked_ops.rs" 158 21 158 25] (-126 : int8))) | False -> goto BB38 | True -> goto BB39 end @@ -2612,7 +2639,7 @@ module CheckedOps_TestI8AddExample goto BB43 } BB43 { - switch ([#"../checked_ops.rs" 160 12 160 24] (let (a, _) = res2 in a) = ([#"../checked_ops.rs" 160 21 160 24] [#"../checked_ops.rs" 160 21 160 24] (126 : int8))) + switch ([#"../checked_ops.rs" 160 12 160 24] Int8.eq (let (a, _) = res2 in a) ([#"../checked_ops.rs" 160 21 160 24] [#"../checked_ops.rs" 160 21 160 24] (126 : int8))) | False -> goto BB44 | True -> goto BB45 end @@ -2646,7 +2673,7 @@ module CheckedOps_TestI8AddOverflowPos_Interface use prelude.Int8 use prelude.Int val test_i8_add_overflow_pos [#"../checked_ops.rs" 165 0 165 38] (a : int8) : () - requires {[#"../checked_ops.rs" 164 11 164 17] Int8.to_int a > 0} + requires {[#"../checked_ops.rs" 164 11 164 17] Int.gt (Int8.to_int a) 0} end module CheckedOps_TestI8AddOverflowPos @@ -2691,7 +2718,7 @@ module CheckedOps_TestI8AddOverflowPos val Min0.mIN' = Min0.mIN', val Max0.mAX' = Max0.mAX' let rec cfg test_i8_add_overflow_pos [#"../checked_ops.rs" 165 0 165 38] [@cfg:stackify] [@cfg:subregion_analysis] (a : int8) : () - requires {[#"../checked_ops.rs" 164 11 164 17] Int8.to_int a > 0} + requires {[#"../checked_ops.rs" 164 11 164 17] Int.gt (Int8.to_int a) 0} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -2727,7 +2754,7 @@ module CheckedOps_TestI8AddOverflowPos goto BB5 } BB5 { - switch ([#"../checked_ops.rs" 167 4 167 49] not ([#"../checked_ops.rs" 167 12 167 48] _13 = ([#"../checked_ops.rs" 167 37 167 48] ([#"../checked_ops.rs" 167 37 167 44] a - ([#"../checked_ops.rs" 167 41 167 44] [#"../checked_ops.rs" 167 41 167 44] (127 : int8))) - ([#"../checked_ops.rs" 167 47 167 48] [#"../checked_ops.rs" 167 47 167 48] (2 : int8))))) + switch ([#"../checked_ops.rs" 167 4 167 49] not ([#"../checked_ops.rs" 167 12 167 48] Int8.eq _13 ([#"../checked_ops.rs" 167 37 167 48] Int8.sub ([#"../checked_ops.rs" 167 37 167 44] Int8.sub a ([#"../checked_ops.rs" 167 41 167 44] [#"../checked_ops.rs" 167 41 167 44] (127 : int8))) ([#"../checked_ops.rs" 167 47 167 48] [#"../checked_ops.rs" 167 47 167 48] (2 : int8))))) | False -> goto BB7 | True -> goto BB6 end @@ -2740,7 +2767,7 @@ module CheckedOps_TestI8AddOverflowPos goto BB8 } BB8 { - switch ([#"../checked_ops.rs" 168 4 168 43] not ([#"../checked_ops.rs" 168 12 168 42] _22 = ([#"../checked_ops.rs" 168 39 168 42] [#"../checked_ops.rs" 168 39 168 42] (127 : int8)))) + switch ([#"../checked_ops.rs" 168 4 168 43] not ([#"../checked_ops.rs" 168 12 168 42] Int8.eq _22 ([#"../checked_ops.rs" 168 39 168 42] [#"../checked_ops.rs" 168 39 168 42] (127 : int8)))) | False -> goto BB10 | True -> goto BB9 end @@ -2753,7 +2780,7 @@ module CheckedOps_TestI8AddOverflowPos goto BB11 } BB11 { - switch ([#"../checked_ops.rs" 170 12 170 32] (let (a, _) = res in a) = ([#"../checked_ops.rs" 170 21 170 32] ([#"../checked_ops.rs" 170 21 170 28] a - ([#"../checked_ops.rs" 170 25 170 28] [#"../checked_ops.rs" 170 25 170 28] (127 : int8))) - ([#"../checked_ops.rs" 170 31 170 32] [#"../checked_ops.rs" 170 31 170 32] (2 : int8)))) + switch ([#"../checked_ops.rs" 170 12 170 32] Int8.eq (let (a, _) = res in a) ([#"../checked_ops.rs" 170 21 170 32] Int8.sub ([#"../checked_ops.rs" 170 21 170 28] Int8.sub a ([#"../checked_ops.rs" 170 25 170 28] [#"../checked_ops.rs" 170 25 170 28] (127 : int8))) ([#"../checked_ops.rs" 170 31 170 32] [#"../checked_ops.rs" 170 31 170 32] (2 : int8)))) | False -> goto BB12 | True -> goto BB13 end @@ -2787,7 +2814,7 @@ module CheckedOps_TestI8AddOverflowNeg_Interface use prelude.Int8 use prelude.Int val test_i8_add_overflow_neg [#"../checked_ops.rs" 175 0 175 38] (a : int8) : () - requires {[#"../checked_ops.rs" 174 11 174 17] Int8.to_int a < 0} + requires {[#"../checked_ops.rs" 174 11 174 17] Int.lt (Int8.to_int a) 0} end module CheckedOps_TestI8AddOverflowNeg @@ -2832,7 +2859,7 @@ module CheckedOps_TestI8AddOverflowNeg val Min0.mIN' = Min0.mIN', val Max0.mAX' = Max0.mAX' let rec cfg test_i8_add_overflow_neg [#"../checked_ops.rs" 175 0 175 38] [@cfg:stackify] [@cfg:subregion_analysis] (a : int8) : () - requires {[#"../checked_ops.rs" 174 11 174 17] Int8.to_int a < 0} + requires {[#"../checked_ops.rs" 174 11 174 17] Int.lt (Int8.to_int a) 0} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -2868,7 +2895,7 @@ module CheckedOps_TestI8AddOverflowNeg goto BB5 } BB5 { - switch ([#"../checked_ops.rs" 177 4 177 52] not ([#"../checked_ops.rs" 177 12 177 51] _13 = ([#"../checked_ops.rs" 177 40 177 51] ([#"../checked_ops.rs" 177 40 177 47] a + ([#"../checked_ops.rs" 177 44 177 47] [#"../checked_ops.rs" 177 44 177 47] (127 : int8))) + ([#"../checked_ops.rs" 177 50 177 51] [#"../checked_ops.rs" 177 50 177 51] (1 : int8))))) + switch ([#"../checked_ops.rs" 177 4 177 52] not ([#"../checked_ops.rs" 177 12 177 51] Int8.eq _13 ([#"../checked_ops.rs" 177 40 177 51] Int8.add ([#"../checked_ops.rs" 177 40 177 47] Int8.add a ([#"../checked_ops.rs" 177 44 177 47] [#"../checked_ops.rs" 177 44 177 47] (127 : int8))) ([#"../checked_ops.rs" 177 50 177 51] [#"../checked_ops.rs" 177 50 177 51] (1 : int8))))) | False -> goto BB7 | True -> goto BB6 end @@ -2881,7 +2908,7 @@ module CheckedOps_TestI8AddOverflowNeg goto BB8 } BB8 { - switch ([#"../checked_ops.rs" 178 4 178 47] not ([#"../checked_ops.rs" 178 12 178 46] _22 = ([#"../checked_ops.rs" 178 42 178 46] [#"../checked_ops.rs" 178 42 178 46] (-128 : int8)))) + switch ([#"../checked_ops.rs" 178 4 178 47] not ([#"../checked_ops.rs" 178 12 178 46] Int8.eq _22 ([#"../checked_ops.rs" 178 42 178 46] [#"../checked_ops.rs" 178 42 178 46] (-128 : int8)))) | False -> goto BB10 | True -> goto BB9 end @@ -2894,7 +2921,7 @@ module CheckedOps_TestI8AddOverflowNeg goto BB11 } BB11 { - switch ([#"../checked_ops.rs" 180 12 180 32] (let (a, _) = res in a) = ([#"../checked_ops.rs" 180 21 180 32] ([#"../checked_ops.rs" 180 21 180 28] a + ([#"../checked_ops.rs" 180 25 180 28] [#"../checked_ops.rs" 180 25 180 28] (127 : int8))) + ([#"../checked_ops.rs" 180 31 180 32] [#"../checked_ops.rs" 180 31 180 32] (1 : int8)))) + switch ([#"../checked_ops.rs" 180 12 180 32] Int8.eq (let (a, _) = res in a) ([#"../checked_ops.rs" 180 21 180 32] Int8.add ([#"../checked_ops.rs" 180 21 180 28] Int8.add a ([#"../checked_ops.rs" 180 25 180 28] [#"../checked_ops.rs" 180 25 180 28] (127 : int8))) ([#"../checked_ops.rs" 180 31 180 32] [#"../checked_ops.rs" 180 31 180 32] (1 : int8)))) | False -> goto BB12 | True -> goto BB13 end @@ -2927,13 +2954,15 @@ end module CheckedOps_TestI8WrappingAdd_Interface use prelude.Int8 use prelude.Int + use prelude.Bool val test_i8_wrapping_add [#"../checked_ops.rs" 186 0 186 47] (a : int8) (b : int8) : int8 - ensures { [#"../checked_ops.rs" 185 10 185 84] Int8.to_int result = Int8.to_int a + Int8.to_int b \/ Int8.to_int result = Int8.to_int a + Int8.to_int b - 256 \/ Int8.to_int result = Int8.to_int a + Int8.to_int b + 256 } + ensures { [#"../checked_ops.rs" 185 10 185 84] Int8.to_int result = Int.add (Int8.to_int a) (Int8.to_int b) \/ Int8.to_int result = Int.sub (Int.add (Int8.to_int a) (Int8.to_int b)) 256 \/ Int8.to_int result = Int.add (Int.add (Int8.to_int a) (Int8.to_int b)) 256 } end module CheckedOps_TestI8WrappingAdd use prelude.Int use prelude.Int8 + use prelude.Bool clone Core_Num_Impl0_Max as Max0 clone Core_Num_Impl0_Min as Min0 clone Core_Num_Impl0_Bits as Bits0 @@ -2942,7 +2971,7 @@ module CheckedOps_TestI8WrappingAdd val Min0.mIN' = Min0.mIN', val Max0.mAX' = Max0.mAX' let rec cfg test_i8_wrapping_add [#"../checked_ops.rs" 186 0 186 47] [@cfg:stackify] [@cfg:subregion_analysis] (a : int8) (b : int8) : int8 - ensures { [#"../checked_ops.rs" 185 10 185 84] Int8.to_int result = Int8.to_int a + Int8.to_int b \/ Int8.to_int result = Int8.to_int a + Int8.to_int b - 256 \/ Int8.to_int result = Int8.to_int a + Int8.to_int b + 256 } + ensures { [#"../checked_ops.rs" 185 10 185 84] Int8.to_int result = Int.add (Int8.to_int a) (Int8.to_int b) \/ Int8.to_int result = Int.sub (Int.add (Int8.to_int a) (Int8.to_int b)) 256 \/ Int8.to_int result = Int.add (Int.add (Int8.to_int a) (Int8.to_int b)) 256 } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : int8; @@ -3027,7 +3056,7 @@ module CheckedOps_TestI8OverflowingAdd goto BB2 } BB2 { - switch ([#"../checked_ops.rs" 192 4 192 56] not ([#"../checked_ops.rs" 192 12 192 55] (let (a, _) = _7 in a) = _10)) + switch ([#"../checked_ops.rs" 192 4 192 56] not ([#"../checked_ops.rs" 192 12 192 55] Int8.eq (let (a, _) = _7 in a) _10)) | False -> goto BB4 | True -> goto BB3 end @@ -3064,14 +3093,15 @@ module CheckedOps_TestI8OverflowingAdd end module Core_Num_Impl0_CheckedSub_Interface + use prelude.Bool use prelude.Int8 use prelude.Int clone Core_Num_Impl0_Max_Stub as Max0 clone Core_Num_Impl0_Min_Stub as Min0 use Core_Option_Option_Type as Core_Option_Option_Type val checked_sub (self : int8) (rhs : int8) : Core_Option_Option_Type.t_option int8 - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 124 20 125 89] (result = Core_Option_Option_Type.C_None) = (Int8.to_int self - Int8.to_int rhs < Int8.to_int Min0.mIN' \/ Int8.to_int self - Int8.to_int rhs > Int8.to_int Max0.mAX') } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 128 16 128 89] forall r : int8 . result = Core_Option_Option_Type.C_Some r -> Int8.to_int r = Int8.to_int self - Int8.to_int rhs } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 124 20 125 89] (result = Core_Option_Option_Type.C_None) = (Int.lt (Int.sub (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') \/ Int.gt (Int.sub (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX')) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 128 16 128 89] forall r : int8 . result = Core_Option_Option_Type.C_Some r -> Int8.to_int r = Int.sub (Int8.to_int self) (Int8.to_int rhs) } end module Core_Num_Impl0_WrappingSub_Interface @@ -3080,25 +3110,27 @@ module Core_Num_Impl0_WrappingSub_Interface use prelude.UInt32 use int.Power use int.EuclideanDivision + use prelude.Bool clone Core_Num_Impl0_Max_Stub as Max0 clone Core_Num_Impl0_Min_Stub as Min0 clone Core_Num_Impl0_Bits_Stub as Bits0 val wrapping_sub (self : int8) (rhs : int8) : int8 - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 135 20 135 93] Int8.to_int result = EuclideanDivision.mod (Int8.to_int self - Int8.to_int rhs) (Power.power 2 (UInt32.to_int Bits0.bITS')) + Int8.to_int Min0.mIN' } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 138 16 141 18] Int8.to_int self - Int8.to_int rhs >= Int8.to_int Min0.mIN' /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int Max0.mAX' -> Int8.to_int result = Int8.to_int self - Int8.to_int rhs } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 145 16 149 18] Int8.to_int self - Int8.to_int rhs < Int8.to_int Min0.mIN' -> (exists k : int . k > 0 /\ Int8.to_int result = Int8.to_int self - Int8.to_int rhs + k * (Int8.to_int Max0.mAX' - Int8.to_int Min0.mIN' + 1)) } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 150 16 154 18] Int8.to_int self - Int8.to_int rhs > Int8.to_int Max0.mAX' -> (exists k : int . k > 0 /\ Int8.to_int result = Int8.to_int self - Int8.to_int rhs - k * (Int8.to_int Max0.mAX' - Int8.to_int Min0.mIN' + 1)) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 135 20 135 93] Int8.to_int result = Int.add (EuclideanDivision.mod (Int.sub (Int8.to_int self) (Int8.to_int rhs)) (Power.power 2 (UInt32.to_int Bits0.bITS'))) (Int8.to_int Min0.mIN') } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 138 16 141 18] Int.ge (Int.sub (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') /\ Int.le (Int.sub (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX') -> Int8.to_int result = Int.sub (Int8.to_int self) (Int8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 145 16 149 18] Int.lt (Int.sub (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') -> (exists k : int . Int.gt k 0 /\ Int8.to_int result = Int.add (Int.sub (Int8.to_int self) (Int8.to_int rhs)) (Int.mul k (Int.add (Int.sub (Int8.to_int Max0.mAX') (Int8.to_int Min0.mIN')) 1))) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 150 16 154 18] Int.gt (Int.sub (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX') -> (exists k : int . Int.gt k 0 /\ Int8.to_int result = Int.sub (Int.sub (Int8.to_int self) (Int8.to_int rhs)) (Int.mul k (Int.add (Int.sub (Int8.to_int Max0.mAX') (Int8.to_int Min0.mIN')) 1))) } end module Core_Num_Impl0_SaturatingSub_Interface use prelude.Int8 use prelude.Int + use prelude.Bool clone Core_Num_Impl0_Max_Stub as Max0 clone Core_Num_Impl0_Min_Stub as Min0 val saturating_sub (self : int8) (rhs : int8) : int8 - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 161 16 164 18] Int8.to_int self - Int8.to_int rhs >= Int8.to_int Min0.mIN' /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int Max0.mAX' -> Int8.to_int result = Int8.to_int self - Int8.to_int rhs } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 166 16 166 85] Int8.to_int self - Int8.to_int rhs < Int8.to_int Min0.mIN' -> Int8.to_int result = Int8.to_int Min0.mIN' } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 167 16 167 85] Int8.to_int self - Int8.to_int rhs > Int8.to_int Max0.mAX' -> Int8.to_int result = Int8.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 161 16 164 18] Int.ge (Int.sub (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') /\ Int.le (Int.sub (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX') -> Int8.to_int result = Int.sub (Int8.to_int self) (Int8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 166 16 166 85] Int.lt (Int.sub (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') -> Int8.to_int result = Int8.to_int Min0.mIN' } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 167 16 167 85] Int.gt (Int.sub (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX') -> Int8.to_int result = Int8.to_int Max0.mAX' } end module Core_Num_Impl0_OverflowingSub_Interface @@ -3107,15 +3139,16 @@ module Core_Num_Impl0_OverflowingSub_Interface use prelude.UInt32 use int.Power use int.EuclideanDivision + use prelude.Bool clone Core_Num_Impl0_Max_Stub as Max0 clone Core_Num_Impl0_Min_Stub as Min0 clone Core_Num_Impl0_Bits_Stub as Bits0 val overflowing_sub (self : int8) (rhs : int8) : (int8, bool) - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 175 20 175 95] Int8.to_int (let (a, _) = result in a) = EuclideanDivision.mod (Int8.to_int self - Int8.to_int rhs) (Power.power 2 (UInt32.to_int Bits0.bITS')) + Int8.to_int Min0.mIN' } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 178 16 181 18] Int8.to_int self - Int8.to_int rhs >= Int8.to_int Min0.mIN' /\ Int8.to_int self - Int8.to_int rhs <= Int8.to_int Max0.mAX' -> Int8.to_int (let (a, _) = result in a) = Int8.to_int self - Int8.to_int rhs } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 185 16 189 18] Int8.to_int self - Int8.to_int rhs < Int8.to_int Min0.mIN' -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) = Int8.to_int self - Int8.to_int rhs + k * (Int8.to_int Max0.mAX' - Int8.to_int Min0.mIN' + 1)) } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 190 16 194 18] Int8.to_int self - Int8.to_int rhs > Int8.to_int Max0.mAX' -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) = Int8.to_int self - Int8.to_int rhs - k * (Int8.to_int Max0.mAX' - Int8.to_int Min0.mIN' + 1)) } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 197 20 197 98] (let (_, a) = result in a) = (Int8.to_int self - Int8.to_int rhs < Int8.to_int Min0.mIN' \/ Int8.to_int self - Int8.to_int rhs > Int8.to_int Max0.mAX') } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 175 20 175 95] Int8.to_int (let (a, _) = result in a) = Int.add (EuclideanDivision.mod (Int.sub (Int8.to_int self) (Int8.to_int rhs)) (Power.power 2 (UInt32.to_int Bits0.bITS'))) (Int8.to_int Min0.mIN') } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 178 16 181 18] Int.ge (Int.sub (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') /\ Int.le (Int.sub (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX') -> Int8.to_int (let (a, _) = result in a) = Int.sub (Int8.to_int self) (Int8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 185 16 189 18] Int.lt (Int.sub (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') -> (exists k : int . Int.gt k 0 /\ Int8.to_int (let (a, _) = result in a) = Int.add (Int.sub (Int8.to_int self) (Int8.to_int rhs)) (Int.mul k (Int.add (Int.sub (Int8.to_int Max0.mAX') (Int8.to_int Min0.mIN')) 1))) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 190 16 194 18] Int.gt (Int.sub (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX') -> (exists k : int . Int.gt k 0 /\ Int8.to_int (let (a, _) = result in a) = Int.sub (Int.sub (Int8.to_int self) (Int8.to_int rhs)) (Int.mul k (Int.add (Int.sub (Int8.to_int Max0.mAX') (Int8.to_int Min0.mIN')) 1))) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 197 20 197 98] (let (_, a) = result in a) = (Int.lt (Int.sub (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') \/ Int.gt (Int.sub (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX')) } end module CheckedOps_TestI8SubExample_Interface @@ -3213,7 +3246,7 @@ module CheckedOps_TestI8SubExample goto BB2 } BB2 { - switch ([#"../checked_ops.rs" 198 4 198 47] not ([#"../checked_ops.rs" 198 12 198 46] _4 = ([#"../checked_ops.rs" 198 44 198 46] [#"../checked_ops.rs" 198 44 198 46] (-5 : int8)))) + switch ([#"../checked_ops.rs" 198 4 198 47] not ([#"../checked_ops.rs" 198 12 198 46] Int8.eq _4 ([#"../checked_ops.rs" 198 44 198 46] [#"../checked_ops.rs" 198 44 198 46] (-5 : int8)))) | False -> goto BB4 | True -> goto BB3 end @@ -3231,7 +3264,7 @@ module CheckedOps_TestI8SubExample goto BB6 } BB6 { - switch ([#"../checked_ops.rs" 199 4 199 50] not ([#"../checked_ops.rs" 199 12 199 49] _10 = ([#"../checked_ops.rs" 199 46 199 49] [#"../checked_ops.rs" 199 46 199 49] (110 : int8)))) + switch ([#"../checked_ops.rs" 199 4 199 50] not ([#"../checked_ops.rs" 199 12 199 49] Int8.eq _10 ([#"../checked_ops.rs" 199 46 199 49] [#"../checked_ops.rs" 199 46 199 49] (110 : int8)))) | False -> goto BB8 | True -> goto BB7 end @@ -3261,7 +3294,7 @@ module CheckedOps_TestI8SubExample goto BB13 } BB13 { - switch ([#"../checked_ops.rs" 202 4 202 39] not ([#"../checked_ops.rs" 202 12 202 38] _22 = ([#"../checked_ops.rs" 202 36 202 38] [#"../checked_ops.rs" 202 36 202 38] (-5 : int8)))) + switch ([#"../checked_ops.rs" 202 4 202 39] not ([#"../checked_ops.rs" 202 12 202 38] Int8.eq _22 ([#"../checked_ops.rs" 202 36 202 38] [#"../checked_ops.rs" 202 36 202 38] (-5 : int8)))) | False -> goto BB15 | True -> goto BB14 end @@ -3274,7 +3307,7 @@ module CheckedOps_TestI8SubExample goto BB16 } BB16 { - switch ([#"../checked_ops.rs" 203 4 203 42] not ([#"../checked_ops.rs" 203 12 203 41] _27 = ([#"../checked_ops.rs" 203 38 203 41] [#"../checked_ops.rs" 203 38 203 41] (110 : int8)))) + switch ([#"../checked_ops.rs" 203 4 203 42] not ([#"../checked_ops.rs" 203 12 203 41] Int8.eq _27 ([#"../checked_ops.rs" 203 38 203 41] [#"../checked_ops.rs" 203 38 203 41] (110 : int8)))) | False -> goto BB18 | True -> goto BB17 end @@ -3287,7 +3320,7 @@ module CheckedOps_TestI8SubExample goto BB19 } BB19 { - switch ([#"../checked_ops.rs" 204 4 204 45] not ([#"../checked_ops.rs" 204 12 204 44] _32 = ([#"../checked_ops.rs" 204 41 204 44] [#"../checked_ops.rs" 204 41 204 44] (126 : int8)))) + switch ([#"../checked_ops.rs" 204 4 204 45] not ([#"../checked_ops.rs" 204 12 204 44] Int8.eq _32 ([#"../checked_ops.rs" 204 41 204 44] [#"../checked_ops.rs" 204 41 204 44] (126 : int8)))) | False -> goto BB21 | True -> goto BB20 end @@ -3300,7 +3333,7 @@ module CheckedOps_TestI8SubExample goto BB22 } BB22 { - switch ([#"../checked_ops.rs" 206 4 206 41] not ([#"../checked_ops.rs" 206 12 206 40] _37 = ([#"../checked_ops.rs" 206 38 206 40] [#"../checked_ops.rs" 206 38 206 40] (-5 : int8)))) + switch ([#"../checked_ops.rs" 206 4 206 41] not ([#"../checked_ops.rs" 206 12 206 40] Int8.eq _37 ([#"../checked_ops.rs" 206 38 206 40] [#"../checked_ops.rs" 206 38 206 40] (-5 : int8)))) | False -> goto BB24 | True -> goto BB23 end @@ -3313,7 +3346,7 @@ module CheckedOps_TestI8SubExample goto BB25 } BB25 { - switch ([#"../checked_ops.rs" 207 4 207 44] not ([#"../checked_ops.rs" 207 12 207 43] _42 = ([#"../checked_ops.rs" 207 40 207 43] [#"../checked_ops.rs" 207 40 207 43] (110 : int8)))) + switch ([#"../checked_ops.rs" 207 4 207 44] not ([#"../checked_ops.rs" 207 12 207 43] Int8.eq _42 ([#"../checked_ops.rs" 207 40 207 43] [#"../checked_ops.rs" 207 40 207 43] (110 : int8)))) | False -> goto BB27 | True -> goto BB26 end @@ -3326,7 +3359,7 @@ module CheckedOps_TestI8SubExample goto BB28 } BB28 { - switch ([#"../checked_ops.rs" 208 4 208 48] not ([#"../checked_ops.rs" 208 12 208 47] _47 = ([#"../checked_ops.rs" 208 43 208 47] [#"../checked_ops.rs" 208 43 208 47] (-128 : int8)))) + switch ([#"../checked_ops.rs" 208 4 208 48] not ([#"../checked_ops.rs" 208 12 208 47] Int8.eq _47 ([#"../checked_ops.rs" 208 43 208 47] [#"../checked_ops.rs" 208 43 208 47] (-128 : int8)))) | False -> goto BB30 | True -> goto BB29 end @@ -3339,7 +3372,7 @@ module CheckedOps_TestI8SubExample goto BB31 } BB31 { - switch ([#"../checked_ops.rs" 211 12 211 23] (let (a, _) = res in a) = ([#"../checked_ops.rs" 211 21 211 23] [#"../checked_ops.rs" 211 21 211 23] (-5 : int8))) + switch ([#"../checked_ops.rs" 211 12 211 23] Int8.eq (let (a, _) = res in a) ([#"../checked_ops.rs" 211 21 211 23] [#"../checked_ops.rs" 211 21 211 23] (-5 : int8))) | False -> goto BB32 | True -> goto BB33 end @@ -3368,7 +3401,7 @@ module CheckedOps_TestI8SubExample goto BB37 } BB37 { - switch ([#"../checked_ops.rs" 213 12 213 24] (let (a, _) = res1 in a) = ([#"../checked_ops.rs" 213 21 213 24] [#"../checked_ops.rs" 213 21 213 24] (110 : int8))) + switch ([#"../checked_ops.rs" 213 12 213 24] Int8.eq (let (a, _) = res1 in a) ([#"../checked_ops.rs" 213 21 213 24] [#"../checked_ops.rs" 213 21 213 24] (110 : int8))) | False -> goto BB38 | True -> goto BB39 end @@ -3397,7 +3430,7 @@ module CheckedOps_TestI8SubExample goto BB43 } BB43 { - switch ([#"../checked_ops.rs" 215 12 215 24] (let (a, _) = res2 in a) = ([#"../checked_ops.rs" 215 21 215 24] [#"../checked_ops.rs" 215 21 215 24] (126 : int8))) + switch ([#"../checked_ops.rs" 215 12 215 24] Int8.eq (let (a, _) = res2 in a) ([#"../checked_ops.rs" 215 21 215 24] [#"../checked_ops.rs" 215 21 215 24] (126 : int8))) | False -> goto BB44 | True -> goto BB45 end @@ -3431,7 +3464,7 @@ module CheckedOps_TestI8SubOverflowPos_Interface use prelude.Int8 use prelude.Int val test_i8_sub_overflow_pos [#"../checked_ops.rs" 220 0 220 38] (a : int8) : () - requires {[#"../checked_ops.rs" 219 11 219 17] Int8.to_int a > 0} + requires {[#"../checked_ops.rs" 219 11 219 17] Int.gt (Int8.to_int a) 0} end module CheckedOps_TestI8SubOverflowPos @@ -3476,7 +3509,7 @@ module CheckedOps_TestI8SubOverflowPos val Min0.mIN' = Min0.mIN', val Max0.mAX' = Max0.mAX' let rec cfg test_i8_sub_overflow_pos [#"../checked_ops.rs" 220 0 220 38] [@cfg:stackify] [@cfg:subregion_analysis] (a : int8) : () - requires {[#"../checked_ops.rs" 219 11 219 17] Int8.to_int a > 0} + requires {[#"../checked_ops.rs" 219 11 219 17] Int.gt (Int8.to_int a) 0} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -3512,7 +3545,7 @@ module CheckedOps_TestI8SubOverflowPos goto BB5 } BB5 { - switch ([#"../checked_ops.rs" 222 4 222 52] not ([#"../checked_ops.rs" 222 12 222 51] _13 = ([#"../checked_ops.rs" 222 40 222 51] ([#"../checked_ops.rs" 222 40 222 47] ([#"../checked_ops.rs" 222 40 222 43] [#"../checked_ops.rs" 222 40 222 43] (127 : int8)) - a) + ([#"../checked_ops.rs" 222 50 222 51] [#"../checked_ops.rs" 222 50 222 51] (1 : int8))))) + switch ([#"../checked_ops.rs" 222 4 222 52] not ([#"../checked_ops.rs" 222 12 222 51] Int8.eq _13 ([#"../checked_ops.rs" 222 40 222 51] Int8.add ([#"../checked_ops.rs" 222 40 222 47] Int8.sub ([#"../checked_ops.rs" 222 40 222 43] [#"../checked_ops.rs" 222 40 222 43] (127 : int8)) a) ([#"../checked_ops.rs" 222 50 222 51] [#"../checked_ops.rs" 222 50 222 51] (1 : int8))))) | False -> goto BB7 | True -> goto BB6 end @@ -3525,7 +3558,7 @@ module CheckedOps_TestI8SubOverflowPos goto BB8 } BB8 { - switch ([#"../checked_ops.rs" 223 4 223 47] not ([#"../checked_ops.rs" 223 12 223 46] _22 = ([#"../checked_ops.rs" 223 42 223 46] [#"../checked_ops.rs" 223 42 223 46] (-128 : int8)))) + switch ([#"../checked_ops.rs" 223 4 223 47] not ([#"../checked_ops.rs" 223 12 223 46] Int8.eq _22 ([#"../checked_ops.rs" 223 42 223 46] [#"../checked_ops.rs" 223 42 223 46] (-128 : int8)))) | False -> goto BB10 | True -> goto BB9 end @@ -3538,7 +3571,7 @@ module CheckedOps_TestI8SubOverflowPos goto BB11 } BB11 { - switch ([#"../checked_ops.rs" 225 12 225 32] (let (a, _) = res in a) = ([#"../checked_ops.rs" 225 21 225 32] ([#"../checked_ops.rs" 225 21 225 28] ([#"../checked_ops.rs" 225 21 225 24] [#"../checked_ops.rs" 225 21 225 24] (127 : int8)) - a) + ([#"../checked_ops.rs" 225 31 225 32] [#"../checked_ops.rs" 225 31 225 32] (1 : int8)))) + switch ([#"../checked_ops.rs" 225 12 225 32] Int8.eq (let (a, _) = res in a) ([#"../checked_ops.rs" 225 21 225 32] Int8.add ([#"../checked_ops.rs" 225 21 225 28] Int8.sub ([#"../checked_ops.rs" 225 21 225 24] [#"../checked_ops.rs" 225 21 225 24] (127 : int8)) a) ([#"../checked_ops.rs" 225 31 225 32] [#"../checked_ops.rs" 225 31 225 32] (1 : int8)))) | False -> goto BB12 | True -> goto BB13 end @@ -3572,7 +3605,7 @@ module CheckedOps_TestI8SubOverflowNeg_Interface use prelude.Int8 use prelude.Int val test_i8_sub_overflow_neg [#"../checked_ops.rs" 230 0 230 38] (a : int8) : () - requires {[#"../checked_ops.rs" 229 11 229 17] Int8.to_int a < 0} + requires {[#"../checked_ops.rs" 229 11 229 17] Int.lt (Int8.to_int a) 0} end module CheckedOps_TestI8SubOverflowNeg @@ -3617,7 +3650,7 @@ module CheckedOps_TestI8SubOverflowNeg val Min0.mIN' = Min0.mIN', val Max0.mAX' = Max0.mAX' let rec cfg test_i8_sub_overflow_neg [#"../checked_ops.rs" 230 0 230 38] [@cfg:stackify] [@cfg:subregion_analysis] (a : int8) : () - requires {[#"../checked_ops.rs" 229 11 229 17] Int8.to_int a < 0} + requires {[#"../checked_ops.rs" 229 11 229 17] Int.lt (Int8.to_int a) 0} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -3653,7 +3686,7 @@ module CheckedOps_TestI8SubOverflowNeg goto BB5 } BB5 { - switch ([#"../checked_ops.rs" 232 4 232 52] not ([#"../checked_ops.rs" 232 12 232 51] _13 = ([#"../checked_ops.rs" 232 37 232 51] ([#"../checked_ops.rs" 232 37 232 45] - ([#"../checked_ops.rs" 232 38 232 45] ([#"../checked_ops.rs" 232 39 232 40] [#"../checked_ops.rs" 232 39 232 40] (2 : int8)) + a)) - ([#"../checked_ops.rs" 232 48 232 51] [#"../checked_ops.rs" 232 48 232 51] (127 : int8))))) + switch ([#"../checked_ops.rs" 232 4 232 52] not ([#"../checked_ops.rs" 232 12 232 51] Int8.eq _13 ([#"../checked_ops.rs" 232 37 232 51] Int8.sub ([#"../checked_ops.rs" 232 37 232 45] Int8.neg ([#"../checked_ops.rs" 232 38 232 45] Int8.add ([#"../checked_ops.rs" 232 39 232 40] [#"../checked_ops.rs" 232 39 232 40] (2 : int8)) a)) ([#"../checked_ops.rs" 232 48 232 51] [#"../checked_ops.rs" 232 48 232 51] (127 : int8))))) | False -> goto BB7 | True -> goto BB6 end @@ -3666,7 +3699,7 @@ module CheckedOps_TestI8SubOverflowNeg goto BB8 } BB8 { - switch ([#"../checked_ops.rs" 233 4 233 43] not ([#"../checked_ops.rs" 233 12 233 42] _23 = ([#"../checked_ops.rs" 233 39 233 42] [#"../checked_ops.rs" 233 39 233 42] (127 : int8)))) + switch ([#"../checked_ops.rs" 233 4 233 43] not ([#"../checked_ops.rs" 233 12 233 42] Int8.eq _23 ([#"../checked_ops.rs" 233 39 233 42] [#"../checked_ops.rs" 233 39 233 42] (127 : int8)))) | False -> goto BB10 | True -> goto BB9 end @@ -3679,7 +3712,7 @@ module CheckedOps_TestI8SubOverflowNeg goto BB11 } BB11 { - switch ([#"../checked_ops.rs" 235 12 235 35] (let (a, _) = res in a) = ([#"../checked_ops.rs" 235 21 235 35] ([#"../checked_ops.rs" 235 21 235 29] - ([#"../checked_ops.rs" 235 22 235 29] ([#"../checked_ops.rs" 235 23 235 24] [#"../checked_ops.rs" 235 23 235 24] (2 : int8)) + a)) - ([#"../checked_ops.rs" 235 32 235 35] [#"../checked_ops.rs" 235 32 235 35] (127 : int8)))) + switch ([#"../checked_ops.rs" 235 12 235 35] Int8.eq (let (a, _) = res in a) ([#"../checked_ops.rs" 235 21 235 35] Int8.sub ([#"../checked_ops.rs" 235 21 235 29] Int8.neg ([#"../checked_ops.rs" 235 22 235 29] Int8.add ([#"../checked_ops.rs" 235 23 235 24] [#"../checked_ops.rs" 235 23 235 24] (2 : int8)) a)) ([#"../checked_ops.rs" 235 32 235 35] [#"../checked_ops.rs" 235 32 235 35] (127 : int8)))) | False -> goto BB12 | True -> goto BB13 end @@ -3712,13 +3745,15 @@ end module CheckedOps_TestI8WrappingSub_Interface use prelude.Int8 use prelude.Int + use prelude.Bool val test_i8_wrapping_sub [#"../checked_ops.rs" 241 0 241 47] (a : int8) (b : int8) : int8 - ensures { [#"../checked_ops.rs" 240 10 240 84] Int8.to_int result = Int8.to_int a - Int8.to_int b \/ Int8.to_int result = Int8.to_int a - Int8.to_int b + 256 \/ Int8.to_int result = Int8.to_int a - Int8.to_int b - 256 } + ensures { [#"../checked_ops.rs" 240 10 240 84] Int8.to_int result = Int.sub (Int8.to_int a) (Int8.to_int b) \/ Int8.to_int result = Int.add (Int.sub (Int8.to_int a) (Int8.to_int b)) 256 \/ Int8.to_int result = Int.sub (Int.sub (Int8.to_int a) (Int8.to_int b)) 256 } end module CheckedOps_TestI8WrappingSub use prelude.Int use prelude.Int8 + use prelude.Bool clone Core_Num_Impl0_Max as Max0 clone Core_Num_Impl0_Min as Min0 clone Core_Num_Impl0_Bits as Bits0 @@ -3727,7 +3762,7 @@ module CheckedOps_TestI8WrappingSub val Min0.mIN' = Min0.mIN', val Max0.mAX' = Max0.mAX' let rec cfg test_i8_wrapping_sub [#"../checked_ops.rs" 241 0 241 47] [@cfg:stackify] [@cfg:subregion_analysis] (a : int8) (b : int8) : int8 - ensures { [#"../checked_ops.rs" 240 10 240 84] Int8.to_int result = Int8.to_int a - Int8.to_int b \/ Int8.to_int result = Int8.to_int a - Int8.to_int b + 256 \/ Int8.to_int result = Int8.to_int a - Int8.to_int b - 256 } + ensures { [#"../checked_ops.rs" 240 10 240 84] Int8.to_int result = Int.sub (Int8.to_int a) (Int8.to_int b) \/ Int8.to_int result = Int.add (Int.sub (Int8.to_int a) (Int8.to_int b)) 256 \/ Int8.to_int result = Int.sub (Int.sub (Int8.to_int a) (Int8.to_int b)) 256 } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : int8; @@ -3812,7 +3847,7 @@ module CheckedOps_TestI8OverflowingSub goto BB2 } BB2 { - switch ([#"../checked_ops.rs" 247 4 247 56] not ([#"../checked_ops.rs" 247 12 247 55] (let (a, _) = _7 in a) = _10)) + switch ([#"../checked_ops.rs" 247 4 247 56] not ([#"../checked_ops.rs" 247 12 247 55] Int8.eq (let (a, _) = _7 in a) _10)) | False -> goto BB4 | True -> goto BB3 end @@ -3849,14 +3884,15 @@ module CheckedOps_TestI8OverflowingSub end module Core_Num_Impl0_CheckedMul_Interface + use prelude.Bool use prelude.Int8 use prelude.Int clone Core_Num_Impl0_Max_Stub as Max0 clone Core_Num_Impl0_Min_Stub as Min0 use Core_Option_Option_Type as Core_Option_Option_Type val checked_mul (self : int8) (rhs : int8) : Core_Option_Option_Type.t_option int8 - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 124 20 125 89] (result = Core_Option_Option_Type.C_None) = (Int8.to_int self * Int8.to_int rhs < Int8.to_int Min0.mIN' \/ Int8.to_int self * Int8.to_int rhs > Int8.to_int Max0.mAX') } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 128 16 128 89] forall r : int8 . result = Core_Option_Option_Type.C_Some r -> Int8.to_int r = Int8.to_int self * Int8.to_int rhs } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 124 20 125 89] (result = Core_Option_Option_Type.C_None) = (Int.lt (Int.mul (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') \/ Int.gt (Int.mul (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX')) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 128 16 128 89] forall r : int8 . result = Core_Option_Option_Type.C_Some r -> Int8.to_int r = Int.mul (Int8.to_int self) (Int8.to_int rhs) } end module Core_Num_Impl0_WrappingMul_Interface @@ -3865,25 +3901,27 @@ module Core_Num_Impl0_WrappingMul_Interface use prelude.UInt32 use int.Power use int.EuclideanDivision + use prelude.Bool clone Core_Num_Impl0_Max_Stub as Max0 clone Core_Num_Impl0_Min_Stub as Min0 clone Core_Num_Impl0_Bits_Stub as Bits0 val wrapping_mul (self : int8) (rhs : int8) : int8 - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 135 20 135 93] Int8.to_int result = EuclideanDivision.mod (Int8.to_int self * Int8.to_int rhs) (Power.power 2 (UInt32.to_int Bits0.bITS')) + Int8.to_int Min0.mIN' } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 138 16 141 18] Int8.to_int self * Int8.to_int rhs >= Int8.to_int Min0.mIN' /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int Max0.mAX' -> Int8.to_int result = Int8.to_int self * Int8.to_int rhs } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 145 16 149 18] Int8.to_int self * Int8.to_int rhs < Int8.to_int Min0.mIN' -> (exists k : int . k > 0 /\ Int8.to_int result = Int8.to_int self * Int8.to_int rhs + k * (Int8.to_int Max0.mAX' - Int8.to_int Min0.mIN' + 1)) } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 150 16 154 18] Int8.to_int self * Int8.to_int rhs > Int8.to_int Max0.mAX' -> (exists k : int . k > 0 /\ Int8.to_int result = Int8.to_int self * Int8.to_int rhs - k * (Int8.to_int Max0.mAX' - Int8.to_int Min0.mIN' + 1)) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 135 20 135 93] Int8.to_int result = Int.add (EuclideanDivision.mod (Int.mul (Int8.to_int self) (Int8.to_int rhs)) (Power.power 2 (UInt32.to_int Bits0.bITS'))) (Int8.to_int Min0.mIN') } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 138 16 141 18] Int.ge (Int.mul (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') /\ Int.le (Int.mul (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX') -> Int8.to_int result = Int.mul (Int8.to_int self) (Int8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 145 16 149 18] Int.lt (Int.mul (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') -> (exists k : int . Int.gt k 0 /\ Int8.to_int result = Int.add (Int.mul (Int8.to_int self) (Int8.to_int rhs)) (Int.mul k (Int.add (Int.sub (Int8.to_int Max0.mAX') (Int8.to_int Min0.mIN')) 1))) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 150 16 154 18] Int.gt (Int.mul (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX') -> (exists k : int . Int.gt k 0 /\ Int8.to_int result = Int.sub (Int.mul (Int8.to_int self) (Int8.to_int rhs)) (Int.mul k (Int.add (Int.sub (Int8.to_int Max0.mAX') (Int8.to_int Min0.mIN')) 1))) } end module Core_Num_Impl0_SaturatingMul_Interface use prelude.Int8 use prelude.Int + use prelude.Bool clone Core_Num_Impl0_Max_Stub as Max0 clone Core_Num_Impl0_Min_Stub as Min0 val saturating_mul (self : int8) (rhs : int8) : int8 - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 161 16 164 18] Int8.to_int self * Int8.to_int rhs >= Int8.to_int Min0.mIN' /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int Max0.mAX' -> Int8.to_int result = Int8.to_int self * Int8.to_int rhs } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 166 16 166 85] Int8.to_int self * Int8.to_int rhs < Int8.to_int Min0.mIN' -> Int8.to_int result = Int8.to_int Min0.mIN' } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 167 16 167 85] Int8.to_int self * Int8.to_int rhs > Int8.to_int Max0.mAX' -> Int8.to_int result = Int8.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 161 16 164 18] Int.ge (Int.mul (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') /\ Int.le (Int.mul (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX') -> Int8.to_int result = Int.mul (Int8.to_int self) (Int8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 166 16 166 85] Int.lt (Int.mul (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') -> Int8.to_int result = Int8.to_int Min0.mIN' } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 167 16 167 85] Int.gt (Int.mul (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX') -> Int8.to_int result = Int8.to_int Max0.mAX' } end module Core_Num_Impl0_OverflowingMul_Interface @@ -3892,15 +3930,16 @@ module Core_Num_Impl0_OverflowingMul_Interface use prelude.UInt32 use int.Power use int.EuclideanDivision + use prelude.Bool clone Core_Num_Impl0_Max_Stub as Max0 clone Core_Num_Impl0_Min_Stub as Min0 clone Core_Num_Impl0_Bits_Stub as Bits0 val overflowing_mul (self : int8) (rhs : int8) : (int8, bool) - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 175 20 175 95] Int8.to_int (let (a, _) = result in a) = EuclideanDivision.mod (Int8.to_int self * Int8.to_int rhs) (Power.power 2 (UInt32.to_int Bits0.bITS')) + Int8.to_int Min0.mIN' } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 178 16 181 18] Int8.to_int self * Int8.to_int rhs >= Int8.to_int Min0.mIN' /\ Int8.to_int self * Int8.to_int rhs <= Int8.to_int Max0.mAX' -> Int8.to_int (let (a, _) = result in a) = Int8.to_int self * Int8.to_int rhs } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 185 16 189 18] Int8.to_int self * Int8.to_int rhs < Int8.to_int Min0.mIN' -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) = Int8.to_int self * Int8.to_int rhs + k * (Int8.to_int Max0.mAX' - Int8.to_int Min0.mIN' + 1)) } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 190 16 194 18] Int8.to_int self * Int8.to_int rhs > Int8.to_int Max0.mAX' -> (exists k : int . k > 0 /\ Int8.to_int (let (a, _) = result in a) = Int8.to_int self * Int8.to_int rhs - k * (Int8.to_int Max0.mAX' - Int8.to_int Min0.mIN' + 1)) } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 197 20 197 98] (let (_, a) = result in a) = (Int8.to_int self * Int8.to_int rhs < Int8.to_int Min0.mIN' \/ Int8.to_int self * Int8.to_int rhs > Int8.to_int Max0.mAX') } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 175 20 175 95] Int8.to_int (let (a, _) = result in a) = Int.add (EuclideanDivision.mod (Int.mul (Int8.to_int self) (Int8.to_int rhs)) (Power.power 2 (UInt32.to_int Bits0.bITS'))) (Int8.to_int Min0.mIN') } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 178 16 181 18] Int.ge (Int.mul (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') /\ Int.le (Int.mul (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX') -> Int8.to_int (let (a, _) = result in a) = Int.mul (Int8.to_int self) (Int8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 185 16 189 18] Int.lt (Int.mul (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') -> (exists k : int . Int.gt k 0 /\ Int8.to_int (let (a, _) = result in a) = Int.add (Int.mul (Int8.to_int self) (Int8.to_int rhs)) (Int.mul k (Int.add (Int.sub (Int8.to_int Max0.mAX') (Int8.to_int Min0.mIN')) 1))) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 190 16 194 18] Int.gt (Int.mul (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX') -> (exists k : int . Int.gt k 0 /\ Int8.to_int (let (a, _) = result in a) = Int.sub (Int.mul (Int8.to_int self) (Int8.to_int rhs)) (Int.mul k (Int.add (Int.sub (Int8.to_int Max0.mAX') (Int8.to_int Min0.mIN')) 1))) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 197 20 197 98] (let (_, a) = result in a) = (Int.lt (Int.mul (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Min0.mIN') \/ Int.gt (Int.mul (Int8.to_int self) (Int8.to_int rhs)) (Int8.to_int Max0.mAX')) } end module CheckedOps_TestI8MulExample_Interface @@ -3998,7 +4037,7 @@ module CheckedOps_TestI8MulExample goto BB2 } BB2 { - switch ([#"../checked_ops.rs" 253 4 253 47] not ([#"../checked_ops.rs" 253 12 253 46] _4 = ([#"../checked_ops.rs" 253 44 253 46] [#"../checked_ops.rs" 253 44 253 46] (50 : int8)))) + switch ([#"../checked_ops.rs" 253 4 253 47] not ([#"../checked_ops.rs" 253 12 253 46] Int8.eq _4 ([#"../checked_ops.rs" 253 44 253 46] [#"../checked_ops.rs" 253 44 253 46] (50 : int8)))) | False -> goto BB4 | True -> goto BB3 end @@ -4045,7 +4084,7 @@ module CheckedOps_TestI8MulExample goto BB13 } BB13 { - switch ([#"../checked_ops.rs" 257 4 257 39] not ([#"../checked_ops.rs" 257 12 257 38] _22 = ([#"../checked_ops.rs" 257 36 257 38] [#"../checked_ops.rs" 257 36 257 38] (50 : int8)))) + switch ([#"../checked_ops.rs" 257 4 257 39] not ([#"../checked_ops.rs" 257 12 257 38] Int8.eq _22 ([#"../checked_ops.rs" 257 36 257 38] [#"../checked_ops.rs" 257 36 257 38] (50 : int8)))) | False -> goto BB15 | True -> goto BB14 end @@ -4058,7 +4097,7 @@ module CheckedOps_TestI8MulExample goto BB16 } BB16 { - switch ([#"../checked_ops.rs" 258 4 258 41] not ([#"../checked_ops.rs" 258 12 258 40] _27 = ([#"../checked_ops.rs" 258 37 258 40] [#"../checked_ops.rs" 258 37 258 40] (-12 : int8)))) + switch ([#"../checked_ops.rs" 258 4 258 41] not ([#"../checked_ops.rs" 258 12 258 40] Int8.eq _27 ([#"../checked_ops.rs" 258 37 258 40] [#"../checked_ops.rs" 258 37 258 40] (-12 : int8)))) | False -> goto BB18 | True -> goto BB17 end @@ -4071,7 +4110,7 @@ module CheckedOps_TestI8MulExample goto BB19 } BB19 { - switch ([#"../checked_ops.rs" 259 4 259 41] not ([#"../checked_ops.rs" 259 12 259 40] _32 = ([#"../checked_ops.rs" 259 38 259 40] [#"../checked_ops.rs" 259 38 259 40] (12 : int8)))) + switch ([#"../checked_ops.rs" 259 4 259 41] not ([#"../checked_ops.rs" 259 12 259 40] Int8.eq _32 ([#"../checked_ops.rs" 259 38 259 40] [#"../checked_ops.rs" 259 38 259 40] (12 : int8)))) | False -> goto BB21 | True -> goto BB20 end @@ -4084,7 +4123,7 @@ module CheckedOps_TestI8MulExample goto BB22 } BB22 { - switch ([#"../checked_ops.rs" 261 4 261 41] not ([#"../checked_ops.rs" 261 12 261 40] _37 = ([#"../checked_ops.rs" 261 38 261 40] [#"../checked_ops.rs" 261 38 261 40] (50 : int8)))) + switch ([#"../checked_ops.rs" 261 4 261 41] not ([#"../checked_ops.rs" 261 12 261 40] Int8.eq _37 ([#"../checked_ops.rs" 261 38 261 40] [#"../checked_ops.rs" 261 38 261 40] (50 : int8)))) | False -> goto BB24 | True -> goto BB23 end @@ -4097,7 +4136,7 @@ module CheckedOps_TestI8MulExample goto BB25 } BB25 { - switch ([#"../checked_ops.rs" 262 4 262 43] not ([#"../checked_ops.rs" 262 12 262 42] _42 = ([#"../checked_ops.rs" 262 39 262 42] [#"../checked_ops.rs" 262 39 262 42] (127 : int8)))) + switch ([#"../checked_ops.rs" 262 4 262 43] not ([#"../checked_ops.rs" 262 12 262 42] Int8.eq _42 ([#"../checked_ops.rs" 262 39 262 42] [#"../checked_ops.rs" 262 39 262 42] (127 : int8)))) | False -> goto BB27 | True -> goto BB26 end @@ -4110,7 +4149,7 @@ module CheckedOps_TestI8MulExample goto BB28 } BB28 { - switch ([#"../checked_ops.rs" 263 4 263 45] not ([#"../checked_ops.rs" 263 12 263 44] _47 = ([#"../checked_ops.rs" 263 40 263 44] [#"../checked_ops.rs" 263 40 263 44] (-128 : int8)))) + switch ([#"../checked_ops.rs" 263 4 263 45] not ([#"../checked_ops.rs" 263 12 263 44] Int8.eq _47 ([#"../checked_ops.rs" 263 40 263 44] [#"../checked_ops.rs" 263 40 263 44] (-128 : int8)))) | False -> goto BB30 | True -> goto BB29 end @@ -4123,7 +4162,7 @@ module CheckedOps_TestI8MulExample goto BB31 } BB31 { - switch ([#"../checked_ops.rs" 266 12 266 23] (let (a, _) = res in a) = ([#"../checked_ops.rs" 266 21 266 23] [#"../checked_ops.rs" 266 21 266 23] (50 : int8))) + switch ([#"../checked_ops.rs" 266 12 266 23] Int8.eq (let (a, _) = res in a) ([#"../checked_ops.rs" 266 21 266 23] [#"../checked_ops.rs" 266 21 266 23] (50 : int8))) | False -> goto BB32 | True -> goto BB33 end @@ -4152,7 +4191,7 @@ module CheckedOps_TestI8MulExample goto BB37 } BB37 { - switch ([#"../checked_ops.rs" 268 12 268 24] (let (a, _) = res1 in a) = ([#"../checked_ops.rs" 268 21 268 24] [#"../checked_ops.rs" 268 21 268 24] (-12 : int8))) + switch ([#"../checked_ops.rs" 268 12 268 24] Int8.eq (let (a, _) = res1 in a) ([#"../checked_ops.rs" 268 21 268 24] [#"../checked_ops.rs" 268 21 268 24] (-12 : int8))) | False -> goto BB38 | True -> goto BB39 end @@ -4181,7 +4220,7 @@ module CheckedOps_TestI8MulExample goto BB43 } BB43 { - switch ([#"../checked_ops.rs" 270 12 270 23] (let (a, _) = res2 in a) = ([#"../checked_ops.rs" 270 21 270 23] [#"../checked_ops.rs" 270 21 270 23] (12 : int8))) + switch ([#"../checked_ops.rs" 270 12 270 23] Int8.eq (let (a, _) = res2 in a) ([#"../checked_ops.rs" 270 21 270 23] [#"../checked_ops.rs" 270 21 270 23] (12 : int8))) | False -> goto BB44 | True -> goto BB45 end @@ -4287,7 +4326,7 @@ module CheckedOps_TestI8MulZero goto BB2 } BB2 { - switch ([#"../checked_ops.rs" 275 4 275 45] not ([#"../checked_ops.rs" 275 12 275 44] _5 = ([#"../checked_ops.rs" 275 43 275 44] [#"../checked_ops.rs" 275 43 275 44] (0 : int8)))) + switch ([#"../checked_ops.rs" 275 4 275 45] not ([#"../checked_ops.rs" 275 12 275 44] Int8.eq _5 ([#"../checked_ops.rs" 275 43 275 44] [#"../checked_ops.rs" 275 43 275 44] (0 : int8)))) | False -> goto BB4 | True -> goto BB3 end @@ -4300,7 +4339,7 @@ module CheckedOps_TestI8MulZero goto BB5 } BB5 { - switch ([#"../checked_ops.rs" 276 4 276 37] not ([#"../checked_ops.rs" 276 12 276 36] _12 = ([#"../checked_ops.rs" 276 35 276 36] [#"../checked_ops.rs" 276 35 276 36] (0 : int8)))) + switch ([#"../checked_ops.rs" 276 4 276 37] not ([#"../checked_ops.rs" 276 12 276 36] Int8.eq _12 ([#"../checked_ops.rs" 276 35 276 36] [#"../checked_ops.rs" 276 35 276 36] (0 : int8)))) | False -> goto BB7 | True -> goto BB6 end @@ -4313,7 +4352,7 @@ module CheckedOps_TestI8MulZero goto BB8 } BB8 { - switch ([#"../checked_ops.rs" 277 4 277 39] not ([#"../checked_ops.rs" 277 12 277 38] _18 = ([#"../checked_ops.rs" 277 37 277 38] [#"../checked_ops.rs" 277 37 277 38] (0 : int8)))) + switch ([#"../checked_ops.rs" 277 4 277 39] not ([#"../checked_ops.rs" 277 12 277 38] Int8.eq _18 ([#"../checked_ops.rs" 277 37 277 38] [#"../checked_ops.rs" 277 37 277 38] (0 : int8)))) | False -> goto BB10 | True -> goto BB9 end @@ -4326,7 +4365,7 @@ module CheckedOps_TestI8MulZero goto BB11 } BB11 { - switch ([#"../checked_ops.rs" 279 12 279 22] (let (a, _) = res in a) = ([#"../checked_ops.rs" 279 21 279 22] [#"../checked_ops.rs" 279 21 279 22] (0 : int8))) + switch ([#"../checked_ops.rs" 279 12 279 22] Int8.eq (let (a, _) = res in a) ([#"../checked_ops.rs" 279 21 279 22] [#"../checked_ops.rs" 279 21 279 22] (0 : int8))) | False -> goto BB12 | True -> goto BB13 end @@ -4423,7 +4462,7 @@ module CheckedOps_TestI8OverflowingMul goto BB2 } BB2 { - switch ([#"../checked_ops.rs" 284 4 284 56] not ([#"../checked_ops.rs" 284 12 284 55] (let (a, _) = _7 in a) = _10)) + switch ([#"../checked_ops.rs" 284 4 284 56] not ([#"../checked_ops.rs" 284 12 284 55] Int8.eq (let (a, _) = _7 in a) _10)) | False -> goto BB4 | True -> goto BB3 end @@ -4460,43 +4499,47 @@ module CheckedOps_TestI8OverflowingMul end module Core_Num_Impl0_CheckedDiv_Interface + use prelude.Bool use prelude.Int8 use prelude.Int clone Core_Num_Impl0_Min_Stub as Min0 use Core_Option_Option_Type as Core_Option_Option_Type val checked_div (self : int8) (rhs : int8) : Core_Option_Option_Type.t_option int8 ensures { [#"../../../../creusot-contracts/src/std/num.rs" 66 26 66 97] (result = Core_Option_Option_Type.C_None) = (Int8.to_int rhs = 0 \/ Int8.to_int self = Int8.to_int Min0.mIN' /\ Int8.to_int rhs = - 1) } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 68 16 68 85] forall r : int8 . result = Core_Option_Option_Type.C_Some r -> Int8.to_int r = div (Int8.to_int self) (Int8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 68 16 68 85] forall r : int8 . result = Core_Option_Option_Type.C_Some r -> Int8.to_int r = Int.div (Int8.to_int self) (Int8.to_int rhs) } end module Core_Num_Impl0_WrappingDiv_Interface use prelude.Int8 use prelude.Int + use prelude.Bool clone Core_Num_Impl0_Min_Stub as Min0 val wrapping_div (self : int8) (rhs : int8) : int8 requires {[#"../../../../creusot-contracts/src/std/num.rs" 73 27 73 36] Int8.to_int rhs <> 0} ensures { [#"../../../../creusot-contracts/src/std/num.rs" 75 16 75 85] Int8.to_int self = Int8.to_int Min0.mIN' /\ Int8.to_int rhs = - 1 -> Int8.to_int result = Int8.to_int self } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 77 26 77 89] Int8.to_int self = Int8.to_int Min0.mIN' /\ Int8.to_int rhs = - 1 \/ Int8.to_int result = div (Int8.to_int self) (Int8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 77 26 77 89] Int8.to_int self = Int8.to_int Min0.mIN' /\ Int8.to_int rhs = - 1 \/ Int8.to_int result = Int.div (Int8.to_int self) (Int8.to_int rhs) } end module Core_Num_Impl0_SaturatingDiv_Interface use prelude.Int8 use prelude.Int + use prelude.Bool clone Core_Num_Impl0_Min_Stub as Min0 val saturating_div (self : int8) (rhs : int8) : int8 requires {[#"../../../../creusot-contracts/src/std/num.rs" 82 27 82 36] Int8.to_int rhs <> 0} ensures { [#"../../../../creusot-contracts/src/std/num.rs" 84 16 84 91] Int8.to_int self = Int8.to_int Min0.mIN' /\ Int8.to_int rhs = - 1 -> Int8.to_int result = Int8.to_int Min0.mIN' } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 86 26 86 89] Int8.to_int self = Int8.to_int Min0.mIN' /\ Int8.to_int rhs = - 1 \/ Int8.to_int result = div (Int8.to_int self) (Int8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 86 26 86 89] Int8.to_int self = Int8.to_int Min0.mIN' /\ Int8.to_int rhs = - 1 \/ Int8.to_int result = Int.div (Int8.to_int self) (Int8.to_int rhs) } end module Core_Num_Impl0_OverflowingDiv_Interface use prelude.Int8 use prelude.Int + use prelude.Bool clone Core_Num_Impl0_Min_Stub as Min0 val overflowing_div (self : int8) (rhs : int8) : (int8, bool) requires {[#"../../../../creusot-contracts/src/std/num.rs" 91 27 91 36] Int8.to_int rhs <> 0} ensures { [#"../../../../creusot-contracts/src/std/num.rs" 93 16 93 87] Int8.to_int self = Int8.to_int Min0.mIN' /\ Int8.to_int rhs = - 1 -> Int8.to_int (let (a, _) = result in a) = Int8.to_int self } - ensures { [#"../../../../creusot-contracts/src/std/num.rs" 95 26 95 91] Int8.to_int self = Int8.to_int Min0.mIN' /\ Int8.to_int rhs = - 1 \/ Int8.to_int (let (a, _) = result in a) = div (Int8.to_int self) (Int8.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/num.rs" 95 26 95 91] Int8.to_int self = Int8.to_int Min0.mIN' /\ Int8.to_int rhs = - 1 \/ Int8.to_int (let (a, _) = result in a) = Int.div (Int8.to_int self) (Int8.to_int rhs) } ensures { [#"../../../../creusot-contracts/src/std/num.rs" 97 26 97 74] (let (_, a) = result in a) = (Int8.to_int self = Int8.to_int Min0.mIN' /\ Int8.to_int rhs = - 1) } end @@ -4606,7 +4649,7 @@ module CheckedOps_TestI8DivExample goto BB6 } BB6 { - switch ([#"../checked_ops.rs" 291 4 291 45] not ([#"../checked_ops.rs" 291 12 291 44] _10 = ([#"../checked_ops.rs" 291 43 291 44] [#"../checked_ops.rs" 291 43 291 44] (2 : int8)))) + switch ([#"../checked_ops.rs" 291 4 291 45] not ([#"../checked_ops.rs" 291 12 291 44] Int8.eq _10 ([#"../checked_ops.rs" 291 43 291 44] [#"../checked_ops.rs" 291 43 291 44] (2 : int8)))) | False -> goto BB8 | True -> goto BB7 end @@ -4624,7 +4667,7 @@ module CheckedOps_TestI8DivExample goto BB10 } BB10 { - switch ([#"../checked_ops.rs" 292 4 292 47] not ([#"../checked_ops.rs" 292 12 292 46] _16 = ([#"../checked_ops.rs" 292 44 292 46] [#"../checked_ops.rs" 292 44 292 46] (-2 : int8)))) + switch ([#"../checked_ops.rs" 292 4 292 47] not ([#"../checked_ops.rs" 292 12 292 46] Int8.eq _16 ([#"../checked_ops.rs" 292 44 292 46] [#"../checked_ops.rs" 292 44 292 46] (-2 : int8)))) | False -> goto BB12 | True -> goto BB11 end @@ -4654,7 +4697,7 @@ module CheckedOps_TestI8DivExample goto BB17 } BB17 { - switch ([#"../checked_ops.rs" 295 4 295 37] not ([#"../checked_ops.rs" 295 12 295 36] _28 = ([#"../checked_ops.rs" 295 35 295 36] [#"../checked_ops.rs" 295 35 295 36] (2 : int8)))) + switch ([#"../checked_ops.rs" 295 4 295 37] not ([#"../checked_ops.rs" 295 12 295 36] Int8.eq _28 ([#"../checked_ops.rs" 295 35 295 36] [#"../checked_ops.rs" 295 35 295 36] (2 : int8)))) | False -> goto BB19 | True -> goto BB18 end @@ -4667,7 +4710,7 @@ module CheckedOps_TestI8DivExample goto BB20 } BB20 { - switch ([#"../checked_ops.rs" 296 4 296 39] not ([#"../checked_ops.rs" 296 12 296 38] _33 = ([#"../checked_ops.rs" 296 36 296 38] [#"../checked_ops.rs" 296 36 296 38] (-2 : int8)))) + switch ([#"../checked_ops.rs" 296 4 296 39] not ([#"../checked_ops.rs" 296 12 296 38] Int8.eq _33 ([#"../checked_ops.rs" 296 36 296 38] [#"../checked_ops.rs" 296 36 296 38] (-2 : int8)))) | False -> goto BB22 | True -> goto BB21 end @@ -4680,7 +4723,7 @@ module CheckedOps_TestI8DivExample goto BB23 } BB23 { - switch ([#"../checked_ops.rs" 297 4 297 46] not ([#"../checked_ops.rs" 297 12 297 45] _38 = ([#"../checked_ops.rs" 297 41 297 45] [#"../checked_ops.rs" 297 41 297 45] (-128 : int8)))) + switch ([#"../checked_ops.rs" 297 4 297 46] not ([#"../checked_ops.rs" 297 12 297 45] Int8.eq _38 ([#"../checked_ops.rs" 297 41 297 45] [#"../checked_ops.rs" 297 41 297 45] (-128 : int8)))) | False -> goto BB25 | True -> goto BB24 end @@ -4693,7 +4736,7 @@ module CheckedOps_TestI8DivExample goto BB26 } BB26 { - switch ([#"../checked_ops.rs" 299 4 299 39] not ([#"../checked_ops.rs" 299 12 299 38] _43 = ([#"../checked_ops.rs" 299 37 299 38] [#"../checked_ops.rs" 299 37 299 38] (2 : int8)))) + switch ([#"../checked_ops.rs" 299 4 299 39] not ([#"../checked_ops.rs" 299 12 299 38] Int8.eq _43 ([#"../checked_ops.rs" 299 37 299 38] [#"../checked_ops.rs" 299 37 299 38] (2 : int8)))) | False -> goto BB28 | True -> goto BB27 end @@ -4706,7 +4749,7 @@ module CheckedOps_TestI8DivExample goto BB29 } BB29 { - switch ([#"../checked_ops.rs" 300 4 300 41] not ([#"../checked_ops.rs" 300 12 300 40] _48 = ([#"../checked_ops.rs" 300 38 300 40] [#"../checked_ops.rs" 300 38 300 40] (-2 : int8)))) + switch ([#"../checked_ops.rs" 300 4 300 41] not ([#"../checked_ops.rs" 300 12 300 40] Int8.eq _48 ([#"../checked_ops.rs" 300 38 300 40] [#"../checked_ops.rs" 300 38 300 40] (-2 : int8)))) | False -> goto BB31 | True -> goto BB30 end @@ -4719,7 +4762,7 @@ module CheckedOps_TestI8DivExample goto BB32 } BB32 { - switch ([#"../checked_ops.rs" 301 4 301 48] not ([#"../checked_ops.rs" 301 12 301 47] _53 = ([#"../checked_ops.rs" 301 43 301 47] [#"../checked_ops.rs" 301 43 301 47] (-128 : int8)))) + switch ([#"../checked_ops.rs" 301 4 301 48] not ([#"../checked_ops.rs" 301 12 301 47] Int8.eq _53 ([#"../checked_ops.rs" 301 43 301 47] [#"../checked_ops.rs" 301 43 301 47] (-128 : int8)))) | False -> goto BB34 | True -> goto BB33 end @@ -4732,7 +4775,7 @@ module CheckedOps_TestI8DivExample goto BB35 } BB35 { - switch ([#"../checked_ops.rs" 304 12 304 22] (let (a, _) = res in a) = ([#"../checked_ops.rs" 304 21 304 22] [#"../checked_ops.rs" 304 21 304 22] (2 : int8))) + switch ([#"../checked_ops.rs" 304 12 304 22] Int8.eq (let (a, _) = res in a) ([#"../checked_ops.rs" 304 21 304 22] [#"../checked_ops.rs" 304 21 304 22] (2 : int8))) | False -> goto BB36 | True -> goto BB37 end @@ -4761,7 +4804,7 @@ module CheckedOps_TestI8DivExample goto BB41 } BB41 { - switch ([#"../checked_ops.rs" 306 12 306 23] (let (a, _) = res1 in a) = ([#"../checked_ops.rs" 306 21 306 23] [#"../checked_ops.rs" 306 21 306 23] (-2 : int8))) + switch ([#"../checked_ops.rs" 306 12 306 23] Int8.eq (let (a, _) = res1 in a) ([#"../checked_ops.rs" 306 21 306 23] [#"../checked_ops.rs" 306 21 306 23] (-2 : int8))) | False -> goto BB42 | True -> goto BB43 end @@ -4790,7 +4833,7 @@ module CheckedOps_TestI8DivExample goto BB47 } BB47 { - switch ([#"../checked_ops.rs" 308 12 308 25] (let (a, _) = res2 in a) = ([#"../checked_ops.rs" 308 21 308 25] [#"../checked_ops.rs" 308 21 308 25] (-128 : int8))) + switch ([#"../checked_ops.rs" 308 12 308 25] Int8.eq (let (a, _) = res2 in a) ([#"../checked_ops.rs" 308 21 308 25] [#"../checked_ops.rs" 308 21 308 25] (-128 : int8))) | False -> goto BB48 | True -> goto BB49 end @@ -4823,6 +4866,7 @@ end module CheckedOps_TestI8DivNoOverflow_Interface use prelude.Int8 use prelude.Int + use prelude.Bool val test_i8_div_no_overflow [#"../checked_ops.rs" 313 0 313 44] (a : int8) (b : int8) : () requires {[#"../checked_ops.rs" 312 11 312 46] Int8.to_int b <> 0 /\ (Int8.to_int a <> - 128 \/ Int8.to_int b <> - 1)} @@ -4910,17 +4954,17 @@ module CheckedOps_TestI8DivNoOverflow BB2 { _12 <- a; _13 <- b; - _14 <- ([#"../checked_ops.rs" 314 41 314 46] _13 = ([#"../checked_ops.rs" 314 41 314 46] [#"../checked_ops.rs" 314 41 314 46] (0 : int8))); + _14 <- ([#"../checked_ops.rs" 314 41 314 46] Int8.eq _13 ([#"../checked_ops.rs" 314 41 314 46] [#"../checked_ops.rs" 314 41 314 46] (0 : int8))); assert { [@expl:division by zero] [#"../checked_ops.rs" 314 41 314 46] not _14 }; goto BB3 } BB3 { - _17 <- ([#"../checked_ops.rs" 314 41 314 46] ([#"../checked_ops.rs" 314 41 314 46] _13 = ([#"../checked_ops.rs" 314 41 314 46] [#"../checked_ops.rs" 314 41 314 46] (-1 : int8))) && ([#"../checked_ops.rs" 314 41 314 46] _12 = ([#"../checked_ops.rs" 314 41 314 46] [#"../checked_ops.rs" 314 41 314 46] (-128 : int8)))); + _17 <- ([#"../checked_ops.rs" 314 41 314 46] ([#"../checked_ops.rs" 314 41 314 46] Int8.eq _13 ([#"../checked_ops.rs" 314 41 314 46] [#"../checked_ops.rs" 314 41 314 46] (-1 : int8))) && ([#"../checked_ops.rs" 314 41 314 46] Int8.eq _12 ([#"../checked_ops.rs" 314 41 314 46] [#"../checked_ops.rs" 314 41 314 46] (-128 : int8)))); assert { [@expl:Div overflow] [#"../checked_ops.rs" 314 41 314 46] not _17 }; goto BB4 } BB4 { - switch ([#"../checked_ops.rs" 314 4 314 47] not ([#"../checked_ops.rs" 314 12 314 46] _7 = ([#"../checked_ops.rs" 314 41 314 46] _12 / _13))) + switch ([#"../checked_ops.rs" 314 4 314 47] not ([#"../checked_ops.rs" 314 12 314 46] Int8.eq _7 ([#"../checked_ops.rs" 314 41 314 46] Int8.div _12 _13))) | False -> goto BB6 | True -> goto BB5 end @@ -4935,17 +4979,17 @@ module CheckedOps_TestI8DivNoOverflow BB7 { _26 <- a; _27 <- b; - _28 <- ([#"../checked_ops.rs" 315 33 315 38] _27 = ([#"../checked_ops.rs" 315 33 315 38] [#"../checked_ops.rs" 315 33 315 38] (0 : int8))); + _28 <- ([#"../checked_ops.rs" 315 33 315 38] Int8.eq _27 ([#"../checked_ops.rs" 315 33 315 38] [#"../checked_ops.rs" 315 33 315 38] (0 : int8))); assert { [@expl:division by zero] [#"../checked_ops.rs" 315 33 315 38] not _28 }; goto BB8 } BB8 { - _31 <- ([#"../checked_ops.rs" 315 33 315 38] ([#"../checked_ops.rs" 315 33 315 38] _27 = ([#"../checked_ops.rs" 315 33 315 38] [#"../checked_ops.rs" 315 33 315 38] (-1 : int8))) && ([#"../checked_ops.rs" 315 33 315 38] _26 = ([#"../checked_ops.rs" 315 33 315 38] [#"../checked_ops.rs" 315 33 315 38] (-128 : int8)))); + _31 <- ([#"../checked_ops.rs" 315 33 315 38] ([#"../checked_ops.rs" 315 33 315 38] Int8.eq _27 ([#"../checked_ops.rs" 315 33 315 38] [#"../checked_ops.rs" 315 33 315 38] (-1 : int8))) && ([#"../checked_ops.rs" 315 33 315 38] Int8.eq _26 ([#"../checked_ops.rs" 315 33 315 38] [#"../checked_ops.rs" 315 33 315 38] (-128 : int8)))); assert { [@expl:Div overflow] [#"../checked_ops.rs" 315 33 315 38] not _31 }; goto BB9 } BB9 { - switch ([#"../checked_ops.rs" 315 4 315 39] not ([#"../checked_ops.rs" 315 12 315 38] _22 = ([#"../checked_ops.rs" 315 33 315 38] _26 / _27))) + switch ([#"../checked_ops.rs" 315 4 315 39] not ([#"../checked_ops.rs" 315 12 315 38] Int8.eq _22 ([#"../checked_ops.rs" 315 33 315 38] Int8.div _26 _27))) | False -> goto BB11 | True -> goto BB10 end @@ -4960,17 +5004,17 @@ module CheckedOps_TestI8DivNoOverflow BB12 { _40 <- a; _41 <- b; - _42 <- ([#"../checked_ops.rs" 316 35 316 40] _41 = ([#"../checked_ops.rs" 316 35 316 40] [#"../checked_ops.rs" 316 35 316 40] (0 : int8))); + _42 <- ([#"../checked_ops.rs" 316 35 316 40] Int8.eq _41 ([#"../checked_ops.rs" 316 35 316 40] [#"../checked_ops.rs" 316 35 316 40] (0 : int8))); assert { [@expl:division by zero] [#"../checked_ops.rs" 316 35 316 40] not _42 }; goto BB13 } BB13 { - _45 <- ([#"../checked_ops.rs" 316 35 316 40] ([#"../checked_ops.rs" 316 35 316 40] _41 = ([#"../checked_ops.rs" 316 35 316 40] [#"../checked_ops.rs" 316 35 316 40] (-1 : int8))) && ([#"../checked_ops.rs" 316 35 316 40] _40 = ([#"../checked_ops.rs" 316 35 316 40] [#"../checked_ops.rs" 316 35 316 40] (-128 : int8)))); + _45 <- ([#"../checked_ops.rs" 316 35 316 40] ([#"../checked_ops.rs" 316 35 316 40] Int8.eq _41 ([#"../checked_ops.rs" 316 35 316 40] [#"../checked_ops.rs" 316 35 316 40] (-1 : int8))) && ([#"../checked_ops.rs" 316 35 316 40] Int8.eq _40 ([#"../checked_ops.rs" 316 35 316 40] [#"../checked_ops.rs" 316 35 316 40] (-128 : int8)))); assert { [@expl:Div overflow] [#"../checked_ops.rs" 316 35 316 40] not _45 }; goto BB14 } BB14 { - switch ([#"../checked_ops.rs" 316 4 316 41] not ([#"../checked_ops.rs" 316 12 316 40] _36 = ([#"../checked_ops.rs" 316 35 316 40] _40 / _41))) + switch ([#"../checked_ops.rs" 316 4 316 41] not ([#"../checked_ops.rs" 316 12 316 40] Int8.eq _36 ([#"../checked_ops.rs" 316 35 316 40] Int8.div _40 _41))) | False -> goto BB16 | True -> goto BB15 end @@ -4985,7 +5029,7 @@ module CheckedOps_TestI8DivNoOverflow BB17 { _56 <- a; _57 <- b; - _58 <- ([#"../checked_ops.rs" 318 21 318 26] _57 = ([#"../checked_ops.rs" 318 21 318 26] [#"../checked_ops.rs" 318 21 318 26] (0 : int8))); + _58 <- ([#"../checked_ops.rs" 318 21 318 26] Int8.eq _57 ([#"../checked_ops.rs" 318 21 318 26] [#"../checked_ops.rs" 318 21 318 26] (0 : int8))); assert { [@expl:division by zero] [#"../checked_ops.rs" 318 21 318 26] not _58 }; goto BB21 } @@ -5006,12 +5050,12 @@ module CheckedOps_TestI8DivNoOverflow end } BB21 { - _61 <- ([#"../checked_ops.rs" 318 21 318 26] ([#"../checked_ops.rs" 318 21 318 26] _57 = ([#"../checked_ops.rs" 318 21 318 26] [#"../checked_ops.rs" 318 21 318 26] (-1 : int8))) && ([#"../checked_ops.rs" 318 21 318 26] _56 = ([#"../checked_ops.rs" 318 21 318 26] [#"../checked_ops.rs" 318 21 318 26] (-128 : int8)))); + _61 <- ([#"../checked_ops.rs" 318 21 318 26] ([#"../checked_ops.rs" 318 21 318 26] Int8.eq _57 ([#"../checked_ops.rs" 318 21 318 26] [#"../checked_ops.rs" 318 21 318 26] (-1 : int8))) && ([#"../checked_ops.rs" 318 21 318 26] Int8.eq _56 ([#"../checked_ops.rs" 318 21 318 26] [#"../checked_ops.rs" 318 21 318 26] (-128 : int8)))); assert { [@expl:Div overflow] [#"../checked_ops.rs" 318 21 318 26] not _61 }; goto BB22 } BB22 { - switch ([#"../checked_ops.rs" 318 12 318 26] (let (a, _) = res in a) = ([#"../checked_ops.rs" 318 21 318 26] _56 / _57)) + switch ([#"../checked_ops.rs" 318 12 318 26] Int8.eq (let (a, _) = res in a) ([#"../checked_ops.rs" 318 21 318 26] Int8.div _56 _57)) | False -> goto BB18 | True -> goto BB19 end diff --git a/creusot/tests/should_succeed/checked_ops/why3session.xml b/creusot/tests/should_succeed/checked_ops/why3session.xml index ac3172c6fb..db89411f21 100644 --- a/creusot/tests/should_succeed/checked_ops/why3session.xml +++ b/creusot/tests/should_succeed/checked_ops/why3session.xml @@ -2,159 +2,159 @@ - + + - - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/checked_ops/why3shapes.gz b/creusot/tests/should_succeed/checked_ops/why3shapes.gz index 4b36dd7132ec010f0a1b29fca44342a94a7fa074..838d10e666af2d05afe59405a04513d3f4fc1305 100644 GIT binary patch literal 4156 zcmV-C5X0{uiwFP!00000|Lt8{Z{0Q$e)q39Z{2NSfE-@6Kp%`C#xW2y4_gTP7DyE3 zHIT${F70A}{SK)cDNz#7v74k@1KkZR4$0wg_>mvUvH$kt;nTmX5BAgHH~aC^-TnK2 z9OU80zh8WQsP5kXR+8&JMN2v)p@i#;>gSSGzkd8;Z(jK1b@ld>y{bOiPxo(sv(>L( zKD@P1s#143PNt;v3jft5B@g&7rM~>D%0ATo<17DjvJRI~7Or&BHCp{#eYt!8S^t3l zS1Q9@7XI@vO1Nr=3|&f}Uy7Gk)$Ql1YMScv{TnQ5K#(Cxhg9|M>R&&+uHI${-u&`| zYf|=_|J-MkqWbiuUN8Rc%iEHI&v$Y`vtiAKI&D$Vke4^PdPhpQ0^3TkTqT%SBGV=d zB~k^jHk;X{+YG@}v+wRV`v2kncl*&m|Akid&9DEAy8hBR4ey5bg-@oPoXL`@(am|u zi7Uud$qMHjoCJREzrNb6$oo3ez7C!6b|wuKKG!84CNb~wQ!cjDidgkB+5FcP zeCX=&R-@i(G-Wj^!XK2E!-DEzD&XzsKVHQ}RdpHuXy_|9V_ag;m=E=_1i}n9Ea^7D zB;|vo+(3uP9W|Vo-9VENlU6*|VgWI8B_LY~NJ327DoZ621(pc2 z)}uMVQ8WiuJ8`=wm1-?^|FG1q^Iu=jz2x_g)rSvv?{A&ExFv+DVLIS! zLzI1(zV(ZO`|7jhUB8aFOpnCXi#NaAzqi*{eiuu{O^?q!bQZ+@Kzlm&?WTj=7jOP~ z|IRHc*E38HL^lvUB{kuBuiwpLHN*ed(C2P_!7t=`?u?ICfi9L5GM_s^X}?)4ayN@b zV)mpJj@zG2pIQ4rGTR4|m_TV$EZa|bLp+1lI&!-wm27S{g@R)HQz+s?NoEvodi>r< zlzPUI@XL+oNGhBfYR4C*y~P<@i+x{Eb8r}zj{qN@o_?-Zvd2H6+w=Rxf`j&%a~3+; zZij{L3U0H|)#7Ke&>X!NOl(_;(^+VaO%|3&74Wk=uS>TXf@>^vwcxj8p-DQGO+rD? zo`qs6K|_c91P=|YvBg6-#pVcs!lx2Y>Gl%=0R_L@D#R>LKq1^~xUXvjR1W)+p2POk zb+(b0;Sa?c*X=&e2xw9L6#l3k14YmBshOy*F8$6t_~hBD`&iPxgWU;%C$8gw447=v zJH%l?w#0_5g;;DYcvp0#ykAf}2GA^`$O0(ZQ9D**-oiqOrO2uhJb0tNbo*7)EwC(b>M;-3-H4+`y*p!2qi&DmkphP# z1C7_6Ee4vDT4kU~>GK$9x~jA}=BxRm8R&N7b56KoqiBWQVxXtBwp?4Eih*K{UyXqV z+V3&Yr0B+~`3Er2r&M8$fu>8J$v}4%UQ)94_RnCTyQWz7Kj97W4BB9zCpMRuLf;ny z-58708R#j#u*pDseE5zoK!NjtfG#gV`^-53MJo>L>?Z%*liQ}BYo*U*pBYLo3D}kj zr*qE?dqgU%$opBH)t%dYxi#LoR_;%H`6)*_oK*1C|T< zX9hMnA{L?pbc?OV)x(p*5FY&3HPdw!bvK|Lu}pykRs9}Z_51SxBgQ<0Avu!7h26&O z)pE(-mKv7)1xC;XNCc(h`@=n$PeDXl;kf-7Ld@IG#Ro{?L)sK^`$_RRIIMN#c28>2 zTml(_VwqHsPgIbnT#fba#Clibfvb&qi0Tm)jJkIENJf1=eIVco2O@~PVBN*+dqR;?3yBOf5jUj$KE0pCpNc4nD2~K zY>dU}q~a7`*d!HLQRc=0h*LD!IQZ>7P+Wuj#(@WD;=itK9J-3SlWTwY4XGz6=yzQv z{yRGupYmwG^}s5r4q)AYxun65A~a^O4Y`W&tGWAau?d6Md6mXB4H7qbg}dcVP0O1~ zEpM{xwEK4k-$7otfeM%2r|MOdaZ<{!F;X%b z@UfmtQKUpOwp4dtSNWK)sN-X@qf#k8M#3LD%7q2HXQ?t^W~9rFq`eUXoC!1GmCHr& z!sOL2uC~c{8Fq{Labc;82-aUVu>K-~1s4%hUfI`xO%%P_5CT`pq7hqeHDCc;;DHO~ zB}(=>uhzJ#VB3~c*!Kn| zk~;NLpaVT2fSxP_%U6)s50_Icx&a|ByGuI3>}2X}^6pnG?|wz0Fg|lf)+$=c;|?MtI331u~^KU)ryUW`~%}D|md6$%gie!^S;D9u;V^VVi{_ z=_2!|;G12$%@WNBIGGoHvQyXi=#b|e9j2eIY@8h41qX+hy{q@h#PQ)MkvKsNED{)G zb2>!maCcUC$ya#YGnq&R>5R8MA-rD(KWPJfY>D>!(l9F$L_?}E3I)_?@S*8tzz<3- zF*<=mNx9vZJ!=)jN2vKPdomP{wU}YhQVE`|1WzE)npKucBnr&IXT3+a`*O)fXSfp; ze9Y^f$>CshGoMO4@EP;>pZJ_Oy0d**3LA#~&zleTpZ?zf;-?58W>5b@fcR+v5MFWz zAjVA|Lby(j#Q+gIk~<)=QN!#3;3+7vul-`S&^=9fwk9D|>{}Mx z5V&6UsZhh!+QWuRCU9et$O4WGt84I6EJ}xGaFnJV!VUR}gRHhkLoMXiI z8L@WvRVnMGKLD7%bg^pqEiYDWo3idpo)odR$yv_}T04cb?x^zE(6vnJxLRZpz_!g= z&uBUs#`b4mtyxw{p~E?+S`nN=|2D`0=kjfk|GIxOuy`62py`wbx`svF$7tpwst2dp zxC0)Kv%7RGOroRj;#GwlJ_R~B@F9|*zZfX#2AGedvUxbZE4cHznXcF1XRgSfxgrH3 zIY+3=HWG@+d_`mmLUPWl#cGKKfNUOhpw=-*brgPQzeB!#zjAK1ad+aZ#{$0TKL52f-SW!iMKC*yk|V^nUg^ z4EC!si*FYMyT>f@17W`svl!0$)p!{Yv5O%);umA!%O#B?|AGsEE#eTw7X~FT{W`zu zsKP+zCcld8&2RL_9C&bHsAs#Z?vFX>)lFRR*Bts+tBIvmn9FW+>k^9)+%b3lml>vR z?nWi2{^CL^=JPU)bKR^qu4|CE$t>ONIA9tHx^@F3WGSXgVq9OO-)ac-OMiJQ!(Ykc zzpjl%SCbzL(IJdZpim$1Ec#$*5&S-$F%Mf2olq%wPIUMjA5IU1<@g^9JW_a1;H(t> zB20uAVgBoy6}pN#D|Ed{+=TJq>Z$v^w^*$EwYVa<3G*MLdn@7N7lVp;kQRMZCFhv- zVU=QvG!&%d#mlR^&#tiqZgD;$Q=fd8BweZ>s9|^I)a&G?%&RFG*Dbnn>k(u2_JStZummQqQWQC-!&!ab&QFVP@9|Vf#fS3Jf^1;|V`r8+K!Ml91LE_}e0!ewe zbIy+>kNRaNLx(Oy8Ch;-ST1PI%bnIe`2I(Qr+QowRf!5QQxnH9tdlzGg zQDby;u|65ZeY=!cxL7YYWnN9mxb7Yry2L|JTM8S(5ZFYvXB`*P77|*~a9VRsn5o;= z|C;LBD5gaV2YzHnIMO4zAi8cFqgzQ?LkVqUh54K?-HHPLXAklyP^`htj1on~Y%MHr zxvi)bwgF2e2LK~10~18RmR#%S%ZQ#wMIY# zN(v%*QRu4TZE>Ke8|@XW(2$f1+~w4bMWvW*jitbv23p+7^8@8a%21HDy3!42_}LW3 zT|UxUi`s&f(y)dcs60|}!HlX}qMO$6rYah2zbPzhB~eV&O`{J~AF0Cnib`rh5h)le zMAhm7jBK=`sA`MgRUCjEY0+z07;P9attu*LTd-Kz04}680ofKcIRG4ib{$d@Y9iZ8 zP*Z7PYbK2W+5n@h<`NFTkKj9m!$_LCsccz3ub{rYq?O3lC+SFP>#y5_Q1#y+&HzZMdQ~B z6>hM{l~xKzlW~onMMx_T432CVCmf`fB5E625ncnD!4f5#qE@}CId+>? z+_p`DW7ZV7v6q5c)Lt~rfs-S1-C<4&DkiO<+8AO$Hv)T&-fVD4<$=SI58c5jU<&|? zUIL=1D^#XXrf3;Ky#-ST&X1gVXU1K=Mt`uXp&B%)YaAyiaQdP9DQsRIx$6#Rw4ls1 zg~s_nM6Fz_1V;-bIyG+(Tpzi*Am}YP87z*ctQkS;6YRJ#%2H*t)dxY2+;s<;muYLJ zRDs>mrUC#~qiw+oNvW+40*+$nj%!P5TNBF|GfY|Z3tK51Co4gl;vo1@FfS_6eX!CR zrxP)a0gGdUvj}~T;4~0eFG7OoW+u8hXHrUnc~WUkDTTTcx z25gVxv6IFA`Yk=1q)0v5Jx&4-5?E}psCu%O(@{*s(e+j^5;)q?ESH8-j(kj?QQwVK0dtr&6YoZ`S{L4 zp$gsh9{cW&9)Ihukswxv-}aaL@>Tie_~Enu0sk29>q2(jg?N2i-jpxP&kt|0+khZr zla8(O{q4VhcvJp!jq3iVAAZGW%0aAGLq{RX>(tN}MUGw9E+hAGhN5sqZpiEVO+tE1 zU#6MjAFEs`>DX@3I$#?k#|ORIq`=K8*_`3~hdMRrIBYzW90%@B^D!gvJf2Bh#J zgKdZmM#6whi0Jct8Ku7}e$1MOPuXYt`1$P@{kE*@xAwo~d$eJj9N?53AYo|A3d-C5 zz%!J`^TSBrUOVG=4c{@8xj$Me?>Ab=`DthuM3fg4#^=#6t&A!cbRnxmhz2iG2)#(D zpH`f)IKkzH2`=Y(B`&4U^<|o?+Q3!K(@I?JkZXiI%ql7IZ`P;f7iu*834&##Gp<5Sc{i!IC~&h% z7KfIJLEi#eMgfe2EJ4uQsWrovWA7YXPAV;c%SD=Ha2XxC6I`x|7=p_aeV88}zf^l6 zC2v7q1X79wq#Wqms~WMO3U>V5{h;(tx87!T$11)mpU?4SisSZ0ZdKh-#~HDoV-|MEyBG!OWzQD5cRe*^ zyavHG^NDRgOsrc zB+_AA_J`y96os@bTx%r647Sz@;GNb*MuEQby=f3HsuY@@kf}cawR8 z@HcBzaUdBV^QU-4Dah^En8C=QZ;m2Q`fQ2AbQmU3WOV3G6uBm1h$0g_!~F36%R3iR zZpaNIL=3Y7-dr9)`LLDevrYckGe>}v8q*$Ww#YA$EF-|!$ephoSL6#}Qi9{2*NrRc z`Wz#~eriaGeX~rHK!C9!-w*-raK;P)?$DMzrCB>`_@s5Iu*ub5jVnw`Q@10<{2UM&m>oJV_*O?Vd zpkfanKi7O)P?0d{9#FB}hbrmAU7%vSZB^WdOP~Ui#MX_2YC|uwaY((Y8V6wX_n#x- zHCP+Q9*w!9C&2{e+q0vP3xFXpRNGkkQdiDinl6}*_oka(>PC0zqv_J-Pf2dmL5JlxNob* z6cNb)%tse2@>a@Su%~@XpU_}TXd<1@{P#3(T(U0b!YIM)%}cAu2#}uYRFy)1WZE`b zosXwO)uAg@0dh@&oZ9J6?o)J|szAcQ=hcBMh#H(eE-*f?7Gy#DfOUL;|55RxA~zcd zS877SVHZ1c9S`Zk>9_u&NGp@PJvF@`b-U+>dy`s@Rttd|r&>PZOAJ1@uplX@ml}>| zRexOUQys_pPP_Y1$N7oMJIjmd6TZ9Pxc#WON`0i`7)MREUvOfCXtNKUu{%$xBT#PI#_db>+;^7MB0 zzT=7IhH>-r_T$6jpEW_e^b!P}C5V@M69g^=dObtLsWzqvfAG0EA}MGxNzC}3l_ip@ zC(?vRKii3dg2@Ahd;8A?06aQdEH^})1B24vPJN@LbcJKUj;tb1q~rt zn(tW^WgDSjoPL&V7O>D>j`L*m$AZs&o=Vr6Z3LfBZ17laIOlXqw6ijjAY>vz4D{_a zALnlFd&SxCbu{iz?|52|$4~A(k0R{F1cN~nrVojUW6C4pa*#gUUM3oo2cIPm<}U`` zG4qZswljSSJ1^#l@PH~>A{se*dM-;%vHRNlQlHCGzn8MqrFJq* z)~5c6zLYwBC>8lmDshByxiaasI>@kU`K(IF4W-h4EhG*I^TQulmg@TCxhnO!Ds{Yu z2S(p{QR-xhr>#jH`eOOvxis~;G<88)kKtdlH1)UxSbUd-sms7(dui%fz+!x3pyuxr zPMsdSm?}%Isb5j&oXanv2d8e&8G-FL+aK*c(4o2C{)o*x<@TQ_i0zb;t zl3oWJ<*BRvw+Y7MSK=9WwdR-3_FeIs$ZNL}b@8#WRop8@T^!vnuP1}1{+b((|F`zZ z1B3FELB|1nsKDhzZSG{wse=`q_7ny8thr`PJ~Jkd8}p2+ULG~&swG)IO+S{031WY3 zDkBA>kub)a%LCeLH~YJWXLm-Nw)9?2vA)#r^xJt&#aLhI$4-@gY~1vO(m_9OvDMb* zy}mtuKHa??Z~H>|LlQ(?S0@BN2{E$`8_EsaMmV1I9YeJtg97>nEg&Dv1>Ry9ZFd?}0h(p~@3ZW#1sYA>4JtSZWF(qJ{xc!&qqwZ18<+CGQ;?(2F@Rc%SBskL3op zFg4QMfsQM!h?Tl3s}cy~sv?pb-N?K|sUeqT#t-ZO2YMh^wG~p8x=~bd#U+$Y)yR_T zQcEI@g-jjuQ;k*Y3< zDH(x0qx?V_5*o{uP%O8)#5GPgjH7BguPT(0H4S7`9;mpIC=~uDIWe{_QKd!;(V#Mo z&1*?%M)iRze4Z7gp}0X60Hju;s!>@ZPylMS$7-fC;0I_GBAn^Q`NUDqy+7gu3 zw!z0Z8a!hdbgf#tLUD3vKv-^6RU45Lic6`YoHtC-jL8FQW6sdJ5)A`VS*~+YHB3tM zLS3WBKpK-VePHS;&nwF;5nR%oRH`;qS}mIRf7?^UkrN zC95n^0%rvr_^3_^jVXoT4VqM7>|(q%l}48_3@!pZeUB)KgGftpIF+P_T_ zmny<=0jfY{TpoC (0 : uint32) + [#"../04.rs" 7 4 7 12] Int.gt x (0 : uint32) val a [#"../04.rs" 6 0 6 20] (x : uint32) : bool ensures { result = a x } @@ -37,9 +37,10 @@ end module C04_B use prelude.Int use prelude.UInt32 + use prelude.Bool clone C04_A_Stub as A0 function b [#"../04.rs" 11 0 11 20] (x : uint32) : bool = - [#"../04.rs" 12 4 12 21] x > (10 : uint32) /\ A0.a x + [#"../04.rs" 12 4 12 21] Int.gt x (10 : uint32) /\ A0.a x val b [#"../04.rs" 11 0 11 20] (x : uint32) : bool ensures { result = b x } @@ -60,9 +61,10 @@ end module C04_C use prelude.Int use prelude.UInt32 + use prelude.Bool clone C04_B_Stub as B0 function c [#"../04.rs" 16 0 16 20] (x : uint32) : bool = - [#"../04.rs" 17 4 17 21] x < (50 : uint32) /\ B0.b x + [#"../04.rs" 17 4 17 21] Int.lt x (50 : uint32) /\ B0.b x val c [#"../04.rs" 16 0 16 20] (x : uint32) : bool ensures { result = c x } diff --git a/creusot/tests/should_succeed/closures/01_basic.mlcfg b/creusot/tests/should_succeed/closures/01_basic.mlcfg index b969759c24..79e3918b4d 100644 --- a/creusot/tests/should_succeed/closures/01_basic.mlcfg +++ b/creusot/tests/should_succeed/closures/01_basic.mlcfg @@ -48,6 +48,7 @@ end module C01Basic_UsesClosure_Closure0_Interface use export C01Basic_UsesClosure_Closure0_Type use prelude.Borrow + use prelude.Bool let function field_0 [#"../01_basic.rs" 6 14 6 16] (self : c01basic_usesclosure_closure0) : bool = [@vc:do_not_keep_trace] [@vc:sp] [#"../01_basic.rs" 1 0 1 0] let C01Basic_UsesClosure_Closure0 a = self in a @@ -75,6 +76,7 @@ end module C01Basic_UsesClosure_Closure0 use export C01Basic_UsesClosure_Closure0_Type use prelude.Borrow + use prelude.Bool let function field_0 [#"../01_basic.rs" 6 14 6 16] (self : c01basic_usesclosure_closure0) : bool = [@vc:do_not_keep_trace] [@vc:sp] [#"../01_basic.rs" 1 0 1 0] let C01Basic_UsesClosure_Closure0 a = self in a @@ -148,6 +150,7 @@ module C01Basic_MultiArg_Closure0_Interface use prelude.Borrow use prelude.Int use prelude.Int32 + use prelude.Bool predicate resolve [#"../01_basic.rs" 10 12 10 18] (_1 : c01basic_multiarg_closure0) = [#"../01_basic.rs" 1 0 1 0] true predicate unnest [#"../01_basic.rs" 10 12 10 18] (self : c01basic_multiarg_closure0) (_2 : c01basic_multiarg_closure0) @@ -175,6 +178,7 @@ module C01Basic_MultiArg_Closure0 use prelude.Int use prelude.Int32 use prelude.Borrow + use prelude.Bool predicate resolve [#"../01_basic.rs" 10 12 10 18] (_1 : c01basic_multiarg_closure0) = [#"../01_basic.rs" 1 0 1 0] true predicate unnest [#"../01_basic.rs" 10 12 10 18] (self : c01basic_multiarg_closure0) (_2 : c01basic_multiarg_closure0) @@ -204,7 +208,7 @@ module C01Basic_MultiArg_Closure0 goto BB0 } BB0 { - _0 <- ([#"../01_basic.rs" 10 19 10 24] a + b); + _0 <- ([#"../01_basic.rs" 10 19 10 24] Int32.add a b); return _0 } @@ -252,6 +256,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -333,7 +338,7 @@ module C01Basic_MoveClosure_Closure0 goto BB0 } BB0 { - _1 <- { _1 with current = (let C01Basic_MoveClosure_Closure0 a = * _1 in C01Basic_MoveClosure_Closure0 ({ (field_0 ( * _1)) with current = ([#"../01_basic.rs" 20 8 20 15] * field_0 ( * _1) + ([#"../01_basic.rs" 20 14 20 15] [#"../01_basic.rs" 20 14 20 15] (1 : int32))) })) }; + _1 <- { _1 with current = (let C01Basic_MoveClosure_Closure0 a = * _1 in C01Basic_MoveClosure_Closure0 ({ (field_0 ( * _1)) with current = ([#"../01_basic.rs" 20 8 20 15] Int32.add ( * field_0 ( * _1)) ([#"../01_basic.rs" 20 14 20 15] [#"../01_basic.rs" 20 14 20 15] (1 : int32))) })) }; assume { Resolve0.resolve _1 }; _0 <- ([#"../01_basic.rs" 19 24 21 5] ()); return _0 diff --git a/creusot/tests/should_succeed/closures/02_nested.mlcfg b/creusot/tests/should_succeed/closures/02_nested.mlcfg index 22dbdd5ec5..56140cb059 100644 --- a/creusot/tests/should_succeed/closures/02_nested.mlcfg +++ b/creusot/tests/should_succeed/closures/02_nested.mlcfg @@ -48,6 +48,7 @@ end module C02Nested_NestedClosure_Closure0_Closure0_Interface use export C02Nested_NestedClosure_Closure0_Closure0_Type use prelude.Borrow + use prelude.Bool let function field_0 [#"../02_nested.rs" 6 18 6 20] (self : c02nested_nestedclosure_closure0_closure0) : bool = [@vc:do_not_keep_trace] [@vc:sp] [#"../02_nested.rs" 1 0 1 0] let C02Nested_NestedClosure_Closure0_Closure0 a = self in a @@ -77,6 +78,7 @@ end module C02Nested_NestedClosure_Closure0_Closure0 use export C02Nested_NestedClosure_Closure0_Closure0_Type use prelude.Borrow + use prelude.Bool let function field_0 [#"../02_nested.rs" 6 18 6 20] (self : c02nested_nestedclosure_closure0_closure0) : bool = [@vc:do_not_keep_trace] [@vc:sp] [#"../02_nested.rs" 1 0 1 0] let C02Nested_NestedClosure_Closure0_Closure0 a = self in a @@ -123,6 +125,7 @@ end module C02Nested_NestedClosure_Closure0_Interface use export C02Nested_NestedClosure_Closure0_Type use prelude.Borrow + use prelude.Bool let function field_0 [#"../02_nested.rs" 5 14 5 16] (self : c02nested_nestedclosure_closure0) : bool = [@vc:do_not_keep_trace] [@vc:sp] [#"../02_nested.rs" 1 0 1 0] let C02Nested_NestedClosure_Closure0 a = self in a @@ -151,6 +154,7 @@ end module C02Nested_NestedClosure_Closure0 use export C02Nested_NestedClosure_Closure0_Type use prelude.Borrow + use prelude.Bool clone C02Nested_NestedClosure_Closure0_Closure0_Interface as Closure00 let function field_0 [#"../02_nested.rs" 5 14 5 16] (self : c02nested_nestedclosure_closure0) : bool = [@vc:do_not_keep_trace] [@vc:sp] diff --git a/creusot/tests/should_succeed/closures/03_generic_bound.mlcfg b/creusot/tests/should_succeed/closures/03_generic_bound.mlcfg index 7b9fbba3bd..1768adf325 100644 --- a/creusot/tests/should_succeed/closures/03_generic_bound.mlcfg +++ b/creusot/tests/should_succeed/closures/03_generic_bound.mlcfg @@ -211,6 +211,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -221,6 +222,7 @@ module CreusotContracts_Std1_Ops_Impl2_FnMut_Stub type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -246,6 +248,7 @@ module CreusotContracts_Std1_Ops_Impl2_FnMut_Interface type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -279,6 +282,7 @@ module CreusotContracts_Std1_Ops_Impl2_FnMut type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -341,6 +345,7 @@ end module CreusotContracts_Std1_Ops_Impl2_FnOnce_Stub type args type f + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -365,6 +370,7 @@ end module CreusotContracts_Std1_Ops_Impl2_FnOnce_Interface type args type f + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -397,6 +403,7 @@ end module CreusotContracts_Std1_Ops_Impl2_FnOnce type args type f + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -630,6 +637,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce_Stub type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -657,6 +665,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce_Interface type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -692,6 +701,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -886,6 +896,7 @@ module C03GenericBound_Caller_Closure0_Interface use prelude.Borrow use prelude.Int use prelude.UInt32 + use prelude.Bool predicate resolve [#"../03_generic_bound.rs" 8 18 8 27] (_1 : c03genericbound_caller_closure0) = [#"../03_generic_bound.rs" 1 0 1 0] true predicate unnest [#"../03_generic_bound.rs" 8 18 8 27] (self : c03genericbound_caller_closure0) (_2 : c03genericbound_caller_closure0) @@ -915,6 +926,7 @@ module C03GenericBound_Caller_Closure0 use prelude.Borrow use prelude.Int use prelude.UInt32 + use prelude.Bool predicate resolve [#"../03_generic_bound.rs" 8 18 8 27] (_1 : c03genericbound_caller_closure0) = [#"../03_generic_bound.rs" 1 0 1 0] true predicate unnest [#"../03_generic_bound.rs" 8 18 8 27] (self : c03genericbound_caller_closure0) (_2 : c03genericbound_caller_closure0) diff --git a/creusot/tests/should_succeed/closures/04_generic_closure.mlcfg b/creusot/tests/should_succeed/closures/04_generic_closure.mlcfg index be38e015a9..ff76da96bb 100644 --- a/creusot/tests/should_succeed/closures/04_generic_closure.mlcfg +++ b/creusot/tests/should_succeed/closures/04_generic_closure.mlcfg @@ -211,6 +211,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -221,6 +222,7 @@ module CreusotContracts_Std1_Ops_Impl2_FnMut_Stub type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -246,6 +248,7 @@ module CreusotContracts_Std1_Ops_Impl2_FnMut_Interface type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -279,6 +282,7 @@ module CreusotContracts_Std1_Ops_Impl2_FnMut type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -341,6 +345,7 @@ end module CreusotContracts_Std1_Ops_Impl2_FnOnce_Stub type args type f + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -365,6 +370,7 @@ end module CreusotContracts_Std1_Ops_Impl2_FnOnce_Interface type args type f + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -397,6 +403,7 @@ end module CreusotContracts_Std1_Ops_Impl2_FnOnce type args type f + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -630,6 +637,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce_Stub type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -657,6 +665,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce_Interface type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -692,6 +701,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -909,6 +919,7 @@ module C04GenericClosure_Mapper_Closure0_Interface type a use export C04GenericClosure_Mapper_Closure0_Type use prelude.Borrow + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = a predicate resolve [#"../04_generic_closure.rs" 8 28 8 32] (_1 : c04genericclosure_mapper_closure0 a) = @@ -940,6 +951,7 @@ module C04GenericClosure_Mapper_Closure0 type a use export C04GenericClosure_Mapper_Closure0_Type use prelude.Borrow + use prelude.Bool clone CreusotContracts_Invariant_Inv_Interface as Inv0 with type t = a clone TyInv_Trivial as TyInv_Trivial0 with diff --git a/creusot/tests/should_succeed/closures/05_map.mlcfg b/creusot/tests/should_succeed/closures/05_map.mlcfg index 5ab677cfdb..f36df2f5d5 100644 --- a/creusot/tests/should_succeed/closures/05_map.mlcfg +++ b/creusot/tests/should_succeed/closures/05_map.mlcfg @@ -76,6 +76,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -264,6 +265,7 @@ module CreusotContracts_Std1_Ops_Impl2_FnMut_Stub type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -289,6 +291,7 @@ module CreusotContracts_Std1_Ops_Impl2_FnMut_Interface type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -322,6 +325,7 @@ module CreusotContracts_Std1_Ops_Impl2_FnMut type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -384,6 +388,7 @@ end module CreusotContracts_Std1_Ops_Impl2_FnOnce_Stub type args type f + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -408,6 +413,7 @@ end module CreusotContracts_Std1_Ops_Impl2_FnOnce_Interface type args type f + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -440,6 +446,7 @@ end module CreusotContracts_Std1_Ops_Impl2_FnOnce type args type f + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -673,6 +680,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce_Stub type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -700,6 +708,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce_Interface type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -735,6 +744,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -1032,6 +1042,7 @@ module C05Map_Impl0 type f type i use prelude.Borrow + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Interface as Inv1 with type t = Core_Option_Option_Type.t_option b diff --git a/creusot/tests/should_succeed/closures/06_fn_specs.mlcfg b/creusot/tests/should_succeed/closures/06_fn_specs.mlcfg index a2b001ed35..2e59c91596 100644 --- a/creusot/tests/should_succeed/closures/06_fn_specs.mlcfg +++ b/creusot/tests/should_succeed/closures/06_fn_specs.mlcfg @@ -496,6 +496,7 @@ module CreusotContracts_Std1_Ops_FnMutExt_FnMutOnce_Stub type self type args use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = self, type args = args @@ -523,6 +524,7 @@ module CreusotContracts_Std1_Ops_FnMutExt_FnMutOnce_Interface type self type args use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = self, type args = args @@ -558,6 +560,7 @@ module CreusotContracts_Std1_Ops_FnMutExt_FnMutOnce type self type args use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = self, type args = args @@ -593,6 +596,7 @@ module C06FnSpecs_Weaken2_Interface type a type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = a @@ -625,6 +629,7 @@ module C06FnSpecs_Weaken2 type a type f use prelude.Borrow + use prelude.Bool clone CreusotContracts_Std1_Ops_FnMutExt_Unnest_Interface as Unnest0 with type self = f, type args = a @@ -764,6 +769,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -774,6 +780,7 @@ module CreusotContracts_Std1_Ops_FnExt_FnMut_Stub type self type args use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = self, type args = args @@ -799,6 +806,7 @@ module CreusotContracts_Std1_Ops_FnExt_FnMut_Interface type self type args use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = self, type args = args @@ -832,6 +840,7 @@ module CreusotContracts_Std1_Ops_FnExt_FnMut type self type args use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = self, type args = args @@ -864,6 +873,7 @@ end module CreusotContracts_Std1_Ops_FnExt_FnOnce_Stub type self type args + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = self, type args = args @@ -888,6 +898,7 @@ end module CreusotContracts_Std1_Ops_FnExt_FnOnce_Interface type self type args + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = self, type args = args @@ -920,6 +931,7 @@ end module CreusotContracts_Std1_Ops_FnExt_FnOnce type self type args + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = self, type args = args @@ -1558,6 +1570,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce_Stub type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -1585,6 +1598,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce_Interface type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -1620,6 +1634,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -1655,6 +1670,7 @@ module C06FnSpecs_Weaken2Std_Interface type a type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = a @@ -1687,6 +1703,7 @@ module C06FnSpecs_Weaken2Std type a type f use prelude.Borrow + use prelude.Bool clone CreusotContracts_Std1_Ops_Impl1_Unnest_Interface as Unnest0 with type args = a, type f = f @@ -1814,6 +1831,7 @@ module CreusotContracts_Std1_Ops_Impl2_FnMut_Stub type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -1839,6 +1857,7 @@ module CreusotContracts_Std1_Ops_Impl2_FnMut_Interface type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -1872,6 +1891,7 @@ module CreusotContracts_Std1_Ops_Impl2_FnMut type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -1904,6 +1924,7 @@ end module CreusotContracts_Std1_Ops_Impl2_FnOnce_Stub type args type f + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -1928,6 +1949,7 @@ end module CreusotContracts_Std1_Ops_Impl2_FnOnce_Interface type args type f + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -1960,6 +1982,7 @@ end module CreusotContracts_Std1_Ops_Impl2_FnOnce type args type f + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args diff --git a/creusot/tests/should_succeed/closures/06_fn_specs/why3session.xml b/creusot/tests/should_succeed/closures/06_fn_specs/why3session.xml index 980623ad97..436b3d46de 100644 --- a/creusot/tests/should_succeed/closures/06_fn_specs/why3session.xml +++ b/creusot/tests/should_succeed/closures/06_fn_specs/why3session.xml @@ -3,7 +3,8 @@ "http://why3.lri.fr/why3session.dtd"> - + + @@ -13,12 +14,12 @@ - + - + @@ -28,22 +29,22 @@ - + - + - + - + diff --git a/creusot/tests/should_succeed/closures/06_fn_specs/why3shapes.gz b/creusot/tests/should_succeed/closures/06_fn_specs/why3shapes.gz index aecd28726cead9a5923588a4cbf55f99a947ce5b..85d487a2001a66872cb1cd7213bda25f5ed0f3c5 100644 GIT binary patch literal 727 zcmV;|0x10-iwFP!00000|D9CJZrd;ry!$J3Y;)o+-vx3oj0iN)TLB$wP!fd(b*03z z)88*ik+z~JNYE3h*jwhXWuy%y0>?J3z@^i^BPYG*y$qE;wKPS z8iryoeecF|#VeVDc@=5p`-~Cc?1~q+WL2pIR@b1XragT3%p@GyOT1uQ1 z0-;lcNh@W;&=t&3g9Z%Qpr~1^t(KBlXRZ>AAX8miP%xBu;6DVx JM+@=?001rqVxb-BG`tpDtf}nu{>^8v11+pz;#WJUj zlkV?NlBL9TU9{LqGWAG4@jdIyT`~N!Pi`n)+-Z0`_TLIw+ z6>eAYRIcsQaX2@}zI{CV-2Jg{TtyYHGP0<}s#b0NCyM9kAdve3^@Z#*xkoUUzpUc^Ij)m^+o!>&{@bJ9E69RU;$hi0k z#FfHO?4|GBaIQq9QZTPFtzwrkGMruU@|LVCoxu7U^wdgEzZ^RQq}IUFJp94idzJp& zV<)oVO*f#t_sn?`5%hX8EGUCdv72`MD)dC~xbmskyBl8I zlGV*MQ{lCzuT$$JIA$m4CEayYKFb>&@EYaC_nOBsrV07TvfUFfw-@>9Je!{8#e*q= zwo^0tOgXO~y_A5tyw2rSvX7h?w!9e@*=Sg=#r%)1&&f3cFe-b zl|(nny}u0ZlwN}QAJ(w%cEjYh|MBFSVZX75gFEdvhvRTLIhG4GF}zyUj$2s*t3kHJ zoRt!x(~K*tRKw8~+>k*7hOI=|D9eTDND=SA3aZPlRiuG6b*)taWWYng05hf0Mj2^@ zPb8|5oU8?bD5XMG%g(Wq>aNxe5EjS{`Yvb?3^D_yPX}#48IT5q0sb*h6rU%G@_&h{ z4~Z(Wo#Rwu+j5{ - + - + diff --git a/creusot/tests/should_succeed/closures/07_mutable_capture/why3shapes.gz b/creusot/tests/should_succeed/closures/07_mutable_capture/why3shapes.gz index f72626ce40666945b510ca6439e2df53f45b03b5..08fcd925820ba5e0c6ba16d291cd9d118c10b2c5 100644 GIT binary patch literal 419 zcmV;U0bKqciwFP!00000|CLnBZi6royz>>@+R}?3VB< zF&P}ksW-*D8OFRlOk>kCSy1wtejeao$cg{} literal 414 zcmV;P0b%|hiwFP!00000|CLldZ-X!t-1!x3X~}|ZFm}}p5fVzIcB?!VJsYE<5{URn z|9)+fM$jyVfd_^=-#hN{6!`rYoOSPCbk|pH^WsxKc=l4*!O-SaGeD3E25FeQj|0eB zr*Iy|PUj!GAF}2&4tZL)y;(s5K1B%I8IC*R0ud^7gq=tP&1|J2o@%UY?R4MP7cC;Y z6oG8JuKm%)=Jf5vKL-c`Wz|5P3KY7FyJAFWHNj|_BY0!ZhHN{(#R_G6sG3~1V^j1G z58tdO2(8%H`OPD|&U{CBjq%}hWS&Uil0|SRA!R6D$&Vs>BdoudqNjB6J(&TZI2+;64I_AUnVy zQ>iKDkz|S$nkdN;M1& diff --git a/creusot/tests/should_succeed/closures/08_multiple_calls.mlcfg b/creusot/tests/should_succeed/closures/08_multiple_calls.mlcfg index 189ed0d857..b76725df47 100644 --- a/creusot/tests/should_succeed/closures/08_multiple_calls.mlcfg +++ b/creusot/tests/should_succeed/closures/08_multiple_calls.mlcfg @@ -66,6 +66,7 @@ end module C08MultipleCalls_MultiUse_Closure0_Interface type t use export C08MultipleCalls_MultiUse_Closure0_Type + use prelude.Bool use prelude.Borrow use prelude.Int use prelude.UInt32 @@ -104,6 +105,7 @@ module C08MultipleCalls_MultiUse_Closure0 use prelude.Int use prelude.UInt32 use prelude.Borrow + use prelude.Bool clone CreusotContracts_Resolve_Resolve_Resolve_Interface as Resolve1 with type self = t clone CreusotContracts_Resolve_Resolve_Resolve_Interface as Resolve0 with @@ -213,6 +215,7 @@ module C08MultipleCalls_UsesFn_Interface use prelude.Int use prelude.UInt32 use prelude.Borrow + use prelude.Bool clone CreusotContracts_Std1_Ops_Impl2_Postcondition_Stub as Postcondition0 with type args = (), type f = f, diff --git a/creusot/tests/should_succeed/constrained_types.mlcfg b/creusot/tests/should_succeed/constrained_types.mlcfg index ce9aaf2880..ca86298770 100644 --- a/creusot/tests/should_succeed/constrained_types.mlcfg +++ b/creusot/tests/should_succeed/constrained_types.mlcfg @@ -33,6 +33,7 @@ end module CreusotContracts_Resolve_Impl0_Resolve type t1 type t2 + use prelude.Bool clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve1 with type self = t2 clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve0 with @@ -162,6 +163,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_LtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -187,6 +189,7 @@ end module CreusotContracts_Logic_Ord_Impl1_LtLog type a type b + use prelude.Bool clone CreusotContracts_Logic_Ord_OrdLogic_LtLog_Stub as LtLog1 with type self = a clone CreusotContracts_Logic_Ord_OrdLogic_LtLog_Stub as LtLog0 with @@ -200,6 +203,7 @@ end module Core_Tuple_Impl17_Lt_Interface type u type t + use prelude.Bool use prelude.Borrow clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy1 with type self = t @@ -498,9 +502,8 @@ module CreusotContracts_Logic_Ord_Impl3_LtLog_Interface end module CreusotContracts_Logic_Ord_Impl3_LtLog use prelude.Int - use int.Int function lt_log (self : int) (_2 : int) : bool = - Int.(<) self _2 + Int.lt self _2 val lt_log (self : int) (_2 : int) : bool ensures { result = lt_log self _2 } diff --git a/creusot/tests/should_succeed/constrained_types/why3session.xml b/creusot/tests/should_succeed/constrained_types/why3session.xml index 0399411426..bcf5eb4354 100644 --- a/creusot/tests/should_succeed/constrained_types/why3session.xml +++ b/creusot/tests/should_succeed/constrained_types/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/constrained_types/why3shapes.gz b/creusot/tests/should_succeed/constrained_types/why3shapes.gz index c6053a7397f9ae02aec18a9b9dfa0a8a571a6b6d..69d11ec06f0a93e38f2c32cffe113fbdd8a5e5d1 100644 GIT binary patch literal 136 zcmV;30C)c%iwFP!00000|4qlS3c@fD0MPxu;zsS1q*04o5lTNmvX#egI=m-hR` z&FS$@9m>mZEO>C0RPr6K*qxz$e9DJY6a4hgeS5QUy|d&0wKEgA2d<^!E-VX`OqCli qDNFO27(ja!m@j%T!E)^BMlq75K*Jh+q=07Dvw|;?ub;$;0000)rkT#@j*p2dufkE-X{XDHN_e r#UzzdV5P`)S8|Kdj4f)Kb&t!unjZ0j&IJv2G^18u!7$|9i2wiq=`=xS diff --git a/creusot/tests/should_succeed/drop_pair.mlcfg b/creusot/tests/should_succeed/drop_pair.mlcfg index a6e472335e..41acfc1100 100644 --- a/creusot/tests/should_succeed/drop_pair.mlcfg +++ b/creusot/tests/should_succeed/drop_pair.mlcfg @@ -33,6 +33,7 @@ end module CreusotContracts_Resolve_Impl0_Resolve type t1 type t2 + use prelude.Bool clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve1 with type self = t2 clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve0 with @@ -59,6 +60,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -67,8 +69,8 @@ module CreusotContracts_Resolve_Impl1_Resolve end module DropPair_DropPair_Interface use prelude.Borrow - use prelude.Int use prelude.UInt32 + use prelude.Int clone CreusotContracts_Resolve_Impl0_Resolve_Stub as Resolve0 with type t1 = borrowed uint32, type t2 = borrowed uint32 diff --git a/creusot/tests/should_succeed/drop_pair/why3session.xml b/creusot/tests/should_succeed/drop_pair/why3session.xml index b1e6a301ca..35ffe337ef 100644 --- a/creusot/tests/should_succeed/drop_pair/why3session.xml +++ b/creusot/tests/should_succeed/drop_pair/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/drop_pair/why3shapes.gz b/creusot/tests/should_succeed/drop_pair/why3shapes.gz index 5c43034a866351e363f5cfa615f91f32fa2d964b..ac8218542d7dde04fcc0d7c10133b348bbeda414 100644 GIT binary patch delta 122 zcmV-=0EPdH0gC~U7<0O$QHKH!2r%p@m{XqWylw#qGV7hBk7M28+}-<>wx@ zpx25Id?Uk}O#dT(i9J_od0vF<@EZQP@bz70v4mt!ijI(Sg;;aB7oMt8(RG`I)>)r| c$G~Z4B|d_S9r_eSz?@Ni06mpFJca9~X?iYF)4T}T;Whko=F2K73dEA~E%Q{A;tjXKwTM2B c-j0m~k6|m(q2b1K4)A2u2ZIEajfwyO0OnXdd;kCd diff --git a/creusot/tests/should_succeed/duration.mlcfg b/creusot/tests/should_succeed/duration.mlcfg index 69303d786b..a4956ca128 100644 --- a/creusot/tests/should_succeed/duration.mlcfg +++ b/creusot/tests/should_succeed/duration.mlcfg @@ -13,7 +13,7 @@ end module CreusotContracts_Std1_Time_SecsToNanos use prelude.Int function secs_to_nanos (secs : int) : int = - [#"../../../../creusot-contracts/src/std/time.rs" 48 4 48 24] secs * 1000000000 + [#"../../../../creusot-contracts/src/std/time.rs" 48 4 48 24] Int.mul secs 1000000000 val secs_to_nanos (secs : int) : int ensures { result = secs_to_nanos secs } @@ -47,6 +47,7 @@ end module CreusotContracts_Std1_Time_Impl0_ShallowModel_Stub use prelude.Int use prelude.UInt64 + use prelude.Bool use Core_Time_Duration_Type as Core_Time_Duration_Type clone CreusotContracts_Std1_Time_SecsToNanos_Stub as SecsToNanos0 clone Core_Num_Impl9_Max_Stub as Max0 @@ -55,28 +56,30 @@ end module CreusotContracts_Std1_Time_Impl0_ShallowModel_Interface use prelude.Int use prelude.UInt64 + use prelude.Bool use Core_Time_Duration_Type as Core_Time_Duration_Type clone CreusotContracts_Std1_Time_SecsToNanos_Stub as SecsToNanos0 clone Core_Num_Impl9_Max_Stub as Max0 function shallow_model (self : Core_Time_Duration_Type.t_duration) : int val shallow_model (self : Core_Time_Duration_Type.t_duration) : int - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 13 14 13 77] result >= 0 /\ result <= SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX') + 999999999 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 13 14 13 77] Int.ge result 0 /\ Int.le result (Int.add (SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX')) 999999999) } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Core_Time_Duration_Type.t_duration . [#"../../../../creusot-contracts/src/std/time.rs" 13 14 13 77] shallow_model self >= 0 /\ shallow_model self <= SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX') + 999999999 + axiom shallow_model_spec : forall self : Core_Time_Duration_Type.t_duration . [#"../../../../creusot-contracts/src/std/time.rs" 13 14 13 77] Int.ge (shallow_model self) 0 /\ Int.le (shallow_model self) (Int.add (SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX')) 999999999) end module CreusotContracts_Std1_Time_Impl0_ShallowModel use prelude.Int use prelude.UInt64 + use prelude.Bool use Core_Time_Duration_Type as Core_Time_Duration_Type clone CreusotContracts_Std1_Time_SecsToNanos_Stub as SecsToNanos0 clone Core_Num_Impl9_Max_Stub as Max0 function shallow_model (self : Core_Time_Duration_Type.t_duration) : int val shallow_model (self : Core_Time_Duration_Type.t_duration) : int - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 13 14 13 77] result >= 0 /\ result <= SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX') + 999999999 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 13 14 13 77] Int.ge result 0 /\ Int.le result (Int.add (SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX')) 999999999) } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Core_Time_Duration_Type.t_duration . [#"../../../../creusot-contracts/src/std/time.rs" 13 14 13 77] shallow_model self >= 0 /\ shallow_model self <= SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX') + 999999999 + axiom shallow_model_spec : forall self : Core_Time_Duration_Type.t_duration . [#"../../../../creusot-contracts/src/std/time.rs" 13 14 13 77] Int.ge (shallow_model self) 0 /\ Int.le (shallow_model self) (Int.add (SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX')) 999999999) end module Core_Option_Option_Type type t_option 't = @@ -98,7 +101,7 @@ end module CreusotContracts_Std1_Time_NanosToSecs use prelude.Int function nanos_to_secs (nanos : int) : int = - [#"../../../../creusot-contracts/src/std/time.rs" 43 4 43 25] div nanos 1000000000 + [#"../../../../creusot-contracts/src/std/time.rs" 43 4 43 25] Int.div nanos 1000000000 val nanos_to_secs (nanos : int) : int ensures { result = nanos_to_secs nanos } @@ -116,8 +119,8 @@ module Core_Time_Impl1_New_Interface axiom . clone CreusotContracts_Std1_Time_NanosToSecs_Stub as NanosToSecs0 val new (secs : uint64) (nanos : uint32) : Core_Time_Duration_Type.t_duration - requires {[#"../../../../creusot-contracts/src/std/time.rs" 80 27 80 69] UInt64.to_int secs + NanosToSecs0.nanos_to_secs (UInt32.to_int nanos) <= UInt64.to_int Max0.mAX'} - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 81 26 81 66] ShallowModel0.shallow_model result = SecsToNanos0.secs_to_nanos (UInt64.to_int secs) + UInt32.to_int nanos } + requires {[#"../../../../creusot-contracts/src/std/time.rs" 80 27 80 69] Int.le (Int.add (UInt64.to_int secs) (NanosToSecs0.nanos_to_secs (UInt32.to_int nanos))) (UInt64.to_int Max0.mAX')} + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 81 26 81 66] ShallowModel0.shallow_model result = Int.add (SecsToNanos0.secs_to_nanos (UInt64.to_int secs)) (UInt32.to_int nanos) } end module CreusotContracts_Model_ShallowModel_ShallowModelTy_Type @@ -181,8 +184,8 @@ module CreusotContracts_Model_Impl5_ShallowModel end module Core_Time_Impl1_AsNanos_Interface use prelude.UInt128 - use prelude.UInt64 use prelude.Int + use prelude.UInt64 use prelude.Borrow use prelude.Int use Core_Time_Duration_Type as Core_Time_Duration_Type @@ -193,7 +196,7 @@ module Core_Time_Impl1_AsNanos_Interface type ShallowModelTy0.shallowModelTy = int val as_nanos (self : Core_Time_Duration_Type.t_duration) : uint128 ensures { [#"../../../../creusot-contracts/src/std/time.rs" 121 26 121 42] UInt128.to_int result = ShallowModel0.shallow_model self } - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 122 26 122 75] UInt128.to_int result <= SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX') + 999999999 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 122 26 122 75] Int.le (UInt128.to_int result) (Int.add (SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX')) 999999999) } end module Core_Time_Impl1_FromSecs_Interface @@ -221,7 +224,7 @@ module Core_Time_Impl1_FromMillis_Interface function SecsToNanos0.secs_to_nanos = SecsToNanos0.secs_to_nanos, axiom . val from_millis (millis : uint64) : Core_Time_Duration_Type.t_duration - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 87 26 87 58] ShallowModel0.shallow_model result = UInt64.to_int millis * 1000000 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 87 26 87 58] ShallowModel0.shallow_model result = Int.mul (UInt64.to_int millis) 1000000 } end module Core_Time_Impl1_FromMicros_Interface @@ -235,7 +238,7 @@ module Core_Time_Impl1_FromMicros_Interface function SecsToNanos0.secs_to_nanos = SecsToNanos0.secs_to_nanos, axiom . val from_micros (micros : uint64) : Core_Time_Duration_Type.t_duration - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 90 26 90 54] ShallowModel0.shallow_model result = UInt64.to_int micros * 1000 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 90 26 90 54] ShallowModel0.shallow_model result = Int.mul (UInt64.to_int micros) 1000 } end module Core_Time_Impl1_FromNanos_Interface @@ -253,8 +256,9 @@ module Core_Time_Impl1_FromNanos_Interface end module Core_Time_Impl1_IsZero_Interface - use prelude.Borrow use prelude.Int + use prelude.Bool + use prelude.Borrow use prelude.Int use Core_Time_Duration_Type as Core_Time_Duration_Type clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with @@ -267,8 +271,8 @@ module Core_Time_Impl1_IsZero_Interface end module Core_Time_Impl1_AsSecs_Interface use prelude.UInt64 - use prelude.Borrow use prelude.Int + use prelude.Borrow use prelude.Int use Core_Time_Duration_Type as Core_Time_Duration_Type clone CreusotContracts_Std1_Time_NanosToSecs_Stub as NanosToSecs0 @@ -293,7 +297,7 @@ end module CreusotContracts_Std1_Time_NanosToMillis use prelude.Int function nanos_to_millis (nanos : int) : int = - [#"../../../../creusot-contracts/src/std/time.rs" 38 4 38 21] div nanos 1000000 + [#"../../../../creusot-contracts/src/std/time.rs" 38 4 38 21] Int.div nanos 1000000 val nanos_to_millis (nanos : int) : int ensures { result = nanos_to_millis nanos } @@ -309,8 +313,8 @@ module Core_Time_Impl1_SubsecMillis_Interface type t = Core_Time_Duration_Type.t_duration, type ShallowModelTy0.shallowModelTy = int val subsec_millis (self : Core_Time_Duration_Type.t_duration) : uint32 - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 103 26 103 67] UInt32.to_int result = mod (NanosToMillis0.nanos_to_millis (ShallowModel0.shallow_model self)) 1000 } - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 104 26 104 44] result < (1000 : uint32) } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 103 26 103 67] UInt32.to_int result = Int.rem (NanosToMillis0.nanos_to_millis (ShallowModel0.shallow_model self)) 1000 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 104 26 104 44] Int.lt result (1000 : uint32) } end module CreusotContracts_Std1_Time_NanosToMicros_Stub @@ -327,7 +331,7 @@ end module CreusotContracts_Std1_Time_NanosToMicros use prelude.Int function nanos_to_micros (nanos : int) : int = - [#"../../../../creusot-contracts/src/std/time.rs" 34 4 34 17] div nanos 1000 + [#"../../../../creusot-contracts/src/std/time.rs" 34 4 34 17] Int.div nanos 1000 val nanos_to_micros (nanos : int) : int ensures { result = nanos_to_micros nanos } @@ -343,8 +347,8 @@ module Core_Time_Impl1_SubsecMicros_Interface type t = Core_Time_Duration_Type.t_duration, type ShallowModelTy0.shallowModelTy = int val subsec_micros (self : Core_Time_Duration_Type.t_duration) : uint32 - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 107 26 107 71] UInt32.to_int result = mod (NanosToMicros0.nanos_to_micros (ShallowModel0.shallow_model self)) 1000000 } - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 108 26 108 48] result < (1000000 : uint32) } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 107 26 107 71] UInt32.to_int result = Int.rem (NanosToMicros0.nanos_to_micros (ShallowModel0.shallow_model self)) 1000000 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 108 26 108 48] Int.lt result (1000000 : uint32) } end module Core_Time_Impl1_SubsecNanos_Interface @@ -357,14 +361,14 @@ module Core_Time_Impl1_SubsecNanos_Interface type t = Core_Time_Duration_Type.t_duration, type ShallowModelTy0.shallowModelTy = int val subsec_nanos (self : Core_Time_Duration_Type.t_duration) : uint32 - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 111 26 111 60] UInt32.to_int result = mod (ShallowModel0.shallow_model self) 1000000000 } - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 112 26 112 52] result < (1000000000 : uint32) } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 111 26 111 60] UInt32.to_int result = Int.rem (ShallowModel0.shallow_model self) 1000000000 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 112 26 112 52] Int.lt result (1000000000 : uint32) } end module Core_Time_Impl1_AsMillis_Interface use prelude.UInt128 - use prelude.Borrow use prelude.Int + use prelude.Borrow use prelude.Int use Core_Time_Duration_Type as Core_Time_Duration_Type clone CreusotContracts_Std1_Time_NanosToMillis_Stub as NanosToMillis0 @@ -377,8 +381,8 @@ module Core_Time_Impl1_AsMillis_Interface end module Core_Time_Impl1_AsMicros_Interface use prelude.UInt128 - use prelude.Borrow use prelude.Int + use prelude.Borrow use prelude.Int use Core_Time_Duration_Type as Core_Time_Duration_Type clone CreusotContracts_Std1_Time_NanosToMicros_Stub as NanosToMicros0 @@ -458,6 +462,7 @@ end module Core_Time_Impl1_CheckedAdd_Interface use prelude.Int use prelude.UInt64 + use prelude.Bool use prelude.Int clone CreusotContracts_Std1_Time_SecsToNanos_Stub as SecsToNanos0 use Core_Time_Duration_Type as Core_Time_Duration_Type @@ -472,8 +477,8 @@ module Core_Time_Impl1_CheckedAdd_Interface function SecsToNanos0.secs_to_nanos = SecsToNanos0.secs_to_nanos, axiom . val checked_add (self : Core_Time_Duration_Type.t_duration) (rhs : Core_Time_Duration_Type.t_duration) : Core_Option_Option_Type.t_option (Core_Time_Duration_Type.t_duration) - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 125 16 125 86] NanosToSecs0.nanos_to_secs (ShallowModel0.shallow_model self + ShallowModel0.shallow_model rhs) > UInt64.to_int Max0.mAX' -> result = Core_Option_Option_Type.C_None } - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 126 16 126 114] NanosToSecs0.nanos_to_secs (ShallowModel0.shallow_model self + ShallowModel0.shallow_model rhs) <= UInt64.to_int Max0.mAX' -> DeepModel0.deep_model result = Core_Option_Option_Type.C_Some (ShallowModel0.shallow_model self + ShallowModel0.shallow_model rhs) } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 125 16 125 86] Int.gt (NanosToSecs0.nanos_to_secs (Int.add (ShallowModel0.shallow_model self) (ShallowModel0.shallow_model rhs))) (UInt64.to_int Max0.mAX') -> result = Core_Option_Option_Type.C_None } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 126 16 126 114] Int.le (NanosToSecs0.nanos_to_secs (Int.add (ShallowModel0.shallow_model self) (ShallowModel0.shallow_model rhs))) (UInt64.to_int Max0.mAX') -> DeepModel0.deep_model result = Core_Option_Option_Type.C_Some (Int.add (ShallowModel0.shallow_model self) (ShallowModel0.shallow_model rhs)) } end module CreusotContracts_Invariant_Inv_Stub @@ -497,6 +502,7 @@ module CreusotContracts_Invariant_Inv end module Core_Option_Impl0_IsNone_Interface type t + use prelude.Bool use prelude.Borrow use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -508,6 +514,7 @@ module Core_Option_Impl0_IsNone_Interface end module Core_Option_Impl0_IsSome_Interface type t + use prelude.Bool use prelude.Borrow use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -519,6 +526,7 @@ module Core_Option_Impl0_IsSome_Interface end module Core_Time_Impl1_CheckedSub_Interface use prelude.Int + use prelude.Bool use prelude.Int clone CreusotContracts_Std1_Time_SecsToNanos_Stub as SecsToNanos0 clone Core_Num_Impl9_Max_Stub as Max0 @@ -532,14 +540,15 @@ module Core_Time_Impl1_CheckedSub_Interface function SecsToNanos0.secs_to_nanos = SecsToNanos0.secs_to_nanos, axiom . val checked_sub (self : Core_Time_Duration_Type.t_duration) (rhs : Core_Time_Duration_Type.t_duration) : Core_Option_Option_Type.t_option (Core_Time_Duration_Type.t_duration) - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 129 16 129 63] ShallowModel0.shallow_model self - ShallowModel0.shallow_model rhs < 0 -> result = Core_Option_Option_Type.C_None } - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 130 16 130 91] ShallowModel0.shallow_model self - ShallowModel0.shallow_model rhs >= 0 -> DeepModel0.deep_model result = Core_Option_Option_Type.C_Some (ShallowModel0.shallow_model self - ShallowModel0.shallow_model rhs) } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 129 16 129 63] Int.lt (Int.sub (ShallowModel0.shallow_model self) (ShallowModel0.shallow_model rhs)) 0 -> result = Core_Option_Option_Type.C_None } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 130 16 130 91] Int.ge (Int.sub (ShallowModel0.shallow_model self) (ShallowModel0.shallow_model rhs)) 0 -> DeepModel0.deep_model result = Core_Option_Option_Type.C_Some (Int.sub (ShallowModel0.shallow_model self) (ShallowModel0.shallow_model rhs)) } end module Core_Time_Impl1_CheckedMul_Interface use prelude.UInt32 use prelude.Int use prelude.UInt64 + use prelude.Bool use prelude.Int clone CreusotContracts_Std1_Time_SecsToNanos_Stub as SecsToNanos0 use Core_Time_Duration_Type as Core_Time_Duration_Type @@ -554,13 +563,14 @@ module Core_Time_Impl1_CheckedMul_Interface function SecsToNanos0.secs_to_nanos = SecsToNanos0.secs_to_nanos, axiom . val checked_mul (self : Core_Time_Duration_Type.t_duration) (rhs : uint32) : Core_Option_Option_Type.t_option (Core_Time_Duration_Type.t_duration) - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 133 16 133 86] NanosToSecs0.nanos_to_secs (ShallowModel0.shallow_model self * UInt32.to_int rhs) > UInt64.to_int Max0.mAX' -> result = Core_Option_Option_Type.C_None } - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 134 16 134 114] NanosToSecs0.nanos_to_secs (ShallowModel0.shallow_model self * UInt32.to_int rhs) <= UInt64.to_int Max0.mAX' -> DeepModel0.deep_model result = Core_Option_Option_Type.C_Some (ShallowModel0.shallow_model self * UInt32.to_int rhs) } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 133 16 133 86] Int.gt (NanosToSecs0.nanos_to_secs (Int.mul (ShallowModel0.shallow_model self) (UInt32.to_int rhs))) (UInt64.to_int Max0.mAX') -> result = Core_Option_Option_Type.C_None } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 134 16 134 114] Int.le (NanosToSecs0.nanos_to_secs (Int.mul (ShallowModel0.shallow_model self) (UInt32.to_int rhs))) (UInt64.to_int Max0.mAX') -> DeepModel0.deep_model result = Core_Option_Option_Type.C_Some (Int.mul (ShallowModel0.shallow_model self) (UInt32.to_int rhs)) } end module Core_Time_Impl1_CheckedDiv_Interface use prelude.Int use prelude.UInt32 + use prelude.Bool clone CreusotContracts_Std1_Time_SecsToNanos_Stub as SecsToNanos0 clone Core_Num_Impl9_Max_Stub as Max0 use prelude.Int @@ -575,7 +585,7 @@ module Core_Time_Impl1_CheckedDiv_Interface type DeepModelTy0.deepModelTy = int val checked_div (self : Core_Time_Duration_Type.t_duration) (rhs : uint32) : Core_Option_Option_Type.t_option (Core_Time_Duration_Type.t_duration) ensures { [#"../../../../creusot-contracts/src/std/time.rs" 137 16 137 58] rhs = (0 : uint32) -> result = Core_Option_Option_Type.C_None } - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 138 16 138 85] rhs <> (0 : uint32) -> DeepModel0.deep_model result = Core_Option_Option_Type.C_Some (div (ShallowModel0.shallow_model self) (UInt32.to_int rhs)) } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 138 16 138 85] rhs <> (0 : uint32) -> DeepModel0.deep_model result = Core_Option_Option_Type.C_Some (Int.div (ShallowModel0.shallow_model self) (UInt32.to_int rhs)) } end module Core_Time_Impl2_Add_Interface @@ -589,8 +599,8 @@ module Core_Time_Impl2_Add_Interface function SecsToNanos0.secs_to_nanos = SecsToNanos0.secs_to_nanos, axiom . val add (self : Core_Time_Duration_Type.t_duration) (rhs : Core_Time_Duration_Type.t_duration) : Core_Time_Duration_Type.t_duration - requires {[#"../../../../creusot-contracts/src/std/time.rs" 173 0 203 1] ShallowModel0.shallow_model self + ShallowModel0.shallow_model rhs <= SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX') + 999999999} - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 173 0 203 1] ShallowModel0.shallow_model self + ShallowModel0.shallow_model rhs = ShallowModel0.shallow_model result } + requires {[#"../../../../creusot-contracts/src/std/time.rs" 173 0 203 1] Int.le (Int.add (ShallowModel0.shallow_model self) (ShallowModel0.shallow_model rhs)) (Int.add (SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX')) 999999999)} + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 173 0 203 1] Int.add (ShallowModel0.shallow_model self) (ShallowModel0.shallow_model rhs) = ShallowModel0.shallow_model result } end module Core_Time_Impl4_Sub_Interface @@ -603,8 +613,8 @@ module Core_Time_Impl4_Sub_Interface function SecsToNanos0.secs_to_nanos = SecsToNanos0.secs_to_nanos, axiom . val sub (self : Core_Time_Duration_Type.t_duration) (rhs : Core_Time_Duration_Type.t_duration) : Core_Time_Duration_Type.t_duration - requires {[#"../../../../creusot-contracts/src/std/time.rs" 173 0 203 1] ShallowModel0.shallow_model self - ShallowModel0.shallow_model rhs >= 0} - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 173 0 203 1] ShallowModel0.shallow_model self - ShallowModel0.shallow_model rhs = ShallowModel0.shallow_model result } + requires {[#"../../../../creusot-contracts/src/std/time.rs" 173 0 203 1] Int.ge (Int.sub (ShallowModel0.shallow_model self) (ShallowModel0.shallow_model rhs)) 0} + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 173 0 203 1] Int.sub (ShallowModel0.shallow_model self) (ShallowModel0.shallow_model rhs) = ShallowModel0.shallow_model result } end module TyInv_Trivial @@ -616,6 +626,7 @@ end module CreusotContracts_Std1_Time_Impl1_DeepModel_Stub use prelude.Int use prelude.UInt64 + use prelude.Bool use Core_Time_Duration_Type as Core_Time_Duration_Type clone CreusotContracts_Std1_Time_SecsToNanos_Stub as SecsToNanos0 clone Core_Num_Impl9_Max_Stub as Max0 @@ -628,6 +639,7 @@ end module CreusotContracts_Std1_Time_Impl1_DeepModel_Interface use prelude.Int use prelude.UInt64 + use prelude.Bool use Core_Time_Duration_Type as Core_Time_Duration_Type clone CreusotContracts_Std1_Time_SecsToNanos_Stub as SecsToNanos0 clone Core_Num_Impl9_Max_Stub as Max0 @@ -637,15 +649,16 @@ module CreusotContracts_Std1_Time_Impl1_DeepModel_Interface axiom . function deep_model (self : Core_Time_Duration_Type.t_duration) : int val deep_model (self : Core_Time_Duration_Type.t_duration) : int - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 25 14 25 77] result >= 0 /\ result <= SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX') + 999999999 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 25 14 25 77] Int.ge result 0 /\ Int.le result (Int.add (SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX')) 999999999) } ensures { [#"../../../../creusot-contracts/src/std/time.rs" 26 14 26 44] result = ShallowModel0.shallow_model self } ensures { result = deep_model self } - axiom deep_model_spec : forall self : Core_Time_Duration_Type.t_duration . ([#"../../../../creusot-contracts/src/std/time.rs" 26 14 26 44] deep_model self = ShallowModel0.shallow_model self) && ([#"../../../../creusot-contracts/src/std/time.rs" 25 14 25 77] deep_model self >= 0 /\ deep_model self <= SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX') + 999999999) + axiom deep_model_spec : forall self : Core_Time_Duration_Type.t_duration . ([#"../../../../creusot-contracts/src/std/time.rs" 26 14 26 44] deep_model self = ShallowModel0.shallow_model self) && ([#"../../../../creusot-contracts/src/std/time.rs" 25 14 25 77] Int.ge (deep_model self) 0 /\ Int.le (deep_model self) (Int.add (SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX')) 999999999)) end module CreusotContracts_Std1_Time_Impl1_DeepModel use prelude.Int use prelude.UInt64 + use prelude.Bool use Core_Time_Duration_Type as Core_Time_Duration_Type clone CreusotContracts_Std1_Time_SecsToNanos_Stub as SecsToNanos0 clone Core_Num_Impl9_Max_Stub as Max0 @@ -655,11 +668,11 @@ module CreusotContracts_Std1_Time_Impl1_DeepModel axiom . function deep_model (self : Core_Time_Duration_Type.t_duration) : int val deep_model (self : Core_Time_Duration_Type.t_duration) : int - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 25 14 25 77] result >= 0 /\ result <= SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX') + 999999999 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 25 14 25 77] Int.ge result 0 /\ Int.le result (Int.add (SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX')) 999999999) } ensures { [#"../../../../creusot-contracts/src/std/time.rs" 26 14 26 44] result = ShallowModel0.shallow_model self } ensures { result = deep_model self } - axiom deep_model_spec : forall self : Core_Time_Duration_Type.t_duration . ([#"../../../../creusot-contracts/src/std/time.rs" 26 14 26 44] deep_model self = ShallowModel0.shallow_model self) && ([#"../../../../creusot-contracts/src/std/time.rs" 25 14 25 77] deep_model self >= 0 /\ deep_model self <= SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX') + 999999999) + axiom deep_model_spec : forall self : Core_Time_Duration_Type.t_duration . ([#"../../../../creusot-contracts/src/std/time.rs" 26 14 26 44] deep_model self = ShallowModel0.shallow_model self) && ([#"../../../../creusot-contracts/src/std/time.rs" 25 14 25 77] Int.ge (deep_model self) 0 /\ Int.le (deep_model self) (Int.add (SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX')) 999999999)) end module Duration_TestDuration_Interface val test_duration [#"../duration.rs" 7 0 7 22] (_1 : ()) : () @@ -834,7 +847,7 @@ module Duration_TestDuration goto BB2 } BB2 { - switch ([#"../duration.rs" 10 4 10 33] not ([#"../duration.rs" 10 12 10 32] _7 = ([#"../duration.rs" 10 31 10 32] [#"../duration.rs" 10 31 10 32] (0 : uint128)))) + switch ([#"../duration.rs" 10 4 10 33] not ([#"../duration.rs" 10 12 10 32] UInt128.eq _7 ([#"../duration.rs" 10 31 10 32] [#"../duration.rs" 10 31 10 32] (0 : uint128)))) | False -> goto BB4 | True -> goto BB3 end @@ -897,7 +910,7 @@ module Duration_TestDuration goto BB16 } BB16 { - switch ([#"../duration.rs" 29 4 29 34] not ([#"../duration.rs" 29 12 29 33] ([#"../duration.rs" 29 12 29 13] [#"../duration.rs" 29 12 29 13] (1 : uint64)) = _37)) + switch ([#"../duration.rs" 29 4 29 34] not ([#"../duration.rs" 29 12 29 33] UInt64.eq ([#"../duration.rs" 29 12 29 13] [#"../duration.rs" 29 12 29 13] (1 : uint64)) _37)) | False -> goto BB18 | True -> goto BB17 end @@ -910,7 +923,7 @@ module Duration_TestDuration goto BB19 } BB19 { - switch ([#"../duration.rs" 30 4 30 40] not ([#"../duration.rs" 30 12 30 39] ([#"../duration.rs" 30 12 30 13] [#"../duration.rs" 30 12 30 13] (0 : uint32)) = _43)) + switch ([#"../duration.rs" 30 4 30 40] not ([#"../duration.rs" 30 12 30 39] UInt32.eq ([#"../duration.rs" 30 12 30 13] [#"../duration.rs" 30 12 30 13] (0 : uint32)) _43)) | False -> goto BB21 | True -> goto BB20 end @@ -923,7 +936,7 @@ module Duration_TestDuration goto BB22 } BB22 { - switch ([#"../duration.rs" 31 4 31 40] not ([#"../duration.rs" 31 12 31 39] ([#"../duration.rs" 31 12 31 13] [#"../duration.rs" 31 12 31 13] (0 : uint32)) = _49)) + switch ([#"../duration.rs" 31 4 31 40] not ([#"../duration.rs" 31 12 31 39] UInt32.eq ([#"../duration.rs" 31 12 31 13] [#"../duration.rs" 31 12 31 13] (0 : uint32)) _49)) | False -> goto BB24 | True -> goto BB23 end @@ -936,7 +949,7 @@ module Duration_TestDuration goto BB25 } BB25 { - switch ([#"../duration.rs" 32 4 32 39] not ([#"../duration.rs" 32 12 32 38] ([#"../duration.rs" 32 12 32 13] [#"../duration.rs" 32 12 32 13] (0 : uint32)) = _55)) + switch ([#"../duration.rs" 32 4 32 39] not ([#"../duration.rs" 32 12 32 38] UInt32.eq ([#"../duration.rs" 32 12 32 13] [#"../duration.rs" 32 12 32 13] (0 : uint32)) _55)) | False -> goto BB27 | True -> goto BB26 end @@ -953,7 +966,7 @@ module Duration_TestDuration goto BB29 } BB29 { - switch ([#"../duration.rs" 34 4 34 69] not ([#"../duration.rs" 34 12 34 68] ([#"../duration.rs" 34 12 34 44] UInt128.of_int (UInt32.to_int _62)) = _64)) + switch ([#"../duration.rs" 34 4 34 69] not ([#"../duration.rs" 34 12 34 68] UInt128.eq ([#"../duration.rs" 34 12 34 44] UInt128.of_int (UInt32.to_int _62)) _64)) | False -> goto BB31 | True -> goto BB30 end @@ -970,7 +983,7 @@ module Duration_TestDuration goto BB33 } BB33 { - switch ([#"../duration.rs" 35 4 35 69] not ([#"../duration.rs" 35 12 35 68] ([#"../duration.rs" 35 12 35 44] UInt128.of_int (UInt32.to_int _71)) = _73)) + switch ([#"../duration.rs" 35 4 35 69] not ([#"../duration.rs" 35 12 35 68] UInt128.eq ([#"../duration.rs" 35 12 35 44] UInt128.of_int (UInt32.to_int _71)) _73)) | False -> goto BB35 | True -> goto BB34 end @@ -987,7 +1000,7 @@ module Duration_TestDuration goto BB37 } BB37 { - switch ([#"../duration.rs" 36 4 36 65] not ([#"../duration.rs" 36 12 36 64] ([#"../duration.rs" 36 12 36 42] UInt128.of_int (UInt32.to_int _80)) = _82)) + switch ([#"../duration.rs" 36 4 36 65] not ([#"../duration.rs" 36 12 36 64] UInt128.eq ([#"../duration.rs" 36 12 36 42] UInt128.of_int (UInt32.to_int _80)) _82)) | False -> goto BB39 | True -> goto BB38 end diff --git a/creusot/tests/should_succeed/filter_positive.mlcfg b/creusot/tests/should_succeed/filter_positive.mlcfg index 8a5128db3a..fad4a58693 100644 --- a/creusot/tests/should_succeed/filter_positive.mlcfg +++ b/creusot/tests/should_succeed/filter_positive.mlcfg @@ -22,10 +22,14 @@ module FilterPositive_NumOfPos val num_of_pos [#"../filter_positive.rs" 37 0 37 49] (i : int) (j : int) (t : Seq.seq int32) : int ensures { result = num_of_pos i j t } - axiom def : forall i : int, j : int, t : Seq.seq int32 . num_of_pos i j t = ([#"../filter_positive.rs" 38 4 46 5] if i >= j then + axiom def : forall i : int, j : int, t : Seq.seq int32 . num_of_pos i j t = ([#"../filter_positive.rs" 38 4 46 5] if Int.ge i j then 0 else - if Int32.to_int (Seq.get t (j - 1)) > 0 then num_of_pos i (j - 1) t + 1 else num_of_pos i (j - 1) t + if Int.gt (Int32.to_int (Seq.get t (Int.sub j 1))) 0 then + Int.add (num_of_pos i (Int.sub j 1) t) 1 + else + num_of_pos i (Int.sub j 1) t + ) end module FilterPositive_NumOfPos_Impl @@ -33,13 +37,17 @@ module FilterPositive_NumOfPos_Impl use seq.Seq use prelude.Int32 let rec ghost function num_of_pos [#"../filter_positive.rs" 37 0 37 49] (i : int) (j : int) (t : Seq.seq int32) : int - variant {[#"../filter_positive.rs" 36 10 36 13] j - i} + variant {[#"../filter_positive.rs" 36 10 36 13] Int.sub j i} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../filter_positive.rs" 38 4 46 5] if pure {i >= j} then + [#"../filter_positive.rs" 38 4 46 5] if Int.ge i j then 0 else - if pure {Int32.to_int (Seq.get t (j - 1)) > 0} then num_of_pos i (j - 1) t + 1 else num_of_pos i (j - 1) t + if Int.gt (Int32.to_int (Seq.get t (Int.sub j 1))) 0 then + Int.add (num_of_pos i (Int.sub j 1) t) 1 + else + num_of_pos i (Int.sub j 1) t + end module FilterPositive_LemmaNumOfPosIncreasing_Stub @@ -60,11 +68,11 @@ module FilterPositive_LemmaNumOfPosIncreasing_Interface function lemma_num_of_pos_increasing [#"../filter_positive.rs" 65 0 65 67] (i : int) (j : int) (k : int) (t : Seq.seq int32) : () val lemma_num_of_pos_increasing [#"../filter_positive.rs" 65 0 65 67] (i : int) (j : int) (k : int) (t : Seq.seq int32) : () - requires {[#"../filter_positive.rs" 62 11 62 17] j <= k} - ensures { [#"../filter_positive.rs" 63 10 63 48] NumOfPos0.num_of_pos i j t <= NumOfPos0.num_of_pos i k t } + requires {[#"../filter_positive.rs" 62 11 62 17] Int.le j k} + ensures { [#"../filter_positive.rs" 63 10 63 48] Int.le (NumOfPos0.num_of_pos i j t) (NumOfPos0.num_of_pos i k t) } ensures { result = lemma_num_of_pos_increasing i j k t } - axiom lemma_num_of_pos_increasing_spec : forall i : int, j : int, k : int, t : Seq.seq int32 . ([#"../filter_positive.rs" 62 11 62 17] j <= k) -> ([#"../filter_positive.rs" 63 10 63 48] NumOfPos0.num_of_pos i j t <= NumOfPos0.num_of_pos i k t) + axiom lemma_num_of_pos_increasing_spec : forall i : int, j : int, k : int, t : Seq.seq int32 . ([#"../filter_positive.rs" 62 11 62 17] Int.le j k) -> ([#"../filter_positive.rs" 63 10 63 48] Int.le (NumOfPos0.num_of_pos i j t) (NumOfPos0.num_of_pos i k t)) end module FilterPositive_LemmaNumOfPosIncreasing use prelude.Int @@ -75,16 +83,16 @@ module FilterPositive_LemmaNumOfPosIncreasing function lemma_num_of_pos_increasing [#"../filter_positive.rs" 65 0 65 67] (i : int) (j : int) (k : int) (t : Seq.seq int32) : () val lemma_num_of_pos_increasing [#"../filter_positive.rs" 65 0 65 67] (i : int) (j : int) (k : int) (t : Seq.seq int32) : () - requires {[#"../filter_positive.rs" 62 11 62 17] j <= k} - ensures { [#"../filter_positive.rs" 63 10 63 48] NumOfPos0.num_of_pos i j t <= NumOfPos0.num_of_pos i k t } + requires {[#"../filter_positive.rs" 62 11 62 17] Int.le j k} + ensures { [#"../filter_positive.rs" 63 10 63 48] Int.le (NumOfPos0.num_of_pos i j t) (NumOfPos0.num_of_pos i k t) } ensures { result = lemma_num_of_pos_increasing i j k t } - axiom def : forall i : int, j : int, k : int, t : Seq.seq int32 . lemma_num_of_pos_increasing i j k t = ([#"../filter_positive.rs" 67 8 69 9] if j < k then - lemma_num_of_pos_increasing i (j + 1) k t + axiom def : forall i : int, j : int, k : int, t : Seq.seq int32 . lemma_num_of_pos_increasing i j k t = ([#"../filter_positive.rs" 67 8 69 9] if Int.lt j k then + lemma_num_of_pos_increasing i (Int.add j 1) k t else () ) - axiom lemma_num_of_pos_increasing_spec : forall i : int, j : int, k : int, t : Seq.seq int32 . ([#"../filter_positive.rs" 62 11 62 17] j <= k) -> ([#"../filter_positive.rs" 63 10 63 48] NumOfPos0.num_of_pos i j t <= NumOfPos0.num_of_pos i k t) + axiom lemma_num_of_pos_increasing_spec : forall i : int, j : int, k : int, t : Seq.seq int32 . ([#"../filter_positive.rs" 62 11 62 17] Int.le j k) -> ([#"../filter_positive.rs" 63 10 63 48] Int.le (NumOfPos0.num_of_pos i j t) (NumOfPos0.num_of_pos i k t)) end module FilterPositive_LemmaNumOfPosIncreasing_Impl use prelude.Int @@ -93,16 +101,17 @@ module FilterPositive_LemmaNumOfPosIncreasing_Impl clone FilterPositive_NumOfPos as NumOfPos0 with axiom . let rec ghost function lemma_num_of_pos_increasing [#"../filter_positive.rs" 65 0 65 67] (i : int) (j : int) (k : int) (t : Seq.seq int32) : () - requires {[#"../filter_positive.rs" 62 11 62 17] j <= k} - ensures { [#"../filter_positive.rs" 63 10 63 48] NumOfPos0.num_of_pos i j t <= NumOfPos0.num_of_pos i k t } - variant {[#"../filter_positive.rs" 64 10 64 13] k - j} + requires {[#"../filter_positive.rs" 62 11 62 17] Int.le j k} + ensures { [#"../filter_positive.rs" 63 10 63 48] Int.le (NumOfPos0.num_of_pos i j t) (NumOfPos0.num_of_pos i k t) } + variant {[#"../filter_positive.rs" 64 10 64 13] Int.sub k j} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../filter_positive.rs" 67 8 69 9] if pure {j < k} then lemma_num_of_pos_increasing i (j + 1) k t else () + [#"../filter_positive.rs" 67 8 69 9] if Int.lt j k then lemma_num_of_pos_increasing i (Int.add j 1) k t else () end module FilterPositive_LemmaNumOfPosStrictlyIncreasing_Stub use prelude.Int use seq.Seq + use prelude.Bool use prelude.Int32 clone FilterPositive_NumOfPos_Stub as NumOfPos0 with axiom . @@ -111,21 +120,23 @@ end module FilterPositive_LemmaNumOfPosStrictlyIncreasing_Interface use prelude.Int use seq.Seq + use prelude.Bool use prelude.Int32 clone FilterPositive_NumOfPos_Stub as NumOfPos0 with axiom . function lemma_num_of_pos_strictly_increasing [#"../filter_positive.rs" 79 0 79 60] (i : int) (t : Seq.seq int32) : () val lemma_num_of_pos_strictly_increasing [#"../filter_positive.rs" 79 0 79 60] (i : int) (t : Seq.seq int32) : () - requires {[#"../filter_positive.rs" 76 11 76 32] 0 <= i /\ i < Seq.length t} - requires {[#"../filter_positive.rs" 77 11 77 20] Int32.to_int (Seq.get t i) > 0} - ensures { [#"../filter_positive.rs" 78 10 78 49] NumOfPos0.num_of_pos 0 i t < NumOfPos0.num_of_pos 0 (i + 1) t } + requires {[#"../filter_positive.rs" 76 11 76 32] Int.le 0 i /\ Int.lt i (Seq.length t)} + requires {[#"../filter_positive.rs" 77 11 77 20] Int.gt (Int32.to_int (Seq.get t i)) 0} + ensures { [#"../filter_positive.rs" 78 10 78 49] Int.lt (NumOfPos0.num_of_pos 0 i t) (NumOfPos0.num_of_pos 0 (Int.add i 1) t) } ensures { result = lemma_num_of_pos_strictly_increasing i t } - axiom lemma_num_of_pos_strictly_increasing_spec : forall i : int, t : Seq.seq int32 . ([#"../filter_positive.rs" 76 11 76 32] 0 <= i /\ i < Seq.length t) -> ([#"../filter_positive.rs" 77 11 77 20] Int32.to_int (Seq.get t i) > 0) -> ([#"../filter_positive.rs" 78 10 78 49] NumOfPos0.num_of_pos 0 i t < NumOfPos0.num_of_pos 0 (i + 1) t) + axiom lemma_num_of_pos_strictly_increasing_spec : forall i : int, t : Seq.seq int32 . ([#"../filter_positive.rs" 76 11 76 32] Int.le 0 i /\ Int.lt i (Seq.length t)) -> ([#"../filter_positive.rs" 77 11 77 20] Int.gt (Int32.to_int (Seq.get t i)) 0) -> ([#"../filter_positive.rs" 78 10 78 49] Int.lt (NumOfPos0.num_of_pos 0 i t) (NumOfPos0.num_of_pos 0 (Int.add i 1) t)) end module FilterPositive_LemmaNumOfPosStrictlyIncreasing use prelude.Int use seq.Seq + use prelude.Bool use prelude.Int32 clone FilterPositive_NumOfPos_Stub as NumOfPos0 with axiom . @@ -133,23 +144,24 @@ module FilterPositive_LemmaNumOfPosStrictlyIncreasing = [#"../filter_positive.rs" 75 0 75 8] () val lemma_num_of_pos_strictly_increasing [#"../filter_positive.rs" 79 0 79 60] (i : int) (t : Seq.seq int32) : () - requires {[#"../filter_positive.rs" 76 11 76 32] 0 <= i /\ i < Seq.length t} - requires {[#"../filter_positive.rs" 77 11 77 20] Int32.to_int (Seq.get t i) > 0} - ensures { [#"../filter_positive.rs" 78 10 78 49] NumOfPos0.num_of_pos 0 i t < NumOfPos0.num_of_pos 0 (i + 1) t } + requires {[#"../filter_positive.rs" 76 11 76 32] Int.le 0 i /\ Int.lt i (Seq.length t)} + requires {[#"../filter_positive.rs" 77 11 77 20] Int.gt (Int32.to_int (Seq.get t i)) 0} + ensures { [#"../filter_positive.rs" 78 10 78 49] Int.lt (NumOfPos0.num_of_pos 0 i t) (NumOfPos0.num_of_pos 0 (Int.add i 1) t) } ensures { result = lemma_num_of_pos_strictly_increasing i t } - axiom lemma_num_of_pos_strictly_increasing_spec : forall i : int, t : Seq.seq int32 . ([#"../filter_positive.rs" 76 11 76 32] 0 <= i /\ i < Seq.length t) -> ([#"../filter_positive.rs" 77 11 77 20] Int32.to_int (Seq.get t i) > 0) -> ([#"../filter_positive.rs" 78 10 78 49] NumOfPos0.num_of_pos 0 i t < NumOfPos0.num_of_pos 0 (i + 1) t) + axiom lemma_num_of_pos_strictly_increasing_spec : forall i : int, t : Seq.seq int32 . ([#"../filter_positive.rs" 76 11 76 32] Int.le 0 i /\ Int.lt i (Seq.length t)) -> ([#"../filter_positive.rs" 77 11 77 20] Int.gt (Int32.to_int (Seq.get t i)) 0) -> ([#"../filter_positive.rs" 78 10 78 49] Int.lt (NumOfPos0.num_of_pos 0 i t) (NumOfPos0.num_of_pos 0 (Int.add i 1) t)) end module FilterPositive_LemmaNumOfPosStrictlyIncreasing_Impl use prelude.Int use seq.Seq + use prelude.Bool use prelude.Int32 clone FilterPositive_NumOfPos as NumOfPos0 with axiom . let rec ghost function lemma_num_of_pos_strictly_increasing [#"../filter_positive.rs" 79 0 79 60] (i : int) (t : Seq.seq int32) : () - requires {[#"../filter_positive.rs" 76 11 76 32] 0 <= i /\ i < Seq.length t} - requires {[#"../filter_positive.rs" 77 11 77 20] Int32.to_int (Seq.get t i) > 0} - ensures { [#"../filter_positive.rs" 78 10 78 49] NumOfPos0.num_of_pos 0 i t < NumOfPos0.num_of_pos 0 (i + 1) t } + requires {[#"../filter_positive.rs" 76 11 76 32] Int.le 0 i /\ Int.lt i (Seq.length t)} + requires {[#"../filter_positive.rs" 77 11 77 20] Int.gt (Int32.to_int (Seq.get t i)) 0} + ensures { [#"../filter_positive.rs" 78 10 78 49] Int.lt (NumOfPos0.num_of_pos 0 i t) (NumOfPos0.num_of_pos 0 (Int.add i 1) t) } = [@vc:do_not_keep_trace] [@vc:sp] [#"../filter_positive.rs" 75 0 75 8] () @@ -254,11 +266,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -276,11 +288,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub type t @@ -361,6 +373,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve type t use prelude.Int use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -382,7 +395,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve predicate Inv1.inv = Inv1.inv, axiom . predicate resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) = - [#"../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Resolve0.resolve (IndexLogic0.index_logic self i) + [#"../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Resolve0.resolve (IndexLogic0.index_logic self i) val resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = resolve self } @@ -403,6 +416,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -473,8 +487,8 @@ module Alloc_Vec_Impl1_Len_Interface type a use prelude.UIntSize use seq.Seq - use prelude.Borrow use prelude.Int + use prelude.Borrow use seq.Seq use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with @@ -492,6 +506,7 @@ module Alloc_Vec_FromElem_Interface use seq.Seq use prelude.UIntSize use prelude.Int + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv2 with type t = Seq.seq t @@ -515,7 +530,7 @@ module Alloc_Vec_FromElem_Interface val from_elem (elem : t) (n : usize) : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) requires {Inv0.inv elem} ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 157 22 157 41] Seq.length (ShallowModel0.shallow_model result) = UIntSize.to_int n } - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 158 12 158 78] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> IndexLogic0.index_logic result i = elem } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 158 12 158 78] forall i : int . Int.le 0 i /\ Int.lt i (UIntSize.to_int n) -> IndexLogic0.index_logic result i = elem } ensures { Inv1.inv result } end @@ -692,6 +707,7 @@ module Alloc_Vec_Impl13_IndexMut_Interface type a use prelude.Borrow use seq.Seq + use prelude.Int use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv4 with @@ -791,7 +807,7 @@ module CreusotContracts_Std1_Slice_Impl5_InBounds use prelude.UIntSize use seq.Seq predicate in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] UIntSize.to_int self < Seq.length seq + [#"../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] Int.lt (UIntSize.to_int self) (Seq.length seq) val in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) : bool ensures { result = in_bounds self seq } @@ -818,6 +834,7 @@ module CreusotContracts_Std1_Slice_Impl5_HasValue use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) = [#"../../../../creusot-contracts/src/std/slice.rs" 115 20 115 37] Seq.get seq (UIntSize.to_int self) = out val has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) : bool @@ -846,8 +863,9 @@ module CreusotContracts_Std1_Slice_Impl5_ResolveElswhere use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 122 8 122 96] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i + [#"../../../../creusot-contracts/src/std/slice.rs" 122 8 122 96] forall i : int . Int.le 0 i /\ i <> UIntSize.to_int self /\ Int.lt i (Seq.length old') -> Seq.get old' i = Seq.get fin i val resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) : bool ensures { result = resolve_elswhere self old' fin } @@ -1039,8 +1057,8 @@ module FilterPositive_M goto BB3 } BB3 { - invariant { [#"../filter_positive.rs" 85 16 85 30] UIntSize.to_int i <= Seq.length (ShallowModel0.shallow_model t) }; - invariant { [#"../filter_positive.rs" 86 16 86 28] UIntSize.to_int count <= UIntSize.to_int i }; + invariant { [#"../filter_positive.rs" 85 16 85 30] Int.le (UIntSize.to_int i) (Seq.length (ShallowModel0.shallow_model t)) }; + invariant { [#"../filter_positive.rs" 86 16 86 28] Int.le (UIntSize.to_int count) (UIntSize.to_int i) }; invariant { [#"../filter_positive.rs" 87 16 87 45] UIntSize.to_int count = NumOfPos0.num_of_pos 0 (UIntSize.to_int i) (ShallowModel0.shallow_model t) }; goto BB4 } @@ -1049,7 +1067,7 @@ module FilterPositive_M goto BB5 } BB5 { - switch ([#"../filter_positive.rs" 89 10 89 21] i < _12) + switch ([#"../filter_positive.rs" 89 10 89 21] UIntSize.lt i _12) | False -> goto BB11 | True -> goto BB6 end @@ -1059,13 +1077,13 @@ module FilterPositive_M goto BB7 } BB7 { - switch ([#"../filter_positive.rs" 90 11 90 19] _17 > ([#"../filter_positive.rs" 90 18 90 19] [#"../filter_positive.rs" 90 18 90 19] (0 : int32))) + switch ([#"../filter_positive.rs" 90 11 90 19] Int32.gt _17 ([#"../filter_positive.rs" 90 18 90 19] [#"../filter_positive.rs" 90 18 90 19] (0 : int32))) | False -> goto BB9 | True -> goto BB8 end } BB8 { - count <- ([#"../filter_positive.rs" 91 12 91 22] count + ([#"../filter_positive.rs" 91 21 91 22] [#"../filter_positive.rs" 91 21 91 22] (1 : usize))); + count <- ([#"../filter_positive.rs" 91 12 91 22] UIntSize.add count ([#"../filter_positive.rs" 91 21 91 22] [#"../filter_positive.rs" 91 21 91 22] (1 : usize))); _14 <- ([#"../filter_positive.rs" 91 12 91 22] ()); goto BB10 } @@ -1074,7 +1092,7 @@ module FilterPositive_M goto BB10 } BB10 { - i <- ([#"../filter_positive.rs" 93 8 93 14] i + ([#"../filter_positive.rs" 93 13 93 14] [#"../filter_positive.rs" 93 13 93 14] (1 : usize))); + i <- ([#"../filter_positive.rs" 93 8 93 14] UIntSize.add i ([#"../filter_positive.rs" 93 13 93 14] [#"../filter_positive.rs" 93 13 93 14] (1 : usize))); _9 <- ([#"../filter_positive.rs" 89 22 94 5] ()); goto BB3 } @@ -1103,7 +1121,7 @@ module FilterPositive_M goto BB17 } BB17 { - switch ([#"../filter_positive.rs" 102 10 102 21] i < _30) + switch ([#"../filter_positive.rs" 102 10 102 21] UIntSize.lt i _30) | False -> goto BB27 | True -> goto BB18 end @@ -1113,17 +1131,17 @@ module FilterPositive_M goto BB19 } BB19 { - switch ([#"../filter_positive.rs" 103 11 103 19] _35 > ([#"../filter_positive.rs" 103 18 103 19] [#"../filter_positive.rs" 103 18 103 19] (0 : int32))) + switch ([#"../filter_positive.rs" 103 11 103 19] Int32.gt _35 ([#"../filter_positive.rs" 103 18 103 19] [#"../filter_positive.rs" 103 18 103 19] (0 : int32))) | False -> goto BB25 | True -> goto BB20 end } BB20 { - assert { [@expl:assertion] [#"../filter_positive.rs" 106 16 106 59] let _ = LemmaNumOfPosStrictlyIncreasing0.lemma_num_of_pos_strictly_increasing (UIntSize.to_int i) (ShallowModel0.shallow_model u) in NumOfPos0.num_of_pos 0 (UIntSize.to_int i) (ShallowModel0.shallow_model t) < NumOfPos0.num_of_pos 0 (UIntSize.to_int i + 1) (ShallowModel0.shallow_model t) }; + assert { [@expl:assertion] [#"../filter_positive.rs" 106 16 106 59] let _ = LemmaNumOfPosStrictlyIncreasing0.lemma_num_of_pos_strictly_increasing (UIntSize.to_int i) (ShallowModel0.shallow_model u) in Int.lt (NumOfPos0.num_of_pos 0 (UIntSize.to_int i) (ShallowModel0.shallow_model t)) (NumOfPos0.num_of_pos 0 (Int.add (UIntSize.to_int i) 1) (ShallowModel0.shallow_model t)) }; goto BB21 } BB21 { - assert { [@expl:assertion] [#"../filter_positive.rs" 110 16 110 63] let _ = LemmaNumOfPosIncreasing0.lemma_num_of_pos_increasing 0 (UIntSize.to_int i + 1) (Seq.length (ShallowModel0.shallow_model t)) (ShallowModel0.shallow_model t) in UIntSize.to_int count < Seq.length (ShallowModel0.shallow_model u) }; + assert { [@expl:assertion] [#"../filter_positive.rs" 110 16 110 63] let _ = LemmaNumOfPosIncreasing0.lemma_num_of_pos_increasing 0 (Int.add (UIntSize.to_int i) 1) (Seq.length (ShallowModel0.shallow_model t)) (ShallowModel0.shallow_model t) in Int.lt (UIntSize.to_int count) (Seq.length (ShallowModel0.shallow_model u)) }; goto BB22 } BB22 { @@ -1140,7 +1158,7 @@ module FilterPositive_M BB24 { _46 <- { _46 with current = _43 }; assume { Resolve1.resolve _46 }; - count <- ([#"../filter_positive.rs" 114 12 114 22] count + ([#"../filter_positive.rs" 114 21 114 22] [#"../filter_positive.rs" 114 21 114 22] (1 : usize))); + count <- ([#"../filter_positive.rs" 114 12 114 22] UIntSize.add count ([#"../filter_positive.rs" 114 21 114 22] [#"../filter_positive.rs" 114 21 114 22] (1 : usize))); _32 <- ([#"../filter_positive.rs" 103 20 115 9] ()); goto BB26 } @@ -1149,7 +1167,7 @@ module FilterPositive_M goto BB26 } BB26 { - i <- ([#"../filter_positive.rs" 116 8 116 14] i + ([#"../filter_positive.rs" 116 13 116 14] [#"../filter_positive.rs" 116 13 116 14] (1 : usize))); + i <- ([#"../filter_positive.rs" 116 8 116 14] UIntSize.add i ([#"../filter_positive.rs" 116 13 116 14] [#"../filter_positive.rs" 116 13 116 14] (1 : usize))); _9 <- ([#"../filter_positive.rs" 102 22 117 5] ()); goto BB15 } diff --git a/creusot/tests/should_succeed/filter_positive/why3session.xml b/creusot/tests/should_succeed/filter_positive/why3session.xml index 19b7743eab..5fa6c4c89b 100644 --- a/creusot/tests/should_succeed/filter_positive/why3session.xml +++ b/creusot/tests/should_succeed/filter_positive/why3session.xml @@ -3,7 +3,6 @@ "http://why3.lri.fr/why3session.dtd"> - @@ -14,17 +13,17 @@ - + - + - + diff --git a/creusot/tests/should_succeed/filter_positive/why3shapes.gz b/creusot/tests/should_succeed/filter_positive/why3shapes.gz index 79b05f4ab03426d86f2ddd42bc0f3fe1a288f924..ad4afd0eb26406ccef0952e626cd09fbb26f1c82 100644 GIT binary patch literal 904 zcmV;319$u%iwFP!00000|BY2mZ`(K!z57?_mTvdL8GcAAngT*#Lk5aH6+}-pD2hsi zm95m06ZGGANLjWe+q(slXgFVQIPXdM@G+G|SBAM|(Q`Vb*hR>Rr$Af&Q9j*J~V0EL;CW9?dkY7Wyfw+I_S;Y&UJSd2PFe zc{JyfPtsV|6W0kFjVa4JAq#$lzTMowr!hx-)40n9TnnwH4yo0;?&o9e9M2(}# zecQnlT8yUj7adHc)o8{#9>^I6Go;w2Y2P>7wseh7#%pY|?+;lhooB3vF3D;ps8jXBvNqoiuZ?5>lOLD_Pi3g` z#Dxx5Dh8z?){xG93HgG!eAI7dt{tQwxKHRXu8!!o;EweL) zoZVcy2VAbQry%$noQPz~{2k(M=-`AbZi`2YE_+Wo$Lcjd$OUo8_;)jQK@h072| ztzggq8QGn6n;%-;-Z7Q46XeD<-TRB%JAa3(v>PoiB{we_Fn@%p?q}inKV`dESeB}? z!x)kmL~O epmLBoh#Ythm;>a%@-$EKc<~#_a7KDV2><|EA5EkIl zp=_Fw>ReCKmz!!2cgk{CLs{*hH1qc5nr#%Eu8;uI##j;=qss6p5N z>&r@5{v)PX$AEPR;PbMGw%TrK^O2pW@cW7m&F-0-zAEcQ=z65!%!-@S>+$@WwE-3G zzO8o8$CsfYRQJmsj{C+R+yAcXAOEFh_l9D1mLP00iW21@s*pB{8ucKWFk=)g+Cg;a zA{MbRVg|Nt_rBS7Wz}LjOtD@3{jlgmrylE=C0$KulOZt9FeXkGh#+`F0AuQ08Lr3! z{r1>58VCM_)P1=hK!qR?6oN)D4gGa`Z7cB;e+CZ%dVLIo)rWr~Dp&-EkWFv}E) zYuLtwDw2ONC5sFrOIS}PmJlo=FjR_xG7`?5k#YDKfYObV4(e)eMZ5rtN94vgZ`7VDt~8#3cPgXv)3~8gW$3d4DzRLAELn-0YY8cr zt3^Y1u8%fjZ0@Y~22z*GTHl0MyPE)MhuTg7(ssN}Eq?@1u=W6HepRZl4b3kRh^NUW zNSSOB&DWO~x33Oe`&OYzLjsdh(e3x$dsRMc|3RauZg$k7am(J!uWK7IWMOee^JC~HQP)$#^qO{DAqJe+qhd^fhUSwW63h%Hp%OG8;Igw#%?!uUERS5N}Em|5YB zF3Vb`&X+1vnGxFg+Nb2b)mkJvSGk;(($~cIEiJ53Qh_sN2Ar)VAOk`sHaG0%sV)kt zsLot%3zJD-XmC|&jIu8CK9P`1kwcb4nuE*1=3sKrIj9_D4v>S$vpmh+?0*;&%zXC< F007ttw~7D& diff --git a/creusot/tests/should_succeed/hashmap.mlcfg b/creusot/tests/should_succeed/hashmap.mlcfg index 03b8c70cd4..00b06b95c4 100644 --- a/creusot/tests/should_succeed/hashmap.mlcfg +++ b/creusot/tests/should_succeed/hashmap.mlcfg @@ -36,6 +36,7 @@ module Hashmap_List_Type end module Hashmap_Impl0_Clone_Interface type t + use prelude.Bool use prelude.Borrow use Hashmap_List_Type as Hashmap_List_Type clone CreusotContracts_Invariant_Inv_Stub as Inv1 with @@ -108,6 +109,7 @@ end module Hashmap_Impl1_Get type k type v + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with @@ -148,6 +150,7 @@ end module Hashmap_Impl1_NoDoubleBinding type k type v + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k use Core_Option_Option_Type as Core_Option_Option_Type @@ -242,8 +245,8 @@ module CreusotContracts_Std1_Num_Impl16_DeepModel end module Hashmap_Impl2_Hash_Interface use prelude.UInt64 - use prelude.Borrow use prelude.Int + use prelude.Borrow use prelude.UIntSize use prelude.Int clone Hashmap_Impl2_HashLog_Stub as HashLog0 @@ -403,11 +406,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -425,11 +428,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module Hashmap_Impl4_BucketIx_Stub type k @@ -655,6 +658,7 @@ module Hashmap_Impl5_GoodBucket type k type v use prelude.Int + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k use Hashmap_MyHashMap_Type as Hashmap_MyHashMap_Type @@ -703,6 +707,7 @@ module Hashmap_Impl5_HashmapInv use prelude.Borrow use seq.Seq use prelude.Int + use prelude.Bool use Hashmap_List_Type as Hashmap_List_Type use seq.Seq use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type @@ -730,7 +735,7 @@ module Hashmap_Impl5_HashmapInv predicate Inv1.inv = Inv1.inv, axiom . predicate hashmap_inv [#"../hashmap.rs" 209 4 209 33] (self : Hashmap_MyHashMap_Type.t_myhashmap k v) = - [#"../hashmap.rs" 210 8 213 9] 0 < Seq.length (ShallowModel0.shallow_model (Hashmap_MyHashMap_Type.myhashmap_buckets self)) /\ (forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model (Hashmap_MyHashMap_Type.myhashmap_buckets self)) -> GoodBucket0.good_bucket self (IndexLogic0.index_logic (Hashmap_MyHashMap_Type.myhashmap_buckets self) i) i /\ NoDoubleBinding0.no_double_binding (IndexLogic0.index_logic (Hashmap_MyHashMap_Type.myhashmap_buckets self) i)) + [#"../hashmap.rs" 210 8 213 9] Int.lt 0 (Seq.length (ShallowModel0.shallow_model (Hashmap_MyHashMap_Type.myhashmap_buckets self))) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model (Hashmap_MyHashMap_Type.myhashmap_buckets self))) -> GoodBucket0.good_bucket self (IndexLogic0.index_logic (Hashmap_MyHashMap_Type.myhashmap_buckets self) i) i /\ NoDoubleBinding0.no_double_binding (IndexLogic0.index_logic (Hashmap_MyHashMap_Type.myhashmap_buckets self) i)) val hashmap_inv [#"../hashmap.rs" 209 4 209 33] (self : Hashmap_MyHashMap_Type.t_myhashmap k v) : bool ensures { result = hashmap_inv self } @@ -740,6 +745,7 @@ module Alloc_Vec_FromElem_Interface use seq.Seq use prelude.UIntSize use prelude.Int + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv2 with type t = Seq.seq t @@ -763,7 +769,7 @@ module Alloc_Vec_FromElem_Interface val from_elem (elem : t) (n : usize) : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) requires {Inv0.inv elem} ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 157 22 157 41] Seq.length (ShallowModel0.shallow_model result) = UIntSize.to_int n } - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 158 12 158 78] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> IndexLogic0.index_logic result i = elem } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 158 12 158 78] forall i : int . Int.le 0 i /\ Int.lt i (UIntSize.to_int n) -> IndexLogic0.index_logic result i = elem } ensures { Inv1.inv result } end @@ -779,6 +785,7 @@ module Hashmap_Impl5_New_Interface use prelude.UIntSize use prelude.Int use map.Map + use prelude.Bool use Hashmap_MyHashMap_Type as Hashmap_MyHashMap_Type clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Hashmap_MyHashMap_Type.t_myhashmap k v @@ -795,7 +802,7 @@ module Hashmap_Impl5_New_Interface type k = k, type v = v val new [#"../hashmap.rs" 98 4 98 46] (size : usize) : Hashmap_MyHashMap_Type.t_myhashmap k v - requires {[#"../hashmap.rs" 95 15 95 24] 0 < UIntSize.to_int size} + requires {[#"../hashmap.rs" 95 15 95 24] Int.lt 0 (UIntSize.to_int size)} ensures { [#"../hashmap.rs" 96 14 96 34] HashmapInv0.hashmap_inv result } ensures { [#"../hashmap.rs" 97 4 97 64] forall i : DeepModelTy0.deepModelTy . Inv0.inv i -> Map.get (ShallowModel0.shallow_model result) i = Core_Option_Option_Type.C_None } ensures { [#"../hashmap.rs" 98 31 98 46] Inv1.inv result } @@ -807,6 +814,7 @@ module Hashmap_Impl5_New use prelude.Int use prelude.UIntSize use map.Map + use prelude.Bool use seq.Seq clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k @@ -932,7 +940,7 @@ module Hashmap_Impl5_New val Max0.mAX' = Max0.mAX', predicate Inv2.inv = Inv4.inv let rec cfg new [#"../hashmap.rs" 98 4 98 46] [@cfg:stackify] [@cfg:subregion_analysis] (size : usize) : Hashmap_MyHashMap_Type.t_myhashmap k v - requires {[#"../hashmap.rs" 95 15 95 24] 0 < UIntSize.to_int size} + requires {[#"../hashmap.rs" 95 15 95 24] Int.lt 0 (UIntSize.to_int size)} ensures { [#"../hashmap.rs" 96 14 96 34] HashmapInv0.hashmap_inv result } ensures { [#"../hashmap.rs" 97 4 97 64] forall i : DeepModelTy0.deepModelTy . Inv0.inv i -> Map.get (ShallowModel0.shallow_model result) i = Core_Option_Option_Type.C_None } ensures { [#"../hashmap.rs" 98 31 98 46] Inv1.inv result } @@ -1057,6 +1065,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -1099,8 +1108,8 @@ module Alloc_Vec_Impl1_Len_Interface type a use prelude.UIntSize use seq.Seq - use prelude.Borrow use prelude.Int + use prelude.Borrow use seq.Seq use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with @@ -1116,8 +1125,8 @@ end module Hashmap_Hash_Hash_Interface type self use prelude.UInt64 - use prelude.Borrow use prelude.Int + use prelude.Borrow clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = self clone Hashmap_Hash_HashLog_Stub as HashLog0 with @@ -1237,6 +1246,7 @@ module Alloc_Vec_Impl13_IndexMut_Interface type a use prelude.Borrow use seq.Seq + use prelude.Int use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv4 with @@ -1291,6 +1301,7 @@ end module Core_Cmp_PartialEq_Eq_Interface type self type rhs + use prelude.Bool use prelude.Borrow clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = self @@ -1333,7 +1344,7 @@ module CreusotContracts_Std1_Slice_Impl5_InBounds use prelude.UIntSize use seq.Seq predicate in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] UIntSize.to_int self < Seq.length seq + [#"../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] Int.lt (UIntSize.to_int self) (Seq.length seq) val in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) : bool ensures { result = in_bounds self seq } @@ -1360,6 +1371,7 @@ module CreusotContracts_Std1_Slice_Impl5_HasValue use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) = [#"../../../../creusot-contracts/src/std/slice.rs" 115 20 115 37] Seq.get seq (UIntSize.to_int self) = out val has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) : bool @@ -1388,8 +1400,9 @@ module CreusotContracts_Std1_Slice_Impl5_ResolveElswhere use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 122 8 122 96] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i + [#"../../../../creusot-contracts/src/std/slice.rs" 122 8 122 96] forall i : int . Int.le 0 i /\ i <> UIntSize.to_int self /\ Int.lt i (Seq.length old') -> Seq.get old' i = Seq.get fin i val resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) : bool ensures { result = resolve_elswhere self old' fin } @@ -1405,6 +1418,7 @@ module Hashmap_Impl5_Add_Interface type v use prelude.Borrow use map.Map + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k @@ -1452,6 +1466,7 @@ module Hashmap_Impl5_Add use prelude.UIntSize use prelude.UInt64 use prelude.Borrow + use prelude.Bool use map.Map use seq.Seq use Hashmap_List_Type as Hashmap_List_Type @@ -1774,12 +1789,12 @@ module Hashmap_Impl5_Add } BB3 { _15 <- length; - _16 <- ([#"../hashmap.rs" 110 27 110 55] _15 = ([#"../hashmap.rs" 110 27 110 55] [#"../hashmap.rs" 110 27 110 55] (0 : usize))); + _16 <- ([#"../hashmap.rs" 110 27 110 55] UIntSize.eq _15 ([#"../hashmap.rs" 110 27 110 55] [#"../hashmap.rs" 110 27 110 55] (0 : usize))); assert { [@expl:remainder by zero] [#"../hashmap.rs" 110 27 110 55] not _16 }; goto BB4 } BB4 { - index <- ([#"../hashmap.rs" 110 27 110 55] ([#"../hashmap.rs" 110 27 110 46] UIntSize.of_int (UInt64.to_int _13)) % _15); + index <- ([#"../hashmap.rs" 110 27 110 55] UIntSize.rem ([#"../hashmap.rs" 110 27 110 46] UIntSize.of_int (UInt64.to_int _13)) _15); _13 <- any uint64; _15 <- any usize; _20 <- Borrow.borrow_mut (Hashmap_MyHashMap_Type.myhashmap_buckets ( * self)); @@ -1966,6 +1981,7 @@ module Hashmap_Impl5_Get_Interface type v use prelude.Borrow use map.Map + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k use Core_Option_Option_Type as Core_Option_Option_Type @@ -2003,6 +2019,7 @@ module Hashmap_Impl5_Get use prelude.Int use prelude.UIntSize use prelude.UInt64 + use prelude.Bool use prelude.Borrow use map.Map use seq.Seq @@ -2259,12 +2276,12 @@ module Hashmap_Impl5_Get goto BB2 } BB2 { - _12 <- ([#"../hashmap.rs" 142 27 142 67] _10 = ([#"../hashmap.rs" 142 27 142 67] [#"../hashmap.rs" 142 27 142 67] (0 : usize))); + _12 <- ([#"../hashmap.rs" 142 27 142 67] UIntSize.eq _10 ([#"../hashmap.rs" 142 27 142 67] [#"../hashmap.rs" 142 27 142 67] (0 : usize))); assert { [@expl:remainder by zero] [#"../hashmap.rs" 142 27 142 67] not _12 }; goto BB3 } BB3 { - index <- ([#"../hashmap.rs" 142 27 142 67] ([#"../hashmap.rs" 142 27 142 46] UIntSize.of_int (UInt64.to_int _8)) % _10); + index <- ([#"../hashmap.rs" 142 27 142 67] UIntSize.rem ([#"../hashmap.rs" 142 27 142 46] UIntSize.of_int (UInt64.to_int _8)) _10); _8 <- any uint64; _10 <- any usize; assert { [@expl:type invariant] Inv0.inv self }; @@ -2376,6 +2393,7 @@ end module Core_Mem_Replace_Interface type t use prelude.Borrow + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = t clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -2395,6 +2413,7 @@ module Hashmap_Impl5_Resize_Interface use seq.Seq use prelude.Int use map.Map + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k @@ -2431,7 +2450,7 @@ module Hashmap_Impl5_Resize_Interface predicate Inv1.inv = Inv3.inv, axiom . val resize [#"../hashmap.rs" 161 4 161 24] (self : borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v)) : () - requires {[#"../hashmap.rs" 156 15 156 41] Seq.length (ShallowModel0.shallow_model (Hashmap_MyHashMap_Type.myhashmap_buckets ( * self))) < 1000} + requires {[#"../hashmap.rs" 156 15 156 41] Int.lt (Seq.length (ShallowModel0.shallow_model (Hashmap_MyHashMap_Type.myhashmap_buckets ( * self)))) 1000} requires {[#"../hashmap.rs" 157 15 157 36] HashmapInv0.hashmap_inv ( * self)} requires {[#"../hashmap.rs" 161 19 161 23] Inv0.inv self} ensures { [#"../hashmap.rs" 158 14 158 35] HashmapInv0.hashmap_inv ( ^ self) } @@ -2446,6 +2465,7 @@ module Hashmap_Impl5_Resize use prelude.UIntSize use prelude.Borrow use map.Map + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Interface as Inv13 with type t = usize @@ -2700,7 +2720,7 @@ module Hashmap_Impl5_Resize clone CreusotContracts_Resolve_Resolve_Resolve_Interface as Resolve0 with type self = Ghost.ghost_ty (borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v)) let rec cfg resize [#"../hashmap.rs" 161 4 161 24] [@cfg:stackify] [@cfg:subregion_analysis] (self : borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v)) : () - requires {[#"../hashmap.rs" 156 15 156 41] Seq.length (ShallowModel2.shallow_model (Hashmap_MyHashMap_Type.myhashmap_buckets ( * self))) < 1000} + requires {[#"../hashmap.rs" 156 15 156 41] Int.lt (Seq.length (ShallowModel2.shallow_model (Hashmap_MyHashMap_Type.myhashmap_buckets ( * self)))) 1000} requires {[#"../hashmap.rs" 157 15 157 36] HashmapInv0.hashmap_inv ( * self)} requires {[#"../hashmap.rs" 161 19 161 23] Inv3.inv self} ensures { [#"../hashmap.rs" 158 14 158 35] HashmapInv0.hashmap_inv ( ^ self) } @@ -2739,7 +2759,7 @@ module Hashmap_Impl5_Resize goto BB2 } BB2 { - new <- ([#"../hashmap.rs" 163 22 163 55] New0.new ([#"../hashmap.rs" 163 32 163 54] _10 * ([#"../hashmap.rs" 163 53 163 54] [#"../hashmap.rs" 163 53 163 54] (2 : usize)))); + new <- ([#"../hashmap.rs" 163 22 163 55] New0.new ([#"../hashmap.rs" 163 32 163 54] UIntSize.mul _10 ([#"../hashmap.rs" 163 53 163 54] [#"../hashmap.rs" 163 53 163 54] (2 : usize)))); _10 <- any usize; goto BB3 } @@ -2754,13 +2774,13 @@ module Hashmap_Impl5_Resize goto BB6 } BB6 { - invariant { [#"../hashmap.rs" 166 8 166 111] forall k : DeepModelTy0.deepModelTy . Inv1.inv k -> BucketIx0.bucket_ix ( * Ghost.inner old_self) k < UIntSize.to_int i -> Map.get (ShallowModel0.shallow_model old_self) k = Map.get (ShallowModel1.shallow_model new) k }; - invariant { [#"../hashmap.rs" 166 8 166 111] forall k : DeepModelTy0.deepModelTy . Inv1.inv k -> UIntSize.to_int i <= BucketIx0.bucket_ix ( * Ghost.inner old_self) k /\ BucketIx0.bucket_ix ( * Ghost.inner old_self) k <= Seq.length (ShallowModel2.shallow_model (Hashmap_MyHashMap_Type.myhashmap_buckets ( * Ghost.inner old_self))) -> Map.get (ShallowModel1.shallow_model new) k = Core_Option_Option_Type.C_None }; - invariant { [#"../hashmap.rs" 166 8 166 111] forall j : int . UIntSize.to_int i <= j /\ j < Seq.length (ShallowModel2.shallow_model (Hashmap_MyHashMap_Type.myhashmap_buckets ( * Ghost.inner old_self))) -> IndexLogic0.index_logic (Hashmap_MyHashMap_Type.myhashmap_buckets ( * self)) j = IndexLogic0.index_logic (Hashmap_MyHashMap_Type.myhashmap_buckets ( * Ghost.inner old_self)) j }; + invariant { [#"../hashmap.rs" 166 8 166 111] forall k : DeepModelTy0.deepModelTy . Inv1.inv k -> Int.lt (BucketIx0.bucket_ix ( * Ghost.inner old_self) k) (UIntSize.to_int i) -> Map.get (ShallowModel0.shallow_model old_self) k = Map.get (ShallowModel1.shallow_model new) k }; + invariant { [#"../hashmap.rs" 166 8 166 111] forall k : DeepModelTy0.deepModelTy . Inv1.inv k -> Int.le (UIntSize.to_int i) (BucketIx0.bucket_ix ( * Ghost.inner old_self) k) /\ Int.le (BucketIx0.bucket_ix ( * Ghost.inner old_self) k) (Seq.length (ShallowModel2.shallow_model (Hashmap_MyHashMap_Type.myhashmap_buckets ( * Ghost.inner old_self)))) -> Map.get (ShallowModel1.shallow_model new) k = Core_Option_Option_Type.C_None }; + invariant { [#"../hashmap.rs" 166 8 166 111] forall j : int . Int.le (UIntSize.to_int i) j /\ Int.lt j (Seq.length (ShallowModel2.shallow_model (Hashmap_MyHashMap_Type.myhashmap_buckets ( * Ghost.inner old_self)))) -> IndexLogic0.index_logic (Hashmap_MyHashMap_Type.myhashmap_buckets ( * self)) j = IndexLogic0.index_logic (Hashmap_MyHashMap_Type.myhashmap_buckets ( * Ghost.inner old_self)) j }; invariant { [#"../hashmap.rs" 172 20 172 37] HashmapInv0.hashmap_inv new }; invariant { [#"../hashmap.rs" 173 20 173 46] ^ Ghost.inner old_self = ^ self }; invariant { [#"../hashmap.rs" 174 20 174 66] Seq.length (ShallowModel2.shallow_model (Hashmap_MyHashMap_Type.myhashmap_buckets ( * Ghost.inner old_self))) = Seq.length (ShallowModel2.shallow_model (Hashmap_MyHashMap_Type.myhashmap_buckets ( * self))) }; - invariant { [#"../hashmap.rs" 175 20 175 45] UIntSize.to_int i <= Seq.length (ShallowModel2.shallow_model (Hashmap_MyHashMap_Type.myhashmap_buckets ( * self))) }; + invariant { [#"../hashmap.rs" 175 20 175 45] Int.le (UIntSize.to_int i) (Seq.length (ShallowModel2.shallow_model (Hashmap_MyHashMap_Type.myhashmap_buckets ( * self)))) }; goto BB7 } BB7 { @@ -2768,7 +2788,7 @@ module Hashmap_Impl5_Resize goto BB8 } BB8 { - switch ([#"../hashmap.rs" 176 14 176 36] i < _24) + switch ([#"../hashmap.rs" 176 14 176 36] UIntSize.lt i _24) | False -> goto BB29 | True -> goto BB9 end @@ -2816,8 +2836,8 @@ module Hashmap_Impl5_Resize } BB17 { invariant { [#"../hashmap.rs" 179 24 179 41] HashmapInv0.hashmap_inv new }; - invariant { [#"../hashmap.rs" 179 12 179 43] forall k : DeepModelTy0.deepModelTy . Inv1.inv k -> BucketIx0.bucket_ix ( * Ghost.inner old_self) k < UIntSize.to_int i -> Map.get (ShallowModel0.shallow_model old_self) k = Map.get (ShallowModel1.shallow_model new) k }; - invariant { [#"../hashmap.rs" 179 12 179 43] forall k : DeepModelTy0.deepModelTy . Inv1.inv k -> UIntSize.to_int i < BucketIx0.bucket_ix ( * Ghost.inner old_self) k /\ BucketIx0.bucket_ix ( * Ghost.inner old_self) k <= Seq.length (ShallowModel2.shallow_model (Hashmap_MyHashMap_Type.myhashmap_buckets ( * Ghost.inner old_self))) -> Map.get (ShallowModel1.shallow_model new) k = Core_Option_Option_Type.C_None }; + invariant { [#"../hashmap.rs" 179 12 179 43] forall k : DeepModelTy0.deepModelTy . Inv1.inv k -> Int.lt (BucketIx0.bucket_ix ( * Ghost.inner old_self) k) (UIntSize.to_int i) -> Map.get (ShallowModel0.shallow_model old_self) k = Map.get (ShallowModel1.shallow_model new) k }; + invariant { [#"../hashmap.rs" 179 12 179 43] forall k : DeepModelTy0.deepModelTy . Inv1.inv k -> Int.lt (UIntSize.to_int i) (BucketIx0.bucket_ix ( * Ghost.inner old_self) k) /\ Int.le (BucketIx0.bucket_ix ( * Ghost.inner old_self) k) (Seq.length (ShallowModel2.shallow_model (Hashmap_MyHashMap_Type.myhashmap_buckets ( * Ghost.inner old_self)))) -> Map.get (ShallowModel1.shallow_model new) k = Core_Option_Option_Type.C_None }; invariant { [#"../hashmap.rs" 179 12 179 43] forall k : DeepModelTy0.deepModelTy . Inv1.inv k -> BucketIx0.bucket_ix ( * Ghost.inner old_self) k = UIntSize.to_int i -> Map.get (ShallowModel0.shallow_model old_self) k = match (Get0.get l k) with | Core_Option_Option_Type.C_None -> Map.get (ShallowModel1.shallow_model new) k | Core_Option_Option_Type.C_Some v -> Core_Option_Option_Type.C_Some v @@ -2877,7 +2897,7 @@ module Hashmap_Impl5_Resize goto BB17 } BB27 { - i <- ([#"../hashmap.rs" 193 12 193 18] i + ([#"../hashmap.rs" 193 17 193 18] [#"../hashmap.rs" 193 17 193 18] (1 : usize))); + i <- ([#"../hashmap.rs" 193 12 193 18] UIntSize.add i ([#"../hashmap.rs" 193 17 193 18] [#"../hashmap.rs" 193 17 193 18] (1 : usize))); _21 <- ([#"../hashmap.rs" 176 37 194 9] ()); goto BB28 } @@ -3207,6 +3227,7 @@ end module Hashmap_Impl0 type t use prelude.Borrow + use prelude.Bool use Hashmap_List_Type as Hashmap_List_Type clone CreusotContracts_Invariant_Inv_Interface as Inv1 with type t = Hashmap_List_Type.t_list t diff --git a/creusot/tests/should_succeed/hashmap/why3session.xml b/creusot/tests/should_succeed/hashmap/why3session.xml index dab7ba2727..c23e389e62 100644 --- a/creusot/tests/should_succeed/hashmap/why3session.xml +++ b/creusot/tests/should_succeed/hashmap/why3session.xml @@ -2,221 +2,220 @@ - + - + + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - - - + + + - - - - - - - - + + + + + + + - - + + - + - + - + - + - + - + - + - + - + - - - + + + - - - - - - - - + + + + + + + - - + + - + @@ -229,15 +228,7 @@ - - - - - - - - - + @@ -248,7 +239,23 @@ - + + + + + + + + + + + + + + + + + @@ -259,85 +266,85 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -346,183 +353,185 @@ - + - + - + - + - + - + - + - + - + - + - + - + - - + + - - + + - - + + - - + + - + - - + + - - + + - - + + - - + + - - + + - - + + - + - + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - + - + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - + - + - + - - + + - - + + - - + + - - + + - + + - + + diff --git a/creusot/tests/should_succeed/hashmap/why3shapes.gz b/creusot/tests/should_succeed/hashmap/why3shapes.gz index bb3d3d1b43a5c4ae4ef8fbebcaecc5d6fb20fe2e..28d515fa55eea9d58e2a4b3237bfae6151ab76f5 100644 GIT binary patch literal 9686 zcmV;{B`Mk;iwFP!00000|LuKAa~!#n=AFNSx7V$?U|+^Y2b!#8Nwe2AhiOaelW170 z*kXzGB$lM=Uq7ECmW;@ZOeQI6&-aRA1Oki0;c)*PaDe~z?EKyD;m`8!{C#=*?)vu4 z|2{Y8&;I=^JP&ubSJ!Xu)-wDa-u-@cbNgG!rTlsI$89b*Yjzo)ujN|2#P9GI@)`9H z$}QIX_MGZGyZaY%zNgf1Q}ExL-|i?q+}zxL z=-c5v8R3tM|M~}2{GM;;xTI8Sx37;%#Hi#ts{bdy}qH! z65D(p2H;KkF!GCU_$4;{k{f=h10$q&Mrb=j&$N;0hM3+xTB4|XbZa*}da!69juGRA z7f$>fUclUuS{kE~Uan|>h8InY8(z$so6Xqsv2kwK9L-P1G&~FM%1v$3VK$FkgxBTo z?vaQ0;pQJSS8i|e6=exv>m;uoKb+nD{bxC+YTsUmH+N^@ZFzTl^S*2{G)})*b3YTL zfr>xhmUR0jU*BPhZYF0xB7AXV_}t7T57aq#Ly65np zZ~rQ1+X-{!(0%BNn=#|ruYE$R;cfY&&4{<>@$d8hDQ|DjHp*mPl{~}m@*8sALUmPi z`)uCY?RNfOm#E3t@2^SkEwu*@9H>xlwMV4iHbxy$uFd*Q5lVU%t^|9r7HoOUp7&4F zui+!5Qz{Sf_U+r-4<-NOkJqy-uc+Ekuiu25&FJecdD_{IqL~DVA2sQH^)mrtLmufy-kFX$CD^PYJ(nPc(ej%k2&sW@(FA*MjfnMdF0K zO_uIMXJG|wZ+LTim2dxwH{~jVyVq}iqfBULEyQ-G{%>Dlt3_<;7Gs5CvBEYRmXas* z-Y@6;O9|U{LywmV{$O!CVl4S&F!@oV$?xU<`7VEW8dMRR%PvnM+5+mw%yekd0A!ULX zX>hgyB!PM=+8Zl5R@2qeGC1l{pFs`1yHck0k@uwRm|}eID8Cy9%XG;@dEM30+EZq? z{4mxn&!)T{4DyYdnB$v{lX{wgYMol__Da4@qj&tG``7#QmOf~p;Rn1cZ{LT`54cY? z=`W=Nw;LL@kN#X1^vH^lZ#12HuR)YcN>ol;+vI7_qu!GHl&EetQ612Qnm%vpS7V)O zpHLKEQnGvPrsyW!4yhe{3Gtx7s?H}}GzA4$NYi$Z`e9^Z46Zgb)0j;6=M zhM`~7!UVc_oG|Pz)$ob&`}O+fte*Y#27YP!J%BIgf8Jixy31&$DaQstw6~3QnoJxu zPMm|#fizH?O0BLf{9sz6lbQK!wB&mFflptCx$|QDU+t{r-NjPpFE*9*@0vjFmq^PSd+_r~j z_&vd8eCYVA#*^n%e6K96rE2-sQjV~1__Utk$vFk$qSNlTqNe~g@x_7zvtM<5yAKnu zg`hg>oCZoE@ou)Pa%W%LCFO zhRF!>3HRRfK?(7TIVPE?A%1Zf*<8$V(BeSZeR|04(L-m)s$}`3EK!Rr(T`?{-p>-V zk0tg#)$Bf(YF?V91V3g@?6x*Kdw~7CXRzcrSn|lh+OeVfkv8=E8mOg}4Oo)dK&h>P zQiqJF+A*RBG&UKmW<-VgR3o}CYb|<$lwBf7**QVVwwl>m`JN!<*UF7WKP(je@Zk}1y(qwZ zZO3FQCK~@Tbdg2g)+#$Ru?Tmi zZ32b-G){<3 z*mgV(+ZRv6hIkq=X6)l>#JEVj6g}e(#>%+eP?^@yv5_%sPh<=`rrbO-hHWCHhOs#i zurhKK>%D=Ox@z{!nJv-VQ zU8u5G8`E6F^2K~Fbs@(`*=@OPwi73r2G-1yM$YVHWRtBv(Qow$y&nMX?iaQKlf6Md z*&FN$y^`a;q-zh8O^|UYL7nJ!!p z?-Mjcw6PJkO%}%9_wfAv1j7tq-_EeU8ellFxkvg!Up#bBr|V$@xOhEvfkyZ=E~WN@ z*uB4}XvS^h+I@Pxrtra?Povcxm_QM{_jY$q$p^yAFBVtT#PS#pPo?Jchc&ksFBUO2abSX)xgJ{QZcfJ$IwePJ?@+&qHf(|Rjw!a zS(+X{%P!`#VV39kcRyAo2XFey^%OwM-i2fBX#~)6#MQE)aWvNn6y6)qm3l4J4h$S} zqh7HC$;kg30NKEdnN%%zdQQxTu8B@6I(4u+4D&b2N^Q?lf0=p* z?|vD-x{HlLq&1RlcT9D;M}LEx!407&RA=FGHrP6i`ZrsaeGPp$eG~sAi;h%0ZkL_s zgb(s-w{uQn&{_mZvg?XmKtZT6u`ckaL8u|uKY@rQ-vCt`)qNnmSdN({26RmULi%X| zD4zw?*F^E<1x=Ah45;?=R5~A^;k&t)mz$B*u5*C-0IgAUKc4pY;%R@`%~U^)oo@mD zcZ*fN=#;`vL~`PcvBBPNFtnUUw96O7i9G?$_u=FHWj84B*)~oUTj2ALziztp#jKOV z5u2QI|6m$S{ib}_w|uglZKE76hY4g~ZtV7Mo!5ztCk)zXbdq#+{c$(s=JgnFvq+7c z<~)Md4x=5YhRn!OeQt+W4p2@N4Wy5Jah-!Wq#x{f%XyG9dxUuBD8#(rk)s-3_k()0 z6!=jJ4iZiomnq*p5HK%!aU}0(wQS(H-{SaxH-Y=_eH8Hfc{d3ddC{%t?Mz$LKhGr( zS4&hKRWT9xpqg74?9E;)@Pf?G@jUNBX`j!wZ~MTwfjfIz*-@-p73?XtM=4GRbWcgU zPZfXi+!qg<`+PR}kC{s1OHU>KfVp&(nDVbIr@Rx?1GY^Z5M%y@UN z+@8-H&;i!%0Udh_|DRbfAD_Vqp=kN;1^^Hru6p=-Hc#r;GrAL7+bgT{ftVcF8dqOB zI;PQLW6B1FiOI@K|9)tr#i}wyUHozH>6|Y7FvfdB);)q{H^9WB6oOsDEvro^{!t zccST110O+uVXCF;}Nht z0>vH0s|O)q(Y1Sw*_Qj1z1%UUJ67&E=Ans^=N)EyA|ZS6AkK{|XmVVeYfA?=N64W( zs;RE(SzBtWEo8Yo$N;KiS5%h|JluC4?`F!&0{}!m$vl*wG7patYWZyo^`{GvykCH( z$Ml|5mgeXG4vN(@>wLCuZFIE^o4qi3PnM5r-)7iwC~;P5c+ugb>35hmNw>XSoSe)N zeGpD}JZ)(TY^AB`ku*MeF{Cltrt|yl6A@#6);-Qchg;GfV2E#PsTZPkbpL4+21JYK zvwfa%Y;}LH%5)!0_eToR3OyXq18Q6eyB`bi2k2>jgzT%<=smN@98(dp-K&Po!n`mK zfdl+rJg`>-?f6iS0R+UZ2O$F0HGGuvwEIZkanT;FJnhJKdoLn*kf_hpBThSLd50E%AB0yC+fR@`2u+{4%=yIOc8Z@>#LNI~?+e-J#jaty;XLNo;R% zsC#_wg)NRfH4}*ss=Dd%n>#AE+-G&a12SP?r{VXm4vYP(!|J|mo;}5OmbUwLX2ZIt z?Bb5KI9raLp+Is?dVMK8T{nv`s`;G=bbWbuxe0^mCq2W{7?UC{CkwV?mhSmt^4xAz z+`BwFo?}@H{jyt0Zc*<`)@98NMN$u;4tC+JVHcXcpcGqKwO~@`;${Sea?cH_(KCaJ zCXi>*V04Xa2pkw})XU{d72enSC-|P_%v#cpwe9MR$X@g-;wIi`+nb?kn3wvg} zz1Xv3)>p909=9cb^ZG7Z0R39)P56kwTPv-G*ml)Y_DlnVLGz2pG}@P8c(rQB1g60& zdNg;&?@SWY1wUyN?8DUcI6dgw%yC7^(1remmWfB zQ2zRV%Kj*t5tQz`)3R@5b6uuc_rV=H4U|xr|D*!u!

6N$b$7WOTUk1fRQCWYj&9C-C|RkrQhbWbaR@eTcCM)j!MWlU!0@u zOHXHlb$?E;Q?gp`9a48@Xdja)Qh#J*pj5Um^Z7|A`1zJpv?|*Dwje_4b}R6+Zl!2) zDX#8vC^DqONXWe-Ar_@ai+e_5r`T*Hf}hp@)dH?YozoRy&-dBb6@pJ#z`8>a&*B z*_4H}Mseq(M}kx(iF3YUXVD05SdfMRI&sBBtySS!)*?mH`kb?sU%8cCnU!9tm0XE4 zo;?@A3!c0RRTZa1&N*q3tkh`ZoO`?C-mHXM3A++_&?})<0)@p&@ReZryy9-fkd1pn|LTJlG(KRJmGvmIdbLm#nuB3U&Hj_mUi?+crc(f&=qt-KU3pp@a&> z`&c8((RxucNF=6c`NhZ)I%C2K&{R|^is$My=QaqRk}k@TfEu>aAj++@U1_KXz0&H- zQ0Eo6B6z^Kg-~-$WQAk!KFMfB;Eg)|6$#{uxTa;s+*VOUF9POwh%81Une5mnzAlX+ zmQZB|7j?-jF%BE-0c#HB6~I3^e4qYeSKm7hDdvVLXV zchMWiSjshXSCr(y6~ZzNa9|SV0Q6g;-Z-&x{5$HCP}Mq>U_5=4(UrimN=my_f^pj9 z)+fDkYUSj2)UANt2np@PT}q`|7$ArtMhv~mEU4BkU_ZBVcIC|X)j2LrsznPxiyZOW z*(^hbR0hv=s+KzE`O35Ju4ma)?kaG$jfMFLj4Fi(fXjkIE_rM{Q!6i5UVNur41hp@ zg*r)5m8v{R2VW$a;z|vbRkEI(%2Ht}O~t8vtAOJN4KTF8kdGlBLq3Ll4EY%HG2~;& z$G|GT@@@r(1^$ZH-wTIog5za;#eV|uM*&i2%R?&OI_bFX{fD2MNz4Z!qhUr13(v|X z0YwKl7nW5k#|t3@PBl;!KP{J%WawPs9+NJ@R1=T_1c`9VOoFCqTtZbGb#bcfr{`F9 zDHH+U$b(Bxsw8ujrB-JW+@uP4IN-0?q!h5BnGO6P_l|nBGfSx%2R1U4p8a)@nMEvN& zY|tfn4wqfatYyb})BpNouq$`d6o;Xj!Z%!le*+wFoDvHX1JC~z@5h#Kw&qIO} zX-jSk?_7~4awm@Uy4$r+(4nw&^-wK37Pg$NQu5OZSOY>&rf$7G4Z>ySi( zgaxaju#$F-eKw78$gBB@e~UX8P6I8#Ohu?eVZ2j;drn)*kzBvF#RubsAC%GJ#LGkW z-wN%6WsymEd7N9zj2A|#?21vM^P)8sJn{5cp3+Wjg~wczN!-K&FG5R(8E=@aA$4ny zAdG{u6K@~5rp6enKtBd%MiiMe3r_Ovlh#FNaxJdNR;U~h+zo&~4Z!CJ|EB#}p16k=@*yyI zm{JtZN(nV{7J5U=Pt5-u;p9dIXQBOJd2{5f=ERB(Rd`)>aT?N(Qs@J>>L+4LPF%o) z%r3zYMyE{Ds%V>2V4iuwCv34lC<{VLR+>~oQz~0!gpEZF3)QW&-)ko&?IS^gxy%???E>b#ky;54KfWeEEGk?7{r6Qz zNUmTReuUTPpXNGXD6>v1S}D4{8j6x|=&55rOuwVZ6tN#|lqLex!@5FyF6Gri#rXnlnEYV*-b-Umb(rA8T;2RL!_c zF&m`QdB<^~>nCFjtYvoST#_|ruc|j-i?o*28V#K^7#E{{GR6QT8D(WI+yD;?qm>d0 zh&jltP4s4W!RRMr5DPKu>={60RtgYWS|*EjMhOnbDlISS{A5guo{kWd%(L=dYf~kM zR`xK`DVNOb^1{nc#w1olsB~3;HrflRtcfl%LxJpt0pRT}j{IZ{3R%=*Lg6)PUP*R% zk_jda(@#gA&pAbgI%32ZM_?u=rxmSgDTt0`#pt56tXiJF;I zU50mWLvg&Qq+#Atsz8Z7g>0mdq6|OL)o;Sm3C`CFt>W89GYO z;%=|yldtc5eJ%jYaF$uBf{U1irG*Z7%++~geNJ_k3*w6{0DgV$R7iyL!DtgQ{HCI- zas}Nt0#f4q0(ZWR7}>ASIhCSSGRIJ}4HA;X6lBcPJrBYQ+R)nK+z%DE@D1?a0CR@q zl+A*>A|<-#Aj`U#sA}ES>0jLCJ@M$oqZ5x#JUa1cgByWc1IXxV(gwz#mRE&!*%$|eEq!fQehJD6_gT(Dx+#*fia_0VTSgDi(xE#O;^+j{+Sv# zR{Nlkh!#}2o+0C1{_f~FeRC#{ft&QO*xu#pN$(@2F0tE#miKa6<+ELNsn+I zy>zxoJI#KY{$GM16^f~}X{{3jNkPYeHkpr=?ohOOoPJ-DsO*^WP-wb@0Gi-kR&p_+ z%~WwV#*Rz+%M<2f(K2P5yfIQIF9Op{i&TouV3ufdL|UAbdHZd?9C3_C8+aDl>71E? zwG6>=x?DEkpBU(dD?zq~jLp{~5?--Yl@_)ITx25Dv+5YAW{L&h&h&})LnaWF!bA$m zzb?^`N9E|QH+ZJW0e<+TcnB;Q*bmQRM>HyjVgKfc7dk-cxF`S;LXx?7D@#!#B>Y1` zqBNNr@$TF01W#znM8`@dRYJ?)+dPk%%lAEk#EujXAQ0LAXPIFad z$Wjv}phTf)vifhkGhQUGqe8u8#^}my#hAr!m7>Oc={kc70e%J0?|0L&Tw$0Qz^@A2 zM4vJ79gqT0gmWc!2S5d&y-?q22X&CNYV89D#)hX*S<(#{!nP?++tWlnK{G|a?f2c= zf)+VldQ;&cQNVC0$-uWvsrr;n8s$`f2c3xta6`fLh^&e-v{ovMj-HlFqv>MPS_7JY zKb>Oa1p*cr<#?{ldtP|K#Dk;mHPp+f7Rg=t-a02NW2)L{;E!{sVhDh=UJHTQ7Jcb3 zkEYJZuS{t2k;6fxl-1srnYpTe1%8NTs3ehP0$QDK^fU^ z;0le}wdvH^SDm>+RgmQzpf3x`7wdt_6i-z^6Z_Ot>%JX|S&%VvZj^%XS~!R~VeA$2 z!n>F%KUZi$5$-Z#w|3f?8JDeg$IfBElF3Dw;;Ux`y1C|BDP+pl(D~#>(=wSbs;!V2 z`Iv?<$GG(=IP|9aKs&WO1yMX*Fb_whVMk+VRqjdJ3&y6D;K4FQZW!5`5TLS4DKdNJ z+lq&wHtmzOncKDp&%SFmo>PcC$a!5UTM{+HO%?umbIkvGW$VT-#7> z$iNkWajBcnX(4?U4O&!fQME-J7Gs3! z(%wRkwKcPjF85VvlLc-{O7JC6OcanX(ohU|e30Rk8fUtl{o|TI^*%Ay)&@{>7Z{t zmm-q?<*ik)T3m^gS!qZ~a@w<`_!$Pesc+OL`%Tba>24{w#}wYG7y)aHK+eGk0Y8Sb zj(+(~_d(HF6S_j)a%<@dYPbnS2LDM6;m`_EDE2)xxjP`+L%h%(YI|dNr4TL!Yn|$a6d%9Y5&{_Wm3%O zFyJ6MQnaE=2MTPk?D~!VQC!Cl*nc|8Ewd@LhAM3Y=v6KR=43V100=jf>8bzfhvoxR zSxhBz&$5ajT31&E&@IrIfbY_FS|tVf&=LlDm_GqeSjtJkndBwwP!oJ4Oc8+5YU#%3 z;2TfqZ*x-oQ(KLoM(t0*8=)i*menYI4l)WYq!Kl1Uukis^Zunm|7cT%_(EY~KM8L% zi`qD2ICxZ?Eu{o4D_s$;q^-Gjydj>bpNcOz0tVX3jpm$tBZ882Jc(JuwJlY3d@(;I zZ|IMy#$2dPko%`bp*57L?QME+X5>-iqK4^d9eq>%_hTtT5E_6=$Lw7)As1F^j+ozgDYE%abUu~(c;f5vKAM5s z&3rAv8AmsHxb`R4G}Fe$Tsxn%?RuSf`(RzFVUd##P8v@q^_}zuNgz3~phLH|(fD}c z@1rnbR5m3qQlVQ#=$1Lds*yQz>$#D=PEaQve+rL9RmBRpYhEQD1w1z{xiXOE5|rri z0G(AKUfUCYABx{~ib8R)meXIsHpZ|}nDs(ex+~GP2s??!B^sBOotXUz%vPmv*fpq! z>cD1b53cCaL77-iyr!PnXbFT!5OQMt(=fg|$hpo;%aW`Bmdg=7Yx1&axEOqpau99l zx9yp4P6O~{OG{C3&qRXsOP1QwiPH_56!0T<1K`j($2;cJy1{7xo-nc@8>kuKXvfFJ z#M_+@i~^2RNmca&fKIv-^PfKaOwyq+2~`6->q=xL8k4PdrJ|kCGhd$u;B&3|^I&}j z1w4T?&RA`epq7|R=BA7n{YrOYSlcRQ@WJUXRS5b!@pPZ8Hl+j;gvu%j-rb^$_9$$G z!bP0@srbXJ%JfI9LUxu36)KOqs9KPqvJu_&fD*)vdnKOz)C^Ou0s}Z09Kb74q*pFg zCT-Lfo^q5FZ7gX|05tvVyy7mTgodS$fm>!n4B5tPT*)Q5+WjrsCS2b1!bLyo#JqNp zANtxc?pzT;@={Ya)!9Uc7%kLTW1eCl+>^xhJG|bWm^hoQjFwvf(3N$;3JLc~BD&A?UA2=V&PAz|v9Y0ri0q3iX~CxBx;zfty%d z@pSP6{6};abXe~zw4WZPvNNHE^Q#B+uGip~f2 zXa5vRx|Lm-6&T8SZ|h@H0#ePRsm5iVvevYiL6_22B{FI;$gPJq0XgAwtHPPjWY0oQ Y3N}t8Zwec7gF$EiA1{n`+duUH0O%$UmH+?% literal 9856 zcmV-`CV$xz=AFNSw>P7?_`VEEzz{+SNuaytFpb2VMEF|8 z7E7#=RFbNH{e0%JWJG3UGD%U?mhTnCSbQ-zH#hst+&uW-o}It@Bm7m~oqs5A-(BCn z`Jdlf$s_U$>fdG`MQq2vd88h&{mZpxeA-_!GO zb94K#?}ztfgg-C-@4u+w4}81CB|W8n`}R1f>MzAw4wrJRhD){9!=+vubl#qEd4Zw) zUf$2!=XkN^D!jP*?e?(1EK@zEdhQF?82weUfO8omjD?I!6@Yk9P;tvN^{AIgB zGpxH}YyYw**;9|#Z*uuW?7dEFzvg=FF2gVQJ@DUNfH{fb$xAA}$R$4(Zp_DE9ntgK z^$preZ1Z+t|C{o0OKi9$H{4PO=11?$&vt>HWh2WCvAnyqL{WF?)^51;V9-Du zBeo4UoVYpMfVCsFG(#i3T+#FlH=6i1+?X{to0;ch=iIJ2x}VNycoyE3o7!ZpgE<^FN-@140;n~~rXA}Il=kcHO|0-{9&o(+^-l{yq@A5lJ-aZZ}r#K>oIkng)6~ctOZ-1h3Ea%^lkV=&*>=- z@%HW8+m9vx>(AG-BCn{~P_N&Fo6UUc?(uX~9i20o5JQ;{n=9TG97Xb~+`RkvM|oTJ zHZXrQbiAw|dTN(m^(5fw71q(;2l@jexxb@i-_fhCXj}Q+Wt#`?hDJyR{hYb4+WU^7 zV{Owt?&{xkZFIHWcI}(7uG`eT*%0CQ$Xwpvb}Hkh>5IOk>K=_n#c==o?QOn_f2Y^5 zOwUmCO?kUfI7C~&gu7|HxxM{sqiAq-{r-+7UTrsVSMkk*N2+*vUjjQbP0u%~ij%Iw zLisV+m;{DqK$qziwAFeb>wV4h3e<7K^S0-z|%W6Y@4ix)+_z z6tJe@&Fxjb{X5>2s|fC1zxkaCp`W!7+k^VweS@tPv1wb34T{AE+iF;PJfZh)Ipw1imc^&%0@RarNT%&Aaf4hfjhY z0?E9)V%@v{`1`LLsJdt2b@(KAYN+r@@2T<0gip3v9kFF8Th+eQD{9xGm0m>?D>@X1 zH}jUo*fQCQ4?Qhnq{U+ZY+n^%!B4ym?nWLUhswRe9RKg@M2v#GBKgM6bV z=J=-Lq@EU_R;L!b-IBM`=pEna{`M}tr4JftAp3Xa?T64I`@2+=ekvWf-O;Fh^p~=r zM>dRdqv_Op4We99qH@~XrcApY^_JYHM0K-?>VPiP^m^028rxL+tfC$kP4kIH8Jnz{ z>7DMDUVmps#(bEs0eajofe(XnfkNYxn%!-;L^sdv@U(-@bJXhj#1-zYTij-dAdK;Y zF?z6x9UKe_?2Rm#X=LGY7OXK8H|PQguDfs)Gw6Z`d?1UpaKR8c=t-lvK~G$Z>-3kZ zg$ag;LEjC<3;K?97a-_k1^(snPWU1Buk#Q2z5)w^EtUjZ%+Z0E8s|Hq*|8`<9!3Fj zLcn}A^+MzZ$)R}EqO17lKSTVbQ%vuAR`4Nc6>>gnu`pWqzd#S%vl$TFJ-WL7G(21j zXpw<`lTh6LX2Lbq>6FuSm3J}?QNwzFxviS}n#Z+I!+UUbbl<4@g|yNA7}N(E_vou* zd;fY}%Ztxpn{0yn3yJc>XqPW99wOY~9RNUQ{&(Y#e1iXeyS_QAXMewWTSEFHfIsJd z-Ck2LaYU+AVuPXE-3FjdY=;_c$3gT=Mz~p%*47q;Hm%c%ae6j_Sv`Hhr#FN7crpI3 zc7XBy#nRv}HjVW68xwS~36$Ji4Bbv1!ekAP+vUiJ4;Q`VyV$VfS^u;%l@w~sa2pWdVq=A0U-a<$;{M3|Vg&dX6WHJO4HhPP zEzQhV7(B1_x_)d@)HN4w+r=~dp13A_82GEkljl@@uPm*lYUS2aj-Jo(YCUtQ<`jsF z4&dC1o&vPQ7b_0Te%0~qF1K(k{94%2Nm^=BZqd^AhhB$U*^@%Z?r^=&lIlGI3~^VZ zysL|id3`p%F#YvD7xCcomJbo{fj{>L7;~lfs^9LoefNI0-|@fZ+En%h!*%lowsr(n z|8D9)&_3HXfaxI?{~~Q4so2y35#Y-+-J$V`Xz(hKhbae;;`3nG50YR zCBW`eaBh!+J3Cg_%SUC2T4afSFiZ4)mY97kv3Kcw_oa0H(()&OGYb%HtGTm#80I@B zOOBHzkDRO>G z?vN@mN|iWC)gh@`!a#(;4le&gQYCk!>Oi=gkXncN*hYjGgkw>zx1`D~R@}yXhtN*L ze1_z61iK4O?jYbH4zsl_J;Mmw0ODToV=G`3UadKhsaR-ObZ^Gc1K-}9SqnA^_so|V zHG6rd+XaVUl*)G9f^CzBd~IyM$lBHTSPg5hT@6@uZCSVU+QqoKpAFAx@wMyc_;)&a zG`coVYi)ns)WqY9A<8mY;23x>3hioGt83%BWrvHll-6d0qs>}%_}aIN=Xkew)e)7- zPamM4Ut1-&HtN@L;o+t|wMz@n=vJT~ml40tWDO5mRkb$q*CzP57?&OuAJ-mu(uy8% zan^>la%=4eKB`}L1s+f5MCe98)iXU2+N`x6s(zeR9hYCvL49!jq0m~(wH_u`nI(dh znG>W8wT!CD^#m!mR(7oVaiQwRj}MURMFHk(J3h92qS2p?FHC<82|nci3f2XBM^6jn zj+tnO!r*o%!A@+Kxa?x?c9T};HfeQ!lU6rLrDM}nIzCOM>*M27_D!?j#%sGtgk#&u zWNv>h8I5-n*&4IYmZN5TQxZiMQqI_rawc|C&e)i8CdTcRr35o~FrCcpW|Or(k4+w9 z4@e$koAkhe+Xr&GMjp|2OX#=j4yH==HPDk9_J^+e9p&y~0;$wsrTUm^Gi}=&b=&t; zerMb7p$!e&+LS-A&}6^*r=^DQ#ys6%p~NTI?MiQU+$V(w*32G_oY^VJCcELH-whXf zKaShoQg0O|+vk3=ecls#CC9CM*DfaegyU4o*~Xo0tLJ9CdeB@ha-OK|7S>4QjHJ(+ zb5fH#eGU^c4Qvnh6Hr66u@QYu0%sq3l>K1>MFz}nXOLYDXqwpE19qV=?mMZ|c-epv zUQa!lF$6J&T6;n4?mtip@3xKXUcFvZD(%jz(RdC_prrLXhdZa_Bf;Jmi@`CmJck1! z9k{-}UuB|k_;tnledgg}&F#gDMW{?1n1EkCZpv{tr{jov6B5wjwa7ePGtEMjR{$SlzCkQ+J&} z;lANji868r%?+i=W!phkmC+1_s-CuVD0iSK7QLzJHmx^po0fpN+ zx}TmccvC*^i+F4o+bDv|VX@ek8ymgb=5=D@5gOwCG!3nC5ravrR3peiKwF* zCIau(a!U#SWuF;%L1yT9j(1t*&u81XeU9kBoISnl=+LbO_Eg)W|EANqr=~rWM)z3@ zU)*cq^V!NjW*v#AUPt^M3+X5!f(`7zB$b}xBcUB#_dq`>^P&G9%tlz@S{DS#lCh@ zG5P`@_;`gvO9vU3YVIB%lm|~S%4N*fQ!xp+Ep|q^zWz|LzKd5~x#pp_t1eC04GmBL zV)yu>7>_UZm0kCAsBXJPy6QXU7q7-Vs8(jIZbv$7|8&eS>?-xQ?bWlc*z@kJcCCYKUp+WVB|jV&$|JzdQJlIL zE)-qA$JjHuPYuc)JF}zzk27a-!|@KvJd%XHxEJHb0FoR-Q_ZEmIYJ2KQC)RS&-zkZ zeWA$ZK?YD8yMnrWB<8LYn>SNl9vQ5K>6j74~iNXu_pq(5JLJ0X3k;*wCFYfZsz)^CM(mwLb4yMdp}>Q0y)xWEPf%xd#&9cS3=^ z>SxEXcnB6CX59-6sIKFqG^gE1`i|f7P|ayarrSHgz`f+`7$rO5-Kb>!mW>w22%|r$ zx32MNZ;EaAhB9|4a=#$4ei;(nrM_>rl=hZV?VXD!vS#S*k}*?%X?{UG1uCgc#ilo z4&0+CZFx@zPCkv!K8|_YN_$rAU}#?+u`4nQTB^mf+G0DlukP@w7h?N+S|$?j)pXO> zzfiU1A*;K6j0yWXMZPyMD)t9P)m_^gd#de3b^Cs1le(ww;;yVX`|XJ6<>3%y^VGK^ zknLPRPu&=$8lP--fyG3Lk4)R2F}|R}`!i*)&#w1ogllphmlDG1#ke{aa=!KD`^!zn zO0T6EuEz8cemNQ5SfsnYm|VB-eeV4#-FR|jE%eKlVZLMt*W6In@{p)t7Y+<|Y0wK= zz13Z^{__=MIHgU`ZNHh@esqB{i?*%nWJBPSbCx4%%Y|VHfRTUw@Z5c1!N&&0V%s^|e-;)DOCAwbhVCuG*75;&0g6 zxWxkz?aeT`TDFAzY2t|Ren?upYk%I=zZT@?N!3&bFSkDQ*;tNMas^ z3$|o+pRW}P>X-doDZMWfPffpzllbUw+>wa4TWy+$r*!u*Tb%|jDz!zkTBKRR430F5 zy);j=TGM!}M)^Bv-l;aDSqwCfeCAs;^Eu7!>n*?sWQ%*6rQb)hbc=k}>@dx{)uuF~ z<1IeZ*|aIm(k;-uyjCU2`r=w`Z+bctaLRMKos!i?@9=bIrS>N_1ggy_mF>-Zof4RT zz9ki{iT3qn5FvH@X7#f!tTp*$v+hbzhU7RCa_>xtMd{Jvj+xl0Hk%2#Ej^UoIhzTw z^_^+m*=34k4>YqqG!N>9zPx+ZeZ9N&vX+;#yN(7v)gtB3zuy0I^^QIizS(Jp9wO4V zzYN~KRd~2WM=E_b>P#4|lqgQt;&UuaWG8uXRp=ChG47nN*jdh@7@b0>R>_isETvcn zz$F9|+R1ayR(|DHc4bz2rB-q!&J^P*SYCL^MOf~*W;WImc&^DYRnEE7E5Y4L;6J+( zW+ia1Rsxj;UaSOLalb+VZdcr_xL$F!;&R2sisS8>^(k;63X_Z}8-q@+CY4#$C6*fM zxzsBOTI5QKmED8Hx8S6U*$2a`v^j_(bmq*OkQ|p;t8?jA(ypX=#6G!HLCG3j z4hGy*MduKr)6oa!qBhj0Vk_w%w_9yJ6RCJny(}*4m@EW=TO+hIKB#kLRtnRsR!Xjv zSSkMKBorx=kX0yf+-6yMWmQI>bCk{&<<1pGZof1Y)tSVL_l{K|Bfz(*B3thQp2TF* zx#la)R?2^ALbSETYa_YUQh1Rdgeh9*y|Ga!8;BiRJPj>UiI}kJs<6hZq!`o$n8LXg z(krb=C^i1GD-C6!S6Z#Kd`zcL^e zir%b@UKzDAa%IHI@UK94iq2LktxCc&&Y_v3<1trPxY3z4!ttM4S@~^_01G+mWE~T* zU_fI&X@j}&(nlJGIJdB=c4f^sJ`N`W2g>s{<*0QAymXG|RJFGe(-UYMj;*Z!E=E(d z_E~2cbVw19C2{Yh_eCpU8Nq!Uja)gga{Rj(P?XhSmBW(BqLj(GXqZ!Fv{%;3!rFlB z%9#})nN#1(u%NRzgC*2jG818cTyjErD}~JfskIFYu+)7=WAd@WIt1oJanUH{rEtO0 zDuUq%oYR=RSb4tk?7JHrbeykTXy8be04bv*DYOv}6J|1y9pqGts!_dGk>dvqGqlX` zo}q1q#u>^nlw&BzP>!J-gB#*k9xSpeZ&qHfyjpqr?Q_P<8ej}`c9BUb@ME+D=1T>@ z!I#)0{hyOLDaBH%lLVt`G9hObf%d9OLBkn~Wal~6rOH1YcdUuf7p7__cmxVkDpai* zY*s837J7&DE%&=%=F-5|Ik+2-TbeuwUw9e5yG!=f(grGLi z2>Lj2vRU4mwW~IoTzupu!6TPUq|Ab<%4Oa-iC#Fm;ppeY)uYT~W+gcjj0A+%fjI$( z-vq5G0-_`9xQg=V?8M!B`zVU}WQqt9no$&CfvR|}v1%!TRrQ>sJKk8VPHcX-^Aw>L zidAqlgv!Z_YG9+`m`BaQYu(rkUl9J{iQAuV(!f)xYykl97`bsmmk@n|BC#gr&~cl% zi&h9-pE&-x^39a@Iw@{FZ3t*^)_Mn{XBi72#*X8ti@qIIW+%o!j*G+#ux&9`*_aF0 z#W~HaQmWdVL`S? zsz}KIsG(60j)SP&EM+{K&3}fkB zND4-o86zZZSLy0Je$|ebRPn^qV|gk(1X3stsNGt7zfQ1%C9nYosq(CYhz`v5nyHvw73G{` z6dZ%$6dyP-`}48`tqvs{UzJxyfFHCI4U8_W61kSpGh3XP{TLybDw4FK7M0*(=3*m{ zI%Fes&a&3fGE2Gp1|^$2LEPq!KLWeCW6S*Jb`Qh3C7z;x^vTgFN3R^+a`ekBRm5n} zHAmmv5c5$E-E;KMK>!B@93*gqa@wCsnS3k>Ga;08CMnE;5m_29c<|MC6XDruBEIlM zgit;B8$G!tLMB$=kQnPE{tc1$6X9swG-z|0kS{zTUIrDJG>kEAgD*nVq?C4+c13Ko z{e-yFggnuNXrr}G6>K(zM__toO0L3~P${?G^s0)VCgKZEL{+?CF_=hOC<%y(Hf0ms z|6*NAMFT0J5#SN-^-q9hy!XLt!$S&80ikA0 z7h{gWvt)HL75|?M-G9f!WORN|4MqYSbDP15E{wp~u4VDzJYtbwzbl?^O7U$QSozyPrf`xJ#XHd#9aQUxpAaPEP+QWC6l#e1}`%iR*ThQjB))m98rw3tTH#%$r5290AIYTPARSv zuWAfLJ&Yqi81iRATbq3GSVgSL5Tr6GXjynriZM4vi%#4Ew_tc=tSpphbId>*iD09G zdafnvl6OKnC$52Oin&~)cO}@6O3b+=Cj^{K#!ME;?ZjP9Tm#p#VZrj6p|T=|mf>eY zp&R3~2u|5D21icZB0W~yq1GrRaDY$+?G`w9Ow$QoD7JIKNr%C#F!yw)-%AiaFd>Z9 zQH89W$&^_^CxDd5z9R~i>7yG@Oq)pBdpL@eW)y&_>5OoqtXbHBeMHi-Hd=V`Nn+mm*A*^UlDr7D?`MMScT&ykC=J+GVStR;4UL z1@EJIeSG079t%zhtye=yKn;{4YKdIeso<o4h` zCyjl4O@R$oS_zI3(4<}N6e9D5Ri0U~fv0nUX%d(bL2Xmx)Ou?k?NbNT171-t^Q90% zaGCp(Qwkwrc3849;CGEq3Qpfb5JWstPvjH*_wB^UgsD+UiO7Wa%qHWY>};r5Z5Al4 zb%I7D|GbWz$FlPa+pC;2Q5FLsq9_`BAGvdug_B$- z20u0kTaDMw#aJ<)Qadf$s1^Hi1PIGYk~JvlQ%!KftO%ZAof`&H`fU?xT=6eMfQu;^ z9eDMkz=PM8>6$QHmO1ce_rX8`l^~S(vV?HjD9iK_L6#zSmdT`2im6ic*g7*VucshJ z!2=ex+Qf^tQofl-j#9*sjcMung7gAR zboX0-d7|Kx$5?>$a!}xo4beLlSc#w#q_%H(3D_0UR?!m^rM%PM3Zx_ zjZWFRz`XZPlOF&VAgX9f=?r2c+J1Y)+nN+Jux^E`B;hw&4W;jO&`}i0#0VL_)d57~ zObGO0T@#B*nnh`XQ>kbpGK^Rg8AAg=C)$0RgRs@X)@Co9vB1m13IUbIfwZ(0zNl^x zXb8Yn0J(ni1Iob~Uf@b3LNcC(h^cTX&_|Gg-b6Pb`cdE4z*MNpxL_+>Ls}!%dMGR4 z7W5_oQrn?!0bfHH@(s-QIZ8&rQzy8=E;$YD3xk^@NKLqkL2l&n8y|x;*aU7o^x;<`5XR5~ga^sFjw+c{JqIPR$Q)oQHzK6IE}^*; zZ!(ssRZakqz;%!Yev4IALE)w@;9^nL>P|g<4JwU8)4=aOMA(IpqzJ}YpbTeB1per$ zv|pc6=_2&JkJf@5C$fZO!V9bL&TzTc?jS4dI{NwiEDoN!rQaxw5%B zxW3v}4-3iR^>wz@-EUO9@3G>i9YF?X@k>nmMvgEWo1DyB7=k9u$|Ks-FlS% z0DlvdE~F6aqv{BkH37fF4-%;=$y*e`VK$t3v_6@t)fpC3He5=RRe*uUq(v>F50rLD zeNyx8QTycy+R7LoDt)E7C{slOAOLg@1*olk7#Li~51ORtrl;P}73Bg@rp_bNQ?ipr z(8t0!w@wvU3R#>IK?k2zYF}QKjN+E)!n>X(`^D)B^tUfu1(MA!!AVvcdR|M8ewd`) zs74n$ViG?BKm1APl2T`f1)dy_F$yKC3z?RrH8ERTy7^55p0W`w#b>N5NhiLU* zoW>XurF;oMuM8#PbuyV*gSn29zAn;e6twvPx&-aO(Dn;$hY{`etJ3aF%86yqxs#Dm zz`Pa>)l%tvt*WM@U466kYX|eCnFOwI!9}1qlyS*~;$b;e&wKq%k3sTMDqtD31LxHx z?tMw{Oo~h%?qZ7}N%{*vw2elmTH0P3=%n2=+D?mw`}O7B~OWtB1;pxF{2|Tf4H&d5P)Oh7gYoFlY@!2*5HjSKpsJK zHlAowKQ0eA#wwEKOlZXnSrdxs!-J8mMm%pkfEOys3-#)U=Z9e2#*l+kGC@8BTpn+A z_KDTRc`p+h^iYNj?QaoJ)Q>MGo>DckW!w|auoaNq*O~;gNvG;N%&E~4#n^}^TKp7z zk)hTCm7#@C&gW=N<}6ZHR@NfR-0=ndY5mjiM49Sbz^GG>wbsm_W`XN;R*EY<@WlRf ze1TOJGBXx|d6P}dGb;>S4jG*(HMP@{(op6VXf^cLA*pYAhRzM>HK5mkUIThH%4zpw z^NU*zew+^<6<$MeV6727Pwk1X_udBqwO*&tzRh64qDvGzSl_|>A>i0Jkoyz@5nZ;SkwHD@hlv&ykRaPqK z3dkEnwJqmSG2)T@srdx&%F($>SY(k66G4UGtK`|JQe2eHG>}j!W_qF0KRwf`glM_S zIenAM>FlkymK&uUr<1a(V;YE2AVx9QGtQov*Ul1xA{T9<2vw>+6go_sbJ4JeOb^Th z!%#_aI_l3)%p1SkTdgh8DXFa0iUQE7ePY8Kc<`n7U%&(y&lBTjCq`f~b<}VGy$H-l zB`7x$XxNDmdaqmY6Z4i6PHJ?HG37K1uoSE^r3$cYWFGYKo_Y4fz(XnD z7O-F0hd|%XgV&ci1R*&fgPiDtEJQDT%|?7%bQeya%Z!0e3Df6*15{@fHfF}7wsrg( zq(Xb&;sCNtLC31;R9FeZ`eak!N?1ytl&1S$p%VQ8pl^5}Nm$M}FeZSdklIGWb@V2f z>S6MAK37=2s(m=9J2wZTwsI@GGAj}-*K2PeEC*)@NVQ<;K>1`0ia-O_52XY^8KIS- mPo<#Y6;D~HkR$!IH|J~?1_L!k<-RoNKl}gYGBBCx^8f(q{ZaM+ diff --git a/creusot/tests/should_succeed/heapsort_generic.mlcfg b/creusot/tests/should_succeed/heapsort_generic.mlcfg index 52ffa5b3fa..817ffd0fef 100644 --- a/creusot/tests/should_succeed/heapsort_generic.mlcfg +++ b/creusot/tests/should_succeed/heapsort_generic.mlcfg @@ -13,7 +13,7 @@ end module HeapsortGeneric_Parent use prelude.Int function parent [#"../heapsort_generic.rs" 10 0 10 24] (i : int) : int = - [#"../heapsort_generic.rs" 11 4 11 19] div (i + 1) 2 - 1 + [#"../heapsort_generic.rs" 11 4 11 19] Int.sub (Int.div (Int.add i 1) 2) 1 val parent [#"../heapsort_generic.rs" 10 0 10 24] (i : int) : int ensures { result = parent i } @@ -59,6 +59,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_LeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -87,11 +88,12 @@ module HeapsortGeneric_HeapFrag type t use seq.Seq use prelude.Int + use prelude.Bool clone CreusotContracts_Logic_Ord_OrdLogic_LeLog_Stub as LeLog0 with type self = t clone HeapsortGeneric_Parent_Stub as Parent0 predicate heap_frag [#"../heapsort_generic.rs" 15 0 15 66] (s : Seq.seq t) (start : int) (end' : int) = - [#"../heapsort_generic.rs" 16 4 17 26] forall i : int . start <= Parent0.parent i /\ i < end' -> LeLog0.le_log (Seq.get s i) (Seq.get s (Parent0.parent i)) + [#"../heapsort_generic.rs" 16 4 17 26] forall i : int . Int.le start (Parent0.parent i) /\ Int.lt i end' -> LeLog0.le_log (Seq.get s i) (Seq.get s (Parent0.parent i)) val heap_frag [#"../heapsort_generic.rs" 15 0 15 66] (s : Seq.seq t) (start : int) (end' : int) : bool ensures { result = heap_frag s start end' } @@ -123,6 +125,7 @@ module TyInv_Trivial end module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -134,6 +137,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -152,6 +156,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -181,6 +186,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_LtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -192,6 +198,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LtLog end module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -203,6 +210,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -221,6 +229,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -250,6 +259,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_GeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_GeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -261,6 +271,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_GeLog end module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -272,6 +283,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -290,6 +302,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -319,6 +332,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_GtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_GtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -330,6 +344,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_GtLog end module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -341,6 +356,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -359,6 +375,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -377,6 +394,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog end module CreusotContracts_Logic_Ord_OrdLogic_Refl_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -386,6 +404,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Refl_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Refl_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -401,6 +420,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Refl_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Refl type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -416,6 +436,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Refl end module CreusotContracts_Logic_Ord_OrdLogic_Trans_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self @@ -425,6 +446,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Trans_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Trans_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self @@ -444,6 +466,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Trans_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Trans type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self @@ -463,6 +486,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Trans end module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Stub type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -472,6 +496,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Interface type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -489,6 +514,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Antisym1 type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -506,6 +532,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym1 end module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Stub type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -515,6 +542,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Interface type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -532,6 +560,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Antisym2 type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -549,6 +578,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym2 end module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -558,6 +588,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Stub end module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -574,6 +605,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Interface end module CreusotContracts_Logic_Ord_OrdLogic_EqCmp type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -591,6 +623,7 @@ end module HeapsortGeneric_HeapFragMax_Stub type t use prelude.Int + use prelude.Bool use seq.Seq use seq.Seq clone CreusotContracts_Logic_Ord_OrdLogic_LeLog_Stub as LeLog0 with @@ -604,6 +637,7 @@ end module HeapsortGeneric_HeapFragMax_Interface type t use prelude.Int + use prelude.Bool use seq.Seq use seq.Seq clone CreusotContracts_Logic_Ord_OrdLogic_LeLog_Stub as LeLog0 with @@ -615,16 +649,17 @@ module HeapsortGeneric_HeapFragMax_Interface function heap_frag_max [#"../heapsort_generic.rs" 25 0 25 58] (s : Seq.seq t) (i : int) (end' : int) : () val heap_frag_max [#"../heapsort_generic.rs" 25 0 25 58] (s : Seq.seq t) (i : int) (end' : int) : () requires {[#"../heapsort_generic.rs" 21 11 21 31] HeapFrag0.heap_frag s 0 end'} - requires {[#"../heapsort_generic.rs" 22 11 22 28] 0 <= i /\ i < end'} + requires {[#"../heapsort_generic.rs" 22 11 22 28] Int.le 0 i /\ Int.lt i end'} requires {[#"../heapsort_generic.rs" 25 30 25 31] Inv0.inv s} ensures { [#"../heapsort_generic.rs" 23 10 23 22] LeLog0.le_log (Seq.get s i) (Seq.get s 0) } ensures { result = heap_frag_max s i end' } - axiom heap_frag_max_spec : forall s : Seq.seq t, i : int, end' : int . ([#"../heapsort_generic.rs" 21 11 21 31] HeapFrag0.heap_frag s 0 end') -> ([#"../heapsort_generic.rs" 22 11 22 28] 0 <= i /\ i < end') -> ([#"../heapsort_generic.rs" 25 30 25 31] Inv0.inv s) -> ([#"../heapsort_generic.rs" 23 10 23 22] LeLog0.le_log (Seq.get s i) (Seq.get s 0)) + axiom heap_frag_max_spec : forall s : Seq.seq t, i : int, end' : int . ([#"../heapsort_generic.rs" 21 11 21 31] HeapFrag0.heap_frag s 0 end') -> ([#"../heapsort_generic.rs" 22 11 22 28] Int.le 0 i /\ Int.lt i end') -> ([#"../heapsort_generic.rs" 25 30 25 31] Inv0.inv s) -> ([#"../heapsort_generic.rs" 23 10 23 22] LeLog0.le_log (Seq.get s i) (Seq.get s 0)) end module HeapsortGeneric_HeapFragMax type t use prelude.Int + use prelude.Bool use seq.Seq use seq.Seq clone HeapsortGeneric_Parent_Stub as Parent0 @@ -637,21 +672,22 @@ module HeapsortGeneric_HeapFragMax function heap_frag_max [#"../heapsort_generic.rs" 25 0 25 58] (s : Seq.seq t) (i : int) (end' : int) : () val heap_frag_max [#"../heapsort_generic.rs" 25 0 25 58] (s : Seq.seq t) (i : int) (end' : int) : () requires {[#"../heapsort_generic.rs" 21 11 21 31] HeapFrag0.heap_frag s 0 end'} - requires {[#"../heapsort_generic.rs" 22 11 22 28] 0 <= i /\ i < end'} + requires {[#"../heapsort_generic.rs" 22 11 22 28] Int.le 0 i /\ Int.lt i end'} requires {[#"../heapsort_generic.rs" 25 30 25 31] Inv0.inv s} ensures { [#"../heapsort_generic.rs" 23 10 23 22] LeLog0.le_log (Seq.get s i) (Seq.get s 0) } ensures { result = heap_frag_max s i end' } - axiom def : forall s : Seq.seq t, i : int, end' : int . heap_frag_max s i end' = ([#"../heapsort_generic.rs" 26 4 28 5] if i > 0 then + axiom def : forall s : Seq.seq t, i : int, end' : int . heap_frag_max s i end' = ([#"../heapsort_generic.rs" 26 4 28 5] if Int.gt i 0 then heap_frag_max s (Parent0.parent i) end' else () ) - axiom heap_frag_max_spec : forall s : Seq.seq t, i : int, end' : int . ([#"../heapsort_generic.rs" 21 11 21 31] HeapFrag0.heap_frag s 0 end') -> ([#"../heapsort_generic.rs" 22 11 22 28] 0 <= i /\ i < end') -> ([#"../heapsort_generic.rs" 25 30 25 31] Inv0.inv s) -> ([#"../heapsort_generic.rs" 23 10 23 22] LeLog0.le_log (Seq.get s i) (Seq.get s 0)) + axiom heap_frag_max_spec : forall s : Seq.seq t, i : int, end' : int . ([#"../heapsort_generic.rs" 21 11 21 31] HeapFrag0.heap_frag s 0 end') -> ([#"../heapsort_generic.rs" 22 11 22 28] Int.le 0 i /\ Int.lt i end') -> ([#"../heapsort_generic.rs" 25 30 25 31] Inv0.inv s) -> ([#"../heapsort_generic.rs" 23 10 23 22] LeLog0.le_log (Seq.get s i) (Seq.get s 0)) end module HeapsortGeneric_HeapFragMax_Impl type t use prelude.Int + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Interface as Inv1 with type t = t @@ -733,13 +769,13 @@ module HeapsortGeneric_HeapFragMax_Impl function LeLog0.le_log = LeLog0.le_log let rec ghost function heap_frag_max [#"../heapsort_generic.rs" 25 0 25 58] (s : Seq.seq t) (i : int) (end' : int) : () requires {[#"../heapsort_generic.rs" 21 11 21 31] HeapFrag0.heap_frag s 0 end'} - requires {[#"../heapsort_generic.rs" 22 11 22 28] 0 <= i /\ i < end'} + requires {[#"../heapsort_generic.rs" 22 11 22 28] Int.le 0 i /\ Int.lt i end'} requires {[#"../heapsort_generic.rs" 25 30 25 31] Inv0.inv s} ensures { [#"../heapsort_generic.rs" 23 10 23 22] LeLog0.le_log (Seq.get s i) (Seq.get s 0) } variant {[#"../heapsort_generic.rs" 24 10 24 11] i} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../heapsort_generic.rs" 26 4 28 5] if pure {i > 0} then + [#"../heapsort_generic.rs" 26 4 28 5] if Int.gt i 0 then let b' = Parent0.parent i in heap_frag_max s b' end' else () @@ -939,11 +975,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -961,11 +997,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub type t @@ -1014,6 +1050,7 @@ module CreusotContracts_Std1_Vec_Impl1_DeepModel_Stub type a use seq.Seq use prelude.Int + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t use seq.Seq @@ -1045,6 +1082,7 @@ module CreusotContracts_Std1_Vec_Impl1_DeepModel_Interface type a use seq.Seq use prelude.Int + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t use seq.Seq @@ -1073,17 +1111,18 @@ module CreusotContracts_Std1_Vec_Impl1_DeepModel_Interface val deep_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq DeepModelTy0.deepModelTy requires {[#"../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self} ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length result } - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv result } ensures { result = deep_model self } - axiom deep_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv (deep_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) + axiom deep_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv (deep_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) end module CreusotContracts_Std1_Vec_Impl1_DeepModel type t type a use seq.Seq use prelude.Int + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t use seq.Seq @@ -1112,11 +1151,11 @@ module CreusotContracts_Std1_Vec_Impl1_DeepModel val deep_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq DeepModelTy0.deepModelTy requires {[#"../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self} ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length result } - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv result } ensures { result = deep_model self } - axiom deep_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv (deep_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) + axiom deep_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv (deep_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) end module CreusotContracts_Logic_Seq_Impl0_PermutationOf_Stub type t @@ -1242,6 +1281,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -1388,6 +1428,7 @@ end module Core_Cmp_PartialOrd_Lt_Interface type self type rhs + use prelude.Bool use prelude.Borrow clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = self @@ -1412,6 +1453,7 @@ end module Core_Cmp_PartialOrd_Le_Interface type self type rhs + use prelude.Bool use prelude.Borrow clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = self @@ -1439,6 +1481,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Stub use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -1453,6 +1496,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -1462,12 +1506,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Slice_Impl0_ShallowModel type t @@ -1475,6 +1519,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -1484,16 +1529,17 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module Alloc_Vec_Impl9_DerefMut_Interface type t type a + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -1562,8 +1608,8 @@ module Core_Slice_Impl0_Swap_Interface type t = slice t, type ShallowModelTy0.shallowModelTy = Seq.seq t val swap (self : borrowed (slice t)) (a : usize) (b : usize) : () - requires {[#"../../../../creusot-contracts/src/std/slice.rs" 240 19 240 35] UIntSize.to_int a < Seq.length (ShallowModel0.shallow_model self)} - requires {[#"../../../../creusot-contracts/src/std/slice.rs" 241 19 241 35] UIntSize.to_int b < Seq.length (ShallowModel0.shallow_model self)} + requires {[#"../../../../creusot-contracts/src/std/slice.rs" 240 19 240 35] Int.lt (UIntSize.to_int a) (Seq.length (ShallowModel0.shallow_model self))} + requires {[#"../../../../creusot-contracts/src/std/slice.rs" 241 19 241 35] Int.lt (UIntSize.to_int b) (Seq.length (ShallowModel0.shallow_model self))} requires {Inv0.inv self} ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 242 8 242 52] Permut.exchange (ShallowModel1.shallow_model ( ^ self)) (ShallowModel0.shallow_model self) (UIntSize.to_int a) (UIntSize.to_int b) } @@ -1591,7 +1637,7 @@ module CreusotContracts_Std1_Slice_Impl5_InBounds use prelude.UIntSize use seq.Seq predicate in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] UIntSize.to_int self < Seq.length seq + [#"../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] Int.lt (UIntSize.to_int self) (Seq.length seq) val in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) : bool ensures { result = in_bounds self seq } @@ -1618,6 +1664,7 @@ module CreusotContracts_Std1_Slice_Impl5_HasValue use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) = [#"../../../../creusot-contracts/src/std/slice.rs" 115 20 115 37] Seq.get seq (UIntSize.to_int self) = out val has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) : bool @@ -1630,6 +1677,7 @@ module HeapsortGeneric_SiftDown_Interface use prelude.Int use seq.Seq use prelude.Borrow + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv4 with type t = Seq.seq t @@ -1684,14 +1732,14 @@ module HeapsortGeneric_SiftDown_Interface type t = Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global), type DeepModelTy0.deepModelTy = Seq.seq DeepModelTy0.deepModelTy val sift_down [#"../heapsort_generic.rs" 41 0 43 29] (v : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) (start : usize) (end' : usize) : () - requires {[#"../heapsort_generic.rs" 31 11 31 54] HeapFrag0.heap_frag (DeepModel0.deep_model v) (UIntSize.to_int start + 1) (UIntSize.to_int end')} - requires {[#"../heapsort_generic.rs" 32 11 32 24] UIntSize.to_int start < UIntSize.to_int end'} - requires {[#"../heapsort_generic.rs" 33 11 33 27] UIntSize.to_int end' <= Seq.length (ShallowModel0.shallow_model v)} + requires {[#"../heapsort_generic.rs" 31 11 31 54] HeapFrag0.heap_frag (DeepModel0.deep_model v) (Int.add (UIntSize.to_int start) 1) (UIntSize.to_int end')} + requires {[#"../heapsort_generic.rs" 32 11 32 24] Int.lt (UIntSize.to_int start) (UIntSize.to_int end')} + requires {[#"../heapsort_generic.rs" 33 11 33 27] Int.le (UIntSize.to_int end') (Seq.length (ShallowModel0.shallow_model v))} requires {[#"../heapsort_generic.rs" 41 33 41 34] Inv0.inv v} ensures { [#"../heapsort_generic.rs" 34 10 34 52] HeapFrag0.heap_frag (DeepModel1.deep_model ( ^ v)) (UIntSize.to_int start) (UIntSize.to_int end') } ensures { [#"../heapsort_generic.rs" 35 0 35 36] PermutationOf0.permutation_of (ShallowModel1.shallow_model ( ^ v)) (ShallowModel0.shallow_model v) } - ensures { [#"../heapsort_generic.rs" 36 0 37 43] forall i : int . 0 <= i /\ i < UIntSize.to_int start \/ UIntSize.to_int end' <= i /\ i < Seq.length (ShallowModel0.shallow_model v) -> IndexLogic0.index_logic ( * v) i = IndexLogic0.index_logic ( ^ v) i } - ensures { [#"../heapsort_generic.rs" 38 0 40 80] forall m : DeepModelTy0.deepModelTy . Inv1.inv m -> (forall j : int . UIntSize.to_int start <= j /\ j < UIntSize.to_int end' -> LeLog0.le_log (Seq.get (DeepModel0.deep_model v) j) m) -> (forall j : int . UIntSize.to_int start <= j /\ j < UIntSize.to_int end' -> LeLog0.le_log (Seq.get (DeepModel1.deep_model ( ^ v)) j) m) } + ensures { [#"../heapsort_generic.rs" 36 0 37 43] forall i : int . Int.le 0 i /\ Int.lt i (UIntSize.to_int start) \/ Int.le (UIntSize.to_int end') i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model v)) -> IndexLogic0.index_logic ( * v) i = IndexLogic0.index_logic ( ^ v) i } + ensures { [#"../heapsort_generic.rs" 38 0 40 80] forall m : DeepModelTy0.deepModelTy . Inv1.inv m -> (forall j : int . Int.le (UIntSize.to_int start) j /\ Int.lt j (UIntSize.to_int end') -> LeLog0.le_log (Seq.get (DeepModel0.deep_model v) j) m) -> (forall j : int . Int.le (UIntSize.to_int start) j /\ Int.lt j (UIntSize.to_int end') -> LeLog0.le_log (Seq.get (DeepModel1.deep_model ( ^ v)) j) m) } end module HeapsortGeneric_SiftDown @@ -1699,6 +1747,7 @@ module HeapsortGeneric_SiftDown use prelude.Ghost use prelude.UIntSize use prelude.Int + use prelude.Bool use seq.Seq use prelude.Borrow use prelude.Slice @@ -1968,14 +2017,14 @@ module HeapsortGeneric_SiftDown clone CreusotContracts_Resolve_Resolve_Resolve_Interface as Resolve0 with type self = Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) let rec cfg sift_down [#"../heapsort_generic.rs" 41 0 43 29] [@cfg:stackify] [@cfg:subregion_analysis] (v : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) (start : usize) (end' : usize) : () - requires {[#"../heapsort_generic.rs" 31 11 31 54] HeapFrag0.heap_frag (DeepModel0.deep_model v) (UIntSize.to_int start + 1) (UIntSize.to_int end')} - requires {[#"../heapsort_generic.rs" 32 11 32 24] UIntSize.to_int start < UIntSize.to_int end'} - requires {[#"../heapsort_generic.rs" 33 11 33 27] UIntSize.to_int end' <= Seq.length (ShallowModel0.shallow_model v)} + requires {[#"../heapsort_generic.rs" 31 11 31 54] HeapFrag0.heap_frag (DeepModel0.deep_model v) (Int.add (UIntSize.to_int start) 1) (UIntSize.to_int end')} + requires {[#"../heapsort_generic.rs" 32 11 32 24] Int.lt (UIntSize.to_int start) (UIntSize.to_int end')} + requires {[#"../heapsort_generic.rs" 33 11 33 27] Int.le (UIntSize.to_int end') (Seq.length (ShallowModel0.shallow_model v))} requires {[#"../heapsort_generic.rs" 41 33 41 34] Inv6.inv v} ensures { [#"../heapsort_generic.rs" 34 10 34 52] HeapFrag0.heap_frag (DeepModel1.deep_model ( ^ v)) (UIntSize.to_int start) (UIntSize.to_int end') } ensures { [#"../heapsort_generic.rs" 35 0 35 36] PermutationOf0.permutation_of (ShallowModel2.shallow_model ( ^ v)) (ShallowModel0.shallow_model v) } - ensures { [#"../heapsort_generic.rs" 36 0 37 43] forall i : int . 0 <= i /\ i < UIntSize.to_int start \/ UIntSize.to_int end' <= i /\ i < Seq.length (ShallowModel0.shallow_model v) -> IndexLogic0.index_logic ( * v) i = IndexLogic0.index_logic ( ^ v) i } - ensures { [#"../heapsort_generic.rs" 38 0 40 80] forall m : DeepModelTy0.deepModelTy . Inv1.inv m -> (forall j : int . UIntSize.to_int start <= j /\ j < UIntSize.to_int end' -> LeLog0.le_log (Seq.get (DeepModel0.deep_model v) j) m) -> (forall j : int . UIntSize.to_int start <= j /\ j < UIntSize.to_int end' -> LeLog0.le_log (Seq.get (DeepModel1.deep_model ( ^ v)) j) m) } + ensures { [#"../heapsort_generic.rs" 36 0 37 43] forall i : int . Int.le 0 i /\ Int.lt i (UIntSize.to_int start) \/ Int.le (UIntSize.to_int end') i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model v)) -> IndexLogic0.index_logic ( * v) i = IndexLogic0.index_logic ( ^ v) i } + ensures { [#"../heapsort_generic.rs" 38 0 40 80] forall m : DeepModelTy0.deepModelTy . Inv1.inv m -> (forall j : int . Int.le (UIntSize.to_int start) j /\ Int.lt j (UIntSize.to_int end') -> LeLog0.le_log (Seq.get (DeepModel0.deep_model v) j) m) -> (forall j : int . Int.le (UIntSize.to_int start) j /\ Int.lt j (UIntSize.to_int end') -> LeLog0.le_log (Seq.get (DeepModel1.deep_model ( ^ v)) j) m) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -2013,21 +2062,21 @@ module HeapsortGeneric_SiftDown } BB2 { invariant { [#"../heapsort_generic.rs" 48 4 48 43] PermutationOf0.permutation_of (ShallowModel0.shallow_model v) (ShallowModel1.shallow_model old_v) }; - invariant { [#"../heapsort_generic.rs" 49 16 49 41] UIntSize.to_int start <= UIntSize.to_int i /\ UIntSize.to_int i < UIntSize.to_int end' }; - invariant { [#"../heapsort_generic.rs" 48 4 48 43] forall j : int . 0 <= j /\ j < UIntSize.to_int start \/ UIntSize.to_int end' <= j /\ j < Seq.length (ShallowModel0.shallow_model v) -> IndexLogic0.index_logic ( * Ghost.inner old_v) j = IndexLogic0.index_logic ( * v) j }; - invariant { [#"../heapsort_generic.rs" 48 4 48 43] forall m : DeepModelTy0.deepModelTy . Inv1.inv m -> (forall j : int . UIntSize.to_int start <= j /\ j < UIntSize.to_int end' -> LeLog0.le_log (Seq.get (DeepModel0.deep_model (Ghost.inner old_v)) j) m) -> (forall j : int . UIntSize.to_int start <= j /\ j < UIntSize.to_int end' -> LeLog0.le_log (Seq.get (DeepModel0.deep_model v) j) m) }; - invariant { [#"../heapsort_generic.rs" 48 4 48 43] forall j : int . UIntSize.to_int start <= Parent0.parent j /\ j < UIntSize.to_int end' /\ UIntSize.to_int i <> Parent0.parent j -> LeLog0.le_log (Seq.get (DeepModel0.deep_model v) j) (Seq.get (DeepModel0.deep_model v) (Parent0.parent j)) }; - invariant { [#"../heapsort_generic.rs" 48 4 48 43] let c = 2 * UIntSize.to_int i + 1 in c < UIntSize.to_int end' /\ UIntSize.to_int start <= Parent0.parent (UIntSize.to_int i) -> LeLog0.le_log (Seq.get (DeepModel0.deep_model v) c) (Seq.get (DeepModel0.deep_model v) (Parent0.parent (Parent0.parent c))) }; - invariant { [#"../heapsort_generic.rs" 48 4 48 43] let c = 2 * UIntSize.to_int i + 2 in c < UIntSize.to_int end' /\ UIntSize.to_int start <= Parent0.parent (UIntSize.to_int i) -> LeLog0.le_log (Seq.get (DeepModel0.deep_model v) c) (Seq.get (DeepModel0.deep_model v) (Parent0.parent (Parent0.parent c))) }; + invariant { [#"../heapsort_generic.rs" 49 16 49 41] Int.le (UIntSize.to_int start) (UIntSize.to_int i) /\ Int.lt (UIntSize.to_int i) (UIntSize.to_int end') }; + invariant { [#"../heapsort_generic.rs" 48 4 48 43] forall j : int . Int.le 0 j /\ Int.lt j (UIntSize.to_int start) \/ Int.le (UIntSize.to_int end') j /\ Int.lt j (Seq.length (ShallowModel0.shallow_model v)) -> IndexLogic0.index_logic ( * Ghost.inner old_v) j = IndexLogic0.index_logic ( * v) j }; + invariant { [#"../heapsort_generic.rs" 48 4 48 43] forall m : DeepModelTy0.deepModelTy . Inv1.inv m -> (forall j : int . Int.le (UIntSize.to_int start) j /\ Int.lt j (UIntSize.to_int end') -> LeLog0.le_log (Seq.get (DeepModel0.deep_model (Ghost.inner old_v)) j) m) -> (forall j : int . Int.le (UIntSize.to_int start) j /\ Int.lt j (UIntSize.to_int end') -> LeLog0.le_log (Seq.get (DeepModel0.deep_model v) j) m) }; + invariant { [#"../heapsort_generic.rs" 48 4 48 43] forall j : int . Int.le (UIntSize.to_int start) (Parent0.parent j) /\ Int.lt j (UIntSize.to_int end') /\ UIntSize.to_int i <> Parent0.parent j -> LeLog0.le_log (Seq.get (DeepModel0.deep_model v) j) (Seq.get (DeepModel0.deep_model v) (Parent0.parent j)) }; + invariant { [#"../heapsort_generic.rs" 48 4 48 43] let c = Int.add (Int.mul 2 (UIntSize.to_int i)) 1 in Int.lt c (UIntSize.to_int end') /\ Int.le (UIntSize.to_int start) (Parent0.parent (UIntSize.to_int i)) -> LeLog0.le_log (Seq.get (DeepModel0.deep_model v) c) (Seq.get (DeepModel0.deep_model v) (Parent0.parent (Parent0.parent c))) }; + invariant { [#"../heapsort_generic.rs" 48 4 48 43] let c = Int.add (Int.mul 2 (UIntSize.to_int i)) 2 in Int.lt c (UIntSize.to_int end') /\ Int.le (UIntSize.to_int start) (Parent0.parent (UIntSize.to_int i)) -> LeLog0.le_log (Seq.get (DeepModel0.deep_model v) c) (Seq.get (DeepModel0.deep_model v) (Parent0.parent (Parent0.parent c))) }; goto BB3 } BB3 { - _28 <- ([#"../heapsort_generic.rs" 60 16 60 23] ([#"../heapsort_generic.rs" 60 22 60 23] [#"../heapsort_generic.rs" 60 22 60 23] (2 : usize)) = ([#"../heapsort_generic.rs" 60 16 60 23] [#"../heapsort_generic.rs" 60 16 60 23] (0 : usize))); + _28 <- ([#"../heapsort_generic.rs" 60 16 60 23] UIntSize.eq ([#"../heapsort_generic.rs" 60 22 60 23] [#"../heapsort_generic.rs" 60 22 60 23] (2 : usize)) ([#"../heapsort_generic.rs" 60 16 60 23] [#"../heapsort_generic.rs" 60 16 60 23] (0 : usize))); assert { [@expl:division by zero] [#"../heapsort_generic.rs" 60 16 60 23] not _28 }; goto BB4 } BB4 { - switch ([#"../heapsort_generic.rs" 60 11 60 23] i >= ([#"../heapsort_generic.rs" 60 16 60 23] end' / ([#"../heapsort_generic.rs" 60 22 60 23] [#"../heapsort_generic.rs" 60 22 60 23] (2 : usize)))) + switch ([#"../heapsort_generic.rs" 60 11 60 23] UIntSize.ge i ([#"../heapsort_generic.rs" 60 16 60 23] UIntSize.div end' ([#"../heapsort_generic.rs" 60 22 60 23] [#"../heapsort_generic.rs" 60 22 60 23] (2 : usize)))) | False -> goto BB6 | True -> goto BB5 end @@ -2039,8 +2088,8 @@ module HeapsortGeneric_SiftDown goto BB23 } BB6 { - child <- ([#"../heapsort_generic.rs" 64 24 64 33] ([#"../heapsort_generic.rs" 64 24 64 29] ([#"../heapsort_generic.rs" 64 24 64 25] [#"../heapsort_generic.rs" 64 24 64 25] (2 : usize)) * i) + ([#"../heapsort_generic.rs" 64 32 64 33] [#"../heapsort_generic.rs" 64 32 64 33] (1 : usize))); - switch ([#"../heapsort_generic.rs" 65 11 65 26] ([#"../heapsort_generic.rs" 65 11 65 20] child + ([#"../heapsort_generic.rs" 65 19 65 20] [#"../heapsort_generic.rs" 65 19 65 20] (1 : usize))) < end') + child <- ([#"../heapsort_generic.rs" 64 24 64 33] UIntSize.add ([#"../heapsort_generic.rs" 64 24 64 29] UIntSize.mul ([#"../heapsort_generic.rs" 64 24 64 25] [#"../heapsort_generic.rs" 64 24 64 25] (2 : usize)) i) ([#"../heapsort_generic.rs" 64 32 64 33] [#"../heapsort_generic.rs" 64 32 64 33] (1 : usize))); + switch ([#"../heapsort_generic.rs" 65 11 65 26] UIntSize.lt ([#"../heapsort_generic.rs" 65 11 65 20] UIntSize.add child ([#"../heapsort_generic.rs" 65 19 65 20] [#"../heapsort_generic.rs" 65 19 65 20] (1 : usize))) end') | False -> goto BB7 | True -> goto BB8 end @@ -2062,7 +2111,7 @@ module HeapsortGeneric_SiftDown BB10 { assert { [@expl:type invariant] Inv2.inv _41 }; assume { Resolve1.resolve _41 }; - _45 <- ([#"../heapsort_generic.rs" 65 41 65 53] Index0.index ([#"../heapsort_generic.rs" 65 41 65 42] * v) ([#"../heapsort_generic.rs" 65 43 65 52] child + ([#"../heapsort_generic.rs" 65 51 65 52] [#"../heapsort_generic.rs" 65 51 65 52] (1 : usize)))); + _45 <- ([#"../heapsort_generic.rs" 65 41 65 53] Index0.index ([#"../heapsort_generic.rs" 65 41 65 42] * v) ([#"../heapsort_generic.rs" 65 43 65 52] UIntSize.add child ([#"../heapsort_generic.rs" 65 51 65 52] [#"../heapsort_generic.rs" 65 51 65 52] (1 : usize)))); goto BB11 } BB11 { @@ -2077,7 +2126,7 @@ module HeapsortGeneric_SiftDown goto BB9 } BB13 { - child <- ([#"../heapsort_generic.rs" 66 12 66 22] child + ([#"../heapsort_generic.rs" 66 21 66 22] [#"../heapsort_generic.rs" 66 21 66 22] (1 : usize))); + child <- ([#"../heapsort_generic.rs" 66 12 66 22] UIntSize.add child ([#"../heapsort_generic.rs" 66 21 66 22] [#"../heapsort_generic.rs" 66 21 66 22] (1 : usize))); _33 <- ([#"../heapsort_generic.rs" 66 12 66 22] ()); goto BB15 } @@ -2159,10 +2208,11 @@ module HeapsortGeneric_SortedRange type t use seq.Seq use prelude.Int + use prelude.Bool clone CreusotContracts_Logic_Ord_OrdLogic_LeLog_Stub as LeLog0 with type self = t predicate sorted_range [#"../heapsort_generic.rs" 77 0 77 63] (s : Seq.seq t) (l : int) (u : int) = - [#"../heapsort_generic.rs" 78 4 80 5] forall j : int . forall i : int . l <= i /\ i < j /\ j < u -> LeLog0.le_log (Seq.get s i) (Seq.get s j) + [#"../heapsort_generic.rs" 78 4 80 5] forall j : int . forall i : int . Int.le l i /\ Int.lt i j /\ Int.lt j u -> LeLog0.le_log (Seq.get s i) (Seq.get s j) val sorted_range [#"../heapsort_generic.rs" 77 0 77 63] (s : Seq.seq t) (l : int) (u : int) : bool ensures { result = sorted_range s l u } @@ -2207,8 +2257,8 @@ module Alloc_Vec_Impl1_Len_Interface type a use prelude.UIntSize use seq.Seq - use prelude.Borrow use prelude.Int + use prelude.Borrow use seq.Seq use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with @@ -2275,7 +2325,7 @@ module HeapsortGeneric_HeapSort_Interface type t = Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global), type ShallowModelTy0.shallowModelTy = Seq.seq t val heap_sort [#"../heapsort_generic.rs" 93 0 95 29] (v : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : () - requires {[#"../heapsort_generic.rs" 90 11 90 40] Seq.length (ShallowModel0.shallow_model v) < div (UIntSize.to_int Max0.mAX') 2} + requires {[#"../heapsort_generic.rs" 90 11 90 40] Int.lt (Seq.length (ShallowModel0.shallow_model v)) (Int.div (UIntSize.to_int Max0.mAX') 2)} requires {[#"../heapsort_generic.rs" 93 37 93 38] Inv0.inv v} ensures { [#"../heapsort_generic.rs" 91 10 91 35] Sorted0.sorted (DeepModel0.deep_model ( ^ v)) } ensures { [#"../heapsort_generic.rs" 92 0 92 36] PermutationOf0.permutation_of (ShallowModel1.shallow_model ( ^ v)) (ShallowModel0.shallow_model v) } @@ -2287,6 +2337,7 @@ module HeapsortGeneric_HeapSort use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool use prelude.Borrow use prelude.Slice clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with @@ -2541,7 +2592,7 @@ module HeapsortGeneric_HeapSort clone CreusotContracts_Resolve_Resolve_Resolve_Interface as Resolve0 with type self = Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) let rec cfg heap_sort [#"../heapsort_generic.rs" 93 0 95 29] [@cfg:stackify] [@cfg:subregion_analysis] (v : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : () - requires {[#"../heapsort_generic.rs" 90 11 90 40] Seq.length (ShallowModel0.shallow_model v) < div (UIntSize.to_int Max0.mAX') 2} + requires {[#"../heapsort_generic.rs" 90 11 90 40] Int.lt (Seq.length (ShallowModel0.shallow_model v)) (Int.div (UIntSize.to_int Max0.mAX') 2)} requires {[#"../heapsort_generic.rs" 93 37 93 38] Inv1.inv v} ensures { [#"../heapsort_generic.rs" 91 10 91 35] Sorted0.sorted (DeepModel1.deep_model ( ^ v)) } ensures { [#"../heapsort_generic.rs" 92 0 92 36] PermutationOf0.permutation_of (ShallowModel2.shallow_model ( ^ v)) (ShallowModel0.shallow_model v) } @@ -2578,29 +2629,29 @@ module HeapsortGeneric_HeapSort goto BB2 } BB2 { - _10 <- ([#"../heapsort_generic.rs" 99 20 99 31] ([#"../heapsort_generic.rs" 99 30 99 31] [#"../heapsort_generic.rs" 99 30 99 31] (2 : usize)) = ([#"../heapsort_generic.rs" 99 20 99 31] [#"../heapsort_generic.rs" 99 20 99 31] (0 : usize))); + _10 <- ([#"../heapsort_generic.rs" 99 20 99 31] UIntSize.eq ([#"../heapsort_generic.rs" 99 30 99 31] [#"../heapsort_generic.rs" 99 30 99 31] (2 : usize)) ([#"../heapsort_generic.rs" 99 20 99 31] [#"../heapsort_generic.rs" 99 20 99 31] (0 : usize))); assert { [@expl:division by zero] [#"../heapsort_generic.rs" 99 20 99 31] not _10 }; goto BB3 } BB3 { - start <- ([#"../heapsort_generic.rs" 99 20 99 31] _8 / ([#"../heapsort_generic.rs" 99 30 99 31] [#"../heapsort_generic.rs" 99 30 99 31] (2 : usize))); + start <- ([#"../heapsort_generic.rs" 99 20 99 31] UIntSize.div _8 ([#"../heapsort_generic.rs" 99 30 99 31] [#"../heapsort_generic.rs" 99 30 99 31] (2 : usize))); _8 <- any usize; goto BB4 } BB4 { invariant { [#"../heapsort_generic.rs" 100 4 100 43] PermutationOf0.permutation_of (ShallowModel0.shallow_model v) (ShallowModel1.shallow_model old_v) }; invariant { [#"../heapsort_generic.rs" 101 16 101 59] HeapFrag0.heap_frag (DeepModel0.deep_model v) (UIntSize.to_int start) (Seq.length (ShallowModel0.shallow_model v)) }; - invariant { [#"../heapsort_generic.rs" 102 16 102 36] UIntSize.to_int start <= div (Seq.length (ShallowModel0.shallow_model v)) 2 }; + invariant { [#"../heapsort_generic.rs" 102 16 102 36] Int.le (UIntSize.to_int start) (Int.div (Seq.length (ShallowModel0.shallow_model v)) 2) }; goto BB5 } BB5 { - switch ([#"../heapsort_generic.rs" 103 10 103 19] start > ([#"../heapsort_generic.rs" 103 18 103 19] [#"../heapsort_generic.rs" 103 18 103 19] (0 : usize))) + switch ([#"../heapsort_generic.rs" 103 10 103 19] UIntSize.gt start ([#"../heapsort_generic.rs" 103 18 103 19] [#"../heapsort_generic.rs" 103 18 103 19] (0 : usize))) | False -> goto BB9 | True -> goto BB6 end } BB6 { - start <- ([#"../heapsort_generic.rs" 104 8 104 18] start - ([#"../heapsort_generic.rs" 104 17 104 18] [#"../heapsort_generic.rs" 104 17 104 18] (1 : usize))); + start <- ([#"../heapsort_generic.rs" 104 8 104 18] UIntSize.sub start ([#"../heapsort_generic.rs" 104 17 104 18] [#"../heapsort_generic.rs" 104 17 104 18] (1 : usize))); _19 <- Borrow.borrow_mut ( * v); v <- { v with current = ( ^ _19) }; assume { Inv2.inv ( ^ _19) }; @@ -2625,21 +2676,21 @@ module HeapsortGeneric_HeapSort goto BB11 } BB11 { - invariant { [#"../heapsort_generic.rs" 109 16 109 32] UIntSize.to_int end' <= Seq.length (ShallowModel0.shallow_model v) }; + invariant { [#"../heapsort_generic.rs" 109 16 109 32] Int.le (UIntSize.to_int end') (Seq.length (ShallowModel0.shallow_model v)) }; invariant { [#"../heapsort_generic.rs" 109 4 109 34] PermutationOf0.permutation_of (ShallowModel0.shallow_model v) (ShallowModel1.shallow_model old_v) }; invariant { [#"../heapsort_generic.rs" 111 16 111 50] HeapFrag0.heap_frag (DeepModel0.deep_model v) 0 (UIntSize.to_int end') }; invariant { [#"../heapsort_generic.rs" 112 16 112 60] SortedRange0.sorted_range (DeepModel0.deep_model v) (UIntSize.to_int end') (Seq.length (ShallowModel0.shallow_model v)) }; - invariant { [#"../heapsort_generic.rs" 109 4 109 34] forall j : int . forall i : int . 0 <= i /\ i < UIntSize.to_int end' /\ UIntSize.to_int end' <= j /\ j < Seq.length (ShallowModel0.shallow_model v) -> LeLog0.le_log (Seq.get (DeepModel0.deep_model v) i) (Seq.get (DeepModel0.deep_model v) j) }; + invariant { [#"../heapsort_generic.rs" 109 4 109 34] forall j : int . forall i : int . Int.le 0 i /\ Int.lt i (UIntSize.to_int end') /\ Int.le (UIntSize.to_int end') j /\ Int.lt j (Seq.length (ShallowModel0.shallow_model v)) -> LeLog0.le_log (Seq.get (DeepModel0.deep_model v) i) (Seq.get (DeepModel0.deep_model v) j) }; goto BB12 } BB12 { - switch ([#"../heapsort_generic.rs" 115 10 115 17] end' > ([#"../heapsort_generic.rs" 115 16 115 17] [#"../heapsort_generic.rs" 115 16 115 17] (1 : usize))) + switch ([#"../heapsort_generic.rs" 115 10 115 17] UIntSize.gt end' ([#"../heapsort_generic.rs" 115 16 115 17] [#"../heapsort_generic.rs" 115 16 115 17] (1 : usize))) | False -> goto BB17 | True -> goto BB13 end } BB13 { - end' <- ([#"../heapsort_generic.rs" 116 8 116 16] end' - ([#"../heapsort_generic.rs" 116 15 116 16] [#"../heapsort_generic.rs" 116 15 116 16] (1 : usize))); + end' <- ([#"../heapsort_generic.rs" 116 8 116 16] UIntSize.sub end' ([#"../heapsort_generic.rs" 116 15 116 16] [#"../heapsort_generic.rs" 116 15 116 16] (1 : usize))); _38 <- Borrow.borrow_mut ( * v); v <- { v with current = ( ^ _38) }; assume { Inv2.inv ( ^ _38) }; @@ -2658,7 +2709,7 @@ module HeapsortGeneric_HeapSort BB15 { assert { [@expl:type invariant] Inv4.inv _37 }; assume { Resolve2.resolve _37 }; - assert { [@expl:assertion] [#"../heapsort_generic.rs" 119 12 119 59] let _ = HeapFragMax0.heap_frag_max (DeepModel0.deep_model v) 0 (UIntSize.to_int end') in forall j : int . forall i : int . 0 <= i /\ i < UIntSize.to_int end' /\ UIntSize.to_int end' <= j /\ j < Seq.length (ShallowModel0.shallow_model v) -> LeLog0.le_log (Seq.get (DeepModel0.deep_model v) i) (Seq.get (DeepModel0.deep_model v) j) }; + assert { [@expl:assertion] [#"../heapsort_generic.rs" 119 12 119 59] let _ = HeapFragMax0.heap_frag_max (DeepModel0.deep_model v) 0 (UIntSize.to_int end') in forall j : int . forall i : int . Int.le 0 i /\ Int.lt i (UIntSize.to_int end') /\ Int.le (UIntSize.to_int end') j /\ Int.lt j (Seq.length (ShallowModel0.shallow_model v)) -> LeLog0.le_log (Seq.get (DeepModel0.deep_model v) i) (Seq.get (DeepModel0.deep_model v) j) }; _43 <- Borrow.borrow_mut ( * v); v <- { v with current = ( ^ _43) }; assume { Inv2.inv ( ^ _43) }; diff --git a/creusot/tests/should_succeed/hillel.mlcfg b/creusot/tests/should_succeed/hillel.mlcfg index 7388785f9d..0a9aa4e78e 100644 --- a/creusot/tests/should_succeed/hillel.mlcfg +++ b/creusot/tests/should_succeed/hillel.mlcfg @@ -94,11 +94,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -116,11 +116,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Model_ShallowModel_ShallowModelTy_Type type self @@ -324,6 +324,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -341,8 +342,8 @@ module Alloc_Vec_Impl1_Len_Interface type a use prelude.UIntSize use seq.Seq - use prelude.Borrow use prelude.Int + use prelude.Borrow use seq.Seq use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with @@ -360,6 +361,7 @@ module Alloc_Vec_Impl1_Push_Interface type a use prelude.Borrow use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv3 with type t = Seq.seq t @@ -393,6 +395,7 @@ module Hillel_RightPad_Interface use seq.Seq use prelude.UIntSize use prelude.Int + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv3 with type t = Seq.seq t @@ -421,12 +424,12 @@ module Hillel_RightPad_Interface val right_pad [#"../hillel.rs" 16 0 16 59] (str : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) (len : usize) (pad : t) : () requires {[#"../hillel.rs" 16 22 16 25] Inv0.inv str} requires {[#"../hillel.rs" 16 52 16 55] Inv1.inv pad} - ensures { [#"../hillel.rs" 10 10 10 62] Seq.length (ShallowModel0.shallow_model ( ^ str)) >= UIntSize.to_int len /\ Seq.length (ShallowModel0.shallow_model ( ^ str)) >= Seq.length (ShallowModel1.shallow_model str) } + ensures { [#"../hillel.rs" 10 10 10 62] Int.ge (Seq.length (ShallowModel0.shallow_model ( ^ str))) (UIntSize.to_int len) /\ Int.ge (Seq.length (ShallowModel0.shallow_model ( ^ str))) (Seq.length (ShallowModel1.shallow_model str)) } ensures { [#"../hillel.rs" 11 10 11 62] Seq.length (ShallowModel0.shallow_model ( ^ str)) = UIntSize.to_int len \/ Seq.length (ShallowModel0.shallow_model ( ^ str)) = Seq.length (ShallowModel1.shallow_model str) } - ensures { [#"../hillel.rs" 12 0 12 62] UIntSize.to_int len <= Seq.length (ShallowModel1.shallow_model str) -> Seq.length (ShallowModel0.shallow_model ( ^ str)) = Seq.length (ShallowModel1.shallow_model str) } - ensures { [#"../hillel.rs" 13 0 13 55] UIntSize.to_int len > Seq.length (ShallowModel1.shallow_model str) -> Seq.length (ShallowModel0.shallow_model ( ^ str)) = UIntSize.to_int len } - ensures { [#"../hillel.rs" 14 0 14 75] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel1.shallow_model str) -> IndexLogic0.index_logic ( ^ str) i = IndexLogic0.index_logic ( * str) i } - ensures { [#"../hillel.rs" 15 0 15 75] forall i : int . Seq.length (ShallowModel1.shallow_model str) <= i /\ i < UIntSize.to_int len -> IndexLogic0.index_logic ( ^ str) i = pad } + ensures { [#"../hillel.rs" 12 0 12 62] Int.le (UIntSize.to_int len) (Seq.length (ShallowModel1.shallow_model str)) -> Seq.length (ShallowModel0.shallow_model ( ^ str)) = Seq.length (ShallowModel1.shallow_model str) } + ensures { [#"../hillel.rs" 13 0 13 55] Int.gt (UIntSize.to_int len) (Seq.length (ShallowModel1.shallow_model str)) -> Seq.length (ShallowModel0.shallow_model ( ^ str)) = UIntSize.to_int len } + ensures { [#"../hillel.rs" 14 0 14 75] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel1.shallow_model str)) -> IndexLogic0.index_logic ( ^ str) i = IndexLogic0.index_logic ( * str) i } + ensures { [#"../hillel.rs" 15 0 15 75] forall i : int . Int.le (Seq.length (ShallowModel1.shallow_model str)) i /\ Int.lt i (UIntSize.to_int len) -> IndexLogic0.index_logic ( ^ str) i = pad } end module Hillel_RightPad @@ -435,6 +438,7 @@ module Hillel_RightPad use seq.Seq use prelude.Int use prelude.UIntSize + use prelude.Bool use prelude.Borrow use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -531,12 +535,12 @@ module Hillel_RightPad let rec cfg right_pad [#"../hillel.rs" 16 0 16 59] [@cfg:stackify] [@cfg:subregion_analysis] (str : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) (len : usize) (pad : t) : () requires {[#"../hillel.rs" 16 22 16 25] Inv2.inv str} requires {[#"../hillel.rs" 16 52 16 55] Inv1.inv pad} - ensures { [#"../hillel.rs" 10 10 10 62] Seq.length (ShallowModel2.shallow_model ( ^ str)) >= UIntSize.to_int len /\ Seq.length (ShallowModel2.shallow_model ( ^ str)) >= Seq.length (ShallowModel1.shallow_model str) } + ensures { [#"../hillel.rs" 10 10 10 62] Int.ge (Seq.length (ShallowModel2.shallow_model ( ^ str))) (UIntSize.to_int len) /\ Int.ge (Seq.length (ShallowModel2.shallow_model ( ^ str))) (Seq.length (ShallowModel1.shallow_model str)) } ensures { [#"../hillel.rs" 11 10 11 62] Seq.length (ShallowModel2.shallow_model ( ^ str)) = UIntSize.to_int len \/ Seq.length (ShallowModel2.shallow_model ( ^ str)) = Seq.length (ShallowModel1.shallow_model str) } - ensures { [#"../hillel.rs" 12 0 12 62] UIntSize.to_int len <= Seq.length (ShallowModel1.shallow_model str) -> Seq.length (ShallowModel2.shallow_model ( ^ str)) = Seq.length (ShallowModel1.shallow_model str) } - ensures { [#"../hillel.rs" 13 0 13 55] UIntSize.to_int len > Seq.length (ShallowModel1.shallow_model str) -> Seq.length (ShallowModel2.shallow_model ( ^ str)) = UIntSize.to_int len } - ensures { [#"../hillel.rs" 14 0 14 75] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel1.shallow_model str) -> IndexLogic0.index_logic ( ^ str) i = IndexLogic0.index_logic ( * str) i } - ensures { [#"../hillel.rs" 15 0 15 75] forall i : int . Seq.length (ShallowModel1.shallow_model str) <= i /\ i < UIntSize.to_int len -> IndexLogic0.index_logic ( ^ str) i = pad } + ensures { [#"../hillel.rs" 12 0 12 62] Int.le (UIntSize.to_int len) (Seq.length (ShallowModel1.shallow_model str)) -> Seq.length (ShallowModel2.shallow_model ( ^ str)) = Seq.length (ShallowModel1.shallow_model str) } + ensures { [#"../hillel.rs" 13 0 13 55] Int.gt (UIntSize.to_int len) (Seq.length (ShallowModel1.shallow_model str)) -> Seq.length (ShallowModel2.shallow_model ( ^ str)) = UIntSize.to_int len } + ensures { [#"../hillel.rs" 14 0 14 75] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel1.shallow_model str)) -> IndexLogic0.index_logic ( ^ str) i = IndexLogic0.index_logic ( * str) i } + ensures { [#"../hillel.rs" 15 0 15 75] forall i : int . Int.le (Seq.length (ShallowModel1.shallow_model str)) i /\ Int.lt i (UIntSize.to_int len) -> IndexLogic0.index_logic ( ^ str) i = pad } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -560,11 +564,11 @@ module Hillel_RightPad goto BB2 } BB2 { - invariant { [#"../hillel.rs" 19 16 19 44] Seq.length (ShallowModel0.shallow_model old_str) <= Seq.length (ShallowModel1.shallow_model str) }; - invariant { [#"../hillel.rs" 19 4 19 46] Seq.length (ShallowModel0.shallow_model old_str) < UIntSize.to_int len -> Seq.length (ShallowModel1.shallow_model str) <= UIntSize.to_int len }; - invariant { [#"../hillel.rs" 19 4 19 46] Seq.length (ShallowModel1.shallow_model str) > UIntSize.to_int len -> Seq.length (ShallowModel1.shallow_model str) = Seq.length (ShallowModel0.shallow_model old_str) }; - invariant { [#"../hillel.rs" 19 4 19 46] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model old_str) -> IndexLogic0.index_logic ( * str) i = IndexLogic0.index_logic ( * Ghost.inner old_str) i }; - invariant { [#"../hillel.rs" 19 4 19 46] forall i : int . Seq.length (ShallowModel0.shallow_model old_str) <= i /\ i < Seq.length (ShallowModel1.shallow_model str) -> IndexLogic0.index_logic ( * str) i = pad }; + invariant { [#"../hillel.rs" 19 16 19 44] Int.le (Seq.length (ShallowModel0.shallow_model old_str)) (Seq.length (ShallowModel1.shallow_model str)) }; + invariant { [#"../hillel.rs" 19 4 19 46] Int.lt (Seq.length (ShallowModel0.shallow_model old_str)) (UIntSize.to_int len) -> Int.le (Seq.length (ShallowModel1.shallow_model str)) (UIntSize.to_int len) }; + invariant { [#"../hillel.rs" 19 4 19 46] Int.gt (Seq.length (ShallowModel1.shallow_model str)) (UIntSize.to_int len) -> Seq.length (ShallowModel1.shallow_model str) = Seq.length (ShallowModel0.shallow_model old_str) }; + invariant { [#"../hillel.rs" 19 4 19 46] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model old_str)) -> IndexLogic0.index_logic ( * str) i = IndexLogic0.index_logic ( * Ghost.inner old_str) i }; + invariant { [#"../hillel.rs" 19 4 19 46] forall i : int . Int.le (Seq.length (ShallowModel0.shallow_model old_str)) i /\ Int.lt i (Seq.length (ShallowModel1.shallow_model str)) -> IndexLogic0.index_logic ( * str) i = pad }; goto BB3 } BB3 { @@ -572,7 +576,7 @@ module Hillel_RightPad goto BB4 } BB4 { - switch ([#"../hillel.rs" 24 10 24 25] _19 < len) + switch ([#"../hillel.rs" 24 10 24 25] UIntSize.lt _19 len) | False -> goto BB7 | True -> goto BB5 end @@ -605,6 +609,7 @@ module Alloc_Vec_Impl1_Insert_Interface use seq.Seq use prelude.Int use prelude.UIntSize + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv3 with type t = Seq.seq t @@ -632,10 +637,10 @@ module Alloc_Vec_Impl1_Insert_Interface val insert (self : borrowed (Alloc_Vec_Vec_Type.t_vec t a)) (index : usize) (element : t) : () requires {Inv0.inv self} requires {Inv1.inv element} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 95 26 95 59] Seq.length (ShallowModel0.shallow_model ( ^ self)) = Seq.length (ShallowModel1.shallow_model self) + 1 } - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 96 16 96 89] forall i : int . 0 <= i /\ i < UIntSize.to_int index -> IndexLogic0.index_logic ( ^ self) i = IndexLogic0.index_logic ( * self) i } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 95 26 95 59] Seq.length (ShallowModel0.shallow_model ( ^ self)) = Int.add (Seq.length (ShallowModel1.shallow_model self)) 1 } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 96 16 96 89] forall i : int . Int.le 0 i /\ Int.lt i (UIntSize.to_int index) -> IndexLogic0.index_logic ( ^ self) i = IndexLogic0.index_logic ( * self) i } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 97 26 97 52] IndexLogic0.index_logic ( ^ self) (UIntSize.to_int index) = element } - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 98 16 98 105] forall i : int . UIntSize.to_int index < i /\ i < Seq.length (ShallowModel0.shallow_model ( ^ self)) -> IndexLogic0.index_logic ( ^ self) i = IndexLogic0.index_logic ( * self) (i - 1) } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 98 16 98 105] forall i : int . Int.lt (UIntSize.to_int index) i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model ( ^ self))) -> IndexLogic0.index_logic ( ^ self) i = IndexLogic0.index_logic ( * self) (Int.sub i 1) } end module CreusotContracts_Std1_Num_Impl15_ShallowModel_Stub @@ -666,6 +671,7 @@ module Hillel_LeftPad_Interface use seq.Seq use prelude.UIntSize use prelude.Int + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv3 with type t = Seq.seq t @@ -694,10 +700,10 @@ module Hillel_LeftPad_Interface val left_pad [#"../hillel.rs" 33 0 33 58] (str : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) (len : usize) (pad : t) : () requires {[#"../hillel.rs" 33 21 33 24] Inv0.inv str} requires {[#"../hillel.rs" 33 51 33 54] Inv1.inv pad} - ensures { [#"../hillel.rs" 29 10 29 62] Seq.length (ShallowModel0.shallow_model ( ^ str)) >= UIntSize.to_int len /\ Seq.length (ShallowModel0.shallow_model ( ^ str)) >= Seq.length (ShallowModel1.shallow_model str) } + ensures { [#"../hillel.rs" 29 10 29 62] Int.ge (Seq.length (ShallowModel0.shallow_model ( ^ str))) (UIntSize.to_int len) /\ Int.ge (Seq.length (ShallowModel0.shallow_model ( ^ str))) (Seq.length (ShallowModel1.shallow_model str)) } ensures { [#"../hillel.rs" 30 10 30 62] Seq.length (ShallowModel0.shallow_model ( ^ str)) = UIntSize.to_int len \/ Seq.length (ShallowModel0.shallow_model ( ^ str)) = Seq.length (ShallowModel1.shallow_model str) } - ensures { [#"../hillel.rs" 31 0 31 90] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model ( ^ str)) - Seq.length (ShallowModel1.shallow_model str) -> IndexLogic0.index_logic ( ^ str) i = pad } - ensures { [#"../hillel.rs" 32 0 32 106] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel1.shallow_model str) -> IndexLogic0.index_logic ( ^ str) (i + (Seq.length (ShallowModel0.shallow_model ( ^ str)) - Seq.length (ShallowModel1.shallow_model str))) = IndexLogic0.index_logic ( * str) i } + ensures { [#"../hillel.rs" 31 0 31 90] forall i : int . Int.le 0 i /\ Int.lt i (Int.sub (Seq.length (ShallowModel0.shallow_model ( ^ str))) (Seq.length (ShallowModel1.shallow_model str))) -> IndexLogic0.index_logic ( ^ str) i = pad } + ensures { [#"../hillel.rs" 32 0 32 106] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel1.shallow_model str)) -> IndexLogic0.index_logic ( ^ str) (Int.add i (Int.sub (Seq.length (ShallowModel0.shallow_model ( ^ str))) (Seq.length (ShallowModel1.shallow_model str)))) = IndexLogic0.index_logic ( * str) i } end module Hillel_LeftPad @@ -706,6 +712,7 @@ module Hillel_LeftPad use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool use prelude.Borrow use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -813,10 +820,10 @@ module Hillel_LeftPad let rec cfg left_pad [#"../hillel.rs" 33 0 33 58] [@cfg:stackify] [@cfg:subregion_analysis] (str : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) (len : usize) (pad : t) : () requires {[#"../hillel.rs" 33 21 33 24] Inv2.inv str} requires {[#"../hillel.rs" 33 51 33 54] Inv1.inv pad} - ensures { [#"../hillel.rs" 29 10 29 62] Seq.length (ShallowModel3.shallow_model ( ^ str)) >= UIntSize.to_int len /\ Seq.length (ShallowModel3.shallow_model ( ^ str)) >= Seq.length (ShallowModel1.shallow_model str) } + ensures { [#"../hillel.rs" 29 10 29 62] Int.ge (Seq.length (ShallowModel3.shallow_model ( ^ str))) (UIntSize.to_int len) /\ Int.ge (Seq.length (ShallowModel3.shallow_model ( ^ str))) (Seq.length (ShallowModel1.shallow_model str)) } ensures { [#"../hillel.rs" 30 10 30 62] Seq.length (ShallowModel3.shallow_model ( ^ str)) = UIntSize.to_int len \/ Seq.length (ShallowModel3.shallow_model ( ^ str)) = Seq.length (ShallowModel1.shallow_model str) } - ensures { [#"../hillel.rs" 31 0 31 90] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel3.shallow_model ( ^ str)) - Seq.length (ShallowModel1.shallow_model str) -> IndexLogic0.index_logic ( ^ str) i = pad } - ensures { [#"../hillel.rs" 32 0 32 106] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel1.shallow_model str) -> IndexLogic0.index_logic ( ^ str) (i + (Seq.length (ShallowModel3.shallow_model ( ^ str)) - Seq.length (ShallowModel1.shallow_model str))) = IndexLogic0.index_logic ( * str) i } + ensures { [#"../hillel.rs" 31 0 31 90] forall i : int . Int.le 0 i /\ Int.lt i (Int.sub (Seq.length (ShallowModel3.shallow_model ( ^ str))) (Seq.length (ShallowModel1.shallow_model str))) -> IndexLogic0.index_logic ( ^ str) i = pad } + ensures { [#"../hillel.rs" 32 0 32 106] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel1.shallow_model str)) -> IndexLogic0.index_logic ( ^ str) (Int.add i (Int.sub (Seq.length (ShallowModel3.shallow_model ( ^ str))) (Seq.length (ShallowModel1.shallow_model str)))) = IndexLogic0.index_logic ( * str) i } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -846,12 +853,12 @@ module Hillel_LeftPad goto BB3 } BB3 { - invariant { [#"../hillel.rs" 37 16 37 44] Seq.length (ShallowModel0.shallow_model old_str) <= Seq.length (ShallowModel1.shallow_model str) }; - invariant { [#"../hillel.rs" 37 4 37 46] Seq.length (ShallowModel0.shallow_model old_str) < UIntSize.to_int len -> Seq.length (ShallowModel1.shallow_model str) <= UIntSize.to_int len }; - invariant { [#"../hillel.rs" 37 4 37 46] Seq.length (ShallowModel1.shallow_model str) > UIntSize.to_int len -> Seq.length (ShallowModel1.shallow_model str) = Seq.length (ShallowModel0.shallow_model old_str) }; - invariant { [#"../hillel.rs" 40 16 40 49] ShallowModel2.shallow_model c = Seq.length (ShallowModel1.shallow_model str) - Seq.length (ShallowModel0.shallow_model old_str) }; - invariant { [#"../hillel.rs" 37 4 37 46] forall i : int . ShallowModel2.shallow_model c <= i /\ i < Seq.length (ShallowModel1.shallow_model str) -> IndexLogic0.index_logic ( * str) i = IndexLogic0.index_logic ( * Ghost.inner old_str) (i - ShallowModel2.shallow_model c) }; - invariant { [#"../hillel.rs" 37 4 37 46] forall i : int . 0 <= i /\ i < ShallowModel2.shallow_model c -> IndexLogic0.index_logic ( * str) i = pad }; + invariant { [#"../hillel.rs" 37 16 37 44] Int.le (Seq.length (ShallowModel0.shallow_model old_str)) (Seq.length (ShallowModel1.shallow_model str)) }; + invariant { [#"../hillel.rs" 37 4 37 46] Int.lt (Seq.length (ShallowModel0.shallow_model old_str)) (UIntSize.to_int len) -> Int.le (Seq.length (ShallowModel1.shallow_model str)) (UIntSize.to_int len) }; + invariant { [#"../hillel.rs" 37 4 37 46] Int.gt (Seq.length (ShallowModel1.shallow_model str)) (UIntSize.to_int len) -> Seq.length (ShallowModel1.shallow_model str) = Seq.length (ShallowModel0.shallow_model old_str) }; + invariant { [#"../hillel.rs" 40 16 40 49] ShallowModel2.shallow_model c = Int.sub (Seq.length (ShallowModel1.shallow_model str)) (Seq.length (ShallowModel0.shallow_model old_str)) }; + invariant { [#"../hillel.rs" 37 4 37 46] forall i : int . Int.le (ShallowModel2.shallow_model c) i /\ Int.lt i (Seq.length (ShallowModel1.shallow_model str)) -> IndexLogic0.index_logic ( * str) i = IndexLogic0.index_logic ( * Ghost.inner old_str) (Int.sub i (ShallowModel2.shallow_model c)) }; + invariant { [#"../hillel.rs" 37 4 37 46] forall i : int . Int.le 0 i /\ Int.lt i (ShallowModel2.shallow_model c) -> IndexLogic0.index_logic ( * str) i = pad }; goto BB4 } BB4 { @@ -859,7 +866,7 @@ module Hillel_LeftPad goto BB5 } BB5 { - switch ([#"../hillel.rs" 43 10 43 25] _20 < len) + switch ([#"../hillel.rs" 43 10 43 25] UIntSize.lt _20 len) | False -> goto BB9 | True -> goto BB6 end @@ -873,7 +880,7 @@ module Hillel_LeftPad goto BB7 } BB7 { - _26 <- ([#"../hillel.rs" 45 12 45 31] Ghost.new ((1 : usize) + Ghost.inner c)); + _26 <- ([#"../hillel.rs" 45 12 45 31] Ghost.new (UIntSize.add (1 : usize) (Ghost.inner c))); goto BB8 } BB8 { @@ -908,8 +915,9 @@ module Hillel_IsUnique type t use seq.Seq use prelude.Int + use prelude.Bool predicate is_unique [#"../hillel.rs" 50 0 50 34] (s : Seq.seq t) = - [#"../hillel.rs" 51 4 53 5] forall j : int . forall i : int . 0 <= i /\ i < Seq.length s /\ 0 <= j /\ j < Seq.length s -> Seq.get s i = Seq.get s j -> i = j + [#"../hillel.rs" 51 4 53 5] forall j : int . forall i : int . Int.le 0 i /\ Int.lt i (Seq.length s) /\ Int.le 0 j /\ Int.lt j (Seq.length s) -> Seq.get s i = Seq.get s j -> i = j val is_unique [#"../hillel.rs" 50 0 50 34] (s : Seq.seq t) : bool ensures { result = is_unique s } @@ -931,8 +939,9 @@ module Hillel_Contains type t use seq.Seq use prelude.Int + use prelude.Bool predicate contains [#"../hillel.rs" 57 0 57 44] (seq : Seq.seq t) (elem : t) = - [#"../hillel.rs" 58 4 60 5] exists i : int . 0 <= i /\ i < Seq.length seq /\ Seq.get seq i = elem + [#"../hillel.rs" 58 4 60 5] exists i : int . Int.le 0 i /\ Int.lt i (Seq.length seq) /\ Seq.get seq i = elem val contains [#"../hillel.rs" 57 0 57 44] (seq : Seq.seq t) (elem : t) : bool ensures { result = contains seq elem } @@ -954,10 +963,11 @@ module Hillel_IsSubset type t use seq.Seq use prelude.Int + use prelude.Bool clone Hillel_Contains_Stub as Contains0 with type t = t predicate is_subset [#"../hillel.rs" 64 0 64 49] (sub : Seq.seq t) (sup : Seq.seq t) = - [#"../hillel.rs" 65 4 67 5] forall i : int . 0 <= i /\ i < Seq.length sub -> Contains0.contains sup (Seq.get sub i) + [#"../hillel.rs" 65 4 67 5] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length sub) -> Contains0.contains sup (Seq.get sub i) val is_subset [#"../hillel.rs" 64 0 64 49] (sub : Seq.seq t) (sup : Seq.seq t) : bool ensures { result = is_subset sub sup } @@ -1106,6 +1116,7 @@ module CreusotContracts_Std1_Vec_Impl1_DeepModel_Stub type a use seq.Seq use prelude.Int + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t use seq.Seq @@ -1137,6 +1148,7 @@ module CreusotContracts_Std1_Vec_Impl1_DeepModel_Interface type a use seq.Seq use prelude.Int + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t use seq.Seq @@ -1165,17 +1177,18 @@ module CreusotContracts_Std1_Vec_Impl1_DeepModel_Interface val deep_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq DeepModelTy0.deepModelTy requires {[#"../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self} ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length result } - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv result } ensures { result = deep_model self } - axiom deep_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv (deep_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) + axiom deep_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv (deep_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) end module CreusotContracts_Std1_Vec_Impl1_DeepModel type t type a use seq.Seq use prelude.Int + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t use seq.Seq @@ -1204,11 +1217,11 @@ module CreusotContracts_Std1_Vec_Impl1_DeepModel val deep_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq DeepModelTy0.deepModelTy requires {[#"../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self} ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length result } - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv result } ensures { result = deep_model self } - axiom deep_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv (deep_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) + axiom deep_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv (deep_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) end module Core_Slice_Iter_Iter_Type use prelude.Opaque @@ -1252,6 +1265,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Stub use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -1266,6 +1280,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -1275,12 +1290,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Slice_Impl0_ShallowModel type t @@ -1288,6 +1303,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -1297,12 +1313,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl2_IndexLogic_Stub type t @@ -1346,6 +1362,7 @@ module CreusotContracts_Std1_Slice_Impl4_ToRefSeq_Stub type t use seq.Seq use prelude.Int + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -1364,6 +1381,7 @@ module CreusotContracts_Std1_Slice_Impl4_ToRefSeq_Interface type t use seq.Seq use prelude.Int + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -1380,16 +1398,17 @@ module CreusotContracts_Std1_Slice_Impl4_ToRefSeq_Interface val to_ref_seq (self : slice t) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/slice.rs" 84 19 84 23] Inv0.inv self} ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 82 14 82 41] Seq.length result = Seq.length (ShallowModel0.shallow_model self) } - ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . 0 <= i /\ i < Seq.length result -> Seq.get result i = IndexLogic0.index_logic self i } + ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length result) -> Seq.get result i = IndexLogic0.index_logic self i } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 84 4 84 35] Inv1.inv result } ensures { result = to_ref_seq self } - axiom to_ref_seq_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 84 19 84 23] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 84 4 84 35] Inv1.inv (to_ref_seq self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq self) -> Seq.get (to_ref_seq self) i = IndexLogic0.index_logic self i) && ([#"../../../../creusot-contracts/src/std/slice.rs" 82 14 82 41] Seq.length (to_ref_seq self) = Seq.length (ShallowModel0.shallow_model self)) + axiom to_ref_seq_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 84 19 84 23] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 84 4 84 35] Inv1.inv (to_ref_seq self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (to_ref_seq self)) -> Seq.get (to_ref_seq self) i = IndexLogic0.index_logic self i) && ([#"../../../../creusot-contracts/src/std/slice.rs" 82 14 82 41] Seq.length (to_ref_seq self) = Seq.length (ShallowModel0.shallow_model self)) end module CreusotContracts_Std1_Slice_Impl4_ToRefSeq type t use seq.Seq use prelude.Int + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -1406,11 +1425,11 @@ module CreusotContracts_Std1_Slice_Impl4_ToRefSeq val to_ref_seq (self : slice t) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/slice.rs" 84 19 84 23] Inv0.inv self} ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 82 14 82 41] Seq.length result = Seq.length (ShallowModel0.shallow_model self) } - ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . 0 <= i /\ i < Seq.length result -> Seq.get result i = IndexLogic0.index_logic self i } + ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length result) -> Seq.get result i = IndexLogic0.index_logic self i } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 84 4 84 35] Inv1.inv result } ensures { result = to_ref_seq self } - axiom to_ref_seq_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 84 19 84 23] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 84 4 84 35] Inv1.inv (to_ref_seq self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq self) -> Seq.get (to_ref_seq self) i = IndexLogic0.index_logic self i) && ([#"../../../../creusot-contracts/src/std/slice.rs" 82 14 82 41] Seq.length (to_ref_seq self) = Seq.length (ShallowModel0.shallow_model self)) + axiom to_ref_seq_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 84 19 84 23] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 84 4 84 35] Inv1.inv (to_ref_seq self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (to_ref_seq self)) -> Seq.get (to_ref_seq self) i = IndexLogic0.index_logic self i) && ([#"../../../../creusot-contracts/src/std/slice.rs" 82 14 82 41] Seq.length (to_ref_seq self) = Seq.length (ShallowModel0.shallow_model self)) end module CreusotContracts_Std1_Slice_Impl14_Produces_Stub type t @@ -1435,6 +1454,7 @@ module CreusotContracts_Std1_Slice_Impl14_Produces type t use seq.Seq use prelude.Borrow + use prelude.Bool use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with @@ -1537,6 +1557,7 @@ end module Alloc_Vec_Impl8_Deref_Interface type t type a + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -1560,6 +1581,7 @@ module Alloc_Vec_Impl8_Deref_Interface end module Core_Slice_Impl0_Iter_Interface type t + use prelude.Bool use prelude.Borrow use prelude.Slice use Core_Slice_Iter_Iter_Type as Core_Slice_Iter_Iter_Type @@ -1654,6 +1676,7 @@ module CreusotContracts_Std1_Slice_Impl14_Completed type t use prelude.Borrow use seq.Seq + use prelude.Bool use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with @@ -1702,6 +1725,7 @@ end module Core_Cmp_Impls_Impl9_Eq_Interface type a type b + use prelude.Bool use prelude.Borrow clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = a @@ -1753,6 +1777,7 @@ module CreusotContracts_Std1_Iter_Impl0_IntoIterPost_Interface end module CreusotContracts_Std1_Iter_Impl0_IntoIterPost type i + use prelude.Bool predicate into_iter_post (self : i) (res : i) = [#"../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19] self = res val into_iter_post (self : i) (res : i) : bool @@ -1923,6 +1948,7 @@ module Hillel_InsertUnique use seq.Seq use prelude.Borrow use prelude.Int + use prelude.Bool use prelude.Slice clone CreusotContracts_Invariant_Inv_Interface as Inv15 with type t = slice t @@ -2301,7 +2327,7 @@ module Hillel_InsertUnique BB12 { invariant { [#"../hillel.rs" 84 4 84 111] Inv3.inv iter }; invariant { [#"../hillel.rs" 84 4 84 111] Produces0.produces (Ghost.inner iter_old) (Ghost.inner produced) iter }; - invariant { [#"../hillel.rs" 84 4 84 111] forall j : int . 0 <= j /\ j < Seq.length (Ghost.inner produced) -> DeepModel2.deep_model (IndexLogic0.index_logic produced j) <> DeepModel1.deep_model elem }; + invariant { [#"../hillel.rs" 84 4 84 111] forall j : int . Int.le 0 j /\ Int.lt j (Seq.length (Ghost.inner produced)) -> DeepModel2.deep_model (IndexLogic0.index_logic produced j) <> DeepModel1.deep_model elem }; goto BB13 } BB13 { @@ -2355,7 +2381,7 @@ module Hillel_InsertUnique e <- __creusot_proc_iter_elem; assert { [@expl:type invariant] Inv5.inv __creusot_proc_iter_elem }; assume { Resolve7.resolve __creusot_proc_iter_elem }; - assert { [@expl:assertion] [#"../hillel.rs" 86 24 86 57] e = IndexLogic1.index_logic (Ghost.inner ghost_vec) (Seq.length (Ghost.inner produced) - 1) }; + assert { [@expl:assertion] [#"../hillel.rs" 86 24 86 57] e = IndexLogic1.index_logic (Ghost.inner ghost_vec) (Int.sub (Seq.length (Ghost.inner produced)) 1) }; _41 <- ([#"../hillel.rs" 87 16 87 21] elem); _38 <- ([#"../hillel.rs" 87 11 87 21] Eq0.eq ([#"../hillel.rs" 87 11 87 12] e) ([#"../hillel.rs" 87 16 87 21] _41)); goto BB20 @@ -2439,6 +2465,7 @@ end module CreusotContracts_Std1_Iter_Range_Impl0_Produces type idx use seq.Seq + use prelude.Bool use prelude.Int use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with @@ -2448,7 +2475,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Produces predicate produces (self : Core_Ops_Range_Range_Type.t_range idx) (visited : Seq.seq idx) (o : Core_Ops_Range_Range_Type.t_range idx) = - [#"../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) <= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) /\ (Seq.length visited > 0 -> DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) <= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end o)) /\ Seq.length visited = DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) - DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> DeepModel0.deep_model (Seq.get visited i) = DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) + i) + [#"../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ Int.le (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) /\ (Int.gt (Seq.length visited) 0 -> Int.le (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end o))) /\ Seq.length visited = Int.sub (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length visited) -> DeepModel0.deep_model (Seq.get visited i) = Int.add (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) i) val produces (self : Core_Ops_Range_Range_Type.t_range idx) (visited : Seq.seq idx) (o : Core_Ops_Range_Range_Type.t_range idx) : bool ensures { result = produces self visited o } @@ -2472,6 +2499,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve type t use prelude.Int use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -2493,7 +2521,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve predicate Inv1.inv = Inv1.inv, axiom . predicate resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) = - [#"../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Resolve0.resolve (IndexLogic0.index_logic self i) + [#"../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Resolve0.resolve (IndexLogic0.index_logic self i) val resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = resolve self } @@ -2501,6 +2529,7 @@ end module Alloc_Vec_Impl0_New_Interface type t use seq.Seq + use prelude.Int use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -2525,9 +2554,9 @@ module Core_Slice_Impl0_Len_Interface type t use seq.Seq use prelude.UIntSize + use prelude.Int use prelude.Borrow use prelude.Slice - use prelude.Int use seq.Seq clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with type t = slice t, @@ -2752,6 +2781,7 @@ module CreusotContracts_Std1_Slice_Impl1_DeepModel_Stub type t use seq.Seq use prelude.Int + use prelude.Bool use prelude.Slice clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t @@ -2780,6 +2810,7 @@ module CreusotContracts_Std1_Slice_Impl1_DeepModel_Interface type t use seq.Seq use prelude.Int + use prelude.Bool use prelude.Slice clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t @@ -2806,16 +2837,17 @@ module CreusotContracts_Std1_Slice_Impl1_DeepModel_Interface val deep_model (self : slice t) : Seq.seq DeepModelTy0.deepModelTy requires {[#"../../../../creusot-contracts/src/std/slice.rs" 32 18 32 22] Inv0.inv self} ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 30 14 30 41] Seq.length (ShallowModel0.shallow_model self) = Seq.length result } - ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 31 4 31 95] forall i : int . 0 <= i /\ i < Seq.length result -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } + ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 31 4 31 95] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length result) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 32 4 32 44] Inv1.inv result } ensures { result = deep_model self } - axiom deep_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 32 18 32 22] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 32 4 32 44] Inv1.inv (deep_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 31 4 31 95] forall i : int . 0 <= i /\ i < Seq.length (deep_model self) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 30 14 30 41] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) + axiom deep_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 32 18 32 22] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 32 4 32 44] Inv1.inv (deep_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 31 4 31 95] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (deep_model self)) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 30 14 30 41] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) end module CreusotContracts_Std1_Slice_Impl1_DeepModel type t use seq.Seq use prelude.Int + use prelude.Bool use prelude.Slice clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t @@ -2842,11 +2874,11 @@ module CreusotContracts_Std1_Slice_Impl1_DeepModel val deep_model (self : slice t) : Seq.seq DeepModelTy0.deepModelTy requires {[#"../../../../creusot-contracts/src/std/slice.rs" 32 18 32 22] Inv0.inv self} ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 30 14 30 41] Seq.length (ShallowModel0.shallow_model self) = Seq.length result } - ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 31 4 31 95] forall i : int . 0 <= i /\ i < Seq.length result -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } + ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 31 4 31 95] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length result) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 32 4 32 44] Inv1.inv result } ensures { result = deep_model self } - axiom deep_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 32 18 32 22] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 32 4 32 44] Inv1.inv (deep_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 31 4 31 95] forall i : int . 0 <= i /\ i < Seq.length (deep_model self) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 30 14 30 41] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) + axiom deep_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 32 18 32 22] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 32 4 32 44] Inv1.inv (deep_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 31 4 31 95] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (deep_model self)) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 30 14 30 41] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) end module CreusotContracts_Std1_Iter_Range_Impl0_Completed_Stub type idx @@ -2867,6 +2899,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Completed type idx use prelude.Borrow use prelude.Int + use prelude.Bool use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with type self = idx, @@ -2875,7 +2908,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Completed clone CreusotContracts_Resolve_Impl1_Resolve_Stub as Resolve0 with type t = Core_Ops_Range_Range_Type.t_range idx predicate completed (self : borrowed (Core_Ops_Range_Range_Type.t_range idx)) = - [#"../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78] Resolve0.resolve self /\ DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start ( * self)) >= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end ( * self)) + [#"../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78] Resolve0.resolve self /\ Int.ge (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start ( * self))) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end ( * self))) val completed (self : borrowed (Core_Ops_Range_Range_Type.t_range idx)) : bool ensures { result = completed self } @@ -3301,7 +3334,7 @@ module Hillel_Unique _28 <- any Ghost.ghost_ty (Seq.seq usize); i <- __creusot_proc_iter_elem; _32 <- i; - _34 <- ([#"../hillel.rs" 108 22 108 28] _32 < ([#"../hillel.rs" 108 22 108 28] Slice.length str)); + _34 <- ([#"../hillel.rs" 108 22 108 28] UIntSize.lt _32 ([#"../hillel.rs" 108 22 108 28] Slice.length str)); assert { [@expl:index in bounds] [#"../hillel.rs" 108 22 108 28] _34 }; goto BB18 } @@ -3345,57 +3378,62 @@ module Hillel_Unique end module Hillel_SumRange_Stub use prelude.Int + use prelude.Bool use seq.Seq use prelude.UInt32 function sum_range [#"../hillel.rs" 122 0 122 54] (seq : Seq.seq uint32) (from : int) (to' : int) : int end module Hillel_SumRange_Interface use prelude.Int + use prelude.Bool use seq.Seq use prelude.UInt32 function sum_range [#"../hillel.rs" 122 0 122 54] (seq : Seq.seq uint32) (from : int) (to' : int) : int val sum_range [#"../hillel.rs" 122 0 122 54] (seq : Seq.seq uint32) (from : int) (to' : int) : int - requires {[#"../hillel.rs" 120 11 120 53] 0 <= from /\ from <= to' /\ to' <= Seq.length seq} - ensures { [#"../hillel.rs" 121 10 121 21] result >= 0 } + requires {[#"../hillel.rs" 120 11 120 53] Int.le 0 from /\ Int.le from to' /\ Int.le to' (Seq.length seq)} + ensures { [#"../hillel.rs" 121 10 121 21] Int.ge result 0 } ensures { result = sum_range seq from to' } - axiom sum_range_spec : forall seq : Seq.seq uint32, from : int, to' : int . ([#"../hillel.rs" 120 11 120 53] 0 <= from /\ from <= to' /\ to' <= Seq.length seq) -> ([#"../hillel.rs" 121 10 121 21] sum_range seq from to' >= 0) + axiom sum_range_spec : forall seq : Seq.seq uint32, from : int, to' : int . ([#"../hillel.rs" 120 11 120 53] Int.le 0 from /\ Int.le from to' /\ Int.le to' (Seq.length seq)) -> ([#"../hillel.rs" 121 10 121 21] Int.ge (sum_range seq from to') 0) end module Hillel_SumRange use prelude.Int + use prelude.Bool use seq.Seq use prelude.UInt32 function sum_range [#"../hillel.rs" 122 0 122 54] (seq : Seq.seq uint32) (from : int) (to' : int) : int val sum_range [#"../hillel.rs" 122 0 122 54] (seq : Seq.seq uint32) (from : int) (to' : int) : int - requires {[#"../hillel.rs" 120 11 120 53] 0 <= from /\ from <= to' /\ to' <= Seq.length seq} - ensures { [#"../hillel.rs" 121 10 121 21] result >= 0 } + requires {[#"../hillel.rs" 120 11 120 53] Int.le 0 from /\ Int.le from to' /\ Int.le to' (Seq.length seq)} + ensures { [#"../hillel.rs" 121 10 121 21] Int.ge result 0 } ensures { result = sum_range seq from to' } - axiom def : forall seq : Seq.seq uint32, from : int, to' : int . sum_range seq from to' = ([#"../hillel.rs" 118 0 118 8] if to' - from > 0 then - UInt32.to_int (Seq.get seq from) + sum_range seq (from + 1) to' + axiom def : forall seq : Seq.seq uint32, from : int, to' : int . sum_range seq from to' = ([#"../hillel.rs" 118 0 118 8] if Int.gt (Int.sub to' from) 0 then + Int.add (UInt32.to_int (Seq.get seq from)) (sum_range seq (Int.add from 1) to') else 0 ) - axiom sum_range_spec : forall seq : Seq.seq uint32, from : int, to' : int . ([#"../hillel.rs" 120 11 120 53] 0 <= from /\ from <= to' /\ to' <= Seq.length seq) -> ([#"../hillel.rs" 121 10 121 21] sum_range seq from to' >= 0) + axiom sum_range_spec : forall seq : Seq.seq uint32, from : int, to' : int . ([#"../hillel.rs" 120 11 120 53] Int.le 0 from /\ Int.le from to' /\ Int.le to' (Seq.length seq)) -> ([#"../hillel.rs" 121 10 121 21] Int.ge (sum_range seq from to') 0) end module Hillel_SumRange_Impl use prelude.Int + use prelude.Bool use seq.Seq use prelude.UInt32 let rec ghost function sum_range [#"../hillel.rs" 122 0 122 54] (seq : Seq.seq uint32) (from : int) (to' : int) : int - requires {[#"../hillel.rs" 120 11 120 53] 0 <= from /\ from <= to' /\ to' <= Seq.length seq} - ensures { [#"../hillel.rs" 121 10 121 21] result >= 0 } - variant {[#"../hillel.rs" 119 10 119 19] to' - from} + requires {[#"../hillel.rs" 120 11 120 53] Int.le 0 from /\ Int.le from to' /\ Int.le to' (Seq.length seq)} + ensures { [#"../hillel.rs" 121 10 121 21] Int.ge result 0 } + variant {[#"../hillel.rs" 119 10 119 19] Int.sub to' from} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../hillel.rs" 118 0 118 8] if pure {to' - from > 0} then - UInt32.to_int (Seq.get seq from) + sum_range seq (from + 1) to' + [#"../hillel.rs" 118 0 118 8] if Int.gt (Int.sub to' from) 0 then + Int.add (UInt32.to_int (Seq.get seq from)) (sum_range seq (Int.add from 1) to') else 0 end module Hillel_SumRangeSplit_Stub use prelude.Int + use prelude.Bool use seq.Seq use prelude.UInt32 clone Hillel_SumRange_Stub as SumRange0 with @@ -3404,50 +3442,53 @@ module Hillel_SumRangeSplit_Stub end module Hillel_SumRangeSplit_Interface use prelude.Int + use prelude.Bool use seq.Seq use prelude.UInt32 clone Hillel_SumRange_Stub as SumRange0 with axiom . function sum_range_split [#"../hillel.rs" 134 0 134 61] (seq : Seq.seq uint32) (from : int) (to' : int) (i : int) : () val sum_range_split [#"../hillel.rs" 134 0 134 61] (seq : Seq.seq uint32) (from : int) (to' : int) (i : int) : () - requires {[#"../hillel.rs" 132 11 132 63] 0 <= from /\ from <= i /\ i <= to' /\ to' <= Seq.length seq} - ensures { [#"../hillel.rs" 133 10 133 85] SumRange0.sum_range seq from to' = SumRange0.sum_range seq from i + SumRange0.sum_range seq i to' } + requires {[#"../hillel.rs" 132 11 132 63] Int.le 0 from /\ Int.le from i /\ Int.le i to' /\ Int.le to' (Seq.length seq)} + ensures { [#"../hillel.rs" 133 10 133 85] SumRange0.sum_range seq from to' = Int.add (SumRange0.sum_range seq from i) (SumRange0.sum_range seq i to') } ensures { result = sum_range_split seq from to' i } - axiom sum_range_split_spec : forall seq : Seq.seq uint32, from : int, to' : int, i : int . ([#"../hillel.rs" 132 11 132 63] 0 <= from /\ from <= i /\ i <= to' /\ to' <= Seq.length seq) -> ([#"../hillel.rs" 133 10 133 85] SumRange0.sum_range seq from to' = SumRange0.sum_range seq from i + SumRange0.sum_range seq i to') + axiom sum_range_split_spec : forall seq : Seq.seq uint32, from : int, to' : int, i : int . ([#"../hillel.rs" 132 11 132 63] Int.le 0 from /\ Int.le from i /\ Int.le i to' /\ Int.le to' (Seq.length seq)) -> ([#"../hillel.rs" 133 10 133 85] SumRange0.sum_range seq from to' = Int.add (SumRange0.sum_range seq from i) (SumRange0.sum_range seq i to')) end module Hillel_SumRangeSplit use prelude.Int + use prelude.Bool use seq.Seq use prelude.UInt32 clone Hillel_SumRange_Stub as SumRange0 with axiom . function sum_range_split [#"../hillel.rs" 134 0 134 61] (seq : Seq.seq uint32) (from : int) (to' : int) (i : int) : () val sum_range_split [#"../hillel.rs" 134 0 134 61] (seq : Seq.seq uint32) (from : int) (to' : int) (i : int) : () - requires {[#"../hillel.rs" 132 11 132 63] 0 <= from /\ from <= i /\ i <= to' /\ to' <= Seq.length seq} - ensures { [#"../hillel.rs" 133 10 133 85] SumRange0.sum_range seq from to' = SumRange0.sum_range seq from i + SumRange0.sum_range seq i to' } + requires {[#"../hillel.rs" 132 11 132 63] Int.le 0 from /\ Int.le from i /\ Int.le i to' /\ Int.le to' (Seq.length seq)} + ensures { [#"../hillel.rs" 133 10 133 85] SumRange0.sum_range seq from to' = Int.add (SumRange0.sum_range seq from i) (SumRange0.sum_range seq i to') } ensures { result = sum_range_split seq from to' i } - axiom def : forall seq : Seq.seq uint32, from : int, to' : int, i : int . sum_range_split seq from to' i = ([#"../hillel.rs" 135 4 137 5] if i > from then - let _ = sum_range_split seq (from + 1) to' i in () + axiom def : forall seq : Seq.seq uint32, from : int, to' : int, i : int . sum_range_split seq from to' i = ([#"../hillel.rs" 135 4 137 5] if Int.gt i from then + let _ = sum_range_split seq (Int.add from 1) to' i in () else () ) - axiom sum_range_split_spec : forall seq : Seq.seq uint32, from : int, to' : int, i : int . ([#"../hillel.rs" 132 11 132 63] 0 <= from /\ from <= i /\ i <= to' /\ to' <= Seq.length seq) -> ([#"../hillel.rs" 133 10 133 85] SumRange0.sum_range seq from to' = SumRange0.sum_range seq from i + SumRange0.sum_range seq i to') + axiom sum_range_split_spec : forall seq : Seq.seq uint32, from : int, to' : int, i : int . ([#"../hillel.rs" 132 11 132 63] Int.le 0 from /\ Int.le from i /\ Int.le i to' /\ Int.le to' (Seq.length seq)) -> ([#"../hillel.rs" 133 10 133 85] SumRange0.sum_range seq from to' = Int.add (SumRange0.sum_range seq from i) (SumRange0.sum_range seq i to')) end module Hillel_SumRangeSplit_Impl use prelude.Int + use prelude.Bool use seq.Seq use prelude.UInt32 clone Hillel_SumRange as SumRange0 with axiom . let rec ghost function sum_range_split [#"../hillel.rs" 134 0 134 61] (seq : Seq.seq uint32) (from : int) (to' : int) (i : int) : () - requires {[#"../hillel.rs" 132 11 132 63] 0 <= from /\ from <= i /\ i <= to' /\ to' <= Seq.length seq} - ensures { [#"../hillel.rs" 133 10 133 85] SumRange0.sum_range seq from to' = SumRange0.sum_range seq from i + SumRange0.sum_range seq i to' } - variant {[#"../hillel.rs" 131 10 131 18] i - from} + requires {[#"../hillel.rs" 132 11 132 63] Int.le 0 from /\ Int.le from i /\ Int.le i to' /\ Int.le to' (Seq.length seq)} + ensures { [#"../hillel.rs" 133 10 133 85] SumRange0.sum_range seq from to' = Int.add (SumRange0.sum_range seq from i) (SumRange0.sum_range seq i to') } + variant {[#"../hillel.rs" 131 10 131 18] Int.sub i from} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../hillel.rs" 135 4 137 5] if pure {i > from} then let _ = sum_range_split seq (from + 1) to' i in () else () + [#"../hillel.rs" 135 4 137 5] if Int.gt i from then let _ = sum_range_split seq (Int.add from 1) to' i in () else () end module CreusotContracts_Logic_Int_Impl0_AbsDiff_Stub use prelude.Int @@ -3463,7 +3504,11 @@ end module CreusotContracts_Logic_Int_Impl0_AbsDiff use prelude.Int function abs_diff (self : int) (other : int) : int = - [#"../../../../creusot-contracts/src/logic/int.rs" 50 4 50 12] if self < other then other - self else self - other + [#"../../../../creusot-contracts/src/logic/int.rs" 50 4 50 12] if Int.lt self other then + Int.sub other self + else + Int.sub self other + val abs_diff (self : int) (other : int) : int ensures { result = abs_diff self other } @@ -3471,6 +3516,7 @@ end module Hillel_Score_Stub use prelude.Int use seq.Seq + use prelude.Bool use prelude.UInt32 clone Hillel_SumRange_Stub as SumRange0 with axiom . @@ -3479,21 +3525,23 @@ end module Hillel_Score_Interface use prelude.Int use seq.Seq + use prelude.Bool use prelude.UInt32 clone Hillel_SumRange_Stub as SumRange0 with axiom . function score [#"../hillel.rs" 144 0 144 38] (seq : Seq.seq uint32) (i : int) : int val score [#"../hillel.rs" 144 0 144 38] (seq : Seq.seq uint32) (i : int) : int - requires {[#"../hillel.rs" 141 11 141 35] 0 <= i /\ i <= Seq.length seq} - ensures { [#"../hillel.rs" 142 10 142 64] 0 <= result /\ result <= SumRange0.sum_range seq 0 (Seq.length seq) } + requires {[#"../hillel.rs" 141 11 141 35] Int.le 0 i /\ Int.le i (Seq.length seq)} + ensures { [#"../hillel.rs" 142 10 142 64] Int.le 0 result /\ Int.le result (SumRange0.sum_range seq 0 (Seq.length seq)) } ensures { [#"../hillel.rs" 143 0 143 79] 0 = i \/ i = Seq.length seq -> result = SumRange0.sum_range seq 0 (Seq.length seq) } ensures { result = score seq i } - axiom score_spec : forall seq : Seq.seq uint32, i : int . ([#"../hillel.rs" 141 11 141 35] 0 <= i /\ i <= Seq.length seq) -> ([#"../hillel.rs" 143 0 143 79] 0 = i \/ i = Seq.length seq -> score seq i = SumRange0.sum_range seq 0 (Seq.length seq)) && ([#"../hillel.rs" 142 10 142 64] 0 <= score seq i /\ score seq i <= SumRange0.sum_range seq 0 (Seq.length seq)) + axiom score_spec : forall seq : Seq.seq uint32, i : int . ([#"../hillel.rs" 141 11 141 35] Int.le 0 i /\ Int.le i (Seq.length seq)) -> ([#"../hillel.rs" 143 0 143 79] 0 = i \/ i = Seq.length seq -> score seq i = SumRange0.sum_range seq 0 (Seq.length seq)) && ([#"../hillel.rs" 142 10 142 64] Int.le 0 (score seq i) /\ Int.le (score seq i) (SumRange0.sum_range seq 0 (Seq.length seq))) end module Hillel_Score use prelude.Int use seq.Seq + use prelude.Bool use prelude.UInt32 clone CreusotContracts_Logic_Int_Impl0_AbsDiff_Stub as AbsDiff0 clone Hillel_SumRange_Stub as SumRange0 with @@ -3504,16 +3552,17 @@ module Hillel_Score function score [#"../hillel.rs" 144 0 144 38] (seq : Seq.seq uint32) (i : int) : int = [#"../hillel.rs" 145 4 145 41] let _ = SumRangeSplit0.sum_range_split seq 0 (Seq.length seq) i in AbsDiff0.abs_diff (SumRange0.sum_range seq 0 i) (SumRange0.sum_range seq i (Seq.length seq)) val score [#"../hillel.rs" 144 0 144 38] (seq : Seq.seq uint32) (i : int) : int - requires {[#"../hillel.rs" 141 11 141 35] 0 <= i /\ i <= Seq.length seq} - ensures { [#"../hillel.rs" 142 10 142 64] 0 <= result /\ result <= SumRange0.sum_range seq 0 (Seq.length seq) } + requires {[#"../hillel.rs" 141 11 141 35] Int.le 0 i /\ Int.le i (Seq.length seq)} + ensures { [#"../hillel.rs" 142 10 142 64] Int.le 0 result /\ Int.le result (SumRange0.sum_range seq 0 (Seq.length seq)) } ensures { [#"../hillel.rs" 143 0 143 79] 0 = i \/ i = Seq.length seq -> result = SumRange0.sum_range seq 0 (Seq.length seq) } ensures { result = score seq i } - axiom score_spec : forall seq : Seq.seq uint32, i : int . ([#"../hillel.rs" 141 11 141 35] 0 <= i /\ i <= Seq.length seq) -> ([#"../hillel.rs" 143 0 143 79] 0 = i \/ i = Seq.length seq -> score seq i = SumRange0.sum_range seq 0 (Seq.length seq)) && ([#"../hillel.rs" 142 10 142 64] 0 <= score seq i /\ score seq i <= SumRange0.sum_range seq 0 (Seq.length seq)) + axiom score_spec : forall seq : Seq.seq uint32, i : int . ([#"../hillel.rs" 141 11 141 35] Int.le 0 i /\ Int.le i (Seq.length seq)) -> ([#"../hillel.rs" 143 0 143 79] 0 = i \/ i = Seq.length seq -> score seq i = SumRange0.sum_range seq 0 (Seq.length seq)) && ([#"../hillel.rs" 142 10 142 64] Int.le 0 (score seq i) /\ Int.le (score seq i) (SumRange0.sum_range seq 0 (Seq.length seq))) end module Hillel_Score_Impl use prelude.Int use seq.Seq + use prelude.Bool use prelude.UInt32 clone CreusotContracts_Logic_Int_Impl0_AbsDiff as AbsDiff0 clone Hillel_SumRange as SumRange0 with @@ -3522,8 +3571,8 @@ module Hillel_Score_Impl function SumRange0.sum_range = SumRange0.sum_range, axiom . let rec ghost function score [#"../hillel.rs" 144 0 144 38] (seq : Seq.seq uint32) (i : int) : int - requires {[#"../hillel.rs" 141 11 141 35] 0 <= i /\ i <= Seq.length seq} - ensures { [#"../hillel.rs" 142 10 142 64] 0 <= result /\ result <= SumRange0.sum_range seq 0 (Seq.length seq) } + requires {[#"../hillel.rs" 141 11 141 35] Int.le 0 i /\ Int.le i (Seq.length seq)} + ensures { [#"../hillel.rs" 142 10 142 64] Int.le 0 result /\ Int.le result (SumRange0.sum_range seq 0 (Seq.length seq)) } ensures { [#"../hillel.rs" 143 0 143 79] 0 = i \/ i = Seq.length seq -> result = SumRange0.sum_range seq 0 (Seq.length seq) } = [@vc:do_not_keep_trace] [@vc:sp] @@ -3575,6 +3624,7 @@ module CreusotContracts_Std1_Slice_Impl11_IntoIterPost type t use prelude.Borrow use prelude.Slice + use prelude.Bool use Core_Slice_Iter_Iter_Type as Core_Slice_Iter_Iter_Type clone CreusotContracts_Std1_Slice_Impl13_ShallowModel_Stub as ShallowModel0 with type t = t @@ -3613,6 +3663,7 @@ module Hillel_Fulcrum_Interface use seq.Seq use prelude.Int use prelude.UIntSize + use prelude.Bool use prelude.Borrow use prelude.Slice use prelude.UInt32 @@ -3626,10 +3677,10 @@ module Hillel_Fulcrum_Interface type t = slice uint32, type ShallowModelTy0.shallowModelTy = Seq.seq uint32 val fulcrum [#"../hillel.rs" 156 0 156 30] (s : slice uint32) : usize - requires {[#"../hillel.rs" 152 11 152 45] SumRange0.sum_range (ShallowModel0.shallow_model s) 0 (Seq.length (ShallowModel0.shallow_model s)) <= 1000} - requires {[#"../hillel.rs" 153 11 153 23] Seq.length (ShallowModel0.shallow_model s) > 0} - ensures { [#"../hillel.rs" 154 10 154 44] 0 <= UIntSize.to_int result /\ UIntSize.to_int result < Seq.length (ShallowModel0.shallow_model s) } - ensures { [#"../hillel.rs" 155 0 155 88] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model s) -> Score0.score (ShallowModel0.shallow_model s) (UIntSize.to_int result) <= Score0.score (ShallowModel0.shallow_model s) i } + requires {[#"../hillel.rs" 152 11 152 45] Int.le (SumRange0.sum_range (ShallowModel0.shallow_model s) 0 (Seq.length (ShallowModel0.shallow_model s))) 1000} + requires {[#"../hillel.rs" 153 11 153 23] Int.gt (Seq.length (ShallowModel0.shallow_model s)) 0} + ensures { [#"../hillel.rs" 154 10 154 44] Int.le 0 (UIntSize.to_int result) /\ Int.lt (UIntSize.to_int result) (Seq.length (ShallowModel0.shallow_model s)) } + ensures { [#"../hillel.rs" 155 0 155 88] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model s)) -> Int.le (Score0.score (ShallowModel0.shallow_model s) (UIntSize.to_int result)) (Score0.score (ShallowModel0.shallow_model s) i) } end module Hillel_Fulcrum @@ -3639,6 +3690,7 @@ module Hillel_Fulcrum use seq.Seq use prelude.Borrow use prelude.UIntSize + use prelude.Bool use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Interface as Inv9 with @@ -3831,10 +3883,10 @@ module Hillel_Fulcrum predicate Inv0.inv = Inv2.inv, predicate IntoIterPost0.into_iter_post = IntoIterPost0.into_iter_post let rec cfg fulcrum [#"../hillel.rs" 156 0 156 30] [@cfg:stackify] [@cfg:subregion_analysis] (s : slice uint32) : usize - requires {[#"../hillel.rs" 152 11 152 45] SumRange0.sum_range (ShallowModel0.shallow_model s) 0 (Seq.length (ShallowModel0.shallow_model s)) <= 1000} - requires {[#"../hillel.rs" 153 11 153 23] Seq.length (ShallowModel0.shallow_model s) > 0} - ensures { [#"../hillel.rs" 154 10 154 44] 0 <= UIntSize.to_int result /\ UIntSize.to_int result < Seq.length (ShallowModel0.shallow_model s) } - ensures { [#"../hillel.rs" 155 0 155 88] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model s) -> Score0.score (ShallowModel0.shallow_model s) (UIntSize.to_int result) <= Score0.score (ShallowModel0.shallow_model s) i } + requires {[#"../hillel.rs" 152 11 152 45] Int.le (SumRange0.sum_range (ShallowModel0.shallow_model s) 0 (Seq.length (ShallowModel0.shallow_model s))) 1000} + requires {[#"../hillel.rs" 153 11 153 23] Int.gt (Seq.length (ShallowModel0.shallow_model s)) 0} + ensures { [#"../hillel.rs" 154 10 154 44] Int.le 0 (UIntSize.to_int result) /\ Int.lt (UIntSize.to_int result) (Seq.length (ShallowModel0.shallow_model s)) } + ensures { [#"../hillel.rs" 155 0 155 88] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model s)) -> Int.le (Score0.score (ShallowModel0.shallow_model s) (UIntSize.to_int result)) (Score0.score (ShallowModel0.shallow_model s) i) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : usize; @@ -3890,7 +3942,7 @@ module Hillel_Fulcrum invariant { [#"../hillel.rs" 159 4 159 60] Inv0.inv iter }; invariant { [#"../hillel.rs" 159 4 159 60] Produces0.produces (Ghost.inner iter_old) (Ghost.inner produced) iter }; invariant { [#"../hillel.rs" 159 16 159 58] UInt32.to_int total = SumRange0.sum_range (ShallowModel0.shallow_model s) 0 (Seq.length (Ghost.inner produced)) }; - invariant { [#"../hillel.rs" 160 16 160 52] UInt32.to_int total <= SumRange0.sum_range (ShallowModel0.shallow_model s) 0 (Seq.length (ShallowModel0.shallow_model s)) }; + invariant { [#"../hillel.rs" 160 16 160 52] Int.le (UInt32.to_int total) (SumRange0.sum_range (ShallowModel0.shallow_model s) 0 (Seq.length (ShallowModel0.shallow_model s))) }; goto BB5 } BB5 { @@ -3932,7 +3984,7 @@ module Hillel_Fulcrum produced <- _24; _24 <- any Ghost.ghost_ty (Seq.seq uint32); x <- __creusot_proc_iter_elem; - total <- ([#"../hillel.rs" 162 8 162 18] total + x); + total <- ([#"../hillel.rs" 162 8 162 18] UInt32.add total x); _18 <- ([#"../hillel.rs" 161 16 163 5] ()); goto BB4 } @@ -3956,10 +4008,10 @@ module Hillel_Fulcrum invariant { [#"../hillel.rs" 171 4 171 58] Inv1.inv iter1 }; invariant { [#"../hillel.rs" 171 4 171 58] Produces1.produces (Ghost.inner iter_old1) (Ghost.inner produced1) iter1 }; invariant { [#"../hillel.rs" 171 16 171 56] UInt32.to_int sum = SumRange0.sum_range (ShallowModel0.shallow_model s) 0 (Seq.length (Ghost.inner produced1)) }; - invariant { [#"../hillel.rs" 172 16 172 30] UInt32.to_int sum <= UInt32.to_int total }; - invariant { [#"../hillel.rs" 173 16 173 61] UIntSize.to_int min_i <= Seq.length (Ghost.inner produced1) /\ UIntSize.to_int min_i < Seq.length (ShallowModel0.shallow_model s) }; + invariant { [#"../hillel.rs" 172 16 172 30] Int.le (UInt32.to_int sum) (UInt32.to_int total) }; + invariant { [#"../hillel.rs" 173 16 173 61] Int.le (UIntSize.to_int min_i) (Seq.length (Ghost.inner produced1)) /\ Int.lt (UIntSize.to_int min_i) (Seq.length (ShallowModel0.shallow_model s)) }; invariant { [#"../hillel.rs" 174 16 174 46] UInt32.to_int min_dist = Score0.score (ShallowModel0.shallow_model s) (UIntSize.to_int min_i) }; - invariant { [#"../hillel.rs" 171 4 171 58] forall j : int . 0 <= j /\ j < Seq.length (Ghost.inner produced1) -> Score0.score (ShallowModel0.shallow_model s) (UIntSize.to_int min_i) <= Score0.score (ShallowModel0.shallow_model s) j }; + invariant { [#"../hillel.rs" 171 4 171 58] forall j : int . Int.le 0 j /\ Int.lt j (Seq.length (Ghost.inner produced1)) -> Int.le (Score0.score (ShallowModel0.shallow_model s) (UIntSize.to_int min_i)) (Score0.score (ShallowModel0.shallow_model s) j) }; goto BB17 } BB17 { @@ -3994,11 +4046,11 @@ module Hillel_Fulcrum produced1 <- _55; _55 <- any Ghost.ghost_ty (Seq.seq usize); i <- __creusot_proc_iter_elem1; - dist <- ([#"../hillel.rs" 177 19 177 44] AbsDiff0.abs_diff sum ([#"../hillel.rs" 177 32 177 43] total - sum)); + dist <- ([#"../hillel.rs" 177 19 177 44] AbsDiff0.abs_diff sum ([#"../hillel.rs" 177 32 177 43] UInt32.sub total sum)); goto BB23 } BB23 { - switch ([#"../hillel.rs" 178 11 178 26] dist < min_dist) + switch ([#"../hillel.rs" 178 11 178 26] UInt32.lt dist min_dist) | False -> goto BB25 | True -> goto BB24 end @@ -4015,12 +4067,12 @@ module Hillel_Fulcrum } BB26 { _70 <- i; - _72 <- ([#"../hillel.rs" 183 15 183 19] _70 < ([#"../hillel.rs" 183 15 183 19] Slice.length s)); + _72 <- ([#"../hillel.rs" 183 15 183 19] UIntSize.lt _70 ([#"../hillel.rs" 183 15 183 19] Slice.length s)); assert { [@expl:index in bounds] [#"../hillel.rs" 183 15 183 19] _72 }; goto BB27 } BB27 { - sum <- ([#"../hillel.rs" 183 8 183 19] sum + Slice.get s _70); + sum <- ([#"../hillel.rs" 183 8 183 19] UInt32.add sum (Slice.get s _70)); _18 <- ([#"../hillel.rs" 176 24 184 5] ()); goto BB16 } diff --git a/creusot/tests/should_succeed/immut.mlcfg b/creusot/tests/should_succeed/immut.mlcfg index 99c157f71e..069704e1dd 100644 --- a/creusot/tests/should_succeed/immut.mlcfg +++ b/creusot/tests/should_succeed/immut.mlcfg @@ -15,6 +15,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool diff --git a/creusot/tests/should_succeed/index_range.mlcfg b/creusot/tests/should_succeed/index_range.mlcfg index 9d2b9995da..252a5eed30 100644 --- a/creusot/tests/should_succeed/index_range.mlcfg +++ b/creusot/tests/should_succeed/index_range.mlcfg @@ -94,11 +94,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -116,11 +116,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub type t @@ -172,6 +172,7 @@ end module Alloc_Vec_Impl0_New_Interface type t use seq.Seq + use prelude.Int use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -256,6 +257,7 @@ module Alloc_Vec_Impl1_Push_Interface type a use prelude.Borrow use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv3 with type t = Seq.seq t @@ -291,8 +293,9 @@ module TyInv_Trivial end module IndexRange_CreateArr_Interface use seq.Seq - use prelude.Int32 use prelude.Int + use prelude.Int32 + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq int32 @@ -320,6 +323,7 @@ module IndexRange_CreateArr use prelude.Int32 use prelude.Borrow use seq.Seq + use prelude.Bool clone CreusotContracts_Invariant_Inv_Interface as Inv3 with type t = int32 clone TyInv_Trivial as TyInv_Trivial3 with @@ -466,6 +470,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -509,6 +514,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve type t use prelude.Int use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -530,7 +536,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve predicate Inv1.inv = Inv1.inv, axiom . predicate resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) = - [#"../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Resolve0.resolve (IndexLogic0.index_logic self i) + [#"../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Resolve0.resolve (IndexLogic0.index_logic self i) val resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = resolve self } @@ -695,9 +701,9 @@ module Core_Slice_Impl0_Len_Interface type t use seq.Seq use prelude.UIntSize + use prelude.Int use prelude.Borrow use prelude.Slice - use prelude.Int use seq.Seq clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with type t = slice t, @@ -712,6 +718,7 @@ end module Alloc_Vec_Impl8_Deref_Interface type t type a + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -737,6 +744,7 @@ module Core_Slice_Impl0_Get_Interface type t type i use prelude.Borrow + use prelude.Bool use prelude.Slice use seq.Seq use seq.Seq @@ -774,6 +782,7 @@ module Core_Slice_Impl0_Get_Interface end module Core_Option_Impl0_IsNone_Interface type t + use prelude.Bool use prelude.Borrow use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -819,6 +828,7 @@ module Alloc_Vec_Impl13_IndexMut_Interface type a use prelude.Borrow use seq.Seq + use prelude.Int use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv4 with @@ -875,8 +885,8 @@ module Alloc_Vec_Impl1_Len_Interface type a use prelude.UIntSize use seq.Seq - use prelude.Borrow use prelude.Int + use prelude.Borrow use seq.Seq use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with @@ -913,9 +923,10 @@ module CreusotContracts_Std1_Slice_Impl6_InBounds use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type predicate in_bounds (self : Core_Ops_Range_Range_Type.t_range usize) (seq : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 130 20 130 70] UIntSize.to_int (Core_Ops_Range_Range_Type.range_start self) <= UIntSize.to_int (Core_Ops_Range_Range_Type.range_end self) /\ UIntSize.to_int (Core_Ops_Range_Range_Type.range_end self) <= Seq.length seq + [#"../../../../creusot-contracts/src/std/slice.rs" 130 20 130 70] Int.le (UIntSize.to_int (Core_Ops_Range_Range_Type.range_start self)) (UIntSize.to_int (Core_Ops_Range_Range_Type.range_end self)) /\ Int.le (UIntSize.to_int (Core_Ops_Range_Range_Type.range_end self)) (Seq.length seq) val in_bounds (self : Core_Ops_Range_Range_Type.t_range usize) (seq : Seq.seq t) : bool ensures { result = in_bounds self seq } @@ -926,6 +937,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Stub use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -940,6 +952,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -949,12 +962,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Slice_Impl0_ShallowModel type t @@ -962,6 +975,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -971,12 +985,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Slice_Impl6_HasValue_Stub type t @@ -1006,6 +1020,7 @@ module CreusotContracts_Std1_Slice_Impl6_HasValue use seq.Seq use prelude.Slice use seq_ext.SeqExt + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -1049,9 +1064,10 @@ module CreusotContracts_Std1_Slice_Impl6_ResolveElswhere use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type predicate resolve_elswhere (self : Core_Ops_Range_Range_Type.t_range usize) (old' : Seq.seq t) (fin : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 142 8 145 9] forall i : int . 0 <= i /\ (i < UIntSize.to_int (Core_Ops_Range_Range_Type.range_start self) \/ UIntSize.to_int (Core_Ops_Range_Range_Type.range_end self) <= i) /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i + [#"../../../../creusot-contracts/src/std/slice.rs" 142 8 145 9] forall i : int . Int.le 0 i /\ (Int.lt i (UIntSize.to_int (Core_Ops_Range_Range_Type.range_start self)) \/ Int.le (UIntSize.to_int (Core_Ops_Range_Range_Type.range_end self)) i) /\ Int.lt i (Seq.length old') -> Seq.get old' i = Seq.get fin i val resolve_elswhere (self : Core_Ops_Range_Range_Type.t_range usize) (old' : Seq.seq t) (fin : Seq.seq t) : bool ensures { result = resolve_elswhere self old' fin } @@ -1079,7 +1095,7 @@ module CreusotContracts_Std1_Slice_Impl5_InBounds use prelude.UIntSize use seq.Seq predicate in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] UIntSize.to_int self < Seq.length seq + [#"../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] Int.lt (UIntSize.to_int self) (Seq.length seq) val in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) : bool ensures { result = in_bounds self seq } @@ -1106,6 +1122,7 @@ module CreusotContracts_Std1_Slice_Impl5_HasValue use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) = [#"../../../../creusot-contracts/src/std/slice.rs" 115 20 115 37] Seq.get seq (UIntSize.to_int self) = out val has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) : bool @@ -1427,7 +1444,7 @@ module IndexRange_TestRange } BB4 { _20 <- ([#"../index_range.rs" 35 43 35 44] [#"../index_range.rs" 35 43 35 44] (1 : usize)); - _22 <- ([#"../index_range.rs" 35 41 35 45] _20 < ([#"../index_range.rs" 35 41 35 45] Slice.length s)); + _22 <- ([#"../index_range.rs" 35 41 35 45] UIntSize.lt _20 ([#"../index_range.rs" 35 41 35 45] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 35 41 35 45] _22 }; goto BB11 } @@ -1443,7 +1460,7 @@ module IndexRange_TestRange } BB7 { _15 <- ([#"../index_range.rs" 35 30 35 31] [#"../index_range.rs" 35 30 35 31] (0 : usize)); - _17 <- ([#"../index_range.rs" 35 28 35 32] _15 < ([#"../index_range.rs" 35 28 35 32] Slice.length s)); + _17 <- ([#"../index_range.rs" 35 28 35 32] UIntSize.lt _15 ([#"../index_range.rs" 35 28 35 32] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 35 28 35 32] _17 }; goto BB10 } @@ -1454,17 +1471,17 @@ module IndexRange_TestRange end } BB9 { - switch ([#"../index_range.rs" 35 12 35 24] _11 = ([#"../index_range.rs" 35 23 35 24] [#"../index_range.rs" 35 23 35 24] (2 : usize))) + switch ([#"../index_range.rs" 35 12 35 24] UIntSize.eq _11 ([#"../index_range.rs" 35 23 35 24] [#"../index_range.rs" 35 23 35 24] (2 : usize))) | False -> goto BB6 | True -> goto BB7 end } BB10 { - _9 <- ([#"../index_range.rs" 35 28 35 37] Slice.get s _15 = ([#"../index_range.rs" 35 36 35 37] [#"../index_range.rs" 35 36 35 37] (0 : int32))); + _9 <- ([#"../index_range.rs" 35 28 35 37] Int32.eq (Slice.get s _15) ([#"../index_range.rs" 35 36 35 37] [#"../index_range.rs" 35 36 35 37] (0 : int32))); goto BB8 } BB11 { - _8 <- ([#"../index_range.rs" 35 41 35 50] Slice.get s _20 = ([#"../index_range.rs" 35 49 35 50] [#"../index_range.rs" 35 49 35 50] (1 : int32))); + _8 <- ([#"../index_range.rs" 35 41 35 50] Int32.eq (Slice.get s _20) ([#"../index_range.rs" 35 49 35 50] [#"../index_range.rs" 35 49 35 50] (1 : int32))); goto BB5 } BB12 { @@ -1486,7 +1503,7 @@ module IndexRange_TestRange } BB16 { _42 <- ([#"../index_range.rs" 38 43 38 44] [#"../index_range.rs" 38 43 38 44] (1 : usize)); - _44 <- ([#"../index_range.rs" 38 41 38 45] _42 < ([#"../index_range.rs" 38 41 38 45] Slice.length s1)); + _44 <- ([#"../index_range.rs" 38 41 38 45] UIntSize.lt _42 ([#"../index_range.rs" 38 41 38 45] Slice.length s1)); assert { [@expl:index in bounds] [#"../index_range.rs" 38 41 38 45] _44 }; goto BB23 } @@ -1502,7 +1519,7 @@ module IndexRange_TestRange } BB19 { _37 <- ([#"../index_range.rs" 38 30 38 31] [#"../index_range.rs" 38 30 38 31] (0 : usize)); - _39 <- ([#"../index_range.rs" 38 28 38 32] _37 < ([#"../index_range.rs" 38 28 38 32] Slice.length s1)); + _39 <- ([#"../index_range.rs" 38 28 38 32] UIntSize.lt _37 ([#"../index_range.rs" 38 28 38 32] Slice.length s1)); assert { [@expl:index in bounds] [#"../index_range.rs" 38 28 38 32] _39 }; goto BB22 } @@ -1513,17 +1530,17 @@ module IndexRange_TestRange end } BB21 { - switch ([#"../index_range.rs" 38 12 38 24] _33 = ([#"../index_range.rs" 38 23 38 24] [#"../index_range.rs" 38 23 38 24] (2 : usize))) + switch ([#"../index_range.rs" 38 12 38 24] UIntSize.eq _33 ([#"../index_range.rs" 38 23 38 24] [#"../index_range.rs" 38 23 38 24] (2 : usize))) | False -> goto BB18 | True -> goto BB19 end } BB22 { - _31 <- ([#"../index_range.rs" 38 28 38 37] Slice.get s1 _37 = ([#"../index_range.rs" 38 36 38 37] [#"../index_range.rs" 38 36 38 37] (3 : int32))); + _31 <- ([#"../index_range.rs" 38 28 38 37] Int32.eq (Slice.get s1 _37) ([#"../index_range.rs" 38 36 38 37] [#"../index_range.rs" 38 36 38 37] (3 : int32))); goto BB20 } BB23 { - _30 <- ([#"../index_range.rs" 38 41 38 50] Slice.get s1 _42 = ([#"../index_range.rs" 38 49 38 50] [#"../index_range.rs" 38 49 38 50] (4 : int32))); + _30 <- ([#"../index_range.rs" 38 41 38 50] Int32.eq (Slice.get s1 _42) ([#"../index_range.rs" 38 49 38 50] [#"../index_range.rs" 38 49 38 50] (4 : int32))); goto BB17 } BB24 { @@ -1539,7 +1556,7 @@ module IndexRange_TestRange goto BB27 } BB27 { - switch ([#"../index_range.rs" 43 4 43 33] not ([#"../index_range.rs" 43 12 43 32] _49 = ([#"../index_range.rs" 43 31 43 32] [#"../index_range.rs" 43 31 43 32] (0 : usize)))) + switch ([#"../index_range.rs" 43 4 43 33] not ([#"../index_range.rs" 43 12 43 32] UIntSize.eq _49 ([#"../index_range.rs" 43 31 43 32] [#"../index_range.rs" 43 31 43 32] (0 : usize)))) | False -> goto BB29 | True -> goto BB28 end @@ -1557,7 +1574,7 @@ module IndexRange_TestRange goto BB31 } BB31 { - switch ([#"../index_range.rs" 45 4 45 33] not ([#"../index_range.rs" 45 12 45 32] _58 = ([#"../index_range.rs" 45 31 45 32] [#"../index_range.rs" 45 31 45 32] (0 : usize)))) + switch ([#"../index_range.rs" 45 4 45 33] not ([#"../index_range.rs" 45 12 45 32] UIntSize.eq _58 ([#"../index_range.rs" 45 31 45 32] [#"../index_range.rs" 45 31 45 32] (0 : usize)))) | False -> goto BB33 | True -> goto BB32 end @@ -1668,7 +1685,7 @@ module IndexRange_TestRange goto BB55 } BB55 { - switch ([#"../index_range.rs" 60 4 60 25] not ([#"../index_range.rs" 60 12 60 24] _111 = ([#"../index_range.rs" 60 23 60 24] [#"../index_range.rs" 60 23 60 24] (3 : usize)))) + switch ([#"../index_range.rs" 60 4 60 25] not ([#"../index_range.rs" 60 12 60 24] UIntSize.eq _111 ([#"../index_range.rs" 60 23 60 24] [#"../index_range.rs" 60 23 60 24] (3 : usize)))) | False -> goto BB57 | True -> goto BB56 end @@ -1681,28 +1698,28 @@ module IndexRange_TestRange } BB57 { _114 <- ([#"../index_range.rs" 61 6 61 7] [#"../index_range.rs" 61 6 61 7] (0 : usize)); - _116 <- ([#"../index_range.rs" 61 4 61 8] _114 < ([#"../index_range.rs" 61 4 61 8] Slice.length ( * s2))); + _116 <- ([#"../index_range.rs" 61 4 61 8] UIntSize.lt _114 ([#"../index_range.rs" 61 4 61 8] Slice.length ( * s2))); assert { [@expl:index in bounds] [#"../index_range.rs" 61 4 61 8] _116 }; goto BB58 } BB58 { s2 <- { s2 with current = Slice.set ( * s2) _114 ([#"../index_range.rs" 61 11 61 13] [#"../index_range.rs" 61 11 61 13] (-1 : int32)) }; _117 <- ([#"../index_range.rs" 62 6 62 7] [#"../index_range.rs" 62 6 62 7] (1 : usize)); - _119 <- ([#"../index_range.rs" 62 4 62 8] _117 < ([#"../index_range.rs" 62 4 62 8] Slice.length ( * s2))); + _119 <- ([#"../index_range.rs" 62 4 62 8] UIntSize.lt _117 ([#"../index_range.rs" 62 4 62 8] Slice.length ( * s2))); assert { [@expl:index in bounds] [#"../index_range.rs" 62 4 62 8] _119 }; goto BB59 } BB59 { s2 <- { s2 with current = Slice.set ( * s2) _117 ([#"../index_range.rs" 62 11 62 13] [#"../index_range.rs" 62 11 62 13] (-1 : int32)) }; _124 <- ([#"../index_range.rs" 67 14 67 15] [#"../index_range.rs" 67 14 67 15] (2 : usize)); - _126 <- ([#"../index_range.rs" 67 12 67 16] _124 < ([#"../index_range.rs" 67 12 67 16] Slice.length ( * s2))); + _126 <- ([#"../index_range.rs" 67 12 67 16] UIntSize.lt _124 ([#"../index_range.rs" 67 12 67 16] Slice.length ( * s2))); assert { [@expl:index in bounds] [#"../index_range.rs" 67 12 67 16] _126 }; goto BB60 } BB60 { assume { Resolve0.resolve s2 }; assume { Resolve0.resolve _105 }; - switch ([#"../index_range.rs" 67 4 67 22] not ([#"../index_range.rs" 67 12 67 21] Slice.get ( * s2) _124 = ([#"../index_range.rs" 67 20 67 21] [#"../index_range.rs" 67 20 67 21] (3 : int32)))) + switch ([#"../index_range.rs" 67 4 67 22] not ([#"../index_range.rs" 67 12 67 21] Int32.eq (Slice.get ( * s2) _124) ([#"../index_range.rs" 67 20 67 21] [#"../index_range.rs" 67 20 67 21] (3 : int32)))) | False -> goto BB62 | True -> goto BB61 end @@ -1716,7 +1733,7 @@ module IndexRange_TestRange goto BB63 } BB63 { - switch ([#"../index_range.rs" 69 4 69 27] not ([#"../index_range.rs" 69 12 69 26] _131 = ([#"../index_range.rs" 69 25 69 26] [#"../index_range.rs" 69 25 69 26] (5 : usize)))) + switch ([#"../index_range.rs" 69 4 69 27] not ([#"../index_range.rs" 69 12 69 26] UIntSize.eq _131 ([#"../index_range.rs" 69 25 69 26] [#"../index_range.rs" 69 25 69 26] (5 : usize)))) | False -> goto BB65 | True -> goto BB64 end @@ -1730,7 +1747,7 @@ module IndexRange_TestRange goto BB66 } BB66 { - switch ([#"../index_range.rs" 70 4 70 24] not ([#"../index_range.rs" 70 12 70 23] _138 = ([#"../index_range.rs" 70 22 70 23] [#"../index_range.rs" 70 22 70 23] (0 : int32)))) + switch ([#"../index_range.rs" 70 4 70 24] not ([#"../index_range.rs" 70 12 70 23] Int32.eq _138 ([#"../index_range.rs" 70 22 70 23] [#"../index_range.rs" 70 22 70 23] (0 : int32)))) | False -> goto BB68 | True -> goto BB67 end @@ -1744,7 +1761,7 @@ module IndexRange_TestRange goto BB69 } BB69 { - switch ([#"../index_range.rs" 71 4 71 25] not ([#"../index_range.rs" 71 12 71 24] _145 = ([#"../index_range.rs" 71 22 71 24] [#"../index_range.rs" 71 22 71 24] (-1 : int32)))) + switch ([#"../index_range.rs" 71 4 71 25] not ([#"../index_range.rs" 71 12 71 24] Int32.eq _145 ([#"../index_range.rs" 71 22 71 24] [#"../index_range.rs" 71 22 71 24] (-1 : int32)))) | False -> goto BB71 | True -> goto BB70 end @@ -1758,7 +1775,7 @@ module IndexRange_TestRange goto BB72 } BB72 { - switch ([#"../index_range.rs" 72 4 72 25] not ([#"../index_range.rs" 72 12 72 24] _152 = ([#"../index_range.rs" 72 22 72 24] [#"../index_range.rs" 72 22 72 24] (-1 : int32)))) + switch ([#"../index_range.rs" 72 4 72 25] not ([#"../index_range.rs" 72 12 72 24] Int32.eq _152 ([#"../index_range.rs" 72 22 72 24] [#"../index_range.rs" 72 22 72 24] (-1 : int32)))) | False -> goto BB74 | True -> goto BB73 end @@ -1772,7 +1789,7 @@ module IndexRange_TestRange goto BB75 } BB75 { - switch ([#"../index_range.rs" 73 4 73 24] not ([#"../index_range.rs" 73 12 73 23] _159 = ([#"../index_range.rs" 73 22 73 23] [#"../index_range.rs" 73 22 73 23] (3 : int32)))) + switch ([#"../index_range.rs" 73 4 73 24] not ([#"../index_range.rs" 73 12 73 23] Int32.eq _159 ([#"../index_range.rs" 73 22 73 23] [#"../index_range.rs" 73 22 73 23] (3 : int32)))) | False -> goto BB77 | True -> goto BB76 end @@ -1787,7 +1804,7 @@ module IndexRange_TestRange } BB78 { assume { Resolve1.resolve arr }; - switch ([#"../index_range.rs" 74 4 74 24] not ([#"../index_range.rs" 74 12 74 23] _166 = ([#"../index_range.rs" 74 22 74 23] [#"../index_range.rs" 74 22 74 23] (4 : int32)))) + switch ([#"../index_range.rs" 74 4 74 24] not ([#"../index_range.rs" 74 12 74 23] Int32.eq _166 ([#"../index_range.rs" 74 22 74 23] [#"../index_range.rs" 74 22 74 23] (4 : int32)))) | False -> goto BB80 | True -> goto BB79 end @@ -1839,7 +1856,7 @@ module CreusotContracts_Std1_Slice_Impl7_InBounds use seq.Seq use Core_Ops_Range_RangeTo_Type as Core_Ops_Range_RangeTo_Type predicate in_bounds (self : Core_Ops_Range_RangeTo_Type.t_rangeto usize) (seq : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 153 20 153 42] UIntSize.to_int (Core_Ops_Range_RangeTo_Type.rangeto_end self) <= Seq.length seq + [#"../../../../creusot-contracts/src/std/slice.rs" 153 20 153 42] Int.le (UIntSize.to_int (Core_Ops_Range_RangeTo_Type.rangeto_end self)) (Seq.length seq) val in_bounds (self : Core_Ops_Range_RangeTo_Type.t_rangeto usize) (seq : Seq.seq t) : bool ensures { result = in_bounds self seq } @@ -1872,6 +1889,7 @@ module CreusotContracts_Std1_Slice_Impl7_HasValue use seq.Seq use prelude.Slice use seq_ext.SeqExt + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -1915,9 +1933,10 @@ module CreusotContracts_Std1_Slice_Impl7_ResolveElswhere use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool use Core_Ops_Range_RangeTo_Type as Core_Ops_Range_RangeTo_Type predicate resolve_elswhere (self : Core_Ops_Range_RangeTo_Type.t_rangeto usize) (old' : Seq.seq t) (fin : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 165 8 165 90] forall i : int . UIntSize.to_int (Core_Ops_Range_RangeTo_Type.rangeto_end self) <= i /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i + [#"../../../../creusot-contracts/src/std/slice.rs" 165 8 165 90] forall i : int . Int.le (UIntSize.to_int (Core_Ops_Range_RangeTo_Type.rangeto_end self)) i /\ Int.lt i (Seq.length old') -> Seq.get old' i = Seq.get fin i val resolve_elswhere (self : Core_Ops_Range_RangeTo_Type.t_rangeto usize) (old' : Seq.seq t) (fin : Seq.seq t) : bool ensures { result = resolve_elswhere self old' fin } @@ -2198,7 +2217,7 @@ module IndexRange_TestRangeTo } BB4 { _20 <- ([#"../index_range.rs" 86 43 86 44] [#"../index_range.rs" 86 43 86 44] (1 : usize)); - _22 <- ([#"../index_range.rs" 86 41 86 45] _20 < ([#"../index_range.rs" 86 41 86 45] Slice.length s)); + _22 <- ([#"../index_range.rs" 86 41 86 45] UIntSize.lt _20 ([#"../index_range.rs" 86 41 86 45] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 86 41 86 45] _22 }; goto BB11 } @@ -2214,7 +2233,7 @@ module IndexRange_TestRangeTo } BB7 { _15 <- ([#"../index_range.rs" 86 30 86 31] [#"../index_range.rs" 86 30 86 31] (0 : usize)); - _17 <- ([#"../index_range.rs" 86 28 86 32] _15 < ([#"../index_range.rs" 86 28 86 32] Slice.length s)); + _17 <- ([#"../index_range.rs" 86 28 86 32] UIntSize.lt _15 ([#"../index_range.rs" 86 28 86 32] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 86 28 86 32] _17 }; goto BB10 } @@ -2225,17 +2244,17 @@ module IndexRange_TestRangeTo end } BB9 { - switch ([#"../index_range.rs" 86 12 86 24] _11 = ([#"../index_range.rs" 86 23 86 24] [#"../index_range.rs" 86 23 86 24] (2 : usize))) + switch ([#"../index_range.rs" 86 12 86 24] UIntSize.eq _11 ([#"../index_range.rs" 86 23 86 24] [#"../index_range.rs" 86 23 86 24] (2 : usize))) | False -> goto BB6 | True -> goto BB7 end } BB10 { - _9 <- ([#"../index_range.rs" 86 28 86 37] Slice.get s _15 = ([#"../index_range.rs" 86 36 86 37] [#"../index_range.rs" 86 36 86 37] (0 : int32))); + _9 <- ([#"../index_range.rs" 86 28 86 37] Int32.eq (Slice.get s _15) ([#"../index_range.rs" 86 36 86 37] [#"../index_range.rs" 86 36 86 37] (0 : int32))); goto BB8 } BB11 { - _8 <- ([#"../index_range.rs" 86 41 86 50] Slice.get s _20 = ([#"../index_range.rs" 86 49 86 50] [#"../index_range.rs" 86 49 86 50] (1 : int32))); + _8 <- ([#"../index_range.rs" 86 41 86 50] Int32.eq (Slice.get s _20) ([#"../index_range.rs" 86 49 86 50] [#"../index_range.rs" 86 49 86 50] (1 : int32))); goto BB5 } BB12 { @@ -2251,7 +2270,7 @@ module IndexRange_TestRangeTo goto BB15 } BB15 { - switch ([#"../index_range.rs" 91 4 91 32] not ([#"../index_range.rs" 91 12 91 31] _27 = ([#"../index_range.rs" 91 30 91 31] [#"../index_range.rs" 91 30 91 31] (0 : usize)))) + switch ([#"../index_range.rs" 91 4 91 32] not ([#"../index_range.rs" 91 12 91 31] UIntSize.eq _27 ([#"../index_range.rs" 91 30 91 31] [#"../index_range.rs" 91 30 91 31] (0 : usize)))) | False -> goto BB17 | True -> goto BB16 end @@ -2296,7 +2315,7 @@ module IndexRange_TestRangeTo goto BB24 } BB24 { - switch ([#"../index_range.rs" 100 4 100 25] not ([#"../index_range.rs" 100 12 100 24] _50 = ([#"../index_range.rs" 100 23 100 24] [#"../index_range.rs" 100 23 100 24] (3 : usize)))) + switch ([#"../index_range.rs" 100 4 100 25] not ([#"../index_range.rs" 100 12 100 24] UIntSize.eq _50 ([#"../index_range.rs" 100 23 100 24] [#"../index_range.rs" 100 23 100 24] (3 : usize)))) | False -> goto BB26 | True -> goto BB25 end @@ -2309,28 +2328,28 @@ module IndexRange_TestRangeTo } BB26 { _53 <- ([#"../index_range.rs" 101 6 101 7] [#"../index_range.rs" 101 6 101 7] (0 : usize)); - _55 <- ([#"../index_range.rs" 101 4 101 8] _53 < ([#"../index_range.rs" 101 4 101 8] Slice.length ( * s1))); + _55 <- ([#"../index_range.rs" 101 4 101 8] UIntSize.lt _53 ([#"../index_range.rs" 101 4 101 8] Slice.length ( * s1))); assert { [@expl:index in bounds] [#"../index_range.rs" 101 4 101 8] _55 }; goto BB27 } BB27 { s1 <- { s1 with current = Slice.set ( * s1) _53 ([#"../index_range.rs" 101 11 101 13] [#"../index_range.rs" 101 11 101 13] (-1 : int32)) }; _56 <- ([#"../index_range.rs" 102 6 102 7] [#"../index_range.rs" 102 6 102 7] (2 : usize)); - _58 <- ([#"../index_range.rs" 102 4 102 8] _56 < ([#"../index_range.rs" 102 4 102 8] Slice.length ( * s1))); + _58 <- ([#"../index_range.rs" 102 4 102 8] UIntSize.lt _56 ([#"../index_range.rs" 102 4 102 8] Slice.length ( * s1))); assert { [@expl:index in bounds] [#"../index_range.rs" 102 4 102 8] _58 }; goto BB28 } BB28 { s1 <- { s1 with current = Slice.set ( * s1) _56 ([#"../index_range.rs" 102 11 102 13] [#"../index_range.rs" 102 11 102 13] (-1 : int32)) }; _63 <- ([#"../index_range.rs" 104 14 104 15] [#"../index_range.rs" 104 14 104 15] (1 : usize)); - _65 <- ([#"../index_range.rs" 104 12 104 16] _63 < ([#"../index_range.rs" 104 12 104 16] Slice.length ( * s1))); + _65 <- ([#"../index_range.rs" 104 12 104 16] UIntSize.lt _63 ([#"../index_range.rs" 104 12 104 16] Slice.length ( * s1))); assert { [@expl:index in bounds] [#"../index_range.rs" 104 12 104 16] _65 }; goto BB29 } BB29 { assume { Resolve0.resolve s1 }; assume { Resolve0.resolve _44 }; - switch ([#"../index_range.rs" 104 4 104 22] not ([#"../index_range.rs" 104 12 104 21] Slice.get ( * s1) _63 = ([#"../index_range.rs" 104 20 104 21] [#"../index_range.rs" 104 20 104 21] (1 : int32)))) + switch ([#"../index_range.rs" 104 4 104 22] not ([#"../index_range.rs" 104 12 104 21] Int32.eq (Slice.get ( * s1) _63) ([#"../index_range.rs" 104 20 104 21] [#"../index_range.rs" 104 20 104 21] (1 : int32)))) | False -> goto BB31 | True -> goto BB30 end @@ -2344,7 +2363,7 @@ module IndexRange_TestRangeTo goto BB32 } BB32 { - switch ([#"../index_range.rs" 106 4 106 27] not ([#"../index_range.rs" 106 12 106 26] _70 = ([#"../index_range.rs" 106 25 106 26] [#"../index_range.rs" 106 25 106 26] (5 : usize)))) + switch ([#"../index_range.rs" 106 4 106 27] not ([#"../index_range.rs" 106 12 106 26] UIntSize.eq _70 ([#"../index_range.rs" 106 25 106 26] [#"../index_range.rs" 106 25 106 26] (5 : usize)))) | False -> goto BB34 | True -> goto BB33 end @@ -2358,7 +2377,7 @@ module IndexRange_TestRangeTo goto BB35 } BB35 { - switch ([#"../index_range.rs" 107 4 107 25] not ([#"../index_range.rs" 107 12 107 24] _77 = ([#"../index_range.rs" 107 22 107 24] [#"../index_range.rs" 107 22 107 24] (-1 : int32)))) + switch ([#"../index_range.rs" 107 4 107 25] not ([#"../index_range.rs" 107 12 107 24] Int32.eq _77 ([#"../index_range.rs" 107 22 107 24] [#"../index_range.rs" 107 22 107 24] (-1 : int32)))) | False -> goto BB37 | True -> goto BB36 end @@ -2372,7 +2391,7 @@ module IndexRange_TestRangeTo goto BB38 } BB38 { - switch ([#"../index_range.rs" 108 4 108 24] not ([#"../index_range.rs" 108 12 108 23] _84 = ([#"../index_range.rs" 108 22 108 23] [#"../index_range.rs" 108 22 108 23] (1 : int32)))) + switch ([#"../index_range.rs" 108 4 108 24] not ([#"../index_range.rs" 108 12 108 23] Int32.eq _84 ([#"../index_range.rs" 108 22 108 23] [#"../index_range.rs" 108 22 108 23] (1 : int32)))) | False -> goto BB40 | True -> goto BB39 end @@ -2386,7 +2405,7 @@ module IndexRange_TestRangeTo goto BB41 } BB41 { - switch ([#"../index_range.rs" 109 4 109 25] not ([#"../index_range.rs" 109 12 109 24] _91 = ([#"../index_range.rs" 109 22 109 24] [#"../index_range.rs" 109 22 109 24] (-1 : int32)))) + switch ([#"../index_range.rs" 109 4 109 25] not ([#"../index_range.rs" 109 12 109 24] Int32.eq _91 ([#"../index_range.rs" 109 22 109 24] [#"../index_range.rs" 109 22 109 24] (-1 : int32)))) | False -> goto BB43 | True -> goto BB42 end @@ -2400,7 +2419,7 @@ module IndexRange_TestRangeTo goto BB44 } BB44 { - switch ([#"../index_range.rs" 110 4 110 24] not ([#"../index_range.rs" 110 12 110 23] _98 = ([#"../index_range.rs" 110 22 110 23] [#"../index_range.rs" 110 22 110 23] (3 : int32)))) + switch ([#"../index_range.rs" 110 4 110 24] not ([#"../index_range.rs" 110 12 110 23] Int32.eq _98 ([#"../index_range.rs" 110 22 110 23] [#"../index_range.rs" 110 22 110 23] (3 : int32)))) | False -> goto BB46 | True -> goto BB45 end @@ -2415,7 +2434,7 @@ module IndexRange_TestRangeTo } BB47 { assume { Resolve1.resolve arr }; - switch ([#"../index_range.rs" 111 4 111 24] not ([#"../index_range.rs" 111 12 111 23] _105 = ([#"../index_range.rs" 111 22 111 23] [#"../index_range.rs" 111 22 111 23] (4 : int32)))) + switch ([#"../index_range.rs" 111 4 111 24] not ([#"../index_range.rs" 111 12 111 23] Int32.eq _105 ([#"../index_range.rs" 111 22 111 23] [#"../index_range.rs" 111 22 111 23] (4 : int32)))) | False -> goto BB49 | True -> goto BB48 end @@ -2467,7 +2486,7 @@ module CreusotContracts_Std1_Slice_Impl8_InBounds use seq.Seq use Core_Ops_Range_RangeFrom_Type as Core_Ops_Range_RangeFrom_Type predicate in_bounds (self : Core_Ops_Range_RangeFrom_Type.t_rangefrom usize) (seq : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 173 20 173 44] UIntSize.to_int (Core_Ops_Range_RangeFrom_Type.rangefrom_start self) <= Seq.length seq + [#"../../../../creusot-contracts/src/std/slice.rs" 173 20 173 44] Int.le (UIntSize.to_int (Core_Ops_Range_RangeFrom_Type.rangefrom_start self)) (Seq.length seq) val in_bounds (self : Core_Ops_Range_RangeFrom_Type.t_rangefrom usize) (seq : Seq.seq t) : bool ensures { result = in_bounds self seq } @@ -2500,6 +2519,7 @@ module CreusotContracts_Std1_Slice_Impl8_HasValue use seq.Seq use prelude.Slice use seq_ext.SeqExt + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -2545,11 +2565,12 @@ module CreusotContracts_Std1_Slice_Impl8_ResolveElswhere use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool use Core_Ops_Range_RangeFrom_Type as Core_Ops_Range_RangeFrom_Type predicate resolve_elswhere (self : Core_Ops_Range_RangeFrom_Type.t_rangefrom usize) (old' : Seq.seq t) (fin : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 185 8 187 9] forall i : int . 0 <= i /\ i < UIntSize.to_int (Core_Ops_Range_RangeFrom_Type.rangefrom_start self) /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i + [#"../../../../creusot-contracts/src/std/slice.rs" 185 8 187 9] forall i : int . Int.le 0 i /\ Int.lt i (UIntSize.to_int (Core_Ops_Range_RangeFrom_Type.rangefrom_start self)) /\ Int.lt i (Seq.length old') -> Seq.get old' i = Seq.get fin i val resolve_elswhere (self : Core_Ops_Range_RangeFrom_Type.t_rangefrom usize) (old' : Seq.seq t) (fin : Seq.seq t) : bool ensures { result = resolve_elswhere self old' fin } @@ -2834,7 +2855,7 @@ module IndexRange_TestRangeFrom } BB4 { _20 <- ([#"../index_range.rs" 123 43 123 44] [#"../index_range.rs" 123 43 123 44] (1 : usize)); - _22 <- ([#"../index_range.rs" 123 41 123 45] _20 < ([#"../index_range.rs" 123 41 123 45] Slice.length s)); + _22 <- ([#"../index_range.rs" 123 41 123 45] UIntSize.lt _20 ([#"../index_range.rs" 123 41 123 45] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 123 41 123 45] _22 }; goto BB11 } @@ -2850,7 +2871,7 @@ module IndexRange_TestRangeFrom } BB7 { _15 <- ([#"../index_range.rs" 123 30 123 31] [#"../index_range.rs" 123 30 123 31] (0 : usize)); - _17 <- ([#"../index_range.rs" 123 28 123 32] _15 < ([#"../index_range.rs" 123 28 123 32] Slice.length s)); + _17 <- ([#"../index_range.rs" 123 28 123 32] UIntSize.lt _15 ([#"../index_range.rs" 123 28 123 32] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 123 28 123 32] _17 }; goto BB10 } @@ -2861,17 +2882,17 @@ module IndexRange_TestRangeFrom end } BB9 { - switch ([#"../index_range.rs" 123 12 123 24] _11 = ([#"../index_range.rs" 123 23 123 24] [#"../index_range.rs" 123 23 123 24] (2 : usize))) + switch ([#"../index_range.rs" 123 12 123 24] UIntSize.eq _11 ([#"../index_range.rs" 123 23 123 24] [#"../index_range.rs" 123 23 123 24] (2 : usize))) | False -> goto BB6 | True -> goto BB7 end } BB10 { - _9 <- ([#"../index_range.rs" 123 28 123 37] Slice.get s _15 = ([#"../index_range.rs" 123 36 123 37] [#"../index_range.rs" 123 36 123 37] (3 : int32))); + _9 <- ([#"../index_range.rs" 123 28 123 37] Int32.eq (Slice.get s _15) ([#"../index_range.rs" 123 36 123 37] [#"../index_range.rs" 123 36 123 37] (3 : int32))); goto BB8 } BB11 { - _8 <- ([#"../index_range.rs" 123 41 123 50] Slice.get s _20 = ([#"../index_range.rs" 123 49 123 50] [#"../index_range.rs" 123 49 123 50] (4 : int32))); + _8 <- ([#"../index_range.rs" 123 41 123 50] Int32.eq (Slice.get s _20) ([#"../index_range.rs" 123 49 123 50] [#"../index_range.rs" 123 49 123 50] (4 : int32))); goto BB5 } BB12 { @@ -2887,7 +2908,7 @@ module IndexRange_TestRangeFrom goto BB15 } BB15 { - switch ([#"../index_range.rs" 128 4 128 32] not ([#"../index_range.rs" 128 12 128 31] _27 = ([#"../index_range.rs" 128 30 128 31] [#"../index_range.rs" 128 30 128 31] (0 : usize)))) + switch ([#"../index_range.rs" 128 4 128 32] not ([#"../index_range.rs" 128 12 128 31] UIntSize.eq _27 ([#"../index_range.rs" 128 30 128 31] [#"../index_range.rs" 128 30 128 31] (0 : usize)))) | False -> goto BB17 | True -> goto BB16 end @@ -2954,7 +2975,7 @@ module IndexRange_TestRangeFrom goto BB29 } BB29 { - switch ([#"../index_range.rs" 139 4 139 25] not ([#"../index_range.rs" 139 12 139 24] _60 = ([#"../index_range.rs" 139 23 139 24] [#"../index_range.rs" 139 23 139 24] (3 : usize)))) + switch ([#"../index_range.rs" 139 4 139 25] not ([#"../index_range.rs" 139 12 139 24] UIntSize.eq _60 ([#"../index_range.rs" 139 23 139 24] [#"../index_range.rs" 139 23 139 24] (3 : usize)))) | False -> goto BB31 | True -> goto BB30 end @@ -2967,28 +2988,28 @@ module IndexRange_TestRangeFrom } BB31 { _63 <- ([#"../index_range.rs" 140 6 140 7] [#"../index_range.rs" 140 6 140 7] (0 : usize)); - _65 <- ([#"../index_range.rs" 140 4 140 8] _63 < ([#"../index_range.rs" 140 4 140 8] Slice.length ( * s1))); + _65 <- ([#"../index_range.rs" 140 4 140 8] UIntSize.lt _63 ([#"../index_range.rs" 140 4 140 8] Slice.length ( * s1))); assert { [@expl:index in bounds] [#"../index_range.rs" 140 4 140 8] _65 }; goto BB32 } BB32 { s1 <- { s1 with current = Slice.set ( * s1) _63 ([#"../index_range.rs" 140 11 140 13] [#"../index_range.rs" 140 11 140 13] (-1 : int32)) }; _66 <- ([#"../index_range.rs" 141 6 141 7] [#"../index_range.rs" 141 6 141 7] (1 : usize)); - _68 <- ([#"../index_range.rs" 141 4 141 8] _66 < ([#"../index_range.rs" 141 4 141 8] Slice.length ( * s1))); + _68 <- ([#"../index_range.rs" 141 4 141 8] UIntSize.lt _66 ([#"../index_range.rs" 141 4 141 8] Slice.length ( * s1))); assert { [@expl:index in bounds] [#"../index_range.rs" 141 4 141 8] _68 }; goto BB33 } BB33 { s1 <- { s1 with current = Slice.set ( * s1) _66 ([#"../index_range.rs" 141 11 141 13] [#"../index_range.rs" 141 11 141 13] (-1 : int32)) }; _73 <- ([#"../index_range.rs" 143 14 143 15] [#"../index_range.rs" 143 14 143 15] (2 : usize)); - _75 <- ([#"../index_range.rs" 143 12 143 16] _73 < ([#"../index_range.rs" 143 12 143 16] Slice.length ( * s1))); + _75 <- ([#"../index_range.rs" 143 12 143 16] UIntSize.lt _73 ([#"../index_range.rs" 143 12 143 16] Slice.length ( * s1))); assert { [@expl:index in bounds] [#"../index_range.rs" 143 12 143 16] _75 }; goto BB34 } BB34 { assume { Resolve0.resolve s1 }; assume { Resolve0.resolve _54 }; - switch ([#"../index_range.rs" 143 4 143 22] not ([#"../index_range.rs" 143 12 143 21] Slice.get ( * s1) _73 = ([#"../index_range.rs" 143 20 143 21] [#"../index_range.rs" 143 20 143 21] (4 : int32)))) + switch ([#"../index_range.rs" 143 4 143 22] not ([#"../index_range.rs" 143 12 143 21] Int32.eq (Slice.get ( * s1) _73) ([#"../index_range.rs" 143 20 143 21] [#"../index_range.rs" 143 20 143 21] (4 : int32)))) | False -> goto BB36 | True -> goto BB35 end @@ -3002,7 +3023,7 @@ module IndexRange_TestRangeFrom goto BB37 } BB37 { - switch ([#"../index_range.rs" 145 4 145 27] not ([#"../index_range.rs" 145 12 145 26] _80 = ([#"../index_range.rs" 145 25 145 26] [#"../index_range.rs" 145 25 145 26] (5 : usize)))) + switch ([#"../index_range.rs" 145 4 145 27] not ([#"../index_range.rs" 145 12 145 26] UIntSize.eq _80 ([#"../index_range.rs" 145 25 145 26] [#"../index_range.rs" 145 25 145 26] (5 : usize)))) | False -> goto BB39 | True -> goto BB38 end @@ -3016,7 +3037,7 @@ module IndexRange_TestRangeFrom goto BB40 } BB40 { - switch ([#"../index_range.rs" 146 4 146 24] not ([#"../index_range.rs" 146 12 146 23] _87 = ([#"../index_range.rs" 146 22 146 23] [#"../index_range.rs" 146 22 146 23] (0 : int32)))) + switch ([#"../index_range.rs" 146 4 146 24] not ([#"../index_range.rs" 146 12 146 23] Int32.eq _87 ([#"../index_range.rs" 146 22 146 23] [#"../index_range.rs" 146 22 146 23] (0 : int32)))) | False -> goto BB42 | True -> goto BB41 end @@ -3030,7 +3051,7 @@ module IndexRange_TestRangeFrom goto BB43 } BB43 { - switch ([#"../index_range.rs" 147 4 147 24] not ([#"../index_range.rs" 147 12 147 23] _94 = ([#"../index_range.rs" 147 22 147 23] [#"../index_range.rs" 147 22 147 23] (1 : int32)))) + switch ([#"../index_range.rs" 147 4 147 24] not ([#"../index_range.rs" 147 12 147 23] Int32.eq _94 ([#"../index_range.rs" 147 22 147 23] [#"../index_range.rs" 147 22 147 23] (1 : int32)))) | False -> goto BB45 | True -> goto BB44 end @@ -3044,7 +3065,7 @@ module IndexRange_TestRangeFrom goto BB46 } BB46 { - switch ([#"../index_range.rs" 148 4 148 25] not ([#"../index_range.rs" 148 12 148 24] _101 = ([#"../index_range.rs" 148 22 148 24] [#"../index_range.rs" 148 22 148 24] (-1 : int32)))) + switch ([#"../index_range.rs" 148 4 148 25] not ([#"../index_range.rs" 148 12 148 24] Int32.eq _101 ([#"../index_range.rs" 148 22 148 24] [#"../index_range.rs" 148 22 148 24] (-1 : int32)))) | False -> goto BB48 | True -> goto BB47 end @@ -3058,7 +3079,7 @@ module IndexRange_TestRangeFrom goto BB49 } BB49 { - switch ([#"../index_range.rs" 149 4 149 25] not ([#"../index_range.rs" 149 12 149 24] _108 = ([#"../index_range.rs" 149 22 149 24] [#"../index_range.rs" 149 22 149 24] (-1 : int32)))) + switch ([#"../index_range.rs" 149 4 149 25] not ([#"../index_range.rs" 149 12 149 24] Int32.eq _108 ([#"../index_range.rs" 149 22 149 24] [#"../index_range.rs" 149 22 149 24] (-1 : int32)))) | False -> goto BB51 | True -> goto BB50 end @@ -3073,7 +3094,7 @@ module IndexRange_TestRangeFrom } BB52 { assume { Resolve1.resolve arr }; - switch ([#"../index_range.rs" 150 4 150 24] not ([#"../index_range.rs" 150 12 150 23] _115 = ([#"../index_range.rs" 150 22 150 23] [#"../index_range.rs" 150 22 150 23] (4 : int32)))) + switch ([#"../index_range.rs" 150 4 150 24] not ([#"../index_range.rs" 150 12 150 23] Int32.eq _115 ([#"../index_range.rs" 150 22 150 23] [#"../index_range.rs" 150 22 150 23] (4 : int32)))) | False -> goto BB54 | True -> goto BB53 end @@ -3141,6 +3162,7 @@ module CreusotContracts_Std1_Slice_Impl9_HasValue type t use seq.Seq use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -3430,7 +3452,7 @@ module IndexRange_TestRangeFull } BB4 { _38 <- ([#"../index_range.rs" 162 82 162 83] [#"../index_range.rs" 162 82 162 83] (4 : usize)); - _40 <- ([#"../index_range.rs" 162 80 162 84] _38 < ([#"../index_range.rs" 162 80 162 84] Slice.length s)); + _40 <- ([#"../index_range.rs" 162 80 162 84] UIntSize.lt _38 ([#"../index_range.rs" 162 80 162 84] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 162 80 162 84] _40 }; goto BB23 } @@ -3446,7 +3468,7 @@ module IndexRange_TestRangeFull } BB7 { _33 <- ([#"../index_range.rs" 162 69 162 70] [#"../index_range.rs" 162 69 162 70] (3 : usize)); - _35 <- ([#"../index_range.rs" 162 67 162 71] _33 < ([#"../index_range.rs" 162 67 162 71] Slice.length s)); + _35 <- ([#"../index_range.rs" 162 67 162 71] UIntSize.lt _33 ([#"../index_range.rs" 162 67 162 71] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 162 67 162 71] _35 }; goto BB22 } @@ -3462,7 +3484,7 @@ module IndexRange_TestRangeFull } BB10 { _28 <- ([#"../index_range.rs" 162 56 162 57] [#"../index_range.rs" 162 56 162 57] (2 : usize)); - _30 <- ([#"../index_range.rs" 162 54 162 58] _28 < ([#"../index_range.rs" 162 54 162 58] Slice.length s)); + _30 <- ([#"../index_range.rs" 162 54 162 58] UIntSize.lt _28 ([#"../index_range.rs" 162 54 162 58] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 162 54 162 58] _30 }; goto BB21 } @@ -3478,7 +3500,7 @@ module IndexRange_TestRangeFull } BB13 { _23 <- ([#"../index_range.rs" 162 43 162 44] [#"../index_range.rs" 162 43 162 44] (1 : usize)); - _25 <- ([#"../index_range.rs" 162 41 162 45] _23 < ([#"../index_range.rs" 162 41 162 45] Slice.length s)); + _25 <- ([#"../index_range.rs" 162 41 162 45] UIntSize.lt _23 ([#"../index_range.rs" 162 41 162 45] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 162 41 162 45] _25 }; goto BB20 } @@ -3494,7 +3516,7 @@ module IndexRange_TestRangeFull } BB16 { _18 <- ([#"../index_range.rs" 162 30 162 31] [#"../index_range.rs" 162 30 162 31] (0 : usize)); - _20 <- ([#"../index_range.rs" 162 28 162 32] _18 < ([#"../index_range.rs" 162 28 162 32] Slice.length s)); + _20 <- ([#"../index_range.rs" 162 28 162 32] UIntSize.lt _18 ([#"../index_range.rs" 162 28 162 32] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 162 28 162 32] _20 }; goto BB19 } @@ -3505,29 +3527,29 @@ module IndexRange_TestRangeFull end } BB18 { - switch ([#"../index_range.rs" 162 12 162 24] _14 = ([#"../index_range.rs" 162 23 162 24] [#"../index_range.rs" 162 23 162 24] (5 : usize))) + switch ([#"../index_range.rs" 162 12 162 24] UIntSize.eq _14 ([#"../index_range.rs" 162 23 162 24] [#"../index_range.rs" 162 23 162 24] (5 : usize))) | False -> goto BB15 | True -> goto BB16 end } BB19 { - _12 <- ([#"../index_range.rs" 162 28 162 37] Slice.get s _18 = ([#"../index_range.rs" 162 36 162 37] [#"../index_range.rs" 162 36 162 37] (0 : int32))); + _12 <- ([#"../index_range.rs" 162 28 162 37] Int32.eq (Slice.get s _18) ([#"../index_range.rs" 162 36 162 37] [#"../index_range.rs" 162 36 162 37] (0 : int32))); goto BB17 } BB20 { - _11 <- ([#"../index_range.rs" 162 41 162 50] Slice.get s _23 = ([#"../index_range.rs" 162 49 162 50] [#"../index_range.rs" 162 49 162 50] (1 : int32))); + _11 <- ([#"../index_range.rs" 162 41 162 50] Int32.eq (Slice.get s _23) ([#"../index_range.rs" 162 49 162 50] [#"../index_range.rs" 162 49 162 50] (1 : int32))); goto BB14 } BB21 { - _10 <- ([#"../index_range.rs" 162 54 162 63] Slice.get s _28 = ([#"../index_range.rs" 162 62 162 63] [#"../index_range.rs" 162 62 162 63] (2 : int32))); + _10 <- ([#"../index_range.rs" 162 54 162 63] Int32.eq (Slice.get s _28) ([#"../index_range.rs" 162 62 162 63] [#"../index_range.rs" 162 62 162 63] (2 : int32))); goto BB11 } BB22 { - _9 <- ([#"../index_range.rs" 162 67 162 76] Slice.get s _33 = ([#"../index_range.rs" 162 75 162 76] [#"../index_range.rs" 162 75 162 76] (3 : int32))); + _9 <- ([#"../index_range.rs" 162 67 162 76] Int32.eq (Slice.get s _33) ([#"../index_range.rs" 162 75 162 76] [#"../index_range.rs" 162 75 162 76] (3 : int32))); goto BB8 } BB23 { - _8 <- ([#"../index_range.rs" 162 80 162 89] Slice.get s _38 = ([#"../index_range.rs" 162 88 162 89] [#"../index_range.rs" 162 88 162 89] (4 : int32))); + _8 <- ([#"../index_range.rs" 162 80 162 89] Int32.eq (Slice.get s _38) ([#"../index_range.rs" 162 88 162 89] [#"../index_range.rs" 162 88 162 89] (4 : int32))); goto BB5 } BB24 { @@ -3548,7 +3570,7 @@ module IndexRange_TestRangeFull goto BB27 } BB27 { - switch ([#"../index_range.rs" 166 4 166 25] not ([#"../index_range.rs" 166 12 166 24] _49 = ([#"../index_range.rs" 166 23 166 24] [#"../index_range.rs" 166 23 166 24] (5 : usize)))) + switch ([#"../index_range.rs" 166 4 166 25] not ([#"../index_range.rs" 166 12 166 24] UIntSize.eq _49 ([#"../index_range.rs" 166 23 166 24] [#"../index_range.rs" 166 23 166 24] (5 : usize)))) | False -> goto BB29 | True -> goto BB28 end @@ -3561,14 +3583,14 @@ module IndexRange_TestRangeFull } BB29 { _52 <- ([#"../index_range.rs" 167 6 167 7] [#"../index_range.rs" 167 6 167 7] (1 : usize)); - _54 <- ([#"../index_range.rs" 167 4 167 8] _52 < ([#"../index_range.rs" 167 4 167 8] Slice.length ( * s1))); + _54 <- ([#"../index_range.rs" 167 4 167 8] UIntSize.lt _52 ([#"../index_range.rs" 167 4 167 8] Slice.length ( * s1))); assert { [@expl:index in bounds] [#"../index_range.rs" 167 4 167 8] _54 }; goto BB30 } BB30 { s1 <- { s1 with current = Slice.set ( * s1) _52 ([#"../index_range.rs" 167 11 167 13] [#"../index_range.rs" 167 11 167 13] (-1 : int32)) }; _55 <- ([#"../index_range.rs" 168 6 168 7] [#"../index_range.rs" 168 6 168 7] (3 : usize)); - _57 <- ([#"../index_range.rs" 168 4 168 8] _55 < ([#"../index_range.rs" 168 4 168 8] Slice.length ( * s1))); + _57 <- ([#"../index_range.rs" 168 4 168 8] UIntSize.lt _55 ([#"../index_range.rs" 168 4 168 8] Slice.length ( * s1))); assert { [@expl:index in bounds] [#"../index_range.rs" 168 4 168 8] _57 }; goto BB31 } @@ -3580,7 +3602,7 @@ module IndexRange_TestRangeFull goto BB32 } BB32 { - switch ([#"../index_range.rs" 170 4 170 27] not ([#"../index_range.rs" 170 12 170 26] _61 = ([#"../index_range.rs" 170 25 170 26] [#"../index_range.rs" 170 25 170 26] (5 : usize)))) + switch ([#"../index_range.rs" 170 4 170 27] not ([#"../index_range.rs" 170 12 170 26] UIntSize.eq _61 ([#"../index_range.rs" 170 25 170 26] [#"../index_range.rs" 170 25 170 26] (5 : usize)))) | False -> goto BB34 | True -> goto BB33 end @@ -3594,7 +3616,7 @@ module IndexRange_TestRangeFull goto BB35 } BB35 { - switch ([#"../index_range.rs" 171 4 171 24] not ([#"../index_range.rs" 171 12 171 23] _68 = ([#"../index_range.rs" 171 22 171 23] [#"../index_range.rs" 171 22 171 23] (0 : int32)))) + switch ([#"../index_range.rs" 171 4 171 24] not ([#"../index_range.rs" 171 12 171 23] Int32.eq _68 ([#"../index_range.rs" 171 22 171 23] [#"../index_range.rs" 171 22 171 23] (0 : int32)))) | False -> goto BB37 | True -> goto BB36 end @@ -3608,7 +3630,7 @@ module IndexRange_TestRangeFull goto BB38 } BB38 { - switch ([#"../index_range.rs" 172 4 172 25] not ([#"../index_range.rs" 172 12 172 24] _75 = ([#"../index_range.rs" 172 22 172 24] [#"../index_range.rs" 172 22 172 24] (-1 : int32)))) + switch ([#"../index_range.rs" 172 4 172 25] not ([#"../index_range.rs" 172 12 172 24] Int32.eq _75 ([#"../index_range.rs" 172 22 172 24] [#"../index_range.rs" 172 22 172 24] (-1 : int32)))) | False -> goto BB40 | True -> goto BB39 end @@ -3622,7 +3644,7 @@ module IndexRange_TestRangeFull goto BB41 } BB41 { - switch ([#"../index_range.rs" 173 4 173 24] not ([#"../index_range.rs" 173 12 173 23] _82 = ([#"../index_range.rs" 173 22 173 23] [#"../index_range.rs" 173 22 173 23] (2 : int32)))) + switch ([#"../index_range.rs" 173 4 173 24] not ([#"../index_range.rs" 173 12 173 23] Int32.eq _82 ([#"../index_range.rs" 173 22 173 23] [#"../index_range.rs" 173 22 173 23] (2 : int32)))) | False -> goto BB43 | True -> goto BB42 end @@ -3636,7 +3658,7 @@ module IndexRange_TestRangeFull goto BB44 } BB44 { - switch ([#"../index_range.rs" 174 4 174 25] not ([#"../index_range.rs" 174 12 174 24] _89 = ([#"../index_range.rs" 174 22 174 24] [#"../index_range.rs" 174 22 174 24] (-1 : int32)))) + switch ([#"../index_range.rs" 174 4 174 25] not ([#"../index_range.rs" 174 12 174 24] Int32.eq _89 ([#"../index_range.rs" 174 22 174 24] [#"../index_range.rs" 174 22 174 24] (-1 : int32)))) | False -> goto BB46 | True -> goto BB45 end @@ -3651,7 +3673,7 @@ module IndexRange_TestRangeFull } BB47 { assume { Resolve1.resolve arr }; - switch ([#"../index_range.rs" 175 4 175 24] not ([#"../index_range.rs" 175 12 175 23] _96 = ([#"../index_range.rs" 175 22 175 23] [#"../index_range.rs" 175 22 175 23] (4 : int32)))) + switch ([#"../index_range.rs" 175 4 175 24] not ([#"../index_range.rs" 175 12 175 23] Int32.eq _96 ([#"../index_range.rs" 175 22 175 23] [#"../index_range.rs" 175 22 175 23] (4 : int32)))) | False -> goto BB49 | True -> goto BB48 end @@ -3703,7 +3725,7 @@ module CreusotContracts_Std1_Slice_Impl10_InBounds use seq.Seq use Core_Ops_Range_RangeToInclusive_Type as Core_Ops_Range_RangeToInclusive_Type predicate in_bounds (self : Core_Ops_Range_RangeToInclusive_Type.t_rangetoinclusive usize) (seq : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 215 20 215 41] UIntSize.to_int (Core_Ops_Range_RangeToInclusive_Type.rangetoinclusive_end self) < Seq.length seq + [#"../../../../creusot-contracts/src/std/slice.rs" 215 20 215 41] Int.lt (UIntSize.to_int (Core_Ops_Range_RangeToInclusive_Type.rangetoinclusive_end self)) (Seq.length seq) val in_bounds (self : Core_Ops_Range_RangeToInclusive_Type.t_rangetoinclusive usize) (seq : Seq.seq t) : bool ensures { result = in_bounds self seq } @@ -3738,6 +3760,7 @@ module CreusotContracts_Std1_Slice_Impl10_HasValue use seq.Seq use prelude.Slice use seq_ext.SeqExt + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -3754,7 +3777,7 @@ module CreusotContracts_Std1_Slice_Impl10_HasValue predicate has_value (self : Core_Ops_Range_RangeToInclusive_Type.t_rangetoinclusive usize) (seq : Seq.seq t) (out : slice t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 221 20 221 61] SeqExt.subsequence seq 0 (UIntSize.to_int (Core_Ops_Range_RangeToInclusive_Type.rangetoinclusive_end self) + 1) = ShallowModel0.shallow_model out + [#"../../../../creusot-contracts/src/std/slice.rs" 221 20 221 61] SeqExt.subsequence seq 0 (Int.add (UIntSize.to_int (Core_Ops_Range_RangeToInclusive_Type.rangetoinclusive_end self)) 1) = ShallowModel0.shallow_model out val has_value (self : Core_Ops_Range_RangeToInclusive_Type.t_rangetoinclusive usize) (seq : Seq.seq t) (out : slice t) : bool ensures { result = has_value self seq out } @@ -3785,11 +3808,12 @@ module CreusotContracts_Std1_Slice_Impl10_ResolveElswhere use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool use Core_Ops_Range_RangeToInclusive_Type as Core_Ops_Range_RangeToInclusive_Type predicate resolve_elswhere (self : Core_Ops_Range_RangeToInclusive_Type.t_rangetoinclusive usize) (old' : Seq.seq t) (fin : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 227 8 227 89] forall i : int . UIntSize.to_int (Core_Ops_Range_RangeToInclusive_Type.rangetoinclusive_end self) < i /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i + [#"../../../../creusot-contracts/src/std/slice.rs" 227 8 227 89] forall i : int . Int.lt (UIntSize.to_int (Core_Ops_Range_RangeToInclusive_Type.rangetoinclusive_end self)) i /\ Int.lt i (Seq.length old') -> Seq.get old' i = Seq.get fin i val resolve_elswhere (self : Core_Ops_Range_RangeToInclusive_Type.t_rangetoinclusive usize) (old' : Seq.seq t) (fin : Seq.seq t) : bool ensures { result = resolve_elswhere self old' fin } @@ -4069,7 +4093,7 @@ module IndexRange_TestRangeToInclusive } BB4 { _20 <- ([#"../index_range.rs" 187 43 187 44] [#"../index_range.rs" 187 43 187 44] (1 : usize)); - _22 <- ([#"../index_range.rs" 187 41 187 45] _20 < ([#"../index_range.rs" 187 41 187 45] Slice.length s)); + _22 <- ([#"../index_range.rs" 187 41 187 45] UIntSize.lt _20 ([#"../index_range.rs" 187 41 187 45] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 187 41 187 45] _22 }; goto BB11 } @@ -4085,7 +4109,7 @@ module IndexRange_TestRangeToInclusive } BB7 { _15 <- ([#"../index_range.rs" 187 30 187 31] [#"../index_range.rs" 187 30 187 31] (0 : usize)); - _17 <- ([#"../index_range.rs" 187 28 187 32] _15 < ([#"../index_range.rs" 187 28 187 32] Slice.length s)); + _17 <- ([#"../index_range.rs" 187 28 187 32] UIntSize.lt _15 ([#"../index_range.rs" 187 28 187 32] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 187 28 187 32] _17 }; goto BB10 } @@ -4096,17 +4120,17 @@ module IndexRange_TestRangeToInclusive end } BB9 { - switch ([#"../index_range.rs" 187 12 187 24] _11 = ([#"../index_range.rs" 187 23 187 24] [#"../index_range.rs" 187 23 187 24] (2 : usize))) + switch ([#"../index_range.rs" 187 12 187 24] UIntSize.eq _11 ([#"../index_range.rs" 187 23 187 24] [#"../index_range.rs" 187 23 187 24] (2 : usize))) | False -> goto BB6 | True -> goto BB7 end } BB10 { - _9 <- ([#"../index_range.rs" 187 28 187 37] Slice.get s _15 = ([#"../index_range.rs" 187 36 187 37] [#"../index_range.rs" 187 36 187 37] (0 : int32))); + _9 <- ([#"../index_range.rs" 187 28 187 37] Int32.eq (Slice.get s _15) ([#"../index_range.rs" 187 36 187 37] [#"../index_range.rs" 187 36 187 37] (0 : int32))); goto BB8 } BB11 { - _8 <- ([#"../index_range.rs" 187 41 187 50] Slice.get s _20 = ([#"../index_range.rs" 187 49 187 50] [#"../index_range.rs" 187 49 187 50] (1 : int32))); + _8 <- ([#"../index_range.rs" 187 41 187 50] Int32.eq (Slice.get s _20) ([#"../index_range.rs" 187 49 187 50] [#"../index_range.rs" 187 49 187 50] (1 : int32))); goto BB5 } BB12 { @@ -4149,7 +4173,7 @@ module IndexRange_TestRangeToInclusive goto BB20 } BB20 { - switch ([#"../index_range.rs" 196 4 196 25] not ([#"../index_range.rs" 196 12 196 24] _41 = ([#"../index_range.rs" 196 23 196 24] [#"../index_range.rs" 196 23 196 24] (3 : usize)))) + switch ([#"../index_range.rs" 196 4 196 25] not ([#"../index_range.rs" 196 12 196 24] UIntSize.eq _41 ([#"../index_range.rs" 196 23 196 24] [#"../index_range.rs" 196 23 196 24] (3 : usize)))) | False -> goto BB22 | True -> goto BB21 end @@ -4162,28 +4186,28 @@ module IndexRange_TestRangeToInclusive } BB22 { _44 <- ([#"../index_range.rs" 197 6 197 7] [#"../index_range.rs" 197 6 197 7] (0 : usize)); - _46 <- ([#"../index_range.rs" 197 4 197 8] _44 < ([#"../index_range.rs" 197 4 197 8] Slice.length ( * s1))); + _46 <- ([#"../index_range.rs" 197 4 197 8] UIntSize.lt _44 ([#"../index_range.rs" 197 4 197 8] Slice.length ( * s1))); assert { [@expl:index in bounds] [#"../index_range.rs" 197 4 197 8] _46 }; goto BB23 } BB23 { s1 <- { s1 with current = Slice.set ( * s1) _44 ([#"../index_range.rs" 197 11 197 13] [#"../index_range.rs" 197 11 197 13] (-1 : int32)) }; _47 <- ([#"../index_range.rs" 198 6 198 7] [#"../index_range.rs" 198 6 198 7] (2 : usize)); - _49 <- ([#"../index_range.rs" 198 4 198 8] _47 < ([#"../index_range.rs" 198 4 198 8] Slice.length ( * s1))); + _49 <- ([#"../index_range.rs" 198 4 198 8] UIntSize.lt _47 ([#"../index_range.rs" 198 4 198 8] Slice.length ( * s1))); assert { [@expl:index in bounds] [#"../index_range.rs" 198 4 198 8] _49 }; goto BB24 } BB24 { s1 <- { s1 with current = Slice.set ( * s1) _47 ([#"../index_range.rs" 198 11 198 13] [#"../index_range.rs" 198 11 198 13] (-1 : int32)) }; _54 <- ([#"../index_range.rs" 200 14 200 15] [#"../index_range.rs" 200 14 200 15] (1 : usize)); - _56 <- ([#"../index_range.rs" 200 12 200 16] _54 < ([#"../index_range.rs" 200 12 200 16] Slice.length ( * s1))); + _56 <- ([#"../index_range.rs" 200 12 200 16] UIntSize.lt _54 ([#"../index_range.rs" 200 12 200 16] Slice.length ( * s1))); assert { [@expl:index in bounds] [#"../index_range.rs" 200 12 200 16] _56 }; goto BB25 } BB25 { assume { Resolve0.resolve s1 }; assume { Resolve0.resolve _35 }; - switch ([#"../index_range.rs" 200 4 200 22] not ([#"../index_range.rs" 200 12 200 21] Slice.get ( * s1) _54 = ([#"../index_range.rs" 200 20 200 21] [#"../index_range.rs" 200 20 200 21] (1 : int32)))) + switch ([#"../index_range.rs" 200 4 200 22] not ([#"../index_range.rs" 200 12 200 21] Int32.eq (Slice.get ( * s1) _54) ([#"../index_range.rs" 200 20 200 21] [#"../index_range.rs" 200 20 200 21] (1 : int32)))) | False -> goto BB27 | True -> goto BB26 end @@ -4197,7 +4221,7 @@ module IndexRange_TestRangeToInclusive goto BB28 } BB28 { - switch ([#"../index_range.rs" 202 4 202 27] not ([#"../index_range.rs" 202 12 202 26] _61 = ([#"../index_range.rs" 202 25 202 26] [#"../index_range.rs" 202 25 202 26] (5 : usize)))) + switch ([#"../index_range.rs" 202 4 202 27] not ([#"../index_range.rs" 202 12 202 26] UIntSize.eq _61 ([#"../index_range.rs" 202 25 202 26] [#"../index_range.rs" 202 25 202 26] (5 : usize)))) | False -> goto BB30 | True -> goto BB29 end @@ -4211,7 +4235,7 @@ module IndexRange_TestRangeToInclusive goto BB31 } BB31 { - switch ([#"../index_range.rs" 203 4 203 25] not ([#"../index_range.rs" 203 12 203 24] _68 = ([#"../index_range.rs" 203 22 203 24] [#"../index_range.rs" 203 22 203 24] (-1 : int32)))) + switch ([#"../index_range.rs" 203 4 203 25] not ([#"../index_range.rs" 203 12 203 24] Int32.eq _68 ([#"../index_range.rs" 203 22 203 24] [#"../index_range.rs" 203 22 203 24] (-1 : int32)))) | False -> goto BB33 | True -> goto BB32 end @@ -4225,7 +4249,7 @@ module IndexRange_TestRangeToInclusive goto BB34 } BB34 { - switch ([#"../index_range.rs" 204 4 204 24] not ([#"../index_range.rs" 204 12 204 23] _75 = ([#"../index_range.rs" 204 22 204 23] [#"../index_range.rs" 204 22 204 23] (1 : int32)))) + switch ([#"../index_range.rs" 204 4 204 24] not ([#"../index_range.rs" 204 12 204 23] Int32.eq _75 ([#"../index_range.rs" 204 22 204 23] [#"../index_range.rs" 204 22 204 23] (1 : int32)))) | False -> goto BB36 | True -> goto BB35 end @@ -4239,7 +4263,7 @@ module IndexRange_TestRangeToInclusive goto BB37 } BB37 { - switch ([#"../index_range.rs" 205 4 205 25] not ([#"../index_range.rs" 205 12 205 24] _82 = ([#"../index_range.rs" 205 22 205 24] [#"../index_range.rs" 205 22 205 24] (-1 : int32)))) + switch ([#"../index_range.rs" 205 4 205 25] not ([#"../index_range.rs" 205 12 205 24] Int32.eq _82 ([#"../index_range.rs" 205 22 205 24] [#"../index_range.rs" 205 22 205 24] (-1 : int32)))) | False -> goto BB39 | True -> goto BB38 end @@ -4253,7 +4277,7 @@ module IndexRange_TestRangeToInclusive goto BB40 } BB40 { - switch ([#"../index_range.rs" 206 4 206 24] not ([#"../index_range.rs" 206 12 206 23] _89 = ([#"../index_range.rs" 206 22 206 23] [#"../index_range.rs" 206 22 206 23] (3 : int32)))) + switch ([#"../index_range.rs" 206 4 206 24] not ([#"../index_range.rs" 206 12 206 23] Int32.eq _89 ([#"../index_range.rs" 206 22 206 23] [#"../index_range.rs" 206 22 206 23] (3 : int32)))) | False -> goto BB42 | True -> goto BB41 end @@ -4268,7 +4292,7 @@ module IndexRange_TestRangeToInclusive } BB43 { assume { Resolve1.resolve arr }; - switch ([#"../index_range.rs" 207 4 207 24] not ([#"../index_range.rs" 207 12 207 23] _96 = ([#"../index_range.rs" 207 22 207 23] [#"../index_range.rs" 207 22 207 23] (4 : int32)))) + switch ([#"../index_range.rs" 207 4 207 24] not ([#"../index_range.rs" 207 12 207 23] Int32.eq _96 ([#"../index_range.rs" 207 22 207 23] [#"../index_range.rs" 207 22 207 23] (4 : int32)))) | False -> goto BB45 | True -> goto BB44 end diff --git a/creusot/tests/should_succeed/index_range/why3session.xml b/creusot/tests/should_succeed/index_range/why3session.xml index b8e9dba20f..dfe583a026 100644 --- a/creusot/tests/should_succeed/index_range/why3session.xml +++ b/creusot/tests/should_succeed/index_range/why3session.xml @@ -3,198 +3,197 @@ "http://why3.lri.fr/why3session.dtd"> - - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/index_range/why3shapes.gz b/creusot/tests/should_succeed/index_range/why3shapes.gz index 188316e0654527a1ec875e5dd5a60d377cc62b13..f5a2d973b4d06956ae4c6f17e679702df018c7e0 100644 GIT binary patch literal 4445 zcmV-j5u)xNiwFP!00000|Lt5`ZzVT!e%G(in>Pjmu*l*q*m*FF7(GBR0g}Z*o>t)1 z79#6dml@~hr$~06zENl7v1EJK@<`L&WU=aFk^ES!?(tu~zI^z>{gfUqKc)MJ>*MXe zU8>8k|K;NG&RySrImux z@#^~a(f#<%|9tgLZMv0s-?SiUc{fS}6~**_S2xG+ufu`!fC0aGx>f{nrk4Jksf7S% zYFS{Vw%awTmhas=x*j-uM|bOb_xA&5?&0=w4!%eZSs{FPYZ%Z-BCSRneEix{7FinF+2nOSGbcmSjh;q7Syys94b_tn=*>stW%K6>GVQesj&;B6FokrhsUdXcl&+1c!EvA5qAdpL{LyG z$=bPU+C$D&(;%L!rl8_nHAN&BvoGDZSN~Ny^S9$}3KZ#!pYBsQ-p1=kimoo&VAS%; z$IHeSv#UO%(_M+$T-O`g59Wf0r+i9lX`<~bsLr8F;53XhdhNar=Eb(4Oo5NoOyO5! zmdnQmj3!?(d()~kenK~es*SD8#1UfcH52TyN2WtCm zX>8qh?&cwlf7gOz*-Vf7iSCZjg1>UTJIOTZbO(!i_kDUS{)ZYGObDm@BdyeP{y2)N zozLp|)bnGFYmZ`f!8enStMtkL7p*TR=TV3WTaQpQdTtb`x-$x#?<%MACbP5A@w(Z1 z-MC|o=Z_sWbVu1j@^ZbKg+}@6`IE%td0t0iLN(nV)zg`e2XT9-! z@oV$^mAz;^X>RB-0qZfrcEz*)itn{0^LASD+&;a=sq(bSxo*Ry+Z-S|#pyX&;-cUpB6Q(RX)FEk1M_wmP63u?Fw`0ww#j_>KYI4SvX zyiNc43)+<^y)>aeeJGLHkZ6B7dq#alK!mO#5*`iewy!= zt|ZPM1IDX#^YHTz={|i%*>;;9u{^a4*XnNF2&gxbUAx5%_$>L!>fc+7a_nk%#g`8- zX?j;K;QaCa{`hl>U;X&M)Pkz>^{u-(HPyAv)61o5oYsr16P_+L!mTsE+^^QlsbITa zO2tm7=@a{1QHmZP7c>(kOR*|msFS_=sj5fJC(%aCMVz?tU0@rjg`2A2(d^pQNjz1q zTT`IAtS$L~xg9;d|Im^I>sAEhu-UF>d?hncDF@aAO}5)GPyJS97u}uq#cEx? z@UiI%Om$r+t6e9$URFCV+kL}@BkiX7+Ra3fYT;(`vub`;n`YI|PeLr|pyp`4cCV)>Ra_FLH?Z;Np5nBP?9$1%vVFkD=NzockfKA&z49+v5KCI!M zN;YUq`Ce#+wRdEju<{kwt|Y~mFk!WA8dz95w?3`W&P5xzwW1@o0=&($ECGuZ;I1U; zH7CHP0XEYn3hiM7*Mv@ztd;MDR#>+QtR+@lVeLxNnTg2>Y`vYbgY%-J;+mpsFzVA9 z{#>-dUn@Fd`_#wPIx7OLs5Qnm(P1i3iR3aZHNSV5gqB)scltz_pRo4+-83BZs#}R?*{$|6??+XzdDqQXPfPCNOYY*Zmiy8t z8m}=u@qTr?7;~u`Tb1kGEL6w5l&#?wxr0>G_?JAw8MXpdWLIousPHUVHPAD~${xi^ z9M^xnxtqlrY#i6W#DhFBs}yI+s$dmsvf5(pv?)erVwF8&l~BJqs@J<&s3E1Y+K}L# zSXHvKL{)&YHBoJWcG{2;oJkdXq>2-%;zX*rAXS`570m%pq>B11RS{OyYpU8}?X)RI zW=_Q(r=o03RjzllP(vykQ=vTIiBl2JGF1VJYo^))?X)RIW=h3gBA8;59>smUxp{W@ z!3JIkjvEDbHVRyWKf7t{2!P{a(>R4V{QO5N4fW?EbTLNgq7$Ku z&qV0ETtgT2gqP8+>#3U}&AO{@8zy}!E zg*3tmBSdzfBxlMi;mNk_OG5rOP^}eYTj&H?-1tm$_g8Ffh=`$V;vUE(eYSrzU*hFmO_A zpQSs~zHbCNqqRvYMCv%mWW5e47_F*q{l)6F%uI3Xos81ugfS^#Dfq;U41(vX-uxO1 z$gQvth2uy^ETIC8wnoLGcTqWIiUq+30fS%zw_j$&K;{s#a>8Py*%*V?(j|n*&yKM&40}={aNI0N)xt?=K+AEthfYJ`oKW=ZSc1na2dFlO>joOq-Ac%aMcRHk+V?t;S{j!525K zi8mrD9*IGi#t05=@ZJY&mB4iJxgDe#B;BZ20-}@=8A7D^glHv6GM=oB$^#R$7li^u zLH%LB0h~yDO}m3Mnnr_1+7^P5SwIeo)`IdC4*zWtp%gSRoJ*eB9F5|%Wuu8y7_6#W zp`sr-C>)gd&2VLvOrV_<7&;^;DIR>_3J{zkrc4EwhJp5bWd~&jrGI;j$UTiD1o}@~ zbQC&RTJaPX`{1?1>O0MUcbGKg${sFg>k&l$NaJgC3eq4&!oZs=#UBA_&@s8lx$poK zD(1+XHkN*qH!|hAS`7?_4cZQxTIxX)b~$MLeSu2~z6=GS$fQpc?us1hJdNadnN{7_ z4K*=?(SxB*$id)X#9;Uzus6X|;EE_{l2B)uOSFRlbAboxB+GTeSoROpA&0c{$CNmc zEOJDk@kucgzeOfOuES%^VD(_BXL7JOSTR^W*ngy9b9CrHB1wuVqgRpQ=s+ieK;a$} z-1r*VTKiAXQ4`QIZX#_8Aj?++M7d5%in0uKTk$fS!01%TNEahzjI=RQ$EZCkb?l$O z3jw&xN^si0E$xgvs>nT8EHR39D4s6E4b%!4sbl6(;1QjX&c-}AlT1e8QE58Vdmg<{ zRzYkYAq_=E)d7DZ?*vJIEFv?^l$ZaE>Fm*ZuQ|n4i8b$#s*;i^IhmrfDE(7<%P<){ z#Yc3AVw#hikPcCFl#n?_M#tBAF1>lId5mdIhl!v#vj$R9A|pA-_$<8kA=k4F6m4%_ zTW;Ep2t4@YvZOc*najXqHZEALoN2*1)L&9W7JwI3)Rv6Ad9Zj;a0=>}M2ZEhOFWVL zfNO;4XczD~pH}Ld7tft#En_)SA1(8AehqY#6^b|zymiJJ)8?Um^W^8}qmxL~$4n$9 zRDpstt`!T~c+4sVQ9VgkK#)9{0XTlz+!;)?jmQw_IES>qB=T^!5NOkB z`Jg&C-#q(^(?bGi@h8cRwo%hwoich9LbH^l)os4wn|Hq~kLi-|hH*NAJNgYOrvwpr z@|c{7E$T+nCP8eBpQuiqT;dY#|b9h`Bj)ZrTBn zyny9eloijDI^=KO|JB|HkDSQF>PSJISFgkEl(qW7=B;*D{(1zk|2wr{&lFHs`5dLyXR^-L2T0YoGs?C<|Ra!c5+h zClgY5Z>;C#-LfV6HXGN%n;ZLXWKz*VNO%`0OjI;mvlZY?Fv>-1VdF;r=CX^ZqGTXS zjufLVpDr**o0;}LppcGjT=r*lk)}XO84zAda#BbkDxEMIDVP#cZg{V_g&+c9`~&xi z_=6`;YeF(Bv~$+S5H0FhUQJ7D=RT?OtA3w%n?6PGnI{ma85dB#-DFyp7sIkey-Seh zweff_kZB6V!D~(I%e>557^$+RSWw0d9{a-6P{b6pp6&R7`xwal%~{Z8b<;&`zW)$TNTmg> j5<%o^60@4=Q2yUriG(k~5CZe8eyHDHem1kyc&DbWJ#j5&PB#Tw#`Ik4BPd~d~($nR~^!RjldieKC zb@}FBFP{I`-93D4*}J~RTRv1pD~2kx@b1F>>8-m@4?jKs>`2u8{pr`+_otZdTXfH- z+q;Kn_x|dyKU{UJ>mJut3X+t!eQ!=pG5z1|{pqK>&ekre@C??-Tkc<%soAv!m^!Ha~TZ{x-UvgCx~}E@47l`x$T6$p-Rim zt^%%i6>wb)QWQY1fa@ZZn~tYbz;(;jpg^@;?km831z2oa6o^3qc0y&xQx#y#VNd`q z7yAnMzJhLAiUK|;;GIy>@l*xW$OZ+hwY&1ou6R?XwMb{ZbW;S{(!UdJTHOoQZD*ub zwZ%Z)LX~G%gbcJ-+8;0T>G3i=Cik3f-Q#1wPq3`;T9qWMuPTz?S2Za;zmd#xBfZ^_ z?_z7Z(U>)FIR; zG11!i+Fw$Pb>2!d|Io{RFY{FvjSk%==t~;zCwIRi3LT5Sd#+RSmV9URoR$HDe->@XEAx}Icx={^tyg%!w1YIQv>>b9q^ zUC&S?zMFIx&VHc{j`2A?J>NdMho92L89&M$dCeftgaaLs&gCOAogPPIS}{jt3MY=p z6pLI;CUrmF{#O~yUrw9#R(fCj@|eQuA>KVxTy;_H(zSP-x?AYjbyuO2 zU}|_eXH(jigTub%opGoLVmaHjZ6wx;tfs!@`p&&`_fN_F<&hx%X~`$&pA`VFXo#`n zxajP7dG~Nx4R^5>(F0HS&rigASD0QXDuZ}FKxrJw9JpCv*~q=_AzVw^r3AjR~8y6gN;OI zvH`%=myY6UutVj!wHFm>9o62RSv#cNy}|bP#vU)Jx5MTT_WW)j;t~vMQT#Q0)P7mon z{|>$qpBC1xCTp$8lB<qDyB zbpQ10&*?FJLfHD4>9L$Ug*x&stp~I>le>D08Su0E4_g0LIZDD&YsHpNe310E6x{jK zY$8l(vyrE70!?DG$7aggq}Y zU?SdKcSl@vcUQV!Q6du9s@H5>UB{Ey@O7(hATGHn(3?|B>N@e!*Y!=!XO~`VJmey?Ws zBLk{xK(%7)40sk|xss?B6iW-jXu&#o1^rp8j@F+#yZ%Ja+?%lXBb6|GlpVIVuG$)@ z6IG7U?xR9m9=9vvPXAe8I160et!Dc{_SlhntV8zNHWFv9mhYaJRk>IkvS)gd#CjI= zwW30=lc>IJqAn1u6QMZ*zCf_slY$8x5SZ!*4X*9oHI1}|`n_;^P%jqhcY9Jq!w2=Y zs<4|ZvTvKH3k2)@c#Z%T2zGmtNHZcZRfk#S_O)rGE!3~C3Fhi?p?s?e|&TbZJ%N$zi z)hZZn85A7eMG0H_uJ59RJ-mymm_)q@=*u~#k@XEAtiR+L zDsv$|8WlpQA0B2DMJhH?gEqO?+vIP~E~RKcM)7g0+bJ4{83 z>W4j4=13-5E9D499^OS2C~|WbwS=<6RJ35daO%tXUDQNsCCu-lrigJP@!h1maEjil zVqi5d&iT1d4ZVUFxy4?%0Oa!zw(R#ZU*!^xRe#Wz^P5IC_Xkif`&g^S z#jot4KLAnZQx`YBnZd}3=$_`WY*!+4bm!6w{!dq{4cfkQ0m$1aK!&JRAyPnFWw`QO4)|;(e zaPW;kSmM}Ws!m#7Pvv}9PNeFqCx2ki_ydsdCf(KV;`LN6{V(?ZKzGh=?hkgtm;88o zfBx}K9Y5Zw@_47N>V3r$akE>6K@^gV#E~d9731KG(e{zIv=%JatiG zH~A|ue`OPV+3!ogXg;uiO2f@l8ZMsF3YgNX#qlW(kDt=GDt#C3%24B>x2lk2?*@j- z9MnW>aePd}Pi3%u zMVm-1EMC#z+$$RI7pXbeaP_bzM>e}Ep_HOtm9$WQ8_``&IP1aj$$6gj;Gy5BI0i2zw;pUpYvt&{BsqC-Dax;>a(SBeSr4l2yjo^GIKS+qE`N4!=xo`& zydgy4{=?JV$8>QaXcl!0PDCxDkBA7)3h$ElOe<$ERU;d0pb-sk*o8})3+kl6G7ZW| z$G~Ps$zD)qlPs{L zFF7(2B0ozOu^TIyOg158W>W*tN{l6DF2Ocn8XykRCL5q7 z1^=K+2Em@MpR!zb9OO01k6q_L55~58!dSz zN04IBxzkKzHVx{R(n&g)G2C+w-g9sqX%TtLT;$0qANyVR(rQzPEJpCsK@N$dX3n9u zp3!tej;5%U>}zPI?WvL>pX-ERU}DrEy-FZ~M;(>Z zjaZWzY>?cYoAZ1(M0wK(>eA zl|!m$oovV|X-(^ZcP>Sm-v)~p0=TDSBwLi$(|!*r8m*ZZ(eSJa79|?R8^s!Fe*;8T zTP=hY%nCu1m3hFBScpl|$0jAsY&0}lG@3V>{cdKpk~^*}B@S9LIuRLH#!v<5*ibH&^VmRRL}PekSfg#D z%^zw6(aIovVidR-%jrZ%=eZY|@)8GNx|M724?YMPEyeIaJ^@SyC&77C}m@@vGC70Ru>I=N`DmnN5@qZK?y}64xiUC6@>-b3&GxS%}U-iw}LQyIugwvJ|MG-aE6dh57D`-9N>mucc(KrfwVBA07t9?WcAth}bEffGs9cUNHU_DX} zE1>#X{(aksQa!GfcXSj5tAh^)Q=~wdW$hKFdLENNUL+QgnMdB2c3p?(&S9{ef_!uH6E=_O=B5gY(K~wfl@jMOH)$?75SDP)aJ5tbO zoU zoc8Cd{dRLRPcc?V=pvU1RPZvpn1lzbY)Ya(3(TtxkDdT2YNrL5JaYjsM4>Ert$1)0 ztEpJe2-3oV`jaY7x;QC&wdKxvD=2cankAKF))e!n?44#xP(~n;i*Y}{+Vk^rDMYV@ zx5*jD>0nXiWy@3GrzmxxytA%Ne6{J{<1UlEC> zFp@E&9kL8AU<4OU3^GtIPPzFC3BIIiqZv8fz=SRORHXAQ7$;av83JYgoF;#^3RKfIFKgs@oF|}Y=s8#>~xbGQ- diff --git a/creusot/tests/should_succeed/inplace_list_reversal.mlcfg b/creusot/tests/should_succeed/inplace_list_reversal.mlcfg index 0ce4b1f4aa..d9a2f3a42c 100644 --- a/creusot/tests/should_succeed/inplace_list_reversal.mlcfg +++ b/creusot/tests/should_succeed/inplace_list_reversal.mlcfg @@ -92,6 +92,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -107,6 +108,7 @@ end module Core_Mem_Replace_Interface type t use prelude.Borrow + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = t clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -122,6 +124,7 @@ end module InplaceListReversal_Rev_Interface type t use prelude.Borrow + use prelude.Bool use InplaceListReversal_List_Type as InplaceListReversal_List_Type clone InplaceListReversal_RevAppend_Stub as RevAppend0 with type t = t @@ -136,6 +139,7 @@ module InplaceListReversal_Rev type t use prelude.Ghost use prelude.Borrow + use prelude.Bool use InplaceListReversal_List_Type as InplaceListReversal_List_Type clone CreusotContracts_Invariant_Inv_Interface as Inv2 with type t = borrowed (InplaceListReversal_List_Type.t_list t) diff --git a/creusot/tests/should_succeed/inplace_list_reversal/why3session.xml b/creusot/tests/should_succeed/inplace_list_reversal/why3session.xml index 71aca0aaf5..0ea9ab36f7 100644 --- a/creusot/tests/should_succeed/inplace_list_reversal/why3session.xml +++ b/creusot/tests/should_succeed/inplace_list_reversal/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/inplace_list_reversal/why3shapes.gz b/creusot/tests/should_succeed/inplace_list_reversal/why3shapes.gz index 7049753a5fd71cd5dd0c1e47a6a486ce6943d0eb..ae4580203a17080e655fe0d2dbece6da5e3fd498 100644 GIT binary patch literal 398 zcmV;90df8xiwFP!00000|AkUbZ-X!lz4I%$ZR;sc!bc|cfRLhAns%CeT$Q##L+hY} zuKfKuAuv{H+R2aSXUEUxeiip`=4|`;YP-H}o5whfR}azU)6~rsnGOgLCdiTNs4UIe zboRP4=d*2&$QAN@L6{Xu8{45Y96ZGlWRNigSKHaXJzXt=+J=c$F#)Fob@M1>2)WjQ#cDthB%ITd`kDi! zcJzXnbOR|~QT*~spQFpmJO-d(eh!L7h;!0aj9Kuo_|K(?waJ$r9T`jtf7A?97pZOP*5bJ&j65%aquh>vq%1;oI%yg^_!_@<9bp+)Z5NZR sD3UT&lF4I!Pv_$XNGVz{cvuZ$1n*u55eVApPLbx@(2(X$dRj{DD+nM zX58zpGtCKkhCIC@^oFF3=`qs9{`p+*^ww#ZawsLXXq!R5e08;LaE0 z^nzG)6DeL%{PIelv&+jm2B2VW4vM*tYtmNCS#U7_fp${C^r7whb~2~Ck9S&vuFj3F zF}-#v7MEgiDHa1)cL8C`|GtaLZ}foiKW8Kf*fY+LGJ6eRG`q~*W+Z0HPc-iz<= 0 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 57 14 57 25] Int.ge result 0 } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Std_Time_Instant_Type.t_instant . [#"../../../../creusot-contracts/src/std/time.rs" 57 14 57 25] shallow_model self >= 0 + axiom shallow_model_spec : forall self : Std_Time_Instant_Type.t_instant . [#"../../../../creusot-contracts/src/std/time.rs" 57 14 57 25] Int.ge (shallow_model self) 0 end module CreusotContracts_Std1_Time_Impl2_ShallowModel use prelude.Int use Std_Time_Instant_Type as Std_Time_Instant_Type function shallow_model (self : Std_Time_Instant_Type.t_instant) : int val shallow_model (self : Std_Time_Instant_Type.t_instant) : int - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 57 14 57 25] result >= 0 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 57 14 57 25] Int.ge result 0 } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Std_Time_Instant_Type.t_instant . [#"../../../../creusot-contracts/src/std/time.rs" 57 14 57 25] shallow_model self >= 0 + axiom shallow_model_spec : forall self : Std_Time_Instant_Type.t_instant . [#"../../../../creusot-contracts/src/std/time.rs" 57 14 57 25] Int.ge (shallow_model self) 0 end module Core_Time_Nanoseconds_Type use prelude.Int @@ -78,7 +78,7 @@ module Std_Time_Impl0_Now_Interface clone CreusotContracts_Std1_Time_Impl2_ShallowModel_Stub as ShallowModel0 with axiom . val now (_1 : ()) : Std_Time_Instant_Type.t_instant - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 143 26 143 38] ShallowModel0.shallow_model result >= 0 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 143 26 143 38] Int.ge (ShallowModel0.shallow_model result) 0 } end module CreusotContracts_Std1_Time_SecsToNanos_Stub @@ -95,7 +95,7 @@ end module CreusotContracts_Std1_Time_SecsToNanos use prelude.Int function secs_to_nanos (secs : int) : int = - [#"../../../../creusot-contracts/src/std/time.rs" 48 4 48 24] secs * 1000000000 + [#"../../../../creusot-contracts/src/std/time.rs" 48 4 48 24] Int.mul secs 1000000000 val secs_to_nanos (secs : int) : int ensures { result = secs_to_nanos secs } @@ -114,6 +114,7 @@ end module CreusotContracts_Std1_Time_Impl0_ShallowModel_Stub use prelude.Int use prelude.UInt64 + use prelude.Bool use Core_Time_Duration_Type as Core_Time_Duration_Type clone CreusotContracts_Std1_Time_SecsToNanos_Stub as SecsToNanos0 clone Core_Num_Impl9_Max_Stub as Max0 @@ -122,28 +123,30 @@ end module CreusotContracts_Std1_Time_Impl0_ShallowModel_Interface use prelude.Int use prelude.UInt64 + use prelude.Bool use Core_Time_Duration_Type as Core_Time_Duration_Type clone CreusotContracts_Std1_Time_SecsToNanos_Stub as SecsToNanos0 clone Core_Num_Impl9_Max_Stub as Max0 function shallow_model (self : Core_Time_Duration_Type.t_duration) : int val shallow_model (self : Core_Time_Duration_Type.t_duration) : int - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 13 14 13 77] result >= 0 /\ result <= SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX') + 999999999 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 13 14 13 77] Int.ge result 0 /\ Int.le result (Int.add (SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX')) 999999999) } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Core_Time_Duration_Type.t_duration . [#"../../../../creusot-contracts/src/std/time.rs" 13 14 13 77] shallow_model self >= 0 /\ shallow_model self <= SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX') + 999999999 + axiom shallow_model_spec : forall self : Core_Time_Duration_Type.t_duration . [#"../../../../creusot-contracts/src/std/time.rs" 13 14 13 77] Int.ge (shallow_model self) 0 /\ Int.le (shallow_model self) (Int.add (SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX')) 999999999) end module CreusotContracts_Std1_Time_Impl0_ShallowModel use prelude.Int use prelude.UInt64 + use prelude.Bool use Core_Time_Duration_Type as Core_Time_Duration_Type clone CreusotContracts_Std1_Time_SecsToNanos_Stub as SecsToNanos0 clone Core_Num_Impl9_Max_Stub as Max0 function shallow_model (self : Core_Time_Duration_Type.t_duration) : int val shallow_model (self : Core_Time_Duration_Type.t_duration) : int - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 13 14 13 77] result >= 0 /\ result <= SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX') + 999999999 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 13 14 13 77] Int.ge result 0 /\ Int.le result (Int.add (SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX')) 999999999) } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Core_Time_Duration_Type.t_duration . [#"../../../../creusot-contracts/src/std/time.rs" 13 14 13 77] shallow_model self >= 0 /\ shallow_model self <= SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX') + 999999999 + axiom shallow_model_spec : forall self : Core_Time_Duration_Type.t_duration . [#"../../../../creusot-contracts/src/std/time.rs" 13 14 13 77] Int.ge (shallow_model self) 0 /\ Int.le (shallow_model self) (Int.add (SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX')) 999999999) end module Core_Time_Impl1_FromSecs_Interface use prelude.UInt64 @@ -171,7 +174,7 @@ module Std_Time_Impl0_Elapsed_Interface function SecsToNanos0.secs_to_nanos = SecsToNanos0.secs_to_nanos, axiom . val elapsed (self : Std_Time_Instant_Type.t_instant) : Core_Time_Duration_Type.t_duration - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 146 26 146 38] ShallowModel0.shallow_model result >= 0 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 146 26 146 38] Int.ge (ShallowModel0.shallow_model result) 0 } end module CreusotContracts_Invariant_Inv_Stub @@ -293,6 +296,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_GeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_GeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -305,6 +309,7 @@ end module Core_Cmp_PartialOrd_Ge_Interface type self type rhs + use prelude.Bool use prelude.Borrow clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = self @@ -436,6 +441,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_LtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -447,6 +453,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LtLog end module Std_Time_Impl0_CheckedAdd_Interface use prelude.Int + use prelude.Bool use prelude.Borrow use prelude.Int clone CreusotContracts_Std1_Time_SecsToNanos_Stub as SecsToNanos0 @@ -468,11 +475,12 @@ module Std_Time_Impl0_CheckedAdd_Interface axiom . val checked_add (self : Std_Time_Instant_Type.t_instant) (duration : Core_Time_Duration_Type.t_duration) : Core_Option_Option_Type.t_option (Std_Time_Instant_Type.t_instant) ensures { [#"../../../../creusot-contracts/src/std/time.rs" 161 16 161 81] ShallowModel0.shallow_model duration = 0 -> DeepModel0.deep_model result = Core_Option_Option_Type.C_Some (ShallowModel1.shallow_model self) } - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 162 16 162 97] ShallowModel0.shallow_model duration > 0 /\ result <> Core_Option_Option_Type.C_None -> LtLog0.lt_log (Core_Option_Option_Type.C_Some (ShallowModel1.shallow_model self)) (DeepModel0.deep_model result) } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 162 16 162 97] Int.gt (ShallowModel0.shallow_model duration) 0 /\ result <> Core_Option_Option_Type.C_None -> LtLog0.lt_log (Core_Option_Option_Type.C_Some (ShallowModel1.shallow_model self)) (DeepModel0.deep_model result) } end module Core_Option_Impl0_Unwrap_Interface type t + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = t use Core_Option_Option_Type as Core_Option_Option_Type @@ -486,6 +494,7 @@ module Core_Option_Impl0_Unwrap_Interface end module Std_Time_Impl21_Eq_Interface + use prelude.Bool use prelude.Borrow use prelude.Int use prelude.Int @@ -511,7 +520,7 @@ module Std_Time_Impl1_Add_Interface axiom . val add (self : Std_Time_Instant_Type.t_instant) (other : Core_Time_Duration_Type.t_duration) : Std_Time_Instant_Type.t_instant ensures { [#"../../../../creusot-contracts/src/std/time.rs" 187 8 187 50] ShallowModel0.shallow_model other = 0 -> ShallowModel1.shallow_model self = ShallowModel1.shallow_model result } - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 188 8 188 48] ShallowModel0.shallow_model other > 0 -> ShallowModel1.shallow_model self < ShallowModel1.shallow_model result } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 188 8 188 48] Int.gt (ShallowModel0.shallow_model other) 0 -> Int.lt (ShallowModel1.shallow_model self) (ShallowModel1.shallow_model result) } end module CreusotContracts_Logic_Ord_OrdLogic_GtLog_Stub @@ -527,6 +536,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_GtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_GtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -538,6 +548,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_GtLog end module Std_Time_Impl0_CheckedSub_Interface use prelude.Int + use prelude.Bool use prelude.Borrow use prelude.Int clone CreusotContracts_Std1_Time_SecsToNanos_Stub as SecsToNanos0 @@ -559,7 +570,7 @@ module Std_Time_Impl0_CheckedSub_Interface axiom . val checked_sub (self : Std_Time_Instant_Type.t_instant) (duration : Core_Time_Duration_Type.t_duration) : Core_Option_Option_Type.t_option (Std_Time_Instant_Type.t_instant) ensures { [#"../../../../creusot-contracts/src/std/time.rs" 165 16 165 81] ShallowModel0.shallow_model duration = 0 -> DeepModel0.deep_model result = Core_Option_Option_Type.C_Some (ShallowModel1.shallow_model self) } - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 166 16 166 97] ShallowModel0.shallow_model duration > 0 /\ result <> Core_Option_Option_Type.C_None -> GtLog0.gt_log (Core_Option_Option_Type.C_Some (ShallowModel1.shallow_model self)) (DeepModel0.deep_model result) } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 166 16 166 97] Int.gt (ShallowModel0.shallow_model duration) 0 /\ result <> Core_Option_Option_Type.C_None -> GtLog0.gt_log (Core_Option_Option_Type.C_Some (ShallowModel1.shallow_model self)) (DeepModel0.deep_model result) } end module Std_Time_Impl3_Sub_Interface @@ -576,7 +587,7 @@ module Std_Time_Impl3_Sub_Interface axiom . val sub (self : Std_Time_Instant_Type.t_instant) (other : Core_Time_Duration_Type.t_duration) : Std_Time_Instant_Type.t_instant ensures { [#"../../../../creusot-contracts/src/std/time.rs" 193 8 193 50] ShallowModel0.shallow_model other = 0 -> ShallowModel1.shallow_model self = ShallowModel1.shallow_model result } - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 194 8 194 48] ShallowModel0.shallow_model other > 0 -> ShallowModel1.shallow_model self > ShallowModel1.shallow_model result } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 194 8 194 48] Int.gt (ShallowModel0.shallow_model other) 0 -> Int.gt (ShallowModel1.shallow_model self) (ShallowModel1.shallow_model result) } end module Std_Time_Impl5_Sub_Interface @@ -592,11 +603,12 @@ module Std_Time_Impl5_Sub_Interface clone CreusotContracts_Std1_Time_Impl2_ShallowModel_Stub as ShallowModel0 with axiom . val sub (self : Std_Time_Instant_Type.t_instant) (other : Std_Time_Instant_Type.t_instant) : Core_Time_Duration_Type.t_duration - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 199 8 199 50] ShallowModel0.shallow_model self > ShallowModel0.shallow_model other -> ShallowModel1.shallow_model result > 0 } - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 200 8 200 52] ShallowModel0.shallow_model self <= ShallowModel0.shallow_model other -> ShallowModel1.shallow_model result = 0 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 199 8 199 50] Int.gt (ShallowModel0.shallow_model self) (ShallowModel0.shallow_model other) -> Int.gt (ShallowModel1.shallow_model result) 0 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 200 8 200 52] Int.le (ShallowModel0.shallow_model self) (ShallowModel0.shallow_model other) -> ShallowModel1.shallow_model result = 0 } end module Core_Time_Impl29_Eq_Interface + use prelude.Bool use prelude.Borrow use prelude.Int use prelude.Int @@ -611,6 +623,7 @@ end module Core_Cmp_PartialOrd_Gt_Interface type self type rhs + use prelude.Bool use prelude.Borrow clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = self @@ -650,12 +663,13 @@ module Std_Time_Impl0_DurationSince_Interface type t = Std_Time_Instant_Type.t_instant, type ShallowModelTy0.shallowModelTy = int val duration_since (self : Std_Time_Instant_Type.t_instant) (earlier : Std_Time_Instant_Type.t_instant) : Core_Time_Duration_Type.t_duration - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 149 16 149 60] ShallowModel0.shallow_model self > ShallowModel1.shallow_model earlier -> ShallowModel2.shallow_model result > 0 } - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 150 16 150 62] ShallowModel0.shallow_model self <= ShallowModel1.shallow_model earlier -> ShallowModel2.shallow_model result = 0 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 149 16 149 60] Int.gt (ShallowModel0.shallow_model self) (ShallowModel1.shallow_model earlier) -> Int.gt (ShallowModel2.shallow_model result) 0 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 150 16 150 62] Int.le (ShallowModel0.shallow_model self) (ShallowModel1.shallow_model earlier) -> ShallowModel2.shallow_model result = 0 } end module Std_Time_Impl0_CheckedDurationSince_Interface use prelude.Int + use prelude.Bool use prelude.Borrow use prelude.Int use Core_Time_Duration_Type as Core_Time_Duration_Type @@ -667,12 +681,13 @@ module Std_Time_Impl0_CheckedDurationSince_Interface type t = Std_Time_Instant_Type.t_instant, type ShallowModelTy0.shallowModelTy = int val checked_duration_since (self : Std_Time_Instant_Type.t_instant) (earlier : Std_Time_Instant_Type.t_instant) : Core_Option_Option_Type.t_option (Core_Time_Duration_Type.t_duration) - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 153 16 153 64] ShallowModel0.shallow_model self >= ShallowModel1.shallow_model earlier -> result <> Core_Option_Option_Type.C_None } - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 154 16 154 63] ShallowModel0.shallow_model self < ShallowModel1.shallow_model earlier -> result = Core_Option_Option_Type.C_None } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 153 16 153 64] Int.ge (ShallowModel0.shallow_model self) (ShallowModel1.shallow_model earlier) -> result <> Core_Option_Option_Type.C_None } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 154 16 154 63] Int.lt (ShallowModel0.shallow_model self) (ShallowModel1.shallow_model earlier) -> result = Core_Option_Option_Type.C_None } end module Core_Option_Impl0_IsSome_Interface type t + use prelude.Bool use prelude.Borrow use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -684,6 +699,7 @@ module Core_Option_Impl0_IsSome_Interface end module Core_Option_Impl0_IsNone_Interface type t + use prelude.Bool use prelude.Borrow use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -711,8 +727,8 @@ module Std_Time_Impl0_SaturatingDurationSince_Interface type t = Std_Time_Instant_Type.t_instant, type ShallowModelTy0.shallowModelTy = int val saturating_duration_since (self : Std_Time_Instant_Type.t_instant) (earlier : Std_Time_Instant_Type.t_instant) : Core_Time_Duration_Type.t_duration - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 157 16 157 60] ShallowModel0.shallow_model self > ShallowModel1.shallow_model earlier -> ShallowModel2.shallow_model result > 0 } - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 158 16 158 62] ShallowModel0.shallow_model self <= ShallowModel1.shallow_model earlier -> ShallowModel2.shallow_model result = 0 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 157 16 157 60] Int.gt (ShallowModel0.shallow_model self) (ShallowModel1.shallow_model earlier) -> Int.gt (ShallowModel2.shallow_model result) 0 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 158 16 158 62] Int.le (ShallowModel0.shallow_model self) (ShallowModel1.shallow_model earlier) -> ShallowModel2.shallow_model result = 0 } end module TyInv_Trivial @@ -734,9 +750,8 @@ module CreusotContracts_Logic_Ord_Impl3_GeLog_Interface end module CreusotContracts_Logic_Ord_Impl3_GeLog use prelude.Int - use int.Int function ge_log (self : int) (_2 : int) : bool = - Int.(>=) self _2 + Int.ge self _2 val ge_log (self : int) (_2 : int) : bool ensures { result = ge_log self _2 } @@ -754,9 +769,8 @@ module CreusotContracts_Logic_Ord_Impl3_GtLog_Interface end module CreusotContracts_Logic_Ord_Impl3_GtLog use prelude.Int - use int.Int function gt_log (self : int) (_2 : int) : bool = - Int.(>) self _2 + Int.gt self _2 val gt_log (self : int) (_2 : int) : bool ensures { result = gt_log self _2 } @@ -764,6 +778,7 @@ end module CreusotContracts_Std1_Time_Impl1_DeepModel_Stub use prelude.Int use prelude.UInt64 + use prelude.Bool use Core_Time_Duration_Type as Core_Time_Duration_Type clone CreusotContracts_Std1_Time_SecsToNanos_Stub as SecsToNanos0 clone Core_Num_Impl9_Max_Stub as Max0 @@ -776,6 +791,7 @@ end module CreusotContracts_Std1_Time_Impl1_DeepModel_Interface use prelude.Int use prelude.UInt64 + use prelude.Bool use Core_Time_Duration_Type as Core_Time_Duration_Type clone CreusotContracts_Std1_Time_SecsToNanos_Stub as SecsToNanos0 clone Core_Num_Impl9_Max_Stub as Max0 @@ -785,15 +801,16 @@ module CreusotContracts_Std1_Time_Impl1_DeepModel_Interface axiom . function deep_model (self : Core_Time_Duration_Type.t_duration) : int val deep_model (self : Core_Time_Duration_Type.t_duration) : int - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 25 14 25 77] result >= 0 /\ result <= SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX') + 999999999 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 25 14 25 77] Int.ge result 0 /\ Int.le result (Int.add (SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX')) 999999999) } ensures { [#"../../../../creusot-contracts/src/std/time.rs" 26 14 26 44] result = ShallowModel0.shallow_model self } ensures { result = deep_model self } - axiom deep_model_spec : forall self : Core_Time_Duration_Type.t_duration . ([#"../../../../creusot-contracts/src/std/time.rs" 26 14 26 44] deep_model self = ShallowModel0.shallow_model self) && ([#"../../../../creusot-contracts/src/std/time.rs" 25 14 25 77] deep_model self >= 0 /\ deep_model self <= SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX') + 999999999) + axiom deep_model_spec : forall self : Core_Time_Duration_Type.t_duration . ([#"../../../../creusot-contracts/src/std/time.rs" 26 14 26 44] deep_model self = ShallowModel0.shallow_model self) && ([#"../../../../creusot-contracts/src/std/time.rs" 25 14 25 77] Int.ge (deep_model self) 0 /\ Int.le (deep_model self) (Int.add (SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX')) 999999999)) end module CreusotContracts_Std1_Time_Impl1_DeepModel use prelude.Int use prelude.UInt64 + use prelude.Bool use Core_Time_Duration_Type as Core_Time_Duration_Type clone CreusotContracts_Std1_Time_SecsToNanos_Stub as SecsToNanos0 clone Core_Num_Impl9_Max_Stub as Max0 @@ -803,11 +820,11 @@ module CreusotContracts_Std1_Time_Impl1_DeepModel axiom . function deep_model (self : Core_Time_Duration_Type.t_duration) : int val deep_model (self : Core_Time_Duration_Type.t_duration) : int - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 25 14 25 77] result >= 0 /\ result <= SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX') + 999999999 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 25 14 25 77] Int.ge result 0 /\ Int.le result (Int.add (SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX')) 999999999) } ensures { [#"../../../../creusot-contracts/src/std/time.rs" 26 14 26 44] result = ShallowModel0.shallow_model self } ensures { result = deep_model self } - axiom deep_model_spec : forall self : Core_Time_Duration_Type.t_duration . ([#"../../../../creusot-contracts/src/std/time.rs" 26 14 26 44] deep_model self = ShallowModel0.shallow_model self) && ([#"../../../../creusot-contracts/src/std/time.rs" 25 14 25 77] deep_model self >= 0 /\ deep_model self <= SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX') + 999999999) + axiom deep_model_spec : forall self : Core_Time_Duration_Type.t_duration . ([#"../../../../creusot-contracts/src/std/time.rs" 26 14 26 44] deep_model self = ShallowModel0.shallow_model self) && ([#"../../../../creusot-contracts/src/std/time.rs" 25 14 25 77] Int.ge (deep_model self) 0 /\ Int.le (deep_model self) (Int.add (SecsToNanos0.secs_to_nanos (UInt64.to_int Max0.mAX')) 999999999)) end module CreusotContracts_Logic_Ord_Impl3_CmpLeLog_Stub use prelude.Int @@ -997,11 +1014,11 @@ module CreusotContracts_Std1_Time_Impl3_DeepModel_Interface axiom . function deep_model (self : Std_Time_Instant_Type.t_instant) : int val deep_model (self : Std_Time_Instant_Type.t_instant) : int - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 69 14 69 25] result >= 0 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 69 14 69 25] Int.ge result 0 } ensures { [#"../../../../creusot-contracts/src/std/time.rs" 70 14 70 44] result = ShallowModel0.shallow_model self } ensures { result = deep_model self } - axiom deep_model_spec : forall self : Std_Time_Instant_Type.t_instant . ([#"../../../../creusot-contracts/src/std/time.rs" 70 14 70 44] deep_model self = ShallowModel0.shallow_model self) && ([#"../../../../creusot-contracts/src/std/time.rs" 69 14 69 25] deep_model self >= 0) + axiom deep_model_spec : forall self : Std_Time_Instant_Type.t_instant . ([#"../../../../creusot-contracts/src/std/time.rs" 70 14 70 44] deep_model self = ShallowModel0.shallow_model self) && ([#"../../../../creusot-contracts/src/std/time.rs" 69 14 69 25] Int.ge (deep_model self) 0) end module CreusotContracts_Std1_Time_Impl3_DeepModel use prelude.Int @@ -1010,11 +1027,11 @@ module CreusotContracts_Std1_Time_Impl3_DeepModel axiom . function deep_model (self : Std_Time_Instant_Type.t_instant) : int val deep_model (self : Std_Time_Instant_Type.t_instant) : int - ensures { [#"../../../../creusot-contracts/src/std/time.rs" 69 14 69 25] result >= 0 } + ensures { [#"../../../../creusot-contracts/src/std/time.rs" 69 14 69 25] Int.ge result 0 } ensures { [#"../../../../creusot-contracts/src/std/time.rs" 70 14 70 44] result = ShallowModel0.shallow_model self } ensures { result = deep_model self } - axiom deep_model_spec : forall self : Std_Time_Instant_Type.t_instant . ([#"../../../../creusot-contracts/src/std/time.rs" 70 14 70 44] deep_model self = ShallowModel0.shallow_model self) && ([#"../../../../creusot-contracts/src/std/time.rs" 69 14 69 25] deep_model self >= 0) + axiom deep_model_spec : forall self : Std_Time_Instant_Type.t_instant . ([#"../../../../creusot-contracts/src/std/time.rs" 70 14 70 44] deep_model self = ShallowModel0.shallow_model self) && ([#"../../../../creusot-contracts/src/std/time.rs" 69 14 69 25] Int.ge (deep_model self) 0) end module CreusotContracts_Logic_Ord_OrdLogic_LeLog_Stub type self @@ -1029,6 +1046,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_LeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1040,6 +1058,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LeLog end module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1051,6 +1070,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1069,6 +1089,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1087,6 +1108,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog end module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1098,6 +1120,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1116,6 +1139,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1134,6 +1158,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog end module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1145,6 +1170,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1163,6 +1189,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1181,6 +1208,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog end module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1192,6 +1220,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1210,6 +1239,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1228,6 +1258,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog end module CreusotContracts_Logic_Ord_OrdLogic_Refl_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1237,6 +1268,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Refl_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Refl_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1252,6 +1284,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Refl_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Refl type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1267,6 +1300,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Refl end module CreusotContracts_Logic_Ord_OrdLogic_Trans_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self @@ -1276,6 +1310,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Trans_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Trans_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self @@ -1295,6 +1330,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Trans_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Trans type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self @@ -1314,6 +1350,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Trans end module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Stub type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1323,6 +1360,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Interface type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1340,6 +1378,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Antisym1 type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1357,6 +1396,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym1 end module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Stub type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1366,6 +1406,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Interface type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1383,6 +1424,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Antisym2 type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1400,6 +1442,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym2 end module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1409,6 +1452,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Stub end module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1425,6 +1469,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Interface end module CreusotContracts_Logic_Ord_OrdLogic_EqCmp type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1697,7 +1742,7 @@ module CreusotContracts_Logic_Ord_Impl3_CmpLog use prelude.Int use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type function cmp_log (self : int) (o : int) : Core_Cmp_Ordering_Type.t_ordering = - [#"../../../../creusot-contracts/src/logic/ord.rs" 137 12 146 17] if self < o then + [#"../../../../creusot-contracts/src/logic/ord.rs" 137 12 146 17] if Int.lt self o then Core_Cmp_Ordering_Type.C_Less else if self = o then Core_Cmp_Ordering_Type.C_Equal else Core_Cmp_Ordering_Type.C_Greater @@ -2075,12 +2120,12 @@ module Instant_TestInstant goto BB17 } BB17 { - assert { [@expl:assertion] [#"../instant.rs" 16 18 16 45] ShallowModel0.shallow_model instant < ShallowModel0.shallow_model greater_instant }; + assert { [@expl:assertion] [#"../instant.rs" 16 18 16 45] Int.lt (ShallowModel0.shallow_model instant) (ShallowModel0.shallow_model greater_instant) }; even_greater_instant <- ([#"../instant.rs" 17 31 17 62] Add0.add greater_instant three_seconds); goto BB18 } BB18 { - assert { [@expl:assertion] [#"../instant.rs" 18 18 18 50] ShallowModel0.shallow_model instant < ShallowModel0.shallow_model even_greater_instant }; + assert { [@expl:assertion] [#"../instant.rs" 18 18 18 50] Int.lt (ShallowModel0.shallow_model instant) (ShallowModel0.shallow_model even_greater_instant) }; _46 <- ([#"../instant.rs" 20 12 20 41] CheckedSub0.checked_sub ([#"../instant.rs" 20 12 20 41] instant) zero_dur); goto BB19 } @@ -2124,7 +2169,7 @@ module Instant_TestInstant goto BB28 } BB28 { - assert { [@expl:assertion] [#"../instant.rs" 23 18 23 44] ShallowModel0.shallow_model instant > ShallowModel0.shallow_model lesser_instant }; + assert { [@expl:assertion] [#"../instant.rs" 23 18 23 44] Int.gt (ShallowModel0.shallow_model instant) (ShallowModel0.shallow_model lesser_instant) }; _69 <- ([#"../instant.rs" 24 12 24 29] Sub1.sub instant instant); goto BB29 } diff --git a/creusot/tests/should_succeed/invariant_moves.mlcfg b/creusot/tests/should_succeed/invariant_moves.mlcfg index 6f0a4499b2..53f3792bf4 100644 --- a/creusot/tests/should_succeed/invariant_moves.mlcfg +++ b/creusot/tests/should_succeed/invariant_moves.mlcfg @@ -54,6 +54,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -121,11 +122,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -143,11 +144,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub type t @@ -228,6 +229,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve type t use prelude.Int use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -249,7 +251,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve predicate Inv1.inv = Inv1.inv, axiom . predicate resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) = - [#"../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Resolve0.resolve (IndexLogic0.index_logic self i) + [#"../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Resolve0.resolve (IndexLogic0.index_logic self i) val resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = resolve self } @@ -326,6 +328,7 @@ module Alloc_Vec_Impl1_Pop_Interface use seq.Seq use prelude.Int use seq_ext.SeqExt + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv3 with type t = Seq.seq t @@ -351,7 +354,7 @@ module Alloc_Vec_Impl1_Pop_Interface val pop (self : borrowed (Alloc_Vec_Vec_Type.t_vec t a)) : Core_Option_Option_Type.t_option t requires {Inv0.inv self} ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 81 26 86 17] match (result) with - | Core_Option_Option_Type.C_Some t -> ShallowModel0.shallow_model ( ^ self) = SeqExt.subsequence (ShallowModel1.shallow_model self) 0 (Seq.length (ShallowModel1.shallow_model self) - 1) /\ ShallowModel1.shallow_model self = Seq.snoc (ShallowModel0.shallow_model ( ^ self)) t + | Core_Option_Option_Type.C_Some t -> ShallowModel0.shallow_model ( ^ self) = SeqExt.subsequence (ShallowModel1.shallow_model self) 0 (Int.sub (Seq.length (ShallowModel1.shallow_model self)) 1) /\ ShallowModel1.shallow_model self = Seq.snoc (ShallowModel0.shallow_model ( ^ self)) t | Core_Option_Option_Type.C_None -> * self = ^ self /\ Seq.length (ShallowModel1.shallow_model self) = 0 end } ensures { Inv1.inv result } @@ -391,6 +394,7 @@ module InvariantMoves_TestInvariantMove_Interface end module InvariantMoves_TestInvariantMove + use prelude.Bool use prelude.Borrow use prelude.Int use prelude.UInt32 diff --git a/creusot/tests/should_succeed/ite_normalize.mlcfg b/creusot/tests/should_succeed/ite_normalize.mlcfg index 27917f085a..ae5569cfd8 100644 --- a/creusot/tests/should_succeed/ite_normalize.mlcfg +++ b/creusot/tests/should_succeed/ite_normalize.mlcfg @@ -159,6 +159,7 @@ end module IteNormalize_Impl0_Get_Interface type k type v + use prelude.Bool use map.Map use prelude.Borrow clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with @@ -260,6 +261,7 @@ module IteNormalize_Impl0_Insert_Interface type v use prelude.Borrow use map.Map + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k @@ -297,6 +299,7 @@ end module IteNormalize_Impl1_Clone_Interface type k type v + use prelude.Bool use prelude.Borrow use IteNormalize_BTreeMap_Type as IteNormalize_BTreeMap_Type val clone' [#"../ite_normalize.rs" 39 4 39 27] (self : IteNormalize_BTreeMap_Type.t_btreemap k v) : IteNormalize_BTreeMap_Type.t_btreemap k v @@ -344,6 +347,7 @@ end module Alloc_Boxed_Impl12_Clone_Interface type t type a + use prelude.Bool use prelude.Borrow clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = t @@ -356,9 +360,9 @@ module Alloc_Boxed_Impl12_Clone_Interface end module Core_Clone_Impls_Impl5_Clone_Interface + use prelude.UIntSize use prelude.Borrow use prelude.Int - use prelude.UIntSize val clone' (self : usize) : usize ensures { [#"../../../../creusot-contracts/src/std/clone.rs" 7 0 20 1] result = self } @@ -399,6 +403,7 @@ module Alloc_Boxed_Box_Type end module IteNormalize_Impl6_Clone_Interface + use prelude.Bool use prelude.Borrow use IteNormalize_Expr_Type as IteNormalize_Expr_Type val clone' [#"../ite_normalize.rs" 55 9 55 14] (self : IteNormalize_Expr_Type.t_expr) : IteNormalize_Expr_Type.t_expr @@ -409,6 +414,7 @@ module IteNormalize_Impl6_Clone use prelude.Int use prelude.UIntSize use prelude.Borrow + use prelude.Bool use IteNormalize_Expr_Type as IteNormalize_Expr_Type clone CreusotContracts_Invariant_Inv_Interface as Inv1 with type t = IteNormalize_Expr_Type.t_expr @@ -617,12 +623,14 @@ module IteNormalize_Impl4_From end module IteNormalize_Impl5_Ite_Interface + use prelude.Bool use IteNormalize_Expr_Type as IteNormalize_Expr_Type val ite [#"../ite_normalize.rs" 97 4 97 49] (c : IteNormalize_Expr_Type.t_expr) (t : IteNormalize_Expr_Type.t_expr) (e : IteNormalize_Expr_Type.t_expr) : IteNormalize_Expr_Type.t_expr ensures { [#"../ite_normalize.rs" 96 14 96 91] result = IteNormalize_Expr_Type.C_IfThenElse c t e } end module IteNormalize_Impl5_Ite + use prelude.Bool use IteNormalize_Expr_Type as IteNormalize_Expr_Type let rec cfg ite [#"../ite_normalize.rs" 97 4 97 49] [@cfg:stackify] [@cfg:subregion_analysis] (c : IteNormalize_Expr_Type.t_expr) (t : IteNormalize_Expr_Type.t_expr) (e : IteNormalize_Expr_Type.t_expr) : IteNormalize_Expr_Type.t_expr ensures { [#"../ite_normalize.rs" 96 14 96 91] result = IteNormalize_Expr_Type.C_IfThenElse c t e } @@ -686,6 +694,7 @@ module IteNormalize_Impl5_IsNormalized_Interface end module IteNormalize_Impl5_IsNormalized + use prelude.Bool use IteNormalize_Expr_Type as IteNormalize_Expr_Type predicate is_normalized [#"../ite_normalize.rs" 126 4 126 34] (self : IteNormalize_Expr_Type.t_expr) = [#"../ite_normalize.rs" 127 8 140 9] match (self) with @@ -989,6 +998,7 @@ end module IteNormalize_Impl5_DoesNotContain use prelude.Int use prelude.UIntSize + use prelude.Bool use IteNormalize_Expr_Type as IteNormalize_Expr_Type predicate does_not_contain [#"../ite_normalize.rs" 169 4 169 48] (self : IteNormalize_Expr_Type.t_expr) (vp : usize) = [#"../ite_normalize.rs" 170 8 176 9] match (self) with @@ -1012,6 +1022,7 @@ module IteNormalize_Impl5_IsSimplified_Interface end module IteNormalize_Impl5_IsSimplified + use prelude.Bool use IteNormalize_Expr_Type as IteNormalize_Expr_Type clone IteNormalize_Impl5_DoesNotContain_Stub as DoesNotContain0 predicate is_simplified [#"../ite_normalize.rs" 158 4 158 34] (self : IteNormalize_Expr_Type.t_expr) = @@ -1052,6 +1063,7 @@ module IteNormalize_Impl5_SimplifyHelper_Interface use prelude.Int use prelude.UIntSize use map.Map + use prelude.Bool use prelude.Int use IteNormalize_BTreeMap_Type as IteNormalize_BTreeMap_Type use IteNormalize_Expr_Type as IteNormalize_Expr_Type @@ -1074,6 +1086,7 @@ module IteNormalize_Impl5_SimplifyHelper use prelude.UIntSize use prelude.Borrow use map.Map + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Interface as Inv6 with type t = Core_Option_Option_Type.t_option bool @@ -1505,6 +1518,7 @@ module IteNormalize_Impl1 type k type v use prelude.Borrow + use prelude.Bool use IteNormalize_BTreeMap_Type as IteNormalize_BTreeMap_Type clone CreusotContracts_Invariant_Inv_Interface as Inv1 with type t = IteNormalize_BTreeMap_Type.t_btreemap k v @@ -1522,6 +1536,7 @@ module IteNormalize_Impl1 end module IteNormalize_Impl6 use prelude.Borrow + use prelude.Bool use IteNormalize_Expr_Type as IteNormalize_Expr_Type clone CreusotContracts_Invariant_Inv_Interface as Inv1 with type t = IteNormalize_Expr_Type.t_expr diff --git a/creusot/tests/should_succeed/ite_normalize/why3session.xml b/creusot/tests/should_succeed/ite_normalize/why3session.xml index 9f8f801531..ed77a15855 100644 --- a/creusot/tests/should_succeed/ite_normalize/why3session.xml +++ b/creusot/tests/should_succeed/ite_normalize/why3session.xml @@ -2,59 +2,59 @@ - - + + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/ite_normalize/why3shapes.gz b/creusot/tests/should_succeed/ite_normalize/why3shapes.gz index 63ab09fc93538ec104e5c4a6da97d98cc0871e4d..62d24de5d8856a2dcf12f7143a0987d5503a5b41 100644 GIT binary patch literal 1382 zcmV-s1)2IEiwFP!00000|CLuuZzDGhzWZ1B);1?mFG>Y^Fai&pOLOQ##~PX$scXQo zQ`?QP{q?1!8OQV3X0rj-G)0jV`SIbOAC~8@{xzJJZ{c*_9S^@Q_447D#pQ3mJG?no zbrd+L7XCLU9DjODpZ;S$@D-f^cL3{Ez7CK%;Pg5Z%-Qb5rtj9N z%r_1@Hm0xWWM*r>ix;vG$ig-_o|)>NdFhz)p4kv{;NA6l?L2n=7USl6i($yZ~y6dwR$W;;^K)UxNu;qOmWA7sPr}tt4;{=5rq_s z5QWZmLSQ=~u;~b_1D%DyjG|GvI0{GM>QOwZaXc>F125gPE_ZKPxW{EYo|eu2cnCi& zrpYFE2?gKbSGW7SOIY~bd3!jXUi^OdZ)lx(dZd5Tn=*xr=frU3cuLIhA}_g0Qha(? zKtKWQ2y$eI0Owr1_L(2S3JL~64Q~)=3o_<3*@EU_>}}R#$AzH@+;ckE3~<@^fIE)z z9X=i0K{KC}L^1+p3ic>gWM`flMhPN>J57ZaD4=%R8=DHaNY5FcZ;b7O)Ih){} zXPtCP4Mjb71ELUo(s({ZZkh>ZVuM)422$V3s&!AKQTJIJSmw^ihAuV;qad3-5oAzLOgE&IKHH5vaa&% zE8~y)Rq1zkHWFuIB=r^fffXTpD?+WSwJ*C#Hlim+^qdi0n%(~z!J842jHG;~hFluk znGUwpjq}(|QrFz}@+oy|R<=7y)N0NQkexP!*Ul)nH(PlL672qa&X%y%4{Q3J)|i`` z^rdtLOQ0>3>DE5D?R{xkm=2UH)os2o>OWj`%gJbiux0(5o&JzF-QiM4fGM31M$-j! z-bK``rlM%n=y1~L;``I^xd1Wt$(pV$k~vL_OMWg2huzY3ha}`PNJ8%LJ8(tlp@cWQ zV!~^;`0Lqx`ac~qhq#*_@p97Xx}lyp?*IU&^i$cV5vv?q@+0XiG`%uUA^$*x(*+Nj zb~fxgN%!J!+pl5&8cyTJAoB)6E#+xkXmfSu)O>7s9~#w1Mz5>Mid2R_Ei040{NDI_ zce|fzCAQ@^NpUj&{-_q=<@NGyn}7LDMayQ?ix&PJW5ELisT*Vw8W6Ik|66Yu7;BZc zZMzg3zJU!}#I}*BMWa0f(bU2#8wC$h@tRSZ^ipl)LN?ec48}4o0ykI(&g&*d9(>@I z^CfQd!gGm2B1)mG@K&o9Y;6Uyx($w{5f8bwe#TGq5Ik}3cKB?R57Mn|q%gGrP_7Hv$BUg;)ERr_dct+8qAHnPAG oL&LIY2`DyAYo)RhWCPx_hAA(svOYaKg1r;{56^uzbJ-670Lp8oIsgCw literal 1382 zcmV-s1)2IEiwFP!00000|CLuuZ{s!)zWZ0`);1>&Uqcq?!3Zokm*&s~k2NTX>KbtD z)K+6`e|?9fCHzyo_dW_%xare}I`5KO!!zDQ5fH~l6IsxtgHtTd9AaTIyO(K}H{fUjgty76_ z9QJICKhep=)_&i1WFe4+U2r@x)jhN8nev`l6LaL<^?L0+cK+-@C0CS#Yz3qPktyNd z{CW45@009s?aTR}FnncB=}GVK?RdF<%t_+ni6ppiV9G>s$APFA8;5l-1nG!Uidl$K zXL}*Ay%5-V1lEC0LSQD@$XuMHBXjj6ALTS3T_0fAht=K1vT~0_dpZ~O;dBf?t>%wS z?h*>V!!K|5_gz@|{bhGNonQQ6|8HoVczUGI{HBa4+ z+7sl+7y-_?_By=$1XhqS2x@$TK%0@Vq{(J9k8^L69y=`zP2gVA!4`naz6acCmhbTC z;0~JUBtIl0P{w3Way3mJOc}zg;|obc)N>?oAT$xPKzdKw-ih|zenf~=PRa=FkqKf= ztx7TD%v=>bd8UA<=#XMPAuSP~^-T1|BB@`M3-2Q^L3~nnBA2Yd@eLuIp!BG6QB$gS z@^Azf0a+7FG%?4G<91O~@|;hqn|-3X+4Lzs#sj+*ba(d0%j@YfD{Dw20aCl4oWQ8@ zkIw9U?;o9DZvSaIj8D|O-BVDBDaPr|O#TD)1@D84ZLXuGRyz``! zPN|`&=YBwBg3lVyhscdH!OUzBE89ToTS>JZh&bv#YXkG#nb^?T24NILQf&vq#Oe7- z8*1{5d3MRkJ7%u<5cAhNq~3h)w-+AAS|+Jb2U0pYkjkln)J~TP;FtZ&>tWySBUIPE zIfa;uZdad<9m&!10x=B#7nK*SP=~|mx_db_;oyw#PP_fFixc8;_s8iaPLoZUW?vqE z)UR^CyR#8FGb6FD$PcUtIam>DQ*M0TO_C8kGoqJ_=-ll7*9hK>m}n%vXKcv1v0dn3 zN8LD$-6(ZUZ7-ctw`O^}lSHkT%mCSGLU`?sa(lCtmLS3If2Y?Hw)|mDztb9XQxkvW z&R_|&nKJ#_2e-X1E(`O4a;3UW7bg9Oi+(woY!EiDe~Z%}(xy9J>Ig8o^TA}gfKI!J zTGW&kO&T4}8eRJy8a`(rw!>r1*A~f~ro|2=*uPn>rEfK&P@@6(87$}Ra3b!M8POjF1|5aD#jgQlGg zhfdN*{B8F&9A3kD+8AWoAgHB0O$%+Q&YW7#4IfgYhRo(TR?-$~D_16PU)jnqQ$bxfO~Vw&T35&ocr8tV zTfJ)AmRVj4)%X@F-quX8*4L;d10gvSc57C3Xt51g2iqtis#Z#-b>r*WDB+ET0`wNt z7UUMh7RW`|0!xl6rGqd6nXMQTUW*!Q*;o`{c*B7eV77oO6d{O)f)z$GDZS;`G}3F$ zBv4?s;H1tbjpVEhx?vQ8(G6n5se?95*P?D4j!Be562;p4wl&@`OCM&0*4R`Mz*7z= o4@op9l>B0>)wO{ppytX{H3jL>Hd2bp+dI+!08%{v)Y%UJ0L9j@xc~qF diff --git a/creusot/tests/should_succeed/iterators/01_range.mlcfg b/creusot/tests/should_succeed/iterators/01_range.mlcfg index 58bca180ba..455221f5c9 100644 --- a/creusot/tests/should_succeed/iterators/01_range.mlcfg +++ b/creusot/tests/should_succeed/iterators/01_range.mlcfg @@ -30,6 +30,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -52,11 +53,12 @@ end module C01Range_Impl0_Completed use prelude.Borrow use prelude.Int + use prelude.Bool use C01Range_Range_Type as C01Range_Range_Type clone CreusotContracts_Resolve_Impl1_Resolve_Stub as Resolve0 with type t = C01Range_Range_Type.t_range predicate completed [#"../01_range.rs" 23 4 23 35] (self : borrowed (C01Range_Range_Type.t_range)) = - [#"../01_range.rs" 25 12 25 52] Resolve0.resolve self /\ C01Range_Range_Type.range_start ( * self) >= C01Range_Range_Type.range_end ( * self) + [#"../01_range.rs" 25 12 25 52] Resolve0.resolve self /\ Int.ge (C01Range_Range_Type.range_start ( * self)) (C01Range_Range_Type.range_end ( * self)) val completed [#"../01_range.rs" 23 4 23 35] (self : borrowed (C01Range_Range_Type.t_range)) : bool ensures { result = completed self } @@ -84,11 +86,12 @@ module C01Range_Impl0_Produces use seq.Seq use prelude.Int use prelude.IntSize + use prelude.Bool use C01Range_Range_Type as C01Range_Range_Type predicate produces [#"../01_range.rs" 31 4 31 64] (self : C01Range_Range_Type.t_range) (visited : Seq.seq isize) (o : C01Range_Range_Type.t_range) = - [#"../01_range.rs" 32 8 38 9] C01Range_Range_Type.range_end self = C01Range_Range_Type.range_end o /\ C01Range_Range_Type.range_start self <= C01Range_Range_Type.range_start o /\ (Seq.length visited > 0 -> C01Range_Range_Type.range_start o <= C01Range_Range_Type.range_end o) /\ Seq.length visited = IntSize.to_int (C01Range_Range_Type.range_start o) - IntSize.to_int (C01Range_Range_Type.range_start self) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> IntSize.to_int (Seq.get visited i) = IntSize.to_int (C01Range_Range_Type.range_start self) + i) + [#"../01_range.rs" 32 8 38 9] C01Range_Range_Type.range_end self = C01Range_Range_Type.range_end o /\ Int.le (C01Range_Range_Type.range_start self) (C01Range_Range_Type.range_start o) /\ (Int.gt (Seq.length visited) 0 -> Int.le (C01Range_Range_Type.range_start o) (C01Range_Range_Type.range_end o)) /\ Seq.length visited = Int.sub (IntSize.to_int (C01Range_Range_Type.range_start o)) (IntSize.to_int (C01Range_Range_Type.range_start self)) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length visited) -> IntSize.to_int (Seq.get visited i) = Int.add (IntSize.to_int (C01Range_Range_Type.range_start self)) i) val produces [#"../01_range.rs" 31 4 31 64] (self : C01Range_Range_Type.t_range) (visited : Seq.seq isize) (o : C01Range_Range_Type.t_range) : bool ensures { result = produces self visited o } @@ -242,7 +245,7 @@ module C01Range_Impl0_Next goto BB0 } BB0 { - switch ([#"../01_range.rs" 58 11 58 33] C01Range_Range_Type.range_start ( * self) >= C01Range_Range_Type.range_end ( * self)) + switch ([#"../01_range.rs" 58 11 58 33] IntSize.ge (C01Range_Range_Type.range_start ( * self)) (C01Range_Range_Type.range_end ( * self))) | False -> goto BB2 | True -> goto BB1 end @@ -254,7 +257,7 @@ module C01Range_Impl0_Next } BB2 { r <- C01Range_Range_Type.range_start ( * self); - self <- { self with current = (let C01Range_Range_Type.C_Range a b = * self in C01Range_Range_Type.C_Range ([#"../01_range.rs" 62 12 62 27] C01Range_Range_Type.range_start ( * self) + ([#"../01_range.rs" 62 26 62 27] [#"../01_range.rs" 62 26 62 27] (1 : isize))) b) }; + self <- { self with current = (let C01Range_Range_Type.C_Range a b = * self in C01Range_Range_Type.C_Range ([#"../01_range.rs" 62 12 62 27] IntSize.add (C01Range_Range_Type.range_start ( * self)) ([#"../01_range.rs" 62 26 62 27] [#"../01_range.rs" 62 26 62 27] (1 : isize))) b) }; assume { Resolve0.resolve self }; _0 <- ([#"../01_range.rs" 63 12 63 19] Core_Option_Option_Type.C_Some r); goto BB3 @@ -265,12 +268,14 @@ module C01Range_Impl0_Next end module C01Range_Impl1_IntoIter_Interface + use prelude.Bool use C01Range_Range_Type as C01Range_Range_Type val into_iter [#"../01_range.rs" 70 4 70 34] (self : C01Range_Range_Type.t_range) : C01Range_Range_Type.t_range ensures { [#"../01_range.rs" 69 14 69 28] result = self } end module C01Range_Impl1_IntoIter + use prelude.Bool use C01Range_Range_Type as C01Range_Range_Type let rec cfg into_iter [#"../01_range.rs" 70 4 70 34] [@cfg:stackify] [@cfg:subregion_analysis] (self : C01Range_Range_Type.t_range) : C01Range_Range_Type.t_range ensures { [#"../01_range.rs" 69 14 69 28] result = self } @@ -317,7 +322,7 @@ module C01Range_SumRange_Interface use prelude.IntSize use prelude.Int val sum_range [#"../01_range.rs" 77 0 77 35] (n : isize) : isize - requires {[#"../01_range.rs" 75 11 75 18] IntSize.to_int n >= 0} + requires {[#"../01_range.rs" 75 11 75 18] Int.ge (IntSize.to_int n) 0} ensures { [#"../01_range.rs" 76 10 76 21] result = n } end @@ -326,6 +331,7 @@ module C01Range_SumRange use prelude.IntSize use prelude.Ghost use seq.Seq + use prelude.Bool use prelude.Borrow use C01Range_Range_Type as C01Range_Range_Type clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with @@ -351,7 +357,7 @@ module C01Range_SumRange predicate Produces0.produces = Produces0.produces clone C01Range_Impl1_IntoIter_Interface as IntoIter0 let rec cfg sum_range [#"../01_range.rs" 77 0 77 35] [@cfg:stackify] [@cfg:subregion_analysis] (n : isize) : isize - requires {[#"../01_range.rs" 75 11 75 18] IntSize.to_int n >= 0} + requires {[#"../01_range.rs" 75 11 75 18] Int.ge (IntSize.to_int n) 0} ensures { [#"../01_range.rs" 76 10 76 21] result = n } = [@vc:do_not_keep_trace] [@vc:sp] @@ -387,7 +393,7 @@ module C01Range_SumRange BB4 { invariant { [#"../01_range.rs" 82 16 82 23] Inv0.inv it }; invariant { [#"../01_range.rs" 83 16 83 55] Produces0.produces (Ghost.inner iter_old) (Ghost.inner produced) it }; - invariant { [#"../01_range.rs" 84 16 84 46] IntSize.to_int i = Seq.length (Ghost.inner produced) /\ i <= n }; + invariant { [#"../01_range.rs" 84 16 84 46] IntSize.to_int i = Seq.length (Ghost.inner produced) /\ Int.le i n }; goto BB5 } BB5 { @@ -421,7 +427,7 @@ module C01Range_SumRange BB11 { produced <- _21; _21 <- any Ghost.ghost_ty (Seq.seq isize); - i <- ([#"../01_range.rs" 89 16 89 22] i + ([#"../01_range.rs" 89 21 89 22] [#"../01_range.rs" 89 21 89 22] (1 : isize))); + i <- ([#"../01_range.rs" 89 16 89 22] IntSize.add i ([#"../01_range.rs" 89 21 89 22] [#"../01_range.rs" 89 21 89 22] (1 : isize))); goto BB4 } @@ -430,6 +436,7 @@ module C01Range_Impl0 use seq.Seq use prelude.Int use prelude.IntSize + use prelude.Bool use prelude.Borrow use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Interface as Inv3 with diff --git a/creusot/tests/should_succeed/iterators/01_range/why3session.xml b/creusot/tests/should_succeed/iterators/01_range/why3session.xml index cd5427ea37..7446044084 100644 --- a/creusot/tests/should_succeed/iterators/01_range/why3session.xml +++ b/creusot/tests/should_succeed/iterators/01_range/why3session.xml @@ -7,17 +7,17 @@ - + - + - + @@ -27,7 +27,7 @@ - + diff --git a/creusot/tests/should_succeed/iterators/01_range/why3shapes.gz b/creusot/tests/should_succeed/iterators/01_range/why3shapes.gz index b72f698992badcba9cd34d03a672956f4cc661f5..d2a06da0fe7ea05341cf330ef24e94f4e9c5f289 100644 GIT binary patch literal 983 zcmV;|11S6-iwFP!00000|CLosZ{s!)zUx=$wrzp}9E#6kw}26>AOnjYx&@ClD3Zz= zb)>AMB<;WNkdkc4Nzm2@Yu@~Z{D%DDCLg}p$1vp2p&yQ2`*SYxn;$d#*mwTPg~1RT z9v;WP4Jk8omp5IXFRnu$n$sro_SS$Y4BKCfH0rxm5Ju3~rN-X2Lw09f_waZMWAIq* z?(l2ZhI6XDLECU_@6q42hT1<;%-8NA7z6veJNwDNVh}sqhoL(?2LrH+9;jS4-}|Rv_|E>aM!;5b@f|aHiu+=5A!dqKC>BF#eN@XG?#Zz| z)ZJ6-hjla8i4L|6>?2Bk9aT;pj1ySEQ{JG3Vy)1K7uW?b6lnZc$O|#r@Yk5d3NsjV zoqbrpI~>Q*|0nM4UvckZ;4`;*nT_8O{j(8e7I{R8k^AWjv|N~Y3abvOS}8J8C!(4h zr_kPy-_YNN-cWI&|7=2PEj|O78&`&DL1m~c_ZuQoxgjFZg^5wxy?w&TmkJ6)d6^_` z+wfv2OXcxvsKyVqKSg1JY-q8!AJ;n0?#E9TFS^RzoL&$cEd_}wsGNghiX&)Bq3247 z?;LWLkP>)uu`o*W?yw0U#TpdWB~s_BD`4sn?0_SGz@yUTJpV5!C*EiSs@$*d6%cP+ zENHxxEdZ~U6gJ;2D(xT0WS(R^x3sGJhP*~z1*zu z9{sM^7jM6J>x0o#`DwEt5@Z^QsY{X=qm!bSD*{g?G1MqW@OvMYm8HAP@9^|+NRzz` z7Fk9N3@jpz(>RGpqxE32c`(=0d$!@CDT9?+vK-P2w#i0HaU+e|zhx{}&k;k@YCes) z&U(wgo7dk>P4HP4vo2>{mGQTE)Yu!`V=L+jq!>FBZz^o~{{NJa+Y-}eLENlN*I<>X zLqmdZ8gNoJoO0@E?P+LOkwZl?1C4|m_Rsa={N>?g#zLwBP>YS{-YgFNY3sw7C6G2=Na!?h>3Pc6G0#-qhNsger zwOo0xyw#16q$Wi3hIlWSPbqqn;%a=$JSdJ?77#ZA21>mnjnLfEm_o@Wnj!E?}~w zCXm7;Y5#q%fngw-tlG^(d_Rw`?Q@2ouF~NfK87KE4*hWG+K;JDuYOMOvG3}qDh!@s zcz8Vi<5`yYo3!cr^px87p}F5wUSE6g!pq_u#Ey% zo_L7!Gz@?J{66xVOla#E&vrMI+Lzr^TMyqKZ97>(L)h0vS@HG9rZ_!Y8~#2f@p#h) zv}8+;y1M=082bOjjN%P5&H*(uPi4vRFPiDu>nw?{%$YaEv;xmgJo&VKKWaylX4Kswyh3%P6-G7BzMysr zo?!)$-p8_8@OHdEFk^VK>AA*RjlIf)AbUd!;O~%v5*t#0e4i8`33(=k$adQu-ecV> z(gA!2AH193r^|v!kVy&CDcQ&vH#+X5c6ybOnBG<-@2Kv1XH%VJJ3Kw?M?s(T#7@cr z4=0mH5l$x2Xst&%>v1jGB}SW$9WqPC$bS5+Y`Te3${TNsOTldQjgS;t$&!AiUv*u| z@8)AK6Z?pKf`O?S>+>Zql^_AQlMYL%pb^$G9i-th6**5DtB^O95vBxXta5c@ zL*uxrYNw6Tsmf)doMBZEbzPTEnqUnCCW0-4QiR!<)Z{v;gCm4S#)WYdO=y%URV`V= zO6yz-JO{{u ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Slice_Impl0_ShallowModel type t @@ -82,6 +84,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -91,12 +94,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module C02IterMut_Impl0_Invariant_Stub type t @@ -115,6 +118,7 @@ module C02IterMut_Impl0_Invariant type t use prelude.Borrow use seq.Seq + use prelude.Int use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with @@ -151,6 +155,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -235,6 +240,7 @@ module C02IterMut_Impl1_Completed type t use prelude.Borrow use seq.Seq + use prelude.Bool use prelude.Slice use seq.Seq clone CreusotContracts_Model_Impl7_ShallowModel_Stub as ShallowModel0 with @@ -291,6 +297,7 @@ module CreusotContracts_Std1_Slice_Impl4_ToMutSeq_Stub type t use seq.Seq use prelude.Int + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -309,6 +316,7 @@ module CreusotContracts_Std1_Slice_Impl4_ToMutSeq_Interface type t use seq.Seq use prelude.Int + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -325,17 +333,18 @@ module CreusotContracts_Std1_Slice_Impl4_ToMutSeq_Interface val to_mut_seq (self : borrowed (slice t)) : Seq.seq (borrowed t) requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 75 23 75 27] Inv0.inv self} ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 72 14 72 41] Seq.length result = Seq.length (ShallowModel0.shallow_model self) } - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 73 4 73 82] forall i : int . 0 <= i /\ i < Seq.length result -> * Seq.get result i = IndexLogic0.index_logic ( * self) i } - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 74 4 74 85] forall i : int . 0 <= i /\ i < Seq.length result -> ^ Seq.get result i = IndexLogic0.index_logic ( ^ self) i } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 73 4 73 82] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length result) -> * Seq.get result i = IndexLogic0.index_logic ( * self) i } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 74 4 74 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length result) -> ^ Seq.get result i = IndexLogic0.index_logic ( ^ self) i } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 75 4 75 43] Inv1.inv result } ensures { result = to_mut_seq self } - axiom to_mut_seq_spec : forall self : borrowed (slice t) . ([#"../../../../../creusot-contracts/src/std/slice.rs" 75 23 75 27] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 75 4 75 43] Inv1.inv (to_mut_seq self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 74 4 74 85] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq self) -> ^ Seq.get (to_mut_seq self) i = IndexLogic0.index_logic ( ^ self) i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 73 4 73 82] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq self) -> * Seq.get (to_mut_seq self) i = IndexLogic0.index_logic ( * self) i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 72 14 72 41] Seq.length (to_mut_seq self) = Seq.length (ShallowModel0.shallow_model self)) + axiom to_mut_seq_spec : forall self : borrowed (slice t) . ([#"../../../../../creusot-contracts/src/std/slice.rs" 75 23 75 27] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 75 4 75 43] Inv1.inv (to_mut_seq self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 74 4 74 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (to_mut_seq self)) -> ^ Seq.get (to_mut_seq self) i = IndexLogic0.index_logic ( ^ self) i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 73 4 73 82] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (to_mut_seq self)) -> * Seq.get (to_mut_seq self) i = IndexLogic0.index_logic ( * self) i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 72 14 72 41] Seq.length (to_mut_seq self) = Seq.length (ShallowModel0.shallow_model self)) end module CreusotContracts_Std1_Slice_Impl4_ToMutSeq type t use seq.Seq use prelude.Int + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -352,12 +361,12 @@ module CreusotContracts_Std1_Slice_Impl4_ToMutSeq val to_mut_seq (self : borrowed (slice t)) : Seq.seq (borrowed t) requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 75 23 75 27] Inv0.inv self} ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 72 14 72 41] Seq.length result = Seq.length (ShallowModel0.shallow_model self) } - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 73 4 73 82] forall i : int . 0 <= i /\ i < Seq.length result -> * Seq.get result i = IndexLogic0.index_logic ( * self) i } - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 74 4 74 85] forall i : int . 0 <= i /\ i < Seq.length result -> ^ Seq.get result i = IndexLogic0.index_logic ( ^ self) i } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 73 4 73 82] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length result) -> * Seq.get result i = IndexLogic0.index_logic ( * self) i } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 74 4 74 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length result) -> ^ Seq.get result i = IndexLogic0.index_logic ( ^ self) i } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 75 4 75 43] Inv1.inv result } ensures { result = to_mut_seq self } - axiom to_mut_seq_spec : forall self : borrowed (slice t) . ([#"../../../../../creusot-contracts/src/std/slice.rs" 75 23 75 27] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 75 4 75 43] Inv1.inv (to_mut_seq self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 74 4 74 85] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq self) -> ^ Seq.get (to_mut_seq self) i = IndexLogic0.index_logic ( ^ self) i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 73 4 73 82] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq self) -> * Seq.get (to_mut_seq self) i = IndexLogic0.index_logic ( * self) i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 72 14 72 41] Seq.length (to_mut_seq self) = Seq.length (ShallowModel0.shallow_model self)) + axiom to_mut_seq_spec : forall self : borrowed (slice t) . ([#"../../../../../creusot-contracts/src/std/slice.rs" 75 23 75 27] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 75 4 75 43] Inv1.inv (to_mut_seq self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 74 4 74 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (to_mut_seq self)) -> ^ Seq.get (to_mut_seq self) i = IndexLogic0.index_logic ( ^ self) i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 73 4 73 82] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (to_mut_seq self)) -> * Seq.get (to_mut_seq self) i = IndexLogic0.index_logic ( * self) i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 72 14 72 41] Seq.length (to_mut_seq self) = Seq.length (ShallowModel0.shallow_model self)) end module C02IterMut_Impl1_Produces_Stub type t @@ -765,6 +774,7 @@ end module Core_Slice_Impl0_TakeFirstMut_Interface type t use prelude.Borrow + use prelude.Bool use seq.Seq use prelude.Int use prelude.Slice @@ -792,7 +802,7 @@ module Core_Slice_Impl0_TakeFirstMut_Interface val take_first_mut (self : borrowed (borrowed (slice t))) : Core_Option_Option_Type.t_option (borrowed t) requires {Inv0.inv self} ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 271 18 278 9] match (result) with - | Core_Option_Option_Type.C_Some r -> * r = IndexLogic0.index_logic ( * * self) 0 /\ ^ r = IndexLogic0.index_logic ( ^ * self) 0 /\ Seq.length (ShallowModel0.shallow_model ( * * self)) > 0 /\ Seq.length (ShallowModel0.shallow_model ( ^ * self)) > 0 /\ ShallowModel0.shallow_model ( * ^ self) = Tail0.tail (ShallowModel0.shallow_model ( * * self)) /\ ShallowModel0.shallow_model ( ^ ^ self) = Tail0.tail (ShallowModel0.shallow_model ( ^ * self)) + | Core_Option_Option_Type.C_Some r -> * r = IndexLogic0.index_logic ( * * self) 0 /\ ^ r = IndexLogic0.index_logic ( ^ * self) 0 /\ Int.gt (Seq.length (ShallowModel0.shallow_model ( * * self))) 0 /\ Int.gt (Seq.length (ShallowModel0.shallow_model ( ^ * self))) 0 /\ ShallowModel0.shallow_model ( * ^ self) = Tail0.tail (ShallowModel0.shallow_model ( * * self)) /\ ShallowModel0.shallow_model ( ^ ^ self) = Tail0.tail (ShallowModel0.shallow_model ( ^ * self)) | Core_Option_Option_Type.C_None -> ^ self = * self /\ Seq.length (ShallowModel0.shallow_model ( * * self)) = 0 end } ensures { Inv1.inv result } @@ -982,6 +992,7 @@ module C02IterMut_Impl1_Next end module C02IterMut_Impl2_IntoIter_Interface type t + use prelude.Bool use C02IterMut_IterMut_Type as C02IterMut_IterMut_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = C02IterMut_IterMut_Type.t_itermut t @@ -993,6 +1004,7 @@ module C02IterMut_Impl2_IntoIter_Interface end module C02IterMut_Impl2_IntoIter type t + use prelude.Bool use seq.Seq use prelude.Slice use seq.Seq @@ -1119,11 +1131,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -1141,11 +1153,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module Alloc_Alloc_Global_Type type t_global = @@ -1261,6 +1273,7 @@ module Alloc_Vec_Impl13_IndexMut_Interface type a use prelude.Borrow use seq.Seq + use prelude.Int use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv4 with @@ -1358,6 +1371,7 @@ module CreusotContracts_Std1_Slice_Impl9_HasValue type t use seq.Seq use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -1404,8 +1418,10 @@ module CreusotContracts_Std1_Slice_Impl9_ResolveElswhere end module C02IterMut_IterMut_Interface type t + use prelude.Bool use prelude.Borrow use seq.Seq + use prelude.Int use prelude.Slice use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -1453,7 +1469,9 @@ module C02IterMut_IterMut type t use prelude.Borrow use prelude.Slice + use prelude.Bool use seq.Seq + use prelude.Int clone CreusotContracts_Invariant_Inv_Interface as Inv7 with type t = t clone TyInv_Trivial as TyInv_Trivial6 with @@ -1685,6 +1703,7 @@ module C02IterMut_AllZero_Interface use prelude.Borrow use seq.Seq use prelude.Int + use prelude.Bool use prelude.UIntSize use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with @@ -1709,7 +1728,7 @@ module C02IterMut_AllZero_Interface axiom . val all_zero [#"../02_iter_mut.rs" 78 0 78 35] (v : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : () ensures { [#"../02_iter_mut.rs" 76 10 76 33] Seq.length (ShallowModel0.shallow_model ( ^ v)) = Seq.length (ShallowModel1.shallow_model v) } - ensures { [#"../02_iter_mut.rs" 77 0 77 66] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel1.shallow_model v) -> UIntSize.to_int (IndexLogic0.index_logic ( ^ v) i) = 0 } + ensures { [#"../02_iter_mut.rs" 77 0 77 66] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel1.shallow_model v)) -> UIntSize.to_int (IndexLogic0.index_logic ( ^ v) i) = 0 } end module C02IterMut_AllZero @@ -1718,6 +1737,7 @@ module C02IterMut_AllZero use prelude.UIntSize use prelude.Ghost use seq.Seq + use prelude.Bool use prelude.Slice clone CreusotContracts_Invariant_Inv_Interface as Inv9 with type t = usize @@ -1888,7 +1908,7 @@ module C02IterMut_AllZero predicate Inv4.inv = Inv4.inv let rec cfg all_zero [#"../02_iter_mut.rs" 78 0 78 35] [@cfg:stackify] [@cfg:subregion_analysis] (v : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : () ensures { [#"../02_iter_mut.rs" 76 10 76 33] Seq.length (ShallowModel0.shallow_model ( ^ v)) = Seq.length (ShallowModel1.shallow_model v) } - ensures { [#"../02_iter_mut.rs" 77 0 77 66] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel1.shallow_model v) -> UIntSize.to_int (IndexLogic1.index_logic ( ^ v) i) = 0 } + ensures { [#"../02_iter_mut.rs" 77 0 77 66] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel1.shallow_model v)) -> UIntSize.to_int (IndexLogic1.index_logic ( ^ v) i) = 0 } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -1931,7 +1951,7 @@ module C02IterMut_AllZero BB5 { invariant { [#"../02_iter_mut.rs" 82 16 82 23] Inv0.inv it }; invariant { [#"../02_iter_mut.rs" 83 16 83 55] Produces0.produces (Ghost.inner iter_old) (Ghost.inner produced) it }; - invariant { [#"../02_iter_mut.rs" 82 4 82 25] forall i : int . 0 <= i /\ i < Seq.length (Ghost.inner produced) -> UIntSize.to_int ( ^ IndexLogic0.index_logic produced i) = 0 }; + invariant { [#"../02_iter_mut.rs" 82 4 82 25] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (Ghost.inner produced)) -> UIntSize.to_int ( ^ IndexLogic0.index_logic produced i) = 0 }; goto BB6 } BB6 { @@ -1981,6 +2001,7 @@ end module C02IterMut_Impl1 type t use seq.Seq + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml b/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml index d2a5965c2b..09a6aebf15 100644 --- a/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml +++ b/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml @@ -9,93 +9,93 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut/why3shapes.gz b/creusot/tests/should_succeed/iterators/02_iter_mut/why3shapes.gz index 0eb87cf910b97c556bb5a52820d4c82f6307affd..9c1a3b4198805f61d9fbc01f0f3c0111c7b08553 100644 GIT binary patch literal 3174 zcmV-s44LyEiwFP!00000|K(a+ZyUK4e%G(i+qMo0@bJ#UelQFO6tL|>3k>>XfiuHN zgvydvmYr;WeGfUL=As!n=_ZQ>8rT-a%Xc`3-??$}r<>)=C->}MmT&&}vOVnox|GYC zKQB(dxb6O}Agk1Z0&x~^JRNGkE4VuyHrxHlJ>CE7 zr+asIF}$q{ejjkgBkNWq&vJMnP|jTzgRoDpr_GE1rI3@Np^!n|jr-_NgV}{bxY~c& z><%BdmAeT&YqvXL{{;3uc2=ZNs{r= z!o+hCg~2U99}o3wOxwBt~JK_Y47&IIKHWk#HDSrh=_8epOi9}KSBa~X2TxDOwY zHw7SjRHl(?S7YaW>e0D}p4iU;p&<@7{z* z#B5^8rb61ICmdF-8Aag$bjJWWy{ zAy#C5#?5)gT~M$bo?&nBW;~czqIUjyc=AQZ%_|bZbA+$B=hScu^Cw^D6O3rt#pHv1+3r8$tiv9i7|Kpl+ufqT=flgX ze^SxPDBSnpTk4F!LuUs~X;7TVzzDF;+eLS|PAoO|xv_S4IH#awwN4Vr{Ul4mrl(mF zeewiLW>(y!6<1h-1Hf7tdEw8hqD^kKX$~WDukzX;`T#9`FPeUpPo2JvAzFt`W~6qWTFMJ61bMUVh$f7 zj<^!Lc#1gUoy?VojQO_9{imiRC^-yXe3%Ndp4u>>xGQuKj|M+l1@FIj=uWl?0F*wY2EP{gJjpCTMW!nOm-C}{Av3` zhODw5Z=Le&LGZbQKpmt<-}v3j=TH9VL#(}+Hidcb5O4G5cCVLflGMkzvH58cI(XYu zQ{#kuX7O}3<>7T-zf7(Rss2CQ{-a;L?slDL=216dq*N4>luBFWg}NgvHRg15m1)z} zxWOz#R=7AHS#oPPmq|453RMxk)103c*Zs5ze!69@91kT+6j_k&5_j480@e8f^M9GR zi`MP+Z#645h175J~*=7TRwk zw-<)m+U6}P%V5W1#--7A`qU6h%SO&J%Jc^u}X_(PucXYAsIepnM)WHF2wXZ;^9F)y{^q-t6#^p zP~$Q#^!7?E-a>Rm9Ee4mF~!zh_(&*S&G-h_Nc=X#;kV)OU5=jh+0$kV7*8(mC2X|4 zSNMW?9e&x6;bz+jw7*(4y5bsNn!$)?130>3BQLg+-WrTgq;2_AVJrxuE#5+iRze2;Jc*LylQLB_i z#@U&TU)Y3I)3Nh;#_9g}=Hku7S6ciS@{0SR@4EvUY1}Mc_ebxlPp;hgO)Mu3r>;`;nT?tW@{{Y5#HX9&lqOU30(kmg$9-DQ!@C6nMa}pR|PkDTV|jU9Lu{g ztNW3n3kK&|y@HFW`_TzvSFe2GI%Kz8Pf?-Z5Od$KCE2!QU|YdO%!Ki?5ClIMQeI>g z7ChcF_r8lBk#Q7;xAVn2s;4PinnDTB8gWIsoiGuo!p;#PK&3K< z$#az#nsDp$d=r{I{HQ=HH*~lS>-*aS4RD(3stI!cf)!; zH?Zoz5#?=F+V7I>w6lJO?_FiSVd43etQ-sbK9H;MZ?O=y7KC5~Yz%RwBUMv6D49`= z)pcd+rLo#7E3L5HGD|I3vLKZ~H44mV74upuQ*mLO;zSr<3PG13EN~0V0>y;@7D!rJ z0ZuX0^Qx{1F-A5-3L2nF;M}_19cn(@auY)_Cd$D$VMqHhRgq<;-$wIi%Ar6%$O?VH1qkij@2HF)Y3Pykrk&6)7l7B>k`8LaH_-~ zVI{YcSxKz~D~T1x3Va4-1u|Gz!Q-|(c+a6~gmB7v)l?F=BuZ02UMeU9eWbBcTdBSU zS8KxSrU63@mt|G+lA~2LjmCVJdo(7*RV@BctFTSJU50Eb2Ab&7)l5mk6j}gx&I>#j zkW4QX+N-ikS|zOFzgZp?)F`wpv|6B`YFROFnuZhUm{L_0<(cm)(xER<#8q{vq_3r5 zv~)&bnn;;KE{GsfQ>(#h^1WqCgBEG((p4ItuacFQlz?g|G2DS-;RrSQMBIV0T3Riv z=2o-sw*wBoR`{fZQqH+lysj0RS1lYCnZDM+lnu9rSwpP>Ysin>O(jb-R>5UM71Ry# zj8R<&KhThpn&`QVv_^!p`2DseS%XFQ8N32IFoGV8X#7PF zK_vd7Paz0EFfbAHP$UE<+_td>pF;ikZDVMyIjw3?oRWrehmk;FbZH!`q?XWbJI2dD z+SY@yQ&(42#p|+`O^N=Kg9JbeDFN!Vb=)4teEmm#3Pn6YK7*>tVBWfd5GI+Yq%2EP zYJ7^2ukc9X-)Bphxv)w(QW}L+ZmNb+4x(uqw0O-i7y%7=6lx2@GK9Ds0&^Rgp$oO1 za!lQP$tka@l5@s{!u+b%nm2fKBEj%?U@(cQKvLWVXz4gJykP`W3!*DlqU%pE;vJa( M0#9-HO!X`P02aCzOaK4? literal 3151 zcmV-V46ySbiwFP!00000|K(a+ZyUK4e%G(i+qMo0@bJzeDPR~7C}7)%78vv?0%wMk z2vsDnEIZl$`W|vf&0S7*vx@~9*cL?|eus1T@mx6h)7|>%qkHsE>lc51+MkYpUCZ^| zpI4Wk-2V7dkWFeq0l7&FnwzX(o0WU}&K>;m!{wtxsKep(dH3m5`$NIq<+R%$FYeR* zzkj%Q?#&(^)g?iuKNe6orZY7?;DPqFj>>wV}6So#K*-o)o+gRyP&U1EW-yD_+#BLLa z1p=|SFc=SQTc)y(sk}Asl6A*Km=oy{qK7m#+L#7&B11Z4v&v*vxj=TaKz1`r_Q01B z+ou%j%lD}>L-@d$5#y&Mn!`)v;e)|#yDLKm8TaN5vZes!j>;rb?QHD4Pdz&Ku-t>X zIuzZ`?{}Gqs)uwOeB*;}a!S?9*&UyjxeB+r3W2LI%T-8Rh1&$Bfz)r2^veXL$>Qub zL1}QXZ_)oQ6Eq|7Awg+6OSB6MvI`3;Hw6+qHD%o4IWl(~9I+Y5ES-Uj`FGd$EfO#Q zbqt(gbeK*@l#YE7lHP=*Go%iO3;R?!LaWx#zt1FPVYw{Y1o?UOODLNhlXg%3(5&L4 z@7M!!xJO9r>qbMX8*^VmZ|DP8p3djfXJ7yD=|4Sz_lW13{m~r~NYER5V^f62(l=D0i{kybYQ4EiMFdng^#DFOMjo@38Qe|gKvp50uP-XG^N3C zA_F79HZK=lyDy+fITlFc@0B=@r%35%ZRNc6`u99fugmu4(;1cz^PBnbqL zP&Vesb?|OHm}hqD-(O#<+!38s^7Sid(Z8oPF$wQ&k8| z+r;dLg7UG{ChwiN#;>FQa`_$^)@*_WG5^1nv|{ESoT<1GwRm!=;+2e*hfMixm+{Yu zBq%uyTYQ)TvYy#6m3UX^B5nOlT|YzQ#U!J7RzPv;S6)&bv}dbYWU{ zVVZ_8eT_(Dxu}B>Y6qN|W;76katoD`nm$vhxL-I_5Do#I9m4d8P8|pyZ7~Nikz^A= z8pHh6>xrCgUXx659mS32+3~gYs*F9|Fyvv#!w`L@K=0C0ibgjSJNdu?MDNrd`{-X$ z02fQsF-K2*clEmwgS5_gj6t&N&@BdLC?>lK6aKXQAvadpi?=R$aU=NBMxYJSqwoCT z>GMZ__94*b zjvxHy`EckwGmo|rBcr04WK`N3FH{`as4<_Tn@pRowhhNJWQ42hmL<1#H%*^;SD=dM zotFHxxb3G!@Y5}G<#;HaM3EKgE@hXUFHoH?F#m@syJ($W|1Kj`qPXEQhj5x3p)>c0 z+{1GZp79Pv%U zw?SZ13<0xDVH$kdIB-l(D5WWbp>&fNu`MP3iD=+1*Zr$@{K>PU3W^-O+#UN$oFTFcG62jLew8q2S?kdhF^A zY=z0!j6ZH!r>6aS1s-Y)o9g!X>Gs#{AIOJArLBA4KYP$2?kh60Nch?n!Fbwh3Nh$n zffhN-<`)f_tt>MM1Hwd0zawrP*h@>0S&+v|icn9|{w9T~2*6`=hk=I6yJRb2b9 zi{PK0_?tJAjqi)QHw$|?r!Fdc1u&$2V*%`oyb-VPrhVn`x&}FXWcQcQH4h#2%C9uW zeb1Fn9-+M=-eGPRoWv_geWyahq`1Yb?@p_fKt}0I#xHEu4esS?i;w#Vl z7;@S7(ARwdjVx|f&&RWO)kjwz{QB{P6XHeIl=%>o?t+unf$;gP2GcZ_Z$aA|@r6^_ z^FR}TuEL;ldr7DLVd05r!BxRcT9p~t1Bdcr%;tV%<$}Rgs#j<+bwAoZ?CO;*T!*Zd z>p3129AeHJRwUb&3{)$)h#4?`7J}dhL%xe_!Ggz|<=%JEV=<26P&8$n4lee@Qz4)e z$~7_ctd0||&H+WPE%swb)DR}Lk}-I@Ko*PzeF#>;k3A2~A^Ya$bHU;*7tekVzi-lL z9%H6pdXw)x^x)2o&BTMy*(no&DeM{z0#qtrn7meZq4{pGU9mITpUHxWRDH1i-7srw zl6gikG;j)(Vi+iKC>xsHU=-s6RZ~W>xJwJ#X(4#h&PUqwD+a-DX&(8fa&6VD{N;I=d8R=c2QbnW|${;;^+#%j2O^YC1m{AF&!`rX7 z-P^pra59RSuYUCSmEQZ zp8FR^--x6Zk=iw@yyo<>sQ+}KN)_>DSZ|jGHvKoDysb+6U9uIs+GqH_Rp$E@o?pev zv9j+2xe5PPD-BqMdP6I3NJTx=#?`L$prmv{5w|v0TVq%258k>0DaB1$o;8Zcfogh^#eT~etOhcyGsP$dFsOO>V4Qt=un z5P}Z?oHb52h8u}%bD)JcN^@SRH4~Ph5twE48=*_>>Zark7f?GwnWR-MORt$JnFk}+ zOk1WblfP7fsTD(OHmYh$su-gUSF&nqK}$-Rp-}<*bvjB(MMWzH4QNROp`JiZ1TsKs zUXo_bx#i4qYB{9cCZIKt1_Lo;p4ClbXsydqNlqj#5!QlPffNBNh~>s|ZMm`>muR_Y zwF>PkQ8orQLP)BllOCB?o3im5W35<2SRaZ?{1H}iE18wlO0bexVXVMsP*xy=g%vz5 zOE!*@(v^+ozL7>4B^u8_8pU17N*?GVjg{I;^)0v+H;Oh*iR7-)6{7tO$1k2ZPCWH2 z;3^h>s8!e|zd(m01R7FSjFwGVdRfs@8Oa5$WFwSbD?G2tDruFlivMbTrBPsvs%s#4 z92zfaEln-8!`-Ox{6~G}yQ)+gJ%S<}N`sq1Yvu@RC=ibp1tY4UQd6tJYVy5xdtWo9 zj8anJc@-?2TJ`q=-td>>_tGU(e`>miBT3|U+D|8stc}^N4xYmvU zm%%lMqinb}%o=J9SVMlx)s#+f>dS`L6?Zj81VfdA+Ebu1_?WmFX^jYb@%t^S!4n`2 zI+aQY+GtS*-|rOn1gjNgIC=$iU<5rF(fErVf=K*DpF$9TU|=HXp-2c!xNKt$K85=2 zmrX!IL$w#)`%-dU5yOFcDkVn3vT537$9VZiTRQSkH ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Slice_Impl0_ShallowModel type t @@ -195,6 +197,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -204,12 +207,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl2_IndexLogic_Stub type t @@ -253,6 +256,7 @@ module CreusotContracts_Std1_Slice_Impl4_ToRefSeq_Stub type t use seq.Seq use prelude.Int + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -271,6 +275,7 @@ module CreusotContracts_Std1_Slice_Impl4_ToRefSeq_Interface type t use seq.Seq use prelude.Int + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -287,16 +292,17 @@ module CreusotContracts_Std1_Slice_Impl4_ToRefSeq_Interface val to_ref_seq (self : slice t) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 84 19 84 23] Inv0.inv self} ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 82 14 82 41] Seq.length result = Seq.length (ShallowModel0.shallow_model self) } - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . 0 <= i /\ i < Seq.length result -> Seq.get result i = IndexLogic0.index_logic self i } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length result) -> Seq.get result i = IndexLogic0.index_logic self i } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 84 4 84 35] Inv1.inv result } ensures { result = to_ref_seq self } - axiom to_ref_seq_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 84 19 84 23] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 84 4 84 35] Inv1.inv (to_ref_seq self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq self) -> Seq.get (to_ref_seq self) i = IndexLogic0.index_logic self i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 82 14 82 41] Seq.length (to_ref_seq self) = Seq.length (ShallowModel0.shallow_model self)) + axiom to_ref_seq_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 84 19 84 23] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 84 4 84 35] Inv1.inv (to_ref_seq self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (to_ref_seq self)) -> Seq.get (to_ref_seq self) i = IndexLogic0.index_logic self i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 82 14 82 41] Seq.length (to_ref_seq self) = Seq.length (ShallowModel0.shallow_model self)) end module CreusotContracts_Std1_Slice_Impl4_ToRefSeq type t use seq.Seq use prelude.Int + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -313,11 +319,11 @@ module CreusotContracts_Std1_Slice_Impl4_ToRefSeq val to_ref_seq (self : slice t) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 84 19 84 23] Inv0.inv self} ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 82 14 82 41] Seq.length result = Seq.length (ShallowModel0.shallow_model self) } - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . 0 <= i /\ i < Seq.length result -> Seq.get result i = IndexLogic0.index_logic self i } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length result) -> Seq.get result i = IndexLogic0.index_logic self i } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 84 4 84 35] Inv1.inv result } ensures { result = to_ref_seq self } - axiom to_ref_seq_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 84 19 84 23] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 84 4 84 35] Inv1.inv (to_ref_seq self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq self) -> Seq.get (to_ref_seq self) i = IndexLogic0.index_logic self i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 82 14 82 41] Seq.length (to_ref_seq self) = Seq.length (ShallowModel0.shallow_model self)) + axiom to_ref_seq_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 84 19 84 23] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 84 4 84 35] Inv1.inv (to_ref_seq self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (to_ref_seq self)) -> Seq.get (to_ref_seq self) i = IndexLogic0.index_logic self i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 82 14 82 41] Seq.length (to_ref_seq self) = Seq.length (ShallowModel0.shallow_model self)) end module CreusotContracts_Std1_Slice_Impl14_Produces_Stub type t @@ -342,6 +348,7 @@ module CreusotContracts_Std1_Slice_Impl14_Produces type t use seq.Seq use prelude.Borrow + use prelude.Bool use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with @@ -387,6 +394,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -412,6 +420,7 @@ module TyInv_Trivial end module Core_Slice_Impl0_Iter_Interface type t + use prelude.Bool use prelude.Borrow use prelude.Slice use Core_Slice_Iter_Iter_Type as Core_Slice_Iter_Iter_Type @@ -537,6 +546,7 @@ module CreusotContracts_Std1_Slice_Impl14_Completed type t use prelude.Borrow use seq.Seq + use prelude.Bool use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with @@ -614,6 +624,7 @@ module CreusotContracts_Std1_Iter_Impl0_IntoIterPost_Interface end module CreusotContracts_Std1_Iter_Impl0_IntoIterPost type i + use prelude.Bool predicate into_iter_post (self : i) (res : i) = [#"../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19] self = res val into_iter_post (self : i) (res : i) : bool @@ -728,7 +739,7 @@ module C03StdIterators_SliceIter_Interface type t = slice t, type ShallowModelTy0.shallowModelTy = Seq.seq t val slice_iter [#"../03_std_iterators.rs" 6 0 6 42] (slice : slice t) : usize - requires {[#"../03_std_iterators.rs" 4 11 4 30] Seq.length (ShallowModel0.shallow_model slice) < 1000} + requires {[#"../03_std_iterators.rs" 4 11 4 30] Int.lt (Seq.length (ShallowModel0.shallow_model slice)) 1000} requires {[#"../03_std_iterators.rs" 6 21 6 26] Inv0.inv slice} ensures { [#"../03_std_iterators.rs" 5 10 5 33] UIntSize.to_int result = Seq.length (ShallowModel0.shallow_model slice) } @@ -881,7 +892,7 @@ module C03StdIterators_SliceIter clone CreusotContracts_Resolve_Resolve_Resolve_Interface as Resolve0 with type self = slice t let rec cfg slice_iter [#"../03_std_iterators.rs" 6 0 6 42] [@cfg:stackify] [@cfg:subregion_analysis] (slice : slice t) : usize - requires {[#"../03_std_iterators.rs" 4 11 4 30] Seq.length (ShallowModel0.shallow_model slice) < 1000} + requires {[#"../03_std_iterators.rs" 4 11 4 30] Int.lt (Seq.length (ShallowModel0.shallow_model slice)) 1000} requires {[#"../03_std_iterators.rs" 6 21 6 26] Inv0.inv slice} ensures { [#"../03_std_iterators.rs" 5 10 5 33] UIntSize.to_int result = Seq.length (ShallowModel0.shallow_model slice) } @@ -979,7 +990,7 @@ module C03StdIterators_SliceIter assume { Resolve2.resolve produced }; assert { [@expl:type invariant] Inv4.inv __creusot_proc_iter_elem }; assume { Resolve5.resolve __creusot_proc_iter_elem }; - i <- ([#"../03_std_iterators.rs" 10 8 10 14] i + ([#"../03_std_iterators.rs" 10 13 10 14] [#"../03_std_iterators.rs" 10 13 10 14] (1 : usize))); + i <- ([#"../03_std_iterators.rs" 10 8 10 14] UIntSize.add i ([#"../03_std_iterators.rs" 10 13 10 14] [#"../03_std_iterators.rs" 10 13 10 14] (1 : usize))); goto BB5 } @@ -1063,6 +1074,7 @@ module CreusotContracts_Std1_Vec_Impl5_IntoIterPost type t type a use prelude.Borrow + use prelude.Bool use prelude.Slice use seq.Seq use seq.Seq @@ -1133,11 +1145,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -1155,11 +1167,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module C03StdIterators_VecIter_Interface type t @@ -1176,7 +1188,7 @@ module C03StdIterators_VecIter_Interface type t = Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global), type ShallowModelTy0.shallowModelTy = Seq.seq t val vec_iter [#"../03_std_iterators.rs" 17 0 17 41] (vec : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : usize - requires {[#"../03_std_iterators.rs" 15 11 15 28] Seq.length (ShallowModel0.shallow_model vec) < 1000} + requires {[#"../03_std_iterators.rs" 15 11 15 28] Int.lt (Seq.length (ShallowModel0.shallow_model vec)) 1000} requires {[#"../03_std_iterators.rs" 17 19 17 22] Inv0.inv vec} ensures { [#"../03_std_iterators.rs" 16 10 16 31] UIntSize.to_int result = Seq.length (ShallowModel0.shallow_model vec) } @@ -1356,7 +1368,7 @@ module C03StdIterators_VecIter clone CreusotContracts_Resolve_Resolve_Resolve_Interface as Resolve0 with type self = Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) let rec cfg vec_iter [#"../03_std_iterators.rs" 17 0 17 41] [@cfg:stackify] [@cfg:subregion_analysis] (vec : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : usize - requires {[#"../03_std_iterators.rs" 15 11 15 28] Seq.length (ShallowModel0.shallow_model vec) < 1000} + requires {[#"../03_std_iterators.rs" 15 11 15 28] Int.lt (Seq.length (ShallowModel0.shallow_model vec)) 1000} requires {[#"../03_std_iterators.rs" 17 19 17 22] Inv0.inv vec} ensures { [#"../03_std_iterators.rs" 16 10 16 31] UIntSize.to_int result = Seq.length (ShallowModel0.shallow_model vec) } @@ -1448,7 +1460,7 @@ module C03StdIterators_VecIter assume { Resolve2.resolve produced }; assert { [@expl:type invariant] Inv4.inv __creusot_proc_iter_elem }; assume { Resolve5.resolve __creusot_proc_iter_elem }; - i <- ([#"../03_std_iterators.rs" 21 8 21 14] i + ([#"../03_std_iterators.rs" 21 13 21 14] [#"../03_std_iterators.rs" 21 13 21 14] (1 : usize))); + i <- ([#"../03_std_iterators.rs" 21 8 21 14] UIntSize.add i ([#"../03_std_iterators.rs" 21 13 21 14] [#"../03_std_iterators.rs" 21 13 21 14] (1 : usize))); goto BB4 } @@ -1508,6 +1520,7 @@ module CreusotContracts_Std1_Slice_Impl15_ShallowModel_Stub type t use prelude.Borrow use seq.Seq + use prelude.Int use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv2 with @@ -1530,6 +1543,7 @@ module CreusotContracts_Std1_Slice_Impl15_ShallowModel_Interface type t use prelude.Borrow use seq.Seq + use prelude.Int use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv2 with @@ -1558,6 +1572,7 @@ module CreusotContracts_Std1_Slice_Impl15_ShallowModel type t use prelude.Borrow use seq.Seq + use prelude.Int use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv2 with @@ -1586,6 +1601,7 @@ module CreusotContracts_Std1_Slice_Impl4_ToMutSeq_Stub type t use seq.Seq use prelude.Int + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -1604,6 +1620,7 @@ module CreusotContracts_Std1_Slice_Impl4_ToMutSeq_Interface type t use seq.Seq use prelude.Int + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -1620,17 +1637,18 @@ module CreusotContracts_Std1_Slice_Impl4_ToMutSeq_Interface val to_mut_seq (self : borrowed (slice t)) : Seq.seq (borrowed t) requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 75 23 75 27] Inv0.inv self} ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 72 14 72 41] Seq.length result = Seq.length (ShallowModel0.shallow_model self) } - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 73 4 73 82] forall i : int . 0 <= i /\ i < Seq.length result -> * Seq.get result i = IndexLogic0.index_logic ( * self) i } - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 74 4 74 85] forall i : int . 0 <= i /\ i < Seq.length result -> ^ Seq.get result i = IndexLogic0.index_logic ( ^ self) i } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 73 4 73 82] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length result) -> * Seq.get result i = IndexLogic0.index_logic ( * self) i } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 74 4 74 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length result) -> ^ Seq.get result i = IndexLogic0.index_logic ( ^ self) i } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 75 4 75 43] Inv1.inv result } ensures { result = to_mut_seq self } - axiom to_mut_seq_spec : forall self : borrowed (slice t) . ([#"../../../../../creusot-contracts/src/std/slice.rs" 75 23 75 27] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 75 4 75 43] Inv1.inv (to_mut_seq self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 74 4 74 85] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq self) -> ^ Seq.get (to_mut_seq self) i = IndexLogic0.index_logic ( ^ self) i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 73 4 73 82] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq self) -> * Seq.get (to_mut_seq self) i = IndexLogic0.index_logic ( * self) i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 72 14 72 41] Seq.length (to_mut_seq self) = Seq.length (ShallowModel0.shallow_model self)) + axiom to_mut_seq_spec : forall self : borrowed (slice t) . ([#"../../../../../creusot-contracts/src/std/slice.rs" 75 23 75 27] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 75 4 75 43] Inv1.inv (to_mut_seq self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 74 4 74 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (to_mut_seq self)) -> ^ Seq.get (to_mut_seq self) i = IndexLogic0.index_logic ( ^ self) i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 73 4 73 82] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (to_mut_seq self)) -> * Seq.get (to_mut_seq self) i = IndexLogic0.index_logic ( * self) i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 72 14 72 41] Seq.length (to_mut_seq self) = Seq.length (ShallowModel0.shallow_model self)) end module CreusotContracts_Std1_Slice_Impl4_ToMutSeq type t use seq.Seq use prelude.Int + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -1647,12 +1665,12 @@ module CreusotContracts_Std1_Slice_Impl4_ToMutSeq val to_mut_seq (self : borrowed (slice t)) : Seq.seq (borrowed t) requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 75 23 75 27] Inv0.inv self} ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 72 14 72 41] Seq.length result = Seq.length (ShallowModel0.shallow_model self) } - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 73 4 73 82] forall i : int . 0 <= i /\ i < Seq.length result -> * Seq.get result i = IndexLogic0.index_logic ( * self) i } - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 74 4 74 85] forall i : int . 0 <= i /\ i < Seq.length result -> ^ Seq.get result i = IndexLogic0.index_logic ( ^ self) i } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 73 4 73 82] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length result) -> * Seq.get result i = IndexLogic0.index_logic ( * self) i } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 74 4 74 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length result) -> ^ Seq.get result i = IndexLogic0.index_logic ( ^ self) i } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 75 4 75 43] Inv1.inv result } ensures { result = to_mut_seq self } - axiom to_mut_seq_spec : forall self : borrowed (slice t) . ([#"../../../../../creusot-contracts/src/std/slice.rs" 75 23 75 27] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 75 4 75 43] Inv1.inv (to_mut_seq self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 74 4 74 85] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq self) -> ^ Seq.get (to_mut_seq self) i = IndexLogic0.index_logic ( ^ self) i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 73 4 73 82] forall i : int . 0 <= i /\ i < Seq.length (to_mut_seq self) -> * Seq.get (to_mut_seq self) i = IndexLogic0.index_logic ( * self) i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 72 14 72 41] Seq.length (to_mut_seq self) = Seq.length (ShallowModel0.shallow_model self)) + axiom to_mut_seq_spec : forall self : borrowed (slice t) . ([#"../../../../../creusot-contracts/src/std/slice.rs" 75 23 75 27] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 75 4 75 43] Inv1.inv (to_mut_seq self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 74 4 74 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (to_mut_seq self)) -> ^ Seq.get (to_mut_seq self) i = IndexLogic0.index_logic ( ^ self) i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 73 4 73 82] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (to_mut_seq self)) -> * Seq.get (to_mut_seq self) i = IndexLogic0.index_logic ( * self) i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 72 14 72 41] Seq.length (to_mut_seq self) = Seq.length (ShallowModel0.shallow_model self)) end module CreusotContracts_Std1_Slice_Impl16_Produces_Stub type t @@ -1677,6 +1695,7 @@ module CreusotContracts_Std1_Slice_Impl16_Produces type t use seq.Seq use prelude.Borrow + use prelude.Bool use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv3 with @@ -1767,6 +1786,7 @@ end module CreusotContracts_Std1_Slice_Impl17_Resolve type t use prelude.Borrow + use prelude.Bool use seq.Seq use prelude.Slice use seq.Seq @@ -1801,6 +1821,7 @@ end module Alloc_Vec_Impl9_DerefMut_Interface type t type a + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -1845,6 +1866,7 @@ module Alloc_Vec_Impl9_DerefMut_Interface end module Core_Slice_Impl0_IterMut_Interface type t + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -1895,6 +1917,7 @@ module CreusotContracts_Std1_Slice_Impl16_Completed type t use prelude.Borrow use seq.Seq + use prelude.Bool use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with @@ -2038,6 +2061,7 @@ module C03StdIterators_AllZero_Interface use prelude.Borrow use seq.Seq use prelude.Int + use prelude.Bool use prelude.UIntSize use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with @@ -2062,7 +2086,7 @@ module C03StdIterators_AllZero_Interface axiom . val all_zero [#"../03_std_iterators.rs" 28 0 28 35] (v : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : () ensures { [#"../03_std_iterators.rs" 26 10 26 33] Seq.length (ShallowModel0.shallow_model ( ^ v)) = Seq.length (ShallowModel1.shallow_model v) } - ensures { [#"../03_std_iterators.rs" 27 0 27 66] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel1.shallow_model v) -> UIntSize.to_int (IndexLogic0.index_logic ( ^ v) i) = 0 } + ensures { [#"../03_std_iterators.rs" 27 0 27 66] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel1.shallow_model v)) -> UIntSize.to_int (IndexLogic0.index_logic ( ^ v) i) = 0 } end module C03StdIterators_AllZero @@ -2072,6 +2096,7 @@ module C03StdIterators_AllZero use prelude.Slice use prelude.Ghost use seq.Seq + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Interface as Inv7 with type t = Core_Option_Option_Type.t_option (borrowed usize) @@ -2263,7 +2288,7 @@ module C03StdIterators_AllZero predicate Inv4.inv = Inv5.inv let rec cfg all_zero [#"../03_std_iterators.rs" 28 0 28 35] [@cfg:stackify] [@cfg:subregion_analysis] (v : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : () ensures { [#"../03_std_iterators.rs" 26 10 26 33] Seq.length (ShallowModel0.shallow_model ( ^ v)) = Seq.length (ShallowModel1.shallow_model v) } - ensures { [#"../03_std_iterators.rs" 27 0 27 66] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel1.shallow_model v) -> UIntSize.to_int (IndexLogic1.index_logic ( ^ v) i) = 0 } + ensures { [#"../03_std_iterators.rs" 27 0 27 66] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel1.shallow_model v)) -> UIntSize.to_int (IndexLogic1.index_logic ( ^ v) i) = 0 } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -2318,7 +2343,7 @@ module C03StdIterators_AllZero BB6 { invariant { [#"../03_std_iterators.rs" 29 4 29 87] Inv0.inv iter }; invariant { [#"../03_std_iterators.rs" 29 4 29 87] Produces0.produces (Ghost.inner iter_old) (Ghost.inner produced) iter }; - invariant { [#"../03_std_iterators.rs" 29 4 29 87] forall i : int . 0 <= i /\ i < Seq.length (Ghost.inner produced) -> UIntSize.to_int ( ^ IndexLogic0.index_logic produced i) = 0 }; + invariant { [#"../03_std_iterators.rs" 29 4 29 87] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (Ghost.inner produced)) -> UIntSize.to_int ( ^ IndexLogic0.index_logic produced i) = 0 }; goto BB7 } BB7 { @@ -2454,6 +2479,7 @@ module CreusotContracts_Std1_Iter_Take_Impl0_N_Stub type i use prelude.Int use prelude.UIntSize + use prelude.Bool use Core_Iter_Adapters_Take_Take_Type as Core_Iter_Adapters_Take_Take_Type clone Core_Num_Impl11_Max_Stub as Max0 clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -2464,6 +2490,7 @@ module CreusotContracts_Std1_Iter_Take_Impl0_N_Interface type i use prelude.Int use prelude.UIntSize + use prelude.Bool use Core_Iter_Adapters_Take_Take_Type as Core_Iter_Adapters_Take_Take_Type clone Core_Num_Impl11_Max_Stub as Max0 clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -2471,15 +2498,16 @@ module CreusotContracts_Std1_Iter_Take_Impl0_N_Interface function n (self : Core_Iter_Adapters_Take_Take_Type.t_take i) : int val n (self : Core_Iter_Adapters_Take_Take_Type.t_take i) : int requires {[#"../../../../../creusot-contracts/src/std/iter/take.rs" 34 9 34 13] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/iter/take.rs" 33 14 33 50] result >= 0 /\ result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/iter/take.rs" 33 14 33 50] Int.ge result 0 /\ Int.le result (UIntSize.to_int Max0.mAX') } ensures { result = n self } - axiom n_spec : forall self : Core_Iter_Adapters_Take_Take_Type.t_take i . ([#"../../../../../creusot-contracts/src/std/iter/take.rs" 34 9 34 13] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/iter/take.rs" 33 14 33 50] n self >= 0 /\ n self <= UIntSize.to_int Max0.mAX') + axiom n_spec : forall self : Core_Iter_Adapters_Take_Take_Type.t_take i . ([#"../../../../../creusot-contracts/src/std/iter/take.rs" 34 9 34 13] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/iter/take.rs" 33 14 33 50] Int.ge (n self) 0 /\ Int.le (n self) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Iter_Take_Impl0_N type i use prelude.Int use prelude.UIntSize + use prelude.Bool use Core_Iter_Adapters_Take_Take_Type as Core_Iter_Adapters_Take_Take_Type clone Core_Num_Impl11_Max_Stub as Max0 clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -2487,13 +2515,14 @@ module CreusotContracts_Std1_Iter_Take_Impl0_N function n (self : Core_Iter_Adapters_Take_Take_Type.t_take i) : int val n (self : Core_Iter_Adapters_Take_Take_Type.t_take i) : int requires {[#"../../../../../creusot-contracts/src/std/iter/take.rs" 34 9 34 13] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/iter/take.rs" 33 14 33 50] result >= 0 /\ result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/iter/take.rs" 33 14 33 50] Int.ge result 0 /\ Int.le result (UIntSize.to_int Max0.mAX') } ensures { result = n self } - axiom n_spec : forall self : Core_Iter_Adapters_Take_Take_Type.t_take i . ([#"../../../../../creusot-contracts/src/std/iter/take.rs" 34 9 34 13] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/iter/take.rs" 33 14 33 50] n self >= 0 /\ n self <= UIntSize.to_int Max0.mAX') + axiom n_spec : forall self : Core_Iter_Adapters_Take_Take_Type.t_take i . ([#"../../../../../creusot-contracts/src/std/iter/take.rs" 34 9 34 13] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/iter/take.rs" 33 14 33 50] Int.ge (n self) 0 /\ Int.le (n self) (UIntSize.to_int Max0.mAX')) end module Core_Iter_Traits_Iterator_Iterator_Take_Interface type self + use prelude.Bool use prelude.UIntSize use prelude.Int clone Core_Num_Impl11_Max_Stub as Max0 @@ -2519,6 +2548,7 @@ module CreusotContracts_Std1_Iter_Skip_Impl0_N_Stub type i use prelude.Int use prelude.UIntSize + use prelude.Bool use Core_Iter_Adapters_Skip_Skip_Type as Core_Iter_Adapters_Skip_Skip_Type clone Core_Num_Impl11_Max_Stub as Max0 clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -2529,6 +2559,7 @@ module CreusotContracts_Std1_Iter_Skip_Impl0_N_Interface type i use prelude.Int use prelude.UIntSize + use prelude.Bool use Core_Iter_Adapters_Skip_Skip_Type as Core_Iter_Adapters_Skip_Skip_Type clone Core_Num_Impl11_Max_Stub as Max0 clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -2536,15 +2567,16 @@ module CreusotContracts_Std1_Iter_Skip_Impl0_N_Interface function n (self : Core_Iter_Adapters_Skip_Skip_Type.t_skip i) : int val n (self : Core_Iter_Adapters_Skip_Skip_Type.t_skip i) : int requires {[#"../../../../../creusot-contracts/src/std/iter/skip.rs" 23 9 23 13] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/iter/skip.rs" 22 14 22 50] result >= 0 /\ result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/iter/skip.rs" 22 14 22 50] Int.ge result 0 /\ Int.le result (UIntSize.to_int Max0.mAX') } ensures { result = n self } - axiom n_spec : forall self : Core_Iter_Adapters_Skip_Skip_Type.t_skip i . ([#"../../../../../creusot-contracts/src/std/iter/skip.rs" 23 9 23 13] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/iter/skip.rs" 22 14 22 50] n self >= 0 /\ n self <= UIntSize.to_int Max0.mAX') + axiom n_spec : forall self : Core_Iter_Adapters_Skip_Skip_Type.t_skip i . ([#"../../../../../creusot-contracts/src/std/iter/skip.rs" 23 9 23 13] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/iter/skip.rs" 22 14 22 50] Int.ge (n self) 0 /\ Int.le (n self) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Iter_Skip_Impl0_N type i use prelude.Int use prelude.UIntSize + use prelude.Bool use Core_Iter_Adapters_Skip_Skip_Type as Core_Iter_Adapters_Skip_Skip_Type clone Core_Num_Impl11_Max_Stub as Max0 clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -2552,13 +2584,14 @@ module CreusotContracts_Std1_Iter_Skip_Impl0_N function n (self : Core_Iter_Adapters_Skip_Skip_Type.t_skip i) : int val n (self : Core_Iter_Adapters_Skip_Skip_Type.t_skip i) : int requires {[#"../../../../../creusot-contracts/src/std/iter/skip.rs" 23 9 23 13] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/iter/skip.rs" 22 14 22 50] result >= 0 /\ result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/iter/skip.rs" 22 14 22 50] Int.ge result 0 /\ Int.le result (UIntSize.to_int Max0.mAX') } ensures { result = n self } - axiom n_spec : forall self : Core_Iter_Adapters_Skip_Skip_Type.t_skip i . ([#"../../../../../creusot-contracts/src/std/iter/skip.rs" 23 9 23 13] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/iter/skip.rs" 22 14 22 50] n self >= 0 /\ n self <= UIntSize.to_int Max0.mAX') + axiom n_spec : forall self : Core_Iter_Adapters_Skip_Skip_Type.t_skip i . ([#"../../../../../creusot-contracts/src/std/iter/skip.rs" 23 9 23 13] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/iter/skip.rs" 22 14 22 50] Int.ge (n self) 0 /\ Int.le (n self) (UIntSize.to_int Max0.mAX')) end module Core_Iter_Traits_Iterator_Iterator_Skip_Interface type self + use prelude.Bool use prelude.UIntSize use prelude.Int clone Core_Num_Impl11_Max_Stub as Max0 @@ -2676,8 +2709,9 @@ end module CreusotContracts_Std1_Iter_Skip_Impl1_Completed type i use prelude.Borrow - use seq.Seq use prelude.Int + use seq.Seq + use prelude.Bool clone Core_Iter_Traits_Iterator_Iterator_Item_Type as Item0 with type self = i use seq.Seq @@ -2704,7 +2738,7 @@ module CreusotContracts_Std1_Iter_Skip_Impl1_Completed val Max0.mAX' = Max0.mAX', axiom . predicate completed (self : borrowed (Core_Iter_Adapters_Skip_Skip_Type.t_skip i)) = - [#"../../../../../creusot-contracts/src/std/iter/skip.rs" 43 8 51 9] N0.n ( ^ self) = 0 /\ (exists i : borrowed i . exists s : Seq.seq Item0.item . Inv0.inv i /\ Inv1.inv s /\ Seq.length s <= N0.n ( * self) /\ Produces0.produces (Iter0.iter ( * self)) s ( * i) /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Resolve0.resolve (Seq.get s i)) /\ Completed0.completed i /\ ^ i = Iter0.iter ( ^ self)) + [#"../../../../../creusot-contracts/src/std/iter/skip.rs" 43 8 51 9] N0.n ( ^ self) = 0 /\ (exists i : borrowed i . exists s : Seq.seq Item0.item . Inv0.inv i /\ Inv1.inv s /\ Int.le (Seq.length s) (N0.n ( * self)) /\ Produces0.produces (Iter0.iter ( * self)) s ( * i) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length s) -> Resolve0.resolve (Seq.get s i)) /\ Completed0.completed i /\ ^ i = Iter0.iter ( ^ self)) val completed (self : borrowed (Core_Iter_Adapters_Skip_Skip_Type.t_skip i)) : bool ensures { result = completed self } @@ -2733,6 +2767,7 @@ end module CreusotContracts_Std1_Iter_Skip_Impl1_Produces type i use seq.Seq + use prelude.Bool use prelude.Int clone Core_Iter_Traits_Iterator_Iterator_Item_Type as Item0 with type self = i @@ -2758,7 +2793,7 @@ module CreusotContracts_Std1_Iter_Skip_Impl1_Produces predicate produces (self : Core_Iter_Adapters_Skip_Skip_Type.t_skip i) (visited : Seq.seq Item0.item) (o : Core_Iter_Adapters_Skip_Skip_Type.t_skip i) = - [#"../../../../../creusot-contracts/src/std/iter/skip.rs" 57 8 64 9] visited = Seq.empty /\ self = o \/ N0.n o = 0 /\ Seq.length visited > 0 /\ (exists s : Seq.seq Item0.item . Inv0.inv s /\ Seq.length s = N0.n self /\ Produces0.produces (Iter0.iter self) (Seq.(++) s visited) (Iter0.iter o) /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Resolve0.resolve (Seq.get s i))) + [#"../../../../../creusot-contracts/src/std/iter/skip.rs" 57 8 64 9] visited = Seq.empty /\ self = o \/ N0.n o = 0 /\ Int.gt (Seq.length visited) 0 /\ (exists s : Seq.seq Item0.item . Inv0.inv s /\ Seq.length s = N0.n self /\ Produces0.produces (Iter0.iter self) (Seq.(++) s visited) (Iter0.iter o) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length s) -> Resolve0.resolve (Seq.get s i))) val produces (self : Core_Iter_Adapters_Skip_Skip_Type.t_skip i) (visited : Seq.seq Item0.item) (o : Core_Iter_Adapters_Skip_Skip_Type.t_skip i) : bool ensures { result = produces self visited o } @@ -2943,6 +2978,7 @@ module CreusotContracts_Std1_Iter_Take_Impl1_Produces type i use seq.Seq use prelude.Int + use prelude.Bool clone Core_Num_Impl11_Max_Stub as Max0 use Core_Iter_Adapters_Take_Take_Type as Core_Iter_Adapters_Take_Take_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -2962,7 +2998,7 @@ module CreusotContracts_Std1_Iter_Take_Impl1_Produces predicate produces (self : Core_Iter_Adapters_Take_Take_Type.t_take i) (visited : Seq.seq Item0.item) (o : Core_Iter_Adapters_Take_Take_Type.t_take i) = - [#"../../../../../creusot-contracts/src/std/iter/take.rs" 64 12 64 88] N0.n self = N0.n o + Seq.length visited /\ Produces0.produces (Iter0.iter self) visited (Iter0.iter o) + [#"../../../../../creusot-contracts/src/std/iter/take.rs" 64 12 64 88] N0.n self = Int.add (N0.n o) (Seq.length visited) /\ Produces0.produces (Iter0.iter self) visited (Iter0.iter o) val produces (self : Core_Iter_Adapters_Take_Take_Type.t_take i) (visited : Seq.seq Item0.item) (o : Core_Iter_Adapters_Take_Take_Type.t_take i) : bool ensures { result = produces self visited o } @@ -2970,6 +3006,7 @@ end module CreusotContracts_Std1_Iter_Take_Impl0_IterMut_Stub type i use prelude.Borrow + use prelude.Bool use Core_Iter_Adapters_Take_Take_Type as Core_Iter_Adapters_Take_Take_Type clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = borrowed i @@ -2982,6 +3019,7 @@ end module CreusotContracts_Std1_Iter_Take_Impl0_IterMut_Interface type i use prelude.Borrow + use prelude.Bool use Core_Iter_Adapters_Take_Take_Type as Core_Iter_Adapters_Take_Take_Type clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = borrowed i @@ -3001,6 +3039,7 @@ end module CreusotContracts_Std1_Iter_Take_Impl0_IterMut type i use prelude.Borrow + use prelude.Bool use Core_Iter_Adapters_Take_Take_Type as Core_Iter_Adapters_Take_Take_Type clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = borrowed i @@ -3036,6 +3075,7 @@ module CreusotContracts_Std1_Iter_Take_Impl1_Completed type i use prelude.Borrow use prelude.Int + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv2 with type t = borrowed i use Core_Iter_Adapters_Take_Take_Type as Core_Iter_Adapters_Take_Take_Type @@ -3062,7 +3102,7 @@ module CreusotContracts_Std1_Iter_Take_Impl1_Completed val Max0.mAX' = Max0.mAX', axiom . predicate completed (self : borrowed (Core_Iter_Adapters_Take_Take_Type.t_take i)) = - [#"../../../../../creusot-contracts/src/std/iter/take.rs" 55 12 56 92] N0.n ( * self) = 0 /\ Resolve0.resolve self \/ N0.n ( * self) > 0 /\ N0.n ( * self) = N0.n ( ^ self) + 1 /\ Completed0.completed (IterMut0.iter_mut self) + [#"../../../../../creusot-contracts/src/std/iter/take.rs" 55 12 56 92] N0.n ( * self) = 0 /\ Resolve0.resolve self \/ Int.gt (N0.n ( * self)) 0 /\ N0.n ( * self) = Int.add (N0.n ( ^ self)) 1 /\ Completed0.completed (IterMut0.iter_mut self) val completed (self : borrowed (Core_Iter_Adapters_Take_Take_Type.t_take i)) : bool ensures { result = completed self } @@ -3326,6 +3366,7 @@ end module C03StdIterators_SkipTake type i use prelude.Borrow + use prelude.Bool use prelude.Int use prelude.UIntSize use seq.Seq @@ -3637,6 +3678,7 @@ module C03StdIterators_Counter_Closure0_Interface use prelude.Ghost use seq.Seq use prelude.Int + use prelude.Bool use prelude.UInt32 clone CreusotContracts_Resolve_Impl1_Resolve_Stub as Resolve0 with type t = usize @@ -3654,18 +3696,18 @@ module C03StdIterators_Counter_Closure0_Interface predicate precondition [#"../03_std_iterators.rs" 48 12 48 91] (self : c03stditerators_counter_closure0) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) = - [#"../03_std_iterators.rs" 47 23 47 65] let (x, _prod) = args in UIntSize.to_int ( * field_0 self) = Seq.length (Ghost.inner _prod) /\ * field_0 self < Max0.mAX' + [#"../03_std_iterators.rs" 47 23 47 65] let (x, _prod) = args in UIntSize.to_int ( * field_0 self) = Seq.length (Ghost.inner _prod) /\ Int.lt ( * field_0 self) Max0.mAX' predicate postcondition_once [#"../03_std_iterators.rs" 48 12 48 91] (self : c03stditerators_counter_closure0) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) = - [#"../03_std_iterators.rs" 48 22 48 89] let (x, _prod) = args in UIntSize.to_int ( ^ field_0 self) = UIntSize.to_int ( * field_0 self) + 1 /\ UIntSize.to_int ( ^ field_0 self) = Seq.length (Ghost.inner _prod) + 1 /\ result = x + [#"../03_std_iterators.rs" 48 22 48 89] let (x, _prod) = args in UIntSize.to_int ( ^ field_0 self) = Int.add (UIntSize.to_int ( * field_0 self)) 1 /\ UIntSize.to_int ( ^ field_0 self) = Int.add (Seq.length (Ghost.inner _prod)) 1 /\ result = x predicate postcondition_mut [#"../03_std_iterators.rs" 48 12 48 91] (self : borrowed c03stditerators_counter_closure0) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) = - [#"../03_std_iterators.rs" 1 0 1 0] (let (x, _prod) = args in UIntSize.to_int ( * field_0 ( ^ self)) = UIntSize.to_int ( * field_0 ( * self)) + 1 /\ UIntSize.to_int ( * field_0 ( ^ self)) = Seq.length (Ghost.inner _prod) + 1 /\ result = x) /\ unnest ( * self) ( ^ self) + [#"../03_std_iterators.rs" 1 0 1 0] (let (x, _prod) = args in UIntSize.to_int ( * field_0 ( ^ self)) = Int.add (UIntSize.to_int ( * field_0 ( * self))) 1 /\ UIntSize.to_int ( * field_0 ( ^ self)) = Int.add (Seq.length (Ghost.inner _prod)) 1 /\ result = x) /\ unnest ( * self) ( ^ self) val c03StdIterators_Counter_Closure0 [#"../03_std_iterators.rs" 48 12 48 91] (_1 : borrowed c03stditerators_counter_closure0) (x : uint32) (_prod : Ghost.ghost_ty (Seq.seq uint32)) : uint32 - requires {[#"../03_std_iterators.rs" 47 23 47 65] UIntSize.to_int ( * field_0 ( * _1)) = Seq.length (Ghost.inner _prod) /\ * field_0 ( * _1) < Max0.mAX'} - ensures { [#"../03_std_iterators.rs" 48 22 48 89] UIntSize.to_int ( * field_0 ( ^ _1)) = UIntSize.to_int ( * field_0 ( * _1)) + 1 /\ UIntSize.to_int ( * field_0 ( ^ _1)) = Seq.length (Ghost.inner _prod) + 1 /\ result = x } + requires {[#"../03_std_iterators.rs" 47 23 47 65] UIntSize.to_int ( * field_0 ( * _1)) = Seq.length (Ghost.inner _prod) /\ Int.lt ( * field_0 ( * _1)) Max0.mAX'} + ensures { [#"../03_std_iterators.rs" 48 22 48 89] UIntSize.to_int ( * field_0 ( ^ _1)) = Int.add (UIntSize.to_int ( * field_0 ( * _1))) 1 /\ UIntSize.to_int ( * field_0 ( ^ _1)) = Int.add (Seq.length (Ghost.inner _prod)) 1 /\ result = x } ensures { unnest ( * _1) ( ^ _1) } end @@ -3677,6 +3719,7 @@ module C03StdIterators_Counter_Closure0 use prelude.Borrow use prelude.Ghost use seq.Seq + use prelude.Bool use seq.Seq use prelude.Ghost clone CreusotContracts_Resolve_Impl1_Resolve as Resolve1 with @@ -3697,18 +3740,18 @@ module C03StdIterators_Counter_Closure0 predicate precondition [#"../03_std_iterators.rs" 48 12 48 91] (self : c03stditerators_counter_closure0) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) = - [#"../03_std_iterators.rs" 47 23 47 65] let (x, _prod) = args in UIntSize.to_int ( * field_0 self) = Seq.length (Ghost.inner _prod) /\ * field_0 self < Max0.mAX' + [#"../03_std_iterators.rs" 47 23 47 65] let (x, _prod) = args in UIntSize.to_int ( * field_0 self) = Seq.length (Ghost.inner _prod) /\ Int.lt ( * field_0 self) Max0.mAX' predicate postcondition_once [#"../03_std_iterators.rs" 48 12 48 91] (self : c03stditerators_counter_closure0) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) = - [#"../03_std_iterators.rs" 48 22 48 89] let (x, _prod) = args in UIntSize.to_int ( ^ field_0 self) = UIntSize.to_int ( * field_0 self) + 1 /\ UIntSize.to_int ( ^ field_0 self) = Seq.length (Ghost.inner _prod) + 1 /\ result = x + [#"../03_std_iterators.rs" 48 22 48 89] let (x, _prod) = args in UIntSize.to_int ( ^ field_0 self) = Int.add (UIntSize.to_int ( * field_0 self)) 1 /\ UIntSize.to_int ( ^ field_0 self) = Int.add (Seq.length (Ghost.inner _prod)) 1 /\ result = x predicate postcondition_mut [#"../03_std_iterators.rs" 48 12 48 91] (self : borrowed c03stditerators_counter_closure0) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) = - [#"../03_std_iterators.rs" 1 0 1 0] (let (x, _prod) = args in UIntSize.to_int ( * field_0 ( ^ self)) = UIntSize.to_int ( * field_0 ( * self)) + 1 /\ UIntSize.to_int ( * field_0 ( ^ self)) = Seq.length (Ghost.inner _prod) + 1 /\ result = x) /\ unnest ( * self) ( ^ self) + [#"../03_std_iterators.rs" 1 0 1 0] (let (x, _prod) = args in UIntSize.to_int ( * field_0 ( ^ self)) = Int.add (UIntSize.to_int ( * field_0 ( * self))) 1 /\ UIntSize.to_int ( * field_0 ( ^ self)) = Int.add (Seq.length (Ghost.inner _prod)) 1 /\ result = x) /\ unnest ( * self) ( ^ self) let rec cfg c03StdIterators_Counter_Closure0 [#"../03_std_iterators.rs" 48 12 48 91] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : borrowed c03stditerators_counter_closure0) (x : uint32) (_prod : Ghost.ghost_ty (Seq.seq uint32)) : uint32 - requires {[#"../03_std_iterators.rs" 47 23 47 65] UIntSize.to_int ( * field_0 ( * _1)) = Seq.length (Ghost.inner _prod) /\ * field_0 ( * _1) < Max0.mAX'} - ensures { [#"../03_std_iterators.rs" 48 22 48 89] UIntSize.to_int ( * field_0 ( ^ _1)) = UIntSize.to_int ( * field_0 ( * _1)) + 1 /\ UIntSize.to_int ( * field_0 ( ^ _1)) = Seq.length (Ghost.inner _prod) + 1 /\ result = x } + requires {[#"../03_std_iterators.rs" 47 23 47 65] UIntSize.to_int ( * field_0 ( * _1)) = Seq.length (Ghost.inner _prod) /\ Int.lt ( * field_0 ( * _1)) Max0.mAX'} + ensures { [#"../03_std_iterators.rs" 48 22 48 89] UIntSize.to_int ( * field_0 ( ^ _1)) = Int.add (UIntSize.to_int ( * field_0 ( * _1))) 1 /\ UIntSize.to_int ( * field_0 ( ^ _1)) = Int.add (Seq.length (Ghost.inner _prod)) 1 /\ result = x } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : uint32; @@ -3720,7 +3763,7 @@ module C03StdIterators_Counter_Closure0 goto BB0 } BB0 { - _1 <- { _1 with current = (let C03StdIterators_Counter_Closure0 a = * _1 in C03StdIterators_Counter_Closure0 ({ (field_0 ( * _1)) with current = ([#"../03_std_iterators.rs" 50 16 50 24] * field_0 ( * _1) + ([#"../03_std_iterators.rs" 50 23 50 24] [#"../03_std_iterators.rs" 50 23 50 24] (1 : usize))) })) }; + _1 <- { _1 with current = (let C03StdIterators_Counter_Closure0 a = * _1 in C03StdIterators_Counter_Closure0 ({ (field_0 ( * _1)) with current = ([#"../03_std_iterators.rs" 50 16 50 24] UIntSize.add ( * field_0 ( * _1)) ([#"../03_std_iterators.rs" 50 23 50 24] [#"../03_std_iterators.rs" 50 23 50 24] (1 : usize))) })) }; assume { Resolve0.resolve _1 }; res1 <- x; res <- res1; @@ -3748,6 +3791,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve type t use prelude.Int use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -3769,7 +3813,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve predicate Inv1.inv = Inv1.inv, axiom . predicate resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) = - [#"../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Resolve0.resolve (IndexLogic0.index_logic self i) + [#"../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Resolve0.resolve (IndexLogic0.index_logic self i) val resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = resolve self } @@ -3777,6 +3821,7 @@ end module Alloc_Vec_Impl8_Deref_Interface type t type a + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -3980,6 +4025,7 @@ module CreusotContracts_Std1_Iter_MapInv_Impl3_Reinitialize type f use prelude.Borrow use seq.Seq + use prelude.Bool clone Core_Iter_Traits_Iterator_Iterator_Item_Type as Item0 with type self = i clone CreusotContracts_Std1_Iter_MapInv_Impl3_Preservation_Stub as Preservation0 with @@ -4009,6 +4055,7 @@ module CreusotContracts_Std1_Iter_Iterator_MapInv_Interface type f use seq.Seq use prelude.Ghost + use prelude.Bool clone Core_Iter_Traits_Iterator_Iterator_Item_Type as Item0 with type self = self use seq.Seq @@ -4075,6 +4122,7 @@ module Core_Iter_Traits_Iterator_Iterator_Collect_Interface type b use seq.Seq use prelude.Borrow + use prelude.Bool clone Core_Iter_Traits_Iterator_Iterator_Item_Type as Item0 with type self = self use seq.Seq @@ -4150,6 +4198,7 @@ module CreusotContracts_Std1_Iter_MapInv_Impl4_Resolve type i type b type f + use prelude.Bool clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve1 with type self = f clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve0 with @@ -4191,6 +4240,7 @@ module CreusotContracts_Std1_Iter_MapInv_Impl0_Completed use prelude.Borrow use prelude.Ghost use seq.Seq + use prelude.Bool clone CreusotContracts_Std1_Iter_Iterator_Completed_Stub as Completed0 with type self = i clone Core_Iter_Traits_Iterator_Iterator_Item_Type as Item0 with @@ -4232,9 +4282,10 @@ module CreusotContracts_Std1_Iter_MapInv_Impl0_Produces type b type f use seq.Seq + use prelude.Int + use prelude.Bool use prelude.Ghost use prelude.Borrow - use prelude.Int use seq_ext.SeqExt use seq.Seq clone Core_Iter_Traits_Iterator_Iterator_Item_Type as Item0 with @@ -4261,11 +4312,11 @@ module CreusotContracts_Std1_Iter_MapInv_Impl0_Produces predicate produces [@inline:trivial] (self : CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv i Item0.item f) (visited : Seq.seq b) (succ : CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv i Item0.item f) = - [#"../../../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9] Unnest0.unnest (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func self) (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func succ) /\ (exists s : Seq.seq Item0.item . Inv0.inv s /\ Seq.length s = Seq.length visited /\ Produces0.produces (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter self) s (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter succ) /\ Ghost.inner (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced succ) = Seq.(++) (Ghost.inner (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced self)) s /\ (exists fs : Seq.seq (borrowed f) . Inv1.inv fs /\ Seq.length fs = Seq.length visited /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> ^ Seq.get fs (i - 1) = * Seq.get fs i) /\ (if Seq.length visited = 0 then + [#"../../../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9] Unnest0.unnest (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func self) (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func succ) /\ (exists s : Seq.seq Item0.item . Inv0.inv s /\ Seq.length s = Seq.length visited /\ Produces0.produces (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter self) s (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter succ) /\ Ghost.inner (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced succ) = Seq.(++) (Ghost.inner (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced self)) s /\ (exists fs : Seq.seq (borrowed f) . Inv1.inv fs /\ Seq.length fs = Seq.length visited /\ (forall i : int . Int.le 1 i /\ Int.lt i (Seq.length fs) -> ^ Seq.get fs (Int.sub i 1) = * Seq.get fs i) /\ (if Seq.length visited = 0 then CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func self = CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func succ else - * Seq.get fs 0 = CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func self /\ ^ Seq.get fs (Seq.length visited - 1) = CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func succ - ) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Unnest0.unnest (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func self) ( * Seq.get fs i) /\ Precondition0.precondition ( * Seq.get fs i) (Seq.get s i, Ghost.new (Seq.(++) (Ghost.inner (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced self)) (SeqExt.subsequence s 0 i))) /\ PostconditionMut0.postcondition_mut (Seq.get fs i) (Seq.get s i, Ghost.new (Seq.(++) (Ghost.inner (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced self)) (SeqExt.subsequence s 0 i))) (Seq.get visited i)))) + * Seq.get fs 0 = CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func self /\ ^ Seq.get fs (Int.sub (Seq.length visited) 1) = CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func succ + ) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length visited) -> Unnest0.unnest (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func self) ( * Seq.get fs i) /\ Precondition0.precondition ( * Seq.get fs i) (Seq.get s i, Ghost.new (Seq.(++) (Ghost.inner (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced self)) (SeqExt.subsequence s 0 i))) /\ PostconditionMut0.postcondition_mut (Seq.get fs i) (Seq.get s i, Ghost.new (Seq.(++) (Ghost.inner (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced self)) (SeqExt.subsequence s 0 i))) (Seq.get visited i)))) val produces [@inline:trivial] (self : CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv i Item0.item f) (visited : Seq.seq b) (succ : CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv i Item0.item f) : bool ensures { result = produces self visited succ } @@ -4290,6 +4341,7 @@ end module CreusotContracts_Std1_Vec_Impl9_FromIterPost type t use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -4943,6 +4995,7 @@ end module CreusotContracts_Std1_Iter_Range_Impl0_Produces type idx use seq.Seq + use prelude.Bool use prelude.Int use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with @@ -4952,7 +5005,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Produces predicate produces (self : Core_Ops_Range_Range_Type.t_range idx) (visited : Seq.seq idx) (o : Core_Ops_Range_Range_Type.t_range idx) = - [#"../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) <= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) /\ (Seq.length visited > 0 -> DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) <= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end o)) /\ Seq.length visited = DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) - DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> DeepModel0.deep_model (Seq.get visited i) = DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) + i) + [#"../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ Int.le (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) /\ (Int.gt (Seq.length visited) 0 -> Int.le (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end o))) /\ Seq.length visited = Int.sub (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length visited) -> DeepModel0.deep_model (Seq.get visited i) = Int.add (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) i) val produces (self : Core_Ops_Range_Range_Type.t_range idx) (visited : Seq.seq idx) (o : Core_Ops_Range_Range_Type.t_range idx) : bool ensures { result = produces self visited o } @@ -5133,6 +5186,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Completed type idx use prelude.Borrow use prelude.Int + use prelude.Bool use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with type self = idx, @@ -5141,7 +5195,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Completed clone CreusotContracts_Resolve_Impl1_Resolve_Stub as Resolve0 with type t = Core_Ops_Range_Range_Type.t_range idx predicate completed (self : borrowed (Core_Ops_Range_Range_Type.t_range idx)) = - [#"../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78] Resolve0.resolve self /\ DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start ( * self)) >= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end ( * self)) + [#"../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78] Resolve0.resolve self /\ Int.ge (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start ( * self))) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end ( * self))) val completed (self : borrowed (Core_Ops_Range_Range_Type.t_range idx)) : bool ensures { result = completed self } @@ -5150,7 +5204,7 @@ module C03StdIterators_SumRange_Interface use prelude.IntSize use prelude.Int val sum_range [#"../03_std_iterators.rs" 63 0 63 35] (n : isize) : isize - requires {[#"../03_std_iterators.rs" 61 11 61 18] IntSize.to_int n >= 0} + requires {[#"../03_std_iterators.rs" 61 11 61 18] Int.ge (IntSize.to_int n) 0} ensures { [#"../03_std_iterators.rs" 62 10 62 21] result = n } end @@ -5159,6 +5213,7 @@ module C03StdIterators_SumRange use prelude.IntSize use prelude.Ghost use seq.Seq + use prelude.Bool use prelude.Borrow use seq.Seq clone CreusotContracts_Invariant_Inv_Interface as Inv3 with @@ -5225,7 +5280,7 @@ module C03StdIterators_SumRange predicate Inv0.inv = Inv0.inv, predicate IntoIterPost0.into_iter_post = IntoIterPost0.into_iter_post let rec cfg sum_range [#"../03_std_iterators.rs" 63 0 63 35] [@cfg:stackify] [@cfg:subregion_analysis] (n : isize) : isize - requires {[#"../03_std_iterators.rs" 61 11 61 18] IntSize.to_int n >= 0} + requires {[#"../03_std_iterators.rs" 61 11 61 18] Int.ge (IntSize.to_int n) 0} ensures { [#"../03_std_iterators.rs" 62 10 62 21] result = n } = [@vc:do_not_keep_trace] [@vc:sp] @@ -5262,7 +5317,7 @@ module C03StdIterators_SumRange BB4 { invariant { [#"../03_std_iterators.rs" 65 4 65 48] Inv0.inv iter }; invariant { [#"../03_std_iterators.rs" 65 4 65 48] Produces0.produces (Ghost.inner iter_old) (Ghost.inner produced) iter }; - invariant { [#"../03_std_iterators.rs" 65 16 65 46] IntSize.to_int i = Seq.length (Ghost.inner produced) /\ i <= n }; + invariant { [#"../03_std_iterators.rs" 65 16 65 46] IntSize.to_int i = Seq.length (Ghost.inner produced) /\ Int.le i n }; goto BB5 } BB5 { @@ -5299,7 +5354,7 @@ module C03StdIterators_SumRange BB11 { produced <- _22; _22 <- any Ghost.ghost_ty (Seq.seq isize); - i <- ([#"../03_std_iterators.rs" 67 8 67 14] i + ([#"../03_std_iterators.rs" 67 13 67 14] [#"../03_std_iterators.rs" 67 13 67 14] (1 : isize))); + i <- ([#"../03_std_iterators.rs" 67 8 67 14] IntSize.add i ([#"../03_std_iterators.rs" 67 13 67 14] [#"../03_std_iterators.rs" 67 13 67 14] (1 : isize))); goto BB4 } @@ -5390,6 +5445,7 @@ module CreusotContracts_Std1_Iter_Enumerate_Impl2_Produces use seq.Seq use prelude.Int use prelude.UIntSize + use prelude.Bool clone Core_Iter_Traits_Iterator_Iterator_Item_Type as Item0 with type self = i use seq.Seq @@ -5406,7 +5462,7 @@ module CreusotContracts_Std1_Iter_Enumerate_Impl2_Produces predicate produces (self : Core_Iter_Adapters_Enumerate_Enumerate_Type.t_enumerate i) (visited : Seq.seq (usize, Item0.item)) (o : Core_Iter_Adapters_Enumerate_Enumerate_Type.t_enumerate i) = - [#"../../../../../creusot-contracts/src/std/iter/enumerate.rs" 62 8 67 9] Seq.length visited = N0.n o - N0.n self /\ (exists s : Seq.seq Item0.item . Inv0.inv s /\ Produces0.produces (Iter0.iter self) s (Iter0.iter o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = N0.n self + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) + [#"../../../../../creusot-contracts/src/std/iter/enumerate.rs" 62 8 67 9] Seq.length visited = Int.sub (N0.n o) (N0.n self) /\ (exists s : Seq.seq Item0.item . Inv0.inv s /\ Produces0.produces (Iter0.iter self) s (Iter0.iter o) /\ Seq.length visited = Seq.length s /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length s) -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = Int.add (N0.n self) i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) val produces (self : Core_Iter_Adapters_Enumerate_Enumerate_Type.t_enumerate i) (visited : Seq.seq (usize, Item0.item)) (o : Core_Iter_Adapters_Enumerate_Enumerate_Type.t_enumerate i) : bool ensures { result = produces self visited o } @@ -5427,6 +5483,7 @@ end module CreusotContracts_Resolve_Impl0_Resolve type t1 type t2 + use prelude.Bool clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve1 with type self = t2 clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve0 with @@ -5465,6 +5522,8 @@ module CreusotContracts_Std1_Iter_Enumerate_Impl3_Resolve end module Core_Iter_Traits_Iterator_Iterator_Enumerate_Interface type self + use prelude.Bool + use prelude.Int use Core_Iter_Adapters_Enumerate_Enumerate_Type as Core_Iter_Adapters_Enumerate_Enumerate_Type clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Core_Iter_Adapters_Enumerate_Enumerate_Type.t_enumerate self @@ -5670,6 +5729,7 @@ end module CreusotContracts_Std1_Iter_Enumerate_Impl2_Completed type i use prelude.Borrow + use prelude.Bool clone CreusotContracts_Std1_Iter_Iterator_Completed_Stub as Completed0 with type self = i use Core_Iter_Adapters_Enumerate_Enumerate_Type as Core_Iter_Adapters_Enumerate_Enumerate_Type @@ -5713,6 +5773,7 @@ module C03StdIterators_EnumerateRange use prelude.UIntSize use prelude.Ghost use seq.Seq + use prelude.Bool use prelude.Borrow use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type clone CreusotContracts_Resolve_Impl1_Resolve as Resolve5 with @@ -5894,7 +5955,7 @@ module C03StdIterators_EnumerateRange BB5 { invariant { [#"../03_std_iterators.rs" 73 4 73 96] Inv0.inv iter }; invariant { [#"../03_std_iterators.rs" 73 4 73 96] Produces0.produces (Ghost.inner iter_old) (Ghost.inner produced) iter }; - invariant { [#"../03_std_iterators.rs" 73 4 73 96] forall i : int . 0 <= i /\ i < Seq.length (Ghost.inner produced) -> (let (a, _) = IndexLogic0.index_logic produced i in a) = (let (_, a) = IndexLogic0.index_logic produced i in a) }; + invariant { [#"../03_std_iterators.rs" 73 4 73 96] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (Ghost.inner produced)) -> (let (a, _) = IndexLogic0.index_logic produced i in a) = (let (_, a) = IndexLogic0.index_logic produced i in a) }; goto BB6 } BB6 { @@ -5966,8 +6027,9 @@ module C03StdIterators_EquivRange type t use seq.Seq use prelude.Int + use prelude.Bool predicate equiv_range [#"../03_std_iterators.rs" 80 0 80 65] (s1 : Seq.seq t) (s2 : Seq.seq t) (l : int) (u : int) = - [#"../03_std_iterators.rs" 81 4 83 5] forall i : int . l <= i /\ i < u -> Seq.get s1 i = Seq.get s2 i + [#"../03_std_iterators.rs" 81 4 83 5] forall i : int . Int.le l i /\ Int.lt i u -> Seq.get s1 i = Seq.get s2 i val equiv_range [#"../03_std_iterators.rs" 80 0 80 65] (s1 : Seq.seq t) (s2 : Seq.seq t) (l : int) (u : int) : bool ensures { result = equiv_range s1 s2 l u } @@ -5993,10 +6055,11 @@ module C03StdIterators_EquivReverseRange type t use seq.Seq use prelude.Int + use prelude.Bool predicate equiv_reverse_range [#"../03_std_iterators.rs" 87 0 87 81] (s1 : Seq.seq t) (s2 : Seq.seq t) (l : int) (u : int) (n : int) = - [#"../03_std_iterators.rs" 88 4 90 5] forall i : int . l <= i /\ i < u -> Seq.get s1 i = Seq.get s2 (n - i) + [#"../03_std_iterators.rs" 88 4 90 5] forall i : int . Int.le l i /\ Int.lt i u -> Seq.get s1 i = Seq.get s2 (Int.sub n i) val equiv_reverse_range [#"../03_std_iterators.rs" 87 0 87 81] (s1 : Seq.seq t) (s2 : Seq.seq t) (l : int) (u : int) (n : int) : bool ensures { result = equiv_reverse_range s1 s2 l u n } @@ -6088,6 +6151,7 @@ module CreusotContracts_Std1_Iter_Zip_Impl1_Produces type b use seq.Seq use prelude.Int + use prelude.Bool clone Core_Iter_Traits_Iterator_Iterator_Item_Type as Item0 with type self = a use seq.Seq @@ -6113,7 +6177,7 @@ module CreusotContracts_Std1_Iter_Zip_Impl1_Produces predicate produces (self : Core_Iter_Adapters_Zip_Zip_Type.t_zip a b) (visited : Seq.seq (Item0.item, Item1.item)) (o : Core_Iter_Adapters_Zip_Zip_Type.t_zip a b) = - [#"../../../../../creusot-contracts/src/std/iter/zip.rs" 44 8 50 9] exists p2 : Seq.seq Item1.item . exists p1 : Seq.seq Item0.item . Inv0.inv p2 /\ Inv1.inv p1 /\ Seq.length p1 = Seq.length p2 /\ Seq.length p2 = Seq.length visited /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) /\ Produces0.produces (Itera0.itera self) p1 (Itera0.itera o) /\ Produces1.produces (Iterb0.iterb self) p2 (Iterb0.iterb o) + [#"../../../../../creusot-contracts/src/std/iter/zip.rs" 44 8 50 9] exists p2 : Seq.seq Item1.item . exists p1 : Seq.seq Item0.item . Inv0.inv p2 /\ Inv1.inv p1 /\ Seq.length p1 = Seq.length p2 /\ Seq.length p2 = Seq.length visited /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length visited) -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) /\ Produces0.produces (Itera0.itera self) p1 (Itera0.itera o) /\ Produces1.produces (Iterb0.iterb self) p2 (Iterb0.iterb o) val produces (self : Core_Iter_Adapters_Zip_Zip_Type.t_zip a b) (visited : Seq.seq (Item0.item, Item1.item)) (o : Core_Iter_Adapters_Zip_Zip_Type.t_zip a b) : bool ensures { result = produces self visited o } @@ -6153,9 +6217,9 @@ module Core_Slice_Impl0_Len_Interface type t use seq.Seq use prelude.UIntSize + use prelude.Int use prelude.Borrow use prelude.Slice - use prelude.Int use seq.Seq clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with type t = slice t, @@ -6170,6 +6234,7 @@ end module Core_Iter_Traits_Iterator_Iterator_Zip_Interface type self type u + use prelude.Bool clone Core_Iter_Traits_Collect_IntoIterator_IntoIter_Type as IntoIter0 with type self = u use Core_Iter_Adapters_Zip_Zip_Type as Core_Iter_Adapters_Zip_Zip_Type @@ -6254,8 +6319,8 @@ module Core_Slice_Impl0_Swap_Interface type t = slice t, type ShallowModelTy0.shallowModelTy = Seq.seq t val swap (self : borrowed (slice t)) (a : usize) (b : usize) : () - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 240 19 240 35] UIntSize.to_int a < Seq.length (ShallowModel0.shallow_model self)} - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 241 19 241 35] UIntSize.to_int b < Seq.length (ShallowModel0.shallow_model self)} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 240 19 240 35] Int.lt (UIntSize.to_int a) (Seq.length (ShallowModel0.shallow_model self))} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 241 19 241 35] Int.lt (UIntSize.to_int b) (Seq.length (ShallowModel0.shallow_model self))} requires {Inv0.inv self} ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 242 8 242 52] Permut.exchange (ShallowModel1.shallow_model ( ^ self)) (ShallowModel0.shallow_model self) (UIntSize.to_int a) (UIntSize.to_int b) } @@ -6440,6 +6505,7 @@ module CreusotContracts_Std1_Iter_Zip_Impl1_Completed type a type b use prelude.Borrow + use prelude.Bool use seq.Seq clone CreusotContracts_Std1_Iter_Iterator_Completed_Stub as Completed1 with type self = b @@ -6786,17 +6852,17 @@ module C03StdIterators_MyReverse BB2 { assert { [@expl:type invariant] Inv0.inv old_v }; assume { Resolve0.resolve old_v }; - _12 <- ([#"../03_std_iterators.rs" 101 22 101 27] ([#"../03_std_iterators.rs" 101 26 101 27] [#"../03_std_iterators.rs" 101 26 101 27] (2 : usize)) = ([#"../03_std_iterators.rs" 101 22 101 27] [#"../03_std_iterators.rs" 101 22 101 27] (0 : usize))); + _12 <- ([#"../03_std_iterators.rs" 101 22 101 27] UIntSize.eq ([#"../03_std_iterators.rs" 101 26 101 27] [#"../03_std_iterators.rs" 101 26 101 27] (2 : usize)) ([#"../03_std_iterators.rs" 101 22 101 27] [#"../03_std_iterators.rs" 101 22 101 27] (0 : usize))); assert { [@expl:division by zero] [#"../03_std_iterators.rs" 101 22 101 27] not _12 }; goto BB3 } BB3 { - _16 <- ([#"../03_std_iterators.rs" 101 36 101 41] ([#"../03_std_iterators.rs" 101 40 101 41] [#"../03_std_iterators.rs" 101 40 101 41] (2 : usize)) = ([#"../03_std_iterators.rs" 101 36 101 41] [#"../03_std_iterators.rs" 101 36 101 41] (0 : usize))); + _16 <- ([#"../03_std_iterators.rs" 101 36 101 41] UIntSize.eq ([#"../03_std_iterators.rs" 101 40 101 41] [#"../03_std_iterators.rs" 101 40 101 41] (2 : usize)) ([#"../03_std_iterators.rs" 101 36 101 41] [#"../03_std_iterators.rs" 101 36 101 41] (0 : usize))); assert { [@expl:division by zero] [#"../03_std_iterators.rs" 101 36 101 41] not _16 }; goto BB4 } BB4 { - _8 <- ([#"../03_std_iterators.rs" 101 18 101 42] Zip0.zip ([#"../03_std_iterators.rs" 101 18 101 28] Core_Ops_Range_Range_Type.C_Range ([#"../03_std_iterators.rs" 101 19 101 20] [#"../03_std_iterators.rs" 101 19 101 20] (0 : usize)) ([#"../03_std_iterators.rs" 101 22 101 27] n / ([#"../03_std_iterators.rs" 101 26 101 27] [#"../03_std_iterators.rs" 101 26 101 27] (2 : usize)))) ([#"../03_std_iterators.rs" 101 33 101 41] Core_Ops_Range_Range_Type.C_Range ([#"../03_std_iterators.rs" 101 33 101 34] [#"../03_std_iterators.rs" 101 33 101 34] (0 : usize)) ([#"../03_std_iterators.rs" 101 36 101 41] n / ([#"../03_std_iterators.rs" 101 40 101 41] [#"../03_std_iterators.rs" 101 40 101 41] (2 : usize))))); + _8 <- ([#"../03_std_iterators.rs" 101 18 101 42] Zip0.zip ([#"../03_std_iterators.rs" 101 18 101 28] Core_Ops_Range_Range_Type.C_Range ([#"../03_std_iterators.rs" 101 19 101 20] [#"../03_std_iterators.rs" 101 19 101 20] (0 : usize)) ([#"../03_std_iterators.rs" 101 22 101 27] UIntSize.div n ([#"../03_std_iterators.rs" 101 26 101 27] [#"../03_std_iterators.rs" 101 26 101 27] (2 : usize)))) ([#"../03_std_iterators.rs" 101 33 101 41] Core_Ops_Range_Range_Type.C_Range ([#"../03_std_iterators.rs" 101 33 101 34] [#"../03_std_iterators.rs" 101 33 101 34] (0 : usize)) ([#"../03_std_iterators.rs" 101 36 101 41] UIntSize.div n ([#"../03_std_iterators.rs" 101 40 101 41] [#"../03_std_iterators.rs" 101 40 101 41] (2 : usize))))); goto BB5 } BB5 { @@ -6819,9 +6885,9 @@ module C03StdIterators_MyReverse invariant { [#"../03_std_iterators.rs" 97 4 97 36] Inv1.inv iter }; invariant { [#"../03_std_iterators.rs" 97 4 97 36] Produces0.produces (Ghost.inner iter_old) (Ghost.inner produced) iter }; invariant { [#"../03_std_iterators.rs" 97 16 97 34] UIntSize.to_int n = Seq.length (ShallowModel0.shallow_model slice) }; - invariant { [#"../03_std_iterators.rs" 98 16 98 78] EquivRange0.equiv_range (ShallowModel0.shallow_model slice) (ShallowModel1.shallow_model old_v) (Seq.length (Ghost.inner produced)) (UIntSize.to_int n - Seq.length (Ghost.inner produced)) }; - invariant { [#"../03_std_iterators.rs" 99 16 99 76] EquivReverseRange0.equiv_reverse_range (ShallowModel0.shallow_model slice) (ShallowModel1.shallow_model old_v) 0 (Seq.length (Ghost.inner produced)) (UIntSize.to_int n - 1) }; - invariant { [#"../03_std_iterators.rs" 100 16 100 80] EquivReverseRange0.equiv_reverse_range (ShallowModel0.shallow_model slice) (ShallowModel1.shallow_model old_v) (UIntSize.to_int n - Seq.length (Ghost.inner produced)) (UIntSize.to_int n) (UIntSize.to_int n - 1) }; + invariant { [#"../03_std_iterators.rs" 98 16 98 78] EquivRange0.equiv_range (ShallowModel0.shallow_model slice) (ShallowModel1.shallow_model old_v) (Seq.length (Ghost.inner produced)) (Int.sub (UIntSize.to_int n) (Seq.length (Ghost.inner produced))) }; + invariant { [#"../03_std_iterators.rs" 99 16 99 76] EquivReverseRange0.equiv_reverse_range (ShallowModel0.shallow_model slice) (ShallowModel1.shallow_model old_v) 0 (Seq.length (Ghost.inner produced)) (Int.sub (UIntSize.to_int n) 1) }; + invariant { [#"../03_std_iterators.rs" 100 16 100 80] EquivReverseRange0.equiv_reverse_range (ShallowModel0.shallow_model slice) (ShallowModel1.shallow_model old_v) (Int.sub (UIntSize.to_int n) (Seq.length (Ghost.inner produced))) (UIntSize.to_int n) (Int.sub (UIntSize.to_int n) 1) }; goto BB10 } BB10 { @@ -6868,7 +6934,7 @@ module C03StdIterators_MyReverse _38 <- Borrow.borrow_mut ( * slice); slice <- { slice with current = ( ^ _38) }; assume { Inv2.inv ( ^ _38) }; - _37 <- ([#"../03_std_iterators.rs" 102 8 102 32] Swap0.swap _38 i ([#"../03_std_iterators.rs" 102 22 102 31] ([#"../03_std_iterators.rs" 102 22 102 27] n - j) - ([#"../03_std_iterators.rs" 102 30 102 31] [#"../03_std_iterators.rs" 102 30 102 31] (1 : usize)))); + _37 <- ([#"../03_std_iterators.rs" 102 8 102 32] Swap0.swap _38 i ([#"../03_std_iterators.rs" 102 22 102 31] UIntSize.sub ([#"../03_std_iterators.rs" 102 22 102 27] UIntSize.sub n j) ([#"../03_std_iterators.rs" 102 30 102 31] [#"../03_std_iterators.rs" 102 30 102 31] (1 : usize)))); _38 <- any borrowed (slice t); goto BB17 } diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators/why3session.xml b/creusot/tests/should_succeed/iterators/03_std_iterators/why3session.xml index 26bb87d66f..557df8f7e3 100644 --- a/creusot/tests/should_succeed/iterators/03_std_iterators/why3session.xml +++ b/creusot/tests/should_succeed/iterators/03_std_iterators/why3session.xml @@ -4,194 +4,193 @@ - - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators/why3shapes.gz b/creusot/tests/should_succeed/iterators/03_std_iterators/why3shapes.gz index 0e260772fb5f117b687a124203ae66e8e35a2a1f..8c0d14af77cc7ca6e3ef4466f3780450f125325a 100644 GIT binary patch literal 6342 zcmV;%7&+%3iwFP!00000|Lt5`Zyh(1e%G(i+w3X`z~Y^Y_(2dNw1Dh9>o@Un zHMciNY>YqeZtmV(2YSBpH;>qRfbKbV2G*O)Br9KyB}rAUQKonIcjNmIAA0M*`KEV0 zprZIyRue#JxT|FzusUa1O6yol41|ww-#z|kU|gQ{)S1IlrMyUlv<#W9rt z?)DW9_gr0G`TO{Ack?0kg3WEzy}HWk7V5k<{Kf9icein2AZ2B6eR~`4d&$pd$x9a( z^B6KX&+-$eSGc;D0{Or4?~$06e@Y~U|E7KBD!>okk7H`l`rUB%{&sxWpEgU6oXk}| zH^Q9P#ypItDZdw!1TKvv5$`2jrWW|y_){-gk`MpwrSiS7{#$C~P4@!d=6B7r#QlBu zY8l0$%k#Qi`_!Y;61_~KC4t7%)R_`)Z=N!@><@IbkPNkoeoYckSfoLlUD#Vv+{5+l zo16G}ciSr9@Y_vC!uW@~w{eHG)Fr;|zu?19X{;>8i6Tu@y^xoch&;dW;qL7_WY2k}!kaV5WjTYi zx-^pfl1^U!=$DUEA;mN*(z)b3?-dO&FKF0gqySs$`fBm}_z1EdQCplQzLWHng60=F{TKwm1L<(Fuoi!lOO8?DU;Q71L4(^9dbs4EcY z#`w>Av3M$L8#m+DKwu8)1`i?2Uw!^eW*~spROoWPMEw{LR`!5k^Ib`?|3%1o3>lOo zPn^)$D#U_4AdnjiuV*08PXU2m1A#3FE$n%1v_Ozu4VwfmjU*9aL@JdCrK%mMQ%K>Dss%TH^_m9>o9iA3tH@Wh053`2rGiG zQ&%PkPZ5L+MshV+5M~WVJb@A7421{&LbdYhk7vz{m<(Nj5 zm_{LggfdAnjar~9#Wc&aTE#Td;ZTM$T24@gJqgOx0%bL(Q7b4@O-v)_m`3K92Fb`d zrb!S)lBKw)MZ--@BXvcN2_ZVE1-lAxp-V9X7mcl=za{!4M-$P%#VrKgecZy%g|Q;s zO4BlK+itNnPOUe9fd4q3%EQy}rkDMR#CuAVZtK4qdN zE|h!XlqLMGr%W~Aw#Q2LniW=>ZCJ^|O0%a}p}ns0w%`TlTZl^$ARWN<;0y=ORs)pQTAr^K3_=Te+uOAZfF8OkT^Z-;uzhE#%ynF*%=nzn>a8Kj^% z&EYj!#-aAGx}_Nx>{UYsai9=rNhi8&#gEq{8W)vxlTG7Ia*?aWjo?k7#m(Yr@DzbA zAkYL(?yB1BeZvhkE2U~yN~NAxIiYh|m)f-tt+%!)xx2cxf|UIbdU2xdW#h{epEO?b zJJh^vJ@;g1)SQE%49{hiQ_um&S1H6CO0s(9p?KjnfyCPkP40rUoV@bA)!0ey`FT;b zyQ+=LIcxEc>vy|H|BpzX0G-vwHl1CNvvtA5UmnLR`u-m8?jLp+7!T4HcX4y~@curs z9yiM{jb=T9%+2sC6{xPP0fO@`cP_G>f37;gT4r7cyv;)sUunar%W+*2iW( znc6(NK%M(NE;w%+rCGp+Ky}qT8YD%50;Ynx(P_`9W_FWXCK*PMaLF1SJUj z?hxIA{N+u$h3=S9hP+-_J6#7R7GD^ut>bmh^!_%a zaq1PdH`zw8HIFyv^nkBH4Ji3QUJy?yW>s-bHfY++6?Im-J}nk&qSg6Xzz>zWpdTuo z+a>2n=DG|>%DWsr*n9zjCH^z}b7~@K?UaZVz!Kc3ifJfFMYmebpe{Kh*W9&I1i@RT z(Na&O<(g%Ua0_S?rTlG$+sDB25t07G$-Da)?rz8H$LqV>lkEo!erL8J=ZCb`;>g}~ z>36F1pZOhrDafm^#JHDwPRePy=Jk-qMrv9<`vpFxS*?7}V+t|->wEM)I4+-k^N*)O zUeZkF>WHM-0lF%OtvFGnaC?awzmM0q$k*Ro|1)N)EXnf_??3n?&+d6tXmz(!C*@0g z@hWol{@1^|LZAMH%v$BW@;mvP2qX!1^2AT~cW;;c9%X5NZsM(-q@J_neKsB>J{32E zoWJau0&9F!`~CNchxR|8%-$-U)4BcgvE&~2KOgDGWuFFzqlr0juzC4$Pw#mzUd7ze&piTGWF1F{-(eO6ySfe)rRGXv2z%CcxGt1rh zI3nfG@)eexWGL0s@~BFVtKNucTqc!Qty3fGt1KA=ZCPxW@IPm0sW<|uh)4}{S%Xz{ z1D5arW7FjUSW`d|dOwl0NgtsLH>ZzEC0!)%rj1}5UKGGI+)S++QfnQ+tY@{s?>Z4h zRW-U&;_05jw@WcKxhvnb&wO?NgPe$*E2ZVuryiS@*kw}j57TR3*7D~52h1&&?|(pQ z74^6*APZFPYDutlu9UlcJEEpXxmnVq+%&1~Tzo1e;gSehr6jmKkRHX(7SAcMF6WFy zx;~L}JF=9v)_GE#TP}L!R5dxPqSo#N{V4sMCYLslM_lGGa+R;v#}3S~V+Uq^?7$sA zcHpX$E{MnZh6fzwv8fGGuyK?JUFoVkl7=uuU1vriSwKq0r6S{57VhM$WFuGqN0z zQ5FlJM41?|LA?yONnq|5yXFSeI8fDy6Kce%R+lp1Kp_kcRl=Yxg|*2}65Yq!_iqVs z;wr3DDXhCFfeM>1Q(RD4qyXMes{ouZ$6incB@h49?+@o{*yd&uVQ(&i*(Na$ep8#K zD;cb&B$u*R6-MfGT>eU?^Mi=QMpsm zJa6w*D46e5pp%n&cv`}jNwpBgKk`n6dGVc!AGSJJJwJ1+4r;urQ_8h8HuvoK^Y`pv zd(lpby^D60JYQ17{5M>_D>O2?JbMrCf;_o{M;rl1$qOnx9z5b{IG4FLcTVYQMlN&7 zr;hk?n@^S7d>2&3J1h%2lIDU6YKLV}spLtrY;c5baAaA`ld@3#p<33(Mr`e?rt@gZ z^@42bSV@Yx(qYT9DbITEE^*U=26vN+gKD~J-UXm3=kw;mv1sm@$>yHfQZ8Y0LFn)e zlV>uUkW!mq4qf@Erj>Y@wej6ABmwMIlBjD_N}^1mU1h`eYDsXYmIQmXBqA=_T$yZB zc5}8d-N7uGpR@XOI6QNf3m7Yq!l=g{)O$*HQ__Ujl;7zJC$b1cO2+1 z1zo?hhgY?J*8YsNc)-OqJ(pXpESnxAL$iFopp_Tpc9vv^?=Zdg+F5hUO@ip=?(W_4 z`cEmYKG~X|g;;)^$yB=aupLRflv5Xfe1H8Ro2r8|w%N{nY*#t*ne)T@VUO#2%FHj) z@1(?E%QvtWa1QVrxx8Q>%kY--%k&PM6~`3q<}ES~<-6nDXJHwSQ!bFWAdd z`cFlFX2V z%NgBLbJ*>|eSH6L_ed4Ad}(zTZ{pjd15iBcysrgM=OV~Q6V8X@lTczGzqZ-aH{a}k zNWWdUITYF>{^?Yi6#03?N59^0>87ylI~qB>vl0~YT+aJ!g4s`UcrYgB_Q*!kF74+% zA5GA`ujl-$IJ=xI{Y(P1E)OSO$+RAwPosZ-irQ?^ev?FG#%D)9^`sWxT6CP$;!DO9 zmPcA2_S=;M+dlk#;}j!+0nYgQ(@Ty}u8XsA+YT(F$5-7v&X=-}I4o&r%d{=!Cl=*0 zC$-|w;cxqHKvC%a(nX}hOk2Miw%&4En|d+K^Fr%|{u_VZf8)Qxf8#Ikc~U4tH&_lb zqe8&mVCzt={iKxNxp|~jhnbbU2i*sGu{(Eo$H&}8{?TsZ5zW3pg-6}SivxZTd0hvc zAS$3Vzdn#Ejk%7hYK?XN)#_*W1ijvV0hD%InW(nc2pIz9QUM-(%mk)st}h&r&qns zE2HvqUb&Rnwdu7kiDIp(*53T51TfzK&?)JP(<%F!7fSkNl++Tv&ZPyNOAES`7But* zJY{mfrAEo#>r`53o>!#>&2T7}7HB#5sV9{dOf4ZfyZGK!!DjFXWPU^12q z8H^pB4pAEB#3_glcn8n{>s)6$)9FrivJ)NlcI+gMb{GV3Z=4@Srnw$QC8L;_uxf&E z%5}$8$7RQH3GX;`oOR$jupO8Vh#KG@S?GyTkJ=0p4H;O5gd>DeFcv|N%5Z%uStnd4 zY$r@7bSG3NBoPy$6TB193D$Afaocf&^dL&f{4|-#vC&LSj!H2*=m|zG1}{&Q?Ud;h z%Aqa^^%=rnf1qCG9l1QwVKxLIS=$Z^}!S#F$QG1^nhI}4paW_NC6Cwt8k7hi64L&@MRAMWn)PU(K-IP1ejuQYH%@l#+?|=pdi3(8GSAZ`R( zq|*O>$++@pxFnixWrfhzSwAA0jregHF9-vZWai6AhsfoPwH~o=qHoRNgLO_ZP^02# zV^MU(XOt-6G_FLXE{74ZB^XXy@@W4(?ukuYxj2l|z-2rIPUw!45tV^pnQ)nanUEQw zIg?ZMTm>^Sw0A*EEfHb77`;NL8ozeXT92ok@SR8@C3q}fx(M*FF zof|Ae4-0>y$w$8qe@cxW{*cU%Qdzt&BcjkuQ2l;j5+hj^xnyIs2K`ZVJq3?hME#}3 zv_YA`@bi$~X$H>W(L|(W7&ZvTbtC2%7Zu$k#REgNGA|MH(Vqu{o?}2)D#YlLsG80s zlEaV@l=+h4g0*o7V&tQd7!^wm0SzUF?ATx>21=s-end7wYW%FwyHb;u=tQ7HEWA+0 zIjK2@D}WvlXi_usKtCwA;rAl{$c@GTPmh4{yBSA4DLqV+K;J~8OT~)(`uDsCbgGzO z!Uu_gqPCM3nq!C*B{M^W5y~FS?|mQWsNpU!xZwkOZaz2+Ii(xD40yH>{K`J;A7L*8 zI$eY09)pjGGF5D{7&R&*rYOMkx)=9H*^luO<4ugg&1j7n@Qq-H_k#^VFlUCmAB=zg zKznin3)%$qi-n5#YCM`TX@edj3o-bVY5|K2Fz5q}`oK_f6G>v=2ZpwbtTFZj4E_M4 zzu)OLF$9`0j$<);#nB>27t#NA!I>!0Y4bT6!XOtg$^}blSLBoS{)gT-#`kK(zkJjx z1_Kxb^3g?@3`aOcGzClfYNUfP{(s{B(H#RyW=|O12&SDiaRg+7PLQhV!NfSB4<5PlK6)qO zG+9^lW$>^5s8gHb*?~@sA_27&)7K6{oSTIw-Z#JtAzN+s?Drp=A zhLj`lFb2hR;20nefG#QGq_XCe(^Nn`0spGItq*LO_Kve5QqtW-&0N$zOj3qHC|7i+ zzUuFYBT6-7bU3((aWW&DP>-Vule0361J^}=`l}9~h>?v8ROex07~Ftgtqg&R4j#j@ z;6M}|ny-5Ns>go|o*1j`C>JP3p#^pKu4MhIWfb+ zB+!x8UT~wR@?Ugmzv}XNUHWkxF~$WZf}YF}JR7<2$^!SJ7=z5Z9O6NWPbfr@gh+==h#lton&SkNOx1bRFz7_uP)@te_WhD{>8tGkLMra!{hD# z{=d%k`Ne;pJ^kI^-hb%Xb!kBlwaI&aedfP<@DQinWBhxsk4gc(Cf47@ zr`6ovAh9w2u)EuTcN^&W#(#yKN622{3kKGk>m({)jU_=yMXUwqNK z9#BvGCTj_xG~CTH4_KYEETwgH+1r!k5iz@5L#N z0KV)S9PYWgzVQ$7aewzA_JYlARK2>%+7{}vHvHA@Py740Fp#n`xV^uR5544F_q}9EEc~~Z%J;(hFR78=wHJ;|WqFqDa@hhnibL0z zb-DJbN2euvnN*BQ>NItxgs(SGnOpW7vM3}&t)fjbHiC`0#xiD@$>rNE1~r{UXUF?*rwViTv+D^H_#l=o}{yK#U*bNo=3>DdPUa9cL2DvOYNUKXD$uG(B z@?Kx|q(X{mR3y9PJijZ#F66I()Pd-bh)?lh_iq3Abk<*;Py2`S$Gh7QQ}>Lb;u*A- z&!e>@w9YcacBp`xJWU-@cuoG03=}jaFs*=Q7R<9JP~RQphe&$_^$A>8uumPdGqL*! z<+4W+kTaUB2FoUJE3gLIsDOAc5tj=Vfvk-d=|R*<&FZvNtSIUV|GI(vSuGZgvbOPE z+#3GPQPrRgvb^c@E}7vUTBOj$yhPm#=u8gaf3vNmINT6&9zzDj;)xSttwIlQ0RM6W z@cLQ!*K7E<#T^TKSsN|<=di*iIZGo6LY^VRKhN+F1^%JnH^IMNKzfbk5?c6|Gp48I zCVPPtTu8I_7zF=j1^=+XzhsLeNbrwjs8!TzGyFS(f7`;p+rYnl;iD!?urvJY2L5#m z|FT33LRH{FAF_gfaSZ-N3;&j|T`cggGK$MB{EGtrf))RO9-zWMr@u-+(B#r)#StX$ zfFQntf4u>2d)iLPcbJOIriFhF8!GAifG|q6&vL0vNjT=s}u0wI0vMZ;a_A& zutt5{)zn?V|3eHJ`cL9LJdgK4cn?SMz6P_g|8|S*{P?_!gLwsNx7|zlFBbP8 zmy|>;DT!XP2D5P*Z{I(?>@+T_+n8r>+y>g%QO7aQZym=Q)Wsn^Ske17btQW69K8&M zALMGVc$c*!;>i)AkD;WXxGJd8ABfiL$U3Q6o!!%lqN$F^G>*ug_V`G^z2x#~PJ!&T z?`pL}yPQ)X9@r}GUX#LjYX()-fa-=}qIHtM;tX-qKDEf{3b-{Qe%lJkdxifM5!J>o zDqbX0B-sWtgqUZgv>^k$Nh z8MSz?l*}y8YL(1LheO$$(Q@);*ps}OTD)1cPqp%9s!3+#oXp6a%pe&#Co{Asa?co9 z^5E6TRO8+bILThK%t^BiCs{aY_8ccf>Y8Q?UL1Yv<5J>B2AZ6EjWnwN!kxMMM|{|~ z5JZN9Sw^o)c}Uf~qn3-xGcV83V4BG57Gg+g6=~N%TbIQ;xejun_^Ax3hdeE!ZlBWa zG;o0f7pnoPWi8J)ixG`HApSA+k&+WE+eREf7exrpG8i|&ojotFJ+m*aRGJDC z%qd0N=W^j`#SCOccUcL`#i1@GCXw=x^fFXMI(!}KEia^!tC*Q^%Ae_#Fgk;j6Q?=6 zmdH5N9#&sz_6_!?AwzLaCeV^jblHj@ucb3CD(R+%#+!;FS4$wln?#G7CD!060bM*n zlQ_AXirR+xk5 z*HZ)Xuq6bqCe$qAuUK@^vyc*8*JpsYeS-HMJlKe3#LcWsct7f5-X_zGX>Xr1HWi^dyK9_zam9?qNwisSmJmZI4 zU_vbjqn|0Zndg%)L&;Z3L$^aYgxO{`wJv3k@`K(UDTi5fGHo@?_9+;2$H*3!U-qtA zjg^$vuJQ$zz#eiYaZ?IZwfI>anX8V>R7aNcs)J1A$f?PSnX2wfRVs8yL@nIIkgFXI zKQ-u#@+|u?YC_UV`t<&-e}`SWLU+t=C8cHSVC%@lnxa*3<8{vT{ywB}>J_y&fg#vh zxSNZ3z}H?3sO&&t4^Jg!RUMgZ+-Eaa)LHHNv{2`mAw%xDbcV?Sten@LAjvP#vey2+Rh2P;$ zL0*L=CcD&gR;=ZgS0jy$)Uc-UePsU}1D zffB7j(9`^7zfF(XB2=wREB^J@*$V+)a!lQrRqDRLNC^ za#~s*RVi)N8xT#%r1GkDEo6OTB|AY|7TYD?&t+LU7J+nXNDXscvr`NMmgE4F(d7YH zb95r~VFhVZH^LBZt{at;bCIH(Hf3#iQP$FMGY47AdazA$*M%oKMx&b}o~{#oxg46N zDCMj6nXj&SQ0$N^qqN-m)ML{UyG$x!Vfxz3THajqfVsu;H4jLwq7|0~WP#4NS`uts z8Raftf~dt%ZkA#wH%(nTpEi}F-%{{cl^(b}QVhk;){RpYUCxzw@;1;S+xqX_wCZEavqSsR$OwShZrZQyEbE{MnFh6kMF zu{jK+9OEPpy0BGwBn@F=x~_ym0zN9br6;QNUDsO!Vtc=%+!Cl1`D*+jVh`c=|M>gw zVmgFMBq5MC|G2yWn$%KsdH;6zK=WV58@T}-`BM<5=F6_BC$gM}QMC%7B$t?|LA~m> zDO4UFY|Ra*>7S~JCe%bztu9}{kwY&ycIpM~u~%EvB+-4mfB%;JOk8DiDrIw5B|l;F zrHLy#1Sx**`&HUauEt)`c}X7rzCRpJCtsWUN91wyftPLS@ZdLR(RA~I)ym^?#8qXH zI$cjdFJ{mcUMA<59pYvp!LTU~Gapzacd6Iz^2i+ujDqqVia8uAcPN_Y?HvjQ^BoEd zZBh?UOZYOWo_Fw{d56Nh`VPf6TOF*PU${F5HA~g0vRWFO+jRWp+jOwKPN&4db-GHP zFBM?^3$EA|8riwLc-!uZ;`L7YT;=(ecjD{Qo4zezp;GI!j~(1s$AK- zq7%F0qG0rBuITjaxF~9Syjgju_K@?mDD%Y+Rl#+Ei7muxvPo0!5@fVvr5xr;hb_;h zJnMtY!c7Na?xqL_6}@W31)w>-=go~`(OfB$&6Tp{WQ5IUKgX|=yin4FRMP}=?0!c@ zSK?vT_;@{uje#qc-bjG%_nGJPS51%=IdBAf$VdfU;Hzx6?at-W7z5#wAj~Cxz8D4XJ zoxb5^g>P?3J*RPaQQV)PkK>F_DII>M)=#|Ni|=t-?)ZHZXx=<_89kw$7$=sSNdn7~> zhTB55bx1JJT+DA<3Z=`MX*ZNlcN``N)mA4UnIQ?6tF`4kVYdqp@%`ieiB8Az9n@XC zi*HX3K#8C8do3PwKH&J-gtKvc6iV#puWjDxi!TmL?IQ@cx$Dpn|9GlQiu^R%x3r(uKAP0}P|x{iHM?99{X_z^Ar2>A z30hCir_sMYM{P#5UnCL1_#CRIp48%7M8`?3f5|?D<&icF{&E$pwhw>Z#)qIQkL?DtRpJySFXQt&tNovI(!e0)ZdQs8g(nW}wPa6!wHpFcYk6!Jo zd7<^n;ETT;eDR+UeDN29mXy}e1(Tz!s9=9ExWq$kn3IYyU(tf&d@3T+&j4NT>S|cHEJyO;`>0a^}#_do2A=+ zn_fdR(#)c(h(D9r=Gzd9lwPX? z!m9Gtd~VtD5j7R(mflmct!5qnK@!c{+>b)E!Jbigf^!amH$?lPUD<8(nkQAsW8%`KpN{;9?C?@3(w zJqhaFc`B5CNsaoek91VgJiE5CuPhFg-;=oBFi$-u9R?V-OsfCK1-AM%go67lYP9vvC|ao6I?g4tNL90qb06JJab-b+Qv3_IB*djow%l znU35T2O$_KqZ+IqM?bmf&bjWm>bUGUF5w-Aj9>bI&M2|ke&_$k47>U!#GaP z7;TM~(FExRqhUH%wo|54D2M8l?3Cyf?-X>3b<%axcG7fGcM@M(c2abbcaj7Z(s~dM zsblWSlyRd$$(dqIssNFnYt|`u=3rzoTE{h@S_YiLtyIbfHBE8w@f;ZHf}vtvXYg;+ z8QmGx8QB@p8QvM_4C}Nb!G_U?#7?IF#7AT5?ZB8bz=P9~p_MWP zoMS^-E)7rb=%90~vuLokv!=7Uv+5&@Vf8fN-tnWDr14Q3K8|6u0~i;KVmyf$ei z0K%bVnP5;Kv{mh7_~fTBMvuGK`m6`}X=U&#N_y#OauaR^{QgGhIDsA!CjrJJgZkuR zjNBT0V+Ee!PIFugQy8Yv+fh!qL1Pj_{~D4Yf5a7qpddq#Cg{Nmka`r_dp!x4BypXy zoim?GhQPE}a?}XFlSTef2McUclZgV6z#-%y;4(x_hTzU{5hHkKpIEBMP%k3`4$+zz zg_2HMHekvloPb!Q(!aiBqsFf`hAAk`nUOH~!3jhZspO<2AB$w>w~@}t!3#jM1}>v_ zL84td&7Cybsi>xNz^OoPI{9f_iJrPF9ik2Br-T~NDuWjxI5>70{)CsOE?fxI&MWI(43 zg8Gm=`ei`J4Ct8w;{w3I0N?5WSx08g$OmbS3NDTVP;?@3XED#YNqY#;`vbcFU&v}? zN-!48;1ntejZ$Mw;1R+2peD40bC5I}>0!(P7<7CDo=)SZh!~3aiA#%-La@y6$l1uI z2rM8^Tq`LiLLL}#0EQeNSq3HSs4!BP2B`;wQ0+}*faZ_iQA}YfG9Vp{ezFXoRGw)> zDHMyNju=jjgW!nd5zQ0SD5cd!9`|d?WH}~!b_{wn3b!AIRN4kiB?rSX)Uo0mFiJ$B ze{H#>iF{PJD+9E*O-}eJ!>9rqC!xiNEpSG#bl{Ug%++M-PZU~VF!A0bRQ7ZaYK91@){ zv}O*nXzI5T56obqVR8z5{h%==4~7DJ7r-LKV6=kn0{duz^KVRYK!$-uXGdc&7sTKa(A)X-QogFxBxRQFjQDXl9+Vi3*#ST zjd>Sf;suy_{mx#Gi#S?4X~i&;R1?z%5M}kq8Gb+Jbk0C9u|zz;KUC^OKIxtRCEwRf zW3W9bgy{<}B5Qkq+k5|3>f4q~lU5HARf_hKUVQVi1Y|uh8`) z=BMbGGt9LaE@1-yU^309kILo9!yylcJRI_H$ity54rOu3z#%8c{vGtBG^V5i?Lp&~ zaDn4?zt|miOcjno|s2(FFM&x3$d>SooFq6ujoH_hsKdTG9 zyT#me)LzITjDkfYjGk1gT924Rq+&Iv;@M}F&ECm}VPFgRA;;pLO_5LKzfB zz1|sg7tGSRvZo*=aMUCnk`x`<&pLdjg6@QyBp Resolve0.resolve (Seq.get s i)) /\ Completed0.completed i /\ ^ i = C04Skip_Skip_Type.skip_iter ( ^ self)) + [#"../04_skip.rs" 23 8 31 9] UIntSize.to_int (C04Skip_Skip_Type.skip_n ( ^ self)) = 0 /\ (exists i : borrowed i . exists s : Seq.seq Item0.item . Inv0.inv i /\ Inv1.inv s /\ Int.le (Seq.length s) (UIntSize.to_int (C04Skip_Skip_Type.skip_n ( * self))) /\ Produces0.produces (C04Skip_Skip_Type.skip_iter ( * self)) s ( * i) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length s) -> Resolve0.resolve (Seq.get s i)) /\ Completed0.completed i /\ ^ i = C04Skip_Skip_Type.skip_iter ( ^ self)) val completed [#"../04_skip.rs" 22 4 22 35] (self : borrowed (C04Skip_Skip_Type.t_skip i)) : bool ensures { result = completed self } @@ -295,6 +296,7 @@ end module C04Skip_Impl0_Produces type i use seq.Seq + use prelude.Bool use prelude.UIntSize use prelude.Int clone C04Skip_Common_Iterator_Item_Type as Item0 with @@ -311,7 +313,7 @@ module C04Skip_Impl0_Produces predicate produces [#"../04_skip.rs" 36 4 36 64] (self : C04Skip_Skip_Type.t_skip i) (visited : Seq.seq Item0.item) (o : C04Skip_Skip_Type.t_skip i) = - [#"../04_skip.rs" 37 8 44 9] visited = Seq.empty /\ self = o \/ UIntSize.to_int (C04Skip_Skip_Type.skip_n o) = 0 /\ Seq.length visited > 0 /\ (exists s : Seq.seq Item0.item . Inv0.inv s /\ Seq.length s = UIntSize.to_int (C04Skip_Skip_Type.skip_n self) /\ Produces0.produces (C04Skip_Skip_Type.skip_iter self) (Seq.(++) s visited) (C04Skip_Skip_Type.skip_iter o) /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Resolve0.resolve (Seq.get s i))) + [#"../04_skip.rs" 37 8 44 9] visited = Seq.empty /\ self = o \/ UIntSize.to_int (C04Skip_Skip_Type.skip_n o) = 0 /\ Int.gt (Seq.length visited) 0 /\ (exists s : Seq.seq Item0.item . Inv0.inv s /\ Seq.length s = UIntSize.to_int (C04Skip_Skip_Type.skip_n self) /\ Produces0.produces (C04Skip_Skip_Type.skip_iter self) (Seq.(++) s visited) (C04Skip_Skip_Type.skip_iter o) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length s) -> Resolve0.resolve (Seq.get s i))) val produces [#"../04_skip.rs" 36 4 36 64] (self : C04Skip_Skip_Type.t_skip i) (visited : Seq.seq Item0.item) (o : C04Skip_Skip_Type.t_skip i) : bool ensures { result = produces self visited o } @@ -590,6 +592,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -645,6 +648,7 @@ end module Core_Mem_Take_Interface type t use prelude.Borrow + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = t clone CreusotContracts_Std1_Default_Default_IsDefault_Stub as IsDefault0 with @@ -738,6 +742,7 @@ module C04Skip_Impl0_Next use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool clone C04Skip_Common_Iterator_Item_Type as Item0 with type self = i use seq.Seq @@ -912,9 +917,9 @@ module C04Skip_Impl0_Next goto BB4 } BB4 { - invariant { [#"../04_skip.rs" 67 20 67 53] Seq.length (Ghost.inner skipped) + UIntSize.to_int n = UIntSize.to_int (C04Skip_Skip_Type.skip_n ( * Ghost.inner old_self)) }; + invariant { [#"../04_skip.rs" 67 20 67 53] Int.add (Seq.length (Ghost.inner skipped)) (UIntSize.to_int n) = UIntSize.to_int (C04Skip_Skip_Type.skip_n ( * Ghost.inner old_self)) }; invariant { [#"../04_skip.rs" 67 8 67 55] Produces0.produces (C04Skip_Skip_Type.skip_iter ( * Ghost.inner old_self)) (Ghost.inner skipped) (C04Skip_Skip_Type.skip_iter ( * self)) }; - invariant { [#"../04_skip.rs" 67 8 67 55] forall i : int . 0 <= i /\ i < Seq.length (Ghost.inner skipped) -> Resolve3.resolve (IndexLogic0.index_logic skipped i) }; + invariant { [#"../04_skip.rs" 67 8 67 55] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (Ghost.inner skipped)) -> Resolve3.resolve (IndexLogic0.index_logic skipped i) }; invariant { [#"../04_skip.rs" 70 20 70 35] UIntSize.to_int (C04Skip_Skip_Type.skip_n ( * self)) = 0 }; invariant { [#"../04_skip.rs" 71 20 71 29] Inv2.inv self }; goto BB5 @@ -928,7 +933,7 @@ module C04Skip_Impl0_Next goto BB6 } BB6 { - switch ([#"../04_skip.rs" 74 15 74 21] n = ([#"../04_skip.rs" 74 20 74 21] [#"../04_skip.rs" 74 20 74 21] (0 : usize))) + switch ([#"../04_skip.rs" 74 15 74 21] UIntSize.eq n ([#"../04_skip.rs" 74 20 74 21] [#"../04_skip.rs" 74 20 74 21] (0 : usize))) | False -> goto BB8 | True -> goto BB7 end @@ -971,7 +976,7 @@ module C04Skip_Impl0_Next _25 <- any Ghost.ghost_ty (Seq.seq Item0.item); assert { [@expl:type invariant] Inv1.inv skipped }; assume { Resolve2.resolve skipped }; - n <- ([#"../04_skip.rs" 79 16 79 22] n - ([#"../04_skip.rs" 79 21 79 22] [#"../04_skip.rs" 79 21 79 22] (1 : usize))); + n <- ([#"../04_skip.rs" 79 16 79 22] UIntSize.sub n ([#"../04_skip.rs" 79 21 79 22] [#"../04_skip.rs" 79 21 79 22] (1 : usize))); goto BB13 } BB13 { @@ -991,6 +996,7 @@ end module C04Skip_Impl0 type i use seq.Seq + use prelude.Bool use prelude.Borrow clone CreusotContracts_Invariant_Inv_Interface as Inv4 with type t = borrowed i diff --git a/creusot/tests/should_succeed/iterators/04_skip/why3session.xml b/creusot/tests/should_succeed/iterators/04_skip/why3session.xml index f26037cfc2..cce829515b 100644 --- a/creusot/tests/should_succeed/iterators/04_skip/why3session.xml +++ b/creusot/tests/should_succeed/iterators/04_skip/why3session.xml @@ -8,32 +8,32 @@ - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/iterators/04_skip/why3shapes.gz b/creusot/tests/should_succeed/iterators/04_skip/why3shapes.gz index 32edf15292bc7d3eafac607f6b125692e98915f3..2f59a2570275da5828d37dd52f1e60e22a855dc6 100644 GIT binary patch literal 1030 zcmV+h1o`_PiwFP!00000|D{z+Z{s!)zWZ1Bwr%#p8NLhTU>GrEV9`qp9&1n%l{MCp z99c=W|GqKw+TYe{efR5Xc=pHk)v;YZ zfrH)3pZl(Uslvsf|NPl;C!N}le(3>DCQ)ROClU8^q)0(?CQ2igskIMJ=izUsQ>>m4 zpfd|Ma5nqdeX`o!%5B$8*RLm^Lm!&cA~QtL7!jn@GNVjrGgyddqX-L-JO#~}BJ3q- zmBCDO%(Urupa}vn2k3xj;J`PTVccX5Od6IocC$zVkm8p*J7$F+IT(81Ual141dK=g z=_n%q=_s9?j%qGK-xT3YtidJ}`{W7}XD}&PQrIk;C3$R$ol}nZmoEXH8O=0N$}3>w z;EI^y2y!X|^k(a;?&*9AL#Q1nzdiikwPB{o-$m`^*gld=*E%r%ujKbf_Y@pu*l+1- zvf|C(lgbI|LLV;O=`}cRHi;5$-pJs0{&Wfd>gNCKUxE|V(tEm((%#?umt#99@rmw^ zW5uF1KA&f=FFrh9ZGt&&A2z8_ZkL79n928*QlX@r3l&I(j&7;YDVG}67?QKRS&1DL5ZcOx(nH zKXeBoA;q<0P&E??tQ@B~q|f0r(8HfX`#5|hdmDPPY)DZtGVJEDSc1up zV6PGHphhgduHWa)_^1)@kzO-CT;bAINE2(u1ChggOP|sBDbH@)p^jFx4$VUzag3kL zAYjfKWEpwx_Su}du zdTsbVES8AOJ7l@Kuex0xrt}vOar2Fq!}vd3EjP(WEAyrE){n{=eifALmFY zc}B@2%4IFIiB;U5`;U|hg5pot>4mJL!^A-T+o&w-ESoIfWdA>TcJW%REQSVDEhO@Q zz>KzD*2;=HFm9E_wJKyG3SM9V1zQ1@wN*xG23pugfGmZ*A^JmNHb{4rm0H4Mp>Y^jnVX{(^?Q@qf1$1 z!=zMY!;DmdHw}z2>Ncig#`9oGlvpDZ!7xxNu#!j=L91qr(YG=G0Hw=`oazYx00eXX Avj6}9 literal 1015 zcmV|fucFc*D;k-*<10 zZORH9Y!?3I*f*~so*er7d&ix0YCFW`A8;~nMcMMa#qER?88k5wjhItwAD>^&|2Uno zdQ^bU%)-Fg5@)yBYc~tGUbg*lImYacu|3R~A&JJMAXCetGOI0OA*oGUn2F>WG%+RF zbJ41Z8Ot%1P2Y$n3BVkn173s!UzG~us#svOuwt>R83{nf&uw;Kh3{){KKkx-DIt!+ zc+#JjBGo@HrIX`QO-bmhB%Db(*sNlkLt(5Lj0Tnsw(QNkcx=Q@l!N~HOMsV(mNF6L zMX+&jQA{|JoYMfkTKmvHzZ~K@HV%|u@BZk!IF-rYCF^P5JyA&CIWYdO9QSAc933%i z*X#YdErxghKqe=s3&(is4{yBVdIG5f41CRm)u{|V<@F()__UCvU0tWjCE(;W6?g{VD{f-jNxNZQ2sZcZ+%Z-$+*%8wuIe8w$SUL6c-xWw>ktQEe&R z6th{S`B>*JEBvU-3V+yT&7D@M%UWIcLyuk7>gQb+{DPQ!$6K$9-_Em3M3y^besy1L zn=*3wD7bY5-$3y1lbBdg>^B~L2nxzJ6l((SqZ z$T%xy`sg}6+v^lCR-k-sRN3pYH)Vgt{(pEj>2I+xR;oZJxMht1U_KZS(sCvO3usNV zRF$km#Vf3!VvE2`YqV&j#a4w{qqi-Wf(6<$2yzKf0V9B|Or;56J!8!4x^1z8eh+9_U0ch%k;2xEh$1wN=M9g{AlOzdk+fiiP$8?pR$wa76{rei1)>68 zL6#bYjy7V$o5aMB)x_uPmg^>BYy1*rh2k0`Lt}-(C?rFUHP#Y?6;U=;vPMZYVAM6H l#zq*U0<$61u{N#X%A@3#s;V`F0i&-m{{rVZSK8_c001}y^j81? diff --git a/creusot/tests/should_succeed/iterators/05_map.mlcfg b/creusot/tests/should_succeed/iterators/05_map.mlcfg index 593d44f5e7..84ff8d408c 100644 --- a/creusot/tests/should_succeed/iterators/05_map.mlcfg +++ b/creusot/tests/should_succeed/iterators/05_map.mlcfg @@ -57,6 +57,7 @@ module C05Map_Impl0_Completed type b type f use prelude.Borrow + use prelude.Bool clone C05Map_Common_Iterator_Completed_Stub as Completed0 with type self = i use C05Map_Map_Type as C05Map_Map_Type @@ -222,8 +223,9 @@ module C05Map_Impl0_Produces type b type f use seq.Seq - use prelude.Borrow use prelude.Int + use prelude.Bool + use prelude.Borrow use seq.Seq clone C05Map_Common_Iterator_Item_Type as Item0 with type self = i @@ -248,11 +250,11 @@ module C05Map_Impl0_Produces predicate produces [@inline:trivial] [#"../05_map.rs" 41 4 41 67] (self : C05Map_Map_Type.t_map i b f) (visited : Seq.seq b) (succ : C05Map_Map_Type.t_map i b f) = - [#"../05_map.rs" 42 8 53 9] Unnest0.unnest (C05Map_Map_Type.map_func self) (C05Map_Map_Type.map_func succ) /\ (exists s : Seq.seq Item0.item . Inv0.inv s /\ Seq.length s = Seq.length visited /\ Produces0.produces (C05Map_Map_Type.map_iter self) s (C05Map_Map_Type.map_iter succ) /\ (exists fs : Seq.seq (borrowed f) . Inv1.inv fs /\ Seq.length fs = Seq.length visited /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> ^ Seq.get fs (i - 1) = * Seq.get fs i) /\ (if Seq.length visited = 0 then + [#"../05_map.rs" 42 8 53 9] Unnest0.unnest (C05Map_Map_Type.map_func self) (C05Map_Map_Type.map_func succ) /\ (exists s : Seq.seq Item0.item . Inv0.inv s /\ Seq.length s = Seq.length visited /\ Produces0.produces (C05Map_Map_Type.map_iter self) s (C05Map_Map_Type.map_iter succ) /\ (exists fs : Seq.seq (borrowed f) . Inv1.inv fs /\ Seq.length fs = Seq.length visited /\ (forall i : int . Int.le 1 i /\ Int.lt i (Seq.length fs) -> ^ Seq.get fs (Int.sub i 1) = * Seq.get fs i) /\ (if Seq.length visited = 0 then C05Map_Map_Type.map_func self = C05Map_Map_Type.map_func succ else - * Seq.get fs 0 = C05Map_Map_Type.map_func self /\ ^ Seq.get fs (Seq.length visited - 1) = C05Map_Map_Type.map_func succ - ) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Unnest0.unnest (C05Map_Map_Type.map_func self) ( * Seq.get fs i) /\ Precondition0.precondition ( * Seq.get fs i) (Seq.get s i) /\ PostconditionMut0.postcondition_mut (Seq.get fs i) (Seq.get s i) (Seq.get visited i)))) + * Seq.get fs 0 = C05Map_Map_Type.map_func self /\ ^ Seq.get fs (Int.sub (Seq.length visited) 1) = C05Map_Map_Type.map_func succ + ) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length visited) -> Unnest0.unnest (C05Map_Map_Type.map_func self) ( * Seq.get fs i) /\ Precondition0.precondition ( * Seq.get fs i) (Seq.get s i) /\ PostconditionMut0.postcondition_mut (Seq.get fs i) (Seq.get s i) (Seq.get visited i)))) val produces [@inline:trivial] [#"../05_map.rs" 41 4 41 67] (self : C05Map_Map_Type.t_map i b f) (visited : Seq.seq b) (succ : C05Map_Map_Type.t_map i b f) : bool ensures { result = produces self visited succ } @@ -368,6 +370,7 @@ module C05Map_Impl1_Reinitialize type b type f use prelude.Borrow + use prelude.Bool clone C05Map_Impl1_Preservation_Stub as Preservation0 with type i = i, type b = b, @@ -409,6 +412,7 @@ module C05Map_Impl2_Invariant type i type b type f + use prelude.Bool clone C05Map_Impl1_NextPrecondition_Stub as NextPrecondition0 with type i = i, type b = b, @@ -682,6 +686,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce_Stub type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -709,6 +714,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce_Interface type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -744,6 +750,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -1458,6 +1465,7 @@ module C05Map_Impl1_ProducesOne_Stub type b type f use seq.Seq + use prelude.Bool use C05Map_Map_Type as C05Map_Map_Type clone C05Map_Impl0_Produces_Stub as Produces0 with type i = i, @@ -1475,6 +1483,7 @@ module C05Map_Impl1_ProducesOne_Interface type b type f use seq.Seq + use prelude.Bool use C05Map_Map_Type as C05Map_Map_Type clone C05Map_Impl0_Produces_Stub as Produces0 with type i = i, @@ -1500,6 +1509,7 @@ module C05Map_Impl1_ProducesOne type b type f use seq.Seq + use prelude.Bool use prelude.Borrow clone C05Map_Common_Iterator_Item_Type as Item0 with type self = i @@ -1544,6 +1554,7 @@ module C05Map_Impl1_ProducesOne_Impl type b type f use seq.Seq + use prelude.Bool use prelude.Borrow clone CreusotContracts_Invariant_Inv_Interface as Inv10 with type t = borrowed i @@ -1778,6 +1789,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -1815,6 +1827,7 @@ module C05Map_Impl1_ProducesOneInvariant_Stub type f use seq.Seq use prelude.Borrow + use prelude.Bool clone C05Map_Common_Iterator_Item_Type as Item0 with type self = i clone C05Map_Impl1_NextPrecondition_Stub as NextPrecondition0 with @@ -1852,6 +1865,7 @@ module C05Map_Impl1_ProducesOneInvariant_Interface type f use seq.Seq use prelude.Borrow + use prelude.Bool clone C05Map_Common_Iterator_Item_Type as Item0 with type self = i clone C05Map_Impl1_NextPrecondition_Stub as NextPrecondition0 with @@ -1903,6 +1917,7 @@ module C05Map_Impl1_ProducesOneInvariant type f use seq.Seq use prelude.Borrow + use prelude.Bool clone C05Map_Common_Iterator_Item_Type as Item0 with type self = i use seq.Seq @@ -1957,6 +1972,7 @@ module C05Map_Impl1_ProducesOneInvariant_Impl type f use seq.Seq use prelude.Borrow + use prelude.Bool clone CreusotContracts_Invariant_Inv_Interface as Inv8 with type t = borrowed i clone TyInv_Trivial as TyInv_Trivial7 with @@ -2627,6 +2643,7 @@ module C05Map_Map_Interface type b type f use seq.Seq + use prelude.Bool use C05Map_Map_Type as C05Map_Map_Type clone CreusotContracts_Invariant_Inv_Stub as Inv3 with type t = C05Map_Map_Type.t_map i b f @@ -2667,6 +2684,7 @@ module C05Map_Map type b type f use seq.Seq + use prelude.Bool use prelude.Borrow clone C05Map_Common_Iterator_Item_Type as Item0 with type self = i @@ -2888,6 +2906,7 @@ module C05Map_Impl0 type b type f use seq.Seq + use prelude.Bool use prelude.Borrow clone CreusotContracts_Invariant_Inv_Interface as Inv11 with type t = borrowed i diff --git a/creusot/tests/should_succeed/iterators/05_map/why3session.xml b/creusot/tests/should_succeed/iterators/05_map/why3session.xml index ccf52ff007..164348dcfd 100644 --- a/creusot/tests/should_succeed/iterators/05_map/why3session.xml +++ b/creusot/tests/should_succeed/iterators/05_map/why3session.xml @@ -2,9 +2,8 @@ - + - @@ -16,10 +15,10 @@ - + - + @@ -64,7 +63,7 @@ - + @@ -73,10 +72,10 @@ - + - + @@ -144,7 +143,7 @@ - + @@ -159,13 +158,13 @@ - + - + - + @@ -182,13 +181,13 @@ - + - + @@ -200,13 +199,13 @@ - + - + @@ -224,7 +223,7 @@ - + diff --git a/creusot/tests/should_succeed/iterators/05_map/why3shapes.gz b/creusot/tests/should_succeed/iterators/05_map/why3shapes.gz index cf695af0244787e0772ea0f4773c86827e17fe15..9445b40a8db68c30b6376e07980957643d27a238 100644 GIT binary patch literal 5868 zcmVz3S-?CIHGzaL&CSj8&KFKIfq9hM3N6NyB=keNW~-(Ful{OUi94;P=t`-hvm+yA)G z7q9>QmA|?Dv}af8llGJwe9v=3>_u+Kz03`@SGl40IycPT$GJmNYtsWb#S zuQP8bGG}X`+jF+(SnEO*=UYT^o*^?)cp_Jb;{3AA%c;!ES)JEm-jBDp;{!0DUzPr) zA!`G?tbj7TZ-&VRi^l&tM$i3`CKHLTJm9X#L)^ zZZG_-n?z!&6}Bz1rPCZ{8MY|M0P2!3AoNCJif)fwi-}+2#WJSIF4zV6MF| zm|>ySWLixbhQ357q3dclV~c~=i%CvJsLS1K;hbsL<#H?e zx!g>iE;o~}%gyBNax?k6+)N%XHs?E!4^J3HHMfNdA=F9b=WtN_5nOy&#tvb1$Z97ZuB)3dy z6+7c@)6NbCoVK$Bm~JcQ-3CXR&k7d`dAoJQAe$|kq#BRi*dFNQGuRVR~ z=|k-aXYH~|`lp{@Z4gy*5bsi2(}=CSZ5~1Ewifsq_(&D-0_L?=h`H|=ca*cg!RMpD zIRamFXTcCP;AU2!rT=C+nyf@)3L^;#49dH9O->^f1-&(P8-qg$nZ|&S3J(OV!SvIoY>B@HU^$a zw)p1CR-zKCe2YI_MgabH;glJX;w)Jgh?be?nhhnj%yN*ctZPF7bK=D>|6=`%v3@fa z-`J*hpWX0w>&^0%NJXS~UciAg<+e1}W6lUt9P#8xka8tR@g;&3-$Rfh3sNnD1koxJ zt!9adDoC{w2*gTXUZ?Kh-j7ct`drz@w!tPuWb^9&BVFjusLf!pF%#} z-oC-o`ZJdHBpZ98bv-fr`0jS~Ig9F_U{S3tZE>)TaZd;h^V{6grPVk|yDhr)m@`f? z0%pG0Q%=&Z1Zcj*Nt*BBBuy5kTZ9RsbH*;*%yCnN=~lutr<|lYnp>0pf7fuR)%grvr{{hbSQ21wD?q`JmG{^fH;eRLhdm#KLIpMJBgb#%OIahoj z{5e4kt8!xul=8yr;S#YFzm+4XUF~9}i@Vyz?XJNjSjMqiVb6lTIyy*ty!W>ctK$Q< zd3?b3cJIpJ0o$9xL}J@#2PQ(7bJhGwds}Mura3jBdLS#B2Ct3goFJdUHp6&>Mb>jy zk0`nnFoA!7%C7##+n4$5QR3)wwdIgXMUT!RwKPtPNccFl0Rj(e)Ta zrely93#U51L7b0A+R1o5T3(JiqMEUR$Vn_eN>t>rgoXROJ8p&%&Jf4 zL)6ujFu-!QNb`KO98J~ZQE_xCx*Vb%pNiHxc|9K`<{!rQQ>ngvx_Q8`VSe*5%;nQu zcbXR4%fq54X*=r(=f|z8TpZ*dZf<{hKR&{vj?J4i^1$Ct3Coe|M)yMMp?gSE922D5 zY1?XYL(EavJjr&sX#t#Syw{*R?kea`M1-G5ckBz(Vz)*g#EVBXY=w_4igqVD8r*J4 zk-UF z=@2|#9{5Xqe`fJ*#hB;!mra8|?e=#Y`^MAn1#KwGSKbk7^<(3j&`JF`b7kmD^h5m^ z{rEoDicads_7$T@?&_A&S}i`Sc>1j0_)81^A8Ek}2^~b9OL}_XnhL%Oc9bgR?PH#G ztuguS=N(`~aj?jo^G3cv29*hGfvOW;chnef2VnJ!kY9@l|Y_22L^fosA z{9c_uW{yGtQxv}{}8?^=}C@yu&-JK`HCO@fDnsb7T79^8V87)k0 z=t_o)WYh;%oK7j=>QuiiBB~{2z4_G)mkV&^s~K+bkqLftjjLsC)PLb{-_72%`36Kn ztIL&`8RPnrv@Wh!Uwvf(Sv;YDEDs9Edb@zEn@0Q9o-ZpP>oWypc~n3aPb?tEJ*0f^ z#74VdYw-1!Kc5Sz#1Gx6NWNRkcI#k zqkn$)ckq2#L!xUH z|H0$)C;xzlcdSL4Uzca99e2z0w3>qsD(-WT{JL=OQ^Mq+CI9gM{Sgdc^LSu$MJB|L zMlMpJDi$zZRk`pDxd7m8!nFv7irY;6N2dc3_EQNn()$$Me%gv`5-5ICiC1c?@Rz@u zUVXg1AAR`M_wUDx4|g|^#?L>;#j_%--NLv;+OCz)uHi~Pa!K4SLl;Cz9Pfw@knt87 zkFFdr{;q`QcN<>6tmtmnFlcw0xqHcvnOk1%tDy3{+~4IW9-l{Io#_V0)0VT+jos(8 zX~ia5_>`w^6qZ-pnf{R&y3+Q>uJSm4H}f2=FSAuC*S1Aq@UwLq zQ~_4BMCVxD78L~*gTn_G+K;M|KMzJ0;4mnXiC8evORn?LvSMUf?x zSNj?X*3TNMFC`Zp-_7t#kp(G7y`y5=B*20Ex!jUh+*E+Jg39?%1k`Wy5^uixE0*v6 zQu8%mQb$)M=;&*zw9ddtmtdUq@-1R&z8Xw+Nh>~E1=8#9)83rE&ho8QAU%I6x8$=i z*T^bf5|hK8t6JAEHEGrdHHQQi9pKF^B;nuR{O`EAaGQ0R{lUo!|d{hL)7(V@72tN zDn*Qc#f((WgkDa<^PnNjUqoc`BQ(&PF{V-AQrI{{->m&xUFGU=Ln@Epx1ma2b;~+Wl zX>vmAU`C-MVqw1mG4)nBJs=BlBR7nc=p~T|(;x-cTt_}|iipW|WIHk)>5f!KvLm49 z9Z{adcBa#v>M(7G-j2P}K4{&G&dINst)B)Z2xN1~tRW%EOrDHo(pV!ypJvnFYc_5NVJ7Jy4lahN?=A1iDL(aP zP?JdN>BP}&_)lLko0+(gH27dA1AEl{$h5GAje?8<8F4m!#7Rw^W}R}KvYj%Wg4k83 zWT!-@c&DgStdp=J$kudHcM@9hRlI;yNr4BdccjK(l(XEA5VtWL97?=kFGZb=`XGa{ z9;&FkH_-JkSfl}5Nv_R>hEceeqRvU!v+%y>@R%?*uT_}B)CXoJ8U`Jy)ApsP>xo&# zM=|wqY+70~1#M|maO(n!$0K#-#Uu-AglDSf#`a`5wjei{poQs;vQGL$9laEFgCj9I zZ(Pqt>|X;+*jw&k64=S4kV)@eOtO<0tmt*%!7|V{TA>6}MhQpSD>o(TUd*FR&cU}~ zKOLuOu&`e|Iy(+b_s+rxCdu*_vx=b)laf+#<+xH4BPJAt8x5qFs!!A%`Tpmk4(4f` zH5S3hpcxZE%HECB-~~CyZKh6lMs-HM6ph*_HVnjup12MJS7WawjUZ5ZH91N&B2sxV z1vH9lVq9qhp^_6`1!;Ic#i%xnA)5#5%!}`P*IqXAy_QebtA|A(4c<_>-eiJ-1N6_LBu{)#* zIW$l&OQW2K_i6|ONv*9xWVJw+O{jxN|iicoq%-HaI9Q>dVz$nwhh(u5J z0?|0q5Fm4sqlN1W3o=XMfhb;jTgqN^sV$>njqbXZETeNIGWKC`>~Txn!+@|J(EI8 zg%9l9-hlIi9r=JQ8<7KEbqI{`gLa|@vkA9G{V1Fap6o&h8b?r zKUpQe3Ar<%5PGBZMAmrx?wK&kL+6>1hSVAt}JYxre+z?`^(l}|mp;80#3l^01TAvq=!+nC5; zqG(-W$C8epfJG=vh-Ehd_?}BQ2qxXc^fZkj^u4eeSsRyHh;Tv3fe48j zArXRx;|Eh9`z55m-o_~{OF8TlV`dg?WjjFfE1uXm<}B&pZpofBIN!s z6VnS9PbQS;wSa+pBZi=2(38mmS|kzAPaX@5J3lbEVYnZGbWF%8^rNx8XMI0q@*IXc zOyw|@jprNo8A%+q)I*Sy=YGH^$IfrFmz9CwLVB`{@O?<>=h(WD&f}vJCzw zSPH{tJ}9R+GXc2};tXqLFOYzQSU()gQpBHRITJhyVmQRMh`?bBcEY9$=N3dPb1R?B zl_M6xj*lPtFTR|B{lmZ)_6FIG@U)ORl)Qxl0)ZiA(VXHLxcfmAVEdNv&4GK4?F~`8nYfb3P6y_kVj)vNKbQ*9BTx?5 z-{F9z=p7R-#_9(A@MfUlg2yp&P#hJ9#c@alc{~!2C*$$h9XSQ3NG{-zQ*cB(961F? zWF38u92K;9gmn(mNR5cfkA@+LHSnQoi0KIz02M$f;$b^bA{07P6+=omV6?K_jY8`_ z2+<=f#&&1f7${_v>Pt|1hY*WtgjP)GFlsg#F2QUT29FfLW|aC%Q2rmD@*Cy~X8-_& CVTbkr literal 5863 zcmV(Atx2*B(uiuZaOlDP9t1ZjwF?I}D#blBZ!FVwu$ke}mclG!;{~UFTmqQfcrbFAZ@Nr6G^9G}KX*hCb@jFh^4w_Gr=g@Nhr<6yoF2 z`9J>gNbE@bNaChUsSS(H)f|3ITbP1HWb$NTr6 zqJMiNd+;CbA3uisyXp2L7XR*tpFX1ZNEm7k{q->odqiETm;OYPNyIlEaMx(DHm90hOhs-mJ*RI48(4yPbX&w{-wxAT5k zUz_cH*L-#S{%XE|xM~{r?jg?aPX&!t`oG4HN1={FmzJ!ps-8ka;tz3|;=kLQaM&TG z8+haYoQA)TcYpo(w*vU!|NJ^I^j;rsp*C;pVE?Dhs6ZXWtX_3oU_GkW`z%2J1{gbR zFdc;f{FO|T$uxBix-yM~uIs}BD$U%kBfAr!-W(R=UWDg8*wa1rVB|R%i{3Y{KK|JJ zTWMtvSDM+!m1g#GrJ4O)X=YDXn%UQtX7+ZaS^V9v@-jbuxtFPSnmh|NJ6#&9Us&zC z_@8bX>#QBz;B7MBSi4BpE}FHgX6>?ByV$jMQM}8U;c|UyleMSWB-cL{d(KX0-@>vZ zDJ@f5)xx;jwXl;3mn|$0Osb3FI~E4_)ma#~&$BRYf31ZjOmLBlg@MfEIbmU}*#NiA z!dP!%n7LzN++MIS`1V~3<7UsoxOub3%Fb_YzKy(S71$Vh zfrVaR)JtsaCDyNer4^u_kQk_-B88L2PMkAI?y2Mmt z>ltg$7+Ozw(iWSH|M*8(7=)Ca!n>TlbONhyyGM|^FMq!bK2rj`fK_c(Vd*=EorLUf z@#}BTMz2b<0{D}^T{LIyz1)yBLEQ{MqDtvK5d&&eoV?NS@9zge)A>et}CZ3po*{SuDvXSsp4mMNaT@dkX z*&IG2?Mu3|r#Xi`?8t`BH8p2dSc^DQ_U7+I7j0ZNoWq&1UC5ny!nI+!I1!oH&!KiE zK9NZAy@hRrBsRGef39>e^w*0e<3s+kW>lb8W_nwulU1=uKyEUs9jz-#6@T+DroRBw zcjN4x?db5?jqR}A6fX%=BzhP6Pvj`~<+z>mgb2kcOU^_nHzE|z7oqqXA{0r4Y84^q zRheG3$VxO3s*MPDbh3z0Tq;KJUFls?2K$r+@>Bp@GrJaM3$~xlZbv_n&APKlb&0c6 zn%JeX?(>NS27N(daoFHMoVX^j?lhdtNkb71ZIakcnou%WcPWFlUD&^y2v-=kWWi6T zgwMCJUtwM2W$Su|T|LvHo|#pAU0eE`6^+lZqTYV?c-M!o7sLhpwzPC@buQ8F3vD~+ z3741#X13T%F41m8XP)m8&DU^=CW+ClVg$W8_ZDv9wP|8>8!?(oF40_aiTZ*t^(B|6 zpSHlTEg7Y$eNWB;E{c86sjg!G`mXg<>=zyEXT<(IH~Sf}e+_4QBKBvw+_39%PsIK? z$9p37CE*L3Vqpq}%DUQd5V0Jg)kC90>teNwyVk|+p@Sq?fpOSCFCxA^JNo(f;O`zc zWq-C?_Gd?XbhYTuj;1n^*nZ95q|x;xwEWW1)>^yis{PcCP(|0^tR=yvcR+wp~N z#}_gmUo22KwfP<3a;(uKspZPmygzgbBpdeaOYhW+=ck>^We^XVP5Rs>}_;-M#5gO*h5(NptGs{ zW|X+Q)|E!2OKU$7yV?Yr@=K(h3Lw9MkTW$1_tr2}o?d0hhEOD_H(}^g z>Yfj*(?S2g1o!(C++IZa^lq|icNVP}_k{=JHd*PPv!K)5^mnnKG^$4gtJz&gs?_al z@#V$N5>DXS?uBmT+eW_W@-+SVz-mY)cvAc;(qSX?pYsl8<>Ju`*@1}J( zkyB|wFNKIrwIba_u0;x+iv@)g+ipMZ-b5yoZ(+Jk(SYST0F{f2OWmMdc3f%}tLV|>_N3w$P!RA@=%7PBeAoDjJk zRD|Yk+V#iQFiimZ8vo@&1*rPuvuDTv-zKiz#h*XE+jxy9-ldZ8+jd26f!2C&cKi(2 z7uK4{PYzb(qa*6{3eeW2ZieKg3VG8GURtA7*#xDf?zy|C$*|c^>YUVEAfq2r$Y_if zrZsdULnSiW1FKG_mS}aZ&{h$(qOsonT*8$STm4+Ztv)i3-(BNoSvwV8INW!OH|@Sk z$Y6E7%CbP*USHPL_3G;{ED?)ml!)a?iCFKKh;`TKKezd1C1U+ViCCVMh{ZEY#Ay$y z--6g=7p&fHfDBm~K>31tyMND@5-IUhcPg^)mZjXfwQSz3-!x~-n_D;AQZiR6BlHJ@+LA!#XpZO#(t_{Mt+~8+fRFuO&*HBsm3d#&5!Tn)rb3ANaOqO)8bi`)nR2^ChgG6=g@Jb9I9k)*QqO@ERJ_XC%||Q zj3-x)G5)@W=l45azpm*1&@t$6nYl;F&zW0a9h;yEUheNp6p!CCu`YCj<9W;3=*Ho5 z+O%O4t$Zq|JB8)VcILllhHkXIv#T=C-!D8z>zCQ8lv`V^po%v*e8!EW+Yc*4Px#q8 z4Qc~6v?S+U2OlN&!#1d{j6w6KG{d9!M6 z=HF|~t*VRX_I7z^j#9r_xU75WQZm{z?M3`V^^8h13d1@2~7IgC7N zn?@B_c&MSRIXfXOV{e)g8JSV+DUnh6eO3{Nd$4Wzum8NN1OE6Nz)@KEBk9P<-kD`k2SRowcg%3s3*c#QA-{W!> zWDVuju|PI~>mm%5L3$*yU|XRAPZ`=#scq zn{th!;x#cj?YVAs4bzfleNuDC!;%BMy@MqD``iDGyE}f#gnNSfG+D4#I9+6)ClAMcaS&p?9dcXn2xdhkbnW$B%k>NiLsfI9#e0vebbt`qZf-tN9Xhz5E`j2_2o88{) zg$YfHnEz@V=P5WF#>p5ni^uzdb; zG#{KAocsc8Vv(N1+lnea1;mgJy$rgR+A%gM!%ApyZ&$ zp!lF@P;8K}BFNSZQV$YZ@g=-4L2<{&XtZQ9jy`(p)u>tIpf`?`dBI+aI-+2;oV4^5 z-DIRBr=lDc)N$6#j#nB+;a-e)D$Xu|mT3&gU!+ldmhh)=qC!riOw?)nQq&2qBoni9 zdiD^n(SFqM2=geJ7VtiaI`d+Z4O&MblvP2-Aaw|^dMjo)m*~eJL#B>iin@`o8(1@q z*;8v{10MwsarV-}VPwhL7n7_a#+Vc$j-&9D`9~f)I0u^GL4Bs~#XQQW4A)cShV0}d zAqs#~HHKNwCkr-a$?}(?&QI9rM=y+3oK%=2!X2=TNjpw7Pg%0&%=dpQ>MXYLk=PVw zgAGuPmSN)vq-R4ya;-CUdN67*^2Io4oinrcGnYbo9s(P|OHMRVRDM>OMnozvx1}*` z@Q4m!Bc80#cC zb&5;)J&lNuiP1Bo?2Hh>DcBE9nLs&MG1wO~WTCLFIi(TjMuGH#BMi1$%z;bDI}|Ca zm!%Q8l;M-+0z0nvQZpK*nMW7=DAgQorcu8vjZP3pUP5t-8le_KVr4~uvoRAv=KKnt z2WbcZr7Q%{h#^a1NK+W{6oy2FAyZ)(!xA#2B`jqt>;gvwLL?ofkuJgt>>RZMS}{sD zkKEW4ZjwkD4*;g*Cucuj0r5lv1&ji=|{N zWn(EFOZnK>CW>MG*n#2%-H>vO+8f4^ny9Fd(VCq05O?2}sE8Ds8{v$Ylyu~PZ1lk* zk@qtxFAGup+Y*H^M@H|I7;R)8@jsFkK}m)-@lF(??6)Nf-q10oTx27R1jZ7?G%AnH zdlobD{AAvQ3Ez|`rMy-iZbum{urZ5qj81C=6`F;~u|kyiwnP~{M);QCtzis#oMzB5 z=V69Xu;6?lN`7OVQb^jI6;Z-RBZqSq*_)5ix?qE_b0&(uvGpM;(Bo*0^YB%i8B568 zq_dL{8WCzJoYLRePkA51G(&>3)-(25Y-r#WoRpv7LvKEg3Mj_4Q`sE`p& zh@K})9vh1*&J(*{_Ud2V%3O34lcPkM10N~85RO~vq($C8&HgtO=CnHpddz=q&}Qgm=Byhj}6CTq3VoQ#AUnd4-9Dl7tz zpkD=CXa*RQAr=AK8s)M7LW-8m#3tm1gdm3y9I`ZvKJ1A;8)$V%_|s6>p& zqmV&Qe74xvN<4%J@VBI46be{boC(`J%}6tYbZI|>SYS!wibHvMQeGsTgyfh^Y6Fo0 zqGb9Sh;*u2>!QSnV@ao9j72DmU3#y=9APP(aXtqJZ|7z&k*!&TLmJVioUaHu5TZ7q z0Sc4q;y{7ymyrH`T~gronU#~IaWui&bjHA}wu&KGb>rkf3cw&thn(s!{|00Q1uK^X z%`lePDL8}Z6+djA&EydD6tVyoNyN7&Z$v~Eq}PTs5nw(%Mm2??*eE@sMO(;onC^he z0hLYX8}=KL7`csno}+PyHiV_%BoeSm1uNlQm@59p0gMwbOsW>xTG`C7d1zRGkjirr zW@R~oI6P!?;4J;04vK)r0gVG12Q==VWf|5YVhJSROl`2pW1tiPUUklAQk>Ui@ZZ5w z#wi^<1Z`$EA|VdZk`2+Z3Hv;kLe-^+-^+5mnlOFA z3;Zwt$(Q5QjBR4XzJ!f)Mr3LYw-!4ILL<9g zOUK_xVL9@~w6SwaXW;I)vP7sQBAcL*iy9W4i`rQy6t-3ywcv#U`i-fW1mn(y(anxW zCXMt~&ok0_5XTWVU-2|2O-i%Uv@{Q?AWui)>0~?|yCbLIl*q+6R$r#{{YhNAOfCd0070+fAIhS diff --git a/creusot/tests/should_succeed/iterators/06_map_precond.mlcfg b/creusot/tests/should_succeed/iterators/06_map_precond.mlcfg index 38b65b920d..73027a2983 100644 --- a/creusot/tests/should_succeed/iterators/06_map_precond.mlcfg +++ b/creusot/tests/should_succeed/iterators/06_map_precond.mlcfg @@ -248,6 +248,7 @@ module C06MapPrecond_Impl0_Completed use prelude.Borrow use prelude.Ghost use seq.Seq + use prelude.Bool clone C06MapPrecond_Common_Iterator_Completed_Stub as Completed0 with type self = i clone C06MapPrecond_Common_Iterator_Item_Type as Item0 with @@ -371,9 +372,10 @@ module C06MapPrecond_Impl0_Produces type b type f use seq.Seq + use prelude.Int + use prelude.Bool use prelude.Ghost use prelude.Borrow - use prelude.Int use seq_ext.SeqExt use seq.Seq clone C06MapPrecond_Common_Iterator_Item_Type as Item0 with @@ -400,11 +402,11 @@ module C06MapPrecond_Impl0_Produces predicate produces [@inline:trivial] [#"../06_map_precond.rs" 43 4 43 67] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (visited : Seq.seq b) (succ : C06MapPrecond_Map_Type.t_map i b f Item0.item) = - [#"../06_map_precond.rs" 44 8 56 9] Unnest0.unnest (C06MapPrecond_Map_Type.map_func self) (C06MapPrecond_Map_Type.map_func succ) /\ (exists s : Seq.seq Item0.item . Inv0.inv s /\ Seq.length s = Seq.length visited /\ Produces0.produces (C06MapPrecond_Map_Type.map_iter self) s (C06MapPrecond_Map_Type.map_iter succ) /\ Ghost.inner (C06MapPrecond_Map_Type.map_produced succ) = Seq.(++) (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) s /\ (exists fs : Seq.seq (borrowed f) . Inv1.inv fs /\ Seq.length fs = Seq.length visited /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> ^ Seq.get fs (i - 1) = * Seq.get fs i) /\ (if Seq.length visited = 0 then + [#"../06_map_precond.rs" 44 8 56 9] Unnest0.unnest (C06MapPrecond_Map_Type.map_func self) (C06MapPrecond_Map_Type.map_func succ) /\ (exists s : Seq.seq Item0.item . Inv0.inv s /\ Seq.length s = Seq.length visited /\ Produces0.produces (C06MapPrecond_Map_Type.map_iter self) s (C06MapPrecond_Map_Type.map_iter succ) /\ Ghost.inner (C06MapPrecond_Map_Type.map_produced succ) = Seq.(++) (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) s /\ (exists fs : Seq.seq (borrowed f) . Inv1.inv fs /\ Seq.length fs = Seq.length visited /\ (forall i : int . Int.le 1 i /\ Int.lt i (Seq.length fs) -> ^ Seq.get fs (Int.sub i 1) = * Seq.get fs i) /\ (if Seq.length visited = 0 then C06MapPrecond_Map_Type.map_func self = C06MapPrecond_Map_Type.map_func succ else - * Seq.get fs 0 = C06MapPrecond_Map_Type.map_func self /\ ^ Seq.get fs (Seq.length visited - 1) = C06MapPrecond_Map_Type.map_func succ - ) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Unnest0.unnest (C06MapPrecond_Map_Type.map_func self) ( * Seq.get fs i) /\ Precondition0.precondition ( * Seq.get fs i) (Seq.get s i, Ghost.new (Seq.(++) (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) (SeqExt.subsequence s 0 i))) /\ PostconditionMut0.postcondition_mut (Seq.get fs i) (Seq.get s i, Ghost.new (Seq.(++) (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) (SeqExt.subsequence s 0 i))) (Seq.get visited i)))) + * Seq.get fs 0 = C06MapPrecond_Map_Type.map_func self /\ ^ Seq.get fs (Int.sub (Seq.length visited) 1) = C06MapPrecond_Map_Type.map_func succ + ) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length visited) -> Unnest0.unnest (C06MapPrecond_Map_Type.map_func self) ( * Seq.get fs i) /\ Precondition0.precondition ( * Seq.get fs i) (Seq.get s i, Ghost.new (Seq.(++) (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) (SeqExt.subsequence s 0 i))) /\ PostconditionMut0.postcondition_mut (Seq.get fs i) (Seq.get s i, Ghost.new (Seq.(++) (Ghost.inner (C06MapPrecond_Map_Type.map_produced self)) (SeqExt.subsequence s 0 i))) (Seq.get visited i)))) val produces [@inline:trivial] [#"../06_map_precond.rs" 43 4 43 67] (self : C06MapPrecond_Map_Type.t_map i b f Item0.item) (visited : Seq.seq b) (succ : C06MapPrecond_Map_Type.t_map i b f Item0.item) : bool ensures { result = produces self visited succ } @@ -533,6 +535,7 @@ module C06MapPrecond_Impl1_Reinitialize type f use prelude.Borrow use seq.Seq + use prelude.Bool clone C06MapPrecond_Common_Iterator_Item_Type as Item0 with type self = i clone C06MapPrecond_Impl1_Preservation_Stub as Preservation0 with @@ -787,6 +790,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce_Stub type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -814,6 +818,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce_Interface type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -849,6 +854,7 @@ module CreusotContracts_Std1_Ops_Impl1_FnMutOnce type args type f use prelude.Borrow + use prelude.Bool clone Core_Ops_Function_FnOnce_Output_Type as Output0 with type self = f, type args = args @@ -885,6 +891,7 @@ module C06MapPrecond_Impl1_PreservationInv_Stub type b type f use seq.Seq + use prelude.Bool clone C06MapPrecond_Common_Iterator_Item_Type as Item0 with type self = i use seq.Seq @@ -905,6 +912,7 @@ module C06MapPrecond_Impl1_PreservationInv_Interface type b type f use seq.Seq + use prelude.Bool clone C06MapPrecond_Common_Iterator_Item_Type as Item0 with type self = i use seq.Seq @@ -933,6 +941,7 @@ module C06MapPrecond_Impl1_PreservationInv type b type f use seq.Seq + use prelude.Bool use prelude.Borrow use prelude.Ghost clone C06MapPrecond_Common_Iterator_Item_Type as Item0 with @@ -985,6 +994,7 @@ module C06MapPrecond_Impl1_PreservationInv_Impl type b type f use seq.Seq + use prelude.Bool use prelude.Borrow use prelude.Ghost clone C06MapPrecond_Common_Iterator_Item_Type as Item0 with @@ -1148,6 +1158,7 @@ module C06MapPrecond_Impl2_Invariant type b type f use prelude.Ghost + use prelude.Bool use seq.Seq clone C06MapPrecond_Common_Iterator_Item_Type as Item0 with type self = i @@ -1844,6 +1855,7 @@ module C06MapPrecond_Impl1_ProducesOne_Stub type b type f use seq.Seq + use prelude.Bool clone C06MapPrecond_Common_Iterator_Item_Type as Item0 with type self = i use C06MapPrecond_Map_Type as C06MapPrecond_Map_Type @@ -1864,6 +1876,7 @@ module C06MapPrecond_Impl1_ProducesOne_Interface type b type f use seq.Seq + use prelude.Bool clone C06MapPrecond_Common_Iterator_Item_Type as Item0 with type self = i use C06MapPrecond_Map_Type as C06MapPrecond_Map_Type @@ -1892,6 +1905,7 @@ module C06MapPrecond_Impl1_ProducesOne type b type f use seq.Seq + use prelude.Bool use prelude.Borrow use prelude.Ghost clone C06MapPrecond_Common_Iterator_Item_Type as Item0 with @@ -1940,6 +1954,7 @@ module C06MapPrecond_Impl1_ProducesOne_Impl type b type f use seq.Seq + use prelude.Bool use prelude.Borrow use prelude.Ghost clone CreusotContracts_Invariant_Inv_Interface as Inv10 with @@ -2202,6 +2217,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -2300,6 +2316,7 @@ module C06MapPrecond_Impl1_ProducesOneInvariant_Stub type f use seq.Seq use prelude.Borrow + use prelude.Bool use prelude.Ghost clone C06MapPrecond_Impl1_Preservation_Stub as Preservation0 with type i = i, @@ -2355,6 +2372,7 @@ module C06MapPrecond_Impl1_ProducesOneInvariant_Interface type f use seq.Seq use prelude.Borrow + use prelude.Bool use prelude.Ghost clone C06MapPrecond_Impl1_Preservation_Stub as Preservation0 with type i = i, @@ -2424,6 +2442,7 @@ module C06MapPrecond_Impl1_ProducesOneInvariant type f use seq.Seq use prelude.Borrow + use prelude.Bool use prelude.Ghost clone C06MapPrecond_Impl1_Preservation_Stub as Preservation0 with type i = i, @@ -2493,6 +2512,7 @@ module C06MapPrecond_Impl1_ProducesOneInvariant_Impl type f use seq.Seq use prelude.Borrow + use prelude.Bool use prelude.Ghost clone CreusotContracts_Invariant_Inv_Interface as Inv8 with type t = borrowed i @@ -3189,6 +3209,7 @@ module C06MapPrecond_Map_Interface type f use seq.Seq use prelude.Ghost + use prelude.Bool clone C06MapPrecond_Common_Iterator_Item_Type as Item0 with type self = i use seq.Seq @@ -3232,6 +3253,7 @@ module C06MapPrecond_Map type f use seq.Seq use prelude.Ghost + use prelude.Bool use prelude.Borrow clone C06MapPrecond_Common_Iterator_Item_Type as Item0 with type self = i @@ -3490,6 +3512,7 @@ module C06MapPrecond_Identity_Closure0_Interface use prelude.Borrow use prelude.Ghost use seq.Seq + use prelude.Bool clone C06MapPrecond_Common_Iterator_Item_Type as Item0 with type self = i use seq.Seq @@ -3529,6 +3552,7 @@ module C06MapPrecond_Identity_Closure0 use prelude.Borrow use prelude.Ghost use seq.Seq + use prelude.Bool clone C06MapPrecond_Common_Iterator_Item_Type as Item0 with type self = i use seq.Seq @@ -3835,6 +3859,7 @@ module C06MapPrecond_Increment_Closure2_Interface use prelude.Borrow use prelude.Ghost use seq.Seq + use prelude.Bool predicate resolve [#"../06_map_precond.rs" 190 8 190 35] (_1 : c06mapprecond_increment_closure2 u) = [#"../06_map_precond.rs" 1 0 1 0] true predicate unnest [#"../06_map_precond.rs" 190 8 190 35] (self : c06mapprecond_increment_closure2 u) (_2 : c06mapprecond_increment_closure2 u) @@ -3844,18 +3869,18 @@ module C06MapPrecond_Increment_Closure2_Interface predicate precondition [#"../06_map_precond.rs" 190 8 190 35] (self : c06mapprecond_increment_closure2 u) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) = - [#"../06_map_precond.rs" 189 19 189 27] let (x, _3) = args in UInt32.to_int x <= 15 + [#"../06_map_precond.rs" 189 19 189 27] let (x, _3) = args in Int.le (UInt32.to_int x) 15 predicate postcondition_once [#"../06_map_precond.rs" 190 8 190 35] (self : c06mapprecond_increment_closure2 u) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) = - [#"../06_map_precond.rs" 190 18 190 33] let (x, _3) = args in UInt32.to_int result = UInt32.to_int x + 1 + [#"../06_map_precond.rs" 190 18 190 33] let (x, _3) = args in UInt32.to_int result = Int.add (UInt32.to_int x) 1 predicate postcondition_mut [#"../06_map_precond.rs" 190 8 190 35] (self : borrowed (c06mapprecond_increment_closure2 u)) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) = - [#"../06_map_precond.rs" 1 0 1 0] (let (x, _3) = args in UInt32.to_int result = UInt32.to_int x + 1) /\ unnest ( * self) ( ^ self) + [#"../06_map_precond.rs" 1 0 1 0] (let (x, _3) = args in UInt32.to_int result = Int.add (UInt32.to_int x) 1) /\ unnest ( * self) ( ^ self) val c06MapPrecond_Increment_Closure2 [#"../06_map_precond.rs" 190 8 190 35] (_1 : borrowed (c06mapprecond_increment_closure2 u)) (x : uint32) (_3 : Ghost.ghost_ty (Seq.seq uint32)) : uint32 - requires {[#"../06_map_precond.rs" 189 19 189 27] UInt32.to_int x <= 15} - ensures { [#"../06_map_precond.rs" 190 18 190 33] UInt32.to_int result = UInt32.to_int x + 1 } + requires {[#"../06_map_precond.rs" 189 19 189 27] Int.le (UInt32.to_int x) 15} + ensures { [#"../06_map_precond.rs" 190 18 190 33] UInt32.to_int result = Int.add (UInt32.to_int x) 1 } ensures { unnest ( * _1) ( ^ _1) } end @@ -3867,6 +3892,7 @@ module C06MapPrecond_Increment_Closure2 use prelude.Borrow use prelude.Ghost use seq.Seq + use prelude.Bool use seq.Seq use prelude.Ghost clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with @@ -3880,18 +3906,18 @@ module C06MapPrecond_Increment_Closure2 predicate precondition [#"../06_map_precond.rs" 190 8 190 35] (self : c06mapprecond_increment_closure2 u) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) = - [#"../06_map_precond.rs" 189 19 189 27] let (x, _3) = args in UInt32.to_int x <= 15 + [#"../06_map_precond.rs" 189 19 189 27] let (x, _3) = args in Int.le (UInt32.to_int x) 15 predicate postcondition_once [#"../06_map_precond.rs" 190 8 190 35] (self : c06mapprecond_increment_closure2 u) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) = - [#"../06_map_precond.rs" 190 18 190 33] let (x, _3) = args in UInt32.to_int result = UInt32.to_int x + 1 + [#"../06_map_precond.rs" 190 18 190 33] let (x, _3) = args in UInt32.to_int result = Int.add (UInt32.to_int x) 1 predicate postcondition_mut [#"../06_map_precond.rs" 190 8 190 35] (self : borrowed (c06mapprecond_increment_closure2 u)) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) = - [#"../06_map_precond.rs" 1 0 1 0] (let (x, _3) = args in UInt32.to_int result = UInt32.to_int x + 1) /\ unnest ( * self) ( ^ self) + [#"../06_map_precond.rs" 1 0 1 0] (let (x, _3) = args in UInt32.to_int result = Int.add (UInt32.to_int x) 1) /\ unnest ( * self) ( ^ self) let rec cfg c06MapPrecond_Increment_Closure2 [#"../06_map_precond.rs" 190 8 190 35] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : borrowed (c06mapprecond_increment_closure2 u)) (x : uint32) (_3 : Ghost.ghost_ty (Seq.seq uint32)) : uint32 - requires {[#"../06_map_precond.rs" 189 19 189 27] UInt32.to_int x <= 15} - ensures { [#"../06_map_precond.rs" 190 18 190 33] UInt32.to_int result = UInt32.to_int x + 1 } + requires {[#"../06_map_precond.rs" 189 19 189 27] Int.le (UInt32.to_int x) 15} + ensures { [#"../06_map_precond.rs" 190 18 190 33] UInt32.to_int result = Int.add (UInt32.to_int x) 1 } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : uint32; @@ -3904,7 +3930,7 @@ module C06MapPrecond_Increment_Closure2 } BB0 { assume { Resolve0.resolve _1 }; - res1 <- ([#"../06_map_precond.rs" 191 20 191 25] x + ([#"../06_map_precond.rs" 191 24 191 25] [#"../06_map_precond.rs" 191 24 191 25] (1 : uint32))); + res1 <- ([#"../06_map_precond.rs" 191 20 191 25] UInt32.add x ([#"../06_map_precond.rs" 191 24 191 25] [#"../06_map_precond.rs" 191 24 191 25] (1 : uint32))); res <- res1; _0 <- res; return _0 @@ -3917,6 +3943,7 @@ module C06MapPrecond_Increment_Interface use seq.Seq use prelude.Int use prelude.UInt32 + use prelude.Bool clone C06MapPrecond_Common_Iterator_Produces_Stub as Produces0 with type self = u, type Item0.item = uint32 @@ -3928,7 +3955,7 @@ module C06MapPrecond_Increment_Interface type t = borrowed u val increment [#"../06_map_precond.rs" 186 0 186 50] (iter : u) : () requires {[#"../06_map_precond.rs" 182 0 182 162] forall done_ : borrowed u . Inv0.inv done_ -> Completed0.completed done_ -> (forall steps : Seq.seq uint32 . forall next : u . Inv1.inv next -> Produces0.produces ( ^ done_) steps next -> steps = Seq.empty /\ ^ done_ = next)} - requires {[#"../06_map_precond.rs" 183 0 185 2] forall fin : u . forall prod : Seq.seq uint32 . Inv1.inv fin -> Produces0.produces iter prod fin -> (forall x : int . 0 <= x /\ x < Seq.length prod -> Seq.get prod x <= (10 : uint32))} + requires {[#"../06_map_precond.rs" 183 0 185 2] forall fin : u . forall prod : Seq.seq uint32 . Inv1.inv fin -> Produces0.produces iter prod fin -> (forall x : int . Int.le 0 x /\ Int.lt x (Seq.length prod) -> Int.le (Seq.get prod x) (10 : uint32))} requires {[#"../06_map_precond.rs" 186 42 186 46] Inv1.inv iter} end @@ -3937,6 +3964,7 @@ module C06MapPrecond_Increment use prelude.Int use prelude.UInt32 use seq.Seq + use prelude.Bool use prelude.Borrow clone C06MapPrecond_Common_Iterator_Produces_Interface as Produces1 with type self = u, @@ -4122,7 +4150,7 @@ module C06MapPrecond_Increment predicate Inv3.inv = Inv0.inv let rec cfg increment [#"../06_map_precond.rs" 186 0 186 50] [@cfg:stackify] [@cfg:subregion_analysis] (iter : u) : () requires {[#"../06_map_precond.rs" 182 0 182 162] forall done_ : borrowed u . Inv1.inv done_ -> Completed0.completed done_ -> (forall steps : Seq.seq uint32 . forall next : u . Inv2.inv next -> Produces1.produces ( ^ done_) steps next -> steps = Seq.empty /\ ^ done_ = next)} - requires {[#"../06_map_precond.rs" 183 0 185 2] forall fin : u . forall prod : Seq.seq uint32 . Inv2.inv fin -> Produces1.produces iter prod fin -> (forall x : int . 0 <= x /\ x < Seq.length prod -> Seq.get prod x <= (10 : uint32))} + requires {[#"../06_map_precond.rs" 183 0 185 2] forall fin : u . forall prod : Seq.seq uint32 . Inv2.inv fin -> Produces1.produces iter prod fin -> (forall x : int . Int.le 0 x /\ Int.lt x (Seq.length prod) -> Int.le (Seq.get prod x) (10 : uint32))} requires {[#"../06_map_precond.rs" 186 42 186 46] Inv2.inv iter} = [@vc:do_not_keep_trace] [@vc:sp] @@ -4143,7 +4171,7 @@ module C06MapPrecond_Increment BB2 { assert { [@expl:type invariant] Inv0.inv i }; assume { Resolve0.resolve i }; - assert { [@expl:assertion] [#"../06_map_precond.rs" 194 4 197 5] forall fin : C06MapPrecond_Map_Type.t_map u uint32 (Closure20.c06mapprecond_increment_closure2 u) uint32 . forall prod : Seq.seq uint32 . Inv0.inv fin -> Produces0.produces i prod fin -> (forall x : int . 0 <= x /\ x < Seq.length prod -> Seq.get prod x <= (11 : uint32)) }; + assert { [@expl:assertion] [#"../06_map_precond.rs" 194 4 197 5] forall fin : C06MapPrecond_Map_Type.t_map u uint32 (Closure20.c06mapprecond_increment_closure2 u) uint32 . forall prod : Seq.seq uint32 . Inv0.inv fin -> Produces0.produces i prod fin -> (forall x : int . Int.le 0 x /\ Int.lt x (Seq.length prod) -> Int.le (Seq.get prod x) (11 : uint32)) }; goto BB3 } BB3 { @@ -4185,6 +4213,7 @@ module C06MapPrecond_Counter_Closure2_Interface use prelude.Ghost use seq.Seq use prelude.Int + use prelude.Bool use prelude.UInt32 clone CreusotContracts_Resolve_Impl1_Resolve_Stub as Resolve0 with type t = usize @@ -4201,18 +4230,18 @@ module C06MapPrecond_Counter_Closure2_Interface predicate precondition [#"../06_map_precond.rs" 207 8 207 41] (self : c06mapprecond_counter_closure2 i) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) = - [#"../06_map_precond.rs" 206 19 206 61] let (x, _prod) = args in UIntSize.to_int ( * field_0 self) = Seq.length (Ghost.inner _prod) /\ * field_0 self < Max0.mAX' + [#"../06_map_precond.rs" 206 19 206 61] let (x, _prod) = args in UIntSize.to_int ( * field_0 self) = Seq.length (Ghost.inner _prod) /\ Int.lt ( * field_0 self) Max0.mAX' predicate postcondition_once [#"../06_map_precond.rs" 207 8 207 41] (self : c06mapprecond_counter_closure2 i) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) = - [#"../06_map_precond.rs" 207 18 207 39] let (x, _prod) = args in UIntSize.to_int ( ^ field_0 self) = UIntSize.to_int ( * field_0 self) + 1 + [#"../06_map_precond.rs" 207 18 207 39] let (x, _prod) = args in UIntSize.to_int ( ^ field_0 self) = Int.add (UIntSize.to_int ( * field_0 self)) 1 predicate postcondition_mut [#"../06_map_precond.rs" 207 8 207 41] (self : borrowed (c06mapprecond_counter_closure2 i)) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) = - [#"../06_map_precond.rs" 1 0 1 0] (let (x, _prod) = args in UIntSize.to_int ( * field_0 ( ^ self)) = UIntSize.to_int ( * field_0 ( * self)) + 1) /\ unnest ( * self) ( ^ self) + [#"../06_map_precond.rs" 1 0 1 0] (let (x, _prod) = args in UIntSize.to_int ( * field_0 ( ^ self)) = Int.add (UIntSize.to_int ( * field_0 ( * self))) 1) /\ unnest ( * self) ( ^ self) val c06MapPrecond_Counter_Closure2 [#"../06_map_precond.rs" 207 8 207 41] (_1 : borrowed (c06mapprecond_counter_closure2 i)) (x : uint32) (_prod : Ghost.ghost_ty (Seq.seq uint32)) : uint32 - requires {[#"../06_map_precond.rs" 206 19 206 61] UIntSize.to_int ( * field_0 ( * _1)) = Seq.length (Ghost.inner _prod) /\ * field_0 ( * _1) < Max0.mAX'} - ensures { [#"../06_map_precond.rs" 207 18 207 39] UIntSize.to_int ( * field_0 ( ^ _1)) = UIntSize.to_int ( * field_0 ( * _1)) + 1 } + requires {[#"../06_map_precond.rs" 206 19 206 61] UIntSize.to_int ( * field_0 ( * _1)) = Seq.length (Ghost.inner _prod) /\ Int.lt ( * field_0 ( * _1)) Max0.mAX'} + ensures { [#"../06_map_precond.rs" 207 18 207 39] UIntSize.to_int ( * field_0 ( ^ _1)) = Int.add (UIntSize.to_int ( * field_0 ( * _1))) 1 } ensures { unnest ( * _1) ( ^ _1) } end @@ -4225,6 +4254,7 @@ module C06MapPrecond_Counter_Closure2 use prelude.Borrow use prelude.Ghost use seq.Seq + use prelude.Bool use seq.Seq use prelude.Ghost clone CreusotContracts_Resolve_Impl1_Resolve as Resolve1 with @@ -4244,18 +4274,18 @@ module C06MapPrecond_Counter_Closure2 predicate precondition [#"../06_map_precond.rs" 207 8 207 41] (self : c06mapprecond_counter_closure2 i) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) = - [#"../06_map_precond.rs" 206 19 206 61] let (x, _prod) = args in UIntSize.to_int ( * field_0 self) = Seq.length (Ghost.inner _prod) /\ * field_0 self < Max0.mAX' + [#"../06_map_precond.rs" 206 19 206 61] let (x, _prod) = args in UIntSize.to_int ( * field_0 self) = Seq.length (Ghost.inner _prod) /\ Int.lt ( * field_0 self) Max0.mAX' predicate postcondition_once [#"../06_map_precond.rs" 207 8 207 41] (self : c06mapprecond_counter_closure2 i) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) = - [#"../06_map_precond.rs" 207 18 207 39] let (x, _prod) = args in UIntSize.to_int ( ^ field_0 self) = UIntSize.to_int ( * field_0 self) + 1 + [#"../06_map_precond.rs" 207 18 207 39] let (x, _prod) = args in UIntSize.to_int ( ^ field_0 self) = Int.add (UIntSize.to_int ( * field_0 self)) 1 predicate postcondition_mut [#"../06_map_precond.rs" 207 8 207 41] (self : borrowed (c06mapprecond_counter_closure2 i)) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) = - [#"../06_map_precond.rs" 1 0 1 0] (let (x, _prod) = args in UIntSize.to_int ( * field_0 ( ^ self)) = UIntSize.to_int ( * field_0 ( * self)) + 1) /\ unnest ( * self) ( ^ self) + [#"../06_map_precond.rs" 1 0 1 0] (let (x, _prod) = args in UIntSize.to_int ( * field_0 ( ^ self)) = Int.add (UIntSize.to_int ( * field_0 ( * self))) 1) /\ unnest ( * self) ( ^ self) let rec cfg c06MapPrecond_Counter_Closure2 [#"../06_map_precond.rs" 207 8 207 41] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : borrowed (c06mapprecond_counter_closure2 i)) (x : uint32) (_prod : Ghost.ghost_ty (Seq.seq uint32)) : uint32 - requires {[#"../06_map_precond.rs" 206 19 206 61] UIntSize.to_int ( * field_0 ( * _1)) = Seq.length (Ghost.inner _prod) /\ * field_0 ( * _1) < Max0.mAX'} - ensures { [#"../06_map_precond.rs" 207 18 207 39] UIntSize.to_int ( * field_0 ( ^ _1)) = UIntSize.to_int ( * field_0 ( * _1)) + 1 } + requires {[#"../06_map_precond.rs" 206 19 206 61] UIntSize.to_int ( * field_0 ( * _1)) = Seq.length (Ghost.inner _prod) /\ Int.lt ( * field_0 ( * _1)) Max0.mAX'} + ensures { [#"../06_map_precond.rs" 207 18 207 39] UIntSize.to_int ( * field_0 ( ^ _1)) = Int.add (UIntSize.to_int ( * field_0 ( * _1))) 1 } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : uint32; @@ -4267,7 +4297,7 @@ module C06MapPrecond_Counter_Closure2 goto BB0 } BB0 { - _1 <- { _1 with current = (let C06MapPrecond_Counter_Closure2 a = * _1 in C06MapPrecond_Counter_Closure2 ({ (field_0 ( * _1)) with current = ([#"../06_map_precond.rs" 209 12 209 20] * field_0 ( * _1) + ([#"../06_map_precond.rs" 209 19 209 20] [#"../06_map_precond.rs" 209 19 209 20] (1 : usize))) })) }; + _1 <- { _1 with current = (let C06MapPrecond_Counter_Closure2 a = * _1 in C06MapPrecond_Counter_Closure2 ({ (field_0 ( * _1)) with current = ([#"../06_map_precond.rs" 209 12 209 20] UIntSize.add ( * field_0 ( * _1)) ([#"../06_map_precond.rs" 209 19 209 20] [#"../06_map_precond.rs" 209 19 209 20] (1 : usize))) })) }; assume { Resolve0.resolve _1 }; res1 <- x; res <- res1; @@ -4282,6 +4312,7 @@ module C06MapPrecond_Counter_Interface use seq.Seq use prelude.Int use prelude.UInt32 + use prelude.Bool use prelude.UIntSize clone Core_Num_Impl11_Max_Stub as Max0 clone C06MapPrecond_Common_Iterator_Produces_Stub as Produces0 with @@ -4295,7 +4326,7 @@ module C06MapPrecond_Counter_Interface type t = borrowed i val counter [#"../06_map_precond.rs" 202 0 202 48] (iter : i) : () requires {[#"../06_map_precond.rs" 200 0 200 162] forall done_ : borrowed i . Inv0.inv done_ -> Completed0.completed done_ -> (forall steps : Seq.seq uint32 . forall next : i . Inv1.inv next -> Produces0.produces ( ^ done_) steps next -> steps = Seq.empty /\ ^ done_ = next)} - requires {[#"../06_map_precond.rs" 201 0 201 92] forall fin : i . forall prod : Seq.seq uint32 . Inv1.inv fin -> Produces0.produces iter prod fin -> Seq.length prod <= UIntSize.to_int Max0.mAX'} + requires {[#"../06_map_precond.rs" 201 0 201 92] forall fin : i . forall prod : Seq.seq uint32 . Inv1.inv fin -> Produces0.produces iter prod fin -> Int.le (Seq.length prod) (UIntSize.to_int Max0.mAX')} requires {[#"../06_map_precond.rs" 202 40 202 44] Inv1.inv iter} end @@ -4306,6 +4337,7 @@ module C06MapPrecond_Counter use prelude.Borrow use prelude.UInt32 use seq.Seq + use prelude.Bool clone C06MapPrecond_Common_Iterator_Produces_Interface as Produces0 with type self = i, type Item0.item = uint32 @@ -4461,7 +4493,7 @@ module C06MapPrecond_Counter predicate Inv3.inv = Inv0.inv let rec cfg counter [#"../06_map_precond.rs" 202 0 202 48] [@cfg:stackify] [@cfg:subregion_analysis] (iter : i) : () requires {[#"../06_map_precond.rs" 200 0 200 162] forall done_ : borrowed i . Inv1.inv done_ -> Completed0.completed done_ -> (forall steps : Seq.seq uint32 . forall next : i . Inv2.inv next -> Produces0.produces ( ^ done_) steps next -> steps = Seq.empty /\ ^ done_ = next)} - requires {[#"../06_map_precond.rs" 201 0 201 92] forall fin : i . forall prod : Seq.seq uint32 . Inv2.inv fin -> Produces0.produces iter prod fin -> Seq.length prod <= UIntSize.to_int Max0.mAX'} + requires {[#"../06_map_precond.rs" 201 0 201 92] forall fin : i . forall prod : Seq.seq uint32 . Inv2.inv fin -> Produces0.produces iter prod fin -> Int.le (Seq.length prod) (UIntSize.to_int Max0.mAX')} requires {[#"../06_map_precond.rs" 202 40 202 44] Inv2.inv iter} = [@vc:do_not_keep_trace] [@vc:sp] @@ -4504,6 +4536,7 @@ module C06MapPrecond_Impl0 type b type f use seq.Seq + use prelude.Bool use prelude.Borrow use prelude.Ghost clone CreusotContracts_Invariant_Inv_Interface as Inv11 with diff --git a/creusot/tests/should_succeed/iterators/06_map_precond/why3session.xml b/creusot/tests/should_succeed/iterators/06_map_precond/why3session.xml index fbc3d64016..a78f67f01b 100644 --- a/creusot/tests/should_succeed/iterators/06_map_precond/why3session.xml +++ b/creusot/tests/should_succeed/iterators/06_map_precond/why3session.xml @@ -3,7 +3,8 @@ "http://why3.lri.fr/why3session.dtd"> - + + @@ -11,7 +12,7 @@ - + @@ -24,7 +25,7 @@ - + @@ -72,7 +73,7 @@ - + @@ -81,7 +82,7 @@ - + @@ -93,7 +94,7 @@ - + @@ -108,7 +109,7 @@ - + @@ -139,7 +140,7 @@ - + @@ -215,7 +216,7 @@ - + @@ -230,13 +231,13 @@ - + - + @@ -253,16 +254,16 @@ - + - + - + @@ -274,16 +275,16 @@ - + - + - + @@ -293,7 +294,7 @@ - + @@ -308,44 +309,44 @@ - + - + - + - + - + - + - + - + - + - + @@ -353,7 +354,7 @@ - + diff --git a/creusot/tests/should_succeed/iterators/06_map_precond/why3shapes.gz b/creusot/tests/should_succeed/iterators/06_map_precond/why3shapes.gz index 19af40fd2a84d12311999d1bdb6e441ec0f09248..9d0181743eb758ce7fe0e2c586dc49bee6e531fa 100644 GIT binary patch literal 8695 zcmV{SP( zM9mnRw!3X7li6Rt&r6CDRi!FBiQCR#dob>jC>~yt&wCb?|MK(Y{XfEQ>HhL_y1T!= zz4`B#=JMzNdhzgkxW4(^v3D2YF5TaL{G7rso!W)pZtoxZ+neF~0d+t8`stxlo#^B) zT!o);$#>L@ck1o$2UTxx`qXi%`<|-Q-%jKo*>Q~Y>Elk`A z*EdUJ*SV>(n+rjj2l;*)ne#F6Vj+YU2y`aKcVrz-1C79gOi>>XOj&rZJ9Zay0e*Nv?U$~fh5v&qs zIx!P3J24ZFIx_c>?$h1pK=bVcHc|ghW%C+fy@U_{>(g%^6ZVRQoAl3ce{UMo?|rz!xMeM;euUXgE2no;W$bhJ=5oBfyKEQl10F88SYRQR#g_|+)UpkF*(r0l zA+~eBhr>~*l(2dQG%uvuuAn`XA@#kZ{0vN;&ym&y#-f+}1@#R5Irz%1~@ zGmA8^lNpSP@F*&?P8Sx1wM5qvRZCpjy-a`|$CBdi|Jg{{HZfLeLI( zx$V2%HL(24RGWHV)$4iFX-552vuEvSSMANJeAOA-9gNjUi4hiBWuaA0%}|yJr6=!p zb8pmmJ(F_lz~kgUjMmb*VUftdTY;r?RT())Tr zPdC;uG&k{Ldt>5hnCB5)7~3Jo)tD2Ms5C=~S16$*>$i^&4N}JY3MB~o>x0Hiw=Lk~ z40u#~3gF{HDtclkq)R5R<@#{{6-*!Q7ugcx3BmF#L!1;VrS}7|LaS9}$}yJWa@kib z@fJ+;KE-|uO_6HMcl`-C^(ST*^I#L6_zF;~aTib=N+&8h5>HgP$fp&kR+2RKEvot! zRVz6fTUfO#wh)Z2&cF(EsMV(Dg44Sm*SpSX_f&2fAwJXzWIf9$$KZ;q0m@3NW!@EC zs>nIcNMsf*9&1UQN@8D2`m~%J4miInCG%%nh2xe8ov+W`l$MX`=tj$@AVA+rTlt5UhbX{xh)U-i@%+! ze$eqsx}GBFup_<_Dg=*>IZi8ZN|ddpc9O5ce_Q%Qhb!x}K9ogO zk?F?u`U*j}dqjAi62)7Bc(*-%C(W_wM`4+eIZ`0i1~QG0c3K+1(an1GSimo7HR^GXOIyO-G`#~{{*h#zi=pfn_qV4Pw>$?AT<)d!^ zzqsl8?Vnrz|J|0Kh|D}{?{0=?Htgx$qn7z@ZPlNGprLuT5jmRw(<5@4Hqjmc&u#UeM{u(%xS6kkn|ThnnF2SrzzsyZLbRK4Wh&g<3T_)rRN!X58g7#Tu@MN= zn;<)db$eF4S(;S4;WXLP8$Ja|mmN2>Wo`mj&h{wWZ-eW3#yUb5)oVsr@6=3Hg_m2w z%dX*7sy6V-n=s?cHu$1ZuU2!o<7R!IuQ zsNf8g4nNM!@kRXm?J z{Q52Xvh*ZNAFDE+yFN-=>&|RsNp*QS;HtAtmQ)|SOQ72Ht6P$?ew`zgn>kY1ah?;S zIY){+Her^_6FE{=TD+gKvSP|ePj4c~oTr_$o2tGPAe#$aFVvD1U1v-wMcedZYhG2h zxlTT0DWh8Qt{ao4*Abf63w-l>fqgu8s_KQVxl>hhr@H1&)wASIRmq($ z=n+0+lNAij*qq-(5pxl*MXVNy<_(MmhwoRt=dSr`NU3UiOU<3DB`Ys=3GvE?v&!oR zs*#droyszED$C3P;`{V*oZ_XQukX=pn4f&=YZ_uK(a3SJSxPe!1#Mw%;X~Sr@lvC3 ze|_`!kLdw2Ej3Sa%T05H9+lTOwjNTC=_qnERvDR&t8W<|=jt!Za%e;5r|ZcdhRSbm z(v)#*rroA=n#DLOng>3;F58yc;W}TG6z5VhZjvybA)yV~9rROzBW*Y9zSB)c>` z7ybOh2R`U*TCOJ%wDtkpj?X)T=SiwQ=n+jPoY5Dd=-5@=hR?CvdNhqK|MiwY~ypc^|3C37q?FoIlsF=TYsBcK$S~{R-9YTT$))7*uC^C~m};xhYlx zL~Mqyn^3LT3f1RWx}e&9BdRA0Z41oAOeZk>D4*%G!un6h{t4M16S60^_P}jjUZ_40 z`qdSisvQOHW?zTa=VXB75WSByJGYAG!ab7-b6$_t5t|h)A>*=pztk09!*X4kX)Jk! zEEJxydWWIgKUeQ?^|GPV37+nmTiHYQr9;EM%uPQWhwsvyE4sZc-NcxMPk- z*YLPpj+B|@NSR%-7jDUE_~zgjD*ns$QsGCppce$IPO~>{|V7y~9Ddb)S>)S^MzL)pR`HRz5CQud0VlneeI`T%$6? z(ZOcXs;EWPtP}Ghe;}aE(^pmAr09uOLvyNUiRYX=uh6GQ8`CvK(KW}s8*RU&=qZ0K z>Y+&}xCx=8@MNjL^S1z|+9IEDpO3H4??-S_Tq`AKvyyWq@m<-KS7@-R+kDldm6z5U z&DZu#$JA>+=((_`m=74wQn)!;FAwwX4G-v?G;hIQUM;B-Wxg;~wCHmB>WB+qEM}YV zjLAtx-?1EiQo|FH#0=Bq3Gck1Ed;a|U{ z%SJFx0*BX%qI~}%196!yuk)4R3udG1gvG{$OC9QHnQt+axL7Oo(zlq2IQ4kh7%@+V z=82)`{&Tp;%?H-bwLDhkp4WogWmWiU>ii(bJ^P1s`javFd5gl;+1C^HOYP@#_)9;( z&3w8Z_4tIo9_=T5ep*kRlHp7RJboYkgDO2b;x7Eh6}^H-(&{SAPv>u{JVq;k&Bf9B zZy-^JFD87kXOXChE708+dxS+%9v!{gK-JG}cD4O;+w4RM#r_)P25bzNPs-Jzu0H8U-? zLlzR#M4EYJF>-e>Guh5e&JPu>+U{socc*u!)3VcQYj@P)9MtX@61xM`&`5XTc6wRh zcI%zs$FQiT<`cVA+SL~AtkmhWczp3O>}|34@q5Vbxynj(+~y+ublTttt7J$Z>G_T7 zTR90HT@J3H>hdUjZt{b8(1_sM{5`MR$qlSk@q1EE9lr5=Nc(x#UIC3SNXu){YN}b6 zkN?b&T&cN6&zE-LR@c68^>wy`wrksA>Z({LyEEdIo9Cr59FO+8qTEZxkCQ5MQ3ELgx}6O{9qQ2#EG3xDH$<|6I))* zLe=FFX3`|S@MMuEc>328Udh$|x+z97wI^f90~!rZFt=nQ-Nc99+# zQ&-em5g)j(Pv>VCY}yAx9&b60lRiC?AXKLd z593mN{b@DsYc9n%AriJkU<7|84It|UuW0~T(*V4t0pznBfROXY<7^H_UQrCCASlON z79soo=ouYk$fbO#^=>{DQNM`j*OB8IO}dp%E_iO38nY0D4hr9u7Owo z*NH81q_y>l$_l!=Z}xx}a{Z_90g(`W1B7d5H>Ly&%)AIhKIQ3cA*z`-;b-PXT9bwrl{e zjh9aAM}eDK^{iI||3=y9Re+kCOqDHX>E18+%S5y%@N&T_53qFNYV)?^niFWxrtzv7 zYG_&TBaRW`kYlEj`Lm*;J>++lGYR>txL5RT-UHN5Pv;bOP9y*}i?bqRg)v3Lu=xu# z@(W)%3DEQM&X<^tPhqDQ*r41Fa<;jNsl%CfRlUzyYFvsb4U&$M(rw!OF!J^05ezQr z^d>y~Ej=8lZl6{MDB7Z)?$7$R`c`ggW_)bjt|2bM>Uon?}Fx{`XJ2^$zPN_0gt&=#%f8 z#>-*T*}!hRRkN5et55vXcf`o-;EmC;Wld8-Kg>_>7-q)J-&r7|JD1v?RWF+7PyNig!&Jx-0#{TORnQnwMaGe> zVhze_{Z=?1`?v2I{a(AhwtEe{>AhBaE%#dN zHQ#HtSAMVDUfI1edj&YEy^?z+_KNQn+e`m#WcI;F?yR)QC5_cJ##p1Ui%xnqDwdak zzdD)8fS5ru>1E=h(*wf>3C@N05{9z6G?}HpTNH;{L zF+TvACK|}CAZ!Rd_+KTMU4wOffKe{;Y8vu_f@*Q(Tv-R9r3WWQk^)4geSK^Kf6`((rISWtDQ%R1rHsi5r>yON5HkA+ z;T~l&+$S{*V=tKTO7+h4YA`GjneO#B-KjV@qoJCF_0fwy;aY+7`=GSunT6czvk*@q z4bdmg`=O58JNWQtcOlM5;P z7@UiY4Qy0Ws{rc^CWCOv*&&mu_g3w#e05@B5)UI|MzEwuqgW524gmnK074?OVp?#1*^eRUKt1hBjH+&HbkB& zb?ir=)Pmc4?nb~hXlK|60;L?R9+U&U*%EPb@5J7{KKm!7mBrFpj&0{K@_Vg}9(~Y( zL#vi$H9rWkz3Np`a2CbD8R2#aK!D+{*QD}QC06|?^hyKwcuZdD zT!u=o{&7g=-Z8SK;H}0%!z*LK2G5z)P-lK%KOo6W1!KHRJ#<2pJdNBAM({zx!5V@Z zGs*S`A-0G6-vb12rS+J&1k=eRV0URZkh-YE{wRy=e(_@l5H+k3zFZtvlho4wb2uMWdH2DY7ppob7uE+zc-C&SWvG-9KCxx4wkg)Zq|oG#dlI;7;`IZ~w9C}Vx%4hAlVeLko{mwWm3GBB}6YrS5jOBEnP4C52bFrIh?7Kl+|?F`HvAA|tZ<6cv1 z45+CL18NMYF`x!v3WO=tQ%#5fx>rKp#KGk_tyYrxp|^T;j>kSd%OKK(UTW^7g@dk5 z>>Z<&FI0oJgXeJUEIP30z@h_#4h%XV)EV?(Fp$AO1_K$?GpJ`+ft&WXJ-xsB2NzI!bjo##jVlkT_6^KB*Mr(2LQJXduL;080tXQGlgjp5c!I zU=#uKe;`>sI9R~0hi-ukfG?|5RK0T^%QfmqWMO5%^#a^qe$5M$NZt_h+D8o#$KIwm zBnz%mI*t(Ts*ng_Er1lkDRKz1AhceWY#y0_zJW8RW0Jj5Ubsl9LSys$Koi*@3lRPB z$RDlsaEn7SDS&!ry;e$Su2T%c^9dLfq!l2Q(^Nnzx32{fDA2%1uPuW+$OZ)?*y`k+ za9Dp~vN#qwvMhceveU=|@N6LmM(3pyqk=~Z-;6^oCKrlSfNvpSzYBUVk;3H^FQfd_mgOk1WQpRAD7TOu07dB%LD8qi0 z5Iyh#gpx%Ey(*~zD#w8=od$Sy5jZqzh`|kB=pjW(rle4yO6ixN2G+F(0R|Q+y*mzX zVq|dyTR?8RJ{4;0OHwrUb}+&DVSq;tTURF0Q%bDY7R>7}1?*};NQGT3$gak&!L$}I ztFiO=1GSpcub>ttwSY-2U{XWf-T|5$(O|ILDg+U{(mIgA1aMGLn)R`d ze6s4X;esZD4TtxEKXii)7yes@WXZ@;j7EA`>1yoZw=2!C5^$dblX4moU3&YSL!oaO zh|dOTtc)yS!+doGYywmf&%4&Ub5oMQ^XvYmZKRNkeP+Co`!g?A)|*J zNzB{q6*6YvutwovuSfW3a?C?Y#-4dt?M4x_X4XO5B+ZrKgH*kY@C|_@lhuxdjFphF zl4R_64d;443fS;Y4dA;lI;}^gQ|Ob?9A;WJj%6Ow;m_jF;E!gmo{ze$bGmAvp^^#86yZun1cU=(Z|4D-*MNpi@RY>_;t~6_*m4R6>(VXi^DHDlrJ; zF#bR{1db$ksu2|d0AiHk^U=ZM$Lt-}1SVpV*LK^64EU=5fJe5H* z$Zla>l1q}^?)mlmkqkyKG9y#6t&-f>>KRo=Fv!D0@;is;5)A*3pU?0A;XcOu^Uv|_ z{`&UjKhD+p&;Rr6;Wu}E^LZdwXYMZE-+uTU-7kZRF7?|=RDFo=N- z{L)>xpK(bqb2B=Kx4-RGy}b!>ptqkb|BI+pn5_<-1l# zOFqtzA>{u5yb9hvTw%j;dGFRA6kZUDJW`b`5d@9eupJ z9Y2M5KTzrZ^rwNUftrEV9%Z}8g{?%l64gpDxP^*t?K{GSs_r{u#Km7fKKu(86BR}p zV`^YC^L$`4^QglMjd&mLKD#{LfngElZ@Fxq1I!n*?*DxH_#tAgh`WjZboV#6A&-u! zfuoRaOC{6RpE1*PSuU@oeW(@$W ztpd|m<$v$o1^TUXIniP2a+*1LIaS6w4{y%X?cI4ldGGOX!Nmd#woE=>KqQuBkjqM` z{RPp3`OWS3l1npIFM#HSRXsG6nTd7X2m?Vg9CX2QC(KlCNpnUSgi%z1&Ufr`g1 z)2y~=!X=tO^9F3TNGI(@U{4lgk%d-Km*-tG-BGc{XISuDPoiG)dG?Wstls-O}s1p zOe~Jhx%*H4KK}M8=0)cul=^5nan6C0wRAsYKbLKV+hm|xNB^DsOD6gu-u(UHAC;d= z_m_*(^y=~&Q2u4A?Ebu}6=+AXKz^zhNZ-{(f3qrI5hItYo(9fAe_@jsHu=;BMTN)w z;OcTFm0PaIQRJA@x4F*dd>xrb%-!XTuo*L@yu0grCWk$1l)l}X{pIp(1+WFw6txPW z0>W09dzk=JrPSi0)2p@G`@5JvOp0rPb0-UVY-?GVN}4QiQZ+IuO!V&JvzV??6Ch5N62>Shc)pDWO z1KrO+N2R9#-7j2%5;>w$3U9rryZf(@ba%ff6z7j3Z5g>&lgY%`c2}yJXrB%NRBGyVN7wl`LT(+pC6`VTV=|hjF z(Bo;PIeibPezF!`LFxpcz=c>XcPTi&-hRE_G%uVeEj@IGID)BX>E#ese$_#lX0Z&r z;Yw89MoCtab1lV10c^w8 z&6U3yyEBOiz_^3LTEloQJLD+?)LrA(T_4n50KX9Uv%8*Azm#6DJ1ev^8n?AzIQ!eN z>U)G&I(3_!eKK^VNis4Hhc}J=nD$zY>!?8GsaTZT8ufe6zD5A{npTNh7akM77vbon zbgrvHQ1`msliBst<8zH#{a|qW6&n?5*R9Z9ADOuCB!6lfbl2~C?6pm>0PB#I4tPCB zO-DSPuc^h<(dMlF9(^?mMZTWU^}yvu-?{XwJI{^!-f_RV+P_oZ$1%`%SavSCuZY_I zB|8V}$tv#h5v6%d1#cm3!Jg4f9@Tkb$M>JhgFWkrk1cawTg#=s zWx3QIRMfV^{mh-7aJ}W$gs#A$R^GRKDk@O*`{7Xf8@OJ4aPX@Ozj}6gWm|c@^1(OI zUfpo{_K(H>|7fv~#9SV=YBvKf8&>n>qxSdZ+IBw%K9$GWN7?f5pB`nCdHwVr8&$BH&+j${%1D9QaOCJuZf=eF( zS7zqe)K2@&9=z&V$faMQ|`SSAo_f&S+cBlo%H0JNl!jd zS~8s_>4`fsftT_lNl#K+yqnUjY)UatuNLrsvm`@B zO@=P$VYXnCR1D47oL?+qa}jMtq!qF5m5K$2?^e_cX}ao?iQb#URBFypsW}FGA3vliB>MUK9?i!2$*0hA45`K((_*vKW?3opg{_5kaVw0Q z8@c=Io4qj1F}3_4}L!y zetQ$AL}EAWK3~&K#zE2C@$q@tHrDp%`K)Fxmy)!}LOQ`h7o6K8QzIcgl|J^}mtSx8 zI(4xZ2H%+5zdhRepv&I+UJ!f8?@_XJAKaVsa2g?-6R{C;Th&-aT04-OiZ|9}@58Q3 z!&4#7-@W5KV$*aziJ`UY*AqVN1DoccRlnyf2w=7%~9eJ3hMj<`^8G=DR*4Bd1Wf z<6lx4xz7f*XK{Luz$kmaf57Jt_2u8QkO;5nYBQ zNC^g!8MtP`vmh%xpOWK>XY-ACo-DB~7-um$g5F0ZOrBKGe}MH5u>NRZJ+i2Ke(CZK z^q!(`&el}zASgF`GkJcF20!+3`$)4>vv?|$GZ`$W_pa7sH={KiTvzXxHsfndu1gD# zHCa&9!Bb{$KP>yl?CsB9uGM!0MY1(%kko1Pg6`!l^oGfLvi`A5lRY+5xeu|GE?+Y* zX!pQQb0p|AN1{(|*y$)@U#6$|5#;S0y|pbrX6Ceo-cLvHL2RTWP?`@SUJSBJN0hUP zCDzC^}@nYSDZWmvD#EYFc;-%UVFWQcH$?rSjHD@*WK~{r*S61VM>7Pr#It+d{WeMhl zft~})cTquBCVqK%zfz3f-ZZCR zf5~S~j_Jsfk-FSaL{Dk=ZbP>+dt|mt=1Z4%FJwt|&5+JH>}9h1Ds{5k!AP#!g=~6I z3rU8+8FZT$_*2P z&9(wLoNYR7&zKYCs<*9&Oj+)> zH<)hAU2J_p~n@-F?Jc~yB#?cnd6Z>J6V`O(I3Ro&>iGuhp4 zzog%DZkn}oj@aNPgys#8*9x>8+@ET*avXg=Yd*jGK=a16+T?WE%Q zw(X-$mexC(ZS6b4nQA$kxris5PXo_dxH|^V_jBr<49JoY@4;VR8)+J4zEDlI$a;9{ zKnh?i7Mt*d$(fD5Lp}VYhDS7w>NQPcPj3NYv7h(6jTX5)G+(!L_`Y#3==2f+opY-{ zyZ4LDh`Xh{>_u6tvB^bo6Srd zd%P?Rn+KD}iLUbfXLpaA_oN?deJtudZ3VZ>tkBia>0TCl_7B_eCu8#S7Kf`tt4HjY zM(4BpQA25NqcjNaPE^3-5|-kR_t;*v%i8L~%}?hKpghJafKA!K z{BIypx-ZIo(I=58vs8fG7kz+5Rv#U_y^yP)TI^=~m$t=;c%=5BYw~CplM{k!?MWvh zOVPz#e;TfFUo2D&X>-E2=A=}bdt9caiWaSD|H2-bd*%5-FNgdroqf8wi!S`b`492@ z{pok8+JimlZV`(qH7hmg43Lrw1K&fQKg z1>A1E`1=?Z#ngNfm&Uu;;+@nwgJh3SKDxcF_C9|1#l2KnsgB!Hgr7kw{9u;KaT+Z$$Ln)i7>E!r!f(FJK`F8ZBn z-pkWJ3nW+DT({5HcJ5X-TDbZ;+d=BJ?J$w5*2(1w^_rhU(GNmQ>)jhIw3$h(zO!XI zO~oJ$C`^^6(UA7O=6nVE{cy6Ovq=&UG9SOx3WZ$Ww2I{BeQRGMVbqh*ma8MWXs)&S z;37}mh8(~fl#t{)DG-adoe1EzG~|o!dAnc&qBAXH7NSo1)FG5%Y1WNGt2T;!)%4Dw z3wOHLI&Vvf+Td67L5o36i#X^tznUzwgG$qMlq=9b`C|tg4-`%j>;2iJHvK zp>scq)U9^$)Zp2^shC%QmXxRQ;igEkLZxBMUT#xBpp;#(;nptV{5u&P~`2~ zMSB!XU1Vxiec--5ou8qzX&o~1XfJUz@23YEBo{6kMCb1VmTFb-8ZlmqOAi~1S{@Dp z&R1Jh!Ma6l5uNO5_Hhxtg)*IwIn;&MgP6X#rnf^PBG;Xq%=)`zANnsL()J;=`C<;6 z%;Aq3T$!8LE)p^yXJ9q4utY*K)~7QMvc+0js6~_~8-b81iO_vSQ7+LZs+PnE)k{Q) zn!|L6-H%Jr^>@&yZMhWNg-FN}fnoHKGyrcGw50)fO9RlB2H?+fxPi}KdebEsd68o% z6+tEDvMAYi2hZ{$g;GkFT37RlhxYkGyN(>UX!2dWzQN+S57+-4XR~e{mRxJ_L;>_nmPf}3+z|nIhZB++oW{s zgN^G*X(^zc_E>1lxxkKWJq)$?8PvK4>tJf;w3B3YxyW{vToXP+e~X4!c~;*0 z+fO&+{lUXUPV(zK7hQky81`?%UHlcyw!yH5SGmB^ti?2=kyJ>n5*K_xvIz659+9i7cv@9M9;|;qx1ooF6 zM&%{168R6byywMcgOlmW;KYWum!~Z)RO?M$wJm+lOyiPGsgHP&i0)J6`_Zm9k3euq zp?4wSZ=tZa6(3=-OF+w(TVW;Le72=z*1JQc^%y@BIG$8ZPiE?q2(N?Y*WcQ-bbGy+ zyX}<&*vI{wUDxHhmX>czeaWY}zO+UQH5bQ7039TjN#J|>%A{${4((q663 zd8*Q2{-UqWLeP{RYiaE1Gtd>k7p0MG`wo+B-zfrhuoL^4r$!%X|6IYpX-^o3)LW(5xC;2YX8n?s(LLO zH@4VXX3N%^UX$o-ft9T_e?&nqdM(tUeE-|1bZ9fimv>I=;y%(YD6;%h7q24USQfn4$$M{tw14~JU2DGguV>_Az&J8YKeF>}V<~@1ZRsqg)7( z?gZI!`;BZmmc~RektR3>rK?gBLOH38kcz1?1@zU~I3*;MM)+4MxD zkW|tTDhe$az@`Y%c&DiMZY*q?S7(zrLan5b_CyIMDflqz0A(w%vl{7xO5Q(NzLScF3Gn@MLvB?NegnAxHa-Ly3;UsFKy)ck?&dCqLCgD2ETE{p#9>YX~N%&4_sNfVpZ5%U7J8H@^=7-5A?_Udd3>$y{octHj5 zsCgW@Fp2jyVPV-l1)&rMRj3SC)wZV=AL(hq9^(jRIFME;3|G)lrBt*=< zw;uxyusLAr3hg!cjkp{|*^ac`>DL!061W{5bb1IDlPj$>j5EVogt@C-DpF5=1WuVF zqi}?=F(`uxR>6kR5TdOa!c8#NzIaHf)u zaGx|IPKBf`j6WgAVBk?h>yF;o#_W$Wxue2%t5{4NstfYQogG;W(X%lrLrvrN2f~A4 z213W#$QA4Zu+PCb@g7P8P@(<@WI1ADJ!aTqMy1aB&0~74lw))e#@IPUL%82NO3;p= zA<5Sge*%9Te++*)Y({q0?yT8ac;#wm<<5%z&VmRcu~9i?U^N>6PsK!G?-LInPv?*k zHrO4_VK@qIiG7xS#}FJHrB%sF0&~MtlSb>A70@(eWVK)X<>|>ybKBgQW?n!o2M0@Z z@Ok-CP;;=(ne@UbHX5aJbP>BEVX(1`!25Mb^Q_z%_vqBX0G zWjwtwVW=#C&mPQamFP478<>x3|jzv1VyBE8U|wwCJ9!w zD-|z4VMI_PMzjz{NCHEPnB+O503J2otHKw1d4v&1IHpG?Ejc_DF(xC~=<@zK2F_UJ z>*Ym~OP*3BBk|O7n9OEOqX;IXEDX^W-?{SfvV7%3jW!u!weqm#xQaYy~Gr#x&3l2bfaWzdQ&5DPI^MV zIA6@0AT;$Vs6+xyMpFo-cQiz&qV|=qmzPJl)zK#KKu4%g$D$0}rjZJmPn^aH_hH?Zj+rVx2BvcoLZ=+`O9BgAdE>9b8~TDN28k5Z`zW+bP7*b$6h|7l zsiMF^n~UsOyn>`AH74npB8hl`g=J8V4!#n)m)O7^A9#CnhKFdHeR9Q|qK2B^Oz3c#<7B!Kk;K#gKl_ zzO(5}s3M*b!=dB@?65I;=A?l26ZkpRsH{~bF40!vUgp;5Q06jpDAA!rhZ2klFeXq> zES)3+5WBcR_majr4yOLIKqD-Dheke8>1H9(h*+!i2s9Qr$Io2 zfCd2t0ty5&>J%s_bfnOcLPrYq6zVBb;U?{OF-Ek6C+uS+5pGi=LMP=!cIu=dR)n&= z8np5*|2y(Qtqqb#J7Nn5+y(PiLWw0wP#(3de8?B!1-`aqA{rN+k6!Zxhm8_Qp2Ak? zVEiyNV!4sce`pB&QUI7{1Y2}q(Sbz=79AK{@orGppsqn(gSsZ89d!-rW}RYCSEH^r z#UF}MF(0uQCPl%O@JUdYMik{N@;Qvz9m5zIM2bPA7|8*!909YxBU?Tt2W?;^mLw@n z8PzW27qGBPtDr})g_(iWLtv+0^};NU0!zmn7#%gEGCFKL%6M#w%GwxpWf966_9Oms z*#C z9P>zNl%cYpgR~5+(mWKfO7$zT%Yglnd<&Lh7&VPmE5Ns4u-{pJFENM9bG$qU%yYy%hs<-#{D&Kwf{D*Y z!UT*|$1Klr>-^mvDS}f5W=0(v|2G{T6M>lIlGmfjZ@-SP)e|FrbQq##FysS=7X?=74Fa?W5^vy4>O)hyf9ST&f|3}!WhNsS#7e>wdMZedb0 znA8j=HG@gbvPoUlK_tY-z(?nUQelJ{4}-=+*I6;f(V!QQQaO0HSTas& zip~(OU1DzJ(k8fNu#3PU2E%mD1EW1$GX~Fq!85S=2i#<53S(w)s2Ch7rtFzYplU$^ zEOHIEfTXd!ACK!K3_E9-C}!Xfj^2i-6d`bjWE!2&LBQ>h!YVduINO*Ho-HnubJ1V| zGtV&d3^UI#^UUy>3szPjk1g{M7^WduuVo-X0Gmp{A4x`d2s>%}Hx``bfndS05#kSI zu;9#oOP3O|$bC`}RV|{jBMlgx9<2&cI(l*>fHh|IcXq|83C0PMQxKydJm`o;guYZ+ zRcJYNWuK|L5oVB;K_x?76geoDv>ii!14xfp+NnGCj9p?YgBA%qN}la?LWCHD=kV8| z9gWqcOHRl$cPn8eI4Ccc{OE-pwN`Ko|02iz@-dcE28uJCz>W6NrdPdXj7C|()?RU|39J#?sz?& F001+x1q%QG diff --git a/creusot/tests/should_succeed/iterators/07_fuse.mlcfg b/creusot/tests/should_succeed/iterators/07_fuse.mlcfg index 68e8ce9af7..43b66bee24 100644 --- a/creusot/tests/should_succeed/iterators/07_fuse.mlcfg +++ b/creusot/tests/should_succeed/iterators/07_fuse.mlcfg @@ -78,6 +78,7 @@ end module C07Fuse_Impl0_Completed type i use prelude.Borrow + use prelude.Bool clone C07Fuse_Common_Iterator_Completed_Stub as Completed0 with type self = i clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -271,6 +272,7 @@ end module C07Fuse_Impl0_Produces type i use seq.Seq + use prelude.Bool clone C07Fuse_Common_Iterator_Item_Type as Item0 with type self = i clone C07Fuse_Common_Iterator_Produces_Stub as Produces0 with @@ -308,6 +310,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -832,6 +835,7 @@ module C07Fuse_Impl1_IsFused_Stub type i use prelude.Borrow use seq.Seq + use prelude.Bool clone C07Fuse_Common_Iterator_Item_Type as Item0 with type self = i use seq.Seq @@ -854,6 +858,7 @@ module C07Fuse_Impl1_IsFused_Interface type i use prelude.Borrow use seq.Seq + use prelude.Bool clone C07Fuse_Common_Iterator_Item_Type as Item0 with type self = i use seq.Seq @@ -886,6 +891,7 @@ module C07Fuse_Impl1_IsFused type i use prelude.Borrow use seq.Seq + use prelude.Bool clone C07Fuse_Common_Iterator_Item_Type as Item0 with type self = i use seq.Seq @@ -920,6 +926,7 @@ module C07Fuse_Impl1_IsFused_Impl type i use prelude.Borrow use seq.Seq + use prelude.Bool clone CreusotContracts_Invariant_Inv_Interface as Inv4 with type t = i clone TyInv_Trivial as TyInv_Trivial4 with @@ -1008,6 +1015,7 @@ end module C07Fuse_Impl0 type i use seq.Seq + use prelude.Bool use prelude.Borrow clone CreusotContracts_Invariant_Inv_Interface as Inv4 with type t = borrowed i @@ -1071,6 +1079,7 @@ module C07Fuse_Impl1 type i use prelude.Borrow use seq.Seq + use prelude.Bool clone CreusotContracts_Invariant_Inv_Interface as Inv3 with type t = borrowed i clone TyInv_Trivial as TyInv_Trivial3 with diff --git a/creusot/tests/should_succeed/iterators/07_fuse/why3session.xml b/creusot/tests/should_succeed/iterators/07_fuse/why3session.xml index 1747bd15eb..75fe3747c2 100644 --- a/creusot/tests/should_succeed/iterators/07_fuse/why3session.xml +++ b/creusot/tests/should_succeed/iterators/07_fuse/why3session.xml @@ -8,12 +8,12 @@ - + - + @@ -26,7 +26,7 @@ - + diff --git a/creusot/tests/should_succeed/iterators/07_fuse/why3shapes.gz b/creusot/tests/should_succeed/iterators/07_fuse/why3shapes.gz index ca7f0cb716c1b912efc25662aa365f1433b0327d..97428b053e26f79bafa20af96be5ae020285a125 100644 GIT binary patch delta 1371 zcmV-h1*H1q3gZe4ABzY8000000ROdCkqjGuk-OWSpv=Go*xlscr|h=7-3)nc6ePed z*W+`&TwlLiUw-zl;j;b|&X>dK`0ZM*-+i;X{^}3MPp;YJ6*wqM=GboKU(cuhV;3$C z{lkOfPCB)Zr z{F09g*x_*W&koFEB?e|PL~+rZ@xDxd7numtAtv2O^v4-&6dnC%J}1$9Ky0`fy%`so z${mxN9DW(qG3}UoECyBWVA_jY4--}*&JIRS4o+;NgNrUqGfN~(SEr?km7A%k7Q?gC@RYDdQ_cD;`OXb+1%7;S*8E43tAmg7v#=nA$ z%3*ntHthB@P|o%vP|h}GQPo!x7jj>fkx-QxG4>a-F7$$2 zs!NzmUb*dhIGxwW@Y}WOEiCqbEsQ;AKj!fGpZgW$h86qOnBi5Q;-l28Dt4~AZ>ik3 zR2Eiq@6;6^HKrzWLbD&wq4`j*LoF^tF9J{JFg#awAl`vRJb#BhZsE4oR(pt-sIMS1 zuZ;3z2Wax)P4PbK+C7YHJm5% zTau3{`taaK>*+ov!{&>ci6cg%^n$79zBQ9s?wDJ>o-Wt!bnFjTdP(nkX+ksm;+88R zA}sWN6$*@ztoFI@!dN@=0hEJgc|iT*jU9l6i8~x-bV=rZn~vABKVBC3EGO*o$;>Iu zZ_v`~dIOULH?ZBKUH^IowrOaYLWlSXzUnF|h(i4(Ltjxfs zc<3@5s5&o_BJPdf~C-y<|y~{3n`x%RmEfCH9&ziH4?m-n0#n!nT8U zjmDz3s4Pkf8w!gQIJ7v1j$}eR@J@K$Da}nw^FnBK3mk%>qcum%ndM-4lcNosX-brq zCJELeYZ?Pay&g!%KnERzB*GUW4LQt9?2INh!x^Xak}aAZdM>!qNkl9}ujs%?c9 d12CzHkvBaV- delta 1372 zcmV-i1*7`o3gik5ABzY8000000ROdDkqjGuQM=onpv=Go*xlscr|h=7-3)nc6b@jQ z>+!i>F1~)ZzWm(2hRga>IA0E@!|5eB(y-rd zhb*?;Zrk@n%G*tQ4wuvOr{J*JjF93Y6JhHRh;#Sx5*(SyJd()lhWwtsTYoyAPoG2o z)ypsWxPToF$M)HQd91|1Ook{fdNbaCm+2xCVLHU58;SlngN>r2|IFtknh%H#H={S> zB2&3za+AX^qdKM?Q;)@4 zAfs|vAR|HM%@Xo%LzojzPG$ez@sbU@{S1_|{Rot^O<7d+mBfYIS7jtrWk!tsg{%v` zAeZVACX-igyB<#G^)dW*t$GW8i+u}Y58978JpSf>1-W6xel=!z)u;FV;!l^uw8U=h#XVUJt5ZMD@N;w9=U z$P6rdMa~a_s&7y-hCaTm{hf2)`mU_I)RoyJIyUJx%GGqA>HdblTT%CaZ3kLD9j@U# zk>8Tqn4%94?PxvSr)1cCQ8RJGXp~+s_1w2+GRqxvtJl-z+MSO5;Yu&*T`x^&W?$TL zB}9aU-mgM|F_P6j_gxrkXFh;(&@2zAU%ascurP6l!;CJ;+;7wIdTx)GMLx?3dweo; zO7k1E^t#@_B*9IsMvMx77Brdkin%;K%+TiLB8hKmJpZueOu}-V{Ff4+E4&&~Sghds z2B}=r#poV+q{)lPT{s1sI18n!TvCHYL9IIJ#obLXa&sxO7*H8gNyHb4-nI0E+-)jqoQSKviVVdA zxn^YEtGq9fGPjfUm+INY&zL9NrCCpuBza5Q)rn9QY+@AI2soZSC96RYtZA3!1wMj7CY8?(m7A|x4YL0OO_6j@9cx<(Cw z_pKs>AOuIL$VpNv3?5;P z#-g^UEJ_L+3X2ptv^a*Y8QQ>nFU`;o!5jKV)$rbP?RySAZPy$vXO@HIO^!B#@3j|N zNh5o50_#0T=)usx2&UD*MH1l)k ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -168,11 +168,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Model_ShallowModel_ShallowModelTy_Type type self @@ -334,6 +334,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -450,6 +451,7 @@ module Alloc_Vec_Impl1_Push_Interface type a use prelude.Borrow use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv3 with type t = Seq.seq t @@ -509,6 +511,7 @@ module CreusotContracts_Std1_Iter_Impl0_IntoIterPost_Interface end module CreusotContracts_Std1_Iter_Impl0_IntoIterPost type i + use prelude.Bool predicate into_iter_post (self : i) (res : i) = [#"../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19] self = res val into_iter_post (self : i) (res : i) : bool @@ -637,6 +640,7 @@ module C08CollectExtend_Extend_Interface type i use seq.Seq use prelude.Borrow + use prelude.Bool clone Core_Num_Impl11_Max_Stub as Max0 use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -678,6 +682,7 @@ module C08CollectExtend_Extend use prelude.Ghost use seq.Seq use prelude.Borrow + use prelude.Bool clone CreusotContracts_Invariant_Inv_Interface as Inv9 with type t = t clone TyInv_Trivial as TyInv_Trivial9 with @@ -1035,6 +1040,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve type t use prelude.Int use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -1056,7 +1062,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve predicate Inv1.inv = Inv1.inv, axiom . predicate resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) = - [#"../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Resolve0.resolve (IndexLogic0.index_logic self i) + [#"../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Resolve0.resolve (IndexLogic0.index_logic self i) val resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = resolve self } @@ -1064,6 +1070,7 @@ end module Alloc_Vec_Impl0_New_Interface type t use seq.Seq + use prelude.Int use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -1088,6 +1095,7 @@ module C08CollectExtend_Collect_Interface type i use seq.Seq use prelude.Borrow + use prelude.Bool clone Core_Num_Impl11_Max_Stub as Max0 clone Core_Iter_Traits_Iterator_Iterator_Item_Type as Item0 with type self = i @@ -1125,6 +1133,7 @@ module C08CollectExtend_Collect use prelude.Ghost use seq.Seq use prelude.Borrow + use prelude.Bool clone Core_Iter_Traits_Iterator_Iterator_Item_Type as Item0 with type self = i clone CreusotContracts_Invariant_Inv_Interface as Inv8 with @@ -1432,6 +1441,7 @@ end module Alloc_Vec_Impl8_Deref_Interface type t type a + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -1541,6 +1551,7 @@ end module CreusotContracts_Std1_Vec_Impl4_IntoIterPost type t type a + use prelude.Bool use seq.Seq use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with @@ -1611,6 +1622,7 @@ module CreusotContracts_Std1_Vec_Impl8_Completed type a use prelude.Borrow use seq.Seq + use prelude.Bool use seq.Seq use Alloc_Vec_IntoIter_IntoIter_Type as Alloc_Vec_IntoIter_IntoIter_Type clone CreusotContracts_Model_Impl7_ShallowModel_Stub as ShallowModel0 with @@ -1647,6 +1659,7 @@ module CreusotContracts_Std1_Vec_Impl8_Produces type t type a use seq.Seq + use prelude.Bool use Alloc_Vec_IntoIter_IntoIter_Type as Alloc_Vec_IntoIter_IntoIter_Type clone CreusotContracts_Std1_Vec_Impl7_ShallowModel_Stub as ShallowModel0 with type t = t, @@ -1684,6 +1697,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Stub use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -1698,6 +1712,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -1707,12 +1722,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Slice_Impl0_ShallowModel type t @@ -1720,6 +1735,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -1729,12 +1745,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl8_ProducesRefl_Stub type t @@ -2105,13 +2121,14 @@ module C08CollectExtend_CollectExample_Interface use seq.Seq use prelude.Int use prelude.UInt32 + use prelude.Bool clone CreusotContracts_Std1_Iter_Iterator_Produces_Stub as Produces0 with type self = i, type Item0.item = uint32 clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = i val collect_example [#"../08_collect_extend.rs" 61 0 61 56] (iter : i) : () - requires {[#"../08_collect_extend.rs" 60 0 60 130] forall fin : i . forall prod : Seq.seq uint32 . Inv0.inv fin -> Produces0.produces iter prod fin -> (forall i : int . 0 <= i /\ i < Seq.length prod -> UInt32.to_int (Seq.get prod i) = i)} + requires {[#"../08_collect_extend.rs" 60 0 60 130] forall fin : i . forall prod : Seq.seq uint32 . Inv0.inv fin -> Produces0.produces iter prod fin -> (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length prod) -> UInt32.to_int (Seq.get prod i) = i)} requires {[#"../08_collect_extend.rs" 61 48 61 52] Inv0.inv iter} end @@ -2119,6 +2136,7 @@ module C08CollectExtend_CollectExample type i use prelude.Int use seq.Seq + use prelude.Bool use prelude.UInt32 use prelude.Borrow use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type @@ -2203,7 +2221,7 @@ module C08CollectExtend_CollectExample predicate Inv3.inv = Inv3.inv, val Max0.mAX' = Max0.mAX' let rec cfg collect_example [#"../08_collect_extend.rs" 61 0 61 56] [@cfg:stackify] [@cfg:subregion_analysis] (iter : i) : () - requires {[#"../08_collect_extend.rs" 60 0 60 130] forall fin : i . forall prod : Seq.seq uint32 . Inv0.inv fin -> Produces0.produces iter prod fin -> (forall i : int . 0 <= i /\ i < Seq.length prod -> UInt32.to_int (Seq.get prod i) = i)} + requires {[#"../08_collect_extend.rs" 60 0 60 130] forall fin : i . forall prod : Seq.seq uint32 . Inv0.inv fin -> Produces0.produces iter prod fin -> (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length prod) -> UInt32.to_int (Seq.get prod i) = i)} requires {[#"../08_collect_extend.rs" 61 48 61 52] Inv0.inv iter} = [@vc:do_not_keep_trace] [@vc:sp] @@ -2223,7 +2241,7 @@ module C08CollectExtend_CollectExample } BB2 { assume { Resolve0.resolve v }; - assert { [@expl:assertion] [#"../08_collect_extend.rs" 64 4 64 75] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model v) -> UInt32.to_int (IndexLogic0.index_logic v i) = i }; + assert { [@expl:assertion] [#"../08_collect_extend.rs" 64 4 64 75] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model v)) -> UInt32.to_int (IndexLogic0.index_logic v i) = i }; goto BB3 } BB3 { diff --git a/creusot/tests/should_succeed/iterators/08_collect_extend/why3session.xml b/creusot/tests/should_succeed/iterators/08_collect_extend/why3session.xml index 5c9efaa9a4..0b1bdca4ac 100644 --- a/creusot/tests/should_succeed/iterators/08_collect_extend/why3session.xml +++ b/creusot/tests/should_succeed/iterators/08_collect_extend/why3session.xml @@ -9,76 +9,76 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -87,79 +87,79 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/iterators/08_collect_extend/why3shapes.gz b/creusot/tests/should_succeed/iterators/08_collect_extend/why3shapes.gz index f73060c261d666c2ce5d00ee7e34dc03939cc7f4..f07e36b75cd2ef064bca694d65a96842979808cf 100644 GIT binary patch literal 3536 zcmV;>4KMN^iwFP!00000|J_>KZX7w1eb-m$ZFak{0E2ff#t(vFAq6bzlhr|Ni2C|8miEAI`X%bZcn&aKB5x$NVrF|MSnI9f^%Z?YZs(Ok?win+NRt z-CV5-TwlAYgg&?3gSgM{KRo^&Lf>L>74qV%8EJ7ACaErCi)wQ{BmXhSCTV~3nD5X0 z8^60v*BJG8`H$tP>!W9nfB%rrG2-uU{N3Z3zt0c5+mCs9j@k9xpzHd>eV&v;h`YOV z^N4%fo3ML$Y%|(Fw6TM#A#D!yHcQqSc6qSuPMe`O{hX$C?V#E^vpiVV@pb5SxBIaA z1?lE-J#j3*o2_gHO<$LN7K?wGpY$XAWjeq&Z}uaH>M-JDf0QrF_SHYBn4Zu~&sN=x zE;o1nc3QWH^Hu!hugN|47^qL5ZjK06w(m{VFa24aWY?+qARl)3_q#uG`pf&jwTX7N zWPiDBvTD*>A9wFR+~!9df1UsK`oDK~d9`%f<>BV;SIpVnjbvuUZ?FGn_dbu1O;aZq zNi|!R*bwvAYNDC-FAvvMbG)wW)H2ZXYkj8swe4Tebe%`H)-H1-d$G9ys2=O_jpQ!Y zBWT}RMVkfG8vE|uSxvA_=5<%<3HVR#`*pm}zd!6Ak*vEoWo5q2@BIU&T(il`{bl_~ zsE_Q{bEN$PYEyf0?N{;Sp3}iRXCiy@(Pl%O=3#vPxoZD&Uw*ju*={r^zH0M&v4_hr zcIE$CpPaVq!vFP6M8B|?FWJ{U=h*#!)QP9fXg0bR9ewrW3GGnb+`Hzy)%35@zwHdX zsyb*2{6tsab6^FY1;cgcX%R?Q< zii6gLZu^k$Kl&->pI5v2Qna4vHT;QQ!=K%2_*pso{SJ^I{^rANKL4--5I`M2a<|s% zqf&^$QK*Xz2D12$Iw3xczb+6qjbl|Q}d*q%qZc{a@=+J7c96qxUms2->2^zb$oEro(dBT zk8(PW{>d?RHHTpn-&9lgg0?DaF^luLY!jfxR0)SJ4gTrldK7iMw@ui2HG$9S-z>C= zYLxR5S<`rwqN&5@s2Dy76$Zjo14hYfQQ3SKn+k!acyxKumy>TJtqv(#C(Y$iQJcDG zTFN}8EE4@!h3-&OrTOgjWFSF@Fk2NAF=>St!fb*>vN=d3yXZo5n|1Ud+~sAL%O5SO z-ayCPb@9DFou2icI*JMJBfNQ!bKaKXQ9aBlBE`kqZA#EFII4rI@rvWRMepZhRn@i6 z6sA3I8y%Fkx@?XT+pbn1!79wl`mf?acwUHydznI=0vA)P@odvAtff{dT!tAh4&d!vp~(QiPf>Es zR#U$OyQ{-x-Q^S5UF|a;MK8gV<^+y44I`RA!LjB=IMzNF$36w8_p$c3$FX+CvFzL7 zSazaZoIq<0r^-_S+iFAwnR0_nCz&Sc6e5*RAW}JD*k=?Xjzpgdw!AppqII-AxTl{3 z_xJ?&rjE$Ps$P<8|Rgjkzr7oNm*6)UX>?hvlg2Ci-QdI4OclW?tyCy?3X z_Yp4R|5CV2eK{_pufS#E0GEjkE)yHbJL9AZm^R1>OYw*=xQy@PGIk1=u_Ii@R$Rsx zT*g*h#wOTxh|5^VWoE)<47h8K5dg5Crtyx;%!I|7IN>sck?zy=4D}DwfQ#iio=yX< zI@4-uE{@c602p_-w>ds;Uvt-c$F+}YeqF9+7$)cMqEos4etiSN#I$Zz22ElM{Pg?| zUC)d43LDM(6M|h4q}%+)z*aO#w0ZT;Kl6hE9YEN_%j=8eNMeHXmeESs0NlkQY&g`3AU;7+)bpRrqPzcT+EGv zdX;DI-p!S9ro?jMYE?sL95mP8?XL~>H3FV@tY!9|-{*!>YV;puQ-6QcYimsj)zhQ4 zr9Lj}MQUA zJ$liDfZyX@h?|r@Z8Ai(x;r+yGv&pcZ~cd_{d^QPAD6{y+^0z`AGi5u=lq*H+nQ;j zk*6oKi2W%MoM~IjQk=;&z1AbRcYVA2^(G>XM#AyH@LR-$d@5lt@Svhnxj_=tnnG1D zS9S;|k{LI?hhJK90`>3V7wY|;I({MGm&-ZaXC7LGi;W+@=EwT>i$FZxWPgA0+Ja!R zxYqi;&20;uNu9a8ygVqo*ZGsLR-K(GTa>UN8tGCAEcmRv_d@ehidTxCTQyiY5FdyJ zVuKs(U)IiWAKCdh}X_bsl zCF4Akg(VpcVk@=LYG7*q^S z!@{U#i8hu1+pQFt<(zc&n#+M>J|8%Jk#0e@1i^!|hNQGyr;xmNS`ug4sn~Smj~=-C z`b|V68)GgZxWKfPQCgPCNuyK{hM#lSwAz<%6@?&YZ17Q2@}-FCOTB0pJzQjUE5W|i zZc+M(%iof>N4$lU3W0f8#w< zDmn8cMKH#4Ul=dknSdbIsT5m-T8csPLDC@EAYg(Wgc*b$gc<}iiEm;^Nzx(YIS(QQ z$wE#x>EI0aDa&Yija8`!i8b;&n8SsUh%*%oF9_|7xYL^M9 zri_r%U`AP3urIAC8YWCkPB*(0uFU-q>x4kkJBd0A{%17kdJ5Td!IW^Gm}=JXLD7%2 zu~2ros9>EaI$No-Hj$*`XbV2kxl)6YgAza7QqM$`S|JInW*H}1auUgE!D9*t%X*rc z4ayD54hko$zq5e_oeziSV`St}nh7^9nJX$P$x5VVpc}LuGz2|pHE20#F=#$$`mwf) zl2G48GAhJWj8Rrwj}}}ws&J037Cxf}BL^b}!v{lyVgIz=5W+%-6qL|eGsj~=El7z= zl!oZMY2N5p>eHL2_@ zGg@j~T62qDrDxiCRkQ+_joJs$D~d(8TT8@KIk#f4ymq=DV;va}!YfNinF0llcE`2M z0LH*N>71|;iLDC928&PJhZ(G%^)PQi_yN}~C9SnL&N&;cDBPk~2{&^;#|KBvuFtEh z-8W)e1wNA`Fd;7(0Vb!+pkJ=M@3|V2HWK_RfJ5dY1y5Ew@0Bi4DoQqoobS1Mqo-7a z1x~P%t3(RqsD`ab%xlB*%J-c3sts7NB9+8J^K-E{6mV;FdQvPPSA#9RAwxW)}fIff`6F za?sJa2oO~m)501qLR2%yB4R(pJZr!NROYtU$&v{d=aR@=8Rxaixe^$vwYC*o`g&7e z8tzPj41&-*Cr~E9?Xz+grCg#UffG)4%6|%5ac(IoYeOU(3Ob`r1*|3l2}sXkds9aB z&0g(iO@=|Wt9{3N*H%zQ%_!D6ExES!KT@U`LN-iVooBX1yuN3xtrp9megPj;%gYb; zA#mq{OIg}doJS2r0ZNDwk7^X6Z9Ii|bpkeFC&E^MR0LG)RW zh2V`L5pqs5ooSuq2Nb&k<_KHE#Y&;DI{*t}2o4>!BJzi#yA z`#)do|Ko4&-uLWslBlO9@}4(Q^rDHfmrYc?y1ejzd*yG_-B0_UJvO+#-Tiv~b~mKk zUiSICdIF>|G9gcddQ}#le46% zEpu#$>1#33O#0`C%c?0}mvw3$X!*4~)9u<0uV=i@lUu8o*^}L_E&!_ga(q3x?Q#V5 zTdio5fLdeUytya|w#vNbN;v`lp?<%P_vx31-5$xhi(^)%+w|5yV9GTcy*ymjj)dCC zZaGIfJfJ$Y71wqZkM21h%u^<^M<1;=#AzPK=kKfbKeXk?YoF{!b>g!&FBf~f3}aXR zZ{^8(ySC_G5&gnmK4)L|lw0fsSUQ``5 z1%9S0@UrLw|ENw>8eS@8%WQn|OO>trig9=<5>3Kh=ZZsF|8Td9$K|1nW5rSH zLbrWL_wW6f^G~bYd@fp#^cwz1ui;PbHT)u9{Bj3K5P$aJHf`SR00dCSPuwlF`lJ+M zuor5(!ax?^Q3r)y*TM3w*1<_2OnUR?YJb)4w&(I{0*7+jg!w7;+)apzkA+m%kro)e z7*|UO+a^rC;q~bO_0pXlPsx*dGQEU9^KqBqAF*J2bYneYzD++g>h$2GJr^bz?&WwK z?UQ5dY6`*KzFDq(scHEG?1V}n6(Oun6$tPVOBvR*%Ty_ZJSWtW(|D^cX`?5{A-P>SI{wa zU3_m($7ijl_F}~Q2yfovoY$pzR1R~DNU?prP6;{%M`ds^UU6KvX#Kn|s+#tR!qn$= zqodMRmQ7J&>(vTm9Gjv7OE$EwXnV?@-=?U*Z3#$wey~o+l*{#0+1I9b%xfgIKXkb-_JGuXblN7&x1z`1GIUN2KCN<7B)ddBwa<$8wT`Uuun698YzXTkL=0B;+Bw^M~C0{}lp$u(O{{S@r3 zj+Zr;&tP|T$b1w%2Tz(aIM!5*XnqIBnrGoy`&1nJ7@R)D+Fu^W+6l+9FNb5V&joC)5d~z*6*3)V8l`iHR6c@8<%nUQP>47ZeJt2=d%Q*MXa{glKLzgb5$=s0 zk&DX}>}#c)+XkWR3ib)HG|whHit7qiS`geZT%#3STkrJ@xJGB;S`p76v(fJpT*m*e zaGCmaTt=UP%ft~b6DwRMR*-kXNd+*ikQ0{T5ub4xKg4D194=!gxQs2hjL*1?Ex3%0 zu_ViLwSvW=M8I_gXj0DqLdQ-N7>Zg-?Z9VQbM)#C~c{Y%QAVA z;T~^uc=^Spj#4eLoL#nl#7-gszOciQV(R5ov_}(hAw>^0c2#lXiJtNb{78?U^&sF6 zxEJDPNFP=iB5K|3E8Q9MV#>Gn!`ERxijt4>V$~ngq?(WG{IgU3O`UDYG*QXZqglj$ zmk3U@t!63CWSm~=5!}1J-TibEkw!h?cx1(U^09nvpj57a1l68U)=z~U!kJvgg&)9| znwtRq2k?bjd#46p2=L`{iuQ?y7Gb+`-51Fqb@G|0B#qe);@nh<8LCvCeh2Go9{KCp*z$ zv||^6C#6$JoF&GMu*o{5Y>v@vdQP5ST{8X(r8|9g`Dkh^WG=Yo+OGawL zjGpS?-ohI3S~WQW8Y z6JR6SYHLjPOz=b-?y6S%{H?t6E;_H05;|y`Ww3@N&3V>B%RH2=1p89ES%pKAxSM3G z)M5}iW|nLmK<**rx*L7L4V})}rLs+oPC3#d#UNZXq@5pvtQ+z#yQj5m7?SAQgo7ck~+yc0TXN|Oeb_FR41TGd=W#UR0-s6uu3RST1&2Q(%vJ} zyjQx$s??pt8u=B>Nu;a`QX&lpsq(;85X$;!L=sN;T+P7(+sUtLSJ0>o!7J2AB_i`$ z5X(8s!C*8wU+hx2GWSia%gJODC`IW5!g!D|JJd!c1QI8(TFeyh6n#S*kzFY%7rY5l z$)uwojY8=M7f9;tHcE9$c1nD6ONm=1h;sJX=FF8F7)wI3q|6Y46Xi5D>y+!1?G#Q{ zf9>n$fgG38F`x-tw$8$3BXSy?G12jApzE~lGz8sg)oIyj(P`dk`nI;m9LNkdqrkX9 zF`RUAGLb+X;!1H@3ZGG(k)08p;hmw*u>V?sQ@6rv7F(+eIjJ-lr&sKBA8O}&h zU`#OQ1q|b2FwTJnMliL7_dQi3P08c$`1m3 z%p{+*rC>mrGzg{x?W2Y7Iq_K=xIEwhV*n;LPJpdv%ej@@4k20-^~Cj@eBL(JbMG?Q z$R+BdLj-U#+q{0^{*bjy{h_w7($4`QwF2M*q34dA1MhPZ=sZapZ7Fs*{MoN&mkrEME9av>Ov#+# zy_x7t?Ihoz*m+Vy1Lh5bQ6LH+4CP%Durs>1@+3AS3on8mS&YC3*2$u|TnB6x<$_=< zh!%lq5vUg0zg8@U?41wUp})$&^uSScTr|vCyCDS? - + diff --git a/creusot/tests/should_succeed/iterators/09_empty/why3shapes.gz b/creusot/tests/should_succeed/iterators/09_empty/why3shapes.gz index 346c67a19f7dada73b5f2b6bebc3b6db0a8a2416..1bfd456295a577d8680ebafdc3b5e1f92a13689e 100644 GIT binary patch literal 476 zcmV<20VDn&iwFP!00000|CLh7irYXCz3VG<%y=$c)vE$I7$-u45CVZd#*})QG1!tL zDJJ>*Xd6dn9LV&gw)d(YkAAmFyJtFwF1>`dJ2dtCRHd7TgwAc_f4b0FM&Wese_QsM zcKc6bI>fKfRQJv4BlVQnT^gGj~Hc=3Sg!$H- zg0)!E2a5|OFR2Y(bG!r#*Nb)d)h~v?*q&3g_>ywV*FK5SCuy}c<-KNphgc^+=?3>A8|8(sZBnC@b3o_~ob@AUF=xsWGopT!-Y#mZ+j_$;nI z&$6s6-?BpAT`}u{QBM*@AZAc%Aq7?*ovsvmCk!yAB33CBEU5xz8EDUt0-)eJ%8X&= zJ!;QQCR0)H0uwcKx#GcV7C|W$Lk5P(D+%hVR1ONc5dge#~ literal 477 zcmV<30V4h%iwFP!00000|CN$Wi`y^|hVT9rKDOD5G#Y&s_7Kt<8%ik@bZi()@@^op zQ`-&gzpuYG>(CUsx{PM@%*@M+-fhzEna;6GFR|?oP5mKN>E?Yx=e7wyee4{gcslpL z9s5kX{ipFd#IMg(_s!`e^^~|>S~YF@(y(u1bxisnbf_cW^@|~VEYDYP@NyMStbM}KC+V~^#l2#7O#c_kn~~Dr%|_u=2wCa>C&iM~>cF - + diff --git a/creusot/tests/should_succeed/iterators/10_once/why3shapes.gz b/creusot/tests/should_succeed/iterators/10_once/why3shapes.gz index d228e766e5d81bbf0508001dec7913d81f28448c..5f1cb1809e9107c4b573fdb5f94dc2de8711bb05 100644 GIT binary patch literal 811 zcmV+`1JwK!)xy-c94HTGTgxR;T~W-T2g# zro2H9O=TVrlmF<#v1cYcJf8mVSvLpS8?(QCJG#)*rt0_gFdgb8`SuWo`$9ug+`Kln zq{qkK(-?Nq6@ACM@xy&MO=Hip=Q-)!^bnFWX<~o9%|TmGSxF*wUz1w5BIUbni@fF_!Js zwX!|$#i}SkboW3m$|iTJ3y=!Oc&}FQT(_G~P3`7$7Q5Nj#pcBZvb!o}tAZwvz7#== z2%1IctYImC0a#f1nw4Get!xXhr8hkzGw*p_pBER;Z*slqk$9d*uYO_{XShzl-I^|P z=^vG!KNi-rrrOVMk#uj|^zay)4nDRq593U1Zni@K^FAl#SwwVa4&gZ6KZT1nXtL+= zG~HY(%_*WqDe)#!i>2i`B}Kb@-gY`1rcc4Yc=&gje?ks-qq*;Sv$T}dC4lHLR(Tyw z+{Xi7hnpgcpYM+`d_I*)@Z^3TB9_|+yDPqCHzTks&!)nY-uDdK91GB$(f zAui`Fx}V`t*EwdDtf*v3<+_)+a&d2Z-Cc7wt9`=gk}F%Lgk=JoMdc|k+p5?b_Fv&? z(yyvGXAqE3OVuzqh71UyTu4rpmR3Q{TG~QODv6FbBt{sH%*87%#yu*<1m`{sPy=fL zTb`3WrwlY`G)@pO+z~c-s|e9-P(Wo)<|Ub;x8BKtD-FzY?x;pjH4GLFr@(V^6ag)e zR=28^t!VMLfT{7qpmthIj2wgT%qc0*ct#|M?}Cly9tR@?bAd1cmKrLk7LtHej)odk z3$g{V6f1KIo^iwFP!00000|E*L_Z`4Q-z57@A#%{QD^>-t27>(AlCA1und?e~mHrm9_ z&J2P5_w<)1_Ar1DBnP{y>%DsQy2gLpw8ww+qd&G!{&2jTr&ld+Z~kmf|LMEwX+&Lp zgAuw$KOScH(fZ>^w10R!{XdeS9FjMBfBSZ_e#Bif?%OaQ+NJpR;KO~T!RcJT)~1%n z$KUhhcQF-n$Ghpny+6&VAm#NMFgvp*$uWxxis~3(9-*JrES0%Vy@6=dc;uj}*Tvh$l*Z+avyevI-byg0*E0`AsykxTuk zefhDFk#x<;^E)L|AY*8lfEBmw~Un3B>*2;?D9H>Y#%Rt zecV-9^!)vp{O413f~NGdiL8Eo*l;D+?Fxbo_1QJ~RJqKLz=vx&=n z^WkSWsa($zS1#_&sD^9FZnaM=ro<{1sbFznv#2!HpxMNALM*u30qlL#HC4%pQ!5A&Lkc?9sKnDO}DdS9&U>uXI1=)k> zfiKOpme?DnjnI@@p)CgFB_oUh=E1cXdW?Ed&k)Xow?LdT+*xKFFokI_%77*`kOILQ k2v~!C03Hp2pja#vE)cI7ivJdy3?UoH7g7d!<4*_x0C35aegFUf diff --git a/creusot/tests/should_succeed/iterators/11_repeat.mlcfg b/creusot/tests/should_succeed/iterators/11_repeat.mlcfg index c2ac248ae8..6f99b1d09d 100644 --- a/creusot/tests/should_succeed/iterators/11_repeat.mlcfg +++ b/creusot/tests/should_succeed/iterators/11_repeat.mlcfg @@ -53,12 +53,13 @@ end module C11Repeat_Impl0_Produces type a use seq.Seq + use prelude.Bool use prelude.Int use C11Repeat_Repeat_Type as C11Repeat_Repeat_Type predicate produces [#"../11_repeat.rs" 23 4 23 64] (self : C11Repeat_Repeat_Type.t_repeat a) (visited : Seq.seq a) (o : C11Repeat_Repeat_Type.t_repeat a) = - [#"../11_repeat.rs" 24 8 27 9] self = o /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = C11Repeat_Repeat_Type.repeat_element self) + [#"../11_repeat.rs" 24 8 27 9] self = o /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length visited) -> Seq.get visited i = C11Repeat_Repeat_Type.repeat_element self) val produces [#"../11_repeat.rs" 23 4 23 64] (self : C11Repeat_Repeat_Type.t_repeat a) (visited : Seq.seq a) (o : C11Repeat_Repeat_Type.t_repeat a) : bool ensures { result = produces self visited o } @@ -272,6 +273,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -280,6 +282,7 @@ module CreusotContracts_Resolve_Impl1_Resolve end module Core_Clone_Clone_Clone_Interface type self + use prelude.Bool use prelude.Borrow clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = self @@ -388,6 +391,7 @@ end module C11Repeat_Impl0 type a use seq.Seq + use prelude.Bool use prelude.Borrow use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Interface as Inv3 with diff --git a/creusot/tests/should_succeed/iterators/11_repeat/why3session.xml b/creusot/tests/should_succeed/iterators/11_repeat/why3session.xml index 4559255de1..e1c802e0c0 100644 --- a/creusot/tests/should_succeed/iterators/11_repeat/why3session.xml +++ b/creusot/tests/should_succeed/iterators/11_repeat/why3session.xml @@ -17,7 +17,7 @@ - + diff --git a/creusot/tests/should_succeed/iterators/11_repeat/why3shapes.gz b/creusot/tests/should_succeed/iterators/11_repeat/why3shapes.gz index 41d27119680c0ef8353e494180fdc8ad6b14a307..b332f16b13357fe865a4815e41412ca307d3a700 100644 GIT binary patch delta 491 zcmVI|6OBmnZxsC_-k1?)!3`sAHL!R z-C${+*nJw>F1?`-9fs3FL&y4^2i(hx>v%Ra^^W}sCdMhH^m$t#Rx!c8De{6oldfQmz zzE7BM?HTPj+Gne8p~_3wVc(vvXhk`<5!vz|k;=-vd@w=2?xRub0AsV;#dVej{|p;n z#prAF$C~n4GJoIrCSpo$Vl@J?tuVGI;UjLbV~!u#|A!|Zzhv5}!?c7Cv&_3D$|t$} zZr#n1_q>#PcqzFoU-=#i{gfhK-cBrg9d#w5swHY^oTwG!L10i)30+I>m1M@Jte^!+ zOhArQfYwNAA15^&kPz(!uK*BJS%`v1paVh}2XKLb^JD;COXe#|z=NWkx)cgi=t50k zG=h5c3@Y?gF-n~ThLU=1WB?E;r3ED`+&d8dL#IV-sFgm8hb|dV=#6{tx_X2`g&^003aT?V11p delta 489 zcmVDw33&N27BB_N+1OqwSQmp2qC)JT$K%;nKQ>{ zj_1QJ?SH}r`}B%ke{7pisZ4htli?Q}o2w;70++7!za93L0-i6!UrVd0Mqgon_=*>V z!DdBb_i1Rm^oBlk7)}dKHrDSv23}q)v%;!suBv<@6!{$LIe%nJX!3ij9=kTNi9C9v zW2=d8&ho9kp@XJh1X4?j<;X0HTBn@K_u$&|<%9!z%Ol&Dw!!ss*u`9bY<|Rg+gJ_X zC(O6@jCLIDvsJfH78P{Zx2G#wUd`9=eEE+^X+=>zm>^#F(WrHR@v>XvI!l9phK;X$ z^fmfpb@eP+Y=3;?F(oZB=O7+sXG5x3Ye#}DlP!&8i3GVRo1TEd4}=3V2}lU#AP z?&ipQUP?Z^lvtLpdJlzqN>MCt$Ctg1x)LM-9bw!PrKJZhjnmqD5ddV+PNcNVN|G>A z%Mh`Ip;Ddzt7$+Go@y;kO)wQDFIfcAj7czPq!V0I$YKc1JfP-W84!%S)RekZrJTSa z5U;!zwUf#*C#k?l&mH5!Nu(jovN9tp9JK<_LIxM8(HT%JBP|m(BNUP82~O{DX_WRP fXdnhDXOf@@K6s%*Ej1MroUQPG+uPyvYXkrQo8jui diff --git a/creusot/tests/should_succeed/iterators/12_zip.mlcfg b/creusot/tests/should_succeed/iterators/12_zip.mlcfg index 3f7c304075..3074210b14 100644 --- a/creusot/tests/should_succeed/iterators/12_zip.mlcfg +++ b/creusot/tests/should_succeed/iterators/12_zip.mlcfg @@ -122,6 +122,7 @@ module C12Zip_Impl0_Completed type a type b use prelude.Borrow + use prelude.Bool use seq.Seq clone C12Zip_Common_Iterator_Completed_Stub as Completed1 with type self = b @@ -301,6 +302,7 @@ module C12Zip_Impl0_Produces type b use seq.Seq use prelude.Int + use prelude.Bool clone C12Zip_Common_Iterator_Item_Type as Item0 with type self = a use seq.Seq @@ -320,7 +322,7 @@ module C12Zip_Impl0_Produces predicate produces [#"../12_zip.rs" 28 4 28 65] (self : C12Zip_Zip_Type.t_zip a b) (visited : Seq.seq (Item0.item, Item1.item)) (tl : C12Zip_Zip_Type.t_zip a b) = - [#"../12_zip.rs" 29 8 35 9] exists p2 : Seq.seq Item1.item . exists p1 : Seq.seq Item0.item . Inv0.inv p2 /\ Inv1.inv p1 /\ Seq.length p1 = Seq.length p2 /\ Seq.length p2 = Seq.length visited /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) /\ Produces0.produces (C12Zip_Zip_Type.zip_a self) p1 (C12Zip_Zip_Type.zip_a tl) /\ Produces1.produces (C12Zip_Zip_Type.zip_b self) p2 (C12Zip_Zip_Type.zip_b tl) + [#"../12_zip.rs" 29 8 35 9] exists p2 : Seq.seq Item1.item . exists p1 : Seq.seq Item0.item . Inv0.inv p2 /\ Inv1.inv p1 /\ Seq.length p1 = Seq.length p2 /\ Seq.length p2 = Seq.length visited /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length visited) -> Seq.get visited i = (Seq.get p1 i, Seq.get p2 i)) /\ Produces0.produces (C12Zip_Zip_Type.zip_a self) p1 (C12Zip_Zip_Type.zip_a tl) /\ Produces1.produces (C12Zip_Zip_Type.zip_b self) p2 (C12Zip_Zip_Type.zip_b tl) val produces [#"../12_zip.rs" 28 4 28 65] (self : C12Zip_Zip_Type.t_zip a b) (visited : Seq.seq (Item0.item, Item1.item)) (tl : C12Zip_Zip_Type.t_zip a b) : bool ensures { result = produces self visited tl } @@ -699,6 +701,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -1070,6 +1073,7 @@ module C12Zip_Impl0 type a type b use seq.Seq + use prelude.Bool use prelude.Borrow clone C12Zip_Common_Iterator_Item_Type as Item0 with type self = a diff --git a/creusot/tests/should_succeed/iterators/12_zip/why3session.xml b/creusot/tests/should_succeed/iterators/12_zip/why3session.xml index 24abbb0189..57e26b047f 100644 --- a/creusot/tests/should_succeed/iterators/12_zip/why3session.xml +++ b/creusot/tests/should_succeed/iterators/12_zip/why3session.xml @@ -8,7 +8,7 @@ - + @@ -72,18 +72,18 @@ - + - + - + - + diff --git a/creusot/tests/should_succeed/iterators/12_zip/why3shapes.gz b/creusot/tests/should_succeed/iterators/12_zip/why3shapes.gz index 8043dfa45cb76387813e81c1edb160da581b28dc..a0f864108e77ff7834f9aefbd1c56c0a722161c0 100644 GIT binary patch literal 2041 zcmVa2bPK~=#m_gnnMmz0W%nf z6`ABpTzfaaK8@ErI78Wrr3-r+KzDy%HyVKc{9*I*Z+8wao3G*d<#0OwWdoZJzuaAZ zb%*2EhU|+(8(KxyuqyI~@9*6C`PBW^hL=XTj~^S^s761e)%k}vDt|)xl=)LUj4L58 z8ZDt2n3^^&d^unKXiQ#fCSw>HiH<1>yrJTu#G3_%%Bo>iL#u{7OwF)rU}`$qWpjVB zL_=jYBr7GNq0_+8q^grM4LCvV@0$Bfe|p~3X^+pLe<~Janvke+XO;x!&h*ZGa!=v- z`GV=9gT$t4Rwd`7`g6FT)KKmI@!R<+u%tNCs7MmVhMYfLqGDLMMX^QDdWzWn_i%o6 z_;;?NA4ikM$3a#^KSWQ5@aOSQ0L%v1FyPw?!M6=Ha|kqQGKMH-5N2FjL6{W~KDp0w zyFlSn3|Ved@Y1>TD_p@P%dbc=CPiBSfBYCph?r8!AJf(<6vQ!lMZ}<+D%ce%gKnb0 zIHU83(jD;k;ttEvOke%R850gi&xheVJ2|Z7eVl%aI5#md(D(g0+aGbZy@Jv(vWg|@ zXJAl~Y6JCG?34;&WWW6Zrnf(mvh7u#x7RiC|IrbHzsUog@PHGe;)(#830Q%Y37~Hz zV9wlwW2f=kFa;VN6G*{$Y@y_zR}J5OSUf=5M?(5J{K#H~Du zS)NwXIS%r1T1CWbp4ciPJmyMr))19^r6X`SJ7tj)vXCbNqZ+QGCC)A+Gpm|6wI)!6y7)}$7vOjtcb)E5sRmkpWcC3K4Mpnys_$5Q4dx3okQ+B zwfEYwHmSfB)IVN_EFV}E>G||>X-~)QaKTr@?82+lZQSG*{gAJ;r8Y#Z7Fqj`sP1G6 zU^J83Us^Xcop~59+hRZ5nujYm%%2V_hNJUMK1HME4}hdGMWM^Lnmk5KT|1gYd(*om zJ`n09pH&ybBMD_*Wej78*rZp(^jQIkIF&KxfJl|nH8*Q$d0v$VMbyCT&7!M?sqJKV zcB_wDJ4emv;B9#3(R6Iym8^;Fy=zZjupBR;i%sMH@vo<2m=wo{sC_vcKjW0sG47^+ z<#~TUeF;r${rC6oQ`~}i>DE1mm($bN(C}OdItfKd8=fo1pioxa-!Q-$u1X0-p=fy{ z@-_w(%96f>^DT{4|AH0&QTT*Ijo`bwluvR<^EgZ8HX`n!HXv%DftVK>kd;D1gb)zWp<{_VMp-+6outkEBhD-yqv#>FaW`>W8=3NE>Cv z$iAGQ^&d+}^IgwrPlM=O+w-2aByb*j0xOs|dXrRi{A zCv@x$1{IUO?Ep;2z>uB`gRn_pRPwgND_Arr%(X$Gtx)R*Wd}jgzQQzbp3 zmO=&Mx?~U*1~DVrQnU${qAV=sma-eHI)a((7}28hq0^XQX-v-z?Vwe{Cl?D=nY2t; zhDMlW)G{Q*yuoQNrNSOAf?x2=|wmsGjIN+qG zOc^|4jn`6jBsrz;?35^Ch;a@xC>WycxnqKP;#KQa4&5H<62 literal 2038 zcmVjz@Z<0k)y~rXilFgo| z;*k_vcP7c#2V|4|P`7-?8G9o%NCG$qAV~W6pEj@maOe2C`4(SZ52xcFH*)jo4|kV; zxx?{WL-s|22C7IKT1D2d{hd3%oZ4SQd~LY<{J9a0YV>1X-T$yg^`EkQivE*7jw@xq zXtac8CEi}3sH_@VHBdF=acYKE15?x4E}i=m zB^nUbkf@aK2Bv|dNmVEJG~fiaziS>g-RWghr#-#I?zvbHc|xYjooN=RJHws3chB+o z<$~#gL84PNt&;Oe{Uu&dYCyZc{(63nG%L=K6j{R9kn>;C_pom3ez^~bSx*7G{~pdy z4*$+o^y6sO_%uk1=!f88h<+aaB>vd|9R_@;2z+S3%n?A+^bnGmF_>{>#b8!2`0Txx z!vciQA@p*{u?y$&FLwo&D8D?1m=&Sm{rov`kRauRKjn>87)WDq#lxVRD(Dp_gKnb0 zIFs{)(jD;E9hQSVdG#A-Oc)#;ABOMV$6+n&4_L2Ar4_SNI|0UqRI4hj-$i zQ#l2WBiD#`OUM(oX)U9QdHD5gQT}W()}#}3v@6}tFTHUQM21EdiLeT9bcC{ zB=w@3F#SqOZzmH?EwZ?tzpDngM2r)za)p}RYL@7mSz@=d#AhH_Qe+8z@(hCC$`YSt zX(gHCARDJuK&)not^&gIt)ylRP{~$4`-U@f)?;!ONH6I{R~gRCSwFctRF`SO2_^iJ z7|e%W3EwwwbqHUxbyZGmmWf2suya@rpDoLY?bkNL75j9YP}!%IeONCi{$@Fe+vOx@ zAVgARiKCQ3$Xn$kXHZtEZX6WjvPs4b@=KJBMJY2iw{JEe~IJ&>R=V;XY(w{Y^D0KN&lLv^YYe$o4Z+fG| zM?t;V)9PY)7@^FnjA0BBoBUFkJ|$!(PW2f3fJl|{-L}_2c~X@}MAFFFJ4IIuQ`_0_ z>?)r&b{{o`!Q1e(gM47#m8|jYgA1pxSdEw1rk3&W^rzD?PKx7G(!L&!UvSFlm^Rbj z`+0vkeT_}(`VSB8KJCDM>DIl(*VFU2*s#75bQX#d8rD~gL7}X8xM6@cOqCK!Lea8@ z_q$l4P?mHhobP$8`scLxPr^M8HJt70QZ@ySQJHJx2pp9oaGrqYX+7|2OJ#L-fX(9c z@^bnf+uwctCrLl`$k3cGVh83Bhfut_guu3Tn!TOr@X(MyfF& zS)W~yB_(;Vp_LNKrj(>}{yvY(LJ6J#eIreSyFWiXbYs~JVy&MPNNKK((2dFjE7C~0 zn-q{Vr3z%un;eoV^^8I(^02HFN-(x%04knOSbbvaq}<9lr6 zjk027Urx~a&m^SzE|}Od$6IMU<(^R;TaA4WTcC4F3cdkijn!6JX@%vMS!%(OyGRT$ zCxVOKP(q`^UE2|*m12^J)@(SpLRf&6wL}vUqlZrF5PjE19YWBN1gfMo&}{^+WtI_3 zjiuUBWhq(!E6BP*7E~9Brb2`^U~5poqGBy*)Lw8(U%K!_x|jh+SVlR<8-4RUR{S~nPYaK=TZiKM<2Fr3I9^1!jS+yKvM6F9nO#co2Zr8DQK3q#(Z2JiA!1N`1xt|-^A4vS)&}uB2E+g@!D>>0i$FEBuJuH07`1%C{7*V{9$MT6=rnlUdPxoM zfCvzsh*Bw^ox%q@H4=EMy_Ov~=?#`eD}h4bh64{QBV`}$w1rMM)_Epyw}22V@V4ui z7Y=JvhAun(=$y8`c0=0E2StrT_o{ diff --git a/creusot/tests/should_succeed/iterators/13_cloned.mlcfg b/creusot/tests/should_succeed/iterators/13_cloned.mlcfg index e23e238590..d70330d140 100644 --- a/creusot/tests/should_succeed/iterators/13_cloned.mlcfg +++ b/creusot/tests/should_succeed/iterators/13_cloned.mlcfg @@ -134,6 +134,7 @@ module C13Cloned_Impl0_Produces use seq.Seq use prelude.Borrow use prelude.Int + use prelude.Bool use seq.Seq clone C13Cloned_Common_Iterator_Produces_Stub as Produces0 with type self = i, @@ -144,7 +145,7 @@ module C13Cloned_Impl0_Produces predicate produces [#"../13_cloned.rs" 28 4 28 64] (self : C13Cloned_Cloned_Type.t_cloned i) (visited : Seq.seq t) (o : C13Cloned_Cloned_Type.t_cloned i) = - [#"../13_cloned.rs" 29 8 33 9] exists s : Seq.seq t . Inv0.inv s /\ Produces0.produces (C13Cloned_Cloned_Type.cloned_iter self) s (C13Cloned_Cloned_Type.cloned_iter o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) + [#"../13_cloned.rs" 29 8 33 9] exists s : Seq.seq t . Inv0.inv s /\ Produces0.produces (C13Cloned_Cloned_Type.cloned_iter self) s (C13Cloned_Cloned_Type.cloned_iter o) /\ Seq.length visited = Seq.length s /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length s) -> Seq.get visited i = Seq.get s i) val produces [#"../13_cloned.rs" 28 4 28 64] (self : C13Cloned_Cloned_Type.t_cloned i) (visited : Seq.seq t) (o : C13Cloned_Cloned_Type.t_cloned i) : bool ensures { result = produces self visited o } @@ -538,6 +539,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -571,6 +573,7 @@ module C13Cloned_Common_Iterator_Next_Interface end module Core_Option_Impl2_Cloned_Interface type t + use prelude.Bool use prelude.Borrow use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv2 with @@ -744,6 +747,7 @@ module C13Cloned_Impl0 type t use prelude.Borrow use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Interface as Inv4 with type t = Seq.seq t diff --git a/creusot/tests/should_succeed/iterators/13_cloned/why3session.xml b/creusot/tests/should_succeed/iterators/13_cloned/why3session.xml index 273f287cbb..bd0ba5755d 100644 --- a/creusot/tests/should_succeed/iterators/13_cloned/why3session.xml +++ b/creusot/tests/should_succeed/iterators/13_cloned/why3session.xml @@ -7,12 +7,12 @@ - + - + diff --git a/creusot/tests/should_succeed/iterators/13_cloned/why3shapes.gz b/creusot/tests/should_succeed/iterators/13_cloned/why3shapes.gz index 00761716a0525727201231c574ef36e4a7d50024..dd146d95fe2c24aef8d9882f54051ac5b3778fb0 100644 GIT binary patch literal 720 zcmV;>0x$g^iwFP!00000|D{w-uhTFPy!Th+20Siae;bKIRS`K7f&-F|JUNL26>U<| z@_>Jj9owl}-UZP^y1VvFJiFt(e5lS}?a7_1CpVw>)A*+1)x)dJ<-6UFPX^T+dzz>I zN9WE4?CaMC8){gyEXF@DG^Qk_IHu5CktBkyOrD06)ZDt`>GIp~h~;%U02q-&Y-E7| z11MntHE|u#d%Jtw9j4LsM%5d$tA=T=GURb~!y%E8uwIghpbdOL3`AWa*d}7KO%

  • FV1#zP{3tE|33C*w&Qv22VDDs>s1ZOAvH9I%&^-QdxgTN+%KL3 zqf#zoDpJaefysosvUw_bV-CpUfK0z0)yMvL!t*Z789<2a}M4D)VSg^6q0^32$9tA!*8$ zI*;17XLjf5@Z|g~o7mYf_7p^r0a<4o%2J@87`s;(1hP^f4FcIJ&~s&bMKAJYeR-3x z?KIERPuIUVep`(b@xy+!2j8jsYN(}`3y=kK`6yKA&R}-8sm{{KYQfR{x@^i}J*T7; zBK$e7GI$cfn}6Yu&vV3%TKF9e$e)W={0DWvrJ%Qri-V04pB?P%2@lxMrGa zqOk^zHo%n!Ak_7itBwrFalai?Mo1?*HB?GVEeb%}TGv`7Xv>vD0(BTOhC9ZTq^%OD z0;NG}5E{4!rh#f88ax;@AWvW!lA@(dk&b~Fkmwod2M1DdLiwFP!00000|D{w-kJB&^z4uq-1}qnk9e)IgLsbzu5`qJgkF1>7hKe>R zX<6XkW5;&tmc1bM(486kJ^RhP_~k=&{;E&*Ts_(Oyr0H56{{XzZ7$#Setc4>-RRRi znID5aE6}fBE39foyJa!{169YAq!h;#x+{`I(3Q#4kdm5ddpuo!D;BY=O&0*gbBL8F z5TF1h44^Kq1A4D_kGsP(TBDkFqjr^><|;!TXX_4$jD+=)j0bJt1EL`63c)rJlWnT7 zT!CES+mePwf}0v&cv*3`n~MT2llt##UuHd?*M7jYAGlrBkQ~;k&LLIww#8l{S5590 z%YkZAE@H}4%8G%BguAkNDsf{D$m4)azh2eH{;s=tKMdQQ9;V~zU@t*2@#;T#@z<8= zhfqE5$1i@%G%Aes=eY0FbhOGdbo#CTRT#BhB1PL!LU|7+A%~{SqdCdDk9j4Wy23)z zl`Cx?wQtXC&(q<_`dN0dvtjHhh#&=`%{COJKtC~huP_LtrNBA}q^m&BmF*S1$d>ix zB(D2uo~NJIyf}VajT7;1Kk9?;RC_hl(#r)%gSmVZD)mlbdbg>~(#UGT(f+z@%3(dH zq!hyaJ+3lX62ZEE;SkSr#E#^*rw-m;{Pws!Uxg8A@?rVjthGE;nr3zLh0ySYu;BIX zxnjF5s^J4DavnBh?qs$6R`8UIl;5!b4^JEZHk+Od4JNd4)G{Zq?Hl5_pbZ5#AdUKp zNh)heB$go2rlu4L*OR_CqGq7MvYyeNi-FjlSyMGqNL~Q6VV-NS)Dv@tNn>2^YKj>_ znjyg|Xe0;;Tmq9oCDam#1P=xY$P<77tqDbTppIF8AQsI4S`ZAzzZ$&4AThcFX*6i; zdJSM0>aAfQsE>xBXGZV=77)Gz^_n^tPBOZ2&Y8iWMk7uL6V{N1EFf|R`U8gZ_}K#o F0009EVO{_L diff --git a/creusot/tests/should_succeed/iterators/14_copied.mlcfg b/creusot/tests/should_succeed/iterators/14_copied.mlcfg index b8185ed07a..a3e89a1f47 100644 --- a/creusot/tests/should_succeed/iterators/14_copied.mlcfg +++ b/creusot/tests/should_succeed/iterators/14_copied.mlcfg @@ -134,6 +134,7 @@ module C14Copied_Impl0_Produces use seq.Seq use prelude.Borrow use prelude.Int + use prelude.Bool use seq.Seq clone C14Copied_Common_Iterator_Produces_Stub as Produces0 with type self = i, @@ -144,7 +145,7 @@ module C14Copied_Impl0_Produces predicate produces [#"../14_copied.rs" 28 4 28 64] (self : C14Copied_Copied_Type.t_copied i) (visited : Seq.seq t) (o : C14Copied_Copied_Type.t_copied i) = - [#"../14_copied.rs" 29 8 33 9] exists s : Seq.seq t . Inv0.inv s /\ Produces0.produces (C14Copied_Copied_Type.copied_iter self) s (C14Copied_Copied_Type.copied_iter o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> Seq.get visited i = Seq.get s i) + [#"../14_copied.rs" 29 8 33 9] exists s : Seq.seq t . Inv0.inv s /\ Produces0.produces (C14Copied_Copied_Type.copied_iter self) s (C14Copied_Copied_Type.copied_iter o) /\ Seq.length visited = Seq.length s /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length s) -> Seq.get visited i = Seq.get s i) val produces [#"../14_copied.rs" 28 4 28 64] (self : C14Copied_Copied_Type.t_copied i) (visited : Seq.seq t) (o : C14Copied_Copied_Type.t_copied i) : bool ensures { result = produces self visited o } @@ -538,6 +539,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -571,6 +573,7 @@ module C14Copied_Common_Iterator_Next_Interface end module Core_Option_Impl2_Copied_Interface type t + use prelude.Bool use prelude.Borrow use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv2 with @@ -744,6 +747,7 @@ module C14Copied_Impl0 type t use prelude.Borrow use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Interface as Inv4 with type t = Seq.seq t diff --git a/creusot/tests/should_succeed/iterators/14_copied/why3session.xml b/creusot/tests/should_succeed/iterators/14_copied/why3session.xml index ec701e6900..23bc2f1e76 100644 --- a/creusot/tests/should_succeed/iterators/14_copied/why3session.xml +++ b/creusot/tests/should_succeed/iterators/14_copied/why3session.xml @@ -7,12 +7,12 @@ - + - + diff --git a/creusot/tests/should_succeed/iterators/14_copied/why3shapes.gz b/creusot/tests/should_succeed/iterators/14_copied/why3shapes.gz index af4da530ea1e6b2ecdaa25be417aedfa08373b4a..91f1500973a902b60b7f56f9f140d5e8e57d0ee0 100644 GIT binary patch delta 708 zcmV;#0z3WF1iEqb+_8Fg^Km-LA!AHyS-*Qo(8B8S+>0s#h4!hZm2;yIuXcJs8E4qMk7 zRj!y~~}O)R{;=d|c7Lukssq?D+cxHE;cF)f5vWb%o zYfnK08IX0hp)3XZjj>yWK_Dvy(jbtX1$wS*ujoa-oPRI>By2m)^YqL0ulC>1#)dMPBeEs+SY@*x1F5{8Ovrl}?xYtU!~TzLROU2nPS z$bcO8*D+;;bfQy3rL@$d0JN=jtyO}yTsb6AhcRQgV@yffDuF6c8l(oHfootIs0O0J zgFyrG1ePHwTFMmZ7>EIho{@fVAQeYcP*Gvf7(Ly9a0>$(2oczScfh!F!nM>6w4*J? qbOGTTkaH3-B8h+O6by`XSXwKHp9hr=cf$fAH=w_lEx&sM2LJ#Xg7V4aA`I#pP%K(6q0Ny8$+RgEvatmy5k zQNU$Vzij(7>+yJ=2VCZX+p`*y!&=ojq>5gT*em3!$@5}4P)*83OnFLKu`rQv7dB5N zuFL^>9gykIt$+I1_qvJwVOVeUFzpXJdkTt)SO0Mu?PX;8Aykjs@vFZwjS6G^CEoiy z?XB_*oqp%P6-I5BNYOf!P`-mn$e}6oXioC}Q$7h#J;OrMl_zapwI9!HkJIki`dxN$ zvSIBhh#&=`%{COJK)*41t1t+prNBA}q-TMiE88o2k$)}c%age7r+J=!S@UZD{cN0w zciU0#{G{58p_W-LKpM>Dqfn_g3e%fQZI(vP798#G)2dw7Jtd_O?)$jNU`Yh){)I!_ z=ZF)@@18n%d-2=T^7<-_NQ2K=aBO$4*shCeuyK*|a3QUoCd1@^JWshu`4#*B@U-D` z)qngS(SPnvEt`@iulXsgdNMSa(8f{AoWQnkh~t7b6x@I`>MJIxtR<0Hf<&vDQY2hY z`re3|fdVtZyy)kq-NU@-oz!9Obu5~CYXuc>nZWOU=4GlM~mMw}2P stRW3qK==lv(V(&GHGpBLw}yeBJ{pFe8NmlwK;#DW7xywReFFyo0O7A)_y7O^ diff --git a/creusot/tests/should_succeed/iterators/15_enumerate.mlcfg b/creusot/tests/should_succeed/iterators/15_enumerate.mlcfg index ebd4eae974..5e133f166a 100644 --- a/creusot/tests/should_succeed/iterators/15_enumerate.mlcfg +++ b/creusot/tests/should_succeed/iterators/15_enumerate.mlcfg @@ -268,6 +268,7 @@ module C15Enumerate_Impl0_Produces use seq.Seq use prelude.Int use prelude.UIntSize + use prelude.Bool clone C15Enumerate_Common_Iterator_Item_Type as Item0 with type self = i use seq.Seq @@ -280,7 +281,7 @@ module C15Enumerate_Impl0_Produces predicate produces [#"../15_enumerate.rs" 28 4 28 64] (self : C15Enumerate_Enumerate_Type.t_enumerate i) (visited : Seq.seq (usize, Item0.item)) (o : C15Enumerate_Enumerate_Type.t_enumerate i) = - [#"../15_enumerate.rs" 29 8 34 9] Seq.length visited = UIntSize.to_int (C15Enumerate_Enumerate_Type.enumerate_count o) - UIntSize.to_int (C15Enumerate_Enumerate_Type.enumerate_count self) /\ (exists s : Seq.seq Item0.item . Inv0.inv s /\ Produces0.produces (C15Enumerate_Enumerate_Type.enumerate_iter self) s (C15Enumerate_Enumerate_Type.enumerate_iter o) /\ Seq.length visited = Seq.length s /\ (forall i : int . 0 <= i /\ i < Seq.length s -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = UIntSize.to_int (C15Enumerate_Enumerate_Type.enumerate_count self) + i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) + [#"../15_enumerate.rs" 29 8 34 9] Seq.length visited = Int.sub (UIntSize.to_int (C15Enumerate_Enumerate_Type.enumerate_count o)) (UIntSize.to_int (C15Enumerate_Enumerate_Type.enumerate_count self)) /\ (exists s : Seq.seq Item0.item . Inv0.inv s /\ Produces0.produces (C15Enumerate_Enumerate_Type.enumerate_iter self) s (C15Enumerate_Enumerate_Type.enumerate_iter o) /\ Seq.length visited = Seq.length s /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length s) -> UIntSize.to_int (let (a, _) = Seq.get visited i in a) = Int.add (UIntSize.to_int (C15Enumerate_Enumerate_Type.enumerate_count self)) i /\ (let (_, a) = Seq.get visited i in a) = Seq.get s i)) val produces [#"../15_enumerate.rs" 28 4 28 64] (self : C15Enumerate_Enumerate_Type.t_enumerate i) (visited : Seq.seq (usize, Item0.item)) (o : C15Enumerate_Enumerate_Type.t_enumerate i) : bool ensures { result = produces self visited o } @@ -315,6 +316,7 @@ module C15Enumerate_Impl1_Invariant use prelude.UIntSize use prelude.Int use prelude.Borrow + use prelude.Bool clone C15Enumerate_Common_Iterator_Item_Type as Item0 with type self = i use seq.Seq @@ -332,7 +334,7 @@ module C15Enumerate_Impl1_Invariant type t = i use C15Enumerate_Enumerate_Type as C15Enumerate_Enumerate_Type predicate invariant' [#"../15_enumerate.rs" 71 4 71 30] (self : C15Enumerate_Enumerate_Type.t_enumerate i) = - [#"../15_enumerate.rs" 73 12 74 79] (forall i : i . forall s : Seq.seq Item0.item . Inv0.inv i -> Inv1.inv s -> Produces0.produces (C15Enumerate_Enumerate_Type.enumerate_iter self) s i -> UIntSize.to_int (C15Enumerate_Enumerate_Type.enumerate_count self) + Seq.length s < UIntSize.to_int Max0.mAX') /\ (forall i : borrowed i . Inv2.inv i -> Completed0.completed i -> Produces0.produces ( * i) (Seq.empty ) ( ^ i)) + [#"../15_enumerate.rs" 73 12 74 79] (forall i : i . forall s : Seq.seq Item0.item . Inv0.inv i -> Inv1.inv s -> Produces0.produces (C15Enumerate_Enumerate_Type.enumerate_iter self) s i -> Int.lt (Int.add (UIntSize.to_int (C15Enumerate_Enumerate_Type.enumerate_count self)) (Seq.length s)) (UIntSize.to_int Max0.mAX')) /\ (forall i : borrowed i . Inv2.inv i -> Completed0.completed i -> Produces0.produces ( * i) (Seq.empty ) ( ^ i)) val invariant' [#"../15_enumerate.rs" 71 4 71 30] (self : C15Enumerate_Enumerate_Type.t_enumerate i) : bool ensures { result = invariant' self } @@ -690,6 +692,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -902,7 +905,7 @@ module C15Enumerate_Impl0_Next assert { [@expl:type invariant] Inv1.inv _3 }; assume { Resolve0.resolve _3 }; n <- C15Enumerate_Enumerate_Type.enumerate_count ( * self); - self <- { self with current = (let C15Enumerate_Enumerate_Type.C_Enumerate a b = * self in C15Enumerate_Enumerate_Type.C_Enumerate a ([#"../15_enumerate.rs" 58 16 58 31] C15Enumerate_Enumerate_Type.enumerate_count ( * self) + ([#"../15_enumerate.rs" 58 30 58 31] [#"../15_enumerate.rs" 58 30 58 31] (1 : usize)))) }; + self <- { self with current = (let C15Enumerate_Enumerate_Type.C_Enumerate a b = * self in C15Enumerate_Enumerate_Type.C_Enumerate a ([#"../15_enumerate.rs" 58 16 58 31] UIntSize.add (C15Enumerate_Enumerate_Type.enumerate_count ( * self)) ([#"../15_enumerate.rs" 58 30 58 31] [#"../15_enumerate.rs" 58 30 58 31] (1 : usize)))) }; assert { [@expl:type invariant] Inv2.inv self }; assume { Resolve1.resolve self }; goto BB6 @@ -967,7 +970,7 @@ module C15Enumerate_Enumerate_Interface type t = borrowed i val enumerate [#"../15_enumerate.rs" 81 0 81 54] (iter : i) : C15Enumerate_Enumerate_Type.t_enumerate i requires {[#"../15_enumerate.rs" 79 0 79 75] forall i : borrowed i . Inv0.inv i -> Completed0.completed i -> Produces0.produces ( * i) (Seq.empty ) ( ^ i)} - requires {[#"../15_enumerate.rs" 80 0 80 93] forall i : i . forall s : Seq.seq Item0.item . Inv1.inv i -> Inv2.inv s -> Produces0.produces iter s i -> Seq.length s < UIntSize.to_int Max0.mAX'} + requires {[#"../15_enumerate.rs" 80 0 80 93] forall i : i . forall s : Seq.seq Item0.item . Inv1.inv i -> Inv2.inv s -> Produces0.produces iter s i -> Int.lt (Seq.length s) (UIntSize.to_int Max0.mAX')} requires {[#"../15_enumerate.rs" 81 30 81 34] Inv1.inv iter} ensures { [#"../15_enumerate.rs" 81 42 81 54] Inv3.inv result } @@ -1038,7 +1041,7 @@ module C15Enumerate_Enumerate axiom . let rec cfg enumerate [#"../15_enumerate.rs" 81 0 81 54] [@cfg:stackify] [@cfg:subregion_analysis] (iter : i) : C15Enumerate_Enumerate_Type.t_enumerate i requires {[#"../15_enumerate.rs" 79 0 79 75] forall i : borrowed i . Inv0.inv i -> Completed0.completed i -> Produces0.produces ( * i) (Seq.empty ) ( ^ i)} - requires {[#"../15_enumerate.rs" 80 0 80 93] forall i : i . forall s : Seq.seq Item0.item . Inv1.inv i -> Inv2.inv s -> Produces0.produces iter s i -> Seq.length s < UIntSize.to_int Max0.mAX'} + requires {[#"../15_enumerate.rs" 80 0 80 93] forall i : i . forall s : Seq.seq Item0.item . Inv1.inv i -> Inv2.inv s -> Produces0.produces iter s i -> Int.lt (Seq.length s) (UIntSize.to_int Max0.mAX')} requires {[#"../15_enumerate.rs" 81 30 81 34] Inv1.inv iter} ensures { [#"../15_enumerate.rs" 81 42 81 54] Inv3.inv result } @@ -1070,6 +1073,7 @@ module C15Enumerate_Impl0 use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool clone CreusotContracts_Invariant_Inv_Interface as Inv6 with type t = borrowed i clone TyInv_Trivial as TyInv_Trivial4 with diff --git a/creusot/tests/should_succeed/iterators/15_enumerate/why3session.xml b/creusot/tests/should_succeed/iterators/15_enumerate/why3session.xml index b1dc56c173..a848b3c6b9 100644 --- a/creusot/tests/should_succeed/iterators/15_enumerate/why3session.xml +++ b/creusot/tests/should_succeed/iterators/15_enumerate/why3session.xml @@ -2,67 +2,67 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/iterators/15_enumerate/why3shapes.gz b/creusot/tests/should_succeed/iterators/15_enumerate/why3shapes.gz index b94b20a092c96772888bea997f1b2cc18867d9ca..25e3bb10e07588b85a718a39ac877347d6017aab 100644 GIT binary patch literal 1759 zcmV<51|az#iwFP!00000|E*VDZ{xNSefO`>+qSze9CG+oAP+_mg8?q?OD}}`v<4+n zyFnc*wVmDc-*-rnvXt1{-L`pf_%Uuy7V7~^_Lul{srPxoB-bphr{qSbnhO2TUdRJurJ{IhrQorxR~EKo?0R{o(`cM z_T9sY4%h0|x5MMpE}TLaoo~1Q9rj@gYuxDZVgHFNhCQ)6u5r8lb$AT5---mQQsahx zGr;Qf$5W^#YFGXcj>GOtC=O#LVDgD*{)NZ>i||M4ZP^@ioX4>bWnh>VhxrN#c0WsR zJ3Q}CIje9^Ff21H{fml#+lI`$qyONaAND7O@96g$SPLtf4WGiH8tA&}cf;3+KXde5 zcis7W*T}^4tHjghzrD~|5ilcwulm*V{t$fo**CjTJq@&v)$MIeGs{%2r_3hr^^Cr0 z3MlLA!bSEwqa?2W_e>(=M9a$(kk0_A{TG4Op#3lpX1&bzu*~Q{p+}1$WoPQawL~qJ zs>|s5TXI_D0H!1)r@2&lIWzs&lq?eZS?9C!H2V3W^d)z3Wd5X60{5;yC`3Bhq6QQ;KE>>kAOTENXzZBM*T1+%#F zRKP{ijk%_t%4V68kuKto^>{%b?MCIAT5aZ+e|_m_&rddejq3BcHu;t`_dkL`&!meW zn=DYBrKLBkl(21jK+Xu&nb0}w)7U1zaCCkR>CM8ERAv%oaDRDtMp}Fn#E0M1x1&i} zAwQ~2?%VRnV$&n*{$Iq}#J|-_2<@fPROEHoV2dhv*#>P@)94lfD(#e$4xMn^fnzJ} zHS)HHK6I@Vz-*MbZ@CGm1O!3q3TfS6yETa<@*f_{+@?AR8?@Z)s0T3zSxbmNC;Ysxf;l0;~;ZAkdW3GIY(LOOvzyhJNo!ldG@?*i{zZA}lz z5lJMf<87!=IOGn&A#=k1)8$xbNlz^J(04pQ+o-maq8Gt(!?0;$M5r8+4)I@G6kFT% zq~cC#V!g3Z!$KG)G^N(azCu#4js*QZe4{z*dFXqi5NyMA!%#~)Iif{F6-gz*N#@Z0 zHB=xr=%nbT)13^YB~47XoW9p!=-`S3#lIKL^u86oX~8r+O2=|ir35;Sp^>&zm9$P8 zI=@moNrzu%zor9*UN#*{u30M;GU#=$Y^RO#4X>1R3Y`*8ai_p3R;~M8J-MfZ2vQfM7;P{s|GS5Yx^E_v}MOch-3m77a5?#A+ z|8V}h(OFpIW*oS1c)SlscMkj8b2v6;8<*Yj)*a4o8j}=djVYke0+PXi?8bdS`@Y<~>>UAA-txO5$m)qOzHd7c2v8zGVdv;o{2d5D8;zMXIL3Y%8wv;x}_hK&HL zHAuMZr2*%oJDif*&$V7FO|oOj;@H{8Ec*DIjbalC@0(F$aBmx)Hbujyb8_uC87)_h znaH00(#DK)ou^~C#AsQZp2Ze0MA9WX5}REK8GTkAX&Lnu?iB9&jk|Jh-JU<=0@s$^ zIC9tfo9Tpma!(Mq;s&^OI39=3p?h=x=jzn^2>S%Czdg9S3>W#0>uJQ|;NckjaOiH& zm|UA{=ZE`;yKoL&6u#d7Ivm1m)~M*|_V58u3bM8 z-w&ahUAu9|a2oDDg-Kv!0%nDSh7aLb4Op)FyWw-hF9ZkpR-o)% z`l@$P!=dyo6jahpzj-_ygYzF)O2(&F};k{+vZ!R19x%1npp*h(#!3eTb$B?zC-W^>8r zVK|+a0+K3nT+Z(VFO81{LJH_x4tY`8+DE(+X~_Q}aU znIz;y6%{u(ON=HSaC@qsIG=XsJtP5cCNwBL1u-FC#A#eyJjH1Al$t#?VWriCPhO8w zJQ4$aWD(d)K4Q;tl}^b-F|NoLZ)B9Lx9H!|bNE!xG_mm+mpIr?gC!ou)&P%O;qR-S z=6FVD9hs_kYft0WyVYEIsJE{?8EN;I3(jTgh3U}_)Qev{T^BZTmTly@N~aYRozsWY zx-MdZjTVzBCYY(`m>Bn%X_&4j>hwA$*oE2^7nhh2SRuw^5p-((4&muMbw6L~&7ZaA z&pPw}(wNVEd1}b6Vt=-JeTXOZ)CO+d&+aZ9KAbcPF^%uHf4nKK1Cp9vniT}L zn_9biyGj^7su2SottcuXpIUrg&n@!o@43rmuk`nP)hYAb2+zH)NL-{+{Jt6M1xIaU zZiHoBmjC8brk9D1?@_a)xz2S`@4g2E$Yqc^2d>H?r|L~2Y@fdR3V*8X&(i7hTAe>j zRQ`lf^-2d6L~`AEC1}rd3mkjAN^mRiFtK1PXbZ}Mv>+^S3(NxDaH2ijnAELjLH9 zM&d8k-+`I zl$wOEEmM|B%Yo%9zyPWodV$opt-zwAndTK|mQ%~Ya$=eJuh&th+m>}Y z^wOwKdDANHMHi?box~?6TEwO07>E4-yOb#4fRdmq5 z!3C>q+e(c(c7g+^m;^3C z(QieAph)j&WY!3vf#Z{<1#5*1q9-vKjTIX6S12nm`Nd*T=e$z{0HneI;eoIg-#6;K z^h#AySjnwqR#Gd$N|LkRArB6}8zg2bk>1JROvjW^pamv%p9JLv!I(M9Q6gJnOz(nc br0qISu!LaQ(mn~Q3xfXu?^~^w+!Fu*1)Xt= diff --git a/creusot/tests/should_succeed/iterators/16_take.mlcfg b/creusot/tests/should_succeed/iterators/16_take.mlcfg index 2a3c67ffa3..c4c47a0eb9 100644 --- a/creusot/tests/should_succeed/iterators/16_take.mlcfg +++ b/creusot/tests/should_succeed/iterators/16_take.mlcfg @@ -30,6 +30,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -77,13 +78,14 @@ module C16Take_Impl0_Completed use prelude.Borrow use prelude.UIntSize use prelude.Int + use prelude.Bool clone C16Take_Common_Iterator_Completed_Stub as Completed0 with type self = i use C16Take_Take_Type as C16Take_Take_Type clone CreusotContracts_Resolve_Impl1_Resolve_Stub as Resolve0 with type t = C16Take_Take_Type.t_take i predicate completed [#"../16_take.rs" 22 4 22 35] (self : borrowed (C16Take_Take_Type.t_take i)) = - [#"../16_take.rs" 23 8 26 9] UIntSize.to_int (C16Take_Take_Type.take_n ( * self)) = 0 /\ Resolve0.resolve self \/ UIntSize.to_int (C16Take_Take_Type.take_n ( * self)) > 0 /\ UIntSize.to_int (C16Take_Take_Type.take_n ( * self)) = UIntSize.to_int (C16Take_Take_Type.take_n ( ^ self)) + 1 /\ Completed0.completed {current = C16Take_Take_Type.take_iter ( * self); final = C16Take_Take_Type.take_iter ( ^ self)} + [#"../16_take.rs" 23 8 26 9] UIntSize.to_int (C16Take_Take_Type.take_n ( * self)) = 0 /\ Resolve0.resolve self \/ Int.gt (UIntSize.to_int (C16Take_Take_Type.take_n ( * self))) 0 /\ UIntSize.to_int (C16Take_Take_Type.take_n ( * self)) = Int.add (UIntSize.to_int (C16Take_Take_Type.take_n ( ^ self))) 1 /\ Completed0.completed {current = C16Take_Take_Type.take_iter ( * self); final = C16Take_Take_Type.take_iter ( ^ self)} val completed [#"../16_take.rs" 22 4 22 35] (self : borrowed (C16Take_Take_Type.t_take i)) : bool ensures { result = completed self } @@ -290,6 +292,7 @@ module C16Take_Impl0_Produces use seq.Seq use prelude.UIntSize use prelude.Int + use prelude.Bool clone C16Take_Common_Iterator_Item_Type as Item0 with type self = i clone C16Take_Common_Iterator_Produces_Stub as Produces0 with @@ -299,7 +302,7 @@ module C16Take_Impl0_Produces predicate produces [#"../16_take.rs" 31 4 31 64] (self : C16Take_Take_Type.t_take i) (visited : Seq.seq Item0.item) (o : C16Take_Take_Type.t_take i) = - [#"../16_take.rs" 32 8 34 9] UIntSize.to_int (C16Take_Take_Type.take_n self) = UIntSize.to_int (C16Take_Take_Type.take_n o) + Seq.length visited /\ Produces0.produces (C16Take_Take_Type.take_iter self) visited (C16Take_Take_Type.take_iter o) + [#"../16_take.rs" 32 8 34 9] UIntSize.to_int (C16Take_Take_Type.take_n self) = Int.add (UIntSize.to_int (C16Take_Take_Type.take_n o)) (Seq.length visited) /\ Produces0.produces (C16Take_Take_Type.take_iter self) visited (C16Take_Take_Type.take_iter o) val produces [#"../16_take.rs" 31 4 31 64] (self : C16Take_Take_Type.t_take i) (visited : Seq.seq Item0.item) (o : C16Take_Take_Type.t_take i) : bool ensures { result = produces self visited o } @@ -692,13 +695,13 @@ module C16Take_Impl0_Next goto BB0 } BB0 { - switch ([#"../16_take.rs" 54 11 54 22] C16Take_Take_Type.take_n ( * self) <> ([#"../16_take.rs" 54 21 54 22] [#"../16_take.rs" 54 21 54 22] (0 : usize))) + switch ([#"../16_take.rs" 54 11 54 22] UIntSize.ne (C16Take_Take_Type.take_n ( * self)) ([#"../16_take.rs" 54 21 54 22] [#"../16_take.rs" 54 21 54 22] (0 : usize))) | False -> goto BB3 | True -> goto BB1 end } BB1 { - self <- { self with current = (let C16Take_Take_Type.C_Take a b = * self in C16Take_Take_Type.C_Take a ([#"../16_take.rs" 55 12 55 23] C16Take_Take_Type.take_n ( * self) - ([#"../16_take.rs" 55 22 55 23] [#"../16_take.rs" 55 22 55 23] (1 : usize)))) }; + self <- { self with current = (let C16Take_Take_Type.C_Take a b = * self in C16Take_Take_Type.C_Take a ([#"../16_take.rs" 55 12 55 23] UIntSize.sub (C16Take_Take_Type.take_n ( * self)) ([#"../16_take.rs" 55 22 55 23] [#"../16_take.rs" 55 22 55 23] (1 : usize)))) }; _5 <- Borrow.borrow_mut (C16Take_Take_Type.take_iter ( * self)); self <- { self with current = (let C16Take_Take_Type.C_Take a b = * self in C16Take_Take_Type.C_Take ( ^ _5) b) }; assume { Inv1.inv ( ^ _5) }; @@ -726,6 +729,7 @@ module C16Take_Impl0 type i use prelude.Borrow use seq.Seq + use prelude.Bool clone C16Take_Common_Iterator_Item_Type as Item0 with type self = i use seq.Seq diff --git a/creusot/tests/should_succeed/iterators/16_take/why3session.xml b/creusot/tests/should_succeed/iterators/16_take/why3session.xml index df447a9495..384bb6b7ab 100644 --- a/creusot/tests/should_succeed/iterators/16_take/why3session.xml +++ b/creusot/tests/should_succeed/iterators/16_take/why3session.xml @@ -7,28 +7,28 @@ - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/iterators/16_take/why3shapes.gz b/creusot/tests/should_succeed/iterators/16_take/why3shapes.gz index 117a5737db60d842dee1e04b1c99ddc38c03101f..0e1754a4e97ccf05049b5c4999c3fb3bc8953d29 100644 GIT binary patch literal 917 zcmV;G18V#qiwFP!00000|D9FKZsRr--TN!Fn>K?2ynM4j7KRZ)1_s%5z~vZ}Otr>1 zQX)HP`}e(k$fjKZgVqa+_jPo6j(GXgLv{MYz4}x2;iuDK9Dc22_3-oR{N@hBhb47h zfrWbIUZ-*Y-uaWI?(=8Mtgv#MqUmWxHhD5xHtF_S%2U-93UPRet(<>(J^yW0E>?37 z)aoJ+tjURHo1&&(*-h1tQ#I%8Cf^?mXb5f7(87<}4JH&_vQ%_M3VoMd%iK&RLSBhe zcTHmpKrB!TEH@5pojIoK?19-svd63o5P(!)`bKXog#vxn}v9 zH^F9_cs5xu*kc9TDi#}7Z#$wPMSjwip_Tw+w@SXhK= zOJ(L97ez}bIlb=*TSDixC91Hcn3h_i@+o4m=nnW)xOSYT@lU`1^zt1Ozq;=}MlI#8 zKMd|@DS65PYr`8zEW`vrw8!89cgE=MaQ0J7c#0Wh0osDJU@|ZyfcL|2mi!a`htMxK zw(j7IJH5Ag6<;$X=8Kll`Z~QMc;ZY%Yx{hM%{#Jw4sl$(UGu)U!AIW>e2rY+YZPsU z=ljueJf)=02ZobdVVGPH2Ax-7I7N0mq- zVuHXHgF;N)D1`YjgD)w>h-K`ePy{Gg#L$gGjLr&$RoKL?9p8ujX({ao^3g~wHH-35 zo#hLQw`*RMFZgcYx3hSc0W|o(&X*&Pv$8zhd_gZ>$R&|)ei2LL^C-6e1w$=kB;DC% zsNvlc2h}d#gT(;jd4Tclf^YtM_vTzFGfgF{ zvZ?Ry)c=Q4hu>=DJ0e@vb0=gk+RhnmykbD8+0%|uUCBl?ykQM(pdqW)wStJ=aKI0t zqb)Ut=#KYwfH=r7j4TuJK z1FV7cD(Z2r3GcP(TV^^AE$75>LY$(SleVJJP||>z3!qmT#~SaAYz;`_ocG{pi)WYg r9&{|AMM3X6sk#;`de98(RL6O1IO%)ZDQ98MrN5FuZH3x91cIk0(&rw6=b03r3H^MD2Z&1 z>`GhPyKVk`M$5-kfmY%+yWghK zUzX?|X76!7{z)OzNb7f>Q{3;IkH^8De{!J;t4AcDFzILkxI|rPp_;El3M`A%;lswjWPQe4zh%>QiAS+A&Jl!*vx9 z)yWF1&-&#(C~|=4<1**(_9hj%ek~I;>$wjRi?o#Ro_-IJS z7?#8*u6#T&9U+YKF_XIA1*F|8vsegCxqgHQqyXM*V;7KLb%Ekz1l;Qa*B05i3(bu* zG*x!Na??Yseb-HI<8b_T_DaZ`HeI^GRqVp@y&_RJ-PkU;^VKl=e^2MbNViyd?!=vD zh@uyY#1!XF$b6vW_D4AMeU8*rJYP5TD#R;f7hkC2Y7zNr5!*YyWowA#Zf~xTbm2*> z=UeHHvsvG~Q-!VOfQ5UVo{wy*Wa@0zx3As*V`=8!YUO<3HTR&fR-W}88VFJ{i2)oZ zf2CU4iWXbmLd#Z4d+B5_K@Xkrnt5%c;aoW$BvVjV04*>An6_>;0RV?Ur{Bw(84$AL zftjEjI*+~YwWy$OLARh+{!v@X*;|e2y7XUtVoCA0-x}lebp;rSf&!|o@qHz&`1>irU%Sdm} G2mk<0O}D=Q diff --git a/creusot/tests/should_succeed/knapsack.mlcfg b/creusot/tests/should_succeed/knapsack.mlcfg index 8465786c82..d65962a732 100644 --- a/creusot/tests/should_succeed/knapsack.mlcfg +++ b/creusot/tests/should_succeed/knapsack.mlcfg @@ -24,7 +24,7 @@ module Knapsack_Max goto BB0 } BB0 { - switch ([#"../knapsack.rs" 16 7 16 12] a < b) + switch ([#"../knapsack.rs" 16 7 16 12] UIntSize.lt a b) | False -> goto BB2 | True -> goto BB1 end @@ -86,6 +86,7 @@ module Knapsack_M_Stub type name use prelude.Int use seq.Seq + use prelude.Bool use Knapsack_Item_Type as Knapsack_Item_Type use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -96,24 +97,26 @@ module Knapsack_M_Interface type name use prelude.Int use seq.Seq + use prelude.Bool use Knapsack_Item_Type as Knapsack_Item_Type use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = Seq.seq (Knapsack_Item_Type.t_item name) function m [#"../knapsack.rs" 34 0 34 57] (items : Seq.seq (Knapsack_Item_Type.t_item name)) (i : int) (w : int) : int val m [#"../knapsack.rs" 34 0 34 57] (items : Seq.seq (Knapsack_Item_Type.t_item name)) (i : int) (w : int) : int - requires {[#"../knapsack.rs" 31 11 31 37] 0 <= i /\ i <= Seq.length items} - requires {[#"../knapsack.rs" 32 11 32 17] 0 <= w} + requires {[#"../knapsack.rs" 31 11 31 37] Int.le 0 i /\ Int.le i (Seq.length items)} + requires {[#"../knapsack.rs" 32 11 32 17] Int.le 0 w} requires {[#"../knapsack.rs" 34 11 34 16] Inv0.inv items} - ensures { [#"../knapsack.rs" 33 10 33 21] result >= 0 } + ensures { [#"../knapsack.rs" 33 10 33 21] Int.ge result 0 } ensures { result = m items i w } - axiom m_spec : forall items : Seq.seq (Knapsack_Item_Type.t_item name), i : int, w : int . ([#"../knapsack.rs" 31 11 31 37] 0 <= i /\ i <= Seq.length items) -> ([#"../knapsack.rs" 32 11 32 17] 0 <= w) -> ([#"../knapsack.rs" 34 11 34 16] Inv0.inv items) -> ([#"../knapsack.rs" 33 10 33 21] m items i w >= 0) + axiom m_spec : forall items : Seq.seq (Knapsack_Item_Type.t_item name), i : int, w : int . ([#"../knapsack.rs" 31 11 31 37] Int.le 0 i /\ Int.le i (Seq.length items)) -> ([#"../knapsack.rs" 32 11 32 17] Int.le 0 w) -> ([#"../knapsack.rs" 34 11 34 16] Inv0.inv items) -> ([#"../knapsack.rs" 33 10 33 21] Int.ge (m items i w) 0) end module Knapsack_M type name use prelude.Int use seq.Seq + use prelude.Bool use prelude.UIntSize use int.MinMax use Knapsack_Item_Type as Knapsack_Item_Type @@ -122,27 +125,28 @@ module Knapsack_M type t = Seq.seq (Knapsack_Item_Type.t_item name) function m [#"../knapsack.rs" 34 0 34 57] (items : Seq.seq (Knapsack_Item_Type.t_item name)) (i : int) (w : int) : int val m [#"../knapsack.rs" 34 0 34 57] (items : Seq.seq (Knapsack_Item_Type.t_item name)) (i : int) (w : int) : int - requires {[#"../knapsack.rs" 31 11 31 37] 0 <= i /\ i <= Seq.length items} - requires {[#"../knapsack.rs" 32 11 32 17] 0 <= w} + requires {[#"../knapsack.rs" 31 11 31 37] Int.le 0 i /\ Int.le i (Seq.length items)} + requires {[#"../knapsack.rs" 32 11 32 17] Int.le 0 w} requires {[#"../knapsack.rs" 34 11 34 16] Inv0.inv items} - ensures { [#"../knapsack.rs" 33 10 33 21] result >= 0 } + ensures { [#"../knapsack.rs" 33 10 33 21] Int.ge result 0 } ensures { result = m items i w } axiom def : forall items : Seq.seq (Knapsack_Item_Type.t_item name), i : int, w : int . m items i w = ([#"../knapsack.rs" 35 4 42 5] if i = 0 then 0 else - if UIntSize.to_int (Knapsack_Item_Type.item_weight (Seq.get items (i - 1))) > w then - m items (i - 1) w + if Int.gt (UIntSize.to_int (Knapsack_Item_Type.item_weight (Seq.get items (Int.sub i 1)))) w then + m items (Int.sub i 1) w else - MinMax.max (m items (i - 1) w) (m items (i - 1) (w - UIntSize.to_int (Knapsack_Item_Type.item_weight (Seq.get items (i - 1)))) + UIntSize.to_int (Knapsack_Item_Type.item_value (Seq.get items (i - 1)))) + MinMax.max (m items (Int.sub i 1) w) (Int.add (m items (Int.sub i 1) (Int.sub w (UIntSize.to_int (Knapsack_Item_Type.item_weight (Seq.get items (Int.sub i 1)))))) (UIntSize.to_int (Knapsack_Item_Type.item_value (Seq.get items (Int.sub i 1))))) ) - axiom m_spec : forall items : Seq.seq (Knapsack_Item_Type.t_item name), i : int, w : int . ([#"../knapsack.rs" 31 11 31 37] 0 <= i /\ i <= Seq.length items) -> ([#"../knapsack.rs" 32 11 32 17] 0 <= w) -> ([#"../knapsack.rs" 34 11 34 16] Inv0.inv items) -> ([#"../knapsack.rs" 33 10 33 21] m items i w >= 0) + axiom m_spec : forall items : Seq.seq (Knapsack_Item_Type.t_item name), i : int, w : int . ([#"../knapsack.rs" 31 11 31 37] Int.le 0 i /\ Int.le i (Seq.length items)) -> ([#"../knapsack.rs" 32 11 32 17] Int.le 0 w) -> ([#"../knapsack.rs" 34 11 34 16] Inv0.inv items) -> ([#"../knapsack.rs" 33 10 33 21] Int.ge (m items i w) 0) end module Knapsack_M_Impl type name use prelude.Int use seq.Seq + use prelude.Bool use prelude.UIntSize use int.MinMax use Knapsack_Item_Type as Knapsack_Item_Type @@ -154,20 +158,20 @@ module Knapsack_M_Impl predicate Inv0.inv = Inv0.inv, axiom . let rec ghost function m [#"../knapsack.rs" 34 0 34 57] (items : Seq.seq (Knapsack_Item_Type.t_item name)) (i : int) (w : int) : int - requires {[#"../knapsack.rs" 31 11 31 37] 0 <= i /\ i <= Seq.length items} - requires {[#"../knapsack.rs" 32 11 32 17] 0 <= w} + requires {[#"../knapsack.rs" 31 11 31 37] Int.le 0 i /\ Int.le i (Seq.length items)} + requires {[#"../knapsack.rs" 32 11 32 17] Int.le 0 w} requires {[#"../knapsack.rs" 34 11 34 16] Inv0.inv items} - ensures { [#"../knapsack.rs" 33 10 33 21] result >= 0 } + ensures { [#"../knapsack.rs" 33 10 33 21] Int.ge result 0 } variant {[#"../knapsack.rs" 30 10 30 11] i} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../knapsack.rs" 35 4 42 5] if pure {i = 0} then + [#"../knapsack.rs" 35 4 42 5] if i = 0 then 0 else - if pure {UIntSize.to_int (Knapsack_Item_Type.item_weight (Seq.get items (i - 1))) > w} then - m items (i - 1) w + if Int.gt (UIntSize.to_int (Knapsack_Item_Type.item_weight (Seq.get items (Int.sub i 1)))) w then + m items (Int.sub i 1) w else - let a' = m items (i - 1) w in let b' = m items (i - 1) (w - UIntSize.to_int (Knapsack_Item_Type.item_weight (Seq.get items (i - 1)))) + UIntSize.to_int (Knapsack_Item_Type.item_value (Seq.get items (i - 1))) in MinMax.max a' b' + let a' = m items (Int.sub i 1) w in let b' = Int.add (m items (Int.sub i 1) (Int.sub w (UIntSize.to_int (Knapsack_Item_Type.item_weight (Seq.get items (Int.sub i 1)))))) (UIntSize.to_int (Knapsack_Item_Type.item_value (Seq.get items (Int.sub i 1)))) in MinMax.max a' b' end @@ -306,11 +310,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -328,11 +332,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub type t @@ -418,6 +422,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve type t use prelude.Int use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -439,7 +444,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve predicate Inv1.inv = Inv1.inv, axiom . predicate resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) = - [#"../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Resolve0.resolve (IndexLogic0.index_logic self i) + [#"../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Resolve0.resolve (IndexLogic0.index_logic self i) val resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = resolve self } @@ -460,6 +465,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -471,6 +477,7 @@ module Alloc_Vec_FromElem_Interface use seq.Seq use prelude.UIntSize use prelude.Int + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv2 with type t = Seq.seq t @@ -494,7 +501,7 @@ module Alloc_Vec_FromElem_Interface val from_elem (elem : t) (n : usize) : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) requires {Inv0.inv elem} ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 157 22 157 41] Seq.length (ShallowModel0.shallow_model result) = UIntSize.to_int n } - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 158 12 158 78] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> IndexLogic0.index_logic result i = elem } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 158 12 158 78] forall i : int . Int.le 0 i /\ Int.lt i (UIntSize.to_int n) -> IndexLogic0.index_logic result i = elem } ensures { Inv1.inv result } end @@ -503,8 +510,8 @@ module Alloc_Vec_Impl1_Len_Interface type a use prelude.UIntSize use seq.Seq - use prelude.Borrow use prelude.Int + use prelude.Borrow use seq.Seq use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with @@ -684,6 +691,7 @@ module Alloc_Vec_Impl1_Push_Interface type a use prelude.Borrow use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv3 with type t = Seq.seq t @@ -747,6 +755,7 @@ module Alloc_Vec_Impl13_IndexMut_Interface type a use prelude.Borrow use seq.Seq + use prelude.Int use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv4 with @@ -821,7 +830,7 @@ module CreusotContracts_Std1_Slice_Impl5_InBounds use prelude.UIntSize use seq.Seq predicate in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] UIntSize.to_int self < Seq.length seq + [#"../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] Int.lt (UIntSize.to_int self) (Seq.length seq) val in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) : bool ensures { result = in_bounds self seq } @@ -848,6 +857,7 @@ module CreusotContracts_Std1_Slice_Impl5_HasValue use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) = [#"../../../../creusot-contracts/src/std/slice.rs" 115 20 115 37] Seq.get seq (UIntSize.to_int self) = out val has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) : bool @@ -876,8 +886,9 @@ module CreusotContracts_Std1_Slice_Impl5_ResolveElswhere use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 122 8 122 96] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i + [#"../../../../creusot-contracts/src/std/slice.rs" 122 8 122 96] forall i : int . Int.le 0 i /\ i <> UIntSize.to_int self /\ Int.lt i (Seq.length old') -> Seq.get old' i = Seq.get fin i val resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) : bool ensures { result = resolve_elswhere self old' fin } @@ -906,6 +917,7 @@ module Knapsack_Knapsack01Dyn_Interface use seq.Seq use prelude.Int use prelude.UIntSize + use prelude.Bool use prelude.Borrow use Knapsack_Item_Type as Knapsack_Item_Type use seq.Seq @@ -922,9 +934,9 @@ module Knapsack_Knapsack01Dyn_Interface type t = Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global), type ShallowModelTy0.shallowModelTy = Seq.seq (Knapsack_Item_Type.t_item name) val knapsack01_dyn [#"../knapsack.rs" 48 0 48 91] (items : Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)) (max_weight : usize) : Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global) - requires {[#"../knapsack.rs" 45 11 45 34] Seq.length (ShallowModel0.shallow_model items) < 10000000} - requires {[#"../knapsack.rs" 46 11 46 33] UIntSize.to_int max_weight < 10000000} - requires {[#"../knapsack.rs" 47 0 47 86] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model items) -> UIntSize.to_int (Knapsack_Item_Type.item_value (IndexLogic0.index_logic items i)) <= 10000000} + requires {[#"../knapsack.rs" 45 11 45 34] Int.lt (Seq.length (ShallowModel0.shallow_model items)) 10000000} + requires {[#"../knapsack.rs" 46 11 46 33] Int.lt (UIntSize.to_int max_weight) 10000000} + requires {[#"../knapsack.rs" 47 0 47 86] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model items)) -> Int.le (UIntSize.to_int (Knapsack_Item_Type.item_value (IndexLogic0.index_logic items i))) 10000000} requires {[#"../knapsack.rs" 48 28 48 33] Inv0.inv items} ensures { [#"../knapsack.rs" 48 75 48 91] Inv1.inv result } @@ -934,6 +946,7 @@ module Knapsack_Knapsack01Dyn use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool use prelude.Borrow use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Knapsack_Item_Type as Knapsack_Item_Type @@ -1271,9 +1284,9 @@ module Knapsack_Knapsack01Dyn val Max0.mAX' = Max1.mAX', predicate Inv2.inv = Inv5.inv let rec cfg knapsack01_dyn [#"../knapsack.rs" 48 0 48 91] [@cfg:stackify] [@cfg:subregion_analysis] (items : Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)) (max_weight : usize) : Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global) - requires {[#"../knapsack.rs" 45 11 45 34] Seq.length (ShallowModel0.shallow_model items) < 10000000} - requires {[#"../knapsack.rs" 46 11 46 33] UIntSize.to_int max_weight < 10000000} - requires {[#"../knapsack.rs" 47 0 47 86] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model items) -> UIntSize.to_int (Knapsack_Item_Type.item_value (IndexLogic1.index_logic items i)) <= 10000000} + requires {[#"../knapsack.rs" 45 11 45 34] Int.lt (Seq.length (ShallowModel0.shallow_model items)) 10000000} + requires {[#"../knapsack.rs" 46 11 46 33] Int.lt (UIntSize.to_int max_weight) 10000000} + requires {[#"../knapsack.rs" 47 0 47 86] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model items)) -> Int.le (UIntSize.to_int (Knapsack_Item_Type.item_value (IndexLogic1.index_logic items i))) 10000000} requires {[#"../knapsack.rs" 48 28 48 33] Inv0.inv items} ensures { [#"../knapsack.rs" 48 75 48 91] Inv2.inv result } @@ -1317,7 +1330,7 @@ module Knapsack_Knapsack01Dyn goto BB0 } BB0 { - _7 <- ([#"../knapsack.rs" 49 30 49 53] FromElem0.from_elem ([#"../knapsack.rs" 49 35 49 36] [#"../knapsack.rs" 49 35 49 36] (0 : usize)) ([#"../knapsack.rs" 49 38 49 52] max_weight + ([#"../knapsack.rs" 49 51 49 52] [#"../knapsack.rs" 49 51 49 52] (1 : usize)))); + _7 <- ([#"../knapsack.rs" 49 30 49 53] FromElem0.from_elem ([#"../knapsack.rs" 49 35 49 36] [#"../knapsack.rs" 49 35 49 36] (0 : usize)) ([#"../knapsack.rs" 49 38 49 52] UIntSize.add max_weight ([#"../knapsack.rs" 49 51 49 52] [#"../knapsack.rs" 49 51 49 52] (1 : usize)))); goto BB1 } BB1 { @@ -1325,7 +1338,7 @@ module Knapsack_Knapsack01Dyn goto BB2 } BB2 { - best_value <- ([#"../knapsack.rs" 49 25 49 71] FromElem1.from_elem _7 ([#"../knapsack.rs" 49 55 49 70] _11 + ([#"../knapsack.rs" 49 69 49 70] [#"../knapsack.rs" 49 69 49 70] (1 : usize)))); + best_value <- ([#"../knapsack.rs" 49 25 49 71] FromElem1.from_elem _7 ([#"../knapsack.rs" 49 55 49 70] UIntSize.add _11 ([#"../knapsack.rs" 49 69 49 70] [#"../knapsack.rs" 49 69 49 70] (1 : usize)))); _7 <- any Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global); _11 <- any usize; goto BB3 @@ -1347,10 +1360,10 @@ module Knapsack_Knapsack01Dyn goto BB8 } BB8 { - invariant { [#"../knapsack.rs" 52 16 52 53] Seq.length (ShallowModel0.shallow_model items) + 1 = Seq.length (ShallowModel1.shallow_model best_value) }; - invariant { [#"../knapsack.rs" 52 4 52 55] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel1.shallow_model best_value) -> UIntSize.to_int max_weight + 1 = Seq.length (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value i)) }; - invariant { [#"../knapsack.rs" 52 4 52 55] forall ww : int . forall ii : int . 0 <= ii /\ ii <= UIntSize.to_int i /\ 0 <= ww /\ ww <= UIntSize.to_int max_weight -> UIntSize.to_int (Seq.get (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value ii)) ww) = M0.m (ShallowModel0.shallow_model items) ii ww }; - invariant { [#"../knapsack.rs" 52 4 52 55] forall ww : int . forall ii : int . 0 <= ii /\ ii <= Seq.length (ShallowModel0.shallow_model items) /\ 0 <= ww /\ ww <= UIntSize.to_int max_weight -> UIntSize.to_int (Seq.get (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value ii)) ww) <= 10000000 * ii }; + invariant { [#"../knapsack.rs" 52 16 52 53] Int.add (Seq.length (ShallowModel0.shallow_model items)) 1 = Seq.length (ShallowModel1.shallow_model best_value) }; + invariant { [#"../knapsack.rs" 52 4 52 55] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel1.shallow_model best_value)) -> Int.add (UIntSize.to_int max_weight) 1 = Seq.length (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value i)) }; + invariant { [#"../knapsack.rs" 52 4 52 55] forall ww : int . forall ii : int . Int.le 0 ii /\ Int.le ii (UIntSize.to_int i) /\ Int.le 0 ww /\ Int.le ww (UIntSize.to_int max_weight) -> UIntSize.to_int (Seq.get (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value ii)) ww) = M0.m (ShallowModel0.shallow_model items) ii ww }; + invariant { [#"../knapsack.rs" 52 4 52 55] forall ww : int . forall ii : int . Int.le 0 ii /\ Int.le ii (Seq.length (ShallowModel0.shallow_model items)) /\ Int.le 0 ww /\ Int.le ww (UIntSize.to_int max_weight) -> Int.le (UIntSize.to_int (Seq.get (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value ii)) ww)) (Int.mul 10000000 ii) }; goto BB9 } BB9 { @@ -1358,7 +1371,7 @@ module Knapsack_Knapsack01Dyn goto BB10 } BB10 { - switch ([#"../knapsack.rs" 59 10 59 25] i < _22) + switch ([#"../knapsack.rs" 59 10 59 25] UIntSize.lt i _22) | False -> goto BB34 | True -> goto BB11 end @@ -1390,21 +1403,21 @@ module Knapsack_Knapsack01Dyn goto BB18 } BB18 { - invariant { [#"../knapsack.rs" 66 20 66 57] Seq.length (ShallowModel0.shallow_model items) + 1 = Seq.length (ShallowModel1.shallow_model best_value) }; - invariant { [#"../knapsack.rs" 66 8 66 59] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel1.shallow_model best_value) -> UIntSize.to_int max_weight + 1 = Seq.length (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value i)) }; - invariant { [#"../knapsack.rs" 66 8 66 59] forall ww : int . forall ii : int . 0 <= ii /\ ii <= UIntSize.to_int i /\ 0 <= ww /\ ww <= UIntSize.to_int max_weight -> UIntSize.to_int (Seq.get (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value ii)) ww) = M0.m (ShallowModel0.shallow_model items) ii ww }; - invariant { [#"../knapsack.rs" 66 8 66 59] forall ww : int . 0 <= ww /\ ww <= UIntSize.to_int w - 1 -> UIntSize.to_int (Seq.get (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value (UIntSize.to_int i + 1))) ww) = M0.m (ShallowModel0.shallow_model items) (UIntSize.to_int i + 1) ww }; - invariant { [#"../knapsack.rs" 66 8 66 59] forall ww : int . forall ii : int . 0 <= ii /\ ii <= Seq.length (ShallowModel0.shallow_model items) /\ 0 <= ww /\ ww <= UIntSize.to_int max_weight -> UIntSize.to_int (Seq.get (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value ii)) ww) <= 10000000 * ii }; + invariant { [#"../knapsack.rs" 66 20 66 57] Int.add (Seq.length (ShallowModel0.shallow_model items)) 1 = Seq.length (ShallowModel1.shallow_model best_value) }; + invariant { [#"../knapsack.rs" 66 8 66 59] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel1.shallow_model best_value)) -> Int.add (UIntSize.to_int max_weight) 1 = Seq.length (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value i)) }; + invariant { [#"../knapsack.rs" 66 8 66 59] forall ww : int . forall ii : int . Int.le 0 ii /\ Int.le ii (UIntSize.to_int i) /\ Int.le 0 ww /\ Int.le ww (UIntSize.to_int max_weight) -> UIntSize.to_int (Seq.get (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value ii)) ww) = M0.m (ShallowModel0.shallow_model items) ii ww }; + invariant { [#"../knapsack.rs" 66 8 66 59] forall ww : int . Int.le 0 ww /\ Int.le ww (Int.sub (UIntSize.to_int w) 1) -> UIntSize.to_int (Seq.get (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value (Int.add (UIntSize.to_int i) 1))) ww) = M0.m (ShallowModel0.shallow_model items) (Int.add (UIntSize.to_int i) 1) ww }; + invariant { [#"../knapsack.rs" 66 8 66 59] forall ww : int . forall ii : int . Int.le 0 ii /\ Int.le ii (Seq.length (ShallowModel0.shallow_model items)) /\ Int.le 0 ww /\ Int.le ww (UIntSize.to_int max_weight) -> Int.le (UIntSize.to_int (Seq.get (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value ii)) ww)) (Int.mul 10000000 ii) }; goto BB19 } BB19 { - switch ([#"../knapsack.rs" 76 14 76 29] w <= max_weight) + switch ([#"../knapsack.rs" 76 14 76 29] UIntSize.le w max_weight) | False -> goto BB33 | True -> goto BB20 end } BB20 { - switch ([#"../knapsack.rs" 77 38 77 51] Knapsack_Item_Type.item_weight it > w) + switch ([#"../knapsack.rs" 77 38 77 51] UIntSize.gt (Knapsack_Item_Type.item_weight it) w) | False -> goto BB24 | True -> goto BB21 end @@ -1434,11 +1447,11 @@ module Knapsack_Knapsack01Dyn goto BB27 } BB27 { - _57 <- ([#"../knapsack.rs" 80 38 80 66] Index2.index ([#"../knapsack.rs" 80 38 80 51] _59) ([#"../knapsack.rs" 80 52 80 65] w - Knapsack_Item_Type.item_weight it)); + _57 <- ([#"../knapsack.rs" 80 38 80 66] Index2.index ([#"../knapsack.rs" 80 38 80 51] _59) ([#"../knapsack.rs" 80 52 80 65] UIntSize.sub w (Knapsack_Item_Type.item_weight it))); goto BB28 } BB28 { - _38 <- ([#"../knapsack.rs" 80 16 80 78] Max0.max _49 ([#"../knapsack.rs" 80 38 80 77] _57 + Knapsack_Item_Type.item_value it)); + _38 <- ([#"../knapsack.rs" 80 16 80 78] Max0.max _49 ([#"../knapsack.rs" 80 38 80 77] UIntSize.add _57 (Knapsack_Item_Type.item_value it))); goto BB29 } BB29 { @@ -1447,7 +1460,7 @@ module Knapsack_Knapsack01Dyn BB30 { _69 <- Borrow.borrow_mut best_value; best_value <- ^ _69; - _68 <- ([#"../knapsack.rs" 77 12 77 29] IndexMut0.index_mut _69 ([#"../knapsack.rs" 77 23 77 28] i + ([#"../knapsack.rs" 77 27 77 28] [#"../knapsack.rs" 77 27 77 28] (1 : usize)))); + _68 <- ([#"../knapsack.rs" 77 12 77 29] IndexMut0.index_mut _69 ([#"../knapsack.rs" 77 23 77 28] UIntSize.add i ([#"../knapsack.rs" 77 27 77 28] [#"../knapsack.rs" 77 27 77 28] (1 : usize)))); _69 <- any borrowed (Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)); goto BB31 } @@ -1463,14 +1476,14 @@ module Knapsack_Knapsack01Dyn _38 <- any usize; assume { Resolve3.resolve _66 }; assume { Resolve4.resolve _68 }; - w <- ([#"../knapsack.rs" 82 12 82 18] w + ([#"../knapsack.rs" 82 17 82 18] [#"../knapsack.rs" 82 17 82 18] (1 : usize))); + w <- ([#"../knapsack.rs" 82 12 82 18] UIntSize.add w ([#"../knapsack.rs" 82 17 82 18] [#"../knapsack.rs" 82 17 82 18] (1 : usize))); _19 <- ([#"../knapsack.rs" 82 12 82 18] ()); goto BB18 } BB33 { assert { [@expl:type invariant] Inv1.inv it }; assume { Resolve2.resolve it }; - i <- ([#"../knapsack.rs" 84 8 84 14] i + ([#"../knapsack.rs" 84 13 84 14] [#"../knapsack.rs" 84 13 84 14] (1 : usize))); + i <- ([#"../knapsack.rs" 84 8 84 14] UIntSize.add i ([#"../knapsack.rs" 84 13 84 14] [#"../knapsack.rs" 84 13 84 14] (1 : usize))); _19 <- ([#"../knapsack.rs" 84 8 84 14] ()); goto BB8 } @@ -1492,18 +1505,18 @@ module Knapsack_Knapsack01Dyn goto BB38 } BB38 { - invariant { [#"../knapsack.rs" 91 16 91 34] UIntSize.to_int j <= Seq.length (ShallowModel0.shallow_model items) }; - invariant { [#"../knapsack.rs" 92 16 92 43] UIntSize.to_int left_weight <= UIntSize.to_int max_weight }; + invariant { [#"../knapsack.rs" 91 16 91 34] Int.le (UIntSize.to_int j) (Seq.length (ShallowModel0.shallow_model items)) }; + invariant { [#"../knapsack.rs" 92 16 92 43] Int.le (UIntSize.to_int left_weight) (UIntSize.to_int max_weight) }; goto BB39 } BB39 { - switch ([#"../knapsack.rs" 93 10 93 15] ([#"../knapsack.rs" 93 10 93 11] [#"../knapsack.rs" 93 10 93 11] (0 : usize)) < j) + switch ([#"../knapsack.rs" 93 10 93 15] UIntSize.lt ([#"../knapsack.rs" 93 10 93 11] [#"../knapsack.rs" 93 10 93 11] (0 : usize)) j) | False -> goto BB50 | True -> goto BB40 end } BB40 { - j <- ([#"../knapsack.rs" 94 8 94 14] j - ([#"../knapsack.rs" 94 13 94 14] [#"../knapsack.rs" 94 13 94 14] (1 : usize))); + j <- ([#"../knapsack.rs" 94 8 94 14] UIntSize.sub j ([#"../knapsack.rs" 94 13 94 14] [#"../knapsack.rs" 94 13 94 14] (1 : usize))); _91 <- ([#"../knapsack.rs" 95 18 95 26] Index0.index ([#"../knapsack.rs" 95 18 95 23] items) j); goto BB41 } @@ -1511,7 +1524,7 @@ module Knapsack_Knapsack01Dyn it1 <- ([#"../knapsack.rs" 95 17 95 26] _91); assert { [@expl:type invariant] Inv1.inv _91 }; assume { Resolve2.resolve _91 }; - _98 <- ([#"../knapsack.rs" 96 11 96 28] Index1.index ([#"../knapsack.rs" 96 11 96 21] best_value) ([#"../knapsack.rs" 96 22 96 27] j + ([#"../knapsack.rs" 96 26 96 27] [#"../knapsack.rs" 96 26 96 27] (1 : usize)))); + _98 <- ([#"../knapsack.rs" 96 11 96 28] Index1.index ([#"../knapsack.rs" 96 11 96 21] best_value) ([#"../knapsack.rs" 96 22 96 27] UIntSize.add j ([#"../knapsack.rs" 96 26 96 27] [#"../knapsack.rs" 96 26 96 27] (1 : usize)))); goto BB42 } BB42 { @@ -1527,7 +1540,7 @@ module Knapsack_Knapsack01Dyn goto BB45 } BB45 { - switch ([#"../knapsack.rs" 96 11 96 71] _96 <> _104) + switch ([#"../knapsack.rs" 96 11 96 71] UIntSize.ne _96 _104) | False -> goto BB48 | True -> goto BB46 end @@ -1543,7 +1556,7 @@ module Knapsack_Knapsack01Dyn BB47 { assert { [@expl:type invariant] Inv1.inv it1 }; assume { Resolve2.resolve it1 }; - left_weight <- ([#"../knapsack.rs" 98 12 98 36] left_weight - Knapsack_Item_Type.item_weight it1); + left_weight <- ([#"../knapsack.rs" 98 12 98 36] UIntSize.sub left_weight (Knapsack_Item_Type.item_weight it1)); _19 <- ([#"../knapsack.rs" 96 72 99 9] ()); goto BB49 } diff --git a/creusot/tests/should_succeed/knapsack_full.mlcfg b/creusot/tests/should_succeed/knapsack_full.mlcfg index ab6eb5a388..196ce2a43d 100644 --- a/creusot/tests/should_succeed/knapsack_full.mlcfg +++ b/creusot/tests/should_succeed/knapsack_full.mlcfg @@ -22,7 +22,7 @@ module KnapsackFull_Max goto BB0 } BB0 { - switch ([#"../knapsack_full.rs" 16 7 16 12] a < b) + switch ([#"../knapsack_full.rs" 16 7 16 12] UIntSize.lt a b) | False -> goto BB2 | True -> goto BB1 end @@ -84,6 +84,7 @@ module KnapsackFull_SumWeights_Stub type name use prelude.Int use seq.Seq + use prelude.Bool use prelude.Borrow use KnapsackFull_Item_Type as KnapsackFull_Item_Type use seq.Seq @@ -96,6 +97,7 @@ module KnapsackFull_SumWeights_Interface type name use prelude.Int use seq.Seq + use prelude.Bool use prelude.Borrow use KnapsackFull_Item_Type as KnapsackFull_Item_Type use seq.Seq @@ -104,17 +106,18 @@ module KnapsackFull_SumWeights_Interface function sum_weights [#"../knapsack_full.rs" 27 0 27 56] (s : Seq.seq (KnapsackFull_Item_Type.t_item name)) (i : int) : int val sum_weights [#"../knapsack_full.rs" 27 0 27 56] (s : Seq.seq (KnapsackFull_Item_Type.t_item name)) (i : int) : int - requires {[#"../knapsack_full.rs" 25 11 25 33] 0 <= i /\ i <= Seq.length s} + requires {[#"../knapsack_full.rs" 25 11 25 33] Int.le 0 i /\ Int.le i (Seq.length s)} requires {[#"../knapsack_full.rs" 27 21 27 22] Inv0.inv s} - ensures { [#"../knapsack_full.rs" 26 10 26 21] result >= 0 } + ensures { [#"../knapsack_full.rs" 26 10 26 21] Int.ge result 0 } ensures { result = sum_weights s i } - axiom sum_weights_spec : forall s : Seq.seq (KnapsackFull_Item_Type.t_item name), i : int . ([#"../knapsack_full.rs" 25 11 25 33] 0 <= i /\ i <= Seq.length s) -> ([#"../knapsack_full.rs" 27 21 27 22] Inv0.inv s) -> ([#"../knapsack_full.rs" 26 10 26 21] sum_weights s i >= 0) + axiom sum_weights_spec : forall s : Seq.seq (KnapsackFull_Item_Type.t_item name), i : int . ([#"../knapsack_full.rs" 25 11 25 33] Int.le 0 i /\ Int.le i (Seq.length s)) -> ([#"../knapsack_full.rs" 27 21 27 22] Inv0.inv s) -> ([#"../knapsack_full.rs" 26 10 26 21] Int.ge (sum_weights s i) 0) end module KnapsackFull_SumWeights type name use prelude.Int use seq.Seq + use prelude.Bool use prelude.Borrow use prelude.UIntSize use KnapsackFull_Item_Type as KnapsackFull_Item_Type @@ -124,22 +127,23 @@ module KnapsackFull_SumWeights function sum_weights [#"../knapsack_full.rs" 27 0 27 56] (s : Seq.seq (KnapsackFull_Item_Type.t_item name)) (i : int) : int val sum_weights [#"../knapsack_full.rs" 27 0 27 56] (s : Seq.seq (KnapsackFull_Item_Type.t_item name)) (i : int) : int - requires {[#"../knapsack_full.rs" 25 11 25 33] 0 <= i /\ i <= Seq.length s} + requires {[#"../knapsack_full.rs" 25 11 25 33] Int.le 0 i /\ Int.le i (Seq.length s)} requires {[#"../knapsack_full.rs" 27 21 27 22] Inv0.inv s} - ensures { [#"../knapsack_full.rs" 26 10 26 21] result >= 0 } + ensures { [#"../knapsack_full.rs" 26 10 26 21] Int.ge result 0 } ensures { result = sum_weights s i } axiom def : forall s : Seq.seq (KnapsackFull_Item_Type.t_item name), i : int . sum_weights s i = ([#"../knapsack_full.rs" 28 4 31 5] if i = Seq.length s then 0 else - UIntSize.to_int (KnapsackFull_Item_Type.item_weight (Seq.get s i)) + sum_weights s (i + 1) + Int.add (UIntSize.to_int (KnapsackFull_Item_Type.item_weight (Seq.get s i))) (sum_weights s (Int.add i 1)) ) - axiom sum_weights_spec : forall s : Seq.seq (KnapsackFull_Item_Type.t_item name), i : int . ([#"../knapsack_full.rs" 25 11 25 33] 0 <= i /\ i <= Seq.length s) -> ([#"../knapsack_full.rs" 27 21 27 22] Inv0.inv s) -> ([#"../knapsack_full.rs" 26 10 26 21] sum_weights s i >= 0) + axiom sum_weights_spec : forall s : Seq.seq (KnapsackFull_Item_Type.t_item name), i : int . ([#"../knapsack_full.rs" 25 11 25 33] Int.le 0 i /\ Int.le i (Seq.length s)) -> ([#"../knapsack_full.rs" 27 21 27 22] Inv0.inv s) -> ([#"../knapsack_full.rs" 26 10 26 21] Int.ge (sum_weights s i) 0) end module KnapsackFull_SumWeights_Impl type name use prelude.Int use seq.Seq + use prelude.Bool use prelude.Borrow use prelude.UIntSize use KnapsackFull_Item_Type as KnapsackFull_Item_Type @@ -151,22 +155,23 @@ module KnapsackFull_SumWeights_Impl predicate Inv0.inv = Inv0.inv, axiom . let rec ghost function sum_weights [#"../knapsack_full.rs" 27 0 27 56] (s : Seq.seq (KnapsackFull_Item_Type.t_item name)) (i : int) : int - requires {[#"../knapsack_full.rs" 25 11 25 33] 0 <= i /\ i <= Seq.length s} + requires {[#"../knapsack_full.rs" 25 11 25 33] Int.le 0 i /\ Int.le i (Seq.length s)} requires {[#"../knapsack_full.rs" 27 21 27 22] Inv0.inv s} - ensures { [#"../knapsack_full.rs" 26 10 26 21] result >= 0 } - variant {[#"../knapsack_full.rs" 24 10 24 19] Seq.length s - i} + ensures { [#"../knapsack_full.rs" 26 10 26 21] Int.ge result 0 } + variant {[#"../knapsack_full.rs" 24 10 24 19] Int.sub (Seq.length s) i} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../knapsack_full.rs" 28 4 31 5] if pure {i = Seq.length s} then + [#"../knapsack_full.rs" 28 4 31 5] if i = Seq.length s then 0 else - UIntSize.to_int (KnapsackFull_Item_Type.item_weight (Seq.get s i)) + sum_weights s (i + 1) + Int.add (UIntSize.to_int (KnapsackFull_Item_Type.item_weight (Seq.get s i))) (sum_weights s (Int.add i 1)) end module KnapsackFull_SumValues_Stub type name use prelude.Int use seq.Seq + use prelude.Bool use prelude.Borrow use KnapsackFull_Item_Type as KnapsackFull_Item_Type function sum_values [#"../knapsack_full.rs" 37 0 37 55] (s : Seq.seq (KnapsackFull_Item_Type.t_item name)) (i : int) : int @@ -176,12 +181,13 @@ module KnapsackFull_SumValues_Interface type name use prelude.Int use seq.Seq + use prelude.Bool use prelude.Borrow use KnapsackFull_Item_Type as KnapsackFull_Item_Type function sum_values [#"../knapsack_full.rs" 37 0 37 55] (s : Seq.seq (KnapsackFull_Item_Type.t_item name)) (i : int) : int val sum_values [#"../knapsack_full.rs" 37 0 37 55] (s : Seq.seq (KnapsackFull_Item_Type.t_item name)) (i : int) : int - requires {[#"../knapsack_full.rs" 36 11 36 33] i >= 0 /\ i <= Seq.length s} + requires {[#"../knapsack_full.rs" 36 11 36 33] Int.ge i 0 /\ Int.le i (Seq.length s)} ensures { result = sum_values s i } end @@ -189,43 +195,46 @@ module KnapsackFull_SumValues type name use prelude.Int use seq.Seq + use prelude.Bool use prelude.Borrow use prelude.UIntSize use KnapsackFull_Item_Type as KnapsackFull_Item_Type function sum_values [#"../knapsack_full.rs" 37 0 37 55] (s : Seq.seq (KnapsackFull_Item_Type.t_item name)) (i : int) : int val sum_values [#"../knapsack_full.rs" 37 0 37 55] (s : Seq.seq (KnapsackFull_Item_Type.t_item name)) (i : int) : int - requires {[#"../knapsack_full.rs" 36 11 36 33] i >= 0 /\ i <= Seq.length s} + requires {[#"../knapsack_full.rs" 36 11 36 33] Int.ge i 0 /\ Int.le i (Seq.length s)} ensures { result = sum_values s i } axiom def : forall s : Seq.seq (KnapsackFull_Item_Type.t_item name), i : int . sum_values s i = ([#"../knapsack_full.rs" 38 4 41 5] if i = Seq.length s then 0 else - UIntSize.to_int (KnapsackFull_Item_Type.item_value (Seq.get s i)) + sum_values s (i + 1) + Int.add (UIntSize.to_int (KnapsackFull_Item_Type.item_value (Seq.get s i))) (sum_values s (Int.add i 1)) ) end module KnapsackFull_SumValues_Impl type name use prelude.Int use seq.Seq + use prelude.Bool use prelude.Borrow use prelude.UIntSize use KnapsackFull_Item_Type as KnapsackFull_Item_Type let rec ghost function sum_values [#"../knapsack_full.rs" 37 0 37 55] (s : Seq.seq (KnapsackFull_Item_Type.t_item name)) (i : int) : int - requires {[#"../knapsack_full.rs" 36 11 36 33] i >= 0 /\ i <= Seq.length s} - variant {[#"../knapsack_full.rs" 35 10 35 19] Seq.length s - i} + requires {[#"../knapsack_full.rs" 36 11 36 33] Int.ge i 0 /\ Int.le i (Seq.length s)} + variant {[#"../knapsack_full.rs" 35 10 35 19] Int.sub (Seq.length s) i} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../knapsack_full.rs" 38 4 41 5] if pure {i = Seq.length s} then + [#"../knapsack_full.rs" 38 4 41 5] if i = Seq.length s then 0 else - UIntSize.to_int (KnapsackFull_Item_Type.item_value (Seq.get s i)) + sum_values s (i + 1) + Int.add (UIntSize.to_int (KnapsackFull_Item_Type.item_value (Seq.get s i))) (sum_values s (Int.add i 1)) end module KnapsackFull_SubseqRev_Stub type t use prelude.Int use seq.Seq + use prelude.Bool use prelude.Borrow predicate subseq_rev [#"../knapsack_full.rs" 48 0 48 67] (s1 : Seq.seq t) (i1 : int) (s2 : Seq.seq t) (i2 : int) end @@ -233,11 +242,12 @@ module KnapsackFull_SubseqRev_Interface type t use prelude.Int use seq.Seq + use prelude.Bool use prelude.Borrow predicate subseq_rev [#"../knapsack_full.rs" 48 0 48 67] (s1 : Seq.seq t) (i1 : int) (s2 : Seq.seq t) (i2 : int) val subseq_rev [#"../knapsack_full.rs" 48 0 48 67] (s1 : Seq.seq t) (i1 : int) (s2 : Seq.seq t) (i2 : int) : bool - requires {[#"../knapsack_full.rs" 46 11 46 36] 0 <= i1 /\ i1 <= Seq.length s1} - requires {[#"../knapsack_full.rs" 47 11 47 36] 0 <= i2 /\ i2 <= Seq.length s2} + requires {[#"../knapsack_full.rs" 46 11 46 36] Int.le 0 i1 /\ Int.le i1 (Seq.length s1)} + requires {[#"../knapsack_full.rs" 47 11 47 36] Int.le 0 i2 /\ Int.le i2 (Seq.length s2)} ensures { result = subseq_rev s1 i1 s2 i2 } end @@ -245,40 +255,43 @@ module KnapsackFull_SubseqRev type t use prelude.Int use seq.Seq + use prelude.Bool use prelude.Borrow predicate subseq_rev [#"../knapsack_full.rs" 48 0 48 67] (s1 : Seq.seq t) (i1 : int) (s2 : Seq.seq t) (i2 : int) val subseq_rev [#"../knapsack_full.rs" 48 0 48 67] (s1 : Seq.seq t) (i1 : int) (s2 : Seq.seq t) (i2 : int) : bool - requires {[#"../knapsack_full.rs" 46 11 46 36] 0 <= i1 /\ i1 <= Seq.length s1} - requires {[#"../knapsack_full.rs" 47 11 47 36] 0 <= i2 /\ i2 <= Seq.length s2} + requires {[#"../knapsack_full.rs" 46 11 46 36] Int.le 0 i1 /\ Int.le i1 (Seq.length s1)} + requires {[#"../knapsack_full.rs" 47 11 47 36] Int.le 0 i2 /\ Int.le i2 (Seq.length s2)} ensures { result = subseq_rev s1 i1 s2 i2 } axiom def : forall s1 : Seq.seq t, i1 : int, s2 : Seq.seq t, i2 : int . subseq_rev s1 i1 s2 i2 = ([#"../knapsack_full.rs" 49 4 55 5] if i2 = 0 then i1 = Seq.length s1 else - i1 < Seq.length s1 /\ Seq.get s1 i1 = Seq.get s2 (i2 - 1) /\ subseq_rev s1 (i1 + 1) s2 (i2 - 1) \/ subseq_rev s1 i1 s2 (i2 - 1) + Int.lt i1 (Seq.length s1) /\ Seq.get s1 i1 = Seq.get s2 (Int.sub i2 1) /\ subseq_rev s1 (Int.add i1 1) s2 (Int.sub i2 1) \/ subseq_rev s1 i1 s2 (Int.sub i2 1) ) end module KnapsackFull_SubseqRev_Impl type t use prelude.Int use seq.Seq + use prelude.Bool use prelude.Borrow let rec ghost predicate subseq_rev [#"../knapsack_full.rs" 48 0 48 67] (s1 : Seq.seq t) (i1 : int) (s2 : Seq.seq t) (i2 : int) - requires {[#"../knapsack_full.rs" 46 11 46 36] 0 <= i1 /\ i1 <= Seq.length s1} - requires {[#"../knapsack_full.rs" 47 11 47 36] 0 <= i2 /\ i2 <= Seq.length s2} + requires {[#"../knapsack_full.rs" 46 11 46 36] Int.le 0 i1 /\ Int.le i1 (Seq.length s1)} + requires {[#"../knapsack_full.rs" 47 11 47 36] Int.le 0 i2 /\ Int.le i2 (Seq.length s2)} variant {[#"../knapsack_full.rs" 45 10 45 12] i2} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../knapsack_full.rs" 49 4 55 5] if pure {i2 = 0} then - pure {i1 = Seq.length s1} + [#"../knapsack_full.rs" 49 4 55 5] if i2 = 0 then + i1 = Seq.length s1 else - pure {i1 < Seq.length s1} && pure {Seq.get s1 i1 = Seq.get s2 (i2 - 1)} && subseq_rev s1 (i1 + 1) s2 (i2 - 1) || subseq_rev s1 i1 s2 (i2 - 1) + Int.lt i1 (Seq.length s1) && Seq.get s1 i1 = Seq.get s2 (Int.sub i2 1) && subseq_rev s1 (Int.add i1 1) s2 (Int.sub i2 1) || subseq_rev s1 i1 s2 (Int.sub i2 1) end module KnapsackFull_M_Stub type name use prelude.Int use seq.Seq + use prelude.Bool use prelude.Borrow use KnapsackFull_Item_Type as KnapsackFull_Item_Type use seq.Seq @@ -303,6 +316,7 @@ module KnapsackFull_M_Interface type name use prelude.Int use seq.Seq + use prelude.Bool use prelude.Borrow use KnapsackFull_Item_Type as KnapsackFull_Item_Type use seq.Seq @@ -323,19 +337,20 @@ module KnapsackFull_M_Interface function m [#"../knapsack_full.rs" 66 0 66 57] (items : Seq.seq (KnapsackFull_Item_Type.t_item name)) (i : int) (w : int) : int val m [#"../knapsack_full.rs" 66 0 66 57] (items : Seq.seq (KnapsackFull_Item_Type.t_item name)) (i : int) (w : int) : int - requires {[#"../knapsack_full.rs" 60 11 60 37] 0 <= i /\ i <= Seq.length items} - requires {[#"../knapsack_full.rs" 61 11 61 17] 0 <= w} + requires {[#"../knapsack_full.rs" 60 11 60 37] Int.le 0 i /\ Int.le i (Seq.length items)} + requires {[#"../knapsack_full.rs" 61 11 61 17] Int.le 0 w} requires {[#"../knapsack_full.rs" 66 11 66 16] Inv0.inv items} - ensures { [#"../knapsack_full.rs" 62 10 62 21] result >= 0 } - ensures { [#"../knapsack_full.rs" 63 0 65 2] forall j : int . forall s : Seq.seq (KnapsackFull_Item_Type.t_item name) . Inv1.inv s -> 0 <= j /\ j <= Seq.length s /\ SubseqRev0.subseq_rev s j items i /\ SumWeights0.sum_weights s j <= w -> SumValues0.sum_values s j <= result } + ensures { [#"../knapsack_full.rs" 62 10 62 21] Int.ge result 0 } + ensures { [#"../knapsack_full.rs" 63 0 65 2] forall j : int . forall s : Seq.seq (KnapsackFull_Item_Type.t_item name) . Inv1.inv s -> Int.le 0 j /\ Int.le j (Seq.length s) /\ SubseqRev0.subseq_rev s j items i /\ Int.le (SumWeights0.sum_weights s j) w -> Int.le (SumValues0.sum_values s j) result } ensures { result = m items i w } - axiom m_spec : forall items : Seq.seq (KnapsackFull_Item_Type.t_item name), i : int, w : int . ([#"../knapsack_full.rs" 60 11 60 37] 0 <= i /\ i <= Seq.length items) -> ([#"../knapsack_full.rs" 61 11 61 17] 0 <= w) -> ([#"../knapsack_full.rs" 66 11 66 16] Inv0.inv items) -> ([#"../knapsack_full.rs" 63 0 65 2] forall j : int . forall s : Seq.seq (KnapsackFull_Item_Type.t_item name) . Inv1.inv s -> 0 <= j /\ j <= Seq.length s /\ SubseqRev0.subseq_rev s j items i /\ SumWeights0.sum_weights s j <= w -> SumValues0.sum_values s j <= m items i w) && ([#"../knapsack_full.rs" 62 10 62 21] m items i w >= 0) + axiom m_spec : forall items : Seq.seq (KnapsackFull_Item_Type.t_item name), i : int, w : int . ([#"../knapsack_full.rs" 60 11 60 37] Int.le 0 i /\ Int.le i (Seq.length items)) -> ([#"../knapsack_full.rs" 61 11 61 17] Int.le 0 w) -> ([#"../knapsack_full.rs" 66 11 66 16] Inv0.inv items) -> ([#"../knapsack_full.rs" 63 0 65 2] forall j : int . forall s : Seq.seq (KnapsackFull_Item_Type.t_item name) . Inv1.inv s -> Int.le 0 j /\ Int.le j (Seq.length s) /\ SubseqRev0.subseq_rev s j items i /\ Int.le (SumWeights0.sum_weights s j) w -> Int.le (SumValues0.sum_values s j) (m items i w)) && ([#"../knapsack_full.rs" 62 10 62 21] Int.ge (m items i w) 0) end module KnapsackFull_M type name use prelude.Int use seq.Seq + use prelude.Bool use prelude.Borrow use prelude.UIntSize use int.MinMax @@ -358,28 +373,29 @@ module KnapsackFull_M function m [#"../knapsack_full.rs" 66 0 66 57] (items : Seq.seq (KnapsackFull_Item_Type.t_item name)) (i : int) (w : int) : int val m [#"../knapsack_full.rs" 66 0 66 57] (items : Seq.seq (KnapsackFull_Item_Type.t_item name)) (i : int) (w : int) : int - requires {[#"../knapsack_full.rs" 60 11 60 37] 0 <= i /\ i <= Seq.length items} - requires {[#"../knapsack_full.rs" 61 11 61 17] 0 <= w} + requires {[#"../knapsack_full.rs" 60 11 60 37] Int.le 0 i /\ Int.le i (Seq.length items)} + requires {[#"../knapsack_full.rs" 61 11 61 17] Int.le 0 w} requires {[#"../knapsack_full.rs" 66 11 66 16] Inv0.inv items} - ensures { [#"../knapsack_full.rs" 62 10 62 21] result >= 0 } - ensures { [#"../knapsack_full.rs" 63 0 65 2] forall j : int . forall s : Seq.seq (KnapsackFull_Item_Type.t_item name) . Inv1.inv s -> 0 <= j /\ j <= Seq.length s /\ SubseqRev0.subseq_rev s j items i /\ SumWeights0.sum_weights s j <= w -> SumValues0.sum_values s j <= result } + ensures { [#"../knapsack_full.rs" 62 10 62 21] Int.ge result 0 } + ensures { [#"../knapsack_full.rs" 63 0 65 2] forall j : int . forall s : Seq.seq (KnapsackFull_Item_Type.t_item name) . Inv1.inv s -> Int.le 0 j /\ Int.le j (Seq.length s) /\ SubseqRev0.subseq_rev s j items i /\ Int.le (SumWeights0.sum_weights s j) w -> Int.le (SumValues0.sum_values s j) result } ensures { result = m items i w } axiom def : forall items : Seq.seq (KnapsackFull_Item_Type.t_item name), i : int, w : int . m items i w = ([#"../knapsack_full.rs" 67 4 74 5] if i = 0 then 0 else - if UIntSize.to_int (KnapsackFull_Item_Type.item_weight (Seq.get items (i - 1))) > w then - m items (i - 1) w + if Int.gt (UIntSize.to_int (KnapsackFull_Item_Type.item_weight (Seq.get items (Int.sub i 1)))) w then + m items (Int.sub i 1) w else - MinMax.max (m items (i - 1) w) (m items (i - 1) (w - UIntSize.to_int (KnapsackFull_Item_Type.item_weight (Seq.get items (i - 1)))) + UIntSize.to_int (KnapsackFull_Item_Type.item_value (Seq.get items (i - 1)))) + MinMax.max (m items (Int.sub i 1) w) (Int.add (m items (Int.sub i 1) (Int.sub w (UIntSize.to_int (KnapsackFull_Item_Type.item_weight (Seq.get items (Int.sub i 1)))))) (UIntSize.to_int (KnapsackFull_Item_Type.item_value (Seq.get items (Int.sub i 1))))) ) - axiom m_spec : forall items : Seq.seq (KnapsackFull_Item_Type.t_item name), i : int, w : int . ([#"../knapsack_full.rs" 60 11 60 37] 0 <= i /\ i <= Seq.length items) -> ([#"../knapsack_full.rs" 61 11 61 17] 0 <= w) -> ([#"../knapsack_full.rs" 66 11 66 16] Inv0.inv items) -> ([#"../knapsack_full.rs" 63 0 65 2] forall j : int . forall s : Seq.seq (KnapsackFull_Item_Type.t_item name) . Inv1.inv s -> 0 <= j /\ j <= Seq.length s /\ SubseqRev0.subseq_rev s j items i /\ SumWeights0.sum_weights s j <= w -> SumValues0.sum_values s j <= m items i w) && ([#"../knapsack_full.rs" 62 10 62 21] m items i w >= 0) + axiom m_spec : forall items : Seq.seq (KnapsackFull_Item_Type.t_item name), i : int, w : int . ([#"../knapsack_full.rs" 60 11 60 37] Int.le 0 i /\ Int.le i (Seq.length items)) -> ([#"../knapsack_full.rs" 61 11 61 17] Int.le 0 w) -> ([#"../knapsack_full.rs" 66 11 66 16] Inv0.inv items) -> ([#"../knapsack_full.rs" 63 0 65 2] forall j : int . forall s : Seq.seq (KnapsackFull_Item_Type.t_item name) . Inv1.inv s -> Int.le 0 j /\ Int.le j (Seq.length s) /\ SubseqRev0.subseq_rev s j items i /\ Int.le (SumWeights0.sum_weights s j) w -> Int.le (SumValues0.sum_values s j) (m items i w)) && ([#"../knapsack_full.rs" 62 10 62 21] Int.ge (m items i w) 0) end module KnapsackFull_M_Impl type name use prelude.Int use seq.Seq + use prelude.Bool use prelude.Borrow use prelude.UIntSize use int.MinMax @@ -408,21 +424,21 @@ module KnapsackFull_M_Impl type t = KnapsackFull_Item_Type.t_item name, axiom . let rec ghost function m [#"../knapsack_full.rs" 66 0 66 57] (items : Seq.seq (KnapsackFull_Item_Type.t_item name)) (i : int) (w : int) : int - requires {[#"../knapsack_full.rs" 60 11 60 37] 0 <= i /\ i <= Seq.length items} - requires {[#"../knapsack_full.rs" 61 11 61 17] 0 <= w} + requires {[#"../knapsack_full.rs" 60 11 60 37] Int.le 0 i /\ Int.le i (Seq.length items)} + requires {[#"../knapsack_full.rs" 61 11 61 17] Int.le 0 w} requires {[#"../knapsack_full.rs" 66 11 66 16] Inv0.inv items} - ensures { [#"../knapsack_full.rs" 62 10 62 21] result >= 0 } - ensures { [#"../knapsack_full.rs" 63 0 65 2] forall j : int . forall s : Seq.seq (KnapsackFull_Item_Type.t_item name) . Inv1.inv s -> 0 <= j /\ j <= Seq.length s /\ SubseqRev0.subseq_rev s j items i /\ SumWeights0.sum_weights s j <= w -> SumValues0.sum_values s j <= result } + ensures { [#"../knapsack_full.rs" 62 10 62 21] Int.ge result 0 } + ensures { [#"../knapsack_full.rs" 63 0 65 2] forall j : int . forall s : Seq.seq (KnapsackFull_Item_Type.t_item name) . Inv1.inv s -> Int.le 0 j /\ Int.le j (Seq.length s) /\ SubseqRev0.subseq_rev s j items i /\ Int.le (SumWeights0.sum_weights s j) w -> Int.le (SumValues0.sum_values s j) result } variant {[#"../knapsack_full.rs" 59 10 59 11] i} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../knapsack_full.rs" 67 4 74 5] if pure {i = 0} then + [#"../knapsack_full.rs" 67 4 74 5] if i = 0 then 0 else - if pure {UIntSize.to_int (KnapsackFull_Item_Type.item_weight (Seq.get items (i - 1))) > w} then - m items (i - 1) w + if Int.gt (UIntSize.to_int (KnapsackFull_Item_Type.item_weight (Seq.get items (Int.sub i 1)))) w then + m items (Int.sub i 1) w else - let a' = m items (i - 1) w in let b' = m items (i - 1) (w - UIntSize.to_int (KnapsackFull_Item_Type.item_weight (Seq.get items (i - 1)))) + UIntSize.to_int (KnapsackFull_Item_Type.item_value (Seq.get items (i - 1))) in MinMax.max a' b' + let a' = m items (Int.sub i 1) w in let b' = Int.add (m items (Int.sub i 1) (Int.sub w (UIntSize.to_int (KnapsackFull_Item_Type.item_weight (Seq.get items (Int.sub i 1)))))) (UIntSize.to_int (KnapsackFull_Item_Type.item_value (Seq.get items (Int.sub i 1)))) in MinMax.max a' b' end @@ -561,11 +577,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -583,11 +599,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub type t @@ -697,6 +713,7 @@ end module CreusotContracts_Std1_Iter_Range_Impl0_Produces type idx use seq.Seq + use prelude.Bool use prelude.Int use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with @@ -706,7 +723,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Produces predicate produces (self : Core_Ops_Range_Range_Type.t_range idx) (visited : Seq.seq idx) (o : Core_Ops_Range_Range_Type.t_range idx) = - [#"../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) <= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) /\ (Seq.length visited > 0 -> DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) <= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end o)) /\ Seq.length visited = DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) - DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> DeepModel0.deep_model (Seq.get visited i) = DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) + i) + [#"../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ Int.le (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) /\ (Int.gt (Seq.length visited) 0 -> Int.le (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end o))) /\ Seq.length visited = Int.sub (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length visited) -> DeepModel0.deep_model (Seq.get visited i) = Int.add (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) i) val produces (self : Core_Ops_Range_Range_Type.t_range idx) (visited : Seq.seq idx) (o : Core_Ops_Range_Range_Type.t_range idx) : bool ensures { result = produces self visited o } @@ -727,6 +744,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -850,6 +868,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_LeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -938,9 +957,8 @@ module CreusotContracts_Logic_Ord_Impl3_LeLog_Interface end module CreusotContracts_Logic_Ord_Impl3_LeLog use prelude.Int - use int.Int function le_log (self : int) (_2 : int) : bool = - Int.(<=) self _2 + Int.le self _2 val le_log (self : int) (_2 : int) : bool ensures { result = le_log self _2 } @@ -948,6 +966,7 @@ end module CreusotContracts_Std1_Iter_Range_RangeInclusiveLen_Stub type idx use prelude.Int + use prelude.Bool use prelude.Int clone CreusotContracts_Logic_Ord_Impl3_LeLog_Stub as LeLog0 use Core_Ops_Range_RangeInclusive_Type as Core_Ops_Range_RangeInclusive_Type @@ -974,6 +993,7 @@ end module CreusotContracts_Std1_Iter_Range_RangeInclusiveLen_Interface type idx use prelude.Int + use prelude.Bool use prelude.Int clone CreusotContracts_Logic_Ord_Impl3_LeLog_Stub as LeLog0 use Core_Ops_Range_RangeInclusive_Type as Core_Ops_Range_RangeInclusive_Type @@ -1006,6 +1026,7 @@ end module CreusotContracts_Std1_Iter_Range_RangeInclusiveLen type idx use prelude.Int + use prelude.Bool use prelude.Int clone CreusotContracts_Logic_Ord_Impl3_LeLog_Stub as LeLog0 use Core_Ops_Range_RangeInclusive_Type as Core_Ops_Range_RangeInclusive_Type @@ -1031,7 +1052,7 @@ module CreusotContracts_Std1_Iter_Range_RangeInclusiveLen [#"../../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5] if IsEmptyLog0.is_empty_log r then 0 else - DeepModel0.deep_model (EndLog0.end_log r) - DeepModel0.deep_model (StartLog0.start_log r) + 1 + Int.add (Int.sub (DeepModel0.deep_model (EndLog0.end_log r)) (DeepModel0.deep_model (StartLog0.start_log r))) 1 val range_inclusive_len (r : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive idx) : int requires {[#"../../../../creusot-contracts/src/std/iter/range.rs" 46 62 46 63] Inv0.inv r} @@ -1061,6 +1082,7 @@ module CreusotContracts_Std1_Iter_Range_Impl1_Produces type idx use seq.Seq use prelude.Int + use prelude.Bool use prelude.Int clone CreusotContracts_Logic_Ord_Impl3_LeLog_Stub as LeLog0 use Core_Ops_Range_RangeInclusive_Type as Core_Ops_Range_RangeInclusive_Type @@ -1094,7 +1116,7 @@ module CreusotContracts_Std1_Iter_Range_Impl1_Produces predicate produces (self : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive idx) (visited : Seq.seq idx) (o : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive idx) = - [#"../../../../creusot-contracts/src/std/iter/range.rs" 65 8 71 9] Seq.length visited = RangeInclusiveLen0.range_inclusive_len self - RangeInclusiveLen0.range_inclusive_len o /\ (IsEmptyLog0.is_empty_log self -> IsEmptyLog0.is_empty_log o) /\ (IsEmptyLog0.is_empty_log o \/ EndLog0.end_log self = EndLog0.end_log o) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> DeepModel0.deep_model (Seq.get visited i) = DeepModel0.deep_model (StartLog0.start_log self) + i) + [#"../../../../creusot-contracts/src/std/iter/range.rs" 65 8 71 9] Seq.length visited = Int.sub (RangeInclusiveLen0.range_inclusive_len self) (RangeInclusiveLen0.range_inclusive_len o) /\ (IsEmptyLog0.is_empty_log self -> IsEmptyLog0.is_empty_log o) /\ (IsEmptyLog0.is_empty_log o \/ EndLog0.end_log self = EndLog0.end_log o) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length visited) -> DeepModel0.deep_model (Seq.get visited i) = Int.add (DeepModel0.deep_model (StartLog0.start_log self)) i) val produces (self : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive idx) (visited : Seq.seq idx) (o : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive idx) : bool ensures { result = produces self visited o } @@ -1118,6 +1140,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve type t use prelude.Int use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -1139,7 +1162,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve predicate Inv1.inv = Inv1.inv, axiom . predicate resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) = - [#"../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Resolve0.resolve (IndexLogic0.index_logic self i) + [#"../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Resolve0.resolve (IndexLogic0.index_logic self i) val resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = resolve self } @@ -1149,6 +1172,7 @@ module Alloc_Vec_FromElem_Interface use seq.Seq use prelude.UIntSize use prelude.Int + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv2 with type t = Seq.seq t @@ -1172,7 +1196,7 @@ module Alloc_Vec_FromElem_Interface val from_elem (elem : t) (n : usize) : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) requires {Inv0.inv elem} ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 157 22 157 41] Seq.length (ShallowModel0.shallow_model result) = UIntSize.to_int n } - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 158 12 158 78] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> IndexLogic0.index_logic result i = elem } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 158 12 158 78] forall i : int . Int.le 0 i /\ Int.lt i (UIntSize.to_int n) -> IndexLogic0.index_logic result i = elem } ensures { Inv1.inv result } end @@ -1181,8 +1205,8 @@ module Alloc_Vec_Impl1_Len_Interface type a use prelude.UIntSize use seq.Seq - use prelude.Borrow use prelude.Int + use prelude.Borrow use seq.Seq use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with @@ -1442,6 +1466,7 @@ module Alloc_Vec_Impl12_Index_Interface end module Core_Ops_Range_Impl7_New_Interface type idx + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = idx use Core_Ops_Range_RangeInclusive_Type as Core_Ops_Range_RangeInclusive_Type @@ -1567,6 +1592,7 @@ module Alloc_Vec_Impl13_IndexMut_Interface type a use prelude.Borrow use seq.Seq + use prelude.Int use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv4 with @@ -1648,6 +1674,7 @@ module Alloc_Vec_Impl1_Push_Interface type a use prelude.Borrow use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv3 with type t = Seq.seq t @@ -1707,6 +1734,7 @@ module CreusotContracts_Std1_Iter_Impl0_IntoIterPost_Interface end module CreusotContracts_Std1_Iter_Impl0_IntoIterPost type i + use prelude.Bool predicate into_iter_post (self : i) (res : i) = [#"../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19] self = res val into_iter_post (self : i) (res : i) : bool @@ -1865,6 +1893,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Completed type idx use prelude.Borrow use prelude.Int + use prelude.Bool use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with type self = idx, @@ -1873,7 +1902,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Completed clone CreusotContracts_Resolve_Impl1_Resolve_Stub as Resolve0 with type t = Core_Ops_Range_Range_Type.t_range idx predicate completed (self : borrowed (Core_Ops_Range_Range_Type.t_range idx)) = - [#"../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78] Resolve0.resolve self /\ DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start ( * self)) >= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end ( * self)) + [#"../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78] Resolve0.resolve self /\ Int.ge (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start ( * self))) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end ( * self))) val completed (self : borrowed (Core_Ops_Range_Range_Type.t_range idx)) : bool ensures { result = completed self } @@ -1901,7 +1930,7 @@ module CreusotContracts_Std1_Slice_Impl5_InBounds use prelude.UIntSize use seq.Seq predicate in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] UIntSize.to_int self < Seq.length seq + [#"../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] Int.lt (UIntSize.to_int self) (Seq.length seq) val in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) : bool ensures { result = in_bounds self seq } @@ -1928,6 +1957,7 @@ module CreusotContracts_Std1_Slice_Impl5_HasValue use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) = [#"../../../../creusot-contracts/src/std/slice.rs" 115 20 115 37] Seq.get seq (UIntSize.to_int self) = out val has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) : bool @@ -2063,6 +2093,7 @@ end module CreusotContracts_Std1_Iter_Range_Impl1_Completed type idx use prelude.Borrow + use prelude.Bool use prelude.Int use prelude.Int clone CreusotContracts_Logic_Ord_Impl3_LeLog_Stub as LeLog0 @@ -2113,8 +2144,9 @@ module CreusotContracts_Std1_Slice_Impl5_ResolveElswhere use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 122 8 122 96] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i + [#"../../../../creusot-contracts/src/std/slice.rs" 122 8 122 96] forall i : int . Int.le 0 i /\ i <> UIntSize.to_int self /\ Int.lt i (Seq.length old') -> Seq.get old' i = Seq.get fin i val resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) : bool ensures { result = resolve_elswhere self old' fin } @@ -2317,6 +2349,7 @@ module KnapsackFull_Knapsack01Dyn_Interface use seq.Seq use prelude.Int use prelude.UIntSize + use prelude.Bool use prelude.Borrow use KnapsackFull_Item_Type as KnapsackFull_Item_Type use seq.Seq @@ -2353,13 +2386,13 @@ module KnapsackFull_Knapsack01Dyn_Interface type t = Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global), type ShallowModelTy0.shallowModelTy = Seq.seq (KnapsackFull_Item_Type.t_item name) val knapsack01_dyn [#"../knapsack_full.rs" 85 0 85 91] (items : Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)) (max_weight : usize) : Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global) - requires {[#"../knapsack_full.rs" 77 11 77 34] Seq.length (ShallowModel0.shallow_model items) < 10000000} - requires {[#"../knapsack_full.rs" 78 11 78 33] UIntSize.to_int max_weight < 10000000} - requires {[#"../knapsack_full.rs" 79 0 79 86] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model items) -> UIntSize.to_int (KnapsackFull_Item_Type.item_value (IndexLogic0.index_logic items i)) <= 10000000} + requires {[#"../knapsack_full.rs" 77 11 77 34] Int.lt (Seq.length (ShallowModel0.shallow_model items)) 10000000} + requires {[#"../knapsack_full.rs" 78 11 78 33] Int.lt (UIntSize.to_int max_weight) 10000000} + requires {[#"../knapsack_full.rs" 79 0 79 86] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model items)) -> Int.le (UIntSize.to_int (KnapsackFull_Item_Type.item_value (IndexLogic0.index_logic items i))) 10000000} requires {[#"../knapsack_full.rs" 85 28 85 33] Inv0.inv items} - ensures { [#"../knapsack_full.rs" 80 10 80 60] SumWeights0.sum_weights (ShallowModel1.shallow_model result) (Seq.length (ShallowModel1.shallow_model result)) <= UIntSize.to_int max_weight } + ensures { [#"../knapsack_full.rs" 80 10 80 60] Int.le (SumWeights0.sum_weights (ShallowModel1.shallow_model result) (Seq.length (ShallowModel1.shallow_model result))) (UIntSize.to_int max_weight) } ensures { [#"../knapsack_full.rs" 81 10 81 54] SubseqRev0.subseq_rev (ShallowModel1.shallow_model result) 0 (ShallowModel0.shallow_model items) (Seq.length (ShallowModel0.shallow_model items)) } - ensures { [#"../knapsack_full.rs" 82 0 84 2] forall s : Seq.seq (KnapsackFull_Item_Type.t_item name) . Inv1.inv s -> SubseqRev0.subseq_rev s 0 (ShallowModel0.shallow_model items) (Seq.length (ShallowModel0.shallow_model items)) /\ SumWeights0.sum_weights s (Seq.length s) <= UIntSize.to_int max_weight -> SumValues0.sum_values s (Seq.length s) <= SumValues0.sum_values (ShallowModel1.shallow_model result) (Seq.length (ShallowModel1.shallow_model result)) } + ensures { [#"../knapsack_full.rs" 82 0 84 2] forall s : Seq.seq (KnapsackFull_Item_Type.t_item name) . Inv1.inv s -> SubseqRev0.subseq_rev s 0 (ShallowModel0.shallow_model items) (Seq.length (ShallowModel0.shallow_model items)) /\ Int.le (SumWeights0.sum_weights s (Seq.length s)) (UIntSize.to_int max_weight) -> Int.le (SumValues0.sum_values s (Seq.length s)) (SumValues0.sum_values (ShallowModel1.shallow_model result) (Seq.length (ShallowModel1.shallow_model result))) } ensures { [#"../knapsack_full.rs" 85 75 85 91] Inv2.inv result } end @@ -2369,6 +2402,7 @@ module KnapsackFull_Knapsack01Dyn use prelude.UIntSize use prelude.Ghost use seq.Seq + use prelude.Bool use prelude.Borrow use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type @@ -2885,13 +2919,13 @@ module KnapsackFull_Knapsack01Dyn val Max0.mAX' = Max1.mAX', predicate Inv2.inv = Inv8.inv let rec cfg knapsack01_dyn [#"../knapsack_full.rs" 85 0 85 91] [@cfg:stackify] [@cfg:subregion_analysis] (items : Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)) (max_weight : usize) : Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global) - requires {[#"../knapsack_full.rs" 77 11 77 34] Seq.length (ShallowModel0.shallow_model items) < 10000000} - requires {[#"../knapsack_full.rs" 78 11 78 33] UIntSize.to_int max_weight < 10000000} - requires {[#"../knapsack_full.rs" 79 0 79 86] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model items) -> UIntSize.to_int (KnapsackFull_Item_Type.item_value (IndexLogic2.index_logic items i)) <= 10000000} + requires {[#"../knapsack_full.rs" 77 11 77 34] Int.lt (Seq.length (ShallowModel0.shallow_model items)) 10000000} + requires {[#"../knapsack_full.rs" 78 11 78 33] Int.lt (UIntSize.to_int max_weight) 10000000} + requires {[#"../knapsack_full.rs" 79 0 79 86] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model items)) -> Int.le (UIntSize.to_int (KnapsackFull_Item_Type.item_value (IndexLogic2.index_logic items i))) 10000000} requires {[#"../knapsack_full.rs" 85 28 85 33] Inv4.inv items} - ensures { [#"../knapsack_full.rs" 80 10 80 60] SumWeights0.sum_weights (ShallowModel3.shallow_model result) (Seq.length (ShallowModel3.shallow_model result)) <= UIntSize.to_int max_weight } + ensures { [#"../knapsack_full.rs" 80 10 80 60] Int.le (SumWeights0.sum_weights (ShallowModel3.shallow_model result) (Seq.length (ShallowModel3.shallow_model result))) (UIntSize.to_int max_weight) } ensures { [#"../knapsack_full.rs" 81 10 81 54] SubseqRev0.subseq_rev (ShallowModel3.shallow_model result) 0 (ShallowModel0.shallow_model items) (Seq.length (ShallowModel0.shallow_model items)) } - ensures { [#"../knapsack_full.rs" 82 0 84 2] forall s : Seq.seq (KnapsackFull_Item_Type.t_item name) . Inv3.inv s -> SubseqRev0.subseq_rev s 0 (ShallowModel0.shallow_model items) (Seq.length (ShallowModel0.shallow_model items)) /\ SumWeights0.sum_weights s (Seq.length s) <= UIntSize.to_int max_weight -> SumValues0.sum_values s (Seq.length s) <= SumValues0.sum_values (ShallowModel3.shallow_model result) (Seq.length (ShallowModel3.shallow_model result)) } + ensures { [#"../knapsack_full.rs" 82 0 84 2] forall s : Seq.seq (KnapsackFull_Item_Type.t_item name) . Inv3.inv s -> SubseqRev0.subseq_rev s 0 (ShallowModel0.shallow_model items) (Seq.length (ShallowModel0.shallow_model items)) /\ Int.le (SumWeights0.sum_weights s (Seq.length s)) (UIntSize.to_int max_weight) -> Int.le (SumValues0.sum_values s (Seq.length s)) (SumValues0.sum_values (ShallowModel3.shallow_model result) (Seq.length (ShallowModel3.shallow_model result))) } ensures { [#"../knapsack_full.rs" 85 75 85 91] Inv5.inv result } = [@vc:do_not_keep_trace] [@vc:sp] @@ -2951,7 +2985,7 @@ module KnapsackFull_Knapsack01Dyn goto BB0 } BB0 { - _10 <- ([#"../knapsack_full.rs" 86 30 86 53] FromElem0.from_elem ([#"../knapsack_full.rs" 86 35 86 36] [#"../knapsack_full.rs" 86 35 86 36] (0 : usize)) ([#"../knapsack_full.rs" 86 38 86 52] max_weight + ([#"../knapsack_full.rs" 86 51 86 52] [#"../knapsack_full.rs" 86 51 86 52] (1 : usize)))); + _10 <- ([#"../knapsack_full.rs" 86 30 86 53] FromElem0.from_elem ([#"../knapsack_full.rs" 86 35 86 36] [#"../knapsack_full.rs" 86 35 86 36] (0 : usize)) ([#"../knapsack_full.rs" 86 38 86 52] UIntSize.add max_weight ([#"../knapsack_full.rs" 86 51 86 52] [#"../knapsack_full.rs" 86 51 86 52] (1 : usize)))); goto BB1 } BB1 { @@ -2959,7 +2993,7 @@ module KnapsackFull_Knapsack01Dyn goto BB2 } BB2 { - best_value <- ([#"../knapsack_full.rs" 86 25 86 71] FromElem1.from_elem _10 ([#"../knapsack_full.rs" 86 55 86 70] _14 + ([#"../knapsack_full.rs" 86 69 86 70] [#"../knapsack_full.rs" 86 69 86 70] (1 : usize)))); + best_value <- ([#"../knapsack_full.rs" 86 25 86 71] FromElem1.from_elem _10 ([#"../knapsack_full.rs" 86 55 86 70] UIntSize.add _14 ([#"../knapsack_full.rs" 86 69 86 70] [#"../knapsack_full.rs" 86 69 86 70] (1 : usize)))); _10 <- any Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global); _14 <- any usize; goto BB3 @@ -2999,10 +3033,10 @@ module KnapsackFull_Knapsack01Dyn BB12 { invariant { [#"../knapsack_full.rs" 88 4 88 55] Inv0.inv iter }; invariant { [#"../knapsack_full.rs" 88 4 88 55] Produces0.produces (Ghost.inner iter_old) (Ghost.inner produced) iter }; - invariant { [#"../knapsack_full.rs" 88 16 88 53] Seq.length (ShallowModel0.shallow_model items) + 1 = Seq.length (ShallowModel1.shallow_model best_value) }; - invariant { [#"../knapsack_full.rs" 88 4 88 55] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel1.shallow_model best_value) -> UIntSize.to_int max_weight + 1 = Seq.length (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value i)) }; - invariant { [#"../knapsack_full.rs" 88 4 88 55] forall ww : int . forall ii : int . 0 <= ii /\ ii <= Seq.length (Ghost.inner produced) /\ 0 <= ww /\ ww <= UIntSize.to_int max_weight -> UIntSize.to_int (Seq.get (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value ii)) ww) = M0.m (ShallowModel0.shallow_model items) ii ww }; - invariant { [#"../knapsack_full.rs" 88 4 88 55] forall ww : int . forall ii : int . 0 <= ii /\ ii <= Seq.length (ShallowModel0.shallow_model items) /\ 0 <= ww /\ ww <= UIntSize.to_int max_weight -> UIntSize.to_int (Seq.get (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value ii)) ww) <= 10000000 * ii }; + invariant { [#"../knapsack_full.rs" 88 16 88 53] Int.add (Seq.length (ShallowModel0.shallow_model items)) 1 = Seq.length (ShallowModel1.shallow_model best_value) }; + invariant { [#"../knapsack_full.rs" 88 4 88 55] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel1.shallow_model best_value)) -> Int.add (UIntSize.to_int max_weight) 1 = Seq.length (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value i)) }; + invariant { [#"../knapsack_full.rs" 88 4 88 55] forall ww : int . forall ii : int . Int.le 0 ii /\ Int.le ii (Seq.length (Ghost.inner produced)) /\ Int.le 0 ww /\ Int.le ww (UIntSize.to_int max_weight) -> UIntSize.to_int (Seq.get (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value ii)) ww) = M0.m (ShallowModel0.shallow_model items) ii ww }; + invariant { [#"../knapsack_full.rs" 88 4 88 55] forall ww : int . forall ii : int . Int.le 0 ii /\ Int.le ii (Seq.length (ShallowModel0.shallow_model items)) /\ Int.le 0 ww /\ Int.le ww (UIntSize.to_int max_weight) -> Int.le (UIntSize.to_int (Seq.get (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value ii)) ww)) (Int.mul 10000000 ii) }; goto BB13 } BB13 { @@ -3084,11 +3118,11 @@ module KnapsackFull_Knapsack01Dyn BB30 { invariant { [#"../knapsack_full.rs" 98 8 98 59] Inv2.inv iter1 }; invariant { [#"../knapsack_full.rs" 98 8 98 59] Produces1.produces (Ghost.inner iter_old1) (Ghost.inner produced1) iter1 }; - invariant { [#"../knapsack_full.rs" 98 20 98 57] Seq.length (ShallowModel0.shallow_model items) + 1 = Seq.length (ShallowModel1.shallow_model best_value) }; - invariant { [#"../knapsack_full.rs" 98 8 98 59] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel1.shallow_model best_value) -> UIntSize.to_int max_weight + 1 = Seq.length (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value i)) }; - invariant { [#"../knapsack_full.rs" 98 8 98 59] forall ww : int . forall ii : int . 0 <= ii /\ ii <= UIntSize.to_int i /\ 0 <= ww /\ ww <= UIntSize.to_int max_weight -> UIntSize.to_int (Seq.get (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value ii)) ww) = M0.m (ShallowModel0.shallow_model items) ii ww }; - invariant { [#"../knapsack_full.rs" 98 8 98 59] forall ww : int . 0 <= ww /\ ww <= Seq.length (Ghost.inner produced1) - 1 -> UIntSize.to_int (Seq.get (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value (UIntSize.to_int i + 1))) ww) = M0.m (ShallowModel0.shallow_model items) (UIntSize.to_int i + 1) ww }; - invariant { [#"../knapsack_full.rs" 98 8 98 59] forall ww : int . forall ii : int . 0 <= ii /\ ii <= Seq.length (ShallowModel0.shallow_model items) /\ 0 <= ww /\ ww <= UIntSize.to_int max_weight -> UIntSize.to_int (Seq.get (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value ii)) ww) <= 10000000 * ii }; + invariant { [#"../knapsack_full.rs" 98 20 98 57] Int.add (Seq.length (ShallowModel0.shallow_model items)) 1 = Seq.length (ShallowModel1.shallow_model best_value) }; + invariant { [#"../knapsack_full.rs" 98 8 98 59] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel1.shallow_model best_value)) -> Int.add (UIntSize.to_int max_weight) 1 = Seq.length (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value i)) }; + invariant { [#"../knapsack_full.rs" 98 8 98 59] forall ww : int . forall ii : int . Int.le 0 ii /\ Int.le ii (UIntSize.to_int i) /\ Int.le 0 ww /\ Int.le ww (UIntSize.to_int max_weight) -> UIntSize.to_int (Seq.get (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value ii)) ww) = M0.m (ShallowModel0.shallow_model items) ii ww }; + invariant { [#"../knapsack_full.rs" 98 8 98 59] forall ww : int . Int.le 0 ww /\ Int.le ww (Int.sub (Seq.length (Ghost.inner produced1)) 1) -> UIntSize.to_int (Seq.get (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value (Int.add (UIntSize.to_int i) 1))) ww) = M0.m (ShallowModel0.shallow_model items) (Int.add (UIntSize.to_int i) 1) ww }; + invariant { [#"../knapsack_full.rs" 98 8 98 59] forall ww : int . forall ii : int . Int.le 0 ii /\ Int.le ii (Seq.length (ShallowModel0.shallow_model items)) /\ Int.le 0 ww /\ Int.le ww (UIntSize.to_int max_weight) -> Int.le (UIntSize.to_int (Seq.get (ShallowModel2.shallow_model (IndexLogic0.index_logic best_value ii)) ww)) (Int.mul 10000000 ii) }; goto BB31 } BB31 { @@ -3125,7 +3159,7 @@ module KnapsackFull_Knapsack01Dyn produced1 <- _63; _63 <- any Ghost.ghost_ty (Seq.seq usize); w <- __creusot_proc_iter_elem1; - switch ([#"../knapsack_full.rs" 111 38 111 51] KnapsackFull_Item_Type.item_weight it > w) + switch ([#"../knapsack_full.rs" 111 38 111 51] UIntSize.gt (KnapsackFull_Item_Type.item_weight it) w) | False -> goto BB40 | True -> goto BB37 end @@ -3155,11 +3189,11 @@ module KnapsackFull_Knapsack01Dyn goto BB43 } BB43 { - _85 <- ([#"../knapsack_full.rs" 114 38 114 66] Index2.index ([#"../knapsack_full.rs" 114 38 114 51] _87) ([#"../knapsack_full.rs" 114 52 114 65] w - KnapsackFull_Item_Type.item_weight it)); + _85 <- ([#"../knapsack_full.rs" 114 38 114 66] Index2.index ([#"../knapsack_full.rs" 114 38 114 51] _87) ([#"../knapsack_full.rs" 114 52 114 65] UIntSize.sub w (KnapsackFull_Item_Type.item_weight it))); goto BB44 } BB44 { - _66 <- ([#"../knapsack_full.rs" 114 16 114 78] Max0.max _77 ([#"../knapsack_full.rs" 114 38 114 77] _85 + KnapsackFull_Item_Type.item_value it)); + _66 <- ([#"../knapsack_full.rs" 114 16 114 78] Max0.max _77 ([#"../knapsack_full.rs" 114 38 114 77] UIntSize.add _85 (KnapsackFull_Item_Type.item_value it))); goto BB45 } BB45 { @@ -3168,7 +3202,7 @@ module KnapsackFull_Knapsack01Dyn BB46 { _97 <- Borrow.borrow_mut best_value; best_value <- ^ _97; - _96 <- ([#"../knapsack_full.rs" 111 12 111 29] IndexMut0.index_mut _97 ([#"../knapsack_full.rs" 111 23 111 28] i + ([#"../knapsack_full.rs" 111 27 111 28] [#"../knapsack_full.rs" 111 27 111 28] (1 : usize)))); + _96 <- ([#"../knapsack_full.rs" 111 12 111 29] IndexMut0.index_mut _97 ([#"../knapsack_full.rs" 111 23 111 28] UIntSize.add i ([#"../knapsack_full.rs" 111 27 111 28] [#"../knapsack_full.rs" 111 27 111 28] (1 : usize)))); _97 <- any borrowed (Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)); goto BB47 } @@ -3210,21 +3244,21 @@ module KnapsackFull_Knapsack01Dyn goto BB55 } BB55 { - invariant { [#"../knapsack_full.rs" 123 16 123 34] UIntSize.to_int j <= Seq.length (ShallowModel0.shallow_model items) }; - invariant { [#"../knapsack_full.rs" 124 16 124 43] UIntSize.to_int left_weight <= UIntSize.to_int max_weight }; - invariant { [#"../knapsack_full.rs" 123 4 123 36] forall r : Seq.seq (KnapsackFull_Item_Type.t_item name) . Inv3.inv r -> Seq.length (ShallowModel3.shallow_model result) <= Seq.length r /\ (forall i : int . 0 <= i /\ i < Seq.length (ShallowModel3.shallow_model result) -> IndexLogic1.index_logic result i = Seq.get r i) /\ SumWeights0.sum_weights r (Seq.length (ShallowModel3.shallow_model result)) <= UIntSize.to_int left_weight -> SumWeights0.sum_weights r 0 <= UIntSize.to_int max_weight }; - invariant { [#"../knapsack_full.rs" 123 4 123 36] forall r : Seq.seq (KnapsackFull_Item_Type.t_item name) . Inv3.inv r -> Seq.length (ShallowModel3.shallow_model result) <= Seq.length r /\ (forall i : int . 0 <= i /\ i < Seq.length (ShallowModel3.shallow_model result) -> IndexLogic1.index_logic result i = Seq.get r i) /\ SumValues0.sum_values r (Seq.length (ShallowModel3.shallow_model result)) = M0.m (ShallowModel0.shallow_model items) (UIntSize.to_int j) (UIntSize.to_int left_weight) -> SumValues0.sum_values r 0 = M0.m (ShallowModel0.shallow_model items) (Seq.length (ShallowModel0.shallow_model items)) (UIntSize.to_int max_weight) }; - invariant { [#"../knapsack_full.rs" 123 4 123 36] forall r : Seq.seq (KnapsackFull_Item_Type.t_item name) . Inv3.inv r -> Seq.length (ShallowModel3.shallow_model result) <= Seq.length r /\ (forall i : int . 0 <= i /\ i < Seq.length (ShallowModel3.shallow_model result) -> IndexLogic1.index_logic result i = Seq.get r i) /\ SubseqRev0.subseq_rev r (Seq.length (ShallowModel3.shallow_model result)) (ShallowModel0.shallow_model items) (UIntSize.to_int j) -> SubseqRev0.subseq_rev r 0 (ShallowModel0.shallow_model items) (Seq.length (ShallowModel0.shallow_model items)) }; + invariant { [#"../knapsack_full.rs" 123 16 123 34] Int.le (UIntSize.to_int j) (Seq.length (ShallowModel0.shallow_model items)) }; + invariant { [#"../knapsack_full.rs" 124 16 124 43] Int.le (UIntSize.to_int left_weight) (UIntSize.to_int max_weight) }; + invariant { [#"../knapsack_full.rs" 123 4 123 36] forall r : Seq.seq (KnapsackFull_Item_Type.t_item name) . Inv3.inv r -> Int.le (Seq.length (ShallowModel3.shallow_model result)) (Seq.length r) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel3.shallow_model result)) -> IndexLogic1.index_logic result i = Seq.get r i) /\ Int.le (SumWeights0.sum_weights r (Seq.length (ShallowModel3.shallow_model result))) (UIntSize.to_int left_weight) -> Int.le (SumWeights0.sum_weights r 0) (UIntSize.to_int max_weight) }; + invariant { [#"../knapsack_full.rs" 123 4 123 36] forall r : Seq.seq (KnapsackFull_Item_Type.t_item name) . Inv3.inv r -> Int.le (Seq.length (ShallowModel3.shallow_model result)) (Seq.length r) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel3.shallow_model result)) -> IndexLogic1.index_logic result i = Seq.get r i) /\ SumValues0.sum_values r (Seq.length (ShallowModel3.shallow_model result)) = M0.m (ShallowModel0.shallow_model items) (UIntSize.to_int j) (UIntSize.to_int left_weight) -> SumValues0.sum_values r 0 = M0.m (ShallowModel0.shallow_model items) (Seq.length (ShallowModel0.shallow_model items)) (UIntSize.to_int max_weight) }; + invariant { [#"../knapsack_full.rs" 123 4 123 36] forall r : Seq.seq (KnapsackFull_Item_Type.t_item name) . Inv3.inv r -> Int.le (Seq.length (ShallowModel3.shallow_model result)) (Seq.length r) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel3.shallow_model result)) -> IndexLogic1.index_logic result i = Seq.get r i) /\ SubseqRev0.subseq_rev r (Seq.length (ShallowModel3.shallow_model result)) (ShallowModel0.shallow_model items) (UIntSize.to_int j) -> SubseqRev0.subseq_rev r 0 (ShallowModel0.shallow_model items) (Seq.length (ShallowModel0.shallow_model items)) }; goto BB56 } BB56 { - switch ([#"../knapsack_full.rs" 140 10 140 15] ([#"../knapsack_full.rs" 140 10 140 11] [#"../knapsack_full.rs" 140 10 140 11] (0 : usize)) < j) + switch ([#"../knapsack_full.rs" 140 10 140 15] UIntSize.lt ([#"../knapsack_full.rs" 140 10 140 11] [#"../knapsack_full.rs" 140 10 140 11] (0 : usize)) j) | False -> goto BB67 | True -> goto BB57 end } BB57 { - j <- ([#"../knapsack_full.rs" 141 8 141 14] j - ([#"../knapsack_full.rs" 141 13 141 14] [#"../knapsack_full.rs" 141 13 141 14] (1 : usize))); + j <- ([#"../knapsack_full.rs" 141 8 141 14] UIntSize.sub j ([#"../knapsack_full.rs" 141 13 141 14] [#"../knapsack_full.rs" 141 13 141 14] (1 : usize))); _118 <- ([#"../knapsack_full.rs" 142 18 142 26] Index0.index ([#"../knapsack_full.rs" 142 18 142 23] items) j); goto BB58 } @@ -3232,7 +3266,7 @@ module KnapsackFull_Knapsack01Dyn it1 <- ([#"../knapsack_full.rs" 142 17 142 26] _118); assert { [@expl:type invariant] Inv1.inv _118 }; assume { Resolve1.resolve _118 }; - _125 <- ([#"../knapsack_full.rs" 143 11 143 28] Index1.index ([#"../knapsack_full.rs" 143 11 143 21] best_value) ([#"../knapsack_full.rs" 143 22 143 27] j + ([#"../knapsack_full.rs" 143 26 143 27] [#"../knapsack_full.rs" 143 26 143 27] (1 : usize)))); + _125 <- ([#"../knapsack_full.rs" 143 11 143 28] Index1.index ([#"../knapsack_full.rs" 143 11 143 21] best_value) ([#"../knapsack_full.rs" 143 22 143 27] UIntSize.add j ([#"../knapsack_full.rs" 143 26 143 27] [#"../knapsack_full.rs" 143 26 143 27] (1 : usize)))); goto BB59 } BB59 { @@ -3248,7 +3282,7 @@ module KnapsackFull_Knapsack01Dyn goto BB62 } BB62 { - switch ([#"../knapsack_full.rs" 143 11 143 71] _123 <> _131) + switch ([#"../knapsack_full.rs" 143 11 143 71] UIntSize.ne _123 _131) | False -> goto BB65 | True -> goto BB63 end @@ -3264,7 +3298,7 @@ module KnapsackFull_Knapsack01Dyn BB64 { assert { [@expl:type invariant] Inv1.inv it1 }; assume { Resolve1.resolve it1 }; - left_weight <- ([#"../knapsack_full.rs" 145 12 145 36] left_weight - KnapsackFull_Item_Type.item_weight it1); + left_weight <- ([#"../knapsack_full.rs" 145 12 145 36] UIntSize.sub left_weight (KnapsackFull_Item_Type.item_weight it1)); _31 <- ([#"../knapsack_full.rs" 143 72 146 9] ()); goto BB66 } diff --git a/creusot/tests/should_succeed/lang/branch_borrow_2.mlcfg b/creusot/tests/should_succeed/lang/branch_borrow_2.mlcfg index a9894ac79f..1b078be182 100644 --- a/creusot/tests/should_succeed/lang/branch_borrow_2.mlcfg +++ b/creusot/tests/should_succeed/lang/branch_borrow_2.mlcfg @@ -15,6 +15,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -56,9 +57,9 @@ module BranchBorrow2_F b <- ^ y; z <- Borrow.borrow_mut c; c <- ^ z; - switch (([#"../branch_borrow_2.rs" 13 10 13 11] [#"../branch_borrow_2.rs" 13 10 13 11] (3 : int32)) = 1) + switch (Int32.eq ([#"../branch_borrow_2.rs" 13 10 13 11] [#"../branch_borrow_2.rs" 13 10 13 11] (3 : int32)) 1) | True -> goto BB1 - | False -> switch (([#"../branch_borrow_2.rs" 13 10 13 11] [#"../branch_borrow_2.rs" 13 10 13 11] (3 : int32)) = 2) + | False -> switch (Int32.eq ([#"../branch_borrow_2.rs" 13 10 13 11] [#"../branch_borrow_2.rs" 13 10 13 11] (3 : int32)) 2) | True -> goto BB2 | False -> goto BB12 end @@ -103,7 +104,7 @@ module BranchBorrow2_F assume { Resolve0.resolve w }; assume { Resolve0.resolve z }; assume { Resolve0.resolve y }; - switch ([#"../branch_borrow_2.rs" 30 4 30 19] not ([#"../branch_borrow_2.rs" 30 12 30 18] c = ([#"../branch_borrow_2.rs" 30 17 30 18] [#"../branch_borrow_2.rs" 30 17 30 18] (5 : int32)))) + switch ([#"../branch_borrow_2.rs" 30 4 30 19] not ([#"../branch_borrow_2.rs" 30 12 30 18] Int32.eq c ([#"../branch_borrow_2.rs" 30 17 30 18] [#"../branch_borrow_2.rs" 30 17 30 18] (5 : int32)))) | False -> goto BB8 | True -> goto BB7 end @@ -168,6 +169,7 @@ end module CreusotContracts_Resolve_Impl0_Resolve type t1 type t2 + use prelude.Bool clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve1 with type self = t2 clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve0 with diff --git a/creusot/tests/should_succeed/lang/float_ops.mlcfg b/creusot/tests/should_succeed/lang/float_ops.mlcfg index 782579be42..e7c5f85de7 100644 --- a/creusot/tests/should_succeed/lang/float_ops.mlcfg +++ b/creusot/tests/should_succeed/lang/float_ops.mlcfg @@ -1,11 +1,13 @@ module FloatOps_Eq_Interface + use prelude.Bool val eq [#"../float_ops.rs" 5 0 5 19] (_1 : ()) : bool ensures { [#"../float_ops.rs" 4 10 4 24] result = true } end module FloatOps_Eq use prelude.Float64 + use prelude.Bool let rec cfg eq [#"../float_ops.rs" 5 0 5 19] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : ()) : bool ensures { [#"../float_ops.rs" 4 10 4 24] result = true } @@ -15,18 +17,20 @@ module FloatOps_Eq goto BB0 } BB0 { - _0 <- ([#"../float_ops.rs" 6 4 6 14] ([#"../float_ops.rs" 6 4 6 7] [#"../float_ops.rs" 6 4 6 7] (1.0 : Float64.t)) .= ([#"../float_ops.rs" 6 11 6 14] [#"../float_ops.rs" 6 11 6 14] (2.0 : Float64.t))); + _0 <- ([#"../float_ops.rs" 6 4 6 14] Float64.eq ([#"../float_ops.rs" 6 4 6 7] [#"../float_ops.rs" 6 4 6 7] (1.0 : Float64.t)) ([#"../float_ops.rs" 6 11 6 14] [#"../float_ops.rs" 6 11 6 14] (2.0 : Float64.t))); return _0 } end module FloatOps_Lt_Interface + use prelude.Bool val lt [#"../float_ops.rs" 10 0 10 19] (_1 : ()) : bool ensures { [#"../float_ops.rs" 9 10 9 24] result = true } end module FloatOps_Lt use prelude.Float64 + use prelude.Bool let rec cfg lt [#"../float_ops.rs" 10 0 10 19] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : ()) : bool ensures { [#"../float_ops.rs" 9 10 9 24] result = true } @@ -36,18 +40,20 @@ module FloatOps_Lt goto BB0 } BB0 { - _0 <- ([#"../float_ops.rs" 11 4 11 13] ([#"../float_ops.rs" 11 4 11 7] [#"../float_ops.rs" 11 4 11 7] (1.0 : Float64.t)) .< ([#"../float_ops.rs" 11 10 11 13] [#"../float_ops.rs" 11 10 11 13] (2.0 : Float64.t))); + _0 <- ([#"../float_ops.rs" 11 4 11 13] Float64.lt ([#"../float_ops.rs" 11 4 11 7] [#"../float_ops.rs" 11 4 11 7] (1.0 : Float64.t)) ([#"../float_ops.rs" 11 10 11 13] [#"../float_ops.rs" 11 10 11 13] (2.0 : Float64.t))); return _0 } end module FloatOps_Le_Interface + use prelude.Bool val le [#"../float_ops.rs" 15 0 15 19] (_1 : ()) : bool ensures { [#"../float_ops.rs" 14 10 14 24] result = true } end module FloatOps_Le use prelude.Float64 + use prelude.Bool let rec cfg le [#"../float_ops.rs" 15 0 15 19] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : ()) : bool ensures { [#"../float_ops.rs" 14 10 14 24] result = true } @@ -57,18 +63,20 @@ module FloatOps_Le goto BB0 } BB0 { - _0 <- ([#"../float_ops.rs" 16 4 16 14] ([#"../float_ops.rs" 16 4 16 7] [#"../float_ops.rs" 16 4 16 7] (1.0 : Float64.t)) .<= ([#"../float_ops.rs" 16 11 16 14] [#"../float_ops.rs" 16 11 16 14] (2.0 : Float64.t))); + _0 <- ([#"../float_ops.rs" 16 4 16 14] Float64.le ([#"../float_ops.rs" 16 4 16 7] [#"../float_ops.rs" 16 4 16 7] (1.0 : Float64.t)) ([#"../float_ops.rs" 16 11 16 14] [#"../float_ops.rs" 16 11 16 14] (2.0 : Float64.t))); return _0 } end module FloatOps_Gt_Interface + use prelude.Bool val gt [#"../float_ops.rs" 20 0 20 19] (_1 : ()) : bool ensures { [#"../float_ops.rs" 19 10 19 24] result = true } end module FloatOps_Gt use prelude.Float64 + use prelude.Bool let rec cfg gt [#"../float_ops.rs" 20 0 20 19] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : ()) : bool ensures { [#"../float_ops.rs" 19 10 19 24] result = true } @@ -78,18 +86,20 @@ module FloatOps_Gt goto BB0 } BB0 { - _0 <- ([#"../float_ops.rs" 21 4 21 13] ([#"../float_ops.rs" 21 4 21 7] [#"../float_ops.rs" 21 4 21 7] (2.0 : Float64.t)) .> ([#"../float_ops.rs" 21 10 21 13] [#"../float_ops.rs" 21 10 21 13] (1.0 : Float64.t))); + _0 <- ([#"../float_ops.rs" 21 4 21 13] Float64.gt ([#"../float_ops.rs" 21 4 21 7] [#"../float_ops.rs" 21 4 21 7] (2.0 : Float64.t)) ([#"../float_ops.rs" 21 10 21 13] [#"../float_ops.rs" 21 10 21 13] (1.0 : Float64.t))); return _0 } end module FloatOps_Ge_Interface + use prelude.Bool val ge [#"../float_ops.rs" 25 0 25 19] (_1 : ()) : bool ensures { [#"../float_ops.rs" 24 10 24 24] result = true } end module FloatOps_Ge use prelude.Float64 + use prelude.Bool let rec cfg ge [#"../float_ops.rs" 25 0 25 19] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : ()) : bool ensures { [#"../float_ops.rs" 24 10 24 24] result = true } @@ -99,18 +109,20 @@ module FloatOps_Ge goto BB0 } BB0 { - _0 <- ([#"../float_ops.rs" 26 4 26 14] ([#"../float_ops.rs" 26 4 26 7] [#"../float_ops.rs" 26 4 26 7] (2.0 : Float64.t)) .>= ([#"../float_ops.rs" 26 11 26 14] [#"../float_ops.rs" 26 11 26 14] (1.0 : Float64.t))); + _0 <- ([#"../float_ops.rs" 26 4 26 14] Float64.ge ([#"../float_ops.rs" 26 4 26 7] [#"../float_ops.rs" 26 4 26 7] (2.0 : Float64.t)) ([#"../float_ops.rs" 26 11 26 14] [#"../float_ops.rs" 26 11 26 14] (1.0 : Float64.t))); return _0 } end module FloatOps_Neg_Interface + use prelude.Bool val neg [#"../float_ops.rs" 30 0 30 20] (_1 : ()) : bool ensures { [#"../float_ops.rs" 29 10 29 24] result = true } end module FloatOps_Neg use prelude.Float64 + use prelude.Bool let rec cfg neg [#"../float_ops.rs" 30 0 30 20] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : ()) : bool ensures { [#"../float_ops.rs" 29 10 29 24] result = true } @@ -120,7 +132,7 @@ module FloatOps_Neg goto BB0 } BB0 { - _0 <- ([#"../float_ops.rs" 31 4 31 15] ([#"../float_ops.rs" 31 4 31 8] [#"../float_ops.rs" 31 4 31 8] (-2.0 : Float64.t)) .<= ([#"../float_ops.rs" 31 12 31 15] [#"../float_ops.rs" 31 12 31 15] (1.0 : Float64.t))); + _0 <- ([#"../float_ops.rs" 31 4 31 15] Float64.le ([#"../float_ops.rs" 31 4 31 8] [#"../float_ops.rs" 31 4 31 8] (-2.0 : Float64.t)) ([#"../float_ops.rs" 31 12 31 15] [#"../float_ops.rs" 31 12 31 15] (1.0 : Float64.t))); return _0 } diff --git a/creusot/tests/should_succeed/lang/literals.mlcfg b/creusot/tests/should_succeed/lang/literals.mlcfg index 90a7b23d8b..5c3e3222db 100644 --- a/creusot/tests/should_succeed/lang/literals.mlcfg +++ b/creusot/tests/should_succeed/lang/literals.mlcfg @@ -15,13 +15,13 @@ module Literals_FloatOperation } BB0 { x <- ([#"../literals.rs" 4 17 4 20] [#"../literals.rs" 4 17 4 20] (0.0 : Float32.t)); - switch ([#"../literals.rs" 6 7 6 24] ([#"../literals.rs" 6 7 6 17] x .+ ([#"../literals.rs" 6 11 6 17] [#"../literals.rs" 6 11 6 17] (0x1.020c40000000p0 : Float32.t))) .= ([#"../literals.rs" 6 21 6 24] [#"../literals.rs" 6 21 6 24] (2.0 : Float32.t))) + switch ([#"../literals.rs" 6 7 6 24] Float32.eq ([#"../literals.rs" 6 7 6 17] Float32.add x ([#"../literals.rs" 6 11 6 17] [#"../literals.rs" 6 11 6 17] (0x1.020c40000000p0 : Float32.t))) ([#"../literals.rs" 6 21 6 24] [#"../literals.rs" 6 21 6 24] (2.0 : Float32.t))) | False -> goto BB2 | True -> goto BB1 end } BB1 { - _0 <- ([#"../literals.rs" 7 8 7 17] ([#"../literals.rs" 7 8 7 11] [#"../literals.rs" 7 8 7 11] (3.0 : Float32.t)) .- ([#"../literals.rs" 7 14 7 17] [#"../literals.rs" 7 14 7 17] (1.0 : Float32.t))); + _0 <- ([#"../literals.rs" 7 8 7 17] Float32.sub ([#"../literals.rs" 7 8 7 11] [#"../literals.rs" 7 8 7 11] (3.0 : Float32.t)) ([#"../literals.rs" 7 14 7 17] [#"../literals.rs" 7 14 7 17] (1.0 : Float32.t))); goto BB3 } BB2 { diff --git a/creusot/tests/should_succeed/lang/modules.mlcfg b/creusot/tests/should_succeed/lang/modules.mlcfg index 657a9e992d..e66761c7fb 100644 --- a/creusot/tests/should_succeed/lang/modules.mlcfg +++ b/creusot/tests/should_succeed/lang/modules.mlcfg @@ -26,11 +26,13 @@ module Modules_Nested_Impl0_Resolve end module Modules_Nested_InnerFunc_Interface + use prelude.Bool val inner_func [#"../modules.rs" 13 4 13 31] (_1 : ()) : bool ensures { [#"../modules.rs" 12 14 12 28] result = true } end module Modules_Nested_InnerFunc + use prelude.Bool use Modules_Nested_Nested_Type as Modules_Nested_Nested_Type clone Modules_Nested_Impl0_Resolve as Resolve0 let rec cfg inner_func [#"../modules.rs" 13 4 13 31] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : ()) : bool diff --git a/creusot/tests/should_succeed/lang/modules/why3shapes.gz b/creusot/tests/should_succeed/lang/modules/why3shapes.gz index 8b1fda13d0e44af5d6e128fdb7e7edc9ecfb67d5..9c7206f8b124955b7750b86f28ccb45a77957611 100644 GIT binary patch literal 128 zcmV-`0Du1Ok~#w0a`PC_xexXPuyP@yCxr+&X% z-}EjG%7=a|cyN`qOk~iM=KiItj(>;wt$$sZf%VQ=h+E zzv;VlDDUuP!IPV8wLI{S-4()fR$*!f`~O}(G?w}~ISk9hvilw80oU4aD}~##9wh-- i=PV_c*u?&3C~K>1w3)PthA2DKqk ([#"../promoted_constants.rs" 15 14 15 16] [#"../promoted_constants.rs" 15 14 15 16] (16 : int32))) + switch ([#"../promoted_constants.rs" 15 7 15 16] Int32.ne ix ([#"../promoted_constants.rs" 15 14 15 16] [#"../promoted_constants.rs" 15 14 15 16] (16 : int32))) | False -> goto BB2 | True -> goto BB1 end diff --git a/creusot/tests/should_succeed/lang/while_let.mlcfg b/creusot/tests/should_succeed/lang/while_let.mlcfg index 965ab85c09..c8dfcee1ee 100644 --- a/creusot/tests/should_succeed/lang/while_let.mlcfg +++ b/creusot/tests/should_succeed/lang/while_let.mlcfg @@ -15,6 +15,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool diff --git a/creusot/tests/should_succeed/lang/while_let/why3shapes.gz b/creusot/tests/should_succeed/lang/while_let/why3shapes.gz index 5425689154da335908eced0c7a70e051ca9fd9d4..4eae05c131496d10e8ee81af5ce9ced9f9074e6f 100644 GIT binary patch literal 143 zcmV;A0C4{wiwFP!00000|1FEl3c@fDMfdrNS!z~!H9^6J6oRgW*~*w^u%L}J!T!D$ zy1IvRxH}2;NuONdo98-~=?EU=Ui6Ln`>nk5(iW0vuXG|FCwigX*2HuBTQsQSS|w^! xE1}x1NvkNZ2QD+P5KaZ_Qb_ER&!it+HiP5Doj+s~+yMHb#19c=&RmcH008loL(~8O literal 144 zcmV;B0B`>viwFP!00000|1FEX3c@fHM)y3$9W_&aO414r5(qjAca@to!Gbo@1pE40 z==2@V;X81sPx_<^-?Y@J%qK9wkIXf4k9&EiwXMWa-{?$vn(2jlU*#|DZ&9K2TjeNG yY=mOJMkzc)2e~Ye8Pj5j#`eYzDUcOv3|+Qemc7z};y8f33ibnxzU!ip0002m?n0vg diff --git a/creusot/tests/should_succeed/list_index_mut.mlcfg b/creusot/tests/should_succeed/list_index_mut.mlcfg index c550216227..f07259952c 100644 --- a/creusot/tests/should_succeed/list_index_mut.mlcfg +++ b/creusot/tests/should_succeed/list_index_mut.mlcfg @@ -39,10 +39,10 @@ module ListIndexMut_Impl0_Len use ListIndexMut_List_Type as ListIndexMut_List_Type use Core_Option_Option_Type as Core_Option_Option_Type function len [#"../list_index_mut.rs" 7 4 7 29] (self : ListIndexMut_List_Type.t_list) : int = - [#"../list_index_mut.rs" 6 4 6 12] let ListIndexMut_List_Type.C_List _ ls = self in 1 + match (ls) with + [#"../list_index_mut.rs" 6 4 6 12] let ListIndexMut_List_Type.C_List _ ls = self in Int.add 1 (match (ls) with | Core_Option_Option_Type.C_Some ls -> len ls | Core_Option_Option_Type.C_None -> 0 - end + end) val len [#"../list_index_mut.rs" 7 4 7 29] (self : ListIndexMut_List_Type.t_list) : int ensures { result = len self } @@ -74,9 +74,9 @@ module ListIndexMut_Impl0_Get function get [#"../list_index_mut.rs" 18 4 18 46] (self : ListIndexMut_List_Type.t_list) (ix : int) : Core_Option_Option_Type.t_option uint32 = - [#"../list_index_mut.rs" 17 4 17 12] let ListIndexMut_List_Type.C_List i ls = self in if ix > 0 then + [#"../list_index_mut.rs" 17 4 17 12] let ListIndexMut_List_Type.C_List i ls = self in if Int.gt ix 0 then match (ls) with - | Core_Option_Option_Type.C_Some ls -> get ls (ix - 1) + | Core_Option_Option_Type.C_Some ls -> get ls (Int.sub ix 1) | Core_Option_Option_Type.C_None -> Core_Option_Option_Type.C_None end else @@ -192,6 +192,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -220,6 +221,7 @@ end module Core_Option_Impl0_AsMut_Interface type t use prelude.Borrow + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv2 with type t = Core_Option_Option_Type.t_option (borrowed t) @@ -236,6 +238,7 @@ module Core_Option_Impl0_AsMut_Interface end module Core_Option_Impl0_Unwrap_Interface type t + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = t use Core_Option_Option_Type as Core_Option_Option_Type @@ -280,17 +283,18 @@ module ListIndexMut_IndexMut_Interface use prelude.UIntSize use prelude.Borrow use prelude.Int + use prelude.Bool use prelude.UInt32 use ListIndexMut_List_Type as ListIndexMut_List_Type use Core_Option_Option_Type as Core_Option_Option_Type clone ListIndexMut_Impl0_Get_Stub as Get0 clone ListIndexMut_Impl0_Len_Stub as Len0 val index_mut [#"../list_index_mut.rs" 37 0 37 61] (l : borrowed (ListIndexMut_List_Type.t_list)) (ix : usize) : borrowed uint32 - requires {[#"../list_index_mut.rs" 32 11 32 24] UIntSize.to_int ix < Len0.len ( * l)} + requires {[#"../list_index_mut.rs" 32 11 32 24] Int.lt (UIntSize.to_int ix) (Len0.len ( * l))} ensures { [#"../list_index_mut.rs" 33 10 33 37] Core_Option_Option_Type.C_Some ( * result) = Get0.get ( * l) (UIntSize.to_int ix) } ensures { [#"../list_index_mut.rs" 34 10 34 40] Core_Option_Option_Type.C_Some ( ^ result) = Get0.get ( ^ l) (UIntSize.to_int ix) } ensures { [#"../list_index_mut.rs" 35 10 35 34] Len0.len ( ^ l) = Len0.len ( * l) } - ensures { [#"../list_index_mut.rs" 36 0 36 87] forall i : int . 0 <= i /\ i < Len0.len ( * l) /\ i <> UIntSize.to_int ix -> Get0.get ( * l) i = Get0.get ( ^ l) i } + ensures { [#"../list_index_mut.rs" 36 0 36 87] forall i : int . Int.le 0 i /\ Int.lt i (Len0.len ( * l)) /\ i <> UIntSize.to_int ix -> Get0.get ( * l) i = Get0.get ( ^ l) i } end module ListIndexMut_IndexMut @@ -298,6 +302,7 @@ module ListIndexMut_IndexMut use prelude.Int use prelude.UIntSize use prelude.Borrow + use prelude.Bool use prelude.UInt32 use ListIndexMut_List_Type as ListIndexMut_List_Type use Core_Option_Option_Type as Core_Option_Option_Type @@ -347,11 +352,11 @@ module ListIndexMut_IndexMut clone ListIndexMut_Impl0_Get as Get0 clone ListIndexMut_Impl0_Len as Len0 let rec cfg index_mut [#"../list_index_mut.rs" 37 0 37 61] [@cfg:stackify] [@cfg:subregion_analysis] (l : borrowed (ListIndexMut_List_Type.t_list)) (ix : usize) : borrowed uint32 - requires {[#"../list_index_mut.rs" 32 11 32 24] UIntSize.to_int ix < Len0.len ( * l)} + requires {[#"../list_index_mut.rs" 32 11 32 24] Int.lt (UIntSize.to_int ix) (Len0.len ( * l))} ensures { [#"../list_index_mut.rs" 33 10 33 37] Core_Option_Option_Type.C_Some ( * result) = Get0.get ( * l) (UIntSize.to_int ix) } ensures { [#"../list_index_mut.rs" 34 10 34 40] Core_Option_Option_Type.C_Some ( ^ result) = Get0.get ( ^ l) (UIntSize.to_int ix) } ensures { [#"../list_index_mut.rs" 35 10 35 34] Len0.len ( ^ l) = Len0.len ( * l) } - ensures { [#"../list_index_mut.rs" 36 0 36 87] forall i : int . 0 <= i /\ i < Len0.len ( * l) /\ i <> UIntSize.to_int ix -> Get0.get ( * l) i = Get0.get ( ^ l) i } + ensures { [#"../list_index_mut.rs" 36 0 36 87] forall i : int . Int.le 0 i /\ Int.lt i (Len0.len ( * l)) /\ i <> UIntSize.to_int ix -> Get0.get ( * l) i = Get0.get ( ^ l) i } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : borrowed uint32; @@ -380,15 +385,15 @@ module ListIndexMut_IndexMut goto BB3 } BB3 { - invariant { [#"../list_index_mut.rs" 40 16 40 45] (0 : usize) <= ix /\ UIntSize.to_int ix < Len0.len ( * l) }; + invariant { [#"../list_index_mut.rs" 40 16 40 45] Int.le (0 : usize) ix /\ Int.lt (UIntSize.to_int ix) (Len0.len ( * l)) }; invariant { [#"../list_index_mut.rs" 41 16 41 52] Get0.get ( * l) (UIntSize.to_int ix) = Get0.get ( * Ghost.inner old_l) (ShallowModel0.shallow_model old_ix) }; invariant { [#"../list_index_mut.rs" 42 16 42 55] Get0.get ( ^ l) (UIntSize.to_int ix) = Get0.get ( ^ Ghost.inner old_l) (ShallowModel0.shallow_model old_ix) }; invariant { [#"../list_index_mut.rs" 40 4 40 47] Len0.len ( ^ l) = Len0.len ( * l) -> Len0.len ( ^ Ghost.inner old_l) = Len0.len ( * Ghost.inner old_l) }; - invariant { [#"../list_index_mut.rs" 40 4 40 47] (forall i : int . 0 <= i /\ i < Len0.len ( * l) /\ i <> UIntSize.to_int ix -> Get0.get ( ^ l) i = Get0.get ( * l) i) -> (forall i : int . 0 <= i /\ i < Len0.len ( * Ghost.inner old_l) /\ i <> ShallowModel0.shallow_model old_ix -> Get0.get ( ^ Ghost.inner old_l) i = Get0.get ( * Ghost.inner old_l) i) }; + invariant { [#"../list_index_mut.rs" 40 4 40 47] (forall i : int . Int.le 0 i /\ Int.lt i (Len0.len ( * l)) /\ i <> UIntSize.to_int ix -> Get0.get ( ^ l) i = Get0.get ( * l) i) -> (forall i : int . Int.le 0 i /\ Int.lt i (Len0.len ( * Ghost.inner old_l)) /\ i <> ShallowModel0.shallow_model old_ix -> Get0.get ( ^ Ghost.inner old_l) i = Get0.get ( * Ghost.inner old_l) i) }; goto BB4 } BB4 { - switch ([#"../list_index_mut.rs" 49 10 49 16] ix > ([#"../list_index_mut.rs" 49 15 49 16] [#"../list_index_mut.rs" 49 15 49 16] (0 : usize))) + switch ([#"../list_index_mut.rs" 49 10 49 16] UIntSize.gt ix ([#"../list_index_mut.rs" 49 15 49 16] [#"../list_index_mut.rs" 49 15 49 16] (0 : usize))) | False -> goto BB8 | True -> goto BB5 end @@ -412,7 +417,7 @@ module ListIndexMut_IndexMut l <- _22; _22 <- any borrowed (ListIndexMut_List_Type.t_list); assume { Resolve2.resolve _23 }; - ix <- ([#"../list_index_mut.rs" 52 8 52 15] ix - ([#"../list_index_mut.rs" 52 14 52 15] [#"../list_index_mut.rs" 52 14 52 15] (1 : usize))); + ix <- ([#"../list_index_mut.rs" 52 8 52 15] UIntSize.sub ix ([#"../list_index_mut.rs" 52 14 52 15] [#"../list_index_mut.rs" 52 14 52 15] (1 : usize))); goto BB3 } BB8 { @@ -433,16 +438,17 @@ module ListIndexMut_Write_Interface use prelude.UIntSize use prelude.Borrow use prelude.Int + use prelude.Bool use prelude.UInt32 use ListIndexMut_List_Type as ListIndexMut_List_Type use Core_Option_Option_Type as Core_Option_Option_Type clone ListIndexMut_Impl0_Get_Stub as Get0 clone ListIndexMut_Impl0_Len_Stub as Len0 val write [#"../list_index_mut.rs" 63 0 63 45] (l : borrowed (ListIndexMut_List_Type.t_list)) (ix : usize) (v : uint32) : () - requires {[#"../list_index_mut.rs" 59 11 59 24] UIntSize.to_int ix < Len0.len ( * l)} + requires {[#"../list_index_mut.rs" 59 11 59 24] Int.lt (UIntSize.to_int ix) (Len0.len ( * l))} ensures { [#"../list_index_mut.rs" 60 10 60 34] Core_Option_Option_Type.C_Some v = Get0.get ( ^ l) (UIntSize.to_int ix) } ensures { [#"../list_index_mut.rs" 61 10 61 31] Len0.len ( ^ l) = Len0.len ( * l) } - ensures { [#"../list_index_mut.rs" 62 0 62 87] forall i : int . 0 <= i /\ i < Len0.len ( * l) /\ i <> UIntSize.to_int ix -> Get0.get ( * l) i = Get0.get ( ^ l) i } + ensures { [#"../list_index_mut.rs" 62 0 62 87] forall i : int . Int.le 0 i /\ Int.lt i (Len0.len ( * l)) /\ i <> UIntSize.to_int ix -> Get0.get ( * l) i = Get0.get ( ^ l) i } end module ListIndexMut_Write @@ -450,6 +456,7 @@ module ListIndexMut_Write use prelude.Int use prelude.UIntSize use prelude.UInt32 + use prelude.Bool use ListIndexMut_List_Type as ListIndexMut_List_Type use Core_Option_Option_Type as Core_Option_Option_Type clone ListIndexMut_Impl0_Get as Get0 @@ -462,10 +469,10 @@ module ListIndexMut_Write function Len0.len = Len0.len, function Get0.get = Get0.get let rec cfg write [#"../list_index_mut.rs" 63 0 63 45] [@cfg:stackify] [@cfg:subregion_analysis] (l : borrowed (ListIndexMut_List_Type.t_list)) (ix : usize) (v : uint32) : () - requires {[#"../list_index_mut.rs" 59 11 59 24] UIntSize.to_int ix < Len0.len ( * l)} + requires {[#"../list_index_mut.rs" 59 11 59 24] Int.lt (UIntSize.to_int ix) (Len0.len ( * l))} ensures { [#"../list_index_mut.rs" 60 10 60 34] Core_Option_Option_Type.C_Some v = Get0.get ( ^ l) (UIntSize.to_int ix) } ensures { [#"../list_index_mut.rs" 61 10 61 31] Len0.len ( ^ l) = Len0.len ( * l) } - ensures { [#"../list_index_mut.rs" 62 0 62 87] forall i : int . 0 <= i /\ i < Len0.len ( * l) /\ i <> UIntSize.to_int ix -> Get0.get ( * l) i = Get0.get ( ^ l) i } + ensures { [#"../list_index_mut.rs" 62 0 62 87] forall i : int . Int.le 0 i /\ Int.lt i (Len0.len ( * l)) /\ i <> UIntSize.to_int ix -> Get0.get ( * l) i = Get0.get ( ^ l) i } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); diff --git a/creusot/tests/should_succeed/list_index_mut/why3session.xml b/creusot/tests/should_succeed/list_index_mut/why3session.xml index 86798025cd..24c4d7fe46 100644 --- a/creusot/tests/should_succeed/list_index_mut/why3session.xml +++ b/creusot/tests/should_succeed/list_index_mut/why3session.xml @@ -7,17 +7,17 @@ - + - + - + diff --git a/creusot/tests/should_succeed/list_index_mut/why3shapes.gz b/creusot/tests/should_succeed/list_index_mut/why3shapes.gz index c8fd0a1bc4f292e88908129d429af7e76922706a..8c1f15b4fd2f3fc62c939c0276540b7d41017da0 100644 GIT binary patch literal 725 zcmV;`0xJC`g? zq?%UQZf73MH#?b)W}1Q*pS^f^G7nBO4aajoX}&ex3cI}Y8e)sSS+l&lUQ4z56A>fw4F-fa8f@?*|+I`^j2 zP*%E$H(*NZUjwT{pZPFGFiPUHZ|W+IK&?hXFC+ zlZFX!&1CGhlV?B~8_xoijDzG6MW!*w1h?r9i3NNWoie8!xA%O1nT3$|F`IwKbkoZB zws`Y`>XLt$jcyjK)NCH@+Ekd&>$7a&(Tp#(6SkQ6SPw6KJHB&TC`mPA9vvG?t3+Ws z=VW($V>FP3d0OCEGYAA>;66c*OQulr%S%;S9Xx32=HeEd%B|m5iN>d)w|+OIrecmn z!392R%F<#o1k3a;KMmLX+_(1k@$xcdOZ$nAi;I#cii$l3PZJdyO#(^O>M0<}mg~VnvbCxQ(e?o{X!PtBjy4 zsMW(&#`KH1S`#romE09v+)bZ{>&!Do#>C0Ho}v662A}XStGDZUvRQIz$p2)bf5|lK zsE)jYP!9>uR|E03@k|20mSRp>)-b^fVwG&#noDa{D*%8us^Lu|DarYs?dcx&BqO9| z45+QuspKt(6aG-FwMBg*0=QLqxi2yz>Q-=J#7Q!A1c@<5$+l2d2rw#_dy)MC=zO`> H@df|@-SPIDP|{cu74q#xb&Utv;Fac(@t_Hp@2iD!quU%?~QQA5W+8&9o24A5*lhAM^pC zto;LpAf4nQNp}RjxOXh0BbgqQ2s}D+cLY7Vaa`}d^k-Kc5Cj?^WF7Q~)=_#lf>l7P z^ud~T#F^^Y{ueuu!JM!}CZ>KQ3O@>~w-Y`b#<$&ZY|R0Mn~2r=rpMP|E=>4fq45lv zj7@g(gePOaS?Q5v9A6wRlgn@;{%y4FGJBSIFM*d3w^hC`WoF^MPw{V`$K>g4?)ufL z1%H@~ZUD?Sa++sq;`&p1R}I*b`(d{qUx)Vm&N%arBBLJFwiD`wuXKt<@5sd0FuoZRILbX%BJvTFxeM;dg=D{;q)SM4u{E-tW`dOLEfJ&7 z<~m^{L`auzc}E8xikUVFM;58zI%ef}D0Y2^IlZ0wi^=8}4f&rq^e=HH9Yu&cE@VT( z>S`dC8t){~ZO*03GS12lTGc9O+p6V4H=P1$8c>XJ4m{@@wxJu?kW3p ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -146,11 +146,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl1_IndexLogic_Stub type t @@ -252,6 +252,7 @@ module ListReversalLasso_Impl3_NonnullPtr use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool use seq.Seq use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -271,7 +272,7 @@ module ListReversalLasso_Impl3_NonnullPtr predicate nonnull_ptr [#"../list_reversal_lasso.rs" 49 4 49 44] (self : ListReversalLasso_Memory_Type.t_memory) (i : usize) = - [#"../list_reversal_lasso.rs" 50 20 50 70] Seq.length (ShallowModel0.shallow_model (ListReversalLasso_Memory_Type.memory_0 self)) <= UIntSize.to_int Max0.mAX' /\ UIntSize.to_int i < Seq.length (ShallowModel0.shallow_model (ListReversalLasso_Memory_Type.memory_0 self)) + [#"../list_reversal_lasso.rs" 50 20 50 70] Int.le (Seq.length (ShallowModel0.shallow_model (ListReversalLasso_Memory_Type.memory_0 self))) (UIntSize.to_int Max0.mAX') /\ Int.lt (UIntSize.to_int i) (Seq.length (ShallowModel0.shallow_model (ListReversalLasso_Memory_Type.memory_0 self))) val nonnull_ptr [#"../list_reversal_lasso.rs" 49 4 49 44] (self : ListReversalLasso_Memory_Type.t_memory) (i : usize) : bool ensures { result = nonnull_ptr self i } @@ -464,7 +465,7 @@ module CreusotContracts_Std1_Slice_Impl5_InBounds use prelude.UIntSize use seq.Seq predicate in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] UIntSize.to_int self < Seq.length seq + [#"../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] Int.lt (UIntSize.to_int self) (Seq.length seq) val in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) : bool ensures { result = in_bounds self seq } @@ -497,6 +498,7 @@ module CreusotContracts_Std1_Slice_Impl5_HasValue use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) = [#"../../../../creusot-contracts/src/std/slice.rs" 115 20 115 37] Seq.get seq (UIntSize.to_int self) = out val has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) : bool @@ -504,9 +506,9 @@ module CreusotContracts_Std1_Slice_Impl5_HasValue end module ListReversalLasso_Impl1_Index_Interface + use prelude.UIntSize use prelude.Borrow use prelude.Int - use prelude.UIntSize use ListReversalLasso_Memory_Type as ListReversalLasso_Memory_Type clone ListReversalLasso_Impl0_IndexLogic_Stub as IndexLogic0 clone ListReversalLasso_Impl3_NonnullPtr_Stub as NonnullPtr0 @@ -635,6 +637,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -708,6 +711,7 @@ module Alloc_Vec_Impl13_IndexMut_Interface type a use prelude.Borrow use seq.Seq + use prelude.Int use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv4 with @@ -781,17 +785,19 @@ module CreusotContracts_Std1_Slice_Impl5_ResolveElswhere use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 122 8 122 96] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i + [#"../../../../creusot-contracts/src/std/slice.rs" 122 8 122 96] forall i : int . Int.le 0 i /\ i <> UIntSize.to_int self /\ Int.lt i (Seq.length old') -> Seq.get old' i = Seq.get fin i val resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) : bool ensures { result = resolve_elswhere self old' fin } end module ListReversalLasso_Impl2_IndexMut_Interface use prelude.Borrow + use prelude.UIntSize use seq.Seq use prelude.Int - use prelude.UIntSize + use prelude.Bool use seq.Seq use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -823,6 +829,7 @@ module ListReversalLasso_Impl2_IndexMut use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Interface as Inv4 with type t = Seq.seq usize @@ -963,6 +970,7 @@ end module ListReversalLasso_Impl3_MemIsWellFormed use prelude.Int use prelude.UIntSize + use prelude.Bool clone ListReversalLasso_Null_Stub as Null0 use ListReversalLasso_Memory_Type as ListReversalLasso_Memory_Type clone ListReversalLasso_Impl0_IndexLogic_Stub as IndexLogic0 @@ -976,8 +984,9 @@ module ListReversalLasso_Impl3_MemIsWellFormed end module ListReversalLasso_Impl4_ListReversalSafe_Interface use prelude.Borrow - use prelude.Int use prelude.UIntSize + use prelude.Bool + use prelude.Int use ListReversalLasso_Memory_Type as ListReversalLasso_Memory_Type clone ListReversalLasso_Impl3_NonnullPtr_Stub as NonnullPtr0 clone ListReversalLasso_Null_Stub as Null0 @@ -991,6 +1000,7 @@ module ListReversalLasso_Impl4_ListReversalSafe use prelude.Int use prelude.UIntSize use prelude.Borrow + use prelude.Bool use seq.Seq use seq.Seq clone CreusotContracts_Invariant_Inv_Interface as Inv1 with @@ -1076,7 +1086,7 @@ module ListReversalLasso_Impl4_ListReversalSafe goto BB2 } BB2 { - switch ([#"../list_reversal_lasso.rs" 71 14 71 23] l <> ([#"../list_reversal_lasso.rs" 71 19 71 23] [#"../list_reversal_lasso.rs" 71 19 71 23] (18446744073709551615 : usize))) + switch ([#"../list_reversal_lasso.rs" 71 14 71 23] UIntSize.ne l ([#"../list_reversal_lasso.rs" 71 19 71 23] [#"../list_reversal_lasso.rs" 71 19 71 23] (18446744073709551615 : usize))) | False -> goto BB6 | True -> goto BB3 end @@ -1130,6 +1140,7 @@ module ListReversalLasso_Impl4_ListSeg use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool use ListReversalLasso_Memory_Type as ListReversalLasso_Memory_Type clone ListReversalLasso_Impl0_IndexLogic_Stub as IndexLogic0 clone ListReversalLasso_Impl3_NonnullPtr_Stub as NonnullPtr0 @@ -1140,11 +1151,11 @@ module ListReversalLasso_Impl4_ListSeg last else Seq.get s l - ) /\ (forall i : int . l <= i /\ i < h -> NonnullPtr0.nonnull_ptr self (Seq.get s i) /\ IndexLogic0.index_logic self (Seq.get s i) = (if i = h - 1 then + ) /\ (forall i : int . Int.le l i /\ Int.lt i h -> NonnullPtr0.nonnull_ptr self (Seq.get s i) /\ IndexLogic0.index_logic self (Seq.get s i) = (if i = Int.sub h 1 then last else - Seq.get s (i + 1) - )) /\ (forall j : int . forall i : int . l <= i /\ i < h /\ l <= j /\ j < h /\ i <> j -> Seq.get s i <> Seq.get s j) + Seq.get s (Int.add i 1) + )) /\ (forall j : int . forall i : int . Int.le l i /\ Int.lt i h /\ Int.le l j /\ Int.lt j h /\ i <> j -> Seq.get s i <> Seq.get s j) val list_seg [#"../list_reversal_lasso.rs" 81 4 81 81] (self : ListReversalLasso_Memory_Type.t_memory) (first : usize) (s : Seq.seq usize) (last : usize) (l : int) (h : int) : bool ensures { result = list_seg self first s last l h } @@ -1186,6 +1197,7 @@ end module Core_Mem_Replace_Interface type t use prelude.Borrow + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = t clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -1217,6 +1229,7 @@ module ListReversalLasso_Impl4_ListReversalList use prelude.UIntSize use prelude.Ghost use seq.Seq + use prelude.Bool use prelude.Borrow use seq.Reverse clone CreusotContracts_Invariant_Inv_Interface as Inv3 with @@ -1323,13 +1336,13 @@ module ListReversalLasso_Impl4_ListReversalList goto BB2 } BB2 { - invariant { [#"../list_reversal_lasso.rs" 103 20 103 44] 0 <= Ghost.inner n /\ Ghost.inner n <= Seq.length (Ghost.inner s) }; + invariant { [#"../list_reversal_lasso.rs" 103 20 103 44] Int.le 0 (Ghost.inner n) /\ Int.le (Ghost.inner n) (Seq.length (Ghost.inner s)) }; invariant { [#"../list_reversal_lasso.rs" 104 20 104 59] ListSeg0.list_seg ( * self) l (Ghost.inner s) Null0.nULL' (Ghost.inner n) (Seq.length (Ghost.inner s)) }; - invariant { [#"../list_reversal_lasso.rs" 105 20 105 76] ListSeg0.list_seg ( * self) r (Reverse.reverse (Ghost.inner s)) Null0.nULL' (Seq.length (Ghost.inner s) - Ghost.inner n) (Seq.length (Ghost.inner s)) }; + invariant { [#"../list_reversal_lasso.rs" 105 20 105 76] ListSeg0.list_seg ( * self) r (Reverse.reverse (Ghost.inner s)) Null0.nULL' (Int.sub (Seq.length (Ghost.inner s)) (Ghost.inner n)) (Seq.length (Ghost.inner s)) }; goto BB3 } BB3 { - switch ([#"../list_reversal_lasso.rs" 107 14 107 23] l <> ([#"../list_reversal_lasso.rs" 107 19 107 23] [#"../list_reversal_lasso.rs" 107 19 107 23] (18446744073709551615 : usize))) + switch ([#"../list_reversal_lasso.rs" 107 14 107 23] UIntSize.ne l ([#"../list_reversal_lasso.rs" 107 19 107 23] [#"../list_reversal_lasso.rs" 107 19 107 23] (18446744073709551615 : usize))) | False -> goto BB9 | True -> goto BB4 end @@ -1366,7 +1379,7 @@ module ListReversalLasso_Impl4_ListReversalList assume { Resolve1.resolve _19 }; l <- _17; _17 <- any usize; - _27 <- ([#"../list_reversal_lasso.rs" 109 16 109 30] Ghost.new (Ghost.inner n + 1)); + _27 <- ([#"../list_reversal_lasso.rs" 109 16 109 30] Ghost.new (Int.add (Ghost.inner n) 1)); goto BB8 } BB8 { @@ -1455,7 +1468,7 @@ module ListReversalLasso_Impl4_ListReversalLoop_Interface type t = usize clone ListReversalLasso_Impl4_Loop_Stub as Loop0 val list_reversal_loop [#"../list_reversal_lasso.rs" 125 4 125 79] (self : borrowed (ListReversalLasso_Memory_Type.t_memory)) (l : usize) (s : Ghost.ghost_ty (Seq.seq usize)) : usize - requires {[#"../list_reversal_lasso.rs" 122 15 122 26] Seq.length (Ghost.inner s) > 0} + requires {[#"../list_reversal_lasso.rs" 122 15 122 26] Int.gt (Seq.length (Ghost.inner s)) 0} requires {[#"../list_reversal_lasso.rs" 123 15 123 32] Loop0.loop_ ( * self) l (Ghost.inner s)} ensures { [#"../list_reversal_lasso.rs" 124 14 124 101] Loop0.loop_ ( ^ self) result (Seq.(++) (Seq.singleton (IndexLogic0.index_logic s 0)) (Reverse.reverse (SeqExt.subsequence (Ghost.inner s) 1 (Seq.length (Ghost.inner s))))) } @@ -1465,6 +1478,7 @@ module ListReversalLasso_Impl4_ListReversalLoop use prelude.UIntSize use prelude.Ghost use seq.Seq + use prelude.Bool use prelude.Borrow use seq.Reverse use seq_ext.SeqExt @@ -1542,7 +1556,7 @@ module ListReversalLasso_Impl4_ListReversalLoop type t = usize clone ListReversalLasso_Null as Null0 let rec cfg list_reversal_loop [#"../list_reversal_lasso.rs" 125 4 125 79] [@cfg:stackify] [@cfg:subregion_analysis] (self : borrowed (ListReversalLasso_Memory_Type.t_memory)) (l : usize) (s : Ghost.ghost_ty (Seq.seq usize)) : usize - requires {[#"../list_reversal_lasso.rs" 122 15 122 26] Seq.length (Ghost.inner s) > 0} + requires {[#"../list_reversal_lasso.rs" 122 15 122 26] Int.gt (Seq.length (Ghost.inner s)) 0} requires {[#"../list_reversal_lasso.rs" 123 15 123 32] Loop0.loop_ ( * self) l (Ghost.inner s)} ensures { [#"../list_reversal_lasso.rs" 124 14 124 101] Loop0.loop_ ( ^ self) result (Seq.(++) (Seq.singleton (IndexLogic0.index_logic s 0)) (Reverse.reverse (SeqExt.subsequence (Ghost.inner s) 1 (Seq.length (Ghost.inner s))))) } @@ -1574,20 +1588,20 @@ module ListReversalLasso_Impl4_ListReversalLoop goto BB2 } BB2 { - invariant { [#"../list_reversal_lasso.rs" 129 20 129 48] 0 <= Ghost.inner n /\ Ghost.inner n <= Seq.length (Ghost.inner s) + 1 }; - invariant { [#"../list_reversal_lasso.rs" 129 8 129 50] Ghost.inner n = Seq.length (Ghost.inner s) + 1 -> l = Null0.nULL' /\ r = IndexLogic0.index_logic s 0 /\ NonnullPtr0.nonnull_ptr ( * self) r /\ IndexLogic1.index_logic ( * self) r = IndexLogic0.index_logic s (Seq.length (Ghost.inner s) - 1) /\ ListSeg0.list_seg ( * self) (IndexLogic0.index_logic s (Seq.length (Ghost.inner s) - 1)) (Reverse.reverse (Ghost.inner s)) (IndexLogic0.index_logic s 0) 0 (Seq.length (Ghost.inner s) - 1) }; - invariant { [#"../list_reversal_lasso.rs" 129 8 129 50] Ghost.inner n <= Seq.length (Ghost.inner s) -> ListSeg0.list_seg ( * self) l (Ghost.inner s) (IndexLogic0.index_logic s 0) (Ghost.inner n) (Seq.length (Ghost.inner s)) }; - invariant { [#"../list_reversal_lasso.rs" 129 8 129 50] Ghost.inner n <= Seq.length (Ghost.inner s) -> ListSeg0.list_seg ( * self) r (Reverse.reverse (Ghost.inner s)) Null0.nULL' (Seq.length (Ghost.inner s) - Ghost.inner n) (Seq.length (Ghost.inner s)) }; + invariant { [#"../list_reversal_lasso.rs" 129 20 129 48] Int.le 0 (Ghost.inner n) /\ Int.le (Ghost.inner n) (Int.add (Seq.length (Ghost.inner s)) 1) }; + invariant { [#"../list_reversal_lasso.rs" 129 8 129 50] Ghost.inner n = Int.add (Seq.length (Ghost.inner s)) 1 -> l = Null0.nULL' /\ r = IndexLogic0.index_logic s 0 /\ NonnullPtr0.nonnull_ptr ( * self) r /\ IndexLogic1.index_logic ( * self) r = IndexLogic0.index_logic s (Int.sub (Seq.length (Ghost.inner s)) 1) /\ ListSeg0.list_seg ( * self) (IndexLogic0.index_logic s (Int.sub (Seq.length (Ghost.inner s)) 1)) (Reverse.reverse (Ghost.inner s)) (IndexLogic0.index_logic s 0) 0 (Int.sub (Seq.length (Ghost.inner s)) 1) }; + invariant { [#"../list_reversal_lasso.rs" 129 8 129 50] Int.le (Ghost.inner n) (Seq.length (Ghost.inner s)) -> ListSeg0.list_seg ( * self) l (Ghost.inner s) (IndexLogic0.index_logic s 0) (Ghost.inner n) (Seq.length (Ghost.inner s)) }; + invariant { [#"../list_reversal_lasso.rs" 129 8 129 50] Int.le (Ghost.inner n) (Seq.length (Ghost.inner s)) -> ListSeg0.list_seg ( * self) r (Reverse.reverse (Ghost.inner s)) Null0.nULL' (Int.sub (Seq.length (Ghost.inner s)) (Ghost.inner n)) (Seq.length (Ghost.inner s)) }; goto BB3 } BB3 { - switch ([#"../list_reversal_lasso.rs" 137 14 137 23] l <> ([#"../list_reversal_lasso.rs" 137 19 137 23] [#"../list_reversal_lasso.rs" 137 19 137 23] (18446744073709551615 : usize))) + switch ([#"../list_reversal_lasso.rs" 137 14 137 23] UIntSize.ne l ([#"../list_reversal_lasso.rs" 137 19 137 23] [#"../list_reversal_lasso.rs" 137 19 137 23] (18446744073709551615 : usize))) | False -> goto BB9 | True -> goto BB4 end } BB4 { - assert { [@expl:assertion] [#"../list_reversal_lasso.rs" 138 12 138 77] Ghost.inner n = Seq.length (Ghost.inner s) -> l = Seq.get (Reverse.reverse (Ghost.inner s)) (Seq.length (Ghost.inner s) - 1) }; + assert { [@expl:assertion] [#"../list_reversal_lasso.rs" 138 12 138 77] Ghost.inner n = Seq.length (Ghost.inner s) -> l = Seq.get (Reverse.reverse (Ghost.inner s)) (Int.sub (Seq.length (Ghost.inner s)) 1) }; _25 <- Borrow.borrow_mut ( * self); self <- { self with current = ( ^ _25) }; _24 <- ([#"../list_reversal_lasso.rs" 139 39 139 46] IndexMut0.index_mut _25 l); @@ -1619,7 +1633,7 @@ module ListReversalLasso_Impl4_ListReversalLoop assume { Resolve1.resolve _23 }; l <- _21; _21 <- any usize; - _31 <- ([#"../list_reversal_lasso.rs" 140 16 140 30] Ghost.new (Ghost.inner n + 1)); + _31 <- ([#"../list_reversal_lasso.rs" 140 16 140 30] Ghost.new (Int.add (Ghost.inner n) 1)); goto BB8 } BB8 { @@ -1629,10 +1643,10 @@ module ListReversalLasso_Impl4_ListReversalLoop } BB9 { assume { Resolve0.resolve self }; - assert { [@expl:assertion] [#"../list_reversal_lasso.rs" 143 8 145 54] forall i : int . 0 <= i /\ i < Seq.length (Ghost.inner s) -> Seq.get (Seq.(++) (Seq.singleton (IndexLogic0.index_logic s 0)) (Reverse.reverse (SeqExt.subsequence (Ghost.inner s) 1 (Seq.length (Ghost.inner s))))) i = (if i = 0 then + assert { [@expl:assertion] [#"../list_reversal_lasso.rs" 143 8 145 54] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (Ghost.inner s)) -> Seq.get (Seq.(++) (Seq.singleton (IndexLogic0.index_logic s 0)) (Reverse.reverse (SeqExt.subsequence (Ghost.inner s) 1 (Seq.length (Ghost.inner s))))) i = (if i = 0 then IndexLogic0.index_logic s 0 else - Seq.get (Reverse.reverse (Ghost.inner s)) (i - 1) + Seq.get (Reverse.reverse (Ghost.inner s)) (Int.sub i 1) ) }; _0 <- r; return _0 @@ -1662,16 +1676,17 @@ module ListReversalLasso_Impl4_Lasso use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool use ListReversalLasso_Memory_Type as ListReversalLasso_Memory_Type clone ListReversalLasso_Impl4_ListSeg_Stub as ListSeg0 predicate lasso [#"../list_reversal_lasso.rs" 151 4 151 70] (self : ListReversalLasso_Memory_Type.t_memory) (first : usize) (s1 : Seq.seq usize) (s2 : Seq.seq usize) = [#"../list_reversal_lasso.rs" 152 8 158 9] let mid = if Seq.length s2 = 0 then - Seq.get s1 (Seq.length s1 - 1) + Seq.get s1 (Int.sub (Seq.length s1) 1) else Seq.get s2 0 - in Seq.length s1 > 0 /\ (forall j : int . forall i : int . 0 <= i /\ i < Seq.length s1 /\ 0 <= j /\ j < Seq.length s2 -> Seq.get s1 i <> Seq.get s2 j) /\ ListSeg0.list_seg self first s1 mid 0 (Seq.length s1) /\ ListSeg0.list_seg self mid s2 (Seq.get s1 (Seq.length s1 - 1)) 0 (Seq.length s2) + in Int.gt (Seq.length s1) 0 /\ (forall j : int . forall i : int . Int.le 0 i /\ Int.lt i (Seq.length s1) /\ Int.le 0 j /\ Int.lt j (Seq.length s2) -> Seq.get s1 i <> Seq.get s2 j) /\ ListSeg0.list_seg self first s1 mid 0 (Seq.length s1) /\ ListSeg0.list_seg self mid s2 (Seq.get s1 (Int.sub (Seq.length s1) 1)) 0 (Seq.length s2) val lasso [#"../list_reversal_lasso.rs" 151 4 151 70] (self : ListReversalLasso_Memory_Type.t_memory) (first : usize) (s1 : Seq.seq usize) (s2 : Seq.seq usize) : bool ensures { result = lasso self first s1 s2 } @@ -1695,6 +1710,7 @@ module ListReversalLasso_Impl4_ListReversalLasso use prelude.UIntSize use prelude.Ghost use seq.Seq + use prelude.Bool use prelude.Borrow use seq.Reverse clone CreusotContracts_Invariant_Inv_Interface as Inv3 with @@ -1803,22 +1819,22 @@ module ListReversalLasso_Impl4_ListReversalLasso goto BB2 } BB2 { - invariant { [#"../list_reversal_lasso.rs" 172 20 172 58] 0 <= Ghost.inner n /\ Ghost.inner n <= 2 * Seq.length (Ghost.inner s1) + Seq.length (Ghost.inner s2) }; + invariant { [#"../list_reversal_lasso.rs" 172 20 172 58] Int.le 0 (Ghost.inner n) /\ Int.le (Ghost.inner n) (Int.add (Int.mul 2 (Seq.length (Ghost.inner s1))) (Seq.length (Ghost.inner s2))) }; invariant { [#"../list_reversal_lasso.rs" 172 8 172 60] let mid = if Seq.length (Ghost.inner s2) = 0 then - IndexLogic0.index_logic s1 (Seq.length (Ghost.inner s1) - 1) + IndexLogic0.index_logic s1 (Int.sub (Seq.length (Ghost.inner s1)) 1) else IndexLogic0.index_logic s2 0 - in Ghost.inner n <= Seq.length (Ghost.inner s1) -> ListSeg0.list_seg ( * self) l (Ghost.inner s1) mid (Ghost.inner n) (Seq.length (Ghost.inner s1)) /\ ListSeg0.list_seg ( * self) mid (Ghost.inner s2) (IndexLogic0.index_logic s1 (Seq.length (Ghost.inner s1) - 1)) 0 (Seq.length (Ghost.inner s2)) /\ ListSeg0.list_seg ( * self) r (Reverse.reverse (Ghost.inner s1)) Null0.nULL' (Seq.length (Ghost.inner s1) - Ghost.inner n) (Seq.length (Ghost.inner s1)) }; - invariant { [#"../list_reversal_lasso.rs" 172 8 172 60] Seq.length (Ghost.inner s1) < Ghost.inner n /\ Ghost.inner n <= Seq.length (Ghost.inner s1) + Seq.length (Ghost.inner s2) -> ListSeg0.list_seg ( * self) l (Ghost.inner s2) (IndexLogic0.index_logic s1 (Seq.length (Ghost.inner s1) - 1)) (Ghost.inner n - Seq.length (Ghost.inner s1)) (Seq.length (Ghost.inner s2)) /\ ListSeg0.list_seg ( * self) r (Reverse.reverse (Ghost.inner s2)) (IndexLogic0.index_logic s1 (Seq.length (Ghost.inner s1) - 1)) (Seq.length (Ghost.inner s1) + Seq.length (Ghost.inner s2) - Ghost.inner n) (Seq.length (Ghost.inner s2)) /\ ListSeg0.list_seg ( * self) (IndexLogic0.index_logic s1 (Seq.length (Ghost.inner s1) - 1)) (Reverse.reverse (Ghost.inner s1)) Null0.nULL' 0 (Seq.length (Ghost.inner s1)) }; + in Int.le (Ghost.inner n) (Seq.length (Ghost.inner s1)) -> ListSeg0.list_seg ( * self) l (Ghost.inner s1) mid (Ghost.inner n) (Seq.length (Ghost.inner s1)) /\ ListSeg0.list_seg ( * self) mid (Ghost.inner s2) (IndexLogic0.index_logic s1 (Int.sub (Seq.length (Ghost.inner s1)) 1)) 0 (Seq.length (Ghost.inner s2)) /\ ListSeg0.list_seg ( * self) r (Reverse.reverse (Ghost.inner s1)) Null0.nULL' (Int.sub (Seq.length (Ghost.inner s1)) (Ghost.inner n)) (Seq.length (Ghost.inner s1)) }; + invariant { [#"../list_reversal_lasso.rs" 172 8 172 60] Int.lt (Seq.length (Ghost.inner s1)) (Ghost.inner n) /\ Int.le (Ghost.inner n) (Int.add (Seq.length (Ghost.inner s1)) (Seq.length (Ghost.inner s2))) -> ListSeg0.list_seg ( * self) l (Ghost.inner s2) (IndexLogic0.index_logic s1 (Int.sub (Seq.length (Ghost.inner s1)) 1)) (Int.sub (Ghost.inner n) (Seq.length (Ghost.inner s1))) (Seq.length (Ghost.inner s2)) /\ ListSeg0.list_seg ( * self) r (Reverse.reverse (Ghost.inner s2)) (IndexLogic0.index_logic s1 (Int.sub (Seq.length (Ghost.inner s1)) 1)) (Int.sub (Int.add (Seq.length (Ghost.inner s1)) (Seq.length (Ghost.inner s2))) (Ghost.inner n)) (Seq.length (Ghost.inner s2)) /\ ListSeg0.list_seg ( * self) (IndexLogic0.index_logic s1 (Int.sub (Seq.length (Ghost.inner s1)) 1)) (Reverse.reverse (Ghost.inner s1)) Null0.nULL' 0 (Seq.length (Ghost.inner s1)) }; invariant { [#"../list_reversal_lasso.rs" 172 8 172 60] let mid = if Seq.length (Ghost.inner s2) = 0 then - IndexLogic0.index_logic s1 (Seq.length (Ghost.inner s1) - 1) + IndexLogic0.index_logic s1 (Int.sub (Seq.length (Ghost.inner s1)) 1) else - IndexLogic0.index_logic s2 (Seq.length (Ghost.inner s2) - 1) - in Seq.length (Ghost.inner s1) + Seq.length (Ghost.inner s2) < Ghost.inner n -> ListSeg0.list_seg ( * self) l (Reverse.reverse (Ghost.inner s1)) Null0.nULL' (Ghost.inner n - Seq.length (Ghost.inner s1) - Seq.length (Ghost.inner s2)) (Seq.length (Ghost.inner s1)) /\ ListSeg0.list_seg ( * self) r (Ghost.inner s1) mid (2 * Seq.length (Ghost.inner s1) + Seq.length (Ghost.inner s2) - Ghost.inner n) (Seq.length (Ghost.inner s1)) /\ ListSeg0.list_seg ( * self) mid (Reverse.reverse (Ghost.inner s2)) (IndexLogic0.index_logic s1 (Seq.length (Ghost.inner s1) - 1)) 0 (Seq.length (Ghost.inner s2)) }; + IndexLogic0.index_logic s2 (Int.sub (Seq.length (Ghost.inner s2)) 1) + in Int.lt (Int.add (Seq.length (Ghost.inner s1)) (Seq.length (Ghost.inner s2))) (Ghost.inner n) -> ListSeg0.list_seg ( * self) l (Reverse.reverse (Ghost.inner s1)) Null0.nULL' (Int.sub (Int.sub (Ghost.inner n) (Seq.length (Ghost.inner s1))) (Seq.length (Ghost.inner s2))) (Seq.length (Ghost.inner s1)) /\ ListSeg0.list_seg ( * self) r (Ghost.inner s1) mid (Int.sub (Int.add (Int.mul 2 (Seq.length (Ghost.inner s1))) (Seq.length (Ghost.inner s2))) (Ghost.inner n)) (Seq.length (Ghost.inner s1)) /\ ListSeg0.list_seg ( * self) mid (Reverse.reverse (Ghost.inner s2)) (IndexLogic0.index_logic s1 (Int.sub (Seq.length (Ghost.inner s1)) 1)) 0 (Seq.length (Ghost.inner s2)) }; goto BB3 } BB3 { - switch ([#"../list_reversal_lasso.rs" 190 14 190 23] l <> ([#"../list_reversal_lasso.rs" 190 19 190 23] [#"../list_reversal_lasso.rs" 190 19 190 23] (18446744073709551615 : usize))) + switch ([#"../list_reversal_lasso.rs" 190 14 190 23] UIntSize.ne l ([#"../list_reversal_lasso.rs" 190 19 190 23] [#"../list_reversal_lasso.rs" 190 19 190 23] (18446744073709551615 : usize))) | False -> goto BB9 | True -> goto BB4 end @@ -1855,7 +1871,7 @@ module ListReversalLasso_Impl4_ListReversalLasso assume { Resolve1.resolve _21 }; l <- _19; _19 <- any usize; - _29 <- ([#"../list_reversal_lasso.rs" 192 16 192 30] Ghost.new (Ghost.inner n + 1)); + _29 <- ([#"../list_reversal_lasso.rs" 192 16 192 30] Ghost.new (Int.add (Ghost.inner n) 1)); goto BB8 } BB8 { @@ -1879,6 +1895,7 @@ end module ListReversalLasso_Impl4_FindPtrInSeq_Stub use prelude.Int use seq.Seq + use prelude.Bool use prelude.UIntSize use prelude.Int use Core_Option_Option_Type as Core_Option_Option_Type @@ -1888,95 +1905,101 @@ end module ListReversalLasso_Impl4_FindPtrInSeq_Interface use prelude.Int use seq.Seq + use prelude.Bool use prelude.UIntSize use prelude.Int use Core_Option_Option_Type as Core_Option_Option_Type function find_ptr_in_seq [#"../list_reversal_lasso.rs" 204 4 204 66] (s : Seq.seq usize) (i : int) (p : int) : Core_Option_Option_Type.t_option int val find_ptr_in_seq [#"../list_reversal_lasso.rs" 204 4 204 66] (s : Seq.seq usize) (i : int) (p : int) : Core_Option_Option_Type.t_option int - requires {[#"../list_reversal_lasso.rs" 198 15 198 37] 0 <= i /\ i <= Seq.length s} + requires {[#"../list_reversal_lasso.rs" 198 15 198 37] Int.le 0 i /\ Int.le i (Seq.length s)} ensures { [#"../list_reversal_lasso.rs" 199 14 202 5] match (result) with - | Core_Option_Option_Type.C_None -> forall j : int . i <= j /\ j < Seq.length s -> UIntSize.to_int (Seq.get s j) <> p - | Core_Option_Option_Type.C_Some j -> i <= j /\ j < Seq.length s /\ UIntSize.to_int (Seq.get s j) = p + | Core_Option_Option_Type.C_None -> forall j : int . Int.le i j /\ Int.lt j (Seq.length s) -> UIntSize.to_int (Seq.get s j) <> p + | Core_Option_Option_Type.C_Some j -> Int.le i j /\ Int.lt j (Seq.length s) /\ UIntSize.to_int (Seq.get s j) = p end } ensures { result = find_ptr_in_seq s i p } - axiom find_ptr_in_seq_spec : forall s : Seq.seq usize, i : int, p : int . ([#"../list_reversal_lasso.rs" 198 15 198 37] 0 <= i /\ i <= Seq.length s) -> ([#"../list_reversal_lasso.rs" 199 14 202 5] match (find_ptr_in_seq s i p) with - | Core_Option_Option_Type.C_None -> forall j : int . i <= j /\ j < Seq.length s -> UIntSize.to_int (Seq.get s j) <> p - | Core_Option_Option_Type.C_Some j -> i <= j /\ j < Seq.length s /\ UIntSize.to_int (Seq.get s j) = p + axiom find_ptr_in_seq_spec : forall s : Seq.seq usize, i : int, p : int . ([#"../list_reversal_lasso.rs" 198 15 198 37] Int.le 0 i /\ Int.le i (Seq.length s)) -> ([#"../list_reversal_lasso.rs" 199 14 202 5] match (find_ptr_in_seq s i p) with + | Core_Option_Option_Type.C_None -> forall j : int . Int.le i j /\ Int.lt j (Seq.length s) -> UIntSize.to_int (Seq.get s j) <> p + | Core_Option_Option_Type.C_Some j -> Int.le i j /\ Int.lt j (Seq.length s) /\ UIntSize.to_int (Seq.get s j) = p end) end module ListReversalLasso_Impl4_FindPtrInSeq use prelude.Int use seq.Seq + use prelude.Bool use prelude.UIntSize use prelude.Int use Core_Option_Option_Type as Core_Option_Option_Type function find_ptr_in_seq [#"../list_reversal_lasso.rs" 204 4 204 66] (s : Seq.seq usize) (i : int) (p : int) : Core_Option_Option_Type.t_option int val find_ptr_in_seq [#"../list_reversal_lasso.rs" 204 4 204 66] (s : Seq.seq usize) (i : int) (p : int) : Core_Option_Option_Type.t_option int - requires {[#"../list_reversal_lasso.rs" 198 15 198 37] 0 <= i /\ i <= Seq.length s} + requires {[#"../list_reversal_lasso.rs" 198 15 198 37] Int.le 0 i /\ Int.le i (Seq.length s)} ensures { [#"../list_reversal_lasso.rs" 199 14 202 5] match (result) with - | Core_Option_Option_Type.C_None -> forall j : int . i <= j /\ j < Seq.length s -> UIntSize.to_int (Seq.get s j) <> p - | Core_Option_Option_Type.C_Some j -> i <= j /\ j < Seq.length s /\ UIntSize.to_int (Seq.get s j) = p + | Core_Option_Option_Type.C_None -> forall j : int . Int.le i j /\ Int.lt j (Seq.length s) -> UIntSize.to_int (Seq.get s j) <> p + | Core_Option_Option_Type.C_Some j -> Int.le i j /\ Int.lt j (Seq.length s) /\ UIntSize.to_int (Seq.get s j) = p end } ensures { result = find_ptr_in_seq s i p } axiom def : forall s : Seq.seq usize, i : int, p : int . find_ptr_in_seq s i p = ([#"../list_reversal_lasso.rs" 205 8 209 9] if i = Seq.length s then Core_Option_Option_Type.C_None else - if UIntSize.to_int (Seq.get s i) = p then Core_Option_Option_Type.C_Some i else find_ptr_in_seq s (i + 1) p + if UIntSize.to_int (Seq.get s i) = p then Core_Option_Option_Type.C_Some i else find_ptr_in_seq s (Int.add i 1) p ) - axiom find_ptr_in_seq_spec : forall s : Seq.seq usize, i : int, p : int . ([#"../list_reversal_lasso.rs" 198 15 198 37] 0 <= i /\ i <= Seq.length s) -> ([#"../list_reversal_lasso.rs" 199 14 202 5] match (find_ptr_in_seq s i p) with - | Core_Option_Option_Type.C_None -> forall j : int . i <= j /\ j < Seq.length s -> UIntSize.to_int (Seq.get s j) <> p - | Core_Option_Option_Type.C_Some j -> i <= j /\ j < Seq.length s /\ UIntSize.to_int (Seq.get s j) = p + axiom find_ptr_in_seq_spec : forall s : Seq.seq usize, i : int, p : int . ([#"../list_reversal_lasso.rs" 198 15 198 37] Int.le 0 i /\ Int.le i (Seq.length s)) -> ([#"../list_reversal_lasso.rs" 199 14 202 5] match (find_ptr_in_seq s i p) with + | Core_Option_Option_Type.C_None -> forall j : int . Int.le i j /\ Int.lt j (Seq.length s) -> UIntSize.to_int (Seq.get s j) <> p + | Core_Option_Option_Type.C_Some j -> Int.le i j /\ Int.lt j (Seq.length s) /\ UIntSize.to_int (Seq.get s j) = p end) end module ListReversalLasso_Impl4_FindPtrInSeq_Impl use prelude.Int use seq.Seq + use prelude.Bool use prelude.UIntSize use prelude.Int use Core_Option_Option_Type as Core_Option_Option_Type let rec ghost function find_ptr_in_seq [#"../list_reversal_lasso.rs" 204 4 204 66] (s : Seq.seq usize) (i : int) (p : int) : Core_Option_Option_Type.t_option int - requires {[#"../list_reversal_lasso.rs" 198 15 198 37] 0 <= i /\ i <= Seq.length s} + requires {[#"../list_reversal_lasso.rs" 198 15 198 37] Int.le 0 i /\ Int.le i (Seq.length s)} ensures { [#"../list_reversal_lasso.rs" 199 14 202 5] match (result) with - | Core_Option_Option_Type.C_None -> forall j : int . i <= j /\ j < Seq.length s -> UIntSize.to_int (Seq.get s j) <> p - | Core_Option_Option_Type.C_Some j -> i <= j /\ j < Seq.length s /\ UIntSize.to_int (Seq.get s j) = p + | Core_Option_Option_Type.C_None -> forall j : int . Int.le i j /\ Int.lt j (Seq.length s) -> UIntSize.to_int (Seq.get s j) <> p + | Core_Option_Option_Type.C_Some j -> Int.le i j /\ Int.lt j (Seq.length s) /\ UIntSize.to_int (Seq.get s j) = p end } - variant {[#"../list_reversal_lasso.rs" 203 14 203 25] Seq.length s - i} + variant {[#"../list_reversal_lasso.rs" 203 14 203 25] Int.sub (Seq.length s) i} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../list_reversal_lasso.rs" 205 8 209 9] if pure {i = Seq.length s} then + [#"../list_reversal_lasso.rs" 205 8 209 9] if i = Seq.length s then Core_Option_Option_Type.C_None else - if pure {UIntSize.to_int (Seq.get s i) = p} then Core_Option_Option_Type.C_Some i else find_ptr_in_seq s (i + 1) p + if UIntSize.to_int (Seq.get s i) = p then Core_Option_Option_Type.C_Some i else find_ptr_in_seq s (Int.add i 1) p end module ListReversalLasso_Impl4_Pigeon_Stub use prelude.Int use seq.Seq + use prelude.Bool use prelude.UIntSize function pigeon [#"../list_reversal_lasso.rs" 219 4 219 42] (s : Seq.seq usize) (n : int) : bool end module ListReversalLasso_Impl4_Pigeon_Interface use prelude.Int use seq.Seq + use prelude.Bool use prelude.UIntSize function pigeon [#"../list_reversal_lasso.rs" 219 4 219 42] (s : Seq.seq usize) (n : int) : bool val pigeon [#"../list_reversal_lasso.rs" 219 4 219 42] (s : Seq.seq usize) (n : int) : bool - requires {[#"../list_reversal_lasso.rs" 213 15 213 21] 0 <= n} - requires {[#"../list_reversal_lasso.rs" 214 4 214 67] forall i : int . 0 <= i /\ i < Seq.length s -> UIntSize.to_int (Seq.get s i) < n} - requires {[#"../list_reversal_lasso.rs" 215 4 215 113] forall j : int . forall i : int . 0 <= i /\ i < Seq.length s /\ 0 <= j /\ j < Seq.length s /\ i <> j -> Seq.get s i <> Seq.get s j} - ensures { [#"../list_reversal_lasso.rs" 216 14 216 26] Seq.length s <= n } + requires {[#"../list_reversal_lasso.rs" 213 15 213 21] Int.le 0 n} + requires {[#"../list_reversal_lasso.rs" 214 4 214 67] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length s) -> Int.lt (UIntSize.to_int (Seq.get s i)) n} + requires {[#"../list_reversal_lasso.rs" 215 4 215 113] forall j : int . forall i : int . Int.le 0 i /\ Int.lt i (Seq.length s) /\ Int.le 0 j /\ Int.lt j (Seq.length s) /\ i <> j -> Seq.get s i <> Seq.get s j} + ensures { [#"../list_reversal_lasso.rs" 216 14 216 26] Int.le (Seq.length s) n } ensures { [#"../list_reversal_lasso.rs" 217 14 217 20] result } ensures { result = pigeon s n } - axiom pigeon_spec : forall s : Seq.seq usize, n : int . ([#"../list_reversal_lasso.rs" 213 15 213 21] 0 <= n) -> ([#"../list_reversal_lasso.rs" 214 4 214 67] forall i : int . 0 <= i /\ i < Seq.length s -> UIntSize.to_int (Seq.get s i) < n) -> ([#"../list_reversal_lasso.rs" 215 4 215 113] forall j : int . forall i : int . 0 <= i /\ i < Seq.length s /\ 0 <= j /\ j < Seq.length s /\ i <> j -> Seq.get s i <> Seq.get s j) -> ([#"../list_reversal_lasso.rs" 217 14 217 20] pigeon s n) && ([#"../list_reversal_lasso.rs" 216 14 216 26] Seq.length s <= n) + axiom pigeon_spec : forall s : Seq.seq usize, n : int . ([#"../list_reversal_lasso.rs" 213 15 213 21] Int.le 0 n) -> ([#"../list_reversal_lasso.rs" 214 4 214 67] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length s) -> Int.lt (UIntSize.to_int (Seq.get s i)) n) -> ([#"../list_reversal_lasso.rs" 215 4 215 113] forall j : int . forall i : int . Int.le 0 i /\ Int.lt i (Seq.length s) /\ Int.le 0 j /\ Int.lt j (Seq.length s) /\ i <> j -> Seq.get s i <> Seq.get s j) -> ([#"../list_reversal_lasso.rs" 217 14 217 20] pigeon s n) && ([#"../list_reversal_lasso.rs" 216 14 216 26] Int.le (Seq.length s) n) end module ListReversalLasso_Impl4_Pigeon use prelude.Int use seq.Seq + use prelude.Bool use prelude.UIntSize use seq_ext.SeqExt use prelude.Int @@ -1985,29 +2008,30 @@ module ListReversalLasso_Impl4_Pigeon axiom . function pigeon [#"../list_reversal_lasso.rs" 219 4 219 42] (s : Seq.seq usize) (n : int) : bool val pigeon [#"../list_reversal_lasso.rs" 219 4 219 42] (s : Seq.seq usize) (n : int) : bool - requires {[#"../list_reversal_lasso.rs" 213 15 213 21] 0 <= n} - requires {[#"../list_reversal_lasso.rs" 214 4 214 67] forall i : int . 0 <= i /\ i < Seq.length s -> UIntSize.to_int (Seq.get s i) < n} - requires {[#"../list_reversal_lasso.rs" 215 4 215 113] forall j : int . forall i : int . 0 <= i /\ i < Seq.length s /\ 0 <= j /\ j < Seq.length s /\ i <> j -> Seq.get s i <> Seq.get s j} - ensures { [#"../list_reversal_lasso.rs" 216 14 216 26] Seq.length s <= n } + requires {[#"../list_reversal_lasso.rs" 213 15 213 21] Int.le 0 n} + requires {[#"../list_reversal_lasso.rs" 214 4 214 67] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length s) -> Int.lt (UIntSize.to_int (Seq.get s i)) n} + requires {[#"../list_reversal_lasso.rs" 215 4 215 113] forall j : int . forall i : int . Int.le 0 i /\ Int.lt i (Seq.length s) /\ Int.le 0 j /\ Int.lt j (Seq.length s) /\ i <> j -> Seq.get s i <> Seq.get s j} + ensures { [#"../list_reversal_lasso.rs" 216 14 216 26] Int.le (Seq.length s) n } ensures { [#"../list_reversal_lasso.rs" 217 14 217 20] result } ensures { result = pigeon s n } axiom def : forall s : Seq.seq usize, n : int . pigeon s n = ([#"../list_reversal_lasso.rs" 220 8 232 9] if n = 0 then true else - match (FindPtrInSeq0.find_ptr_in_seq s 0 (n - 1)) with - | Core_Option_Option_Type.C_None -> pigeon s (n - 1) - | Core_Option_Option_Type.C_Some i -> match (FindPtrInSeq0.find_ptr_in_seq s (i + 1) (n - 1)) with - | Core_Option_Option_Type.C_None -> pigeon (Seq.(++) (SeqExt.subsequence s 0 i) (SeqExt.subsequence s (i + 1) (Seq.length s))) (n - 1) + match (FindPtrInSeq0.find_ptr_in_seq s 0 (Int.sub n 1)) with + | Core_Option_Option_Type.C_None -> pigeon s (Int.sub n 1) + | Core_Option_Option_Type.C_Some i -> match (FindPtrInSeq0.find_ptr_in_seq s (Int.add i 1) (Int.sub n 1)) with + | Core_Option_Option_Type.C_None -> pigeon (Seq.(++) (SeqExt.subsequence s 0 i) (SeqExt.subsequence s (Int.add i 1) (Seq.length s))) (Int.sub n 1) | Core_Option_Option_Type.C_Some _ -> true end end ) - axiom pigeon_spec : forall s : Seq.seq usize, n : int . ([#"../list_reversal_lasso.rs" 213 15 213 21] 0 <= n) -> ([#"../list_reversal_lasso.rs" 214 4 214 67] forall i : int . 0 <= i /\ i < Seq.length s -> UIntSize.to_int (Seq.get s i) < n) -> ([#"../list_reversal_lasso.rs" 215 4 215 113] forall j : int . forall i : int . 0 <= i /\ i < Seq.length s /\ 0 <= j /\ j < Seq.length s /\ i <> j -> Seq.get s i <> Seq.get s j) -> ([#"../list_reversal_lasso.rs" 217 14 217 20] pigeon s n) && ([#"../list_reversal_lasso.rs" 216 14 216 26] Seq.length s <= n) + axiom pigeon_spec : forall s : Seq.seq usize, n : int . ([#"../list_reversal_lasso.rs" 213 15 213 21] Int.le 0 n) -> ([#"../list_reversal_lasso.rs" 214 4 214 67] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length s) -> Int.lt (UIntSize.to_int (Seq.get s i)) n) -> ([#"../list_reversal_lasso.rs" 215 4 215 113] forall j : int . forall i : int . Int.le 0 i /\ Int.lt i (Seq.length s) /\ Int.le 0 j /\ Int.lt j (Seq.length s) /\ i <> j -> Seq.get s i <> Seq.get s j) -> ([#"../list_reversal_lasso.rs" 217 14 217 20] pigeon s n) && ([#"../list_reversal_lasso.rs" 216 14 216 26] Int.le (Seq.length s) n) end module ListReversalLasso_Impl4_Pigeon_Impl use prelude.Int use seq.Seq + use prelude.Bool use prelude.UIntSize use seq_ext.SeqExt use prelude.Int @@ -2015,30 +2039,31 @@ module ListReversalLasso_Impl4_Pigeon_Impl clone ListReversalLasso_Impl4_FindPtrInSeq as FindPtrInSeq0 with axiom . let rec ghost function pigeon [#"../list_reversal_lasso.rs" 219 4 219 42] (s : Seq.seq usize) (n : int) : bool - requires {[#"../list_reversal_lasso.rs" 213 15 213 21] 0 <= n} - requires {[#"../list_reversal_lasso.rs" 214 4 214 67] forall i : int . 0 <= i /\ i < Seq.length s -> UIntSize.to_int (Seq.get s i) < n} - requires {[#"../list_reversal_lasso.rs" 215 4 215 113] forall j : int . forall i : int . 0 <= i /\ i < Seq.length s /\ 0 <= j /\ j < Seq.length s /\ i <> j -> Seq.get s i <> Seq.get s j} - ensures { [#"../list_reversal_lasso.rs" 216 14 216 26] Seq.length s <= n } + requires {[#"../list_reversal_lasso.rs" 213 15 213 21] Int.le 0 n} + requires {[#"../list_reversal_lasso.rs" 214 4 214 67] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length s) -> Int.lt (UIntSize.to_int (Seq.get s i)) n} + requires {[#"../list_reversal_lasso.rs" 215 4 215 113] forall j : int . forall i : int . Int.le 0 i /\ Int.lt i (Seq.length s) /\ Int.le 0 j /\ Int.lt j (Seq.length s) /\ i <> j -> Seq.get s i <> Seq.get s j} + ensures { [#"../list_reversal_lasso.rs" 216 14 216 26] Int.le (Seq.length s) n } ensures { [#"../list_reversal_lasso.rs" 217 14 217 20] result } variant {[#"../list_reversal_lasso.rs" 218 14 218 15] n} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../list_reversal_lasso.rs" 220 8 232 9] if pure {n = 0} then + [#"../list_reversal_lasso.rs" 220 8 232 9] if n = 0 then true else - match (FindPtrInSeq0.find_ptr_in_seq s 0 (n - 1)) with - | Core_Option_Option_Type.C_None -> pigeon s (n - 1) - | Core_Option_Option_Type.C_Some i -> match (FindPtrInSeq0.find_ptr_in_seq s (i + 1) (n - 1)) with - | Core_Option_Option_Type.C_None -> pigeon (Seq.(++) (SeqExt.subsequence s 0 i) (SeqExt.subsequence s (i + 1) (Seq.length s))) (n - 1) + match (FindPtrInSeq0.find_ptr_in_seq s 0 (Int.sub n 1)) with + | Core_Option_Option_Type.C_None -> pigeon s (Int.sub n 1) + | Core_Option_Option_Type.C_Some i -> match (FindPtrInSeq0.find_ptr_in_seq s (Int.add i 1) (Int.sub n 1)) with + | Core_Option_Option_Type.C_None -> pigeon (Seq.(++) (SeqExt.subsequence s 0 i) (SeqExt.subsequence s (Int.add i 1) (Seq.length s))) (Int.sub n 1) | Core_Option_Option_Type.C_Some _ -> true end end end module ListReversalLasso_Impl4_FindLassoAux_Stub + use prelude.UIntSize + use prelude.Bool use seq.Seq use prelude.Int - use prelude.UIntSize use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use seq.Seq @@ -2066,9 +2091,10 @@ module ListReversalLasso_Impl4_FindLassoAux_Stub end module ListReversalLasso_Impl4_FindLassoAux_Interface + use prelude.UIntSize + use prelude.Bool use seq.Seq use prelude.Int - use prelude.UIntSize use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use seq.Seq @@ -2110,9 +2136,10 @@ module ListReversalLasso_Impl4_FindLassoAux_Interface end) end module ListReversalLasso_Impl4_FindLassoAux + use prelude.UIntSize + use prelude.Bool use seq.Seq use prelude.Int - use prelude.UIntSize use seq_ext.SeqExt use prelude.Int use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type @@ -2164,7 +2191,7 @@ module ListReversalLasso_Impl4_FindLassoAux else (s, Core_Option_Option_Type.C_None) - | Core_Option_Option_Type.C_Some i -> (SeqExt.subsequence s 0 (i + 1), Core_Option_Option_Type.C_Some (SeqExt.subsequence s (i + 1) (Seq.length s))) + | Core_Option_Option_Type.C_Some i -> (SeqExt.subsequence s 0 (Int.add i 1), Core_Option_Option_Type.C_Some (SeqExt.subsequence s (Int.add i 1) (Seq.length s))) end ) axiom find_lasso_aux_spec : forall self : ListReversalLasso_Memory_Type.t_memory, first : usize, last : usize, s : Seq.seq usize . ([#"../list_reversal_lasso.rs" 236 15 236 40] MemIsWellFormed0.mem_is_well_formed self) -> ([#"../list_reversal_lasso.rs" 237 15 237 53] last = Null0.nULL' \/ NonnullPtr0.nonnull_ptr self last) -> ([#"../list_reversal_lasso.rs" 238 15 238 56] ListSeg0.list_seg self first s last 0 (Seq.length s)) -> ([#"../list_reversal_lasso.rs" 239 14 242 5] match (find_lasso_aux self first last s) with @@ -2173,9 +2200,10 @@ module ListReversalLasso_Impl4_FindLassoAux end) end module ListReversalLasso_Impl4_FindLassoAux_Impl + use prelude.UIntSize + use prelude.Bool use seq.Seq use prelude.Int - use prelude.UIntSize use seq_ext.SeqExt use seq.Seq clone CreusotContracts_Invariant_Inv_Interface as Inv1 with @@ -2243,10 +2271,10 @@ module ListReversalLasso_Impl4_FindLassoAux_Impl | (s, Core_Option_Option_Type.C_None) -> List0.list self first s | (s1, Core_Option_Option_Type.C_Some s2) -> Lasso0.lasso self first s1 s2 end } - variant {[#"../list_reversal_lasso.rs" 243 4 243 39] Seq.length (ShallowModel0.shallow_model (ListReversalLasso_Memory_Type.memory_0 self)) - Seq.length s} + variant {[#"../list_reversal_lasso.rs" 243 4 243 39] Int.sub (Seq.length (ShallowModel0.shallow_model (ListReversalLasso_Memory_Type.memory_0 self))) (Seq.length s)} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../list_reversal_lasso.rs" 245 8 259 9] if pure {last = Null0.nULL'} then + [#"../list_reversal_lasso.rs" 245 8 259 9] if last = Null0.nULL' then (s, Core_Option_Option_Type.C_None) else match (FindPtrInSeq0.find_ptr_in_seq s 0 (UIntSize.to_int last)) with @@ -2255,14 +2283,15 @@ module ListReversalLasso_Impl4_FindLassoAux_Impl else (s, Core_Option_Option_Type.C_None) - | Core_Option_Option_Type.C_Some i -> (SeqExt.subsequence s 0 (i + 1), Core_Option_Option_Type.C_Some (SeqExt.subsequence s (i + 1) (Seq.length s))) + | Core_Option_Option_Type.C_Some i -> (SeqExt.subsequence s 0 (Int.add i 1), Core_Option_Option_Type.C_Some (SeqExt.subsequence s (Int.add i 1) (Seq.length s))) end end module ListReversalLasso_Impl4_FindLasso_Stub + use prelude.UIntSize + use prelude.Bool use seq.Seq use prelude.Int - use prelude.UIntSize use seq.Seq use ListReversalLasso_Memory_Type as ListReversalLasso_Memory_Type clone ListReversalLasso_Impl4_Lasso_Stub as Lasso0 @@ -2275,9 +2304,10 @@ module ListReversalLasso_Impl4_FindLasso_Stub end module ListReversalLasso_Impl4_FindLasso_Interface + use prelude.UIntSize + use prelude.Bool use seq.Seq use prelude.Int - use prelude.UIntSize use seq.Seq use ListReversalLasso_Memory_Type as ListReversalLasso_Memory_Type clone ListReversalLasso_Impl4_Lasso_Stub as Lasso0 @@ -2303,9 +2333,10 @@ module ListReversalLasso_Impl4_FindLasso_Interface end) end module ListReversalLasso_Impl4_FindLasso + use prelude.UIntSize + use prelude.Bool use seq.Seq use prelude.Int - use prelude.UIntSize use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use seq.Seq @@ -2360,9 +2391,10 @@ module ListReversalLasso_Impl4_FindLasso end) end module ListReversalLasso_Impl4_FindLasso_Impl + use prelude.UIntSize + use prelude.Bool use seq.Seq use prelude.Int - use prelude.UIntSize use seq.Seq clone CreusotContracts_Invariant_Inv_Interface as Inv1 with type t = Seq.seq usize diff --git a/creusot/tests/should_succeed/loop.mlcfg b/creusot/tests/should_succeed/loop.mlcfg index f11ca24376..338b1c8c6f 100644 --- a/creusot/tests/should_succeed/loop.mlcfg +++ b/creusot/tests/should_succeed/loop.mlcfg @@ -15,6 +15,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool diff --git a/creusot/tests/should_succeed/mapping_test.mlcfg b/creusot/tests/should_succeed/mapping_test.mlcfg index 2e80626231..92cfec63ab 100644 --- a/creusot/tests/should_succeed/mapping_test.mlcfg +++ b/creusot/tests/should_succeed/mapping_test.mlcfg @@ -14,6 +14,7 @@ module MappingTest_Impl0_ShallowModel_Stub use prelude.Int use map.Map use prelude.Int32 + use prelude.Bool use MappingTest_T_Type as MappingTest_T_Type function shallow_model [#"../mapping_test.rs" 22 4 22 50] (self : MappingTest_T_Type.t_t) : Map.map int int end @@ -21,17 +22,18 @@ module MappingTest_Impl0_ShallowModel_Interface use prelude.Int use map.Map use prelude.Int32 + use prelude.Bool use MappingTest_T_Type as MappingTest_T_Type function shallow_model [#"../mapping_test.rs" 22 4 22 50] (self : MappingTest_T_Type.t_t) : Map.map int int val shallow_model [#"../mapping_test.rs" 22 4 22 50] (self : MappingTest_T_Type.t_t) : Map.map int int - ensures { [#"../mapping_test.rs" 19 4 21 74] forall i : int . Map.get result i = (if 0 <= i /\ i < Int32.to_int (MappingTest_T_Type.t_a self) then + ensures { [#"../mapping_test.rs" 19 4 21 74] forall i : int . Map.get result i = (if Int.le 0 i /\ Int.lt i (Int32.to_int (MappingTest_T_Type.t_a self)) then 1 else 0 ) } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : MappingTest_T_Type.t_t . [#"../mapping_test.rs" 19 4 21 74] forall i : int . Map.get (shallow_model self) i = (if 0 <= i /\ i < Int32.to_int (MappingTest_T_Type.t_a self) then + axiom shallow_model_spec : forall self : MappingTest_T_Type.t_t . [#"../mapping_test.rs" 19 4 21 74] forall i : int . Map.get (shallow_model self) i = (if Int.le 0 i /\ Int.lt i (Int32.to_int (MappingTest_T_Type.t_a self)) then 1 else 0 @@ -41,17 +43,18 @@ module MappingTest_Impl0_ShallowModel use prelude.Int use map.Map use prelude.Int32 + use prelude.Bool use MappingTest_T_Type as MappingTest_T_Type function shallow_model [#"../mapping_test.rs" 22 4 22 50] (self : MappingTest_T_Type.t_t) : Map.map int int val shallow_model [#"../mapping_test.rs" 22 4 22 50] (self : MappingTest_T_Type.t_t) : Map.map int int - ensures { [#"../mapping_test.rs" 19 4 21 74] forall i : int . Map.get result i = (if 0 <= i /\ i < Int32.to_int (MappingTest_T_Type.t_a self) then + ensures { [#"../mapping_test.rs" 19 4 21 74] forall i : int . Map.get result i = (if Int.le 0 i /\ Int.lt i (Int32.to_int (MappingTest_T_Type.t_a self)) then 1 else 0 ) } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : MappingTest_T_Type.t_t . [#"../mapping_test.rs" 19 4 21 74] forall i : int . Map.get (shallow_model self) i = (if 0 <= i /\ i < Int32.to_int (MappingTest_T_Type.t_a self) then + axiom shallow_model_spec : forall self : MappingTest_T_Type.t_t . [#"../mapping_test.rs" 19 4 21 74] forall i : int . Map.get (shallow_model self) i = (if Int.le 0 i /\ Int.lt i (Int32.to_int (MappingTest_T_Type.t_a self)) then 1 else 0 @@ -132,6 +135,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -205,6 +209,7 @@ module MappingTest_Incr_Interface use prelude.Int32 use prelude.Int use map.Map + use prelude.Bool use prelude.Int use map.Map use MappingTest_T_Type as MappingTest_T_Type @@ -214,8 +219,8 @@ module MappingTest_Incr_Interface clone MappingTest_Impl0_ShallowModel_Stub as ShallowModel0 with axiom . val incr [#"../mapping_test.rs" 30 0 30 18] (t : borrowed (MappingTest_T_Type.t_t)) : () - requires {[#"../mapping_test.rs" 27 12 27 24] 0 <= Int32.to_int (MappingTest_T_Type.t_a ( * t))} - requires {[#"../mapping_test.rs" 28 12 28 26] Int32.to_int (MappingTest_T_Type.t_a ( * t)) < 1000} + requires {[#"../mapping_test.rs" 27 12 27 24] Int.le 0 (Int32.to_int (MappingTest_T_Type.t_a ( * t)))} + requires {[#"../mapping_test.rs" 28 12 28 26] Int.lt (Int32.to_int (MappingTest_T_Type.t_a ( * t))) 1000} ensures { [#"../mapping_test.rs" 29 11 29 37] ShallowModel0.shallow_model ( ^ t) = Map.set (ShallowModel1.shallow_model t) (Int32.to_int (MappingTest_T_Type.t_a ( * t))) 1 } end @@ -225,6 +230,7 @@ module MappingTest_Incr use prelude.Int32 use prelude.Borrow use map.Map + use prelude.Bool use prelude.Int use MappingTest_T_Type as MappingTest_T_Type clone MappingTest_Impl0_ShallowModel as ShallowModel0 with @@ -245,8 +251,8 @@ module MappingTest_Incr clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with type t = MappingTest_T_Type.t_t let rec cfg incr [#"../mapping_test.rs" 30 0 30 18] [@cfg:stackify] [@cfg:subregion_analysis] (t : borrowed (MappingTest_T_Type.t_t)) : () - requires {[#"../mapping_test.rs" 27 12 27 24] 0 <= Int32.to_int (MappingTest_T_Type.t_a ( * t))} - requires {[#"../mapping_test.rs" 28 12 28 26] Int32.to_int (MappingTest_T_Type.t_a ( * t)) < 1000} + requires {[#"../mapping_test.rs" 27 12 27 24] Int.le 0 (Int32.to_int (MappingTest_T_Type.t_a ( * t)))} + requires {[#"../mapping_test.rs" 28 12 28 26] Int.lt (Int32.to_int (MappingTest_T_Type.t_a ( * t))) 1000} ensures { [#"../mapping_test.rs" 29 11 29 37] ShallowModel0.shallow_model ( ^ t) = Map.set (ShallowModel2.shallow_model t) (Int32.to_int (MappingTest_T_Type.t_a ( * t))) 1 } = [@vc:do_not_keep_trace] [@vc:sp] @@ -261,7 +267,7 @@ module MappingTest_Incr goto BB1 } BB1 { - t <- { t with current = (let MappingTest_T_Type.C_T a = * t in MappingTest_T_Type.C_T ([#"../mapping_test.rs" 32 4 32 15] MappingTest_T_Type.t_a ( * t) + ([#"../mapping_test.rs" 32 14 32 15] [#"../mapping_test.rs" 32 14 32 15] (1 : int32)))) }; + t <- { t with current = (let MappingTest_T_Type.C_T a = * t in MappingTest_T_Type.C_T ([#"../mapping_test.rs" 32 4 32 15] Int32.add (MappingTest_T_Type.t_a ( * t)) ([#"../mapping_test.rs" 32 14 32 15] [#"../mapping_test.rs" 32 14 32 15] (1 : int32)))) }; assume { Resolve0.resolve t }; assert { [@expl:assertion] [#"../mapping_test.rs" 35 19 35 50] ShallowModel0.shallow_model ( ^ t) = Map.set (ShallowModel1.shallow_model old_t) (Int32.to_int (MappingTest_T_Type.t_a ( * Ghost.inner old_t))) 1 }; _0 <- ([#"../mapping_test.rs" 30 19 36 1] ()); diff --git a/creusot/tests/should_succeed/mapping_test/why3session.xml b/creusot/tests/should_succeed/mapping_test/why3session.xml index 5b61688769..9d3b7d4e38 100644 --- a/creusot/tests/should_succeed/mapping_test/why3session.xml +++ b/creusot/tests/should_succeed/mapping_test/why3session.xml @@ -7,12 +7,12 @@ - + - + diff --git a/creusot/tests/should_succeed/mapping_test/why3shapes.gz b/creusot/tests/should_succeed/mapping_test/why3shapes.gz index 8a40029bc237b13b94ea16165c97c976c8bee890..fa19e347e123cd34f760cdebf11539b72f9797b2 100644 GIT binary patch literal 412 zcmV;N0b~9jiwFP!00000|CLe8Zi6royz>>lrKJ}?2$)JaL`W!+daQgbT5QvzI=BLw z{C>?tgd{X-IUsvyJi9yd;G^aPzI20*x^7BaJ);o$j~;B`UAN#cW9%tASf!1?f|L?V z0;UxNTAP(s3vC7hZ^3Bk;579T_w?c!ya@`;wHR^5K_L+wlI&H0FQ_E@cE2DH-3m~_ zCV_YqfU>G|Etn+R|BDcOqq2uuH`W}rh}=|8Ah&gGPg<=GpFKH*qO8COns!q=8Aey` z@9Iyp+gg$r0HwOa*44Azepjlw;kX&dWW{voIy0#BsqbRi^T2fG8^&V@XP8ZJ>WKsu zwnk+o>&0w)>RJX}0(WpST6+&ao5uebC2_^;C`HtDns19|$ilXhbA43&BC4+I5LA%% zL5i>s%y&WgLv2{VF$YE<*vJ@M90Fcmn|8M0-)$N2d++btN=I8az0#Cr;dz?tg2fO) z90SQCt|2H2!WCvxMWGB4-H{#kR2)<7J|<-zb4ha=@=%9sT;NzK9HC&x9PJ0Y0%-LN G1ONa}SG_9$ literal 407 zcmV;I0cidoiwFP!00000|CN!;Zi6roMfZFKyR>xUu>nJsEFvV7NL^N577dQwq7qyI zO@6=TA@VG0Hwe!i-x=TY;JM8QeyPSisJbak_3VbO_vqjX-&KoND@$|C_GYI_K?D?% zNWi54Y)w{FEw&j7vc}~~S~X3b#NNEPg>QmlbL|DTI5;FC!X$eY=m{!e+ivd|@LK~a z*kllo23S;;ss)p<{=W&38<#ECsxjq332wKt2Dzzgb5y&<{R@RpKc< zCePyWhT5>d?HoFM!N!gu!~yI5SJN&v@_QYXN(+Hw5c2OTTTnbwlB zIK+TMo-^r3ip7X7-N1%8QRwHOLDLX41`raC9HrzrGA6^AyZ(mRwjWW+24MjN008_L B!$SZ7 diff --git a/creusot/tests/should_succeed/match_int.mlcfg b/creusot/tests/should_succeed/match_int.mlcfg index d16b11b661..62c4d835b9 100644 --- a/creusot/tests/should_succeed/match_int.mlcfg +++ b/creusot/tests/should_succeed/match_int.mlcfg @@ -14,13 +14,13 @@ module MatchInt_F } BB0 { _1 <- ([#"../match_int.rs" 8 10 8 11] [#"../match_int.rs" 8 10 8 11] (1 : int32)); - switch ([#"../match_int.rs" 9 8 9 13] ([#"../match_int.rs" 9 8 9 13] [#"../match_int.rs" 9 8 9 13] (0 : int32)) <= _1) + switch ([#"../match_int.rs" 9 8 9 13] Int32.le ([#"../match_int.rs" 9 8 9 13] [#"../match_int.rs" 9 8 9 13] (0 : int32)) _1) | False -> goto BB3 | True -> goto BB1 end } BB1 { - switch ([#"../match_int.rs" 9 8 9 13] _1 < ([#"../match_int.rs" 9 8 9 13] [#"../match_int.rs" 9 8 9 13] (10 : int32))) + switch ([#"../match_int.rs" 9 8 9 13] Int32.lt _1 ([#"../match_int.rs" 9 8 9 13] [#"../match_int.rs" 9 8 9 13] (10 : int32))) | False -> goto BB3 | True -> goto BB2 end @@ -29,9 +29,9 @@ module MatchInt_F goto BB7 } BB3 { - switch (_1 = 5) + switch (Int32.eq _1 5) | True -> goto BB4 - | False -> switch (_1 = 6) + | False -> switch (Int32.eq _1 6) | True -> goto BB5 | False -> goto BB19 end diff --git a/creusot/tests/should_succeed/match_int/why3session.xml b/creusot/tests/should_succeed/match_int/why3session.xml index 87c3b98066..a9a2828579 100644 --- a/creusot/tests/should_succeed/match_int/why3session.xml +++ b/creusot/tests/should_succeed/match_int/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/match_int/why3shapes.gz b/creusot/tests/should_succeed/match_int/why3shapes.gz index 84da19a211148e07f7832728641e0252f825dd89..7b56f522fa335bbda1a6510348a446c119c31fc3 100644 GIT binary patch literal 292 zcmV+<0o(o`iwFP!00000|8GP=BTTynvGjyx+W^hqt}zemzQFxfJXa@r q&+MgVHc1pWbjXR6I2a=h%G_o}){;;P-I+0XS!I_~v1j2w7J3HW^J#gb=1x>su>Am52!;9_C$*{# dhlUcXb&N8J!n1u+NXUQ>DZXjIgX1d!005a0Pf7p) diff --git a/creusot/tests/should_succeed/mc91.mlcfg b/creusot/tests/should_succeed/mc91.mlcfg index e76b0a52e1..80b77827f8 100644 --- a/creusot/tests/should_succeed/mc91.mlcfg +++ b/creusot/tests/should_succeed/mc91.mlcfg @@ -2,15 +2,17 @@ module Mc91_Mc91_Interface use prelude.Int use prelude.UInt32 + use prelude.Bool val mc91 [#"../mc91.rs" 7 0 7 26] (x : uint32) : uint32 - ensures { [#"../mc91.rs" 5 0 6 40] x <= (100 : uint32) -> result = (91 : uint32) /\ x > (100 : uint32) -> result = x - (10 : uint32) } + ensures { [#"../mc91.rs" 5 0 6 40] Int.le x (100 : uint32) -> result = (91 : uint32) /\ Int.gt x (100 : uint32) -> result = UInt32.sub x (10 : uint32) } end module Mc91_Mc91 use prelude.Int use prelude.UInt32 + use prelude.Bool let rec cfg mc91 [#"../mc91.rs" 7 0 7 26] [@cfg:stackify] [@cfg:subregion_analysis] (x : uint32) : uint32 - ensures { [#"../mc91.rs" 5 0 6 40] x <= (100 : uint32) -> result = (91 : uint32) /\ x > (100 : uint32) -> result = x - (10 : uint32) } + ensures { [#"../mc91.rs" 5 0 6 40] Int.le x (100 : uint32) -> result = (91 : uint32) /\ Int.gt x (100 : uint32) -> result = UInt32.sub x (10 : uint32) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : uint32; @@ -20,17 +22,17 @@ module Mc91_Mc91 goto BB0 } BB0 { - switch ([#"../mc91.rs" 8 7 8 14] x > ([#"../mc91.rs" 8 11 8 14] [#"../mc91.rs" 8 11 8 14] (100 : uint32))) + switch ([#"../mc91.rs" 8 7 8 14] UInt32.gt x ([#"../mc91.rs" 8 11 8 14] [#"../mc91.rs" 8 11 8 14] (100 : uint32))) | False -> goto BB2 | True -> goto BB1 end } BB1 { - _0 <- ([#"../mc91.rs" 9 8 9 14] x - ([#"../mc91.rs" 9 12 9 14] [#"../mc91.rs" 9 12 9 14] (10 : uint32))); + _0 <- ([#"../mc91.rs" 9 8 9 14] UInt32.sub x ([#"../mc91.rs" 9 12 9 14] [#"../mc91.rs" 9 12 9 14] (10 : uint32))); goto BB5 } BB2 { - _6 <- ([#"../mc91.rs" 11 13 11 25] mc91 ([#"../mc91.rs" 11 18 11 24] x + ([#"../mc91.rs" 11 22 11 24] [#"../mc91.rs" 11 22 11 24] (11 : uint32)))); + _6 <- ([#"../mc91.rs" 11 13 11 25] mc91 ([#"../mc91.rs" 11 18 11 24] UInt32.add x ([#"../mc91.rs" 11 22 11 24] [#"../mc91.rs" 11 22 11 24] (11 : uint32)))); goto BB3 } BB3 { diff --git a/creusot/tests/should_succeed/mc91/why3session.xml b/creusot/tests/should_succeed/mc91/why3session.xml index a1957f31eb..bb146b737f 100644 --- a/creusot/tests/should_succeed/mc91/why3session.xml +++ b/creusot/tests/should_succeed/mc91/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/mc91/why3shapes.gz b/creusot/tests/should_succeed/mc91/why3shapes.gz index 9250bdd5192cd4834383479865cde29879ef6428..68cbd139ba7df01396d4564f0a0fa03a2ef54877 100644 GIT binary patch literal 256 zcmV+b0ssCViwFP!00000|8saOA{M3mhlzM^)<3-Jt`C1(29P;Q~lZpg%>}%tG@V zz!>*}1Dq_n38LA*2%hG{=D&M_W7ne&64-eQ`5I_})AJ!azZDNj3U%{Vw0&c&ALu8> zy~DG<8OGT^hOuWzbV{qXqo2c`2*E0lVW@c) z@B}ZR6DDRzwTf(7*|hJ{{zR)4dJN+s^|g!_wzO^G+G4WhiY+GF8sdIYjmKj#SS*5j zvv}oZ_sF2Bo@w1xdF$G<%;DBFqHnaU8~X115K=Nwkg9@#&me%Dm+AyL3U*YOD+J0P OjQj!3w!vTn0ssIICTRiy diff --git a/creusot/tests/should_succeed/mutex.mlcfg b/creusot/tests/should_succeed/mutex.mlcfg index d092da63cf..508a0ece56 100644 --- a/creusot/tests/should_succeed/mutex.mlcfg +++ b/creusot/tests/should_succeed/mutex.mlcfg @@ -96,6 +96,7 @@ module Mutex_Impl0_GetMut_Interface type t type i use prelude.Borrow + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv3 with type t = borrowed t clone CreusotContracts_Invariant_Inv_Stub as Inv2 with @@ -131,6 +132,7 @@ module Mutex_Impl0_Lock_Interface type t type i use prelude.Ghost + use prelude.Bool use prelude.Borrow use Mutex_MutexGuard_Type as Mutex_MutexGuard_Type clone CreusotContracts_Invariant_Inv_Stub as Inv1 with @@ -210,7 +212,7 @@ module Mutex_Impl2_Inv use prelude.UInt32 use Mutex_Even_Type as Mutex_Even_Type predicate inv [#"../mutex.rs" 66 4 66 33] (self : Mutex_Even_Type.t_even) (x : uint32) = - [#"../mutex.rs" 67 8 67 24] mod x (2 : uint32) = (0 : uint32) + [#"../mutex.rs" 67 8 67 24] UInt32.rem x (2 : uint32) = (0 : uint32) val inv [#"../mutex.rs" 66 4 66 33] (self : Mutex_Even_Type.t_even) (x : uint32) : bool ensures { result = inv self x } @@ -365,7 +367,7 @@ module Mutex_Impl3_Call } BB2 { val' <- _5; - switch ([#"../mutex.rs" 103 11 103 23] val' < ([#"../mutex.rs" 103 17 103 23] [#"../mutex.rs" 103 17 103 23] (100000 : uint32))) + switch ([#"../mutex.rs" 103 11 103 23] UInt32.lt val' ([#"../mutex.rs" 103 17 103 23] [#"../mutex.rs" 103 17 103 23] (100000 : uint32))) | False -> goto BB5 | True -> goto BB3 end @@ -373,7 +375,7 @@ module Mutex_Impl3_Call BB3 { _10 <- Borrow.borrow_mut v; v <- ^ _10; - _9 <- ([#"../mutex.rs" 104 12 104 26] Set0.set _10 ([#"../mutex.rs" 104 18 104 25] val' + ([#"../mutex.rs" 104 24 104 25] [#"../mutex.rs" 104 24 104 25] (2 : uint32)))); + _9 <- ([#"../mutex.rs" 104 12 104 26] Set0.set _10 ([#"../mutex.rs" 104 18 104 25] UInt32.add val' ([#"../mutex.rs" 104 24 104 25] [#"../mutex.rs" 104 24 104 25] (2 : uint32)))); _10 <- any borrowed (Mutex_MutexGuard_Type.t_mutexguard uint32 (Mutex_Even_Type.t_even)); goto BB4 } @@ -552,6 +554,7 @@ end module Mutex_Leak_Interface type t use prelude.Borrow + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = borrowed t clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -578,6 +581,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -781,6 +785,7 @@ module Mutex_Impl5 type f end module Mutex_Impl3 + use prelude.Bool clone CreusotContracts_Invariant_Inv_Interface as Inv1 with type t = () clone TyInv_Trivial as TyInv_Trivial1 with diff --git a/creusot/tests/should_succeed/mutex/why3session.xml b/creusot/tests/should_succeed/mutex/why3session.xml index 6dac3181c1..4675f10cf1 100644 --- a/creusot/tests/should_succeed/mutex/why3session.xml +++ b/creusot/tests/should_succeed/mutex/why3session.xml @@ -3,23 +3,23 @@ "http://why3.lri.fr/why3session.dtd"> - - + + - + - + - + diff --git a/creusot/tests/should_succeed/mutex/why3shapes.gz b/creusot/tests/should_succeed/mutex/why3shapes.gz index ea575bbfb37942b374c426bb2dd6ffbab59d561d..2518d44a7e04424982dd7ea817aab5888c6a21a7 100644 GIT binary patch literal 555 zcmV+`0@VEBFupO=`#6YIepE;f=H-GDU-F|-7dqxPS7LPM-Nn{8s6L7lTIBuj2HnRtIq z);U$8Y6`q7cf(kEcQ`DKQZbyNCTful<|4@>uj-{XA)W?$ z)dRii#ZkD@19hnfGUZB|tLAdN#xMYglt&?ka z6q>Z^W#%m!&tf(A=g|N1e(3#a978`B?l?^Ig%c=J8pZ;zJzAWlpDsKf=O3H&zZL~k z!E~H!X#-;xwAH-QLVKk-fV8UAt!iakwW8%Mw5$-)a9%NQwXBHFxv$jLYVg$-I_W|Q t&;o01Yp&9QBQ+_5+3mKz^Hwkx=*XS6!gk825=0A``V&aIdx=d1002|n7I6Ro literal 531 zcmV+u0_^=CiwFP!00000|9w--j+`(Myz>>@l58$+Kd>Do2Q*qlq)53$eH|I_WJzXW z0?cgk_i5V@EqNhf3R7J!RW~p1^7+AC{G8wXH2351CNJ{4SK0E-^}`KWwIV>+AV^)ikPAH+7FB1FKDF=_j>mZEw6&eu^F#JH~;xH+8`yl*^t4;+uvxw!WFq>i&YUZ zv;<;6_Mb-45UWhtnNVg>rz(lMq$4Alcz-R{sZ?Q6Wq8O>ahX*%wXHUXlkSljMe*B8d6H)KC$fHLtkn`jc0xH)rfYMzi-;P7q zFEl!|@qskTuA4tSjmTp_oFUj0kfjDEWDxYG2YS;Bjo#@&@mvqot~sGKQE&3|c)od> zm^4FicoKs&A)P~$1!d}J>{yv12exmW+PYJqiBG+butn3d;O743hhN!`LwlVjKP;KM zjPvp=2}}cz!QeilHCg(H{NrW$ag4uTmK92Kduo*Bo@?z}XBx$fE}Uei)-#dox~Nqx zYfB%na&Djh3`1s0t(YKx@nBnwvneCpaxdk+U&|yQ%J|X0V`#960Pw}HC7vA VJ=37N97GL?`V$K5-MkzG005g>0fztp diff --git a/creusot/tests/should_succeed/one_side_update.mlcfg b/creusot/tests/should_succeed/one_side_update.mlcfg index 7e9ada8175..98cbb13543 100644 --- a/creusot/tests/should_succeed/one_side_update.mlcfg +++ b/creusot/tests/should_succeed/one_side_update.mlcfg @@ -15,6 +15,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool diff --git a/creusot/tests/should_succeed/option.mlcfg b/creusot/tests/should_succeed/option.mlcfg index 8870f0e4b6..b03f3db406 100644 --- a/creusot/tests/should_succeed/option.mlcfg +++ b/creusot/tests/should_succeed/option.mlcfg @@ -21,6 +21,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -48,6 +49,7 @@ module CreusotContracts_Invariant_Inv end module Core_Option_Impl0_IsSome_Interface type t + use prelude.Bool use prelude.Borrow use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -59,6 +61,7 @@ module Core_Option_Impl0_IsSome_Interface end module Core_Option_Impl0_IsNone_Interface type t + use prelude.Bool use prelude.Borrow use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -70,6 +73,7 @@ module Core_Option_Impl0_IsNone_Interface end module Core_Option_Impl0_Unwrap_Interface type t + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = t use Core_Option_Option_Type as Core_Option_Option_Type @@ -84,6 +88,7 @@ module Core_Option_Impl0_Unwrap_Interface end module Core_Option_Impl0_UnwrapOr_Interface type t + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = t @@ -100,6 +105,7 @@ end module Core_Option_Impl0_AsMut_Interface type t use prelude.Borrow + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv2 with type t = Core_Option_Option_Type.t_option (borrowed t) @@ -116,6 +122,7 @@ module Core_Option_Impl0_AsMut_Interface end module Core_Option_Impl0_AsRef_Interface type t + use prelude.Bool use prelude.Borrow use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv2 with @@ -134,6 +141,7 @@ end module Core_Option_Impl0_And_Interface type t type u + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Core_Option_Option_Type.t_option u @@ -149,6 +157,7 @@ module Core_Option_Impl0_And_Interface end module Core_Option_Impl0_Or_Interface type t + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = Core_Option_Option_Type.t_option t @@ -163,6 +172,7 @@ end module Core_Option_Impl0_Take_Interface type t use prelude.Borrow + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Core_Option_Option_Type.t_option t @@ -177,6 +187,7 @@ end module Core_Option_Impl0_Replace_Interface type t use prelude.Borrow + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv2 with type t = Core_Option_Option_Type.t_option t @@ -211,6 +222,7 @@ module CreusotContracts_Std1_Default_Default_IsDefault end module Core_Option_Impl0_UnwrapOrDefault_Interface type t + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = t clone CreusotContracts_Std1_Default_Default_IsDefault_Stub as IsDefault0 with @@ -227,6 +239,7 @@ module Core_Option_Impl0_UnwrapOrDefault_Interface end module Core_Option_Impl2_Copied_Interface type t + use prelude.Bool use prelude.Borrow use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv2 with @@ -244,6 +257,7 @@ module Core_Option_Impl2_Copied_Interface end module Core_Option_Impl3_Copied_Interface type t + use prelude.Bool use prelude.Borrow use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv2 with @@ -263,6 +277,7 @@ module Core_Option_Impl3_Copied_Interface end module Core_Option_Impl2_Cloned_Interface type t + use prelude.Bool use prelude.Borrow use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv2 with @@ -280,6 +295,7 @@ module Core_Option_Impl2_Cloned_Interface end module Core_Option_Impl3_Cloned_Interface type t + use prelude.Bool use prelude.Borrow use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv2 with @@ -299,6 +315,7 @@ module Core_Option_Impl3_Cloned_Interface end module Core_Option_Impl44_Flatten_Interface type t + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = Core_Option_Option_Type.t_option t @@ -670,7 +687,7 @@ module Option_TestOption goto BB15 } BB15 { - switch ([#"../option.rs" 14 4 14 31] not ([#"../option.rs" 14 12 14 30] _24 = ([#"../option.rs" 14 29 14 30] [#"../option.rs" 14 29 14 30] (1 : int32)))) + switch ([#"../option.rs" 14 4 14 31] not ([#"../option.rs" 14 12 14 30] Int32.eq _24 ([#"../option.rs" 14 29 14 30] [#"../option.rs" 14 29 14 30] (1 : int32)))) | False -> goto BB17 | True -> goto BB16 end @@ -683,7 +700,7 @@ module Option_TestOption goto BB18 } BB18 { - switch ([#"../option.rs" 19 4 19 35] not ([#"../option.rs" 19 12 19 34] _30 = ([#"../option.rs" 19 33 19 34] [#"../option.rs" 19 33 19 34] (1 : int32)))) + switch ([#"../option.rs" 19 4 19 35] not ([#"../option.rs" 19 12 19 34] Int32.eq _30 ([#"../option.rs" 19 33 19 34] [#"../option.rs" 19 33 19 34] (1 : int32)))) | False -> goto BB20 | True -> goto BB19 end @@ -696,7 +713,7 @@ module Option_TestOption goto BB21 } BB21 { - switch ([#"../option.rs" 20 4 20 35] not ([#"../option.rs" 20 12 20 34] _36 = ([#"../option.rs" 20 33 20 34] [#"../option.rs" 20 33 20 34] (2 : int32)))) + switch ([#"../option.rs" 20 4 20 35] not ([#"../option.rs" 20 12 20 34] Int32.eq _36 ([#"../option.rs" 20 33 20 34] [#"../option.rs" 20 33 20 34] (2 : int32)))) | False -> goto BB23 | True -> goto BB22 end @@ -743,7 +760,7 @@ module Option_TestOption goto BB30 } BB30 { - switch ([#"../option.rs" 25 4 25 31] not ([#"../option.rs" 25 12 25 30] _52 = ([#"../option.rs" 25 29 25 30] [#"../option.rs" 25 29 25 30] (2 : int32)))) + switch ([#"../option.rs" 25 4 25 31] not ([#"../option.rs" 25 12 25 30] Int32.eq _52 ([#"../option.rs" 25 29 25 30] [#"../option.rs" 25 29 25 30] (2 : int32)))) | False -> goto BB32 | True -> goto BB31 end @@ -770,7 +787,7 @@ module Option_TestOption goto BB35 } BB35 { - switch ([#"../option.rs" 27 4 27 31] not ([#"../option.rs" 27 12 27 30] _61 = ([#"../option.rs" 27 29 27 30] [#"../option.rs" 27 29 27 30] (1 : int32)))) + switch ([#"../option.rs" 27 4 27 31] not ([#"../option.rs" 27 12 27 30] Int32.eq _61 ([#"../option.rs" 27 29 27 30] [#"../option.rs" 27 29 27 30] (1 : int32)))) | False -> goto BB37 | True -> goto BB36 end @@ -805,7 +822,7 @@ module Option_TestOption goto BB43 } BB43 { - switch ([#"../option.rs" 30 4 30 41] not ([#"../option.rs" 30 12 30 40] _75 = ([#"../option.rs" 30 39 30 40] [#"../option.rs" 30 39 30 40] (1 : int32)))) + switch ([#"../option.rs" 30 4 30 41] not ([#"../option.rs" 30 12 30 40] Int32.eq _75 ([#"../option.rs" 30 39 30 40] [#"../option.rs" 30 39 30 40] (1 : int32)))) | False -> goto BB45 | True -> goto BB44 end @@ -874,7 +891,7 @@ module Option_TestOption goto BB59 } BB59 { - switch ([#"../option.rs" 36 4 36 44] not ([#"../option.rs" 36 12 36 43] _106 = ([#"../option.rs" 36 42 36 43] [#"../option.rs" 36 42 36 43] (2 : int32)))) + switch ([#"../option.rs" 36 4 36 44] not ([#"../option.rs" 36 12 36 43] Int32.eq _106 ([#"../option.rs" 36 42 36 43] [#"../option.rs" 36 42 36 43] (2 : int32)))) | False -> goto BB61 | True -> goto BB60 end @@ -909,7 +926,7 @@ module Option_TestOption goto BB67 } BB67 { - switch ([#"../option.rs" 39 4 39 43] not ([#"../option.rs" 39 12 39 42] _122 = ([#"../option.rs" 39 41 39 42] [#"../option.rs" 39 41 39 42] (2 : int32)))) + switch ([#"../option.rs" 39 4 39 43] not ([#"../option.rs" 39 12 39 42] Int32.eq _122 ([#"../option.rs" 39 41 39 42] [#"../option.rs" 39 41 39 42] (2 : int32)))) | False -> goto BB69 | True -> goto BB68 end @@ -927,7 +944,7 @@ module Option_TestOption goto BB71 } BB71 { - switch ([#"../option.rs" 40 4 40 40] not ([#"../option.rs" 40 12 40 39] _130 = ([#"../option.rs" 40 38 40 39] [#"../option.rs" 40 38 40 39] (1 : int32)))) + switch ([#"../option.rs" 40 4 40 40] not ([#"../option.rs" 40 12 40 39] Int32.eq _130 ([#"../option.rs" 40 38 40 39] [#"../option.rs" 40 38 40 39] (1 : int32)))) | False -> goto BB73 | True -> goto BB72 end @@ -945,7 +962,7 @@ module Option_TestOption goto BB75 } BB75 { - switch ([#"../option.rs" 41 4 41 43] not ([#"../option.rs" 41 12 41 42] _138 = ([#"../option.rs" 41 41 41 42] [#"../option.rs" 41 41 41 42] (1 : int32)))) + switch ([#"../option.rs" 41 4 41 43] not ([#"../option.rs" 41 12 41 42] Int32.eq _138 ([#"../option.rs" 41 41 41 42] [#"../option.rs" 41 41 41 42] (1 : int32)))) | False -> goto BB77 | True -> goto BB76 end @@ -999,7 +1016,7 @@ module Option_TestOption goto BB86 } BB86 { - switch ([#"../option.rs" 46 4 46 38] not ([#"../option.rs" 46 12 46 37] _158 = ([#"../option.rs" 46 36 46 37] [#"../option.rs" 46 36 46 37] (1 : int32)))) + switch ([#"../option.rs" 46 4 46 38] not ([#"../option.rs" 46 12 46 37] Int32.eq _158 ([#"../option.rs" 46 36 46 37] [#"../option.rs" 46 36 46 37] (1 : int32)))) | False -> goto BB88 | True -> goto BB87 end @@ -1046,7 +1063,7 @@ module Option_TestOption goto BB96 } BB96 { - switch ([#"../option.rs" 51 4 51 31] not ([#"../option.rs" 51 12 51 30] _178 = ([#"../option.rs" 51 29 51 30] [#"../option.rs" 51 29 51 30] (2 : int32)))) + switch ([#"../option.rs" 51 4 51 31] not ([#"../option.rs" 51 12 51 30] Int32.eq _178 ([#"../option.rs" 51 29 51 30] [#"../option.rs" 51 29 51 30] (2 : int32)))) | False -> goto BB98 | True -> goto BB97 end @@ -1068,7 +1085,7 @@ module Option_TestOption goto BB100 } BB100 { - switch ([#"../option.rs" 53 4 53 42] not ([#"../option.rs" 53 12 53 41] _185 = ([#"../option.rs" 53 40 53 41] [#"../option.rs" 53 40 53 41] (1 : int32)))) + switch ([#"../option.rs" 53 4 53 42] not ([#"../option.rs" 53 12 53 41] Int32.eq _185 ([#"../option.rs" 53 40 53 41] [#"../option.rs" 53 40 53 41] (1 : int32)))) | False -> goto BB102 | True -> goto BB101 end @@ -1081,7 +1098,7 @@ module Option_TestOption goto BB103 } BB103 { - switch ([#"../option.rs" 54 4 54 31] not ([#"../option.rs" 54 12 54 30] _192 = ([#"../option.rs" 54 29 54 30] [#"../option.rs" 54 29 54 30] (2 : int32)))) + switch ([#"../option.rs" 54 4 54 31] not ([#"../option.rs" 54 12 54 30] Int32.eq _192 ([#"../option.rs" 54 29 54 30] [#"../option.rs" 54 29 54 30] (2 : int32)))) | False -> goto BB105 | True -> goto BB104 end @@ -1102,7 +1119,7 @@ module Option_TestOption goto BB107 } BB107 { - switch ([#"../option.rs" 55 4 55 42] not ([#"../option.rs" 55 12 55 41] _198 = ([#"../option.rs" 55 40 55 41] [#"../option.rs" 55 40 55 41] (2 : int32)))) + switch ([#"../option.rs" 55 4 55 42] not ([#"../option.rs" 55 12 55 41] Int32.eq _198 ([#"../option.rs" 55 40 55 41] [#"../option.rs" 55 40 55 41] (2 : int32)))) | False -> goto BB109 | True -> goto BB108 end @@ -1115,7 +1132,7 @@ module Option_TestOption goto BB110 } BB110 { - switch ([#"../option.rs" 56 4 56 31] not ([#"../option.rs" 56 12 56 30] _205 = ([#"../option.rs" 56 29 56 30] [#"../option.rs" 56 29 56 30] (1 : int32)))) + switch ([#"../option.rs" 56 4 56 31] not ([#"../option.rs" 56 12 56 30] Int32.eq _205 ([#"../option.rs" 56 29 56 30] [#"../option.rs" 56 29 56 30] (1 : int32)))) | False -> goto BB112 | True -> goto BB111 end @@ -1128,7 +1145,7 @@ module Option_TestOption goto BB113 } BB113 { - switch ([#"../option.rs" 59 4 59 42] not ([#"../option.rs" 59 12 59 41] _211 = ([#"../option.rs" 59 40 59 41] [#"../option.rs" 59 40 59 41] (0 : int32)))) + switch ([#"../option.rs" 59 4 59 42] not ([#"../option.rs" 59 12 59 41] Int32.eq _211 ([#"../option.rs" 59 40 59 41] [#"../option.rs" 59 40 59 41] (0 : int32)))) | False -> goto BB115 | True -> goto BB114 end @@ -1141,7 +1158,7 @@ module Option_TestOption goto BB116 } BB116 { - switch ([#"../option.rs" 60 4 60 42] not ([#"../option.rs" 60 12 60 41] _217 = ([#"../option.rs" 60 40 60 41] [#"../option.rs" 60 40 60 41] (1 : int32)))) + switch ([#"../option.rs" 60 4 60 42] not ([#"../option.rs" 60 12 60 41] Int32.eq _217 ([#"../option.rs" 60 40 60 41] [#"../option.rs" 60 40 60 41] (1 : int32)))) | False -> goto BB118 | True -> goto BB117 end @@ -1186,7 +1203,7 @@ module Option_TestOption goto BB126 } BB126 { - switch ([#"../option.rs" 64 4 64 49] not ([#"../option.rs" 64 12 64 48] _231 = ([#"../option.rs" 64 47 64 48] [#"../option.rs" 64 47 64 48] (1 : int32)))) + switch ([#"../option.rs" 64 4 64 49] not ([#"../option.rs" 64 12 64 48] Int32.eq _231 ([#"../option.rs" 64 47 64 48] [#"../option.rs" 64 47 64 48] (1 : int32)))) | False -> goto BB128 | True -> goto BB127 end @@ -1237,7 +1254,7 @@ module Option_TestOption goto BB136 } BB136 { - switch ([#"../option.rs" 66 4 66 49] not ([#"../option.rs" 66 12 66 48] _247 = ([#"../option.rs" 66 47 66 48] [#"../option.rs" 66 47 66 48] (1 : int32)))) + switch ([#"../option.rs" 66 4 66 49] not ([#"../option.rs" 66 12 66 48] Int32.eq _247 ([#"../option.rs" 66 47 66 48] [#"../option.rs" 66 47 66 48] (1 : int32)))) | False -> goto BB138 | True -> goto BB137 end @@ -1282,7 +1299,7 @@ module Option_TestOption goto BB146 } BB146 { - switch ([#"../option.rs" 69 4 69 49] not ([#"../option.rs" 69 12 69 48] _263 = ([#"../option.rs" 69 47 69 48] [#"../option.rs" 69 47 69 48] (1 : int32)))) + switch ([#"../option.rs" 69 4 69 49] not ([#"../option.rs" 69 12 69 48] Int32.eq _263 ([#"../option.rs" 69 47 69 48] [#"../option.rs" 69 47 69 48] (1 : int32)))) | False -> goto BB148 | True -> goto BB147 end @@ -1333,7 +1350,7 @@ module Option_TestOption goto BB156 } BB156 { - switch ([#"../option.rs" 71 4 71 49] not ([#"../option.rs" 71 12 71 48] _279 = ([#"../option.rs" 71 47 71 48] [#"../option.rs" 71 47 71 48] (1 : int32)))) + switch ([#"../option.rs" 71 4 71 49] not ([#"../option.rs" 71 12 71 48] Int32.eq _279 ([#"../option.rs" 71 47 71 48] [#"../option.rs" 71 47 71 48] (1 : int32)))) | False -> goto BB158 | True -> goto BB157 end @@ -1388,7 +1405,7 @@ module Option_TestOption goto BB168 } BB168 { - switch ([#"../option.rs" 79 4 79 40] not ([#"../option.rs" 79 12 79 39] _306 = ([#"../option.rs" 79 38 79 39] [#"../option.rs" 79 38 79 39] (1 : int32)))) + switch ([#"../option.rs" 79 4 79 40] not ([#"../option.rs" 79 12 79 39] Int32.eq _306 ([#"../option.rs" 79 38 79 39] [#"../option.rs" 79 38 79 39] (1 : int32)))) | False -> goto BB170 | True -> goto BB169 end diff --git a/creusot/tests/should_succeed/option/why3session.xml b/creusot/tests/should_succeed/option/why3session.xml index 0e34268e6c..ed056d8283 100644 --- a/creusot/tests/should_succeed/option/why3session.xml +++ b/creusot/tests/should_succeed/option/why3session.xml @@ -2,12 +2,12 @@ - + - + diff --git a/creusot/tests/should_succeed/option/why3shapes.gz b/creusot/tests/should_succeed/option/why3shapes.gz index f8a075d8dbc7435769e21fea5f9ab2ff2a412063..8675188d40928ecbd4bb59cd1f89aafe01bd62cd 100644 GIT binary patch literal 494 zcmVJZrd;rMfds&?b>=Ze2Ag~bYTP)D4>WJEx1fTI5KJ= zwPH*4_jg7kl9Cq_U*CD~NF3+ut{ne_&wecL{cSuCm#5N{yKlvG4d=_LZ zD3w=HYOkZLd=;hfCd%5^QCe@KY<$xe;k%a-!tdL^zT0XnnUws3f4vmVQS2#A;<~E) z8Tu=`9j7sD+wq|&u_-*i{TlxE^bMnK_l$vZ|1$T~Sn)Dk_Ut}t}k7trf{0ga*3zJTI=0kt8;+kku%nEV@XzIGxRp~sPH)5Kg#U+%A}D3+O1>LyKpwR;@0C=& kIn|8`*21Y2!U=GVv#xf=RZctQq!SK`|5c(yeAWa20OYs&fdBvi literal 490 zcmV+%z->1l}2q?CS*%9G?|bck|z_gEn$jv`=U4>>Ajfw5Fhyv z9{CVLDh(cW;zJ#pslwdey9%2aS(8=)o9!xKLnhKHpa`pg zqJR)&JYR&j{cV`WkGr2S1`-|zx63}3-vqW{-%0&Aq+q@@FV17dL_I%S1CE0UAks^J zmER;Vo=y*D@$R0LDS - - + + - + - + - + diff --git a/creusot/tests/should_succeed/ord_trait/why3shapes.gz b/creusot/tests/should_succeed/ord_trait/why3shapes.gz index eaf83daea31ec8888c5befb899a03992ba23fc31..b3769aeadaac91b4382cb5076397fad2021a2195 100644 GIT binary patch literal 653 zcmV;80&@KyiwFP!00000|BaMQZ`&{ohVT9rzHRGCq&{p7>!B!?slc$)plhJSa#z5u z+axXa^GC~)Be@wiAOIziFDc3o^YN-a{&LU$Sikwh@nL-WT&w!(Q+0ZA4^MBFZ7O%| z_K(loVZ66s(cNypzP!5O#a&O^yATx(6v4uB3jXeo$Jr}p!|$>fZUx1BJ9u~UheEBa zJbPxPnvKj8NULIzLfu$xfz9!HHtlShT;0a7T-ee{*)-5EwH+HRI|a1B&$p$gardXp z^YifPqmW07o9aiNL0FKnks$ZkaVD41in6}4&}8c2lpSa4CR(*BPA%*5`h(9rS%&zQ z&~73igaAuxv>4vSqKKMSer0eF)ZnU^OoPu>ZVDb0Kj*LnZEeH=SKkg(YC z%}u-pPYVoMPK(V_byL~fx*req@8#a*C&U2jLN;2y&>8?Qf@PrgOtxGA&*_(cA-f64 z7GyUI;Q0VFm&l&*B>v)ec!&5oP^Z8Z?(fmX72IXBzzMg@a0gFDhe(jG_>zR&1-Qd; zCRYjavVKFjU4T0rXX-XVzACPX(93WK&p89K1o;fHyhI-_S^RIrMe>T|6?b!y`*jg0 z8K&I<`}O*NeU2JKuTU^L^j?z24Wr4WI!qz>GGn zX^b+`2*VAX8dibO+N)kmvDe5nlU}l(fzpm4fP@;QK`|vjlAu9aFaz2^YoIZp3`hfl nGIdgPnzs&chn*MNYX)7nljxKLN?l`PP*r~bdLmr#B?kZiL<33B literal 643 zcmV-}0(|`+iwFP!00000|BaJPZ`&{ohVT9rzU|{AQlB2yLs86AfnldX*FdqgE`VFN zc3SM`PnIP|N-}JK0ZJraQj{OP|5(qz?6aHeH#g0P@##}7>W?3)0%ut{F&CT-~Wvik0Sq?SK=X{-s z5RU*!Ycv?{#UP8C$<5>N<_xZY_yoL7i!4f0l&0tc$x>!LhwYtv-aU@J8@#aC(e^eT zgQf)rE%l3b>)KZ4uKqbr_3!Q6qa&jy3rZ{FOqqn_Cz+{0MF^?e<522WDBz8 z26+Ae?I1fs%2* zWgFxygZ$smXL%kMvC~`dzj2&)gRAW48+#mgho_?zN1Yqdd{q+HA;=5`U4GADsLMH004leLg)Yh diff --git a/creusot/tests/should_succeed/projection_toggle.mlcfg b/creusot/tests/should_succeed/projection_toggle.mlcfg index 6bb279147c..3fc6207881 100644 --- a/creusot/tests/should_succeed/projection_toggle.mlcfg +++ b/creusot/tests/should_succeed/projection_toggle.mlcfg @@ -34,6 +34,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -48,6 +49,7 @@ module TyInv_Trivial end module ProjectionToggle_ProjToggle_Interface type t + use prelude.Bool use prelude.Borrow clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = borrowed t @@ -65,6 +67,7 @@ end module ProjectionToggle_ProjToggle type t use prelude.Borrow + use prelude.Bool clone CreusotContracts_Invariant_Inv_Interface as Inv1 with type t = t clone TyInv_Trivial as TyInv_Trivial1 with @@ -196,9 +199,9 @@ module ProjectionToggle_F BB1 { assume { Resolve0.resolve _7 }; assume { Resolve0.resolve _5 }; - x <- { x with current = ([#"../projection_toggle.rs" 19 4 19 11] * x + ([#"../projection_toggle.rs" 19 10 19 11] [#"../projection_toggle.rs" 19 10 19 11] (5 : int32))) }; + x <- { x with current = ([#"../projection_toggle.rs" 19 4 19 11] Int32.add ( * x) ([#"../projection_toggle.rs" 19 10 19 11] [#"../projection_toggle.rs" 19 10 19 11] (5 : int32))) }; assume { Resolve0.resolve x }; - switch ([#"../projection_toggle.rs" 20 4 20 20] not ([#"../projection_toggle.rs" 20 12 20 19] a = ([#"../projection_toggle.rs" 20 17 20 19] [#"../projection_toggle.rs" 20 17 20 19] (15 : int32)))) + switch ([#"../projection_toggle.rs" 20 4 20 20] not ([#"../projection_toggle.rs" 20 12 20 19] Int32.eq a ([#"../projection_toggle.rs" 20 17 20 19] [#"../projection_toggle.rs" 20 17 20 19] (15 : int32)))) | False -> goto BB3 | True -> goto BB2 end diff --git a/creusot/tests/should_succeed/projection_toggle/why3session.xml b/creusot/tests/should_succeed/projection_toggle/why3session.xml index 2504fe914b..41fd7da0cb 100644 --- a/creusot/tests/should_succeed/projection_toggle/why3session.xml +++ b/creusot/tests/should_succeed/projection_toggle/why3session.xml @@ -8,12 +8,12 @@ - + - + diff --git a/creusot/tests/should_succeed/projection_toggle/why3shapes.gz b/creusot/tests/should_succeed/projection_toggle/why3shapes.gz index 419ad586b1291da3a6b52c89113e0ea985548fcb..3b20725b4e5a97bc0ac327b518dbc92d13cf4af0 100644 GIT binary patch literal 584 zcmV-O0=NAiiwFP!00000|9wO0z2{ftwk^Hb9@|MOaflERNPDb&?8+q0mX?ww zVd>wm#~v?`?)HE^y!rIZn|xa2(+~UNru^c@X+Ipl<~m<|&dw*hKVA%LNaBV!8404^ z+ok<(z%C5bcIgo#10p>l2?2iz`)z!6TRXaGI9!}j+ZaOCbYE4PRGL)!s^UO84s{Z4 zv@B^^(niGB!^IYh0lOQB%0k5qjjf%-SD~G{xd+F63tIF z_kq3U%k5v?sz+|1r&He&l6W|(Y1polj?H%0! literal 565 zcmV-50?Pd#iwFP!00000|9w=+Zrd;rz3VGSv=6{ zVAkflW@e>XW!4VS+#}o}JR;0()O;J?Y-2_{4abYsq6scU75ABvk&=;;GX*Siz^Zh( zVM$_1Vgusx0oq_P%(TNe4u9CMGm zI4C}d2XY%Dsu)q>f@mz6L|!Z_CZm1OTWS#7XfLn}ZZhUEBkr}=w5~SyPw*dU(3ye7^mZov1ODr*?Qd z?WcF-SFgw%uDG8f7g@L-3x&g`3xkX;5ZZ?0Y^=kGtZ>o;sLnp>#Ur?@|IZbWe-Bo| ziB3Y4+KZ|`>R0YrrDeP?aXvgI@c+i2cn}yB)exlaLWQ=f5da>_pK?+MH?^^=Gf>G{`lC-(lad+)6m7DH9J_P^( D5}pxC diff --git a/creusot/tests/should_succeed/projections.mlcfg b/creusot/tests/should_succeed/projections.mlcfg index 35de7c4c34..f9c406fd22 100644 --- a/creusot/tests/should_succeed/projections.mlcfg +++ b/creusot/tests/should_succeed/projections.mlcfg @@ -55,6 +55,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -220,7 +221,7 @@ module Projections_F } BB4 { x <- Core_Option_Option_Type.some_0 _2; - _1 <- ([#"../projections.rs" 25 19 25 25] x = ([#"../projections.rs" 25 24 25 25] [#"../projections.rs" 25 24 25 25] (0 : int32))); + _1 <- ([#"../projections.rs" 25 19 25 25] Int32.eq x ([#"../projections.rs" 25 24 25 25] [#"../projections.rs" 25 24 25 25] (0 : int32))); goto BB5 } BB5 { diff --git a/creusot/tests/should_succeed/prophecy.mlcfg b/creusot/tests/should_succeed/prophecy.mlcfg index 5a0690696e..7f43e6a7d3 100644 --- a/creusot/tests/should_succeed/prophecy.mlcfg +++ b/creusot/tests/should_succeed/prophecy.mlcfg @@ -15,6 +15,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool diff --git a/creusot/tests/should_succeed/red_black_tree.mlcfg b/creusot/tests/should_succeed/red_black_tree.mlcfg index 38036e8dc8..88821ea705 100644 --- a/creusot/tests/should_succeed/red_black_tree.mlcfg +++ b/creusot/tests/should_succeed/red_black_tree.mlcfg @@ -6,6 +6,7 @@ module RedBlackTree_Color_Type end module RedBlackTree_Impl16_Clone_Interface + use prelude.Bool use prelude.Borrow use RedBlackTree_Color_Type as RedBlackTree_Color_Type val clone' [#"../red_black_tree.rs" 8 9 8 14] (self : RedBlackTree_Color_Type.t_color) : RedBlackTree_Color_Type.t_color @@ -14,6 +15,7 @@ module RedBlackTree_Impl16_Clone_Interface end module RedBlackTree_Impl16_Clone use prelude.Borrow + use prelude.Bool use RedBlackTree_Color_Type as RedBlackTree_Color_Type let rec cfg clone' [#"../red_black_tree.rs" 8 9 8 14] [@cfg:stackify] [@cfg:subregion_analysis] (self : RedBlackTree_Color_Type.t_color) : RedBlackTree_Color_Type.t_color ensures { [#"../red_black_tree.rs" 8 9 8 14] result = self } @@ -149,6 +151,7 @@ end module RedBlackTree_Impl0_HasMapping type k type v + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with @@ -207,6 +210,7 @@ end module RedBlackTree_Impl0_SameMappings type k type v + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type @@ -284,6 +288,7 @@ module RedBlackTree_Impl0_ModelAccHasMapping_Stub type k type v use map.Map + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k @@ -312,6 +317,7 @@ module RedBlackTree_Impl0_ModelAccHasMapping_Interface type k type v use map.Map + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k @@ -348,6 +354,7 @@ module RedBlackTree_Impl0_ModelAccHasMapping type k type v use map.Map + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k @@ -393,6 +400,7 @@ module RedBlackTree_Impl0_ModelAccHasMapping_Impl type k type v use map.Map + use prelude.Bool clone CreusotContracts_Invariant_Inv_Interface as Inv3 with type t = v clone TyInv_Trivial as TyInv_Trivial3 with @@ -489,6 +497,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_LtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -516,6 +525,7 @@ end module RedBlackTree_Impl4_BstInvariantHere type k type v + use prelude.Bool use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k @@ -557,6 +567,7 @@ end module RedBlackTree_Impl5_BstInvariant type k type v + use prelude.Bool use RedBlackTree_Node_Type as RedBlackTree_Node_Type clone RedBlackTree_Impl4_BstInvariantHere_Stub as BstInvariantHere0 with type k = k, @@ -585,6 +596,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_LeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -596,6 +608,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LeLog end module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -607,6 +620,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -625,6 +639,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -643,6 +658,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog end module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -654,6 +670,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -672,6 +689,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -701,6 +719,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_GeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_GeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -712,6 +731,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_GeLog end module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -723,6 +743,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -741,6 +762,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -770,6 +792,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_GtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_GtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -781,6 +804,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_GtLog end module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -792,6 +816,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -810,6 +835,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -828,6 +854,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog end module CreusotContracts_Logic_Ord_OrdLogic_Refl_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -837,6 +864,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Refl_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Refl_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -852,6 +880,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Refl_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Refl type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -867,6 +896,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Refl end module CreusotContracts_Logic_Ord_OrdLogic_Trans_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self @@ -876,6 +906,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Trans_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Trans_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self @@ -895,6 +926,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Trans_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Trans type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self @@ -914,6 +946,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Trans end module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Stub type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -923,6 +956,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Interface type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -940,6 +974,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Antisym1 type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -957,6 +992,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym1 end module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Stub type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -966,6 +1002,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Interface type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -983,6 +1020,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Antisym2 type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1000,6 +1038,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym2 end module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1009,6 +1048,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Stub end module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1025,6 +1065,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Interface end module CreusotContracts_Logic_Ord_OrdLogic_EqCmp type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1043,6 +1084,7 @@ module RedBlackTree_Impl0_HasMappingModelAcc_Stub type k type v use map.Map + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k @@ -1074,6 +1116,7 @@ module RedBlackTree_Impl0_HasMappingModelAcc_Interface type k type v use map.Map + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k @@ -1114,6 +1157,7 @@ module RedBlackTree_Impl0_HasMappingModelAcc type k type v use map.Map + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k @@ -1174,6 +1218,7 @@ module RedBlackTree_Impl0_HasMappingModelAcc_Impl type k type v use map.Map + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k clone CreusotContracts_Logic_Ord_OrdLogic_GtLog_Interface as GtLog0 with @@ -1365,6 +1410,7 @@ module RedBlackTree_Impl0_HasMappingModel_Stub type k type v use map.Map + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type @@ -1393,6 +1439,7 @@ module RedBlackTree_Impl0_HasMappingModel_Interface type k type v use map.Map + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type @@ -1429,6 +1476,7 @@ module RedBlackTree_Impl0_HasMappingModel type k type v use map.Map + use prelude.Bool use map.Const use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with @@ -1498,6 +1546,7 @@ module RedBlackTree_Impl0_HasMappingModel_Impl type k type v use map.Map + use prelude.Bool use map.Const clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k @@ -1658,6 +1707,7 @@ end module RedBlackTree_Impl0_HasMappingInj_Stub type k type v + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type @@ -1680,6 +1730,7 @@ end module RedBlackTree_Impl0_HasMappingInj_Interface type k type v + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type @@ -1714,6 +1765,7 @@ end module RedBlackTree_Impl0_HasMappingInj type k type v + use prelude.Bool use map.Map use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with @@ -1770,6 +1822,7 @@ end module RedBlackTree_Impl0_HasMappingInj_Impl type k type v + use prelude.Bool use map.Map clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k @@ -1981,6 +2034,7 @@ end module RedBlackTree_Impl1_HasMapping_Stub type k type v + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type @@ -2004,6 +2058,7 @@ end module RedBlackTree_Impl1_HasMapping_Interface type k type v + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type @@ -2035,6 +2090,7 @@ end module RedBlackTree_Impl1_HasMapping type k type v + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with @@ -2071,6 +2127,7 @@ end module RedBlackTree_Impl1_HasMapping_Impl type k type v + use prelude.Bool use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use RedBlackTree_Node_Type as RedBlackTree_Node_Type clone CreusotContracts_Invariant_Inv_Interface as Inv3 with @@ -2116,7 +2173,7 @@ module RedBlackTree_Impl1_HasMapping_Impl ensures { [#"../red_black_tree.rs" 138 4 139 86] forall node : RedBlackTree_Node_Type.t_node k v . Inv3.inv node -> self = node -> result = HasMapping0.has_mapping (RedBlackTree_Tree_Type.C_Tree (Core_Option_Option_Type.C_Some node)) k v } = [@vc:do_not_keep_trace] [@vc:sp] - [#"../red_black_tree.rs" 141 8 144 9] HasMapping0.has_mapping (RedBlackTree_Node_Type.node_left self) k v || HasMapping0.has_mapping (RedBlackTree_Node_Type.node_right self) k v || (let b = DeepModel0.deep_model (RedBlackTree_Node_Type.node_key self) in pure {k = b}) && pure {v = RedBlackTree_Node_Type.node_val self} + [#"../red_black_tree.rs" 141 8 144 9] HasMapping0.has_mapping (RedBlackTree_Node_Type.node_left self) k v || HasMapping0.has_mapping (RedBlackTree_Node_Type.node_right self) k v || (let b = DeepModel0.deep_model (RedBlackTree_Node_Type.node_key self) in k = b) && v = RedBlackTree_Node_Type.node_val self end module RedBlackTree_Impl1_SameMappings_Stub type k @@ -2138,6 +2195,7 @@ end module RedBlackTree_Impl1_SameMappings type k type v + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type @@ -2244,6 +2302,7 @@ end module RedBlackTree_Impl4_BstInvariant type k type v + use prelude.Bool use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type clone RedBlackTree_Impl5_BstInvariant_Stub as BstInvariant0 with type k = k, @@ -2346,6 +2405,7 @@ end module RedBlackTree_Impl8_ColorInvariantHere type k type v + use prelude.Bool use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type use RedBlackTree_Color_Type as RedBlackTree_Color_Type clone RedBlackTree_Impl7_Color_Stub as Color0 with @@ -2376,6 +2436,7 @@ end module RedBlackTree_Impl7_ColorInvariant type k type v + use prelude.Bool use RedBlackTree_Node_Type as RedBlackTree_Node_Type clone RedBlackTree_Impl8_ColorInvariantHere_Stub as ColorInvariantHere0 with type k = k, @@ -2413,6 +2474,7 @@ end module RedBlackTree_Impl6_MatchT type k type v + use prelude.Bool use RedBlackTree_Color_Type as RedBlackTree_Color_Type use RedBlackTree_Node_Type as RedBlackTree_Node_Type use Core_Option_Option_Type as Core_Option_Option_Type @@ -2455,6 +2517,7 @@ end module RedBlackTree_Impl8_ColorInvariant type k type v + use prelude.Bool use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type clone RedBlackTree_Impl7_ColorInvariant_Stub as ColorInvariant0 with type k = k, @@ -2491,6 +2554,7 @@ end module RedBlackTree_Impl6_MatchN type k type v + use prelude.Bool use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type use RedBlackTree_Cp_Type as RedBlackTree_Cp_Type clone RedBlackTree_Impl6_MatchT_Stub as MatchT0 with @@ -2530,10 +2594,10 @@ module RedBlackTree_Impl9_Height_Interface function height [#"../red_black_tree.rs" 296 4 296 26] (self : RedBlackTree_Tree_Type.t_tree k v) : int val height [#"../red_black_tree.rs" 296 4 296 26] (self : RedBlackTree_Tree_Type.t_tree k v) : int requires {[#"../red_black_tree.rs" 296 14 296 18] Inv0.inv self} - ensures { [#"../red_black_tree.rs" 295 14 295 25] result >= 0 } + ensures { [#"../red_black_tree.rs" 295 14 295 25] Int.ge result 0 } ensures { result = height self } - axiom height_spec : forall self : RedBlackTree_Tree_Type.t_tree k v . ([#"../red_black_tree.rs" 296 14 296 18] Inv0.inv self) -> ([#"../red_black_tree.rs" 295 14 295 25] height self >= 0) + axiom height_spec : forall self : RedBlackTree_Tree_Type.t_tree k v . ([#"../red_black_tree.rs" 296 14 296 18] Inv0.inv self) -> ([#"../red_black_tree.rs" 295 14 295 25] Int.ge (height self) 0) end module RedBlackTree_Impl9_Height type k @@ -2550,15 +2614,15 @@ module RedBlackTree_Impl9_Height | RedBlackTree_Tree_Type.C_Tree (Core_Option_Option_Type.C_None) -> 0 | RedBlackTree_Tree_Type.C_Tree (Core_Option_Option_Type.C_Some (RedBlackTree_Node_Type.C_Node left color _ _ _)) -> match (color) with | RedBlackTree_Color_Type.C_Red -> height left - | RedBlackTree_Color_Type.C_Black -> height left + 1 + | RedBlackTree_Color_Type.C_Black -> Int.add (height left) 1 end end val height [#"../red_black_tree.rs" 296 4 296 26] (self : RedBlackTree_Tree_Type.t_tree k v) : int requires {[#"../red_black_tree.rs" 296 14 296 18] Inv0.inv self} - ensures { [#"../red_black_tree.rs" 295 14 295 25] result >= 0 } + ensures { [#"../red_black_tree.rs" 295 14 295 25] Int.ge result 0 } ensures { result = height self } - axiom height_spec : forall self : RedBlackTree_Tree_Type.t_tree k v . ([#"../red_black_tree.rs" 296 14 296 18] Inv0.inv self) -> ([#"../red_black_tree.rs" 295 14 295 25] height self >= 0) + axiom height_spec : forall self : RedBlackTree_Tree_Type.t_tree k v . ([#"../red_black_tree.rs" 296 14 296 18] Inv0.inv self) -> ([#"../red_black_tree.rs" 295 14 295 25] Int.ge (height self) 0) end module RedBlackTree_Impl9_Height_Impl type k @@ -2576,14 +2640,14 @@ module RedBlackTree_Impl9_Height_Impl use Core_Option_Option_Type as Core_Option_Option_Type let rec ghost function height [#"../red_black_tree.rs" 296 4 296 26] (self : RedBlackTree_Tree_Type.t_tree k v) : int requires {[#"../red_black_tree.rs" 296 14 296 18] Inv0.inv self} - ensures { [#"../red_black_tree.rs" 295 14 295 25] result >= 0 } + ensures { [#"../red_black_tree.rs" 295 14 295 25] Int.ge result 0 } = [@vc:do_not_keep_trace] [@vc:sp] [#"../red_black_tree.rs" 298 12 306 13] match (self) with | RedBlackTree_Tree_Type.C_Tree (Core_Option_Option_Type.C_None) -> 0 | RedBlackTree_Tree_Type.C_Tree (Core_Option_Option_Type.C_Some (RedBlackTree_Node_Type.C_Node left color _ _ _)) -> match (color) with | RedBlackTree_Color_Type.C_Red -> height left - | RedBlackTree_Color_Type.C_Black -> height left + 1 + | RedBlackTree_Color_Type.C_Black -> Int.add (height left) 1 end end end @@ -2605,6 +2669,7 @@ end module RedBlackTree_Impl10_HeightInvariantHere type k type v + use prelude.Int use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = RedBlackTree_Tree_Type.t_tree k v @@ -2638,6 +2703,7 @@ end module RedBlackTree_Impl9_HeightInvariant type k type v + use prelude.Bool use RedBlackTree_Node_Type as RedBlackTree_Node_Type clone RedBlackTree_Impl10_HeightInvariantHere_Stub as HeightInvariantHere0 with type k = k, @@ -2656,6 +2722,7 @@ end module RedBlackTree_Impl10_Height_Stub type k type v + use prelude.Bool use prelude.Int use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type clone CreusotContracts_Invariant_Inv_Stub as Inv2 with @@ -2676,6 +2743,7 @@ end module RedBlackTree_Impl10_Height_Interface type k type v + use prelude.Bool use prelude.Int use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type clone CreusotContracts_Invariant_Inv_Stub as Inv2 with @@ -2702,6 +2770,7 @@ end module RedBlackTree_Impl10_Height type k type v + use prelude.Bool use prelude.Int use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type clone CreusotContracts_Invariant_Inv_Stub as Inv2 with @@ -2721,7 +2790,7 @@ module RedBlackTree_Impl10_Height function height [#"../red_black_tree.rs" 328 4 328 26] (self : RedBlackTree_Node_Type.t_node k v) : int = [#"../red_black_tree.rs" 330 12 333 13] match (RedBlackTree_Node_Type.node_color self) with | RedBlackTree_Color_Type.C_Red -> Height0.height (RedBlackTree_Node_Type.node_left self) - | RedBlackTree_Color_Type.C_Black -> Height0.height (RedBlackTree_Node_Type.node_left self) + 1 + | RedBlackTree_Color_Type.C_Black -> Int.add (Height0.height (RedBlackTree_Node_Type.node_left self)) 1 end val height [#"../red_black_tree.rs" 328 4 328 26] (self : RedBlackTree_Node_Type.t_node k v) : int requires {[#"../red_black_tree.rs" 328 14 328 18] Inv0.inv self} @@ -2733,6 +2802,7 @@ end module RedBlackTree_Impl10_Height_Impl type k type v + use prelude.Bool use prelude.Int use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type clone CreusotContracts_Invariant_Inv_Interface as Inv2 with @@ -2769,7 +2839,7 @@ module RedBlackTree_Impl10_Height_Impl = [@vc:do_not_keep_trace] [@vc:sp] [#"../red_black_tree.rs" 330 12 333 13] match (RedBlackTree_Node_Type.node_color self) with | RedBlackTree_Color_Type.C_Red -> Height0.height (RedBlackTree_Node_Type.node_left self) - | RedBlackTree_Color_Type.C_Black -> Height0.height (RedBlackTree_Node_Type.node_left self) + 1 + | RedBlackTree_Color_Type.C_Black -> Int.add (Height0.height (RedBlackTree_Node_Type.node_left self)) 1 end end module RedBlackTree_Impl10_HeightInvariant_Stub @@ -2790,6 +2860,7 @@ end module RedBlackTree_Impl10_HeightInvariant type k type v + use prelude.Bool use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type clone RedBlackTree_Impl9_HeightInvariant_Stub as HeightInvariant0 with type k = k, @@ -2822,6 +2893,7 @@ end module RedBlackTree_Impl11_InternalInvariant type k type v + use prelude.Bool use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type clone RedBlackTree_Impl9_HeightInvariant_Stub as HeightInvariant0 with type k = k, @@ -2853,6 +2925,7 @@ end module RedBlackTree_Impl11_Invariant type k type v + use prelude.Bool use RedBlackTree_Color_Type as RedBlackTree_Color_Type use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type clone RedBlackTree_Impl7_Color_Stub as Color0 with @@ -2888,6 +2961,7 @@ end module RedBlackTree_Impl12_InternalInvariant type k type v + use prelude.Bool use RedBlackTree_Node_Type as RedBlackTree_Node_Type clone RedBlackTree_Impl10_HeightInvariant_Stub as HeightInvariant0 with type k = k, @@ -2922,6 +2996,7 @@ end module RedBlackTree_Impl13_IsRed_Interface type k type v + use prelude.Bool use prelude.Borrow use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type use RedBlackTree_Color_Type as RedBlackTree_Color_Type @@ -2939,6 +3014,7 @@ module RedBlackTree_Impl13_IsRed type k type v use prelude.Borrow + use prelude.Bool use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type clone CreusotContracts_Invariant_Inv_Interface as Inv0 with type t = RedBlackTree_Tree_Type.t_tree k v @@ -3015,6 +3091,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -3042,6 +3119,7 @@ end module Core_Mem_Take_Interface type t use prelude.Borrow + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = t clone CreusotContracts_Std1_Default_Default_IsDefault_Stub as IsDefault0 with @@ -3057,6 +3135,7 @@ module Core_Mem_Take_Interface end module Core_Option_Impl0_Unwrap_Interface type t + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = t use Core_Option_Option_Type as Core_Option_Option_Type @@ -3072,6 +3151,7 @@ end module Core_Mem_Swap_Interface type t use prelude.Borrow + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = borrowed t val swap (x : borrowed t) (y : borrowed t) : () @@ -3096,6 +3176,7 @@ module CreusotContracts_Std1_Option_Impl1_IsDefault_Interface end module CreusotContracts_Std1_Option_Impl1_IsDefault type t + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type predicate is_default (self : Core_Option_Option_Type.t_option t) = [#"../../../../creusot-contracts/src/std/option.rs" 120 20 120 32] self = Core_Option_Option_Type.C_None @@ -3107,6 +3188,8 @@ module RedBlackTree_Impl14_RotateRight_Interface type k type v use prelude.Borrow + use prelude.Bool + use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type @@ -3166,6 +3249,8 @@ module RedBlackTree_Impl14_RotateRight type v use prelude.Ghost use prelude.Borrow + use prelude.Bool + use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k clone CreusotContracts_Logic_Ord_OrdLogic_GtLog_Interface as GtLog0 with @@ -3570,6 +3655,8 @@ module RedBlackTree_Impl14_RotateLeft_Interface type k type v use prelude.Borrow + use prelude.Bool + use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type @@ -3629,6 +3716,8 @@ module RedBlackTree_Impl14_RotateLeft type v use prelude.Ghost use prelude.Borrow + use prelude.Bool + use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k clone CreusotContracts_Logic_Ord_OrdLogic_GtLog_Interface as GtLog0 with @@ -4032,6 +4121,7 @@ end module Core_Option_Impl0_AsMut_Interface type t use prelude.Borrow + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv2 with type t = Core_Option_Option_Type.t_option (borrowed t) @@ -4050,6 +4140,8 @@ module RedBlackTree_Impl14_FlipColors_Interface type k type v use prelude.Borrow + use prelude.Bool + use prelude.Int use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type clone CreusotContracts_Invariant_Inv_Stub as Inv3 with type t = RedBlackTree_Tree_Type.t_tree k v @@ -4102,6 +4194,8 @@ module RedBlackTree_Impl14_FlipColors type k type v use prelude.Borrow + use prelude.Bool + use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k clone CreusotContracts_Logic_Ord_OrdLogic_GtLog_Interface as GtLog0 with @@ -4422,6 +4516,7 @@ module RedBlackTree_Impl14_FlipColors end module Core_Option_Impl0_AsRef_Interface type t + use prelude.Bool use prelude.Borrow use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv2 with @@ -4441,6 +4536,8 @@ module RedBlackTree_Impl14_Balance_Interface type k type v use prelude.Borrow + use prelude.Bool + use prelude.Int use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type clone CreusotContracts_Invariant_Inv_Stub as Inv3 with type t = RedBlackTree_Tree_Type.t_tree k v @@ -4503,6 +4600,8 @@ module RedBlackTree_Impl14_Balance type k type v use prelude.Borrow + use prelude.Bool + use prelude.Int use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k @@ -4997,6 +5096,8 @@ module RedBlackTree_Impl14_MoveRedLeft_Interface type k type v use prelude.Borrow + use prelude.Bool + use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type @@ -5082,6 +5183,8 @@ module RedBlackTree_Impl14_MoveRedLeft type k type v use prelude.Borrow + use prelude.Bool + use prelude.Int use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k @@ -5535,6 +5638,8 @@ module RedBlackTree_Impl14_MoveRedRight_Interface type k type v use prelude.Borrow + use prelude.Bool + use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type @@ -5620,6 +5725,8 @@ module RedBlackTree_Impl14_MoveRedRight type k type v use prelude.Borrow + use prelude.Bool + use prelude.Int use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k @@ -6030,6 +6137,7 @@ module RedBlackTree_Impl15_New_Interface type k type v use map.Const + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type @@ -6053,6 +6161,7 @@ module RedBlackTree_Impl15_New type k type v use map.Const + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k clone CreusotContracts_Logic_Ord_OrdLogic_GtLog_Interface as GtLog0 with @@ -6225,6 +6334,7 @@ module RedBlackTree_Impl15_New end module Core_Cmp_Ord_Cmp_Interface type self + use prelude.Bool use prelude.Borrow clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = self @@ -6246,6 +6356,8 @@ module RedBlackTree_Impl15_InsertRec_Interface type k type v use prelude.Borrow + use prelude.Int + use prelude.Bool use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type clone CreusotContracts_Invariant_Inv_Stub as Inv4 with type t = RedBlackTree_Tree_Type.t_tree k v @@ -6303,6 +6415,8 @@ module RedBlackTree_Impl15_InsertRec type k type v use prelude.Borrow + use prelude.Int + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k clone CreusotContracts_Logic_Ord_OrdLogic_GtLog_Interface as GtLog0 with @@ -6860,6 +6974,7 @@ module RedBlackTree_Impl15_Insert_Interface type v use prelude.Borrow use map.Map + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k @@ -6899,6 +7014,7 @@ module RedBlackTree_Impl15_Insert use prelude.Borrow use prelude.Ghost use map.Map + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k clone CreusotContracts_Logic_Ord_OrdLogic_GtLog_Interface as GtLog0 with @@ -7260,6 +7376,7 @@ module Alloc_Boxed_Impl57_AsMut_Interface type t type a use prelude.Borrow + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = borrowed t clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -7275,6 +7392,8 @@ module RedBlackTree_Impl15_DeleteMaxRec_Interface type k type v use prelude.Borrow + use prelude.Bool + use prelude.Int use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type clone CreusotContracts_Invariant_Inv_Stub as Inv4 with type t = RedBlackTree_Tree_Type.t_tree k v @@ -7335,6 +7454,8 @@ module RedBlackTree_Impl15_DeleteMaxRec type k type v use prelude.Borrow + use prelude.Bool + use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k clone CreusotContracts_Logic_Ord_OrdLogic_GtLog_Interface as GtLog0 with @@ -7956,6 +8077,7 @@ module RedBlackTree_Impl15_DeleteMax_Interface type v use prelude.Borrow use map.Map + use prelude.Bool use map.Const use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with @@ -8000,6 +8122,7 @@ module RedBlackTree_Impl15_DeleteMax use prelude.Ghost use prelude.Borrow use map.Map + use prelude.Bool use map.Const use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type clone CreusotContracts_Invariant_Inv_Interface as Inv5 with @@ -8480,6 +8603,8 @@ module RedBlackTree_Impl15_DeleteMinRec_Interface type k type v use prelude.Borrow + use prelude.Bool + use prelude.Int use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type clone CreusotContracts_Invariant_Inv_Stub as Inv4 with type t = RedBlackTree_Tree_Type.t_tree k v @@ -8540,6 +8665,8 @@ module RedBlackTree_Impl15_DeleteMinRec type k type v use prelude.Borrow + use prelude.Bool + use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k clone CreusotContracts_Logic_Ord_OrdLogic_GtLog_Interface as GtLog0 with @@ -9118,6 +9245,7 @@ module RedBlackTree_Impl15_DeleteMin_Interface type v use prelude.Borrow use map.Map + use prelude.Bool use map.Const use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with @@ -9162,6 +9290,7 @@ module RedBlackTree_Impl15_DeleteMin use prelude.Ghost use prelude.Borrow use map.Map + use prelude.Bool use map.Const use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type clone CreusotContracts_Invariant_Inv_Interface as Inv4 with @@ -9648,6 +9777,7 @@ module CreusotContracts_Model_Impl4_DeepModel end module Core_Option_Impl0_IsNone_Interface type t + use prelude.Bool use prelude.Borrow use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -9661,6 +9791,8 @@ module RedBlackTree_Impl15_DeleteRec_Interface type k type v use prelude.Borrow + use prelude.Bool + use prelude.Int use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type clone CreusotContracts_Invariant_Inv_Stub as Inv5 with type t = RedBlackTree_Tree_Type.t_tree k v @@ -9729,6 +9861,8 @@ module RedBlackTree_Impl15_DeleteRec type v use prelude.Borrow use prelude.Ghost + use prelude.Bool + use prelude.Int use map.Map use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with @@ -10805,6 +10939,7 @@ module RedBlackTree_Impl15_Delete_Interface type k type v use prelude.Borrow + use prelude.Bool use map.Map use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with @@ -10851,6 +10986,7 @@ module RedBlackTree_Impl15_Delete type v use prelude.Ghost use prelude.Borrow + use prelude.Bool use map.Map clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k @@ -11351,6 +11487,7 @@ module RedBlackTree_Impl15_Get_Interface type v use prelude.Borrow use map.Map + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k use Core_Option_Option_Type as Core_Option_Option_Type @@ -11386,6 +11523,7 @@ module RedBlackTree_Impl15_Get type k type v use prelude.Ghost + use prelude.Bool use prelude.Borrow use map.Map use RedBlackTree_Color_Type as RedBlackTree_Color_Type @@ -11787,6 +11925,7 @@ module RedBlackTree_Impl15_GetMut_Interface type v use prelude.Borrow use map.Map + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k use Core_Option_Option_Type as Core_Option_Option_Type @@ -11828,6 +11967,8 @@ module RedBlackTree_Impl15_GetMut type v use prelude.Ghost use prelude.Borrow + use prelude.Bool + use prelude.Int use map.Map clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = k @@ -12300,6 +12441,7 @@ module RedBlackTree_Impl15_GetMut end module RedBlackTree_Impl16 use prelude.Borrow + use prelude.Bool use RedBlackTree_Color_Type as RedBlackTree_Color_Type clone CreusotContracts_Invariant_Inv_Interface as Inv1 with type t = RedBlackTree_Color_Type.t_color diff --git a/creusot/tests/should_succeed/resolve_uninit.mlcfg b/creusot/tests/should_succeed/resolve_uninit.mlcfg index 64cdc3916f..36ff0b1a43 100644 --- a/creusot/tests/should_succeed/resolve_uninit.mlcfg +++ b/creusot/tests/should_succeed/resolve_uninit.mlcfg @@ -175,6 +175,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -248,7 +249,7 @@ module ResolveUninit_InitJoin BB3 { y <- { y with current = ([#"../resolve_uninit.rs" 27 9 27 10] [#"../resolve_uninit.rs" 27 9 27 10] (5 : int32)) }; assume { Resolve0.resolve y }; - switch ([#"../resolve_uninit.rs" 28 4 28 19] not ([#"../resolve_uninit.rs" 28 12 28 18] x = ([#"../resolve_uninit.rs" 28 17 28 18] [#"../resolve_uninit.rs" 28 17 28 18] (5 : int32)))) + switch ([#"../resolve_uninit.rs" 28 4 28 19] not ([#"../resolve_uninit.rs" 28 12 28 18] Int32.eq x ([#"../resolve_uninit.rs" 28 17 28 18] [#"../resolve_uninit.rs" 28 17 28 18] (5 : int32)))) | False -> goto BB5 | True -> goto BB4 end diff --git a/creusot/tests/should_succeed/resolve_uninit/why3session.xml b/creusot/tests/should_succeed/resolve_uninit/why3session.xml index 80d3400f8a..02bbb5e167 100644 --- a/creusot/tests/should_succeed/resolve_uninit/why3session.xml +++ b/creusot/tests/should_succeed/resolve_uninit/why3session.xml @@ -12,7 +12,7 @@ - + diff --git a/creusot/tests/should_succeed/resolve_uninit/why3shapes.gz b/creusot/tests/should_succeed/resolve_uninit/why3shapes.gz index 7acd581afdf7ec775afd20300facd9bdcc1868d2..e3e4717762a1ace19d64829aca380a500c59021c 100644 GIT binary patch literal 420 zcmV;V0bBkbiwFP!00000|6Ni|kDEXYz4I%$ZJX2B1M{)c9#+w!MC!5fv5|p6rOiSE zBvt=?$9$yQ9I!3>y=RZjr(HUJ=U-t=Z($hQzI#qhy8E0=7jC;7sUn%ZIr0k`$_w#1 zVR78YAS2BMpU1#M82j@rQ1&{*qm!x==g7V-SsUGWszbxq^AxlEb+`tC;&nf*GJ*n- z9smSt?gol{45Z}$6Y#|*uvD=~XrDIykiPSuGMuhm+qF|71JA(Y$0#x;jZe`MR=La> z-Q|w>!r>yB#+;hW>Y`pWc5~IX7*`XVS8b4F^iZw9G2Ae3cE0OltF#@}E=fGlCYw<_+3mII%D z^lg_UMpcR{Tb9nD^_i~FWldnH*(wvXN$~&&m4rH0^0GFnsVw@+mj)~C8l!w}HRNe_ O(8*tr0yEMT0{{R$ugd2D literal 400 zcmV;B0dM{viwFP!00000|6Nf{Z`&{oz57@A)-ETJ`mzS}5Ck!j`@mxZ+EFlXsomL5 zivIgamhEmih$P7O9!2tblMg@n-4FTQ_e0aQ-*c01zGdSdZrVGEGMl_P@(UT#W%Qb` zJnllENOH;7!E^72?t1s6wi7(KSS_L}$nI0t1~;6}{=&EG7_$7Mzj=akyBlYjhysW` z00_j?4FtIm#FG0@z?F+Ys$!YZF28hr{>Gn`Ki%4ji7l)E*Huo=_U#XZ0X8$$$3vbAVmvR_TW}B8d7d65D zVT};fmlz>6L^1KU#RC!SLevRh3Cuz?(Zu}vqv@m&{wfn% zJ<7>N4iZ2T;39|7z`6jKMw(8%AVgfkbWTyOcZ~Nt{py-F%Z#W6*S4yP0 goto BB18 | True -> goto BB17 end @@ -945,7 +965,7 @@ module Result_TestResult goto BB28 } BB28 { - switch ([#"../result.rs" 17 4 17 37] not ([#"../result.rs" 17 12 17 36] _45 = ([#"../result.rs" 17 34 17 36] [#"../result.rs" 17 34 17 36] (-1 : int32)))) + switch ([#"../result.rs" 17 4 17 37] not ([#"../result.rs" 17 12 17 36] Int32.eq _45 ([#"../result.rs" 17 34 17 36] [#"../result.rs" 17 34 17 36] (-1 : int32)))) | False -> goto BB30 | True -> goto BB29 end @@ -963,7 +983,7 @@ module Result_TestResult goto BB32 } BB32 { - switch ([#"../result.rs" 20 4 20 39] not ([#"../result.rs" 20 12 20 38] _53 = ([#"../result.rs" 20 37 20 38] [#"../result.rs" 20 37 20 38] (1 : int32)))) + switch ([#"../result.rs" 20 4 20 39] not ([#"../result.rs" 20 12 20 38] Int32.eq _53 ([#"../result.rs" 20 37 20 38] [#"../result.rs" 20 37 20 38] (1 : int32)))) | False -> goto BB34 | True -> goto BB33 end @@ -981,7 +1001,7 @@ module Result_TestResult goto BB36 } BB36 { - switch ([#"../result.rs" 21 4 21 45] not ([#"../result.rs" 21 12 21 44] _61 = ([#"../result.rs" 21 42 21 44] [#"../result.rs" 21 42 21 44] (-1 : int32)))) + switch ([#"../result.rs" 21 4 21 45] not ([#"../result.rs" 21 12 21 44] Int32.eq _61 ([#"../result.rs" 21 42 21 44] [#"../result.rs" 21 42 21 44] (-1 : int32)))) | False -> goto BB38 | True -> goto BB37 end @@ -1008,7 +1028,7 @@ module Result_TestResult goto BB41 } BB41 { - switch ([#"../result.rs" 24 4 24 29] not ([#"../result.rs" 24 12 24 28] _71 = ([#"../result.rs" 24 27 24 28] [#"../result.rs" 24 27 24 28] (0 : int32)))) + switch ([#"../result.rs" 24 4 24 29] not ([#"../result.rs" 24 12 24 28] Int32.eq _71 ([#"../result.rs" 24 27 24 28] [#"../result.rs" 24 27 24 28] (0 : int32)))) | False -> goto BB43 | True -> goto BB42 end @@ -1035,7 +1055,7 @@ module Result_TestResult goto BB46 } BB46 { - switch ([#"../result.rs" 26 4 26 29] not ([#"../result.rs" 26 12 26 28] _80 = ([#"../result.rs" 26 27 26 28] [#"../result.rs" 26 27 26 28] (1 : int32)))) + switch ([#"../result.rs" 26 4 26 29] not ([#"../result.rs" 26 12 26 28] Int32.eq _80 ([#"../result.rs" 26 27 26 28] [#"../result.rs" 26 27 26 28] (1 : int32)))) | False -> goto BB48 | True -> goto BB47 end @@ -1062,7 +1082,7 @@ module Result_TestResult goto BB51 } BB51 { - switch ([#"../result.rs" 28 4 28 34] not ([#"../result.rs" 28 12 28 33] _89 = ([#"../result.rs" 28 32 28 33] [#"../result.rs" 28 32 28 33] (0 : int32)))) + switch ([#"../result.rs" 28 4 28 34] not ([#"../result.rs" 28 12 28 33] Int32.eq _89 ([#"../result.rs" 28 32 28 33] [#"../result.rs" 28 32 28 33] (0 : int32)))) | False -> goto BB53 | True -> goto BB52 end @@ -1089,7 +1109,7 @@ module Result_TestResult goto BB56 } BB56 { - switch ([#"../result.rs" 30 4 30 35] not ([#"../result.rs" 30 12 30 34] _98 = ([#"../result.rs" 30 32 30 34] [#"../result.rs" 30 32 30 34] (-1 : int32)))) + switch ([#"../result.rs" 30 4 30 35] not ([#"../result.rs" 30 12 30 34] Int32.eq _98 ([#"../result.rs" 30 32 30 34] [#"../result.rs" 30 32 30 34] (-1 : int32)))) | False -> goto BB58 | True -> goto BB57 end @@ -1102,7 +1122,7 @@ module Result_TestResult goto BB59 } BB59 { - switch ([#"../result.rs" 33 4 33 29] not ([#"../result.rs" 33 12 33 28] _104 = ([#"../result.rs" 33 27 33 28] [#"../result.rs" 33 27 33 28] (1 : int32)))) + switch ([#"../result.rs" 33 4 33 29] not ([#"../result.rs" 33 12 33 28] Int32.eq _104 ([#"../result.rs" 33 27 33 28] [#"../result.rs" 33 27 33 28] (1 : int32)))) | False -> goto BB61 | True -> goto BB60 end @@ -1115,7 +1135,7 @@ module Result_TestResult goto BB62 } BB62 { - switch ([#"../result.rs" 37 4 37 35] not ([#"../result.rs" 37 12 37 34] _110 = ([#"../result.rs" 37 32 37 34] [#"../result.rs" 37 32 37 34] (-1 : int32)))) + switch ([#"../result.rs" 37 4 37 35] not ([#"../result.rs" 37 12 37 34] Int32.eq _110 ([#"../result.rs" 37 32 37 34] [#"../result.rs" 37 32 37 34] (-1 : int32)))) | False -> goto BB64 | True -> goto BB63 end @@ -1128,7 +1148,7 @@ module Result_TestResult goto BB65 } BB65 { - switch ([#"../result.rs" 40 4 40 33] not ([#"../result.rs" 40 12 40 32] _116 = ([#"../result.rs" 40 31 40 32] [#"../result.rs" 40 31 40 32] (1 : int32)))) + switch ([#"../result.rs" 40 4 40 33] not ([#"../result.rs" 40 12 40 32] Int32.eq _116 ([#"../result.rs" 40 31 40 32] [#"../result.rs" 40 31 40 32] (1 : int32)))) | False -> goto BB67 | True -> goto BB66 end @@ -1141,7 +1161,7 @@ module Result_TestResult goto BB68 } BB68 { - switch ([#"../result.rs" 41 4 41 34] not ([#"../result.rs" 41 12 41 33] _122 = ([#"../result.rs" 41 32 41 33] [#"../result.rs" 41 32 41 33] (0 : int32)))) + switch ([#"../result.rs" 41 4 41 34] not ([#"../result.rs" 41 12 41 33] Int32.eq _122 ([#"../result.rs" 41 32 41 33] [#"../result.rs" 41 32 41 33] (0 : int32)))) | False -> goto BB70 | True -> goto BB69 end @@ -1154,7 +1174,7 @@ module Result_TestResult goto BB71 } BB71 { - switch ([#"../result.rs" 43 4 43 40] not ([#"../result.rs" 43 12 43 39] _128 = ([#"../result.rs" 43 38 43 39] [#"../result.rs" 43 38 43 39] (1 : int32)))) + switch ([#"../result.rs" 43 4 43 40] not ([#"../result.rs" 43 12 43 39] Int32.eq _128 ([#"../result.rs" 43 38 43 39] [#"../result.rs" 43 38 43 39] (1 : int32)))) | False -> goto BB73 | True -> goto BB72 end @@ -1167,7 +1187,7 @@ module Result_TestResult goto BB74 } BB74 { - switch ([#"../result.rs" 44 4 44 41] not ([#"../result.rs" 44 12 44 40] _134 = ([#"../result.rs" 44 39 44 40] [#"../result.rs" 44 39 44 40] (0 : int32)))) + switch ([#"../result.rs" 44 4 44 41] not ([#"../result.rs" 44 12 44 40] Int32.eq _134 ([#"../result.rs" 44 39 44 40] [#"../result.rs" 44 39 44 40] (0 : int32)))) | False -> goto BB76 | True -> goto BB75 end @@ -1185,7 +1205,7 @@ module Result_TestResult goto BB78 } BB78 { - switch ([#"../result.rs" 47 4 47 54] not ([#"../result.rs" 47 12 47 53] _140 = ([#"../result.rs" 47 51 47 53] [#"../result.rs" 47 51 47 53] (-2 : int32)))) + switch ([#"../result.rs" 47 4 47 54] not ([#"../result.rs" 47 12 47 53] Int32.eq _140 ([#"../result.rs" 47 51 47 53] [#"../result.rs" 47 51 47 53] (-2 : int32)))) | False -> goto BB80 | True -> goto BB79 end @@ -1203,7 +1223,7 @@ module Result_TestResult goto BB82 } BB82 { - switch ([#"../result.rs" 48 4 48 40] not ([#"../result.rs" 48 12 48 39] _148 = ([#"../result.rs" 48 38 48 39] [#"../result.rs" 48 38 48 39] (2 : int32)))) + switch ([#"../result.rs" 48 4 48 40] not ([#"../result.rs" 48 12 48 39] Int32.eq _148 ([#"../result.rs" 48 38 48 39] [#"../result.rs" 48 38 48 39] (2 : int32)))) | False -> goto BB84 | True -> goto BB83 end @@ -1221,7 +1241,7 @@ module Result_TestResult goto BB86 } BB86 { - switch ([#"../result.rs" 49 4 49 55] not ([#"../result.rs" 49 12 49 54] _156 = ([#"../result.rs" 49 52 49 54] [#"../result.rs" 49 52 49 54] (-1 : int32)))) + switch ([#"../result.rs" 49 4 49 55] not ([#"../result.rs" 49 12 49 54] Int32.eq _156 ([#"../result.rs" 49 52 49 54] [#"../result.rs" 49 52 49 54] (-1 : int32)))) | False -> goto BB88 | True -> goto BB87 end @@ -1239,7 +1259,7 @@ module Result_TestResult goto BB90 } BB90 { - switch ([#"../result.rs" 50 4 50 46] not ([#"../result.rs" 50 12 50 45] _164 = ([#"../result.rs" 50 43 50 45] [#"../result.rs" 50 43 50 45] (-1 : int32)))) + switch ([#"../result.rs" 50 4 50 46] not ([#"../result.rs" 50 12 50 45] Int32.eq _164 ([#"../result.rs" 50 43 50 45] [#"../result.rs" 50 43 50 45] (-1 : int32)))) | False -> goto BB92 | True -> goto BB91 end @@ -1257,7 +1277,7 @@ module Result_TestResult goto BB94 } BB94 { - switch ([#"../result.rs" 53 4 53 41] not ([#"../result.rs" 53 12 53 40] _172 = ([#"../result.rs" 53 39 53 40] [#"../result.rs" 53 39 53 40] (1 : int32)))) + switch ([#"../result.rs" 53 4 53 41] not ([#"../result.rs" 53 12 53 40] Int32.eq _172 ([#"../result.rs" 53 39 53 40] [#"../result.rs" 53 39 53 40] (1 : int32)))) | False -> goto BB96 | True -> goto BB95 end @@ -1275,7 +1295,7 @@ module Result_TestResult goto BB98 } BB98 { - switch ([#"../result.rs" 54 4 54 46] not ([#"../result.rs" 54 12 54 45] _180 = ([#"../result.rs" 54 44 54 45] [#"../result.rs" 54 44 54 45] (1 : int32)))) + switch ([#"../result.rs" 54 4 54 46] not ([#"../result.rs" 54 12 54 45] Int32.eq _180 ([#"../result.rs" 54 44 54 45] [#"../result.rs" 54 44 54 45] (1 : int32)))) | False -> goto BB100 | True -> goto BB99 end @@ -1293,7 +1313,7 @@ module Result_TestResult goto BB102 } BB102 { - switch ([#"../result.rs" 55 4 55 47] not ([#"../result.rs" 55 12 55 46] _188 = ([#"../result.rs" 55 44 55 46] [#"../result.rs" 55 44 55 46] (-2 : int32)))) + switch ([#"../result.rs" 55 4 55 47] not ([#"../result.rs" 55 12 55 46] Int32.eq _188 ([#"../result.rs" 55 44 55 46] [#"../result.rs" 55 44 55 46] (-2 : int32)))) | False -> goto BB104 | True -> goto BB103 end @@ -1311,7 +1331,7 @@ module Result_TestResult goto BB106 } BB106 { - switch ([#"../result.rs" 56 4 56 47] not ([#"../result.rs" 56 12 56 46] _196 = ([#"../result.rs" 56 45 56 46] [#"../result.rs" 56 45 56 46] (2 : int32)))) + switch ([#"../result.rs" 56 4 56 47] not ([#"../result.rs" 56 12 56 46] Int32.eq _196 ([#"../result.rs" 56 45 56 46] [#"../result.rs" 56 45 56 46] (2 : int32)))) | False -> goto BB108 | True -> goto BB107 end @@ -1334,7 +1354,7 @@ module Result_TestResult goto BB111 } BB111 { - switch ([#"../result.rs" 59 4 59 47] not ([#"../result.rs" 59 12 59 46] _204 = ([#"../result.rs" 59 45 59 46] [#"../result.rs" 59 45 59 46] (1 : int32)))) + switch ([#"../result.rs" 59 4 59 47] not ([#"../result.rs" 59 12 59 46] Int32.eq _204 ([#"../result.rs" 59 45 59 46] [#"../result.rs" 59 45 59 46] (1 : int32)))) | False -> goto BB113 | True -> goto BB112 end @@ -1357,7 +1377,7 @@ module Result_TestResult goto BB116 } BB116 { - switch ([#"../result.rs" 60 4 60 54] not ([#"../result.rs" 60 12 60 53] _213 = ([#"../result.rs" 60 51 60 53] [#"../result.rs" 60 51 60 53] (-1 : int32)))) + switch ([#"../result.rs" 60 4 60 54] not ([#"../result.rs" 60 12 60 53] Int32.eq _213 ([#"../result.rs" 60 51 60 53] [#"../result.rs" 60 51 60 53] (-1 : int32)))) | False -> goto BB118 | True -> goto BB117 end @@ -1383,7 +1403,7 @@ module Result_TestResult goto BB121 } BB121 { - switch ([#"../result.rs" 61 4 61 47] not ([#"../result.rs" 61 12 61 46] _221 = ([#"../result.rs" 61 45 61 46] [#"../result.rs" 61 45 61 46] (1 : int32)))) + switch ([#"../result.rs" 61 4 61 47] not ([#"../result.rs" 61 12 61 46] Int32.eq _221 ([#"../result.rs" 61 45 61 46] [#"../result.rs" 61 45 61 46] (1 : int32)))) | False -> goto BB123 | True -> goto BB122 end @@ -1410,7 +1430,7 @@ module Result_TestResult } BB126 { assume { Resolve0.resolve _230 }; - switch ([#"../result.rs" 62 4 62 54] not ([#"../result.rs" 62 12 62 53] * _230 = ([#"../result.rs" 62 51 62 53] [#"../result.rs" 62 51 62 53] (-1 : int32)))) + switch ([#"../result.rs" 62 4 62 54] not ([#"../result.rs" 62 12 62 53] Int32.eq ( * _230) ([#"../result.rs" 62 51 62 53] [#"../result.rs" 62 51 62 53] (-1 : int32)))) | False -> goto BB128 | True -> goto BB127 end @@ -1433,7 +1453,7 @@ module Result_TestResult goto BB131 } BB131 { - switch ([#"../result.rs" 64 4 64 47] not ([#"../result.rs" 64 12 64 46] _238 = ([#"../result.rs" 64 45 64 46] [#"../result.rs" 64 45 64 46] (1 : int32)))) + switch ([#"../result.rs" 64 4 64 47] not ([#"../result.rs" 64 12 64 46] Int32.eq _238 ([#"../result.rs" 64 45 64 46] [#"../result.rs" 64 45 64 46] (1 : int32)))) | False -> goto BB133 | True -> goto BB132 end @@ -1456,7 +1476,7 @@ module Result_TestResult goto BB136 } BB136 { - switch ([#"../result.rs" 65 4 65 54] not ([#"../result.rs" 65 12 65 53] _247 = ([#"../result.rs" 65 51 65 53] [#"../result.rs" 65 51 65 53] (-1 : int32)))) + switch ([#"../result.rs" 65 4 65 54] not ([#"../result.rs" 65 12 65 53] Int32.eq _247 ([#"../result.rs" 65 51 65 53] [#"../result.rs" 65 51 65 53] (-1 : int32)))) | False -> goto BB138 | True -> goto BB137 end @@ -1482,7 +1502,7 @@ module Result_TestResult goto BB141 } BB141 { - switch ([#"../result.rs" 66 4 66 47] not ([#"../result.rs" 66 12 66 46] _255 = ([#"../result.rs" 66 45 66 46] [#"../result.rs" 66 45 66 46] (1 : int32)))) + switch ([#"../result.rs" 66 4 66 47] not ([#"../result.rs" 66 12 66 46] Int32.eq _255 ([#"../result.rs" 66 45 66 46] [#"../result.rs" 66 45 66 46] (1 : int32)))) | False -> goto BB143 | True -> goto BB142 end @@ -1509,7 +1529,7 @@ module Result_TestResult } BB146 { assume { Resolve0.resolve _264 }; - switch ([#"../result.rs" 67 4 67 54] not ([#"../result.rs" 67 12 67 53] * _264 = ([#"../result.rs" 67 51 67 53] [#"../result.rs" 67 51 67 53] (-1 : int32)))) + switch ([#"../result.rs" 67 4 67 54] not ([#"../result.rs" 67 12 67 53] Int32.eq ( * _264) ([#"../result.rs" 67 51 67 53] [#"../result.rs" 67 51 67 53] (-1 : int32)))) | False -> goto BB148 | True -> goto BB147 end @@ -1551,7 +1571,7 @@ module Result_TestResult goto BB155 } BB155 { - switch ([#"../result.rs" 73 4 73 51] not ([#"../result.rs" 73 12 73 50] _283 = ([#"../result.rs" 73 49 73 50] [#"../result.rs" 73 49 73 50] (1 : int32)))) + switch ([#"../result.rs" 73 4 73 51] not ([#"../result.rs" 73 12 73 50] Int32.eq _283 ([#"../result.rs" 73 49 73 50] [#"../result.rs" 73 49 73 50] (1 : int32)))) | False -> goto BB157 | True -> goto BB156 end @@ -1575,7 +1595,7 @@ module Result_TestResult goto BB160 } BB160 { - switch ([#"../result.rs" 75 4 75 56] not ([#"../result.rs" 75 12 75 55] _292 = ([#"../result.rs" 75 53 75 55] [#"../result.rs" 75 53 75 55] (-1 : int32)))) + switch ([#"../result.rs" 75 4 75 56] not ([#"../result.rs" 75 12 75 55] Int32.eq _292 ([#"../result.rs" 75 53 75 55] [#"../result.rs" 75 53 75 55] (-1 : int32)))) | False -> goto BB162 | True -> goto BB161 end diff --git a/creusot/tests/should_succeed/rusthorn/inc_max.mlcfg b/creusot/tests/should_succeed/rusthorn/inc_max.mlcfg index 6527ce7147..e6542eea3d 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max.mlcfg +++ b/creusot/tests/should_succeed/rusthorn/inc_max.mlcfg @@ -15,6 +15,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -25,8 +26,9 @@ module IncMax_TakeMax_Interface use prelude.Borrow use prelude.Int use prelude.UInt32 + use prelude.Bool val take_max [#"../inc_max.rs" 6 0 6 64] (ma : borrowed uint32) (mb : borrowed uint32) : borrowed uint32 - ensures { [#"../inc_max.rs" 4 0 5 56] if * ma >= * mb then + ensures { [#"../inc_max.rs" 4 0 5 56] if Int.ge ( * ma) ( * mb) then * mb = ^ mb /\ result = ma else * ma = ^ ma /\ result = mb @@ -37,10 +39,11 @@ module IncMax_TakeMax use prelude.Int use prelude.UInt32 use prelude.Borrow + use prelude.Bool clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with type t = uint32 let rec cfg take_max [#"../inc_max.rs" 6 0 6 64] [@cfg:stackify] [@cfg:subregion_analysis] (ma : borrowed uint32) (mb : borrowed uint32) : borrowed uint32 - ensures { [#"../inc_max.rs" 4 0 5 56] if * ma >= * mb then + ensures { [#"../inc_max.rs" 4 0 5 56] if Int.ge ( * ma) ( * mb) then * mb = ^ mb /\ result = ma else * ma = ^ ma /\ result = mb @@ -57,7 +60,7 @@ module IncMax_TakeMax goto BB0 } BB0 { - switch ([#"../inc_max.rs" 7 7 7 17] * ma >= * mb) + switch ([#"../inc_max.rs" 7 7 7 17] UInt32.ge ( * ma) ( * mb)) | False -> goto BB2 | True -> goto BB1 end @@ -93,19 +96,21 @@ end module IncMax_IncMax_Interface use prelude.Int use prelude.UInt32 + use prelude.Bool val inc_max [#"../inc_max.rs" 15 0 15 38] (a : uint32) (b : uint32) : () - requires {[#"../inc_max.rs" 14 11 14 49] a <= (1000000 : uint32) /\ b <= (1000000 : uint32)} + requires {[#"../inc_max.rs" 14 11 14 49] Int.le a (1000000 : uint32) /\ Int.le b (1000000 : uint32)} end module IncMax_IncMax use prelude.Borrow use prelude.Int use prelude.UInt32 + use prelude.Bool clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with type t = uint32 clone IncMax_TakeMax_Interface as TakeMax0 let rec cfg inc_max [#"../inc_max.rs" 15 0 15 38] [@cfg:stackify] [@cfg:subregion_analysis] (a : uint32) (b : uint32) : () - requires {[#"../inc_max.rs" 14 11 14 49] a <= (1000000 : uint32) /\ b <= (1000000 : uint32)} + requires {[#"../inc_max.rs" 14 11 14 49] Int.le a (1000000 : uint32) /\ Int.le b (1000000 : uint32)} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -136,9 +141,9 @@ module IncMax_IncMax BB1 { assume { Resolve0.resolve _8 }; assume { Resolve0.resolve _6 }; - mc <- { mc with current = ([#"../inc_max.rs" 17 4 17 12] * mc + ([#"../inc_max.rs" 17 11 17 12] [#"../inc_max.rs" 17 11 17 12] (1 : uint32))) }; + mc <- { mc with current = ([#"../inc_max.rs" 17 4 17 12] UInt32.add ( * mc) ([#"../inc_max.rs" 17 11 17 12] [#"../inc_max.rs" 17 11 17 12] (1 : uint32))) }; assume { Resolve0.resolve mc }; - switch ([#"../inc_max.rs" 18 4 18 19] not ([#"../inc_max.rs" 18 12 18 18] a <> b)) + switch ([#"../inc_max.rs" 18 4 18 19] not ([#"../inc_max.rs" 18 12 18 18] UInt32.ne a b)) | False -> goto BB3 | True -> goto BB2 end diff --git a/creusot/tests/should_succeed/rusthorn/inc_max/why3session.xml b/creusot/tests/should_succeed/rusthorn/inc_max/why3session.xml index c441b1b2be..99f2f4eab6 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max/why3session.xml +++ b/creusot/tests/should_succeed/rusthorn/inc_max/why3session.xml @@ -7,12 +7,12 @@ - + - + diff --git a/creusot/tests/should_succeed/rusthorn/inc_max/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_max/why3shapes.gz index ad070c81fca65a66e0d0188219312fc496dd0c0f..83528b755106a4638f08cdd7bb89d3d15cc84752 100644 GIT binary patch literal 502 zcmVhI?Vr!xmqO>X0;X3C6&cdsDw9P-L@;wnKG>K zI9V6L`JRi(9S`!4qN-htt7Ba4wt(^#30|x4iGnha?IO$7!DiV2ejiWt5hZ@x&iZeF zFHZ2}A_?!kr^x|15W08a+y+&ZnCtW~jOjBz*ta?{8THJ(#l<^v@eC_(LzV35 zLfK<)JvJMCUcc#_Efsc)zE++5ohN;_vEd=?oE zxvHJwfwJVG)5?px-D7x+2`W_D697&=z6$Un|yfH}GGv zi+98xFiBp)5{AcH(mz>8yJ%Dc%>T;O1$(_X%cJWXua2ZqQnnV`9P~ltLU5@S&k8Pb srUVC_!VOC-lTb)5G6_wC2PSmZD$5ZIg-T{R6*oNj2OgbTQ-uTo0Lp0h9{>OV literal 452 zcmV;#0XzO5iwFP!00000|AkY@ZsRZvz56SC>oju_wc5pGfS^dw0E0Q|*n+lY)M#rD z>~5bw)KbTBX9*ygBK0Wp@#V`VpYHLOoAOsTPTkO7(3+*pRUw7i2w z2ap5s`xali{#oz~+QYT8BOGyb)A0D}EI*mzWCA{CXWGD^QiFJFN`BvdF7=pDXKDDD|v)bW4*4~NWN=j|}&&-mc(p71^U z87pDO({}-)niq%Vc%TULDVF70Fdr>OmX}zAU(e3EhQkiK{;nEc`eynZ{oyNCXM&g? z7vXV5%*6=;mChqAI?Oz{^i0&P-`4Et6+1jA1lBSjWNfO8aZUC=PXlt~62# uAx*_<)8uf&vbHr^o3auW ^ mb /\ ^ mb <> ^ mc /\ ^ mc <> ^ ma } end @@ -42,13 +45,14 @@ module IncMax3_IncMax3 use prelude.Int use prelude.UInt32 use prelude.Borrow + use prelude.Bool clone CreusotContracts_Resolve_Impl1_Resolve as Resolve1 with type t = uint32 clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with type t = borrowed uint32 clone IncMax3_Swap_Interface as Swap0 let rec cfg inc_max_3 [#"../inc_max_3.rs" 12 0 12 79] [@cfg:stackify] [@cfg:subregion_analysis] (ma : borrowed uint32) (mb : borrowed uint32) (mc : borrowed uint32) : () - requires {[#"../inc_max_3.rs" 10 11 10 76] * ma <= (1000000 : uint32) /\ * mb <= (1000000 : uint32) /\ * mc <= (1000000 : uint32)} + requires {[#"../inc_max_3.rs" 10 11 10 76] Int.le ( * ma) (1000000 : uint32) /\ Int.le ( * mb) (1000000 : uint32) /\ Int.le ( * mc) (1000000 : uint32)} ensures { [#"../inc_max_3.rs" 11 10 11 48] ^ ma <> ^ mb /\ ^ mb <> ^ mc /\ ^ mc <> ^ ma } = [@vc:do_not_keep_trace] [@vc:sp] @@ -78,7 +82,7 @@ module IncMax3_IncMax3 goto BB0 } BB0 { - switch ([#"../inc_max_3.rs" 13 7 13 16] * ma < * mb) + switch ([#"../inc_max_3.rs" 13 7 13 16] UInt32.lt ( * ma) ( * mb)) | False -> goto BB3 | True -> goto BB1 end @@ -108,7 +112,7 @@ module IncMax3_IncMax3 goto BB4 } BB4 { - switch ([#"../inc_max_3.rs" 16 7 16 16] * mb < * mc) + switch ([#"../inc_max_3.rs" 16 7 16 16] UInt32.lt ( * mb) ( * mc)) | False -> goto BB7 | True -> goto BB5 end @@ -140,7 +144,7 @@ module IncMax3_IncMax3 goto BB8 } BB8 { - switch ([#"../inc_max_3.rs" 19 7 19 16] * ma < * mb) + switch ([#"../inc_max_3.rs" 19 7 19 16] UInt32.lt ( * ma) ( * mb)) | False -> goto BB11 | True -> goto BB9 end @@ -170,9 +174,9 @@ module IncMax3_IncMax3 goto BB12 } BB12 { - ma <- { ma with current = ([#"../inc_max_3.rs" 22 4 22 12] * ma + ([#"../inc_max_3.rs" 22 11 22 12] [#"../inc_max_3.rs" 22 11 22 12] (2 : uint32))) }; + ma <- { ma with current = ([#"../inc_max_3.rs" 22 4 22 12] UInt32.add ( * ma) ([#"../inc_max_3.rs" 22 11 22 12] [#"../inc_max_3.rs" 22 11 22 12] (2 : uint32))) }; assume { Resolve1.resolve ma }; - mb <- { mb with current = ([#"../inc_max_3.rs" 23 4 23 12] * mb + ([#"../inc_max_3.rs" 23 11 23 12] [#"../inc_max_3.rs" 23 11 23 12] (1 : uint32))) }; + mb <- { mb with current = ([#"../inc_max_3.rs" 23 4 23 12] UInt32.add ( * mb) ([#"../inc_max_3.rs" 23 11 23 12] [#"../inc_max_3.rs" 23 11 23 12] (1 : uint32))) }; assume { Resolve1.resolve mb }; _0 <- ([#"../inc_max_3.rs" 12 80 24 1] ()); return _0 @@ -182,19 +186,21 @@ end module IncMax3_TestIncMax3_Interface use prelude.Int use prelude.UInt32 + use prelude.Bool val test_inc_max_3 [#"../inc_max_3.rs" 27 0 27 57] (a : uint32) (b : uint32) (c : uint32) : () - requires {[#"../inc_max_3.rs" 26 11 26 70] a <= (1000000 : uint32) /\ b <= (1000000 : uint32) /\ c <= (1000000 : uint32)} + requires {[#"../inc_max_3.rs" 26 11 26 70] Int.le a (1000000 : uint32) /\ Int.le b (1000000 : uint32) /\ Int.le c (1000000 : uint32)} end module IncMax3_TestIncMax3 use prelude.Borrow use prelude.Int use prelude.UInt32 + use prelude.Bool clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with type t = uint32 clone IncMax3_IncMax3_Interface as IncMax30 let rec cfg test_inc_max_3 [#"../inc_max_3.rs" 27 0 27 57] [@cfg:stackify] [@cfg:subregion_analysis] (a : uint32) (b : uint32) (c : uint32) : () - requires {[#"../inc_max_3.rs" 26 11 26 70] a <= (1000000 : uint32) /\ b <= (1000000 : uint32) /\ c <= (1000000 : uint32)} + requires {[#"../inc_max_3.rs" 26 11 26 70] Int.le a (1000000 : uint32) /\ Int.le b (1000000 : uint32) /\ Int.le c (1000000 : uint32)} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -236,7 +242,7 @@ module IncMax3_TestIncMax3 assume { Resolve0.resolve _11 }; assume { Resolve0.resolve _9 }; assume { Resolve0.resolve _7 }; - switch ([#"../inc_max_3.rs" 29 12 29 18] a <> b) + switch ([#"../inc_max_3.rs" 29 12 29 18] UInt32.ne a b) | False -> goto BB5 | True -> goto BB6 end @@ -246,7 +252,7 @@ module IncMax3_TestIncMax3 goto BB4 } BB3 { - _14 <- ([#"../inc_max_3.rs" 29 32 29 38] c <> a); + _14 <- ([#"../inc_max_3.rs" 29 32 29 38] UInt32.ne c a); goto BB4 } BB4 { @@ -260,7 +266,7 @@ module IncMax3_TestIncMax3 goto BB7 } BB6 { - _15 <- ([#"../inc_max_3.rs" 29 22 29 28] b <> c); + _15 <- ([#"../inc_max_3.rs" 29 22 29 28] UInt32.ne b c); goto BB7 } BB7 { diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_3/why3session.xml b/creusot/tests/should_succeed/rusthorn/inc_max_3/why3session.xml index 7fd8fe4c4e..1de44a0646 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_3/why3session.xml +++ b/creusot/tests/should_succeed/rusthorn/inc_max_3/why3session.xml @@ -2,17 +2,17 @@ - + - + - + diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_3/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_max_3/why3shapes.gz index 22db00c800bf70adf2fe476305cc05493e23535e..4faa37212d755d5e7a017c9f174d71d6b273ae55 100644 GIT binary patch literal 841 zcmV-P1GfAhiwFP!00000|9w?WZyPxbz57@A)~@#=lKPlgGzX(_&;UVC3mqHCGh?i= zuD!97?*9BGMaiC-qzw>(q@GCWnSAqcwY>b5{uwUIAH(^wKOO&A`sM1k#n*I~zD4AJ zvsN3#FSZf?;pHKnhs){kV~AiL(jBj9dpe&_{|^0!?|;WO?e@oXi1wa0)9e2DLimAK z-uQj&HXS^s)c0bn)BgChJ-r_L%R8V|w6~f;N`^^AUnPo(VnnD2;EU-wGfNDWe+U@>ZG@&AgGLsOlVC$egb2POJim04{ye|(ugh=xG^PgZ z#G_|9>@xT<9b}(_LLTHFjj0n3f$#0FRB>}nc#ITAG?E=T)+mi6G!hj@xS=*vGk-eO zr<2zwwvp=7NuFNgLBPfKkzB>NsHBpeXQrAN6hM)%oZ}!ewUvW z@H$yCKkt=*Ne!24fQ#<=b|hDkSfO9X(Y~8*+TWUvds@@kTRNL((faps-<+6}z z+-6x(ThydtFoFhQp4rrH2nt|PY0D|hUmA_Go_xF7ft8|Sd^BuMn2JB6H$vU0lJGKI zUY>5curR%a9W{f&erL9Q(+nLA{VsKG*K7v^OZZ|ITMRqvJKwk4?GS9&4a~u=#ngB} T+_p>lf{XtFLiM_|jR*h$MRcAi literal 765 zcmVg)|OtzW6xu&IzO}#i%W!|w5=3!vulmY;FC+wXV3x`%g9KSCSVn{9jyG-GFc-fWMk-|>?jAN#6b z!E6#Y+r@JCynQ&la(<5EK<8dgTDgl(wsgW_Cwp1Utn~Fx?37M8-*9~jpeOvs08l$a z05>@+S^@+V;4H9N0n3U8N!7Z4#vGWB3GFlma1AArq$nwp?Id+tk)RFWO9Xg6Qu2cv z6oz_#pd4TWn3`tfk?kn4lp^?kSR>?)(|FUvLaZ>*^+a$19WeR3)LT|ful4(U-!@5 z{4R;J_;~2bll4vVopck@oEcf%i;XmWg;G+m2{Ah;!82;gteQa)pv#h+d`hD-;_@D( z(PfSE7z6ZV*BkFjcv?mcPE=@{p?#Rm*>WA}ATx;Dakp7u0mh+lLLf&YE~wnY|rGAWg(vu!{h_W_y+k<4iNIG zS&4j#U525`!Z)iJ9(e(Vm%#d*<359qYA?Q*42FV{>aom+Rt vSn{oDV;38^S0k@F>O6WffYvQ3wq#eZ_GTS%)j8APy&nAmdZxiIUI+jH!1sB^ diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_many.mlcfg b/creusot/tests/should_succeed/rusthorn/inc_max_many.mlcfg index d2e947402f..5e632b8d46 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_many.mlcfg +++ b/creusot/tests/should_succeed/rusthorn/inc_max_many.mlcfg @@ -15,6 +15,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -25,8 +26,9 @@ module IncMaxMany_TakeMax_Interface use prelude.Borrow use prelude.Int use prelude.UInt32 + use prelude.Bool val take_max [#"../inc_max_many.rs" 6 0 6 64] (ma : borrowed uint32) (mb : borrowed uint32) : borrowed uint32 - ensures { [#"../inc_max_many.rs" 4 0 5 56] if * ma >= * mb then + ensures { [#"../inc_max_many.rs" 4 0 5 56] if Int.ge ( * ma) ( * mb) then * mb = ^ mb /\ result = ma else * ma = ^ ma /\ result = mb @@ -37,10 +39,11 @@ module IncMaxMany_TakeMax use prelude.Int use prelude.UInt32 use prelude.Borrow + use prelude.Bool clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with type t = uint32 let rec cfg take_max [#"../inc_max_many.rs" 6 0 6 64] [@cfg:stackify] [@cfg:subregion_analysis] (ma : borrowed uint32) (mb : borrowed uint32) : borrowed uint32 - ensures { [#"../inc_max_many.rs" 4 0 5 56] if * ma >= * mb then + ensures { [#"../inc_max_many.rs" 4 0 5 56] if Int.ge ( * ma) ( * mb) then * mb = ^ mb /\ result = ma else * ma = ^ ma /\ result = mb @@ -57,7 +60,7 @@ module IncMaxMany_TakeMax goto BB0 } BB0 { - switch ([#"../inc_max_many.rs" 7 7 7 17] * ma >= * mb) + switch ([#"../inc_max_many.rs" 7 7 7 17] UInt32.ge ( * ma) ( * mb)) | False -> goto BB2 | True -> goto BB1 end @@ -93,19 +96,21 @@ end module IncMaxMany_IncMaxMany_Interface use prelude.Int use prelude.UInt32 + use prelude.Bool val inc_max_many [#"../inc_max_many.rs" 15 0 15 51] (a : uint32) (b : uint32) (k : uint32) : () - requires {[#"../inc_max_many.rs" 14 11 14 70] a <= (1000000 : uint32) /\ b <= (1000000 : uint32) /\ k <= (1000000 : uint32)} + requires {[#"../inc_max_many.rs" 14 11 14 70] Int.le a (1000000 : uint32) /\ Int.le b (1000000 : uint32) /\ Int.le k (1000000 : uint32)} end module IncMaxMany_IncMaxMany use prelude.Borrow use prelude.Int use prelude.UInt32 + use prelude.Bool clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with type t = uint32 clone IncMaxMany_TakeMax_Interface as TakeMax0 let rec cfg inc_max_many [#"../inc_max_many.rs" 15 0 15 51] [@cfg:stackify] [@cfg:subregion_analysis] (a : uint32) (b : uint32) (k : uint32) : () - requires {[#"../inc_max_many.rs" 14 11 14 70] a <= (1000000 : uint32) /\ b <= (1000000 : uint32) /\ k <= (1000000 : uint32)} + requires {[#"../inc_max_many.rs" 14 11 14 70] Int.le a (1000000 : uint32) /\ Int.le b (1000000 : uint32) /\ Int.le k (1000000 : uint32)} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -138,9 +143,9 @@ module IncMaxMany_IncMaxMany BB1 { assume { Resolve0.resolve _9 }; assume { Resolve0.resolve _7 }; - mc <- { mc with current = ([#"../inc_max_many.rs" 17 4 17 12] * mc + k) }; + mc <- { mc with current = ([#"../inc_max_many.rs" 17 4 17 12] UInt32.add ( * mc) k) }; assume { Resolve0.resolve mc }; - switch ([#"../inc_max_many.rs" 18 12 18 22] a >= ([#"../inc_max_many.rs" 18 17 18 22] b + k)) + switch ([#"../inc_max_many.rs" 18 12 18 22] UInt32.ge a ([#"../inc_max_many.rs" 18 17 18 22] UInt32.add b k)) | False -> goto BB3 | True -> goto BB2 end @@ -150,7 +155,7 @@ module IncMaxMany_IncMaxMany goto BB4 } BB3 { - _13 <- ([#"../inc_max_many.rs" 18 26 18 36] b >= ([#"../inc_max_many.rs" 18 31 18 36] a + k)); + _13 <- ([#"../inc_max_many.rs" 18 26 18 36] UInt32.ge b ([#"../inc_max_many.rs" 18 31 18 36] UInt32.add a k)); goto BB4 } BB4 { diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_many/why3session.xml b/creusot/tests/should_succeed/rusthorn/inc_max_many/why3session.xml index aca5fccbaf..1ef9e98e1c 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_many/why3session.xml +++ b/creusot/tests/should_succeed/rusthorn/inc_max_many/why3session.xml @@ -2,18 +2,18 @@ - - + + - + - + diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_many/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_max_many/why3shapes.gz index 5adb9b6a943480b7336aa1b4642e9f1c787254a5..c6092af5a723a450a07d050d600c84a0fa975958 100644 GIT binary patch literal 631 zcmV--0*L(|iwFP!00000|9wA?w?*8kHe9MBdFnQH|!r&c-S8f`#(*6_58>f zRoJy%c=BewiSSOo?Ar0_Wp-j=l7)`1#?O<*oEOWMEX0_Fr-`LbmXfpA9&}1o%eGov zB2{4>o{o)p5Zy~MPVB(F=hdu|Uz_||*?K8XjNqI_3>1uq`6^jS9%>W~gztwJ{?H

    9AS74&jnR6stlA|c6Gjm9tb(HUg)x@z&ej|as^EMd>`+J#Tt^PFk zI=yP<_Mw RZcDns;yIyJz{h{i-X0-NH^m&jXz9x_wsCg zNPX-FeNudX@a`-3wa}GaK_)T_9xbSU<%&fMW|x(@w203_L1sy#rOR1Sg=6j*yRF_W zkvby4X)S3mXMx!*Jg6fgjfm83K}s?s4AIJmh^-$|M=RnOUd8cm{`dPreJYRRRKDtG z^Yo&B7C!H<)7f|?px1kSnvIvFaL(WAMm!sdK;N(LJbA1aKN)JOhH_Apf@U$Slb4O#4wGi3X8pRpruVaq>CD-`DS&M}7hQpU=bs|uoODeR-$^14)+XIlTYVery1 zI4IEACB9vJD+W1n%JGctPjk^hDhOo;e4&N;*Gh?KAl!f9W!!3o6H_$4Qrm6&o$iOH zW;_qwoR)^rr0=>j>ZZ|I^JP5&+)^2$R5uVHn~8q|ue#1E)wDG~;R5rnnc cFmYtaG(Z`lZAXj|B|MPgH;A69{Z9q}0Q`^`(*OVf diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_repeat.mlcfg b/creusot/tests/should_succeed/rusthorn/inc_max_repeat.mlcfg index 7e0911b586..5d69c7e505 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_repeat.mlcfg +++ b/creusot/tests/should_succeed/rusthorn/inc_max_repeat.mlcfg @@ -15,6 +15,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -25,8 +26,9 @@ module IncMaxRepeat_TakeMax_Interface use prelude.Borrow use prelude.Int use prelude.UInt32 + use prelude.Bool val take_max [#"../inc_max_repeat.rs" 6 0 6 64] (ma : borrowed uint32) (mb : borrowed uint32) : borrowed uint32 - ensures { [#"../inc_max_repeat.rs" 4 0 5 56] if * ma >= * mb then + ensures { [#"../inc_max_repeat.rs" 4 0 5 56] if Int.ge ( * ma) ( * mb) then * mb = ^ mb /\ result = ma else * ma = ^ ma /\ result = mb @@ -37,10 +39,11 @@ module IncMaxRepeat_TakeMax use prelude.Int use prelude.UInt32 use prelude.Borrow + use prelude.Bool clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with type t = uint32 let rec cfg take_max [#"../inc_max_repeat.rs" 6 0 6 64] [@cfg:stackify] [@cfg:subregion_analysis] (ma : borrowed uint32) (mb : borrowed uint32) : borrowed uint32 - ensures { [#"../inc_max_repeat.rs" 4 0 5 56] if * ma >= * mb then + ensures { [#"../inc_max_repeat.rs" 4 0 5 56] if Int.ge ( * ma) ( * mb) then * mb = ^ mb /\ result = ma else * ma = ^ ma /\ result = mb @@ -57,7 +60,7 @@ module IncMaxRepeat_TakeMax goto BB0 } BB0 { - switch ([#"../inc_max_repeat.rs" 7 7 7 17] * ma >= * mb) + switch ([#"../inc_max_repeat.rs" 7 7 7 17] UInt32.ge ( * ma) ( * mb)) | False -> goto BB2 | True -> goto BB1 end @@ -170,6 +173,7 @@ end module CreusotContracts_Std1_Iter_Range_Impl0_Produces type idx use seq.Seq + use prelude.Bool use prelude.Int use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with @@ -179,7 +183,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Produces predicate produces (self : Core_Ops_Range_Range_Type.t_range idx) (visited : Seq.seq idx) (o : Core_Ops_Range_Range_Type.t_range idx) = - [#"../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) <= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) /\ (Seq.length visited > 0 -> DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) <= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end o)) /\ Seq.length visited = DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) - DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> DeepModel0.deep_model (Seq.get visited i) = DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) + i) + [#"../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ Int.le (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) /\ (Int.gt (Seq.length visited) 0 -> Int.le (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end o))) /\ Seq.length visited = Int.sub (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length visited) -> DeepModel0.deep_model (Seq.get visited i) = Int.add (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) i) val produces (self : Core_Ops_Range_Range_Type.t_range idx) (visited : Seq.seq idx) (o : Core_Ops_Range_Range_Type.t_range idx) : bool ensures { result = produces self visited o } @@ -372,6 +376,7 @@ module CreusotContracts_Std1_Iter_Impl0_IntoIterPost_Interface end module CreusotContracts_Std1_Iter_Impl0_IntoIterPost type i + use prelude.Bool predicate into_iter_post (self : i) (res : i) = [#"../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19] self = res val into_iter_post (self : i) (res : i) : bool @@ -530,6 +535,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Completed type idx use prelude.Borrow use prelude.Int + use prelude.Bool use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with type self = idx, @@ -538,7 +544,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Completed clone CreusotContracts_Resolve_Impl1_Resolve_Stub as Resolve0 with type t = Core_Ops_Range_Range_Type.t_range idx predicate completed (self : borrowed (Core_Ops_Range_Range_Type.t_range idx)) = - [#"../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78] Resolve0.resolve self /\ DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start ( * self)) >= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end ( * self)) + [#"../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78] Resolve0.resolve self /\ Int.ge (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start ( * self))) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end ( * self))) val completed (self : borrowed (Core_Ops_Range_Range_Type.t_range idx)) : bool ensures { result = completed self } @@ -546,8 +552,9 @@ end module IncMaxRepeat_IncMaxRepeat_Interface use prelude.Int use prelude.UInt32 + use prelude.Bool val inc_max_repeat [#"../inc_max_repeat.rs" 15 0 15 53] (a : uint32) (b : uint32) (n : uint32) : () - requires {[#"../inc_max_repeat.rs" 14 11 14 70] a <= (1000000 : uint32) /\ b <= (1000000 : uint32) /\ n <= (1000000 : uint32)} + requires {[#"../inc_max_repeat.rs" 14 11 14 70] Int.le a (1000000 : uint32) /\ Int.le b (1000000 : uint32) /\ Int.le n (1000000 : uint32)} end module IncMaxRepeat_IncMaxRepeat @@ -555,6 +562,7 @@ module IncMaxRepeat_IncMaxRepeat use prelude.UInt32 use prelude.Ghost use seq.Seq + use prelude.Bool use prelude.Borrow use seq.Seq clone CreusotContracts_Invariant_Inv_Interface as Inv3 with @@ -624,7 +632,7 @@ module IncMaxRepeat_IncMaxRepeat predicate Inv0.inv = Inv0.inv, predicate IntoIterPost0.into_iter_post = IntoIterPost0.into_iter_post let rec cfg inc_max_repeat [#"../inc_max_repeat.rs" 15 0 15 53] [@cfg:stackify] [@cfg:subregion_analysis] (a : uint32) (b : uint32) (n : uint32) : () - requires {[#"../inc_max_repeat.rs" 14 11 14 70] a <= (1000000 : uint32) /\ b <= (1000000 : uint32) /\ n <= (1000000 : uint32)} + requires {[#"../inc_max_repeat.rs" 14 11 14 70] Int.le a (1000000 : uint32) /\ Int.le b (1000000 : uint32) /\ Int.le n (1000000 : uint32)} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -666,8 +674,8 @@ module IncMaxRepeat_IncMaxRepeat BB4 { invariant { [#"../inc_max_repeat.rs" 16 4 16 86] Inv0.inv iter }; invariant { [#"../inc_max_repeat.rs" 16 4 16 86] Produces0.produces (Ghost.inner iter_old) (Ghost.inner produced) iter }; - invariant { [#"../inc_max_repeat.rs" 16 16 16 84] UInt32.to_int a <= 1000000 + Seq.length (Ghost.inner produced) /\ UInt32.to_int b <= 1000000 + Seq.length (Ghost.inner produced) }; - invariant { [#"../inc_max_repeat.rs" 17 16 17 70] UInt32.to_int a >= UInt32.to_int b + Seq.length (Ghost.inner produced) \/ UInt32.to_int b >= UInt32.to_int a + Seq.length (Ghost.inner produced) }; + invariant { [#"../inc_max_repeat.rs" 16 16 16 84] Int.le (UInt32.to_int a) (Int.add 1000000 (Seq.length (Ghost.inner produced))) /\ Int.le (UInt32.to_int b) (Int.add 1000000 (Seq.length (Ghost.inner produced))) }; + invariant { [#"../inc_max_repeat.rs" 17 16 17 70] Int.ge (UInt32.to_int a) (Int.add (UInt32.to_int b) (Seq.length (Ghost.inner produced))) \/ Int.ge (UInt32.to_int b) (Int.add (UInt32.to_int a) (Seq.length (Ghost.inner produced))) }; goto BB5 } BB5 { @@ -687,7 +695,7 @@ module IncMaxRepeat_IncMaxRepeat end } BB7 { - switch ([#"../inc_max_repeat.rs" 22 12 22 22] a >= ([#"../inc_max_repeat.rs" 22 17 22 22] b + n)) + switch ([#"../inc_max_repeat.rs" 22 12 22 22] UInt32.ge a ([#"../inc_max_repeat.rs" 22 17 22 22] UInt32.add b n)) | False -> goto BB14 | True -> goto BB13 end @@ -722,7 +730,7 @@ module IncMaxRepeat_IncMaxRepeat BB12 { assume { Resolve1.resolve _29 }; assume { Resolve1.resolve _27 }; - mc <- { mc with current = ([#"../inc_max_repeat.rs" 20 8 20 16] * mc + ([#"../inc_max_repeat.rs" 20 15 20 16] [#"../inc_max_repeat.rs" 20 15 20 16] (1 : uint32))) }; + mc <- { mc with current = ([#"../inc_max_repeat.rs" 20 8 20 16] UInt32.add ( * mc) ([#"../inc_max_repeat.rs" 20 15 20 16] [#"../inc_max_repeat.rs" 20 15 20 16] (1 : uint32))) }; assume { Resolve1.resolve mc }; goto BB4 } @@ -731,7 +739,7 @@ module IncMaxRepeat_IncMaxRepeat goto BB15 } BB14 { - _33 <- ([#"../inc_max_repeat.rs" 22 26 22 36] b >= ([#"../inc_max_repeat.rs" 22 31 22 36] a + n)); + _33 <- ([#"../inc_max_repeat.rs" 22 26 22 36] UInt32.ge b ([#"../inc_max_repeat.rs" 22 31 22 36] UInt32.add a n)); goto BB15 } BB15 { diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3session.xml b/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3session.xml index a4ec1bf37a..bcb1e394c7 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3session.xml +++ b/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3session.xml @@ -2,18 +2,18 @@ - + - + - + diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3shapes.gz index 87ffb1a69aaa09c4c5ad5a06967e9725855d4c86..1dbbcbaf483fcb466ec91afbe6050680966f8b2a 100644 GIT binary patch literal 761 zcmVe&?^?ty}xzUl=nflTeh1NYy57lOGpd!KA1O zq(Iv3zu(!IB+za{0^6VOKJL!n`NM74J;Kp+;frazs;NJPGQ9m5RIt#ArYS7oRulM% zuLZ~ePy{IK44kUE=j;Z*&TO)z8)!|}>|cy#mnpwYDY?w!4f0b04^7)Puco*;JmEhQ zD61OwTCO+l_sWh)t?(VNc;+F!hj6=6N8TgC7qKOR%w?hZ%u{$zo3j?03ZJU5pH+H} zl)xJHov{qo_MD8eepLO9Rjxd5?0IAR8BjKJqGJ{=P%1TzR^H3zL9U{q@S{E9z*G3V zxT?RVY_g)ymWey-dptRc28iBUI{TsPb)c7F*|cE~PiA|7UqSy2RsEvL+RxBuoHEVU z0UX<=IOV3pTHf7ZZqgnj?s7kB>6g*46n=>sIJ-uJ*M$msqHAsi=5XwPYvrBQ7z5V{ z+MTo7ESGMf`P*6~*DKC!E%>DtxR0PM@Wcx4CLC&7-FtwdK-3m`6oijtI1*0ZgfXGu z#Dzhx!cYj#!yvOTl6S*MY#7V!m!>u)j^CSudDSer=!C^iXo+SD)#DD6sdNc>b2#oz zZwk$%CpecLWr1K<)jPCkYRv^|)0tU*Jy0R(ya(ARU&aRmso5xCW(7Rrj?d4zW^A-U zbyNw!dv+^$XF2es~5WQ))$ENG?48B3VGdXd6ELQ6j zC`-O-4b1Oiy#PYrZSCY-6H6FG8OjLN&gz= z%x9G2)xpZ?!Ab_>rB&6ry|cEhIpT2zK`w1pSC0Cp?5la>&j4L8Jqj5+x5(trV rQ*vp5(HzQ>lt~;V1<(gV4G}U-GL^-d%%V(WJY&Hh;WEINE(ZVr3x0mC literal 711 zcmV;&0yzC2iwFP!00000|AkadZ<|06z4I%$rHwD_Cs5UuEXxRAQmL)>SZfSRf?|UU zIBEZVXJO69s!5T6nc>aboq4l-xcA#9xaih@(M?;{)hA#2_aD6y)+$zH18cZf0sO?< z1cD(zFhJnT8m?v4F?xs39=34F9va=&rx&g0WU|R5!DNSf!zt+b$)k##x-In z$_h?OCi{N*$h?s{!h48?PKLA@y#Feduo(hxjG3}%Uxi{$CbyZUX2lh;wG(0gp6%oR{ZA54ZT+Hd{0^S= z;S9gM?iZBRiwY8J5ky&&Dw=q3Y3lr%=@#3wTH&UpQ3k&<`&QDrVsN>2QPwe43|SKu z@`yQi1p0jG{;0?%N4GsN6(i0R4nLZ!-fzp^DItMVtNYlpYDMC?$9mBg0az{I(ZZv< zX)%|0fnBH1!qQr{(2V|y@wlnHH3&9zhMoV zVZ!=iQ1uWh{W=Wd5RfK-=Xmf0p3|L8F((%n#~pOKIb7)gW>QQF_YHg4Ss#jKr zV|}gib~zf%nYsOgGipnK2=>cS6V9kHXVj9-n=3oW+el3UNihi|9D#(KODSfeW0r%Q zOJq3zEzuGu-je+G*D9;b{Im{@zG&z?kHwN7vm!ilK?EgP4mu7wXN-r(APaM!q=6?H thd2`~j0mAe!ev$j1rbF-HPw&{KTe}GOl2xkp0bpBe*xF93ey4y0037!PqY94 diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_list.mlcfg b/creusot/tests/should_succeed/rusthorn/inc_some_2_list.mlcfg index 4ae040577b..e5a952c5ce 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_2_list.mlcfg +++ b/creusot/tests/should_succeed/rusthorn/inc_some_2_list.mlcfg @@ -39,7 +39,7 @@ module IncSome2List_Impl0_Sum use IncSome2List_List_Type as IncSome2List_List_Type function sum [#"../inc_some_2_list.rs" 21 4 21 23] (self : IncSome2List_List_Type.t_list) : int = [#"../inc_some_2_list.rs" 23 12 26 13] match (self) with - | IncSome2List_List_Type.C_Cons a l -> UInt32.to_int a + sum l + | IncSome2List_List_Type.C_Cons a l -> Int.add (UInt32.to_int a) (sum l) | IncSome2List_List_Type.C_Nil -> 0 end val sum [#"../inc_some_2_list.rs" 21 4 21 23] (self : IncSome2List_List_Type.t_list) : int @@ -60,10 +60,10 @@ module IncSome2List_Impl0_LemmaSumNonneg_Interface clone IncSome2List_Impl0_Sum_Stub as Sum0 function lemma_sum_nonneg [#"../inc_some_2_list.rs" 34 4 34 30] (self : IncSome2List_List_Type.t_list) : () val lemma_sum_nonneg [#"../inc_some_2_list.rs" 34 4 34 30] (self : IncSome2List_List_Type.t_list) : () - ensures { [#"../inc_some_2_list.rs" 33 14 33 29] Sum0.sum self >= 0 } + ensures { [#"../inc_some_2_list.rs" 33 14 33 29] Int.ge (Sum0.sum self) 0 } ensures { result = lemma_sum_nonneg self } - axiom lemma_sum_nonneg_spec : forall self : IncSome2List_List_Type.t_list . [#"../inc_some_2_list.rs" 33 14 33 29] Sum0.sum self >= 0 + axiom lemma_sum_nonneg_spec : forall self : IncSome2List_List_Type.t_list . [#"../inc_some_2_list.rs" 33 14 33 29] Int.ge (Sum0.sum self) 0 end module IncSome2List_Impl0_LemmaSumNonneg use prelude.Int @@ -72,14 +72,14 @@ module IncSome2List_Impl0_LemmaSumNonneg clone IncSome2List_Impl0_Sum_Stub as Sum0 function lemma_sum_nonneg [#"../inc_some_2_list.rs" 34 4 34 30] (self : IncSome2List_List_Type.t_list) : () val lemma_sum_nonneg [#"../inc_some_2_list.rs" 34 4 34 30] (self : IncSome2List_List_Type.t_list) : () - ensures { [#"../inc_some_2_list.rs" 33 14 33 29] Sum0.sum self >= 0 } + ensures { [#"../inc_some_2_list.rs" 33 14 33 29] Int.ge (Sum0.sum self) 0 } ensures { result = lemma_sum_nonneg self } axiom def : forall self : IncSome2List_List_Type.t_list . lemma_sum_nonneg self = ([#"../inc_some_2_list.rs" 35 8 38 9] match (self) with | IncSome2List_List_Type.C_Cons _ l -> lemma_sum_nonneg l | IncSome2List_List_Type.C_Nil -> () end) - axiom lemma_sum_nonneg_spec : forall self : IncSome2List_List_Type.t_list . [#"../inc_some_2_list.rs" 33 14 33 29] Sum0.sum self >= 0 + axiom lemma_sum_nonneg_spec : forall self : IncSome2List_List_Type.t_list . [#"../inc_some_2_list.rs" 33 14 33 29] Int.ge (Sum0.sum self) 0 end module IncSome2List_Impl0_LemmaSumNonneg_Impl use prelude.Int @@ -87,7 +87,7 @@ module IncSome2List_Impl0_LemmaSumNonneg_Impl use IncSome2List_List_Type as IncSome2List_List_Type clone IncSome2List_Impl0_Sum as Sum0 let rec ghost function lemma_sum_nonneg [#"../inc_some_2_list.rs" 34 4 34 30] (self : IncSome2List_List_Type.t_list) : () - ensures { [#"../inc_some_2_list.rs" 33 14 33 29] Sum0.sum self >= 0 } + ensures { [#"../inc_some_2_list.rs" 33 14 33 29] Int.ge (Sum0.sum self) 0 } variant {[#"../inc_some_2_list.rs" 32 15 32 19] self} = [@vc:do_not_keep_trace] [@vc:sp] @@ -103,7 +103,7 @@ module IncSome2List_Impl0_SumX_Interface use IncSome2List_List_Type as IncSome2List_List_Type clone IncSome2List_Impl0_Sum_Stub as Sum0 val sum_x [#"../inc_some_2_list.rs" 43 4 43 26] (self : IncSome2List_List_Type.t_list) : uint32 - requires {[#"../inc_some_2_list.rs" 41 15 41 38] Sum0.sum self <= 1000000} + requires {[#"../inc_some_2_list.rs" 41 15 41 38] Int.le (Sum0.sum self) 1000000} ensures { [#"../inc_some_2_list.rs" 42 14 42 35] UInt32.to_int result = Sum0.sum self } end @@ -114,7 +114,7 @@ module IncSome2List_Impl0_SumX use IncSome2List_List_Type as IncSome2List_List_Type clone IncSome2List_Impl0_Sum as Sum0 let rec cfg sum_x [#"../inc_some_2_list.rs" 43 4 43 26] [@cfg:stackify] [@cfg:subregion_analysis] (self : IncSome2List_List_Type.t_list) : uint32 - requires {[#"../inc_some_2_list.rs" 41 15 41 38] Sum0.sum self <= 1000000} + requires {[#"../inc_some_2_list.rs" 41 15 41 38] Int.le (Sum0.sum self) 1000000} ensures { [#"../inc_some_2_list.rs" 42 14 42 35] UInt32.to_int result = Sum0.sum self } = [@vc:do_not_keep_trace] [@vc:sp] @@ -149,7 +149,7 @@ module IncSome2List_Impl0_SumX goto BB5 } BB5 { - _0 <- ([#"../inc_some_2_list.rs" 45 26 45 40] a + _8); + _0 <- ([#"../inc_some_2_list.rs" 45 26 45 40] UInt32.add a _8); _8 <- any uint32; goto BB6 } @@ -233,6 +233,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -272,9 +273,9 @@ module IncSome2List_Impl0_TakeSomeRest_Interface type ShallowModelTy0.shallowModelTy = int clone IncSome2List_Impl0_Sum_Stub as Sum0 val take_some_rest [#"../inc_some_2_list.rs" 54 4 54 57] (self : borrowed (IncSome2List_List_Type.t_list)) : (borrowed uint32, borrowed (IncSome2List_List_Type.t_list)) - ensures { [#"../inc_some_2_list.rs" 50 14 51 72] Sum0.sum ( ^ self) - Sum0.sum ( * self) = UInt32.to_int ( ^ (let (a, _) = result in a)) + Sum0.sum ( ^ (let (_, a) = result in a)) - ShallowModel0.shallow_model (let (a, _) = result in a) - Sum0.sum ( * (let (_, a) = result in a)) } - ensures { [#"../inc_some_2_list.rs" 52 14 52 37] ShallowModel0.shallow_model (let (a, _) = result in a) <= Sum0.sum ( * self) } - ensures { [#"../inc_some_2_list.rs" 53 14 53 42] Sum0.sum ( * (let (_, a) = result in a)) <= Sum0.sum ( * self) } + ensures { [#"../inc_some_2_list.rs" 50 14 51 72] Int.sub (Sum0.sum ( ^ self)) (Sum0.sum ( * self)) = Int.sub (Int.sub (Int.add (UInt32.to_int ( ^ (let (a, _) = result in a))) (Sum0.sum ( ^ (let (_, a) = result in a)))) (ShallowModel0.shallow_model (let (a, _) = result in a))) (Sum0.sum ( * (let (_, a) = result in a))) } + ensures { [#"../inc_some_2_list.rs" 52 14 52 37] Int.le (ShallowModel0.shallow_model (let (a, _) = result in a)) (Sum0.sum ( * self)) } + ensures { [#"../inc_some_2_list.rs" 53 14 53 42] Int.le (Sum0.sum ( * (let (_, a) = result in a))) (Sum0.sum ( * self)) } end module IncSome2List_Impl0_TakeSomeRest @@ -301,9 +302,9 @@ module IncSome2List_Impl0_TakeSomeRest function Sum0.sum = Sum0.sum, axiom . let rec cfg take_some_rest [#"../inc_some_2_list.rs" 54 4 54 57] [@cfg:stackify] [@cfg:subregion_analysis] (self : borrowed (IncSome2List_List_Type.t_list)) : (borrowed uint32, borrowed (IncSome2List_List_Type.t_list)) - ensures { [#"../inc_some_2_list.rs" 50 14 51 72] Sum0.sum ( ^ self) - Sum0.sum ( * self) = UInt32.to_int ( ^ (let (a, _) = result in a)) + Sum0.sum ( ^ (let (_, a) = result in a)) - ShallowModel0.shallow_model (let (a, _) = result in a) - Sum0.sum ( * (let (_, a) = result in a)) } - ensures { [#"../inc_some_2_list.rs" 52 14 52 37] ShallowModel0.shallow_model (let (a, _) = result in a) <= Sum0.sum ( * self) } - ensures { [#"../inc_some_2_list.rs" 53 14 53 42] Sum0.sum ( * (let (_, a) = result in a)) <= Sum0.sum ( * self) } + ensures { [#"../inc_some_2_list.rs" 50 14 51 72] Int.sub (Sum0.sum ( ^ self)) (Sum0.sum ( * self)) = Int.sub (Int.sub (Int.add (UInt32.to_int ( ^ (let (a, _) = result in a))) (Sum0.sum ( ^ (let (_, a) = result in a)))) (ShallowModel0.shallow_model (let (a, _) = result in a))) (Sum0.sum ( * (let (_, a) = result in a))) } + ensures { [#"../inc_some_2_list.rs" 52 14 52 37] Int.le (ShallowModel0.shallow_model (let (a, _) = result in a)) (Sum0.sum ( * self)) } + ensures { [#"../inc_some_2_list.rs" 53 14 53 42] Int.le (Sum0.sum ( * (let (_, a) = result in a))) (Sum0.sum ( * self)) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (borrowed uint32, borrowed (IncSome2List_List_Type.t_list)); @@ -422,6 +423,7 @@ end module CreusotContracts_Resolve_Impl0_Resolve type t1 type t2 + use prelude.Bool clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve1 with type self = t2 clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve0 with @@ -438,7 +440,7 @@ module IncSome2List_IncSome2List_Interface use IncSome2List_List_Type as IncSome2List_List_Type clone IncSome2List_Impl0_Sum_Stub as Sum0 val inc_some_2_list [#"../inc_some_2_list.rs" 70 0 70 51] (l : IncSome2List_List_Type.t_list) (j : uint32) (k : uint32) : () - requires {[#"../inc_some_2_list.rs" 69 11 69 41] Sum0.sum l + UInt32.to_int j + UInt32.to_int k <= 1000000} + requires {[#"../inc_some_2_list.rs" 69 11 69 41] Int.le (Int.add (Int.add (Sum0.sum l) (UInt32.to_int j)) (UInt32.to_int k)) 1000000} end module IncSome2List_IncSome2List @@ -468,7 +470,7 @@ module IncSome2List_IncSome2List clone IncSome2List_Impl0_SumX_Interface as SumX0 with function Sum0.sum = Sum0.sum let rec cfg inc_some_2_list [#"../inc_some_2_list.rs" 70 0 70 51] [@cfg:stackify] [@cfg:subregion_analysis] (l : IncSome2List_List_Type.t_list) (j : uint32) (k : uint32) : () - requires {[#"../inc_some_2_list.rs" 69 11 69 41] Sum0.sum l + UInt32.to_int j + UInt32.to_int k <= 1000000} + requires {[#"../inc_some_2_list.rs" 69 11 69 41] Int.le (Int.add (Int.add (Sum0.sum l) (UInt32.to_int j)) (UInt32.to_int k)) 1000000} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -517,16 +519,16 @@ module IncSome2List_IncSome2List mb <- (let (a, _) = _12 in a); _12 <- (let (a, b) = _12 in (any borrowed uint32, b)); assume { Resolve0.resolve _12 }; - ma <- { ma with current = ([#"../inc_some_2_list.rs" 74 4 74 12] * ma + j) }; + ma <- { ma with current = ([#"../inc_some_2_list.rs" 74 4 74 12] UInt32.add ( * ma) j) }; assume { Resolve1.resolve ma }; - mb <- { mb with current = ([#"../inc_some_2_list.rs" 75 4 75 12] * mb + k) }; + mb <- { mb with current = ([#"../inc_some_2_list.rs" 75 4 75 12] UInt32.add ( * mb) k) }; assume { Resolve1.resolve mb }; assume { Resolve2.resolve ml }; _19 <- ([#"../inc_some_2_list.rs" 76 12 76 21] SumX0.sum_x ([#"../inc_some_2_list.rs" 76 12 76 21] l)); goto BB5 } BB5 { - switch ([#"../inc_some_2_list.rs" 76 4 76 38] not ([#"../inc_some_2_list.rs" 76 12 76 37] _19 = ([#"../inc_some_2_list.rs" 76 25 76 37] ([#"../inc_some_2_list.rs" 76 25 76 33] sum0 + j) + k))) + switch ([#"../inc_some_2_list.rs" 76 4 76 38] not ([#"../inc_some_2_list.rs" 76 12 76 37] UInt32.eq _19 ([#"../inc_some_2_list.rs" 76 25 76 37] UInt32.add ([#"../inc_some_2_list.rs" 76 25 76 33] UInt32.add sum0 j) k))) | False -> goto BB7 | True -> goto BB6 end diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_list/why3session.xml b/creusot/tests/should_succeed/rusthorn/inc_some_2_list/why3session.xml index 3735010cbb..9468b0e2e6 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_2_list/why3session.xml +++ b/creusot/tests/should_succeed/rusthorn/inc_some_2_list/why3session.xml @@ -2,28 +2,28 @@ - - + + - + - + - + - + diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_list/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_some_2_list/why3shapes.gz index f071613aa7c77ed8ca44fa54d82eeadac8a80f76..61c6fe1cca9cc04cd6a07a030074d455e9e1a59d 100644 GIT binary patch literal 989 zcmV<310wt%iwFP!00000|CLrtkJ~s5zUNou*4^2QNIh&VFo(dHAOQw@Ds-$NJ9Zn? ziQ7Dy{`^vsel z`)V(3zCT_Jgp0Qh7K~bv=Sp^tpPX0Of5uxJZ{)kRyPZKJDac48-c|#w@UYyO47Vla zm4jh^i($)X8&kfy%YC^a?^R~^$Gm8-$K83FK{DO|+qytz^m;p7t^L*MdS#nHWLg6A zf9`bJC*xuWFDA3@lj-@}Mg$fSdPW_Wza5QpY7NWoZP34s{e1n=R70ix(_`s2;XeCf zWcTHvif^`Q+FO2TcU2R(4Zc@e7JmDMXzt9Nt#HrNkwR|K9g|Pc}y7BDVq2B?Y1z8}IccQP4fGL#13J+x%?`9B^q~J6PRKpK}dj&?%ZTk`iRu zWd_3C;BslW@MBMwQFfgBx#mx@LS+@oet8>wV@GvqNKBkd2)Js zT1<2|zzYLU(WmFPp){V1b($x>Ta!VklR>DX6d{hZh${~?>1b+%?m01_kBgAAlEovE z#788}BivYzGvfEnHZ&OET}C*=hX=fJ_<-2E2pY(NBMkaL@}{YiV?TT4A`7N#KOC5l z%7m5b6dXzD+~hpaaQINeVW#2GJH{Fg|5L<6ayVB_h{URJ07x0*thyof_Bj=hl6d+b z3fe&86^JY%Pyvc`F04rIz zB1?fU*?xY9q^O(iBIrJ>$hjO24`+^lc}Xr`&3AiAe%SNn*mu7tB6<0BWBz)2|t&2#grnWm$wiLU$L-A3n0)1Q;po=&Df(4y1gGTmbMnApXxq%dr@j zgLtu+-B`@X+aV&5h%hqgIQ+-ax29B+{N4uRo0!kH@2#C~IzBnA+$Nl7UUWKqS-8bl z)3*J4aq4T^25y7z)qM1uFG%uWM9W9yERcZ?J_MvsP||}r+e_d6uv&~u(Al`AS|0M; z_gjW!hsUPeeYvJ=I~7eMCZ!L`rflY&3a4~5uS*{?zIfm#SibAk$clXOXS-anI6Cy527yID8jE1juA6t4 z=sF4A8u(BY@L^26*Ix;f?tvXD)*9JnZ%g2Si}N|as$trkYa0GRxttLvKhLi#5atGz zrJ8X+=4hE!$C#gE_M|#SG#jhit$=+Z(Nqn%bY9<`9(ZG%|Eu|Ci%Wm91$NPOPMTx411TQ8ebHk(v7 z>ItPYL1DrJE!q=bb$A;Z(C5XctE=*#(5*41h$r^FQTEL*_LDEj%y)0+lJOP@uqjIjYg%#q97)4xrT_H*(I7 z8ouHIH*)e#%!p`Q^CE`;^#~;j!?CM^F3_SqqB3mCOk|QZAcPfFSz4x;gcOY8O$th~ z1omVjN@`4#5g~<;I9p{ZnIsu$43VrXtAy?81~^S^DVY+2l*;h3;;8^@OJ3JCtIH(Y ri+#H1n^H;1Ys&>R)@HnFXjXEO*}ANoMl~`~d%5`+lsvYPgbDxvR1WS5 diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.mlcfg b/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.mlcfg index 7271636e57..2a7f364ae5 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.mlcfg +++ b/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.mlcfg @@ -44,7 +44,7 @@ module IncSome2Tree_Impl0_Sum use IncSome2Tree_Tree_Type as IncSome2Tree_Tree_Type function sum [#"../inc_some_2_tree.rs" 21 4 21 23] (self : IncSome2Tree_Tree_Type.t_tree) : int = [#"../inc_some_2_tree.rs" 23 12 26 13] match (self) with - | IncSome2Tree_Tree_Type.C_Node tl a tr -> sum tl + UInt32.to_int a + sum tr + | IncSome2Tree_Tree_Type.C_Node tl a tr -> Int.add (Int.add (sum tl) (UInt32.to_int a)) (sum tr) | IncSome2Tree_Tree_Type.C_Leaf -> 0 end val sum [#"../inc_some_2_tree.rs" 21 4 21 23] (self : IncSome2Tree_Tree_Type.t_tree) : int @@ -65,10 +65,10 @@ module IncSome2Tree_Impl0_LemmaSumNonneg_Interface clone IncSome2Tree_Impl0_Sum_Stub as Sum0 function lemma_sum_nonneg [#"../inc_some_2_tree.rs" 33 4 33 30] (self : IncSome2Tree_Tree_Type.t_tree) : () val lemma_sum_nonneg [#"../inc_some_2_tree.rs" 33 4 33 30] (self : IncSome2Tree_Tree_Type.t_tree) : () - ensures { [#"../inc_some_2_tree.rs" 32 14 32 29] Sum0.sum self >= 0 } + ensures { [#"../inc_some_2_tree.rs" 32 14 32 29] Int.ge (Sum0.sum self) 0 } ensures { result = lemma_sum_nonneg self } - axiom lemma_sum_nonneg_spec : forall self : IncSome2Tree_Tree_Type.t_tree . [#"../inc_some_2_tree.rs" 32 14 32 29] Sum0.sum self >= 0 + axiom lemma_sum_nonneg_spec : forall self : IncSome2Tree_Tree_Type.t_tree . [#"../inc_some_2_tree.rs" 32 14 32 29] Int.ge (Sum0.sum self) 0 end module IncSome2Tree_Impl0_LemmaSumNonneg use prelude.Int @@ -77,14 +77,14 @@ module IncSome2Tree_Impl0_LemmaSumNonneg clone IncSome2Tree_Impl0_Sum_Stub as Sum0 function lemma_sum_nonneg [#"../inc_some_2_tree.rs" 33 4 33 30] (self : IncSome2Tree_Tree_Type.t_tree) : () val lemma_sum_nonneg [#"../inc_some_2_tree.rs" 33 4 33 30] (self : IncSome2Tree_Tree_Type.t_tree) : () - ensures { [#"../inc_some_2_tree.rs" 32 14 32 29] Sum0.sum self >= 0 } + ensures { [#"../inc_some_2_tree.rs" 32 14 32 29] Int.ge (Sum0.sum self) 0 } ensures { result = lemma_sum_nonneg self } axiom def : forall self : IncSome2Tree_Tree_Type.t_tree . lemma_sum_nonneg self = ([#"../inc_some_2_tree.rs" 34 8 40 9] match (self) with | IncSome2Tree_Tree_Type.C_Node tl _ tr -> let _ = lemma_sum_nonneg tl in let _ = lemma_sum_nonneg tr in () | IncSome2Tree_Tree_Type.C_Leaf -> () end) - axiom lemma_sum_nonneg_spec : forall self : IncSome2Tree_Tree_Type.t_tree . [#"../inc_some_2_tree.rs" 32 14 32 29] Sum0.sum self >= 0 + axiom lemma_sum_nonneg_spec : forall self : IncSome2Tree_Tree_Type.t_tree . [#"../inc_some_2_tree.rs" 32 14 32 29] Int.ge (Sum0.sum self) 0 end module IncSome2Tree_Impl0_LemmaSumNonneg_Impl use prelude.Int @@ -92,7 +92,7 @@ module IncSome2Tree_Impl0_LemmaSumNonneg_Impl use IncSome2Tree_Tree_Type as IncSome2Tree_Tree_Type clone IncSome2Tree_Impl0_Sum as Sum0 let rec ghost function lemma_sum_nonneg [#"../inc_some_2_tree.rs" 33 4 33 30] (self : IncSome2Tree_Tree_Type.t_tree) : () - ensures { [#"../inc_some_2_tree.rs" 32 14 32 29] Sum0.sum self >= 0 } + ensures { [#"../inc_some_2_tree.rs" 32 14 32 29] Int.ge (Sum0.sum self) 0 } variant {[#"../inc_some_2_tree.rs" 31 15 31 19] self} = [@vc:do_not_keep_trace] [@vc:sp] @@ -108,7 +108,7 @@ module IncSome2Tree_Impl0_SumX_Interface use IncSome2Tree_Tree_Type as IncSome2Tree_Tree_Type clone IncSome2Tree_Impl0_Sum_Stub as Sum0 val sum_x [#"../inc_some_2_tree.rs" 45 4 45 26] (self : IncSome2Tree_Tree_Type.t_tree) : uint32 - requires {[#"../inc_some_2_tree.rs" 43 15 43 38] Sum0.sum self <= 1000000} + requires {[#"../inc_some_2_tree.rs" 43 15 43 38] Int.le (Sum0.sum self) 1000000} ensures { [#"../inc_some_2_tree.rs" 44 14 44 35] UInt32.to_int result = Sum0.sum self } end @@ -122,7 +122,7 @@ module IncSome2Tree_Impl0_SumX function Sum0.sum = Sum0.sum, axiom . let rec cfg sum_x [#"../inc_some_2_tree.rs" 45 4 45 26] [@cfg:stackify] [@cfg:subregion_analysis] (self : IncSome2Tree_Tree_Type.t_tree) : uint32 - requires {[#"../inc_some_2_tree.rs" 43 15 43 38] Sum0.sum self <= 1000000} + requires {[#"../inc_some_2_tree.rs" 43 15 43 38] Int.le (Sum0.sum self) 1000000} ensures { [#"../inc_some_2_tree.rs" 44 14 44 35] UInt32.to_int result = Sum0.sum self } = [@vc:do_not_keep_trace] [@vc:sp] @@ -165,7 +165,7 @@ module IncSome2Tree_Impl0_SumX goto BB6 } BB6 { - _0 <- ([#"../inc_some_2_tree.rs" 53 16 53 44] ([#"../inc_some_2_tree.rs" 53 16 53 31] _11 + a) + _14); + _0 <- ([#"../inc_some_2_tree.rs" 53 16 53 44] UInt32.add ([#"../inc_some_2_tree.rs" 53 16 53 31] UInt32.add _11 a) _14); _11 <- any uint32; _14 <- any uint32; goto BB7 @@ -250,6 +250,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -289,9 +290,9 @@ module IncSome2Tree_Impl0_TakeSomeRest_Interface type ShallowModelTy0.shallowModelTy = int clone IncSome2Tree_Impl0_Sum_Stub as Sum0 val take_some_rest [#"../inc_some_2_tree.rs" 63 4 63 57] (self : borrowed (IncSome2Tree_Tree_Type.t_tree)) : (borrowed uint32, borrowed (IncSome2Tree_Tree_Type.t_tree)) - ensures { [#"../inc_some_2_tree.rs" 59 14 60 72] Sum0.sum ( ^ self) - Sum0.sum ( * self) = UInt32.to_int ( ^ (let (a, _) = result in a)) + Sum0.sum ( ^ (let (_, a) = result in a)) - ShallowModel0.shallow_model (let (a, _) = result in a) - Sum0.sum ( * (let (_, a) = result in a)) } - ensures { [#"../inc_some_2_tree.rs" 61 14 61 37] ShallowModel0.shallow_model (let (a, _) = result in a) <= Sum0.sum ( * self) } - ensures { [#"../inc_some_2_tree.rs" 62 14 62 42] Sum0.sum ( * (let (_, a) = result in a)) <= Sum0.sum ( * self) } + ensures { [#"../inc_some_2_tree.rs" 59 14 60 72] Int.sub (Sum0.sum ( ^ self)) (Sum0.sum ( * self)) = Int.sub (Int.sub (Int.add (UInt32.to_int ( ^ (let (a, _) = result in a))) (Sum0.sum ( ^ (let (_, a) = result in a)))) (ShallowModel0.shallow_model (let (a, _) = result in a))) (Sum0.sum ( * (let (_, a) = result in a))) } + ensures { [#"../inc_some_2_tree.rs" 61 14 61 37] Int.le (ShallowModel0.shallow_model (let (a, _) = result in a)) (Sum0.sum ( * self)) } + ensures { [#"../inc_some_2_tree.rs" 62 14 62 42] Int.le (Sum0.sum ( * (let (_, a) = result in a))) (Sum0.sum ( * self)) } end module IncSome2Tree_Impl0_TakeSomeRest @@ -317,9 +318,9 @@ module IncSome2Tree_Impl0_TakeSomeRest function Sum0.sum = Sum0.sum, axiom . let rec cfg take_some_rest [#"../inc_some_2_tree.rs" 63 4 63 57] [@cfg:stackify] [@cfg:subregion_analysis] (self : borrowed (IncSome2Tree_Tree_Type.t_tree)) : (borrowed uint32, borrowed (IncSome2Tree_Tree_Type.t_tree)) - ensures { [#"../inc_some_2_tree.rs" 59 14 60 72] Sum0.sum ( ^ self) - Sum0.sum ( * self) = UInt32.to_int ( ^ (let (a, _) = result in a)) + Sum0.sum ( ^ (let (_, a) = result in a)) - ShallowModel0.shallow_model (let (a, _) = result in a) - Sum0.sum ( * (let (_, a) = result in a)) } - ensures { [#"../inc_some_2_tree.rs" 61 14 61 37] ShallowModel0.shallow_model (let (a, _) = result in a) <= Sum0.sum ( * self) } - ensures { [#"../inc_some_2_tree.rs" 62 14 62 42] Sum0.sum ( * (let (_, a) = result in a)) <= Sum0.sum ( * self) } + ensures { [#"../inc_some_2_tree.rs" 59 14 60 72] Int.sub (Sum0.sum ( ^ self)) (Sum0.sum ( * self)) = Int.sub (Int.sub (Int.add (UInt32.to_int ( ^ (let (a, _) = result in a))) (Sum0.sum ( ^ (let (_, a) = result in a)))) (ShallowModel0.shallow_model (let (a, _) = result in a))) (Sum0.sum ( * (let (_, a) = result in a))) } + ensures { [#"../inc_some_2_tree.rs" 61 14 61 37] Int.le (ShallowModel0.shallow_model (let (a, _) = result in a)) (Sum0.sum ( * self)) } + ensures { [#"../inc_some_2_tree.rs" 62 14 62 42] Int.le (Sum0.sum ( * (let (_, a) = result in a))) (Sum0.sum ( * self)) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (borrowed uint32, borrowed (IncSome2Tree_Tree_Type.t_tree)); @@ -494,6 +495,7 @@ end module CreusotContracts_Resolve_Impl0_Resolve type t1 type t2 + use prelude.Bool clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve1 with type self = t2 clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve0 with @@ -510,7 +512,7 @@ module IncSome2Tree_IncSome2Tree_Interface use IncSome2Tree_Tree_Type as IncSome2Tree_Tree_Type clone IncSome2Tree_Impl0_Sum_Stub as Sum0 val inc_some_2_tree [#"../inc_some_2_tree.rs" 85 0 85 51] (t : IncSome2Tree_Tree_Type.t_tree) (j : uint32) (k : uint32) : () - requires {[#"../inc_some_2_tree.rs" 84 11 84 41] Sum0.sum t + UInt32.to_int j + UInt32.to_int k <= 1000000} + requires {[#"../inc_some_2_tree.rs" 84 11 84 41] Int.le (Int.add (Int.add (Sum0.sum t) (UInt32.to_int j)) (UInt32.to_int k)) 1000000} end module IncSome2Tree_IncSome2Tree @@ -540,7 +542,7 @@ module IncSome2Tree_IncSome2Tree clone IncSome2Tree_Impl0_SumX_Interface as SumX0 with function Sum0.sum = Sum0.sum let rec cfg inc_some_2_tree [#"../inc_some_2_tree.rs" 85 0 85 51] [@cfg:stackify] [@cfg:subregion_analysis] (t : IncSome2Tree_Tree_Type.t_tree) (j : uint32) (k : uint32) : () - requires {[#"../inc_some_2_tree.rs" 84 11 84 41] Sum0.sum t + UInt32.to_int j + UInt32.to_int k <= 1000000} + requires {[#"../inc_some_2_tree.rs" 84 11 84 41] Int.le (Int.add (Int.add (Sum0.sum t) (UInt32.to_int j)) (UInt32.to_int k)) 1000000} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -589,16 +591,16 @@ module IncSome2Tree_IncSome2Tree mb <- (let (a, _) = _12 in a); _12 <- (let (a, b) = _12 in (any borrowed uint32, b)); assume { Resolve0.resolve _12 }; - ma <- { ma with current = ([#"../inc_some_2_tree.rs" 89 4 89 12] * ma + j) }; + ma <- { ma with current = ([#"../inc_some_2_tree.rs" 89 4 89 12] UInt32.add ( * ma) j) }; assume { Resolve1.resolve ma }; - mb <- { mb with current = ([#"../inc_some_2_tree.rs" 90 4 90 12] * mb + k) }; + mb <- { mb with current = ([#"../inc_some_2_tree.rs" 90 4 90 12] UInt32.add ( * mb) k) }; assume { Resolve1.resolve mb }; assume { Resolve2.resolve mt }; _19 <- ([#"../inc_some_2_tree.rs" 91 12 91 21] SumX0.sum_x ([#"../inc_some_2_tree.rs" 91 12 91 21] t)); goto BB5 } BB5 { - switch ([#"../inc_some_2_tree.rs" 91 4 91 38] not ([#"../inc_some_2_tree.rs" 91 12 91 37] _19 = ([#"../inc_some_2_tree.rs" 91 25 91 37] ([#"../inc_some_2_tree.rs" 91 25 91 33] sum0 + j) + k))) + switch ([#"../inc_some_2_tree.rs" 91 4 91 38] not ([#"../inc_some_2_tree.rs" 91 12 91 37] UInt32.eq _19 ([#"../inc_some_2_tree.rs" 91 25 91 37] UInt32.add ([#"../inc_some_2_tree.rs" 91 25 91 33] UInt32.add sum0 j) k))) | False -> goto BB7 | True -> goto BB6 end diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_tree/why3session.xml b/creusot/tests/should_succeed/rusthorn/inc_some_2_tree/why3session.xml index cfe68cf199..fd2bee2efa 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_2_tree/why3session.xml +++ b/creusot/tests/should_succeed/rusthorn/inc_some_2_tree/why3session.xml @@ -2,28 +2,28 @@ - - + + - + - + - + - + diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_tree/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_some_2_tree/why3shapes.gz index 1b1b144f577f3b36cba0bdc0cc0531a7a29c229e..f62bfd9989a2dc6611f038afba85846bfbc471f4 100644 GIT binary patch literal 1122 zcmV-o1fBaIiwFP!00000|9w_VkJ~s5zUNou*4^wyqGVYrkV6n8h=IZOQs_8_>?m!} zByRI)_UAA4uq}I><}f3QN_sqtT|}1TCdGg3(ddazfAMq=Fr&`Ee1n8XD&5!=DB85 z=2ORPXL>z9G}rmbp3kO4u=3JeF815ZEX{aNlePK!_<6GA?V}DR_Go`(bW9FzgU@Ow zEX}I zFJ;v{F8kXsa^M4r6~jbPJv66-v}MQ?C@xnoj~Myj5qOXW*cN@#0HG#oyTZGV>zWe( z^BzdgW# zBK#L2obTpzYM$j85l^8JgKmk-%8Tz>wA*p7a@CCap*oLd@&y`J@@j9*>9^IYTjEua zPH?T2YM@yApKq(s)^5;USZ>m@Ri6%PgJXOmA(kcDG$qD6#dK29^W7it0#n4nFjaHC zHcz|%bp8>r566o+X~>+Oam~V9p$o%5kfGEk%gxrDZZ?cqaFLpmn5#;1<)l4XPUWf+ z?I2g#DPH8NqNO`v8k0v7AmdzR%r#sR!&}PRTyy+Gd73L^=IixgH3M%9n$busL$ZjvA0G zHdIQvftQ)m@RF8C9^>HD(0cGp&;XCcdx<`@FWMGP37m!JIpOb~zPmaDB>csM2NLOx zJKBiN8PL-tM$a_kQ$^x`D$>{kn>tS;Vm=}^jHv5q_z)3{@aaTd8T~_HKX@!0t#_jy zzKxLY6wY@Mr`-2C?tt9-R}XR=*|5S1=j{lyZP9Zgv_uYcf)jxy+LRN4c8Zh}X-|sL z_1&NF0+ff~#t#5u#=?fzyZFt+L1!k zqBjXE8b9WUmT8$<9-nyiTWUC7>c9+8-mliqW|Ar)CCv_^-Ya7n(sC~F+hs3v3zlYc zx+Ak1f0dHF+C!dU8xk(7ea;j?p2~4+p6&RK?O;~riX52CtjJi!f$>aL=pmFKjL5p4 o=R4sI2}cpnJD9ApSxyldWX=IHiELAux!TFu|6rm)5_}8*0C9mh00000 literal 1100 zcmV-S1he}eiwFP!00000|CLrjhIr0gYUa!f z&8Ez!j@iugDmygS>}1bpQzBS-X)YK0b!HZ3yr;>^e0lqEvgGBx4kq?!e`It_4sL_b zD<>?>y(y2EyDt2u*sXjbR4h^Th6)BBoSF*r$3V^p5?_z)^N~HIl5*zgr781{F$T)Q z)sUbDP3b^Qy;`o9cdsYrf=QO3g|}Bhq*0VXBq+vmJRT31T-8-WZ1DPymvY~{UFzE~ zVBiCZ?S}cGdT34u*~-oGDe%Y=fe~H&u8rZG;$2SqS z;WEsy3&#y{zU?fKdc1nzCs-o3zu7m}YxA)6hx7MWY*SlK}H8?~wpFATP)H-sA z8k`?l6NH8WgF*OM@Q&BDK0I8hnRA95X&^?2d=MtfYkhL)H3d!(nNm05F;lr7p;PH= zgLkL`cssV#D?{bv1h_*+P8DvB1GpGtiy`sO9p{FTcgln*+xN?Df9?j1w|&GzA93n_ zd7cK-GQ!<_x807Xmj*P7t(21LbG{uJj!#uX>jCT2 z=cq%wUE8ZEBeU?NCWPGcaaT})gqWD{Kq9TC(md zPjS#PGSCT%1D0reiUZnhk0~yCyn5g#SUkiurf~#|Wejg_|B}xgIn2ZUxB^rn3xp>e zr#mnJ&T*)KoA^)xnj>#?BObNrO~Q(56=+w>v^wfP-fH>3-f9^Q)D%if4980qcmc}$ z)!NyN$$~=7K#@I{h2cewyv)Qtw}jU@BN^S2857jxd|$z#VznrwtnrD S5;C=wvws23eQWe#3;+POS0J$f diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_list.mlcfg b/creusot/tests/should_succeed/rusthorn/inc_some_list.mlcfg index 1ee1a042e0..4fffc82e0f 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_list.mlcfg +++ b/creusot/tests/should_succeed/rusthorn/inc_some_list.mlcfg @@ -39,7 +39,7 @@ module IncSomeList_Impl0_Sum use IncSomeList_List_Type as IncSomeList_List_Type function sum [#"../inc_some_list.rs" 21 4 21 23] (self : IncSomeList_List_Type.t_list) : int = [#"../inc_some_list.rs" 23 12 26 13] match (self) with - | IncSomeList_List_Type.C_Cons a l -> UInt32.to_int a + sum l + | IncSomeList_List_Type.C_Cons a l -> Int.add (UInt32.to_int a) (sum l) | IncSomeList_List_Type.C_Nil -> 0 end val sum [#"../inc_some_list.rs" 21 4 21 23] (self : IncSomeList_List_Type.t_list) : int @@ -60,10 +60,10 @@ module IncSomeList_Impl0_LemmaSumNonneg_Interface clone IncSomeList_Impl0_Sum_Stub as Sum0 function lemma_sum_nonneg [#"../inc_some_list.rs" 33 4 33 30] (self : IncSomeList_List_Type.t_list) : () val lemma_sum_nonneg [#"../inc_some_list.rs" 33 4 33 30] (self : IncSomeList_List_Type.t_list) : () - ensures { [#"../inc_some_list.rs" 32 14 32 29] Sum0.sum self >= 0 } + ensures { [#"../inc_some_list.rs" 32 14 32 29] Int.ge (Sum0.sum self) 0 } ensures { result = lemma_sum_nonneg self } - axiom lemma_sum_nonneg_spec : forall self : IncSomeList_List_Type.t_list . [#"../inc_some_list.rs" 32 14 32 29] Sum0.sum self >= 0 + axiom lemma_sum_nonneg_spec : forall self : IncSomeList_List_Type.t_list . [#"../inc_some_list.rs" 32 14 32 29] Int.ge (Sum0.sum self) 0 end module IncSomeList_Impl0_LemmaSumNonneg use prelude.Int @@ -72,14 +72,14 @@ module IncSomeList_Impl0_LemmaSumNonneg clone IncSomeList_Impl0_Sum_Stub as Sum0 function lemma_sum_nonneg [#"../inc_some_list.rs" 33 4 33 30] (self : IncSomeList_List_Type.t_list) : () val lemma_sum_nonneg [#"../inc_some_list.rs" 33 4 33 30] (self : IncSomeList_List_Type.t_list) : () - ensures { [#"../inc_some_list.rs" 32 14 32 29] Sum0.sum self >= 0 } + ensures { [#"../inc_some_list.rs" 32 14 32 29] Int.ge (Sum0.sum self) 0 } ensures { result = lemma_sum_nonneg self } axiom def : forall self : IncSomeList_List_Type.t_list . lemma_sum_nonneg self = ([#"../inc_some_list.rs" 34 8 37 9] match (self) with | IncSomeList_List_Type.C_Cons _ l -> lemma_sum_nonneg l | IncSomeList_List_Type.C_Nil -> () end) - axiom lemma_sum_nonneg_spec : forall self : IncSomeList_List_Type.t_list . [#"../inc_some_list.rs" 32 14 32 29] Sum0.sum self >= 0 + axiom lemma_sum_nonneg_spec : forall self : IncSomeList_List_Type.t_list . [#"../inc_some_list.rs" 32 14 32 29] Int.ge (Sum0.sum self) 0 end module IncSomeList_Impl0_LemmaSumNonneg_Impl use prelude.Int @@ -87,7 +87,7 @@ module IncSomeList_Impl0_LemmaSumNonneg_Impl use IncSomeList_List_Type as IncSomeList_List_Type clone IncSomeList_Impl0_Sum as Sum0 let rec ghost function lemma_sum_nonneg [#"../inc_some_list.rs" 33 4 33 30] (self : IncSomeList_List_Type.t_list) : () - ensures { [#"../inc_some_list.rs" 32 14 32 29] Sum0.sum self >= 0 } + ensures { [#"../inc_some_list.rs" 32 14 32 29] Int.ge (Sum0.sum self) 0 } variant {[#"../inc_some_list.rs" 31 15 31 19] self} = [@vc:do_not_keep_trace] [@vc:sp] @@ -103,7 +103,7 @@ module IncSomeList_Impl0_SumX_Interface use IncSomeList_List_Type as IncSomeList_List_Type clone IncSomeList_Impl0_Sum_Stub as Sum0 val sum_x [#"../inc_some_list.rs" 42 4 42 26] (self : IncSomeList_List_Type.t_list) : uint32 - requires {[#"../inc_some_list.rs" 40 15 40 38] Sum0.sum self <= 1000000} + requires {[#"../inc_some_list.rs" 40 15 40 38] Int.le (Sum0.sum self) 1000000} ensures { [#"../inc_some_list.rs" 41 14 41 35] UInt32.to_int result = Sum0.sum self } end @@ -114,7 +114,7 @@ module IncSomeList_Impl0_SumX use IncSomeList_List_Type as IncSomeList_List_Type clone IncSomeList_Impl0_Sum as Sum0 let rec cfg sum_x [#"../inc_some_list.rs" 42 4 42 26] [@cfg:stackify] [@cfg:subregion_analysis] (self : IncSomeList_List_Type.t_list) : uint32 - requires {[#"../inc_some_list.rs" 40 15 40 38] Sum0.sum self <= 1000000} + requires {[#"../inc_some_list.rs" 40 15 40 38] Int.le (Sum0.sum self) 1000000} ensures { [#"../inc_some_list.rs" 41 14 41 35] UInt32.to_int result = Sum0.sum self } = [@vc:do_not_keep_trace] [@vc:sp] @@ -149,7 +149,7 @@ module IncSomeList_Impl0_SumX goto BB5 } BB5 { - _0 <- ([#"../inc_some_list.rs" 44 26 44 40] a + _8); + _0 <- ([#"../inc_some_list.rs" 44 26 44 40] UInt32.add a _8); _8 <- any uint32; goto BB6 } @@ -233,6 +233,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -272,8 +273,8 @@ module IncSomeList_Impl0_TakeSome_Interface type ShallowModelTy0.shallowModelTy = int clone IncSomeList_Impl0_Sum_Stub as Sum0 val take_some [#"../inc_some_list.rs" 51 4 51 39] (self : borrowed (IncSomeList_List_Type.t_list)) : borrowed uint32 - ensures { [#"../inc_some_list.rs" 49 14 49 64] Sum0.sum ( ^ self) - Sum0.sum ( * self) = UInt32.to_int ( ^ result) - ShallowModel0.shallow_model result } - ensures { [#"../inc_some_list.rs" 50 14 50 35] ShallowModel0.shallow_model result <= Sum0.sum ( * self) } + ensures { [#"../inc_some_list.rs" 49 14 49 64] Int.sub (Sum0.sum ( ^ self)) (Sum0.sum ( * self)) = Int.sub (UInt32.to_int ( ^ result)) (ShallowModel0.shallow_model result) } + ensures { [#"../inc_some_list.rs" 50 14 50 35] Int.le (ShallowModel0.shallow_model result) (Sum0.sum ( * self)) } end module IncSomeList_Impl0_TakeSome @@ -300,8 +301,8 @@ module IncSomeList_Impl0_TakeSome function Sum0.sum = Sum0.sum, axiom . let rec cfg take_some [#"../inc_some_list.rs" 51 4 51 39] [@cfg:stackify] [@cfg:subregion_analysis] (self : borrowed (IncSomeList_List_Type.t_list)) : borrowed uint32 - ensures { [#"../inc_some_list.rs" 49 14 49 64] Sum0.sum ( ^ self) - Sum0.sum ( * self) = UInt32.to_int ( ^ result) - ShallowModel0.shallow_model result } - ensures { [#"../inc_some_list.rs" 50 14 50 35] ShallowModel0.shallow_model result <= Sum0.sum ( * self) } + ensures { [#"../inc_some_list.rs" 49 14 49 64] Int.sub (Sum0.sum ( ^ self)) (Sum0.sum ( * self)) = Int.sub (UInt32.to_int ( ^ result)) (ShallowModel0.shallow_model result) } + ensures { [#"../inc_some_list.rs" 50 14 50 35] Int.le (ShallowModel0.shallow_model result) (Sum0.sum ( * self)) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : borrowed uint32; @@ -410,7 +411,7 @@ module IncSomeList_IncSomeList_Interface use IncSomeList_List_Type as IncSomeList_List_Type clone IncSomeList_Impl0_Sum_Stub as Sum0 val inc_some_list [#"../inc_some_list.rs" 67 0 67 41] (l : IncSomeList_List_Type.t_list) (k : uint32) : () - requires {[#"../inc_some_list.rs" 66 11 66 36] Sum0.sum l + UInt32.to_int k <= 1000000} + requires {[#"../inc_some_list.rs" 66 11 66 36] Int.le (Int.add (Sum0.sum l) (UInt32.to_int k)) 1000000} end module IncSomeList_IncSomeList @@ -433,7 +434,7 @@ module IncSomeList_IncSomeList clone IncSomeList_Impl0_SumX_Interface as SumX0 with function Sum0.sum = Sum0.sum let rec cfg inc_some_list [#"../inc_some_list.rs" 67 0 67 41] [@cfg:stackify] [@cfg:subregion_analysis] (l : IncSomeList_List_Type.t_list) (k : uint32) : () - requires {[#"../inc_some_list.rs" 66 11 66 36] Sum0.sum l + UInt32.to_int k <= 1000000} + requires {[#"../inc_some_list.rs" 66 11 66 36] Int.le (Int.add (Sum0.sum l) (UInt32.to_int k)) 1000000} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -461,13 +462,13 @@ module IncSomeList_IncSomeList goto BB3 } BB3 { - ma <- { ma with current = ([#"../inc_some_list.rs" 70 4 70 12] * ma + k) }; + ma <- { ma with current = ([#"../inc_some_list.rs" 70 4 70 12] UInt32.add ( * ma) k) }; assume { Resolve0.resolve ma }; _12 <- ([#"../inc_some_list.rs" 71 12 71 21] SumX0.sum_x ([#"../inc_some_list.rs" 71 12 71 21] l)); goto BB4 } BB4 { - switch ([#"../inc_some_list.rs" 71 4 71 34] not ([#"../inc_some_list.rs" 71 12 71 33] _12 = ([#"../inc_some_list.rs" 71 25 71 33] sum0 + k))) + switch ([#"../inc_some_list.rs" 71 4 71 34] not ([#"../inc_some_list.rs" 71 12 71 33] UInt32.eq _12 ([#"../inc_some_list.rs" 71 25 71 33] UInt32.add sum0 k))) | False -> goto BB6 | True -> goto BB5 end diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_list/why3session.xml b/creusot/tests/should_succeed/rusthorn/inc_some_list/why3session.xml index 96dfd3274c..e583331729 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_list/why3session.xml +++ b/creusot/tests/should_succeed/rusthorn/inc_some_list/why3session.xml @@ -2,28 +2,28 @@ - - + + - + - + - + - + diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_list/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_some_list/why3shapes.gz index fc9685bda7e39130b4b4011984addc54ce976906..dd981172e031576f9623ed727dd12b5fc1a9fd3e 100644 GIT binary patch literal 904 zcmV;319$u%iwFP!00000|9w@+$q zm-b$p75xaw6j} z5HFEAOk^hgPALLP5hg{Qmj5{!x6&$9z54KUHu}@!TW9B;PDf9SGhDtey6cAL`8qVV zQ@C`q`b|+M?)a#^`7dZ1-QE{=4sN%6gFoq;9f$6RRcsn!h2_!^UPr0x;dUFIw)t@V z8iKW#UPBP>wZf&sg;)9w2JRF6VhiL6NWucHFiSw@KF&X-=hK)dv7|+pMmTG_O+{iV z88Q)tams|@6WwS7lM&^&qa@sxfGOb*zN+$N#udT4nF1~RZ7w#kiWrM>f4vJueHFpk z2=@tI$`y45@^ZkGrIXyA@N~qRGj@ng2%lnm3V;j5i0}-kqGTVL5%>_XUu=$GebC)# zT_BH`W*ByGhJUqf8Mn<)2+okp5WIZLDG5(}P%0HI6DOxV!80cUH1wz2!zvmU!wI0h zUmc6+rOt@lP4y%VdiT5Z>{mQOF)C63BghdMvE*0n(*c=pRv-qC3<;0D!_S6Z_Ork) zDhQh7r~7qa>VdETrMM_IA)UI*U4OObak$#dSC3cWv>LA3AYECWH>NQ7K11HM{T`fK zFk3g+b*#|h0k->9Ltd{x#nfckkfBE1iHNx)i@77G=7a-wb<14c1`R`fu3G<^hWrU_ z`5W5X^-%i$b?_bGrAUidihNz7Jh|5eT5Qq2$p{DVBX}xfyJ7Jag7eFI(@eCu<{XkGi`6 literal 883 zcmV-(1C0D1iwFP!00000|BY2!tK&8he)q5N+iuTN(EYOX6oN@ep!8|cV~uRf-LQ_m z#L1>Vzaz9j6c5R<5&CLjrk9E9nVAmIT!icFPZ)Q-H!K*K{YxR zNx(I-MOh5}_%Juv{dw*T+7*R;H`I{%s7*(&#)r%lc{^P5&Rs6HgrH?V^u7B#v+wpc zl;{3ta7=viVX+ZAIJtwKk`Mk=*iTE5ECs#?W5W&ezbPCG;b=Ibwgx;UHYkWBiU`C6 z_2H9-Yeu}g!k+uG8t#2Ft~1M}fYHf2BBKwdXKEc%tHaLz770`}M&Zv}s~L>UlLv5?!dL16F`EdCbgSF@0 zLJ%H!!pdM7Sbl?zUnafSI`ZU5q5(IUB}e8LubD6-8(*ZV28zAy64!vfRXyQ!E;rKpGl42Pz}{619{Y z>YL-GxRj+juB$tjcU50+y>SoWw-o@d2#Sc1of=B^6Dk4=5&Ol(2(|~?jm`%O9`gyq z-ksr}U0F|8W+(<{$Y+RJzQvSCCm|@+hN^_g^G@&+69E|Z%k}OIjmE$}+6U{Yd0zU9 z=-u2$x<-G5TL$zi9I*)vk$?ztOo&+0oA%)ySr}442A>cTKFy498fVyl1@=*a&_qAo zuLINI2nHy{Mbq%{hsih%n4A6P%5k{3EIfVaozr5onu2sCy&SXk1YKLhl>Eu0UE8JP zWI1V}0X^m7Icmjo)TYUUqwne&`KF8{#pYYh^fe6qKjE(J{0mTF+=n)Q={z}g7+>}s zPs(N2$*pIY8p4~09enqu`N5`73Vf88Bt?$UlOy!x2sEFfZl?6*OLOk)@D9rEJl?Xb zl0qulVj-NUtIAPL73SD#)^e;B&G8Xsq9WF|5(y=Q@<~lTH3(I*sj1X8=eazJBR{fCC?+)|;*ArWy1I2uBec+%5?<9(<@%_ye*uZ& Jw*u1$000VjzU=@2 diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_tree.mlcfg b/creusot/tests/should_succeed/rusthorn/inc_some_tree.mlcfg index 571be534a4..5ad8db0d93 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_tree.mlcfg +++ b/creusot/tests/should_succeed/rusthorn/inc_some_tree.mlcfg @@ -44,7 +44,7 @@ module IncSomeTree_Impl0_Sum use IncSomeTree_Tree_Type as IncSomeTree_Tree_Type function sum [#"../inc_some_tree.rs" 21 4 21 23] (self : IncSomeTree_Tree_Type.t_tree) : int = [#"../inc_some_tree.rs" 23 12 26 13] match (self) with - | IncSomeTree_Tree_Type.C_Node tl a tr -> sum tl + UInt32.to_int a + sum tr + | IncSomeTree_Tree_Type.C_Node tl a tr -> Int.add (Int.add (sum tl) (UInt32.to_int a)) (sum tr) | IncSomeTree_Tree_Type.C_Leaf -> 0 end val sum [#"../inc_some_tree.rs" 21 4 21 23] (self : IncSomeTree_Tree_Type.t_tree) : int @@ -65,10 +65,10 @@ module IncSomeTree_Impl0_LemmaSumNonneg_Interface clone IncSomeTree_Impl0_Sum_Stub as Sum0 function lemma_sum_nonneg [#"../inc_some_tree.rs" 33 4 33 30] (self : IncSomeTree_Tree_Type.t_tree) : () val lemma_sum_nonneg [#"../inc_some_tree.rs" 33 4 33 30] (self : IncSomeTree_Tree_Type.t_tree) : () - ensures { [#"../inc_some_tree.rs" 32 14 32 29] Sum0.sum self >= 0 } + ensures { [#"../inc_some_tree.rs" 32 14 32 29] Int.ge (Sum0.sum self) 0 } ensures { result = lemma_sum_nonneg self } - axiom lemma_sum_nonneg_spec : forall self : IncSomeTree_Tree_Type.t_tree . [#"../inc_some_tree.rs" 32 14 32 29] Sum0.sum self >= 0 + axiom lemma_sum_nonneg_spec : forall self : IncSomeTree_Tree_Type.t_tree . [#"../inc_some_tree.rs" 32 14 32 29] Int.ge (Sum0.sum self) 0 end module IncSomeTree_Impl0_LemmaSumNonneg use prelude.Int @@ -77,14 +77,14 @@ module IncSomeTree_Impl0_LemmaSumNonneg clone IncSomeTree_Impl0_Sum_Stub as Sum0 function lemma_sum_nonneg [#"../inc_some_tree.rs" 33 4 33 30] (self : IncSomeTree_Tree_Type.t_tree) : () val lemma_sum_nonneg [#"../inc_some_tree.rs" 33 4 33 30] (self : IncSomeTree_Tree_Type.t_tree) : () - ensures { [#"../inc_some_tree.rs" 32 14 32 29] Sum0.sum self >= 0 } + ensures { [#"../inc_some_tree.rs" 32 14 32 29] Int.ge (Sum0.sum self) 0 } ensures { result = lemma_sum_nonneg self } axiom def : forall self : IncSomeTree_Tree_Type.t_tree . lemma_sum_nonneg self = ([#"../inc_some_tree.rs" 34 8 40 9] match (self) with | IncSomeTree_Tree_Type.C_Node tl _ tr -> let _ = lemma_sum_nonneg tl in let _ = lemma_sum_nonneg tr in () | IncSomeTree_Tree_Type.C_Leaf -> () end) - axiom lemma_sum_nonneg_spec : forall self : IncSomeTree_Tree_Type.t_tree . [#"../inc_some_tree.rs" 32 14 32 29] Sum0.sum self >= 0 + axiom lemma_sum_nonneg_spec : forall self : IncSomeTree_Tree_Type.t_tree . [#"../inc_some_tree.rs" 32 14 32 29] Int.ge (Sum0.sum self) 0 end module IncSomeTree_Impl0_LemmaSumNonneg_Impl use prelude.Int @@ -92,7 +92,7 @@ module IncSomeTree_Impl0_LemmaSumNonneg_Impl use IncSomeTree_Tree_Type as IncSomeTree_Tree_Type clone IncSomeTree_Impl0_Sum as Sum0 let rec ghost function lemma_sum_nonneg [#"../inc_some_tree.rs" 33 4 33 30] (self : IncSomeTree_Tree_Type.t_tree) : () - ensures { [#"../inc_some_tree.rs" 32 14 32 29] Sum0.sum self >= 0 } + ensures { [#"../inc_some_tree.rs" 32 14 32 29] Int.ge (Sum0.sum self) 0 } variant {[#"../inc_some_tree.rs" 31 15 31 19] self} = [@vc:do_not_keep_trace] [@vc:sp] @@ -108,7 +108,7 @@ module IncSomeTree_Impl0_SumX_Interface use IncSomeTree_Tree_Type as IncSomeTree_Tree_Type clone IncSomeTree_Impl0_Sum_Stub as Sum0 val sum_x [#"../inc_some_tree.rs" 45 4 45 26] (self : IncSomeTree_Tree_Type.t_tree) : uint32 - requires {[#"../inc_some_tree.rs" 43 15 43 38] Sum0.sum self <= 1000000} + requires {[#"../inc_some_tree.rs" 43 15 43 38] Int.le (Sum0.sum self) 1000000} ensures { [#"../inc_some_tree.rs" 44 14 44 35] UInt32.to_int result = Sum0.sum self } end @@ -122,7 +122,7 @@ module IncSomeTree_Impl0_SumX function Sum0.sum = Sum0.sum, axiom . let rec cfg sum_x [#"../inc_some_tree.rs" 45 4 45 26] [@cfg:stackify] [@cfg:subregion_analysis] (self : IncSomeTree_Tree_Type.t_tree) : uint32 - requires {[#"../inc_some_tree.rs" 43 15 43 38] Sum0.sum self <= 1000000} + requires {[#"../inc_some_tree.rs" 43 15 43 38] Int.le (Sum0.sum self) 1000000} ensures { [#"../inc_some_tree.rs" 44 14 44 35] UInt32.to_int result = Sum0.sum self } = [@vc:do_not_keep_trace] [@vc:sp] @@ -165,7 +165,7 @@ module IncSomeTree_Impl0_SumX goto BB6 } BB6 { - _0 <- ([#"../inc_some_tree.rs" 53 16 53 44] ([#"../inc_some_tree.rs" 53 16 53 31] _11 + a) + _14); + _0 <- ([#"../inc_some_tree.rs" 53 16 53 44] UInt32.add ([#"../inc_some_tree.rs" 53 16 53 31] UInt32.add _11 a) _14); _11 <- any uint32; _14 <- any uint32; goto BB7 @@ -250,6 +250,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -289,8 +290,8 @@ module IncSomeTree_Impl0_TakeSome_Interface type ShallowModelTy0.shallowModelTy = int clone IncSomeTree_Impl0_Sum_Stub as Sum0 val take_some [#"../inc_some_tree.rs" 61 4 61 39] (self : borrowed (IncSomeTree_Tree_Type.t_tree)) : borrowed uint32 - ensures { [#"../inc_some_tree.rs" 59 14 59 64] Sum0.sum ( ^ self) - Sum0.sum ( * self) = UInt32.to_int ( ^ result) - ShallowModel0.shallow_model result } - ensures { [#"../inc_some_tree.rs" 60 14 60 35] ShallowModel0.shallow_model result <= Sum0.sum ( * self) } + ensures { [#"../inc_some_tree.rs" 59 14 59 64] Int.sub (Sum0.sum ( ^ self)) (Sum0.sum ( * self)) = Int.sub (UInt32.to_int ( ^ result)) (ShallowModel0.shallow_model result) } + ensures { [#"../inc_some_tree.rs" 60 14 60 35] Int.le (ShallowModel0.shallow_model result) (Sum0.sum ( * self)) } end module IncSomeTree_Impl0_TakeSome @@ -316,8 +317,8 @@ module IncSomeTree_Impl0_TakeSome function Sum0.sum = Sum0.sum, axiom . let rec cfg take_some [#"../inc_some_tree.rs" 61 4 61 39] [@cfg:stackify] [@cfg:subregion_analysis] (self : borrowed (IncSomeTree_Tree_Type.t_tree)) : borrowed uint32 - ensures { [#"../inc_some_tree.rs" 59 14 59 64] Sum0.sum ( ^ self) - Sum0.sum ( * self) = UInt32.to_int ( ^ result) - ShallowModel0.shallow_model result } - ensures { [#"../inc_some_tree.rs" 60 14 60 35] ShallowModel0.shallow_model result <= Sum0.sum ( * self) } + ensures { [#"../inc_some_tree.rs" 59 14 59 64] Int.sub (Sum0.sum ( ^ self)) (Sum0.sum ( * self)) = Int.sub (UInt32.to_int ( ^ result)) (ShallowModel0.shallow_model result) } + ensures { [#"../inc_some_tree.rs" 60 14 60 35] Int.le (ShallowModel0.shallow_model result) (Sum0.sum ( * self)) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : borrowed uint32; @@ -462,7 +463,7 @@ module IncSomeTree_IncSomeTree_Interface use IncSomeTree_Tree_Type as IncSomeTree_Tree_Type clone IncSomeTree_Impl0_Sum_Stub as Sum0 val inc_some_tree [#"../inc_some_tree.rs" 83 0 83 41] (t : IncSomeTree_Tree_Type.t_tree) (k : uint32) : () - requires {[#"../inc_some_tree.rs" 82 11 82 36] Sum0.sum t + UInt32.to_int k <= 1000000} + requires {[#"../inc_some_tree.rs" 82 11 82 36] Int.le (Int.add (Sum0.sum t) (UInt32.to_int k)) 1000000} end module IncSomeTree_IncSomeTree @@ -485,7 +486,7 @@ module IncSomeTree_IncSomeTree clone IncSomeTree_Impl0_SumX_Interface as SumX0 with function Sum0.sum = Sum0.sum let rec cfg inc_some_tree [#"../inc_some_tree.rs" 83 0 83 41] [@cfg:stackify] [@cfg:subregion_analysis] (t : IncSomeTree_Tree_Type.t_tree) (k : uint32) : () - requires {[#"../inc_some_tree.rs" 82 11 82 36] Sum0.sum t + UInt32.to_int k <= 1000000} + requires {[#"../inc_some_tree.rs" 82 11 82 36] Int.le (Int.add (Sum0.sum t) (UInt32.to_int k)) 1000000} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -513,13 +514,13 @@ module IncSomeTree_IncSomeTree goto BB3 } BB3 { - ma <- { ma with current = ([#"../inc_some_tree.rs" 86 4 86 12] * ma + k) }; + ma <- { ma with current = ([#"../inc_some_tree.rs" 86 4 86 12] UInt32.add ( * ma) k) }; assume { Resolve0.resolve ma }; _12 <- ([#"../inc_some_tree.rs" 87 12 87 21] SumX0.sum_x ([#"../inc_some_tree.rs" 87 12 87 21] t)); goto BB4 } BB4 { - switch ([#"../inc_some_tree.rs" 87 4 87 34] not ([#"../inc_some_tree.rs" 87 12 87 33] _12 = ([#"../inc_some_tree.rs" 87 25 87 33] sum0 + k))) + switch ([#"../inc_some_tree.rs" 87 4 87 34] not ([#"../inc_some_tree.rs" 87 12 87 33] UInt32.eq _12 ([#"../inc_some_tree.rs" 87 25 87 33] UInt32.add sum0 k))) | False -> goto BB6 | True -> goto BB5 end diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_tree/why3session.xml b/creusot/tests/should_succeed/rusthorn/inc_some_tree/why3session.xml index acd099faa8..5c0be4644d 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_tree/why3session.xml +++ b/creusot/tests/should_succeed/rusthorn/inc_some_tree/why3session.xml @@ -2,28 +2,28 @@ - - + + - + - + - + - + diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_tree/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_some_tree/why3shapes.gz index a6c6ccaa6c88208fc104e4a09720a6e04604172b..a9259be9a683f608c3688050c17a1fdec409f933 100644 GIT binary patch literal 991 zcmV<510eh#iwFP!00000|9w`;j@vj8z3VG<%Z%s3eHow+f?>l38ktML;~2C=B}Qy1 z@e=3rr$~yDsO}yg)U4%I6(5Vm{$o|%zS$q{R{nC=+o|vVE=9Tev#?*Cy*(}l)o8y? z0;y4z*0@G?efZor&OFT>maopX236~|eKEqYf8Y-{Z1QPGpM8o!A)a?vhI)5t=zH$( zrP&r{UAFzTJiE)q9w6AE>$}cI_=jFOMH*hhE>>$U8bbr5u2>#Hn~*d*Q|2 z`@^Zb8yS>hzYZJ0q5{(c43vEGW-RPqnaneZy;|EepoQfU$rng6m-GN6MgtDe2GdP7 zm4#_MEwl+{Vld9kIGEL@x(7S59qju+j0pZZig*xJ6cLC6L(k{a@3$Ta5?eUYQ+GJ_ zkFL4pl@pdpbf0e&%(*+xwyok$35I3$VTuI?Qa~a@$aX(%nvlqe-d1q-!@9;O`~m_S zf-(e(UUG(zBjR4&JqqiQyls%x$X=A?NZ)p%Z|rHYPoYJMJa)P7&EG|^f3xRv|2$j( zeI9mVS0=RE?Qsm^zeXf=(8W!F+Pg3CdwX@a{`|`sIWBQHn@NbAPpvOnPcKd5=Jz zt`5gJfgF#9oIt+3Jt454ii^_HmV6&T1+XKODntHq@Hu}}*e}0MH^Wbj3yTh%&xWZG$gKeKJvoT2Xx276;nEjj}uh#vH$|ZO)mGf9}CIjrliJbfA z*C#zfaUP3lxQb~Sr}2a%7SGA{y&I{H^JAU~AeLj#!~m?nH1r))HHy1+sNpbB%~@n^p?NQH!C5rqnxC N{0F>#O`W3(000k+>6!ol literal 967 zcmV;&133I2iwFP!00000|BY5lkJ~m7zUx=$mexT5zJ{cVZUMuvVFQcy67U#w zEd_qW{rMe|q9kf}f%+h8hTlB+&2Xq+7Uk`m{o!uqPj|hYy7u={mWy8t`{#?jJuZgS zWVcEJtI0CG)0)`T{;%%n%+uWQ_0`$NkmYJ+UyL;3Z~OxzMocqccF6}ve;%$4_i$zS zd+_(dYzng~o9(j4~BgXl*iJL zxXcWt*)k2wdcC}dbz)oGqVi%eAL=a0T&tD2JV3l`Kcl39?5QWFa` zSlpL)Z$+ztvQ3cnz*&^lK-y*`ZD?D$ORi<|JT$UzzkiFc{>`4x-E)6I>vO*oyD*`n zehb1^Ba;#}aRaFI(3$PdUfr!b|8zzTuQXI+6e1to9=hwbd%EMN%lGK4IkooeISc@X zoCU%bz66UwPiBV5QE%9DQu%U5L*#1_^?i6|^dyyPqNilCK&RPL(NjH(D^pw^<4Qb4 zDK7X&uNQMeo(yROa6CH6kogDdSK$|C6@%rNjHvus5!Ku$?R^Rr&mtoAGPo3;gI+C^ z5&pEjsk%r77BDTlfI&SiyhqQ>*Zm34(?YYD7MCGB4(K>}(4)Wy_jW@G7}$+H-(2t% zOonZPo(jPk=#Mx6NF0EQ!9e*(RD+z^K}r&M1b~5*CHO3po*Q8Akq7C>0G*NtbWl&p zgZZfmPW}9wrIohh>yOcKHzZ|6{Gos;cU;;p*M~EL2co$VY`vavRz+%?9z_F+nlugW z_Pg8Px{E9Nh7`NWOEv&`ev!`P#Tz)LlbrNT+90#TxCu|x!G}_WBnZ7S0 zm2oaiBau9f>VKx2<6f~G;a<>2ZFX-PM5RW^+9N5a&7tO&VM0g`4{vyY`bi;7xK0e- zMA@|xzoJHt$jA|DK1ba^>6>fe)YhR7_V=rEMZvYA?8sR~4niv{)Db5Smj`e}9D$RP zZb`u LeLog0.le_log (Seq.get s i) (Seq.get s j) + [#"../selection_sort_generic.rs" 11 4 13 5] forall j : int . forall i : int . Int.le l i /\ Int.lt i j /\ Int.lt j u -> LeLog0.le_log (Seq.get s i) (Seq.get s j) val sorted_range [#"../selection_sort_generic.rs" 10 0 10 63] (s : Seq.seq t) (l : int) (u : int) : bool ensures { result = sorted_range s l u } @@ -119,10 +121,11 @@ module SelectionSortGeneric_Partition type t use seq.Seq use prelude.Int + use prelude.Bool clone CreusotContracts_Logic_Ord_OrdLogic_LeLog_Stub as LeLog0 with type self = t predicate partition [#"../selection_sort_generic.rs" 24 0 24 52] (v : Seq.seq t) (i : int) = - [#"../selection_sort_generic.rs" 25 4 25 106] forall k2 : int . forall k1 : int . 0 <= k1 /\ k1 < i /\ i <= k2 /\ k2 < Seq.length v -> LeLog0.le_log (Seq.get v k1) (Seq.get v k2) + [#"../selection_sort_generic.rs" 25 4 25 106] forall k2 : int . forall k1 : int . Int.le 0 k1 /\ Int.lt k1 i /\ Int.le i k2 /\ Int.lt k2 (Seq.length v) -> LeLog0.le_log (Seq.get v k1) (Seq.get v k2) val partition [#"../selection_sort_generic.rs" 24 0 24 52] (v : Seq.seq t) (i : int) : bool ensures { result = partition v i } @@ -222,11 +225,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -244,11 +247,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub type t @@ -325,6 +328,7 @@ module CreusotContracts_Std1_Vec_Impl1_DeepModel_Stub type a use seq.Seq use prelude.Int + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t use seq.Seq @@ -356,6 +360,7 @@ module CreusotContracts_Std1_Vec_Impl1_DeepModel_Interface type a use seq.Seq use prelude.Int + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t use seq.Seq @@ -384,17 +389,18 @@ module CreusotContracts_Std1_Vec_Impl1_DeepModel_Interface val deep_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq DeepModelTy0.deepModelTy requires {[#"../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self} ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length result } - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv result } ensures { result = deep_model self } - axiom deep_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv (deep_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) + axiom deep_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv (deep_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) end module CreusotContracts_Std1_Vec_Impl1_DeepModel type t type a use seq.Seq use prelude.Int + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t use seq.Seq @@ -423,11 +429,11 @@ module CreusotContracts_Std1_Vec_Impl1_DeepModel val deep_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq DeepModelTy0.deepModelTy requires {[#"../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self} ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length result } - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv result } ensures { result = deep_model self } - axiom deep_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv (deep_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) + axiom deep_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv (deep_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) end module CreusotContracts_Model_ShallowModel_ShallowModelTy_Type type self @@ -567,6 +573,7 @@ end module CreusotContracts_Std1_Iter_Range_Impl0_Produces type idx use seq.Seq + use prelude.Bool use prelude.Int use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with @@ -576,7 +583,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Produces predicate produces (self : Core_Ops_Range_Range_Type.t_range idx) (visited : Seq.seq idx) (o : Core_Ops_Range_Range_Type.t_range idx) = - [#"../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) <= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) /\ (Seq.length visited > 0 -> DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) <= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end o)) /\ Seq.length visited = DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) - DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> DeepModel0.deep_model (Seq.get visited i) = DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) + i) + [#"../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ Int.le (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) /\ (Int.gt (Seq.length visited) 0 -> Int.le (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end o))) /\ Seq.length visited = Int.sub (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length visited) -> DeepModel0.deep_model (Seq.get visited i) = Int.add (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) i) val produces (self : Core_Ops_Range_Range_Type.t_range idx) (visited : Seq.seq idx) (o : Core_Ops_Range_Range_Type.t_range idx) : bool ensures { result = produces self visited o } @@ -690,6 +697,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -718,8 +726,8 @@ module Alloc_Vec_Impl1_Len_Interface type a use prelude.UIntSize use seq.Seq - use prelude.Borrow use prelude.Int + use prelude.Borrow use seq.Seq use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with @@ -1021,6 +1029,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_LtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1033,6 +1042,7 @@ end module Core_Cmp_PartialOrd_Lt_Interface type self type rhs + use prelude.Bool use prelude.Borrow clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = self @@ -1060,6 +1070,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Stub use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -1074,6 +1085,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -1083,12 +1095,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Slice_Impl0_ShallowModel type t @@ -1096,6 +1108,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -1105,16 +1118,17 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module Alloc_Vec_Impl9_DerefMut_Interface type t type a + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -1183,8 +1197,8 @@ module Core_Slice_Impl0_Swap_Interface type t = slice t, type ShallowModelTy0.shallowModelTy = Seq.seq t val swap (self : borrowed (slice t)) (a : usize) (b : usize) : () - requires {[#"../../../../creusot-contracts/src/std/slice.rs" 240 19 240 35] UIntSize.to_int a < Seq.length (ShallowModel0.shallow_model self)} - requires {[#"../../../../creusot-contracts/src/std/slice.rs" 241 19 241 35] UIntSize.to_int b < Seq.length (ShallowModel0.shallow_model self)} + requires {[#"../../../../creusot-contracts/src/std/slice.rs" 240 19 240 35] Int.lt (UIntSize.to_int a) (Seq.length (ShallowModel0.shallow_model self))} + requires {[#"../../../../creusot-contracts/src/std/slice.rs" 241 19 241 35] Int.lt (UIntSize.to_int b) (Seq.length (ShallowModel0.shallow_model self))} requires {Inv0.inv self} ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 242 8 242 52] Permut.exchange (ShallowModel1.shallow_model ( ^ self)) (ShallowModel0.shallow_model self) (UIntSize.to_int a) (UIntSize.to_int b) } @@ -1221,6 +1235,7 @@ module CreusotContracts_Std1_Iter_Impl0_IntoIterPost_Interface end module CreusotContracts_Std1_Iter_Impl0_IntoIterPost type i + use prelude.Bool predicate into_iter_post (self : i) (res : i) = [#"../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19] self = res val into_iter_post (self : i) (res : i) : bool @@ -1379,6 +1394,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Completed type idx use prelude.Borrow use prelude.Int + use prelude.Bool use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with type self = idx, @@ -1387,13 +1403,14 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Completed clone CreusotContracts_Resolve_Impl1_Resolve_Stub as Resolve0 with type t = Core_Ops_Range_Range_Type.t_range idx predicate completed (self : borrowed (Core_Ops_Range_Range_Type.t_range idx)) = - [#"../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78] Resolve0.resolve self /\ DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start ( * self)) >= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end ( * self)) + [#"../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78] Resolve0.resolve self /\ Int.ge (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start ( * self))) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end ( * self))) val completed (self : borrowed (Core_Ops_Range_Range_Type.t_range idx)) : bool ensures { result = completed self } end module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1405,6 +1422,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1423,6 +1441,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1441,6 +1460,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog end module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1452,6 +1472,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1470,6 +1491,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1499,6 +1521,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_GeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_GeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1510,6 +1533,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_GeLog end module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1521,6 +1545,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1539,6 +1564,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1568,6 +1594,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_GtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_GtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1579,6 +1606,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_GtLog end module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1590,6 +1618,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1608,6 +1637,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1626,6 +1656,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog end module CreusotContracts_Logic_Ord_OrdLogic_Refl_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1635,6 +1666,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Refl_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Refl_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1650,6 +1682,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Refl_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Refl type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1665,6 +1698,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Refl end module CreusotContracts_Logic_Ord_OrdLogic_Trans_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self @@ -1674,6 +1708,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Trans_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Trans_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self @@ -1693,6 +1728,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Trans_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Trans type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self @@ -1712,6 +1748,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Trans end module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Stub type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1721,6 +1758,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Interface type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1738,6 +1776,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Antisym1 type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1755,6 +1794,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym1 end module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Stub type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1764,6 +1804,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Interface type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1781,6 +1822,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Antisym2 type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1798,6 +1840,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym2 end module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1807,6 +1850,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Stub end module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1823,6 +1867,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Interface end module CreusotContracts_Logic_Ord_OrdLogic_EqCmp type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1860,7 +1905,7 @@ module CreusotContracts_Std1_Slice_Impl5_InBounds use prelude.UIntSize use seq.Seq predicate in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] UIntSize.to_int self < Seq.length seq + [#"../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] Int.lt (UIntSize.to_int self) (Seq.length seq) val in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) : bool ensures { result = in_bounds self seq } @@ -1887,6 +1932,7 @@ module CreusotContracts_Std1_Slice_Impl5_HasValue use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) = [#"../../../../creusot-contracts/src/std/slice.rs" 115 20 115 37] Seq.get seq (UIntSize.to_int self) = out val has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) : bool @@ -1956,6 +2002,7 @@ module SelectionSortGeneric_SelectionSort use prelude.UIntSize use seq.Seq use prelude.Borrow + use prelude.Bool use prelude.Slice clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t @@ -2402,7 +2449,7 @@ module SelectionSortGeneric_SelectionSort goto BB14 } BB14 { - iter1 <- ([#"../selection_sort_generic.rs" 41 8 41 121] IntoIter0.into_iter ([#"../selection_sort_generic.rs" 43 17 43 33] Core_Ops_Range_Range_Type.C_Range ([#"../selection_sort_generic.rs" 43 17 43 24] i + ([#"../selection_sort_generic.rs" 43 22 43 23] [#"../selection_sort_generic.rs" 43 22 43 23] (1 : usize))) _34)); + iter1 <- ([#"../selection_sort_generic.rs" 41 8 41 121] IntoIter0.into_iter ([#"../selection_sort_generic.rs" 43 17 43 33] Core_Ops_Range_Range_Type.C_Range ([#"../selection_sort_generic.rs" 43 17 43 24] UIntSize.add i ([#"../selection_sort_generic.rs" 43 22 43 23] [#"../selection_sort_generic.rs" 43 22 43 23] (1 : usize))) _34)); _34 <- any usize; goto BB15 } @@ -2420,8 +2467,8 @@ module SelectionSortGeneric_SelectionSort BB18 { invariant { [#"../selection_sort_generic.rs" 41 8 41 121] Inv1.inv iter1 }; invariant { [#"../selection_sort_generic.rs" 41 8 41 121] Produces0.produces (Ghost.inner iter_old1) (Ghost.inner produced1) iter1 }; - invariant { [#"../selection_sort_generic.rs" 41 8 41 121] forall k : int . UIntSize.to_int i <= k /\ k < Seq.length (Ghost.inner produced1) + UIntSize.to_int i + 1 -> LeLog0.le_log (Seq.get (DeepModel0.deep_model v) (UIntSize.to_int min)) (Seq.get (DeepModel0.deep_model v) k) }; - invariant { [#"../selection_sort_generic.rs" 42 20 42 64] UIntSize.to_int i <= UIntSize.to_int min /\ UIntSize.to_int min < Seq.length (Ghost.inner produced1) + UIntSize.to_int i + 1 }; + invariant { [#"../selection_sort_generic.rs" 41 8 41 121] forall k : int . Int.le (UIntSize.to_int i) k /\ Int.lt k (Int.add (Int.add (Seq.length (Ghost.inner produced1)) (UIntSize.to_int i)) 1) -> LeLog0.le_log (Seq.get (DeepModel0.deep_model v) (UIntSize.to_int min)) (Seq.get (DeepModel0.deep_model v) k) }; + invariant { [#"../selection_sort_generic.rs" 42 20 42 64] Int.le (UIntSize.to_int i) (UIntSize.to_int min) /\ Int.lt (UIntSize.to_int min) (Int.add (Int.add (Seq.length (Ghost.inner produced1)) (UIntSize.to_int i)) 1) }; goto BB19 } BB19 { @@ -2504,7 +2551,7 @@ module SelectionSortGeneric_SelectionSort BB32 { assert { [@expl:type invariant] Inv5.inv _65 }; assume { Resolve3.resolve _65 }; - assert { [@expl:assertion] [#"../selection_sort_generic.rs" 49 8 50 63] let i = Seq.length (Ghost.inner produced) in forall k2 : int . forall k1 : int . 0 <= k1 /\ k1 < i /\ i <= k2 /\ k2 < Seq.length (DeepModel0.deep_model v) -> LeLog0.le_log (Seq.get (DeepModel0.deep_model v) k1) (Seq.get (DeepModel0.deep_model v) k2) }; + assert { [@expl:assertion] [#"../selection_sort_generic.rs" 49 8 50 63] let i = Seq.length (Ghost.inner produced) in forall k2 : int . forall k1 : int . Int.le 0 k1 /\ Int.lt k1 i /\ Int.le i k2 /\ Int.lt k2 (Seq.length (DeepModel0.deep_model v)) -> LeLog0.le_log (Seq.get (DeepModel0.deep_model v) k1) (Seq.get (DeepModel0.deep_model v) k2) }; _19 <- ([#"../selection_sort_generic.rs" 38 24 51 5] ()); goto BB6 } diff --git a/creusot/tests/should_succeed/slices/01.mlcfg b/creusot/tests/should_succeed/slices/01.mlcfg index 8a5da5e2ab..a138183dc8 100644 --- a/creusot/tests/should_succeed/slices/01.mlcfg +++ b/creusot/tests/should_succeed/slices/01.mlcfg @@ -94,6 +94,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Stub use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -108,6 +109,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -117,12 +119,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Slice_Impl0_ShallowModel type t @@ -130,6 +132,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -139,12 +142,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module TyInv_Trivial type t @@ -163,7 +166,7 @@ module C01_IndexSlice_Interface type t = slice uint32, type ShallowModelTy0.shallowModelTy = Seq.seq uint32 val index_slice [#"../01.rs" 6 0 6 36] (a : slice uint32) : uint32 - requires {[#"../01.rs" 5 11 5 24] 10 < Seq.length (ShallowModel0.shallow_model a)} + requires {[#"../01.rs" 5 11 5 24] Int.lt 10 (Seq.length (ShallowModel0.shallow_model a))} end module C01_IndexSlice @@ -198,7 +201,7 @@ module C01_IndexSlice type ShallowModelTy0.shallowModelTy = Seq.seq uint32, function ShallowModel0.shallow_model = ShallowModel1.shallow_model let rec cfg index_slice [#"../01.rs" 6 0 6 36] [@cfg:stackify] [@cfg:subregion_analysis] (a : slice uint32) : uint32 - requires {[#"../01.rs" 5 11 5 24] 10 < Seq.length (ShallowModel0.shallow_model a)} + requires {[#"../01.rs" 5 11 5 24] Int.lt 10 (Seq.length (ShallowModel0.shallow_model a))} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : uint32; @@ -210,7 +213,7 @@ module C01_IndexSlice } BB0 { _3 <- ([#"../01.rs" 7 6 7 8] [#"../01.rs" 7 6 7 8] (10 : usize)); - _5 <- ([#"../01.rs" 7 4 7 9] _3 < ([#"../01.rs" 7 4 7 9] Slice.length a)); + _5 <- ([#"../01.rs" 7 4 7 9] UIntSize.lt _3 ([#"../01.rs" 7 4 7 9] Slice.length a)); assert { [@expl:index in bounds] [#"../01.rs" 7 4 7 9] _5 }; goto BB1 } @@ -305,6 +308,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -313,10 +317,10 @@ module CreusotContracts_Resolve_Impl1_Resolve end module C01_IndexMutSlice_Interface use seq.Seq + use prelude.Int use prelude.Borrow use prelude.UInt32 use prelude.Slice - use prelude.Int use seq.Seq clone CreusotContracts_Logic_Ops_Impl2_IndexLogic_Stub as IndexLogic0 with type t = uint32 @@ -381,7 +385,7 @@ module C01_IndexMutSlice } BB0 { _4 <- ([#"../01.rs" 13 6 13 7] [#"../01.rs" 13 6 13 7] (2 : usize)); - _6 <- ([#"../01.rs" 13 4 13 8] _4 < ([#"../01.rs" 13 4 13 8] Slice.length ( * a))); + _6 <- ([#"../01.rs" 13 4 13 8] UIntSize.lt _4 ([#"../01.rs" 13 4 13 8] Slice.length ( * a))); assert { [@expl:index in bounds] [#"../01.rs" 13 4 13 8] _6 }; goto BB1 } @@ -421,9 +425,9 @@ module Core_Slice_Impl0_Len_Interface type t use seq.Seq use prelude.UIntSize + use prelude.Int use prelude.Borrow use prelude.Slice - use prelude.Int use seq.Seq clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with type t = slice t, @@ -438,7 +442,9 @@ end module C01_SliceFirst_Interface type t use prelude.Borrow + use prelude.Bool use seq.Seq + use prelude.Int use prelude.Slice use seq.Seq use Core_Option_Option_Type as Core_Option_Option_Type @@ -466,6 +472,7 @@ module C01_SliceFirst use prelude.UIntSize use prelude.Borrow use prelude.Slice + use prelude.Bool use seq.Seq use seq.Seq clone CreusotContracts_Invariant_Inv_Interface as Inv4 with @@ -547,14 +554,14 @@ module C01_SliceFirst goto BB1 } BB1 { - switch ([#"../01.rs" 21 7 21 18] _4 > ([#"../01.rs" 21 17 21 18] [#"../01.rs" 21 17 21 18] (0 : usize))) + switch ([#"../01.rs" 21 7 21 18] UIntSize.gt _4 ([#"../01.rs" 21 17 21 18] [#"../01.rs" 21 17 21 18] (0 : usize))) | False -> goto BB4 | True -> goto BB2 end } BB2 { _8 <- ([#"../01.rs" 22 16 22 17] [#"../01.rs" 22 16 22 17] (0 : usize)); - _10 <- ([#"../01.rs" 22 14 22 18] _8 < ([#"../01.rs" 22 14 22 18] Slice.length a)); + _10 <- ([#"../01.rs" 22 14 22 18] UIntSize.lt _8 ([#"../01.rs" 22 14 22 18] Slice.length a)); assert { [@expl:index in bounds] [#"../01.rs" 22 14 22 18] _10 }; goto BB3 } diff --git a/creusot/tests/should_succeed/slices/01/why3session.xml b/creusot/tests/should_succeed/slices/01/why3session.xml index b339d54451..13bf59e300 100644 --- a/creusot/tests/should_succeed/slices/01/why3session.xml +++ b/creusot/tests/should_succeed/slices/01/why3session.xml @@ -8,17 +8,17 @@ - + - + - + diff --git a/creusot/tests/should_succeed/slices/01/why3shapes.gz b/creusot/tests/should_succeed/slices/01/why3shapes.gz index bf787e6f14a8f360cd7c5e5f7117a33787e8ec1b..726da04df17d230b14feaad2a8ef5c76b87a8815 100644 GIT binary patch literal 679 zcmV;Y0$BYYiwFP!00000|Fu+6Z<{a>e$TJqty`abwlOfZlTZ`{Qq`AD)}9t!j7iZ* zSOabM^LN;Ugskb?qzKOEyYF(}eaENUpnJmKwhLbEp{v{dmp}!#pBMcz*85k@ve5z! z*#a9&zx}pvrJ?_#UH!0r#b6uC3rvuLAP2s^gf#2Z^K`41c zPc4syY}0pI6nL*A{C;?`>0~*dR#|bGd3Fe&DM-2S2W;q4hYuq%cvNYC5k%7i8Si#S zf!RVYgQ`6Q^}e)!)?HH@yP!6G*MQ#LwAvIJ9rJ zyxINI30CzU8v>_G^nE58U^HVgi^m}iX5FQDH@ME(iOF|w7`e0b1U1VtVz@a^O6Cxh z`2qi9g;~G@-u|Dt9C4-Lj+!eoG2z8jb}#)n882DxRCP_V;$z8*L9*gK$%;|3;Gh{EOiTf4LRYF|F)vE5r86-!5|Kcr=0b`rxBL7v74oSdfx^EJ3(D;Gin zP4Vjtff@GfHSRIC-skd|PFCr4p2qo6P)1bG2ysnwd0IeKOilaupf4`R<~h4mKW8)f z`*1OFGn(G3Ilq)TpKS_s$v$U3{`BD#40HnY#6FQ<|5}goj#Ij}s*<2-UX Ne*p%0^?{uR000;uL&5+6 literal 612 zcmV-q0-OCGiwFP!00000|E*KYZk#X_-SZXf(q`pr8yl)jB@_jLRAtl3%BrI~#w4f= zv_O)6evQpAkIc-f8*JalxjsIJPq*Rlg1^lWzL|cgyY@>c!rRZm_y_CuO_6Ngfr2c+ zyA?L3eI8%XHZ@K6zTS4FX%xk=Ti5M~+w|!s#np#&T`HPRIH#GygVPBdUoC{-H}Nv!G?8-E4# zyrfFzolr^fXnT?)3Mt;%$l*%}8(L|ik}Tb$9Q9~6We$7fF@o*9^3?Nyqk?aE``;v( zpk@)Mdx;AI=;%a(?dv$p;2lZ5X)ZXDU3Vm#9Ldf(lFg1}JLfaScU!LPrTlD}-aCa4 ze4vDVw)^$>Zfn#?kNpAp4Ez^{`_ zAl?!A;9C&K#&zX#&r>cI1$l+CI7``C6s%g=3FSx=mx>hdEB;+L+p0Yuzb?jhc3xL? zKa4?OIE^JWQCtzuxZaQrfFT40u!;%;A ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Slice_Impl0_ShallowModel type t @@ -130,6 +132,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -139,12 +142,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl2_IndexLogic_Stub type t @@ -290,6 +293,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_LeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -318,10 +322,11 @@ module CreusotContracts_Logic_Seq_Impl0_SortedRange type t use seq.Seq use prelude.Int + use prelude.Bool clone CreusotContracts_Logic_Ord_OrdLogic_LeLog_Stub as LeLog0 with type self = t predicate sorted_range (self : Seq.seq t) (l : int) (u : int) = - [#"../../../../../creusot-contracts/src/logic/seq.rs" 137 8 139 9] forall j : int . forall i : int . l <= i /\ i <= j /\ j < u -> LeLog0.le_log (Seq.get self i) (Seq.get self j) + [#"../../../../../creusot-contracts/src/logic/seq.rs" 137 8 139 9] forall j : int . forall i : int . Int.le l i /\ Int.le i j /\ Int.lt j u -> LeLog0.le_log (Seq.get self i) (Seq.get self j) val sorted_range (self : Seq.seq t) (l : int) (u : int) : bool ensures { result = sorted_range self l u } @@ -354,6 +359,7 @@ module CreusotContracts_Std1_Slice_Impl1_DeepModel_Stub type t use seq.Seq use prelude.Int + use prelude.Bool use prelude.Slice clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t @@ -382,6 +388,7 @@ module CreusotContracts_Std1_Slice_Impl1_DeepModel_Interface type t use seq.Seq use prelude.Int + use prelude.Bool use prelude.Slice clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t @@ -408,16 +415,17 @@ module CreusotContracts_Std1_Slice_Impl1_DeepModel_Interface val deep_model (self : slice t) : Seq.seq DeepModelTy0.deepModelTy requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 32 18 32 22] Inv0.inv self} ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 30 14 30 41] Seq.length (ShallowModel0.shallow_model self) = Seq.length result } - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 31 4 31 95] forall i : int . 0 <= i /\ i < Seq.length result -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 31 4 31 95] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length result) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 32 4 32 44] Inv1.inv result } ensures { result = deep_model self } - axiom deep_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 32 18 32 22] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 32 4 32 44] Inv1.inv (deep_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 31 4 31 95] forall i : int . 0 <= i /\ i < Seq.length (deep_model self) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 30 14 30 41] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) + axiom deep_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 32 18 32 22] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 32 4 32 44] Inv1.inv (deep_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 31 4 31 95] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (deep_model self)) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 30 14 30 41] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) end module CreusotContracts_Std1_Slice_Impl1_DeepModel type t use seq.Seq use prelude.Int + use prelude.Bool use prelude.Slice clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t @@ -444,11 +452,11 @@ module CreusotContracts_Std1_Slice_Impl1_DeepModel val deep_model (self : slice t) : Seq.seq DeepModelTy0.deepModelTy requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 32 18 32 22] Inv0.inv self} ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 30 14 30 41] Seq.length (ShallowModel0.shallow_model self) = Seq.length result } - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 31 4 31 95] forall i : int . 0 <= i /\ i < Seq.length result -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 31 4 31 95] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length result) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 32 4 32 44] Inv1.inv result } ensures { result = deep_model self } - axiom deep_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 32 18 32 22] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 32 4 32 44] Inv1.inv (deep_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 31 4 31 95] forall i : int . 0 <= i /\ i < Seq.length (deep_model self) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 30 14 30 41] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) + axiom deep_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 32 18 32 22] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 32 4 32 44] Inv1.inv (deep_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 31 4 31 95] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (deep_model self)) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 30 14 30 41] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) end module CreusotContracts_Logic_Ord_OrdLogic_LtLog_Stub type self @@ -463,6 +471,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_LtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -476,6 +485,7 @@ module Core_Slice_Impl0_BinarySearch_Interface type t use prelude.Int use prelude.UIntSize + use prelude.Bool use seq.Seq use prelude.Borrow use prelude.Slice @@ -533,15 +543,16 @@ module Core_Slice_Impl0_BinarySearch_Interface requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 231 0 327 1] Sorted0.sorted (DeepModel0.deep_model self)} requires {Inv0.inv self} requires {Inv1.inv x} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 297 8 297 118] forall i : usize . result = Core_Result_Result_Type.C_Ok i -> UIntSize.to_int i < Seq.length (ShallowModel0.shallow_model self) /\ Seq.get (DeepModel1.deep_model self) (UIntSize.to_int i) = DeepModel2.deep_model x } - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 298 8 299 96] forall i : usize . result = Core_Result_Result_Type.C_Err i -> UIntSize.to_int i <= Seq.length (ShallowModel0.shallow_model self) /\ (forall j : int . 0 <= j /\ j < Seq.length (ShallowModel0.shallow_model self) -> Seq.get (DeepModel0.deep_model self) j <> DeepModel2.deep_model x) } - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 300 8 301 78] forall i : usize . result = Core_Result_Result_Type.C_Err i -> (forall j : usize . j < i -> LtLog0.lt_log (Seq.get (DeepModel0.deep_model self) (UIntSize.to_int j)) (DeepModel2.deep_model x)) } - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 302 8 303 99] forall i : usize . result = Core_Result_Result_Type.C_Err i -> (forall j : usize . i <= j /\ UIntSize.to_int j < Seq.length (ShallowModel0.shallow_model self) -> LtLog0.lt_log (DeepModel2.deep_model x) (Seq.get (DeepModel0.deep_model self) (UIntSize.to_int j))) } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 297 8 297 118] forall i : usize . result = Core_Result_Result_Type.C_Ok i -> Int.lt (UIntSize.to_int i) (Seq.length (ShallowModel0.shallow_model self)) /\ Seq.get (DeepModel1.deep_model self) (UIntSize.to_int i) = DeepModel2.deep_model x } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 298 8 299 96] forall i : usize . result = Core_Result_Result_Type.C_Err i -> Int.le (UIntSize.to_int i) (Seq.length (ShallowModel0.shallow_model self)) /\ (forall j : int . Int.le 0 j /\ Int.lt j (Seq.length (ShallowModel0.shallow_model self)) -> Seq.get (DeepModel0.deep_model self) j <> DeepModel2.deep_model x) } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 300 8 301 78] forall i : usize . result = Core_Result_Result_Type.C_Err i -> (forall j : usize . Int.lt j i -> LtLog0.lt_log (Seq.get (DeepModel0.deep_model self) (UIntSize.to_int j)) (DeepModel2.deep_model x)) } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 302 8 303 99] forall i : usize . result = Core_Result_Result_Type.C_Err i -> (forall j : usize . Int.le i j /\ Int.lt (UIntSize.to_int j) (Seq.length (ShallowModel0.shallow_model self)) -> LtLog0.lt_log (DeepModel2.deep_model x) (Seq.get (DeepModel0.deep_model self) (UIntSize.to_int j))) } end module Core_Result_Impl0_Unwrap_Interface type t type e + use prelude.Bool use Core_Result_Result_Type as Core_Result_Result_Type clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Core_Result_Result_Type.t_result t e @@ -573,9 +584,8 @@ module CreusotContracts_Logic_Ord_Impl3_LtLog_Interface end module CreusotContracts_Logic_Ord_Impl3_LtLog use prelude.Int - use int.Int function lt_log (self : int) (_2 : int) : bool = - Int.(<) self _2 + Int.lt self _2 val lt_log (self : int) (_2 : int) : bool ensures { result = lt_log self _2 } @@ -789,9 +799,8 @@ module CreusotContracts_Logic_Ord_Impl3_LeLog_Interface end module CreusotContracts_Logic_Ord_Impl3_LeLog use prelude.Int - use int.Int function le_log (self : int) (_2 : int) : bool = - Int.(<=) self _2 + Int.le self _2 val le_log (self : int) (_2 : int) : bool ensures { result = le_log self _2 } @@ -799,6 +808,7 @@ end module C02Std_BinarySearch_Interface use prelude.Int use seq.Seq + use prelude.Bool use prelude.UInt32 use prelude.Borrow use prelude.Slice @@ -810,7 +820,7 @@ module C02Std_BinarySearch_Interface type t = slice uint32, type ShallowModelTy0.shallowModelTy = Seq.seq uint32 val binary_search [#"../02_std.rs" 8 0 8 40] (s : slice uint32) : usize - requires {[#"../02_std.rs" 6 0 6 64] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model s) -> UInt32.to_int (IndexLogic0.index_logic s i) = i} + requires {[#"../02_std.rs" 6 0 6 64] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model s)) -> UInt32.to_int (IndexLogic0.index_logic s i) = i} requires {[#"../02_std.rs" 7 11 7 24] Seq.length (ShallowModel0.shallow_model s) = 5} end @@ -821,6 +831,7 @@ module C02Std_BinarySearch use prelude.Slice use prelude.UInt32 use seq.Seq + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_Impl3_LeLog as LeLog0 use Core_Result_Result_Type as Core_Result_Result_Type @@ -947,7 +958,7 @@ module C02Std_BinarySearch let constant promoted0 [#"../02_std.rs" 8 0 8 40] : uint32 = [@vc:do_not_keep_trace] [@vc:sp] let _1 = [#"../02_std.rs" 9 30 9 31] [#"../02_std.rs" 9 30 9 31] (2 : uint32) in let _0 = [#"../02_std.rs" 9 29 9 31] _1 in _0 let rec cfg binary_search [#"../02_std.rs" 8 0 8 40] [@cfg:stackify] [@cfg:subregion_analysis] (s : slice uint32) : usize - requires {[#"../02_std.rs" 6 0 6 64] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model s) -> UInt32.to_int (IndexLogic0.index_logic s i) = i} + requires {[#"../02_std.rs" 6 0 6 64] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model s)) -> UInt32.to_int (IndexLogic0.index_logic s i) = i} requires {[#"../02_std.rs" 7 11 7 24] Seq.length (ShallowModel0.shallow_model s) = 5} = [@vc:do_not_keep_trace] [@vc:sp] @@ -972,7 +983,7 @@ module C02Std_BinarySearch goto BB2 } BB2 { - assert { [@expl:assertion] [#"../02_std.rs" 11 20 11 27] UIntSize.to_int ix < 5 }; + assert { [@expl:assertion] [#"../02_std.rs" 11 20 11 27] Int.lt (UIntSize.to_int ix) 5 }; _0 <- ix; return _0 } diff --git a/creusot/tests/should_succeed/sparse_array.mlcfg b/creusot/tests/should_succeed/sparse_array.mlcfg index 43ced91145..f451ff758a 100644 --- a/creusot/tests/should_succeed/sparse_array.mlcfg +++ b/creusot/tests/should_succeed/sparse_array.mlcfg @@ -137,11 +137,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -159,11 +159,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub type t @@ -229,6 +229,7 @@ module SparseArray_Impl2_IsElt use prelude.Borrow use prelude.Int use prelude.UIntSize + use prelude.Bool use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type clone CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub as IndexLogic0 with @@ -236,7 +237,7 @@ module SparseArray_Impl2_IsElt type a = Alloc_Alloc_Global_Type.t_global use SparseArray_Sparse_Type as SparseArray_Sparse_Type function is_elt [#"../sparse_array.rs" 72 4 72 36] (self : SparseArray_Sparse_Type.t_sparse t) (i : int) : bool = - [#"../sparse_array.rs" 73 20 74 52] UIntSize.to_int (IndexLogic0.index_logic (SparseArray_Sparse_Type.sparse_idx self) i) < UIntSize.to_int (SparseArray_Sparse_Type.sparse_n self) /\ UIntSize.to_int (IndexLogic0.index_logic (SparseArray_Sparse_Type.sparse_back self) (UIntSize.to_int (IndexLogic0.index_logic (SparseArray_Sparse_Type.sparse_idx self) i))) = i + [#"../sparse_array.rs" 73 20 74 52] Int.lt (UIntSize.to_int (IndexLogic0.index_logic (SparseArray_Sparse_Type.sparse_idx self) i)) (UIntSize.to_int (SparseArray_Sparse_Type.sparse_n self)) /\ UIntSize.to_int (IndexLogic0.index_logic (SparseArray_Sparse_Type.sparse_back self) (UIntSize.to_int (IndexLogic0.index_logic (SparseArray_Sparse_Type.sparse_idx self) i))) = i val is_elt [#"../sparse_array.rs" 72 4 72 36] (self : SparseArray_Sparse_Type.t_sparse t) (i : int) : bool ensures { result = is_elt self i } @@ -305,6 +306,7 @@ module SparseArray_Impl1_Invariant use prelude.UIntSize use prelude.Int use seq.Seq + use prelude.Bool use seq.Seq use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -339,8 +341,8 @@ module SparseArray_Impl1_Invariant clone SparseArray_Impl0_ShallowModel_Stub as ShallowModel0 with type t = t predicate invariant' [#"../sparse_array.rs" 49 4 49 30] (self : SparseArray_Sparse_Type.t_sparse t) = - [#"../sparse_array.rs" 50 8 61 9] UIntSize.to_int (SparseArray_Sparse_Type.sparse_n self) <= UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self) /\ Seq.length (ShallowModel0.shallow_model self) = UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self) /\ Seq.length (ShallowModel1.shallow_model (SparseArray_Sparse_Type.sparse_values self)) = UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self) /\ Seq.length (ShallowModel2.shallow_model (SparseArray_Sparse_Type.sparse_idx self)) = UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self) /\ Seq.length (ShallowModel2.shallow_model (SparseArray_Sparse_Type.sparse_back self)) = UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self) /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int (SparseArray_Sparse_Type.sparse_n self) -> match (IndexLogic0.index_logic (SparseArray_Sparse_Type.sparse_back self) i) with - | j -> 0 <= UIntSize.to_int j /\ UIntSize.to_int j < UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self) /\ UIntSize.to_int (IndexLogic0.index_logic (SparseArray_Sparse_Type.sparse_idx self) (UIntSize.to_int j)) = i + [#"../sparse_array.rs" 50 8 61 9] Int.le (UIntSize.to_int (SparseArray_Sparse_Type.sparse_n self)) (UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self)) /\ Seq.length (ShallowModel0.shallow_model self) = UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self) /\ Seq.length (ShallowModel1.shallow_model (SparseArray_Sparse_Type.sparse_values self)) = UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self) /\ Seq.length (ShallowModel2.shallow_model (SparseArray_Sparse_Type.sparse_idx self)) = UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self) /\ Seq.length (ShallowModel2.shallow_model (SparseArray_Sparse_Type.sparse_back self)) = UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self) /\ (forall i : int . Int.le 0 i /\ Int.lt i (UIntSize.to_int (SparseArray_Sparse_Type.sparse_n self)) -> match (IndexLogic0.index_logic (SparseArray_Sparse_Type.sparse_back self) i) with + | j -> Int.le 0 (UIntSize.to_int j) /\ Int.lt (UIntSize.to_int j) (UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self)) /\ UIntSize.to_int (IndexLogic0.index_logic (SparseArray_Sparse_Type.sparse_idx self) (UIntSize.to_int j)) = i end) val invariant' [#"../sparse_array.rs" 49 4 49 30] (self : SparseArray_Sparse_Type.t_sparse t) : bool ensures { result = invariant' self } @@ -567,7 +569,7 @@ module CreusotContracts_Std1_Slice_Impl5_InBounds use prelude.UIntSize use seq.Seq predicate in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] UIntSize.to_int self < Seq.length seq + [#"../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] Int.lt (UIntSize.to_int self) (Seq.length seq) val in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) : bool ensures { result = in_bounds self seq } @@ -594,6 +596,7 @@ module CreusotContracts_Std1_Slice_Impl5_HasValue use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) = [#"../../../../creusot-contracts/src/std/slice.rs" 115 20 115 37] Seq.get seq (UIntSize.to_int self) = out val has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) : bool @@ -619,6 +622,7 @@ module SparseArray_Impl2_Get_Interface use seq.Seq use prelude.Int use prelude.Borrow + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type use seq.Seq use SparseArray_Sparse_Type as SparseArray_Sparse_Type @@ -630,7 +634,7 @@ module SparseArray_Impl2_Get_Interface type t = SparseArray_Sparse_Type.t_sparse t, type ShallowModelTy0.shallowModelTy = Seq.seq (Core_Option_Option_Type.t_option t) val get [#"../sparse_array.rs" 89 4 89 45] (self : SparseArray_Sparse_Type.t_sparse t) (i : usize) : Core_Option_Option_Type.t_option t - requires {[#"../sparse_array.rs" 80 15 80 31] UIntSize.to_int i < Seq.length (ShallowModel0.shallow_model self)} + requires {[#"../sparse_array.rs" 80 15 80 31] Int.lt (UIntSize.to_int i) (Seq.length (ShallowModel0.shallow_model self))} requires {[#"../sparse_array.rs" 89 16 89 20] Inv0.inv self} ensures { [#"../sparse_array.rs" 81 14 84 5] match (result) with | Core_Option_Option_Type.C_None -> Seq.get (ShallowModel0.shallow_model self) (UIntSize.to_int i) = Core_Option_Option_Type.C_None @@ -649,6 +653,7 @@ module SparseArray_Impl2_Get use prelude.UIntSize use prelude.Borrow use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Interface as Inv11 with type t = Seq.seq t @@ -823,7 +828,7 @@ module SparseArray_Impl2_Get predicate Inv2.inv = Inv5.inv, type Output0.output = usize let rec cfg get [#"../sparse_array.rs" 89 4 89 45] [@cfg:stackify] [@cfg:subregion_analysis] (self : SparseArray_Sparse_Type.t_sparse t) (i : usize) : Core_Option_Option_Type.t_option t - requires {[#"../sparse_array.rs" 80 15 80 31] UIntSize.to_int i < Seq.length (ShallowModel0.shallow_model self)} + requires {[#"../sparse_array.rs" 80 15 80 31] Int.lt (UIntSize.to_int i) (Seq.length (ShallowModel0.shallow_model self))} requires {[#"../sparse_array.rs" 89 16 89 20] Inv0.inv self} ensures { [#"../sparse_array.rs" 81 14 84 5] match (result) with | Core_Option_Option_Type.C_None -> Seq.get (ShallowModel0.shallow_model self) (UIntSize.to_int i) = Core_Option_Option_Type.C_None @@ -854,7 +859,7 @@ module SparseArray_Impl2_Get } BB1 { index <- _7; - switch ([#"../sparse_array.rs" 91 11 91 25] index < SparseArray_Sparse_Type.sparse_n self) + switch ([#"../sparse_array.rs" 91 11 91 25] UIntSize.lt index (SparseArray_Sparse_Type.sparse_n self)) | False -> goto BB2 | True -> goto BB3 end @@ -874,7 +879,7 @@ module SparseArray_Impl2_Get end } BB5 { - _10 <- ([#"../sparse_array.rs" 91 29 91 50] _16 = i); + _10 <- ([#"../sparse_array.rs" 91 29 91 50] UIntSize.eq _16 i); goto BB4 } BB6 { @@ -905,8 +910,9 @@ module SparseArray_Impl2_Get end module SparseArray_Impl2_LemmaPermutation_Stub type t - use prelude.Int use prelude.UIntSize + use prelude.Int + use prelude.Bool use SparseArray_Sparse_Type as SparseArray_Sparse_Type clone SparseArray_Impl2_IsElt_Stub as IsElt0 with type t = t @@ -917,8 +923,9 @@ module SparseArray_Impl2_LemmaPermutation_Stub end module SparseArray_Impl2_LemmaPermutation_Interface type t - use prelude.Int use prelude.UIntSize + use prelude.Int + use prelude.Bool use SparseArray_Sparse_Type as SparseArray_Sparse_Type clone SparseArray_Impl2_IsElt_Stub as IsElt0 with type t = t @@ -928,17 +935,18 @@ module SparseArray_Impl2_LemmaPermutation_Interface val lemma_permutation [#"../sparse_array.rs" 104 4 104 38] (self : SparseArray_Sparse_Type.t_sparse t) (i : int) : () requires {[#"../sparse_array.rs" 101 15 101 34] SparseArray_Sparse_Type.sparse_n self = SparseArray_Sparse_Type.sparse_size self} - requires {[#"../sparse_array.rs" 102 15 102 39] 0 <= i /\ i < UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self)} + requires {[#"../sparse_array.rs" 102 15 102 39] Int.le 0 i /\ Int.lt i (UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self))} requires {[#"../sparse_array.rs" 104 25 104 29] Inv0.inv self} ensures { [#"../sparse_array.rs" 103 14 103 28] IsElt0.is_elt self i } ensures { result = lemma_permutation self i } - axiom lemma_permutation_spec : forall self : SparseArray_Sparse_Type.t_sparse t, i : int . ([#"../sparse_array.rs" 101 15 101 34] SparseArray_Sparse_Type.sparse_n self = SparseArray_Sparse_Type.sparse_size self) -> ([#"../sparse_array.rs" 102 15 102 39] 0 <= i /\ i < UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self)) -> ([#"../sparse_array.rs" 104 25 104 29] Inv0.inv self) -> ([#"../sparse_array.rs" 103 14 103 28] IsElt0.is_elt self i) + axiom lemma_permutation_spec : forall self : SparseArray_Sparse_Type.t_sparse t, i : int . ([#"../sparse_array.rs" 101 15 101 34] SparseArray_Sparse_Type.sparse_n self = SparseArray_Sparse_Type.sparse_size self) -> ([#"../sparse_array.rs" 102 15 102 39] Int.le 0 i /\ Int.lt i (UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self))) -> ([#"../sparse_array.rs" 104 25 104 29] Inv0.inv self) -> ([#"../sparse_array.rs" 103 14 103 28] IsElt0.is_elt self i) end module SparseArray_Impl2_LemmaPermutation type t - use prelude.Int use prelude.UIntSize + use prelude.Int + use prelude.Bool use SparseArray_Sparse_Type as SparseArray_Sparse_Type clone SparseArray_Impl2_IsElt_Stub as IsElt0 with type t = t @@ -950,17 +958,18 @@ module SparseArray_Impl2_LemmaPermutation [#"../sparse_array.rs" 100 4 100 12] () val lemma_permutation [#"../sparse_array.rs" 104 4 104 38] (self : SparseArray_Sparse_Type.t_sparse t) (i : int) : () requires {[#"../sparse_array.rs" 101 15 101 34] SparseArray_Sparse_Type.sparse_n self = SparseArray_Sparse_Type.sparse_size self} - requires {[#"../sparse_array.rs" 102 15 102 39] 0 <= i /\ i < UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self)} + requires {[#"../sparse_array.rs" 102 15 102 39] Int.le 0 i /\ Int.lt i (UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self))} requires {[#"../sparse_array.rs" 104 25 104 29] Inv0.inv self} ensures { [#"../sparse_array.rs" 103 14 103 28] IsElt0.is_elt self i } ensures { result = lemma_permutation self i } - axiom lemma_permutation_spec : forall self : SparseArray_Sparse_Type.t_sparse t, i : int . ([#"../sparse_array.rs" 101 15 101 34] SparseArray_Sparse_Type.sparse_n self = SparseArray_Sparse_Type.sparse_size self) -> ([#"../sparse_array.rs" 102 15 102 39] 0 <= i /\ i < UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self)) -> ([#"../sparse_array.rs" 104 25 104 29] Inv0.inv self) -> ([#"../sparse_array.rs" 103 14 103 28] IsElt0.is_elt self i) + axiom lemma_permutation_spec : forall self : SparseArray_Sparse_Type.t_sparse t, i : int . ([#"../sparse_array.rs" 101 15 101 34] SparseArray_Sparse_Type.sparse_n self = SparseArray_Sparse_Type.sparse_size self) -> ([#"../sparse_array.rs" 102 15 102 39] Int.le 0 i /\ Int.lt i (UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self))) -> ([#"../sparse_array.rs" 104 25 104 29] Inv0.inv self) -> ([#"../sparse_array.rs" 103 14 103 28] IsElt0.is_elt self i) end module SparseArray_Impl2_LemmaPermutation_Impl type t - use prelude.Int use prelude.UIntSize + use prelude.Int + use prelude.Bool use seq.Seq use seq.Seq clone CreusotContracts_Invariant_Inv_Interface as Inv4 with @@ -1048,7 +1057,7 @@ module SparseArray_Impl2_LemmaPermutation_Impl axiom . let rec ghost function lemma_permutation [#"../sparse_array.rs" 104 4 104 38] (self : SparseArray_Sparse_Type.t_sparse t) (i : int) : () requires {[#"../sparse_array.rs" 101 15 101 34] SparseArray_Sparse_Type.sparse_n self = SparseArray_Sparse_Type.sparse_size self} - requires {[#"../sparse_array.rs" 102 15 102 39] 0 <= i /\ i < UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self)} + requires {[#"../sparse_array.rs" 102 15 102 39] Int.le 0 i /\ Int.lt i (UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self))} requires {[#"../sparse_array.rs" 104 25 104 29] Inv0.inv self} ensures { [#"../sparse_array.rs" 103 14 103 28] IsElt0.is_elt self i } @@ -1102,6 +1111,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -1144,6 +1154,7 @@ module Alloc_Vec_Impl13_IndexMut_Interface type a use prelude.Borrow use seq.Seq + use prelude.Int use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv4 with @@ -1226,8 +1237,9 @@ module CreusotContracts_Std1_Slice_Impl5_ResolveElswhere use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) = - [#"../../../../creusot-contracts/src/std/slice.rs" 122 8 122 96] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i + [#"../../../../creusot-contracts/src/std/slice.rs" 122 8 122 96] forall i : int . Int.le 0 i /\ i <> UIntSize.to_int self /\ Int.lt i (Seq.length old') -> Seq.get old' i = Seq.get fin i val resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) : bool ensures { result = resolve_elswhere self old' fin } @@ -1238,6 +1250,7 @@ module SparseArray_Impl2_Set_Interface use seq.Seq use prelude.Int use prelude.Borrow + use prelude.Bool use Core_Option_Option_Type as Core_Option_Option_Type use seq.Seq use SparseArray_Sparse_Type as SparseArray_Sparse_Type @@ -1251,11 +1264,11 @@ module SparseArray_Impl2_Set_Interface type t = SparseArray_Sparse_Type.t_sparse t, type ShallowModelTy0.shallowModelTy = Seq.seq (Core_Option_Option_Type.t_option t) val set [#"../sparse_array.rs" 112 4 112 41] (self : borrowed (SparseArray_Sparse_Type.t_sparse t)) (i : usize) (v : t) : () - requires {[#"../sparse_array.rs" 108 15 108 31] UIntSize.to_int i < Seq.length (ShallowModel0.shallow_model self)} + requires {[#"../sparse_array.rs" 108 15 108 31] Int.lt (UIntSize.to_int i) (Seq.length (ShallowModel0.shallow_model self))} requires {[#"../sparse_array.rs" 112 20 112 24] Inv0.inv self} requires {[#"../sparse_array.rs" 112 36 112 37] Inv1.inv v} ensures { [#"../sparse_array.rs" 109 14 109 43] Seq.length (ShallowModel1.shallow_model ( ^ self)) = Seq.length (ShallowModel0.shallow_model self) } - ensures { [#"../sparse_array.rs" 110 4 110 95] forall j : int . 0 <= j /\ j < Seq.length (ShallowModel0.shallow_model self) /\ j <> UIntSize.to_int i -> Seq.get (ShallowModel1.shallow_model ( ^ self)) j = Seq.get (ShallowModel0.shallow_model self) j } + ensures { [#"../sparse_array.rs" 110 4 110 95] forall j : int . Int.le 0 j /\ Int.lt j (Seq.length (ShallowModel0.shallow_model self)) /\ j <> UIntSize.to_int i -> Seq.get (ShallowModel1.shallow_model ( ^ self)) j = Seq.get (ShallowModel0.shallow_model self) j } ensures { [#"../sparse_array.rs" 111 14 111 37] Seq.get (ShallowModel1.shallow_model ( ^ self)) (UIntSize.to_int i) = Core_Option_Option_Type.C_Some v } end @@ -1266,6 +1279,7 @@ module SparseArray_Impl2_Set use prelude.UIntSize use prelude.Ghost use seq.Seq + use prelude.Bool use seq.Seq use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -1493,11 +1507,11 @@ module SparseArray_Impl2_Set val Max0.mAX' = Max0.mAX', predicate Inv4.inv = Inv6.inv let rec cfg set [#"../sparse_array.rs" 112 4 112 41] [@cfg:stackify] [@cfg:subregion_analysis] (self : borrowed (SparseArray_Sparse_Type.t_sparse t)) (i : usize) (v : t) : () - requires {[#"../sparse_array.rs" 108 15 108 31] UIntSize.to_int i < Seq.length (ShallowModel0.shallow_model self)} + requires {[#"../sparse_array.rs" 108 15 108 31] Int.lt (UIntSize.to_int i) (Seq.length (ShallowModel0.shallow_model self))} requires {[#"../sparse_array.rs" 112 20 112 24] Inv3.inv self} requires {[#"../sparse_array.rs" 112 36 112 37] Inv1.inv v} ensures { [#"../sparse_array.rs" 109 14 109 43] Seq.length (ShallowModel1.shallow_model ( ^ self)) = Seq.length (ShallowModel0.shallow_model self) } - ensures { [#"../sparse_array.rs" 110 4 110 95] forall j : int . 0 <= j /\ j < Seq.length (ShallowModel0.shallow_model self) /\ j <> UIntSize.to_int i -> Seq.get (ShallowModel1.shallow_model ( ^ self)) j = Seq.get (ShallowModel0.shallow_model self) j } + ensures { [#"../sparse_array.rs" 110 4 110 95] forall j : int . Int.le 0 j /\ Int.lt j (Seq.length (ShallowModel0.shallow_model self)) /\ j <> UIntSize.to_int i -> Seq.get (ShallowModel1.shallow_model ( ^ self)) j = Seq.get (ShallowModel0.shallow_model self) j } ensures { [#"../sparse_array.rs" 111 14 111 37] Seq.get (ShallowModel1.shallow_model ( ^ self)) (UIntSize.to_int i) = Core_Option_Option_Type.C_Some v } = [@vc:do_not_keep_trace] [@vc:sp] @@ -1548,7 +1562,7 @@ module SparseArray_Impl2_Set } BB6 { index <- _13; - switch ([#"../sparse_array.rs" 115 13 115 27] index < SparseArray_Sparse_Type.sparse_n ( * self)) + switch ([#"../sparse_array.rs" 115 13 115 27] UIntSize.lt index (SparseArray_Sparse_Type.sparse_n ( * self))) | False -> goto BB7 | True -> goto BB8 end @@ -1568,7 +1582,7 @@ module SparseArray_Impl2_Set end } BB10 { - _17 <- ([#"../sparse_array.rs" 115 31 115 52] _23 = i); + _17 <- ([#"../sparse_array.rs" 115 31 115 52] UIntSize.eq _23 i); goto BB9 } BB11 { @@ -1577,7 +1591,7 @@ module SparseArray_Impl2_Set } BB12 { assume { Resolve3.resolve _27 }; - assert { [@expl:assertion] [#"../sparse_array.rs" 118 26 118 46] UIntSize.to_int (SparseArray_Sparse_Type.sparse_n ( * self)) < UIntSize.to_int (SparseArray_Sparse_Type.sparse_size ( * self)) }; + assert { [@expl:assertion] [#"../sparse_array.rs" 118 26 118 46] Int.lt (UIntSize.to_int (SparseArray_Sparse_Type.sparse_n ( * self))) (UIntSize.to_int (SparseArray_Sparse_Type.sparse_size ( * self))) }; _33 <- Borrow.borrow_mut (SparseArray_Sparse_Type.sparse_idx ( * self)); self <- { self with current = (let SparseArray_Sparse_Type.C_Sparse a b c d e = * self in SparseArray_Sparse_Type.C_Sparse a b c ( ^ _33) e) }; _32 <- ([#"../sparse_array.rs" 120 12 120 23] IndexMut1.index_mut _33 i); @@ -1596,7 +1610,7 @@ module SparseArray_Impl2_Set BB14 { _36 <- { _36 with current = i }; assume { Resolve4.resolve _36 }; - self <- { self with current = (let SparseArray_Sparse_Type.C_Sparse a b c d e = * self in SparseArray_Sparse_Type.C_Sparse a ([#"../sparse_array.rs" 122 12 122 23] SparseArray_Sparse_Type.sparse_n ( * self) + ([#"../sparse_array.rs" 122 22 122 23] [#"../sparse_array.rs" 122 22 122 23] (1 : usize))) c d e) }; + self <- { self with current = (let SparseArray_Sparse_Type.C_Sparse a b c d e = * self in SparseArray_Sparse_Type.C_Sparse a ([#"../sparse_array.rs" 122 12 122 23] UIntSize.add (SparseArray_Sparse_Type.sparse_n ( * self)) ([#"../sparse_array.rs" 122 22 122 23] [#"../sparse_array.rs" 122 22 122 23] (1 : usize))) c d e) }; assert { [@expl:type invariant] Inv3.inv self }; assume { Resolve2.resolve self }; _0 <- ([#"../sparse_array.rs" 115 54 123 9] ()); @@ -1621,6 +1635,7 @@ module Alloc_Vec_FromElem_Interface use seq.Seq use prelude.UIntSize use prelude.Int + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv2 with type t = Seq.seq t @@ -1644,14 +1659,15 @@ module Alloc_Vec_FromElem_Interface val from_elem (elem : t) (n : usize) : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) requires {Inv0.inv elem} ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 157 22 157 41] Seq.length (ShallowModel0.shallow_model result) = UIntSize.to_int n } - ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 158 12 158 78] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> IndexLogic0.index_logic result i = elem } + ensures { [#"../../../../creusot-contracts/src/std/vec.rs" 158 12 158 78] forall i : int . Int.le 0 i /\ Int.lt i (UIntSize.to_int n) -> IndexLogic0.index_logic result i = elem } ensures { Inv1.inv result } end module SparseArray_Create_Interface type t - use prelude.Int use prelude.UIntSize + use prelude.Int + use prelude.Bool use seq.Seq use SparseArray_Sparse_Type as SparseArray_Sparse_Type clone CreusotContracts_Invariant_Inv_Stub as Inv1 with @@ -1664,7 +1680,7 @@ module SparseArray_Create_Interface val create [#"../sparse_array.rs" 134 0 134 64] (sz : usize) (dummy : t) : SparseArray_Sparse_Type.t_sparse t requires {[#"../sparse_array.rs" 134 42 134 47] Inv0.inv dummy} ensures { [#"../sparse_array.rs" 132 10 132 27] SparseArray_Sparse_Type.sparse_size result = sz } - ensures { [#"../sparse_array.rs" 133 0 133 67] forall i : int . 0 <= i /\ i < UIntSize.to_int sz -> Seq.get (ShallowModel0.shallow_model result) i = Core_Option_Option_Type.C_None } + ensures { [#"../sparse_array.rs" 133 0 133 67] forall i : int . Int.le 0 i /\ Int.lt i (UIntSize.to_int sz) -> Seq.get (ShallowModel0.shallow_model result) i = Core_Option_Option_Type.C_None } ensures { [#"../sparse_array.rs" 134 55 134 64] Inv1.inv result } end @@ -1672,6 +1688,7 @@ module SparseArray_Create type t use prelude.Int use prelude.UIntSize + use prelude.Bool use seq.Seq use seq.Seq use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type @@ -1790,7 +1807,7 @@ module SparseArray_Create let rec cfg create [#"../sparse_array.rs" 134 0 134 64] [@cfg:stackify] [@cfg:subregion_analysis] (sz : usize) (dummy : t) : SparseArray_Sparse_Type.t_sparse t requires {[#"../sparse_array.rs" 134 42 134 47] Inv0.inv dummy} ensures { [#"../sparse_array.rs" 132 10 132 27] SparseArray_Sparse_Type.sparse_size result = sz } - ensures { [#"../sparse_array.rs" 133 0 133 67] forall i : int . 0 <= i /\ i < UIntSize.to_int sz -> Seq.get (ShallowModel0.shallow_model result) i = Core_Option_Option_Type.C_None } + ensures { [#"../sparse_array.rs" 133 0 133 67] forall i : int . Int.le 0 i /\ Int.lt i (UIntSize.to_int sz) -> Seq.get (ShallowModel0.shallow_model result) i = Core_Option_Option_Type.C_None } ensures { [#"../sparse_array.rs" 134 55 134 64] Inv1.inv result } = [@vc:do_not_keep_trace] [@vc:sp] @@ -1864,6 +1881,7 @@ module SparseArray_F use prelude.Int use prelude.Int32 use prelude.UIntSize + use prelude.Bool use prelude.Borrow use seq.Seq use seq.Seq diff --git a/creusot/tests/should_succeed/sparse_array/why3session.xml b/creusot/tests/should_succeed/sparse_array/why3session.xml index 039f28f8ea..d4ac59f841 100644 --- a/creusot/tests/should_succeed/sparse_array/why3session.xml +++ b/creusot/tests/should_succeed/sparse_array/why3session.xml @@ -3,14 +3,13 @@ "http://why3.lri.fr/why3session.dtd"> - - + @@ -23,19 +22,19 @@ - + - + - + @@ -52,95 +51,95 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/sparse_array/why3shapes.gz b/creusot/tests/should_succeed/sparse_array/why3shapes.gz index 577f61f5974c5cab5d9e5426fd8f0fb0dede0363..6274d0245a0d6a2c141b271cfa39d7f6e049127c 100644 GIT binary patch literal 3841 zcmV+c5B~5UiwFP!00000|Lr>4j@vkv@BRwE^=|fs~^M7PRdSo?SB0plDgWG?etW-dw>a&m?96){YFv$@ov5U#eMes^^1SrZ+B1sy;kdY z|G7GRaoeYtlHIl=Uh>F2{Qjy63$?tXpvv}^ohDcoWAuzfnXPn*C0u!->E z7~(F@LMfK9@DfhYoIu=VW}xFsl-LcSl!QDkyZvYPy!Q_;?(wVNmnx%r-nys552Z@L zSgLNHEOj?jrRj#cwB68@yw`&*Iq!ACN-i=TBN~;G$Qrc58W!a8%GY2Z5H{Q$N)zs<(T)*GWxgY zh{0sto0jjMds7OV$lC;XM=JYDs!{kuRFE*^Co(~VBnOaRhAlrj|0Peht3qcn6pcnw zkfb;j13NJ)SN|glK|3?Mf}Hd(6Gm|IlPe}teX%@0}Db_^KmYA@0 ztlgfiZS$JA5+6R?lKPHJpA7|gH&_?ifTU^I^dr(KfzjYLji3Z^+rx>ob}oTO=uHm6 zsNoc$keutG+I@X$_OrWwJn@jbk$2qnvK;#fu;l!}j{F2zi6SZz#hjlYKlKyjt)HM+ zmG9SK_q?WHT+W*OLb@yYU7vcpY$t|n2SaYgb6HhhO3nmwHzd%T-lyE&KZfpUzx_X- zCL*Ppxh?%3+_uAg3Kg?rJG^lrW~RTEx-{K}lQhN0v5_{$WbF1|pFjHguzm3^j8r~l zlEC)<`QV$V^iN+OU8Ly()6=&unsciV)UU&PHn zbenA6bD2!qvE4s-QgSlGHhJOd^KO5rcTdgsK(%^+Nt(@WnyL|{A(}KZ)=5ibz|w3+ zrY`jq=C*U-NB`-Qd-&{0s|S~9F1a(iD%R@WwknqEXk40{u`ab7*}PoejqOWCdkS`&;{JnDz z6ju|4(p(quc@#T^1mIrXD|fHLy@Gqilx1j{yK49Ry!+KRKYaSf5$t_JpTJ$%KDoz% z1IUZ3p(Kz5NBu%v|NQJnv65`m?R&8?gS7>M^t}J|7ys;M(Hy6#miEoO1Gjw7t!1W$ z>Nih~)N0QFbp-AcSn{Max}pE4>U?R{*1bp$ILDajmR~KNLWb7bRJP$JT?9`Ka4x3c786gwy3^Dn;m!yc)XhP>op)FMP#tW z7H?h~Co481TD_0`{sRT}q!mdsyO^zaGo6Tg5HQg~1dMarFa3_Z*MG_L9l$O(>^cob z{&p%8%yCZJ5^}c_n+t~6LE=RW%!rYecaWywMBSUQu@l$i!#nJ_#?84kjQMC(U#W!u#?PP~6j=nuHU|iW;%tpAFjW%b3YDgH7xpTpnvrj7w zbePX&>Uf&sHbbV9ofxI+0V@6(m4=75o{cLDU;Q*$i7u+$6P=O&_Vx3lXMHjfabaA$ zPJ(o%BkhANwTW%#MD~R_KN+eQzfiu!nes)j_ldxye4R_9GJ+?aw4-BxI5C;b5{#!Z z(WUCtvNX5U(p-$FOe^Y4oPlZy+-Ip%G z29WMmxmWF8jeE77wP3+oBjEc)W-yl+o9l>SIMt8tt*6_(e!OSSs8`^fQL;X3W4&l& zJ+|I8q@(K9^_yDq_jy9IjB_Hcw(sA+KWv87 zmwa+F0uh_Dsi>q_+^G^|3H1Nivr|1CmuNK=b*Jl8-e^7w&_C)^^UtMu*h~z%$>v|O zKHqfiu``?OGdr_XNH6*KX&oiB_R63dw-m>lde4r$ErWGYlO@=l=77!Fe3afN+W7hj z_(?v(S!H8ZUu@)3y?z%5GszMsMiF_JIG2=hNXo5^MC|)`XC%(gTIo!snX}Th)$L5* z*VmuK+Qnkl3a}i(={0J6)0z>NVr&gQYmHV>vA-6bHN;GtvALp$S<3N>*hwwcxnuhz zYw#sh@)}g>jo-)Ab$vVs7<;&n{Y!<_+-*cp@8ir(MZ2<^q&@goOndn6wD;#rd-(6P z_x;k|Y_zLuqW#>)63o(0TDtow-qiH3xwq-9H$5+>sP^qBnA`LG_Af^BRcC(VIm5_( zykYDvS8abWnjCTgoDRyTOOO|mK!Oh#lSDKz`#v#Va%Oo1zg=?4md7OocherTl(M@a zlj%}R%6Sh#Q%Wo)DV%=3~dAsnJa`>U7Db z$NWT{x1?3N_C!^p%-5bsqvbd)7m_KKbGfv{tcVU z`fNg_OZj-KByYR>W!b-KeR$mcysc@5)Kard)SeKvi`gdL&3DlG79S&;n?xFVf^b5R ziVSNB3U*9TurmZzHc{G(q@UR;VEu zQKPSeRMHz zQfnYspiP1m+!ovvTo+u$ojM3sX=S{vsUS#Sb0jx(T1xMf_iGRZ@IqiAh?pn@pTi;~ zsRVe%L**4T6$V#T6b2!1Pz>tpuyA3S;iyqIwnp$^1Tu}PGP<@w^jPF2M2*wnv{8mt zTuTr^h$_^^OHFv47i*ylp{_tANfhBR1gM;|O~Wb`pr(gfgy4hdIJyQ`;MOx>9Ds$! zqLEF&N@&d#VH2{BOaZ$NmuMQSpcb{Moe6}3D!*q|lC{b9+9UyOAz3aJZ8 zAwpEJkWfhRTgWw}gxXYAnW$L9f=59?>KL<)ra>g9_*+s`(pn)KV;e(%0&5uM1&=&n z@J(IUiK2L8qQR@WVvR!)I0;AM)kdhgq3|^o7`4_!)E3GVit>&slq?h$3f_zXbitCR zQP!)_f+kKJx0W7bawO-D3}{hk{(ae~Eciz1T3go0ARSol8>`6RmIGEiDqmxv;rC#s z_JX2NanBopwrYgrk_F1|3@y1vlbDgeA3u~so%Ox}X@g|7mE;)0P?RH;3Z3~O&-^`E zswin%LG^-?C=W`=N;F=0i@FL`$l+;tVMtN7&{Q;aq1Eri8^?fDzn!j>6OF8Sg}gH4 z;?g(}nABy&AI6^ZvZ|2^QgG4*@2#~?dvujHObQ(md+)i;R5noTW1!%7Of#^JUt3;SB1fH{S7SY-^#*bVWF_%jj2=1V6>u?O9|dkG<#i9>j#zz9s4+u zsH^YDfDEp#La@|!7^7oy)xa35DpoZTG;5Q|cjbX;52|W-C5^URHDqVOEKrfHV@69n za7IlHqjrT+7tW{+XVix?YPnhL#7RlEu%@v3d+{hVRX|4VPDAd<3<_ehGSae2qOTgA zc{G1GpWqz?Ks1f6fK&UTDMqPrs;N;!C2Z!?{wa8MP6B5YQZfmq)=*iBMJa+aRPC8+ z);#vJv7wC}Ew!{f9>L-nEFQwrDU2B9?2lErl0h*O0<}j{DC=sdeWgGFson;R*^yI= z&Z$S|u|@wA%R;Rlv7j^{(2-AT@QPbS$&fNZg>{JM4^D>;PN$AH&|F}2(yghn6fAH$ z7D_syxQ4nYrJXoyI0~o#}Xyhb;-A&rF z)@n8yt*qqhQzZL2(>a# zRd-I7x?8H!bW2^@ZfQ#B^L0r#o?(q5HgRdWVPu_*OaA`>#4*ucMH&N#wKi|1X(*;V~B{}I^ z`nz~^lcXVt_gezAFTvTQpzkAYaJz&XUc?RWyF)ggd6`T)u{+%QyT@#WUGm}8r~Tov z-rqO7M=I3=Oww!w*yduSBNa1aoU{`uP#6w|F7*`Vx^v$<|M8={{p3lhk1ms3a%T3D zGq(vQwiL_0dKwZZz6!0c_CYbk#HcS2Lth}fzTmis%=HCo=nM4F7nq?h;6qKRoPz_04x5e>sA^N$3-}3%h%FH*kP?b2U^ElHjOUi2I)&{3uY8g}QT3HfFE3 zrjV8ozy9nW{4AQ|9M#fZaNm~ixxLKPP(S9Wky`B;ppL*z0!x0BR#)`@sXCupwRLcq zP{Zo+KcD=%clurl?QV|}`W@&t7L+~iI9j`BJZ5%dsGpZ0B4IHh(|JWvao_mo{A1ip zwa@3W>WHUagao`?yyxXO*|8bX>fJ6H0Q$ZouBVNMyX6=&f4i7A9_iUwln!p6d#Ct! z|Ah+LjJ2CsAg9?w#{+E6`RnYnu@W-<(Y`CB@jDZrd`w4H$cD zDwAI%)@+u>&BP#^Y`!Jy!KO3sKEDDHY4LUbd0GYut-LTO#vQ@&q24niZ_8kv*Jlah z?vctiXY)yZ#}wa7A)MqBF{^Bm)khsoQZ$iPGpSBYOv3XSelDeoA*Hq!q7=N>orUyS z3!SMFa~8U^GM#DJ`r5JAXP~+|l-Xa7$MlXezTwPh<2$%f8J@L6t0W37)7oL~!m##=_GA!e~goi{%vr215H1db5Q#d z5zX~^cKa8Ic^sJE49@Uz6Q^+90Mhou!*tzU0H^!y=@#aVBoBuHV-$#f&%SnxbHFSP zhwCMGY*}1Fu${J$rR--lj!Ma zzAB=Z(*MUSL@l?}RGJ|QRf=|wC1|xAmgPd;6y;pnEXDB*tUOJce%EJ#`+BnS4-#=t0 zuo0A}j|xIP|WM2}dApL3LuDZ&ZG|=+q-Gpp~{flj0%L%*RA-J$lv8me)-2jyz{5pE`2LB0=eW< zp(%JO)ROgI3K6&M2OaV2m$w7xY*i(oZC8Axfgi>U9KJNAOiX!Cv+W_GLcNdxGSHj$qa&=7%r6 zPf&Yl^G8KCHkz%xXp+2WzRD+-<>g-{FF%zRdwJ2!`ow~~T}BJ5l~G!os>T2aA$a4g z=AkhGJY!OXY7MdgQ2-Xe3xEPxVGC2}LKU(Q1s3$QU@KKIaH3M2gK8vrU`-`?)hH>n zt&LhE!6F^vtN>epDL@yX=p>aaP?d15;@WryjnUlJl;4AiEH!K71wz3^!HF0zILu*b zq>1z@CpF5zeT`NMl-$%zc;e?WEW!pSz*LqYXfL@^!YkiM3!G!)Lx)Aagh)FBrZEbf zH`I=~#zmQea`bOwYQN^X;OYWITn1~EHX4m|z%@GGFvE>S(P-ZE+PMT5Hi9$b5TU8C zfrizH#>+z#hs33i70SYX6xU7v4A(B(@niNHCD{?T<6>C&L7Hq}6 z)voar55z>G$X}UgT?Y%`t#MihL9WSdP|#>5l`{<4S`$%QC{rlPJE~B!P@+)ydJI_C zP!sBF!)48l7A(l%v_YnY@=8YrG%qxKTQ+zI%vUNf)VdZ>S&B;MYOvA@A$1j%uSKEp zw_v7rvhkczi|-ueR>o>Yj)7o}aGYW+F(ZFFeyo?;Gb5zKit3tjy3)Qef=ez0YTtV1 zZ^@FVD^d%&OR#llD1%DV1SJint{_3{$dVx~*+Nsr)P+{R5o4%4xlZF%Ln&E1)QzQV z$b_K8Xgp$K41OQpcukdEvmh#?Did8?>x$}!5J6QOMdFSBZtOL(V!>CnMOT|pGeqQE zL)DPq1?eHC0wW6}3WNW5h)KtT0Bkf>6e`F-1)Yoq5IAKW%6pb*QMY9ZqYI;6fubP) z^txeaNb^ckX7NCOG*S(w+Nh%Pttc!OmKPRYnR=~)7G68ag!Nhzb!yWZYC<%%5dbM( zto()yIO~J=V72A|hEZgQ+9_sh3f;hzXmiLnErjIJ~y-SdFQD=&WyKV^;@Nu`CWb)y)yRTM@w z-QTc6DmCeDN>^Q?Mm|9ICZKE1>rrnU$tax)p$>*w^j@eS9NIwLlm?zRj zmsCp?dg-0g$mpI_c|lm{EU^T{6Nvcgh60S(0^%#iCGpl?mFcGZKM&6CB4;}Q0DKZa Aga7~l diff --git a/creusot/tests/should_succeed/spec_tests.mlcfg b/creusot/tests/should_succeed/spec_tests.mlcfg index 7e2412e205..fa28c4e2e2 100644 --- a/creusot/tests/should_succeed/spec_tests.mlcfg +++ b/creusot/tests/should_succeed/spec_tests.mlcfg @@ -11,6 +11,7 @@ module SpecTests_S_Type end module SpecTests_TestSpecs_Interface + use prelude.Bool use prelude.Int use prelude.UInt32 use SpecTests_S_Type as SpecTests_S_Type @@ -21,6 +22,7 @@ module SpecTests_TestSpecs_Interface end module SpecTests_TestSpecs + use prelude.Bool use prelude.Int use prelude.UInt32 use SpecTests_S_Type as SpecTests_S_Type diff --git a/creusot/tests/should_succeed/specification/division.mlcfg b/creusot/tests/should_succeed/specification/division.mlcfg index 8bb312984f..fd69091bd8 100644 --- a/creusot/tests/should_succeed/specification/division.mlcfg +++ b/creusot/tests/should_succeed/specification/division.mlcfg @@ -23,12 +23,12 @@ module Division_Divide } BB0 { _5 <- x; - _6 <- ([#"../division.rs" 7 4 7 9] _5 = ([#"../division.rs" 7 4 7 9] [#"../division.rs" 7 4 7 9] (0 : uint32))); + _6 <- ([#"../division.rs" 7 4 7 9] UInt32.eq _5 ([#"../division.rs" 7 4 7 9] [#"../division.rs" 7 4 7 9] (0 : uint32))); assert { [@expl:division by zero] [#"../division.rs" 7 4 7 9] not _6 }; goto BB1 } BB1 { - _0 <- ([#"../division.rs" 7 4 7 9] y / _5); + _0 <- ([#"../division.rs" 7 4 7 9] UInt32.div y _5); _5 <- any uint32; return _0 } diff --git a/creusot/tests/should_succeed/specification/division/why3session.xml b/creusot/tests/should_succeed/specification/division/why3session.xml index f03c368a69..dc2d70fee0 100644 --- a/creusot/tests/should_succeed/specification/division/why3session.xml +++ b/creusot/tests/should_succeed/specification/division/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/specification/division/why3shapes.gz b/creusot/tests/should_succeed/specification/division/why3shapes.gz index 3fe27cf961aea110283ca19ad983c1436c5dbe4e..69f07b68c475774fa86539401044f4a1819e6cee 100644 GIT binary patch literal 175 zcmV;g08sxQiwFP!00000|6NYY3c@fDyyq+SruLK<(Fh)jP%MZi$yL@S!CX??*nYoh z!RKXXc4lYTWdZ4icb8yveF|;df`Vd2FvQEX9imNW!-zwO55X6C8v4EP@`Sq|p`mq_ zjKp(4xbj2mi5XE%C|=56vdmtF?tOAZ*UgoaVOTX+vxZj0?7_D^ ([#"../forall.rs" 11 10 11 14] true) + axiom omg_spec : forall a : int, b : int . ([#"../forall.rs" 10 11 10 17] Int.le a b) -> ([#"../forall.rs" 11 10 11 14] true) end module Forall_Omg use prelude.Int predicate omg [#"../forall.rs" 12 0 12 34] (a : int) (b : int) = - [#"../forall.rs" 13 4 15 7] exists c : int . a + c = b + [#"../forall.rs" 13 4 15 7] exists c : int . Int.add a c = b val omg [#"../forall.rs" 12 0 12 34] (a : int) (b : int) : bool - requires {[#"../forall.rs" 10 11 10 17] a <= b} + requires {[#"../forall.rs" 10 11 10 17] Int.le a b} ensures { [#"../forall.rs" 11 10 11 14] true } ensures { result = omg a b } - axiom omg_spec : forall a : int, b : int . ([#"../forall.rs" 10 11 10 17] a <= b) -> ([#"../forall.rs" 11 10 11 14] true) + axiom omg_spec : forall a : int, b : int . ([#"../forall.rs" 10 11 10 17] Int.le a b) -> ([#"../forall.rs" 11 10 11 14] true) end module Forall_Omg_Impl use prelude.Int let rec ghost predicate omg [#"../forall.rs" 12 0 12 34] (a : int) (b : int) - requires {[#"../forall.rs" 10 11 10 17] a <= b} + requires {[#"../forall.rs" 10 11 10 17] Int.le a b} ensures { [#"../forall.rs" 11 10 11 14] true } = [@vc:do_not_keep_trace] [@vc:sp] - [#"../forall.rs" 13 4 15 7] pure {exists c : int . a + c = b} + [#"../forall.rs" 13 4 15 7] pure {exists c : int . Int.add a c = b} end diff --git a/creusot/tests/should_succeed/specification/forall/why3session.xml b/creusot/tests/should_succeed/specification/forall/why3session.xml index 9334ba0996..5da2eae46a 100644 --- a/creusot/tests/should_succeed/specification/forall/why3session.xml +++ b/creusot/tests/should_succeed/specification/forall/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/specification/forall/why3shapes.gz b/creusot/tests/should_succeed/specification/forall/why3shapes.gz index 0e933656bfd8fea8563c5d100ca2359f95df2adf..cb255fabeaa5eb92409915bd7019ad1f8f1704d1 100644 GIT binary patch delta 111 zcmV-#0FeKJ0f7OK8E9FPg5xmb2k=c<0Kv+wJH8)>;GTKA0sEu8=Z>Fw?a#IxQE=G9 zcKUPK;Ce=HD?0qzUUvX5IcCjP&BPO_uzI#ziS?OE3oGImGU z&ws8v+%D*KLx*4M>kbf>EK5q72G - + diff --git a/creusot/tests/should_succeed/specification/logic_call/why3shapes.gz b/creusot/tests/should_succeed/specification/logic_call/why3shapes.gz index 59bc2f2e009a1233c445bfb98860c8121ab3112f..418cdb678d291fea8e056454062afab7d884db18 100644 GIT binary patch literal 120 zcmb2|=3oGW|EveSxtbk#7%tTMO@gKuWl~uK0x5vEly!Y`+pq0Nd?}O?swn-M(zw##pMLHHss$CB`wr IsEmptyLog0.is_empty_log o) /\ (IsEmptyLog0.is_empty_log o \/ EndLog0.end_log self = EndLog0.end_log o) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> DeepModel0.deep_model (Seq.get visited i) = DeepModel0.deep_model (StartLog0.start_log self) + i) + [#"../../../../creusot-contracts/src/std/iter/range.rs" 65 8 71 9] Seq.length visited = Int.sub (RangeInclusiveLen0.range_inclusive_len self) (RangeInclusiveLen0.range_inclusive_len o) /\ (IsEmptyLog0.is_empty_log self -> IsEmptyLog0.is_empty_log o) /\ (IsEmptyLog0.is_empty_log o \/ EndLog0.end_log self = EndLog0.end_log o) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length visited) -> DeepModel0.deep_model (Seq.get visited i) = Int.add (DeepModel0.deep_model (StartLog0.start_log self)) i) val produces (self : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive idx) (visited : Seq.seq idx) (o : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive idx) : bool ensures { result = produces self visited o } @@ -399,6 +403,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -418,6 +423,7 @@ module Core_Option_Option_Type end module Core_Ops_Range_Impl7_New_Interface type idx + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = idx use Core_Ops_Range_RangeInclusive_Type as Core_Ops_Range_RangeInclusive_Type @@ -651,6 +657,7 @@ module CreusotContracts_Std1_Iter_Impl0_IntoIterPost_Interface end module CreusotContracts_Std1_Iter_Impl0_IntoIterPost type i + use prelude.Bool predicate into_iter_post (self : i) (res : i) = [#"../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19] self = res val into_iter_post (self : i) (res : i) : bool @@ -786,6 +793,7 @@ end module CreusotContracts_Std1_Iter_Range_Impl1_Completed type idx use prelude.Borrow + use prelude.Bool use prelude.Int use prelude.Int clone CreusotContracts_Logic_Ord_Impl3_LeLog_Stub as LeLog0 @@ -992,8 +1000,8 @@ module Sum_SumFirstN_Interface use prelude.UInt32 use prelude.Int val sum_first_n [#"../sum.rs" 6 0 6 33] (n : uint32) : uint32 - requires {[#"../sum.rs" 4 11 4 20] UInt32.to_int n < 1000} - ensures { [#"../sum.rs" 5 10 5 38] UInt32.to_int result = div (UInt32.to_int n * (UInt32.to_int n + 1)) 2 } + requires {[#"../sum.rs" 4 11 4 20] Int.lt (UInt32.to_int n) 1000} + ensures { [#"../sum.rs" 5 10 5 38] UInt32.to_int result = Int.div (Int.mul (UInt32.to_int n) (Int.add (UInt32.to_int n) 1)) 2 } end module Sum_SumFirstN @@ -1126,8 +1134,8 @@ module Sum_SumFirstN predicate Inv1.inv = Inv0.inv, type DeepModelTy0.deepModelTy = int let rec cfg sum_first_n [#"../sum.rs" 6 0 6 33] [@cfg:stackify] [@cfg:subregion_analysis] (n : uint32) : uint32 - requires {[#"../sum.rs" 4 11 4 20] UInt32.to_int n < 1000} - ensures { [#"../sum.rs" 5 10 5 38] UInt32.to_int result = div (UInt32.to_int n * (UInt32.to_int n + 1)) 2 } + requires {[#"../sum.rs" 4 11 4 20] Int.lt (UInt32.to_int n) 1000} + ensures { [#"../sum.rs" 5 10 5 38] UInt32.to_int result = Int.div (Int.mul (UInt32.to_int n) (Int.add (UInt32.to_int n) 1)) 2 } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : uint32; @@ -1170,7 +1178,7 @@ module Sum_SumFirstN BB5 { invariant { [#"../sum.rs" 8 4 8 67] Inv0.inv iter }; invariant { [#"../sum.rs" 8 4 8 67] Produces0.produces (Ghost.inner iter_old) (Ghost.inner produced) iter }; - invariant { [#"../sum.rs" 8 16 8 65] UInt32.to_int sum = div (Seq.length (Ghost.inner produced) * (Seq.length (Ghost.inner produced) + 1)) 2 }; + invariant { [#"../sum.rs" 8 16 8 65] UInt32.to_int sum = Int.div (Int.mul (Seq.length (Ghost.inner produced)) (Int.add (Seq.length (Ghost.inner produced)) 1)) 2 }; goto BB6 } BB6 { @@ -1208,7 +1216,7 @@ module Sum_SumFirstN produced <- _22; _22 <- any Ghost.ghost_ty (Seq.seq uint32); i <- __creusot_proc_iter_elem; - sum <- ([#"../sum.rs" 10 8 10 16] sum + i); + sum <- ([#"../sum.rs" 10 8 10 16] UInt32.add sum i); goto BB5 } diff --git a/creusot/tests/should_succeed/sum_of_odds.mlcfg b/creusot/tests/should_succeed/sum_of_odds.mlcfg index b98efd6fca..2b41ecd2ff 100644 --- a/creusot/tests/should_succeed/sum_of_odds.mlcfg +++ b/creusot/tests/should_succeed/sum_of_odds.mlcfg @@ -13,7 +13,7 @@ end module SumOfOdds_Sqr use prelude.Int function sqr [#"../sum_of_odds.rs" 7 0 7 21] (x : int) : int = - [#"../sum_of_odds.rs" 8 4 8 9] x * x + [#"../sum_of_odds.rs" 8 4 8 9] Int.mul x x val sqr [#"../sum_of_odds.rs" 7 0 7 21] (x : int) : int ensures { result = sqr x } @@ -55,10 +55,10 @@ module SumOfOdds_SumOfOdd val sum_of_odd [#"../sum_of_odds.rs" 18 0 18 28] (x : int) : int ensures { result = sum_of_odd x } - axiom def : forall x : int . sum_of_odd x = ([#"../sum_of_odds.rs" 16 0 16 8] if x <= 0 then + axiom def : forall x : int . sum_of_odd x = ([#"../sum_of_odds.rs" 16 0 16 8] if Int.le x 0 then 0 else - sum_of_odd (x - 1) + 2 * x - 1 + Int.sub (Int.add (sum_of_odd (Int.sub x 1)) (Int.mul 2 x)) 1 ) end module SumOfOdds_SumOfOdd_Impl @@ -67,7 +67,11 @@ module SumOfOdds_SumOfOdd_Impl variant {[#"../sum_of_odds.rs" 17 10 17 11] x} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../sum_of_odds.rs" 16 0 16 8] if pure {x <= 0} then 0 else sum_of_odd (x - 1) + 2 * x - 1 + [#"../sum_of_odds.rs" 16 0 16 8] if Int.le x 0 then + 0 + else + Int.sub (Int.add (sum_of_odd (Int.sub x 1)) (Int.mul 2 x)) 1 + end module SumOfOdds_SumOfOddIsSqr_Stub use prelude.Int @@ -83,11 +87,11 @@ module SumOfOdds_SumOfOddIsSqr_Interface axiom . function sum_of_odd_is_sqr [#"../sum_of_odds.rs" 30 0 30 28] (x : int) : () val sum_of_odd_is_sqr [#"../sum_of_odds.rs" 30 0 30 28] (x : int) : () - requires {[#"../sum_of_odds.rs" 27 11 27 17] x >= 0} + requires {[#"../sum_of_odds.rs" 27 11 27 17] Int.ge x 0} ensures { [#"../sum_of_odds.rs" 28 10 28 33] SumOfOdd0.sum_of_odd x = Sqr0.sqr x } ensures { result = sum_of_odd_is_sqr x } - axiom sum_of_odd_is_sqr_spec : forall x : int . ([#"../sum_of_odds.rs" 27 11 27 17] x >= 0) -> ([#"../sum_of_odds.rs" 28 10 28 33] SumOfOdd0.sum_of_odd x = Sqr0.sqr x) + axiom sum_of_odd_is_sqr_spec : forall x : int . ([#"../sum_of_odds.rs" 27 11 27 17] Int.ge x 0) -> ([#"../sum_of_odds.rs" 28 10 28 33] SumOfOdd0.sum_of_odd x = Sqr0.sqr x) end module SumOfOdds_SumOfOddIsSqr use prelude.Int @@ -96,16 +100,16 @@ module SumOfOdds_SumOfOddIsSqr axiom . function sum_of_odd_is_sqr [#"../sum_of_odds.rs" 30 0 30 28] (x : int) : () val sum_of_odd_is_sqr [#"../sum_of_odds.rs" 30 0 30 28] (x : int) : () - requires {[#"../sum_of_odds.rs" 27 11 27 17] x >= 0} + requires {[#"../sum_of_odds.rs" 27 11 27 17] Int.ge x 0} ensures { [#"../sum_of_odds.rs" 28 10 28 33] SumOfOdd0.sum_of_odd x = Sqr0.sqr x } ensures { result = sum_of_odd_is_sqr x } - axiom def : forall x : int . sum_of_odd_is_sqr x = ([#"../sum_of_odds.rs" 31 4 31 65] if x > 0 then - sum_of_odd_is_sqr (x - 1) + axiom def : forall x : int . sum_of_odd_is_sqr x = ([#"../sum_of_odds.rs" 31 4 31 65] if Int.gt x 0 then + sum_of_odd_is_sqr (Int.sub x 1) else () ) - axiom sum_of_odd_is_sqr_spec : forall x : int . ([#"../sum_of_odds.rs" 27 11 27 17] x >= 0) -> ([#"../sum_of_odds.rs" 28 10 28 33] SumOfOdd0.sum_of_odd x = Sqr0.sqr x) + axiom sum_of_odd_is_sqr_spec : forall x : int . ([#"../sum_of_odds.rs" 27 11 27 17] Int.ge x 0) -> ([#"../sum_of_odds.rs" 28 10 28 33] SumOfOdd0.sum_of_odd x = Sqr0.sqr x) end module SumOfOdds_SumOfOddIsSqr_Impl use prelude.Int @@ -113,12 +117,12 @@ module SumOfOdds_SumOfOddIsSqr_Impl clone SumOfOdds_SumOfOdd as SumOfOdd0 with axiom . let rec ghost function sum_of_odd_is_sqr [#"../sum_of_odds.rs" 30 0 30 28] (x : int) : () - requires {[#"../sum_of_odds.rs" 27 11 27 17] x >= 0} + requires {[#"../sum_of_odds.rs" 27 11 27 17] Int.ge x 0} ensures { [#"../sum_of_odds.rs" 28 10 28 33] SumOfOdd0.sum_of_odd x = Sqr0.sqr x } variant {[#"../sum_of_odds.rs" 29 10 29 11] x} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../sum_of_odds.rs" 31 4 31 65] if pure {x > 0} then sum_of_odd_is_sqr (x - 1) else () + [#"../sum_of_odds.rs" 31 4 31 65] if Int.gt x 0 then sum_of_odd_is_sqr (Int.sub x 1) else () end module CreusotContracts_Invariant_Inv_Stub type t @@ -200,6 +204,7 @@ end module CreusotContracts_Std1_Iter_Range_Impl0_Produces type idx use seq.Seq + use prelude.Bool use prelude.Int use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with @@ -209,7 +214,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Produces predicate produces (self : Core_Ops_Range_Range_Type.t_range idx) (visited : Seq.seq idx) (o : Core_Ops_Range_Range_Type.t_range idx) = - [#"../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) <= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) /\ (Seq.length visited > 0 -> DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) <= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end o)) /\ Seq.length visited = DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) - DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> DeepModel0.deep_model (Seq.get visited i) = DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) + i) + [#"../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ Int.le (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) /\ (Int.gt (Seq.length visited) 0 -> Int.le (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end o))) /\ Seq.length visited = Int.sub (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length visited) -> DeepModel0.deep_model (Seq.get visited i) = Int.add (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) i) val produces (self : Core_Ops_Range_Range_Type.t_range idx) (visited : Seq.seq idx) (o : Core_Ops_Range_Range_Type.t_range idx) : bool ensures { result = produces self visited o } @@ -230,6 +235,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -424,6 +430,7 @@ module CreusotContracts_Std1_Iter_Impl0_IntoIterPost_Interface end module CreusotContracts_Std1_Iter_Impl0_IntoIterPost type i + use prelude.Bool predicate into_iter_post (self : i) (res : i) = [#"../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19] self = res val into_iter_post (self : i) (res : i) : bool @@ -582,6 +589,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Completed type idx use prelude.Borrow use prelude.Int + use prelude.Bool use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with type self = idx, @@ -590,7 +598,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Completed clone CreusotContracts_Resolve_Impl1_Resolve_Stub as Resolve0 with type t = Core_Ops_Range_Range_Type.t_range idx predicate completed (self : borrowed (Core_Ops_Range_Range_Type.t_range idx)) = - [#"../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78] Resolve0.resolve self /\ DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start ( * self)) >= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end ( * self)) + [#"../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78] Resolve0.resolve self /\ Int.ge (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start ( * self))) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end ( * self))) val completed (self : borrowed (Core_Ops_Range_Range_Type.t_range idx)) : bool ensures { result = completed self } @@ -601,7 +609,7 @@ module SumOfOdds_ComputeSumOfOdd_Interface clone SumOfOdds_SumOfOdd_Stub as SumOfOdd0 with axiom . val compute_sum_of_odd [#"../sum_of_odds.rs" 36 0 36 36] (x : uint32) : uint32 - requires {[#"../sum_of_odds.rs" 34 11 34 23] UInt32.to_int x < 65536} + requires {[#"../sum_of_odds.rs" 34 11 34 23] Int.lt (UInt32.to_int x) 65536} ensures { [#"../sum_of_odds.rs" 35 10 35 35] UInt32.to_int result = SumOfOdd0.sum_of_odd (UInt32.to_int x) } end @@ -683,7 +691,7 @@ module SumOfOdds_ComputeSumOfOdd predicate Inv0.inv = Inv0.inv, predicate IntoIterPost0.into_iter_post = IntoIterPost0.into_iter_post let rec cfg compute_sum_of_odd [#"../sum_of_odds.rs" 36 0 36 36] [@cfg:stackify] [@cfg:subregion_analysis] (x : uint32) : uint32 - requires {[#"../sum_of_odds.rs" 34 11 34 23] UInt32.to_int x < 65536} + requires {[#"../sum_of_odds.rs" 34 11 34 23] Int.lt (UInt32.to_int x) 65536} ensures { [#"../sum_of_odds.rs" 35 10 35 35] UInt32.to_int result = SumOfOdd0.sum_of_odd (UInt32.to_int x) } = [@vc:do_not_keep_trace] [@vc:sp] @@ -760,7 +768,7 @@ module SumOfOdds_ComputeSumOfOdd _23 <- any Ghost.ghost_ty (Seq.seq uint32); i <- __creusot_proc_iter_elem; assert { [@expl:assertion] [#"../sum_of_odds.rs" 41 12 41 33] let _ = SumOfOddIsSqr0.sum_of_odd_is_sqr (UInt32.to_int i) in true }; - s <- ([#"../sum_of_odds.rs" 44 8 44 22] s + ([#"../sum_of_odds.rs" 44 13 44 22] ([#"../sum_of_odds.rs" 44 13 44 18] ([#"../sum_of_odds.rs" 44 13 44 14] [#"../sum_of_odds.rs" 44 13 44 14] (2 : uint32)) * i) + ([#"../sum_of_odds.rs" 44 21 44 22] [#"../sum_of_odds.rs" 44 21 44 22] (1 : uint32)))); + s <- ([#"../sum_of_odds.rs" 44 8 44 22] UInt32.add s ([#"../sum_of_odds.rs" 44 13 44 22] UInt32.add ([#"../sum_of_odds.rs" 44 13 44 18] UInt32.mul ([#"../sum_of_odds.rs" 44 13 44 14] [#"../sum_of_odds.rs" 44 13 44 14] (2 : uint32)) i) ([#"../sum_of_odds.rs" 44 21 44 22] [#"../sum_of_odds.rs" 44 21 44 22] (1 : uint32)))); goto BB4 } @@ -769,7 +777,7 @@ module SumOfOdds_Test_Interface use prelude.UInt32 use prelude.Int val test [#"../sum_of_odds.rs" 50 0 50 19] (x : uint32) : () - requires {[#"../sum_of_odds.rs" 49 11 49 23] UInt32.to_int x < 65536} + requires {[#"../sum_of_odds.rs" 49 11 49 23] Int.lt (UInt32.to_int x) 65536} end module SumOfOdds_Test @@ -787,7 +795,7 @@ module SumOfOdds_Test clone SumOfOdds_ComputeSumOfOdd_Interface as ComputeSumOfOdd0 with function SumOfOdd0.sum_of_odd = SumOfOdd0.sum_of_odd let rec cfg test [#"../sum_of_odds.rs" 50 0 50 19] [@cfg:stackify] [@cfg:subregion_analysis] (x : uint32) : () - requires {[#"../sum_of_odds.rs" 49 11 49 23] UInt32.to_int x < 65536} + requires {[#"../sum_of_odds.rs" 49 11 49 23] Int.lt (UInt32.to_int x) 65536} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); diff --git a/creusot/tests/should_succeed/swap_borrows.mlcfg b/creusot/tests/should_succeed/swap_borrows.mlcfg index 90f6e444cf..e50618411f 100644 --- a/creusot/tests/should_succeed/swap_borrows.mlcfg +++ b/creusot/tests/should_succeed/swap_borrows.mlcfg @@ -52,6 +52,7 @@ end module CreusotContracts_Resolve_Impl0_Resolve type t1 type t2 + use prelude.Bool clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve1 with type self = t2 clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve0 with @@ -70,6 +71,7 @@ module TyInv_Trivial end module SwapBorrows_Swap_Interface type t + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = (t, t) val swap [#"../swap_borrows.rs" 5 0 5 31] (x : (t, t)) : (t, t) @@ -80,6 +82,7 @@ module SwapBorrows_Swap_Interface end module SwapBorrows_Swap type t + use prelude.Bool clone CreusotContracts_Resolve_Resolve_Resolve_Interface as Resolve1 with type self = t clone CreusotContracts_Invariant_Inv_Interface as Inv0 with @@ -142,6 +145,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool diff --git a/creusot/tests/should_succeed/swap_borrows/why3session.xml b/creusot/tests/should_succeed/swap_borrows/why3session.xml index 1c6808ca96..116f7d0550 100644 --- a/creusot/tests/should_succeed/swap_borrows/why3session.xml +++ b/creusot/tests/should_succeed/swap_borrows/why3session.xml @@ -12,7 +12,7 @@ - + diff --git a/creusot/tests/should_succeed/swap_borrows/why3shapes.gz b/creusot/tests/should_succeed/swap_borrows/why3shapes.gz index de56ab39b895e7e4c13ad74043d4bb6144bd536e..05705e1e3be5c28125f619e4bc3dd125b4120e57 100644 GIT binary patch delta 307 zcmV-30nGlu0>J{17k?Dzqe+o=n2@Gb;)r}iO4C$SjCHiI{e7IY>&hj5_OqW~{J7!c zhd;-WU*a%!{ppz(eDlP9zI}JPpxCn%{oC*P7$s^nJHJJPkb*{8QE*tK%p&af)jyWf zA&&j=5>ZuIPwl2KXRkM5pk{_IyzK`*Uj3OR!61?xhyY@D1AmL+GFc$l+(!noJ1BhJ z4?};A&BNCx&G@!E`6Gh9`vC-%hsTX!BE>$hp-J-(03T2pX6vT4JmNDJ9wsyXe zAv9h$!CS2x8!TJh*3y(Va(RG*V6N02N@cBxCK4B1*(xmql$5x-=K7$h?GJoO60A>07k^aevqjorLYh{IBk~a`O;S-Y*3rWD_i@s$E0_4$&whUK>8P;!H*c^~`CMcf(?Jsd~BY7A59YDExFIUo3ZQ87sX3s46eL z) ([#"../switch.rs" 11 23 11 24] [#"../switch.rs" 11 23 11 24] (0 : uint32))); + _0 <- ([#"../switch.rs" 11 19 11 24] UInt32.gt x ([#"../switch.rs" 11 23 11 24] [#"../switch.rs" 11 23 11 24] (0 : uint32))); goto BB5 } BB5 { @@ -89,6 +89,7 @@ end module CreusotContracts_Resolve_Impl0_Resolve type t1 type t2 + use prelude.Bool clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve1 with type self = t2 clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve0 with diff --git a/creusot/tests/should_succeed/switch_struct.mlcfg b/creusot/tests/should_succeed/switch_struct.mlcfg index 9837d7703b..0d338e7a3b 100644 --- a/creusot/tests/should_succeed/switch_struct.mlcfg +++ b/creusot/tests/should_succeed/switch_struct.mlcfg @@ -48,7 +48,7 @@ module SwitchStruct_Test } BB2 { field2 <- SwitchStruct_M_Type.g_field2 o; - _0 <- ([#"../switch_struct.rs" 12 24 12 35] field2 = ([#"../switch_struct.rs" 12 34 12 35] [#"../switch_struct.rs" 12 34 12 35] (0 : uint32))); + _0 <- ([#"../switch_struct.rs" 12 24 12 35] UInt32.eq field2 ([#"../switch_struct.rs" 12 34 12 35] [#"../switch_struct.rs" 12 34 12 35] (0 : uint32))); goto BB5 } BB3 { @@ -56,7 +56,7 @@ module SwitchStruct_Test } BB4 { field1 <- SwitchStruct_M_Type.f_field1 o; - _0 <- ([#"../switch_struct.rs" 11 24 11 34] field1 > ([#"../switch_struct.rs" 11 33 11 34] [#"../switch_struct.rs" 11 33 11 34] (0 : uint32))); + _0 <- ([#"../switch_struct.rs" 11 24 11 34] UInt32.gt field1 ([#"../switch_struct.rs" 11 33 11 34] [#"../switch_struct.rs" 11 33 11 34] (0 : uint32))); goto BB5 } BB5 { diff --git a/creusot/tests/should_succeed/syntax/02_operators.mlcfg b/creusot/tests/should_succeed/syntax/02_operators.mlcfg index c6f71612f1..ab373e0f4a 100644 --- a/creusot/tests/should_succeed/syntax/02_operators.mlcfg +++ b/creusot/tests/should_succeed/syntax/02_operators.mlcfg @@ -3,14 +3,14 @@ module C02Operators_Division_Interface use prelude.UIntSize use prelude.Int val division [#"../02_operators.rs" 8 0 8 40] (x : usize) (y : usize) : usize - requires {[#"../02_operators.rs" 7 11 7 17] UIntSize.to_int y > 0} + requires {[#"../02_operators.rs" 7 11 7 17] Int.gt (UIntSize.to_int y) 0} end module C02Operators_Division use prelude.Int use prelude.UIntSize let rec cfg division [#"../02_operators.rs" 8 0 8 40] [@cfg:stackify] [@cfg:subregion_analysis] (x : usize) (y : usize) : usize - requires {[#"../02_operators.rs" 7 11 7 17] UIntSize.to_int y > 0} + requires {[#"../02_operators.rs" 7 11 7 17] Int.gt (UIntSize.to_int y) 0} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : usize; @@ -23,12 +23,12 @@ module C02Operators_Division } BB0 { _5 <- y; - _6 <- ([#"../02_operators.rs" 9 4 9 9] _5 = ([#"../02_operators.rs" 9 4 9 9] [#"../02_operators.rs" 9 4 9 9] (0 : usize))); + _6 <- ([#"../02_operators.rs" 9 4 9 9] UIntSize.eq _5 ([#"../02_operators.rs" 9 4 9 9] [#"../02_operators.rs" 9 4 9 9] (0 : usize))); assert { [@expl:division by zero] [#"../02_operators.rs" 9 4 9 9] not _6 }; goto BB1 } BB1 { - _0 <- ([#"../02_operators.rs" 9 4 9 9] x / _5); + _0 <- ([#"../02_operators.rs" 9 4 9 9] UIntSize.div x _5); _5 <- any usize; return _0 } @@ -48,7 +48,7 @@ end module C02Operators_DivisionInt use prelude.Int function division_int [#"../02_operators.rs" 18 0 18 38] (x : int) (y : int) : int = - [#"../02_operators.rs" 19 4 19 9] div x y + [#"../02_operators.rs" 19 4 19 9] Int.div x y val division_int [#"../02_operators.rs" 18 0 18 38] (x : int) (y : int) : int ensures { result = division_int x y } @@ -57,14 +57,14 @@ module C02Operators_Modulus_Interface use prelude.UIntSize use prelude.Int val modulus [#"../02_operators.rs" 23 0 23 39] (x : usize) (y : usize) : usize - requires {[#"../02_operators.rs" 22 11 22 17] UIntSize.to_int y > 0} + requires {[#"../02_operators.rs" 22 11 22 17] Int.gt (UIntSize.to_int y) 0} end module C02Operators_Modulus use prelude.Int use prelude.UIntSize let rec cfg modulus [#"../02_operators.rs" 23 0 23 39] [@cfg:stackify] [@cfg:subregion_analysis] (x : usize) (y : usize) : usize - requires {[#"../02_operators.rs" 22 11 22 17] UIntSize.to_int y > 0} + requires {[#"../02_operators.rs" 22 11 22 17] Int.gt (UIntSize.to_int y) 0} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : usize; @@ -77,12 +77,12 @@ module C02Operators_Modulus } BB0 { _5 <- y; - _6 <- ([#"../02_operators.rs" 24 4 24 9] _5 = ([#"../02_operators.rs" 24 4 24 9] [#"../02_operators.rs" 24 4 24 9] (0 : usize))); + _6 <- ([#"../02_operators.rs" 24 4 24 9] UIntSize.eq _5 ([#"../02_operators.rs" 24 4 24 9] [#"../02_operators.rs" 24 4 24 9] (0 : usize))); assert { [@expl:remainder by zero] [#"../02_operators.rs" 24 4 24 9] not _6 }; goto BB1 } BB1 { - _0 <- ([#"../02_operators.rs" 24 4 24 9] x % _5); + _0 <- ([#"../02_operators.rs" 24 4 24 9] UIntSize.rem x _5); _5 <- any usize; return _0 } @@ -102,7 +102,7 @@ end module C02Operators_ModulusInt use prelude.Int function modulus_int [#"../02_operators.rs" 33 0 33 37] (x : int) (y : int) : int = - [#"../02_operators.rs" 34 4 34 9] mod x y + [#"../02_operators.rs" 34 4 34 9] Int.rem x y val modulus_int [#"../02_operators.rs" 33 0 33 37] (x : int) (y : int) : int ensures { result = modulus_int x y } @@ -123,7 +123,7 @@ module C02Operators_Multiply_Interface use prelude.Int clone Core_Num_Impl11_Max_Stub as Max0 val multiply [#"../02_operators.rs" 38 0 38 40] (x : usize) (y : usize) : usize - requires {[#"../02_operators.rs" 37 11 37 33] UIntSize.to_int x * UIntSize.to_int y <= UIntSize.to_int Max0.mAX'} + requires {[#"../02_operators.rs" 37 11 37 33] Int.le (Int.mul (UIntSize.to_int x) (UIntSize.to_int y)) (UIntSize.to_int Max0.mAX')} end module C02Operators_Multiply @@ -131,7 +131,7 @@ module C02Operators_Multiply use prelude.UIntSize clone Core_Num_Impl11_Max as Max0 let rec cfg multiply [#"../02_operators.rs" 38 0 38 40] [@cfg:stackify] [@cfg:subregion_analysis] (x : usize) (y : usize) : usize - requires {[#"../02_operators.rs" 37 11 37 33] UIntSize.to_int x * UIntSize.to_int y <= UIntSize.to_int Max0.mAX'} + requires {[#"../02_operators.rs" 37 11 37 33] Int.le (Int.mul (UIntSize.to_int x) (UIntSize.to_int y)) (UIntSize.to_int Max0.mAX')} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : usize; @@ -141,7 +141,7 @@ module C02Operators_Multiply goto BB0 } BB0 { - _0 <- ([#"../02_operators.rs" 39 4 39 9] x * y); + _0 <- ([#"../02_operators.rs" 39 4 39 9] UIntSize.mul x y); return _0 } @@ -160,7 +160,7 @@ end module C02Operators_MultiplyInt use prelude.Int function multiply_int [#"../02_operators.rs" 43 0 43 38] (x : int) (y : int) : int = - [#"../02_operators.rs" 44 4 44 9] x * y + [#"../02_operators.rs" 44 4 44 9] Int.mul x y val multiply_int [#"../02_operators.rs" 43 0 43 38] (x : int) (y : int) : int ensures { result = multiply_int x y } @@ -170,7 +170,7 @@ module C02Operators_Add_Interface use prelude.Int clone Core_Num_Impl11_Max_Stub as Max0 val add [#"../02_operators.rs" 48 0 48 35] (x : usize) (y : usize) : usize - requires {[#"../02_operators.rs" 47 11 47 33] UIntSize.to_int x + UIntSize.to_int y <= UIntSize.to_int Max0.mAX'} + requires {[#"../02_operators.rs" 47 11 47 33] Int.le (Int.add (UIntSize.to_int x) (UIntSize.to_int y)) (UIntSize.to_int Max0.mAX')} end module C02Operators_Add @@ -178,7 +178,7 @@ module C02Operators_Add use prelude.UIntSize clone Core_Num_Impl11_Max as Max0 let rec cfg add [#"../02_operators.rs" 48 0 48 35] [@cfg:stackify] [@cfg:subregion_analysis] (x : usize) (y : usize) : usize - requires {[#"../02_operators.rs" 47 11 47 33] UIntSize.to_int x + UIntSize.to_int y <= UIntSize.to_int Max0.mAX'} + requires {[#"../02_operators.rs" 47 11 47 33] Int.le (Int.add (UIntSize.to_int x) (UIntSize.to_int y)) (UIntSize.to_int Max0.mAX')} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : usize; @@ -188,7 +188,7 @@ module C02Operators_Add goto BB0 } BB0 { - _0 <- ([#"../02_operators.rs" 49 4 49 9] x + y); + _0 <- ([#"../02_operators.rs" 49 4 49 9] UIntSize.add x y); return _0 } @@ -207,7 +207,7 @@ end module C02Operators_AddInt use prelude.Int function add_int [#"../02_operators.rs" 53 0 53 33] (x : int) (y : int) : int = - [#"../02_operators.rs" 54 4 54 9] x + y + [#"../02_operators.rs" 54 4 54 9] Int.add x y val add_int [#"../02_operators.rs" 53 0 53 33] (x : int) (y : int) : int ensures { result = add_int x y } @@ -216,14 +216,14 @@ module C02Operators_Sub_Interface use prelude.UIntSize use prelude.Int val sub [#"../02_operators.rs" 63 0 63 35] (x : usize) (y : usize) : usize - requires {[#"../02_operators.rs" 62 11 62 23] UIntSize.to_int x - UIntSize.to_int y >= 0} + requires {[#"../02_operators.rs" 62 11 62 23] Int.ge (Int.sub (UIntSize.to_int x) (UIntSize.to_int y)) 0} end module C02Operators_Sub use prelude.Int use prelude.UIntSize let rec cfg sub [#"../02_operators.rs" 63 0 63 35] [@cfg:stackify] [@cfg:subregion_analysis] (x : usize) (y : usize) : usize - requires {[#"../02_operators.rs" 62 11 62 23] UIntSize.to_int x - UIntSize.to_int y >= 0} + requires {[#"../02_operators.rs" 62 11 62 23] Int.ge (Int.sub (UIntSize.to_int x) (UIntSize.to_int y)) 0} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : usize; @@ -233,7 +233,7 @@ module C02Operators_Sub goto BB0 } BB0 { - _0 <- ([#"../02_operators.rs" 64 4 64 9] x - y); + _0 <- ([#"../02_operators.rs" 64 4 64 9] UIntSize.sub x y); return _0 } @@ -252,7 +252,7 @@ end module C02Operators_SubInt use prelude.Int function sub_int [#"../02_operators.rs" 68 0 68 33] (x : int) (y : int) : int = - [#"../02_operators.rs" 69 4 69 9] x - y + [#"../02_operators.rs" 69 4 69 9] Int.sub x y val sub_int [#"../02_operators.rs" 68 0 68 33] (x : int) (y : int) : int ensures { result = sub_int x y } @@ -262,8 +262,8 @@ module C02Operators_Expression_Interface use prelude.Int clone Core_Num_Impl11_Max_Stub as Max0 val expression [#"../02_operators.rs" 77 0 77 51] (x : usize) (y : usize) (z : usize) : bool - requires {[#"../02_operators.rs" 74 11 74 17] UIntSize.to_int y > 0} - requires {[#"../02_operators.rs" 75 11 75 38] div (UIntSize.to_int x) (UIntSize.to_int y) * UIntSize.to_int z <= UIntSize.to_int Max0.mAX'} + requires {[#"../02_operators.rs" 74 11 74 17] Int.gt (UIntSize.to_int y) 0} + requires {[#"../02_operators.rs" 75 11 75 38] Int.le (Int.mul (Int.div (UIntSize.to_int x) (UIntSize.to_int y)) (UIntSize.to_int z)) (UIntSize.to_int Max0.mAX')} ensures { [#"../02_operators.rs" 76 10 76 16] result } end @@ -272,8 +272,8 @@ module C02Operators_Expression use prelude.UIntSize clone Core_Num_Impl11_Max as Max0 let rec cfg expression [#"../02_operators.rs" 77 0 77 51] [@cfg:stackify] [@cfg:subregion_analysis] (x : usize) (y : usize) (z : usize) : bool - requires {[#"../02_operators.rs" 74 11 74 17] UIntSize.to_int y > 0} - requires {[#"../02_operators.rs" 75 11 75 38] div (UIntSize.to_int x) (UIntSize.to_int y) * UIntSize.to_int z <= UIntSize.to_int Max0.mAX'} + requires {[#"../02_operators.rs" 74 11 74 17] Int.gt (UIntSize.to_int y) 0} + requires {[#"../02_operators.rs" 75 11 75 38] Int.le (Int.mul (Int.div (UIntSize.to_int x) (UIntSize.to_int y)) (UIntSize.to_int z)) (UIntSize.to_int Max0.mAX')} ensures { [#"../02_operators.rs" 76 10 76 16] result } = [@vc:do_not_keep_trace] [@vc:sp] @@ -290,18 +290,18 @@ module C02Operators_Expression } BB0 { _10 <- y; - _11 <- ([#"../02_operators.rs" 78 4 78 9] _10 = ([#"../02_operators.rs" 78 4 78 9] [#"../02_operators.rs" 78 4 78 9] (0 : usize))); + _11 <- ([#"../02_operators.rs" 78 4 78 9] UIntSize.eq _10 ([#"../02_operators.rs" 78 4 78 9] [#"../02_operators.rs" 78 4 78 9] (0 : usize))); assert { [@expl:division by zero] [#"../02_operators.rs" 78 4 78 9] not _11 }; goto BB1 } BB1 { _16 <- y; - _17 <- ([#"../02_operators.rs" 78 17 78 24] _16 = ([#"../02_operators.rs" 78 17 78 24] [#"../02_operators.rs" 78 17 78 24] (0 : usize))); + _17 <- ([#"../02_operators.rs" 78 17 78 24] UIntSize.eq _16 ([#"../02_operators.rs" 78 17 78 24] [#"../02_operators.rs" 78 17 78 24] (0 : usize))); assert { [@expl:division by zero] [#"../02_operators.rs" 78 17 78 24] not _17 }; goto BB2 } BB2 { - _0 <- ([#"../02_operators.rs" 78 4 78 28] ([#"../02_operators.rs" 78 4 78 13] ([#"../02_operators.rs" 78 4 78 9] x / _10) * z) = ([#"../02_operators.rs" 78 17 78 28] ([#"../02_operators.rs" 78 17 78 24] x / _16) * z)); + _0 <- ([#"../02_operators.rs" 78 4 78 28] UIntSize.eq ([#"../02_operators.rs" 78 4 78 13] UIntSize.mul ([#"../02_operators.rs" 78 4 78 9] UIntSize.div x _10) z) ([#"../02_operators.rs" 78 17 78 28] UIntSize.mul ([#"../02_operators.rs" 78 17 78 24] UIntSize.div x _16) z)); _10 <- any usize; _16 <- any usize; return _0 @@ -327,7 +327,7 @@ module C02Operators_ExpressionLogic use prelude.Int use prelude.UIntSize function expression_logic [#"../02_operators.rs" 83 0 83 57] (x : usize) (y : usize) (z : usize) : bool = - [#"../02_operators.rs" 84 4 84 28] div x y * z = div x y * z + [#"../02_operators.rs" 84 4 84 28] UIntSize.mul (UIntSize.div x y) z = UIntSize.mul (UIntSize.div x y) z val expression_logic [#"../02_operators.rs" 83 0 83 57] (x : usize) (y : usize) (z : usize) : bool ensures { [#"../02_operators.rs" 82 10 82 16] result } ensures { result = expression_logic x y z } @@ -341,7 +341,7 @@ module C02Operators_ExpressionLogic_Impl ensures { [#"../02_operators.rs" 82 10 82 16] result } = [@vc:do_not_keep_trace] [@vc:sp] - [#"../02_operators.rs" 84 4 84 28] pure {div x y * z = div x y * z} + [#"../02_operators.rs" 84 4 84 28] UIntSize.mul (UIntSize.div x y) z = UIntSize.mul (UIntSize.div x y) z end module C02Operators_X_Type use prelude.Int @@ -358,14 +358,14 @@ module C02Operators_PrimitiveComparison_Interface use prelude.Int use C02Operators_X_Type as C02Operators_X_Type val primitive_comparison [#"../02_operators.rs" 92 0 92 29] (x : C02Operators_X_Type.t_x) : () - ensures { [#"../02_operators.rs" 91 10 91 20] C02Operators_X_Type.x_a x <= C02Operators_X_Type.x_a x } + ensures { [#"../02_operators.rs" 91 10 91 20] Int.le (C02Operators_X_Type.x_a x) (C02Operators_X_Type.x_a x) } end module C02Operators_PrimitiveComparison use prelude.Int use C02Operators_X_Type as C02Operators_X_Type let rec cfg primitive_comparison [#"../02_operators.rs" 92 0 92 29] [@cfg:stackify] [@cfg:subregion_analysis] (x : C02Operators_X_Type.t_x) : () - ensures { [#"../02_operators.rs" 91 10 91 20] C02Operators_X_Type.x_a x <= C02Operators_X_Type.x_a x } + ensures { [#"../02_operators.rs" 91 10 91 20] Int.le (C02Operators_X_Type.x_a x) (C02Operators_X_Type.x_a x) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -379,6 +379,7 @@ module C02Operators_PrimitiveComparison end module C02Operators_BoolEq_Interface + use prelude.Bool val bool_eq [#"../02_operators.rs" 95 0 95 36] (a : bool) (b : bool) : bool ensures { [#"../02_operators.rs" 94 10 94 28] result = (a = b) } @@ -402,11 +403,13 @@ module C02Operators_BoolEq end module C02Operators_OldTest_Interface + use prelude.Bool val old_test [#"../02_operators.rs" 100 0 100 20] (x : bool) : () ensures { [#"../02_operators.rs" 99 10 99 21] old(x) = x } end module C02Operators_OldTest + use prelude.Bool let rec cfg old_test [#"../02_operators.rs" 100 0 100 20] [@cfg:stackify] [@cfg:subregion_analysis] (x : bool) : () ensures { [#"../02_operators.rs" 99 10 99 21] old(x) = x } diff --git a/creusot/tests/should_succeed/syntax/04_assoc_prec.mlcfg b/creusot/tests/should_succeed/syntax/04_assoc_prec.mlcfg index f3c86b29ce..ff5fb512a9 100644 --- a/creusot/tests/should_succeed/syntax/04_assoc_prec.mlcfg +++ b/creusot/tests/should_succeed/syntax/04_assoc_prec.mlcfg @@ -33,6 +33,7 @@ end module CreusotContracts_Resolve_Impl0_Resolve type t1 type t2 + use prelude.Bool clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve1 with type self = t2 clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve0 with @@ -66,8 +67,8 @@ module C04AssocPrec_RespectPrec_Interface use prelude.Int use prelude.UInt32 val respect_prec [#"../04_assoc_prec.rs" 10 0 10 34] (x : (uint32, uint32)) : () - ensures { [#"../04_assoc_prec.rs" 7 0 7 33] 5 = 3 -> 2 + 1 = 3 } - ensures { [#"../04_assoc_prec.rs" 8 10 8 35] div (5 * 3) 2 <> 4 * (40 + 1) } + ensures { [#"../04_assoc_prec.rs" 7 0 7 33] 5 = 3 -> Int.add 2 1 = 3 } + ensures { [#"../04_assoc_prec.rs" 8 10 8 35] Int.div (Int.mul 5 3) 2 <> Int.mul 4 (Int.add 40 1) } ensures { [#"../04_assoc_prec.rs" 9 10 9 20] (let (a, _) = x in a) = (let (_, a) = x in a) } end @@ -82,8 +83,8 @@ module C04AssocPrec_RespectPrec predicate Resolve0.resolve = Resolve1.resolve, predicate Resolve1.resolve = Resolve1.resolve let rec cfg respect_prec [#"../04_assoc_prec.rs" 10 0 10 34] [@cfg:stackify] [@cfg:subregion_analysis] (x : (uint32, uint32)) : () - ensures { [#"../04_assoc_prec.rs" 7 0 7 33] 5 = 3 -> 2 + 1 = 3 } - ensures { [#"../04_assoc_prec.rs" 8 10 8 35] div (5 * 3) 2 <> 4 * (40 + 1) } + ensures { [#"../04_assoc_prec.rs" 7 0 7 33] 5 = 3 -> Int.add 2 1 = 3 } + ensures { [#"../04_assoc_prec.rs" 8 10 8 35] Int.div (Int.mul 5 3) 2 <> Int.mul 4 (Int.add 40 1) } ensures { [#"../04_assoc_prec.rs" 9 10 9 20] (let (a, _) = x in a) = (let (_, a) = x in a) } = [@vc:do_not_keep_trace] [@vc:sp] @@ -102,13 +103,13 @@ end module C04AssocPrec_RespectAssoc_Interface use prelude.Int val respect_assoc [#"../04_assoc_prec.rs" 13 0 13 22] (_1 : ()) : () - ensures { [#"../04_assoc_prec.rs" 12 10 12 28] 0 + 1 = 0 } + ensures { [#"../04_assoc_prec.rs" 12 10 12 28] Int.add 0 1 = 0 } end module C04AssocPrec_RespectAssoc use prelude.Int let rec cfg respect_assoc [#"../04_assoc_prec.rs" 13 0 13 22] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : ()) : () - ensures { [#"../04_assoc_prec.rs" 12 10 12 28] 0 + 1 = 0 } + ensures { [#"../04_assoc_prec.rs" 12 10 12 28] Int.add 0 1 = 0 } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); diff --git a/creusot/tests/should_succeed/syntax/05_annotations.mlcfg b/creusot/tests/should_succeed/syntax/05_annotations.mlcfg index a100cafc56..20812dbb47 100644 --- a/creusot/tests/should_succeed/syntax/05_annotations.mlcfg +++ b/creusot/tests/should_succeed/syntax/05_annotations.mlcfg @@ -52,6 +52,7 @@ module C05Annotations_Assertion_Interface end module C05Annotations_Assertion type t + use prelude.Bool clone CreusotContracts_Invariant_Inv_Interface as Inv0 with type t = t clone TyInv_Trivial as TyInv_Trivial0 with diff --git a/creusot/tests/should_succeed/syntax/05_pearlite.mlcfg b/creusot/tests/should_succeed/syntax/05_pearlite.mlcfg index 823b6f78e9..dab143a446 100644 --- a/creusot/tests/should_succeed/syntax/05_pearlite.mlcfg +++ b/creusot/tests/should_succeed/syntax/05_pearlite.mlcfg @@ -94,6 +94,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Stub use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -108,6 +109,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -117,12 +119,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Slice_Impl0_ShallowModel type t @@ -130,6 +132,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -139,12 +142,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module TyInv_Trivial type t @@ -154,9 +157,9 @@ module TyInv_Trivial end module C05Pearlite_HasLen3_Stub use seq.Seq + use prelude.Int use prelude.Borrow use prelude.Slice - use prelude.Int use prelude.UInt32 use seq.Seq clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with @@ -166,9 +169,9 @@ module C05Pearlite_HasLen3_Stub end module C05Pearlite_HasLen3_Interface use seq.Seq + use prelude.Int use prelude.Borrow use prelude.Slice - use prelude.Int use prelude.UInt32 use seq.Seq clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with @@ -182,9 +185,9 @@ module C05Pearlite_HasLen3_Interface end module C05Pearlite_HasLen3 use seq.Seq + use prelude.Int use prelude.Borrow use prelude.Slice - use prelude.Int use prelude.UInt32 use seq.Seq clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with @@ -199,9 +202,9 @@ module C05Pearlite_HasLen3 end module C05Pearlite_HasLen3_Impl use seq.Seq + use prelude.Int use prelude.Borrow use prelude.Slice - use prelude.Int use prelude.UInt32 use seq.Seq clone CreusotContracts_Invariant_Inv_Interface as Inv1 with @@ -231,7 +234,7 @@ module C05Pearlite_HasLen3_Impl requires {[#"../05_pearlite.rs" 8 11 8 24] Seq.length (ShallowModel0.shallow_model v) = 3} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../05_pearlite.rs" 10 16 10 29] let a = let a' = ShallowModel0.shallow_model v in Seq.length a' in pure {a = 3} + [#"../05_pearlite.rs" 10 16 10 29] let a = let a' = ShallowModel0.shallow_model v in Seq.length a' in a = 3 end module C05Pearlite_A_Type type t_a = @@ -243,18 +246,21 @@ module C05Pearlite_A_Type end end module C05Pearlite_Solver_Interface + use prelude.Bool use C05Pearlite_A_Type as C05Pearlite_A_Type val solver [#"../05_pearlite.rs" 21 0 21 19] (x : C05Pearlite_A_Type.t_a) : () ensures { [#"../05_pearlite.rs" 20 10 20 20] C05Pearlite_A_Type.a_a x = C05Pearlite_A_Type.a_a x } end module C05Pearlite_StructInPearlite_Interface + use prelude.Bool use C05Pearlite_A_Type as C05Pearlite_A_Type val struct_in_pearlite [#"../05_pearlite.rs" 24 0 24 31] (x : C05Pearlite_A_Type.t_a) : () ensures { [#"../05_pearlite.rs" 23 10 23 30] x = C05Pearlite_A_Type.C_A false } end module C05Pearlite_StructInPearlite + use prelude.Bool use C05Pearlite_A_Type as C05Pearlite_A_Type let rec cfg struct_in_pearlite [#"../05_pearlite.rs" 24 0 24 31] [@cfg:stackify] [@cfg:subregion_analysis] (x : C05Pearlite_A_Type.t_a) : () ensures { [#"../05_pearlite.rs" 23 10 23 30] x = C05Pearlite_A_Type.C_A false } @@ -280,6 +286,7 @@ end module C05Pearlite_StructOrder_Interface use prelude.Int use prelude.UInt32 + use prelude.Bool use C05Pearlite_B_Type as C05Pearlite_B_Type val struct_order [#"../05_pearlite.rs" 32 0 32 25] (x : C05Pearlite_B_Type.t_b) : () ensures { [#"../05_pearlite.rs" 31 10 31 48] x = C05Pearlite_B_Type.C_B false (0 : uint32) } @@ -288,6 +295,7 @@ end module C05Pearlite_StructOrder use prelude.Int use prelude.UInt32 + use prelude.Bool use C05Pearlite_B_Type as C05Pearlite_B_Type let rec cfg struct_order [#"../05_pearlite.rs" 32 0 32 25] [@cfg:stackify] [@cfg:subregion_analysis] (x : C05Pearlite_B_Type.t_b) : () ensures { [#"../05_pearlite.rs" 31 10 31 48] x = C05Pearlite_B_Type.C_B false (0 : uint32) } @@ -316,6 +324,7 @@ module C05Pearlite_Field1IsTrue_Interface end module C05Pearlite_Field1IsTrue use prelude.UInt32 + use prelude.Int use C05Pearlite_B_Type as C05Pearlite_B_Type predicate field1_is_true [#"../05_pearlite.rs" 37 0 37 35] (x : C05Pearlite_B_Type.t_b) = [#"../05_pearlite.rs" 40 8 44 9] match (x) with @@ -652,11 +661,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -674,11 +683,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub type t diff --git a/creusot/tests/should_succeed/syntax/06_logic_function_contracts.mlcfg b/creusot/tests/should_succeed/syntax/06_logic_function_contracts.mlcfg index f111ae1764..2c1783cf05 100644 --- a/creusot/tests/should_succeed/syntax/06_logic_function_contracts.mlcfg +++ b/creusot/tests/should_succeed/syntax/06_logic_function_contracts.mlcfg @@ -23,7 +23,7 @@ module C06LogicFunctionContracts_Sum axiom def : forall seq : Seq.seq int . sum seq = ([#"../06_logic_function_contracts.rs" 11 4 16 5] if Seq.length seq = 0 then 0 else - Seq.get seq (Seq.length seq - 1) + sum (SeqExt.subsequence seq 0 (Seq.length seq - 1)) + Int.add (Seq.get seq (Int.sub (Seq.length seq) 1)) (sum (SeqExt.subsequence seq 0 (Int.sub (Seq.length seq) 1))) ) end module C06LogicFunctionContracts_Sum_Impl @@ -34,10 +34,10 @@ module C06LogicFunctionContracts_Sum_Impl variant {[#"../06_logic_function_contracts.rs" 9 10 9 19] Seq.length seq} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../06_logic_function_contracts.rs" 11 4 16 5] if pure {Seq.length seq = 0} then + [#"../06_logic_function_contracts.rs" 11 4 16 5] if Seq.length seq = 0 then 0 else - Seq.get seq (Seq.length seq - 1) + sum (SeqExt.subsequence seq 0 (Seq.length seq - 1)) + Int.add (Seq.get seq (Int.sub (Seq.length seq) 1)) (sum (SeqExt.subsequence seq 0 (Int.sub (Seq.length seq) 1))) end module C06LogicFunctionContracts_AllZero_Stub @@ -57,6 +57,7 @@ module C06LogicFunctionContracts_AllZero use seq.Seq use prelude.Int use seq_ext.SeqExt + use prelude.Bool predicate all_zero [#"../06_logic_function_contracts.rs" 22 0 22 38] (seq : Seq.seq int) val all_zero [#"../06_logic_function_contracts.rs" 22 0 22 38] (seq : Seq.seq int) : bool ensures { result = all_zero seq } @@ -64,21 +65,22 @@ module C06LogicFunctionContracts_AllZero axiom def : forall seq : Seq.seq int . all_zero seq = ([#"../06_logic_function_contracts.rs" 23 4 28 5] if Seq.length seq = 0 then true else - Seq.get seq (Seq.length seq - 1) = 0 /\ all_zero (SeqExt.subsequence seq 0 (Seq.length seq - 1)) + Seq.get seq (Int.sub (Seq.length seq) 1) = 0 /\ all_zero (SeqExt.subsequence seq 0 (Int.sub (Seq.length seq) 1)) ) end module C06LogicFunctionContracts_AllZero_Impl use seq.Seq use prelude.Int use seq_ext.SeqExt + use prelude.Bool let rec ghost predicate all_zero [#"../06_logic_function_contracts.rs" 22 0 22 38] (seq : Seq.seq int) variant {[#"../06_logic_function_contracts.rs" 21 10 21 19] Seq.length seq} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../06_logic_function_contracts.rs" 23 4 28 5] if pure {Seq.length seq = 0} then + [#"../06_logic_function_contracts.rs" 23 4 28 5] if Seq.length seq = 0 then true else - pure {Seq.get seq (Seq.length seq - 1) = 0} && all_zero (SeqExt.subsequence seq 0 (Seq.length seq - 1)) + Seq.get seq (Int.sub (Seq.length seq) 1) = 0 && all_zero (SeqExt.subsequence seq 0 (Int.sub (Seq.length seq) 1)) end module C06LogicFunctionContracts_Stupid_Stub @@ -97,11 +99,12 @@ end module C06LogicFunctionContracts_Stupid type t use prelude.Int + use prelude.Bool predicate stupid [#"../06_logic_function_contracts.rs" 34 0 34 38] (x : t) (i : int) val stupid [#"../06_logic_function_contracts.rs" 34 0 34 38] (x : t) (i : int) : bool ensures { result = stupid x i } - axiom def : forall x : t, i : int . stupid x i = ([#"../06_logic_function_contracts.rs" 35 4 43 5] if i <= 0 then + axiom def : forall x : t, i : int . stupid x i = ([#"../06_logic_function_contracts.rs" 35 4 43 5] if Int.le i 0 then true else if x = x then stupid x 0 else false @@ -110,13 +113,10 @@ end module C06LogicFunctionContracts_Stupid_Impl type t use prelude.Int + use prelude.Bool let rec ghost predicate stupid [#"../06_logic_function_contracts.rs" 34 0 34 38] (x : t) (i : int) variant {[#"../06_logic_function_contracts.rs" 33 10 33 11] i} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../06_logic_function_contracts.rs" 35 4 43 5] if pure {i <= 0} then - true - else - if pure {x = x} then stupid x 0 else false - + [#"../06_logic_function_contracts.rs" 35 4 43 5] if Int.le i 0 then true else if x = x then stupid x 0 else false end diff --git a/creusot/tests/should_succeed/syntax/06_logic_function_contracts/why3session.xml b/creusot/tests/should_succeed/syntax/06_logic_function_contracts/why3session.xml index c2fa7ab821..16c7e9b4e8 100644 --- a/creusot/tests/should_succeed/syntax/06_logic_function_contracts/why3session.xml +++ b/creusot/tests/should_succeed/syntax/06_logic_function_contracts/why3session.xml @@ -2,14 +2,13 @@ - - + - + @@ -19,7 +18,7 @@ - + diff --git a/creusot/tests/should_succeed/syntax/06_logic_function_contracts/why3shapes.gz b/creusot/tests/should_succeed/syntax/06_logic_function_contracts/why3shapes.gz index c74f2acb99bc6afadc8055031a6c4327a8bd88b7..98499dfc6a594ec194abe759aa835363f80d6aa8 100644 GIT binary patch literal 231 zcmVRACs~%)|FbLlz;pLIPk*jr-@jaV8tXK{jaNZ)E%f~J z!Ff5Kk`P8?N)A(wO*9sg_M~*kj&bdbLM>Gb!Xh-b8YXbcKCoBBjzXa9*@OnAX|=E# hF$Ij)C~E?N)>dbX0JY(ik8<5waRv4mg9wNL006Q1Z*Twr literal 232 zcmVl!P!$HAd%jO*W8=wyG2+!yIq`<5}uX3G^u?3p$cP<$VNKGrt2N0RR9*OKhV6 diff --git a/creusot/tests/should_succeed/syntax/09_maintains.mlcfg b/creusot/tests/should_succeed/syntax/09_maintains.mlcfg index e6d2d1037a..286e3da5ab 100644 --- a/creusot/tests/should_succeed/syntax/09_maintains.mlcfg +++ b/creusot/tests/should_succeed/syntax/09_maintains.mlcfg @@ -116,6 +116,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -204,8 +205,8 @@ module C09Maintains_Test5_Interface use C09Maintains_A_Type as C09Maintains_A_Type clone C09Maintains_Impl0_Inv2_Stub as Inv20 val test_5 [#"../09_maintains.rs" 37 0 37 29] (a : C09Maintains_A_Type.t_a) (b : usize) : () - requires {[#"../09_maintains.rs" 36 0 36 28] Inv20.inv2 a (UIntSize.to_int b + 0)} - ensures { [#"../09_maintains.rs" 36 0 36 28] Inv20.inv2 a (UIntSize.to_int b + 0) } + requires {[#"../09_maintains.rs" 36 0 36 28] Inv20.inv2 a (Int.add (UIntSize.to_int b) 0)} + ensures { [#"../09_maintains.rs" 36 0 36 28] Inv20.inv2 a (Int.add (UIntSize.to_int b) 0) } end module C09Maintains_Test5 @@ -214,8 +215,8 @@ module C09Maintains_Test5 use C09Maintains_A_Type as C09Maintains_A_Type clone C09Maintains_Impl0_Inv2 as Inv20 let rec cfg test_5 [#"../09_maintains.rs" 37 0 37 29] [@cfg:stackify] [@cfg:subregion_analysis] (a : C09Maintains_A_Type.t_a) (b : usize) : () - requires {[#"../09_maintains.rs" 36 0 36 28] Inv20.inv2 a (UIntSize.to_int b + 0)} - ensures { [#"../09_maintains.rs" 36 0 36 28] Inv20.inv2 a (UIntSize.to_int b + 0) } + requires {[#"../09_maintains.rs" 36 0 36 28] Inv20.inv2 a (Int.add (UIntSize.to_int b) 0)} + ensures { [#"../09_maintains.rs" 36 0 36 28] Inv20.inv2 a (Int.add (UIntSize.to_int b) 0) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); diff --git a/creusot/tests/should_succeed/syntax/09_maintains/why3session.xml b/creusot/tests/should_succeed/syntax/09_maintains/why3session.xml index 7c9316231a..6d156da208 100644 --- a/creusot/tests/should_succeed/syntax/09_maintains/why3session.xml +++ b/creusot/tests/should_succeed/syntax/09_maintains/why3session.xml @@ -2,29 +2,30 @@ + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/syntax/09_maintains/why3shapes.gz b/creusot/tests/should_succeed/syntax/09_maintains/why3shapes.gz index f7221a2fc50aa0aa28d3c79f73287865923a9bac..6757cd74eb474abde93bb92a45d98c906a7c4b1d 100644 GIT binary patch literal 298 zcmV+_0oDE=iwFP!00000|80*?Yr`-M#qa(UzHRGCmTlSIZ4^cdJNvjI{|OC@WF#S< ze`(i4+w>q1(tE!rz3$|6;@>*SrH)fK^zV}7?oDvlFFbbK&o2=pM0J=Co7ordj~|~R z?qxfSa<0>SRJTt4KC2?0yR;##&p-wN>kB55%=LOnqTuRLrID zJRG}zj*#K{)^_paH!FCUPjy@+%bIZU-VL63NC*RM^4OB|rbUk#$UB$320-fxvs4WT z=WJELh9Gb*L4{<&xLS!aXrF@A4GNPB)9WQWq701}f3Z%S^c(^J05lzthX4Qo literal 296 zcmV+@0oVQ?iwFP!00000|80-UY6CG0Mfd&+@7kst$?xf|1j+=u_Od~?Win7^%FK}O zuajnxM;8Kdx#u7~Z{%{IA712<=Vh42H|gZ&MbI!FX&z`?pQ4HoakuUsvQOIX-#0YT%Nj*|M|-bn$`o)t#WMkGkFvI!#E*o@yykfYCLt$8=@L)Azizm0$3xl2cg>% z5~6OsM75Tjv18AvSmhmq)V&f`=`Nd~t@A0D0x2Xm8f#^R7MscTM$`b>c9xQHDh0^w ubtOda3qn^dO5ZyHu7Kl^3ZU27nc@k6bJE2^=) self _2 + Int.ge self _2 val ge_log (self : int) (_2 : int) : bool ensures { result = ge_log self _2 } @@ -284,9 +287,8 @@ module CreusotContracts_Logic_Ord_Impl3_LeLog_Interface end module CreusotContracts_Logic_Ord_Impl3_LeLog use prelude.Int - use int.Int function le_log (self : int) (_2 : int) : bool = - Int.(<=) self _2 + Int.le self _2 val le_log (self : int) (_2 : int) : bool ensures { result = le_log self _2 } @@ -304,9 +306,8 @@ module CreusotContracts_Logic_Ord_Impl3_LtLog_Interface end module CreusotContracts_Logic_Ord_Impl3_LtLog use prelude.Int - use int.Int function lt_log (self : int) (_2 : int) : bool = - Int.(<) self _2 + Int.lt self _2 val lt_log (self : int) (_2 : int) : bool ensures { result = lt_log self _2 } @@ -572,7 +573,7 @@ module C10MutualRecTypes_Impl0_Height goto BB7 } BB7 { - _0 <- ([#"../10_mutual_rec_types.rs" 19 29 19 70] _4 + ([#"../10_mutual_rec_types.rs" 19 69 19 70] [#"../10_mutual_rec_types.rs" 19 69 19 70] (1 : uint64))); + _0 <- ([#"../10_mutual_rec_types.rs" 19 29 19 70] UInt64.add _4 ([#"../10_mutual_rec_types.rs" 19 69 19 70] [#"../10_mutual_rec_types.rs" 19 69 19 70] (1 : uint64))); _4 <- any uint64; goto BB8 } diff --git a/creusot/tests/should_succeed/syntax/11_array_types.mlcfg b/creusot/tests/should_succeed/syntax/11_array_types.mlcfg index 1092f124f8..cb5bd3770d 100644 --- a/creusot/tests/should_succeed/syntax/11_array_types.mlcfg +++ b/creusot/tests/should_succeed/syntax/11_array_types.mlcfg @@ -53,10 +53,11 @@ module C11ArrayTypes_Omg_Interface use seq.Seq use prelude.Int use prelude.UIntSize + use prelude.Bool clone Core_Num_Impl11_Max_Stub as Max0 use C11ArrayTypes_UsesArray_Type as C11ArrayTypes_UsesArray_Type val omg [#"../11_array_types.rs" 8 0 8 28] (x : C11ArrayTypes_UsesArray_Type.t_usesarray) : () - requires {[#"../11_array_types.rs" 7 11 7 53] Seq.length (Slice.id (C11ArrayTypes_UsesArray_Type.usesarray_0 x)) > 0 /\ Seq.length (Slice.id (C11ArrayTypes_UsesArray_Type.usesarray_0 x)) < UIntSize.to_int Max0.mAX'} + requires {[#"../11_array_types.rs" 7 11 7 53] Int.gt (Seq.length (Slice.id (C11ArrayTypes_UsesArray_Type.usesarray_0 x))) 0 /\ Int.lt (Seq.length (Slice.id (C11ArrayTypes_UsesArray_Type.usesarray_0 x))) (UIntSize.to_int Max0.mAX')} end module C11ArrayTypes_Omg @@ -65,12 +66,13 @@ module C11ArrayTypes_Omg use prelude.Int64 use prelude.Slice use seq.Seq + use prelude.Bool clone Core_Num_Impl11_Max as Max0 clone CreusotContracts_Logic_Ops_Impl4_IndexLogic as IndexLogic0 with type t = int64 use C11ArrayTypes_UsesArray_Type as C11ArrayTypes_UsesArray_Type let rec cfg omg [#"../11_array_types.rs" 8 0 8 28] [@cfg:stackify] [@cfg:subregion_analysis] (x : C11ArrayTypes_UsesArray_Type.t_usesarray) : () - requires {[#"../11_array_types.rs" 7 11 7 53] Seq.length (Slice.id (C11ArrayTypes_UsesArray_Type.usesarray_0 x)) > 0 /\ Seq.length (Slice.id (C11ArrayTypes_UsesArray_Type.usesarray_0 x)) < UIntSize.to_int Max0.mAX'} + requires {[#"../11_array_types.rs" 7 11 7 53] Int.gt (Seq.length (Slice.id (C11ArrayTypes_UsesArray_Type.usesarray_0 x))) 0 /\ Int.lt (Seq.length (Slice.id (C11ArrayTypes_UsesArray_Type.usesarray_0 x))) (UIntSize.to_int Max0.mAX')} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -82,7 +84,7 @@ module C11ArrayTypes_Omg } BB0 { _3 <- ([#"../11_array_types.rs" 9 8 9 9] [#"../11_array_types.rs" 9 8 9 9] (0 : usize)); - _5 <- ([#"../11_array_types.rs" 9 4 9 10] _3 < ([#"../11_array_types.rs" 9 4 9 10] Slice.length (C11ArrayTypes_UsesArray_Type.usesarray_0 x))); + _5 <- ([#"../11_array_types.rs" 9 4 9 10] UIntSize.lt _3 ([#"../11_array_types.rs" 9 4 9 10] Slice.length (C11ArrayTypes_UsesArray_Type.usesarray_0 x))); assert { [@expl:index in bounds] [#"../11_array_types.rs" 9 4 9 10] _5 }; goto BB1 } diff --git a/creusot/tests/should_succeed/syntax/11_array_types/why3session.xml b/creusot/tests/should_succeed/syntax/11_array_types/why3session.xml index 4ad4dc083f..6321f1be24 100644 --- a/creusot/tests/should_succeed/syntax/11_array_types/why3session.xml +++ b/creusot/tests/should_succeed/syntax/11_array_types/why3session.xml @@ -7,12 +7,12 @@ - + - + diff --git a/creusot/tests/should_succeed/syntax/11_array_types/why3shapes.gz b/creusot/tests/should_succeed/syntax/11_array_types/why3shapes.gz index e3dd3ecbe399e511e963ff33de65f21b36905a3b..73de2ff354911a9f3aeac8cfdd4dd6c5b74c3bdc 100644 GIT binary patch literal 319 zcmV-F0l@wriwFP!00000|7}rUPlGTJf9F&5P2E!qv<0&z5|d?17N5+;x8*nrBVnMx zj33_vae~=Pd%fSk_Ike(-3i}aCq7-e zR<0L{TLBBgaPbgd+lx!C)!2i8AM?*_cJM!#6pZu(Rt$oFn8Fmu!9kH^hpNBcq0B%| z15|iU-tH1C`Z>q~51vKdw4yl|9&2Z)`knm^B}a{kAjc2*c`Q=vuy>>#x1PXegW=1KL RsR(wy_YJO#3)46P002z(l~n)$ literal 305 zcmV-10nYv(iwFP!00000|7}poZi6roz4H~mrOnA^yg(JIqDm;a^i)~BMT2n&5`hXx z)z9ycl7*%h&-l$-?0HzSevhBNXJ5YStG0P!nk^p#OmJwoRWo4K6#jc#w`Jw5blj;8 zCRSR=s3Q7$=q*?^b=<1W8_g9SNvq|8PAgJe5mNi69QG5Bpu`b7ORp|7jZ@>~Rs(Yf zQm$r-{{m)&@!=u9cSoOIx)WAmhIQ{xz+cnrW%3skJ*tEo>*}0Z6_!sc6L?5J7AZd8 z&WIh@SGH?A)*i}WCKTsg-|Hyl6!sfB{S95`aqv!gf?jNB!9jMhcUafkF(ZfzZbW2E zD6}+%mS7|Sc~pd;b1n)d);uuU?LbB{b}E+=V&HKO8eFcx#Jk8dSckz6=Yky&CjtNf DveSxu diff --git a/creusot/tests/should_succeed/syntax/12_ghost_code.mlcfg b/creusot/tests/should_succeed/syntax/12_ghost_code.mlcfg index 49fba570a7..24fb41a982 100644 --- a/creusot/tests/should_succeed/syntax/12_ghost_code.mlcfg +++ b/creusot/tests/should_succeed/syntax/12_ghost_code.mlcfg @@ -128,11 +128,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -150,11 +150,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub type t @@ -235,6 +235,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve type t use prelude.Int use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -256,7 +257,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve predicate Inv1.inv = Inv1.inv, axiom . predicate resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) = - [#"../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Resolve0.resolve (IndexLogic0.index_logic self i) + [#"../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Resolve0.resolve (IndexLogic0.index_logic self i) val resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = resolve self } @@ -264,6 +265,7 @@ end module Alloc_Vec_Impl0_New_Interface type t use seq.Seq + use prelude.Int use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -455,6 +457,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -468,6 +471,7 @@ module C12GhostCode_GhostIsCopy use prelude.Int use prelude.Int32 use prelude.Ghost + use prelude.Bool use prelude.Borrow clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with type t = int32 @@ -582,6 +586,7 @@ module Alloc_Vec_Impl1_Push_Interface type a use prelude.Borrow use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv3 with type t = Seq.seq t @@ -645,8 +650,8 @@ module Alloc_Vec_Impl1_Len_Interface type a use prelude.UIntSize use seq.Seq - use prelude.Borrow use prelude.Int + use prelude.Borrow use seq.Seq use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with @@ -790,7 +795,7 @@ module C12GhostCode_GhostCheck } BB4 { assume { Resolve0.resolve x }; - switch ([#"../12_ghost_code.rs" 43 4 43 25] not ([#"../12_ghost_code.rs" 43 12 43 24] _9 = ([#"../12_ghost_code.rs" 43 23 43 24] [#"../12_ghost_code.rs" 43 23 43 24] (1 : usize)))) + switch ([#"../12_ghost_code.rs" 43 4 43 25] not ([#"../12_ghost_code.rs" 43 12 43 24] UIntSize.eq _9 ([#"../12_ghost_code.rs" 43 23 43 24] [#"../12_ghost_code.rs" 43 23 43 24] (1 : usize)))) | False -> goto BB6 | True -> goto BB5 end diff --git a/creusot/tests/should_succeed/syntax/12_ghost_code/why3session.xml b/creusot/tests/should_succeed/syntax/12_ghost_code/why3session.xml index b1871b20bc..453762d29c 100644 --- a/creusot/tests/should_succeed/syntax/12_ghost_code/why3session.xml +++ b/creusot/tests/should_succeed/syntax/12_ghost_code/why3session.xml @@ -8,12 +8,12 @@ - + - + diff --git a/creusot/tests/should_succeed/syntax/12_ghost_code/why3shapes.gz b/creusot/tests/should_succeed/syntax/12_ghost_code/why3shapes.gz index 679b70d37e47d4b4ac4061aeb6b5d665d576e614..0935278a58840891a47c6746ee16fb71127f5e6c 100644 GIT binary patch literal 355 zcmV-p0i6CHiwFP!00000|7}rCZ-X!lz2{ft)~%;}kN}f*s3swhcATu8hTM=AG)h{a zt@iI10#enj5{h4*{Tx5@w5CIiM?27q?T5y7FI3a@Gr?DgKoveHkXaF~bClTGD+rH! zJGk~@K}@s&KBaLD99Sr1hGhia=+5USEr@&V0)_9qKEDWC?xM2E7?=3bpKWmm@$5V3 zXys4f!tl+M_3?D8dPjQ-+|4>?p^G;^yPpT~w}+E@pDYUl&cgdFenE;u=gd7VAT=zA z_!2!6US*RatU85cS$+a>U}DhOVp@AEj~A!^{UK9Z^G!$^%LFSUjf_$yRAo^p#TYiwFP!00000|8-DJZ-X!lz2{eO>()~eAdqQ2RFhEn1J+JMCYXXoNmp2_ z{riQFY3e>M@$-wH?dQ8~Ff@3gA-K?aXkGshs9<}~a0d~@xeqafSw5#r46&yxNRQ7n zxb8wACt8A-zHtiz_*}>>&lo%fwL1rg#tmc94uy564>rDG+h2UyiiFp$Q2Nd*4E?|r zMi6BTA9vVMe;6C|D|el{7Drc62QiMWX!{Y5`{&Jmmj0~Bmo9NO857cq{5#^i*Q#ja z-36velB><3DFnzwU1vvagJxv}Ii(aj8X>mRd^EwIUvdf@-YmKp4)-Dk7;#Q-W2c kL}f#j3dKX>I! ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -121,11 +121,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub type t @@ -206,6 +206,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve type t use prelude.Int use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -227,7 +228,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve predicate Inv1.inv = Inv1.inv, axiom . predicate resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) = - [#"../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Resolve0.resolve (IndexLogic0.index_logic self i) + [#"../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Resolve0.resolve (IndexLogic0.index_logic self i) val resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = resolve self } @@ -235,6 +236,7 @@ end module Alloc_Vec_Impl0_New_Interface type t use seq.Seq + use prelude.Int use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -260,6 +262,7 @@ module Alloc_Vec_FromElem_Interface use seq.Seq use prelude.UIntSize use prelude.Int + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv2 with type t = Seq.seq t @@ -283,7 +286,7 @@ module Alloc_Vec_FromElem_Interface val from_elem (elem : t) (n : usize) : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) requires {Inv0.inv elem} ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 157 22 157 41] Seq.length (ShallowModel0.shallow_model result) = UIntSize.to_int n } - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 158 12 158 78] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> IndexLogic0.index_logic result i = elem } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 158 12 158 78] forall i : int . Int.le 0 i /\ Int.lt i (UIntSize.to_int n) -> IndexLogic0.index_logic result i = elem } ensures { Inv1.inv result } end @@ -349,6 +352,7 @@ end module Alloc_Slice_Impl0_IntoVec_Interface type t type a + use prelude.Bool use prelude.Slice use seq.Seq use seq.Seq @@ -414,6 +418,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Stub use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -428,6 +433,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -437,12 +443,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Slice_Impl0_ShallowModel type t @@ -450,6 +456,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -459,12 +466,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module C13VecMacro_X_Interface val x [#"../13_vec_macro.rs" 5 0 5 10] (_1 : ()) : () diff --git a/creusot/tests/should_succeed/syntax/13_vec_macro/why3session.xml b/creusot/tests/should_succeed/syntax/13_vec_macro/why3session.xml index 4960fe1771..631fbe76fd 100644 --- a/creusot/tests/should_succeed/syntax/13_vec_macro/why3session.xml +++ b/creusot/tests/should_succeed/syntax/13_vec_macro/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/syntax/13_vec_macro/why3shapes.gz b/creusot/tests/should_succeed/syntax/13_vec_macro/why3shapes.gz index 291d4e45058912c6b2892044cc39a5f2f342d447..12ad959661221ab5d827fe80c24191c671eda915 100644 GIT binary patch delta 363 zcmV-x0hIps0`~%t6@S|1*P2s!-(>1%Q?#wBD ze@acVXjg@Xw3mVVRz8SBHrY^3X9$|jkZC?cuEh+6mNS$(T7QoRdiyuuG6z!f(P+D_ zLv_5+5erH_=7~`!S&0MEvfP|q+xUyax7;N7)F84c1c=2Eaq7+sX*^5EqX9<^^M%nQ zf9eB{#yG@#tHc~!XPocazCf2Hu=Kt}EM)om3e3{xs6@Sv^`_~}~z;?8Z^)Nj7>*RNjpg=Kv)Ec0-aVCCvVcSNeJs^({VY6@2wz^>Vrb%&?) zW0hhuOP7U#w5Nf`R6dYHc9Y?TPY{flpfGZR(gYI>jGCY_;eWC{FwuX1b01Wak3!Kh z4>$3QCzzGwqo0^~mh6DCBFD39o9g1|FUN#V13`8(0l{pE)b*f6Wim_0rGX?4{3dHk zu6l!`Fg3|uD#3&6&{bXA2lzY$mOqA=g)CnlL0FzX&Hfos38{k-i;GA49*F#>~^p4teaVS zCFb4VH)sFqc|z?Y8?#*qsG>rsB8C_wMmxy^E5n@+pn>UFM>^C>2U=>OxdzR=UsiB3 IdyNAC03gn=%>V!Z diff --git a/creusot/tests/should_succeed/syntax/14_const_fns.mlcfg b/creusot/tests/should_succeed/syntax/14_const_fns.mlcfg index 91c3083a76..aaaaf5b475 100644 --- a/creusot/tests/should_succeed/syntax/14_const_fns.mlcfg +++ b/creusot/tests/should_succeed/syntax/14_const_fns.mlcfg @@ -19,7 +19,7 @@ module C14ConstFns_Omg goto BB0 } BB0 { - _0 <- ([#"../14_const_fns.rs" 6 4 6 9] x - ([#"../14_const_fns.rs" 6 8 6 9] [#"../14_const_fns.rs" 6 8 6 9] (1 : int32))); + _0 <- ([#"../14_const_fns.rs" 6 4 6 9] Int32.sub x ([#"../14_const_fns.rs" 6 8 6 9] [#"../14_const_fns.rs" 6 8 6 9] (1 : int32))); return _0 } diff --git a/creusot/tests/should_succeed/syntax/derive_macros.mlcfg b/creusot/tests/should_succeed/syntax/derive_macros.mlcfg index afa5c64e8a..bd1bc167d3 100644 --- a/creusot/tests/should_succeed/syntax/derive_macros.mlcfg +++ b/creusot/tests/should_succeed/syntax/derive_macros.mlcfg @@ -57,6 +57,7 @@ module TyInv_Trivial end module Core_Clone_Clone_Clone_Interface type self + use prelude.Bool use prelude.Borrow clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = self @@ -71,6 +72,7 @@ end module DeriveMacros_Impl2_Clone_Interface type a type b + use prelude.Bool use prelude.Borrow use DeriveMacros_Product_Type as DeriveMacros_Product_Type clone CreusotContracts_Invariant_Inv_Stub as Inv1 with @@ -87,6 +89,7 @@ module DeriveMacros_Impl2_Clone type a type b use prelude.Borrow + use prelude.Bool clone CreusotContracts_Invariant_Inv_Interface as Inv5 with type t = b clone TyInv_Trivial as TyInv_Trivial5 with @@ -245,6 +248,7 @@ end module Core_Cmp_PartialEq_Eq_Interface type self type rhs + use prelude.Bool use prelude.Borrow clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = self @@ -314,6 +318,7 @@ end module DeriveMacros_Impl3_Eq_Interface type a type b + use prelude.Bool use prelude.Borrow clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy1 with type self = b @@ -335,6 +340,7 @@ module DeriveMacros_Impl3_Eq type a type b use prelude.Borrow + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy1 with type self = b clone CreusotContracts_Model_DeepModel_DeepModel_Interface as DeepModel5 with @@ -482,6 +488,7 @@ end module DeriveMacros_Impl4_Clone_Interface type a type b + use prelude.Bool use prelude.Borrow use DeriveMacros_Sum_Type as DeriveMacros_Sum_Type clone CreusotContracts_Invariant_Inv_Stub as Inv1 with @@ -498,6 +505,7 @@ module DeriveMacros_Impl4_Clone type a type b use prelude.Borrow + use prelude.Bool clone CreusotContracts_Invariant_Inv_Interface as Inv7 with type t = b clone TyInv_Trivial as TyInv_Trivial7 with @@ -657,6 +665,7 @@ end module CreusotContracts_Resolve_Impl0_Resolve type t1 type t2 + use prelude.Bool clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve1 with type self = t2 clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve0 with @@ -720,6 +729,7 @@ end module DeriveMacros_Impl5_Eq_Interface type a type b + use prelude.Bool use prelude.Borrow clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy1 with type self = b @@ -741,6 +751,7 @@ module DeriveMacros_Impl5_Eq type a type b use prelude.Borrow + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy1 with type self = b clone CreusotContracts_Model_DeepModel_DeepModel_Interface as DeepModel5 with @@ -1017,6 +1028,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -1084,11 +1096,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -1106,11 +1118,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub type t @@ -1173,6 +1185,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve type t use prelude.Int use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -1194,7 +1207,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve predicate Inv1.inv = Inv1.inv, axiom . predicate resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) = - [#"../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Resolve0.resolve (IndexLogic0.index_logic self i) + [#"../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Resolve0.resolve (IndexLogic0.index_logic self i) val resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = resolve self } @@ -1214,6 +1227,7 @@ module DeriveMacros_Impl6_Resolve_Interface end module DeriveMacros_Impl6_Resolve type a + use prelude.Bool use prelude.Int use prelude.UInt32 use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type @@ -1255,6 +1269,7 @@ end module DeriveMacros_Impl7_Resolve type a type b + use prelude.Bool clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve2 with type self = b clone CreusotContracts_Resolve_Impl2_Resolve_Stub as Resolve1 with @@ -1479,6 +1494,7 @@ module DeriveMacros_Impl2 type a type b use prelude.Borrow + use prelude.Bool use DeriveMacros_Product_Type as DeriveMacros_Product_Type clone CreusotContracts_Invariant_Inv_Interface as Inv1 with type t = DeriveMacros_Product_Type.t_product a b @@ -1498,6 +1514,7 @@ module DeriveMacros_Impl4 type a type b use prelude.Borrow + use prelude.Bool use DeriveMacros_Sum_Type as DeriveMacros_Sum_Type clone CreusotContracts_Invariant_Inv_Interface as Inv1 with type t = DeriveMacros_Sum_Type.t_sum a b @@ -1517,6 +1534,7 @@ module DeriveMacros_Impl3 type a type b use prelude.Borrow + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy1 with type self = b clone CreusotContracts_Model_DeepModel_DeepModel_Interface as DeepModel3 with @@ -1551,6 +1569,7 @@ module DeriveMacros_Impl5 type a type b use prelude.Borrow + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy1 with type self = b clone CreusotContracts_Model_DeepModel_DeepModel_Interface as DeepModel3 with diff --git a/creusot/tests/should_succeed/syntax/derive_macros/why3session.xml b/creusot/tests/should_succeed/syntax/derive_macros/why3session.xml index ffb4def5a7..4c5459ddfa 100644 --- a/creusot/tests/should_succeed/syntax/derive_macros/why3session.xml +++ b/creusot/tests/should_succeed/syntax/derive_macros/why3session.xml @@ -2,48 +2,48 @@ - - + + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/syntax/derive_macros/why3shapes.gz b/creusot/tests/should_succeed/syntax/derive_macros/why3shapes.gz index 712542f74bc39f28d590a7cb23c5ebc9232e166f..27e76bdd65d1768e720513d189492aac682a4a2c 100644 GIT binary patch literal 1090 zcmV-I1ikwoiwFP!00000|BY5lZ{s!)zWZ1B)^<-EzF8m#tzp3e3TzJxUIWS^(E!;v z@1Xy_jHV z%p~`GCWRL>DZQLY@GV*6E>udJFW&-|d>(&e=u;Egd(ZaMv>n}19%aF#0x{$g|E|DhhLfuW8EN^i< zUEa(tr?U3GI#o!NEOVs$>Z7dnT4w0T$+GOg+J4jQnQ~(6;hN>)EdJiAYT@eC>9~(2&p2M3;3DYUe+Osodw5YbRu$G(cj({VH?oq=oM<_qPSG zYkvGp(99MNHqwUXEakL`pc){MS+5Y!TEyc;h7C}SOjeovw$|Z&SY<=Rd0-^k?GieF zek)U0s2#;I3vxtd^U9D?On^Q=7t{V*HUH}_QI+if!IeH|&A#1BQJFX>=!vn>zVrnsuo683{Z8)Ki{qX!nG@F(=>y#i)Nsp_(W*T+eJRz z=bMpHrGCNqjK{qB>hSrqv);<)cK*z8@&4^n)B+cLILi!0-Fp#Ygv3SQ9RCV&K^!0q zWdQIQYN&x?IOF;`ggK^u6Mx)4|9g#p7cZcr{m6MBKB$8{hyy>sfo-BWGJZ_b*-4og(@`6jVA3)u!I>Dh z?qI8`VZcX|IG;o~N*K9G(H&i|dJNndnQcSXgafb(7gJQiYB@P8j%m|oAceDd%gei$L{$d+}yo-))opp z%p~`GCWRL>DZQLY*S**1za9UX_BpXSKcgE0$L&a?am+e z)A?~f+@9~^Z@X|6#u)Fff1Jm7>qX7Thh#;C?~gCBJ0RJH+o#wpiHU|n601lSktE&x zD(9VYx+#)uZsQcHY-|7E?Xg)aWzljz-ucS*ZDmCse-a})&J{|P`7jn<)vS(%d%fD^ zrCWGjd0oAc$F?~XhwA{yZV7Z#oSY9(fOQS3@c_})TF8HB6(>>Db!b;@(Jj5I>j4~J z@sBH#M}EVywqy@%Cg88SZq;A{>n?Q}Elgds_97Fp3~78Q3#s$u5^2&dl-;Ds@)pO_ zrOj+oDr@hHQ-ws%GDUhUKJr?xWrl{FEXxk8?l;Yz$tT7hu2~w+?C-5O{^~(355(Lr zBGQu-f;^TM%0*8igL?@$#E=N_v11YX+40vmZ_B79+XPJsjuw=F84AGE<3vEA=WC6U z^wcC9ZPhp1Eq>`lElr8HlsM(*@(l;iSph)KO6r_-YoeSL04mocNiSJ4@oUeHGH*-f zvrc;fU$SP@11=}Q*WrK+4fzaBbXgXmbpB(QN`0=mdP3$&10)vQFEY1ITKN8Qf13fj z*WJI#3+5AVrinFApij1nBc~F&)1Z^S|yARmuJzTLS!XsffhI z-c*D{d24VgL1DL&U*sgMXX+QIQW#khHw~JZ zani;K7zf3)6cg(uOjdC_K)*L9eNrcR5+{Cw6Wf8Av)7VS8hL2x&L4P0^)r5Iz+lU|=Zjw9cLI)S8sL;w&`>%oX=0HLgOhNax6Nm$9o zN>v61gBX~#dJJZY+(r#<7^AkTAEQK7ofLZ(16Mqi%2=nFb%SIMtQ4w`tQV`|e<@Jz Irw|MP0LFk6X8-^I diff --git a/creusot/tests/should_succeed/take_first_mut.mlcfg b/creusot/tests/should_succeed/take_first_mut.mlcfg index f4cfc71989..f56c293fe3 100644 --- a/creusot/tests/should_succeed/take_first_mut.mlcfg +++ b/creusot/tests/should_succeed/take_first_mut.mlcfg @@ -46,6 +46,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Stub use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -60,6 +61,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -69,12 +71,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Slice_Impl0_ShallowModel type t @@ -82,6 +84,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -91,12 +94,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl2_IndexLogic_Stub type t @@ -193,6 +196,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -226,6 +230,7 @@ end module Core_Mem_Take_Interface type t use prelude.Borrow + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = t clone CreusotContracts_Std1_Default_Default_IsDefault_Stub as IsDefault0 with @@ -302,6 +307,7 @@ module Core_Slice_Impl0_SplitFirstMut_Interface type t use prelude.Borrow use prelude.Slice + use prelude.Bool use seq.Seq use prelude.Int use seq.Seq @@ -331,7 +337,7 @@ module Core_Slice_Impl0_SplitFirstMut_Interface val split_first_mut (self : borrowed (slice t)) : Core_Option_Option_Type.t_option (borrowed t, borrowed (slice t)) requires {Inv0.inv self} ensures { [#"../../../../creusot-contracts/src/std/slice.rs" 260 18 268 9] match (result) with - | Core_Option_Option_Type.C_Some (first, tail) -> * first = IndexLogic0.index_logic ( * self) 0 /\ ^ first = IndexLogic0.index_logic ( ^ self) 0 /\ Seq.length (ShallowModel0.shallow_model ( * self)) > 0 /\ Seq.length (ShallowModel0.shallow_model ( ^ self)) > 0 /\ ShallowModel0.shallow_model ( * tail) = Tail0.tail (ShallowModel0.shallow_model ( * self)) /\ ShallowModel0.shallow_model ( ^ tail) = Tail0.tail (ShallowModel0.shallow_model ( ^ self)) + | Core_Option_Option_Type.C_Some (first, tail) -> * first = IndexLogic0.index_logic ( * self) 0 /\ ^ first = IndexLogic0.index_logic ( ^ self) 0 /\ Int.gt (Seq.length (ShallowModel0.shallow_model ( * self))) 0 /\ Int.gt (Seq.length (ShallowModel0.shallow_model ( ^ self))) 0 /\ ShallowModel0.shallow_model ( * tail) = Tail0.tail (ShallowModel0.shallow_model ( * self)) /\ ShallowModel0.shallow_model ( ^ tail) = Tail0.tail (ShallowModel0.shallow_model ( ^ self)) | Core_Option_Option_Type.C_None -> Seq.length (ShallowModel1.shallow_model self) = 0 /\ ^ self = * self /\ ShallowModel1.shallow_model self = Seq.empty end } ensures { Inv1.inv result } @@ -357,6 +363,7 @@ module CreusotContracts_Std1_Slice_Impl2_IsDefault use prelude.Borrow use prelude.Slice use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -381,6 +388,7 @@ end module TakeFirstMut_TakeFirstMut_Interface type t use prelude.Borrow + use prelude.Bool use seq.Seq use prelude.Int use prelude.Slice @@ -408,7 +416,7 @@ module TakeFirstMut_TakeFirstMut_Interface val take_first_mut [#"../take_first_mut.rs" 14 0 14 74] (self_ : borrowed (borrowed (slice t))) : Core_Option_Option_Type.t_option (borrowed t) requires {[#"../take_first_mut.rs" 14 29 14 34] Inv0.inv self_} ensures { [#"../take_first_mut.rs" 6 10 13 1] match (result) with - | Core_Option_Option_Type.C_Some r -> * r = IndexLogic0.index_logic ( * * self_) 0 /\ ^ r = IndexLogic0.index_logic ( ^ * self_) 0 /\ Seq.length (ShallowModel0.shallow_model ( * * self_)) > 0 /\ Seq.length (ShallowModel0.shallow_model ( ^ * self_)) > 0 /\ ShallowModel0.shallow_model ( * ^ self_) = Tail0.tail (ShallowModel0.shallow_model ( * * self_)) /\ ShallowModel0.shallow_model ( ^ ^ self_) = Tail0.tail (ShallowModel0.shallow_model ( ^ * self_)) + | Core_Option_Option_Type.C_Some r -> * r = IndexLogic0.index_logic ( * * self_) 0 /\ ^ r = IndexLogic0.index_logic ( ^ * self_) 0 /\ Int.gt (Seq.length (ShallowModel0.shallow_model ( * * self_))) 0 /\ Int.gt (Seq.length (ShallowModel0.shallow_model ( ^ * self_))) 0 /\ ShallowModel0.shallow_model ( * ^ self_) = Tail0.tail (ShallowModel0.shallow_model ( * * self_)) /\ ShallowModel0.shallow_model ( ^ ^ self_) = Tail0.tail (ShallowModel0.shallow_model ( ^ * self_)) | Core_Option_Option_Type.C_None -> ^ self_ = * self_ /\ Seq.length (ShallowModel0.shallow_model ( * * self_)) = 0 end } ensures { [#"../take_first_mut.rs" 14 57 14 74] Inv1.inv result } @@ -418,6 +426,7 @@ module TakeFirstMut_TakeFirstMut type t use prelude.Borrow use prelude.Slice + use prelude.Bool use seq.Seq use prelude.Int use seq.Seq @@ -523,7 +532,7 @@ module TakeFirstMut_TakeFirstMut let rec cfg take_first_mut [#"../take_first_mut.rs" 14 0 14 74] [@cfg:stackify] [@cfg:subregion_analysis] (self_ : borrowed (borrowed (slice t))) : Core_Option_Option_Type.t_option (borrowed t) requires {[#"../take_first_mut.rs" 14 29 14 34] Inv3.inv self_} ensures { [#"../take_first_mut.rs" 6 10 13 1] match (result) with - | Core_Option_Option_Type.C_Some r -> * r = IndexLogic0.index_logic ( * * self_) 0 /\ ^ r = IndexLogic0.index_logic ( ^ * self_) 0 /\ Seq.length (ShallowModel0.shallow_model ( * * self_)) > 0 /\ Seq.length (ShallowModel0.shallow_model ( ^ * self_)) > 0 /\ ShallowModel0.shallow_model ( * ^ self_) = Tail0.tail (ShallowModel0.shallow_model ( * * self_)) /\ ShallowModel0.shallow_model ( ^ ^ self_) = Tail0.tail (ShallowModel0.shallow_model ( ^ * self_)) + | Core_Option_Option_Type.C_Some r -> * r = IndexLogic0.index_logic ( * * self_) 0 /\ ^ r = IndexLogic0.index_logic ( ^ * self_) 0 /\ Int.gt (Seq.length (ShallowModel0.shallow_model ( * * self_))) 0 /\ Int.gt (Seq.length (ShallowModel0.shallow_model ( ^ * self_))) 0 /\ ShallowModel0.shallow_model ( * ^ self_) = Tail0.tail (ShallowModel0.shallow_model ( * * self_)) /\ ShallowModel0.shallow_model ( ^ ^ self_) = Tail0.tail (ShallowModel0.shallow_model ( ^ * self_)) | Core_Option_Option_Type.C_None -> ^ self_ = * self_ /\ Seq.length (ShallowModel0.shallow_model ( * * self_)) = 0 end } ensures { [#"../take_first_mut.rs" 14 57 14 74] Inv6.inv result } diff --git a/creusot/tests/should_succeed/take_first_mut/why3session.xml b/creusot/tests/should_succeed/take_first_mut/why3session.xml index 339483548e..fbce2860b8 100644 --- a/creusot/tests/should_succeed/take_first_mut/why3session.xml +++ b/creusot/tests/should_succeed/take_first_mut/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/take_first_mut/why3shapes.gz b/creusot/tests/should_succeed/take_first_mut/why3shapes.gz index e885a7d603c67cf395ad9dc2b93d1d3f86a33fc1..b7dbd172a1829530c725c37ba685342655c14490 100644 GIT binary patch literal 532 zcmV+v0_*)BiwFP!00000|AmuHZ=5g?hVT3eZfQ9A3j>unpcN6h^wMh7Q;-X0gTg`r zWVb)RW3V@?T~B*1?mDY_Q7@3FS+(7bBY@e>V&*7i}k^iSp%mO2R486v&Jnz(~r=dIIBFWaN8IhvTQkf%g zj3Qf))d*|Flc(8w!i?IG-STW_wnh$uW$T|~ghP33Q6p><%jU#dgyR;BOfgFR8OCuq z>H6XDwwP7Z_NoKM^97(FNWKnE5d19m^Imvj_rkxLLdcpUD^vVl)&U;bDpcePDX}z< z7Bar-=*;q^4_pJ6wj(ahhvXM?!0xWhzYEHOV zV$qs7@^nEO=b3kzSOiRNC8n2&m#H%jjGf8T4SD7$Fp|6fV)OQa5Sy0|XuNUv?$E(P z-@SS0^?3chFpYgRC{r74Zo4)(zYd`qvO@FcJ-htg)#DO~~KsYEt zI;cQ77(#gO;rA5Vs(YHAkqWeJe=HCEzG^|^)R#>+;UW8TmtlHEH+#^T$#cm(7^ep9 z>S%}@j3B0xOP?&;TxP{be1rriY}zX#faIzR3~uRzMgL=Uwk6w+-Q)wur<9*_YItA$ zE8G65*?q*O1THumhnw@E!GwrBqQ__;o+{6TVbs-3;SY9^NL;ixZA43|U==NnD92k*W@b++w`v+fZ?zvmz&~Fg*5Etl zR`W7%79G|L-($rVOC9sH#Wi+Ics_WXnipnX(n|xp^TfyUijGUH`P!ma?)$3!O!te- xNBs)}{(vbL%(pYZKzax=aM%b^+!KeS1(E3WiBnodB&)2n0^YG2)AphO003ZPLF@nk literal 144 zcmV;B0B`>viwFP!00000|3!+u3c@fHM)&&^chpY#Ybt_+2qD=edtz_2pp7P)=NGi- zbUw~^Rvp$$xKqVOrA~R?qQ-6w&qtW%=9yU*_uN3(c^Qu7MJ^Po`P#?}_kG2Fq5DPV yqyB{ff54Or=Gz${3Lz-=TIs~n7}O??eN<`S@x+HDIZ7)mw+!A%5g$&X00029v_mKW diff --git a/creusot/tests/should_succeed/traits/03.mlcfg b/creusot/tests/should_succeed/traits/03.mlcfg index e329a88030..7c8827bef7 100644 --- a/creusot/tests/should_succeed/traits/03.mlcfg +++ b/creusot/tests/should_succeed/traits/03.mlcfg @@ -147,6 +147,7 @@ module C03_Impl1 use prelude.Borrow use prelude.Int use prelude.UInt32 + use prelude.Bool clone CreusotContracts_Invariant_Inv_Interface as Inv1 with type t = uint32 clone TyInv_Trivial as TyInv_Trivial1 with @@ -164,6 +165,7 @@ end module C03_Impl2 type g use prelude.Borrow + use prelude.Bool clone CreusotContracts_Invariant_Inv_Interface as Inv0 with type t = g clone TyInv_Trivial as TyInv_Trivial0 with diff --git a/creusot/tests/should_succeed/traits/04.mlcfg b/creusot/tests/should_succeed/traits/04.mlcfg index fb6a619344..2fb2a066da 100644 --- a/creusot/tests/should_succeed/traits/04.mlcfg +++ b/creusot/tests/should_succeed/traits/04.mlcfg @@ -74,6 +74,7 @@ module C04_A_Func3_Interface end module C04_User_Interface type t + use prelude.Bool use prelude.Borrow clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = t @@ -86,6 +87,7 @@ end module C04_User type t use prelude.Borrow + use prelude.Bool clone CreusotContracts_Invariant_Inv_Interface as Inv0 with type t = t clone TyInv_Trivial as TyInv_Trivial0 with diff --git a/creusot/tests/should_succeed/traits/09.mlcfg b/creusot/tests/should_succeed/traits/09.mlcfg index 0fc3b54f2f..75019b8812 100644 --- a/creusot/tests/should_succeed/traits/09.mlcfg +++ b/creusot/tests/should_succeed/traits/09.mlcfg @@ -17,7 +17,7 @@ module C09_Test goto BB0 } BB0 { - _0 <- ([#"../09.rs" 8 4 8 9] t + ([#"../09.rs" 8 8 8 9] [#"../09.rs" 8 8 8 9] (0 : uint32))); + _0 <- ([#"../09.rs" 8 4 8 9] UInt32.add t ([#"../09.rs" 8 8 8 9] [#"../09.rs" 8 8 8 9] (0 : uint32))); return _0 } diff --git a/creusot/tests/should_succeed/traits/10.mlcfg b/creusot/tests/should_succeed/traits/10.mlcfg index 440e509460..fe4d57ec91 100644 --- a/creusot/tests/should_succeed/traits/10.mlcfg +++ b/creusot/tests/should_succeed/traits/10.mlcfg @@ -48,6 +48,7 @@ end module C10_Impl0_Resolve type t type u + use prelude.Bool clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve1 with type self = u clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve0 with diff --git a/creusot/tests/should_succeed/traits/13_assoc_types.mlcfg b/creusot/tests/should_succeed/traits/13_assoc_types.mlcfg index 5155bb31a3..043aca5209 100644 --- a/creusot/tests/should_succeed/traits/13_assoc_types.mlcfg +++ b/creusot/tests/should_succeed/traits/13_assoc_types.mlcfg @@ -103,6 +103,7 @@ end module C13AssocTypes_Impl0 type t use prelude.Borrow + use prelude.Bool clone C13AssocTypes_Model_ModelTy_Type as ModelTy0 with type self = t clone CreusotContracts_Invariant_Inv_Interface as Inv1 with diff --git a/creusot/tests/should_succeed/traits/13_assoc_types/why3shapes.gz b/creusot/tests/should_succeed/traits/13_assoc_types/why3shapes.gz index 258e2f3ab4acf0e42144cf3a803ca86ee67bf214..ac2b78a2f1a1c90a9e4e84887f77bc830d54424e 100644 GIT binary patch literal 187 zcmV;s07U;EiwFP!00000|7A|Q3d0~2-Tey3HdEBA#zKcu5c31BMWfO{UX3Bpzb{Q% zI&?Zu4(Cwde0NjKc#U&z$KiwpE{lf{)k-g$H&bS{#?DjqOzw<4}ep;Tl?H@wkC$1C;q>;px%q35~WCDZ}p35jO pGt>}MqEdMZL;{5dAV{7nsJP-X1={ea0_Fy`;tS}DEcE;U0064zSSSDh literal 187 zcmV;s07U;EiwFP!00000|7A|Q3WG2d-SZV0TPJTGS1oiXg`hu>wcNyn3cji$^zTcx zr9-Fl2oP1FF{enVwM6nh=ekr|@dZnIgZ}&g006c#Sn2=( diff --git a/creusot/tests/should_succeed/traits/14_assoc_in_logic.mlcfg b/creusot/tests/should_succeed/traits/14_assoc_in_logic.mlcfg index ab042ec5dc..fb4bfb9d57 100644 --- a/creusot/tests/should_succeed/traits/14_assoc_in_logic.mlcfg +++ b/creusot/tests/should_succeed/traits/14_assoc_in_logic.mlcfg @@ -72,6 +72,7 @@ module CreusotContracts_Invariant_Inv end module C14AssocInLogic_Test_Interface type t + use prelude.Bool clone C14AssocInLogic_Assoc_Ty_Type as Ty0 with type self = t clone C14AssocInLogic_FromTy_Stub as FromTy0 with diff --git a/creusot/tests/should_succeed/traits/15_impl_interfaces.mlcfg b/creusot/tests/should_succeed/traits/15_impl_interfaces.mlcfg index 291668a63f..5f474dc7b2 100644 --- a/creusot/tests/should_succeed/traits/15_impl_interfaces.mlcfg +++ b/creusot/tests/should_succeed/traits/15_impl_interfaces.mlcfg @@ -28,6 +28,7 @@ module C15ImplInterfaces_X end module C15ImplInterfaces_Calls_Interface + use prelude.Bool clone C15ImplInterfaces_X_Stub as X0 with type t = (), type A0.a = () @@ -36,6 +37,7 @@ module C15ImplInterfaces_Calls_Interface end module C15ImplInterfaces_Calls + use prelude.Bool clone C15ImplInterfaces_X as X0 with type t = (), type A0.a = () diff --git a/creusot/tests/should_succeed/traits/16_impl_cloning.mlcfg b/creusot/tests/should_succeed/traits/16_impl_cloning.mlcfg index 946dac4b47..45ecb45e38 100644 --- a/creusot/tests/should_succeed/traits/16_impl_cloning.mlcfg +++ b/creusot/tests/should_succeed/traits/16_impl_cloning.mlcfg @@ -163,6 +163,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -178,6 +179,7 @@ end module C16ImplCloning_Test_Interface type t use prelude.Borrow + use prelude.Bool use seq.Seq use seq.Seq use C16ImplCloning_Vec_Type as C16ImplCloning_Vec_Type @@ -196,6 +198,7 @@ end module C16ImplCloning_Test type t use prelude.Borrow + use prelude.Bool use seq.Seq use seq.Seq use C16ImplCloning_Vec_Type as C16ImplCloning_Vec_Type diff --git a/creusot/tests/should_succeed/traits/16_impl_cloning/why3session.xml b/creusot/tests/should_succeed/traits/16_impl_cloning/why3session.xml index 724789b508..02412cf49e 100644 --- a/creusot/tests/should_succeed/traits/16_impl_cloning/why3session.xml +++ b/creusot/tests/should_succeed/traits/16_impl_cloning/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/traits/16_impl_cloning/why3shapes.gz b/creusot/tests/should_succeed/traits/16_impl_cloning/why3shapes.gz index 549b88642e9e23182865a7cab06a3ff371063a21..b70d785ca0037c22434b456b3143ff038e7f87b4 100644 GIT binary patch delta 130 zcmV-|0Db?I0h0lc7<($2(lixZh)~)KWGkbcVj*ob3HAC0b>r&s!TWa-(w!chVB?tP zupYpG+>89AdEK1q1Rbe7ybrI-5=Qn;|67xEddLGsPQh8onZ~*ii8*u*dPoDq)069uPPyhe` delta 131 zcmV-}0DS+G0h9rd7<{VJHZc`kh)~)KWGiDjVj(t~gm`_6x^eaR;Qbp3=|&GuP&lSJ zEPK!(w<14jUW%=HK?hnN-iO!u9wzn{|BWOqj(McWDfq%GJ}Dl*^HVSE39cbR=9GnC lqS~m7Gm0kDb<`;BcAX}tu;qqZs0SP>@dk+j1pJ=>006{LItBm$ diff --git a/creusot/tests/should_succeed/traits/18_trait_laws.mlcfg b/creusot/tests/should_succeed/traits/18_trait_laws.mlcfg index 2828e0d09f..058fde2048 100644 --- a/creusot/tests/should_succeed/traits/18_trait_laws.mlcfg +++ b/creusot/tests/should_succeed/traits/18_trait_laws.mlcfg @@ -44,6 +44,7 @@ module TyInv_Trivial end module C18TraitLaws_Symmetric_Reflexive_Stub type self + use prelude.Bool clone C18TraitLaws_Symmetric_Op_Stub as Op0 with type self = self clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -52,6 +53,7 @@ module C18TraitLaws_Symmetric_Reflexive_Stub end module C18TraitLaws_Symmetric_Reflexive_Interface type self + use prelude.Bool clone C18TraitLaws_Symmetric_Op_Stub as Op0 with type self = self clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -67,6 +69,7 @@ module C18TraitLaws_Symmetric_Reflexive_Interface end module C18TraitLaws_Symmetric_Reflexive type self + use prelude.Bool clone C18TraitLaws_Symmetric_Op_Stub as Op0 with type self = self clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -82,12 +85,14 @@ module C18TraitLaws_Symmetric_Reflexive end module C18TraitLaws_UsesOp_Stub type t + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = t function uses_op [#"../18_trait_laws.rs" 16 0 16 48] (x : t) (y : t) : bool end module C18TraitLaws_UsesOp_Interface type t + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = t function uses_op [#"../18_trait_laws.rs" 16 0 16 48] (x : t) (y : t) : bool @@ -101,6 +106,7 @@ module C18TraitLaws_UsesOp_Interface end module C18TraitLaws_UsesOp type t + use prelude.Bool clone C18TraitLaws_Symmetric_Op_Stub as Op0 with type self = t clone CreusotContracts_Invariant_Inv_Stub as Inv0 with @@ -117,6 +123,7 @@ module C18TraitLaws_UsesOp end module C18TraitLaws_UsesOp_Impl type t + use prelude.Bool clone C18TraitLaws_Symmetric_Op_Interface as Op0 with type self = t clone CreusotContracts_Invariant_Inv_Interface as Inv0 with @@ -136,7 +143,7 @@ module C18TraitLaws_UsesOp_Impl ensures { [#"../18_trait_laws.rs" 15 10 15 24] result = true } = [@vc:do_not_keep_trace] [@vc:sp] - [#"../18_trait_laws.rs" 17 16 17 34] let b = Op0.op y x in let a = Op0.op x y in pure {a = b} + [#"../18_trait_laws.rs" 17 16 17 34] let b = Op0.op y x in let a = Op0.op x y in a = b end module C18TraitLaws_Impl0_Op_Stub function op [#"../18_trait_laws.rs" 23 4 23 32] (self : ()) (_2 : ()) : () @@ -155,10 +162,12 @@ module C18TraitLaws_Impl0_Op end module C18TraitLaws_Impl0_Reflexive_Stub + use prelude.Bool clone C18TraitLaws_Impl0_Op_Stub as Op0 function reflexive [#"../18_trait_laws.rs" 30 4 30 34] (a : ()) (b : ()) : () end module C18TraitLaws_Impl0_Reflexive_Interface + use prelude.Bool clone C18TraitLaws_Impl0_Op_Stub as Op0 function reflexive [#"../18_trait_laws.rs" 30 4 30 34] (a : ()) (b : ()) : () val reflexive [#"../18_trait_laws.rs" 30 4 30 34] (a : ()) (b : ()) : () @@ -168,6 +177,7 @@ module C18TraitLaws_Impl0_Reflexive_Interface axiom reflexive_spec : forall a : (), b : () . [#"../18_trait_laws.rs" 29 14 29 32] Op0.op a b = Op0.op b a end module C18TraitLaws_Impl0_Reflexive + use prelude.Bool clone C18TraitLaws_Impl0_Op_Stub as Op0 function reflexive [#"../18_trait_laws.rs" 30 4 30 34] (a : ()) (b : ()) : () = [#"../18_trait_laws.rs" 27 4 27 10] () @@ -178,6 +188,7 @@ module C18TraitLaws_Impl0_Reflexive axiom reflexive_spec : forall a : (), b : () . [#"../18_trait_laws.rs" 29 14 29 32] Op0.op a b = Op0.op b a end module C18TraitLaws_Impl0_Reflexive_Impl + use prelude.Bool clone C18TraitLaws_Impl0_Op as Op0 let rec ghost function reflexive [#"../18_trait_laws.rs" 30 4 30 34] (a : ()) (b : ()) : () ensures { [#"../18_trait_laws.rs" 29 14 29 32] Op0.op a b = Op0.op b a } @@ -186,9 +197,11 @@ module C18TraitLaws_Impl0_Reflexive_Impl [#"../18_trait_laws.rs" 27 4 27 10] () end module C18TraitLaws_ImplLaws_Stub + use prelude.Bool function impl_laws [#"../18_trait_laws.rs" 36 0 36 26] (_1 : ()) : bool end module C18TraitLaws_ImplLaws_Interface + use prelude.Bool function impl_laws [#"../18_trait_laws.rs" 36 0 36 26] (_1 : ()) : bool val impl_laws [#"../18_trait_laws.rs" 36 0 36 26] (_1 : ()) : bool ensures { [#"../18_trait_laws.rs" 35 10 35 24] result = true } @@ -197,6 +210,7 @@ module C18TraitLaws_ImplLaws_Interface axiom impl_laws_spec : forall _1 : () . [#"../18_trait_laws.rs" 35 10 35 24] impl_laws _1 = true end module C18TraitLaws_ImplLaws + use prelude.Bool clone C18TraitLaws_Impl0_Op_Stub as Op0 function impl_laws [#"../18_trait_laws.rs" 36 0 36 26] (_1 : ()) : bool = [#"../18_trait_laws.rs" 37 16 37 38] Op0.op () () = Op0.op () () @@ -207,6 +221,7 @@ module C18TraitLaws_ImplLaws axiom impl_laws_spec : forall _1 : () . [#"../18_trait_laws.rs" 35 10 35 24] impl_laws _1 = true end module C18TraitLaws_ImplLaws_Impl + use prelude.Bool clone C18TraitLaws_Impl0_Op as Op0 clone C18TraitLaws_Impl0_Reflexive as Reflexive0 with function Op0.op = Op0.op, @@ -215,9 +230,10 @@ module C18TraitLaws_ImplLaws_Impl ensures { [#"../18_trait_laws.rs" 35 10 35 24] result = true } = [@vc:do_not_keep_trace] [@vc:sp] - [#"../18_trait_laws.rs" 37 16 37 38] let b = Op0.op () () in let a = Op0.op () () in pure {a = b} + [#"../18_trait_laws.rs" 37 16 37 38] let b = Op0.op () () in let a = Op0.op () () in a = b end module C18TraitLaws_Impl0 + use prelude.Bool clone CreusotContracts_Invariant_Inv_Interface as Inv0 with type t = () clone TyInv_Trivial as TyInv_Trivial0 with diff --git a/creusot/tests/should_succeed/traits/18_trait_laws/why3session.xml b/creusot/tests/should_succeed/traits/18_trait_laws/why3session.xml index aa25bfb005..ee67a94787 100644 --- a/creusot/tests/should_succeed/traits/18_trait_laws/why3session.xml +++ b/creusot/tests/should_succeed/traits/18_trait_laws/why3session.xml @@ -2,28 +2,28 @@ - - + + - + - + - + - + diff --git a/creusot/tests/should_succeed/traits/18_trait_laws/why3shapes.gz b/creusot/tests/should_succeed/traits/18_trait_laws/why3shapes.gz index 3f6c00363125784a9afd02954aec4f99df141a99..e20bed9cbe15cfbddff47a74ed61b45b7c357f9f 100644 GIT binary patch literal 287 zcmV+)0pR{0iwFP!00000|7DQDPQx$^hVOZb9AT$8iJJt8!-P}?i6iQDN@_<`>ejMu z1Kyr>v>f2{Mb;Plx9>J`dP^fu^1{cd8x9Y$lAC*x9@8*3s(~5MsOQujE)D!Z)#CJi zd+B;HO=D-+#{4LDdxNP(^CZh~l;?@3-7qftwd2zNCB2@BmXJX%P!kxgIe%@JbmqMcMw7`LP4JkR!Ai~rxCzpB3IhV z1S?I{5uy^F*@i-`*Cl726FNsBxMYJz0tAWC3M^o4AfjN3X(?AK5MF=kWL!q$rH?LF lqN1RZ%Y;D0+Iz1(8(kcbW`((x01;FS;v0L#DVwkX006y(ijn{T literal 286 zcmV+(0pb21iwFP!00000|7DO(Ps1<_hVS_mIl@kMlI8=6!-P}?i6hE&%7-H=b!%C- z0so$Lv>f2{Sk@!^weL23dW$1X{6fd68x9X#^UXbrk8v0S1e}2Zo?~~o1pEQC?DT%C zM7x+Ws2M8AA4P3%kSz;Oybecxo@m+)v`-6R<8b$YEPfth5kjkE?=c? zKlZymeoSi~Xnz-o8Dft7r_nCAY?ljKM*H#fwY&X+F~TG?AT|QCEGY_t+_+?Psy6he kkx5XZv!*l(ssum>sIQh)(ptw6J%V@a8|6zDb+7>d0E7F0k^lez diff --git a/creusot/tests/should_succeed/type_invariants/borrows.mlcfg b/creusot/tests/should_succeed/type_invariants/borrows.mlcfg index f32d6f27f1..20687ed89c 100644 --- a/creusot/tests/should_succeed/type_invariants/borrows.mlcfg +++ b/creusot/tests/should_succeed/type_invariants/borrows.mlcfg @@ -23,6 +23,7 @@ module Borrows_Impl0_Invariant_Interface end module Borrows_Impl0_Invariant use prelude.Int32 + use prelude.Int use Borrows_NonZero_Type as Borrows_NonZero_Type predicate invariant' [#"../borrows.rs" 9 4 9 30] (self : Borrows_NonZero_Type.t_nonzero) = [#"../borrows.rs" 10 20 10 32] Int32.to_int (Borrows_NonZero_Type.nonzero_0 self) <> 0 @@ -112,6 +113,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -293,8 +295,8 @@ module Borrows_Inc_Interface type t = int32, type ShallowModelTy0.shallowModelTy = int val inc [#"../borrows.rs" 101 0 101 23] (x : borrowed int32) : () - requires {[#"../borrows.rs" 99 11 99 25] ShallowModel0.shallow_model x < Int32.to_int Max0.mAX'} - ensures { [#"../borrows.rs" 100 10 100 25] Int32.to_int ( ^ x) = ShallowModel0.shallow_model x + 1 } + requires {[#"../borrows.rs" 99 11 99 25] Int.lt (ShallowModel0.shallow_model x) (Int32.to_int Max0.mAX')} + ensures { [#"../borrows.rs" 100 10 100 25] Int32.to_int ( ^ x) = Int.add (ShallowModel0.shallow_model x) 1 } end module Borrows_Inc @@ -311,8 +313,8 @@ module Borrows_Inc clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with type t = int32 let rec cfg inc [#"../borrows.rs" 101 0 101 23] [@cfg:stackify] [@cfg:subregion_analysis] (x : borrowed int32) : () - requires {[#"../borrows.rs" 99 11 99 25] ShallowModel0.shallow_model x < Int32.to_int Max0.mAX'} - ensures { [#"../borrows.rs" 100 10 100 25] Int32.to_int ( ^ x) = ShallowModel0.shallow_model x + 1 } + requires {[#"../borrows.rs" 99 11 99 25] Int.lt (ShallowModel0.shallow_model x) (Int32.to_int Max0.mAX')} + ensures { [#"../borrows.rs" 100 10 100 25] Int32.to_int ( ^ x) = Int.add (ShallowModel0.shallow_model x) 1 } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -321,7 +323,7 @@ module Borrows_Inc goto BB0 } BB0 { - x <- { x with current = ([#"../borrows.rs" 102 4 102 11] * x + ([#"../borrows.rs" 102 10 102 11] [#"../borrows.rs" 102 10 102 11] (1 : int32))) }; + x <- { x with current = ([#"../borrows.rs" 102 4 102 11] Int32.add ( * x) ([#"../borrows.rs" 102 10 102 11] [#"../borrows.rs" 102 10 102 11] (1 : int32))) }; assume { Resolve0.resolve x }; _0 <- ([#"../borrows.rs" 101 24 103 1] ()); return _0 @@ -337,7 +339,7 @@ module Borrows_Simple_Interface type t = borrowed (Borrows_NonZero_Type.t_nonzero) clone Core_Num_Impl2_Max_Stub as Max0 val simple [#"../borrows.rs" 31 0 31 30] (x : borrowed (Borrows_NonZero_Type.t_nonzero)) : () - requires {[#"../borrows.rs" 29 11 29 27] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * x)) < Int32.to_int Max0.mAX'} + requires {[#"../borrows.rs" 29 11 29 27] Int.lt (Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * x))) (Int32.to_int Max0.mAX')} requires {[#"../borrows.rs" 30 11 30 21] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * x)) <> - 1} requires {[#"../borrows.rs" 31 14 31 15] Inv0.inv x} @@ -376,7 +378,7 @@ module Borrows_Simple function ShallowModel0.shallow_model = ShallowModel0.shallow_model, val Max0.mAX' = Max0.mAX' let rec cfg simple [#"../borrows.rs" 31 0 31 30] [@cfg:stackify] [@cfg:subregion_analysis] (x : borrowed (Borrows_NonZero_Type.t_nonzero)) : () - requires {[#"../borrows.rs" 29 11 29 27] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * x)) < Int32.to_int Max0.mAX'} + requires {[#"../borrows.rs" 29 11 29 27] Int.lt (Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * x))) (Int32.to_int Max0.mAX')} requires {[#"../borrows.rs" 30 11 30 21] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * x)) <> - 1} requires {[#"../borrows.rs" 31 14 31 15] Inv0.inv x} @@ -416,7 +418,7 @@ module Borrows_Hard_Interface type t = borrowed (Borrows_NonZero_Type.t_nonzero) clone Core_Num_Impl2_Max_Stub as Max0 val hard [#"../borrows.rs" 38 0 38 28] (x : borrowed (Borrows_NonZero_Type.t_nonzero)) : () - requires {[#"../borrows.rs" 36 11 36 27] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * x)) < Int32.to_int Max0.mAX'} + requires {[#"../borrows.rs" 36 11 36 27] Int.lt (Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * x))) (Int32.to_int Max0.mAX')} requires {[#"../borrows.rs" 37 11 37 21] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * x)) <> - 1} requires {[#"../borrows.rs" 38 12 38 13] Inv0.inv x} @@ -457,7 +459,7 @@ module Borrows_Hard clone Borrows_Impl1_InnerMut_Interface as InnerMut0 with predicate Inv0.inv = Inv1.inv let rec cfg hard [#"../borrows.rs" 38 0 38 28] [@cfg:stackify] [@cfg:subregion_analysis] (x : borrowed (Borrows_NonZero_Type.t_nonzero)) : () - requires {[#"../borrows.rs" 36 11 36 27] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * x)) < Int32.to_int Max0.mAX'} + requires {[#"../borrows.rs" 36 11 36 27] Int.lt (Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * x))) (Int32.to_int Max0.mAX')} requires {[#"../borrows.rs" 37 11 37 21] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * x)) <> - 1} requires {[#"../borrows.rs" 38 12 38 13] Inv1.inv x} @@ -529,6 +531,7 @@ end module CreusotContracts_Resolve_Impl0_Resolve type t1 type t2 + use prelude.Bool clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve1 with type self = t2 clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve0 with @@ -578,7 +581,7 @@ module Borrows_Tuple_Interface type t = (Borrows_NonZero_Type.t_nonzero, borrowed (Borrows_NonZero_Type.t_nonzero)) clone Core_Num_Impl2_Max_Stub as Max0 val tuple [#"../borrows.rs" 45 0 45 44] (x : (Borrows_NonZero_Type.t_nonzero, borrowed (Borrows_NonZero_Type.t_nonzero))) : () - requires {[#"../borrows.rs" 43 11 43 29] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a))) < Int32.to_int Max0.mAX'} + requires {[#"../borrows.rs" 43 11 43 29] Int.lt (Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a)))) (Int32.to_int Max0.mAX')} requires {[#"../borrows.rs" 44 11 44 23] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a))) <> - 1} requires {[#"../borrows.rs" 45 17 45 18] Inv0.inv x} @@ -633,7 +636,7 @@ module Borrows_Tuple function ShallowModel0.shallow_model = ShallowModel0.shallow_model, val Max0.mAX' = Max0.mAX' let rec cfg tuple [#"../borrows.rs" 45 0 45 44] [@cfg:stackify] [@cfg:subregion_analysis] (x : (Borrows_NonZero_Type.t_nonzero, borrowed (Borrows_NonZero_Type.t_nonzero))) : () - requires {[#"../borrows.rs" 43 11 43 29] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a))) < Int32.to_int Max0.mAX'} + requires {[#"../borrows.rs" 43 11 43 29] Int.lt (Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a)))) (Int32.to_int Max0.mAX')} requires {[#"../borrows.rs" 44 11 44 23] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a))) <> - 1} requires {[#"../borrows.rs" 45 17 45 18] Inv0.inv x} @@ -674,7 +677,7 @@ module Borrows_PartialMove_Interface type t = (Borrows_NonZero_Type.t_nonzero, borrowed (Borrows_NonZero_Type.t_nonzero)) clone Core_Num_Impl2_Max_Stub as Max0 val partial_move [#"../borrows.rs" 53 0 53 47] (x : (Borrows_NonZero_Type.t_nonzero, borrowed (Borrows_NonZero_Type.t_nonzero))) : () - requires {[#"../borrows.rs" 51 11 51 29] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a))) < Int32.to_int Max0.mAX'} + requires {[#"../borrows.rs" 51 11 51 29] Int.lt (Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a)))) (Int32.to_int Max0.mAX')} requires {[#"../borrows.rs" 52 11 52 23] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a))) <> - 1} requires {[#"../borrows.rs" 53 20 53 21] Inv0.inv x} @@ -729,7 +732,7 @@ module Borrows_PartialMove function ShallowModel0.shallow_model = ShallowModel0.shallow_model, val Max0.mAX' = Max0.mAX' let rec cfg partial_move [#"../borrows.rs" 53 0 53 47] [@cfg:stackify] [@cfg:subregion_analysis] (x : (Borrows_NonZero_Type.t_nonzero, borrowed (Borrows_NonZero_Type.t_nonzero))) : () - requires {[#"../borrows.rs" 51 11 51 29] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a))) < Int32.to_int Max0.mAX'} + requires {[#"../borrows.rs" 51 11 51 29] Int.lt (Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a)))) (Int32.to_int Max0.mAX')} requires {[#"../borrows.rs" 52 11 52 23] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a))) <> - 1} requires {[#"../borrows.rs" 53 20 53 21] Inv0.inv x} @@ -773,7 +776,7 @@ module Borrows_Destruct_Interface type t = (Borrows_NonZero_Type.t_nonzero, borrowed (Borrows_NonZero_Type.t_nonzero)) clone Core_Num_Impl2_Max_Stub as Max0 val destruct [#"../borrows.rs" 61 0 61 43] (x : (Borrows_NonZero_Type.t_nonzero, borrowed (Borrows_NonZero_Type.t_nonzero))) : () - requires {[#"../borrows.rs" 59 11 59 29] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a))) < Int32.to_int Max0.mAX'} + requires {[#"../borrows.rs" 59 11 59 29] Int.lt (Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a)))) (Int32.to_int Max0.mAX')} requires {[#"../borrows.rs" 60 11 60 23] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a))) <> - 1} requires {[#"../borrows.rs" 61 16 61 17] Inv0.inv x} @@ -828,7 +831,7 @@ module Borrows_Destruct predicate Resolve0.resolve = Resolve3.resolve, predicate Resolve1.resolve = Resolve2.resolve let rec cfg destruct [#"../borrows.rs" 61 0 61 43] [@cfg:stackify] [@cfg:subregion_analysis] (x : (Borrows_NonZero_Type.t_nonzero, borrowed (Borrows_NonZero_Type.t_nonzero))) : () - requires {[#"../borrows.rs" 59 11 59 29] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a))) < Int32.to_int Max0.mAX'} + requires {[#"../borrows.rs" 59 11 59 29] Int.lt (Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a)))) (Int32.to_int Max0.mAX')} requires {[#"../borrows.rs" 60 11 60 23] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a))) <> - 1} requires {[#"../borrows.rs" 61 16 61 17] Inv0.inv x} @@ -877,7 +880,7 @@ module Borrows_FrozenDead_Interface type t = borrowed (Borrows_NonZero_Type.t_nonzero) clone Core_Num_Impl2_Max_Stub as Max0 val frozen_dead [#"../borrows.rs" 69 0 69 66] (x : borrowed (Borrows_NonZero_Type.t_nonzero)) (y : borrowed (Borrows_NonZero_Type.t_nonzero)) : () - requires {[#"../borrows.rs" 67 11 67 27] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * x)) < Int32.to_int Max0.mAX'} + requires {[#"../borrows.rs" 67 11 67 27] Int.lt (Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * x))) (Int32.to_int Max0.mAX')} requires {[#"../borrows.rs" 68 11 68 21] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * x)) <> - 1} requires {[#"../borrows.rs" 69 27 69 28] Inv0.inv x} requires {[#"../borrows.rs" 69 47 69 48] Inv0.inv y} @@ -917,7 +920,7 @@ module Borrows_FrozenDead clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with type t = Borrows_NonZero_Type.t_nonzero let rec cfg frozen_dead [#"../borrows.rs" 69 0 69 66] [@cfg:stackify] [@cfg:subregion_analysis] (x : borrowed (Borrows_NonZero_Type.t_nonzero)) (y : borrowed (Borrows_NonZero_Type.t_nonzero)) : () - requires {[#"../borrows.rs" 67 11 67 27] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * x)) < Int32.to_int Max0.mAX'} + requires {[#"../borrows.rs" 67 11 67 27] Int.lt (Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * x))) (Int32.to_int Max0.mAX')} requires {[#"../borrows.rs" 68 11 68 21] Int32.to_int (Borrows_NonZero_Type.nonzero_0 ( * x)) <> - 1} requires {[#"../borrows.rs" 69 27 69 28] Inv1.inv x} requires {[#"../borrows.rs" 69 47 69 48] Inv1.inv y} @@ -991,7 +994,7 @@ module Borrows_Impl2_Invariant use prelude.Int use Borrows_SumTo10_Type as Borrows_SumTo10_Type predicate invariant' [#"../borrows.rs" 86 4 86 30] (self : Borrows_SumTo10_Type.t_sumto10) = - [#"../borrows.rs" 87 20 87 43] Int32.to_int (Borrows_SumTo10_Type.sumto10_a self) + Int32.to_int (Borrows_SumTo10_Type.sumto10_b self) = 10 + [#"../borrows.rs" 87 20 87 43] Int.add (Int32.to_int (Borrows_SumTo10_Type.sumto10_a self)) (Int32.to_int (Borrows_SumTo10_Type.sumto10_b self)) = 10 val invariant' [#"../borrows.rs" 86 4 86 30] (self : Borrows_SumTo10_Type.t_sumto10) : bool ensures { result = invariant' self } @@ -1017,8 +1020,8 @@ module Borrows_Dec_Interface type t = int32, type ShallowModelTy0.shallowModelTy = int val dec [#"../borrows.rs" 107 0 107 23] (x : borrowed int32) : () - requires {[#"../borrows.rs" 105 11 105 25] ShallowModel0.shallow_model x > Int32.to_int Min0.mIN'} - ensures { [#"../borrows.rs" 106 10 106 25] Int32.to_int ( ^ x) = ShallowModel0.shallow_model x - 1 } + requires {[#"../borrows.rs" 105 11 105 25] Int.gt (ShallowModel0.shallow_model x) (Int32.to_int Min0.mIN')} + ensures { [#"../borrows.rs" 106 10 106 25] Int32.to_int ( ^ x) = Int.sub (ShallowModel0.shallow_model x) 1 } end module Borrows_Dec @@ -1035,8 +1038,8 @@ module Borrows_Dec clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with type t = int32 let rec cfg dec [#"../borrows.rs" 107 0 107 23] [@cfg:stackify] [@cfg:subregion_analysis] (x : borrowed int32) : () - requires {[#"../borrows.rs" 105 11 105 25] ShallowModel0.shallow_model x > Int32.to_int Min0.mIN'} - ensures { [#"../borrows.rs" 106 10 106 25] Int32.to_int ( ^ x) = ShallowModel0.shallow_model x - 1 } + requires {[#"../borrows.rs" 105 11 105 25] Int.gt (ShallowModel0.shallow_model x) (Int32.to_int Min0.mIN')} + ensures { [#"../borrows.rs" 106 10 106 25] Int32.to_int ( ^ x) = Int.sub (ShallowModel0.shallow_model x) 1 } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -1045,7 +1048,7 @@ module Borrows_Dec goto BB0 } BB0 { - x <- { x with current = ([#"../borrows.rs" 108 4 108 11] * x - ([#"../borrows.rs" 108 10 108 11] [#"../borrows.rs" 108 10 108 11] (1 : int32))) }; + x <- { x with current = ([#"../borrows.rs" 108 4 108 11] Int32.sub ( * x) ([#"../borrows.rs" 108 10 108 11] [#"../borrows.rs" 108 10 108 11] (1 : int32))) }; assume { Resolve0.resolve x }; _0 <- ([#"../borrows.rs" 107 24 109 1] ()); return _0 @@ -1068,7 +1071,7 @@ module Borrows_Impl3_Foo_Interface type t = borrowed (Borrows_SumTo10_Type.t_sumto10) clone Core_Num_Impl2_Max_Stub as Max0 val foo [#"../borrows.rs" 93 4 93 25] (self : borrowed (Borrows_SumTo10_Type.t_sumto10)) : () - requires {[#"../borrows.rs" 92 15 92 34] Int32.to_int (Borrows_SumTo10_Type.sumto10_a ( * self)) < Int32.to_int Max0.mAX'} + requires {[#"../borrows.rs" 92 15 92 34] Int.lt (Int32.to_int (Borrows_SumTo10_Type.sumto10_a ( * self))) (Int32.to_int Max0.mAX')} requires {[#"../borrows.rs" 93 20 93 24] Inv0.inv self} end @@ -1110,7 +1113,7 @@ module Borrows_Impl3_Foo function ShallowModel0.shallow_model = ShallowModel0.shallow_model, val Max0.mAX' = Max0.mAX' let rec cfg foo [#"../borrows.rs" 93 4 93 25] [@cfg:stackify] [@cfg:subregion_analysis] (self : borrowed (Borrows_SumTo10_Type.t_sumto10)) : () - requires {[#"../borrows.rs" 92 15 92 34] Int32.to_int (Borrows_SumTo10_Type.sumto10_a ( * self)) < Int32.to_int Max0.mAX'} + requires {[#"../borrows.rs" 92 15 92 34] Int.lt (Int32.to_int (Borrows_SumTo10_Type.sumto10_a ( * self))) (Int32.to_int Max0.mAX')} requires {[#"../borrows.rs" 93 20 93 24] Inv0.inv self} = [@vc:do_not_keep_trace] [@vc:sp] diff --git a/creusot/tests/should_succeed/type_invariants/generated.mlcfg b/creusot/tests/should_succeed/type_invariants/generated.mlcfg index d254958c45..0a450b7524 100644 --- a/creusot/tests/should_succeed/type_invariants/generated.mlcfg +++ b/creusot/tests/should_succeed/type_invariants/generated.mlcfg @@ -30,7 +30,7 @@ module Generated_Impl0_Invariant use prelude.Int use Generated_Sum10_Type as Generated_Sum10_Type predicate invariant' [#"../generated.rs" 9 4 9 30] (self : Generated_Sum10_Type.t_sum10) = - [#"../generated.rs" 10 20 10 43] Int32.to_int (Generated_Sum10_Type.sum10_0 self) + Int32.to_int (Generated_Sum10_Type.sum10_1 self) = 10 + [#"../generated.rs" 10 20 10 43] Int.add (Int32.to_int (Generated_Sum10_Type.sum10_0 self)) (Int32.to_int (Generated_Sum10_Type.sum10_1 self)) = 10 val invariant' [#"../generated.rs" 9 4 9 30] (self : Generated_Sum10_Type.t_sum10) : bool ensures { result = invariant' self } diff --git a/creusot/tests/should_succeed/type_invariants/generated/why3session.xml b/creusot/tests/should_succeed/type_invariants/generated/why3session.xml index 374444741c..0c1cd0cf9d 100644 --- a/creusot/tests/should_succeed/type_invariants/generated/why3session.xml +++ b/creusot/tests/should_succeed/type_invariants/generated/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/type_invariants/generated/why3shapes.gz b/creusot/tests/should_succeed/type_invariants/generated/why3shapes.gz index 40e4aa4054fad15d98e1287394bca94e77a72706..4a6491789f4b6bd63d68096f13411d8faa16dd01 100644 GIT binary patch literal 221 zcmV<303!b%iwFP!00000|6PtjZ-X!lh41+lxvk@bQxcNhC=$x<(>o3sk!VO0bkKHx ze`-QCZ719B`T6sqklP2J!zOQG-KJ%JkwzBJ;_}7Qd_&oZdnJAcHMuK5$y1?5~*gYUb>Ltm!(1gI20LhW&dy2*;+x9j;cC;&PwRnYkXUMHR}Pq0ZQ*#Btv z7wvx0Rbso$b}6sn@>va1uaBk^Xk}bhdEG)EmqiH6k!cv*5JzK)gQ-;r!Mf4uan#Yu X+8eKZ<&R!@@}>9z_+`>EP5}S_^!jY+ literal 220 zcmV<203-h&iwFP!00000|6Pu~Zo@DPgm*oKwzi(E-$>nD1BS8}H`bsF2{lmIshy;+ z-$ZgyBolc@9zQ-;eEp(BT=_XJ>o`xZ-16#$9e-$?&Zs+ft%5!vn$lGec_tw`)^1ax zJ_*R%$|kAp8~k298u~ixH$djNg52T~yQVmn-cN_`C;^zfq+!Yfw2U+zpWw1B;2zQb z9_|0pIoVKdrG(^URpi)_+FQNhxh=N5e&nL8VB8i_Ut! W3pSXbg9 0 + [#"../non_zero.rs" 10 20 10 31] Int.gt (UInt32.to_int (NonZero_NonZeroU32_Type.nonzerou32_0 self)) 0 val invariant' [#"../non_zero.rs" 9 4 9 30] (self : NonZero_NonZeroU32_Type.t_nonzerou32) : bool ensures { result = invariant' self } @@ -64,7 +64,7 @@ module NonZero_Impl1_New_Interface clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = NonZero_NonZeroU32_Type.t_nonzerou32 val new [#"../non_zero.rs" 16 4 16 30] (n : uint32) : NonZero_NonZeroU32_Type.t_nonzerou32 - requires {[#"../non_zero.rs" 15 15 15 21] UInt32.to_int n > 0} + requires {[#"../non_zero.rs" 15 15 15 21] Int.gt (UInt32.to_int n) 0} ensures { [#"../non_zero.rs" 16 26 16 30] Inv0.inv result } end @@ -80,7 +80,7 @@ module NonZero_Impl1_New predicate Invariant0.invariant' = Invariant0.invariant', axiom . let rec cfg new [#"../non_zero.rs" 16 4 16 30] [@cfg:stackify] [@cfg:subregion_analysis] (n : uint32) : NonZero_NonZeroU32_Type.t_nonzerou32 - requires {[#"../non_zero.rs" 15 15 15 21] UInt32.to_int n > 0} + requires {[#"../non_zero.rs" 15 15 15 21] Int.gt (UInt32.to_int n) 0} ensures { [#"../non_zero.rs" 16 26 16 30] Inv0.inv result } = [@vc:do_not_keep_trace] [@vc:sp] @@ -114,7 +114,7 @@ module NonZero_Impl1_Add_Interface type t = NonZero_NonZeroU32_Type.t_nonzerou32 clone Core_Num_Impl8_Max_Stub as Max0 val add [#"../non_zero.rs" 21 4 21 39] (self : NonZero_NonZeroU32_Type.t_nonzerou32) (rhs : NonZero_NonZeroU32_Type.t_nonzerou32) : NonZero_NonZeroU32_Type.t_nonzerou32 - requires {[#"../non_zero.rs" 20 15 20 44] UInt32.to_int (NonZero_NonZeroU32_Type.nonzerou32_0 self) + UInt32.to_int (NonZero_NonZeroU32_Type.nonzerou32_0 rhs) <= UInt32.to_int Max0.mAX'} + requires {[#"../non_zero.rs" 20 15 20 44] Int.le (Int.add (UInt32.to_int (NonZero_NonZeroU32_Type.nonzerou32_0 self)) (UInt32.to_int (NonZero_NonZeroU32_Type.nonzerou32_0 rhs))) (UInt32.to_int Max0.mAX')} requires {[#"../non_zero.rs" 21 15 21 19] Inv0.inv self} requires {[#"../non_zero.rs" 21 21 21 24] Inv0.inv rhs} ensures { [#"../non_zero.rs" 21 35 21 39] Inv0.inv result } @@ -133,7 +133,7 @@ module NonZero_Impl1_Add axiom . clone Core_Num_Impl8_Max as Max0 let rec cfg add [#"../non_zero.rs" 21 4 21 39] [@cfg:stackify] [@cfg:subregion_analysis] (self : NonZero_NonZeroU32_Type.t_nonzerou32) (rhs : NonZero_NonZeroU32_Type.t_nonzerou32) : NonZero_NonZeroU32_Type.t_nonzerou32 - requires {[#"../non_zero.rs" 20 15 20 44] UInt32.to_int (NonZero_NonZeroU32_Type.nonzerou32_0 self) + UInt32.to_int (NonZero_NonZeroU32_Type.nonzerou32_0 rhs) <= UInt32.to_int Max0.mAX'} + requires {[#"../non_zero.rs" 20 15 20 44] Int.le (Int.add (UInt32.to_int (NonZero_NonZeroU32_Type.nonzerou32_0 self)) (UInt32.to_int (NonZero_NonZeroU32_Type.nonzerou32_0 rhs))) (UInt32.to_int Max0.mAX')} requires {[#"../non_zero.rs" 21 15 21 19] Inv0.inv self} requires {[#"../non_zero.rs" 21 21 21 24] Inv0.inv rhs} ensures { [#"../non_zero.rs" 21 35 21 39] Inv0.inv result } @@ -146,7 +146,7 @@ module NonZero_Impl1_Add goto BB0 } BB0 { - _0 <- ([#"../non_zero.rs" 22 8 22 28] NonZero_NonZeroU32_Type.C_NonZeroU32 ([#"../non_zero.rs" 22 13 22 27] NonZero_NonZeroU32_Type.nonzerou32_0 self + NonZero_NonZeroU32_Type.nonzerou32_0 rhs)); + _0 <- ([#"../non_zero.rs" 22 8 22 28] NonZero_NonZeroU32_Type.C_NonZeroU32 ([#"../non_zero.rs" 22 13 22 27] UInt32.add (NonZero_NonZeroU32_Type.nonzerou32_0 self) (NonZero_NonZeroU32_Type.nonzerou32_0 rhs))); return _0 } @@ -171,7 +171,7 @@ module NonZero_Impl1_SubPre predicate sub_pre [#"../non_zero.rs" 27 4 27 43] (self : NonZero_NonZeroU32_Type.t_nonzerou32) (rhs : NonZero_NonZeroU32_Type.t_nonzerou32) = - [#"../non_zero.rs" 28 20 28 36] UInt32.to_int (NonZero_NonZeroU32_Type.nonzerou32_0 self) > UInt32.to_int (NonZero_NonZeroU32_Type.nonzerou32_0 rhs) + [#"../non_zero.rs" 28 20 28 36] Int.gt (UInt32.to_int (NonZero_NonZeroU32_Type.nonzerou32_0 self)) (UInt32.to_int (NonZero_NonZeroU32_Type.nonzerou32_0 rhs)) val sub_pre [#"../non_zero.rs" 27 4 27 43] (self : NonZero_NonZeroU32_Type.t_nonzerou32) (rhs : NonZero_NonZeroU32_Type.t_nonzerou32) : bool ensures { result = sub_pre self rhs } @@ -281,7 +281,7 @@ module NonZero_Impl1_Sub goto BB0 } BB0 { - _0 <- ([#"../non_zero.rs" 41 8 41 28] NonZero_NonZeroU32_Type.C_NonZeroU32 ([#"../non_zero.rs" 41 13 41 27] NonZero_NonZeroU32_Type.nonzerou32_0 self - NonZero_NonZeroU32_Type.nonzerou32_0 rhs)); + _0 <- ([#"../non_zero.rs" 41 8 41 28] NonZero_NonZeroU32_Type.C_NonZeroU32 ([#"../non_zero.rs" 41 13 41 27] UInt32.sub (NonZero_NonZeroU32_Type.nonzerou32_0 self) (NonZero_NonZeroU32_Type.nonzerou32_0 rhs))); return _0 } diff --git a/creusot/tests/should_succeed/type_invariants/non_zero/why3session.xml b/creusot/tests/should_succeed/type_invariants/non_zero/why3session.xml index 027b856eda..3fcdc669b5 100644 --- a/creusot/tests/should_succeed/type_invariants/non_zero/why3session.xml +++ b/creusot/tests/should_succeed/type_invariants/non_zero/why3session.xml @@ -2,28 +2,28 @@ - - + + - + - + - + - + diff --git a/creusot/tests/should_succeed/type_invariants/non_zero/why3shapes.gz b/creusot/tests/should_succeed/type_invariants/non_zero/why3shapes.gz index 73062cbc555680187a1510010f2e5a0134cbd5a2..eab4ae5fe137ecec4d1aa6c1eae83af1dccef9e1 100644 GIT binary patch literal 372 zcmV-)0gL`0iwFP!00000|AkS@PQx$|yyq)?D-H~`7u^j-fp|g z^1f}JxN9F2T3pe>qJ`TPJr6Xr<+>RxxPY}wQMa9F`0E5sk2Gynpe<+^;&|CgEJ6HVqZ~SF`V*nXW2j-kG*m;^=Rys#(@@Xg zw`Nto_q;b2KJ!0g$3~(EYF%X{Q_KL7C^b$JAuvdp)Xq791r#!3!$}3~9r)B$h7xVG zbE;wV#(lL6UlF1aHXEbS8!Fdz@O literal 365 zcmV-z0h0b7iwFP!00000|BX@0PQx$|yyq)?D-qi_!k)ldfDj{xIh)cAIZIJ^` zNz(HBIJ7BMs0yce)-$u7$<>^6Z@94?+1a+M8-GV6nO{d(`yIA5`hKS4j{)g;wVy7F zr^dh9ws~ftVT}t7ny%LPfPGWczSp!0RJ|mwX^FR=XH@zh^YV`$g~>A3Yx6aKQKMWp>Pg#zfd{%VN`7Er$R@CH&i0 zi~UDtM}`=#e(2(HvU`GIg4uEJ!K3I~^xc^z<_ zfldQNQDqY2q+&9zcnr*-H6?{g@+ziA0T9S(9!JupEGbhaoIwSMTw`j36yhiA1GINx8KOh6$0m2sGt{;G#^00jG?r7&<4I3=6n(&KjcfB+$M9 Ll^4+o0s{a5L$Ipl diff --git a/creusot/tests/should_succeed/type_invariants/vec_inv.mlcfg b/creusot/tests/should_succeed/type_invariants/vec_inv.mlcfg index 4ff5c248fe..2dcb2a2dc4 100644 --- a/creusot/tests/should_succeed/type_invariants/vec_inv.mlcfg +++ b/creusot/tests/should_succeed/type_invariants/vec_inv.mlcfg @@ -30,7 +30,7 @@ module VecInv_Impl0_Invariant use prelude.Int use VecInv_SumTo10_Type as VecInv_SumTo10_Type predicate invariant' [#"../vec_inv.rs" 12 4 12 30] (self : VecInv_SumTo10_Type.t_sumto10) = - [#"../vec_inv.rs" 13 20 13 43] Int32.to_int (VecInv_SumTo10_Type.sumto10_a self) + Int32.to_int (VecInv_SumTo10_Type.sumto10_b self) = 10 + [#"../vec_inv.rs" 13 20 13 43] Int.add (Int32.to_int (VecInv_SumTo10_Type.sumto10_a self)) (Int32.to_int (VecInv_SumTo10_Type.sumto10_b self)) = 10 val invariant' [#"../vec_inv.rs" 12 4 12 30] (self : VecInv_SumTo10_Type.t_sumto10) : bool ensures { result = invariant' self } @@ -134,11 +134,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -156,11 +156,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module Alloc_Alloc_Global_Type type t_global = @@ -246,6 +246,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve type t use prelude.Int use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -267,7 +268,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve predicate Inv1.inv = Inv1.inv, axiom . predicate resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) = - [#"../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Resolve0.resolve (IndexLogic0.index_logic self i) + [#"../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Resolve0.resolve (IndexLogic0.index_logic self i) val resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = resolve self } @@ -341,6 +342,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -402,7 +404,7 @@ module VecInv_Vec_Interface predicate Inv1.inv = Inv1.inv, axiom . val vec [#"../vec_inv.rs" 18 0 18 32] (x : Alloc_Vec_Vec_Type.t_vec (borrowed (VecInv_SumTo10_Type.t_sumto10)) (Alloc_Alloc_Global_Type.t_global)) : () - requires {[#"../vec_inv.rs" 17 11 17 23] Seq.length (ShallowModel0.shallow_model x) > 0} + requires {[#"../vec_inv.rs" 17 11 17 23] Int.gt (Seq.length (ShallowModel0.shallow_model x)) 0} requires {[#"../vec_inv.rs" 18 11 18 12] Inv0.inv x} end @@ -485,7 +487,7 @@ module VecInv_Vec val Max0.mAX' = Max0.mAX', predicate Inv1.inv = Inv1.inv let rec cfg vec [#"../vec_inv.rs" 18 0 18 32] [@cfg:stackify] [@cfg:subregion_analysis] (x : Alloc_Vec_Vec_Type.t_vec (borrowed (VecInv_SumTo10_Type.t_sumto10)) (Alloc_Alloc_Global_Type.t_global)) : () - requires {[#"../vec_inv.rs" 17 11 17 23] Seq.length (ShallowModel0.shallow_model x) > 0} + requires {[#"../vec_inv.rs" 17 11 17 23] Int.gt (Seq.length (ShallowModel0.shallow_model x)) 0} requires {[#"../vec_inv.rs" 18 11 18 12] Inv0.inv x} = [@vc:do_not_keep_trace] [@vc:sp] @@ -500,7 +502,7 @@ module VecInv_Vec goto BB1 } BB1 { - assert { [@expl:assertion] [#"../vec_inv.rs" 19 20 19 43] Int32.to_int (VecInv_SumTo10_Type.sumto10_a ( * IndexLogic0.index_logic x 0)) + Int32.to_int (VecInv_SumTo10_Type.sumto10_b ( * IndexLogic0.index_logic x 0)) = 10 }; + assert { [@expl:assertion] [#"../vec_inv.rs" 19 20 19 43] Int.add (Int32.to_int (VecInv_SumTo10_Type.sumto10_a ( * IndexLogic0.index_logic x 0))) (Int32.to_int (VecInv_SumTo10_Type.sumto10_b ( * IndexLogic0.index_logic x 0))) = 10 }; goto BB2 } BB2 { diff --git a/creusot/tests/should_succeed/type_invariants/vec_inv/why3session.xml b/creusot/tests/should_succeed/type_invariants/vec_inv/why3session.xml index 92135c671d..71be8d3295 100644 --- a/creusot/tests/should_succeed/type_invariants/vec_inv/why3session.xml +++ b/creusot/tests/should_succeed/type_invariants/vec_inv/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/type_invariants/vec_inv/why3shapes.gz b/creusot/tests/should_succeed/type_invariants/vec_inv/why3shapes.gz index db78d5985dbf6c9f0300123900fbfd0a6c7e89ce..1fd9a134621ec6482dcd3081f7abbcc03c301cf0 100644 GIT binary patch literal 283 zcmV+$0p$K4iwFP!00000|80;>Zi6roh4-AoyR@uqY)n!m3sec23yiudn%IUQ8Qg$F zd;AhWYSnZ#f1l>PnWvbH7yPgznd~sOzJDQ-#Lp47{e(k{eb@oL-YcNR+IFG&n+ znJ{2Q6qYoBWThB3HUI}v;t>Qo+c)6?JjdfnQxL^MbKo=W>^8>PiF5w5>b$WIQVhOo z`+!~kwp$eWU!uHs1*EHHf|J$N`BsC>fB9!1uPY~K?u2N}wwd90>w;&rLX2m`*ssd@ zrqz&X`oNqY8O>;kgB`t_EM%LTEZ^c!-Gu*7oL3YPypq}v^Z#`eiNjg!GsCggHbrfP hMoF38Q{)Gp8bLB8RjP#IDp5?)=o|hPOR&HJ000I?iaY=S literal 283 zcmV+$0p$K4iwFP!00000|80=ZPJ}QJ#_xR!ZmW1{X(@{V6JkQTFEH^W8A@SEfV$8{ zA72(oG_I%l_se|W%!BVuXZ$deH=A*4?eOeL&wnJ?4l|A|4(eXnXjU= zO{*c&^o}X-8O`VkM>E-OHW2MzqHK>p^~?YFEgNzIuU>7(<@uVBNNN$pr4Dsm3&vxq hV;z^r3PT}FDYzFYsX`?bSAk-Rl5Z2ePXoOH002WVg&zO_ diff --git a/creusot/tests/should_succeed/unnest.mlcfg b/creusot/tests/should_succeed/unnest.mlcfg index c5833a7a98..7dd6f37c1c 100644 --- a/creusot/tests/should_succeed/unnest.mlcfg +++ b/creusot/tests/should_succeed/unnest.mlcfg @@ -15,6 +15,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -23,8 +24,8 @@ module CreusotContracts_Resolve_Impl1_Resolve end module Unnest_Unnest_Interface use prelude.Borrow - use prelude.Int use prelude.UInt32 + use prelude.Int val unnest [#"../unnest.rs" 8 0 8 64] (x : borrowed (borrowed uint32)) : borrowed uint32 ensures { [#"../unnest.rs" 5 10 5 24] * result = * * x } ensures { [#"../unnest.rs" 6 10 6 24] ^ result = * ^ x } diff --git a/creusot/tests/should_succeed/unnest/why3session.xml b/creusot/tests/should_succeed/unnest/why3session.xml index 103f7cd781..c616da8c92 100644 --- a/creusot/tests/should_succeed/unnest/why3session.xml +++ b/creusot/tests/should_succeed/unnest/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/unnest/why3shapes.gz b/creusot/tests/should_succeed/unnest/why3shapes.gz index 82d820ba627d744fe4a1323a9d67fba3a16f8b5b..6ed1cde5fd2c9d5af08e146a5871654fd46c66bc 100644 GIT binary patch literal 191 zcmV;w06_mAiwFP!00000|5c7n4uUWch4(#0cWPIqKtU50#)QZPW=S&OG!l`TR`L1* zRTCET^JenByshB=iVyO9BP5l-*nmBZwqd^0eev8{7oU5=j4%06>jm0Sko%dOQzr>7e+z!^@&2FvSe`L t#yb8Q2J%nFkkTgBd8U=jsBJSs%<_HH7}FZeb<3l(WFNh9@*N2Q001>DTG#*p literal 192 zcmV;x06+g9iwFP!00000|5c954uUWcMfd%R?$oYIDIg{+j0uq+m?ge&ik2{ldbGL$rD?TXjfqZCPf8Z$>JB9_;C_s+A26>z$Bq)AD%wqgk=qb2vAc+5K z1Zjl@q}Vv`-J8tjew%UI_Sk_cr*8s!nxlsvYq`ZMVoj@so--{za%L1nU!Q16RF(`* u+&a%+eNW-Z7-po5**Ce#h$N;LYpgVSuT_&-of{sVCHnxX-=Y%<0RRB)iBqir diff --git a/creusot/tests/should_succeed/vecdeque.mlcfg b/creusot/tests/should_succeed/vecdeque.mlcfg index 02fe9dbd52..af94fcdf53 100644 --- a/creusot/tests/should_succeed/vecdeque.mlcfg +++ b/creusot/tests/should_succeed/vecdeque.mlcfg @@ -105,11 +105,11 @@ module CreusotContracts_Std1_Deque_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque t a) : Seq.seq t val shallow_model (self : Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/deque.rs" 12 21 12 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/deque.rs" 11 14 11 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/deque.rs" 11 14 11 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/deque.rs" 12 4 12 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque t a . ([#"../../../../creusot-contracts/src/std/deque.rs" 12 21 12 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/deque.rs" 12 4 12 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/deque.rs" 11 14 11 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque t a . ([#"../../../../creusot-contracts/src/std/deque.rs" 12 21 12 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/deque.rs" 12 4 12 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/deque.rs" 11 14 11 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Deque_Impl0_ShallowModel type t @@ -127,11 +127,11 @@ module CreusotContracts_Std1_Deque_Impl0_ShallowModel function shallow_model (self : Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque t a) : Seq.seq t val shallow_model (self : Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque t a) : Seq.seq t requires {[#"../../../../creusot-contracts/src/std/deque.rs" 12 21 12 25] Inv0.inv self} - ensures { [#"../../../../creusot-contracts/src/std/deque.rs" 11 14 11 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../creusot-contracts/src/std/deque.rs" 11 14 11 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../creusot-contracts/src/std/deque.rs" 12 4 12 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque t a . ([#"../../../../creusot-contracts/src/std/deque.rs" 12 21 12 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/deque.rs" 12 4 12 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/deque.rs" 11 14 11 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque t a . ([#"../../../../creusot-contracts/src/std/deque.rs" 12 21 12 25] Inv0.inv self) -> ([#"../../../../creusot-contracts/src/std/deque.rs" 12 4 12 36] Inv1.inv (shallow_model self)) && ([#"../../../../creusot-contracts/src/std/deque.rs" 11 14 11 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module Alloc_Collections_VecDeque_Impl4_WithCapacity_Interface type t @@ -220,6 +220,8 @@ module Alloc_Collections_VecDeque_Impl5_IsEmpty_Interface type t type a use seq.Seq + use prelude.Int + use prelude.Bool use prelude.Borrow use seq.Seq use Alloc_Collections_VecDeque_VecDeque_Type as Alloc_Collections_VecDeque_VecDeque_Type @@ -238,8 +240,8 @@ module Alloc_Collections_VecDeque_Impl5_Len_Interface type a use prelude.UIntSize use seq.Seq - use prelude.Borrow use prelude.Int + use prelude.Borrow use seq.Seq use Alloc_Collections_VecDeque_VecDeque_Type as Alloc_Collections_VecDeque_VecDeque_Type clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with @@ -255,6 +257,7 @@ end module Alloc_Collections_VecDeque_Impl4_New_Interface type t use seq.Seq + use prelude.Int use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -311,6 +314,8 @@ module Alloc_Collections_VecDeque_Impl5_PopFront_Interface use prelude.Borrow use seq.Seq use seq_ext.SeqExt + use prelude.Bool + use prelude.Int use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv3 with type t = Seq.seq t @@ -403,6 +408,7 @@ module CreusotContracts_Model_Impl4_DeepModel end module Core_Option_Impl14_Eq_Interface type t + use prelude.Bool use prelude.Borrow use Core_Option_Option_Type as Core_Option_Option_Type clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with @@ -425,6 +431,7 @@ module Alloc_Collections_VecDeque_Impl5_PopBack_Interface use seq.Seq use prelude.Int use seq_ext.SeqExt + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv3 with type t = Seq.seq t @@ -450,7 +457,7 @@ module Alloc_Collections_VecDeque_Impl5_PopBack_Interface val pop_back (self : borrowed (Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque t a)) : Core_Option_Option_Type.t_option t requires {Inv0.inv self} ensures { [#"../../../../creusot-contracts/src/std/deque.rs" 82 26 87 17] match (result) with - | Core_Option_Option_Type.C_Some t -> ShallowModel0.shallow_model ( ^ self) = SeqExt.subsequence (ShallowModel1.shallow_model self) 0 (Seq.length (ShallowModel1.shallow_model self) - 1) /\ ShallowModel1.shallow_model self = Seq.snoc (ShallowModel0.shallow_model ( ^ self)) t + | Core_Option_Option_Type.C_Some t -> ShallowModel0.shallow_model ( ^ self) = SeqExt.subsequence (ShallowModel1.shallow_model self) 0 (Int.sub (Seq.length (ShallowModel1.shallow_model self)) 1) /\ ShallowModel1.shallow_model self = Seq.snoc (ShallowModel0.shallow_model ( ^ self)) t | Core_Option_Option_Type.C_None -> * self = ^ self /\ Seq.length (ShallowModel1.shallow_model self) = 0 end } ensures { Inv1.inv result } @@ -462,6 +469,7 @@ module Alloc_Collections_VecDeque_Impl5_PushFront_Interface use prelude.Borrow use seq.Seq use prelude.Int + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv3 with type t = Seq.seq t @@ -486,7 +494,7 @@ module Alloc_Collections_VecDeque_Impl5_PushFront_Interface val push_front (self : borrowed (Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque t a)) (value : t) : () requires {Inv0.inv self} requires {Inv1.inv value} - ensures { [#"../../../../creusot-contracts/src/std/deque.rs" 90 26 90 59] Seq.length (ShallowModel0.shallow_model ( ^ self)) = Seq.length (ShallowModel1.shallow_model self) + 1 } + ensures { [#"../../../../creusot-contracts/src/std/deque.rs" 90 26 90 59] Seq.length (ShallowModel0.shallow_model ( ^ self)) = Int.add (Seq.length (ShallowModel1.shallow_model self)) 1 } ensures { [#"../../../../creusot-contracts/src/std/deque.rs" 91 26 91 73] ShallowModel0.shallow_model ( ^ self) = Seq.(++) (Seq.singleton value) (ShallowModel1.shallow_model self) } end @@ -495,6 +503,7 @@ module Alloc_Collections_VecDeque_Impl5_PushBack_Interface type a use prelude.Borrow use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv3 with type t = Seq.seq t @@ -527,6 +536,7 @@ module Alloc_Collections_VecDeque_Impl5_Clear_Interface type a use prelude.Borrow use seq.Seq + use prelude.Int use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv2 with type t = Seq.seq t @@ -841,7 +851,7 @@ module Vecdeque_TestDeque goto BB5 } BB5 { - switch ([#"../vecdeque.rs" 9 4 9 29] not ([#"../vecdeque.rs" 9 12 9 28] _10 = ([#"../vecdeque.rs" 9 27 9 28] [#"../vecdeque.rs" 9 27 9 28] (0 : usize)))) + switch ([#"../vecdeque.rs" 9 4 9 29] not ([#"../vecdeque.rs" 9 12 9 28] UIntSize.eq _10 ([#"../vecdeque.rs" 9 27 9 28] [#"../vecdeque.rs" 9 27 9 28] (0 : usize)))) | False -> goto BB7 | True -> goto BB6 end @@ -871,7 +881,7 @@ module Vecdeque_TestDeque goto BB12 } BB12 { - switch ([#"../vecdeque.rs" 14 4 14 29] not ([#"../vecdeque.rs" 14 12 14 28] _22 = ([#"../vecdeque.rs" 14 27 14 28] [#"../vecdeque.rs" 14 27 14 28] (0 : usize)))) + switch ([#"../vecdeque.rs" 14 4 14 29] not ([#"../vecdeque.rs" 14 12 14 28] UIntSize.eq _22 ([#"../vecdeque.rs" 14 27 14 28] [#"../vecdeque.rs" 14 27 14 28] (0 : usize)))) | False -> goto BB14 | True -> goto BB13 end diff --git a/creusot/tests/should_succeed/vecdeque/why3session.xml b/creusot/tests/should_succeed/vecdeque/why3session.xml index b0bba52d87..34443537e7 100644 --- a/creusot/tests/should_succeed/vecdeque/why3session.xml +++ b/creusot/tests/should_succeed/vecdeque/why3session.xml @@ -2,7 +2,7 @@ - + @@ -10,103 +10,103 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/vecdeque/why3shapes.gz b/creusot/tests/should_succeed/vecdeque/why3shapes.gz index b3c323509587904330464560fa86c56d5409f775..4bc8156e97fdaf2a1d399f00d0dd3b6fbd551064 100644 GIT binary patch literal 1993 zcmV;)2R8U0iwFP!00000|J7MbZydQ1zUx=$wu$#bvK}l3$U!h5(3e~iG;*@Q=dJ)* zV_Wj(@28qQJ>!vP#@@tFz<_Jmtg5d*vL1x~^5XL0_w=?sT>jDCKiqEa|8~ijFaCP* z_%7Yv|1p{Ctz;*=if(eN2otO#PPmFR(JJ!9*B9xo>A(Bm9)C~j>+WvzpPM(E+U_Qw z9yd3)_mAn#)xUqa8mdosyjrYywet6)MpA9>KD1&k28iX?#oPC-Z0_srqXsl9-r#Mz zPInJ2{pJo){E)oW#7ENd~6SoH;ZlkxJ7+q%{fEEj5Wo)Q=z?E$8EQPTi$tF<8Gixm0)-*H)Nco%+)(`W*Yt3E|Jz-A+}uy{gs)-a>Z#(goE|>p zhuPPCX-5nfdz6XA>C2mcZr-%%1kH>7@Vf-}daLx0&3)78!-&c)k`n5Ddi#F!X7ku8 zj8AsA$NDNar&Tcr* zZYYEPlk5d$|I-|YJ;!0|b>$dj<#?86j(NwiTbbQ%nmOjN37#g=$E1QBa=fa1%rUMx z>GmAM3=MJRcqw?~S@2JetAQgLUI@>!&O z3Mn5Vbw^ZJq_V=>Bc)+Oc1Rbgz;R!4fE<&!pw zX8;I~CW)$^OA^AA|payQkUD&=^*lRXRqqY922^43o7->77;1(93YX2I=?Ds6n%pt6gx5*Og>; zE6MB@l5t0}S*hh+HS*(r->^ADGP^^PSCs>j*L?ANl4U^KwY3S&wonH^9VtJg!8iTo_37b;BT z)TFNR4h@~I`qL;3`(L!cQE0RZI85x*$1F}2FGT=XZM2)Hrsfb$#MvH+m?X zywLjf+UpvBcu%(LPdp7CT^o)tgEFs?;;-u!ye7z}GP zTZVDmD5UXu307ZRuw@u^gB$WQ*vIaZdb9Q;M1*CPl9&1q|`v*J@R zJp*Atq*`5De4f&-xl3<0c(Ukg51krPVf0onQ=&3F`)D~@iWX1WDbfULBbQz2HMb@$ zU@fKhFhhYEg;f~xS=JhJ?%)gg(8VR70-b!XAs78Yen#bNbmnsn`YL*$)^<#;5)Sn5gR7D-q~j1s{|;4kbtYvn28Tp(`+tZjnWg__641?;Fk=px#PiXnUz z3?S4^(UPah1;tla3znu2L}vh+?E?dRbr>xHvo+nC=GiiJrzKJVHB&{e0L|x)s(@b? zM(D1ZqELjjMFMCh>salmP)ppU3^pX9kI3HwPtAF5M}`3{012{oCau!g>)hYmz!SbH zB<((odPPIxk}$Wxy|>i0)Ky@rVTME)2_m^jHj?>I<&%6F*b7zy^o&DiZDcyNInvOADpRjw_U3*i{80xdeKHx zwUejB4%33u{t!@m$D*yF=d4vc>4Z>_3H6bRItFTsA5bYWMuy1l`vWdj`!!ebUHiCB zr$w~*b0%*ZSPyvs4v{6Ys`3wnT!-nb+&n2GCIR%qk|_ z37$Mt)>yFj>_NMT;ofrao@g1ge288(ef0dJhhuE>$s4IUqSyp2Cp4uyt1p0N$7{kw z`KclT+kN*UIRE`jUobhN4xv_`#7K@?o^wQ86#LUeBs!W{ndA1@;lBHn zM#&P2f>D09&~ngu(6|mzwTD>fLEpvtj7iu_X*`~0;-m0S8D01KD)FEXL11*EmAWBFChQ`lrQ|6 literal 1959 zcmV;Y2Uz$YiwFP!00000|J7GZZzQ=5zWZ1Bw#f_@kSIQ+AUPNV80AYY2?{x_q35mv zk9*ekZ2o>&s;+LgUEQ86<_Q=uyQ)6&<0p}#{_^Jh;kWpqKAiti?;mb9cYizQ^EZDz zd;C4#-2E|{%dKTcyO=P-V!F{SCXTq6G}2=7$d_mF@BfIm_3qcl-=fC4z1{rx`u(QV z+fm}<=KALDF}}a}&rcT}`uvNl*^8)`btkdZ-#^xD&N_+t*V%{rnm2dl=1~)xfY*2v zFXQb)jsL#?SdVzJdsh>pe|k2)J8zr&^T+z|cs={pms{4?)|_(G-B^>&l^P!v!1&V^ zwvDkE$Mdp>iP;&(pPr3fLh+o>6ZQZnfgJ|$lK%8;_i{4c#A|1spk~X)U#91szU$UI zeRmKFI`Hk=_;7Rg>ur79+>QR33f;%WbKv|qK733MQ>?pOR~%=%n%^As-SxjV@9TI( zycyr)&dL3<1^sh#S2gj_vx3=DB}C$f`_22!V=b<~vb&G$^mdj@o-JFc^}{wF{rceN z4zgRdiAPwZ-Kz|pTG*)^)>RJi;ck;xL=0nCS2vtiH)IokKB`?%?O#_o>=h2%n2W;B zFA7iAq%iLkhDF!yN0Y+bKXT6toxxsVH&H`e6y93d9xdGdd3<{; zZNwS73VKosD&b4$!jl(rd!E>R@Q&wfWjM)`Pw?bpJo%6(tUwo@ej&H#N!^Fv@tm#f z)?@jVjXOo~GeBd|vSzf8!4sBtYo^v(RnVc}qqg%G1PE8lL!qb2gYbCsQRu6sq4=dV z2)FT;(jd2#2D!O3Xjd9`DG1uNA?dPQlRZ%y#}RDU+?b z7Pv{GV|oCc-rTZ;&W}#k1H5ux>jxLdEA;FPk)1Iq6`ysVHOt;w$u1PK32dzA z)(zedGVnkH4sL+K4(7}z)*f4|umxfA9%61;?1b{xw{vTTFucS`%*6y2MYm?fErUKM0lvLr5rB;XSB7`iFJzzPDw5-l2IT@{1bCz0aj z$UImYEFN_trd7k4oCVjarXsm!i%kerI?fXX>jx{ZyQ&I>lvApxE`sx=`jBi*th#6G zCO)9v!Y6rSD7tP5LJCC+X6>Vb#f8bS_?ouFKHZ`5UWu@;5g4256H^pb&ZBKCX{M)t zFo69(+*T<}rC>NHTkUt+NM!l&e%GH#@Q9M-vi%fOM4Ixy_f))~?$&OG+ zDn-;hA&Qo*AxzMBAFGwJ#0NMw+<%|VL z8bE7iYD&J6No`tR)Ia!A1f*#r(h|o|oR*7LPtKfb!wRJ|?%e}uRTk}C+-regAUlw<3IqDD!YWzN zg0$L4gHOrTz*dh9%uZXjH>I<3-+-77s?j7!dXkYV+Ow**MYLX2#b#}9iR1^8ffPss z;n!wZOVrvTVsIFU5Q|<6vYx~?g9C$|Vfe-*1t5s2qFq1fXyzLQRa6hL=8aB0y%^aI z33b^=ptcG z!a9Oj>LVQc?~ZmfnJq=q!PV(W%zEc4Hu(gk9l%JK&InQF;rpUZI^|*rdZUcGd0G2| zR+`ZPaKkuSs)j5)dk1>&Z_BzA0U^= zdNkVRTe7Wry-midV_!?vSSUIVPV3?|9T>d*VUo%v6@)aMVJ7O$*x1s%b9%!w7<{um tDH=TfV0ksuScg-rj diff --git a/creusot/tests/should_succeed/vector/01.mlcfg b/creusot/tests/should_succeed/vector/01.mlcfg index 869318a7fe..7674f9c6d6 100644 --- a/creusot/tests/should_succeed/vector/01.mlcfg +++ b/creusot/tests/should_succeed/vector/01.mlcfg @@ -94,11 +94,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -116,11 +116,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub type t @@ -289,6 +289,7 @@ end module CreusotContracts_Std1_Iter_Range_Impl0_Produces type idx use seq.Seq + use prelude.Bool use prelude.Int use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with @@ -298,7 +299,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Produces predicate produces (self : Core_Ops_Range_Range_Type.t_range idx) (visited : Seq.seq idx) (o : Core_Ops_Range_Range_Type.t_range idx) = - [#"../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) <= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) /\ (Seq.length visited > 0 -> DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) <= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end o)) /\ Seq.length visited = DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) - DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> DeepModel0.deep_model (Seq.get visited i) = DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) + i) + [#"../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ Int.le (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) /\ (Int.gt (Seq.length visited) 0 -> Int.le (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end o))) /\ Seq.length visited = Int.sub (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length visited) -> DeepModel0.deep_model (Seq.get visited i) = Int.add (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) i) val produces (self : Core_Ops_Range_Range_Type.t_range idx) (visited : Seq.seq idx) (o : Core_Ops_Range_Range_Type.t_range idx) : bool ensures { result = produces self visited o } @@ -381,6 +382,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -403,8 +405,8 @@ module Alloc_Vec_Impl1_Len_Interface type a use prelude.UIntSize use seq.Seq - use prelude.Borrow use prelude.Int + use prelude.Borrow use seq.Seq use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with @@ -666,6 +668,7 @@ module Alloc_Vec_Impl13_IndexMut_Interface type a use prelude.Borrow use seq.Seq + use prelude.Int use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv4 with @@ -749,6 +752,7 @@ module CreusotContracts_Std1_Iter_Impl0_IntoIterPost_Interface end module CreusotContracts_Std1_Iter_Impl0_IntoIterPost type i + use prelude.Bool predicate into_iter_post (self : i) (res : i) = [#"../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19] self = res val into_iter_post (self : i) (res : i) : bool @@ -907,6 +911,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Completed type idx use prelude.Borrow use prelude.Int + use prelude.Bool use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with type self = idx, @@ -915,7 +920,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Completed clone CreusotContracts_Resolve_Impl1_Resolve_Stub as Resolve0 with type t = Core_Ops_Range_Range_Type.t_range idx predicate completed (self : borrowed (Core_Ops_Range_Range_Type.t_range idx)) = - [#"../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78] Resolve0.resolve self /\ DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start ( * self)) >= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end ( * self)) + [#"../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78] Resolve0.resolve self /\ Int.ge (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start ( * self))) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end ( * self))) val completed (self : borrowed (Core_Ops_Range_Range_Type.t_range idx)) : bool ensures { result = completed self } @@ -943,7 +948,7 @@ module CreusotContracts_Std1_Slice_Impl5_InBounds use prelude.UIntSize use seq.Seq predicate in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) = - [#"../../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] UIntSize.to_int self < Seq.length seq + [#"../../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] Int.lt (UIntSize.to_int self) (Seq.length seq) val in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) : bool ensures { result = in_bounds self seq } @@ -970,6 +975,7 @@ module CreusotContracts_Std1_Slice_Impl5_HasValue use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) = [#"../../../../../creusot-contracts/src/std/slice.rs" 115 20 115 37] Seq.get seq (UIntSize.to_int self) = out val has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) : bool @@ -998,8 +1004,9 @@ module CreusotContracts_Std1_Slice_Impl5_ResolveElswhere use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) = - [#"../../../../../creusot-contracts/src/std/slice.rs" 122 8 122 96] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i + [#"../../../../../creusot-contracts/src/std/slice.rs" 122 8 122 96] forall i : int . Int.le 0 i /\ i <> UIntSize.to_int self /\ Int.lt i (Seq.length old') -> Seq.get old' i = Seq.get fin i val resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) : bool ensures { result = resolve_elswhere self old' fin } @@ -1008,6 +1015,7 @@ module C01_AllZero_Interface use prelude.Int use prelude.Borrow use seq.Seq + use prelude.Bool use prelude.UInt32 use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with @@ -1031,7 +1039,7 @@ module C01_AllZero_Interface predicate Inv1.inv = Inv1.inv, axiom . val all_zero [#"../01.rs" 7 0 7 33] (v : borrowed (Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global))) : () - ensures { [#"../01.rs" 5 0 5 73] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model ( ^ v)) -> IndexLogic0.index_logic ( ^ v) i = (0 : uint32) } + ensures { [#"../01.rs" 5 0 5 73] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model ( ^ v))) -> IndexLogic0.index_logic ( ^ v) i = (0 : uint32) } ensures { [#"../01.rs" 6 10 6 33] Seq.length (ShallowModel1.shallow_model v) = Seq.length (ShallowModel0.shallow_model ( ^ v)) } end @@ -1040,6 +1048,7 @@ module C01_AllZero use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool use prelude.Borrow use prelude.UInt32 use seq.Seq @@ -1207,7 +1216,7 @@ module C01_AllZero predicate Inv0.inv = Inv1.inv, function ShallowModel0.shallow_model = ShallowModel3.shallow_model let rec cfg all_zero [#"../01.rs" 7 0 7 33] [@cfg:stackify] [@cfg:subregion_analysis] (v : borrowed (Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global))) : () - ensures { [#"../01.rs" 5 0 5 73] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel2.shallow_model ( ^ v)) -> IndexLogic0.index_logic ( ^ v) i = (0 : uint32) } + ensures { [#"../01.rs" 5 0 5 73] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel2.shallow_model ( ^ v))) -> IndexLogic0.index_logic ( ^ v) i = (0 : uint32) } ensures { [#"../01.rs" 6 10 6 33] Seq.length (ShallowModel0.shallow_model v) = Seq.length (ShallowModel2.shallow_model ( ^ v)) } = [@vc:do_not_keep_trace] [@vc:sp] @@ -1257,7 +1266,7 @@ module C01_AllZero invariant { [#"../01.rs" 9 4 9 42] Inv0.inv iter }; invariant { [#"../01.rs" 9 4 9 42] Produces0.produces (Ghost.inner iter_old) (Ghost.inner produced) iter }; invariant { [#"../01.rs" 9 16 9 40] Seq.length (ShallowModel0.shallow_model v) = Seq.length (ShallowModel1.shallow_model old_v) }; - invariant { [#"../01.rs" 9 4 9 42] forall j : int . 0 <= j /\ j < Seq.length (Ghost.inner produced) -> IndexLogic0.index_logic ( * v) j = (0 : uint32) }; + invariant { [#"../01.rs" 9 4 9 42] forall j : int . Int.le 0 j /\ Int.lt j (Seq.length (Ghost.inner produced)) -> IndexLogic0.index_logic ( * v) j = (0 : uint32) }; goto BB7 } BB7 { diff --git a/creusot/tests/should_succeed/vector/01/why3session.xml b/creusot/tests/should_succeed/vector/01/why3session.xml index df111e302a..77e9148620 100644 --- a/creusot/tests/should_succeed/vector/01/why3session.xml +++ b/creusot/tests/should_succeed/vector/01/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/vector/01/why3shapes.gz b/creusot/tests/should_succeed/vector/01/why3shapes.gz index 02d45090f0460048df86970756e82710dc477e6c..a49cbc7a21580dfde23b7df74e62076de9732911 100644 GIT binary patch literal 653 zcmV;80&@KyiwFP!00000|9w)-A;Vefnc)4n}~$0g7D)5IfaSY_&D! zSefl6+kX8h$#T**9T3>h6!}O#k@>WYhG%uqLv+;r(3tLP6i3U?i}9Cgx+9RygecGe z8L$93@Bjsf042x(V~7JxAPF#qbhA*c#$Wd|J}a!CZOy6Nn_9P!snL{8H>!R9<0f}3 zZ#}l2FhiC@Z|avy4?u~!y#!9cbb94tg%&^k``DwR}ve;EHD z2rP5Qh_U6hT3u}pnUbpq>H$x3jB2`C|1Mke)Kty}Jgu4z*EPl{6l%&@>UKCi z>t2J9@7=CY<_hV`qiSE?hxnWiuBwl{9P!dNk^4OoGWT0#*_*E1nU}5}uEtpbQ1T0T zd`_lf1OX zb22GWf9GZsfTha)e;-EyRts21kEW0C7R$f7H;aWzX;s(puI7Xbva25}meF0738gD4 n5*ATWP+m}0P+Cw@WJOveMO?^26udxdK^Ff2#@@pJtpxx8rwlv6 literal 649 zcmV;40(Si$iwFP!00000|9wiOY5l8egjopSdvv6DExu#ef9H#3hJJ}sl+S?|pd9ZWwow)+~XX!&_D{?bi%0Fs{&1sWg& z79a;6pa2n|1R0z4TcB7d2P&LL8UWgYft?IA7|8m9gN5h|TF1#=rIOn0_TwJ} zfo1L(F}A$Y*PBD8`09mz#G4GGnyxm#%ho>)WBKhMdEC( zlY+#LagR^Ev3+lkroP$ztccz=oo+#r+}#ooX}kEst3C>B|67BPXBj&IU=5ijRBX=5f@AOal)xo*-BS-w?`^d0~cX$=1E>o#&a?$ zQGe$)C4h-4^M5`r9J^e=D%#pU!Vg*gHN9Od60OxX*$TC()HW5Bk}742ZfaRGN)?Hy jC@3!|D<~}}DbgY-;zAX&5Ct#LT9Cy*wBpEdt_1)98}=|a diff --git a/creusot/tests/should_succeed/vector/02_gnome.mlcfg b/creusot/tests/should_succeed/vector/02_gnome.mlcfg index fe942ac9c7..55a2a8b37a 100644 --- a/creusot/tests/should_succeed/vector/02_gnome.mlcfg +++ b/creusot/tests/should_succeed/vector/02_gnome.mlcfg @@ -40,6 +40,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_LeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -68,10 +69,11 @@ module C02Gnome_SortedRange type t use seq.Seq use prelude.Int + use prelude.Bool clone CreusotContracts_Logic_Ord_OrdLogic_LeLog_Stub as LeLog0 with type self = t predicate sorted_range [#"../02_gnome.rs" 9 0 9 63] (s : Seq.seq t) (l : int) (u : int) = - [#"../02_gnome.rs" 10 4 12 5] forall j : int . forall i : int . l <= i /\ i < j /\ j < u -> LeLog0.le_log (Seq.get s i) (Seq.get s j) + [#"../02_gnome.rs" 10 4 12 5] forall j : int . forall i : int . Int.le l i /\ Int.lt i j /\ Int.lt j u -> LeLog0.le_log (Seq.get s i) (Seq.get s j) val sorted_range [#"../02_gnome.rs" 9 0 9 63] (s : Seq.seq t) (l : int) (u : int) : bool ensures { result = sorted_range s l u } @@ -195,11 +197,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -217,11 +219,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub type t @@ -298,6 +300,7 @@ module CreusotContracts_Std1_Vec_Impl1_DeepModel_Stub type a use seq.Seq use prelude.Int + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t use seq.Seq @@ -329,6 +332,7 @@ module CreusotContracts_Std1_Vec_Impl1_DeepModel_Interface type a use seq.Seq use prelude.Int + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t use seq.Seq @@ -357,17 +361,18 @@ module CreusotContracts_Std1_Vec_Impl1_DeepModel_Interface val deep_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq DeepModelTy0.deepModelTy requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self} ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length result } - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv result } ensures { result = deep_model self } - axiom deep_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv (deep_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) + axiom deep_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv (deep_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) end module CreusotContracts_Std1_Vec_Impl1_DeepModel type t type a use seq.Seq use prelude.Int + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t use seq.Seq @@ -396,11 +401,11 @@ module CreusotContracts_Std1_Vec_Impl1_DeepModel val deep_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq DeepModelTy0.deepModelTy requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self} ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length result } - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv result } ensures { result = deep_model self } - axiom deep_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv (deep_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) + axiom deep_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv (deep_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) end module CreusotContracts_Model_ShallowModel_ShallowModelTy_Type type self @@ -616,6 +621,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -633,8 +639,8 @@ module Alloc_Vec_Impl1_Len_Interface type a use prelude.UIntSize use seq.Seq - use prelude.Borrow use prelude.Int + use prelude.Borrow use seq.Seq use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with @@ -787,6 +793,7 @@ end module Core_Cmp_PartialOrd_Le_Interface type self type rhs + use prelude.Bool use prelude.Borrow clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = self @@ -814,6 +821,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Stub use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -828,6 +836,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -837,12 +846,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Slice_Impl0_ShallowModel type t @@ -850,6 +859,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -859,16 +869,17 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module Alloc_Vec_Impl9_DerefMut_Interface type t type a + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -937,8 +948,8 @@ module Core_Slice_Impl0_Swap_Interface type t = slice t, type ShallowModelTy0.shallowModelTy = Seq.seq t val swap (self : borrowed (slice t)) (a : usize) (b : usize) : () - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 240 19 240 35] UIntSize.to_int a < Seq.length (ShallowModel0.shallow_model self)} - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 241 19 241 35] UIntSize.to_int b < Seq.length (ShallowModel0.shallow_model self)} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 240 19 240 35] Int.lt (UIntSize.to_int a) (Seq.length (ShallowModel0.shallow_model self))} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 241 19 241 35] Int.lt (UIntSize.to_int b) (Seq.length (ShallowModel0.shallow_model self))} requires {Inv0.inv self} ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 242 8 242 52] Permut.exchange (ShallowModel1.shallow_model ( ^ self)) (ShallowModel0.shallow_model self) (UIntSize.to_int a) (UIntSize.to_int b) } @@ -966,7 +977,7 @@ module CreusotContracts_Std1_Slice_Impl5_InBounds use prelude.UIntSize use seq.Seq predicate in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) = - [#"../../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] UIntSize.to_int self < Seq.length seq + [#"../../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] Int.lt (UIntSize.to_int self) (Seq.length seq) val in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) : bool ensures { result = in_bounds self seq } @@ -993,6 +1004,7 @@ module CreusotContracts_Std1_Slice_Impl5_HasValue use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) = [#"../../../../../creusot-contracts/src/std/slice.rs" 115 20 115 37] Seq.get seq (UIntSize.to_int self) = out val has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) : bool @@ -1001,6 +1013,7 @@ module CreusotContracts_Std1_Slice_Impl5_HasValue end module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1012,6 +1025,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1030,6 +1044,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1059,6 +1074,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_LtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1070,6 +1086,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LtLog end module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1081,6 +1098,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1099,6 +1117,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1128,6 +1147,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_GeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_GeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1139,6 +1159,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_GeLog end module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1150,6 +1171,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1168,6 +1190,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1197,6 +1220,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_GtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_GtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1208,6 +1232,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_GtLog end module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1219,6 +1244,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1237,6 +1263,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1255,6 +1282,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog end module CreusotContracts_Logic_Ord_OrdLogic_Refl_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1264,6 +1292,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Refl_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Refl_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1279,6 +1308,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Refl_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Refl type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1294,6 +1324,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Refl end module CreusotContracts_Logic_Ord_OrdLogic_Trans_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self @@ -1303,6 +1334,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Trans_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Trans_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self @@ -1322,6 +1354,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Trans_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Trans type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self @@ -1341,6 +1374,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Trans end module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Stub type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1350,6 +1384,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Interface type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1367,6 +1402,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Antisym1 type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1384,6 +1420,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym1 end module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Stub type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1393,6 +1430,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Interface type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1410,6 +1448,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Antisym2 type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1427,6 +1466,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym2 end module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1436,6 +1476,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Stub end module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1452,6 +1493,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Interface end module CreusotContracts_Logic_Ord_OrdLogic_EqCmp type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1836,13 +1878,13 @@ module C02Gnome_GnomeSort goto BB4 } BB4 { - switch ([#"../02_gnome.rs" 30 10 30 21] i < _12) + switch ([#"../02_gnome.rs" 30 10 30 21] UIntSize.lt i _12) | False -> goto BB17 | True -> goto BB5 end } BB5 { - switch ([#"../02_gnome.rs" 31 11 31 17] i = ([#"../02_gnome.rs" 31 16 31 17] [#"../02_gnome.rs" 31 16 31 17] (0 : usize))) + switch ([#"../02_gnome.rs" 31 11 31 17] UIntSize.eq i ([#"../02_gnome.rs" 31 16 31 17] [#"../02_gnome.rs" 31 16 31 17] (0 : usize))) | False -> goto BB7 | True -> goto BB6 end @@ -1852,7 +1894,7 @@ module C02Gnome_GnomeSort goto BB8 } BB7 { - _19 <- ([#"../02_gnome.rs" 31 21 31 29] Index0.index ([#"../02_gnome.rs" 31 21 31 22] * v) ([#"../02_gnome.rs" 31 23 31 28] i - ([#"../02_gnome.rs" 31 27 31 28] [#"../02_gnome.rs" 31 27 31 28] (1 : usize)))); + _19 <- ([#"../02_gnome.rs" 31 21 31 29] Index0.index ([#"../02_gnome.rs" 31 21 31 22] * v) ([#"../02_gnome.rs" 31 23 31 28] UIntSize.sub i ([#"../02_gnome.rs" 31 27 31 28] [#"../02_gnome.rs" 31 27 31 28] (1 : usize)))); goto BB9 } BB8 { @@ -1882,7 +1924,7 @@ module C02Gnome_GnomeSort goto BB8 } BB12 { - i <- ([#"../02_gnome.rs" 32 12 32 18] i + ([#"../02_gnome.rs" 32 17 32 18] [#"../02_gnome.rs" 32 17 32 18] (1 : usize))); + i <- ([#"../02_gnome.rs" 32 12 32 18] UIntSize.add i ([#"../02_gnome.rs" 32 17 32 18] [#"../02_gnome.rs" 32 17 32 18] (1 : usize))); _9 <- ([#"../02_gnome.rs" 31 40 33 9] ()); goto BB16 } @@ -1898,14 +1940,14 @@ module C02Gnome_GnomeSort _29 <- Borrow.borrow_mut ( * _30); _30 <- { _30 with current = ( ^ _29) }; assume { Inv4.inv ( ^ _29) }; - _28 <- ([#"../02_gnome.rs" 34 12 34 28] Swap0.swap _29 ([#"../02_gnome.rs" 34 19 34 24] i - ([#"../02_gnome.rs" 34 23 34 24] [#"../02_gnome.rs" 34 23 34 24] (1 : usize))) i); + _28 <- ([#"../02_gnome.rs" 34 12 34 28] Swap0.swap _29 ([#"../02_gnome.rs" 34 19 34 24] UIntSize.sub i ([#"../02_gnome.rs" 34 23 34 24] [#"../02_gnome.rs" 34 23 34 24] (1 : usize))) i); _29 <- any borrowed (slice t); goto BB15 } BB15 { assert { [@expl:type invariant] Inv5.inv _30 }; assume { Resolve3.resolve _30 }; - i <- ([#"../02_gnome.rs" 35 12 35 18] i - ([#"../02_gnome.rs" 35 17 35 18] [#"../02_gnome.rs" 35 17 35 18] (1 : usize))); + i <- ([#"../02_gnome.rs" 35 12 35 18] UIntSize.sub i ([#"../02_gnome.rs" 35 17 35 18] [#"../02_gnome.rs" 35 17 35 18] (1 : usize))); _9 <- ([#"../02_gnome.rs" 33 15 36 9] ()); goto BB16 } diff --git a/creusot/tests/should_succeed/vector/02_gnome/why3session.xml b/creusot/tests/should_succeed/vector/02_gnome/why3session.xml index 143d23a056..2162b31002 100644 --- a/creusot/tests/should_succeed/vector/02_gnome/why3session.xml +++ b/creusot/tests/should_succeed/vector/02_gnome/why3session.xml @@ -10,98 +10,98 @@ - + - + - + - + - - + + - - + + - - + + - - + + - - + + - + - + - - + + - - + + - - + + - + - - + + - + - - + + - - + + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/vector/02_gnome/why3shapes.gz b/creusot/tests/should_succeed/vector/02_gnome/why3shapes.gz index da3a38e9d701bd1a90908d6a5da7e9141522b227..de1796d7467637fc6d04d2a6f8de89beaad60c2a 100644 GIT binary patch delta 2377 zcmV-P3AXlt63P;g8h^ukar__zP8lHRQ?ck%1zr=Ove%Ji=k(uqxEEJ?93I=?sx-Y5aq*&!w6FyfFti*p2%|tfTZ8(fnPw%^w`ZOYpQh2OX9&F$Xbtp4$C z)n(clOQ%QDWK28Npd9DALG`o&Xi(2BTwP$;B>KN(ysmy4tmx4qAu;3JG-$`UZTPWr zSi_<7`^9Z@9O)_Ny9066MRPwVHk?lgK-yFOy?T5T`+wC>6vN8&gryZNM1sRVb~}W* z_QAKj2C44BKUUD~Hmx81ZT?+f)i@RNp?QPmrt(AAMw+6fzlR?V=<{yYniFZA?=@*Ii zwFz~hDynt0n3F#G?R_4j28UQc_tAS~;tT&z0)5xs? z>484|uB~&n-kt=K`YWmqB4g-BOy?M^)W@hd(t6!rW4b|Bd4WgeOZBAIk zj4l=*O7G?mRT4-N^s1Zcp@&b>g;(_RZxpMUzSY6bj4ls!xjI7Zr_#5>DvdwfZo8WK za({L3agW;i7DjC_RoCKWb+DRe4Dp@iN@c0?W4t?u4gRWW-2b(_W7@`4^RDT^w6d7jM}Uhj!4-PEI;WRCZd? zml&Z_#m?Hns9x380VCQDY4=G3oWi8_9)D)XQxDRfN(c6S?2`vyUuu@}lza0mUk|U& z^6&9$cO0DWjX<5to}rnX8snyqO%{jGV`5Az{ZHo|i1Gm^o#p8R3nvE_o}Q6((%k3W zqaRP2i5Z_#kNYX(Bg21tTH@kEFW8FHx)D#*jX3OZHFMPJ;K9}Z9G6xeBXWvIK7WBn zPVgLaZ`J4ObEyh_yP^)GR$ZdEs?T#+jfvjsVOOm_zf_XGR$nThGgf)Vh&|u2rdK~| z06ivxWCpONZ+K(xdc=XL2GgE8&z@&Y=RA8%sjgX3qW|#zgiqX`o)v5ON!;myN$15= zSxW4OENuk)L|IBhBiVdoM3`ko!+%YL&ov>s*&#t2VfsLJlP9yY5hr01l`^6jvy@by zprEB^QS@m^x>j`?W*+5gq6=~(y_*TPdBN6(P3Q!=kj4O9#O_E$q7M zp8cR$no+jq3H>)xAJploI;k$J)7PgCQ_m&X!RZ2y*Ox}h&bqvCeW_C2rtA3a$n}|S zE*)*qKsol?Tx%chB4wM7wKsewI&;dAL&N}0?Q%*YJNXUU>i&(skT64jSF&P!6 zEK8DJ`;5lwuteohIus87FFQdp>mf*Kp|G5S)t(tBB{SL+2Uv3E(0@8K4)sql$RlP} zgavJF2`Of)tQ7@0LJ2;~YLLUvwP~d_QECyA7TJ29QeoWE9)mHFrc16ImyVMJcN~AB zW$#TXOhZm+Em!1RiP{GikR@O!YZwJ>*g9?;*DnD)FFB$aiscm%nHZxn46~%7NhS&=Br-|wQ7(Pt&^d^|GJhy9BnwJmp#EV(LB@=Y zmTFo7Ve-0Gwv^pZyq>2L^>0fx?s-uOBw#kmYa_5^r4;KtrJZ~OXvLSnib>j1wG|N+ z>YS3!Hirzs+A*!(23^HM*;N=hspRCPE<9@LoW>GD^qu3(8v@L9M0=x>=8|sZHgJOh zqg2#0G`AtubbnLKDX9O_z6nNeMDUyi?!C%N7tqw^lL{!45sW%V#mJq)H%Dr?vVp2p zX}ZGM=!Kwqp(k__$V|w6xTRC#7r|>q)Qs+f#tM@_>!2c{^2#VGDq*nVC8WO+WT8v} z8%?o6c&jbXfhU7pCe#tNu8=ihv`!hPNSb!=f^Y)GH-A7VHgU!h9kdiH vLben^k~J?KM3Vyouf+)_#e_yiRSYJ2%7dpTV}}J_A&&n6Jc0I0^dtZPe@>g& delta 2302 zcmVNj^!4Z9vFXka9H!$(pyVkEJ_ z>xIAc@%DbbZEqUcDF11F_4UzjzxvDi`MJ|L400xH8co7~%YP3K{jBK+{dppz8$&XG z-DSVeyV+`BjXg~DOM&&HovN_J9_-8&(C$P7I4l*z$cGW8I)IO|^Yz4@I{+m8k1iNA z&36r|0et{YZt^$#$;{t(k9kXc;95~*RJY)tD&}^Z)=&N}f2*I}ZhF>Y|L^;}B!=H@{M~-xcln{+KILJSR&F9& z_=k44&uP8$cQ<)rj{B#`#$ap~+qS(w=pt%E3h(po_Hpm`)RWe2nQw;H&lzI0`?5ip zScLDYhkqCJU;47S^V=#g5S?4le{^P3@T_6MgM@(6#;h zcHwDHlp)*4d|r@tU^`*cQ$wCS^G7Qic*RT&*nh#!c~QUSax_$_OB%2z4>l(vIO8L^ z@_S+Es{$tL>PMe(lU(!vq@=iSANG?}crDwi{7L>THgy9)8vwoPNIi7di6v2;IRECj znr&q?ho|<`Rcf0mmP9JXnMGmi%V6ZCsR+Ko_k!u;#>(|jQyuQe9z^)>Dmd5Ndq1|aet^MK71acJ8ckuI^E#BAD&5+*UkezIS=^p z5k!srA@832*vRL0&OrI^&KAfQJYi1Hf|t4jH%V zGxW6tg}#4K$#SE5CY44&d$!&e~hGdrK@AN&$tE=nPrx)(z9lX!a6{h;f zxguiGd|H-vx4gM)Z}YlV_F@6iWTmVWpe>42eBhdXFnev8jbUlIv*0*)oPL=D>%chB z4wM7w038Si+yOXX&N}0?Q-4l6bixtWu|>~uL8nOR;(ZFt3s`dHxO5yH z7ypl)q*b620kG&x33O#eaV{X+~wPT5)^F^X7BK`lf9E|sz5 zw=8uvDB#E1j6n-c+hiP2<`jcUpkwC2OTj6YOQD>QPS6VB1pk4SO@BgLc(8&?3MOEX z)-a5L#h6)$X^Gq+IHWyWCyW#NEl@Bzgy`fE3BB+DMo^-PB!WPRQX$m+BRUjs4J2}} zl2DeaMpMi|n_#t}e73>pr1KDncfpb@SMLBv8PM8t4Yni;)CjarSh!BMsFDSC-mwnNdxFYb z>{1T3bemE=x}?ibz}9rebtS}N#gGIz_OV&^XFpiLUBpmUVj9YmEqp990UDHWiwNnO1DG7-vNk@1)0R64c&(@2}qc7Vn)l1#fI)= zR>mn>M}%|=of2=`>{($p)h9e%(PES$2G5ygLd!_kM=@NTG&(Ju=1vpMoU-qV(eQeC z^)_-VJuqgn!OW;xP3)}5y1kn~SF*@Eq~;d^o4BOcOGHILMJb3O3+ZJs9Dt?JUD*tC+WvH; zC8H2@xdiGoBJv!lya71N!Fxlzp_UB%B6tXjwSK$j}+1HGDJ#cPB! z{H=j_X?K+*(>e;}4b^l`7 ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -124,11 +125,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Model_ShallowModel_ShallowModelTy_Type type self @@ -296,6 +297,7 @@ end module CreusotContracts_Std1_Iter_Range_Impl0_Produces type idx use seq.Seq + use prelude.Bool use prelude.Int use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with @@ -305,7 +307,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Produces predicate produces (self : Core_Ops_Range_Range_Type.t_range idx) (visited : Seq.seq idx) (o : Core_Ops_Range_Range_Type.t_range idx) = - [#"../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) <= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) /\ (Seq.length visited > 0 -> DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) <= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end o)) /\ Seq.length visited = DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) - DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> DeepModel0.deep_model (Seq.get visited i) = DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) + i) + [#"../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ Int.le (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) /\ (Int.gt (Seq.length visited) 0 -> Int.le (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end o))) /\ Seq.length visited = Int.sub (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length visited) -> DeepModel0.deep_model (Seq.get visited i) = Int.add (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) i) val produces (self : Core_Ops_Range_Range_Type.t_range idx) (visited : Seq.seq idx) (o : Core_Ops_Range_Range_Type.t_range idx) : bool ensures { result = produces self visited o } @@ -388,6 +390,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -416,8 +419,8 @@ module Alloc_Vec_Impl1_Len_Interface type a use prelude.UIntSize use seq.Seq - use prelude.Borrow use prelude.Int + use prelude.Borrow use seq.Seq use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with @@ -575,6 +578,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Stub use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -589,6 +593,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -598,12 +603,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Slice_Impl0_ShallowModel type t @@ -611,6 +616,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -620,16 +626,17 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module Alloc_Vec_Impl9_DerefMut_Interface type t type a + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -698,8 +705,8 @@ module Core_Slice_Impl0_Swap_Interface type t = slice t, type ShallowModelTy0.shallowModelTy = Seq.seq t val swap (self : borrowed (slice t)) (a : usize) (b : usize) : () - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 240 19 240 35] UIntSize.to_int a < Seq.length (ShallowModel0.shallow_model self)} - requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 241 19 241 35] UIntSize.to_int b < Seq.length (ShallowModel0.shallow_model self)} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 240 19 240 35] Int.lt (UIntSize.to_int a) (Seq.length (ShallowModel0.shallow_model self))} + requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 241 19 241 35] Int.lt (UIntSize.to_int b) (Seq.length (ShallowModel0.shallow_model self))} requires {Inv0.inv self} ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 242 8 242 52] Permut.exchange (ShallowModel1.shallow_model ( ^ self)) (ShallowModel0.shallow_model self) (UIntSize.to_int a) (UIntSize.to_int b) } @@ -736,6 +743,7 @@ module CreusotContracts_Std1_Iter_Impl0_IntoIterPost_Interface end module CreusotContracts_Std1_Iter_Impl0_IntoIterPost type i + use prelude.Bool predicate into_iter_post (self : i) (res : i) = [#"../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19] self = res val into_iter_post (self : i) (res : i) : bool @@ -894,6 +902,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Completed type idx use prelude.Borrow use prelude.Int + use prelude.Bool use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with type self = idx, @@ -902,7 +911,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Completed clone CreusotContracts_Resolve_Impl1_Resolve_Stub as Resolve0 with type t = Core_Ops_Range_Range_Type.t_range idx predicate completed (self : borrowed (Core_Ops_Range_Range_Type.t_range idx)) = - [#"../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78] Resolve0.resolve self /\ DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start ( * self)) >= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end ( * self)) + [#"../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78] Resolve0.resolve self /\ Int.ge (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start ( * self))) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end ( * self))) val completed (self : borrowed (Core_Ops_Range_Range_Type.t_range idx)) : bool ensures { result = completed self } @@ -1227,7 +1236,7 @@ module C03KnuthShuffle_KnuthShuffle goto BB14 } BB14 { - upper <- ([#"../03_knuth_shuffle.rs" 20 20 20 31] _26 - n); + upper <- ([#"../03_knuth_shuffle.rs" 20 20 20 31] UIntSize.sub _26 n); _26 <- any usize; i <- ([#"../03_knuth_shuffle.rs" 21 16 21 39] RandInRange0.rand_in_range ([#"../03_knuth_shuffle.rs" 21 30 21 31] [#"../03_knuth_shuffle.rs" 21 30 21 31] (0 : usize)) upper); goto BB15 @@ -1244,7 +1253,7 @@ module C03KnuthShuffle_KnuthShuffle _32 <- Borrow.borrow_mut ( * _33); _33 <- { _33 with current = ( ^ _32) }; assume { Inv3.inv ( ^ _32) }; - _31 <- ([#"../03_knuth_shuffle.rs" 22 8 22 28] Swap0.swap _32 i ([#"../03_knuth_shuffle.rs" 22 18 22 27] upper - ([#"../03_knuth_shuffle.rs" 22 26 22 27] [#"../03_knuth_shuffle.rs" 22 26 22 27] (1 : usize)))); + _31 <- ([#"../03_knuth_shuffle.rs" 22 8 22 28] Swap0.swap _32 i ([#"../03_knuth_shuffle.rs" 22 18 22 27] UIntSize.sub upper ([#"../03_knuth_shuffle.rs" 22 26 22 27] [#"../03_knuth_shuffle.rs" 22 26 22 27] (1 : usize)))); _32 <- any borrowed (slice t); goto BB17 } diff --git a/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3session.xml b/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3session.xml index 8f5d12290e..f399e72943 100644 --- a/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3session.xml +++ b/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3shapes.gz b/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3shapes.gz index 8dfecbee3c1b1b838828bdade59d76629df80fe6..34a83d47c21cd4e82b6b1848093ef56062d1cac0 100644 GIT binary patch literal 644 zcmV-~0(<=*iwFP!00000|9wiOPeYZvpc&$)gDkJYmuTJM?KYA+e>T( zLkc))|9uCRb&Q=aUTGZa**j-*#WWP`sQF5CkYl z1Sm-ch=c(uQUPkx0Vb3z7q)VI)sOwoa@eYBURQ@^>nciZ->mj^Zx8v;o7{fCdcEIL znva=WzAC(W8Um%1eH@7Ei07fMB?p_rD*-paKDW*GxN#i;*e_oQ1OXDL(Ig9ixj@K? z5P^W=OhX3mGucs7&O&MH4$u8x20`W2Nyf=(E-?XDe$OLp569m2Ji=8|UKC`15oB|Y z17<~E*w%GT_2Nimg`b_s@&N4p>PJ(%|7r_Tdd^4^aek_VwQARrNG5=aB<8*hiKqBL z8j5LSAP=Ch?$2gt>qj>a!S(2PPT|1#!IF{zX%VzIrK*3U-(3#8Fk_vM%nDx7Bim@a znFR07&k8p1V7udbL_-d%b#tt@-L;ut-?1VV<)ZDnY1`)2ZEp@wzR+@C+lo}W91UVp z*?{aVgW=|Rm6A%9Qx8>g^$oFj)C<>#!5{Yi_B-n zP8c#qz6D;A5{%9oE>4J>#-Ff1ZQdp;mhba03IeHkc`+Il&wGy9?4Ko?kNs}d?T%$xxy2&gx-``q0c}!Zvc_z!u~gb+>kSAH5oiO-02+`6 egaI%Ro6MvpG1@4DMjB>Ky!Z$AWXL%v1^@tuT{Qjx literal 644 zcmV-~0(<=*iwFP!00000|9w7~5lD)gDkKWTe#|M|;}H2~HE0 zK$nnq_uub;aT1btFYx?4e)DO6xt;Gf_SNm@Z?4^MoBG>a&u_oZy5DwNzfqKr2nYfc zBm$Hq15~5}M8W_y=>TJj^O=2kw3Vx$yNzYHRn@#Nc1`IjN^I9GwsmKB+0UEIK3;8a zOG>gKlFO~at0%!xLh0v@IFD%R>RPh5DZCPJ0qkqrl!uku6M((DBM=0N00)ya0OkTA zM?wSwiZcxvPM^sRnsVYwTeo}d{xS$E$4WAek9~;SoltKVKuPAnzS7md&9q_t(3AW`{Ibi!-&$rfr*dSKjPie0J+?Z7aeg9}FVGv`6-q zLI3eQCWLW577pX9i^EbFUk?M~m8H5e6p%)_7ugi(Ic5R9fJSLtM>KX1;ZW$!|zq=s?_&no$F zGLTg43&xLO{C&uIIIl?!A@;+slt;?e?wynzboozO@(=8N54<`lenB42*D^c3YrM-_ zdFGGL=xM%g+WAX;=r)V}=CEE@ZZ<2eTxl%r(mBwHE0d*4v;<5=iGbyL4%z@3PzIy{ eVE_z7CN+tPjW%eMk%n0l&He#*+?jMK1^@tjk~8%H diff --git a/creusot/tests/should_succeed/vector/04_binary_search.mlcfg b/creusot/tests/should_succeed/vector/04_binary_search.mlcfg index baf053c091..514adc64e9 100644 --- a/creusot/tests/should_succeed/vector/04_binary_search.mlcfg +++ b/creusot/tests/should_succeed/vector/04_binary_search.mlcfg @@ -18,8 +18,9 @@ module C04BinarySearch_SortedRange use seq.Seq use prelude.Int use prelude.UInt32 + use prelude.Bool predicate sorted_range [#"../04_binary_search.rs" 8 0 8 52] (s : Seq.seq uint32) (l : int) (u : int) = - [#"../04_binary_search.rs" 9 4 11 5] forall j : int . forall i : int . l <= i /\ i < j /\ j < u -> Seq.get s i <= Seq.get s j + [#"../04_binary_search.rs" 9 4 11 5] forall j : int . forall i : int . Int.le l i /\ Int.lt i j /\ Int.lt j u -> Int.le (Seq.get s i) (Seq.get s j) val sorted_range [#"../04_binary_search.rs" 8 0 8 52] (s : Seq.seq uint32) (l : int) (u : int) : bool ensures { result = sorted_range s l u } @@ -210,11 +211,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -232,11 +233,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub type t @@ -290,8 +291,8 @@ module Alloc_Vec_Impl1_Len_Interface type a use prelude.UIntSize use seq.Seq - use prelude.Borrow use prelude.Int + use prelude.Borrow use seq.Seq use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with @@ -439,7 +440,7 @@ module CreusotContracts_Std1_Slice_Impl5_InBounds use prelude.UIntSize use seq.Seq predicate in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) = - [#"../../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] UIntSize.to_int self < Seq.length seq + [#"../../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] Int.lt (UIntSize.to_int self) (Seq.length seq) val in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) : bool ensures { result = in_bounds self seq } @@ -466,6 +467,7 @@ module CreusotContracts_Std1_Slice_Impl5_HasValue use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) = [#"../../../../../creusot-contracts/src/std/slice.rs" 115 20 115 37] Seq.get seq (UIntSize.to_int self) = out val has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) : bool @@ -476,8 +478,9 @@ module C04BinarySearch_BinarySearch_Interface use seq.Seq use prelude.UIntSize use prelude.Int - use prelude.Borrow + use prelude.Bool use prelude.UInt32 + use prelude.Borrow use seq.Seq use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -491,17 +494,18 @@ module C04BinarySearch_BinarySearch_Interface type t = Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global), type ShallowModelTy0.shallowModelTy = Seq.seq uint32 val binary_search [#"../04_binary_search.rs" 26 0 26 71] (arr : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) (elem : uint32) : Core_Result_Result_Type.t_result usize usize - requires {[#"../04_binary_search.rs" 19 11 19 36] Seq.length (ShallowModel0.shallow_model arr) <= UIntSize.to_int Max0.mAX'} + requires {[#"../04_binary_search.rs" 19 11 19 36] Int.le (Seq.length (ShallowModel0.shallow_model arr)) (UIntSize.to_int Max0.mAX')} requires {[#"../04_binary_search.rs" 20 11 20 23] Sorted0.sorted (ShallowModel0.shallow_model arr)} ensures { [#"../04_binary_search.rs" 21 0 21 63] forall x : usize . result = Core_Result_Result_Type.C_Ok x -> IndexLogic0.index_logic arr (UIntSize.to_int x) = elem } - ensures { [#"../04_binary_search.rs" 22 0 23 48] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . i < x -> IndexLogic0.index_logic arr (UIntSize.to_int i) <= elem) } - ensures { [#"../04_binary_search.rs" 24 0 25 65] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . x < i /\ UIntSize.to_int i < Seq.length (ShallowModel0.shallow_model arr) -> elem < IndexLogic0.index_logic arr (UIntSize.to_int i)) } + ensures { [#"../04_binary_search.rs" 22 0 23 48] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . Int.lt i x -> Int.le (IndexLogic0.index_logic arr (UIntSize.to_int i)) elem) } + ensures { [#"../04_binary_search.rs" 24 0 25 65] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . Int.lt x i /\ Int.lt (UIntSize.to_int i) (Seq.length (ShallowModel0.shallow_model arr)) -> Int.lt elem (IndexLogic0.index_logic arr (UIntSize.to_int i))) } end module C04BinarySearch_BinarySearch use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool use prelude.UInt32 use prelude.Borrow clone CreusotContracts_Invariant_Inv_Interface as Inv4 with @@ -581,11 +585,11 @@ module C04BinarySearch_BinarySearch predicate Inv0.inv = Inv0.inv, function ShallowModel0.shallow_model = ShallowModel0.shallow_model let rec cfg binary_search [#"../04_binary_search.rs" 26 0 26 71] [@cfg:stackify] [@cfg:subregion_analysis] (arr : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) (elem : uint32) : Core_Result_Result_Type.t_result usize usize - requires {[#"../04_binary_search.rs" 19 11 19 36] Seq.length (ShallowModel0.shallow_model arr) <= UIntSize.to_int Max0.mAX'} + requires {[#"../04_binary_search.rs" 19 11 19 36] Int.le (Seq.length (ShallowModel0.shallow_model arr)) (UIntSize.to_int Max0.mAX')} requires {[#"../04_binary_search.rs" 20 11 20 23] Sorted0.sorted (ShallowModel0.shallow_model arr)} ensures { [#"../04_binary_search.rs" 21 0 21 63] forall x : usize . result = Core_Result_Result_Type.C_Ok x -> IndexLogic0.index_logic arr (UIntSize.to_int x) = elem } - ensures { [#"../04_binary_search.rs" 22 0 23 48] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . i < x -> IndexLogic0.index_logic arr (UIntSize.to_int i) <= elem) } - ensures { [#"../04_binary_search.rs" 24 0 25 65] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . x < i /\ UIntSize.to_int i < Seq.length (ShallowModel0.shallow_model arr) -> elem < IndexLogic0.index_logic arr (UIntSize.to_int i)) } + ensures { [#"../04_binary_search.rs" 22 0 23 48] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . Int.lt i x -> Int.le (IndexLogic0.index_logic arr (UIntSize.to_int i)) elem) } + ensures { [#"../04_binary_search.rs" 24 0 25 65] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . Int.lt x i /\ Int.lt (UIntSize.to_int i) (Seq.length (ShallowModel0.shallow_model arr)) -> Int.lt elem (IndexLogic0.index_logic arr (UIntSize.to_int i))) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : Core_Result_Result_Type.t_result usize usize; @@ -609,7 +613,7 @@ module C04BinarySearch_BinarySearch goto BB1 } BB1 { - switch ([#"../04_binary_search.rs" 27 7 27 21] _10 = ([#"../04_binary_search.rs" 27 20 27 21] [#"../04_binary_search.rs" 27 20 27 21] (0 : usize))) + switch ([#"../04_binary_search.rs" 27 7 27 21] UIntSize.eq _10 ([#"../04_binary_search.rs" 27 20 27 21] [#"../04_binary_search.rs" 27 20 27 21] (0 : usize))) | False -> goto BB3 | True -> goto BB2 end @@ -627,30 +631,30 @@ module C04BinarySearch_BinarySearch goto BB5 } BB5 { - invariant { [#"../04_binary_search.rs" 33 16 33 56] 0 < UIntSize.to_int size /\ UIntSize.to_int size + UIntSize.to_int base <= Seq.length (ShallowModel0.shallow_model arr) }; - invariant { [#"../04_binary_search.rs" 33 4 33 58] forall i : usize . i < base -> IndexLogic0.index_logic arr (UIntSize.to_int i) <= elem }; - invariant { [#"../04_binary_search.rs" 33 4 33 58] forall i : usize . UIntSize.to_int base + UIntSize.to_int size < UIntSize.to_int i /\ UIntSize.to_int i < Seq.length (ShallowModel0.shallow_model arr) -> elem < IndexLogic0.index_logic arr (UIntSize.to_int i) }; + invariant { [#"../04_binary_search.rs" 33 16 33 56] Int.lt 0 (UIntSize.to_int size) /\ Int.le (Int.add (UIntSize.to_int size) (UIntSize.to_int base)) (Seq.length (ShallowModel0.shallow_model arr)) }; + invariant { [#"../04_binary_search.rs" 33 4 33 58] forall i : usize . Int.lt i base -> Int.le (IndexLogic0.index_logic arr (UIntSize.to_int i)) elem }; + invariant { [#"../04_binary_search.rs" 33 4 33 58] forall i : usize . Int.lt (Int.add (UIntSize.to_int base) (UIntSize.to_int size)) (UIntSize.to_int i) /\ Int.lt (UIntSize.to_int i) (Seq.length (ShallowModel0.shallow_model arr)) -> Int.lt elem (IndexLogic0.index_logic arr (UIntSize.to_int i)) }; goto BB6 } BB6 { - switch ([#"../04_binary_search.rs" 36 10 36 18] size > ([#"../04_binary_search.rs" 36 17 36 18] [#"../04_binary_search.rs" 36 17 36 18] (1 : usize))) + switch ([#"../04_binary_search.rs" 36 10 36 18] UIntSize.gt size ([#"../04_binary_search.rs" 36 17 36 18] [#"../04_binary_search.rs" 36 17 36 18] (1 : usize))) | False -> goto BB13 | True -> goto BB7 end } BB7 { - _25 <- ([#"../04_binary_search.rs" 37 19 37 27] ([#"../04_binary_search.rs" 37 26 37 27] [#"../04_binary_search.rs" 37 26 37 27] (2 : usize)) = ([#"../04_binary_search.rs" 37 19 37 27] [#"../04_binary_search.rs" 37 19 37 27] (0 : usize))); + _25 <- ([#"../04_binary_search.rs" 37 19 37 27] UIntSize.eq ([#"../04_binary_search.rs" 37 26 37 27] [#"../04_binary_search.rs" 37 26 37 27] (2 : usize)) ([#"../04_binary_search.rs" 37 19 37 27] [#"../04_binary_search.rs" 37 19 37 27] (0 : usize))); assert { [@expl:division by zero] [#"../04_binary_search.rs" 37 19 37 27] not _25 }; goto BB8 } BB8 { - half <- ([#"../04_binary_search.rs" 37 19 37 27] size / ([#"../04_binary_search.rs" 37 26 37 27] [#"../04_binary_search.rs" 37 26 37 27] (2 : usize))); - mid <- ([#"../04_binary_search.rs" 38 18 38 29] base + half); + half <- ([#"../04_binary_search.rs" 37 19 37 27] UIntSize.div size ([#"../04_binary_search.rs" 37 26 37 27] [#"../04_binary_search.rs" 37 26 37 27] (2 : usize))); + mid <- ([#"../04_binary_search.rs" 38 18 38 29] UIntSize.add base half); _32 <- ([#"../04_binary_search.rs" 40 18 40 26] Index0.index ([#"../04_binary_search.rs" 40 18 40 21] arr) mid); goto BB9 } BB9 { - switch ([#"../04_binary_search.rs" 40 18 40 33] _32 > elem) + switch ([#"../04_binary_search.rs" 40 18 40 33] UInt32.gt _32 elem) | False -> goto BB11 | True -> goto BB10 end @@ -666,7 +670,7 @@ module C04BinarySearch_BinarySearch BB12 { base <- _29; _29 <- any usize; - size <- ([#"../04_binary_search.rs" 41 8 41 20] size - half); + size <- ([#"../04_binary_search.rs" 41 8 41 20] UIntSize.sub size half); goto BB5 } BB13 { @@ -675,7 +679,7 @@ module C04BinarySearch_BinarySearch } BB14 { cmp <- _41; - switch ([#"../04_binary_search.rs" 45 7 45 18] cmp = elem) + switch ([#"../04_binary_search.rs" 45 7 45 18] UInt32.eq cmp elem) | False -> goto BB16 | True -> goto BB15 end @@ -685,13 +689,13 @@ module C04BinarySearch_BinarySearch goto BB20 } BB16 { - switch ([#"../04_binary_search.rs" 47 14 47 24] cmp < elem) + switch ([#"../04_binary_search.rs" 47 14 47 24] UInt32.lt cmp elem) | False -> goto BB18 | True -> goto BB17 end } BB17 { - _0 <- ([#"../04_binary_search.rs" 48 8 48 21] Core_Result_Result_Type.C_Err ([#"../04_binary_search.rs" 48 12 48 20] base + ([#"../04_binary_search.rs" 48 19 48 20] [#"../04_binary_search.rs" 48 19 48 20] (1 : usize)))); + _0 <- ([#"../04_binary_search.rs" 48 8 48 21] Core_Result_Result_Type.C_Err ([#"../04_binary_search.rs" 48 12 48 20] UIntSize.add base ([#"../04_binary_search.rs" 48 19 48 20] [#"../04_binary_search.rs" 48 19 48 20] (1 : usize)))); goto BB19 } BB18 { diff --git a/creusot/tests/should_succeed/vector/04_binary_search/why3session.xml b/creusot/tests/should_succeed/vector/04_binary_search/why3session.xml index 5510b4682e..0db0a8f56a 100644 --- a/creusot/tests/should_succeed/vector/04_binary_search/why3session.xml +++ b/creusot/tests/should_succeed/vector/04_binary_search/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/vector/04_binary_search/why3shapes.gz b/creusot/tests/should_succeed/vector/04_binary_search/why3shapes.gz index e507c0c12ec8c89a6fb72cab8cd1eafcd9471f36..8bb935417b64b702d9f10b7bd28835748e17666b 100644 GIT binary patch literal 478 zcmV<40U`b$iwFP!00000|CLisZ<|06z4I%$rAaS43oIsTDj~}Vq)5F~tK854Ya5k7 zjEUR+`wr{HX7k}DmSxZEynSzmd3?EX_gj2Yd-tIFeciRUu5fRzoneP{dyp(K5lEOq zF8LIC(wjnG`iX;$qHntywn(f^)BVmLyGk`Oz@f|QcEHE@;VRZFFA>?1Fc?_|d?v8R zujp5XvxG2}`ja=^rY@y0q!L&*-Z^D&_5f1E6SMF&b2LwYB^lny1upYd-^(b8$7%j6 z&8=3m7Ye34Wnf8A8sptNyxvH5#Qyk2X_77JGrP?J6KwWsezX|*W`cZyU#%QUxJRri z9pTUZSxFwo_-#G}53G@PB)~(By{GAb>a-Fqy*3Q=Uo`IwMaIPtSrL>79&+^8g(#}9h(r~-VJgxf U^;0k9DWuH#2Z>r_0p0`v0N^6)wg3PC literal 458 zcmV;*0X6;~iwFP!00000|CLh9Zrd;ryz47;%flCP`LI;f1&Ba`bV+VRZ^DLVVj+su z$d23oeW{0K(TUymLhgXGv&-GNz74k<{9(7@-nQGaslS9WyuAr_Z&=oQP0}%9SsmcG@Gvnn@h1w*Yg^qrJ#aPE zc;~pfL?2iHNgp{k(4^m}3lzGs7kjMUZP(`M272l}e)HxM8>;?y;~-`m2XSfRi-|_2 z`Nqf8e_J%jON$;~r-2Wei%-g3@}`;f*N>J)h77?{Q`tomL7vk|`ejmKh#K$Qx5x2G zQ|@W2Kp|1YTEFztg-!F zY%R8C69i8LE%2B}WF1HDj1VANKMHCi&dkz;%S>h>;~C2!qZtYQ08N+{s^A0w0BGmp AY5)KL diff --git a/creusot/tests/should_succeed/vector/05_binary_search_generic.mlcfg b/creusot/tests/should_succeed/vector/05_binary_search_generic.mlcfg index 275c7a3c27..c9a63d3a3b 100644 --- a/creusot/tests/should_succeed/vector/05_binary_search_generic.mlcfg +++ b/creusot/tests/should_succeed/vector/05_binary_search_generic.mlcfg @@ -40,6 +40,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_LeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -68,10 +69,11 @@ module C05BinarySearchGeneric_SortedRange type t use seq.Seq use prelude.Int + use prelude.Bool clone CreusotContracts_Logic_Ord_OrdLogic_LeLog_Stub as LeLog0 with type self = t predicate sorted_range [#"../05_binary_search_generic.rs" 9 0 9 63] (s : Seq.seq t) (l : int) (u : int) = - [#"../05_binary_search_generic.rs" 10 4 12 5] forall j : int . forall i : int . l <= i /\ i <= j /\ j < u -> LeLog0.le_log (Seq.get s i) (Seq.get s j) + [#"../05_binary_search_generic.rs" 10 4 12 5] forall j : int . forall i : int . Int.le l i /\ Int.le i j /\ Int.lt j u -> LeLog0.le_log (Seq.get s i) (Seq.get s j) val sorted_range [#"../05_binary_search_generic.rs" 9 0 9 63] (s : Seq.seq t) (l : int) (u : int) : bool ensures { result = sorted_range s l u } @@ -256,6 +258,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_LtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -338,8 +341,8 @@ module Alloc_Vec_Impl1_Len_Interface type a use prelude.UIntSize use seq.Seq - use prelude.Borrow use prelude.Int + use prelude.Borrow use seq.Seq use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with @@ -466,6 +469,7 @@ module Alloc_Vec_Impl12_Index_Interface end module Core_Cmp_Ord_Cmp_Interface type self + use prelude.Bool use prelude.Borrow clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = self @@ -496,6 +500,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_GtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_GtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -508,6 +513,7 @@ end module Core_Cmp_PartialOrd_Gt_Interface type self type rhs + use prelude.Bool use prelude.Borrow clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = self @@ -560,11 +566,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -582,11 +588,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub type t @@ -635,6 +641,7 @@ module CreusotContracts_Std1_Vec_Impl1_DeepModel_Stub type a use seq.Seq use prelude.Int + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t use seq.Seq @@ -666,6 +673,7 @@ module CreusotContracts_Std1_Vec_Impl1_DeepModel_Interface type a use seq.Seq use prelude.Int + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t use seq.Seq @@ -694,17 +702,18 @@ module CreusotContracts_Std1_Vec_Impl1_DeepModel_Interface val deep_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq DeepModelTy0.deepModelTy requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self} ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length result } - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv result } ensures { result = deep_model self } - axiom deep_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv (deep_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) + axiom deep_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv (deep_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) end module CreusotContracts_Std1_Vec_Impl1_DeepModel type t type a use seq.Seq use prelude.Int + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t use seq.Seq @@ -733,14 +742,15 @@ module CreusotContracts_Std1_Vec_Impl1_DeepModel val deep_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq DeepModelTy0.deepModelTy requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self} ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length result } - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Seq.get result i = DeepModel0.deep_model (IndexLogic0.index_logic self i) } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv result } ensures { result = deep_model self } - axiom deep_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv (deep_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) + axiom deep_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44] Inv1.inv (deep_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Seq.get (deep_model self) i = DeepModel0.deep_model (IndexLogic0.index_logic self i)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56] Seq.length (ShallowModel0.shallow_model self) = Seq.length (deep_model self)) end module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -752,6 +762,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -770,6 +781,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -788,6 +800,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLeLog end module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -799,6 +812,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -817,6 +831,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpLtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -846,6 +861,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_GeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_GeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -857,6 +873,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_GeLog end module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -868,6 +885,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -886,6 +904,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -904,6 +923,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGeLog end module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -915,6 +935,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Stub end module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -933,6 +954,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -951,6 +973,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_CmpGtLog end module CreusotContracts_Logic_Ord_OrdLogic_Refl_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -960,6 +983,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Refl_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Refl_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -975,6 +999,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Refl_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Refl type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -990,6 +1015,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Refl end module CreusotContracts_Logic_Ord_OrdLogic_Trans_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self @@ -999,6 +1025,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Trans_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Trans_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self @@ -1018,6 +1045,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Trans_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Trans type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self @@ -1037,6 +1065,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Trans end module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Stub type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1046,6 +1075,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Interface type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1063,6 +1093,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym1_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Antisym1 type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1080,6 +1111,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym1 end module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Stub type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1089,6 +1121,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Stub end module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Interface type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1106,6 +1139,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym2_Interface end module CreusotContracts_Logic_Ord_OrdLogic_Antisym2 type self + use prelude.Bool clone CreusotContracts_Invariant_Inv_Stub as Inv0 with type t = self use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type @@ -1123,6 +1157,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_Antisym2 end module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Stub type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1132,6 +1167,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Stub end module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Interface type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1148,6 +1184,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_EqCmp_Interface end module CreusotContracts_Logic_Ord_OrdLogic_EqCmp type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -1185,7 +1222,7 @@ module CreusotContracts_Std1_Slice_Impl5_InBounds use prelude.UIntSize use seq.Seq predicate in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) = - [#"../../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] UIntSize.to_int self < Seq.length seq + [#"../../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] Int.lt (UIntSize.to_int self) (Seq.length seq) val in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) : bool ensures { result = in_bounds self seq } @@ -1212,6 +1249,7 @@ module CreusotContracts_Std1_Slice_Impl5_HasValue use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) = [#"../../../../../creusot-contracts/src/std/slice.rs" 115 20 115 37] Seq.get seq (UIntSize.to_int self) = out val has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) : bool @@ -1223,6 +1261,7 @@ module C05BinarySearchGeneric_BinarySearch_Interface use seq.Seq use prelude.UIntSize use prelude.Int + use prelude.Bool use prelude.Borrow clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t @@ -1251,13 +1290,13 @@ module C05BinarySearchGeneric_BinarySearch_Interface type t = Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global), type ShallowModelTy0.shallowModelTy = Seq.seq t val binary_search [#"../05_binary_search_generic.rs" 27 0 29 29] (arr : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) (elem : t) : Core_Result_Result_Type.t_result usize usize - requires {[#"../05_binary_search_generic.rs" 20 11 20 36] Seq.length (ShallowModel0.shallow_model arr) <= UIntSize.to_int Max0.mAX'} + requires {[#"../05_binary_search_generic.rs" 20 11 20 36] Int.le (Seq.length (ShallowModel0.shallow_model arr)) (UIntSize.to_int Max0.mAX')} requires {[#"../05_binary_search_generic.rs" 21 11 21 35] Sorted0.sorted (DeepModel0.deep_model arr)} requires {[#"../05_binary_search_generic.rs" 27 41 27 44] Inv0.inv arr} requires {[#"../05_binary_search_generic.rs" 27 55 27 59] Inv1.inv elem} ensures { [#"../05_binary_search_generic.rs" 22 0 22 89] forall x : usize . result = Core_Result_Result_Type.C_Ok x -> Seq.get (DeepModel0.deep_model arr) (UIntSize.to_int x) = DeepModel1.deep_model elem } - ensures { [#"../05_binary_search_generic.rs" 23 0 24 74] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . i < x -> LeLog0.le_log (Seq.get (DeepModel0.deep_model arr) (UIntSize.to_int i)) (DeepModel1.deep_model elem)) } - ensures { [#"../05_binary_search_generic.rs" 25 0 26 92] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . x <= i /\ UIntSize.to_int i < Seq.length (ShallowModel0.shallow_model arr) -> LtLog0.lt_log (DeepModel1.deep_model elem) (Seq.get (DeepModel0.deep_model arr) (UIntSize.to_int i))) } + ensures { [#"../05_binary_search_generic.rs" 23 0 24 74] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . Int.lt i x -> LeLog0.le_log (Seq.get (DeepModel0.deep_model arr) (UIntSize.to_int i)) (DeepModel1.deep_model elem)) } + ensures { [#"../05_binary_search_generic.rs" 25 0 26 92] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . Int.le x i /\ Int.lt (UIntSize.to_int i) (Seq.length (ShallowModel0.shallow_model arr)) -> LtLog0.lt_log (DeepModel1.deep_model elem) (Seq.get (DeepModel0.deep_model arr) (UIntSize.to_int i))) } end module C05BinarySearchGeneric_BinarySearch @@ -1265,6 +1304,7 @@ module C05BinarySearchGeneric_BinarySearch use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool use prelude.Borrow clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = t @@ -1470,13 +1510,13 @@ module C05BinarySearchGeneric_BinarySearch predicate Inv0.inv = Inv0.inv, function ShallowModel0.shallow_model = ShallowModel0.shallow_model let rec cfg binary_search [#"../05_binary_search_generic.rs" 27 0 29 29] [@cfg:stackify] [@cfg:subregion_analysis] (arr : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) (elem : t) : Core_Result_Result_Type.t_result usize usize - requires {[#"../05_binary_search_generic.rs" 20 11 20 36] Seq.length (ShallowModel0.shallow_model arr) <= UIntSize.to_int Max0.mAX'} + requires {[#"../05_binary_search_generic.rs" 20 11 20 36] Int.le (Seq.length (ShallowModel0.shallow_model arr)) (UIntSize.to_int Max0.mAX')} requires {[#"../05_binary_search_generic.rs" 21 11 21 35] Sorted0.sorted (DeepModel0.deep_model arr)} requires {[#"../05_binary_search_generic.rs" 27 41 27 44] Inv0.inv arr} requires {[#"../05_binary_search_generic.rs" 27 55 27 59] Inv2.inv elem} ensures { [#"../05_binary_search_generic.rs" 22 0 22 89] forall x : usize . result = Core_Result_Result_Type.C_Ok x -> Seq.get (DeepModel0.deep_model arr) (UIntSize.to_int x) = DeepModel1.deep_model elem } - ensures { [#"../05_binary_search_generic.rs" 23 0 24 74] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . i < x -> LeLog0.le_log (Seq.get (DeepModel0.deep_model arr) (UIntSize.to_int i)) (DeepModel1.deep_model elem)) } - ensures { [#"../05_binary_search_generic.rs" 25 0 26 92] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . x <= i /\ UIntSize.to_int i < Seq.length (ShallowModel0.shallow_model arr) -> LtLog0.lt_log (DeepModel1.deep_model elem) (Seq.get (DeepModel0.deep_model arr) (UIntSize.to_int i))) } + ensures { [#"../05_binary_search_generic.rs" 23 0 24 74] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . Int.lt i x -> LeLog0.le_log (Seq.get (DeepModel0.deep_model arr) (UIntSize.to_int i)) (DeepModel1.deep_model elem)) } + ensures { [#"../05_binary_search_generic.rs" 25 0 26 92] forall x : usize . result = Core_Result_Result_Type.C_Err x -> (forall i : usize . Int.le x i /\ Int.lt (UIntSize.to_int i) (Seq.length (ShallowModel0.shallow_model arr)) -> LtLog0.lt_log (DeepModel1.deep_model elem) (Seq.get (DeepModel0.deep_model arr) (UIntSize.to_int i))) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : Core_Result_Result_Type.t_result usize usize; @@ -1512,7 +1552,7 @@ module C05BinarySearchGeneric_BinarySearch goto BB4 } BB4 { - switch ([#"../05_binary_search_generic.rs" 31 7 31 21] _10 = ([#"../05_binary_search_generic.rs" 31 20 31 21] [#"../05_binary_search_generic.rs" 31 20 31 21] (0 : usize))) + switch ([#"../05_binary_search_generic.rs" 31 7 31 21] UIntSize.eq _10 ([#"../05_binary_search_generic.rs" 31 20 31 21] [#"../05_binary_search_generic.rs" 31 20 31 21] (0 : usize))) | False -> goto BB7 | True -> goto BB5 end @@ -1543,25 +1583,25 @@ module C05BinarySearchGeneric_BinarySearch goto BB11 } BB11 { - invariant { [#"../05_binary_search_generic.rs" 37 16 37 56] 0 < UIntSize.to_int size /\ UIntSize.to_int size + UIntSize.to_int base <= Seq.length (ShallowModel0.shallow_model arr) }; - invariant { [#"../05_binary_search_generic.rs" 37 4 37 58] forall i : usize . i < base -> LeLog0.le_log (Seq.get (DeepModel0.deep_model arr) (UIntSize.to_int i)) (DeepModel1.deep_model elem) }; - invariant { [#"../05_binary_search_generic.rs" 37 4 37 58] forall i : usize . UIntSize.to_int base + UIntSize.to_int size <= UIntSize.to_int i /\ UIntSize.to_int i < Seq.length (ShallowModel0.shallow_model arr) -> LtLog0.lt_log (DeepModel1.deep_model elem) (Seq.get (DeepModel0.deep_model arr) (UIntSize.to_int i)) }; + invariant { [#"../05_binary_search_generic.rs" 37 16 37 56] Int.lt 0 (UIntSize.to_int size) /\ Int.le (Int.add (UIntSize.to_int size) (UIntSize.to_int base)) (Seq.length (ShallowModel0.shallow_model arr)) }; + invariant { [#"../05_binary_search_generic.rs" 37 4 37 58] forall i : usize . Int.lt i base -> LeLog0.le_log (Seq.get (DeepModel0.deep_model arr) (UIntSize.to_int i)) (DeepModel1.deep_model elem) }; + invariant { [#"../05_binary_search_generic.rs" 37 4 37 58] forall i : usize . Int.le (Int.add (UIntSize.to_int base) (UIntSize.to_int size)) (UIntSize.to_int i) /\ Int.lt (UIntSize.to_int i) (Seq.length (ShallowModel0.shallow_model arr)) -> LtLog0.lt_log (DeepModel1.deep_model elem) (Seq.get (DeepModel0.deep_model arr) (UIntSize.to_int i)) }; goto BB12 } BB12 { - switch ([#"../05_binary_search_generic.rs" 40 10 40 18] size > ([#"../05_binary_search_generic.rs" 40 17 40 18] [#"../05_binary_search_generic.rs" 40 17 40 18] (1 : usize))) + switch ([#"../05_binary_search_generic.rs" 40 10 40 18] UIntSize.gt size ([#"../05_binary_search_generic.rs" 40 17 40 18] [#"../05_binary_search_generic.rs" 40 17 40 18] (1 : usize))) | False -> goto BB20 | True -> goto BB13 end } BB13 { - _25 <- ([#"../05_binary_search_generic.rs" 41 19 41 27] ([#"../05_binary_search_generic.rs" 41 26 41 27] [#"../05_binary_search_generic.rs" 41 26 41 27] (2 : usize)) = ([#"../05_binary_search_generic.rs" 41 19 41 27] [#"../05_binary_search_generic.rs" 41 19 41 27] (0 : usize))); + _25 <- ([#"../05_binary_search_generic.rs" 41 19 41 27] UIntSize.eq ([#"../05_binary_search_generic.rs" 41 26 41 27] [#"../05_binary_search_generic.rs" 41 26 41 27] (2 : usize)) ([#"../05_binary_search_generic.rs" 41 19 41 27] [#"../05_binary_search_generic.rs" 41 19 41 27] (0 : usize))); assert { [@expl:division by zero] [#"../05_binary_search_generic.rs" 41 19 41 27] not _25 }; goto BB14 } BB14 { - half <- ([#"../05_binary_search_generic.rs" 41 19 41 27] size / ([#"../05_binary_search_generic.rs" 41 26 41 27] [#"../05_binary_search_generic.rs" 41 26 41 27] (2 : usize))); - mid <- ([#"../05_binary_search_generic.rs" 42 18 42 29] base + half); + half <- ([#"../05_binary_search_generic.rs" 41 19 41 27] UIntSize.div size ([#"../05_binary_search_generic.rs" 41 26 41 27] [#"../05_binary_search_generic.rs" 41 26 41 27] (2 : usize))); + mid <- ([#"../05_binary_search_generic.rs" 42 18 42 29] UIntSize.add base half); _32 <- ([#"../05_binary_search_generic.rs" 44 18 44 26] Index0.index ([#"../05_binary_search_generic.rs" 44 18 44 21] arr) mid); goto BB15 } @@ -1588,7 +1628,7 @@ module C05BinarySearchGeneric_BinarySearch BB19 { base <- _29; _29 <- any usize; - size <- ([#"../05_binary_search_generic.rs" 46 8 46 20] size - half); + size <- ([#"../05_binary_search_generic.rs" 46 8 46 20] UIntSize.sub size half); goto BB11 } BB20 { @@ -1633,7 +1673,7 @@ module C05BinarySearchGeneric_BinarySearch goto BB28 } BB27 { - _0 <- ([#"../05_binary_search_generic.rs" 53 26 53 39] Core_Result_Result_Type.C_Err ([#"../05_binary_search_generic.rs" 53 30 53 38] base + ([#"../05_binary_search_generic.rs" 53 37 53 38] [#"../05_binary_search_generic.rs" 53 37 53 38] (1 : usize)))); + _0 <- ([#"../05_binary_search_generic.rs" 53 26 53 39] Core_Result_Result_Type.C_Err ([#"../05_binary_search_generic.rs" 53 30 53 38] UIntSize.add base ([#"../05_binary_search_generic.rs" 53 37 53 38] [#"../05_binary_search_generic.rs" 53 37 53 38] (1 : usize)))); goto BB28 } BB28 { diff --git a/creusot/tests/should_succeed/vector/05_binary_search_generic/why3session.xml b/creusot/tests/should_succeed/vector/05_binary_search_generic/why3session.xml index c59c907707..9d2ccc2419 100644 --- a/creusot/tests/should_succeed/vector/05_binary_search_generic/why3session.xml +++ b/creusot/tests/should_succeed/vector/05_binary_search_generic/why3session.xml @@ -11,109 +11,109 @@ - + - - + + - - + + - - + + - + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - + - + - + - - + + - - + + - - + + - - + + - - + + - + - - + + - - + + - + - + - + - - + + - - + + - - + + - + - - + + - - + + - + - + - + diff --git a/creusot/tests/should_succeed/vector/05_binary_search_generic/why3shapes.gz b/creusot/tests/should_succeed/vector/05_binary_search_generic/why3shapes.gz index 988e789d3f61030ec00aecdc91bd4fcb802a60ed..fb60435a3fcf72f3ae612cddc4eb62e514adb69c 100644 GIT binary patch literal 2684 zcmV-?3WN0@iwFP!00000|IJu!ZyUK0{;pr4Z`WQ?fE*6r3giGGh)V-O?@O`hH-qGo ziBQLKBqhz=ukVn%D{&>+@m&%pfT87*!+jQU`7v#G>&@LimTLL) zUl;rLetq|`V^`ydcYGQ`2h&h=Vj5zHR||ie=9&)8zqwi8 z?ftvee|}n3EvFLKgF-nel%1M}s?*a@cZSTo@bTUK&F$t*XFJaP%bQp4Klt1C{zZMS znhsApljqQJP8(jQ-ENeF@yV}SIr?BAxqohx->2*T(HQKE+IppoP)gT!-wq z?zkB@>G7$?r<^HKlk9vyP0yXd>Fe#}jZxG5^MQ51kI>0u{>{Ew`Sadupbe?P7ew+&*?7o87njX1due$0wc`R~_g%{M*#5G#W;af~xi}k`l}` z-=}ncm|WGb+RrCDu+0P~-F^C0EU)9RdQIO_gdVW8qJ>B&`Lo<{3E>EE}=*X>I&usCq+gcQ&o$a+SO;_-u@KD)US?DFpGIkqBq z0`BV6J=G-_T(z#>c>w#U4l?U)u?Ov~Zky zjEHAv#4kC7v=F3UTAXz`@*z)8ZwG2MQ$u|1f4fgdf-n3w?KZa`)07Nu!sf$WzZ(%; z@^~ra!}7w@x7>X6w;$4j^8N;S-J^z4P1M71w9Fe3T5IO(8|4?&LxP&r=-FO9$lz1~ zX6IClweRg_7_|<&hl10(;BRMah(Xv5!*9#q({@uyUO6S&$x1gskFiZ^_$G?p*?ZBxYOSsgU1Z zxIRPC-G?yB)vtZp{;~ikTQ5~GXj3`-kro6_dl2f&c4_<34}IBZdJ%YHNrWesL^v~W zv7vyA-@ZO;0*?_l#M#RlVfA{p-FAp`!qLQx#huWRzb>}xXw2D@hF||nv(we4RV$kN zK!;*A!>~Gbz+{}3FV&F_`TP}L9ki6UA!O@-R1Ae>Cc!5O-p;aVmeqY_=2acBPS{uD zqOeUODBp5UqCxsl)+(*04u8m7xq817bjkQ-=1^5T2U@5CuPM;#-0IJ@Jt)uG9-8`W z+jH!0^kJlq3a(a9;xwwKahl|2l)5^Hp&CF>3tie%k50%qoT0!@h%!0|h=*0Znx9go z5ry9QwTb$_nlbD1{ZZ;Qg;}#kt?bP7BR9BLzfQ%j37MkjGMyd_o&h@A%3pg4I+_7q zdA=W{7RT82pB87A>e&V2)7j}R?l-&r?8^EGJLLH#;JV2il3gtt2NX1qWZF+p%d+x` zSysaAjbB~2=}Yn<<+k=`$S&Ve%7xJ;zA5;PB2d17nG4v!eoCq@q2YrVL-t~KbWP@XhB<#1*-2<23R%IHvo4mwdD zYtT_`ot!NQ|2z0p2yiN#TlFB z1L<~RbDQr`9!7ZF|1=UydMwKL{$UG!v|1&|CJG~MFM?+V zd#RGr0MSntv;*ZpI>0ZnCQ*S_XfroGok(Um7#>&xX|>@|E(LdjIj|1Q*RmZW*;zp_kEmPhZMYAEJ+#yvk8SjJ#UbPADg&6ZqBb zN9C>PBPgGVNEv-%QTMEzft1ufEfI@u6b`{54VV+w3G;PPus)fXWDwHCn0v-K7|fZ0 zGO>`kFbtJL`3zXl*n}W71evU`8j+aKEEfz7Q%sC(e=ayWM+{2$DN8F%788g;(a(vfXTT(}gKL#hl|KmBfXXIrjYO+0 zW1gZVWXn7YNwSc2&8`GZ{|I0sxspzw9O;8$Oh$?(YYnBtEHzlaRNN`%B;hhY4r(Sa zA_|d$j=nd-n9Qh6h>8=NA?c-}9m*-`6gnlGf^Q1PNZ>YvUX`{kU;xD#`Ld^0k7tgt z!ZFW@2&k2^RwN=HAkTrKIk3LBl!q*{aX41{%%G^bD!r;TloU-*N5``ixsL{U553F< zlm@5impv!06eIN@5-?FC9lXqFsR>~ar2s8_t+rY^jZTZ_M^|zPb!uR#YfIixDlyRm zwJCkz)TX4dHTix3eL`ZFks$`EB0$k-V>C(`siFlRtNYaV#VBm#6UsFt&A;e-&$%XQP6rRIiDu6#lu_0jXKz+Gx6-j#qRGU(sd)%s$ZtoI<3ug#trH zEudVn1Or%Fa=UaEofTiyy|F}DB7>&tkW~Op7k>saD+Scn8(ZuU^Q?8&IIF+V8YO$F qiQ-V=Kj;LWs=7s@x}{=(yjrW2;*1xI)VqDT)&B#;9QbasD*yoUC`9A{ literal 2496 zcmV;x2|xB9iwFP!00000|IJugk0ZAce%G(in-d!W$YSvdya9y8OgKPbzXXlE4S24F zXh&m7J6ZeJr<&a@b?dV1-JLZs5ZPoMAB%Ny{_^d7`;&jp+xbi0Y?te&zt7eD+rQ3s zKl|m=OT+H_8E^P7g$9PHXv8qZ2JdJ7`!{}-pWf|$@+5V&TL16y{W|4UBmHjuxP03A z_ly60v#3&zDIPk3au6sRHB42bhpBE1sd?k$`{&2i`dwoi&ivcQyPrS!)zAJ-{jQSs zqn*%mXgDW^f937Ar-Odv4`VtyFc958H`(vBi+WGh9L+%)X_anK$4`T^* z{h~inWzVDK5xeL|nCiy{$Iyb|3urEzJc*3yO?L7Pj}*`T10M@A_aaM-caZvl$1` z%x~A5T}~rO(9+CmlS9HxSkbdKbZl}A3w0v2%)q5U(ng5zM z>vp$eUp_sC^@pdl^+a>34rVmZ@A788rUszUS!UB{rvsKttRvyyotXPr$dTOl%XAad zK}E}P&THD{qurbl$M*5XugFB_Y5k+9pkGus8&cI_xldZ>?`0tGwGOyC;1`kA?J>4X z^!^d~fUcd@ve!*}&3r^cd!zOGMgD-gJHjAFPk41lgF`)?gh8up{5@udUTVkPmGA4f zU;UU2%liIeBwDogo_tr~Z>vAsdUc(%ci)}4s^gQmp*%plH-_-HlPmiT2W)BJCbr{* z2IJ_4-%*I*xDruW-sa7V@5=J^iUc?2N4PCN!ioGdWd+V2d)eJp?YlRd24OL=EGl}(KeV^GpPhV} z`-e$N>tAAH^%G#{TgkRDJc8D`$KWV<(nsR?Ya*t_R6RNKb`g! z(l?>#qN+~bw6}k*a7^8mykJr|h5~@K03fA(KH1m9z85 zanOoaBkE8qP;{37eXYR0O*mxG3t7D;e<~HT=Iy+!H}kN3@|#~CsaxH|pJp>3SP4n< z!ZiwIFlFj}R7mt_h!`= zQfsTCVWQZ?WKP*cEp_4`=0KF(0n}gSxc$8vJg{KFGcAy(Ta~ax2|6Vi=R!CEPH-pKXHjU8GwZ=yniM7^NLymzk_Tx# zi>WGmVG6gZ0+)4I2SXkmYV*;K$WRvKkyiD}LF$ZLvRV>0ucm*s{ zavN-lK5ESM9%vx^ood- z%@nJ2IS@kelM*Coj#;7u?QoUTU zuZ50tMbQT2P8gWCf~gD|l1T-G<}CNMUhyxbKX8h!z&Vr1NIRu$&^a@f0_4nV=~wgz zUlxUDDP?P!4brP29C=*ESNox*# z9V|8_tFuv>6_rZBAhT4A97ZzBsE)U;p_EhIul&+*ieRyTvc^y;4LVwC5JekBG4kMb zsBo-P<~2b9J#0%fl$((QHRB-YoWWuMJa2YTb0!%$iudrOYj~ z_ozG|r@q?s&o7N%7iREiio{$v z8^pqFj!YpS$W{;CqeW+hv+$|fw9X6)1N6y4vPBfB$#b}&52bz8RxiS;s!)Eq&i@1D K$&%R8C;$Lg)ASGk diff --git a/creusot/tests/should_succeed/vector/06_knights_tour.mlcfg b/creusot/tests/should_succeed/vector/06_knights_tour.mlcfg index 3783a72c14..1b6e1242a3 100644 --- a/creusot/tests/should_succeed/vector/06_knights_tour.mlcfg +++ b/creusot/tests/should_succeed/vector/06_knights_tour.mlcfg @@ -15,14 +15,15 @@ module C06KnightsTour_Point_Type end end module Core_Clone_Impls_Impl11_Clone_Interface + use prelude.IntSize use prelude.Borrow use prelude.Int - use prelude.IntSize val clone' (self : isize) : isize ensures { [#"../../../../../creusot-contracts/src/std/clone.rs" 7 0 20 1] result = self } end module C06KnightsTour_Impl3_Clone_Interface + use prelude.Bool use prelude.Borrow use C06KnightsTour_Point_Type as C06KnightsTour_Point_Type val clone' [#"../06_knights_tour.rs" 4 15 4 20] (self : C06KnightsTour_Point_Type.t_point) : C06KnightsTour_Point_Type.t_point @@ -33,6 +34,7 @@ module C06KnightsTour_Impl3_Clone use prelude.Int use prelude.IntSize use prelude.Borrow + use prelude.Bool clone Core_Clone_Impls_Impl11_Clone_Interface as Clone0 use C06KnightsTour_Point_Type as C06KnightsTour_Point_Type let rec cfg clone' [#"../06_knights_tour.rs" 4 15 4 20] [@cfg:stackify] [@cfg:subregion_analysis] (self : C06KnightsTour_Point_Type.t_point) : C06KnightsTour_Point_Type.t_point @@ -69,29 +71,31 @@ end module C06KnightsTour_Impl0_Mov_Interface use prelude.IntSize use prelude.Int + use prelude.Bool use prelude.Borrow use C06KnightsTour_Point_Type as C06KnightsTour_Point_Type val mov [#"../06_knights_tour.rs" 18 4 18 45] (self : C06KnightsTour_Point_Type.t_point) (p : (isize, isize)) : C06KnightsTour_Point_Type.t_point - requires {[#"../06_knights_tour.rs" 12 15 12 52] - 10000 <= IntSize.to_int (C06KnightsTour_Point_Type.point_x self) /\ IntSize.to_int (C06KnightsTour_Point_Type.point_x self) <= 10000} - requires {[#"../06_knights_tour.rs" 13 15 13 52] - 10000 <= IntSize.to_int (C06KnightsTour_Point_Type.point_y self) /\ IntSize.to_int (C06KnightsTour_Point_Type.point_y self) <= 10000} - requires {[#"../06_knights_tour.rs" 14 15 14 46] - 10000 <= IntSize.to_int (let (a, _) = p in a) /\ IntSize.to_int (let (a, _) = p in a) <= 10000} - requires {[#"../06_knights_tour.rs" 15 15 15 46] - 10000 <= IntSize.to_int (let (_, a) = p in a) /\ IntSize.to_int (let (_, a) = p in a) <= 10000} - ensures { [#"../06_knights_tour.rs" 16 14 16 41] IntSize.to_int (C06KnightsTour_Point_Type.point_x result) = IntSize.to_int (C06KnightsTour_Point_Type.point_x self) + IntSize.to_int (let (a, _) = p in a) } - ensures { [#"../06_knights_tour.rs" 17 14 17 41] IntSize.to_int (C06KnightsTour_Point_Type.point_y result) = IntSize.to_int (C06KnightsTour_Point_Type.point_y self) + IntSize.to_int (let (_, a) = p in a) } + requires {[#"../06_knights_tour.rs" 12 15 12 52] Int.le (- 10000) (IntSize.to_int (C06KnightsTour_Point_Type.point_x self)) /\ Int.le (IntSize.to_int (C06KnightsTour_Point_Type.point_x self)) 10000} + requires {[#"../06_knights_tour.rs" 13 15 13 52] Int.le (- 10000) (IntSize.to_int (C06KnightsTour_Point_Type.point_y self)) /\ Int.le (IntSize.to_int (C06KnightsTour_Point_Type.point_y self)) 10000} + requires {[#"../06_knights_tour.rs" 14 15 14 46] Int.le (- 10000) (IntSize.to_int (let (a, _) = p in a)) /\ Int.le (IntSize.to_int (let (a, _) = p in a)) 10000} + requires {[#"../06_knights_tour.rs" 15 15 15 46] Int.le (- 10000) (IntSize.to_int (let (_, a) = p in a)) /\ Int.le (IntSize.to_int (let (_, a) = p in a)) 10000} + ensures { [#"../06_knights_tour.rs" 16 14 16 41] IntSize.to_int (C06KnightsTour_Point_Type.point_x result) = Int.add (IntSize.to_int (C06KnightsTour_Point_Type.point_x self)) (IntSize.to_int (let (a, _) = p in a)) } + ensures { [#"../06_knights_tour.rs" 17 14 17 41] IntSize.to_int (C06KnightsTour_Point_Type.point_y result) = Int.add (IntSize.to_int (C06KnightsTour_Point_Type.point_y self)) (IntSize.to_int (let (_, a) = p in a)) } end module C06KnightsTour_Impl0_Mov use prelude.Int use prelude.IntSize use prelude.Borrow + use prelude.Bool use C06KnightsTour_Point_Type as C06KnightsTour_Point_Type let rec cfg mov [#"../06_knights_tour.rs" 18 4 18 45] [@cfg:stackify] [@cfg:subregion_analysis] (self : C06KnightsTour_Point_Type.t_point) (p : (isize, isize)) : C06KnightsTour_Point_Type.t_point - requires {[#"../06_knights_tour.rs" 12 15 12 52] - 10000 <= IntSize.to_int (C06KnightsTour_Point_Type.point_x self) /\ IntSize.to_int (C06KnightsTour_Point_Type.point_x self) <= 10000} - requires {[#"../06_knights_tour.rs" 13 15 13 52] - 10000 <= IntSize.to_int (C06KnightsTour_Point_Type.point_y self) /\ IntSize.to_int (C06KnightsTour_Point_Type.point_y self) <= 10000} - requires {[#"../06_knights_tour.rs" 14 15 14 46] - 10000 <= IntSize.to_int (let (a, _) = p in a) /\ IntSize.to_int (let (a, _) = p in a) <= 10000} - requires {[#"../06_knights_tour.rs" 15 15 15 46] - 10000 <= IntSize.to_int (let (_, a) = p in a) /\ IntSize.to_int (let (_, a) = p in a) <= 10000} - ensures { [#"../06_knights_tour.rs" 16 14 16 41] IntSize.to_int (C06KnightsTour_Point_Type.point_x result) = IntSize.to_int (C06KnightsTour_Point_Type.point_x self) + IntSize.to_int (let (a, _) = p in a) } - ensures { [#"../06_knights_tour.rs" 17 14 17 41] IntSize.to_int (C06KnightsTour_Point_Type.point_y result) = IntSize.to_int (C06KnightsTour_Point_Type.point_y self) + IntSize.to_int (let (_, a) = p in a) } + requires {[#"../06_knights_tour.rs" 12 15 12 52] Int.le (- 10000) (IntSize.to_int (C06KnightsTour_Point_Type.point_x self)) /\ Int.le (IntSize.to_int (C06KnightsTour_Point_Type.point_x self)) 10000} + requires {[#"../06_knights_tour.rs" 13 15 13 52] Int.le (- 10000) (IntSize.to_int (C06KnightsTour_Point_Type.point_y self)) /\ Int.le (IntSize.to_int (C06KnightsTour_Point_Type.point_y self)) 10000} + requires {[#"../06_knights_tour.rs" 14 15 14 46] Int.le (- 10000) (IntSize.to_int (let (a, _) = p in a)) /\ Int.le (IntSize.to_int (let (a, _) = p in a)) 10000} + requires {[#"../06_knights_tour.rs" 15 15 15 46] Int.le (- 10000) (IntSize.to_int (let (_, a) = p in a)) /\ Int.le (IntSize.to_int (let (_, a) = p in a)) 10000} + ensures { [#"../06_knights_tour.rs" 16 14 16 41] IntSize.to_int (C06KnightsTour_Point_Type.point_x result) = Int.add (IntSize.to_int (C06KnightsTour_Point_Type.point_x self)) (IntSize.to_int (let (a, _) = p in a)) } + ensures { [#"../06_knights_tour.rs" 17 14 17 41] IntSize.to_int (C06KnightsTour_Point_Type.point_y result) = Int.add (IntSize.to_int (C06KnightsTour_Point_Type.point_y self)) (IntSize.to_int (let (_, a) = p in a)) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : C06KnightsTour_Point_Type.t_point; @@ -101,7 +105,7 @@ module C06KnightsTour_Impl0_Mov goto BB0 } BB0 { - _0 <- ([#"../06_knights_tour.rs" 19 8 19 53] C06KnightsTour_Point_Type.C_Point ([#"../06_knights_tour.rs" 19 18 19 32] C06KnightsTour_Point_Type.point_x self + (let (a, _) = p in a)) ([#"../06_knights_tour.rs" 19 37 19 51] C06KnightsTour_Point_Type.point_y self + (let (_, a) = p in a))); + _0 <- ([#"../06_knights_tour.rs" 19 8 19 53] C06KnightsTour_Point_Type.C_Point ([#"../06_knights_tour.rs" 19 18 19 32] IntSize.add (C06KnightsTour_Point_Type.point_x self) (let (a, _) = p in a)) ([#"../06_knights_tour.rs" 19 37 19 51] IntSize.add (C06KnightsTour_Point_Type.point_y self) (let (_, a) = p in a))); return _0 } @@ -225,11 +229,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -247,11 +251,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub type t @@ -310,6 +314,7 @@ module C06KnightsTour_Impl1_Wf use prelude.UIntSize use prelude.Int use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv3 with type t = Seq.seq usize @@ -341,7 +346,7 @@ module C06KnightsTour_Impl1_Wf axiom . use C06KnightsTour_Board_Type as C06KnightsTour_Board_Type predicate wf [#"../06_knights_tour.rs" 30 4 30 23] (self : C06KnightsTour_Board_Type.t_board) = - [#"../06_knights_tour.rs" 31 8 35 9] UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) <= 1000 /\ Seq.length (ShallowModel0.shallow_model (C06KnightsTour_Board_Type.board_field self)) = UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) -> Seq.length (ShallowModel1.shallow_model (IndexLogic0.index_logic (C06KnightsTour_Board_Type.board_field self) i)) = UIntSize.to_int (C06KnightsTour_Board_Type.board_size self)) + [#"../06_knights_tour.rs" 31 8 35 9] Int.le (UIntSize.to_int (C06KnightsTour_Board_Type.board_size self)) 1000 /\ Seq.length (ShallowModel0.shallow_model (C06KnightsTour_Board_Type.board_field self)) = UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) /\ (forall i : int . Int.le 0 i /\ Int.lt i (UIntSize.to_int (C06KnightsTour_Board_Type.board_size self)) -> Seq.length (ShallowModel1.shallow_model (IndexLogic0.index_logic (C06KnightsTour_Board_Type.board_field self) i)) = UIntSize.to_int (C06KnightsTour_Board_Type.board_size self)) val wf [#"../06_knights_tour.rs" 30 4 30 23] (self : C06KnightsTour_Board_Type.t_board) : bool ensures { result = wf self } @@ -416,6 +421,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -427,6 +433,7 @@ module Alloc_Vec_FromElem_Interface use seq.Seq use prelude.UIntSize use prelude.Int + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv2 with type t = Seq.seq t @@ -450,7 +457,7 @@ module Alloc_Vec_FromElem_Interface val from_elem (elem : t) (n : usize) : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) requires {Inv0.inv elem} ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 157 22 157 41] Seq.length (ShallowModel0.shallow_model result) = UIntSize.to_int n } - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 158 12 158 78] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> IndexLogic0.index_logic result i = elem } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 158 12 158 78] forall i : int . Int.le 0 i /\ Int.lt i (UIntSize.to_int n) -> IndexLogic0.index_logic result i = elem } ensures { Inv1.inv result } end @@ -475,6 +482,7 @@ module C06KnightsTour_Impl1_New_Closure3_Interface use prelude.UIntSize use prelude.Int use prelude.Ghost + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq usize @@ -523,6 +531,7 @@ module C06KnightsTour_Impl1_New_Closure3 use prelude.Borrow use seq.Seq use prelude.Ghost + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Interface as Inv2 with type t = Seq.seq usize @@ -853,6 +862,7 @@ module CreusotContracts_Std1_Iter_MapInv_Impl3_Reinitialize type f use prelude.Borrow use seq.Seq + use prelude.Bool clone Core_Iter_Traits_Iterator_Iterator_Item_Type as Item0 with type self = i clone CreusotContracts_Std1_Iter_MapInv_Impl3_Preservation_Stub as Preservation0 with @@ -882,6 +892,7 @@ module CreusotContracts_Std1_Iter_Iterator_MapInv_Interface type f use seq.Seq use prelude.Ghost + use prelude.Bool clone Core_Iter_Traits_Iterator_Iterator_Item_Type as Item0 with type self = self use seq.Seq @@ -966,6 +977,7 @@ module Core_Iter_Traits_Iterator_Iterator_Collect_Interface type b use seq.Seq use prelude.Borrow + use prelude.Bool clone Core_Iter_Traits_Iterator_Iterator_Item_Type as Item0 with type self = self use seq.Seq @@ -1158,6 +1170,7 @@ end module CreusotContracts_Std1_Iter_Range_Impl0_Produces type idx use seq.Seq + use prelude.Bool use prelude.Int use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with @@ -1167,7 +1180,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Produces predicate produces (self : Core_Ops_Range_Range_Type.t_range idx) (visited : Seq.seq idx) (o : Core_Ops_Range_Range_Type.t_range idx) = - [#"../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) <= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) /\ (Seq.length visited > 0 -> DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) <= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end o)) /\ Seq.length visited = DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) - DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> DeepModel0.deep_model (Seq.get visited i) = DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) + i) + [#"../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ Int.le (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) /\ (Int.gt (Seq.length visited) 0 -> Int.le (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end o))) /\ Seq.length visited = Int.sub (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length visited) -> DeepModel0.deep_model (Seq.get visited i) = Int.add (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) i) val produces (self : Core_Ops_Range_Range_Type.t_range idx) (visited : Seq.seq idx) (o : Core_Ops_Range_Range_Type.t_range idx) : bool ensures { result = produces self visited o } @@ -1220,6 +1233,7 @@ module CreusotContracts_Std1_Iter_MapInv_Impl4_Resolve type i type b type f + use prelude.Bool clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve1 with type self = f clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve0 with @@ -1261,6 +1275,7 @@ module CreusotContracts_Std1_Iter_MapInv_Impl0_Completed use prelude.Borrow use prelude.Ghost use seq.Seq + use prelude.Bool clone CreusotContracts_Std1_Iter_Iterator_Completed_Stub as Completed0 with type self = i clone Core_Iter_Traits_Iterator_Iterator_Item_Type as Item0 with @@ -1302,9 +1317,10 @@ module CreusotContracts_Std1_Iter_MapInv_Impl0_Produces type b type f use seq.Seq + use prelude.Int + use prelude.Bool use prelude.Ghost use prelude.Borrow - use prelude.Int use seq_ext.SeqExt use seq.Seq clone Core_Iter_Traits_Iterator_Iterator_Item_Type as Item0 with @@ -1331,11 +1347,11 @@ module CreusotContracts_Std1_Iter_MapInv_Impl0_Produces predicate produces [@inline:trivial] (self : CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv i Item0.item f) (visited : Seq.seq b) (succ : CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv i Item0.item f) = - [#"../../../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9] Unnest0.unnest (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func self) (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func succ) /\ (exists s : Seq.seq Item0.item . Inv0.inv s /\ Seq.length s = Seq.length visited /\ Produces0.produces (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter self) s (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter succ) /\ Ghost.inner (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced succ) = Seq.(++) (Ghost.inner (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced self)) s /\ (exists fs : Seq.seq (borrowed f) . Inv1.inv fs /\ Seq.length fs = Seq.length visited /\ (forall i : int . 1 <= i /\ i < Seq.length fs -> ^ Seq.get fs (i - 1) = * Seq.get fs i) /\ (if Seq.length visited = 0 then + [#"../../../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9] Unnest0.unnest (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func self) (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func succ) /\ (exists s : Seq.seq Item0.item . Inv0.inv s /\ Seq.length s = Seq.length visited /\ Produces0.produces (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter self) s (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter succ) /\ Ghost.inner (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced succ) = Seq.(++) (Ghost.inner (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced self)) s /\ (exists fs : Seq.seq (borrowed f) . Inv1.inv fs /\ Seq.length fs = Seq.length visited /\ (forall i : int . Int.le 1 i /\ Int.lt i (Seq.length fs) -> ^ Seq.get fs (Int.sub i 1) = * Seq.get fs i) /\ (if Seq.length visited = 0 then CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func self = CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func succ else - * Seq.get fs 0 = CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func self /\ ^ Seq.get fs (Seq.length visited - 1) = CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func succ - ) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> Unnest0.unnest (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func self) ( * Seq.get fs i) /\ Precondition0.precondition ( * Seq.get fs i) (Seq.get s i, Ghost.new (Seq.(++) (Ghost.inner (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced self)) (SeqExt.subsequence s 0 i))) /\ PostconditionMut0.postcondition_mut (Seq.get fs i) (Seq.get s i, Ghost.new (Seq.(++) (Ghost.inner (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced self)) (SeqExt.subsequence s 0 i))) (Seq.get visited i)))) + * Seq.get fs 0 = CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func self /\ ^ Seq.get fs (Int.sub (Seq.length visited) 1) = CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func succ + ) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length visited) -> Unnest0.unnest (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func self) ( * Seq.get fs i) /\ Precondition0.precondition ( * Seq.get fs i) (Seq.get s i, Ghost.new (Seq.(++) (Ghost.inner (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced self)) (SeqExt.subsequence s 0 i))) /\ PostconditionMut0.postcondition_mut (Seq.get fs i) (Seq.get s i, Ghost.new (Seq.(++) (Ghost.inner (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced self)) (SeqExt.subsequence s 0 i))) (Seq.get visited i)))) val produces [@inline:trivial] (self : CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv i Item0.item f) (visited : Seq.seq b) (succ : CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv i Item0.item f) : bool ensures { result = produces self visited succ } @@ -1360,6 +1376,7 @@ end module CreusotContracts_Std1_Vec_Impl9_FromIterPost type t use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -1533,6 +1550,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Completed type idx use prelude.Borrow use prelude.Int + use prelude.Bool use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with type self = idx, @@ -1541,7 +1559,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Completed clone CreusotContracts_Resolve_Impl1_Resolve_Stub as Resolve0 with type t = Core_Ops_Range_Range_Type.t_range idx predicate completed (self : borrowed (Core_Ops_Range_Range_Type.t_range idx)) = - [#"../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78] Resolve0.resolve self /\ DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start ( * self)) >= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end ( * self)) + [#"../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78] Resolve0.resolve self /\ Int.ge (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start ( * self))) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end ( * self))) val completed (self : borrowed (Core_Ops_Range_Range_Type.t_range idx)) : bool ensures { result = completed self } @@ -1724,7 +1742,7 @@ module C06KnightsTour_Impl1_New_Interface use C06KnightsTour_Board_Type as C06KnightsTour_Board_Type clone C06KnightsTour_Impl1_Wf_Stub as Wf0 val new [#"../06_knights_tour.rs" 40 4 40 31] (size : usize) : C06KnightsTour_Board_Type.t_board - requires {[#"../06_knights_tour.rs" 37 15 37 28] UIntSize.to_int size <= 1000} + requires {[#"../06_knights_tour.rs" 37 15 37 28] Int.le (UIntSize.to_int size) 1000} ensures { [#"../06_knights_tour.rs" 38 14 38 33] C06KnightsTour_Board_Type.board_size result = size } ensures { [#"../06_knights_tour.rs" 39 14 39 25] Wf0.wf result } @@ -1997,7 +2015,7 @@ module C06KnightsTour_Impl1_New predicate Inv2.inv = Inv4.inv, predicate Inv3.inv = Inv5.inv let rec cfg new [#"../06_knights_tour.rs" 40 4 40 31] [@cfg:stackify] [@cfg:subregion_analysis] (size : usize) : C06KnightsTour_Board_Type.t_board - requires {[#"../06_knights_tour.rs" 37 15 37 28] UIntSize.to_int size <= 1000} + requires {[#"../06_knights_tour.rs" 37 15 37 28] Int.le (UIntSize.to_int size) 1000} ensures { [#"../06_knights_tour.rs" 38 14 38 33] C06KnightsTour_Board_Type.board_size result = size } ensures { [#"../06_knights_tour.rs" 39 14 39 25] Wf0.wf result } @@ -2050,12 +2068,13 @@ module C06KnightsTour_Impl1_InBounds use prelude.IntSize use prelude.Int use prelude.UIntSize + use prelude.Bool use C06KnightsTour_Point_Type as C06KnightsTour_Point_Type use C06KnightsTour_Board_Type as C06KnightsTour_Board_Type predicate in_bounds [#"../06_knights_tour.rs" 61 4 61 40] (self : C06KnightsTour_Board_Type.t_board) (p : C06KnightsTour_Point_Type.t_point) = - [#"../06_knights_tour.rs" 63 12 63 75] 0 <= IntSize.to_int (C06KnightsTour_Point_Type.point_x p) /\ IntSize.to_int (C06KnightsTour_Point_Type.point_x p) < UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) /\ 0 <= IntSize.to_int (C06KnightsTour_Point_Type.point_y p) /\ IntSize.to_int (C06KnightsTour_Point_Type.point_y p) < UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) + [#"../06_knights_tour.rs" 63 12 63 75] Int.le 0 (IntSize.to_int (C06KnightsTour_Point_Type.point_x p)) /\ Int.lt (IntSize.to_int (C06KnightsTour_Point_Type.point_x p)) (UIntSize.to_int (C06KnightsTour_Board_Type.board_size self)) /\ Int.le 0 (IntSize.to_int (C06KnightsTour_Point_Type.point_y p)) /\ Int.lt (IntSize.to_int (C06KnightsTour_Point_Type.point_y p)) (UIntSize.to_int (C06KnightsTour_Board_Type.board_size self)) val in_bounds [#"../06_knights_tour.rs" 61 4 61 40] (self : C06KnightsTour_Board_Type.t_board) (p : C06KnightsTour_Point_Type.t_point) : bool ensures { result = in_bounds self p } @@ -2248,7 +2267,7 @@ module CreusotContracts_Std1_Slice_Impl5_InBounds use prelude.UIntSize use seq.Seq predicate in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) = - [#"../../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] UIntSize.to_int self < Seq.length seq + [#"../../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] Int.lt (UIntSize.to_int self) (Seq.length seq) val in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) : bool ensures { result = in_bounds self seq } @@ -2275,6 +2294,7 @@ module CreusotContracts_Std1_Slice_Impl5_HasValue use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) = [#"../../../../../creusot-contracts/src/std/slice.rs" 115 20 115 37] Seq.get seq (UIntSize.to_int self) = out val has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) : bool @@ -2438,7 +2458,7 @@ module C06KnightsTour_Impl1_Available goto BB0 } BB0 { - switch ([#"../06_knights_tour.rs" 53 8 53 16] ([#"../06_knights_tour.rs" 53 8 53 9] [#"../06_knights_tour.rs" 53 8 53 9] (0 : isize)) <= C06KnightsTour_Point_Type.point_x p) + switch ([#"../06_knights_tour.rs" 53 8 53 16] IntSize.le ([#"../06_knights_tour.rs" 53 8 53 9] [#"../06_knights_tour.rs" 53 8 53 9] (0 : isize)) (C06KnightsTour_Point_Type.point_x p)) | False -> goto BB10 | True -> goto BB11 end @@ -2459,7 +2479,7 @@ module C06KnightsTour_Impl1_Available goto BB6 } BB5 { - _5 <- ([#"../06_knights_tour.rs" 56 15 56 41] ([#"../06_knights_tour.rs" 56 15 56 29] UIntSize.of_int (IntSize.to_int (C06KnightsTour_Point_Type.point_y p))) < C06KnightsTour_Board_Type.board_size self); + _5 <- ([#"../06_knights_tour.rs" 56 15 56 41] UIntSize.lt ([#"../06_knights_tour.rs" 56 15 56 29] UIntSize.of_int (IntSize.to_int (C06KnightsTour_Point_Type.point_y p))) (C06KnightsTour_Board_Type.board_size self)); goto BB6 } BB6 { @@ -2473,7 +2493,7 @@ module C06KnightsTour_Impl1_Available goto BB9 } BB8 { - _6 <- ([#"../06_knights_tour.rs" 55 15 55 23] ([#"../06_knights_tour.rs" 55 15 55 16] [#"../06_knights_tour.rs" 55 15 55 16] (0 : isize)) <= C06KnightsTour_Point_Type.point_y p); + _6 <- ([#"../06_knights_tour.rs" 55 15 55 23] IntSize.le ([#"../06_knights_tour.rs" 55 15 55 16] [#"../06_knights_tour.rs" 55 15 55 16] (0 : isize)) (C06KnightsTour_Point_Type.point_y p)); goto BB9 } BB9 { @@ -2487,7 +2507,7 @@ module C06KnightsTour_Impl1_Available goto BB12 } BB11 { - _7 <- ([#"../06_knights_tour.rs" 54 15 54 41] ([#"../06_knights_tour.rs" 54 15 54 29] UIntSize.of_int (IntSize.to_int (C06KnightsTour_Point_Type.point_x p))) < C06KnightsTour_Board_Type.board_size self); + _7 <- ([#"../06_knights_tour.rs" 54 15 54 41] UIntSize.lt ([#"../06_knights_tour.rs" 54 15 54 29] UIntSize.of_int (IntSize.to_int (C06KnightsTour_Point_Type.point_x p))) (C06KnightsTour_Board_Type.board_size self)); goto BB12 } BB12 { @@ -2501,7 +2521,7 @@ module C06KnightsTour_Impl1_Available goto BB14 } BB14 { - _0 <- ([#"../06_knights_tour.rs" 57 15 57 58] _22 = ([#"../06_knights_tour.rs" 57 57 57 58] [#"../06_knights_tour.rs" 57 57 57 58] (0 : usize))); + _0 <- ([#"../06_knights_tour.rs" 57 15 57 58] UIntSize.eq _22 ([#"../06_knights_tour.rs" 57 57 57 58] [#"../06_knights_tour.rs" 57 57 57 58] (0 : usize))); goto BB3 } @@ -2572,6 +2592,7 @@ module CreusotContracts_Std1_Vec_Impl8_Produces type t type a use seq.Seq + use prelude.Bool use Alloc_Vec_IntoIter_IntoIter_Type as Alloc_Vec_IntoIter_IntoIter_Type clone CreusotContracts_Std1_Vec_Impl7_ShallowModel_Stub as ShallowModel0 with type t = t, @@ -2611,6 +2632,7 @@ end module CreusotContracts_Resolve_Impl0_Resolve type t1 type t2 + use prelude.Bool clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve1 with type self = t2 clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve0 with @@ -2641,6 +2663,7 @@ module CreusotContracts_Std1_Vec_Impl11_Resolve type a use prelude.Int use seq.Seq + use prelude.Bool clone CreusotContracts_Resolve_Resolve_Resolve_Stub as Resolve0 with type self = t use Alloc_Vec_IntoIter_IntoIter_Type as Alloc_Vec_IntoIter_IntoIter_Type @@ -2648,7 +2671,7 @@ module CreusotContracts_Std1_Vec_Impl11_Resolve type t = t, type a = a predicate resolve (self : Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter t a) = - [#"../../../../../creusot-contracts/src/std/vec.rs" 222 8 222 85] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Resolve0.resolve (Seq.get (ShallowModel0.shallow_model self) i) + [#"../../../../../creusot-contracts/src/std/vec.rs" 222 8 222 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Resolve0.resolve (Seq.get (ShallowModel0.shallow_model self) i) val resolve (self : Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter t a) : bool ensures { result = resolve self } @@ -2656,6 +2679,7 @@ end module C06KnightsTour_Moves_Interface use seq.Seq use prelude.Int + use prelude.Bool use prelude.IntSize use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with @@ -2677,7 +2701,7 @@ module C06KnightsTour_Moves_Interface axiom . val moves [#"../06_knights_tour.rs" 95 0 95 33] (_1 : ()) : Alloc_Vec_Vec_Type.t_vec (isize, isize) (Alloc_Alloc_Global_Type.t_global) ensures { [#"../06_knights_tour.rs" 93 10 93 28] Seq.length (ShallowModel0.shallow_model result) = 8 } - ensures { [#"../06_knights_tour.rs" 94 0 94 130] forall i : int . 0 <= i /\ i < 8 -> - 2 <= IntSize.to_int (let (a, _) = IndexLogic0.index_logic result i in a) /\ IntSize.to_int (let (a, _) = IndexLogic0.index_logic result i in a) <= 2 /\ - 2 <= IntSize.to_int (let (_, a) = IndexLogic0.index_logic result i in a) /\ IntSize.to_int (let (_, a) = IndexLogic0.index_logic result i in a) <= 2 } + ensures { [#"../06_knights_tour.rs" 94 0 94 130] forall i : int . Int.le 0 i /\ Int.lt i 8 -> Int.le (- 2) (IntSize.to_int (let (a, _) = IndexLogic0.index_logic result i in a)) /\ Int.le (IntSize.to_int (let (a, _) = IndexLogic0.index_logic result i in a)) 2 /\ Int.le (- 2) (IntSize.to_int (let (_, a) = IndexLogic0.index_logic result i in a)) /\ Int.le (IntSize.to_int (let (_, a) = IndexLogic0.index_logic result i in a)) 2 } end module CreusotContracts_Std1_Vec_Impl4_IntoIterPre_Stub @@ -2725,6 +2749,7 @@ end module CreusotContracts_Std1_Vec_Impl4_IntoIterPost type t type a + use prelude.Bool use seq.Seq use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with @@ -2826,6 +2851,7 @@ module CreusotContracts_Std1_Vec_Impl8_Completed type a use prelude.Borrow use seq.Seq + use prelude.Bool use seq.Seq use Alloc_Vec_IntoIter_IntoIter_Type as Alloc_Vec_IntoIter_IntoIter_Type clone CreusotContracts_Model_Impl7_ShallowModel_Stub as ShallowModel0 with @@ -3249,7 +3275,7 @@ module C06KnightsTour_Impl1_CountDegree BB7 { invariant { [#"../06_knights_tour.rs" 73 8 73 46] Inv0.inv iter }; invariant { [#"../06_knights_tour.rs" 73 8 73 46] Produces0.produces (Ghost.inner iter_old) (Ghost.inner produced) iter }; - invariant { [#"../06_knights_tour.rs" 73 20 73 44] UIntSize.to_int count <= Seq.length (Ghost.inner produced) }; + invariant { [#"../06_knights_tour.rs" 73 20 73 44] Int.le (UIntSize.to_int count) (Seq.length (Ghost.inner produced)) }; goto BB8 } BB8 { @@ -3305,7 +3331,7 @@ module C06KnightsTour_Impl1_CountDegree end } BB17 { - count <- ([#"../06_knights_tour.rs" 77 16 77 26] count + ([#"../06_knights_tour.rs" 77 25 77 26] [#"../06_knights_tour.rs" 77 25 77 26] (1 : usize))); + count <- ([#"../06_knights_tour.rs" 77 16 77 26] UIntSize.add count ([#"../06_knights_tour.rs" 77 25 77 26] [#"../06_knights_tour.rs" 77 25 77 26] (1 : usize))); _16 <- ([#"../06_knights_tour.rs" 76 36 78 13] ()); goto BB19 } @@ -3358,6 +3384,7 @@ module Alloc_Vec_Impl13_IndexMut_Interface type a use prelude.Borrow use seq.Seq + use prelude.Int use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv4 with @@ -3431,16 +3458,17 @@ module CreusotContracts_Std1_Slice_Impl5_ResolveElswhere use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) = - [#"../../../../../creusot-contracts/src/std/slice.rs" 122 8 122 96] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i + [#"../../../../../creusot-contracts/src/std/slice.rs" 122 8 122 96] forall i : int . Int.le 0 i /\ i <> UIntSize.to_int self /\ Int.lt i (Seq.length old') -> Seq.get old' i = Seq.get fin i val resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) : bool ensures { result = resolve_elswhere self old' fin } end module C06KnightsTour_Impl1_Set_Interface use prelude.Borrow - use prelude.Int use prelude.UIntSize + use prelude.Int use C06KnightsTour_Point_Type as C06KnightsTour_Point_Type use C06KnightsTour_Board_Type as C06KnightsTour_Board_Type clone C06KnightsTour_Impl1_InBounds_Stub as InBounds0 @@ -3685,6 +3713,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Stub use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -3699,6 +3728,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -3708,12 +3738,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel_Interface function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Slice_Impl0_ShallowModel type t @@ -3721,6 +3751,7 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel use prelude.UIntSize use prelude.Int use prelude.Slice + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -3730,12 +3761,12 @@ module CreusotContracts_Std1_Slice_Impl0_ShallowModel function shallow_model (self : slice t) : Seq.seq t val shallow_model (self : slice t) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] result = Slice.id self } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 19 4 19 50] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 18 14 18 41] shallow_model self = Slice.id self) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl2_IndexLogic_Stub type t @@ -3779,6 +3810,7 @@ module CreusotContracts_Std1_Slice_Impl4_ToRefSeq_Stub type t use seq.Seq use prelude.Int + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -3797,6 +3829,7 @@ module CreusotContracts_Std1_Slice_Impl4_ToRefSeq_Interface type t use seq.Seq use prelude.Int + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -3813,16 +3846,17 @@ module CreusotContracts_Std1_Slice_Impl4_ToRefSeq_Interface val to_ref_seq (self : slice t) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 84 19 84 23] Inv0.inv self} ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 82 14 82 41] Seq.length result = Seq.length (ShallowModel0.shallow_model self) } - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . 0 <= i /\ i < Seq.length result -> Seq.get result i = IndexLogic0.index_logic self i } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length result) -> Seq.get result i = IndexLogic0.index_logic self i } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 84 4 84 35] Inv1.inv result } ensures { result = to_ref_seq self } - axiom to_ref_seq_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 84 19 84 23] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 84 4 84 35] Inv1.inv (to_ref_seq self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq self) -> Seq.get (to_ref_seq self) i = IndexLogic0.index_logic self i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 82 14 82 41] Seq.length (to_ref_seq self) = Seq.length (ShallowModel0.shallow_model self)) + axiom to_ref_seq_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 84 19 84 23] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 84 4 84 35] Inv1.inv (to_ref_seq self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (to_ref_seq self)) -> Seq.get (to_ref_seq self) i = IndexLogic0.index_logic self i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 82 14 82 41] Seq.length (to_ref_seq self) = Seq.length (ShallowModel0.shallow_model self)) end module CreusotContracts_Std1_Slice_Impl4_ToRefSeq type t use seq.Seq use prelude.Int + use prelude.Bool use prelude.Borrow use prelude.Slice use seq.Seq @@ -3839,11 +3873,11 @@ module CreusotContracts_Std1_Slice_Impl4_ToRefSeq val to_ref_seq (self : slice t) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/slice.rs" 84 19 84 23] Inv0.inv self} ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 82 14 82 41] Seq.length result = Seq.length (ShallowModel0.shallow_model self) } - ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . 0 <= i /\ i < Seq.length result -> Seq.get result i = IndexLogic0.index_logic self i } + ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length result) -> Seq.get result i = IndexLogic0.index_logic self i } ensures { [#"../../../../../creusot-contracts/src/std/slice.rs" 84 4 84 35] Inv1.inv result } ensures { result = to_ref_seq self } - axiom to_ref_seq_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 84 19 84 23] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 84 4 84 35] Inv1.inv (to_ref_seq self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . 0 <= i /\ i < Seq.length (to_ref_seq self) -> Seq.get (to_ref_seq self) i = IndexLogic0.index_logic self i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 82 14 82 41] Seq.length (to_ref_seq self) = Seq.length (ShallowModel0.shallow_model self)) + axiom to_ref_seq_spec : forall self : slice t . ([#"../../../../../creusot-contracts/src/std/slice.rs" 84 19 84 23] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/slice.rs" 84 4 84 35] Inv1.inv (to_ref_seq self)) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 83 4 83 82] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (to_ref_seq self)) -> Seq.get (to_ref_seq self) i = IndexLogic0.index_logic self i) && ([#"../../../../../creusot-contracts/src/std/slice.rs" 82 14 82 41] Seq.length (to_ref_seq self) = Seq.length (ShallowModel0.shallow_model self)) end module CreusotContracts_Std1_Slice_Impl14_Produces_Stub type t @@ -3868,6 +3902,7 @@ module CreusotContracts_Std1_Slice_Impl14_Produces type t use seq.Seq use prelude.Borrow + use prelude.Bool use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with @@ -3948,6 +3983,7 @@ module CreusotContracts_Std1_Vec_Impl5_IntoIterPost type t type a use prelude.Borrow + use prelude.Bool use prelude.Slice use seq.Seq use seq.Seq @@ -4006,6 +4042,7 @@ module CreusotContracts_Std1_Slice_Impl14_Completed type t use prelude.Borrow use seq.Seq + use prelude.Bool use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with @@ -4149,6 +4186,7 @@ module C06KnightsTour_Min_Interface use prelude.Borrow use prelude.Int use prelude.UIntSize + use prelude.Bool use seq.Seq use C06KnightsTour_Point_Type as C06KnightsTour_Point_Type use seq.Seq @@ -4162,7 +4200,7 @@ module C06KnightsTour_Min_Interface type ShallowModelTy0.shallowModelTy = Seq.seq (usize, C06KnightsTour_Point_Type.t_point) use Core_Option_Option_Type as Core_Option_Option_Type val min [#"../06_knights_tour.rs" 111 0 111 58] (v : Alloc_Vec_Vec_Type.t_vec (usize, C06KnightsTour_Point_Type.t_point) (Alloc_Alloc_Global_Type.t_global)) : Core_Option_Option_Type.t_option (usize, C06KnightsTour_Point_Type.t_point) - ensures { [#"../06_knights_tour.rs" 109 0 110 62] forall r : (usize, C06KnightsTour_Point_Type.t_point) . result = Core_Option_Option_Type.C_Some r -> (exists i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model v) /\ IndexLogic0.index_logic v i = r) } + ensures { [#"../06_knights_tour.rs" 109 0 110 62] forall r : (usize, C06KnightsTour_Point_Type.t_point) . result = Core_Option_Option_Type.C_Some r -> (exists i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model v)) /\ IndexLogic0.index_logic v i = r) } end module C06KnightsTour_Min @@ -4171,6 +4209,7 @@ module C06KnightsTour_Min use prelude.Borrow use prelude.Int use prelude.UIntSize + use prelude.Bool use prelude.Slice use C06KnightsTour_Point_Type as C06KnightsTour_Point_Type clone CreusotContracts_Invariant_Inv_Interface as Inv7 with @@ -4322,7 +4361,7 @@ module C06KnightsTour_Min predicate Inv0.inv = Inv1.inv, predicate IntoIterPost0.into_iter_post = IntoIterPost0.into_iter_post let rec cfg min [#"../06_knights_tour.rs" 111 0 111 58] [@cfg:stackify] [@cfg:subregion_analysis] (v : Alloc_Vec_Vec_Type.t_vec (usize, C06KnightsTour_Point_Type.t_point) (Alloc_Alloc_Global_Type.t_global)) : Core_Option_Option_Type.t_option (usize, C06KnightsTour_Point_Type.t_point) - ensures { [#"../06_knights_tour.rs" 109 0 110 62] forall r : (usize, C06KnightsTour_Point_Type.t_point) . result = Core_Option_Option_Type.C_Some r -> (exists i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model v) /\ IndexLogic0.index_logic v i = r) } + ensures { [#"../06_knights_tour.rs" 109 0 110 62] forall r : (usize, C06KnightsTour_Point_Type.t_point) . result = Core_Option_Option_Type.C_Some r -> (exists i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model v)) /\ IndexLogic0.index_logic v i = r) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : Core_Option_Option_Type.t_option (usize, C06KnightsTour_Point_Type.t_point); @@ -4361,7 +4400,7 @@ module C06KnightsTour_Min BB4 { invariant { [#"../06_knights_tour.rs" 113 4 114 74] Inv0.inv iter }; invariant { [#"../06_knights_tour.rs" 113 4 114 74] Produces0.produces (Ghost.inner iter_old) (Ghost.inner produced) iter }; - invariant { [#"../06_knights_tour.rs" 113 4 114 74] forall r : (usize, C06KnightsTour_Point_Type.t_point) . min = Core_Option_Option_Type.C_Some r -> (exists i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model v) /\ IndexLogic0.index_logic v i = r) }; + invariant { [#"../06_knights_tour.rs" 113 4 114 74] forall r : (usize, C06KnightsTour_Point_Type.t_point) . min = Core_Option_Option_Type.C_Some r -> (exists i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model v)) /\ IndexLogic0.index_logic v i = r) }; goto BB5 } BB5 { @@ -4409,7 +4448,7 @@ module C06KnightsTour_Min } BB13 { m <- Core_Option_Option_Type.some_0 min; - switch ([#"../06_knights_tour.rs" 119 19 119 28] (let (a, _) = x in a) < (let (a, _) = m in a)) + switch ([#"../06_knights_tour.rs" 119 19 119 28] UIntSize.lt (let (a, _) = x in a) (let (a, _) = m in a)) | False -> goto BB16 | True -> goto BB15 end @@ -4452,11 +4491,11 @@ module C06KnightsTour_DumbNonlinearArith_Interface use prelude.Int function dumb_nonlinear_arith [#"../06_knights_tour.rs" 131 0 131 33] (a : usize) : () val dumb_nonlinear_arith [#"../06_knights_tour.rs" 131 0 131 33] (a : usize) : () - requires {[#"../06_knights_tour.rs" 129 11 129 22] UIntSize.to_int a <= 1000} - ensures { [#"../06_knights_tour.rs" 130 10 130 30] UIntSize.to_int a * UIntSize.to_int a <= 1000000 } + requires {[#"../06_knights_tour.rs" 129 11 129 22] Int.le (UIntSize.to_int a) 1000} + ensures { [#"../06_knights_tour.rs" 130 10 130 30] Int.le (Int.mul (UIntSize.to_int a) (UIntSize.to_int a)) 1000000 } ensures { result = dumb_nonlinear_arith a } - axiom dumb_nonlinear_arith_spec : forall a : usize . ([#"../06_knights_tour.rs" 129 11 129 22] UIntSize.to_int a <= 1000) -> ([#"../06_knights_tour.rs" 130 10 130 30] UIntSize.to_int a * UIntSize.to_int a <= 1000000) + axiom dumb_nonlinear_arith_spec : forall a : usize . ([#"../06_knights_tour.rs" 129 11 129 22] Int.le (UIntSize.to_int a) 1000) -> ([#"../06_knights_tour.rs" 130 10 130 30] Int.le (Int.mul (UIntSize.to_int a) (UIntSize.to_int a)) 1000000) end module C06KnightsTour_DumbNonlinearArith use prelude.UIntSize @@ -4464,18 +4503,18 @@ module C06KnightsTour_DumbNonlinearArith function dumb_nonlinear_arith [#"../06_knights_tour.rs" 131 0 131 33] (a : usize) : () = [#"../06_knights_tour.rs" 128 0 128 8] () val dumb_nonlinear_arith [#"../06_knights_tour.rs" 131 0 131 33] (a : usize) : () - requires {[#"../06_knights_tour.rs" 129 11 129 22] UIntSize.to_int a <= 1000} - ensures { [#"../06_knights_tour.rs" 130 10 130 30] UIntSize.to_int a * UIntSize.to_int a <= 1000000 } + requires {[#"../06_knights_tour.rs" 129 11 129 22] Int.le (UIntSize.to_int a) 1000} + ensures { [#"../06_knights_tour.rs" 130 10 130 30] Int.le (Int.mul (UIntSize.to_int a) (UIntSize.to_int a)) 1000000 } ensures { result = dumb_nonlinear_arith a } - axiom dumb_nonlinear_arith_spec : forall a : usize . ([#"../06_knights_tour.rs" 129 11 129 22] UIntSize.to_int a <= 1000) -> ([#"../06_knights_tour.rs" 130 10 130 30] UIntSize.to_int a * UIntSize.to_int a <= 1000000) + axiom dumb_nonlinear_arith_spec : forall a : usize . ([#"../06_knights_tour.rs" 129 11 129 22] Int.le (UIntSize.to_int a) 1000) -> ([#"../06_knights_tour.rs" 130 10 130 30] Int.le (Int.mul (UIntSize.to_int a) (UIntSize.to_int a)) 1000000) end module C06KnightsTour_DumbNonlinearArith_Impl use prelude.UIntSize use prelude.Int let rec ghost function dumb_nonlinear_arith [#"../06_knights_tour.rs" 131 0 131 33] (a : usize) : () - requires {[#"../06_knights_tour.rs" 129 11 129 22] UIntSize.to_int a <= 1000} - ensures { [#"../06_knights_tour.rs" 130 10 130 30] UIntSize.to_int a * UIntSize.to_int a <= 1000000 } + requires {[#"../06_knights_tour.rs" 129 11 129 22] Int.le (UIntSize.to_int a) 1000} + ensures { [#"../06_knights_tour.rs" 130 10 130 30] Int.le (Int.mul (UIntSize.to_int a) (UIntSize.to_int a)) 1000000 } = [@vc:do_not_keep_trace] [@vc:sp] [#"../06_knights_tour.rs" 128 0 128 8] () @@ -4499,6 +4538,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve type t use prelude.Int use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -4520,7 +4560,7 @@ module CreusotContracts_Std1_Vec_Impl10_Resolve predicate Inv1.inv = Inv1.inv, axiom . predicate resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) = - [#"../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model self) -> Resolve0.resolve (IndexLogic0.index_logic self i) + [#"../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model self)) -> Resolve0.resolve (IndexLogic0.index_logic self i) val resolve (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = resolve self } @@ -4615,6 +4655,7 @@ end module Alloc_Vec_Impl0_New_Interface type t use seq.Seq + use prelude.Int use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv1 with type t = Seq.seq t @@ -4640,6 +4681,7 @@ module Alloc_Vec_Impl1_Push_Interface type a use prelude.Borrow use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv3 with type t = Seq.seq t @@ -4699,6 +4741,7 @@ module CreusotContracts_Std1_Iter_Impl0_IntoIterPost_Interface end module CreusotContracts_Std1_Iter_Impl0_IntoIterPost type i + use prelude.Bool predicate into_iter_post (self : i) (res : i) = [#"../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19] self = res val into_iter_post (self : i) (res : i) : bool @@ -4708,12 +4751,13 @@ end module C06KnightsTour_KnightsTour_Interface use prelude.UIntSize use prelude.Int + use prelude.Bool use C06KnightsTour_Board_Type as C06KnightsTour_Board_Type use Core_Option_Option_Type as Core_Option_Option_Type val knights_tour [#"../06_knights_tour.rs" 136 0 136 69] (size : usize) (x : usize) (y : usize) : Core_Option_Option_Type.t_option (C06KnightsTour_Board_Type.t_board) - requires {[#"../06_knights_tour.rs" 133 11 133 37] 0 < UIntSize.to_int size /\ UIntSize.to_int size <= 1000} - requires {[#"../06_knights_tour.rs" 134 11 134 19] x < size} - requires {[#"../06_knights_tour.rs" 135 11 135 19] y < size} + requires {[#"../06_knights_tour.rs" 133 11 133 37] Int.lt 0 (UIntSize.to_int size) /\ Int.le (UIntSize.to_int size) 1000} + requires {[#"../06_knights_tour.rs" 134 11 134 19] Int.lt x size} + requires {[#"../06_knights_tour.rs" 135 11 135 19] Int.lt y size} end module C06KnightsTour_KnightsTour @@ -4723,6 +4767,7 @@ module C06KnightsTour_KnightsTour use prelude.Ghost use seq.Seq use prelude.IntSize + use prelude.Bool use C06KnightsTour_Point_Type as C06KnightsTour_Point_Type clone CreusotContracts_Resolve_Impl2_Resolve as Resolve8 with type t = C06KnightsTour_Point_Type.t_point @@ -5057,9 +5102,9 @@ module C06KnightsTour_KnightsTour clone C06KnightsTour_Impl1_New_Interface as New0 with predicate Wf0.wf = Wf0.wf let rec cfg knights_tour [#"../06_knights_tour.rs" 136 0 136 69] [@cfg:stackify] [@cfg:subregion_analysis] (size : usize) (x : usize) (y : usize) : Core_Option_Option_Type.t_option (C06KnightsTour_Board_Type.t_board) - requires {[#"../06_knights_tour.rs" 133 11 133 37] 0 < UIntSize.to_int size /\ UIntSize.to_int size <= 1000} - requires {[#"../06_knights_tour.rs" 134 11 134 19] x < size} - requires {[#"../06_knights_tour.rs" 135 11 135 19] y < size} + requires {[#"../06_knights_tour.rs" 133 11 133 37] Int.lt 0 (UIntSize.to_int size) /\ Int.le (UIntSize.to_int size) 1000} + requires {[#"../06_knights_tour.rs" 134 11 134 19] Int.lt x size} + requires {[#"../06_knights_tour.rs" 135 11 135 19] Int.lt y size} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : Core_Option_Option_Type.t_option (C06KnightsTour_Board_Type.t_board); @@ -5123,7 +5168,7 @@ module C06KnightsTour_KnightsTour goto BB3 } BB3 { - iter <- ([#"../06_knights_tour.rs" 142 4 142 36] IntoIter0.into_iter ([#"../06_knights_tour.rs" 145 16 145 32] Core_Ops_Range_Range_Type.C_Range ([#"../06_knights_tour.rs" 145 16 145 17] [#"../06_knights_tour.rs" 145 16 145 17] (2 : usize)) ([#"../06_knights_tour.rs" 145 19 145 32] size * size))); + iter <- ([#"../06_knights_tour.rs" 142 4 142 36] IntoIter0.into_iter ([#"../06_knights_tour.rs" 145 16 145 32] Core_Ops_Range_Range_Type.C_Range ([#"../06_knights_tour.rs" 145 16 145 17] [#"../06_knights_tour.rs" 145 16 145 17] (2 : usize)) ([#"../06_knights_tour.rs" 145 19 145 32] UIntSize.mul size size))); goto BB4 } BB4 { @@ -5222,7 +5267,7 @@ module C06KnightsTour_KnightsTour BB25 { invariant { [#"../06_knights_tour.rs" 148 8 149 54] Inv1.inv iter1 }; invariant { [#"../06_knights_tour.rs" 148 8 149 54] Produces1.produces (Ghost.inner iter_old1) (Ghost.inner produced1) iter1 }; - invariant { [#"../06_knights_tour.rs" 148 8 149 54] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model candidates) -> InBounds0.in_bounds board (let (_, a) = IndexLogic0.index_logic candidates i in a) }; + invariant { [#"../06_knights_tour.rs" 148 8 149 54] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model candidates)) -> InBounds0.in_bounds board (let (_, a) = IndexLogic0.index_logic candidates i in a) }; goto BB26 } BB26 { @@ -5365,6 +5410,7 @@ module C06KnightsTour_Impl2 end module C06KnightsTour_Impl3 use prelude.Borrow + use prelude.Bool use C06KnightsTour_Point_Type as C06KnightsTour_Point_Type clone CreusotContracts_Invariant_Inv_Interface as Inv1 with type t = C06KnightsTour_Point_Type.t_point diff --git a/creusot/tests/should_succeed/vector/07_read_write.mlcfg b/creusot/tests/should_succeed/vector/07_read_write.mlcfg index 8cee78bc80..05755e24b8 100644 --- a/creusot/tests/should_succeed/vector/07_read_write.mlcfg +++ b/creusot/tests/should_succeed/vector/07_read_write.mlcfg @@ -150,6 +150,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -272,11 +273,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -294,11 +295,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Slice_SliceIndex_ResolveElswhere_Stub type self @@ -336,6 +337,7 @@ module Alloc_Vec_Impl13_IndexMut_Interface type a use prelude.Borrow use seq.Seq + use prelude.Int use prelude.Slice use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv4 with @@ -518,6 +520,7 @@ end module Core_Cmp_PartialEq_Eq_Interface type self type rhs + use prelude.Bool use prelude.Borrow clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = self @@ -560,7 +563,7 @@ module CreusotContracts_Std1_Slice_Impl5_InBounds use prelude.UIntSize use seq.Seq predicate in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) = - [#"../../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] UIntSize.to_int self < Seq.length seq + [#"../../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] Int.lt (UIntSize.to_int self) (Seq.length seq) val in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) : bool ensures { result = in_bounds self seq } @@ -587,6 +590,7 @@ module CreusotContracts_Std1_Slice_Impl5_HasValue use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) = [#"../../../../../creusot-contracts/src/std/slice.rs" 115 20 115 37] Seq.get seq (UIntSize.to_int self) = out val has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) : bool @@ -615,8 +619,9 @@ module CreusotContracts_Std1_Slice_Impl5_ResolveElswhere use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) = - [#"../../../../../creusot-contracts/src/std/slice.rs" 122 8 122 96] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i + [#"../../../../../creusot-contracts/src/std/slice.rs" 122 8 122 96] forall i : int . Int.le 0 i /\ i <> UIntSize.to_int self /\ Int.lt i (Seq.length old') -> Seq.get old' i = Seq.get fin i val resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) : bool ensures { result = resolve_elswhere self old' fin } @@ -638,7 +643,7 @@ module C07ReadWrite_ReadWrite_Interface type t = Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global), type ShallowModelTy0.shallowModelTy = Seq.seq t val read_write [#"../07_read_write.rs" 6 0 6 75] (a : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) (i : usize) (x : t) : () - requires {[#"../07_read_write.rs" 5 11 5 24] UIntSize.to_int i < Seq.length (ShallowModel0.shallow_model a)} + requires {[#"../07_read_write.rs" 5 11 5 24] Int.lt (UIntSize.to_int i) (Seq.length (ShallowModel0.shallow_model a))} requires {[#"../07_read_write.rs" 6 44 6 45] Inv0.inv a} requires {[#"../07_read_write.rs" 6 70 6 71] Inv1.inv x} @@ -775,7 +780,7 @@ module C07ReadWrite_ReadWrite val Max0.mAX' = Max0.mAX', predicate Inv4.inv = Inv6.inv let rec cfg read_write [#"../07_read_write.rs" 6 0 6 75] [@cfg:stackify] [@cfg:subregion_analysis] (a : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) (i : usize) (x : t) : () - requires {[#"../07_read_write.rs" 5 11 5 24] UIntSize.to_int i < Seq.length (ShallowModel0.shallow_model a)} + requires {[#"../07_read_write.rs" 5 11 5 24] Int.lt (UIntSize.to_int i) (Seq.length (ShallowModel0.shallow_model a))} requires {[#"../07_read_write.rs" 6 44 6 45] Inv4.inv a} requires {[#"../07_read_write.rs" 6 70 6 71] Inv1.inv x} diff --git a/creusot/tests/should_succeed/vector/07_read_write/why3session.xml b/creusot/tests/should_succeed/vector/07_read_write/why3session.xml index adc814a787..ec67de8ac2 100644 --- a/creusot/tests/should_succeed/vector/07_read_write/why3session.xml +++ b/creusot/tests/should_succeed/vector/07_read_write/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/vector/07_read_write/why3shapes.gz b/creusot/tests/should_succeed/vector/07_read_write/why3shapes.gz index 5cd6ac1d668c6ed59be982d2d2e8e469cae62e96..0feab8e05496fdcb4a2f789831171d73e24fb382 100644 GIT binary patch literal 455 zcmV;&0XY62iwFP!00000|9w-zj+-zLz4H~^cAFCe7>7!GuvS7w>antVS~M(9gX+K* zNb>s~+c=wT*-8i=p7DEc9_Dcu&qsXIb9~X$+>gW8xQKUOqUAUC!$l?4iaa@+v~3=^B16M zZ@9Z3muBa+&k(o>;5`l7?Hjm*;vHJYz_A^tX}s$0;q;5f#X~9(GP+d0e>od~n6zlW9FPOPjV^&B6@DV{WT&2{P*9Yq}W xdB^jFmu*+Tfwvt?UJofFnxbXMVn}2u_may(GMURvrV?Zl{Q)V;wMq5^002T!+`j+- literal 454 zcmV;%0XhC3iwFP!00000|9w+UkDD+Qyz?u#ZJQI%U>vH=!K#Fe)MI7!wCHUy4JyG~ zLz2H=f8cDk%k~0ezvr2GgZZ>e=OezTIlU+|4|@8Nmg(+uvi!key2z|v5lD!TND^T# z^9T!B)CoQwa8%Q;<%pJb9QCz5=}wK3;-cGOTJXewJaA9=Z%5;Hsicvxlx2iWvIwc% zTbY9-fZxqoHE7hV$BU9sG{F%RJc3)*x`!q(0q_VK&of|+MdmAJ@*#nvfwd9>HrGt~)d^5BV!}j)CE`Hb!4n_i*}c$Hjh_&?ZpUzHG^89r-E8 z?Qf1x67tQ8oh;|kOsmHEdQ|3p8m?`F@_zva%_r~b<1SCUb3?ohI``}!C+*IKTk3Uu z7R7y3K|X|4g{&+mameWr`&e(n?H=aR-iXKb?{JFSfmL-Pzoxx5sZrRqS2HXsNl4!H weO6^ifdQjsS#(v&sOo>Jy<&ZlLMAG)7fh6bibCXq2oPEF7dmA^&GiES06nGVU;qFB diff --git a/creusot/tests/should_succeed/vector/08_haystack.mlcfg b/creusot/tests/should_succeed/vector/08_haystack.mlcfg index b210cd9613..bf3557f1c2 100644 --- a/creusot/tests/should_succeed/vector/08_haystack.mlcfg +++ b/creusot/tests/should_succeed/vector/08_haystack.mlcfg @@ -158,11 +158,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -180,11 +180,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub type t @@ -254,6 +254,7 @@ module C08Haystack_MatchAt use prelude.Int use prelude.UInt8 use seq.Seq + use prelude.Bool use seq.Seq use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -266,7 +267,7 @@ module C08Haystack_MatchAt predicate match_at [#"../08_haystack.rs" 7 0 7 77] (needle : Alloc_Vec_Vec_Type.t_vec uint8 (Alloc_Alloc_Global_Type.t_global)) (haystack : Alloc_Vec_Vec_Type.t_vec uint8 (Alloc_Alloc_Global_Type.t_global)) (pos : int) (len : int) = - [#"../08_haystack.rs" 8 4 12 5] len <= Seq.length (ShallowModel0.shallow_model needle) /\ pos <= Seq.length (ShallowModel0.shallow_model haystack) - len /\ (forall i : int . 0 <= i /\ i < len -> IndexLogic0.index_logic needle i = IndexLogic0.index_logic haystack (pos + i)) + [#"../08_haystack.rs" 8 4 12 5] Int.le len (Seq.length (ShallowModel0.shallow_model needle)) /\ Int.le pos (Int.sub (Seq.length (ShallowModel0.shallow_model haystack)) len) /\ (forall i : int . Int.le 0 i /\ Int.lt i len -> IndexLogic0.index_logic needle i = IndexLogic0.index_logic haystack (Int.add pos i)) val match_at [#"../08_haystack.rs" 7 0 7 77] (needle : Alloc_Vec_Vec_Type.t_vec uint8 (Alloc_Alloc_Global_Type.t_global)) (haystack : Alloc_Vec_Vec_Type.t_vec uint8 (Alloc_Alloc_Global_Type.t_global)) (pos : int) (len : int) : bool ensures { result = match_at needle haystack pos len } @@ -387,6 +388,7 @@ module CreusotContracts_Logic_Ord_OrdLogic_LeLog_Interface end module CreusotContracts_Logic_Ord_OrdLogic_LeLog type self + use prelude.Bool use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type clone CreusotContracts_Logic_Ord_OrdLogic_CmpLog_Stub as CmpLog0 with type self = self @@ -475,9 +477,8 @@ module CreusotContracts_Logic_Ord_Impl3_LeLog_Interface end module CreusotContracts_Logic_Ord_Impl3_LeLog use prelude.Int - use int.Int function le_log (self : int) (_2 : int) : bool = - Int.(<=) self _2 + Int.le self _2 val le_log (self : int) (_2 : int) : bool ensures { result = le_log self _2 } @@ -485,6 +486,7 @@ end module CreusotContracts_Std1_Iter_Range_RangeInclusiveLen_Stub type idx use prelude.Int + use prelude.Bool use prelude.Int clone CreusotContracts_Logic_Ord_Impl3_LeLog_Stub as LeLog0 use Core_Ops_Range_RangeInclusive_Type as Core_Ops_Range_RangeInclusive_Type @@ -511,6 +513,7 @@ end module CreusotContracts_Std1_Iter_Range_RangeInclusiveLen_Interface type idx use prelude.Int + use prelude.Bool use prelude.Int clone CreusotContracts_Logic_Ord_Impl3_LeLog_Stub as LeLog0 use Core_Ops_Range_RangeInclusive_Type as Core_Ops_Range_RangeInclusive_Type @@ -543,6 +546,7 @@ end module CreusotContracts_Std1_Iter_Range_RangeInclusiveLen type idx use prelude.Int + use prelude.Bool use prelude.Int clone CreusotContracts_Logic_Ord_Impl3_LeLog_Stub as LeLog0 use Core_Ops_Range_RangeInclusive_Type as Core_Ops_Range_RangeInclusive_Type @@ -568,7 +572,7 @@ module CreusotContracts_Std1_Iter_Range_RangeInclusiveLen [#"../../../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5] if IsEmptyLog0.is_empty_log r then 0 else - DeepModel0.deep_model (EndLog0.end_log r) - DeepModel0.deep_model (StartLog0.start_log r) + 1 + Int.add (Int.sub (DeepModel0.deep_model (EndLog0.end_log r)) (DeepModel0.deep_model (StartLog0.start_log r))) 1 val range_inclusive_len (r : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive idx) : int requires {[#"../../../../../creusot-contracts/src/std/iter/range.rs" 46 62 46 63] Inv0.inv r} @@ -598,6 +602,7 @@ module CreusotContracts_Std1_Iter_Range_Impl1_Produces type idx use seq.Seq use prelude.Int + use prelude.Bool use prelude.Int clone CreusotContracts_Logic_Ord_Impl3_LeLog_Stub as LeLog0 use Core_Ops_Range_RangeInclusive_Type as Core_Ops_Range_RangeInclusive_Type @@ -631,7 +636,7 @@ module CreusotContracts_Std1_Iter_Range_Impl1_Produces predicate produces (self : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive idx) (visited : Seq.seq idx) (o : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive idx) = - [#"../../../../../creusot-contracts/src/std/iter/range.rs" 65 8 71 9] Seq.length visited = RangeInclusiveLen0.range_inclusive_len self - RangeInclusiveLen0.range_inclusive_len o /\ (IsEmptyLog0.is_empty_log self -> IsEmptyLog0.is_empty_log o) /\ (IsEmptyLog0.is_empty_log o \/ EndLog0.end_log self = EndLog0.end_log o) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> DeepModel0.deep_model (Seq.get visited i) = DeepModel0.deep_model (StartLog0.start_log self) + i) + [#"../../../../../creusot-contracts/src/std/iter/range.rs" 65 8 71 9] Seq.length visited = Int.sub (RangeInclusiveLen0.range_inclusive_len self) (RangeInclusiveLen0.range_inclusive_len o) /\ (IsEmptyLog0.is_empty_log self -> IsEmptyLog0.is_empty_log o) /\ (IsEmptyLog0.is_empty_log o \/ EndLog0.end_log self = EndLog0.end_log o) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length visited) -> DeepModel0.deep_model (Seq.get visited i) = Int.add (DeepModel0.deep_model (StartLog0.start_log self)) i) val produces (self : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive idx) (visited : Seq.seq idx) (o : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive idx) : bool ensures { result = produces self visited o } @@ -652,6 +657,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -702,6 +708,7 @@ end module CreusotContracts_Std1_Iter_Range_Impl0_Produces type idx use seq.Seq + use prelude.Bool use prelude.Int use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with @@ -711,7 +718,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Produces predicate produces (self : Core_Ops_Range_Range_Type.t_range idx) (visited : Seq.seq idx) (o : Core_Ops_Range_Range_Type.t_range idx) = - [#"../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) <= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) /\ (Seq.length visited > 0 -> DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) <= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end o)) /\ Seq.length visited = DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o) - DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) /\ (forall i : int . 0 <= i /\ i < Seq.length visited -> DeepModel0.deep_model (Seq.get visited i) = DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self) + i) + [#"../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ Int.le (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) /\ (Int.gt (Seq.length visited) 0 -> Int.le (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end o))) /\ Seq.length visited = Int.sub (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start o)) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) /\ (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length visited) -> DeepModel0.deep_model (Seq.get visited i) = Int.add (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start self)) i) val produces (self : Core_Ops_Range_Range_Type.t_range idx) (visited : Seq.seq idx) (o : Core_Ops_Range_Range_Type.t_range idx) : bool ensures { result = produces self visited o } @@ -721,8 +728,8 @@ module Alloc_Vec_Impl1_Len_Interface type a use prelude.UIntSize use seq.Seq - use prelude.Borrow use prelude.Int + use prelude.Borrow use seq.Seq use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type clone CreusotContracts_Model_Impl5_ShallowModel_Stub as ShallowModel0 with @@ -737,6 +744,7 @@ module Alloc_Vec_Impl1_Len_Interface end module Core_Ops_Range_Impl7_New_Interface type idx + use prelude.Bool clone CreusotContracts_Model_DeepModel_DeepModelTy_Type as DeepModelTy0 with type self = idx use Core_Ops_Range_RangeInclusive_Type as Core_Ops_Range_RangeInclusive_Type @@ -1100,6 +1108,7 @@ module CreusotContracts_Std1_Iter_Impl0_IntoIterPost_Interface end module CreusotContracts_Std1_Iter_Impl0_IntoIterPost type i + use prelude.Bool predicate into_iter_post (self : i) (res : i) = [#"../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19] self = res val into_iter_post (self : i) (res : i) : bool @@ -1235,6 +1244,7 @@ end module CreusotContracts_Std1_Iter_Range_Impl1_Completed type idx use prelude.Borrow + use prelude.Bool use prelude.Int use prelude.Int clone CreusotContracts_Logic_Ord_Impl3_LeLog_Stub as LeLog0 @@ -1393,6 +1403,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Completed type idx use prelude.Borrow use prelude.Int + use prelude.Bool use prelude.Int clone CreusotContracts_Model_DeepModel_DeepModel_Stub as DeepModel0 with type self = idx, @@ -1401,7 +1412,7 @@ module CreusotContracts_Std1_Iter_Range_Impl0_Completed clone CreusotContracts_Resolve_Impl1_Resolve_Stub as Resolve0 with type t = Core_Ops_Range_Range_Type.t_range idx predicate completed (self : borrowed (Core_Ops_Range_Range_Type.t_range idx)) = - [#"../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78] Resolve0.resolve self /\ DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start ( * self)) >= DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end ( * self)) + [#"../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78] Resolve0.resolve self /\ Int.ge (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_start ( * self))) (DeepModel0.deep_model (Core_Ops_Range_Range_Type.range_end ( * self))) val completed (self : borrowed (Core_Ops_Range_Range_Type.t_range idx)) : bool ensures { result = completed self } @@ -1429,7 +1440,7 @@ module CreusotContracts_Std1_Slice_Impl5_InBounds use prelude.UIntSize use seq.Seq predicate in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) = - [#"../../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] UIntSize.to_int self < Seq.length seq + [#"../../../../../creusot-contracts/src/std/slice.rs" 108 20 108 37] Int.lt (UIntSize.to_int self) (Seq.length seq) val in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) : bool ensures { result = in_bounds self seq } @@ -1456,6 +1467,7 @@ module CreusotContracts_Std1_Slice_Impl5_HasValue use prelude.Int use prelude.UIntSize use seq.Seq + use prelude.Bool predicate has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) = [#"../../../../../creusot-contracts/src/std/slice.rs" 115 20 115 37] Seq.get seq (UIntSize.to_int self) = out val has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) : bool @@ -1639,6 +1651,7 @@ end module C08Haystack_Search_Interface use seq.Seq use prelude.Int + use prelude.Bool use prelude.UIntSize use prelude.Borrow use prelude.UInt8 @@ -1650,10 +1663,10 @@ module C08Haystack_Search_Interface type t = Alloc_Vec_Vec_Type.t_vec uint8 (Alloc_Alloc_Global_Type.t_global), type ShallowModelTy0.shallowModelTy = Seq.seq uint8 val search [#"../08_haystack.rs" 21 0 21 60] (needle : Alloc_Vec_Vec_Type.t_vec uint8 (Alloc_Alloc_Global_Type.t_global)) (haystack : Alloc_Vec_Vec_Type.t_vec uint8 (Alloc_Alloc_Global_Type.t_global)) : usize - requires {[#"../08_haystack.rs" 15 11 15 65] Seq.length (ShallowModel0.shallow_model needle) >= 1 /\ Seq.length (ShallowModel0.shallow_model needle) <= Seq.length (ShallowModel0.shallow_model haystack)} - ensures { [#"../08_haystack.rs" 16 10 16 85] UIntSize.to_int result = Seq.length (ShallowModel0.shallow_model haystack) \/ UIntSize.to_int result < Seq.length (ShallowModel0.shallow_model haystack) - Seq.length (ShallowModel0.shallow_model needle) + 1 } - ensures { [#"../08_haystack.rs" 17 0 19 108] UIntSize.to_int result < Seq.length (ShallowModel0.shallow_model haystack) -> MatchAt0.match_at needle haystack (UIntSize.to_int result) (Seq.length (ShallowModel0.shallow_model needle)) /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int result -> not MatchAt0.match_at needle haystack i (Seq.length (ShallowModel0.shallow_model needle))) } - ensures { [#"../08_haystack.rs" 20 0 20 139] UIntSize.to_int result = Seq.length (ShallowModel0.shallow_model haystack) -> (forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model haystack) -> not MatchAt0.match_at needle haystack i (Seq.length (ShallowModel0.shallow_model needle))) } + requires {[#"../08_haystack.rs" 15 11 15 65] Int.ge (Seq.length (ShallowModel0.shallow_model needle)) 1 /\ Int.le (Seq.length (ShallowModel0.shallow_model needle)) (Seq.length (ShallowModel0.shallow_model haystack))} + ensures { [#"../08_haystack.rs" 16 10 16 85] UIntSize.to_int result = Seq.length (ShallowModel0.shallow_model haystack) \/ Int.lt (UIntSize.to_int result) (Int.add (Int.sub (Seq.length (ShallowModel0.shallow_model haystack)) (Seq.length (ShallowModel0.shallow_model needle))) 1) } + ensures { [#"../08_haystack.rs" 17 0 19 108] Int.lt (UIntSize.to_int result) (Seq.length (ShallowModel0.shallow_model haystack)) -> MatchAt0.match_at needle haystack (UIntSize.to_int result) (Seq.length (ShallowModel0.shallow_model needle)) /\ (forall i : int . Int.le 0 i /\ Int.lt i (UIntSize.to_int result) -> not MatchAt0.match_at needle haystack i (Seq.length (ShallowModel0.shallow_model needle))) } + ensures { [#"../08_haystack.rs" 20 0 20 139] UIntSize.to_int result = Seq.length (ShallowModel0.shallow_model haystack) -> (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model haystack)) -> not MatchAt0.match_at needle haystack i (Seq.length (ShallowModel0.shallow_model needle))) } end module C08Haystack_Search @@ -1661,6 +1674,7 @@ module C08Haystack_Search use prelude.UIntSize use prelude.Ghost use seq.Seq + use prelude.Bool use prelude.Borrow use prelude.UInt8 use seq.Seq @@ -1903,10 +1917,10 @@ module C08Haystack_Search predicate Inv0.inv = Inv2.inv, function ShallowModel0.shallow_model = ShallowModel0.shallow_model let rec cfg search [#"../08_haystack.rs" 21 0 21 60] [@cfg:stackify] [@cfg:subregion_analysis] (needle : Alloc_Vec_Vec_Type.t_vec uint8 (Alloc_Alloc_Global_Type.t_global)) (haystack : Alloc_Vec_Vec_Type.t_vec uint8 (Alloc_Alloc_Global_Type.t_global)) : usize - requires {[#"../08_haystack.rs" 15 11 15 65] Seq.length (ShallowModel0.shallow_model needle) >= 1 /\ Seq.length (ShallowModel0.shallow_model needle) <= Seq.length (ShallowModel0.shallow_model haystack)} - ensures { [#"../08_haystack.rs" 16 10 16 85] UIntSize.to_int result = Seq.length (ShallowModel0.shallow_model haystack) \/ UIntSize.to_int result < Seq.length (ShallowModel0.shallow_model haystack) - Seq.length (ShallowModel0.shallow_model needle) + 1 } - ensures { [#"../08_haystack.rs" 17 0 19 108] UIntSize.to_int result < Seq.length (ShallowModel0.shallow_model haystack) -> MatchAt0.match_at needle haystack (UIntSize.to_int result) (Seq.length (ShallowModel0.shallow_model needle)) /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int result -> not MatchAt0.match_at needle haystack i (Seq.length (ShallowModel0.shallow_model needle))) } - ensures { [#"../08_haystack.rs" 20 0 20 139] UIntSize.to_int result = Seq.length (ShallowModel0.shallow_model haystack) -> (forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model haystack) -> not MatchAt0.match_at needle haystack i (Seq.length (ShallowModel0.shallow_model needle))) } + requires {[#"../08_haystack.rs" 15 11 15 65] Int.ge (Seq.length (ShallowModel0.shallow_model needle)) 1 /\ Int.le (Seq.length (ShallowModel0.shallow_model needle)) (Seq.length (ShallowModel0.shallow_model haystack))} + ensures { [#"../08_haystack.rs" 16 10 16 85] UIntSize.to_int result = Seq.length (ShallowModel0.shallow_model haystack) \/ Int.lt (UIntSize.to_int result) (Int.add (Int.sub (Seq.length (ShallowModel0.shallow_model haystack)) (Seq.length (ShallowModel0.shallow_model needle))) 1) } + ensures { [#"../08_haystack.rs" 17 0 19 108] Int.lt (UIntSize.to_int result) (Seq.length (ShallowModel0.shallow_model haystack)) -> MatchAt0.match_at needle haystack (UIntSize.to_int result) (Seq.length (ShallowModel0.shallow_model needle)) /\ (forall i : int . Int.le 0 i /\ Int.lt i (UIntSize.to_int result) -> not MatchAt0.match_at needle haystack i (Seq.length (ShallowModel0.shallow_model needle))) } + ensures { [#"../08_haystack.rs" 20 0 20 139] UIntSize.to_int result = Seq.length (ShallowModel0.shallow_model haystack) -> (forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel0.shallow_model haystack)) -> not MatchAt0.match_at needle haystack i (Seq.length (ShallowModel0.shallow_model needle))) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : usize; @@ -1948,7 +1962,7 @@ module C08Haystack_Search goto BB2 } BB2 { - _10 <- ([#"../08_haystack.rs" 23 17 23 50] New0.new ([#"../08_haystack.rs" 23 17 23 18] [#"../08_haystack.rs" 23 17 23 18] (0 : usize)) ([#"../08_haystack.rs" 23 21 23 50] _12 - _14)); + _10 <- ([#"../08_haystack.rs" 23 17 23 50] New0.new ([#"../08_haystack.rs" 23 17 23 18] [#"../08_haystack.rs" 23 17 23 18] (0 : usize)) ([#"../08_haystack.rs" 23 21 23 50] UIntSize.sub _12 _14)); _12 <- any usize; _14 <- any usize; goto BB3 @@ -1972,7 +1986,7 @@ module C08Haystack_Search BB7 { invariant { [#"../08_haystack.rs" 22 4 22 112] Inv0.inv iter }; invariant { [#"../08_haystack.rs" 22 4 22 112] Produces0.produces (Ghost.inner iter_old) (Ghost.inner produced) iter }; - invariant { [#"../08_haystack.rs" 22 4 22 112] forall k : int . 0 <= k /\ k < Seq.length (Ghost.inner produced) -> not MatchAt0.match_at needle haystack k (Seq.length (ShallowModel0.shallow_model needle)) }; + invariant { [#"../08_haystack.rs" 22 4 22 112] forall k : int . Int.le 0 k /\ Int.lt k (Seq.length (Ghost.inner produced)) -> not MatchAt0.match_at needle haystack k (Seq.length (ShallowModel0.shallow_model needle)) }; goto BB8 } BB8 { @@ -2071,11 +2085,11 @@ module C08Haystack_Search goto BB26 } BB26 { - _59 <- ([#"../08_haystack.rs" 26 28 26 43] Index0.index ([#"../08_haystack.rs" 26 28 26 36] haystack) ([#"../08_haystack.rs" 26 37 26 42] i + j)); + _59 <- ([#"../08_haystack.rs" 26 28 26 43] Index0.index ([#"../08_haystack.rs" 26 28 26 36] haystack) ([#"../08_haystack.rs" 26 37 26 42] UIntSize.add i j)); goto BB27 } BB27 { - switch ([#"../08_haystack.rs" 26 15 26 43] _55 <> _59) + switch ([#"../08_haystack.rs" 26 15 26 43] UInt8.ne _55 _59) | False -> goto BB28 | True -> goto BB29 end diff --git a/creusot/tests/should_succeed/vector/08_haystack/why3session.xml b/creusot/tests/should_succeed/vector/08_haystack/why3session.xml index 0e64c96076..11c8ded037 100644 --- a/creusot/tests/should_succeed/vector/08_haystack/why3session.xml +++ b/creusot/tests/should_succeed/vector/08_haystack/why3session.xml @@ -11,109 +11,109 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/vector/08_haystack/why3shapes.gz b/creusot/tests/should_succeed/vector/08_haystack/why3shapes.gz index 7cb9696219de977f1945b51e1faf7e3bfd041bd4..094e62bb8e70348e2264b37cf36a81cdbd325414 100644 GIT binary patch literal 2891 zcmV-R3$*kfiwFP!00000|K(WSZyUK0fA?RZw`(srfHV9q&JRKmgMPUJZL#Rn30#t! zC?{)ulAN^veTUp#X(eZ6#lDX;IpnM%IbR%-znR&;d_UX1^Y>{x`;a!(%a8zg&N)*iBDC1p|o{4kWMmK#EEXq^#sXs!9!{uJk~f%G_M}`%N1kLfTf=zj{>x zs{kwDx0%5X1kKN|JHAJ?>q&5 zwQ4_h$|}%)*DjXpoxhv^`@4A-dBkzsAB8TCZv6UfB8jki*e*Yi*J)jW3GCNLZkS^? z#?dEjCH}}Nq?6?X6AlM}xStwM0NGyE=nQ}u1|4JVMKv6m#NixJ?3M2iA`kLOy!~{b zz^_w^s}x`|mIKSg;yeFeI??dURk@3Y;r%9sb{&^HdImYZ{c$V+FH_VRJ(3h>{mXKT zx_wy3t^dJ4kcblB4JMC<;);IL+q9Xr^iCVnl+BD-whwiY$|j#uRbFFY-S1d3>)hXU znqZmfdbs9!;)wh7x)+A-qJ82O1$OkLM*e1ztM25picIDJ?$TyKNAhT@-R_E|JQ~D0 z`nvos+Et_gf80;@_pX~P-d?TR_I{RM*k$Ev2>xO$ZonE?u%+t}Y zcK(;)l#dxHKzDu@-YxuYxRAq*If#7vVoXa`sLqPsl0ze&V~=27+@|%LA#&gQ1*(hp z4g-G|YVbb~!#pn!tMmiDZa16uV~XG1{ZbgEZUeT?$a7b(eQ59QS7}F~%{;Fc zKeg*L@~Bh2U9R5}Q@gHE_u5`B{@LE8isLe?pRu-JHI8C1?yB^?_)lAF)0^{%}W^B@M&ar8tT& zJccu%O2NPmRVAB1)r(9VArQ~n^33~l0*B)L{WPLdh5i1DfMmP);8zc6ij@p@kB$%2 zp!?Ohd|!?S?@xLFAE{g;17{@;iU;;{O^qJ7##?wokTziVTd}1}peT?}jQYC& z(Nt-pv(u*QSZHZHvL_-pezi^GB!j2bJtebk+I;X`Uw0`u^FiCQvjYFb=Ee;RTwHeJ zz(3t=AOSxGn)!BqNcrs(jccD9ddX!!Y{r>jeuV$?9{yXHcNv0+mnWR8t>n0KDX!;H zzQuV-kZqqn%R-m@yZkw51K;wVbvVrV^Q(jT=awQkA79G(7+>&E;SA27R78BgDeha* zYwCz|C0FLS?kG9F2l8y?H$PiKjy*3G=X_MdwknV4rzEOY=UlK)ORYIhQs+? z!THV8Z*LmX8H!x%(0| zxvqzAQTFC`zuD0jg2()ijPr@e4901FuXZ>{Haf^o&C{mU=;+RRc+A$n70XTrqbd~m+grfXZuRy<6NI752;=& z|8vJy0IyR;O8If7&nzX;SITw_SZR1uk~b0bXPBqbVW5?*l<9etsg!y%b+YpKdrzhG zX)>>r*sqbMF5h-4$&fsx>uy5iiAwQq#4Ckw1`#|>(T5CODd;$_3&q}yPEAc;<09~9#OwT*$*5Te(DODn7mCeEfH~`o z(@r_*gyW889lHw1Y#jviI#}5R&oCu#StQ-2A$o@3kU6jp%x5XK=p{tYSV&-1V}sQU z(55Jufh25EOw9NU-Au-sfkwuY5;36xAAAyo0kP&@n;8Xy;(+3L>Kh{^FwN>1Q&57m zdqdIT+G6x|sEg~yp?lCXfRmtblft@ z6e9hvA~urlZD_Dgp!kei$Ccy8aa{=cTUj=>ZctJOgd4b6@%ds|r>zdx8CkGUTfHj^=*_78U znG@uTaY8$xoFIAed-#$taq4Cp8N7wYM$`>&g7%7shQI-O2$RA|?j$-1e~e#B$wbIu zO!Qn6cAID;d8tsP470LFKqZ`_zvvV=MQ&Orjg#6*(kB04mz%`7G&b-+VdT&R33RHe z(Ml)Vs1i!0oRVLZ*DOj+X@K$zcmtMufs}a~p_t$~XBMyZ7wEW9R?9$7SYwT#DbhR& zkTu0z2aTBDva(Kt(<~Fpd}%ufnp2WAC?r#{v7SkeQgMT|phVw6p~f$K6N)M-QDg0a zu#8*>OQ;d3rAW2LU`5#k|MK@?v}(Ku!70P*XrV^UYa4P#mMW&0-+^IH(tKyfMrldF&SYq)fXlIl&(i!0lcLtq- z|F5m9B#}3|mNnPW2;e}~Vv0su>*=<}K7V|ryQk`g>Z=rhs_vQ!<;K^^3MQ%2w+NA80ic=zkO{_Wkqq_aoF&T0jqr8dcq;32lVgpu+FA8g1^_kfI|WHdW}-+*MLKyC z7(q2Mox8j&O0xDV4nobS4TsbOYBM0iUrd})R6?>wTQ7(H{A-UxL`kg$y#VFuUPMLh zzV?9D*xDE$baxrPjaWb}sKHkB5`x!;Q8tX!Wh9LW1VHU))N+$7X=J35kxoWR8EIws zbw?&Bsf@LR4op&09;jr<%^{0iDk*sCBV)hK=umG5RGoWlxYdj*3c;xL2$X1v2sU)l z0ru@i2&irjR@Koe%|acak2;PB2ODIf$f=$9?fEe`s$0kTq-=@`evX(THIv8#xSBqlTew^!0_iTetB(q)lVo)l~ze z0onk&DFkL1;0hg9U|1pjin-az02tVJVyjG;Y69-k?cMfw91K!Nt8t8GyH{?R=F9f2 ziz(gBZ`+ubZnJgkZCPwUPS?{a4y*rK-=~|OkbAM2R~363)q`jZI>Wsz8dh(&?;JXQ zxokgn!WvL++s+rOt-GE5`-fR!IiR@dL!qjnYqxrvkRvSbH;WHwby_u`1NrU1483p0 z)cYu{`k#`9Vr1DsM27%SIxYgy)VsKw-mOz;S8=h$XHfjxhhq-(JVBk(Jx+eozQQ;6 z?foil+zWS)ERz2)sN9?K3;a!Q)B3W-cbZXBQ8OWF9~DsFU?APEYaj6UR~aeEuLr;V=;l9b0H#&wpxHX<|_) zdb3!)MWS}qP}NI&J^#7AO%0B_doH@sI&IqJhg5CoY~j7o-K;RW|J3t0VD0{}}ZUPg34c?H;n> zTD_P0k$b7HzeKM&$L;P#A^fx%)kgD0uAfb^(}5Grb$0_z1)?X(pTZd}qUu{bNj{_{ zb{aSyqVDVYKTD-it|{x@t2tboVlwP+cL)JJ=P=nJG>j14t&d)S2~3YL@Bo+Kq3d9j zbQE%XKP--f=L=YAe@H|suFkia4h%h-(t>Nvl#3&U^%RM8oR|KOJQ=@=<0>>eE(MuY6DX&t_pPTn6h z11D*BBHQB~&CbxHL};KHO*NhCMH$}o=IE|vz{TloN;%C5^kFHExo4BsA6(auor|Sx zkoIH{XSJP~TG+Q0aCUi22l}He0Y!X9CB(I}U1n|{X*7EX?>QI!G*1D0wg=O*9;I8D zbwG}TFV71_T1`c#GEq+>T}x**kF|Z4s~cU8?$X>K4P485(jkbmrzi2*=T;1KHoc6q zDGbnEAu{`P;ljp4G1u~5Qa3nN85N3G-AGLDfjC*9%}!Q&Q_E{%IGdE3tt>PAsrjT; z1+vHN(dzwdQiykW+v<`>Ms`dIW#s{`w|Yo9w33dJb_ui{YyY<1&$4$_R{N$@X{2tXd~+r%qttR5w!93{fc@{x(YC566V7hRf9mQQp90K25l|i(A(tyLNS@=4hpN zME$c-dXjK2n%9@PU0-gJTZeZS7tA~1bu69Fr%jLenMpMn)oBAWR48JmZ3>V0=&| zAW-%EG1@Y^$V4rI$L7To?v%r;CR5;$jfil`jAha?ZJDYA@rS4lh7l5cgv{*Ek}O-ha19K%0XqurPm043^B2QAjbxeBg~Kw5^XeAXe*QzC{27#du0et zkwwOWjOSclt~6GGRiq50{-(^2K4bGPP1eCtK|_uvVbaBi284S? zi}{Lv%O?nu@eqBIL?q)gzD%DYW0?OCw<)awQ0yB&1VS%UAv#1|ES|(xlO*=voc3BG@Gxgpm&t%Yy;ga;&SVU7g7Nf0E*2w2~df~v( z$Ry@H4pb3>eH-yqdWvN;3-#IqL0KPl_>}TzS zjJ=a~0)oPyB(RUd(gI9U#*q|U9J=1;?uP^-2JBz~eF51U!vyoCx05nZ0JsE#q6o?& zD2$*qf{X;7u}fS8i1;3oHl^6qIdGkPB3Nn`oE%)DzB9LAmB*wBlEgryNdY*c4!~#{ zJQlRPcZ>cGU87^l+IbbEATbFqyp+OYrz62Z5~DS}YaSG3DVY}1K|(j^a0Lrf}T%ML=5%%$VKT_~}L{QCA$ wq8JwM*-5e0^L03!2=QB_uWg04$tk&j0`b diff --git a/creusot/tests/should_succeed/vector/09_capacity.mlcfg b/creusot/tests/should_succeed/vector/09_capacity.mlcfg index 53cd761b95..ec461f5795 100644 --- a/creusot/tests/should_succeed/vector/09_capacity.mlcfg +++ b/creusot/tests/should_succeed/vector/09_capacity.mlcfg @@ -94,11 +94,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Std1_Vec_Impl0_ShallowModel type t @@ -116,11 +116,11 @@ module CreusotContracts_Std1_Vec_Impl0_ShallowModel function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t requires {[#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self} - ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length result <= UIntSize.to_int Max0.mAX' } + ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length result) (UIntSize.to_int Max0.mAX') } ensures { [#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv result } ensures { result = shallow_model self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX') + axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25] Inv0.inv self) -> ([#"../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36] Inv1.inv (shallow_model self)) && ([#"../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41] Int.le (Seq.length (shallow_model self)) (UIntSize.to_int Max0.mAX')) end module CreusotContracts_Model_ShallowModel_ShallowModelTy_Type type self @@ -244,6 +244,7 @@ end module CreusotContracts_Resolve_Impl1_Resolve type t use prelude.Borrow + use prelude.Bool predicate resolve (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve (self : borrowed t) : bool @@ -260,6 +261,7 @@ module Alloc_Vec_Impl1_Reserve_Interface type t type a use prelude.Borrow + use prelude.Bool use prelude.Int use prelude.UIntSize use seq.Seq @@ -291,6 +293,7 @@ module Alloc_Vec_Impl1_ReserveExact_Interface type t type a use prelude.Borrow + use prelude.Bool use prelude.Int use prelude.UIntSize use seq.Seq @@ -322,6 +325,7 @@ module Alloc_Vec_Impl1_ShrinkToFit_Interface type t type a use prelude.Borrow + use prelude.Bool use seq.Seq use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv2 with @@ -351,6 +355,7 @@ module Alloc_Vec_Impl1_ShrinkTo_Interface type t type a use prelude.Borrow + use prelude.Bool use prelude.Int use prelude.UIntSize use seq.Seq @@ -383,6 +388,7 @@ module C09Capacity_ChangeCapacity_Interface use prelude.Borrow use seq.Seq use prelude.Int + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv2 with type t = Seq.seq t @@ -409,7 +415,7 @@ module C09Capacity_ChangeCapacity_Interface val change_capacity [#"../09_capacity.rs" 6 0 6 41] (v : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : () requires {[#"../09_capacity.rs" 6 26 6 27] Inv0.inv v} ensures { [#"../09_capacity.rs" 4 10 4 33] Seq.length (ShallowModel0.shallow_model ( ^ v)) = Seq.length (ShallowModel1.shallow_model v) } - ensures { [#"../09_capacity.rs" 5 0 5 69] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel1.shallow_model v) -> IndexLogic0.index_logic ( ^ v) i = IndexLogic0.index_logic ( * v) i } + ensures { [#"../09_capacity.rs" 5 0 5 69] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel1.shallow_model v)) -> IndexLogic0.index_logic ( ^ v) i = IndexLogic0.index_logic ( * v) i } end module C09Capacity_ChangeCapacity @@ -418,6 +424,7 @@ module C09Capacity_ChangeCapacity use prelude.UIntSize use prelude.Borrow use seq.Seq + use prelude.Bool use seq.Seq clone CreusotContracts_Invariant_Inv_Interface as Inv2 with type t = Seq.seq t @@ -499,7 +506,7 @@ module C09Capacity_ChangeCapacity let rec cfg change_capacity [#"../09_capacity.rs" 6 0 6 41] [@cfg:stackify] [@cfg:subregion_analysis] (v : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : () requires {[#"../09_capacity.rs" 6 26 6 27] Inv1.inv v} ensures { [#"../09_capacity.rs" 4 10 4 33] Seq.length (ShallowModel0.shallow_model ( ^ v)) = Seq.length (ShallowModel1.shallow_model v) } - ensures { [#"../09_capacity.rs" 5 0 5 69] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel1.shallow_model v) -> IndexLogic0.index_logic ( ^ v) i = IndexLogic0.index_logic ( * v) i } + ensures { [#"../09_capacity.rs" 5 0 5 69] forall i : int . Int.le 0 i /\ Int.lt i (Seq.length (ShallowModel1.shallow_model v)) -> IndexLogic0.index_logic ( ^ v) i = IndexLogic0.index_logic ( * v) i } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -560,6 +567,7 @@ module Alloc_Vec_Impl1_Clear_Interface type a use prelude.Borrow use seq.Seq + use prelude.Int use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv2 with type t = Seq.seq t @@ -585,6 +593,7 @@ module C09Capacity_ClearVec_Interface type t use prelude.Borrow use seq.Seq + use prelude.Int use seq.Seq clone CreusotContracts_Invariant_Inv_Stub as Inv2 with type t = Seq.seq t @@ -611,6 +620,7 @@ module C09Capacity_ClearVec type t use prelude.Borrow use seq.Seq + use prelude.Int use seq.Seq clone CreusotContracts_Invariant_Inv_Interface as Inv2 with type t = Seq.seq t diff --git a/creusot/tests/should_succeed/vector/09_capacity/why3session.xml b/creusot/tests/should_succeed/vector/09_capacity/why3session.xml index 185c194ba0..3ce7d8caab 100644 --- a/creusot/tests/should_succeed/vector/09_capacity/why3session.xml +++ b/creusot/tests/should_succeed/vector/09_capacity/why3session.xml @@ -7,12 +7,12 @@ - + - + diff --git a/creusot/tests/should_succeed/vector/09_capacity/why3shapes.gz b/creusot/tests/should_succeed/vector/09_capacity/why3shapes.gz index 641262ce7ba7700029fa3a2088de602c08f390b0..3b3fcc87a517d5ed11848cc20575352711a76c71 100644 GIT binary patch literal 424 zcmV;Z0ayMXiwFP!00000|Fx6BZlf>|hVMKDx3)QX3}c5%J)lYmUclN@(O^u1N^nb1 z+P?i7V$xlj_Erh3(fFVLvzg&`6CU^UVvga-49C{?_n`7Sc)(ys-@*(7o%4=$|Dd)e7ttLaI_3gmyO z&73Nz8>gLXKu~e&HZ*gBEOn08M3eP*)x}uQV2-vs83m&7mlf#}6wY&P2Dr8XTng}f zzggvKodZ>N80?#=Zw}Ar;->AXQxIjd02RbjU4kq}%Z$_+ex;`*%2`x03!?viQDKX!bjYcfZ|G zo{SCxj3AOtT(hb{PMSk45gDs+TM0l$A?9%&|hVMKDx3)QX47PFA9#AC&FJSGdXkt4FD#0y5 zY5VqTh)H)z+FK7;zs58FH^caL6(4r^Y7gP)ZB>GUtDA1Xeg5YrAM=+9)yX9BCXZek`%$-U+h}}NsRHp| zXf=f@d>AjT@j#`y??n@zP~>>MsnPkn>T0O4w+GiAtpZ+!S$RH-%6l%&fGur+%?0c< z-jwBQy#uaY-@A8fZuT#y;!V?Gs~{<+1g0Pzl^+(;@tES5PExL#p>&3l z6O<}|84BY;u0rLKDFafTiE{EI3!n@ObKAs{hG%X_a6mMJ~>m7DmTWfqp-3*`64^Kvue;Tq Date: Thu, 4 Jan 2024 17:54:03 +0000 Subject: [PATCH 3/3] Fix all tests except rbt and knights toru --- creusot/src/backend/term.rs | 9 +- .../should_succeed/100doors/why3session.xml | 2 +- .../should_succeed/100doors/why3shapes.gz | Bin 593 -> 594 bytes .../should_succeed/all_zero/why3session.xml | 2 +- .../should_succeed/all_zero/why3shapes.gz | Bin 397 -> 397 bytes creusot/tests/should_succeed/bdd.mlcfg | 6 +- .../binary_search/why3session.xml | 22 +-- .../binary_search/why3shapes.gz | Bin 2575 -> 2573 bytes .../should_succeed/bug/206/why3shapes.gz | Bin 202 -> 202 bytes creusot/tests/should_succeed/bug/217.mlcfg | 2 +- .../should_succeed/bug/217/why3shapes.gz | Bin 127 -> 128 bytes .../should_succeed/bug/235/why3shapes.gz | Bin 104 -> 104 bytes .../should_succeed/bug/395/why3session.xml | 2 +- .../should_succeed/bug/395/why3shapes.gz | Bin 285 -> 286 bytes .../should_succeed/bug/463/why3shapes.gz | Bin 245 -> 244 bytes .../should_succeed/bug/545/why3shapes.gz | Bin 111 -> 111 bytes .../should_succeed/bug/552/why3session.xml | 4 +- .../should_succeed/bug/552/why3shapes.gz | Bin 193 -> 192 bytes creusot/tests/should_succeed/bug/564.mlcfg | 2 +- .../should_succeed/bug/682/why3session.xml | 4 +- .../should_succeed/bug/682/why3shapes.gz | Bin 292 -> 293 bytes .../should_succeed/bug/874/why3shapes.gz | Bin 1058 -> 1057 bytes .../bug/minus_assoc/why3shapes.gz | Bin 105 -> 105 bytes .../tests/should_succeed/bug/pure_neq.mlcfg | 2 +- .../should_succeed/bug/pure_neq/why3shapes.gz | Bin 101 -> 101 bytes .../bug/two_phase/why3shapes.gz | Bin 281 -> 282 bytes .../should_succeed/cell/01/why3session.xml | 2 +- .../should_succeed/cell/01/why3shapes.gz | Bin 213 -> 214 bytes creusot/tests/should_succeed/cell/02.mlcfg | 6 +- .../should_succeed/cell/02/why3session.xml | 24 +-- .../should_succeed/cell/02/why3shapes.gz | Bin 2271 -> 2267 bytes .../checked_ops/why3session.xml | 54 +++--- .../should_succeed/checked_ops/why3shapes.gz | Bin 4156 -> 4151 bytes .../closures/06_fn_specs/why3shapes.gz | Bin 727 -> 729 bytes .../closures/07_mutable_capture/why3shapes.gz | Bin 419 -> 419 bytes .../constrained_types/why3shapes.gz | Bin 136 -> 137 bytes .../should_succeed/drop_pair/why3shapes.gz | Bin 139 -> 139 bytes .../filter_positive/why3session.xml | 4 +- .../filter_positive/why3shapes.gz | Bin 904 -> 901 bytes .../should_succeed/hashmap/why3session.xml | 92 +++++----- .../should_succeed/hashmap/why3shapes.gz | Bin 9686 -> 9693 bytes .../should_succeed/hillel/why3session.xml | 163 +++++++++--------- .../tests/should_succeed/hillel/why3shapes.gz | Bin 7365 -> 6994 bytes .../index_range/why3session.xml | 38 ++-- .../should_succeed/index_range/why3shapes.gz | Bin 4445 -> 4448 bytes .../ite_normalize/why3session.xml | 6 +- .../ite_normalize/why3shapes.gz | Bin 1382 -> 1379 bytes .../iterators/01_range/why3session.xml | 6 +- .../iterators/01_range/why3shapes.gz | Bin 983 -> 981 bytes .../iterators/02_iter_mut/why3session.xml | 12 +- .../iterators/02_iter_mut/why3shapes.gz | Bin 3174 -> 3174 bytes .../03_std_iterators/why3session.xml | 84 ++++----- .../iterators/03_std_iterators/why3shapes.gz | Bin 6342 -> 6331 bytes .../iterators/04_skip/why3session.xml | 4 +- .../iterators/04_skip/why3shapes.gz | Bin 1030 -> 1027 bytes .../iterators/05_map/why3session.xml | 16 +- .../iterators/05_map/why3shapes.gz | Bin 5868 -> 5860 bytes .../iterators/06_map_precond/why3session.xml | 40 ++--- .../iterators/06_map_precond/why3shapes.gz | Bin 8695 -> 8695 bytes .../iterators/07_fuse/why3session.xml | 2 +- .../iterators/07_fuse/why3shapes.gz | Bin 1379 -> 1380 bytes .../08_collect_extend/why3session.xml | 10 +- .../iterators/08_collect_extend/why3shapes.gz | Bin 3536 -> 3542 bytes .../iterators/09_empty/why3session.xml | 2 +- .../iterators/09_empty/why3shapes.gz | Bin 476 -> 478 bytes .../iterators/10_once/why3shapes.gz | Bin 811 -> 808 bytes .../iterators/11_repeat/why3shapes.gz | Bin 505 -> 505 bytes .../iterators/12_zip/why3session.xml | 10 +- .../iterators/12_zip/why3shapes.gz | Bin 2041 -> 2039 bytes .../iterators/13_cloned/why3session.xml | 2 +- .../iterators/13_cloned/why3shapes.gz | Bin 720 -> 723 bytes .../iterators/14_copied/why3session.xml | 2 +- .../iterators/14_copied/why3shapes.gz | Bin 721 -> 723 bytes .../iterators/15_enumerate/why3session.xml | 10 +- .../iterators/15_enumerate/why3shapes.gz | Bin 1759 -> 1756 bytes .../iterators/16_take/why3session.xml | 4 +- .../iterators/16_take/why3shapes.gz | Bin 917 -> 916 bytes creusot/tests/should_succeed/knapsack.mlcfg | 2 +- .../tests/should_succeed/knapsack_full.mlcfg | 12 +- .../lang/while_let/why3shapes.gz | Bin 143 -> 144 bytes .../list_index_mut/why3session.xml | 2 +- .../list_index_mut/why3shapes.gz | Bin 725 -> 722 bytes .../should_succeed/list_reversal_lasso.mlcfg | 12 +- .../mapping_test/why3session.xml | 2 +- .../should_succeed/mapping_test/why3shapes.gz | Bin 412 -> 412 bytes .../should_succeed/match_int/why3shapes.gz | Bin 292 -> 292 bytes .../tests/should_succeed/mc91/why3shapes.gz | Bin 256 -> 256 bytes .../should_succeed/mutex/why3session.xml | 4 +- .../tests/should_succeed/mutex/why3shapes.gz | Bin 555 -> 557 bytes .../should_succeed/option/why3session.xml | 2 +- .../tests/should_succeed/option/why3shapes.gz | Bin 494 -> 496 bytes .../should_succeed/ord_trait/why3shapes.gz | Bin 653 -> 652 bytes .../projection_toggle/why3shapes.gz | Bin 584 -> 583 bytes .../tests/should_succeed/red_black_tree.mlcfg | 2 +- .../resolve_uninit/why3shapes.gz | Bin 420 -> 421 bytes .../rusthorn/inc_max/why3session.xml | 2 +- .../rusthorn/inc_max/why3shapes.gz | Bin 502 -> 503 bytes .../rusthorn/inc_max_3/why3session.xml | 4 +- .../rusthorn/inc_max_3/why3shapes.gz | Bin 841 -> 836 bytes .../rusthorn/inc_max_many/why3session.xml | 2 +- .../rusthorn/inc_max_many/why3shapes.gz | Bin 631 -> 634 bytes .../rusthorn/inc_max_repeat/why3session.xml | 2 +- .../rusthorn/inc_max_repeat/why3shapes.gz | Bin 761 -> 762 bytes .../rusthorn/inc_some_2_list/why3session.xml | 4 +- .../rusthorn/inc_some_2_list/why3shapes.gz | Bin 989 -> 988 bytes .../rusthorn/inc_some_2_tree/why3session.xml | 6 +- .../rusthorn/inc_some_2_tree/why3shapes.gz | Bin 1122 -> 1127 bytes .../rusthorn/inc_some_list/why3session.xml | 6 +- .../rusthorn/inc_some_list/why3shapes.gz | Bin 904 -> 904 bytes .../rusthorn/inc_some_tree/why3session.xml | 6 +- .../rusthorn/inc_some_tree/why3shapes.gz | Bin 991 -> 991 bytes .../should_succeed/slices/01/why3session.xml | 2 +- .../should_succeed/slices/01/why3shapes.gz | Bin 679 -> 679 bytes .../slices/02_std/why3session.xml | 14 +- .../slices/02_std/why3shapes.gz | Bin 881 -> 883 bytes .../sparse_array/why3session.xml | 60 +++---- .../should_succeed/sparse_array/why3shapes.gz | Bin 3841 -> 3837 bytes .../specification/division/why3session.xml | 2 +- .../specification/division/why3shapes.gz | Bin 175 -> 176 bytes .../specification/forall/why3shapes.gz | Bin 129 -> 130 bytes .../specification/logic_call/why3shapes.gz | Bin 120 -> 120 bytes .../logic_functions/why3shapes.gz | Bin 156 -> 154 bytes .../swap_borrows/why3session.xml | 2 +- .../should_succeed/swap_borrows/why3shapes.gz | Bin 321 -> 321 bytes .../should_succeed/syntax/02_operators.mlcfg | 2 +- .../should_succeed/syntax/05_pearlite.mlcfg | 2 +- .../syntax/06_logic_function_contracts.mlcfg | 12 +- .../syntax/09_maintains/why3session.xml | 4 +- .../syntax/09_maintains/why3shapes.gz | Bin 298 -> 298 bytes .../syntax/11_array_types/why3session.xml | 4 +- .../syntax/11_array_types/why3shapes.gz | Bin 319 -> 318 bytes .../syntax/12_ghost_code/why3session.xml | 2 +- .../syntax/12_ghost_code/why3shapes.gz | Bin 355 -> 355 bytes .../syntax/13_vec_macro/why3shapes.gz | Bin 375 -> 374 bytes .../take_first_mut/why3session.xml | 2 +- .../take_first_mut/why3shapes.gz | Bin 532 -> 533 bytes .../traits/16_impl_cloning/why3shapes.gz | Bin 147 -> 147 bytes .../should_succeed/traits/18_trait_laws.mlcfg | 4 +- .../type_invariants/generated/why3shapes.gz | Bin 221 -> 221 bytes .../type_invariants/non_zero/why3session.xml | 2 +- .../type_invariants/non_zero/why3shapes.gz | Bin 372 -> 374 bytes .../type_invariants/vec_inv/why3shapes.gz | Bin 283 -> 284 bytes .../tests/should_succeed/unnest/why3shapes.gz | Bin 191 -> 192 bytes .../should_succeed/vecdeque/why3session.xml | 8 +- .../should_succeed/vecdeque/why3shapes.gz | Bin 1993 -> 1992 bytes .../should_succeed/vector/01/why3session.xml | 2 +- .../should_succeed/vector/01/why3shapes.gz | Bin 653 -> 652 bytes .../vector/02_gnome/why3session.xml | 20 +-- .../vector/02_gnome/why3shapes.gz | Bin 2378 -> 2381 bytes .../vector/03_knuth_shuffle/why3session.xml | 2 +- .../vector/03_knuth_shuffle/why3shapes.gz | Bin 644 -> 644 bytes .../vector/04_binary_search/why3session.xml | 2 +- .../vector/04_binary_search/why3shapes.gz | Bin 478 -> 478 bytes .../05_binary_search_generic/why3session.xml | 30 ++-- .../05_binary_search_generic/why3shapes.gz | Bin 2684 -> 2685 bytes .../vector/07_read_write/why3shapes.gz | Bin 455 -> 456 bytes .../vector/08_haystack/why3session.xml | 42 ++--- .../vector/08_haystack/why3shapes.gz | Bin 2891 -> 2887 bytes .../vector/09_capacity/why3session.xml | 2 +- .../vector/09_capacity/why3shapes.gz | Bin 424 -> 424 bytes prelude/prelude.mlw | 14 +- 161 files changed, 477 insertions(+), 479 deletions(-) diff --git a/creusot/src/backend/term.rs b/creusot/src/backend/term.rs index ce6f10a810..d4b7712d36 100644 --- a/creusot/src/backend/term.rs +++ b/creusot/src/backend/term.rs @@ -87,9 +87,12 @@ impl<'tcx> Lower<'_, 'tcx> { (Exp::Var("b".into(), self.pure), Some(rhs)) }; - let mut inner = + let inner = binop_to_binop(self.ctx.tcx, self.names, op, ty, Purity::Logic, a, b); + let mut inner = + Exp::Pure(Box::new(inner)); + if let Some(lhs) = lhs { inner = Exp::Let { pattern: Pat::VarP("a".into()), @@ -426,6 +429,8 @@ fn binop_to_binop<'tcx>( (pearlite::BinOp::Le, _) => module.push_ident("le"), (pearlite::BinOp::Gt, _) => module.push_ident("gt"), (pearlite::BinOp::Ge, _) => module.push_ident("ge"), + (pearlite::BinOp::Eq, Purity::Program) => module.push_ident("eq"), + (pearlite::BinOp::Ne, Purity::Program) => module.push_ident("ne"), (pearlite::BinOp::Eq, Purity::Logic) => return left.eq(right), (pearlite::BinOp::Ne, Purity::Logic) => return left.neq(right), (pearlite::BinOp::And, Purity::Logic) => { @@ -440,7 +445,7 @@ fn binop_to_binop<'tcx>( (pearlite::BinOp::Or, Purity::Program) => { return Exp::BinaryOp(BinOp::LazyOr, Box::new(left), Box::new(right)) } - _ => unreachable!(), + _ => unreachable!("{op:?} {purity:?}"), } module = module.without_search_path(); diff --git a/creusot/tests/should_succeed/100doors/why3session.xml b/creusot/tests/should_succeed/100doors/why3session.xml index 3bbf954e41..3ada662217 100644 --- a/creusot/tests/should_succeed/100doors/why3session.xml +++ b/creusot/tests/should_succeed/100doors/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/100doors/why3shapes.gz b/creusot/tests/should_succeed/100doors/why3shapes.gz index fb1c96e7d7d67d59596d87ea9aefa485b4554f86..68192dbbb3b5b295c7a018f2d0420287ebb19d20 100644 GIT binary patch literal 594 zcmV-Y0O0z4I$_+jdu#JdT}@svIIDWTaJ3)u^XM12zRU zB)bW)>c8*A!C6?KD^)`1`FZBeykX3z`>0*hvumS+YuZg+eT|an{_|+}LYwMhRAaFe@9e=7{yESoVWm&(@x3zU80?@9W zZ>k+_i=TIe7rF?U^`gMt(sNVW{nE7vk{%uqVg!wl_z-}Am>d{&Wa5F5vlAH=1WuH_ ztU9ZflG{G-{xBG12J78{%};hTnSZYLXA*ds!SMV@Xpg zTX#!Lt6q#p+m8?vL1b;m21cpwehF_8GaBU_$G_Dm+~uDjAXJ)E9ZdUjHeoi;G- zMK{%aQSU3;{yS+#jce=j;815>Wu4KYZkqbl*}LuU4gF~LF1SPu{du*ii0!3QpOKC5@Jm+(mKe&NySuW}LQXQ_P4{aj`TkdbzZQLc%+3V>08tMpKmY&$ literal 593 zcmV-X0Wc<99CeU`O<0w(^hm- zE|%4y%$t8F&8ap`RU8efxUH;WT2^&ky_HBSl}X$DP3oHHW1|m%qwgn4P7xEq8MbQ2BNTxHq3Svtzla=%&s0 z;?kE)uG?#K+TfEbnWWv{gbc4-JxaTA#UcOe$}S8_-mPzw+dCoN*pZBF%nR=Zoap&S z&-47Ec%MIbQ8JpHcXEJJZ&lUaYA`UF50S`YndPfxoJA_9fL0(fl|)gJkO!d#r9o;4 fH24}ogV2eNb)-YBwA6uSR*S)3)4Xc>&IJGfJFF^r diff --git a/creusot/tests/should_succeed/all_zero/why3session.xml b/creusot/tests/should_succeed/all_zero/why3session.xml index 5d5439c332..90c0d0798d 100644 --- a/creusot/tests/should_succeed/all_zero/why3session.xml +++ b/creusot/tests/should_succeed/all_zero/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/all_zero/why3shapes.gz b/creusot/tests/should_succeed/all_zero/why3shapes.gz index aeac1364cea6ab1b1acad5245d2c6076f69f0502..6ce15e22b3353880fee2ca73b3781ae5d117407e 100644 GIT binary patch literal 397 zcmV;80doEyiwFP!00000|BaH%Zi6roMfZFKySA)6e(B|V|R56F0Nq(rytU<_RUcKqFs!1uEi;ZtEI}_H#q>IvP4F@T?m6>?<7!{NlMW=e* zTopoM)K&-aoHgcbOeb=$yG{@4@NoXJ{8%1Ot!xl1!!*PQV)QqBVLuBtMc`u-Us7t~ z5Mm;*8;iWkb=xC=HS?Wm;q!PLj7d5Q31-eYleH;UU`r!3-C!D^z{C;Ria7qQK<YQz%_o)6Gqxbg?N6 zDO;%)4pToXiru~AIZLD);k{{|aYY=uaE8p~4Riu#3#l|<7y$LH~(s|*vhJ%#c%1k_aj0#GOqEo$Y zt_mSBYO8~I&Kh$zrW1M4U8e_id^mquek|)#D;osMFby$+82t@j*w2DZ5%}1|mz0V) zgqR5I#v&^--S!Az&3tE?`#jczF-b=u!JTv7$;uQE@ if childf <> b then + | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_If v childt childf) _ -> if pure {childf <> b} then let a' = discr_valuation self childf b in Map.set a' v false else let a' = discr_valuation self childt b in Map.set a' v true @@ -2505,7 +2505,7 @@ module Bdd_Impl10_DiscrValuation_Impl else if let a' = Leastvar0.leastvar a in let b' = Leastvar0.leastvar b in Int.gt a' b' then match (b) with - | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_If v childt childf) _ -> if childf <> a then + | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_If v childt childf) _ -> if pure {childf <> a} then let a' = discr_valuation self a childf in Map.set a' v false else let a' = discr_valuation self a childt in Map.set a' v true @@ -2515,7 +2515,7 @@ module Bdd_Impl10_DiscrValuation_Impl else match (a) with | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_If v childta childfa) _ -> match (b) with - | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_If _ childtb childfb) _ -> if childfa <> childfb then + | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_If _ childtb childfb) _ -> if pure {childfa <> childfb} then let a' = discr_valuation self childfa childfb in Map.set a' v false else let a' = discr_valuation self childta childtb in Map.set a' v true diff --git a/creusot/tests/should_succeed/binary_search/why3session.xml b/creusot/tests/should_succeed/binary_search/why3session.xml index 5ae88e66ff..e0aae3114f 100644 --- a/creusot/tests/should_succeed/binary_search/why3session.xml +++ b/creusot/tests/should_succeed/binary_search/why3session.xml @@ -60,37 +60,37 @@ - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/binary_search/why3shapes.gz b/creusot/tests/should_succeed/binary_search/why3shapes.gz index f48aef92a2456d5eb360b396b06dba135e38c77a..06ac49bae4d2bc14d28db3e607a4fcee2e925482 100644 GIT binary patch delta 2561 zcmV+c3jXzv6pa*+CVxQJ1|?EGMm())+w<7{^(j)6M9J#M%=Y%dO_BBHS5+kc`qTFO z!F>wn?U!&mAG(KsZsqo;zilp$?(p!XBKwWI4;5|5?Tvd^QRlpGpyInY%Nz3E-Q3-D z59hB{Tx|$`{&F~0u;1Mzelf0JhNauI0Q*gKvu(T6_81=Sj(^?#p~*TSuJuD&(P79c zmP~OYc~sxa;``0bO=d;Q-l3-dbRPqLAj1W1xO8`ihf5`I-6@>A;}=}&%|Hg&4TD>B z0XPo!BOOlD+ujnOyJ6t=?syKUXC_^xPmsem=$$)Wrmwo z?%#7u$YYei()!QtK243HP(#0G3XMUfk-= zkm1{u8)M3SA^Y7rvmP;2^2&l&7nX@^n8~=6IPzk3^|vE-g48eh)Jf z;>5KLwL2#=bbs2Ko;Hso#hfpuRzphK&9Un~VShq>ai@cOxZvn;*~A1a3_6q_QD{;c z=NL_MSPbrbXx(SzLoI{+1F9;h!ZCb&9cS!fOU~Q5Q59brwNGXjp-AqpgypcA3Jm(T z2yE6;Xnviio2$^m+TK8E9b75@vw{QrAM-3`>TOYv#WkLmA%``0WAUCf#eTJcm_+yE z*MFEs#Z=CbY0Fk4H=J+W9f#;kxjTs=Wqe$Xw9Us)L+dxS?Mi)(Qvj=TO?n*NW;(Ou;R8nVj{b#yn6O-El5j${E{Mq@YZQ^%G<*?$vY zNP<|u@xxS!vt1r{={D2x5}vyW%6TEv6i6=MKeSI8W50Rg0+H+2^YFn-NTy5PzK%aG z&;{#Sub^cCqc3%Gx@_fm-Z_WU7uTP6UTEp`mCZ-K+?KC@?D#~-}TP{th~3gMe3qw@8^cm-TdB(M@)F^uaV=$ zGtTW&Kl%Q%0GR$T0Mo=ZD4{O})75Jjk%?=+dmY#)Sw~x$RY)}7_+I$T2!B$Tb8T=l zEt9kd=w|w_D;58*T#tI*`Nd1cho5pk5>DjGMIaukcKt2raU_Y5fN`bbrDp!T=J@3F zD`rhQPn2K(S5e)Y!XlFJcMY@G?IqFD5wna)SWNIt!_zOFPGh4nrW#ZLM<_D5|xXP3W5l^roF0;vc zeoL4=9+b~HYNSZd05W^1o+}8G7MPcV_<~ftCC*;5LYdSvU1ogE;(tX|$bc0CCE_DK zdG@_%(v-)PRupm`)8g2OAB%vQMHZ7~=h1!Vp`_?My6-&Shb*e*(4y)J zTeDJcinryF<#q6)dVdXG<<{!?#;$Z4T^O>kvp}ToTfNGCCOuJ?^&W(K?uAb*J574v zk1zWxy(Yc~rd5_-p?T46rbRp?6c!9mZ}s89oqoGR#GjfEn~kOjVde=J(mT#IX{k~! z)PaC&jfO3?V97=~T{j9i!yr%z0fJ(Rw~_&&QnhTWt+LVz%YQ9Ha;{p>NXv+ps%cwp z>fnq}u0}PXuEQ3<0Oexd0*Z>=33QDxh^V$&Q+r%YT7=u!}sTumL z91X;^R0=%k`F}d-TC-YabrdWm7K{aLK`n(a?VBK#_eQtiKms@DfYwqI@WQ!C`}1<} zO2(Ks(lnkB02Si?#XvMIYg>?8DlHY3a!XMZeL-5|aAPobfpg5ou6bdWXYM3Tm1R&tNU zjR)U0Qh#iPu!38`te{qa737B<)HQ`rW2V&tq;6E}9P!|(q6jsa6v?;IMKJ|x(Z-}Q zP1`Vx9~Fd9RXforU&mky^=9fMscUDzQ0;4pcZ?P=ZHRYh1>&Vm>LjrOmFlBvyxf~Z>cx5jeifQtd<u%NW`jE352aM%VE_6>r?C178x zw~APaTC|nw4=KVrPYsbZ3yd{2`lG3m68j&MAz&6pMOa-Gyp1}InSjNd2uyR+#zKST z9eT?b)^sdh;G(*|@G52%eH*1%%TSF+ABks-3Tc?61{#mu+&QJTN?9eX5?1l6p6I3F z7yM}yVGDr1#i5rW}uv6?Y18xtg^B5fRwu{F51u8odD Xw6L06&7u%Z*X8^ltHbvFA|e0)vQ`6y delta 2563 zcmV+e3jFnr6ps{;CV#-!1}Tv}Mm+6l+w<7{^(j)6M9J#M%=Y%7O_B9t@vABp|N7JV z{K0(+=k=FxI`5AU|6I%UPk&oo9^L-o%Z_YU?mp~jLvC-}yB&3|Z5!C}O`7EmdGBuS zZjKM5k- z57~}oQ`|tF)OWJ@c6D=8Skba~sOdk)j{!fB;es|?j(7Wq%TC_9Q#cWS!JCh?6^%O}2Rgx(SjddK7()FNpfu ziCa7w(tn%!U`%~3WV=~r)&quWURm+#$}&+56U8o(Hh-jdB5zFX3d3k55gEi$`O*vN6Ildgh1eV18z5Z4SmZ%rfsK(`- zs)Cy?XwwC3I%zZgvFq`WQFXr^R_`DsorzJ|5eaQOwS7*}*Q~4dld4ay){y~F5sGS2 zPTe`^<9|gTFZ!~pCCW;_q9NOH{V+{nK=NOm3!gY^$oa2kckXoR1+3iue0M&cE}>1+ zt52tZZf*A$Oz5kuJWo&k=k9LD?ZRU>&XK*EPfYPLiXMn^&YW9t z-v1sZCZvgL8@xMbGTi=nG#zajCyFUw3ay6Jw12C^@%RY?>We$=-NOY(`^zc?U}ez0 z{zyWz(lp0tp2K8t*M{gmBOhw%?YhmeZptcUKl>b@If$fj&EJf;Vm5;?Wp5`uxrR}EVJt>Oa zYJUSMi0+54A&jc25+mc0EqboM-?%#tX)pEZWQH8^X*JO{A3xQ@}5m zz_?>{2`9%)y~(3{ghwJvYiTBpkKMI2{|>=%yowDpWK%YDq?@U4j`S7o$QIDKH-9$$ zIUU(tD0>17SrF?EzMrabwkhLd?q-g>hUaF4a#<)e6_P9X_vMo&->;r%AWHsv9zNKF z6uP|I*YT$XI%8d`6|_!Z^rcEp=cOF)JLhov;=23J3niVtviQiCi;ujLy;z#*;#T+A zwcg|?Np17{(<$BFhe#Rb^b}R8lYg9CvH{9nJda9WrZ$rdj4jZT5cCJqNJ5Z)da6#htyM8b&wMz7wyQ z@YuDHL*tp|Ho2aB|6Kq~cNu_j;u@6DrGl~b>PKYc+HPJ4HcFP!R!0>QO@9x*6FxD5 zROVb8+>Fa4p8;+&|LUDezYFbA$2)DjRC@TS&m-eRE;It^Qnl&2pvQqEK>~)A9j`U> z=QXD%r(ZE@;xtfx{oju2&J>oAg#VW?dtF{KEgdk+*ofJ&$l!3tAp417A4Uph8L2SK z$Q-j&Pkltq46{_NM*H2jRe$&LP*<#PeKE^7txw1ErRwVD)H}v&^4rQcjBi&}PD#2B zVN9vHOBn95`$79F^CWvBQNluHxTc|53}bJReQp8;gqp?WSMj9Ort4$=!!^_Dn!$qIE)Pk(fo;Wdj_S)l+{ z^puE?^yJyqqJbClU5T(^ipp6fqHP_{wJb$pf4qj9*!K*%6Jw4ckN~0@7W_DJH)Lp4prOxCh>N?+paL>K) ziFu{T5B%w6f1%c-_rSc$$}2Rl%FVclmxRiK{^`x{AKdA;J4F1c`LJ3M61+5cqe2Tj zmx@Pjyf?&C&P4>jrWPz&N!c2Yl|l!I252BHw2`%ui^c@xUVm$=thB;%%aGhfracxJ z9vo3%h-R${QWH>IJ0H~=zyh(RkW)`-&?G_|Xrm1aGys>HMFxTe$=6z0EiKSOACb6i z9Aa2Vu0k6f6FhogQg|t(TZ6E`Eb#ol=W3}pEe%3zZkz!QjbyEiENJaRluhQ63yioG zL9}ZjP#>G734hW1XgKv8h;hOcbrdWm7K{aLL0t&}IxU(3Q$-69NVz0rV_ok+f|T z+%#F5wp4wGOx&L|4qQZ(NY@Zaype$+%s3OwXPJyz27i_jOU-vk4zA(Yk~Ts!kD&9d zQj`b8Dwbxin|y-ISf(vgmZ28>L{9cv`MRYMZxsncG(_T@^MO$sm4v8#Xv-P>5fyDC zlxmr3BJ&0@E)d2JGfVK$7$)PIV^CL?bZq5ym7|X59)3E&e*9 zTSeE3SczJ+mFf>E!oX$(D;^;_r72A`1PuPhH{7FJeNu$kRl(b+Qw|G>!q}tUOTZAo zQhe?3hApx90>QF~>bk_Mm{s&`lnSRj0fQNyD^4L0g8`2lj2M8Fgs@i1DruFliqCnO zX_#?@89W1wU~RN%u$s}p8_pebi5LB&!D?cau}Uup3C>G~7i2<-5HgilAd%44U~m#9 ZL=vKf)!b^9glM`f=l?IFhm0a3000+l^Pd0! diff --git a/creusot/tests/should_succeed/bug/206/why3shapes.gz b/creusot/tests/should_succeed/bug/206/why3shapes.gz index 580ddcf9c902bc7acf1fc254c1e8976a7923e0c2..286179e887444236910e2eba6c2284b47f65459c 100644 GIT binary patch delta 188 zcmV;t07L)E0m=c87Jt;Pk~A*`7b2AS1HoOnHn+A=8*S_3^Q~9}MVQ4foHO%;_7$A5 zr#I~SI<_mSX|f>01?u+ZSvEE9c}AeYG3{}vV3e9B-t$uo*mwa$%-VPDkYYh8!BDu qgyW8pk{2d0ok9rKXlX+zN{yg&fd*M>sd3t=34Q_qpq~2?0RR93FIQXu delta 188 zcmV;t07L)E0m=c87Jq!K@=g?7h*07W1b5{oO|(!OZR_Lnttf&b%wibMnduz&2ROwZ zUt`zTxm{v~=QA{%p>D5^6z@hIEf6$uOuHWrFiK66Z{;ypv2hHBT-NOX$MtTqe)7M- z_I1L>KjbzzuRULAVG?kz7Tg=<4G&UMZh(53u(ry|H~awZbMDF!0RR9kVpXI7 diff --git a/creusot/tests/should_succeed/bug/217.mlcfg b/creusot/tests/should_succeed/bug/217.mlcfg index 84258a5918..af485e59bb 100644 --- a/creusot/tests/should_succeed/bug/217.mlcfg +++ b/creusot/tests/should_succeed/bug/217.mlcfg @@ -61,5 +61,5 @@ module C217_Ex_Impl variant {[#"../217.rs" 10 10 10 17] Seq.length c} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../217.rs" 9 0 9 8] if Seq.length c = 0 then 0 else let a' = Tail0.tail c in ex a' a + [#"../217.rs" 9 0 9 8] if pure {Seq.length c = 0} then 0 else let a' = Tail0.tail c in ex a' a end diff --git a/creusot/tests/should_succeed/bug/217/why3shapes.gz b/creusot/tests/should_succeed/bug/217/why3shapes.gz index 41bba1e4b4a0fbd0f132cd3b2273ce5a7bb5a313..0fcc3636b508b9fdd388b8836f634b5a0e73a5b6 100644 GIT binary patch literal 128 zcmV-`0Du1*_}Y?BdOPrpQ4I49Y_jVsJqAuYd1A+>^wE7j7{z%tFmG}$c8%p%b+ i&B#32z`)EXB`ML+(A?NES;5f5fC~U+&f?L50001{4?3Cv literal 127 zcmb2|=3oGW|E|Y3@--O - + diff --git a/creusot/tests/should_succeed/bug/395/why3shapes.gz b/creusot/tests/should_succeed/bug/395/why3shapes.gz index e486f38443df0155d41ce649dbadd8fddee9f28c..7edb892dbe9e8fed9c8c1ef7ac6be76c479ab642 100644 GIT binary patch delta 270 zcmV+p0rCEw0-gep8GmKVD)e9qriRc{*=tZNxfK+4qz6+tok^QJc6!J*Af?k%HPqfM84hBsgw7d;e0Dmlm(2l-7b2U%m3cSY%}nPwo@ zk~jenz)~#-nj&lGJ&hBpGk7K4Fp=OtduNaF!9D(gEK^QuYL(TwHiav4qdO%S6QxqR U?M{}kH=6wd>IZDC7YYvTSmP`n=bc)ZlE|WdL%?tbYK<-<|bx9R}}SKQ9f(N8R)en zO#l>#SSx|YDB5|?!-T2?UfF4wn0KGO?T+EW9sPkMk&QWJrZJ6@oh(GF4Hn#3WwGIy T>Wqmup8NuR&<1TLJOTg!Es=kW diff --git a/creusot/tests/should_succeed/bug/463/why3shapes.gz b/creusot/tests/should_succeed/bug/463/why3shapes.gz index bf864f399b34d338a5228ec24fc3b9a509dc7306..2f33d7b9c4dbe8ce8d08592dabd6bd6052cb3721 100644 GIT binary patch literal 244 zcmV#vKkGH=FELR;e3bRkntldc}(*cR`~RR-~uHL<6MjY@P0SM(H<^F7~WOohCP)T zS{2qUqr_WHQusXD?c;YXqV;u!aUN`1XP;kEJxt|5BZPFwv^b^(JE8dS6LJ~aDdlwu z&u-op}dnjQh#mtl_8{*w&!yryylTILalY0 u*{B1=Mv}&1dLxMPC>8Tu^Wdcrl4@W?f&^+~ARsWmG4uzg{K>|60RR9z3v?X- literal 245 zcmVEKMBN3h34YRz*i;)Jps$j%J zh2d3kD;XtUYLeso(Uy;2wTRc(6{lqwf;lAC diff --git a/creusot/tests/should_succeed/bug/545/why3shapes.gz b/creusot/tests/should_succeed/bug/545/why3shapes.gz index e03b6a164c1ad2944cfeb2b1e883b183f212796c..a3a7f6b436e776a203e25b924772a633251290c3 100644 GIT binary patch literal 111 zcmb2|=3oGW|E9+_@;Mj?FkJY%?~$9zB<)M9u0G;kQ*>23HYDWNU$y+I(B_{{qK(8V zi+rxPNX?e|QBi&?+Lh&XkD_hG$%FYin~v`J%g&J(FmKJ&3)N;xa|`FnH=E^rdEl}* Oio-5b?)~djpgjO_YcWOu literal 111 zcmb2|=3oGW|E9+b`5F{>7!K@R|6+xj8f)W%)!q69rU8zTR~SD2^}AQ%+y1n~U*ktx z%%xi2j1AcbWv6ylJF>j)`FO6P_3+g%ZMsw6+BeAWxiqVHx}lfU-35!3PVZJ1OWEqQ OQJ_X~#s!;HpgjO74lwQj diff --git a/creusot/tests/should_succeed/bug/552/why3session.xml b/creusot/tests/should_succeed/bug/552/why3session.xml index bba975ab47..ed250ed333 100644 --- a/creusot/tests/should_succeed/bug/552/why3session.xml +++ b/creusot/tests/should_succeed/bug/552/why3session.xml @@ -7,12 +7,12 @@ - + - + diff --git a/creusot/tests/should_succeed/bug/552/why3shapes.gz b/creusot/tests/should_succeed/bug/552/why3shapes.gz index 0886c987b603db1245efd66d7614829720f8b8aa..6c94b8bd78b76afed3f56764303b097778e18d10 100644 GIT binary patch literal 192 zcmV;x06+g9iwFP!00000|6PyE4uUWgMECuQE|pbZP&9F2Od9xsE;SdpjU))zHYEPN zmX)xanUj;uA*105GX}b#5B)TrX+g6ifqq=T_b|o)cgt$HSPlk;fTjkIVHy^+?D~&o z3EO5v?2Wp~(-3hc@tx+>Ztc9@WwZ10otLlsk0bb+6ryF@E!r6{D%bD*k{l^|dIbr^*h0RRBoj$6q9 literal 193 zcmV;y06za8iwFP!00000|6Pwk3WG2dME5yGmaVIw#Dt{KMJb40Aj_7o{h@+YYl6_* zx4Nn>XXf!>4jGS694Yddrq~Ysi5s3B8Mgh5Q;U6yc=J%<*$XVNi&RuNQ5?FNJY4>< zY{9m - + - + diff --git a/creusot/tests/should_succeed/bug/682/why3shapes.gz b/creusot/tests/should_succeed/bug/682/why3shapes.gz index be112f1f49ee656da9c36b176b0ca2320e647c74..03d4b1af98bbaf67435fcf273e549174feb4cbb1 100644 GIT binary patch literal 293 zcmV+=0owi_iwFP!00000|BaAMZ^IxAhVS_m+`45Kf(c0`?GR0>8fj;=Q!7JYi1 z-dv0k%eFhR zwcz?%3uYc;KAA!pcsdW^NK^xRZ*6f8msc0vK(?oV8fCxqU*e{P67Y`DiM!m literal 292 zcmV+<0o(o`iwFP!00000|BaBlZo@DPMR$FLwzTe|hppHJIv53l80ai?NLoLht^LbU&Rx4lB6<|q?sBR z>=?S)O5VVe?-nWwV#-VQPjc}vzGoBYyt7fGGf^ZMUf z{Q6o8<~+rGGD|>9F4+lq7CC3%e-yku{;1{F{Fjdl0U@IpDO9-@06>l4%9Ko3jEbTv qO;vDAw*;BoXu@6Ym@B~&YM^99D+glDoUnlTmZ2}|Oq`%j0ssJj_KYC_ diff --git a/creusot/tests/should_succeed/bug/874/why3shapes.gz b/creusot/tests/should_succeed/bug/874/why3shapes.gz index 5eaf609f2e2ed7ba10c994d870e1481c885a96f2..493089402b70b3dcd560d821d3fcd342f7c0c707 100644 GIT binary patch literal 1057 zcmV++1m61}iwFP!00000|HW0!ZW}iczUwJ;OY2-XLk@om_#hM(=oeV@RDnx!69cm3 zN*lS&(|5R9+0w2yaatDz1Zg z%N_(&<|N9>o|j_*X=&6R$;eWwcM2` zB21Ye;*<%aET%79U#kxV#StZ(JF!c-$eC*Pw99e3Ne?ZL!)(|h2!~4ro`-ff35N+p zz!y=IHi$H7!>GS|6}WO2xPt$A8b95u+xJ$*ajN;KW zD%6GW&Rptc(N;i~>P~0nw)-|bv+JVYt)n1&x3UCucXu}n zyS(4751BDfbQ8ZZPWX*^!qY%qwaH0lF{(*sG142D?bshMi?ic4l_qwg3~9T`t4@Z% z&DyoA*{FdphL=8{!cJ`T9^IK|ptt@Axjm*)$k*w?!+!9-zVgT7?e|hZ$MSxkcm1vo z11i)b4ZqTT4YuBgTmG()mi;S)G

    |h6d0pRLjNj1w?+ouJOl)Skk}HUKBJ|v2v*5 zSsJQ%z=kTG)S-$8dwF)dE@a4Cg*c{-l@*$^l|;v9UP-j)D_KsL6IG#L-+m{1LH2&- zpV075F8a=j#qo~|adG*Mu&LugcIcL!%(3Mzw*^Dl_M?^`4tHV-+!dz44VeOaVhZd8 zQ(y<(Wd#nHVigRSVimvV9kB9(=@(%78ZbQqMlZl<3K$K6(P$D_HJk)il}VUYzs{TO zZXUyCmH%w>Ce3D22#k%QCTU$;6(~6)$SP?%V_lB5OMoh&B1k&ssI-nQl}yOa z=n*^$56*-2VBV5jHbOU`g>gY-=WNWmah7scwV}qkF1Ph)JhDI@)jz9)wzgI(NQtr_ zP@<_x7-K?0Ng;)ZW=3~?n=>nRnsbK$g+V{BS0pR zB&a5%4M_(6F4d&-(t2sUWSP9=Xz3+-30{hS4hw&}4%RlAJTvl9Ps_k#ho1 z!Yk*M^~(IGSdh5gf=td%I#)xAm^CvZGl6a_z7>noUU6RKmGla|V$D0CGmvZ&nr99) b2@;XGZ3b);O>EG_{}$f|8z6oe-2N1KR@K%{$acMWv=HpKhN4f!o%iJ ziRCOj?Y8Ml%=-$$$Bz|OvQqcO2>mZ>`ZM)s?9Xuj>P$z!*I*op&ZFy)AD`O4D&0Hl zWe)->a}uetCs9`JBw_{PB&!O5qpmZ5HlNzhfva1ux6iA`ZOZEkFtpp%!=??7i{Cyh z!tL1pkobGi#T^+tX#9K1rYoT7Y}^2OnQk1k+_~?8OAd7#KIJy#b-NF%RoLxTEq5h~ z2va7AIAy{}#q@>qYx$v|IHH8}OMImia;BO+?Q-01(nHJRFdMcA!r@YZ=dN8P;V^*+ zxDYvMgQzBL81;8cfh)DZ75vZB_@OW0xwzeg6^LUk2ME8HQ!y7p+q_$Gm&&~|ibvBZ zQRl)tbE&7Itw1f#cERvD+*F_!A#NX^*1658JDsK5?%VLpR~P+m9R=#Il_gMjcXzX} z%lqy6kQwttH}M<91bD}OBBelG-cEbsSu*YE1k zp+Y^<@GITtVC#Lj^>)o>D6RVHCp{W@>9 zyLk+oRsOThn>3q2osp7?sv&Zg_&=i-pp1@n-AGxdxgxL7gYeElbs*44R+LD{ zm(e456ds%h>%qJwwzVobtu#vH6hY}=h=fUXqHK(9y4cpE@yLSmDF0cWM0FEGrY4G{ zwYJh~Nm*b`GDv}{%j4c96&Nc5hDf3oN`S5%HNjf2Kwyo7E|q$(Y@rn8jLOUiCg!(E zpfcztP?NcHkIdH-jslq+ksI00hYx6951J diff --git a/creusot/tests/should_succeed/bug/minus_assoc/why3shapes.gz b/creusot/tests/should_succeed/bug/minus_assoc/why3shapes.gz index f71e0acfd6988c466da87436d82a01cc3de6c4ed..f7801f835ac548feacb2a0568b7a664e70212c2d 100644 GIT binary patch delta 86 zcmV-c0IC0JX^|6i<06v2#V*mgE diff --git a/creusot/tests/should_succeed/bug/pure_neq.mlcfg b/creusot/tests/should_succeed/bug/pure_neq.mlcfg index e2319b9dc8..a3aa0abccb 100644 --- a/creusot/tests/should_succeed/bug/pure_neq.mlcfg +++ b/creusot/tests/should_succeed/bug/pure_neq.mlcfg @@ -50,5 +50,5 @@ module PureNeq_F_Impl ensures { [#"../pure_neq.rs" 6 10 6 29] result = (not x = y) } = [@vc:do_not_keep_trace] [@vc:sp] - [#"../pure_neq.rs" 8 16 8 22] x <> y + [#"../pure_neq.rs" 8 16 8 22] pure {x <> y} end diff --git a/creusot/tests/should_succeed/bug/pure_neq/why3shapes.gz b/creusot/tests/should_succeed/bug/pure_neq/why3shapes.gz index b09465d011bed511bb8e3104cc16b5f1b210e97f..7457860c05e483c67bacf596dc11ec8bdc9fa182 100644 GIT binary patch delta 50 zcmV-20L}kpWso>61}T<_CMHIS#wLcAmgWY=K*G`@$-vmaz#u8b)WSr;(8GWW028PP I)K~xj05`=J1^@s6 delta 50 zcmYdIonWEcHZ3!4nJ3$_HcvIpWnye@D>cQ$92UAXha`8WJa%Dbb>?T*WAHs^mKwpp GzyJWcoDX;a diff --git a/creusot/tests/should_succeed/bug/two_phase/why3shapes.gz b/creusot/tests/should_succeed/bug/two_phase/why3shapes.gz index 1a9ddb9eb714a1eff7a1cb0543f7ff56e9dfde68..40ace45e8378aa476163099682fb46fc2f2056a9 100644 GIT binary patch delta 265 zcmV+k0rvix0-6Gl8h=Jp=s^k+q31_WmFF6FLu1lvaQpL{UDraFEhI26%zTsNAtv(? zKh;bYHO<=DC&Eem82K;Mc7de6DhhOy4A>@9NH>{5R!3-5SoYwL7^ud$Q#-m|8OYJQ zR$Gr_^|q_d{#!${w&VfwyqUG_)pu*$LGSS$_+2#p|Ge=HPJe24W>FxTfc;|##1d!g z_P4nbD67_oUPTIJh=&O%t()Kbh3Rf}uqAc1ehN)qF<#>WJ2y@4r25_XacLj4MFaed z46Vfl9YYZ|uj>e2$lxa8)$F5)u_5j9vJ(P_gk_!B3&E4F;61XT&r?!JE_0d5R5D3r P68!+l5R4(&0RjL3&1HeM delta 264 zcmV+j0r&oz0+|Ak8h<8np$92Qgq|NgRbDmjN@LP$aQpL{UDraFEhI26%zTsNAtv(? zKlMx&J;g%3RTStZ8L&;JkZv-AtcuX+u{P+L8yz(`FuQr@tHH4nvD?!0)2z|L3)@aevaYGmD0z4%k12K$JLJ z*WTtNP*$!Fy^0iMh=&O%t?J+Vh3Rf}uq9QwehN)qFka&YzPo91C*AGFk4t+$STw-T z$j~Y-=om!Uys9F2CcT@8*Rziz!BFTnk+kb%!MdEbC}_cTUu0AWE{RZF - + diff --git a/creusot/tests/should_succeed/cell/01/why3shapes.gz b/creusot/tests/should_succeed/cell/01/why3shapes.gz index dec83e0e66a087957fe90d06548b0c6ded7a9bbe..444f10c9971ed13e6ecaf985ec543b9e3b30fca4 100644 GIT binary patch literal 214 zcmV;{04e_;iwFP!00000|7A|Wu7WTSy!R`5d+NKiTPVcn!I(6Vcr<%8TS_Ad0i~e7 zFQCR}-X3;mXJ)grSn+VCOBwjB>_XKxYp(ff$@(i*%?*WlA&Jtk{e%j!dlE2DC4NHNuwwiwTr z1JxgTe2oz*lh4W2E0Hqqh=$>w`?lj_fN<*XEn`3hc$cI$O+bT>6B&_kmJ;P{>Me1V QK_)Z79zJa{m^T3c0Pdn=_W%F@ literal 213 zcmV;`04o0di)DQSreBBy*W@rE!}d=?%u^VK8Y}N+ zfB36Gm|=oLS@%*b#ttEFzSqErBcinvm@dwFGt}1qnefyN4pfG_UxBl!T1-IAmLpal zdVCE5NS)2e - + - + @@ -24,11 +24,11 @@ - + - + @@ -59,7 +59,7 @@ - + @@ -68,7 +68,7 @@ - + @@ -84,7 +84,7 @@ - + @@ -95,28 +95,28 @@ - + - + - + - + - + diff --git a/creusot/tests/should_succeed/cell/02/why3shapes.gz b/creusot/tests/should_succeed/cell/02/why3shapes.gz index 0472d53a5d524b9f068079f6ab9ea97cd1562167..9cac8df986a97093fb3f4b088f7411599750fbcc 100644 GIT binary patch literal 2267 zcmV<12qgC(iwFP!00000|Ls`GZW~Dwz4I%0>zN)5kP(sVpmh)o8708zIZUI_HzHSC zfF#u>qt@n(DfpS529`p=dB z%|Ct(t%%TyOaI$N6!m-9#NFog@BX3_VV9;|`cOe2!sYl9r%5 zKD4TZ!4;UGu16?2LCN8a?9Rx;Gg#vQH4atBbuSN7IBxUZo!>C(CTzdnr`6LJe{=t> zWncRhbh7=DEgzTE(zukZ9G9w9eTZ)J{l}+Io>O>xyZvi(w@vxB)&6O_xw(Jxcb9+u za@oo63taaK_4_eFW-mczmLM}E$czaxH9;4C&!g7X1TFR|fQ=lc<1f(v@%8g<77Wi) z^M`p2h+Pp(ajoy4#uri3;B*8lr8ZIuLq<5IKtmU-PIJt+xBf2Q)ssVvZjQzf2C+Pe zv4#~#t+)P>j~$W!{E*}JKHWSqk5)BLJxrH8f3xzeWb@76e$7XZ`;DujG%mF74BmYF zw0(TqbXnXuzcKX{*2M*X`gfb(xA(bwxQXHmf8{UT%K!23weHRyuleySd!ywqy-#8$ z@ZR4(4lppmz!CM>^_DwM;Sj8ra9kKrkq!>dvNj35D0!oF z&EdtkyFscoz9;mI?ReZ&JR)~sD!$58+&9%6F%{>g{%dYR=i1`YtPTsKW5iGb18&`! zE8?1ce9RBEp5K)|x4V-SX+T}QJN15h$vfK<^>?`|+g_v>9xUxkyYTn_ws*N5YJP^m zEeoo%U4UK?f!@LSsnubn_twMe-E^S3Fhkp()75)1*VFBEMsDG97w;|1gT2LlHHU>& zfpIE;9+mu-=BSIZ-pYMcdBCiSDtDw><`HIj=BWG~mPJ^$s*0%-o$+$lPzRYoeBLh0 z9+UnK@y`nJR@Zm>1?@=hp!72hX_l=P_dMo}MZQ`TizgmlyG-#mulXo{wuo1|i1O1c zqAkMJzJh~mvY&a!9Cgs(=7`|th+y{-!5$>(!}IxRp{p_eJe!|U=EITHw4f`>`P7Uu zA5LVY1yzxFvX@tv{X7lw^4LVx0`)={b%ninx4JwttaZZwJ$2``)S1hl=Y1JuPWpnb zX3@21M_NPKVXucuH!pyN|{&sV=v;ZHO9Q4mtmh zqABEbKIF70WL!)tmz9XT+x9JQP7<@nLRviOk%fJ%IDEQAwP2xIuuvYb@Sw5nv+&1x zeT0SV>_|ZrJ=xDw5XCbTti{G1;yeZ284B8pWSQ|31R#xguGCZy>U=$@1qHis zjQp$Jl;{Qgqvsu=nm@vpV047wxFaNbp^ntd*olAcJpbGkdr}7FJw;^As1*K@?cis! zS39F>bjh|fMVC%Qmvk?5QCCxR>3noqc>W7SEPoe#W(Bj~x;s|N#q~nh1JC=GY&geL zg6DmSCHHLTm|TT-&}s=iGG6uVc1|Des!PV}#giKuulM@vj-PhHPjkRev*0INGg7`T z-=d3jK(ND{v0hEAABKh_WnPc;_u9bwU7^q52I6CHF`fVt15jnmATBTH8jO22=yG0crpnfCfb48rzsgH) zZ3F3`G#C?=C0e6sz%^hSU?BZ0mT{gmo1vYS$|&a~WMcbD04<_(9Tvii;cUt#v46n{ zRg#L5=iB0?Ng`x{WGfuL2GLQG+Iu00oKXRy%cNy?iPx%tsfe=vqn9COm(e>RGA6AI zqF~EZG$O~8FdDTc)et9(8p4L4Ay(iTv<;dDb%W|P$`CjqiH#4*l1|pkl9630Qdy31 zpDW#vej|NC3XrMT(y6qz7)w~J36}lST$P}TLovOYNE!Zd_c zrG0CyQgUl^1uUyI%wk!z6(n5_smo;PvM5=xdpnhdi#zl6D`eDwAdCl3LOLi4xGK$% zO9^kP6?Il1$VykTuuf-g7sZ6c3*`-#POHS9pjh*t7&(<0w34bw;j~u)AqS!$#gkqCbv1|6+aJ=<4>a}!@ zw2gXcdu8UuY<*1HFfkZ0Vo+Wv&p(<-h7k_FBRxKlp{RV2DwODg<%S!IENE;YJz4rA z(SYDxEY>Aw1%S;7L4tRDRVAk#(l{=Auguy@(lQ8C|j8 zkx$Kckj*h>zBFtoOxftVCQLD8?`ecKKhla4sKoWbwIj6)#YCODi6KZQjmd7*q2HoF zlMx~X;iU$?6ctYvQ5tqHV9_CjNf|W?e*!-e2_S9@k#FV1Q@-GiK$)#UX;CCQs#lGY zZ=ny8f)tff-0ubH?1bkLC2%onjbw0`bzVV9z8$%;w2?fA>7ruJxnvWI$kOYgXA{pW zK&=5R(nXs>;`?29lL=^a)Fme+wU~Qefr|{OAsQ|#E->YN(TN;}Xn3l^03EKzMnj{; zYjBGNLl9#k$wkCNsI)rj;1drDRs>OT;k%%nO(r6mP=ZA%O9IIgh;=9p^Nw_drtd`; pV3ZUbYQx<^@Qq(9!}F}8oORq#wQjU(w0s%d{{bwX)x$F)007e8dfxy5 literal 2271 zcmV<52q5<#iwFP!00000|Ls`GZW~Dwz4I%0>t!%NW<;)o=7A7olmMgWFpWarh+J&~ zluFiO|NcZ}Ev(`qO16A!Kp?ZSB44a8GN@mFUp{_z_vvx@H9b6To4fxk)$;e>7VZ!C z`0Q&Ic+J-Ck5yphyWfQU=FOjO)r!&gF42O0Skza`+&nDv)-T-3(O1p3TjyeI*8}Wi z4fIqn0vj=CQBHDq-+W6Cq>yo4uGKr-DIYemU+Nj}uF z=DjO?gt{4^#0Vw&Gon2sj?X}e121tXI&M07K89nLZg1U&P&dALzKe^eFK&DHwI*M? z6>nv`C0RZ!vBqI3YB4NjExQoy(%q-0&yG^K+cn=dw@pmDTDhlYv%PzAx9h)uS-0|s z0ymvP^w5j;svAEq_H z_C+wpwY+~CUIc}`(}5cyloo<%)XYlB6>o#pY7S|)bGPZXoa|$?JsCsZi=|PFG%P4; zo%N4&?1cRNLki7Z+&&SH79~#|Oq)EnT{u#*`RaDh>Ev;@u|*Vzg>tRIn@^vc$EQu3 z#f^0vU0y+1tmxBSZT@WTQv0wC>k#Eaq@j7`z}I9h_us6na(i2I-Q+)v&t( zEH!>0^n&eh+Eh3pcVsHO$y7KrRi7{wrl$UDYC`MU>`^a{3!`O3UjjXD*_kS$ntgms z52c>3a+llv$%53QF0RhKZ`QQaoT@PPn(UEA33*|7&hj-PimCfm#+X&b9%1 zMFctrr>7RjmEKv;7gytf;=%;2xumP}VydUzX^m|7dLQqGPlMgSp_=2uD!?!nK!=L1 z!71vjtQ&ENDvp>{P{p29^E~oNo+&E-gk=_%Miw!7rZcYh4Yil)#i#8uA28{k5dW+Y zH>$i-uV_bV52apcNRw>UaNsd*%<@$On?2F++GdKjX-!Azvj(`{N0go>5v_q=A1XMy zCcBw;$WaT;?G%yQDIzzAh};|{>Ep}!sd-yt^m#EqgUrVhsj0atD3?<+$b3ALm72?f zM3cR^UU%~}7wc0KRn4&zT9p-a;_YgEVOVR0|9kGvtFbkgJ}>*y%bfKEY{{an!3@5D zIqeJRPH0tDYVZZrMPEqx@^FfBm`?lE@py`|x4Vl*KdH{QsBN$kUkW+>j>0kIcsb-a zD`c2WD(gZ-+O4~mHzkQaU?I+))WE_nRun!}gPgHY&R8gpSa{Uf4q5o)ygtD~a(18~ zu#W7PDG2NZ3YKD{4sn@+_5uY>K{CYnk%IaR1yv`sDl0kGgS=c1az?>690UJKH${8} z|L|o;u;dS+Mm{)#{Iny;I-!=-#MqI4_A>wMHF=VIE;jv?{AHx_CLdBs~2E!sfpV?n%Mqx9*;mVs^dYP0#bLC2Pv@nBZw&BFO_A zS|%6aJ+z!d4~&;xyPeX9y6T+qYW8FY#;b$=y62~v@lzl1Q_uKG)(n&{%lGIaEfC*h zPFOET*7rlhi83!ox_hnX{l3sAa6R#%vlz|*u^y-}rk5Ik4k`1EdRGB!$C~lVVrRH- zJE69rbhAiT8s>6om;>(1k^808@YJ+;9_?DkYYp!U`6~r^vl! zAhQexT|_~XBvUpf#-oCzGL_O5mlYQk$BIM6dBs^}D^ux8RdNA3M=40L7g{*<7!yis zZ3-+I+E@asxUIOUI02~_u{_JsdQgICaxZJGQ_{9I%w+*ewphSl4TsrjudSCU#}qx+ zCV~bFOw(VGtiZur5V_AvF&kB+*mIMWK;h8_VNo;ATtO7&4_}Aqcuo;97){5S&6Y`m z4a{Ut$#s5-vO-E0RtOdH3Q2*jz*L|sP!-6xCHpmR@D+Vvx#N6d^~>FeKe(QIKN$ek##Y0J-oo$EXDm;~ckAc(Q>4t%h6* z{;pbyI$209(F-F&1QwW%5MzSKtha@s0)B#G0OnZ?7@5poNvmaY!ekVXnT!mIV*EL} ziHRZ#1KxRb)IwzxoT$l(w1PUeDcPkz@!pCPbp+=iamE~)h=xfjV=6P@9hIA13R?+N z$=7zT9F3DPyG%_$2`jmZ+!+;okb*@V;P~4u&CEdX45F|Cj0p@VUd{k2FX_G+p?@SA z7PLr=vFNR`9;K22Jfmh}sS`u=y$+!(p?-u|fv!HfQL{^#`jrjHsN5nK2m!s}gDd7c z3W=#Gm1dZ;cS7(?{>b*eiyXAdVu02^!ceCyV@6XKgygB&b7BhB5o;TU&w9|I-lISj z6%Sq3Hdw=A2Hy@5$^t_Klwl>|XYfOdpy&n#Pxo=4>Bp)>eNgjc=r)rhKV&7v zd+5`KlcPFDOFe)pPE$7s9_Xs3#-9ZAv(8&6$uWTr8VNBNx+J9%f^LmuvXm0@e&Trp zs8TL7P|Q;>loWK&J9Ly8K`aR=^V!_<23*L&7`k;Vqk$?~7F2H8O+$s$D#SACDX0{$ z6nm4s?SRH@aKKntJ=GBQR*NjwV~xuwFS_|UjY6QL>4 t_`T?nKr)TVbR9%0Jw;P6SHJ+7PBhS&rBaoWl@hOm`#)#Q_s}yU005QWOu_&F diff --git a/creusot/tests/should_succeed/checked_ops/why3session.xml b/creusot/tests/should_succeed/checked_ops/why3session.xml index db89411f21..536553b17b 100644 --- a/creusot/tests/should_succeed/checked_ops/why3session.xml +++ b/creusot/tests/should_succeed/checked_ops/why3session.xml @@ -9,12 +9,12 @@ - + - + @@ -24,17 +24,17 @@ - + - + - + @@ -44,112 +44,112 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/checked_ops/why3shapes.gz b/creusot/tests/should_succeed/checked_ops/why3shapes.gz index 838d10e666af2d05afe59405a04513d3f4fc1305..5c45a67b5fa902fbd9c2ac728b5910d29fb5218a 100644 GIT binary patch literal 4151 zcmV-75XkQziwFP!00000|Lt8{ZyhNTe$THsZ?iiiOHkZbng=V2bu2}bhaI){EuwE; zOGzB(Hmm*hThKS?rn@=Eo?Lb;jV8D$peTwDKA`Ns{e1ZNZ~MOac=*zM_;`Ew?jHwv z`1$Y8KHb~fcV7x})u(7dha?nm_00ZSF#G$5&&~C7pS-efJ~o&3L-X!uIEAqb1w68-ayq(F43ZLr|_mh}+`6(A$>ctAi7mhFT+&(4do&H(z z{LtQgIDBe8etP{`zs54JoB!Ci*b#>fFku6%^p=W(%F%2HD&A~V7Sx*!LbLg=EBMgW zZ!}*!{y&yUu@gHTRM~KG^r~Z{OWGcX3MyRl{_^*@h^4 zKYi;L1^3lw%iDe(ahV>8?eo{a-MwqBF8wZ+it8SqdFU*N`+@d!?Avt*xzAt!^X{!% zRIX;29*AxrdP-`-^IpH}#cGECv7yi1`hs7`)!Z2$tO8vuDP%r(g3^AoXmU4;CNX=` z3dilwrq8T>Aerq0Nlc)$DVFUgydj=JYaO}SlS(!>n?gac{V5djp(Ha3H$8rDBnmy_ zNciR2b0if`4YlJ7)868Yt;N1Cs5v+c%SV6@k550>E7{|p(CztsV!=WC%sC64Y`4Qg zcLldu=xXsZS!j;l3nsR$#OW+F$0iF)qzd@io!6zC48b)Px?1pCvd|=*$|j*8XwO11 zm7t+Reu9Sv*4W~qn__c>K;csfsC4^@fPjKuZWUsdC!i4SHQd)V0xE}nNzY+>>N?xV z%kT%Y#&x@oGXiStFX4~cF;Mg@pPGqkd*OHH!6(mF-N%CV9qdjBJaHWdWWeMqy+a%Z zWJ_$=T8PEgf_Ft%%KHVyV*t$}iY$Pl9kpX6<}ECgScATF-pP`3;6+ucKdU) zE4FCS_o+vrRKZN9$|k1DQVxzQM7Lk9x&@X6PCe$~x*KuSsCQ=!YSisIxg zniSnwHU9(#`j{%LG0=4BGa2Zv!b?iF-u@X3bk`Ki{wKU4o8Q|S9*pc`Xx zIs-k$7d9Daj}PC`1t@Sn5YXi%XrDPJplHQmo!#W0dve?KbFK85>@!2@B>~$~;dJhq zVUI|K6?s3av$}J$FSo`!*UJ6Cm!E?4v{R4->l9=AbJ7`_BGcQ~ot=p}K47_!e`a8V zBVr*sK)2XxTs=G~4B^3lT{B%*QFjB{5z7=vP}T3jRlh$EFk;L@7?LANT-a^gUM-jW zZK+|&Utk1XfJ9I_zCYZ9`4mK?6^`4VA;i4>Tzr5OKBP?%x1SWBgTq=!ZuX=W%_Wc_ zD3(bD`9uYI%GFr!PONt|9=O_=ho~M=!KiDek7U&6(+2_`aUfFI@ZaXc-B%+OlPbHU zA}P8tz5fJK@t7*Ck&1NbGfBm+!iin>YWru9id|F0?XP%46~b2=kqhijA>2 zom8CS3!9_@E6UtB0C9>28wbC=2a0Qu-#G99P5jrjjYC&acXI6yzajMm1^uqe#D8Z8 z<5M2(w;os})d8$mP+idAM-dt`*oIt2_*LJ2S!}}KRbHiWO@qXBUg2(eQ`7RMQp=m{ zI_>_Q!FQ0?ZJ@%X_py2vWt`Np{dF7qbsG}vHmt4NkJT|aZ@B2xE1K$6@1wN$-+*@q zd4+k=t*ZX=rC%gX;eFY`NZ4gq8B2#aYA6fhDsvi4mYU-Owi1#GK4HTuA0q{$0UztR z6h%rjV@qZCb(N3#iaI_fJ1UjpV^lP!a6t;VAT%+^4)HN@KNaXu9lG2|dSkTQ3e%4kFh5!#CQSscNS%5q z%z>T{K+hF|)ho#BN6RS|-5=rd^;jmK-6Wl0bu#redGjllH@_lv^D9y}zme5b`0(y7 zyxJ;88y9>=A6U#DSmN?3#Invck%1w7<73s^ z=~R_=bHpbWr>cGCMsUdm1u~^K-`TH;W(SzeD|mQ_$%gieqsBc&9u#J>VVi{_=_2!o z;G12$$r8;7H<=fGv@_TE;E?AW9Ht+xY@8e32FHdMy{q@h#Npv6kvKmLED{)Gb2>!m zaC=s8$ya#WGnq&R>5P{>A-rD%Kj{kk$P(>$rD0Yih=x>S3<{{x;6u~Pa37RfVsrwB zl5)H6de$n44^Z>p^<*d>Yca#1r4l?_37$ZpHLEO@NEDcZ&w7t;_T`d|&TuCx_>i|f zlf%L2W{a;=L+Ec9BQ>@zPQ%|vKPqAuGv1(JX^Dp(r z)j~|kA1YGKNzdWot3<1P%|opq66a!@#P3UHN2|@sKRjG*UG>FL&W;)n3RqjW%fcGT z67!I?t!~}qNM;1B%}RdDqpZ{4z}*ICS(FZs;3!Q!gB$V_2U&qRvgg1gILCpFHRyLlL$FHcy{QdXOfv%eX zF+bH>jX+JFRXxSOE*k#}#=qV^#lJqqzdpskepjbj-!A%f?^Nsih=9EfPql_at;CsD z>PRaY8JT*ewJUf={Obc=Xyxd=Jk8lu;*mmNx1L9>6<7~~O})!Hx!KJy*dP5(*7PJR z{UU3P`aELX_Z%X=(;(Q;a8EI?Pcg86UJUGQKm`BNA+QxmVZ&1p>{AeIdO!OV1p8H) z#kUKA-D4K{VX$9`Sqx|WYP<}H*u{_?@ryC=<$}g>f58R77I6ro3xg7vewAN!RAC@< zonJ-v<~RCN4m`Lp)U#by_op26>LxDuTMqrJ)x^>&s*7%O>k^9q+%b3lcNwN`?#3ji z{@y|=;`1Vma^0*pu4|CE&Me*SIA9tHx^@F3WFe+YVq9OO-)ac-OMiJQ!(Yhbzpjl% zSCbzL(IJdZpim#~Ec#Gr5&SluF%Mf2olqfoPHgxbA5IU0<@g^9JW_a1;H(h-B20uA zVgBoy6}pN#D|Ed{+=TJq>Z$v!w^*$ErMM!v3G*MLdn?g}FHRNlAT9c!O3pFuqbkJ| zX(&j+&5O(1Pp+{9ZgD;$Q=hz_BweZ>s9|^I)a&G?%*!bm*Dbnn>k{`tZN3_x>(u2_ zI4V~KmmQqQWQC-!&!ab&QFVP@9|MZ!fEWE}^1;|V`pXx4p}TysLE_}G;z)V8an27S zWn(n)kc=$ENRaMAx(O!kC-E`NT1OtnbnIb_2I(Ql+6995QP$Itx!<8Bdk5ZFYvXC2Q<+v48C(yD1op-MwcD;p*2 zR&di$3I~2x_Wd8WZCB6!7WNlHyk%{gO|P}Wdrw6zC$6e!jZUQ?o(<&-g2m37@J zOIl*2#7;ta&_{*MmW|Z_WksZ^El8lH0t=?$RMd(dC^;IejLE8j)*^uFhR9Z#vTmhP zK(#0}7CKPWjrI!4Ru~J`lqEJQxhP9pDMD0+w>P+NTjLh|-rKK=U zLu=OPS}{ed(i|8Z*)UF}(q)Av5)I=5DvoAjnt)QGanLUh44uw(%i!3zw#I5|)Wrfa*zAI{3 z+1gpEvc!nmqK~x)&X3%62i-yuQwmFITcQ|L#-eL6sw5Fs@&lJg?z)2$MR18DN(G2Y zh!R_u0#sEoRV%IzTpzhYx8s~Jr7KgRffPE1Xd9u?Tc9pMmj^+P+;yiVtR=Ous8oqv zXV4gBg>58f+_Y321RTXUI>s_o(v(eIQLJ5PUX_RmR+FZw0EPKcFfYng#SOw2&L0Lq z8(tcmFKtbkz@EB#5fVHm$hJf?D`QYcS~6>!N^1%@Ww3>sAA~*%)hmELsTrb$G?-Eq zA!zj0QXE$e9H2f(aulX>Wkzv~us*OvVC9?%oa{KVSh#K*6s4Vi{tvnygK5!m004kp B|EvH2 literal 4156 zcmV-C5X0{uiwFP!00000|Lt8{Z{0Q$e)q39Z{2NSfE-@6Kp%`C#xW2y4_gTP7DyE3 zHIT${F70A}{SK)cDNz#7v74k@1KkZR4$0wg_>mvUvH$kt;nTmX5BAgHH~aC^-TnK2 z9OU80zh8WQsP5kXR+8&JMN2v)p@i#;>gSSGzkd8;Z(jK1b@ld>y{bOiPxo(sv(>L( zKD@P1s#143PNt;v3jft5B@g&7rM~>D%0ATo<17DjvJRI~7Or&BHCp{#eYt!8S^t3l zS1Q9@7XI@vO1Nr=3|&f}Uy7Gk)$Ql1YMScv{TnQ5K#(Cxhg9|M>R&&+uHI${-u&`| zYf|=_|J-MkqWbiuUN8Rc%iEHI&v$Y`vtiAKI&D$Vke4^PdPhpQ0^3TkTqT%SBGV=d zB~k^jHk;X{+YG@}v+wRV`v2kncl*&m|Akid&9DEAy8hBR4ey5bg-@oPoXL`@(am|u zi7Uud$qMHjoCJREzrNb6$oo3ez7C!6b|wuKKG!84CNb~wQ!cjDidgkB+5FcP zeCX=&R-@i(G-Wj^!XK2E!-DEzD&XzsKVHQ}RdpHuXy_|9V_ag;m=E=_1i}n9Ea^7D zB;|vo+(3uP9W|Vo-9VENlU6*|VgWI8B_LY~NJ327DoZ621(pc2 z)}uMVQ8WiuJ8`=wm1-?^|FG1q^Iu=jz2x_g)rSvv?{A&ExFv+DVLIS! zLzI1(zV(ZO`|7jhUB8aFOpnCXi#NaAzqi*{eiuu{O^?q!bQZ+@Kzlm&?WTj=7jOP~ z|IRHc*E38HL^lvUB{kuBuiwpLHN*ed(C2P_!7t=`?u?ICfi9L5GM_s^X}?)4ayN@b zV)mpJj@zG2pIQ4rGTR4|m_TV$EZa|bLp+1lI&!-wm27S{g@R)HQz+s?NoEvodi>r< zlzPUI@XL+oNGhBfYR4C*y~P<@i+x{Eb8r}zj{qN@o_?-Zvd2H6+w=Rxf`j&%a~3+; zZij{L3U0H|)#7Ke&>X!NOl(_;(^+VaO%|3&74Wk=uS>TXf@>^vwcxj8p-DQGO+rD? zo`qs6K|_c91P=|YvBg6-#pVcs!lx2Y>Gl%=0R_L@D#R>LKq1^~xUXvjR1W)+p2POk zb+(b0;Sa?c*X=&e2xw9L6#l3k14YmBshOy*F8$6t_~hBD`&iPxgWU;%C$8gw447=v zJH%l?w#0_5g;;DYcvp0#ykAf}2GA^`$O0(ZQ9D**-oiqOrO2uhJb0tNbo*7)EwC(b>M;-3-H4+`y*p!2qi&DmkphP# z1C7_6Ee4vDT4kU~>GK$9x~jA}=BxRm8R&N7b56KoqiBWQVxXtBwp?4Eih*K{UyXqV z+V3&Yr0B+~`3Er2r&M8$fu>8J$v}4%UQ)94_RnCTyQWz7Kj97W4BB9zCpMRuLf;ny z-58708R#j#u*pDseE5zoK!NjtfG#gV`^-53MJo>L>?Z%*liQ}BYo*U*pBYLo3D}kj zr*qE?dqgU%$opBH)t%dYxi#LoR_;%H`6)*_oK*1C|T< zX9hMnA{L?pbc?OV)x(p*5FY&3HPdw!bvK|Lu}pykRs9}Z_51SxBgQ<0Avu!7h26&O z)pE(-mKv7)1xC;XNCc(h`@=n$PeDXl;kf-7Ld@IG#Ro{?L)sK^`$_RRIIMN#c28>2 zTml(_VwqHsPgIbnT#fba#Clibfvb&qi0Tm)jJkIENJf1=eIVco2O@~PVBN*+dqR;?3yBOf5jUj$KE0pCpNc4nD2~K zY>dU}q~a7`*d!HLQRc=0h*LD!IQZ>7P+Wuj#(@WD;=itK9J-3SlWTwY4XGz6=yzQv z{yRGupYmwG^}s5r4q)AYxun65A~a^O4Y`W&tGWAau?d6Md6mXB4H7qbg}dcVP0O1~ zEpM{xwEK4k-$7otfeM%2r|MOdaZ<{!F;X%b z@UfmtQKUpOwp4dtSNWK)sN-X@qf#k8M#3LD%7q2HXQ?t^W~9rFq`eUXoC!1GmCHr& z!sOL2uC~c{8Fq{Labc;82-aUVu>K-~1s4%hUfI`xO%%P_5CT`pq7hqeHDCc;;DHO~ zB}(=>uhzJ#VB3~c*!Kn| zk~;NLpaVT2fSxP_%U6)s50_Icx&a|ByGuI3>}2X}^6pnG?|wz0Fg|lf)+$=c;|?MtI331u~^KU)ryUW`~%}D|md6$%gie!^S;D9u;V^VVi{_ z=_2!|;G12$%@WNBIGGoHvQyXi=#b|e9j2eIY@8h41qX+hy{q@h#PQ)MkvKsNED{)G zb2>!maCcUC$ya#YGnq&R>5R8MA-rD(KWPJfY>D>!(l9F$L_?}E3I)_?@S*8tzz<3- zF*<=mNx9vZJ!=)jN2vKPdomP{wU}YhQVE`|1WzE)npKucBnr&IXT3+a`*O)fXSfp; ze9Y^f$>CshGoMO4@EP;>pZJ_Oy0d**3LA#~&zleTpZ?zf;-?58W>5b@fcR+v5MFWz zAjVA|Lby(j#Q+gIk~<)=QN!#3;3+7vul-`S&^=9fwk9D|>{}Mx z5V&6UsZhh!+QWuRCU9et$O4WGt84I6EJ}xGaFnJV!VUR}gRHhkLoMXiI z8L@WvRVnMGKLD7%bg^pqEiYDWo3idpo)odR$yv_}T04cb?x^zE(6vnJxLRZpz_!g= z&uBUs#`b4mtyxw{p~E?+S`nN=|2D`0=kjfk|GIxOuy`62py`wbx`svF$7tpwst2dp zxC0)Kv%7RGOroRj;#GwlJ_R~B@F9|*zZfX#2AGedvUxbZE4cHznXcF1XRgSfxgrH3 zIY+3=HWG@+d_`mmLUPWl#cGKKfNUOhpw=-*brgPQzeB!#zjAK1ad+aZ#{$0TKL52f-SW!iMKC*yk|V^nUg^ z4EC!si*FYMyT>f@17W`svl!0$)p!{Yv5O%);umA!%O#B?|AGsEE#eTw7X~FT{W`zu zsKP+zCcld8&2RL_9C&bHsAs#Z?vFX>)lFRR*Bts+tBIvmn9FW+>k^9)+%b3lml>vR z?nWi2{^CL^=JPU)bKR^qu4|CE$t>ONIA9tHx^@F3WGSXgVq9OO-)ac-OMiJQ!(Ykc zzpjl%SCbzL(IJdZpim$1Ec#$*5&S-$F%Mf2olq%wPIUMjA5IU1<@g^9JW_a1;H(t> zB20uAVgBoy6}pN#D|Ed{+=TJq>Z$v^w^*$EwYVa<3G*MLdn@7N7lVp;kQRMZCFhv- zVU=QvG!&%d#mlR^&#tiqZgD;$Q=fd8BweZ>s9|^I)a&G?%&RFG*Dbnn>k(u2_JStZummQqQWQC-!&!ab&QFVP@9|Vf#fS3Jf^1;|V`r8+K!Ml91LE_}e0!ewe zbIy+>kNRaNLx(Oy8Ch;-ST1PI%bnIe`2I(Qr+QowRf!5QQxnH9tdlzGg zQDby;u|65ZeY=!cxL7YYWnN9mxb7Yry2L|JTM8S(5ZFYvXB`*P77|*~a9VRsn5o;= z|C;LBD5gaV2YzHnIMO4zAi8cFqgzQ?LkVqUh54K?-HHPLXAklyP^`htj1on~Y%MHr zxvi)bwgF2e2LK~10~18RmR#%S%ZQ#wMIY# zN(v%*QRu4TZE>Ke8|@XW(2$f1+~w4bMWvW*jitbv23p+7^8@8a%21HDy3!42_}LW3 zT|UxUi`s&f(y)dcs60|}!HlX}qMO$6rYah2zbPzhB~eV&O`{J~AF0Cnib`rh5h)le zMAhm7jBK=`sA`MgRUCjEY0+z07;P9attu*LTd-Kz04}680ofKcIRG4ib{$d@Y9iZ8 zP*Z7PYbK2W+5n@h<`NFTkKj9m!$_LCsccz3ub{rYq?O3lC+SFP>#y5_Q1#y+&HzZMdQ~B z6>hM{l~xKzlW~onMMx_T432CVCmf`fB5E625ncnD!4f5#qE@}CId+>? z+_p`DW7ZV7v6q5c)Lt~rfs-S1-C<4&DkiO<+8AO$Hv)T&-fVD4<$=SI58c5jU<&|? zUIL=1D^#XXrf3;Ky#-ST&X1gVXU1K=Mt`uXp&B%)YaAyiaQdP9DQsRIx$6#Rw4ls1 zg~s_nM6Fz_1V;-bIyG+(Tpzi*Am}YP87z*ctQkS;6YRJ#%2H*t)dxY2+;s<;muYLJ zRDs>mrUC#~qiw+oNvW+40*+$nj%!P5TNBF|GfY|Z3tK51Co4gl;vo1@FfS_6eX!CR zrxP)a0gGdUvj}~T;4~0eFG7OoW+u8hXHrUnc~WUkDTTTcxRZ>AAX8miP%xBu;6DVxM+@=?005Uv8n6HW diff --git a/creusot/tests/should_succeed/closures/07_mutable_capture/why3shapes.gz b/creusot/tests/should_succeed/closures/07_mutable_capture/why3shapes.gz index 08fcd925820ba5e0c6ba16d291cd9d118c10b2c5..72fb174ae8a6e3a9b03dbc7fd7437e2f975b7629 100644 GIT binary patch literal 419 zcmV;U0bKqciwFP!00000|CLldZ-X!p-T4)4ZRz5#*ib1$goF~Q-71eohcPNDfe1|c z_iIBMk+g$h;EeHm+`W6pV-yabaMD9~*8Na-?MukR=qX5H3#QBK)dFCRQn<;LTi@hGY=By=i zTMUY>@4IhZJ{-Ti_?G}lp{iSGQi+j&ax+FEmlKS(I7%Mu-I6^oABn=RP66yzJE+^d z=*G4j{yAmE!FWXi-X{;xm_-LLStwQP6UlhMmZChZaC2(KN}vks_&3!8PKgVnTtkCyO#6SS1A&B&2&1 N`~bu%b0B^N006*E!=?ZL literal 419 zcmV;U0bKqciwFP!00000|CLnBZi6royz>>@+R}?3VB< zF&P}ksW-*D8OFRlOk>kCSy1wtejeao$cg{} diff --git a/creusot/tests/should_succeed/constrained_types/why3shapes.gz b/creusot/tests/should_succeed/constrained_types/why3shapes.gz index 69d11ec06f0a93e38f2c32cffe113fbdd8a5e5d1..0ba9f7ea85666bfc9db68661a7debb34a1bad126 100644 GIT binary patch literal 137 zcmV;40CxW$iwFP!00000|4qj+4#FT50MMON{82l>2SMG8Nz(%u)&}S&k~C0(_WZ`p z>E)dUXm7VsgM(^ICEr2AaAy7EQa&sn*-!V{x0TRJs~-Os7Dr~E5KD!7#3qts!QZvN$q*`3Wd4ig3$v`V&d!zhZfYhi2wiq7ZW~& literal 136 zcmV;30C)c%iwFP!00000|4qlS3c@fD0MPxu;zsS1q*04o5lTNmvX#egI=m-hR` z&FS$@9m>mZEO>C0RPr6K*qxz$e9DJY6a4hgeS5QUy|d&0wKEgA2d<^!E-VX`OqCli qDNFO27(ja!m@j%T!E)^BMlq75K*Jh+q=07Dvw|;?ub;$;0000XLoKbxMJ(WB>iU0rrCwDpu diff --git a/creusot/tests/should_succeed/filter_positive/why3session.xml b/creusot/tests/should_succeed/filter_positive/why3session.xml index 5fa6c4c89b..91f09ecf4a 100644 --- a/creusot/tests/should_succeed/filter_positive/why3session.xml +++ b/creusot/tests/should_succeed/filter_positive/why3session.xml @@ -13,7 +13,7 @@ - + @@ -23,7 +23,7 @@ - + diff --git a/creusot/tests/should_succeed/filter_positive/why3shapes.gz b/creusot/tests/should_succeed/filter_positive/why3shapes.gz index ad4afd0eb26406ccef0952e626cd09fbb26f1c82..368d5fd27b8faaeffbf54e9b23326ffabe6db599 100644 GIT binary patch literal 901 zcmV;01A6=)iwFP!00000|BY2$Z<|UGefO{6Exo-jJNpG&HI-0g3rp2~sz!aPwZM{~ zi%n{9qW=5NF2*+4zPC~mX6Nh7&N+||AEWNYzPc`YbNjAtcb_61ef(=t+t0Q;i__^3vz~if?|Q)>=&yZtJ@T=nVC#R#gA8G{z^ABc_tEaK-L%!_we1%6 z(VkB}33**lTqkU9ZCTz472rqc+szGp8gsphwoOl6 zR7xcn`)61fMdIUAUaX2vU&mhSW98ac((|;P#%;HDbH<@N6?n=Y2viW_?zw;QqczSqxsToT`?~0xUzbDlKZ)!&WUHeEezk+ik&mYE zZ3k1L98KjfI+z;uXvP>1x z4p%A$jSwT4xi2AK5SNeo&CIpK=?AXW!~NYktmjwf;6p6vma|bq9F8L5!xDxH-`rLP=WF{&QRK;rEPJ42EgwQjV*j3;bphesgJ60YZSwZ8E4%Bw z^;2b6w&~oH?;ayp!*MtXolc>Ip0!YCC^GH0{lTH2Ps5kU#@8kbAZ5oBzUaOudUq>z*=jB~02#awQ!hRVrEW+LMYk(5TohCy6F z38oTMT2bgEuL{QVl9enjWm)FAshm{|AZ8}wka3oQ$soxf&Om3N bGLRXF40r~R0n1F5WbxuR+W+%OLkR!?`-aL1 literal 904 zcmV;319$u%iwFP!00000|BY2mZ`(K!z57?_mTvdL8GcAAngT*#Lk5aH6+}-pD2hsi zm95m06ZGGANLjWe+q(slXgFVQIPXdM@G+G|SBAM|(Q`Vb*hR>Rr$Af&Q9j*J~V0EL;CW9?dkY7Wyfw+I_S;Y&UJSd2PFe zc{JyfPtsV|6W0kFjVa4JAq#$lzTMowr!hx-)40n9TnnwH4yo0;?&o9e9M2(}# zecQnlT8yUj7adHc)o8{#9>^I6Go;w2Y2P>7wseh7#%pY|?+;lhooB3vF3D;ps8jXBvNqoiuZ?5>lOLD_Pi3g` z#Dxx5Dh8z?){xG93HgG!eAI7dt{tQwxKHRXu8!!o;EweL) zoZVcy2VAbQry%$noQPz~{2k(M=-`AbZi`2YE_+Wo$Lcjd$OUo8_;)jQK@h072| ztzggq8QGn6n;%-;-Z7Q46XeD<-TRB%JAa3(v>PoiB{we_Fn@%p?q}inKV`dESeB}? z!x)kmL~O epmLBoh#Ythm;>a%@-$EKc<~#_a7KDV2><|E - + @@ -29,7 +29,7 @@ - + @@ -38,13 +38,13 @@ - + - + - + @@ -59,7 +59,7 @@ - + @@ -74,13 +74,13 @@ - + - + @@ -89,7 +89,7 @@ - + @@ -98,40 +98,40 @@ - + - + - + - + - + - + - + - + - + @@ -149,15 +149,15 @@ - + - + - + @@ -200,22 +200,22 @@ - + - + - + - + @@ -228,7 +228,7 @@ - + @@ -247,7 +247,7 @@ - + @@ -341,7 +341,7 @@ - + @@ -356,7 +356,7 @@ - + @@ -374,7 +374,7 @@ - + @@ -383,13 +383,13 @@ - + - + @@ -398,7 +398,7 @@ - + @@ -416,7 +416,7 @@ - + @@ -431,13 +431,13 @@ - + - + @@ -452,10 +452,10 @@ - + - + @@ -467,19 +467,19 @@ - + - + - + @@ -488,10 +488,10 @@ - + - + @@ -500,7 +500,7 @@ - + @@ -519,7 +519,7 @@ - + @@ -530,7 +530,7 @@ - + diff --git a/creusot/tests/should_succeed/hashmap/why3shapes.gz b/creusot/tests/should_succeed/hashmap/why3shapes.gz index 28d515fa55eea9d58e2a4b3237bfae6151ab76f5..25a3f2b8340ee8a578addc3cf747efb8298bd1db 100644 GIT binary patch literal 9693 zcmV<3B_i4%iwFP!00000|LuLravVvLY1B8;4fJk-DVOm1^M2M}K zXd;O$5=k=q>*uNY67CTmfdB~ZkyRjku|@Tnnl5H)j(>Z0{_gkiXL)!2zPx>Ref#Er zpPTb%|9%#phr8RW>o<368GaA%e!sf8{Vn8D{=E9*HkX?mStcd%j)blAcn(eR~{K^_OBThfBFu!=+m5;Zm;+I&aUoyZ|e|mAiTS z952>fg%?-9-o7c9T_vu-B$4_@`16Wb;PRg+@gIM$@a#XrpKC4%9}cSc%XWokSa-$N z{$)?Hryj50y!Zw$vB67j@KOgxNbii$c7YzW5p+YKcbAqZ>Mq^d4VNAe4a6}5Zn)uu z=WqjXM`~$|MtZrT0UB;J0XN*3H8-2F=VRyGt~t7&j%j!n-j$o$q{D13xd^Yz-`yn- z@59YMXs+De8&o;_r-jqDU@A4Z;-a>U%uzfb~ z?RLBTuS?YA>-X2B_m=tt0tXt@Tm2E~w+*Nx>a|(FsX~vQg)6~ctOZ*hv*-QQ^lkV^ z&*>=-@%HW8+YcrGqQ!qD8yYwYh_h>9ChWp=cZ}V0B zE4_v#dxoNK%G-^4BHH>1-worMuc zPMQr9<^SFOQARc16`S_^loc+IC8Qa&a6Kjbx?R!mT`%`L6qr3*EV>qaw=5n`$lDa@ zUUU{#!1jhWw^#Z0uXt0gBGA2l^BWaHKWibjnfkwdgRK>@X0cq4$0{ z=U+G$C`$aO)|Fc7iVD1B4cuKR(|F`PDLbYZ?>oxxhQTu3sDq{Uk?WPMorA|O^2kO7NAzA7Q5Y2Y}4o+-{}7KKE0(68fe4;@5A>xdM(v|NmjyktVU!z9r`~H2<&qMW)7~~^+V!Zn;n@v;)bfKo#oA%Y%rrKu} z^)P9=U~7=E$*h^)>2B)vcV-0U{d^A4<9-UfACwCe8lTkcZo4VEd2WZNo$EaJT0Nfx z&YM?mxNnORixI#de-A-;CvWfixCfQqLG(Mprv(uj%^OJEgPWN}ZCz||y*)R&m};^% zv%f)5aD8@%5jjtIaQ<&2ng6~WaSnY|(s{e37Y6-E0v=rz0(|j!&QZI~g_}E?9uFIa zeo+e(=;Cq0u)9>lC&usB>zlKB_SYN4rRnzoT+aWzy{2`S(M(f`jRVo{Hr8n}anv|* z4!RDcf!b7RZEg7vrgb`*na@T`uBR{f^k$elFUJ3BXD#n8mYBcTG}7O1=HJC8O1!xk zx}7}4e7)Gr8|7jqbgirw{8QC(~n*Df{)+}(71 zG(Fe(8qj|i8x{2WqW3K>9`2T0jNZ+~#OG;itP2CZmS*NC4Q}UpT|YD_>Y59;?cy1J zPy8}IF#f7x@|>#gm8G>*t=wA5(d`>vt!Mt^oC0ytY4=;vQ-GHEV#NXMR~>Hm`NV7C z*TRk-;!=}xi96Oj#7<+kf`cBKAM2S$o74@l=R zOh%AT(0k7ZCB!f0KFLH4@r%Qr&BfdgS{x|5PY=00dg$y}l`NkW61514el#R{KO|-! zB=$bl>^_%jUYe!ke$0Z{ZEbY+0Q-5*V99Z?C>@;shonmGNY#NQ zIdZ5v*NkmMctJQ8<$6o1++xLT*X)o}(p)n`@;UmX3r+4gs>344*4Ej~N7!~Cj&uL|5b~U(^Yug*&b}`QGXTx)veC_%<{+$jUao5Iat=%u1nt0sTYgfYr2jjgcw5wsR zu1)9YT3ocLw6>eKX05wQzFmL-ws+PMm6}Z-pr2o;lJRS!e;FqpZrW3~H1UjS1$w@W z{ADI9>aMZu-3Ot_9iO`LH)YG;nLff@A zL)8zns^j$Q5kzAL<{t{JwOVV@6Qt}CLCVevQnt0s*2?z;DZf^3tomW0>W2@Hkn2SO z=4(4Xwql~upN%g}e+>aT5E(*VNTeqL5y&0Vi$cz0nvFh?J!E&Xhs1V?Hvi=&QOIr* zh1@1l$WQZx*fdXwPxFLC%M+R*IZf>uuk9wwhizxdxc!MT#P4P;YD}$JUftrGk|;9C zr(xUqG;Ci!4IA=l#8|M;rxD{K@ly7TJD4luc2i|qN5^KyusxYE?3jA<%ow)Glp4n7 zK*Gw1D8@kzdl3ioK>8Z!NezqNSN(QbcQNtB)L`EFwbEu2w|617@2ULGp2lMv8usjH zb9AA}UTsWE4a*nvz0`#gA7!`Yw%Jac6dItJJsOeODaa;UeWKs$6MDY`xVvB2DopkU z{bX;jC-h2=`;x9*Og2Hrp_H>-3EAe_&3N^wv0Ox+sO{$4NaT#9Pa1R5uRDDX12SE> z9_}aJ5Yfg)w{5a8_P%$|-%os)!P&PnUtbMwIKkX|`a)kkbWo@3VS{t=dKvh+q^2X|hLR(Ak_GI;N0cTUL%@|RyMuBwUUF&tdk0rmC6Die*v zuPfGXq74^oZZBRe`q+fP#B1hy=$*Sc9Y@rgkbn*^XVQcRLwizB{14sxos)-XTlc;y z*AxF)n%;kwUCw9oS)SwH{k|#%c+*?1rw+92Lpav1Mh9Asezk1gIJ)Zu3ir*?m3l4J zjvF|XM!RCiC8PLnaL5KQW>U4x^qiOvT^F5Hbn0Mt80L3Wl=_}M{bd?0_%Vp^jePiK z&AV)C_wJYRt-IJ5L|P-+4#!kidW<)?8Nv{{LUR@&XLDPpS^s9svag{Jr+4C?WYO^y zm)mvcB@u)C+U=Z^7_=TilI&QK3tkXfOsq>hYA)1J>Ywn4Chy>?HmdtXc(I%_O#pOV z!G-kG3Q#@^USAW%mlrfe9x#RRrmYT{$79DUv@Lq zPjly6g8$uOlP@}@u#=ITIAd(E_ZuHt&NJHO3qoQ~Li2t8@&39SFYwv6pDMPT&p-aU z>7FkZog9wXl$^&0(`4#5<-@+^lkH*~<#0JnAp3G-w|CpTPHa43&_<(^q^s+XyD2xX z$9$VbYUH%!5wvzb+JR=sj2y*tJG^p$a%yNGeZ<9e0pjrdAmgp%L1gv_@y=0*dBr0~ zHN5Tz^=K*ZqZAw@oC+>ezIz~GUi0Ee>}a)YK-_O3{@+dD{(Bz<{C?~v2_rAM6}_El zi}vTGU7K-5#f7Z{`0pOXlMuR$lu1L%Tf-?m?dq^7?FuY%FiDv)_3u$ zE7z7M+EsTz&dWrIG%+4b>npqN=}_Hvjday_PNrRrNnWkYSly0v*#7C5KG{|3 zZ`-S9U9sogDY!}9d4{m?e0(!M@z!pSb$^$=@dx_9;(q@ZBXW$1lI%VkDA}$Jl&lNC zj0|&CmZG6su{``E1?V=xPNvdtvgPA|KVh&9LE6;;hziqr*qj?=Wp1 z-S&2IaxzEsNjTl{w52Jq^-N8Vr18m(A&t>Co!@Vth#1SW?sA?w+#c<54DoI)^+L9e z?q6-vfM^kYw$C$;t?s|8GTjH${gFcSLKg@0fEriA?)L@w1N1aMLiSbb^qyH{j%f(R z?o~r(VP2SrxC8uNe_*c$+KHha;}8&B5Aq09*YQ!x)9xdECq#R+^0XuD_Fj+RL85ky zo}GX<>RG>KsKqhz=#T2HYkb<9V%xo;%ze7tFUYK4_6zRQ;5S=(drPnOQN|ZCXz1;U zEm@=g9ur2}`x6XC8*vQxM};@?2)9xnhoQa?9K8TeX9|Ys{eR6DQPTE-%#d??yj<{F zj0KJl5|`IN9;(je!_>K$tMkp0miRo;-IFMD`M~H-ei>bU9C+Khd{*u74u?EqcWAb9 zs}{e~B(}FW)IBlx!WPG#mWjj%HQn_1%^lTS=2_hzfJ^}FH2mJxVX=R8SlzeHv!~k5 z(stj^Y*_cyUEHx2XUn-Wlt`{guP>#i>t+!~HNTUAt}pK{H)$~aq-VGqb5g|RWWjbU z(p_InuG<$C_b!i)=UCQ4zwB0$Th{xMby;&mnbbq7gIzdl*rjGKD8*J+Etu4~xEVpI z+;f9!^vs~53zS(j7+ohD0tbMNdb#`&#+|;+L9Nr;H+zJ`ENjY^-!giQw85~a*^yYY zOl$|?!k*bK7khTh`UZC4aa-~?Z||}t(66=Lq>l*Pwc2XPZCCBdo@rn(XnygSMtd_1 zuU74tz%+S9kLJ$!ok?Q4T*_9wO4`*y2MllzqJz80zzA81xvG^<6LC5*>Nv)D`XG+!-^hkTU3 zhvuDXGn&Of^N2IwqM6TW7HwiEMi#86S^9l6!x>q^S+m15?^c`AEd4gl(#>g>Zh_|I zIVvIJd~uGpH$9yR*8Mr%PRVNAJ3QT)p?yxKNd1wKfl}Gt%;zV0!Oyp(qBYUJZwn%% zZeIm{)~ysxK8mZm5{eAzFcNa_NQg!0(c+$w*r_%f3ArsjWP@iTA-2Bc+p_W`o%kDR zW_xHJ)C+yW^sM_na_eO+FK2fh4ScFa${&B;{eAV0KE=G*q=p_M(zd_7+_c)^5*?}Z zVc#=XWN;xUouiXpMH@q?zUE@JDV57}zG7!N#L9#&!WI*x_B{FQcuiLN8a&tMoUQ!I zt?bII^h&MdN}Qnu;|G&vek$aHX7cDJ1Evj+kd$3u4J+b}scwf)=@wVkP-X zvX$_U?#)&vt(Q?a?nErwI3AK?hDDj9@a9~)m9#5qp0G~^ZWJ#*DC49}m8U970j}9- zsSKk&65!%3aF|TwmWz6>>`IxH!bq!?k}D-via$9ORx`L_ zSrs9zv^LA+xiVFHol20*o-4mn?h6p2ys4?W#EiERa^*sk{>&^_+VFU;#Y*#)W?z67 zsUM9fSE>)eP7utyE6U$x-0!7O&Mvl%H56+!7Ajk7qgOx?qShY34N|1mWw$dQV zt+ZWfs0Y2$>dR1v;R&+p5{=Lm-0^_nTKvkDkg zWsJj!7HYmk+lftn8GYnHb~O4R;{dDS+TNwW!cL3l>y-}24-dS z%BYo*UyJ-$M3JRLX0rFXq~NlEU6WB~1cpI0^6ko+mHoE)P)r0tXJJx{^Ck&nn6-fkpSAZ)u*QuOE62Ylo!4 zgrA(rL%|!@c+xAUR!)9LY^6|=7uM>;bX6E3o}H=LdU!%b2-Vnv@8?#|uAKS4n8Qd( zE)&9Hq?-F?0dp!w;H4FC5(<>c$V667q!Te5M*9 z5%)^2Ei2kNEi^4xK`M*SK6WyQzBoGL=SBIcg@OFgBD9 zUHVZclpn80RWTt(<9yNx;tYp#tpiZzrSe$hIVZ10qB6QY!TrfgnN~8xLgC69#=JDj z7akeFcO_?28{CeN^(WMyE)=#YrofC*CQA`v0%^V6OPxI{!KMy%ss%2|0X-rAM95bI zFC&>`B1^g$;e$?^M;~O$LK)Q|j}|}y;&l!xP6P0yR#f_ulGG*Z>Y1wlka`4O z#&`N%Q8jgf|LNtQdB$SZ874MLt>DgBZbQ{v*AQiF@Owg@gx{P-;`8lPIZ3-hQ2$O; zR(y4;M!@T;*N$1=+(|{6$ej@D*0YRoLAxMIZCflR#=^2Fg$V#rL)*^=gCOPv+$_?j z4Zf^ok{OM1x*_Mf5oZCnDI$4xu!UuGkDvGZWs)4oj+d!u04M&ifpc%NG7q*5HG-3=602 z{Uk*0R?r38H^j30+_aX`%mpqZ5Q z2#J+9()++Z%ag2Hdk2r7C7+9=^t~Q*aRU7*a~F(CF~ZHQJ{az*sHJ%8RE7s)dF??r zC(xfXsx_IF1c$lC3@(G0$|Y?OZxopnB|17u3$G%>~Mcref{a06|W zB8Y08jSk?u9(;2efX|VH7~!^vT1}17yAX4TNhirD{XX01&p8P02Ed;N;4=(>kHJY6 zqOJ*!O*NG66f1^8kn1j3Z)o`m{Li8LQ(;C6#POj-SK(ELq`l1EDlSUMkbcwx58SGs z2o@fFGMMx#8O>N^OqW=h*Rf=VcWMHQ{XroJRm1l+7Beq}Y*nlh(-G3ay{|rn2?Xv3 zV3!%FA8mcj@Pt^Y+$6+V(wm~3a)A#E)s5Njl}TvCVBmBL)e+0laz898 zTmSv@T8uIh@mlbl=NdF^(6}09;W@D!ZCjwAEC~lr9s6PU4jf7=)BnAJi9w9R7FPXV)z_ zSr%YVmDY(l7g@}^3r0T~K-N@cO;9EW+UAS6R9-6XEo@WrVR=#KCj+TuxZ2ujQHmkF zV5bmjxIkxcx%6>);pJxoNe2&a-SgmdF>xbiUwN`wziWRWsPP!^^;(f~Cjt$q~>ji=9; zAXLc0c^15sS<$CIOmGpiuk;kMkwVHc{KQbd2}>t9Un`%|$pU-MSoQ_su$Cf5QBAha zhMFj!c$;hamwI3tAY7MN+t4WVZET5gA^{naAm%O+z*wv@b&SRbSyr? z6zU8^Jyv@aG!?&`gB`WDj-CZ2o?>k_POFEoaE$FQjL4a z_-7>|<{*qTwaS=m;2_9q9YxZ`>dI_OIBt#8l%qNKxdiRG+9^FkLuAZx|oIaoDYb#bD77C?||rs%i* zzPa_B$1K`nqOpuach^GSs`gGP_=94UQ~ezEvUa{K zI?(+4VXEeU|4E96z)p?yd3=Q^6CtdRR{K#cQn>QnF=srqNiN)wh7?IMI=CAphYN`i zw0)*cXktcw<$01-N(su`Ay#8>AhQdYIW9vV@TyA=;ZecC7MlNFmoC4Gq~G@9&~MXydukuA5`Hy$md!T2ZbH(Oau5Tc-b zp;gEjjc^_zp3hlE-(pS+>9gq2qG^k!EtZ7P z?c?0Sp=6`W_cXcBPFL_YR>ZfGmS{63JI^rREXjb_%vICTg(e-EbZF9vFG5#D+>sDM zNhzyl4ju&p!xDUSRzkbmZu|%@^TlW~N-J`@jd6@w^yVGobd~~S#aMWUmHpy$+2WbV z2;W>tnBWevfeO-CA#-9-haFw+>(C}_vI2TdlA?1FI+@nXLgmat4aAN%|JCR-k`*14 zqd+71SVN_B>Iy}#s!6en-#zG}KY!%Ww5Q(Cv`5n(EqM0XX;h9r30R%x@O=z}L8>XT ztV%Wo_OE?aMWPwWXv>E7Y|xc=UzcXjBR4Un8Z2ms+7(6C0@ue!Ub;U_(lTy$wx|t(kVCuG7QeNYfMPi zS-)?c85^vGe?;HB;-Ls15Gh0B!BF|=optR`dU4vbr2H8Mx`{X9$$k^`i_BA0MjHCF zK_zHiDzk}~j3`FRk~{k4H_d|&f^>F8RKO*DA5ay{WoyXzkQ>wSpuTxNjIDyjiU=n= zYchv2O}?1Q!Jy)?G(Hf^z|Fu9_z|=nPU%_TM}Qwrd-KFAXhIK?>u;9VM6sMPCI!hM zd2sf)4lV^#L&;30j#vA`@T){lk(3=dir$)NW2&mOEXU+z_hCj#Y><>@0osN8G5D6& zaylHzFq(-=`tvvfv9M99`dn1UH~6ExjvtVJU!91VX{$Z{Q-RKhd?_r!&M0qqi%=vb`Op#uMVLPUCeZ7}6&|9b1qT;&6|(qH zok`jxDHc^QsjWs(r}n47Cc}^`=R8awU_smiUtMHSRp^h{=^h*KN1G~y3#Ezu zB-qf$Ta?sH;@@CkQFKAzLZ?VP;%v)0YzPzebK#O%F$!T_@e+vGD7d3P)toVzYAv$E z#r%}mIA#zzT3YH9A*R3?cT(2~S>o05mX9Gd=+)>`gBMNr;8}xbIs!oX|C;avUkc@v z{oye~tWe;kFqm+kW!2=t^^KuE+6& z@1xf75KT#D+TSr1Jou=X@zvzSa}H934qtV`_)}t7!^!-csC_Y%iC%!M)wO0}6M~b@ zj?q~a!rGqjedt;dgS0aGgAp90@KWdxDO=V4I=Nw?`@>Tbog-ex4?BVV31Dks3};Xl zo(B~(6o;vd{;nu|-Dq{}!A4IYM1qhL@J|CgeSVnLnsTx!OBo$Pvt+d^-btVzdf-8{ zrQfy(-<$^E$+qlbklt#h3w?@FlnSF+G+b#`1Lj0G01nJK-hof+2B!gd!pxpRe{#L1 zBqE3Tlp#f-aAh<7foR?j0GMxl$InFPddu%N{;QDWfH`UdnKOz)PPl^61Nq8SJAxq z5KXGmdrV8N6X)%8xuiV-(Dbuo#VqtvjJ48d-b#tZR>tvf<~|FldS{7*%bQ-f=trHv zqfN}Y1=b>Z&cPuFwa2Of5Z-Coqoz(?B9KB2-Gp^e(_Hw35jpRTYY7&(0Of zD>@(8pZ!y)=~i}SRsfXqKA9^fC2F7(sxVfWr>u2J@W*p_MGZGyZaY%zNgf1Q}ExL-|i?q+}zxL z=-c5v8R3tM|M~}2{GM;;xTI8Sx37;%#Hi#ts{bdy}qH! z65D(p2H;KkF!GCU_$4;{k{f=h10$q&Mrb=j&$N;0hM3+xTB4|XbZa*}da!69juGRA z7f$>fUclUuS{kE~Uan|>h8InY8(z$so6Xqsv2kwK9L-P1G&~FM%1v$3VK$FkgxBTo z?vaQ0;pQJSS8i|e6=exv>m;uoKb+nD{bxC+YTsUmH+N^@ZFzTl^S*2{G)})*b3YTL zfr>xhmUR0jU*BPhZYF0xB7AXV_}t7T57aq#Ly65np zZ~rQ1+X-{!(0%BNn=#|ruYE$R;cfY&&4{<>@$d8hDQ|DjHp*mPl{~}m@*8sALUmPi z`)uCY?RNfOm#E3t@2^SkEwu*@9H>xlwMV4iHbxy$uFd*Q5lVU%t^|9r7HoOUp7&4F zui+!5Qz{Sf_U+r-4<-NOkJqy-uc+Ekuiu25&FJecdD_{IqL~DVA2sQH^)mrtLmufy-kFX$CD^PYJ(nPc(ej%k2&sW@(FA*MjfnMdF0K zO_uIMXJG|wZ+LTim2dxwH{~jVyVq}iqfBULEyQ-G{%>Dlt3_<;7Gs5CvBEYRmXas* z-Y@6;O9|U{LywmV{$O!CVl4S&F!@oV$?xU<`7VEW8dMRR%PvnM+5+mw%yekd0A!ULX zX>hgyB!PM=+8Zl5R@2qeGC1l{pFs`1yHck0k@uwRm|}eID8Cy9%XG;@dEM30+EZq? z{4mxn&!)T{4DyYdnB$v{lX{wgYMol__Da4@qj&tG``7#QmOf~p;Rn1cZ{LT`54cY? z=`W=Nw;LL@kN#X1^vH^lZ#12HuR)YcN>ol;+vI7_qu!GHl&EetQ612Qnm%vpS7V)O zpHLKEQnGvPrsyW!4yhe{3Gtx7s?H}}GzA4$NYi$Z`e9^Z46Zgb)0j;6=M zhM`~7!UVc_oG|Pz)$ob&`}O+fte*Y#27YP!J%BIgf8Jixy31&$DaQstw6~3QnoJxu zPMm|#fizH?O0BLf{9sz6lbQK!wB&mFflptCx$|QDU+t{r-NjPpFE*9*@0vjFmq^PSd+_r~j z_&vd8eCYVA#*^n%e6K96rE2-sQjV~1__Utk$vFk$qSNlTqNe~g@x_7zvtM<5yAKnu zg`hg>oCZoE@ou)Pa%W%LCFO zhRF!>3HRRfK?(7TIVPE?A%1Zf*<8$V(BeSZeR|04(L-m)s$}`3EK!Rr(T`?{-p>-V zk0tg#)$Bf(YF?V91V3g@?6x*Kdw~7CXRzcrSn|lh+OeVfkv8=E8mOg}4Oo)dK&h>P zQiqJF+A*RBG&UKmW<-VgR3o}CYb|<$lwBf7**QVVwwl>m`JN!<*UF7WKP(je@Zk}1y(qwZ zZO3FQCK~@Tbdg2g)+#$Ru?Tmi zZ32b-G){<3 z*mgV(+ZRv6hIkq=X6)l>#JEVj6g}e(#>%+eP?^@yv5_%sPh<=`rrbO-hHWCHhOs#i zurhKK>%D=Ox@z{!nJv-VQ zU8u5G8`E6F^2K~Fbs@(`*=@OPwi73r2G-1yM$YVHWRtBv(Qow$y&nMX?iaQKlf6Md z*&FN$y^`a;q-zh8O^|UYL7nJ!!p z?-Mjcw6PJkO%}%9_wfAv1j7tq-_EeU8ellFxkvg!Up#bBr|V$@xOhEvfkyZ=E~WN@ z*uB4}XvS^h+I@Pxrtra?Povcxm_QM{_jY$q$p^yAFBVtT#PS#pPo?Jchc&ksFBUO2abSX)xgJ{QZcfJ$IwePJ?@+&qHf(|Rjw!a zS(+X{%P!`#VV39kcRyAo2XFey^%OwM-i2fBX#~)6#MQE)aWvNn6y6)qm3l4J4h$S} zqh7HC$;kg30NKEdnN%%zdQQxTu8B@6I(4u+4D&b2N^Q?lf0=p* z?|vD-x{HlLq&1RlcT9D;M}LEx!407&RA=FGHrP6i`ZrsaeGPp$eG~sAi;h%0ZkL_s zgb(s-w{uQn&{_mZvg?XmKtZT6u`ckaL8u|uKY@rQ-vCt`)qNnmSdN({26RmULi%X| zD4zw?*F^E<1x=Ah45;?=R5~A^;k&t)mz$B*u5*C-0IgAUKc4pY;%R@`%~U^)oo@mD zcZ*fN=#;`vL~`PcvBBPNFtnUUw96O7i9G?$_u=FHWj84B*)~oUTj2ALziztp#jKOV z5u2QI|6m$S{ib}_w|uglZKE76hY4g~ZtV7Mo!5ztCk)zXbdq#+{c$(s=JgnFvq+7c z<~)Md4x=5YhRn!OeQt+W4p2@N4Wy5Jah-!Wq#x{f%XyG9dxUuBD8#(rk)s-3_k()0 z6!=jJ4iZiomnq*p5HK%!aU}0(wQS(H-{SaxH-Y=_eH8Hfc{d3ddC{%t?Mz$LKhGr( zS4&hKRWT9xpqg74?9E;)@Pf?G@jUNBX`j!wZ~MTwfjfIz*-@-p73?XtM=4GRbWcgU zPZfXi+!qg<`+PR}kC{s1OHU>KfVp&(nDVbIr@Rx?1GY^Z5M%y@UN z+@8-H&;i!%0Udh_|DRbfAD_Vqp=kN;1^^Hru6p=-Hc#r;GrAL7+bgT{ftVcF8dqOB zI;PQLW6B1FiOI@K|9)tr#i}wyUHozH>6|Y7FvfdB);)q{H^9WB6oOsDEvro^{!t zccST110O+uVXCF;}Nht z0>vH0s|O)q(Y1Sw*_Qj1z1%UUJ67&E=Ans^=N)EyA|ZS6AkK{|XmVVeYfA?=N64W( zs;RE(SzBtWEo8Yo$N;KiS5%h|JluC4?`F!&0{}!m$vl*wG7patYWZyo^`{GvykCH( z$Ml|5mgeXG4vN(@>wLCuZFIE^o4qi3PnM5r-)7iwC~;P5c+ugb>35hmNw>XSoSe)N zeGpD}JZ)(TY^AB`ku*MeF{Cltrt|yl6A@#6);-Qchg;GfV2E#PsTZPkbpL4+21JYK zvwfa%Y;}LH%5)!0_eToR3OyXq18Q6eyB`bi2k2>jgzT%<=smN@98(dp-K&Po!n`mK zfdl+rJg`>-?f6iS0R+UZ2O$F0HGGuvwEIZkanT;FJnhJKdoLn*kf_hpBThSLd50E%AB0yC+fR@`2u+{4%=yIOc8Z@>#LNI~?+e-J#jaty;XLNo;R% zsC#_wg)NRfH4}*ss=Dd%n>#AE+-G&a12SP?r{VXm4vYP(!|J|mo;}5OmbUwLX2ZIt z?Bb5KI9raLp+Is?dVMK8T{nv`s`;G=bbWbuxe0^mCq2W{7?UC{CkwV?mhSmt^4xAz z+`BwFo?}@H{jyt0Zc*<`)@98NMN$u;4tC+JVHcXcpcGqKwO~@`;${Sea?cH_(KCaJ zCXi>*V04Xa2pkw})XU{d72enSC-|P_%v#cpwe9MR$X@g-;wIi`+nb?kn3wvg} zz1Xv3)>p909=9cb^ZG7Z0R39)P56kwTPv-G*ml)Y_DlnVLGz2pG}@P8c(rQB1g60& zdNg;&?@SWY1wUyN?8DUcI6dgw%yC7^(1remmWfB zQ2zRV%Kj*t5tQz`)3R@5b6uuc_rV=H4U|xr|D*!u!

    6N$b$7WOTUk1fRQCWYj&9C-C|RkrQhbWbaR@eTcCM)j!MWlU!0@u zOHXHlb$?E;Q?gp`9a48@Xdja)Qh#J*pj5Um^Z7|A`1zJpv?|*Dwje_4b}R6+Zl!2) zDX#8vC^DqONXWe-Ar_@ai+e_5r`T*Hf}hp@)dH?YozoRy&-dBb6@pJ#z`8>a&*B z*_4H}Mseq(M}kx(iF3YUXVD05SdfMRI&sBBtySS!)*?mH`kb?sU%8cCnU!9tm0XE4 zo;?@A3!c0RRTZa1&N*q3tkh`ZoO`?C-mHXM3A++_&?})<0)@p&@ReZryy9-fkd1pn|LTJlG(KRJmGvmIdbLm#nuB3U&Hj_mUi?+crc(f&=qt-KU3pp@a&> z`&c8((RxucNF=6c`NhZ)I%C2K&{R|^is$My=QaqRk}k@TfEu>aAj++@U1_KXz0&H- zQ0Eo6B6z^Kg-~-$WQAk!KFMfB;Eg)|6$#{uxTa;s+*VOUF9POwh%81Une5mnzAlX+ zmQZB|7j?-jF%BE-0c#HB6~I3^e4qYeSKm7hDdvVLXV zchMWiSjshXSCr(y6~ZzNa9|SV0Q6g;-Z-&x{5$HCP}Mq>U_5=4(UrimN=my_f^pj9 z)+fDkYUSj2)UANt2np@PT}q`|7$ArtMhv~mEU4BkU_ZBVcIC|X)j2LrsznPxiyZOW z*(^hbR0hv=s+KzE`O35Ju4ma)?kaG$jfMFLj4Fi(fXjkIE_rM{Q!6i5UVNur41hp@ zg*r)5m8v{R2VW$a;z|vbRkEI(%2Ht}O~t8vtAOJN4KTF8kdGlBLq3Ll4EY%HG2~;& z$G|GT@@@r(1^$ZH-wTIog5za;#eV|uM*&i2%R?&OI_bFX{fD2MNz4Z!qhUr13(v|X z0YwKl7nW5k#|t3@PBl;!KP{J%WawPs9+NJ@R1=T_1c`9VOoFCqTtZbGb#bcfr{`F9 zDHH+U$b(Bxsw8ujrB-JW+@uP4IN-0?q!h5BnGO6P_l|nBGfSx%2R1U4p8a)@nMEvN& zY|tfn4wqfatYyb})BpNouq$`d6o;Xj!Z%!le*+wFoDvHX1JC~z@5h#Kw&qIO} zX-jSk?_7~4awm@Uy4$r+(4nw&^-wK37Pg$NQu5OZSOY>&rf$7G4Z>ySi( zgaxaju#$F-eKw78$gBB@e~UX8P6I8#Ohu?eVZ2j;drn)*kzBvF#RubsAC%GJ#LGkW z-wN%6WsymEd7N9zj2A|#?21vM^P)8sJn{5cp3+Wjg~wczN!-K&FG5R(8E=@aA$4ny zAdG{u6K@~5rp6enKtBd%MiiMe3r_Ovlh#FNaxJdNR;U~h+zo&~4Z!CJ|EB#}p16k=@*yyI zm{JtZN(nV{7J5U=Pt5-u;p9dIXQBOJd2{5f=ERB(Rd`)>aT?N(Qs@J>>L+4LPF%o) z%r3zYMyE{Ds%V>2V4iuwCv34lC<{VLR+>~oQz~0!gpEZF3)QW&-)ko&?IS^gxy%???E>b#ky;54KfWeEEGk?7{r6Qz zNUmTReuUTPpXNGXD6>v1S}D4{8j6x|=&55rOuwVZ6tN#|lqLex!@5FyF6Gri#rXnlnEYV*-b-Umb(rA8T;2RL!_c zF&m`QdB<^~>nCFjtYvoST#_|ruc|j-i?o*28V#K^7#E{{GR6QT8D(WI+yD;?qm>d0 zh&jltP4s4W!RRMr5DPKu>={60RtgYWS|*EjMhOnbDlISS{A5guo{kWd%(L=dYf~kM zR`xK`DVNOb^1{nc#w1olsB~3;HrflRtcfl%LxJpt0pRT}j{IZ{3R%=*Lg6)PUP*R% zk_jda(@#gA&pAbgI%32ZM_?u=rxmSgDTt0`#pt56tXiJF;I zU50mWLvg&Qq+#Atsz8Z7g>0mdq6|OL)o;Sm3C`CFt>W89GYO z;%=|yldtc5eJ%jYaF$uBf{U1irG*Z7%++~geNJ_k3*w6{0DgV$R7iyL!DtgQ{HCI- zas}Nt0#f4q0(ZWR7}>ASIhCSSGRIJ}4HA;X6lBcPJrBYQ+R)nK+z%DE@D1?a0CR@q zl+A*>A|<-#Aj`U#sA}ES>0jLCJ@M$oqZ5x#JUa1cgByWc1IXxV(gwz#mRE&!*%$|eEq!fQehJD6_gT(Dx+#*fia_0VTSgDi(xE#O;^+j{+Sv# zR{Nlkh!#}2o+0C1{_f~FeRC#{ft&QO*xu#pN$(@2F0tE#miKa6<+ELNsn+I zy>zxoJI#KY{$GM16^f~}X{{3jNkPYeHkpr=?ohOOoPJ-DsO*^WP-wb@0Gi-kR&p_+ z%~WwV#*Rz+%M<2f(K2P5yfIQIF9Op{i&TouV3ufdL|UAbdHZd?9C3_C8+aDl>71E? zwG6>=x?DEkpBU(dD?zq~jLp{~5?--Yl@_)ITx25Dv+5YAW{L&h&h&})LnaWF!bA$m zzb?^`N9E|QH+ZJW0e<+TcnB;Q*bmQRM>HyjVgKfc7dk-cxF`S;LXx?7D@#!#B>Y1` zqBNNr@$TF01W#znM8`@dRYJ?)+dPk%%lAEk#EujXAQ0LAXPIFad z$Wjv}phTf)vifhkGhQUGqe8u8#^}my#hAr!m7>Oc={kc70e%J0?|0L&Tw$0Qz^@A2 zM4vJ79gqT0gmWc!2S5d&y-?q22X&CNYV89D#)hX*S<(#{!nP?++tWlnK{G|a?f2c= zf)+VldQ;&cQNVC0$-uWvsrr;n8s$`f2c3xta6`fLh^&e-v{ovMj-HlFqv>MPS_7JY zKb>Oa1p*cr<#?{ldtP|K#Dk;mHPp+f7Rg=t-a02NW2)L{;E!{sVhDh=UJHTQ7Jcb3 zkEYJZuS{t2k;6fxl-1srnYpTe1%8NTs3ehP0$QDK^fU^ z;0le}wdvH^SDm>+RgmQzpf3x`7wdt_6i-z^6Z_Ot>%JX|S&%VvZj^%XS~!R~VeA$2 z!n>F%KUZi$5$-Z#w|3f?8JDeg$IfBElF3Dw;;Ux`y1C|BDP+pl(D~#>(=wSbs;!V2 z`Iv?<$GG(=IP|9aKs&WO1yMX*Fb_whVMk+VRqjdJ3&y6D;K4FQZW!5`5TLS4DKdNJ z+lq&wHtmzOncKDp&%SFmo>PcC$a!5UTM{+HO%?umbIkvGW$VT-#7> z$iNkWajBcnX(4?U4O&!fQME-J7Gs3! z(%wRkwKcPjF85VvlLc-{O7JC6OcanX(ohU|e30Rk8fUtl{o|TI^*%Ay)&@{>7Z{t zmm-q?<*ik)T3m^gS!qZ~a@w<`_!$Pesc+OL`%Tba>24{w#}wYG7y)aHK+eGk0Y8Sb zj(+(~_d(HF6S_j)a%<@dYPbnS2LDM6;m`_EDE2)xxjP`+L%h%(YI|dNr4TL!Yn|$a6d%9Y5&{_Wm3%O zFyJ6MQnaE=2MTPk?D~!VQC!Cl*nc|8Ewd@LhAM3Y=v6KR=43V100=jf>8bzfhvoxR zSxhBz&$5ajT31&E&@IrIfbY_FS|tVf&=LlDm_GqeSjtJkndBwwP!oJ4Oc8+5YU#%3 z;2TfqZ*x-oQ(KLoM(t0*8=)i*menYI4l)WYq!Kl1Uukis^Zunm|7cT%_(EY~KM8L% zi`qD2ICxZ?Eu{o4D_s$;q^-Gjydj>bpNcOz0tVX3jpm$tBZ882Jc(JuwJlY3d@(;I zZ|IMy#$2dPko%`bp*57L?QME+X5>-iqK4^d9eq>%_hTtT5E_6=$Lw7)As1F^j+ozgDYE%abUu~(c;f5vKAM5s z&3rAv8AmsHxb`R4G}Fe$Tsxn%?RuSf`(RzFVUd##P8v@q^_}zuNgz3~phLH|(fD}c z@1rnbR5m3qQlVQ#=$1Lds*yQz>$#D=PEaQve+rL9RmBRpYhEQD1w1z{xiXOE5|rri z0G(AKUfUCYABx{~ib8R)meXIsHpZ|}nDs(ex+~GP2s??!B^sBOotXUz%vPmv*fpq! z>cD1b53cCaL77-iyr!PnXbFT!5OQMt(=fg|$hpo;%aW`Bmdg=7Yx1&axEOqpau99l zx9yp4P6O~{OG{C3&qRXsOP1QwiPH_56!0T<1K`j($2;cJy1{7xo-nc@8>kuKXvfFJ z#M_+@i~^2RNmca&fKIv-^PfKaOwyq+2~`6->q=xL8k4PdrJ|kCGhd$u;B&3|^I&}j z1w4T?&RA`epq7|R=BA7n{YrOYSlcRQ@WJUXRS5b!@pPZ8Hl+j;gvu%j-rb^$_9$$G z!bP0@srbXJ%JfI9LUxu36)KOqs9KPqvJu_&fD*)vdnKOz)C^Ou0s}Z09Kb74q*pFg zCT-Lfo^q5FZ7gX|05tvVyy7mTgodS$fm>!n4B5tPT*)Q5+WjrsCS2b1!bLyo#JqNp zANtxc?pzT;@={Ya)!9Uc7%kLTW1eCl+>^xhJG|bWm^hoQjFwvf(3N$;3JLc~BD&A?UA2=V&PAz|v9Y0ri0q3iX~CxBx;zfty%d z@pSP6{6};abXe~zw4WZPvNNHE^Q#B+uGip~f2 zXa5vRx|Lm-6&T8SZ|h@H0#ePRsm5iVvevYiL6_22B{FI;$gPJq0XgAwtHPPjWY0oQ Y3N}t8Zwec7gF$EiA1{n`+duUH0O%$UmH+?% diff --git a/creusot/tests/should_succeed/hillel/why3session.xml b/creusot/tests/should_succeed/hillel/why3session.xml index b172d8b2a0..415e7a143a 100644 --- a/creusot/tests/should_succeed/hillel/why3session.xml +++ b/creusot/tests/should_succeed/hillel/why3session.xml @@ -9,276 +9,269 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - - - - - + - + - + - - - - - + - + - + - + + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/hillel/why3shapes.gz b/creusot/tests/should_succeed/hillel/why3shapes.gz index 7ef9ddde523b2d19c02c4cbfa17b63dcb08bcfff..223040d06c5b0dae81dac42bc0263e4b65f08a0e 100644 GIT binary patch literal 6994 zcmV-Y8?EFYiwFP!00000|Lt6Dj~us={=UCrzva$C02beQumTJO3$uWc0Cz#-K4n3& z+4A~UJM!+zasK^1B)faMd!|Pt$x^hEk=V=TOR=h0uVjt?L&VsG^QclxGR7A zh(-^!v75D>sVsQ8IR?kfy1px26|h-@mG_AZ6AHv*lQQTLttn`1w6};}qSAq7j#QCZ$WxQ6GXW3d^bcS9` zW@SuQ_jxz0GHY#w|^ z)<3)r?=6&v2EbMWa6+l70kFqSiW^Lm`yhM<=wD6d(H z9oK^nnPcjS33f$2^XcT#1Auj>wd3c!D8a!htSAT^46I54tyu<9EW@hOt}i-a5BOR3 zfWO-wh_md0IAISU1kVe@)XUOR{x1Eq;WB^uw}7kVpE7hV{j*539`U31Z97cs0eZy$bI4_4$nSb2UheA70vfac4gy06>^ zMPoRl8?zoC5xn>^K;j2e3UJfd0VEV-Xj-s*Xgm1HF>He|8KX6ViAB7&7cOjhpStUZ z^h-l>&9uwRfmi8qKD!|`Rjt}nO`kdnelTt7Wwi(M(Lx&K-GJYl`(67sriUEhJ%ep8 zb~SsFYDe7AKp3>2YKKXa)n%!jLPP+NUcY(#S9a(FS44Kf!-s^NjUPM<=J27i%wDW( zrXB{`l-~66kPTF2-mEj5vV8|l8A)|`FnDWwP3>M5t~vZ(P&fkUsdm_2J#51(57p2p z2CU3|dw288+cW{k{jVur6d4;^&Zpb-I`iV%X8rYlfBWV(v5UdJqkFRP5?J;9%g!l3 zD)fhkbpMEqB=7U;r`^Njb)J{E`)i$ z-CcV#>@gR7e@zSbAg244@o|g(YXL)|SJx3}Hq`qu-CtwZ++CrFp*fBM(XuLk4RdPy zdHH+2yKM^(YG=Q{7{~IwUfS!tBJLHE97o25ldjv{?#-TiXx%*S6{kARJqGo2+^8ax zMbiI#k)6lSgXGR9Ui=m4?N3@vC7|GE5cP^A*vo<2-}!67 z&ZV4&>GgET|6}+>KX?04{2?E9_xHPhruI*-|1VF(cz1K>Z_At)KJH#aiylFL9(i&7 z*WF#(qfy~K+}ypwoZVd`s0Z=l`hRw>Q-ijxBv5VkC#=fW1qB#@3UwURv#F-iFtr0` zs%jxuxH0jhuMNE{dM=jHchC^Eb+gU@9TJ<-ahQ$ z^zV1EYFS?9A28*bRR-*h`oQ1Sb#<3>CbHF`$%fCK9Z1x>LHlPb(tJJ{g@_N@yb;_l zm!a>1o?L=1HbAC!6<*DQT~-X!d{6U72QY`W*1@_ixk8 z+Do5iUu8*8Qf}_C-w&iocj`B&@TXptmR=9u8BxctzQzRS`2aqc&2_)W&+}jWnCI(p z&s-U4vcs1B_h1Q!h=)}hi}2 zZASaOnUk~GhnkxSW!29XApu`5UOaC0-Yg@(herpw+d2MZGjUCuGhErG$hPylO>u*} z>I66M>qIvTFFauqT-0Xo*?S-UQHC6mFO+e!*V4`V>-c73G&Ub+ ze`a{CTK3aca&ywgZjM;x&C+ylmd1TEaTmKnF#Z%rx8pNMwi9#TwWFyc+KKFY#^utN z9$A*i{iMMQ%jxanj`q>SZV$iUn#Z2y-u_b@`t`geKN0Focj8qeLE1Tfc18R*Ct|u& zN#}tbJ36eYJx2d{!z}gq!5h_^ zB0}pt`*{L(#n8)fx$>n)l_hFFsW)X>O-vaUjHV1z#+Lpu-y#A`ZdH<{s5|J` zQ@NiU>BmWyod=IfQ6X3LNhH31=#$QWma)OjHYJ2W*Z7bHF-!N4y+r>WSJ3huSI}yI z1ugT7`fzn@Pu)hlgWG6%Fy*T1fID#~x_<_kTu;{Ljm4d4zNe;{)tp@}v-0$tFPGOI zaL4CVqIxB&=HRc6+>-Oj?YUSbV{$bmgcy768W)ba#(BgFtAv4+=*dc zep-^I5#^ETxi6qF=`N-Pgt+#;K0~SQ^*aH&nh^J~@Ic|__XW3q!R2yz8mNXQH-=lu z_uI1CTzLD*PQ}+9J7mqzJLC*to}XvuHf+_5$p>1KcW2!zLvC%xRu&iS8g0v)q%Ln7 zjW*>?5`P=R@JHiMc0*>M3thdo8dg1)Hv1ts!--$PNPf;7M}MqOF=g7|l!U(8`x>qK zM;u+ngGeoBp-SF(C5Xh#MGz&=UA>rCfUO3RTK2J!s$4dM`y2e;D@0L|UEP4) z_?!O?*PS1G1<#MY*{(LQPT9v{DrD&g|Cjn^-%!ll{{DG0TsAhv^f#*E{c(U}-}jT% zu&53VUq9xOkw{llpjSs=(g>3#Psp#Y@BQ7Ya;r3c6m0nowsRF{CGI8B9iA;Tow$@Z|68JG2>O=DHmOE@}iJJLq1)3@w^Vz*3{XTYw_$? zCvengKTF8)JiGbv`)|Iis~kG9Zg?h!!29rU-QILv_VT4FD;I!G*A-vyioS6+=oq;< zuwhcg8)j^dqFrE8P|R&R0@MfCQEx_LsTJ$bX?Z>snkkc?AM9f0$5MAbq^?TtSlv0L z$s8avqiqfIy(q@reHu$WCUN#skZjflc3>#%Oy{7Ijf*9Ku9hO}lbVOP1r#L)&s#_2Ra;ru=^}d^t>+$*vK63 zO@vIcy*ZR@@ICvfvy+DTlbVtGnfuv(6n_qDM%Yj@f;sb=5w@%up&sD=I!p2% z##l5$wfsWW)>yxVoeKu!#*&fWhhNYA>zljln?Z)_B@=qun=GOqcaZM|=Y&{&G#sp} z1g^{(9m2IRO9g&${oi@V{G?I`f3=5wQ^ltFaFr?QR}LTh;xQVl$7=t`Nt%|6t-O5G zlKnJ+)N>ESf5<`3PBOz-97cIwA026yp*8Mq_J9^M54SvW=GhyppICu+>Z!jcYpKql;UNt9WalI zpD*luSkN2pVod9I9-#d&{v23tjQ5s1&nZ{x=$qPbDwB>B{wbQ;aM42>ZMZ5?z^|gV z#;VthL`8;;MtpMS*C#}0a^BbPV=>=(*4ONubG~M)XDsU(%Xgh|z92b^iasWsBZ!Ww zIDWJkp6e06JOocuqwCtyVqq_aJ7a z{_rdW8mSH{A2~Ynt*}(@l1Q~y`*`Nw`m7`Hf6g;kP$`J&k35DG6_8+tt|gF4t&~8X zwZ$wh$!1Lzn|o>j3{cp;y=x!*pQrc8qg$W!Wp8+aMtYU*FL%GD`wqI93)%X@fIdde z%lO{1ZHCa54{m7q#oB&y{`X|wO?|iD8Zs+ zz4hJEc)NGZLf*9+96IS4?AS z{vm<6SOn($-HFce-+Ug;bk+*+#gSl*pA~NNlgW-aJ8WOw?dSbP!+ZQ{gWN~_k^mv} za#_h9zF$usrn$q1?<>#z1;c85TX2-?9{eMJ!656q;x(7Q+bD&I$|aIX}{5Vt4lwhubfev{$ zHl?xk_wRNdK{jT19kbQ@_P+o(>WsZM6LXfgKK@oA`P7z8=1mb8e|bLq*JK)LC+JwU z$~3@VmZM~li~135#<9lezQ)t&eD`lvWB0#NuL6ahnaDMUW~24@>gYvtvm)e2)?{au z&%(IP%*&!<>SQscAjXG)acI`w#uCt7uAh8a_Dh~vEBb%Tu_h*E}Q%XOLZ1nh_ZphulsP8xRCoAaT^Y}NXf@vcr`M)PZ{SLWBtkee&=Zw!~ zyqnqBw_GVjoo?XVEZl|A%n#tl65*m7?Si~*oGcB~xGZ4!cc}<+rq;DO0~`eYDwyir z>R*4H&gOaAVWy?6E|*r+GW`ld`r0S!GP$2PyxFp8sXi9%>s#IU8tqi6Zv`Z$hS%us z?QOh&`}*QSNkN)h-AdgWMlMF>I>oH(Tq`>vFYVTB^;T`=R&4o}w(NqWRV{0+je*5r zJ(Edz9i8OP$~K8hVq3RZ!#G?6i4IGG6v27pQ__n27=0@=T@vO|nd+E}Omo3I)oIl! z-3HlN7YW}TmjKV@mblmow&iZi?UtJ@*ITZ(7(hSgTTWZfw&b>Cw`8`Yx1@j(VWAjt zavUL}C(g+xFD2|XQ_iZ?24z*W>Qb1k&|9Il0)${4-wOKZUAZJ;$v6V>js-9;MdB?e z>^i5Jyp(J!+*a66us12sERL!(oh8*p9-Ot-3ns{S9rKq`Y$e}H`eYci&QjE&^O~`? z?Yv2FC0r}kniQpPGxbuH|I1H_2TPGjDRhupMx|0Gv}+Yn{^@G)iWN=(3H^Dn={jRv zf|6Kaq!!jnO_oS~eTBhDyF7L#GH zT)}5VHElHx-F+DtbJ41hgfnnxAtk4E)GjEeB`jTQifz+wYiMgqL))ze4SK5qOK!E; zYX0x0!8k!8Y6@L|Nm2p-W}Od0co7n@;uDSB8nHF}izg;$G482IH}OGt|KYA3QD$)b7lfbWi->I#WUkkxW%Z_)h<0g7* zj84|H5g8{Dh$dyT@pPbBe`RD#>X2+1-391v=MY_qs6^mQM?&IX$hKc2^Z_6b^ z_A6Q!9CyjU7R!j#26;Y|nHUt>eRZVs)*-!all1xa#lzo3WV(p@Is7Ri=}J20GWuFs zAejxeONe5-q&#BuHp-w(tDq0ex8{-+!g&*cy;)%38TBfb#G76uNW456a`6kdZQc?9h0T5<$y7`Tiv zo;>*CV-y;(vq1>06mnF_gH9|*la!Z`_%<12JExVlLU{#GY?I12zkx|ICUNFqYVy*& z7J$B7GK3JuhZszfDRe;_>yQ9yGE946!+2zO{gzq}Pyt^2?Cxc^#scEr`-CzqBaDc}yZH z+v%PZdLraR$84*(jcpettP6Rg4Ch^l%s6F4PY!=VBq3B63VB=P!bNyn-+4uy=0Z!j z5&>bu&V;QgyAu9dIcefUI?woORX97 z*w~buC5!w3M3Q6|EkYh9m5gKq!4??LS*JyU93j050TZzUm_o>;Npjf87RI3EN%9sx zFli-P*4ZFB4J1s51;9)KGjNrp9v6mAo8UX;a>AB6Z=+(QUB`Vy-p1u6hau&#q=dsF zoEG7@NCQm`a&vsDGPwY%GHWppr${(P!Z{KSk`ya^*uT%`M>PkMkR-KjzBU&Oc>+Ub z&?Xi_dGI5M3F&-ZfU1Ab-E{~5m!$C4Ax+b+#d*u*rMIS~SnspJfKP}47p4>5`D6um zA_Ae<+TdMq(FB($zcvw^RaOVAfZBW-JXF4SL>ksH)`nI?q-BeQ4suxFhT@H0nj_f$!j>067Ry(6I?yP*AtvQ!Os&MJs~b41V&`C8O*q2o>8A1 z=a>ypB4<4;7=waa=$vdF_KrEo8MO@o3n5}5n=LhVvF0o~J~jU2VrLC!Lc&a036tF+ zNQ32)21lP?QLx(OfA|+mLl>b}J|)vdBQ;YRUx+P}3a*0_JULi9buoOGr0gH2pvL9sf{et1%vP;X)`Pc*Xh)AVVCtwq;x;#7c3evhaGIs z5D=Yj5cs#n9GSRs(y;*h&S3>jN|GY-Vy`skt-9nAgh>!DLA(I*0>mTJ-~tQ~V1US1 zEdVDlPfVDUFJ-<`6^jgr zQb0V#WaOTb=ox4KVBRt2spOFJsjRTPP0A6ne3RNB5sS64cLV^>^Y543AADT%5gxMV zbQ`6&2;pJ*j7G-X3g_F-#ZW^t4dQfuXwEzZ6R4l88zMB}F2kMD#s%{OMAt zG(547u2YJIuGNY&shRJBlO}LBP$-@@mBCw>2-2<9NEs8!jw$0M5+fVBT;}*yP|1W( kK`>)gkX}fIoG%5(x-PWnv%^`+r%&ns12nj;&&-Pe0CGLpNB{r; literal 7365 zcmV;$96IA4iwFP!00000|Lt6DZzQ*o{;pr4Z@Kd#0E_QDcnu5|7Dj-P0Cz#-K1E=& zNn1XxW+Q2B=ilE$vR`MWXJ_A>l{ZM%!{$q|s#tug*sRund~^BulYbK*FMo*-kGH$~ z|GLzd-~8vr(?9&}{Vxr>>PytnP~;6CilPxiQ8x1G!hieH-^KeMpMLV7dUv<`_2%`i zi+7FkPrIAj`zQZ;^S^)E6oUIbt}AUd5LAu6y14Z(QSRbzH+Q=qZ-f7PV;WM8yY}DW zwM zs`Of$;~JvvFEd&Hc)tq=o$a)S!$RAN1sHVEyt+)ghs%fCAAfqfdE>idh~Qr|Wc;7s z+b9qBzbX6wgcaBQZ;k_s?QzL|051b+dm37v!^Y*q#^u9$^7q=foEonCjjQ*Kj;mn< z=_6Y+4>c=W)BicQ9gr*2tclO5*#E&Gj3~1oG_0&Vts#Oah_JRjE-wc#Q^`M02}<)1QjF8qr?iyD5F?c=81y}j=q_gV)~ zxQnS`g1>#dd3@VGMhq+<)9^+VJ8MJ@Hgd?)kE$JS-n@PMX+2(%%XsDGLGx|b$W2A5 zy{0;^oZ_M}qS1|650MD2d_P9w2VDwr)7XKeY1~k>ScswQ;4H_;4X82(Yy`kX$TnFV zrhJI$<}v=GA-M+hGHc++__XYu1F+dvt2KRKc8vM}aq6n#!m_nUMtL%@_vT^Oy$$g( z$6_xsx>s*L0E-(6!0V~29XicMm!Wn}5r!XMzj^v+_P~QuM7Fo#L1qIT9(cCh;Q@xM z=DOQA_c3nlVtmt^1J{G@7L^%triw*0LACibF6jXUO;x5|lJCs~7`fORw%;7K;Z=od zC}2ig`@X%u{m0ulBgg$OFPAZ?f>@n&0S;{1I(j(Ht{~O8VBrG z&ec(=KR(8XCmc!gJU{-ldwjad{ql6*jGVyM#-@v>f4+&AsPqrF9xyRFomrQ%CHwJj z9%9(tceleFOSAVkIbvBr-F)8CK2Fg;?a`2^)wKot8k_qmKHOl|TwSS%p*XgJ(K0GO z4Sj0)W%<3?-E~C=wX&aIjBUAJZ|t>SvGz(yjxFQBS=HTc_h!-_O1DqbzNv0>;-Ef` z6IEuiN&27h>wg{$ciHdaFW_!kXfd~YK2iJm&=}4dNR40zL-R%w>^MKvZzI9323>#S zZv;D6ZW_ARwIToa;Su%RO|AGL-|ikBcE85%Pp|(kcSL)-z4v#e&nq8xud#=oAbxIn zb@P|qeVo{+^d4{Te?*_%eIuwR@#^M(cCTZDvaKReE%xiH%G8AgZ2wAiY}AXcrpho! zfipL15m&lld%Vm)2ja>>++houTH8ZQDedha>c<_P8&s*Uvk%BLlQOHs|5l!F!b5!f zxP!xg*oC^s@-Y91E;psilA8AYxD!?MLdBRMOXTbMJxPs`hAP_)YA||Z%6f(U^RjE&#^Jm*E zX4{P5y;+L0nWD_iOtR`^i;X}p7q6Z+lPk;2PxR>E&~}b9+06XX<_tf!DW>iGZc}{V zu6n@D`+CsLo(rBS3I1s_x%J+Gf0W|&dn?}T>3zN;aWm|>c`f$hX4<5i_ut~18D?xg z27DG=t%CY#fZUvf*Ub??-t43HW*^r#Gf%NA;^L?HxE){ku$@@CtsTvM&`xBxGY*%& z)W|YKPMrn^Eaz_*cQgeOyNQ0`HMhOUwf&`5&&2C~glOlu*cId7oCxRE zPUQ_9Ig`_oBRS60YX|b&R!-w9GYm)ZtNvbVPPM)aqN_PnO-RL$Bh@NU(GsZsbvQ)@ z5jL~aZ@*IFQ=!xdQhWhYVv=4SW9bm1WDiklhEQ?@D0L1#i3L81cjD8z@H9gwc^aJ5 z$6}KjC+%MsO^>tJ1*^Cudsvc7RFbQpBu7kA1(M2pL3IE~>N(-jo|T`1quJ@QKaHMx z9d;0A9qn7&&OMSJ*>OFAGyCqnN@)abR@llt_qjTE^j^n8Y_k%9qUm}Dqm8OB;B6@! z278SXM<5iYC@ME4(8CkPg2EC#^VkBOnDhJ60ps}h1wB!~e@gv2d>)g3yaJPYvZ+S( zkrH+aod=vJXjkoJo#euRnS;D;pN#@_jTRFOHF^l#N@=R*V|Ctu7_*L+7`c2bio*}4 zuchVt?*4`jptHouMzc9WHcAaVo27%FUCqWeM@yXo(*U zNYev|HLARGpFPhnz0iuLt8uvUrKaGTR#T@Q*z_FPFknPBbQw$fhkUsKGPzVmmZHv} zLoemjInWQY_kX$Zs0|fyRS!UT{=NsGUrXC?253s$fT~8Z;bIJC79XB^i~bZ>WAYtW zV`{n@lR4RExYDvGE?L}>c+MS(=Ul#)Tnp%2xj_AP{pQjQcUA1F_rG(}*L91{Z{GMS z%MFP`mN{wY(wmf7zH}}z~m|qR5`PCp6;Z>DLvg3fAFWu(K zSnG#|y-~+u9sTmvuw?lH3MH6RCWTJ-A?{HK$CryQS*mk=B0|?Q;XamLQ=*4YNp6;O zVft&lqUTx|?hxK@${vRn7mC?Q9$jR($+H$Y6Ii}a%eSS&R5+Io$exd`ql41*!k1`7 z_FC5?d&wynk-g*;6lkUj&E<8krbB3^0mWy~uGk)2huOd%>a}UzQ37Qt%nfixV(^9FpZxm@l~#>o9+q zNU=|Ikx8)!^SzsWXCg((Z>*&ur6Oz44pnBX(jS#(F-|s5N#XO9l$>xe_#Lz6ceq@* zjg@|A*c-LxcTDj+rV;A2-{EoNO@4>VA$>${hQj%N zXFg?x)rCW;uzzfkH9K#SGl4z7Bg8mWGrpxpY3_H-=y%NMcZ#`a_!V9Jj@HHRXjT1= z#_7Z22XU+|erI$pdf2VHrgqLw3+Sz8dD^*U=6AI0{Z8pN_#L5Ven*Sm?`W|Z3Tu8x z^QGrl**~@Cf!{fE^j^n8Y}N1dXG&M8WxwOUd)bJ6D8klu~g*K{ZX0)0TK+_&OBjvDc?L$n%MBwz zeZU>{8I9T6Uk>ZEzdn_kDV<*)%wm?yQfEGtuG;LF*2W zHyZnfWXmgv1AwrL-GTJIvQ|y;_Ejt|R2zG~<-A72KmCDCCGgq==kqE~&{efdq2oMWM66Bf$;_&4ub7UPVO z<+MQ4b46cSZFk-Se zTJhtQRP6fVs9Jwce(&(rVV(Lc(f0Cxr!N=ZgT{W#J|px2oX`O)=TSN2rD!v!=hE5g zq@n*TZMZ(>dN#G<=P+%U4Qa#ZvrHRi`)R|}6P)f1B=2dAdBapQa8)gh3H+G3a6oR% z8vZo;dg))^-rw8~HeBByp{BddCi-y;`CfERnAJzq!MG~mN}tgm+z7M3fnVMHcb+j{ zW!J`E>|xz}W7D#^+7$I8hllCw0UAFasP&^JY5u*yO8O)1tDk0+dhJ2@4_U~?N@f~+ zi;;6IM>m>HXid4BiOycn!x@h(d3FZt3s&fzNcZf;IETtwr=OR){2+Mad&;CE+T2qT zoglT+^NcM-XQ|?RrLECxWKBs~Oa30>M=7rQodIZ6{Cq>_!+;*N3y{|5+(1(^ehyF@ z?LBJeKIKh0>gM=OrPGn`J`~OITlCaM{8l9b$T=yB%|3a`OjKsr2;j37zd2<%M|ypV zmA+x;tnv+8UEy-~DdoFXxcniCGi2z4!6kdBDBF7#T|P<%(0>0Vm&cZTSlM@f>Ox~S zl3KW=cV<4(*&n;miM%U1`MJwE8CbOX!3%#6VOBmpIg5cts)LVSI4X-hs(0C=TKnwf z%(?YhOOVs^^cpLLQT>t2aN^?^C_~q;UzA$;`sJ)C7V$`iG*$5S)PU(L@juUB6_5UW zR+s(Y1q$)U_;9)VB|aqV&HNcd-GaA$Y?_Dh3D!14$jS!~H1C%GJL_=^=$Os8&%uId zX)GzZJ(BLm7j(xwcTLBf5!=yuB5zKsaC4yZ&1@lS!X2dZBfix{l)69cUGe!mJpb@{<(c1zt_G3I2=kMFBP#1{ z-A(;dD4*mTQ7&`EZ*=ne&!gMFe~mM%`Hl8Ae(A!`88*IDJpVP=`0eEK#nOlDd4BLZ z?>s68!TqbX?Uvu1_4}g+vt(-uasO9!j5=eg%>-6?;^Qy+C7&bJ ztlxb8@sIh4p(O2$8&t2U4D|OiH8RP))Cz6Jw#Mi_5#8wg=G=)+(NqxoMFGH&h+(WS7%iX+`j#ag@Smou3|w+w0}8N|58*sJS# zAc?hYOvyqwveB+qIM-Jgy9g7}u#m2dbFOhUU%g)+XZORytcRh|e7}qiQL~5+vDQls zmc)2t8&?wgv1Cq{X=`GOQ#DoIsfHNCuP9fLNuua&;KGG22CmRZcNE{qNL1&QZDtzR#WC3qP;51)OndQUj=o1$c=Zi+;}(T#t)ad z>Fr&3c>DU|La3Ic6H-RjQZk+6(x}7|>pB%%8!zqFZ1q-cq>Owut`xU^pYqg}ETI>egBNNX62UC`2W-ic^6 zwrOTm(^g~A-50_!rPLbhk~a!?8nl&$qO%;fpj0cffoiukv^Axm?N&nuz15&4w_0p9 z|5wX^C=9y^*5IswuMVaQa8KN}u}yG{UG|AaZjIO){>2N^MW48eo>UhEGo5A}VGU!v z^FmNi8O03Z8;GR0Mm-e3wod+01Qw=iBY96z znpU?V@Xkd+LMVkZHFX(09c0#jEU{Z`PbIm;!6F&Ye8|an0&%m`owU3-Ludb(l9SaE zD~l68i$S(7;#7r0p79(99iKNdF>Gk}hZ9{%9NLmqOe#vPO}e$hx4~JdomOqEqN6XP zKdK7I3q(Y$)kz5{1%oNXR;i%02^}MLNen}n!as~-;*YM60E6g=0r9$IxFYQU2{MBL zYvBi6uMhJz=_IL6Che)Et`)8eQU=1dVO|)G(~s|U0wT=jVe)t~!m~M9!NKt;x|OJ(#6O`WC`|fo#e?Qmc~LGq9oyCXJV-5dtB$7n^v~c0Pn1!5Q1SI@*$E4Cbcsm z?bl$tl(g#@4oofv#F8Bxf@={*qTY1gvZ@cxpMm}I;9E;pwTO)kZ(SnEjC4w<$T-t+ z5(VT$zHekXPLPUwk!Rz}6*bU=mQp zDv)9qj9ViN^dLy2Y`ikG-rDFBY&Uf9Jqk>#tXQyyH5>-=78oCm)G^sM;6$Z(kbr>T zQ|mjWE;(?E1Lg@pM!Se8Smvi?fkOSQn-2ByhnQV`b2Q0i{_- zb$0U^IUuX4HBJ*&oV%`7x(gmgm0$9+R>+d zPJ5?hs~vzc^HEm*^Yg-N*SR2#^Gqdd2gagSRRFIpysV-*fqUNLy=sC8?Z zXMjHrFCJB^t4z;NuGEoAQ3j4k3T`GDX1NufN8qSISY73^&r&wQjEOiMQ&iDX>R58R zjXF3l5uYVdWpmF~KGIRR*dq87aBGNE1&%|>Mdxy+1=Y19_N--0oFk@gTi|<}B!^$+ zsfBxL6BnYB6-$Voy`0i|XT5YjFgP(QWDwMGi}|7RtsdtK@JD7XC*)7YYx|W zgo`OiC8ThOVnHXS4r&SI=#Nt^{$U8ttsI9|o=@lbc%IMa`GB5J=tmXw{1g%pDsIV&l7#)kZZQ{BatNe5VJN>~v@M<`A>iqlR@_5r z5CmLsg&|;tEBY!F4>`ZjAslRBStYrgEB#gKhTD*jy-uYv|hG~^Uk}@`L4qj6(&*&`8K91 zE&o&HsQz#LEyF7oZHI{5$1Xx^EJ&SNuA{R_<9O2_WH2qqv>elNOv^DX&*>RMwg$)i zJkS4y+@FxQkrPhuTzVN&zN8CX(!O(@Al>%ZWAZ=syd?9?YTIcSJ0-X$ucC{HjPZ;$ zlcQwjc}l04@&*j(RyYK;(FU!scG`I(LLl2qXP>czF&UP+;Dt_*&a|zzUUkwZI7lVT r^OsQIz^1I|qHxKw{9y@D#RCVKvW$0q$Zg#7mh%4rTkVbuNtFNqoa&;Z diff --git a/creusot/tests/should_succeed/index_range/why3session.xml b/creusot/tests/should_succeed/index_range/why3session.xml index dfe583a026..57e4228d5d 100644 --- a/creusot/tests/should_succeed/index_range/why3session.xml +++ b/creusot/tests/should_succeed/index_range/why3session.xml @@ -8,12 +8,12 @@ - + - + @@ -38,7 +38,7 @@ - + @@ -80,16 +80,16 @@ - + - + - + @@ -98,7 +98,7 @@ - + @@ -110,7 +110,7 @@ - + @@ -146,34 +146,34 @@ - + - + - + - + - + - + - + - + @@ -183,17 +183,17 @@ - + - + - + diff --git a/creusot/tests/should_succeed/index_range/why3shapes.gz b/creusot/tests/should_succeed/index_range/why3shapes.gz index f5a2d973b4d06956ae4c6f17e679702df018c7e0..973d22dc200e695f241394403274dc0935d87da4 100644 GIT binary patch literal 4448 zcmV-m5uffKiwFP!00000|Lt2_ZzVT!e%G(in>Pjmuy`qw!OnwWWY7YF36Lxf^0We* z7h8x%$GXfoKR-pX?@gVN$CB+`A9!XCn=Dp+ERr9K)$PB0d-?dI`zbzNevS{1H^;kw zyTr?H|K;N8-rd}NKCt&g2@Wt8`GJo`aS-n>+-;;kcRxJ+=t$M=?eXX9kH-*i57Ipy zuW#<2+{f?!=bP_J*R8}=)gnpDyFnVLD#ZW0zCHeM;}4vB>E(CNw+b&#w94alNYl|I#gJb)Mt zhy(Dp0caa2(~=FqXaI^*Uiwr6RLMpI>|mSvO;f$e)0(xjLA%KcZI&;p%|Q=}^`SWF zfQRg$vQX8tD?)kND~Ind)A8ZbKScKwuieALuuo)O;kBqp*-%8%KNK|?eSRaE^+tNP zYrY8wQ$}O9O$9fNY_Ma=RpX9k*@eS{$&MWxAWzt{XsA`}Hn!QzT#dSjB5u-^dx($6 z+s~2K##=urIhEmnZ1JG%TJCk8@_J;#{q5mXyjqvZ1y6#1L;q4OFFaNY_Y1lIaPhv@ zu7^-W=`Ym9msdP(2%3%S&+hh9^m6TUPMwN$W!jNn7**%eb$|SH7am)^iY2zd&l>ox zEks*>?-x=9eXcCKh}M@G;aamqD;j7?b^t5dU>lvX6+K~{i%Y2J{}l?>T)3abD%M<5D-Y&x$K4Xh(icBHM1Q;sH%}B@UDU}a^@Wd@ zoiAoreL<(Y7Nxr`1v(GripS@CN_%Of?Q1B`p&!p_8fo@wxlHE8wjwWqPt*x)d8kjtC9%Q^!Mn}Y}9?b9Rm{XTcL z?!CKxjKjaB;+PN9<9?yLBh=t8|K3kBRXX0oqTT%vpR)goOGjfU6F*6YR{ zOFVyUu%SDu8j|PV`&np^FP@(yM$hvy6Cl6gCBd2XNIAHsVddcP0E}ts4yF54S zgf6zRCm9s>xuIruvb#ZJd(hZWOmSWDywD{0-^Y)!RFrTT+& z3;N|KJ$Ef7RZCfyx)~O9Sr1F?L;K{eZ{4+2)g|xp58d-}O?%aB;vG3kex6H9R}$wB z0poSNef;^y_z=IKYfdXReC?{G?8`?OHNDF} z;QHgk!|~@BzWMmS)PtJS&7HfQy6V#B`R!6Pj{8NG1y4UE!YwO5msk5`s@U$A+^`d> z`o#WJRHDVl8O=z^O023E>Qt+JY-$nnBwC3%ixW4#^K2uva8nUHnq9xLh{witZwgeG ztvMes_oJt)4>d`!?nOWjo8x-MmopQEa$r5tWV=rDIBv|R;AYVHoQG!@cSH@*n@{A;@t!Ls; z%1Cv+zZNIdrq8o`$0m>rxq9aWbUU4>De*6`=54gS*5 z5Zk9duAhz{sB2#t!NmHZvB7m8> zx3tco?bwh*+p*t#QTVX9AbnjHS1c2^0+$bJE%!Q4bZTllrN8FlBK@UJP2uL>`&p=@ zzjECge3m;w+(VWcM5>hm~tnC_Uqf@pr=fkm;563Ydj$=L? z7x{1;^WlgGobutg%7<@bfC6^PhqE@=ZKqdx3$!8v$(IkXmV2G2{6cVwu@=RJdrf^o zU4HLpq2k(0Z+3+LCt5>yoDNuMPY`}Vic>mVOSJ~AhHQ8 zJ53CjWp~7Yr-=byM!W+tn2{LP)H@Kv^L)GC3Kp=6B!4z-Qbx)py@G zzvDLZn|C|E5zlYIPrU4g-OFy=%UlhrVDqkJl?zgpBdJPrkQ1p&eUhpOtJG_%+G1_=$wp>Ql`T${sxnpn zy`P0DQdOBss)L+3Rmzi0m4V7NQ*D7Z`eY+BrOH+!m|~I^#eKTHeR251m!Ge!Zb96x zgDC8Ra$wOmD09-B(jVZ+8r$1V$sJ|Sciy=Z6jR;+QAwu76e?p4; zFIM>JFIEcDw~x?w6p+F0zgXd?zgVeY=Py>U^~Fj~7Zj{DlR64jsA9PIhyzZatKjL+ zRWj23=PLa4=PDKH{J9FYK373Dx|NM?U3{=oDobB>P}3JH%AO<+0!y;n5N8dx(WxA? z%_I>P3k12TNOmBN`eYnI1rWlh+UV`aBcYqzJ4rB+S1L_GKu+Da-(~~BtbnjG3nnxjh5=zmUNf9Dr z)}~-DL6HW{UZRWeYv-{Kh?YQm^fI|Xaj)kQc(j)sJFYq|J5F7A$D!k-*uF$}56Q4# zAPF?gfj}BI1hQmekfIMoxBhDNgx0WRg;2-=WTFY+!~;<$OHPTds5igHLUIv%6QtAR z@`yoM57PQ5kP##4;vB&{0i9qSw_j%jg=5M)AGoJA5qNKn7?!?p`eW}W}& z5=;YFAeQ2on8lts6BKIHWx(Q%j2qkQ;5kH2>n$=XHPbc{ZDJxksd`(LKl0U$Yiq!P z7M2Ic03{P%*8dj z-vAC7M!^s}&r2QpJU!NQR(F<0raCJ-D>}Qc+0P_f~i(6@?%a zWR=6k+JAz9Mz2HkbR7wrV@zDAUTdJZnr;z>u5x)g>5=}DE=I~2X=9|0QGb@(*gt_6 z=oY91mz<(nI=!Q#!0Sp-X3;ZlGQidD36=C-8`u9Eq`do}gEb?l;T_2Xvv2 zENB+7dW1A&6-5X9nY`1dUfU#?!H{~xJq5v%ZX{ZOO~J(K9a5E3GC3!cb!Mf1N^fZ& zQxcwQi4<^Zh*n0;gb7Y?o|2!}(%EA}@Me?{y~N(oeXmzG#(*x$DCoW^l__B+WNl}! zE!P>bcnr><1q!(WXb8bzWCo04y>QiQ`7bFV3&67~>Ptq>9xUrllE>)43pUY~bu#9t zM+hkb-FxV^Gwsx~7f*N*xXy{HD7cB1bE+23U-cqIAkd>!NWM z=(;wrfh28$)Cuy4AdiUbadr0eFMILo`k+uyI>wpubTPFQqtz2o zk{4wD&C0UpNuA_p@BjLoqtys~BFAfuJcvXOQbf)*otdIHGrOE;;Emo&2&*Ju?3oCr zN6-|Vcxxs45P5)l&y(gn3vW6L%Ckf(-qO*kdyqDGBgosJtrT>H^z}0=G7O4zDC$HA zfFO|Uc}m{q!imC#z@?BeC8Lwlj#-M~Be^bE$WuaYAOv+P&QtIPQy?H&$Ae|k^AvRc z#w*{U3_S?X`pp!a-Tf<*rre1job)MxVUTZ9PBG+3UHf9!2ANn;(z~8+ zr%0=quB$}lD)88g0CwYAIJ>bOtVc`+B@fCAZ3KEPH23)fY1;Kp;l_>p?6M0krSrY= zg>!FB!~*b$L}Ng}DVaoL~IMJ94(6dg23XNEvQhl@^q{m&q_jVI{~O13PMUr$s{GGs{|TurL#=ux9y~hFzNh%iO@)B$pWoe(0O;$kJx-*PK!qI ms0^L=#Jnk@vJ@L|nj}MnatVeIm>2yoBL5HA?evOuUH|~%J+QC< literal 4445 zcmV-j5u)xNiwFP!00000|Lt5`ZzVT!e%G(in>Pjmu*l*q*m*FF7(GBR0g}Z*o>t)1 z79#6dml@~hr$~06zENl7v1EJK@<`L&WU=aFk^ES!?(tu~zI^z>{gfUqKc)MJ>*MXe zU8>8k|K;NG&RySrImux z@#^~a(f#<%|9tgLZMv0s-?SiUc{fS}6~**_S2xG+ufu`!fC0aGx>f{nrk4Jksf7S% zYFS{Vw%awTmhas=x*j-uM|bOb_xA&5?&0=w4!%eZSs{FPYZ%Z-BCSRneEix{7FinF+2nOSGbcmSjh;q7Syys94b_tn=*>stW%K6>GVQesj&;B6FokrhsUdXcl&+1c!EvA5qAdpL{LyG z$=bPU+C$D&(;%L!rl8_nHAN&BvoGDZSN~Ny^S9$}3KZ#!pYBsQ-p1=kimoo&VAS%; z$IHeSv#UO%(_M+$T-O`g59Wf0r+i9lX`<~bsLr8F;53XhdhNar=Eb(4Oo5NoOyO5! zmdnQmj3!?(d()~kenK~es*SD8#1UfcH52TyN2WtCm zX>8qh?&cwlf7gOz*-Vf7iSCZjg1>UTJIOTZbO(!i_kDUS{)ZYGObDm@BdyeP{y2)N zozLp|)bnGFYmZ`f!8enStMtkL7p*TR=TV3WTaQpQdTtb`x-$x#?<%MACbP5A@w(Z1 z-MC|o=Z_sWbVu1j@^ZbKg+}@6`IE%td0t0iLN(nV)zg`e2XT9-! z@oV$^mAz;^X>RB-0qZfrcEz*)itn{0^LASD+&;a=sq(bSxo*Ry+Z-S|#pyX&;-cUpB6Q(RX)FEk1M_wmP63u?Fw`0ww#j_>KYI4SvX zyiNc43)+<^y)>aeeJGLHkZ6B7dq#alK!mO#5*`iewy!= zt|ZPM1IDX#^YHTz={|i%*>;;9u{^a4*XnNF2&gxbUAx5%_$>L!>fc+7a_nk%#g`8- zX?j;K;QaCa{`hl>U;X&M)Pkz>^{u-(HPyAv)61o5oYsr16P_+L!mTsE+^^QlsbITa zO2tm7=@a{1QHmZP7c>(kOR*|msFS_=sj5fJC(%aCMVz?tU0@rjg`2A2(d^pQNjz1q zTT`IAtS$L~xg9;d|Im^I>sAEhu-UF>d?hncDF@aAO}5)GPyJS97u}uq#cEx? z@UiI%Om$r+t6e9$URFCV+kL}@BkiX7+Ra3fYT;(`vub`;n`YI|PeLr|pyp`4cCV)>Ra_FLH?Z;Np5nBP?9$1%vVFkD=NzockfKA&z49+v5KCI!M zN;YUq`Ce#+wRdEju<{kwt|Y~mFk!WA8dz95w?3`W&P5xzwW1@o0=&($ECGuZ;I1U; zH7CHP0XEYn3hiM7*Mv@ztd;MDR#>+QtR+@lVeLxNnTg2>Y`vYbgY%-J;+mpsFzVA9 z{#>-dUn@Fd`_#wPIx7OLs5Qnm(P1i3iR3aZHNSV5gqB)scltz_pRo4+-83BZs#}R?*{$|6??+XzdDqQXPfPCNOYY*Zmiy8t z8m}=u@qTr?7;~u`Tb1kGEL6w5l&#?wxr0>G_?JAw8MXpdWLIousPHUVHPAD~${xi^ z9M^xnxtqlrY#i6W#DhFBs}yI+s$dmsvf5(pv?)erVwF8&l~BJqs@J<&s3E1Y+K}L# zSXHvKL{)&YHBoJWcG{2;oJkdXq>2-%;zX*rAXS`570m%pq>B11RS{OyYpU8}?X)RI zW=_Q(r=o03RjzllP(vykQ=vTIiBl2JGF1VJYo^))?X)RIW=h3gBA8;59>smUxp{W@ z!3JIkjvEDbHVRyWKf7t{2!P{a(>R4V{QO5N4fW?EbTLNgq7$Ku z&qV0ETtgT2gqP8+>#3U}&AO{@8zy}!E zg*3tmBSdzfBxlMi;mNk_OG5rOP^}eYTj&H?-1tm$_g8Ffh=`$V;vUE(eYSrzU*hFmO_A zpQSs~zHbCNqqRvYMCv%mWW5e47_F*q{l)6F%uI3Xos81ugfS^#Dfq;U41(vX-uxO1 z$gQvth2uy^ETIC8wnoLGcTqWIiUq+30fS%zw_j$&K;{s#a>8Py*%*V?(j|n*&yKM&40}={aNI0N)xt?=K+AEthfYJ`oKW=ZSc1na2dFlO>joOq-Ac%aMcRHk+V?t;S{j!525K zi8mrD9*IGi#t05=@ZJY&mB4iJxgDe#B;BZ20-}@=8A7D^glHv6GM=oB$^#R$7li^u zLH%LB0h~yDO}m3Mnnr_1+7^P5SwIeo)`IdC4*zWtp%gSRoJ*eB9F5|%Wuu8y7_6#W zp`sr-C>)gd&2VLvOrV_<7&;^;DIR>_3J{zkrc4EwhJp5bWd~&jrGI;j$UTiD1o}@~ zbQC&RTJaPX`{1?1>O0MUcbGKg${sFg>k&l$NaJgC3eq4&!oZs=#UBA_&@s8lx$poK zD(1+XHkN*qH!|hAS`7?_4cZQxTIxX)b~$MLeSu2~z6=GS$fQpc?us1hJdNadnN{7_ z4K*=?(SxB*$id)X#9;Uzus6X|;EE_{l2B)uOSFRlbAboxB+GTeSoROpA&0c{$CNmc zEOJDk@kucgzeOfOuES%^VD(_BXL7JOSTR^W*ngy9b9CrHB1wuVqgRpQ=s+ieK;a$} z-1r*VTKiAXQ4`QIZX#_8Aj?++M7d5%in0uKTk$fS!01%TNEahzjI=RQ$EZCkb?l$O z3jw&xN^si0E$xgvs>nT8EHR39D4s6E4b%!4sbl6(;1QjX&c-}AlT1e8QE58Vdmg<{ zRzYkYAq_=E)d7DZ?*vJIEFv?^l$ZaE>Fm*ZuQ|n4i8b$#s*;i^IhmrfDE(7<%P<){ z#Yc3AVw#hikPcCFl#n?_M#tBAF1>lId5mdIhl!v#vj$R9A|pA-_$<8kA=k4F6m4%_ zTW;Ep2t4@YvZOc*najXqHZEALoN2*1)L&9W7JwI3)Rv6Ad9Zj;a0=>}M2ZEhOFWVL zfNO;4XczD~pH}Ld7tft#En_)SA1(8AehqY#6^b|zymiJJ)8?Um^W^8}qmxL~$4n$9 zRDpstt`!T~c+4sVQ9VgkK#)9{0XTlz+!;)?jmQw_IES>qB=T^!5NOkB z`Jg&C-#q(^(?bGi@h8cRwo%hwoich9LbH^l)os4wn|Hq~kLi-|hH*NAJNgYOrvwpr z@|c{7E$T+nCP8eBpQuiqT;dY#|b9h`Bj)ZrTBn zyny9eloijDI^=KO|JB|HkDSQF>PSJISFgkEl(qW7=B;*D{(1zk|2wr{&lFHs`5dLyXR^-L2T0YoGs?C<|Ra!c5+h zClgY5Z>;C#-LfV6HXGN%n;ZLXWKz*VNO%`0OjI;mvlZY?Fv>-1VdF;r=CX^ZqGTXS zjufLVpDr**o0;}LppcGjT=r*lk)}XO84zAda#BbkDxEMIDVP#cZg{V_g&+c9`~&xi z_=6`;YeF(Bv~$+S5H0FhUQJ7D=RT?OtA3w%n?6PGnI{ma85dB#-DFyp7sIkey-Seh zweff_kZB6V!D~(I%e>557^$+RSWw0d9{a-6P{b6pp6&R7`xwal%~{Z8b<;&`zW)$TNTmg> j5<%o^60@4=Q2yUriG(k~5CZe8e - + @@ -29,7 +29,7 @@ - + @@ -44,7 +44,7 @@ - + diff --git a/creusot/tests/should_succeed/ite_normalize/why3shapes.gz b/creusot/tests/should_succeed/ite_normalize/why3shapes.gz index 62d24de5d8856a2dcf12f7143a0987d5503a5b41..c01f6eb57f4d143310a07a28e4c77b2c6cc931e3 100644 GIT binary patch delta 1371 zcmV-h1*H1s3gZfp8GmmT=)nj)a4yZE3mt1{G*Z`qW2d$oWBcn%Ni&W|Guv#EgK3f? zDeB|HKR+zbU)^gsFW9IIaqChSfDGE0JQ+?RXz@oIbh{F6U3TcV$yeGMdoX(dVjV`UzO#VE!{3&&_h5E z+hA#CihJgzXYzZdN9HKH>-E}4Y~9I%$e{=e#S3r?tWeCoxzqNooJZZ^*q75kVfZMV z#-ZKe)6!=3Sdv896KYUqK{uJAmI6}gZWLC%5@ZpkR23ymo#~ap^h#io2#f`pl|Wb7 zC|p&gqi|)FkAJ4l$ECmErN7qY?k)@axQxfs((jLl@Y7=Y*cdLN;5+>0c7AsW3%5IO z569Ds+wcAjon=pt_%}VtQ_5(57%D7H4>LYU%UdNaIu#ZWU_yHW0~sU0S{tv!%U7_1 zfwhfY;nTt$G_#~UBtcN7WLLSW zlLs|}=~a3mu9139gc=Bm#N;AxKoo*b8qbHw zO*27Hd?2g%P}sM!X*m#S)P2^6Ds!juA&U>hD1WeQ+6;tF)AN%)MD>hicJb;R3zvO} z`Rg50Z!!1V3r%CKkXWb#$t@p9VZ}g7E1L}P^X}z!zl*yB)s^dxA?4z-^~b{n^>BHC zbPe|xmKUy2`~C5{eK~evZ?(G|x4Xk7O^CYD{*nj*Hz4_e(AbHlA<$6Qq-#Nz*WHjC3VBAN_g!Te>wY}?oX?T zRcbdC(IV+>-B6F5cL0DD@~Q08N;NsR7)P>MXuM^fLhbj!QZGXRp z{cAYYje+M40$a*cU1)Q4X2pDN=#UyQWJa!=$%<5lKQ1eizWm`0a9(QSBkjC*5Ifd#M}pMGbLZ5OZRiFzWYI<` zTR@>AN_pyq*F=jzT?Zz5WtL*Y7k{orDPg|rl#dP!?X(dfh%gRhaAB!7a$z)YwPBif z%t)uar;?Kp0is9eK`hNiFCs8OAqas1VkliFyzGc~%n6M#bW4yM5F6kdU>m>?VFM%w z3ZO}App#J$89fmgH<~AcM{g9zlX?Sc(Xt>_FwS|Vy^=~`+#RF%FG3KkTU1gsXR<}S zN-IKCAX*O*L}ywBL;~KD8{%nFrBGA}Q4X^aq)-BrpdGqYQM9I`K6sy1OG1rO5fkC0 dGA7cNcbuE39cdYlK^k$V`X5CB&M4Ur008i{nb!aS delta 1374 zcmV-k1)=)m3g!xs8GkQI1$r<751dPL=t9RDni;8Uz_C-?jj{dprKB0h^Vnvy0oF7{ zkresy;h!It=db=XoR@Fmblx2gzb^Ii;g`kbZ@)XdIaYNPIH(r>Hzyo_dQ6}Gar+d% zd<}>7{v4cfz#Q-uod9s7uEkU8M=Iup#0=)~U=l4u3l~rmyH^W^2ET7qSq@ z!ZtXbnd+W->6r4K*${K!-Sv9yJa+!%KxJ2ygJK1w15qg9-~4I&R_>E*f9=cZpU{64 zPUT5&|LJ(OdMrWW;)x`F125gPE_ZKPxW{EYo|eu2cnCi&rpYFE2?gKbSGW7SOIY~b zd3!jXUi^OdZ)lx(dZd5Tn=*xr=frU3cuLIhA}_g0Qha(?KtKWQ2y$eI0Owr1_L(2S z3JL~64Q~)=3o_<3*@EU_>}}R#$AzH@+;ckE3~<@^fPXuV@*O@M+(9#+lteNDWeWBv zR^#Bom?6w6Wk?#Lo)dvRp^2D0r1KME7rYNHw!Y@N83$?lE<531*VH+i;GJikbV?0HJ$D155PZ^j zK16Ps31(u0Sj7fX-^!|WPoz=zSsPg9&d7!?Hh&1CAhK%P6DCd1PuftUG?v*VM|mt< z@ge4~cSybY+-)yBjkQ8jq4uP7vL}^OJ*l0pGQiKfm)HF+?h;g2zCDH%i_5k-9xfzD z%L}Au_`j&UXocGEkJs(Xu?>4?{N=da9WH4?JZ}FuzNBfguJY_F34TF5@%v0 z^?w!lffXTpD?+WSwJ*C#Hlim+^qdi0n%(~z!J842jHG;~hFluknGUwpjq}(|QrFz} z@+oy|R<=7y)N0NQkexP!*Ul)nH(PlL672qa&X%y%4{Q3J)|i``^rdtLOQ0>3>DE5D z?R{xkm=2UH)os2o>OWj`%gJbiux0(5oqzt2H{Ib1 z=;Hg+@VNjn_Q{&AEs{A+i%Whk3Wwd&b%!M6Ge|=2@H=ot=%Iu+ykf#@xA^PXeEL5f zGKaXE9`SP0>AInwIPU-er}R_VrxB|hTk<36EHu3`Pa*$6gwq8NnszqqJ4yHAZ-3jb zVgDLV`H3Yn27XeBhSzC2sV>bBRJC zN};UqR;w0lZ3VKr4uLc-?ZzyOi5MXo#YJ0lZiEpQp%%deR&$}2pf{j4AU7a3KrX@t zSay^Fj|e6-s^toOWJ-uytEgIJMh3G4vjJR?DviN<-w4y7MukkYg43T0L05@($w{5f z8bwe#TGq5Ik}3cKB?R57Mn|q%gGrP_7Hv$BUg;)ERr_dct+8qAHnPAGL&LIY2`DyA gYo)RhWCPx_hAA(svOYaKg1r;{56^uzbJ-6709Spb!~g&Q diff --git a/creusot/tests/should_succeed/iterators/01_range/why3session.xml b/creusot/tests/should_succeed/iterators/01_range/why3session.xml index 7446044084..9d054aed1f 100644 --- a/creusot/tests/should_succeed/iterators/01_range/why3session.xml +++ b/creusot/tests/should_succeed/iterators/01_range/why3session.xml @@ -12,12 +12,12 @@ - + - + @@ -27,7 +27,7 @@ - + diff --git a/creusot/tests/should_succeed/iterators/01_range/why3shapes.gz b/creusot/tests/should_succeed/iterators/01_range/why3shapes.gz index d2a06da0fe7ea05341cf330ef24e94f4e9c5f289..39c29abc937b338650f44ab4da9659df943abc5a 100644 GIT binary patch delta 970 zcmV;*12z2D2h|6V8GoGNyVxyY1S`nEqK9t5V+~58vPK;#D=A6)?>p4PmYf7_eK61K33m_@eE)_9avw9{!}T-+XgVPUeiSkBvV$ z_L<`Ru^E*3K>y_Ow=30_@WuP8nuIQ9ANs*}!&ujX=b{$(Q`aG%edbSnn2U^^T}ovB z_wFe;x%0oQD}N9xnSZBDImUhQw2^T9RTYaNG*wiy9i7RsITYR_0P1-j);wZPX3#(F_q3IDVYI2-Hb3c3|e-k=~>O%k7 zMATY*4k$P74AX|jq0aUjBBI_95pZE*ly-05@aP)>l|z}0lJre@aVSQ3S{+(i(Ek*L zsbq(I??0|}n%$3|E?#nFyE&aRA1$246jIJXF{NZ=8bi-WRNpz|ED<{~gj^XZ7G zKqL%=HGjm|`RWOnIt1U-$RFscY&OsT3&|sItOJwn*Y66bHy#!;USK)U(=vw5Z;Khv z5AS#SAw^ZvW32|4R( z*7dBLEdDkhHSq@b#EN=~C??Ltn}D6%{~rjwg_sTt;$bCVxi75d21BK=Hbx?Vsyzy! z(SQ3og`6eeeW~k$1q3BT5m?C-6c8W;rm(On&oQZl*Iej209GZJ#tOj*x3;=ek}I3a zTqHJ>TJxe{6r+U92iFIX8Gjs#&tkWL5v(8siypcKk2NTg${KZ~tfVCEzweNeY{^N`)(30e z{D%C7{NW}azS+kxg>G5E~vI$G;6JGjo?WU7s(mLm!&c zCi3>yfGG^yUyL;ByHyZI(ATBL-nK(_XI=O3cnV|iSnclcYk${^T+i+~}(ciU( z+CNgv*X|)01N*x>`^ms!5Ift4p*uYX1F(x8uyxn>-AnKv9{$9z-)wu2PGXd8j;%cz z@)_gou^k2bfdA;Sw<}dU_+qX1lhDWP!!X)@Ot_YMCTej#aUJs6mi9D+8D#A20+HC? z`=?;|&i=ASz<*Y9@f|aHiu+=5A!dqKC>BF#eN@XG?#Zz|)ZJ6-hjla8i4L|6>?2Bk z9aT;pj1ySEQ{JG3Vy)1K7uW?b6lnZc$O|#r@Yk5d3NsjVoqbrpI~>Q*|0nM4UvckZ z;4`;*nT_8O{j(8e7I{R8k^AWjv|N~Y3abvOS}8J8Cx4=v9H-FUkKfSWhTc$dq5o_` zYArqkm>XAyX+dSEEcY8CQn?`_(1nRn+P!_k$(ITWLwT7bZrku;C`;w>YpBK#wLe8+ zf^2B9w;$I!&hE!g7caWX-JD(!8!ZKiDX5%-Vu~YZN}=aUi0>S7mXH#7aJaRJBY(i7(&aq=FDNJ8XalO;ukRHQZ(J;Byp$~fua*=x-z_Tb zAIM~$WIVUDt1*`&w^81(1L!;KK*xq1z}{yEFswYYqrkn~tneQFuGklEzjy0{(Np

    =8i}b(k{F|tqL(WIPbD$bC`a&nAC{G+yMN5@@bqvWh__E5ku2zK8?7}ddt6?*WXP|@L3nL zE@xep@wa)@*c;qqE9wcP7&{YhDs1@v|CEs164Pcu+^kI3V3nvtLxOJ_a8fp$a_VXA zX@6)~kwZl?1C4|m_Rsa={ zN>?g#zLwBP>YS{-YgFNY3sw7C6G2=Naz#)T$O=RSyaHB1kx7oAytQ0;ue{ZbkfbI= u^M-gYm`^Eslj3T8%RDHKSr!mC0tQOGBaP79(wIWYCgmTkD;|MJ2><}#7~A3i diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml b/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml index 09a6aebf15..d95ef0f068 100644 --- a/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml +++ b/creusot/tests/should_succeed/iterators/02_iter_mut/why3session.xml @@ -14,7 +14,7 @@ - + @@ -24,10 +24,10 @@ - + - + @@ -42,7 +42,7 @@ - + @@ -70,13 +70,13 @@ - + - + diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut/why3shapes.gz b/creusot/tests/should_succeed/iterators/02_iter_mut/why3shapes.gz index 9c1a3b4198805f61d9fbc01f0f3c0111c7b08553..818f8a8f9ba872ed8b7a18523c7b58b12253018d 100644 GIT binary patch literal 3174 zcmV-s44LyEiwFP!00000|K(a+ZyUK4e%G(i+qMo0kUYE=_Jd(Spnz>3T42y83!E8F zB2<>Vvg~C0>wCx{H5bjuNjDoT(8RGQ^6)#H!;j~}$)9ePFQ44Ae_6iy3Ro@N&g0Mi>F8F=G8IP=6l|1X=g+M)bSq;KIy`DBN{+B{ds-}eu`fl7ue;P;^3gK%1 zWwSec+*a-;^sL?Pg#8oP_t;sHLahSW<0Y6LfIWtu2&S)q=~aAU7>upkhm`n`!N5_| zwnmlPlRpNj?SAi%g()amyIcI76-)`;yW2ZdL`kdZjCOO0Mk5;Spr2!*QACY>vL! z%~J@jQwRcuATErKht@4uq2nrV%{yn^NQK*u2~#4;8Y&rM#QEx(B|D_})?oIoffkKOvDca%Y0_fife`w=4>P^crBI4<8J!+kF{w$hZ$5 zkT(TI_NYuF)y~Gw`_!Xz59A)y)uHHie!t5^R6Qi*;2R%&lb2*Y9o_zAo~`scTWMe` zon$LbY^B#J$^xx#k@oWxWr5?Ehf8)$tGwW4jA^SaEcbKuYb%m zg|J|VRzZfIeG|$i=cL_>-!+T)@EdqQ7WXKLecfnibz|;J=nZ|;m51Z;@Y&ZtJ^i~U z@Q8S>+3wvgfdsv=H#S9RJRf~^*w@<=CIX9xF@aGyf*_%G7b9W07nH}|xfwTU#>dkn z1rlOK<|S^<5_iGCa=3@R!JF}5o{84^=i$j09XGFN2+t9|;-tSH_TFtsw42P0cIW8g z^y{-6{%3fam+Qn*bDtY)cZV_sBdc}NNbV$=Llbu>4U9ud}@Q4iZa2H z80ltCYM38SDsIkdaQ?9)PE{d1trNE&3dYA$tGs*S9L4tj%jtV$T9b(ujg`Q)wbUG6_6lAz=;c=2H>2tBi5LUC8!p+Vq*q#Qn^n zqTvv*$stUV*rf}>qb;T&E+pYXki}Sk_Io1doaaR@fd?-*P&Ys%u-Bt6(;;@ z`$LATvLA1q^6WD+z6eyN8}!!d+?NZC?e1A0Y_9ZP^R-0iq0tddThbEmc?5k zcI{S(=8K%1kjw>`02i-?*tKh+4sLWWL`{k!)XbBZ1#dPE9T#Vmv6RCwwn_z wcr z{WfxYVW_Qb-lDM#b}VLG8f(R;h9FHFIirpE3bBAXjx14AI{saLw-I6Twril9IP7Y- z_n&)G+fx`!#ApX2GcMpzaCbO7cQpsL!sK(-AGfSi(|$bz4>g9<;kNjRU(fqLm=IQ# z_U^HN`e+Bat;obG>DMlaj;Fn+5aTXZY4O-Im|ita2cJRa5(b3}HT{mbc{J}{*M`{Y z*KsY>xQq+Ey;6&}5M2>R#iGraV(Tt^B$TdZe52P${5Hekx8e3(j-Kt=vt|nzcP_6b zEVR8>_=0&Ie%X-WVp{>$Ut@k?oKnTb54#Bd>WP2&aIy7$ara?nGpE!=W$yrn+;1#^ zebL>CS>m*gu6+aXz6LpbWcQcQH4Pp0%C9s=SjP+wf~?wIG0{)FgVgscEKG`941JGU zr7SW^XEuI;iBrwS&gU7${qfDkn~ASH@ngsVE zv@WSnW9nUSl6(lCPHr$;gXBecdp|yNFndnu0-!52m|UOIfq$5JBvx=$aFds11{T4w zyc)B*9~rs;dY0-HT%hhpJBVGq@`dY=-Euueg@V(V`-UaSwj~4G3NB(MjGu)d_yI_H zkxf|ec+cGXE_y`9Q5=f4jMJ%$J@H@&+6m>_nD)$$6VCntMb0hwIiza{6I#g_yj>s! zW6?eYRP^Vbm*zD4=jL+(@xF^^*N5L%X*7?4DL}9C{f8dhzQIIH2%ViW5vT&^h!CJs z83XcM<%Qxv_HrKM5;ode@_f;Z8A+MKm+G!DTdJ!#}cIkT%i>3fv!tRLENSp z^{fy)tLG#2EUV|&)DLu#OZBlZMyYek)LM&%j$E7JvE2N}9}nl6E4_P_XkL}_(VIf0 zib&0rL3;9>(|DJ3Sp@0Aj7lIK-hrVZ%oKLAg_*8?^!VN0W9*uLx2OB>_Qs`;POswh zJC}Hr#`@~ES6)p@<+sM{otwOX7hh@7{yVKpsf-7sYJ;ZgHQp|DMHJ6P6kkvFuF~ZU z&9^z>^-CPw#QzPk7~G@tse5$ZzoM7z9YH?H{i~yIL{hUz?V43yb9!aef4Wemig-7y z*K-4_{u@!=R;B$e*@~U*GkotV^9>8nuVm#|+4q55g+GghShOBS`K6djy4reVZG?LAOZD{x$R#~Ze!!cuN2SjuoBrIwO3 zwSl7so8d4fvdjO~; z@t#Bl@Y{4KQ>n5BOm|9B6Gn8!jiJEH$^bD=FFCgyEN7O}wA;AVB{y0TL!GZ^qiSNb zk&PjOva04w0ahSIs1?L=W4X3mS&mDzT(nw+luApgJS$m+Xw5BZZCBJ4Q?*yO|S!grM$w; z2jZ3r&#SUZS|zOFzgeFo0;yy`dM&xCs@kiHc~xpW7p&nj>NDR}rE!Y+1|QJ_?o25~ zBNaZI07<#@q6{iEvzl5>zPE1YONwU_Kvf#|t*kXORLc^G)acw;*g}my5m%tBmR1X^ zxz+IfRzPYlMGbhQ1UK0Bz=gmgY?_*(v!>xF8*U9)!>pm!kl%APj#8$5QzHvpjR#Rk z&6zJNr_iBQO%qomtr1}_e%!K3Q)3`E=tvFJv?SUaUm-Ub!(z@+k6r;C7(ow4H2y;m zK_vb|pF$9TU|=HXp-2c!xNKt$K85-L)~s1YOUZSKegR61Hw_1>8>o?Np3!#MF<$=B zmQJZJF#s^$5CfHQ!k{x}qQazsLsLRpIxY`mzW&2LMa4@Fx?uu@R_Ht%X~3iVXBg|9 z6ZjM%U*VC&KW0f4C`Bq(mW{3}(3;`7s!M^VAA<>3WJy`bqtIFymT8E~AuzX*nRcPp zDejCGTyse(j`2+jK}t+qoFhaio?!SpFhVkip}7Pu8|v$lYtdjP2pAPT$4nx@h<9NA M3j;h@LiH>F0Nx`jaR2}S delta 3166 zcmV-k459Pp80Hv|8GrEb&cc2$3|d5|{`j&z?Ekuy%bPzhPQSSA{;eRZ)Pe$XlNK~L zS;1BdxAXY3|9JZ35NfwOeBL}AYQHPEI~_LL{mDJu|LdoFcYk*=ysZmsBPs za(E$7&RrIRuure2&5Qq~kdvaJkU`#!`{+-D*@Z&5+JD*X4j;Fby9qsOw>x3~1ol04 zR-{m?0QPtZrUzh;p(ldrD`0vRpO_8C*6l+|e8`~SC}~@x$nD7=!>sLo?~jEkfUMmu z{>=iWCf&Q+JAV`eq?L3=ySYSzhz32hi%A&`S~Pduy8Y>=!o+hCg~2U99}o3wZ&?%o;Tm9~4<8J!+jALm$hZ$5kT(S&dsL>8YFA_Ded^J< zhvgoW)uHHieZR{@R6Qi*;2R%&lb2*Y9o_zAo~>}5tq|A>lWc{=R=7@48fblsw4bLa zO~hi?DSt|Xlf6YBJWtV##D^56$(m>v8e|t5RBj5Sc52Fa!c%naNI2p%kV!%V858iP z?VD#{KOvan$mwSo*i`zD;5oRfAh ze%CDG!*AFFvbaY{?CVBDs~dA)LT~5;S00YX!+&RA|Mc|l-h@ZQbIo?|b_pcNjlHoc zLgV@9tHZwDo-h$uJd6p9lOqTcYIiXbwtGQ&?44V2lU95@O;R8sR%Cw0&3VRMP_P`H zVQ=teJeXIacK&&I@uSe$-+_RF)qEZot*9CmL$ zjekD4>hScu^Cw^D6O3rt#pHv1+3r8$tiv9i7|Kpl+ufqT=flgXe^SxPDBSnpTk4F! zLuUs~X;7TVzzDF;+eLS|PAoO|xv_S4IH#awwN4Vr{Ul4mrl(mFeewiLW>(y!6<1h- zj9zLHT&rDxaP>N3p&Ca{3;b)?}guu@bnJykZU?B96EcyLgH?;+@Qu zhm85Q%l)UOBq%uyUVNAevYy&7p|~q_5swBxS_SqesIw+fO{gpEK1V=$J#K&dvw#1n zN9SEpCAwfOyI@U2us%m6GGE?7h_?gIT;??pLvst2Qky_PCkgFqdmN8k9}%jZx2 z=tHc%m^OuZ?+|bE=60`_Ym(H*xUudeHbd_n-)wsbdLsqyrA6as1HWv(0#B})`pknR$9+4%z1`2zEQnYfGA?e%XpLPd&4E^`p4xe+>ZkH|ed z_n?(`C?c=#0Y_9Z5T^4Liq0tddThbEmd0BldhJ#S@#{rO|f!)DTO{ zM$Tv>zG7NH9Y>ZZDVcwl-)%%#yzLt3CJwvW?fvK8tnDcbCStUMkr@|oIB|D4Ja;t* zw!-3b)*p|o6VrY@0}mwz>u_8A#INV`A1nyFN@w@jw?60~w-uS#C4B9cV1K;qJ%Jc^ zu}X_(PucXYAsIepnM)WHF2wXZ;^9F)y{^q-t6#^pP~$Q#^!7?E-a>Rm9Ee4mF~!zh z_(&*S&G-h_Nc=X#;kV)OU5=jh+0$kV7*8(mC2X|4SNMW?9e&x6;bz+jw7Ry$eo~4}am)$qi;}EO`;$ z-jB~1X3q&-0Ca^0mFrV7_=lNCq6Jq4H+frTpb;F)yD_W#k)jI*=UKgii>dq331U~T zeBnA|w_HzAq2Lg6->@awwq#&i!9~o3@v{&FKNwP8WEB=X-ZS^Uiyo126o;ZN<8pAZ zCmM!;Zc?s|p{I6SaDVm>IOW`8KZkS;VL~e@gSQ)GL0Qm;U={q_^U@r$e{Mb(EZ%qV z?E3KgDvjnbW(uZP`Tj!>Zr|8MObDHwFcGN2&JiI%r80)ebCnmGcZ1`Kol*Zx7EGin zg!S)u0Xo+KqQi5Hf6ypO~my}}hm}bP&LVxfqo{z-SES_HzKafQ( z#mB-JXPr}~R$CA{a&3lYx%rPj9?msadiN?(y(;CSH-$vT3P{4G1T*_t_d+lHbe>< zpi1D}yCo-<8B4jPD2-YQmJ$obf(}T^f2fLfPmLjG^KHzH@p^029}{n z1k#o&OMj)M;yqBtPzAM?)Yk-YWy!s8LN&hfnkXihOjw3WV3yHugeFW>Tx#Wc9rh`V z&`xPhHRY_NzF9JDnX*j&uL2}jcp#p0DumLd;gr>Q9>x>Tv{5PwV82a@2HF)Y3Pykrk&6)7l7B>k`8LaH_-~VI{YcSxKz~D~T1x z3Va4-1u|Gz!Q-|(c+a6~gmB7v)l?F=BuZ02UMeU9eWbBcTdBSUS8KxSrU63@mt|G+ zl7FLBG>yi5mwPlO#8oW*P^+*_zFmfFDh8V9($!2!!W3Encg_nu7m!RZ722z^N?IkX z;=frQ71SuSEVNpnplVq$Z<>Y^>6lVg73G=lD$=1ZP{dVrsid!^V6=2bV46soLN16P zQd6tJYVy5hOM@0^>e5vjpRbaYmz02ND1R~BfnwnZHTp!{fwEd!Ev)8Nv+uV94!&0S zq=Zt=xm3Ka6`EHq92S|r*1?nww}x3mtpRJukK9cqOEgx&WkVIz4f2dpT?aqVkdm6{ zxs0?%gtPelwk27EMkZ_JWaZGslteZSmQl);8cG?w0y;2)9*k)GMGrwF{-RGI2!B8@ zFcI`nBm^ehwy_4ELjCw{V`!~8t!hx5l7@1Jkw9Q{X&kGhme6iH#>+q2)`PKAS65ZV z>#~+jiT;y=1V9TZ0qV4M+#be!{YQNYMLa=1gR074-nxPiCYh(CEK5>qe2S2-@JQm{ zXG@s5uu3^n8iiDDs)kVxqG=kmcvH - + - + - + - + @@ -46,13 +46,13 @@ - + - + @@ -64,133 +64,133 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators/why3shapes.gz b/creusot/tests/should_succeed/iterators/03_std_iterators/why3shapes.gz index 8c0d14af77cc7ca6e3ef4466f3780450f125325a..0d2bfba25ab6b13c9b1ccf1379aa54b5174cbf41 100644 GIT binary patch delta 5724 zcmV-i7NhCLF}pF4MFC~8Mj--!f7O15lS`Ysp4&2q+n(#xE(eyY^?~K)_<`jH7ncLe z^V=y@z;39>C#cAt^Gby`XOPQs25EI^B>5$sy!_EGAE!c!X;h?h$$8!@8eqt80ja02 zgG79c_q%s@505AP#p!f+fBJB99b)R9?WuUeZp)|bwj{fqWrpogv2yZ%ICZqgYx4VK zpqN#%s@1ZY#rWAH_TL@khbH%c{U;b{%yOLsm|BI0G7&0hFo;abgRfq+9Kp;03Ue7?Fp8^8C1_E0UTG;d2 zXn`QR8a4@B8c8C;hztZg0|68ufMUrB2=rpE*H&FZ3j}hu?rFKncwo{Jv&Ier0LJ(pV`5CsSXD@cJ@P=SEcU!@;ta%r;y2?;0AoUedDZ%nv7eqaej zOtsOb1p*EmD(VR;WWp;I(E@=gXOOG&+DOJ-9RY#{CXiAF0+Au%u>JoKL$>}$O+Gwr z@_|e~95ngWv4z%uDzB#a*IV<>56?T>n^%nOwtI;M#DWlViBHrLpXeooFdN)>`~LBH z+&HVqG0)y02Oh4&*fB3?vEvmgW1k?b2)<5TnIJqx5Hc9a)nGxGH5l;(Mu;;MA{4lS z>H>mjkw?}^&FTzMD~hIqk!irl9*2D-;GV;Mnp3Rx8oye9_0R{-$r}$@=L_?nZ+5%Gh4Y^|m%hOLqDbt@(B75=F*str0SUPMzQ+QwiAG0#fTLB>hf zV46w>K&@LcwYlWZGt00D}uH_L{&G1?h-dF`2zxKe3yO)!TPZJ*02s1-Ai)w0VMa{m2_|MHoC0Xt5;|p&g5orX*JK%o+QaIWW?ZmW4H?9NLZBs` z=&}_*UXy5CRMJg0jW@|ft`;|fH-Q#6i>JYVQv|wzKodB*t7@@PAa}I_wJeO5YK?fXP zr4Vx{$?BPh;)T})5^pm!xeL;A^2+yCV<)-i=S9`-sx~g?ti?aB-|Zg#KO%VobXFUG z+jMq8&ejDJe|a3Q==*!TyMNeSU_3})+{Mk^!~6TldfY6dka6Rshb<}i6{MPF`~}O- zdKOZU>-ucoZJ&&LkN#2Mk%T5!!(Tr(Bda*(wblpH9hteB~aW~x%5@)5Q0gNB^*aQLo4XQR)5GOSS( zl3LQc_iz0>?AjH&V@4VBdSUH!9hg{rVW_r_*E!Ss+mOboSJd8Q8^P8*-kj3|z6Ld* zK4n=6Cp|Ag{s_<6i1H zDW~O{*Fzc`scHG_7xAD2JiD=MGGtNmsB^Jk1s=luw~W!jQ(-`WvH9@my7B&WlPpF`YENsr;}zPK~UuvSbjnWwBkt|D2(v;s~T7A~noq4OY<&Si%F0O_v8?O#wyd z{Y26xeS|LDoIWa*bdkK9HiB(qHb))#yrzr+Wt9F2&U3 zu6)-%^VR(iaw2lBl$KkcdTd%^mr2DxOs{=e%bWWjFt=ELzW)KKRn+6MfGkkCt0lqK zxl-=(?TDHlH0*@?Z{HvTIWe| zZn@}@Q`O|Gidwr9^jGQUG`X~aJmNBkk*j>QK6YS^9Xl}VV+Zc|u>)6~bU{4MH$31d zk4mpd#6Ide5V4P zoYcdA(-OW+s)Z>2k#{Q0i|b4ph;a+ym$b;Ot3e5%~$ zyPzuGVOh|TG#6A*J1mPzB~OxNgClf&*d>K7_UEE)9(eG4!@k{f-DW{^<16j{<)G{9By3R zrsZz~Kf!XQaggF0Sdh+-han^dK3U9yC+npNaCfOy7=S!>krvf9h|YvcIIQd%8}2UAKnjpT-Q@(evy8ECnf$` zzJa}fbAaE-Wln)=R{Ucj^!Cs!ye{ymv zgXW=rjAwo)*o!}>d44I9Q`$a1Vn0UT^CTY6v zU8ohm58K%w$=sT=eo$1RcukWzgAS<`3l4OP?T+Zm0 zn!|1v?&JH1yGN>^6U=^+!-Fv~w?{UAl6Gl7@A+tg z?tMMyU&YzwWa(!TpmljT@k*xk=zJRe`%~0ri}sr&A~QZa@~J1a_|~H1q!wQ?rm#HH z`mo=w9N6~Z?;EEW0Ss`)-=AJ`gmPV+joWr$89l!0=5fB1eZ*l&J6oo0DL=6&mpQ2w ze-3}!cLRz-_m?gr9cJ2p`qi-YmfPCYi(#G@S}*k9`1Af7{}uile}T`FLK(Wja*!Dn z0`>-5hidI7rTos#Bdt2jtmHlDKFEvRxx+g?<~H(=b{mgq_5~_D>NZ{+@Po+fI_LyZ z0j2r%fmCVCbyQVrtn;r{Kf5RB_4W&(wA&)z_8s+FG$X5dR1o`rNQRrYL`;s6e(@fj zB)A=Ie+%pIZ}1S8{Un?eGl^6yFV$jpb=2nc+Uyao$*f-2UzY6+D=$-1Lh^CxJ|^61 znwCeWZ7ygc!PYqUI;W!1)}`k85!0UrH>9*%PeDbtqpFbQxF>a#?sm~tg}5v_z3O#d z8I_mw%B9S%O|Nx-Nfc{Mwf5#eC4l(`fKEwQoKD%-yin3FqokJTbuKOFTw2hjw4k9k z;3<>)Ej3E^UZ>JR^Sml8Xof?%v_Q+bPd%x$U}|ZhCU4*VQa_!O6FDl}wo;xMXVo+) zH%TKri^Bw(+3^%a2fPF5fOW33o#}L^I@yU1dpmX#q6Hm5rHn8d?*kR&FI-@(IIwLzHI>S2yf1P2ScBDLQJB=?ucUpB?c3N~AJ7Lk@G#WH= z#(LwK12u}tj}zFyb>vcdIJLa9&{_6r*jW?IXvZ)P+6}{`VbpqzY!cC1=7dk|WcnjM z8B-Ml2tJJC;07gw1Ev715MTzQq#KB-gU+$e;(@iDHJ#O+Ri9W49~2*_A#m;if7}pV z1g+FKM6k;9DI_sO=lJImKn~UlW+vlc;$F+3!EtLQ&yVBT zytB_Ml{ZR6P?Ebz8y>W_FgnnPA80=rAB$A_-!GYz1HLDYsD*Zmep}N*Kx=|4ej`5|O%CN~0$`f2zO{_?*>a zaKngzr4i=2)dp403EgorqB0OH6D|`l6EY(-XL71aG6*?29TDt=jQ9?Lp(UP%B$DU+ zloP%aDFkI8R7OljQ;k2=hvX5L0f8A1nF0L*K*s>kGuZ4{!!$Yuk?R5N2#nIAye1lF z2x4sdngP)t5dME7D{F_re`=?lQcOB&4KqQH=#MePHA}Bv(rl!MJ_n%F@d?G7+kSDH3mjfjEMaT!e4zy#RS`MesT8qdcx6vbGJorf2a={IZ zLHZ&G(n2R_k>m5rWk& zF&9TsvMSt>3%7}0j;$YFsG@1<--?dR{Lc_qq6upVb{3w;h`!XV8 zlp%c#=-QZp3uc)Jf2htW8atui#eEi0e`zt@gaQfUtwtL=c;LZJ0~$LY zVg@S~1jkXdGgwzla_a7MMZULk|cvf2kRHpdXam@OzOThG;Rq z%T$z$qHXf8(V%jMjOK8T5b=dU-b(|NMdWgkL^^tc@5@v0%``axh{rmJb50Zp!sw z)QCSw5~Dsal-xv;82Evq?ILT8{Q!eM!07LHx=n8kzAU5IsF^{yp8P0doXq4D`j5)z zXb6K`z$h0irCpIv+WQ}R-*#~H(M3N}s@Zz<=nWGXF%Np-qV?<)Q405nbTG#M58S`U z=+`NZ9uJ40hLJnTM@oQr5j-1W^2#|=_=8KBz#o%X7aV^l>1%=j!{{vxOb*64J`6@g z%Vl6%a_x$~4F2e^Ix9NESRioeG2$~q>Opg*wNVkHL5|T?GNGI~{IOrv)}Sd1BN``| z7_*}iJ|MVCrY(BR3_boSsf`kTUsbo~Bnm1*f=89`L2?n4bppc3d7K!2xmk7aRegum zr@V8B2x@>qj2o%*W3!}`M*$QbQi7&T`x4%Ux!%|J$JwHgLd^rye-@F}OxOk8Lqr5X*0kt#mU zs=?uzc4KU=lfYj61 zK_WiJ``x>{hsTrt;&i&ZKYh5l4l#Al_EbD!x8>7zTaw+*GQ)PLSUGuroI2X$HTiuq zP|PY>)oR(yV*Kn8`|l3&Lz8>J{*#qm0RVL*1i=0SqzeR~Y0llOoPn^)$D#U_4AdnjiuV*08PXU2m1A#3FE$n%1 zv_Ozu4VwfmjU*9aL+i ztNnPOUe9fd4q3%EQy}rkDMR#CuAVZtK4qdNE|hzJ;*=%)uBS{j;I_v~_L>z|nr&Fg z!b-EJSfRbH@wVUv=Ua$N5g;AWgzXi*@T1)QGv42|=7)|9h8evonIcsKkD56u&%8WC zW6wlhw-7^0D^I&R+PW;(2{;Hq@g*733jr)z+&;zIY2XY8&Q=4I)>@vg77RiQdE48y zF?^GM`bfLUB-=(DK!76a&9WhGjCRIdUVCOFu2h;_6U-q++vjo$YQ+p>wd}GImJ6IN z$tIEFkhB@fC+%;Cddr4Xf{B?4rvRF^giaZxpg7IpHCe`?_OQC885itTLk4l65NJs! zx@^Ud*CZMjm2{I$<4tmrtHq7rO`yfi;%V@I6oD=v&;(BIs@m&)!woenrD|46rJh$g zp>tW6+O-d@x3(y`ySlZ4l>HETaiZ;I{jb=T9%+2sC6{x zPP0fO@`cP_G>f37;gT4r7cyv;)sUutd2#xMRMy94KAGW}#j`b$i_uVvz0ptP-ptd1 zn4v(d#G>1w?8@8U z98_GDd{s?`7F=@`*G$E=9AxbUB?rnWD`u*qnW|K%d_*n$pdsfx9KLJN+32%>3~SVc zq?YvV{agPIyLN@{m{EqjURXO_2PPI@7^$}^N?FS2fXSN~dhqTt>$li46cdGQC`5k^K$g8l#xR-iP z%4xag^^nF!YFa+~1wN)(t$fd83Niibd-OdxE}wn#kEcRj(oE*+h@{zn0lF%OtvFGn zaC?awzmM0q$k*Ro|1)N)EXnf_??3n?&+d6tXmz(!C*@0g@hWol{@1^|LZAMH%v$BW z@;mvP2qX!1^2AT~cW;;c9%X5NZsM(-q@J_neKsB>J{32EoWJau0&9F!`~CNchxR|8 z%-$-U)4BcgvE&~2KOgCT$K?17vD3>-S{{n<$)8zqJQ$P`V zKasRaAE663r;kb{T_o?OjbIyI6u>mxOsyJHYaPI>XSKoaIuS)xHM&yb>7K#2OEERM zE8n%xe0BeWoQRw&rRCPA9-EffWm54E(`#SW^5*^r%q^CG?|(pQ74^6*APZFPYDutl zu9UlcJEEpXxmnVq+%&1~Tzo1e;gSehr6jmKkRHX(7SAcMF6WFyx;~L}JF=9v)_GE# zTP}L!R5dxPqSo#N{V4sMCYLslM_lGGa+R;v#}3S~V+Uq^?7$sAcHpX$E{MnZh6fzw zv8fGGuyK@s2VLo^Jd%bmL|tb_Az465#-%690AAMH1Y&#fqud^-6!~iWK4K3U@c;9- zZ*pZSk%U0nd=uvl;E`IAG4J2*?rHw>hDUBJkNh>Jr$)}M$uqJXkWm&3phTG%u|d5I zw@F~`7rW*L)HqPph!bkWsaBUV;6Nb^4pqXSErqpz$xag8$J_UB32@>ntWznhyC{JQ zn=eybP+6n^-cPFloG`~;Pz5Cq|J3gf=W5vIW)fjU3QJ@ysA7o+p^h(72gM2H6zo%r%SzoO%tM2kum$Ka}rO%#KmHQ_(zc?^Gz5?^K|Z zlX`f6TEdq}wGhQW@=k?$@tukvwmMinKXa=NYP_mb%C$5$_w4xd_v~PM(N2lIi*}Vf zUsA*TH(b6eG%~t8dk^n|Jh_8M905nk3o1MwJmP6Mm$^1~PU&h!E_2DJj`(t$PnFwz z7gWVNEDJi4=7I`phhyHfQZ8Y0LFn)elV>uUkW!mq z4qf@Erj>Y@wej6ABmwMIlBjD_N}^1mU1h`eYDsXYmIQmXBqA=_T$yZBc5}8d-N7t> znV+-zbT~YOI-zPT<(2Mk#@&bH6fC3=>r(g0<1g>xDR%h#YfmYoYM1k#!;Q<^ zwES)0C-`rC6Yo#&KE(S8_kXggMWhvfIF0^=?b0>jL&J^3vp74IX32LP=r09bzq5x| zwSLzAjI?;b#Wg*bTdgdc9wbAve7>NS7v*-AWQXrCz4qE!bIVPF=;rS3-SYZRDXu=* znxBPOew@ivy7jOfNxYO(7k_+z{UMvGgEO|-&U|cFIr5qF!~0>6>w3z}FVgRSq{Ls# zH?S9Q4)7bfykH;8@Rsw-^bXG}etVhfDb2$RME(_8In4T)^5LVke`Jd<*vnJ;Pfku{ z&^*+S@yzc8d-3Nq&o4!CO55j0?8oSP9>srP?Qx~?EI^u*Tr2E5X`H?^XW#2f-A$~o z3$^0+VLKZnnOk%AkAz6Va9gNlFX2V%NgBL zbJ*>|eSH6L_ed4Ad}(zTZ{pjd15iBcysrgM=OV~Q6V8X@lTczGzqZ-aH{a}kNWWdU zITYF>{^?Yi6#03?N59^0>87ylI~qB>vl0~YT+aJ!g4s`UcrYgB_Q*zm(k|`iJs(Zb zy|3r|t2n!yEd5LZv@Q=PUdgl`olm2Ge~Q{{(SDOeWX5MlKJ}y)-&%B>)Z$CV6qZL? zANJdo1KU3Qed81(fC0|<`_oH~P_B!!aoY|oqsLd>JkFQ0k2ox8XUnuLxKRsf8KxNzrugxFYtL%C_^_`4l<)c zz}{f%P_6x>l;62|q*aHRmAnVt2YInOcX-Fg+(!P_*)*c#_v=TtP>y3{;BV*1nIhLm>eDX7SHR28xu_oR-}-7dPS5SK-#SG~?F zqw;cIxs=(p>9sC@iDIp(*53T51TfzK&?)JP(<%F!7fSkNl++Tv&ZPyNOAES`7But* zJY{mfrAEo#>r`53o>!#>&2T7}7HB#5sV9{dOf4ZfyZGK!!DjFXWPU^12q z8H^pB4pAEB#3_glcn8n{>s)6$)9FrivJ)NlcI+gMb{GUeaBrL+My9zQMkS+|n6PSs zaLRSZRmWw=aS87@bewhII4u~4yA6e*$QIFaT5)BzxhJ+)8Q7{%kkIHa;lL!(X ze;`W9{4|-#vC&LSj!H2*=m|zG1}{&Q?Ud;h%AqzmZ1Gi{6lK}Gb%AkdlZjwBp35!+^ z!h_ZsCY|!ab2fN0SQ({``AF!0ha_V#GAa*tjQ9bJ zVwhY&1K{;&y`3Z^NnGb_=gjAle_>EC3~1bxz%MckXb_m0g7Ooe@EwgKnjAE^46P3A?M0+&ut(M=Nz%1urnZUkGT(*J(RxbkSYB${qzh0xYnKO&lq z_;DF82m_O3=F3Qj$mNZ-9^Sw0A*EEfHb77`;NL z8ozeXT92ok@SR8@CWMi}j{ZVv11&>)o{iVgUL7Bkt^N`+Y2F~HpM5JXH zHVDRbBjy(u72PDo14FekFA?+6p9h1UV?b9b#ORW!n$9GW!;le_`I6#-wQ&ey{K`J;A7L*8I$eY09)pjGGF5D{7&R&* zrYOMkx)=9Hf7y@m65~yb!Odum81Ri?hxdaGK`>{AydR8z{y=+j0}I*&^oxax_-Z_w zF=>MyA`3D2lxhKs3oz&djQYS(auZ2n;0K1bi>xvB0}TEEqrczjHZcU6Fpgs}dd1Nq zNEgxncEOn_(P{HJ8p0qKFvX;6Qg zY`|l|#5kc39=Y;9dMDyESy%LB@UQ-=v*JD(LFF64&|5->Iw-(Ea73jHF=BU$syK7_ z*M3!7>#=$5C6f-n&0q&Uj6Cwe;}-Vule0361J^}=`l}9~h>?v8 zROex07~Ftgtqg&R4j#j@;6M}|ny-5Ns>go|o*1j`CM+q;0ro~YCuPt2{|#t!X(g<)?RRLaebbU_007Lv5fA_X diff --git a/creusot/tests/should_succeed/iterators/04_skip/why3session.xml b/creusot/tests/should_succeed/iterators/04_skip/why3session.xml index cce829515b..a4cf2dfbcf 100644 --- a/creusot/tests/should_succeed/iterators/04_skip/why3session.xml +++ b/creusot/tests/should_succeed/iterators/04_skip/why3session.xml @@ -15,14 +15,14 @@ - + - + diff --git a/creusot/tests/should_succeed/iterators/04_skip/why3shapes.gz b/creusot/tests/should_succeed/iterators/04_skip/why3shapes.gz index 2f59a2570275da5828d37dd52f1e60e22a855dc6..13c8278158392db095393cdd3a26dbd4abadba8f 100644 GIT binary patch delta 1021 zcmV!x6f|eTG<=y_x$trt{0b>z=I`YVWItnYMqnwLS zS4CJIYcL7LE`Pbg#2HKqk`yM(dPyFcV&{}2{^d)6WkxeinDPQxTeu*`IE0+a0JYw@ zx_dbt!w|d$={Eb{yEe=;xreAdAKGVh=~@fg{gwRw=w5=w47&|pO;&ukM^sskUFgHP zJH7|Y^g2<(^amQ;)*a8`U)|iF{adgcTl$FiQQEmj_kVV12gyI--7;E}XpPU;+3Sl7 zuNNC9mYJt@DwLUJp*UvZwo)tt}?W(TtyN}>My?l#~-wvnI zYMFA)p>;>g;3*rdjc*uhiVhsJJw^?8XSD7QL+D3`Q9lLe1LYGpG2RW`9!W@X?HE+g zL;`yH@PB=O?4A#`WjKfUIUEOkxMOIahp%XFLywj zenDVVj-KkOJJC3?IdY7$r6PBMig?R61mYzFB&~crB+(A)E7T$=p!6`!6~4{TvA;%P3hyxvT{@ zv44!)b9Ya)z)riQ>8#^?_L=&H0ZtO{N!Pj-lJIFphqjS|y!RZzr2O9~|=C72R)391BH zf+&HPz)DC^jWSK3mC}skCTS3^3&t1~q=MipQczJ+ejU?*2S*JhT(H1Z#elk+ap{0V rL+TVGZ(InbnS_Q&?sv0XlagWbxX`>uYe!o{Kg z{Mm6Qo!XCn=>bkAQDl)P5%+VXNI`QZN+Xu3wGU6{;cur?tbd*mpfd|Ma5nqdeX`o! z%5B$8*RLm^Lm!&cA~QtL7!jn@GNVjrGgyddqX-L-JO#~}BJ3q-mBCDO%(Urupa}vn z2k3xj;J`PTVccX5Od6IocC$zVkm8p*J7$F+IT(81Ual141dK=g=_n%q=_s9?j%qGK z-xT3YtidJ}`+wvL6K60fSW?(5nIu{;%ZsNB0yQW!P`&YO>G->Ovnb z-RU(rZZ?S$Zr;e?cm8w<|LW%d>|cTt)Y5ypkJ8@X`+t{XJ1Fsq?v7){qBTCBXRj|l zJYQ{sIc^^|sZeg0h0>VG_mxtiq?`*CNQI7Wsn98x8r9>=jW4^t@7_ZF>FHZ^{B}H# zR>!q(j;%jA4iDMjTztb=Q*;oN?LKORzmWBC96~=jjQS}!A5cu(#CSh+2O=TGwPR2< z6A9#5hkx&fQ}=kR9H%*?&*3!C!=FO?ID9308+x*ANKr8|?B=mpg2|3xuMzK{Ml8Or z-{;Nvs1fgxUNb&i;nG$}6Klo;k;8mTpV9a!&u-kIj#jh|%|jk>jGxTqP>069oCabZ z)fWPWYV_1M-HFDD&5>i09m?DVl<}7J;)Aw2jDMd4P7MKd(^g1tq#ehmglujPIbZ9b zk+YjTg*FBeyHsxU*=^z=ZBwHa|EST5|FqFsI&H>AYjfKWEpwx_Su}dudTsbVES8AO zJ7l@Kuex0xrt}vOar2Fq!}vd3EjP(WEAyrE){n{=eifALmFYc}B@2%4IFI ziGNkxp8JoK3xeWL*Xf0nxir-(>$kd3Nzytt^HHR4pX(fWVBlUe?Nr zIxudP#kDGAAqrk#0R>wDmbFzzX$D%@Mu04Z!KS8(#F{sL4Nw5109%+sQ-Ehs@c^QP zvgAhAC3;gz8^B7?L7N`}blq@CD>CSkVR^-y3hTzAp=bmJQmm1%V1ZB|E5H_D3eW|p z0%QTA0A4_X%49IAZX}bUVP4l37}Q8JXv(IkO1?%}ptz0E^rzEW5M-lES!2VbRAs}A uRDw4Rj4|pqreenPU`mu&BNM?eP%5yJNEAV<|>P5s0G diff --git a/creusot/tests/should_succeed/iterators/05_map/why3session.xml b/creusot/tests/should_succeed/iterators/05_map/why3session.xml index 164348dcfd..9cf08b7ee3 100644 --- a/creusot/tests/should_succeed/iterators/05_map/why3session.xml +++ b/creusot/tests/should_succeed/iterators/05_map/why3session.xml @@ -18,7 +18,7 @@ - + @@ -143,7 +143,7 @@ - + @@ -158,13 +158,13 @@ - + - + @@ -181,13 +181,13 @@ - + - + @@ -199,13 +199,13 @@ - + - + diff --git a/creusot/tests/should_succeed/iterators/05_map/why3shapes.gz b/creusot/tests/should_succeed/iterators/05_map/why3shapes.gz index 9445b40a8db68c30b6376e07980957643d27a238..52605e284c6421120dad0c63f3591447d029f2a5 100644 GIT binary patch literal 5860 zcmV zGAWakp5OfX`LI=?x~p5%Mn1>bVUcJonTgzxnLzX3USB-?>ORDWi%;?X;pXo4KQ7e8 z>wkacZf-yA$yNSM_p~(Fo|OjQ^U@G|Q5teDOGE8dY3RK!4YN0Be7L_0AANk-TldpX zdrJ0{?J2)5OKQWQv-Qx{Lu!w`USLq#mM>s4Oxk0j!o}Y{JpL1n1~pN8A0O`Ce~Rwy zo|>KeaQE=&?{34*BR2o;w~vqL-BV1}JNL%D&Y$G2?3J3!>w^V%w?1M*S#e#MR2v+f z*M&DUF=uO`-7~Uh*y}`ZV7Ea^H}TrN ze@ye=$J<{Xe=U%A_~Z$CuXZ=ko40kgd-yo6=6Tuy%^Fr`deUQiv&{wcuYi%=0j@pQ zz_8G&3$3~?LtiG8qU&lmLraU-o5@av%gfzt;Js5Ee#-R7|)#LBY%avC4 zbETO*U1?@tSDM+|m1g#LrI|fmX=a~Sn#JpVldt*x>wQhN*5qGkv(~w>c!$Nxix=va zk+m>$krU3{Yp}20Cbw#oQVZB+(O+TTefh-ME@r_TKTUg(Nk0qa>MkiM7Vo zGuEEbw;q4iE}Nu(`U%zsQDq15E~hn}*y?Ea5wvb=ftx2EsR9OIUTcMz`;K8JIlCMD zesniS(-+-YAS4aAnH6a1zggqU;FDChjn=>V`>E*%fLAWy6hVi8=!*AApc{Lv95`j$ ztF3KlS~uQ4XNlaL(&Up1+NVs=6V@Yn=mB&eGX#9zG>tRsPkXq2QLz9liV*QJ; zelr%|IHq==J@9tx!}63!d7^jTz=1Tywlvpk&Ipnp@#IL5VkJoaC4%JNLy)`(QZ9l7 z(XtRNXNmD9NVyW^hI$r3@>9hNwkg9?Dq+r9BTHqoB?)Y?I49fL?|Sx`?AIR0vU4z= zGRiLXwNFVvFzqW6klg_mgpy0rYmY+CoL>|X(N)sBN+?RkYfojorb`eu6Xy!Ul&txD z3i)(<`vyxJ&sf@%Z0w2F^~CJsyW7?0ENXm$MfJ9{#lb$tJs~vUH>IU&t815Ny4;kO_B}aYI4S%sH@gV`2RPe9;h%B2pAr7k9Pej@|DD|Lf$*Q?g#D%yJ`n!r zT=9YM=LFHO%8e;dDjRE;OO)jJtzJRxS{JEZ%(gCOb{!;63XI(fdJ**1(M8hZy}Nx_ zT_2Fm>jSbkds{CL$X-__QnGz_pwsMnuUdZ7y{R>O-Q60{b|K5V25XJ(o}k>pcFR}? zMYMZYUhZAzTLUW7hGe_o)s>QZgQ4@##$M~i$5QR3t9xadFP76q25VOmqBT^zz!2>k zM73)Wk*`5!D2%rC9pG|3(j#N-YI(Wp5X&V{zS`)-tTJV~S#{Hx^;K!snAWA|E_J=3 zFsnXQE>Tw~VSx2+kE;2;!aVZP z&*jrncbXR4E6b86={wsB>*7{bE-i8oH@CmMkB{)Eu^Y)N5B%+vp&YqxbT6bHx`&M7 zm>|`o?W@ThF-Ki9lI?QSGI470UI*^DtAaZb5q=)ru`kS<-CBJRFCNjb6+ZSL`jhBr zaepKw1~2ug4nluCWisEKlhKwy8n&)xbwFVkgRb{~5RCSNTT$r>?rE0gTd8j9$(T|k z)JO6=?3&dpQp{MvdnWsX@4-j>w2l3w$n2Mt}64@wXp%2Ek3Jw>a5@ROAG!VX~78z9Ymf>dV1iRD!exBC{-%Q z$BcEYF=h1g4lsc@*ks9h6JH>M#)P%N*S!GPiaJ^KpR%FD%=J&Pp?qX@h+sOK`$#pt zjYGc-Y;55GuIUC;Bi}Ugb(hVlN_^iZmIB+H6slG#lXE3Q9G4^RZez*o7HH-$T{Np~ z(QH40+)YHzV%)|6=&_KINf)zo+)pY2HG`5Yjo8Mk;l7b z-K*zRcu;ehVpYpXubyiOL*-IJA;q*emYc7hsm^ab?W&|ea+QFV=aF+&p*^XbD;lj1 zQwtd)7cv$otgY_=m#W4JnQZk7*`V|_i!(t{>OGZL-?t}Mtty~htO@jeeV14IMFmru zZ7ORGT8k489Yuwj+dE%>U=~)C$0OTB&vVmNXSaiH>BB?3Uq3s1B9K&uNyQkwD$pDd zxt>&nX0O}x%GS_L0O|_=c4Qf?`Ch> zeFGwcRrN{C3~~KPT2%%4y|76%1nwOv3~U8DbM&zBXD)tLgaI4U6XCl-*? z8B)J@Vv=2u`Z5ACBxM54&*0lDe>N9TDLZthJo|1@im_|UX3hF_bGEFxb-gY$GuhU6 zfaj<3OP^`Jd-frwt3BIwA(-^>L%M+Y-St{F-%DJ#%J6KXt%n>qr4&@W&5^@~-zh_D zljFU~UAG*(f#3X!K(gR6J4Z2{@^ilBzS6bwvQ3eK{SvUyxz_yJz3Za(*Ij@1^gqA* zPxrz7;r__aGE*0IbP%PggkTLB)Lzl3!Queaet5wB#S|zdwQjWL^(w zw#tOEqm_$PXcG&VE}LA~hFmb=ZHBc7hE}(k`;Tr1(%erq%*f+8y8W~j+2pDCNo%~) zT9v=-)%5D)?R|9qS2w*T$_dDte^-H~<=H@ASV-(GSwn;=sRB~qZ6CuDHxO-IthMDn3R z19?@z+-fq~3ticYR;S7ZM20GD2Sw@zCAHpQa4%D0n@hs%MuDn-YH<3z3A>h#aNB5^??sZclEi#HNCDJmF*R3mg)ond(=1l^n`BjNp^h${^`+89# z&GPJCiLS0sDv^?z{ZGb)J@x3f{`M&J}VGgyhFgb=T&_B3Slo!d>u8-tx;|H zy`LY7ETO#Iw@9%4ZlU^8a#3k)p1%}XkaDy)DyB~YEXbeBEoH}D1!ya%oc}~X`!+9S z-B*A4^4(wBea)B3qo)$|=xeHUoq)_gYQ8b!rxVshAX)#@6$CC%!f=8&f)2Y7P}Nx1hn{~I??{E`Xx1ovq&C#`g1 z+QS)@Qk|^VoLw+B2s&^*a5Zo_a4~Q`P%_wo zvw>rT49pJ93``G94NMM9yfUK_lo(C9vo83_5N)|NoCt2DlG6pZgTO-arGWLQ86|P# z&NvYmRZ)sarSYST4rC|5+IQAMO#RN>`PHcobwZrM_-CM z=EoqpcUG{;QzA8zM`i>V$0e*;XT5td$;trAERHO$N25IaqaBqY(o5;6HdChV#XO3k zDkum3u>hmxEKoNZVW&tmi&U{JS@vSQvkE+d2c}F;ln2EHA;A*I?I@%zdUxdepUtC) zfb(_oCWuJf2+naq$I(kone~ik>eQg+pv6nk$T{~~2b_}vQAUv7E8?j0P9QgbDjYgJH^xrIJjkG5?%d$g$Vn(OYR`iirL&A67KB%x(3d%A z=nE34CTJXk`f0+VLzqgVHYSWdPQ)oEGl60-d@wI&$Yh#KAe7tarXYM&@PSGOMJ6R- zH^oKEm!%QmtDu7Oi3TCGia`muo{3I~{S7jrOrv^XJ|YAL$0p|WglLPHn7y>csfRSq zPZyM@Gz5TB76NFLAWI=gQwZ`Df<%QNQz4i`5;CMEBxNh)1V<3s>oAIm3khu}2mn*^le3@ifY^_YQ6r*Z5owr27;acV^udBs3MW=U3?#_%XiCLW zE|!w9l#QiyEahY0n<)4s%Y1|*1r6HxfOG(1hUQ+5#88@vV)l87(p)hvH7qIlcE&A| zNh?(F27#lZtPsVXmniQ8H8C2EkU|q{CD9bF$Pka?+z?WTGS5p?5*7z`FQY|_t#u?! zS|1}0MmhN$=};_qR-(qJBQj3qqK`sSK@B&fo6>&@(SImJ@#iJV*<|1F(KbvDb|;i| z+)0&e&*MiSN<1%7Ml*w;N(DnhN;37tz%IqSurZF(XQJpcTOXolK|GCt>xg^^NgVVG zzRQi!^l_qvQ|ft%3dnDxcAD978eN!lN06&)8f^?yO?Bvl_P;=dYl4|6ULcOCs{g9*z{wOV~=JOL?AqaSk$B(8|^rv zLk21Wj%-8@;LZS+;2+wV8erqVhTwpv=-@;=;75(K(IUm1BpnIEX)Px+d5@p)!up$l z)AXk}47180&Xrz_WE#2T0b3S<((!^K$f1aGD8d|yIENz8p@?*-NC<%h!45^VLq#f& zVxHhd!w~g+4MAp%Npx}Ih|na1?K>ueCW@%hFjh`rgkMyuAA)}pBTjuwEHY6#1+A<= z8in8++4BgyFZj(5rNL&E4QdQ_8X1YqA}A6#*pLD+rsM^K^0K77NIEH!W2#ddh%^u- z(^o*GQq@`&B}N+hi%^y#mfffT!CXCyI69TK&;en*3>;ZyumXoD6b(5LPFJ7- z3Z3fWK!NO+BK`foq%cQRkdas&CTsN=g@qu%PLf1+bz#@rwe)6;osZ@b@)k019h#(&B$3u@Mu+Zp2p2cztR2HaA zy5BI*NFq!_2?$eLI5AK8IBAEo)CHh4kyL+U0mkwdCRIryES7oc|EYMh>u|Q-0Rkkq+%F<=r6has|lvgoOui@Jxv^d7P4fZG4isUi4 zD3AjqP>msQA|`}n9s=)W@PU-NVHX3gQ^IT&;+<89g3r5mKu&z$=xyiF6;>-@y7`Q;hgXm%k=`g_o zjkAX2do@PW9k~5b4#n$qVL?5?X|8;T#0g|u2seU|$iE5&^aoRca8HcZk0ii|_(Zut z3hzBjmwG7%ykKcfT9j6$WoaE!L6)w>)6ICgc1KRZXd)N$kW(;3I}AAmV*b2S1J#~_ zLxv&{TZYkU<|%>;J=$P=&Mq0pR1T0lUA6-xLZNdH4WdgmyO0tdtGHn@{e4WNU@1N! u(iV{NOF#mIw{V0}N}NGqQjtU#a0*f6>#7ti8A7!$0Qr9$=5Id=X8-_AwPx)A literal 5868 zcmVz3S-?CIHGzaL&CSj8&KFKIfq9hM3N6NyB=keNW~-(Ful{OUi94;P=t`-hvm+yA)G z7q9>QmA|?Dv}af8llGJwe9v=3>_u+Kz03`@SGl40IycPT$GJmNYtsWb#S zuQP8bGG}X`+jF+(SnEO*=UYT^o*^?)cp_Jb;{3AA%c;!ES)JEm-jBDp;{!0DUzPr) zA!`G?tbj7TZ-&VRi^l&tM$i3`CKHLTJm9X#L)^ zZZG_-n?z!&6}Bz1rPCZ{8MY|M0P2!3AoNCJif)fwi-}+2#WJSIF4zV6MF| zm|>ySWLixbhQ357q3dclV~c~=i%CvJsLS1K;hbsL<#H?e zx!g>iE;o~}%gyBNax?k6+)N%XHs?E!4^J3HHMfNdA=F9b=WtN_5nOy&#tvb1$Z97ZuB)3dy z6+7c@)6NbCoVK$Bm~JcQ-3CXR&k7d`dAoJQAe$|kq#BRi*dFNQGuRVR~ z=|k-aXYH~|`lp{@Z4gy*5bsi2(}=CSZ5~1Ewifsq_(&D-0_L?=h`H|=ca*cg!RMpD zIRamFXTcCP;AU2!rT=C+nyf@)3L^;#49dH9O->^f1-&(P8-qg$nZ|&S3J(OV!SvIoY>B@HU^$a zw)p1CR-zKCe2YI_MgabH;glJX;w)Jgh?be?nhhnj%yN*ctZPF7bK=D>|6=`%v3@fa z-`J*hpWX0w>&^0%NJXS~UciAg<+e1}W6lUt9P#8xka8tR@g;&3-$Rfh3sNnD1koxJ zt!9adDoC{w2*gTXUZ?Kh-j7ct`drz@w!tPuWb^9&BVFjusLf!pF%#} z-oC-o`ZJdHBpZ98bv-fr`0jS~Ig9F_U{S3tZE>)TaZd;h^V{6grPVk|yDhr)m@`f? z0%pG0Q%=&Z1Zcj*Nt*BBBuy5kTZ9RsbH*;*%yCnN=~lutr<|lYnp>0pf7fuR)%grvr{{hbSQ21wD?q`JmG{^fH;eRLhdm#KLIpMJBgb#%OIahoj z{5e4kt8!xul=8yr;S#YFzm+4XUF~9}i@Vyz?XJNjSjMqiVb6lTIyy*ty!W>ctK$Q< zd3?b3cJIpJ0o$9xL}J@#2PQ(7bJhGwds}Mura3jBdLS#B2Ct3goFJdUHp6&>Mb>jy zk0`nnFoA!7%C7##+n4$5QR3)wwdIgXMUT!RwKPtPNccFl0Rj(e)Ta zrely93#U51L7b0A+R1o5T3(JiqMEUR$Vn_eN>t>rgoXROJ8p&%&Jf4 zL)6ujFu-!QNb`KO98J~ZQE_xCx*Vb%pNiHxc|9K`<{!rQQ>ngvx_Q8`VSe*5%;nQu zcbXR4%fq54X*=r(=f|z8TpZ*dZf<{hKR&{vj?J4i^1$Ct3Coe|M)yMMp?gSE922D5 zY1?XYL(EavJjr&sX#t#Syw{*R?kea`M1-G5ckBz(Vz)*g#EVBXY=w_4igqVD8r*J4 zk-UF z=@2|#9{5Xqe`fJ*#hB;!mra8|?e=#Y`^MAn1#KwGSKbk7^<(3j&`JF`b7kmD^h5m^ z{rEoDicads_7$T@?&_A&S}i`Sc>1j0_)81^A8Ek}2^~b9OL}_XnhL%Oc9bgR?PH#G ztuguS=N(`~aj?jo^G3cv29*hGfvOW;chnef2VnJ!kY9@l|Y_22L^fosA z{9c_uW{yGtQxv}{}8?^=}C@yu&-JK`HCO@fDnsb7T79^8V87)k0 z=t_o)WYh;%oK7j=>QuiiBB~{2z4_G)mkV&^s~K+bkqLftjjLsC)PLb{-_72%`36Kn ztIL&`8RPnrv@Wh!Uwvf(Sv;YDEDs9Edb@zEn@0Q9o-ZpP>oWypc~n3aPb?tEJ*0f^ z#74VdYw-1!Kc5Sz#1Gx6NWNRkcI#k zqkn$)ckq2#L!xUH z|H0$)C;xzlcdSL4Uzca99e2z0w3>qsD(-WT{JL=OQ^Mq+CI9gM{Sgdc^LSu$MJB|L zMlMpJDi$zZRk`pDxd7m8!nFv7irY;6N2dc3_EQNn()$$Me%gv`5-5ICiC1c?@Rz@u zUVXg1AAR`M_wUDx4|g|^#?L>;#j_%--NLv;+OCz)uHi~Pa!K4SLl;Cz9Pfw@knt87 zkFFdr{;q`QcN<>6tmtmnFlcw0xqHcvnOk1%tDy3{+~4IW9-l{Io#_V0)0VT+jos(8 zX~ia5_>`w^6qZ-pnf{R&y3+Q>uJSm4H}f2=FSAuC*S1Aq@UwLq zQ~_4BMCVxD78L~*gTn_G+K;M|KMzJ0;4mnXiC8evORn?LvSMUf?x zSNj?X*3TNMFC`Zp-_7t#kp(G7y`y5=B*20Ex!jUh+*E+Jg39?%1k`Wy5^uixE0*v6 zQu8%mQb$)M=;&*zw9ddtmtdUq@-1R&z8Xw+Nh>~E1=8#9)83rE&ho8QAU%I6x8$=i z*T^bf5|hK8t6JAEHEGrdHHQQi9pKF^B;nuR{O`EAaGQ0R{lUo!|d{hL)7(V@72tN zDn*Qc#f((WgkDa<^PnNjUqoc`BQ(&PF{V-AQrI{{->m&xUFGU=Ln@Epx1ma2b;~+Wl zX>vmAU`C-MVqw1mG4)nBJs=BlBR7nc=p~T|(;x-cTt_}|iipW|WIHk)>5f!KvLm49 z9Z{adcBa#v>M(7G-j2P}K4{&G&dINst)B)Z2xN1~tRW%EOrDHo(pV!ypJvnFYc_5NVJ7Jy4lahN?=A1iDL(aP zP?JdN>BP}&_)lLko0+(gH27dA1AEl{$h5GAje?8<8F4m!#7Rw^W}R}KvYj%Wg4k83 zWT!-@c&DgStdp=J$kudHcM@9hRlI;yNr4BdccjK(l(XEA5VtWL97?=kFGZb=`XGa{ z9;&FkH_-JkSfl}5Nv_R>hEceeqRvU!v+%y>@R%?*uT_}B)CXoJ8U`Jy)ApsP>xo&# zM=|wqY+70~1#M|maO(n!$0K#-#Uu-AglDSf#`a`5wjei{poQs;vQGL$9laEFgCj9I zZ(Pqt>|X;+*jw&k64=S4kV)@eOtO<0tmt*%!7|V{TA>6}MhQpSD>o(TUd*FR&cU}~ zKOLuOu&`e|Iy(+b_s+rxCdu*_vx=b)laf+#<+xH4BPJAt8x5qFs!!A%`Tpmk4(4f` zH5S3hpcxZE%HECB-~~CyZKh6lMs-HM6ph*_HVnjup12MJS7WawjUZ5ZH91N&B2sxV z1vH9lVq9qhp^_6`1!;Ic#i%xnA)5#5%!}`P*IqXAy_QebtA|A(4c<_>-eiJ-1N6_LBu{)#* zIW$l&OQW2K_i6|ONv*9xWVJw+O{jxN|iicoq%-HaI9Q>dVz$nwhh(u5J z0?|0q5Fm4sqlN1W3o=XMfhb;jTgqN^sV$>njqbXZETeNIGWKC`>~Txn!+@|J(EI8 zg%9l9-hlIi9r=JQ8<7KEbqI{`gLa|@vkA9G{V1Fap6o&h8b?r zKUpQe3Ar<%5PGBZMAmrx?wK&kL+6>1hSVAt}JYxre+z?`^(l}|mp;80#3l^01TAvq=!+nC5; zqG(-W$C8epfJG=vh-Ehd_?}BQ2qxXc^fZkj^u4eeSsRyHh;Tv3fe48j zArXRx;|Eh9`z55m-o_~{OF8TlV`dg?WjjFfE1uXm<}B&pZpofBIN!s z6VnS9PbQS;wSa+pBZi=2(38mmS|kzAPaX@5J3lbEVYnZGbWF%8^rNx8XMI0q@*IXc zOyw|@jprNo8A%+q)I*Sy=YGH^$IfrFmz9CwLVB`{@O?<>=h(WD&f}vJCzw zSPH{tJ}9R+GXc2};tXqLFOYzQSU()gQpBHRITJhyVmQRMh`?bBcEY9$=N3dPb1R?B zl_M6xj*lPtFTR|B{lmZ)_6FIG@U)ORl)Qxl0)ZiA(VXHLxcfmAVEdNv&4GK4?F~`8nYfb3P6y_kVj)vNKbQ*9BTx?5 z-{F9z=p7R-#_9(A@MfUlg2yp&P#hJ9#c@alc{~!2C*$$h9XSQ3NG{-zQ*cB(961F? zWF38u92K;9gmn(mNR5cfkA@+LHSnQoi0KIz02M$f;$b^bA{07P6+=omV6?K_jY8`_ z2+<=f#&&1f7${_v>Pt|1hY*WtgjP)GFlsg#F2QUT29FfLW|aC%Q2rmD@*Cy~X8-_& CVTbkr diff --git a/creusot/tests/should_succeed/iterators/06_map_precond/why3session.xml b/creusot/tests/should_succeed/iterators/06_map_precond/why3session.xml index a78f67f01b..afd1ce5986 100644 --- a/creusot/tests/should_succeed/iterators/06_map_precond/why3session.xml +++ b/creusot/tests/should_succeed/iterators/06_map_precond/why3session.xml @@ -12,7 +12,7 @@ - + @@ -25,7 +25,7 @@ - + @@ -85,7 +85,7 @@ - + @@ -94,7 +94,7 @@ - + @@ -109,7 +109,7 @@ - + @@ -190,14 +190,14 @@ - + - + @@ -216,7 +216,7 @@ - + @@ -231,13 +231,13 @@ - + - + - + @@ -254,7 +254,7 @@ - + @@ -275,16 +275,16 @@ - + - + - + @@ -294,7 +294,7 @@ - + @@ -334,19 +334,19 @@ - + - + - + @@ -354,7 +354,7 @@ - + diff --git a/creusot/tests/should_succeed/iterators/06_map_precond/why3shapes.gz b/creusot/tests/should_succeed/iterators/06_map_precond/why3shapes.gz index 9d0181743eb758ce7fe0e2c586dc49bee6e531fa..591379734a997e3d6b7c134c41271f17b39f0fd2 100644 GIT binary patch literal 8695 zcmV?n_r)YWU-3XUEPvxjpRjUv6`-8@$iy--ZQKGUw(db{}1dnvp_2S`ocYX7DAnz~SUA({j_&K^?2C;L$-QGWh+ne$F0d+t8`sra10~`3x zUAmufNq4y!9mKoe531hYggDS#_bOLuzXK~je4rTV)6Gr1e;DMTr^5EDreAs0>Ztr| zuCJEHW-wD_GZ%t13-awWGNpBBO0FukcyK%~i|45Nep(95jkRk!P~NW5oxni9-QA9# zLcAZSbbtBFK-ECaKC{f6(7j2ta0|0Bg z!1Vj_zbki%aqC)6{V=tgR!;7w%Gl@O?VEIa_oiRG4|urXVu1x)7N0L563aHoWvA5P zhUmfk?hZ%Er5UT2K=VSX9vaHbM7nMr13@z!bis1R%v5f1b4D4MQB;P`cWgJoU!LG; zR$DaY5{;pG12$W@llCldzzeeQLaV6D^RAihda*rg^=uA?_@yxewx9_Y*07KtZD1C7 zqJ>2|*zp2Jk@3hHvrZQpg{?%k646R{4_?{YcO6%DTMcF!AGbYZS$gFOx?kOIAJV6r z0Qi=jP^IMhA>OqTcX#b>9)7}Y*=dW5+SodGaXel3_xMn_h)v8_3rH@gJczb8@ve+B zkvKZ%?mzka`1_}rH=UDE>Z9dEIR{SG-2IH>?Ai{u#Xz;L|10MDyK7+im#KE{eN`{euG510sb(PkXqWxXs(jTM*&U2EaE=icT6v|FPt8zP2+dF4 z@8;fec;|NZwTqdRaa})5TZ|&|cmMy(+ z7y0SN8oKVrUu$YncfZIM=T8WhXBpz8SgE}qh?TrrO{N@U$uF0o zVTtx&n)k_vEj0ODW4;R~;1o{G&X>U^Jkb@PR^u+9IFwGg=tw-}!bLu2X@ezo_4pG!8Ul^ zT=|<3Ja;j{7+wqW8IjxaFkJlY zRP}?7SJL$qL5CgDl~Bp>*qGzA0;fdTYHBC>%Kf*cPjt8f|G~4b;e&&wmGRbvr+Dy1 zC_2le>#CVw55_%U-SyMci;Y_SY;gM(Y74ciVszIhR_;5yKc^Jk_0ocESgjd91BX zQ{S>_>Hsim+aZ7ELC?76a&tvj5K$}dTs|EesQmq)m_{79UVL;Att-)bc8O)%f4%b2 zH-KN=bouVjE&u;+%TGjR9<_Hj!!sN9^zKp1e7CmhPeD-SdG-;xJpZRhYY z4ZLR=>I~e}(as&gO|Rglz6NgUIpC%$+{^+u5N#^aX2z9ja5F2oZ7@-VoBC?FO$Nk9 zAW&|C>=f4ZS@EXxr1}ldlRdrRQ;>Aoah12sOyDZn9)bI9a6QjhN9fA+x)IhpHB;5# zWmfRgYk1YF9lXjW%=pqBzVfJ-tGljE53#Aw9%8ye%!ZzDTM4)GcIpN(yMmZLo>_&M zJ^`^z0TG|&Oa>Vxi9p1^oVfUX$d*qd%$u3B)nrs!;IoQrrXVsjDQNO+a?5_Ax& zB!wWk;0%=b3Q8hpDa3?AfvZixKGP^0i^BU6%DxLWuWy5@SY<*)Z-<`&sh}&6@(!e{ zcs}j;^;`C3>511qR%NtweU!GAgWAZF%6d59a?o9tR34lq5Pka9EJ<0r&XMxX94Q|t zEs4>RBgGw=FiZJ~94VByO8ZdELqWY#x$pByIyq5 ztMWc~nh7>}W@e&=we0wmQLTB`jY;R@2;K1l+Z`{^kLONByO1q+Dq8MTw%nJKrmG>jXz496cP^H!JeM`Z%RA1h z#|=a$CDl5WrRG$Ynghi5@nf3erJt|w(QKTbdNRhICj(SQ###Z92Lz2pI(=3OYLx-FKUW&DM_0oq%$P+A-jWqYH+0QW*r#spImPa zJdJV?Bi~rwzdhReXvp3GUqHJ>@yU+qA;Py8<2+6_*J2|Yx2my4Y=-A`~6Fs@w26c3Y38vE{#hGwOFw zVXpJ+dzN{3rzq?k-}U?t{i^QamMi=uLATqGluz?h*AO`4L_P`ua|)DCb7G&7kaJkv zbZt*U@Qjc9bmXnw-Dd;bb9uifz?9wKKSA^-h`t*{C&G1KVFzwS@6Oxgo8t4dsk+;+ zbx$DQ>u3^uk+8pitX;j-4s?E2e+Wax7F7)KM5nbjc zNDUB?8NOyhwIC~0pJVBYYV(b#o-DL2FlS~uf#FB_Or90ie?s<8$o`m+J+ZY1ZtHTO z`atM6S8S?w6u6sxoxDCL10;v&eWcmBRXi8&nM|1TdaRAut!NDy*WLT2t@s+2>(WAF z%_9_{@RZd%4Bh^@dWWl545e-$NRzEa1E)^27xW;dp*M`!v-M9Uq3o%Z%43MFtooXG zLAwWbS|dTHH4=T&!%lBE_GNlnA3@&D5nkI;XJ$@q=);r+AH+t=0;T!g#>+u=DU0&D zV~Iz%@Hk&yDO1ZUWqQe8m?fuSyBEJm4H&b9eo7C+%~MGWH&fc)Ap4%T#^lr98dL3p zwztOEiMPgBccI(GSHCsJ&b&3I+FN6^y)`Dk@2#;p^TCfYAN;#AA7|WvT>90a^1CUM zFeerC9DKf;;^4JhO#Ro(R+Y62I^{O*J5no|?KMt!k6LI^qo~`nnd|1`EZx+)ruSf? z_1i{I?4)~*w9D@t5V@{Yc56x%>6R(dEmI`&+e!G}#Sv@QPIIE=u`I|<{POT&B^bZG zX-?Gsl3!gpB_m7LYPTVXp3?4WL$)$|Vzo7D7N>V@icl2c83Of7m$uhq}i8IGJ=wZ>uH)QmdC_xWPd2|`JWJv3&3b;Ackg&WmZW(P{(7{eNtF3QHPIsL z+gC?i0AsP(glA07Z1f$=;U_gbA!$@EX&QNY3lNL_eBf=gFy^uOx+TL8je9|-g9da? zzW(e!EH)$Vmhz&D-hTKW?lr8xB$9enVKW~4HgZseiba=VC z#DAwAE*}2%TYS?A#!2ANR*}{3UlbrN)1_^`+wRsfr_qxIiFqI6%B`=ZYxQD&|{cVF}o7Fm6CbhaT^KeyS<_AhOV6Y)sxW7p)- zAtomT)!LJeMV6w=x&Aa=>qGG>^C}OJyxu4+RwR$UG{~4|+c27wO{D z&0TciAI^V_Z+^SIhA?^i_HFKiOtNOTaM%Qmr31P<%k)#-Q_oIH+d;@dr~~0MtCgA`l4BM#>vcE^y| z9iS$UbmwlT!veQkXM!KYqL`Xb?9yl#TeOo}XOQgi#mBI>)!xVNA-k6W?i2CSs=MmbDf^A?cA+wec|fsYzL{=w!_p_wN7?t#A|*IK|csF?RRgq z&}JsB#?F@Mv=oCh=wYff&4#oyo%0p?@28Uuoy{)sAk*^g)?0@X3A3J< zwp^W%MRTpq2bX#2HuwPEpadt^MFCs9>sSD{r6FHr&$|T^V4Z0jGZS^fr%s_vOS5hk zTD4i^t0s2_U8vK&)OlA*)CRqp4_XXr+QdPx>D6Re9aNf@qgZcr zczM4M7EzPAIphnfmOjY_jY^m2gRVo32GUMbc7x+z8qwI^gqmZB%uOOg&Ms!5M> zg}F7^F(~rx-6A~-rY>`DRea#SJ)NInuxTGM@@UU-H0#qN36cvJ38M2S2TQfec&#&D zipvNan_3i;ykW(n2kwJlP0@Oi6_9yNq&) zK2fzKMyOsQO4J;uL+oK(impGcMs3Tb*e*mumIw@^kE8*3yPz!%z*`!Cwln~LmKPxS z{P8$lf{~XwhEfq!VlIo2y*hf9Ut}nybgA`zek-DV5z($A$1R$C7q4%yIqu{2|BbU* zw+>4$feO)+(FKM25QJ!NX_zi7%yXQ5Vgqbfw-6#Py3AimoR+oz4sG36xTZrNi&nMO z($(})(Yavy;^NR^TGPkKYBX@-!vgzR3(+|?%69D{FKu~y=>7Ux<%Vfefhg?9|E%lw z;cARG57!U>`tbJS?fs{_?0>A*o(yy&Y)f+BwtUsH3)>F!Ye& zuflUMOY-MV>DD(O*OAgvKs)KN^fBiGyKd_XQwLvGt$VNzre;bzPFA~xw<{;FL(Eh) zPF9Uca(eGFr}MzvE%0jpITQvM@?uh2Ayg(oP?WddZ{;1Z%GWlpv>;{&n*x)AI#a}^pn-^=)l?yV>nqxCC zNk!K>bl>oJ^eNz?&6W+It?|-n`zUZ%tG(;h!M{^BauuMas!*ltyL49z{t6NO8+fH) zl?PZlF|B#uamxwx@21hF8CqzW(Ibvw?2u!olKHcutbfVxvSbp}MN$Eaqei-?B`v?Y?bb1#a{+1pN)ba@uyJWO%c@|bu&lg()XRRq}UysoPva?>r0DpA9Y!2ACFbh1s>17rE40>^TxB>vj50+!Eat>n^_0?fI<#lXC7^SF3BD@*tD z+ido%C;S$Q4p^S2J77T4Db>>Gkgtv#{XCGWeC=S0(lxNW%De0X?a))8auBvS+jCzP z%D#A(Z?n_&1cD|%l+4OsiJz*?@R$Bp%*tPEDgVA!UJL%Dp`TEve35P$p>!^u)OpwF z*WLgAX}8{C`J_Jj)KC88`=;@7*mO3qJ8xAjX3Xjn|M@#&+3cX5(XwSt=Yq}^KeD8| zqI&#cWyA1h!z`9k=RAvJGg}^+*>Y`W%iaK*&DP6m$i8nT0G-WjHLOz)Rlt#EW~)Op zTa|}T5OA~0$+lfi+6QfzX!eO{PI;DD#{%vM4YYiiKc6uyj9b35kd5wAssm|WG%cU{ znRSP1kjn^MQB_qzXGB#Qmu($eY%jBAdrc=OI@4ffd(Gcq(2I-O~P?ZjC#rSd@ z#V(#D?cycNKdfP^n|ED8-1U2TacNR^(R#dR>$Uvr9~T!&IF(%D+H0w#4#_(17>_|Z!!6}+sMu4!r)*E@o|3)Yo4wwv zz1)jE-=lO-F2Wd?4@6Tf#280-Mlx{26&a0lQR}Dl!MqVsx>32&8Wy=`Zq&qD8x&)V zus2-ox!iNIXLirbp6NYPdnWfx>=`;?dq($+?5W*Tv!{Ab)t*XpY=u%TsN}sMMCc%- zp*$&SEEk5y_=fX62Oabq`W{VEA&gR}7@^)};x;%F(ggJoCD49 z3bk_tW|X3mpirCd={uT`6k%487-6;$E0fol1f@D!pW+)O_ZHooJ=b5`Hxt&|F&ZbL zu{t=*qa3N!TzF;um`dO5+xqs>G9SJ2i5e+9(Loc#6BAf^4c9sMt;AmOy<&Ss_loSL z-Al8VdM|-DxtC%u`ChWUqj z;)%B*coh}=Cm(gBij^gxuTEx2+FQ?}NS-K>QgDGPp`1y;m=gAl(tAr@oy=quki>$c z)W*?jPDu<=bH**$EYVD+Qm;-XR?|UbYDyvaI7`M75rj?x;?%KJR#TZ*C)0{xsYyWu z@My9|N^Oiv<7frEPr(YA_SMN8M;=BSj0@05+$u+vCW*6Xnc~UvOs0N)Y#NeA4fb|f zya^sv5F>Zaar{D|$sdGFm!L65F+w4a!Q#KkFioWLjA@AG!b0ZtH{D2Y4YA4#i{-;+ zQ$0eBdX~6SDy2f^>$8v-4oZ$en-M9cgT#b!K@1EY>AmE>Z2IeqcNlLnz%(IT3nvBc zgb|d1)-giZ7f#pg)ybr6|^|WXio3d(B^+SZxxMj&N_V z^^l?_xWi4r#YNTFB@rF?JL-n>5h zj}e50QG>ZO5rmG?C*~8pAz}k#V6W2Fz>ObIwek_nnF;x3p6%j#ScPn zwm~dcmRb$3H=}}hBZCSS%(5SlWJ?`|QsZON zl1nl|5DPC^q73FYALAQ}h7?0mf_4NANxqi&6Zqr!WBAKqGqSgKZ_VDqD_46f_f{P8 zi-fHwql=1Brlf=vWlRXc1JNXMokKVAx{Oaojs#rEAom=%S=d>nxEKST*lF?EixVb@ zWY+uaKm-C$*9G{I$#Y2LpuM7%u#Be{CQK#kHFh&3$)kXJ8y!Rfqo7iep!u|7^c7aj zIPalx6-)wUtrJm=qp+Mu!bmI%mx`BPFnFuX%B=c58x6#~v5LqM{GO7Iu9(@By*$GF zC@pr5Cns#QM#0f1E@g1gYEiI=B~IY=>xSCK;w911&(aNrX&3Qm$FuSHj6ju8dj zYs3h$qJ<>Gniu3kRtCV^`46Atxy( z#!(YOn9$5i2n%Xyg2`hgbEJxXj{f+|tMO!E=y;uCFk`aH6Rmm9MsUqxzeiVT7bCErZ7w1&SH7a3VLv1P@h=J4{nYCU-Fs_r8 zJoQ@S2^Jg#+2}`-q|A}r6cve-jK)A)(N`u<1vo`;0FrlHxda=8%b=5nCF$U{hf1D) zE%J;d@Se1doT;dikT8p&@lB#CIX${pCQm>acsM43QJ{~EB*3NeB8@f~{DkV@iOI=( z=AC272JBLR#ba%BV}Po%&I0~2(iH#5v4iqsK7K+K^Mng1OQ(ejArROV0;r)Hm9?s! zOSF}^m$@|tl(`H8N(?A5pafw8gbCCWolNveaD^4sjF_Mayh0{(uEtqdEGj5S zmBa!$C!k#6OhKt?B9a{q9pMUVbfD3JMh6NVD0Glfr_h7KKnepX45Uy`p`IcYZqk0= z>+^0@ zI^>Jck|3;PKKK+OtX3;X49Smc@P*Gs$Yp*7uX1;Mc{d5 zzff{vjB(KaKA33LSi~_ak!AKHk)2HB5pWKQI&EOJM2Mv5pjSq#iK|ipz6FE*&hoj$ z94^oC@*FVF5%U}}&oT2KZfb!DlJlgai16ZMVAu#kppvB!PylM08vi$)o)IxgoeWhD zdXX&Jb7 z$}pI=mX5HAK(^pj2fZq(DQLJWESpVS6T(MN1a?cZELJEl=`bchm5?t$jZB(E4eL53 zlFwRc!zpJhMapG%1S&Q91u05F5vvmy-Wh{t@Tt6Vu#a4_P7=r>*wri}6?Qetb~Sbl zrZt0E4SN`WpjPJeE2xD@&0tb9nA8j=HOnS-m3U)}M0k@z&WOUK87 zS1KoR(N(tQ7XzFV$HoBW39u}a;*5j{y$r{M!Y>I>2AB-fIS-8XaLpJz0|w8)<{wa# zohi(j!J%SssKBNdghgxvHSlYKlu@~SI!l58FC>)#x)Te<43=k%-k`1_PO3opXjp-} zR|dXppl>+VgJ+A&X_8;Ve%C8xCI#f9M7q&g{1gX%hv1GB^<+J6K>4HiU#bi)I`coQ6b~R)6PE z;}}K|Z#{DfQ-s45xMwPO8ArfhOhegc8cu3&15q%2T;3h*6ZUKzSu%<7z}Yk$d&VJ? zOf-9f#EsG#4kt}o1v5pB)X}748Ilw7%)^q135w*sf=w-)CPr#yxBx9&=5qyE?Eq8w zWB8-rIUK|EMk3%lVe=&An)w*5j3jajessk+=4D8OKaD?yzdUpCjATGODNCeHoQDX( zAt}5GqGdkWkBv9rLkvaP1^AVZLS~MQ`8*gTPDTaz+{Hv3e*i`K?Bf@K{!U? zkT)Cxhi7-H6BWU`I1(zr{u*t(#8&5{`uWVh&k_Jqi{}@ApussbIEM!3(BK>zoI`_i zHcO(?ea`bvl8r?@>PS5Scwz)Y+5oh=;8+StTUoni-_$i9ou$Mp&lS)4E`qsOi2BiZ V8q!$1=HJrw{{yA9>=Ub<002AK3?Kji literal 8695 zcmV{SP( zM9mnRw!3X7li6Rt&r6CDRi!FBiQCR#dob>jC>~yt&wCb?|MK(Y{XfEQ>HhL_y1T!= zz4`B#=JMzNdhzgkxW4(^v3D2YF5TaL{G7rso!W)pZtoxZ+neF~0d+t8`stxlo#^B) zT!o);$#>L@ck1o$2UTxx`qXi%`<|-Q-%jKo*>Q~Y>Elk`A z*EdUJ*SV>(n+rjj2l;*)ne#F6Vj+YU2y`aKcVrz-1C79gOi>>XOj&rZJ9Zay0e*Nv?U$~fh5v&qs zIx!P3J24ZFIx_c>?$h1pK=bVcHc|ghW%C+fy@U_{>(g%^6ZVRQoAl3ce{UMo?|rz!xMeM;euUXgE2no;W$bhJ=5oBfyKEQl10F88SYRQR#g_|+)UpkF*(r0l zA+~eBhr>~*l(2dQG%uvuuAn`XA@#kZ{0vN;&ym&y#-f+}1@#R5Irz%1~@ zGmA8^lNpSP@F*&?P8Sx1wM5qvRZCpjy-a`|$CBdi|Jg{{HZfLeLI( zx$V2%HL(24RGWHV)$4iFX-552vuEvSSMANJeAOA-9gNjUi4hiBWuaA0%}|yJr6=!p zb8pmmJ(F_lz~kgUjMmb*VUftdTY;r?RT())Tr zPdC;uG&k{Ldt>5hnCB5)7~3Jo)tD2Ms5C=~S16$*>$i^&4N}JY3MB~o>x0Hiw=Lk~ z40u#~3gF{HDtclkq)R5R<@#{{6-*!Q7ugcx3BmF#L!1;VrS}7|LaS9}$}yJWa@kib z@fJ+;KE-|uO_6HMcl`-C^(ST*^I#L6_zF;~aTib=N+&8h5>HgP$fp&kR+2RKEvot! zRVz6fTUfO#wh)Z2&cF(EsMV(Dg44Sm*SpSX_f&2fAwJXzWIf9$$KZ;q0m@3NW!@EC zs>nIcNMsf*9&1UQN@8D2`m~%J4miInCG%%nh2xe8ov+W`l$MX`=tj$@AVA+rTlt5UhbX{xh)U-i@%+! ze$eqsx}GBFup_<_Dg=*>IZi8ZN|ddpc9O5ce_Q%Qhb!x}K9ogO zk?F?u`U*j}dqjAi62)7Bc(*-%C(W_wM`4+eIZ`0i1~QG0c3K+1(an1GSimo7HR^GXOIyO-G`#~{{*h#zi=pfn_qV4Pw>$?AT<)d!^ zzqsl8?Vnrz|J|0Kh|D}{?{0=?Htgx$qn7z@ZPlNGprLuT5jmRw(<5@4Hqjmc&u#UeM{u(%xS6kkn|ThnnF2SrzzsyZLbRK4Wh&g<3T_)rRN!X58g7#Tu@MN= zn;<)db$eF4S(;S4;WXLP8$Ja|mmN2>Wo`mj&h{wWZ-eW3#yUb5)oVsr@6=3Hg_m2w z%dX*7sy6V-n=s?cHu$1ZuU2!o<7R!IuQ zsNf8g4nNM!@kRXm?J z{Q52Xvh*ZNAFDE+yFN-=>&|RsNp*QS;HtAtmQ)|SOQ72Ht6P$?ew`zgn>kY1ah?;S zIY){+Her^_6FE{=TD+gKvSP|ePj4c~oTr_$o2tGPAe#$aFVvD1U1v-wMcedZYhG2h zxlTT0DWh8Qt{ao4*Abf63w-l>fqgu8s_KQVxl>hhr@H1&)wASIRmq($ z=n+0+lNAij*qq-(5pxl*MXVNy<_(MmhwoRt=dSr`NU3UiOU<3DB`Ys=3GvE?v&!oR zs*#droyszED$C3P;`{V*oZ_XQukX=pn4f&=YZ_uK(a3SJSxPe!1#Mw%;X~Sr@lvC3 ze|_`!kLdw2Ej3Sa%T05H9+lTOwjNTC=_qnERvDR&t8W<|=jt!Za%e;5r|ZcdhRSbm z(v)#*rroA=n#DLOng>3;F58yc;W}TG6z5VhZjvybA)yV~9rROzBW*Y9zSB)c>` z7ybOh2R`U*TCOJ%wDtkpj?X)T=SiwQ=n+jPoY5Dd=-5@=hR?CvdNhqK|MiwY~ypc^|3C37q?FoIlsF=TYsBcK$S~{R-9YTT$))7*uC^C~m};xhYlx zL~Mqyn^3LT3f1RWx}e&9BdRA0Z41oAOeZk>D4*%G!un6h{t4M16S60^_P}jjUZ_40 z`qdSisvQOHW?zTa=VXB75WSByJGYAG!ab7-b6$_t5t|h)A>*=pztk09!*X4kX)Jk! zEEJxydWWIgKUeQ?^|GPV37+nmTiHYQr9;EM%uPQWhwsvyE4sZc-NcxMPk- z*YLPpj+B|@NSR%-7jDUE_~zgjD*ns$QsGCppce$IPO~>{|V7y~9Ddb)S>)S^MzL)pR`HRz5CQud0VlneeI`T%$6? z(ZOcXs;EWPtP}Ghe;}aE(^pmAr09uOLvyNUiRYX=uh6GQ8`CvK(KW}s8*RU&=qZ0K z>Y+&}xCx=8@MNjL^S1z|+9IEDpO3H4??-S_Tq`AKvyyWq@m<-KS7@-R+kDldm6z5U z&DZu#$JA>+=((_`m=74wQn)!;FAwwX4G-v?G;hIQUM;B-Wxg;~wCHmB>WB+qEM}YV zjLAtx-?1EiQo|FH#0=Bq3Gck1Ed;a|U{ z%SJFx0*BX%qI~}%196!yuk)4R3udG1gvG{$OC9QHnQt+axL7Oo(zlq2IQ4kh7%@+V z=82)`{&Tp;%?H-bwLDhkp4WogWmWiU>ii(bJ^P1s`javFd5gl;+1C^HOYP@#_)9;( z&3w8Z_4tIo9_=T5ep*kRlHp7RJboYkgDO2b;x7Eh6}^H-(&{SAPv>u{JVq;k&Bf9B zZy-^JFD87kXOXChE708+dxS+%9v!{gK-JG}cD4O;+w4RM#r_)P25bzNPs-Jzu0H8U-? zLlzR#M4EYJF>-e>Guh5e&JPu>+U{socc*u!)3VcQYj@P)9MtX@61xM`&`5XTc6wRh zcI%zs$FQiT<`cVA+SL~AtkmhWczp3O>}|34@q5Vbxynj(+~y+ublTttt7J$Z>G_T7 zTR90HT@J3H>hdUjZt{b8(1_sM{5`MR$qlSk@q1EE9lr5=Nc(x#UIC3SNXu){YN}b6 zkN?b&T&cN6&zE-LR@c68^>wy`wrksA>Z({LyEEdIo9Cr59FO+8qTEZxkCQ5MQ3ELgx}6O{9qQ2#EG3xDH$<|6I))* zLe=FFX3`|S@MMuEc>328Udh$|x+z97wI^f90~!rZFt=nQ-Nc99+# zQ&-em5g)j(Pv>VCY}yAx9&b60lRiC?AXKLd z593mN{b@DsYc9n%AriJkU<7|84It|UuW0~T(*V4t0pznBfROXY<7^H_UQrCCASlON z79soo=ouYk$fbO#^=>{DQNM`j*OB8IO}dp%E_iO38nY0D4hr9u7Owo z*NH81q_y>l$_l!=Z}xx}a{Z_90g(`W1B7d5H>Ly&%)AIhKIQ3cA*z`-;b-PXT9bwrl{e zjh9aAM}eDK^{iI||3=y9Re+kCOqDHX>E18+%S5y%@N&T_53qFNYV)?^niFWxrtzv7 zYG_&TBaRW`kYlEj`Lm*;J>++lGYR>txL5RT-UHN5Pv;bOP9y*}i?bqRg)v3Lu=xu# z@(W)%3DEQM&X<^tPhqDQ*r41Fa<;jNsl%CfRlUzyYFvsb4U&$M(rw!OF!J^05ezQr z^d>y~Ej=8lZl6{MDB7Z)?$7$R`c`ggW_)bjt|2bM>Uon?}Fx{`XJ2^$zPN_0gt&=#%f8 z#>-*T*}!hRRkN5et55vXcf`o-;EmC;Wld8-Kg>_>7-q)J-&r7|JD1v?RWF+7PyNig!&Jx-0#{TORnQnwMaGe> zVhze_{Z=?1`?v2I{a(AhwtEe{>AhBaE%#dN zHQ#HtSAMVDUfI1edj&YEy^?z+_KNQn+e`m#WcI;F?yR)QC5_cJ##p1Ui%xnqDwdak zzdD)8fS5ru>1E=h(*wf>3C@N05{9z6G?}HpTNH;{L zF+TvACK|}CAZ!Rd_+KTMU4wOffKe{;Y8vu_f@*Q(Tv-R9r3WWQk^)4geSK^Kf6`((rISWtDQ%R1rHsi5r>yON5HkA+ z;T~l&+$S{*V=tKTO7+h4YA`GjneO#B-KjV@qoJCF_0fwy;aY+7`=GSunT6czvk*@q z4bdmg`=O58JNWQtcOlM5;P z7@UiY4Qy0Ws{rc^CWCOv*&&mu_g3w#e05@B5)UI|MzEwuqgW524gmnK074?OVp?#1*^eRUKt1hBjH+&HbkB& zb?ir=)Pmc4?nb~hXlK|60;L?R9+U&U*%EPb@5J7{KKm!7mBrFpj&0{K@_Vg}9(~Y( zL#vi$H9rWkz3Np`a2CbD8R2#aK!D+{*QD}QC06|?^hyKwcuZdD zT!u=o{&7g=-Z8SK;H}0%!z*LK2G5z)P-lK%KOo6W1!KHRJ#<2pJdNBAM({zx!5V@Z zGs*S`A-0G6-vb12rS+J&1k=eRV0URZkh-YE{wRy=e(_@l5H+k3zFZtvlho4wb2uMWdH2DY7ppob7uE+zc-C&SWvG-9KCxx4wkg)Zq|oG#dlI;7;`IZ~w9C}Vx%4hAlVeLko{mwWm3GBB}6YrS5jOBEnP4C52bFrIh?7Kl+|?F`HvAA|tZ<6cv1 z45+CL18NMYF`x!v3WO=tQ%#5fx>rKp#KGk_tyYrxp|^T;j>kSd%OKK(UTW^7g@dk5 z>>Z<&FI0oJgXeJUEIP30z@h_#4h%XV)EV?(Fp$AO1_K$?GpJ`+ft&WXJ-xsB2NzI!bjo##jVlkT_6^KB*Mr(2LQJXduL;080tXQGlgjp5c!I zU=#uKe;`>sI9R~0hi-ukfG?|5RK0T^%QfmqWMO5%^#a^qe$5M$NZt_h+D8o#$KIwm zBnz%mI*t(Ts*ng_Er1lkDRKz1AhceWY#y0_zJW8RW0Jj5Ubsl9LSys$Koi*@3lRPB z$RDlsaEn7SDS&!ry;e$Su2T%c^9dLfq!l2Q(^Nnzx32{fDA2%1uPuW+$OZ)?*y`k+ za9Dp~vN#qwvMhceveU=|@N6LmM(3pyqk=~Z-;6^oCKrlSfNvpSzYBUVk;3H^FQfd_mgOk1WQpRAD7TOu07dB%LD8qi0 z5Iyh#gpx%Ey(*~zD#w8=od$Sy5jZqzh`|kB=pjW(rle4yO6ixN2G+F(0R|Q+y*mzX zVq|dyTR?8RJ{4;0OHwrUb}+&DVSq;tTURF0Q%bDY7R>7}1?*};NQGT3$gak&!L$}I ztFiO=1GSpcub>ttwSY-2U{XWf-T|5$(O|ILDg+U{(mIgA1aMGLn)R`d ze6s4X;esZD4TtxEKXii)7yes@WXZ@;j7EA`>1yoZw=2!C5^$dblX4moU3&YSL!oaO zh|dOTtc)yS!+doGYywmf&%4&Ub5oMQ^XvYmZKRNkeP+Co`!g?A)|*J zNzB{q6*6YvutwovuSfW3a?C?Y#-4dt?M4x_X4XO5B+ZrKgH*kY@C|_@lhuxdjFphF zl4R_64d;443fS;Y4dA;lI;}^gQ|Ob?9A;WJj%6Ow;m_jF;E!gmo{ze$bGmAvp^^#86yZun1cU=(Z|4D-*MNpi@RY>_;t~6_*m4R6>(VXi^DHDlrJ; zF#bR{1db$ksu2|d0AiHk^U=ZM$Lt-}1SV - + diff --git a/creusot/tests/should_succeed/iterators/07_fuse/why3shapes.gz b/creusot/tests/should_succeed/iterators/07_fuse/why3shapes.gz index 97428b053e26f79bafa20af96be5ae020285a125..ae9c7ab32211672c0dc49a7706f2fa89eb7d7e8b 100644 GIT binary patch literal 1380 zcmV-q1)KUGiwFP!00000|Fu?2k0U1#zWZ1BmSpEb@$N`_u&lALv`P+q zl@(a1OKRzETUoYZ-14$z`&m?sQnM=5BU;_s#h2IX z?^YLKT`@4*)g`wup%fM-n9@SRIb!FVt?N%Oug~!sg9YZcPv4!6ak2#NU7}tN$Dfep zbhIGck0aj?rwi|bjm(%m7Xc^gzkkXEt&(n@KG5iZ%))N`nT+Mr>P_`nAq=0BKUEgP8<47*xC;%RsCzRbt0f zIUE|uY=+D-WcDYJ*7d!g9yl>h*NF_NQYw zT=6Bn>!k_J?2B8jj0myd`&B70MzYzLz6)dR%m+{p$npUD#Tz>S3ln!Zy3r+t`)xX2 z&+d3xs=6x_6G#He6FlUc8r%j3fgZC);t_@>6oA6?EQwA9Ie zDe<|&n<0g!3T|(Z%QasN?@>mYvY6b(reGsyr8Jd`YFJg!s?K`Z?j{(exzt$`(_jQaY>#)m~Q>;i~msZuUnAAsPS#(lXP16so^YFIJyDb7Ep68(LQ}ArQ4}L!dGVAe zj>3%mBC&*QC4^^#a~-x)P6yhvsQRc#48aS*R9FKsozX@aX@ud18EU|g6_eU~udwL} zB_#wsI6rj#-~(lS@N^Br05`x4pa5hUU>+pr$i}4mXwoYhK|hrxFua`3Si%mwFx z2d5bA9HB(7S!b9wOc^FIY)lx2fn$b^q3b1;IcN+a2%uuZO@;(ittqtvX5^oUxw_TlCA z`n%IvSQiZFOj&XV6H4J=f+-zDoFjI=+4}DE^7aQul_ zPDcmA|2XpfaC!-jH0-zAA&YIdTmPO&dAsrFa5+7H3J#mi2q`Wy5w;G2ICmc}!I7EF zBZPERWw)vQ7C_LKYYIGLY&^<=COh zheHJ!XULc!`ORDf;l>N9*Z6CBx>6nu#Muqx6EQ=e{+QS?-uyy`C=D?sV)A zS9(eBdTBy4`{I@>AtEgFeiaIgk*xN)@4{F+^8u8DW_dvU;*A}Eg^4>HW^_sBew&Wh zvp-%I`79^w@yX07&2P}s>v{u|1UI!BF)CQlWYR0<^7t@Ao0p3uzNzv2$Cfh*%XRW! zN_?*HYDi(Rg6kWka!nVbd*qQOFD7^46l~%wl&W$`4HgBp>ZBKUH^IowrOaYLWlSXz zUnF|h(i4(Ltjxfsc<3@5s5&o_BZC58kRj`RsWFz2s_LRtu zqKy0^v50Kd4n1dm$2lr!8rFiO3B&iw1P+7HdJT;=R$FDI6_#7H%z|xJqH84!VoCFGl&a$(a1Fu&w}2K%0Fn&nUenjNDEbbhlxonSZ&YUjdXIdKjYUW@+Jdqm zNhla#tOJeGv)*eA%6Kz0qHjPl!XAZ~xe?-~Z#-RzvyKc2serE34MMa=w3^|XDa*8F z!ZL0d-HBNSmNgdsKTRF;(s_-B5N80y&g!%KnERzB*GUW4LQt9?2INh!x^Xak}aAZdM>!qNkl9} lujs%?c912CzHkvBaV - + @@ -75,7 +75,7 @@ - + @@ -141,10 +141,10 @@ - + - + @@ -154,7 +154,7 @@ - + diff --git a/creusot/tests/should_succeed/iterators/08_collect_extend/why3shapes.gz b/creusot/tests/should_succeed/iterators/08_collect_extend/why3shapes.gz index f07e36b75cd2ef064bca694d65a96842979808cf..0170f5a0f8f4818adf7c7809b3eb1aa3acddc96b 100644 GIT binary patch delta 3511 zcmV;o4M_6P8`c|;L4P!CR}_;BMv!qiC#(PMr}Ky3{D=H-{xRP_-0bfD^IV_*^zUbn z|L1S+K91~imT06d@{xB@jG~KjlwDM#x;*o@8Gr76ef-U1gWKEPAJ^}9Dc_FTKklw? z?jHU7i~s%0Mbmva<7(2aq26tr{ZYOw+gJajVtPU|JzI4%y4>9P z+iBe*&R6l1zb5zGW1v2Lx;Y|P*}gYbzw~Eyl3l0bgMWP3-QVy2$muWd|JEkj*^>R` zw#lkVZ++ao|8Schar|}u+w1?{-R0HNX_tqayI(P9cQ=xm6~DdypWXXBLN-mETqM@%iVf{m*^*;o4`r(VY0I&FjS;F2mTB z|7(46+O7-#*EbRU!d|{)U-z72_y18Ro;IV|=zm^x^wpCmv_o}s@0#;g)4xjpwlnam z>Yyp`6J3GVMW6U*b)wSnS}A*Gf(R!lS@F#i=e|E3oXXWhoJ3xZ?n-917{KF1F0CoJx-CC=U zN`D~+N1-k@7|7x~>Y&iuI#|E8Iyei2N$=iWJzn*@9l5-k!J)k9!t#_x?q)>Ar$VaR zNDqurOsge?i!RK);qCDOjnW+-PtB8dGNXh)%W>D?U$Eff;KoM8e4oB=)bYVddn!yY zJj&@f`X|TO)f|RRd{a%`3)-rz#VpR}vVTp07E>i0x-|HwkLyv?@!mFJ=hXy0tADf5 zCaO`+OJq&sQHrJxpQB>7fn6gOpUlqDTO_k=e*OP$+9l~r?P{gDaUI?=Z63ONuk?f)i&284vhj5pdU4Jfr zw5WOm9dp;k_x^Nx)_dwGCcKaE<~`1NTZ%{ZFsFzV7jL&ILC4^z4z9*4j_Ve^pN~~l z*FIC2_PlL$P}=IUIZAB1T7isXbCd{Hqr_e=I(UmT?wZ)9b9*+vJukca^Ze;C-=(MN zm^h+i{BXwA0o4;L)sv%IS>H4H8h=0JYy1oO+MAP})Z2_~ZUT^33Uz|kY&gJSy5BD~ z{qvLP81paK-h3IhHwW0>Y{0qc*j}$w8%jLH_Ikng+vR$J;Q9dD>yy}CZ?XNXVuS6~ zf=Sh)c!N&)f=)5v5ZjAs)dFOf&UkpZz{e-()ZrX-t|I_n%V)*)8vt)RfPc4hg(d?4 zKSjwkTTT5E?5+-%b(c?IceT%a6uksbniDwIG>mBe1jm{e;aK}z9QzcU-pAVC9>>}l z$FgsSW7&yvaRRM1oGMQRY^xC!WXcUPon)G%Q;1YPfk@?qVV_ZmI1+s-*z)3Vi`LQh z;GTXC+~X76n>r#FmmApEOMf@F9YWa+>=R;bo?Unn*Hx^vBDh1iMjN=c-RlK#jZVU~ zDxN@Qlix?UjQ>mFGWF%SjJ^Vwi340FHn>b|An%NmDqz|mCoIJyzTh&xkIUF8T*i)Y z8C!7~UvL>)aT%Ln*C8%r9haF2moeb3IYt1$ewxNRE;ADrYvP2<5PwFxPuDZlKTHEI zmg{&r4Y=w|tEss-Qquuo+}+;h__%$|UGE*&KC1b3xtd{^oWF}s<@)>e4G0s{x>Xr8 zi7oKc^E-4sFV-t;H0w_Yc14hG^BV(O(InC4)jR*p4+?YuVGoZJ&u;((#7S^VldtXN z{!=@^F7;<9xz3qmwSWE|aDuaz?65tElAAhN)Ud}~(G7%S2^-yP5 z4L2U?sjt8f^yozo0)CHsA#PIsw8;?B>h9R+&XgB(zV#oz_VZEHd|Vc*ai1o&eB9=r zo%3(*Y-^^8MxLI`BKD_5aHef7OK~RC^jeSL-u3P7*PDnm8VSb(!*3B2@~MQqz=MiP z~$qCfIhhM1ock1|sfL|`>aG!Z-6)rY@{F)!@+b;s~ zbd&x4#cKLh;_cpgJa3*!;^78Va>|Wm8ozo5`Pbxi)?w2$`_%cCa5T%8T1sRh{>$APu8i-&p8{&4P?JSrP7&4!xF`q2`HkJq$x$~lgNd| zrc!>XRp+fWGKEN-bJw)mmv5yd>5>9*p#rW^a-juh zI5BUnC?eOb1p8LINoWqtMol3l&!Q!+AP25&9UZMd;Ht(sbyl48)b{&A{J#bajPWDS%{>KseeH&#US}0X^?CXFu@MO3_=e=4Fa0P zH!*~4);6o8y(pxU3o!-dt&~B=WF*yCm3oj^Bfo<=IT&&r7XeEODPshJTQHOn?Pam5 znS%v(kl)p=VvI8g246g9HiXF0t|e*)XPT6A)h>lAb3ep7TwT^m7t2kS!E5G}&|H*aUv-OKqi2CREs7+CN&&E!bufUIkvV{@XdIneF<4$Z z-H)(N$0S0Og{%eAw)OulRL+A#M)bZIL07O5TH;29V}r#f?!ydL_u2u#Y#5K)Gs{SU zmI{%z2$CgNw39RUb9`{r?E1VqOMjYa;WEL`2QX3e{^2+<3tFbaWfJKkq5QwHfyhG$TGnUWG<$jKtCfb=ZWEsz-0FoZe78dmi| zA#8w3GdTTX8-ONN$r|vCGzYbmz?OgvDQPRC(4oC#Vf8PvmZ^WJE!n!DO8~oeC`{Q2 zS8(PTX@HZrK~1()I~@Mn?|)_&Frl(Ycg3R;4CEWhV{;&l3)Ga<%&~~r4>3=s%v=nK zd!=kL+;;ro9G~GO3X9pR++vcFKPW zTa83juVr0G)PPVJn4w@`GzbKgP}@SWzS*n&tjRE_cD3&rmPMmSOMlS8Qlcl2Rc(XK zPUWIh(tKuH#Or(3+G?>3>KE`qwY>abAF{3QxL9UhNeKcbO5rvbCQ_l`_|%$tbpkeF zC&E^MR0LG^EZqie}HV~Wq@7-f}0eHq!_ zM@FxaqiSYiB-pESt$#S4xMc#q$YNCHtZ3s6a1+o+GJ54?uhBaTT<;R)sFW9x1z?@b zP2mXj=AlM3`MPOP4sxVbcC;=`RU0n|vcusm2 lnb1J3CB@**!FWKpsye6ul_Rh?fZExp{|7^ow?`B?004JH4V?f0 delta 3505 zcmV;i4Nmgb8_*k&L4N?YD~d@5BgnX%ljVQ=>HOh0{~Wf#?`F3k@NsV-xSYI8j!|1rlVX@B#W@6Y@jzq?J> z81;AgkL9WBqi2tQ|B%ly;_q+#-Q$_R&kwuXk9m2H+4bC@>-xieo|Hm}ySsGrhM-JDf0QrF_SHYBn4Zu~&sN=xE;o1n zc3QWH^Hu!hugN|47^qL5ZjK06w(m{VFa24aWY?+qAb%fr_xHO$a{9~rzqN^Wwq$>~ zZL(_8TOW7tKiuX=9Dkkv_WHkfcX_pR+U4Qq?pMs&-Hl{s#c!|wXZJpjkWEu37fCf+ zme>&U*J`4f^)C(nyP^J{&k`?c*~&vczfx7IFmBzv*B0H_}8@r~pz)+1=& zT1A@$)PEZL?%i2UuubN5SLzA)Pwo44ywATs>>iPf z?ACLn{R3)KdvWbo@#LP~L|5Q-(I@^{ov1XtR?42)_~eHL4HMQX+x8XH@LVLiguPA`hr0gZZWj;BLmkJ8 zgVu#^`;hNH`YGq1SG)OAw4UfS{E1$}pWSQtSvmXt4v--J=EH41|F8oPKpj7Fx7O;T zQh$iSQK*Xz2D12$Iw3xczb+6qjbl|Q}d*q%qZc{a@=+J7c96qxUms2->2^zb$oEro(dBT zk8(PW{>d?RHHTpn-&9lgg0?DaF^luLY=0A=#Z(E0E)D+a<9ZZzythr*c{PF0>fbE1 ziE5Pd5?RxDl%lD_=cpJy2o(mxR0BrIYf;&J7n=%!r+9RE(U+5NBdrc8S|`orQBj+^ zXj;lVrYsWuSB36SQ>FRr^<*GHhcH_e6ftRq7s70UM6x+ZB)jNBbDMSaA>8FlMI8*pwqw%6;_h7u34yj=Qt@>y~H2Ef}6;D7C0p~(Qi zPf>EsR#U$OyQ{-x-Q^S5UF|a;MK8gV<^+y44I`RA!LjB=IMzNF$36w8_p$c3$FX+C zvFzL7SazaZoIq<0r^-_S+iFAwnR0_nCz&Sc6e5*RAW}JD*k=?Xjzpgdw!AppqII-A zxTl{3_xJ?&rjE$P1Wem7$ju8N`pQiDS%gltunmFMygnyCl)AbDX57U5) zh^dDqXe}B_! zYfTB&)1$VfJ}&FzS%!PO&*AkKmo`eR#Bz4o`w=^e1o*=CM}MlRmvhmcOvHs$J=ED% z!;MFJ>MQUAJ$liDfZyX@h?|r@Z8Ai(x;r+yGv&pcZ~cd_{d^QPAD6{y+^0z`AGi5u z=lq*H+nQ;jk*6oKi2W%MoM~IjQk=;&z1AbRcYVA2^(G>XM#AyH@LR-$d@5lt@Svhn zxj_=tnnG1DSATX0Cz2UAzK360asu`5;TP)tojQIY;Frre+-DwIg^P_JzvjpK_KQF~ z-DH1%@!Eo5vbfgzz0GY4oJpOzyu3UpyVv=XuU4I%DO;4VAsXpY2`u=my!S%$Qi@lK zpIbFpIS?O+24aI7>|h2xs6h^5!05ovY$mI8c1&g$0)Hz`$U-R>6S!2;m~%1%>4DTh z&?G*uEIDbFj7}xvJd=eft#S;+P2$Q#cFx&AZXo*wDpN9?%a~1eTsa|x(uS;Kg1BN< zHI?#9wZ<4!3{JzssAY*ZmH^wW6q)6mboH9cfnz=&IDL_BLAC_JgR_RDv|Oi zXWFUQbbsTI9=Q7YO++LcV=f`Mz_gW7T9(O4qf`)vpL5r=+Lvz?g&=2a@KICprHJZF zy=WIbTx4}C!M@dQQd^!C)5>yTnHOAe7i9==)@#kF?MB~l!(gm)L2_1jrYKZK?s$ZP zQkr{{Rojq%<2_REI0aDa&Yija8`!i8b;&n8SsUh%*%oF9_|7xYL^M9ri_r%U`AP3urIAC8YWCkPB*(0uFU-q>x4kkJBd0A{%17kdJ5Td z!GDx+o|tOZ@j=m#w6Rcjxu{^BC^}oIvNn;V<7f*$(YaECl7kXI+)~d(lv*JPtY#S} zT5=M}YQbX)2+Mk!nhnYg$_@%AtG}~>1)UFv=VN5#QJM)iE}1JTD#=QuW}q9i9W(?z zXf3Zfwm=V_u6x zM!VWXN>D&YS!d)+lrA!xLI@D6L&m)>p90quq;=LuN!q5&HCkh475t%FQuWEQSAXZ0 z=RT$sj07?YWKF>}sq8E>T54QcbBkW3XWDsHv;vro+6T}pibc0uOT<$-w_>oocDf&9 z9T^Y8D@#b30tJqC$Fg|GoC&EWKl zZAcnTNZN=x8p13YmhC z-p)*n1bcn1iKwhV@P9>DG!T-I0L0b{TQqKvo0XHjPVbnE7R{X}jsD7&4N7^JC`86= z_SHKQ^ol(+HtHf2QG#b0m>)RWh2V`L5pqs5ooSuq2Nb&k<_K - + diff --git a/creusot/tests/should_succeed/iterators/09_empty/why3shapes.gz b/creusot/tests/should_succeed/iterators/09_empty/why3shapes.gz index 1bfd456295a577d8680ebafdc3b5e1f92a13689e..c44598cddb07fba61c52d6e9cc6afce67b94ff0b 100644 GIT binary patch literal 478 zcmV<40U`b$iwFP!00000|CN$Wi`y^|hVT9rK6bMgNu$p~4F$A-~|cLRx? z+HPq7edUi$9X5roE;AZEGkSTMcbmL_#&hiROYHhX+q}bN2LvyjDSWOc6_-LtR7OLryZKpuD ze-S>uuI?i7{2w2`tz5j)Ids_c*`j2JzCE3fafrdv)cK`t;#CH2QmsEUPwBmFEa3Nv z`PQDIwXDJqmMtwsgp{jrI^hQ$y%mgkgN_L72ywNHHXNmyldb+1_5_$91d z-Q@^u=ka2Rs`?)uEWhc4k(>LMyDr9)P1~@amgYwDyd}K4Q!A?Fhay}1%zrb?vF} zA$YGnn4nDvGUp|fEMZbeZ$u3|pm89WuLT8~ax^@|T$UnXfdTU}I*xS!!4*V8j8rZ% z ULmeWUr^6Nh18JvdQUL@206O#VssI20 literal 476 zcmV<20VDn&iwFP!00000|CLh7irYXCz3VG<%y=$c)vE$I7$-u45CVZd#*})QG1!tL zDJJ>*Xd6dn9LV&gw)d(YkAAmFyJtFwF1>`dJ2dtCRHd7TgwAc_f4b0FM&Wese_QsM zcKc6bI>fKfRQJv4BlVQnT^gGj~Hc=3Sg!$H- zg0)!E2a5|OFR2Y(bG!r#*Nb)d)h~v?*q&3g_>ywV*FK5SCuy}c<-KNphgc^+=?3>A8|8(sZBnC@b3o_~ob@AUF=xsWGopT!-Y#mZ+j_$;nI z&$6s6-?BpAT`}u{QBM*@AZAc%Aq7?*ovsvmCk!yAB33CBEU5xz8EDUt0-)eJ%8X&= zJ!;QQCR0)H0uwcKx#GcV7C|W$Lk5P(D+%hVR1ONc5dge#~ diff --git a/creusot/tests/should_succeed/iterators/10_once/why3shapes.gz b/creusot/tests/should_succeed/iterators/10_once/why3shapes.gz index 5f1cb1809e9107c4b573fdb5f94dc2de8711bb05..b2a41cb877e4f68960ec604fec7082d2eecdd378 100644 GIT binary patch literal 808 zcmV+@1K0c?iwFP!00000|E*L_kJ~m7z3W%#)^>B@@S6d0FpLTk5HyDZI(9K4sdUj@ zX=}UN_TP6%(O$`M8U%@9K;m%Tn>UXm{&-g(f5+!|tY6~c_%KgzYhB;{RGt3Bhv}tf zO?iVJnhKu}bNI{0V=pj1J)i#VMYn8<_qf0RF!|W?rt0_gI3MbB^8F!>kA;S(eSC*Q zNvFpz^AvX!qS*0a`uG@6^VEwRc}@Cteu^oWG>M--s3(z3irUS%BFCt3y=!aes5RsT(?_J&F+?S*1Kix%378+u-#25TNOM-+_eZ^ zMDQ%aWew-@SAa9CT(gSXy_IPJaqi76$jo~g*Vn;Smp8MXbRu5-=P6wksG6YkLmbcKd%8H=1LBRtkrIn7%Yi@C*yBxR6I^ln1B|22$+9Gaiy66#TYCJ5W?hS5&&pcwFC}fD(K>h>!;BF632mk!)xy-c94HTGTgxR;T~W-T2g# zro2H9O=TVrlmF<#v1cYcJf8mVSvLpS8?(QCJG#)*rt0_gFdgb8`SuWo`$9ug+`Kln zq{qkK(-?Nq6@ACM@xy&MO=Hip=Q-)!^bnFWX<~o9%|TmGSxF*wUz1w5BIUbni@fF_!Js zwX!|$#i}SkboW3m$|iTJ3y=!Oc&}FQT(_G~P3`7$7Q5Nj#pcBZvb!o}tAZwvz7#== z2%1IctYImC0a#f1nw4Get!xXhr8hkzGw*p_pBER;Z*slqk$9d*uYO_{XShzl-I^|P z=^vG!KNi-rrrOVMk#uj|^zay)4nDRq593U1Zni@K^FAl#SwwVa4&gZ6KZT1nXtL+= zG~HY(%_*WqDe)#!i>2i`B}Kb@-gY`1rcc4Yc=&gje?ks-qq*;Sv$T}dC4lHLR(Tyw z+{Xi7hnpgcpYM+`d_I*)@Z^3TB9_|+yDPqCHzTks&!)nY-uDdK91GB$(f zAui`Fx}V`t*EwdDtf*v3<+_)+a&d2Z-Cc7wt9`=gk}F%Lgk=JoMdc|k+p5?b_Fv&? z(yyvGXAqE3OVuzqh71UyTu4rpmR3Q{TG~QODv6FbBt{sH%*87%#yu*<1m`{sPy=fL zTb`3WrwlY`G)@pO+z~c-s|e9-P(Wo)<|Ub;x8BKtD-FzY?x;pjH4GLFr@(V^6ag)e zR=28^t!VMLfT{7qpmthIj2wgT%qc0*ct#|M?}Cly9tR@?bAd1cmKrLk7LtHej)odk z3$g{V6fo!sX zDbT3>_cb3OL@$@8a>2VhJDwfyhh5zNbQkL5D|P*`Z9c^q?>h_1PbRjobo<(*a`?ia3=tD>Tw9xRee&;dn<;5meT2;(dl}>~* zokKl`$r76M-m1s0O>6>>-ssqB5}Px=)i-pm=@)@uAzO}#O@h`br_#Nv+VkZ^1Jzap zwl8f%>*a12a{aOS5$bJYwfjC{zO`qv<7l6)x`mh(uA{y^UCD}KzDA_We?+2{S@B?k zeBB45)&a)LZjI|K4gDE5zKYS;;E&bCvt+jMO@tI~VjKbKRv0Wwk`cGqF~<+=|HG4w zUo`F1VOqk6S>|06#gklix9;Z1dtM43UP>;@SG0(g2M{eK|fYu5H1xO9e5cR2CAwADP%pfCoB9Pw7+L#YXkrQ)SmWk literal 505 zcmVIn2p4fdF+Ah7J4;_ZnLPN*;od?{@i{(~YUCvdVO@uO= zLo>v%Ra^^W}sCdMhH^ zm$t#Rx!c8De{6oldfQmzzE7BM?HTPj+Gne8p~_3wVc(vvXhk`<5!vz|k;=-vd@w=2 z?xRub0AsV;#dVej{|p;n#prAF$C~n4GT- - + @@ -72,18 +72,18 @@ - + - + - + - + diff --git a/creusot/tests/should_succeed/iterators/12_zip/why3shapes.gz b/creusot/tests/should_succeed/iterators/12_zip/why3shapes.gz index a0f864108e77ff7834f9aefbd1c56c0a722161c0..6a0a9bc2d67fc9e39d1a6f9a85026c2a9700cebc 100644 GIT binary patch literal 2039 zcmVTDUFFf(7hypX!1nCbEtl?%et16n^vZwd3yn`%ZMK(~o&|`C*+ZpR#_6^2r~km9i|F zETI`WH*H+}e7^jrGi9xrjbUgcIi@JEj`GJEZxH~MO#@9sn}$5j%|J6SH=XUm(x0f& zP|*yDMhWleJa9Cr+T=n5PEd!t?%{qoz1+8HA7A3|R4s@+AyehfkOgpOdgng4r}+Ho zg6X281ambs$@NM7DPB!dJlW-zO3hrkwJRd23Y)(ipuWV${tQa7D_fn<+5P zMajKj(Ear`b$j$3)3rr#pY%}k8+eSgmGN1W}hpmabsu_XNh z3@UPMp#F-TS|LCVyB}bB_aiCWUFCUqT@(Kw9Vz&mJkS{rI58=%2%v?44M>Fm`jZ4K zxtt@%k!#5NHRcBA7T9kj9Ts3|QZ(35P{J*gaJYqF1&>bC8m^j3)a>`G&V6}t&#&t~ zlKRn2oc%^pZ>JMYt@F5@!K*H~hKv)gvW1%cW}e`id1ANo#1|-7Qe+8z@`8fj$`fDY zX(OG}Ae*K&M6BfrHWA@5SCg}asOBplf#cb^Xf!zwq)2+*TE??;(NwMu*L9+BLXE$s z1~Z~J;_tg}wTZsv>#CyIA{U9HardwiKU-H6J8W%;EB;}c(D;YOKi#e<{>_RKw<}66 zP>7_+5=W_^khdyIF0gDA-ZUttX$_HRi1-{4q*JP&-+`bUu^UI;RCSxE$Ey3zA@`ly z`_{2GtH2G^KVFAW4y=ase0sh3({ngp@YS%m@alXUH>E{CmMd+o4c@9nwEn}JJCOsJ z%;ff$*Ue2A9;VASKa98L@d_@NPY0F4(d8zeqfyHTK-QS5(Dhr*9wVl$olK&=`P~v9 z2(}8Di}*Zq)GXjTQsyjuj+#$Y2@O~qML=e?QD2) zt4~|IL=ANGHa_!cJ~r=a*7)wh`O{}C$4d;UX*_)V)9E?RisN08HmW2F*w7OIkVtW=Cap{{tiVE{U&Y6&HwYFWq2 zHkK&VB|{D8YaVOZC*XNn0p4t>tj-RwTby2A zPG4jA-RFPe#J?TS9VcbkaC~-8$i%+tyJVlFWelm%`?PgY)0#>e+~-l%vE*suPd5H! z9+xd5CieR#4_`CSIE=YN#YckQ`;nzOh6K}nvqtBH;5Jp)gwRw9YR-sErJzPenlVbU zKD!`mO7dU_jS^sUO43>XA&<*S2_6BZlcvG_pC2BEscc5E)lUkfcGphmPGy1>>7?Ax z3P_q-1v2MNj!BhzL7^0RST+i!m?%tRtf zv_fmMrLsCZU>k)d>$1YCpmSCQ&C5t9Ol4J=cHw=F|Gq4`YH1zwMmg#Z6;x?Z_kTwt6sZXb>rrtZhT$8$Fqb~#kz0*imgNXyPLPdRrw=n^Wrzi_Eh@1o~-)uXKdt+ zvSH*xaZsoVJY2MYm{J&>cEUJ)brRYH?RTN(CZM*5bg!8WtI^O z#)7t>ET9Ey1=%(@NUEdZ3?v7FVJO7~=Kv(|7$KUUHfRQ|19wJEk&EsQk1!+%u?8P!L>28M>3HIuN-Gi2^C}vO2~nUOafoA3c>=n zfJVRqwSa_}pKuCP2I+t+Lp2FlB)~~DgsNVJfe5%~VEKyqUvz3hPem945H6q}7#3vO z0uj^i7+^srr}T}T_8zzp%HU5xHW97jntDkG5jYVdIc0C{ln2fFs8|eK#SmyTg5jQL z!TElWgk-00ol_dn31JMMHv=dQQAh5B5d-mBM^}*YH+Cw$>;o`wuxyO?#7Eq51Z$WK zc%L#ZI~8y26qywugw_-S81SUW{Nl!O8hTEFWvALQW!Y+P{-SHmkW50j!cD3)ciwXu zsmEpvPNYVjT(3IJuhwwzgaGXs4a6I~KR7A|yn^)#0>w_0Hx7AgqyoFa;J6$>KBjewtk+>N;6~S82jevmFE}2;a`4g^ Vg6E;h>*#vj{{XwY6pDNs0000{_elT% literal 2041 zcmVa2bPK~=#m_gnnMmz0W%nf z6`ABpTzfaaK8@ErI78Wrr3-r+KzDy%HyVKc{9*I*Z+8wao3G*d<#0OwWdoZJzuaAZ zb%*2EhU|+(8(KxyuqyI~@9*6C`PBW^hL=XTj~^S^s761e)%k}vDt|)xl=)LUj4L58 z8ZDt2n3^^&d^unKXiQ#fCSw>HiH<1>yrJTu#G3_%%Bo>iL#u{7OwF)rU}`$qWpjVB zL_=jYBr7GNq0_+8q^grM4LCvV@0$Bfe|p~3X^+pLe<~Janvke+XO;x!&h*ZGa!=v- z`GV=9gT$t4Rwd`7`g6FT)KKmI@!R<+u%tNCs7MmVhMYfLqGDLMMX^QDdWzWn_i%o6 z_;;?NA4ikM$3a#^KSWQ5@aOSQ0L%v1FyPw?!M6=Ha|kqQGKMH-5N2FjL6{W~KDp0w zyFlSn3|Ved@Y1>TD_p@P%dbc=CPiBSfBYCph?r8!AJf(<6vQ!lMZ}<+D%ce%gKnb0 zIHU83(jD;k;ttEvOke%R850gi&xheVJ2|Z7eVl%aI5#md(D(g0+aGbZy@Jv(vWg|@ zXJAl~Y6JCG?34;&WWW6Zrnf(mvh7u#x7RiC|IrbHzsUog@PHGe;)(#830Q%Y37~Hz zV9wlwW2f=kFa;VN6G*{$Y@y_zR}J5OSUf=5M?(5J{K#H~Du zS)NwXIS%r1T1CWbp4ciPJmyMr))19^r6X`SJ7tj)vXCbNqZ+QGCC)A+Gpm|6wI)!6y7)}$7vOjtcb)E5sRmkpWcC3K4Mpnys_$5Q4dx3okQ+B zwfEYwHmSfB)IVN_EFV}E>G||>X-~)QaKTr@?82+lZQSG*{gAJ;r8Y#Z7Fqj`sP1G6 zU^J83Us^Xcop~59+hRZ5nujYm%%2V_hNJUMK1HME4}hdGMWM^Lnmk5KT|1gYd(*om zJ`n09pH&ybBMD_*Wej78*rZp(^jQIkIF&KxfJl|nH8*Q$d0v$VMbyCT&7!M?sqJKV zcB_wDJ4emv;B9#3(R6Iym8^;Fy=zZjupBR;i%sMH@vo<2m=wo{sC_vcKjW0sG47^+ z<#~TUeF;r${rC6oQ`~}i>DE1mm($bN(C}OdItfKd8=fo1pioxa-!Q-$u1X0-p=fy{ z@-_w(%96f>^DT{4|AH0&QTT*Ijo`bwluvR<^EgZ8HX`n!HXv%DftVK>kd;D1gb)zWp<{_VMp-+6outkEBhD-yqv#>FaW`>W8=3NE>Cv z$iAGQ^&d+}^IgwrPlM=O+w-2aByb*j0xOs|dXrRi{A zCv@x$1{IUO?Ep;2z>uB`gRn_pRPwgND_Arr%(X$Gtx)R*Wd}jgzQQzbp3 zmO=&Mx?~U*1~DVrQnU${qAV=sma-eHI)a((7}28hq0^XQX-v-z?Vwe{Cl?D=nY2t; zhDMlW)G{Q*yuoQNrNSOAf?x2=|wmsGjIN+qG zOc^|4jn`6jBsrz;?35^Ch;a@xC>WycxnqKP;#KQa4&5H<62 diff --git a/creusot/tests/should_succeed/iterators/13_cloned/why3session.xml b/creusot/tests/should_succeed/iterators/13_cloned/why3session.xml index bd0ba5755d..3300dbfed2 100644 --- a/creusot/tests/should_succeed/iterators/13_cloned/why3session.xml +++ b/creusot/tests/should_succeed/iterators/13_cloned/why3session.xml @@ -12,7 +12,7 @@ - + diff --git a/creusot/tests/should_succeed/iterators/13_cloned/why3shapes.gz b/creusot/tests/should_succeed/iterators/13_cloned/why3shapes.gz index dd146d95fe2c24aef8d9882f54051ac5b3778fb0..c359da02c7f9e0434dffcb0078c3870fef577c3c 100644 GIT binary patch literal 723 zcmV;^0xbO>iwFP!00000|D{w-kJB&^z4uq-1}qnkKVu{gRYl}T2o6X-vT|YvD%zx^ zWr2T>9owl}_JY_$cV_JO;y3f`mk-tXt2w!I_2lOBej49Yyn1-GxqLVK@kyg*V@~sA zfAsFG!MuL0v8I}}%VPWon#Po*6vq_WE0RRemC4hPlA0TLJY9Zk9~c zKm$q`Ky6$H^xo_qcZX?oR?B9ichxY>RfasyZa5?|64pyH5ww91h=!;u1lvSRwyDB% z1#(4fOBx;tZfauT<;B@<4hpzT=-l*Ii#BAkZE??Vy{qWnft|a zpk>PIn2MD0VqkT`UD-TUePa&DOXk#*Or-w zP(AO*FMi83YK+b2xbM?+blNkt=B@wL7&UDoMcYt9c@HKb2U+IPoaEidyb`{;!a~xP zD@`7?Z_n(`)8WbaS+=pWVeBc0APsesZCIBA{lwV4!XS{90%;J)R)L-?+bepJFYC*f zgz2Vvo_;#};`nVfPQ(xU(HwlInyaCfUM@fu%;lp{p*xM)-KHi>BdY~R_v^ALhxMG2 zQi$;9xXR#31aJR^qkf(vb|k+&G-*78tUn$^t>Vc~}G;Pv*o zVzVu(;Q|!72pckYvRZyCM9S-w-?0A=PZRz&8%!K@)^vsoI)Jl8x}Mdd=7X_Da#?Z3 z6jelF1qy9gXUSkWwu9tMN<^)-m?2a%K+HL)q^gxD0Ioxx5d7x86U>Q0I@=Az7>0?c zrKmtEs1*nWTme%+6%Yj;3<{7ZAkKep5IqGco#4H7T=qkUI3+{?Clv;T(H%(ig7wbT zmJXabY30y$R1$bwoVT}_`7}E6&`y1gXmD0Z-jPaodw1CJR=nq6RERF*Q F003D|WaR(= literal 720 zcmV;>0x$g^iwFP!00000|D{w-uhTFPy!Th+20Siae;bKIRS`K7f&-F|JUNL26>U<| z@_>Jj9owl}-UZP^y1VvFJiFt(e5lS}?a7_1CpVw>)A*+1)x)dJ<-6UFPX^T+dzz>I zN9WE4?CaMC8){gyEXF@DG^Qk_IHu5CktBkyOrD06)ZDt`>GIp~h~;%U02q-&Y-E7| z11MntHE|u#d%Jtw9j4LsM%5d$tA=T=GURb~!y%E8uwIghpbdOL3`AWa*d}7KO%

  • FV1#zP{3tE|33C*w&Qv22VDDs>s1ZOAvH9I%&^-QdxgTN+%KL3 zqf#zoDpJaefysosvUw_bV-CpUfK0z0)yMvL!t*Z789<2a}M4D)VSg^6q0^32$9tA!*8$ zI*;17XLjf5@Z|g~o7mYf_7p^r0a<4o%2J@87`s;(1hP^f4FcIJ&~s&bMKAJYeR-3x z?KIERPuIUVep`(b@xy+!2j8jsYN(}`3y=kK`6yKA&R}-8sm{{KYQfR{x@^i}J*T7; zBK$e7GI$cfn}6Yu&vV3%TKF9e$e)W={0DWvrJ%Qri-V04pB?P%2@lxMrGa zqOk^zHo%n!Ak_7itBwrFalai?Mo1?*HB?GVEeb%}TGv`7Xv>vD0(BTOhC9ZTq^%OD z0;NG}5E{4!rh#f88ax;@AWvW!lA@(dk&b~Fkmwod2M1DdL - + diff --git a/creusot/tests/should_succeed/iterators/14_copied/why3shapes.gz b/creusot/tests/should_succeed/iterators/14_copied/why3shapes.gz index 91f1500973a902b60b7f56f9f140d5e8e57d0ee0..41a52944e5159abd6ca2445e3372a63bd006c56f 100644 GIT binary patch delta 709 zcmV;$0y_QC1=9tP8h?zDI8+spBOy2-`N+zN9jIuNl9mPjJ$7ujZnqai5ADp@?`7W1 zYhFK8$8YA~j@7f9kK1W{Tk-1Q&Fb{SY{zGfnw2@sll|GdqXzT%sIjJ+waa1r0Zn5{ zQi@{=?FC69=)&Y_NJ-6&+aFGUG>=%`qy|8X9AaG;2+)8M27gc+&jEcfo2Sim*gC6a zv(lStnC2=&o@O`f5*Z2SC7B4?zz0M_)D?ntA|~rp;kg32BGx4hj|5jWvGDSux2r}0 zmkE8@_Gvcb@jMT>%mX)PH6({r(;PC*u1D+@3N7=zcn-8oc^y-cQeG^qPPhx3r>d{a z0eKye>CdhD*njuBiTz<%Z%jY!4?A}XiiubMaT?uaWac4MkK6I9zcP&)WAi26`#kNP z_6)6g=f5>ZO`Ay3I+RepgGtCimU%QMdH*S&gr}ZiA!*B#Ca>C$XLiSF_w4*G+c?>< z_7p^rhPuf%tV@A@W9(L85Xee_Gzes8fu1YdD|(SH=YPwSgz2Vvo_;y|YXALgoQNN` zquKdMH5WrIvs{2In9E0@LN^+-n@dfWM$Q%--S5+?T-H4$r4Zr!xX9p11aJR^qrT4( zCz9ViGdyEI>ad<0ywEKC_apCKtfpKgcF8zJ;UDIj#4T8tAH^+ r^nex+z6JGy_0H9n4xBk@<D`p`97~z0R9? z$?J#e_{|>Nv3hp%aXXD~D_%XkS)G2^?f7g^y|RaS>VJ0bXuv)`8f>Ux&2kujz|feI zl;W5|b3u{_x-fYfQc`p4_J`9S!y}g0sR1w|huFvh0R~XQ0Do%YIiL@A^R$@`Th|*^ zugsQBBf(WoEWEtv?W$40 zWkO%JeVXlfJkJ9z^T7344ap%jG>6Qv>k)f}!l*nio&%#&E@LWE%8P}`guAeLDtToN z$m@Vie{R*szJJ$E><`0wW4md8*tt_sOuYJ!)95ZEvk#$q+>T%Um1#5>+b{9n=V|YZ zXK3s@|7|d;n?#D%p@i}sOhOK-%%eHU`%n2K{OcJOlBPVV^Q!%LW_O%+&(80%iIWX$ zPeBA3kaf19ECu?Fv0H^fAS(sZAdsB}dai7*=taJqFMt0eY&*^K^vm_H_TSIOiTGhV z+MSu&Vyr{d&PQPRD+F+T!ag0?JOB4Kk*{vGUZq7|HD&<&sG2N zIbzM7T7NbrOJ4I+SYhTwk6XriDI~QmkqEHzApoTkhKg&ZsU{k0&}ao*c>qFPZ@KEo zfE@SNF=d2wqEkbqwA7*iw5@fmRf4u$IV4brF=M!6Oi9`*fhtfMqz0jZYhW6v2BN`( zK?CvxmLVxx$`t7shyjV7k$!L>6-QK1QDM*+-8_JB3j-Pm5!iosz_@e5wbTx@qb - + @@ -26,22 +26,22 @@ - + - + - + - + diff --git a/creusot/tests/should_succeed/iterators/15_enumerate/why3shapes.gz b/creusot/tests/should_succeed/iterators/15_enumerate/why3shapes.gz index 25e3bb10e07588b85a718a39ac877347d6017aab..05bdddc408363458d86367b6b8911cc1f0779aa6 100644 GIT binary patch literal 1756 zcmV<21|#_&iwFP!00000|E*U|ZyUW4zUx=)Ep2k)@S6pE5DW_xQ1sGb(NhF2mrRVx zT33=2zyH2NF1gyZr8Ifp*9Vy&GY@B;nc)uq^07I6bJfFY8Y zqiYwQp3lFvx+rVhOam7VFHhm<&SCd>4#(E4)3Q50y2JTHYqFuNH8UvmfD|ww+i@Sz zzxKX~!?CGiyJLv^;^_!*?KmKd^MGV|o&o14LLvuf3%E7%kOu2=I$xI+R##|Uf%P1Q zjR1=^$hhpi1LvbVoU++(tzH^UN?^$)uv3g#it)KP#VQG(+tFfhA6uR`Ma!$4Tn0`i z&sA$G+4Vnd%{bR(I;Km?mP^o!+64@e^c)?DEun;hKADcRjP?q53j4TnckZLx@i$!H z+GRJ5-2LvMO1M||3TZ2Cfa`|iarhqk4^RJDNPSMQui)b2!R-rN;y1155le&TWAMYF ze>`Jxt?r#4o}TyN9Qveuzx&5<2$Nf*p{K{g7nB$d7~S!V``tf>r_j0`%dj#J?(nw& ztj@nZhh_@x${oXL*nbOEVPpa(orLCIX_~(>cf#3@%rVD(KF*;o4AbE-KOw^&X7u{u zRXURX{?=3J7E8GoV!m%0fx{CYZd%~Y7y1u`y z{Ih42z|)(7N8^8d&?O^a767`6tCzzuIRDjk`_McOXvgaQKG94{DAyCSS$jPT-?RnD z`ntxV=v`29tp4?aNk%a&uS-BW1H|$FakK^HhPgBACELT2(E(jg5<_NZn!zoi7Du&p zb^W7sT5tdp30Y~Ls06T4E7jCYz8Kp_}C~&9IWf$k{nrHpvWEm-V8fOrD`M7o9!~}xU~p7*EQ^Ew7&6G zDq`=W%=9}Bl0$bb7gwb>b7y&VmRDzaR-LXC&NiD_a`5arhngImY^LNWd!%J%Q(&1{ zCI=H&l7orbL>|KHx%N>%>hj+-`EPpsKhok)9e!@@?oy|>_#zQcHnpK#yZzbi!{N*M zYr2Kb!!CV>p4R{VFgp)O?w@I~5ZJbMiJSGJLilJ$%5ZdJb`SFUTHu?h+n(Y&HO%bB zQ-LpJ)ZpRCPqcyVh)N(Vw{M&1#J+Ey18nu_Y*5#Je+h4)JXVO)W zO-WEyQcG=CnXp}cK+XcHN)ANNpCHm}NSL47S&oXF*Gkg7om4=4KSB zCzMB(E^|{KS!8--ZU029P5N7{SRYAeq&K`LLPghiEQ-iG8GGM5>KbLG6_#6OsRc_` z#uLU&^o9@xJ}4ClCj_{Rpp1~T0kA-X|VS}H8%mLe3j6n+Fq zgz?nGK2TuRUU+VBB>T)5mzHB5@;~j+4myuM zxzIT&Ou)8Ri@+qSze9CG+oAP+_mg8?q?OD}}`v<4+n zyFnc*wVmDc-*-rnvXt1{-L`pf_%Uuy7V7~^_Lul{srPxoB-bphr{qSbnhO2TUdRJurJ{IhrQorxR~EKo?0R{o(`cM z_T9sY4%h0|x5MMpE}TLaoo~1Q9rj@gYuxDZVgHFNhCQ)6u5r8lb$AT5---mQQsahx zGr;Qf$5W^#YFGXcj>GOtC=O#LVDgD*{)NZ>i||M4ZP^@ioX4>bWnh>VhxrN#c0WsR zJ3Q}CIje9^Ff21H{fml#+lI`$qyONaAND7O@96g$SPLtf4WGiH8tA&}cf;3+KXde5 zcis7W*T}^4tHjghzrD~|5ilcwulm*V{t$fo**CjTJq@&v)$MIeGs{%2r_3hr^^Cr0 z3MlLA!bSEwqa?2W_e>(=M9a$(kk0_A{TG4Op#3lpX1&bzu*~Q{p+}1$WoPQawL~qJ zs>|s5TXI_D0H!1)r@2&lIWzs&lq?eZS?9C!H2V3W^d)z3Wd5X60{5;yC`3Bhq6QQ;KE>>kAOTENXzZBM*T1+%#F zRKP{ijk%_t%4V68kuKto^>{%b?MCIAT5aZ+e|_m_&rddejq3BcHu;t`_dkL`&!meW zn=DYBrKLBkl(21jK+Xu&nb0}w)7U1zaCCkR>CM8ERAv%oaDRDtMp}Fn#E0M1x1&i} zAwQ~2?%VRnV$&n*{$Iq}#J|-_2<@fPROEHoV2dhv*#>P@)94lfD(#e$4xMn^fnzJ} zHS)HHK6I@Vz-*MbZ@CGm1O!3q3TfS6yETa<@*f_{+@?AR8?@Z)s0T3zSxbmNC;Ysxf;l0;~;ZAkdW3GIY(LOOvzyhJNo!ldG@?*i{zZA}lz z5lJMf<87!=IOGn&A#=k1)8$xbNlz^J(04pQ+o-maq8Gt(!?0;$M5r8+4)I@G6kFT% zq~cC#V!g3Z!$KG)G^N(azCu#4js*QZe4{z*dFXqi5NyMA!%#~)Iif{F6-gz*N#@Z0 zHB=xr=%nbT)13^YB~47XoW9p!=-`S3#lIKL^u86oX~8r+O2=|ir35;Sp^>&zm9$P8 zI=@moNrzu%zor9*UN#*{u30M;GU#=$Y^RO#4X>1R3Y`*8ai_p3R;~ - + @@ -17,7 +17,7 @@ - + diff --git a/creusot/tests/should_succeed/iterators/16_take/why3shapes.gz b/creusot/tests/should_succeed/iterators/16_take/why3shapes.gz index 0e1754a4e97ccf05049b5c4999c3fb3bc8953d29..15fe1ccf71603eb653df9cfbe329554c2b42eca5 100644 GIT binary patch literal 916 zcmV;F18e*riwFP!00000|D9D$Z{s!)z57?_wrv&#IQ(XT91J6Z3@mc#g2y!|iE52? zq(pMk_TP8-AzO9@ELtBd&T!`G@ja3J>7khZaIbzUKKwWxhyK?>77ssf&TsD6e^^rH z5m+cU?sXj6_r_0_y3e02v%<=KnoUnDa>!H2a!B{rR-U@9P>92q*vk2r*Yn?22~Lu;pO$@&%VW#xZUA-=>2tx z?jdBSWB)sr3_Y&jeM@z}4KLmz!hYu-@sT^XZuHY|`tY-yJXDwNH2K}`GDk(83xm*Y zsmz+=U_l8jr}vzY5+<*ds6tAyEK#EJDPpmh4)|2KdKkyyPv3re`HqEO-FF{nE#dUdCC*khBuJdhy{RXk0Ar@jI)R1*^jZ{DOQjbXbaMU$-s~R-jDrR@=y35rhd7J zbpv1A^j_ytd`+K}Ur@s6>-dh~Niz|n{qr3*Z^-sJ%;VtgTKC2EKIU%VOVs+_qZl*X z-;b8#E+u8&Fr3^P!{mxFn7kUpDQX)`&N?W_U<-Z#4;4j*xPhTLr(r3}B#hJ#{6tByD!h@%Re?}Rs!NnR_`nL<{g;uWiC1r^z7$w$Z`G5hD~6 qg2e{9Xiy&M<{%49K_u literal 917 zcmV;G18V#qiwFP!00000|D9FKZsRr--TN!Fn>K?2ynM4j7KRZ)1_s%5z~vZ}Otr>1 zQX)HP`}e(k$fjKZgVqa+_jPo6j(GXgLv{MYz4}x2;iuDK9Dc22_3-oR{N@hBhb47h zfrWbIUZ-*Y-uaWI?(=8Mtgv#MqUmWxHhD5xHtF_S%2U-93UPRet(<>(J^yW0E>?37 z)aoJ+tjURHo1&&(*-h1tQ#I%8Cf^?mXb5f7(87<}4JH&_vQ%_M3VoMd%iK&RLSBhe zcTHmpKrB!TEH@5pojIoK?19-svd63o5P(!)`bKXog#vxn}v9 zH^F9_cs5xu*kc9TDi#}7Z#$wPMSjwip_Tw+w@SXhK= zOJ(L97ez}bIlb=*TSDixC91Hcn3h_i@+o4m=nnW)xOSYT@lU`1^zt1Ozq;=}MlI#8 zKMd|@DS65PYr`8zEW`vrw8!89cgE=MaQ0J7c#0Wh0osDJU@|ZyfcL|2mi!a`htMxK zw(j7IJH5Ag6<;$X=8Kll`Z~QMc;ZY%Yx{hM%{#Jw4sl$(UGu)U!AIW>e2rY+YZPsU z=ljueJf)=02ZobdVVGPH2Ax-7I7N0mq- zVuHXHgF;N)D1`YjgD)w>h-K`ePy{Gg#L$gGjLr&$RoKL?9p8ujX({ao^3g~wHH-35 zo#hLQw`*RMFZgcYx3hSc0W|o(&X*&Pv$8zhd_gZ>$R&|)ei2LL^C-6e1w$=kB;DC% zsNvlc2h}d#gT(;jd4Tclf^YtM_vTzFGfgF{ zvZ?Ry)c=Q4hu>=DJ0e@vb0=gk+RhnmykbD8+0%|uUCBl?ykQM(pdqW)wStJ=aKI0t zqb)Ut=#KYwfH=r7j4TuJK z1FV7cD(Z2r3GcP(TV^^AE$75>LY$(SleVJJP||>z3!qmT#~SaAYz;`_ocG{pi)WYg r9&{|AMM3X6sk#;`de98(RL6O1IO%)ZDQ98MrN5FuZH39Z*x%PeSNCuZ_aLFX_>&5J(^AGf zpP>bL6t1#+KJq)Qb!AEB&KDlWnI|&)YJaVNOPZA5sw73Y5#fG~3cVl)LtbDIq7Awa h+;kkGv58}YMq{)#^e1gnmq6W6`~as0t&@-d005RQIY0ma delta 126 zcmV-^0D=FI0gnNY72gX6@VKV%c!0Q#cD4-sX~T#x_&0QKWN`~Uy| diff --git a/creusot/tests/should_succeed/list_index_mut/why3session.xml b/creusot/tests/should_succeed/list_index_mut/why3session.xml index 24c4d7fe46..553dcda13a 100644 --- a/creusot/tests/should_succeed/list_index_mut/why3session.xml +++ b/creusot/tests/should_succeed/list_index_mut/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/list_index_mut/why3shapes.gz b/creusot/tests/should_succeed/list_index_mut/why3shapes.gz index 8c1f15b4fd2f3fc62c939c0276540b7d41017da0..5e9c84f49e0e651ac07b2c8aed4590eed88d7e58 100644 GIT binary patch literal 722 zcmV;@0xkU?iwFP!00000|BX~li`y^|z57@A);3VkNVX&w_7DOlfn_g+Ic|_+xeayf zHumoJ=U0*?OUbs-ix|zf=DpF!O+I~BKlPNq>g#kKhc7wLH=nZkmpTuxNNO(uLJ%p^ zI@|5kgZidtwLyjyocQd-!;^Zjnt42)hZ&2l>SufJ^v+*d3suOP|ZrPlmRJ8E+7uJL86-RdL7?%`{D9qsn(qb)g$oQ zIzWXWtz;`ndw9LL59A>b76*<{hQQJuUSHeK-Z`>laP+6 z-WZR>8f#Une$oMlX9LZkuUH}z%UlwL!^G$f)O|m`9WP_6d*lupqju8|?j9f}Tv3le zflP*JTX{(+!{C`uB?FK}$RZ=mp}=jqLu5gbM90dp#_c=bKV~K5eaz7-C?exxRr6fhhTy`^9T1N`gr6#-M z8>5~q%+bQ!k%1=&1ABPAS+dGVZh2`HSI1nCT3qacQ@M5fDvj}J9JJdFiBv3+MzDd; zNLgG=W|C#N%e(QKpNCfeK3-ntY#l$ru((EYM5)4z!O^7hgC?FNRq_>(Xp8-ZbZeT! z9LH29yDe?|G94Jwb+xQbAYW;{!NP9TlG}=|S0J~|Lg*+^+H7NNw}{5%=i(u0k}CPQ zcqqS`>y(J$t1N88oCF>fcjFW<@B)S4lWXmN;(tz%GF83n)11t|<-0=ng E0Ks2pHUIzs literal 725 zcmV;`0xJC`g? zq?%UQZf73MH#?b)W}1Q*pS^f^G7nBO4aajoX}&ex3cI}Y8e)sSS+l&lUQ4z56A>fw4F-fa8f@?*|+I`^j2 zP*%E$H(*NZUjwT{pZPFGFiPUHZ|W+IK&?hXFC+ zlZFX!&1CGhlV?B~8_xoijDzG6MW!*w1h?r9i3NNWoie8!xA%O1nT3$|F`IwKbkoZB zws`Y`>XLt$jcyjK)NCH@+Ekd&>$7a&(Tp#(6SkQ6SPw6KJHB&TC`mPA9vvG?t3+Ws z=VW($V>FP3d0OCEGYAA>;66c*OQulr%S%;S9Xx32=HeEd%B|m5iN>d)w|+OIrecmn z!392R%F<#o1k3a;KMmLX+_(1k@$xcdOZ$nAi;I#cii$l3PZJdyO#(^O>M0<}mg~VnvbCxQ(e?o{X!PtBjy4 zsMW(&#`KH1S`#romE09v+)bZ{>&!Do#>C0Ho}v662A}XStGDZUvRQIz$p2)bf5|lK zsE)jYP!9>uR|E03@k|20mSRp>)-b^fVwG&#noDa{D*%8us^Lu|DarYs?dcx&BqO9| z45+QuspKt(6aG-FwMBg*0=QLqxi2yz>Q-=J#7Q!A1c@<5$+l2d2rw#_dy)MC=zO`> H@df|@ - + diff --git a/creusot/tests/should_succeed/mapping_test/why3shapes.gz b/creusot/tests/should_succeed/mapping_test/why3shapes.gz index fa19e347e123cd34f760cdebf11539b72f9797b2..6db2d6fe627fa3eb802fae0f8d89aac42e848d07 100644 GIT binary patch delta 402 zcmV;D0d4-A1Dpep6o1^((u*H}p;8VJ5=x{VD<6v%+q9?zS3r~Bufd3rgrfF>%+BoW z?#zSdwjc1NTKA-yw$$~r8@k@316z1k9T=>t^f^0fsVa^*E(H=8s*YpmbXL|KbQy58 zgGvblr>T>e)~hyn;{@7UF>H!fA>k1u*((Q+6M+xiVL^c13x5z!CxLhrfU>St!>Pc# z|BGOBr*eQswYoYf&dgRuAlFT!&q{8Np949BqO76fB<;60GL&r0*VLb8e}TX+08;jk zovCNJ{;p+v$1ywL$%^UGPo_|-^Dw3AE(?>HZwQScTwprEslyYu(2ZNxqFKy#pa#P4 z6Ij9VXzdz)F@G)kW0cqwZ=>X_pESP~&5(s_C+CK!qN}L-sWvD-9fIWH5SV9z@@&l> zV3?NSb2>7ti#Fipvq^6o`rQ_bul29nN=93^gVK~`;W!||n1zZ`k%vUYiUf=SrGZ3} wMLt$8+2cKOqBt*@WFo+dFd1VaDT<_@hs-B9ilyuCsSBa~0J%?B7z_je0OP8~`2YX_ delta 402 zcmV;D0d4-A1Dpep6o0;@r58U4m`XWBNGOqdtb8n5Y}2ATxB{B|e$7LKBs6L{AbV## zyF2sXqviv?bc2q%Zc1A{qY(Lz9&F%Ux8N{i>?u1~rH#OXloCq{Wm-s3iM#zaS9Z3V%?+CV_YqfU>G|Etn+R z|BDcOqq2uuH`W}rh}=|8Ah&gGPg<=GpFKH*qO8COns!q=8Aey`@9Iyp+gg$r0HwOa z*44Azepjlw;kX&dWW{voIy0#BsqbRi^T2fG8^&V@XP8ZJ>WKsuwnk+o>&0w)>RJX} z0(WpST6+&an}5dt7$tGV>nKIkb((LBXUM{~lXHDk{35EZ>kw3s_CboU56pK#`9p13 zz%d6#AlS$lTpR*kUYmBd;oof;@O$s?+e$}UH@(u7W#M_6>w?7)K^z0gBd#GR3c?j; wQbnN*5#5m;_Ea2G?LH=D9&<@^8uCzwYh2)1DIB3-#|s?o2fG4j^$Y|60887tJ^%m! diff --git a/creusot/tests/should_succeed/match_int/why3shapes.gz b/creusot/tests/should_succeed/match_int/why3shapes.gz index 7b56f522fa335bbda1a6510348a446c119c31fc3..d19beae8e8309b5e761e3125d46e80362cd8b152 100644 GIT binary patch delta 277 zcmV+w0qXvw0;B?v7=PJm+z&(#)kH-ljwp9C5;1AoXgm1*G)?-&%B7Z^_o@B(ekZz5 z{xY5TF>QCeoF7FZb`O!Q_g8*vzfCBXD?W8b%aRK%hgQu6AJ5lV-t}J%hr~VgrI`}1 zY#P@IEV=-0vgBE6rbJ+=>=zjDvD)ETtCF8qzd&%X3h>Fde1A6Xv&8|HahHw9tT})N zzX3j%+u~`zvQ9UaCofK3Je`-PNj!0EvdNNX2k~UdQvHv3z80q-p3mYmiDx(B!=P*_ z9yY-0=Fq998vCGm552xM%%&fCu!1;v2ux}GP=BTTynvGjyx+W^hqt}zemzQFxfJXa@r&+MgVHc1pWbjXR6I2a=h b%G_o}){;;P-42;Cc;m@0wQ0FbwE_SD{}GMp diff --git a/creusot/tests/should_succeed/mc91/why3shapes.gz b/creusot/tests/should_succeed/mc91/why3shapes.gz index 68cbd139ba7df01396d4564f0a0fa03a2ef54877..c6f1d548ddce915e4210435a6cd743ee6ccdb1b5 100644 GIT binary patch literal 256 zcmV+b0ssCViwFP!00000|8}EVe zjbu|xmC^!EE)t7;QjMINWZ)z#oMh(66;2SJCp9r5+#-PZ3W(1ju>#^V=uZ*u7NKbg zP}kuFJ2-h4CQyri3htM~mOp!f*M4w@W$+X&Up9Oyg7 zZ%1T(HPppFhB`7tCdd1($M55w5TYz`Rw}5JN~P6Kr+Zcb*NQM9Y%MW;A?OQ{+saOA{M3mhlzM^)<3-Jt`C1(29P;Q~lZpg%>}%tG@V zz!>*}1Dq_n38LA*2%hG{=D&M_W7ne&64-eQ`5I_})AJ!azZDNj3U%{Vw0&c&ALu8> zy~DG<8OGT^hOuWzbV{qXqo2c`2*E0 - + @@ -19,7 +19,7 @@ - + diff --git a/creusot/tests/should_succeed/mutex/why3shapes.gz b/creusot/tests/should_succeed/mutex/why3shapes.gz index 2518d44a7e04424982dd7ea817aab5888c6a21a7..c7432c344261ee68d564a7bdb76e2553a0d8822b 100644 GIT binary patch literal 557 zcmV+|0@D2-iwFP!00000|9w--j+;Obyz>>@l58&1Gt4W>9?)tLkygrO)mN*5A?w5o zUclbu?=ugG?7Vz{a!+;9R5fpJ^7)C5ZqCncn)l=IAy@g$yKH%({cuKBtq2e{$dPYQ zpx9u6#RetHD!U7)W#!sjM4Tx<*#@5d=`>2O$sQlXrn_S7sH%te$(UX(FJvkHG5_rntn-NAWbFvum{?LL3Q z<<(Q~w{+r+Tp;IZN(iW2_XbKjPOcq?Zol|l^MwbmQFh(@_&Oqw262X9lRe|Ez!@5iA%O_LjzjE>{HTsVOuwqY3X+N0H3|IxYUBFupO=`#6YIepE;f=H-GDU-F|-7dqxPS7LPM-Nn{8s6L7lTIBuj2HnRtIq z);U$8Y6`q7cf(kEcQ`DKQZbyNCTful<|4@>uj-{XA)W?$ z)dRii#ZkD@19hnfGUZB|tLAdN#xMYglt&?ka z6q>Z^W#%m!&tf(A=g|N1e(3#a978`B?l?^Ig%c=J8pZ;zJzAWlpDsKf=O3H&zZL~k z!E~H!X#-;xwAH-QLVKk-fV8UAt!iakwW8%Mw5$-)a9%NQwXBHFxv$jLYVg$-I_W|Q t&;o01Yp&9QBQ+_5+3mKz^Hwkx=*XS6!gk825=0A``V&aIdx=d1002|n7I6Ro diff --git a/creusot/tests/should_succeed/option/why3session.xml b/creusot/tests/should_succeed/option/why3session.xml index ed056d8283..9b13bfa961 100644 --- a/creusot/tests/should_succeed/option/why3session.xml +++ b/creusot/tests/should_succeed/option/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/option/why3shapes.gz b/creusot/tests/should_succeed/option/why3shapes.gz index 8675188d40928ecbd4bb59cd1f89aafe01bd62cd..4b16b172d462e9b2f0579d5174590dec66e632ba 100644 GIT binary patch delta 479 zcmV<50U-YF1MmZo8-F4LbYTP)D4>WJEx1g;STbrLwPH*4_jjlfNy&?eukSo~B#!fS zSB`)DXFrzr{x+V6%TuY!-M3=8`t#-Ppji}iEK2Tpl){N9rIS%su8LAQ6=m(}D7Dj3 z8fTiqe|MaN|9$({w_A-Rli*+Quj9-d**>I$xUTAc`u<98OMht$-L!NlN^J7aZ@-4W zefWk^H+#ZBxqq2^YOHt}E_6N%ZHgv@B1Okmd5StDCv;I>ZDzz=({7rVk0WcSN#@69 z^6VS`G4``HJ0cF*)5}7KN(Bbbgq()4Ovn$($%K4E$hL$m6D~&vcXcfc9{IpL@_}h7 zfuR#0=y@2_iGL6DAvuW;^qMc_nuo7ct1?*D>wST0*_R-$t2)}3;8J&mA=AEqT<;4= z43YK)1nmom4JqCR zSPv@Gg?lbf!>ye9ae5m*C;UHD6k0;xd2hNCKMH?R@2VD^>^gYIoAY&DGG-ZAW3{cV VvXzxqSZWJEx1fTI5KJ=wPH*4_jg7kl9Cq_U*CD~NF3+u zt{ne_&wecL{cSuCm#5N{yKlvG4d=_LZD3w=HYOkZLd=;hfCd%5^QCe@K zY<$xe;k%a-!tdL^zT0XnnUws3f4vmVQS2#A;<~E)8Tu=`9e<}WY}@gnD6uI#zx^8i z_Vf*-Zug9Va{n^-)L8K{T=;xJZH6aMk>O*jJjEQ6LtUIVn;9|JcAMtq<0x8g()qE4 zK8H4ZjQwoQj*3I}{IbyDQiUNiq2ysA6Usw!GNIfMiY=kYgv*iSuC7JEBOf%6e9&~9 zz_5uA>^uzW#D53&ketK^cFmV^?Za2DH5n}H^}ay0>wN)@ zq0+v9;(YeqbaqGw75O6E7Sxw({ME<#)$ zMPLAfkPGxEuU<4wJpC0jl~X@XZ^P$=|A&eqC}rzPz8h^o9cYAw{D%Z*v}s=OOE8E*nl9EM82eG zKlJCT`taMm_(T2f$HU|B{I!<#)tBn{>K>opE!kA=+Oa8YqIfWf*+#4~N;yXT$EY7-l)f{20AE`ms<;D^8wSDSu}p@&v-lSfo%Zt1XZ@ zUeBhPjmp(c49kTLo|H`k{!-hq(XvyZ7TD>w_-Ne2G4uQy-+UCZXz8ZO@CTsUY5Kpc_&DwH1j>&-usvB)3EnF3X2`v+{A0Jw4g!DaIsmcZYq0Q zcf(l!S?*oFLK~~$)xjorQzw3C*+0O4h>sZ@0zSV6F%m6h228hw7G0I3I3^&Z+sUa0`t-b8D z;H{=a6X6Bv2uSS+1rShEVJM#xP?S(ZaX}1d1C0S?KpGGRIA#(;wN5%vN;<8ZX2&|b Y8gCi?saAJ2RffvyFQ*@NOeF^Z0LB|X=Kufz delta 639 zcmV-_0)YLD1&sxe8GoccYz^z7D3+ck+iqt*ktIW`Cucjm#5Bt74Ht-B@jb z&GC9R?QEJ{-Nvw7*wRVaG|(@#9UCn>1+>7=x230X_ovMB^YH4UkVlJ~>PMbISdg)i zAotmECYRBQvc9s=Wa{CR9cSt$TD2-pE$j07gU>u!hWM7yZXzIr084AM7~aLAh?;{x zj>DU`I0Hffcz=@?nU^OoPu>ZVDb0Kj*LnZEeH=SKkg(YC%}u-pPYVoMPK(V_byL~f zx*req@8#a*C&U2jLN;2y&>8?Qf@PrgOtxGA&*_(cA-f647GyUI;Q0VFm&l&*B>v)e zc!&5oP^Z8Z?(fmX72IXBzzMg@a0gFDhe(jG_>zR&1%J51aVA#@^0IzIxLtrd9B1k_ zLB1-kiO|b%2hTYJvIO}IvAjedFIoI=#6|Lowk^6NKC>f`%SRfY}QUdgG%hdDOegm?_`-zgthHci;7 z(v-QXns~NzeeXK9Q-0Trz2H0FdEWDV-}=4Y*T4;+0WiRfHmzxlGSUdc4V@ZRfzaBk zUQ4mp$TX8)vYvs`jv;`A8l^!oB|ws(L0T{a+CXcdF`x`c1A;PjQgoWP4seH^7ustE ZUAL3ylmtp$V`ETNe*k(ST<|3a0024{M1ueT diff --git a/creusot/tests/should_succeed/projection_toggle/why3shapes.gz b/creusot/tests/should_succeed/projection_toggle/why3shapes.gz index 3b20725b4e5a97bc0ac327b518dbc92d13cf4af0..bef222cbe987c20c137443459570cb6e43e18b2f 100644 GIT binary patch literal 583 zcmV-N0=WGjiwFP!00000|9w=+Zrd;rz3VGsl&wdzp{oz}#^2L|zbacDJ*^&w+YH5|Bz{;Il zx*wLih2^DN2E>Yph=2%0c(|DRKD_&_8~oVs&)&*y3L#6puPTKqg(`JbQI0yw%SpJ= zl1WP@Z9+mllx?9H?&^LR`aiyX`28!wuG<~l-kNHgilr2!P(7vL05}COQBP+62HkaZ zH?~0MBK!ij3ZS&9)?lrnA!-&vV~E%-Z7JN4K6Y?jUS2o7n7hjDM-P#}=koYsdUJ7? zjuxNfqiT&AHD=Us0E#VBpqKNGDfCbCR+h>&`b%KJO~nE$5^?sHRpsjb3GojTQ;Qjg zCNeS0$T((XBzBo`%NX{VF*wL&N{mDcIuAjnqEiH7shP%Xpz7+%B7r2DS3iS!mDyF^ z^+WzP^smpS{^e!wGiZrHs^5yi=fv4VIIV1`jExQV@oMzs{4ruTd@i>C3=pP-^OMzm z;Gp?>`&Tvc$+@)+M_wR>x{J;u^cgO0z2{ftwk^Hb9@|MOaflERNPDb&?8+q0mX?ww zVd>wm#~v?`?)HE^y!rIZn|xa2(+~UNru^c@X+Ipl<~m<|&dw*hKVA%LNaBV!8404^ z+ok<(z%C5bcIgo#10p>l2?2iz`)z!6TRXaGI9!}j+ZaOCbYE4PRGL)!s^UO84s{Z4 zv@B^^(niGB!^IYh0lOQB%0k5qjjf%-SD~G{xd+F63tIF z_kq3U%k5v?sz+|1r&He&l6W|(Y1polj?H%0! diff --git a/creusot/tests/should_succeed/red_black_tree.mlcfg b/creusot/tests/should_succeed/red_black_tree.mlcfg index 88821ea705..6708fac70d 100644 --- a/creusot/tests/should_succeed/red_black_tree.mlcfg +++ b/creusot/tests/should_succeed/red_black_tree.mlcfg @@ -2173,7 +2173,7 @@ module RedBlackTree_Impl1_HasMapping_Impl ensures { [#"../red_black_tree.rs" 138 4 139 86] forall node : RedBlackTree_Node_Type.t_node k v . Inv3.inv node -> self = node -> result = HasMapping0.has_mapping (RedBlackTree_Tree_Type.C_Tree (Core_Option_Option_Type.C_Some node)) k v } = [@vc:do_not_keep_trace] [@vc:sp] - [#"../red_black_tree.rs" 141 8 144 9] HasMapping0.has_mapping (RedBlackTree_Node_Type.node_left self) k v || HasMapping0.has_mapping (RedBlackTree_Node_Type.node_right self) k v || (let b = DeepModel0.deep_model (RedBlackTree_Node_Type.node_key self) in k = b) && v = RedBlackTree_Node_Type.node_val self + [#"../red_black_tree.rs" 141 8 144 9] HasMapping0.has_mapping (RedBlackTree_Node_Type.node_left self) k v || HasMapping0.has_mapping (RedBlackTree_Node_Type.node_right self) k v || (let b = DeepModel0.deep_model (RedBlackTree_Node_Type.node_key self) in pure {k = b}) && pure {v = RedBlackTree_Node_Type.node_val self} end module RedBlackTree_Impl1_SameMappings_Stub type k diff --git a/creusot/tests/should_succeed/resolve_uninit/why3shapes.gz b/creusot/tests/should_succeed/resolve_uninit/why3shapes.gz index e3e4717762a1ace19d64829aca380a500c59021c..c093d5f7c65d2dd324c7ef124c1c8084aef7a0f9 100644 GIT binary patch delta 406 zcmV;H0crlE1Em9y8Gkd(3@hzn6)j4n9xERk85mUBEHpq;_1|~QN4m`c+p^z#_Sk&d zrQ>)06~^=yhOzCt=hUXV&&hP*w!4uklG)oMzmTP@5T6ki$9)V8X)gFY1|GuLpKpQ8 z>kN-hs$QHY_qJqRbmOTG4PVbw%<|Xa8VHKl{j|ym3P5@Q5Pzt-8z{*yWA09I9w!i{P!}U8!r1{ z=zoX$>HTMwanp8uCN108aG*p?%d9f{M*@GNe5J@rUMMFoo_FNqx8yLQoCJ>STC@aj z4||3vzr~14M}LHwj}I*o)}G*(20*A*WmM6udB`7#;5VXO0G`0DL~vpxf1hYxBE(tE zg3cc0%qE8mz!2z7PK&|&0$_d;VEhd>1jrKRd#mDpXgTodN8ffyVpXNMa%Jf~y4>gr zy=ekN%}&{%ZHfmts06dDE?pTwd)rtIHnXlax${buP7nD!H3yyi1^GhY1r-AT0Nzi= A3jhEB delta 405 zcmV;G0c!rG1Ed3x8Gi%wvC@E&IJ^kIkoD zI)3M0VN7pf7~8&kPEES|oJ<#PyBnz@nY}sk3mM7_@i}2}+{Yjz%>|#wz(W}O^DR*J zI>V!rsuSnPzAafB-FT`)!`Jf^v;1|q27=;sKdmx?0+1d61b=Go28w(Pq~!k-@Wm#u zRIx~CpEmuFzVn|loUUElwNoMk&%ooyC^9CEPtg)qxy%{e<&OBm;Ubyizn2L;-jR#nlEa9y5?C^8(Ga{n z>=~l`79%bl5r1YrKD0zwdxBdU0HIoyQAM-n!9NheZA7yG9D!YlV8uxOKGD2Hh_hx3 zI)9YQHaT1X8G+v9v>3cE0OltF#@}E=fGlCYw<_+3mII%D^lg_UMpcR{Tb9nD^_i~F zWldnH*(wvXN$~&&m4rH0^0GFnsVw@+mj)~C8l!w}H4fxycF@URkODK(6$1bOjc&yO diff --git a/creusot/tests/should_succeed/rusthorn/inc_max/why3session.xml b/creusot/tests/should_succeed/rusthorn/inc_max/why3session.xml index 99f2f4eab6..cf0b94f138 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max/why3session.xml +++ b/creusot/tests/should_succeed/rusthorn/inc_max/why3session.xml @@ -12,7 +12,7 @@ - + diff --git a/creusot/tests/should_succeed/rusthorn/inc_max/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_max/why3shapes.gz index 83528b755106a4638f08cdd7bb89d3d15cc84752..0178a0c1bf2aec3f98cb8366e2f1c0a027540eab 100644 GIT binary patch delta 492 zcmVn z=Z)v%?e!)ef8lRC#;v;1eYH@2a137MSV;KIV%LeeraH5aM@%whxe*=7Rf@c>=c<((;4#${suGvDxU;@?E!F zOG2}zsm%i?_;qpC73Gd~?X4W!?*7o9x_bP`&9!Zzv~w21XQ61wMd=g|lqH`!t-Y8$ zq(kqy8x4Oad%co9_tJy4zKA(hmreJs{Xv`nv<2Ax*JZM`+ztF!?BWBlPnaaH$r6T# zThc#SN4scL1$F^6G5A;TXhkvfeqfu4upU>TwLg%ys zrdJFV8PeY>lSM{Gi?C|~xv#>A6;np0tJz2cGL|acwkyw>GOX}8Sr@_io{PyH5Au(q zs$Gn$V_faFfbtayUaRnlf-;cpBFojmX4wFKA5ZiVC4Sq^`fq?QPVnR+3Gcn9$pJYK zx_9B+233`q>wokxjOjBz*ta?{8THJ(#l<^v@eC_(LzV35LfK<)JvJMCUcc#< zYe{TYnA$wB#xIMrYAAPXTW^)v^>_Efsc)zE++5ohN;_vEd=?oExvHJwfwJVG)5?p< zLn`*3yV3ABvR5nFb1ywu>x-D7x+2`W_D697&=z6$Ut}xRayRf_v5R-a9xzE>!4ihY zThc#SN4scL1I+)*)dhRKILo8!8?TO}QBt-R+Z^;k - + - + diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_3/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_max_3/why3shapes.gz index 4faa37212d755d5e7a017c9f174d71d6b273ae55..efe486e66fbba4b5f0d1319864d7408ee103dc71 100644 GIT binary patch literal 836 zcmV-K1H1emiwFP!00000|9w?WZyGTWz4I%$rKJ~-#~-^@b3hR&NKsCek40u#R8#^D zkhDL)GaeguH%TMKni)UO*pHdFpC;qe&-lANjbGd2X?xgz9lP=5^XM_&#veh`znY2- z>}OlCzc?@Au{|AjuWbOeh_|%H)!}$N{At%WPrpJPH`{&O1v973__E!fQQy!?8(+F^ z)xblH>optGxZN*ThnM~O^bTke%(bTHlD=2b<%&40==#ZQqopDlA687DNx;P&)iD7G zc^fbQ#ChDE+HwyFT1`8SoeFh^&O$8?)Z}Qx3AF9rSb%bAt!D{ff=0IZ2=XFv!`O5O zt%HVw0J@l*Q-j1%_y?Z=PzR{;F{pTvI5O5Jgb&~f!qH1-@%!WXha=z2y}0Ep^BQT$74X>p%G2TF-mAerV%ka%njCwn&H#2JRO}p zu?|?Cj{Niz_YBUq3up_*1|b#AFf*3SAOH-g%PGx^#DPZ#AwlRhsz4M`kXhCBfK^@f zJkPA^`pT-VD9C(jm)1n8rr#+Q1e(f0W16Z%qRqTnzNPWv7*CE(U1hQR)KRz_Zw|-t zcHb5XQm61;(mY_UB`eQG>L4$O$Nu!$u47n3f(_>Rf`5qnmLtN8OYd@n0!}82 z=jXi=(5qon4Y0vJUyr0J9Lw~}IGT6U_4`}WQBO-cb4_Q`Y+O`OckHUu>6mp>b5{Tq zMfEb$*@Md*Y8+~WE*ha`Zxw(SiCe}hQ3IOyGRk%CW}5neMED{RX7*M9c*${2Tx_20 zf+0C9?LNp1IdeVB-3es|=qoYFVb-)X!F4F(Sp_wl&8KnKc76ixSlxh1e{c8D{bx^= zJ^oynA+x41i}gGKbTE*<9#j&N!bn^tSxI(MlZ-){NeTL)Qd~YpC;--%a>^zllekH; zA~vf@!RP=Igkfe?y1@&8M5WHBbo$arob=?!#rC8W1>=Guv&U5Uh~5BYqe#NJJ)M_V zT^Ma*>)fiYYP6fRY8thw)Y?>WgH6>|Z5+eB8Z}_nZc}OFQBl`f@;5e`=xf(H3XJhy OkNyFb6!f2s2mk;(q@GCWnSAqcwY>b5{uwUIAH(^wKOO&A`sM1k#n*I~zD4AJ zvsN3#FSZf?;pHKnhs){kV~AiL(jBj9dpe&_{|^0!?|;WO?e@oXi1wa0)9e2DLimAK z-uQj&HXS^s)c0bn)BgChJ-r_L%R8V|w6~f;N`^^AUnPo(VnnD2;EU-wGfNDWe+U@>ZG@&AgGLsOlVC$egb2POJim04{ye|(ugh=xG^PgZ z#G_|9>@xT<9b}(_LLTHFjj0n3f$#0FRB>}nc#ITAG?E=T)+mi6G!hj@xS=*vGk-eO zr<2zwwvp=7NuFNgLBPfKkzB>NsHBpeXQrAN6hM)%oZ}!ewUvW z@H$yCKkt=*Ne!24fQ#<=b|hDkSfO9X(Y~8*+TWUvds@@kTRNL((faps-<+6}z z+-6x(ThydtFoFhQp4rrH2nt|PY0D|hUmA_Go_xF7ft8|Sd^BuMn2JB6H$vU0lJGKI zUY>5curR%a9W{f&erL9Q(+nLA{VsKG*K7v^OZZ|ITMRqvJKwk4?GS9&4a~u=#ngB} T+_p>lf{XtFLiM_|jR*h$MRcAi diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_many/why3session.xml b/creusot/tests/should_succeed/rusthorn/inc_max_many/why3session.xml index 1ef9e98e1c..12130cc555 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_many/why3session.xml +++ b/creusot/tests/should_succeed/rusthorn/inc_max_many/why3session.xml @@ -13,7 +13,7 @@ - + diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_many/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_max_many/why3shapes.gz index c6092af5a723a450a07d050d600c84a0fa975958..09c39e8f76bba08b31db434b6df22a5166324cf8 100644 GIT binary patch delta 620 zcmV-y0+aps1o{M!8Gn>4%L6(fC=xV4kAsda6x-R1w$7Hc-S+QCN=j@AX%CVmisa+R zGe0fL<4^aiKbCL(;W+Hauca;*pNqj=+s4AuUAu)9?w%G4L=XT8!2Rgm>oC4ZyrSK! zC0E$ELx0>qz4aESqnwT)rgOa^{~+9Ue>m*_^xf6-BVjadH-C)o$?EmS!yEpRYeOr@ z>dZn%3*}$6t)fLmi)1$>M4yF~nWc)BoU>IHR7_RzwpyMe6>jaGjy-!|-E%UA?ZCX} zRj;DoI{K}73sTIC;FN_A6tsnE6|FcAF^dM=_roiF- zko1n-@doR4VSjJR-TqL%xX1qC+5Ihik=VeOO#(RA&&zK*^COTJFpIu9L?* z=emyihEtWjyO1Vg9zkmDvqYQ%AV-knLyDi}5CY)9ry`^8119XWa3Uwvs|@2}d-_7o=+_h28e2yLW`B@r(h8@_s`#pi!EP+^KF<%JGP$s~Cv#>`@xbP9MfDM-kq zM68nxBV}$LipU%{mqKYi3MIE#5X@{M&&IIS9Go;(*6Yn_APi&6^MKa)uP7w$dRe!) z1EDHsx>{o;rIA~#joM*f!mTI}Mb$&Qt=e`c6t>k?wz}GOoo-a4DqYH3EdB%AV* delta 617 zcmV-v0+#*y1os4x8GocA$pbnd2of|vkAsda)Y#dKw$7HM-S+QC%1Ue*Z4Z(qisa+R zGe6DB@J_z$+VSdT zc4A?Yg^sVr&y&TR7t59`#F&MriKR}KlC#$ybV^mrwpv^wRbd^Tj*WN_-Agh~?7+R} z)vS_VoBUeYdMQqf;G9Ja6pV-YDp^S$Y7`BG?}r!u&?0=h9@XCiW;ggPo+xVHa_4{* zSb8h&WP|m(@PEs4w?CAp@YvixhrdNEk{HCYkw^V82$F!HzJLe@l0=?qg)if~$sTV* zsB7*U4pols`ZN)z5#-h}OT-}nb_7#=$nhsR^Z`iVLyW}PVXgi&_d305=J?=0Np9n_d361~wuA|c5;F-|OoNvA<3lZK2; zTBSNsKVss>p{R-D>a9?!k3yMR%ot`gkw;^gj08u{lU;Al1EKA_ zJFq))M5wL7d4=SZAp~2(jVeqaXhJ}0cDsf&qP6t{?o@>VmDz4fy20W - + diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3shapes.gz index 1dbbcbaf483fcb466ec91afbe6050680966f8b2a..7dcd22b90f38de16aeb90b87ac587b022a757257 100644 GIT binary patch delta 750 zcmVO~h^`}sVw;zKF7CO-+g$3N|2!7&gfoK2-0tEI3o~ycN^aj7q zY_cR9Xie7~UW}%fDZ5NbbeYE+uL4#D64ER(~}dv|Ml8@0A^qTH!lj z@ytVd5AJrQ7T!bPi`WuD>ax&m=E=RM%~^9zxKEYa&ni7f8o?S4ov{qo_MD8eenkC^ zRjxd5?0IAR8BjWNB4ZXVP$D%EEAM6Vh_0d`@S}akfu-wiEm!?J0^9v;p12)}~<399-8=uNvlHC>Nq@D1v{$s^ate6>zd{#Cu*HP3a?O*O-# z*~Q@W+7B`n*o;$|PR)hu7ID=rJVJ0Ym8qC@3uhy!{wdu+WL7DJ;}Ki zY_g;qXieAbUyNp#DZfl9xy<7Y@>2p2P1`oFrnosg;Xe{6tA85yTCO+l_sWh)t?(VN zc;+F!hj6=6N8TgC7qKOR%w?hZ%u{$zo3j?03ZJU5pH+H}l)xJHov{qo_MD8eepLO9 zRjxd5?0IAR8BjKJqGJ{=P%1TzR^H3zL9U{q@S{E9z*G3VxT?RVY_g)ymWey-dptRc z28iBUI{TsPb$_6jVcE1{4^L)$fL}rX3|0N2$=c7*XPh$4)&U&bra0xM!&=_mVQ$hM zBkpoPYU!8JuoQlY8aTT~gV%)$d7^7>1?F( zY%Tbu7Pya~E%3w&?j{^+THSkqqCnIZdK83@WH=H|-+zQLq2R=YL9fD42+qSGvoMl( z!$@ox%k7t@HYJYVn}d1PEV<}}#ZG96W(w8g4wI>L33+ok?oDqB&7>zdmmXz-U{}>U zv}kJ01!~ioS$;iGA?dsa*(hJe2Lq|uC}3sx)H<14rwGibb4uLvPgC_D({tqp2>W>4!;I2Fv@W%U?f=@m z4%!|7X#wBrIN;5*@-Fr+!vA9sy=k|{rt9$xzCpb+IdOd~R_heyU)9@(=2REmR5OCi zE(WL9evoN|%{Z0m)I4(C5?ytRAP8=zGL2^4B4+4&G8OjLN&gz=%x9G2)xpZ?!Ab_> zrB&6ry|cEhIpT2zK`w1pSC0Cp?5la>&j4L8Jqj5+x5(trVQ*vp5(HzQ>lt~;V f1<(gV4G}U-GL^-d%%V(WJY&Hh;WEINE(ZVrSdV&& diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_list/why3session.xml b/creusot/tests/should_succeed/rusthorn/inc_some_2_list/why3session.xml index 9468b0e2e6..8638701533 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_2_list/why3session.xml +++ b/creusot/tests/should_succeed/rusthorn/inc_some_2_list/why3session.xml @@ -13,7 +13,7 @@ - + @@ -23,7 +23,7 @@ - + diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_list/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_some_2_list/why3shapes.gz index 61c6fe1cca9cc04cd6a07a030074d455e9e1a59d..8bde4df9371b6dd595032ccd15bf0518ddfcf2e8 100644 GIT binary patch delta 982 zcmV;{11bF72iymc6o2^E-Pwys$+on>90Fs41Q_h8(6NF1YJ)m28|wrkt!>wn6;noGAov=R;+tuj?zTU6 zWz~3Yz3-Klx!ZmrntO9^%kA^@q>x+m$Koew@y?v8bJzT;bTTYKr^6bx++~^Tzm!P# zkB-8Ag+{&}lgEIG_#l1c6YsPD#KG~ngg)|%yWk0?>wiLe<-9wcx?5F#I)3-i^`SM5 z2G^{J8o{+IMF9PSn072_*q>NP-8uu5UKbb{4rc zh(0M0{eRdvuPcdy?tv{T)LZ*yReOY_>ps($*cYZQZC(X5e_Aj>Wb5N-#T$C?W_ z_GFo4$GMwp{v7xcHBS6PJNNwfn54ZrUk)8?w E0G*HX6951J delta 983 zcmV;|11S952i*sd6o2H_-PwysJ!~y7hrpO10S0?2bgUseb{o`*+dP{7{8EzTSCRpC z4r7TFKarov5Bck5dH!a9ROjWd>U7?>$A6b<`SSO|ey!~JdN8bH+bnLNWH!sQ_ISRT z3$6a!H-@dU%)T0Kuy@tbb$@uhFxj$hPs^q{9BfXY`LR77tADQx`)V(3zCT_Jgp0Qh z7K~bv=Sp^tpPX0Of5uxJZ{)kRyPZKJDac48-c|#w@UYyO47Vlam4jh^i($)X8&kfy z%YC^a?^R~^$Gm8-$K83FK{DO|+qytz^m;p7t^L*MdS#nHWLg6Af9`bJC*xuWFDA3@ zlj-@}Mg$fSdVfY8m%km2b7~FC?rqS&js1N6(NsgF{nKOVHsL<|Vr2K_p^9&|Y1&(U zXm?c;xDCEnS{8o$g=p@~ovm=s(~&}M(H)ad(B#&hs&m`?s*LKFV3K}~Cf#P4@4tjd z508$*eT6~38j{C|iTEIW!14;qco#%q$PXzce_|MxjOWr0YyoGj7jilH}%a0y3QiE z0nsG|qJJA3@AV~7&^@q2rCcN1{A~&xaA{sUSlvyZa}8q9DVj5q5@gwB2EyIoa%s5m zV^5Y*cAWdU=1;QY%k$2;L4ny0k*IfT61>Sr*{f(4uEBG(h04u8_jwV@GvqNKBkd2)JsT1<2|zzYLU z(WmFPp){V1b($x>Ta!VklR>DX6d{hZh${~?>1b+%?m01_kBgAAlEovE#788}BivYz zGvfEnHZ&OET}C*=hX=fJ_<-2E2pY(NBMkaL@}{YiV?TT4A`7N#KOC5l%7m5b6dXzD z+<)Xe&~W%r!(pc3&^yK&4*yfcLvlD*O^C#*Z~#adK1AqBQJ}Wl#ppn>}g6LX>5pl_+_d zXoXxWB_tH0NNT|gO!yKuY*E#^mbTiJN>DRfl#-Ri;!bE*$^wfjUGfbsEJ)a?8dzE? zOBL5v6e`h0Stw9U+hwv*8@Uk+EHRZetI|Rh5_!4fyyk@fhP99qV5v9h;t%}%7$Ket F000-X^pF4m diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_tree/why3session.xml b/creusot/tests/should_succeed/rusthorn/inc_some_2_tree/why3session.xml index fd2bee2efa..88db4d108d 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_2_tree/why3session.xml +++ b/creusot/tests/should_succeed/rusthorn/inc_some_2_tree/why3session.xml @@ -13,17 +13,17 @@ - + - + - + diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_tree/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_some_2_tree/why3shapes.gz index f62bfd9989a2dc6611f038afba85846bfbc471f4..a8b62a2203ae0156bfcd520a3169e0232c752ca6 100644 GIT binary patch delta 1115 zcmV-h1f=`o24UEGm^8B#9xf5Yuv@<)H9oSLMr9a5p<4z=&dQ+ZHBZc3%5mfUJaVkk(zq7 z+HLM$Ps|1DK7WE1-aZc^jiL%7K`|oqcsyLaRS%HZClYzp;|^W^&}c1d9}Cp^xNvZU*c7eUU03IYM|KqKi^iNt=*uz zwA`d;o1q-mCCB(oK`cwOX-SOtiut0V=c_;9NlXz3!<6my+CFUk>HH(aZr(2Dq#<*9 z#x)Cbg?}y#e;`9?D3+VOIo)g+vEZUKC$ZK%sg;xNWHnc7o@ht4s$TJ=);wCe1LkA$ zNCIS9tBSRTOJaCSva40%59MjCkeRR7cdHqAW6+H52EFTofJGC{JP3?v$aj%t^3nN` zYC&j_m<)!G!1s@V*3H8~&YUx3NE9(UWQ;IzUVrP0L$A5u1S3=GCO=lHc9ZCiRMyUh z<{@}D&eSUda%v{Hi;S!*+V(hQ5IdR608j&nER7$ylmszgiDJ@St zrhm!hW9!i~K|^>1?`ib0ebKdWO5iL!&k27I^xfkOknk51K9ERn+|fpC&JaB4z@FXY?$xR;s zj2VFqulMjxuyS;=3j0$is6yTd9|On-firOO0~C%U0u=5$kM^VxwdhU4ipGyQqE!l0 z$Kx}ven$;&mntv=9Pd|a7Yk^zN(%h?WHf^YtS}7_NwZp1x#hB4(gRsYY0J7~!c?m!}ByRI)_UAA4uq}I><}f3QN_sq ztT|}1TCdGg3(ddazfAMq=Fr&`Ee1n8XD&5!=DB85=2ORPXMcJ!MOZqQv= zZql<=pAKt-V|*eZmL=LWCB{3&bW+jt-5>A*Q^dhARdc;IPrLtg{t>Vb$BQ{>$ef;W z&B9!v3xC5ukfGEk%gxrDZZ?cqaFLpmn5#;1<)l4XPUWf+?I2g#DPH8NqNO`v8k0v7 zAmdzR%r#sR!&}PRTyy+Gd73L^=IixgH3M%9n$b5V(uh|L+$(uC585sdKZL|qyELt#I7EF7(OqaMDEkna@EcM+%D_d4!? z-1=7!ava&P!U^Z?2(xX`b0V}v4s?POfqy01loNq=ij)&+Pm0m?-JkFRl!xHP4*+7u z!iLwo|0Y;CI$4DMaVe-o-UuH9$OnNlaPmVb97lvwxbHmLkwVm>Hwh~mKjw&*X_;Cc zpLq3KYB*l%zzk5{uh!0Hk}4r3%?_g8D`OebaxU=OWiN9JmS%IhBeNQRm6E*LLraL=pmFKjL5p4=R4sI2}cpnJD9Ap cSxyldWX=IHiELAux!TFu|6rm)5_}8*05pg*ga7~l diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_list/why3session.xml b/creusot/tests/should_succeed/rusthorn/inc_some_list/why3session.xml index e583331729..cced4acab3 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_list/why3session.xml +++ b/creusot/tests/should_succeed/rusthorn/inc_some_list/why3session.xml @@ -13,17 +13,17 @@ - + - + - + diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_list/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_some_list/why3shapes.gz index dd981172e031576f9623ed727dd12b5fc1a9fd3e..20b53173957b82434d75ef9a65ec139ea7e28a4e 100644 GIT binary patch literal 904 zcmV;319$u%iwFP!00000|9w@m*}rXkN1m0H98g1z%|lE zSq%O7P&XKTI(G`~ib8)>RFP?_jZ@Ey4~Z($cDSaUxm;J-q_hpzh9bUY4BIAn?@1E0i?KM``sLtxvMH+-=wM-WB@Xm(_6Zn{mxREDelK7KoHQoaWThrOppK-FYGN8YB0!tMiGB#X!7B z<}i_&^gG1}C`OnRwOanRGH#_+sCf3_>1_1p`;X4dJDrZ6)Yh>1zUi(T9_3|dOs8;e zXZ4GsR^0JkIr9r>8r;t3cMfj5e1kvfs~Lyxmr-mQVuj_>$efN+SHtx>JWTWE^4$k( z&%K5q+-Ze#g@sf41qSvL{Mi=BBarw7TwxZ0%zmtYO3$Y;QQ49fT^jzZ={6M!sie%5k`u#8r<|;j|jA+8|w7jyI+-_&GyfwfX6tTQFNU z*mW%5;sLh%S3_Q}KZVp}*^r?|?TKV_N6zMs9GesN*wrnwb?Y_s^|@;OYZ~$|wB>(j zZ`VWVyVt>Wgr_1Ep%nSLM0s?t3sh{;uE}H;;70INhIYfkD+KTPQZTOjA&(! e8e@d0h+$RLYE#wN5Shwjp8Nq%wJ0_b2><}Oqr(ya literal 904 zcmV;319$u%iwFP!00000|9w@+$q zm-b$p75xaw6j} z5HFEAOk^hgPALLP5hg{Qmj5{!x6&$9z54KUHu}@!TW9B;PDf9SGhDtey6cAL`8qVV zQ@C`q`b|+M?)a#^`7dZ1-QE{=4sN%6gFoq;9f$6RRcsn!h2_!^UPr0x;dUFIw)t@V z8iKW#UPBP>wZf&sg;)9w2JRF6VhiL6NWucHFiSw@KF&X-=hK)dv7|+pMmTG_O+{iV z88Q)tams|@6WwS7lM&^&qa@sxfGOb*zN+$N#udT4nF1~RZ7w#kiWrM>f4vJueHFpk z2=@tI$`y45@^ZkGrIXyA@N~qRGj@ng2%lnm3V;j5i0}-kqGTVL5%>_XUu=$GebC)# zT_BH`W*ByGhJUqf8Mn<)2+okp5WIZLDG5(}P%0HI6DOxV!80cUH1wz2!zvmU!wI0h zUmc6+rOt@lP4y%VdiT5Z>{mQOF)C63BghdMvE*0n(*c=pRv-qC3<;0D!_S6Z_Ork) zDhQh7r~7qa>VdETrMM_IA)UI*U4OObak$#dSC3cWv>LA3AYECWH>NQ7K11HM{T`fK zFk3g+b*#|h0k->9Ltd{x#nfckkfBE1iHNx)i@77G=7a-wb<14c1`R`fu3G<^hWrU_ z`5W5X^-%i$b?_bGrAUidihNz7Jh|5eT5Qq2$p{DVBX}xfyJ7Jag7eFI(@eCu<{XkGi`6 diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_tree/why3session.xml b/creusot/tests/should_succeed/rusthorn/inc_some_tree/why3session.xml index 5c0be4644d..701af2512d 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_tree/why3session.xml +++ b/creusot/tests/should_succeed/rusthorn/inc_some_tree/why3session.xml @@ -13,17 +13,17 @@ - + - + - + diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_tree/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_some_tree/why3shapes.gz index a9259be9a683f608c3688050c17a1fdec409f933..6000f4722023692b432ac5a0a6dddb866dd231dd 100644 GIT binary patch delta 980 zcmV;_11tRB2j2&f8Go%vX@EWmh7B8NWG(@ZV^9*E7_p_qOPtT2A}LCux_bbt*lnXmrL%vWn}kBcS^*{`F(8dAkIZHQSPKKHHFPkqPb zt2IYWs`c8uXsN|N_z$$0e2$~fKE~h}&$$IdUmicsmb|{Tv3GQIN;v>$iDU85IN`dnQb zx_dh@9rk@-T7P=~GKh2#iy#sd2Zo-{r|Y*F36fjf(NlM*`$yN_(#n}gB)(4@MRV#- zleUY{DWkZoK1{K|UV_W%}9bE!As2$YDCde{k=p7jH=1E(* zZCH(ZvH&7a190G_M5+cLa<&TkAwAQ@tdw%5r(|ZJ^XjP>=w9TNF)t5!CEl%=7u?sN z7fT?IKz|w>I9{X(WbO;~Yya`Xj6pROBmBJ-o&@&GC%1LeMg8sq{8u}I*-0W`!a!GBd5^;`pck3fi52WUzl(9w_*2+P~! z1G}lXC@r?+&H+|{9g$cWahC(;{Bdc%Tpv~o?#bp_u+3)1TN&s*dapPS?&iBa-1>{n z9A)5b`(&AnL7u)f)o_Nz&k6Es?9ZTFf)`UcjTL4x!akhHsegKX;v*F1v7CmhoThOc zPk%IE>6~nLb_3O6e#|qGw2bndvdjM|d+EQ@{w*oA+V0;TCKZp&;wVLRdXUr-?Wc-# z0KdWuH%u3y{WF9Frw>^8X*TgiCcaREy@h9;j10edQBGas576O$wKmJx5gH|NLUIc1 z$SjUZMihlsHl-D+&gqV1O4+)txwKZYhD}pm5Zls%;;$n^Y6T*Po!Idm%T!Uf_@_!Z z5)fzt%j!~r6`V*3O|Ev*J2qCKp0%_l1#L0Eq?WeaQYOoS3!0a^BKr?AV>Z8|3IG7D C)=kupXijt`A9v{@K$QC`!mxkf4>xS`X-A)Zia{ZscUOjbcWLN*?(e197Jp`4w*9p{yUWEMAlRYn zyUu+r?2BFM3|iYSj~{1;UfPL)8I)qb4jaLu0@DKw zlzj4LEbL#I%rl9-TH7?Bh2;{-7f3Rf^Z+DA0}jvz(@iy%g=su3v3hNL%@1 zSdDtL00K_~aNtD)RRa(>TSfhlo)|SNMbGpY%?x;6J!S*li@YM`r7^F7yOr{C{~7db z38V>#qkjX1iXW8xtulksMPr>a6o<~bPDOd96z-kXzW z>4+K6kDl?-kRQHBEJAFCJD-;Zz*rg;p#+%XY%`R`;6pubJO;w;)}C)JL<*2`>s-x+ z5R9vjc;Gzoz-3IvrT;`V7YiIuMRFP)xZ$Zv?tiOHdTKa%k3gQT4#zox9FK;aK)$>^ zA+Vo{i_+4Td>=psup^WzL;iB`Ie%2xFV}}Nj0Uo)VPvzJ@unlaZSYF-;BLRW!>zx# z!c)eBZJ#Z(F-Y^brW$&f{hT1L*8PmiC3rEF^H^~v1MI_zocrh3Cp|)O9*b$XifJ0B z@qdIP7SGA{y&I{H^JAU~Jk}Chq6M;bTXT(wZktvL#Zil)hNjdzRs09MeodXD3IG6Q CR^^ZY diff --git a/creusot/tests/should_succeed/slices/01/why3session.xml b/creusot/tests/should_succeed/slices/01/why3session.xml index 13bf59e300..45c79a2bba 100644 --- a/creusot/tests/should_succeed/slices/01/why3session.xml +++ b/creusot/tests/should_succeed/slices/01/why3session.xml @@ -8,7 +8,7 @@ - + diff --git a/creusot/tests/should_succeed/slices/01/why3shapes.gz b/creusot/tests/should_succeed/slices/01/why3shapes.gz index 726da04df17d230b14feaad2a8ef5c76b87a8815..6395e4c0e169eda854c29d7cebd4f11cd2a1b3fa 100644 GIT binary patch literal 679 zcmV;Y0$BYYiwFP!00000|Fu+2Z`&{oz2{f>)~zQ|l4W~n2N*#N8z_3&Ande2QRLK^ zW3RT`?&pt|9Dl9pZ9o!J6!{oFKKj$G*FLG=ruAM;(-w90#S`A`=S}ylit1I8WUxR& zvQeeMPj%{^6eg8r{kA{XM^j3wx_Vz!ojS)qZen%+&vkK>H12WMH<<&c2!5wt5JK=9 z{FVGt$dp|xS*Gq~puRURCLS&8lOoC1nX`lcj6uSNKd2HfrT;J>gG1#S2tt${pz&^Z z7?^D2*30Y0E2^XUvv12nn+>+m|$HlPnt~%Py!s$9Te$TJqty`abwlOfZlTZ`{Qq`AD)}9t!j7iZ* zSOabM^LN;Ugskb?qzKOEyYF(}eaENUpnJmKwhLbEp{v{dmp}!#pBMcz*85k@ve5z! z*#a9&zx}pvrJ?_#UH!0r#b6uC3rvuLAP2s^gf#2Z^K`41c zPc4syY}0pI6nL*A{C;?`>0~*dR#|bGd3Fe&DM-2S2W;q4hYuq%cvNYC5k%7i8Si#S zf!RVYgQ`6Q^}e)!)?HH@yP!6G*MQ#LwAvIJ9rJ zyxINI30CzU8v>_G^nE58U^HVgi^m}iX5FQDH@ME(iOF|w7`e0b1U1VtVz@a^O6Cxh z`2qi9g;~G@-u|Dt9C4-Lj+!eoG2z8jb}#)n882DxRCP_V;$z8*L9*gK$%;|3;Gh{EOiTf4LRYF|F)vE5r86-!5|Kcr=0b`rxBL7v74oSdfx^EJ3(D;Gin zP4Vjtff@GfHSRIC-skd|PFCr4p2qo6P)1bG2ysnwd0IeKOilaupf4`R<~h4mKW8)f z`*1OFGn(G3Ilq)TpKS_s$v$U3{`BD#40HnY#6FQ<|5}goj#Ij}s*<2-UX Ne*p%0^?{uR000;uL&5+6 diff --git a/creusot/tests/should_succeed/slices/02_std/why3session.xml b/creusot/tests/should_succeed/slices/02_std/why3session.xml index 8e82c6b6bb..1fad550f47 100644 --- a/creusot/tests/should_succeed/slices/02_std/why3session.xml +++ b/creusot/tests/should_succeed/slices/02_std/why3session.xml @@ -9,29 +9,29 @@ - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/slices/02_std/why3shapes.gz b/creusot/tests/should_succeed/slices/02_std/why3shapes.gz index bb42770c7aca4a8260253365b661abd1c866b951..397273b98892df347d5c8d1f17c0d43a8dec3703 100644 GIT binary patch literal 883 zcmV-(1C0D1iwFP!00000|CLqCj@vdA-Rmp7OPdv6myZBh7{Lhirri`mcg7V-%^2}m z6G=&@e_xW8GLkKiQ$T?4i{~C5UedpP-1JZQ68g=L(DjG*^l2kEAAc`~Z+JNUs7N_l zw4#&ADmIzC;*%*VF_}=oWXejG1s+5EPLIPA#$Lx``_KNl_2F149NPWiG~o00?+;u2 ze3d@)?6{`w(8HSZeYZhDEG0GnYnOA71yz_VM6SZimMqR;*$j zgCmtGGef?}jr4S;ci!Xz8T*Qo_+@lTR(C+LA6rmzbDOcqK}zl^!(q!z_7& z@osAH=hs+O7Jpo|;7K5U0e%*X-xG_M$@2rY3U$#kH1l-ayNE@?T8u8Bv57$jcuwFV@6H9)I&xP z>8y9FQl?|SkTPAfiG#V;(yVJ4S6zvz7oI6I89s@r%k9lUnsH$ClJD9i#j3eSmc63C zUAa5yX<_^VK3^Vo;F*o|TJcug~cGeW)ch(W^>Ih|7R9`kt+imK@3A=yy zeZbB=6@@gEH&SBV00HonC@NV{NFA?b)8K{^%Z$}lS!uxv%Pq6ik|Lm}Q&Gd1AWk6{ zk_jVNBkI7Q)*C7;<(9^3YALa67>XcDC%_Bs8cHbR8iUuUBPbfgi~)CH7}eZx9h3;n zsK{FdUxShXf)EI282KwmzOK0g4@L^2G@#)`il%YK3t*bjgv6L-)G}hJu~fg0CmUTy zK2AFTAe7Wf%P5dj!%!0Kd>{mbbm*8S8df0Ly<>2o0gTtQ ziBmuf7<2+v0Hq1|rp}Q6Z{xgCOw_g4Tq|hegb4uViD&>Za@HFbX(`L3W$^2${{gv< JMRFht0028@u8aTx literal 881 zcmV-%1CIP3iwFP!00000|CLqCZsRr--Rmo~n|4;bd~=X2j6no?({2i(JA_r0X0M3Uur3JCCh@!WF{AO7ug-aomQ(C0rx*YDfomt5wbf6q?e-TwHqB*kDs z38P6%I-0CxqsdD?nxYh=DN9*o?(W_l!twF+Y&{qf|UH-CTH zxciIrzAn`!^<1X5=bj4DuYl_@T!-*7#$uDlaGJ$RGjRcN>+rfew2ylqb6a#t!dkQs40UcwR z>)Q@P6LP3z_R)dO0A(-ojiAsPO?k-9)$z375 z9r6GChE+xO$3+JgRLLoJ%fmXktOh{nh;l$jkk} zwB(pSfX1MG6VG@t00K@3UV2bQt zlNXE8&fb`z6AxtHhwgm1-YH8jus8mqM#XmMBQ^sfno*t9AB|0{Y{tkgq7;BlX~ zt2)LlU+5Sw*vP?L2x-=Z#6=fM>X~PX#D$GY>SA;C3{5CdSkhfNL|8QS$h;N$o0Urw zUlhs~=<(LjE4OBt(Z^-8YeTPGoAh8!iO^!@J)O+T7i=c)1Lkh_z`duuIG+iTmZyJ| zNc-YhW8*>^AC+Xm`-^x!Em!*abO={o>7=N@FR3VQswj#gE5GJV+vU~%=(>M*eQ=$B z$}(07p`2ApG!j6@jM!O=>2sUi}kmV%|kg0Y}K##0qgXh77S zG>s;{FL{8lHQn_)+n1-+)1j4 z;Kmynh-9FQG7U(UAphUsjF^TQE|3~-12IncAV{T*BeJGk - + @@ -22,19 +22,19 @@ - + - + - + @@ -51,95 +51,95 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/sparse_array/why3shapes.gz b/creusot/tests/should_succeed/sparse_array/why3shapes.gz index 6274d0245a0d6a2c141b271cfa39d7f6e049127c..73b26be98560f2f8aa435b4351435f469b43bc6c 100644 GIT binary patch literal 3837 zcmVA&v#V|dHC$b|yFh>Me}4MK(Wbk*{jay5_CDOz=$`hsyZa~iY5Vsdwh0~& zA+FObuW=m<)cgp|5yW+2hWC77E&3s^B_U7C?(wsGcnr7C?(S=NtW`nvuyglMKh!D% zi(2*jWUc$5s!c!Cwe5$dhCvUu1{ie0YQREL)WFLeDToMq?d?7&Yrs|6-S3S9CN0mptKpz{-f z7xnv1+&^q67}v8Vyprx}xE@k(pY3qWc6`ju;#5|ZuO(*!xgHbf<=|89G2F%e>2dde zAx|VqEpt2ieR8`V_c2t;irw(i#gv);TI<^M8;;TxOk*Q&Ov%_ietq~D+Na%faB-sY zIghmEDc1i&zpGnm`Ld<-!#-RSpnVO_W)1x{;Rd(MxZzdY z@S)#i%bwTC zY$v9!^&IA^ci_A5>65$t97wBAuFza_XZD&qv(BB_DQ`UviX(4@&Rd7D7^7m+8Hlkn zkbP%xSVopQ12uLAdh86$*css18Q4i@kZKqdGRoahXHasldq=~eH5eJi+$VGoB+I0Y zff9zDWkID{J=j*Ia-EDzlMB|RmZO*#^!3!fRJ7+{S2=z=47){R;26o|9Za)Bk=Bo5Ae|C3LF;N*Gq4UszH0 zw0-F8UhtU3g|QJi2N4O&GcsL96c_hCyp)G&$JEU)CDsnrmt?ai=l~B_OMX2EWTJ=y zw%Xz?YvX9e7DN~CQ@?*pfjw(Q^2|PE>-|C};%<@8w2%PP-0sV;qwEb|%6t#7FAclS zgNeT#%fy#Br)?Rz+vD~XL+p9x1xIFZqUAl$Q~XHX+o`cL*W|-{(Q_@fr$TALlhTgf z*>CN3@bvMtl4D>yiIz;&u7nkAyQtgC9$6ZFdtwl2W&3J2606y0dm^aDgprs#6?`T8 zbi(i+^QlaoPE%kDWIoy9Bvp@4>CdDz+;;VBT3O)Yr`bw!QSI*OjQqE+pYH-2k`bnb zY3(`+(uIz62)5iNcAXR1moNFrSiRtt@`WeL7s1|S0<-dUDvinno^{fV4*lWCWU@#w zohn4vs#C|((o#orHKGcwq%%AL)e*QUVEG7;N0;em?n4K5>pdrfcarnGtGAV2$U-<8 z3nvDU?nSv5?Ou#~vAwnUinS)dH<`?6E}WX{fMI^DA3a!4cX|DA&yrEkz`LMiebUBy z)y8^iy>mz>)vNP2b>wf#uFeBg@c=dVfZbqnH8Z)Igdm?7Dz$@@E?y|lzEFOC0Wmet zf1N1(yoC#z4nK#7&Hgz&L}K@1UPhhw3%g#$+WD4P@hxI`1@T0RiNo<}P81ir_wV07 zZO7D?eR4Yi!R^UZR8uVORn2A1>Hn!`=XyFV(P}R0Ubnft(R>nMc+|({UrO_QJ2U9E zn19Xsuvw6ekSxW_C|GvksiZ8%q}Y7JPlMyIIMUt@0#Txc`4XY?>@IbIPvxy3ql zY@cNfSVJYxL6zV5eav0g$5Vi*hx<6ZRJd5WjTq>CT)3&|RxV~~kN+#CJ@N0f_vcG{ z;@@fS`=!0bXjkV%`>BmJH)}g->H4R1Q!~8g-sQL6^t_&;y0@d;T%G23crjY8I?Ef+ z1x9Yt4P$?~YKM!_?2s$qbWlEC;$v64Aus`^0p~S>!>uT64*c$2A1k^B%L7 zvcDmd`BF>DWe*XimZFxdmIT=y-fEHW9;Y{BQp^%;EvfhYG3C~7G)5k6K6EUan%pD{ zoiEw+l%J&Yj4sUYn<4ju566w*FLh~kbwGNdL zze_?KC?`v|l03Poxvd3D*OE6w#j81fI8td&fCNING24n})I4dXZ4;_z}Bus+t zsflcXeDT{`fb$a;K(%6lbQykR0kFql3n*u|%SWXw?YXIExpW!vyCTG8J+Bn~wb)~L z8g7H+cyptcubK4hnn{meosdN!M-bT|L1ZTg@)d%Z?&JEaLO38uJfu%nYUoJ95y|z8n)V*hR2k9my#ed5 z>eytp8w^*g?L%-+Vf{W;ymp`3ebta}|8rw<(_Lr^a$nVXnHs-s(*3tern}uVSF1^kl#lH2$xuqYgR7<$su0=Js89%f)rn6z{C!E{=YJ7}y+^fn?SrTZ z$T{Cb&B1fUmTdSOin#4QKS4P;q!H|5c_papzVH-*B_;JiU{M4X-y$%+E--$Zz<4Y$ zi~@^6U_47;ye_q9VtY1ySX?Q4YJo*bNVRHE5)>uDZ}JNEx>vAo^NPV2B#uggWv^Ji z(HXpgT1{KNg0iXU>;&fJ<1}u5lUJ+@jNc|O9t+F|fw@`sib3E$kHw1%hfxDZAE4z* zw5svZ^Pr+>bt|K4Hy|qz74QnM0;qshwlbBjR3$4>@rq_Eb`cG?#&E?E8|iI8X?;X1 z4S7ajOl&y8a@vHf0$YKpKv$q>r&dlXW7|fkhR1{?HfX?k=B$^7Z8%mODijqGF{}_4 zu^4MXG)jxc7~i6n21ptqWuqf{ejXMFT6xFX5Ti1R`w$7Of;I}zfqB_uk*^_YPzm9^ zZ6jjf7K8B;q$QpVL=)N#>I&5vh@@l0QAu7&{4M0Dv=J$;G+~bxWQ$FM6ciMl#BmbaAHF~*H1qP9||Qj~X8rDUZrfJuQOd96lGSx2dmSTaxy$=O;S5fBVEZKE@L{Ey^Nh{zPv7C57P+n{YNrby*4^czr&o+P7+ zMV(DVMfoPONd1X1=n-O@qua{LipuiJ;u}*3DV=R7T98VpfW|Seo#hnaF*uGnmaY1Z z3{Yno83Pf7g~kU>sf`+7raYZ_n&3>AOuj1*)SFNXXPSm|?jp3Zp?(`%WWJ@Tm_q;< zH8qUd6-He+qc)sTAI_-dW~mb=CE3cF%Ifc?C!wf66alEE*Sb+)nDLI{(*s4W3x!AX zC*ZS@oQk;hjkJ=ZlU7qvpq4_=5rB7m+CK%aoLlKaXuJdNjB2UrrIZYyiT@~Uvw_sl zriM0kwA9i<<+JC`Bo9RPP)WWKTtgm~VBCArqxZ*%7Ekr-V-b z*q>S!$C$AVxrU~LpVQ>qhE9QC1sx=<4g}i-73mB~tsGTfIs>VQ!D|JUPD!jGw=C4z0d=wsox9$u z+F93F(?sp5)HNamCWO(9G_H)`+L~1j&>`^cqtR*dvxY_1I3p}qD5Q{_+Fa^2sX!HG z5^?^9W@v4|=y=N-&Zz&P6NgA|KwPAAB(3QU&^9^VoBP)vZGKYj9)>2Rsd)>jA&dvW1?ahFYP&@zt=t+$V literal 3841 zcmV+c5B~5UiwFP!00000|Lr>4j@vkv@BRwE^=|fs~^M7PRdSo?SB0plDgWG?etW-dw>a&m?96){YFv$@ov5U#eMes^^1SrZ+B1sy;kdY z|G7GRaoeYtlHIl=Uh>F2{Qjy63$?tXpvv}^ohDcoWAuzfnXPn*C0u!->E z7~(F@LMfK9@DfhYoIu=VW}xFsl-LcSl!QDkyZvYPy!Q_;?(wVNmnx%r-nys552Z@L zSgLNHEOj?jrRj#cwB68@yw`&*Iq!ACN-i=TBN~;G$Qrc58W!a8%GY2Z5H{Q$N)zs<(T)*GWxgY zh{0sto0jjMds7OV$lC;XM=JYDs!{kuRFE*^Co(~VBnOaRhAlrj|0Peht3qcn6pcnw zkfb;j13NJ)SN|glK|3?Mf}Hd(6Gm|IlPe}teX%@0}Db_^KmYA@0 ztlgfiZS$JA5+6R?lKPHJpA7|gH&_?ifTU^I^dr(KfzjYLji3Z^+rx>ob}oTO=uHm6 zsNoc$keutG+I@X$_OrWwJn@jbk$2qnvK;#fu;l!}j{F2zi6SZz#hjlYKlKyjt)HM+ zmG9SK_q?WHT+W*OLb@yYU7vcpY$t|n2SaYgb6HhhO3nmwHzd%T-lyE&KZfpUzx_X- zCL*Ppxh?%3+_uAg3Kg?rJG^lrW~RTEx-{K}lQhN0v5_{$WbF1|pFjHguzm3^j8r~l zlEC)<`QV$V^iN+OU8Ly()6=&unsciV)UU&PHn zbenA6bD2!qvE4s-QgSlGHhJOd^KO5rcTdgsK(%^+Nt(@WnyL|{A(}KZ)=5ibz|w3+ zrY`jq=C*U-NB`-Qd-&{0s|S~9F1a(iD%R@WwknqEXk40{u`ab7*}PoejqOWCdkS`&;{JnDz z6ju|4(p(quc@#T^1mIrXD|fHLy@Gqilx1j{yK49Ry!+KRKYaSf5$t_JpTJ$%KDoz% z1IUZ3p(Kz5NBu%v|NQJnv65`m?R&8?gS7>M^t}J|7ys;M(Hy6#miEoO1Gjw7t!1W$ z>Nih~)N0QFbp-AcSn{Max}pE4>U?R{*1bp$ILDajmR~KNLWb7bRJP$JT?9`Ka4x3c786gwy3^Dn;m!yc)XhP>op)FMP#tW z7H?h~Co481TD_0`{sRT}q!mdsyO^zaGo6Tg5HQg~1dMarFa3_Z*MG_L9l$O(>^cob z{&p%8%yCZJ5^}c_n+t~6LE=RW%!rYecaWywMBSUQu@l$i!#nJ_#?84kjQMC(U#W!u#?PP~6j=nuHU|iW;%tpAFjW%b3YDgH7xpTpnvrj7w zbePX&>Uf&sHbbV9ofxI+0V@6(m4=75o{cLDU;Q*$i7u+$6P=O&_Vx3lXMHjfabaA$ zPJ(o%BkhANwTW%#MD~R_KN+eQzfiu!nes)j_ldxye4R_9GJ+?aw4-BxI5C;b5{#!Z z(WUCtvNX5U(p-$FOe^Y4oPlZy+-Ip%G z29WMmxmWF8jeE77wP3+oBjEc)W-yl+o9l>SIMt8tt*6_(e!OSSs8`^fQL;X3W4&l& zJ+|I8q@(K9^_yDq_jy9IjB_Hcw(sA+KWv87 zmwa+F0uh_Dsi>q_+^G^|3H1Nivr|1CmuNK=b*Jl8-e^7w&_C)^^UtMu*h~z%$>v|O zKHqfiu``?OGdr_XNH6*KX&oiB_R63dw-m>lde4r$ErWGYlO@=l=77!Fe3afN+W7hj z_(?v(S!H8ZUu@)3y?z%5GszMsMiF_JIG2=hNXo5^MC|)`XC%(gTIo!snX}Th)$L5* z*VmuK+Qnkl3a}i(={0J6)0z>NVr&gQYmHV>vA-6bHN;GtvALp$S<3N>*hwwcxnuhz zYw#sh@)}g>jo-)Ab$vVs7<;&n{Y!<_+-*cp@8ir(MZ2<^q&@goOndn6wD;#rd-(6P z_x;k|Y_zLuqW#>)63o(0TDtow-qiH3xwq-9H$5+>sP^qBnA`LG_Af^BRcC(VIm5_( zykYDvS8abWnjCTgoDRyTOOO|mK!Oh#lSDKz`#v#Va%Oo1zg=?4md7OocherTl(M@a zlj%}R%6Sh#Q%Wo)DV%=3~dAsnJa`>U7Db z$NWT{x1?3N_C!^p%-5bsqvbd)7m_KKbGfv{tcVU z`fNg_OZj-KByYR>W!b-KeR$mcysc@5)Kard)SeKvi`gdL&3DlG79S&;n?xFVf^b5R ziVSNB3U*9TurmZzHc{G(q@UR;VEu zQKPSeRMHz zQfnYspiP1m+!ovvTo+u$ojM3sX=S{vsUS#Sb0jx(T1xMf_iGRZ@IqiAh?pn@pTi;~ zsRVe%L**4T6$V#T6b2!1Pz>tpuyA3S;iyqIwnp$^1Tu}PGP<@w^jPF2M2*wnv{8mt zTuTr^h$_^^OHFv47i*ylp{_tANfhBR1gM;|O~Wb`pr(gfgy4hdIJyQ`;MOx>9Ds$! zqLEF&N@&d#VH2{BOaZ$NmuMQSpcb{Moe6}3D!*q|lC{b9+9UyOAz3aJZ8 zAwpEJkWfhRTgWw}gxXYAnW$L9f=59?>KL<)ra>g9_*+s`(pn)KV;e(%0&5uM1&=&n z@J(IUiK2L8qQR@WVvR!)I0;AM)kdhgq3|^o7`4_!)E3GVit>&slq?h$3f_zXbitCR zQP!)_f+kKJx0W7bawO-D3}{hk{(ae~Eciz1T3go0ARSol8>`6RmIGEiDqmxv;rC#s z_JX2NanBopwrYgrk_F1|3@y1vlbDgeA3u~so%Ox}X@g|7mE;)0P?RH;3Z3~O&-^`E zswin%LG^-?C=W`=N;F=0i@FL`$l+;tVMtN7&{Q;aq1Eri8^?fDzn!j>6OF8Sg}gH4 z;?g(}nABy&AI6^ZvZ|2^QgG4*@2#~?dvujHObQ(md+)i;R5noTW1!%7Of#^JUt3;SB1fH{S7SY-^#*bVWF_%jj2=1V6>u?O9|dkG<#i9>j#zz9s4+u zsH^YDfDEp#La@|!7^7oy)xa35DpoZTG;5Q|cjbX;52|W-C5^URHDqVOEKrfHV@69n za7IlHqjrT+7tW{+XVix?YPnhL#7RlEu%@v3d+{hVRX|4VPDAd<3<_ehGSae2qOTgA zc{G1GpWqz?Ks1f6fK&UTDMqPrs;N;!C2Z!?{wa8MP6B5YQZfmq)=*iBMJa+aRPC8+ z);#vJv7wC}Ew!{f9>L-nEFQwrDU2B9?2lErl0h*O0<}j{DC=sdeWgGFson;R*^yI= z&Z$S|u|@wA%R;Rlv7j^{(2-AT@QPbS$&fNZg>{JM4^D>;PN$AH&|F}2(yghn6fAH$ z7D_syxQ4n - + diff --git a/creusot/tests/should_succeed/specification/division/why3shapes.gz b/creusot/tests/should_succeed/specification/division/why3shapes.gz index 69f07b68c475774fa86539401044f4a1819e6cee..78d7ed3c0fc8d06a19ed3662e8ab394e3a1e6da6 100644 GIT binary patch delta 160 zcmV;R0AK&F0k8p(7=L7I6v0CfiUsi`xk{P`=91dR_WMl>J}*17GdsgB3rIJ8cL_$< zr_jb72q;!Whj?w;A=;#E81)e11NkCPMZXs=&wBqO7+PmZmHN^TPJU=TF@@EH_)`9o zGJ6@i_sL1SZmygR#j3fQ8Cnr_0N?hIe+$+T;waiiSiy|P(itL0vuT{?9_?DNEi=H5 Olso|f7oV8y00012+eiBV delta 159 zcmV;Q0AT;H0j~j&7=IVh2p)=1EQlw`Rn{iKTvFTEe!pqK=VfPhW@p%C0qKT!mtb^# z3T@nif?`E5#LKlEqD^SSh(m}E!54WN`n~Y-gu5T1p>>vw#B)Em@eR4$C&6Sg3ST$F(hE~Mv!M8o+--307aAB!(Oe@ZrMi{Y{%4#W4dFl0W}Uw0XTqYt+9j^2e+fXf*)lO*ohU literal 129 zcmV-{0Dk`;iwFP!00000|6RtR62dSH08pQ=h=i#&S(Ad}FyjaCO<4fJ%B?%TABW(c zdAkAoqrB&ipLy-iwj5D#*u!@EbJ^f}MsF)R{Muf3053Ua%~s9C6REIzwp-;fs0k;G jQ-I)FW1JJQQ%scHO(^JikmAOcktc#L2>cncjQ{`u_-H(U diff --git a/creusot/tests/should_succeed/specification/logic_call/why3shapes.gz b/creusot/tests/should_succeed/specification/logic_call/why3shapes.gz index 418cdb678d291fea8e056454062afab7d884db18..95f97fefce68d0e5765eecbab2128c0d0a0bfb32 100644 GIT binary patch literal 120 zcmb2|=3oGW|EvcOay1+9FkGnKr*!;m@U4}rnf(vlcz3DVgj2Z0tNYQvy7#eMXXNjh zJYJ~j|N48QsaW`fX_IfQd0vvC^6v7w{5<8}FD*9~uH{UPpC;d+zPEb$Q{9Tph*K9M YSDciR)#6rbdguCq-M{43taPA-0K#E6XaE2J literal 120 zcmb2|=3oGW|EveSxtbk#7%tTMO@gKuWl~uK0x5vEly!Y`+pq0Nd?}O?swn-M(zw##pMLHHss$CB`wrFliwFP!00000|AmXO4uUWcK=*#djmp$3*q$a%F1Qm{a#yZOLWH#7_iG$n zo!;=?+f`5=yl8=!<}%LD6L_fhhR;0B_c3y}Et6XA@}}3-+%Ayj3|rCutAAa;DCcQh z_0RC@jG=&1M=Rp!@FAr{q&A61hs=V2tu-tWm8=|tO7cuTpo?hjz(JaZ2dGcs#60Lv*&R{#J2 literal 156 zcmV;N0Av3jiwFP!00000|AmV&4}vfdM)&@T8 - + diff --git a/creusot/tests/should_succeed/swap_borrows/why3shapes.gz b/creusot/tests/should_succeed/swap_borrows/why3shapes.gz index 05705e1e3be5c28125f619e4bc3dd125b4120e57..4ca3ea65e2e6b51b01ae7a59044bfb8c475e1630 100644 GIT binary patch delta 305 zcmV-10nYxx0>J{18Gow{(hd{Sv`QS2k4R}gM8#M~3)|l(NxQCG;%7hm`NfYLI)2!5 z80jSpW7nUasivDJ^7C!G(*@a{I zR(fYEDSZ{9j4CZxrV5lF;J}FSo(m?7sTHWUmXR5+m

    MzvZ0DgGgJ{18GoZmk#?Anrd8sId_+pqR8)+0w6OhsoV4r8C4Tm^pI`jA;p2xt z$B|#+Fn0avnHPNX#D2bgcef?nI*v>k{pNtVs`_J;(sz(AlTeT2C_RSeBBR2 ze~rz<*C);RwmbPFg1-9!1eJ%(WF9m^vb*{#$V9CQv?%`<)LP%aQ+eJ{=Ks?mKtg^) zfS$Q5sC9xRx|w&VbHx%@WK^J;IfLqMSgtNrE!W+m!n_J)m~Irra>tf2-MF@PzL6m` zUN^y8ts5I#-7417ls0mCfP-MJ)E-J@t%xQP7hKsYEd!L4xVq;0ps4K+d`S|sECK)k DME03M diff --git a/creusot/tests/should_succeed/syntax/02_operators.mlcfg b/creusot/tests/should_succeed/syntax/02_operators.mlcfg index ab373e0f4a..54d4126927 100644 --- a/creusot/tests/should_succeed/syntax/02_operators.mlcfg +++ b/creusot/tests/should_succeed/syntax/02_operators.mlcfg @@ -341,7 +341,7 @@ module C02Operators_ExpressionLogic_Impl ensures { [#"../02_operators.rs" 82 10 82 16] result } = [@vc:do_not_keep_trace] [@vc:sp] - [#"../02_operators.rs" 84 4 84 28] UIntSize.mul (UIntSize.div x y) z = UIntSize.mul (UIntSize.div x y) z + [#"../02_operators.rs" 84 4 84 28] pure {UIntSize.mul (UIntSize.div x y) z = UIntSize.mul (UIntSize.div x y) z} end module C02Operators_X_Type use prelude.Int diff --git a/creusot/tests/should_succeed/syntax/05_pearlite.mlcfg b/creusot/tests/should_succeed/syntax/05_pearlite.mlcfg index dab143a446..c65beed8ea 100644 --- a/creusot/tests/should_succeed/syntax/05_pearlite.mlcfg +++ b/creusot/tests/should_succeed/syntax/05_pearlite.mlcfg @@ -234,7 +234,7 @@ module C05Pearlite_HasLen3_Impl requires {[#"../05_pearlite.rs" 8 11 8 24] Seq.length (ShallowModel0.shallow_model v) = 3} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../05_pearlite.rs" 10 16 10 29] let a = let a' = ShallowModel0.shallow_model v in Seq.length a' in a = 3 + [#"../05_pearlite.rs" 10 16 10 29] let a = let a' = ShallowModel0.shallow_model v in Seq.length a' in pure {a = 3} end module C05Pearlite_A_Type type t_a = diff --git a/creusot/tests/should_succeed/syntax/06_logic_function_contracts.mlcfg b/creusot/tests/should_succeed/syntax/06_logic_function_contracts.mlcfg index 2c1783cf05..9db850e707 100644 --- a/creusot/tests/should_succeed/syntax/06_logic_function_contracts.mlcfg +++ b/creusot/tests/should_succeed/syntax/06_logic_function_contracts.mlcfg @@ -34,7 +34,7 @@ module C06LogicFunctionContracts_Sum_Impl variant {[#"../06_logic_function_contracts.rs" 9 10 9 19] Seq.length seq} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../06_logic_function_contracts.rs" 11 4 16 5] if Seq.length seq = 0 then + [#"../06_logic_function_contracts.rs" 11 4 16 5] if pure {Seq.length seq = 0} then 0 else Int.add (Seq.get seq (Int.sub (Seq.length seq) 1)) (sum (SeqExt.subsequence seq 0 (Int.sub (Seq.length seq) 1))) @@ -77,10 +77,10 @@ module C06LogicFunctionContracts_AllZero_Impl variant {[#"../06_logic_function_contracts.rs" 21 10 21 19] Seq.length seq} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../06_logic_function_contracts.rs" 23 4 28 5] if Seq.length seq = 0 then + [#"../06_logic_function_contracts.rs" 23 4 28 5] if pure {Seq.length seq = 0} then true else - Seq.get seq (Int.sub (Seq.length seq) 1) = 0 && all_zero (SeqExt.subsequence seq 0 (Int.sub (Seq.length seq) 1)) + pure {Seq.get seq (Int.sub (Seq.length seq) 1) = 0} && all_zero (SeqExt.subsequence seq 0 (Int.sub (Seq.length seq) 1)) end module C06LogicFunctionContracts_Stupid_Stub @@ -118,5 +118,9 @@ module C06LogicFunctionContracts_Stupid_Impl variant {[#"../06_logic_function_contracts.rs" 33 10 33 11] i} = [@vc:do_not_keep_trace] [@vc:sp] - [#"../06_logic_function_contracts.rs" 35 4 43 5] if Int.le i 0 then true else if x = x then stupid x 0 else false + [#"../06_logic_function_contracts.rs" 35 4 43 5] if Int.le i 0 then + true + else + if pure {x = x} then stupid x 0 else false + end diff --git a/creusot/tests/should_succeed/syntax/09_maintains/why3session.xml b/creusot/tests/should_succeed/syntax/09_maintains/why3session.xml index 6d156da208..dbe3d47963 100644 --- a/creusot/tests/should_succeed/syntax/09_maintains/why3session.xml +++ b/creusot/tests/should_succeed/syntax/09_maintains/why3session.xml @@ -10,7 +10,7 @@ - + @@ -20,7 +20,7 @@ - + diff --git a/creusot/tests/should_succeed/syntax/09_maintains/why3shapes.gz b/creusot/tests/should_succeed/syntax/09_maintains/why3shapes.gz index 6757cd74eb474abde93bb92a45d98c906a7c4b1d..1b046c9ae9e2e722e1a911d92d2b854e7fbbd75a 100644 GIT binary patch delta 282 zcmV+#0pgV%M7ett)DJ67Jq^oC&;f!vEQihPi}uHlPZ9RAjFVh=UXJS4N#AEx&}Z+& z^Z2uJfLjdh{ss38{m7`brCeK8PkSKN+Az(9se>ZQnU?X`4}VL51lPB=izmM|g2v^< zQ#4z*QA0 z@X~Zzs0`TX#sDbx&KBRcRy#%pjGmQ~O=m@miOI!eODgPBwhFN=8BJ?yrY+KSC;%&p g+n7N)lh9^I027>|$qiW4TKcXPfAseF>Kp<90I2PaWB>pF delta 282 zcmV+#0pYfTgtUn>uC?fwKhzBVPaIwrSLo)yMKO;km35)cJbslD|nbs zbzCLOnsD*n4W4*N2m@{M*pl<6MUNTCJD0o$KnAJkN_$` g)u#f==}e|L1{0_`>9WQWq701}f3Z%S^c(^J0C2jB4gdfE diff --git a/creusot/tests/should_succeed/syntax/11_array_types/why3session.xml b/creusot/tests/should_succeed/syntax/11_array_types/why3session.xml index 6321f1be24..df276dd1f4 100644 --- a/creusot/tests/should_succeed/syntax/11_array_types/why3session.xml +++ b/creusot/tests/should_succeed/syntax/11_array_types/why3session.xml @@ -7,12 +7,12 @@ - + - + diff --git a/creusot/tests/should_succeed/syntax/11_array_types/why3shapes.gz b/creusot/tests/should_succeed/syntax/11_array_types/why3shapes.gz index 73de2ff354911a9f3aeac8cfdd4dd6c5b74c3bdc..a59014d9c155ce309206c95da188d7be876a0524 100644 GIT binary patch literal 318 zcmV-E0m1$siwFP!00000|7}rAZ-X!lzVj<`>()~ek^oaH4NacB@=BrAQPu zpwoW-3}YQsz2xEV6*~`e(VXzZH{#3JO#46n$j#iCjV}6=NnualV!7O-}Ns=wLaQF2tD2(tfx-)50&kF6)`x%3PgLJC*c z0K%f!btwVH<|q>rYMDfuB9+9BcYo9}+8c6-P-__w`Xo-I+>>)|udFl}qcgF0+L9$H Q!nF>50Kx1nK{x^c0F(ok?f?J) literal 319 zcmV-F0l@wriwFP!00000|7}rUPlGTJf9F&5P2E!qv<0&z5|d?17N5+;x8*nrBVnMx zj33_vae~=Pd%fSk_Ike(-3i}aCq7-e zR<0L{TLBBgaPbgd+lx!C)!2i8AM?*_cJM!#6pZu(Rt$oFn8Fmu!9kH^hpNBcq0B%| z15|iU-tH1C`Z>q~51vKdw4yl|9&2Z)`knm^B}a{kAjc2*c`Q=vuy>>#x1PXegW=1KL RsR(wy_YJO#3)46P002z(l~n)$ diff --git a/creusot/tests/should_succeed/syntax/12_ghost_code/why3session.xml b/creusot/tests/should_succeed/syntax/12_ghost_code/why3session.xml index 453762d29c..2407c6ed6b 100644 --- a/creusot/tests/should_succeed/syntax/12_ghost_code/why3session.xml +++ b/creusot/tests/should_succeed/syntax/12_ghost_code/why3session.xml @@ -8,7 +8,7 @@ - + diff --git a/creusot/tests/should_succeed/syntax/12_ghost_code/why3shapes.gz b/creusot/tests/should_succeed/syntax/12_ghost_code/why3shapes.gz index 0935278a58840891a47c6746ee16fb71127f5e6c..46a0ba407bbd7c2c9cb2f936f6a9b2668247203e 100644 GIT binary patch literal 355 zcmV-p0i6CHiwFP!00000|7}shZi6rkz2_^qb?Ye!5RyqdRFe=$J5JV4LnefRMo9~_ z)&71VAXVKeq4?$5&+#))+hA<)XvW}ThOxE%OCW;nGr?DgAkJNgAxv|BU1Es6xdL~1 zFr)1*2KY>KU~?L`z<~Nfs%c8#EvW4f>>E2yMLQPS9)HMm!nVJ-vK29>T_Ja!R~Whn zR~SK*66}oo`u)_P8@cQ3wK&+ybP(fYi?*Neu>0KXy!3BHzI2Jx*%%A)V>p}q4&vE$ z5Yfh+z_@0+IqTx-R`rhNUWyq@}lv-#R)0!tnD_t>JqD&Yn8K_KVNhY#5i?T4|USEr@&V0)_9qKEDWC?xM2E7?=3bpKWmm@$5V3 zXys4f!tl+M_3?D8dPjQ-+|4>?p^G;^yPpT~w}+E@pDYUl&cgdFenE;u=gd7VAT=zA z_!2!6US*RatU85cS$+a>U}DhOVp@AEj~A!^{UK9Z^G!$^%LFSUjf_$yRAo^p#xs6@Sv^+P2s!-(>435?#wBD z+oUF0w5vix+RMOwD<8xmn{242GX%|M$TXiJ*J6f3%Na@?t$)V@z5APQnFA^LXtZ0` zp*mjZhy^7d^Teo=ti%CnS#Hj*ZT!XITW%73Y7p5J0>t8oICbZRG@hm7(SW0d`NC+D zZ~B0vF%I$GDlrGw8RxsUFVJNPEWIxg3t7It0<$!I*!{I28y3X8^tRwIT-AlU?tOEp zELJo`mgL5F2xF!@_a5F^f|cxn8@S>+C2Lw^_m&)`VTg`^WYdR*N7KaO z-$cKLWpfU%K_E*)O2!zM+z~3?3y57TD3cHukzi#Apn#}Y?Np?s5{fIPr~*ZTA5ku$ Iq>cjs0GCX#mH+?% delta 363 zcmV-x0hIps0`~%t6@S|1*P2s!-(>1%Q?#wBD ze@acVXjg@Xw3mVVRz8SBHrY^3X9$|jkZC?cuEh+6mNS$(T7QoRdiyuuG6z!f(P+D_ zLv_5+5erH_=7~`!S&0MEvfP|q+xUyax7;N7)F84c1c=2Eaq7+sX*^5EqX9<^^M%nQ zf9eB{#yG@#tHc~!XPocazCf2Hu=Kt}EM)om3e3{ - + diff --git a/creusot/tests/should_succeed/take_first_mut/why3shapes.gz b/creusot/tests/should_succeed/take_first_mut/why3shapes.gz index b7dbd172a1829530c725c37ba685342655c14490..73ce9f14ca39265724666d36b75ee5718332895f 100644 GIT binary patch literal 533 zcmV+w0_y!AiwFP!00000|AmuHZ=)~}hVT3eZr$bNFKk$e1B$5VWiPuL?WxEOBt<2- z3pClEzhkh|C?P6B==IDqA0FdxQ8>Qp_ht-_%`mp6{}IYC`W{Swb=x0-JUT^zddYx! z$$@(*KzJEL{21u2!MEQ}uNn(FY>PUMfhiCH`ehCcAo6wk)GjdMr|BCU%hN^=&1kwKF4BCNniU!P9F=g*RML2H3$_%6Qix~!U zYU+o>+icdmw$~jnUd#XmL5gK?g5YPipZCI3w-^4|6hh9doXqfhSqHdsRj4RtQetVY zW-__z=*;rD4_pJ6t|Kn(hZGlcP6EVkWk-sf8xnq$XP_lnN;+(=sVl XDa*JNB`;Y?OA`DCbunpcN6h^wMh7Q;-X0gTg`r zWVb)RW3V@?T~B*1?mDY_Q7@3FS+(7bBY@e>V&*7i}k^iSp%mO2R486v&Jnz(~r=dIIBFWaN8IhvTQkf%g zj3Qf))d*|Flc(8w!i?IG-STW_wnh$uW$T|~ghP33Q6p><%jU#dgyR;BOfgFR8OCuq z>H6XDwwP7Z_NoKM^97(FNWKnE5d19m^Imvj_rkxLLdcpUD^vVl)&U;bDpcePDX}z< z7Bar-=*;q^4_pJ6wj(ahhvXM?!0xWhzYEHOV zV$qs7@^nEO=b3kzSOiRNC8n2&m#H%jjGf8T4SD7$Fp|6fV)OQa5Sy0|XuNUv?$E(P z-@SS0^{*8ourw3=KobnWx zBN&idQJyp{)u~p{iPlF5@pYZ!$id;ik)*@E^prTqPcJX1GzRV9dG9so4m%~@M%0F5p8x;=E~q|c delta 129 zcmV-{0Dk|I0h0lc8G4!0G!N9Ryi~OW{-JI$K9jQFL53kD-M)pqsTa$Ep$OA=A!EapfN%iSFKXt;LVG0p4r!0gX j+Zr3oSR>-Z4XKulwWi|Y>UIU}b+5!5aQ^X6p8x;=B2Pdi diff --git a/creusot/tests/should_succeed/traits/18_trait_laws.mlcfg b/creusot/tests/should_succeed/traits/18_trait_laws.mlcfg index 058fde2048..88ca827ede 100644 --- a/creusot/tests/should_succeed/traits/18_trait_laws.mlcfg +++ b/creusot/tests/should_succeed/traits/18_trait_laws.mlcfg @@ -143,7 +143,7 @@ module C18TraitLaws_UsesOp_Impl ensures { [#"../18_trait_laws.rs" 15 10 15 24] result = true } = [@vc:do_not_keep_trace] [@vc:sp] - [#"../18_trait_laws.rs" 17 16 17 34] let b = Op0.op y x in let a = Op0.op x y in a = b + [#"../18_trait_laws.rs" 17 16 17 34] let b = Op0.op y x in let a = Op0.op x y in pure {a = b} end module C18TraitLaws_Impl0_Op_Stub function op [#"../18_trait_laws.rs" 23 4 23 32] (self : ()) (_2 : ()) : () @@ -230,7 +230,7 @@ module C18TraitLaws_ImplLaws_Impl ensures { [#"../18_trait_laws.rs" 35 10 35 24] result = true } = [@vc:do_not_keep_trace] [@vc:sp] - [#"../18_trait_laws.rs" 37 16 37 38] let b = Op0.op () () in let a = Op0.op () () in a = b + [#"../18_trait_laws.rs" 37 16 37 38] let b = Op0.op () () in let a = Op0.op () () in pure {a = b} end module C18TraitLaws_Impl0 use prelude.Bool diff --git a/creusot/tests/should_succeed/type_invariants/generated/why3shapes.gz b/creusot/tests/should_succeed/type_invariants/generated/why3shapes.gz index 4a6491789f4b6bd63d68096f13411d8faa16dd01..fab73258cc1100c7e313cc2ad0521bc1e4d172a8 100644 GIT binary patch literal 221 zcmV<303!b%iwFP!00000|6PtxZ-X!l#qaqPxvk|CoBScWF(j1UD<6l<7Br*@T4=kk zKQ*DMwv+Am{QUE-kn0zp;wo=(S;u*Ll~xveaXIri-AJ|KUV+~U>f99s$wPuxG@HxZ z4M6x<*+y=Nw~$4T%8rm$Lr}kA`zLiq{-w5co})Ryik>7pz1%` z|3&*JS|_&8Y@hOmd_HRk@bG9_L5&>dMPAp~4f8BSsSKzO@XkbAnE@Tbr}nnT9!l?6 XOBZY~L5DJ6fS|-LVIO$yP5}S_pjT^I literal 221 zcmV<303!b%iwFP!00000|6PtjZ-X!lh41+lxvk@bQxcNhC=$x<(>o3sk!VO0bkKHx ze`-QCZ719B`T6sqklP2J!zOQG-KJ%JkwzBJ;_}7Qd_&oZdnJAcHMuK5$y1?5~*gYUb>Ltm!(1gI20LhW&dy2*;+x9j;cC;&PwRnYkXUMHR}Pq0ZQ*#Btv z7wvx0Rbso$b}6sn@>va1uaBk^Xk}bhdEG)EmqiH6k!cv*5JzK)gQ-;r!Mf4uan#Yu X+8eKZ<&R!@@}>9z_+`>EP5}S_^!jY+ diff --git a/creusot/tests/should_succeed/type_invariants/non_zero/why3session.xml b/creusot/tests/should_succeed/type_invariants/non_zero/why3session.xml index 3fcdc669b5..1b4d2d9f27 100644 --- a/creusot/tests/should_succeed/type_invariants/non_zero/why3session.xml +++ b/creusot/tests/should_succeed/type_invariants/non_zero/why3session.xml @@ -18,7 +18,7 @@ - + diff --git a/creusot/tests/should_succeed/type_invariants/non_zero/why3shapes.gz b/creusot/tests/should_succeed/type_invariants/non_zero/why3shapes.gz index eab4ae5fe137ecec4d1aa6c1eae83af1dccef9e1..f8babc07ebf01db754cc96bcb7159a0b8f9f6b08 100644 GIT binary patch literal 374 zcmV-+0g3(}iwFP!00000|AmoXOT#b}#ozlW@;03a$<4o3*h3kN4u)?A@ul3fi59e- zZ8yKZsoUzPV?HG}`Q3AKPHyI;d&8~k$lkSG)zl9}k@;UEn{QiZ z)Zk@^NBl?|d013B5^}iu#pPx)ep17v=HuL>M&7qrcNaocL#ScEG*pTA*Fp`l(@?MQ z2eUjqc|I8npZTA$b0bkiV_?Dxbj+4oTMdp;kY1Hic*bK*AY&Pgpx|8T!b@r;CIUcc zPXnQ3VLdoaM8*TgT_O|)R>quD>n!COD2*|OL}*2c%4EP~SwLZhW=X;nEm3QaQYvem UFIZW45@$MK-H~`7u^j-fp|g z^1f}JxN9F2T3pe>qJ`TPJr6Xr<+>RxxPY}wQMa9F`0E5sk2Gynpe<+^;&|CgEJ6HVqZ~SF`V*nXW2j-kG*m;^=Rys#(@@Xg zw`Nto_q;b2KJ!0g$3~(EYF%X{Q_KL7C^b$JAuvdp)Xq791r#!3!$}3~9r)B$h7xVG zbE;wV#(lL6UlF1aHXEbS8!Fdz@O diff --git a/creusot/tests/should_succeed/type_invariants/vec_inv/why3shapes.gz b/creusot/tests/should_succeed/type_invariants/vec_inv/why3shapes.gz index 1fd9a134621ec6482dcd3081f7abbcc03c301cf0..cd2d53bb324441342e32020cb65c278103cca790 100644 GIT binary patch literal 284 zcmV+%0ptE3iwFP!00000|80=VZi7G!MfZFKyR@vvFubZ{fhwWN4_I9lIfEfc6Q+R) z?dO*OQmdvbzm9yb{S^4)nLc>*CmzPm_Ah?o2hSdL{X|1Yz1yL<-YXR4+I>eTmLxz} zCV)_SZb?H7R|=?QhY`vn?NO59zIA7e3fdpEKv^zygwaeJ-o`XLF~)vY7hAKzn4GP; z-qEFa+bxRGU*dT0N{m;{kS5mE>DFLU{PGW&TvslcxdTyMZ<~R}+r?QB6;UuFHGfsc zww=aQiwEZP$Y>Bp8hEs3VoWzTX|cthx^@4bIIk!@eDxbU%>UP(m(^L#ahT`8G8Zv3 iZi6roh4-AoyR@uqY)n!m3sec23yiudn%IUQ8Qg$F zd;AhWYSnZ#f1l>PnWvbH7yPgznd~sOzJDQ-#Lp47{e(k{eb@oL-YcNR+IFG&n+ znJ{2Q6qYoBWThB3HUI}v;t>Qo+c)6?JjdfnQxL^MbKo=W>^8>PiF5w5>b$WIQVhOo z`+!~kwp$eWU!uHs1*EHHf|J$N`BsC>fB9!1uPY~K?u2N}wwd90>w;&rLX2m`*ssd@ zrqz&X`oNqY8O>;kgB`t_EM%LTEZ^c!-Gu*7oL3YPypq}v^Z#`eiNjg!GsCggHbrfP hMoF38Q{)Gp8bLB8RjP#IDp5?)=o|hPOR&HJ000I?iaY=S diff --git a/creusot/tests/should_succeed/unnest/why3shapes.gz b/creusot/tests/should_succeed/unnest/why3shapes.gz index 6ed1cde5fd2c9d5af08e146a5871654fd46c66bc..882fc1401dfcea065afe368e086a759246f921c9 100644 GIT binary patch delta 176 zcmV;h08jtF0l)!}7=LY{t(dSdCPXeUOOg>vBqBAf;`IfpCM@RX&E$J|TSmhbA2!g@ z`p~)IKs9AMf;m>mfKR;wew-yJWIw?cG5t&QHn@JYko;Exy2KnbUYz&tZJW*gw%~0y zU=OmGzY5ZMP9Eu0@s_NJH7z5(WQsm~VI+vJkBEtig20Kk&MDK^Fxc=UM4DP*lWDE3 e*|(-nGO<@y%Pcj5r)a1+bMgTLzxx*n0RRBfAydl$ delta 175 zcmV;g08szH0lxu|7=NWeK@%3ngvbSENiyIx5|Nr#@%jQ)6BhIHX7atft>FHO5Au8@ z=Q}$bxaMNVu)rDx$f?&LkF$gn#ZQPuO#ccUdE1W!@qdj#S6G0?#yV%;blKc*3vRjr zdr;;4O(B`*1%O diff --git a/creusot/tests/should_succeed/vecdeque/why3session.xml b/creusot/tests/should_succeed/vecdeque/why3session.xml index 34443537e7..0393c23a91 100644 --- a/creusot/tests/should_succeed/vecdeque/why3session.xml +++ b/creusot/tests/should_succeed/vecdeque/why3session.xml @@ -43,7 +43,7 @@ - + @@ -55,7 +55,7 @@ - + @@ -85,7 +85,7 @@ - + @@ -97,7 +97,7 @@ - + diff --git a/creusot/tests/should_succeed/vecdeque/why3shapes.gz b/creusot/tests/should_succeed/vecdeque/why3shapes.gz index 4bc8156e97fdaf2a1d399f00d0dd3b6fbd551064..6048366db7c509dccb7aa45dd759110b52a7bd2d 100644 GIT binary patch literal 1992 zcmV;(2RHa1iwFP!00000|J7JaZydQ1zUx=$wu$#b){A6-90UUbeaR(3BPR=NK6VAj z8e5V#e?Qgi=^2gGGxjEaNPuD2G+9+&eXJ@L{g*fA_rIr)_5S>idUt=lx&7O@oWJ?& z*~6!Fef!5?F1L~$>>|Pdi--d*A`P^NJn$mQAeU$9rs|*D-yVKX>g(oa^Pj5^n^JEE zmmW4(*S8Pp!^OXUx#+4-cf6aeIJNTkRU@g?PoHZxXC1`+>+IuQ&70eD{h$F&idS@< zF4N6@P5-+4T#s0?dsCA}-+DH@J#U-4^M`u>a5dZ3#VzV9Yfc&JW~|BPlM40IEYDV- zet4%JKC4NgU$%y46wkDdGhh!Xu(Nmh`nc^ja4S1+OPl~F6}uY1KF~=%2z2-1X`s`> zvrW^7H|Yw^Bm1*t)BEXr4-~ufR@V+dL0A0s*K~h<``b-@*xU~O318jD#Z$%kbGrXL z-cP=6b6qi(&oXpqVaIYFdL!ZG@V<4Kx0mL12iFuUC}aV&ikJ}sihq@q9Mcu{%GF)cL- zdya8}MznCem9jlrKXx3g+dt44m;&asnsVwmJNU7V99nx9Ka1yDUL@LLS z${|u%QC*Pw1>PPhcN>0(be1x%`|>O4J9+T4g8Ja)+<5OpCSBg0n@Vf7!H1L&dQm(B zz_eNJ!8n%(@5;k2MZvpflFdS`?7ETb`F$nk1jz!2BrhrlBro;i_9XibZC5YiPnERzCj-W|gFZd|Q-gxv zju>ut{)6o1g5g<=tEL9l27h@mkDMId9fdrwpH87qsq7~Q9QxPGF8hJqB&9bh3=C>g zzse2`AMg4@Zw&iiJi}3Fya?1y?90c@P8Bg;zMF?=#*61UJ!omHrL=w@WG$n+!qJ4* z)l>OAEq^hcyN!#PC_6ixb9sto;n()?pfAs%DhX!c*9^p+UkW>ZDIDjQ+`%uu@JoIX zTsPtO?WsE@H;^p+lC1Ij`(2tOy>&y<6=j8~=3>a1&=m2!`&ejbV z$7=NKjIcOj=Zmvs41+J&tZzaH)^U(?i!qq!qC}1qF+#M_oHZw$Ybjo=hfK%;p^ktR z3ydxBxiv9F|4h%75j_BVL~NR_xw0W0){y!#H8C3umJt1@w5Hq;oTD(I0vo}6wZWQ4PZFBGG7Q_ozLnfO zG$UcmwQb@3DVt-`0l~U4kB}Ot49MiG33`mKn2|b2jzAGqfInwE1Y=Q;Q3{YzLPr8H zUV`SLSRCC17<>d5LH>6yP@QXK;<{L!ZEA4Hz+4(RgDsfJ3qnL2QQd|A*PY%^zUU#C zRBcm_J|~kifz^XqUm|`+I z@mkCx794^1l2Zt&$LJ%vi1LkH2k&HT*_Y5H*j#LJJ{SP4pBy0B$u&VF8%Z&Q?}H)R z%!Ykw74;tgZ!PF$HafD_rrwPRzdH=0UD%4#LwDNBgEeDj(!T|?u?Or8gj9jPFAS?K zI3NbS2WZq09mQAY9b$r#9QL+DK9Y+hKLQW3(NeIXc^^{IMwP&c(^D#WG|cnqgdYlN zq%kK3Z8qBH8?)16BN!!(zLAHXv`mpPGDNnK&5y&zHEUN4&S%nN3*)GXL^LKzqF1Z$ zO_=$o!OIni1hH1gM$4V4`C24_rd*SX6FgCbA+nF`BFoRgnQS$s*czlshUx$DOwFRh z2IbOP7&}h;BA^DHV_GxXIjz@<(EBmyy&fE!R0>q+P&o=k!6@+a0cX*Y*5T0^g2t}O zSbfeJbs94%VNX#BQG66tl^2A(HK2^C>6ED>>ogr(6Ljh&hU|4Boshd13tmby;3|#U z+C3VoWR!a>L^=?re!n<~&b~zO3Vakw0h4PwyNdV81%2Jv>BbZ{GtbdcbT2rHvFJl5 z6vy7^ON|0S&N|ugC a@%k!E*7Z~j(fijL;C}%)f2_qXApii;N#BbA literal 1993 zcmV;)2R8U0iwFP!00000|J7MbZydQ1zUx=$wu$#bvK}l3$U!h5(3e~iG;*@Q=dJ)* zV_Wj(@28qQJ>!vP#@@tFz<_Jmtg5d*vL1x~^5XL0_w=?sT>jDCKiqEa|8~ijFaCP* z_%7Yv|1p{Ctz;*=if(eN2otO#PPmFR(JJ!9*B9xo>A(Bm9)C~j>+WvzpPM(E+U_Qw z9yd3)_mAn#)xUqa8mdosyjrYywet6)MpA9>KD1&k28iX?#oPC-Z0_srqXsl9-r#Mz zPInJ2{pJo){E)oW#7ENd~6SoH;ZlkxJ7+q%{fEEj5Wo)Q=z?E$8EQPTi$tF<8Gixm0)-*H)Nco%+)(`W*Yt3E|Jz-A+}uy{gs)-a>Z#(goE|>p zhuPPCX-5nfdz6XA>C2mcZr-%%1kH>7@Vf-}daLx0&3)78!-&c)k`n5Ddi#F!X7ku8 zj8AsA$NDNar&Tcr* zZYYEPlk5d$|I-|YJ;!0|b>$dj<#?86j(NwiTbbQ%nmOjN37#g=$E1QBa=fa1%rUMx z>GmAM3=MJRcqw?~S@2JetAQgLUI@>!&O z3Mn5Vbw^ZJq_V=>Bc)+Oc1Rbgz;R!4fE<&!pw zX8;I~CW)$^OA^AA|payQkUD&=^*lRXRqqY922^43o7->77;1(93YX2I=?Ds6n%pt6gx5*Og>; zE6MB@l5t0}S*hh+HS*(r->^ADGP^^PSCs>j*L?ANl4U^KwY3S&wonH^9VtJg!8iTo_37b;BT z)TFNR4h@~I`qL;3`(L!cQE0RZI85x*$1F}2FGT=XZM2)Hrsfb$#MvH+m?X zywLjf+UpvBcu%(LPdp7CT^o)tgEFs?;;-u!ye7z}GP zTZVDmD5UXu307ZRuw@u^gB$WQ*vIaZdb9Q;M1*CPl9&1q|`v*J@R zJp*Atq*`5De4f&-xl3<0c(Ukg51krPVf0onQ=&3F`)D~@iWX1WDbfULBbQz2HMb@$ zU@fKhFhhYEg;f~xS=JhJ?%)gg(8VR70-b!XAs78Yen#bNbmnsn`YL*$)^<#;5)Sn5gR7D-q~j1s{|;4kbtYvn28Tp(`+tZjnWg__641?;Fk=px#PiXnUz z3?S4^(UPah1;tla3znu2L}vh+?E?dRbr>xHvo+nC=GiiJrzKJVHB&{e0L|x)s(@b? zM(D1ZqELjjMFMCh>salmP)ppU3^pX9kI3HwPtAF5M}`3{012{oCau!g>)hYmz!SbH zB<((odPPIxk}$Wxy|>i0)Ky@rVTME)2_m^jHj?>I<&%6F*b7zy^o&DiZDcyNInvOADpRjw_U3*i{80xdeKHx zwUejB4%33u{t!@m$D*yF=d4vc>4Z>_3H6bRItFTsA5bYWMuy1l`vWdj`!!ebUHiCB zr$w~*b0%*ZSPyvs4v{6Ys`3wnT!-nb+&n2GCIR%qk|_ z37$Mt)>yFj>_NMT;ofrao@g1ge288(ef0dJhhuE>$s4IUqSyp2Cp4uyt1p0N$7{kw z`KclT+kN*UIRE`jUobhN4xv_`#7K@?o^wQ86#LUeBs!W{ndA1@;lBHn zM#&P2f>D09&~ngu(6|mzwTD>fLEpvtj7iu_X*`~0;-m0S8D01KD)FEXL11*EmAWBFChQ`lrQ|6 diff --git a/creusot/tests/should_succeed/vector/01/why3session.xml b/creusot/tests/should_succeed/vector/01/why3session.xml index 77e9148620..dd031b8e45 100644 --- a/creusot/tests/should_succeed/vector/01/why3session.xml +++ b/creusot/tests/should_succeed/vector/01/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/vector/01/why3shapes.gz b/creusot/tests/should_succeed/vector/01/why3shapes.gz index a49cbc7a21580dfde23b7df74e62076de9732911..70744057b5bceb78dadf525a04de4d68e50deff8 100644 GIT binary patch delta 642 zcmV-|0)73B1&jrd6@RuZ#Q^KeA47960vHZZ>@tAZsfKE+tuaT+Y&Y5V>qkkJleOu9 zz<#F4NAiix$8|J5%Yz!DqZ-D}=r2(ctv{`%pR&_Oh|3ufAOTXK0Wx3#a^L|95CJBT z1eih^UP}B`Uwr>iIDeMc9y?E%BgH3Xj#152ftno3YZm(QZpkJ3pFrWc$pYo3MC-$IyU%}4`vw5 zNwpvLKblxRc3Soz;?kYQ!1HqFr;+FHm4l$Me3N`1fRX?7d)u4cjw{BM`3yE~~ zQT8uyLwwGASJnGoj(BaGDEuCAQTQ#g?47P3%!_WvtABA;0F?Yf9-q@IL{p~_Pk|>E z*(?b@f?WX1J;F6*9x?iwcK8QvpTB~^V7m7%iFs%gu04Xay6aWAK delta 643 zcmV-}0(||91&sxe6@S((#Q=T!V`vUWfWQHYT?P<4)lh7;HRf2E?IzoP{V2(D(l#9s z*v}OCNIsGIw2X#lbAPmuk8rkj;cB&;S{*06Fjg1&9D8$N*!A z156+ZFokrpP_4#a_cT5$te|bpsoa}dw~(pPlub9Peg5MncYiEzJ+_`OLzY8t>X%9n zK#97&1&W1opu%}%0iZ1y*kqu=K(-egEJR<>I!^W~l~j6v82=y$EOW<*vE{W|U2P7T zlB);m0Z(#_YPwqgE?e`|RL%xGt+2#)MDV}JR#yaFHrsKldOeu-sDUMFU4Ap2e#5&2 zk%D9suVjI@>3=%igAfy&WSjiMKE(BEP{1^wm6{ltoT-7c+{?t-Tqp&J*RjH<+L^vL zCtcs{e^x|2Hl1ogl8rkhAhONYPou~_Dh>4z*EPl{6l%&@>UKCi>t2J9@7=CY<_hV` zqiSE?hxnWiuBwl{9P!dNk^4OoGWT0#*_*E1nU}5}u7Ac^0Z{S_d3;W<5KEjwA^{Ow zWV6Kh2zCiP^9a|Jd&E_zPav4{$2UlhFQUF!;N=5>*K&9HjhA<~I-lZ^8xa>Sl(PsI zBF;`W#7>jAm?jKRw`Z3bk$bzuNMq47Jee<$*!j*bDM&@{)zEZLtsYH>hqf=Csln`Z ziO$Ie$9(@gew+}`!^VJ1=ZLEn`*FgljPtds%>IB>x&|)7;>?r0w8nEXDN%ptW)py= z%Kd*IM*&s~SVxbhkMI`Dzq&Vzg-U5v*YU3AgbT8(A1jv8U6u)@D=HEeQBhD{P*zY{ dP*P+?S|mkW$U+pnKx;u3{{Y6`!vC!W000LDIJp1- diff --git a/creusot/tests/should_succeed/vector/02_gnome/why3session.xml b/creusot/tests/should_succeed/vector/02_gnome/why3session.xml index 2162b31002..05c54d5cd0 100644 --- a/creusot/tests/should_succeed/vector/02_gnome/why3session.xml +++ b/creusot/tests/should_succeed/vector/02_gnome/why3session.xml @@ -16,25 +16,25 @@ - + - + - + - + @@ -49,10 +49,10 @@ - + - + @@ -88,20 +88,20 @@ - + - + - + - + diff --git a/creusot/tests/should_succeed/vector/02_gnome/why3shapes.gz b/creusot/tests/should_succeed/vector/02_gnome/why3shapes.gz index de1796d7467637fc6d04d2a6f8de89beaad60c2a..83748849222ed003005aa79355d8fd3a41904051 100644 GIT binary patch literal 2381 zcmV-T39|MdiwFP!00000|IJrRZzH)8zUx=$w#fzoSjBg+J_rL(IKU#OppjDyK4*n^ z+#Xr>ZvK6W>~5)Bl08APwg(VIcCj8GtBS?qAAVdv{NnHP!}=-j9=846U)E~<;~!W1 zuYP;?)Ul7_3_6&m*x@wg9iOJ66CYRp%EvGFH@E%gPIk(FxVirN=x@LJtNQt=X&eW+ zU^bm5=AZM!!?0?GL4TU@=*|$&Uw7H>^KKyxth2|ZK@`|9+PMl# zjyR4m*8w>3F6D{5bO1>DO)eNUEq4v71APQeZt|b^vz5Q^9`h)u$5DM;{cWznbYRCF zHSs(n&&2IGnuUF29l}idc0VH@r4h!FEsY~30$;+v&9jx6hS8%)i9#rG={t4BJHi zmyFldPoot*StKN8nwt*oG`Af;o*dS3Xnw!AZH^N?<$Ql2Zdx?=OJc|Qi~yuP<=?8u zw{ckgL@}&P&sf^fLL@l+W7{DtwU55#HAr<2{;7iQZ_~|_zstYY&$gX`wA%msKCg-3 zcUynAU-?~r=x?9$xJr`S$X5QL-|cg{+4;NAd1em%Q)E*#wyWE|zd!1t*_IUE=iQgb zz28$&y6MYuGbFzx@X7A;24Q9qzNsFb(SPO3_Ril{hH=u|BK(g;THWt*?C;XHYOTDZ zy&J%bF&U-&PyUhEl=xu)H~%8h;cP-(sEX>jS}jQ*{p~}Zq6UXpK>HXxGV_K1CxO22 zANDh-FL|T#pZRBX8Pt}%T=C|wZF->3zia7S?6)S$k>#+No6tYrr3e4#6K+`1B!AAk zbx)U8AyliS#)rqy_%2A!)E>AlhNRwZ2bPtmz|k?deatV4kt=KyHN)%>hmk&+-o9jX zyD)c|)!(3;4At2c4PuxcZO&N4f-Y7c%HZY?RT4-N^rlVqSi@)O!YlgaH;T+!NW*eo-K_|9^rvQ+sg-pyg7 zziJu}e?4z}{JG5D%nrrKH44m+#Ox@oMib*PxFW@^mkSez)s?&FP0P|DvN= z7pIcc;w=Z_SPt6kQ!AGF`{iq+b0ch3X|3cn2o1iqyv>M z?EO?H55B%sEafTp_C>w{UY+IN;xFwwINuwAI+r~|GrKjWO&^Oaj-SWGn4k1NomU{r z2b@)w=PxXrU08T}N77C6katghx@l%+d`biE=ZsGb|Ltvws}F-E$sZr+DNuc;pPvG50n@uD+D2FqA8*Fly5hy;nn?!)8kKUXQ!#^?6fC z`g(oo0G+YQGe#Wvj%RxFtpYG$B1mQgYleb1)vhNTnQAcYsq^f4#x&>IV@kDRMT!2+ z{t2JypI#K}_(|O9fl2qpb6HC4hb-*``$SnvLnqmCV?+2~UNqFL-sKIH} zmIZ9|7iD6bwM^^;Y-X(teRiroo#_8UAJa**_*8IxY%Az%=pfqUNM#e1HNBP6{HzGE zy&e~(oi!Z<@AP2TT@UOB#nMc&HBacjllq`e&(%qFS)INXDVue9 zp?#@RZPRu9dgS_dcaQJ`OK?_MI#xUe!AVrHHi;z+#DpXRlHD?a3 zL*r2YE(Wa-!Dft@$ZHmOLX~AIRz@Fu!dwk<_7+BSL(wuJFGXmOs4=UWof4gdw}BHl zGcp^25)hT}B`Ycf*#t(1G!-@;mN!I{MDRYRk^_XmHA0p;aw@s0M3Izl4&rYN3JRDk z3+0gso+}xJq#H|krE}&gx05Yp`-wLLr6O8`n%ZdtiteajOFda&Qpk`QHcx3M-vL?? zTo$hk6WL4TR!LC=OVP{7(Hzt2eb9NEV>UKXF;Wl`l>x)3SO=dmX~R=U^a#WxVh;fs#%Or@7PUG`tzWR3vr#RHrQ%!Rdr&rls}3G7!R{3(&fT@BJ{EWa(MP z327-vujmqrq(T&8FhzUaE@Exo9j5Zh3(kSse3|INq5F^;aHd7F^i0#Om}~nzAk~SU zLsZPEE9ca9p;Gm_k+pzodLgwY!hkdEePObcb<8<=E}~G18s&uGv&@0srAXyxI6MZw z2e6(eBdNQmM<$?<2&yD{SE`T`z0swqV2yBwzwS}t)Yj0;U1fUbM5~ldbiFX8iu92X zu8np^ISa2_RJ5R`UHW3k1==d`Ow()B8dVf(z!8O!HDupM_zVk7T1E(sL~57im|LouZBH0D{OJ&gJ9WNdDpd^8Ty8%lFI2yu07Dw|`lx<@-M__TT*G z_OW3fhZ!_5PO-sp${RjTMI$~g{FRS4ck6BYrIC&DAJ*639{l#3zp9^~I*r31XUwM2 z#QZtm-}kGgAM~dQk8TX{{B@W8KJRAIz#4m8>P3O|qn)a-L>}zS70~W@17Z;6!-&HO zQyqXK?_8e9a|eK=-{^ut(|p&U8qi1J28G|Z>&@-n->m-eZq;Sl8B3=}(qv3K)u0^bxA&*Czu4SBiZ&ELA|fj<4Nt#h{DnkYw>!)Df@eYj2c{?8}eu%Jo)l6T9N4y{6{ z7ITgF5253`AURQc;JO%+db%B07M=n}Ww3q7&x(;NY$s~^*&z-CeKfs!&gf=l?lP-i zqZ|#@*%b|4|KUY zLhPr~x5FxpKiqD+n)z~d@NtjY`W8lQFjd#$Wp%KcXAJS3RjWS3hb1Jtl%=2C$}Ycw_H+#DS>>)1Erdo@Y$wJbO&3u31r{|M32VPu!oL z6>IoO-06Wy=fzW5O6-R$Z3O#7SxQ4A*?eO}m}N!7O@z-iA-dTiK^tNEKz5TSv$GK= zVG@-xq8PK3RG*-rrDsv}X-T?PbsJ_L7wk^Z>89@CM8M=pvQoJMWlzy^O& zCU&zf6B_}m$yJ6v8&#i9^nc+V(?~P>RB(N~R?t^}gXktlDjTV+(_1N>pA{jt*TbT; zlS>D|J1y+G>z@6fSej9`<_Y~bQXkamsXD1HtJBw~4pYx1*um)nj@Oq)%FepHaDAy# z-KOjK?a1|+ZY~{d&_Fr%+gxl0ig%)75M4AMmZjY-zudMrd0h*8u}~_P5P+*hPgh;6 zWF-{seMlw8$kfsbXSqXk2o9M8>%chB4wM7wKsewI&;dAL&N}0?Q%*YJNXUU>i&(sk zT64jSF&P!6EK8DJ`;5lwuteohIus87FFQdp>mf*Kp|G5S)t(tBB{SL+2Uv3E&^j~@ z^-nR#BW6~F1#N8!DQ2sz6$Lp$2|mhdki*ZlX{9w$Y7vqa*?OK*VcgOlgE5h&ORgN3 zj*|p;9Dkx^?@cL8Lr!QdSL9rY+6NYpC15CP7zJ(EI&K`-F9AWJ(LAZhA~KI?g#sX& z*UCnkg{9z5pcC-YK!Uf`=@}x$83I!MfPtKSkd`TtIw0b8ut+X^5)_rlgZ7XCSkOG@ zltttvsikC2SSO4V+6ju0d^s!vt>G4cx=02oIHQ&Vf?#3xC{3=}DbY!I9XL{J$(VvD zFc^(e$jnk=Tr)2@q8Wb>YTm$)pS$LDX9O_z6nNeMDUyi?!C%N7tqw^lL{!45sW%V#mJq)H%Dr? zvVp2pX}ZGM=!Kwqp(k__$V|w6xTRC#7r|>q)Qs+f#tM@_>!2c{^2#VGDq*nVC8WO+ zWT8v}8%?o6c&jbXfhU7pCe#tNu8=ihv`!hPNSb!=f^Y)GH$W&hamErIx5<(xMPi8+ zPv`A$;A;XUofb}Wr_pJ6HGoBh#Igkxj2F*D;R1yUN-LkO$X)B!x`yxVFj6^Zotfqu zyrE}L22a;GZczpkGo%iqd2^Tn1YjxjB(u3_oelG~NJI*eo;$pErTrz4TIqceo}P5U zvsko}7BjuRsBBU!v35)Y&ak(Isp4|9QaAZDfm4z*gP8}+qNIi5Y9)rIE*vPaA zHd)T-ZGm)>Bd3d*#Z-(bEQSi!2xs_KL6S8u9Ym7@0RCu4^NUm=eF0X%{BOY|fF0NT@;Z~y=R diff --git a/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3session.xml b/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3session.xml index f399e72943..37531931a2 100644 --- a/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3session.xml +++ b/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3session.xml @@ -7,7 +7,7 @@ - + diff --git a/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3shapes.gz b/creusot/tests/should_succeed/vector/03_knuth_shuffle/why3shapes.gz index 34a83d47c21cd4e82b6b1848093ef56062d1cac0..2ea9b382fca4b07a9b96fd0384e415ef8e00e366 100644 GIT binary patch delta 635 zcmV->0)+j91%w5V6o2@ZHdQ2McV~gBJ)lTvk)j?)J=I#<>(~m0l#itS_Z?W)F?Lc3 z!Q02on@{+3yKMLN*|p0T*R+Sa`nuH1+s}*cw>?xZ6y*~Ff&c}H042!)6{!G`FhET@ zz?kBEVN1tX_1Nt#hb_zcb#<(_uB60v_3BV{_L%*=$?W&5*MEmCCE1wC<*UN0Cm~Qm z>BoV%j%Xh0T5_-{yb^E&>~m9Z`;BV}z<&8cAP5uzjwWdU%mqSDga`x_XBskipUIAz zau!NkcYN;tG6*WCPBM;9bBPGJ@_Qa(bL>0Y@d#J-?xG<3iy)nI955}q!Zxn0%NIu? zE&S|6ngw9*SARe1%KcYc5b8N2NkrMH64t6*Ln5AlLXs-;Wk_|352T@(HU_c)3hVxC z_O^O-^AKE*j^>ma7(ZA-8ITr1i&HAQH~QV>P#0#b^O0G>E84S-RyUL2-T4_|0}r$+*`SGT=6KKVj-hkweJgh@UcM1<*p>@9=g=6OsA z<9zBN##i4EOJRJy7l>Du>dKIZjQO+{==VJteaFE1B4flUW0CsI*hz(q72g6c2?e9G zhKm#8rtv52Pn);Niu`>ZMnNEq@{7@6H1D}eXD98)q*8_-&gs%;2sU_(oew#v9X<)AJW{rDucYLt%TLmhA7JkW;MGa-f92cxS!Q-Y_sd<~ zET5{r+ppSvzuT2=vCuIJr8g3G7Eq-Stx+bpiJjQ!Na1=3+5j3*2BZOD01QMXHHnFh VHfWTQhFKFW{sGlxzA`8V000K%Jm~-c delta 635 zcmV->0)+j91%w5V6n}6_n<^5sJG(&D9#AA}k)j?)J=I#VHR5yZ>qnQhLrv5^;X2gtcndl1L_iiX`T~42h@sKpKi^V;~Qpu+ zdPGAGt95g%x81dwU*EAJ7UiPtx@p_y)opJMPrlG{Uw_+*RJt4uVp7?F>@9=g=6RKp zN|sX(RdV$Wv6M=#_d=;FOT04VA*KXU0w#GDf}yUXl`w z&KfRGh?~Zrus?0yCM%Zj^Dqhmsd#xY8Wqobj@j&_{g^Og_~D!`eTHCz$JqIh1E%k8 ziy};X?{xSVnLLc;kN%o)Om_Gr5IsU$yH`Rv>hhDc - + diff --git a/creusot/tests/should_succeed/vector/04_binary_search/why3shapes.gz b/creusot/tests/should_succeed/vector/04_binary_search/why3shapes.gz index 8bb935417b64b702d9f10b7bd28835748e17666b..ad986a310e5e46b282430b49fb5390abdfeb224a 100644 GIT binary patch delta 467 zcmV;^0WALB1KtCW6@Mj7FFOnDLX}iPmJvvidZ|{qp$Q*0DuEgkxBd4W){D*N!%Z#A zp4oZ(-VF1&zH#?k{8{bYLpAK1zWd?|_vVu`?y%_&iX|oj1#`$1pF>Z1bLcBSaj>oE z+ik`z5^LM`zw)QPtXdV|*yl|*;#2%^6>FB4i0nuhOe`Zl6Mxv_SM;moA|Xs!{m$Ed z(-cY=QUxrV?wqnWdjKWknOXRnIa(&bk__)uh^u@(3@S?EX_|jZbF0u_lRYwBm6!*SBlFRZDn;RgC&g6S!OzTn@j@(Ln;huwbN&&#{IR9e8s)Bwh9F? z(l+x0wv!yZTI>Y1TjDW(wI*i;Xi;uNH^;O1zs<&@rP+9N(QNdn;RHQL?0o%WHuKm; zo0;-y%STd6oGse8&~b6bF}(+f3KN71v2&L~H% z+`1p!$EL&KPfjKuiml^_QlekVf=TumGN`c%u?|J;p%lPt?#fi8LF%Vo%2P<0^A}`D JaU0$Q008@W<&0gC;U<=4 z&+NQ?Z-#k%xpDVfd{TS&p!$8?wYRQtZ?2tThjn|9EHM#Cm_jc36nfH|LSOocgN>qZ zyBW4ftWDGX&L6u5qjf_#BrtsF|YN31Fx;m`hANgl@dZ9W7K ztdVvkz(b9_r+?{y>a-Fqy*3Q=U - + - + - + @@ -56,7 +56,7 @@ - + @@ -65,19 +65,19 @@ - + - + - + - + @@ -89,19 +89,19 @@ - + - + - + - + - + @@ -110,10 +110,10 @@ - + - + diff --git a/creusot/tests/should_succeed/vector/05_binary_search_generic/why3shapes.gz b/creusot/tests/should_succeed/vector/05_binary_search_generic/why3shapes.gz index fb60435a3fcf72f3ae612cddc4eb62e514adb69c..a6bb7ee5f9a9e05de58c7e713ed0f3635a4650a1 100644 GIT binary patch literal 2685 zcmV-@3WD_?iwFP!00000|IJ$4jvKiVeb-m$ZIcZGu*l*qfEN%9PdI>)eF++Q8?bq? zg^WjINp`&Z^(nHuCAOp)&#vvU7lxWm7OM`cPhB|Jzx=%1z4iBLxBQs4yY=SoA4|3T z`LB!pd%wQ>*s-f|1RYF6-tlQDIx!8g!>fhAP4w^X&Hk+?t+%(E|J}UX#B|$9zu(-f z@Am%P>OViNs+LoU>p`KM6v|FbL)GbNs5?VuUik3t{^oY`rn4O||MKS5`w#y1y?;^P ztER)#&g6l20JPzC+U-U;K0e{Pm7@c5lKba2`F+~XbzleLxHfLb@hN6%1TBo_<~n2t zx&t$A(&JN&PdQVfCfWIZnw~oY==65-#;9q2e9k%!N9g1+|7PE;{CoQ$4I4R(PoluT zS`GC1#dxB+JvGzKb}>Hr+&*?(HoI^4&2+O{j!!%>t~##g@NZMI(r6ex%2l<0k(As_ z^D(9S!{n--YCoUsxNRnYbjS3mSYC%=^_tF7gdVW8qJ=;%wpW$?FxNhEpPPq62)y5J z+bCN2-DbN_vC+hf%%X+Y~l;alNMyFAfHRRS zK3<$o6l#7Tg$jQf)dn^by7ITX)EM5ae}CkhMX>j~RFsfEe2lYwLg}&u;DnyS)2)j;+X@ zfV(<%Pj$%!SFP(g4`3g4{1B7pkRCn$aN1Lk!==v$Em-&rmT%}hxcYOa?F1Yx9H$;5 z;@LNXOAa9|1nHL+XI&03C`EVC^BZ5mF zFNJ(qUU)jo%}0OxAw4MXZxHGpHH>Pa9)_c3XhdkOnXhk@Ur-MTYEq+Td-WiLQw5lP zr(&#qZ#VN%>#%z$IIRo*cE*MP3mT_4X}jD|FO=!1i;Hd#e9DMr)a1j%>-8X1ty5ha zR%#);8Oz)vu0O6zyS40pTmGK5o3c9WIbtN4b1v}3Jk=JVaixsmfgSYiax43|FWQN+ z^TZ~R8AidX_h|~=t>fv=7DZWpkdn0667sUFzY%=mQ5j9_KTcOpyv#$iysY2DR%LZ! zd>`PIuS7dp=?3UAwn+`&MA18YFWOhF)ztyapoRO*I7QFTo@TQeowkA1-2WSRg3HSu z5%ZF&m@%J-a zpP}gPLqE#Z(>`r~S>PvIFI6z!rgHvAS`dEPgHT_#OWTir=*vFSi|{9wME=B*$j=O1 zY$*7}v#-yZz+=P>arUxCSiPQYw;ke~a5OPvaVK6(glrv4c+Imitg8CF7TwLsjh@XrT(cra-H6t3TKFpge1PXzH_V z&#}AFhmkrexLQ4l)2N=tX_A{!>gpVZY5+YgbZJlhbV7#V8w%`%D5Habcv#h|`B$nm zqR>0PHc|gqGiH6hKT5r(Fl*MRm7SS>D`H z&-a7W;uyRB)8gz>J-a}BI{Uhd`^|1YyRtsQ4tahFxNb6sWLJyE0R_z?nfBAuvaEb! zmX&<=23OZ@`jRlD+}8dK+2uP*xp16dD@2$mf#(+#yv&lWbT~8nh0E<57QlsyW4;xS zL~M&eo#MS%g682WPizg@;SnSH#K>WLtru6sDm^?+IRu~VI~?W~z*%@DIR z7^;uyP*2qdbz6Pt6ldHRgr{s#$x{CaE7&Zlp*kr&h(qb2bbKg1W$tq6d7RBsoUvIx zkZvb7xA`9BVT8y1Pb0C!r;wPWW)wQFIY-M6Rm=f-Q*sc8?f zQbKBxMT*v>9D>NyK3Z073Mcqix6BpS8R>(8^qyHdrf0nu%yRO9<+57VPADg&6ZqBb z=a76h(5vEtpoloZCc!nb6nsQjA{N~!9CC*=U`|*k%-2O>&~uggWPO&JN6)kMOvRWm zF=iDMhM{sOp8*Rpq_hv@ggzt%Ij|&|NVfc4$P*z(wm%n~z**8<$(W2p-78;QrA&+_ z>qva9uF=nlC@~|FAhu90(83!|jf1eP4_>R@7*i;N)=5@=(L9rzWS_N{DQ0Py%BU$V zimZ4K!c#5@1(f7Y!t+DZfvAJFhb$Cz4xX}^(x@RB%KyZ(3Qammzv6pg^yED$b517E zk1&+~B%-0v3sD8r7nT)h>boNqC}d>bFrYk1L8`d75HJN5yvlv7NaYU#)@v?UmMSSv z(4^5(dYimPLxIDEuGy8K=^p_sFb^?W&Xet}G&vJfBXXvdjTG)|slX}bB;hhY4r;BV zr!0*K)Jydu%g7NhDB+`x-s`2J9m*-`6gnlG;@=bw)p2T-sEMHax$T)@sC9;(N2+f| zC|2Q^=R`#P3vvOu7uG-^`e`Pplm+TWqwGbjpVdAys7QUfN`+)7Sq$0sJSV15ixgzc z6_n;q(=U5YTqXpnu3k#)MabU!K1D@+wZ%|6(pvnrbQ+x&&yOw%0La90&Z2^z7!SQj zjQS+1!C-N0O}-z%%&;e)c^*vw-ec*Vl+2v&Boq}nRQIXxi%}yc8L7nm(HTI;!EuG^eKa&ZVe6+@m&%pfT87*!+jQU`7v#G>&@LimTLL) zUl;rLetq|`V^`ydcYGQ`2h&h=Vj5zHR||ie=9&)8zqwi8 z?ftvee|}n3EvFLKgF-nel%1M}s?*a@cZSTo@bTUK&F$t*XFJaP%bQp4Klt1C{zZMS znhsApljqQJP8(jQ-ENeF@yV}SIr?BAxqohx->2*T(HQKE+IppoP)gT!-wq z?zkB@>G7$?r<^HKlk9vyP0yXd>Fe#}jZxG5^MQ51kI>0u{>{Ew`Sadupbe?P7ew+&*?7o87njX1due$0wc`R~_g%{M*#5G#W;af~xi}k`l}` z-=}ncm|WGb+RrCDu+0P~-F^C0EU)9RdQIO_gdVW8qJ>B&`Lo<{3E>EE}=*X>I&usCq+gcQ&o$a+SO;_-u@KD)US?DFpGIkqBq z0`BV6J=G-_T(z#>c>w#U4l?U)u?Ov~Zky zjEHAv#4kC7v=F3UTAXz`@*z)8ZwG2MQ$u|1f4fgdf-n3w?KZa`)07Nu!sf$WzZ(%; z@^~ra!}7w@x7>X6w;$4j^8N;S-J^z4P1M71w9Fe3T5IO(8|4?&LxP&r=-FO9$lz1~ zX6IClweRg_7_|<&hl10(;BRMah(Xv5!*9#q({@uyUO6S&$x1gskFiZ^_$G?p*?ZBxYOSsgU1Z zxIRPC-G?yB)vtZp{;~ikTQ5~GXj3`-kro6_dl2f&c4_<34}IBZdJ%YHNrWesL^v~W zv7vyA-@ZO;0*?_l#M#RlVfA{p-FAp`!qLQx#huWRzb>}xXw2D@hF||nv(we4RV$kN zK!;*A!>~Gbz+{}3FV&F_`TP}L9ki6UA!O@-R1Ae>Cc!5O-p;aVmeqY_=2acBPS{uD zqOeUODBp5UqCxsl)+(*04u8m7xq817bjkQ-=1^5T2U@5CuPM;#-0IJ@Jt)uG9-8`W z+jH!0^kJlq3a(a9;xwwKahl|2l)5^Hp&CF>3tie%k50%qoT0!@h%!0|h=*0Znx9go z5ry9QwTb$_nlbD1{ZZ;Qg;}#kt?bP7BR9BLzfQ%j37MkjGMyd_o&h@A%3pg4I+_7q zdA=W{7RT82pB87A>e&V2)7j}R?l-&r?8^EGJLLH#;JV2il3gtt2NX1qWZF+p%d+x` zSysaAjbB~2=}Yn<<+k=`$S&Ve%7xJ;zA5;PB2d17nG4v!eoCq@q2YrVL-t~KbWP@XhB<#1*-2<23R%IHvo4mwdD zYtT_`ot!NQ|2z0p2yiN#TlFB z1L<~RbDQr`9!7ZF|1=UydMwKL{$UG!v|1&|CJG~MFM?+V zd#RGr0MSntv;*ZpI>0ZnCQ*S_XfroGok(Um7#>&xX|>@|E(LdjIj|1Q*RmZW*;zp_kEmPhZMYAEJ+#yvk8SjJ#UbPADg&6ZqBb zN9C>PBPgGVNEv-%QTMEzft1ufEfI@u6b`{54VV+w3G;PPus)fXWDwHCn0v-K7|fZ0 zGO>`kFbtJL`3zXl*n}W71evU`8j+aKEEfz7Q%sC(e=ayWM+{2$DN8F%788g;(a(vfXTT(}gKL#hl|KmBfXXIrjYO+0 zW1gZVWXn7YNwSc2&8`GZ{|I0sxspzw9O;8$Oh$?(YYnBtEHzlaRNN`%B;hhY4r(Sa zA_|d$j=nd-n9Qh6h>8=NA?c-}9m*-`6gnlGf^Q1PNZ>YvUX`{kU;xD#`Ld^0k7tgt z!ZFW@2&k2^RwN=HAkTrKIk3LBl!q*{aX41{%%G^bD!r;TloU-*N5``ixsL{U553F< zlm@5impv!06eIN@5-?FC9lXqFsR>~ar2s8_t+rY^jZTZ_M^|zPb!uR#YfIixDlyRm zwJCkz)TX4dHTix3eL`ZFks$`EB0$k-V>C(`siFlRtNYaV#VBm#6UsFt&A;e-&$%XQP6rRIiDu6#lu_0jXKz+Gx6-j#qRGU(sd)%s$ZtoI<3ug#trH zEudVn1Or%Fa=UaEofTiyy|F}DB7>&tkW~Op7k>saD+Scn8(ZuU^Q?8&IIF+V8YO$F qiQ-V=Kj;LWs=7s@x}{=(yjrW2;*1xI)VqDT)&B#;9QbasD*yoUC`9A{ diff --git a/creusot/tests/should_succeed/vector/07_read_write/why3shapes.gz b/creusot/tests/should_succeed/vector/07_read_write/why3shapes.gz index 0feab8e05496fdcb4a2f789831171d73e24fb382..2ce98c44fd276a2803a2b2bff08ec167326678c0 100644 GIT binary patch literal 456 zcmV;(0XP01iwFP!00000|9w+UkDD+Mz4I%$ZJQH=F&~xoU{yj!>antVS~LkxgX+K* zNb>hPwsAJwvXu}#JmdG?Jj|zEJfHAY&+%1Hb3YDW;ym7cj+Wop4_B4cD*^=prYa4P zDHdR+vN}Se=^B16CnQ#5##?(HJ8cxlWo-Ll!L#`BBpl)29gSV(iU-16|Pu9ni|@eQCB ze$bU7qlUXe>R#5>hcYQ73aWaoK_!r~X|HH5}3=;qB$ z-*ERhF3nyvK0_!(0B>p7Zr@NiDBhrT3ND1V%D-#*713woO z+SWJ67X@syLX$BO%(U9fx09a!O~bZrQ2sAKuleF!eca`UcXo*PK{Lnxang35Kc!B` zWsyBb<>h@?mCuSeQ;V!#O1JeS+|MCXbRx{M{vK9xJF%*c)YtepPVuC%Yj0D(=qT#S yF54qZ^5SqzI?ndR;ZW(0A30>eOC3WZD_P1y=90@yGMP${N%RM?4_7!GuvS7w>antVS~M(9gX+K* zNb>s~+c=wT*-8i=p7DEc9_Dcu&qsXIb9~X$+>gW8xQKUOqUAUC!$l?4iaa@+v~3=^B16M zZ@9Z3muBa+&k(o>;5`l7?Hjm*;vHJYz_A^tX}s$0;q;5f#X~9(GP+d0e>od~n6zlW9FPOPjV^&B6@DV{WT&2{P*9Yq}W xdB^jFmu*+Tfwvt?UJofFnxbXMVn}2u_may(GMURvrV?Zl{Q)V;wMq5^002T!+`j+- diff --git a/creusot/tests/should_succeed/vector/08_haystack/why3session.xml b/creusot/tests/should_succeed/vector/08_haystack/why3session.xml index 11c8ded037..4dfed7aa93 100644 --- a/creusot/tests/should_succeed/vector/08_haystack/why3session.xml +++ b/creusot/tests/should_succeed/vector/08_haystack/why3session.xml @@ -11,10 +11,10 @@ - + - + @@ -23,13 +23,13 @@ - + - + @@ -38,7 +38,7 @@ - + @@ -47,10 +47,10 @@ - + - + @@ -62,13 +62,13 @@ - + - + - + @@ -77,10 +77,10 @@ - + - + @@ -89,31 +89,31 @@ - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/vector/08_haystack/why3shapes.gz b/creusot/tests/should_succeed/vector/08_haystack/why3shapes.gz index 094e62bb8e70348e2264b37cf36a81cdbd325414..4a2dbcbdf366c4c322c738b46edd9c8b65d72faf 100644 GIT binary patch literal 2887 zcmV-N3%K+jiwFP!00000|K(U)Z(F$$e)q5N+qN4lz!~0)^@9<_pkKB?TO9Oh1zrO zn_vBW`JrJq0|gC?BsMsbyx}7$8ZnZxkt3-ZHIll~BWW6QbK&n-ZF-1#-B|zXRRgR6 zY=GZZ20IcogX0X0Gi;c#w>upGqxep3rxT`@K=^!jzxgi_qt>n0M3dY8$}jS4(Z2O5 z=lj`RoASc1H-5FLlMSfpd|sw;_Ft=qeESng&)2ig#NI*|L2`zILF(z>^6loGr@${3 z?Z;kO1KMxe*?hV2ch~>^?z)OR;V&TX#K z1glI}W182AJ?_JF?-=?-`@}7ZZ0|}<{H-Dv{mEAqm8=2W%8YA!@#vXz=G9JFKisP6^-=~hPe;Gl z_+Q3T-e;r$-T6&?H}jh@A;*l_iF`USj!QPEPKw@=Lld5TkKnp%82p(hvC1u2${GoW8sJrDK%7%$I)A^VI54=Pq9R*xubQ@`gfNd0x+c zYL|K9QLlPEU%n-#cG;jFw7s7Fv%Sj=(S1_Oo?7K~yZDehA9`QJpmaB?g8o0s4NDV?KIuR4#Tl&tYUomnH^Zy?S&6PpkH?j-3Db+vqm& zEaMFte<((CxBkbvax5=@ysCL=ZeC*7o)dQeLuLH58=a5#MWL@dIij6Z-}D)1J1BaV z{wbhgRn^_alk8(P;-``05O-hC{!tr@nx?$JulDiW6qR9rxkm^XB*(!HqhSlu{rolx zFahc<3>@GR9EJ|InvP=b5Qq7Z<9UH74x1#T68e0faTFNP6f3Uvkxzag` zFFb}5pi05O9#thff~sek*h3&*wbhyTrv!G*`}^aFN*(t53j&h$?1NuC~<@*dnM48DqSC@%RG*T zzW>ow_l&MioBqW@OVg1(5V`S-b)FU(JnZhNn62~bgYVyU=YlgIwLQBk@K0=R`e1>x z+io2Bk3Tk$fS&@*e0#ks`Rx-A*P%8HlJj9$rj_7&5C5+R_;2C5uMkAMyx>%AU5z_c z;sze&TfFWHWIL44ZlN#!ef=D@fp7W1Iv(cr^SguV&uvBUdYY8iQ+&Z)hch~V&=K+N zrnqm#ps6QLwOp0ss;A^M59GRJo7WvMm$WvVjo zfV?%eKyAgT*3_AUg3+3>mSM-b)wHY3?e-r(UQy2I2m$AQ3x_CMTHmT250Xs|vRCu8X*D^zlOFD~4R`q{ z`%!b#3w+AnEfsEBZzS%po(4zx-|XsrCuR={{>Mh|>V2bY4WgMwi#L6>Cu&;l8;y@^ zeVyEudaeA=JzEEOy(&`5_bYv6=?ZoK_+DQiKUjHfl2R%z*GD{g!@)0J&) zc1%MJ*5;yleOcPo)EJ`;lyAyka_hKq+&Hc~LjG2kb1@;ZNcflp8A>c#BeYhgfUv2U zYFV(~$+(YJfDk%Zol@{j=z=9n0^n>D&34AQ6X*o|eqNvrbn}dgK5L-+M_FsF7Q%B# zrtnx#TQVoe7vqF>LODV5;`i`{Gr|Fg$rs~=MhHAc36zJ?a|_825GI9_+(~p2{usZs z7b#gm2;!xbITp0h2*V@?;k`-&0xIDY{f|z8Q{<*~(m1J|ByI8!c3DW1F?w-yxq;PRTFIYm*QFZBf*Y6_lnh`qLf|BTWkEyw+c$<5Xa!@*;cVO~`=| zlpsWkfRrc{|9Y2|bsC&zl~CqO+kw}ahr+ewTxq6-45(wGGUn+_lr41!8o%&O5M~!E zvX$I&!ZR5~GTB36MFr}HWVZ?aEB zv~pTHExzPE*&JA;q8^MAmkx$5*<0Z5axnp27%1abVPk7oC;yz^T#e zTVyN0;s8*0C%g{YFie;k3yiuw6~8GuNglVF}=PzvROGMZk# z71yHm0dx0$p{J^|_A3qoLbQyY`~i&&6a~8ZmMgABhHQD#yC_|2VYP@AvYzl!Ze0}^m56D8!sack+I)sbeI$}2Z31^o|unX(mP%;L~ZG9I^+$o zZ#P0lF%^wf!m||U{Z75K4G?0oAy^UP5TU99zOBf3mALjMizul08paaAF{j2{rNAKS zAu{~ij1DUxIZ`;1jWT8?uy9Hu4MIo3S)Vte21nG-a^Gy60?Vd`hTfyp&t;$h31$tU zk2E%5x`e8&s)Ik;HKj|mm=j8?br4b_0yUt_c;t)_b8wCHR>gmci%BxeL{gw-ND;XQ lL4B}9D8RFip?8tA16EBWRGXsO5&bFd{tqE5YW43n008EDr2zl{ literal 2891 zcmV-R3$*kfiwFP!00000|K(WSZyUK0fA?RZw`(srfHV9q&JRKmgMPUJZL#Rn30#t! zC?{)ulAN^veTUp#X(eZ6#lDX;IpnM%IbR%-znR&;d_UX1^Y>{x`;a!(%a8zg&N)*iBDC1p|o{4kWMmK#EEXq^#sXs!9!{uJk~f%G_M}`%N1kLfTf=zj{>x zs{kwDx0%5X1kKN|JHAJ?>q&5 zwQ4_h$|}%)*DjXpoxhv^`@4A-dBkzsAB8TCZv6UfB8jki*e*Yi*J)jW3GCNLZkS^? z#?dEjCH}}Nq?6?X6AlM}xStwM0NGyE=nQ}u1|4JVMKv6m#NixJ?3M2iA`kLOy!~{b zz^_w^s}x`|mIKSg;yeFeI??dURk@3Y;r%9sb{&^HdImYZ{c$V+FH_VRJ(3h>{mXKT zx_wy3t^dJ4kcblB4JMC<;);IL+q9Xr^iCVnl+BD-whwiY$|j#uRbFFY-S1d3>)hXU znqZmfdbs9!;)wh7x)+A-qJ82O1$OkLM*e1ztM25picIDJ?$TyKNAhT@-R_E|JQ~D0 z`nvos+Et_gf80;@_pX~P-d?TR_I{RM*k$Ev2>xO$ZonE?u%+t}Y zcK(;)l#dxHKzDu@-YxuYxRAq*If#7vVoXa`sLqPsl0ze&V~=27+@|%LA#&gQ1*(hp z4g-G|YVbb~!#pn!tMmiDZa16uV~XG1{ZbgEZUeT?$a7b(eQ59QS7}F~%{;Fc zKeg*L@~Bh2U9R5}Q@gHE_u5`B{@LE8isLe?pRu-JHI8C1?yB^?_)lAF)0^{%}W^B@M&ar8tT& zJccu%O2NPmRVAB1)r(9VArQ~n^33~l0*B)L{WPLdh5i1DfMmP);8zc6ij@p@kB$%2 zp!?Ohd|!?S?@xLFAE{g;17{@;iU;;{O^qJ7##?wokTziVTd}1}peT?}jQYC& z(Nt-pv(u*QSZHZHvL_-pezi^GB!j2bJtebk+I;X`Uw0`u^FiCQvjYFb=Ee;RTwHeJ zz(3t=AOSxGn)!BqNcrs(jccD9ddX!!Y{r>jeuV$?9{yXHcNv0+mnWR8t>n0KDX!;H zzQuV-kZqqn%R-m@yZkw51K;wVbvVrV^Q(jT=awQkA79G(7+>&E;SA27R78BgDeha* zYwCz|C0FLS?kG9F2l8y?H$PiKjy*3G=X_MdwknV4rzEOY=UlK)ORYIhQs+? z!THV8Z*LmX8H!x%(0| zxvqzAQTFC`zuD0jg2()ijPr@e4901FuXZ>{Haf^o&C{mU=;+RRc+A$n70XTrqbd~m+grfXZuRy<6NI752;=& z|8vJy0IyR;O8If7&nzX;SITw_SZR1uk~b0bXPBqbVW5?*l<9etsg!y%b+YpKdrzhG zX)>>r*sqbMF5h-4$&fsx>uy5iiAwQq#4Ckw1`#|>(T5CODd;$_3&q}yPEAc;<09~9#OwT*$*5Te(DODn7mCeEfH~`o z(@r_*gyW889lHw1Y#jviI#}5R&oCu#StQ-2A$o@3kU6jp%x5XK=p{tYSV&-1V}sQU z(55Jufh25EOw9NU-Au-sfkwuY5;36xAAAyo0kP&@n;8Xy;(+3L>Kh{^FwN>1Q&57m zdqdIT+G6x|sEg~yp?lCXfRmtblft@ z6e9hvA~urlZD_Dgp!kei$Ccy8aa{=cTUj=>ZctJOgd4b6@%ds|r>zdx8CkGUTfHj^=*_78U znG@uTaY8$xoFIAed-#$taq4Cp8N7wYM$`>&g7%7shQI-O2$RA|?j$-1e~e#B$wbIu zO!Qn6cAID;d8tsP470LFKqZ`_zvvV=MQ&Orjg#6*(kB04mz%`7G&b-+VdT&R33RHe z(Ml)Vs1i!0oRVLZ*DOj+X@K$zcmtMufs}a~p_t$~XBMyZ7wEW9R?9$7SYwT#DbhR& zkTu0z2aTBDva(Kt(<~Fpd}%ufnp2WAC?r#{v7SkeQgMT|phVw6p~f$K6N)M-QDg0a zu#8*>OQ;d3rAW2LU`5#k|MK@?v}(Ku!70P*XrV^UYa4P#mMW&0-+^IH(tKyfMrldF&SYq)fXlIl&(i!0lcLtq- z|F5m9B#}3|mNnPW2;e}~Vv0su>*=<}K7V|ryQk`g>Z=rhs_vQ!<;K^^3MQ%2w+NA80ic=zkO{_Wkqq_aoF&T0jqr8dcq;32lVgpu+FA8g1^_kfI|WHdW}-+*MLKyC z7(q2Mox8j&O0xDV4nobS4TsbOYBM0iUrd})R6?>wTQ7(H{A-UxL`kg$y#VFuUPMLh zzV?9D*xDE$baxrPjaWb}sKHkB5`x!;Q8tX!Wh9LW1VHU))N+$7X=J35kxoWR8EIws zbw?&Bsf@LR4op&09;jr<%^{0iDk*sCBV)hK=umG5RGoWlxYdj*3c;xL2$X1v2sU)l z0ru@i2&irjR@Koe%|acak - + diff --git a/creusot/tests/should_succeed/vector/09_capacity/why3shapes.gz b/creusot/tests/should_succeed/vector/09_capacity/why3shapes.gz index 3b3fcc87a517d5ed11848cc20575352711a76c71..ee07a62e097d82f3942d6a6ba3b43a0758653b6f 100644 GIT binary patch literal 424 zcmV;Z0ayMXiwFP!00000|Fx6NZmTd5h4(xKyWVEyf8$Dbfv$w$1+1=$Cbmh?CAcLh zZQs6zn6#y7ca^X;8lO3z2it!(>2VK_?wFq3aBO{lmx^?An~YD;_9u;s7-5Z*NzaDc5J2LJ5r&EfyKxM_RnG^WKY;2N_j3f*EhO>_P$lzf4b1xntbWcH+MC|RKB z3?&-l1&XH$U4^POQ$?h@5Y_C5RzMYba>gm0MOYSwyowTQ)N%&mf|?FP%N0pP()lqhSR0VWVr8Rw0&lrunpG7ej+ SOq0q|T*Pl*XlEr91ONbaILn3r literal 424 zcmV;Z0ayMXiwFP!00000|Fx6BZlf>|hVMKDx3)QX3}c5%J)lYmUclN@(O^u1N^nb1 z+P?i7V$xlj_Erh3(fFVLvzg&`6CU^UVvga-49C{?_n`7Sc)(ys-@*(7o%4=$|Dd)e7ttLaI_3gmyO z&73Nz8>gLXKu~e&HZ*gBEOn08M3eP*)x}uQV2-vs83m&7mlf#}6wY&P2Dr8XTng}f zzggvKodZ>N80?#=Zw}Ar;->AXQxIjd02RbjU4kq}%Z$_+ex;`*%2`x03!?viQDKX!bjYcfZ|G zo{SCxj3AOtT(hb{PMSk45gDs+TM0l$A?9%& 0 } - = a / b + let function rem [@inline:trivial] (a b : int) : int requires { b <> 0 } = a % b - let function neg [@inline:trivial] (a : int) : int = - a - - let predicate (<) [@inline:trivial] a b = a < b - let predicate (<=) [@inline:trivial] a b = a <= b - let predicate (>) [@inline:trivial] a b = a > b - let predicate (>=) [@inline:trivial] a b = a >= b let predicate lt [@inline:trivial] (a b : int) : bool = a < b let predicate le [@inline:trivial] (a b : int) : bool = a <= b let predicate gt [@inline:trivial] (a b : int) : bool = a > b let predicate ge [@inline:trivial] (a b : int) : bool = a >= b let predicate eq [@inline:trivial] (a b : int) : bool = a = b - let predicate ne [@inline:trivial] (a b : int) : bool = a <> b + let predicate ne [@inline:trivial] (a b : int) : bool = not (a = b) end (* Signed Integer *)