diff --git a/Cargo.lock b/Cargo.lock index 0159b6764b..be9cef5e45 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -207,13 +207,16 @@ dependencies = [ "escargot", "glob", "heck", + "include_dir", "indexmap", "itertools", "lazy_static", "log", "petgraph", "serde", + "serde_json", "similar", + "tempdir", "termcolor", "toml", "why3", @@ -350,6 +353,12 @@ dependencies = [ "percent-encoding", ] +[[package]] +name = "fuchsia-cprng" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a06f77d526c1a601b7c4cdd98f54b5eaabffc14d5f2f0296febdc7f357c6d3ba" + [[package]] name = "getrandom" version = "0.2.9" @@ -416,6 +425,25 @@ dependencies = [ "unicode-normalization", ] +[[package]] +name = "include_dir" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "18762faeff7122e89e0857b02f7ce6fcc0d101d5e9ad2ad7846cc01d61b7f19e" +dependencies = [ + "include_dir_macros", +] + +[[package]] +name = "include_dir_macros" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b139284b5cf57ecfa712bcc66950bb635b31aff41c188e8a4cfc758eca374a3f" +dependencies = [ + "proc-macro2", + "quote", +] + [[package]] name = "indexmap" version = "1.9.3" @@ -763,22 +791,59 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.63" +version = "1.0.76" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b368fba921b0dce7e60f5e04ec15e565b3303972b42bcfde1d0713b881959eb" +checksum = "95fc56cda0b5c3325f5fbbd7ff9fda9e02bb00bb3dac51252d2f1bfa1cb8cc8c" dependencies = [ "unicode-ident", ] [[package]] name = "quote" -version = "1.0.26" +version = "1.0.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4424af4bf778aae2051a77b60283332f386554255d722233d09fbfc7e30da2fc" +checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" dependencies = [ "proc-macro2", ] +[[package]] +name = "rand" +version = "0.4.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "552840b97013b1a26992c11eac34bdd778e464601a4c2054b5f0bff7c6761293" +dependencies = [ + "fuchsia-cprng", + "libc", + "rand_core 0.3.1", + "rdrand", + "winapi", +] + +[[package]] +name = "rand_core" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a6fdeb83b075e8266dcc8762c22776f6877a63111121f5f8c7411e5be7eed4b" +dependencies = [ + "rand_core 0.4.2", +] + +[[package]] +name = "rand_core" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c33a3c44ca05fa6f1807d8e6743f3824e8509beca625669633be0acbdf509dc" + +[[package]] +name = "rdrand" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "678054eb77286b51581ba43620cc911abf02758c91f93f479767aed0f90458b2" +dependencies = [ + "rand_core 0.3.1", +] + [[package]] name = "ref-cast" version = "1.0.16" @@ -822,6 +887,15 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a5996294f19bd3aae0453a862ad728f60e6600695733dd5df01da90c54363a3c" +[[package]] +name = "remove_dir_all" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7" +dependencies = [ + "winapi", +] + [[package]] name = "roxmltree" version = "0.18.0" @@ -853,18 +927,18 @@ checksum = "f91339c0467de62360649f8d3e185ca8de4224ff281f66000de5eb2a77a79041" [[package]] name = "serde" -version = "1.0.160" +version = "1.0.195" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb2f3770c8bce3bcda7e149193a069a0f4365bda1fa5cd88e03bca26afc1216c" +checksum = "63261df402c67811e9ac6def069e4786148c4563f4b50fd4bf30aa370d626b02" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.160" +version = "1.0.195" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "291a097c63d8497e00160b166a967a4a79c64f3facdd01cbd7502231688d77df" +checksum = "46fe8f8603d81ba86327b23a2e9cdf49e1255fb94a4c5f297f6ee0547178ea2c" dependencies = [ "proc-macro2", "quote", @@ -873,9 +947,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.96" +version = "1.0.111" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "057d394a50403bcac12672b2b18fb387ab6d289d957dab67dd201875391e52f1" +checksum = "176e46fa42316f18edd598015a5166857fc835ec732f5215eac6b7bdbf0a84f4" dependencies = [ "itoa", "ryu", @@ -896,15 +970,25 @@ checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" [[package]] name = "syn" -version = "2.0.15" +version = "2.0.48" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a34fcf3e8b60f57e6a14301a2e916d323af98b0ea63c599441eec8558660c822" +checksum = "0f3531638e407dfc0814761abb7c00a5b54992b849452a0646b7f65c9f770f3f" dependencies = [ "proc-macro2", "quote", "unicode-ident", ] +[[package]] +name = "tempdir" +version = "0.3.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "15f2b5fb00ccdf689e0149d1b1b3c03fead81c2b37735d812fa8bddbbf41b6d8" +dependencies = [ + "rand", + "remove_dir_all", +] + [[package]] name = "termcolor" version = "1.2.0" @@ -1033,6 +1117,7 @@ dependencies = [ "num", "pretty", "serde", + "serde_json", ] [[package]] diff --git a/cargo-creusot/src/options.rs b/cargo-creusot/src/options.rs index 0fa2cb17f6..a5690fce51 100644 --- a/cargo-creusot/src/options.rs +++ b/cargo-creusot/src/options.rs @@ -35,6 +35,9 @@ pub struct CreusotArgs { /// Use `result` as the trigger of definition and specification axioms of logic/ghost/predicate functions #[clap(long, default_value_t = false, action = clap::ArgAction::Set)] pub simple_triggers: bool, + /// Run why3 with the following configuration (Should start with "prove" or "ide") + #[clap(long)] + why3: Option, } /// Parse a single key-value pair diff --git a/creusot-rustc/src/options.rs b/creusot-rustc/src/options.rs index 30511b8116..68374cccf4 100644 --- a/creusot-rustc/src/options.rs +++ b/creusot-rustc/src/options.rs @@ -38,6 +38,9 @@ pub struct CreusotArgs { /// uses `result` as the trigger of definition and specification axioms of logic/ghost/predicate functions #[clap(long, default_value_t = false, action = clap::ArgAction::Set)] pub simple_triggers: bool, + /// Run why3 with the following configuration (Should start with "prove" or "ide") + #[clap(long)] + why3: Option, } /// Parse a single key-value pair @@ -97,6 +100,7 @@ impl CreusotArgs { span_mode: span_mode, match_str: self.focus_on, simple_triggers: self.simple_triggers, + why3_cmd: self.why3, } } } diff --git a/creusot/Cargo.toml b/creusot/Cargo.toml index b19ac556dd..34a4a5e0cc 100644 --- a/creusot/Cargo.toml +++ b/creusot/Cargo.toml @@ -15,6 +15,9 @@ toml = "0.5.8" why3 = { path = "../why3", features = ["serialize"] } clap = { version = "4.2", features = ["derive", "env"] } creusot-metadata = { path = "../creusot-metadata" } +include_dir = "0.7.3" +tempdir = "0.3.7" +serde_json = { version = "1.0" } lazy_static = "1.4.0" [dev-dependencies] diff --git a/creusot/src/backend.rs b/creusot/src/backend.rs index dae8c9a2ee..4ca5fea207 100644 --- a/creusot/src/backend.rs +++ b/creusot/src/backend.rs @@ -1,7 +1,7 @@ use indexmap::{IndexMap, IndexSet}; use rustc_hir::{def::DefKind, def_id::DefId}; use rustc_middle::ty::{AliasTy, GenericParamDef, GenericParamDefKind, TyCtxt}; -use rustc_span::DUMMY_SP; +use rustc_span::{RealFileName, Span, DUMMY_SP}; use why3::declaration::{Decl, TyDecl}; use crate::{ @@ -15,7 +15,9 @@ use std::{ ops::{Deref, DerefMut}, }; +use crate::{options::SpanMode, run_why3::SpanMap}; pub(crate) use clone_map::*; +use why3::Exp; use self::{ dependency::{Dependency, HackedId}, @@ -56,6 +58,7 @@ pub struct Why3Generator<'tcx> { functions: IndexMap, translated_items: IndexSet, in_translation: Vec>, + pub(crate) span_map: SpanMap, } impl<'tcx> Deref for Why3Generator<'tcx> { @@ -81,6 +84,7 @@ impl<'tcx> Why3Generator<'tcx> { functions: Default::default(), translated_items: Default::default(), in_translation: Default::default(), + span_map: Default::default(), } } @@ -270,8 +274,10 @@ impl<'tcx> Why3Generator<'tcx> { // self.functions.get(&tid) // } - pub(crate) fn modules(self) -> impl Iterator + 'tcx { - self.functions.into_iter() + pub(crate) fn modules<'a>( + &'a mut self, + ) -> impl Iterator + 'a { + self.functions.drain(..) } pub(crate) fn start_group(&mut self, ids: IndexSet) { @@ -345,6 +351,60 @@ impl<'tcx> Why3Generator<'tcx> { _ => false, } } + + pub(crate) fn span_attr(&mut self, span: Span) -> Option { + if span.is_dummy() { + return None; + } + if let Some(span) = self.span_map.encode_span(&self.ctx.opts, span) { + return Some(span); + }; + let lo = self.sess.source_map().lookup_char_pos(span.lo()); + let hi = self.sess.source_map().lookup_char_pos(span.hi()); + + let rustc_span::FileName::Real(path) = &lo.file.name else { return None }; + + // If we ask for relative paths and the paths comes from the standard library, then we prefer returning + // None, since the relative path of the stdlib is not stable. + let path = match (&self.opts.span_mode, path) { + (SpanMode::Relative, RealFileName::Remapped { .. }) => return None, + _ => path.local_path_if_available(), + }; + + let mut buf; + let path = if path.is_relative() { + buf = std::env::current_dir().unwrap(); + buf.push(path); + buf.as_path() + } else { + path + }; + + let filename = match self.opts.span_mode { + SpanMode::Absolute => path.to_string_lossy().into_owned(), + SpanMode::Relative => { + // Why3 treats the spans as relative to the session not the source file?? + format!("{}", self.opts.relative_to_output(&path).to_string_lossy()) + } + _ => return None, + }; + + Some(why3::declaration::Attribute::Span( + filename, + lo.line, + lo.col_display, + hi.line, + hi.col_display, + )) + } + + pub(crate) fn attach_span(&mut self, span: Span, exp: Exp) -> Exp { + if let Some(attr) = self.span_attr(span) { + Exp::Attr(attr, Box::new(exp)) + } else { + exp + } + } } // Closures inherit the generic parameters of the original function they were defined in, but diff --git a/creusot/src/backend/optimization.rs b/creusot/src/backend/optimization.rs index 637a02d592..38376d204a 100644 --- a/creusot/src/backend/optimization.rs +++ b/creusot/src/backend/optimization.rs @@ -77,7 +77,7 @@ impl<'a, 'tcx> LocalUsage<'a, 'tcx> { fn visit_statement(&mut self, b: &fmir::Statement<'tcx>) { match b { - fmir::Statement::Assignment(p, r) => { + fmir::Statement::Assignment(p, r, _) => { self.write_place(p); self.visit_rvalue(r) } @@ -218,13 +218,13 @@ impl<'tcx> SimplePropagator<'tcx> { for mut s in std::mem::take(&mut b.stmts) { self.visit_statement(&mut s); match s { - fmir::Statement::Assignment(l, fmir::RValue::Expr(r)) + fmir::Statement::Assignment(l, fmir::RValue::Expr(r), _) // we do not propagate calls to avoid moving them after the resolve of their arguments if self.should_propagate(l.local) && !self.usage[&l.local].used_in_pure_ctx && !r.is_call() => { self.prop.insert(l.local, r); self.dead.insert(l.local); } - fmir::Statement::Assignment(ref l, fmir::RValue::Expr(ref r)) if self.should_erase(l.local) && !r.is_call() && r.is_pure() => { + fmir::Statement::Assignment(ref l, fmir::RValue::Expr(ref r), _) if self.should_erase(l.local) && !r.is_call() && r.is_pure() => { self.dead.insert(l.local); } fmir::Statement::Resolve(_,_, ref p) => { @@ -242,13 +242,13 @@ impl<'tcx> SimplePropagator<'tcx> { fmir::Terminator::Goto(_) => {} fmir::Terminator::Switch(e, _) => self.visit_expr(e), fmir::Terminator::Return => {} - fmir::Terminator::Abort => {} + fmir::Terminator::Abort(_) => {} } } fn visit_statement(&mut self, s: &mut fmir::Statement<'tcx>) { match s { - fmir::Statement::Assignment(_, r) => self.visit_rvalue(r), + fmir::Statement::Assignment(_, r, _) => self.visit_rvalue(r), fmir::Statement::Resolve(_, _, p) => { if let Some(l) = p.as_symbol() && self.dead.contains(&l) { diff --git a/creusot/src/backend/place.rs b/creusot/src/backend/place.rs index 645d079065..20ce7fa879 100644 --- a/creusot/src/backend/place.rs +++ b/creusot/src/backend/place.rs @@ -7,7 +7,7 @@ use rustc_middle::{ mir::{self, tcx::PlaceTy, ProjectionElem}, ty::{self, Ty, TyCtxt, TyKind}, }; -use rustc_span::Symbol; +use rustc_span::{Span, Symbol}; use why3::{ exp::{ Exp::{self, *}, @@ -39,6 +39,7 @@ pub(crate) fn create_assign_inner<'tcx>( locals: &LocalDecls<'tcx>, lhs: &fmir::Place<'tcx>, rhs: Exp, + span: Span, ) -> mlcfg::Statement { let inner = create_assign_rec( ctx, @@ -51,7 +52,7 @@ pub(crate) fn create_assign_inner<'tcx>( rhs, ); - Assign { lhs: Ident::build(lhs.local.as_str()), rhs: inner } + Assign { lhs: Ident::build(lhs.local.as_str()), rhs: inner, attr: ctx.span_attr(span) } } fn create_assign_rec<'tcx>( diff --git a/creusot/src/backend/program.rs b/creusot/src/backend/program.rs index 0de00fd15b..f12200b002 100644 --- a/creusot/src/backend/program.rs +++ b/creusot/src/backend/program.rs @@ -27,7 +27,7 @@ use rustc_middle::{ mir::{BasicBlock, BinOp}, ty::TyKind, }; -use rustc_span::DUMMY_SP; +use rustc_span::{Span, DUMMY_SP}; use rustc_type_ir::{IntTy, UintTy}; use why3::{ declaration::{self, Attribute, CfgFunction, Decl, LetDecl, LetKind, Module}, @@ -241,7 +241,7 @@ fn lower_promoted<'tcx>( let exps: Vec<_> = bbd.stmts.into_iter().map(|s| s.to_why(ctx, names, &fmir.locals)).flatten().collect(); exp = exps.into_iter().rfold(exp, |acc, asgn| match asgn { - why3::mlcfg::Statement::Assign { lhs, rhs } => { + why3::mlcfg::Statement::Assign { lhs, rhs, attr: _ } => { Exp::Let { pattern: Pattern::VarP(lhs), arg: Box::new(rhs), body: Box::new(acc) } } why3::mlcfg::Statement::Assume(_) => acc, @@ -467,9 +467,9 @@ impl<'tcx> Expr<'tcx> { } } - fn invalidated_places(&self, places: &mut Vec>) { + fn invalidated_places(&self, places: &mut Vec<(fmir::Place<'tcx>, Span)>) { match &self.kind { - ExprKind::Move(p) => places.push(p.clone()), + ExprKind::Move(p) => places.push((p.clone(), self.span)), ExprKind::Copy(_) => {} ExprKind::BinOp(_, _, l, r) => { l.invalidated_places(places); @@ -540,7 +540,7 @@ impl<'tcx> Terminator<'tcx> { } }, Terminator::Return => {} - Terminator::Abort => {} + Terminator::Abort(_) => {} } } @@ -549,6 +549,7 @@ impl<'tcx> Terminator<'tcx> { ctx: &mut Why3Generator<'tcx>, names: &mut CloneMap<'tcx>, locals: &LocalDecls<'tcx>, + statements: &mut Vec, ) -> why3::mlcfg::Terminator { use why3::mlcfg::Terminator::*; match self { @@ -558,7 +559,11 @@ impl<'tcx> Terminator<'tcx> { branches.to_why(ctx, names, discr) } Terminator::Return => Return, - Terminator::Abort => Absurd, + Terminator::Abort(span) => { + let exp = ctx.attach_span(span, Exp::mk_false()); + statements.push(mlcfg::Statement::Assert(exp)); + Absurd + } } } } @@ -628,10 +633,10 @@ impl<'tcx> Block<'tcx> { names: &mut CloneMap<'tcx>, locals: &LocalDecls<'tcx>, ) -> why3::mlcfg::Block { - mlcfg::Block { - statements: self.stmts.into_iter().flat_map(|s| s.to_why(ctx, names, locals)).collect(), - terminator: self.terminator.to_why(ctx, names, locals), - } + let mut statements = + self.stmts.into_iter().flat_map(|s| s.to_why(ctx, names, locals)).collect(); + let terminator = self.terminator.to_why(ctx, names, locals, &mut statements); + mlcfg::Block { statements, terminator } } } @@ -654,7 +659,7 @@ impl<'tcx> Statement<'tcx> { locals: &LocalDecls<'tcx>, ) -> Vec { match self { - Statement::Assignment(lhs, RValue::Borrow(rhs)) => { + Statement::Assignment(lhs, RValue::Borrow(rhs), span) => { let borrow = Exp::Call( Box::new(Exp::impure_qvar(QName::from_string("Borrow.borrow_mut").unwrap())), vec![rhs.as_rplace(ctx, names, locals)], @@ -662,24 +667,32 @@ impl<'tcx> Statement<'tcx> { let reassign = Exp::Final(Box::new(lhs.as_rplace(ctx, names, locals))); vec![ - place::create_assign_inner(ctx, names, locals, &lhs, borrow), - place::create_assign_inner(ctx, names, locals, &rhs, reassign), + place::create_assign_inner(ctx, names, locals, &lhs, borrow, span), + place::create_assign_inner(ctx, names, locals, &rhs, reassign, span), ] } - Statement::Assignment(lhs, RValue::Ghost(rhs)) => { + Statement::Assignment(lhs, RValue::Ghost(rhs), span) => { let ghost = lower_pure(ctx, names, rhs); - vec![place::create_assign_inner(ctx, names, locals, &lhs, ghost)] + vec![place::create_assign_inner(ctx, names, locals, &lhs, ghost, span)] } - Statement::Assignment(lhs, RValue::Expr(rhs)) => { + Statement::Assignment(lhs, RValue::Expr(rhs), span) => { let mut invalid = Vec::new(); rhs.invalidated_places(&mut invalid); let rhs = rhs.to_why(ctx, names, locals); - let mut exps = vec![place::create_assign_inner(ctx, names, locals, &lhs, rhs)]; - for pl in invalid { + let mut exps = + vec![place::create_assign_inner(ctx, names, locals, &lhs, rhs, span)]; + for (pl, pl_span) in invalid { let ty = pl.ty(ctx.tcx, locals); - let ty = translate_ty(ctx, names, DUMMY_SP, ty); - exps.push(place::create_assign_inner(ctx, names, locals, &pl, Exp::Any(ty))); + let ty = translate_ty(ctx, names, pl_span.substitute_dummy(span), ty); + exps.push(place::create_assign_inner( + ctx, + names, + locals, + &pl, + Exp::Any(ty), + pl_span, + )); } exps } diff --git a/creusot/src/ctx.rs b/creusot/src/ctx.rs index f4ba61089d..802b44af58 100644 --- a/creusot/src/ctx.rs +++ b/creusot/src/ctx.rs @@ -7,7 +7,7 @@ use crate::{ creusot_items::{self, CreusotItems}, error::{CrErr, CreusotResult, Error}, metadata::{BinaryMetadata, Metadata}, - options::{Options, SpanMode}, + options::Options, translation::{ self, external::{extract_extern_specs_from_item, ExternSpec}, @@ -35,10 +35,9 @@ use rustc_middle::{ Visibility, }, }; -use rustc_span::{RealFileName, Span, Symbol, DUMMY_SP}; +use rustc_span::{Span, Symbol, DUMMY_SP}; use rustc_trait_selection::traits::SelectionContext; pub(crate) use util::{module_name, ItemType}; -use why3::exp::Exp; pub(crate) use crate::translated_item::*; @@ -391,54 +390,6 @@ impl<'tcx, 'sess> TranslationCtx<'tcx> { } } - pub(crate) fn span_attr(&self, span: Span) -> Option { - let lo = self.sess.source_map().lookup_char_pos(span.lo()); - let hi = self.sess.source_map().lookup_char_pos(span.hi()); - - let rustc_span::FileName::Real(path) = &lo.file.name else { return None }; - - // If we ask for relative paths and the paths comes from the standard library, then we prefer returning - // None, since the relative path of the stdlib is not stable. - let path = match (&self.opts.span_mode, path) { - (SpanMode::Relative, RealFileName::Remapped { .. }) => return None, - _ => path.local_path_if_available(), - }; - - let mut buf; - let path = if path.is_relative() { - buf = std::env::current_dir().unwrap(); - buf.push(path); - buf.as_path() - } else { - path - }; - - let filename = match self.opts.span_mode { - SpanMode::Absolute => path.to_string_lossy().into_owned(), - SpanMode::Relative => { - // Why3 treats the spans as relative to the session not the source file?? - format!("{}", self.opts.relative_to_output(&path).to_string_lossy()) - } - _ => return None, - }; - - Some(why3::declaration::Attribute::Span( - filename, - lo.line, - lo.col_display, - hi.line, - hi.col_display, - )) - } - - pub(crate) fn attach_span(&self, span: Span, exp: Exp) -> Exp { - if let Some(attr) = self.span_attr(span) { - Exp::Attr(attr, Box::new(exp)) - } else { - exp - } - } - pub(crate) fn check_purity(&mut self, def_id: LocalDefId) { let (thir, expr) = self.tcx.thir_body(def_id).unwrap_or_else(|_| Error::from(CrErr).emit(self.tcx.sess)); diff --git a/creusot/src/lib.rs b/creusot/src/lib.rs index f68eaaf7ba..3ac9dcf016 100644 --- a/creusot/src/lib.rs +++ b/creusot/src/lib.rs @@ -5,6 +5,7 @@ #[macro_use] extern crate log; extern crate rustc_ast; +extern crate rustc_ast_pretty; extern crate rustc_borrowck; extern crate rustc_data_structures; extern crate rustc_driver; @@ -48,5 +49,6 @@ use translation::*; mod error; pub(crate) mod lints; pub(crate) mod metadata; +mod run_why3; mod translated_item; mod validate; diff --git a/creusot/src/options.rs b/creusot/src/options.rs index 1b36a9415c..c178063589 100644 --- a/creusot/src/options.rs +++ b/creusot/src/options.rs @@ -21,6 +21,7 @@ pub struct Options { pub span_mode: SpanMode, pub match_str: Option, pub simple_triggers: bool, + pub why3_cmd: Option, } #[derive(Debug, Clone)] diff --git a/creusot/src/run_why3.rs b/creusot/src/run_why3.rs new file mode 100644 index 0000000000..9803ad9b84 --- /dev/null +++ b/creusot/src/run_why3.rs @@ -0,0 +1,355 @@ +use crate::{backend::Why3Generator, options::Options}; +use include_dir::{include_dir, Dir}; +use rustc_ast::{ + mut_visit::DummyAstNode, + ptr::P, + token::{Lit, LitKind}, + Block, Expr, ExprKind, Pat, PatKind, PathSegment, Ty, TyKind, DUMMY_NODE_ID, +}; +use rustc_ast_pretty::pprust::expr_to_string; +use rustc_span::{ + def_id::LocalDefId, source_map::dummy_spanned, symbol::Ident, BytePos, Span, Symbol, + SyntaxContext, DUMMY_SP, +}; +use serde_json::Deserializer; +use std::{ + collections::{hash_map::Entry, HashMap}, + fmt::Write, + io::BufReader, + path::PathBuf, + process::{Command, Stdio}, +}; +use tempdir::TempDir; +use why3::ce_models::{ConcreteTerm, FunLitElt, Goal, Loc, ProverResult, TBool, Term, Why3Span}; + +static PRELUDE: Dir<'static> = include_dir!("$CARGO_MANIFEST_DIR/../prelude"); + +pub(super) fn run_why3<'tcx>(ctx: &Why3Generator<'tcx>, file: Option) { + let Some(why3_cmd) = &ctx.opts.why3_cmd else { + return + }; + let mut why3_cmd = why3_cmd.split_ascii_whitespace(); + let Some(base_cmd) = why3_cmd.next() else {ctx.crash_and_error(DUMMY_SP, "why3 command must not be empty")}; + let Some(output_file) = file else {ctx.crash_and_error(DUMMY_SP, "cannot run why3 without file")}; + let prelude_dir = TempDir::new("creusot_why3_prelude").expect("could not create temp dir"); + PRELUDE.extract(prelude_dir.path()).expect("could extract prelude into temp dir"); + let mut command = Command::new("why3"); + command + .args([ + "--warn-off=unused_variable", + "--warn-off=clone_not_abstract", + "--warn-off=axiom_abstract", + base_cmd, + "-L", + ]) + .arg(prelude_dir.path().as_os_str()) + .arg(&output_file) + .args(why3_cmd); + + if base_cmd == "prove" { + command.arg("--json"); + let span_map = &ctx.span_map; + let mut child = command.stdout(Stdio::piped()).spawn().expect("could not run why3"); + let mut stdout = BufReader::new(child.stdout.take().unwrap()); + let de = Deserializer::from_reader(&mut stdout); + for value in de.into_iter::() { + match value { + Ok(x) => { + let ProverResult { answer, step, time, .. } = &x.prover_result; + if answer != "Valid" { + let span = span_map.decode_span(&x.term.loc); + let msg = format!( + "Prover reported {answer:?} (time: {time:?}, steps: {step:?}) when trying to solve goal {:?} {:?}", + x.term.goal_name, x.term.explanations + ); + ctx.error(span.unwrap_or_default(), &msg); + for model in x.prover_result.model_elems() { + let span = span_map.decode_span(&model.location); + let mut msg = format!("Model Element for {}\n", model.lsymbol.name); + if span.is_none() { + writeln!(msg, "Span: {:?}", &model.location).unwrap(); + } + writeln!(msg, "Type: {:?}", model.value.value_type).unwrap(); + let term = term_to_ast(&model.value.value_term); + writeln!(msg, "Term: {}", expr_to_string(&term)).unwrap(); + let cterm = cterm_to_ast(&model.value.value_concrete_term); + writeln!(msg, "Concrete Term: {}", expr_to_string(&cterm)).unwrap(); + ctx.sess.span_note_without_error(span.unwrap_or_default(), msg) + } + } + } + Err(err) => { + let msg = format!("error parsing why3 output {err:?}"); + ctx.error(DUMMY_SP, &msg) + } + } + } + if !child.wait().expect("could not close why3").success() { + ctx.crash_and_error(DUMMY_SP, "why3 did not exit successfully") + }; + } else { + command.status().expect("could not run why3"); + ctx.crash_and_error(DUMMY_SP, "did not run why3 prove") + } +} + +pub type SpanData = (SyntaxContext, Option); + +#[derive(Debug, Default)] +pub struct SpanMap { + vec: Vec, + map: HashMap, +} + +impl SpanMap { + fn encode_span_data(&mut self, s: SpanData) -> usize { + let SpanMap { vec, map } = self; + match map.entry(s) { + Entry::Vacant(v) => { + let i = vec.len(); + v.insert(i); + vec.push(s); + i + } + Entry::Occupied(o) => *o.get(), + } + } + + fn decode_span_data(&self, s: usize) -> SpanData { + self.vec[s] + } + + pub(crate) fn encode_span( + &mut self, + opts: &Options, + span: Span, + ) -> Option { + if let Some(cmd) = &opts.why3_cmd && cmd.starts_with("prove") { + let data = span.data(); + Some(why3::declaration::Attribute::Span( + "rustc_span".into(), + data.lo.0 as usize, + data.hi.0 as usize, + self.encode_span_data((data.ctxt, data.parent)), + 0 + )) + } else { + None + } + } + + fn decode_span(&self, loc: &Loc) -> Option { + match loc { + Loc::Span(Why3Span { file_name, start_line, start_char, end_line, .. }) + if file_name == "rustc_span" => + { + let data = self.decode_span_data(*end_line as usize); + Some(Span::new(BytePos(*start_line), BytePos(*start_char), data.0, data.1)) + } + _ => None, + } + } +} + +fn exp(kind: ExprKind) -> Expr { + Expr { id: DUMMY_NODE_ID, kind, span: DUMMY_SP, attrs: Default::default(), tokens: None } +} + +fn pat(kind: PatKind) -> Pat { + Pat { id: DUMMY_NODE_ID, kind, span: DUMMY_SP, tokens: None } +} + +fn ty(kind: TyKind) -> Ty { + Ty { id: DUMMY_NODE_ID, kind, span: DUMMY_SP, tokens: None } +} + +fn ident(name: &str) -> Ident { + Ident { name: Symbol::intern(name), span: DUMMY_SP } +} + +fn name_to_path(name: &str) -> Expr { + let segments = name.split(".").into_iter().map(|x| PathSegment::from_ident(ident(x))).collect(); + exp(ExprKind::Path(None, rustc_ast::Path { span: DUMMY_SP, segments, tokens: None })) +} + +fn lit(name: &str, kind: LitKind, suffix: Option<&str>) -> Expr { + exp(ExprKind::Lit(Lit { + kind, + symbol: Symbol::intern(name), + suffix: suffix.map(Symbol::intern), + })) +} + +fn fun<'a>(args: impl IntoIterator, body: Expr) -> Expr { + exp(ExprKind::Closure(Box::new(rustc_ast::Closure { + binder: rustc_ast::ClosureBinder::NotPresent, + capture_clause: rustc_ast::CaptureBy::Ref, + constness: rustc_ast::Const::No, + asyncness: rustc_ast::Async::No, + movability: rustc_ast::Movability::Movable, + fn_decl: P(rustc_ast::FnDecl { + inputs: args + .into_iter() + .map(|x| rustc_ast::Param { + attrs: Default::default(), + ty: P(ty(TyKind::Infer)), + pat: P(pat(PatKind::Ident(rustc_ast::BindingAnnotation::NONE, ident(x), None))), + id: DUMMY_NODE_ID, + span: DUMMY_SP, + is_placeholder: false, + }) + .collect(), + output: rustc_ast::FnRetTy::Default(DUMMY_SP), + }), + body: P(body), + fn_decl_span: DUMMY_SP, + fn_arg_span: DUMMY_SP, + }))) +} + +fn app(f: &str, args: impl IntoIterator) -> Expr { + let mut v: Vec<_> = args.into_iter().map(|x| P(x)).collect(); + + let take = |x: &mut P| std::mem::replace(&mut **x, Expr::dummy()); + match (f, &mut *v) { + ("(=)" | "=", [t1, t2]) => binop("=", [t1, t2].map(take)), + _ => exp(ExprKind::Call(P(name_to_path(f)), v.into())), + } +} + +fn block(exp: Expr) -> Block { + let stmt = rustc_ast::Stmt { + id: DUMMY_NODE_ID, + kind: rustc_ast::StmtKind::Expr(P(exp)), + span: DUMMY_SP, + }; + Block { + stmts: [stmt].into_iter().collect(), + id: DUMMY_NODE_ID, + rules: rustc_ast::BlockCheckMode::Default, + span: Default::default(), + tokens: None, + could_be_bare_literal: false, + } +} +fn ite([ift, then, elset]: [Expr; 3]) -> Expr { + let elset = match elset.kind { + ExprKind::If(..) => elset, + _ => exp(ExprKind::Block(P(block(elset)), None)), + }; + + exp(ExprKind::If(P(ift), P(block(then)), Some(P(elset)))) +} + +fn binop(op: &str, [t1, t2]: [Expr; 2]) -> Expr { + use rustc_ast::BinOpKind::*; + let op = match op { + "+" => Add, + "-" => Sub, + "*" => Mul, + "=" => Eq, + "==" => Eq, + "/" => Div, + "&&" => And, + "/\\" => And, + "||" => Or, + "\\/" => Or, + "And" => And, + "Tand" => And, + "Or" => Or, + "Tor" => Or, + _ => { + warn!("unsupported Binop {op}"); + BitXor + } + }; + exp(ExprKind::Binary(dummy_spanned(op), P(t1), P(t2))) +} + +fn not(t: Expr) -> Expr { + let op = rustc_ast::UnOp::Not; + exp(ExprKind::Unary(op, P(t))) +} + +fn term_to_ast(t: &Term) -> Expr { + match t { + Term::Var(v) => name_to_path(&*v.vs_name), + Term::Const { ty: _ty, val } => lit(val, LitKind::Integer, None), + Term::App { ls, args } => app(ls, args.into_iter().map(|x| term_to_ast(x))), + Term::If { ift, then, elset } => ite([ift, then, elset].map(|x| term_to_ast(x))), + Term::Eps { vs, t } => app("eps!", [fun([&*vs.vs_name], term_to_ast(&*t))]), + Term::Fun { args, body } => fun(args.iter().map(|x| &*x.vs_name), term_to_ast(body)), + Term::Quant { quant, vs, t } => { + app(quant, [fun(vs.iter().map(|x| &*x.vs_name), term_to_ast(&*t))]) + } + Term::Binop { binop: op, t1, t2 } => binop(op, [t1, t2].map(|x| term_to_ast(x))), + Term::Not(t) => not(term_to_ast(t)), + Term::Let(x) => app("let!", [name_to_path(x)]), + Term::Case(x) => app("case!", [name_to_path(x)]), + Term::Bool(TBool::True) => lit("true", LitKind::Bool, None), + Term::Bool(TBool::False) => lit("false", LitKind::Bool, None), + _ => lit(&format!("{t:?}"), LitKind::Str, None), + } +} + +fn fun_lit_elt_to_ast(elt: &FunLitElt) -> P { + P(exp(ExprKind::Tup( + [&elt.indice, &elt.value].into_iter().map(|x| P(cterm_to_ast(x))).collect(), + ))) +} + +fn cterm_to_ast(t: &ConcreteTerm) -> Expr { + match t { + ConcreteTerm::Var(v) => name_to_path(&*v), + ConcreteTerm::Integer(n) => lit(&n.int_value, LitKind::Integer, None), + ConcreteTerm::Boolean(b) => lit(&b.to_string(), LitKind::Bool, None), + ConcreteTerm::App { ls, args } => app(ls, args.into_iter().map(|x| cterm_to_ast(x))), + ConcreteTerm::If { ift, then, elset } => ite([ift, then, elset].map(|x| cterm_to_ast(x))), + ConcreteTerm::String(s) => lit(&format!("{s:?}"), LitKind::Str, None), + ConcreteTerm::Eps { var, t } => app("eps!", [fun([&**var], cterm_to_ast(&*t))]), + ConcreteTerm::Fun { args, body } => fun(args.iter().map(|x| &**x), cterm_to_ast(body)), + ConcreteTerm::Quant { quant, vs, t } => { + app(quant, [fun(vs.iter().map(|x| &**x), cterm_to_ast(&*t))]) + } + ConcreteTerm::Binop { binop: op, t1, t2 } => binop(op, [t1, t2].map(|x| cterm_to_ast(x))), + ConcreteTerm::Not(t) => not(cterm_to_ast(t)), + ConcreteTerm::FunctionLiteral { elts, other } => { + let arr = exp(ExprKind::Array(elts.into_iter().map(fun_lit_elt_to_ast).collect())); + app("funlit!", [arr, cterm_to_ast(other)]) + } + ConcreteTerm::Proj { name, value } => match (&**name, &**value) { + ("prelude.UInt8.uint8'int", ConcreteTerm::Integer(n)) => { + lit(&n.int_value, LitKind::Integer, Some("u8")) + } + ("prelude.UInt16.uint16'int", ConcreteTerm::Integer(n)) => { + lit(&n.int_value, LitKind::Integer, Some("u16")) + } + ("mach.int.UInt32Gen.uint32'int", ConcreteTerm::Integer(n)) => { + lit(&n.int_value, LitKind::Integer, Some("u32")) + } + ("mach.int.UInt64Gen.uint64'int", ConcreteTerm::Integer(n)) => { + lit(&n.int_value, LitKind::Integer, Some("u64")) + } + ("prelude.UInt128.uint16'int", ConcreteTerm::Integer(n)) => { + lit(&n.int_value, LitKind::Integer, Some("u128")) + } + ("prelude.Int8.int8'int", ConcreteTerm::Integer(n)) => { + lit(&n.int_value, LitKind::Integer, Some("i8")) + } + ("prelude.Int16.int16'int", ConcreteTerm::Integer(n)) => { + lit(&n.int_value, LitKind::Integer, Some("i16")) + } + ("mach.int.Int32.int32'int", ConcreteTerm::Integer(n)) => { + lit(&n.int_value, LitKind::Integer, Some("i32")) + } + ("mach.int.Int64.int64'int", ConcreteTerm::Integer(n)) => { + lit(&n.int_value, LitKind::Integer, Some("i64")) + } + ("prelude.Int128.int128'int", ConcreteTerm::Integer(n)) => { + lit(&n.int_value, LitKind::Integer, Some("i128")) + } + _ => app("proj!", [name_to_path(name), cterm_to_ast(value)]), + }, + _ => lit(&format!("{t:?}"), LitKind::Str, None), + } +} diff --git a/creusot/src/translation.rs b/creusot/src/translation.rs index a1289caa20..3984854d3f 100644 --- a/creusot/src/translation.rs +++ b/creusot/src/translation.rs @@ -90,10 +90,11 @@ pub(crate) fn after_analysis(ctx: TranslationCtx) -> Result<(), Box> } if why3.should_compile() { + use crate::run_why3::run_why3; use std::fs::File; - let mut out: Box = match why3.opts.output_file { - Some(OutputFile::File(ref f)) => Box::new(std::io::BufWriter::new(File::create(f)?)), - Some(OutputFile::Stdout) => Box::new(std::io::stdout()), + let file = match why3.opts.output_file { + Some(OutputFile::File(ref f)) => Some(f.clone().into()), + Some(OutputFile::Stdout) => None, None => { let outputs = why3.output_filenames(()); let crate_name = why3.crate_name(LOCAL_CRATE); @@ -108,15 +109,19 @@ pub(crate) fn after_analysis(ctx: TranslationCtx) -> Result<(), Box> } else { outputs.out_directory.clone() }; - let out_path = directory.join(&libname); - Box::new(std::io::BufWriter::new(File::create(out_path)?)) + Some(directory.join(&libname)) } }; + let mut out: Box = match &file { + Some(f) => Box::new(std::io::BufWriter::new(File::create(f)?)), + None => Box::new(std::io::stdout()), + }; let matcher = why3.opts.match_str.clone(); let matcher: &str = matcher.as_ref().map(|s| &s[..]).unwrap_or(""); let tcx = why3.tcx; - let modules = why3.modules().flat_map(|(id, item)| { + let modules = why3.modules(); + let modules = modules.flat_map(|(id, item)| { if let TransId::Item(did) = id && tcx.def_path_str(did).contains(matcher) { item.modules() } else { @@ -126,6 +131,8 @@ pub(crate) fn after_analysis(ctx: TranslationCtx) -> Result<(), Box> let crate_name = tcx.crate_name(LOCAL_CRATE).to_string().to_upper_camel_case(); print_crate(&mut out, crate_name, modules)?; + drop(out); //flush the buffer before running why3 + run_why3(&why3, file); } debug!("after_analysis_dump: {:?}", start.elapsed()); diff --git a/creusot/src/translation/fmir.rs b/creusot/src/translation/fmir.rs index bb6afde469..56c6218c48 100644 --- a/creusot/src/translation/fmir.rs +++ b/creusot/src/translation/fmir.rs @@ -38,7 +38,7 @@ impl<'tcx> Place<'tcx> { #[derive(Clone, Debug)] pub enum Statement<'tcx> { - Assignment(Place<'tcx>, RValue<'tcx>), + Assignment(Place<'tcx>, RValue<'tcx>, Span), // TODO: Remove `Resolve` and replace it with `Assume`. // The reason I have not done this yet is that it would require transforming a `Place` to a `Term`. Resolve(DefId, SubstsRef<'tcx>, Place<'tcx>), @@ -130,7 +130,7 @@ pub enum Terminator<'tcx> { Goto(BasicBlock), Switch(Expr<'tcx>, Branches<'tcx>), Return, - Abort, + Abort(Span), } #[derive(Clone)] diff --git a/creusot/src/translation/function.rs b/creusot/src/translation/function.rs index 7241c61b7b..8a7c1f2afe 100644 --- a/creusot/src/translation/function.rs +++ b/creusot/src/translation/function.rs @@ -32,7 +32,7 @@ use rustc_middle::{ EarlyBinder, ParamEnv, Ty, TyCtxt, TyKind, UpvarCapture, }, }; -use rustc_span::{Symbol, DUMMY_SP}; +use rustc_span::{Span, Symbol, DUMMY_SP}; use std::{collections::HashMap, iter, rc::Rc}; // use why3::declaration::*; @@ -230,9 +230,9 @@ impl<'body, 'tcx> BodyTranslator<'body, 'tcx> { self.current_block.1 = Some(t); } - fn emit_borrow(&mut self, lhs: &Place<'tcx>, rhs: &Place<'tcx>) { + fn emit_borrow(&mut self, lhs: &Place<'tcx>, rhs: &Place<'tcx>, span: Span) { let p = self.translate_place(*rhs); - self.emit_assignment(lhs, fmir::RValue::Borrow(p)); + self.emit_assignment(lhs, fmir::RValue::Borrow(p), span); let rhs_ty = rhs.ty(self.body, self.ctx.tcx).ty; if let Some((_, s)) = self.ctx.type_invariant(self.body_id.def_id(), rhs_ty) { @@ -241,13 +241,13 @@ impl<'body, 'tcx> BodyTranslator<'body, 'tcx> { } } - fn emit_ghost_assign(&mut self, lhs: Place<'tcx>, rhs: Term<'tcx>) { - self.emit_assignment(&lhs, fmir::RValue::Ghost(rhs)) + fn emit_ghost_assign(&mut self, lhs: Place<'tcx>, rhs: Term<'tcx>, span: Span) { + self.emit_assignment(&lhs, fmir::RValue::Ghost(rhs), span) } - fn emit_assignment(&mut self, lhs: &Place<'tcx>, rhs: RValue<'tcx>) { + fn emit_assignment(&mut self, lhs: &Place<'tcx>, rhs: RValue<'tcx>, span: Span) { let p = self.translate_place(*lhs); - self.emit_statement(fmir::Statement::Assignment(p, rhs)); + self.emit_statement(fmir::Statement::Assignment(p, rhs, span)); } // Inserts resolves for locals which died over the course of a goto or switch diff --git a/creusot/src/translation/function/statement.rs b/creusot/src/translation/function/statement.rs index 1ea4b566c6..68ade35525 100644 --- a/creusot/src/translation/function/statement.rs +++ b/creusot/src/translation/function/statement.rs @@ -67,14 +67,14 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { ) { let ty = rvalue.ty(self.body, self.tcx); let span = si.span; - let rval: Expr<'tcx> = match rvalue { + let rval: ExprKind<'tcx> = match rvalue { Rvalue::Use(op) => match op { - Move(_pl) | Copy(_pl) => self.translate_operand(op), + Move(_pl) | Copy(_pl) => self.translate_operand(op).kind, Constant(box c) => { if ghost_closure_id(self.tcx, c.literal.ty()).is_some() { return; }; - crate::constant::from_mir_constant(self.param_env(), self.ctx, c) + crate::constant::from_mir_constant(self.param_env(), self.ctx, c).kind } }, Rvalue::Ref(_, ss, pl) => match ss { @@ -83,20 +83,14 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { return; } - Expr { - kind: ExprKind::Copy( - self.translate_place(self.compute_ref_place(*pl, loc)), - ), - span, - ty, - } + ExprKind::Copy(self.translate_place(self.compute_ref_place(*pl, loc))) } Mut { .. } => { if self.erased_locals.contains(pl.local) { return; } - self.emit_borrow(place, pl); + self.emit_borrow(place, pl, span); return; } }, @@ -105,28 +99,23 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { self.ctx.crash_and_error(si.span, "bitwise operations are currently unsupported") } Rvalue::BinaryOp(op, box (l, r)) | Rvalue::CheckedBinaryOp(op, box (l, r)) => { - let kind = ExprKind::BinOp( + ExprKind::BinOp( *op, l.ty(self.body, self.tcx), Box::new(self.translate_operand(l)), Box::new(self.translate_operand(r)), - ); - - Expr { kind, ty, span } - } - Rvalue::UnaryOp(op, v) => { - let kind = ExprKind::UnaryOp( - *op, - v.ty(self.body, self.tcx), - Box::new(self.translate_operand(v)), - ); - Expr { kind, ty, span } + ) } + Rvalue::UnaryOp(op, v) => ExprKind::UnaryOp( + *op, + v.ty(self.body, self.tcx), + Box::new(self.translate_operand(v)), + ), Rvalue::Aggregate(box kind, ops) => { use rustc_middle::mir::AggregateKind::*; let fields = ops.iter().map(|op| self.translate_operand(op)).collect(); - let kind = match kind { + match kind { Tuple => ExprKind::Tuple(fields), Adt(adt, varix, subst, _, _) => { // self.ctx.translate(*adt); @@ -162,9 +151,7 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { si.span, &format!("the rvalue {:?} is not currently supported", kind), ), - }; - - Expr { kind, ty, span } + } } Rvalue::Len(pl) => { let e = Expr { @@ -172,33 +159,21 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { ty: pl.ty(self.body, self.tcx).ty, span: DUMMY_SP, }; - let kind = ExprKind::Len(Box::new(e)); - - Expr { kind, ty, span } + ExprKind::Len(Box::new(e)) } Rvalue::Cast(CastKind::IntToInt | CastKind::PtrToPtr, op, cast_ty) => { let op_ty = op.ty(self.body, self.tcx); - let kind = ExprKind::Cast(Box::new(self.translate_operand(op)), op_ty, *cast_ty); - Expr { kind, ty, span } - } - Rvalue::Repeat(op, len) => { - let kind = ExprKind::Repeat( - Box::new(self.translate_operand(op)), - Box::new(crate::constant::from_ty_const( - self.ctx, - *len, - self.param_env(), - si.span, - )), - ); - - Expr { kind, ty, span } + ExprKind::Cast(Box::new(self.translate_operand(op)), op_ty, *cast_ty) } + Rvalue::Repeat(op, len) => ExprKind::Repeat( + Box::new(self.translate_operand(op)), + Box::new(crate::constant::from_ty_const(self.ctx, *len, self.param_env(), si.span)), + ), Rvalue::Cast(CastKind::Pointer(PointerCast::Unsize), op, ty) => { if let Some(t) = ty.builtin_deref(true) && t.ty.is_slice() { // treat &[T; N] to &[T] casts as normal assignments - self.translate_operand(op) + self.translate_operand(op).kind } else { // TODO: Since we don't do anything with casts into `dyn` objects, just ignore them return; @@ -229,6 +204,7 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { &format!("MIR code used an unsupported Rvalue {:?}", rvalue), ), }; + let rval = Expr { span, ty, kind: rval }; if let Some(resolver) = &mut self.resolver { let need_resolve_before = resolver.need_resolve_locals_before(loc); @@ -238,7 +214,7 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { self.emit_resolve(*place); } - self.emit_assignment(place, RValue::Expr(rval)); + self.emit_assignment(place, RValue::Expr(rval), span); // Check if the local is a zombie: // if lhs local is dead after the assignment, emit resolve @@ -246,7 +222,7 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { self.emit_resolve(*place); } } else { - self.emit_assignment(place, RValue::Expr(rval)); + self.emit_assignment(place, RValue::Expr(rval), span); } } diff --git a/creusot/src/translation/function/terminator.rs b/creusot/src/translation/function/terminator.rs index 42e4354f0d..7c3c46be56 100644 --- a/creusot/src/translation/function/terminator.rs +++ b/creusot/src/translation/function/terminator.rs @@ -60,13 +60,13 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { self.emit_terminator(switch); } - Terminate => self.emit_terminator(Terminator::Abort), + Terminate => self.emit_terminator(Terminator::Abort(terminator.source_info.span)), Return => self.emit_terminator(Terminator::Return), - Unreachable => self.emit_terminator(Terminator::Abort), + Unreachable => self.emit_terminator(Terminator::Abort(terminator.source_info.span)), Call { func, args, destination, target, .. } => { if target.is_none() { // If we have no target block after the call, then we cannot move past it. - self.emit_terminator(Terminator::Abort); + self.emit_terminator(Terminator::Abort(terminator.source_info.span)); return; } @@ -78,7 +78,7 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { let mut assertion = self.assertions.remove(def_id).unwrap(); assertion.subst(&inv_subst(self.body, &self.locals, terminator.source_info)); self.check_ghost_term(&assertion, location); - self.emit_ghost_assign(*destination, assertion); + self.emit_ghost_assign(*destination, assertion, span); self.emit_terminator(Terminator::Goto(target.unwrap())); return; } @@ -129,7 +129,7 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { }; let (loc, bb) = (destination, target.unwrap()); - self.emit_assignment(&loc, RValue::Expr(call_exp)); + self.emit_assignment(&loc, RValue::Expr(call_exp), span); self.emit_terminator(Terminator::Goto(bb)); } Assert { cond, expected, msg, target, unwind: _ } => { diff --git a/creusot/tests/should_fail/bug/01_resolve_unsoundness.mlcfg b/creusot/tests/should_fail/bug/01_resolve_unsoundness.mlcfg index d8ba96c7ea..05bb45830a 100644 --- a/creusot/tests/should_fail/bug/01_resolve_unsoundness.mlcfg +++ b/creusot/tests/should_fail/bug/01_resolve_unsoundness.mlcfg @@ -49,7 +49,7 @@ module C01ResolveUnsoundness_MakeVecOfSize val inv3 (_x : Seq.seq bool) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../01_resolve_unsoundness.rs" 1 0 1 0] forall x : Seq.seq bool . inv3 x = true + axiom inv3 : forall x : Seq.seq bool . inv3 x = true predicate invariant2 (self : bool) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : bool) : bool @@ -59,7 +59,7 @@ module C01ResolveUnsoundness_MakeVecOfSize val inv2 (_x : bool) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../01_resolve_unsoundness.rs" 1 0 1 0] forall x : bool . inv2 x = true + axiom inv2 : forall x : bool . inv2 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Borrow @@ -72,7 +72,7 @@ module C01ResolveUnsoundness_MakeVecOfSize val inv1 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../01_resolve_unsoundness.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) . inv1 x = true + axiom inv1 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) . inv1 x = true use prelude.UIntSize use prelude.Int use prelude.UIntSize @@ -94,7 +94,7 @@ module C01ResolveUnsoundness_MakeVecOfSize val invariant0 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../01_resolve_unsoundness.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use seq.Seq function shallow_model2 (self : borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global))) : Seq.seq bool @@ -126,11 +126,11 @@ module C01ResolveUnsoundness_MakeVecOfSize goto BB0 } BB0 { - out <- ([#"../01_resolve_unsoundness.rs" 10 29 10 39] new0 ()); + [#"../01_resolve_unsoundness.rs" 10 29 10 39] out <- ([#"../01_resolve_unsoundness.rs" 10 29 10 39] new0 ()); goto BB1 } BB1 { - i <- ([#"../01_resolve_unsoundness.rs" 11 16 11 17] [#"../01_resolve_unsoundness.rs" 11 16 11 17] (0 : usize)); + [#"../01_resolve_unsoundness.rs" 11 16 11 17] i <- ([#"../01_resolve_unsoundness.rs" 11 16 11 17] [#"../01_resolve_unsoundness.rs" 11 16 11 17] (0 : usize)); goto BB2 } BB2 { @@ -138,25 +138,25 @@ module C01ResolveUnsoundness_MakeVecOfSize goto BB3 } BB3 { - switch ([#"../01_resolve_unsoundness.rs" 13 10 13 16] i <= n) + switch ([#"../01_resolve_unsoundness.rs" 13 10 13 16] ([#"../01_resolve_unsoundness.rs" 13 10 13 11] i) <= ([#"../01_resolve_unsoundness.rs" 13 15 13 16] n)) | False -> goto BB6 | True -> goto BB4 end } BB4 { - _13 <- Borrow.borrow_mut out; - out <- ^ _13; - _12 <- ([#"../01_resolve_unsoundness.rs" 14 8 14 23] push0 _13 ([#"../01_resolve_unsoundness.rs" 14 17 14 22] [#"../01_resolve_unsoundness.rs" 14 17 14 22] false)); + [#"../01_resolve_unsoundness.rs" 14 8 14 23] _13 <- Borrow.borrow_mut out; + [#"../01_resolve_unsoundness.rs" 14 8 14 23] out <- ^ _13; + [#"../01_resolve_unsoundness.rs" 14 8 14 23] _12 <- ([#"../01_resolve_unsoundness.rs" 14 8 14 23] push0 _13 ([#"../01_resolve_unsoundness.rs" 14 17 14 22] [#"../01_resolve_unsoundness.rs" 14 17 14 22] false)); _13 <- any borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)); goto BB5 } BB5 { - i <- ([#"../01_resolve_unsoundness.rs" 15 8 15 14] i + ([#"../01_resolve_unsoundness.rs" 15 13 15 14] [#"../01_resolve_unsoundness.rs" 15 13 15 14] (1 : usize))); + [#"../01_resolve_unsoundness.rs" 15 8 15 14] i <- ([#"../01_resolve_unsoundness.rs" 15 8 15 14] i + ([#"../01_resolve_unsoundness.rs" 15 13 15 14] [#"../01_resolve_unsoundness.rs" 15 13 15 14] (1 : usize))); goto BB2 } BB6 { - _0 <- out; - out <- any Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global); + [#"../01_resolve_unsoundness.rs" 17 11 17 14] _0 <- ([#"../01_resolve_unsoundness.rs" 17 11 17 14] out); + [#"../01_resolve_unsoundness.rs" 17 11 17 14] out <- any Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global); goto BB7 } BB7 { diff --git a/creusot/tests/should_fail/bug/222.mlcfg b/creusot/tests/should_fail/bug/222.mlcfg index 392a10205f..2dc39996b4 100644 --- a/creusot/tests/should_fail/bug/222.mlcfg +++ b/creusot/tests/should_fail/bug/222.mlcfg @@ -40,7 +40,7 @@ module C222_UsesInvariant val inv2 (_x : borrowed (Core_Option_Option_Type.t_option t)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../222.rs" 1 0 1 0] forall x : borrowed (Core_Option_Option_Type.t_option t) . inv2 x = true + axiom inv2 : forall x : borrowed (Core_Option_Option_Type.t_option t) . inv2 x = true use C222_Once_Type as C222_Once_Type predicate invariant2 (self : borrowed (C222_Once_Type.t_once t)) val invariant2 (self : borrowed (C222_Once_Type.t_once t)) : bool @@ -50,7 +50,7 @@ module C222_UsesInvariant val inv1 (_x : borrowed (C222_Once_Type.t_once t)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../222.rs" 1 0 1 0] forall x : borrowed (C222_Once_Type.t_once t) . inv1 x = true + axiom inv1 : forall x : borrowed (C222_Once_Type.t_once t) . inv1 x = true predicate invariant1 (self : Core_Option_Option_Type.t_option t) val invariant1 (self : Core_Option_Option_Type.t_option t) : bool ensures { result = invariant1 self } @@ -59,7 +59,7 @@ module C222_UsesInvariant val inv0 (_x : Core_Option_Option_Type.t_option t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../222.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option t . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option t . inv0 x = true predicate invariant0 [#"../222.rs" 29 4 29 30] (self : C222_Once_Type.t_once t) = [#"../222.rs" 30 8 30 12] true val invariant0 [#"../222.rs" 29 4 29 30] (self : C222_Once_Type.t_once t) : bool @@ -93,10 +93,10 @@ module C222_UsesInvariant goto BB0 } BB0 { - _5 <- Borrow.borrow_mut (C222_Once_Type.once_0 ( * x)); - x <- { x with current = (let C222_Once_Type.C_Once x0 = * x in C222_Once_Type.C_Once ( ^ _5)) }; + [#"../222.rs" 41 4 41 14] _5 <- Borrow.borrow_mut (C222_Once_Type.once_0 ( * x)); + [#"../222.rs" 41 4 41 14] x <- { x with current = (let C222_Once_Type.C_Once x0 = * x in C222_Once_Type.C_Once ( ^ _5)) }; assume { inv0 ( ^ _5) }; - _4 <- ([#"../222.rs" 41 4 41 14] take0 _5); + [#"../222.rs" 41 4 41 14] _4 <- ([#"../222.rs" 41 4 41 14] take0 _5); _5 <- any borrowed (Core_Option_Option_Type.t_option t); goto BB1 } @@ -108,7 +108,7 @@ module C222_UsesInvariant goto BB2 } BB2 { - _0 <- ([#"../222.rs" 40 42 42 1] ()); + [#"../222.rs" 40 42 42 1] _0 <- ([#"../222.rs" 40 42 42 1] ()); return _0 } diff --git a/creusot/tests/should_fail/bug/492.mlcfg b/creusot/tests/should_fail/bug/492.mlcfg index 9a3c2fd6e5..95c11eecc6 100644 --- a/creusot/tests/should_fail/bug/492.mlcfg +++ b/creusot/tests/should_fail/bug/492.mlcfg @@ -11,7 +11,7 @@ module C492_ReborrowTuple val inv2 (_x : (borrowed t, uint32)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../492.rs" 1 0 1 0] forall x : (borrowed t, uint32) . inv2 x = true + axiom inv2 : forall x : (borrowed t, uint32) . inv2 x = true predicate invariant1 (self : borrowed t) val invariant1 (self : borrowed t) : bool ensures { result = invariant1 self } @@ -20,7 +20,7 @@ module C492_ReborrowTuple val inv1 (_x : borrowed t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../492.rs" 1 0 1 0] forall x : borrowed t . inv1 x = true + axiom inv1 : forall x : borrowed t . inv1 x = true predicate invariant0 (self : t) val invariant0 (self : t) : bool ensures { result = invariant0 self } @@ -29,7 +29,7 @@ module C492_ReborrowTuple val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../492.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true predicate resolve0 (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve0 (self : borrowed t) : bool @@ -49,10 +49,10 @@ module C492_ReborrowTuple goto BB0 } BB0 { - _3 <- Borrow.borrow_mut ( * x); - x <- { x with current = ^ _3 }; + [#"../492.rs" 6 5 6 6] _3 <- Borrow.borrow_mut ( * x); + [#"../492.rs" 6 5 6 6] x <- { x with current = ^ _3 }; assume { inv0 ( ^ _3) }; - _0 <- ([#"../492.rs" 6 4 6 11] (_3, ([#"../492.rs" 6 8 6 10] [#"../492.rs" 6 8 6 10] (32 : uint32)))); + [#"../492.rs" 6 4 6 11] _0 <- ([#"../492.rs" 6 4 6 11] (_3, ([#"../492.rs" 6 8 6 10] [#"../492.rs" 6 8 6 10] (32 : uint32)))); _3 <- any borrowed t; assert { [@expl:type invariant] inv1 x }; assume { resolve0 x }; @@ -73,7 +73,7 @@ module C492_Test val inv1 (_x : (borrowed int32, uint32)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../492.rs" 1 0 1 0] forall x : (borrowed int32, uint32) . inv1 x = true + axiom inv1 : forall x : (borrowed int32, uint32) . inv1 x = true predicate invariant0 (self : borrowed int32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : borrowed int32) : bool @@ -83,7 +83,7 @@ module C492_Test val inv0 (_x : borrowed int32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../492.rs" 1 0 1 0] forall x : borrowed int32 . inv0 x = true + axiom inv0 : forall x : borrowed int32 . inv0 x = true predicate resolve1 (self : borrowed int32) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve1 (self : borrowed int32) : bool @@ -119,24 +119,24 @@ module C492_Test goto BB0 } BB0 { - x <- ([#"../492.rs" 11 16 11 17] [#"../492.rs" 11 16 11 17] (5 : int32)); - _6 <- Borrow.borrow_mut x; - x <- ^ _6; - _5 <- Borrow.borrow_mut ( * _6); - _6 <- { _6 with current = ^ _5 }; - _4 <- ([#"../492.rs" 12 19 12 41] reborrow_tuple0 _5); + [#"../492.rs" 11 16 11 17] x <- ([#"../492.rs" 11 16 11 17] [#"../492.rs" 11 16 11 17] (5 : int32)); + [#"../492.rs" 12 34 12 40] _6 <- Borrow.borrow_mut x; + [#"../492.rs" 12 34 12 40] x <- ^ _6; + [#"../492.rs" 12 34 12 40] _5 <- Borrow.borrow_mut ( * _6); + [#"../492.rs" 12 34 12 40] _6 <- { _6 with current = ^ _5 }; + [#"../492.rs" 12 19 12 41] _4 <- ([#"../492.rs" 12 19 12 41] reborrow_tuple0 _5); _5 <- any borrowed int32; goto BB1 } BB1 { - res <- (let (a, _) = _4 in a); - _4 <- (let (x0, x1) = _4 in (any borrowed int32, x1)); + [#"../492.rs" 12 9 12 12] res <- ([#"../492.rs" 12 9 12 12] let (a, _) = _4 in a); + [#"../492.rs" 12 9 12 12] _4 <- (let (x0, x1) = _4 in (any borrowed int32, x1)); assume { resolve0 _4 }; assume { resolve1 _6 }; assert { [@expl:assertion] [#"../492.rs" 13 18 13 30] ^ res = (5 : int32) }; - res <- { res with current = ([#"../492.rs" 14 11 14 13] [#"../492.rs" 14 11 14 13] (10 : int32)) }; + [#"../492.rs" 14 4 14 13] res <- { res with current = ([#"../492.rs" 14 4 14 13] [#"../492.rs" 14 11 14 13] (10 : int32)) }; assume { resolve1 res }; - _0 <- ([#"../492.rs" 10 14 15 1] ()); + [#"../492.rs" 10 14 15 1] _0 <- ([#"../492.rs" 10 14 15 1] ()); return _0 } diff --git a/creusot/tests/should_fail/bug/692.mlcfg b/creusot/tests/should_fail/bug/692.mlcfg index b12e791cef..4d8b6e6006 100644 --- a/creusot/tests/should_fail/bug/692.mlcfg +++ b/creusot/tests/should_fail/bug/692.mlcfg @@ -73,18 +73,18 @@ module C692_Incorrect val invariant4 (self : bool) : bool ensures { result = invariant4 self } - axiom inv4 : [#"../692.rs" 1 0 1 0] forall x : bool . inv4 x = true + axiom inv4 : forall x : bool . inv4 x = true predicate invariant3 (self : ()) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : ()) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../692.rs" 1 0 1 0] forall x : () . inv3 x = true + axiom inv3 : forall x : () . inv3 x = true predicate invariant2 (self : borrowed c) val invariant2 (self : borrowed c) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../692.rs" 1 0 1 0] forall x : borrowed c . inv2 x = true + axiom inv2 : forall x : borrowed c . inv2 x = true predicate postcondition0 (self : c) (_2 : ()) (_3 : bool) val postcondition0 (self : c) (_2 : ()) (_3 : bool) : bool ensures { result = postcondition0 self _2 _3 } @@ -114,7 +114,7 @@ module C692_Incorrect val invariant1 (self : c) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../692.rs" 1 0 1 0] forall x : c . inv1 x = true + axiom inv1 : forall x : c . inv1 x = true predicate invariant0 (self : b) val invariant0 (self : b) : bool ensures { result = invariant0 self } @@ -123,7 +123,7 @@ module C692_Incorrect val inv0 (_x : b) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../692.rs" 1 0 1 0] forall x : b . inv0 x = true + axiom inv0 : forall x : b . inv0 x = true predicate precondition1 (self : b) (_2 : bool) val precondition1 (self : b) (_2 : bool) : bool ensures { result = precondition1 self _2 } @@ -157,7 +157,7 @@ module C692_Incorrect goto BB1 } BB1 { - _0 <- ([#"../692.rs" 8 77 8 79] ()); + [#"../692.rs" 8 77 8 79] _0 <- ([#"../692.rs" 8 77 8 79] ()); goto BB2 } BB2 { @@ -186,14 +186,14 @@ module C692_ValidNormal_Closure2 function field_00 [#"../692.rs" 15 17 15 64] (self : C692_ValidNormal_Closure2.c692_validnormal_closure2) : borrowed uint32 = - [#"../692.rs" 1 0 1 0] let C692_ValidNormal_Closure2.C692_ValidNormal_Closure2 a = self in a + let C692_ValidNormal_Closure2.C692_ValidNormal_Closure2 a = self in a val field_00 [#"../692.rs" 15 17 15 64] (self : C692_ValidNormal_Closure2.c692_validnormal_closure2) : borrowed uint32 ensures { result = field_00 self } predicate unnest0 [#"../692.rs" 15 17 15 64] (self : C692_ValidNormal_Closure2.c692_validnormal_closure2) (_2 : C692_ValidNormal_Closure2.c692_validnormal_closure2) = - [#"../692.rs" 1 0 1 0] ^ field_00 _2 = ^ field_00 self + ^ field_00 _2 = ^ field_00 self predicate resolve0 (self : borrowed C692_ValidNormal_Closure2.c692_validnormal_closure2) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve0 (self : borrowed C692_ValidNormal_Closure2.c692_validnormal_closure2) : bool @@ -201,7 +201,7 @@ module C692_ValidNormal_Closure2 let rec cfg c692_ValidNormal_Closure2 [#"../692.rs" 15 17 15 64] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : borrowed C692_ValidNormal_Closure2.c692_validnormal_closure2) (b : bool) : () ensures { [#"../692.rs" 15 27 15 62] b /\ * field_00 ( ^ _1) = (2 : uint32) \/ not b /\ * field_00 ( ^ _1) = (1 : uint32) } - ensures { [#"../692.rs" 1 0 1 0] unnest0 ( * _1) ( ^ _1) } + ensures { unnest0 ( * _1) ( ^ _1) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -213,25 +213,25 @@ module C692_ValidNormal_Closure2 goto BB0 } BB0 { - switch (b) + switch ([#"../692.rs" 16 21 16 22] b) | False -> goto BB2 | True -> goto BB1 end } BB1 { - _4 <- ([#"../692.rs" 16 25 16 26] [#"../692.rs" 16 25 16 26] (2 : uint32)); + [#"../692.rs" 16 25 16 26] _4 <- ([#"../692.rs" 16 25 16 26] [#"../692.rs" 16 25 16 26] (2 : uint32)); goto BB3 } BB2 { - _4 <- ([#"../692.rs" 16 36 16 37] [#"../692.rs" 16 36 16 37] (1 : uint32)); + [#"../692.rs" 16 36 16 37] _4 <- ([#"../692.rs" 16 36 16 37] [#"../692.rs" 16 36 16 37] (1 : uint32)); goto BB3 } BB3 { - _1 <- { _1 with current = (let C692_ValidNormal_Closure2.C692_ValidNormal_Closure2 x0 = * _1 in C692_ValidNormal_Closure2.C692_ValidNormal_Closure2 ({ (field_00 ( * _1)) with current = _4 })) }; - _4 <- any uint32; + [#"../692.rs" 16 14 16 39] _1 <- { _1 with current = (let C692_ValidNormal_Closure2.C692_ValidNormal_Closure2 x0 = * _1 in C692_ValidNormal_Closure2.C692_ValidNormal_Closure2 ({ (field_00 ( * _1)) with current = ([#"../692.rs" 16 14 16 39] _4) })) }; + [#"../692.rs" 16 14 16 39] _4 <- any uint32; assume { resolve0 _1 }; - res <- ([#"../692.rs" 16 14 16 39] ()); - _0 <- res; + [#"../692.rs" 16 14 16 39] res <- ([#"../692.rs" 16 14 16 39] ()); + [#"../692.rs" 15 17 15 64] _0 <- ([#"../692.rs" 15 17 15 64] res); return _0 } @@ -252,7 +252,7 @@ module C692_ValidNormal_Closure1 use prelude.Borrow use prelude.Int function field_00 [#"../692.rs" 13 15 13 47] (self : C692_ValidNormal_Closure1.c692_validnormal_closure1) : uint32 = - [#"../692.rs" 1 0 1 0] let C692_ValidNormal_Closure1.C692_ValidNormal_Closure1 a = self in a + let C692_ValidNormal_Closure1.C692_ValidNormal_Closure1 a = self in a val field_00 [#"../692.rs" 13 15 13 47] (self : C692_ValidNormal_Closure1.c692_validnormal_closure1) : uint32 ensures { result = field_00 self } @@ -267,8 +267,8 @@ module C692_ValidNormal_Closure1 goto BB0 } BB0 { - res <- ([#"../692.rs" 14 7 14 15] field_00 _1 > ([#"../692.rs" 14 11 14 15] [#"../692.rs" 14 11 14 15] (7 : uint32))); - _0 <- res; + [#"../692.rs" 14 7 14 15] res <- ([#"../692.rs" 14 7 14 15] ([#"../692.rs" 14 7 14 8] field_00 _1) > ([#"../692.rs" 14 11 14 15] [#"../692.rs" 14 11 14 15] (7 : uint32))); + [#"../692.rs" 13 15 13 47] _0 <- ([#"../692.rs" 13 15 13 47] res); return _0 } @@ -287,7 +287,7 @@ module C692_ValidNormal val inv1 (_x : C692_ValidNormal_Closure2.c692_validnormal_closure2) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../692.rs" 1 0 1 0] forall x : C692_ValidNormal_Closure2.c692_validnormal_closure2 . inv1 x = true + axiom inv1 : forall x : C692_ValidNormal_Closure2.c692_validnormal_closure2 . inv1 x = true use prelude.Int8 use C692_ValidNormal_Closure1_Type as C692_ValidNormal_Closure1 predicate invariant0 (self : C692_ValidNormal_Closure1.c692_validnormal_closure1) = @@ -299,10 +299,10 @@ module C692_ValidNormal val inv0 (_x : C692_ValidNormal_Closure1.c692_validnormal_closure1) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../692.rs" 1 0 1 0] forall x : C692_ValidNormal_Closure1.c692_validnormal_closure1 . inv0 x = true + axiom inv0 : forall x : C692_ValidNormal_Closure1.c692_validnormal_closure1 . inv0 x = true use prelude.Int function field_00 [#"../692.rs" 13 15 13 47] (self : C692_ValidNormal_Closure1.c692_validnormal_closure1) : uint32 = - [#"../692.rs" 1 0 1 0] let C692_ValidNormal_Closure1.C692_ValidNormal_Closure1 a = self in a + let C692_ValidNormal_Closure1.C692_ValidNormal_Closure1 a = self in a val field_00 [#"../692.rs" 13 15 13 47] (self : C692_ValidNormal_Closure1.c692_validnormal_closure1) : uint32 ensures { result = field_00 self } @@ -313,11 +313,11 @@ module C692_ValidNormal predicate precondition1 [#"../692.rs" 15 17 15 64] (self : C692_ValidNormal_Closure2.c692_validnormal_closure2) (args : bool) = - [#"../692.rs" 1 0 1 0] let (b) = args in true + let (b) = args in true predicate precondition0 [#"../692.rs" 13 15 13 47] (self : C692_ValidNormal_Closure1.c692_validnormal_closure1) (_ : ()) = - [#"../692.rs" 1 0 1 0] true + true val incorrect0 [#"../692.rs" 8 0 8 76] (cond : C692_ValidNormal_Closure1.c692_validnormal_closure1) (branch : C692_ValidNormal_Closure2.c692_validnormal_closure2) : () requires {[#"../692.rs" 5 0 6 87] precondition0 cond () /\ (forall b : bool . precondition1 branch (b) /\ (exists b : bool . forall b0 : bool . postcondition0 cond () b0 -> b0 = b))} requires {[#"../692.rs" 8 57 8 61] inv0 cond} @@ -325,7 +325,7 @@ module C692_ValidNormal ensures { [#"../692.rs" 7 10 7 15] false } predicate resolve0 [#"../692.rs" 13 15 13 47] (_1 : C692_ValidNormal_Closure1.c692_validnormal_closure1) = - [#"../692.rs" 1 0 1 0] true + true let rec cfg valid_normal [#"../692.rs" 11 0 11 34] [@cfg:stackify] [@cfg:subregion_analysis] (n : uint32) : uint32 ensures { [#"../692.rs" 10 10 10 15] false } @@ -341,19 +341,19 @@ module C692_ValidNormal goto BB0 } BB0 { - r <- ([#"../692.rs" 12 16 12 20] [#"../692.rs" 12 16 12 20] (0 : uint32)); - cond <- ([#"../692.rs" 13 15 13 47] C692_ValidNormal_Closure1.C692_ValidNormal_Closure1 ([#"../692.rs" 13 15 13 47] n)); - _7 <- Borrow.borrow_mut r; - r <- ^ _7; - branch <- ([#"../692.rs" 15 17 15 64] C692_ValidNormal_Closure2.C692_ValidNormal_Closure2 _7); + [#"../692.rs" 12 16 12 20] r <- ([#"../692.rs" 12 16 12 20] [#"../692.rs" 12 16 12 20] (0 : uint32)); + [#"../692.rs" 13 15 13 47] cond <- ([#"../692.rs" 13 15 13 47] C692_ValidNormal_Closure1.C692_ValidNormal_Closure1 ([#"../692.rs" 13 15 13 47] n)); + [#"../692.rs" 15 17 15 64] _7 <- Borrow.borrow_mut r; + [#"../692.rs" 15 17 15 64] r <- ^ _7; + [#"../692.rs" 15 17 15 64] branch <- ([#"../692.rs" 15 17 15 64] C692_ValidNormal_Closure2.C692_ValidNormal_Closure2 _7); _7 <- any borrowed uint32; assume { resolve0 cond }; - _8 <- ([#"../692.rs" 17 4 17 27] incorrect0 cond branch); - branch <- any C692_ValidNormal_Closure2.c692_validnormal_closure2; + [#"../692.rs" 17 4 17 27] _8 <- ([#"../692.rs" 17 4 17 27] incorrect0 ([#"../692.rs" 17 14 17 18] cond) ([#"../692.rs" 17 20 17 26] branch)); + [#"../692.rs" 17 20 17 26] branch <- any C692_ValidNormal_Closure2.c692_validnormal_closure2; goto BB1 } BB1 { - _0 <- r; + [#"../692.rs" 18 4 18 5] _0 <- ([#"../692.rs" 18 4 18 5] r); return _0 } diff --git a/creusot/tests/should_fail/bug/695.mlcfg b/creusot/tests/should_fail/bug/695.mlcfg index 9e9fab6470..3b177cc717 100644 --- a/creusot/tests/should_fail/bug/695.mlcfg +++ b/creusot/tests/should_fail/bug/695.mlcfg @@ -72,7 +72,7 @@ module C695_InversedIf val invariant6 (self : borrowed c) : bool ensures { result = invariant6 self } - axiom inv6 : [#"../695.rs" 1 0 1 0] forall x : borrowed c . inv6 x = true + axiom inv6 : forall x : borrowed c . inv6 x = true predicate invariant5 (self : bool) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant5 (self : bool) : bool @@ -82,19 +82,19 @@ module C695_InversedIf val inv5 (_x : bool) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../695.rs" 1 0 1 0] forall x : bool . inv5 x = true + axiom inv5 : forall x : bool . inv5 x = true predicate invariant4 (self : bool) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant4 (self : bool) : bool ensures { result = invariant4 self } - axiom inv4 : [#"../695.rs" 1 0 1 0] forall x : bool . inv4 x = true + axiom inv4 : forall x : bool . inv4 x = true predicate invariant3 (self : ()) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : ()) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../695.rs" 1 0 1 0] forall x : () . inv3 x = true + axiom inv3 : forall x : () . inv3 x = true predicate invariant2 (self : c) val invariant2 (self : c) : bool ensures { result = invariant2 self } @@ -103,7 +103,7 @@ module C695_InversedIf val inv2 (_x : c) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../695.rs" 1 0 1 0] forall x : c . inv2 x = true + axiom inv2 : forall x : c . inv2 x = true predicate postcondition0 (self : c) (_2 : ()) (_3 : bool) val postcondition0 (self : c) (_2 : ()) (_3 : bool) : bool ensures { result = postcondition0 self _2 _3 } @@ -137,12 +137,12 @@ module C695_InversedIf val inv1 (_x : b) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../695.rs" 1 0 1 0] forall x : b . inv1 x = true + axiom inv1 : forall x : b . inv1 x = true predicate invariant0 (self : c) val invariant0 (self : c) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../695.rs" 1 0 1 0] forall x : c . inv0 x = true + axiom inv0 : forall x : c . inv0 x = true predicate postcondition_once0 (self : b) (_2 : bool) (_3 : ()) val postcondition_once0 (self : b) (_2 : bool) (_3 : ()) : bool ensures { result = postcondition_once0 self _2 _3 } @@ -190,7 +190,7 @@ module C695_InversedIf goto BB2 } BB2 { - _6 <- ([#"../695.rs" 7 8 7 14] call0 ([#"../695.rs" 7 8 7 12] cond) ([#"../695.rs" 7 8 7 14] ())); + [#"../695.rs" 7 8 7 14] _6 <- ([#"../695.rs" 7 8 7 14] call0 ([#"../695.rs" 7 8 7 12] cond) ([#"../695.rs" 7 8 7 14] ())); goto BB3 } BB3 { @@ -202,16 +202,16 @@ module C695_InversedIf end } BB4 { - _0 <- ([#"../695.rs" 8 8 8 20] call_once0 branch ([#"../695.rs" 8 8 8 20] (([#"../695.rs" 8 15 8 19] [#"../695.rs" 8 15 8 19] true)))); - branch <- any b; + [#"../695.rs" 8 8 8 20] _0 <- ([#"../695.rs" 8 8 8 20] call_once0 ([#"../695.rs" 8 8 8 14] branch) ([#"../695.rs" 8 8 8 20] (([#"../695.rs" 8 15 8 19] [#"../695.rs" 8 15 8 19] true)))); + [#"../695.rs" 8 8 8 14] branch <- any b; goto BB5 } BB5 { goto BB8 } BB6 { - _0 <- ([#"../695.rs" 10 8 10 21] call_once0 branch ([#"../695.rs" 10 8 10 21] (([#"../695.rs" 10 15 10 20] [#"../695.rs" 10 15 10 20] false)))); - branch <- any b; + [#"../695.rs" 10 8 10 21] _0 <- ([#"../695.rs" 10 8 10 21] call_once0 ([#"../695.rs" 10 8 10 14] branch) ([#"../695.rs" 10 8 10 21] (([#"../695.rs" 10 15 10 20] [#"../695.rs" 10 15 10 20] false)))); + [#"../695.rs" 10 8 10 14] branch <- any b; goto BB7 } BB7 { @@ -244,14 +244,14 @@ module C695_Valid_Closure2 use prelude.Borrow use C695_Valid_Closure2_Type as C695_Valid_Closure2 function field_00 [#"../695.rs" 19 17 19 64] (self : C695_Valid_Closure2.c695_valid_closure2) : borrowed uint32 = - [#"../695.rs" 1 0 1 0] let C695_Valid_Closure2.C695_Valid_Closure2 a = self in a + let C695_Valid_Closure2.C695_Valid_Closure2 a = self in a val field_00 [#"../695.rs" 19 17 19 64] (self : C695_Valid_Closure2.c695_valid_closure2) : borrowed uint32 ensures { result = field_00 self } predicate unnest0 [#"../695.rs" 19 17 19 64] (self : C695_Valid_Closure2.c695_valid_closure2) (_2 : C695_Valid_Closure2.c695_valid_closure2) = - [#"../695.rs" 1 0 1 0] ^ field_00 _2 = ^ field_00 self + ^ field_00 _2 = ^ field_00 self predicate resolve0 (self : borrowed C695_Valid_Closure2.c695_valid_closure2) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve0 (self : borrowed C695_Valid_Closure2.c695_valid_closure2) : bool @@ -259,7 +259,7 @@ module C695_Valid_Closure2 let rec cfg c695_Valid_Closure2 [#"../695.rs" 19 17 19 64] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : borrowed C695_Valid_Closure2.c695_valid_closure2) (b : bool) : () ensures { [#"../695.rs" 19 27 19 62] b /\ * field_00 ( ^ _1) = (2 : uint32) \/ not b /\ * field_00 ( ^ _1) = (1 : uint32) } - ensures { [#"../695.rs" 1 0 1 0] unnest0 ( * _1) ( ^ _1) } + ensures { unnest0 ( * _1) ( ^ _1) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -271,25 +271,25 @@ module C695_Valid_Closure2 goto BB0 } BB0 { - switch (b) + switch ([#"../695.rs" 20 21 20 22] b) | False -> goto BB2 | True -> goto BB1 end } BB1 { - _4 <- ([#"../695.rs" 20 25 20 26] [#"../695.rs" 20 25 20 26] (2 : uint32)); + [#"../695.rs" 20 25 20 26] _4 <- ([#"../695.rs" 20 25 20 26] [#"../695.rs" 20 25 20 26] (2 : uint32)); goto BB3 } BB2 { - _4 <- ([#"../695.rs" 20 36 20 37] [#"../695.rs" 20 36 20 37] (1 : uint32)); + [#"../695.rs" 20 36 20 37] _4 <- ([#"../695.rs" 20 36 20 37] [#"../695.rs" 20 36 20 37] (1 : uint32)); goto BB3 } BB3 { - _1 <- { _1 with current = (let C695_Valid_Closure2.C695_Valid_Closure2 x0 = * _1 in C695_Valid_Closure2.C695_Valid_Closure2 ({ (field_00 ( * _1)) with current = _4 })) }; - _4 <- any uint32; + [#"../695.rs" 20 14 20 39] _1 <- { _1 with current = (let C695_Valid_Closure2.C695_Valid_Closure2 x0 = * _1 in C695_Valid_Closure2.C695_Valid_Closure2 ({ (field_00 ( * _1)) with current = ([#"../695.rs" 20 14 20 39] _4) })) }; + [#"../695.rs" 20 14 20 39] _4 <- any uint32; assume { resolve0 _1 }; - res <- ([#"../695.rs" 20 14 20 39] ()); - _0 <- res; + [#"../695.rs" 20 14 20 39] res <- ([#"../695.rs" 20 14 20 39] ()); + [#"../695.rs" 19 17 19 64] _0 <- ([#"../695.rs" 19 17 19 64] res); return _0 } @@ -310,7 +310,7 @@ module C695_Valid_Closure1 use prelude.Borrow use prelude.Int function field_00 [#"../695.rs" 17 15 17 47] (self : C695_Valid_Closure1.c695_valid_closure1) : uint32 = - [#"../695.rs" 1 0 1 0] let C695_Valid_Closure1.C695_Valid_Closure1 a = self in a + let C695_Valid_Closure1.C695_Valid_Closure1 a = self in a val field_00 [#"../695.rs" 17 15 17 47] (self : C695_Valid_Closure1.c695_valid_closure1) : uint32 ensures { result = field_00 self } @@ -325,8 +325,8 @@ module C695_Valid_Closure1 goto BB0 } BB0 { - res <- ([#"../695.rs" 18 7 18 15] field_00 _1 > ([#"../695.rs" 18 11 18 15] [#"../695.rs" 18 11 18 15] (7 : uint32))); - _0 <- res; + [#"../695.rs" 18 7 18 15] res <- ([#"../695.rs" 18 7 18 15] ([#"../695.rs" 18 7 18 8] field_00 _1) > ([#"../695.rs" 18 11 18 15] [#"../695.rs" 18 11 18 15] (7 : uint32))); + [#"../695.rs" 17 15 17 47] _0 <- ([#"../695.rs" 17 15 17 47] res); return _0 } @@ -345,7 +345,7 @@ module C695_Valid val inv1 (_x : C695_Valid_Closure2.c695_valid_closure2) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../695.rs" 1 0 1 0] forall x : C695_Valid_Closure2.c695_valid_closure2 . inv1 x = true + axiom inv1 : forall x : C695_Valid_Closure2.c695_valid_closure2 . inv1 x = true use prelude.Int8 use C695_Valid_Closure1_Type as C695_Valid_Closure1 predicate invariant0 (self : C695_Valid_Closure1.c695_valid_closure1) = @@ -357,10 +357,10 @@ module C695_Valid val inv0 (_x : C695_Valid_Closure1.c695_valid_closure1) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../695.rs" 1 0 1 0] forall x : C695_Valid_Closure1.c695_valid_closure1 . inv0 x = true + axiom inv0 : forall x : C695_Valid_Closure1.c695_valid_closure1 . inv0 x = true use prelude.Int function field_01 [#"../695.rs" 19 17 19 64] (self : C695_Valid_Closure2.c695_valid_closure2) : borrowed uint32 = - [#"../695.rs" 1 0 1 0] let C695_Valid_Closure2.C695_Valid_Closure2 a = self in a + let C695_Valid_Closure2.C695_Valid_Closure2 a = self in a val field_01 [#"../695.rs" 19 17 19 64] (self : C695_Valid_Closure2.c695_valid_closure2) : borrowed uint32 ensures { result = field_01 self } @@ -369,7 +369,7 @@ module C695_Valid = [#"../695.rs" 19 27 19 62] let (b) = args in b /\ ^ field_01 self = (2 : uint32) \/ not b /\ ^ field_01 self = (1 : uint32) function field_00 [#"../695.rs" 17 15 17 47] (self : C695_Valid_Closure1.c695_valid_closure1) : uint32 = - [#"../695.rs" 1 0 1 0] let C695_Valid_Closure1.C695_Valid_Closure1 a = self in a + let C695_Valid_Closure1.C695_Valid_Closure1 a = self in a val field_00 [#"../695.rs" 17 15 17 47] (self : C695_Valid_Closure1.c695_valid_closure1) : uint32 ensures { result = field_00 self } @@ -378,9 +378,9 @@ module C695_Valid = [#"../695.rs" 17 25 17 45] result = (field_00 self > (7 : uint32)) predicate precondition1 [#"../695.rs" 19 17 19 64] (self : C695_Valid_Closure2.c695_valid_closure2) (args : bool) = - [#"../695.rs" 1 0 1 0] let (b) = args in true + let (b) = args in true predicate precondition0 [#"../695.rs" 17 15 17 47] (self : C695_Valid_Closure1.c695_valid_closure1) (_ : ()) = - [#"../695.rs" 1 0 1 0] true + true val inversed_if0 [#"../695.rs" 6 0 6 78] (cond : C695_Valid_Closure1.c695_valid_closure1) (branch : C695_Valid_Closure2.c695_valid_closure2) : () requires {[#"../695.rs" 4 0 4 79] precondition0 cond () /\ (forall b : bool . precondition1 branch (b))} requires {[#"../695.rs" 6 59 6 63] inv0 cond} @@ -388,7 +388,7 @@ module C695_Valid ensures { [#"../695.rs" 5 0 5 91] exists b : bool . postcondition0 cond () b /\ postcondition_once0 branch (not b) () } predicate resolve0 [#"../695.rs" 17 15 17 47] (_1 : C695_Valid_Closure1.c695_valid_closure1) = - [#"../695.rs" 1 0 1 0] true + true let rec cfg valid [#"../695.rs" 15 0 15 27] [@cfg:stackify] [@cfg:subregion_analysis] (n : uint32) : uint32 ensures { [#"../695.rs" 14 10 14 71] n > (7 : uint32) /\ result = (2 : uint32) \/ n <= (7 : uint32) /\ result = (1 : uint32) } @@ -404,20 +404,20 @@ module C695_Valid goto BB0 } BB0 { - r <- ([#"../695.rs" 16 16 16 20] [#"../695.rs" 16 16 16 20] (0 : uint32)); - cond <- ([#"../695.rs" 17 15 17 47] C695_Valid_Closure1.C695_Valid_Closure1 ([#"../695.rs" 17 15 17 47] n)); - _7 <- Borrow.borrow_mut r; - r <- ^ _7; - branch <- ([#"../695.rs" 19 17 19 64] C695_Valid_Closure2.C695_Valid_Closure2 _7); + [#"../695.rs" 16 16 16 20] r <- ([#"../695.rs" 16 16 16 20] [#"../695.rs" 16 16 16 20] (0 : uint32)); + [#"../695.rs" 17 15 17 47] cond <- ([#"../695.rs" 17 15 17 47] C695_Valid_Closure1.C695_Valid_Closure1 ([#"../695.rs" 17 15 17 47] n)); + [#"../695.rs" 19 17 19 64] _7 <- Borrow.borrow_mut r; + [#"../695.rs" 19 17 19 64] r <- ^ _7; + [#"../695.rs" 19 17 19 64] branch <- ([#"../695.rs" 19 17 19 64] C695_Valid_Closure2.C695_Valid_Closure2 _7); _7 <- any borrowed uint32; assume { resolve0 cond }; - _8 <- ([#"../695.rs" 21 4 21 29] inversed_if0 cond branch); - branch <- any C695_Valid_Closure2.c695_valid_closure2; + [#"../695.rs" 21 4 21 29] _8 <- ([#"../695.rs" 21 4 21 29] inversed_if0 ([#"../695.rs" 21 16 21 20] cond) ([#"../695.rs" 21 22 21 28] branch)); + [#"../695.rs" 21 22 21 28] branch <- any C695_Valid_Closure2.c695_valid_closure2; goto BB1 } BB1 { assert { [@expl:assertion] [#"../695.rs" 22 20 22 25] false }; - _0 <- r; + [#"../695.rs" 23 4 23 5] _0 <- ([#"../695.rs" 23 4 23 5] r); return _0 } diff --git a/creusot/tests/should_fail/bug/specialize.mlcfg b/creusot/tests/should_fail/bug/specialize.mlcfg index 99a99401ed..1168a6b820 100644 --- a/creusot/tests/should_fail/bug/specialize.mlcfg +++ b/creusot/tests/should_fail/bug/specialize.mlcfg @@ -56,13 +56,13 @@ module Specialize_F goto BB0 } BB0 { - _2 <- ([#"../specialize.rs" 22 4 22 9] x0 v); - v <- any Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global); + [#"../specialize.rs" 22 4 22 9] _2 <- ([#"../specialize.rs" 22 4 22 9] x0 ([#"../specialize.rs" 22 4 22 5] v)); + [#"../specialize.rs" 22 4 22 5] v <- any Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global); goto BB1 } BB1 { assert { [@expl:assertion] [#"../specialize.rs" 24 20 24 25] false }; - _0 <- ([#"../specialize.rs" 21 18 25 1] ()); + [#"../specialize.rs" 21 18 25 1] _0 <- ([#"../specialize.rs" 21 18 25 1] ()); goto BB2 } BB2 { @@ -81,7 +81,7 @@ module Specialize_G val inv1 (_x : Seq.seq t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../specialize.rs" 1 0 1 0] forall x : Seq.seq t . inv1 x = true + axiom inv1 : forall x : Seq.seq t . inv1 x = true use prelude.UIntSize use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -105,7 +105,7 @@ module Specialize_G val invariant0 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../specialize.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv0 x = true val x0 [#"../specialize.rs" 6 4 6 15] (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : () requires {[#"../specialize.rs" 6 9 6 13] inv0 self} @@ -120,13 +120,13 @@ module Specialize_G goto BB0 } BB0 { - _2 <- ([#"../specialize.rs" 28 4 28 9] x0 v); - v <- any Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global); + [#"../specialize.rs" 28 4 28 9] _2 <- ([#"../specialize.rs" 28 4 28 9] x0 ([#"../specialize.rs" 28 4 28 5] v)); + [#"../specialize.rs" 28 4 28 5] v <- any Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global); goto BB1 } BB1 { assert { [@expl:assertion] [#"../specialize.rs" 31 20 31 25] false }; - _0 <- ([#"../specialize.rs" 27 19 32 1] ()); + [#"../specialize.rs" 27 19 32 1] _0 <- ([#"../specialize.rs" 27 19 32 1] ()); goto BB2 } BB2 { @@ -146,7 +146,7 @@ module Specialize_H val inv1 (_x : Seq.seq int32) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../specialize.rs" 1 0 1 0] forall x : Seq.seq int32 . inv1 x = true + axiom inv1 : forall x : Seq.seq int32 . inv1 x = true use prelude.UIntSize use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -170,7 +170,7 @@ module Specialize_H val invariant0 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../specialize.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true val x0 [#"../specialize.rs" 12 4 12 22] (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : () requires {[#"../specialize.rs" 12 17 12 21] inv0 self} ensures { [#"../specialize.rs" 11 14 11 19] false } @@ -185,13 +185,13 @@ module Specialize_H goto BB0 } BB0 { - _2 <- ([#"../specialize.rs" 35 4 35 9] x0 v); - v <- any Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global); + [#"../specialize.rs" 35 4 35 9] _2 <- ([#"../specialize.rs" 35 4 35 9] x0 ([#"../specialize.rs" 35 4 35 5] v)); + [#"../specialize.rs" 35 4 35 5] v <- any Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global); goto BB1 } BB1 { assert { [@expl:assertion] [#"../specialize.rs" 37 20 37 25] false }; - _0 <- ([#"../specialize.rs" 34 18 38 1] ()); + [#"../specialize.rs" 34 18 38 1] _0 <- ([#"../specialize.rs" 34 18 38 1] ()); goto BB2 } BB2 { @@ -210,7 +210,7 @@ module Specialize_Impl0 val inv1 (_x : Seq.seq u) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../specialize.rs" 1 0 1 0] forall x : Seq.seq u . inv1 x = true + axiom inv1 : forall x : Seq.seq u . inv1 x = true use prelude.UIntSize use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -234,7 +234,7 @@ module Specialize_Impl0 val invariant0 (self : Alloc_Vec_Vec_Type.t_vec u (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../specialize.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec u (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec u (Alloc_Alloc_Global_Type.t_global) . inv0 x = true goal x_refn : [#"../specialize.rs" 12 4 12 22] forall self : Alloc_Vec_Vec_Type.t_vec u (Alloc_Alloc_Global_Type.t_global) . inv0 self -> inv0 self end module Specialize_Impl1 diff --git a/creusot/tests/should_fail/bug/subregion.mlcfg b/creusot/tests/should_fail/bug/subregion.mlcfg index 990f82a26c..5f4eb60b5d 100644 --- a/creusot/tests/should_fail/bug/subregion.mlcfg +++ b/creusot/tests/should_fail/bug/subregion.mlcfg @@ -14,7 +14,7 @@ module Subregion_ListReversalH goto BB0 } BB0 { - r <- ([#"../subregion.rs" 4 16 4 17] [#"../subregion.rs" 4 16 4 17] (0 : usize)); + [#"../subregion.rs" 4 16 4 17] r <- ([#"../subregion.rs" 4 16 4 17] [#"../subregion.rs" 4 16 4 17] (0 : usize)); goto BB1 } BB1 { @@ -22,20 +22,20 @@ module Subregion_ListReversalH goto BB2 } BB2 { - switch ([#"../subregion.rs" 6 10 6 16] l <> ([#"../subregion.rs" 6 15 6 16] [#"../subregion.rs" 6 15 6 16] (0 : usize))) + switch ([#"../subregion.rs" 6 10 6 16] ([#"../subregion.rs" 6 10 6 11] l) <> ([#"../subregion.rs" 6 15 6 16] [#"../subregion.rs" 6 15 6 16] (0 : usize))) | False -> goto BB4 | True -> goto BB3 end } BB3 { assert { [@expl:assertion] [#"../subregion.rs" 7 22 7 27] false }; - x <- r; - tmp <- l; - r <- tmp; + [#"../subregion.rs" 8 16 8 17] x <- ([#"../subregion.rs" 8 16 8 17] r); + [#"../subregion.rs" 9 18 9 19] tmp <- ([#"../subregion.rs" 9 18 9 19] l); + [#"../subregion.rs" 10 8 10 15] r <- ([#"../subregion.rs" 10 12 10 15] tmp); goto BB1 } BB4 { - _0 <- r; + [#"../subregion.rs" 13 11 13 12] _0 <- ([#"../subregion.rs" 13 11 13 12] r); return _0 } diff --git a/creusot/tests/should_fail/opaque_unproveable.mlcfg b/creusot/tests/should_fail/opaque_unproveable.mlcfg index 9ad5160530..3e329c822b 100644 --- a/creusot/tests/should_fail/opaque_unproveable.mlcfg +++ b/creusot/tests/should_fail/opaque_unproveable.mlcfg @@ -12,7 +12,7 @@ module OpaqueUnproveable_Test } BB0 { assert { [@expl:assertion] [#"../opaque_unproveable.rs" 16 18 16 29] opaque0 () }; - _0 <- ([#"../opaque_unproveable.rs" 14 14 17 1] ()); + [#"../opaque_unproveable.rs" 14 14 17 1] _0 <- ([#"../opaque_unproveable.rs" 14 14 17 1] ()); return _0 } diff --git a/creusot/tests/should_fail/traits/17_impl_refinement.mlcfg b/creusot/tests/should_fail/traits/17_impl_refinement.mlcfg index d8fe31abde..a5c6b6a316 100644 --- a/creusot/tests/should_fail/traits/17_impl_refinement.mlcfg +++ b/creusot/tests/should_fail/traits/17_impl_refinement.mlcfg @@ -14,7 +14,7 @@ module C17ImplRefinement_Impl0_MyFunction goto BB0 } BB0 { - _0 <- ([#"../17_impl_refinement.rs" 15 8 15 10] [#"../17_impl_refinement.rs" 15 8 15 10] (20 : usize)); + [#"../17_impl_refinement.rs" 15 8 15 10] _0 <- ([#"../17_impl_refinement.rs" 15 8 15 10] [#"../17_impl_refinement.rs" 15 8 15 10] (20 : usize)); return _0 } @@ -39,7 +39,7 @@ module C17ImplRefinement_Impl0 val inv0 (_x : ()) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../17_impl_refinement.rs" 1 0 1 0] forall x : () . inv0 x = true + axiom inv0 : forall x : () . inv0 x = true use prelude.UIntSize use prelude.UIntSize use prelude.Int diff --git a/creusot/tests/should_succeed/100doors.mlcfg b/creusot/tests/should_succeed/100doors.mlcfg index d92b5cfc70..57e2379cf2 100644 --- a/creusot/tests/should_succeed/100doors.mlcfg +++ b/creusot/tests/should_succeed/100doors.mlcfg @@ -74,7 +74,7 @@ module C100doors_F val inv11 (_x : Seq.seq usize) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../100doors.rs" 1 0 1 0] forall x : Seq.seq usize . inv11 x = true + axiom inv11 : forall x : Seq.seq usize . inv11 x = true use prelude.Borrow predicate invariant10 (self : borrowed bool) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -85,7 +85,7 @@ module C100doors_F val inv10 (_x : borrowed bool) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../100doors.rs" 1 0 1 0] forall x : borrowed bool . inv10 x = true + axiom inv10 : forall x : borrowed bool . inv10 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type predicate invariant9 (self : borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global))) = @@ -97,7 +97,7 @@ module C100doors_F val inv9 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../100doors.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) . inv9 x = true + axiom inv9 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) . inv9 x = true predicate invariant8 (self : bool) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant8 (self : bool) : bool @@ -107,7 +107,7 @@ module C100doors_F val inv8 (_x : bool) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../100doors.rs" 1 0 1 0] forall x : bool . inv8 x = true + axiom inv8 : forall x : bool . inv8 x = true predicate invariant7 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant7 (self : usize) : bool @@ -117,7 +117,7 @@ module C100doors_F val inv7 (_x : usize) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../100doors.rs" 1 0 1 0] forall x : usize . inv7 x = true + axiom inv7 : forall x : usize . inv7 x = true predicate invariant6 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant6 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : bool @@ -127,7 +127,7 @@ module C100doors_F val inv6 (_x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../100doors.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) . inv6 x = true + axiom inv6 : forall x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) . inv6 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant5 (self : Core_Option_Option_Type.t_option usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -138,7 +138,7 @@ module C100doors_F val inv5 (_x : Core_Option_Option_Type.t_option usize) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../100doors.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option usize . inv5 x = true + axiom inv5 : forall x : Core_Option_Option_Type.t_option usize . inv5 x = true use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type predicate invariant4 (self : borrowed (Core_Ops_Range_Range_Type.t_range usize)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -149,7 +149,7 @@ module C100doors_F val inv4 (_x : borrowed (Core_Ops_Range_Range_Type.t_range usize)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../100doors.rs" 1 0 1 0] forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv4 x = true + axiom inv4 : forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv4 x = true predicate invariant3 (self : Seq.seq bool) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : Seq.seq bool) : bool @@ -159,7 +159,7 @@ module C100doors_F val inv3 (_x : Seq.seq bool) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../100doors.rs" 1 0 1 0] forall x : Seq.seq bool . inv3 x = true + axiom inv3 : forall x : Seq.seq bool . inv3 x = true use prelude.Int use prelude.UIntSize let constant max0 : usize = [@vc:do_not_keep_trace] [@vc:sp] @@ -180,7 +180,7 @@ module C100doors_F val invariant2 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../100doors.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) . inv2 x = true + axiom inv2 : forall x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) . inv2 x = true predicate invariant1 (self : bool) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : bool) : bool @@ -190,7 +190,7 @@ module C100doors_F val inv1 (_x : bool) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../100doors.rs" 1 0 1 0] forall x : bool . inv1 x = true + axiom inv1 : forall x : bool . inv1 x = true use seq.Seq predicate inv0 (_x : Core_Ops_Range_Range_Type.t_range usize) val inv0 (_x : Core_Ops_Range_Range_Type.t_range usize) : bool @@ -236,7 +236,7 @@ module C100doors_F val invariant0 (self : Core_Ops_Range_Range_Type.t_range usize) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../100doors.rs" 1 0 1 0] forall x : Core_Ops_Range_Range_Type.t_range usize . inv0 x = true + axiom inv0 : forall x : Core_Ops_Range_Range_Type.t_range usize . inv0 x = true use prelude.Ghost predicate resolve3 (self : bool) = [#"../../../../creusot-contracts/src/resolve.rs" 45 8 45 12] true @@ -375,19 +375,19 @@ module C100doors_F goto BB0 } BB0 { - door_open <- ([#"../100doors.rs" 19 35 19 51] from_elem0 ([#"../100doors.rs" 19 40 19 45] [#"../100doors.rs" 19 40 19 45] false) ([#"../100doors.rs" 19 47 19 50] [#"../100doors.rs" 19 47 19 50] (100 : usize))); + [#"../../../../creusot-contracts/src/lib.rs" 250 8 250 40] door_open <- ([#"../100doors.rs" 19 35 19 51] from_elem0 ([#"../100doors.rs" 19 40 19 45] [#"../100doors.rs" 19 40 19 45] false) ([#"../100doors.rs" 19 47 19 50] [#"../100doors.rs" 19 47 19 50] (100 : usize))); goto BB1 } BB1 { - iter <- ([#"../100doors.rs" 20 4 20 41] into_iter0 ([#"../100doors.rs" 21 16 21 22] Core_Ops_Range_Range_Type.C_Range ([#"../100doors.rs" 21 16 21 17] [#"../100doors.rs" 21 16 21 17] (1 : usize)) ([#"../100doors.rs" 21 19 21 22] [#"../100doors.rs" 21 19 21 22] (101 : usize)))); + [#"../100doors.rs" 20 4 20 41] iter <- ([#"../100doors.rs" 20 4 20 41] into_iter0 ([#"../100doors.rs" 21 16 21 22] Core_Ops_Range_Range_Type.C_Range ([#"../100doors.rs" 21 16 21 17] [#"../100doors.rs" 21 16 21 17] (1 : usize)) ([#"../100doors.rs" 21 19 21 22] [#"../100doors.rs" 21 19 21 22] (101 : usize)))); goto BB2 } BB2 { - iter_old <- ([#"../100doors.rs" 20 4 20 41] Ghost.new iter); + [#"../100doors.rs" 20 4 20 41] iter_old <- ([#"../100doors.rs" 20 4 20 41] Ghost.new iter); goto BB3 } BB3 { - produced <- ([#"../100doors.rs" 20 4 20 41] Ghost.new (Seq.empty )); + [#"../100doors.rs" 20 4 20 41] produced <- ([#"../100doors.rs" 20 4 20 41] Ghost.new (Seq.empty )); goto BB4 } BB4 { @@ -403,11 +403,11 @@ module C100doors_F goto BB7 } BB7 { - _14 <- Borrow.borrow_mut iter; - iter <- ^ _14; - _13 <- Borrow.borrow_mut ( * _14); - _14 <- { _14 with current = ^ _13 }; - _12 <- ([#"../100doors.rs" 20 4 20 41] next0 _13); + [#"../100doors.rs" 20 4 20 41] _14 <- Borrow.borrow_mut iter; + [#"../100doors.rs" 20 4 20 41] iter <- ^ _14; + [#"../100doors.rs" 20 4 20 41] _13 <- Borrow.borrow_mut ( * _14); + [#"../100doors.rs" 20 4 20 41] _14 <- { _14 with current = ^ _13 }; + [#"../100doors.rs" 20 4 20 41] _12 <- ([#"../100doors.rs" 20 4 20 41] next0 _13); _13 <- any borrowed (Core_Ops_Range_Range_Type.t_range usize); goto BB8 } @@ -420,7 +420,7 @@ module C100doors_F } BB9 { assume { resolve2 door_open }; - _0 <- ([#"../100doors.rs" 20 4 20 41] ()); + [#"../100doors.rs" 20 4 20 41] _0 <- ([#"../100doors.rs" 20 4 20 41] ()); goto BB21 } BB10 { @@ -428,18 +428,19 @@ module C100doors_F } BB11 { assume { resolve2 door_open }; + assert { [#"../100doors.rs" 20 4 20 41] false }; absurd } BB12 { - __creusot_proc_iter_elem <- Core_Option_Option_Type.some_0 _12; - _17 <- ([#"../100doors.rs" 20 4 20 41] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); + [#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- ([#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _12); + [#"../100doors.rs" 20 4 20 41] _17 <- ([#"../100doors.rs" 20 4 20 41] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); goto BB13 } BB13 { - produced <- _17; - _17 <- any Ghost.ghost_ty (Seq.seq usize); - pass <- __creusot_proc_iter_elem; - door <- pass; + [#"../100doors.rs" 20 4 20 41] produced <- ([#"../100doors.rs" 20 4 20 41] _17); + [#"../100doors.rs" 20 4 20 41] _17 <- any Ghost.ghost_ty (Seq.seq usize); + [#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] pass <- ([#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem); + [#"../100doors.rs" 22 30 22 34] door <- ([#"../100doors.rs" 22 30 22 34] pass); goto BB14 } BB14 { @@ -451,31 +452,31 @@ module C100doors_F goto BB16 } BB16 { - switch ([#"../100doors.rs" 25 14 25 25] door <= ([#"../100doors.rs" 25 22 25 25] [#"../100doors.rs" 25 22 25 25] (100 : usize))) + switch ([#"../100doors.rs" 25 14 25 25] ([#"../100doors.rs" 25 14 25 18] door) <= ([#"../100doors.rs" 25 22 25 25] [#"../100doors.rs" 25 22 25 25] (100 : usize))) | False -> goto BB20 | True -> goto BB17 end } BB17 { - _26 <- ([#"../100doors.rs" 26 35 26 54] index0 ([#"../100doors.rs" 26 35 26 44] door_open) ([#"../100doors.rs" 26 45 26 53] door - ([#"../100doors.rs" 26 52 26 53] [#"../100doors.rs" 26 52 26 53] (1 : usize)))); + [#"../100doors.rs" 26 35 26 54] _26 <- ([#"../100doors.rs" 26 35 26 54] index0 ([#"../100doors.rs" 26 35 26 44] door_open) ([#"../100doors.rs" 26 45 26 53] ([#"../100doors.rs" 26 45 26 49] door) - ([#"../100doors.rs" 26 52 26 53] [#"../100doors.rs" 26 52 26 53] (1 : usize)))); goto BB18 } BB18 { - _31 <- Borrow.borrow_mut door_open; - door_open <- ^ _31; - _30 <- ([#"../100doors.rs" 26 12 26 31] index_mut0 _31 ([#"../100doors.rs" 26 22 26 30] door - ([#"../100doors.rs" 26 29 26 30] [#"../100doors.rs" 26 29 26 30] (1 : usize)))); + [#"../100doors.rs" 26 12 26 21] _31 <- Borrow.borrow_mut door_open; + [#"../100doors.rs" 26 12 26 21] door_open <- ^ _31; + [#"../100doors.rs" 26 12 26 31] _30 <- ([#"../100doors.rs" 26 12 26 31] index_mut0 _31 ([#"../100doors.rs" 26 22 26 30] ([#"../100doors.rs" 26 22 26 26] door) - ([#"../100doors.rs" 26 29 26 30] [#"../100doors.rs" 26 29 26 30] (1 : usize)))); _31 <- any borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)); goto BB19 } BB19 { - _30 <- { _30 with current = ([#"../100doors.rs" 26 12 26 54] not _26) }; + [#"../100doors.rs" 26 12 26 54] _30 <- { _30 with current = ([#"../100doors.rs" 26 12 26 54] not ([#"../100doors.rs" 26 35 26 54] _26)) }; assume { resolve1 _30 }; - door <- ([#"../100doors.rs" 27 12 27 24] door + pass); - _11 <- ([#"../100doors.rs" 25 26 28 9] ()); + [#"../100doors.rs" 27 12 27 24] door <- ([#"../100doors.rs" 27 12 27 24] door + ([#"../100doors.rs" 27 20 27 24] pass)); + [#"../100doors.rs" 25 26 28 9] _11 <- ([#"../100doors.rs" 25 26 28 9] ()); goto BB15 } BB20 { - _11 <- ([#"../100doors.rs" 25 8 28 9] ()); + [#"../100doors.rs" 25 8 28 9] _11 <- ([#"../100doors.rs" 25 8 28 9] ()); goto BB6 } BB21 { diff --git a/creusot/tests/should_succeed/all_zero.mlcfg b/creusot/tests/should_succeed/all_zero.mlcfg index babb04715a..d94cc91dc1 100644 --- a/creusot/tests/should_succeed/all_zero.mlcfg +++ b/creusot/tests/should_succeed/all_zero.mlcfg @@ -81,12 +81,12 @@ module AllZero_AllZero goto BB0 } BB0 { - old_l <- ([#"../all_zero.rs" 36 16 36 25] Ghost.new l); + [#"../all_zero.rs" 36 16 36 25] old_l <- ([#"../all_zero.rs" 36 16 36 25] Ghost.new l); goto BB1 } BB1 { - loop_l <- l; - l <- any borrowed (AllZero_List_Type.t_list); + [#"../all_zero.rs" 37 21 37 22] loop_l <- ([#"../all_zero.rs" 37 21 37 22] l); + [#"../all_zero.rs" 37 21 37 22] l <- any borrowed (AllZero_List_Type.t_list); goto BB2 } BB2 { @@ -104,23 +104,23 @@ module AllZero_AllZero goto BB5 } BB5 { - value <- Borrow.borrow_mut (AllZero_List_Type.cons_0 ( * loop_l)); - loop_l <- { loop_l with current = (let AllZero_List_Type.C_Cons x0 x1 = * loop_l in AllZero_List_Type.C_Cons ( ^ value) x1) }; - next <- Borrow.borrow_mut (AllZero_List_Type.cons_1 ( * loop_l)); - loop_l <- { loop_l with current = (let AllZero_List_Type.C_Cons x0 x1 = * loop_l in AllZero_List_Type.C_Cons x0 ( ^ next)) }; - value <- { value with current = ([#"../all_zero.rs" 44 17 44 18] [#"../all_zero.rs" 44 17 44 18] (0 : uint32)) }; + [#"../all_zero.rs" 43 19 43 24] value <- Borrow.borrow_mut (AllZero_List_Type.cons_0 ( * loop_l)); + [#"../all_zero.rs" 43 19 43 24] loop_l <- { loop_l with current = (let AllZero_List_Type.C_Cons x0 x1 = * loop_l in AllZero_List_Type.C_Cons ( ^ value) x1) }; + [#"../all_zero.rs" 43 26 43 30] next <- Borrow.borrow_mut (AllZero_List_Type.cons_1 ( * loop_l)); + [#"../all_zero.rs" 43 26 43 30] loop_l <- { loop_l with current = (let AllZero_List_Type.C_Cons x0 x1 = * loop_l in AllZero_List_Type.C_Cons x0 ( ^ next)) }; + [#"../all_zero.rs" 44 8 44 18] value <- { value with current = ([#"../all_zero.rs" 44 8 44 18] [#"../all_zero.rs" 44 17 44 18] (0 : uint32)) }; assume { resolve0 value }; - _13 <- Borrow.borrow_mut ( * next); - next <- { next with current = ^ _13 }; + [#"../all_zero.rs" 45 17 45 21] _13 <- Borrow.borrow_mut ( * next); + [#"../all_zero.rs" 45 17 45 21] next <- { next with current = ^ _13 }; assume { resolve1 loop_l }; - loop_l <- _13; - _13 <- any borrowed (AllZero_List_Type.t_list); + [#"../all_zero.rs" 45 8 45 21] loop_l <- ([#"../all_zero.rs" 45 8 45 21] _13); + [#"../all_zero.rs" 45 8 45 21] _13 <- any borrowed (AllZero_List_Type.t_list); assume { resolve2 next }; goto BB2 } BB6 { assume { resolve1 loop_l }; - _0 <- ([#"../all_zero.rs" 43 4 46 5] ()); + [#"../all_zero.rs" 43 4 46 5] _0 <- ([#"../all_zero.rs" 43 4 46 5] ()); return _0 } diff --git a/creusot/tests/should_succeed/bdd.mlcfg b/creusot/tests/should_succeed/bdd.mlcfg index e815ed7477..97164f123f 100644 --- a/creusot/tests/should_succeed/bdd.mlcfg +++ b/creusot/tests/should_succeed/bdd.mlcfg @@ -27,7 +27,7 @@ module Bdd_Hashmap_Impl2_Hash val inv2 (_x : v) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../bdd.rs" 1 0 1 0] forall x : v . inv2 x = true + axiom inv2 : forall x : v . inv2 x = true predicate invariant1 (self : u) val invariant1 (self : u) : bool ensures { result = invariant1 self } @@ -36,7 +36,7 @@ module Bdd_Hashmap_Impl2_Hash val inv1 (_x : u) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../bdd.rs" 1 0 1 0] forall x : u . inv1 x = true + axiom inv1 : forall x : u . inv1 x = true predicate invariant0 (self : (u, v)) val invariant0 (self : (u, v)) : bool ensures { result = invariant0 self } @@ -45,7 +45,7 @@ module Bdd_Hashmap_Impl2_Hash val inv0 (_x : (u, v)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../bdd.rs" 1 0 1 0] forall x : (u, v) . inv0 x = true + axiom inv0 : forall x : (u, v) . inv0 x = true use prelude.UInt64 use prelude.UInt64 use prelude.Int @@ -141,22 +141,22 @@ module Bdd_Hashmap_Impl2_Hash goto BB0 } BB0 { - _3 <- ([#"../bdd.rs" 77 12 77 25] hash0 ([#"../bdd.rs" 77 12 77 25] let (a, _) = self in a)); + [#"../bdd.rs" 77 12 77 25] _3 <- ([#"../bdd.rs" 77 12 77 25] hash0 ([#"../bdd.rs" 77 12 77 25] let (a, _) = self in a)); goto BB1 } BB1 { assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _6 <- ([#"../bdd.rs" 77 39 77 52] hash1 ([#"../bdd.rs" 77 39 77 52] let (_, a) = self in a)); + [#"../bdd.rs" 77 39 77 52] _6 <- ([#"../bdd.rs" 77 39 77 52] hash1 ([#"../bdd.rs" 77 39 77 52] let (_, a) = self in a)); goto BB2 } BB2 { - _5 <- ([#"../bdd.rs" 77 39 77 69] wrapping_mul0 _6 ([#"../bdd.rs" 77 66 77 68] [#"../bdd.rs" 77 66 77 68] (17 : uint64))); + [#"../bdd.rs" 77 39 77 69] _5 <- ([#"../bdd.rs" 77 39 77 69] wrapping_mul0 _6 ([#"../bdd.rs" 77 66 77 68] [#"../bdd.rs" 77 66 77 68] (17 : uint64))); _6 <- any uint64; goto BB3 } BB3 { - _0 <- ([#"../bdd.rs" 77 12 77 70] wrapping_add0 _3 _5); + [#"../bdd.rs" 77 12 77 70] _0 <- ([#"../bdd.rs" 77 12 77 70] wrapping_add0 _3 _5); _3 <- any uint64; _5 <- any uint64; goto BB4 @@ -218,7 +218,7 @@ module Bdd_Impl13_AssertReceiverIsTotalEq goto BB0 } BB0 { - _0 <- ([#"../bdd.rs" 90 9 90 11] ()); + [#"../bdd.rs" 90 9 90 11] _0 <- ([#"../bdd.rs" 90 9 90 11] ()); return _0 } @@ -254,7 +254,7 @@ module Bdd_Impl7_Eq goto BB0 } BB0 { - _0 <- ([#"../bdd.rs" 203 8 203 21] Bdd_Bdd_Type.bdd_1 self = Bdd_Bdd_Type.bdd_1 o); + [#"../bdd.rs" 203 8 203 21] _0 <- ([#"../bdd.rs" 203 8 203 21] ([#"../bdd.rs" 203 8 203 14] Bdd_Bdd_Type.bdd_1 self) = ([#"../bdd.rs" 203 18 203 21] Bdd_Bdd_Type.bdd_1 o)); return _0 } @@ -355,7 +355,7 @@ module Bdd_Impl14_Eq goto BB0 } BB0 { - _4 <- ([#"../bdd.rs" 90 13 90 22] (self, rhs)); + [#"../bdd.rs" 90 13 90 22] _4 <- ([#"../bdd.rs" 90 13 90 22] (([#"../bdd.rs" 90 13 90 22] self), ([#"../bdd.rs" 90 13 90 22] rhs))); switch (let (a, _) = _4 in a) | Bdd_Node_Type.C_False -> goto BB1 | Bdd_Node_Type.C_True -> goto BB4 @@ -373,7 +373,7 @@ module Bdd_Impl14_Eq } BB3 { assume { resolve0 _4 }; - _0 <- ([#"../bdd.rs" 90 13 90 22] [#"../bdd.rs" 90 13 90 22] false); + [#"../bdd.rs" 90 13 90 22] _0 <- ([#"../bdd.rs" 90 13 90 22] [#"../bdd.rs" 90 13 90 22] false); goto BB23 } BB4 { @@ -396,42 +396,42 @@ module Bdd_Impl14_Eq } BB8 { assume { resolve0 _4 }; - _0 <- ([#"../bdd.rs" 90 13 90 22] [#"../bdd.rs" 90 13 90 22] true); + [#"../bdd.rs" 90 13 90 22] _0 <- ([#"../bdd.rs" 90 13 90 22] [#"../bdd.rs" 90 13 90 22] true); goto BB23 } BB9 { assume { resolve0 _4 }; - _0 <- ([#"../bdd.rs" 90 13 90 22] [#"../bdd.rs" 90 13 90 22] true); + [#"../bdd.rs" 90 13 90 22] _0 <- ([#"../bdd.rs" 90 13 90 22] [#"../bdd.rs" 90 13 90 22] true); goto BB23 } BB10 { - v_1 <- ([#"../bdd.rs" 94 9 94 10] Bdd_Node_Type.if_v (let (a, _) = _4 in a)); - childt_1 <- ([#"../bdd.rs" 94 17 94 23] Bdd_Node_Type.if_childt (let (a, _) = _4 in a)); - childf_1 <- ([#"../bdd.rs" 94 38 94 44] Bdd_Node_Type.if_childf (let (a, _) = _4 in a)); - v_2 <- ([#"../bdd.rs" 94 9 94 10] Bdd_Node_Type.if_v (let (_, a) = _4 in a)); - childt_2 <- ([#"../bdd.rs" 94 17 94 23] Bdd_Node_Type.if_childt (let (_, a) = _4 in a)); - childf_2 <- ([#"../bdd.rs" 94 38 94 44] Bdd_Node_Type.if_childf (let (_, a) = _4 in a)); + [#"../bdd.rs" 94 9 94 10] v_1 <- ([#"../bdd.rs" 94 9 94 10] Bdd_Node_Type.if_v (let (a, _) = _4 in a)); + [#"../bdd.rs" 94 17 94 23] childt_1 <- ([#"../bdd.rs" 94 17 94 23] Bdd_Node_Type.if_childt (let (a, _) = _4 in a)); + [#"../bdd.rs" 94 38 94 44] childf_1 <- ([#"../bdd.rs" 94 38 94 44] Bdd_Node_Type.if_childf (let (a, _) = _4 in a)); + [#"../bdd.rs" 94 9 94 10] v_2 <- ([#"../bdd.rs" 94 9 94 10] Bdd_Node_Type.if_v (let (_, a) = _4 in a)); + [#"../bdd.rs" 94 17 94 23] childt_2 <- ([#"../bdd.rs" 94 17 94 23] Bdd_Node_Type.if_childt (let (_, a) = _4 in a)); + [#"../bdd.rs" 94 38 94 44] childf_2 <- ([#"../bdd.rs" 94 38 94 44] Bdd_Node_Type.if_childf (let (_, a) = _4 in a)); assume { resolve0 _4 }; - _19 <- ([#"../bdd.rs" 90 13 90 22] eq0 ([#"../bdd.rs" 90 13 90 22] childf_1) ([#"../bdd.rs" 94 38 94 44] childf_2)); + [#"../bdd.rs" 90 13 90 22] _19 <- ([#"../bdd.rs" 90 13 90 22] eq0 ([#"../bdd.rs" 90 13 90 22] childf_1) ([#"../bdd.rs" 94 38 94 44] childf_2)); goto BB20 } BB11 { - _0 <- ([#"../bdd.rs" 90 13 90 22] [#"../bdd.rs" 90 13 90 22] false); + [#"../bdd.rs" 90 13 90 22] _0 <- ([#"../bdd.rs" 90 13 90 22] [#"../bdd.rs" 90 13 90 22] false); goto BB13 } BB12 { - _0 <- ([#"../bdd.rs" 90 13 90 22] [#"../bdd.rs" 90 13 90 22] true); + [#"../bdd.rs" 90 13 90 22] _0 <- ([#"../bdd.rs" 90 13 90 22] [#"../bdd.rs" 90 13 90 22] true); goto BB13 } BB13 { goto BB23 } BB14 { - _17 <- ([#"../bdd.rs" 90 13 90 22] [#"../bdd.rs" 90 13 90 22] false); + [#"../bdd.rs" 90 13 90 22] _17 <- ([#"../bdd.rs" 90 13 90 22] [#"../bdd.rs" 90 13 90 22] false); goto BB16 } BB15 { - _25 <- ([#"../bdd.rs" 90 13 90 22] eq1 ([#"../bdd.rs" 90 13 90 22] v_1) ([#"../bdd.rs" 94 9 94 10] v_2)); + [#"../bdd.rs" 90 13 90 22] _25 <- ([#"../bdd.rs" 90 13 90 22] eq1 ([#"../bdd.rs" 90 13 90 22] v_1) ([#"../bdd.rs" 94 9 94 10] v_2)); goto BB22 } BB16 { @@ -441,11 +441,11 @@ module Bdd_Impl14_Eq end } BB17 { - _18 <- ([#"../bdd.rs" 90 13 90 22] [#"../bdd.rs" 90 13 90 22] false); + [#"../bdd.rs" 90 13 90 22] _18 <- ([#"../bdd.rs" 90 13 90 22] [#"../bdd.rs" 90 13 90 22] false); goto BB19 } BB18 { - _22 <- ([#"../bdd.rs" 90 13 90 22] eq0 ([#"../bdd.rs" 90 13 90 22] childt_1) ([#"../bdd.rs" 94 17 94 23] childt_2)); + [#"../bdd.rs" 90 13 90 22] _22 <- ([#"../bdd.rs" 90 13 90 22] eq0 ([#"../bdd.rs" 90 13 90 22] childt_1) ([#"../bdd.rs" 94 17 94 23] childt_2)); goto BB21 } BB19 { @@ -461,13 +461,13 @@ module Bdd_Impl14_Eq end } BB21 { - _18 <- _22; - _22 <- any bool; + [#"../bdd.rs" 90 13 90 22] _18 <- ([#"../bdd.rs" 90 13 90 22] _22); + [#"../bdd.rs" 90 13 90 22] _22 <- any bool; goto BB19 } BB22 { - _17 <- _25; - _25 <- any bool; + [#"../bdd.rs" 90 13 90 22] _17 <- ([#"../bdd.rs" 90 13 90 22] _25); + [#"../bdd.rs" 90 13 90 22] _25 <- any bool; goto BB16 } BB23 { @@ -488,7 +488,7 @@ module Bdd_Impl0_Clone goto BB0 } BB0 { - _0 <- self; + [#"../bdd.rs" 110 8 110 13] _0 <- ([#"../bdd.rs" 110 8 110 13] self); return _0 } @@ -537,36 +537,37 @@ module Bdd_Impl15_Clone goto BB6 } BB3 { - v_1 <- ([#"../bdd.rs" 94 9 94 10] Bdd_Node_Type.if_v self); - childt_1 <- ([#"../bdd.rs" 94 17 94 23] Bdd_Node_Type.if_childt self); - childf_1 <- ([#"../bdd.rs" 94 38 94 44] Bdd_Node_Type.if_childf self); - _9 <- ([#"../bdd.rs" 90 24 90 29] v_1); - _7 <- ([#"../bdd.rs" 90 24 90 29] clone0 ([#"../bdd.rs" 90 24 90 29] _9)); + [#"../bdd.rs" 94 9 94 10] v_1 <- ([#"../bdd.rs" 94 9 94 10] Bdd_Node_Type.if_v self); + [#"../bdd.rs" 94 17 94 23] childt_1 <- ([#"../bdd.rs" 94 17 94 23] Bdd_Node_Type.if_childt self); + [#"../bdd.rs" 94 38 94 44] childf_1 <- ([#"../bdd.rs" 94 38 94 44] Bdd_Node_Type.if_childf self); + [#"../bdd.rs" 90 24 90 29] _9 <- ([#"../bdd.rs" 90 24 90 29] v_1); + [#"../bdd.rs" 90 24 90 29] _7 <- ([#"../bdd.rs" 90 24 90 29] clone0 ([#"../bdd.rs" 90 24 90 29] _9)); goto BB7 } BB4 { + assert { [#"../bdd.rs" 90 24 90 29] false }; absurd } BB5 { - _0 <- ([#"../bdd.rs" 91 5 92 9] Bdd_Node_Type.C_False); + [#"../bdd.rs" 91 5 92 9] _0 <- ([#"../bdd.rs" 91 5 92 9] Bdd_Node_Type.C_False); goto BB10 } BB6 { - _0 <- ([#"../bdd.rs" 91 5 93 8] Bdd_Node_Type.C_True); + [#"../bdd.rs" 91 5 93 8] _0 <- ([#"../bdd.rs" 91 5 93 8] Bdd_Node_Type.C_True); goto BB10 } BB7 { - _12 <- ([#"../bdd.rs" 90 24 90 29] childt_1); - _10 <- ([#"../bdd.rs" 90 24 90 29] clone1 ([#"../bdd.rs" 90 24 90 29] _12)); + [#"../bdd.rs" 90 24 90 29] _12 <- ([#"../bdd.rs" 90 24 90 29] childt_1); + [#"../bdd.rs" 90 24 90 29] _10 <- ([#"../bdd.rs" 90 24 90 29] clone1 ([#"../bdd.rs" 90 24 90 29] _12)); goto BB8 } BB8 { - _15 <- ([#"../bdd.rs" 90 24 90 29] childf_1); - _13 <- ([#"../bdd.rs" 90 24 90 29] clone1 ([#"../bdd.rs" 90 24 90 29] _15)); + [#"../bdd.rs" 90 24 90 29] _15 <- ([#"../bdd.rs" 90 24 90 29] childf_1); + [#"../bdd.rs" 90 24 90 29] _13 <- ([#"../bdd.rs" 90 24 90 29] clone1 ([#"../bdd.rs" 90 24 90 29] _15)); goto BB9 } BB9 { - _0 <- ([#"../bdd.rs" 90 24 90 29] Bdd_Node_Type.C_If _7 _10 _13); + [#"../bdd.rs" 90 24 90 29] _0 <- ([#"../bdd.rs" 90 24 90 29] Bdd_Node_Type.C_If _7 _10 _13); _7 <- any uint64; _10 <- any Bdd_Bdd_Type.t_bdd; _13 <- any Bdd_Bdd_Type.t_bdd; @@ -588,7 +589,7 @@ module Bdd_Impl19_AssertReceiverIsTotalEq goto BB0 } BB0 { - _0 <- ([#"../bdd.rs" 104 15 104 17] ()); + [#"../bdd.rs" 104 15 104 17] _0 <- ([#"../bdd.rs" 104 15 104 17] ()); return _0 } @@ -680,34 +681,35 @@ module Bdd_Impl1_Hash goto BB6 } BB3 { - v <- ([#"../bdd.rs" 120 17 120 18] Bdd_Node_Type.if_v self); - childt <- ([#"../bdd.rs" 120 20 120 26] Bdd_Node_Type.if_childt self); - childf <- ([#"../bdd.rs" 120 28 120 34] Bdd_Node_Type.if_childf self); - _9 <- ([#"../bdd.rs" 121 31 121 55] wrapping_mul0 (Bdd_Bdd_Type.bdd_1 childt) ([#"../bdd.rs" 121 53 121 54] [#"../bdd.rs" 121 53 121 54] (5 : uint64))); + [#"../bdd.rs" 120 17 120 18] v <- ([#"../bdd.rs" 120 17 120 18] Bdd_Node_Type.if_v self); + [#"../bdd.rs" 120 20 120 26] childt <- ([#"../bdd.rs" 120 20 120 26] Bdd_Node_Type.if_childt self); + [#"../bdd.rs" 120 28 120 34] childf <- ([#"../bdd.rs" 120 28 120 34] Bdd_Node_Type.if_childf self); + [#"../bdd.rs" 121 31 121 55] _9 <- ([#"../bdd.rs" 121 31 121 55] wrapping_mul0 ([#"../bdd.rs" 121 31 121 39] Bdd_Bdd_Type.bdd_1 childt) ([#"../bdd.rs" 121 53 121 54] [#"../bdd.rs" 121 53 121 54] (5 : uint64))); goto BB7 } BB4 { + assert { [#"../bdd.rs" 117 14 117 18] false }; absurd } BB5 { - _0 <- ([#"../bdd.rs" 118 21 118 22] [#"../bdd.rs" 118 21 118 22] (1 : uint64)); + [#"../bdd.rs" 118 21 118 22] _0 <- ([#"../bdd.rs" 118 21 118 22] [#"../bdd.rs" 118 21 118 22] (1 : uint64)); goto BB11 } BB6 { - _0 <- ([#"../bdd.rs" 119 20 119 21] [#"../bdd.rs" 119 20 119 21] (2 : uint64)); + [#"../bdd.rs" 119 20 119 21] _0 <- ([#"../bdd.rs" 119 20 119 21] [#"../bdd.rs" 119 20 119 21] (2 : uint64)); goto BB11 } BB7 { - _7 <- ([#"../bdd.rs" 121 16 121 56] wrapping_add0 v _9); + [#"../bdd.rs" 121 16 121 56] _7 <- ([#"../bdd.rs" 121 16 121 56] wrapping_add0 ([#"../bdd.rs" 121 16 121 56] v) _9); _9 <- any uint64; goto BB8 } BB8 { - _11 <- ([#"../bdd.rs" 121 70 121 94] wrapping_mul0 (Bdd_Bdd_Type.bdd_1 childf) ([#"../bdd.rs" 121 92 121 93] [#"../bdd.rs" 121 92 121 93] (7 : uint64))); + [#"../bdd.rs" 121 70 121 94] _11 <- ([#"../bdd.rs" 121 70 121 94] wrapping_mul0 ([#"../bdd.rs" 121 70 121 78] Bdd_Bdd_Type.bdd_1 childf) ([#"../bdd.rs" 121 92 121 93] [#"../bdd.rs" 121 92 121 93] (7 : uint64))); goto BB9 } BB9 { - _0 <- ([#"../bdd.rs" 121 16 121 95] wrapping_add0 _7 _11); + [#"../bdd.rs" 121 16 121 95] _0 <- ([#"../bdd.rs" 121 16 121 95] wrapping_add0 _7 _11); _7 <- any uint64; _11 <- any uint64; goto BB10 @@ -756,7 +758,7 @@ module Bdd_Impl2_Hash goto BB0 } BB0 { - _0 <- Bdd_Bdd_Type.bdd_1 self; + [#"../bdd.rs" 143 8 143 14] _0 <- ([#"../bdd.rs" 143 8 143 14] Bdd_Bdd_Type.bdd_1 self); return _0 } @@ -934,7 +936,7 @@ module Bdd_Impl10_GrowsIsValidBdd_Impl val inv1 (_x : Bdd_Context_Type.t_context) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Context_Type.t_context . inv1 x = (invariant1 x /\ match x with + axiom inv1 : forall x : Bdd_Context_Type.t_context . inv1 x = (invariant1 x /\ match x with | Bdd_Context_Type.C_Context alloc hashcons hashcons_ghost not_memo and_memo cnt -> true end) predicate invariant0 (self : borrowed (Bdd_Context_Type.t_context)) = @@ -946,7 +948,7 @@ module Bdd_Impl10_GrowsIsValidBdd_Impl val inv0 (_x : borrowed (Bdd_Context_Type.t_context)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../bdd.rs" 1 0 1 0] forall x : borrowed (Bdd_Context_Type.t_context) . inv0 x = (inv1 ( * x) /\ inv1 ( ^ x)) + axiom inv0 : forall x : borrowed (Bdd_Context_Type.t_context) . inv0 x = (inv1 ( * x) /\ inv1 ( ^ x)) predicate grows0 [#"../bdd.rs" 296 4 296 35] (self : borrowed (Bdd_Context_Type.t_context)) = [#"../bdd.rs" 297 8 304 9] UInt64.to_int (Bdd_Context_Type.context_cnt ( * self)) <= UInt64.to_int (Bdd_Context_Type.context_cnt ( ^ self)) /\ (forall n : Bdd_NodeLog_Type.t_nodelog . match Map.get (shallow_model1 (Bdd_Context_Type.context_hashcons ( * self))) n with | Core_Option_Option_Type.C_Some b -> Map.get (shallow_model1 (Bdd_Context_Type.context_hashcons ( ^ self))) n = Core_Option_Option_Type.C_Some b @@ -1078,7 +1080,7 @@ module Bdd_Impl10_GrowsTrans_Impl val inv1 (_x : Bdd_Context_Type.t_context) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Context_Type.t_context . inv1 x = (invariant1 x /\ match x with + axiom inv1 : forall x : Bdd_Context_Type.t_context . inv1 x = (invariant1 x /\ match x with | Bdd_Context_Type.C_Context alloc hashcons hashcons_ghost not_memo and_memo cnt -> true end) predicate invariant0 (self : borrowed (Bdd_Context_Type.t_context)) = @@ -1090,7 +1092,7 @@ module Bdd_Impl10_GrowsTrans_Impl val inv0 (_x : borrowed (Bdd_Context_Type.t_context)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../bdd.rs" 1 0 1 0] forall x : borrowed (Bdd_Context_Type.t_context) . inv0 x = (inv1 ( * x) /\ inv1 ( ^ x)) + axiom inv0 : forall x : borrowed (Bdd_Context_Type.t_context) . inv0 x = (inv1 ( * x) /\ inv1 ( ^ x)) predicate grows0 [#"../bdd.rs" 296 4 296 35] (self : borrowed (Bdd_Context_Type.t_context)) = [#"../bdd.rs" 297 8 304 9] UInt64.to_int (Bdd_Context_Type.context_cnt ( * self)) <= UInt64.to_int (Bdd_Context_Type.context_cnt ( ^ self)) /\ (forall n : Bdd_NodeLog_Type.t_nodelog . match Map.get (shallow_model1 (Bdd_Context_Type.context_hashcons ( * self))) n with | Core_Option_Option_Type.C_Some b -> Map.get (shallow_model1 (Bdd_Context_Type.context_hashcons ( ^ self))) n = Core_Option_Option_Type.C_Some b @@ -1226,7 +1228,7 @@ module Bdd_Impl10_SetIrreleventVar_Impl val inv0 (_x : Bdd_Context_Type.t_context) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Context_Type.t_context . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : Bdd_Context_Type.t_context . inv0 x = (invariant0 x /\ match x with | Bdd_Context_Type.C_Context alloc hashcons hashcons_ghost not_memo and_memo cnt -> true end) use map.Map @@ -1356,7 +1358,7 @@ module Bdd_Impl10_DiscrValuation_Impl val inv0 (_x : Bdd_Context_Type.t_context) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Context_Type.t_context . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : Bdd_Context_Type.t_context . inv0 x = (invariant0 x /\ match x with | Bdd_Context_Type.C_Context alloc hashcons hashcons_ghost not_memo and_memo cnt -> true end) use map.Const @@ -1542,7 +1544,7 @@ module Bdd_Impl10_BddCanonical_Impl val inv0 (_x : Bdd_Context_Type.t_context) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Context_Type.t_context . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : Bdd_Context_Type.t_context . inv0 x = (invariant0 x /\ match x with | Bdd_Context_Type.C_Context alloc hashcons hashcons_ghost not_memo and_memo cnt -> true end) use map.Const @@ -1738,7 +1740,7 @@ module Bdd_Impl11_New val inv0 (_x : Bdd_Context_Type.t_context) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Context_Type.t_context . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : Bdd_Context_Type.t_context . inv0 x = (invariant0 x /\ match x with | Bdd_Context_Type.C_Context alloc hashcons hashcons_ghost not_memo and_memo cnt -> true end) use Bdd_Bumpalo_Bump_Type as Bdd_Bumpalo_Bump_Type @@ -1775,25 +1777,25 @@ module Bdd_Impl11_New goto BB0 } BB0 { - _10 <- ([#"../bdd.rs" 425 16 425 21] [#"../bdd.rs" 425 16 425 21] promoted0); - t <- ([#"../bdd.rs" 425 16 425 21] _10); - _5 <- ([#"../bdd.rs" 428 22 428 47] new0 ()); + [#"../bdd.rs" 425 16 425 21] _10 <- ([#"../bdd.rs" 425 16 425 21] [#"../bdd.rs" 425 16 425 21] promoted0); + [#"../bdd.rs" 425 16 425 21] t <- ([#"../bdd.rs" 425 16 425 21] _10); + [#"../bdd.rs" 428 22 428 47] _5 <- ([#"../bdd.rs" 428 22 428 47] new0 ()); goto BB1 } BB1 { - _6 <- ([#"../bdd.rs" 429 28 429 51] Ghost.new (Const.const t)); + [#"../bdd.rs" 429 28 429 51] _6 <- ([#"../bdd.rs" 429 28 429 51] Ghost.new (Const.const t)); goto BB2 } BB2 { - _8 <- ([#"../bdd.rs" 430 22 430 47] new2 ()); + [#"../bdd.rs" 430 22 430 47] _8 <- ([#"../bdd.rs" 430 22 430 47] new2 ()); goto BB3 } BB3 { - _9 <- ([#"../bdd.rs" 431 22 431 47] new3 ()); + [#"../bdd.rs" 431 22 431 47] _9 <- ([#"../bdd.rs" 431 22 431 47] new3 ()); goto BB4 } BB4 { - _0 <- ([#"../bdd.rs" 426 8 433 9] Bdd_Context_Type.C_Context ([#"../bdd.rs" 427 12 427 17] alloc) _5 _6 _8 _9 ([#"../bdd.rs" 432 17 432 18] [#"../bdd.rs" 432 17 432 18] (0 : uint64))); + [#"../bdd.rs" 426 8 433 9] _0 <- ([#"../bdd.rs" 426 8 433 9] Bdd_Context_Type.C_Context ([#"../bdd.rs" 427 12 427 17] alloc) _5 _6 _8 _9 ([#"../bdd.rs" 432 17 432 18] [#"../bdd.rs" 432 17 432 18] (0 : uint64))); _5 <- any Bdd_Hashmap_MyHashMap_Type.t_myhashmap (Bdd_Node_Type.t_node) (Bdd_Bdd_Type.t_bdd); _6 <- any Ghost.ghost_ty (Map.map uint64 (Bdd_Node_Type.t_node)); _8 <- any Bdd_Hashmap_MyHashMap_Type.t_myhashmap (Bdd_Bdd_Type.t_bdd) (Bdd_Bdd_Type.t_bdd); @@ -1916,7 +1918,7 @@ module Bdd_Impl11_Hashcons val inv7 (_x : Bdd_Context_Type.t_context) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Context_Type.t_context . inv7 x = (invariant7 x /\ match x with + axiom inv7 : forall x : Bdd_Context_Type.t_context . inv7 x = (invariant7 x /\ match x with | Bdd_Context_Type.C_Context alloc hashcons hashcons_ghost not_memo and_memo cnt -> true end) predicate invariant6 (self : Bdd_NodeLog_Type.t_nodelog) = @@ -1928,7 +1930,7 @@ module Bdd_Impl11_Hashcons val inv6 (_x : Bdd_NodeLog_Type.t_nodelog) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_NodeLog_Type.t_nodelog . inv6 x = true + axiom inv6 : forall x : Bdd_NodeLog_Type.t_nodelog . inv6 x = true predicate invariant5 (self : Bdd_Bdd_Type.t_bdd) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant5 (self : Bdd_Bdd_Type.t_bdd) : bool @@ -1938,7 +1940,7 @@ module Bdd_Impl11_Hashcons val inv5 (_x : Bdd_Bdd_Type.t_bdd) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Bdd_Type.t_bdd . inv5 x = true + axiom inv5 : forall x : Bdd_Bdd_Type.t_bdd . inv5 x = true predicate invariant4 (self : borrowed (Bdd_Node_Type.t_node)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant4 (self : borrowed (Bdd_Node_Type.t_node)) : bool @@ -1948,7 +1950,7 @@ module Bdd_Impl11_Hashcons val inv4 (_x : borrowed (Bdd_Node_Type.t_node)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../bdd.rs" 1 0 1 0] forall x : borrowed (Bdd_Node_Type.t_node) . inv4 x = true + axiom inv4 : forall x : borrowed (Bdd_Node_Type.t_node) . inv4 x = true predicate invariant3 (self : Bdd_Node_Type.t_node) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : Bdd_Node_Type.t_node) : bool @@ -1958,7 +1960,7 @@ module Bdd_Impl11_Hashcons val inv3 (_x : Bdd_Node_Type.t_node) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Node_Type.t_node . inv3 x = true + axiom inv3 : forall x : Bdd_Node_Type.t_node . inv3 x = true predicate invariant2 (self : Core_Option_Option_Type.t_option (Bdd_Bdd_Type.t_bdd)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : Core_Option_Option_Type.t_option (Bdd_Bdd_Type.t_bdd)) : bool @@ -1968,7 +1970,7 @@ module Bdd_Impl11_Hashcons val inv2 (_x : Core_Option_Option_Type.t_option (Bdd_Bdd_Type.t_bdd)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../bdd.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (Bdd_Bdd_Type.t_bdd) . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option (Bdd_Bdd_Type.t_bdd) . inv2 x = true predicate invariant1 (self : Bdd_Node_Type.t_node) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : Bdd_Node_Type.t_node) : bool @@ -1978,7 +1980,7 @@ module Bdd_Impl11_Hashcons val inv1 (_x : Bdd_Node_Type.t_node) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Node_Type.t_node . inv1 x = true + axiom inv1 : forall x : Bdd_Node_Type.t_node . inv1 x = true predicate invariant0 (self : borrowed (Bdd_Context_Type.t_context)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : borrowed (Bdd_Context_Type.t_context)) : bool @@ -1988,7 +1990,7 @@ module Bdd_Impl11_Hashcons val inv0 (_x : borrowed (Bdd_Context_Type.t_context)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../bdd.rs" 1 0 1 0] forall x : borrowed (Bdd_Context_Type.t_context) . inv0 x = (inv7 ( * x) /\ inv7 ( ^ x)) + axiom inv0 : forall x : borrowed (Bdd_Context_Type.t_context) . inv0 x = (inv7 ( * x) /\ inv7 ( ^ x)) predicate grows0 [#"../bdd.rs" 296 4 296 35] (self : borrowed (Bdd_Context_Type.t_context)) = [#"../bdd.rs" 297 8 304 9] UInt64.to_int (Bdd_Context_Type.context_cnt ( * self)) <= UInt64.to_int (Bdd_Context_Type.context_cnt ( ^ self)) /\ (forall n : Bdd_NodeLog_Type.t_nodelog . match Map.get (shallow_model3 (Bdd_Context_Type.context_hashcons ( * self))) n with | Core_Option_Option_Type.C_Some b -> Map.get (shallow_model3 (Bdd_Context_Type.context_hashcons ( ^ self))) n = Core_Option_Option_Type.C_Some b @@ -2075,8 +2077,8 @@ module Bdd_Impl11_Hashcons goto BB0 } BB0 { - _11 <- ([#"../bdd.rs" 441 44 441 46] n); - _8 <- ([#"../bdd.rs" 441 26 441 47] get0 ([#"../bdd.rs" 441 26 441 47] Bdd_Context_Type.context_hashcons ( * self)) ([#"../bdd.rs" 441 44 441 46] _11)); + [#"../bdd.rs" 441 44 441 46] _11 <- ([#"../bdd.rs" 441 44 441 46] n); + [#"../bdd.rs" 441 26 441 47] _8 <- ([#"../bdd.rs" 441 26 441 47] get0 ([#"../bdd.rs" 441 26 441 47] Bdd_Context_Type.context_hashcons ( * self)) ([#"../bdd.rs" 441 44 441 46] _11)); goto BB1 } BB1 { @@ -2089,34 +2091,34 @@ module Bdd_Impl11_Hashcons goto BB3 } BB3 { - r <- Core_Option_Option_Type.some_0 _8; + [#"../bdd.rs" 441 21 441 22] r <- ([#"../bdd.rs" 441 21 441 22] Core_Option_Option_Type.some_0 _8); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; assert { [@expl:assertion] [#"../bdd.rs" 442 28 442 38] shallow_model0 (Bdd_Bdd_Type.bdd_0 r) = shallow_model1 n }; - _0 <- r; + [#"../bdd.rs" 443 19 443 20] _0 <- ([#"../bdd.rs" 443 19 443 20] r); goto BB12 } BB4 { - _19 <- ([#"../bdd.rs" 445 20 445 39] alloc0 ([#"../bdd.rs" 445 20 445 39] Bdd_Context_Type.context_alloc ( * self)) n); + [#"../bdd.rs" 445 20 445 39] _19 <- ([#"../bdd.rs" 445 20 445 39] alloc0 ([#"../bdd.rs" 445 20 445 39] Bdd_Context_Type.context_alloc ( * self)) ([#"../bdd.rs" 445 37 445 38] n)); goto BB5 } BB5 { - r1 <- ([#"../bdd.rs" 445 16 445 50] Bdd_Bdd_Type.C_Bdd ([#"../bdd.rs" 445 20 445 39] * _19) (Bdd_Context_Type.context_cnt ( * self))); + [#"../bdd.rs" 445 16 445 50] r1 <- ([#"../bdd.rs" 445 16 445 50] Bdd_Bdd_Type.C_Bdd ([#"../bdd.rs" 445 20 445 39] * _19) ([#"../bdd.rs" 445 41 445 49] Bdd_Context_Type.context_cnt ( * self))); assume { resolve1 _19 }; - _24 <- Borrow.borrow_mut (Bdd_Context_Type.context_hashcons ( * self)); - self <- { self with current = (let Bdd_Context_Type.C_Context x0 x1 x2 x3 x4 x5 = * self in Bdd_Context_Type.C_Context x0 ( ^ _24) x2 x3 x4 x5) }; - _23 <- ([#"../bdd.rs" 446 8 446 31] add0 _24 n r1); + [#"../bdd.rs" 446 8 446 31] _24 <- Borrow.borrow_mut (Bdd_Context_Type.context_hashcons ( * self)); + [#"../bdd.rs" 446 8 446 31] self <- { self with current = (let Bdd_Context_Type.C_Context x0 x1 x2 x3 x4 x5 = * self in Bdd_Context_Type.C_Context x0 ( ^ _24) x2 x3 x4 x5) }; + [#"../bdd.rs" 446 8 446 31] _23 <- ([#"../bdd.rs" 446 8 446 31] add0 _24 ([#"../bdd.rs" 446 26 446 27] n) ([#"../bdd.rs" 446 29 446 30] r1)); _24 <- any borrowed (Bdd_Hashmap_MyHashMap_Type.t_myhashmap (Bdd_Node_Type.t_node) (Bdd_Bdd_Type.t_bdd)); goto BB6 } BB6 { - _27 <- ([#"../bdd.rs" 447 30 447 71] Ghost.new (Map.set (Ghost.inner (Bdd_Context_Type.context_hashcons_ghost ( * self))) (Bdd_Bdd_Type.bdd_1 r1) (Bdd_Bdd_Type.bdd_0 r1))); + [#"../bdd.rs" 447 30 447 71] _27 <- ([#"../bdd.rs" 447 30 447 71] Ghost.new (Map.set (Ghost.inner (Bdd_Context_Type.context_hashcons_ghost ( * self))) (Bdd_Bdd_Type.bdd_1 r1) (Bdd_Bdd_Type.bdd_0 r1))); goto BB7 } BB7 { - self <- { self with current = (let Bdd_Context_Type.C_Context x0 x1 x2 x3 x4 x5 = * self in Bdd_Context_Type.C_Context x0 x1 _27 x3 x4 x5) }; - _27 <- any Ghost.ghost_ty (Map.map uint64 (Bdd_Node_Type.t_node)); - switch ([#"../bdd.rs" 448 11 448 34] Bdd_Context_Type.context_cnt ( * self) > ([#"../bdd.rs" 448 22 448 34] ([#"../bdd.rs" 448 22 448 30] [#"../bdd.rs" 448 22 448 30] (18446744073709551615 : uint64)) - ([#"../bdd.rs" 448 33 448 34] [#"../bdd.rs" 448 33 448 34] (1 : uint64)))) + [#"../bdd.rs" 447 8 447 71] self <- { self with current = (let Bdd_Context_Type.C_Context x0 x1 x2 x3 x4 x5 = * self in Bdd_Context_Type.C_Context x0 x1 ([#"../bdd.rs" 447 8 447 71] _27) x3 x4 x5) }; + [#"../bdd.rs" 447 8 447 71] _27 <- any Ghost.ghost_ty (Map.map uint64 (Bdd_Node_Type.t_node)); + switch ([#"../bdd.rs" 448 11 448 34] ([#"../bdd.rs" 448 11 448 19] Bdd_Context_Type.context_cnt ( * self)) > ([#"../bdd.rs" 448 22 448 34] ([#"../bdd.rs" 448 22 448 30] [#"../bdd.rs" 448 22 448 30] (18446744073709551615 : uint64)) - ([#"../bdd.rs" 448 33 448 34] [#"../bdd.rs" 448 33 448 34] (1 : uint64)))) | False -> goto BB11 | True -> goto BB8 end @@ -2128,14 +2130,14 @@ module Bdd_Impl11_Hashcons goto BB10 } BB10 { - self <- { self with current = (let Bdd_Context_Type.C_Context x0 x1 x2 x3 x4 x5 = * self in Bdd_Context_Type.C_Context x0 x1 x2 x3 x4 (Bdd_Context_Type.context_cnt ( * self))) }; + [#"../bdd.rs" 451 16 451 35] self <- { self with current = (let Bdd_Context_Type.C_Context x0 x1 x2 x3 x4 x5 = * self in Bdd_Context_Type.C_Context x0 x1 x2 x3 x4 ([#"../bdd.rs" 451 27 451 35] Bdd_Context_Type.context_cnt ( * self))) }; goto BB9 } BB11 { - self <- { self with current = (let Bdd_Context_Type.C_Context x0 x1 x2 x3 x4 x5 = * self in Bdd_Context_Type.C_Context x0 x1 x2 x3 x4 ([#"../bdd.rs" 454 8 454 21] Bdd_Context_Type.context_cnt ( * self) + ([#"../bdd.rs" 454 20 454 21] [#"../bdd.rs" 454 20 454 21] (1 : uint64)))) }; + [#"../bdd.rs" 454 8 454 21] self <- { self with current = (let Bdd_Context_Type.C_Context x0 x1 x2 x3 x4 x5 = * self in Bdd_Context_Type.C_Context x0 x1 x2 x3 x4 ([#"../bdd.rs" 454 8 454 21] Bdd_Context_Type.context_cnt ( * self) + ([#"../bdd.rs" 454 20 454 21] [#"../bdd.rs" 454 20 454 21] (1 : uint64)))) }; assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _0 <- r1; + [#"../bdd.rs" 455 8 455 9] _0 <- ([#"../bdd.rs" 455 8 455 9] r1); goto BB12 } BB12 { @@ -2159,7 +2161,7 @@ module Bdd_Impl11_Node val inv1 (_x : borrowed (Bdd_Context_Type.t_context)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../bdd.rs" 1 0 1 0] forall x : borrowed (Bdd_Context_Type.t_context) . inv1 x = (inv0 ( * x) /\ inv0 ( ^ x)) + axiom inv1 : forall x : borrowed (Bdd_Context_Type.t_context) . inv1 x = (inv0 ( * x) /\ inv0 ( ^ x)) use Bdd_Bdd_Type as Bdd_Bdd_Type use Core_Option_Option_Type as Core_Option_Option_Type use prelude.UInt64 @@ -2267,7 +2269,7 @@ module Bdd_Impl11_Node val invariant0 [#"../bdd.rs" 262 4 262 30] (self : Bdd_Context_Type.t_context) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Context_Type.t_context . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : Bdd_Context_Type.t_context . inv0 x = (invariant0 x /\ match x with | Bdd_Context_Type.C_Context alloc hashcons hashcons_ghost not_memo and_memo cnt -> true end) predicate grows0 [#"../bdd.rs" 296 4 296 35] (self : borrowed (Bdd_Context_Type.t_context)) = @@ -2334,7 +2336,7 @@ module Bdd_Impl11_Node goto BB0 } BB0 { - _13 <- ([#"../bdd.rs" 466 11 466 27] eq0 ([#"../bdd.rs" 466 11 466 17] childt) ([#"../bdd.rs" 466 21 466 27] childf)); + [#"../bdd.rs" 466 11 466 27] _13 <- ([#"../bdd.rs" 466 11 466 27] eq0 ([#"../bdd.rs" 466 11 466 17] childt) ([#"../bdd.rs" 466 21 466 27] childf)); goto BB1 } BB1 { @@ -2346,14 +2348,14 @@ module Bdd_Impl11_Node BB2 { assert { [@expl:type invariant] inv1 self }; assume { resolve0 self }; - _0 <- childt; + [#"../bdd.rs" 467 19 467 25] _0 <- ([#"../bdd.rs" 467 19 467 25] childt); goto BB5 } BB3 { - _17 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _17 }; + [#"../bdd.rs" 469 8 469 50] _17 <- Borrow.borrow_mut ( * self); + [#"../bdd.rs" 469 8 469 50] self <- { self with current = ^ _17 }; assume { inv0 ( ^ _17) }; - _0 <- ([#"../bdd.rs" 469 8 469 50] hashcons0 _17 ([#"../bdd.rs" 469 22 469 49] Bdd_Node_Type.C_If x childt childf)); + [#"../bdd.rs" 469 8 469 50] _0 <- ([#"../bdd.rs" 469 8 469 50] hashcons0 _17 ([#"../bdd.rs" 469 22 469 49] Bdd_Node_Type.C_If ([#"../bdd.rs" 469 30 469 31] x) ([#"../bdd.rs" 469 33 469 39] childt) ([#"../bdd.rs" 469 41 469 47] childf))); _17 <- any borrowed (Bdd_Context_Type.t_context); goto BB4 } @@ -2383,7 +2385,7 @@ module Bdd_Impl11_True val inv1 (_x : borrowed (Bdd_Context_Type.t_context)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../bdd.rs" 1 0 1 0] forall x : borrowed (Bdd_Context_Type.t_context) . inv1 x = (inv0 ( * x) /\ inv0 ( ^ x)) + axiom inv1 : forall x : borrowed (Bdd_Context_Type.t_context) . inv1 x = (inv0 ( * x) /\ inv0 ( ^ x)) use Bdd_Bdd_Type as Bdd_Bdd_Type use Core_Option_Option_Type as Core_Option_Option_Type use prelude.UInt64 @@ -2491,7 +2493,7 @@ module Bdd_Impl11_True val invariant0 [#"../bdd.rs" 262 4 262 30] (self : Bdd_Context_Type.t_context) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Context_Type.t_context . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : Bdd_Context_Type.t_context . inv0 x = (invariant0 x /\ match x with | Bdd_Context_Type.C_Context alloc hashcons hashcons_ghost not_memo and_memo cnt -> true end) predicate grows0 [#"../bdd.rs" 296 4 296 35] (self : borrowed (Bdd_Context_Type.t_context)) = @@ -2529,10 +2531,10 @@ module Bdd_Impl11_True goto BB0 } BB0 { - _6 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _6 }; + [#"../bdd.rs" 477 8 477 27] _6 <- Borrow.borrow_mut ( * self); + [#"../bdd.rs" 477 8 477 27] self <- { self with current = ^ _6 }; assume { inv0 ( ^ _6) }; - _0 <- ([#"../bdd.rs" 477 8 477 27] hashcons0 _6 ([#"../bdd.rs" 477 22 477 26] Bdd_Node_Type.C_True)); + [#"../bdd.rs" 477 8 477 27] _0 <- ([#"../bdd.rs" 477 8 477 27] hashcons0 _6 ([#"../bdd.rs" 477 22 477 26] Bdd_Node_Type.C_True)); _6 <- any borrowed (Bdd_Context_Type.t_context); goto BB1 } @@ -2559,7 +2561,7 @@ module Bdd_Impl11_False val inv1 (_x : borrowed (Bdd_Context_Type.t_context)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../bdd.rs" 1 0 1 0] forall x : borrowed (Bdd_Context_Type.t_context) . inv1 x = (inv0 ( * x) /\ inv0 ( ^ x)) + axiom inv1 : forall x : borrowed (Bdd_Context_Type.t_context) . inv1 x = (inv0 ( * x) /\ inv0 ( ^ x)) use Bdd_Bdd_Type as Bdd_Bdd_Type use Core_Option_Option_Type as Core_Option_Option_Type use prelude.UInt64 @@ -2667,7 +2669,7 @@ module Bdd_Impl11_False val invariant0 [#"../bdd.rs" 262 4 262 30] (self : Bdd_Context_Type.t_context) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Context_Type.t_context . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : Bdd_Context_Type.t_context . inv0 x = (invariant0 x /\ match x with | Bdd_Context_Type.C_Context alloc hashcons hashcons_ghost not_memo and_memo cnt -> true end) predicate grows0 [#"../bdd.rs" 296 4 296 35] (self : borrowed (Bdd_Context_Type.t_context)) = @@ -2705,10 +2707,10 @@ module Bdd_Impl11_False goto BB0 } BB0 { - _6 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _6 }; + [#"../bdd.rs" 485 8 485 28] _6 <- Borrow.borrow_mut ( * self); + [#"../bdd.rs" 485 8 485 28] self <- { self with current = ^ _6 }; assume { inv0 ( ^ _6) }; - _0 <- ([#"../bdd.rs" 485 8 485 28] hashcons0 _6 ([#"../bdd.rs" 485 22 485 27] Bdd_Node_Type.C_False)); + [#"../bdd.rs" 485 8 485 28] _0 <- ([#"../bdd.rs" 485 8 485 28] hashcons0 _6 ([#"../bdd.rs" 485 22 485 27] Bdd_Node_Type.C_False)); _6 <- any borrowed (Bdd_Context_Type.t_context); goto BB1 } @@ -2735,7 +2737,7 @@ module Bdd_Impl11_V val inv1 (_x : borrowed (Bdd_Context_Type.t_context)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../bdd.rs" 1 0 1 0] forall x : borrowed (Bdd_Context_Type.t_context) . inv1 x = (inv0 ( * x) /\ inv0 ( ^ x)) + axiom inv1 : forall x : borrowed (Bdd_Context_Type.t_context) . inv1 x = (inv0 ( * x) /\ inv0 ( ^ x)) use Bdd_Bdd_Type as Bdd_Bdd_Type use Core_Option_Option_Type as Core_Option_Option_Type use prelude.UInt64 @@ -2843,7 +2845,7 @@ module Bdd_Impl11_V val invariant0 [#"../bdd.rs" 262 4 262 30] (self : Bdd_Context_Type.t_context) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Context_Type.t_context . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : Bdd_Context_Type.t_context . inv0 x = (invariant0 x /\ match x with | Bdd_Context_Type.C_Context alloc hashcons hashcons_ghost not_memo and_memo cnt -> true end) predicate grows0 [#"../bdd.rs" 296 4 296 35] (self : borrowed (Bdd_Context_Type.t_context)) = @@ -2906,26 +2908,26 @@ module Bdd_Impl11_V goto BB0 } BB0 { - _7 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _7 }; + [#"../bdd.rs" 492 16 492 28] _7 <- Borrow.borrow_mut ( * self); + [#"../bdd.rs" 492 16 492 28] self <- { self with current = ^ _7 }; assume { inv0 ( ^ _7) }; - t <- ([#"../bdd.rs" 492 16 492 28] true0 _7); + [#"../bdd.rs" 492 16 492 28] t <- ([#"../bdd.rs" 492 16 492 28] true0 _7); _7 <- any borrowed (Bdd_Context_Type.t_context); goto BB1 } BB1 { - _9 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _9 }; + [#"../bdd.rs" 493 16 493 29] _9 <- Borrow.borrow_mut ( * self); + [#"../bdd.rs" 493 16 493 29] self <- { self with current = ^ _9 }; assume { inv0 ( ^ _9) }; - f <- ([#"../bdd.rs" 493 16 493 29] false0 _9); + [#"../bdd.rs" 493 16 493 29] f <- ([#"../bdd.rs" 493 16 493 29] false0 _9); _9 <- any borrowed (Bdd_Context_Type.t_context); goto BB2 } BB2 { - _10 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _10 }; + [#"../bdd.rs" 494 8 494 26] _10 <- Borrow.borrow_mut ( * self); + [#"../bdd.rs" 494 8 494 26] self <- { self with current = ^ _10 }; assume { inv0 ( ^ _10) }; - _0 <- ([#"../bdd.rs" 494 8 494 26] node0 _10 x t f); + [#"../bdd.rs" 494 8 494 26] _0 <- ([#"../bdd.rs" 494 8 494 26] node0 _10 ([#"../bdd.rs" 494 18 494 19] x) ([#"../bdd.rs" 494 21 494 22] t) ([#"../bdd.rs" 494 24 494 25] f)); _10 <- any borrowed (Bdd_Context_Type.t_context); goto BB3 } @@ -2947,7 +2949,7 @@ module Bdd_Impl11_Not val inv5 (_x : uint64) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../bdd.rs" 1 0 1 0] forall x : uint64 . inv5 x = true + axiom inv5 : forall x : uint64 . inv5 x = true use Bdd_Bdd_Type as Bdd_Bdd_Type predicate invariant4 (self : Bdd_Bdd_Type.t_bdd) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -2958,7 +2960,7 @@ module Bdd_Impl11_Not val inv4 (_x : Bdd_Bdd_Type.t_bdd) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Bdd_Type.t_bdd . inv4 x = true + axiom inv4 : forall x : Bdd_Bdd_Type.t_bdd . inv4 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant3 (self : Core_Option_Option_Type.t_option (Bdd_Bdd_Type.t_bdd)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -2969,7 +2971,7 @@ module Bdd_Impl11_Not val inv3 (_x : Core_Option_Option_Type.t_option (Bdd_Bdd_Type.t_bdd)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../bdd.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (Bdd_Bdd_Type.t_bdd) . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option (Bdd_Bdd_Type.t_bdd) . inv3 x = true predicate invariant2 (self : Bdd_Bdd_Type.t_bdd) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : Bdd_Bdd_Type.t_bdd) : bool @@ -2979,7 +2981,7 @@ module Bdd_Impl11_Not val inv2 (_x : Bdd_Bdd_Type.t_bdd) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Bdd_Type.t_bdd . inv2 x = true + axiom inv2 : forall x : Bdd_Bdd_Type.t_bdd . inv2 x = true use map.Map use Bdd_Hashmap_MyHashMap_Type as Bdd_Hashmap_MyHashMap_Type use Bdd_NodeLog_Type as Bdd_NodeLog_Type @@ -3090,7 +3092,7 @@ module Bdd_Impl11_Not val inv1 (_x : Bdd_Context_Type.t_context) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Context_Type.t_context . inv1 x = (invariant1 x /\ match x with + axiom inv1 : forall x : Bdd_Context_Type.t_context . inv1 x = (invariant1 x /\ match x with | Bdd_Context_Type.C_Context alloc hashcons hashcons_ghost not_memo and_memo cnt -> true end) predicate invariant0 (self : borrowed (Bdd_Context_Type.t_context)) = @@ -3102,7 +3104,7 @@ module Bdd_Impl11_Not val inv0 (_x : borrowed (Bdd_Context_Type.t_context)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../bdd.rs" 1 0 1 0] forall x : borrowed (Bdd_Context_Type.t_context) . inv0 x = (inv1 ( * x) /\ inv1 ( ^ x)) + axiom inv0 : forall x : borrowed (Bdd_Context_Type.t_context) . inv0 x = (inv1 ( * x) /\ inv1 ( ^ x)) function size0 [#"../bdd.rs" 224 4 224 24] (self : Bdd_Bdd_Type.t_bdd) : int = [#"../bdd.rs" 226 12 234 13] match self with | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_True) _ -> 0 @@ -3228,8 +3230,8 @@ module Bdd_Impl11_Not goto BB0 } BB0 { - _13 <- ([#"../bdd.rs" 504 43 504 45] x); - _10 <- ([#"../bdd.rs" 504 25 504 46] get0 ([#"../bdd.rs" 504 25 504 46] Bdd_Context_Type.context_not_memo ( * self)) ([#"../bdd.rs" 504 43 504 45] _13)); + [#"../bdd.rs" 504 43 504 45] _13 <- ([#"../bdd.rs" 504 43 504 45] x); + [#"../bdd.rs" 504 25 504 46] _10 <- ([#"../bdd.rs" 504 25 504 46] get0 ([#"../bdd.rs" 504 25 504 46] Bdd_Context_Type.context_not_memo ( * self)) ([#"../bdd.rs" 504 43 504 45] _13)); goto BB1 } BB1 { @@ -3242,8 +3244,8 @@ module Bdd_Impl11_Not goto BB3 } BB3 { - r <- Core_Option_Option_Type.some_0 _10; - _0 <- r; + [#"../bdd.rs" 504 20 504 21] r <- ([#"../bdd.rs" 504 20 504 21] Core_Option_Option_Type.some_0 _10); + [#"../bdd.rs" 505 19 505 21] _0 <- ([#"../bdd.rs" 505 19 505 21] r); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; goto BB18 @@ -3251,6 +3253,7 @@ module Bdd_Impl11_Not BB4 { assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; + assert { [#"../bdd.rs" 504 47 506 9] false }; absurd } BB5 { @@ -3267,21 +3270,21 @@ module Bdd_Impl11_Not goto BB9 } BB8 { - v <- Bdd_Node_Type.if_v (Bdd_Bdd_Type.bdd_0 x); - childt <- Bdd_Node_Type.if_childt (Bdd_Bdd_Type.bdd_0 x); - childf <- Bdd_Node_Type.if_childf (Bdd_Bdd_Type.bdd_0 x); - _25 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _25 }; + [#"../bdd.rs" 510 17 510 18] v <- ([#"../bdd.rs" 510 17 510 18] Bdd_Node_Type.if_v (Bdd_Bdd_Type.bdd_0 x)); + [#"../bdd.rs" 510 20 510 26] childt <- ([#"../bdd.rs" 510 20 510 26] Bdd_Node_Type.if_childt (Bdd_Bdd_Type.bdd_0 x)); + [#"../bdd.rs" 510 28 510 34] childf <- ([#"../bdd.rs" 510 28 510 34] Bdd_Node_Type.if_childf (Bdd_Bdd_Type.bdd_0 x)); + [#"../bdd.rs" 511 29 511 45] _25 <- Borrow.borrow_mut ( * self); + [#"../bdd.rs" 511 29 511 45] self <- { self with current = ^ _25 }; assume { inv1 ( ^ _25) }; - childt1 <- ([#"../bdd.rs" 511 29 511 45] not' _25 childt); + [#"../bdd.rs" 511 29 511 45] childt1 <- ([#"../bdd.rs" 511 29 511 45] not' _25 ([#"../bdd.rs" 511 38 511 44] childt)); _25 <- any borrowed (Bdd_Context_Type.t_context); goto BB13 } BB9 { - _19 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _19 }; + [#"../bdd.rs" 508 20 508 33] _19 <- Borrow.borrow_mut ( * self); + [#"../bdd.rs" 508 20 508 33] self <- { self with current = ^ _19 }; assume { inv1 ( ^ _19) }; - r1 <- ([#"../bdd.rs" 508 20 508 33] false0 _19); + [#"../bdd.rs" 508 20 508 33] r1 <- ([#"../bdd.rs" 508 20 508 33] false0 _19); _19 <- any borrowed (Bdd_Context_Type.t_context); goto BB10 } @@ -3289,10 +3292,10 @@ module Bdd_Impl11_Not goto BB16 } BB11 { - _20 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _20 }; + [#"../bdd.rs" 509 21 509 33] _20 <- Borrow.borrow_mut ( * self); + [#"../bdd.rs" 509 21 509 33] self <- { self with current = ^ _20 }; assume { inv1 ( ^ _20) }; - r1 <- ([#"../bdd.rs" 509 21 509 33] true0 _20); + [#"../bdd.rs" 509 21 509 33] r1 <- ([#"../bdd.rs" 509 21 509 33] true0 _20); _20 <- any borrowed (Bdd_Context_Type.t_context); goto BB12 } @@ -3300,18 +3303,18 @@ module Bdd_Impl11_Not goto BB16 } BB13 { - _28 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _28 }; + [#"../bdd.rs" 512 29 512 45] _28 <- Borrow.borrow_mut ( * self); + [#"../bdd.rs" 512 29 512 45] self <- { self with current = ^ _28 }; assume { inv1 ( ^ _28) }; - childf1 <- ([#"../bdd.rs" 512 29 512 45] not' _28 childf); + [#"../bdd.rs" 512 29 512 45] childf1 <- ([#"../bdd.rs" 512 29 512 45] not' _28 ([#"../bdd.rs" 512 38 512 44] childf)); _28 <- any borrowed (Bdd_Context_Type.t_context); goto BB14 } BB14 { - _30 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _30 }; + [#"../bdd.rs" 513 16 513 44] _30 <- Borrow.borrow_mut ( * self); + [#"../bdd.rs" 513 16 513 44] self <- { self with current = ^ _30 }; assume { inv1 ( ^ _30) }; - r1 <- ([#"../bdd.rs" 513 16 513 44] node0 _30 v childt1 childf1); + [#"../bdd.rs" 513 16 513 44] r1 <- ([#"../bdd.rs" 513 16 513 44] node0 _30 ([#"../bdd.rs" 513 26 513 27] v) ([#"../bdd.rs" 513 29 513 35] childt1) ([#"../bdd.rs" 513 37 513 43] childf1)); _30 <- any borrowed (Bdd_Context_Type.t_context); goto BB15 } @@ -3319,16 +3322,16 @@ module Bdd_Impl11_Not goto BB16 } BB16 { - _35 <- Borrow.borrow_mut (Bdd_Context_Type.context_not_memo ( * self)); - self <- { self with current = (let Bdd_Context_Type.C_Context x0 x1 x2 x3 x4 x5 = * self in Bdd_Context_Type.C_Context x0 x1 x2 ( ^ _35) x4 x5) }; - _34 <- ([#"../bdd.rs" 516 8 516 31] add0 _35 x r1); + [#"../bdd.rs" 516 8 516 31] _35 <- Borrow.borrow_mut (Bdd_Context_Type.context_not_memo ( * self)); + [#"../bdd.rs" 516 8 516 31] self <- { self with current = (let Bdd_Context_Type.C_Context x0 x1 x2 x3 x4 x5 = * self in Bdd_Context_Type.C_Context x0 x1 x2 ( ^ _35) x4 x5) }; + [#"../bdd.rs" 516 8 516 31] _34 <- ([#"../bdd.rs" 516 8 516 31] add0 _35 ([#"../bdd.rs" 516 26 516 27] x) ([#"../bdd.rs" 516 29 516 30] r1)); _35 <- any borrowed (Bdd_Hashmap_MyHashMap_Type.t_myhashmap (Bdd_Bdd_Type.t_bdd) (Bdd_Bdd_Type.t_bdd)); goto BB17 } BB17 { assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _0 <- r1; + [#"../bdd.rs" 517 8 517 9] _0 <- ([#"../bdd.rs" 517 8 517 9] r1); goto BB18 } BB18 { @@ -3354,7 +3357,7 @@ module Bdd_Impl11_And val inv6 (_x : (uint64, uint64)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../bdd.rs" 1 0 1 0] forall x : (uint64, uint64) . inv6 x = true + axiom inv6 : forall x : (uint64, uint64) . inv6 x = true use Bdd_Bdd_Type as Bdd_Bdd_Type predicate invariant5 (self : Bdd_Bdd_Type.t_bdd) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -3365,7 +3368,7 @@ module Bdd_Impl11_And val inv5 (_x : Bdd_Bdd_Type.t_bdd) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Bdd_Type.t_bdd . inv5 x = true + axiom inv5 : forall x : Bdd_Bdd_Type.t_bdd . inv5 x = true predicate invariant4 (self : (Bdd_Bdd_Type.t_bdd, Bdd_Bdd_Type.t_bdd)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant4 (self : (Bdd_Bdd_Type.t_bdd, Bdd_Bdd_Type.t_bdd)) : bool @@ -3375,7 +3378,7 @@ module Bdd_Impl11_And val inv4 (_x : (Bdd_Bdd_Type.t_bdd, Bdd_Bdd_Type.t_bdd)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../bdd.rs" 1 0 1 0] forall x : (Bdd_Bdd_Type.t_bdd, Bdd_Bdd_Type.t_bdd) . inv4 x = true + axiom inv4 : forall x : (Bdd_Bdd_Type.t_bdd, Bdd_Bdd_Type.t_bdd) . inv4 x = true use prelude.Int function eq_cmp0 (_1 : int) (_2 : int) : () val eq_cmp0 (_1 : int) (_2 : int) : () @@ -3424,7 +3427,7 @@ module Bdd_Impl11_And val inv3 (_x : Core_Option_Option_Type.t_option (Bdd_Bdd_Type.t_bdd)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../bdd.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (Bdd_Bdd_Type.t_bdd) . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option (Bdd_Bdd_Type.t_bdd) . inv3 x = true predicate invariant2 (self : (Bdd_Bdd_Type.t_bdd, Bdd_Bdd_Type.t_bdd)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : (Bdd_Bdd_Type.t_bdd, Bdd_Bdd_Type.t_bdd)) : bool @@ -3434,7 +3437,7 @@ module Bdd_Impl11_And val inv2 (_x : (Bdd_Bdd_Type.t_bdd, Bdd_Bdd_Type.t_bdd)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../bdd.rs" 1 0 1 0] forall x : (Bdd_Bdd_Type.t_bdd, Bdd_Bdd_Type.t_bdd) . inv2 x = true + axiom inv2 : forall x : (Bdd_Bdd_Type.t_bdd, Bdd_Bdd_Type.t_bdd) . inv2 x = true use map.Map use Bdd_Hashmap_MyHashMap_Type as Bdd_Hashmap_MyHashMap_Type use Bdd_NodeLog_Type as Bdd_NodeLog_Type @@ -3544,7 +3547,7 @@ module Bdd_Impl11_And val inv1 (_x : Bdd_Context_Type.t_context) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Context_Type.t_context . inv1 x = (invariant1 x /\ match x with + axiom inv1 : forall x : Bdd_Context_Type.t_context . inv1 x = (invariant1 x /\ match x with | Bdd_Context_Type.C_Context alloc hashcons hashcons_ghost not_memo and_memo cnt -> true end) predicate invariant0 (self : borrowed (Bdd_Context_Type.t_context)) = @@ -3556,7 +3559,7 @@ module Bdd_Impl11_And val inv0 (_x : borrowed (Bdd_Context_Type.t_context)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../bdd.rs" 1 0 1 0] forall x : borrowed (Bdd_Context_Type.t_context) . inv0 x = (inv1 ( * x) /\ inv1 ( ^ x)) + axiom inv0 : forall x : borrowed (Bdd_Context_Type.t_context) . inv0 x = (inv1 ( * x) /\ inv1 ( ^ x)) function size0 [#"../bdd.rs" 224 4 224 24] (self : Bdd_Bdd_Type.t_bdd) : int = [#"../bdd.rs" 226 12 234 13] match self with | Bdd_Bdd_Type.C_Bdd (Bdd_Node_Type.C_True) _ -> 0 @@ -3737,9 +3740,9 @@ module Bdd_Impl11_And goto BB0 } BB0 { - _16 <- ([#"../bdd.rs" 528 44 528 50] (a, b)); - _15 <- ([#"../bdd.rs" 528 43 528 50] _16); - _12 <- ([#"../bdd.rs" 528 25 528 51] get0 ([#"../bdd.rs" 528 25 528 51] Bdd_Context_Type.context_and_memo ( * self)) ([#"../bdd.rs" 528 43 528 50] _15)); + [#"../bdd.rs" 528 44 528 50] _16 <- ([#"../bdd.rs" 528 44 528 50] (([#"../bdd.rs" 528 45 528 46] a), ([#"../bdd.rs" 528 48 528 49] b))); + [#"../bdd.rs" 528 43 528 50] _15 <- ([#"../bdd.rs" 528 43 528 50] _16); + [#"../bdd.rs" 528 25 528 51] _12 <- ([#"../bdd.rs" 528 25 528 51] get0 ([#"../bdd.rs" 528 25 528 51] Bdd_Context_Type.context_and_memo ( * self)) ([#"../bdd.rs" 528 43 528 50] _15)); goto BB1 } BB1 { @@ -3753,17 +3756,18 @@ module Bdd_Impl11_And goto BB3 } BB3 { - r <- Core_Option_Option_Type.some_0 _12; - _0 <- r; + [#"../bdd.rs" 528 20 528 21] r <- ([#"../bdd.rs" 528 20 528 21] Core_Option_Option_Type.some_0 _12); + [#"../bdd.rs" 529 19 529 21] _0 <- ([#"../bdd.rs" 529 19 529 21] r); assert { [@expl:type invariant] inv0 self }; assume { resolve1 self }; goto BB35 } BB4 { + assert { [#"../bdd.rs" 528 52 530 9] false }; absurd } BB5 { - _23 <- ([#"../bdd.rs" 531 22 531 34] (Bdd_Bdd_Type.bdd_0 a, Bdd_Bdd_Type.bdd_0 b)); + [#"../bdd.rs" 531 22 531 34] _23 <- ([#"../bdd.rs" 531 22 531 34] (([#"../bdd.rs" 531 23 531 27] Bdd_Bdd_Type.bdd_0 a), ([#"../bdd.rs" 531 29 531 33] Bdd_Bdd_Type.bdd_0 b))); switch (let (a, _) = _23 in a) | Bdd_Node_Type.C_True -> goto BB7 | _ -> goto BB6 @@ -3807,33 +3811,33 @@ module Bdd_Impl11_And end } BB14 { - vb <- Bdd_Node_Type.if_v (let (_, a) = _23 in a); - childtb <- Bdd_Node_Type.if_childt (let (_, a) = _23 in a); - childfb <- Bdd_Node_Type.if_childf (let (_, a) = _23 in a); - va <- Bdd_Node_Type.if_v (let (a, _) = _23 in a); - childta <- Bdd_Node_Type.if_childt (let (a, _) = _23 in a); - childfa <- Bdd_Node_Type.if_childf (let (a, _) = _23 in a); + [#"../bdd.rs" 537 24 537 26] vb <- ([#"../bdd.rs" 537 24 537 26] Bdd_Node_Type.if_v (let (_, a) = _23 in a)); + [#"../bdd.rs" 537 36 537 43] childtb <- ([#"../bdd.rs" 537 36 537 43] Bdd_Node_Type.if_childt (let (_, a) = _23 in a)); + [#"../bdd.rs" 537 53 537 60] childfb <- ([#"../bdd.rs" 537 53 537 60] Bdd_Node_Type.if_childf (let (_, a) = _23 in a)); + [#"../bdd.rs" 536 24 536 26] va <- ([#"../bdd.rs" 536 24 536 26] Bdd_Node_Type.if_v (let (a, _) = _23 in a)); + [#"../bdd.rs" 536 36 536 43] childta <- ([#"../bdd.rs" 536 36 536 43] Bdd_Node_Type.if_childt (let (a, _) = _23 in a)); + [#"../bdd.rs" 536 53 536 60] childfa <- ([#"../bdd.rs" 536 53 536 60] Bdd_Node_Type.if_childf (let (a, _) = _23 in a)); assume { resolve2 _23 }; - _45 <- ([#"../bdd.rs" 540 29 540 32] vb); - _42 <- ([#"../bdd.rs" 540 22 540 33] cmp0 ([#"../bdd.rs" 540 22 540 33] va) ([#"../bdd.rs" 540 29 540 32] _45)); + [#"../bdd.rs" 540 29 540 32] _45 <- ([#"../bdd.rs" 540 29 540 32] vb); + [#"../bdd.rs" 540 22 540 33] _42 <- ([#"../bdd.rs" 540 22 540 33] cmp0 ([#"../bdd.rs" 540 22 540 33] va) ([#"../bdd.rs" 540 29 540 32] _45)); goto BB19 } BB15 { assume { resolve2 _23 }; - r1 <- b; + [#"../bdd.rs" 532 25 532 26] r1 <- ([#"../bdd.rs" 532 25 532 26] b); goto BB33 } BB16 { assume { resolve2 _23 }; - r1 <- a; + [#"../bdd.rs" 533 25 533 26] r1 <- ([#"../bdd.rs" 533 25 533 26] a); goto BB33 } BB17 { assume { resolve2 _23 }; - _31 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _31 }; + [#"../bdd.rs" 534 39 534 52] _31 <- Borrow.borrow_mut ( * self); + [#"../bdd.rs" 534 39 534 52] self <- { self with current = ^ _31 }; assume { inv1 ( ^ _31) }; - r1 <- ([#"../bdd.rs" 534 39 534 52] false0 _31); + [#"../bdd.rs" 534 39 534 52] r1 <- ([#"../bdd.rs" 534 39 534 52] false0 _31); _31 <- any borrowed (Bdd_Context_Type.t_context); goto BB18 } @@ -3851,11 +3855,11 @@ module Bdd_Impl11_And goto BB26 } BB21 { - v <- va; - _67 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _67 }; + [#"../bdd.rs" 552 24 552 30] v <- ([#"../bdd.rs" 552 28 552 30] va); + [#"../bdd.rs" 553 33 553 59] _67 <- Borrow.borrow_mut ( * self); + [#"../bdd.rs" 553 33 553 59] self <- { self with current = ^ _67 }; assume { inv1 ( ^ _67) }; - _66 <- ([#"../bdd.rs" 553 33 553 59] and _67 childta childtb); + [#"../bdd.rs" 553 33 553 59] _66 <- ([#"../bdd.rs" 553 33 553 59] and _67 ([#"../bdd.rs" 553 42 553 49] childta) ([#"../bdd.rs" 553 51 553 58] childtb)); _67 <- any borrowed (Bdd_Context_Type.t_context); goto BB29 } @@ -3863,76 +3867,76 @@ module Bdd_Impl11_And goto BB23 } BB23 { - v <- vb; - _49 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _49 }; + [#"../bdd.rs" 542 24 542 30] v <- ([#"../bdd.rs" 542 28 542 30] vb); + [#"../bdd.rs" 543 33 543 53] _49 <- Borrow.borrow_mut ( * self); + [#"../bdd.rs" 543 33 543 53] self <- { self with current = ^ _49 }; assume { inv1 ( ^ _49) }; - _48 <- ([#"../bdd.rs" 543 33 543 53] and _49 a childtb); + [#"../bdd.rs" 543 33 543 53] _48 <- ([#"../bdd.rs" 543 33 543 53] and _49 ([#"../bdd.rs" 543 42 543 43] a) ([#"../bdd.rs" 543 45 543 52] childtb)); _49 <- any borrowed (Bdd_Context_Type.t_context); goto BB24 } BB24 { - childt <- _48; - _48 <- any Bdd_Bdd_Type.t_bdd; - _53 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _53 }; + [#"../bdd.rs" 543 24 543 53] childt <- ([#"../bdd.rs" 543 24 543 53] _48); + [#"../bdd.rs" 543 24 543 53] _48 <- any Bdd_Bdd_Type.t_bdd; + [#"../bdd.rs" 544 33 544 53] _53 <- Borrow.borrow_mut ( * self); + [#"../bdd.rs" 544 33 544 53] self <- { self with current = ^ _53 }; assume { inv1 ( ^ _53) }; - _52 <- ([#"../bdd.rs" 544 33 544 53] and _53 a childfb); + [#"../bdd.rs" 544 33 544 53] _52 <- ([#"../bdd.rs" 544 33 544 53] and _53 ([#"../bdd.rs" 544 42 544 43] a) ([#"../bdd.rs" 544 45 544 52] childfb)); _53 <- any borrowed (Bdd_Context_Type.t_context); goto BB25 } BB25 { - childf <- _52; - _52 <- any Bdd_Bdd_Type.t_bdd; - _41 <- ([#"../bdd.rs" 541 31 545 21] ()); + [#"../bdd.rs" 544 24 544 53] childf <- ([#"../bdd.rs" 544 24 544 53] _52); + [#"../bdd.rs" 544 24 544 53] _52 <- any Bdd_Bdd_Type.t_bdd; + [#"../bdd.rs" 541 31 545 21] _41 <- ([#"../bdd.rs" 541 31 545 21] ()); goto BB31 } BB26 { - v <- va; - _58 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _58 }; + [#"../bdd.rs" 547 24 547 30] v <- ([#"../bdd.rs" 547 28 547 30] va); + [#"../bdd.rs" 548 33 548 53] _58 <- Borrow.borrow_mut ( * self); + [#"../bdd.rs" 548 33 548 53] self <- { self with current = ^ _58 }; assume { inv1 ( ^ _58) }; - _57 <- ([#"../bdd.rs" 548 33 548 53] and _58 childta b); + [#"../bdd.rs" 548 33 548 53] _57 <- ([#"../bdd.rs" 548 33 548 53] and _58 ([#"../bdd.rs" 548 42 548 49] childta) ([#"../bdd.rs" 548 51 548 52] b)); _58 <- any borrowed (Bdd_Context_Type.t_context); goto BB27 } BB27 { - childt <- _57; - _57 <- any Bdd_Bdd_Type.t_bdd; - _62 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _62 }; + [#"../bdd.rs" 548 24 548 53] childt <- ([#"../bdd.rs" 548 24 548 53] _57); + [#"../bdd.rs" 548 24 548 53] _57 <- any Bdd_Bdd_Type.t_bdd; + [#"../bdd.rs" 549 33 549 53] _62 <- Borrow.borrow_mut ( * self); + [#"../bdd.rs" 549 33 549 53] self <- { self with current = ^ _62 }; assume { inv1 ( ^ _62) }; - _61 <- ([#"../bdd.rs" 549 33 549 53] and _62 childfa b); + [#"../bdd.rs" 549 33 549 53] _61 <- ([#"../bdd.rs" 549 33 549 53] and _62 ([#"../bdd.rs" 549 42 549 49] childfa) ([#"../bdd.rs" 549 51 549 52] b)); _62 <- any borrowed (Bdd_Context_Type.t_context); goto BB28 } BB28 { - childf <- _61; - _61 <- any Bdd_Bdd_Type.t_bdd; - _41 <- ([#"../bdd.rs" 546 28 550 21] ()); + [#"../bdd.rs" 549 24 549 53] childf <- ([#"../bdd.rs" 549 24 549 53] _61); + [#"../bdd.rs" 549 24 549 53] _61 <- any Bdd_Bdd_Type.t_bdd; + [#"../bdd.rs" 546 28 550 21] _41 <- ([#"../bdd.rs" 546 28 550 21] ()); goto BB31 } BB29 { - childt <- _66; - _66 <- any Bdd_Bdd_Type.t_bdd; - _71 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _71 }; + [#"../bdd.rs" 553 24 553 59] childt <- ([#"../bdd.rs" 553 24 553 59] _66); + [#"../bdd.rs" 553 24 553 59] _66 <- any Bdd_Bdd_Type.t_bdd; + [#"../bdd.rs" 554 33 554 59] _71 <- Borrow.borrow_mut ( * self); + [#"../bdd.rs" 554 33 554 59] self <- { self with current = ^ _71 }; assume { inv1 ( ^ _71) }; - _70 <- ([#"../bdd.rs" 554 33 554 59] and _71 childfa childfb); + [#"../bdd.rs" 554 33 554 59] _70 <- ([#"../bdd.rs" 554 33 554 59] and _71 ([#"../bdd.rs" 554 42 554 49] childfa) ([#"../bdd.rs" 554 51 554 58] childfb)); _71 <- any borrowed (Bdd_Context_Type.t_context); goto BB30 } BB30 { - childf <- _70; - _70 <- any Bdd_Bdd_Type.t_bdd; - _41 <- ([#"../bdd.rs" 551 29 555 21] ()); + [#"../bdd.rs" 554 24 554 59] childf <- ([#"../bdd.rs" 554 24 554 59] _70); + [#"../bdd.rs" 554 24 554 59] _70 <- any Bdd_Bdd_Type.t_bdd; + [#"../bdd.rs" 551 29 555 21] _41 <- ([#"../bdd.rs" 551 29 555 21] ()); goto BB31 } BB31 { - _74 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _74 }; + [#"../bdd.rs" 557 16 557 44] _74 <- Borrow.borrow_mut ( * self); + [#"../bdd.rs" 557 16 557 44] self <- { self with current = ^ _74 }; assume { inv1 ( ^ _74) }; - r1 <- ([#"../bdd.rs" 557 16 557 44] node0 _74 v childt childf); + [#"../bdd.rs" 557 16 557 44] r1 <- ([#"../bdd.rs" 557 16 557 44] node0 _74 ([#"../bdd.rs" 557 26 557 27] v) ([#"../bdd.rs" 557 29 557 35] childt) ([#"../bdd.rs" 557 37 557 43] childf)); _74 <- any borrowed (Bdd_Context_Type.t_context); goto BB32 } @@ -3940,16 +3944,16 @@ module Bdd_Impl11_And goto BB33 } BB33 { - _79 <- Borrow.borrow_mut (Bdd_Context_Type.context_and_memo ( * self)); - self <- { self with current = (let Bdd_Context_Type.C_Context x0 x1 x2 x3 x4 x5 = * self in Bdd_Context_Type.C_Context x0 x1 x2 x3 ( ^ _79) x5) }; - _78 <- ([#"../bdd.rs" 560 8 560 36] add0 _79 ([#"../bdd.rs" 560 26 560 32] (a, b)) r1); + [#"../bdd.rs" 560 8 560 36] _79 <- Borrow.borrow_mut (Bdd_Context_Type.context_and_memo ( * self)); + [#"../bdd.rs" 560 8 560 36] self <- { self with current = (let Bdd_Context_Type.C_Context x0 x1 x2 x3 x4 x5 = * self in Bdd_Context_Type.C_Context x0 x1 x2 x3 ( ^ _79) x5) }; + [#"../bdd.rs" 560 8 560 36] _78 <- ([#"../bdd.rs" 560 8 560 36] add0 _79 ([#"../bdd.rs" 560 26 560 32] (([#"../bdd.rs" 560 27 560 28] a), ([#"../bdd.rs" 560 30 560 31] b))) ([#"../bdd.rs" 560 34 560 35] r1)); _79 <- any borrowed (Bdd_Hashmap_MyHashMap_Type.t_myhashmap (Bdd_Bdd_Type.t_bdd, Bdd_Bdd_Type.t_bdd) (Bdd_Bdd_Type.t_bdd)); goto BB34 } BB34 { assert { [@expl:type invariant] inv0 self }; assume { resolve1 self }; - _0 <- r1; + [#"../bdd.rs" 561 8 561 9] _0 <- ([#"../bdd.rs" 561 8 561 9] r1); goto BB35 } BB35 { @@ -3998,7 +4002,7 @@ module Bdd_Hashmap_Impl2 val inv0 (_x : (u, v)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../bdd.rs" 1 0 1 0] forall x : (u, v) . inv0 x = true + axiom inv0 : forall x : (u, v) . inv0 x = true use prelude.UInt64 use prelude.UInt64 use prelude.Int @@ -4051,7 +4055,7 @@ module Bdd_Impl1 val inv0 (_x : Bdd_Node_Type.t_node) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Node_Type.t_node . inv0 x = true + axiom inv0 : forall x : Bdd_Node_Type.t_node . inv0 x = true use Bdd_Bdd_Type as Bdd_Bdd_Type use Bdd_NodeLog_Type as Bdd_NodeLog_Type function deep_model1 [#"../bdd.rs" 158 4 158 44] (self : Bdd_Node_Type.t_node) : Bdd_NodeLog_Type.t_nodelog = @@ -4106,7 +4110,7 @@ module Bdd_Impl2 val inv0 (_x : Bdd_Bdd_Type.t_bdd) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Bdd_Type.t_bdd . inv0 x = true + axiom inv0 : forall x : Bdd_Bdd_Type.t_bdd . inv0 x = true use prelude.UInt64 use prelude.Int function deep_model1 [#"../bdd.rs" 185 4 185 44] (self : Bdd_Bdd_Type.t_bdd) : uint64 = @@ -4161,7 +4165,7 @@ module Bdd_Impl14 val inv0 (_x : Bdd_Node_Type.t_node) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Node_Type.t_node . inv0 x = true + axiom inv0 : forall x : Bdd_Node_Type.t_node . inv0 x = true use Bdd_Bdd_Type as Bdd_Bdd_Type use Bdd_NodeLog_Type as Bdd_NodeLog_Type function deep_model1 [#"../bdd.rs" 158 4 158 44] (self : Bdd_Node_Type.t_node) : Bdd_NodeLog_Type.t_nodelog = @@ -4192,7 +4196,7 @@ module Bdd_Impl7 val inv0 (_x : Bdd_Bdd_Type.t_bdd) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Bdd_Type.t_bdd . inv0 x = true + axiom inv0 : forall x : Bdd_Bdd_Type.t_bdd . inv0 x = true use prelude.UInt64 use prelude.Int function deep_model1 [#"../bdd.rs" 185 4 185 44] (self : Bdd_Bdd_Type.t_bdd) : uint64 = @@ -4229,7 +4233,7 @@ module Bdd_Impl15 val inv1 (_x : Bdd_Node_Type.t_node) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Node_Type.t_node . inv1 x = true + axiom inv1 : forall x : Bdd_Node_Type.t_node . inv1 x = true predicate invariant0 (self : Bdd_Node_Type.t_node) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : Bdd_Node_Type.t_node) : bool @@ -4239,7 +4243,7 @@ module Bdd_Impl15 val inv0 (_x : Bdd_Node_Type.t_node) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Node_Type.t_node . inv0 x = true + axiom inv0 : forall x : Bdd_Node_Type.t_node . inv0 x = true use prelude.Borrow goal clone'_refn : [#"../bdd.rs" 90 24 90 29] forall self : Bdd_Node_Type.t_node . inv0 self -> (forall result : Bdd_Node_Type.t_node . result = self -> inv1 result /\ result = self) end @@ -4254,7 +4258,7 @@ module Bdd_Impl0 val inv1 (_x : Bdd_Bdd_Type.t_bdd) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Bdd_Type.t_bdd . inv1 x = true + axiom inv1 : forall x : Bdd_Bdd_Type.t_bdd . inv1 x = true predicate invariant0 (self : Bdd_Bdd_Type.t_bdd) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : Bdd_Bdd_Type.t_bdd) : bool @@ -4264,7 +4268,7 @@ module Bdd_Impl0 val inv0 (_x : Bdd_Bdd_Type.t_bdd) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../bdd.rs" 1 0 1 0] forall x : Bdd_Bdd_Type.t_bdd . inv0 x = true + axiom inv0 : forall x : Bdd_Bdd_Type.t_bdd . inv0 x = true use prelude.Borrow goal clone'_refn : [#"../bdd.rs" 109 4 109 27] forall self : Bdd_Bdd_Type.t_bdd . inv0 self -> (forall result : Bdd_Bdd_Type.t_bdd . result = self -> inv1 result /\ result = self) end diff --git a/creusot/tests/should_succeed/bdd/why3session.xml b/creusot/tests/should_succeed/bdd/why3session.xml index 2edc8fe194..d90136f6ee 100644 --- a/creusot/tests/should_succeed/bdd/why3session.xml +++ b/creusot/tests/should_succeed/bdd/why3session.xml @@ -575,30 +575,33 @@ - + - - + + - + + + + - + - + - + - + - + - + @@ -607,19 +610,19 @@ - + - + - + - + - + - + @@ -630,34 +633,34 @@ - + - + - + - + - + - + - + - + - + - + - + @@ -666,19 +669,19 @@ - + - + - + - + - + - + @@ -687,16 +690,16 @@ - + - + - + - + - + @@ -707,38 +710,38 @@ - + - + - + - + - + - + - + - + - + - + - + diff --git a/creusot/tests/should_succeed/bdd/why3shapes.gz b/creusot/tests/should_succeed/bdd/why3shapes.gz index c3088f9c70..7a1d3eb2bf 100644 Binary files a/creusot/tests/should_succeed/bdd/why3shapes.gz and b/creusot/tests/should_succeed/bdd/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/binary_search.mlcfg b/creusot/tests/should_succeed/binary_search.mlcfg index e03f816c8c..ebfd45a40d 100644 --- a/creusot/tests/should_succeed/binary_search.mlcfg +++ b/creusot/tests/should_succeed/binary_search.mlcfg @@ -26,7 +26,7 @@ module BinarySearch_Impl0_LenLogic_Impl val inv0 (_x : BinarySearch_List_Type.t_list t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../binary_search.rs" 1 0 1 0] forall x : BinarySearch_List_Type.t_list t . inv0 x = true + axiom inv0 : forall x : BinarySearch_List_Type.t_list t . inv0 x = true use prelude.Int let rec ghost function len_logic [#"../binary_search.rs" 22 4 22 29] (self : BinarySearch_List_Type.t_list t) : int requires {[#"../binary_search.rs" 22 17 22 21] inv0 self} @@ -55,7 +55,7 @@ module BinarySearch_Impl0_Index val inv3 (_x : BinarySearch_List_Type.t_list t) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../binary_search.rs" 1 0 1 0] forall x : BinarySearch_List_Type.t_list t . inv3 x = true + axiom inv3 : forall x : BinarySearch_List_Type.t_list t . inv3 x = true predicate invariant2 (self : t) val invariant2 (self : t) : bool ensures { result = invariant2 self } @@ -64,7 +64,7 @@ module BinarySearch_Impl0_Index val inv2 (_x : t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../binary_search.rs" 1 0 1 0] forall x : t . inv2 x = true + axiom inv2 : forall x : t . inv2 x = true predicate invariant1 (self : BinarySearch_List_Type.t_list t) val invariant1 (self : BinarySearch_List_Type.t_list t) : bool ensures { result = invariant1 self } @@ -73,7 +73,7 @@ module BinarySearch_Impl0_Index val inv1 (_x : BinarySearch_List_Type.t_list t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../binary_search.rs" 1 0 1 0] forall x : BinarySearch_List_Type.t_list t . inv1 x = true + axiom inv1 : forall x : BinarySearch_List_Type.t_list t . inv1 x = true predicate invariant0 (self : BinarySearch_List_Type.t_list t) val invariant0 (self : BinarySearch_List_Type.t_list t) : bool ensures { result = invariant0 self } @@ -82,7 +82,7 @@ module BinarySearch_Impl0_Index val inv0 (_x : BinarySearch_List_Type.t_list t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../binary_search.rs" 1 0 1 0] forall x : BinarySearch_List_Type.t_list t . inv0 x = true + axiom inv0 : forall x : BinarySearch_List_Type.t_list t . inv0 x = true use Core_Option_Option_Type as Core_Option_Option_Type use prelude.Borrow predicate resolve2 (self : t) @@ -139,8 +139,8 @@ module BinarySearch_Impl0_Index goto BB0 } BB0 { - orig_ix <- ix; - l <- self; + [#"../binary_search.rs" 46 22 46 24] orig_ix <- ([#"../binary_search.rs" 46 22 46 24] ix); + [#"../binary_search.rs" 47 20 47 24] l <- ([#"../binary_search.rs" 47 20 47 24] self); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; goto BB1 @@ -160,11 +160,11 @@ module BinarySearch_Impl0_Index goto BB4 } BB4 { - t <- ([#"../binary_search.rs" 51 23 51 24] BinarySearch_List_Type.cons_0 l); - ls <- ([#"../binary_search.rs" 51 26 51 28] BinarySearch_List_Type.cons_1 l); + [#"../binary_search.rs" 51 23 51 24] t <- ([#"../binary_search.rs" 51 23 51 24] BinarySearch_List_Type.cons_0 l); + [#"../binary_search.rs" 51 26 51 28] ls <- ([#"../binary_search.rs" 51 26 51 28] BinarySearch_List_Type.cons_1 l); assert { [@expl:type invariant] inv0 l }; assume { resolve0 l }; - switch ([#"../binary_search.rs" 52 15 52 21] ix > ([#"../binary_search.rs" 52 20 52 21] [#"../binary_search.rs" 52 20 52 21] (0 : usize))) + switch ([#"../binary_search.rs" 52 15 52 21] ([#"../binary_search.rs" 52 15 52 17] ix) > ([#"../binary_search.rs" 52 20 52 21] [#"../binary_search.rs" 52 20 52 21] (0 : usize))) | False -> goto BB6 | True -> goto BB5 end @@ -172,19 +172,19 @@ module BinarySearch_Impl0_Index BB5 { assert { [@expl:type invariant] inv2 t }; assume { resolve2 t }; - _17 <- ([#"../binary_search.rs" 53 20 53 24] ls); + [#"../binary_search.rs" 53 20 53 24] _17 <- ([#"../binary_search.rs" 53 20 53 24] ls); assert { [@expl:type invariant] inv1 ls }; assume { resolve1 ls }; assert { [@expl:type invariant] inv1 _17 }; assume { resolve1 _17 }; - l <- ([#"../binary_search.rs" 53 20 53 24] _17); - ix <- ([#"../binary_search.rs" 54 16 54 23] ix - ([#"../binary_search.rs" 54 22 54 23] [#"../binary_search.rs" 54 22 54 23] (1 : usize))); + [#"../binary_search.rs" 53 16 53 24] l <- ([#"../binary_search.rs" 53 20 53 24] _17); + [#"../binary_search.rs" 54 16 54 23] ix <- ([#"../binary_search.rs" 54 16 54 23] ix - ([#"../binary_search.rs" 54 22 54 23] [#"../binary_search.rs" 54 22 54 23] (1 : usize))); goto BB1 } BB6 { assert { [@expl:type invariant] inv1 ls }; assume { resolve1 ls }; - _0 <- ([#"../binary_search.rs" 56 23 56 24] t); + [#"../binary_search.rs" 56 23 56 24] _0 <- ([#"../binary_search.rs" 56 23 56 24] t); assert { [@expl:type invariant] inv2 t }; assume { resolve2 t }; return _0 @@ -192,6 +192,7 @@ module BinarySearch_Impl0_Index BB7 { assert { [@expl:type invariant] inv0 l }; assume { resolve0 l }; + assert { [#"../binary_search.rs" 59 8 59 29] false }; absurd } @@ -207,7 +208,7 @@ module BinarySearch_Impl0_Len val inv2 (_x : BinarySearch_List_Type.t_list t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../binary_search.rs" 1 0 1 0] forall x : BinarySearch_List_Type.t_list t . inv2 x = true + axiom inv2 : forall x : BinarySearch_List_Type.t_list t . inv2 x = true predicate invariant1 (self : BinarySearch_List_Type.t_list t) val invariant1 (self : BinarySearch_List_Type.t_list t) : bool ensures { result = invariant1 self } @@ -216,7 +217,7 @@ module BinarySearch_Impl0_Len val inv1 (_x : BinarySearch_List_Type.t_list t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../binary_search.rs" 1 0 1 0] forall x : BinarySearch_List_Type.t_list t . inv1 x = true + axiom inv1 : forall x : BinarySearch_List_Type.t_list t . inv1 x = true predicate invariant0 (self : BinarySearch_List_Type.t_list t) val invariant0 (self : BinarySearch_List_Type.t_list t) : bool ensures { result = invariant0 self } @@ -225,7 +226,7 @@ module BinarySearch_Impl0_Len val inv0 (_x : BinarySearch_List_Type.t_list t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../binary_search.rs" 1 0 1 0] forall x : BinarySearch_List_Type.t_list t . inv0 x = true + axiom inv0 : forall x : BinarySearch_List_Type.t_list t . inv0 x = true use prelude.Borrow predicate resolve1 (self : BinarySearch_List_Type.t_list t) val resolve1 (self : BinarySearch_List_Type.t_list t) : bool @@ -264,8 +265,8 @@ module BinarySearch_Impl0_Len goto BB0 } BB0 { - len <- ([#"../binary_search.rs" 67 29 67 30] [#"../binary_search.rs" 67 29 67 30] (0 : usize)); - l <- self; + [#"../binary_search.rs" 67 29 67 30] len <- ([#"../binary_search.rs" 67 29 67 30] [#"../binary_search.rs" 67 29 67 30] (0 : usize)); + [#"../binary_search.rs" 68 20 68 24] l <- ([#"../binary_search.rs" 68 20 68 24] self); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; goto BB1 @@ -284,19 +285,19 @@ module BinarySearch_Impl0_Len goto BB4 } BB4 { - ls <- ([#"../binary_search.rs" 70 26 70 28] BinarySearch_List_Type.cons_1 l); + [#"../binary_search.rs" 70 26 70 28] ls <- ([#"../binary_search.rs" 70 26 70 28] BinarySearch_List_Type.cons_1 l); assert { [@expl:type invariant] inv0 l }; assume { resolve0 l }; - len <- ([#"../binary_search.rs" 71 12 71 20] len + ([#"../binary_search.rs" 71 19 71 20] [#"../binary_search.rs" 71 19 71 20] (1 : usize))); + [#"../binary_search.rs" 71 12 71 20] len <- ([#"../binary_search.rs" 71 12 71 20] len + ([#"../binary_search.rs" 71 19 71 20] [#"../binary_search.rs" 71 19 71 20] (1 : usize))); assert { [@expl:type invariant] inv1 ls }; assume { resolve1 ls }; - l <- ([#"../binary_search.rs" 72 16 72 18] ls); + [#"../binary_search.rs" 72 12 72 18] l <- ([#"../binary_search.rs" 72 16 72 18] ls); goto BB1 } BB5 { assert { [@expl:type invariant] inv0 l }; assume { resolve0 l }; - _0 <- len; + [#"../binary_search.rs" 74 8 74 11] _0 <- ([#"../binary_search.rs" 74 8 74 11] len); return _0 } @@ -318,7 +319,7 @@ module BinarySearch_BinarySearch val inv2 (_x : uint32) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../binary_search.rs" 1 0 1 0] forall x : uint32 . inv2 x = true + axiom inv2 : forall x : uint32 . inv2 x = true use BinarySearch_List_Type as BinarySearch_List_Type predicate invariant1 (self : BinarySearch_List_Type.t_list uint32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -329,7 +330,7 @@ module BinarySearch_BinarySearch val inv1 (_x : BinarySearch_List_Type.t_list uint32) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../binary_search.rs" 1 0 1 0] forall x : BinarySearch_List_Type.t_list uint32 . inv1 x = true + axiom inv1 : forall x : BinarySearch_List_Type.t_list uint32 . inv1 x = true predicate invariant0 (self : BinarySearch_List_Type.t_list uint32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : BinarySearch_List_Type.t_list uint32) : bool @@ -339,7 +340,7 @@ module BinarySearch_BinarySearch val inv0 (_x : BinarySearch_List_Type.t_list uint32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../binary_search.rs" 1 0 1 0] forall x : BinarySearch_List_Type.t_list uint32 . inv0 x = true + axiom inv0 : forall x : BinarySearch_List_Type.t_list uint32 . inv0 x = true use Core_Option_Option_Type as Core_Option_Option_Type use prelude.Int function get0 [#"../binary_search.rs" 30 4 30 38] (self : BinarySearch_List_Type.t_list uint32) (ix : int) : Core_Option_Option_Type.t_option uint32 @@ -422,7 +423,7 @@ module BinarySearch_BinarySearch goto BB0 } BB0 { - _10 <- ([#"../binary_search.rs" 110 7 110 16] len0 ([#"../binary_search.rs" 110 7 110 16] arr)); + [#"../binary_search.rs" 110 7 110 16] _10 <- ([#"../binary_search.rs" 110 7 110 16] len0 ([#"../binary_search.rs" 110 7 110 16] arr)); goto BB1 } BB1 { @@ -432,15 +433,15 @@ module BinarySearch_BinarySearch end } BB2 { - _0 <- ([#"../binary_search.rs" 111 15 111 21] Core_Result_Result_Type.C_Err ([#"../binary_search.rs" 111 19 111 20] [#"../binary_search.rs" 111 19 111 20] (0 : usize))); + [#"../binary_search.rs" 111 15 111 21] _0 <- ([#"../binary_search.rs" 111 15 111 21] Core_Result_Result_Type.C_Err ([#"../binary_search.rs" 111 19 111 20] [#"../binary_search.rs" 111 19 111 20] (0 : usize))); goto BB21 } BB3 { - size <- ([#"../binary_search.rs" 113 19 113 28] len0 ([#"../binary_search.rs" 113 19 113 28] arr)); + [#"../binary_search.rs" 113 19 113 28] size <- ([#"../binary_search.rs" 113 19 113 28] len0 ([#"../binary_search.rs" 113 19 113 28] arr)); goto BB4 } BB4 { - base <- ([#"../binary_search.rs" 114 19 114 20] [#"../binary_search.rs" 114 19 114 20] (0 : usize)); + [#"../binary_search.rs" 114 19 114 20] base <- ([#"../binary_search.rs" 114 19 114 20] [#"../binary_search.rs" 114 19 114 20] (0 : usize)); goto BB5 } BB5 { @@ -450,69 +451,69 @@ module BinarySearch_BinarySearch goto BB6 } BB6 { - switch ([#"../binary_search.rs" 119 10 119 18] size > ([#"../binary_search.rs" 119 17 119 18] [#"../binary_search.rs" 119 17 119 18] (1 : usize))) + switch ([#"../binary_search.rs" 119 10 119 18] ([#"../binary_search.rs" 119 10 119 14] size) > ([#"../binary_search.rs" 119 17 119 18] [#"../binary_search.rs" 119 17 119 18] (1 : usize))) | False -> goto BB13 | True -> goto BB7 end } BB7 { - _25 <- ([#"../binary_search.rs" 120 19 120 27] ([#"../binary_search.rs" 120 26 120 27] [#"../binary_search.rs" 120 26 120 27] (2 : usize)) = ([#"../binary_search.rs" 120 19 120 27] [#"../binary_search.rs" 120 19 120 27] (0 : usize))); + [#"../binary_search.rs" 120 19 120 27] _25 <- ([#"../binary_search.rs" 120 19 120 27] ([#"../binary_search.rs" 120 26 120 27] [#"../binary_search.rs" 120 26 120 27] (2 : usize)) = ([#"../binary_search.rs" 120 19 120 27] [#"../binary_search.rs" 120 19 120 27] (0 : usize))); assert { [@expl:division by zero] [#"../binary_search.rs" 120 19 120 27] not _25 }; goto BB8 } BB8 { - half <- ([#"../binary_search.rs" 120 19 120 27] size / ([#"../binary_search.rs" 120 26 120 27] [#"../binary_search.rs" 120 26 120 27] (2 : usize))); - mid <- ([#"../binary_search.rs" 121 18 121 29] base + half); - _32 <- ([#"../binary_search.rs" 123 19 123 33] index0 ([#"../binary_search.rs" 123 19 123 33] arr) mid); + [#"../binary_search.rs" 120 19 120 27] half <- ([#"../binary_search.rs" 120 19 120 27] ([#"../binary_search.rs" 120 19 120 23] size) / ([#"../binary_search.rs" 120 26 120 27] [#"../binary_search.rs" 120 26 120 27] (2 : usize))); + [#"../binary_search.rs" 121 18 121 29] mid <- ([#"../binary_search.rs" 121 18 121 29] ([#"../binary_search.rs" 121 18 121 22] base) + ([#"../binary_search.rs" 121 25 121 29] half)); + [#"../binary_search.rs" 123 19 123 33] _32 <- ([#"../binary_search.rs" 123 19 123 33] index0 ([#"../binary_search.rs" 123 19 123 33] arr) ([#"../binary_search.rs" 123 29 123 32] mid)); goto BB9 } BB9 { - switch ([#"../binary_search.rs" 123 18 123 40] _32 > elem) + switch ([#"../binary_search.rs" 123 18 123 40] ([#"../binary_search.rs" 123 18 123 33] _32) > ([#"../binary_search.rs" 123 36 123 40] elem)) | False -> goto BB11 | True -> goto BB10 end } BB10 { - _29 <- base; + [#"../binary_search.rs" 123 43 123 47] _29 <- ([#"../binary_search.rs" 123 43 123 47] base); goto BB12 } BB11 { - _29 <- mid; + [#"../binary_search.rs" 123 57 123 60] _29 <- ([#"../binary_search.rs" 123 57 123 60] mid); goto BB12 } BB12 { - base <- _29; - _29 <- any usize; - size <- ([#"../binary_search.rs" 124 8 124 20] size - half); + [#"../binary_search.rs" 123 8 123 62] base <- ([#"../binary_search.rs" 123 8 123 62] _29); + [#"../binary_search.rs" 123 8 123 62] _29 <- any usize; + [#"../binary_search.rs" 124 8 124 20] size <- ([#"../binary_search.rs" 124 8 124 20] size - ([#"../binary_search.rs" 124 16 124 20] half)); goto BB5 } BB13 { - _41 <- ([#"../binary_search.rs" 127 15 127 30] index0 ([#"../binary_search.rs" 127 15 127 30] arr) base); + [#"../binary_search.rs" 127 15 127 30] _41 <- ([#"../binary_search.rs" 127 15 127 30] index0 ([#"../binary_search.rs" 127 15 127 30] arr) ([#"../binary_search.rs" 127 25 127 29] base)); goto BB14 } BB14 { - cmp <- _41; - switch ([#"../binary_search.rs" 128 7 128 18] cmp = elem) + [#"../binary_search.rs" 127 14 127 30] cmp <- ([#"../binary_search.rs" 127 14 127 30] _41); + switch ([#"../binary_search.rs" 128 7 128 18] ([#"../binary_search.rs" 128 7 128 10] cmp) = ([#"../binary_search.rs" 128 14 128 18] elem)) | False -> goto BB16 | True -> goto BB15 end } BB15 { - _0 <- ([#"../binary_search.rs" 129 8 129 16] Core_Result_Result_Type.C_Ok base); + [#"../binary_search.rs" 129 8 129 16] _0 <- ([#"../binary_search.rs" 129 8 129 16] Core_Result_Result_Type.C_Ok ([#"../binary_search.rs" 129 11 129 15] base)); goto BB20 } BB16 { - switch ([#"../binary_search.rs" 130 14 130 24] cmp < elem) + switch ([#"../binary_search.rs" 130 14 130 24] ([#"../binary_search.rs" 130 14 130 17] cmp) < ([#"../binary_search.rs" 130 20 130 24] elem)) | False -> goto BB18 | True -> goto BB17 end } BB17 { - _0 <- ([#"../binary_search.rs" 131 8 131 21] Core_Result_Result_Type.C_Err ([#"../binary_search.rs" 131 12 131 20] base + ([#"../binary_search.rs" 131 19 131 20] [#"../binary_search.rs" 131 19 131 20] (1 : usize)))); + [#"../binary_search.rs" 131 8 131 21] _0 <- ([#"../binary_search.rs" 131 8 131 21] Core_Result_Result_Type.C_Err ([#"../binary_search.rs" 131 12 131 20] ([#"../binary_search.rs" 131 12 131 16] base) + ([#"../binary_search.rs" 131 19 131 20] [#"../binary_search.rs" 131 19 131 20] (1 : usize)))); goto BB19 } BB18 { - _0 <- ([#"../binary_search.rs" 133 8 133 17] Core_Result_Result_Type.C_Err base); + [#"../binary_search.rs" 133 8 133 17] _0 <- ([#"../binary_search.rs" 133 8 133 17] Core_Result_Result_Type.C_Err ([#"../binary_search.rs" 133 12 133 16] base)); goto BB19 } BB19 { diff --git a/creusot/tests/should_succeed/binary_search/why3shapes.gz b/creusot/tests/should_succeed/binary_search/why3shapes.gz index 16f980e001..f42c7a6580 100644 Binary files a/creusot/tests/should_succeed/binary_search/why3shapes.gz and b/creusot/tests/should_succeed/binary_search/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/bug/02_derive.mlcfg b/creusot/tests/should_succeed/bug/02_derive.mlcfg index e05ffc9a5e..f810252f63 100644 --- a/creusot/tests/should_succeed/bug/02_derive.mlcfg +++ b/creusot/tests/should_succeed/bug/02_derive.mlcfg @@ -15,7 +15,7 @@ module C02Derive_Impl0_Clone goto BB0 } BB0 { - _0 <- ([#"../02_derive.rs" 3 9 3 14] C02Derive_Lit_Type.C_Lit); + [#"../02_derive.rs" 3 9 3 14] _0 <- ([#"../02_derive.rs" 3 9 3 14] C02Derive_Lit_Type.C_Lit); return _0 } @@ -31,7 +31,7 @@ module C02Derive_Impl0 val inv1 (_x : C02Derive_Lit_Type.t_lit) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../02_derive.rs" 1 0 1 0] forall x : C02Derive_Lit_Type.t_lit . inv1 x = true + axiom inv1 : forall x : C02Derive_Lit_Type.t_lit . inv1 x = true predicate invariant0 (self : C02Derive_Lit_Type.t_lit) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : C02Derive_Lit_Type.t_lit) : bool @@ -41,7 +41,7 @@ module C02Derive_Impl0 val inv0 (_x : C02Derive_Lit_Type.t_lit) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../02_derive.rs" 1 0 1 0] forall x : C02Derive_Lit_Type.t_lit . inv0 x = true + axiom inv0 : forall x : C02Derive_Lit_Type.t_lit . inv0 x = true use prelude.Borrow goal clone'_refn : [#"../02_derive.rs" 3 9 3 14] forall self : C02Derive_Lit_Type.t_lit . inv0 self -> (forall result : C02Derive_Lit_Type.t_lit . inv1 result /\ result = self) end diff --git a/creusot/tests/should_succeed/bug/168.mlcfg b/creusot/tests/should_succeed/bug/168.mlcfg index 6cb89a83dd..90ce3d79d0 100644 --- a/creusot/tests/should_succeed/bug/168.mlcfg +++ b/creusot/tests/should_succeed/bug/168.mlcfg @@ -9,7 +9,7 @@ module C168_MaxInt goto BB0 } BB0 { - _0 <- ([#"../168.rs" 4 4 4 14] [#"../168.rs" 4 4 4 14] (18446744073709551615 : usize)); + [#"../168.rs" 4 4 4 14] _0 <- ([#"../168.rs" 4 4 4 14] [#"../168.rs" 4 4 4 14] (18446744073709551615 : usize)); return _0 } diff --git a/creusot/tests/should_succeed/bug/173.mlcfg b/creusot/tests/should_succeed/bug/173.mlcfg index 3ca65fe92d..d7c037e886 100644 --- a/creusot/tests/should_succeed/bug/173.mlcfg +++ b/creusot/tests/should_succeed/bug/173.mlcfg @@ -12,11 +12,11 @@ module C173_Test233 goto BB0 } BB0 { - x <- ([#"../173.rs" 20 12 20 14] [#"../173.rs" 20 12 20 14] (17 : int32)); + [#"../173.rs" 20 12 20 14] x <- ([#"../173.rs" 20 12 20 14] [#"../173.rs" 20 12 20 14] (17 : int32)); assert { [@expl:assertion] [#"../173.rs" 21 19 21 27] Int32.to_int x = 17 }; - x1 <- ([#"../173.rs" 22 12 22 14] [#"../173.rs" 22 12 22 14] (42 : int32)); + [#"../173.rs" 22 12 22 14] x1 <- ([#"../173.rs" 22 12 22 14] [#"../173.rs" 22 12 22 14] (42 : int32)); assert { [@expl:assertion] [#"../173.rs" 23 19 23 27] Int32.to_int x1 = 42 }; - _0 <- ([#"../173.rs" 19 18 24 1] ()); + [#"../173.rs" 19 18 24 1] _0 <- ([#"../173.rs" 19 18 24 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/bug/195.mlcfg b/creusot/tests/should_succeed/bug/195.mlcfg index d4324d78e4..dba60edf38 100644 --- a/creusot/tests/should_succeed/bug/195.mlcfg +++ b/creusot/tests/should_succeed/bug/195.mlcfg @@ -9,7 +9,7 @@ module C195_Example goto BB0 } BB0 { - _0 <- ([#"../195.rs" 4 41 4 43] ()); + [#"../195.rs" 4 41 4 43] _0 <- ([#"../195.rs" 4 41 4 43] ()); return _0 } diff --git a/creusot/tests/should_succeed/bug/206.mlcfg b/creusot/tests/should_succeed/bug/206.mlcfg index 75e4ac8af1..c8536c1bde 100644 --- a/creusot/tests/should_succeed/bug/206.mlcfg +++ b/creusot/tests/should_succeed/bug/206.mlcfg @@ -64,7 +64,7 @@ module C206_U2_Impl val inv1 (_x : Seq.seq usize) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../206.rs" 1 0 1 0] forall x : Seq.seq usize . inv1 x = true + axiom inv1 : forall x : Seq.seq usize . inv1 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -87,7 +87,7 @@ module C206_U2_Impl val invariant0 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../206.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use C206_A_Type as C206_A_Type let rec ghost function u2 [#"../206.rs" 9 0 9 11] (a : C206_A_Type.t_a) : () ensures { [#"../206.rs" 8 10 8 22] shallow_model0 (C206_A_Type.a_0 a) = shallow_model0 (C206_A_Type.a_0 a) } @@ -107,7 +107,7 @@ module C206_Ex val inv1 (_x : Seq.seq usize) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../206.rs" 1 0 1 0] forall x : Seq.seq usize . inv1 x = true + axiom inv1 : forall x : Seq.seq usize . inv1 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -130,7 +130,7 @@ module C206_Ex val invariant0 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../206.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use C206_A_Type as C206_A_Type use prelude.Borrow function u20 [#"../206.rs" 9 0 9 11] (a : C206_A_Type.t_a) : () = @@ -153,7 +153,7 @@ module C206_Ex goto BB0 } BB0 { - _0 <- ([#"../206.rs" 20 17 20 19] ()); + [#"../206.rs" 20 17 20 19] _0 <- ([#"../206.rs" 20 17 20 19] ()); return _0 } diff --git a/creusot/tests/should_succeed/bug/235.mlcfg b/creusot/tests/should_succeed/bug/235.mlcfg index 1637b2a522..54e66782fd 100644 --- a/creusot/tests/should_succeed/bug/235.mlcfg +++ b/creusot/tests/should_succeed/bug/235.mlcfg @@ -24,7 +24,7 @@ module C235_F goto BB1 } BB4 { - _0 <- ([#"../235.rs" 8 4 8 17] ()); + [#"../235.rs" 8 4 8 17] _0 <- ([#"../235.rs" 8 4 8 17] ()); return _0 } diff --git a/creusot/tests/should_succeed/bug/256.mlcfg b/creusot/tests/should_succeed/bug/256.mlcfg index a38c021020..31ead196f2 100644 --- a/creusot/tests/should_succeed/bug/256.mlcfg +++ b/creusot/tests/should_succeed/bug/256.mlcfg @@ -11,8 +11,8 @@ module C256_U8Safe goto BB0 } BB0 { - _2 <- ([#"../256.rs" 4 12 4 17] u + ([#"../256.rs" 4 16 4 17] [#"../256.rs" 4 16 4 17] (0 : uint8))); - _0 <- ([#"../256.rs" 3 22 5 1] ()); + [#"../256.rs" 4 12 4 17] _2 <- ([#"../256.rs" 4 12 4 17] ([#"../256.rs" 4 12 4 13] u) + ([#"../256.rs" 4 16 4 17] [#"../256.rs" 4 16 4 17] (0 : uint8))); + [#"../256.rs" 3 22 5 1] _0 <- ([#"../256.rs" 3 22 5 1] ()); return _0 } @@ -75,7 +75,7 @@ module C256_Bug256 goto BB0 } BB0 { - _0 <- ([#"../256.rs" 8 27 8 29] ()); + [#"../256.rs" 8 27 8 29] _0 <- ([#"../256.rs" 8 27 8 29] ()); goto BB1 } BB1 { diff --git a/creusot/tests/should_succeed/bug/258.mlcfg b/creusot/tests/should_succeed/bug/258.mlcfg index b2b7c030ff..52cd1f2235 100644 --- a/creusot/tests/should_succeed/bug/258.mlcfg +++ b/creusot/tests/should_succeed/bug/258.mlcfg @@ -9,7 +9,7 @@ module C258_Err goto BB0 } BB0 { - _0 <- ([#"../258.rs" 3 23 3 25] ()); + [#"../258.rs" 3 23 3 25] _0 <- ([#"../258.rs" 3 23 3 25] ()); return _0 } @@ -24,7 +24,7 @@ module C258_Err2 goto BB0 } BB0 { - _0 <- ([#"../258.rs" 5 25 5 27] ()); + [#"../258.rs" 5 25 5 27] _0 <- ([#"../258.rs" 5 25 5 27] ()); return _0 } diff --git a/creusot/tests/should_succeed/bug/271.mlcfg b/creusot/tests/should_succeed/bug/271.mlcfg index f161358944..ad30030cf4 100644 --- a/creusot/tests/should_succeed/bug/271.mlcfg +++ b/creusot/tests/should_succeed/bug/271.mlcfg @@ -10,15 +10,15 @@ module C271_Ex goto BB0 } BB0 { - a <- ([#"../271.rs" 6 12 6 13] [#"../271.rs" 6 12 6 13] (0 : int32)); + [#"../271.rs" 6 12 6 13] a <- ([#"../271.rs" 6 12 6 13] [#"../271.rs" 6 12 6 13] (0 : int32)); goto BB2 } BB1 { - _0 <- ([#"../271.rs" 9 13 9 15] ()); + [#"../271.rs" 9 13 9 15] _0 <- ([#"../271.rs" 9 13 9 15] ()); goto BB3 } BB2 { - _0 <- ([#"../271.rs" 8 13 8 15] ()); + [#"../271.rs" 8 13 8 15] _0 <- ([#"../271.rs" 8 13 8 15] ()); goto BB3 } BB3 { @@ -37,7 +37,7 @@ module C271_Ex2 goto BB0 } BB0 { - a <- ([#"../271.rs" 14 12 14 13] [#"../271.rs" 14 12 14 13] (0 : int32)); + [#"../271.rs" 14 12 14 13] a <- ([#"../271.rs" 14 12 14 13] [#"../271.rs" 14 12 14 13] (0 : int32)); switch (a = 0) | True -> goto BB1 | False -> switch (a = 1) @@ -56,15 +56,15 @@ module C271_Ex2 goto BB6 } BB4 { - _0 <- ([#"../271.rs" 18 13 18 15] ()); + [#"../271.rs" 18 13 18 15] _0 <- ([#"../271.rs" 18 13 18 15] ()); goto BB7 } BB5 { - _0 <- ([#"../271.rs" 16 17 16 19] ()); + [#"../271.rs" 16 17 16 19] _0 <- ([#"../271.rs" 16 17 16 19] ()); goto BB7 } BB6 { - _0 <- ([#"../271.rs" 17 13 17 15] ()); + [#"../271.rs" 17 13 17 15] _0 <- ([#"../271.rs" 17 13 17 15] ()); goto BB7 } BB7 { @@ -89,7 +89,7 @@ module C271_Ex3 goto BB0 } BB0 { - a <- ([#"../271.rs" 23 12 23 13] [#"../271.rs" 23 12 23 13] (0 : int32)); + [#"../271.rs" 23 12 23 13] a <- ([#"../271.rs" 23 12 23 13] [#"../271.rs" 23 12 23 13] (0 : int32)); switch (a = 0) | True -> goto BB1 | False -> switch (a = 1) @@ -114,15 +114,15 @@ module C271_Ex3 goto BB7 } BB5 { - _0 <- ([#"../271.rs" 27 13 27 15] ()); + [#"../271.rs" 27 13 27 15] _0 <- ([#"../271.rs" 27 13 27 15] ()); goto BB8 } BB6 { - _0 <- ([#"../271.rs" 25 17 25 19] ()); + [#"../271.rs" 25 17 25 19] _0 <- ([#"../271.rs" 25 17 25 19] ()); goto BB8 } BB7 { - _0 <- ([#"../271.rs" 26 17 26 19] ()); + [#"../271.rs" 26 17 26 19] _0 <- ([#"../271.rs" 26 17 26 19] ()); goto BB8 } BB8 { diff --git a/creusot/tests/should_succeed/bug/273.mlcfg b/creusot/tests/should_succeed/bug/273.mlcfg index de8ebf9368..7c4be7eafa 100644 --- a/creusot/tests/should_succeed/bug/273.mlcfg +++ b/creusot/tests/should_succeed/bug/273.mlcfg @@ -21,7 +21,7 @@ module C273_Ex goto BB0 } BB0 { - _1 <- ([#"../273.rs" 5 21 5 31] Core_Option_Option_Type.C_Some ([#"../273.rs" 5 26 5 30] [#"../273.rs" 5 26 5 30] true)); + [#"../273.rs" 5 21 5 31] _1 <- ([#"../273.rs" 5 21 5 31] Core_Option_Option_Type.C_Some ([#"../273.rs" 5 26 5 30] [#"../273.rs" 5 26 5 30] true)); switch (_1) | Core_Option_Option_Type.C_Some _ -> goto BB1 | _ -> goto BB3 @@ -31,13 +31,13 @@ module C273_Ex goto BB2 } BB2 { - b <- Core_Option_Option_Type.some_0 _1; + [#"../273.rs" 5 16 5 17] b <- ([#"../273.rs" 5 16 5 17] Core_Option_Option_Type.some_0 _1); assert { [@expl:assertion] [#"../273.rs" 6 22 6 23] b }; - _0 <- ([#"../273.rs" 5 32 7 5] ()); + [#"../273.rs" 5 32 7 5] _0 <- ([#"../273.rs" 5 32 7 5] ()); goto BB4 } BB3 { - _0 <- ([#"../273.rs" 7 5 7 5] ()); + [#"../273.rs" 7 5 7 5] _0 <- ([#"../273.rs" 7 5 7 5] ()); goto BB4 } BB4 { diff --git a/creusot/tests/should_succeed/bug/387.mlcfg b/creusot/tests/should_succeed/bug/387.mlcfg index 3bfe2613d8..3afbc65b72 100644 --- a/creusot/tests/should_succeed/bug/387.mlcfg +++ b/creusot/tests/should_succeed/bug/387.mlcfg @@ -46,7 +46,7 @@ module C387_UseTree goto BB0 } BB0 { - _0 <- ([#"../387.rs" 13 26 13 28] ()); + [#"../387.rs" 13 26 13 28] _0 <- ([#"../387.rs" 13 26 13 28] ()); return _0 } @@ -69,7 +69,7 @@ module C387_Impl0_Height val inv0 (_x : uint64) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../387.rs" 1 0 1 0] forall x : uint64 . inv0 x = true + axiom inv0 : forall x : uint64 . inv0 x = true use prelude.Borrow use prelude.Int use int.Int @@ -117,29 +117,30 @@ module C387_Impl0_Height goto BB4 } BB2 { - n <- ([#"../387.rs" 19 22 19 23] Core_Option_Option_Type.some_0 (C387_Tree_Type.tree_0 self)); - _5 <- ([#"../387.rs" 19 29 19 44] height ([#"../387.rs" 19 29 19 44] C387_Node_Type.node_left n)); + [#"../387.rs" 19 22 19 23] n <- ([#"../387.rs" 19 22 19 23] Core_Option_Option_Type.some_0 (C387_Tree_Type.tree_0 self)); + [#"../387.rs" 19 29 19 44] _5 <- ([#"../387.rs" 19 29 19 44] height ([#"../387.rs" 19 29 19 44] C387_Node_Type.node_left n)); goto BB5 } BB3 { + assert { [#"../387.rs" 17 14 17 18] false }; absurd } BB4 { - _0 <- ([#"../387.rs" 18 26 18 27] [#"../387.rs" 18 26 18 27] (0 : uint64)); + [#"../387.rs" 18 26 18 27] _0 <- ([#"../387.rs" 18 26 18 27] [#"../387.rs" 18 26 18 27] (0 : uint64)); goto BB8 } BB5 { - _7 <- ([#"../387.rs" 19 49 19 65] height ([#"../387.rs" 19 49 19 65] C387_Node_Type.node_right n)); + [#"../387.rs" 19 49 19 65] _7 <- ([#"../387.rs" 19 49 19 65] height ([#"../387.rs" 19 49 19 65] C387_Node_Type.node_right n)); goto BB6 } BB6 { - _4 <- ([#"../387.rs" 19 29 19 66] max0 _5 _7); + [#"../387.rs" 19 29 19 66] _4 <- ([#"../387.rs" 19 29 19 66] max0 _5 _7); _5 <- any uint64; _7 <- any uint64; goto BB7 } BB7 { - _0 <- ([#"../387.rs" 19 29 19 70] _4 + ([#"../387.rs" 19 69 19 70] [#"../387.rs" 19 69 19 70] (1 : uint64))); + [#"../387.rs" 19 29 19 70] _0 <- ([#"../387.rs" 19 29 19 70] _4 + ([#"../387.rs" 19 69 19 70] [#"../387.rs" 19 69 19 70] (1 : uint64))); _4 <- any uint64; goto BB8 } diff --git a/creusot/tests/should_succeed/bug/395.mlcfg b/creusot/tests/should_succeed/bug/395.mlcfg index 7e354147e6..25a5ae46ab 100644 --- a/creusot/tests/should_succeed/bug/395.mlcfg +++ b/creusot/tests/should_succeed/bug/395.mlcfg @@ -15,16 +15,16 @@ module C395_SignedDivision goto BB0 } BB0 { - x <- ([#"../395.rs" 4 12 4 14] [#"../395.rs" 4 12 4 14] (10 : int32)); - y <- ([#"../395.rs" 5 12 5 13] [#"../395.rs" 5 12 5 13] (1 : int32)); - _7 <- x; - _8 <- y; - _9 <- ([#"../395.rs" 7 12 7 17] _8 = ([#"../395.rs" 7 12 7 17] [#"../395.rs" 7 12 7 17] (0 : int32))); + [#"../395.rs" 4 12 4 14] x <- ([#"../395.rs" 4 12 4 14] [#"../395.rs" 4 12 4 14] (10 : int32)); + [#"../395.rs" 5 12 5 13] y <- ([#"../395.rs" 5 12 5 13] [#"../395.rs" 5 12 5 13] (1 : int32)); + [#"../395.rs" 7 12 7 13] _7 <- ([#"../395.rs" 7 12 7 13] x); + [#"../395.rs" 7 16 7 17] _8 <- ([#"../395.rs" 7 16 7 17] y); + [#"../395.rs" 7 12 7 17] _9 <- ([#"../395.rs" 7 12 7 17] _8 = ([#"../395.rs" 7 12 7 17] [#"../395.rs" 7 12 7 17] (0 : int32))); assert { [@expl:division by zero] [#"../395.rs" 7 12 7 17] not _9 }; goto BB1 } BB1 { - _12 <- ([#"../395.rs" 7 12 7 17] ([#"../395.rs" 7 12 7 17] _8 = ([#"../395.rs" 7 12 7 17] [#"../395.rs" 7 12 7 17] (-1 : int32))) && ([#"../395.rs" 7 12 7 17] _7 = ([#"../395.rs" 7 12 7 17] [#"../395.rs" 7 12 7 17] (-2147483648 : int32)))); + [#"../395.rs" 7 12 7 17] _12 <- ([#"../395.rs" 7 12 7 17] ([#"../395.rs" 7 12 7 17] _8 = ([#"../395.rs" 7 12 7 17] [#"../395.rs" 7 12 7 17] (-1 : int32))) && ([#"../395.rs" 7 12 7 17] _7 = ([#"../395.rs" 7 12 7 17] [#"../395.rs" 7 12 7 17] (-2147483648 : int32)))); assert { [@expl:Div overflow] [#"../395.rs" 7 12 7 17] not _12 }; goto BB2 } @@ -35,10 +35,11 @@ module C395_SignedDivision end } BB3 { + assert { [#"../395.rs" 7 4 7 24] false }; absurd } BB4 { - _0 <- ([#"../395.rs" 3 25 8 1] ()); + [#"../395.rs" 3 25 8 1] _0 <- ([#"../395.rs" 3 25 8 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/bug/395/why3shapes.gz b/creusot/tests/should_succeed/bug/395/why3shapes.gz index 214baaf4c4..34fd6f2a15 100644 Binary files a/creusot/tests/should_succeed/bug/395/why3shapes.gz and b/creusot/tests/should_succeed/bug/395/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/bug/463.mlcfg b/creusot/tests/should_succeed/bug/463.mlcfg index d53ce4fefb..bcfbe448ed 100644 --- a/creusot/tests/should_succeed/bug/463.mlcfg +++ b/creusot/tests/should_succeed/bug/463.mlcfg @@ -26,9 +26,9 @@ module C463_Test_Closure0 goto BB0 } BB0 { - res1 <- ([#"../463.rs" 7 19 7 24] x + ([#"../463.rs" 7 23 7 24] [#"../463.rs" 7 23 7 24] (1 : usize))); - res <- res1; - _0 <- res; + [#"../463.rs" 7 19 7 24] res1 <- ([#"../463.rs" 7 19 7 24] ([#"../463.rs" 7 19 7 20] x) + ([#"../463.rs" 7 23 7 24] [#"../463.rs" 7 23 7 24] (1 : usize))); + [#"../463.rs" 5 8 5 30] res <- ([#"../463.rs" 5 8 5 30] res1); + [#"../463.rs" 6 8 6 37] _0 <- ([#"../463.rs" 6 8 6 37] res); return _0 } @@ -39,7 +39,7 @@ module C463_Test use prelude.Int8 use C463_Test_Closure0_Type as C463_Test_Closure0 predicate resolve0 [#"../463.rs" 6 8 6 37] (_1 : C463_Test_Closure0.c463_test_closure0) = - [#"../463.rs" 1 0 1 0] true + true use prelude.Borrow use prelude.Int val closure00 [#"../463.rs" 6 8 6 37] (_1 : C463_Test_Closure0.c463_test_closure0) (x : usize) : usize @@ -55,14 +55,14 @@ module C463_Test goto BB0 } BB0 { - c <- ([#"../463.rs" 6 8 6 37] C463_Test_Closure0.C463_Test_Closure0); - y <- ([#"../463.rs" 9 12 9 16] let (a) = [#"../463.rs" 9 12 9 16] (([#"../463.rs" 9 14 9 15] [#"../463.rs" 9 14 9 15] (2 : usize))) in closure00 ([#"../463.rs" 9 12 9 13] c) a); + [#"../463.rs" 6 8 6 37] c <- ([#"../463.rs" 6 8 6 37] C463_Test_Closure0.C463_Test_Closure0); + [#"../463.rs" 9 12 9 16] y <- ([#"../463.rs" 9 12 9 16] let (a) = [#"../463.rs" 9 12 9 16] (([#"../463.rs" 9 14 9 15] [#"../463.rs" 9 14 9 15] (2 : usize))) in closure00 ([#"../463.rs" 9 12 9 13] c) a); goto BB1 } BB1 { assume { resolve0 c }; assert { [@expl:assertion] [#"../463.rs" 10 18 10 25] UIntSize.to_int y = 3 }; - _0 <- ([#"../463.rs" 10 4 10 26] ()); + [#"../463.rs" 10 4 10 26] _0 <- ([#"../463.rs" 10 4 10 26] ()); return _0 } diff --git a/creusot/tests/should_succeed/bug/464.mlcfg b/creusot/tests/should_succeed/bug/464.mlcfg index 7db28700c6..012385300c 100644 --- a/creusot/tests/should_succeed/bug/464.mlcfg +++ b/creusot/tests/should_succeed/bug/464.mlcfg @@ -37,7 +37,7 @@ module C464_Impl1 val inv1 (_x : C464_Struct_Type.t_struct) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../464.rs" 1 0 1 0] forall x : C464_Struct_Type.t_struct . inv1 x = true + axiom inv1 : forall x : C464_Struct_Type.t_struct . inv1 x = true use C464_AssocStruct_Type as C464_AssocStruct_Type predicate invariant1 (self : C464_AssocStruct_Type.t_assocstruct) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -48,7 +48,7 @@ module C464_Impl1 val inv0 (_x : C464_AssocStruct_Type.t_assocstruct) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../464.rs" 1 0 1 0] forall x : C464_AssocStruct_Type.t_assocstruct . inv0 x = true + axiom inv0 : forall x : C464_AssocStruct_Type.t_assocstruct . inv0 x = true predicate invariant0 [#"../464.rs" 23 4 23 30] (self : C464_AssocStruct_Type.t_assocstruct) = [#"../464.rs" 24 8 24 12] true val invariant0 [#"../464.rs" 23 4 23 30] (self : C464_AssocStruct_Type.t_assocstruct) : bool diff --git a/creusot/tests/should_succeed/bug/486.mlcfg b/creusot/tests/should_succeed/bug/486.mlcfg index cc488c6ab3..90d95599de 100644 --- a/creusot/tests/should_succeed/bug/486.mlcfg +++ b/creusot/tests/should_succeed/bug/486.mlcfg @@ -25,8 +25,8 @@ module C486_Test goto BB0 } BB0 { - x <- (let C486_HasMutRef_Type.C_HasMutRef x0 = x in C486_HasMutRef_Type.C_HasMutRef ({ (C486_HasMutRef_Type.hasmutref_0 x) with current = ([#"../486.rs" 8 11 8 12] [#"../486.rs" 8 11 8 12] (5 : uint32)) })); - _0 <- ([#"../486.rs" 8 4 8 12] ()); + [#"../486.rs" 8 4 8 12] x <- (let C486_HasMutRef_Type.C_HasMutRef x0 = x in C486_HasMutRef_Type.C_HasMutRef ({ (C486_HasMutRef_Type.hasmutref_0 x) with current = ([#"../486.rs" 8 4 8 12] [#"../486.rs" 8 11 8 12] (5 : uint32)) })); + [#"../486.rs" 8 4 8 12] _0 <- ([#"../486.rs" 8 4 8 12] ()); return _0 } diff --git a/creusot/tests/should_succeed/bug/510.mlcfg b/creusot/tests/should_succeed/bug/510.mlcfg index 1db3d50e6d..4cfd6a83af 100644 --- a/creusot/tests/should_succeed/bug/510.mlcfg +++ b/creusot/tests/should_succeed/bug/510.mlcfg @@ -12,8 +12,8 @@ module C510_TestBool goto BB0 } BB0 { - _bing <- ([#"../510.rs" 4 16 4 25] UInt8.of_int (Bool.to_int inp)); - _0 <- ([#"../510.rs" 3 28 5 1] ()); + [#"../510.rs" 4 16 4 25] _bing <- ([#"../510.rs" 4 16 4 25] UInt8.of_int (Bool.to_int ([#"../510.rs" 4 16 4 19] inp))); + [#"../510.rs" 3 28 5 1] _0 <- ([#"../510.rs" 3 28 5 1] ()); return _0 } @@ -30,8 +30,8 @@ module C510_TestChar goto BB0 } BB0 { - _1 <- ([#"../510.rs" 8 4 8 14] Char.chr (UInt8.to_int ([#"../510.rs" 8 4 8 6] [#"../510.rs" 8 4 8 6] (22 : uint8)))); - _0 <- ([#"../510.rs" 7 19 9 1] ()); + [#"../510.rs" 8 4 8 14] _1 <- ([#"../510.rs" 8 4 8 14] Char.chr (UInt8.to_int ([#"../510.rs" 8 4 8 6] [#"../510.rs" 8 4 8 6] (22 : uint8)))); + [#"../510.rs" 7 19 9 1] _0 <- ([#"../510.rs" 7 19 9 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/bug/511.mlcfg b/creusot/tests/should_succeed/bug/511.mlcfg index ae7d7807f5..155900a2db 100644 --- a/creusot/tests/should_succeed/bug/511.mlcfg +++ b/creusot/tests/should_succeed/bug/511.mlcfg @@ -12,8 +12,8 @@ module C511_TestU8 goto BB0 } BB0 { - _bing <- ([#"../511.rs" 4 16 4 28] UIntSize.of_int (UInt8.to_int inp)); - _0 <- ([#"../511.rs" 3 24 5 1] ()); + [#"../511.rs" 4 16 4 28] _bing <- ([#"../511.rs" 4 16 4 28] UIntSize.of_int (UInt8.to_int ([#"../511.rs" 4 16 4 19] inp))); + [#"../511.rs" 3 24 5 1] _0 <- ([#"../511.rs" 3 24 5 1] ()); return _0 } @@ -31,8 +31,8 @@ module C511_TestU16 goto BB0 } BB0 { - _bing <- ([#"../511.rs" 8 16 8 28] UIntSize.of_int (UInt16.to_int inp)); - _0 <- ([#"../511.rs" 7 26 9 1] ()); + [#"../511.rs" 8 16 8 28] _bing <- ([#"../511.rs" 8 16 8 28] UIntSize.of_int (UInt16.to_int ([#"../511.rs" 8 16 8 19] inp))); + [#"../511.rs" 7 26 9 1] _0 <- ([#"../511.rs" 7 26 9 1] ()); return _0 } @@ -50,8 +50,8 @@ module C511_TestU128 goto BB0 } BB0 { - _bing <- ([#"../511.rs" 12 16 12 28] UIntSize.of_int (UInt128.to_int inp)); - _0 <- ([#"../511.rs" 11 28 13 1] ()); + [#"../511.rs" 12 16 12 28] _bing <- ([#"../511.rs" 12 16 12 28] UIntSize.of_int (UInt128.to_int ([#"../511.rs" 12 16 12 19] inp))); + [#"../511.rs" 11 28 13 1] _0 <- ([#"../511.rs" 11 28 13 1] ()); return _0 } @@ -69,8 +69,8 @@ module C511_TestI8 goto BB0 } BB0 { - _bing <- ([#"../511.rs" 16 16 16 28] UIntSize.of_int (Int8.to_int inp)); - _0 <- ([#"../511.rs" 15 24 17 1] ()); + [#"../511.rs" 16 16 16 28] _bing <- ([#"../511.rs" 16 16 16 28] UIntSize.of_int (Int8.to_int ([#"../511.rs" 16 16 16 19] inp))); + [#"../511.rs" 15 24 17 1] _0 <- ([#"../511.rs" 15 24 17 1] ()); return _0 } @@ -88,8 +88,8 @@ module C511_TestI16 goto BB0 } BB0 { - _bing <- ([#"../511.rs" 20 16 20 28] UIntSize.of_int (Int16.to_int inp)); - _0 <- ([#"../511.rs" 19 26 21 1] ()); + [#"../511.rs" 20 16 20 28] _bing <- ([#"../511.rs" 20 16 20 28] UIntSize.of_int (Int16.to_int ([#"../511.rs" 20 16 20 19] inp))); + [#"../511.rs" 19 26 21 1] _0 <- ([#"../511.rs" 19 26 21 1] ()); return _0 } @@ -107,8 +107,8 @@ module C511_TestI128 goto BB0 } BB0 { - _bing <- ([#"../511.rs" 24 16 24 28] UIntSize.of_int (Int128.to_int inp)); - _0 <- ([#"../511.rs" 23 28 25 1] ()); + [#"../511.rs" 24 16 24 28] _bing <- ([#"../511.rs" 24 16 24 28] UIntSize.of_int (Int128.to_int ([#"../511.rs" 24 16 24 19] inp))); + [#"../511.rs" 23 28 25 1] _0 <- ([#"../511.rs" 23 28 25 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/bug/528.mlcfg b/creusot/tests/should_succeed/bug/528.mlcfg index a3ef15caf4..b28df86ddb 100644 --- a/creusot/tests/should_succeed/bug/528.mlcfg +++ b/creusot/tests/should_succeed/bug/528.mlcfg @@ -10,7 +10,7 @@ module C528_Neq goto BB0 } BB0 { - _0 <- ([#"../528.rs" 4 4 4 10] Bool.neqb a b); + [#"../528.rs" 4 4 4 10] _0 <- ([#"../528.rs" 4 4 4 10] Bool.neqb ([#"../528.rs" 4 4 4 5] a) ([#"../528.rs" 4 9 4 10] b)); return _0 } diff --git a/creusot/tests/should_succeed/bug/545.mlcfg b/creusot/tests/should_succeed/bug/545.mlcfg index 7d4f76a59a..7df3e0458e 100644 --- a/creusot/tests/should_succeed/bug/545.mlcfg +++ b/creusot/tests/should_succeed/bug/545.mlcfg @@ -10,7 +10,7 @@ module C545_NegativeIsNegative } BB0 { assert { [@expl:assertion] [#"../545.rs" 5 18 5 32] (0 : int32) > (-100 : int32) }; - _0 <- ([#"../545.rs" 4 30 6 1] ()); + [#"../545.rs" 4 30 6 1] _0 <- ([#"../545.rs" 4 30 6 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/bug/552.mlcfg b/creusot/tests/should_succeed/bug/552.mlcfg index e9c374fd2e..e4c054b005 100644 --- a/creusot/tests/should_succeed/bug/552.mlcfg +++ b/creusot/tests/should_succeed/bug/552.mlcfg @@ -27,7 +27,7 @@ module C552_Impl1_Transition goto BB0 } BB0 { - _0 <- ([#"../552.rs" 32 8 32 18] C552_Transition_Type.C_Transition); + [#"../552.rs" 32 8 32 18] _0 <- ([#"../552.rs" 32 8 32 18] C552_Transition_Type.C_Transition); return _0 } @@ -61,12 +61,12 @@ module C552_Impl0_Step goto BB0 } BB0 { - _4 <- ([#"../552.rs" 24 8 24 25] transition0 ([#"../552.rs" 24 8 24 25] * self)); + [#"../552.rs" 24 8 24 25] _4 <- ([#"../552.rs" 24 8 24 25] transition0 ([#"../552.rs" 24 8 24 25] * self)); goto BB1 } BB1 { assume { resolve0 self }; - _0 <- ([#"../552.rs" 25 8 25 13] [#"../552.rs" 25 8 25 13] false); + [#"../552.rs" 25 8 25 13] _0 <- ([#"../552.rs" 25 8 25 13] [#"../552.rs" 25 8 25 13] false); return _0 } @@ -83,7 +83,7 @@ module C552_Impl0 val inv0 (_x : borrowed (C552_Machine_Type.t_machine)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../552.rs" 1 0 1 0] forall x : borrowed (C552_Machine_Type.t_machine) . inv0 x = true + axiom inv0 : forall x : borrowed (C552_Machine_Type.t_machine) . inv0 x = true predicate invariants0 [#"../552.rs" 18 4 18 31] (self : C552_Machine_Type.t_machine) = [#"../552.rs" 19 8 19 12] true val invariants0 [#"../552.rs" 18 4 18 31] (self : C552_Machine_Type.t_machine) : bool diff --git a/creusot/tests/should_succeed/bug/570.mlcfg b/creusot/tests/should_succeed/bug/570.mlcfg index d48c36dff5..39b486da65 100644 --- a/creusot/tests/should_succeed/bug/570.mlcfg +++ b/creusot/tests/should_succeed/bug/570.mlcfg @@ -31,7 +31,7 @@ module C570_TestProgram goto BB0 } BB0 { - _0 <- ([#"../570.rs" 12 27 14 1] ()); + [#"../570.rs" 12 27 14 1] _0 <- ([#"../570.rs" 12 27 14 1] ()); return _0 } @@ -50,8 +50,8 @@ module C570_TestAssign goto BB0 } BB0 { - s <- (let C570_S2_Type.C_S2 x0 = s in C570_S2_Type.C_S2 (let C570_S1_Type.C_S1 x0 = C570_S2_Type.s2_s1 s in C570_S1_Type.C_S1 ([#"../570.rs" 17 13 17 14] [#"../570.rs" 17 13 17 14] (2 : int32)))); - _0 <- ([#"../570.rs" 16 30 18 1] ()); + [#"../570.rs" 17 4 17 14] s <- (let C570_S2_Type.C_S2 x0 = s in C570_S2_Type.C_S2 (let C570_S1_Type.C_S1 x0 = C570_S2_Type.s2_s1 s in C570_S1_Type.C_S1 ([#"../570.rs" 17 4 17 14] [#"../570.rs" 17 13 17 14] (2 : int32)))); + [#"../570.rs" 16 30 18 1] _0 <- ([#"../570.rs" 16 30 18 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/bug/594.mlcfg b/creusot/tests/should_succeed/bug/594.mlcfg index 421cc18a34..48b1124e45 100644 --- a/creusot/tests/should_succeed/bug/594.mlcfg +++ b/creusot/tests/should_succeed/bug/594.mlcfg @@ -23,9 +23,9 @@ module C594_TestProgram goto BB0 } BB0 { - x <- (let (a, _) = _1 in a); + [#"../594.rs" 11 21 11 22] x <- ([#"../594.rs" 11 21 11 22] let (a, _) = _1 in a); assume { resolve0 _1 }; - _0 <- x; + [#"../594.rs" 12 4 12 5] _0 <- ([#"../594.rs" 12 4 12 5] x); return _0 } @@ -66,11 +66,11 @@ module C594_TestClosure_Closure0 goto BB0 } BB0 { - _a <- (let (a, _) = _3 in a); - b <- (let (_, a) = _3 in a); + [#"../594.rs" 17 10 17 12] _a <- ([#"../594.rs" 17 10 17 12] let (a, _) = _3 in a); + [#"../594.rs" 17 14 17 15] b <- ([#"../594.rs" 17 14 17 15] let (_, a) = _3 in a); assume { resolve0 _3 }; - res <- b; - _0 <- res; + [#"../594.rs" 17 18 17 19] res <- ([#"../594.rs" 17 18 17 19] b); + [#"../594.rs" 16 14 16 37] _0 <- ([#"../594.rs" 16 14 16 37] res); return _0 } @@ -111,11 +111,11 @@ module C594_TestClosure_Closure1 goto BB0 } BB0 { - _a <- (let (a, _) = _2 in a); - b <- (let (_, a) = _2 in a); + [#"../594.rs" 19 6 19 8] _a <- ([#"../594.rs" 19 6 19 8] let (a, _) = _2 in a); + [#"../594.rs" 19 10 19 11] b <- ([#"../594.rs" 19 10 19 11] let (_, a) = _2 in a); assume { resolve0 _2 }; - res <- b; - _0 <- res; + [#"../594.rs" 19 14 19 15] res <- ([#"../594.rs" 19 14 19 15] b); + [#"../594.rs" 18 14 18 37] _0 <- ([#"../594.rs" 18 14 18 37] res); return _0 } @@ -125,7 +125,7 @@ module C594_TestClosure use prelude.Int8 use C594_TestClosure_Closure1_Type as C594_TestClosure_Closure1 predicate resolve1 [#"../594.rs" 18 14 18 37] (_1 : C594_TestClosure_Closure1.c594_testclosure_closure1) = - [#"../594.rs" 1 0 1 0] true + true use prelude.Borrow use prelude.Int predicate resolve3 (self : int32) = @@ -143,7 +143,7 @@ module C594_TestClosure use C594_TestClosure_Closure0_Type as C594_TestClosure_Closure0 predicate resolve0 [#"../594.rs" 16 14 16 37] (_1 : C594_TestClosure_Closure0.c594_testclosure_closure0) = - [#"../594.rs" 1 0 1 0] true + true val closure00 [#"../594.rs" 16 14 16 37] (_1 : C594_TestClosure_Closure0.c594_testclosure_closure0) (_c : int32) (_3 : (int32, int32)) : int32 ensures { [#"../594.rs" 16 24 16 35] let (_a, b) = _3 in result = b } @@ -158,19 +158,19 @@ module C594_TestClosure goto BB0 } BB0 { - cl1 <- ([#"../594.rs" 16 14 16 37] C594_TestClosure_Closure0.C594_TestClosure_Closure0); - cl2 <- ([#"../594.rs" 18 14 18 37] C594_TestClosure_Closure1.C594_TestClosure_Closure1); - _a <- ([#"../594.rs" 20 13 20 29] let (a, b) = [#"../594.rs" 20 13 20 29] (([#"../594.rs" 20 19 20 20] [#"../594.rs" 20 19 20 20] (4 : int32)), ([#"../594.rs" 20 22 20 28] (([#"../594.rs" 20 23 20 24] [#"../594.rs" 20 23 20 24] (0 : int32)), ([#"../594.rs" 20 26 20 27] [#"../594.rs" 20 26 20 27] (3 : int32))))) in closure00 ([#"../594.rs" 20 13 20 18] cl1) a b); + [#"../594.rs" 16 14 16 37] cl1 <- ([#"../594.rs" 16 14 16 37] C594_TestClosure_Closure0.C594_TestClosure_Closure0); + [#"../594.rs" 18 14 18 37] cl2 <- ([#"../594.rs" 18 14 18 37] C594_TestClosure_Closure1.C594_TestClosure_Closure1); + [#"../594.rs" 20 13 20 29] _a <- ([#"../594.rs" 20 13 20 29] let (a, b) = [#"../594.rs" 20 13 20 29] (([#"../594.rs" 20 19 20 20] [#"../594.rs" 20 19 20 20] (4 : int32)), ([#"../594.rs" 20 22 20 28] (([#"../594.rs" 20 23 20 24] [#"../594.rs" 20 23 20 24] (0 : int32)), ([#"../594.rs" 20 26 20 27] [#"../594.rs" 20 26 20 27] (3 : int32))))) in closure00 ([#"../594.rs" 20 13 20 18] cl1) a b); goto BB1 } BB1 { assume { resolve0 cl1 }; - _b <- ([#"../594.rs" 21 13 21 26] let (a) = [#"../594.rs" 21 13 21 26] (([#"../594.rs" 21 19 21 25] (([#"../594.rs" 21 20 21 21] [#"../594.rs" 21 20 21 21] (0 : int32)), ([#"../594.rs" 21 23 21 24] [#"../594.rs" 21 23 21 24] (4 : int32))))) in closure10 ([#"../594.rs" 21 13 21 18] cl2) a); + [#"../594.rs" 21 13 21 26] _b <- ([#"../594.rs" 21 13 21 26] let (a) = [#"../594.rs" 21 13 21 26] (([#"../594.rs" 21 19 21 25] (([#"../594.rs" 21 20 21 21] [#"../594.rs" 21 20 21 21] (0 : int32)), ([#"../594.rs" 21 23 21 24] [#"../594.rs" 21 23 21 24] (4 : int32))))) in closure10 ([#"../594.rs" 21 13 21 18] cl2) a); goto BB2 } BB2 { assume { resolve1 cl2 }; - _0 <- ([#"../594.rs" 15 22 22 1] ()); + [#"../594.rs" 15 22 22 1] _0 <- ([#"../594.rs" 15 22 22 1] ()); return _0 } @@ -207,9 +207,9 @@ module C594_Impl0_TestMethod goto BB0 } BB0 { - x <- (let (a, _) = _2 in a); + [#"../594.rs" 33 30 33 31] x <- ([#"../594.rs" 33 30 33 31] let (a, _) = _2 in a); assume { resolve0 _2 }; - _0 <- x; + [#"../594.rs" 34 8 34 9] _0 <- ([#"../594.rs" 34 8 34 9] x); return _0 } diff --git a/creusot/tests/should_succeed/bug/641.mlcfg b/creusot/tests/should_succeed/bug/641.mlcfg index 9ea78386b9..99b5272429 100644 --- a/creusot/tests/should_succeed/bug/641.mlcfg +++ b/creusot/tests/should_succeed/bug/641.mlcfg @@ -15,7 +15,7 @@ module C641_TestMaintains goto BB0 } BB0 { - _0 <- ([#"../641.rs" 16 24 16 26] ()); + [#"../641.rs" 16 24 16 26] _0 <- ([#"../641.rs" 16 24 16 26] ()); return _0 } diff --git a/creusot/tests/should_succeed/bug/653.mlcfg b/creusot/tests/should_succeed/bug/653.mlcfg index e9b7dfa78e..51cc10c951 100644 --- a/creusot/tests/should_succeed/bug/653.mlcfg +++ b/creusot/tests/should_succeed/bug/653.mlcfg @@ -13,7 +13,7 @@ module C653_Omg goto BB0 } BB0 { - _0 <- n; + [#"../653.rs" 7 4 7 5] _0 <- ([#"../653.rs" 7 4 7 5] n); return _0 } diff --git a/creusot/tests/should_succeed/bug/682.mlcfg b/creusot/tests/should_succeed/bug/682.mlcfg index 60f2372d15..007abf90b6 100644 --- a/creusot/tests/should_succeed/bug/682.mlcfg +++ b/creusot/tests/should_succeed/bug/682.mlcfg @@ -21,9 +21,9 @@ module C682_AddSome goto BB0 } BB0 { - a <- { a with current = ([#"../682.rs" 7 4 7 11] * a + ([#"../682.rs" 7 10 7 11] [#"../682.rs" 7 10 7 11] (1 : uint64))) }; + [#"../682.rs" 7 4 7 11] a <- { a with current = ([#"../682.rs" 7 4 7 11] * a + ([#"../682.rs" 7 10 7 11] [#"../682.rs" 7 10 7 11] (1 : uint64))) }; assume { resolve0 a }; - _0 <- ([#"../682.rs" 6 25 8 1] ()); + [#"../682.rs" 6 25 8 1] _0 <- ([#"../682.rs" 6 25 8 1] ()); return _0 } @@ -60,20 +60,20 @@ module C682_Foo goto BB0 } BB0 { - a_p <- ([#"../682.rs" 13 26 13 33] Ghost.new ( * a)); + [#"../682.rs" 13 26 13 33] a_p <- ([#"../682.rs" 13 26 13 33] Ghost.new ( * a)); goto BB1 } BB1 { - _7 <- Borrow.borrow_mut ( * a); - a <- { a with current = ^ _7 }; - _6 <- ([#"../682.rs" 14 4 14 15] add_some0 _7); + [#"../682.rs" 14 13 14 14] _7 <- Borrow.borrow_mut ( * a); + [#"../682.rs" 14 13 14 14] a <- { a with current = ^ _7 }; + [#"../682.rs" 14 4 14 15] _6 <- ([#"../682.rs" 14 4 14 15] add_some0 _7); _7 <- any borrowed uint64; goto BB2 } BB2 { assume { resolve0 a }; assert { [@expl:assertion] [#"../682.rs" 15 18 15 27] * a > Ghost.inner a_p }; - _0 <- ([#"../682.rs" 12 24 16 1] ()); + [#"../682.rs" 12 24 16 1] _0 <- ([#"../682.rs" 12 24 16 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/bug/691.mlcfg b/creusot/tests/should_succeed/bug/691.mlcfg index edb8270f05..72883934cf 100644 --- a/creusot/tests/should_succeed/bug/691.mlcfg +++ b/creusot/tests/should_succeed/bug/691.mlcfg @@ -28,7 +28,7 @@ module C691_Example_Closure0 function field_00 [#"../691.rs" 10 12 10 39] (self : C691_Example_Closure0.c691_example_closure0) : C691_Foo_Type.t_foo = - [#"../691.rs" 1 0 1 0] let C691_Example_Closure0.C691_Example_Closure0 a = self in a + let C691_Example_Closure0.C691_Example_Closure0 a = self in a val field_00 [#"../691.rs" 10 12 10 39] (self : C691_Example_Closure0.c691_example_closure0) : C691_Foo_Type.t_foo ensures { result = field_00 self } @@ -42,8 +42,8 @@ module C691_Example_Closure0 goto BB0 } BB0 { - res <- ([#"../691.rs" 11 7 11 9] ()); - _0 <- res; + [#"../691.rs" 11 7 11 9] res <- ([#"../691.rs" 11 7 11 9] ()); + [#"../691.rs" 10 12 10 39] _0 <- ([#"../691.rs" 10 12 10 39] res); return _0 } @@ -53,7 +53,7 @@ module C691_Example use prelude.Int8 use C691_Example_Closure0_Type as C691_Example_Closure0 predicate resolve0 [#"../691.rs" 10 12 10 39] (_1 : C691_Example_Closure0.c691_example_closure0) = - [#"../691.rs" 1 0 1 0] true + true use prelude.UInt32 use prelude.Int let rec cfg example [#"../691.rs" 8 0 8 16] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : ()) : () @@ -65,10 +65,10 @@ module C691_Example goto BB0 } BB0 { - c <- ([#"../691.rs" 9 12 9 29] C691_Foo_Type.C_Foo ([#"../691.rs" 9 23 9 27] [#"../691.rs" 9 23 9 27] (2 : uint32))); - _2 <- ([#"../691.rs" 10 12 10 39] C691_Example_Closure0.C691_Example_Closure0 ([#"../691.rs" 10 12 10 39] c)); + [#"../691.rs" 9 12 9 29] c <- ([#"../691.rs" 9 12 9 29] C691_Foo_Type.C_Foo ([#"../691.rs" 9 23 9 27] [#"../691.rs" 9 23 9 27] (2 : uint32))); + [#"../691.rs" 10 12 10 39] _2 <- ([#"../691.rs" 10 12 10 39] C691_Example_Closure0.C691_Example_Closure0 ([#"../691.rs" 10 12 10 39] c)); assume { resolve0 _2 }; - _0 <- ([#"../691.rs" 8 17 12 1] ()); + [#"../691.rs" 8 17 12 1] _0 <- ([#"../691.rs" 8 17 12 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/bug/693.mlcfg b/creusot/tests/should_succeed/bug/693.mlcfg index 1f386d66ad..406efe6074 100644 --- a/creusot/tests/should_succeed/bug/693.mlcfg +++ b/creusot/tests/should_succeed/bug/693.mlcfg @@ -9,13 +9,13 @@ module C693_F val inv0 (_x : ifc) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../693.rs" 1 0 1 0] forall x : ifc . inv0 x = true + axiom inv0 : forall x : ifc . inv0 x = true predicate resolve0 (self : ifc) val resolve0 (self : ifc) : bool ensures { result = resolve0 self } let rec cfg f [#"../693.rs" 3 0 3 21] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : ifc) : () - requires {[#"../693.rs" 1 0 1 0] inv0 _1} + requires {inv0 _1} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -24,7 +24,7 @@ module C693_F goto BB0 } BB0 { - _0 <- ([#"../693.rs" 3 22 3 24] ()); + [#"../693.rs" 3 22 3 24] _0 <- ([#"../693.rs" 3 22 3 24] ()); assert { [@expl:type invariant] inv0 _1 }; assume { resolve0 _1 }; goto BB1 @@ -45,9 +45,9 @@ module C693_G val inv0 (_x : int32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../693.rs" 1 0 1 0] forall x : int32 . inv0 x = true + axiom inv0 : forall x : int32 . inv0 x = true val f0 [#"../693.rs" 3 0 3 21] (_1 : int32) : () - requires {[#"../693.rs" 1 0 1 0] inv0 _1} + requires {inv0 _1} use prelude.Int let rec cfg g [#"../693.rs" 5 0 5 10] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : ()) : () @@ -57,7 +57,7 @@ module C693_G goto BB0 } BB0 { - _0 <- ([#"../693.rs" 6 4 6 8] f0 ([#"../693.rs" 6 6 6 7] [#"../693.rs" 6 6 6 7] (0 : int32))); + [#"../693.rs" 6 4 6 8] _0 <- ([#"../693.rs" 6 4 6 8] f0 ([#"../693.rs" 6 6 6 7] [#"../693.rs" 6 6 6 7] (0 : int32))); goto BB1 } BB1 { diff --git a/creusot/tests/should_succeed/bug/766.mlcfg b/creusot/tests/should_succeed/bug/766.mlcfg index d5a81c8a0a..4b38cb6a8a 100644 --- a/creusot/tests/should_succeed/bug/766.mlcfg +++ b/creusot/tests/should_succeed/bug/766.mlcfg @@ -15,7 +15,7 @@ module C766_Trait_Goo val inv1 (_x : borrowed self) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../766.rs" 1 0 1 0] forall x : borrowed self . inv1 x = true + axiom inv1 : forall x : borrowed self . inv1 x = true predicate invariant0 (self : self) val invariant0 (self : self) : bool ensures { result = invariant0 self } @@ -24,7 +24,7 @@ module C766_Trait_Goo val inv0 (_x : self) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../766.rs" 1 0 1 0] forall x : self . inv0 x = true + axiom inv0 : forall x : self . inv0 x = true predicate resolve0 (self : borrowed self) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve0 (self : borrowed self) : bool @@ -59,10 +59,10 @@ module C766_Trait_Goo goto BB0 } BB0 { - _2 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _2 }; + [#"../766.rs" 11 8 11 16] _2 <- Borrow.borrow_mut ( * self); + [#"../766.rs" 11 8 11 16] self <- { self with current = ^ _2 }; assume { inv0 ( ^ _2) }; - _0 <- ([#"../766.rs" 11 8 11 16] f0 _2); + [#"../766.rs" 11 8 11 16] _0 <- ([#"../766.rs" 11 8 11 16] f0 _2); _2 <- any borrowed self; goto BB1 } diff --git a/creusot/tests/should_succeed/bug/789.mlcfg b/creusot/tests/should_succeed/bug/789.mlcfg index 71dd77ccfa..18928f3795 100644 --- a/creusot/tests/should_succeed/bug/789.mlcfg +++ b/creusot/tests/should_succeed/bug/789.mlcfg @@ -9,7 +9,7 @@ module C789_Meta goto BB0 } BB0 { - _0 <- ([#"../789.rs" 3 23 3 25] ()); + [#"../789.rs" 3 23 3 25] _0 <- ([#"../789.rs" 3 23 3 25] ()); return _0 } diff --git a/creusot/tests/should_succeed/bug/791.mlcfg b/creusot/tests/should_succeed/bug/791.mlcfg index a2b5751a46..b0383fbf44 100644 --- a/creusot/tests/should_succeed/bug/791.mlcfg +++ b/creusot/tests/should_succeed/bug/791.mlcfg @@ -7,7 +7,7 @@ module C791_ILoveFloats goto BB0 } BB0 { - _0 <- ([#"../791.rs" 3 23 6 1] ()); + [#"../791.rs" 3 23 6 1] _0 <- ([#"../791.rs" 3 23 6 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/bug/874.mlcfg b/creusot/tests/should_succeed/bug/874.mlcfg index 983e98b77b..9d17083247 100644 --- a/creusot/tests/should_succeed/bug/874.mlcfg +++ b/creusot/tests/should_succeed/bug/874.mlcfg @@ -72,7 +72,7 @@ module C874_CanExtend val inv6 (_x : slice int32) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../874.rs" 1 0 1 0] forall x : slice int32 . inv6 x = true + axiom inv6 : forall x : slice int32 . inv6 x = true use seq.Seq use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_IntoIter_IntoIter_Type as Alloc_Vec_IntoIter_IntoIter_Type @@ -127,7 +127,7 @@ module C874_CanExtend val invariant5 (self : Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter int32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant5 self } - axiom inv5 : [#"../874.rs" 1 0 1 0] forall x : Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter int32 (Alloc_Alloc_Global_Type.t_global) . inv5 x = true + axiom inv5 : forall x : Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter int32 (Alloc_Alloc_Global_Type.t_global) . inv5 x = true use prelude.Borrow predicate invariant4 (self : borrowed (Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter int32 (Alloc_Alloc_Global_Type.t_global))) @@ -140,13 +140,13 @@ module C874_CanExtend val inv4 (_x : borrowed (Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter int32 (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../874.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter int32 (Alloc_Alloc_Global_Type.t_global)) . inv4 x = true + axiom inv4 : forall x : borrowed (Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter int32 (Alloc_Alloc_Global_Type.t_global)) . inv4 x = true predicate invariant3 (self : Seq.seq int32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : Seq.seq int32) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../874.rs" 1 0 1 0] forall x : Seq.seq int32 . inv3 x = true + axiom inv3 : forall x : Seq.seq int32 . inv3 x = true use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type predicate invariant2 (self : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -157,7 +157,7 @@ module C874_CanExtend val inv2 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../874.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) . inv2 x = true + axiom inv2 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) . inv2 x = true use prelude.UIntSize use prelude.Int use prelude.UIntSize @@ -179,7 +179,7 @@ module C874_CanExtend val invariant1 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../874.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv1 x = true + axiom inv1 : forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv1 x = true predicate invariant0 (self : slice int32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : slice int32) : bool @@ -189,7 +189,7 @@ module C874_CanExtend val inv0 (_x : slice int32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../874.rs" 1 0 1 0] forall x : slice int32 . inv0 x = true + axiom inv0 : forall x : slice int32 . inv0 x = true use seq.Seq predicate resolve1 (self : int32) = [#"../../../../../creusot-contracts/src/resolve.rs" 45 8 45 12] true @@ -290,7 +290,7 @@ module C874_CanExtend goto BB2 } BB2 { - v <- ([#"../874.rs" 5 16 5 29] into_vec0 ([#"../../../../../creusot-contracts/src/lib.rs" 253 47 253 56] let __arr_temp = any array int32 in assume {Seq.get (__arr_temp.elts) 0 = ([#"../874.rs" 5 21 5 22] [#"../874.rs" 5 21 5 22] (1 : int32))}; assume {Seq.get (__arr_temp.elts) 1 = ([#"../874.rs" 5 24 5 25] [#"../874.rs" 5 24 5 25] (2 : int32))}; assume {Seq.get (__arr_temp.elts) 2 = ([#"../874.rs" 5 27 5 28] [#"../874.rs" 5 27 5 28] (3 : int32))}; assume {Slice.length __arr_temp = 3}; __arr_temp)); + [#"../../../../../creusot-contracts/src/lib.rs" 253 8 253 58] v <- ([#"../874.rs" 5 16 5 29] into_vec0 ([#"../../../../../creusot-contracts/src/lib.rs" 253 47 253 56] let __arr_temp = any array int32 in assume {Seq.get (__arr_temp.elts) 0 = ([#"../874.rs" 5 21 5 22] [#"../874.rs" 5 21 5 22] (1 : int32))}; assume {Seq.get (__arr_temp.elts) 1 = ([#"../874.rs" 5 24 5 25] [#"../874.rs" 5 24 5 25] (2 : int32))}; assume {Seq.get (__arr_temp.elts) 2 = ([#"../874.rs" 5 27 5 28] [#"../874.rs" 5 27 5 28] (3 : int32))}; assume {Slice.length __arr_temp = 3}; __arr_temp)); goto BB3 } BB3 { @@ -300,15 +300,15 @@ module C874_CanExtend goto BB5 } BB5 { - w <- ([#"../874.rs" 6 12 6 25] into_vec0 ([#"../../../../../creusot-contracts/src/lib.rs" 253 47 253 56] let __arr_temp = any array int32 in assume {Seq.get (__arr_temp.elts) 0 = ([#"../874.rs" 6 17 6 18] [#"../874.rs" 6 17 6 18] (4 : int32))}; assume {Seq.get (__arr_temp.elts) 1 = ([#"../874.rs" 6 20 6 21] [#"../874.rs" 6 20 6 21] (5 : int32))}; assume {Seq.get (__arr_temp.elts) 2 = ([#"../874.rs" 6 23 6 24] [#"../874.rs" 6 23 6 24] (6 : int32))}; assume {Slice.length __arr_temp = 3}; __arr_temp)); + [#"../../../../../creusot-contracts/src/lib.rs" 253 8 253 58] w <- ([#"../874.rs" 6 12 6 25] into_vec0 ([#"../../../../../creusot-contracts/src/lib.rs" 253 47 253 56] let __arr_temp = any array int32 in assume {Seq.get (__arr_temp.elts) 0 = ([#"../874.rs" 6 17 6 18] [#"../874.rs" 6 17 6 18] (4 : int32))}; assume {Seq.get (__arr_temp.elts) 1 = ([#"../874.rs" 6 20 6 21] [#"../874.rs" 6 20 6 21] (5 : int32))}; assume {Seq.get (__arr_temp.elts) 2 = ([#"../874.rs" 6 23 6 24] [#"../874.rs" 6 23 6 24] (6 : int32))}; assume {Slice.length __arr_temp = 3}; __arr_temp)); goto BB6 } BB6 { - _10 <- Borrow.borrow_mut v; - v <- ^ _10; - _9 <- ([#"../874.rs" 7 4 7 15] extend0 _10 w); + [#"../874.rs" 7 4 7 15] _10 <- Borrow.borrow_mut v; + [#"../874.rs" 7 4 7 15] v <- ^ _10; + [#"../874.rs" 7 4 7 15] _9 <- ([#"../874.rs" 7 4 7 15] extend0 _10 ([#"../874.rs" 7 13 7 14] w)); _10 <- any borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)); - w <- any Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global); + [#"../874.rs" 7 13 7 14] w <- any Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global); goto BB7 } BB7 { @@ -319,7 +319,7 @@ module C874_CanExtend goto BB9 } BB9 { - z <- ([#"../874.rs" 9 12 9 34] into_vec0 ([#"../../../../../creusot-contracts/src/lib.rs" 253 47 253 56] let __arr_temp = any array int32 in assume {Seq.get (__arr_temp.elts) 0 = ([#"../874.rs" 9 17 9 18] [#"../874.rs" 9 17 9 18] (1 : int32))}; assume {Seq.get (__arr_temp.elts) 1 = ([#"../874.rs" 9 20 9 21] [#"../874.rs" 9 20 9 21] (2 : int32))}; assume {Seq.get (__arr_temp.elts) 2 = ([#"../874.rs" 9 23 9 24] [#"../874.rs" 9 23 9 24] (3 : int32))}; assume {Seq.get (__arr_temp.elts) 3 = ([#"../874.rs" 9 26 9 27] [#"../874.rs" 9 26 9 27] (4 : int32))}; assume {Seq.get (__arr_temp.elts) 4 = ([#"../874.rs" 9 29 9 30] [#"../874.rs" 9 29 9 30] (5 : int32))}; assume {Seq.get (__arr_temp.elts) 5 = ([#"../874.rs" 9 32 9 33] [#"../874.rs" 9 32 9 33] (6 : int32))}; assume {Slice.length __arr_temp = 6}; __arr_temp)); + [#"../../../../../creusot-contracts/src/lib.rs" 253 8 253 58] z <- ([#"../874.rs" 9 12 9 34] into_vec0 ([#"../../../../../creusot-contracts/src/lib.rs" 253 47 253 56] let __arr_temp = any array int32 in assume {Seq.get (__arr_temp.elts) 0 = ([#"../874.rs" 9 17 9 18] [#"../874.rs" 9 17 9 18] (1 : int32))}; assume {Seq.get (__arr_temp.elts) 1 = ([#"../874.rs" 9 20 9 21] [#"../874.rs" 9 20 9 21] (2 : int32))}; assume {Seq.get (__arr_temp.elts) 2 = ([#"../874.rs" 9 23 9 24] [#"../874.rs" 9 23 9 24] (3 : int32))}; assume {Seq.get (__arr_temp.elts) 3 = ([#"../874.rs" 9 26 9 27] [#"../874.rs" 9 26 9 27] (4 : int32))}; assume {Seq.get (__arr_temp.elts) 4 = ([#"../874.rs" 9 29 9 30] [#"../874.rs" 9 29 9 30] (5 : int32))}; assume {Seq.get (__arr_temp.elts) 5 = ([#"../874.rs" 9 32 9 33] [#"../874.rs" 9 32 9 33] (6 : int32))}; assume {Slice.length __arr_temp = 6}; __arr_temp)); goto BB10 } BB10 { @@ -328,7 +328,7 @@ module C874_CanExtend goto BB11 } BB11 { - _0 <- ([#"../874.rs" 4 20 11 1] ()); + [#"../874.rs" 4 20 11 1] _0 <- ([#"../874.rs" 4 20 11 1] ()); goto BB12 } BB12 { diff --git a/creusot/tests/should_succeed/bug/922.mlcfg b/creusot/tests/should_succeed/bug/922.mlcfg index 5ae09d265d..916bff1a1e 100644 --- a/creusot/tests/should_succeed/bug/922.mlcfg +++ b/creusot/tests/should_succeed/bug/922.mlcfg @@ -35,12 +35,12 @@ module C922_G goto BB0 } BB0 { - _4 <- Borrow.borrow_mut ( * (let (_, a) = let (a, _) = x in a in a)); - x <- (let (x0, x1) = x in ((let (x0, x1) = let (a, _) = x in a in (x0, { (let (_, a) = let (a, _) = x in a in a) with current = ^ _4 })), x1)); - _2 <- Borrow.borrow_mut ( * _4); - _4 <- { _4 with current = ^ _2 }; - _0 <- Borrow.borrow_mut ( * _2); - _2 <- { _2 with current = ^ _0 }; + [#"../922.rs" 6 4 6 17] _4 <- Borrow.borrow_mut ( * (let (_, a) = let (a, _) = x in a in a)); + [#"../922.rs" 6 4 6 17] x <- (let (x0, x1) = x in ((let (x0, x1) = let (a, _) = x in a in (x0, { (let (_, a) = let (a, _) = x in a in a) with current = ^ _4 })), x1)); + [#"../922.rs" 6 4 6 17] _2 <- Borrow.borrow_mut ( * _4); + [#"../922.rs" 6 4 6 17] _4 <- { _4 with current = ^ _2 }; + [#"../922.rs" 6 4 6 17] _0 <- Borrow.borrow_mut ( * _2); + [#"../922.rs" 6 4 6 17] _2 <- { _2 with current = ^ _0 }; assume { resolve0 _4 }; assume { resolve0 _2 }; assume { resolve1 x }; @@ -76,12 +76,12 @@ module C922_F1 goto BB0 } BB0 { - _6 <- Borrow.borrow_mut ( * (let (_, a) = * b in a)); - b <- { b with current = (let (x0, x1) = * b in (x0, { (let (_, a) = * b in a) with current = ^ _6 })) }; - _2 <- Borrow.borrow_mut ( * _6); - _6 <- { _6 with current = ^ _2 }; - _0 <- Borrow.borrow_mut ( * _2); - _2 <- { _2 with current = ^ _0 }; + [#"../922.rs" 13 4 13 13] _6 <- Borrow.borrow_mut ( * (let (_, a) = * b in a)); + [#"../922.rs" 13 4 13 13] b <- { b with current = (let (x0, x1) = * b in (x0, { (let (_, a) = * b in a) with current = ^ _6 })) }; + [#"../922.rs" 13 4 13 13] _2 <- Borrow.borrow_mut ( * _6); + [#"../922.rs" 13 4 13 13] _6 <- { _6 with current = ^ _2 }; + [#"../922.rs" 13 4 13 13] _0 <- Borrow.borrow_mut ( * _2); + [#"../922.rs" 13 4 13 13] _2 <- { _2 with current = ^ _0 }; assume { resolve0 _6 }; assume { resolve0 _2 }; assume { resolve1 b }; @@ -117,12 +117,12 @@ module C922_F2 goto BB0 } BB0 { - _6 <- Borrow.borrow_mut ( * (let (_, a) = * x0 in a)); - x0 <- { x0 with current = (let (x1, x2) = * x0 in (x1, { (let (_, a) = * x0 in a) with current = ^ _6 })) }; - _2 <- Borrow.borrow_mut ( * _6); - _6 <- { _6 with current = ^ _2 }; - _0 <- Borrow.borrow_mut ( * _2); - _2 <- { _2 with current = ^ _0 }; + [#"../922.rs" 20 4 20 14] _6 <- Borrow.borrow_mut ( * (let (_, a) = * x0 in a)); + [#"../922.rs" 20 4 20 14] x0 <- { x0 with current = (let (x1, x2) = * x0 in (x1, { (let (_, a) = * x0 in a) with current = ^ _6 })) }; + [#"../922.rs" 20 4 20 14] _2 <- Borrow.borrow_mut ( * _6); + [#"../922.rs" 20 4 20 14] _6 <- { _6 with current = ^ _2 }; + [#"../922.rs" 20 4 20 14] _0 <- Borrow.borrow_mut ( * _2); + [#"../922.rs" 20 4 20 14] _2 <- { _2 with current = ^ _0 }; assume { resolve0 _6 }; assume { resolve0 _2 }; assume { resolve1 x0 }; @@ -158,12 +158,12 @@ module C922_F3 goto BB0 } BB0 { - _6 <- Borrow.borrow_mut ( * (let (_, a) = * x1 in a)); - x1 <- { x1 with current = (let (x0, x2) = * x1 in (x0, { (let (_, a) = * x1 in a) with current = ^ _6 })) }; - _2 <- Borrow.borrow_mut ( * _6); - _6 <- { _6 with current = ^ _2 }; - _0 <- Borrow.borrow_mut ( * _2); - _2 <- { _2 with current = ^ _0 }; + [#"../922.rs" 27 4 27 14] _6 <- Borrow.borrow_mut ( * (let (_, a) = * x1 in a)); + [#"../922.rs" 27 4 27 14] x1 <- { x1 with current = (let (x0, x2) = * x1 in (x0, { (let (_, a) = * x1 in a) with current = ^ _6 })) }; + [#"../922.rs" 27 4 27 14] _2 <- Borrow.borrow_mut ( * _6); + [#"../922.rs" 27 4 27 14] _6 <- { _6 with current = ^ _2 }; + [#"../922.rs" 27 4 27 14] _0 <- Borrow.borrow_mut ( * _2); + [#"../922.rs" 27 4 27 14] _2 <- { _2 with current = ^ _0 }; assume { resolve0 _6 }; assume { resolve0 _2 }; assume { resolve1 x1 }; @@ -199,12 +199,12 @@ module C922_F4 goto BB0 } BB0 { - _6 <- Borrow.borrow_mut ( * (let (_, a) = * x2 in a)); - x2 <- { x2 with current = (let (x0, x1) = * x2 in (x0, { (let (_, a) = * x2 in a) with current = ^ _6 })) }; - _2 <- Borrow.borrow_mut ( * _6); - _6 <- { _6 with current = ^ _2 }; - _0 <- Borrow.borrow_mut ( * _2); - _2 <- { _2 with current = ^ _0 }; + [#"../922.rs" 34 4 34 14] _6 <- Borrow.borrow_mut ( * (let (_, a) = * x2 in a)); + [#"../922.rs" 34 4 34 14] x2 <- { x2 with current = (let (x0, x1) = * x2 in (x0, { (let (_, a) = * x2 in a) with current = ^ _6 })) }; + [#"../922.rs" 34 4 34 14] _2 <- Borrow.borrow_mut ( * _6); + [#"../922.rs" 34 4 34 14] _6 <- { _6 with current = ^ _2 }; + [#"../922.rs" 34 4 34 14] _0 <- Borrow.borrow_mut ( * _2); + [#"../922.rs" 34 4 34 14] _2 <- { _2 with current = ^ _0 }; assume { resolve0 _6 }; assume { resolve0 _2 }; assume { resolve1 x2 }; diff --git a/creusot/tests/should_succeed/bug/box_borrow_resolve.mlcfg b/creusot/tests/should_succeed/bug/box_borrow_resolve.mlcfg index 86b2b668a1..42d88cc4fc 100644 --- a/creusot/tests/should_succeed/bug/box_borrow_resolve.mlcfg +++ b/creusot/tests/should_succeed/bug/box_borrow_resolve.mlcfg @@ -25,12 +25,12 @@ module BoxBorrowResolve_BorrowInBox goto BB0 } BB0 { - _4 <- Borrow.borrow_mut ( * x); - x <- { x with current = ^ _4 }; - _2 <- Borrow.borrow_mut ( * _4); - _4 <- { _4 with current = ^ _2 }; - _0 <- Borrow.borrow_mut ( * _2); - _2 <- { _2 with current = ^ _0 }; + [#"../box_borrow_resolve.rs" 7 4 7 12] _4 <- Borrow.borrow_mut ( * x); + [#"../box_borrow_resolve.rs" 7 4 7 12] x <- { x with current = ^ _4 }; + [#"../box_borrow_resolve.rs" 7 4 7 12] _2 <- Borrow.borrow_mut ( * _4); + [#"../box_borrow_resolve.rs" 7 4 7 12] _4 <- { _4 with current = ^ _2 }; + [#"../box_borrow_resolve.rs" 7 4 7 12] _0 <- Borrow.borrow_mut ( * _2); + [#"../box_borrow_resolve.rs" 7 4 7 12] _2 <- { _2 with current = ^ _0 }; assume { resolve0 _4 }; assume { resolve0 _2 }; goto BB1 diff --git a/creusot/tests/should_succeed/bug/eq_panic.mlcfg b/creusot/tests/should_succeed/bug/eq_panic.mlcfg index d0c0ec1d36..a8f4a43c2c 100644 --- a/creusot/tests/should_succeed/bug/eq_panic.mlcfg +++ b/creusot/tests/should_succeed/bug/eq_panic.mlcfg @@ -9,7 +9,7 @@ module EqPanic_Omg val inv1 (_x : t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../eq_panic.rs" 1 0 1 0] forall x : t . inv1 x = true + axiom inv1 : forall x : t . inv1 x = true predicate invariant0 (self : t) val invariant0 (self : t) : bool ensures { result = invariant0 self } @@ -18,7 +18,7 @@ module EqPanic_Omg val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../eq_panic.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true use prelude.Borrow predicate resolve0 (self : t) val resolve0 (self : t) : bool @@ -56,7 +56,7 @@ module EqPanic_Omg goto BB0 } BB0 { - _0 <- ([#"../eq_panic.rs" 7 4 7 10] eq0 ([#"../eq_panic.rs" 7 4 7 5] x) ([#"../eq_panic.rs" 7 9 7 10] y)); + [#"../eq_panic.rs" 7 4 7 10] _0 <- ([#"../eq_panic.rs" 7 4 7 10] eq0 ([#"../eq_panic.rs" 7 4 7 5] x) ([#"../eq_panic.rs" 7 9 7 10] y)); goto BB1 } BB1 { diff --git a/creusot/tests/should_succeed/bug/minus_assoc.mlcfg b/creusot/tests/should_succeed/bug/minus_assoc.mlcfg index d68cbef729..be93d0ef42 100644 --- a/creusot/tests/should_succeed/bug/minus_assoc.mlcfg +++ b/creusot/tests/should_succeed/bug/minus_assoc.mlcfg @@ -10,7 +10,7 @@ module MinusAssoc_F goto BB0 } BB0 { - _0 <- ([#"../minus_assoc.rs" 6 11 6 13] ()); + [#"../minus_assoc.rs" 6 11 6 13] _0 <- ([#"../minus_assoc.rs" 6 11 6 13] ()); return _0 } diff --git a/creusot/tests/should_succeed/bug/two_phase.mlcfg b/creusot/tests/should_succeed/bug/two_phase.mlcfg index 904675f95b..bcdb705ee9 100644 --- a/creusot/tests/should_succeed/bug/two_phase.mlcfg +++ b/creusot/tests/should_succeed/bug/two_phase.mlcfg @@ -50,7 +50,7 @@ module TwoPhase_Test val inv4 (_x : Seq.seq usize) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../two_phase.rs" 1 0 1 0] forall x : Seq.seq usize . inv4 x = true + axiom inv4 : forall x : Seq.seq usize . inv4 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -73,7 +73,7 @@ module TwoPhase_Test val invariant3 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../two_phase.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv3 x = true + axiom inv3 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv3 x = true predicate invariant2 (self : usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : usize) : bool @@ -83,7 +83,7 @@ module TwoPhase_Test val inv2 (_x : usize) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../two_phase.rs" 1 0 1 0] forall x : usize . inv2 x = true + axiom inv2 : forall x : usize . inv2 x = true use prelude.Borrow predicate invariant1 (self : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -94,7 +94,7 @@ module TwoPhase_Test val inv1 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../two_phase.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv1 x = true + axiom inv1 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv1 x = true predicate invariant0 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool @@ -104,7 +104,7 @@ module TwoPhase_Test val inv0 (_x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../two_phase.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use seq.Seq function index_logic0 [@inline:trivial] (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (ix : int) : usize @@ -153,20 +153,20 @@ module TwoPhase_Test goto BB0 } BB0 { - _4 <- Borrow.borrow_mut ( * v); - v <- { v with current = ^ _4 }; - _5 <- ([#"../two_phase.rs" 7 11 7 18] len0 ([#"../two_phase.rs" 7 11 7 18] * _4)); + [#"../two_phase.rs" 7 4 7 19] _4 <- Borrow.borrow_mut ( * v); + [#"../two_phase.rs" 7 4 7 19] v <- { v with current = ^ _4 }; + [#"../two_phase.rs" 7 11 7 18] _5 <- ([#"../two_phase.rs" 7 11 7 18] len0 ([#"../two_phase.rs" 7 11 7 18] * _4)); goto BB1 } BB1 { - _3 <- ([#"../two_phase.rs" 7 4 7 19] push0 _4 _5); + [#"../two_phase.rs" 7 4 7 19] _3 <- ([#"../two_phase.rs" 7 4 7 19] push0 _4 _5); _4 <- any borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)); _5 <- any usize; goto BB2 } BB2 { assume { resolve0 v }; - _0 <- ([#"../two_phase.rs" 6 32 8 1] ()); + [#"../two_phase.rs" 6 32 8 1] _0 <- ([#"../two_phase.rs" 6 32 8 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/cell/01.mlcfg b/creusot/tests/should_succeed/cell/01.mlcfg index 8dd4452cc5..95bdc39bff 100644 --- a/creusot/tests/should_succeed/cell/01.mlcfg +++ b/creusot/tests/should_succeed/cell/01.mlcfg @@ -38,7 +38,7 @@ module C01_AddsTwo val inv2 (_x : uint32) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../01.rs" 1 0 1 0] forall x : uint32 . inv2 x = true + axiom inv2 : forall x : uint32 . inv2 x = true use C01_Even_Type as C01_Even_Type use C01_Cell_Type as C01_Cell_Type predicate invariant0 (self : C01_Cell_Type.t_cell uint32 (C01_Even_Type.t_even)) = @@ -50,7 +50,7 @@ module C01_AddsTwo val inv0 (_x : C01_Cell_Type.t_cell uint32 (C01_Even_Type.t_even)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../01.rs" 1 0 1 0] forall x : C01_Cell_Type.t_cell uint32 (C01_Even_Type.t_even) . inv0 x = true + axiom inv0 : forall x : C01_Cell_Type.t_cell uint32 (C01_Even_Type.t_even) . inv0 x = true use prelude.Borrow use prelude.Int predicate inv1 [#"../01.rs" 35 4 35 26] (x : uint32) = @@ -80,29 +80,29 @@ module C01_AddsTwo goto BB0 } BB0 { - v <- ([#"../01.rs" 41 12 41 19] get0 ([#"../01.rs" 41 12 41 19] c)); + [#"../01.rs" 41 12 41 19] v <- ([#"../01.rs" 41 12 41 19] get0 ([#"../01.rs" 41 12 41 19] c)); goto BB1 } BB1 { - switch ([#"../01.rs" 43 7 43 17] v < ([#"../01.rs" 43 11 43 17] [#"../01.rs" 43 11 43 17] (100000 : uint32))) + switch ([#"../01.rs" 43 7 43 17] ([#"../01.rs" 43 7 43 8] v) < ([#"../01.rs" 43 11 43 17] [#"../01.rs" 43 11 43 17] (100000 : uint32))) | False -> goto BB4 | True -> goto BB2 end } BB2 { - _6 <- ([#"../01.rs" 44 8 44 20] set0 ([#"../01.rs" 44 8 44 20] c) ([#"../01.rs" 44 14 44 19] v + ([#"../01.rs" 44 18 44 19] [#"../01.rs" 44 18 44 19] (2 : uint32)))); + [#"../01.rs" 44 8 44 20] _6 <- ([#"../01.rs" 44 8 44 20] set0 ([#"../01.rs" 44 8 44 20] c) ([#"../01.rs" 44 14 44 19] ([#"../01.rs" 44 14 44 15] v) + ([#"../01.rs" 44 18 44 19] [#"../01.rs" 44 18 44 19] (2 : uint32)))); goto BB3 } BB3 { - _0 <- ([#"../01.rs" 43 18 45 5] ()); + [#"../01.rs" 43 18 45 5] _0 <- ([#"../01.rs" 43 18 45 5] ()); goto BB6 } BB4 { - _10 <- ([#"../01.rs" 46 8 46 16] set0 ([#"../01.rs" 46 8 46 16] c) ([#"../01.rs" 46 14 46 15] [#"../01.rs" 46 14 46 15] (0 : uint32))); + [#"../01.rs" 46 8 46 16] _10 <- ([#"../01.rs" 46 8 46 16] set0 ([#"../01.rs" 46 8 46 16] c) ([#"../01.rs" 46 14 46 15] [#"../01.rs" 46 14 46 15] (0 : uint32))); goto BB5 } BB5 { - _0 <- ([#"../01.rs" 45 11 47 5] ()); + [#"../01.rs" 45 11 47 5] _0 <- ([#"../01.rs" 45 11 47 5] ()); goto BB6 } BB6 { diff --git a/creusot/tests/should_succeed/cell/02.mlcfg b/creusot/tests/should_succeed/cell/02.mlcfg index 6fd39370b6..34a8157ac8 100644 --- a/creusot/tests/should_succeed/cell/02.mlcfg +++ b/creusot/tests/should_succeed/cell/02.mlcfg @@ -130,7 +130,7 @@ module C02_FibMemo val inv6 (_x : Seq.seq (C02_Cell_Type.t_cell (Core_Option_Option_Type.t_option usize) (C02_Fib_Type.t_fib))) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../02.rs" 1 0 1 0] forall x : Seq.seq (C02_Cell_Type.t_cell (Core_Option_Option_Type.t_option usize) (C02_Fib_Type.t_fib)) . inv6 x = true + axiom inv6 : forall x : Seq.seq (C02_Cell_Type.t_cell (Core_Option_Option_Type.t_option usize) (C02_Fib_Type.t_fib)) . inv6 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -157,7 +157,7 @@ module C02_FibMemo val invariant4 (self : Alloc_Vec_Vec_Type.t_vec (C02_Cell_Type.t_cell (Core_Option_Option_Type.t_option usize) (C02_Fib_Type.t_fib)) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant4 self } - axiom inv5 : [#"../02.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (C02_Cell_Type.t_cell (Core_Option_Option_Type.t_option usize) (C02_Fib_Type.t_fib)) (Alloc_Alloc_Global_Type.t_global) . inv5 x = true + axiom inv5 : forall x : Alloc_Vec_Vec_Type.t_vec (C02_Cell_Type.t_cell (Core_Option_Option_Type.t_option usize) (C02_Fib_Type.t_fib)) (Alloc_Alloc_Global_Type.t_global) . inv5 x = true predicate invariant3 (self : Core_Option_Option_Type.t_option usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : Core_Option_Option_Type.t_option usize) : bool @@ -167,7 +167,7 @@ module C02_FibMemo val inv4 (_x : Core_Option_Option_Type.t_option usize) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../02.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option usize . inv4 x = true + axiom inv4 : forall x : Core_Option_Option_Type.t_option usize . inv4 x = true predicate invariant2 (self : C02_Cell_Type.t_cell (Core_Option_Option_Type.t_option usize) (C02_Fib_Type.t_fib)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : C02_Cell_Type.t_cell (Core_Option_Option_Type.t_option usize) (C02_Fib_Type.t_fib)) : bool @@ -177,7 +177,7 @@ module C02_FibMemo val inv2 (_x : C02_Cell_Type.t_cell (Core_Option_Option_Type.t_option usize) (C02_Fib_Type.t_fib)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../02.rs" 1 0 1 0] forall x : C02_Cell_Type.t_cell (Core_Option_Option_Type.t_option usize) (C02_Fib_Type.t_fib) . inv2 x = true + axiom inv2 : forall x : C02_Cell_Type.t_cell (Core_Option_Option_Type.t_option usize) (C02_Fib_Type.t_fib) . inv2 x = true predicate invariant1 (self : usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : usize) : bool @@ -187,7 +187,7 @@ module C02_FibMemo val inv1 (_x : usize) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../02.rs" 1 0 1 0] forall x : usize . inv1 x = true + axiom inv1 : forall x : usize . inv1 x = true predicate invariant0 (self : Alloc_Vec_Vec_Type.t_vec (C02_Cell_Type.t_cell (Core_Option_Option_Type.t_option usize) (C02_Fib_Type.t_fib)) (Alloc_Alloc_Global_Type.t_global)) = @@ -200,7 +200,7 @@ module C02_FibMemo val inv0 (_x : Alloc_Vec_Vec_Type.t_vec (C02_Cell_Type.t_cell (Core_Option_Option_Type.t_option usize) (C02_Fib_Type.t_fib)) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../02.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (C02_Cell_Type.t_cell (Core_Option_Option_Type.t_option usize) (C02_Fib_Type.t_fib)) (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec (C02_Cell_Type.t_cell (Core_Option_Option_Type.t_option usize) (C02_Fib_Type.t_fib)) (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use prelude.Borrow function shallow_model1 (self : Alloc_Vec_Vec_Type.t_vec (C02_Cell_Type.t_cell (Core_Option_Option_Type.t_option usize) (C02_Fib_Type.t_fib)) (Alloc_Alloc_Global_Type.t_global)) : Seq.seq (C02_Cell_Type.t_cell (Core_Option_Option_Type.t_option usize) (C02_Fib_Type.t_fib)) @@ -318,11 +318,11 @@ module C02_FibMemo goto BB0 } BB0 { - _9 <- ([#"../02.rs" 96 10 96 16] index0 ([#"../02.rs" 96 10 96 13] mem) i); + [#"../02.rs" 96 10 96 16] _9 <- ([#"../02.rs" 96 10 96 16] index0 ([#"../02.rs" 96 10 96 13] mem) ([#"../02.rs" 96 14 96 15] i)); goto BB1 } BB1 { - _7 <- ([#"../02.rs" 96 10 96 22] get0 ([#"../02.rs" 96 10 96 22] _9)); + [#"../02.rs" 96 10 96 22] _7 <- ([#"../02.rs" 96 10 96 22] get0 ([#"../02.rs" 96 10 96 22] _9)); goto BB2 } BB2 { @@ -332,7 +332,7 @@ module C02_FibMemo end } BB3 { - switch ([#"../02.rs" 99 27 99 33] i = ([#"../02.rs" 99 32 99 33] [#"../02.rs" 99 32 99 33] (0 : usize))) + switch ([#"../02.rs" 99 27 99 33] ([#"../02.rs" 99 27 99 28] i) = ([#"../02.rs" 99 32 99 33] [#"../02.rs" 99 32 99 33] (0 : usize))) | False -> goto BB8 | True -> goto BB7 end @@ -341,45 +341,46 @@ module C02_FibMemo goto BB6 } BB5 { + assert { [#"../02.rs" 96 10 96 22] false }; absurd } BB6 { - v <- Core_Option_Option_Type.some_0 _7; - _0 <- v; + [#"../02.rs" 97 13 97 14] v <- ([#"../02.rs" 97 13 97 14] Core_Option_Option_Type.some_0 _7); + [#"../02.rs" 97 19 97 20] _0 <- ([#"../02.rs" 97 19 97 20] v); goto BB19 } BB7 { - fib_i <- ([#"../02.rs" 100 16 100 17] [#"../02.rs" 100 16 100 17] (0 : usize)); + [#"../02.rs" 100 16 100 17] fib_i <- ([#"../02.rs" 100 16 100 17] [#"../02.rs" 100 16 100 17] (0 : usize)); goto BB16 } BB8 { - switch ([#"../02.rs" 101 22 101 28] i = ([#"../02.rs" 101 27 101 28] [#"../02.rs" 101 27 101 28] (1 : usize))) + switch ([#"../02.rs" 101 22 101 28] ([#"../02.rs" 101 22 101 23] i) = ([#"../02.rs" 101 27 101 28] [#"../02.rs" 101 27 101 28] (1 : usize))) | False -> goto BB10 | True -> goto BB9 end } BB9 { - fib_i <- ([#"../02.rs" 102 16 102 17] [#"../02.rs" 102 16 102 17] (1 : usize)); + [#"../02.rs" 102 16 102 17] fib_i <- ([#"../02.rs" 102 16 102 17] [#"../02.rs" 102 16 102 17] (1 : usize)); goto BB15 } BB10 { - _19 <- ([#"../02.rs" 104 16 104 37] Ghost.new ()); + [#"../02.rs" 104 16 104 37] _19 <- ([#"../02.rs" 104 16 104 37] Ghost.new ()); goto BB11 } BB11 { - _21 <- ([#"../02.rs" 105 16 105 39] Ghost.new ()); + [#"../02.rs" 105 16 105 39] _21 <- ([#"../02.rs" 105 16 105 39] Ghost.new ()); goto BB12 } BB12 { - _23 <- ([#"../02.rs" 106 16 106 36] fib_memo ([#"../02.rs" 106 25 106 28] mem) ([#"../02.rs" 106 30 106 35] i - ([#"../02.rs" 106 34 106 35] [#"../02.rs" 106 34 106 35] (1 : usize)))); + [#"../02.rs" 106 16 106 36] _23 <- ([#"../02.rs" 106 16 106 36] fib_memo ([#"../02.rs" 106 25 106 28] mem) ([#"../02.rs" 106 30 106 35] ([#"../02.rs" 106 30 106 31] i) - ([#"../02.rs" 106 34 106 35] [#"../02.rs" 106 34 106 35] (1 : usize)))); goto BB13 } BB13 { - _27 <- ([#"../02.rs" 106 39 106 59] fib_memo ([#"../02.rs" 106 48 106 51] mem) ([#"../02.rs" 106 53 106 58] i - ([#"../02.rs" 106 57 106 58] [#"../02.rs" 106 57 106 58] (2 : usize)))); + [#"../02.rs" 106 39 106 59] _27 <- ([#"../02.rs" 106 39 106 59] fib_memo ([#"../02.rs" 106 48 106 51] mem) ([#"../02.rs" 106 53 106 58] ([#"../02.rs" 106 53 106 54] i) - ([#"../02.rs" 106 57 106 58] [#"../02.rs" 106 57 106 58] (2 : usize)))); goto BB14 } BB14 { - fib_i <- ([#"../02.rs" 106 16 106 59] _23 + _27); + [#"../02.rs" 106 16 106 59] fib_i <- ([#"../02.rs" 106 16 106 59] _23 + _27); _23 <- any usize; _27 <- any usize; goto BB15 @@ -389,15 +390,15 @@ module C02_FibMemo } BB16 { assert { [@expl:assertion] [#"../02.rs" 108 28 108 45] UIntSize.to_int fib_i = fib0 (UIntSize.to_int i) }; - _35 <- ([#"../02.rs" 109 12 109 18] index0 ([#"../02.rs" 109 12 109 15] mem) i); + [#"../02.rs" 109 12 109 18] _35 <- ([#"../02.rs" 109 12 109 18] index0 ([#"../02.rs" 109 12 109 15] mem) ([#"../02.rs" 109 16 109 17] i)); goto BB17 } BB17 { - _33 <- ([#"../02.rs" 109 12 109 35] set0 ([#"../02.rs" 109 12 109 35] _35) ([#"../02.rs" 109 23 109 34] Core_Option_Option_Type.C_Some fib_i)); + [#"../02.rs" 109 12 109 35] _33 <- ([#"../02.rs" 109 12 109 35] set0 ([#"../02.rs" 109 12 109 35] _35) ([#"../02.rs" 109 23 109 34] Core_Option_Option_Type.C_Some ([#"../02.rs" 109 28 109 33] fib_i))); goto BB18 } BB18 { - _0 <- fib_i; + [#"../02.rs" 110 12 110 17] _0 <- ([#"../02.rs" 110 12 110 17] fib_i); goto BB19 } BB19 { diff --git a/creusot/tests/should_succeed/checked_ops.mlcfg b/creusot/tests/should_succeed/checked_ops.mlcfg index 15b3da0a66..26dc911005 100644 --- a/creusot/tests/should_succeed/checked_ops.mlcfg +++ b/creusot/tests/should_succeed/checked_ops.mlcfg @@ -17,7 +17,7 @@ module CheckedOps_TestU8AddExample val inv2 (_x : Core_Option_Option_Type.t_option uint8) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option uint8 . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option uint8 . inv2 x = true predicate invariant1 (self : uint8) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : uint8) : bool @@ -27,7 +27,7 @@ module CheckedOps_TestU8AddExample val inv1 (_x : uint8) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../checked_ops.rs" 1 0 1 0] forall x : uint8 . inv1 x = true + axiom inv1 : forall x : uint8 . inv1 x = true predicate invariant0 (self : Core_Option_Option_Type.t_option uint8) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : Core_Option_Option_Type.t_option uint8) : bool @@ -37,7 +37,7 @@ module CheckedOps_TestU8AddExample val inv0 (_x : Core_Option_Option_Type.t_option uint8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true use prelude.Bool predicate resolve2 (self : bool) = [#"../../../../creusot-contracts/src/resolve.rs" 45 8 45 12] true @@ -119,11 +119,11 @@ module CheckedOps_TestU8AddExample goto BB0 } BB0 { - _5 <- ([#"../checked_ops.rs" 6 12 6 31] checked_add0 ([#"../checked_ops.rs" 6 12 6 15] [#"../checked_ops.rs" 6 12 6 15] (5 : uint8)) ([#"../checked_ops.rs" 6 28 6 30] [#"../checked_ops.rs" 6 28 6 30] (10 : uint8))); + [#"../checked_ops.rs" 6 12 6 31] _5 <- ([#"../checked_ops.rs" 6 12 6 31] checked_add0 ([#"../checked_ops.rs" 6 12 6 15] [#"../checked_ops.rs" 6 12 6 15] (5 : uint8)) ([#"../checked_ops.rs" 6 28 6 30] [#"../checked_ops.rs" 6 28 6 30] (10 : uint8))); goto BB1 } BB1 { - _4 <- ([#"../checked_ops.rs" 6 12 6 40] unwrap0 _5); + [#"../checked_ops.rs" 6 12 6 40] _4 <- ([#"../checked_ops.rs" 6 12 6 40] unwrap0 _5); _5 <- any Core_Option_Option_Type.t_option uint8; goto BB2 } @@ -134,14 +134,15 @@ module CheckedOps_TestU8AddExample end } BB3 { + assert { [#"../checked_ops.rs" 6 4 6 47] false }; absurd } BB4 { - _11 <- ([#"../checked_ops.rs" 7 12 7 33] checked_add0 ([#"../checked_ops.rs" 7 12 7 17] [#"../checked_ops.rs" 7 12 7 17] (250 : uint8)) ([#"../checked_ops.rs" 7 30 7 32] [#"../checked_ops.rs" 7 30 7 32] (10 : uint8))); + [#"../checked_ops.rs" 7 12 7 33] _11 <- ([#"../checked_ops.rs" 7 12 7 33] checked_add0 ([#"../checked_ops.rs" 7 12 7 17] [#"../checked_ops.rs" 7 12 7 17] (250 : uint8)) ([#"../checked_ops.rs" 7 30 7 32] [#"../checked_ops.rs" 7 30 7 32] (10 : uint8))); goto BB5 } BB5 { - _9 <- ([#"../checked_ops.rs" 7 12 7 43] is_none0 ([#"../checked_ops.rs" 7 12 7 43] _11)); + [#"../checked_ops.rs" 7 12 7 43] _9 <- ([#"../checked_ops.rs" 7 12 7 43] is_none0 ([#"../checked_ops.rs" 7 12 7 43] _11)); goto BB6 } BB6 { @@ -151,10 +152,11 @@ module CheckedOps_TestU8AddExample end } BB7 { + assert { [#"../checked_ops.rs" 7 4 7 44] false }; absurd } BB8 { - _16 <- ([#"../checked_ops.rs" 9 12 9 32] wrapping_add0 ([#"../checked_ops.rs" 9 12 9 15] [#"../checked_ops.rs" 9 12 9 15] (5 : uint8)) ([#"../checked_ops.rs" 9 29 9 31] [#"../checked_ops.rs" 9 29 9 31] (10 : uint8))); + [#"../checked_ops.rs" 9 12 9 32] _16 <- ([#"../checked_ops.rs" 9 12 9 32] wrapping_add0 ([#"../checked_ops.rs" 9 12 9 15] [#"../checked_ops.rs" 9 12 9 15] (5 : uint8)) ([#"../checked_ops.rs" 9 29 9 31] [#"../checked_ops.rs" 9 29 9 31] (10 : uint8))); goto BB9 } BB9 { @@ -164,10 +166,11 @@ module CheckedOps_TestU8AddExample end } BB10 { + assert { [#"../checked_ops.rs" 9 4 9 39] false }; absurd } BB11 { - _21 <- ([#"../checked_ops.rs" 10 12 10 34] wrapping_add0 ([#"../checked_ops.rs" 10 12 10 17] [#"../checked_ops.rs" 10 12 10 17] (250 : uint8)) ([#"../checked_ops.rs" 10 31 10 33] [#"../checked_ops.rs" 10 31 10 33] (10 : uint8))); + [#"../checked_ops.rs" 10 12 10 34] _21 <- ([#"../checked_ops.rs" 10 12 10 34] wrapping_add0 ([#"../checked_ops.rs" 10 12 10 17] [#"../checked_ops.rs" 10 12 10 17] (250 : uint8)) ([#"../checked_ops.rs" 10 31 10 33] [#"../checked_ops.rs" 10 31 10 33] (10 : uint8))); goto BB12 } BB12 { @@ -177,10 +180,11 @@ module CheckedOps_TestU8AddExample end } BB13 { + assert { [#"../checked_ops.rs" 10 4 10 40] false }; absurd } BB14 { - _26 <- ([#"../checked_ops.rs" 12 12 12 34] saturating_add0 ([#"../checked_ops.rs" 12 12 12 15] [#"../checked_ops.rs" 12 12 12 15] (5 : uint8)) ([#"../checked_ops.rs" 12 31 12 33] [#"../checked_ops.rs" 12 31 12 33] (10 : uint8))); + [#"../checked_ops.rs" 12 12 12 34] _26 <- ([#"../checked_ops.rs" 12 12 12 34] saturating_add0 ([#"../checked_ops.rs" 12 12 12 15] [#"../checked_ops.rs" 12 12 12 15] (5 : uint8)) ([#"../checked_ops.rs" 12 31 12 33] [#"../checked_ops.rs" 12 31 12 33] (10 : uint8))); goto BB15 } BB15 { @@ -190,10 +194,11 @@ module CheckedOps_TestU8AddExample end } BB16 { + assert { [#"../checked_ops.rs" 12 4 12 41] false }; absurd } BB17 { - _31 <- ([#"../checked_ops.rs" 13 12 13 36] saturating_add0 ([#"../checked_ops.rs" 13 12 13 17] [#"../checked_ops.rs" 13 12 13 17] (250 : uint8)) ([#"../checked_ops.rs" 13 33 13 35] [#"../checked_ops.rs" 13 33 13 35] (10 : uint8))); + [#"../checked_ops.rs" 13 12 13 36] _31 <- ([#"../checked_ops.rs" 13 12 13 36] saturating_add0 ([#"../checked_ops.rs" 13 12 13 17] [#"../checked_ops.rs" 13 12 13 17] (250 : uint8)) ([#"../checked_ops.rs" 13 33 13 35] [#"../checked_ops.rs" 13 33 13 35] (10 : uint8))); goto BB18 } BB18 { @@ -203,26 +208,27 @@ module CheckedOps_TestU8AddExample end } BB19 { + assert { [#"../checked_ops.rs" 13 4 13 44] false }; absurd } BB20 { - res <- ([#"../checked_ops.rs" 15 14 15 37] overflowing_add0 ([#"../checked_ops.rs" 15 14 15 17] [#"../checked_ops.rs" 15 14 15 17] (5 : uint8)) ([#"../checked_ops.rs" 15 34 15 36] [#"../checked_ops.rs" 15 34 15 36] (10 : uint8))); + [#"../checked_ops.rs" 15 14 15 37] res <- ([#"../checked_ops.rs" 15 14 15 37] overflowing_add0 ([#"../checked_ops.rs" 15 14 15 17] [#"../checked_ops.rs" 15 14 15 17] (5 : uint8)) ([#"../checked_ops.rs" 15 34 15 36] [#"../checked_ops.rs" 15 34 15 36] (10 : uint8))); goto BB21 } BB21 { - switch ([#"../checked_ops.rs" 16 12 16 23] (let (a, _) = res in a) = ([#"../checked_ops.rs" 16 21 16 23] [#"../checked_ops.rs" 16 21 16 23] (15 : uint8))) + switch ([#"../checked_ops.rs" 16 12 16 23] ([#"../checked_ops.rs" 16 12 16 17] let (a, _) = res in a) = ([#"../checked_ops.rs" 16 21 16 23] [#"../checked_ops.rs" 16 21 16 23] (15 : uint8))) | False -> goto BB22 | True -> goto BB23 end } BB22 { assume { resolve0 res }; - _36 <- ([#"../checked_ops.rs" 16 12 16 41] [#"../checked_ops.rs" 16 12 16 41] false); + [#"../checked_ops.rs" 16 12 16 41] _36 <- ([#"../checked_ops.rs" 16 12 16 41] [#"../checked_ops.rs" 16 12 16 41] false); goto BB24 } BB23 { assume { resolve0 res }; - _36 <- ([#"../checked_ops.rs" 16 27 16 41] Bool.eqb (let (_, a) = res in a) ([#"../checked_ops.rs" 16 36 16 41] [#"../checked_ops.rs" 16 36 16 41] false)); + [#"../checked_ops.rs" 16 12 16 41] _36 <- ([#"../checked_ops.rs" 16 27 16 41] Bool.eqb ([#"../checked_ops.rs" 16 27 16 32] let (_, a) = res in a) ([#"../checked_ops.rs" 16 36 16 41] [#"../checked_ops.rs" 16 36 16 41] false)); goto BB24 } BB24 { @@ -232,26 +238,27 @@ module CheckedOps_TestU8AddExample end } BB25 { + assert { [#"../checked_ops.rs" 16 4 16 42] false }; absurd } BB26 { - res1 <- ([#"../checked_ops.rs" 17 14 17 39] overflowing_add0 ([#"../checked_ops.rs" 17 14 17 19] [#"../checked_ops.rs" 17 14 17 19] (250 : uint8)) ([#"../checked_ops.rs" 17 36 17 38] [#"../checked_ops.rs" 17 36 17 38] (10 : uint8))); + [#"../checked_ops.rs" 17 14 17 39] res1 <- ([#"../checked_ops.rs" 17 14 17 39] overflowing_add0 ([#"../checked_ops.rs" 17 14 17 19] [#"../checked_ops.rs" 17 14 17 19] (250 : uint8)) ([#"../checked_ops.rs" 17 36 17 38] [#"../checked_ops.rs" 17 36 17 38] (10 : uint8))); goto BB27 } BB27 { - switch ([#"../checked_ops.rs" 18 12 18 22] (let (a, _) = res1 in a) = ([#"../checked_ops.rs" 18 21 18 22] [#"../checked_ops.rs" 18 21 18 22] (4 : uint8))) + switch ([#"../checked_ops.rs" 18 12 18 22] ([#"../checked_ops.rs" 18 12 18 17] let (a, _) = res1 in a) = ([#"../checked_ops.rs" 18 21 18 22] [#"../checked_ops.rs" 18 21 18 22] (4 : uint8))) | False -> goto BB28 | True -> goto BB29 end } BB28 { assume { resolve0 res1 }; - _45 <- ([#"../checked_ops.rs" 18 12 18 39] [#"../checked_ops.rs" 18 12 18 39] false); + [#"../checked_ops.rs" 18 12 18 39] _45 <- ([#"../checked_ops.rs" 18 12 18 39] [#"../checked_ops.rs" 18 12 18 39] false); goto BB30 } BB29 { assume { resolve0 res1 }; - _45 <- ([#"../checked_ops.rs" 18 26 18 39] Bool.eqb (let (_, a) = res1 in a) ([#"../checked_ops.rs" 18 35 18 39] [#"../checked_ops.rs" 18 35 18 39] true)); + [#"../checked_ops.rs" 18 12 18 39] _45 <- ([#"../checked_ops.rs" 18 26 18 39] Bool.eqb ([#"../checked_ops.rs" 18 26 18 31] let (_, a) = res1 in a) ([#"../checked_ops.rs" 18 35 18 39] [#"../checked_ops.rs" 18 35 18 39] true)); goto BB30 } BB30 { @@ -261,10 +268,11 @@ module CheckedOps_TestU8AddExample end } BB31 { + assert { [#"../checked_ops.rs" 18 4 18 40] false }; absurd } BB32 { - _0 <- ([#"../checked_ops.rs" 5 29 19 1] ()); + [#"../checked_ops.rs" 5 29 19 1] _0 <- ([#"../checked_ops.rs" 5 29 19 1] ()); return _0 } @@ -281,7 +289,7 @@ module CheckedOps_TestU8AddOverflow val inv0 (_x : Core_Option_Option_Type.t_option uint8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true use prelude.UInt8 use prelude.Bool predicate resolve2 (self : bool) = @@ -353,11 +361,11 @@ module CheckedOps_TestU8AddOverflow goto BB0 } BB0 { - _7 <- ([#"../checked_ops.rs" 24 12 24 32] checked_add0 ([#"../checked_ops.rs" 24 12 24 17] [#"../checked_ops.rs" 24 12 24 17] (255 : uint8)) a); + [#"../checked_ops.rs" 24 12 24 32] _7 <- ([#"../checked_ops.rs" 24 12 24 32] checked_add0 ([#"../checked_ops.rs" 24 12 24 17] [#"../checked_ops.rs" 24 12 24 17] (255 : uint8)) ([#"../checked_ops.rs" 24 30 24 31] a)); goto BB1 } BB1 { - _5 <- ([#"../checked_ops.rs" 24 12 24 42] is_none0 ([#"../checked_ops.rs" 24 12 24 42] _7)); + [#"../checked_ops.rs" 24 12 24 42] _5 <- ([#"../checked_ops.rs" 24 12 24 42] is_none0 ([#"../checked_ops.rs" 24 12 24 42] _7)); goto BB2 } BB2 { @@ -367,23 +375,25 @@ module CheckedOps_TestU8AddOverflow end } BB3 { + assert { [#"../checked_ops.rs" 24 4 24 43] false }; absurd } BB4 { - _13 <- ([#"../checked_ops.rs" 25 12 25 33] wrapping_add0 ([#"../checked_ops.rs" 25 12 25 17] [#"../checked_ops.rs" 25 12 25 17] (255 : uint8)) a); + [#"../checked_ops.rs" 25 12 25 33] _13 <- ([#"../checked_ops.rs" 25 12 25 33] wrapping_add0 ([#"../checked_ops.rs" 25 12 25 17] [#"../checked_ops.rs" 25 12 25 17] (255 : uint8)) ([#"../checked_ops.rs" 25 31 25 32] a)); goto BB5 } BB5 { - switch ([#"../checked_ops.rs" 25 4 25 43] not ([#"../checked_ops.rs" 25 12 25 42] _13 = ([#"../checked_ops.rs" 25 37 25 42] a - ([#"../checked_ops.rs" 25 41 25 42] [#"../checked_ops.rs" 25 41 25 42] (1 : uint8))))) + switch ([#"../checked_ops.rs" 25 4 25 43] not ([#"../checked_ops.rs" 25 12 25 42] _13 = ([#"../checked_ops.rs" 25 37 25 42] ([#"../checked_ops.rs" 25 37 25 38] a) - ([#"../checked_ops.rs" 25 41 25 42] [#"../checked_ops.rs" 25 41 25 42] (1 : uint8))))) | False -> goto BB7 | True -> goto BB6 end } BB6 { + assert { [#"../checked_ops.rs" 25 4 25 43] false }; absurd } BB7 { - _21 <- ([#"../checked_ops.rs" 26 12 26 35] saturating_add0 ([#"../checked_ops.rs" 26 12 26 17] [#"../checked_ops.rs" 26 12 26 17] (255 : uint8)) a); + [#"../checked_ops.rs" 26 12 26 35] _21 <- ([#"../checked_ops.rs" 26 12 26 35] saturating_add0 ([#"../checked_ops.rs" 26 12 26 17] [#"../checked_ops.rs" 26 12 26 17] (255 : uint8)) ([#"../checked_ops.rs" 26 33 26 34] a)); goto BB8 } BB8 { @@ -393,26 +403,27 @@ module CheckedOps_TestU8AddOverflow end } BB9 { + assert { [#"../checked_ops.rs" 26 4 26 43] false }; absurd } BB10 { - res <- ([#"../checked_ops.rs" 27 14 27 38] overflowing_add0 ([#"../checked_ops.rs" 27 14 27 19] [#"../checked_ops.rs" 27 14 27 19] (255 : uint8)) a); + [#"../checked_ops.rs" 27 14 27 38] res <- ([#"../checked_ops.rs" 27 14 27 38] overflowing_add0 ([#"../checked_ops.rs" 27 14 27 19] [#"../checked_ops.rs" 27 14 27 19] (255 : uint8)) ([#"../checked_ops.rs" 27 36 27 37] a)); goto BB11 } BB11 { - switch ([#"../checked_ops.rs" 28 12 28 26] (let (a, _) = res in a) = ([#"../checked_ops.rs" 28 21 28 26] a - ([#"../checked_ops.rs" 28 25 28 26] [#"../checked_ops.rs" 28 25 28 26] (1 : uint8)))) + switch ([#"../checked_ops.rs" 28 12 28 26] ([#"../checked_ops.rs" 28 12 28 17] let (a, _) = res in a) = ([#"../checked_ops.rs" 28 21 28 26] ([#"../checked_ops.rs" 28 21 28 22] a) - ([#"../checked_ops.rs" 28 25 28 26] [#"../checked_ops.rs" 28 25 28 26] (1 : uint8)))) | False -> goto BB12 | True -> goto BB13 end } BB12 { assume { resolve0 res }; - _28 <- ([#"../checked_ops.rs" 28 12 28 43] [#"../checked_ops.rs" 28 12 28 43] false); + [#"../checked_ops.rs" 28 12 28 43] _28 <- ([#"../checked_ops.rs" 28 12 28 43] [#"../checked_ops.rs" 28 12 28 43] false); goto BB14 } BB13 { assume { resolve0 res }; - _28 <- ([#"../checked_ops.rs" 28 30 28 43] Bool.eqb (let (_, a) = res in a) ([#"../checked_ops.rs" 28 39 28 43] [#"../checked_ops.rs" 28 39 28 43] true)); + [#"../checked_ops.rs" 28 12 28 43] _28 <- ([#"../checked_ops.rs" 28 30 28 43] Bool.eqb ([#"../checked_ops.rs" 28 30 28 35] let (_, a) = res in a) ([#"../checked_ops.rs" 28 39 28 43] [#"../checked_ops.rs" 28 39 28 43] true)); goto BB14 } BB14 { @@ -422,10 +433,11 @@ module CheckedOps_TestU8AddOverflow end } BB15 { + assert { [#"../checked_ops.rs" 28 4 28 44] false }; absurd } BB16 { - _0 <- ([#"../checked_ops.rs" 23 35 29 1] ()); + [#"../checked_ops.rs" 23 35 29 1] _0 <- ([#"../checked_ops.rs" 23 35 29 1] ()); return _0 } @@ -461,7 +473,7 @@ module CheckedOps_TestU8WrappingAdd goto BB0 } BB0 { - _0 <- ([#"../checked_ops.rs" 35 4 35 21] wrapping_add0 a b); + [#"../checked_ops.rs" 35 4 35 21] _0 <- ([#"../checked_ops.rs" 35 4 35 21] wrapping_add0 ([#"../checked_ops.rs" 35 4 35 5] a) ([#"../checked_ops.rs" 35 19 35 20] b)); goto BB1 } BB1 { @@ -481,7 +493,7 @@ module CheckedOps_TestU8OverflowingAdd val inv0 (_x : Core_Option_Option_Type.t_option uint8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true use prelude.Bool use prelude.Borrow val is_none0 (self : Core_Option_Option_Type.t_option uint8) : bool @@ -547,47 +559,49 @@ module CheckedOps_TestU8OverflowingAdd goto BB0 } BB0 { - _7 <- ([#"../checked_ops.rs" 40 12 40 32] overflowing_add0 a b); + [#"../checked_ops.rs" 40 12 40 32] _7 <- ([#"../checked_ops.rs" 40 12 40 32] overflowing_add0 ([#"../checked_ops.rs" 40 12 40 13] a) ([#"../checked_ops.rs" 40 30 40 31] b)); goto BB1 } BB1 { assume { resolve0 _7 }; - _10 <- ([#"../checked_ops.rs" 40 38 40 55] wrapping_add0 a b); + [#"../checked_ops.rs" 40 38 40 55] _10 <- ([#"../checked_ops.rs" 40 38 40 55] wrapping_add0 ([#"../checked_ops.rs" 40 38 40 39] a) ([#"../checked_ops.rs" 40 53 40 54] b)); goto BB2 } BB2 { - switch ([#"../checked_ops.rs" 40 4 40 56] not ([#"../checked_ops.rs" 40 12 40 55] (let (a, _) = _7 in a) = _10)) + switch ([#"../checked_ops.rs" 40 4 40 56] not ([#"../checked_ops.rs" 40 12 40 55] ([#"../checked_ops.rs" 40 12 40 34] let (a, _) = _7 in a) = _10)) | False -> goto BB4 | True -> goto BB3 end } BB3 { + assert { [#"../checked_ops.rs" 40 4 40 56] false }; absurd } BB4 { - _18 <- ([#"../checked_ops.rs" 41 12 41 32] overflowing_add0 a b); + [#"../checked_ops.rs" 41 12 41 32] _18 <- ([#"../checked_ops.rs" 41 12 41 32] overflowing_add0 ([#"../checked_ops.rs" 41 12 41 13] a) ([#"../checked_ops.rs" 41 30 41 31] b)); goto BB5 } BB5 { assume { resolve0 _18 }; - _23 <- ([#"../checked_ops.rs" 41 38 41 54] checked_add0 a b); + [#"../checked_ops.rs" 41 38 41 54] _23 <- ([#"../checked_ops.rs" 41 38 41 54] checked_add0 ([#"../checked_ops.rs" 41 38 41 39] a) ([#"../checked_ops.rs" 41 52 41 53] b)); goto BB6 } BB6 { - _21 <- ([#"../checked_ops.rs" 41 38 41 64] is_none0 ([#"../checked_ops.rs" 41 38 41 64] _23)); + [#"../checked_ops.rs" 41 38 41 64] _21 <- ([#"../checked_ops.rs" 41 38 41 64] is_none0 ([#"../checked_ops.rs" 41 38 41 64] _23)); goto BB7 } BB7 { - switch ([#"../checked_ops.rs" 41 4 41 65] not ([#"../checked_ops.rs" 41 12 41 64] Bool.eqb (let (_, a) = _18 in a) _21)) + switch ([#"../checked_ops.rs" 41 4 41 65] not ([#"../checked_ops.rs" 41 12 41 64] Bool.eqb ([#"../checked_ops.rs" 41 12 41 34] let (_, a) = _18 in a) _21)) | False -> goto BB9 | True -> goto BB8 end } BB8 { + assert { [#"../checked_ops.rs" 41 4 41 65] false }; absurd } BB9 { - _0 <- ([#"../checked_ops.rs" 39 45 42 1] ()); + [#"../checked_ops.rs" 39 45 42 1] _0 <- ([#"../checked_ops.rs" 39 45 42 1] ()); return _0 } @@ -603,7 +617,7 @@ module CheckedOps_TestU8SubExample val inv2 (_x : uint8) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../checked_ops.rs" 1 0 1 0] forall x : uint8 . inv2 x = true + axiom inv2 : forall x : uint8 . inv2 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant1 (self : Core_Option_Option_Type.t_option uint8) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -614,7 +628,7 @@ module CheckedOps_TestU8SubExample val inv1 (_x : Core_Option_Option_Type.t_option uint8) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option uint8 . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option uint8 . inv1 x = true predicate invariant0 (self : Core_Option_Option_Type.t_option uint8) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : Core_Option_Option_Type.t_option uint8) : bool @@ -624,7 +638,7 @@ module CheckedOps_TestU8SubExample val inv0 (_x : Core_Option_Option_Type.t_option uint8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true use prelude.Bool predicate resolve2 (self : bool) = [#"../../../../creusot-contracts/src/resolve.rs" 45 8 45 12] true @@ -706,11 +720,11 @@ module CheckedOps_TestU8SubExample goto BB0 } BB0 { - _5 <- ([#"../checked_ops.rs" 46 12 46 31] checked_sub0 ([#"../checked_ops.rs" 46 12 46 15] [#"../checked_ops.rs" 46 12 46 15] (5 : uint8)) ([#"../checked_ops.rs" 46 28 46 30] [#"../checked_ops.rs" 46 28 46 30] (10 : uint8))); + [#"../checked_ops.rs" 46 12 46 31] _5 <- ([#"../checked_ops.rs" 46 12 46 31] checked_sub0 ([#"../checked_ops.rs" 46 12 46 15] [#"../checked_ops.rs" 46 12 46 15] (5 : uint8)) ([#"../checked_ops.rs" 46 28 46 30] [#"../checked_ops.rs" 46 28 46 30] (10 : uint8))); goto BB1 } BB1 { - _3 <- ([#"../checked_ops.rs" 46 12 46 41] is_none0 ([#"../checked_ops.rs" 46 12 46 41] _5)); + [#"../checked_ops.rs" 46 12 46 41] _3 <- ([#"../checked_ops.rs" 46 12 46 41] is_none0 ([#"../checked_ops.rs" 46 12 46 41] _5)); goto BB2 } BB2 { @@ -720,14 +734,15 @@ module CheckedOps_TestU8SubExample end } BB3 { + assert { [#"../checked_ops.rs" 46 4 46 42] false }; absurd } BB4 { - _11 <- ([#"../checked_ops.rs" 47 12 47 33] checked_sub0 ([#"../checked_ops.rs" 47 12 47 17] [#"../checked_ops.rs" 47 12 47 17] (250 : uint8)) ([#"../checked_ops.rs" 47 30 47 32] [#"../checked_ops.rs" 47 30 47 32] (10 : uint8))); + [#"../checked_ops.rs" 47 12 47 33] _11 <- ([#"../checked_ops.rs" 47 12 47 33] checked_sub0 ([#"../checked_ops.rs" 47 12 47 17] [#"../checked_ops.rs" 47 12 47 17] (250 : uint8)) ([#"../checked_ops.rs" 47 30 47 32] [#"../checked_ops.rs" 47 30 47 32] (10 : uint8))); goto BB5 } BB5 { - _10 <- ([#"../checked_ops.rs" 47 12 47 42] unwrap0 _11); + [#"../checked_ops.rs" 47 12 47 42] _10 <- ([#"../checked_ops.rs" 47 12 47 42] unwrap0 _11); _11 <- any Core_Option_Option_Type.t_option uint8; goto BB6 } @@ -738,10 +753,11 @@ module CheckedOps_TestU8SubExample end } BB7 { + assert { [#"../checked_ops.rs" 47 4 47 50] false }; absurd } BB8 { - _16 <- ([#"../checked_ops.rs" 49 12 49 32] wrapping_sub0 ([#"../checked_ops.rs" 49 12 49 15] [#"../checked_ops.rs" 49 12 49 15] (5 : uint8)) ([#"../checked_ops.rs" 49 29 49 31] [#"../checked_ops.rs" 49 29 49 31] (10 : uint8))); + [#"../checked_ops.rs" 49 12 49 32] _16 <- ([#"../checked_ops.rs" 49 12 49 32] wrapping_sub0 ([#"../checked_ops.rs" 49 12 49 15] [#"../checked_ops.rs" 49 12 49 15] (5 : uint8)) ([#"../checked_ops.rs" 49 29 49 31] [#"../checked_ops.rs" 49 29 49 31] (10 : uint8))); goto BB9 } BB9 { @@ -751,10 +767,11 @@ module CheckedOps_TestU8SubExample end } BB10 { + assert { [#"../checked_ops.rs" 49 4 49 40] false }; absurd } BB11 { - _21 <- ([#"../checked_ops.rs" 50 12 50 34] wrapping_sub0 ([#"../checked_ops.rs" 50 12 50 17] [#"../checked_ops.rs" 50 12 50 17] (250 : uint8)) ([#"../checked_ops.rs" 50 31 50 33] [#"../checked_ops.rs" 50 31 50 33] (10 : uint8))); + [#"../checked_ops.rs" 50 12 50 34] _21 <- ([#"../checked_ops.rs" 50 12 50 34] wrapping_sub0 ([#"../checked_ops.rs" 50 12 50 17] [#"../checked_ops.rs" 50 12 50 17] (250 : uint8)) ([#"../checked_ops.rs" 50 31 50 33] [#"../checked_ops.rs" 50 31 50 33] (10 : uint8))); goto BB12 } BB12 { @@ -764,10 +781,11 @@ module CheckedOps_TestU8SubExample end } BB13 { + assert { [#"../checked_ops.rs" 50 4 50 42] false }; absurd } BB14 { - _26 <- ([#"../checked_ops.rs" 52 12 52 34] saturating_sub0 ([#"../checked_ops.rs" 52 12 52 15] [#"../checked_ops.rs" 52 12 52 15] (5 : uint8)) ([#"../checked_ops.rs" 52 31 52 33] [#"../checked_ops.rs" 52 31 52 33] (10 : uint8))); + [#"../checked_ops.rs" 52 12 52 34] _26 <- ([#"../checked_ops.rs" 52 12 52 34] saturating_sub0 ([#"../checked_ops.rs" 52 12 52 15] [#"../checked_ops.rs" 52 12 52 15] (5 : uint8)) ([#"../checked_ops.rs" 52 31 52 33] [#"../checked_ops.rs" 52 31 52 33] (10 : uint8))); goto BB15 } BB15 { @@ -777,10 +795,11 @@ module CheckedOps_TestU8SubExample end } BB16 { + assert { [#"../checked_ops.rs" 52 4 52 40] false }; absurd } BB17 { - _31 <- ([#"../checked_ops.rs" 53 12 53 36] saturating_sub0 ([#"../checked_ops.rs" 53 12 53 17] [#"../checked_ops.rs" 53 12 53 17] (250 : uint8)) ([#"../checked_ops.rs" 53 33 53 35] [#"../checked_ops.rs" 53 33 53 35] (10 : uint8))); + [#"../checked_ops.rs" 53 12 53 36] _31 <- ([#"../checked_ops.rs" 53 12 53 36] saturating_sub0 ([#"../checked_ops.rs" 53 12 53 17] [#"../checked_ops.rs" 53 12 53 17] (250 : uint8)) ([#"../checked_ops.rs" 53 33 53 35] [#"../checked_ops.rs" 53 33 53 35] (10 : uint8))); goto BB18 } BB18 { @@ -790,26 +809,27 @@ module CheckedOps_TestU8SubExample end } BB19 { + assert { [#"../checked_ops.rs" 53 4 53 44] false }; absurd } BB20 { - res <- ([#"../checked_ops.rs" 55 14 55 37] overflowing_sub0 ([#"../checked_ops.rs" 55 14 55 17] [#"../checked_ops.rs" 55 14 55 17] (5 : uint8)) ([#"../checked_ops.rs" 55 34 55 36] [#"../checked_ops.rs" 55 34 55 36] (10 : uint8))); + [#"../checked_ops.rs" 55 14 55 37] res <- ([#"../checked_ops.rs" 55 14 55 37] overflowing_sub0 ([#"../checked_ops.rs" 55 14 55 17] [#"../checked_ops.rs" 55 14 55 17] (5 : uint8)) ([#"../checked_ops.rs" 55 34 55 36] [#"../checked_ops.rs" 55 34 55 36] (10 : uint8))); goto BB21 } BB21 { - switch ([#"../checked_ops.rs" 56 12 56 24] (let (a, _) = res in a) = ([#"../checked_ops.rs" 56 21 56 24] [#"../checked_ops.rs" 56 21 56 24] (251 : uint8))) + switch ([#"../checked_ops.rs" 56 12 56 24] ([#"../checked_ops.rs" 56 12 56 17] let (a, _) = res in a) = ([#"../checked_ops.rs" 56 21 56 24] [#"../checked_ops.rs" 56 21 56 24] (251 : uint8))) | False -> goto BB22 | True -> goto BB23 end } BB22 { assume { resolve0 res }; - _36 <- ([#"../checked_ops.rs" 56 12 56 41] [#"../checked_ops.rs" 56 12 56 41] false); + [#"../checked_ops.rs" 56 12 56 41] _36 <- ([#"../checked_ops.rs" 56 12 56 41] [#"../checked_ops.rs" 56 12 56 41] false); goto BB24 } BB23 { assume { resolve0 res }; - _36 <- ([#"../checked_ops.rs" 56 28 56 41] Bool.eqb (let (_, a) = res in a) ([#"../checked_ops.rs" 56 37 56 41] [#"../checked_ops.rs" 56 37 56 41] true)); + [#"../checked_ops.rs" 56 12 56 41] _36 <- ([#"../checked_ops.rs" 56 28 56 41] Bool.eqb ([#"../checked_ops.rs" 56 28 56 33] let (_, a) = res in a) ([#"../checked_ops.rs" 56 37 56 41] [#"../checked_ops.rs" 56 37 56 41] true)); goto BB24 } BB24 { @@ -819,26 +839,27 @@ module CheckedOps_TestU8SubExample end } BB25 { + assert { [#"../checked_ops.rs" 56 4 56 42] false }; absurd } BB26 { - res1 <- ([#"../checked_ops.rs" 57 14 57 39] overflowing_sub0 ([#"../checked_ops.rs" 57 14 57 19] [#"../checked_ops.rs" 57 14 57 19] (250 : uint8)) ([#"../checked_ops.rs" 57 36 57 38] [#"../checked_ops.rs" 57 36 57 38] (10 : uint8))); + [#"../checked_ops.rs" 57 14 57 39] res1 <- ([#"../checked_ops.rs" 57 14 57 39] overflowing_sub0 ([#"../checked_ops.rs" 57 14 57 19] [#"../checked_ops.rs" 57 14 57 19] (250 : uint8)) ([#"../checked_ops.rs" 57 36 57 38] [#"../checked_ops.rs" 57 36 57 38] (10 : uint8))); goto BB27 } BB27 { - switch ([#"../checked_ops.rs" 58 12 58 24] (let (a, _) = res1 in a) = ([#"../checked_ops.rs" 58 21 58 24] [#"../checked_ops.rs" 58 21 58 24] (240 : uint8))) + switch ([#"../checked_ops.rs" 58 12 58 24] ([#"../checked_ops.rs" 58 12 58 17] let (a, _) = res1 in a) = ([#"../checked_ops.rs" 58 21 58 24] [#"../checked_ops.rs" 58 21 58 24] (240 : uint8))) | False -> goto BB28 | True -> goto BB29 end } BB28 { assume { resolve0 res1 }; - _45 <- ([#"../checked_ops.rs" 58 12 58 42] [#"../checked_ops.rs" 58 12 58 42] false); + [#"../checked_ops.rs" 58 12 58 42] _45 <- ([#"../checked_ops.rs" 58 12 58 42] [#"../checked_ops.rs" 58 12 58 42] false); goto BB30 } BB29 { assume { resolve0 res1 }; - _45 <- ([#"../checked_ops.rs" 58 28 58 42] Bool.eqb (let (_, a) = res1 in a) ([#"../checked_ops.rs" 58 37 58 42] [#"../checked_ops.rs" 58 37 58 42] false)); + [#"../checked_ops.rs" 58 12 58 42] _45 <- ([#"../checked_ops.rs" 58 28 58 42] Bool.eqb ([#"../checked_ops.rs" 58 28 58 33] let (_, a) = res1 in a) ([#"../checked_ops.rs" 58 37 58 42] [#"../checked_ops.rs" 58 37 58 42] false)); goto BB30 } BB30 { @@ -848,10 +869,11 @@ module CheckedOps_TestU8SubExample end } BB31 { + assert { [#"../checked_ops.rs" 58 4 58 43] false }; absurd } BB32 { - _0 <- ([#"../checked_ops.rs" 45 29 59 1] ()); + [#"../checked_ops.rs" 45 29 59 1] _0 <- ([#"../checked_ops.rs" 45 29 59 1] ()); return _0 } @@ -868,7 +890,7 @@ module CheckedOps_TestU8SubOverflow val inv0 (_x : Core_Option_Option_Type.t_option uint8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true use prelude.UInt8 use prelude.Bool predicate resolve2 (self : bool) = @@ -940,11 +962,11 @@ module CheckedOps_TestU8SubOverflow goto BB0 } BB0 { - _7 <- ([#"../checked_ops.rs" 64 12 64 30] checked_sub0 ([#"../checked_ops.rs" 64 12 64 15] [#"../checked_ops.rs" 64 12 64 15] (0 : uint8)) a); + [#"../checked_ops.rs" 64 12 64 30] _7 <- ([#"../checked_ops.rs" 64 12 64 30] checked_sub0 ([#"../checked_ops.rs" 64 12 64 15] [#"../checked_ops.rs" 64 12 64 15] (0 : uint8)) ([#"../checked_ops.rs" 64 28 64 29] a)); goto BB1 } BB1 { - _5 <- ([#"../checked_ops.rs" 64 12 64 40] is_none0 ([#"../checked_ops.rs" 64 12 64 40] _7)); + [#"../checked_ops.rs" 64 12 64 40] _5 <- ([#"../checked_ops.rs" 64 12 64 40] is_none0 ([#"../checked_ops.rs" 64 12 64 40] _7)); goto BB2 } BB2 { @@ -954,23 +976,25 @@ module CheckedOps_TestU8SubOverflow end } BB3 { + assert { [#"../checked_ops.rs" 64 4 64 41] false }; absurd } BB4 { - _13 <- ([#"../checked_ops.rs" 65 12 65 31] wrapping_sub0 ([#"../checked_ops.rs" 65 12 65 15] [#"../checked_ops.rs" 65 12 65 15] (0 : uint8)) a); + [#"../checked_ops.rs" 65 12 65 31] _13 <- ([#"../checked_ops.rs" 65 12 65 31] wrapping_sub0 ([#"../checked_ops.rs" 65 12 65 15] [#"../checked_ops.rs" 65 12 65 15] (0 : uint8)) ([#"../checked_ops.rs" 65 29 65 30] a)); goto BB5 } BB5 { - switch ([#"../checked_ops.rs" 65 4 65 47] not ([#"../checked_ops.rs" 65 12 65 46] _13 = ([#"../checked_ops.rs" 65 35 65 46] ([#"../checked_ops.rs" 65 35 65 42] ([#"../checked_ops.rs" 65 35 65 38] [#"../checked_ops.rs" 65 35 65 38] (255 : uint8)) - a) + ([#"../checked_ops.rs" 65 45 65 46] [#"../checked_ops.rs" 65 45 65 46] (1 : uint8))))) + switch ([#"../checked_ops.rs" 65 4 65 47] not ([#"../checked_ops.rs" 65 12 65 46] _13 = ([#"../checked_ops.rs" 65 35 65 46] ([#"../checked_ops.rs" 65 35 65 42] ([#"../checked_ops.rs" 65 35 65 38] [#"../checked_ops.rs" 65 35 65 38] (255 : uint8)) - ([#"../checked_ops.rs" 65 41 65 42] a)) + ([#"../checked_ops.rs" 65 45 65 46] [#"../checked_ops.rs" 65 45 65 46] (1 : uint8))))) | False -> goto BB7 | True -> goto BB6 end } BB6 { + assert { [#"../checked_ops.rs" 65 4 65 47] false }; absurd } BB7 { - _22 <- ([#"../checked_ops.rs" 66 12 66 33] saturating_sub0 ([#"../checked_ops.rs" 66 12 66 15] [#"../checked_ops.rs" 66 12 66 15] (0 : uint8)) a); + [#"../checked_ops.rs" 66 12 66 33] _22 <- ([#"../checked_ops.rs" 66 12 66 33] saturating_sub0 ([#"../checked_ops.rs" 66 12 66 15] [#"../checked_ops.rs" 66 12 66 15] (0 : uint8)) ([#"../checked_ops.rs" 66 31 66 32] a)); goto BB8 } BB8 { @@ -980,26 +1004,27 @@ module CheckedOps_TestU8SubOverflow end } BB9 { + assert { [#"../checked_ops.rs" 66 4 66 39] false }; absurd } BB10 { - res <- ([#"../checked_ops.rs" 67 14 67 36] overflowing_sub0 ([#"../checked_ops.rs" 67 14 67 17] [#"../checked_ops.rs" 67 14 67 17] (0 : uint8)) a); + [#"../checked_ops.rs" 67 14 67 36] res <- ([#"../checked_ops.rs" 67 14 67 36] overflowing_sub0 ([#"../checked_ops.rs" 67 14 67 17] [#"../checked_ops.rs" 67 14 67 17] (0 : uint8)) ([#"../checked_ops.rs" 67 34 67 35] a)); goto BB11 } BB11 { - switch ([#"../checked_ops.rs" 68 12 68 32] (let (a, _) = res in a) = ([#"../checked_ops.rs" 68 21 68 32] ([#"../checked_ops.rs" 68 21 68 28] ([#"../checked_ops.rs" 68 21 68 24] [#"../checked_ops.rs" 68 21 68 24] (255 : uint8)) - a) + ([#"../checked_ops.rs" 68 31 68 32] [#"../checked_ops.rs" 68 31 68 32] (1 : uint8)))) + switch ([#"../checked_ops.rs" 68 12 68 32] ([#"../checked_ops.rs" 68 12 68 17] let (a, _) = res in a) = ([#"../checked_ops.rs" 68 21 68 32] ([#"../checked_ops.rs" 68 21 68 28] ([#"../checked_ops.rs" 68 21 68 24] [#"../checked_ops.rs" 68 21 68 24] (255 : uint8)) - ([#"../checked_ops.rs" 68 27 68 28] a)) + ([#"../checked_ops.rs" 68 31 68 32] [#"../checked_ops.rs" 68 31 68 32] (1 : uint8)))) | False -> goto BB12 | True -> goto BB13 end } BB12 { assume { resolve0 res }; - _29 <- ([#"../checked_ops.rs" 68 12 68 49] [#"../checked_ops.rs" 68 12 68 49] false); + [#"../checked_ops.rs" 68 12 68 49] _29 <- ([#"../checked_ops.rs" 68 12 68 49] [#"../checked_ops.rs" 68 12 68 49] false); goto BB14 } BB13 { assume { resolve0 res }; - _29 <- ([#"../checked_ops.rs" 68 36 68 49] Bool.eqb (let (_, a) = res in a) ([#"../checked_ops.rs" 68 45 68 49] [#"../checked_ops.rs" 68 45 68 49] true)); + [#"../checked_ops.rs" 68 12 68 49] _29 <- ([#"../checked_ops.rs" 68 36 68 49] Bool.eqb ([#"../checked_ops.rs" 68 36 68 41] let (_, a) = res in a) ([#"../checked_ops.rs" 68 45 68 49] [#"../checked_ops.rs" 68 45 68 49] true)); goto BB14 } BB14 { @@ -1009,10 +1034,11 @@ module CheckedOps_TestU8SubOverflow end } BB15 { + assert { [#"../checked_ops.rs" 68 4 68 50] false }; absurd } BB16 { - _0 <- ([#"../checked_ops.rs" 63 35 69 1] ()); + [#"../checked_ops.rs" 63 35 69 1] _0 <- ([#"../checked_ops.rs" 63 35 69 1] ()); return _0 } @@ -1048,7 +1074,7 @@ module CheckedOps_TestU8WrappingSub goto BB0 } BB0 { - _0 <- ([#"../checked_ops.rs" 75 4 75 21] wrapping_sub0 a b); + [#"../checked_ops.rs" 75 4 75 21] _0 <- ([#"../checked_ops.rs" 75 4 75 21] wrapping_sub0 ([#"../checked_ops.rs" 75 4 75 5] a) ([#"../checked_ops.rs" 75 19 75 20] b)); goto BB1 } BB1 { @@ -1068,7 +1094,7 @@ module CheckedOps_TestU8OverflowingSub val inv0 (_x : Core_Option_Option_Type.t_option uint8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true use prelude.Bool use prelude.Borrow val is_none0 (self : Core_Option_Option_Type.t_option uint8) : bool @@ -1134,47 +1160,49 @@ module CheckedOps_TestU8OverflowingSub goto BB0 } BB0 { - _7 <- ([#"../checked_ops.rs" 80 12 80 32] overflowing_sub0 a b); + [#"../checked_ops.rs" 80 12 80 32] _7 <- ([#"../checked_ops.rs" 80 12 80 32] overflowing_sub0 ([#"../checked_ops.rs" 80 12 80 13] a) ([#"../checked_ops.rs" 80 30 80 31] b)); goto BB1 } BB1 { assume { resolve0 _7 }; - _10 <- ([#"../checked_ops.rs" 80 38 80 55] wrapping_sub0 a b); + [#"../checked_ops.rs" 80 38 80 55] _10 <- ([#"../checked_ops.rs" 80 38 80 55] wrapping_sub0 ([#"../checked_ops.rs" 80 38 80 39] a) ([#"../checked_ops.rs" 80 53 80 54] b)); goto BB2 } BB2 { - switch ([#"../checked_ops.rs" 80 4 80 56] not ([#"../checked_ops.rs" 80 12 80 55] (let (a, _) = _7 in a) = _10)) + switch ([#"../checked_ops.rs" 80 4 80 56] not ([#"../checked_ops.rs" 80 12 80 55] ([#"../checked_ops.rs" 80 12 80 34] let (a, _) = _7 in a) = _10)) | False -> goto BB4 | True -> goto BB3 end } BB3 { + assert { [#"../checked_ops.rs" 80 4 80 56] false }; absurd } BB4 { - _18 <- ([#"../checked_ops.rs" 81 12 81 32] overflowing_sub0 a b); + [#"../checked_ops.rs" 81 12 81 32] _18 <- ([#"../checked_ops.rs" 81 12 81 32] overflowing_sub0 ([#"../checked_ops.rs" 81 12 81 13] a) ([#"../checked_ops.rs" 81 30 81 31] b)); goto BB5 } BB5 { assume { resolve0 _18 }; - _23 <- ([#"../checked_ops.rs" 81 38 81 54] checked_sub0 a b); + [#"../checked_ops.rs" 81 38 81 54] _23 <- ([#"../checked_ops.rs" 81 38 81 54] checked_sub0 ([#"../checked_ops.rs" 81 38 81 39] a) ([#"../checked_ops.rs" 81 52 81 53] b)); goto BB6 } BB6 { - _21 <- ([#"../checked_ops.rs" 81 38 81 64] is_none0 ([#"../checked_ops.rs" 81 38 81 64] _23)); + [#"../checked_ops.rs" 81 38 81 64] _21 <- ([#"../checked_ops.rs" 81 38 81 64] is_none0 ([#"../checked_ops.rs" 81 38 81 64] _23)); goto BB7 } BB7 { - switch ([#"../checked_ops.rs" 81 4 81 65] not ([#"../checked_ops.rs" 81 12 81 64] Bool.eqb (let (_, a) = _18 in a) _21)) + switch ([#"../checked_ops.rs" 81 4 81 65] not ([#"../checked_ops.rs" 81 12 81 64] Bool.eqb ([#"../checked_ops.rs" 81 12 81 34] let (_, a) = _18 in a) _21)) | False -> goto BB9 | True -> goto BB8 end } BB8 { + assert { [#"../checked_ops.rs" 81 4 81 65] false }; absurd } BB9 { - _0 <- ([#"../checked_ops.rs" 79 45 82 1] ()); + [#"../checked_ops.rs" 79 45 82 1] _0 <- ([#"../checked_ops.rs" 79 45 82 1] ()); return _0 } @@ -1191,7 +1219,7 @@ module CheckedOps_TestU8MulExample val inv2 (_x : Core_Option_Option_Type.t_option uint8) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option uint8 . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option uint8 . inv2 x = true predicate invariant1 (self : uint8) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : uint8) : bool @@ -1201,7 +1229,7 @@ module CheckedOps_TestU8MulExample val inv1 (_x : uint8) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../checked_ops.rs" 1 0 1 0] forall x : uint8 . inv1 x = true + axiom inv1 : forall x : uint8 . inv1 x = true predicate invariant0 (self : Core_Option_Option_Type.t_option uint8) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : Core_Option_Option_Type.t_option uint8) : bool @@ -1211,7 +1239,7 @@ module CheckedOps_TestU8MulExample val inv0 (_x : Core_Option_Option_Type.t_option uint8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true use prelude.Bool predicate resolve2 (self : bool) = [#"../../../../creusot-contracts/src/resolve.rs" 45 8 45 12] true @@ -1293,11 +1321,11 @@ module CheckedOps_TestU8MulExample goto BB0 } BB0 { - _5 <- ([#"../checked_ops.rs" 86 12 86 31] checked_mul0 ([#"../checked_ops.rs" 86 12 86 15] [#"../checked_ops.rs" 86 12 86 15] (5 : uint8)) ([#"../checked_ops.rs" 86 28 86 30] [#"../checked_ops.rs" 86 28 86 30] (10 : uint8))); + [#"../checked_ops.rs" 86 12 86 31] _5 <- ([#"../checked_ops.rs" 86 12 86 31] checked_mul0 ([#"../checked_ops.rs" 86 12 86 15] [#"../checked_ops.rs" 86 12 86 15] (5 : uint8)) ([#"../checked_ops.rs" 86 28 86 30] [#"../checked_ops.rs" 86 28 86 30] (10 : uint8))); goto BB1 } BB1 { - _4 <- ([#"../checked_ops.rs" 86 12 86 40] unwrap0 _5); + [#"../checked_ops.rs" 86 12 86 40] _4 <- ([#"../checked_ops.rs" 86 12 86 40] unwrap0 _5); _5 <- any Core_Option_Option_Type.t_option uint8; goto BB2 } @@ -1308,14 +1336,15 @@ module CheckedOps_TestU8MulExample end } BB3 { + assert { [#"../checked_ops.rs" 86 4 86 47] false }; absurd } BB4 { - _11 <- ([#"../checked_ops.rs" 87 12 87 32] checked_mul0 ([#"../checked_ops.rs" 87 12 87 16] [#"../checked_ops.rs" 87 12 87 16] (50 : uint8)) ([#"../checked_ops.rs" 87 29 87 31] [#"../checked_ops.rs" 87 29 87 31] (10 : uint8))); + [#"../checked_ops.rs" 87 12 87 32] _11 <- ([#"../checked_ops.rs" 87 12 87 32] checked_mul0 ([#"../checked_ops.rs" 87 12 87 16] [#"../checked_ops.rs" 87 12 87 16] (50 : uint8)) ([#"../checked_ops.rs" 87 29 87 31] [#"../checked_ops.rs" 87 29 87 31] (10 : uint8))); goto BB5 } BB5 { - _9 <- ([#"../checked_ops.rs" 87 12 87 42] is_none0 ([#"../checked_ops.rs" 87 12 87 42] _11)); + [#"../checked_ops.rs" 87 12 87 42] _9 <- ([#"../checked_ops.rs" 87 12 87 42] is_none0 ([#"../checked_ops.rs" 87 12 87 42] _11)); goto BB6 } BB6 { @@ -1325,10 +1354,11 @@ module CheckedOps_TestU8MulExample end } BB7 { + assert { [#"../checked_ops.rs" 87 4 87 43] false }; absurd } BB8 { - _16 <- ([#"../checked_ops.rs" 89 12 89 32] wrapping_mul0 ([#"../checked_ops.rs" 89 12 89 15] [#"../checked_ops.rs" 89 12 89 15] (5 : uint8)) ([#"../checked_ops.rs" 89 29 89 31] [#"../checked_ops.rs" 89 29 89 31] (10 : uint8))); + [#"../checked_ops.rs" 89 12 89 32] _16 <- ([#"../checked_ops.rs" 89 12 89 32] wrapping_mul0 ([#"../checked_ops.rs" 89 12 89 15] [#"../checked_ops.rs" 89 12 89 15] (5 : uint8)) ([#"../checked_ops.rs" 89 29 89 31] [#"../checked_ops.rs" 89 29 89 31] (10 : uint8))); goto BB9 } BB9 { @@ -1338,10 +1368,11 @@ module CheckedOps_TestU8MulExample end } BB10 { + assert { [#"../checked_ops.rs" 89 4 89 39] false }; absurd } BB11 { - _21 <- ([#"../checked_ops.rs" 90 12 90 33] wrapping_mul0 ([#"../checked_ops.rs" 90 12 90 16] [#"../checked_ops.rs" 90 12 90 16] (50 : uint8)) ([#"../checked_ops.rs" 90 30 90 32] [#"../checked_ops.rs" 90 30 90 32] (10 : uint8))); + [#"../checked_ops.rs" 90 12 90 33] _21 <- ([#"../checked_ops.rs" 90 12 90 33] wrapping_mul0 ([#"../checked_ops.rs" 90 12 90 16] [#"../checked_ops.rs" 90 12 90 16] (50 : uint8)) ([#"../checked_ops.rs" 90 30 90 32] [#"../checked_ops.rs" 90 30 90 32] (10 : uint8))); goto BB12 } BB12 { @@ -1351,10 +1382,11 @@ module CheckedOps_TestU8MulExample end } BB13 { + assert { [#"../checked_ops.rs" 90 4 90 41] false }; absurd } BB14 { - _26 <- ([#"../checked_ops.rs" 92 12 92 34] saturating_mul0 ([#"../checked_ops.rs" 92 12 92 15] [#"../checked_ops.rs" 92 12 92 15] (5 : uint8)) ([#"../checked_ops.rs" 92 31 92 33] [#"../checked_ops.rs" 92 31 92 33] (10 : uint8))); + [#"../checked_ops.rs" 92 12 92 34] _26 <- ([#"../checked_ops.rs" 92 12 92 34] saturating_mul0 ([#"../checked_ops.rs" 92 12 92 15] [#"../checked_ops.rs" 92 12 92 15] (5 : uint8)) ([#"../checked_ops.rs" 92 31 92 33] [#"../checked_ops.rs" 92 31 92 33] (10 : uint8))); goto BB15 } BB15 { @@ -1364,10 +1396,11 @@ module CheckedOps_TestU8MulExample end } BB16 { + assert { [#"../checked_ops.rs" 92 4 92 41] false }; absurd } BB17 { - _31 <- ([#"../checked_ops.rs" 93 12 93 35] saturating_mul0 ([#"../checked_ops.rs" 93 12 93 16] [#"../checked_ops.rs" 93 12 93 16] (50 : uint8)) ([#"../checked_ops.rs" 93 32 93 34] [#"../checked_ops.rs" 93 32 93 34] (10 : uint8))); + [#"../checked_ops.rs" 93 12 93 35] _31 <- ([#"../checked_ops.rs" 93 12 93 35] saturating_mul0 ([#"../checked_ops.rs" 93 12 93 16] [#"../checked_ops.rs" 93 12 93 16] (50 : uint8)) ([#"../checked_ops.rs" 93 32 93 34] [#"../checked_ops.rs" 93 32 93 34] (10 : uint8))); goto BB18 } BB18 { @@ -1377,26 +1410,27 @@ module CheckedOps_TestU8MulExample end } BB19 { + assert { [#"../checked_ops.rs" 93 4 93 43] false }; absurd } BB20 { - res <- ([#"../checked_ops.rs" 95 14 95 37] overflowing_mul0 ([#"../checked_ops.rs" 95 14 95 17] [#"../checked_ops.rs" 95 14 95 17] (5 : uint8)) ([#"../checked_ops.rs" 95 34 95 36] [#"../checked_ops.rs" 95 34 95 36] (10 : uint8))); + [#"../checked_ops.rs" 95 14 95 37] res <- ([#"../checked_ops.rs" 95 14 95 37] overflowing_mul0 ([#"../checked_ops.rs" 95 14 95 17] [#"../checked_ops.rs" 95 14 95 17] (5 : uint8)) ([#"../checked_ops.rs" 95 34 95 36] [#"../checked_ops.rs" 95 34 95 36] (10 : uint8))); goto BB21 } BB21 { - switch ([#"../checked_ops.rs" 96 12 96 23] (let (a, _) = res in a) = ([#"../checked_ops.rs" 96 21 96 23] [#"../checked_ops.rs" 96 21 96 23] (50 : uint8))) + switch ([#"../checked_ops.rs" 96 12 96 23] ([#"../checked_ops.rs" 96 12 96 17] let (a, _) = res in a) = ([#"../checked_ops.rs" 96 21 96 23] [#"../checked_ops.rs" 96 21 96 23] (50 : uint8))) | False -> goto BB22 | True -> goto BB23 end } BB22 { assume { resolve0 res }; - _36 <- ([#"../checked_ops.rs" 96 12 96 41] [#"../checked_ops.rs" 96 12 96 41] false); + [#"../checked_ops.rs" 96 12 96 41] _36 <- ([#"../checked_ops.rs" 96 12 96 41] [#"../checked_ops.rs" 96 12 96 41] false); goto BB24 } BB23 { assume { resolve0 res }; - _36 <- ([#"../checked_ops.rs" 96 27 96 41] Bool.eqb (let (_, a) = res in a) ([#"../checked_ops.rs" 96 36 96 41] [#"../checked_ops.rs" 96 36 96 41] false)); + [#"../checked_ops.rs" 96 12 96 41] _36 <- ([#"../checked_ops.rs" 96 27 96 41] Bool.eqb ([#"../checked_ops.rs" 96 27 96 32] let (_, a) = res in a) ([#"../checked_ops.rs" 96 36 96 41] [#"../checked_ops.rs" 96 36 96 41] false)); goto BB24 } BB24 { @@ -1406,26 +1440,27 @@ module CheckedOps_TestU8MulExample end } BB25 { + assert { [#"../checked_ops.rs" 96 4 96 42] false }; absurd } BB26 { - res1 <- ([#"../checked_ops.rs" 97 14 97 38] overflowing_mul0 ([#"../checked_ops.rs" 97 14 97 18] [#"../checked_ops.rs" 97 14 97 18] (50 : uint8)) ([#"../checked_ops.rs" 97 35 97 37] [#"../checked_ops.rs" 97 35 97 37] (10 : uint8))); + [#"../checked_ops.rs" 97 14 97 38] res1 <- ([#"../checked_ops.rs" 97 14 97 38] overflowing_mul0 ([#"../checked_ops.rs" 97 14 97 18] [#"../checked_ops.rs" 97 14 97 18] (50 : uint8)) ([#"../checked_ops.rs" 97 35 97 37] [#"../checked_ops.rs" 97 35 97 37] (10 : uint8))); goto BB27 } BB27 { - switch ([#"../checked_ops.rs" 98 12 98 24] (let (a, _) = res1 in a) = ([#"../checked_ops.rs" 98 21 98 24] [#"../checked_ops.rs" 98 21 98 24] (244 : uint8))) + switch ([#"../checked_ops.rs" 98 12 98 24] ([#"../checked_ops.rs" 98 12 98 17] let (a, _) = res1 in a) = ([#"../checked_ops.rs" 98 21 98 24] [#"../checked_ops.rs" 98 21 98 24] (244 : uint8))) | False -> goto BB28 | True -> goto BB29 end } BB28 { assume { resolve0 res1 }; - _45 <- ([#"../checked_ops.rs" 98 12 98 41] [#"../checked_ops.rs" 98 12 98 41] false); + [#"../checked_ops.rs" 98 12 98 41] _45 <- ([#"../checked_ops.rs" 98 12 98 41] [#"../checked_ops.rs" 98 12 98 41] false); goto BB30 } BB29 { assume { resolve0 res1 }; - _45 <- ([#"../checked_ops.rs" 98 28 98 41] Bool.eqb (let (_, a) = res1 in a) ([#"../checked_ops.rs" 98 37 98 41] [#"../checked_ops.rs" 98 37 98 41] true)); + [#"../checked_ops.rs" 98 12 98 41] _45 <- ([#"../checked_ops.rs" 98 28 98 41] Bool.eqb ([#"../checked_ops.rs" 98 28 98 33] let (_, a) = res1 in a) ([#"../checked_ops.rs" 98 37 98 41] [#"../checked_ops.rs" 98 37 98 41] true)); goto BB30 } BB30 { @@ -1435,10 +1470,11 @@ module CheckedOps_TestU8MulExample end } BB31 { + assert { [#"../checked_ops.rs" 98 4 98 42] false }; absurd } BB32 { - _0 <- ([#"../checked_ops.rs" 85 29 99 1] ()); + [#"../checked_ops.rs" 85 29 99 1] _0 <- ([#"../checked_ops.rs" 85 29 99 1] ()); return _0 } @@ -1454,7 +1490,7 @@ module CheckedOps_TestU8MulZero val inv1 (_x : uint8) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../checked_ops.rs" 1 0 1 0] forall x : uint8 . inv1 x = true + axiom inv1 : forall x : uint8 . inv1 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant0 (self : Core_Option_Option_Type.t_option uint8) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1465,7 +1501,7 @@ module CheckedOps_TestU8MulZero val inv0 (_x : Core_Option_Option_Type.t_option uint8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true use prelude.Bool predicate resolve2 (self : bool) = [#"../../../../creusot-contracts/src/resolve.rs" 45 8 45 12] true @@ -1537,11 +1573,11 @@ module CheckedOps_TestU8MulZero goto BB0 } BB0 { - _6 <- ([#"../checked_ops.rs" 103 12 103 30] checked_mul0 ([#"../checked_ops.rs" 103 12 103 15] [#"../checked_ops.rs" 103 12 103 15] (0 : uint8)) a); + [#"../checked_ops.rs" 103 12 103 30] _6 <- ([#"../checked_ops.rs" 103 12 103 30] checked_mul0 ([#"../checked_ops.rs" 103 12 103 15] [#"../checked_ops.rs" 103 12 103 15] (0 : uint8)) ([#"../checked_ops.rs" 103 28 103 29] a)); goto BB1 } BB1 { - _5 <- ([#"../checked_ops.rs" 103 12 103 39] unwrap0 _6); + [#"../checked_ops.rs" 103 12 103 39] _5 <- ([#"../checked_ops.rs" 103 12 103 39] unwrap0 _6); _6 <- any Core_Option_Option_Type.t_option uint8; goto BB2 } @@ -1552,10 +1588,11 @@ module CheckedOps_TestU8MulZero end } BB3 { + assert { [#"../checked_ops.rs" 103 4 103 45] false }; absurd } BB4 { - _12 <- ([#"../checked_ops.rs" 104 12 104 31] wrapping_mul0 ([#"../checked_ops.rs" 104 12 104 15] [#"../checked_ops.rs" 104 12 104 15] (0 : uint8)) a); + [#"../checked_ops.rs" 104 12 104 31] _12 <- ([#"../checked_ops.rs" 104 12 104 31] wrapping_mul0 ([#"../checked_ops.rs" 104 12 104 15] [#"../checked_ops.rs" 104 12 104 15] (0 : uint8)) ([#"../checked_ops.rs" 104 29 104 30] a)); goto BB5 } BB5 { @@ -1565,10 +1602,11 @@ module CheckedOps_TestU8MulZero end } BB6 { + assert { [#"../checked_ops.rs" 104 4 104 37] false }; absurd } BB7 { - _18 <- ([#"../checked_ops.rs" 105 12 105 33] saturating_mul0 ([#"../checked_ops.rs" 105 12 105 15] [#"../checked_ops.rs" 105 12 105 15] (0 : uint8)) a); + [#"../checked_ops.rs" 105 12 105 33] _18 <- ([#"../checked_ops.rs" 105 12 105 33] saturating_mul0 ([#"../checked_ops.rs" 105 12 105 15] [#"../checked_ops.rs" 105 12 105 15] (0 : uint8)) ([#"../checked_ops.rs" 105 31 105 32] a)); goto BB8 } BB8 { @@ -1578,26 +1616,27 @@ module CheckedOps_TestU8MulZero end } BB9 { + assert { [#"../checked_ops.rs" 105 4 105 39] false }; absurd } BB10 { - res <- ([#"../checked_ops.rs" 106 14 106 36] overflowing_mul0 ([#"../checked_ops.rs" 106 14 106 17] [#"../checked_ops.rs" 106 14 106 17] (0 : uint8)) a); + [#"../checked_ops.rs" 106 14 106 36] res <- ([#"../checked_ops.rs" 106 14 106 36] overflowing_mul0 ([#"../checked_ops.rs" 106 14 106 17] [#"../checked_ops.rs" 106 14 106 17] (0 : uint8)) ([#"../checked_ops.rs" 106 34 106 35] a)); goto BB11 } BB11 { - switch ([#"../checked_ops.rs" 107 12 107 22] (let (a, _) = res in a) = ([#"../checked_ops.rs" 107 21 107 22] [#"../checked_ops.rs" 107 21 107 22] (0 : uint8))) + switch ([#"../checked_ops.rs" 107 12 107 22] ([#"../checked_ops.rs" 107 12 107 17] let (a, _) = res in a) = ([#"../checked_ops.rs" 107 21 107 22] [#"../checked_ops.rs" 107 21 107 22] (0 : uint8))) | False -> goto BB12 | True -> goto BB13 end } BB12 { assume { resolve0 res }; - _25 <- ([#"../checked_ops.rs" 107 12 107 40] [#"../checked_ops.rs" 107 12 107 40] false); + [#"../checked_ops.rs" 107 12 107 40] _25 <- ([#"../checked_ops.rs" 107 12 107 40] [#"../checked_ops.rs" 107 12 107 40] false); goto BB14 } BB13 { assume { resolve0 res }; - _25 <- ([#"../checked_ops.rs" 107 26 107 40] Bool.eqb (let (_, a) = res in a) ([#"../checked_ops.rs" 107 35 107 40] [#"../checked_ops.rs" 107 35 107 40] false)); + [#"../checked_ops.rs" 107 12 107 40] _25 <- ([#"../checked_ops.rs" 107 26 107 40] Bool.eqb ([#"../checked_ops.rs" 107 26 107 31] let (_, a) = res in a) ([#"../checked_ops.rs" 107 35 107 40] [#"../checked_ops.rs" 107 35 107 40] false)); goto BB14 } BB14 { @@ -1607,10 +1646,11 @@ module CheckedOps_TestU8MulZero end } BB15 { + assert { [#"../checked_ops.rs" 107 4 107 41] false }; absurd } BB16 { - _0 <- ([#"../checked_ops.rs" 102 31 108 1] ()); + [#"../checked_ops.rs" 102 31 108 1] _0 <- ([#"../checked_ops.rs" 102 31 108 1] ()); return _0 } @@ -1627,7 +1667,7 @@ module CheckedOps_TestU8OverflowingMul val inv0 (_x : Core_Option_Option_Type.t_option uint8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true use prelude.Bool use prelude.Borrow val is_none0 (self : Core_Option_Option_Type.t_option uint8) : bool @@ -1693,47 +1733,49 @@ module CheckedOps_TestU8OverflowingMul goto BB0 } BB0 { - _7 <- ([#"../checked_ops.rs" 112 12 112 32] overflowing_mul0 a b); + [#"../checked_ops.rs" 112 12 112 32] _7 <- ([#"../checked_ops.rs" 112 12 112 32] overflowing_mul0 ([#"../checked_ops.rs" 112 12 112 13] a) ([#"../checked_ops.rs" 112 30 112 31] b)); goto BB1 } BB1 { assume { resolve0 _7 }; - _10 <- ([#"../checked_ops.rs" 112 38 112 55] wrapping_mul0 a b); + [#"../checked_ops.rs" 112 38 112 55] _10 <- ([#"../checked_ops.rs" 112 38 112 55] wrapping_mul0 ([#"../checked_ops.rs" 112 38 112 39] a) ([#"../checked_ops.rs" 112 53 112 54] b)); goto BB2 } BB2 { - switch ([#"../checked_ops.rs" 112 4 112 56] not ([#"../checked_ops.rs" 112 12 112 55] (let (a, _) = _7 in a) = _10)) + switch ([#"../checked_ops.rs" 112 4 112 56] not ([#"../checked_ops.rs" 112 12 112 55] ([#"../checked_ops.rs" 112 12 112 34] let (a, _) = _7 in a) = _10)) | False -> goto BB4 | True -> goto BB3 end } BB3 { + assert { [#"../checked_ops.rs" 112 4 112 56] false }; absurd } BB4 { - _18 <- ([#"../checked_ops.rs" 113 12 113 32] overflowing_mul0 a b); + [#"../checked_ops.rs" 113 12 113 32] _18 <- ([#"../checked_ops.rs" 113 12 113 32] overflowing_mul0 ([#"../checked_ops.rs" 113 12 113 13] a) ([#"../checked_ops.rs" 113 30 113 31] b)); goto BB5 } BB5 { assume { resolve0 _18 }; - _23 <- ([#"../checked_ops.rs" 113 38 113 54] checked_mul0 a b); + [#"../checked_ops.rs" 113 38 113 54] _23 <- ([#"../checked_ops.rs" 113 38 113 54] checked_mul0 ([#"../checked_ops.rs" 113 38 113 39] a) ([#"../checked_ops.rs" 113 52 113 53] b)); goto BB6 } BB6 { - _21 <- ([#"../checked_ops.rs" 113 38 113 64] is_none0 ([#"../checked_ops.rs" 113 38 113 64] _23)); + [#"../checked_ops.rs" 113 38 113 64] _21 <- ([#"../checked_ops.rs" 113 38 113 64] is_none0 ([#"../checked_ops.rs" 113 38 113 64] _23)); goto BB7 } BB7 { - switch ([#"../checked_ops.rs" 113 4 113 65] not ([#"../checked_ops.rs" 113 12 113 64] Bool.eqb (let (_, a) = _18 in a) _21)) + switch ([#"../checked_ops.rs" 113 4 113 65] not ([#"../checked_ops.rs" 113 12 113 64] Bool.eqb ([#"../checked_ops.rs" 113 12 113 34] let (_, a) = _18 in a) _21)) | False -> goto BB9 | True -> goto BB8 end } BB8 { + assert { [#"../checked_ops.rs" 113 4 113 65] false }; absurd } BB9 { - _0 <- ([#"../checked_ops.rs" 111 45 114 1] ()); + [#"../checked_ops.rs" 111 45 114 1] _0 <- ([#"../checked_ops.rs" 111 45 114 1] ()); return _0 } @@ -1749,7 +1791,7 @@ module CheckedOps_TestU8DivExample val inv2 (_x : uint8) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../checked_ops.rs" 1 0 1 0] forall x : uint8 . inv2 x = true + axiom inv2 : forall x : uint8 . inv2 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant1 (self : Core_Option_Option_Type.t_option uint8) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1760,7 +1802,7 @@ module CheckedOps_TestU8DivExample val inv1 (_x : Core_Option_Option_Type.t_option uint8) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option uint8 . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option uint8 . inv1 x = true predicate invariant0 (self : Core_Option_Option_Type.t_option uint8) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : Core_Option_Option_Type.t_option uint8) : bool @@ -1770,7 +1812,7 @@ module CheckedOps_TestU8DivExample val inv0 (_x : Core_Option_Option_Type.t_option uint8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true use prelude.Bool predicate resolve2 (self : bool) = [#"../../../../creusot-contracts/src/resolve.rs" 45 8 45 12] true @@ -1838,11 +1880,11 @@ module CheckedOps_TestU8DivExample goto BB0 } BB0 { - _5 <- ([#"../checked_ops.rs" 118 12 118 30] checked_div0 ([#"../checked_ops.rs" 118 12 118 15] [#"../checked_ops.rs" 118 12 118 15] (5 : uint8)) ([#"../checked_ops.rs" 118 28 118 29] [#"../checked_ops.rs" 118 28 118 29] (0 : uint8))); + [#"../checked_ops.rs" 118 12 118 30] _5 <- ([#"../checked_ops.rs" 118 12 118 30] checked_div0 ([#"../checked_ops.rs" 118 12 118 15] [#"../checked_ops.rs" 118 12 118 15] (5 : uint8)) ([#"../checked_ops.rs" 118 28 118 29] [#"../checked_ops.rs" 118 28 118 29] (0 : uint8))); goto BB1 } BB1 { - _3 <- ([#"../checked_ops.rs" 118 12 118 40] is_none0 ([#"../checked_ops.rs" 118 12 118 40] _5)); + [#"../checked_ops.rs" 118 12 118 40] _3 <- ([#"../checked_ops.rs" 118 12 118 40] is_none0 ([#"../checked_ops.rs" 118 12 118 40] _5)); goto BB2 } BB2 { @@ -1852,14 +1894,15 @@ module CheckedOps_TestU8DivExample end } BB3 { + assert { [#"../checked_ops.rs" 118 4 118 41] false }; absurd } BB4 { - _11 <- ([#"../checked_ops.rs" 119 12 119 30] checked_div0 ([#"../checked_ops.rs" 119 12 119 15] [#"../checked_ops.rs" 119 12 119 15] (5 : uint8)) ([#"../checked_ops.rs" 119 28 119 29] [#"../checked_ops.rs" 119 28 119 29] (2 : uint8))); + [#"../checked_ops.rs" 119 12 119 30] _11 <- ([#"../checked_ops.rs" 119 12 119 30] checked_div0 ([#"../checked_ops.rs" 119 12 119 15] [#"../checked_ops.rs" 119 12 119 15] (5 : uint8)) ([#"../checked_ops.rs" 119 28 119 29] [#"../checked_ops.rs" 119 28 119 29] (2 : uint8))); goto BB5 } BB5 { - _10 <- ([#"../checked_ops.rs" 119 12 119 39] unwrap0 _11); + [#"../checked_ops.rs" 119 12 119 39] _10 <- ([#"../checked_ops.rs" 119 12 119 39] unwrap0 _11); _11 <- any Core_Option_Option_Type.t_option uint8; goto BB6 } @@ -1870,10 +1913,11 @@ module CheckedOps_TestU8DivExample end } BB7 { + assert { [#"../checked_ops.rs" 119 4 119 45] false }; absurd } BB8 { - _16 <- ([#"../checked_ops.rs" 120 12 120 31] wrapping_div0 ([#"../checked_ops.rs" 120 12 120 15] [#"../checked_ops.rs" 120 12 120 15] (5 : uint8)) ([#"../checked_ops.rs" 120 29 120 30] [#"../checked_ops.rs" 120 29 120 30] (2 : uint8))); + [#"../checked_ops.rs" 120 12 120 31] _16 <- ([#"../checked_ops.rs" 120 12 120 31] wrapping_div0 ([#"../checked_ops.rs" 120 12 120 15] [#"../checked_ops.rs" 120 12 120 15] (5 : uint8)) ([#"../checked_ops.rs" 120 29 120 30] [#"../checked_ops.rs" 120 29 120 30] (2 : uint8))); goto BB9 } BB9 { @@ -1883,10 +1927,11 @@ module CheckedOps_TestU8DivExample end } BB10 { + assert { [#"../checked_ops.rs" 120 4 120 37] false }; absurd } BB11 { - _21 <- ([#"../checked_ops.rs" 121 12 121 33] saturating_div0 ([#"../checked_ops.rs" 121 12 121 15] [#"../checked_ops.rs" 121 12 121 15] (5 : uint8)) ([#"../checked_ops.rs" 121 31 121 32] [#"../checked_ops.rs" 121 31 121 32] (2 : uint8))); + [#"../checked_ops.rs" 121 12 121 33] _21 <- ([#"../checked_ops.rs" 121 12 121 33] saturating_div0 ([#"../checked_ops.rs" 121 12 121 15] [#"../checked_ops.rs" 121 12 121 15] (5 : uint8)) ([#"../checked_ops.rs" 121 31 121 32] [#"../checked_ops.rs" 121 31 121 32] (2 : uint8))); goto BB12 } BB12 { @@ -1896,26 +1941,27 @@ module CheckedOps_TestU8DivExample end } BB13 { + assert { [#"../checked_ops.rs" 121 4 121 39] false }; absurd } BB14 { - res <- ([#"../checked_ops.rs" 122 14 122 36] overflowing_div0 ([#"../checked_ops.rs" 122 14 122 17] [#"../checked_ops.rs" 122 14 122 17] (5 : uint8)) ([#"../checked_ops.rs" 122 34 122 35] [#"../checked_ops.rs" 122 34 122 35] (2 : uint8))); + [#"../checked_ops.rs" 122 14 122 36] res <- ([#"../checked_ops.rs" 122 14 122 36] overflowing_div0 ([#"../checked_ops.rs" 122 14 122 17] [#"../checked_ops.rs" 122 14 122 17] (5 : uint8)) ([#"../checked_ops.rs" 122 34 122 35] [#"../checked_ops.rs" 122 34 122 35] (2 : uint8))); goto BB15 } BB15 { - switch ([#"../checked_ops.rs" 123 12 123 22] (let (a, _) = res in a) = ([#"../checked_ops.rs" 123 21 123 22] [#"../checked_ops.rs" 123 21 123 22] (2 : uint8))) + switch ([#"../checked_ops.rs" 123 12 123 22] ([#"../checked_ops.rs" 123 12 123 17] let (a, _) = res in a) = ([#"../checked_ops.rs" 123 21 123 22] [#"../checked_ops.rs" 123 21 123 22] (2 : uint8))) | False -> goto BB16 | True -> goto BB17 end } BB16 { assume { resolve0 res }; - _26 <- ([#"../checked_ops.rs" 123 12 123 40] [#"../checked_ops.rs" 123 12 123 40] false); + [#"../checked_ops.rs" 123 12 123 40] _26 <- ([#"../checked_ops.rs" 123 12 123 40] [#"../checked_ops.rs" 123 12 123 40] false); goto BB18 } BB17 { assume { resolve0 res }; - _26 <- ([#"../checked_ops.rs" 123 26 123 40] Bool.eqb (let (_, a) = res in a) ([#"../checked_ops.rs" 123 35 123 40] [#"../checked_ops.rs" 123 35 123 40] false)); + [#"../checked_ops.rs" 123 12 123 40] _26 <- ([#"../checked_ops.rs" 123 26 123 40] Bool.eqb ([#"../checked_ops.rs" 123 26 123 31] let (_, a) = res in a) ([#"../checked_ops.rs" 123 35 123 40] [#"../checked_ops.rs" 123 35 123 40] false)); goto BB18 } BB18 { @@ -1925,10 +1971,11 @@ module CheckedOps_TestU8DivExample end } BB19 { + assert { [#"../checked_ops.rs" 123 4 123 41] false }; absurd } BB20 { - _0 <- ([#"../checked_ops.rs" 117 29 124 1] ()); + [#"../checked_ops.rs" 117 29 124 1] _0 <- ([#"../checked_ops.rs" 117 29 124 1] ()); return _0 } @@ -1944,7 +1991,7 @@ module CheckedOps_TestU8DivNoOverflow val inv1 (_x : uint8) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../checked_ops.rs" 1 0 1 0] forall x : uint8 . inv1 x = true + axiom inv1 : forall x : uint8 . inv1 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant0 (self : Core_Option_Option_Type.t_option uint8) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1955,7 +2002,7 @@ module CheckedOps_TestU8DivNoOverflow val inv0 (_x : Core_Option_Option_Type.t_option uint8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true use prelude.UInt8 use prelude.Bool predicate resolve2 (self : bool) = @@ -2027,85 +2074,88 @@ module CheckedOps_TestU8DivNoOverflow goto BB0 } BB0 { - _8 <- ([#"../checked_ops.rs" 129 12 129 28] checked_div0 a b); + [#"../checked_ops.rs" 129 12 129 28] _8 <- ([#"../checked_ops.rs" 129 12 129 28] checked_div0 ([#"../checked_ops.rs" 129 12 129 13] a) ([#"../checked_ops.rs" 129 26 129 27] b)); goto BB1 } BB1 { - _7 <- ([#"../checked_ops.rs" 129 12 129 37] unwrap0 _8); + [#"../checked_ops.rs" 129 12 129 37] _7 <- ([#"../checked_ops.rs" 129 12 129 37] unwrap0 _8); _8 <- any Core_Option_Option_Type.t_option uint8; goto BB2 } BB2 { - _13 <- b; - _14 <- ([#"../checked_ops.rs" 129 41 129 46] _13 = ([#"../checked_ops.rs" 129 41 129 46] [#"../checked_ops.rs" 129 41 129 46] (0 : uint8))); + [#"../checked_ops.rs" 129 45 129 46] _13 <- ([#"../checked_ops.rs" 129 45 129 46] b); + [#"../checked_ops.rs" 129 41 129 46] _14 <- ([#"../checked_ops.rs" 129 41 129 46] _13 = ([#"../checked_ops.rs" 129 41 129 46] [#"../checked_ops.rs" 129 41 129 46] (0 : uint8))); assert { [@expl:division by zero] [#"../checked_ops.rs" 129 41 129 46] not _14 }; goto BB3 } BB3 { - switch ([#"../checked_ops.rs" 129 4 129 47] not ([#"../checked_ops.rs" 129 12 129 46] _7 = ([#"../checked_ops.rs" 129 41 129 46] a / _13))) + switch ([#"../checked_ops.rs" 129 4 129 47] not ([#"../checked_ops.rs" 129 12 129 46] _7 = ([#"../checked_ops.rs" 129 41 129 46] ([#"../checked_ops.rs" 129 41 129 42] a) / _13))) | False -> goto BB5 | True -> goto BB4 end } BB4 { + assert { [#"../checked_ops.rs" 129 4 129 47] false }; absurd } BB5 { - _19 <- ([#"../checked_ops.rs" 130 12 130 29] wrapping_div0 a b); + [#"../checked_ops.rs" 130 12 130 29] _19 <- ([#"../checked_ops.rs" 130 12 130 29] wrapping_div0 ([#"../checked_ops.rs" 130 12 130 13] a) ([#"../checked_ops.rs" 130 27 130 28] b)); goto BB6 } BB6 { - _24 <- b; - _25 <- ([#"../checked_ops.rs" 130 33 130 38] _24 = ([#"../checked_ops.rs" 130 33 130 38] [#"../checked_ops.rs" 130 33 130 38] (0 : uint8))); + [#"../checked_ops.rs" 130 37 130 38] _24 <- ([#"../checked_ops.rs" 130 37 130 38] b); + [#"../checked_ops.rs" 130 33 130 38] _25 <- ([#"../checked_ops.rs" 130 33 130 38] _24 = ([#"../checked_ops.rs" 130 33 130 38] [#"../checked_ops.rs" 130 33 130 38] (0 : uint8))); assert { [@expl:division by zero] [#"../checked_ops.rs" 130 33 130 38] not _25 }; goto BB7 } BB7 { - switch ([#"../checked_ops.rs" 130 4 130 39] not ([#"../checked_ops.rs" 130 12 130 38] _19 = ([#"../checked_ops.rs" 130 33 130 38] a / _24))) + switch ([#"../checked_ops.rs" 130 4 130 39] not ([#"../checked_ops.rs" 130 12 130 38] _19 = ([#"../checked_ops.rs" 130 33 130 38] ([#"../checked_ops.rs" 130 33 130 34] a) / _24))) | False -> goto BB9 | True -> goto BB8 end } BB8 { + assert { [#"../checked_ops.rs" 130 4 130 39] false }; absurd } BB9 { - _30 <- ([#"../checked_ops.rs" 131 12 131 31] saturating_div0 a b); + [#"../checked_ops.rs" 131 12 131 31] _30 <- ([#"../checked_ops.rs" 131 12 131 31] saturating_div0 ([#"../checked_ops.rs" 131 12 131 13] a) ([#"../checked_ops.rs" 131 29 131 30] b)); goto BB10 } BB10 { - _35 <- b; - _36 <- ([#"../checked_ops.rs" 131 35 131 40] _35 = ([#"../checked_ops.rs" 131 35 131 40] [#"../checked_ops.rs" 131 35 131 40] (0 : uint8))); + [#"../checked_ops.rs" 131 39 131 40] _35 <- ([#"../checked_ops.rs" 131 39 131 40] b); + [#"../checked_ops.rs" 131 35 131 40] _36 <- ([#"../checked_ops.rs" 131 35 131 40] _35 = ([#"../checked_ops.rs" 131 35 131 40] [#"../checked_ops.rs" 131 35 131 40] (0 : uint8))); assert { [@expl:division by zero] [#"../checked_ops.rs" 131 35 131 40] not _36 }; goto BB11 } BB11 { - switch ([#"../checked_ops.rs" 131 4 131 41] not ([#"../checked_ops.rs" 131 12 131 40] _30 = ([#"../checked_ops.rs" 131 35 131 40] a / _35))) + switch ([#"../checked_ops.rs" 131 4 131 41] not ([#"../checked_ops.rs" 131 12 131 40] _30 = ([#"../checked_ops.rs" 131 35 131 40] ([#"../checked_ops.rs" 131 35 131 36] a) / _35))) | False -> goto BB13 | True -> goto BB12 end } BB12 { + assert { [#"../checked_ops.rs" 131 4 131 41] false }; absurd } BB13 { - res <- ([#"../checked_ops.rs" 132 14 132 34] overflowing_div0 a b); + [#"../checked_ops.rs" 132 14 132 34] res <- ([#"../checked_ops.rs" 132 14 132 34] overflowing_div0 ([#"../checked_ops.rs" 132 14 132 15] a) ([#"../checked_ops.rs" 132 32 132 33] b)); goto BB14 } BB14 { - _48 <- b; - _49 <- ([#"../checked_ops.rs" 133 21 133 26] _48 = ([#"../checked_ops.rs" 133 21 133 26] [#"../checked_ops.rs" 133 21 133 26] (0 : uint8))); + [#"../checked_ops.rs" 133 25 133 26] _48 <- ([#"../checked_ops.rs" 133 25 133 26] b); + [#"../checked_ops.rs" 133 21 133 26] _49 <- ([#"../checked_ops.rs" 133 21 133 26] _48 = ([#"../checked_ops.rs" 133 21 133 26] [#"../checked_ops.rs" 133 21 133 26] (0 : uint8))); assert { [@expl:division by zero] [#"../checked_ops.rs" 133 21 133 26] not _49 }; goto BB18 } BB15 { assume { resolve0 res }; - _43 <- ([#"../checked_ops.rs" 133 12 133 44] [#"../checked_ops.rs" 133 12 133 44] false); + [#"../checked_ops.rs" 133 12 133 44] _43 <- ([#"../checked_ops.rs" 133 12 133 44] [#"../checked_ops.rs" 133 12 133 44] false); goto BB17 } BB16 { assume { resolve0 res }; - _43 <- ([#"../checked_ops.rs" 133 30 133 44] Bool.eqb (let (_, a) = res in a) ([#"../checked_ops.rs" 133 39 133 44] [#"../checked_ops.rs" 133 39 133 44] false)); + [#"../checked_ops.rs" 133 12 133 44] _43 <- ([#"../checked_ops.rs" 133 30 133 44] Bool.eqb ([#"../checked_ops.rs" 133 30 133 35] let (_, a) = res in a) ([#"../checked_ops.rs" 133 39 133 44] [#"../checked_ops.rs" 133 39 133 44] false)); goto BB17 } BB17 { @@ -2115,16 +2165,17 @@ module CheckedOps_TestU8DivNoOverflow end } BB18 { - switch ([#"../checked_ops.rs" 133 12 133 26] (let (a, _) = res in a) = ([#"../checked_ops.rs" 133 21 133 26] a / _48)) + switch ([#"../checked_ops.rs" 133 12 133 26] ([#"../checked_ops.rs" 133 12 133 17] let (a, _) = res in a) = ([#"../checked_ops.rs" 133 21 133 26] ([#"../checked_ops.rs" 133 21 133 22] a) / _48)) | False -> goto BB15 | True -> goto BB16 end } BB19 { + assert { [#"../checked_ops.rs" 133 4 133 45] false }; absurd } BB20 { - _0 <- ([#"../checked_ops.rs" 128 45 134 1] ()); + [#"../checked_ops.rs" 128 45 134 1] _0 <- ([#"../checked_ops.rs" 128 45 134 1] ()); return _0 } @@ -2141,7 +2192,7 @@ module CheckedOps_TestU8DivZero val inv0 (_x : Core_Option_Option_Type.t_option uint8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option uint8 . inv0 x = true use prelude.Borrow val is_none0 (self : Core_Option_Option_Type.t_option uint8) : bool requires {inv0 self} @@ -2166,11 +2217,11 @@ module CheckedOps_TestU8DivZero goto BB0 } BB0 { - _6 <- ([#"../checked_ops.rs" 138 12 138 28] checked_div0 a ([#"../checked_ops.rs" 138 26 138 27] [#"../checked_ops.rs" 138 26 138 27] (0 : uint8))); + [#"../checked_ops.rs" 138 12 138 28] _6 <- ([#"../checked_ops.rs" 138 12 138 28] checked_div0 ([#"../checked_ops.rs" 138 12 138 13] a) ([#"../checked_ops.rs" 138 26 138 27] [#"../checked_ops.rs" 138 26 138 27] (0 : uint8))); goto BB1 } BB1 { - _4 <- ([#"../checked_ops.rs" 138 12 138 38] is_none0 ([#"../checked_ops.rs" 138 12 138 38] _6)); + [#"../checked_ops.rs" 138 12 138 38] _4 <- ([#"../checked_ops.rs" 138 12 138 38] is_none0 ([#"../checked_ops.rs" 138 12 138 38] _6)); goto BB2 } BB2 { @@ -2180,10 +2231,11 @@ module CheckedOps_TestU8DivZero end } BB3 { + assert { [#"../checked_ops.rs" 138 4 138 39] false }; absurd } BB4 { - _0 <- ([#"../checked_ops.rs" 137 31 139 1] ()); + [#"../checked_ops.rs" 137 31 139 1] _0 <- ([#"../checked_ops.rs" 137 31 139 1] ()); return _0 } @@ -2200,7 +2252,7 @@ module CheckedOps_TestI8AddExample val inv2 (_x : Core_Option_Option_Type.t_option int8) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int8 . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option int8 . inv2 x = true predicate invariant1 (self : int8) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : int8) : bool @@ -2210,7 +2262,7 @@ module CheckedOps_TestI8AddExample val inv1 (_x : int8) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../checked_ops.rs" 1 0 1 0] forall x : int8 . inv1 x = true + axiom inv1 : forall x : int8 . inv1 x = true predicate invariant0 (self : Core_Option_Option_Type.t_option int8) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : Core_Option_Option_Type.t_option int8) : bool @@ -2220,7 +2272,7 @@ module CheckedOps_TestI8AddExample val inv0 (_x : Core_Option_Option_Type.t_option int8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true use prelude.Bool predicate resolve2 (self : bool) = [#"../../../../creusot-contracts/src/resolve.rs" 45 8 45 12] true @@ -2308,11 +2360,11 @@ module CheckedOps_TestI8AddExample goto BB0 } BB0 { - _5 <- ([#"../checked_ops.rs" 143 12 143 31] checked_add0 ([#"../checked_ops.rs" 143 12 143 15] [#"../checked_ops.rs" 143 12 143 15] (5 : int8)) ([#"../checked_ops.rs" 143 28 143 30] [#"../checked_ops.rs" 143 28 143 30] (10 : int8))); + [#"../checked_ops.rs" 143 12 143 31] _5 <- ([#"../checked_ops.rs" 143 12 143 31] checked_add0 ([#"../checked_ops.rs" 143 12 143 15] [#"../checked_ops.rs" 143 12 143 15] (5 : int8)) ([#"../checked_ops.rs" 143 28 143 30] [#"../checked_ops.rs" 143 28 143 30] (10 : int8))); goto BB1 } BB1 { - _4 <- ([#"../checked_ops.rs" 143 12 143 40] unwrap0 _5); + [#"../checked_ops.rs" 143 12 143 40] _4 <- ([#"../checked_ops.rs" 143 12 143 40] unwrap0 _5); _5 <- any Core_Option_Option_Type.t_option int8; goto BB2 } @@ -2323,14 +2375,15 @@ module CheckedOps_TestI8AddExample end } BB3 { + assert { [#"../checked_ops.rs" 143 4 143 47] false }; absurd } BB4 { - _11 <- ([#"../checked_ops.rs" 144 12 144 33] checked_add0 ([#"../checked_ops.rs" 144 12 144 17] [#"../checked_ops.rs" 144 12 144 17] (120 : int8)) ([#"../checked_ops.rs" 144 30 144 32] [#"../checked_ops.rs" 144 30 144 32] (10 : int8))); + [#"../checked_ops.rs" 144 12 144 33] _11 <- ([#"../checked_ops.rs" 144 12 144 33] checked_add0 ([#"../checked_ops.rs" 144 12 144 17] [#"../checked_ops.rs" 144 12 144 17] (120 : int8)) ([#"../checked_ops.rs" 144 30 144 32] [#"../checked_ops.rs" 144 30 144 32] (10 : int8))); goto BB5 } BB5 { - _9 <- ([#"../checked_ops.rs" 144 12 144 43] is_none0 ([#"../checked_ops.rs" 144 12 144 43] _11)); + [#"../checked_ops.rs" 144 12 144 43] _9 <- ([#"../checked_ops.rs" 144 12 144 43] is_none0 ([#"../checked_ops.rs" 144 12 144 43] _11)); goto BB6 } BB6 { @@ -2340,14 +2393,15 @@ module CheckedOps_TestI8AddExample end } BB7 { + assert { [#"../checked_ops.rs" 144 4 144 44] false }; absurd } BB8 { - _17 <- ([#"../checked_ops.rs" 145 12 145 37] checked_add0 ([#"../checked_ops.rs" 145 12 145 20] [#"../checked_ops.rs" 145 12 145 20] (-120 : int8)) ([#"../checked_ops.rs" 145 33 145 36] [#"../checked_ops.rs" 145 33 145 36] (-10 : int8))); + [#"../checked_ops.rs" 145 12 145 37] _17 <- ([#"../checked_ops.rs" 145 12 145 37] checked_add0 ([#"../checked_ops.rs" 145 12 145 20] [#"../checked_ops.rs" 145 12 145 20] (-120 : int8)) ([#"../checked_ops.rs" 145 33 145 36] [#"../checked_ops.rs" 145 33 145 36] (-10 : int8))); goto BB9 } BB9 { - _15 <- ([#"../checked_ops.rs" 145 12 145 47] is_none0 ([#"../checked_ops.rs" 145 12 145 47] _17)); + [#"../checked_ops.rs" 145 12 145 47] _15 <- ([#"../checked_ops.rs" 145 12 145 47] is_none0 ([#"../checked_ops.rs" 145 12 145 47] _17)); goto BB10 } BB10 { @@ -2357,10 +2411,11 @@ module CheckedOps_TestI8AddExample end } BB11 { + assert { [#"../checked_ops.rs" 145 4 145 48] false }; absurd } BB12 { - _22 <- ([#"../checked_ops.rs" 147 12 147 32] wrapping_add0 ([#"../checked_ops.rs" 147 12 147 15] [#"../checked_ops.rs" 147 12 147 15] (5 : int8)) ([#"../checked_ops.rs" 147 29 147 31] [#"../checked_ops.rs" 147 29 147 31] (10 : int8))); + [#"../checked_ops.rs" 147 12 147 32] _22 <- ([#"../checked_ops.rs" 147 12 147 32] wrapping_add0 ([#"../checked_ops.rs" 147 12 147 15] [#"../checked_ops.rs" 147 12 147 15] (5 : int8)) ([#"../checked_ops.rs" 147 29 147 31] [#"../checked_ops.rs" 147 29 147 31] (10 : int8))); goto BB13 } BB13 { @@ -2370,10 +2425,11 @@ module CheckedOps_TestI8AddExample end } BB14 { + assert { [#"../checked_ops.rs" 147 4 147 39] false }; absurd } BB15 { - _27 <- ([#"../checked_ops.rs" 148 12 148 34] wrapping_add0 ([#"../checked_ops.rs" 148 12 148 17] [#"../checked_ops.rs" 148 12 148 17] (120 : int8)) ([#"../checked_ops.rs" 148 31 148 33] [#"../checked_ops.rs" 148 31 148 33] (10 : int8))); + [#"../checked_ops.rs" 148 12 148 34] _27 <- ([#"../checked_ops.rs" 148 12 148 34] wrapping_add0 ([#"../checked_ops.rs" 148 12 148 17] [#"../checked_ops.rs" 148 12 148 17] (120 : int8)) ([#"../checked_ops.rs" 148 31 148 33] [#"../checked_ops.rs" 148 31 148 33] (10 : int8))); goto BB16 } BB16 { @@ -2383,10 +2439,11 @@ module CheckedOps_TestI8AddExample end } BB17 { + assert { [#"../checked_ops.rs" 148 4 148 43] false }; absurd } BB18 { - _32 <- ([#"../checked_ops.rs" 149 12 149 38] wrapping_add0 ([#"../checked_ops.rs" 149 12 149 20] [#"../checked_ops.rs" 149 12 149 20] (-120 : int8)) ([#"../checked_ops.rs" 149 34 149 37] [#"../checked_ops.rs" 149 34 149 37] (-10 : int8))); + [#"../checked_ops.rs" 149 12 149 38] _32 <- ([#"../checked_ops.rs" 149 12 149 38] wrapping_add0 ([#"../checked_ops.rs" 149 12 149 20] [#"../checked_ops.rs" 149 12 149 20] (-120 : int8)) ([#"../checked_ops.rs" 149 34 149 37] [#"../checked_ops.rs" 149 34 149 37] (-10 : int8))); goto BB19 } BB19 { @@ -2396,10 +2453,11 @@ module CheckedOps_TestI8AddExample end } BB20 { + assert { [#"../checked_ops.rs" 149 4 149 46] false }; absurd } BB21 { - _37 <- ([#"../checked_ops.rs" 151 12 151 34] saturating_add0 ([#"../checked_ops.rs" 151 12 151 15] [#"../checked_ops.rs" 151 12 151 15] (5 : int8)) ([#"../checked_ops.rs" 151 31 151 33] [#"../checked_ops.rs" 151 31 151 33] (10 : int8))); + [#"../checked_ops.rs" 151 12 151 34] _37 <- ([#"../checked_ops.rs" 151 12 151 34] saturating_add0 ([#"../checked_ops.rs" 151 12 151 15] [#"../checked_ops.rs" 151 12 151 15] (5 : int8)) ([#"../checked_ops.rs" 151 31 151 33] [#"../checked_ops.rs" 151 31 151 33] (10 : int8))); goto BB22 } BB22 { @@ -2409,10 +2467,11 @@ module CheckedOps_TestI8AddExample end } BB23 { + assert { [#"../checked_ops.rs" 151 4 151 41] false }; absurd } BB24 { - _42 <- ([#"../checked_ops.rs" 152 12 152 36] saturating_add0 ([#"../checked_ops.rs" 152 12 152 17] [#"../checked_ops.rs" 152 12 152 17] (120 : int8)) ([#"../checked_ops.rs" 152 33 152 35] [#"../checked_ops.rs" 152 33 152 35] (10 : int8))); + [#"../checked_ops.rs" 152 12 152 36] _42 <- ([#"../checked_ops.rs" 152 12 152 36] saturating_add0 ([#"../checked_ops.rs" 152 12 152 17] [#"../checked_ops.rs" 152 12 152 17] (120 : int8)) ([#"../checked_ops.rs" 152 33 152 35] [#"../checked_ops.rs" 152 33 152 35] (10 : int8))); goto BB25 } BB25 { @@ -2422,10 +2481,11 @@ module CheckedOps_TestI8AddExample end } BB26 { + assert { [#"../checked_ops.rs" 152 4 152 44] false }; absurd } BB27 { - _47 <- ([#"../checked_ops.rs" 153 12 153 40] saturating_add0 ([#"../checked_ops.rs" 153 12 153 20] [#"../checked_ops.rs" 153 12 153 20] (-120 : int8)) ([#"../checked_ops.rs" 153 36 153 39] [#"../checked_ops.rs" 153 36 153 39] (-10 : int8))); + [#"../checked_ops.rs" 153 12 153 40] _47 <- ([#"../checked_ops.rs" 153 12 153 40] saturating_add0 ([#"../checked_ops.rs" 153 12 153 20] [#"../checked_ops.rs" 153 12 153 20] (-120 : int8)) ([#"../checked_ops.rs" 153 36 153 39] [#"../checked_ops.rs" 153 36 153 39] (-10 : int8))); goto BB28 } BB28 { @@ -2435,26 +2495,27 @@ module CheckedOps_TestI8AddExample end } BB29 { + assert { [#"../checked_ops.rs" 153 4 153 49] false }; absurd } BB30 { - res <- ([#"../checked_ops.rs" 155 14 155 37] overflowing_add0 ([#"../checked_ops.rs" 155 14 155 17] [#"../checked_ops.rs" 155 14 155 17] (5 : int8)) ([#"../checked_ops.rs" 155 34 155 36] [#"../checked_ops.rs" 155 34 155 36] (10 : int8))); + [#"../checked_ops.rs" 155 14 155 37] res <- ([#"../checked_ops.rs" 155 14 155 37] overflowing_add0 ([#"../checked_ops.rs" 155 14 155 17] [#"../checked_ops.rs" 155 14 155 17] (5 : int8)) ([#"../checked_ops.rs" 155 34 155 36] [#"../checked_ops.rs" 155 34 155 36] (10 : int8))); goto BB31 } BB31 { - switch ([#"../checked_ops.rs" 156 12 156 23] (let (a, _) = res in a) = ([#"../checked_ops.rs" 156 21 156 23] [#"../checked_ops.rs" 156 21 156 23] (15 : int8))) + switch ([#"../checked_ops.rs" 156 12 156 23] ([#"../checked_ops.rs" 156 12 156 17] let (a, _) = res in a) = ([#"../checked_ops.rs" 156 21 156 23] [#"../checked_ops.rs" 156 21 156 23] (15 : int8))) | False -> goto BB32 | True -> goto BB33 end } BB32 { assume { resolve0 res }; - _52 <- ([#"../checked_ops.rs" 156 12 156 41] [#"../checked_ops.rs" 156 12 156 41] false); + [#"../checked_ops.rs" 156 12 156 41] _52 <- ([#"../checked_ops.rs" 156 12 156 41] [#"../checked_ops.rs" 156 12 156 41] false); goto BB34 } BB33 { assume { resolve0 res }; - _52 <- ([#"../checked_ops.rs" 156 27 156 41] Bool.eqb (let (_, a) = res in a) ([#"../checked_ops.rs" 156 36 156 41] [#"../checked_ops.rs" 156 36 156 41] false)); + [#"../checked_ops.rs" 156 12 156 41] _52 <- ([#"../checked_ops.rs" 156 27 156 41] Bool.eqb ([#"../checked_ops.rs" 156 27 156 32] let (_, a) = res in a) ([#"../checked_ops.rs" 156 36 156 41] [#"../checked_ops.rs" 156 36 156 41] false)); goto BB34 } BB34 { @@ -2464,26 +2525,27 @@ module CheckedOps_TestI8AddExample end } BB35 { + assert { [#"../checked_ops.rs" 156 4 156 42] false }; absurd } BB36 { - res1 <- ([#"../checked_ops.rs" 157 14 157 39] overflowing_add0 ([#"../checked_ops.rs" 157 14 157 19] [#"../checked_ops.rs" 157 14 157 19] (120 : int8)) ([#"../checked_ops.rs" 157 36 157 38] [#"../checked_ops.rs" 157 36 157 38] (10 : int8))); + [#"../checked_ops.rs" 157 14 157 39] res1 <- ([#"../checked_ops.rs" 157 14 157 39] overflowing_add0 ([#"../checked_ops.rs" 157 14 157 19] [#"../checked_ops.rs" 157 14 157 19] (120 : int8)) ([#"../checked_ops.rs" 157 36 157 38] [#"../checked_ops.rs" 157 36 157 38] (10 : int8))); goto BB37 } BB37 { - switch ([#"../checked_ops.rs" 158 12 158 25] (let (a, _) = res1 in a) = ([#"../checked_ops.rs" 158 21 158 25] [#"../checked_ops.rs" 158 21 158 25] (-126 : int8))) + switch ([#"../checked_ops.rs" 158 12 158 25] ([#"../checked_ops.rs" 158 12 158 17] let (a, _) = res1 in a) = ([#"../checked_ops.rs" 158 21 158 25] [#"../checked_ops.rs" 158 21 158 25] (-126 : int8))) | False -> goto BB38 | True -> goto BB39 end } BB38 { assume { resolve0 res1 }; - _61 <- ([#"../checked_ops.rs" 158 12 158 42] [#"../checked_ops.rs" 158 12 158 42] false); + [#"../checked_ops.rs" 158 12 158 42] _61 <- ([#"../checked_ops.rs" 158 12 158 42] [#"../checked_ops.rs" 158 12 158 42] false); goto BB40 } BB39 { assume { resolve0 res1 }; - _61 <- ([#"../checked_ops.rs" 158 29 158 42] Bool.eqb (let (_, a) = res1 in a) ([#"../checked_ops.rs" 158 38 158 42] [#"../checked_ops.rs" 158 38 158 42] true)); + [#"../checked_ops.rs" 158 12 158 42] _61 <- ([#"../checked_ops.rs" 158 29 158 42] Bool.eqb ([#"../checked_ops.rs" 158 29 158 34] let (_, a) = res1 in a) ([#"../checked_ops.rs" 158 38 158 42] [#"../checked_ops.rs" 158 38 158 42] true)); goto BB40 } BB40 { @@ -2493,26 +2555,27 @@ module CheckedOps_TestI8AddExample end } BB41 { + assert { [#"../checked_ops.rs" 158 4 158 43] false }; absurd } BB42 { - res2 <- ([#"../checked_ops.rs" 159 14 159 43] overflowing_add0 ([#"../checked_ops.rs" 159 14 159 22] [#"../checked_ops.rs" 159 14 159 22] (-120 : int8)) ([#"../checked_ops.rs" 159 39 159 42] [#"../checked_ops.rs" 159 39 159 42] (-10 : int8))); + [#"../checked_ops.rs" 159 14 159 43] res2 <- ([#"../checked_ops.rs" 159 14 159 43] overflowing_add0 ([#"../checked_ops.rs" 159 14 159 22] [#"../checked_ops.rs" 159 14 159 22] (-120 : int8)) ([#"../checked_ops.rs" 159 39 159 42] [#"../checked_ops.rs" 159 39 159 42] (-10 : int8))); goto BB43 } BB43 { - switch ([#"../checked_ops.rs" 160 12 160 24] (let (a, _) = res2 in a) = ([#"../checked_ops.rs" 160 21 160 24] [#"../checked_ops.rs" 160 21 160 24] (126 : int8))) + switch ([#"../checked_ops.rs" 160 12 160 24] ([#"../checked_ops.rs" 160 12 160 17] let (a, _) = res2 in a) = ([#"../checked_ops.rs" 160 21 160 24] [#"../checked_ops.rs" 160 21 160 24] (126 : int8))) | False -> goto BB44 | True -> goto BB45 end } BB44 { assume { resolve0 res2 }; - _70 <- ([#"../checked_ops.rs" 160 12 160 41] [#"../checked_ops.rs" 160 12 160 41] false); + [#"../checked_ops.rs" 160 12 160 41] _70 <- ([#"../checked_ops.rs" 160 12 160 41] [#"../checked_ops.rs" 160 12 160 41] false); goto BB46 } BB45 { assume { resolve0 res2 }; - _70 <- ([#"../checked_ops.rs" 160 28 160 41] Bool.eqb (let (_, a) = res2 in a) ([#"../checked_ops.rs" 160 37 160 41] [#"../checked_ops.rs" 160 37 160 41] true)); + [#"../checked_ops.rs" 160 12 160 41] _70 <- ([#"../checked_ops.rs" 160 28 160 41] Bool.eqb ([#"../checked_ops.rs" 160 28 160 33] let (_, a) = res2 in a) ([#"../checked_ops.rs" 160 37 160 41] [#"../checked_ops.rs" 160 37 160 41] true)); goto BB46 } BB46 { @@ -2522,10 +2585,11 @@ module CheckedOps_TestI8AddExample end } BB47 { + assert { [#"../checked_ops.rs" 160 4 160 42] false }; absurd } BB48 { - _0 <- ([#"../checked_ops.rs" 142 29 161 1] ()); + [#"../checked_ops.rs" 142 29 161 1] _0 <- ([#"../checked_ops.rs" 142 29 161 1] ()); return _0 } @@ -2542,7 +2606,7 @@ module CheckedOps_TestI8AddOverflowPos val inv0 (_x : Core_Option_Option_Type.t_option int8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true use prelude.Int8 use prelude.Bool predicate resolve2 (self : bool) = @@ -2614,11 +2678,11 @@ module CheckedOps_TestI8AddOverflowPos goto BB0 } BB0 { - _7 <- ([#"../checked_ops.rs" 166 12 166 32] checked_add0 ([#"../checked_ops.rs" 166 12 166 17] [#"../checked_ops.rs" 166 12 166 17] (127 : int8)) a); + [#"../checked_ops.rs" 166 12 166 32] _7 <- ([#"../checked_ops.rs" 166 12 166 32] checked_add0 ([#"../checked_ops.rs" 166 12 166 17] [#"../checked_ops.rs" 166 12 166 17] (127 : int8)) ([#"../checked_ops.rs" 166 30 166 31] a)); goto BB1 } BB1 { - _5 <- ([#"../checked_ops.rs" 166 12 166 42] is_none0 ([#"../checked_ops.rs" 166 12 166 42] _7)); + [#"../checked_ops.rs" 166 12 166 42] _5 <- ([#"../checked_ops.rs" 166 12 166 42] is_none0 ([#"../checked_ops.rs" 166 12 166 42] _7)); goto BB2 } BB2 { @@ -2628,23 +2692,25 @@ module CheckedOps_TestI8AddOverflowPos end } BB3 { + assert { [#"../checked_ops.rs" 166 4 166 43] false }; absurd } BB4 { - _13 <- ([#"../checked_ops.rs" 167 12 167 33] wrapping_add0 ([#"../checked_ops.rs" 167 12 167 17] [#"../checked_ops.rs" 167 12 167 17] (127 : int8)) a); + [#"../checked_ops.rs" 167 12 167 33] _13 <- ([#"../checked_ops.rs" 167 12 167 33] wrapping_add0 ([#"../checked_ops.rs" 167 12 167 17] [#"../checked_ops.rs" 167 12 167 17] (127 : int8)) ([#"../checked_ops.rs" 167 31 167 32] a)); goto BB5 } BB5 { - switch ([#"../checked_ops.rs" 167 4 167 49] not ([#"../checked_ops.rs" 167 12 167 48] _13 = ([#"../checked_ops.rs" 167 37 167 48] ([#"../checked_ops.rs" 167 37 167 44] a - ([#"../checked_ops.rs" 167 41 167 44] [#"../checked_ops.rs" 167 41 167 44] (127 : int8))) - ([#"../checked_ops.rs" 167 47 167 48] [#"../checked_ops.rs" 167 47 167 48] (2 : int8))))) + switch ([#"../checked_ops.rs" 167 4 167 49] not ([#"../checked_ops.rs" 167 12 167 48] _13 = ([#"../checked_ops.rs" 167 37 167 48] ([#"../checked_ops.rs" 167 37 167 44] ([#"../checked_ops.rs" 167 37 167 38] a) - ([#"../checked_ops.rs" 167 41 167 44] [#"../checked_ops.rs" 167 41 167 44] (127 : int8))) - ([#"../checked_ops.rs" 167 47 167 48] [#"../checked_ops.rs" 167 47 167 48] (2 : int8))))) | False -> goto BB7 | True -> goto BB6 end } BB6 { + assert { [#"../checked_ops.rs" 167 4 167 49] false }; absurd } BB7 { - _22 <- ([#"../checked_ops.rs" 168 12 168 35] saturating_add0 ([#"../checked_ops.rs" 168 12 168 17] [#"../checked_ops.rs" 168 12 168 17] (127 : int8)) a); + [#"../checked_ops.rs" 168 12 168 35] _22 <- ([#"../checked_ops.rs" 168 12 168 35] saturating_add0 ([#"../checked_ops.rs" 168 12 168 17] [#"../checked_ops.rs" 168 12 168 17] (127 : int8)) ([#"../checked_ops.rs" 168 33 168 34] a)); goto BB8 } BB8 { @@ -2654,26 +2720,27 @@ module CheckedOps_TestI8AddOverflowPos end } BB9 { + assert { [#"../checked_ops.rs" 168 4 168 43] false }; absurd } BB10 { - res <- ([#"../checked_ops.rs" 169 14 169 38] overflowing_add0 ([#"../checked_ops.rs" 169 14 169 19] [#"../checked_ops.rs" 169 14 169 19] (127 : int8)) a); + [#"../checked_ops.rs" 169 14 169 38] res <- ([#"../checked_ops.rs" 169 14 169 38] overflowing_add0 ([#"../checked_ops.rs" 169 14 169 19] [#"../checked_ops.rs" 169 14 169 19] (127 : int8)) ([#"../checked_ops.rs" 169 36 169 37] a)); goto BB11 } BB11 { - switch ([#"../checked_ops.rs" 170 12 170 32] (let (a, _) = res in a) = ([#"../checked_ops.rs" 170 21 170 32] ([#"../checked_ops.rs" 170 21 170 28] a - ([#"../checked_ops.rs" 170 25 170 28] [#"../checked_ops.rs" 170 25 170 28] (127 : int8))) - ([#"../checked_ops.rs" 170 31 170 32] [#"../checked_ops.rs" 170 31 170 32] (2 : int8)))) + switch ([#"../checked_ops.rs" 170 12 170 32] ([#"../checked_ops.rs" 170 12 170 17] let (a, _) = res in a) = ([#"../checked_ops.rs" 170 21 170 32] ([#"../checked_ops.rs" 170 21 170 28] ([#"../checked_ops.rs" 170 21 170 22] a) - ([#"../checked_ops.rs" 170 25 170 28] [#"../checked_ops.rs" 170 25 170 28] (127 : int8))) - ([#"../checked_ops.rs" 170 31 170 32] [#"../checked_ops.rs" 170 31 170 32] (2 : int8)))) | False -> goto BB12 | True -> goto BB13 end } BB12 { assume { resolve0 res }; - _29 <- ([#"../checked_ops.rs" 170 12 170 49] [#"../checked_ops.rs" 170 12 170 49] false); + [#"../checked_ops.rs" 170 12 170 49] _29 <- ([#"../checked_ops.rs" 170 12 170 49] [#"../checked_ops.rs" 170 12 170 49] false); goto BB14 } BB13 { assume { resolve0 res }; - _29 <- ([#"../checked_ops.rs" 170 36 170 49] Bool.eqb (let (_, a) = res in a) ([#"../checked_ops.rs" 170 45 170 49] [#"../checked_ops.rs" 170 45 170 49] true)); + [#"../checked_ops.rs" 170 12 170 49] _29 <- ([#"../checked_ops.rs" 170 36 170 49] Bool.eqb ([#"../checked_ops.rs" 170 36 170 41] let (_, a) = res in a) ([#"../checked_ops.rs" 170 45 170 49] [#"../checked_ops.rs" 170 45 170 49] true)); goto BB14 } BB14 { @@ -2683,10 +2750,11 @@ module CheckedOps_TestI8AddOverflowPos end } BB15 { + assert { [#"../checked_ops.rs" 170 4 170 50] false }; absurd } BB16 { - _0 <- ([#"../checked_ops.rs" 165 39 171 1] ()); + [#"../checked_ops.rs" 165 39 171 1] _0 <- ([#"../checked_ops.rs" 165 39 171 1] ()); return _0 } @@ -2703,7 +2771,7 @@ module CheckedOps_TestI8AddOverflowNeg val inv0 (_x : Core_Option_Option_Type.t_option int8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true use prelude.Int8 use prelude.Bool predicate resolve2 (self : bool) = @@ -2775,11 +2843,11 @@ module CheckedOps_TestI8AddOverflowNeg goto BB0 } BB0 { - _7 <- ([#"../checked_ops.rs" 176 12 176 35] checked_add0 ([#"../checked_ops.rs" 176 12 176 20] [#"../checked_ops.rs" 176 12 176 20] (-128 : int8)) a); + [#"../checked_ops.rs" 176 12 176 35] _7 <- ([#"../checked_ops.rs" 176 12 176 35] checked_add0 ([#"../checked_ops.rs" 176 12 176 20] [#"../checked_ops.rs" 176 12 176 20] (-128 : int8)) ([#"../checked_ops.rs" 176 33 176 34] a)); goto BB1 } BB1 { - _5 <- ([#"../checked_ops.rs" 176 12 176 45] is_none0 ([#"../checked_ops.rs" 176 12 176 45] _7)); + [#"../checked_ops.rs" 176 12 176 45] _5 <- ([#"../checked_ops.rs" 176 12 176 45] is_none0 ([#"../checked_ops.rs" 176 12 176 45] _7)); goto BB2 } BB2 { @@ -2789,23 +2857,25 @@ module CheckedOps_TestI8AddOverflowNeg end } BB3 { + assert { [#"../checked_ops.rs" 176 4 176 46] false }; absurd } BB4 { - _13 <- ([#"../checked_ops.rs" 177 12 177 36] wrapping_add0 ([#"../checked_ops.rs" 177 12 177 20] [#"../checked_ops.rs" 177 12 177 20] (-128 : int8)) a); + [#"../checked_ops.rs" 177 12 177 36] _13 <- ([#"../checked_ops.rs" 177 12 177 36] wrapping_add0 ([#"../checked_ops.rs" 177 12 177 20] [#"../checked_ops.rs" 177 12 177 20] (-128 : int8)) ([#"../checked_ops.rs" 177 34 177 35] a)); goto BB5 } BB5 { - switch ([#"../checked_ops.rs" 177 4 177 52] not ([#"../checked_ops.rs" 177 12 177 51] _13 = ([#"../checked_ops.rs" 177 40 177 51] ([#"../checked_ops.rs" 177 40 177 47] a + ([#"../checked_ops.rs" 177 44 177 47] [#"../checked_ops.rs" 177 44 177 47] (127 : int8))) + ([#"../checked_ops.rs" 177 50 177 51] [#"../checked_ops.rs" 177 50 177 51] (1 : int8))))) + switch ([#"../checked_ops.rs" 177 4 177 52] not ([#"../checked_ops.rs" 177 12 177 51] _13 = ([#"../checked_ops.rs" 177 40 177 51] ([#"../checked_ops.rs" 177 40 177 47] ([#"../checked_ops.rs" 177 40 177 41] a) + ([#"../checked_ops.rs" 177 44 177 47] [#"../checked_ops.rs" 177 44 177 47] (127 : int8))) + ([#"../checked_ops.rs" 177 50 177 51] [#"../checked_ops.rs" 177 50 177 51] (1 : int8))))) | False -> goto BB7 | True -> goto BB6 end } BB6 { + assert { [#"../checked_ops.rs" 177 4 177 52] false }; absurd } BB7 { - _22 <- ([#"../checked_ops.rs" 178 12 178 38] saturating_add0 ([#"../checked_ops.rs" 178 12 178 20] [#"../checked_ops.rs" 178 12 178 20] (-128 : int8)) a); + [#"../checked_ops.rs" 178 12 178 38] _22 <- ([#"../checked_ops.rs" 178 12 178 38] saturating_add0 ([#"../checked_ops.rs" 178 12 178 20] [#"../checked_ops.rs" 178 12 178 20] (-128 : int8)) ([#"../checked_ops.rs" 178 36 178 37] a)); goto BB8 } BB8 { @@ -2815,26 +2885,27 @@ module CheckedOps_TestI8AddOverflowNeg end } BB9 { + assert { [#"../checked_ops.rs" 178 4 178 47] false }; absurd } BB10 { - res <- ([#"../checked_ops.rs" 179 14 179 41] overflowing_add0 ([#"../checked_ops.rs" 179 14 179 22] [#"../checked_ops.rs" 179 14 179 22] (-128 : int8)) a); + [#"../checked_ops.rs" 179 14 179 41] res <- ([#"../checked_ops.rs" 179 14 179 41] overflowing_add0 ([#"../checked_ops.rs" 179 14 179 22] [#"../checked_ops.rs" 179 14 179 22] (-128 : int8)) ([#"../checked_ops.rs" 179 39 179 40] a)); goto BB11 } BB11 { - switch ([#"../checked_ops.rs" 180 12 180 32] (let (a, _) = res in a) = ([#"../checked_ops.rs" 180 21 180 32] ([#"../checked_ops.rs" 180 21 180 28] a + ([#"../checked_ops.rs" 180 25 180 28] [#"../checked_ops.rs" 180 25 180 28] (127 : int8))) + ([#"../checked_ops.rs" 180 31 180 32] [#"../checked_ops.rs" 180 31 180 32] (1 : int8)))) + switch ([#"../checked_ops.rs" 180 12 180 32] ([#"../checked_ops.rs" 180 12 180 17] let (a, _) = res in a) = ([#"../checked_ops.rs" 180 21 180 32] ([#"../checked_ops.rs" 180 21 180 28] ([#"../checked_ops.rs" 180 21 180 22] a) + ([#"../checked_ops.rs" 180 25 180 28] [#"../checked_ops.rs" 180 25 180 28] (127 : int8))) + ([#"../checked_ops.rs" 180 31 180 32] [#"../checked_ops.rs" 180 31 180 32] (1 : int8)))) | False -> goto BB12 | True -> goto BB13 end } BB12 { assume { resolve0 res }; - _29 <- ([#"../checked_ops.rs" 180 12 180 49] [#"../checked_ops.rs" 180 12 180 49] false); + [#"../checked_ops.rs" 180 12 180 49] _29 <- ([#"../checked_ops.rs" 180 12 180 49] [#"../checked_ops.rs" 180 12 180 49] false); goto BB14 } BB13 { assume { resolve0 res }; - _29 <- ([#"../checked_ops.rs" 180 36 180 49] Bool.eqb (let (_, a) = res in a) ([#"../checked_ops.rs" 180 45 180 49] [#"../checked_ops.rs" 180 45 180 49] true)); + [#"../checked_ops.rs" 180 12 180 49] _29 <- ([#"../checked_ops.rs" 180 36 180 49] Bool.eqb ([#"../checked_ops.rs" 180 36 180 41] let (_, a) = res in a) ([#"../checked_ops.rs" 180 45 180 49] [#"../checked_ops.rs" 180 45 180 49] true)); goto BB14 } BB14 { @@ -2844,10 +2915,11 @@ module CheckedOps_TestI8AddOverflowNeg end } BB15 { + assert { [#"../checked_ops.rs" 180 4 180 50] false }; absurd } BB16 { - _0 <- ([#"../checked_ops.rs" 175 39 181 1] ()); + [#"../checked_ops.rs" 175 39 181 1] _0 <- ([#"../checked_ops.rs" 175 39 181 1] ()); return _0 } @@ -2883,7 +2955,7 @@ module CheckedOps_TestI8WrappingAdd goto BB0 } BB0 { - _0 <- ([#"../checked_ops.rs" 187 4 187 21] wrapping_add0 a b); + [#"../checked_ops.rs" 187 4 187 21] _0 <- ([#"../checked_ops.rs" 187 4 187 21] wrapping_add0 ([#"../checked_ops.rs" 187 4 187 5] a) ([#"../checked_ops.rs" 187 19 187 20] b)); goto BB1 } BB1 { @@ -2903,7 +2975,7 @@ module CheckedOps_TestI8OverflowingAdd val inv0 (_x : Core_Option_Option_Type.t_option int8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true use prelude.Bool use prelude.Borrow val is_none0 (self : Core_Option_Option_Type.t_option int8) : bool @@ -2969,47 +3041,49 @@ module CheckedOps_TestI8OverflowingAdd goto BB0 } BB0 { - _7 <- ([#"../checked_ops.rs" 192 12 192 32] overflowing_add0 a b); + [#"../checked_ops.rs" 192 12 192 32] _7 <- ([#"../checked_ops.rs" 192 12 192 32] overflowing_add0 ([#"../checked_ops.rs" 192 12 192 13] a) ([#"../checked_ops.rs" 192 30 192 31] b)); goto BB1 } BB1 { assume { resolve0 _7 }; - _10 <- ([#"../checked_ops.rs" 192 38 192 55] wrapping_add0 a b); + [#"../checked_ops.rs" 192 38 192 55] _10 <- ([#"../checked_ops.rs" 192 38 192 55] wrapping_add0 ([#"../checked_ops.rs" 192 38 192 39] a) ([#"../checked_ops.rs" 192 53 192 54] b)); goto BB2 } BB2 { - switch ([#"../checked_ops.rs" 192 4 192 56] not ([#"../checked_ops.rs" 192 12 192 55] (let (a, _) = _7 in a) = _10)) + switch ([#"../checked_ops.rs" 192 4 192 56] not ([#"../checked_ops.rs" 192 12 192 55] ([#"../checked_ops.rs" 192 12 192 34] let (a, _) = _7 in a) = _10)) | False -> goto BB4 | True -> goto BB3 end } BB3 { + assert { [#"../checked_ops.rs" 192 4 192 56] false }; absurd } BB4 { - _18 <- ([#"../checked_ops.rs" 193 12 193 32] overflowing_add0 a b); + [#"../checked_ops.rs" 193 12 193 32] _18 <- ([#"../checked_ops.rs" 193 12 193 32] overflowing_add0 ([#"../checked_ops.rs" 193 12 193 13] a) ([#"../checked_ops.rs" 193 30 193 31] b)); goto BB5 } BB5 { assume { resolve0 _18 }; - _23 <- ([#"../checked_ops.rs" 193 38 193 54] checked_add0 a b); + [#"../checked_ops.rs" 193 38 193 54] _23 <- ([#"../checked_ops.rs" 193 38 193 54] checked_add0 ([#"../checked_ops.rs" 193 38 193 39] a) ([#"../checked_ops.rs" 193 52 193 53] b)); goto BB6 } BB6 { - _21 <- ([#"../checked_ops.rs" 193 38 193 64] is_none0 ([#"../checked_ops.rs" 193 38 193 64] _23)); + [#"../checked_ops.rs" 193 38 193 64] _21 <- ([#"../checked_ops.rs" 193 38 193 64] is_none0 ([#"../checked_ops.rs" 193 38 193 64] _23)); goto BB7 } BB7 { - switch ([#"../checked_ops.rs" 193 4 193 65] not ([#"../checked_ops.rs" 193 12 193 64] Bool.eqb (let (_, a) = _18 in a) _21)) + switch ([#"../checked_ops.rs" 193 4 193 65] not ([#"../checked_ops.rs" 193 12 193 64] Bool.eqb ([#"../checked_ops.rs" 193 12 193 34] let (_, a) = _18 in a) _21)) | False -> goto BB9 | True -> goto BB8 end } BB8 { + assert { [#"../checked_ops.rs" 193 4 193 65] false }; absurd } BB9 { - _0 <- ([#"../checked_ops.rs" 191 45 194 1] ()); + [#"../checked_ops.rs" 191 45 194 1] _0 <- ([#"../checked_ops.rs" 191 45 194 1] ()); return _0 } @@ -3026,7 +3100,7 @@ module CheckedOps_TestI8SubExample val inv2 (_x : Core_Option_Option_Type.t_option int8) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int8 . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option int8 . inv2 x = true predicate invariant1 (self : int8) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : int8) : bool @@ -3036,7 +3110,7 @@ module CheckedOps_TestI8SubExample val inv1 (_x : int8) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../checked_ops.rs" 1 0 1 0] forall x : int8 . inv1 x = true + axiom inv1 : forall x : int8 . inv1 x = true predicate invariant0 (self : Core_Option_Option_Type.t_option int8) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : Core_Option_Option_Type.t_option int8) : bool @@ -3046,7 +3120,7 @@ module CheckedOps_TestI8SubExample val inv0 (_x : Core_Option_Option_Type.t_option int8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true use prelude.Bool predicate resolve2 (self : bool) = [#"../../../../creusot-contracts/src/resolve.rs" 45 8 45 12] true @@ -3134,11 +3208,11 @@ module CheckedOps_TestI8SubExample goto BB0 } BB0 { - _5 <- ([#"../checked_ops.rs" 198 12 198 31] checked_sub0 ([#"../checked_ops.rs" 198 12 198 15] [#"../checked_ops.rs" 198 12 198 15] (5 : int8)) ([#"../checked_ops.rs" 198 28 198 30] [#"../checked_ops.rs" 198 28 198 30] (10 : int8))); + [#"../checked_ops.rs" 198 12 198 31] _5 <- ([#"../checked_ops.rs" 198 12 198 31] checked_sub0 ([#"../checked_ops.rs" 198 12 198 15] [#"../checked_ops.rs" 198 12 198 15] (5 : int8)) ([#"../checked_ops.rs" 198 28 198 30] [#"../checked_ops.rs" 198 28 198 30] (10 : int8))); goto BB1 } BB1 { - _4 <- ([#"../checked_ops.rs" 198 12 198 40] unwrap0 _5); + [#"../checked_ops.rs" 198 12 198 40] _4 <- ([#"../checked_ops.rs" 198 12 198 40] unwrap0 _5); _5 <- any Core_Option_Option_Type.t_option int8; goto BB2 } @@ -3149,14 +3223,15 @@ module CheckedOps_TestI8SubExample end } BB3 { + assert { [#"../checked_ops.rs" 198 4 198 47] false }; absurd } BB4 { - _11 <- ([#"../checked_ops.rs" 199 12 199 33] checked_sub0 ([#"../checked_ops.rs" 199 12 199 17] [#"../checked_ops.rs" 199 12 199 17] (120 : int8)) ([#"../checked_ops.rs" 199 30 199 32] [#"../checked_ops.rs" 199 30 199 32] (10 : int8))); + [#"../checked_ops.rs" 199 12 199 33] _11 <- ([#"../checked_ops.rs" 199 12 199 33] checked_sub0 ([#"../checked_ops.rs" 199 12 199 17] [#"../checked_ops.rs" 199 12 199 17] (120 : int8)) ([#"../checked_ops.rs" 199 30 199 32] [#"../checked_ops.rs" 199 30 199 32] (10 : int8))); goto BB5 } BB5 { - _10 <- ([#"../checked_ops.rs" 199 12 199 42] unwrap0 _11); + [#"../checked_ops.rs" 199 12 199 42] _10 <- ([#"../checked_ops.rs" 199 12 199 42] unwrap0 _11); _11 <- any Core_Option_Option_Type.t_option int8; goto BB6 } @@ -3167,14 +3242,15 @@ module CheckedOps_TestI8SubExample end } BB7 { + assert { [#"../checked_ops.rs" 199 4 199 50] false }; absurd } BB8 { - _17 <- ([#"../checked_ops.rs" 200 12 200 36] checked_sub0 ([#"../checked_ops.rs" 200 12 200 20] [#"../checked_ops.rs" 200 12 200 20] (-120 : int8)) ([#"../checked_ops.rs" 200 33 200 35] [#"../checked_ops.rs" 200 33 200 35] (10 : int8))); + [#"../checked_ops.rs" 200 12 200 36] _17 <- ([#"../checked_ops.rs" 200 12 200 36] checked_sub0 ([#"../checked_ops.rs" 200 12 200 20] [#"../checked_ops.rs" 200 12 200 20] (-120 : int8)) ([#"../checked_ops.rs" 200 33 200 35] [#"../checked_ops.rs" 200 33 200 35] (10 : int8))); goto BB9 } BB9 { - _15 <- ([#"../checked_ops.rs" 200 12 200 46] is_none0 ([#"../checked_ops.rs" 200 12 200 46] _17)); + [#"../checked_ops.rs" 200 12 200 46] _15 <- ([#"../checked_ops.rs" 200 12 200 46] is_none0 ([#"../checked_ops.rs" 200 12 200 46] _17)); goto BB10 } BB10 { @@ -3184,10 +3260,11 @@ module CheckedOps_TestI8SubExample end } BB11 { + assert { [#"../checked_ops.rs" 200 4 200 47] false }; absurd } BB12 { - _22 <- ([#"../checked_ops.rs" 202 12 202 32] wrapping_sub0 ([#"../checked_ops.rs" 202 12 202 15] [#"../checked_ops.rs" 202 12 202 15] (5 : int8)) ([#"../checked_ops.rs" 202 29 202 31] [#"../checked_ops.rs" 202 29 202 31] (10 : int8))); + [#"../checked_ops.rs" 202 12 202 32] _22 <- ([#"../checked_ops.rs" 202 12 202 32] wrapping_sub0 ([#"../checked_ops.rs" 202 12 202 15] [#"../checked_ops.rs" 202 12 202 15] (5 : int8)) ([#"../checked_ops.rs" 202 29 202 31] [#"../checked_ops.rs" 202 29 202 31] (10 : int8))); goto BB13 } BB13 { @@ -3197,10 +3274,11 @@ module CheckedOps_TestI8SubExample end } BB14 { + assert { [#"../checked_ops.rs" 202 4 202 39] false }; absurd } BB15 { - _27 <- ([#"../checked_ops.rs" 203 12 203 34] wrapping_sub0 ([#"../checked_ops.rs" 203 12 203 17] [#"../checked_ops.rs" 203 12 203 17] (120 : int8)) ([#"../checked_ops.rs" 203 31 203 33] [#"../checked_ops.rs" 203 31 203 33] (10 : int8))); + [#"../checked_ops.rs" 203 12 203 34] _27 <- ([#"../checked_ops.rs" 203 12 203 34] wrapping_sub0 ([#"../checked_ops.rs" 203 12 203 17] [#"../checked_ops.rs" 203 12 203 17] (120 : int8)) ([#"../checked_ops.rs" 203 31 203 33] [#"../checked_ops.rs" 203 31 203 33] (10 : int8))); goto BB16 } BB16 { @@ -3210,10 +3288,11 @@ module CheckedOps_TestI8SubExample end } BB17 { + assert { [#"../checked_ops.rs" 203 4 203 42] false }; absurd } BB18 { - _32 <- ([#"../checked_ops.rs" 204 12 204 37] wrapping_sub0 ([#"../checked_ops.rs" 204 12 204 20] [#"../checked_ops.rs" 204 12 204 20] (-120 : int8)) ([#"../checked_ops.rs" 204 34 204 36] [#"../checked_ops.rs" 204 34 204 36] (10 : int8))); + [#"../checked_ops.rs" 204 12 204 37] _32 <- ([#"../checked_ops.rs" 204 12 204 37] wrapping_sub0 ([#"../checked_ops.rs" 204 12 204 20] [#"../checked_ops.rs" 204 12 204 20] (-120 : int8)) ([#"../checked_ops.rs" 204 34 204 36] [#"../checked_ops.rs" 204 34 204 36] (10 : int8))); goto BB19 } BB19 { @@ -3223,10 +3302,11 @@ module CheckedOps_TestI8SubExample end } BB20 { + assert { [#"../checked_ops.rs" 204 4 204 45] false }; absurd } BB21 { - _37 <- ([#"../checked_ops.rs" 206 12 206 34] saturating_sub0 ([#"../checked_ops.rs" 206 12 206 15] [#"../checked_ops.rs" 206 12 206 15] (5 : int8)) ([#"../checked_ops.rs" 206 31 206 33] [#"../checked_ops.rs" 206 31 206 33] (10 : int8))); + [#"../checked_ops.rs" 206 12 206 34] _37 <- ([#"../checked_ops.rs" 206 12 206 34] saturating_sub0 ([#"../checked_ops.rs" 206 12 206 15] [#"../checked_ops.rs" 206 12 206 15] (5 : int8)) ([#"../checked_ops.rs" 206 31 206 33] [#"../checked_ops.rs" 206 31 206 33] (10 : int8))); goto BB22 } BB22 { @@ -3236,10 +3316,11 @@ module CheckedOps_TestI8SubExample end } BB23 { + assert { [#"../checked_ops.rs" 206 4 206 41] false }; absurd } BB24 { - _42 <- ([#"../checked_ops.rs" 207 12 207 36] saturating_sub0 ([#"../checked_ops.rs" 207 12 207 17] [#"../checked_ops.rs" 207 12 207 17] (120 : int8)) ([#"../checked_ops.rs" 207 33 207 35] [#"../checked_ops.rs" 207 33 207 35] (10 : int8))); + [#"../checked_ops.rs" 207 12 207 36] _42 <- ([#"../checked_ops.rs" 207 12 207 36] saturating_sub0 ([#"../checked_ops.rs" 207 12 207 17] [#"../checked_ops.rs" 207 12 207 17] (120 : int8)) ([#"../checked_ops.rs" 207 33 207 35] [#"../checked_ops.rs" 207 33 207 35] (10 : int8))); goto BB25 } BB25 { @@ -3249,10 +3330,11 @@ module CheckedOps_TestI8SubExample end } BB26 { + assert { [#"../checked_ops.rs" 207 4 207 44] false }; absurd } BB27 { - _47 <- ([#"../checked_ops.rs" 208 12 208 39] saturating_sub0 ([#"../checked_ops.rs" 208 12 208 20] [#"../checked_ops.rs" 208 12 208 20] (-120 : int8)) ([#"../checked_ops.rs" 208 36 208 38] [#"../checked_ops.rs" 208 36 208 38] (10 : int8))); + [#"../checked_ops.rs" 208 12 208 39] _47 <- ([#"../checked_ops.rs" 208 12 208 39] saturating_sub0 ([#"../checked_ops.rs" 208 12 208 20] [#"../checked_ops.rs" 208 12 208 20] (-120 : int8)) ([#"../checked_ops.rs" 208 36 208 38] [#"../checked_ops.rs" 208 36 208 38] (10 : int8))); goto BB28 } BB28 { @@ -3262,26 +3344,27 @@ module CheckedOps_TestI8SubExample end } BB29 { + assert { [#"../checked_ops.rs" 208 4 208 48] false }; absurd } BB30 { - res <- ([#"../checked_ops.rs" 210 14 210 37] overflowing_sub0 ([#"../checked_ops.rs" 210 14 210 17] [#"../checked_ops.rs" 210 14 210 17] (5 : int8)) ([#"../checked_ops.rs" 210 34 210 36] [#"../checked_ops.rs" 210 34 210 36] (10 : int8))); + [#"../checked_ops.rs" 210 14 210 37] res <- ([#"../checked_ops.rs" 210 14 210 37] overflowing_sub0 ([#"../checked_ops.rs" 210 14 210 17] [#"../checked_ops.rs" 210 14 210 17] (5 : int8)) ([#"../checked_ops.rs" 210 34 210 36] [#"../checked_ops.rs" 210 34 210 36] (10 : int8))); goto BB31 } BB31 { - switch ([#"../checked_ops.rs" 211 12 211 23] (let (a, _) = res in a) = ([#"../checked_ops.rs" 211 21 211 23] [#"../checked_ops.rs" 211 21 211 23] (-5 : int8))) + switch ([#"../checked_ops.rs" 211 12 211 23] ([#"../checked_ops.rs" 211 12 211 17] let (a, _) = res in a) = ([#"../checked_ops.rs" 211 21 211 23] [#"../checked_ops.rs" 211 21 211 23] (-5 : int8))) | False -> goto BB32 | True -> goto BB33 end } BB32 { assume { resolve0 res }; - _52 <- ([#"../checked_ops.rs" 211 12 211 41] [#"../checked_ops.rs" 211 12 211 41] false); + [#"../checked_ops.rs" 211 12 211 41] _52 <- ([#"../checked_ops.rs" 211 12 211 41] [#"../checked_ops.rs" 211 12 211 41] false); goto BB34 } BB33 { assume { resolve0 res }; - _52 <- ([#"../checked_ops.rs" 211 27 211 41] Bool.eqb (let (_, a) = res in a) ([#"../checked_ops.rs" 211 36 211 41] [#"../checked_ops.rs" 211 36 211 41] false)); + [#"../checked_ops.rs" 211 12 211 41] _52 <- ([#"../checked_ops.rs" 211 27 211 41] Bool.eqb ([#"../checked_ops.rs" 211 27 211 32] let (_, a) = res in a) ([#"../checked_ops.rs" 211 36 211 41] [#"../checked_ops.rs" 211 36 211 41] false)); goto BB34 } BB34 { @@ -3291,26 +3374,27 @@ module CheckedOps_TestI8SubExample end } BB35 { + assert { [#"../checked_ops.rs" 211 4 211 42] false }; absurd } BB36 { - res1 <- ([#"../checked_ops.rs" 212 14 212 39] overflowing_sub0 ([#"../checked_ops.rs" 212 14 212 19] [#"../checked_ops.rs" 212 14 212 19] (120 : int8)) ([#"../checked_ops.rs" 212 36 212 38] [#"../checked_ops.rs" 212 36 212 38] (10 : int8))); + [#"../checked_ops.rs" 212 14 212 39] res1 <- ([#"../checked_ops.rs" 212 14 212 39] overflowing_sub0 ([#"../checked_ops.rs" 212 14 212 19] [#"../checked_ops.rs" 212 14 212 19] (120 : int8)) ([#"../checked_ops.rs" 212 36 212 38] [#"../checked_ops.rs" 212 36 212 38] (10 : int8))); goto BB37 } BB37 { - switch ([#"../checked_ops.rs" 213 12 213 24] (let (a, _) = res1 in a) = ([#"../checked_ops.rs" 213 21 213 24] [#"../checked_ops.rs" 213 21 213 24] (110 : int8))) + switch ([#"../checked_ops.rs" 213 12 213 24] ([#"../checked_ops.rs" 213 12 213 17] let (a, _) = res1 in a) = ([#"../checked_ops.rs" 213 21 213 24] [#"../checked_ops.rs" 213 21 213 24] (110 : int8))) | False -> goto BB38 | True -> goto BB39 end } BB38 { assume { resolve0 res1 }; - _61 <- ([#"../checked_ops.rs" 213 12 213 42] [#"../checked_ops.rs" 213 12 213 42] false); + [#"../checked_ops.rs" 213 12 213 42] _61 <- ([#"../checked_ops.rs" 213 12 213 42] [#"../checked_ops.rs" 213 12 213 42] false); goto BB40 } BB39 { assume { resolve0 res1 }; - _61 <- ([#"../checked_ops.rs" 213 28 213 42] Bool.eqb (let (_, a) = res1 in a) ([#"../checked_ops.rs" 213 37 213 42] [#"../checked_ops.rs" 213 37 213 42] false)); + [#"../checked_ops.rs" 213 12 213 42] _61 <- ([#"../checked_ops.rs" 213 28 213 42] Bool.eqb ([#"../checked_ops.rs" 213 28 213 33] let (_, a) = res1 in a) ([#"../checked_ops.rs" 213 37 213 42] [#"../checked_ops.rs" 213 37 213 42] false)); goto BB40 } BB40 { @@ -3320,26 +3404,27 @@ module CheckedOps_TestI8SubExample end } BB41 { + assert { [#"../checked_ops.rs" 213 4 213 43] false }; absurd } BB42 { - res2 <- ([#"../checked_ops.rs" 214 14 214 42] overflowing_sub0 ([#"../checked_ops.rs" 214 14 214 22] [#"../checked_ops.rs" 214 14 214 22] (-120 : int8)) ([#"../checked_ops.rs" 214 39 214 41] [#"../checked_ops.rs" 214 39 214 41] (10 : int8))); + [#"../checked_ops.rs" 214 14 214 42] res2 <- ([#"../checked_ops.rs" 214 14 214 42] overflowing_sub0 ([#"../checked_ops.rs" 214 14 214 22] [#"../checked_ops.rs" 214 14 214 22] (-120 : int8)) ([#"../checked_ops.rs" 214 39 214 41] [#"../checked_ops.rs" 214 39 214 41] (10 : int8))); goto BB43 } BB43 { - switch ([#"../checked_ops.rs" 215 12 215 24] (let (a, _) = res2 in a) = ([#"../checked_ops.rs" 215 21 215 24] [#"../checked_ops.rs" 215 21 215 24] (126 : int8))) + switch ([#"../checked_ops.rs" 215 12 215 24] ([#"../checked_ops.rs" 215 12 215 17] let (a, _) = res2 in a) = ([#"../checked_ops.rs" 215 21 215 24] [#"../checked_ops.rs" 215 21 215 24] (126 : int8))) | False -> goto BB44 | True -> goto BB45 end } BB44 { assume { resolve0 res2 }; - _70 <- ([#"../checked_ops.rs" 215 12 215 41] [#"../checked_ops.rs" 215 12 215 41] false); + [#"../checked_ops.rs" 215 12 215 41] _70 <- ([#"../checked_ops.rs" 215 12 215 41] [#"../checked_ops.rs" 215 12 215 41] false); goto BB46 } BB45 { assume { resolve0 res2 }; - _70 <- ([#"../checked_ops.rs" 215 28 215 41] Bool.eqb (let (_, a) = res2 in a) ([#"../checked_ops.rs" 215 37 215 41] [#"../checked_ops.rs" 215 37 215 41] true)); + [#"../checked_ops.rs" 215 12 215 41] _70 <- ([#"../checked_ops.rs" 215 28 215 41] Bool.eqb ([#"../checked_ops.rs" 215 28 215 33] let (_, a) = res2 in a) ([#"../checked_ops.rs" 215 37 215 41] [#"../checked_ops.rs" 215 37 215 41] true)); goto BB46 } BB46 { @@ -3349,10 +3434,11 @@ module CheckedOps_TestI8SubExample end } BB47 { + assert { [#"../checked_ops.rs" 215 4 215 42] false }; absurd } BB48 { - _0 <- ([#"../checked_ops.rs" 197 29 216 1] ()); + [#"../checked_ops.rs" 197 29 216 1] _0 <- ([#"../checked_ops.rs" 197 29 216 1] ()); return _0 } @@ -3369,7 +3455,7 @@ module CheckedOps_TestI8SubOverflowPos val inv0 (_x : Core_Option_Option_Type.t_option int8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true use prelude.Int8 use prelude.Bool predicate resolve2 (self : bool) = @@ -3441,11 +3527,11 @@ module CheckedOps_TestI8SubOverflowPos goto BB0 } BB0 { - _7 <- ([#"../checked_ops.rs" 221 12 221 35] checked_sub0 ([#"../checked_ops.rs" 221 12 221 20] [#"../checked_ops.rs" 221 12 221 20] (-128 : int8)) a); + [#"../checked_ops.rs" 221 12 221 35] _7 <- ([#"../checked_ops.rs" 221 12 221 35] checked_sub0 ([#"../checked_ops.rs" 221 12 221 20] [#"../checked_ops.rs" 221 12 221 20] (-128 : int8)) ([#"../checked_ops.rs" 221 33 221 34] a)); goto BB1 } BB1 { - _5 <- ([#"../checked_ops.rs" 221 12 221 45] is_none0 ([#"../checked_ops.rs" 221 12 221 45] _7)); + [#"../checked_ops.rs" 221 12 221 45] _5 <- ([#"../checked_ops.rs" 221 12 221 45] is_none0 ([#"../checked_ops.rs" 221 12 221 45] _7)); goto BB2 } BB2 { @@ -3455,23 +3541,25 @@ module CheckedOps_TestI8SubOverflowPos end } BB3 { + assert { [#"../checked_ops.rs" 221 4 221 46] false }; absurd } BB4 { - _13 <- ([#"../checked_ops.rs" 222 12 222 36] wrapping_sub0 ([#"../checked_ops.rs" 222 12 222 20] [#"../checked_ops.rs" 222 12 222 20] (-128 : int8)) a); + [#"../checked_ops.rs" 222 12 222 36] _13 <- ([#"../checked_ops.rs" 222 12 222 36] wrapping_sub0 ([#"../checked_ops.rs" 222 12 222 20] [#"../checked_ops.rs" 222 12 222 20] (-128 : int8)) ([#"../checked_ops.rs" 222 34 222 35] a)); goto BB5 } BB5 { - switch ([#"../checked_ops.rs" 222 4 222 52] not ([#"../checked_ops.rs" 222 12 222 51] _13 = ([#"../checked_ops.rs" 222 40 222 51] ([#"../checked_ops.rs" 222 40 222 47] ([#"../checked_ops.rs" 222 40 222 43] [#"../checked_ops.rs" 222 40 222 43] (127 : int8)) - a) + ([#"../checked_ops.rs" 222 50 222 51] [#"../checked_ops.rs" 222 50 222 51] (1 : int8))))) + switch ([#"../checked_ops.rs" 222 4 222 52] not ([#"../checked_ops.rs" 222 12 222 51] _13 = ([#"../checked_ops.rs" 222 40 222 51] ([#"../checked_ops.rs" 222 40 222 47] ([#"../checked_ops.rs" 222 40 222 43] [#"../checked_ops.rs" 222 40 222 43] (127 : int8)) - ([#"../checked_ops.rs" 222 46 222 47] a)) + ([#"../checked_ops.rs" 222 50 222 51] [#"../checked_ops.rs" 222 50 222 51] (1 : int8))))) | False -> goto BB7 | True -> goto BB6 end } BB6 { + assert { [#"../checked_ops.rs" 222 4 222 52] false }; absurd } BB7 { - _22 <- ([#"../checked_ops.rs" 223 12 223 38] saturating_sub0 ([#"../checked_ops.rs" 223 12 223 20] [#"../checked_ops.rs" 223 12 223 20] (-128 : int8)) a); + [#"../checked_ops.rs" 223 12 223 38] _22 <- ([#"../checked_ops.rs" 223 12 223 38] saturating_sub0 ([#"../checked_ops.rs" 223 12 223 20] [#"../checked_ops.rs" 223 12 223 20] (-128 : int8)) ([#"../checked_ops.rs" 223 36 223 37] a)); goto BB8 } BB8 { @@ -3481,26 +3569,27 @@ module CheckedOps_TestI8SubOverflowPos end } BB9 { + assert { [#"../checked_ops.rs" 223 4 223 47] false }; absurd } BB10 { - res <- ([#"../checked_ops.rs" 224 14 224 41] overflowing_sub0 ([#"../checked_ops.rs" 224 14 224 22] [#"../checked_ops.rs" 224 14 224 22] (-128 : int8)) a); + [#"../checked_ops.rs" 224 14 224 41] res <- ([#"../checked_ops.rs" 224 14 224 41] overflowing_sub0 ([#"../checked_ops.rs" 224 14 224 22] [#"../checked_ops.rs" 224 14 224 22] (-128 : int8)) ([#"../checked_ops.rs" 224 39 224 40] a)); goto BB11 } BB11 { - switch ([#"../checked_ops.rs" 225 12 225 32] (let (a, _) = res in a) = ([#"../checked_ops.rs" 225 21 225 32] ([#"../checked_ops.rs" 225 21 225 28] ([#"../checked_ops.rs" 225 21 225 24] [#"../checked_ops.rs" 225 21 225 24] (127 : int8)) - a) + ([#"../checked_ops.rs" 225 31 225 32] [#"../checked_ops.rs" 225 31 225 32] (1 : int8)))) + switch ([#"../checked_ops.rs" 225 12 225 32] ([#"../checked_ops.rs" 225 12 225 17] let (a, _) = res in a) = ([#"../checked_ops.rs" 225 21 225 32] ([#"../checked_ops.rs" 225 21 225 28] ([#"../checked_ops.rs" 225 21 225 24] [#"../checked_ops.rs" 225 21 225 24] (127 : int8)) - ([#"../checked_ops.rs" 225 27 225 28] a)) + ([#"../checked_ops.rs" 225 31 225 32] [#"../checked_ops.rs" 225 31 225 32] (1 : int8)))) | False -> goto BB12 | True -> goto BB13 end } BB12 { assume { resolve0 res }; - _29 <- ([#"../checked_ops.rs" 225 12 225 49] [#"../checked_ops.rs" 225 12 225 49] false); + [#"../checked_ops.rs" 225 12 225 49] _29 <- ([#"../checked_ops.rs" 225 12 225 49] [#"../checked_ops.rs" 225 12 225 49] false); goto BB14 } BB13 { assume { resolve0 res }; - _29 <- ([#"../checked_ops.rs" 225 36 225 49] Bool.eqb (let (_, a) = res in a) ([#"../checked_ops.rs" 225 45 225 49] [#"../checked_ops.rs" 225 45 225 49] true)); + [#"../checked_ops.rs" 225 12 225 49] _29 <- ([#"../checked_ops.rs" 225 36 225 49] Bool.eqb ([#"../checked_ops.rs" 225 36 225 41] let (_, a) = res in a) ([#"../checked_ops.rs" 225 45 225 49] [#"../checked_ops.rs" 225 45 225 49] true)); goto BB14 } BB14 { @@ -3510,10 +3599,11 @@ module CheckedOps_TestI8SubOverflowPos end } BB15 { + assert { [#"../checked_ops.rs" 225 4 225 50] false }; absurd } BB16 { - _0 <- ([#"../checked_ops.rs" 220 39 226 1] ()); + [#"../checked_ops.rs" 220 39 226 1] _0 <- ([#"../checked_ops.rs" 220 39 226 1] ()); return _0 } @@ -3530,7 +3620,7 @@ module CheckedOps_TestI8SubOverflowNeg val inv0 (_x : Core_Option_Option_Type.t_option int8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true use prelude.Int8 use prelude.Bool predicate resolve2 (self : bool) = @@ -3602,11 +3692,11 @@ module CheckedOps_TestI8SubOverflowNeg goto BB0 } BB0 { - _7 <- ([#"../checked_ops.rs" 231 12 231 32] checked_sub0 ([#"../checked_ops.rs" 231 12 231 17] [#"../checked_ops.rs" 231 12 231 17] (127 : int8)) a); + [#"../checked_ops.rs" 231 12 231 32] _7 <- ([#"../checked_ops.rs" 231 12 231 32] checked_sub0 ([#"../checked_ops.rs" 231 12 231 17] [#"../checked_ops.rs" 231 12 231 17] (127 : int8)) ([#"../checked_ops.rs" 231 30 231 31] a)); goto BB1 } BB1 { - _5 <- ([#"../checked_ops.rs" 231 12 231 42] is_none0 ([#"../checked_ops.rs" 231 12 231 42] _7)); + [#"../checked_ops.rs" 231 12 231 42] _5 <- ([#"../checked_ops.rs" 231 12 231 42] is_none0 ([#"../checked_ops.rs" 231 12 231 42] _7)); goto BB2 } BB2 { @@ -3616,23 +3706,25 @@ module CheckedOps_TestI8SubOverflowNeg end } BB3 { + assert { [#"../checked_ops.rs" 231 4 231 43] false }; absurd } BB4 { - _13 <- ([#"../checked_ops.rs" 232 12 232 33] wrapping_sub0 ([#"../checked_ops.rs" 232 12 232 17] [#"../checked_ops.rs" 232 12 232 17] (127 : int8)) a); + [#"../checked_ops.rs" 232 12 232 33] _13 <- ([#"../checked_ops.rs" 232 12 232 33] wrapping_sub0 ([#"../checked_ops.rs" 232 12 232 17] [#"../checked_ops.rs" 232 12 232 17] (127 : int8)) ([#"../checked_ops.rs" 232 31 232 32] a)); goto BB5 } BB5 { - switch ([#"../checked_ops.rs" 232 4 232 52] not ([#"../checked_ops.rs" 232 12 232 51] _13 = ([#"../checked_ops.rs" 232 37 232 51] ([#"../checked_ops.rs" 232 37 232 45] - ([#"../checked_ops.rs" 232 38 232 45] ([#"../checked_ops.rs" 232 39 232 40] [#"../checked_ops.rs" 232 39 232 40] (2 : int8)) + a)) - ([#"../checked_ops.rs" 232 48 232 51] [#"../checked_ops.rs" 232 48 232 51] (127 : int8))))) + switch ([#"../checked_ops.rs" 232 4 232 52] not ([#"../checked_ops.rs" 232 12 232 51] _13 = ([#"../checked_ops.rs" 232 37 232 51] ([#"../checked_ops.rs" 232 37 232 45] - ([#"../checked_ops.rs" 232 38 232 45] ([#"../checked_ops.rs" 232 39 232 40] [#"../checked_ops.rs" 232 39 232 40] (2 : int8)) + ([#"../checked_ops.rs" 232 43 232 44] a))) - ([#"../checked_ops.rs" 232 48 232 51] [#"../checked_ops.rs" 232 48 232 51] (127 : int8))))) | False -> goto BB7 | True -> goto BB6 end } BB6 { + assert { [#"../checked_ops.rs" 232 4 232 52] false }; absurd } BB7 { - _23 <- ([#"../checked_ops.rs" 233 12 233 35] saturating_sub0 ([#"../checked_ops.rs" 233 12 233 17] [#"../checked_ops.rs" 233 12 233 17] (127 : int8)) a); + [#"../checked_ops.rs" 233 12 233 35] _23 <- ([#"../checked_ops.rs" 233 12 233 35] saturating_sub0 ([#"../checked_ops.rs" 233 12 233 17] [#"../checked_ops.rs" 233 12 233 17] (127 : int8)) ([#"../checked_ops.rs" 233 33 233 34] a)); goto BB8 } BB8 { @@ -3642,26 +3734,27 @@ module CheckedOps_TestI8SubOverflowNeg end } BB9 { + assert { [#"../checked_ops.rs" 233 4 233 43] false }; absurd } BB10 { - res <- ([#"../checked_ops.rs" 234 14 234 38] overflowing_sub0 ([#"../checked_ops.rs" 234 14 234 19] [#"../checked_ops.rs" 234 14 234 19] (127 : int8)) a); + [#"../checked_ops.rs" 234 14 234 38] res <- ([#"../checked_ops.rs" 234 14 234 38] overflowing_sub0 ([#"../checked_ops.rs" 234 14 234 19] [#"../checked_ops.rs" 234 14 234 19] (127 : int8)) ([#"../checked_ops.rs" 234 36 234 37] a)); goto BB11 } BB11 { - switch ([#"../checked_ops.rs" 235 12 235 35] (let (a, _) = res in a) = ([#"../checked_ops.rs" 235 21 235 35] ([#"../checked_ops.rs" 235 21 235 29] - ([#"../checked_ops.rs" 235 22 235 29] ([#"../checked_ops.rs" 235 23 235 24] [#"../checked_ops.rs" 235 23 235 24] (2 : int8)) + a)) - ([#"../checked_ops.rs" 235 32 235 35] [#"../checked_ops.rs" 235 32 235 35] (127 : int8)))) + switch ([#"../checked_ops.rs" 235 12 235 35] ([#"../checked_ops.rs" 235 12 235 17] let (a, _) = res in a) = ([#"../checked_ops.rs" 235 21 235 35] ([#"../checked_ops.rs" 235 21 235 29] - ([#"../checked_ops.rs" 235 22 235 29] ([#"../checked_ops.rs" 235 23 235 24] [#"../checked_ops.rs" 235 23 235 24] (2 : int8)) + ([#"../checked_ops.rs" 235 27 235 28] a))) - ([#"../checked_ops.rs" 235 32 235 35] [#"../checked_ops.rs" 235 32 235 35] (127 : int8)))) | False -> goto BB12 | True -> goto BB13 end } BB12 { assume { resolve0 res }; - _30 <- ([#"../checked_ops.rs" 235 12 235 52] [#"../checked_ops.rs" 235 12 235 52] false); + [#"../checked_ops.rs" 235 12 235 52] _30 <- ([#"../checked_ops.rs" 235 12 235 52] [#"../checked_ops.rs" 235 12 235 52] false); goto BB14 } BB13 { assume { resolve0 res }; - _30 <- ([#"../checked_ops.rs" 235 39 235 52] Bool.eqb (let (_, a) = res in a) ([#"../checked_ops.rs" 235 48 235 52] [#"../checked_ops.rs" 235 48 235 52] true)); + [#"../checked_ops.rs" 235 12 235 52] _30 <- ([#"../checked_ops.rs" 235 39 235 52] Bool.eqb ([#"../checked_ops.rs" 235 39 235 44] let (_, a) = res in a) ([#"../checked_ops.rs" 235 48 235 52] [#"../checked_ops.rs" 235 48 235 52] true)); goto BB14 } BB14 { @@ -3671,10 +3764,11 @@ module CheckedOps_TestI8SubOverflowNeg end } BB15 { + assert { [#"../checked_ops.rs" 235 4 235 53] false }; absurd } BB16 { - _0 <- ([#"../checked_ops.rs" 230 39 236 1] ()); + [#"../checked_ops.rs" 230 39 236 1] _0 <- ([#"../checked_ops.rs" 230 39 236 1] ()); return _0 } @@ -3710,7 +3804,7 @@ module CheckedOps_TestI8WrappingSub goto BB0 } BB0 { - _0 <- ([#"../checked_ops.rs" 242 4 242 21] wrapping_sub0 a b); + [#"../checked_ops.rs" 242 4 242 21] _0 <- ([#"../checked_ops.rs" 242 4 242 21] wrapping_sub0 ([#"../checked_ops.rs" 242 4 242 5] a) ([#"../checked_ops.rs" 242 19 242 20] b)); goto BB1 } BB1 { @@ -3730,7 +3824,7 @@ module CheckedOps_TestI8OverflowingSub val inv0 (_x : Core_Option_Option_Type.t_option int8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true use prelude.Bool use prelude.Borrow val is_none0 (self : Core_Option_Option_Type.t_option int8) : bool @@ -3796,47 +3890,49 @@ module CheckedOps_TestI8OverflowingSub goto BB0 } BB0 { - _7 <- ([#"../checked_ops.rs" 247 12 247 32] overflowing_sub0 a b); + [#"../checked_ops.rs" 247 12 247 32] _7 <- ([#"../checked_ops.rs" 247 12 247 32] overflowing_sub0 ([#"../checked_ops.rs" 247 12 247 13] a) ([#"../checked_ops.rs" 247 30 247 31] b)); goto BB1 } BB1 { assume { resolve0 _7 }; - _10 <- ([#"../checked_ops.rs" 247 38 247 55] wrapping_sub0 a b); + [#"../checked_ops.rs" 247 38 247 55] _10 <- ([#"../checked_ops.rs" 247 38 247 55] wrapping_sub0 ([#"../checked_ops.rs" 247 38 247 39] a) ([#"../checked_ops.rs" 247 53 247 54] b)); goto BB2 } BB2 { - switch ([#"../checked_ops.rs" 247 4 247 56] not ([#"../checked_ops.rs" 247 12 247 55] (let (a, _) = _7 in a) = _10)) + switch ([#"../checked_ops.rs" 247 4 247 56] not ([#"../checked_ops.rs" 247 12 247 55] ([#"../checked_ops.rs" 247 12 247 34] let (a, _) = _7 in a) = _10)) | False -> goto BB4 | True -> goto BB3 end } BB3 { + assert { [#"../checked_ops.rs" 247 4 247 56] false }; absurd } BB4 { - _18 <- ([#"../checked_ops.rs" 248 12 248 32] overflowing_sub0 a b); + [#"../checked_ops.rs" 248 12 248 32] _18 <- ([#"../checked_ops.rs" 248 12 248 32] overflowing_sub0 ([#"../checked_ops.rs" 248 12 248 13] a) ([#"../checked_ops.rs" 248 30 248 31] b)); goto BB5 } BB5 { assume { resolve0 _18 }; - _23 <- ([#"../checked_ops.rs" 248 38 248 54] checked_sub0 a b); + [#"../checked_ops.rs" 248 38 248 54] _23 <- ([#"../checked_ops.rs" 248 38 248 54] checked_sub0 ([#"../checked_ops.rs" 248 38 248 39] a) ([#"../checked_ops.rs" 248 52 248 53] b)); goto BB6 } BB6 { - _21 <- ([#"../checked_ops.rs" 248 38 248 64] is_none0 ([#"../checked_ops.rs" 248 38 248 64] _23)); + [#"../checked_ops.rs" 248 38 248 64] _21 <- ([#"../checked_ops.rs" 248 38 248 64] is_none0 ([#"../checked_ops.rs" 248 38 248 64] _23)); goto BB7 } BB7 { - switch ([#"../checked_ops.rs" 248 4 248 65] not ([#"../checked_ops.rs" 248 12 248 64] Bool.eqb (let (_, a) = _18 in a) _21)) + switch ([#"../checked_ops.rs" 248 4 248 65] not ([#"../checked_ops.rs" 248 12 248 64] Bool.eqb ([#"../checked_ops.rs" 248 12 248 34] let (_, a) = _18 in a) _21)) | False -> goto BB9 | True -> goto BB8 end } BB8 { + assert { [#"../checked_ops.rs" 248 4 248 65] false }; absurd } BB9 { - _0 <- ([#"../checked_ops.rs" 246 45 249 1] ()); + [#"../checked_ops.rs" 246 45 249 1] _0 <- ([#"../checked_ops.rs" 246 45 249 1] ()); return _0 } @@ -3853,7 +3949,7 @@ module CheckedOps_TestI8MulExample val inv2 (_x : Core_Option_Option_Type.t_option int8) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int8 . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option int8 . inv2 x = true predicate invariant1 (self : int8) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : int8) : bool @@ -3863,7 +3959,7 @@ module CheckedOps_TestI8MulExample val inv1 (_x : int8) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../checked_ops.rs" 1 0 1 0] forall x : int8 . inv1 x = true + axiom inv1 : forall x : int8 . inv1 x = true predicate invariant0 (self : Core_Option_Option_Type.t_option int8) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : Core_Option_Option_Type.t_option int8) : bool @@ -3873,7 +3969,7 @@ module CheckedOps_TestI8MulExample val inv0 (_x : Core_Option_Option_Type.t_option int8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true use prelude.Bool predicate resolve2 (self : bool) = [#"../../../../creusot-contracts/src/resolve.rs" 45 8 45 12] true @@ -3961,11 +4057,11 @@ module CheckedOps_TestI8MulExample goto BB0 } BB0 { - _5 <- ([#"../checked_ops.rs" 253 12 253 31] checked_mul0 ([#"../checked_ops.rs" 253 12 253 15] [#"../checked_ops.rs" 253 12 253 15] (5 : int8)) ([#"../checked_ops.rs" 253 28 253 30] [#"../checked_ops.rs" 253 28 253 30] (10 : int8))); + [#"../checked_ops.rs" 253 12 253 31] _5 <- ([#"../checked_ops.rs" 253 12 253 31] checked_mul0 ([#"../checked_ops.rs" 253 12 253 15] [#"../checked_ops.rs" 253 12 253 15] (5 : int8)) ([#"../checked_ops.rs" 253 28 253 30] [#"../checked_ops.rs" 253 28 253 30] (10 : int8))); goto BB1 } BB1 { - _4 <- ([#"../checked_ops.rs" 253 12 253 40] unwrap0 _5); + [#"../checked_ops.rs" 253 12 253 40] _4 <- ([#"../checked_ops.rs" 253 12 253 40] unwrap0 _5); _5 <- any Core_Option_Option_Type.t_option int8; goto BB2 } @@ -3976,14 +4072,15 @@ module CheckedOps_TestI8MulExample end } BB3 { + assert { [#"../checked_ops.rs" 253 4 253 47] false }; absurd } BB4 { - _11 <- ([#"../checked_ops.rs" 254 12 254 32] checked_mul0 ([#"../checked_ops.rs" 254 12 254 16] [#"../checked_ops.rs" 254 12 254 16] (50 : int8)) ([#"../checked_ops.rs" 254 29 254 31] [#"../checked_ops.rs" 254 29 254 31] (10 : int8))); + [#"../checked_ops.rs" 254 12 254 32] _11 <- ([#"../checked_ops.rs" 254 12 254 32] checked_mul0 ([#"../checked_ops.rs" 254 12 254 16] [#"../checked_ops.rs" 254 12 254 16] (50 : int8)) ([#"../checked_ops.rs" 254 29 254 31] [#"../checked_ops.rs" 254 29 254 31] (10 : int8))); goto BB5 } BB5 { - _9 <- ([#"../checked_ops.rs" 254 12 254 42] is_none0 ([#"../checked_ops.rs" 254 12 254 42] _11)); + [#"../checked_ops.rs" 254 12 254 42] _9 <- ([#"../checked_ops.rs" 254 12 254 42] is_none0 ([#"../checked_ops.rs" 254 12 254 42] _11)); goto BB6 } BB6 { @@ -3993,14 +4090,15 @@ module CheckedOps_TestI8MulExample end } BB7 { + assert { [#"../checked_ops.rs" 254 4 254 43] false }; absurd } BB8 { - _17 <- ([#"../checked_ops.rs" 255 12 255 33] checked_mul0 ([#"../checked_ops.rs" 255 12 255 16] [#"../checked_ops.rs" 255 12 255 16] (50 : int8)) ([#"../checked_ops.rs" 255 29 255 32] [#"../checked_ops.rs" 255 29 255 32] (-10 : int8))); + [#"../checked_ops.rs" 255 12 255 33] _17 <- ([#"../checked_ops.rs" 255 12 255 33] checked_mul0 ([#"../checked_ops.rs" 255 12 255 16] [#"../checked_ops.rs" 255 12 255 16] (50 : int8)) ([#"../checked_ops.rs" 255 29 255 32] [#"../checked_ops.rs" 255 29 255 32] (-10 : int8))); goto BB9 } BB9 { - _15 <- ([#"../checked_ops.rs" 255 12 255 43] is_none0 ([#"../checked_ops.rs" 255 12 255 43] _17)); + [#"../checked_ops.rs" 255 12 255 43] _15 <- ([#"../checked_ops.rs" 255 12 255 43] is_none0 ([#"../checked_ops.rs" 255 12 255 43] _17)); goto BB10 } BB10 { @@ -4010,10 +4108,11 @@ module CheckedOps_TestI8MulExample end } BB11 { + assert { [#"../checked_ops.rs" 255 4 255 44] false }; absurd } BB12 { - _22 <- ([#"../checked_ops.rs" 257 12 257 32] wrapping_mul0 ([#"../checked_ops.rs" 257 12 257 15] [#"../checked_ops.rs" 257 12 257 15] (5 : int8)) ([#"../checked_ops.rs" 257 29 257 31] [#"../checked_ops.rs" 257 29 257 31] (10 : int8))); + [#"../checked_ops.rs" 257 12 257 32] _22 <- ([#"../checked_ops.rs" 257 12 257 32] wrapping_mul0 ([#"../checked_ops.rs" 257 12 257 15] [#"../checked_ops.rs" 257 12 257 15] (5 : int8)) ([#"../checked_ops.rs" 257 29 257 31] [#"../checked_ops.rs" 257 29 257 31] (10 : int8))); goto BB13 } BB13 { @@ -4023,10 +4122,11 @@ module CheckedOps_TestI8MulExample end } BB14 { + assert { [#"../checked_ops.rs" 257 4 257 39] false }; absurd } BB15 { - _27 <- ([#"../checked_ops.rs" 258 12 258 33] wrapping_mul0 ([#"../checked_ops.rs" 258 12 258 16] [#"../checked_ops.rs" 258 12 258 16] (50 : int8)) ([#"../checked_ops.rs" 258 30 258 32] [#"../checked_ops.rs" 258 30 258 32] (10 : int8))); + [#"../checked_ops.rs" 258 12 258 33] _27 <- ([#"../checked_ops.rs" 258 12 258 33] wrapping_mul0 ([#"../checked_ops.rs" 258 12 258 16] [#"../checked_ops.rs" 258 12 258 16] (50 : int8)) ([#"../checked_ops.rs" 258 30 258 32] [#"../checked_ops.rs" 258 30 258 32] (10 : int8))); goto BB16 } BB16 { @@ -4036,10 +4136,11 @@ module CheckedOps_TestI8MulExample end } BB17 { + assert { [#"../checked_ops.rs" 258 4 258 41] false }; absurd } BB18 { - _32 <- ([#"../checked_ops.rs" 259 12 259 34] wrapping_mul0 ([#"../checked_ops.rs" 259 12 259 16] [#"../checked_ops.rs" 259 12 259 16] (50 : int8)) ([#"../checked_ops.rs" 259 30 259 33] [#"../checked_ops.rs" 259 30 259 33] (-10 : int8))); + [#"../checked_ops.rs" 259 12 259 34] _32 <- ([#"../checked_ops.rs" 259 12 259 34] wrapping_mul0 ([#"../checked_ops.rs" 259 12 259 16] [#"../checked_ops.rs" 259 12 259 16] (50 : int8)) ([#"../checked_ops.rs" 259 30 259 33] [#"../checked_ops.rs" 259 30 259 33] (-10 : int8))); goto BB19 } BB19 { @@ -4049,10 +4150,11 @@ module CheckedOps_TestI8MulExample end } BB20 { + assert { [#"../checked_ops.rs" 259 4 259 41] false }; absurd } BB21 { - _37 <- ([#"../checked_ops.rs" 261 12 261 34] saturating_mul0 ([#"../checked_ops.rs" 261 12 261 15] [#"../checked_ops.rs" 261 12 261 15] (5 : int8)) ([#"../checked_ops.rs" 261 31 261 33] [#"../checked_ops.rs" 261 31 261 33] (10 : int8))); + [#"../checked_ops.rs" 261 12 261 34] _37 <- ([#"../checked_ops.rs" 261 12 261 34] saturating_mul0 ([#"../checked_ops.rs" 261 12 261 15] [#"../checked_ops.rs" 261 12 261 15] (5 : int8)) ([#"../checked_ops.rs" 261 31 261 33] [#"../checked_ops.rs" 261 31 261 33] (10 : int8))); goto BB22 } BB22 { @@ -4062,10 +4164,11 @@ module CheckedOps_TestI8MulExample end } BB23 { + assert { [#"../checked_ops.rs" 261 4 261 41] false }; absurd } BB24 { - _42 <- ([#"../checked_ops.rs" 262 12 262 35] saturating_mul0 ([#"../checked_ops.rs" 262 12 262 16] [#"../checked_ops.rs" 262 12 262 16] (50 : int8)) ([#"../checked_ops.rs" 262 32 262 34] [#"../checked_ops.rs" 262 32 262 34] (10 : int8))); + [#"../checked_ops.rs" 262 12 262 35] _42 <- ([#"../checked_ops.rs" 262 12 262 35] saturating_mul0 ([#"../checked_ops.rs" 262 12 262 16] [#"../checked_ops.rs" 262 12 262 16] (50 : int8)) ([#"../checked_ops.rs" 262 32 262 34] [#"../checked_ops.rs" 262 32 262 34] (10 : int8))); goto BB25 } BB25 { @@ -4075,10 +4178,11 @@ module CheckedOps_TestI8MulExample end } BB26 { + assert { [#"../checked_ops.rs" 262 4 262 43] false }; absurd } BB27 { - _47 <- ([#"../checked_ops.rs" 263 12 263 36] saturating_mul0 ([#"../checked_ops.rs" 263 12 263 16] [#"../checked_ops.rs" 263 12 263 16] (50 : int8)) ([#"../checked_ops.rs" 263 32 263 35] [#"../checked_ops.rs" 263 32 263 35] (-10 : int8))); + [#"../checked_ops.rs" 263 12 263 36] _47 <- ([#"../checked_ops.rs" 263 12 263 36] saturating_mul0 ([#"../checked_ops.rs" 263 12 263 16] [#"../checked_ops.rs" 263 12 263 16] (50 : int8)) ([#"../checked_ops.rs" 263 32 263 35] [#"../checked_ops.rs" 263 32 263 35] (-10 : int8))); goto BB28 } BB28 { @@ -4088,26 +4192,27 @@ module CheckedOps_TestI8MulExample end } BB29 { + assert { [#"../checked_ops.rs" 263 4 263 45] false }; absurd } BB30 { - res <- ([#"../checked_ops.rs" 265 14 265 37] overflowing_mul0 ([#"../checked_ops.rs" 265 14 265 17] [#"../checked_ops.rs" 265 14 265 17] (5 : int8)) ([#"../checked_ops.rs" 265 34 265 36] [#"../checked_ops.rs" 265 34 265 36] (10 : int8))); + [#"../checked_ops.rs" 265 14 265 37] res <- ([#"../checked_ops.rs" 265 14 265 37] overflowing_mul0 ([#"../checked_ops.rs" 265 14 265 17] [#"../checked_ops.rs" 265 14 265 17] (5 : int8)) ([#"../checked_ops.rs" 265 34 265 36] [#"../checked_ops.rs" 265 34 265 36] (10 : int8))); goto BB31 } BB31 { - switch ([#"../checked_ops.rs" 266 12 266 23] (let (a, _) = res in a) = ([#"../checked_ops.rs" 266 21 266 23] [#"../checked_ops.rs" 266 21 266 23] (50 : int8))) + switch ([#"../checked_ops.rs" 266 12 266 23] ([#"../checked_ops.rs" 266 12 266 17] let (a, _) = res in a) = ([#"../checked_ops.rs" 266 21 266 23] [#"../checked_ops.rs" 266 21 266 23] (50 : int8))) | False -> goto BB32 | True -> goto BB33 end } BB32 { assume { resolve0 res }; - _52 <- ([#"../checked_ops.rs" 266 12 266 41] [#"../checked_ops.rs" 266 12 266 41] false); + [#"../checked_ops.rs" 266 12 266 41] _52 <- ([#"../checked_ops.rs" 266 12 266 41] [#"../checked_ops.rs" 266 12 266 41] false); goto BB34 } BB33 { assume { resolve0 res }; - _52 <- ([#"../checked_ops.rs" 266 27 266 41] Bool.eqb (let (_, a) = res in a) ([#"../checked_ops.rs" 266 36 266 41] [#"../checked_ops.rs" 266 36 266 41] false)); + [#"../checked_ops.rs" 266 12 266 41] _52 <- ([#"../checked_ops.rs" 266 27 266 41] Bool.eqb ([#"../checked_ops.rs" 266 27 266 32] let (_, a) = res in a) ([#"../checked_ops.rs" 266 36 266 41] [#"../checked_ops.rs" 266 36 266 41] false)); goto BB34 } BB34 { @@ -4117,26 +4222,27 @@ module CheckedOps_TestI8MulExample end } BB35 { + assert { [#"../checked_ops.rs" 266 4 266 42] false }; absurd } BB36 { - res1 <- ([#"../checked_ops.rs" 267 14 267 38] overflowing_mul0 ([#"../checked_ops.rs" 267 14 267 18] [#"../checked_ops.rs" 267 14 267 18] (50 : int8)) ([#"../checked_ops.rs" 267 35 267 37] [#"../checked_ops.rs" 267 35 267 37] (10 : int8))); + [#"../checked_ops.rs" 267 14 267 38] res1 <- ([#"../checked_ops.rs" 267 14 267 38] overflowing_mul0 ([#"../checked_ops.rs" 267 14 267 18] [#"../checked_ops.rs" 267 14 267 18] (50 : int8)) ([#"../checked_ops.rs" 267 35 267 37] [#"../checked_ops.rs" 267 35 267 37] (10 : int8))); goto BB37 } BB37 { - switch ([#"../checked_ops.rs" 268 12 268 24] (let (a, _) = res1 in a) = ([#"../checked_ops.rs" 268 21 268 24] [#"../checked_ops.rs" 268 21 268 24] (-12 : int8))) + switch ([#"../checked_ops.rs" 268 12 268 24] ([#"../checked_ops.rs" 268 12 268 17] let (a, _) = res1 in a) = ([#"../checked_ops.rs" 268 21 268 24] [#"../checked_ops.rs" 268 21 268 24] (-12 : int8))) | False -> goto BB38 | True -> goto BB39 end } BB38 { assume { resolve0 res1 }; - _61 <- ([#"../checked_ops.rs" 268 12 268 41] [#"../checked_ops.rs" 268 12 268 41] false); + [#"../checked_ops.rs" 268 12 268 41] _61 <- ([#"../checked_ops.rs" 268 12 268 41] [#"../checked_ops.rs" 268 12 268 41] false); goto BB40 } BB39 { assume { resolve0 res1 }; - _61 <- ([#"../checked_ops.rs" 268 28 268 41] Bool.eqb (let (_, a) = res1 in a) ([#"../checked_ops.rs" 268 37 268 41] [#"../checked_ops.rs" 268 37 268 41] true)); + [#"../checked_ops.rs" 268 12 268 41] _61 <- ([#"../checked_ops.rs" 268 28 268 41] Bool.eqb ([#"../checked_ops.rs" 268 28 268 33] let (_, a) = res1 in a) ([#"../checked_ops.rs" 268 37 268 41] [#"../checked_ops.rs" 268 37 268 41] true)); goto BB40 } BB40 { @@ -4146,26 +4252,27 @@ module CheckedOps_TestI8MulExample end } BB41 { + assert { [#"../checked_ops.rs" 268 4 268 42] false }; absurd } BB42 { - res2 <- ([#"../checked_ops.rs" 269 14 269 39] overflowing_mul0 ([#"../checked_ops.rs" 269 14 269 18] [#"../checked_ops.rs" 269 14 269 18] (50 : int8)) ([#"../checked_ops.rs" 269 35 269 38] [#"../checked_ops.rs" 269 35 269 38] (-10 : int8))); + [#"../checked_ops.rs" 269 14 269 39] res2 <- ([#"../checked_ops.rs" 269 14 269 39] overflowing_mul0 ([#"../checked_ops.rs" 269 14 269 18] [#"../checked_ops.rs" 269 14 269 18] (50 : int8)) ([#"../checked_ops.rs" 269 35 269 38] [#"../checked_ops.rs" 269 35 269 38] (-10 : int8))); goto BB43 } BB43 { - switch ([#"../checked_ops.rs" 270 12 270 23] (let (a, _) = res2 in a) = ([#"../checked_ops.rs" 270 21 270 23] [#"../checked_ops.rs" 270 21 270 23] (12 : int8))) + switch ([#"../checked_ops.rs" 270 12 270 23] ([#"../checked_ops.rs" 270 12 270 17] let (a, _) = res2 in a) = ([#"../checked_ops.rs" 270 21 270 23] [#"../checked_ops.rs" 270 21 270 23] (12 : int8))) | False -> goto BB44 | True -> goto BB45 end } BB44 { assume { resolve0 res2 }; - _70 <- ([#"../checked_ops.rs" 270 12 270 40] [#"../checked_ops.rs" 270 12 270 40] false); + [#"../checked_ops.rs" 270 12 270 40] _70 <- ([#"../checked_ops.rs" 270 12 270 40] [#"../checked_ops.rs" 270 12 270 40] false); goto BB46 } BB45 { assume { resolve0 res2 }; - _70 <- ([#"../checked_ops.rs" 270 27 270 40] Bool.eqb (let (_, a) = res2 in a) ([#"../checked_ops.rs" 270 36 270 40] [#"../checked_ops.rs" 270 36 270 40] true)); + [#"../checked_ops.rs" 270 12 270 40] _70 <- ([#"../checked_ops.rs" 270 27 270 40] Bool.eqb ([#"../checked_ops.rs" 270 27 270 32] let (_, a) = res2 in a) ([#"../checked_ops.rs" 270 36 270 40] [#"../checked_ops.rs" 270 36 270 40] true)); goto BB46 } BB46 { @@ -4175,10 +4282,11 @@ module CheckedOps_TestI8MulExample end } BB47 { + assert { [#"../checked_ops.rs" 270 4 270 41] false }; absurd } BB48 { - _0 <- ([#"../checked_ops.rs" 252 29 271 1] ()); + [#"../checked_ops.rs" 252 29 271 1] _0 <- ([#"../checked_ops.rs" 252 29 271 1] ()); return _0 } @@ -4194,7 +4302,7 @@ module CheckedOps_TestI8MulZero val inv1 (_x : int8) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../checked_ops.rs" 1 0 1 0] forall x : int8 . inv1 x = true + axiom inv1 : forall x : int8 . inv1 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant0 (self : Core_Option_Option_Type.t_option int8) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -4205,7 +4313,7 @@ module CheckedOps_TestI8MulZero val inv0 (_x : Core_Option_Option_Type.t_option int8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true use prelude.Bool predicate resolve2 (self : bool) = [#"../../../../creusot-contracts/src/resolve.rs" 45 8 45 12] true @@ -4277,11 +4385,11 @@ module CheckedOps_TestI8MulZero goto BB0 } BB0 { - _6 <- ([#"../checked_ops.rs" 275 12 275 30] checked_mul0 ([#"../checked_ops.rs" 275 12 275 15] [#"../checked_ops.rs" 275 12 275 15] (0 : int8)) a); + [#"../checked_ops.rs" 275 12 275 30] _6 <- ([#"../checked_ops.rs" 275 12 275 30] checked_mul0 ([#"../checked_ops.rs" 275 12 275 15] [#"../checked_ops.rs" 275 12 275 15] (0 : int8)) ([#"../checked_ops.rs" 275 28 275 29] a)); goto BB1 } BB1 { - _5 <- ([#"../checked_ops.rs" 275 12 275 39] unwrap0 _6); + [#"../checked_ops.rs" 275 12 275 39] _5 <- ([#"../checked_ops.rs" 275 12 275 39] unwrap0 _6); _6 <- any Core_Option_Option_Type.t_option int8; goto BB2 } @@ -4292,10 +4400,11 @@ module CheckedOps_TestI8MulZero end } BB3 { + assert { [#"../checked_ops.rs" 275 4 275 45] false }; absurd } BB4 { - _12 <- ([#"../checked_ops.rs" 276 12 276 31] wrapping_mul0 ([#"../checked_ops.rs" 276 12 276 15] [#"../checked_ops.rs" 276 12 276 15] (0 : int8)) a); + [#"../checked_ops.rs" 276 12 276 31] _12 <- ([#"../checked_ops.rs" 276 12 276 31] wrapping_mul0 ([#"../checked_ops.rs" 276 12 276 15] [#"../checked_ops.rs" 276 12 276 15] (0 : int8)) ([#"../checked_ops.rs" 276 29 276 30] a)); goto BB5 } BB5 { @@ -4305,10 +4414,11 @@ module CheckedOps_TestI8MulZero end } BB6 { + assert { [#"../checked_ops.rs" 276 4 276 37] false }; absurd } BB7 { - _18 <- ([#"../checked_ops.rs" 277 12 277 33] saturating_mul0 ([#"../checked_ops.rs" 277 12 277 15] [#"../checked_ops.rs" 277 12 277 15] (0 : int8)) a); + [#"../checked_ops.rs" 277 12 277 33] _18 <- ([#"../checked_ops.rs" 277 12 277 33] saturating_mul0 ([#"../checked_ops.rs" 277 12 277 15] [#"../checked_ops.rs" 277 12 277 15] (0 : int8)) ([#"../checked_ops.rs" 277 31 277 32] a)); goto BB8 } BB8 { @@ -4318,26 +4428,27 @@ module CheckedOps_TestI8MulZero end } BB9 { + assert { [#"../checked_ops.rs" 277 4 277 39] false }; absurd } BB10 { - res <- ([#"../checked_ops.rs" 278 14 278 36] overflowing_mul0 ([#"../checked_ops.rs" 278 14 278 17] [#"../checked_ops.rs" 278 14 278 17] (0 : int8)) a); + [#"../checked_ops.rs" 278 14 278 36] res <- ([#"../checked_ops.rs" 278 14 278 36] overflowing_mul0 ([#"../checked_ops.rs" 278 14 278 17] [#"../checked_ops.rs" 278 14 278 17] (0 : int8)) ([#"../checked_ops.rs" 278 34 278 35] a)); goto BB11 } BB11 { - switch ([#"../checked_ops.rs" 279 12 279 22] (let (a, _) = res in a) = ([#"../checked_ops.rs" 279 21 279 22] [#"../checked_ops.rs" 279 21 279 22] (0 : int8))) + switch ([#"../checked_ops.rs" 279 12 279 22] ([#"../checked_ops.rs" 279 12 279 17] let (a, _) = res in a) = ([#"../checked_ops.rs" 279 21 279 22] [#"../checked_ops.rs" 279 21 279 22] (0 : int8))) | False -> goto BB12 | True -> goto BB13 end } BB12 { assume { resolve0 res }; - _25 <- ([#"../checked_ops.rs" 279 12 279 40] [#"../checked_ops.rs" 279 12 279 40] false); + [#"../checked_ops.rs" 279 12 279 40] _25 <- ([#"../checked_ops.rs" 279 12 279 40] [#"../checked_ops.rs" 279 12 279 40] false); goto BB14 } BB13 { assume { resolve0 res }; - _25 <- ([#"../checked_ops.rs" 279 26 279 40] Bool.eqb (let (_, a) = res in a) ([#"../checked_ops.rs" 279 35 279 40] [#"../checked_ops.rs" 279 35 279 40] false)); + [#"../checked_ops.rs" 279 12 279 40] _25 <- ([#"../checked_ops.rs" 279 26 279 40] Bool.eqb ([#"../checked_ops.rs" 279 26 279 31] let (_, a) = res in a) ([#"../checked_ops.rs" 279 35 279 40] [#"../checked_ops.rs" 279 35 279 40] false)); goto BB14 } BB14 { @@ -4347,10 +4458,11 @@ module CheckedOps_TestI8MulZero end } BB15 { + assert { [#"../checked_ops.rs" 279 4 279 41] false }; absurd } BB16 { - _0 <- ([#"../checked_ops.rs" 274 31 280 1] ()); + [#"../checked_ops.rs" 274 31 280 1] _0 <- ([#"../checked_ops.rs" 274 31 280 1] ()); return _0 } @@ -4367,7 +4479,7 @@ module CheckedOps_TestI8OverflowingMul val inv0 (_x : Core_Option_Option_Type.t_option int8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true use prelude.Bool use prelude.Borrow val is_none0 (self : Core_Option_Option_Type.t_option int8) : bool @@ -4433,47 +4545,49 @@ module CheckedOps_TestI8OverflowingMul goto BB0 } BB0 { - _7 <- ([#"../checked_ops.rs" 284 12 284 32] overflowing_mul0 a b); + [#"../checked_ops.rs" 284 12 284 32] _7 <- ([#"../checked_ops.rs" 284 12 284 32] overflowing_mul0 ([#"../checked_ops.rs" 284 12 284 13] a) ([#"../checked_ops.rs" 284 30 284 31] b)); goto BB1 } BB1 { assume { resolve0 _7 }; - _10 <- ([#"../checked_ops.rs" 284 38 284 55] wrapping_mul0 a b); + [#"../checked_ops.rs" 284 38 284 55] _10 <- ([#"../checked_ops.rs" 284 38 284 55] wrapping_mul0 ([#"../checked_ops.rs" 284 38 284 39] a) ([#"../checked_ops.rs" 284 53 284 54] b)); goto BB2 } BB2 { - switch ([#"../checked_ops.rs" 284 4 284 56] not ([#"../checked_ops.rs" 284 12 284 55] (let (a, _) = _7 in a) = _10)) + switch ([#"../checked_ops.rs" 284 4 284 56] not ([#"../checked_ops.rs" 284 12 284 55] ([#"../checked_ops.rs" 284 12 284 34] let (a, _) = _7 in a) = _10)) | False -> goto BB4 | True -> goto BB3 end } BB3 { + assert { [#"../checked_ops.rs" 284 4 284 56] false }; absurd } BB4 { - _18 <- ([#"../checked_ops.rs" 285 12 285 32] overflowing_mul0 a b); + [#"../checked_ops.rs" 285 12 285 32] _18 <- ([#"../checked_ops.rs" 285 12 285 32] overflowing_mul0 ([#"../checked_ops.rs" 285 12 285 13] a) ([#"../checked_ops.rs" 285 30 285 31] b)); goto BB5 } BB5 { assume { resolve0 _18 }; - _23 <- ([#"../checked_ops.rs" 285 38 285 54] checked_mul0 a b); + [#"../checked_ops.rs" 285 38 285 54] _23 <- ([#"../checked_ops.rs" 285 38 285 54] checked_mul0 ([#"../checked_ops.rs" 285 38 285 39] a) ([#"../checked_ops.rs" 285 52 285 53] b)); goto BB6 } BB6 { - _21 <- ([#"../checked_ops.rs" 285 38 285 64] is_none0 ([#"../checked_ops.rs" 285 38 285 64] _23)); + [#"../checked_ops.rs" 285 38 285 64] _21 <- ([#"../checked_ops.rs" 285 38 285 64] is_none0 ([#"../checked_ops.rs" 285 38 285 64] _23)); goto BB7 } BB7 { - switch ([#"../checked_ops.rs" 285 4 285 65] not ([#"../checked_ops.rs" 285 12 285 64] Bool.eqb (let (_, a) = _18 in a) _21)) + switch ([#"../checked_ops.rs" 285 4 285 65] not ([#"../checked_ops.rs" 285 12 285 64] Bool.eqb ([#"../checked_ops.rs" 285 12 285 34] let (_, a) = _18 in a) _21)) | False -> goto BB9 | True -> goto BB8 end } BB8 { + assert { [#"../checked_ops.rs" 285 4 285 65] false }; absurd } BB9 { - _0 <- ([#"../checked_ops.rs" 283 45 286 1] ()); + [#"../checked_ops.rs" 283 45 286 1] _0 <- ([#"../checked_ops.rs" 283 45 286 1] ()); return _0 } @@ -4489,7 +4603,7 @@ module CheckedOps_TestI8DivExample val inv2 (_x : int8) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../checked_ops.rs" 1 0 1 0] forall x : int8 . inv2 x = true + axiom inv2 : forall x : int8 . inv2 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant1 (self : Core_Option_Option_Type.t_option int8) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -4500,7 +4614,7 @@ module CheckedOps_TestI8DivExample val inv1 (_x : Core_Option_Option_Type.t_option int8) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int8 . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option int8 . inv1 x = true predicate invariant0 (self : Core_Option_Option_Type.t_option int8) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : Core_Option_Option_Type.t_option int8) : bool @@ -4510,7 +4624,7 @@ module CheckedOps_TestI8DivExample val inv0 (_x : Core_Option_Option_Type.t_option int8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true use prelude.Bool predicate resolve2 (self : bool) = [#"../../../../creusot-contracts/src/resolve.rs" 45 8 45 12] true @@ -4590,11 +4704,11 @@ module CheckedOps_TestI8DivExample goto BB0 } BB0 { - _5 <- ([#"../checked_ops.rs" 290 12 290 30] checked_div0 ([#"../checked_ops.rs" 290 12 290 15] [#"../checked_ops.rs" 290 12 290 15] (5 : int8)) ([#"../checked_ops.rs" 290 28 290 29] [#"../checked_ops.rs" 290 28 290 29] (0 : int8))); + [#"../checked_ops.rs" 290 12 290 30] _5 <- ([#"../checked_ops.rs" 290 12 290 30] checked_div0 ([#"../checked_ops.rs" 290 12 290 15] [#"../checked_ops.rs" 290 12 290 15] (5 : int8)) ([#"../checked_ops.rs" 290 28 290 29] [#"../checked_ops.rs" 290 28 290 29] (0 : int8))); goto BB1 } BB1 { - _3 <- ([#"../checked_ops.rs" 290 12 290 40] is_none0 ([#"../checked_ops.rs" 290 12 290 40] _5)); + [#"../checked_ops.rs" 290 12 290 40] _3 <- ([#"../checked_ops.rs" 290 12 290 40] is_none0 ([#"../checked_ops.rs" 290 12 290 40] _5)); goto BB2 } BB2 { @@ -4604,14 +4718,15 @@ module CheckedOps_TestI8DivExample end } BB3 { + assert { [#"../checked_ops.rs" 290 4 290 41] false }; absurd } BB4 { - _11 <- ([#"../checked_ops.rs" 291 12 291 30] checked_div0 ([#"../checked_ops.rs" 291 12 291 15] [#"../checked_ops.rs" 291 12 291 15] (5 : int8)) ([#"../checked_ops.rs" 291 28 291 29] [#"../checked_ops.rs" 291 28 291 29] (2 : int8))); + [#"../checked_ops.rs" 291 12 291 30] _11 <- ([#"../checked_ops.rs" 291 12 291 30] checked_div0 ([#"../checked_ops.rs" 291 12 291 15] [#"../checked_ops.rs" 291 12 291 15] (5 : int8)) ([#"../checked_ops.rs" 291 28 291 29] [#"../checked_ops.rs" 291 28 291 29] (2 : int8))); goto BB5 } BB5 { - _10 <- ([#"../checked_ops.rs" 291 12 291 39] unwrap0 _11); + [#"../checked_ops.rs" 291 12 291 39] _10 <- ([#"../checked_ops.rs" 291 12 291 39] unwrap0 _11); _11 <- any Core_Option_Option_Type.t_option int8; goto BB6 } @@ -4622,14 +4737,15 @@ module CheckedOps_TestI8DivExample end } BB7 { + assert { [#"../checked_ops.rs" 291 4 291 45] false }; absurd } BB8 { - _17 <- ([#"../checked_ops.rs" 292 12 292 31] checked_div0 ([#"../checked_ops.rs" 292 12 292 15] [#"../checked_ops.rs" 292 12 292 15] (5 : int8)) ([#"../checked_ops.rs" 292 28 292 30] [#"../checked_ops.rs" 292 28 292 30] (-2 : int8))); + [#"../checked_ops.rs" 292 12 292 31] _17 <- ([#"../checked_ops.rs" 292 12 292 31] checked_div0 ([#"../checked_ops.rs" 292 12 292 15] [#"../checked_ops.rs" 292 12 292 15] (5 : int8)) ([#"../checked_ops.rs" 292 28 292 30] [#"../checked_ops.rs" 292 28 292 30] (-2 : int8))); goto BB9 } BB9 { - _16 <- ([#"../checked_ops.rs" 292 12 292 40] unwrap0 _17); + [#"../checked_ops.rs" 292 12 292 40] _16 <- ([#"../checked_ops.rs" 292 12 292 40] unwrap0 _17); _17 <- any Core_Option_Option_Type.t_option int8; goto BB10 } @@ -4640,14 +4756,15 @@ module CheckedOps_TestI8DivExample end } BB11 { + assert { [#"../checked_ops.rs" 292 4 292 47] false }; absurd } BB12 { - _23 <- ([#"../checked_ops.rs" 293 12 293 36] checked_div0 ([#"../checked_ops.rs" 293 12 293 20] [#"../checked_ops.rs" 293 12 293 20] (-128 : int8)) ([#"../checked_ops.rs" 293 33 293 35] [#"../checked_ops.rs" 293 33 293 35] (-1 : int8))); + [#"../checked_ops.rs" 293 12 293 36] _23 <- ([#"../checked_ops.rs" 293 12 293 36] checked_div0 ([#"../checked_ops.rs" 293 12 293 20] [#"../checked_ops.rs" 293 12 293 20] (-128 : int8)) ([#"../checked_ops.rs" 293 33 293 35] [#"../checked_ops.rs" 293 33 293 35] (-1 : int8))); goto BB13 } BB13 { - _21 <- ([#"../checked_ops.rs" 293 12 293 46] is_none0 ([#"../checked_ops.rs" 293 12 293 46] _23)); + [#"../checked_ops.rs" 293 12 293 46] _21 <- ([#"../checked_ops.rs" 293 12 293 46] is_none0 ([#"../checked_ops.rs" 293 12 293 46] _23)); goto BB14 } BB14 { @@ -4657,10 +4774,11 @@ module CheckedOps_TestI8DivExample end } BB15 { + assert { [#"../checked_ops.rs" 293 4 293 47] false }; absurd } BB16 { - _28 <- ([#"../checked_ops.rs" 295 12 295 31] wrapping_div0 ([#"../checked_ops.rs" 295 12 295 15] [#"../checked_ops.rs" 295 12 295 15] (5 : int8)) ([#"../checked_ops.rs" 295 29 295 30] [#"../checked_ops.rs" 295 29 295 30] (2 : int8))); + [#"../checked_ops.rs" 295 12 295 31] _28 <- ([#"../checked_ops.rs" 295 12 295 31] wrapping_div0 ([#"../checked_ops.rs" 295 12 295 15] [#"../checked_ops.rs" 295 12 295 15] (5 : int8)) ([#"../checked_ops.rs" 295 29 295 30] [#"../checked_ops.rs" 295 29 295 30] (2 : int8))); goto BB17 } BB17 { @@ -4670,10 +4788,11 @@ module CheckedOps_TestI8DivExample end } BB18 { + assert { [#"../checked_ops.rs" 295 4 295 37] false }; absurd } BB19 { - _33 <- ([#"../checked_ops.rs" 296 12 296 32] wrapping_div0 ([#"../checked_ops.rs" 296 12 296 15] [#"../checked_ops.rs" 296 12 296 15] (5 : int8)) ([#"../checked_ops.rs" 296 29 296 31] [#"../checked_ops.rs" 296 29 296 31] (-2 : int8))); + [#"../checked_ops.rs" 296 12 296 32] _33 <- ([#"../checked_ops.rs" 296 12 296 32] wrapping_div0 ([#"../checked_ops.rs" 296 12 296 15] [#"../checked_ops.rs" 296 12 296 15] (5 : int8)) ([#"../checked_ops.rs" 296 29 296 31] [#"../checked_ops.rs" 296 29 296 31] (-2 : int8))); goto BB20 } BB20 { @@ -4683,10 +4802,11 @@ module CheckedOps_TestI8DivExample end } BB21 { + assert { [#"../checked_ops.rs" 296 4 296 39] false }; absurd } BB22 { - _38 <- ([#"../checked_ops.rs" 297 12 297 37] wrapping_div0 ([#"../checked_ops.rs" 297 12 297 20] [#"../checked_ops.rs" 297 12 297 20] (-128 : int8)) ([#"../checked_ops.rs" 297 34 297 36] [#"../checked_ops.rs" 297 34 297 36] (-1 : int8))); + [#"../checked_ops.rs" 297 12 297 37] _38 <- ([#"../checked_ops.rs" 297 12 297 37] wrapping_div0 ([#"../checked_ops.rs" 297 12 297 20] [#"../checked_ops.rs" 297 12 297 20] (-128 : int8)) ([#"../checked_ops.rs" 297 34 297 36] [#"../checked_ops.rs" 297 34 297 36] (-1 : int8))); goto BB23 } BB23 { @@ -4696,10 +4816,11 @@ module CheckedOps_TestI8DivExample end } BB24 { + assert { [#"../checked_ops.rs" 297 4 297 46] false }; absurd } BB25 { - _43 <- ([#"../checked_ops.rs" 299 12 299 33] saturating_div0 ([#"../checked_ops.rs" 299 12 299 15] [#"../checked_ops.rs" 299 12 299 15] (5 : int8)) ([#"../checked_ops.rs" 299 31 299 32] [#"../checked_ops.rs" 299 31 299 32] (2 : int8))); + [#"../checked_ops.rs" 299 12 299 33] _43 <- ([#"../checked_ops.rs" 299 12 299 33] saturating_div0 ([#"../checked_ops.rs" 299 12 299 15] [#"../checked_ops.rs" 299 12 299 15] (5 : int8)) ([#"../checked_ops.rs" 299 31 299 32] [#"../checked_ops.rs" 299 31 299 32] (2 : int8))); goto BB26 } BB26 { @@ -4709,10 +4830,11 @@ module CheckedOps_TestI8DivExample end } BB27 { + assert { [#"../checked_ops.rs" 299 4 299 39] false }; absurd } BB28 { - _48 <- ([#"../checked_ops.rs" 300 12 300 34] saturating_div0 ([#"../checked_ops.rs" 300 12 300 15] [#"../checked_ops.rs" 300 12 300 15] (5 : int8)) ([#"../checked_ops.rs" 300 31 300 33] [#"../checked_ops.rs" 300 31 300 33] (-2 : int8))); + [#"../checked_ops.rs" 300 12 300 34] _48 <- ([#"../checked_ops.rs" 300 12 300 34] saturating_div0 ([#"../checked_ops.rs" 300 12 300 15] [#"../checked_ops.rs" 300 12 300 15] (5 : int8)) ([#"../checked_ops.rs" 300 31 300 33] [#"../checked_ops.rs" 300 31 300 33] (-2 : int8))); goto BB29 } BB29 { @@ -4722,10 +4844,11 @@ module CheckedOps_TestI8DivExample end } BB30 { + assert { [#"../checked_ops.rs" 300 4 300 41] false }; absurd } BB31 { - _53 <- ([#"../checked_ops.rs" 301 12 301 39] saturating_div0 ([#"../checked_ops.rs" 301 12 301 20] [#"../checked_ops.rs" 301 12 301 20] (-128 : int8)) ([#"../checked_ops.rs" 301 36 301 38] [#"../checked_ops.rs" 301 36 301 38] (-1 : int8))); + [#"../checked_ops.rs" 301 12 301 39] _53 <- ([#"../checked_ops.rs" 301 12 301 39] saturating_div0 ([#"../checked_ops.rs" 301 12 301 20] [#"../checked_ops.rs" 301 12 301 20] (-128 : int8)) ([#"../checked_ops.rs" 301 36 301 38] [#"../checked_ops.rs" 301 36 301 38] (-1 : int8))); goto BB32 } BB32 { @@ -4735,26 +4858,27 @@ module CheckedOps_TestI8DivExample end } BB33 { + assert { [#"../checked_ops.rs" 301 4 301 48] false }; absurd } BB34 { - res <- ([#"../checked_ops.rs" 303 14 303 36] overflowing_div0 ([#"../checked_ops.rs" 303 14 303 17] [#"../checked_ops.rs" 303 14 303 17] (5 : int8)) ([#"../checked_ops.rs" 303 34 303 35] [#"../checked_ops.rs" 303 34 303 35] (2 : int8))); + [#"../checked_ops.rs" 303 14 303 36] res <- ([#"../checked_ops.rs" 303 14 303 36] overflowing_div0 ([#"../checked_ops.rs" 303 14 303 17] [#"../checked_ops.rs" 303 14 303 17] (5 : int8)) ([#"../checked_ops.rs" 303 34 303 35] [#"../checked_ops.rs" 303 34 303 35] (2 : int8))); goto BB35 } BB35 { - switch ([#"../checked_ops.rs" 304 12 304 22] (let (a, _) = res in a) = ([#"../checked_ops.rs" 304 21 304 22] [#"../checked_ops.rs" 304 21 304 22] (2 : int8))) + switch ([#"../checked_ops.rs" 304 12 304 22] ([#"../checked_ops.rs" 304 12 304 17] let (a, _) = res in a) = ([#"../checked_ops.rs" 304 21 304 22] [#"../checked_ops.rs" 304 21 304 22] (2 : int8))) | False -> goto BB36 | True -> goto BB37 end } BB36 { assume { resolve0 res }; - _58 <- ([#"../checked_ops.rs" 304 12 304 40] [#"../checked_ops.rs" 304 12 304 40] false); + [#"../checked_ops.rs" 304 12 304 40] _58 <- ([#"../checked_ops.rs" 304 12 304 40] [#"../checked_ops.rs" 304 12 304 40] false); goto BB38 } BB37 { assume { resolve0 res }; - _58 <- ([#"../checked_ops.rs" 304 26 304 40] Bool.eqb (let (_, a) = res in a) ([#"../checked_ops.rs" 304 35 304 40] [#"../checked_ops.rs" 304 35 304 40] false)); + [#"../checked_ops.rs" 304 12 304 40] _58 <- ([#"../checked_ops.rs" 304 26 304 40] Bool.eqb ([#"../checked_ops.rs" 304 26 304 31] let (_, a) = res in a) ([#"../checked_ops.rs" 304 35 304 40] [#"../checked_ops.rs" 304 35 304 40] false)); goto BB38 } BB38 { @@ -4764,26 +4888,27 @@ module CheckedOps_TestI8DivExample end } BB39 { + assert { [#"../checked_ops.rs" 304 4 304 41] false }; absurd } BB40 { - res1 <- ([#"../checked_ops.rs" 305 14 305 37] overflowing_div0 ([#"../checked_ops.rs" 305 14 305 17] [#"../checked_ops.rs" 305 14 305 17] (5 : int8)) ([#"../checked_ops.rs" 305 34 305 36] [#"../checked_ops.rs" 305 34 305 36] (-2 : int8))); + [#"../checked_ops.rs" 305 14 305 37] res1 <- ([#"../checked_ops.rs" 305 14 305 37] overflowing_div0 ([#"../checked_ops.rs" 305 14 305 17] [#"../checked_ops.rs" 305 14 305 17] (5 : int8)) ([#"../checked_ops.rs" 305 34 305 36] [#"../checked_ops.rs" 305 34 305 36] (-2 : int8))); goto BB41 } BB41 { - switch ([#"../checked_ops.rs" 306 12 306 23] (let (a, _) = res1 in a) = ([#"../checked_ops.rs" 306 21 306 23] [#"../checked_ops.rs" 306 21 306 23] (-2 : int8))) + switch ([#"../checked_ops.rs" 306 12 306 23] ([#"../checked_ops.rs" 306 12 306 17] let (a, _) = res1 in a) = ([#"../checked_ops.rs" 306 21 306 23] [#"../checked_ops.rs" 306 21 306 23] (-2 : int8))) | False -> goto BB42 | True -> goto BB43 end } BB42 { assume { resolve0 res1 }; - _67 <- ([#"../checked_ops.rs" 306 12 306 41] [#"../checked_ops.rs" 306 12 306 41] false); + [#"../checked_ops.rs" 306 12 306 41] _67 <- ([#"../checked_ops.rs" 306 12 306 41] [#"../checked_ops.rs" 306 12 306 41] false); goto BB44 } BB43 { assume { resolve0 res1 }; - _67 <- ([#"../checked_ops.rs" 306 27 306 41] Bool.eqb (let (_, a) = res1 in a) ([#"../checked_ops.rs" 306 36 306 41] [#"../checked_ops.rs" 306 36 306 41] false)); + [#"../checked_ops.rs" 306 12 306 41] _67 <- ([#"../checked_ops.rs" 306 27 306 41] Bool.eqb ([#"../checked_ops.rs" 306 27 306 32] let (_, a) = res1 in a) ([#"../checked_ops.rs" 306 36 306 41] [#"../checked_ops.rs" 306 36 306 41] false)); goto BB44 } BB44 { @@ -4793,26 +4918,27 @@ module CheckedOps_TestI8DivExample end } BB45 { + assert { [#"../checked_ops.rs" 306 4 306 42] false }; absurd } BB46 { - res2 <- ([#"../checked_ops.rs" 307 14 307 42] overflowing_div0 ([#"../checked_ops.rs" 307 14 307 22] [#"../checked_ops.rs" 307 14 307 22] (-128 : int8)) ([#"../checked_ops.rs" 307 39 307 41] [#"../checked_ops.rs" 307 39 307 41] (-1 : int8))); + [#"../checked_ops.rs" 307 14 307 42] res2 <- ([#"../checked_ops.rs" 307 14 307 42] overflowing_div0 ([#"../checked_ops.rs" 307 14 307 22] [#"../checked_ops.rs" 307 14 307 22] (-128 : int8)) ([#"../checked_ops.rs" 307 39 307 41] [#"../checked_ops.rs" 307 39 307 41] (-1 : int8))); goto BB47 } BB47 { - switch ([#"../checked_ops.rs" 308 12 308 25] (let (a, _) = res2 in a) = ([#"../checked_ops.rs" 308 21 308 25] [#"../checked_ops.rs" 308 21 308 25] (-128 : int8))) + switch ([#"../checked_ops.rs" 308 12 308 25] ([#"../checked_ops.rs" 308 12 308 17] let (a, _) = res2 in a) = ([#"../checked_ops.rs" 308 21 308 25] [#"../checked_ops.rs" 308 21 308 25] (-128 : int8))) | False -> goto BB48 | True -> goto BB49 end } BB48 { assume { resolve0 res2 }; - _76 <- ([#"../checked_ops.rs" 308 12 308 42] [#"../checked_ops.rs" 308 12 308 42] false); + [#"../checked_ops.rs" 308 12 308 42] _76 <- ([#"../checked_ops.rs" 308 12 308 42] [#"../checked_ops.rs" 308 12 308 42] false); goto BB50 } BB49 { assume { resolve0 res2 }; - _76 <- ([#"../checked_ops.rs" 308 29 308 42] Bool.eqb (let (_, a) = res2 in a) ([#"../checked_ops.rs" 308 38 308 42] [#"../checked_ops.rs" 308 38 308 42] true)); + [#"../checked_ops.rs" 308 12 308 42] _76 <- ([#"../checked_ops.rs" 308 29 308 42] Bool.eqb ([#"../checked_ops.rs" 308 29 308 34] let (_, a) = res2 in a) ([#"../checked_ops.rs" 308 38 308 42] [#"../checked_ops.rs" 308 38 308 42] true)); goto BB50 } BB50 { @@ -4822,10 +4948,11 @@ module CheckedOps_TestI8DivExample end } BB51 { + assert { [#"../checked_ops.rs" 308 4 308 43] false }; absurd } BB52 { - _0 <- ([#"../checked_ops.rs" 289 29 309 1] ()); + [#"../checked_ops.rs" 289 29 309 1] _0 <- ([#"../checked_ops.rs" 289 29 309 1] ()); return _0 } @@ -4841,7 +4968,7 @@ module CheckedOps_TestI8DivNoOverflow val inv1 (_x : int8) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../checked_ops.rs" 1 0 1 0] forall x : int8 . inv1 x = true + axiom inv1 : forall x : int8 . inv1 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant0 (self : Core_Option_Option_Type.t_option int8) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -4852,7 +4979,7 @@ module CheckedOps_TestI8DivNoOverflow val inv0 (_x : Core_Option_Option_Type.t_option int8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true use prelude.Int8 use prelude.Bool predicate resolve2 (self : bool) = @@ -4932,23 +5059,23 @@ module CheckedOps_TestI8DivNoOverflow goto BB0 } BB0 { - _8 <- ([#"../checked_ops.rs" 314 12 314 28] checked_div0 a b); + [#"../checked_ops.rs" 314 12 314 28] _8 <- ([#"../checked_ops.rs" 314 12 314 28] checked_div0 ([#"../checked_ops.rs" 314 12 314 13] a) ([#"../checked_ops.rs" 314 26 314 27] b)); goto BB1 } BB1 { - _7 <- ([#"../checked_ops.rs" 314 12 314 37] unwrap0 _8); + [#"../checked_ops.rs" 314 12 314 37] _7 <- ([#"../checked_ops.rs" 314 12 314 37] unwrap0 _8); _8 <- any Core_Option_Option_Type.t_option int8; goto BB2 } BB2 { - _12 <- a; - _13 <- b; - _14 <- ([#"../checked_ops.rs" 314 41 314 46] _13 = ([#"../checked_ops.rs" 314 41 314 46] [#"../checked_ops.rs" 314 41 314 46] (0 : int8))); + [#"../checked_ops.rs" 314 41 314 42] _12 <- ([#"../checked_ops.rs" 314 41 314 42] a); + [#"../checked_ops.rs" 314 45 314 46] _13 <- ([#"../checked_ops.rs" 314 45 314 46] b); + [#"../checked_ops.rs" 314 41 314 46] _14 <- ([#"../checked_ops.rs" 314 41 314 46] _13 = ([#"../checked_ops.rs" 314 41 314 46] [#"../checked_ops.rs" 314 41 314 46] (0 : int8))); assert { [@expl:division by zero] [#"../checked_ops.rs" 314 41 314 46] not _14 }; goto BB3 } BB3 { - _17 <- ([#"../checked_ops.rs" 314 41 314 46] ([#"../checked_ops.rs" 314 41 314 46] _13 = ([#"../checked_ops.rs" 314 41 314 46] [#"../checked_ops.rs" 314 41 314 46] (-1 : int8))) && ([#"../checked_ops.rs" 314 41 314 46] _12 = ([#"../checked_ops.rs" 314 41 314 46] [#"../checked_ops.rs" 314 41 314 46] (-128 : int8)))); + [#"../checked_ops.rs" 314 41 314 46] _17 <- ([#"../checked_ops.rs" 314 41 314 46] ([#"../checked_ops.rs" 314 41 314 46] _13 = ([#"../checked_ops.rs" 314 41 314 46] [#"../checked_ops.rs" 314 41 314 46] (-1 : int8))) && ([#"../checked_ops.rs" 314 41 314 46] _12 = ([#"../checked_ops.rs" 314 41 314 46] [#"../checked_ops.rs" 314 41 314 46] (-128 : int8)))); assert { [@expl:Div overflow] [#"../checked_ops.rs" 314 41 314 46] not _17 }; goto BB4 } @@ -4959,21 +5086,22 @@ module CheckedOps_TestI8DivNoOverflow end } BB5 { + assert { [#"../checked_ops.rs" 314 4 314 47] false }; absurd } BB6 { - _22 <- ([#"../checked_ops.rs" 315 12 315 29] wrapping_div0 a b); + [#"../checked_ops.rs" 315 12 315 29] _22 <- ([#"../checked_ops.rs" 315 12 315 29] wrapping_div0 ([#"../checked_ops.rs" 315 12 315 13] a) ([#"../checked_ops.rs" 315 27 315 28] b)); goto BB7 } BB7 { - _26 <- a; - _27 <- b; - _28 <- ([#"../checked_ops.rs" 315 33 315 38] _27 = ([#"../checked_ops.rs" 315 33 315 38] [#"../checked_ops.rs" 315 33 315 38] (0 : int8))); + [#"../checked_ops.rs" 315 33 315 34] _26 <- ([#"../checked_ops.rs" 315 33 315 34] a); + [#"../checked_ops.rs" 315 37 315 38] _27 <- ([#"../checked_ops.rs" 315 37 315 38] b); + [#"../checked_ops.rs" 315 33 315 38] _28 <- ([#"../checked_ops.rs" 315 33 315 38] _27 = ([#"../checked_ops.rs" 315 33 315 38] [#"../checked_ops.rs" 315 33 315 38] (0 : int8))); assert { [@expl:division by zero] [#"../checked_ops.rs" 315 33 315 38] not _28 }; goto BB8 } BB8 { - _31 <- ([#"../checked_ops.rs" 315 33 315 38] ([#"../checked_ops.rs" 315 33 315 38] _27 = ([#"../checked_ops.rs" 315 33 315 38] [#"../checked_ops.rs" 315 33 315 38] (-1 : int8))) && ([#"../checked_ops.rs" 315 33 315 38] _26 = ([#"../checked_ops.rs" 315 33 315 38] [#"../checked_ops.rs" 315 33 315 38] (-128 : int8)))); + [#"../checked_ops.rs" 315 33 315 38] _31 <- ([#"../checked_ops.rs" 315 33 315 38] ([#"../checked_ops.rs" 315 33 315 38] _27 = ([#"../checked_ops.rs" 315 33 315 38] [#"../checked_ops.rs" 315 33 315 38] (-1 : int8))) && ([#"../checked_ops.rs" 315 33 315 38] _26 = ([#"../checked_ops.rs" 315 33 315 38] [#"../checked_ops.rs" 315 33 315 38] (-128 : int8)))); assert { [@expl:Div overflow] [#"../checked_ops.rs" 315 33 315 38] not _31 }; goto BB9 } @@ -4984,21 +5112,22 @@ module CheckedOps_TestI8DivNoOverflow end } BB10 { + assert { [#"../checked_ops.rs" 315 4 315 39] false }; absurd } BB11 { - _36 <- ([#"../checked_ops.rs" 316 12 316 31] saturating_div0 a b); + [#"../checked_ops.rs" 316 12 316 31] _36 <- ([#"../checked_ops.rs" 316 12 316 31] saturating_div0 ([#"../checked_ops.rs" 316 12 316 13] a) ([#"../checked_ops.rs" 316 29 316 30] b)); goto BB12 } BB12 { - _40 <- a; - _41 <- b; - _42 <- ([#"../checked_ops.rs" 316 35 316 40] _41 = ([#"../checked_ops.rs" 316 35 316 40] [#"../checked_ops.rs" 316 35 316 40] (0 : int8))); + [#"../checked_ops.rs" 316 35 316 36] _40 <- ([#"../checked_ops.rs" 316 35 316 36] a); + [#"../checked_ops.rs" 316 39 316 40] _41 <- ([#"../checked_ops.rs" 316 39 316 40] b); + [#"../checked_ops.rs" 316 35 316 40] _42 <- ([#"../checked_ops.rs" 316 35 316 40] _41 = ([#"../checked_ops.rs" 316 35 316 40] [#"../checked_ops.rs" 316 35 316 40] (0 : int8))); assert { [@expl:division by zero] [#"../checked_ops.rs" 316 35 316 40] not _42 }; goto BB13 } BB13 { - _45 <- ([#"../checked_ops.rs" 316 35 316 40] ([#"../checked_ops.rs" 316 35 316 40] _41 = ([#"../checked_ops.rs" 316 35 316 40] [#"../checked_ops.rs" 316 35 316 40] (-1 : int8))) && ([#"../checked_ops.rs" 316 35 316 40] _40 = ([#"../checked_ops.rs" 316 35 316 40] [#"../checked_ops.rs" 316 35 316 40] (-128 : int8)))); + [#"../checked_ops.rs" 316 35 316 40] _45 <- ([#"../checked_ops.rs" 316 35 316 40] ([#"../checked_ops.rs" 316 35 316 40] _41 = ([#"../checked_ops.rs" 316 35 316 40] [#"../checked_ops.rs" 316 35 316 40] (-1 : int8))) && ([#"../checked_ops.rs" 316 35 316 40] _40 = ([#"../checked_ops.rs" 316 35 316 40] [#"../checked_ops.rs" 316 35 316 40] (-128 : int8)))); assert { [@expl:Div overflow] [#"../checked_ops.rs" 316 35 316 40] not _45 }; goto BB14 } @@ -5009,27 +5138,28 @@ module CheckedOps_TestI8DivNoOverflow end } BB15 { + assert { [#"../checked_ops.rs" 316 4 316 41] false }; absurd } BB16 { - res <- ([#"../checked_ops.rs" 317 14 317 34] overflowing_div0 a b); + [#"../checked_ops.rs" 317 14 317 34] res <- ([#"../checked_ops.rs" 317 14 317 34] overflowing_div0 ([#"../checked_ops.rs" 317 14 317 15] a) ([#"../checked_ops.rs" 317 32 317 33] b)); goto BB17 } BB17 { - _56 <- a; - _57 <- b; - _58 <- ([#"../checked_ops.rs" 318 21 318 26] _57 = ([#"../checked_ops.rs" 318 21 318 26] [#"../checked_ops.rs" 318 21 318 26] (0 : int8))); + [#"../checked_ops.rs" 318 21 318 22] _56 <- ([#"../checked_ops.rs" 318 21 318 22] a); + [#"../checked_ops.rs" 318 25 318 26] _57 <- ([#"../checked_ops.rs" 318 25 318 26] b); + [#"../checked_ops.rs" 318 21 318 26] _58 <- ([#"../checked_ops.rs" 318 21 318 26] _57 = ([#"../checked_ops.rs" 318 21 318 26] [#"../checked_ops.rs" 318 21 318 26] (0 : int8))); assert { [@expl:division by zero] [#"../checked_ops.rs" 318 21 318 26] not _58 }; goto BB21 } BB18 { assume { resolve0 res }; - _52 <- ([#"../checked_ops.rs" 318 12 318 44] [#"../checked_ops.rs" 318 12 318 44] false); + [#"../checked_ops.rs" 318 12 318 44] _52 <- ([#"../checked_ops.rs" 318 12 318 44] [#"../checked_ops.rs" 318 12 318 44] false); goto BB20 } BB19 { assume { resolve0 res }; - _52 <- ([#"../checked_ops.rs" 318 30 318 44] Bool.eqb (let (_, a) = res in a) ([#"../checked_ops.rs" 318 39 318 44] [#"../checked_ops.rs" 318 39 318 44] false)); + [#"../checked_ops.rs" 318 12 318 44] _52 <- ([#"../checked_ops.rs" 318 30 318 44] Bool.eqb ([#"../checked_ops.rs" 318 30 318 35] let (_, a) = res in a) ([#"../checked_ops.rs" 318 39 318 44] [#"../checked_ops.rs" 318 39 318 44] false)); goto BB20 } BB20 { @@ -5039,21 +5169,22 @@ module CheckedOps_TestI8DivNoOverflow end } BB21 { - _61 <- ([#"../checked_ops.rs" 318 21 318 26] ([#"../checked_ops.rs" 318 21 318 26] _57 = ([#"../checked_ops.rs" 318 21 318 26] [#"../checked_ops.rs" 318 21 318 26] (-1 : int8))) && ([#"../checked_ops.rs" 318 21 318 26] _56 = ([#"../checked_ops.rs" 318 21 318 26] [#"../checked_ops.rs" 318 21 318 26] (-128 : int8)))); + [#"../checked_ops.rs" 318 21 318 26] _61 <- ([#"../checked_ops.rs" 318 21 318 26] ([#"../checked_ops.rs" 318 21 318 26] _57 = ([#"../checked_ops.rs" 318 21 318 26] [#"../checked_ops.rs" 318 21 318 26] (-1 : int8))) && ([#"../checked_ops.rs" 318 21 318 26] _56 = ([#"../checked_ops.rs" 318 21 318 26] [#"../checked_ops.rs" 318 21 318 26] (-128 : int8)))); assert { [@expl:Div overflow] [#"../checked_ops.rs" 318 21 318 26] not _61 }; goto BB22 } BB22 { - switch ([#"../checked_ops.rs" 318 12 318 26] (let (a, _) = res in a) = ([#"../checked_ops.rs" 318 21 318 26] _56 / _57)) + switch ([#"../checked_ops.rs" 318 12 318 26] ([#"../checked_ops.rs" 318 12 318 17] let (a, _) = res in a) = ([#"../checked_ops.rs" 318 21 318 26] _56 / _57)) | False -> goto BB18 | True -> goto BB19 end } BB23 { + assert { [#"../checked_ops.rs" 318 4 318 45] false }; absurd } BB24 { - _0 <- ([#"../checked_ops.rs" 313 45 319 1] ()); + [#"../checked_ops.rs" 313 45 319 1] _0 <- ([#"../checked_ops.rs" 313 45 319 1] ()); return _0 } @@ -5070,7 +5201,7 @@ module CheckedOps_TestI8DivZero val inv0 (_x : Core_Option_Option_Type.t_option int8) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../checked_ops.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option int8 . inv0 x = true use prelude.Borrow val is_none0 (self : Core_Option_Option_Type.t_option int8) : bool requires {inv0 self} @@ -5095,11 +5226,11 @@ module CheckedOps_TestI8DivZero goto BB0 } BB0 { - _6 <- ([#"../checked_ops.rs" 323 12 323 28] checked_div0 a ([#"../checked_ops.rs" 323 26 323 27] [#"../checked_ops.rs" 323 26 323 27] (0 : int8))); + [#"../checked_ops.rs" 323 12 323 28] _6 <- ([#"../checked_ops.rs" 323 12 323 28] checked_div0 ([#"../checked_ops.rs" 323 12 323 13] a) ([#"../checked_ops.rs" 323 26 323 27] [#"../checked_ops.rs" 323 26 323 27] (0 : int8))); goto BB1 } BB1 { - _4 <- ([#"../checked_ops.rs" 323 12 323 38] is_none0 ([#"../checked_ops.rs" 323 12 323 38] _6)); + [#"../checked_ops.rs" 323 12 323 38] _4 <- ([#"../checked_ops.rs" 323 12 323 38] is_none0 ([#"../checked_ops.rs" 323 12 323 38] _6)); goto BB2 } BB2 { @@ -5109,10 +5240,11 @@ module CheckedOps_TestI8DivZero end } BB3 { + assert { [#"../checked_ops.rs" 323 4 323 39] false }; absurd } BB4 { - _0 <- ([#"../checked_ops.rs" 322 31 324 1] ()); + [#"../checked_ops.rs" 322 31 324 1] _0 <- ([#"../checked_ops.rs" 322 31 324 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/checked_ops/why3session.xml b/creusot/tests/should_succeed/checked_ops/why3session.xml index 6f50af7f4f..300c172854 100644 --- a/creusot/tests/should_succeed/checked_ops/why3session.xml +++ b/creusot/tests/should_succeed/checked_ops/why3session.xml @@ -14,7 +14,7 @@ - + @@ -29,12 +29,12 @@ - + - + @@ -79,12 +79,12 @@ - + - + @@ -104,17 +104,17 @@ - + - + - + @@ -129,7 +129,7 @@ - + diff --git a/creusot/tests/should_succeed/checked_ops/why3shapes.gz b/creusot/tests/should_succeed/checked_ops/why3shapes.gz index 6a1d3dee7e..dc7c6ad16a 100644 Binary files a/creusot/tests/should_succeed/checked_ops/why3shapes.gz and b/creusot/tests/should_succeed/checked_ops/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/clones/01.mlcfg b/creusot/tests/should_succeed/clones/01.mlcfg index 772c1781b7..4f78788119 100644 --- a/creusot/tests/should_succeed/clones/01.mlcfg +++ b/creusot/tests/should_succeed/clones/01.mlcfg @@ -7,7 +7,7 @@ module C01_Func1 goto BB0 } BB0 { - _0 <- ([#"../01.rs" 6 11 6 13] ()); + [#"../01.rs" 6 11 6 13] _0 <- ([#"../01.rs" 6 11 6 13] ()); return _0 } @@ -21,7 +21,7 @@ module C01_Func2 goto BB0 } BB0 { - _0 <- ([#"../01.rs" 9 4 9 11] func10 ()); + [#"../01.rs" 9 4 9 11] _0 <- ([#"../01.rs" 9 4 9 11] func10 ()); goto BB1 } BB1 { @@ -38,7 +38,7 @@ module C01_Func3 goto BB0 } BB0 { - _0 <- ([#"../01.rs" 13 4 13 11] func20 ()); + [#"../01.rs" 13 4 13 11] _0 <- ([#"../01.rs" 13 4 13 11] func20 ()); goto BB1 } BB1 { diff --git a/creusot/tests/should_succeed/clones/02.mlcfg b/creusot/tests/should_succeed/clones/02.mlcfg index a66ae76d1f..0562b05b45 100644 --- a/creusot/tests/should_succeed/clones/02.mlcfg +++ b/creusot/tests/should_succeed/clones/02.mlcfg @@ -20,7 +20,7 @@ module C02_Program goto BB0 } BB0 { - _0 <- ([#"../02.rs" 20 17 20 19] ()); + [#"../02.rs" 20 17 20 19] _0 <- ([#"../02.rs" 20 17 20 19] ()); return _0 } diff --git a/creusot/tests/should_succeed/clones/03.mlcfg b/creusot/tests/should_succeed/clones/03.mlcfg index bf6f36416c..cacc974bb0 100644 --- a/creusot/tests/should_succeed/clones/03.mlcfg +++ b/creusot/tests/should_succeed/clones/03.mlcfg @@ -9,7 +9,7 @@ module C03_Prog val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../03.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true function omg0 [#"../03.rs" 6 0 6 24] (_x : t) : bool = [#"../03.rs" 7 4 7 8] true val omg0 [#"../03.rs" 6 0 6 24] (_x : t) : bool @@ -35,7 +35,7 @@ module C03_Prog goto BB1 } BB1 { - _0 <- ([#"../03.rs" 11 17 11 19] ()); + [#"../03.rs" 11 17 11 19] _0 <- ([#"../03.rs" 11 17 11 19] ()); goto BB2 } BB2 { @@ -54,7 +54,7 @@ module C03_Prog2 val inv0 (_x : int32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../03.rs" 1 0 1 0] forall x : int32 . inv0 x = true + axiom inv0 : forall x : int32 . inv0 x = true use prelude.Int function omg0 [#"../03.rs" 6 0 6 24] (_x : int) : bool = [#"../03.rs" 7 4 7 8] true @@ -81,11 +81,11 @@ module C03_Prog2 goto BB0 } BB0 { - _2 <- ([#"../03.rs" 15 4 15 11] prog0 ([#"../03.rs" 15 9 15 10] [#"../03.rs" 15 9 15 10] (0 : int32))); + [#"../03.rs" 15 4 15 11] _2 <- ([#"../03.rs" 15 4 15 11] prog0 ([#"../03.rs" 15 9 15 10] [#"../03.rs" 15 9 15 10] (0 : int32))); goto BB1 } BB1 { - _0 <- ([#"../03.rs" 14 15 16 1] ()); + [#"../03.rs" 14 15 16 1] _0 <- ([#"../03.rs" 14 15 16 1] ()); return _0 } @@ -106,7 +106,7 @@ module C03_Prog3 goto BB0 } BB0 { - _0 <- ([#"../03.rs" 19 15 19 17] ()); + [#"../03.rs" 19 15 19 17] _0 <- ([#"../03.rs" 19 15 19 17] ()); return _0 } diff --git a/creusot/tests/should_succeed/clones/04.mlcfg b/creusot/tests/should_succeed/clones/04.mlcfg index 5167feff32..ddc9b27915 100644 --- a/creusot/tests/should_succeed/clones/04.mlcfg +++ b/creusot/tests/should_succeed/clones/04.mlcfg @@ -26,7 +26,7 @@ module C04_F goto BB0 } BB0 { - _0 <- ([#"../04.rs" 21 17 21 19] ()); + [#"../04.rs" 21 17 21 19] _0 <- ([#"../04.rs" 21 17 21 19] ()); return _0 } diff --git a/creusot/tests/should_succeed/closures/01_basic.mlcfg b/creusot/tests/should_succeed/closures/01_basic.mlcfg index 10ddb818bc..ac4d1f246a 100644 --- a/creusot/tests/should_succeed/closures/01_basic.mlcfg +++ b/creusot/tests/should_succeed/closures/01_basic.mlcfg @@ -13,7 +13,7 @@ module C01Basic_UsesClosure_Closure0 function field_00 [#"../01_basic.rs" 6 14 6 16] (self : C01Basic_UsesClosure_Closure0.c01basic_usesclosure_closure0) : bool = - [#"../01_basic.rs" 1 0 1 0] let C01Basic_UsesClosure_Closure0.C01Basic_UsesClosure_Closure0 a = self in a + let C01Basic_UsesClosure_Closure0.C01Basic_UsesClosure_Closure0 a = self in a val field_00 [#"../01_basic.rs" 6 14 6 16] (self : C01Basic_UsesClosure_Closure0.c01basic_usesclosure_closure0) : bool ensures { result = field_00 self } @@ -26,7 +26,7 @@ module C01Basic_UsesClosure_Closure0 goto BB0 } BB0 { - _0 <- field_00 _1; + [#"../01_basic.rs" 6 17 6 18] _0 <- ([#"../01_basic.rs" 6 17 6 18] field_00 _1); return _0 } @@ -35,12 +35,12 @@ module C01Basic_UsesClosure use prelude.Int8 use C01Basic_UsesClosure_Closure0_Type as C01Basic_UsesClosure_Closure0 predicate resolve0 [#"../01_basic.rs" 6 14 6 16] (_1 : C01Basic_UsesClosure_Closure0.c01basic_usesclosure_closure0) = - [#"../01_basic.rs" 1 0 1 0] true + true use prelude.Borrow function field_00 [#"../01_basic.rs" 6 14 6 16] (self : C01Basic_UsesClosure_Closure0.c01basic_usesclosure_closure0) : bool = - [#"../01_basic.rs" 1 0 1 0] let C01Basic_UsesClosure_Closure0.C01Basic_UsesClosure_Closure0 a = self in a + let C01Basic_UsesClosure_Closure0.C01Basic_UsesClosure_Closure0 a = self in a val field_00 [#"../01_basic.rs" 6 14 6 16] (self : C01Basic_UsesClosure_Closure0.c01basic_usesclosure_closure0) : bool ensures { result = field_00 self } @@ -55,14 +55,14 @@ module C01Basic_UsesClosure goto BB0 } BB0 { - y <- ([#"../01_basic.rs" 5 12 5 16] [#"../01_basic.rs" 5 12 5 16] true); - _4 <- ([#"../01_basic.rs" 6 13 6 19] C01Basic_UsesClosure_Closure0.C01Basic_UsesClosure_Closure0 ([#"../01_basic.rs" 6 13 6 19] y)); - _x <- ([#"../01_basic.rs" 6 13 6 21] let () = [#"../01_basic.rs" 6 13 6 21] () in closure00 ([#"../01_basic.rs" 6 13 6 19] _4)); + [#"../01_basic.rs" 5 12 5 16] y <- ([#"../01_basic.rs" 5 12 5 16] [#"../01_basic.rs" 5 12 5 16] true); + [#"../01_basic.rs" 6 13 6 19] _4 <- ([#"../01_basic.rs" 6 13 6 19] C01Basic_UsesClosure_Closure0.C01Basic_UsesClosure_Closure0 ([#"../01_basic.rs" 6 13 6 19] y)); + [#"../01_basic.rs" 6 13 6 21] _x <- ([#"../01_basic.rs" 6 13 6 21] let () = [#"../01_basic.rs" 6 13 6 21] () in closure00 ([#"../01_basic.rs" 6 13 6 19] _4)); goto BB1 } BB1 { assume { resolve0 _4 }; - _0 <- ([#"../01_basic.rs" 4 22 7 1] ()); + [#"../01_basic.rs" 4 22 7 1] _0 <- ([#"../01_basic.rs" 4 22 7 1] ()); return _0 } @@ -90,7 +90,7 @@ module C01Basic_MultiArg_Closure0 goto BB0 } BB0 { - _0 <- ([#"../01_basic.rs" 10 19 10 24] a + b); + [#"../01_basic.rs" 10 19 10 24] _0 <- ([#"../01_basic.rs" 10 19 10 24] ([#"../01_basic.rs" 10 19 10 20] a) + ([#"../01_basic.rs" 10 23 10 24] b)); return _0 } @@ -100,7 +100,7 @@ module C01Basic_MultiArg use prelude.Int8 use C01Basic_MultiArg_Closure0_Type as C01Basic_MultiArg_Closure0 predicate resolve0 [#"../01_basic.rs" 10 12 10 18] (_1 : C01Basic_MultiArg_Closure0.c01basic_multiarg_closure0) = - [#"../01_basic.rs" 1 0 1 0] true + true use prelude.Borrow use prelude.Int val closure00 [#"../01_basic.rs" 10 12 10 18] (_1 : C01Basic_MultiArg_Closure0.c01basic_multiarg_closure0) (a : int32) (b : int32) : int32 @@ -114,13 +114,13 @@ module C01Basic_MultiArg goto BB0 } BB0 { - x <- ([#"../01_basic.rs" 10 12 10 24] C01Basic_MultiArg_Closure0.C01Basic_MultiArg_Closure0); - _a <- ([#"../01_basic.rs" 11 13 11 22] let (a, b) = [#"../01_basic.rs" 11 13 11 22] (([#"../01_basic.rs" 11 17 11 18] [#"../01_basic.rs" 11 17 11 18] (0 : int32)), ([#"../01_basic.rs" 11 20 11 21] [#"../01_basic.rs" 11 20 11 21] (3 : int32))) in closure00 ([#"../01_basic.rs" 11 13 11 16] x) a b); + [#"../01_basic.rs" 10 12 10 24] x <- ([#"../01_basic.rs" 10 12 10 24] C01Basic_MultiArg_Closure0.C01Basic_MultiArg_Closure0); + [#"../01_basic.rs" 11 13 11 22] _a <- ([#"../01_basic.rs" 11 13 11 22] let (a, b) = [#"../01_basic.rs" 11 13 11 22] (([#"../01_basic.rs" 11 17 11 18] [#"../01_basic.rs" 11 17 11 18] (0 : int32)), ([#"../01_basic.rs" 11 20 11 21] [#"../01_basic.rs" 11 20 11 21] (3 : int32))) in closure00 ([#"../01_basic.rs" 11 13 11 16] x) a b); goto BB1 } BB1 { assume { resolve0 x }; - _0 <- ([#"../01_basic.rs" 9 19 12 1] ()); + [#"../01_basic.rs" 9 19 12 1] _0 <- ([#"../01_basic.rs" 9 19 12 1] ()); return _0 } @@ -142,7 +142,7 @@ module C01Basic_MoveClosure_Closure0 predicate unnest0 [#"../01_basic.rs" 19 16 19 23] (self : C01Basic_MoveClosure_Closure0.c01basic_moveclosure_closure0) (_2 : C01Basic_MoveClosure_Closure0.c01basic_moveclosure_closure0) = - [#"../01_basic.rs" 1 0 1 0] true + true predicate resolve0 (self : borrowed C01Basic_MoveClosure_Closure0.c01basic_moveclosure_closure0) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve0 (self : borrowed C01Basic_MoveClosure_Closure0.c01basic_moveclosure_closure0) : bool @@ -152,12 +152,12 @@ module C01Basic_MoveClosure_Closure0 function field_00 [#"../01_basic.rs" 19 16 19 23] (self : C01Basic_MoveClosure_Closure0.c01basic_moveclosure_closure0) : borrowed int32 = - [#"../01_basic.rs" 1 0 1 0] let C01Basic_MoveClosure_Closure0.C01Basic_MoveClosure_Closure0 a = self in a + let C01Basic_MoveClosure_Closure0.C01Basic_MoveClosure_Closure0 a = self in a val field_00 [#"../01_basic.rs" 19 16 19 23] (self : C01Basic_MoveClosure_Closure0.c01basic_moveclosure_closure0) : borrowed int32 ensures { result = field_00 self } let rec cfg c01Basic_MoveClosure_Closure0 [#"../01_basic.rs" 19 16 19 23] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : borrowed C01Basic_MoveClosure_Closure0.c01basic_moveclosure_closure0) : () - ensures { [#"../01_basic.rs" 1 0 1 0] unnest0 ( * _1) ( ^ _1) } + ensures { unnest0 ( * _1) ( ^ _1) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -166,9 +166,9 @@ module C01Basic_MoveClosure_Closure0 goto BB0 } BB0 { - _1 <- { _1 with current = (let C01Basic_MoveClosure_Closure0.C01Basic_MoveClosure_Closure0 x0 = * _1 in C01Basic_MoveClosure_Closure0.C01Basic_MoveClosure_Closure0 ({ (field_00 ( * _1)) with current = ([#"../01_basic.rs" 20 8 20 15] * field_00 ( * _1) + ([#"../01_basic.rs" 20 14 20 15] [#"../01_basic.rs" 20 14 20 15] (1 : int32))) })) }; + [#"../01_basic.rs" 20 8 20 15] _1 <- { _1 with current = (let C01Basic_MoveClosure_Closure0.C01Basic_MoveClosure_Closure0 x0 = * _1 in C01Basic_MoveClosure_Closure0.C01Basic_MoveClosure_Closure0 ({ (field_00 ( * _1)) with current = ([#"../01_basic.rs" 20 8 20 15] * field_00 ( * _1) + ([#"../01_basic.rs" 20 14 20 15] [#"../01_basic.rs" 20 14 20 15] (1 : int32))) })) }; assume { resolve0 _1 }; - _0 <- ([#"../01_basic.rs" 19 24 21 5] ()); + [#"../01_basic.rs" 19 24 21 5] _0 <- ([#"../01_basic.rs" 19 24 21 5] ()); return _0 } @@ -187,24 +187,24 @@ module C01Basic_MoveClosure function field_00 [#"../01_basic.rs" 19 16 19 23] (self : C01Basic_MoveClosure_Closure0.c01basic_moveclosure_closure0) : borrowed int32 = - [#"../01_basic.rs" 1 0 1 0] let C01Basic_MoveClosure_Closure0.C01Basic_MoveClosure_Closure0 a = self in a + let C01Basic_MoveClosure_Closure0.C01Basic_MoveClosure_Closure0 a = self in a val field_00 [#"../01_basic.rs" 19 16 19 23] (self : C01Basic_MoveClosure_Closure0.c01basic_moveclosure_closure0) : borrowed int32 ensures { result = field_00 self } predicate resolve0 [#"../01_basic.rs" 19 16 19 23] (_1 : C01Basic_MoveClosure_Closure0.c01basic_moveclosure_closure0) = - [#"../01_basic.rs" 1 0 1 0] resolve2 (field_00 _1) + resolve2 (field_00 _1) predicate unnest0 [#"../01_basic.rs" 19 16 19 23] (self : C01Basic_MoveClosure_Closure0.c01basic_moveclosure_closure0) (_2 : C01Basic_MoveClosure_Closure0.c01basic_moveclosure_closure0) = - [#"../01_basic.rs" 1 0 1 0] true + true predicate resolve1 (self : borrowed C01Basic_MoveClosure_Closure0.c01basic_moveclosure_closure0) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve1 (self : borrowed C01Basic_MoveClosure_Closure0.c01basic_moveclosure_closure0) : bool ensures { result = resolve1 self } val closure00 [#"../01_basic.rs" 19 16 19 23] (_1 : borrowed C01Basic_MoveClosure_Closure0.c01basic_moveclosure_closure0) : () - ensures { [#"../01_basic.rs" 1 0 1 0] unnest0 ( * _1) ( ^ _1) } + ensures { unnest0 ( * _1) ( ^ _1) } let rec cfg move_closure [#"../01_basic.rs" 16 0 16 21] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : ()) : () = [@vc:do_not_keep_trace] [@vc:sp] @@ -220,27 +220,27 @@ module C01Basic_MoveClosure goto BB0 } BB0 { - _2 <- ([#"../01_basic.rs" 17 17 17 21] [#"../01_basic.rs" 17 17 17 21] (0 : int32)); - a <- Borrow.borrow_mut _2; - _2 <- ^ a; - x <- ([#"../01_basic.rs" 19 16 21 5] C01Basic_MoveClosure_Closure0.C01Basic_MoveClosure_Closure0 a); + [#"../01_basic.rs" 17 17 17 21] _2 <- ([#"../01_basic.rs" 17 17 17 21] [#"../01_basic.rs" 17 17 17 21] (0 : int32)); + [#"../01_basic.rs" 17 12 17 21] a <- Borrow.borrow_mut _2; + [#"../01_basic.rs" 17 12 17 21] _2 <- ^ a; + [#"../01_basic.rs" 19 16 21 5] x <- ([#"../01_basic.rs" 19 16 21 5] C01Basic_MoveClosure_Closure0.C01Basic_MoveClosure_Closure0 a); a <- any borrowed int32; - _5 <- Borrow.borrow_mut x; - x <- ^ _5; - _4 <- ([#"../01_basic.rs" 23 4 23 9] let () = [#"../01_basic.rs" 23 4 23 9] () in closure00 _5); + [#"../01_basic.rs" 23 4 23 7] _5 <- Borrow.borrow_mut x; + [#"../01_basic.rs" 23 4 23 7] x <- ^ _5; + [#"../01_basic.rs" 23 4 23 9] _4 <- ([#"../01_basic.rs" 23 4 23 9] let () = [#"../01_basic.rs" 23 4 23 9] () in closure00 _5); _5 <- any borrowed C01Basic_MoveClosure_Closure0.c01basic_moveclosure_closure0; goto BB1 } BB1 { - _8 <- Borrow.borrow_mut x; - x <- ^ _8; - _7 <- ([#"../01_basic.rs" 24 4 24 9] let () = [#"../01_basic.rs" 24 4 24 9] () in closure00 _8); + [#"../01_basic.rs" 24 4 24 7] _8 <- Borrow.borrow_mut x; + [#"../01_basic.rs" 24 4 24 7] x <- ^ _8; + [#"../01_basic.rs" 24 4 24 9] _7 <- ([#"../01_basic.rs" 24 4 24 9] let () = [#"../01_basic.rs" 24 4 24 9] () in closure00 _8); _8 <- any borrowed C01Basic_MoveClosure_Closure0.c01basic_moveclosure_closure0; goto BB2 } BB2 { assume { resolve0 x }; - _0 <- ([#"../01_basic.rs" 16 22 25 1] ()); + [#"../01_basic.rs" 16 22 25 1] _0 <- ([#"../01_basic.rs" 16 22 25 1] ()); return _0 } @@ -266,13 +266,13 @@ module C01Basic_MoveMut_Closure0 val inv0 (_x : borrowed uint32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../01_basic.rs" 1 0 1 0] forall x : borrowed uint32 . inv0 x = true + axiom inv0 : forall x : borrowed uint32 . inv0 x = true use prelude.Int16 use C01Basic_MoveMut_Closure0_Type as C01Basic_MoveMut_Closure0 predicate unnest0 [#"../01_basic.rs" 35 16 35 23] (self : C01Basic_MoveMut_Closure0.c01basic_movemut_closure0) (_2 : C01Basic_MoveMut_Closure0.c01basic_movemut_closure0) = - [#"../01_basic.rs" 1 0 1 0] true + true predicate resolve1 (self : borrowed C01Basic_MoveMut_Closure0.c01basic_movemut_closure0) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve1 (self : borrowed C01Basic_MoveMut_Closure0.c01basic_movemut_closure0) : bool @@ -282,7 +282,7 @@ module C01Basic_MoveMut_Closure0 function field_00 [#"../01_basic.rs" 35 16 35 23] (self : C01Basic_MoveMut_Closure0.c01basic_movemut_closure0) : borrowed uint32 = - [#"../01_basic.rs" 1 0 1 0] let C01Basic_MoveMut_Closure0.C01Basic_MoveMut_Closure0 a = self in a + let C01Basic_MoveMut_Closure0.C01Basic_MoveMut_Closure0 a = self in a val field_00 [#"../01_basic.rs" 35 16 35 23] (self : C01Basic_MoveMut_Closure0.c01basic_movemut_closure0) : borrowed uint32 ensures { result = field_00 self } @@ -295,7 +295,7 @@ module C01Basic_MoveMut_Closure0 ensures { [#"../01_basic.rs" 28 27 28 36] inv0 result } let rec cfg c01Basic_MoveMut_Closure0 [#"../01_basic.rs" 35 16 35 23] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : borrowed C01Basic_MoveMut_Closure0.c01basic_movemut_closure0) : () - ensures { [#"../01_basic.rs" 1 0 1 0] unnest0 ( * _1) ( ^ _1) } + ensures { unnest0 ( * _1) ( ^ _1) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -306,18 +306,18 @@ module C01Basic_MoveMut_Closure0 goto BB0 } BB0 { - _3 <- ([#"../01_basic.rs" 36 12 36 21] new_ref0 ()); + [#"../01_basic.rs" 36 12 36 21] _3 <- ([#"../01_basic.rs" 36 12 36 21] new_ref0 ()); goto BB1 } BB1 { - _2 <- Borrow.borrow_mut ( * _3); - _3 <- { _3 with current = ^ _2 }; - _1 <- { _1 with current = (let C01Basic_MoveMut_Closure0.C01Basic_MoveMut_Closure0 x0 = * _1 in C01Basic_MoveMut_Closure0.C01Basic_MoveMut_Closure0 _2) }; - _2 <- any borrowed uint32; + [#"../01_basic.rs" 36 12 36 21] _2 <- Borrow.borrow_mut ( * _3); + [#"../01_basic.rs" 36 12 36 21] _3 <- { _3 with current = ^ _2 }; + [#"../01_basic.rs" 36 8 36 21] _1 <- { _1 with current = (let C01Basic_MoveMut_Closure0.C01Basic_MoveMut_Closure0 x0 = * _1 in C01Basic_MoveMut_Closure0.C01Basic_MoveMut_Closure0 ([#"../01_basic.rs" 36 8 36 21] _2)) }; + [#"../01_basic.rs" 36 8 36 21] _2 <- any borrowed uint32; assume { resolve0 (field_00 ( * _1)) }; assume { resolve1 _1 }; assume { resolve0 _3 }; - _0 <- ([#"../01_basic.rs" 35 24 37 5] ()); + [#"../01_basic.rs" 35 24 37 5] _0 <- ([#"../01_basic.rs" 35 24 37 5] ()); return _0 } @@ -334,7 +334,7 @@ module C01Basic_MoveMut val inv0 (_x : borrowed uint32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../01_basic.rs" 1 0 1 0] forall x : borrowed uint32 . inv0 x = true + axiom inv0 : forall x : borrowed uint32 . inv0 x = true predicate resolve1 (self : borrowed uint32) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve1 (self : borrowed uint32) : bool @@ -346,16 +346,16 @@ module C01Basic_MoveMut function field_00 [#"../01_basic.rs" 35 16 35 23] (self : C01Basic_MoveMut_Closure0.c01basic_movemut_closure0) : borrowed uint32 = - [#"../01_basic.rs" 1 0 1 0] let C01Basic_MoveMut_Closure0.C01Basic_MoveMut_Closure0 a = self in a + let C01Basic_MoveMut_Closure0.C01Basic_MoveMut_Closure0 a = self in a val field_00 [#"../01_basic.rs" 35 16 35 23] (self : C01Basic_MoveMut_Closure0.c01basic_movemut_closure0) : borrowed uint32 ensures { result = field_00 self } predicate resolve0 [#"../01_basic.rs" 35 16 35 23] (_1 : C01Basic_MoveMut_Closure0.c01basic_movemut_closure0) = - [#"../01_basic.rs" 1 0 1 0] resolve1 (field_00 _1) + resolve1 (field_00 _1) predicate unnest0 [#"../01_basic.rs" 35 16 35 23] (self : C01Basic_MoveMut_Closure0.c01basic_movemut_closure0) (_2 : C01Basic_MoveMut_Closure0.c01basic_movemut_closure0) = - [#"../01_basic.rs" 1 0 1 0] true + true predicate resolve2 (self : borrowed C01Basic_MoveMut_Closure0.c01basic_movemut_closure0) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve2 (self : borrowed C01Basic_MoveMut_Closure0.c01basic_movemut_closure0) : bool @@ -365,7 +365,7 @@ module C01Basic_MoveMut ensures { [#"../01_basic.rs" 28 27 28 36] inv0 result } val closure00 [#"../01_basic.rs" 35 16 35 23] (_1 : borrowed C01Basic_MoveMut_Closure0.c01basic_movemut_closure0) : () - ensures { [#"../01_basic.rs" 1 0 1 0] unnest0 ( * _1) ( ^ _1) } + ensures { unnest0 ( * _1) ( ^ _1) } let rec cfg move_mut [#"../01_basic.rs" 32 0 32 17] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : ()) : () = [@vc:do_not_keep_trace] [@vc:sp] @@ -381,27 +381,27 @@ module C01Basic_MoveMut goto BB0 } BB0 { - _2 <- ([#"../01_basic.rs" 33 21 33 25] [#"../01_basic.rs" 33 21 33 25] (0 : uint32)); - x <- Borrow.borrow_mut _2; - _2 <- ^ x; - a <- ([#"../01_basic.rs" 35 16 37 5] C01Basic_MoveMut_Closure0.C01Basic_MoveMut_Closure0 x); + [#"../01_basic.rs" 33 21 33 25] _2 <- ([#"../01_basic.rs" 33 21 33 25] [#"../01_basic.rs" 33 21 33 25] (0 : uint32)); + [#"../01_basic.rs" 33 16 33 25] x <- Borrow.borrow_mut _2; + [#"../01_basic.rs" 33 16 33 25] _2 <- ^ x; + [#"../01_basic.rs" 35 16 37 5] a <- ([#"../01_basic.rs" 35 16 37 5] C01Basic_MoveMut_Closure0.C01Basic_MoveMut_Closure0 x); x <- any borrowed uint32; - _5 <- Borrow.borrow_mut a; - a <- ^ _5; - _4 <- ([#"../01_basic.rs" 38 4 38 9] let () = [#"../01_basic.rs" 38 4 38 9] () in closure00 _5); + [#"../01_basic.rs" 38 4 38 7] _5 <- Borrow.borrow_mut a; + [#"../01_basic.rs" 38 4 38 7] a <- ^ _5; + [#"../01_basic.rs" 38 4 38 9] _4 <- ([#"../01_basic.rs" 38 4 38 9] let () = [#"../01_basic.rs" 38 4 38 9] () in closure00 _5); _5 <- any borrowed C01Basic_MoveMut_Closure0.c01basic_movemut_closure0; goto BB1 } BB1 { - _8 <- Borrow.borrow_mut a; - a <- ^ _8; - _7 <- ([#"../01_basic.rs" 39 4 39 9] let () = [#"../01_basic.rs" 39 4 39 9] () in closure00 _8); + [#"../01_basic.rs" 39 4 39 7] _8 <- Borrow.borrow_mut a; + [#"../01_basic.rs" 39 4 39 7] a <- ^ _8; + [#"../01_basic.rs" 39 4 39 9] _7 <- ([#"../01_basic.rs" 39 4 39 9] let () = [#"../01_basic.rs" 39 4 39 9] () in closure00 _8); _8 <- any borrowed C01Basic_MoveMut_Closure0.c01basic_movemut_closure0; goto BB2 } BB2 { assume { resolve0 a }; - _0 <- ([#"../01_basic.rs" 32 18 40 1] ()); + [#"../01_basic.rs" 32 18 40 1] _0 <- ([#"../01_basic.rs" 32 18 40 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/closures/02_nested.mlcfg b/creusot/tests/should_succeed/closures/02_nested.mlcfg index 06981d85e5..32d2394222 100644 --- a/creusot/tests/should_succeed/closures/02_nested.mlcfg +++ b/creusot/tests/should_succeed/closures/02_nested.mlcfg @@ -13,7 +13,7 @@ module C02Nested_NestedClosure_Closure0_Closure0 function field_00 [#"../02_nested.rs" 6 18 6 20] (self : C02Nested_NestedClosure_Closure0_Closure0.c02nested_nestedclosure_closure0_closure0) : bool = - [#"../02_nested.rs" 1 0 1 0] let C02Nested_NestedClosure_Closure0_Closure0.C02Nested_NestedClosure_Closure0_Closure0 a = self in a + let C02Nested_NestedClosure_Closure0_Closure0.C02Nested_NestedClosure_Closure0_Closure0 a = self in a val field_00 [#"../02_nested.rs" 6 18 6 20] (self : C02Nested_NestedClosure_Closure0_Closure0.c02nested_nestedclosure_closure0_closure0) : bool ensures { result = field_00 self } @@ -26,7 +26,7 @@ module C02Nested_NestedClosure_Closure0_Closure0 goto BB0 } BB0 { - _0 <- field_00 _1; + [#"../02_nested.rs" 6 21 6 22] _0 <- ([#"../02_nested.rs" 6 21 6 22] field_00 _1); return _0 } @@ -46,11 +46,11 @@ module C02Nested_NestedClosure_Closure0 predicate resolve0 [#"../02_nested.rs" 6 18 6 20] (_1 : C02Nested_NestedClosure_Closure0_Closure0.c02nested_nestedclosure_closure0_closure0) = - [#"../02_nested.rs" 1 0 1 0] true + true function field_01 [#"../02_nested.rs" 6 18 6 20] (self : C02Nested_NestedClosure_Closure0_Closure0.c02nested_nestedclosure_closure0_closure0) : bool = - [#"../02_nested.rs" 1 0 1 0] let C02Nested_NestedClosure_Closure0_Closure0.C02Nested_NestedClosure_Closure0_Closure0 a = self in a + let C02Nested_NestedClosure_Closure0_Closure0.C02Nested_NestedClosure_Closure0_Closure0 a = self in a val field_01 [#"../02_nested.rs" 6 18 6 20] (self : C02Nested_NestedClosure_Closure0_Closure0.c02nested_nestedclosure_closure0_closure0) : bool ensures { result = field_01 self } @@ -59,7 +59,7 @@ module C02Nested_NestedClosure_Closure0 function field_00 [#"../02_nested.rs" 5 14 5 16] (self : C02Nested_NestedClosure_Closure0.c02nested_nestedclosure_closure0) : bool = - [#"../02_nested.rs" 1 0 1 0] let C02Nested_NestedClosure_Closure0.C02Nested_NestedClosure_Closure0 a = self in a + let C02Nested_NestedClosure_Closure0.C02Nested_NestedClosure_Closure0 a = self in a val field_00 [#"../02_nested.rs" 5 14 5 16] (self : C02Nested_NestedClosure_Closure0.c02nested_nestedclosure_closure0) : bool ensures { result = field_00 self } @@ -73,8 +73,8 @@ module C02Nested_NestedClosure_Closure0 goto BB0 } BB0 { - omg <- ([#"../02_nested.rs" 6 18 6 22] C02Nested_NestedClosure_Closure0_Closure0.C02Nested_NestedClosure_Closure0_Closure0 ([#"../02_nested.rs" 6 18 6 22] field_00 _1)); - _0 <- ([#"../02_nested.rs" 7 8 7 15] let () = [#"../02_nested.rs" 7 8 7 15] () in closure00 ([#"../02_nested.rs" 7 8 7 13] omg)); + [#"../02_nested.rs" 6 18 6 22] omg <- ([#"../02_nested.rs" 6 18 6 22] C02Nested_NestedClosure_Closure0_Closure0.C02Nested_NestedClosure_Closure0_Closure0 ([#"../02_nested.rs" 6 18 6 22] field_00 _1)); + [#"../02_nested.rs" 7 8 7 15] _0 <- ([#"../02_nested.rs" 7 8 7 15] let () = [#"../02_nested.rs" 7 8 7 15] () in closure00 ([#"../02_nested.rs" 7 8 7 13] omg)); goto BB1 } BB1 { @@ -89,17 +89,17 @@ module C02Nested_NestedClosure predicate resolve0 [#"../02_nested.rs" 5 14 5 16] (_1 : C02Nested_NestedClosure_Closure0.c02nested_nestedclosure_closure0) = - [#"../02_nested.rs" 1 0 1 0] true + true use prelude.Borrow use C02Nested_NestedClosure_Closure0_Closure0_Type as C02Nested_NestedClosure_Closure0_Closure0 predicate resolve1 [#"../02_nested.rs" 6 18 6 20] (_1 : C02Nested_NestedClosure_Closure0_Closure0.c02nested_nestedclosure_closure0_closure0) = - [#"../02_nested.rs" 1 0 1 0] true + true function field_01 [#"../02_nested.rs" 6 18 6 20] (self : C02Nested_NestedClosure_Closure0_Closure0.c02nested_nestedclosure_closure0_closure0) : bool = - [#"../02_nested.rs" 1 0 1 0] let C02Nested_NestedClosure_Closure0_Closure0.C02Nested_NestedClosure_Closure0_Closure0 a = self in a + let C02Nested_NestedClosure_Closure0_Closure0.C02Nested_NestedClosure_Closure0_Closure0 a = self in a val field_01 [#"../02_nested.rs" 6 18 6 20] (self : C02Nested_NestedClosure_Closure0_Closure0.c02nested_nestedclosure_closure0_closure0) : bool ensures { result = field_01 self } @@ -108,7 +108,7 @@ module C02Nested_NestedClosure function field_00 [#"../02_nested.rs" 5 14 5 16] (self : C02Nested_NestedClosure_Closure0.c02nested_nestedclosure_closure0) : bool = - [#"../02_nested.rs" 1 0 1 0] let C02Nested_NestedClosure_Closure0.C02Nested_NestedClosure_Closure0 a = self in a + let C02Nested_NestedClosure_Closure0.C02Nested_NestedClosure_Closure0 a = self in a val field_00 [#"../02_nested.rs" 5 14 5 16] (self : C02Nested_NestedClosure_Closure0.c02nested_nestedclosure_closure0) : bool ensures { result = field_00 self } @@ -124,14 +124,14 @@ module C02Nested_NestedClosure goto BB0 } BB0 { - a <- ([#"../02_nested.rs" 4 12 4 16] [#"../02_nested.rs" 4 12 4 16] true); - _4 <- ([#"../02_nested.rs" 5 13 8 6] C02Nested_NestedClosure_Closure0.C02Nested_NestedClosure_Closure0 ([#"../02_nested.rs" 5 13 8 6] a)); - _a <- ([#"../02_nested.rs" 5 13 8 8] let () = [#"../02_nested.rs" 5 13 8 8] () in closure00 ([#"../02_nested.rs" 5 13 8 6] _4)); + [#"../02_nested.rs" 4 12 4 16] a <- ([#"../02_nested.rs" 4 12 4 16] [#"../02_nested.rs" 4 12 4 16] true); + [#"../02_nested.rs" 5 13 8 6] _4 <- ([#"../02_nested.rs" 5 13 8 6] C02Nested_NestedClosure_Closure0.C02Nested_NestedClosure_Closure0 ([#"../02_nested.rs" 5 13 8 6] a)); + [#"../02_nested.rs" 5 13 8 8] _a <- ([#"../02_nested.rs" 5 13 8 8] let () = [#"../02_nested.rs" 5 13 8 8] () in closure00 ([#"../02_nested.rs" 5 13 8 6] _4)); goto BB1 } BB1 { assume { resolve0 _4 }; - _0 <- ([#"../02_nested.rs" 3 24 9 1] ()); + [#"../02_nested.rs" 3 24 9 1] _0 <- ([#"../02_nested.rs" 3 24 9 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/closures/03_generic_bound.mlcfg b/creusot/tests/should_succeed/closures/03_generic_bound.mlcfg index 1f591681ed..57fdf87f38 100644 --- a/creusot/tests/should_succeed/closures/03_generic_bound.mlcfg +++ b/creusot/tests/should_succeed/closures/03_generic_bound.mlcfg @@ -72,13 +72,13 @@ module C03GenericBound_ClosureParam val invariant4 (self : borrowed f) : bool ensures { result = invariant4 self } - axiom inv4 : [#"../03_generic_bound.rs" 1 0 1 0] forall x : borrowed f . inv4 x = true + axiom inv4 : forall x : borrowed f . inv4 x = true predicate invariant3 (self : ()) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : ()) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../03_generic_bound.rs" 1 0 1 0] forall x : () . inv3 x = true + axiom inv3 : forall x : () . inv3 x = true predicate postcondition0 (self : f) (_2 : uint32) (_3 : ()) val postcondition0 (self : f) (_2 : uint32) (_3 : ()) : bool ensures { result = postcondition0 self _2 _3 } @@ -109,7 +109,7 @@ module C03GenericBound_ClosureParam val invariant2 (self : uint32) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../03_generic_bound.rs" 1 0 1 0] forall x : uint32 . inv2 x = true + axiom inv2 : forall x : uint32 . inv2 x = true predicate invariant1 (self : f) val invariant1 (self : f) : bool ensures { result = invariant1 self } @@ -118,12 +118,12 @@ module C03GenericBound_ClosureParam val inv1 (_x : f) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../03_generic_bound.rs" 1 0 1 0] forall x : f . inv1 x = true + axiom inv1 : forall x : f . inv1 x = true predicate invariant0 (self : f) val invariant0 (self : f) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../03_generic_bound.rs" 1 0 1 0] forall x : f . inv0 x = true + axiom inv0 : forall x : f . inv0 x = true predicate precondition0 (self : f) (_2 : uint32) val precondition0 (self : f) (_2 : uint32) : bool ensures { result = precondition0 self _2 } @@ -146,7 +146,7 @@ module C03GenericBound_ClosureParam goto BB0 } BB0 { - _0 <- ([#"../03_generic_bound.rs" 4 4 4 10] call0 ([#"../03_generic_bound.rs" 4 4 4 7] f) ([#"../03_generic_bound.rs" 4 4 4 10] (([#"../03_generic_bound.rs" 4 8 4 9] [#"../03_generic_bound.rs" 4 8 4 9] (0 : uint32))))); + [#"../03_generic_bound.rs" 4 4 4 10] _0 <- ([#"../03_generic_bound.rs" 4 4 4 10] call0 ([#"../03_generic_bound.rs" 4 4 4 7] f) ([#"../03_generic_bound.rs" 4 4 4 10] (([#"../03_generic_bound.rs" 4 8 4 9] [#"../03_generic_bound.rs" 4 8 4 9] (0 : uint32))))); goto BB1 } BB1 { @@ -180,7 +180,7 @@ module C03GenericBound_Caller_Closure0 goto BB0 } BB0 { - _0 <- ([#"../03_generic_bound.rs" 8 28 8 30] ()); + [#"../03_generic_bound.rs" 8 28 8 30] _0 <- ([#"../03_generic_bound.rs" 8 28 8 30] ()); return _0 } @@ -198,7 +198,7 @@ module C03GenericBound_Caller val inv0 (_x : C03GenericBound_Caller_Closure0.c03genericbound_caller_closure0) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../03_generic_bound.rs" 1 0 1 0] forall x : C03GenericBound_Caller_Closure0.c03genericbound_caller_closure0 . inv0 x = true + axiom inv0 : forall x : C03GenericBound_Caller_Closure0.c03genericbound_caller_closure0 . inv0 x = true val closure_param0 [#"../03_generic_bound.rs" 3 0 3 34] (f : C03GenericBound_Caller_Closure0.c03genericbound_caller_closure0) : () requires {[#"../03_generic_bound.rs" 3 29 3 30] inv0 f} @@ -209,7 +209,7 @@ module C03GenericBound_Caller goto BB0 } BB0 { - _0 <- ([#"../03_generic_bound.rs" 8 4 8 31] closure_param0 ([#"../03_generic_bound.rs" 8 18 8 30] C03GenericBound_Caller_Closure0.C03GenericBound_Caller_Closure0)); + [#"../03_generic_bound.rs" 8 4 8 31] _0 <- ([#"../03_generic_bound.rs" 8 4 8 31] closure_param0 ([#"../03_generic_bound.rs" 8 18 8 30] C03GenericBound_Caller_Closure0.C03GenericBound_Caller_Closure0)); goto BB1 } BB1 { diff --git a/creusot/tests/should_succeed/closures/04_generic_closure.mlcfg b/creusot/tests/should_succeed/closures/04_generic_closure.mlcfg index 8fe851b09d..aa4fdd7cef 100644 --- a/creusot/tests/should_succeed/closures/04_generic_closure.mlcfg +++ b/creusot/tests/should_succeed/closures/04_generic_closure.mlcfg @@ -73,7 +73,7 @@ module C04GenericClosure_GenericClosure val invariant5 (self : borrowed f) : bool ensures { result = invariant5 self } - axiom inv5 : [#"../04_generic_closure.rs" 1 0 1 0] forall x : borrowed f . inv5 x = true + axiom inv5 : forall x : borrowed f . inv5 x = true predicate postcondition0 (self : f) (_2 : a) (_3 : b) val postcondition0 (self : f) (_2 : a) (_3 : b) : bool ensures { result = postcondition0 self _2 _3 } @@ -103,7 +103,7 @@ module C04GenericClosure_GenericClosure val invariant4 (self : a) : bool ensures { result = invariant4 self } - axiom inv4 : [#"../04_generic_closure.rs" 1 0 1 0] forall x : a . inv4 x = true + axiom inv4 : forall x : a . inv4 x = true predicate invariant3 (self : f) val invariant3 (self : f) : bool ensures { result = invariant3 self } @@ -112,12 +112,12 @@ module C04GenericClosure_GenericClosure val inv3 (_x : f) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../04_generic_closure.rs" 1 0 1 0] forall x : f . inv3 x = true + axiom inv3 : forall x : f . inv3 x = true predicate invariant2 (self : b) val invariant2 (self : b) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../04_generic_closure.rs" 1 0 1 0] forall x : b . inv2 x = true + axiom inv2 : forall x : b . inv2 x = true predicate invariant1 (self : a) val invariant1 (self : a) : bool ensures { result = invariant1 self } @@ -126,12 +126,12 @@ module C04GenericClosure_GenericClosure val inv1 (_x : a) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../04_generic_closure.rs" 1 0 1 0] forall x : a . inv1 x = true + axiom inv1 : forall x : a . inv1 x = true predicate invariant0 (self : f) val invariant0 (self : f) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../04_generic_closure.rs" 1 0 1 0] forall x : f . inv0 x = true + axiom inv0 : forall x : f . inv0 x = true predicate precondition0 (self : f) (_2 : a) val precondition0 (self : f) (_2 : a) : bool ensures { result = precondition0 self _2 } @@ -156,8 +156,8 @@ module C04GenericClosure_GenericClosure goto BB0 } BB0 { - _0 <- ([#"../04_generic_closure.rs" 4 4 4 8] call0 ([#"../04_generic_closure.rs" 4 4 4 5] f) ([#"../04_generic_closure.rs" 4 4 4 8] (a))); - a <- any a; + [#"../04_generic_closure.rs" 4 4 4 8] _0 <- ([#"../04_generic_closure.rs" 4 4 4 8] call0 ([#"../04_generic_closure.rs" 4 4 4 5] f) ([#"../04_generic_closure.rs" 4 4 4 8] (([#"../04_generic_closure.rs" 4 6 4 7] a)))); + [#"../04_generic_closure.rs" 4 6 4 7] a <- any a; goto BB1 } BB1 { @@ -192,7 +192,7 @@ module C04GenericClosure_Mapper_Closure0 val inv0 (_x : a) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../04_generic_closure.rs" 1 0 1 0] forall x : a . inv0 x = true + axiom inv0 : forall x : a . inv0 x = true use prelude.Int8 use C04GenericClosure_Mapper_Closure0_Type as C04GenericClosure_Mapper_Closure0 use prelude.Borrow @@ -215,7 +215,7 @@ module C04GenericClosure_Mapper_Closure0 goto BB0 } BB0 { - _0 <- ([#"../04_generic_closure.rs" 8 33 8 35] ()); + [#"../04_generic_closure.rs" 8 33 8 35] _0 <- ([#"../04_generic_closure.rs" 8 33 8 35] ()); assert { [@expl:type invariant] inv0 _a }; assume { resolve0 _a }; assume { resolve1 _1 }; @@ -237,7 +237,7 @@ module C04GenericClosure_Mapper val inv2 (_x : ()) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../04_generic_closure.rs" 1 0 1 0] forall x : () . inv2 x = true + axiom inv2 : forall x : () . inv2 x = true use prelude.Int8 use C04GenericClosure_Mapper_Closure0_Type as C04GenericClosure_Mapper_Closure0 predicate invariant1 (self : C04GenericClosure_Mapper_Closure0.c04genericclosure_mapper_closure0 a) @@ -248,7 +248,7 @@ module C04GenericClosure_Mapper val inv1 (_x : C04GenericClosure_Mapper_Closure0.c04genericclosure_mapper_closure0 a) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../04_generic_closure.rs" 1 0 1 0] forall x : C04GenericClosure_Mapper_Closure0.c04genericclosure_mapper_closure0 a . inv1 x = true + axiom inv1 : forall x : C04GenericClosure_Mapper_Closure0.c04genericclosure_mapper_closure0 a . inv1 x = true predicate invariant0 (self : a) val invariant0 (self : a) : bool ensures { result = invariant0 self } @@ -257,7 +257,7 @@ module C04GenericClosure_Mapper val inv0 (_x : a) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../04_generic_closure.rs" 1 0 1 0] forall x : a . inv0 x = true + axiom inv0 : forall x : a . inv0 x = true val generic_closure0 [#"../04_generic_closure.rs" 3 0 3 56] (f : C04GenericClosure_Mapper_Closure0.c04genericclosure_mapper_closure0 a) (a : a) : () requires {[#"../04_generic_closure.rs" 3 40 3 41] inv1 f} requires {[#"../04_generic_closure.rs" 3 46 3 47] inv0 a} @@ -274,12 +274,12 @@ module C04GenericClosure_Mapper goto BB0 } BB0 { - _2 <- ([#"../04_generic_closure.rs" 8 12 8 39] generic_closure0 ([#"../04_generic_closure.rs" 8 28 8 35] C04GenericClosure_Mapper_Closure0.C04GenericClosure_Mapper_Closure0) x); - x <- any a; + [#"../04_generic_closure.rs" 8 12 8 39] _2 <- ([#"../04_generic_closure.rs" 8 12 8 39] generic_closure0 ([#"../04_generic_closure.rs" 8 28 8 35] C04GenericClosure_Mapper_Closure0.C04GenericClosure_Mapper_Closure0) ([#"../04_generic_closure.rs" 8 37 8 38] x)); + [#"../04_generic_closure.rs" 8 37 8 38] x <- any a; goto BB1 } BB1 { - _0 <- ([#"../04_generic_closure.rs" 7 23 9 1] ()); + [#"../04_generic_closure.rs" 7 23 9 1] _0 <- ([#"../04_generic_closure.rs" 7 23 9 1] ()); goto BB2 } BB2 { diff --git a/creusot/tests/should_succeed/closures/05_map.mlcfg b/creusot/tests/should_succeed/closures/05_map.mlcfg index e25c0c9849..075795ce88 100644 --- a/creusot/tests/should_succeed/closures/05_map.mlcfg +++ b/creusot/tests/should_succeed/closures/05_map.mlcfg @@ -36,7 +36,7 @@ module C05Map_Impl0_Next val inv9 (_x : f) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../05_map.rs" 1 0 1 0] forall x : f . inv9 x = true + axiom inv9 : forall x : f . inv9 x = true predicate resolve3 (self : f) val resolve3 (self : f) : bool ensures { result = resolve3 self } @@ -103,12 +103,12 @@ module C05Map_Impl0_Next val invariant8 (self : borrowed f) : bool ensures { result = invariant8 self } - axiom inv8 : [#"../05_map.rs" 1 0 1 0] forall x : borrowed f . inv8 x = true + axiom inv8 : forall x : borrowed f . inv8 x = true predicate invariant7 (self : b) val invariant7 (self : b) : bool ensures { result = invariant7 self } - axiom inv7 : [#"../05_map.rs" 1 0 1 0] forall x : b . inv7 x = true + axiom inv7 : forall x : b . inv7 x = true predicate postcondition0 (self : f) (_2 : a) (_3 : b) val postcondition0 (self : f) (_2 : a) (_3 : b) : bool ensures { result = postcondition0 self _2 _3 } @@ -138,7 +138,7 @@ module C05Map_Impl0_Next val invariant6 (self : a) : bool ensures { result = invariant6 self } - axiom inv6 : [#"../05_map.rs" 1 0 1 0] forall x : a . inv6 x = true + axiom inv6 : forall x : a . inv6 x = true predicate invariant5 (self : f) val invariant5 (self : f) : bool ensures { result = invariant5 self } @@ -147,7 +147,7 @@ module C05Map_Impl0_Next val inv5 (_x : f) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../05_map.rs" 1 0 1 0] forall x : f . inv5 x = true + axiom inv5 : forall x : f . inv5 x = true predicate invariant4 (self : borrowed i) val invariant4 (self : borrowed i) : bool ensures { result = invariant4 self } @@ -156,7 +156,7 @@ module C05Map_Impl0_Next val inv4 (_x : borrowed i) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../05_map.rs" 1 0 1 0] forall x : borrowed i . inv4 x = true + axiom inv4 : forall x : borrowed i . inv4 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant3 (self : Core_Option_Option_Type.t_option b) val invariant3 (self : Core_Option_Option_Type.t_option b) : bool @@ -166,7 +166,7 @@ module C05Map_Impl0_Next val inv3 (_x : Core_Option_Option_Type.t_option b) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../05_map.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option b . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option b . inv3 x = true use C05Map_Map_Type as C05Map_Map_Type predicate invariant2 (self : borrowed (C05Map_Map_Type.t_map i f)) val invariant2 (self : borrowed (C05Map_Map_Type.t_map i f)) : bool @@ -176,7 +176,7 @@ module C05Map_Impl0_Next val inv2 (_x : borrowed (C05Map_Map_Type.t_map i f)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../05_map.rs" 1 0 1 0] forall x : borrowed (C05Map_Map_Type.t_map i f) . inv2 x = true + axiom inv2 : forall x : borrowed (C05Map_Map_Type.t_map i f) . inv2 x = true predicate invariant1 (self : Core_Option_Option_Type.t_option a) val invariant1 (self : Core_Option_Option_Type.t_option a) : bool ensures { result = invariant1 self } @@ -185,7 +185,7 @@ module C05Map_Impl0_Next val inv1 (_x : Core_Option_Option_Type.t_option a) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../05_map.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option a . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option a . inv1 x = true predicate invariant0 (self : i) val invariant0 (self : i) : bool ensures { result = invariant0 self } @@ -194,7 +194,7 @@ module C05Map_Impl0_Next val inv0 (_x : i) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../05_map.rs" 1 0 1 0] forall x : i . inv0 x = true + axiom inv0 : forall x : i . inv0 x = true predicate precondition0 (self : f) (_2 : a) val precondition0 (self : f) (_2 : a) : bool ensures { result = precondition0 self _2 } @@ -234,10 +234,10 @@ module C05Map_Impl0_Next goto BB0 } BB0 { - _3 <- Borrow.borrow_mut (C05Map_Map_Type.map_iter ( * self)); - self <- { self with current = (let C05Map_Map_Type.C_Map x0 x1 = * self in C05Map_Map_Type.C_Map ( ^ _3) x1) }; + [#"../05_map.rs" 18 14 18 30] _3 <- Borrow.borrow_mut (C05Map_Map_Type.map_iter ( * self)); + [#"../05_map.rs" 18 14 18 30] self <- { self with current = (let C05Map_Map_Type.C_Map x0 x1 = * self in C05Map_Map_Type.C_Map ( ^ _3) x1) }; assume { inv0 ( ^ _3) }; - _2 <- ([#"../05_map.rs" 18 14 18 30] next0 _3); + [#"../05_map.rs" 18 14 18 30] _2 <- ([#"../05_map.rs" 18 14 18 30] next0 _3); _3 <- any borrowed i; goto BB1 } @@ -251,12 +251,12 @@ module C05Map_Impl0_Next goto BB5 } BB3 { - e <- Core_Option_Option_Type.some_0 _2; - _2 <- (let Core_Option_Option_Type.C_Some x0 = _2 in Core_Option_Option_Type.C_Some (any a)); + [#"../05_map.rs" 20 17 20 18] e <- ([#"../05_map.rs" 20 17 20 18] Core_Option_Option_Type.some_0 _2); + [#"../05_map.rs" 20 17 20 18] _2 <- (let Core_Option_Option_Type.C_Some x0 = _2 in Core_Option_Option_Type.C_Some (any a)); assert { [@expl:type invariant] inv1 _2 }; assume { resolve0 _2 }; - _6 <- ([#"../05_map.rs" 20 28 20 42] call0 ([#"../05_map.rs" 20 28 20 39] C05Map_Map_Type.map_func ( * self)) ([#"../05_map.rs" 20 28 20 42] (e))); - e <- any a; + [#"../05_map.rs" 20 28 20 42] _6 <- ([#"../05_map.rs" 20 28 20 42] call0 ([#"../05_map.rs" 20 28 20 39] C05Map_Map_Type.map_func ( * self)) ([#"../05_map.rs" 20 28 20 42] (([#"../05_map.rs" 20 40 20 41] e)))); + [#"../05_map.rs" 20 40 20 41] e <- any a; goto BB6 } BB4 { @@ -264,6 +264,7 @@ module C05Map_Impl0_Next assume { resolve0 _2 }; assert { [@expl:type invariant] inv2 self }; assume { resolve1 self }; + assert { [#"../05_map.rs" 18 14 18 30] false }; absurd } BB5 { @@ -271,7 +272,7 @@ module C05Map_Impl0_Next assume { resolve0 _2 }; assert { [@expl:type invariant] inv2 self }; assume { resolve1 self }; - _0 <- ([#"../05_map.rs" 19 20 19 24] Core_Option_Option_Type.C_None); + [#"../05_map.rs" 19 20 19 24] _0 <- ([#"../05_map.rs" 19 20 19 24] Core_Option_Option_Type.C_None); goto BB10 } BB6 { @@ -280,7 +281,7 @@ module C05Map_Impl0_Next BB7 { assert { [@expl:type invariant] inv2 self }; assume { resolve1 self }; - _0 <- ([#"../05_map.rs" 20 23 20 43] Core_Option_Option_Type.C_Some _6); + [#"../05_map.rs" 20 23 20 43] _0 <- ([#"../05_map.rs" 20 23 20 43] Core_Option_Option_Type.C_Some _6); _6 <- any b; goto BB8 } @@ -312,7 +313,7 @@ module C05Map_Impl0 val inv1 (_x : Core_Option_Option_Type.t_option b) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../05_map.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option b . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option b . inv1 x = true use C05Map_Map_Type as C05Map_Map_Type use prelude.Borrow predicate invariant0 (self : borrowed (C05Map_Map_Type.t_map i f)) @@ -323,6 +324,6 @@ module C05Map_Impl0 val inv0 (_x : borrowed (C05Map_Map_Type.t_map i f)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../05_map.rs" 1 0 1 0] forall x : borrowed (C05Map_Map_Type.t_map i f) . inv0 x = true + axiom inv0 : forall x : borrowed (C05Map_Map_Type.t_map i f) . inv0 x = true goal next_refn : [#"../05_map.rs" 17 4 17 44] forall self : borrowed (C05Map_Map_Type.t_map i f) . inv0 self -> inv0 self /\ (forall result : Core_Option_Option_Type.t_option b . inv1 result -> inv1 result) end diff --git a/creusot/tests/should_succeed/closures/06_fn_specs.mlcfg b/creusot/tests/should_succeed/closures/06_fn_specs.mlcfg index 95d1f9bb90..860ffcbf71 100644 --- a/creusot/tests/should_succeed/closures/06_fn_specs.mlcfg +++ b/creusot/tests/should_succeed/closures/06_fn_specs.mlcfg @@ -11,7 +11,7 @@ module C06FnSpecs_Weaken3 val inv2 (_x : output0) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : output0 . inv2 x = true + axiom inv2 : forall x : output0 . inv2 x = true predicate invariant1 (self : a) val invariant1 (self : a) : bool ensures { result = invariant1 self } @@ -20,7 +20,7 @@ module C06FnSpecs_Weaken3 val inv1 (_x : a) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : a . inv1 x = true + axiom inv1 : forall x : a . inv1 x = true predicate invariant0 (self : f) val invariant0 (self : f) : bool ensures { result = invariant0 self } @@ -29,7 +29,7 @@ module C06FnSpecs_Weaken3 val inv0 (_x : f) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : f . inv0 x = true + axiom inv0 : forall x : f . inv0 x = true predicate postcondition_once0 (self : f) (a : a) (res : output0) val postcondition_once0 (self : f) (a : a) (res : output0) : bool ensures { result = postcondition_once0 self a res } @@ -66,9 +66,9 @@ module C06FnSpecs_Weaken3 goto BB2 } BB2 { - _0 <- ([#"../06_fn_specs.rs" 33 4 33 27] call_once0 f a); - f <- any f; - a <- any a; + [#"../06_fn_specs.rs" 33 4 33 27] _0 <- ([#"../06_fn_specs.rs" 33 4 33 27] call_once0 ([#"../06_fn_specs.rs" 33 22 33 23] f) ([#"../06_fn_specs.rs" 33 25 33 26] a)); + [#"../06_fn_specs.rs" 33 22 33 23] f <- any f; + [#"../06_fn_specs.rs" 33 25 33 26] a <- any a; goto BB3 } BB3 { @@ -94,7 +94,7 @@ module C06FnSpecs_Weaken2 val inv3 (_x : output0) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : output0 . inv3 x = true + axiom inv3 : forall x : output0 . inv3 x = true predicate resolve0 (self : f) val resolve0 (self : f) : bool ensures { result = resolve0 self } @@ -161,17 +161,17 @@ module C06FnSpecs_Weaken2 val invariant2 (self : borrowed f) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : borrowed f . inv2 x = true + axiom inv2 : forall x : borrowed f . inv2 x = true predicate invariant1 (self : a) val invariant1 (self : a) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : a . inv1 x = true + axiom inv1 : forall x : a . inv1 x = true predicate invariant0 (self : f) val invariant0 (self : f) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : f . inv0 x = true + axiom inv0 : forall x : f . inv0 x = true predicate precondition0 (self : f) (a : a) val precondition0 (self : f) (a : a) : bool ensures { result = precondition0 self a } @@ -204,9 +204,9 @@ module C06FnSpecs_Weaken2 goto BB2 } BB2 { - _0 <- ([#"../06_fn_specs.rs" 21 4 21 18] weaken_30 f a); - f <- any f; - a <- any a; + [#"../06_fn_specs.rs" 21 4 21 18] _0 <- ([#"../06_fn_specs.rs" 21 4 21 18] weaken_30 ([#"../06_fn_specs.rs" 21 13 21 14] f) ([#"../06_fn_specs.rs" 21 16 21 17] a)); + [#"../06_fn_specs.rs" 21 13 21 14] f <- any f; + [#"../06_fn_specs.rs" 21 16 21 17] a <- any a; goto BB3 } BB3 { @@ -294,12 +294,12 @@ module C06FnSpecs_Weaken val invariant3 (self : borrowed f) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : borrowed f . inv3 x = true + axiom inv3 : forall x : borrowed f . inv3 x = true predicate invariant2 (self : output0) val invariant2 (self : output0) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : output0 . inv2 x = true + axiom inv2 : forall x : output0 . inv2 x = true predicate postcondition0 (self : f) (_2 : a) (_3 : output0) val postcondition0 (self : f) (_2 : a) (_3 : output0) : bool ensures { result = postcondition0 self _2 _3 } @@ -329,12 +329,12 @@ module C06FnSpecs_Weaken val invariant1 (self : a) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : a . inv1 x = true + axiom inv1 : forall x : a . inv1 x = true predicate invariant0 (self : f) val invariant0 (self : f) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : f . inv0 x = true + axiom inv0 : forall x : f . inv0 x = true predicate precondition0 (self : f) (a : a) val precondition0 (self : f) (a : a) : bool ensures { result = precondition0 self a } @@ -367,9 +367,9 @@ module C06FnSpecs_Weaken goto BB2 } BB2 { - _0 <- ([#"../06_fn_specs.rs" 9 4 9 18] weaken_20 f a); - f <- any f; - a <- any a; + [#"../06_fn_specs.rs" 9 4 9 18] _0 <- ([#"../06_fn_specs.rs" 9 4 9 18] weaken_20 ([#"../06_fn_specs.rs" 9 13 9 14] f) ([#"../06_fn_specs.rs" 9 16 9 17] a)); + [#"../06_fn_specs.rs" 9 13 9 14] f <- any f; + [#"../06_fn_specs.rs" 9 16 9 17] a <- any a; goto BB3 } BB3 { @@ -395,7 +395,7 @@ module C06FnSpecs_Weaken3Std val inv2 (_x : output0) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : output0 . inv2 x = true + axiom inv2 : forall x : output0 . inv2 x = true predicate invariant1 (self : a) val invariant1 (self : a) : bool ensures { result = invariant1 self } @@ -404,7 +404,7 @@ module C06FnSpecs_Weaken3Std val inv1 (_x : a) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : a . inv1 x = true + axiom inv1 : forall x : a . inv1 x = true predicate invariant0 (self : f) val invariant0 (self : f) : bool ensures { result = invariant0 self } @@ -413,7 +413,7 @@ module C06FnSpecs_Weaken3Std val inv0 (_x : f) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : f . inv0 x = true + axiom inv0 : forall x : f . inv0 x = true predicate postcondition_once0 (self : f) (_2 : a) (_3 : output0) val postcondition_once0 (self : f) (_2 : a) (_3 : output0) : bool ensures { result = postcondition_once0 self _2 _3 } @@ -450,9 +450,9 @@ module C06FnSpecs_Weaken3Std goto BB2 } BB2 { - _0 <- ([#"../06_fn_specs.rs" 39 4 39 27] call_once0 f a); - f <- any f; - a <- any a; + [#"../06_fn_specs.rs" 39 4 39 27] _0 <- ([#"../06_fn_specs.rs" 39 4 39 27] call_once0 ([#"../06_fn_specs.rs" 39 22 39 23] f) ([#"../06_fn_specs.rs" 39 25 39 26] a)); + [#"../06_fn_specs.rs" 39 22 39 23] f <- any f; + [#"../06_fn_specs.rs" 39 25 39 26] a <- any a; goto BB3 } BB3 { @@ -478,7 +478,7 @@ module C06FnSpecs_Weaken2Std val inv3 (_x : output0) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : output0 . inv3 x = true + axiom inv3 : forall x : output0 . inv3 x = true predicate resolve0 (self : f) val resolve0 (self : f) : bool ensures { result = resolve0 self } @@ -545,17 +545,17 @@ module C06FnSpecs_Weaken2Std val invariant2 (self : borrowed f) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : borrowed f . inv2 x = true + axiom inv2 : forall x : borrowed f . inv2 x = true predicate invariant1 (self : a) val invariant1 (self : a) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : a . inv1 x = true + axiom inv1 : forall x : a . inv1 x = true predicate invariant0 (self : f) val invariant0 (self : f) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : f . inv0 x = true + axiom inv0 : forall x : f . inv0 x = true predicate precondition0 (self : f) (_2 : a) val precondition0 (self : f) (_2 : a) : bool ensures { result = precondition0 self _2 } @@ -588,9 +588,9 @@ module C06FnSpecs_Weaken2Std goto BB2 } BB2 { - _0 <- ([#"../06_fn_specs.rs" 27 4 27 22] weaken_3_std0 f a); - f <- any f; - a <- any a; + [#"../06_fn_specs.rs" 27 4 27 22] _0 <- ([#"../06_fn_specs.rs" 27 4 27 22] weaken_3_std0 ([#"../06_fn_specs.rs" 27 17 27 18] f) ([#"../06_fn_specs.rs" 27 20 27 21] a)); + [#"../06_fn_specs.rs" 27 17 27 18] f <- any f; + [#"../06_fn_specs.rs" 27 20 27 21] a <- any a; goto BB3 } BB3 { @@ -678,12 +678,12 @@ module C06FnSpecs_WeakenStd val invariant3 (self : borrowed f) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : borrowed f . inv3 x = true + axiom inv3 : forall x : borrowed f . inv3 x = true predicate invariant2 (self : output0) val invariant2 (self : output0) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : output0 . inv2 x = true + axiom inv2 : forall x : output0 . inv2 x = true predicate postcondition0 (self : f) (_2 : a) (_3 : output0) val postcondition0 (self : f) (_2 : a) (_3 : output0) : bool ensures { result = postcondition0 self _2 _3 } @@ -713,12 +713,12 @@ module C06FnSpecs_WeakenStd val invariant1 (self : a) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : a . inv1 x = true + axiom inv1 : forall x : a . inv1 x = true predicate invariant0 (self : f) val invariant0 (self : f) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : f . inv0 x = true + axiom inv0 : forall x : f . inv0 x = true predicate precondition0 (self : f) (_2 : a) val precondition0 (self : f) (_2 : a) : bool ensures { result = precondition0 self _2 } @@ -751,9 +751,9 @@ module C06FnSpecs_WeakenStd goto BB2 } BB2 { - _0 <- ([#"../06_fn_specs.rs" 15 4 15 22] weaken_2_std0 f a); - f <- any f; - a <- any a; + [#"../06_fn_specs.rs" 15 4 15 22] _0 <- ([#"../06_fn_specs.rs" 15 4 15 22] weaken_2_std0 ([#"../06_fn_specs.rs" 15 17 15 18] f) ([#"../06_fn_specs.rs" 15 20 15 21] a)); + [#"../06_fn_specs.rs" 15 17 15 18] f <- any f; + [#"../06_fn_specs.rs" 15 20 15 21] a <- any a; goto BB3 } BB3 { @@ -778,7 +778,7 @@ module C06FnSpecs_FnOnceUser val inv2 (_x : ()) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : () . inv2 x = true + axiom inv2 : forall x : () . inv2 x = true use prelude.UIntSize predicate invariant1 (self : usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -789,7 +789,7 @@ module C06FnSpecs_FnOnceUser val inv1 (_x : usize) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : usize . inv1 x = true + axiom inv1 : forall x : usize . inv1 x = true predicate invariant0 (self : f) val invariant0 (self : f) : bool ensures { result = invariant0 self } @@ -798,7 +798,7 @@ module C06FnSpecs_FnOnceUser val inv0 (_x : f) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : f . inv0 x = true + axiom inv0 : forall x : f . inv0 x = true predicate precondition0 (self : f) (_2 : usize) val precondition0 (self : f) (_2 : usize) : bool ensures { result = precondition0 self _2 } @@ -829,8 +829,8 @@ module C06FnSpecs_FnOnceUser goto BB1 } BB1 { - _0 <- ([#"../06_fn_specs.rs" 45 4 45 8] call_once0 f ([#"../06_fn_specs.rs" 45 4 45 8] (([#"../06_fn_specs.rs" 45 6 45 7] [#"../06_fn_specs.rs" 45 6 45 7] (0 : usize))))); - f <- any f; + [#"../06_fn_specs.rs" 45 4 45 8] _0 <- ([#"../06_fn_specs.rs" 45 4 45 8] call_once0 ([#"../06_fn_specs.rs" 45 4 45 5] f) ([#"../06_fn_specs.rs" 45 4 45 8] (([#"../06_fn_specs.rs" 45 6 45 7] [#"../06_fn_specs.rs" 45 6 45 7] (0 : usize))))); + [#"../06_fn_specs.rs" 45 4 45 5] f <- any f; goto BB2 } BB2 { @@ -854,7 +854,7 @@ module C06FnSpecs_Caller_Closure0 use prelude.Int use C06FnSpecs_Caller_Closure0_Type as C06FnSpecs_Caller_Closure0 predicate resolve0 [#"../06_fn_specs.rs" 49 17 49 20] (_1 : C06FnSpecs_Caller_Closure0.c06fnspecs_caller_closure0) = - [#"../06_fn_specs.rs" 1 0 1 0] true + true let rec cfg c06FnSpecs_Caller_Closure0 [#"../06_fn_specs.rs" 49 17 49 20] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : C06FnSpecs_Caller_Closure0.c06fnspecs_caller_closure0) (_2 : usize) : () = [@vc:do_not_keep_trace] [@vc:sp] @@ -864,7 +864,7 @@ module C06FnSpecs_Caller_Closure0 goto BB0 } BB0 { - _0 <- ([#"../06_fn_specs.rs" 49 21 49 23] ()); + [#"../06_fn_specs.rs" 49 21 49 23] _0 <- ([#"../06_fn_specs.rs" 49 21 49 23] ()); assume { resolve0 _1 }; return _0 } @@ -883,12 +883,12 @@ module C06FnSpecs_Caller val inv0 (_x : C06FnSpecs_Caller_Closure0.c06fnspecs_caller_closure0) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../06_fn_specs.rs" 1 0 1 0] forall x : C06FnSpecs_Caller_Closure0.c06fnspecs_caller_closure0 . inv0 x = true + axiom inv0 : forall x : C06FnSpecs_Caller_Closure0.c06fnspecs_caller_closure0 . inv0 x = true use prelude.Int predicate precondition0 [#"../06_fn_specs.rs" 49 17 49 20] (self : C06FnSpecs_Caller_Closure0.c06fnspecs_caller_closure0) (args : usize) = - [#"../06_fn_specs.rs" 1 0 1 0] let (_2) = args in true + let (_2) = args in true val fn_once_user0 [#"../06_fn_specs.rs" 44 0 44 43] (f : C06FnSpecs_Caller_Closure0.c06fnspecs_caller_closure0) : () requires {[#"../06_fn_specs.rs" 43 11 43 36] precondition0 f ((0 : usize))} requires {[#"../06_fn_specs.rs" 44 38 44 39] inv0 f} @@ -900,7 +900,7 @@ module C06FnSpecs_Caller goto BB0 } BB0 { - _0 <- ([#"../06_fn_specs.rs" 49 4 49 24] fn_once_user0 ([#"../06_fn_specs.rs" 49 17 49 23] C06FnSpecs_Caller_Closure0.C06FnSpecs_Caller_Closure0)); + [#"../06_fn_specs.rs" 49 4 49 24] _0 <- ([#"../06_fn_specs.rs" 49 4 49 24] fn_once_user0 ([#"../06_fn_specs.rs" 49 17 49 23] C06FnSpecs_Caller_Closure0.C06FnSpecs_Caller_Closure0)); goto BB1 } BB1 { diff --git a/creusot/tests/should_succeed/closures/07_mutable_capture.mlcfg b/creusot/tests/should_succeed/closures/07_mutable_capture.mlcfg index ef39d4fbf4..b96fc0e523 100644 --- a/creusot/tests/should_succeed/closures/07_mutable_capture.mlcfg +++ b/creusot/tests/should_succeed/closures/07_mutable_capture.mlcfg @@ -19,14 +19,14 @@ module C07MutableCapture_TestFnmut_Closure1 function field_00 [#"../07_mutable_capture.rs" 8 8 8 37] (self : C07MutableCapture_TestFnmut_Closure1.c07mutablecapture_testfnmut_closure1) : borrowed uint32 = - [#"../07_mutable_capture.rs" 1 0 1 0] let C07MutableCapture_TestFnmut_Closure1.C07MutableCapture_TestFnmut_Closure1 a = self in a + let C07MutableCapture_TestFnmut_Closure1.C07MutableCapture_TestFnmut_Closure1 a = self in a val field_00 [#"../07_mutable_capture.rs" 8 8 8 37] (self : C07MutableCapture_TestFnmut_Closure1.c07mutablecapture_testfnmut_closure1) : borrowed uint32 ensures { result = field_00 self } predicate unnest0 [#"../07_mutable_capture.rs" 8 8 8 37] (self : C07MutableCapture_TestFnmut_Closure1.c07mutablecapture_testfnmut_closure1) (_2 : C07MutableCapture_TestFnmut_Closure1.c07mutablecapture_testfnmut_closure1) = - [#"../07_mutable_capture.rs" 1 0 1 0] ^ field_00 _2 = ^ field_00 self + ^ field_00 _2 = ^ field_00 self use prelude.UInt32 predicate resolve0 (self : borrowed C07MutableCapture_TestFnmut_Closure1.c07mutablecapture_testfnmut_closure1) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self @@ -36,7 +36,7 @@ module C07MutableCapture_TestFnmut_Closure1 let rec cfg c07MutableCapture_TestFnmut_Closure1 [#"../07_mutable_capture.rs" 8 8 8 37] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : borrowed C07MutableCapture_TestFnmut_Closure1.c07mutablecapture_testfnmut_closure1) : int32 requires {[#"../07_mutable_capture.rs" 7 19 7 33] UInt32.to_int ( * field_00 ( * _1)) < 1000000} ensures { [#"../07_mutable_capture.rs" 8 18 8 35] UInt32.to_int ( * field_00 ( ^ _1)) = UInt32.to_int ( * field_00 ( * _1)) + 1 } - ensures { [#"../07_mutable_capture.rs" 1 0 1 0] unnest0 ( * _1) ( ^ _1) } + ensures { unnest0 ( * _1) ( ^ _1) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : int32; @@ -47,11 +47,11 @@ module C07MutableCapture_TestFnmut_Closure1 goto BB0 } BB0 { - _1 <- { _1 with current = (let C07MutableCapture_TestFnmut_Closure1.C07MutableCapture_TestFnmut_Closure1 x0 = * _1 in C07MutableCapture_TestFnmut_Closure1.C07MutableCapture_TestFnmut_Closure1 ({ (field_00 ( * _1)) with current = ([#"../07_mutable_capture.rs" 10 12 10 18] * field_00 ( * _1) + ([#"../07_mutable_capture.rs" 10 17 10 18] [#"../07_mutable_capture.rs" 10 17 10 18] (1 : uint32))) })) }; + [#"../07_mutable_capture.rs" 10 12 10 18] _1 <- { _1 with current = (let C07MutableCapture_TestFnmut_Closure1.C07MutableCapture_TestFnmut_Closure1 x0 = * _1 in C07MutableCapture_TestFnmut_Closure1.C07MutableCapture_TestFnmut_Closure1 ({ (field_00 ( * _1)) with current = ([#"../07_mutable_capture.rs" 10 12 10 18] * field_00 ( * _1) + ([#"../07_mutable_capture.rs" 10 17 10 18] [#"../07_mutable_capture.rs" 10 17 10 18] (1 : uint32))) })) }; assume { resolve0 _1 }; - res1 <- ([#"../07_mutable_capture.rs" 11 12 11 13] [#"../07_mutable_capture.rs" 11 12 11 13] (5 : int32)); - res <- res1; - _0 <- res; + [#"../07_mutable_capture.rs" 11 12 11 13] res1 <- ([#"../07_mutable_capture.rs" 11 12 11 13] [#"../07_mutable_capture.rs" 11 12 11 13] (5 : int32)); + [#"../07_mutable_capture.rs" 7 8 7 35] res <- ([#"../07_mutable_capture.rs" 7 8 7 35] res1); + [#"../07_mutable_capture.rs" 8 8 8 37] _0 <- ([#"../07_mutable_capture.rs" 8 8 8 37] res); return _0 } @@ -72,18 +72,18 @@ module C07MutableCapture_TestFnmut function field_00 [#"../07_mutable_capture.rs" 8 8 8 37] (self : C07MutableCapture_TestFnmut_Closure1.c07mutablecapture_testfnmut_closure1) : borrowed uint32 = - [#"../07_mutable_capture.rs" 1 0 1 0] let C07MutableCapture_TestFnmut_Closure1.C07MutableCapture_TestFnmut_Closure1 a = self in a + let C07MutableCapture_TestFnmut_Closure1.C07MutableCapture_TestFnmut_Closure1 a = self in a val field_00 [#"../07_mutable_capture.rs" 8 8 8 37] (self : C07MutableCapture_TestFnmut_Closure1.c07mutablecapture_testfnmut_closure1) : borrowed uint32 ensures { result = field_00 self } predicate resolve0 [#"../07_mutable_capture.rs" 8 8 8 37] (_1 : C07MutableCapture_TestFnmut_Closure1.c07mutablecapture_testfnmut_closure1) = - [#"../07_mutable_capture.rs" 1 0 1 0] resolve2 (field_00 _1) + resolve2 (field_00 _1) predicate unnest0 [#"../07_mutable_capture.rs" 8 8 8 37] (self : C07MutableCapture_TestFnmut_Closure1.c07mutablecapture_testfnmut_closure1) (_2 : C07MutableCapture_TestFnmut_Closure1.c07mutablecapture_testfnmut_closure1) = - [#"../07_mutable_capture.rs" 1 0 1 0] ^ field_00 _2 = ^ field_00 self + ^ field_00 _2 = ^ field_00 self predicate resolve1 (self : borrowed C07MutableCapture_TestFnmut_Closure1.c07mutablecapture_testfnmut_closure1) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve1 (self : borrowed C07MutableCapture_TestFnmut_Closure1.c07mutablecapture_testfnmut_closure1) : bool @@ -92,7 +92,7 @@ module C07MutableCapture_TestFnmut val closure10 [#"../07_mutable_capture.rs" 8 8 8 37] (_1 : borrowed C07MutableCapture_TestFnmut_Closure1.c07mutablecapture_testfnmut_closure1) : int32 requires {[#"../07_mutable_capture.rs" 7 19 7 33] UInt32.to_int ( * field_00 ( * _1)) < 1000000} ensures { [#"../07_mutable_capture.rs" 8 18 8 35] UInt32.to_int ( * field_00 ( ^ _1)) = UInt32.to_int ( * field_00 ( * _1)) + 1 } - ensures { [#"../07_mutable_capture.rs" 1 0 1 0] unnest0 ( * _1) ( ^ _1) } + ensures { unnest0 ( * _1) ( ^ _1) } let rec cfg test_fnmut [#"../07_mutable_capture.rs" 5 0 5 29] [@cfg:stackify] [@cfg:subregion_analysis] (x : uint32) : () requires {[#"../07_mutable_capture.rs" 4 11 4 24] UInt32.to_int x = 100000} @@ -110,27 +110,27 @@ module C07MutableCapture_TestFnmut goto BB0 } BB0 { - _4 <- Borrow.borrow_mut x; - x <- ^ _4; - c <- ([#"../07_mutable_capture.rs" 8 8 8 37] C07MutableCapture_TestFnmut_Closure1.C07MutableCapture_TestFnmut_Closure1 _4); + [#"../07_mutable_capture.rs" 8 8 8 37] _4 <- Borrow.borrow_mut x; + [#"../07_mutable_capture.rs" 8 8 8 37] x <- ^ _4; + [#"../07_mutable_capture.rs" 8 8 8 37] c <- ([#"../07_mutable_capture.rs" 8 8 8 37] C07MutableCapture_TestFnmut_Closure1.C07MutableCapture_TestFnmut_Closure1 _4); _4 <- any borrowed uint32; - _6 <- Borrow.borrow_mut c; - c <- ^ _6; - _5 <- ([#"../07_mutable_capture.rs" 14 4 14 7] let () = [#"../07_mutable_capture.rs" 14 4 14 7] () in closure10 _6); + [#"../07_mutable_capture.rs" 14 4 14 5] _6 <- Borrow.borrow_mut c; + [#"../07_mutable_capture.rs" 14 4 14 5] c <- ^ _6; + [#"../07_mutable_capture.rs" 14 4 14 7] _5 <- ([#"../07_mutable_capture.rs" 14 4 14 7] let () = [#"../07_mutable_capture.rs" 14 4 14 7] () in closure10 _6); _6 <- any borrowed C07MutableCapture_TestFnmut_Closure1.c07mutablecapture_testfnmut_closure1; goto BB1 } BB1 { - _9 <- Borrow.borrow_mut c; - c <- ^ _9; - _8 <- ([#"../07_mutable_capture.rs" 15 4 15 7] let () = [#"../07_mutable_capture.rs" 15 4 15 7] () in closure10 _9); + [#"../07_mutable_capture.rs" 15 4 15 5] _9 <- Borrow.borrow_mut c; + [#"../07_mutable_capture.rs" 15 4 15 5] c <- ^ _9; + [#"../07_mutable_capture.rs" 15 4 15 7] _8 <- ([#"../07_mutable_capture.rs" 15 4 15 7] let () = [#"../07_mutable_capture.rs" 15 4 15 7] () in closure10 _9); _9 <- any borrowed C07MutableCapture_TestFnmut_Closure1.c07mutablecapture_testfnmut_closure1; goto BB2 } BB2 { assume { resolve0 c }; assert { [@expl:assertion] [#"../07_mutable_capture.rs" 17 20 17 33] UInt32.to_int x = 100002 }; - _0 <- ([#"../07_mutable_capture.rs" 5 30 18 1] ()); + [#"../07_mutable_capture.rs" 5 30 18 1] _0 <- ([#"../07_mutable_capture.rs" 5 30 18 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/closures/08_multiple_calls.mlcfg b/creusot/tests/should_succeed/closures/08_multiple_calls.mlcfg index 9dda2d0876..7bce55509c 100644 --- a/creusot/tests/should_succeed/closures/08_multiple_calls.mlcfg +++ b/creusot/tests/should_succeed/closures/08_multiple_calls.mlcfg @@ -16,7 +16,7 @@ module C08MultipleCalls_MultiUse_Closure0 function field_00 [#"../08_multiple_calls.rs" 5 12 5 31] (self : C08MultipleCalls_MultiUse_Closure0.c08multiplecalls_multiuse_closure0 t) : t = - [#"../08_multiple_calls.rs" 1 0 1 0] let C08MultipleCalls_MultiUse_Closure0.C08MultipleCalls_MultiUse_Closure0 a = self in a + let C08MultipleCalls_MultiUse_Closure0.C08MultipleCalls_MultiUse_Closure0 a = self in a val field_00 [#"../08_multiple_calls.rs" 5 12 5 31] (self : C08MultipleCalls_MultiUse_Closure0.c08multiplecalls_multiuse_closure0 t) : t ensures { result = field_00 self } @@ -37,8 +37,8 @@ module C08MultipleCalls_MultiUse_Closure0 } BB0 { assume { resolve0 _1 }; - res <- ([#"../08_multiple_calls.rs" 8 8 8 9] [#"../08_multiple_calls.rs" 8 8 8 9] (0 : uint32)); - _0 <- res; + [#"../08_multiple_calls.rs" 8 8 8 9] res <- ([#"../08_multiple_calls.rs" 8 8 8 9] [#"../08_multiple_calls.rs" 8 8 8 9] (0 : uint32)); + [#"../08_multiple_calls.rs" 5 12 5 31] _0 <- ([#"../08_multiple_calls.rs" 5 12 5 31] res); return _0 } @@ -56,7 +56,7 @@ module C08MultipleCalls_MultiUse val inv2 (_x : C08MultipleCalls_MultiUse_Closure0.c08multiplecalls_multiuse_closure0 t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../08_multiple_calls.rs" 1 0 1 0] forall x : C08MultipleCalls_MultiUse_Closure0.c08multiplecalls_multiuse_closure0 t . inv2 x = true + axiom inv2 : forall x : C08MultipleCalls_MultiUse_Closure0.c08multiplecalls_multiuse_closure0 t . inv2 x = true predicate invariant1 (self : C08MultipleCalls_MultiUse_Closure0.c08multiplecalls_multiuse_closure0 t) val invariant1 (self : C08MultipleCalls_MultiUse_Closure0.c08multiplecalls_multiuse_closure0 t) : bool ensures { result = invariant1 self } @@ -65,7 +65,7 @@ module C08MultipleCalls_MultiUse val inv1 (_x : C08MultipleCalls_MultiUse_Closure0.c08multiplecalls_multiuse_closure0 t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../08_multiple_calls.rs" 1 0 1 0] forall x : C08MultipleCalls_MultiUse_Closure0.c08multiplecalls_multiuse_closure0 t . inv1 x = true + axiom inv1 : forall x : C08MultipleCalls_MultiUse_Closure0.c08multiplecalls_multiuse_closure0 t . inv1 x = true predicate invariant0 (self : t) val invariant0 (self : t) : bool ensures { result = invariant0 self } @@ -74,7 +74,7 @@ module C08MultipleCalls_MultiUse val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../08_multiple_calls.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true use prelude.Borrow predicate resolve1 (self : t) val resolve1 (self : t) : bool @@ -84,11 +84,11 @@ module C08MultipleCalls_MultiUse predicate postcondition0 [#"../08_multiple_calls.rs" 5 12 5 31] (self : C08MultipleCalls_MultiUse_Closure0.c08multiplecalls_multiuse_closure0 t) (_ : ()) (result : uint32) = - [#"../08_multiple_calls.rs" 1 0 1 0] true + true function field_00 [#"../08_multiple_calls.rs" 5 12 5 31] (self : C08MultipleCalls_MultiUse_Closure0.c08multiplecalls_multiuse_closure0 t) : t = - [#"../08_multiple_calls.rs" 1 0 1 0] let C08MultipleCalls_MultiUse_Closure0.C08MultipleCalls_MultiUse_Closure0 a = self in a + let C08MultipleCalls_MultiUse_Closure0.C08MultipleCalls_MultiUse_Closure0 a = self in a val field_00 [#"../08_multiple_calls.rs" 5 12 5 31] (self : C08MultipleCalls_MultiUse_Closure0.c08multiplecalls_multiuse_closure0 t) : t ensures { result = field_00 self } @@ -108,7 +108,7 @@ module C08MultipleCalls_MultiUse predicate resolve0 [#"../08_multiple_calls.rs" 5 12 5 31] (_1 : C08MultipleCalls_MultiUse_Closure0.c08multiplecalls_multiuse_closure0 t) = - [#"../08_multiple_calls.rs" 1 0 1 0] resolve2 (field_00 _1) + resolve2 (field_00 _1) let rec cfg multi_use [#"../08_multiple_calls.rs" 4 0 4 26] [@cfg:stackify] [@cfg:subregion_analysis] (x : t) : () requires {[#"../08_multiple_calls.rs" 4 20 4 21] inv0 x} @@ -121,15 +121,15 @@ module C08MultipleCalls_MultiUse goto BB0 } BB0 { - c <- ([#"../08_multiple_calls.rs" 5 12 5 31] C08MultipleCalls_MultiUse_Closure0.C08MultipleCalls_MultiUse_Closure0 ([#"../08_multiple_calls.rs" 5 12 5 31] x)); + [#"../08_multiple_calls.rs" 5 12 5 31] c <- ([#"../08_multiple_calls.rs" 5 12 5 31] C08MultipleCalls_MultiUse_Closure0.C08MultipleCalls_MultiUse_Closure0 ([#"../08_multiple_calls.rs" 5 12 5 31] x)); assume { resolve0 c }; - _4 <- ([#"../08_multiple_calls.rs" 11 4 11 14] uses_fn0 c); + [#"../08_multiple_calls.rs" 11 4 11 14] _4 <- ([#"../08_multiple_calls.rs" 11 4 11 14] uses_fn0 ([#"../08_multiple_calls.rs" 11 12 11 13] c)); goto BB1 } BB1 { assert { [@expl:type invariant] inv0 x }; assume { resolve1 x }; - _0 <- ([#"../08_multiple_calls.rs" 4 27 14 1] ()); + [#"../08_multiple_calls.rs" 4 27 14 1] _0 <- ([#"../08_multiple_calls.rs" 4 27 14 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/constrained_types.mlcfg b/creusot/tests/should_succeed/constrained_types.mlcfg index ae83b595ae..135be116ef 100644 --- a/creusot/tests/should_succeed/constrained_types.mlcfg +++ b/creusot/tests/should_succeed/constrained_types.mlcfg @@ -55,7 +55,7 @@ module ConstrainedTypes_UsesConcreteInstance val inv0 (_x : (uint32, uint32)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../constrained_types.rs" 1 0 1 0] forall x : (uint32, uint32) . inv0 x = true + axiom inv0 : forall x : (uint32, uint32) . inv0 x = true use prelude.Int predicate resolve1 (self : uint32) = [#"../../../../creusot-contracts/src/resolve.rs" 45 8 45 12] true @@ -105,7 +105,7 @@ module ConstrainedTypes_UsesConcreteInstance goto BB0 } BB0 { - _0 <- ([#"../constrained_types.rs" 15 4 15 9] lt0 ([#"../constrained_types.rs" 15 4 15 5] x) ([#"../constrained_types.rs" 15 8 15 9] y)); + [#"../constrained_types.rs" 15 4 15 9] _0 <- ([#"../constrained_types.rs" 15 4 15 9] lt0 ([#"../constrained_types.rs" 15 4 15 5] x) ([#"../constrained_types.rs" 15 8 15 9] y)); goto BB1 } BB1 { diff --git a/creusot/tests/should_succeed/drop_pair.mlcfg b/creusot/tests/should_succeed/drop_pair.mlcfg index 798aaed636..ff80c6ccbf 100644 --- a/creusot/tests/should_succeed/drop_pair.mlcfg +++ b/creusot/tests/should_succeed/drop_pair.mlcfg @@ -26,7 +26,7 @@ module DropPair_DropPair } BB0 { assume { resolve0 _x }; - _0 <- ([#"../drop_pair.rs" 7 43 7 45] ()); + [#"../drop_pair.rs" 7 43 7 45] _0 <- ([#"../drop_pair.rs" 7 43 7 45] ()); return _0 } @@ -55,7 +55,7 @@ module DropPair_DropPair2 } BB0 { assume { resolve0 x }; - _0 <- ([#"../drop_pair.rs" 9 43 11 1] ()); + [#"../drop_pair.rs" 9 43 11 1] _0 <- ([#"../drop_pair.rs" 9 43 11 1] ()); return _0 } @@ -81,12 +81,12 @@ module DropPair_Drop } BB0 { assume { resolve0 _x }; - _3 <- Borrow.borrow_mut ( * y); - y <- { y with current = ^ _3 }; - _x <- _3; - _3 <- any borrowed uint32; + [#"../drop_pair.rs" 16 9 16 10] _3 <- Borrow.borrow_mut ( * y); + [#"../drop_pair.rs" 16 9 16 10] y <- { y with current = ^ _3 }; + [#"../drop_pair.rs" 16 4 16 10] _x <- ([#"../drop_pair.rs" 16 4 16 10] _3); + [#"../drop_pair.rs" 16 4 16 10] _3 <- any borrowed uint32; assume { resolve0 _x }; - _0 <- ([#"../drop_pair.rs" 15 53 17 1] ()); + [#"../drop_pair.rs" 15 53 17 1] _0 <- ([#"../drop_pair.rs" 15 53 17 1] ()); assume { resolve0 y }; return _0 } diff --git a/creusot/tests/should_succeed/duration.mlcfg b/creusot/tests/should_succeed/duration.mlcfg index 655cd66656..75e2b1155e 100644 --- a/creusot/tests/should_succeed/duration.mlcfg +++ b/creusot/tests/should_succeed/duration.mlcfg @@ -32,7 +32,7 @@ module Duration_TestDuration val inv0 (_x : Core_Option_Option_Type.t_option (Core_Time_Duration_Type.t_duration)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../duration.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (Core_Time_Duration_Type.t_duration) . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option (Core_Time_Duration_Type.t_duration) . inv0 x = true use prelude.Int use prelude.UInt64 function secs_to_nanos0 (secs : int) : int @@ -206,12 +206,12 @@ module Duration_TestDuration goto BB0 } BB0 { - zero <- ([#"../duration.rs" 8 15 8 34] new0 ([#"../duration.rs" 8 29 8 30] [#"../duration.rs" 8 29 8 30] (0 : uint64)) ([#"../duration.rs" 8 32 8 33] [#"../duration.rs" 8 32 8 33] (0 : uint32))); + [#"../duration.rs" 8 15 8 34] zero <- ([#"../duration.rs" 8 15 8 34] new0 ([#"../duration.rs" 8 29 8 30] [#"../duration.rs" 8 29 8 30] (0 : uint64)) ([#"../duration.rs" 8 32 8 33] [#"../duration.rs" 8 32 8 33] (0 : uint32))); goto BB1 } BB1 { assert { [@expl:assertion] [#"../duration.rs" 9 18 9 28] shallow_model0 zero = 0 }; - _7 <- ([#"../duration.rs" 10 12 10 27] as_nanos0 ([#"../duration.rs" 10 12 10 27] zero)); + [#"../duration.rs" 10 12 10 27] _7 <- ([#"../duration.rs" 10 12 10 27] as_nanos0 ([#"../duration.rs" 10 12 10 27] zero)); goto BB2 } BB2 { @@ -221,34 +221,35 @@ module Duration_TestDuration end } BB3 { + assert { [#"../duration.rs" 10 4 10 33] false }; absurd } BB4 { - max <- ([#"../duration.rs" 12 14 12 50] new0 ([#"../duration.rs" 12 28 12 36] [#"../duration.rs" 12 28 12 36] (18446744073709551615 : uint64)) ([#"../duration.rs" 12 38 12 49] [#"../duration.rs" 12 38 12 49] (999999999 : uint32))); + [#"../duration.rs" 12 14 12 50] max <- ([#"../duration.rs" 12 14 12 50] new0 ([#"../duration.rs" 12 28 12 36] [#"../duration.rs" 12 28 12 36] (18446744073709551615 : uint64)) ([#"../duration.rs" 12 38 12 49] [#"../duration.rs" 12 38 12 49] (999999999 : uint32))); goto BB5 } BB5 { - d_secs <- ([#"../duration.rs" 14 17 14 39] from_secs0 ([#"../duration.rs" 14 37 14 38] [#"../duration.rs" 14 37 14 38] (1 : uint64))); + [#"../duration.rs" 14 17 14 39] d_secs <- ([#"../duration.rs" 14 17 14 39] from_secs0 ([#"../duration.rs" 14 37 14 38] [#"../duration.rs" 14 37 14 38] (1 : uint64))); goto BB6 } BB6 { assert { [@expl:assertion] [#"../duration.rs" 15 18 15 42] shallow_model0 d_secs = 1000000000 }; - d_millis <- ([#"../duration.rs" 17 19 17 43] from_millis0 ([#"../duration.rs" 17 41 17 42] [#"../duration.rs" 17 41 17 42] (1 : uint64))); + [#"../duration.rs" 17 19 17 43] d_millis <- ([#"../duration.rs" 17 19 17 43] from_millis0 ([#"../duration.rs" 17 41 17 42] [#"../duration.rs" 17 41 17 42] (1 : uint64))); goto BB7 } BB7 { assert { [@expl:assertion] [#"../duration.rs" 18 18 18 40] shallow_model0 d_millis = 1000000 }; - d_micros <- ([#"../duration.rs" 20 19 20 43] from_micros0 ([#"../duration.rs" 20 41 20 42] [#"../duration.rs" 20 41 20 42] (1 : uint64))); + [#"../duration.rs" 20 19 20 43] d_micros <- ([#"../duration.rs" 20 19 20 43] from_micros0 ([#"../duration.rs" 20 41 20 42] [#"../duration.rs" 20 41 20 42] (1 : uint64))); goto BB8 } BB8 { assert { [@expl:assertion] [#"../duration.rs" 21 18 21 36] shallow_model0 d_micros = 1000 }; - d_nanos <- ([#"../duration.rs" 23 18 23 41] from_nanos0 ([#"../duration.rs" 23 39 23 40] [#"../duration.rs" 23 39 23 40] (1 : uint64))); + [#"../duration.rs" 23 18 23 41] d_nanos <- ([#"../duration.rs" 23 18 23 41] from_nanos0 ([#"../duration.rs" 23 39 23 40] [#"../duration.rs" 23 39 23 40] (1 : uint64))); goto BB9 } BB9 { assert { [@expl:assertion] [#"../duration.rs" 24 18 24 31] shallow_model0 d_nanos = 1 }; - _25 <- ([#"../duration.rs" 26 12 26 26] is_zero0 ([#"../duration.rs" 26 12 26 26] zero)); + [#"../duration.rs" 26 12 26 26] _25 <- ([#"../duration.rs" 26 12 26 26] is_zero0 ([#"../duration.rs" 26 12 26 26] zero)); goto BB10 } BB10 { @@ -258,10 +259,11 @@ module Duration_TestDuration end } BB11 { + assert { [#"../duration.rs" 26 4 26 27] false }; absurd } BB12 { - _31 <- ([#"../duration.rs" 27 13 27 29] is_zero0 ([#"../duration.rs" 27 13 27 29] d_secs)); + [#"../duration.rs" 27 13 27 29] _31 <- ([#"../duration.rs" 27 13 27 29] is_zero0 ([#"../duration.rs" 27 13 27 29] d_secs)); goto BB13 } BB13 { @@ -271,10 +273,11 @@ module Duration_TestDuration end } BB14 { + assert { [#"../duration.rs" 27 4 27 30] false }; absurd } BB15 { - _37 <- ([#"../duration.rs" 29 17 29 33] as_secs0 ([#"../duration.rs" 29 17 29 33] d_secs)); + [#"../duration.rs" 29 17 29 33] _37 <- ([#"../duration.rs" 29 17 29 33] as_secs0 ([#"../duration.rs" 29 17 29 33] d_secs)); goto BB16 } BB16 { @@ -284,10 +287,11 @@ module Duration_TestDuration end } BB17 { + assert { [#"../duration.rs" 29 4 29 34] false }; absurd } BB18 { - _43 <- ([#"../duration.rs" 30 17 30 39] subsec_millis0 ([#"../duration.rs" 30 17 30 39] d_secs)); + [#"../duration.rs" 30 17 30 39] _43 <- ([#"../duration.rs" 30 17 30 39] subsec_millis0 ([#"../duration.rs" 30 17 30 39] d_secs)); goto BB19 } BB19 { @@ -297,10 +301,11 @@ module Duration_TestDuration end } BB20 { + assert { [#"../duration.rs" 30 4 30 40] false }; absurd } BB21 { - _49 <- ([#"../duration.rs" 31 17 31 39] subsec_micros0 ([#"../duration.rs" 31 17 31 39] d_secs)); + [#"../duration.rs" 31 17 31 39] _49 <- ([#"../duration.rs" 31 17 31 39] subsec_micros0 ([#"../duration.rs" 31 17 31 39] d_secs)); goto BB22 } BB22 { @@ -310,10 +315,11 @@ module Duration_TestDuration end } BB23 { + assert { [#"../duration.rs" 31 4 31 40] false }; absurd } BB24 { - _55 <- ([#"../duration.rs" 32 17 32 38] subsec_nanos0 ([#"../duration.rs" 32 17 32 38] d_secs)); + [#"../duration.rs" 32 17 32 38] _55 <- ([#"../duration.rs" 32 17 32 38] subsec_nanos0 ([#"../duration.rs" 32 17 32 38] d_secs)); goto BB25 } BB25 { @@ -323,14 +329,15 @@ module Duration_TestDuration end } BB26 { + assert { [#"../duration.rs" 32 4 32 39] false }; absurd } BB27 { - _62 <- ([#"../duration.rs" 34 12 34 36] subsec_millis0 ([#"../duration.rs" 34 12 34 36] d_millis)); + [#"../duration.rs" 34 12 34 36] _62 <- ([#"../duration.rs" 34 12 34 36] subsec_millis0 ([#"../duration.rs" 34 12 34 36] d_millis)); goto BB28 } BB28 { - _64 <- ([#"../duration.rs" 34 48 34 68] as_millis0 ([#"../duration.rs" 34 48 34 68] d_millis)); + [#"../duration.rs" 34 48 34 68] _64 <- ([#"../duration.rs" 34 48 34 68] as_millis0 ([#"../duration.rs" 34 48 34 68] d_millis)); goto BB29 } BB29 { @@ -340,14 +347,15 @@ module Duration_TestDuration end } BB30 { + assert { [#"../duration.rs" 34 4 34 69] false }; absurd } BB31 { - _71 <- ([#"../duration.rs" 35 12 35 36] subsec_micros0 ([#"../duration.rs" 35 12 35 36] d_micros)); + [#"../duration.rs" 35 12 35 36] _71 <- ([#"../duration.rs" 35 12 35 36] subsec_micros0 ([#"../duration.rs" 35 12 35 36] d_micros)); goto BB32 } BB32 { - _73 <- ([#"../duration.rs" 35 48 35 68] as_micros0 ([#"../duration.rs" 35 48 35 68] d_micros)); + [#"../duration.rs" 35 48 35 68] _73 <- ([#"../duration.rs" 35 48 35 68] as_micros0 ([#"../duration.rs" 35 48 35 68] d_micros)); goto BB33 } BB33 { @@ -357,14 +365,15 @@ module Duration_TestDuration end } BB34 { + assert { [#"../duration.rs" 35 4 35 69] false }; absurd } BB35 { - _80 <- ([#"../duration.rs" 36 12 36 34] subsec_nanos0 ([#"../duration.rs" 36 12 36 34] d_nanos)); + [#"../duration.rs" 36 12 36 34] _80 <- ([#"../duration.rs" 36 12 36 34] subsec_nanos0 ([#"../duration.rs" 36 12 36 34] d_nanos)); goto BB36 } BB36 { - _82 <- ([#"../duration.rs" 36 46 36 64] as_nanos0 ([#"../duration.rs" 36 46 36 64] d_nanos)); + [#"../duration.rs" 36 46 36 64] _82 <- ([#"../duration.rs" 36 46 36 64] as_nanos0 ([#"../duration.rs" 36 46 36 64] d_nanos)); goto BB37 } BB37 { @@ -374,14 +383,15 @@ module Duration_TestDuration end } BB38 { + assert { [#"../duration.rs" 36 4 36 65] false }; absurd } BB39 { - _89 <- ([#"../duration.rs" 38 12 38 35] checked_add0 d_secs max); + [#"../duration.rs" 38 12 38 35] _89 <- ([#"../duration.rs" 38 12 38 35] checked_add0 ([#"../duration.rs" 38 12 38 18] d_secs) ([#"../duration.rs" 38 31 38 34] max)); goto BB40 } BB40 { - _87 <- ([#"../duration.rs" 38 12 38 45] is_none0 ([#"../duration.rs" 38 12 38 45] _89)); + [#"../duration.rs" 38 12 38 45] _87 <- ([#"../duration.rs" 38 12 38 45] is_none0 ([#"../duration.rs" 38 12 38 45] _89)); goto BB41 } BB41 { @@ -391,14 +401,15 @@ module Duration_TestDuration end } BB42 { + assert { [#"../duration.rs" 38 4 38 46] false }; absurd } BB43 { - _97 <- ([#"../duration.rs" 39 12 39 38] checked_add0 d_secs d_secs); + [#"../duration.rs" 39 12 39 38] _97 <- ([#"../duration.rs" 39 12 39 38] checked_add0 ([#"../duration.rs" 39 12 39 18] d_secs) ([#"../duration.rs" 39 31 39 37] d_secs)); goto BB44 } BB44 { - _95 <- ([#"../duration.rs" 39 12 39 48] is_some0 ([#"../duration.rs" 39 12 39 48] _97)); + [#"../duration.rs" 39 12 39 48] _95 <- ([#"../duration.rs" 39 12 39 48] is_some0 ([#"../duration.rs" 39 12 39 48] _97)); goto BB45 } BB45 { @@ -408,14 +419,15 @@ module Duration_TestDuration end } BB46 { + assert { [#"../duration.rs" 39 4 39 49] false }; absurd } BB47 { - _105 <- ([#"../duration.rs" 41 12 41 35] checked_sub0 d_secs max); + [#"../duration.rs" 41 12 41 35] _105 <- ([#"../duration.rs" 41 12 41 35] checked_sub0 ([#"../duration.rs" 41 12 41 18] d_secs) ([#"../duration.rs" 41 31 41 34] max)); goto BB48 } BB48 { - _103 <- ([#"../duration.rs" 41 12 41 45] is_none0 ([#"../duration.rs" 41 12 41 45] _105)); + [#"../duration.rs" 41 12 41 45] _103 <- ([#"../duration.rs" 41 12 41 45] is_none0 ([#"../duration.rs" 41 12 41 45] _105)); goto BB49 } BB49 { @@ -425,14 +437,15 @@ module Duration_TestDuration end } BB50 { + assert { [#"../duration.rs" 41 4 41 46] false }; absurd } BB51 { - _113 <- ([#"../duration.rs" 42 12 42 40] checked_sub0 d_secs d_millis); + [#"../duration.rs" 42 12 42 40] _113 <- ([#"../duration.rs" 42 12 42 40] checked_sub0 ([#"../duration.rs" 42 12 42 18] d_secs) ([#"../duration.rs" 42 31 42 39] d_millis)); goto BB52 } BB52 { - _111 <- ([#"../duration.rs" 42 12 42 50] is_some0 ([#"../duration.rs" 42 12 42 50] _113)); + [#"../duration.rs" 42 12 42 50] _111 <- ([#"../duration.rs" 42 12 42 50] is_some0 ([#"../duration.rs" 42 12 42 50] _113)); goto BB53 } BB53 { @@ -442,14 +455,15 @@ module Duration_TestDuration end } BB54 { + assert { [#"../duration.rs" 42 4 42 51] false }; absurd } BB55 { - _121 <- ([#"../duration.rs" 44 12 44 30] checked_mul0 max ([#"../duration.rs" 44 28 44 29] [#"../duration.rs" 44 28 44 29] (2 : uint32))); + [#"../duration.rs" 44 12 44 30] _121 <- ([#"../duration.rs" 44 12 44 30] checked_mul0 ([#"../duration.rs" 44 12 44 15] max) ([#"../duration.rs" 44 28 44 29] [#"../duration.rs" 44 28 44 29] (2 : uint32))); goto BB56 } BB56 { - _119 <- ([#"../duration.rs" 44 12 44 40] is_none0 ([#"../duration.rs" 44 12 44 40] _121)); + [#"../duration.rs" 44 12 44 40] _119 <- ([#"../duration.rs" 44 12 44 40] is_none0 ([#"../duration.rs" 44 12 44 40] _121)); goto BB57 } BB57 { @@ -459,14 +473,15 @@ module Duration_TestDuration end } BB58 { + assert { [#"../duration.rs" 44 4 44 41] false }; absurd } BB59 { - _128 <- ([#"../duration.rs" 45 12 45 34] checked_mul0 d_secs ([#"../duration.rs" 45 31 45 33] [#"../duration.rs" 45 31 45 33] (10 : uint32))); + [#"../duration.rs" 45 12 45 34] _128 <- ([#"../duration.rs" 45 12 45 34] checked_mul0 ([#"../duration.rs" 45 12 45 18] d_secs) ([#"../duration.rs" 45 31 45 33] [#"../duration.rs" 45 31 45 33] (10 : uint32))); goto BB60 } BB60 { - _126 <- ([#"../duration.rs" 45 12 45 44] is_some0 ([#"../duration.rs" 45 12 45 44] _128)); + [#"../duration.rs" 45 12 45 44] _126 <- ([#"../duration.rs" 45 12 45 44] is_some0 ([#"../duration.rs" 45 12 45 44] _128)); goto BB61 } BB61 { @@ -476,14 +491,15 @@ module Duration_TestDuration end } BB62 { + assert { [#"../duration.rs" 45 4 45 45] false }; absurd } BB63 { - _135 <- ([#"../duration.rs" 47 12 47 33] checked_div0 d_secs ([#"../duration.rs" 47 31 47 32] [#"../duration.rs" 47 31 47 32] (0 : uint32))); + [#"../duration.rs" 47 12 47 33] _135 <- ([#"../duration.rs" 47 12 47 33] checked_div0 ([#"../duration.rs" 47 12 47 18] d_secs) ([#"../duration.rs" 47 31 47 32] [#"../duration.rs" 47 31 47 32] (0 : uint32))); goto BB64 } BB64 { - _133 <- ([#"../duration.rs" 47 12 47 43] is_none0 ([#"../duration.rs" 47 12 47 43] _135)); + [#"../duration.rs" 47 12 47 43] _133 <- ([#"../duration.rs" 47 12 47 43] is_none0 ([#"../duration.rs" 47 12 47 43] _135)); goto BB65 } BB65 { @@ -493,14 +509,15 @@ module Duration_TestDuration end } BB66 { + assert { [#"../duration.rs" 47 4 47 44] false }; absurd } BB67 { - _142 <- ([#"../duration.rs" 48 12 48 34] checked_div0 d_secs ([#"../duration.rs" 48 31 48 33] [#"../duration.rs" 48 31 48 33] (10 : uint32))); + [#"../duration.rs" 48 12 48 34] _142 <- ([#"../duration.rs" 48 12 48 34] checked_div0 ([#"../duration.rs" 48 12 48 18] d_secs) ([#"../duration.rs" 48 31 48 33] [#"../duration.rs" 48 31 48 33] (10 : uint32))); goto BB68 } BB68 { - _140 <- ([#"../duration.rs" 48 12 48 44] is_some0 ([#"../duration.rs" 48 12 48 44] _142)); + [#"../duration.rs" 48 12 48 44] _140 <- ([#"../duration.rs" 48 12 48 44] is_some0 ([#"../duration.rs" 48 12 48 44] _142)); goto BB69 } BB69 { @@ -510,20 +527,21 @@ module Duration_TestDuration end } BB70 { + assert { [#"../duration.rs" 48 4 48 45] false }; absurd } BB71 { - sum <- ([#"../duration.rs" 50 14 50 33] add0 d_millis d_micros); + [#"../duration.rs" 50 14 50 33] sum <- ([#"../duration.rs" 50 14 50 33] add0 ([#"../duration.rs" 50 14 50 22] d_millis) ([#"../duration.rs" 50 25 50 33] d_micros)); goto BB72 } BB72 { - difference <- ([#"../duration.rs" 51 21 51 40] sub0 d_millis d_micros); + [#"../duration.rs" 51 21 51 40] difference <- ([#"../duration.rs" 51 21 51 40] sub0 ([#"../duration.rs" 51 21 51 29] d_millis) ([#"../duration.rs" 51 32 51 40] d_micros)); goto BB73 } BB73 { assert { [@expl:assertion] [#"../duration.rs" 52 18 52 35] shallow_model0 sum = 1001000 }; assert { [@expl:assertion] [#"../duration.rs" 53 18 53 39] shallow_model0 difference = 999000 }; - _0 <- ([#"../duration.rs" 7 23 54 1] ()); + [#"../duration.rs" 7 23 54 1] _0 <- ([#"../duration.rs" 7 23 54 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/filter_positive.mlcfg b/creusot/tests/should_succeed/filter_positive.mlcfg index 95534ae424..b22ab0df12 100644 --- a/creusot/tests/should_succeed/filter_positive.mlcfg +++ b/creusot/tests/should_succeed/filter_positive.mlcfg @@ -113,7 +113,7 @@ module FilterPositive_M val inv7 (_x : borrowed int32) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../filter_positive.rs" 1 0 1 0] forall x : borrowed int32 . inv7 x = true + axiom inv7 : forall x : borrowed int32 . inv7 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type predicate invariant6 (self : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global))) = @@ -125,7 +125,7 @@ module FilterPositive_M val inv6 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../filter_positive.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) . inv6 x = true + axiom inv6 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) . inv6 x = true predicate invariant5 (self : int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant5 (self : int32) : bool @@ -135,7 +135,7 @@ module FilterPositive_M val inv5 (_x : int32) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../filter_positive.rs" 1 0 1 0] forall x : int32 . inv5 x = true + axiom inv5 : forall x : int32 . inv5 x = true use prelude.UIntSize predicate invariant4 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -146,7 +146,7 @@ module FilterPositive_M val inv4 (_x : usize) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../filter_positive.rs" 1 0 1 0] forall x : usize . inv4 x = true + axiom inv4 : forall x : usize . inv4 x = true predicate invariant3 (self : int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : int32) : bool @@ -156,7 +156,7 @@ module FilterPositive_M val inv3 (_x : int32) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../filter_positive.rs" 1 0 1 0] forall x : int32 . inv3 x = true + axiom inv3 : forall x : int32 . inv3 x = true predicate invariant2 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool @@ -166,7 +166,7 @@ module FilterPositive_M val inv2 (_x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../filter_positive.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv2 x = true + axiom inv2 : forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv2 x = true use seq.Seq predicate invariant1 (self : Seq.seq int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -177,7 +177,7 @@ module FilterPositive_M val inv1 (_x : Seq.seq int32) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../filter_positive.rs" 1 0 1 0] forall x : Seq.seq int32 . inv1 x = true + axiom inv1 : forall x : Seq.seq int32 . inv1 x = true use prelude.Int use prelude.UIntSize let constant max0 : usize = [@vc:do_not_keep_trace] [@vc:sp] @@ -198,7 +198,7 @@ module FilterPositive_M val invariant0 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../filter_positive.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true predicate resolve1 (self : borrowed int32) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve1 (self : borrowed int32) : bool @@ -331,8 +331,8 @@ module FilterPositive_M goto BB0 } BB0 { - count <- ([#"../filter_positive.rs" 83 27 83 28] [#"../filter_positive.rs" 83 27 83 28] (0 : usize)); - i <- ([#"../filter_positive.rs" 84 23 84 24] [#"../filter_positive.rs" 84 23 84 24] (0 : usize)); + [#"../filter_positive.rs" 83 27 83 28] count <- ([#"../filter_positive.rs" 83 27 83 28] [#"../filter_positive.rs" 83 27 83 28] (0 : usize)); + [#"../filter_positive.rs" 84 23 84 24] i <- ([#"../filter_positive.rs" 84 23 84 24] [#"../filter_positive.rs" 84 23 84 24] (0 : usize)); goto BB1 } BB1 { @@ -348,46 +348,46 @@ module FilterPositive_M goto BB4 } BB4 { - _12 <- ([#"../filter_positive.rs" 89 14 89 21] len1 ([#"../filter_positive.rs" 89 14 89 21] t)); + [#"../filter_positive.rs" 89 14 89 21] _12 <- ([#"../filter_positive.rs" 89 14 89 21] len1 ([#"../filter_positive.rs" 89 14 89 21] t)); goto BB5 } BB5 { - switch ([#"../filter_positive.rs" 89 10 89 21] i < _12) + switch ([#"../filter_positive.rs" 89 10 89 21] ([#"../filter_positive.rs" 89 10 89 11] i) < _12) | False -> goto BB11 | True -> goto BB6 end } BB6 { - _17 <- ([#"../filter_positive.rs" 90 11 90 15] index0 ([#"../filter_positive.rs" 90 11 90 12] t) i); + [#"../filter_positive.rs" 90 11 90 15] _17 <- ([#"../filter_positive.rs" 90 11 90 15] index0 ([#"../filter_positive.rs" 90 11 90 12] t) ([#"../filter_positive.rs" 90 13 90 14] i)); goto BB7 } BB7 { - switch ([#"../filter_positive.rs" 90 11 90 19] _17 > ([#"../filter_positive.rs" 90 18 90 19] [#"../filter_positive.rs" 90 18 90 19] (0 : int32))) + switch ([#"../filter_positive.rs" 90 11 90 19] ([#"../filter_positive.rs" 90 11 90 15] _17) > ([#"../filter_positive.rs" 90 18 90 19] [#"../filter_positive.rs" 90 18 90 19] (0 : int32))) | False -> goto BB9 | True -> goto BB8 end } BB8 { - count <- ([#"../filter_positive.rs" 91 12 91 22] count + ([#"../filter_positive.rs" 91 21 91 22] [#"../filter_positive.rs" 91 21 91 22] (1 : usize))); - _14 <- ([#"../filter_positive.rs" 91 12 91 22] ()); + [#"../filter_positive.rs" 91 12 91 22] count <- ([#"../filter_positive.rs" 91 12 91 22] count + ([#"../filter_positive.rs" 91 21 91 22] [#"../filter_positive.rs" 91 21 91 22] (1 : usize))); + [#"../filter_positive.rs" 91 12 91 22] _14 <- ([#"../filter_positive.rs" 91 12 91 22] ()); goto BB10 } BB9 { - _14 <- ([#"../filter_positive.rs" 92 9 92 9] ()); + [#"../filter_positive.rs" 92 9 92 9] _14 <- ([#"../filter_positive.rs" 92 9 92 9] ()); goto BB10 } BB10 { - i <- ([#"../filter_positive.rs" 93 8 93 14] i + ([#"../filter_positive.rs" 93 13 93 14] [#"../filter_positive.rs" 93 13 93 14] (1 : usize))); - _9 <- ([#"../filter_positive.rs" 89 22 94 5] ()); + [#"../filter_positive.rs" 93 8 93 14] i <- ([#"../filter_positive.rs" 93 8 93 14] i + ([#"../filter_positive.rs" 93 13 93 14] [#"../filter_positive.rs" 93 13 93 14] (1 : usize))); + [#"../filter_positive.rs" 89 22 94 5] _9 <- ([#"../filter_positive.rs" 89 22 94 5] ()); goto BB3 } BB11 { - u <- ([#"../filter_positive.rs" 95 26 95 40] from_elem0 ([#"../filter_positive.rs" 95 31 95 32] [#"../filter_positive.rs" 95 31 95 32] (0 : int32)) count); + [#"../../../../creusot-contracts/src/lib.rs" 250 8 250 40] u <- ([#"../filter_positive.rs" 95 26 95 40] from_elem0 ([#"../filter_positive.rs" 95 31 95 32] [#"../filter_positive.rs" 95 31 95 32] (0 : int32)) ([#"../filter_positive.rs" 95 34 95 39] count)); goto BB12 } BB12 { - count <- ([#"../filter_positive.rs" 96 12 96 13] [#"../filter_positive.rs" 96 12 96 13] (0 : usize)); - i <- ([#"../filter_positive.rs" 98 8 98 9] [#"../filter_positive.rs" 98 8 98 9] (0 : usize)); + [#"../filter_positive.rs" 96 4 96 13] count <- ([#"../filter_positive.rs" 96 4 96 13] [#"../filter_positive.rs" 96 12 96 13] (0 : usize)); + [#"../filter_positive.rs" 98 4 98 9] i <- ([#"../filter_positive.rs" 98 4 98 9] [#"../filter_positive.rs" 98 8 98 9] (0 : usize)); goto BB13 } BB13 { @@ -402,21 +402,21 @@ module FilterPositive_M goto BB16 } BB16 { - _30 <- ([#"../filter_positive.rs" 102 14 102 21] len1 ([#"../filter_positive.rs" 102 14 102 21] t)); + [#"../filter_positive.rs" 102 14 102 21] _30 <- ([#"../filter_positive.rs" 102 14 102 21] len1 ([#"../filter_positive.rs" 102 14 102 21] t)); goto BB17 } BB17 { - switch ([#"../filter_positive.rs" 102 10 102 21] i < _30) + switch ([#"../filter_positive.rs" 102 10 102 21] ([#"../filter_positive.rs" 102 10 102 11] i) < _30) | False -> goto BB27 | True -> goto BB18 end } BB18 { - _35 <- ([#"../filter_positive.rs" 103 11 103 15] index0 ([#"../filter_positive.rs" 103 11 103 12] t) i); + [#"../filter_positive.rs" 103 11 103 15] _35 <- ([#"../filter_positive.rs" 103 11 103 15] index0 ([#"../filter_positive.rs" 103 11 103 12] t) ([#"../filter_positive.rs" 103 13 103 14] i)); goto BB19 } BB19 { - switch ([#"../filter_positive.rs" 103 11 103 19] _35 > ([#"../filter_positive.rs" 103 18 103 19] [#"../filter_positive.rs" 103 18 103 19] (0 : int32))) + switch ([#"../filter_positive.rs" 103 11 103 19] ([#"../filter_positive.rs" 103 11 103 15] _35) > ([#"../filter_positive.rs" 103 18 103 19] [#"../filter_positive.rs" 103 18 103 19] (0 : int32))) | False -> goto BB25 | True -> goto BB20 end @@ -430,36 +430,36 @@ module FilterPositive_M goto BB22 } BB22 { - _43 <- ([#"../filter_positive.rs" 113 23 113 27] index0 ([#"../filter_positive.rs" 113 23 113 24] t) i); + [#"../filter_positive.rs" 113 23 113 27] _43 <- ([#"../filter_positive.rs" 113 23 113 27] index0 ([#"../filter_positive.rs" 113 23 113 24] t) ([#"../filter_positive.rs" 113 25 113 26] i)); goto BB23 } BB23 { - _47 <- Borrow.borrow_mut u; - u <- ^ _47; - _46 <- ([#"../filter_positive.rs" 113 12 113 20] index_mut0 _47 count); + [#"../filter_positive.rs" 113 12 113 13] _47 <- Borrow.borrow_mut u; + [#"../filter_positive.rs" 113 12 113 13] u <- ^ _47; + [#"../filter_positive.rs" 113 12 113 20] _46 <- ([#"../filter_positive.rs" 113 12 113 20] index_mut0 _47 ([#"../filter_positive.rs" 113 14 113 19] count)); _47 <- any borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)); goto BB24 } BB24 { - _46 <- { _46 with current = _43 }; + [#"../filter_positive.rs" 113 12 113 27] _46 <- { _46 with current = ([#"../filter_positive.rs" 113 23 113 27] _43) }; assume { resolve1 _46 }; - count <- ([#"../filter_positive.rs" 114 12 114 22] count + ([#"../filter_positive.rs" 114 21 114 22] [#"../filter_positive.rs" 114 21 114 22] (1 : usize))); - _32 <- ([#"../filter_positive.rs" 103 20 115 9] ()); + [#"../filter_positive.rs" 114 12 114 22] count <- ([#"../filter_positive.rs" 114 12 114 22] count + ([#"../filter_positive.rs" 114 21 114 22] [#"../filter_positive.rs" 114 21 114 22] (1 : usize))); + [#"../filter_positive.rs" 103 20 115 9] _32 <- ([#"../filter_positive.rs" 103 20 115 9] ()); goto BB26 } BB25 { - _32 <- ([#"../filter_positive.rs" 115 9 115 9] ()); + [#"../filter_positive.rs" 115 9 115 9] _32 <- ([#"../filter_positive.rs" 115 9 115 9] ()); goto BB26 } BB26 { - i <- ([#"../filter_positive.rs" 116 8 116 14] i + ([#"../filter_positive.rs" 116 13 116 14] [#"../filter_positive.rs" 116 13 116 14] (1 : usize))); - _9 <- ([#"../filter_positive.rs" 102 22 117 5] ()); + [#"../filter_positive.rs" 116 8 116 14] i <- ([#"../filter_positive.rs" 116 8 116 14] i + ([#"../filter_positive.rs" 116 13 116 14] [#"../filter_positive.rs" 116 13 116 14] (1 : usize))); + [#"../filter_positive.rs" 102 22 117 5] _9 <- ([#"../filter_positive.rs" 102 22 117 5] ()); goto BB15 } BB27 { assume { resolve0 t }; - _0 <- u; - u <- any Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global); + [#"../filter_positive.rs" 118 11 118 12] _0 <- ([#"../filter_positive.rs" 118 11 118 12] u); + [#"../filter_positive.rs" 118 11 118 12] u <- any Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global); goto BB28 } BB28 { diff --git a/creusot/tests/should_succeed/hashmap.mlcfg b/creusot/tests/should_succeed/hashmap.mlcfg index 6eac75d0fe..9976957249 100644 --- a/creusot/tests/should_succeed/hashmap.mlcfg +++ b/creusot/tests/should_succeed/hashmap.mlcfg @@ -54,7 +54,7 @@ module Hashmap_Impl2_Hash goto BB0 } BB0 { - _0 <- ([#"../hashmap.rs" 60 8 60 20] UInt64.of_int (UIntSize.to_int self)); + [#"../hashmap.rs" 60 8 60 20] _0 <- ([#"../hashmap.rs" 60 8 60 20] UInt64.of_int (UIntSize.to_int ([#"../hashmap.rs" 60 8 60 13] self))); return _0 } @@ -123,7 +123,7 @@ module Hashmap_Impl5_New val inv5 (_x : v) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../hashmap.rs" 1 0 1 0] forall x : v . inv5 x = true + axiom inv5 : forall x : v . inv5 x = true use Hashmap_List_Type as Hashmap_List_Type use seq.Seq predicate invariant4 (self : Seq.seq (Hashmap_List_Type.t_list (k, v))) @@ -134,7 +134,7 @@ module Hashmap_Impl5_New val inv4 (_x : Seq.seq (Hashmap_List_Type.t_list (k, v))) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../hashmap.rs" 1 0 1 0] forall x : Seq.seq (Hashmap_List_Type.t_list (k, v)) . inv4 x = true + axiom inv4 : forall x : Seq.seq (Hashmap_List_Type.t_list (k, v)) . inv4 x = true use prelude.UIntSize use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -161,7 +161,7 @@ module Hashmap_Impl5_New val invariant3 (self : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../hashmap.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global) . inv3 x = true + axiom inv3 : forall x : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global) . inv3 x = true predicate invariant2 (self : Hashmap_List_Type.t_list (k, v)) val invariant2 (self : Hashmap_List_Type.t_list (k, v)) : bool ensures { result = invariant2 self } @@ -170,7 +170,7 @@ module Hashmap_Impl5_New val inv2 (_x : Hashmap_List_Type.t_list (k, v)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../hashmap.rs" 1 0 1 0] forall x : Hashmap_List_Type.t_list (k, v) . inv2 x = true + axiom inv2 : forall x : Hashmap_List_Type.t_list (k, v) . inv2 x = true use Hashmap_MyHashMap_Type as Hashmap_MyHashMap_Type predicate invariant1 (self : Hashmap_MyHashMap_Type.t_myhashmap k v) val invariant1 (self : Hashmap_MyHashMap_Type.t_myhashmap k v) : bool @@ -180,7 +180,7 @@ module Hashmap_Impl5_New val inv1 (_x : Hashmap_MyHashMap_Type.t_myhashmap k v) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../hashmap.rs" 1 0 1 0] forall x : Hashmap_MyHashMap_Type.t_myhashmap k v . inv1 x = true + axiom inv1 : forall x : Hashmap_MyHashMap_Type.t_myhashmap k v . inv1 x = true type deep_model_ty0 predicate invariant0 (self : deep_model_ty0) val invariant0 (self : deep_model_ty0) : bool @@ -190,7 +190,7 @@ module Hashmap_Impl5_New val inv0 (_x : deep_model_ty0) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../hashmap.rs" 1 0 1 0] forall x : deep_model_ty0 . inv0 x = true + axiom inv0 : forall x : deep_model_ty0 . inv0 x = true use Core_Option_Option_Type as Core_Option_Option_Type use map.Map use prelude.Mapping @@ -289,17 +289,17 @@ module Hashmap_Impl5_New goto BB0 } BB0 { - _6 <- ([#"../hashmap.rs" 99 39 99 60] from_elem0 ([#"../hashmap.rs" 99 44 99 53] Hashmap_List_Type.C_Nil) size); + [#"../../../../creusot-contracts/src/lib.rs" 250 8 250 40] _6 <- ([#"../hashmap.rs" 99 39 99 60] from_elem0 ([#"../hashmap.rs" 99 44 99 53] Hashmap_List_Type.C_Nil) ([#"../hashmap.rs" 99 55 99 59] size)); goto BB1 } BB1 { - res <- ([#"../hashmap.rs" 99 18 99 62] Hashmap_MyHashMap_Type.C_MyHashMap _6); + [#"../hashmap.rs" 99 18 99 62] res <- ([#"../hashmap.rs" 99 18 99 62] Hashmap_MyHashMap_Type.C_MyHashMap _6); _6 <- any Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global); goto BB2 } BB2 { - _0 <- res; - res <- any Hashmap_MyHashMap_Type.t_myhashmap k v; + [#"../hashmap.rs" 100 8 100 11] _0 <- ([#"../hashmap.rs" 100 8 100 11] res); + [#"../hashmap.rs" 100 8 100 11] res <- any Hashmap_MyHashMap_Type.t_myhashmap k v; goto BB3 } BB3 { @@ -326,7 +326,7 @@ module Hashmap_Impl5_Add val inv17 (_x : Seq.seq (Hashmap_List_Type.t_list (k, v))) : bool ensures { result = inv17 _x } - axiom inv17 : [#"../hashmap.rs" 1 0 1 0] forall x : Seq.seq (Hashmap_List_Type.t_list (k, v)) . inv17 x = true + axiom inv17 : forall x : Seq.seq (Hashmap_List_Type.t_list (k, v)) . inv17 x = true use prelude.UIntSize predicate invariant16 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -337,7 +337,7 @@ module Hashmap_Impl5_Add val inv16 (_x : usize) : bool ensures { result = inv16 _x } - axiom inv16 : [#"../hashmap.rs" 1 0 1 0] forall x : usize . inv16 x = true + axiom inv16 : forall x : usize . inv16 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Borrow @@ -351,7 +351,7 @@ module Hashmap_Impl5_Add val inv15 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv15 _x } - axiom inv15 : [#"../hashmap.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global)) . inv15 x = true + axiom inv15 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global)) . inv15 x = true predicate invariant14 (self : k) val invariant14 (self : k) : bool ensures { result = invariant14 self } @@ -360,7 +360,7 @@ module Hashmap_Impl5_Add val inv14 (_x : k) : bool ensures { result = inv14 _x } - axiom inv14 : [#"../hashmap.rs" 1 0 1 0] forall x : k . inv14 x = true + axiom inv14 : forall x : k . inv14 x = true predicate invariant13 (self : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global)) val invariant13 (self : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global)) : bool @@ -370,7 +370,7 @@ module Hashmap_Impl5_Add val inv13 (_x : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv13 _x } - axiom inv13 : [#"../hashmap.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global) . inv13 x = true + axiom inv13 : forall x : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global) . inv13 x = true use Hashmap_MyHashMap_Type as Hashmap_MyHashMap_Type predicate invariant12 (self : borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v)) val invariant12 (self : borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v)) : bool @@ -380,7 +380,7 @@ module Hashmap_Impl5_Add val inv12 (_x : borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v)) : bool ensures { result = inv12 _x } - axiom inv12 : [#"../hashmap.rs" 1 0 1 0] forall x : borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v) . inv12 x = true + axiom inv12 : forall x : borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v) . inv12 x = true predicate invariant11 (self : borrowed (Hashmap_List_Type.t_list (k, v))) val invariant11 (self : borrowed (Hashmap_List_Type.t_list (k, v))) : bool ensures { result = invariant11 self } @@ -389,7 +389,7 @@ module Hashmap_Impl5_Add val inv11 (_x : borrowed (Hashmap_List_Type.t_list (k, v))) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../hashmap.rs" 1 0 1 0] forall x : borrowed (Hashmap_List_Type.t_list (k, v)) . inv11 x = true + axiom inv11 : forall x : borrowed (Hashmap_List_Type.t_list (k, v)) . inv11 x = true predicate invariant10 (self : borrowed v) val invariant10 (self : borrowed v) : bool ensures { result = invariant10 self } @@ -398,7 +398,7 @@ module Hashmap_Impl5_Add val inv10 (_x : borrowed v) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../hashmap.rs" 1 0 1 0] forall x : borrowed v . inv10 x = true + axiom inv10 : forall x : borrowed v . inv10 x = true predicate invariant9 (self : borrowed k) val invariant9 (self : borrowed k) : bool ensures { result = invariant9 self } @@ -407,7 +407,7 @@ module Hashmap_Impl5_Add val inv9 (_x : borrowed k) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../hashmap.rs" 1 0 1 0] forall x : borrowed k . inv9 x = true + axiom inv9 : forall x : borrowed k . inv9 x = true predicate invariant8 (self : Hashmap_List_Type.t_list (k, v)) val invariant8 (self : Hashmap_List_Type.t_list (k, v)) : bool ensures { result = invariant8 self } @@ -416,7 +416,7 @@ module Hashmap_Impl5_Add val inv8 (_x : Hashmap_List_Type.t_list (k, v)) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../hashmap.rs" 1 0 1 0] forall x : Hashmap_List_Type.t_list (k, v) . inv8 x = true + axiom inv8 : forall x : Hashmap_List_Type.t_list (k, v) . inv8 x = true predicate invariant7 (self : v) val invariant7 (self : v) : bool ensures { result = invariant7 self } @@ -425,7 +425,7 @@ module Hashmap_Impl5_Add val inv7 (_x : v) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../hashmap.rs" 1 0 1 0] forall x : v . inv7 x = true + axiom inv7 : forall x : v . inv7 x = true predicate invariant6 (self : k) val invariant6 (self : k) : bool ensures { result = invariant6 self } @@ -434,7 +434,7 @@ module Hashmap_Impl5_Add val inv6 (_x : k) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../hashmap.rs" 1 0 1 0] forall x : k . inv6 x = true + axiom inv6 : forall x : k . inv6 x = true type deep_model_ty0 predicate invariant5 (self : deep_model_ty0) val invariant5 (self : deep_model_ty0) : bool @@ -444,7 +444,7 @@ module Hashmap_Impl5_Add val inv5 (_x : deep_model_ty0) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../hashmap.rs" 1 0 1 0] forall x : deep_model_ty0 . inv5 x = true + axiom inv5 : forall x : deep_model_ty0 . inv5 x = true use prelude.Ghost predicate invariant4 (self : Ghost.ghost_ty (borrowed (Hashmap_List_Type.t_list (k, v)))) val invariant4 (self : Ghost.ghost_ty (borrowed (Hashmap_List_Type.t_list (k, v)))) : bool @@ -454,7 +454,7 @@ module Hashmap_Impl5_Add val inv4 (_x : Ghost.ghost_ty (borrowed (Hashmap_List_Type.t_list (k, v)))) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../hashmap.rs" 1 0 1 0] forall x : Ghost.ghost_ty (borrowed (Hashmap_List_Type.t_list (k, v))) . inv4 x = true + axiom inv4 : forall x : Ghost.ghost_ty (borrowed (Hashmap_List_Type.t_list (k, v))) . inv4 x = true predicate invariant3 (self : borrowed (Hashmap_List_Type.t_list (k, v))) val invariant3 (self : borrowed (Hashmap_List_Type.t_list (k, v))) : bool ensures { result = invariant3 self } @@ -463,7 +463,7 @@ module Hashmap_Impl5_Add val inv3 (_x : borrowed (Hashmap_List_Type.t_list (k, v))) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../hashmap.rs" 1 0 1 0] forall x : borrowed (Hashmap_List_Type.t_list (k, v)) . inv3 x = true + axiom inv3 : forall x : borrowed (Hashmap_List_Type.t_list (k, v)) . inv3 x = true predicate invariant2 (self : Hashmap_List_Type.t_list (k, v)) val invariant2 (self : Hashmap_List_Type.t_list (k, v)) : bool ensures { result = invariant2 self } @@ -472,7 +472,7 @@ module Hashmap_Impl5_Add val inv2 (_x : Hashmap_List_Type.t_list (k, v)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../hashmap.rs" 1 0 1 0] forall x : Hashmap_List_Type.t_list (k, v) . inv2 x = true + axiom inv2 : forall x : Hashmap_List_Type.t_list (k, v) . inv2 x = true use prelude.Int use prelude.UIntSize let constant max0 : usize = [@vc:do_not_keep_trace] [@vc:sp] @@ -496,7 +496,7 @@ module Hashmap_Impl5_Add val invariant1 (self : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../hashmap.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global) . inv1 x = true + axiom inv1 : forall x : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global) . inv1 x = true predicate invariant0 (self : Ghost.ghost_ty (borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v))) val invariant0 (self : Ghost.ghost_ty (borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v))) : bool ensures { result = invariant0 self } @@ -505,7 +505,7 @@ module Hashmap_Impl5_Add val inv0 (_x : Ghost.ghost_ty (borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../hashmap.rs" 1 0 1 0] forall x : Ghost.ghost_ty (borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v)) . inv0 x = true + axiom inv0 : forall x : Ghost.ghost_ty (borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v)) . inv0 x = true use prelude.Mapping function deep_model0 (self : k) : deep_model_ty0 val deep_model0 (self : k) : deep_model_ty0 @@ -742,46 +742,46 @@ module Hashmap_Impl5_Add goto BB0 } BB0 { - old_self <- ([#"../hashmap.rs" 108 23 108 35] Ghost.new self); + [#"../hashmap.rs" 108 23 108 35] old_self <- ([#"../hashmap.rs" 108 23 108 35] Ghost.new self); goto BB1 } BB1 { assert { [@expl:type invariant] inv0 old_self }; assume { resolve0 old_self }; - length <- ([#"../hashmap.rs" 109 21 109 39] len0 ([#"../hashmap.rs" 109 21 109 39] Hashmap_MyHashMap_Type.myhashmap_buckets ( * self))); + [#"../hashmap.rs" 109 21 109 39] length <- ([#"../hashmap.rs" 109 21 109 39] len0 ([#"../hashmap.rs" 109 21 109 39] Hashmap_MyHashMap_Type.myhashmap_buckets ( * self))); goto BB2 } BB2 { - _13 <- ([#"../hashmap.rs" 110 27 110 37] hash0 ([#"../hashmap.rs" 110 27 110 37] key)); + [#"../hashmap.rs" 110 27 110 37] _13 <- ([#"../hashmap.rs" 110 27 110 37] hash0 ([#"../hashmap.rs" 110 27 110 37] key)); goto BB3 } BB3 { - _15 <- length; - _16 <- ([#"../hashmap.rs" 110 27 110 55] _15 = ([#"../hashmap.rs" 110 27 110 55] [#"../hashmap.rs" 110 27 110 55] (0 : usize))); + [#"../hashmap.rs" 110 49 110 55] _15 <- ([#"../hashmap.rs" 110 49 110 55] length); + [#"../hashmap.rs" 110 27 110 55] _16 <- ([#"../hashmap.rs" 110 27 110 55] _15 = ([#"../hashmap.rs" 110 27 110 55] [#"../hashmap.rs" 110 27 110 55] (0 : usize))); assert { [@expl:remainder by zero] [#"../hashmap.rs" 110 27 110 55] not _16 }; goto BB4 } BB4 { - index <- ([#"../hashmap.rs" 110 27 110 55] ([#"../hashmap.rs" 110 27 110 46] UIntSize.of_int (UInt64.to_int _13)) % _15); + [#"../hashmap.rs" 110 27 110 55] index <- ([#"../hashmap.rs" 110 27 110 55] ([#"../hashmap.rs" 110 27 110 46] UIntSize.of_int (UInt64.to_int _13)) % _15); _13 <- any uint64; _15 <- any usize; - _20 <- Borrow.borrow_mut (Hashmap_MyHashMap_Type.myhashmap_buckets ( * self)); - self <- { self with current = (let Hashmap_MyHashMap_Type.C_MyHashMap x0 = * self in Hashmap_MyHashMap_Type.C_MyHashMap ( ^ _20)) }; + [#"../hashmap.rs" 111 39 111 51] _20 <- Borrow.borrow_mut (Hashmap_MyHashMap_Type.myhashmap_buckets ( * self)); + [#"../hashmap.rs" 111 39 111 51] self <- { self with current = (let Hashmap_MyHashMap_Type.C_MyHashMap x0 = * self in Hashmap_MyHashMap_Type.C_MyHashMap ( ^ _20)) }; assume { inv1 ( ^ _20) }; - _19 <- ([#"../hashmap.rs" 111 39 111 58] index_mut0 _20 index); + [#"../hashmap.rs" 111 39 111 58] _19 <- ([#"../hashmap.rs" 111 39 111 58] index_mut0 _20 ([#"../hashmap.rs" 111 52 111 57] index)); _20 <- any borrowed (Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global)); goto BB5 } BB5 { - _18 <- Borrow.borrow_mut ( * _19); - _19 <- { _19 with current = ^ _18 }; + [#"../hashmap.rs" 111 34 111 58] _18 <- Borrow.borrow_mut ( * _19); + [#"../hashmap.rs" 111 34 111 58] _19 <- { _19 with current = ^ _18 }; assume { inv2 ( ^ _18) }; - l <- Borrow.borrow_mut ( * _18); - _18 <- { _18 with current = ^ l }; + [#"../hashmap.rs" 111 34 111 58] l <- Borrow.borrow_mut ( * _18); + [#"../hashmap.rs" 111 34 111 58] _18 <- { _18 with current = ^ l }; assume { inv2 ( ^ l) }; assert { [@expl:type invariant] inv3 _18 }; assume { resolve1 _18 }; - old_l <- ([#"../hashmap.rs" 112 20 112 29] Ghost.new l); + [#"../hashmap.rs" 112 20 112 29] old_l <- ([#"../hashmap.rs" 112 20 112 29] Ghost.new l); goto BB6 } BB6 { @@ -808,18 +808,18 @@ module Hashmap_Impl5_Add goto BB10 } BB10 { - k <- Borrow.borrow_mut (let (a, _) = Hashmap_List_Type.cons_0 ( * l) in a); - l <- { l with current = (let Hashmap_List_Type.C_Cons x0 x1 = * l in Hashmap_List_Type.C_Cons (let (x0, x1) = Hashmap_List_Type.cons_0 ( * l) in ( ^ k, x1)) x1) }; + [#"../hashmap.rs" 121 24 121 25] k <- Borrow.borrow_mut (let (a, _) = Hashmap_List_Type.cons_0 ( * l) in a); + [#"../hashmap.rs" 121 24 121 25] l <- { l with current = (let Hashmap_List_Type.C_Cons x0 x1 = * l in Hashmap_List_Type.C_Cons (let (x0, x1) = Hashmap_List_Type.cons_0 ( * l) in ( ^ k, x1)) x1) }; assume { inv6 ( ^ k) }; - v <- Borrow.borrow_mut (let (_, a) = Hashmap_List_Type.cons_0 ( * l) in a); - l <- { l with current = (let Hashmap_List_Type.C_Cons x0 x1 = * l in Hashmap_List_Type.C_Cons (let (x0, x1) = Hashmap_List_Type.cons_0 ( * l) in (x0, ^ v)) x1) }; + [#"../hashmap.rs" 121 27 121 28] v <- Borrow.borrow_mut (let (_, a) = Hashmap_List_Type.cons_0 ( * l) in a); + [#"../hashmap.rs" 121 27 121 28] l <- { l with current = (let Hashmap_List_Type.C_Cons x0 x1 = * l in Hashmap_List_Type.C_Cons (let (x0, x1) = Hashmap_List_Type.cons_0 ( * l) in (x0, ^ v)) x1) }; assume { inv7 ( ^ v) }; - tl <- Borrow.borrow_mut (Hashmap_List_Type.cons_1 ( * l)); - l <- { l with current = (let Hashmap_List_Type.C_Cons x0 x1 = * l in Hashmap_List_Type.C_Cons x0 ( ^ tl)) }; + [#"../hashmap.rs" 121 31 121 33] tl <- Borrow.borrow_mut (Hashmap_List_Type.cons_1 ( * l)); + [#"../hashmap.rs" 121 31 121 33] l <- { l with current = (let Hashmap_List_Type.C_Cons x0 x1 = * l in Hashmap_List_Type.C_Cons x0 ( ^ tl)) }; assume { inv8 ( ^ tl) }; - tl1 <- tl; - tl <- any borrowed (Hashmap_List_Type.t_list (k, v)); - _38 <- ([#"../hashmap.rs" 123 15 123 24] eq0 ([#"../hashmap.rs" 123 15 123 17] * k) ([#"../hashmap.rs" 123 21 123 24] key)); + [#"../hashmap.rs" 122 21 122 23] tl1 <- ([#"../hashmap.rs" 122 21 122 23] tl); + [#"../hashmap.rs" 122 21 122 23] tl <- any borrowed (Hashmap_List_Type.t_list (k, v)); + [#"../hashmap.rs" 123 15 123 24] _38 <- ([#"../hashmap.rs" 123 15 123 24] eq0 ([#"../hashmap.rs" 123 15 123 17] * k) ([#"../hashmap.rs" 123 21 123 24] key)); goto BB11 } BB11 { @@ -837,7 +837,7 @@ module Hashmap_Impl5_Add assume { resolve6 key }; assert { [@expl:type invariant] inv7 val' }; assume { resolve7 val' }; - v <- { v with current = val' }; + [#"../hashmap.rs" 124 16 124 24] v <- { v with current = ([#"../hashmap.rs" 124 21 124 24] val') }; assert { [@expl:type invariant] inv7 ( * v) }; assume { resolve7 ( * v) }; assert { [@expl:type invariant] inv10 v }; @@ -849,22 +849,22 @@ module Hashmap_Impl5_Add assert { [@expl:type invariant] inv12 self }; assume { resolve8 self }; assert { [@expl:assertion] [#"../hashmap.rs" 125 32 125 52] hashmap_inv0 ( * self) }; - _0 <- ([#"../hashmap.rs" 126 16 126 22] ()); + [#"../hashmap.rs" 126 16 126 22] _0 <- ([#"../hashmap.rs" 126 16 126 22] ()); goto BB20 } BB13 { assert { [@expl:type invariant] inv10 v }; assume { resolve4 v }; - _46 <- Borrow.borrow_mut ( * tl1); - tl1 <- { tl1 with current = ^ _46 }; + [#"../hashmap.rs" 128 16 128 25] _46 <- Borrow.borrow_mut ( * tl1); + [#"../hashmap.rs" 128 16 128 25] tl1 <- { tl1 with current = ^ _46 }; assume { inv2 ( ^ _46) }; - _45 <- Borrow.borrow_mut ( * _46); - _46 <- { _46 with current = ^ _45 }; + [#"../hashmap.rs" 128 16 128 25] _45 <- Borrow.borrow_mut ( * _46); + [#"../hashmap.rs" 128 16 128 25] _46 <- { _46 with current = ^ _45 }; assume { inv2 ( ^ _45) }; assert { [@expl:type invariant] inv3 l }; assume { resolve1 l }; - l <- _45; - _45 <- any borrowed (Hashmap_List_Type.t_list (k, v)); + [#"../hashmap.rs" 128 12 128 25] l <- ([#"../hashmap.rs" 128 12 128 25] _45); + [#"../hashmap.rs" 128 12 128 25] _45 <- any borrowed (Hashmap_List_Type.t_list (k, v)); assert { [@expl:type invariant] inv3 _46 }; assume { resolve1 _46 }; assert { [@expl:type invariant] inv11 tl1 }; @@ -885,7 +885,7 @@ module Hashmap_Impl5_Add goto BB17 } BB17 { - l <- { l with current = ([#"../hashmap.rs" 131 13 131 44] Hashmap_List_Type.C_Cons ([#"../hashmap.rs" 131 18 131 28] (key, val')) ([#"../hashmap.rs" 131 39 131 42] Hashmap_List_Type.C_Nil)) }; + [#"../hashmap.rs" 131 8 131 10] l <- { l with current = ([#"../hashmap.rs" 131 13 131 44] Hashmap_List_Type.C_Cons ([#"../hashmap.rs" 131 18 131 28] (([#"../hashmap.rs" 131 19 131 22] key), ([#"../hashmap.rs" 131 24 131 27] val'))) ([#"../hashmap.rs" 131 39 131 42] Hashmap_List_Type.C_Nil)) }; assert { [@expl:type invariant] inv2 ( * l) }; assume { resolve9 ( * l) }; assert { [@expl:type invariant] inv3 l }; @@ -898,7 +898,7 @@ module Hashmap_Impl5_Add assert { [@expl:type invariant] inv12 self }; assume { resolve8 self }; assert { [@expl:assertion] [#"../hashmap.rs" 133 24 133 44] hashmap_inv0 ( * self) }; - _0 <- ([#"../hashmap.rs" 106 42 134 5] ()); + [#"../hashmap.rs" 106 42 134 5] _0 <- ([#"../hashmap.rs" 106 42 134 5] ()); goto BB20 } BB20 { @@ -918,7 +918,7 @@ module Hashmap_Impl5_Get val inv12 (_x : deep_model_ty0) : bool ensures { result = inv12 _x } - axiom inv12 : [#"../hashmap.rs" 1 0 1 0] forall x : deep_model_ty0 . inv12 x = true + axiom inv12 : forall x : deep_model_ty0 . inv12 x = true predicate invariant11 (self : v) val invariant11 (self : v) : bool ensures { result = invariant11 self } @@ -927,7 +927,7 @@ module Hashmap_Impl5_Get val inv11 (_x : v) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../hashmap.rs" 1 0 1 0] forall x : v . inv11 x = true + axiom inv11 : forall x : v . inv11 x = true use Hashmap_List_Type as Hashmap_List_Type use seq.Seq predicate invariant10 (self : Seq.seq (Hashmap_List_Type.t_list (k, v))) @@ -938,7 +938,7 @@ module Hashmap_Impl5_Get val inv10 (_x : Seq.seq (Hashmap_List_Type.t_list (k, v))) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../hashmap.rs" 1 0 1 0] forall x : Seq.seq (Hashmap_List_Type.t_list (k, v)) . inv10 x = true + axiom inv10 : forall x : Seq.seq (Hashmap_List_Type.t_list (k, v)) . inv10 x = true use prelude.UIntSize use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -965,7 +965,7 @@ module Hashmap_Impl5_Get val invariant9 (self : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant9 self } - axiom inv9 : [#"../hashmap.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global) . inv9 x = true + axiom inv9 : forall x : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global) . inv9 x = true predicate invariant8 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant8 (self : usize) : bool @@ -975,7 +975,7 @@ module Hashmap_Impl5_Get val inv8 (_x : usize) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../hashmap.rs" 1 0 1 0] forall x : usize . inv8 x = true + axiom inv8 : forall x : usize . inv8 x = true predicate invariant7 (self : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global)) val invariant7 (self : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global)) : bool @@ -985,7 +985,7 @@ module Hashmap_Impl5_Get val inv7 (_x : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../hashmap.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global) . inv7 x = true + axiom inv7 : forall x : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global) . inv7 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant6 (self : Core_Option_Option_Type.t_option v) val invariant6 (self : Core_Option_Option_Type.t_option v) : bool @@ -995,7 +995,7 @@ module Hashmap_Impl5_Get val inv6 (_x : Core_Option_Option_Type.t_option v) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../hashmap.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option v . inv6 x = true + axiom inv6 : forall x : Core_Option_Option_Type.t_option v . inv6 x = true predicate invariant5 (self : k) val invariant5 (self : k) : bool ensures { result = invariant5 self } @@ -1004,7 +1004,7 @@ module Hashmap_Impl5_Get val inv5 (_x : k) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../hashmap.rs" 1 0 1 0] forall x : k . inv5 x = true + axiom inv5 : forall x : k . inv5 x = true predicate invariant4 (self : Hashmap_List_Type.t_list (k, v)) val invariant4 (self : Hashmap_List_Type.t_list (k, v)) : bool ensures { result = invariant4 self } @@ -1013,7 +1013,7 @@ module Hashmap_Impl5_Get val inv4 (_x : Hashmap_List_Type.t_list (k, v)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../hashmap.rs" 1 0 1 0] forall x : Hashmap_List_Type.t_list (k, v) . inv4 x = true + axiom inv4 : forall x : Hashmap_List_Type.t_list (k, v) . inv4 x = true predicate invariant3 (self : v) val invariant3 (self : v) : bool ensures { result = invariant3 self } @@ -1022,7 +1022,7 @@ module Hashmap_Impl5_Get val inv3 (_x : v) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../hashmap.rs" 1 0 1 0] forall x : v . inv3 x = true + axiom inv3 : forall x : v . inv3 x = true predicate invariant2 (self : k) val invariant2 (self : k) : bool ensures { result = invariant2 self } @@ -1031,7 +1031,7 @@ module Hashmap_Impl5_Get val inv2 (_x : k) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../hashmap.rs" 1 0 1 0] forall x : k . inv2 x = true + axiom inv2 : forall x : k . inv2 x = true predicate invariant1 (self : Hashmap_List_Type.t_list (k, v)) val invariant1 (self : Hashmap_List_Type.t_list (k, v)) : bool ensures { result = invariant1 self } @@ -1040,7 +1040,7 @@ module Hashmap_Impl5_Get val inv1 (_x : Hashmap_List_Type.t_list (k, v)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../hashmap.rs" 1 0 1 0] forall x : Hashmap_List_Type.t_list (k, v) . inv1 x = true + axiom inv1 : forall x : Hashmap_List_Type.t_list (k, v) . inv1 x = true use Hashmap_MyHashMap_Type as Hashmap_MyHashMap_Type predicate invariant0 (self : Hashmap_MyHashMap_Type.t_myhashmap k v) val invariant0 (self : Hashmap_MyHashMap_Type.t_myhashmap k v) : bool @@ -1050,7 +1050,7 @@ module Hashmap_Impl5_Get val inv0 (_x : Hashmap_MyHashMap_Type.t_myhashmap k v) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../hashmap.rs" 1 0 1 0] forall x : Hashmap_MyHashMap_Type.t_myhashmap k v . inv0 x = true + axiom inv0 : forall x : Hashmap_MyHashMap_Type.t_myhashmap k v . inv0 x = true use map.Map use prelude.Mapping function deep_model0 (self : k) : deep_model_ty0 @@ -1234,29 +1234,29 @@ module Hashmap_Impl5_Get goto BB0 } BB0 { - _8 <- ([#"../hashmap.rs" 142 27 142 37] hash0 ([#"../hashmap.rs" 142 27 142 37] key)); + [#"../hashmap.rs" 142 27 142 37] _8 <- ([#"../hashmap.rs" 142 27 142 37] hash0 ([#"../hashmap.rs" 142 27 142 37] key)); goto BB1 } BB1 { - _10 <- ([#"../hashmap.rs" 142 49 142 67] len0 ([#"../hashmap.rs" 142 49 142 67] Hashmap_MyHashMap_Type.myhashmap_buckets self)); + [#"../hashmap.rs" 142 49 142 67] _10 <- ([#"../hashmap.rs" 142 49 142 67] len0 ([#"../hashmap.rs" 142 49 142 67] Hashmap_MyHashMap_Type.myhashmap_buckets self)); goto BB2 } BB2 { - _12 <- ([#"../hashmap.rs" 142 27 142 67] _10 = ([#"../hashmap.rs" 142 27 142 67] [#"../hashmap.rs" 142 27 142 67] (0 : usize))); + [#"../hashmap.rs" 142 27 142 67] _12 <- ([#"../hashmap.rs" 142 27 142 67] _10 = ([#"../hashmap.rs" 142 27 142 67] [#"../hashmap.rs" 142 27 142 67] (0 : usize))); assert { [@expl:remainder by zero] [#"../hashmap.rs" 142 27 142 67] not _12 }; goto BB3 } BB3 { - index <- ([#"../hashmap.rs" 142 27 142 67] ([#"../hashmap.rs" 142 27 142 46] UIntSize.of_int (UInt64.to_int _8)) % _10); + [#"../hashmap.rs" 142 27 142 67] index <- ([#"../hashmap.rs" 142 27 142 67] ([#"../hashmap.rs" 142 27 142 46] UIntSize.of_int (UInt64.to_int _8)) % _10); _8 <- any uint64; _10 <- any usize; assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _14 <- ([#"../hashmap.rs" 143 21 143 40] index0 ([#"../hashmap.rs" 143 21 143 33] Hashmap_MyHashMap_Type.myhashmap_buckets self) index); + [#"../hashmap.rs" 143 21 143 40] _14 <- ([#"../hashmap.rs" 143 21 143 40] index0 ([#"../hashmap.rs" 143 21 143 33] Hashmap_MyHashMap_Type.myhashmap_buckets self) ([#"../hashmap.rs" 143 34 143 39] index)); goto BB4 } BB4 { - l <- ([#"../hashmap.rs" 143 20 143 40] _14); + [#"../hashmap.rs" 143 20 143 40] l <- ([#"../hashmap.rs" 143 20 143 40] _14); assert { [@expl:type invariant] inv1 _14 }; assume { resolve1 _14 }; goto BB5 @@ -1275,14 +1275,14 @@ module Hashmap_Impl5_Get goto BB8 } BB8 { - k <- ([#"../hashmap.rs" 146 30 146 31] let (a, _) = Hashmap_List_Type.cons_0 l in a); - v <- ([#"../hashmap.rs" 146 33 146 34] let (_, a) = Hashmap_List_Type.cons_0 l in a); - tl <- ([#"../hashmap.rs" 146 37 146 39] Hashmap_List_Type.cons_1 l); + [#"../hashmap.rs" 146 30 146 31] k <- ([#"../hashmap.rs" 146 30 146 31] let (a, _) = Hashmap_List_Type.cons_0 l in a); + [#"../hashmap.rs" 146 33 146 34] v <- ([#"../hashmap.rs" 146 33 146 34] let (_, a) = Hashmap_List_Type.cons_0 l in a); + [#"../hashmap.rs" 146 37 146 39] tl <- ([#"../hashmap.rs" 146 37 146 39] Hashmap_List_Type.cons_1 l); assert { [@expl:type invariant] inv1 l }; assume { resolve1 l }; assert { [@expl:type invariant] inv2 k }; assume { resolve2 k }; - _25 <- ([#"../hashmap.rs" 147 15 147 24] eq0 ([#"../hashmap.rs" 147 15 147 17] k) ([#"../hashmap.rs" 147 21 147 24] key)); + [#"../hashmap.rs" 147 15 147 24] _25 <- ([#"../hashmap.rs" 147 15 147 24] eq0 ([#"../hashmap.rs" 147 15 147 17] k) ([#"../hashmap.rs" 147 21 147 24] key)); goto BB9 } BB9 { @@ -1298,18 +1298,18 @@ module Hashmap_Impl5_Get assume { resolve5 key }; assert { [@expl:type invariant] inv3 v }; assume { resolve3 v }; - _0 <- ([#"../hashmap.rs" 148 23 148 30] Core_Option_Option_Type.C_Some ([#"../hashmap.rs" 148 28 148 29] v)); + [#"../hashmap.rs" 148 23 148 30] _0 <- ([#"../hashmap.rs" 148 23 148 30] Core_Option_Option_Type.C_Some ([#"../hashmap.rs" 148 28 148 29] v)); goto BB13 } BB11 { assert { [@expl:type invariant] inv3 v }; assume { resolve3 v }; - _31 <- ([#"../hashmap.rs" 150 16 150 21] tl); + [#"../hashmap.rs" 150 16 150 21] _31 <- ([#"../hashmap.rs" 150 16 150 21] tl); assert { [@expl:type invariant] inv4 tl }; assume { resolve4 tl }; assert { [@expl:type invariant] inv1 _31 }; assume { resolve1 _31 }; - l <- ([#"../hashmap.rs" 150 16 150 21] _31); + [#"../hashmap.rs" 150 12 150 21] l <- ([#"../hashmap.rs" 150 16 150 21] _31); goto BB5 } BB12 { @@ -1317,7 +1317,7 @@ module Hashmap_Impl5_Get assume { resolve1 l }; assert { [@expl:type invariant] inv5 key }; assume { resolve5 key }; - _0 <- ([#"../hashmap.rs" 152 15 152 19] Core_Option_Option_Type.C_None); + [#"../hashmap.rs" 152 15 152 19] _0 <- ([#"../hashmap.rs" 152 15 152 19] Core_Option_Option_Type.C_None); goto BB13 } BB13 { @@ -1338,7 +1338,7 @@ module Hashmap_Impl5_Resize val inv13 (_x : usize) : bool ensures { result = inv13 _x } - axiom inv13 : [#"../hashmap.rs" 1 0 1 0] forall x : usize . inv13 x = true + axiom inv13 : forall x : usize . inv13 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Hashmap_List_Type as Hashmap_List_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -1353,7 +1353,7 @@ module Hashmap_Impl5_Resize val inv12 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv12 _x } - axiom inv12 : [#"../hashmap.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global)) . inv12 x = true + axiom inv12 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global)) . inv12 x = true use seq.Seq predicate invariant11 (self : Seq.seq (Hashmap_List_Type.t_list (k, v))) val invariant11 (self : Seq.seq (Hashmap_List_Type.t_list (k, v))) : bool @@ -1363,7 +1363,7 @@ module Hashmap_Impl5_Resize val inv11 (_x : Seq.seq (Hashmap_List_Type.t_list (k, v))) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../hashmap.rs" 1 0 1 0] forall x : Seq.seq (Hashmap_List_Type.t_list (k, v)) . inv11 x = true + axiom inv11 : forall x : Seq.seq (Hashmap_List_Type.t_list (k, v)) . inv11 x = true predicate invariant10 (self : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global)) val invariant10 (self : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global)) : bool @@ -1373,7 +1373,7 @@ module Hashmap_Impl5_Resize val inv10 (_x : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../hashmap.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global) . inv10 x = true + axiom inv10 : forall x : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global) . inv10 x = true predicate invariant9 (self : Hashmap_List_Type.t_list (k, v)) val invariant9 (self : Hashmap_List_Type.t_list (k, v)) : bool ensures { result = invariant9 self } @@ -1382,7 +1382,7 @@ module Hashmap_Impl5_Resize val inv9 (_x : Hashmap_List_Type.t_list (k, v)) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../hashmap.rs" 1 0 1 0] forall x : Hashmap_List_Type.t_list (k, v) . inv9 x = true + axiom inv9 : forall x : Hashmap_List_Type.t_list (k, v) . inv9 x = true predicate invariant8 (self : v) val invariant8 (self : v) : bool ensures { result = invariant8 self } @@ -1391,7 +1391,7 @@ module Hashmap_Impl5_Resize val inv8 (_x : v) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../hashmap.rs" 1 0 1 0] forall x : v . inv8 x = true + axiom inv8 : forall x : v . inv8 x = true predicate invariant7 (self : k) val invariant7 (self : k) : bool ensures { result = invariant7 self } @@ -1400,7 +1400,7 @@ module Hashmap_Impl5_Resize val inv7 (_x : k) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../hashmap.rs" 1 0 1 0] forall x : k . inv7 x = true + axiom inv7 : forall x : k . inv7 x = true predicate invariant6 (self : borrowed (Hashmap_List_Type.t_list (k, v))) val invariant6 (self : borrowed (Hashmap_List_Type.t_list (k, v))) : bool ensures { result = invariant6 self } @@ -1409,7 +1409,7 @@ module Hashmap_Impl5_Resize val inv6 (_x : borrowed (Hashmap_List_Type.t_list (k, v))) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../hashmap.rs" 1 0 1 0] forall x : borrowed (Hashmap_List_Type.t_list (k, v)) . inv6 x = true + axiom inv6 : forall x : borrowed (Hashmap_List_Type.t_list (k, v)) . inv6 x = true predicate invariant5 (self : Hashmap_List_Type.t_list (k, v)) val invariant5 (self : Hashmap_List_Type.t_list (k, v)) : bool ensures { result = invariant5 self } @@ -1418,7 +1418,7 @@ module Hashmap_Impl5_Resize val inv5 (_x : Hashmap_List_Type.t_list (k, v)) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../hashmap.rs" 1 0 1 0] forall x : Hashmap_List_Type.t_list (k, v) . inv5 x = true + axiom inv5 : forall x : Hashmap_List_Type.t_list (k, v) . inv5 x = true use prelude.Int use prelude.UIntSize let constant max0 : usize = [@vc:do_not_keep_trace] [@vc:sp] @@ -1442,7 +1442,7 @@ module Hashmap_Impl5_Resize val invariant4 (self : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant4 self } - axiom inv4 : [#"../hashmap.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global) . inv4 x = true + axiom inv4 : forall x : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global) . inv4 x = true use Hashmap_MyHashMap_Type as Hashmap_MyHashMap_Type predicate invariant3 (self : borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v)) val invariant3 (self : borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v)) : bool @@ -1452,7 +1452,7 @@ module Hashmap_Impl5_Resize val inv3 (_x : borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../hashmap.rs" 1 0 1 0] forall x : borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v) . inv3 x = true + axiom inv3 : forall x : borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v) . inv3 x = true predicate invariant2 (self : Hashmap_MyHashMap_Type.t_myhashmap k v) val invariant2 (self : Hashmap_MyHashMap_Type.t_myhashmap k v) : bool ensures { result = invariant2 self } @@ -1461,7 +1461,7 @@ module Hashmap_Impl5_Resize val inv2 (_x : Hashmap_MyHashMap_Type.t_myhashmap k v) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../hashmap.rs" 1 0 1 0] forall x : Hashmap_MyHashMap_Type.t_myhashmap k v . inv2 x = true + axiom inv2 : forall x : Hashmap_MyHashMap_Type.t_myhashmap k v . inv2 x = true type deep_model_ty0 predicate invariant1 (self : deep_model_ty0) val invariant1 (self : deep_model_ty0) : bool @@ -1471,7 +1471,7 @@ module Hashmap_Impl5_Resize val inv1 (_x : deep_model_ty0) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../hashmap.rs" 1 0 1 0] forall x : deep_model_ty0 . inv1 x = true + axiom inv1 : forall x : deep_model_ty0 . inv1 x = true use prelude.Ghost predicate invariant0 (self : Ghost.ghost_ty (borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v))) val invariant0 (self : Ghost.ghost_ty (borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v))) : bool @@ -1481,7 +1481,7 @@ module Hashmap_Impl5_Resize val inv0 (_x : Ghost.ghost_ty (borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../hashmap.rs" 1 0 1 0] forall x : Ghost.ghost_ty (borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v)) . inv0 x = true + axiom inv0 : forall x : Ghost.ghost_ty (borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v)) . inv0 x = true use prelude.Mapping function deep_model0 (self : k) : deep_model_ty0 val deep_model0 (self : k) : deep_model_ty0 @@ -1720,22 +1720,22 @@ module Hashmap_Impl5_Resize goto BB0 } BB0 { - old_self <- ([#"../hashmap.rs" 162 23 162 35] Ghost.new self); + [#"../hashmap.rs" 162 23 162 35] old_self <- ([#"../hashmap.rs" 162 23 162 35] Ghost.new self); goto BB1 } BB1 { assert { [@expl:type invariant] inv0 old_self }; assume { resolve0 old_self }; - _10 <- ([#"../hashmap.rs" 163 32 163 50] len0 ([#"../hashmap.rs" 163 32 163 50] Hashmap_MyHashMap_Type.myhashmap_buckets ( * self))); + [#"../hashmap.rs" 163 32 163 50] _10 <- ([#"../hashmap.rs" 163 32 163 50] len0 ([#"../hashmap.rs" 163 32 163 50] Hashmap_MyHashMap_Type.myhashmap_buckets ( * self))); goto BB2 } BB2 { - new <- ([#"../hashmap.rs" 163 22 163 55] new1 ([#"../hashmap.rs" 163 32 163 54] _10 * ([#"../hashmap.rs" 163 53 163 54] [#"../hashmap.rs" 163 53 163 54] (2 : usize)))); + [#"../hashmap.rs" 163 22 163 55] new <- ([#"../hashmap.rs" 163 22 163 55] new1 ([#"../hashmap.rs" 163 32 163 54] _10 * ([#"../hashmap.rs" 163 53 163 54] [#"../hashmap.rs" 163 53 163 54] (2 : usize)))); _10 <- any usize; goto BB3 } BB3 { - i <- ([#"../hashmap.rs" 165 27 165 28] [#"../hashmap.rs" 165 27 165 28] (0 : usize)); + [#"../hashmap.rs" 165 27 165 28] i <- ([#"../hashmap.rs" 165 27 165 28] [#"../hashmap.rs" 165 27 165 28] (0 : usize)); goto BB4 } BB4 { @@ -1755,31 +1755,31 @@ module Hashmap_Impl5_Resize goto BB7 } BB7 { - _24 <- ([#"../hashmap.rs" 176 18 176 36] len0 ([#"../hashmap.rs" 176 18 176 36] Hashmap_MyHashMap_Type.myhashmap_buckets ( * self))); + [#"../hashmap.rs" 176 18 176 36] _24 <- ([#"../hashmap.rs" 176 18 176 36] len0 ([#"../hashmap.rs" 176 18 176 36] Hashmap_MyHashMap_Type.myhashmap_buckets ( * self))); goto BB8 } BB8 { - switch ([#"../hashmap.rs" 176 14 176 36] i < _24) + switch ([#"../hashmap.rs" 176 14 176 36] ([#"../hashmap.rs" 176 14 176 15] i) < _24) | False -> goto BB29 | True -> goto BB9 end } BB9 { - _30 <- Borrow.borrow_mut (Hashmap_MyHashMap_Type.myhashmap_buckets ( * self)); - self <- { self with current = (let Hashmap_MyHashMap_Type.C_MyHashMap x0 = * self in Hashmap_MyHashMap_Type.C_MyHashMap ( ^ _30)) }; + [#"../hashmap.rs" 177 56 177 68] _30 <- Borrow.borrow_mut (Hashmap_MyHashMap_Type.myhashmap_buckets ( * self)); + [#"../hashmap.rs" 177 56 177 68] self <- { self with current = (let Hashmap_MyHashMap_Type.C_MyHashMap x0 = * self in Hashmap_MyHashMap_Type.C_MyHashMap ( ^ _30)) }; assume { inv4 ( ^ _30) }; - _29 <- ([#"../hashmap.rs" 177 56 177 71] index_mut0 _30 i); + [#"../hashmap.rs" 177 56 177 71] _29 <- ([#"../hashmap.rs" 177 56 177 71] index_mut0 _30 ([#"../hashmap.rs" 177 69 177 70] i)); _30 <- any borrowed (Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (k, v)) (Alloc_Alloc_Global_Type.t_global)); goto BB10 } BB10 { - _28 <- Borrow.borrow_mut ( * _29); - _29 <- { _29 with current = ^ _28 }; + [#"../hashmap.rs" 177 51 177 71] _28 <- Borrow.borrow_mut ( * _29); + [#"../hashmap.rs" 177 51 177 71] _29 <- { _29 with current = ^ _28 }; assume { inv5 ( ^ _28) }; - _27 <- Borrow.borrow_mut ( * _28); - _28 <- { _28 with current = ^ _27 }; + [#"../hashmap.rs" 177 51 177 71] _27 <- Borrow.borrow_mut ( * _28); + [#"../hashmap.rs" 177 51 177 71] _28 <- { _28 with current = ^ _27 }; assume { inv5 ( ^ _27) }; - l <- ([#"../hashmap.rs" 177 33 177 83] replace0 _27 ([#"../hashmap.rs" 177 73 177 82] Hashmap_List_Type.C_Nil)); + [#"../hashmap.rs" 177 33 177 83] l <- ([#"../hashmap.rs" 177 33 177 83] replace0 _27 ([#"../hashmap.rs" 177 73 177 82] Hashmap_List_Type.C_Nil)); _27 <- any borrowed (Hashmap_List_Type.t_list (k, v)); goto BB11 } @@ -1827,20 +1827,20 @@ module Hashmap_Impl5_Resize goto BB20 } BB20 { - k <- (let (a, _) = Hashmap_List_Type.cons_0 l in a); - v <- (let (_, a) = Hashmap_List_Type.cons_0 l in a); - tl <- Hashmap_List_Type.cons_1 l; - l <- (let Hashmap_List_Type.C_Cons x0 x1 = l in Hashmap_List_Type.C_Cons x0 (any Hashmap_List_Type.t_list (k, v))); + [#"../hashmap.rs" 188 34 188 35] k <- ([#"../hashmap.rs" 188 34 188 35] let (a, _) = Hashmap_List_Type.cons_0 l in a); + [#"../hashmap.rs" 188 37 188 38] v <- ([#"../hashmap.rs" 188 37 188 38] let (_, a) = Hashmap_List_Type.cons_0 l in a); + [#"../hashmap.rs" 188 41 188 43] tl <- ([#"../hashmap.rs" 188 41 188 43] Hashmap_List_Type.cons_1 l); + [#"../hashmap.rs" 188 41 188 43] l <- (let Hashmap_List_Type.C_Cons x0 x1 = l in Hashmap_List_Type.C_Cons x0 (any Hashmap_List_Type.t_list (k, v))); assert { [@expl:type invariant] inv5 l }; assume { resolve4 l }; - _45 <- Borrow.borrow_mut new; - new <- ^ _45; + [#"../hashmap.rs" 189 16 189 29] _45 <- Borrow.borrow_mut new; + [#"../hashmap.rs" 189 16 189 29] new <- ^ _45; assume { inv2 ( ^ _45) }; assert { [@expl:type invariant] inv7 k }; assume { resolve5 k }; assert { [@expl:type invariant] inv8 v }; assume { resolve6 v }; - _44 <- ([#"../hashmap.rs" 189 16 189 29] add0 _45 k v); + [#"../hashmap.rs" 189 16 189 29] _44 <- ([#"../hashmap.rs" 189 16 189 29] add0 _45 ([#"../hashmap.rs" 189 24 189 25] k) ([#"../hashmap.rs" 189 27 189 28] v)); _45 <- any borrowed (Hashmap_MyHashMap_Type.t_myhashmap k v); goto BB21 } @@ -1850,12 +1850,12 @@ module Hashmap_Impl5_Resize goto BB22 } BB22 { - l <- tl; - tl <- any Hashmap_List_Type.t_list (k, v); + [#"../hashmap.rs" 190 16 190 17] l <- ([#"../hashmap.rs" 190 20 190 23] tl); + [#"../hashmap.rs" 190 20 190 23] tl <- any Hashmap_List_Type.t_list (k, v); goto BB24 } BB24 { - _21 <- ([#"../hashmap.rs" 188 49 191 13] ()); + [#"../hashmap.rs" 188 49 191 13] _21 <- ([#"../hashmap.rs" 188 49 191 13] ()); goto BB26 } BB25 { @@ -1868,8 +1868,8 @@ module Hashmap_Impl5_Resize goto BB17 } BB27 { - i <- ([#"../hashmap.rs" 193 12 193 18] i + ([#"../hashmap.rs" 193 17 193 18] [#"../hashmap.rs" 193 17 193 18] (1 : usize))); - _21 <- ([#"../hashmap.rs" 176 37 194 9] ()); + [#"../hashmap.rs" 193 12 193 18] i <- ([#"../hashmap.rs" 193 12 193 18] i + ([#"../hashmap.rs" 193 17 193 18] [#"../hashmap.rs" 193 17 193 18] (1 : usize))); + [#"../hashmap.rs" 176 37 194 9] _21 <- ([#"../hashmap.rs" 176 37 194 9] ()); goto BB28 } BB28 { @@ -1879,8 +1879,8 @@ module Hashmap_Impl5_Resize goto BB30 } BB30 { - self <- { self with current = new }; - new <- any Hashmap_MyHashMap_Type.t_myhashmap k v; + [#"../hashmap.rs" 196 8 196 13] self <- { self with current = ([#"../hashmap.rs" 196 16 196 19] new) }; + [#"../hashmap.rs" 196 16 196 19] new <- any Hashmap_MyHashMap_Type.t_myhashmap k v; assert { [@expl:type invariant] inv2 ( * self) }; assume { resolve1 ( * self) }; assert { [@expl:type invariant] inv3 self }; @@ -1888,7 +1888,7 @@ module Hashmap_Impl5_Resize goto BB32 } BB32 { - _0 <- ([#"../hashmap.rs" 161 25 197 5] ()); + [#"../hashmap.rs" 161 25 197 5] _0 <- ([#"../hashmap.rs" 161 25 197 5] ()); goto BB33 } BB33 { @@ -1910,7 +1910,7 @@ module Hashmap_Main val inv8 (_x : Seq.seq (Hashmap_List_Type.t_list (usize, isize))) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../hashmap.rs" 1 0 1 0] forall x : Seq.seq (Hashmap_List_Type.t_list (usize, isize)) . inv8 x = true + axiom inv8 : forall x : Seq.seq (Hashmap_List_Type.t_list (usize, isize)) . inv8 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -1937,7 +1937,7 @@ module Hashmap_Main val invariant7 (self : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (usize, isize)) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant7 self } - axiom inv7 : [#"../hashmap.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (usize, isize)) (Alloc_Alloc_Global_Type.t_global) . inv7 x = true + axiom inv7 : forall x : Alloc_Vec_Vec_Type.t_vec (Hashmap_List_Type.t_list (usize, isize)) (Alloc_Alloc_Global_Type.t_global) . inv7 x = true predicate invariant6 (self : isize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant6 (self : isize) : bool @@ -1947,7 +1947,7 @@ module Hashmap_Main val inv6 (_x : isize) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../hashmap.rs" 1 0 1 0] forall x : isize . inv6 x = true + axiom inv6 : forall x : isize . inv6 x = true use Hashmap_MyHashMap_Type as Hashmap_MyHashMap_Type use prelude.Borrow predicate invariant5 (self : borrowed (Hashmap_MyHashMap_Type.t_myhashmap usize isize)) = @@ -1959,7 +1959,7 @@ module Hashmap_Main val inv5 (_x : borrowed (Hashmap_MyHashMap_Type.t_myhashmap usize isize)) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../hashmap.rs" 1 0 1 0] forall x : borrowed (Hashmap_MyHashMap_Type.t_myhashmap usize isize) . inv5 x = true + axiom inv5 : forall x : borrowed (Hashmap_MyHashMap_Type.t_myhashmap usize isize) . inv5 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant4 (self : Core_Option_Option_Type.t_option isize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1970,7 +1970,7 @@ module Hashmap_Main val inv4 (_x : Core_Option_Option_Type.t_option isize) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../hashmap.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option isize . inv4 x = true + axiom inv4 : forall x : Core_Option_Option_Type.t_option isize . inv4 x = true predicate invariant3 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : usize) : bool @@ -1980,7 +1980,7 @@ module Hashmap_Main val inv3 (_x : usize) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../hashmap.rs" 1 0 1 0] forall x : usize . inv3 x = true + axiom inv3 : forall x : usize . inv3 x = true predicate invariant2 (self : Hashmap_MyHashMap_Type.t_myhashmap usize isize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : Hashmap_MyHashMap_Type.t_myhashmap usize isize) : bool @@ -1990,7 +1990,7 @@ module Hashmap_Main val inv2 (_x : Hashmap_MyHashMap_Type.t_myhashmap usize isize) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../hashmap.rs" 1 0 1 0] forall x : Hashmap_MyHashMap_Type.t_myhashmap usize isize . inv2 x = true + axiom inv2 : forall x : Hashmap_MyHashMap_Type.t_myhashmap usize isize . inv2 x = true predicate invariant1 (self : Hashmap_MyHashMap_Type.t_myhashmap usize isize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : Hashmap_MyHashMap_Type.t_myhashmap usize isize) : bool @@ -2000,7 +2000,7 @@ module Hashmap_Main val inv1 (_x : Hashmap_MyHashMap_Type.t_myhashmap usize isize) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../hashmap.rs" 1 0 1 0] forall x : Hashmap_MyHashMap_Type.t_myhashmap usize isize . inv1 x = true + axiom inv1 : forall x : Hashmap_MyHashMap_Type.t_myhashmap usize isize . inv1 x = true use prelude.Int predicate invariant0 (self : int) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -2011,7 +2011,7 @@ module Hashmap_Main val inv0 (_x : int) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../hashmap.rs" 1 0 1 0] forall x : int . inv0 x = true + axiom inv0 : forall x : int . inv0 x = true use map.Map use prelude.Mapping function deep_model0 (self : usize) : int = @@ -2156,93 +2156,93 @@ module Hashmap_Main goto BB0 } BB0 { - h1 <- ([#"../hashmap.rs" 224 42 224 60] new0 ([#"../hashmap.rs" 224 57 224 59] [#"../hashmap.rs" 224 57 224 59] (17 : usize))); + [#"../hashmap.rs" 224 42 224 60] h1 <- ([#"../hashmap.rs" 224 42 224 60] new0 ([#"../hashmap.rs" 224 57 224 59] [#"../hashmap.rs" 224 57 224 59] (17 : usize))); goto BB1 } BB1 { - h2 <- ([#"../hashmap.rs" 225 42 225 60] new0 ([#"../hashmap.rs" 225 57 225 59] [#"../hashmap.rs" 225 57 225 59] (42 : usize))); + [#"../hashmap.rs" 225 42 225 60] h2 <- ([#"../hashmap.rs" 225 42 225 60] new0 ([#"../hashmap.rs" 225 57 225 59] [#"../hashmap.rs" 225 57 225 59] (42 : usize))); goto BB2 } BB2 { - _x <- ([#"../hashmap.rs" 226 17 226 26] get0 ([#"../hashmap.rs" 226 17 226 26] h1) ([#"../hashmap.rs" 226 24 226 25] [#"../hashmap.rs" 226 24 226 25] (1 : usize))); + [#"../hashmap.rs" 226 17 226 26] _x <- ([#"../hashmap.rs" 226 17 226 26] get0 ([#"../hashmap.rs" 226 17 226 26] h1) ([#"../hashmap.rs" 226 24 226 25] [#"../hashmap.rs" 226 24 226 25] (1 : usize))); goto BB3 } BB3 { - _y <- ([#"../hashmap.rs" 227 17 227 26] get0 ([#"../hashmap.rs" 227 17 227 26] h1) ([#"../hashmap.rs" 227 24 227 25] [#"../hashmap.rs" 227 24 227 25] (2 : usize))); + [#"../hashmap.rs" 227 17 227 26] _y <- ([#"../hashmap.rs" 227 17 227 26] get0 ([#"../hashmap.rs" 227 17 227 26] h1) ([#"../hashmap.rs" 227 24 227 25] [#"../hashmap.rs" 227 24 227 25] (2 : usize))); goto BB4 } BB4 { - _z <- ([#"../hashmap.rs" 228 17 228 26] get0 ([#"../hashmap.rs" 228 17 228 26] h2) ([#"../hashmap.rs" 228 24 228 25] [#"../hashmap.rs" 228 24 228 25] (1 : usize))); + [#"../hashmap.rs" 228 17 228 26] _z <- ([#"../hashmap.rs" 228 17 228 26] get0 ([#"../hashmap.rs" 228 17 228 26] h2) ([#"../hashmap.rs" 228 24 228 25] [#"../hashmap.rs" 228 24 228 25] (1 : usize))); goto BB5 } BB5 { - _t <- ([#"../hashmap.rs" 229 17 229 26] get0 ([#"../hashmap.rs" 229 17 229 26] h2) ([#"../hashmap.rs" 229 24 229 25] [#"../hashmap.rs" 229 24 229 25] (2 : usize))); + [#"../hashmap.rs" 229 17 229 26] _t <- ([#"../hashmap.rs" 229 17 229 26] get0 ([#"../hashmap.rs" 229 17 229 26] h2) ([#"../hashmap.rs" 229 24 229 25] [#"../hashmap.rs" 229 24 229 25] (2 : usize))); goto BB6 } BB6 { - _12 <- Borrow.borrow_mut h1; - h1 <- ^ _12; - _11 <- ([#"../hashmap.rs" 233 4 233 17] add0 _12 ([#"../hashmap.rs" 233 11 233 12] [#"../hashmap.rs" 233 11 233 12] (1 : usize)) ([#"../hashmap.rs" 233 14 233 16] [#"../hashmap.rs" 233 14 233 16] (17 : isize))); + [#"../hashmap.rs" 233 4 233 17] _12 <- Borrow.borrow_mut h1; + [#"../hashmap.rs" 233 4 233 17] h1 <- ^ _12; + [#"../hashmap.rs" 233 4 233 17] _11 <- ([#"../hashmap.rs" 233 4 233 17] add0 _12 ([#"../hashmap.rs" 233 11 233 12] [#"../hashmap.rs" 233 11 233 12] (1 : usize)) ([#"../hashmap.rs" 233 14 233 16] [#"../hashmap.rs" 233 14 233 16] (17 : isize))); _12 <- any borrowed (Hashmap_MyHashMap_Type.t_myhashmap usize isize); goto BB7 } BB7 { - _13 <- ([#"../hashmap.rs" 234 9 234 18] get0 ([#"../hashmap.rs" 234 9 234 18] h1) ([#"../hashmap.rs" 234 16 234 17] [#"../hashmap.rs" 234 16 234 17] (1 : usize))); + [#"../hashmap.rs" 234 9 234 18] _13 <- ([#"../hashmap.rs" 234 9 234 18] get0 ([#"../hashmap.rs" 234 9 234 18] h1) ([#"../hashmap.rs" 234 16 234 17] [#"../hashmap.rs" 234 16 234 17] (1 : usize))); goto BB8 } BB8 { - _x <- _13; - _13 <- any Core_Option_Option_Type.t_option isize; - _15 <- ([#"../hashmap.rs" 235 9 235 18] get0 ([#"../hashmap.rs" 235 9 235 18] h1) ([#"../hashmap.rs" 235 16 235 17] [#"../hashmap.rs" 235 16 235 17] (2 : usize))); + [#"../hashmap.rs" 234 4 234 18] _x <- ([#"../hashmap.rs" 234 4 234 18] _13); + [#"../hashmap.rs" 234 4 234 18] _13 <- any Core_Option_Option_Type.t_option isize; + [#"../hashmap.rs" 235 9 235 18] _15 <- ([#"../hashmap.rs" 235 9 235 18] get0 ([#"../hashmap.rs" 235 9 235 18] h1) ([#"../hashmap.rs" 235 16 235 17] [#"../hashmap.rs" 235 16 235 17] (2 : usize))); goto BB9 } BB9 { - _y <- _15; - _15 <- any Core_Option_Option_Type.t_option isize; - _17 <- ([#"../hashmap.rs" 236 9 236 18] get0 ([#"../hashmap.rs" 236 9 236 18] h2) ([#"../hashmap.rs" 236 16 236 17] [#"../hashmap.rs" 236 16 236 17] (1 : usize))); + [#"../hashmap.rs" 235 4 235 18] _y <- ([#"../hashmap.rs" 235 4 235 18] _15); + [#"../hashmap.rs" 235 4 235 18] _15 <- any Core_Option_Option_Type.t_option isize; + [#"../hashmap.rs" 236 9 236 18] _17 <- ([#"../hashmap.rs" 236 9 236 18] get0 ([#"../hashmap.rs" 236 9 236 18] h2) ([#"../hashmap.rs" 236 16 236 17] [#"../hashmap.rs" 236 16 236 17] (1 : usize))); goto BB10 } BB10 { - _z <- _17; - _17 <- any Core_Option_Option_Type.t_option isize; - _19 <- ([#"../hashmap.rs" 237 9 237 18] get0 ([#"../hashmap.rs" 237 9 237 18] h2) ([#"../hashmap.rs" 237 16 237 17] [#"../hashmap.rs" 237 16 237 17] (2 : usize))); + [#"../hashmap.rs" 236 4 236 18] _z <- ([#"../hashmap.rs" 236 4 236 18] _17); + [#"../hashmap.rs" 236 4 236 18] _17 <- any Core_Option_Option_Type.t_option isize; + [#"../hashmap.rs" 237 9 237 18] _19 <- ([#"../hashmap.rs" 237 9 237 18] get0 ([#"../hashmap.rs" 237 9 237 18] h2) ([#"../hashmap.rs" 237 16 237 17] [#"../hashmap.rs" 237 16 237 17] (2 : usize))); goto BB11 } BB11 { - _t <- _19; - _19 <- any Core_Option_Option_Type.t_option isize; - _22 <- Borrow.borrow_mut h2; - h2 <- ^ _22; - _21 <- ([#"../hashmap.rs" 240 4 240 17] add0 _22 ([#"../hashmap.rs" 240 11 240 12] [#"../hashmap.rs" 240 11 240 12] (1 : usize)) ([#"../hashmap.rs" 240 14 240 16] [#"../hashmap.rs" 240 14 240 16] (42 : isize))); + [#"../hashmap.rs" 237 4 237 18] _t <- ([#"../hashmap.rs" 237 4 237 18] _19); + [#"../hashmap.rs" 237 4 237 18] _19 <- any Core_Option_Option_Type.t_option isize; + [#"../hashmap.rs" 240 4 240 17] _22 <- Borrow.borrow_mut h2; + [#"../hashmap.rs" 240 4 240 17] h2 <- ^ _22; + [#"../hashmap.rs" 240 4 240 17] _21 <- ([#"../hashmap.rs" 240 4 240 17] add0 _22 ([#"../hashmap.rs" 240 11 240 12] [#"../hashmap.rs" 240 11 240 12] (1 : usize)) ([#"../hashmap.rs" 240 14 240 16] [#"../hashmap.rs" 240 14 240 16] (42 : isize))); _22 <- any borrowed (Hashmap_MyHashMap_Type.t_myhashmap usize isize); goto BB12 } BB12 { - _23 <- ([#"../hashmap.rs" 241 9 241 18] get0 ([#"../hashmap.rs" 241 9 241 18] h1) ([#"../hashmap.rs" 241 16 241 17] [#"../hashmap.rs" 241 16 241 17] (1 : usize))); + [#"../hashmap.rs" 241 9 241 18] _23 <- ([#"../hashmap.rs" 241 9 241 18] get0 ([#"../hashmap.rs" 241 9 241 18] h1) ([#"../hashmap.rs" 241 16 241 17] [#"../hashmap.rs" 241 16 241 17] (1 : usize))); goto BB13 } BB13 { - _x <- _23; - _23 <- any Core_Option_Option_Type.t_option isize; - _25 <- ([#"../hashmap.rs" 242 9 242 18] get0 ([#"../hashmap.rs" 242 9 242 18] h1) ([#"../hashmap.rs" 242 16 242 17] [#"../hashmap.rs" 242 16 242 17] (2 : usize))); + [#"../hashmap.rs" 241 4 241 18] _x <- ([#"../hashmap.rs" 241 4 241 18] _23); + [#"../hashmap.rs" 241 4 241 18] _23 <- any Core_Option_Option_Type.t_option isize; + [#"../hashmap.rs" 242 9 242 18] _25 <- ([#"../hashmap.rs" 242 9 242 18] get0 ([#"../hashmap.rs" 242 9 242 18] h1) ([#"../hashmap.rs" 242 16 242 17] [#"../hashmap.rs" 242 16 242 17] (2 : usize))); goto BB14 } BB14 { - _y <- _25; - _25 <- any Core_Option_Option_Type.t_option isize; - _27 <- ([#"../hashmap.rs" 243 9 243 18] get0 ([#"../hashmap.rs" 243 9 243 18] h2) ([#"../hashmap.rs" 243 16 243 17] [#"../hashmap.rs" 243 16 243 17] (1 : usize))); + [#"../hashmap.rs" 242 4 242 18] _y <- ([#"../hashmap.rs" 242 4 242 18] _25); + [#"../hashmap.rs" 242 4 242 18] _25 <- any Core_Option_Option_Type.t_option isize; + [#"../hashmap.rs" 243 9 243 18] _27 <- ([#"../hashmap.rs" 243 9 243 18] get0 ([#"../hashmap.rs" 243 9 243 18] h2) ([#"../hashmap.rs" 243 16 243 17] [#"../hashmap.rs" 243 16 243 17] (1 : usize))); goto BB15 } BB15 { - _z <- _27; - _27 <- any Core_Option_Option_Type.t_option isize; - _29 <- ([#"../hashmap.rs" 244 9 244 18] get0 ([#"../hashmap.rs" 244 9 244 18] h2) ([#"../hashmap.rs" 244 16 244 17] [#"../hashmap.rs" 244 16 244 17] (2 : usize))); + [#"../hashmap.rs" 243 4 243 18] _z <- ([#"../hashmap.rs" 243 4 243 18] _27); + [#"../hashmap.rs" 243 4 243 18] _27 <- any Core_Option_Option_Type.t_option isize; + [#"../hashmap.rs" 244 9 244 18] _29 <- ([#"../hashmap.rs" 244 9 244 18] get0 ([#"../hashmap.rs" 244 9 244 18] h2) ([#"../hashmap.rs" 244 16 244 17] [#"../hashmap.rs" 244 16 244 17] (2 : usize))); goto BB16 } BB16 { - _t <- _29; - _29 <- any Core_Option_Option_Type.t_option isize; - _0 <- ([#"../hashmap.rs" 217 14 247 1] ()); + [#"../hashmap.rs" 244 4 244 18] _t <- ([#"../hashmap.rs" 244 4 244 18] _29); + [#"../hashmap.rs" 244 4 244 18] _29 <- any Core_Option_Option_Type.t_option isize; + [#"../hashmap.rs" 217 14 247 1] _0 <- ([#"../hashmap.rs" 217 14 247 1] ()); goto BB17 } BB17 { @@ -2264,7 +2264,7 @@ module Hashmap_Impl0 val inv1 (_x : Hashmap_List_Type.t_list t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../hashmap.rs" 1 0 1 0] forall x : Hashmap_List_Type.t_list t . inv1 x = true + axiom inv1 : forall x : Hashmap_List_Type.t_list t . inv1 x = true predicate invariant0 (self : Hashmap_List_Type.t_list t) val invariant0 (self : Hashmap_List_Type.t_list t) : bool ensures { result = invariant0 self } @@ -2273,7 +2273,7 @@ module Hashmap_Impl0 val inv0 (_x : Hashmap_List_Type.t_list t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../hashmap.rs" 1 0 1 0] forall x : Hashmap_List_Type.t_list t . inv0 x = true + axiom inv0 : forall x : Hashmap_List_Type.t_list t . inv0 x = true use prelude.Borrow goal clone'_refn : [#"../hashmap.rs" 16 4 16 27] forall self : Hashmap_List_Type.t_list t . inv0 self -> inv0 self /\ (forall result : Hashmap_List_Type.t_list t . inv1 result /\ result = self -> inv1 result /\ result = self) end @@ -2288,7 +2288,7 @@ module Hashmap_Impl2 val inv0 (_x : usize) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../hashmap.rs" 1 0 1 0] forall x : usize . inv0 x = true + axiom inv0 : forall x : usize . inv0 x = true use prelude.Int function hash_log0 [#"../hashmap.rs" 64 4 64 30] (x : int) : int = [#"../hashmap.rs" 65 20 65 21] x diff --git a/creusot/tests/should_succeed/heapsort_generic.mlcfg b/creusot/tests/should_succeed/heapsort_generic.mlcfg index d5702cf20d..f2edd8180c 100644 --- a/creusot/tests/should_succeed/heapsort_generic.mlcfg +++ b/creusot/tests/should_succeed/heapsort_generic.mlcfg @@ -16,7 +16,7 @@ module HeapsortGeneric_HeapFragMax_Impl val inv1 (_x : t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../heapsort_generic.rs" 1 0 1 0] forall x : t . inv1 x = true + axiom inv1 : forall x : t . inv1 x = true use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type function cmp_log0 (self : t) (_2 : t) : Core_Cmp_Ordering_Type.t_ordering val cmp_log0 (self : t) (_2 : t) : Core_Cmp_Ordering_Type.t_ordering @@ -114,7 +114,7 @@ module HeapsortGeneric_HeapFragMax_Impl val inv0 (_x : Seq.seq t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../heapsort_generic.rs" 1 0 1 0] forall x : Seq.seq t . inv0 x = true + axiom inv0 : forall x : Seq.seq t . inv0 x = true use prelude.Int function parent0 [#"../heapsort_generic.rs" 10 0 10 24] (i : int) : int = [#"../heapsort_generic.rs" 11 4 11 19] div (i + 1) 2 - 1 @@ -187,7 +187,7 @@ module HeapsortGeneric_SiftDown val inv10 (_x : Seq.seq t) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../heapsort_generic.rs" 1 0 1 0] forall x : Seq.seq t . inv10 x = true + axiom inv10 : forall x : Seq.seq t . inv10 x = true type deep_model_ty0 predicate invariant9 (self : Seq.seq deep_model_ty0) val invariant9 (self : Seq.seq deep_model_ty0) : bool @@ -197,7 +197,7 @@ module HeapsortGeneric_SiftDown val inv9 (_x : Seq.seq deep_model_ty0) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../heapsort_generic.rs" 1 0 1 0] forall x : Seq.seq deep_model_ty0 . inv9 x = true + axiom inv9 : forall x : Seq.seq deep_model_ty0 . inv9 x = true use prelude.UIntSize predicate invariant8 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -208,7 +208,7 @@ module HeapsortGeneric_SiftDown val inv8 (_x : usize) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../heapsort_generic.rs" 1 0 1 0] forall x : usize . inv8 x = true + axiom inv8 : forall x : usize . inv8 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type predicate invariant7 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) @@ -219,7 +219,7 @@ module HeapsortGeneric_SiftDown val inv7 (_x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../heapsort_generic.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv7 x = true + axiom inv7 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv7 x = true use prelude.Borrow predicate invariant6 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) val invariant6 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool @@ -229,7 +229,7 @@ module HeapsortGeneric_SiftDown val inv6 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../heapsort_generic.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv6 x = true + axiom inv6 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv6 x = true use prelude.Slice predicate invariant5 (self : borrowed (slice t)) val invariant5 (self : borrowed (slice t)) : bool @@ -239,7 +239,7 @@ module HeapsortGeneric_SiftDown val inv5 (_x : borrowed (slice t)) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../heapsort_generic.rs" 1 0 1 0] forall x : borrowed (slice t) . inv5 x = true + axiom inv5 : forall x : borrowed (slice t) . inv5 x = true predicate invariant4 (self : slice t) val invariant4 (self : slice t) : bool ensures { result = invariant4 self } @@ -248,7 +248,7 @@ module HeapsortGeneric_SiftDown val inv4 (_x : slice t) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../heapsort_generic.rs" 1 0 1 0] forall x : slice t . inv4 x = true + axiom inv4 : forall x : slice t . inv4 x = true use prelude.Int use prelude.UIntSize let constant max0 : usize = [@vc:do_not_keep_trace] [@vc:sp] @@ -269,7 +269,7 @@ module HeapsortGeneric_SiftDown val invariant3 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../heapsort_generic.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv3 x = true + axiom inv3 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv3 x = true predicate invariant2 (self : t) val invariant2 (self : t) : bool ensures { result = invariant2 self } @@ -278,7 +278,7 @@ module HeapsortGeneric_SiftDown val inv2 (_x : t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../heapsort_generic.rs" 1 0 1 0] forall x : t . inv2 x = true + axiom inv2 : forall x : t . inv2 x = true use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type function cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering val cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering @@ -376,7 +376,7 @@ module HeapsortGeneric_SiftDown val invariant1 (self : deep_model_ty0) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../heapsort_generic.rs" 1 0 1 0] forall x : deep_model_ty0 . inv1 x = true + axiom inv1 : forall x : deep_model_ty0 . inv1 x = true use prelude.Ghost predicate invariant0 (self : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)))) @@ -387,7 +387,7 @@ module HeapsortGeneric_SiftDown val inv0 (_x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../heapsort_generic.rs" 1 0 1 0] forall x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) . inv0 x = true + axiom inv0 : forall x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) . inv0 x = true function deep_model3 (self : t) : deep_model_ty0 val deep_model3 (self : t) : deep_model_ty0 ensures { result = deep_model3 self } @@ -567,13 +567,13 @@ module HeapsortGeneric_SiftDown goto BB0 } BB0 { - old_v <- ([#"../heapsort_generic.rs" 45 16 45 25] Ghost.new v); + [#"../heapsort_generic.rs" 45 16 45 25] old_v <- ([#"../heapsort_generic.rs" 45 16 45 25] Ghost.new v); goto BB1 } BB1 { assert { [@expl:type invariant] inv0 old_v }; assume { resolve0 old_v }; - i <- start; + [#"../heapsort_generic.rs" 46 16 46 21] i <- ([#"../heapsort_generic.rs" 46 16 46 21] start); goto BB2 } BB2 { @@ -587,12 +587,12 @@ module HeapsortGeneric_SiftDown goto BB3 } BB3 { - _28 <- ([#"../heapsort_generic.rs" 60 16 60 23] ([#"../heapsort_generic.rs" 60 22 60 23] [#"../heapsort_generic.rs" 60 22 60 23] (2 : usize)) = ([#"../heapsort_generic.rs" 60 16 60 23] [#"../heapsort_generic.rs" 60 16 60 23] (0 : usize))); + [#"../heapsort_generic.rs" 60 16 60 23] _28 <- ([#"../heapsort_generic.rs" 60 16 60 23] ([#"../heapsort_generic.rs" 60 22 60 23] [#"../heapsort_generic.rs" 60 22 60 23] (2 : usize)) = ([#"../heapsort_generic.rs" 60 16 60 23] [#"../heapsort_generic.rs" 60 16 60 23] (0 : usize))); assert { [@expl:division by zero] [#"../heapsort_generic.rs" 60 16 60 23] not _28 }; goto BB4 } BB4 { - switch ([#"../heapsort_generic.rs" 60 11 60 23] i >= ([#"../heapsort_generic.rs" 60 16 60 23] end' / ([#"../heapsort_generic.rs" 60 22 60 23] [#"../heapsort_generic.rs" 60 22 60 23] (2 : usize)))) + switch ([#"../heapsort_generic.rs" 60 11 60 23] ([#"../heapsort_generic.rs" 60 11 60 12] i) >= ([#"../heapsort_generic.rs" 60 16 60 23] ([#"../heapsort_generic.rs" 60 16 60 19] end') / ([#"../heapsort_generic.rs" 60 22 60 23] [#"../heapsort_generic.rs" 60 22 60 23] (2 : usize)))) | False -> goto BB6 | True -> goto BB5 end @@ -600,22 +600,22 @@ module HeapsortGeneric_SiftDown BB5 { assert { [@expl:type invariant] inv6 v }; assume { resolve3 v }; - _0 <- ([#"../heapsort_generic.rs" 61 12 61 18] ()); + [#"../heapsort_generic.rs" 61 12 61 18] _0 <- ([#"../heapsort_generic.rs" 61 12 61 18] ()); goto BB23 } BB6 { - child <- ([#"../heapsort_generic.rs" 64 24 64 33] ([#"../heapsort_generic.rs" 64 24 64 29] ([#"../heapsort_generic.rs" 64 24 64 25] [#"../heapsort_generic.rs" 64 24 64 25] (2 : usize)) * i) + ([#"../heapsort_generic.rs" 64 32 64 33] [#"../heapsort_generic.rs" 64 32 64 33] (1 : usize))); - switch ([#"../heapsort_generic.rs" 65 11 65 26] ([#"../heapsort_generic.rs" 65 11 65 20] child + ([#"../heapsort_generic.rs" 65 19 65 20] [#"../heapsort_generic.rs" 65 19 65 20] (1 : usize))) < end') + [#"../heapsort_generic.rs" 64 24 64 33] child <- ([#"../heapsort_generic.rs" 64 24 64 33] ([#"../heapsort_generic.rs" 64 24 64 29] ([#"../heapsort_generic.rs" 64 24 64 25] [#"../heapsort_generic.rs" 64 24 64 25] (2 : usize)) * ([#"../heapsort_generic.rs" 64 28 64 29] i)) + ([#"../heapsort_generic.rs" 64 32 64 33] [#"../heapsort_generic.rs" 64 32 64 33] (1 : usize))); + switch ([#"../heapsort_generic.rs" 65 11 65 26] ([#"../heapsort_generic.rs" 65 11 65 20] ([#"../heapsort_generic.rs" 65 11 65 16] child) + ([#"../heapsort_generic.rs" 65 19 65 20] [#"../heapsort_generic.rs" 65 19 65 20] (1 : usize))) < ([#"../heapsort_generic.rs" 65 23 65 26] end')) | False -> goto BB7 | True -> goto BB8 end } BB7 { - _34 <- ([#"../heapsort_generic.rs" 65 11 65 53] [#"../heapsort_generic.rs" 65 11 65 53] false); + [#"../heapsort_generic.rs" 65 11 65 53] _34 <- ([#"../heapsort_generic.rs" 65 11 65 53] [#"../heapsort_generic.rs" 65 11 65 53] false); goto BB9 } BB8 { - _41 <- ([#"../heapsort_generic.rs" 65 30 65 38] index0 ([#"../heapsort_generic.rs" 65 30 65 31] * v) child); + [#"../heapsort_generic.rs" 65 30 65 38] _41 <- ([#"../heapsort_generic.rs" 65 30 65 38] index0 ([#"../heapsort_generic.rs" 65 30 65 31] * v) ([#"../heapsort_generic.rs" 65 32 65 37] child)); goto BB10 } BB9 { @@ -627,43 +627,43 @@ module HeapsortGeneric_SiftDown BB10 { assert { [@expl:type invariant] inv2 _41 }; assume { resolve1 _41 }; - _45 <- ([#"../heapsort_generic.rs" 65 41 65 53] index0 ([#"../heapsort_generic.rs" 65 41 65 42] * v) ([#"../heapsort_generic.rs" 65 43 65 52] child + ([#"../heapsort_generic.rs" 65 51 65 52] [#"../heapsort_generic.rs" 65 51 65 52] (1 : usize)))); + [#"../heapsort_generic.rs" 65 41 65 53] _45 <- ([#"../heapsort_generic.rs" 65 41 65 53] index0 ([#"../heapsort_generic.rs" 65 41 65 42] * v) ([#"../heapsort_generic.rs" 65 43 65 52] ([#"../heapsort_generic.rs" 65 43 65 48] child) + ([#"../heapsort_generic.rs" 65 51 65 52] [#"../heapsort_generic.rs" 65 51 65 52] (1 : usize)))); goto BB11 } BB11 { assert { [@expl:type invariant] inv2 _45 }; assume { resolve1 _45 }; - _39 <- ([#"../heapsort_generic.rs" 65 30 65 53] lt0 ([#"../heapsort_generic.rs" 65 30 65 38] _41) ([#"../heapsort_generic.rs" 65 41 65 53] _45)); + [#"../heapsort_generic.rs" 65 30 65 53] _39 <- ([#"../heapsort_generic.rs" 65 30 65 53] lt0 ([#"../heapsort_generic.rs" 65 30 65 38] _41) ([#"../heapsort_generic.rs" 65 41 65 53] _45)); goto BB12 } BB12 { - _34 <- _39; - _39 <- any bool; + [#"../heapsort_generic.rs" 65 11 65 53] _34 <- ([#"../heapsort_generic.rs" 65 11 65 53] _39); + [#"../heapsort_generic.rs" 65 11 65 53] _39 <- any bool; goto BB9 } BB13 { - child <- ([#"../heapsort_generic.rs" 66 12 66 22] child + ([#"../heapsort_generic.rs" 66 21 66 22] [#"../heapsort_generic.rs" 66 21 66 22] (1 : usize))); - _33 <- ([#"../heapsort_generic.rs" 66 12 66 22] ()); + [#"../heapsort_generic.rs" 66 12 66 22] child <- ([#"../heapsort_generic.rs" 66 12 66 22] child + ([#"../heapsort_generic.rs" 66 21 66 22] [#"../heapsort_generic.rs" 66 21 66 22] (1 : usize))); + [#"../heapsort_generic.rs" 66 12 66 22] _33 <- ([#"../heapsort_generic.rs" 66 12 66 22] ()); goto BB15 } BB14 { - _33 <- ([#"../heapsort_generic.rs" 67 9 67 9] ()); + [#"../heapsort_generic.rs" 67 9 67 9] _33 <- ([#"../heapsort_generic.rs" 67 9 67 9] ()); goto BB15 } BB15 { - _52 <- ([#"../heapsort_generic.rs" 68 11 68 19] index0 ([#"../heapsort_generic.rs" 68 11 68 12] * v) child); + [#"../heapsort_generic.rs" 68 11 68 19] _52 <- ([#"../heapsort_generic.rs" 68 11 68 19] index0 ([#"../heapsort_generic.rs" 68 11 68 12] * v) ([#"../heapsort_generic.rs" 68 13 68 18] child)); goto BB16 } BB16 { assert { [@expl:type invariant] inv2 _52 }; assume { resolve1 _52 }; - _56 <- ([#"../heapsort_generic.rs" 68 23 68 27] index0 ([#"../heapsort_generic.rs" 68 23 68 24] * v) i); + [#"../heapsort_generic.rs" 68 23 68 27] _56 <- ([#"../heapsort_generic.rs" 68 23 68 27] index0 ([#"../heapsort_generic.rs" 68 23 68 24] * v) ([#"../heapsort_generic.rs" 68 25 68 26] i)); goto BB17 } BB17 { assert { [@expl:type invariant] inv2 _56 }; assume { resolve1 _56 }; - _50 <- ([#"../heapsort_generic.rs" 68 11 68 27] le0 ([#"../heapsort_generic.rs" 68 11 68 19] _52) ([#"../heapsort_generic.rs" 68 23 68 27] _56)); + [#"../heapsort_generic.rs" 68 11 68 27] _50 <- ([#"../heapsort_generic.rs" 68 11 68 27] le0 ([#"../heapsort_generic.rs" 68 11 68 19] _52) ([#"../heapsort_generic.rs" 68 23 68 27] _56)); goto BB18 } BB18 { @@ -675,29 +675,29 @@ module HeapsortGeneric_SiftDown BB19 { assert { [@expl:type invariant] inv6 v }; assume { resolve3 v }; - _0 <- ([#"../heapsort_generic.rs" 69 12 69 18] ()); + [#"../heapsort_generic.rs" 69 12 69 18] _0 <- ([#"../heapsort_generic.rs" 69 12 69 18] ()); goto BB23 } BB20 { - _63 <- Borrow.borrow_mut ( * v); - v <- { v with current = ^ _63 }; + [#"../heapsort_generic.rs" 71 8 71 24] _63 <- Borrow.borrow_mut ( * v); + [#"../heapsort_generic.rs" 71 8 71 24] v <- { v with current = ^ _63 }; assume { inv3 ( ^ _63) }; - _62 <- ([#"../heapsort_generic.rs" 71 8 71 24] deref_mut0 _63); + [#"../heapsort_generic.rs" 71 8 71 24] _62 <- ([#"../heapsort_generic.rs" 71 8 71 24] deref_mut0 _63); _63 <- any borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)); goto BB21 } BB21 { - _61 <- Borrow.borrow_mut ( * _62); - _62 <- { _62 with current = ^ _61 }; + [#"../heapsort_generic.rs" 71 8 71 24] _61 <- Borrow.borrow_mut ( * _62); + [#"../heapsort_generic.rs" 71 8 71 24] _62 <- { _62 with current = ^ _61 }; assume { inv4 ( ^ _61) }; - _60 <- ([#"../heapsort_generic.rs" 71 8 71 24] swap0 _61 i child); + [#"../heapsort_generic.rs" 71 8 71 24] _60 <- ([#"../heapsort_generic.rs" 71 8 71 24] swap0 _61 ([#"../heapsort_generic.rs" 71 15 71 16] i) ([#"../heapsort_generic.rs" 71 18 71 23] child)); _61 <- any borrowed (slice t); goto BB22 } BB22 { assert { [@expl:type invariant] inv5 _62 }; assume { resolve2 _62 }; - i <- child; + [#"../heapsort_generic.rs" 72 8 72 17] i <- ([#"../heapsort_generic.rs" 72 12 72 17] child); goto BB2 } BB23 { @@ -716,7 +716,7 @@ module HeapsortGeneric_HeapSort val inv8 (_x : Seq.seq t) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../heapsort_generic.rs" 1 0 1 0] forall x : Seq.seq t . inv8 x = true + axiom inv8 : forall x : Seq.seq t . inv8 x = true type deep_model_ty0 predicate invariant7 (self : deep_model_ty0) val invariant7 (self : deep_model_ty0) : bool @@ -726,7 +726,7 @@ module HeapsortGeneric_HeapSort val inv7 (_x : deep_model_ty0) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../heapsort_generic.rs" 1 0 1 0] forall x : deep_model_ty0 . inv7 x = true + axiom inv7 : forall x : deep_model_ty0 . inv7 x = true predicate invariant6 (self : Seq.seq deep_model_ty0) val invariant6 (self : Seq.seq deep_model_ty0) : bool ensures { result = invariant6 self } @@ -735,7 +735,7 @@ module HeapsortGeneric_HeapSort val inv6 (_x : Seq.seq deep_model_ty0) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../heapsort_generic.rs" 1 0 1 0] forall x : Seq.seq deep_model_ty0 . inv6 x = true + axiom inv6 : forall x : Seq.seq deep_model_ty0 . inv6 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type predicate invariant5 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) @@ -746,7 +746,7 @@ module HeapsortGeneric_HeapSort val inv5 (_x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../heapsort_generic.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv5 x = true + axiom inv5 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv5 x = true use prelude.Slice use prelude.Borrow predicate invariant4 (self : borrowed (slice t)) @@ -757,7 +757,7 @@ module HeapsortGeneric_HeapSort val inv4 (_x : borrowed (slice t)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../heapsort_generic.rs" 1 0 1 0] forall x : borrowed (slice t) . inv4 x = true + axiom inv4 : forall x : borrowed (slice t) . inv4 x = true predicate invariant3 (self : slice t) val invariant3 (self : slice t) : bool ensures { result = invariant3 self } @@ -766,7 +766,7 @@ module HeapsortGeneric_HeapSort val inv3 (_x : slice t) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../heapsort_generic.rs" 1 0 1 0] forall x : slice t . inv3 x = true + axiom inv3 : forall x : slice t . inv3 x = true use prelude.UIntSize use prelude.Int use prelude.UIntSize @@ -788,7 +788,7 @@ module HeapsortGeneric_HeapSort val invariant2 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../heapsort_generic.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv2 x = true + axiom inv2 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv2 x = true predicate invariant1 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) val invariant1 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = invariant1 self } @@ -797,7 +797,7 @@ module HeapsortGeneric_HeapSort val inv1 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../heapsort_generic.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv1 x = true + axiom inv1 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv1 x = true use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type function cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering val cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering @@ -897,7 +897,7 @@ module HeapsortGeneric_HeapSort val inv0 (_x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../heapsort_generic.rs" 1 0 1 0] forall x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) . inv0 x = true + axiom inv0 : forall x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) . inv0 x = true use seq.Seq predicate sorted_range0 [#"../heapsort_generic.rs" 77 0 77 63] (s : Seq.seq deep_model_ty0) (l : int) (u : int) = [#"../heapsort_generic.rs" 78 4 80 5] forall j : int . forall i : int . l <= i /\ i < j /\ j < u -> le_log0 (Seq.get s i) (Seq.get s j) @@ -1074,22 +1074,22 @@ module HeapsortGeneric_HeapSort goto BB0 } BB0 { - old_v <- ([#"../heapsort_generic.rs" 97 16 97 25] Ghost.new v); + [#"../heapsort_generic.rs" 97 16 97 25] old_v <- ([#"../heapsort_generic.rs" 97 16 97 25] Ghost.new v); goto BB1 } BB1 { assert { [@expl:type invariant] inv0 old_v }; assume { resolve0 old_v }; - _8 <- ([#"../heapsort_generic.rs" 99 20 99 27] len0 ([#"../heapsort_generic.rs" 99 20 99 27] * v)); + [#"../heapsort_generic.rs" 99 20 99 27] _8 <- ([#"../heapsort_generic.rs" 99 20 99 27] len0 ([#"../heapsort_generic.rs" 99 20 99 27] * v)); goto BB2 } BB2 { - _10 <- ([#"../heapsort_generic.rs" 99 20 99 31] ([#"../heapsort_generic.rs" 99 30 99 31] [#"../heapsort_generic.rs" 99 30 99 31] (2 : usize)) = ([#"../heapsort_generic.rs" 99 20 99 31] [#"../heapsort_generic.rs" 99 20 99 31] (0 : usize))); + [#"../heapsort_generic.rs" 99 20 99 31] _10 <- ([#"../heapsort_generic.rs" 99 20 99 31] ([#"../heapsort_generic.rs" 99 30 99 31] [#"../heapsort_generic.rs" 99 30 99 31] (2 : usize)) = ([#"../heapsort_generic.rs" 99 20 99 31] [#"../heapsort_generic.rs" 99 20 99 31] (0 : usize))); assert { [@expl:division by zero] [#"../heapsort_generic.rs" 99 20 99 31] not _10 }; goto BB3 } BB3 { - start <- ([#"../heapsort_generic.rs" 99 20 99 31] _8 / ([#"../heapsort_generic.rs" 99 30 99 31] [#"../heapsort_generic.rs" 99 30 99 31] (2 : usize))); + [#"../heapsort_generic.rs" 99 20 99 31] start <- ([#"../heapsort_generic.rs" 99 20 99 31] _8 / ([#"../heapsort_generic.rs" 99 30 99 31] [#"../heapsort_generic.rs" 99 30 99 31] (2 : usize))); _8 <- any usize; goto BB4 } @@ -1100,31 +1100,31 @@ module HeapsortGeneric_HeapSort goto BB5 } BB5 { - switch ([#"../heapsort_generic.rs" 103 10 103 19] start > ([#"../heapsort_generic.rs" 103 18 103 19] [#"../heapsort_generic.rs" 103 18 103 19] (0 : usize))) + switch ([#"../heapsort_generic.rs" 103 10 103 19] ([#"../heapsort_generic.rs" 103 10 103 15] start) > ([#"../heapsort_generic.rs" 103 18 103 19] [#"../heapsort_generic.rs" 103 18 103 19] (0 : usize))) | False -> goto BB9 | True -> goto BB6 end } BB6 { - start <- ([#"../heapsort_generic.rs" 104 8 104 18] start - ([#"../heapsort_generic.rs" 104 17 104 18] [#"../heapsort_generic.rs" 104 17 104 18] (1 : usize))); - _19 <- Borrow.borrow_mut ( * v); - v <- { v with current = ^ _19 }; + [#"../heapsort_generic.rs" 104 8 104 18] start <- ([#"../heapsort_generic.rs" 104 8 104 18] start - ([#"../heapsort_generic.rs" 104 17 104 18] [#"../heapsort_generic.rs" 104 17 104 18] (1 : usize))); + [#"../heapsort_generic.rs" 105 18 105 19] _19 <- Borrow.borrow_mut ( * v); + [#"../heapsort_generic.rs" 105 18 105 19] v <- { v with current = ^ _19 }; assume { inv2 ( ^ _19) }; - _21 <- ([#"../heapsort_generic.rs" 105 28 105 35] len0 ([#"../heapsort_generic.rs" 105 28 105 35] * _19)); + [#"../heapsort_generic.rs" 105 28 105 35] _21 <- ([#"../heapsort_generic.rs" 105 28 105 35] len0 ([#"../heapsort_generic.rs" 105 28 105 35] * _19)); goto BB7 } BB7 { - _18 <- ([#"../heapsort_generic.rs" 105 8 105 36] sift_down0 _19 start _21); + [#"../heapsort_generic.rs" 105 8 105 36] _18 <- ([#"../heapsort_generic.rs" 105 8 105 36] sift_down0 _19 ([#"../heapsort_generic.rs" 105 21 105 26] start) _21); _19 <- any borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)); _21 <- any usize; goto BB8 } BB8 { - _15 <- ([#"../heapsort_generic.rs" 103 20 106 5] ()); + [#"../heapsort_generic.rs" 103 20 106 5] _15 <- ([#"../heapsort_generic.rs" 103 20 106 5] ()); goto BB4 } BB9 { - end' <- ([#"../heapsort_generic.rs" 108 18 108 25] len0 ([#"../heapsort_generic.rs" 108 18 108 25] * v)); + [#"../heapsort_generic.rs" 108 18 108 25] end' <- ([#"../heapsort_generic.rs" 108 18 108 25] len0 ([#"../heapsort_generic.rs" 108 18 108 25] * v)); goto BB10 } BB10 { @@ -1139,25 +1139,25 @@ module HeapsortGeneric_HeapSort goto BB12 } BB12 { - switch ([#"../heapsort_generic.rs" 115 10 115 17] end' > ([#"../heapsort_generic.rs" 115 16 115 17] [#"../heapsort_generic.rs" 115 16 115 17] (1 : usize))) + switch ([#"../heapsort_generic.rs" 115 10 115 17] ([#"../heapsort_generic.rs" 115 10 115 13] end') > ([#"../heapsort_generic.rs" 115 16 115 17] [#"../heapsort_generic.rs" 115 16 115 17] (1 : usize))) | False -> goto BB17 | True -> goto BB13 end } BB13 { - end' <- ([#"../heapsort_generic.rs" 116 8 116 16] end' - ([#"../heapsort_generic.rs" 116 15 116 16] [#"../heapsort_generic.rs" 116 15 116 16] (1 : usize))); - _38 <- Borrow.borrow_mut ( * v); - v <- { v with current = ^ _38 }; + [#"../heapsort_generic.rs" 116 8 116 16] end' <- ([#"../heapsort_generic.rs" 116 8 116 16] end' - ([#"../heapsort_generic.rs" 116 15 116 16] [#"../heapsort_generic.rs" 116 15 116 16] (1 : usize))); + [#"../heapsort_generic.rs" 117 8 117 22] _38 <- Borrow.borrow_mut ( * v); + [#"../heapsort_generic.rs" 117 8 117 22] v <- { v with current = ^ _38 }; assume { inv2 ( ^ _38) }; - _37 <- ([#"../heapsort_generic.rs" 117 8 117 22] deref_mut0 _38); + [#"../heapsort_generic.rs" 117 8 117 22] _37 <- ([#"../heapsort_generic.rs" 117 8 117 22] deref_mut0 _38); _38 <- any borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)); goto BB14 } BB14 { - _36 <- Borrow.borrow_mut ( * _37); - _37 <- { _37 with current = ^ _36 }; + [#"../heapsort_generic.rs" 117 8 117 22] _36 <- Borrow.borrow_mut ( * _37); + [#"../heapsort_generic.rs" 117 8 117 22] _37 <- { _37 with current = ^ _36 }; assume { inv3 ( ^ _36) }; - _35 <- ([#"../heapsort_generic.rs" 117 8 117 22] swap0 _36 ([#"../heapsort_generic.rs" 117 15 117 16] [#"../heapsort_generic.rs" 117 15 117 16] (0 : usize)) end'); + [#"../heapsort_generic.rs" 117 8 117 22] _35 <- ([#"../heapsort_generic.rs" 117 8 117 22] swap0 _36 ([#"../heapsort_generic.rs" 117 15 117 16] [#"../heapsort_generic.rs" 117 15 117 16] (0 : usize)) ([#"../heapsort_generic.rs" 117 18 117 21] end')); _36 <- any borrowed (slice t); goto BB15 } @@ -1165,21 +1165,21 @@ module HeapsortGeneric_HeapSort assert { [@expl:type invariant] inv4 _37 }; assume { resolve2 _37 }; assert { [@expl:assertion] [#"../heapsort_generic.rs" 119 12 119 59] let _ = heap_frag_max0 (deep_model0 v) 0 (UIntSize.to_int end') in forall j : int . forall i : int . 0 <= i /\ i < UIntSize.to_int end' /\ UIntSize.to_int end' <= j /\ j < Seq.length (shallow_model0 v) -> le_log0 (Seq.get (deep_model0 v) i) (Seq.get (deep_model0 v) j) }; - _43 <- Borrow.borrow_mut ( * v); - v <- { v with current = ^ _43 }; + [#"../heapsort_generic.rs" 123 18 123 19] _43 <- Borrow.borrow_mut ( * v); + [#"../heapsort_generic.rs" 123 18 123 19] v <- { v with current = ^ _43 }; assume { inv2 ( ^ _43) }; - _42 <- ([#"../heapsort_generic.rs" 123 8 123 28] sift_down0 _43 ([#"../heapsort_generic.rs" 123 21 123 22] [#"../heapsort_generic.rs" 123 21 123 22] (0 : usize)) end'); + [#"../heapsort_generic.rs" 123 8 123 28] _42 <- ([#"../heapsort_generic.rs" 123 8 123 28] sift_down0 _43 ([#"../heapsort_generic.rs" 123 21 123 22] [#"../heapsort_generic.rs" 123 21 123 22] (0 : usize)) ([#"../heapsort_generic.rs" 123 24 123 27] end')); _43 <- any borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)); goto BB16 } BB16 { - _15 <- ([#"../heapsort_generic.rs" 115 18 124 5] ()); + [#"../heapsort_generic.rs" 115 18 124 5] _15 <- ([#"../heapsort_generic.rs" 115 18 124 5] ()); goto BB11 } BB17 { assert { [@expl:type invariant] inv1 v }; assume { resolve1 v }; - _0 <- ([#"../heapsort_generic.rs" 115 4 124 5] ()); + [#"../heapsort_generic.rs" 115 4 124 5] _0 <- ([#"../heapsort_generic.rs" 115 4 124 5] ()); return _0 } diff --git a/creusot/tests/should_succeed/hillel.mlcfg b/creusot/tests/should_succeed/hillel.mlcfg index 2c3635d439..eb114c1822 100644 --- a/creusot/tests/should_succeed/hillel.mlcfg +++ b/creusot/tests/should_succeed/hillel.mlcfg @@ -49,7 +49,7 @@ module Hillel_RightPad val inv5 (_x : Seq.seq t) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../hillel.rs" 1 0 1 0] forall x : Seq.seq t . inv5 x = true + axiom inv5 : forall x : Seq.seq t . inv5 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type predicate invariant4 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) @@ -60,7 +60,7 @@ module Hillel_RightPad val inv4 (_x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../hillel.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv4 x = true + axiom inv4 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv4 x = true use prelude.UIntSize use prelude.Int use prelude.UIntSize @@ -82,7 +82,7 @@ module Hillel_RightPad val invariant3 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../hillel.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv3 x = true + axiom inv3 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv3 x = true use prelude.Borrow predicate invariant2 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) val invariant2 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool @@ -92,7 +92,7 @@ module Hillel_RightPad val inv2 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../hillel.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv2 x = true + axiom inv2 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv2 x = true predicate invariant1 (self : t) val invariant1 (self : t) : bool ensures { result = invariant1 self } @@ -101,7 +101,7 @@ module Hillel_RightPad val inv1 (_x : t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../hillel.rs" 1 0 1 0] forall x : t . inv1 x = true + axiom inv1 : forall x : t . inv1 x = true use prelude.Ghost predicate invariant0 (self : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)))) @@ -112,7 +112,7 @@ module Hillel_RightPad val inv0 (_x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../hillel.rs" 1 0 1 0] forall x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) . inv0 x = true + axiom inv0 : forall x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) . inv0 x = true use seq.Seq function shallow_model1 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : Seq.seq t = @@ -193,7 +193,7 @@ module Hillel_RightPad goto BB0 } BB0 { - old_str <- ([#"../hillel.rs" 17 18 17 29] Ghost.new str); + [#"../hillel.rs" 17 18 17 29] old_str <- ([#"../hillel.rs" 17 18 17 29] Ghost.new str); goto BB1 } BB1 { @@ -210,20 +210,20 @@ module Hillel_RightPad goto BB3 } BB3 { - _19 <- ([#"../hillel.rs" 24 10 24 19] len1 ([#"../hillel.rs" 24 10 24 19] * str)); + [#"../hillel.rs" 24 10 24 19] _19 <- ([#"../hillel.rs" 24 10 24 19] len1 ([#"../hillel.rs" 24 10 24 19] * str)); goto BB4 } BB4 { - switch ([#"../hillel.rs" 24 10 24 25] _19 < len) + switch ([#"../hillel.rs" 24 10 24 25] _19 < ([#"../hillel.rs" 24 22 24 25] len)) | False -> goto BB7 | True -> goto BB5 end } BB5 { - _23 <- Borrow.borrow_mut ( * str); - str <- { str with current = ^ _23 }; + [#"../hillel.rs" 25 8 25 21] _23 <- Borrow.borrow_mut ( * str); + [#"../hillel.rs" 25 8 25 21] str <- { str with current = ^ _23 }; assume { inv3 ( ^ _23) }; - _22 <- ([#"../hillel.rs" 25 8 25 21] push0 _23 pad); + [#"../hillel.rs" 25 8 25 21] _22 <- ([#"../hillel.rs" 25 8 25 21] push0 _23 ([#"../hillel.rs" 25 17 25 20] pad)); _23 <- any borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)); goto BB6 } @@ -235,7 +235,7 @@ module Hillel_RightPad assume { resolve1 pad }; assert { [@expl:type invariant] inv2 str }; assume { resolve2 str }; - _0 <- ([#"../hillel.rs" 24 4 26 5] ()); + [#"../hillel.rs" 24 4 26 5] _0 <- ([#"../hillel.rs" 24 4 26 5] ()); return _0 } @@ -251,7 +251,7 @@ module Hillel_LeftPad val inv5 (_x : Seq.seq t) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../hillel.rs" 1 0 1 0] forall x : Seq.seq t . inv5 x = true + axiom inv5 : forall x : Seq.seq t . inv5 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type predicate invariant4 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) @@ -262,7 +262,7 @@ module Hillel_LeftPad val inv4 (_x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../hillel.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv4 x = true + axiom inv4 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv4 x = true use prelude.UIntSize use prelude.Int use prelude.UIntSize @@ -284,7 +284,7 @@ module Hillel_LeftPad val invariant3 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../hillel.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv3 x = true + axiom inv3 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv3 x = true use prelude.Borrow predicate invariant2 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) val invariant2 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool @@ -294,7 +294,7 @@ module Hillel_LeftPad val inv2 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../hillel.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv2 x = true + axiom inv2 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv2 x = true predicate invariant1 (self : t) val invariant1 (self : t) : bool ensures { result = invariant1 self } @@ -303,7 +303,7 @@ module Hillel_LeftPad val inv1 (_x : t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../hillel.rs" 1 0 1 0] forall x : t . inv1 x = true + axiom inv1 : forall x : t . inv1 x = true use prelude.Ghost predicate invariant0 (self : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)))) @@ -314,7 +314,7 @@ module Hillel_LeftPad val inv0 (_x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../hillel.rs" 1 0 1 0] forall x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) . inv0 x = true + axiom inv0 : forall x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) . inv0 x = true use prelude.Ghost use seq.Seq function index_logic0 [@inline:trivial] (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) (ix : int) : t @@ -410,13 +410,13 @@ module Hillel_LeftPad goto BB0 } BB0 { - old_str <- ([#"../hillel.rs" 34 18 34 29] Ghost.new str); + [#"../hillel.rs" 34 18 34 29] old_str <- ([#"../hillel.rs" 34 18 34 29] Ghost.new str); goto BB1 } BB1 { assert { [@expl:type invariant] inv0 old_str }; assume { resolve0 old_str }; - c <- ([#"../hillel.rs" 35 30 35 44] Ghost.new (0 : usize)); + [#"../hillel.rs" 35 30 35 44] c <- ([#"../hillel.rs" 35 30 35 44] Ghost.new (0 : usize)); goto BB2 } BB2 { @@ -432,30 +432,30 @@ module Hillel_LeftPad goto BB4 } BB4 { - _20 <- ([#"../hillel.rs" 43 10 43 19] len1 ([#"../hillel.rs" 43 10 43 19] * str)); + [#"../hillel.rs" 43 10 43 19] _20 <- ([#"../hillel.rs" 43 10 43 19] len1 ([#"../hillel.rs" 43 10 43 19] * str)); goto BB5 } BB5 { - switch ([#"../hillel.rs" 43 10 43 25] _20 < len) + switch ([#"../hillel.rs" 43 10 43 25] _20 < ([#"../hillel.rs" 43 22 43 25] len)) | False -> goto BB9 | True -> goto BB6 end } BB6 { - _24 <- Borrow.borrow_mut ( * str); - str <- { str with current = ^ _24 }; + [#"../hillel.rs" 44 8 44 26] _24 <- Borrow.borrow_mut ( * str); + [#"../hillel.rs" 44 8 44 26] str <- { str with current = ^ _24 }; assume { inv3 ( ^ _24) }; - _23 <- ([#"../hillel.rs" 44 8 44 26] insert0 _24 ([#"../hillel.rs" 44 19 44 20] [#"../hillel.rs" 44 19 44 20] (0 : usize)) pad); + [#"../hillel.rs" 44 8 44 26] _23 <- ([#"../hillel.rs" 44 8 44 26] insert0 _24 ([#"../hillel.rs" 44 19 44 20] [#"../hillel.rs" 44 19 44 20] (0 : usize)) ([#"../hillel.rs" 44 22 44 25] pad)); _24 <- any borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)); goto BB7 } BB7 { - _26 <- ([#"../hillel.rs" 45 12 45 31] Ghost.new ((1 : usize) + Ghost.inner c)); + [#"../hillel.rs" 45 12 45 31] _26 <- ([#"../hillel.rs" 45 12 45 31] Ghost.new ((1 : usize) + Ghost.inner c)); goto BB8 } BB8 { - c <- _26; - _26 <- any Ghost.ghost_ty usize; + [#"../hillel.rs" 45 8 45 31] c <- ([#"../hillel.rs" 45 8 45 31] _26); + [#"../hillel.rs" 45 8 45 31] _26 <- any Ghost.ghost_ty usize; goto BB3 } BB9 { @@ -463,7 +463,7 @@ module Hillel_LeftPad assume { resolve1 pad }; assert { [@expl:type invariant] inv2 str }; assume { resolve2 str }; - _0 <- ([#"../hillel.rs" 43 4 46 5] ()); + [#"../hillel.rs" 43 4 46 5] _0 <- ([#"../hillel.rs" 43 4 46 5] ()); return _0 } @@ -478,7 +478,7 @@ module Hillel_SubsetPush_Impl val inv1 (_x : t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../hillel.rs" 1 0 1 0] forall x : t . inv1 x = true + axiom inv1 : forall x : t . inv1 x = true use seq.Seq predicate invariant0 (self : Seq.seq t) val invariant0 (self : Seq.seq t) : bool @@ -488,7 +488,7 @@ module Hillel_SubsetPush_Impl val inv0 (_x : Seq.seq t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../hillel.rs" 1 0 1 0] forall x : Seq.seq t . inv0 x = true + axiom inv0 : forall x : Seq.seq t . inv0 x = true use seq.Seq use seq.Seq use prelude.Int @@ -542,7 +542,7 @@ module Hillel_InsertUnique val inv15 (_x : slice t) : bool ensures { result = inv15 _x } - axiom inv15 : [#"../hillel.rs" 1 0 1 0] forall x : slice t . inv15 x = true + axiom inv15 : forall x : slice t . inv15 x = true use seq.Seq predicate invariant14 (self : Seq.seq t) val invariant14 (self : Seq.seq t) : bool @@ -552,7 +552,7 @@ module Hillel_InsertUnique val inv14 (_x : Seq.seq t) : bool ensures { result = inv14 _x } - axiom inv14 : [#"../hillel.rs" 1 0 1 0] forall x : Seq.seq t . inv14 x = true + axiom inv14 : forall x : Seq.seq t . inv14 x = true predicate invariant13 (self : Seq.seq t) val invariant13 (self : Seq.seq t) : bool ensures { result = invariant13 self } @@ -561,7 +561,7 @@ module Hillel_InsertUnique val inv13 (_x : Seq.seq t) : bool ensures { result = inv13 _x } - axiom inv13 : [#"../hillel.rs" 1 0 1 0] forall x : Seq.seq t . inv13 x = true + axiom inv13 : forall x : Seq.seq t . inv13 x = true predicate invariant12 (self : t) val invariant12 (self : t) : bool ensures { result = invariant12 self } @@ -570,7 +570,7 @@ module Hillel_InsertUnique val inv12 (_x : t) : bool ensures { result = inv12 _x } - axiom inv12 : [#"../hillel.rs" 1 0 1 0] forall x : t . inv12 x = true + axiom inv12 : forall x : t . inv12 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type predicate invariant11 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) @@ -581,7 +581,7 @@ module Hillel_InsertUnique val inv11 (_x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../hillel.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv11 x = true + axiom inv11 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv11 x = true type deep_model_ty0 predicate invariant10 (self : deep_model_ty0) val invariant10 (self : deep_model_ty0) : bool @@ -591,7 +591,7 @@ module Hillel_InsertUnique val inv10 (_x : deep_model_ty0) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../hillel.rs" 1 0 1 0] forall x : deep_model_ty0 . inv10 x = true + axiom inv10 : forall x : deep_model_ty0 . inv10 x = true predicate invariant9 (self : Seq.seq deep_model_ty0) val invariant9 (self : Seq.seq deep_model_ty0) : bool ensures { result = invariant9 self } @@ -600,7 +600,7 @@ module Hillel_InsertUnique val inv9 (_x : Seq.seq deep_model_ty0) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../hillel.rs" 1 0 1 0] forall x : Seq.seq deep_model_ty0 . inv9 x = true + axiom inv9 : forall x : Seq.seq deep_model_ty0 . inv9 x = true use prelude.UIntSize use prelude.Int use prelude.UIntSize @@ -622,7 +622,7 @@ module Hillel_InsertUnique val invariant8 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant8 self } - axiom inv8 : [#"../hillel.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv8 x = true + axiom inv8 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv8 x = true use prelude.Borrow predicate invariant7 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) val invariant7 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool @@ -632,7 +632,7 @@ module Hillel_InsertUnique val inv7 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../hillel.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv7 x = true + axiom inv7 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv7 x = true predicate invariant6 (self : t) val invariant6 (self : t) : bool ensures { result = invariant6 self } @@ -641,7 +641,7 @@ module Hillel_InsertUnique val inv6 (_x : t) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../hillel.rs" 1 0 1 0] forall x : t . inv6 x = true + axiom inv6 : forall x : t . inv6 x = true predicate invariant5 (self : t) val invariant5 (self : t) : bool ensures { result = invariant5 self } @@ -650,7 +650,7 @@ module Hillel_InsertUnique val inv5 (_x : t) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../hillel.rs" 1 0 1 0] forall x : t . inv5 x = true + axiom inv5 : forall x : t . inv5 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant4 (self : Core_Option_Option_Type.t_option t) val invariant4 (self : Core_Option_Option_Type.t_option t) : bool @@ -660,7 +660,7 @@ module Hillel_InsertUnique val inv4 (_x : Core_Option_Option_Type.t_option t) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../hillel.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option t . inv4 x = true + axiom inv4 : forall x : Core_Option_Option_Type.t_option t . inv4 x = true use Core_Slice_Iter_Iter_Type as Core_Slice_Iter_Iter_Type use seq.Seq use seq.Seq @@ -731,7 +731,7 @@ module Hillel_InsertUnique val inv3 (_x : Core_Slice_Iter_Iter_Type.t_iter t) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../hillel.rs" 1 0 1 0] forall x : Core_Slice_Iter_Iter_Type.t_iter t . inv3 x = true + axiom inv3 : forall x : Core_Slice_Iter_Iter_Type.t_iter t . inv3 x = true use prelude.Ghost predicate invariant2 (self : Ghost.ghost_ty (Seq.seq t)) val invariant2 (self : Ghost.ghost_ty (Seq.seq t)) : bool @@ -741,12 +741,12 @@ module Hillel_InsertUnique val inv2 (_x : Ghost.ghost_ty (Seq.seq t)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../hillel.rs" 1 0 1 0] forall x : Ghost.ghost_ty (Seq.seq t) . inv2 x = true + axiom inv2 : forall x : Ghost.ghost_ty (Seq.seq t) . inv2 x = true predicate invariant1 (self : slice t) val invariant1 (self : slice t) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../hillel.rs" 1 0 1 0] forall x : slice t . inv1 x = true + axiom inv1 : forall x : slice t . inv1 x = true predicate invariant0 (self : Ghost.ghost_ty (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) val invariant0 (self : Ghost.ghost_ty (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = invariant0 self } @@ -755,7 +755,7 @@ module Hillel_InsertUnique val inv0 (_x : Ghost.ghost_ty (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../hillel.rs" 1 0 1 0] forall x : Ghost.ghost_ty (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv0 x = true + axiom inv0 : forall x : Ghost.ghost_ty (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv0 x = true function deep_model1 (self : t) : deep_model_ty0 val deep_model1 (self : t) : deep_model_ty0 ensures { result = deep_model1 self } @@ -981,7 +981,7 @@ module Hillel_InsertUnique goto BB2 } BB2 { - _8 <- ([#"../hillel.rs" 80 4 80 41] Ghost.new ()); + [#"../hillel.rs" 80 4 80 41] _8 <- ([#"../hillel.rs" 80 4 80 41] Ghost.new ()); goto BB3 } BB3 { @@ -990,33 +990,33 @@ module Hillel_InsertUnique goto BB4 } BB4 { - ghost_vec <- ([#"../hillel.rs" 82 20 82 32] Ghost.new ( * vec)); + [#"../hillel.rs" 82 20 82 32] ghost_vec <- ([#"../hillel.rs" 82 20 82 32] Ghost.new ( * vec)); goto BB5 } BB5 { assert { [@expl:type invariant] inv0 ghost_vec }; assume { resolve1 ghost_vec }; - _18 <- ([#"../hillel.rs" 85 13 85 23] deref0 ([#"../hillel.rs" 85 13 85 23] * vec)); + [#"../hillel.rs" 85 13 85 23] _18 <- ([#"../hillel.rs" 85 13 85 23] deref0 ([#"../hillel.rs" 85 13 85 23] * vec)); goto BB6 } BB6 { assert { [@expl:type invariant] inv1 _18 }; assume { resolve2 _18 }; - _16 <- ([#"../hillel.rs" 85 13 85 23] iter0 ([#"../hillel.rs" 85 13 85 23] _18)); + [#"../hillel.rs" 85 13 85 23] _16 <- ([#"../hillel.rs" 85 13 85 23] iter0 ([#"../hillel.rs" 85 13 85 23] _18)); goto BB7 } BB7 { - iter <- ([#"../hillel.rs" 84 4 84 111] into_iter0 _16); + [#"../hillel.rs" 84 4 84 111] iter <- ([#"../hillel.rs" 84 4 84 111] into_iter0 _16); _16 <- any Core_Slice_Iter_Iter_Type.t_iter t; goto BB8 } BB8 { - iter_old <- ([#"../hillel.rs" 84 4 84 111] Ghost.new iter); + [#"../hillel.rs" 84 4 84 111] iter_old <- ([#"../hillel.rs" 84 4 84 111] Ghost.new iter); goto BB9 } BB9 { assume { resolve3 iter_old }; - produced <- ([#"../hillel.rs" 84 4 84 111] Ghost.new (Seq.empty )); + [#"../hillel.rs" 84 4 84 111] produced <- ([#"../hillel.rs" 84 4 84 111] Ghost.new (Seq.empty )); goto BB10 } BB10 { @@ -1034,11 +1034,11 @@ module Hillel_InsertUnique goto BB13 } BB13 { - _30 <- Borrow.borrow_mut iter; - iter <- ^ _30; - _29 <- Borrow.borrow_mut ( * _30); - _30 <- { _30 with current = ^ _29 }; - _28 <- ([#"../hillel.rs" 84 4 84 111] next0 _29); + [#"../hillel.rs" 84 4 84 111] _30 <- Borrow.borrow_mut iter; + [#"../hillel.rs" 84 4 84 111] iter <- ^ _30; + [#"../hillel.rs" 84 4 84 111] _29 <- Borrow.borrow_mut ( * _30); + [#"../hillel.rs" 84 4 84 111] _30 <- { _30 with current = ^ _29 }; + [#"../hillel.rs" 84 4 84 111] _28 <- ([#"../hillel.rs" 84 4 84 111] next0 _29); _29 <- any borrowed (Core_Slice_Iter_Iter_Type.t_iter t); goto BB14 } @@ -1067,26 +1067,27 @@ module Hillel_InsertUnique assume { resolve9 elem }; assert { [@expl:type invariant] inv7 vec }; assume { resolve10 vec }; + assert { [#"../hillel.rs" 84 4 84 111] false }; absurd } BB18 { - __creusot_proc_iter_elem <- Core_Option_Option_Type.some_0 _28; + [#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- ([#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _28); assert { [@expl:type invariant] inv4 _28 }; assume { resolve6 _28 }; - _33 <- ([#"../hillel.rs" 84 4 84 111] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); + [#"../hillel.rs" 84 4 84 111] _33 <- ([#"../hillel.rs" 84 4 84 111] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); goto BB19 } BB19 { - produced <- _33; - _33 <- any Ghost.ghost_ty (Seq.seq t); + [#"../hillel.rs" 84 4 84 111] produced <- ([#"../hillel.rs" 84 4 84 111] _33); + [#"../hillel.rs" 84 4 84 111] _33 <- any Ghost.ghost_ty (Seq.seq t); assert { [@expl:type invariant] inv2 produced }; assume { resolve4 produced }; - e <- __creusot_proc_iter_elem; + [#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] e <- ([#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem); assert { [@expl:type invariant] inv5 __creusot_proc_iter_elem }; assume { resolve7 __creusot_proc_iter_elem }; assert { [@expl:assertion] [#"../hillel.rs" 86 24 86 57] e = index_logic1 (Ghost.inner ghost_vec) (Seq.length (Ghost.inner produced) - 1) }; - _41 <- ([#"../hillel.rs" 87 16 87 21] elem); - _38 <- ([#"../hillel.rs" 87 11 87 21] eq0 ([#"../hillel.rs" 87 11 87 12] e) ([#"../hillel.rs" 87 16 87 21] _41)); + [#"../hillel.rs" 87 16 87 21] _41 <- ([#"../hillel.rs" 87 16 87 21] elem); + [#"../hillel.rs" 87 11 87 21] _38 <- ([#"../hillel.rs" 87 11 87 21] eq0 ([#"../hillel.rs" 87 11 87 12] e) ([#"../hillel.rs" 87 16 87 21] _41)); goto BB20 } BB20 { @@ -1109,25 +1110,25 @@ module Hillel_InsertUnique goto BB22 } BB22 { - _0 <- ([#"../hillel.rs" 89 12 89 18] ()); + [#"../hillel.rs" 89 12 89 18] _0 <- ([#"../hillel.rs" 89 12 89 18] ()); goto BB26 } BB23 { goto BB12 } BB24 { - _49 <- Borrow.borrow_mut ( * vec); - vec <- { vec with current = ^ _49 }; + [#"../hillel.rs" 94 4 94 18] _49 <- Borrow.borrow_mut ( * vec); + [#"../hillel.rs" 94 4 94 18] vec <- { vec with current = ^ _49 }; assume { inv8 ( ^ _49) }; - _48 <- ([#"../hillel.rs" 94 4 94 18] push1 _49 elem); + [#"../hillel.rs" 94 4 94 18] _48 <- ([#"../hillel.rs" 94 4 94 18] push1 _49 ([#"../hillel.rs" 94 13 94 17] elem)); _49 <- any borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)); - elem <- any t; + [#"../hillel.rs" 94 13 94 17] elem <- any t; goto BB25 } BB25 { assert { [@expl:type invariant] inv7 vec }; assume { resolve10 vec }; - _0 <- ([#"../hillel.rs" 79 63 95 1] ()); + [#"../hillel.rs" 79 63 95 1] _0 <- ([#"../hillel.rs" 79 63 95 1] ()); goto BB26 } BB26 { @@ -1159,7 +1160,7 @@ module Hillel_Unique val inv11 (_x : slice t) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../hillel.rs" 1 0 1 0] forall x : slice t . inv11 x = true + axiom inv11 : forall x : slice t . inv11 x = true use prelude.UIntSize use seq.Seq predicate invariant10 (self : Seq.seq usize) = @@ -1171,7 +1172,7 @@ module Hillel_Unique val inv10 (_x : Seq.seq usize) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../hillel.rs" 1 0 1 0] forall x : Seq.seq usize . inv10 x = true + axiom inv10 : forall x : Seq.seq usize . inv10 x = true predicate invariant9 (self : Seq.seq t) val invariant9 (self : Seq.seq t) : bool ensures { result = invariant9 self } @@ -1180,7 +1181,7 @@ module Hillel_Unique val inv9 (_x : Seq.seq t) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../hillel.rs" 1 0 1 0] forall x : Seq.seq t . inv9 x = true + axiom inv9 : forall x : Seq.seq t . inv9 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant8 (self : Core_Option_Option_Type.t_option usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1191,7 +1192,7 @@ module Hillel_Unique val inv8 (_x : Core_Option_Option_Type.t_option usize) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../hillel.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option usize . inv8 x = true + axiom inv8 : forall x : Core_Option_Option_Type.t_option usize . inv8 x = true use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type use prelude.Borrow predicate invariant7 (self : borrowed (Core_Ops_Range_Range_Type.t_range usize)) = @@ -1203,7 +1204,7 @@ module Hillel_Unique val inv7 (_x : borrowed (Core_Ops_Range_Range_Type.t_range usize)) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../hillel.rs" 1 0 1 0] forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv7 x = true + axiom inv7 : forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv7 x = true type deep_model_ty0 predicate invariant6 (self : Seq.seq deep_model_ty0) val invariant6 (self : Seq.seq deep_model_ty0) : bool @@ -1213,7 +1214,7 @@ module Hillel_Unique val inv6 (_x : Seq.seq deep_model_ty0) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../hillel.rs" 1 0 1 0] forall x : Seq.seq deep_model_ty0 . inv6 x = true + axiom inv6 : forall x : Seq.seq deep_model_ty0 . inv6 x = true predicate invariant5 (self : slice t) val invariant5 (self : slice t) : bool ensures { result = invariant5 self } @@ -1222,7 +1223,7 @@ module Hillel_Unique val inv5 (_x : slice t) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../hillel.rs" 1 0 1 0] forall x : slice t . inv5 x = true + axiom inv5 : forall x : slice t . inv5 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type predicate invariant4 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) @@ -1233,7 +1234,7 @@ module Hillel_Unique val inv4 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../hillel.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv4 x = true + axiom inv4 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv4 x = true predicate invariant3 (self : t) val invariant3 (self : t) : bool ensures { result = invariant3 self } @@ -1242,7 +1243,7 @@ module Hillel_Unique val inv3 (_x : t) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../hillel.rs" 1 0 1 0] forall x : t . inv3 x = true + axiom inv3 : forall x : t . inv3 x = true use prelude.Int use prelude.UIntSize let constant max0 : usize = [@vc:do_not_keep_trace] [@vc:sp] @@ -1263,7 +1264,7 @@ module Hillel_Unique val invariant2 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../hillel.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv2 x = true + axiom inv2 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv2 x = true use seq.Seq predicate inv1 (_x : Core_Ops_Range_Range_Type.t_range usize) val inv1 (_x : Core_Ops_Range_Range_Type.t_range usize) : bool @@ -1309,7 +1310,7 @@ module Hillel_Unique val invariant1 (self : Core_Ops_Range_Range_Type.t_range usize) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../hillel.rs" 1 0 1 0] forall x : Core_Ops_Range_Range_Type.t_range usize . inv1 x = true + axiom inv1 : forall x : Core_Ops_Range_Range_Type.t_range usize . inv1 x = true use prelude.Ghost predicate invariant0 (self : Ghost.ghost_ty (Seq.seq t)) val invariant0 (self : Ghost.ghost_ty (Seq.seq t)) : bool @@ -1319,7 +1320,7 @@ module Hillel_Unique val inv0 (_x : Ghost.ghost_ty (Seq.seq t)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../hillel.rs" 1 0 1 0] forall x : Ghost.ghost_ty (Seq.seq t) . inv0 x = true + axiom inv0 : forall x : Ghost.ghost_ty (Seq.seq t) . inv0 x = true predicate resolve2 (self : t) val resolve2 (self : t) : bool ensures { result = resolve2 self } @@ -1511,30 +1512,30 @@ module Hillel_Unique goto BB0 } BB0 { - unique <- ([#"../hillel.rs" 101 21 101 31] new0 ()); + [#"../hillel.rs" 101 21 101 31] unique <- ([#"../hillel.rs" 101 21 101 31] new0 ()); goto BB1 } BB1 { - sub_str <- ([#"../hillel.rs" 102 37 102 55] Ghost.new (Seq.empty )); + [#"../hillel.rs" 102 37 102 55] sub_str <- ([#"../hillel.rs" 102 37 102 55] Ghost.new (Seq.empty )); goto BB2 } BB2 { assert { [@expl:type invariant] inv0 sub_str }; assume { resolve0 sub_str }; - _11 <- ([#"../hillel.rs" 107 16 107 25] len0 ([#"../hillel.rs" 107 16 107 25] str)); + [#"../hillel.rs" 107 16 107 25] _11 <- ([#"../hillel.rs" 107 16 107 25] len0 ([#"../hillel.rs" 107 16 107 25] str)); goto BB3 } BB3 { - iter <- ([#"../hillel.rs" 104 4 104 48] into_iter0 ([#"../hillel.rs" 107 13 107 25] Core_Ops_Range_Range_Type.C_Range ([#"../hillel.rs" 107 13 107 14] [#"../hillel.rs" 107 13 107 14] (0 : usize)) _11)); + [#"../hillel.rs" 104 4 104 48] iter <- ([#"../hillel.rs" 104 4 104 48] into_iter0 ([#"../hillel.rs" 107 13 107 25] Core_Ops_Range_Range_Type.C_Range ([#"../hillel.rs" 107 13 107 14] [#"../hillel.rs" 107 13 107 14] (0 : usize)) _11)); _11 <- any usize; goto BB4 } BB4 { - iter_old <- ([#"../hillel.rs" 104 4 104 48] Ghost.new iter); + [#"../hillel.rs" 104 4 104 48] iter_old <- ([#"../hillel.rs" 104 4 104 48] Ghost.new iter); goto BB5 } BB5 { - produced <- ([#"../hillel.rs" 104 4 104 48] Ghost.new (Seq.empty )); + [#"../hillel.rs" 104 4 104 48] produced <- ([#"../hillel.rs" 104 4 104 48] Ghost.new (Seq.empty )); goto BB6 } BB6 { @@ -1558,11 +1559,11 @@ module Hillel_Unique goto BB11 } BB11 { - _25 <- Borrow.borrow_mut iter; - iter <- ^ _25; - _24 <- Borrow.borrow_mut ( * _25); - _25 <- { _25 with current = ^ _24 }; - _23 <- ([#"../hillel.rs" 104 4 104 48] next0 _24); + [#"../hillel.rs" 104 4 104 48] _25 <- Borrow.borrow_mut iter; + [#"../hillel.rs" 104 4 104 48] iter <- ^ _25; + [#"../hillel.rs" 104 4 104 48] _24 <- Borrow.borrow_mut ( * _25); + [#"../hillel.rs" 104 4 104 48] _25 <- { _25 with current = ^ _24 }; + [#"../hillel.rs" 104 4 104 48] _23 <- ([#"../hillel.rs" 104 4 104 48] next0 _24); _24 <- any borrowed (Core_Ops_Range_Range_Type.t_range usize); goto BB12 } @@ -1587,53 +1588,54 @@ module Hillel_Unique assume { resolve5 unique }; assert { [@expl:type invariant] inv5 str }; assume { resolve4 str }; + assert { [#"../hillel.rs" 104 4 104 48] false }; absurd } BB16 { - __creusot_proc_iter_elem <- Core_Option_Option_Type.some_0 _23; - _28 <- ([#"../hillel.rs" 104 4 104 48] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); + [#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- ([#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _23); + [#"../hillel.rs" 104 4 104 48] _28 <- ([#"../hillel.rs" 104 4 104 48] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); goto BB17 } BB17 { - produced <- _28; - _28 <- any Ghost.ghost_ty (Seq.seq usize); - i <- __creusot_proc_iter_elem; - _32 <- i; - _34 <- ([#"../hillel.rs" 108 22 108 28] _32 < ([#"../hillel.rs" 108 22 108 28] Slice.length str)); + [#"../hillel.rs" 104 4 104 48] produced <- ([#"../hillel.rs" 104 4 104 48] _28); + [#"../hillel.rs" 104 4 104 48] _28 <- any Ghost.ghost_ty (Seq.seq usize); + [#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] i <- ([#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem); + [#"../hillel.rs" 108 26 108 27] _32 <- ([#"../hillel.rs" 108 26 108 27] i); + [#"../hillel.rs" 108 22 108 28] _34 <- ([#"../hillel.rs" 108 22 108 28] _32 < ([#"../hillel.rs" 108 22 108 28] Slice.length str)); assert { [@expl:index in bounds] [#"../hillel.rs" 108 22 108 28] _34 }; goto BB18 } BB18 { - elem <- Slice.get str _32; - _37 <- Borrow.borrow_mut unique; - unique <- ^ _37; + [#"../hillel.rs" 108 22 108 28] elem <- ([#"../hillel.rs" 108 22 108 28] Slice.get str _32); + [#"../hillel.rs" 109 22 109 33] _37 <- Borrow.borrow_mut unique; + [#"../hillel.rs" 109 22 109 33] unique <- ^ _37; assume { inv2 ( ^ _37) }; - _36 <- Borrow.borrow_mut ( * _37); - _37 <- { _37 with current = ^ _36 }; + [#"../hillel.rs" 109 22 109 33] _36 <- Borrow.borrow_mut ( * _37); + [#"../hillel.rs" 109 22 109 33] _37 <- { _37 with current = ^ _36 }; assume { inv2 ( ^ _36) }; assert { [@expl:type invariant] inv3 elem }; assume { resolve2 elem }; - _35 <- ([#"../hillel.rs" 109 8 109 40] insert_unique0 _36 elem); + [#"../hillel.rs" 109 8 109 40] _35 <- ([#"../hillel.rs" 109 8 109 40] insert_unique0 _36 ([#"../hillel.rs" 109 35 109 39] elem)); _36 <- any borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)); goto BB19 } BB19 { assert { [@expl:type invariant] inv4 _37 }; assume { resolve3 _37 }; - _39 <- ([#"../hillel.rs" 110 18 110 44] Ghost.new (Seq.snoc (Ghost.inner sub_str) elem)); + [#"../hillel.rs" 110 18 110 44] _39 <- ([#"../hillel.rs" 110 18 110 44] Ghost.new (Seq.snoc (Ghost.inner sub_str) elem)); goto BB20 } BB20 { - sub_str <- _39; - _39 <- any Ghost.ghost_ty (Seq.seq t); + [#"../hillel.rs" 110 8 110 44] sub_str <- ([#"../hillel.rs" 110 8 110 44] _39); + [#"../hillel.rs" 110 8 110 44] _39 <- any Ghost.ghost_ty (Seq.seq t); assert { [@expl:type invariant] inv0 sub_str }; assume { resolve0 sub_str }; goto BB10 } BB21 { assert { [@expl:assertion] [#"../hillel.rs" 114 20 114 88] Seq.(==) (SeqExt.subsequence (deep_model1 str) 0 (Seq.length (shallow_model0 str))) (deep_model1 str) }; - _0 <- unique; - unique <- any Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global); + [#"../hillel.rs" 115 4 115 10] _0 <- ([#"../hillel.rs" 115 4 115 10] unique); + [#"../hillel.rs" 115 4 115 10] unique <- any Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global); goto BB22 } BB22 { @@ -1741,7 +1743,7 @@ module Hillel_Fulcrum val inv9 (_x : Seq.seq usize) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../hillel.rs" 1 0 1 0] forall x : Seq.seq usize . inv9 x = true + axiom inv9 : forall x : Seq.seq usize . inv9 x = true use prelude.UInt32 predicate invariant8 (self : Seq.seq uint32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1752,7 +1754,7 @@ module Hillel_Fulcrum val inv8 (_x : Seq.seq uint32) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../hillel.rs" 1 0 1 0] forall x : Seq.seq uint32 . inv8 x = true + axiom inv8 : forall x : Seq.seq uint32 . inv8 x = true use prelude.Slice predicate invariant7 (self : slice uint32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1763,7 +1765,7 @@ module Hillel_Fulcrum val inv7 (_x : slice uint32) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../hillel.rs" 1 0 1 0] forall x : slice uint32 . inv7 x = true + axiom inv7 : forall x : slice uint32 . inv7 x = true predicate invariant6 (self : Seq.seq uint32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant6 (self : Seq.seq uint32) : bool @@ -1773,7 +1775,7 @@ module Hillel_Fulcrum val inv6 (_x : Seq.seq uint32) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../hillel.rs" 1 0 1 0] forall x : Seq.seq uint32 . inv6 x = true + axiom inv6 : forall x : Seq.seq uint32 . inv6 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant5 (self : Core_Option_Option_Type.t_option usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1784,7 +1786,7 @@ module Hillel_Fulcrum val inv5 (_x : Core_Option_Option_Type.t_option usize) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../hillel.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option usize . inv5 x = true + axiom inv5 : forall x : Core_Option_Option_Type.t_option usize . inv5 x = true use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type use prelude.Borrow predicate invariant4 (self : borrowed (Core_Ops_Range_Range_Type.t_range usize)) = @@ -1796,7 +1798,7 @@ module Hillel_Fulcrum val inv4 (_x : borrowed (Core_Ops_Range_Range_Type.t_range usize)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../hillel.rs" 1 0 1 0] forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv4 x = true + axiom inv4 : forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv4 x = true predicate invariant3 (self : Core_Option_Option_Type.t_option uint32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : Core_Option_Option_Type.t_option uint32) : bool @@ -1806,7 +1808,7 @@ module Hillel_Fulcrum val inv3 (_x : Core_Option_Option_Type.t_option uint32) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../hillel.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option uint32 . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option uint32 . inv3 x = true predicate invariant2 (self : slice uint32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : slice uint32) : bool @@ -1816,7 +1818,7 @@ module Hillel_Fulcrum val inv2 (_x : slice uint32) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../hillel.rs" 1 0 1 0] forall x : slice uint32 . inv2 x = true + axiom inv2 : forall x : slice uint32 . inv2 x = true use seq.Seq predicate inv1 (_x : Core_Ops_Range_Range_Type.t_range usize) val inv1 (_x : Core_Ops_Range_Range_Type.t_range usize) : bool @@ -1864,7 +1866,7 @@ module Hillel_Fulcrum val invariant1 (self : Core_Ops_Range_Range_Type.t_range usize) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../hillel.rs" 1 0 1 0] forall x : Core_Ops_Range_Range_Type.t_range usize . inv1 x = true + axiom inv1 : forall x : Core_Ops_Range_Range_Type.t_range usize . inv1 x = true use Core_Slice_Iter_Iter_Type as Core_Slice_Iter_Iter_Type use seq.Seq use seq.Seq @@ -1935,7 +1937,7 @@ module Hillel_Fulcrum val inv0 (_x : Core_Slice_Iter_Iter_Type.t_iter uint32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../hillel.rs" 1 0 1 0] forall x : Core_Slice_Iter_Iter_Type.t_iter uint32 . inv0 x = true + axiom inv0 : forall x : Core_Slice_Iter_Iter_Type.t_iter uint32 . inv0 x = true use prelude.Ghost function abs_diff1 (self : int) (other : int) : int = [#"../../../../creusot-contracts/src/logic/int.rs" 50 4 50 12] if self < other then other - self else self - other @@ -2107,16 +2109,16 @@ module Hillel_Fulcrum goto BB0 } BB0 { - total <- ([#"../hillel.rs" 157 25 157 26] [#"../hillel.rs" 157 25 157 26] (0 : uint32)); - iter <- ([#"../hillel.rs" 159 4 159 60] into_iter0 s); + [#"../hillel.rs" 157 25 157 26] total <- ([#"../hillel.rs" 157 25 157 26] [#"../hillel.rs" 157 25 157 26] (0 : uint32)); + [#"../hillel.rs" 159 4 159 60] iter <- ([#"../hillel.rs" 159 4 159 60] into_iter0 ([#"../hillel.rs" 161 14 161 15] s)); goto BB1 } BB1 { - iter_old <- ([#"../hillel.rs" 159 4 159 60] Ghost.new iter); + [#"../hillel.rs" 159 4 159 60] iter_old <- ([#"../hillel.rs" 159 4 159 60] Ghost.new iter); goto BB2 } BB2 { - produced <- ([#"../hillel.rs" 159 4 159 60] Ghost.new (Seq.empty )); + [#"../hillel.rs" 159 4 159 60] produced <- ([#"../hillel.rs" 159 4 159 60] Ghost.new (Seq.empty )); goto BB3 } BB3 { @@ -2130,11 +2132,11 @@ module Hillel_Fulcrum goto BB5 } BB5 { - _21 <- Borrow.borrow_mut iter; - iter <- ^ _21; - _20 <- Borrow.borrow_mut ( * _21); - _21 <- { _21 with current = ^ _20 }; - _19 <- ([#"../hillel.rs" 159 4 159 60] next0 _20); + [#"../hillel.rs" 159 4 159 60] _21 <- Borrow.borrow_mut iter; + [#"../hillel.rs" 159 4 159 60] iter <- ^ _21; + [#"../hillel.rs" 159 4 159 60] _20 <- Borrow.borrow_mut ( * _21); + [#"../hillel.rs" 159 4 159 60] _21 <- { _21 with current = ^ _20 }; + [#"../hillel.rs" 159 4 159 60] _19 <- ([#"../hillel.rs" 159 4 159 60] next0 _20); _20 <- any borrowed (Core_Slice_Iter_Iter_Type.t_iter uint32); goto BB6 } @@ -2147,42 +2149,43 @@ module Hillel_Fulcrum } BB7 { assert { [@expl:assertion] [#"../hillel.rs" 165 20 165 56] UInt32.to_int total = sum_range0 (shallow_model1 s) 0 (Seq.length (shallow_model1 s)) }; - min_i <- ([#"../hillel.rs" 167 27 167 28] [#"../hillel.rs" 167 27 167 28] (0 : usize)); - min_dist <- total; - sum <- ([#"../hillel.rs" 170 23 170 24] [#"../hillel.rs" 170 23 170 24] (0 : uint32)); - _37 <- ([#"../hillel.rs" 176 16 176 23] len2 ([#"../hillel.rs" 176 16 176 23] s)); + [#"../hillel.rs" 167 27 167 28] min_i <- ([#"../hillel.rs" 167 27 167 28] [#"../hillel.rs" 167 27 167 28] (0 : usize)); + [#"../hillel.rs" 168 28 168 33] min_dist <- ([#"../hillel.rs" 168 28 168 33] total); + [#"../hillel.rs" 170 23 170 24] sum <- ([#"../hillel.rs" 170 23 170 24] [#"../hillel.rs" 170 23 170 24] (0 : uint32)); + [#"../hillel.rs" 176 16 176 23] _37 <- ([#"../hillel.rs" 176 16 176 23] len2 ([#"../hillel.rs" 176 16 176 23] s)); goto BB12 } BB8 { goto BB10 } BB9 { + assert { [#"../hillel.rs" 159 4 159 60] false }; absurd } BB10 { - __creusot_proc_iter_elem <- Core_Option_Option_Type.some_0 _19; - _24 <- ([#"../hillel.rs" 159 4 159 60] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); + [#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- ([#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _19); + [#"../hillel.rs" 159 4 159 60] _24 <- ([#"../hillel.rs" 159 4 159 60] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); goto BB11 } BB11 { - produced <- _24; - _24 <- any Ghost.ghost_ty (Seq.seq uint32); - x <- __creusot_proc_iter_elem; - total <- ([#"../hillel.rs" 162 8 162 18] total + x); - _18 <- ([#"../hillel.rs" 161 16 163 5] ()); + [#"../hillel.rs" 159 4 159 60] produced <- ([#"../hillel.rs" 159 4 159 60] _24); + [#"../hillel.rs" 159 4 159 60] _24 <- any Ghost.ghost_ty (Seq.seq uint32); + [#"../hillel.rs" 161 9 161 10] x <- ([#"../hillel.rs" 161 9 161 10] __creusot_proc_iter_elem); + [#"../hillel.rs" 162 8 162 18] total <- ([#"../hillel.rs" 162 8 162 18] total + ([#"../hillel.rs" 162 17 162 18] x)); + [#"../hillel.rs" 161 16 163 5] _18 <- ([#"../hillel.rs" 161 16 163 5] ()); goto BB4 } BB12 { - iter1 <- ([#"../hillel.rs" 171 4 171 58] into_iter1 ([#"../hillel.rs" 176 13 176 23] Core_Ops_Range_Range_Type.C_Range ([#"../hillel.rs" 176 13 176 14] [#"../hillel.rs" 176 13 176 14] (0 : usize)) _37)); + [#"../hillel.rs" 171 4 171 58] iter1 <- ([#"../hillel.rs" 171 4 171 58] into_iter1 ([#"../hillel.rs" 176 13 176 23] Core_Ops_Range_Range_Type.C_Range ([#"../hillel.rs" 176 13 176 14] [#"../hillel.rs" 176 13 176 14] (0 : usize)) _37)); _37 <- any usize; goto BB13 } BB13 { - iter_old1 <- ([#"../hillel.rs" 171 4 171 58] Ghost.new iter1); + [#"../hillel.rs" 171 4 171 58] iter_old1 <- ([#"../hillel.rs" 171 4 171 58] Ghost.new iter1); goto BB14 } BB14 { - produced1 <- ([#"../hillel.rs" 171 4 171 58] Ghost.new (Seq.empty )); + [#"../hillel.rs" 171 4 171 58] produced1 <- ([#"../hillel.rs" 171 4 171 58] Ghost.new (Seq.empty )); goto BB15 } BB15 { @@ -2199,11 +2202,11 @@ module Hillel_Fulcrum goto BB17 } BB17 { - _52 <- Borrow.borrow_mut iter1; - iter1 <- ^ _52; - _51 <- Borrow.borrow_mut ( * _52); - _52 <- { _52 with current = ^ _51 }; - _50 <- ([#"../hillel.rs" 171 4 171 58] next1 _51); + [#"../hillel.rs" 171 4 171 58] _52 <- Borrow.borrow_mut iter1; + [#"../hillel.rs" 171 4 171 58] iter1 <- ^ _52; + [#"../hillel.rs" 171 4 171 58] _51 <- Borrow.borrow_mut ( * _52); + [#"../hillel.rs" 171 4 171 58] _52 <- { _52 with current = ^ _51 }; + [#"../hillel.rs" 171 4 171 58] _50 <- ([#"../hillel.rs" 171 4 171 58] next1 _51); _51 <- any borrowed (Core_Ops_Range_Range_Type.t_range usize); goto BB18 } @@ -2215,49 +2218,49 @@ module Hillel_Fulcrum end } BB19 { - _0 <- min_i; + [#"../hillel.rs" 186 4 186 9] _0 <- ([#"../hillel.rs" 186 4 186 9] min_i); return _0 } BB20 { goto BB21 } BB21 { - __creusot_proc_iter_elem1 <- Core_Option_Option_Type.some_0 _50; - _55 <- ([#"../hillel.rs" 171 4 171 58] Ghost.new (Seq.(++) (Ghost.inner produced1) (Seq.singleton __creusot_proc_iter_elem1))); + [#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem1 <- ([#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _50); + [#"../hillel.rs" 171 4 171 58] _55 <- ([#"../hillel.rs" 171 4 171 58] Ghost.new (Seq.(++) (Ghost.inner produced1) (Seq.singleton __creusot_proc_iter_elem1))); goto BB22 } BB22 { - produced1 <- _55; - _55 <- any Ghost.ghost_ty (Seq.seq usize); - i <- __creusot_proc_iter_elem1; - dist <- ([#"../hillel.rs" 177 19 177 44] abs_diff0 sum ([#"../hillel.rs" 177 32 177 43] total - sum)); + [#"../hillel.rs" 171 4 171 58] produced1 <- ([#"../hillel.rs" 171 4 171 58] _55); + [#"../hillel.rs" 171 4 171 58] _55 <- any Ghost.ghost_ty (Seq.seq usize); + [#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] i <- ([#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem1); + [#"../hillel.rs" 177 19 177 44] dist <- ([#"../hillel.rs" 177 19 177 44] abs_diff0 ([#"../hillel.rs" 177 19 177 22] sum) ([#"../hillel.rs" 177 32 177 43] ([#"../hillel.rs" 177 32 177 37] total) - ([#"../hillel.rs" 177 40 177 43] sum))); goto BB23 } BB23 { - switch ([#"../hillel.rs" 178 11 178 26] dist < min_dist) + switch ([#"../hillel.rs" 178 11 178 26] ([#"../hillel.rs" 178 11 178 15] dist) < ([#"../hillel.rs" 178 18 178 26] min_dist)) | False -> goto BB25 | True -> goto BB24 end } BB24 { - min_i <- i; - min_dist <- dist; - _63 <- ([#"../hillel.rs" 178 27 181 9] ()); + [#"../hillel.rs" 179 12 179 21] min_i <- ([#"../hillel.rs" 179 20 179 21] i); + [#"../hillel.rs" 180 12 180 27] min_dist <- ([#"../hillel.rs" 180 23 180 27] dist); + [#"../hillel.rs" 178 27 181 9] _63 <- ([#"../hillel.rs" 178 27 181 9] ()); goto BB26 } BB25 { - _63 <- ([#"../hillel.rs" 181 9 181 9] ()); + [#"../hillel.rs" 181 9 181 9] _63 <- ([#"../hillel.rs" 181 9 181 9] ()); goto BB26 } BB26 { - _70 <- i; - _72 <- ([#"../hillel.rs" 183 15 183 19] _70 < ([#"../hillel.rs" 183 15 183 19] Slice.length s)); + [#"../hillel.rs" 183 17 183 18] _70 <- ([#"../hillel.rs" 183 17 183 18] i); + [#"../hillel.rs" 183 15 183 19] _72 <- ([#"../hillel.rs" 183 15 183 19] _70 < ([#"../hillel.rs" 183 15 183 19] Slice.length s)); assert { [@expl:index in bounds] [#"../hillel.rs" 183 15 183 19] _72 }; goto BB27 } BB27 { - sum <- ([#"../hillel.rs" 183 8 183 19] sum + Slice.get s _70); - _18 <- ([#"../hillel.rs" 176 24 184 5] ()); + [#"../hillel.rs" 183 8 183 19] sum <- ([#"../hillel.rs" 183 8 183 19] sum + ([#"../hillel.rs" 183 15 183 19] Slice.get s _70)); + [#"../hillel.rs" 176 24 184 5] _18 <- ([#"../hillel.rs" 176 24 184 5] ()); goto BB16 } BB29 { diff --git a/creusot/tests/should_succeed/immut.mlcfg b/creusot/tests/should_succeed/immut.mlcfg index 31e9db2aab..6aba3d09e9 100644 --- a/creusot/tests/should_succeed/immut.mlcfg +++ b/creusot/tests/should_succeed/immut.mlcfg @@ -18,11 +18,11 @@ module Immut_F goto BB0 } BB0 { - a <- ([#"../immut.rs" 4 16 4 18] [#"../immut.rs" 4 16 4 18] (10 : uint32)); - b <- Borrow.borrow_mut a; - a <- ^ b; - _c <- ([#"../immut.rs" 6 19 6 20] * b); - _0 <- ([#"../immut.rs" 3 11 7 1] ()); + [#"../immut.rs" 4 16 4 18] a <- ([#"../immut.rs" 4 16 4 18] [#"../immut.rs" 4 16 4 18] (10 : uint32)); + [#"../immut.rs" 5 12 5 18] b <- Borrow.borrow_mut a; + [#"../immut.rs" 5 12 5 18] a <- ^ b; + [#"../immut.rs" 6 19 6 20] _c <- ([#"../immut.rs" 6 19 6 20] * b); + [#"../immut.rs" 3 11 7 1] _0 <- ([#"../immut.rs" 3 11 7 1] ()); assume { resolve0 b }; return _0 } diff --git a/creusot/tests/should_succeed/index_range.mlcfg b/creusot/tests/should_succeed/index_range.mlcfg index 9bb495900a..5bd8714590 100644 --- a/creusot/tests/should_succeed/index_range.mlcfg +++ b/creusot/tests/should_succeed/index_range.mlcfg @@ -50,7 +50,7 @@ module IndexRange_CreateArr val inv3 (_x : Seq.seq int32) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../index_range.rs" 1 0 1 0] forall x : Seq.seq int32 . inv3 x = true + axiom inv3 : forall x : Seq.seq int32 . inv3 x = true predicate invariant2 (self : int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : int32) : bool @@ -60,7 +60,7 @@ module IndexRange_CreateArr val inv2 (_x : int32) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../index_range.rs" 1 0 1 0] forall x : int32 . inv2 x = true + axiom inv2 : forall x : int32 . inv2 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Borrow @@ -73,7 +73,7 @@ module IndexRange_CreateArr val inv1 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../index_range.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) . inv1 x = true + axiom inv1 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) . inv1 x = true use prelude.UIntSize use prelude.Int use prelude.UIntSize @@ -95,7 +95,7 @@ module IndexRange_CreateArr val invariant0 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../index_range.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use prelude.Int32 use seq.Seq function index_logic0 [@inline:trivial] (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) (ix : int) : int32 @@ -142,47 +142,47 @@ module IndexRange_CreateArr goto BB0 } BB0 { - arr <- ([#"../index_range.rs" 15 18 15 28] new0 ()); + [#"../index_range.rs" 15 18 15 28] arr <- ([#"../index_range.rs" 15 18 15 28] new0 ()); goto BB1 } BB1 { - _4 <- Borrow.borrow_mut arr; - arr <- ^ _4; - _3 <- ([#"../index_range.rs" 17 4 17 15] push0 _4 ([#"../index_range.rs" 17 13 17 14] [#"../index_range.rs" 17 13 17 14] (0 : int32))); + [#"../index_range.rs" 17 4 17 15] _4 <- Borrow.borrow_mut arr; + [#"../index_range.rs" 17 4 17 15] arr <- ^ _4; + [#"../index_range.rs" 17 4 17 15] _3 <- ([#"../index_range.rs" 17 4 17 15] push0 _4 ([#"../index_range.rs" 17 13 17 14] [#"../index_range.rs" 17 13 17 14] (0 : int32))); _4 <- any borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)); goto BB2 } BB2 { - _6 <- Borrow.borrow_mut arr; - arr <- ^ _6; - _5 <- ([#"../index_range.rs" 18 4 18 15] push0 _6 ([#"../index_range.rs" 18 13 18 14] [#"../index_range.rs" 18 13 18 14] (1 : int32))); + [#"../index_range.rs" 18 4 18 15] _6 <- Borrow.borrow_mut arr; + [#"../index_range.rs" 18 4 18 15] arr <- ^ _6; + [#"../index_range.rs" 18 4 18 15] _5 <- ([#"../index_range.rs" 18 4 18 15] push0 _6 ([#"../index_range.rs" 18 13 18 14] [#"../index_range.rs" 18 13 18 14] (1 : int32))); _6 <- any borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)); goto BB3 } BB3 { - _8 <- Borrow.borrow_mut arr; - arr <- ^ _8; - _7 <- ([#"../index_range.rs" 19 4 19 15] push0 _8 ([#"../index_range.rs" 19 13 19 14] [#"../index_range.rs" 19 13 19 14] (2 : int32))); + [#"../index_range.rs" 19 4 19 15] _8 <- Borrow.borrow_mut arr; + [#"../index_range.rs" 19 4 19 15] arr <- ^ _8; + [#"../index_range.rs" 19 4 19 15] _7 <- ([#"../index_range.rs" 19 4 19 15] push0 _8 ([#"../index_range.rs" 19 13 19 14] [#"../index_range.rs" 19 13 19 14] (2 : int32))); _8 <- any borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)); goto BB4 } BB4 { - _10 <- Borrow.borrow_mut arr; - arr <- ^ _10; - _9 <- ([#"../index_range.rs" 20 4 20 15] push0 _10 ([#"../index_range.rs" 20 13 20 14] [#"../index_range.rs" 20 13 20 14] (3 : int32))); + [#"../index_range.rs" 20 4 20 15] _10 <- Borrow.borrow_mut arr; + [#"../index_range.rs" 20 4 20 15] arr <- ^ _10; + [#"../index_range.rs" 20 4 20 15] _9 <- ([#"../index_range.rs" 20 4 20 15] push0 _10 ([#"../index_range.rs" 20 13 20 14] [#"../index_range.rs" 20 13 20 14] (3 : int32))); _10 <- any borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)); goto BB5 } BB5 { - _12 <- Borrow.borrow_mut arr; - arr <- ^ _12; - _11 <- ([#"../index_range.rs" 21 4 21 15] push0 _12 ([#"../index_range.rs" 21 13 21 14] [#"../index_range.rs" 21 13 21 14] (4 : int32))); + [#"../index_range.rs" 21 4 21 15] _12 <- Borrow.borrow_mut arr; + [#"../index_range.rs" 21 4 21 15] arr <- ^ _12; + [#"../index_range.rs" 21 4 21 15] _11 <- ([#"../index_range.rs" 21 4 21 15] push0 _12 ([#"../index_range.rs" 21 13 21 14] [#"../index_range.rs" 21 13 21 14] (4 : int32))); _12 <- any borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)); goto BB6 } BB6 { - _0 <- arr; - arr <- any Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global); + [#"../index_range.rs" 23 4 23 7] _0 <- ([#"../index_range.rs" 23 4 23 7] arr); + [#"../index_range.rs" 23 4 23 7] arr <- any Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global); goto BB7 } BB7 { @@ -221,7 +221,7 @@ module IndexRange_TestRange val inv11 (_x : slice int32) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../index_range.rs" 1 0 1 0] forall x : slice int32 . inv11 x = true + axiom inv11 : forall x : slice int32 . inv11 x = true use seq.Seq predicate invariant10 (self : Seq.seq int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -232,7 +232,7 @@ module IndexRange_TestRange val inv10 (_x : Seq.seq int32) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../index_range.rs" 1 0 1 0] forall x : Seq.seq int32 . inv10 x = true + axiom inv10 : forall x : Seq.seq int32 . inv10 x = true use prelude.UIntSize use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -256,7 +256,7 @@ module IndexRange_TestRange val invariant9 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant9 self } - axiom inv9 : [#"../index_range.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv9 x = true + axiom inv9 : forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv9 x = true predicate invariant8 (self : int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant8 (self : int32) : bool @@ -266,7 +266,7 @@ module IndexRange_TestRange val inv8 (_x : int32) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../index_range.rs" 1 0 1 0] forall x : int32 . inv8 x = true + axiom inv8 : forall x : int32 . inv8 x = true predicate invariant7 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant7 (self : usize) : bool @@ -276,7 +276,7 @@ module IndexRange_TestRange val inv7 (_x : usize) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../index_range.rs" 1 0 1 0] forall x : usize . inv7 x = true + axiom inv7 : forall x : usize . inv7 x = true use prelude.Borrow predicate invariant6 (self : borrowed (slice int32)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -287,7 +287,7 @@ module IndexRange_TestRange val inv6 (_x : borrowed (slice int32)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../index_range.rs" 1 0 1 0] forall x : borrowed (slice int32) . inv6 x = true + axiom inv6 : forall x : borrowed (slice int32) . inv6 x = true predicate invariant5 (self : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant5 (self : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global))) : bool @@ -297,7 +297,7 @@ module IndexRange_TestRange val inv5 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../index_range.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) . inv5 x = true + axiom inv5 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) . inv5 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant4 (self : Core_Option_Option_Type.t_option (slice int32)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -308,7 +308,7 @@ module IndexRange_TestRange val inv4 (_x : Core_Option_Option_Type.t_option (slice int32)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../index_range.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (slice int32) . inv4 x = true + axiom inv4 : forall x : Core_Option_Option_Type.t_option (slice int32) . inv4 x = true predicate invariant3 (self : Core_Option_Option_Type.t_option (slice int32)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : Core_Option_Option_Type.t_option (slice int32)) : bool @@ -318,7 +318,7 @@ module IndexRange_TestRange val inv3 (_x : Core_Option_Option_Type.t_option (slice int32)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../index_range.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (slice int32) . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option (slice int32) . inv3 x = true predicate invariant2 (self : slice int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : slice int32) : bool @@ -328,7 +328,7 @@ module IndexRange_TestRange val inv2 (_x : slice int32) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../index_range.rs" 1 0 1 0] forall x : slice int32 . inv2 x = true + axiom inv2 : forall x : slice int32 . inv2 x = true use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type predicate invariant1 (self : Core_Ops_Range_Range_Type.t_range usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -339,7 +339,7 @@ module IndexRange_TestRange val inv1 (_x : Core_Ops_Range_Range_Type.t_range usize) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../index_range.rs" 1 0 1 0] forall x : Core_Ops_Range_Range_Type.t_range usize . inv1 x = true + axiom inv1 : forall x : Core_Ops_Range_Range_Type.t_range usize . inv1 x = true predicate invariant0 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool @@ -349,7 +349,7 @@ module IndexRange_TestRange val inv0 (_x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../index_range.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true predicate resolve2 (self : int32) = [#"../../../../creusot-contracts/src/resolve.rs" 45 8 45 12] true val resolve2 (self : int32) : bool @@ -535,25 +535,25 @@ module IndexRange_TestRange goto BB0 } BB0 { - arr <- ([#"../index_range.rs" 29 18 29 30] create_arr0 ()); + [#"../index_range.rs" 29 18 29 30] arr <- ([#"../index_range.rs" 29 18 29 30] create_arr0 ()); goto BB1 } BB1 { - _3 <- ([#"../index_range.rs" 34 13 34 22] index0 ([#"../index_range.rs" 34 13 34 16] arr) ([#"../index_range.rs" 34 17 34 21] Core_Ops_Range_Range_Type.C_Range ([#"../index_range.rs" 34 17 34 18] [#"../index_range.rs" 34 17 34 18] (0 : usize)) ([#"../index_range.rs" 34 20 34 21] [#"../index_range.rs" 34 20 34 21] (2 : usize)))); + [#"../index_range.rs" 34 13 34 22] _3 <- ([#"../index_range.rs" 34 13 34 22] index0 ([#"../index_range.rs" 34 13 34 16] arr) ([#"../index_range.rs" 34 17 34 21] Core_Ops_Range_Range_Type.C_Range ([#"../index_range.rs" 34 17 34 18] [#"../index_range.rs" 34 17 34 18] (0 : usize)) ([#"../index_range.rs" 34 20 34 21] [#"../index_range.rs" 34 20 34 21] (2 : usize)))); goto BB2 } BB2 { - s <- ([#"../index_range.rs" 34 12 34 22] _3); - _11 <- ([#"../index_range.rs" 35 12 35 19] len0 ([#"../index_range.rs" 35 12 35 19] s)); + [#"../index_range.rs" 34 12 34 22] s <- ([#"../index_range.rs" 34 12 34 22] _3); + [#"../index_range.rs" 35 12 35 19] _11 <- ([#"../index_range.rs" 35 12 35 19] len0 ([#"../index_range.rs" 35 12 35 19] s)); goto BB9 } BB3 { - _8 <- ([#"../index_range.rs" 35 12 35 50] [#"../index_range.rs" 35 12 35 50] false); + [#"../index_range.rs" 35 12 35 50] _8 <- ([#"../index_range.rs" 35 12 35 50] [#"../index_range.rs" 35 12 35 50] false); goto BB5 } BB4 { - _20 <- ([#"../index_range.rs" 35 43 35 44] [#"../index_range.rs" 35 43 35 44] (1 : usize)); - _22 <- ([#"../index_range.rs" 35 41 35 45] _20 < ([#"../index_range.rs" 35 41 35 45] Slice.length s)); + [#"../index_range.rs" 35 43 35 44] _20 <- ([#"../index_range.rs" 35 43 35 44] [#"../index_range.rs" 35 43 35 44] (1 : usize)); + [#"../index_range.rs" 35 41 35 45] _22 <- ([#"../index_range.rs" 35 41 35 45] _20 < ([#"../index_range.rs" 35 41 35 45] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 35 41 35 45] _22 }; goto BB11 } @@ -564,12 +564,12 @@ module IndexRange_TestRange end } BB6 { - _9 <- ([#"../index_range.rs" 35 12 35 37] [#"../index_range.rs" 35 12 35 37] false); + [#"../index_range.rs" 35 12 35 37] _9 <- ([#"../index_range.rs" 35 12 35 37] [#"../index_range.rs" 35 12 35 37] false); goto BB8 } BB7 { - _15 <- ([#"../index_range.rs" 35 30 35 31] [#"../index_range.rs" 35 30 35 31] (0 : usize)); - _17 <- ([#"../index_range.rs" 35 28 35 32] _15 < ([#"../index_range.rs" 35 28 35 32] Slice.length s)); + [#"../index_range.rs" 35 30 35 31] _15 <- ([#"../index_range.rs" 35 30 35 31] [#"../index_range.rs" 35 30 35 31] (0 : usize)); + [#"../index_range.rs" 35 28 35 32] _17 <- ([#"../index_range.rs" 35 28 35 32] _15 < ([#"../index_range.rs" 35 28 35 32] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 35 28 35 32] _17 }; goto BB10 } @@ -586,33 +586,34 @@ module IndexRange_TestRange end } BB10 { - _9 <- ([#"../index_range.rs" 35 28 35 37] Slice.get s _15 = ([#"../index_range.rs" 35 36 35 37] [#"../index_range.rs" 35 36 35 37] (0 : int32))); + [#"../index_range.rs" 35 12 35 37] _9 <- ([#"../index_range.rs" 35 28 35 37] ([#"../index_range.rs" 35 28 35 32] Slice.get s _15) = ([#"../index_range.rs" 35 36 35 37] [#"../index_range.rs" 35 36 35 37] (0 : int32))); goto BB8 } BB11 { - _8 <- ([#"../index_range.rs" 35 41 35 50] Slice.get s _20 = ([#"../index_range.rs" 35 49 35 50] [#"../index_range.rs" 35 49 35 50] (1 : int32))); + [#"../index_range.rs" 35 12 35 50] _8 <- ([#"../index_range.rs" 35 41 35 50] ([#"../index_range.rs" 35 41 35 45] Slice.get s _20) = ([#"../index_range.rs" 35 49 35 50] [#"../index_range.rs" 35 49 35 50] (1 : int32))); goto BB5 } BB12 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 35 4 35 51] false }; absurd } BB13 { - _25 <- ([#"../index_range.rs" 37 13 37 22] index0 ([#"../index_range.rs" 37 13 37 16] arr) ([#"../index_range.rs" 37 17 37 21] Core_Ops_Range_Range_Type.C_Range ([#"../index_range.rs" 37 17 37 18] [#"../index_range.rs" 37 17 37 18] (3 : usize)) ([#"../index_range.rs" 37 20 37 21] [#"../index_range.rs" 37 20 37 21] (5 : usize)))); + [#"../index_range.rs" 37 13 37 22] _25 <- ([#"../index_range.rs" 37 13 37 22] index0 ([#"../index_range.rs" 37 13 37 16] arr) ([#"../index_range.rs" 37 17 37 21] Core_Ops_Range_Range_Type.C_Range ([#"../index_range.rs" 37 17 37 18] [#"../index_range.rs" 37 17 37 18] (3 : usize)) ([#"../index_range.rs" 37 20 37 21] [#"../index_range.rs" 37 20 37 21] (5 : usize)))); goto BB14 } BB14 { - s1 <- ([#"../index_range.rs" 37 12 37 22] _25); - _33 <- ([#"../index_range.rs" 38 12 38 19] len0 ([#"../index_range.rs" 38 12 38 19] s1)); + [#"../index_range.rs" 37 12 37 22] s1 <- ([#"../index_range.rs" 37 12 37 22] _25); + [#"../index_range.rs" 38 12 38 19] _33 <- ([#"../index_range.rs" 38 12 38 19] len0 ([#"../index_range.rs" 38 12 38 19] s1)); goto BB21 } BB15 { - _30 <- ([#"../index_range.rs" 38 12 38 50] [#"../index_range.rs" 38 12 38 50] false); + [#"../index_range.rs" 38 12 38 50] _30 <- ([#"../index_range.rs" 38 12 38 50] [#"../index_range.rs" 38 12 38 50] false); goto BB17 } BB16 { - _42 <- ([#"../index_range.rs" 38 43 38 44] [#"../index_range.rs" 38 43 38 44] (1 : usize)); - _44 <- ([#"../index_range.rs" 38 41 38 45] _42 < ([#"../index_range.rs" 38 41 38 45] Slice.length s1)); + [#"../index_range.rs" 38 43 38 44] _42 <- ([#"../index_range.rs" 38 43 38 44] [#"../index_range.rs" 38 43 38 44] (1 : usize)); + [#"../index_range.rs" 38 41 38 45] _44 <- ([#"../index_range.rs" 38 41 38 45] _42 < ([#"../index_range.rs" 38 41 38 45] Slice.length s1)); assert { [@expl:index in bounds] [#"../index_range.rs" 38 41 38 45] _44 }; goto BB23 } @@ -623,12 +624,12 @@ module IndexRange_TestRange end } BB18 { - _31 <- ([#"../index_range.rs" 38 12 38 37] [#"../index_range.rs" 38 12 38 37] false); + [#"../index_range.rs" 38 12 38 37] _31 <- ([#"../index_range.rs" 38 12 38 37] [#"../index_range.rs" 38 12 38 37] false); goto BB20 } BB19 { - _37 <- ([#"../index_range.rs" 38 30 38 31] [#"../index_range.rs" 38 30 38 31] (0 : usize)); - _39 <- ([#"../index_range.rs" 38 28 38 32] _37 < ([#"../index_range.rs" 38 28 38 32] Slice.length s1)); + [#"../index_range.rs" 38 30 38 31] _37 <- ([#"../index_range.rs" 38 30 38 31] [#"../index_range.rs" 38 30 38 31] (0 : usize)); + [#"../index_range.rs" 38 28 38 32] _39 <- ([#"../index_range.rs" 38 28 38 32] _37 < ([#"../index_range.rs" 38 28 38 32] Slice.length s1)); assert { [@expl:index in bounds] [#"../index_range.rs" 38 28 38 32] _39 }; goto BB22 } @@ -645,23 +646,24 @@ module IndexRange_TestRange end } BB22 { - _31 <- ([#"../index_range.rs" 38 28 38 37] Slice.get s1 _37 = ([#"../index_range.rs" 38 36 38 37] [#"../index_range.rs" 38 36 38 37] (3 : int32))); + [#"../index_range.rs" 38 12 38 37] _31 <- ([#"../index_range.rs" 38 28 38 37] ([#"../index_range.rs" 38 28 38 32] Slice.get s1 _37) = ([#"../index_range.rs" 38 36 38 37] [#"../index_range.rs" 38 36 38 37] (3 : int32))); goto BB20 } BB23 { - _30 <- ([#"../index_range.rs" 38 41 38 50] Slice.get s1 _42 = ([#"../index_range.rs" 38 49 38 50] [#"../index_range.rs" 38 49 38 50] (4 : int32))); + [#"../index_range.rs" 38 12 38 50] _30 <- ([#"../index_range.rs" 38 41 38 50] ([#"../index_range.rs" 38 41 38 45] Slice.get s1 _42) = ([#"../index_range.rs" 38 49 38 50] [#"../index_range.rs" 38 49 38 50] (4 : int32))); goto BB17 } BB24 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 38 4 38 51] false }; absurd } BB25 { - _51 <- ([#"../index_range.rs" 43 12 43 21] index0 ([#"../index_range.rs" 43 12 43 15] arr) ([#"../index_range.rs" 43 16 43 20] Core_Ops_Range_Range_Type.C_Range ([#"../index_range.rs" 43 16 43 17] [#"../index_range.rs" 43 16 43 17] (2 : usize)) ([#"../index_range.rs" 43 19 43 20] [#"../index_range.rs" 43 19 43 20] (2 : usize)))); + [#"../index_range.rs" 43 12 43 21] _51 <- ([#"../index_range.rs" 43 12 43 21] index0 ([#"../index_range.rs" 43 12 43 15] arr) ([#"../index_range.rs" 43 16 43 20] Core_Ops_Range_Range_Type.C_Range ([#"../index_range.rs" 43 16 43 17] [#"../index_range.rs" 43 16 43 17] (2 : usize)) ([#"../index_range.rs" 43 19 43 20] [#"../index_range.rs" 43 19 43 20] (2 : usize)))); goto BB26 } BB26 { - _49 <- ([#"../index_range.rs" 43 12 43 27] len0 ([#"../index_range.rs" 43 12 43 27] _51)); + [#"../index_range.rs" 43 12 43 27] _49 <- ([#"../index_range.rs" 43 12 43 27] len0 ([#"../index_range.rs" 43 12 43 27] _51)); goto BB27 } BB27 { @@ -672,14 +674,15 @@ module IndexRange_TestRange } BB28 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 43 4 43 33] false }; absurd } BB29 { - _60 <- ([#"../index_range.rs" 45 12 45 21] index0 ([#"../index_range.rs" 45 12 45 15] arr) ([#"../index_range.rs" 45 16 45 20] Core_Ops_Range_Range_Type.C_Range ([#"../index_range.rs" 45 16 45 17] [#"../index_range.rs" 45 16 45 17] (5 : usize)) ([#"../index_range.rs" 45 19 45 20] [#"../index_range.rs" 45 19 45 20] (5 : usize)))); + [#"../index_range.rs" 45 12 45 21] _60 <- ([#"../index_range.rs" 45 12 45 21] index0 ([#"../index_range.rs" 45 12 45 15] arr) ([#"../index_range.rs" 45 16 45 20] Core_Ops_Range_Range_Type.C_Range ([#"../index_range.rs" 45 16 45 17] [#"../index_range.rs" 45 16 45 17] (5 : usize)) ([#"../index_range.rs" 45 19 45 20] [#"../index_range.rs" 45 19 45 20] (5 : usize)))); goto BB30 } BB30 { - _58 <- ([#"../index_range.rs" 45 12 45 27] len0 ([#"../index_range.rs" 45 12 45 27] _60)); + [#"../index_range.rs" 45 12 45 27] _58 <- ([#"../index_range.rs" 45 12 45 27] len0 ([#"../index_range.rs" 45 12 45 27] _60)); goto BB31 } BB31 { @@ -690,18 +693,19 @@ module IndexRange_TestRange } BB32 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 45 4 45 33] false }; absurd } BB33 { - _70 <- ([#"../index_range.rs" 50 12 50 25] deref0 ([#"../index_range.rs" 50 12 50 25] arr)); + [#"../index_range.rs" 50 12 50 25] _70 <- ([#"../index_range.rs" 50 12 50 25] deref0 ([#"../index_range.rs" 50 12 50 25] arr)); goto BB34 } BB34 { - _68 <- ([#"../index_range.rs" 50 12 50 25] get0 ([#"../index_range.rs" 50 12 50 25] _70) ([#"../index_range.rs" 50 20 50 24] Core_Ops_Range_Range_Type.C_Range ([#"../index_range.rs" 50 20 50 21] [#"../index_range.rs" 50 20 50 21] (2 : usize)) ([#"../index_range.rs" 50 23 50 24] [#"../index_range.rs" 50 23 50 24] (6 : usize)))); + [#"../index_range.rs" 50 12 50 25] _68 <- ([#"../index_range.rs" 50 12 50 25] get0 ([#"../index_range.rs" 50 12 50 25] _70) ([#"../index_range.rs" 50 20 50 24] Core_Ops_Range_Range_Type.C_Range ([#"../index_range.rs" 50 20 50 21] [#"../index_range.rs" 50 20 50 21] (2 : usize)) ([#"../index_range.rs" 50 23 50 24] [#"../index_range.rs" 50 23 50 24] (6 : usize)))); goto BB35 } BB35 { - _66 <- ([#"../index_range.rs" 50 12 50 35] is_none0 ([#"../index_range.rs" 50 12 50 35] _68)); + [#"../index_range.rs" 50 12 50 35] _66 <- ([#"../index_range.rs" 50 12 50 35] is_none0 ([#"../index_range.rs" 50 12 50 35] _68)); goto BB36 } BB36 { @@ -712,18 +716,19 @@ module IndexRange_TestRange } BB37 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 50 4 50 36] false }; absurd } BB38 { - _80 <- ([#"../index_range.rs" 52 12 52 25] deref0 ([#"../index_range.rs" 52 12 52 25] arr)); + [#"../index_range.rs" 52 12 52 25] _80 <- ([#"../index_range.rs" 52 12 52 25] deref0 ([#"../index_range.rs" 52 12 52 25] arr)); goto BB39 } BB39 { - _78 <- ([#"../index_range.rs" 52 12 52 25] get0 ([#"../index_range.rs" 52 12 52 25] _80) ([#"../index_range.rs" 52 20 52 24] Core_Ops_Range_Range_Type.C_Range ([#"../index_range.rs" 52 20 52 21] [#"../index_range.rs" 52 20 52 21] (2 : usize)) ([#"../index_range.rs" 52 23 52 24] [#"../index_range.rs" 52 23 52 24] (1 : usize)))); + [#"../index_range.rs" 52 12 52 25] _78 <- ([#"../index_range.rs" 52 12 52 25] get0 ([#"../index_range.rs" 52 12 52 25] _80) ([#"../index_range.rs" 52 20 52 24] Core_Ops_Range_Range_Type.C_Range ([#"../index_range.rs" 52 20 52 21] [#"../index_range.rs" 52 20 52 21] (2 : usize)) ([#"../index_range.rs" 52 23 52 24] [#"../index_range.rs" 52 23 52 24] (1 : usize)))); goto BB40 } BB40 { - _76 <- ([#"../index_range.rs" 52 12 52 35] is_none0 ([#"../index_range.rs" 52 12 52 35] _78)); + [#"../index_range.rs" 52 12 52 35] _76 <- ([#"../index_range.rs" 52 12 52 35] is_none0 ([#"../index_range.rs" 52 12 52 35] _78)); goto BB41 } BB41 { @@ -734,18 +739,19 @@ module IndexRange_TestRange } BB42 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 52 4 52 36] false }; absurd } BB43 { - _90 <- ([#"../index_range.rs" 54 12 54 25] deref0 ([#"../index_range.rs" 54 12 54 25] arr)); + [#"../index_range.rs" 54 12 54 25] _90 <- ([#"../index_range.rs" 54 12 54 25] deref0 ([#"../index_range.rs" 54 12 54 25] arr)); goto BB44 } BB44 { - _88 <- ([#"../index_range.rs" 54 12 54 25] get0 ([#"../index_range.rs" 54 12 54 25] _90) ([#"../index_range.rs" 54 20 54 24] Core_Ops_Range_Range_Type.C_Range ([#"../index_range.rs" 54 20 54 21] [#"../index_range.rs" 54 20 54 21] (6 : usize)) ([#"../index_range.rs" 54 23 54 24] [#"../index_range.rs" 54 23 54 24] (6 : usize)))); + [#"../index_range.rs" 54 12 54 25] _88 <- ([#"../index_range.rs" 54 12 54 25] get0 ([#"../index_range.rs" 54 12 54 25] _90) ([#"../index_range.rs" 54 20 54 24] Core_Ops_Range_Range_Type.C_Range ([#"../index_range.rs" 54 20 54 21] [#"../index_range.rs" 54 20 54 21] (6 : usize)) ([#"../index_range.rs" 54 23 54 24] [#"../index_range.rs" 54 23 54 24] (6 : usize)))); goto BB45 } BB45 { - _86 <- ([#"../index_range.rs" 54 12 54 35] is_none0 ([#"../index_range.rs" 54 12 54 35] _88)); + [#"../index_range.rs" 54 12 54 35] _86 <- ([#"../index_range.rs" 54 12 54 35] is_none0 ([#"../index_range.rs" 54 12 54 35] _88)); goto BB46 } BB46 { @@ -756,18 +762,19 @@ module IndexRange_TestRange } BB47 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 54 4 54 36] false }; absurd } BB48 { - _100 <- ([#"../index_range.rs" 56 12 56 27] deref0 ([#"../index_range.rs" 56 12 56 27] arr)); + [#"../index_range.rs" 56 12 56 27] _100 <- ([#"../index_range.rs" 56 12 56 27] deref0 ([#"../index_range.rs" 56 12 56 27] arr)); goto BB49 } BB49 { - _98 <- ([#"../index_range.rs" 56 12 56 27] get0 ([#"../index_range.rs" 56 12 56 27] _100) ([#"../index_range.rs" 56 20 56 26] Core_Ops_Range_Range_Type.C_Range ([#"../index_range.rs" 56 20 56 22] [#"../index_range.rs" 56 20 56 22] (10 : usize)) ([#"../index_range.rs" 56 24 56 26] [#"../index_range.rs" 56 24 56 26] (10 : usize)))); + [#"../index_range.rs" 56 12 56 27] _98 <- ([#"../index_range.rs" 56 12 56 27] get0 ([#"../index_range.rs" 56 12 56 27] _100) ([#"../index_range.rs" 56 20 56 26] Core_Ops_Range_Range_Type.C_Range ([#"../index_range.rs" 56 20 56 22] [#"../index_range.rs" 56 20 56 22] (10 : usize)) ([#"../index_range.rs" 56 24 56 26] [#"../index_range.rs" 56 24 56 26] (10 : usize)))); goto BB50 } BB50 { - _96 <- ([#"../index_range.rs" 56 12 56 37] is_none0 ([#"../index_range.rs" 56 12 56 37] _98)); + [#"../index_range.rs" 56 12 56 37] _96 <- ([#"../index_range.rs" 56 12 56 37] is_none0 ([#"../index_range.rs" 56 12 56 37] _98)); goto BB51 } BB51 { @@ -778,19 +785,20 @@ module IndexRange_TestRange } BB52 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 56 4 56 38] false }; absurd } BB53 { - _106 <- Borrow.borrow_mut arr; - arr <- ^ _106; - _105 <- ([#"../index_range.rs" 59 17 59 26] index_mut0 _106 ([#"../index_range.rs" 59 21 59 25] Core_Ops_Range_Range_Type.C_Range ([#"../index_range.rs" 59 21 59 22] [#"../index_range.rs" 59 21 59 22] (1 : usize)) ([#"../index_range.rs" 59 24 59 25] [#"../index_range.rs" 59 24 59 25] (4 : usize)))); + [#"../index_range.rs" 59 17 59 20] _106 <- Borrow.borrow_mut arr; + [#"../index_range.rs" 59 17 59 20] arr <- ^ _106; + [#"../index_range.rs" 59 17 59 26] _105 <- ([#"../index_range.rs" 59 17 59 26] index_mut0 _106 ([#"../index_range.rs" 59 21 59 25] Core_Ops_Range_Range_Type.C_Range ([#"../index_range.rs" 59 21 59 22] [#"../index_range.rs" 59 21 59 22] (1 : usize)) ([#"../index_range.rs" 59 24 59 25] [#"../index_range.rs" 59 24 59 25] (4 : usize)))); _106 <- any borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)); goto BB54 } BB54 { - s2 <- Borrow.borrow_mut ( * _105); - _105 <- { _105 with current = ^ s2 }; - _111 <- ([#"../index_range.rs" 60 12 60 19] len0 ([#"../index_range.rs" 60 12 60 19] * s2)); + [#"../index_range.rs" 59 12 59 26] s2 <- Borrow.borrow_mut ( * _105); + [#"../index_range.rs" 59 12 59 26] _105 <- { _105 with current = ^ s2 }; + [#"../index_range.rs" 60 12 60 19] _111 <- ([#"../index_range.rs" 60 12 60 19] len0 ([#"../index_range.rs" 60 12 60 19] * s2)); goto BB55 } BB55 { @@ -803,42 +811,44 @@ module IndexRange_TestRange assume { resolve0 s2 }; assume { resolve0 _105 }; assume { resolve1 arr }; + assert { [#"../index_range.rs" 60 4 60 25] false }; absurd } BB57 { - _114 <- ([#"../index_range.rs" 61 6 61 7] [#"../index_range.rs" 61 6 61 7] (0 : usize)); - _116 <- ([#"../index_range.rs" 61 4 61 8] _114 < ([#"../index_range.rs" 61 4 61 8] Slice.length ( * s2))); + [#"../index_range.rs" 61 6 61 7] _114 <- ([#"../index_range.rs" 61 6 61 7] [#"../index_range.rs" 61 6 61 7] (0 : usize)); + [#"../index_range.rs" 61 4 61 8] _116 <- ([#"../index_range.rs" 61 4 61 8] _114 < ([#"../index_range.rs" 61 4 61 8] Slice.length ( * s2))); assert { [@expl:index in bounds] [#"../index_range.rs" 61 4 61 8] _116 }; goto BB58 } BB58 { - s2 <- { s2 with current = Slice.set ( * s2) _114 ([#"../index_range.rs" 61 11 61 13] [#"../index_range.rs" 61 11 61 13] (-1 : int32)) }; - _117 <- ([#"../index_range.rs" 62 6 62 7] [#"../index_range.rs" 62 6 62 7] (1 : usize)); - _119 <- ([#"../index_range.rs" 62 4 62 8] _117 < ([#"../index_range.rs" 62 4 62 8] Slice.length ( * s2))); + [#"../index_range.rs" 61 4 61 13] s2 <- { s2 with current = Slice.set ( * s2) _114 ([#"../index_range.rs" 61 4 61 13] [#"../index_range.rs" 61 11 61 13] (-1 : int32)) }; + [#"../index_range.rs" 62 6 62 7] _117 <- ([#"../index_range.rs" 62 6 62 7] [#"../index_range.rs" 62 6 62 7] (1 : usize)); + [#"../index_range.rs" 62 4 62 8] _119 <- ([#"../index_range.rs" 62 4 62 8] _117 < ([#"../index_range.rs" 62 4 62 8] Slice.length ( * s2))); assert { [@expl:index in bounds] [#"../index_range.rs" 62 4 62 8] _119 }; goto BB59 } BB59 { - s2 <- { s2 with current = Slice.set ( * s2) _117 ([#"../index_range.rs" 62 11 62 13] [#"../index_range.rs" 62 11 62 13] (-1 : int32)) }; - _124 <- ([#"../index_range.rs" 67 14 67 15] [#"../index_range.rs" 67 14 67 15] (2 : usize)); - _126 <- ([#"../index_range.rs" 67 12 67 16] _124 < ([#"../index_range.rs" 67 12 67 16] Slice.length ( * s2))); + [#"../index_range.rs" 62 4 62 13] s2 <- { s2 with current = Slice.set ( * s2) _117 ([#"../index_range.rs" 62 4 62 13] [#"../index_range.rs" 62 11 62 13] (-1 : int32)) }; + [#"../index_range.rs" 67 14 67 15] _124 <- ([#"../index_range.rs" 67 14 67 15] [#"../index_range.rs" 67 14 67 15] (2 : usize)); + [#"../index_range.rs" 67 12 67 16] _126 <- ([#"../index_range.rs" 67 12 67 16] _124 < ([#"../index_range.rs" 67 12 67 16] Slice.length ( * s2))); assert { [@expl:index in bounds] [#"../index_range.rs" 67 12 67 16] _126 }; goto BB60 } BB60 { assume { resolve0 s2 }; assume { resolve0 _105 }; - switch ([#"../index_range.rs" 67 4 67 22] not ([#"../index_range.rs" 67 12 67 21] Slice.get ( * s2) _124 = ([#"../index_range.rs" 67 20 67 21] [#"../index_range.rs" 67 20 67 21] (3 : int32)))) + switch ([#"../index_range.rs" 67 4 67 22] not ([#"../index_range.rs" 67 12 67 21] ([#"../index_range.rs" 67 12 67 16] Slice.get ( * s2) _124) = ([#"../index_range.rs" 67 20 67 21] [#"../index_range.rs" 67 20 67 21] (3 : int32)))) | False -> goto BB62 | True -> goto BB61 end } BB61 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 67 4 67 22] false }; absurd } BB62 { - _131 <- ([#"../index_range.rs" 69 12 69 21] len1 ([#"../index_range.rs" 69 12 69 21] arr)); + [#"../index_range.rs" 69 12 69 21] _131 <- ([#"../index_range.rs" 69 12 69 21] len1 ([#"../index_range.rs" 69 12 69 21] arr)); goto BB63 } BB63 { @@ -849,80 +859,86 @@ module IndexRange_TestRange } BB64 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 69 4 69 27] false }; absurd } BB65 { - _138 <- ([#"../index_range.rs" 70 12 70 18] index1 ([#"../index_range.rs" 70 12 70 15] arr) ([#"../index_range.rs" 70 16 70 17] [#"../index_range.rs" 70 16 70 17] (0 : usize))); + [#"../index_range.rs" 70 12 70 18] _138 <- ([#"../index_range.rs" 70 12 70 18] index1 ([#"../index_range.rs" 70 12 70 15] arr) ([#"../index_range.rs" 70 16 70 17] [#"../index_range.rs" 70 16 70 17] (0 : usize))); goto BB66 } BB66 { - switch ([#"../index_range.rs" 70 4 70 24] not ([#"../index_range.rs" 70 12 70 23] _138 = ([#"../index_range.rs" 70 22 70 23] [#"../index_range.rs" 70 22 70 23] (0 : int32)))) + switch ([#"../index_range.rs" 70 4 70 24] not ([#"../index_range.rs" 70 12 70 23] ([#"../index_range.rs" 70 12 70 18] _138) = ([#"../index_range.rs" 70 22 70 23] [#"../index_range.rs" 70 22 70 23] (0 : int32)))) | False -> goto BB68 | True -> goto BB67 end } BB67 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 70 4 70 24] false }; absurd } BB68 { - _145 <- ([#"../index_range.rs" 71 12 71 18] index1 ([#"../index_range.rs" 71 12 71 15] arr) ([#"../index_range.rs" 71 16 71 17] [#"../index_range.rs" 71 16 71 17] (1 : usize))); + [#"../index_range.rs" 71 12 71 18] _145 <- ([#"../index_range.rs" 71 12 71 18] index1 ([#"../index_range.rs" 71 12 71 15] arr) ([#"../index_range.rs" 71 16 71 17] [#"../index_range.rs" 71 16 71 17] (1 : usize))); goto BB69 } BB69 { - switch ([#"../index_range.rs" 71 4 71 25] not ([#"../index_range.rs" 71 12 71 24] _145 = ([#"../index_range.rs" 71 22 71 24] [#"../index_range.rs" 71 22 71 24] (-1 : int32)))) + switch ([#"../index_range.rs" 71 4 71 25] not ([#"../index_range.rs" 71 12 71 24] ([#"../index_range.rs" 71 12 71 18] _145) = ([#"../index_range.rs" 71 22 71 24] [#"../index_range.rs" 71 22 71 24] (-1 : int32)))) | False -> goto BB71 | True -> goto BB70 end } BB70 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 71 4 71 25] false }; absurd } BB71 { - _152 <- ([#"../index_range.rs" 72 12 72 18] index1 ([#"../index_range.rs" 72 12 72 15] arr) ([#"../index_range.rs" 72 16 72 17] [#"../index_range.rs" 72 16 72 17] (2 : usize))); + [#"../index_range.rs" 72 12 72 18] _152 <- ([#"../index_range.rs" 72 12 72 18] index1 ([#"../index_range.rs" 72 12 72 15] arr) ([#"../index_range.rs" 72 16 72 17] [#"../index_range.rs" 72 16 72 17] (2 : usize))); goto BB72 } BB72 { - switch ([#"../index_range.rs" 72 4 72 25] not ([#"../index_range.rs" 72 12 72 24] _152 = ([#"../index_range.rs" 72 22 72 24] [#"../index_range.rs" 72 22 72 24] (-1 : int32)))) + switch ([#"../index_range.rs" 72 4 72 25] not ([#"../index_range.rs" 72 12 72 24] ([#"../index_range.rs" 72 12 72 18] _152) = ([#"../index_range.rs" 72 22 72 24] [#"../index_range.rs" 72 22 72 24] (-1 : int32)))) | False -> goto BB74 | True -> goto BB73 end } BB73 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 72 4 72 25] false }; absurd } BB74 { - _159 <- ([#"../index_range.rs" 73 12 73 18] index1 ([#"../index_range.rs" 73 12 73 15] arr) ([#"../index_range.rs" 73 16 73 17] [#"../index_range.rs" 73 16 73 17] (3 : usize))); + [#"../index_range.rs" 73 12 73 18] _159 <- ([#"../index_range.rs" 73 12 73 18] index1 ([#"../index_range.rs" 73 12 73 15] arr) ([#"../index_range.rs" 73 16 73 17] [#"../index_range.rs" 73 16 73 17] (3 : usize))); goto BB75 } BB75 { - switch ([#"../index_range.rs" 73 4 73 24] not ([#"../index_range.rs" 73 12 73 23] _159 = ([#"../index_range.rs" 73 22 73 23] [#"../index_range.rs" 73 22 73 23] (3 : int32)))) + switch ([#"../index_range.rs" 73 4 73 24] not ([#"../index_range.rs" 73 12 73 23] ([#"../index_range.rs" 73 12 73 18] _159) = ([#"../index_range.rs" 73 22 73 23] [#"../index_range.rs" 73 22 73 23] (3 : int32)))) | False -> goto BB77 | True -> goto BB76 end } BB76 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 73 4 73 24] false }; absurd } BB77 { - _166 <- ([#"../index_range.rs" 74 12 74 18] index1 ([#"../index_range.rs" 74 12 74 15] arr) ([#"../index_range.rs" 74 16 74 17] [#"../index_range.rs" 74 16 74 17] (4 : usize))); + [#"../index_range.rs" 74 12 74 18] _166 <- ([#"../index_range.rs" 74 12 74 18] index1 ([#"../index_range.rs" 74 12 74 15] arr) ([#"../index_range.rs" 74 16 74 17] [#"../index_range.rs" 74 16 74 17] (4 : usize))); goto BB78 } BB78 { assume { resolve1 arr }; - switch ([#"../index_range.rs" 74 4 74 24] not ([#"../index_range.rs" 74 12 74 23] _166 = ([#"../index_range.rs" 74 22 74 23] [#"../index_range.rs" 74 22 74 23] (4 : int32)))) + switch ([#"../index_range.rs" 74 4 74 24] not ([#"../index_range.rs" 74 12 74 23] ([#"../index_range.rs" 74 12 74 18] _166) = ([#"../index_range.rs" 74 22 74 23] [#"../index_range.rs" 74 22 74 23] (4 : int32)))) | False -> goto BB80 | True -> goto BB79 end } BB79 { + assert { [#"../index_range.rs" 74 4 74 24] false }; absurd } BB80 { - _0 <- ([#"../index_range.rs" 27 20 75 1] ()); + [#"../index_range.rs" 27 20 75 1] _0 <- ([#"../index_range.rs" 27 20 75 1] ()); goto BB81 } BB81 { @@ -951,7 +967,7 @@ module IndexRange_TestRangeTo val inv11 (_x : slice int32) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../index_range.rs" 1 0 1 0] forall x : slice int32 . inv11 x = true + axiom inv11 : forall x : slice int32 . inv11 x = true use seq.Seq predicate invariant10 (self : Seq.seq int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -962,7 +978,7 @@ module IndexRange_TestRangeTo val inv10 (_x : Seq.seq int32) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../index_range.rs" 1 0 1 0] forall x : Seq.seq int32 . inv10 x = true + axiom inv10 : forall x : Seq.seq int32 . inv10 x = true use prelude.UIntSize use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -986,7 +1002,7 @@ module IndexRange_TestRangeTo val invariant9 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant9 self } - axiom inv9 : [#"../index_range.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv9 x = true + axiom inv9 : forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv9 x = true predicate invariant8 (self : int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant8 (self : int32) : bool @@ -996,7 +1012,7 @@ module IndexRange_TestRangeTo val inv8 (_x : int32) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../index_range.rs" 1 0 1 0] forall x : int32 . inv8 x = true + axiom inv8 : forall x : int32 . inv8 x = true predicate invariant7 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant7 (self : usize) : bool @@ -1006,7 +1022,7 @@ module IndexRange_TestRangeTo val inv7 (_x : usize) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../index_range.rs" 1 0 1 0] forall x : usize . inv7 x = true + axiom inv7 : forall x : usize . inv7 x = true use prelude.Borrow predicate invariant6 (self : borrowed (slice int32)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1017,7 +1033,7 @@ module IndexRange_TestRangeTo val inv6 (_x : borrowed (slice int32)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../index_range.rs" 1 0 1 0] forall x : borrowed (slice int32) . inv6 x = true + axiom inv6 : forall x : borrowed (slice int32) . inv6 x = true predicate invariant5 (self : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant5 (self : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global))) : bool @@ -1027,7 +1043,7 @@ module IndexRange_TestRangeTo val inv5 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../index_range.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) . inv5 x = true + axiom inv5 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) . inv5 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant4 (self : Core_Option_Option_Type.t_option (slice int32)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1038,7 +1054,7 @@ module IndexRange_TestRangeTo val inv4 (_x : Core_Option_Option_Type.t_option (slice int32)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../index_range.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (slice int32) . inv4 x = true + axiom inv4 : forall x : Core_Option_Option_Type.t_option (slice int32) . inv4 x = true predicate invariant3 (self : Core_Option_Option_Type.t_option (slice int32)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : Core_Option_Option_Type.t_option (slice int32)) : bool @@ -1048,7 +1064,7 @@ module IndexRange_TestRangeTo val inv3 (_x : Core_Option_Option_Type.t_option (slice int32)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../index_range.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (slice int32) . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option (slice int32) . inv3 x = true predicate invariant2 (self : slice int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : slice int32) : bool @@ -1058,7 +1074,7 @@ module IndexRange_TestRangeTo val inv2 (_x : slice int32) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../index_range.rs" 1 0 1 0] forall x : slice int32 . inv2 x = true + axiom inv2 : forall x : slice int32 . inv2 x = true use Core_Ops_Range_RangeTo_Type as Core_Ops_Range_RangeTo_Type predicate invariant1 (self : Core_Ops_Range_RangeTo_Type.t_rangeto usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1069,7 +1085,7 @@ module IndexRange_TestRangeTo val inv1 (_x : Core_Ops_Range_RangeTo_Type.t_rangeto usize) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../index_range.rs" 1 0 1 0] forall x : Core_Ops_Range_RangeTo_Type.t_rangeto usize . inv1 x = true + axiom inv1 : forall x : Core_Ops_Range_RangeTo_Type.t_rangeto usize . inv1 x = true predicate invariant0 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool @@ -1079,7 +1095,7 @@ module IndexRange_TestRangeTo val inv0 (_x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../index_range.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true predicate resolve2 (self : int32) = [#"../../../../creusot-contracts/src/resolve.rs" 45 8 45 12] true val resolve2 (self : int32) : bool @@ -1245,25 +1261,25 @@ module IndexRange_TestRangeTo goto BB0 } BB0 { - arr <- ([#"../index_range.rs" 80 18 80 30] create_arr0 ()); + [#"../index_range.rs" 80 18 80 30] arr <- ([#"../index_range.rs" 80 18 80 30] create_arr0 ()); goto BB1 } BB1 { - _3 <- ([#"../index_range.rs" 85 13 85 21] index0 ([#"../index_range.rs" 85 13 85 16] arr) ([#"../index_range.rs" 85 17 85 20] Core_Ops_Range_RangeTo_Type.C_RangeTo ([#"../index_range.rs" 85 19 85 20] [#"../index_range.rs" 85 19 85 20] (2 : usize)))); + [#"../index_range.rs" 85 13 85 21] _3 <- ([#"../index_range.rs" 85 13 85 21] index0 ([#"../index_range.rs" 85 13 85 16] arr) ([#"../index_range.rs" 85 17 85 20] Core_Ops_Range_RangeTo_Type.C_RangeTo ([#"../index_range.rs" 85 19 85 20] [#"../index_range.rs" 85 19 85 20] (2 : usize)))); goto BB2 } BB2 { - s <- ([#"../index_range.rs" 85 12 85 21] _3); - _11 <- ([#"../index_range.rs" 86 12 86 19] len0 ([#"../index_range.rs" 86 12 86 19] s)); + [#"../index_range.rs" 85 12 85 21] s <- ([#"../index_range.rs" 85 12 85 21] _3); + [#"../index_range.rs" 86 12 86 19] _11 <- ([#"../index_range.rs" 86 12 86 19] len0 ([#"../index_range.rs" 86 12 86 19] s)); goto BB9 } BB3 { - _8 <- ([#"../index_range.rs" 86 12 86 50] [#"../index_range.rs" 86 12 86 50] false); + [#"../index_range.rs" 86 12 86 50] _8 <- ([#"../index_range.rs" 86 12 86 50] [#"../index_range.rs" 86 12 86 50] false); goto BB5 } BB4 { - _20 <- ([#"../index_range.rs" 86 43 86 44] [#"../index_range.rs" 86 43 86 44] (1 : usize)); - _22 <- ([#"../index_range.rs" 86 41 86 45] _20 < ([#"../index_range.rs" 86 41 86 45] Slice.length s)); + [#"../index_range.rs" 86 43 86 44] _20 <- ([#"../index_range.rs" 86 43 86 44] [#"../index_range.rs" 86 43 86 44] (1 : usize)); + [#"../index_range.rs" 86 41 86 45] _22 <- ([#"../index_range.rs" 86 41 86 45] _20 < ([#"../index_range.rs" 86 41 86 45] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 86 41 86 45] _22 }; goto BB11 } @@ -1274,12 +1290,12 @@ module IndexRange_TestRangeTo end } BB6 { - _9 <- ([#"../index_range.rs" 86 12 86 37] [#"../index_range.rs" 86 12 86 37] false); + [#"../index_range.rs" 86 12 86 37] _9 <- ([#"../index_range.rs" 86 12 86 37] [#"../index_range.rs" 86 12 86 37] false); goto BB8 } BB7 { - _15 <- ([#"../index_range.rs" 86 30 86 31] [#"../index_range.rs" 86 30 86 31] (0 : usize)); - _17 <- ([#"../index_range.rs" 86 28 86 32] _15 < ([#"../index_range.rs" 86 28 86 32] Slice.length s)); + [#"../index_range.rs" 86 30 86 31] _15 <- ([#"../index_range.rs" 86 30 86 31] [#"../index_range.rs" 86 30 86 31] (0 : usize)); + [#"../index_range.rs" 86 28 86 32] _17 <- ([#"../index_range.rs" 86 28 86 32] _15 < ([#"../index_range.rs" 86 28 86 32] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 86 28 86 32] _17 }; goto BB10 } @@ -1296,23 +1312,24 @@ module IndexRange_TestRangeTo end } BB10 { - _9 <- ([#"../index_range.rs" 86 28 86 37] Slice.get s _15 = ([#"../index_range.rs" 86 36 86 37] [#"../index_range.rs" 86 36 86 37] (0 : int32))); + [#"../index_range.rs" 86 12 86 37] _9 <- ([#"../index_range.rs" 86 28 86 37] ([#"../index_range.rs" 86 28 86 32] Slice.get s _15) = ([#"../index_range.rs" 86 36 86 37] [#"../index_range.rs" 86 36 86 37] (0 : int32))); goto BB8 } BB11 { - _8 <- ([#"../index_range.rs" 86 41 86 50] Slice.get s _20 = ([#"../index_range.rs" 86 49 86 50] [#"../index_range.rs" 86 49 86 50] (1 : int32))); + [#"../index_range.rs" 86 12 86 50] _8 <- ([#"../index_range.rs" 86 41 86 50] ([#"../index_range.rs" 86 41 86 45] Slice.get s _20) = ([#"../index_range.rs" 86 49 86 50] [#"../index_range.rs" 86 49 86 50] (1 : int32))); goto BB5 } BB12 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 86 4 86 51] false }; absurd } BB13 { - _29 <- ([#"../index_range.rs" 91 12 91 20] index0 ([#"../index_range.rs" 91 12 91 15] arr) ([#"../index_range.rs" 91 16 91 19] Core_Ops_Range_RangeTo_Type.C_RangeTo ([#"../index_range.rs" 91 18 91 19] [#"../index_range.rs" 91 18 91 19] (0 : usize)))); + [#"../index_range.rs" 91 12 91 20] _29 <- ([#"../index_range.rs" 91 12 91 20] index0 ([#"../index_range.rs" 91 12 91 15] arr) ([#"../index_range.rs" 91 16 91 19] Core_Ops_Range_RangeTo_Type.C_RangeTo ([#"../index_range.rs" 91 18 91 19] [#"../index_range.rs" 91 18 91 19] (0 : usize)))); goto BB14 } BB14 { - _27 <- ([#"../index_range.rs" 91 12 91 26] len0 ([#"../index_range.rs" 91 12 91 26] _29)); + [#"../index_range.rs" 91 12 91 26] _27 <- ([#"../index_range.rs" 91 12 91 26] len0 ([#"../index_range.rs" 91 12 91 26] _29)); goto BB15 } BB15 { @@ -1323,18 +1340,19 @@ module IndexRange_TestRangeTo } BB16 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 91 4 91 32] false }; absurd } BB17 { - _39 <- ([#"../index_range.rs" 96 12 96 24] deref0 ([#"../index_range.rs" 96 12 96 24] arr)); + [#"../index_range.rs" 96 12 96 24] _39 <- ([#"../index_range.rs" 96 12 96 24] deref0 ([#"../index_range.rs" 96 12 96 24] arr)); goto BB18 } BB18 { - _37 <- ([#"../index_range.rs" 96 12 96 24] get0 ([#"../index_range.rs" 96 12 96 24] _39) ([#"../index_range.rs" 96 20 96 23] Core_Ops_Range_RangeTo_Type.C_RangeTo ([#"../index_range.rs" 96 22 96 23] [#"../index_range.rs" 96 22 96 23] (6 : usize)))); + [#"../index_range.rs" 96 12 96 24] _37 <- ([#"../index_range.rs" 96 12 96 24] get0 ([#"../index_range.rs" 96 12 96 24] _39) ([#"../index_range.rs" 96 20 96 23] Core_Ops_Range_RangeTo_Type.C_RangeTo ([#"../index_range.rs" 96 22 96 23] [#"../index_range.rs" 96 22 96 23] (6 : usize)))); goto BB19 } BB19 { - _35 <- ([#"../index_range.rs" 96 12 96 34] is_none0 ([#"../index_range.rs" 96 12 96 34] _37)); + [#"../index_range.rs" 96 12 96 34] _35 <- ([#"../index_range.rs" 96 12 96 34] is_none0 ([#"../index_range.rs" 96 12 96 34] _37)); goto BB20 } BB20 { @@ -1345,19 +1363,20 @@ module IndexRange_TestRangeTo } BB21 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 96 4 96 35] false }; absurd } BB22 { - _45 <- Borrow.borrow_mut arr; - arr <- ^ _45; - _44 <- ([#"../index_range.rs" 99 17 99 25] index_mut0 _45 ([#"../index_range.rs" 99 21 99 24] Core_Ops_Range_RangeTo_Type.C_RangeTo ([#"../index_range.rs" 99 23 99 24] [#"../index_range.rs" 99 23 99 24] (3 : usize)))); + [#"../index_range.rs" 99 17 99 20] _45 <- Borrow.borrow_mut arr; + [#"../index_range.rs" 99 17 99 20] arr <- ^ _45; + [#"../index_range.rs" 99 17 99 25] _44 <- ([#"../index_range.rs" 99 17 99 25] index_mut0 _45 ([#"../index_range.rs" 99 21 99 24] Core_Ops_Range_RangeTo_Type.C_RangeTo ([#"../index_range.rs" 99 23 99 24] [#"../index_range.rs" 99 23 99 24] (3 : usize)))); _45 <- any borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)); goto BB23 } BB23 { - s1 <- Borrow.borrow_mut ( * _44); - _44 <- { _44 with current = ^ s1 }; - _50 <- ([#"../index_range.rs" 100 12 100 19] len0 ([#"../index_range.rs" 100 12 100 19] * s1)); + [#"../index_range.rs" 99 12 99 25] s1 <- Borrow.borrow_mut ( * _44); + [#"../index_range.rs" 99 12 99 25] _44 <- { _44 with current = ^ s1 }; + [#"../index_range.rs" 100 12 100 19] _50 <- ([#"../index_range.rs" 100 12 100 19] len0 ([#"../index_range.rs" 100 12 100 19] * s1)); goto BB24 } BB24 { @@ -1370,42 +1389,44 @@ module IndexRange_TestRangeTo assume { resolve0 s1 }; assume { resolve0 _44 }; assume { resolve1 arr }; + assert { [#"../index_range.rs" 100 4 100 25] false }; absurd } BB26 { - _53 <- ([#"../index_range.rs" 101 6 101 7] [#"../index_range.rs" 101 6 101 7] (0 : usize)); - _55 <- ([#"../index_range.rs" 101 4 101 8] _53 < ([#"../index_range.rs" 101 4 101 8] Slice.length ( * s1))); + [#"../index_range.rs" 101 6 101 7] _53 <- ([#"../index_range.rs" 101 6 101 7] [#"../index_range.rs" 101 6 101 7] (0 : usize)); + [#"../index_range.rs" 101 4 101 8] _55 <- ([#"../index_range.rs" 101 4 101 8] _53 < ([#"../index_range.rs" 101 4 101 8] Slice.length ( * s1))); assert { [@expl:index in bounds] [#"../index_range.rs" 101 4 101 8] _55 }; goto BB27 } BB27 { - s1 <- { s1 with current = Slice.set ( * s1) _53 ([#"../index_range.rs" 101 11 101 13] [#"../index_range.rs" 101 11 101 13] (-1 : int32)) }; - _56 <- ([#"../index_range.rs" 102 6 102 7] [#"../index_range.rs" 102 6 102 7] (2 : usize)); - _58 <- ([#"../index_range.rs" 102 4 102 8] _56 < ([#"../index_range.rs" 102 4 102 8] Slice.length ( * s1))); + [#"../index_range.rs" 101 4 101 13] s1 <- { s1 with current = Slice.set ( * s1) _53 ([#"../index_range.rs" 101 4 101 13] [#"../index_range.rs" 101 11 101 13] (-1 : int32)) }; + [#"../index_range.rs" 102 6 102 7] _56 <- ([#"../index_range.rs" 102 6 102 7] [#"../index_range.rs" 102 6 102 7] (2 : usize)); + [#"../index_range.rs" 102 4 102 8] _58 <- ([#"../index_range.rs" 102 4 102 8] _56 < ([#"../index_range.rs" 102 4 102 8] Slice.length ( * s1))); assert { [@expl:index in bounds] [#"../index_range.rs" 102 4 102 8] _58 }; goto BB28 } BB28 { - s1 <- { s1 with current = Slice.set ( * s1) _56 ([#"../index_range.rs" 102 11 102 13] [#"../index_range.rs" 102 11 102 13] (-1 : int32)) }; - _63 <- ([#"../index_range.rs" 104 14 104 15] [#"../index_range.rs" 104 14 104 15] (1 : usize)); - _65 <- ([#"../index_range.rs" 104 12 104 16] _63 < ([#"../index_range.rs" 104 12 104 16] Slice.length ( * s1))); + [#"../index_range.rs" 102 4 102 13] s1 <- { s1 with current = Slice.set ( * s1) _56 ([#"../index_range.rs" 102 4 102 13] [#"../index_range.rs" 102 11 102 13] (-1 : int32)) }; + [#"../index_range.rs" 104 14 104 15] _63 <- ([#"../index_range.rs" 104 14 104 15] [#"../index_range.rs" 104 14 104 15] (1 : usize)); + [#"../index_range.rs" 104 12 104 16] _65 <- ([#"../index_range.rs" 104 12 104 16] _63 < ([#"../index_range.rs" 104 12 104 16] Slice.length ( * s1))); assert { [@expl:index in bounds] [#"../index_range.rs" 104 12 104 16] _65 }; goto BB29 } BB29 { assume { resolve0 s1 }; assume { resolve0 _44 }; - switch ([#"../index_range.rs" 104 4 104 22] not ([#"../index_range.rs" 104 12 104 21] Slice.get ( * s1) _63 = ([#"../index_range.rs" 104 20 104 21] [#"../index_range.rs" 104 20 104 21] (1 : int32)))) + switch ([#"../index_range.rs" 104 4 104 22] not ([#"../index_range.rs" 104 12 104 21] ([#"../index_range.rs" 104 12 104 16] Slice.get ( * s1) _63) = ([#"../index_range.rs" 104 20 104 21] [#"../index_range.rs" 104 20 104 21] (1 : int32)))) | False -> goto BB31 | True -> goto BB30 end } BB30 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 104 4 104 22] false }; absurd } BB31 { - _70 <- ([#"../index_range.rs" 106 12 106 21] len1 ([#"../index_range.rs" 106 12 106 21] arr)); + [#"../index_range.rs" 106 12 106 21] _70 <- ([#"../index_range.rs" 106 12 106 21] len1 ([#"../index_range.rs" 106 12 106 21] arr)); goto BB32 } BB32 { @@ -1416,80 +1437,86 @@ module IndexRange_TestRangeTo } BB33 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 106 4 106 27] false }; absurd } BB34 { - _77 <- ([#"../index_range.rs" 107 12 107 18] index1 ([#"../index_range.rs" 107 12 107 15] arr) ([#"../index_range.rs" 107 16 107 17] [#"../index_range.rs" 107 16 107 17] (0 : usize))); + [#"../index_range.rs" 107 12 107 18] _77 <- ([#"../index_range.rs" 107 12 107 18] index1 ([#"../index_range.rs" 107 12 107 15] arr) ([#"../index_range.rs" 107 16 107 17] [#"../index_range.rs" 107 16 107 17] (0 : usize))); goto BB35 } BB35 { - switch ([#"../index_range.rs" 107 4 107 25] not ([#"../index_range.rs" 107 12 107 24] _77 = ([#"../index_range.rs" 107 22 107 24] [#"../index_range.rs" 107 22 107 24] (-1 : int32)))) + switch ([#"../index_range.rs" 107 4 107 25] not ([#"../index_range.rs" 107 12 107 24] ([#"../index_range.rs" 107 12 107 18] _77) = ([#"../index_range.rs" 107 22 107 24] [#"../index_range.rs" 107 22 107 24] (-1 : int32)))) | False -> goto BB37 | True -> goto BB36 end } BB36 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 107 4 107 25] false }; absurd } BB37 { - _84 <- ([#"../index_range.rs" 108 12 108 18] index1 ([#"../index_range.rs" 108 12 108 15] arr) ([#"../index_range.rs" 108 16 108 17] [#"../index_range.rs" 108 16 108 17] (1 : usize))); + [#"../index_range.rs" 108 12 108 18] _84 <- ([#"../index_range.rs" 108 12 108 18] index1 ([#"../index_range.rs" 108 12 108 15] arr) ([#"../index_range.rs" 108 16 108 17] [#"../index_range.rs" 108 16 108 17] (1 : usize))); goto BB38 } BB38 { - switch ([#"../index_range.rs" 108 4 108 24] not ([#"../index_range.rs" 108 12 108 23] _84 = ([#"../index_range.rs" 108 22 108 23] [#"../index_range.rs" 108 22 108 23] (1 : int32)))) + switch ([#"../index_range.rs" 108 4 108 24] not ([#"../index_range.rs" 108 12 108 23] ([#"../index_range.rs" 108 12 108 18] _84) = ([#"../index_range.rs" 108 22 108 23] [#"../index_range.rs" 108 22 108 23] (1 : int32)))) | False -> goto BB40 | True -> goto BB39 end } BB39 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 108 4 108 24] false }; absurd } BB40 { - _91 <- ([#"../index_range.rs" 109 12 109 18] index1 ([#"../index_range.rs" 109 12 109 15] arr) ([#"../index_range.rs" 109 16 109 17] [#"../index_range.rs" 109 16 109 17] (2 : usize))); + [#"../index_range.rs" 109 12 109 18] _91 <- ([#"../index_range.rs" 109 12 109 18] index1 ([#"../index_range.rs" 109 12 109 15] arr) ([#"../index_range.rs" 109 16 109 17] [#"../index_range.rs" 109 16 109 17] (2 : usize))); goto BB41 } BB41 { - switch ([#"../index_range.rs" 109 4 109 25] not ([#"../index_range.rs" 109 12 109 24] _91 = ([#"../index_range.rs" 109 22 109 24] [#"../index_range.rs" 109 22 109 24] (-1 : int32)))) + switch ([#"../index_range.rs" 109 4 109 25] not ([#"../index_range.rs" 109 12 109 24] ([#"../index_range.rs" 109 12 109 18] _91) = ([#"../index_range.rs" 109 22 109 24] [#"../index_range.rs" 109 22 109 24] (-1 : int32)))) | False -> goto BB43 | True -> goto BB42 end } BB42 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 109 4 109 25] false }; absurd } BB43 { - _98 <- ([#"../index_range.rs" 110 12 110 18] index1 ([#"../index_range.rs" 110 12 110 15] arr) ([#"../index_range.rs" 110 16 110 17] [#"../index_range.rs" 110 16 110 17] (3 : usize))); + [#"../index_range.rs" 110 12 110 18] _98 <- ([#"../index_range.rs" 110 12 110 18] index1 ([#"../index_range.rs" 110 12 110 15] arr) ([#"../index_range.rs" 110 16 110 17] [#"../index_range.rs" 110 16 110 17] (3 : usize))); goto BB44 } BB44 { - switch ([#"../index_range.rs" 110 4 110 24] not ([#"../index_range.rs" 110 12 110 23] _98 = ([#"../index_range.rs" 110 22 110 23] [#"../index_range.rs" 110 22 110 23] (3 : int32)))) + switch ([#"../index_range.rs" 110 4 110 24] not ([#"../index_range.rs" 110 12 110 23] ([#"../index_range.rs" 110 12 110 18] _98) = ([#"../index_range.rs" 110 22 110 23] [#"../index_range.rs" 110 22 110 23] (3 : int32)))) | False -> goto BB46 | True -> goto BB45 end } BB45 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 110 4 110 24] false }; absurd } BB46 { - _105 <- ([#"../index_range.rs" 111 12 111 18] index1 ([#"../index_range.rs" 111 12 111 15] arr) ([#"../index_range.rs" 111 16 111 17] [#"../index_range.rs" 111 16 111 17] (4 : usize))); + [#"../index_range.rs" 111 12 111 18] _105 <- ([#"../index_range.rs" 111 12 111 18] index1 ([#"../index_range.rs" 111 12 111 15] arr) ([#"../index_range.rs" 111 16 111 17] [#"../index_range.rs" 111 16 111 17] (4 : usize))); goto BB47 } BB47 { assume { resolve1 arr }; - switch ([#"../index_range.rs" 111 4 111 24] not ([#"../index_range.rs" 111 12 111 23] _105 = ([#"../index_range.rs" 111 22 111 23] [#"../index_range.rs" 111 22 111 23] (4 : int32)))) + switch ([#"../index_range.rs" 111 4 111 24] not ([#"../index_range.rs" 111 12 111 23] ([#"../index_range.rs" 111 12 111 18] _105) = ([#"../index_range.rs" 111 22 111 23] [#"../index_range.rs" 111 22 111 23] (4 : int32)))) | False -> goto BB49 | True -> goto BB48 end } BB48 { + assert { [#"../index_range.rs" 111 4 111 24] false }; absurd } BB49 { - _0 <- ([#"../index_range.rs" 78 23 112 1] ()); + [#"../index_range.rs" 78 23 112 1] _0 <- ([#"../index_range.rs" 78 23 112 1] ()); goto BB50 } BB50 { @@ -1518,7 +1545,7 @@ module IndexRange_TestRangeFrom val inv11 (_x : slice int32) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../index_range.rs" 1 0 1 0] forall x : slice int32 . inv11 x = true + axiom inv11 : forall x : slice int32 . inv11 x = true use seq.Seq predicate invariant10 (self : Seq.seq int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1529,7 +1556,7 @@ module IndexRange_TestRangeFrom val inv10 (_x : Seq.seq int32) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../index_range.rs" 1 0 1 0] forall x : Seq.seq int32 . inv10 x = true + axiom inv10 : forall x : Seq.seq int32 . inv10 x = true use prelude.UIntSize use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -1553,7 +1580,7 @@ module IndexRange_TestRangeFrom val invariant9 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant9 self } - axiom inv9 : [#"../index_range.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv9 x = true + axiom inv9 : forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv9 x = true predicate invariant8 (self : int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant8 (self : int32) : bool @@ -1563,7 +1590,7 @@ module IndexRange_TestRangeFrom val inv8 (_x : int32) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../index_range.rs" 1 0 1 0] forall x : int32 . inv8 x = true + axiom inv8 : forall x : int32 . inv8 x = true predicate invariant7 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant7 (self : usize) : bool @@ -1573,7 +1600,7 @@ module IndexRange_TestRangeFrom val inv7 (_x : usize) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../index_range.rs" 1 0 1 0] forall x : usize . inv7 x = true + axiom inv7 : forall x : usize . inv7 x = true use prelude.Borrow predicate invariant6 (self : borrowed (slice int32)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1584,7 +1611,7 @@ module IndexRange_TestRangeFrom val inv6 (_x : borrowed (slice int32)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../index_range.rs" 1 0 1 0] forall x : borrowed (slice int32) . inv6 x = true + axiom inv6 : forall x : borrowed (slice int32) . inv6 x = true predicate invariant5 (self : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant5 (self : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global))) : bool @@ -1594,7 +1621,7 @@ module IndexRange_TestRangeFrom val inv5 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../index_range.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) . inv5 x = true + axiom inv5 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) . inv5 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant4 (self : Core_Option_Option_Type.t_option (slice int32)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1605,7 +1632,7 @@ module IndexRange_TestRangeFrom val inv4 (_x : Core_Option_Option_Type.t_option (slice int32)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../index_range.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (slice int32) . inv4 x = true + axiom inv4 : forall x : Core_Option_Option_Type.t_option (slice int32) . inv4 x = true predicate invariant3 (self : Core_Option_Option_Type.t_option (slice int32)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : Core_Option_Option_Type.t_option (slice int32)) : bool @@ -1615,7 +1642,7 @@ module IndexRange_TestRangeFrom val inv3 (_x : Core_Option_Option_Type.t_option (slice int32)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../index_range.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (slice int32) . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option (slice int32) . inv3 x = true predicate invariant2 (self : slice int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : slice int32) : bool @@ -1625,7 +1652,7 @@ module IndexRange_TestRangeFrom val inv2 (_x : slice int32) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../index_range.rs" 1 0 1 0] forall x : slice int32 . inv2 x = true + axiom inv2 : forall x : slice int32 . inv2 x = true use Core_Ops_Range_RangeFrom_Type as Core_Ops_Range_RangeFrom_Type predicate invariant1 (self : Core_Ops_Range_RangeFrom_Type.t_rangefrom usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1636,7 +1663,7 @@ module IndexRange_TestRangeFrom val inv1 (_x : Core_Ops_Range_RangeFrom_Type.t_rangefrom usize) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../index_range.rs" 1 0 1 0] forall x : Core_Ops_Range_RangeFrom_Type.t_rangefrom usize . inv1 x = true + axiom inv1 : forall x : Core_Ops_Range_RangeFrom_Type.t_rangefrom usize . inv1 x = true predicate invariant0 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool @@ -1646,7 +1673,7 @@ module IndexRange_TestRangeFrom val inv0 (_x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../index_range.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true predicate resolve2 (self : int32) = [#"../../../../creusot-contracts/src/resolve.rs" 45 8 45 12] true val resolve2 (self : int32) : bool @@ -1818,25 +1845,25 @@ module IndexRange_TestRangeFrom goto BB0 } BB0 { - arr <- ([#"../index_range.rs" 117 18 117 30] create_arr0 ()); + [#"../index_range.rs" 117 18 117 30] arr <- ([#"../index_range.rs" 117 18 117 30] create_arr0 ()); goto BB1 } BB1 { - _3 <- ([#"../index_range.rs" 122 13 122 21] index0 ([#"../index_range.rs" 122 13 122 16] arr) ([#"../index_range.rs" 122 17 122 20] Core_Ops_Range_RangeFrom_Type.C_RangeFrom ([#"../index_range.rs" 122 17 122 18] [#"../index_range.rs" 122 17 122 18] (3 : usize)))); + [#"../index_range.rs" 122 13 122 21] _3 <- ([#"../index_range.rs" 122 13 122 21] index0 ([#"../index_range.rs" 122 13 122 16] arr) ([#"../index_range.rs" 122 17 122 20] Core_Ops_Range_RangeFrom_Type.C_RangeFrom ([#"../index_range.rs" 122 17 122 18] [#"../index_range.rs" 122 17 122 18] (3 : usize)))); goto BB2 } BB2 { - s <- ([#"../index_range.rs" 122 12 122 21] _3); - _11 <- ([#"../index_range.rs" 123 12 123 19] len0 ([#"../index_range.rs" 123 12 123 19] s)); + [#"../index_range.rs" 122 12 122 21] s <- ([#"../index_range.rs" 122 12 122 21] _3); + [#"../index_range.rs" 123 12 123 19] _11 <- ([#"../index_range.rs" 123 12 123 19] len0 ([#"../index_range.rs" 123 12 123 19] s)); goto BB9 } BB3 { - _8 <- ([#"../index_range.rs" 123 12 123 50] [#"../index_range.rs" 123 12 123 50] false); + [#"../index_range.rs" 123 12 123 50] _8 <- ([#"../index_range.rs" 123 12 123 50] [#"../index_range.rs" 123 12 123 50] false); goto BB5 } BB4 { - _20 <- ([#"../index_range.rs" 123 43 123 44] [#"../index_range.rs" 123 43 123 44] (1 : usize)); - _22 <- ([#"../index_range.rs" 123 41 123 45] _20 < ([#"../index_range.rs" 123 41 123 45] Slice.length s)); + [#"../index_range.rs" 123 43 123 44] _20 <- ([#"../index_range.rs" 123 43 123 44] [#"../index_range.rs" 123 43 123 44] (1 : usize)); + [#"../index_range.rs" 123 41 123 45] _22 <- ([#"../index_range.rs" 123 41 123 45] _20 < ([#"../index_range.rs" 123 41 123 45] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 123 41 123 45] _22 }; goto BB11 } @@ -1847,12 +1874,12 @@ module IndexRange_TestRangeFrom end } BB6 { - _9 <- ([#"../index_range.rs" 123 12 123 37] [#"../index_range.rs" 123 12 123 37] false); + [#"../index_range.rs" 123 12 123 37] _9 <- ([#"../index_range.rs" 123 12 123 37] [#"../index_range.rs" 123 12 123 37] false); goto BB8 } BB7 { - _15 <- ([#"../index_range.rs" 123 30 123 31] [#"../index_range.rs" 123 30 123 31] (0 : usize)); - _17 <- ([#"../index_range.rs" 123 28 123 32] _15 < ([#"../index_range.rs" 123 28 123 32] Slice.length s)); + [#"../index_range.rs" 123 30 123 31] _15 <- ([#"../index_range.rs" 123 30 123 31] [#"../index_range.rs" 123 30 123 31] (0 : usize)); + [#"../index_range.rs" 123 28 123 32] _17 <- ([#"../index_range.rs" 123 28 123 32] _15 < ([#"../index_range.rs" 123 28 123 32] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 123 28 123 32] _17 }; goto BB10 } @@ -1869,23 +1896,24 @@ module IndexRange_TestRangeFrom end } BB10 { - _9 <- ([#"../index_range.rs" 123 28 123 37] Slice.get s _15 = ([#"../index_range.rs" 123 36 123 37] [#"../index_range.rs" 123 36 123 37] (3 : int32))); + [#"../index_range.rs" 123 12 123 37] _9 <- ([#"../index_range.rs" 123 28 123 37] ([#"../index_range.rs" 123 28 123 32] Slice.get s _15) = ([#"../index_range.rs" 123 36 123 37] [#"../index_range.rs" 123 36 123 37] (3 : int32))); goto BB8 } BB11 { - _8 <- ([#"../index_range.rs" 123 41 123 50] Slice.get s _20 = ([#"../index_range.rs" 123 49 123 50] [#"../index_range.rs" 123 49 123 50] (4 : int32))); + [#"../index_range.rs" 123 12 123 50] _8 <- ([#"../index_range.rs" 123 41 123 50] ([#"../index_range.rs" 123 41 123 45] Slice.get s _20) = ([#"../index_range.rs" 123 49 123 50] [#"../index_range.rs" 123 49 123 50] (4 : int32))); goto BB5 } BB12 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 123 4 123 51] false }; absurd } BB13 { - _29 <- ([#"../index_range.rs" 128 12 128 20] index0 ([#"../index_range.rs" 128 12 128 15] arr) ([#"../index_range.rs" 128 16 128 19] Core_Ops_Range_RangeFrom_Type.C_RangeFrom ([#"../index_range.rs" 128 16 128 17] [#"../index_range.rs" 128 16 128 17] (5 : usize)))); + [#"../index_range.rs" 128 12 128 20] _29 <- ([#"../index_range.rs" 128 12 128 20] index0 ([#"../index_range.rs" 128 12 128 15] arr) ([#"../index_range.rs" 128 16 128 19] Core_Ops_Range_RangeFrom_Type.C_RangeFrom ([#"../index_range.rs" 128 16 128 17] [#"../index_range.rs" 128 16 128 17] (5 : usize)))); goto BB14 } BB14 { - _27 <- ([#"../index_range.rs" 128 12 128 26] len0 ([#"../index_range.rs" 128 12 128 26] _29)); + [#"../index_range.rs" 128 12 128 26] _27 <- ([#"../index_range.rs" 128 12 128 26] len0 ([#"../index_range.rs" 128 12 128 26] _29)); goto BB15 } BB15 { @@ -1896,18 +1924,19 @@ module IndexRange_TestRangeFrom } BB16 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 128 4 128 32] false }; absurd } BB17 { - _39 <- ([#"../index_range.rs" 133 12 133 24] deref0 ([#"../index_range.rs" 133 12 133 24] arr)); + [#"../index_range.rs" 133 12 133 24] _39 <- ([#"../index_range.rs" 133 12 133 24] deref0 ([#"../index_range.rs" 133 12 133 24] arr)); goto BB18 } BB18 { - _37 <- ([#"../index_range.rs" 133 12 133 24] get0 ([#"../index_range.rs" 133 12 133 24] _39) ([#"../index_range.rs" 133 20 133 23] Core_Ops_Range_RangeFrom_Type.C_RangeFrom ([#"../index_range.rs" 133 20 133 21] [#"../index_range.rs" 133 20 133 21] (6 : usize)))); + [#"../index_range.rs" 133 12 133 24] _37 <- ([#"../index_range.rs" 133 12 133 24] get0 ([#"../index_range.rs" 133 12 133 24] _39) ([#"../index_range.rs" 133 20 133 23] Core_Ops_Range_RangeFrom_Type.C_RangeFrom ([#"../index_range.rs" 133 20 133 21] [#"../index_range.rs" 133 20 133 21] (6 : usize)))); goto BB19 } BB19 { - _35 <- ([#"../index_range.rs" 133 12 133 34] is_none0 ([#"../index_range.rs" 133 12 133 34] _37)); + [#"../index_range.rs" 133 12 133 34] _35 <- ([#"../index_range.rs" 133 12 133 34] is_none0 ([#"../index_range.rs" 133 12 133 34] _37)); goto BB20 } BB20 { @@ -1918,18 +1947,19 @@ module IndexRange_TestRangeFrom } BB21 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 133 4 133 35] false }; absurd } BB22 { - _49 <- ([#"../index_range.rs" 135 12 135 25] deref0 ([#"../index_range.rs" 135 12 135 25] arr)); + [#"../index_range.rs" 135 12 135 25] _49 <- ([#"../index_range.rs" 135 12 135 25] deref0 ([#"../index_range.rs" 135 12 135 25] arr)); goto BB23 } BB23 { - _47 <- ([#"../index_range.rs" 135 12 135 25] get0 ([#"../index_range.rs" 135 12 135 25] _49) ([#"../index_range.rs" 135 20 135 24] Core_Ops_Range_RangeFrom_Type.C_RangeFrom ([#"../index_range.rs" 135 20 135 22] [#"../index_range.rs" 135 20 135 22] (10 : usize)))); + [#"../index_range.rs" 135 12 135 25] _47 <- ([#"../index_range.rs" 135 12 135 25] get0 ([#"../index_range.rs" 135 12 135 25] _49) ([#"../index_range.rs" 135 20 135 24] Core_Ops_Range_RangeFrom_Type.C_RangeFrom ([#"../index_range.rs" 135 20 135 22] [#"../index_range.rs" 135 20 135 22] (10 : usize)))); goto BB24 } BB24 { - _45 <- ([#"../index_range.rs" 135 12 135 35] is_none0 ([#"../index_range.rs" 135 12 135 35] _47)); + [#"../index_range.rs" 135 12 135 35] _45 <- ([#"../index_range.rs" 135 12 135 35] is_none0 ([#"../index_range.rs" 135 12 135 35] _47)); goto BB25 } BB25 { @@ -1940,19 +1970,20 @@ module IndexRange_TestRangeFrom } BB26 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 135 4 135 36] false }; absurd } BB27 { - _55 <- Borrow.borrow_mut arr; - arr <- ^ _55; - _54 <- ([#"../index_range.rs" 138 17 138 25] index_mut0 _55 ([#"../index_range.rs" 138 21 138 24] Core_Ops_Range_RangeFrom_Type.C_RangeFrom ([#"../index_range.rs" 138 21 138 22] [#"../index_range.rs" 138 21 138 22] (2 : usize)))); + [#"../index_range.rs" 138 17 138 20] _55 <- Borrow.borrow_mut arr; + [#"../index_range.rs" 138 17 138 20] arr <- ^ _55; + [#"../index_range.rs" 138 17 138 25] _54 <- ([#"../index_range.rs" 138 17 138 25] index_mut0 _55 ([#"../index_range.rs" 138 21 138 24] Core_Ops_Range_RangeFrom_Type.C_RangeFrom ([#"../index_range.rs" 138 21 138 22] [#"../index_range.rs" 138 21 138 22] (2 : usize)))); _55 <- any borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)); goto BB28 } BB28 { - s1 <- Borrow.borrow_mut ( * _54); - _54 <- { _54 with current = ^ s1 }; - _60 <- ([#"../index_range.rs" 139 12 139 19] len0 ([#"../index_range.rs" 139 12 139 19] * s1)); + [#"../index_range.rs" 138 12 138 25] s1 <- Borrow.borrow_mut ( * _54); + [#"../index_range.rs" 138 12 138 25] _54 <- { _54 with current = ^ s1 }; + [#"../index_range.rs" 139 12 139 19] _60 <- ([#"../index_range.rs" 139 12 139 19] len0 ([#"../index_range.rs" 139 12 139 19] * s1)); goto BB29 } BB29 { @@ -1965,42 +1996,44 @@ module IndexRange_TestRangeFrom assume { resolve0 s1 }; assume { resolve0 _54 }; assume { resolve1 arr }; + assert { [#"../index_range.rs" 139 4 139 25] false }; absurd } BB31 { - _63 <- ([#"../index_range.rs" 140 6 140 7] [#"../index_range.rs" 140 6 140 7] (0 : usize)); - _65 <- ([#"../index_range.rs" 140 4 140 8] _63 < ([#"../index_range.rs" 140 4 140 8] Slice.length ( * s1))); + [#"../index_range.rs" 140 6 140 7] _63 <- ([#"../index_range.rs" 140 6 140 7] [#"../index_range.rs" 140 6 140 7] (0 : usize)); + [#"../index_range.rs" 140 4 140 8] _65 <- ([#"../index_range.rs" 140 4 140 8] _63 < ([#"../index_range.rs" 140 4 140 8] Slice.length ( * s1))); assert { [@expl:index in bounds] [#"../index_range.rs" 140 4 140 8] _65 }; goto BB32 } BB32 { - s1 <- { s1 with current = Slice.set ( * s1) _63 ([#"../index_range.rs" 140 11 140 13] [#"../index_range.rs" 140 11 140 13] (-1 : int32)) }; - _66 <- ([#"../index_range.rs" 141 6 141 7] [#"../index_range.rs" 141 6 141 7] (1 : usize)); - _68 <- ([#"../index_range.rs" 141 4 141 8] _66 < ([#"../index_range.rs" 141 4 141 8] Slice.length ( * s1))); + [#"../index_range.rs" 140 4 140 13] s1 <- { s1 with current = Slice.set ( * s1) _63 ([#"../index_range.rs" 140 4 140 13] [#"../index_range.rs" 140 11 140 13] (-1 : int32)) }; + [#"../index_range.rs" 141 6 141 7] _66 <- ([#"../index_range.rs" 141 6 141 7] [#"../index_range.rs" 141 6 141 7] (1 : usize)); + [#"../index_range.rs" 141 4 141 8] _68 <- ([#"../index_range.rs" 141 4 141 8] _66 < ([#"../index_range.rs" 141 4 141 8] Slice.length ( * s1))); assert { [@expl:index in bounds] [#"../index_range.rs" 141 4 141 8] _68 }; goto BB33 } BB33 { - s1 <- { s1 with current = Slice.set ( * s1) _66 ([#"../index_range.rs" 141 11 141 13] [#"../index_range.rs" 141 11 141 13] (-1 : int32)) }; - _73 <- ([#"../index_range.rs" 143 14 143 15] [#"../index_range.rs" 143 14 143 15] (2 : usize)); - _75 <- ([#"../index_range.rs" 143 12 143 16] _73 < ([#"../index_range.rs" 143 12 143 16] Slice.length ( * s1))); + [#"../index_range.rs" 141 4 141 13] s1 <- { s1 with current = Slice.set ( * s1) _66 ([#"../index_range.rs" 141 4 141 13] [#"../index_range.rs" 141 11 141 13] (-1 : int32)) }; + [#"../index_range.rs" 143 14 143 15] _73 <- ([#"../index_range.rs" 143 14 143 15] [#"../index_range.rs" 143 14 143 15] (2 : usize)); + [#"../index_range.rs" 143 12 143 16] _75 <- ([#"../index_range.rs" 143 12 143 16] _73 < ([#"../index_range.rs" 143 12 143 16] Slice.length ( * s1))); assert { [@expl:index in bounds] [#"../index_range.rs" 143 12 143 16] _75 }; goto BB34 } BB34 { assume { resolve0 s1 }; assume { resolve0 _54 }; - switch ([#"../index_range.rs" 143 4 143 22] not ([#"../index_range.rs" 143 12 143 21] Slice.get ( * s1) _73 = ([#"../index_range.rs" 143 20 143 21] [#"../index_range.rs" 143 20 143 21] (4 : int32)))) + switch ([#"../index_range.rs" 143 4 143 22] not ([#"../index_range.rs" 143 12 143 21] ([#"../index_range.rs" 143 12 143 16] Slice.get ( * s1) _73) = ([#"../index_range.rs" 143 20 143 21] [#"../index_range.rs" 143 20 143 21] (4 : int32)))) | False -> goto BB36 | True -> goto BB35 end } BB35 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 143 4 143 22] false }; absurd } BB36 { - _80 <- ([#"../index_range.rs" 145 12 145 21] len1 ([#"../index_range.rs" 145 12 145 21] arr)); + [#"../index_range.rs" 145 12 145 21] _80 <- ([#"../index_range.rs" 145 12 145 21] len1 ([#"../index_range.rs" 145 12 145 21] arr)); goto BB37 } BB37 { @@ -2011,80 +2044,86 @@ module IndexRange_TestRangeFrom } BB38 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 145 4 145 27] false }; absurd } BB39 { - _87 <- ([#"../index_range.rs" 146 12 146 18] index1 ([#"../index_range.rs" 146 12 146 15] arr) ([#"../index_range.rs" 146 16 146 17] [#"../index_range.rs" 146 16 146 17] (0 : usize))); + [#"../index_range.rs" 146 12 146 18] _87 <- ([#"../index_range.rs" 146 12 146 18] index1 ([#"../index_range.rs" 146 12 146 15] arr) ([#"../index_range.rs" 146 16 146 17] [#"../index_range.rs" 146 16 146 17] (0 : usize))); goto BB40 } BB40 { - switch ([#"../index_range.rs" 146 4 146 24] not ([#"../index_range.rs" 146 12 146 23] _87 = ([#"../index_range.rs" 146 22 146 23] [#"../index_range.rs" 146 22 146 23] (0 : int32)))) + switch ([#"../index_range.rs" 146 4 146 24] not ([#"../index_range.rs" 146 12 146 23] ([#"../index_range.rs" 146 12 146 18] _87) = ([#"../index_range.rs" 146 22 146 23] [#"../index_range.rs" 146 22 146 23] (0 : int32)))) | False -> goto BB42 | True -> goto BB41 end } BB41 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 146 4 146 24] false }; absurd } BB42 { - _94 <- ([#"../index_range.rs" 147 12 147 18] index1 ([#"../index_range.rs" 147 12 147 15] arr) ([#"../index_range.rs" 147 16 147 17] [#"../index_range.rs" 147 16 147 17] (1 : usize))); + [#"../index_range.rs" 147 12 147 18] _94 <- ([#"../index_range.rs" 147 12 147 18] index1 ([#"../index_range.rs" 147 12 147 15] arr) ([#"../index_range.rs" 147 16 147 17] [#"../index_range.rs" 147 16 147 17] (1 : usize))); goto BB43 } BB43 { - switch ([#"../index_range.rs" 147 4 147 24] not ([#"../index_range.rs" 147 12 147 23] _94 = ([#"../index_range.rs" 147 22 147 23] [#"../index_range.rs" 147 22 147 23] (1 : int32)))) + switch ([#"../index_range.rs" 147 4 147 24] not ([#"../index_range.rs" 147 12 147 23] ([#"../index_range.rs" 147 12 147 18] _94) = ([#"../index_range.rs" 147 22 147 23] [#"../index_range.rs" 147 22 147 23] (1 : int32)))) | False -> goto BB45 | True -> goto BB44 end } BB44 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 147 4 147 24] false }; absurd } BB45 { - _101 <- ([#"../index_range.rs" 148 12 148 18] index1 ([#"../index_range.rs" 148 12 148 15] arr) ([#"../index_range.rs" 148 16 148 17] [#"../index_range.rs" 148 16 148 17] (2 : usize))); + [#"../index_range.rs" 148 12 148 18] _101 <- ([#"../index_range.rs" 148 12 148 18] index1 ([#"../index_range.rs" 148 12 148 15] arr) ([#"../index_range.rs" 148 16 148 17] [#"../index_range.rs" 148 16 148 17] (2 : usize))); goto BB46 } BB46 { - switch ([#"../index_range.rs" 148 4 148 25] not ([#"../index_range.rs" 148 12 148 24] _101 = ([#"../index_range.rs" 148 22 148 24] [#"../index_range.rs" 148 22 148 24] (-1 : int32)))) + switch ([#"../index_range.rs" 148 4 148 25] not ([#"../index_range.rs" 148 12 148 24] ([#"../index_range.rs" 148 12 148 18] _101) = ([#"../index_range.rs" 148 22 148 24] [#"../index_range.rs" 148 22 148 24] (-1 : int32)))) | False -> goto BB48 | True -> goto BB47 end } BB47 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 148 4 148 25] false }; absurd } BB48 { - _108 <- ([#"../index_range.rs" 149 12 149 18] index1 ([#"../index_range.rs" 149 12 149 15] arr) ([#"../index_range.rs" 149 16 149 17] [#"../index_range.rs" 149 16 149 17] (3 : usize))); + [#"../index_range.rs" 149 12 149 18] _108 <- ([#"../index_range.rs" 149 12 149 18] index1 ([#"../index_range.rs" 149 12 149 15] arr) ([#"../index_range.rs" 149 16 149 17] [#"../index_range.rs" 149 16 149 17] (3 : usize))); goto BB49 } BB49 { - switch ([#"../index_range.rs" 149 4 149 25] not ([#"../index_range.rs" 149 12 149 24] _108 = ([#"../index_range.rs" 149 22 149 24] [#"../index_range.rs" 149 22 149 24] (-1 : int32)))) + switch ([#"../index_range.rs" 149 4 149 25] not ([#"../index_range.rs" 149 12 149 24] ([#"../index_range.rs" 149 12 149 18] _108) = ([#"../index_range.rs" 149 22 149 24] [#"../index_range.rs" 149 22 149 24] (-1 : int32)))) | False -> goto BB51 | True -> goto BB50 end } BB50 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 149 4 149 25] false }; absurd } BB51 { - _115 <- ([#"../index_range.rs" 150 12 150 18] index1 ([#"../index_range.rs" 150 12 150 15] arr) ([#"../index_range.rs" 150 16 150 17] [#"../index_range.rs" 150 16 150 17] (4 : usize))); + [#"../index_range.rs" 150 12 150 18] _115 <- ([#"../index_range.rs" 150 12 150 18] index1 ([#"../index_range.rs" 150 12 150 15] arr) ([#"../index_range.rs" 150 16 150 17] [#"../index_range.rs" 150 16 150 17] (4 : usize))); goto BB52 } BB52 { assume { resolve1 arr }; - switch ([#"../index_range.rs" 150 4 150 24] not ([#"../index_range.rs" 150 12 150 23] _115 = ([#"../index_range.rs" 150 22 150 23] [#"../index_range.rs" 150 22 150 23] (4 : int32)))) + switch ([#"../index_range.rs" 150 4 150 24] not ([#"../index_range.rs" 150 12 150 23] ([#"../index_range.rs" 150 12 150 18] _115) = ([#"../index_range.rs" 150 22 150 23] [#"../index_range.rs" 150 22 150 23] (4 : int32)))) | False -> goto BB54 | True -> goto BB53 end } BB53 { + assert { [#"../index_range.rs" 150 4 150 24] false }; absurd } BB54 { - _0 <- ([#"../index_range.rs" 115 25 151 1] ()); + [#"../index_range.rs" 115 25 151 1] _0 <- ([#"../index_range.rs" 115 25 151 1] ()); goto BB55 } BB55 { @@ -2109,7 +2148,7 @@ module IndexRange_TestRangeFull val inv9 (_x : slice int32) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../index_range.rs" 1 0 1 0] forall x : slice int32 . inv9 x = true + axiom inv9 : forall x : slice int32 . inv9 x = true use seq.Seq predicate invariant8 (self : Seq.seq int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -2120,7 +2159,7 @@ module IndexRange_TestRangeFull val inv8 (_x : Seq.seq int32) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../index_range.rs" 1 0 1 0] forall x : Seq.seq int32 . inv8 x = true + axiom inv8 : forall x : Seq.seq int32 . inv8 x = true use prelude.UIntSize use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -2144,7 +2183,7 @@ module IndexRange_TestRangeFull val invariant7 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant7 self } - axiom inv7 : [#"../index_range.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv7 x = true + axiom inv7 : forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv7 x = true predicate invariant6 (self : int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant6 (self : int32) : bool @@ -2154,7 +2193,7 @@ module IndexRange_TestRangeFull val inv6 (_x : int32) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../index_range.rs" 1 0 1 0] forall x : int32 . inv6 x = true + axiom inv6 : forall x : int32 . inv6 x = true predicate invariant5 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant5 (self : usize) : bool @@ -2164,7 +2203,7 @@ module IndexRange_TestRangeFull val inv5 (_x : usize) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../index_range.rs" 1 0 1 0] forall x : usize . inv5 x = true + axiom inv5 : forall x : usize . inv5 x = true use prelude.Borrow predicate invariant4 (self : borrowed (slice int32)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -2175,7 +2214,7 @@ module IndexRange_TestRangeFull val inv4 (_x : borrowed (slice int32)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../index_range.rs" 1 0 1 0] forall x : borrowed (slice int32) . inv4 x = true + axiom inv4 : forall x : borrowed (slice int32) . inv4 x = true predicate invariant3 (self : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global))) : bool @@ -2185,7 +2224,7 @@ module IndexRange_TestRangeFull val inv3 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../index_range.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) . inv3 x = true + axiom inv3 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) . inv3 x = true predicate invariant2 (self : slice int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : slice int32) : bool @@ -2195,7 +2234,7 @@ module IndexRange_TestRangeFull val inv2 (_x : slice int32) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../index_range.rs" 1 0 1 0] forall x : slice int32 . inv2 x = true + axiom inv2 : forall x : slice int32 . inv2 x = true use Core_Ops_Range_RangeFull_Type as Core_Ops_Range_RangeFull_Type predicate invariant1 (self : Core_Ops_Range_RangeFull_Type.t_rangefull) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -2206,7 +2245,7 @@ module IndexRange_TestRangeFull val inv1 (_x : Core_Ops_Range_RangeFull_Type.t_rangefull) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../index_range.rs" 1 0 1 0] forall x : Core_Ops_Range_RangeFull_Type.t_rangefull . inv1 x = true + axiom inv1 : forall x : Core_Ops_Range_RangeFull_Type.t_rangefull . inv1 x = true predicate invariant0 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool @@ -2216,7 +2255,7 @@ module IndexRange_TestRangeFull val inv0 (_x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../index_range.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true predicate resolve2 (self : int32) = [#"../../../../creusot-contracts/src/resolve.rs" 45 8 45 12] true val resolve2 (self : int32) : bool @@ -2368,25 +2407,25 @@ module IndexRange_TestRangeFull goto BB0 } BB0 { - arr <- ([#"../index_range.rs" 156 18 156 30] create_arr0 ()); + [#"../index_range.rs" 156 18 156 30] arr <- ([#"../index_range.rs" 156 18 156 30] create_arr0 ()); goto BB1 } BB1 { - _3 <- ([#"../index_range.rs" 161 13 161 20] index0 ([#"../index_range.rs" 161 13 161 16] arr) ([#"../index_range.rs" 161 17 161 19] Core_Ops_Range_RangeFull_Type.C_RangeFull)); + [#"../index_range.rs" 161 13 161 20] _3 <- ([#"../index_range.rs" 161 13 161 20] index0 ([#"../index_range.rs" 161 13 161 16] arr) ([#"../index_range.rs" 161 17 161 19] Core_Ops_Range_RangeFull_Type.C_RangeFull)); goto BB2 } BB2 { - s <- ([#"../index_range.rs" 161 12 161 20] _3); - _14 <- ([#"../index_range.rs" 162 12 162 19] len0 ([#"../index_range.rs" 162 12 162 19] s)); + [#"../index_range.rs" 161 12 161 20] s <- ([#"../index_range.rs" 161 12 161 20] _3); + [#"../index_range.rs" 162 12 162 19] _14 <- ([#"../index_range.rs" 162 12 162 19] len0 ([#"../index_range.rs" 162 12 162 19] s)); goto BB18 } BB3 { - _8 <- ([#"../index_range.rs" 162 12 162 89] [#"../index_range.rs" 162 12 162 89] false); + [#"../index_range.rs" 162 12 162 89] _8 <- ([#"../index_range.rs" 162 12 162 89] [#"../index_range.rs" 162 12 162 89] false); goto BB5 } BB4 { - _38 <- ([#"../index_range.rs" 162 82 162 83] [#"../index_range.rs" 162 82 162 83] (4 : usize)); - _40 <- ([#"../index_range.rs" 162 80 162 84] _38 < ([#"../index_range.rs" 162 80 162 84] Slice.length s)); + [#"../index_range.rs" 162 82 162 83] _38 <- ([#"../index_range.rs" 162 82 162 83] [#"../index_range.rs" 162 82 162 83] (4 : usize)); + [#"../index_range.rs" 162 80 162 84] _40 <- ([#"../index_range.rs" 162 80 162 84] _38 < ([#"../index_range.rs" 162 80 162 84] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 162 80 162 84] _40 }; goto BB23 } @@ -2397,12 +2436,12 @@ module IndexRange_TestRangeFull end } BB6 { - _9 <- ([#"../index_range.rs" 162 12 162 76] [#"../index_range.rs" 162 12 162 76] false); + [#"../index_range.rs" 162 12 162 76] _9 <- ([#"../index_range.rs" 162 12 162 76] [#"../index_range.rs" 162 12 162 76] false); goto BB8 } BB7 { - _33 <- ([#"../index_range.rs" 162 69 162 70] [#"../index_range.rs" 162 69 162 70] (3 : usize)); - _35 <- ([#"../index_range.rs" 162 67 162 71] _33 < ([#"../index_range.rs" 162 67 162 71] Slice.length s)); + [#"../index_range.rs" 162 69 162 70] _33 <- ([#"../index_range.rs" 162 69 162 70] [#"../index_range.rs" 162 69 162 70] (3 : usize)); + [#"../index_range.rs" 162 67 162 71] _35 <- ([#"../index_range.rs" 162 67 162 71] _33 < ([#"../index_range.rs" 162 67 162 71] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 162 67 162 71] _35 }; goto BB22 } @@ -2413,12 +2452,12 @@ module IndexRange_TestRangeFull end } BB9 { - _10 <- ([#"../index_range.rs" 162 12 162 63] [#"../index_range.rs" 162 12 162 63] false); + [#"../index_range.rs" 162 12 162 63] _10 <- ([#"../index_range.rs" 162 12 162 63] [#"../index_range.rs" 162 12 162 63] false); goto BB11 } BB10 { - _28 <- ([#"../index_range.rs" 162 56 162 57] [#"../index_range.rs" 162 56 162 57] (2 : usize)); - _30 <- ([#"../index_range.rs" 162 54 162 58] _28 < ([#"../index_range.rs" 162 54 162 58] Slice.length s)); + [#"../index_range.rs" 162 56 162 57] _28 <- ([#"../index_range.rs" 162 56 162 57] [#"../index_range.rs" 162 56 162 57] (2 : usize)); + [#"../index_range.rs" 162 54 162 58] _30 <- ([#"../index_range.rs" 162 54 162 58] _28 < ([#"../index_range.rs" 162 54 162 58] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 162 54 162 58] _30 }; goto BB21 } @@ -2429,12 +2468,12 @@ module IndexRange_TestRangeFull end } BB12 { - _11 <- ([#"../index_range.rs" 162 12 162 50] [#"../index_range.rs" 162 12 162 50] false); + [#"../index_range.rs" 162 12 162 50] _11 <- ([#"../index_range.rs" 162 12 162 50] [#"../index_range.rs" 162 12 162 50] false); goto BB14 } BB13 { - _23 <- ([#"../index_range.rs" 162 43 162 44] [#"../index_range.rs" 162 43 162 44] (1 : usize)); - _25 <- ([#"../index_range.rs" 162 41 162 45] _23 < ([#"../index_range.rs" 162 41 162 45] Slice.length s)); + [#"../index_range.rs" 162 43 162 44] _23 <- ([#"../index_range.rs" 162 43 162 44] [#"../index_range.rs" 162 43 162 44] (1 : usize)); + [#"../index_range.rs" 162 41 162 45] _25 <- ([#"../index_range.rs" 162 41 162 45] _23 < ([#"../index_range.rs" 162 41 162 45] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 162 41 162 45] _25 }; goto BB20 } @@ -2445,12 +2484,12 @@ module IndexRange_TestRangeFull end } BB15 { - _12 <- ([#"../index_range.rs" 162 12 162 37] [#"../index_range.rs" 162 12 162 37] false); + [#"../index_range.rs" 162 12 162 37] _12 <- ([#"../index_range.rs" 162 12 162 37] [#"../index_range.rs" 162 12 162 37] false); goto BB17 } BB16 { - _18 <- ([#"../index_range.rs" 162 30 162 31] [#"../index_range.rs" 162 30 162 31] (0 : usize)); - _20 <- ([#"../index_range.rs" 162 28 162 32] _18 < ([#"../index_range.rs" 162 28 162 32] Slice.length s)); + [#"../index_range.rs" 162 30 162 31] _18 <- ([#"../index_range.rs" 162 30 162 31] [#"../index_range.rs" 162 30 162 31] (0 : usize)); + [#"../index_range.rs" 162 28 162 32] _20 <- ([#"../index_range.rs" 162 28 162 32] _18 < ([#"../index_range.rs" 162 28 162 32] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 162 28 162 32] _20 }; goto BB19 } @@ -2467,40 +2506,41 @@ module IndexRange_TestRangeFull end } BB19 { - _12 <- ([#"../index_range.rs" 162 28 162 37] Slice.get s _18 = ([#"../index_range.rs" 162 36 162 37] [#"../index_range.rs" 162 36 162 37] (0 : int32))); + [#"../index_range.rs" 162 12 162 37] _12 <- ([#"../index_range.rs" 162 28 162 37] ([#"../index_range.rs" 162 28 162 32] Slice.get s _18) = ([#"../index_range.rs" 162 36 162 37] [#"../index_range.rs" 162 36 162 37] (0 : int32))); goto BB17 } BB20 { - _11 <- ([#"../index_range.rs" 162 41 162 50] Slice.get s _23 = ([#"../index_range.rs" 162 49 162 50] [#"../index_range.rs" 162 49 162 50] (1 : int32))); + [#"../index_range.rs" 162 12 162 50] _11 <- ([#"../index_range.rs" 162 41 162 50] ([#"../index_range.rs" 162 41 162 45] Slice.get s _23) = ([#"../index_range.rs" 162 49 162 50] [#"../index_range.rs" 162 49 162 50] (1 : int32))); goto BB14 } BB21 { - _10 <- ([#"../index_range.rs" 162 54 162 63] Slice.get s _28 = ([#"../index_range.rs" 162 62 162 63] [#"../index_range.rs" 162 62 162 63] (2 : int32))); + [#"../index_range.rs" 162 12 162 63] _10 <- ([#"../index_range.rs" 162 54 162 63] ([#"../index_range.rs" 162 54 162 58] Slice.get s _28) = ([#"../index_range.rs" 162 62 162 63] [#"../index_range.rs" 162 62 162 63] (2 : int32))); goto BB11 } BB22 { - _9 <- ([#"../index_range.rs" 162 67 162 76] Slice.get s _33 = ([#"../index_range.rs" 162 75 162 76] [#"../index_range.rs" 162 75 162 76] (3 : int32))); + [#"../index_range.rs" 162 12 162 76] _9 <- ([#"../index_range.rs" 162 67 162 76] ([#"../index_range.rs" 162 67 162 71] Slice.get s _33) = ([#"../index_range.rs" 162 75 162 76] [#"../index_range.rs" 162 75 162 76] (3 : int32))); goto BB8 } BB23 { - _8 <- ([#"../index_range.rs" 162 80 162 89] Slice.get s _38 = ([#"../index_range.rs" 162 88 162 89] [#"../index_range.rs" 162 88 162 89] (4 : int32))); + [#"../index_range.rs" 162 12 162 89] _8 <- ([#"../index_range.rs" 162 80 162 89] ([#"../index_range.rs" 162 80 162 84] Slice.get s _38) = ([#"../index_range.rs" 162 88 162 89] [#"../index_range.rs" 162 88 162 89] (4 : int32))); goto BB5 } BB24 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 162 4 162 90] false }; absurd } BB25 { - _44 <- Borrow.borrow_mut arr; - arr <- ^ _44; - _43 <- ([#"../index_range.rs" 165 17 165 24] index_mut0 _44 ([#"../index_range.rs" 165 21 165 23] Core_Ops_Range_RangeFull_Type.C_RangeFull)); + [#"../index_range.rs" 165 17 165 20] _44 <- Borrow.borrow_mut arr; + [#"../index_range.rs" 165 17 165 20] arr <- ^ _44; + [#"../index_range.rs" 165 17 165 24] _43 <- ([#"../index_range.rs" 165 17 165 24] index_mut0 _44 ([#"../index_range.rs" 165 21 165 23] Core_Ops_Range_RangeFull_Type.C_RangeFull)); _44 <- any borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)); goto BB26 } BB26 { - s1 <- Borrow.borrow_mut ( * _43); - _43 <- { _43 with current = ^ s1 }; - _49 <- ([#"../index_range.rs" 166 12 166 19] len0 ([#"../index_range.rs" 166 12 166 19] * s1)); + [#"../index_range.rs" 165 12 165 24] s1 <- Borrow.borrow_mut ( * _43); + [#"../index_range.rs" 165 12 165 24] _43 <- { _43 with current = ^ s1 }; + [#"../index_range.rs" 166 12 166 19] _49 <- ([#"../index_range.rs" 166 12 166 19] len0 ([#"../index_range.rs" 166 12 166 19] * s1)); goto BB27 } BB27 { @@ -2513,26 +2553,27 @@ module IndexRange_TestRangeFull assume { resolve0 s1 }; assume { resolve0 _43 }; assume { resolve1 arr }; + assert { [#"../index_range.rs" 166 4 166 25] false }; absurd } BB29 { - _52 <- ([#"../index_range.rs" 167 6 167 7] [#"../index_range.rs" 167 6 167 7] (1 : usize)); - _54 <- ([#"../index_range.rs" 167 4 167 8] _52 < ([#"../index_range.rs" 167 4 167 8] Slice.length ( * s1))); + [#"../index_range.rs" 167 6 167 7] _52 <- ([#"../index_range.rs" 167 6 167 7] [#"../index_range.rs" 167 6 167 7] (1 : usize)); + [#"../index_range.rs" 167 4 167 8] _54 <- ([#"../index_range.rs" 167 4 167 8] _52 < ([#"../index_range.rs" 167 4 167 8] Slice.length ( * s1))); assert { [@expl:index in bounds] [#"../index_range.rs" 167 4 167 8] _54 }; goto BB30 } BB30 { - s1 <- { s1 with current = Slice.set ( * s1) _52 ([#"../index_range.rs" 167 11 167 13] [#"../index_range.rs" 167 11 167 13] (-1 : int32)) }; - _55 <- ([#"../index_range.rs" 168 6 168 7] [#"../index_range.rs" 168 6 168 7] (3 : usize)); - _57 <- ([#"../index_range.rs" 168 4 168 8] _55 < ([#"../index_range.rs" 168 4 168 8] Slice.length ( * s1))); + [#"../index_range.rs" 167 4 167 13] s1 <- { s1 with current = Slice.set ( * s1) _52 ([#"../index_range.rs" 167 4 167 13] [#"../index_range.rs" 167 11 167 13] (-1 : int32)) }; + [#"../index_range.rs" 168 6 168 7] _55 <- ([#"../index_range.rs" 168 6 168 7] [#"../index_range.rs" 168 6 168 7] (3 : usize)); + [#"../index_range.rs" 168 4 168 8] _57 <- ([#"../index_range.rs" 168 4 168 8] _55 < ([#"../index_range.rs" 168 4 168 8] Slice.length ( * s1))); assert { [@expl:index in bounds] [#"../index_range.rs" 168 4 168 8] _57 }; goto BB31 } BB31 { - s1 <- { s1 with current = Slice.set ( * s1) _55 ([#"../index_range.rs" 168 11 168 13] [#"../index_range.rs" 168 11 168 13] (-1 : int32)) }; + [#"../index_range.rs" 168 4 168 13] s1 <- { s1 with current = Slice.set ( * s1) _55 ([#"../index_range.rs" 168 4 168 13] [#"../index_range.rs" 168 11 168 13] (-1 : int32)) }; assume { resolve0 s1 }; assume { resolve0 _43 }; - _61 <- ([#"../index_range.rs" 170 12 170 21] len1 ([#"../index_range.rs" 170 12 170 21] arr)); + [#"../index_range.rs" 170 12 170 21] _61 <- ([#"../index_range.rs" 170 12 170 21] len1 ([#"../index_range.rs" 170 12 170 21] arr)); goto BB32 } BB32 { @@ -2543,80 +2584,86 @@ module IndexRange_TestRangeFull } BB33 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 170 4 170 27] false }; absurd } BB34 { - _68 <- ([#"../index_range.rs" 171 12 171 18] index1 ([#"../index_range.rs" 171 12 171 15] arr) ([#"../index_range.rs" 171 16 171 17] [#"../index_range.rs" 171 16 171 17] (0 : usize))); + [#"../index_range.rs" 171 12 171 18] _68 <- ([#"../index_range.rs" 171 12 171 18] index1 ([#"../index_range.rs" 171 12 171 15] arr) ([#"../index_range.rs" 171 16 171 17] [#"../index_range.rs" 171 16 171 17] (0 : usize))); goto BB35 } BB35 { - switch ([#"../index_range.rs" 171 4 171 24] not ([#"../index_range.rs" 171 12 171 23] _68 = ([#"../index_range.rs" 171 22 171 23] [#"../index_range.rs" 171 22 171 23] (0 : int32)))) + switch ([#"../index_range.rs" 171 4 171 24] not ([#"../index_range.rs" 171 12 171 23] ([#"../index_range.rs" 171 12 171 18] _68) = ([#"../index_range.rs" 171 22 171 23] [#"../index_range.rs" 171 22 171 23] (0 : int32)))) | False -> goto BB37 | True -> goto BB36 end } BB36 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 171 4 171 24] false }; absurd } BB37 { - _75 <- ([#"../index_range.rs" 172 12 172 18] index1 ([#"../index_range.rs" 172 12 172 15] arr) ([#"../index_range.rs" 172 16 172 17] [#"../index_range.rs" 172 16 172 17] (1 : usize))); + [#"../index_range.rs" 172 12 172 18] _75 <- ([#"../index_range.rs" 172 12 172 18] index1 ([#"../index_range.rs" 172 12 172 15] arr) ([#"../index_range.rs" 172 16 172 17] [#"../index_range.rs" 172 16 172 17] (1 : usize))); goto BB38 } BB38 { - switch ([#"../index_range.rs" 172 4 172 25] not ([#"../index_range.rs" 172 12 172 24] _75 = ([#"../index_range.rs" 172 22 172 24] [#"../index_range.rs" 172 22 172 24] (-1 : int32)))) + switch ([#"../index_range.rs" 172 4 172 25] not ([#"../index_range.rs" 172 12 172 24] ([#"../index_range.rs" 172 12 172 18] _75) = ([#"../index_range.rs" 172 22 172 24] [#"../index_range.rs" 172 22 172 24] (-1 : int32)))) | False -> goto BB40 | True -> goto BB39 end } BB39 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 172 4 172 25] false }; absurd } BB40 { - _82 <- ([#"../index_range.rs" 173 12 173 18] index1 ([#"../index_range.rs" 173 12 173 15] arr) ([#"../index_range.rs" 173 16 173 17] [#"../index_range.rs" 173 16 173 17] (2 : usize))); + [#"../index_range.rs" 173 12 173 18] _82 <- ([#"../index_range.rs" 173 12 173 18] index1 ([#"../index_range.rs" 173 12 173 15] arr) ([#"../index_range.rs" 173 16 173 17] [#"../index_range.rs" 173 16 173 17] (2 : usize))); goto BB41 } BB41 { - switch ([#"../index_range.rs" 173 4 173 24] not ([#"../index_range.rs" 173 12 173 23] _82 = ([#"../index_range.rs" 173 22 173 23] [#"../index_range.rs" 173 22 173 23] (2 : int32)))) + switch ([#"../index_range.rs" 173 4 173 24] not ([#"../index_range.rs" 173 12 173 23] ([#"../index_range.rs" 173 12 173 18] _82) = ([#"../index_range.rs" 173 22 173 23] [#"../index_range.rs" 173 22 173 23] (2 : int32)))) | False -> goto BB43 | True -> goto BB42 end } BB42 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 173 4 173 24] false }; absurd } BB43 { - _89 <- ([#"../index_range.rs" 174 12 174 18] index1 ([#"../index_range.rs" 174 12 174 15] arr) ([#"../index_range.rs" 174 16 174 17] [#"../index_range.rs" 174 16 174 17] (3 : usize))); + [#"../index_range.rs" 174 12 174 18] _89 <- ([#"../index_range.rs" 174 12 174 18] index1 ([#"../index_range.rs" 174 12 174 15] arr) ([#"../index_range.rs" 174 16 174 17] [#"../index_range.rs" 174 16 174 17] (3 : usize))); goto BB44 } BB44 { - switch ([#"../index_range.rs" 174 4 174 25] not ([#"../index_range.rs" 174 12 174 24] _89 = ([#"../index_range.rs" 174 22 174 24] [#"../index_range.rs" 174 22 174 24] (-1 : int32)))) + switch ([#"../index_range.rs" 174 4 174 25] not ([#"../index_range.rs" 174 12 174 24] ([#"../index_range.rs" 174 12 174 18] _89) = ([#"../index_range.rs" 174 22 174 24] [#"../index_range.rs" 174 22 174 24] (-1 : int32)))) | False -> goto BB46 | True -> goto BB45 end } BB45 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 174 4 174 25] false }; absurd } BB46 { - _96 <- ([#"../index_range.rs" 175 12 175 18] index1 ([#"../index_range.rs" 175 12 175 15] arr) ([#"../index_range.rs" 175 16 175 17] [#"../index_range.rs" 175 16 175 17] (4 : usize))); + [#"../index_range.rs" 175 12 175 18] _96 <- ([#"../index_range.rs" 175 12 175 18] index1 ([#"../index_range.rs" 175 12 175 15] arr) ([#"../index_range.rs" 175 16 175 17] [#"../index_range.rs" 175 16 175 17] (4 : usize))); goto BB47 } BB47 { assume { resolve1 arr }; - switch ([#"../index_range.rs" 175 4 175 24] not ([#"../index_range.rs" 175 12 175 23] _96 = ([#"../index_range.rs" 175 22 175 23] [#"../index_range.rs" 175 22 175 23] (4 : int32)))) + switch ([#"../index_range.rs" 175 4 175 24] not ([#"../index_range.rs" 175 12 175 23] ([#"../index_range.rs" 175 12 175 18] _96) = ([#"../index_range.rs" 175 22 175 23] [#"../index_range.rs" 175 22 175 23] (4 : int32)))) | False -> goto BB49 | True -> goto BB48 end } BB48 { + assert { [#"../index_range.rs" 175 4 175 24] false }; absurd } BB49 { - _0 <- ([#"../index_range.rs" 154 25 176 1] ()); + [#"../index_range.rs" 154 25 176 1] _0 <- ([#"../index_range.rs" 154 25 176 1] ()); goto BB50 } BB50 { @@ -2645,7 +2692,7 @@ module IndexRange_TestRangeToInclusive val inv11 (_x : slice int32) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../index_range.rs" 1 0 1 0] forall x : slice int32 . inv11 x = true + axiom inv11 : forall x : slice int32 . inv11 x = true use seq.Seq predicate invariant10 (self : Seq.seq int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -2656,7 +2703,7 @@ module IndexRange_TestRangeToInclusive val inv10 (_x : Seq.seq int32) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../index_range.rs" 1 0 1 0] forall x : Seq.seq int32 . inv10 x = true + axiom inv10 : forall x : Seq.seq int32 . inv10 x = true use prelude.UIntSize use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -2680,7 +2727,7 @@ module IndexRange_TestRangeToInclusive val invariant9 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant9 self } - axiom inv9 : [#"../index_range.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv9 x = true + axiom inv9 : forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv9 x = true predicate invariant8 (self : int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant8 (self : int32) : bool @@ -2690,7 +2737,7 @@ module IndexRange_TestRangeToInclusive val inv8 (_x : int32) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../index_range.rs" 1 0 1 0] forall x : int32 . inv8 x = true + axiom inv8 : forall x : int32 . inv8 x = true predicate invariant7 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant7 (self : usize) : bool @@ -2700,7 +2747,7 @@ module IndexRange_TestRangeToInclusive val inv7 (_x : usize) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../index_range.rs" 1 0 1 0] forall x : usize . inv7 x = true + axiom inv7 : forall x : usize . inv7 x = true use prelude.Borrow predicate invariant6 (self : borrowed (slice int32)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -2711,7 +2758,7 @@ module IndexRange_TestRangeToInclusive val inv6 (_x : borrowed (slice int32)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../index_range.rs" 1 0 1 0] forall x : borrowed (slice int32) . inv6 x = true + axiom inv6 : forall x : borrowed (slice int32) . inv6 x = true predicate invariant5 (self : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant5 (self : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global))) : bool @@ -2721,7 +2768,7 @@ module IndexRange_TestRangeToInclusive val inv5 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../index_range.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) . inv5 x = true + axiom inv5 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) . inv5 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant4 (self : Core_Option_Option_Type.t_option (slice int32)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -2732,7 +2779,7 @@ module IndexRange_TestRangeToInclusive val inv4 (_x : Core_Option_Option_Type.t_option (slice int32)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../index_range.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (slice int32) . inv4 x = true + axiom inv4 : forall x : Core_Option_Option_Type.t_option (slice int32) . inv4 x = true predicate invariant3 (self : Core_Option_Option_Type.t_option (slice int32)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : Core_Option_Option_Type.t_option (slice int32)) : bool @@ -2742,7 +2789,7 @@ module IndexRange_TestRangeToInclusive val inv3 (_x : Core_Option_Option_Type.t_option (slice int32)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../index_range.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (slice int32) . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option (slice int32) . inv3 x = true predicate invariant2 (self : slice int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : slice int32) : bool @@ -2752,7 +2799,7 @@ module IndexRange_TestRangeToInclusive val inv2 (_x : slice int32) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../index_range.rs" 1 0 1 0] forall x : slice int32 . inv2 x = true + axiom inv2 : forall x : slice int32 . inv2 x = true use Core_Ops_Range_RangeToInclusive_Type as Core_Ops_Range_RangeToInclusive_Type predicate invariant1 (self : Core_Ops_Range_RangeToInclusive_Type.t_rangetoinclusive usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -2763,7 +2810,7 @@ module IndexRange_TestRangeToInclusive val inv1 (_x : Core_Ops_Range_RangeToInclusive_Type.t_rangetoinclusive usize) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../index_range.rs" 1 0 1 0] forall x : Core_Ops_Range_RangeToInclusive_Type.t_rangetoinclusive usize . inv1 x = true + axiom inv1 : forall x : Core_Ops_Range_RangeToInclusive_Type.t_rangetoinclusive usize . inv1 x = true predicate invariant0 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool @@ -2773,7 +2820,7 @@ module IndexRange_TestRangeToInclusive val inv0 (_x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../index_range.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true predicate resolve2 (self : int32) = [#"../../../../creusot-contracts/src/resolve.rs" 45 8 45 12] true val resolve2 (self : int32) : bool @@ -2940,25 +2987,25 @@ module IndexRange_TestRangeToInclusive goto BB0 } BB0 { - arr <- ([#"../index_range.rs" 181 18 181 30] create_arr0 ()); + [#"../index_range.rs" 181 18 181 30] arr <- ([#"../index_range.rs" 181 18 181 30] create_arr0 ()); goto BB1 } BB1 { - _3 <- ([#"../index_range.rs" 186 13 186 22] index0 ([#"../index_range.rs" 186 13 186 16] arr) ([#"../index_range.rs" 186 17 186 21] Core_Ops_Range_RangeToInclusive_Type.C_RangeToInclusive ([#"../index_range.rs" 186 20 186 21] [#"../index_range.rs" 186 20 186 21] (1 : usize)))); + [#"../index_range.rs" 186 13 186 22] _3 <- ([#"../index_range.rs" 186 13 186 22] index0 ([#"../index_range.rs" 186 13 186 16] arr) ([#"../index_range.rs" 186 17 186 21] Core_Ops_Range_RangeToInclusive_Type.C_RangeToInclusive ([#"../index_range.rs" 186 20 186 21] [#"../index_range.rs" 186 20 186 21] (1 : usize)))); goto BB2 } BB2 { - s <- ([#"../index_range.rs" 186 12 186 22] _3); - _11 <- ([#"../index_range.rs" 187 12 187 19] len0 ([#"../index_range.rs" 187 12 187 19] s)); + [#"../index_range.rs" 186 12 186 22] s <- ([#"../index_range.rs" 186 12 186 22] _3); + [#"../index_range.rs" 187 12 187 19] _11 <- ([#"../index_range.rs" 187 12 187 19] len0 ([#"../index_range.rs" 187 12 187 19] s)); goto BB9 } BB3 { - _8 <- ([#"../index_range.rs" 187 12 187 50] [#"../index_range.rs" 187 12 187 50] false); + [#"../index_range.rs" 187 12 187 50] _8 <- ([#"../index_range.rs" 187 12 187 50] [#"../index_range.rs" 187 12 187 50] false); goto BB5 } BB4 { - _20 <- ([#"../index_range.rs" 187 43 187 44] [#"../index_range.rs" 187 43 187 44] (1 : usize)); - _22 <- ([#"../index_range.rs" 187 41 187 45] _20 < ([#"../index_range.rs" 187 41 187 45] Slice.length s)); + [#"../index_range.rs" 187 43 187 44] _20 <- ([#"../index_range.rs" 187 43 187 44] [#"../index_range.rs" 187 43 187 44] (1 : usize)); + [#"../index_range.rs" 187 41 187 45] _22 <- ([#"../index_range.rs" 187 41 187 45] _20 < ([#"../index_range.rs" 187 41 187 45] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 187 41 187 45] _22 }; goto BB11 } @@ -2969,12 +3016,12 @@ module IndexRange_TestRangeToInclusive end } BB6 { - _9 <- ([#"../index_range.rs" 187 12 187 37] [#"../index_range.rs" 187 12 187 37] false); + [#"../index_range.rs" 187 12 187 37] _9 <- ([#"../index_range.rs" 187 12 187 37] [#"../index_range.rs" 187 12 187 37] false); goto BB8 } BB7 { - _15 <- ([#"../index_range.rs" 187 30 187 31] [#"../index_range.rs" 187 30 187 31] (0 : usize)); - _17 <- ([#"../index_range.rs" 187 28 187 32] _15 < ([#"../index_range.rs" 187 28 187 32] Slice.length s)); + [#"../index_range.rs" 187 30 187 31] _15 <- ([#"../index_range.rs" 187 30 187 31] [#"../index_range.rs" 187 30 187 31] (0 : usize)); + [#"../index_range.rs" 187 28 187 32] _17 <- ([#"../index_range.rs" 187 28 187 32] _15 < ([#"../index_range.rs" 187 28 187 32] Slice.length s)); assert { [@expl:index in bounds] [#"../index_range.rs" 187 28 187 32] _17 }; goto BB10 } @@ -2991,27 +3038,28 @@ module IndexRange_TestRangeToInclusive end } BB10 { - _9 <- ([#"../index_range.rs" 187 28 187 37] Slice.get s _15 = ([#"../index_range.rs" 187 36 187 37] [#"../index_range.rs" 187 36 187 37] (0 : int32))); + [#"../index_range.rs" 187 12 187 37] _9 <- ([#"../index_range.rs" 187 28 187 37] ([#"../index_range.rs" 187 28 187 32] Slice.get s _15) = ([#"../index_range.rs" 187 36 187 37] [#"../index_range.rs" 187 36 187 37] (0 : int32))); goto BB8 } BB11 { - _8 <- ([#"../index_range.rs" 187 41 187 50] Slice.get s _20 = ([#"../index_range.rs" 187 49 187 50] [#"../index_range.rs" 187 49 187 50] (1 : int32))); + [#"../index_range.rs" 187 12 187 50] _8 <- ([#"../index_range.rs" 187 41 187 50] ([#"../index_range.rs" 187 41 187 45] Slice.get s _20) = ([#"../index_range.rs" 187 49 187 50] [#"../index_range.rs" 187 49 187 50] (1 : int32))); goto BB5 } BB12 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 187 4 187 51] false }; absurd } BB13 { - _30 <- ([#"../index_range.rs" 192 12 192 25] deref0 ([#"../index_range.rs" 192 12 192 25] arr)); + [#"../index_range.rs" 192 12 192 25] _30 <- ([#"../index_range.rs" 192 12 192 25] deref0 ([#"../index_range.rs" 192 12 192 25] arr)); goto BB14 } BB14 { - _28 <- ([#"../index_range.rs" 192 12 192 25] get0 ([#"../index_range.rs" 192 12 192 25] _30) ([#"../index_range.rs" 192 20 192 24] Core_Ops_Range_RangeToInclusive_Type.C_RangeToInclusive ([#"../index_range.rs" 192 23 192 24] [#"../index_range.rs" 192 23 192 24] (5 : usize)))); + [#"../index_range.rs" 192 12 192 25] _28 <- ([#"../index_range.rs" 192 12 192 25] get0 ([#"../index_range.rs" 192 12 192 25] _30) ([#"../index_range.rs" 192 20 192 24] Core_Ops_Range_RangeToInclusive_Type.C_RangeToInclusive ([#"../index_range.rs" 192 23 192 24] [#"../index_range.rs" 192 23 192 24] (5 : usize)))); goto BB15 } BB15 { - _26 <- ([#"../index_range.rs" 192 12 192 35] is_none0 ([#"../index_range.rs" 192 12 192 35] _28)); + [#"../index_range.rs" 192 12 192 35] _26 <- ([#"../index_range.rs" 192 12 192 35] is_none0 ([#"../index_range.rs" 192 12 192 35] _28)); goto BB16 } BB16 { @@ -3022,19 +3070,20 @@ module IndexRange_TestRangeToInclusive } BB17 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 192 4 192 36] false }; absurd } BB18 { - _36 <- Borrow.borrow_mut arr; - arr <- ^ _36; - _35 <- ([#"../index_range.rs" 195 17 195 26] index_mut0 _36 ([#"../index_range.rs" 195 21 195 25] Core_Ops_Range_RangeToInclusive_Type.C_RangeToInclusive ([#"../index_range.rs" 195 24 195 25] [#"../index_range.rs" 195 24 195 25] (2 : usize)))); + [#"../index_range.rs" 195 17 195 20] _36 <- Borrow.borrow_mut arr; + [#"../index_range.rs" 195 17 195 20] arr <- ^ _36; + [#"../index_range.rs" 195 17 195 26] _35 <- ([#"../index_range.rs" 195 17 195 26] index_mut0 _36 ([#"../index_range.rs" 195 21 195 25] Core_Ops_Range_RangeToInclusive_Type.C_RangeToInclusive ([#"../index_range.rs" 195 24 195 25] [#"../index_range.rs" 195 24 195 25] (2 : usize)))); _36 <- any borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)); goto BB19 } BB19 { - s1 <- Borrow.borrow_mut ( * _35); - _35 <- { _35 with current = ^ s1 }; - _41 <- ([#"../index_range.rs" 196 12 196 19] len0 ([#"../index_range.rs" 196 12 196 19] * s1)); + [#"../index_range.rs" 195 12 195 26] s1 <- Borrow.borrow_mut ( * _35); + [#"../index_range.rs" 195 12 195 26] _35 <- { _35 with current = ^ s1 }; + [#"../index_range.rs" 196 12 196 19] _41 <- ([#"../index_range.rs" 196 12 196 19] len0 ([#"../index_range.rs" 196 12 196 19] * s1)); goto BB20 } BB20 { @@ -3047,42 +3096,44 @@ module IndexRange_TestRangeToInclusive assume { resolve0 s1 }; assume { resolve0 _35 }; assume { resolve1 arr }; + assert { [#"../index_range.rs" 196 4 196 25] false }; absurd } BB22 { - _44 <- ([#"../index_range.rs" 197 6 197 7] [#"../index_range.rs" 197 6 197 7] (0 : usize)); - _46 <- ([#"../index_range.rs" 197 4 197 8] _44 < ([#"../index_range.rs" 197 4 197 8] Slice.length ( * s1))); + [#"../index_range.rs" 197 6 197 7] _44 <- ([#"../index_range.rs" 197 6 197 7] [#"../index_range.rs" 197 6 197 7] (0 : usize)); + [#"../index_range.rs" 197 4 197 8] _46 <- ([#"../index_range.rs" 197 4 197 8] _44 < ([#"../index_range.rs" 197 4 197 8] Slice.length ( * s1))); assert { [@expl:index in bounds] [#"../index_range.rs" 197 4 197 8] _46 }; goto BB23 } BB23 { - s1 <- { s1 with current = Slice.set ( * s1) _44 ([#"../index_range.rs" 197 11 197 13] [#"../index_range.rs" 197 11 197 13] (-1 : int32)) }; - _47 <- ([#"../index_range.rs" 198 6 198 7] [#"../index_range.rs" 198 6 198 7] (2 : usize)); - _49 <- ([#"../index_range.rs" 198 4 198 8] _47 < ([#"../index_range.rs" 198 4 198 8] Slice.length ( * s1))); + [#"../index_range.rs" 197 4 197 13] s1 <- { s1 with current = Slice.set ( * s1) _44 ([#"../index_range.rs" 197 4 197 13] [#"../index_range.rs" 197 11 197 13] (-1 : int32)) }; + [#"../index_range.rs" 198 6 198 7] _47 <- ([#"../index_range.rs" 198 6 198 7] [#"../index_range.rs" 198 6 198 7] (2 : usize)); + [#"../index_range.rs" 198 4 198 8] _49 <- ([#"../index_range.rs" 198 4 198 8] _47 < ([#"../index_range.rs" 198 4 198 8] Slice.length ( * s1))); assert { [@expl:index in bounds] [#"../index_range.rs" 198 4 198 8] _49 }; goto BB24 } BB24 { - s1 <- { s1 with current = Slice.set ( * s1) _47 ([#"../index_range.rs" 198 11 198 13] [#"../index_range.rs" 198 11 198 13] (-1 : int32)) }; - _54 <- ([#"../index_range.rs" 200 14 200 15] [#"../index_range.rs" 200 14 200 15] (1 : usize)); - _56 <- ([#"../index_range.rs" 200 12 200 16] _54 < ([#"../index_range.rs" 200 12 200 16] Slice.length ( * s1))); + [#"../index_range.rs" 198 4 198 13] s1 <- { s1 with current = Slice.set ( * s1) _47 ([#"../index_range.rs" 198 4 198 13] [#"../index_range.rs" 198 11 198 13] (-1 : int32)) }; + [#"../index_range.rs" 200 14 200 15] _54 <- ([#"../index_range.rs" 200 14 200 15] [#"../index_range.rs" 200 14 200 15] (1 : usize)); + [#"../index_range.rs" 200 12 200 16] _56 <- ([#"../index_range.rs" 200 12 200 16] _54 < ([#"../index_range.rs" 200 12 200 16] Slice.length ( * s1))); assert { [@expl:index in bounds] [#"../index_range.rs" 200 12 200 16] _56 }; goto BB25 } BB25 { assume { resolve0 s1 }; assume { resolve0 _35 }; - switch ([#"../index_range.rs" 200 4 200 22] not ([#"../index_range.rs" 200 12 200 21] Slice.get ( * s1) _54 = ([#"../index_range.rs" 200 20 200 21] [#"../index_range.rs" 200 20 200 21] (1 : int32)))) + switch ([#"../index_range.rs" 200 4 200 22] not ([#"../index_range.rs" 200 12 200 21] ([#"../index_range.rs" 200 12 200 16] Slice.get ( * s1) _54) = ([#"../index_range.rs" 200 20 200 21] [#"../index_range.rs" 200 20 200 21] (1 : int32)))) | False -> goto BB27 | True -> goto BB26 end } BB26 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 200 4 200 22] false }; absurd } BB27 { - _61 <- ([#"../index_range.rs" 202 12 202 21] len1 ([#"../index_range.rs" 202 12 202 21] arr)); + [#"../index_range.rs" 202 12 202 21] _61 <- ([#"../index_range.rs" 202 12 202 21] len1 ([#"../index_range.rs" 202 12 202 21] arr)); goto BB28 } BB28 { @@ -3093,80 +3144,86 @@ module IndexRange_TestRangeToInclusive } BB29 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 202 4 202 27] false }; absurd } BB30 { - _68 <- ([#"../index_range.rs" 203 12 203 18] index1 ([#"../index_range.rs" 203 12 203 15] arr) ([#"../index_range.rs" 203 16 203 17] [#"../index_range.rs" 203 16 203 17] (0 : usize))); + [#"../index_range.rs" 203 12 203 18] _68 <- ([#"../index_range.rs" 203 12 203 18] index1 ([#"../index_range.rs" 203 12 203 15] arr) ([#"../index_range.rs" 203 16 203 17] [#"../index_range.rs" 203 16 203 17] (0 : usize))); goto BB31 } BB31 { - switch ([#"../index_range.rs" 203 4 203 25] not ([#"../index_range.rs" 203 12 203 24] _68 = ([#"../index_range.rs" 203 22 203 24] [#"../index_range.rs" 203 22 203 24] (-1 : int32)))) + switch ([#"../index_range.rs" 203 4 203 25] not ([#"../index_range.rs" 203 12 203 24] ([#"../index_range.rs" 203 12 203 18] _68) = ([#"../index_range.rs" 203 22 203 24] [#"../index_range.rs" 203 22 203 24] (-1 : int32)))) | False -> goto BB33 | True -> goto BB32 end } BB32 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 203 4 203 25] false }; absurd } BB33 { - _75 <- ([#"../index_range.rs" 204 12 204 18] index1 ([#"../index_range.rs" 204 12 204 15] arr) ([#"../index_range.rs" 204 16 204 17] [#"../index_range.rs" 204 16 204 17] (1 : usize))); + [#"../index_range.rs" 204 12 204 18] _75 <- ([#"../index_range.rs" 204 12 204 18] index1 ([#"../index_range.rs" 204 12 204 15] arr) ([#"../index_range.rs" 204 16 204 17] [#"../index_range.rs" 204 16 204 17] (1 : usize))); goto BB34 } BB34 { - switch ([#"../index_range.rs" 204 4 204 24] not ([#"../index_range.rs" 204 12 204 23] _75 = ([#"../index_range.rs" 204 22 204 23] [#"../index_range.rs" 204 22 204 23] (1 : int32)))) + switch ([#"../index_range.rs" 204 4 204 24] not ([#"../index_range.rs" 204 12 204 23] ([#"../index_range.rs" 204 12 204 18] _75) = ([#"../index_range.rs" 204 22 204 23] [#"../index_range.rs" 204 22 204 23] (1 : int32)))) | False -> goto BB36 | True -> goto BB35 end } BB35 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 204 4 204 24] false }; absurd } BB36 { - _82 <- ([#"../index_range.rs" 205 12 205 18] index1 ([#"../index_range.rs" 205 12 205 15] arr) ([#"../index_range.rs" 205 16 205 17] [#"../index_range.rs" 205 16 205 17] (2 : usize))); + [#"../index_range.rs" 205 12 205 18] _82 <- ([#"../index_range.rs" 205 12 205 18] index1 ([#"../index_range.rs" 205 12 205 15] arr) ([#"../index_range.rs" 205 16 205 17] [#"../index_range.rs" 205 16 205 17] (2 : usize))); goto BB37 } BB37 { - switch ([#"../index_range.rs" 205 4 205 25] not ([#"../index_range.rs" 205 12 205 24] _82 = ([#"../index_range.rs" 205 22 205 24] [#"../index_range.rs" 205 22 205 24] (-1 : int32)))) + switch ([#"../index_range.rs" 205 4 205 25] not ([#"../index_range.rs" 205 12 205 24] ([#"../index_range.rs" 205 12 205 18] _82) = ([#"../index_range.rs" 205 22 205 24] [#"../index_range.rs" 205 22 205 24] (-1 : int32)))) | False -> goto BB39 | True -> goto BB38 end } BB38 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 205 4 205 25] false }; absurd } BB39 { - _89 <- ([#"../index_range.rs" 206 12 206 18] index1 ([#"../index_range.rs" 206 12 206 15] arr) ([#"../index_range.rs" 206 16 206 17] [#"../index_range.rs" 206 16 206 17] (3 : usize))); + [#"../index_range.rs" 206 12 206 18] _89 <- ([#"../index_range.rs" 206 12 206 18] index1 ([#"../index_range.rs" 206 12 206 15] arr) ([#"../index_range.rs" 206 16 206 17] [#"../index_range.rs" 206 16 206 17] (3 : usize))); goto BB40 } BB40 { - switch ([#"../index_range.rs" 206 4 206 24] not ([#"../index_range.rs" 206 12 206 23] _89 = ([#"../index_range.rs" 206 22 206 23] [#"../index_range.rs" 206 22 206 23] (3 : int32)))) + switch ([#"../index_range.rs" 206 4 206 24] not ([#"../index_range.rs" 206 12 206 23] ([#"../index_range.rs" 206 12 206 18] _89) = ([#"../index_range.rs" 206 22 206 23] [#"../index_range.rs" 206 22 206 23] (3 : int32)))) | False -> goto BB42 | True -> goto BB41 end } BB41 { assume { resolve1 arr }; + assert { [#"../index_range.rs" 206 4 206 24] false }; absurd } BB42 { - _96 <- ([#"../index_range.rs" 207 12 207 18] index1 ([#"../index_range.rs" 207 12 207 15] arr) ([#"../index_range.rs" 207 16 207 17] [#"../index_range.rs" 207 16 207 17] (4 : usize))); + [#"../index_range.rs" 207 12 207 18] _96 <- ([#"../index_range.rs" 207 12 207 18] index1 ([#"../index_range.rs" 207 12 207 15] arr) ([#"../index_range.rs" 207 16 207 17] [#"../index_range.rs" 207 16 207 17] (4 : usize))); goto BB43 } BB43 { assume { resolve1 arr }; - switch ([#"../index_range.rs" 207 4 207 24] not ([#"../index_range.rs" 207 12 207 23] _96 = ([#"../index_range.rs" 207 22 207 23] [#"../index_range.rs" 207 22 207 23] (4 : int32)))) + switch ([#"../index_range.rs" 207 4 207 24] not ([#"../index_range.rs" 207 12 207 23] ([#"../index_range.rs" 207 12 207 18] _96) = ([#"../index_range.rs" 207 22 207 23] [#"../index_range.rs" 207 22 207 23] (4 : int32)))) | False -> goto BB45 | True -> goto BB44 end } BB44 { + assert { [#"../index_range.rs" 207 4 207 24] false }; absurd } BB45 { - _0 <- ([#"../index_range.rs" 179 33 208 1] ()); + [#"../index_range.rs" 179 33 208 1] _0 <- ([#"../index_range.rs" 179 33 208 1] ()); goto BB46 } BB46 { diff --git a/creusot/tests/should_succeed/index_range/why3session.xml b/creusot/tests/should_succeed/index_range/why3session.xml index 576ebf0bed..c9c701d6a5 100644 --- a/creusot/tests/should_succeed/index_range/why3session.xml +++ b/creusot/tests/should_succeed/index_range/why3session.xml @@ -3,6 +3,7 @@ "http://why3.lri.fr/why3session.dtd"> + @@ -145,39 +146,72 @@ - - + + + + + - + + + + - + + + + - + + + + - + + + + - + + + + - + + + + - + + + + - + + + + - + + + + + + + diff --git a/creusot/tests/should_succeed/index_range/why3shapes.gz b/creusot/tests/should_succeed/index_range/why3shapes.gz index 269ba999d4..9689962c0c 100644 Binary files a/creusot/tests/should_succeed/index_range/why3shapes.gz and b/creusot/tests/should_succeed/index_range/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/inplace_list_reversal.mlcfg b/creusot/tests/should_succeed/inplace_list_reversal.mlcfg index 682a5cc058..427f9e9b17 100644 --- a/creusot/tests/should_succeed/inplace_list_reversal.mlcfg +++ b/creusot/tests/should_succeed/inplace_list_reversal.mlcfg @@ -22,7 +22,7 @@ module InplaceListReversal_Rev val inv2 (_x : borrowed (InplaceListReversal_List_Type.t_list t)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../inplace_list_reversal.rs" 1 0 1 0] forall x : borrowed (InplaceListReversal_List_Type.t_list t) . inv2 x = true + axiom inv2 : forall x : borrowed (InplaceListReversal_List_Type.t_list t) . inv2 x = true predicate invariant1 (self : InplaceListReversal_List_Type.t_list t) val invariant1 (self : InplaceListReversal_List_Type.t_list t) : bool ensures { result = invariant1 self } @@ -31,7 +31,7 @@ module InplaceListReversal_Rev val inv1 (_x : InplaceListReversal_List_Type.t_list t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../inplace_list_reversal.rs" 1 0 1 0] forall x : InplaceListReversal_List_Type.t_list t . inv1 x = true + axiom inv1 : forall x : InplaceListReversal_List_Type.t_list t . inv1 x = true use prelude.Ghost predicate invariant0 (self : Ghost.ghost_ty (borrowed (InplaceListReversal_List_Type.t_list t))) val invariant0 (self : Ghost.ghost_ty (borrowed (InplaceListReversal_List_Type.t_list t))) : bool @@ -41,7 +41,7 @@ module InplaceListReversal_Rev val inv0 (_x : Ghost.ghost_ty (borrowed (InplaceListReversal_List_Type.t_list t))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../inplace_list_reversal.rs" 1 0 1 0] forall x : Ghost.ghost_ty (borrowed (InplaceListReversal_List_Type.t_list t)) . inv0 x = true + axiom inv0 : forall x : Ghost.ghost_ty (borrowed (InplaceListReversal_List_Type.t_list t)) . inv0 x = true predicate resolve2 (self : borrowed (InplaceListReversal_List_Type.t_list t)) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve2 (self : borrowed (InplaceListReversal_List_Type.t_list t)) : bool @@ -91,17 +91,17 @@ module InplaceListReversal_Rev goto BB0 } BB0 { - old_l <- ([#"../inplace_list_reversal.rs" 25 16 25 25] Ghost.new l); + [#"../inplace_list_reversal.rs" 25 16 25 25] old_l <- ([#"../inplace_list_reversal.rs" 25 16 25 25] Ghost.new l); goto BB1 } BB1 { assert { [@expl:type invariant] inv0 old_l }; assume { resolve0 old_l }; - prev <- ([#"../inplace_list_reversal.rs" 26 19 26 22] InplaceListReversal_List_Type.C_Nil); - _7 <- Borrow.borrow_mut ( * l); - l <- { l with current = ^ _7 }; + [#"../inplace_list_reversal.rs" 26 19 26 22] prev <- ([#"../inplace_list_reversal.rs" 26 19 26 22] InplaceListReversal_List_Type.C_Nil); + [#"../inplace_list_reversal.rs" 27 27 27 28] _7 <- Borrow.borrow_mut ( * l); + [#"../inplace_list_reversal.rs" 27 27 27 28] l <- { l with current = ^ _7 }; assume { inv1 ( ^ _7) }; - head <- ([#"../inplace_list_reversal.rs" 27 19 27 34] replace0 _7 ([#"../inplace_list_reversal.rs" 27 30 27 33] InplaceListReversal_List_Type.C_Nil)); + [#"../inplace_list_reversal.rs" 27 19 27 34] head <- ([#"../inplace_list_reversal.rs" 27 19 27 34] replace0 _7 ([#"../inplace_list_reversal.rs" 27 30 27 33] InplaceListReversal_List_Type.C_Nil)); _7 <- any borrowed (InplaceListReversal_List_Type.t_list t); goto BB2 } @@ -125,17 +125,17 @@ module InplaceListReversal_Rev goto BB7 } BB7 { - curr <- InplaceListReversal_List_Type.cons_0 head; - head <- (let InplaceListReversal_List_Type.C_Cons x0 = head in InplaceListReversal_List_Type.C_Cons (any (t, InplaceListReversal_List_Type.t_list t))); + [#"../inplace_list_reversal.rs" 29 19 29 27] curr <- ([#"../inplace_list_reversal.rs" 29 19 29 27] InplaceListReversal_List_Type.cons_0 head); + [#"../inplace_list_reversal.rs" 29 19 29 27] head <- (let InplaceListReversal_List_Type.C_Cons x0 = head in InplaceListReversal_List_Type.C_Cons (any (t, InplaceListReversal_List_Type.t_list t))); assert { [@expl:type invariant] inv1 head }; assume { resolve1 head }; - next <- (let (_, a) = curr in a); - curr <- (let (x0, x1) = curr in (x0, any InplaceListReversal_List_Type.t_list t)); + [#"../inplace_list_reversal.rs" 30 19 30 25] next <- ([#"../inplace_list_reversal.rs" 30 19 30 25] let (_, a) = curr in a); + [#"../inplace_list_reversal.rs" 30 19 30 25] curr <- (let (x0, x1) = curr in (x0, any InplaceListReversal_List_Type.t_list t)); goto BB8 } BB8 { - curr <- (let (x0, x1) = curr in (x0, prev)); - prev <- any InplaceListReversal_List_Type.t_list t; + [#"../inplace_list_reversal.rs" 31 8 31 14] curr <- (let (x0, x1) = curr in (x0, ([#"../inplace_list_reversal.rs" 31 17 31 21] prev))); + [#"../inplace_list_reversal.rs" 31 17 31 21] prev <- any InplaceListReversal_List_Type.t_list t; goto BB10 } BB10 { @@ -145,16 +145,16 @@ module InplaceListReversal_Rev goto BB12 } BB12 { - prev <- ([#"../inplace_list_reversal.rs" 32 15 32 25] InplaceListReversal_List_Type.C_Cons curr); - curr <- any (t, InplaceListReversal_List_Type.t_list t); + [#"../inplace_list_reversal.rs" 32 8 32 12] prev <- ([#"../inplace_list_reversal.rs" 32 15 32 25] InplaceListReversal_List_Type.C_Cons ([#"../inplace_list_reversal.rs" 32 20 32 24] curr)); + [#"../inplace_list_reversal.rs" 32 20 32 24] curr <- any (t, InplaceListReversal_List_Type.t_list t); goto BB14 } BB14 { goto BB15 } BB15 { - head <- next; - next <- any InplaceListReversal_List_Type.t_list t; + [#"../inplace_list_reversal.rs" 33 8 33 12] head <- ([#"../inplace_list_reversal.rs" 33 15 33 19] next); + [#"../inplace_list_reversal.rs" 33 15 33 19] next <- any InplaceListReversal_List_Type.t_list t; goto BB17 } BB17 { @@ -172,8 +172,8 @@ module InplaceListReversal_Rev goto BB4 } BB21 { - l <- { l with current = prev }; - prev <- any InplaceListReversal_List_Type.t_list t; + [#"../inplace_list_reversal.rs" 35 4 35 6] l <- { l with current = ([#"../inplace_list_reversal.rs" 35 9 35 13] prev) }; + [#"../inplace_list_reversal.rs" 35 9 35 13] prev <- any InplaceListReversal_List_Type.t_list t; assert { [@expl:type invariant] inv1 ( * l) }; assume { resolve1 ( * l) }; assert { [@expl:type invariant] inv2 l }; @@ -181,7 +181,7 @@ module InplaceListReversal_Rev goto BB23 } BB23 { - _0 <- ([#"../inplace_list_reversal.rs" 24 31 36 1] ()); + [#"../inplace_list_reversal.rs" 24 31 36 1] _0 <- ([#"../inplace_list_reversal.rs" 24 31 36 1] ()); goto BB24 } BB24 { diff --git a/creusot/tests/should_succeed/instant.mlcfg b/creusot/tests/should_succeed/instant.mlcfg index bddbf9816d..1f830bb164 100644 --- a/creusot/tests/should_succeed/instant.mlcfg +++ b/creusot/tests/should_succeed/instant.mlcfg @@ -104,7 +104,7 @@ module Instant_TestInstant val inv4 (_x : Core_Option_Option_Type.t_option int) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../instant.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int . inv4 x = true + axiom inv4 : forall x : Core_Option_Option_Type.t_option int . inv4 x = true function eq_cmp1 (_1 : Core_Option_Option_Type.t_option int) (_2 : Core_Option_Option_Type.t_option int) : () val eq_cmp1 (_1 : Core_Option_Option_Type.t_option int) (_2 : Core_Option_Option_Type.t_option int) : () ensures { result = eq_cmp1 _1 _2 } @@ -152,7 +152,7 @@ module Instant_TestInstant val inv3 (_x : Core_Option_Option_Type.t_option (Core_Time_Duration_Type.t_duration)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../instant.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (Core_Time_Duration_Type.t_duration) . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option (Core_Time_Duration_Type.t_duration) . inv3 x = true use Std_Time_Instant_Type as Std_Time_Instant_Type predicate invariant2 (self : Std_Time_Instant_Type.t_instant) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -163,7 +163,7 @@ module Instant_TestInstant val inv2 (_x : Std_Time_Instant_Type.t_instant) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../instant.rs" 1 0 1 0] forall x : Std_Time_Instant_Type.t_instant . inv2 x = true + axiom inv2 : forall x : Std_Time_Instant_Type.t_instant . inv2 x = true predicate invariant1 (self : Core_Option_Option_Type.t_option (Std_Time_Instant_Type.t_instant)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : Core_Option_Option_Type.t_option (Std_Time_Instant_Type.t_instant)) : bool @@ -173,7 +173,7 @@ module Instant_TestInstant val inv1 (_x : Core_Option_Option_Type.t_option (Std_Time_Instant_Type.t_instant)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../instant.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (Std_Time_Instant_Type.t_instant) . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option (Std_Time_Instant_Type.t_instant) . inv1 x = true function cmp_log1 (self : int) (o : int) : Core_Cmp_Ordering_Type.t_ordering = [#"../../../../creusot-contracts/src/logic/ord.rs" 137 12 146 17] if self < o then Core_Cmp_Ordering_Type.C_Less @@ -292,7 +292,7 @@ module Instant_TestInstant val inv0 (_x : Core_Time_Duration_Type.t_duration) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../instant.rs" 1 0 1 0] forall x : Core_Time_Duration_Type.t_duration . inv0 x = true + axiom inv0 : forall x : Core_Time_Duration_Type.t_duration . inv0 x = true use prelude.Borrow use prelude.UInt64 function secs_to_nanos0 (secs : int) : int @@ -463,19 +463,19 @@ module Instant_TestInstant goto BB0 } BB0 { - instant <- ([#"../instant.rs" 8 18 8 32] now0 ()); + [#"../instant.rs" 8 18 8 32] instant <- ([#"../instant.rs" 8 18 8 32] now0 ()); goto BB1 } BB1 { - zero_dur <- ([#"../instant.rs" 9 19 9 41] from_secs0 ([#"../instant.rs" 9 39 9 40] [#"../instant.rs" 9 39 9 40] (0 : uint64))); + [#"../instant.rs" 9 19 9 41] zero_dur <- ([#"../instant.rs" 9 19 9 41] from_secs0 ([#"../instant.rs" 9 39 9 40] [#"../instant.rs" 9 39 9 40] (0 : uint64))); goto BB2 } BB2 { - _7 <- ([#"../instant.rs" 10 12 10 29] elapsed0 ([#"../instant.rs" 10 12 10 29] instant)); + [#"../instant.rs" 10 12 10 29] _7 <- ([#"../instant.rs" 10 12 10 29] elapsed0 ([#"../instant.rs" 10 12 10 29] instant)); goto BB3 } BB3 { - _5 <- ([#"../instant.rs" 10 12 10 41] ge0 ([#"../instant.rs" 10 12 10 29] _7) ([#"../instant.rs" 10 33 10 41] zero_dur)); + [#"../instant.rs" 10 12 10 41] _5 <- ([#"../instant.rs" 10 12 10 41] ge0 ([#"../instant.rs" 10 12 10 29] _7) ([#"../instant.rs" 10 33 10 41] zero_dur)); goto BB4 } BB4 { @@ -485,19 +485,20 @@ module Instant_TestInstant end } BB5 { + assert { [#"../instant.rs" 10 4 10 42] false }; absurd } BB6 { - _16 <- ([#"../instant.rs" 12 12 12 41] checked_add0 ([#"../instant.rs" 12 12 12 41] instant) zero_dur); + [#"../instant.rs" 12 12 12 41] _16 <- ([#"../instant.rs" 12 12 12 41] checked_add0 ([#"../instant.rs" 12 12 12 41] instant) ([#"../instant.rs" 12 32 12 40] zero_dur)); goto BB7 } BB7 { - _15 <- ([#"../instant.rs" 12 12 12 50] unwrap0 _16); + [#"../instant.rs" 12 12 12 50] _15 <- ([#"../instant.rs" 12 12 12 50] unwrap0 _16); _16 <- any Core_Option_Option_Type.t_option (Std_Time_Instant_Type.t_instant); goto BB8 } BB8 { - _13 <- ([#"../instant.rs" 12 12 12 61] eq0 ([#"../instant.rs" 12 12 12 50] _15) ([#"../instant.rs" 12 54 12 61] instant)); + [#"../instant.rs" 12 12 12 61] _13 <- ([#"../instant.rs" 12 12 12 61] eq0 ([#"../instant.rs" 12 12 12 50] _15) ([#"../instant.rs" 12 54 12 61] instant)); goto BB9 } BB9 { @@ -507,14 +508,15 @@ module Instant_TestInstant end } BB10 { + assert { [#"../instant.rs" 12 4 12 62] false }; absurd } BB11 { - _25 <- ([#"../instant.rs" 13 12 13 30] add0 instant zero_dur); + [#"../instant.rs" 13 12 13 30] _25 <- ([#"../instant.rs" 13 12 13 30] add0 ([#"../instant.rs" 13 12 13 19] instant) ([#"../instant.rs" 13 22 13 30] zero_dur)); goto BB12 } BB12 { - _23 <- ([#"../instant.rs" 13 12 13 41] eq0 ([#"../instant.rs" 13 12 13 30] _25) ([#"../instant.rs" 13 34 13 41] instant)); + [#"../instant.rs" 13 12 13 41] _23 <- ([#"../instant.rs" 13 12 13 41] eq0 ([#"../instant.rs" 13 12 13 30] _25) ([#"../instant.rs" 13 34 13 41] instant)); goto BB13 } BB13 { @@ -524,33 +526,34 @@ module Instant_TestInstant end } BB14 { + assert { [#"../instant.rs" 13 4 13 42] false }; absurd } BB15 { - three_seconds <- ([#"../instant.rs" 14 24 14 46] from_secs0 ([#"../instant.rs" 14 44 14 45] [#"../instant.rs" 14 44 14 45] (3 : uint64))); + [#"../instant.rs" 14 24 14 46] three_seconds <- ([#"../instant.rs" 14 24 14 46] from_secs0 ([#"../instant.rs" 14 44 14 45] [#"../instant.rs" 14 44 14 45] (3 : uint64))); goto BB16 } BB16 { - greater_instant <- ([#"../instant.rs" 15 26 15 49] add0 instant three_seconds); + [#"../instant.rs" 15 26 15 49] greater_instant <- ([#"../instant.rs" 15 26 15 49] add0 ([#"../instant.rs" 15 26 15 33] instant) ([#"../instant.rs" 15 36 15 49] three_seconds)); goto BB17 } BB17 { assert { [@expl:assertion] [#"../instant.rs" 16 18 16 45] shallow_model0 instant < shallow_model0 greater_instant }; - even_greater_instant <- ([#"../instant.rs" 17 31 17 62] add0 greater_instant three_seconds); + [#"../instant.rs" 17 31 17 62] even_greater_instant <- ([#"../instant.rs" 17 31 17 62] add0 ([#"../instant.rs" 17 31 17 46] greater_instant) ([#"../instant.rs" 17 49 17 62] three_seconds)); goto BB18 } BB18 { assert { [@expl:assertion] [#"../instant.rs" 18 18 18 50] shallow_model0 instant < shallow_model0 even_greater_instant }; - _46 <- ([#"../instant.rs" 20 12 20 41] checked_sub0 ([#"../instant.rs" 20 12 20 41] instant) zero_dur); + [#"../instant.rs" 20 12 20 41] _46 <- ([#"../instant.rs" 20 12 20 41] checked_sub0 ([#"../instant.rs" 20 12 20 41] instant) ([#"../instant.rs" 20 32 20 40] zero_dur)); goto BB19 } BB19 { - _45 <- ([#"../instant.rs" 20 12 20 50] unwrap0 _46); + [#"../instant.rs" 20 12 20 50] _45 <- ([#"../instant.rs" 20 12 20 50] unwrap0 _46); _46 <- any Core_Option_Option_Type.t_option (Std_Time_Instant_Type.t_instant); goto BB20 } BB20 { - _43 <- ([#"../instant.rs" 20 12 20 61] eq0 ([#"../instant.rs" 20 12 20 50] _45) ([#"../instant.rs" 20 54 20 61] instant)); + [#"../instant.rs" 20 12 20 61] _43 <- ([#"../instant.rs" 20 12 20 61] eq0 ([#"../instant.rs" 20 12 20 50] _45) ([#"../instant.rs" 20 54 20 61] instant)); goto BB21 } BB21 { @@ -560,14 +563,15 @@ module Instant_TestInstant end } BB22 { + assert { [#"../instant.rs" 20 4 20 62] false }; absurd } BB23 { - _55 <- ([#"../instant.rs" 21 12 21 30] sub0 instant zero_dur); + [#"../instant.rs" 21 12 21 30] _55 <- ([#"../instant.rs" 21 12 21 30] sub0 ([#"../instant.rs" 21 12 21 19] instant) ([#"../instant.rs" 21 22 21 30] zero_dur)); goto BB24 } BB24 { - _53 <- ([#"../instant.rs" 21 12 21 41] eq0 ([#"../instant.rs" 21 12 21 30] _55) ([#"../instant.rs" 21 34 21 41] instant)); + [#"../instant.rs" 21 12 21 41] _53 <- ([#"../instant.rs" 21 12 21 41] eq0 ([#"../instant.rs" 21 12 21 30] _55) ([#"../instant.rs" 21 34 21 41] instant)); goto BB25 } BB25 { @@ -577,19 +581,20 @@ module Instant_TestInstant end } BB26 { + assert { [#"../instant.rs" 21 4 21 42] false }; absurd } BB27 { - lesser_instant <- ([#"../instant.rs" 22 25 22 48] sub0 instant three_seconds); + [#"../instant.rs" 22 25 22 48] lesser_instant <- ([#"../instant.rs" 22 25 22 48] sub0 ([#"../instant.rs" 22 25 22 32] instant) ([#"../instant.rs" 22 35 22 48] three_seconds)); goto BB28 } BB28 { assert { [@expl:assertion] [#"../instant.rs" 23 18 23 44] shallow_model0 instant > shallow_model0 lesser_instant }; - _69 <- ([#"../instant.rs" 24 12 24 29] sub1 instant instant); + [#"../instant.rs" 24 12 24 29] _69 <- ([#"../instant.rs" 24 12 24 29] sub1 ([#"../instant.rs" 24 12 24 19] instant) ([#"../instant.rs" 24 22 24 29] instant)); goto BB29 } BB29 { - _67 <- ([#"../instant.rs" 24 12 24 41] eq1 ([#"../instant.rs" 24 12 24 29] _69) ([#"../instant.rs" 24 33 24 41] zero_dur)); + [#"../instant.rs" 24 12 24 41] _67 <- ([#"../instant.rs" 24 12 24 41] eq1 ([#"../instant.rs" 24 12 24 29] _69) ([#"../instant.rs" 24 33 24 41] zero_dur)); goto BB30 } BB30 { @@ -599,14 +604,15 @@ module Instant_TestInstant end } BB31 { + assert { [#"../instant.rs" 24 4 24 42] false }; absurd } BB32 { - _78 <- ([#"../instant.rs" 25 12 25 37] sub1 instant greater_instant); + [#"../instant.rs" 25 12 25 37] _78 <- ([#"../instant.rs" 25 12 25 37] sub1 ([#"../instant.rs" 25 12 25 19] instant) ([#"../instant.rs" 25 22 25 37] greater_instant)); goto BB33 } BB33 { - _76 <- ([#"../instant.rs" 25 12 25 49] eq1 ([#"../instant.rs" 25 12 25 37] _78) ([#"../instant.rs" 25 41 25 49] zero_dur)); + [#"../instant.rs" 25 12 25 49] _76 <- ([#"../instant.rs" 25 12 25 49] eq1 ([#"../instant.rs" 25 12 25 37] _78) ([#"../instant.rs" 25 41 25 49] zero_dur)); goto BB34 } BB34 { @@ -616,14 +622,15 @@ module Instant_TestInstant end } BB35 { + assert { [#"../instant.rs" 25 4 25 50] false }; absurd } BB36 { - _87 <- ([#"../instant.rs" 26 12 26 37] sub1 greater_instant instant); + [#"../instant.rs" 26 12 26 37] _87 <- ([#"../instant.rs" 26 12 26 37] sub1 ([#"../instant.rs" 26 12 26 27] greater_instant) ([#"../instant.rs" 26 30 26 37] instant)); goto BB37 } BB37 { - _85 <- ([#"../instant.rs" 26 12 26 48] gt0 ([#"../instant.rs" 26 12 26 37] _87) ([#"../instant.rs" 26 40 26 48] zero_dur)); + [#"../instant.rs" 26 12 26 48] _85 <- ([#"../instant.rs" 26 12 26 48] gt0 ([#"../instant.rs" 26 12 26 37] _87) ([#"../instant.rs" 26 40 26 48] zero_dur)); goto BB38 } BB38 { @@ -633,14 +640,15 @@ module Instant_TestInstant end } BB39 { + assert { [#"../instant.rs" 26 4 26 49] false }; absurd } BB40 { - _96 <- ([#"../instant.rs" 28 12 28 51] duration_since0 ([#"../instant.rs" 28 12 28 51] greater_instant) instant); + [#"../instant.rs" 28 12 28 51] _96 <- ([#"../instant.rs" 28 12 28 51] duration_since0 ([#"../instant.rs" 28 12 28 51] greater_instant) ([#"../instant.rs" 28 43 28 50] instant)); goto BB41 } BB41 { - _94 <- ([#"../instant.rs" 28 12 28 62] gt0 ([#"../instant.rs" 28 12 28 51] _96) ([#"../instant.rs" 28 54 28 62] zero_dur)); + [#"../instant.rs" 28 12 28 62] _94 <- ([#"../instant.rs" 28 12 28 62] gt0 ([#"../instant.rs" 28 12 28 51] _96) ([#"../instant.rs" 28 54 28 62] zero_dur)); goto BB42 } BB42 { @@ -650,14 +658,15 @@ module Instant_TestInstant end } BB43 { + assert { [#"../instant.rs" 28 4 28 63] false }; absurd } BB44 { - _105 <- ([#"../instant.rs" 29 12 29 51] duration_since0 ([#"../instant.rs" 29 12 29 51] instant) greater_instant); + [#"../instant.rs" 29 12 29 51] _105 <- ([#"../instant.rs" 29 12 29 51] duration_since0 ([#"../instant.rs" 29 12 29 51] instant) ([#"../instant.rs" 29 35 29 50] greater_instant)); goto BB45 } BB45 { - _103 <- ([#"../instant.rs" 29 12 29 63] eq1 ([#"../instant.rs" 29 12 29 51] _105) ([#"../instant.rs" 29 55 29 63] zero_dur)); + [#"../instant.rs" 29 12 29 63] _103 <- ([#"../instant.rs" 29 12 29 63] eq1 ([#"../instant.rs" 29 12 29 51] _105) ([#"../instant.rs" 29 55 29 63] zero_dur)); goto BB46 } BB46 { @@ -667,14 +676,15 @@ module Instant_TestInstant end } BB47 { + assert { [#"../instant.rs" 29 4 29 64] false }; absurd } BB48 { - _114 <- ([#"../instant.rs" 30 12 30 59] checked_duration_since0 ([#"../instant.rs" 30 12 30 59] greater_instant) instant); + [#"../instant.rs" 30 12 30 59] _114 <- ([#"../instant.rs" 30 12 30 59] checked_duration_since0 ([#"../instant.rs" 30 12 30 59] greater_instant) ([#"../instant.rs" 30 51 30 58] instant)); goto BB49 } BB49 { - _112 <- ([#"../instant.rs" 30 12 30 69] is_some0 ([#"../instant.rs" 30 12 30 69] _114)); + [#"../instant.rs" 30 12 30 69] _112 <- ([#"../instant.rs" 30 12 30 69] is_some0 ([#"../instant.rs" 30 12 30 69] _114)); goto BB50 } BB50 { @@ -684,14 +694,15 @@ module Instant_TestInstant end } BB51 { + assert { [#"../instant.rs" 30 4 30 70] false }; absurd } BB52 { - _122 <- ([#"../instant.rs" 31 12 31 59] checked_duration_since0 ([#"../instant.rs" 31 12 31 59] instant) greater_instant); + [#"../instant.rs" 31 12 31 59] _122 <- ([#"../instant.rs" 31 12 31 59] checked_duration_since0 ([#"../instant.rs" 31 12 31 59] instant) ([#"../instant.rs" 31 43 31 58] greater_instant)); goto BB53 } BB53 { - _120 <- ([#"../instant.rs" 31 12 31 69] is_none0 ([#"../instant.rs" 31 12 31 69] _122)); + [#"../instant.rs" 31 12 31 69] _120 <- ([#"../instant.rs" 31 12 31 69] is_none0 ([#"../instant.rs" 31 12 31 69] _122)); goto BB54 } BB54 { @@ -701,14 +712,15 @@ module Instant_TestInstant end } BB55 { + assert { [#"../instant.rs" 31 4 31 70] false }; absurd } BB56 { - _130 <- ([#"../instant.rs" 32 12 32 62] saturating_duration_since0 ([#"../instant.rs" 32 12 32 62] greater_instant) instant); + [#"../instant.rs" 32 12 32 62] _130 <- ([#"../instant.rs" 32 12 32 62] saturating_duration_since0 ([#"../instant.rs" 32 12 32 62] greater_instant) ([#"../instant.rs" 32 54 32 61] instant)); goto BB57 } BB57 { - _128 <- ([#"../instant.rs" 32 12 32 73] gt0 ([#"../instant.rs" 32 12 32 62] _130) ([#"../instant.rs" 32 65 32 73] zero_dur)); + [#"../instant.rs" 32 12 32 73] _128 <- ([#"../instant.rs" 32 12 32 73] gt0 ([#"../instant.rs" 32 12 32 62] _130) ([#"../instant.rs" 32 65 32 73] zero_dur)); goto BB58 } BB58 { @@ -718,14 +730,15 @@ module Instant_TestInstant end } BB59 { + assert { [#"../instant.rs" 32 4 32 74] false }; absurd } BB60 { - _139 <- ([#"../instant.rs" 33 12 33 62] saturating_duration_since0 ([#"../instant.rs" 33 12 33 62] instant) greater_instant); + [#"../instant.rs" 33 12 33 62] _139 <- ([#"../instant.rs" 33 12 33 62] saturating_duration_since0 ([#"../instant.rs" 33 12 33 62] instant) ([#"../instant.rs" 33 46 33 61] greater_instant)); goto BB61 } BB61 { - _137 <- ([#"../instant.rs" 33 12 33 74] eq1 ([#"../instant.rs" 33 12 33 62] _139) ([#"../instant.rs" 33 66 33 74] zero_dur)); + [#"../instant.rs" 33 12 33 74] _137 <- ([#"../instant.rs" 33 12 33 74] eq1 ([#"../instant.rs" 33 12 33 62] _139) ([#"../instant.rs" 33 66 33 74] zero_dur)); goto BB62 } BB62 { @@ -735,10 +748,11 @@ module Instant_TestInstant end } BB63 { + assert { [#"../instant.rs" 33 4 33 75] false }; absurd } BB64 { - _0 <- ([#"../instant.rs" 7 22 34 1] ()); + [#"../instant.rs" 7 22 34 1] _0 <- ([#"../instant.rs" 7 22 34 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/invariant_moves.mlcfg b/creusot/tests/should_succeed/invariant_moves.mlcfg index be98e0156f..fd16374e63 100644 --- a/creusot/tests/should_succeed/invariant_moves.mlcfg +++ b/creusot/tests/should_succeed/invariant_moves.mlcfg @@ -56,7 +56,7 @@ module InvariantMoves_TestInvariantMove val inv3 (_x : Seq.seq uint32) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../invariant_moves.rs" 1 0 1 0] forall x : Seq.seq uint32 . inv3 x = true + axiom inv3 : forall x : Seq.seq uint32 . inv3 x = true use prelude.UIntSize use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -80,7 +80,7 @@ module InvariantMoves_TestInvariantMove val invariant2 (self : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../invariant_moves.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv2 x = true + axiom inv2 : forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv2 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant1 (self : Core_Option_Option_Type.t_option uint32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -91,7 +91,7 @@ module InvariantMoves_TestInvariantMove val inv1 (_x : Core_Option_Option_Type.t_option uint32) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../invariant_moves.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option uint32 . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option uint32 . inv1 x = true use prelude.Borrow predicate invariant0 (self : borrowed (Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -102,7 +102,7 @@ module InvariantMoves_TestInvariantMove val inv0 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../invariant_moves.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) . inv0 x = true + axiom inv0 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) . inv0 x = true predicate resolve2 (self : uint32) = [#"../../../../creusot-contracts/src/resolve.rs" 45 8 45 12] true val resolve2 (self : uint32) : bool @@ -165,11 +165,11 @@ module InvariantMoves_TestInvariantMove goto BB3 } BB3 { - _6 <- Borrow.borrow_mut x; - x <- ^ _6; - _5 <- Borrow.borrow_mut ( * _6); - _6 <- { _6 with current = ^ _5 }; - _4 <- ([#"../invariant_moves.rs" 7 26 7 40] pop0 _5); + [#"../invariant_moves.rs" 7 26 7 34] _6 <- Borrow.borrow_mut x; + [#"../invariant_moves.rs" 7 26 7 34] x <- ^ _6; + [#"../invariant_moves.rs" 7 26 7 40] _5 <- Borrow.borrow_mut ( * _6); + [#"../invariant_moves.rs" 7 26 7 40] _6 <- { _6 with current = ^ _5 }; + [#"../invariant_moves.rs" 7 26 7 40] _4 <- ([#"../invariant_moves.rs" 7 26 7 40] pop0 _5); _5 <- any borrowed (Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)); goto BB4 } @@ -188,7 +188,7 @@ module InvariantMoves_TestInvariantMove } BB7 { assume { resolve1 x }; - _0 <- ([#"../invariant_moves.rs" 7 4 7 45] ()); + [#"../invariant_moves.rs" 7 4 7 45] _0 <- ([#"../invariant_moves.rs" 7 4 7 45] ()); goto BB8 } BB8 { diff --git a/creusot/tests/should_succeed/ite_normalize.mlcfg b/creusot/tests/should_succeed/ite_normalize.mlcfg index f0afbb802c..2a6aab6b22 100644 --- a/creusot/tests/should_succeed/ite_normalize.mlcfg +++ b/creusot/tests/should_succeed/ite_normalize.mlcfg @@ -92,7 +92,7 @@ module IteNormalize_Impl6_Clone ensures { result = inv1 _x } use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - axiom inv1 : [#"../ite_normalize.rs" 1 0 1 0] forall x : IteNormalize_Expr_Type.t_expr . inv1 x = true + axiom inv1 : forall x : IteNormalize_Expr_Type.t_expr . inv1 x = true predicate invariant0 (self : IteNormalize_Expr_Type.t_expr) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : IteNormalize_Expr_Type.t_expr) : bool @@ -102,7 +102,7 @@ module IteNormalize_Impl6_Clone val inv0 (_x : IteNormalize_Expr_Type.t_expr) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../ite_normalize.rs" 1 0 1 0] forall x : IteNormalize_Expr_Type.t_expr . inv0 x = true + axiom inv0 : forall x : IteNormalize_Expr_Type.t_expr . inv0 x = true use prelude.Borrow use prelude.UIntSize use prelude.Int @@ -153,32 +153,33 @@ module IteNormalize_Impl6_Clone goto BB15 } BB4 { - _0 <- ([#"../ite_normalize.rs" 56 9 60 9] IteNormalize_Expr_Type.C_False); + [#"../ite_normalize.rs" 56 9 60 9] _0 <- ([#"../ite_normalize.rs" 56 9 60 9] IteNormalize_Expr_Type.C_False); goto BB16 } BB5 { + assert { [#"../ite_normalize.rs" 55 9 55 14] false }; absurd } BB6 { - c_1 <- ([#"../ite_normalize.rs" 57 17 57 18] IteNormalize_Expr_Type.ifthenelse_c self); - t_1 <- ([#"../ite_normalize.rs" 57 31 57 32] IteNormalize_Expr_Type.ifthenelse_t self); - e_1 <- ([#"../ite_normalize.rs" 57 45 57 46] IteNormalize_Expr_Type.ifthenelse_e self); - _9 <- ([#"../ite_normalize.rs" 55 9 55 14] c_1); - _7 <- ([#"../ite_normalize.rs" 55 9 55 14] clone0 ([#"../ite_normalize.rs" 55 9 55 14] _9)); + [#"../ite_normalize.rs" 57 17 57 18] c_1 <- ([#"../ite_normalize.rs" 57 17 57 18] IteNormalize_Expr_Type.ifthenelse_c self); + [#"../ite_normalize.rs" 57 31 57 32] t_1 <- ([#"../ite_normalize.rs" 57 31 57 32] IteNormalize_Expr_Type.ifthenelse_t self); + [#"../ite_normalize.rs" 57 45 57 46] e_1 <- ([#"../ite_normalize.rs" 57 45 57 46] IteNormalize_Expr_Type.ifthenelse_e self); + [#"../ite_normalize.rs" 55 9 55 14] _9 <- ([#"../ite_normalize.rs" 55 9 55 14] c_1); + [#"../ite_normalize.rs" 55 9 55 14] _7 <- ([#"../ite_normalize.rs" 55 9 55 14] clone0 ([#"../ite_normalize.rs" 55 9 55 14] _9)); goto BB7 } BB7 { - _12 <- ([#"../ite_normalize.rs" 55 9 55 14] t_1); - _10 <- ([#"../ite_normalize.rs" 55 9 55 14] clone0 ([#"../ite_normalize.rs" 55 9 55 14] _12)); + [#"../ite_normalize.rs" 55 9 55 14] _12 <- ([#"../ite_normalize.rs" 55 9 55 14] t_1); + [#"../ite_normalize.rs" 55 9 55 14] _10 <- ([#"../ite_normalize.rs" 55 9 55 14] clone0 ([#"../ite_normalize.rs" 55 9 55 14] _12)); goto BB8 } BB8 { - _15 <- ([#"../ite_normalize.rs" 55 9 55 14] e_1); - _13 <- ([#"../ite_normalize.rs" 55 9 55 14] clone0 ([#"../ite_normalize.rs" 55 9 55 14] _15)); + [#"../ite_normalize.rs" 55 9 55 14] _15 <- ([#"../ite_normalize.rs" 55 9 55 14] e_1); + [#"../ite_normalize.rs" 55 9 55 14] _13 <- ([#"../ite_normalize.rs" 55 9 55 14] clone0 ([#"../ite_normalize.rs" 55 9 55 14] _15)); goto BB9 } BB9 { - _0 <- ([#"../ite_normalize.rs" 55 9 55 14] IteNormalize_Expr_Type.C_IfThenElse _7 _10 _13); + [#"../ite_normalize.rs" 55 9 55 14] _0 <- ([#"../ite_normalize.rs" 55 9 55 14] IteNormalize_Expr_Type.C_IfThenElse _7 _10 _13); _7 <- any IteNormalize_Expr_Type.t_expr; _10 <- any IteNormalize_Expr_Type.t_expr; _13 <- any IteNormalize_Expr_Type.t_expr; @@ -194,18 +195,18 @@ module IteNormalize_Impl6_Clone goto BB16 } BB13 { - v_1 <- ([#"../ite_normalize.rs" 58 10 58 11] IteNormalize_Expr_Type.var_v self); - _19 <- ([#"../ite_normalize.rs" 55 9 55 14] v_1); - _17 <- ([#"../ite_normalize.rs" 55 9 55 14] clone1 ([#"../ite_normalize.rs" 55 9 55 14] _19)); + [#"../ite_normalize.rs" 58 10 58 11] v_1 <- ([#"../ite_normalize.rs" 58 10 58 11] IteNormalize_Expr_Type.var_v self); + [#"../ite_normalize.rs" 55 9 55 14] _19 <- ([#"../ite_normalize.rs" 55 9 55 14] v_1); + [#"../ite_normalize.rs" 55 9 55 14] _17 <- ([#"../ite_normalize.rs" 55 9 55 14] clone1 ([#"../ite_normalize.rs" 55 9 55 14] _19)); goto BB14 } BB14 { - _0 <- ([#"../ite_normalize.rs" 55 9 55 14] IteNormalize_Expr_Type.C_Var _17); + [#"../ite_normalize.rs" 55 9 55 14] _0 <- ([#"../ite_normalize.rs" 55 9 55 14] IteNormalize_Expr_Type.C_Var _17); _17 <- any usize; goto BB16 } BB15 { - _0 <- ([#"../ite_normalize.rs" 56 9 59 8] IteNormalize_Expr_Type.C_True); + [#"../ite_normalize.rs" 56 9 59 8] _0 <- ([#"../ite_normalize.rs" 56 9 59 8] IteNormalize_Expr_Type.C_True); goto BB16 } BB16 { @@ -229,7 +230,7 @@ module IteNormalize_Impl5_Variable goto BB0 } BB0 { - _0 <- ([#"../ite_normalize.rs" 102 8 102 23] IteNormalize_Expr_Type.C_Var v); + [#"../ite_normalize.rs" 102 8 102 23] _0 <- ([#"../ite_normalize.rs" 102 8 102 23] IteNormalize_Expr_Type.C_Var ([#"../ite_normalize.rs" 102 20 102 21] v)); return _0 } @@ -248,7 +249,7 @@ module IteNormalize_Impl3_From goto BB0 } BB0 { - _0 <- ([#"../ite_normalize.rs" 81 8 81 25] variable0 a); + [#"../ite_normalize.rs" 81 8 81 25] _0 <- ([#"../ite_normalize.rs" 81 8 81 25] variable0 ([#"../ite_normalize.rs" 81 23 81 24] a)); goto BB1 } BB1 { @@ -267,17 +268,17 @@ module IteNormalize_Impl4_From goto BB0 } BB0 { - switch (b) + switch ([#"../ite_normalize.rs" 87 11 87 12] b) | False -> goto BB2 | True -> goto BB1 end } BB1 { - _0 <- ([#"../ite_normalize.rs" 88 12 88 22] IteNormalize_Expr_Type.C_True); + [#"../ite_normalize.rs" 88 12 88 22] _0 <- ([#"../ite_normalize.rs" 88 12 88 22] IteNormalize_Expr_Type.C_True); goto BB3 } BB2 { - _0 <- ([#"../ite_normalize.rs" 90 12 90 23] IteNormalize_Expr_Type.C_False); + [#"../ite_normalize.rs" 90 12 90 23] _0 <- ([#"../ite_normalize.rs" 90 12 90 23] IteNormalize_Expr_Type.C_False); goto BB3 } BB3 { @@ -311,10 +312,10 @@ module IteNormalize_Impl5_Ite goto BB4 } BB4 { - _0 <- ([#"../ite_normalize.rs" 98 8 98 75] IteNormalize_Expr_Type.C_IfThenElse c t e); - c <- any IteNormalize_Expr_Type.t_expr; - t <- any IteNormalize_Expr_Type.t_expr; - e <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 98 8 98 75] _0 <- ([#"../ite_normalize.rs" 98 8 98 75] IteNormalize_Expr_Type.C_IfThenElse ([#"../ite_normalize.rs" 98 39 98 40] c) ([#"../ite_normalize.rs" 98 55 98 56] t) ([#"../ite_normalize.rs" 98 71 98 72] e)); + [#"../ite_normalize.rs" 98 39 98 40] c <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 98 55 98 56] t <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 98 71 98 72] e <- any IteNormalize_Expr_Type.t_expr; goto BB5 } BB5 { @@ -418,31 +419,32 @@ module IteNormalize_Impl5_Transpose goto BB30 } BB8 { - _0 <- b; - b <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 121 27 121 28] _0 <- ([#"../ite_normalize.rs" 121 27 121 28] b); + [#"../ite_normalize.rs" 121 27 121 28] b <- any IteNormalize_Expr_Type.t_expr; goto BB31 } BB9 { + assert { [#"../ite_normalize.rs" 111 14 111 18] false }; absurd } BB10 { - c <- IteNormalize_Expr_Type.ifthenelse_c self; - self <- (let IteNormalize_Expr_Type.C_IfThenElse x0 x1 x2 = self in IteNormalize_Expr_Type.C_IfThenElse (any IteNormalize_Expr_Type.t_expr) x1 x2); - t <- IteNormalize_Expr_Type.ifthenelse_t self; - self <- (let IteNormalize_Expr_Type.C_IfThenElse x0 x1 x2 = self in IteNormalize_Expr_Type.C_IfThenElse x0 (any IteNormalize_Expr_Type.t_expr) x2); - e <- IteNormalize_Expr_Type.ifthenelse_e self; - self <- (let IteNormalize_Expr_Type.C_IfThenElse x0 x1 x2 = self in IteNormalize_Expr_Type.C_IfThenElse x0 x1 (any IteNormalize_Expr_Type.t_expr)); + [#"../ite_normalize.rs" 112 31 112 32] c <- ([#"../ite_normalize.rs" 112 31 112 32] IteNormalize_Expr_Type.ifthenelse_c self); + [#"../ite_normalize.rs" 112 31 112 32] self <- (let IteNormalize_Expr_Type.C_IfThenElse x0 x1 x2 = self in IteNormalize_Expr_Type.C_IfThenElse (any IteNormalize_Expr_Type.t_expr) x1 x2); + [#"../ite_normalize.rs" 112 34 112 35] t <- ([#"../ite_normalize.rs" 112 34 112 35] IteNormalize_Expr_Type.ifthenelse_t self); + [#"../ite_normalize.rs" 112 34 112 35] self <- (let IteNormalize_Expr_Type.C_IfThenElse x0 x1 x2 = self in IteNormalize_Expr_Type.C_IfThenElse x0 (any IteNormalize_Expr_Type.t_expr) x2); + [#"../ite_normalize.rs" 112 37 112 38] e <- ([#"../ite_normalize.rs" 112 37 112 38] IteNormalize_Expr_Type.ifthenelse_e self); + [#"../ite_normalize.rs" 112 37 112 38] self <- (let IteNormalize_Expr_Type.C_IfThenElse x0 x1 x2 = self in IteNormalize_Expr_Type.C_IfThenElse x0 x1 (any IteNormalize_Expr_Type.t_expr)); assume { resolve0 t }; - _17 <- ([#"../ite_normalize.rs" 114 40 114 49] clone0 ([#"../ite_normalize.rs" 114 40 114 49] a)); + [#"../ite_normalize.rs" 114 40 114 49] _17 <- ([#"../ite_normalize.rs" 114 40 114 49] clone0 ([#"../ite_normalize.rs" 114 40 114 49] a)); goto BB11 } BB11 { - _19 <- ([#"../ite_normalize.rs" 114 51 114 60] clone0 ([#"../ite_normalize.rs" 114 51 114 60] b)); + [#"../ite_normalize.rs" 114 51 114 60] _19 <- ([#"../ite_normalize.rs" 114 51 114 60] clone0 ([#"../ite_normalize.rs" 114 51 114 60] b)); goto BB12 } BB12 { - _15 <- ([#"../ite_normalize.rs" 114 28 114 61] transpose t _17 _19); - t <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 114 28 114 61] _15 <- ([#"../ite_normalize.rs" 114 28 114 61] transpose ([#"../ite_normalize.rs" 114 28 114 61] t) _17 _19); + [#"../ite_normalize.rs" 114 28 114 61] t <- any IteNormalize_Expr_Type.t_expr; _17 <- any IteNormalize_Expr_Type.t_expr; _19 <- any IteNormalize_Expr_Type.t_expr; goto BB13 @@ -452,18 +454,18 @@ module IteNormalize_Impl5_Transpose } BB14 { assume { resolve0 e }; - _22 <- ([#"../ite_normalize.rs" 115 28 115 45] transpose e a b); - e <- any IteNormalize_Expr_Type.t_expr; - a <- any IteNormalize_Expr_Type.t_expr; - b <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 115 28 115 45] _22 <- ([#"../ite_normalize.rs" 115 28 115 45] transpose ([#"../ite_normalize.rs" 115 28 115 45] e) ([#"../ite_normalize.rs" 115 40 115 41] a) ([#"../ite_normalize.rs" 115 43 115 44] b)); + [#"../ite_normalize.rs" 115 28 115 45] e <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 115 40 115 41] a <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 115 43 115 44] b <- any IteNormalize_Expr_Type.t_expr; goto BB15 } BB15 { goto BB16 } BB16 { - _0 <- ([#"../ite_normalize.rs" 112 44 116 13] IteNormalize_Expr_Type.C_IfThenElse c _15 _22); - c <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 112 44 116 13] _0 <- ([#"../ite_normalize.rs" 112 44 116 13] IteNormalize_Expr_Type.C_IfThenElse ([#"../ite_normalize.rs" 113 16 113 17] c) _15 _22); + [#"../ite_normalize.rs" 113 16 113 17] c <- any IteNormalize_Expr_Type.t_expr; _15 <- any IteNormalize_Expr_Type.t_expr; _22 <- any IteNormalize_Expr_Type.t_expr; goto BB17 @@ -496,10 +498,10 @@ module IteNormalize_Impl5_Transpose goto BB26 } BB26 { - _0 <- ([#"../ite_normalize.rs" 118 16 118 86] IteNormalize_Expr_Type.C_IfThenElse self a b); - self <- any IteNormalize_Expr_Type.t_expr; - a <- any IteNormalize_Expr_Type.t_expr; - b <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 118 16 118 86] _0 <- ([#"../ite_normalize.rs" 118 16 118 86] IteNormalize_Expr_Type.C_IfThenElse ([#"../ite_normalize.rs" 118 47 118 51] self) ([#"../ite_normalize.rs" 118 66 118 67] a) ([#"../ite_normalize.rs" 118 82 118 83] b)); + [#"../ite_normalize.rs" 118 47 118 51] self <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 118 66 118 67] a <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 118 82 118 83] b <- any IteNormalize_Expr_Type.t_expr; goto BB27 } BB27 { @@ -512,8 +514,8 @@ module IteNormalize_Impl5_Transpose goto BB31 } BB30 { - _0 <- a; - a <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 120 26 120 27] _0 <- ([#"../ite_normalize.rs" 120 26 120 27] a); + [#"../ite_normalize.rs" 120 26 120 27] a <- any IteNormalize_Expr_Type.t_expr; goto BB31 } BB31 { @@ -588,30 +590,30 @@ module IteNormalize_Impl5_Normalize goto BB3 } BB2 { - e1 <- self; - _0 <- ([#"../ite_normalize.rs" 153 17 153 26] clone0 ([#"../ite_normalize.rs" 153 17 153 26] e1)); + [#"../ite_normalize.rs" 153 12 153 13] e1 <- ([#"../ite_normalize.rs" 153 12 153 13] self); + [#"../ite_normalize.rs" 153 17 153 26] _0 <- ([#"../ite_normalize.rs" 153 17 153 26] clone0 ([#"../ite_normalize.rs" 153 17 153 26] e1)); goto BB11 } BB3 { - c <- ([#"../ite_normalize.rs" 147 31 147 32] IteNormalize_Expr_Type.ifthenelse_c self); - t <- ([#"../ite_normalize.rs" 147 34 147 35] IteNormalize_Expr_Type.ifthenelse_t self); - e <- ([#"../ite_normalize.rs" 147 37 147 38] IteNormalize_Expr_Type.ifthenelse_e self); - cp <- ([#"../ite_normalize.rs" 148 25 148 38] normalize ([#"../ite_normalize.rs" 148 25 148 38] c)); + [#"../ite_normalize.rs" 147 31 147 32] c <- ([#"../ite_normalize.rs" 147 31 147 32] IteNormalize_Expr_Type.ifthenelse_c self); + [#"../ite_normalize.rs" 147 34 147 35] t <- ([#"../ite_normalize.rs" 147 34 147 35] IteNormalize_Expr_Type.ifthenelse_t self); + [#"../ite_normalize.rs" 147 37 147 38] e <- ([#"../ite_normalize.rs" 147 37 147 38] IteNormalize_Expr_Type.ifthenelse_e self); + [#"../ite_normalize.rs" 148 25 148 38] cp <- ([#"../ite_normalize.rs" 148 25 148 38] normalize ([#"../ite_normalize.rs" 148 25 148 38] c)); goto BB4 } BB4 { - tp <- ([#"../ite_normalize.rs" 149 25 149 38] normalize ([#"../ite_normalize.rs" 149 25 149 38] t)); + [#"../ite_normalize.rs" 149 25 149 38] tp <- ([#"../ite_normalize.rs" 149 25 149 38] normalize ([#"../ite_normalize.rs" 149 25 149 38] t)); goto BB5 } BB5 { - ep <- ([#"../ite_normalize.rs" 150 25 150 38] normalize ([#"../ite_normalize.rs" 150 25 150 38] e)); + [#"../ite_normalize.rs" 150 25 150 38] ep <- ([#"../ite_normalize.rs" 150 25 150 38] normalize ([#"../ite_normalize.rs" 150 25 150 38] e)); goto BB6 } BB6 { - _0 <- ([#"../ite_normalize.rs" 151 16 151 36] transpose0 cp tp ep); - cp <- any IteNormalize_Expr_Type.t_expr; - tp <- any IteNormalize_Expr_Type.t_expr; - ep <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 151 16 151 36] _0 <- ([#"../ite_normalize.rs" 151 16 151 36] transpose0 ([#"../ite_normalize.rs" 151 16 151 18] cp) ([#"../ite_normalize.rs" 151 29 151 31] tp) ([#"../ite_normalize.rs" 151 33 151 35] ep)); + [#"../ite_normalize.rs" 151 16 151 18] cp <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 151 29 151 31] tp <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 151 33 151 35] ep <- any IteNormalize_Expr_Type.t_expr; goto BB7 } BB7 { @@ -645,7 +647,7 @@ module IteNormalize_Impl5_SimplifyHelper val inv6 (_x : Core_Option_Option_Type.t_option bool) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../ite_normalize.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option bool . inv6 x = true + axiom inv6 : forall x : Core_Option_Option_Type.t_option bool . inv6 x = true use prelude.Int predicate invariant5 (self : int) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -656,7 +658,7 @@ module IteNormalize_Impl5_SimplifyHelper val inv5 (_x : int) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../ite_normalize.rs" 1 0 1 0] forall x : int . inv5 x = true + axiom inv5 : forall x : int . inv5 x = true predicate invariant4 (self : bool) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant4 (self : bool) : bool @@ -666,7 +668,7 @@ module IteNormalize_Impl5_SimplifyHelper val inv4 (_x : bool) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../ite_normalize.rs" 1 0 1 0] forall x : bool . inv4 x = true + axiom inv4 : forall x : bool . inv4 x = true use prelude.UIntSize predicate invariant3 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -677,7 +679,7 @@ module IteNormalize_Impl5_SimplifyHelper val inv3 (_x : usize) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../ite_normalize.rs" 1 0 1 0] forall x : usize . inv3 x = true + axiom inv3 : forall x : usize . inv3 x = true predicate invariant2 (self : Core_Option_Option_Type.t_option bool) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : Core_Option_Option_Type.t_option bool) : bool @@ -687,7 +689,7 @@ module IteNormalize_Impl5_SimplifyHelper val inv2 (_x : Core_Option_Option_Type.t_option bool) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../ite_normalize.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option bool . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option bool . inv2 x = true predicate invariant1 (self : bool) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : bool) : bool @@ -697,7 +699,7 @@ module IteNormalize_Impl5_SimplifyHelper val inv1 (_x : bool) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../ite_normalize.rs" 1 0 1 0] forall x : bool . inv1 x = true + axiom inv1 : forall x : bool . inv1 x = true predicate invariant0 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : usize) : bool @@ -707,7 +709,7 @@ module IteNormalize_Impl5_SimplifyHelper val inv0 (_x : usize) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../ite_normalize.rs" 1 0 1 0] forall x : usize . inv0 x = true + axiom inv0 : forall x : usize . inv0 x = true use prelude.Int use IteNormalize_Expr_Type as IteNormalize_Expr_Type predicate does_not_contain0 [#"../ite_normalize.rs" 169 4 169 48] (self : IteNormalize_Expr_Type.t_expr) (vp : usize) @@ -864,19 +866,19 @@ module IteNormalize_Impl5_SimplifyHelper goto BB42 } BB6 { - c2 <- self; - self <- any IteNormalize_Expr_Type.t_expr; - _0 <- c2; - c2 <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 229 12 229 13] c2 <- ([#"../ite_normalize.rs" 229 12 229 13] self); + [#"../ite_normalize.rs" 229 12 229 13] self <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 229 17 229 18] _0 <- ([#"../ite_normalize.rs" 229 17 229 18] c2); + [#"../ite_normalize.rs" 229 17 229 18] c2 <- any IteNormalize_Expr_Type.t_expr; goto BB51 } BB7 { - c <- IteNormalize_Expr_Type.ifthenelse_c self; - self <- (let IteNormalize_Expr_Type.C_IfThenElse x0 x1 x2 = self in IteNormalize_Expr_Type.C_IfThenElse (any IteNormalize_Expr_Type.t_expr) x1 x2); - t <- IteNormalize_Expr_Type.ifthenelse_t self; - self <- (let IteNormalize_Expr_Type.C_IfThenElse x0 x1 x2 = self in IteNormalize_Expr_Type.C_IfThenElse x0 (any IteNormalize_Expr_Type.t_expr) x2); - e <- IteNormalize_Expr_Type.ifthenelse_e self; - self <- (let IteNormalize_Expr_Type.C_IfThenElse x0 x1 x2 = self in IteNormalize_Expr_Type.C_IfThenElse x0 x1 (any IteNormalize_Expr_Type.t_expr)); + [#"../ite_normalize.rs" 191 31 191 32] c <- ([#"../ite_normalize.rs" 191 31 191 32] IteNormalize_Expr_Type.ifthenelse_c self); + [#"../ite_normalize.rs" 191 31 191 32] self <- (let IteNormalize_Expr_Type.C_IfThenElse x0 x1 x2 = self in IteNormalize_Expr_Type.C_IfThenElse (any IteNormalize_Expr_Type.t_expr) x1 x2); + [#"../ite_normalize.rs" 191 34 191 35] t <- ([#"../ite_normalize.rs" 191 34 191 35] IteNormalize_Expr_Type.ifthenelse_t self); + [#"../ite_normalize.rs" 191 34 191 35] self <- (let IteNormalize_Expr_Type.C_IfThenElse x0 x1 x2 = self in IteNormalize_Expr_Type.C_IfThenElse x0 (any IteNormalize_Expr_Type.t_expr) x2); + [#"../ite_normalize.rs" 191 37 191 38] e <- ([#"../ite_normalize.rs" 191 37 191 38] IteNormalize_Expr_Type.ifthenelse_e self); + [#"../ite_normalize.rs" 191 37 191 38] self <- (let IteNormalize_Expr_Type.C_IfThenElse x0 x1 x2 = self in IteNormalize_Expr_Type.C_IfThenElse x0 x1 (any IteNormalize_Expr_Type.t_expr)); switch (c) | IteNormalize_Expr_Type.C_Var _ -> goto BB9 | _ -> goto BB8 @@ -885,21 +887,21 @@ module IteNormalize_Impl5_SimplifyHelper BB8 { assume { resolve0 e }; assume { resolve0 t }; - c1 <- c; - c <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 215 20 215 21] c1 <- ([#"../ite_normalize.rs" 215 20 215 21] c); + [#"../ite_normalize.rs" 215 20 215 21] c <- any IteNormalize_Expr_Type.t_expr; assume { resolve0 c }; - _0 <- ([#"../ite_normalize.rs" 215 25 215 49] simplify_helper c1 state); - c1 <- any IteNormalize_Expr_Type.t_expr; - state <- any IteNormalize_BTreeMap_Type.t_btreemap usize bool; + [#"../ite_normalize.rs" 215 25 215 49] _0 <- ([#"../ite_normalize.rs" 215 25 215 49] simplify_helper ([#"../ite_normalize.rs" 215 25 215 26] c1) ([#"../ite_normalize.rs" 215 43 215 48] state)); + [#"../ite_normalize.rs" 215 25 215 26] c1 <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 215 43 215 48] state <- any IteNormalize_BTreeMap_Type.t_btreemap usize bool; goto BB36 } BB9 { goto BB10 } BB10 { - v <- IteNormalize_Expr_Type.var_v c; - _16 <- ([#"../ite_normalize.rs" 194 51 194 53] v); - _13 <- ([#"../ite_normalize.rs" 194 41 194 54] get0 ([#"../ite_normalize.rs" 194 41 194 54] state) ([#"../ite_normalize.rs" 194 51 194 53] _16)); + [#"../ite_normalize.rs" 193 32 193 33] v <- ([#"../ite_normalize.rs" 193 32 193 33] IteNormalize_Expr_Type.var_v c); + [#"../ite_normalize.rs" 194 51 194 53] _16 <- ([#"../ite_normalize.rs" 194 51 194 53] v); + [#"../ite_normalize.rs" 194 41 194 54] _13 <- ([#"../ite_normalize.rs" 194 41 194 54] get0 ([#"../ite_normalize.rs" 194 41 194 54] state) ([#"../ite_normalize.rs" 194 51 194 53] _16)); goto BB11 } BB11 { @@ -913,8 +915,8 @@ module IteNormalize_Impl5_SimplifyHelper } BB13 { assume { resolve0 c }; - b <- Core_Option_Option_Type.some_0 _13; - switch (b) + [#"../ite_normalize.rs" 194 36 194 37] b <- ([#"../ite_normalize.rs" 194 36 194 37] Core_Option_Option_Type.some_0 _13); + switch ([#"../ite_normalize.rs" 195 31 195 33] b) | False -> goto BB16 | True -> goto BB14 end @@ -922,9 +924,9 @@ module IteNormalize_Impl5_SimplifyHelper BB14 { assume { resolve0 e }; assume { resolve0 t }; - _0 <- ([#"../ite_normalize.rs" 196 32 196 56] simplify_helper t state); - t <- any IteNormalize_Expr_Type.t_expr; - state <- any IteNormalize_BTreeMap_Type.t_btreemap usize bool; + [#"../ite_normalize.rs" 196 32 196 56] _0 <- ([#"../ite_normalize.rs" 196 32 196 56] simplify_helper ([#"../ite_normalize.rs" 196 32 196 56] t) ([#"../ite_normalize.rs" 196 50 196 55] state)); + [#"../ite_normalize.rs" 196 32 196 56] t <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 196 50 196 55] state <- any IteNormalize_BTreeMap_Type.t_btreemap usize bool; goto BB15 } BB15 { @@ -933,9 +935,9 @@ module IteNormalize_Impl5_SimplifyHelper BB16 { assume { resolve0 t }; assume { resolve0 e }; - _0 <- ([#"../ite_normalize.rs" 198 32 198 56] simplify_helper e state); - e <- any IteNormalize_Expr_Type.t_expr; - state <- any IteNormalize_BTreeMap_Type.t_btreemap usize bool; + [#"../ite_normalize.rs" 198 32 198 56] _0 <- ([#"../ite_normalize.rs" 198 32 198 56] simplify_helper ([#"../ite_normalize.rs" 198 32 198 56] e) ([#"../ite_normalize.rs" 198 50 198 55] state)); + [#"../ite_normalize.rs" 198 32 198 56] e <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 198 50 198 55] state <- any IteNormalize_BTreeMap_Type.t_btreemap usize bool; goto BB17 } BB17 { @@ -945,39 +947,39 @@ module IteNormalize_Impl5_SimplifyHelper goto BB35 } BB19 { - state_t <- ([#"../ite_normalize.rs" 202 46 202 59] clone0 ([#"../ite_normalize.rs" 202 46 202 59] state)); + [#"../ite_normalize.rs" 202 46 202 59] state_t <- ([#"../ite_normalize.rs" 202 46 202 59] clone0 ([#"../ite_normalize.rs" 202 46 202 59] state)); goto BB20 } BB20 { - _27 <- Borrow.borrow_mut state_t; - state_t <- ^ _27; - _26 <- ([#"../ite_normalize.rs" 203 28 203 51] insert0 _27 v ([#"../ite_normalize.rs" 203 46 203 50] [#"../ite_normalize.rs" 203 46 203 50] true)); + [#"../ite_normalize.rs" 203 28 203 51] _27 <- Borrow.borrow_mut state_t; + [#"../ite_normalize.rs" 203 28 203 51] state_t <- ^ _27; + [#"../ite_normalize.rs" 203 28 203 51] _26 <- ([#"../ite_normalize.rs" 203 28 203 51] insert0 _27 ([#"../ite_normalize.rs" 203 43 203 44] v) ([#"../ite_normalize.rs" 203 46 203 50] [#"../ite_normalize.rs" 203 46 203 50] true)); _27 <- any borrowed (IteNormalize_BTreeMap_Type.t_btreemap usize bool); goto BB21 } BB21 { assume { resolve0 t }; - tp <- ([#"../ite_normalize.rs" 204 37 204 63] simplify_helper t state_t); - t <- any IteNormalize_Expr_Type.t_expr; - state_t <- any IteNormalize_BTreeMap_Type.t_btreemap usize bool; + [#"../ite_normalize.rs" 204 37 204 63] tp <- ([#"../ite_normalize.rs" 204 37 204 63] simplify_helper ([#"../ite_normalize.rs" 204 37 204 63] t) ([#"../ite_normalize.rs" 204 55 204 62] state_t)); + [#"../ite_normalize.rs" 204 37 204 63] t <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 204 55 204 62] state_t <- any IteNormalize_BTreeMap_Type.t_btreemap usize bool; goto BB22 } BB22 { - state_e <- ([#"../ite_normalize.rs" 207 46 207 59] clone0 ([#"../ite_normalize.rs" 207 46 207 59] state)); + [#"../ite_normalize.rs" 207 46 207 59] state_e <- ([#"../ite_normalize.rs" 207 46 207 59] clone0 ([#"../ite_normalize.rs" 207 46 207 59] state)); goto BB23 } BB23 { - _35 <- Borrow.borrow_mut state_e; - state_e <- ^ _35; - _34 <- ([#"../ite_normalize.rs" 208 28 208 52] insert0 _35 v ([#"../ite_normalize.rs" 208 46 208 51] [#"../ite_normalize.rs" 208 46 208 51] false)); + [#"../ite_normalize.rs" 208 28 208 52] _35 <- Borrow.borrow_mut state_e; + [#"../ite_normalize.rs" 208 28 208 52] state_e <- ^ _35; + [#"../ite_normalize.rs" 208 28 208 52] _34 <- ([#"../ite_normalize.rs" 208 28 208 52] insert0 _35 ([#"../ite_normalize.rs" 208 43 208 44] v) ([#"../ite_normalize.rs" 208 46 208 51] [#"../ite_normalize.rs" 208 46 208 51] false)); _35 <- any borrowed (IteNormalize_BTreeMap_Type.t_btreemap usize bool); goto BB24 } BB24 { assume { resolve0 e }; - ep <- ([#"../ite_normalize.rs" 209 37 209 63] simplify_helper e state_e); - e <- any IteNormalize_Expr_Type.t_expr; - state_e <- any IteNormalize_BTreeMap_Type.t_btreemap usize bool; + [#"../ite_normalize.rs" 209 37 209 63] ep <- ([#"../ite_normalize.rs" 209 37 209 63] simplify_helper ([#"../ite_normalize.rs" 209 37 209 63] e) ([#"../ite_normalize.rs" 209 55 209 62] state_e)); + [#"../ite_normalize.rs" 209 37 209 63] e <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 209 55 209 62] state_e <- any IteNormalize_BTreeMap_Type.t_btreemap usize bool; goto BB25 } BB25 { @@ -987,10 +989,10 @@ module IteNormalize_Impl5_SimplifyHelper goto BB27 } BB27 { - _0 <- ([#"../ite_normalize.rs" 212 28 212 84] IteNormalize_Expr_Type.C_IfThenElse c tp ep); - c <- any IteNormalize_Expr_Type.t_expr; - tp <- any IteNormalize_Expr_Type.t_expr; - ep <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 212 28 212 84] _0 <- ([#"../ite_normalize.rs" 212 28 212 84] IteNormalize_Expr_Type.C_IfThenElse ([#"../ite_normalize.rs" 212 47 212 48] c) ([#"../ite_normalize.rs" 212 62 212 64] tp) ([#"../ite_normalize.rs" 212 79 212 81] ep)); + [#"../ite_normalize.rs" 212 47 212 48] c <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 212 62 212 64] tp <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 212 79 212 81] ep <- any IteNormalize_Expr_Type.t_expr; goto BB28 } BB28 { @@ -1036,9 +1038,9 @@ module IteNormalize_Impl5_SimplifyHelper goto BB52 } BB42 { - v1 <- IteNormalize_Expr_Type.var_v self; - _52 <- ([#"../ite_normalize.rs" 219 43 219 45] v1); - _49 <- ([#"../ite_normalize.rs" 219 33 219 46] get0 ([#"../ite_normalize.rs" 219 33 219 46] state) ([#"../ite_normalize.rs" 219 43 219 45] _52)); + [#"../ite_normalize.rs" 218 24 218 25] v1 <- ([#"../ite_normalize.rs" 218 24 218 25] IteNormalize_Expr_Type.var_v self); + [#"../ite_normalize.rs" 219 43 219 45] _52 <- ([#"../ite_normalize.rs" 219 43 219 45] v1); + [#"../ite_normalize.rs" 219 33 219 46] _49 <- ([#"../ite_normalize.rs" 219 33 219 46] get0 ([#"../ite_normalize.rs" 219 33 219 46] state) ([#"../ite_normalize.rs" 219 43 219 45] _52)); goto BB43 } BB43 { @@ -1051,25 +1053,25 @@ module IteNormalize_Impl5_SimplifyHelper goto BB45 } BB45 { - b1 <- Core_Option_Option_Type.some_0 _49; - switch (b1) + [#"../ite_normalize.rs" 219 28 219 29] b1 <- ([#"../ite_normalize.rs" 219 28 219 29] Core_Option_Option_Type.some_0 _49); + switch ([#"../ite_normalize.rs" 220 23 220 25] b1) | False -> goto BB47 | True -> goto BB46 end } BB46 { - _0 <- ([#"../ite_normalize.rs" 221 24 221 34] IteNormalize_Expr_Type.C_True); + [#"../ite_normalize.rs" 221 24 221 34] _0 <- ([#"../ite_normalize.rs" 221 24 221 34] IteNormalize_Expr_Type.C_True); goto BB48 } BB47 { - _0 <- ([#"../ite_normalize.rs" 223 24 223 35] IteNormalize_Expr_Type.C_False); + [#"../ite_normalize.rs" 223 24 223 35] _0 <- ([#"../ite_normalize.rs" 223 24 223 35] IteNormalize_Expr_Type.C_False); goto BB48 } BB48 { goto BB50 } BB49 { - _0 <- ([#"../ite_normalize.rs" 226 20 226 35] IteNormalize_Expr_Type.C_Var v1); + [#"../ite_normalize.rs" 226 20 226 35] _0 <- ([#"../ite_normalize.rs" 226 20 226 35] IteNormalize_Expr_Type.C_Var ([#"../ite_normalize.rs" 226 32 226 33] v1)); goto BB50 } BB50 { @@ -1159,12 +1161,12 @@ module IteNormalize_Impl5_Simplify goto BB1 } BB1 { - _5 <- ([#"../ite_normalize.rs" 182 29 182 44] new0 ()); + [#"../ite_normalize.rs" 182 29 182 44] _5 <- ([#"../ite_normalize.rs" 182 29 182 44] new0 ()); goto BB2 } BB2 { - _0 <- ([#"../ite_normalize.rs" 182 8 182 45] simplify_helper0 self _5); - self <- any IteNormalize_Expr_Type.t_expr; + [#"../ite_normalize.rs" 182 8 182 45] _0 <- ([#"../ite_normalize.rs" 182 8 182 45] simplify_helper0 ([#"../ite_normalize.rs" 182 8 182 12] self) _5); + [#"../ite_normalize.rs" 182 8 182 12] self <- any IteNormalize_Expr_Type.t_expr; _5 <- any IteNormalize_BTreeMap_Type.t_btreemap usize bool; goto BB3 } @@ -1188,7 +1190,7 @@ module IteNormalize_Impl1 val inv1 (_x : IteNormalize_BTreeMap_Type.t_btreemap k v) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../ite_normalize.rs" 1 0 1 0] forall x : IteNormalize_BTreeMap_Type.t_btreemap k v . inv1 x = true + axiom inv1 : forall x : IteNormalize_BTreeMap_Type.t_btreemap k v . inv1 x = true predicate invariant0 (self : IteNormalize_BTreeMap_Type.t_btreemap k v) val invariant0 (self : IteNormalize_BTreeMap_Type.t_btreemap k v) : bool ensures { result = invariant0 self } @@ -1197,7 +1199,7 @@ module IteNormalize_Impl1 val inv0 (_x : IteNormalize_BTreeMap_Type.t_btreemap k v) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../ite_normalize.rs" 1 0 1 0] forall x : IteNormalize_BTreeMap_Type.t_btreemap k v . inv0 x = true + axiom inv0 : forall x : IteNormalize_BTreeMap_Type.t_btreemap k v . inv0 x = true use prelude.Borrow goal clone'_refn : [#"../ite_normalize.rs" 39 4 39 27] forall self : IteNormalize_BTreeMap_Type.t_btreemap k v . inv0 self -> (forall result : IteNormalize_BTreeMap_Type.t_btreemap k v . self = result -> inv1 result /\ result = self) end @@ -1212,7 +1214,7 @@ module IteNormalize_Impl6 val inv1 (_x : IteNormalize_Expr_Type.t_expr) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../ite_normalize.rs" 1 0 1 0] forall x : IteNormalize_Expr_Type.t_expr . inv1 x = true + axiom inv1 : forall x : IteNormalize_Expr_Type.t_expr . inv1 x = true predicate invariant0 (self : IteNormalize_Expr_Type.t_expr) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : IteNormalize_Expr_Type.t_expr) : bool @@ -1222,7 +1224,7 @@ module IteNormalize_Impl6 val inv0 (_x : IteNormalize_Expr_Type.t_expr) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../ite_normalize.rs" 1 0 1 0] forall x : IteNormalize_Expr_Type.t_expr . inv0 x = true + axiom inv0 : forall x : IteNormalize_Expr_Type.t_expr . inv0 x = true use prelude.Borrow goal clone'_refn : [#"../ite_normalize.rs" 55 9 55 14] forall self : IteNormalize_Expr_Type.t_expr . inv0 self -> (forall result : IteNormalize_Expr_Type.t_expr . result = self -> inv1 result /\ result = self) end @@ -1244,7 +1246,7 @@ module IteNormalize_Impl3 val inv1 (_x : IteNormalize_Expr_Type.t_expr) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../ite_normalize.rs" 1 0 1 0] forall x : IteNormalize_Expr_Type.t_expr . inv1 x = true + axiom inv1 : forall x : IteNormalize_Expr_Type.t_expr . inv1 x = true use prelude.UIntSize predicate invariant0 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1255,7 +1257,7 @@ module IteNormalize_Impl3 val inv0 (_x : usize) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../ite_normalize.rs" 1 0 1 0] forall x : usize . inv0 x = true + axiom inv0 : forall x : usize . inv0 x = true use prelude.Int goal from_refn : [#"../ite_normalize.rs" 80 4 80 29] forall value : usize . inv0 value -> (forall result : IteNormalize_Expr_Type.t_expr . inv1 result) end @@ -1270,7 +1272,7 @@ module IteNormalize_Impl4 val inv1 (_x : IteNormalize_Expr_Type.t_expr) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../ite_normalize.rs" 1 0 1 0] forall x : IteNormalize_Expr_Type.t_expr . inv1 x = true + axiom inv1 : forall x : IteNormalize_Expr_Type.t_expr . inv1 x = true predicate invariant0 (self : bool) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : bool) : bool @@ -1280,6 +1282,6 @@ module IteNormalize_Impl4 val inv0 (_x : bool) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../ite_normalize.rs" 1 0 1 0] forall x : bool . inv0 x = true + axiom inv0 : forall x : bool . inv0 x = true goal from_refn : [#"../ite_normalize.rs" 86 4 86 28] forall value : bool . inv0 value -> (forall result : IteNormalize_Expr_Type.t_expr . inv1 result) end diff --git a/creusot/tests/should_succeed/iterators/01_range.mlcfg b/creusot/tests/should_succeed/iterators/01_range.mlcfg index e834ec9914..185bf9aa95 100644 --- a/creusot/tests/should_succeed/iterators/01_range.mlcfg +++ b/creusot/tests/should_succeed/iterators/01_range.mlcfg @@ -113,21 +113,21 @@ module C01Range_Impl0_Next goto BB0 } BB0 { - switch ([#"../01_range.rs" 58 11 58 33] C01Range_Range_Type.range_start ( * self) >= C01Range_Range_Type.range_end ( * self)) + switch ([#"../01_range.rs" 58 11 58 33] ([#"../01_range.rs" 58 11 58 21] C01Range_Range_Type.range_start ( * self)) >= ([#"../01_range.rs" 58 25 58 33] C01Range_Range_Type.range_end ( * self))) | False -> goto BB2 | True -> goto BB1 end } BB1 { assume { resolve0 self }; - _0 <- ([#"../01_range.rs" 59 12 59 16] Core_Option_Option_Type.C_None); + [#"../01_range.rs" 59 12 59 16] _0 <- ([#"../01_range.rs" 59 12 59 16] Core_Option_Option_Type.C_None); goto BB3 } BB2 { - r <- C01Range_Range_Type.range_start ( * self); - self <- { self with current = (let C01Range_Range_Type.C_Range x0 x1 = * self in C01Range_Range_Type.C_Range ([#"../01_range.rs" 62 12 62 27] C01Range_Range_Type.range_start ( * self) + ([#"../01_range.rs" 62 26 62 27] [#"../01_range.rs" 62 26 62 27] (1 : isize))) x1) }; + [#"../01_range.rs" 61 20 61 30] r <- ([#"../01_range.rs" 61 20 61 30] C01Range_Range_Type.range_start ( * self)); + [#"../01_range.rs" 62 12 62 27] self <- { self with current = (let C01Range_Range_Type.C_Range x0 x1 = * self in C01Range_Range_Type.C_Range ([#"../01_range.rs" 62 12 62 27] C01Range_Range_Type.range_start ( * self) + ([#"../01_range.rs" 62 26 62 27] [#"../01_range.rs" 62 26 62 27] (1 : isize))) x1) }; assume { resolve0 self }; - _0 <- ([#"../01_range.rs" 63 12 63 19] Core_Option_Option_Type.C_Some r); + [#"../01_range.rs" 63 12 63 19] _0 <- ([#"../01_range.rs" 63 12 63 19] Core_Option_Option_Type.C_Some ([#"../01_range.rs" 63 17 63 18] r)); goto BB3 } BB3 { @@ -147,8 +147,8 @@ module C01Range_Impl1_IntoIter goto BB0 } BB0 { - _0 <- self; - self <- any C01Range_Range_Type.t_range; + [#"../01_range.rs" 71 8 71 12] _0 <- ([#"../01_range.rs" 71 8 71 12] self); + [#"../01_range.rs" 71 8 71 12] self <- any C01Range_Range_Type.t_range; return _0 } @@ -195,7 +195,7 @@ module C01Range_SumRange val inv0 (_x : C01Range_Range_Type.t_range) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../01_range.rs" 1 0 1 0] forall x : C01Range_Range_Type.t_range . inv0 x = true + axiom inv0 : forall x : C01Range_Range_Type.t_range . inv0 x = true use prelude.Ghost use seq.Seq use Core_Option_Option_Type as Core_Option_Option_Type @@ -243,16 +243,16 @@ module C01Range_SumRange goto BB0 } BB0 { - i <- ([#"../01_range.rs" 78 16 78 17] [#"../01_range.rs" 78 16 78 17] (0 : isize)); - it <- ([#"../01_range.rs" 79 17 79 55] into_iter0 ([#"../01_range.rs" 79 17 79 43] C01Range_Range_Type.C_Range ([#"../01_range.rs" 79 32 79 33] [#"../01_range.rs" 79 32 79 33] (0 : isize)) n)); + [#"../01_range.rs" 78 16 78 17] i <- ([#"../01_range.rs" 78 16 78 17] [#"../01_range.rs" 78 16 78 17] (0 : isize)); + [#"../01_range.rs" 79 17 79 55] it <- ([#"../01_range.rs" 79 17 79 55] into_iter0 ([#"../01_range.rs" 79 17 79 43] C01Range_Range_Type.C_Range ([#"../01_range.rs" 79 32 79 33] [#"../01_range.rs" 79 32 79 33] (0 : isize)) ([#"../01_range.rs" 79 40 79 41] n))); goto BB1 } BB1 { - iter_old <- ([#"../01_range.rs" 80 19 80 29] Ghost.new it); + [#"../01_range.rs" 80 19 80 29] iter_old <- ([#"../01_range.rs" 80 19 80 29] Ghost.new it); goto BB2 } BB2 { - produced <- ([#"../01_range.rs" 81 23 81 41] Ghost.new (Seq.empty )); + [#"../01_range.rs" 81 23 81 41] produced <- ([#"../01_range.rs" 81 23 81 41] Ghost.new (Seq.empty )); goto BB3 } BB3 { @@ -265,9 +265,9 @@ module C01Range_SumRange goto BB5 } BB5 { - _18 <- Borrow.borrow_mut it; - it <- ^ _18; - _17 <- ([#"../01_range.rs" 86 14 86 23] next0 _18); + [#"../01_range.rs" 86 14 86 23] _18 <- Borrow.borrow_mut it; + [#"../01_range.rs" 86 14 86 23] it <- ^ _18; + [#"../01_range.rs" 86 14 86 23] _17 <- ([#"../01_range.rs" 86 14 86 23] next0 _18); _18 <- any borrowed (C01Range_Range_Type.t_range); goto BB6 } @@ -278,24 +278,25 @@ module C01Range_SumRange end } BB7 { - _0 <- i; + [#"../01_range.rs" 94 4 94 5] _0 <- ([#"../01_range.rs" 94 4 94 5] i); return _0 } BB8 { goto BB10 } BB9 { + assert { [#"../01_range.rs" 86 14 86 23] false }; absurd } BB10 { - x <- Core_Option_Option_Type.some_0 _17; - _21 <- ([#"../01_range.rs" 88 27 88 69] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton x))); + [#"../01_range.rs" 87 17 87 18] x <- ([#"../01_range.rs" 87 17 87 18] Core_Option_Option_Type.some_0 _17); + [#"../01_range.rs" 88 27 88 69] _21 <- ([#"../01_range.rs" 88 27 88 69] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton x))); goto BB11 } BB11 { - produced <- _21; - _21 <- any Ghost.ghost_ty (Seq.seq isize); - i <- ([#"../01_range.rs" 89 16 89 22] i + ([#"../01_range.rs" 89 21 89 22] [#"../01_range.rs" 89 21 89 22] (1 : isize))); + [#"../01_range.rs" 88 16 88 69] produced <- ([#"../01_range.rs" 88 16 88 69] _21); + [#"../01_range.rs" 88 16 88 69] _21 <- any Ghost.ghost_ty (Seq.seq isize); + [#"../01_range.rs" 89 16 89 22] i <- ([#"../01_range.rs" 89 16 89 22] i + ([#"../01_range.rs" 89 21 89 22] [#"../01_range.rs" 89 21 89 22] (1 : isize))); goto BB4 } @@ -312,7 +313,7 @@ module C01Range_Impl0 val inv3 (_x : Core_Option_Option_Type.t_option isize) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../01_range.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option isize . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option isize . inv3 x = true use C01Range_Range_Type as C01Range_Range_Type use prelude.Borrow predicate invariant2 (self : borrowed (C01Range_Range_Type.t_range)) = @@ -324,7 +325,7 @@ module C01Range_Impl0 val inv2 (_x : borrowed (C01Range_Range_Type.t_range)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../01_range.rs" 1 0 1 0] forall x : borrowed (C01Range_Range_Type.t_range) . inv2 x = true + axiom inv2 : forall x : borrowed (C01Range_Range_Type.t_range) . inv2 x = true use seq.Seq predicate invariant1 (self : Seq.seq isize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -335,7 +336,7 @@ module C01Range_Impl0 val inv1 (_x : Seq.seq isize) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../01_range.rs" 1 0 1 0] forall x : Seq.seq isize . inv1 x = true + axiom inv1 : forall x : Seq.seq isize . inv1 x = true predicate invariant0 (self : C01Range_Range_Type.t_range) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : C01Range_Range_Type.t_range) : bool @@ -345,7 +346,7 @@ module C01Range_Impl0 val inv0 (_x : C01Range_Range_Type.t_range) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../01_range.rs" 1 0 1 0] forall x : C01Range_Range_Type.t_range . inv0 x = true + axiom inv0 : forall x : C01Range_Range_Type.t_range . inv0 x = true use seq.Seq use prelude.Int predicate resolve0 (self : borrowed (C01Range_Range_Type.t_range)) = diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut.mlcfg b/creusot/tests/should_succeed/iterators/02_iter_mut.mlcfg index 990e3bbc0a..e05fed1990 100644 --- a/creusot/tests/should_succeed/iterators/02_iter_mut.mlcfg +++ b/creusot/tests/should_succeed/iterators/02_iter_mut.mlcfg @@ -21,7 +21,7 @@ module C02IterMut_Impl1_ProducesRefl_Impl val inv4 (_x : Seq.seq t) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : Seq.seq t . inv4 x = true + axiom inv4 : forall x : Seq.seq t . inv4 x = true use prelude.Slice predicate invariant3 (self : slice t) val invariant3 (self : slice t) : bool @@ -31,7 +31,7 @@ module C02IterMut_Impl1_ProducesRefl_Impl val inv3 (_x : slice t) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : slice t . inv3 x = true + axiom inv3 : forall x : slice t . inv3 x = true use prelude.Borrow predicate invariant2 (self : Seq.seq (borrowed t)) val invariant2 (self : Seq.seq (borrowed t)) : bool @@ -41,7 +41,7 @@ module C02IterMut_Impl1_ProducesRefl_Impl val inv2 (_x : Seq.seq (borrowed t)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : Seq.seq (borrowed t) . inv2 x = true + axiom inv2 : forall x : Seq.seq (borrowed t) . inv2 x = true predicate invariant1 (self : borrowed (slice t)) val invariant1 (self : borrowed (slice t)) : bool ensures { result = invariant1 self } @@ -50,7 +50,7 @@ module C02IterMut_Impl1_ProducesRefl_Impl val inv1 (_x : borrowed (slice t)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : borrowed (slice t) . inv1 x = true + axiom inv1 : forall x : borrowed (slice t) . inv1 x = true use seq.Seq use prelude.UIntSize use prelude.Slice @@ -74,7 +74,7 @@ module C02IterMut_Impl1_ProducesRefl_Impl val inv0 (_x : C02IterMut_IterMut_Type.t_itermut t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : C02IterMut_IterMut_Type.t_itermut t . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : C02IterMut_IterMut_Type.t_itermut t . inv0 x = (invariant0 x /\ match x with | C02IterMut_IterMut_Type.C_IterMut inner -> true end) use seq.Seq @@ -124,7 +124,7 @@ module C02IterMut_Impl1_ProducesTrans_Impl val inv4 (_x : Seq.seq t) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : Seq.seq t . inv4 x = true + axiom inv4 : forall x : Seq.seq t . inv4 x = true use prelude.Slice predicate invariant3 (self : slice t) val invariant3 (self : slice t) : bool @@ -134,7 +134,7 @@ module C02IterMut_Impl1_ProducesTrans_Impl val inv3 (_x : slice t) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : slice t . inv3 x = true + axiom inv3 : forall x : slice t . inv3 x = true use prelude.Borrow predicate invariant2 (self : borrowed (slice t)) val invariant2 (self : borrowed (slice t)) : bool @@ -144,7 +144,7 @@ module C02IterMut_Impl1_ProducesTrans_Impl val inv2 (_x : borrowed (slice t)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : borrowed (slice t) . inv2 x = true + axiom inv2 : forall x : borrowed (slice t) . inv2 x = true predicate invariant1 (self : Seq.seq (borrowed t)) val invariant1 (self : Seq.seq (borrowed t)) : bool ensures { result = invariant1 self } @@ -153,7 +153,7 @@ module C02IterMut_Impl1_ProducesTrans_Impl val inv1 (_x : Seq.seq (borrowed t)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : Seq.seq (borrowed t) . inv1 x = true + axiom inv1 : forall x : Seq.seq (borrowed t) . inv1 x = true use seq.Seq use prelude.UIntSize use prelude.Slice @@ -177,7 +177,7 @@ module C02IterMut_Impl1_ProducesTrans_Impl val inv0 (_x : C02IterMut_IterMut_Type.t_itermut t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : C02IterMut_IterMut_Type.t_itermut t . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : C02IterMut_IterMut_Type.t_itermut t . inv0 x = (invariant0 x /\ match x with | C02IterMut_IterMut_Type.C_IterMut inner -> true end) use seq.Seq @@ -244,7 +244,7 @@ module C02IterMut_Impl1_Next val inv7 (_x : Seq.seq (borrowed t)) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : Seq.seq (borrowed t) . inv7 x = true + axiom inv7 : forall x : Seq.seq (borrowed t) . inv7 x = true use prelude.Slice predicate inv0 (_x : borrowed (slice t)) val inv0 (_x : borrowed (slice t)) : bool @@ -281,19 +281,19 @@ module C02IterMut_Impl1_Next val inv6 (_x : C02IterMut_IterMut_Type.t_itermut t) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : C02IterMut_IterMut_Type.t_itermut t . inv6 x = (invariant6 x /\ match x with + axiom inv6 : forall x : C02IterMut_IterMut_Type.t_itermut t . inv6 x = (invariant6 x /\ match x with | C02IterMut_IterMut_Type.C_IterMut inner -> true end) predicate invariant5 (self : Seq.seq t) val invariant5 (self : Seq.seq t) : bool ensures { result = invariant5 self } - axiom inv5 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : Seq.seq t . inv5 x = true + axiom inv5 : forall x : Seq.seq t . inv5 x = true predicate invariant4 (self : slice t) val invariant4 (self : slice t) : bool ensures { result = invariant4 self } - axiom inv4 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : slice t . inv4 x = true + axiom inv4 : forall x : slice t . inv4 x = true predicate invariant3 (self : borrowed (borrowed (slice t))) val invariant3 (self : borrowed (borrowed (slice t))) : bool ensures { result = invariant3 self } @@ -302,7 +302,7 @@ module C02IterMut_Impl1_Next val inv3 (_x : borrowed (borrowed (slice t))) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : borrowed (borrowed (slice t)) . inv3 x = true + axiom inv3 : forall x : borrowed (borrowed (slice t)) . inv3 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant2 (self : Core_Option_Option_Type.t_option (borrowed t)) val invariant2 (self : Core_Option_Option_Type.t_option (borrowed t)) : bool @@ -312,7 +312,7 @@ module C02IterMut_Impl1_Next val inv2 (_x : Core_Option_Option_Type.t_option (borrowed t)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (borrowed t) . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option (borrowed t) . inv2 x = true predicate invariant1 (self : borrowed (C02IterMut_IterMut_Type.t_itermut t)) val invariant1 (self : borrowed (C02IterMut_IterMut_Type.t_itermut t)) : bool ensures { result = invariant1 self } @@ -321,12 +321,12 @@ module C02IterMut_Impl1_Next val inv1 (_x : borrowed (C02IterMut_IterMut_Type.t_itermut t)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : borrowed (C02IterMut_IterMut_Type.t_itermut t) . inv1 x = (inv6 ( * x) /\ inv6 ( ^ x)) + axiom inv1 : forall x : borrowed (C02IterMut_IterMut_Type.t_itermut t) . inv1 x = (inv6 ( * x) /\ inv6 ( ^ x)) predicate invariant0 (self : borrowed (slice t)) val invariant0 (self : borrowed (slice t)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : borrowed (slice t) . inv0 x = true + axiom inv0 : forall x : borrowed (slice t) . inv0 x = true use seq.Seq use seq.Seq use seq.Seq @@ -398,10 +398,10 @@ module C02IterMut_Impl1_Next goto BB0 } BB0 { - _3 <- Borrow.borrow_mut (C02IterMut_IterMut_Type.itermut_inner ( * self)); - self <- { self with current = (let C02IterMut_IterMut_Type.C_IterMut x0 = * self in C02IterMut_IterMut_Type.C_IterMut ( ^ _3)) }; + [#"../02_iter_mut.rs" 58 8 58 37] _3 <- Borrow.borrow_mut (C02IterMut_IterMut_Type.itermut_inner ( * self)); + [#"../02_iter_mut.rs" 58 8 58 37] self <- { self with current = (let C02IterMut_IterMut_Type.C_IterMut x0 = * self in C02IterMut_IterMut_Type.C_IterMut ( ^ _3)) }; assume { inv0 ( ^ _3) }; - _0 <- ([#"../02_iter_mut.rs" 58 8 58 37] take_first_mut0 _3); + [#"../02_iter_mut.rs" 58 8 58 37] _0 <- ([#"../02_iter_mut.rs" 58 8 58 37] take_first_mut0 _3); _3 <- any borrowed (borrowed (slice t)); goto BB1 } @@ -423,7 +423,7 @@ module C02IterMut_Impl2_IntoIter val inv3 (_x : Seq.seq t) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : Seq.seq t . inv3 x = true + axiom inv3 : forall x : Seq.seq t . inv3 x = true use prelude.Slice predicate invariant2 (self : slice t) val invariant2 (self : slice t) : bool @@ -433,7 +433,7 @@ module C02IterMut_Impl2_IntoIter val inv2 (_x : slice t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : slice t . inv2 x = true + axiom inv2 : forall x : slice t . inv2 x = true use prelude.Borrow predicate invariant1 (self : borrowed (slice t)) val invariant1 (self : borrowed (slice t)) : bool @@ -443,7 +443,7 @@ module C02IterMut_Impl2_IntoIter val inv1 (_x : borrowed (slice t)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : borrowed (slice t) . inv1 x = true + axiom inv1 : forall x : borrowed (slice t) . inv1 x = true use seq.Seq use prelude.UIntSize use prelude.Slice @@ -467,7 +467,7 @@ module C02IterMut_Impl2_IntoIter val inv0 (_x : C02IterMut_IterMut_Type.t_itermut t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : C02IterMut_IterMut_Type.t_itermut t . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : C02IterMut_IterMut_Type.t_itermut t . inv0 x = (invariant0 x /\ match x with | C02IterMut_IterMut_Type.C_IterMut inner -> true end) let rec cfg into_iter [#"../02_iter_mut.rs" 64 4 64 30] [@cfg:stackify] [@cfg:subregion_analysis] (self : C02IterMut_IterMut_Type.t_itermut t) : C02IterMut_IterMut_Type.t_itermut t @@ -482,8 +482,8 @@ module C02IterMut_Impl2_IntoIter goto BB0 } BB0 { - _0 <- self; - self <- any C02IterMut_IterMut_Type.t_itermut t; + [#"../02_iter_mut.rs" 65 8 65 12] _0 <- ([#"../02_iter_mut.rs" 65 8 65 12] self); + [#"../02_iter_mut.rs" 65 8 65 12] self <- any C02IterMut_IterMut_Type.t_itermut t; return _0 } @@ -543,7 +543,7 @@ module C02IterMut_IterMut val inv6 (_x : Seq.seq t) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : Seq.seq t . inv6 x = true + axiom inv6 : forall x : Seq.seq t . inv6 x = true use Core_Ops_Range_RangeFull_Type as Core_Ops_Range_RangeFull_Type predicate invariant5 (self : Core_Ops_Range_RangeFull_Type.t_rangefull) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -554,7 +554,7 @@ module C02IterMut_IterMut val inv5 (_x : Core_Ops_Range_RangeFull_Type.t_rangefull) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : Core_Ops_Range_RangeFull_Type.t_rangefull . inv5 x = true + axiom inv5 : forall x : Core_Ops_Range_RangeFull_Type.t_rangefull . inv5 x = true use prelude.Slice use prelude.Borrow predicate inv2 (_x : borrowed (slice t)) @@ -588,7 +588,7 @@ module C02IterMut_IterMut val inv4 (_x : C02IterMut_IterMut_Type.t_itermut t) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : C02IterMut_IterMut_Type.t_itermut t . inv4 x = (invariant4 x /\ match x with + axiom inv4 : forall x : C02IterMut_IterMut_Type.t_itermut t . inv4 x = (invariant4 x /\ match x with | C02IterMut_IterMut_Type.C_IterMut inner -> true end) use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type @@ -601,17 +601,17 @@ module C02IterMut_IterMut val inv3 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv3 x = true + axiom inv3 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv3 x = true predicate invariant2 (self : borrowed (slice t)) val invariant2 (self : borrowed (slice t)) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : borrowed (slice t) . inv2 x = true + axiom inv2 : forall x : borrowed (slice t) . inv2 x = true predicate invariant1 (self : slice t) val invariant1 (self : slice t) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : slice t . inv1 x = true + axiom inv1 : forall x : slice t . inv1 x = true predicate inv0 (_x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) val inv0 (_x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv0 _x } @@ -627,7 +627,7 @@ module C02IterMut_IterMut val invariant0 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv0 x = true function shallow_model1 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : Seq.seq t = [#"../../../../../creusot-contracts/src/model.rs" 101 8 101 31] shallow_model3 ( * self) @@ -692,21 +692,21 @@ module C02IterMut_IterMut goto BB0 } BB0 { - _8 <- Borrow.borrow_mut ( * v); - v <- { v with current = ^ _8 }; + [#"../02_iter_mut.rs" 73 26 73 27] _8 <- Borrow.borrow_mut ( * v); + [#"../02_iter_mut.rs" 73 26 73 27] v <- { v with current = ^ _8 }; assume { inv0 ( ^ _8) }; - _7 <- ([#"../02_iter_mut.rs" 73 26 73 31] index_mut0 _8 ([#"../02_iter_mut.rs" 73 28 73 30] Core_Ops_Range_RangeFull_Type.C_RangeFull)); + [#"../02_iter_mut.rs" 73 26 73 31] _7 <- ([#"../02_iter_mut.rs" 73 26 73 31] index_mut0 _8 ([#"../02_iter_mut.rs" 73 28 73 30] Core_Ops_Range_RangeFull_Type.C_RangeFull)); _8 <- any borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)); goto BB1 } BB1 { - _6 <- Borrow.borrow_mut ( * _7); - _7 <- { _7 with current = ^ _6 }; + [#"../02_iter_mut.rs" 73 21 73 31] _6 <- Borrow.borrow_mut ( * _7); + [#"../02_iter_mut.rs" 73 21 73 31] _7 <- { _7 with current = ^ _6 }; assume { inv1 ( ^ _6) }; - _5 <- Borrow.borrow_mut ( * _6); - _6 <- { _6 with current = ^ _5 }; + [#"../02_iter_mut.rs" 73 21 73 31] _5 <- Borrow.borrow_mut ( * _6); + [#"../02_iter_mut.rs" 73 21 73 31] _6 <- { _6 with current = ^ _5 }; assume { inv1 ( ^ _5) }; - _0 <- ([#"../02_iter_mut.rs" 73 4 73 33] C02IterMut_IterMut_Type.C_IterMut _5); + [#"../02_iter_mut.rs" 73 4 73 33] _0 <- ([#"../02_iter_mut.rs" 73 4 73 33] C02IterMut_IterMut_Type.C_IterMut _5); _5 <- any borrowed (slice t); assert { [@expl:type invariant] inv2 _7 }; assume { resolve0 _7 }; @@ -731,7 +731,7 @@ module C02IterMut_AllZero val inv8 (_x : Seq.seq (borrowed usize)) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : Seq.seq (borrowed usize) . inv8 x = true + axiom inv8 : forall x : Seq.seq (borrowed usize) . inv8 x = true use prelude.Slice predicate invariant7 (self : borrowed (slice usize)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -742,7 +742,7 @@ module C02IterMut_AllZero val inv7 (_x : borrowed (slice usize)) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : borrowed (slice usize) . inv7 x = true + axiom inv7 : forall x : borrowed (slice usize) . inv7 x = true predicate invariant6 (self : slice usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant6 (self : slice usize) : bool @@ -752,7 +752,7 @@ module C02IterMut_AllZero val inv6 (_x : slice usize) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : slice usize . inv6 x = true + axiom inv6 : forall x : slice usize . inv6 x = true predicate invariant5 (self : Seq.seq usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant5 (self : Seq.seq usize) : bool @@ -762,7 +762,7 @@ module C02IterMut_AllZero val inv5 (_x : Seq.seq usize) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : Seq.seq usize . inv5 x = true + axiom inv5 : forall x : Seq.seq usize . inv5 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -785,7 +785,7 @@ module C02IterMut_AllZero val invariant4 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant4 self } - axiom inv4 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv4 x = true + axiom inv4 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv4 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant3 (self : Core_Option_Option_Type.t_option (borrowed usize)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -796,7 +796,7 @@ module C02IterMut_AllZero val inv3 (_x : Core_Option_Option_Type.t_option (borrowed usize)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (borrowed usize) . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option (borrowed usize) . inv3 x = true use C02IterMut_IterMut_Type as C02IterMut_IterMut_Type predicate invariant2 (self : borrowed (C02IterMut_IterMut_Type.t_itermut usize)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -811,7 +811,7 @@ module C02IterMut_AllZero val inv2 (_x : borrowed (C02IterMut_IterMut_Type.t_itermut usize)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : borrowed (C02IterMut_IterMut_Type.t_itermut usize) . inv2 x = (inv0 ( * x) /\ inv0 ( ^ x)) + axiom inv2 : forall x : borrowed (C02IterMut_IterMut_Type.t_itermut usize) . inv2 x = (inv0 ( * x) /\ inv0 ( ^ x)) predicate invariant1 (self : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool @@ -821,7 +821,7 @@ module C02IterMut_AllZero val inv1 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv1 x = true + axiom inv1 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv1 x = true use seq.Seq use seq.Seq use seq.Seq @@ -885,7 +885,7 @@ module C02IterMut_AllZero val invariant0 [#"../02_iter_mut.rs" 20 4 20 30] (self : C02IterMut_IterMut_Type.t_itermut usize) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : C02IterMut_IterMut_Type.t_itermut usize . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : C02IterMut_IterMut_Type.t_itermut usize . inv0 x = (invariant0 x /\ match x with | C02IterMut_IterMut_Type.C_IterMut inner -> true end) function index_logic1 [@inline:trivial] (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (ix : int) : usize @@ -977,23 +977,23 @@ module C02IterMut_AllZero goto BB0 } BB0 { - _6 <- Borrow.borrow_mut ( * v); - v <- { v with current = ^ _6 }; - _5 <- ([#"../02_iter_mut.rs" 79 17 79 28] iter_mut0 _6); + [#"../02_iter_mut.rs" 79 26 79 27] _6 <- Borrow.borrow_mut ( * v); + [#"../02_iter_mut.rs" 79 26 79 27] v <- { v with current = ^ _6 }; + [#"../02_iter_mut.rs" 79 17 79 28] _5 <- ([#"../02_iter_mut.rs" 79 17 79 28] iter_mut0 _6); _6 <- any borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)); goto BB1 } BB1 { - it <- ([#"../02_iter_mut.rs" 79 17 79 40] into_iter0 _5); + [#"../02_iter_mut.rs" 79 17 79 40] it <- ([#"../02_iter_mut.rs" 79 17 79 40] into_iter0 _5); _5 <- any C02IterMut_IterMut_Type.t_itermut usize; goto BB2 } BB2 { - iter_old <- ([#"../02_iter_mut.rs" 80 19 80 29] Ghost.new it); + [#"../02_iter_mut.rs" 80 19 80 29] iter_old <- ([#"../02_iter_mut.rs" 80 19 80 29] Ghost.new it); goto BB3 } BB3 { - produced <- ([#"../02_iter_mut.rs" 81 23 81 41] Ghost.new (Seq.empty )); + [#"../02_iter_mut.rs" 81 23 81 41] produced <- ([#"../02_iter_mut.rs" 81 23 81 41] Ghost.new (Seq.empty )); goto BB4 } BB4 { @@ -1006,10 +1006,10 @@ module C02IterMut_AllZero goto BB6 } BB6 { - _16 <- Borrow.borrow_mut it; - it <- ^ _16; + [#"../02_iter_mut.rs" 86 14 86 23] _16 <- Borrow.borrow_mut it; + [#"../02_iter_mut.rs" 86 14 86 23] it <- ^ _16; assume { inv0 ( ^ _16) }; - _15 <- ([#"../02_iter_mut.rs" 86 14 86 23] next0 _16); + [#"../02_iter_mut.rs" 86 14 86 23] _15 <- ([#"../02_iter_mut.rs" 86 14 86 23] next0 _16); _16 <- any borrowed (C02IterMut_IterMut_Type.t_itermut usize); goto BB7 } @@ -1020,7 +1020,7 @@ module C02IterMut_AllZero end } BB8 { - _0 <- ([#"../02_iter_mut.rs" 91 20 91 25] ()); + [#"../02_iter_mut.rs" 91 20 91 25] _0 <- ([#"../02_iter_mut.rs" 91 20 91 25] ()); assume { resolve1 v }; return _0 } @@ -1029,18 +1029,19 @@ module C02IterMut_AllZero } BB10 { assume { resolve1 v }; + assert { [#"../02_iter_mut.rs" 86 14 86 23] false }; absurd } BB11 { - x <- Core_Option_Option_Type.some_0 _15; - _15 <- (let Core_Option_Option_Type.C_Some x0 = _15 in Core_Option_Option_Type.C_Some (any borrowed usize)); - _19 <- ([#"../02_iter_mut.rs" 88 27 88 69] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton x))); + [#"../02_iter_mut.rs" 87 17 87 18] x <- ([#"../02_iter_mut.rs" 87 17 87 18] Core_Option_Option_Type.some_0 _15); + [#"../02_iter_mut.rs" 87 17 87 18] _15 <- (let Core_Option_Option_Type.C_Some x0 = _15 in Core_Option_Option_Type.C_Some (any borrowed usize)); + [#"../02_iter_mut.rs" 88 27 88 69] _19 <- ([#"../02_iter_mut.rs" 88 27 88 69] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton x))); goto BB12 } BB12 { - produced <- _19; - _19 <- any Ghost.ghost_ty (Seq.seq (borrowed usize)); - x <- { x with current = ([#"../02_iter_mut.rs" 89 21 89 22] [#"../02_iter_mut.rs" 89 21 89 22] (0 : usize)) }; + [#"../02_iter_mut.rs" 88 16 88 69] produced <- ([#"../02_iter_mut.rs" 88 16 88 69] _19); + [#"../02_iter_mut.rs" 88 16 88 69] _19 <- any Ghost.ghost_ty (Seq.seq (borrowed usize)); + [#"../02_iter_mut.rs" 89 16 89 22] x <- { x with current = ([#"../02_iter_mut.rs" 89 16 89 22] [#"../02_iter_mut.rs" 89 21 89 22] (0 : usize)) }; assume { resolve0 x }; goto BB5 } @@ -1060,7 +1061,7 @@ module C02IterMut_Impl1 val inv6 (_x : Seq.seq t) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : Seq.seq t . inv6 x = true + axiom inv6 : forall x : Seq.seq t . inv6 x = true use prelude.Slice predicate invariant5 (self : slice t) val invariant5 (self : slice t) : bool @@ -1070,7 +1071,7 @@ module C02IterMut_Impl1 val inv5 (_x : slice t) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : slice t . inv5 x = true + axiom inv5 : forall x : slice t . inv5 x = true use prelude.Borrow predicate invariant4 (self : borrowed (slice t)) val invariant4 (self : borrowed (slice t)) : bool @@ -1080,7 +1081,7 @@ module C02IterMut_Impl1 val inv4 (_x : borrowed (slice t)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : borrowed (slice t) . inv4 x = true + axiom inv4 : forall x : borrowed (slice t) . inv4 x = true predicate invariant3 (self : Seq.seq (borrowed t)) val invariant3 (self : Seq.seq (borrowed t)) : bool ensures { result = invariant3 self } @@ -1089,7 +1090,7 @@ module C02IterMut_Impl1 val inv3 (_x : Seq.seq (borrowed t)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : Seq.seq (borrowed t) . inv3 x = true + axiom inv3 : forall x : Seq.seq (borrowed t) . inv3 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant2 (self : Core_Option_Option_Type.t_option (borrowed t)) val invariant2 (self : Core_Option_Option_Type.t_option (borrowed t)) : bool @@ -1099,7 +1100,7 @@ module C02IterMut_Impl1 val inv2 (_x : Core_Option_Option_Type.t_option (borrowed t)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (borrowed t) . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option (borrowed t) . inv2 x = true use C02IterMut_IterMut_Type as C02IterMut_IterMut_Type predicate invariant1 (self : borrowed (C02IterMut_IterMut_Type.t_itermut t)) val invariant1 (self : borrowed (C02IterMut_IterMut_Type.t_itermut t)) : bool @@ -1113,7 +1114,7 @@ module C02IterMut_Impl1 val inv1 (_x : borrowed (C02IterMut_IterMut_Type.t_itermut t)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : borrowed (C02IterMut_IterMut_Type.t_itermut t) . inv1 x = (inv0 ( * x) /\ inv0 ( ^ x)) + axiom inv1 : forall x : borrowed (C02IterMut_IterMut_Type.t_itermut t) . inv1 x = (inv0 ( * x) /\ inv0 ( ^ x)) use seq.Seq use prelude.UIntSize use prelude.Slice @@ -1132,7 +1133,7 @@ module C02IterMut_Impl1 val invariant0 [#"../02_iter_mut.rs" 20 4 20 30] (self : C02IterMut_IterMut_Type.t_itermut t) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../02_iter_mut.rs" 1 0 1 0] forall x : C02IterMut_IterMut_Type.t_itermut t . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : C02IterMut_IterMut_Type.t_itermut t . inv0 x = (invariant0 x /\ match x with | C02IterMut_IterMut_Type.C_IterMut inner -> true end) use seq.Seq diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators.mlcfg b/creusot/tests/should_succeed/iterators/03_std_iterators.mlcfg index 0f9b3ffeaa..d0f1661acd 100644 --- a/creusot/tests/should_succeed/iterators/03_std_iterators.mlcfg +++ b/creusot/tests/should_succeed/iterators/03_std_iterators.mlcfg @@ -41,7 +41,7 @@ module C03StdIterators_SliceIter val inv7 (_x : Seq.seq t) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Seq.seq t . inv7 x = true + axiom inv7 : forall x : Seq.seq t . inv7 x = true use prelude.Slice predicate invariant6 (self : slice t) val invariant6 (self : slice t) : bool @@ -51,7 +51,7 @@ module C03StdIterators_SliceIter val inv6 (_x : slice t) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : slice t . inv6 x = true + axiom inv6 : forall x : slice t . inv6 x = true predicate invariant5 (self : Seq.seq t) val invariant5 (self : Seq.seq t) : bool ensures { result = invariant5 self } @@ -60,7 +60,7 @@ module C03StdIterators_SliceIter val inv5 (_x : Seq.seq t) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Seq.seq t . inv5 x = true + axiom inv5 : forall x : Seq.seq t . inv5 x = true predicate invariant4 (self : t) val invariant4 (self : t) : bool ensures { result = invariant4 self } @@ -69,7 +69,7 @@ module C03StdIterators_SliceIter val inv4 (_x : t) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : t . inv4 x = true + axiom inv4 : forall x : t . inv4 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant3 (self : Core_Option_Option_Type.t_option t) val invariant3 (self : Core_Option_Option_Type.t_option t) : bool @@ -79,7 +79,7 @@ module C03StdIterators_SliceIter val inv3 (_x : Core_Option_Option_Type.t_option t) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option t . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option t . inv3 x = true use prelude.Borrow use Core_Slice_Iter_Iter_Type as Core_Slice_Iter_Iter_Type use seq.Seq @@ -157,7 +157,7 @@ module C03StdIterators_SliceIter val inv2 (_x : Core_Slice_Iter_Iter_Type.t_iter t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Core_Slice_Iter_Iter_Type.t_iter t . inv2 x = true + axiom inv2 : forall x : Core_Slice_Iter_Iter_Type.t_iter t . inv2 x = true use prelude.Ghost predicate invariant1 (self : Ghost.ghost_ty (Seq.seq t)) val invariant1 (self : Ghost.ghost_ty (Seq.seq t)) : bool @@ -167,12 +167,12 @@ module C03StdIterators_SliceIter val inv1 (_x : Ghost.ghost_ty (Seq.seq t)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Ghost.ghost_ty (Seq.seq t) . inv1 x = true + axiom inv1 : forall x : Ghost.ghost_ty (Seq.seq t) . inv1 x = true predicate invariant0 (self : slice t) val invariant0 (self : slice t) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : slice t . inv0 x = true + axiom inv0 : forall x : slice t . inv0 x = true predicate resolve6 (self : Core_Slice_Iter_Iter_Type.t_iter t) val resolve6 (self : Core_Slice_Iter_Iter_Type.t_iter t) : bool ensures { result = resolve6 self } @@ -268,24 +268,24 @@ module C03StdIterators_SliceIter goto BB0 } BB0 { - i <- ([#"../03_std_iterators.rs" 7 16 7 17] [#"../03_std_iterators.rs" 7 16 7 17] (0 : usize)); + [#"../03_std_iterators.rs" 7 16 7 17] i <- ([#"../03_std_iterators.rs" 7 16 7 17] [#"../03_std_iterators.rs" 7 16 7 17] (0 : usize)); assert { [@expl:type invariant] inv0 slice }; assume { resolve0 slice }; - _7 <- ([#"../03_std_iterators.rs" 9 13 9 25] iter0 ([#"../03_std_iterators.rs" 9 13 9 25] slice)); + [#"../03_std_iterators.rs" 9 13 9 25] _7 <- ([#"../03_std_iterators.rs" 9 13 9 25] iter0 ([#"../03_std_iterators.rs" 9 13 9 25] slice)); goto BB1 } BB1 { - iter <- ([#"../03_std_iterators.rs" 8 4 8 38] into_iter0 _7); + [#"../03_std_iterators.rs" 8 4 8 38] iter <- ([#"../03_std_iterators.rs" 8 4 8 38] into_iter0 _7); _7 <- any Core_Slice_Iter_Iter_Type.t_iter t; goto BB2 } BB2 { - iter_old <- ([#"../03_std_iterators.rs" 8 4 8 38] Ghost.new iter); + [#"../03_std_iterators.rs" 8 4 8 38] iter_old <- ([#"../03_std_iterators.rs" 8 4 8 38] Ghost.new iter); goto BB3 } BB3 { assume { resolve1 iter_old }; - produced <- ([#"../03_std_iterators.rs" 8 4 8 38] Ghost.new (Seq.empty )); + [#"../03_std_iterators.rs" 8 4 8 38] produced <- ([#"../03_std_iterators.rs" 8 4 8 38] Ghost.new (Seq.empty )); goto BB4 } BB4 { @@ -300,11 +300,11 @@ module C03StdIterators_SliceIter goto BB6 } BB6 { - _19 <- Borrow.borrow_mut iter; - iter <- ^ _19; - _18 <- Borrow.borrow_mut ( * _19); - _19 <- { _19 with current = ^ _18 }; - _17 <- ([#"../03_std_iterators.rs" 8 4 8 38] next0 _18); + [#"../03_std_iterators.rs" 8 4 8 38] _19 <- Borrow.borrow_mut iter; + [#"../03_std_iterators.rs" 8 4 8 38] iter <- ^ _19; + [#"../03_std_iterators.rs" 8 4 8 38] _18 <- Borrow.borrow_mut ( * _19); + [#"../03_std_iterators.rs" 8 4 8 38] _19 <- { _19 with current = ^ _18 }; + [#"../03_std_iterators.rs" 8 4 8 38] _17 <- ([#"../03_std_iterators.rs" 8 4 8 38] next0 _18); _18 <- any borrowed (Core_Slice_Iter_Iter_Type.t_iter t); goto BB7 } @@ -319,7 +319,7 @@ module C03StdIterators_SliceIter assert { [@expl:type invariant] inv3 _17 }; assume { resolve4 _17 }; assume { resolve6 iter }; - _0 <- i; + [#"../03_std_iterators.rs" 12 4 12 5] _0 <- ([#"../03_std_iterators.rs" 12 4 12 5] i); return _0 } BB9 { @@ -329,23 +329,24 @@ module C03StdIterators_SliceIter assert { [@expl:type invariant] inv3 _17 }; assume { resolve4 _17 }; assume { resolve6 iter }; + assert { [#"../03_std_iterators.rs" 8 4 8 38] false }; absurd } BB11 { - __creusot_proc_iter_elem <- Core_Option_Option_Type.some_0 _17; + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _17); assert { [@expl:type invariant] inv3 _17 }; assume { resolve4 _17 }; - _22 <- ([#"../03_std_iterators.rs" 8 4 8 38] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); + [#"../03_std_iterators.rs" 8 4 8 38] _22 <- ([#"../03_std_iterators.rs" 8 4 8 38] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); goto BB12 } BB12 { - produced <- _22; - _22 <- any Ghost.ghost_ty (Seq.seq t); + [#"../03_std_iterators.rs" 8 4 8 38] produced <- ([#"../03_std_iterators.rs" 8 4 8 38] _22); + [#"../03_std_iterators.rs" 8 4 8 38] _22 <- any Ghost.ghost_ty (Seq.seq t); assert { [@expl:type invariant] inv1 produced }; assume { resolve2 produced }; assert { [@expl:type invariant] inv4 __creusot_proc_iter_elem }; assume { resolve5 __creusot_proc_iter_elem }; - i <- ([#"../03_std_iterators.rs" 10 8 10 14] i + ([#"../03_std_iterators.rs" 10 13 10 14] [#"../03_std_iterators.rs" 10 13 10 14] (1 : usize))); + [#"../03_std_iterators.rs" 10 8 10 14] i <- ([#"../03_std_iterators.rs" 10 8 10 14] i + ([#"../03_std_iterators.rs" 10 13 10 14] [#"../03_std_iterators.rs" 10 13 10 14] (1 : usize))); goto BB5 } @@ -389,7 +390,7 @@ module C03StdIterators_VecIter val inv9 (_x : slice t) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : slice t . inv9 x = true + axiom inv9 : forall x : slice t . inv9 x = true use seq.Seq predicate invariant8 (self : Seq.seq t) val invariant8 (self : Seq.seq t) : bool @@ -399,7 +400,7 @@ module C03StdIterators_VecIter val inv8 (_x : Seq.seq t) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Seq.seq t . inv8 x = true + axiom inv8 : forall x : Seq.seq t . inv8 x = true use prelude.UIntSize use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -423,7 +424,7 @@ module C03StdIterators_VecIter val invariant7 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant7 self } - axiom inv7 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv7 x = true + axiom inv7 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv7 x = true predicate invariant6 (self : slice t) val invariant6 (self : slice t) : bool ensures { result = invariant6 self } @@ -432,7 +433,7 @@ module C03StdIterators_VecIter val inv6 (_x : slice t) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : slice t . inv6 x = true + axiom inv6 : forall x : slice t . inv6 x = true predicate invariant5 (self : Seq.seq t) val invariant5 (self : Seq.seq t) : bool ensures { result = invariant5 self } @@ -441,7 +442,7 @@ module C03StdIterators_VecIter val inv5 (_x : Seq.seq t) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Seq.seq t . inv5 x = true + axiom inv5 : forall x : Seq.seq t . inv5 x = true predicate invariant4 (self : t) val invariant4 (self : t) : bool ensures { result = invariant4 self } @@ -450,7 +451,7 @@ module C03StdIterators_VecIter val inv4 (_x : t) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : t . inv4 x = true + axiom inv4 : forall x : t . inv4 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant3 (self : Core_Option_Option_Type.t_option t) val invariant3 (self : Core_Option_Option_Type.t_option t) : bool @@ -460,7 +461,7 @@ module C03StdIterators_VecIter val inv3 (_x : Core_Option_Option_Type.t_option t) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option t . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option t . inv3 x = true use prelude.Borrow use Core_Slice_Iter_Iter_Type as Core_Slice_Iter_Iter_Type use seq.Seq @@ -528,7 +529,7 @@ module C03StdIterators_VecIter val inv2 (_x : Core_Slice_Iter_Iter_Type.t_iter t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Core_Slice_Iter_Iter_Type.t_iter t . inv2 x = true + axiom inv2 : forall x : Core_Slice_Iter_Iter_Type.t_iter t . inv2 x = true use prelude.Ghost predicate invariant1 (self : Ghost.ghost_ty (Seq.seq t)) val invariant1 (self : Ghost.ghost_ty (Seq.seq t)) : bool @@ -538,7 +539,7 @@ module C03StdIterators_VecIter val inv1 (_x : Ghost.ghost_ty (Seq.seq t)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Ghost.ghost_ty (Seq.seq t) . inv1 x = true + axiom inv1 : forall x : Ghost.ghost_ty (Seq.seq t) . inv1 x = true predicate invariant0 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) val invariant0 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant0 self } @@ -547,7 +548,7 @@ module C03StdIterators_VecIter val inv0 (_x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv0 x = true function shallow_model1 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : Seq.seq t = [#"../../../../../creusot-contracts/src/model.rs" 83 8 83 31] shallow_model3 self val shallow_model1 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : Seq.seq t @@ -644,19 +645,19 @@ module C03StdIterators_VecIter goto BB0 } BB0 { - i <- ([#"../03_std_iterators.rs" 18 16 18 17] [#"../03_std_iterators.rs" 18 16 18 17] (0 : usize)); + [#"../03_std_iterators.rs" 18 16 18 17] i <- ([#"../03_std_iterators.rs" 18 16 18 17] [#"../03_std_iterators.rs" 18 16 18 17] (0 : usize)); assert { [@expl:type invariant] inv0 vec }; assume { resolve0 vec }; - iter <- ([#"../03_std_iterators.rs" 19 4 19 38] into_iter0 vec); + [#"../03_std_iterators.rs" 19 4 19 38] iter <- ([#"../03_std_iterators.rs" 19 4 19 38] into_iter0 ([#"../03_std_iterators.rs" 20 13 20 16] vec)); goto BB1 } BB1 { - iter_old <- ([#"../03_std_iterators.rs" 19 4 19 38] Ghost.new iter); + [#"../03_std_iterators.rs" 19 4 19 38] iter_old <- ([#"../03_std_iterators.rs" 19 4 19 38] Ghost.new iter); goto BB2 } BB2 { assume { resolve1 iter_old }; - produced <- ([#"../03_std_iterators.rs" 19 4 19 38] Ghost.new (Seq.empty )); + [#"../03_std_iterators.rs" 19 4 19 38] produced <- ([#"../03_std_iterators.rs" 19 4 19 38] Ghost.new (Seq.empty )); goto BB3 } BB3 { @@ -671,11 +672,11 @@ module C03StdIterators_VecIter goto BB5 } BB5 { - _18 <- Borrow.borrow_mut iter; - iter <- ^ _18; - _17 <- Borrow.borrow_mut ( * _18); - _18 <- { _18 with current = ^ _17 }; - _16 <- ([#"../03_std_iterators.rs" 19 4 19 38] next0 _17); + [#"../03_std_iterators.rs" 19 4 19 38] _18 <- Borrow.borrow_mut iter; + [#"../03_std_iterators.rs" 19 4 19 38] iter <- ^ _18; + [#"../03_std_iterators.rs" 19 4 19 38] _17 <- Borrow.borrow_mut ( * _18); + [#"../03_std_iterators.rs" 19 4 19 38] _18 <- { _18 with current = ^ _17 }; + [#"../03_std_iterators.rs" 19 4 19 38] _16 <- ([#"../03_std_iterators.rs" 19 4 19 38] next0 _17); _17 <- any borrowed (Core_Slice_Iter_Iter_Type.t_iter t); goto BB6 } @@ -690,7 +691,7 @@ module C03StdIterators_VecIter assert { [@expl:type invariant] inv3 _16 }; assume { resolve4 _16 }; assume { resolve6 iter }; - _0 <- i; + [#"../03_std_iterators.rs" 23 4 23 5] _0 <- ([#"../03_std_iterators.rs" 23 4 23 5] i); return _0 } BB8 { @@ -700,23 +701,24 @@ module C03StdIterators_VecIter assert { [@expl:type invariant] inv3 _16 }; assume { resolve4 _16 }; assume { resolve6 iter }; + assert { [#"../03_std_iterators.rs" 19 4 19 38] false }; absurd } BB10 { - __creusot_proc_iter_elem <- Core_Option_Option_Type.some_0 _16; + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _16); assert { [@expl:type invariant] inv3 _16 }; assume { resolve4 _16 }; - _21 <- ([#"../03_std_iterators.rs" 19 4 19 38] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); + [#"../03_std_iterators.rs" 19 4 19 38] _21 <- ([#"../03_std_iterators.rs" 19 4 19 38] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); goto BB11 } BB11 { - produced <- _21; - _21 <- any Ghost.ghost_ty (Seq.seq t); + [#"../03_std_iterators.rs" 19 4 19 38] produced <- ([#"../03_std_iterators.rs" 19 4 19 38] _21); + [#"../03_std_iterators.rs" 19 4 19 38] _21 <- any Ghost.ghost_ty (Seq.seq t); assert { [@expl:type invariant] inv1 produced }; assume { resolve2 produced }; assert { [@expl:type invariant] inv4 __creusot_proc_iter_elem }; assume { resolve5 __creusot_proc_iter_elem }; - i <- ([#"../03_std_iterators.rs" 21 8 21 14] i + ([#"../03_std_iterators.rs" 21 13 21 14] [#"../03_std_iterators.rs" 21 13 21 14] (1 : usize))); + [#"../03_std_iterators.rs" 21 8 21 14] i <- ([#"../03_std_iterators.rs" 21 8 21 14] i + ([#"../03_std_iterators.rs" 21 13 21 14] [#"../03_std_iterators.rs" 21 13 21 14] (1 : usize))); goto BB4 } @@ -743,7 +745,7 @@ module C03StdIterators_AllZero val inv7 (_x : Seq.seq (borrowed usize)) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Seq.seq (borrowed usize) . inv7 x = true + axiom inv7 : forall x : Seq.seq (borrowed usize) . inv7 x = true use prelude.Slice predicate invariant6 (self : slice usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -754,7 +756,7 @@ module C03StdIterators_AllZero val inv6 (_x : slice usize) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : slice usize . inv6 x = true + axiom inv6 : forall x : slice usize . inv6 x = true predicate invariant5 (self : Seq.seq usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant5 (self : Seq.seq usize) : bool @@ -764,7 +766,7 @@ module C03StdIterators_AllZero val inv5 (_x : Seq.seq usize) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Seq.seq usize . inv5 x = true + axiom inv5 : forall x : Seq.seq usize . inv5 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -787,7 +789,7 @@ module C03StdIterators_AllZero val invariant4 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant4 self } - axiom inv4 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv4 x = true + axiom inv4 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv4 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant3 (self : Core_Option_Option_Type.t_option (borrowed usize)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -798,7 +800,7 @@ module C03StdIterators_AllZero val inv3 (_x : Core_Option_Option_Type.t_option (borrowed usize)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (borrowed usize) . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option (borrowed usize) . inv3 x = true predicate invariant2 (self : borrowed (slice usize)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : borrowed (slice usize)) : bool @@ -808,7 +810,7 @@ module C03StdIterators_AllZero val inv2 (_x : borrowed (slice usize)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : borrowed (slice usize) . inv2 x = true + axiom inv2 : forall x : borrowed (slice usize) . inv2 x = true predicate invariant1 (self : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool @@ -818,7 +820,7 @@ module C03StdIterators_AllZero val inv1 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv1 x = true + axiom inv1 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv1 x = true use Core_Slice_Iter_IterMut_Type as Core_Slice_Iter_IterMut_Type use seq.Seq use seq.Seq @@ -887,7 +889,7 @@ module C03StdIterators_AllZero val inv0 (_x : Core_Slice_Iter_IterMut_Type.t_itermut usize) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Core_Slice_Iter_IterMut_Type.t_itermut usize . inv0 x = true + axiom inv0 : forall x : Core_Slice_Iter_IterMut_Type.t_itermut usize . inv0 x = true function index_logic1 [@inline:trivial] (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (ix : int) : usize = @@ -1010,31 +1012,31 @@ module C03StdIterators_AllZero goto BB0 } BB0 { - _8 <- Borrow.borrow_mut ( * v); - v <- { v with current = ^ _8 }; - _7 <- ([#"../03_std_iterators.rs" 30 13 30 25] deref_mut0 _8); + [#"../03_std_iterators.rs" 30 13 30 25] _8 <- Borrow.borrow_mut ( * v); + [#"../03_std_iterators.rs" 30 13 30 25] v <- { v with current = ^ _8 }; + [#"../03_std_iterators.rs" 30 13 30 25] _7 <- ([#"../03_std_iterators.rs" 30 13 30 25] deref_mut0 _8); _8 <- any borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)); goto BB1 } BB1 { - _6 <- Borrow.borrow_mut ( * _7); - _7 <- { _7 with current = ^ _6 }; - _5 <- ([#"../03_std_iterators.rs" 30 13 30 25] iter_mut0 _6); + [#"../03_std_iterators.rs" 30 13 30 25] _6 <- Borrow.borrow_mut ( * _7); + [#"../03_std_iterators.rs" 30 13 30 25] _7 <- { _7 with current = ^ _6 }; + [#"../03_std_iterators.rs" 30 13 30 25] _5 <- ([#"../03_std_iterators.rs" 30 13 30 25] iter_mut0 _6); _6 <- any borrowed (slice usize); goto BB2 } BB2 { - iter <- ([#"../03_std_iterators.rs" 29 4 29 87] into_iter0 _5); + [#"../03_std_iterators.rs" 29 4 29 87] iter <- ([#"../03_std_iterators.rs" 29 4 29 87] into_iter0 _5); _5 <- any Core_Slice_Iter_IterMut_Type.t_itermut usize; goto BB3 } BB3 { assume { resolve0 _7 }; - iter_old <- ([#"../03_std_iterators.rs" 29 4 29 87] Ghost.new iter); + [#"../03_std_iterators.rs" 29 4 29 87] iter_old <- ([#"../03_std_iterators.rs" 29 4 29 87] Ghost.new iter); goto BB4 } BB4 { - produced <- ([#"../03_std_iterators.rs" 29 4 29 87] Ghost.new (Seq.empty )); + [#"../03_std_iterators.rs" 29 4 29 87] produced <- ([#"../03_std_iterators.rs" 29 4 29 87] Ghost.new (Seq.empty )); goto BB5 } BB5 { @@ -1047,11 +1049,11 @@ module C03StdIterators_AllZero goto BB7 } BB7 { - _19 <- Borrow.borrow_mut iter; - iter <- ^ _19; - _18 <- Borrow.borrow_mut ( * _19); - _19 <- { _19 with current = ^ _18 }; - _17 <- ([#"../03_std_iterators.rs" 29 4 29 87] next0 _18); + [#"../03_std_iterators.rs" 29 4 29 87] _19 <- Borrow.borrow_mut iter; + [#"../03_std_iterators.rs" 29 4 29 87] iter <- ^ _19; + [#"../03_std_iterators.rs" 29 4 29 87] _18 <- Borrow.borrow_mut ( * _19); + [#"../03_std_iterators.rs" 29 4 29 87] _19 <- { _19 with current = ^ _18 }; + [#"../03_std_iterators.rs" 29 4 29 87] _17 <- ([#"../03_std_iterators.rs" 29 4 29 87] next0 _18); _18 <- any borrowed (Core_Slice_Iter_IterMut_Type.t_itermut usize); goto BB8 } @@ -1064,7 +1066,7 @@ module C03StdIterators_AllZero } BB9 { assume { resolve3 iter }; - _0 <- ([#"../03_std_iterators.rs" 29 4 29 87] ()); + [#"../03_std_iterators.rs" 29 4 29 87] _0 <- ([#"../03_std_iterators.rs" 29 4 29 87] ()); assume { resolve4 v }; return _0 } @@ -1074,20 +1076,21 @@ module C03StdIterators_AllZero BB11 { assume { resolve3 iter }; assume { resolve4 v }; + assert { [#"../03_std_iterators.rs" 29 4 29 87] false }; absurd } BB12 { - __creusot_proc_iter_elem <- Core_Option_Option_Type.some_0 _17; - _17 <- (let Core_Option_Option_Type.C_Some x0 = _17 in Core_Option_Option_Type.C_Some (any borrowed usize)); - _22 <- ([#"../03_std_iterators.rs" 29 4 29 87] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _17); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] _17 <- (let Core_Option_Option_Type.C_Some x0 = _17 in Core_Option_Option_Type.C_Some (any borrowed usize)); + [#"../03_std_iterators.rs" 29 4 29 87] _22 <- ([#"../03_std_iterators.rs" 29 4 29 87] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); goto BB13 } BB13 { - produced <- _22; - _22 <- any Ghost.ghost_ty (Seq.seq (borrowed usize)); - x <- __creusot_proc_iter_elem; - __creusot_proc_iter_elem <- any borrowed usize; - x <- { x with current = ([#"../03_std_iterators.rs" 31 13 31 14] [#"../03_std_iterators.rs" 31 13 31 14] (0 : usize)) }; + [#"../03_std_iterators.rs" 29 4 29 87] produced <- ([#"../03_std_iterators.rs" 29 4 29 87] _22); + [#"../03_std_iterators.rs" 29 4 29 87] _22 <- any Ghost.ghost_ty (Seq.seq (borrowed usize)); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] x <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- any borrowed usize; + [#"../03_std_iterators.rs" 31 8 31 14] x <- { x with current = ([#"../03_std_iterators.rs" 31 8 31 14] [#"../03_std_iterators.rs" 31 13 31 14] (0 : usize)) }; assume { resolve2 x }; goto BB6 } @@ -1118,7 +1121,7 @@ module C03StdIterators_SkipTake val inv7 (_x : borrowed i) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : borrowed i . inv7 x = true + axiom inv7 : forall x : borrowed i . inv7 x = true type item0 use seq.Seq use seq.Seq @@ -1204,7 +1207,7 @@ module C03StdIterators_SkipTake val invariant6 (self : Seq.seq item0) : bool ensures { result = invariant6 self } - axiom inv6 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Seq.seq item0 . inv6 x = true + axiom inv6 : forall x : Seq.seq item0 . inv6 x = true predicate invariant5 (self : borrowed (Core_Iter_Adapters_Take_Take_Type.t_take i)) val invariant5 (self : borrowed (Core_Iter_Adapters_Take_Take_Type.t_take i)) : bool ensures { result = invariant5 self } @@ -1213,7 +1216,7 @@ module C03StdIterators_SkipTake val inv5 (_x : borrowed (Core_Iter_Adapters_Take_Take_Type.t_take i)) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : borrowed (Core_Iter_Adapters_Take_Take_Type.t_take i) . inv5 x = true + axiom inv5 : forall x : borrowed (Core_Iter_Adapters_Take_Take_Type.t_take i) . inv5 x = true use Core_Iter_Adapters_Skip_Skip_Type as Core_Iter_Adapters_Skip_Skip_Type predicate inv0 (_x : Core_Iter_Adapters_Skip_Skip_Type.t_skip (Core_Iter_Adapters_Take_Take_Type.t_take i)) val inv0 (_x : Core_Iter_Adapters_Skip_Skip_Type.t_skip (Core_Iter_Adapters_Take_Take_Type.t_take i)) : bool @@ -1271,17 +1274,17 @@ module C03StdIterators_SkipTake val inv4 (_x : borrowed (Core_Iter_Adapters_Skip_Skip_Type.t_skip (Core_Iter_Adapters_Take_Take_Type.t_take i))) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : borrowed (Core_Iter_Adapters_Skip_Skip_Type.t_skip (Core_Iter_Adapters_Take_Take_Type.t_take i)) . inv4 x = true + axiom inv4 : forall x : borrowed (Core_Iter_Adapters_Skip_Skip_Type.t_skip (Core_Iter_Adapters_Take_Take_Type.t_take i)) . inv4 x = true predicate invariant3 (self : Core_Iter_Adapters_Take_Take_Type.t_take i) val invariant3 (self : Core_Iter_Adapters_Take_Take_Type.t_take i) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Core_Iter_Adapters_Take_Take_Type.t_take i . inv3 x = true + axiom inv3 : forall x : Core_Iter_Adapters_Take_Take_Type.t_take i . inv3 x = true predicate invariant2 (self : i) val invariant2 (self : i) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : i . inv2 x = true + axiom inv2 : forall x : i . inv2 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant1 (self : Core_Option_Option_Type.t_option item0) val invariant1 (self : Core_Option_Option_Type.t_option item0) : bool @@ -1291,12 +1294,12 @@ module C03StdIterators_SkipTake val inv1 (_x : Core_Option_Option_Type.t_option item0) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option item0 . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option item0 . inv1 x = true predicate invariant0 (self : Core_Iter_Adapters_Skip_Skip_Type.t_skip (Core_Iter_Adapters_Take_Take_Type.t_take i)) val invariant0 (self : Core_Iter_Adapters_Skip_Skip_Type.t_skip (Core_Iter_Adapters_Take_Take_Type.t_take i)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Core_Iter_Adapters_Skip_Skip_Type.t_skip (Core_Iter_Adapters_Take_Take_Type.t_take i) . inv0 x = true + axiom inv0 : forall x : Core_Iter_Adapters_Skip_Skip_Type.t_skip (Core_Iter_Adapters_Take_Take_Type.t_take i) . inv0 x = true predicate resolve1 (self : Core_Option_Option_Type.t_option item0) val resolve1 (self : Core_Option_Option_Type.t_option item0) : bool ensures { result = resolve1 self } @@ -1376,20 +1379,20 @@ module C03StdIterators_SkipTake goto BB0 } BB0 { - _6 <- ([#"../03_std_iterators.rs" 36 14 36 26] take0 iter n); - iter <- any i; + [#"../03_std_iterators.rs" 36 14 36 26] _6 <- ([#"../03_std_iterators.rs" 36 14 36 26] take0 ([#"../03_std_iterators.rs" 36 14 36 18] iter) ([#"../03_std_iterators.rs" 36 24 36 25] n)); + [#"../03_std_iterators.rs" 36 14 36 18] iter <- any i; goto BB1 } BB1 { - _5 <- ([#"../03_std_iterators.rs" 36 14 36 34] skip0 _6 n); + [#"../03_std_iterators.rs" 36 14 36 34] _5 <- ([#"../03_std_iterators.rs" 36 14 36 34] skip0 _6 ([#"../03_std_iterators.rs" 36 32 36 33] n)); _6 <- any Core_Iter_Adapters_Take_Take_Type.t_take i; goto BB2 } BB2 { - _4 <- Borrow.borrow_mut _5; - _5 <- ^ _4; + [#"../03_std_iterators.rs" 36 14 36 41] _4 <- Borrow.borrow_mut _5; + [#"../03_std_iterators.rs" 36 14 36 41] _5 <- ^ _4; assume { inv0 ( ^ _4) }; - res <- ([#"../03_std_iterators.rs" 36 14 36 41] next0 _4); + [#"../03_std_iterators.rs" 36 14 36 41] res <- ([#"../03_std_iterators.rs" 36 14 36 41] next0 _4); _4 <- any borrowed (Core_Iter_Adapters_Skip_Skip_Type.t_skip (Core_Iter_Adapters_Take_Take_Type.t_take i)); goto BB3 } @@ -1405,7 +1408,7 @@ module C03StdIterators_SkipTake goto BB5 } BB5 { - _0 <- ([#"../03_std_iterators.rs" 35 49 39 1] ()); + [#"../03_std_iterators.rs" 35 49 39 1] _0 <- ([#"../03_std_iterators.rs" 35 49 39 1] ()); goto BB6 } BB6 { @@ -1460,14 +1463,14 @@ module C03StdIterators_Counter_Closure0 function field_00 [#"../03_std_iterators.rs" 48 12 48 91] (self : C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0) : borrowed usize = - [#"../03_std_iterators.rs" 1 0 1 0] let C03StdIterators_Counter_Closure0.C03StdIterators_Counter_Closure0 a = self in a + let C03StdIterators_Counter_Closure0.C03StdIterators_Counter_Closure0 a = self in a val field_00 [#"../03_std_iterators.rs" 48 12 48 91] (self : C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0) : borrowed usize ensures { result = field_00 self } predicate unnest0 [#"../03_std_iterators.rs" 48 12 48 91] (self : C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0) (_2 : C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0) = - [#"../03_std_iterators.rs" 1 0 1 0] ^ field_00 _2 = ^ field_00 self + ^ field_00 _2 = ^ field_00 self let constant max0 : usize = [@vc:do_not_keep_trace] [@vc:sp] (18446744073709551615 : usize) use seq.Seq @@ -1481,7 +1484,7 @@ module C03StdIterators_Counter_Closure0 let rec cfg c03StdIterators_Counter_Closure0 [#"../03_std_iterators.rs" 48 12 48 91] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : borrowed C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0) (x : uint32) (_prod : Ghost.ghost_ty (Seq.seq uint32)) : uint32 requires {[#"../03_std_iterators.rs" 47 23 47 65] UIntSize.to_int ( * field_00 ( * _1)) = Seq.length (Ghost.inner _prod) /\ * field_00 ( * _1) < max0} ensures { [#"../03_std_iterators.rs" 48 22 48 89] UIntSize.to_int ( * field_00 ( ^ _1)) = UIntSize.to_int ( * field_00 ( * _1)) + 1 /\ UIntSize.to_int ( * field_00 ( ^ _1)) = Seq.length (Ghost.inner _prod) + 1 /\ result = x } - ensures { [#"../03_std_iterators.rs" 1 0 1 0] unnest0 ( * _1) ( ^ _1) } + ensures { unnest0 ( * _1) ( ^ _1) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : uint32; @@ -1493,11 +1496,11 @@ module C03StdIterators_Counter_Closure0 goto BB0 } BB0 { - _1 <- { _1 with current = (let C03StdIterators_Counter_Closure0.C03StdIterators_Counter_Closure0 x0 = * _1 in C03StdIterators_Counter_Closure0.C03StdIterators_Counter_Closure0 ({ (field_00 ( * _1)) with current = ([#"../03_std_iterators.rs" 50 16 50 24] * field_00 ( * _1) + ([#"../03_std_iterators.rs" 50 23 50 24] [#"../03_std_iterators.rs" 50 23 50 24] (1 : usize))) })) }; + [#"../03_std_iterators.rs" 50 16 50 24] _1 <- { _1 with current = (let C03StdIterators_Counter_Closure0.C03StdIterators_Counter_Closure0 x0 = * _1 in C03StdIterators_Counter_Closure0.C03StdIterators_Counter_Closure0 ({ (field_00 ( * _1)) with current = ([#"../03_std_iterators.rs" 50 16 50 24] * field_00 ( * _1) + ([#"../03_std_iterators.rs" 50 23 50 24] [#"../03_std_iterators.rs" 50 23 50 24] (1 : usize))) })) }; assume { resolve0 _1 }; - res1 <- x; - res <- res1; - _0 <- res; + [#"../03_std_iterators.rs" 51 16 51 18] res1 <- ([#"../03_std_iterators.rs" 51 16 51 18] x); + [#"../03_std_iterators.rs" 47 12 47 67] res <- ([#"../03_std_iterators.rs" 47 12 47 67] res1); + [#"../03_std_iterators.rs" 48 12 48 91] _0 <- ([#"../03_std_iterators.rs" 48 12 48 91] res); return _0 } @@ -1515,7 +1518,7 @@ module C03StdIterators_Counter val inv15 (_x : Ghost.ghost_ty (Seq.seq uint32)) : bool ensures { result = inv15 _x } - axiom inv15 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Ghost.ghost_ty (Seq.seq uint32) . inv15 x = true + axiom inv15 : forall x : Ghost.ghost_ty (Seq.seq uint32) . inv15 x = true use prelude.Slice predicate invariant14 (self : slice uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1526,7 +1529,7 @@ module C03StdIterators_Counter val inv14 (_x : slice uint32) : bool ensures { result = inv14 _x } - axiom inv14 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : slice uint32 . inv14 x = true + axiom inv14 : forall x : slice uint32 . inv14 x = true use prelude.UIntSize use prelude.Int16 use prelude.Borrow @@ -1540,7 +1543,7 @@ module C03StdIterators_Counter val inv13 (_x : Seq.seq (borrowed C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0)) : bool ensures { result = inv13 _x } - axiom inv13 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Seq.seq (borrowed C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0) . inv13 x = true + axiom inv13 : forall x : Seq.seq (borrowed C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0) . inv13 x = true predicate invariant12 (self : borrowed C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant12 (self : borrowed C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0) : bool @@ -1550,7 +1553,7 @@ module C03StdIterators_Counter val inv12 (_x : borrowed C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0) : bool ensures { result = inv12 _x } - axiom inv12 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : borrowed C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0 . inv12 x = true + axiom inv12 : forall x : borrowed C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0 . inv12 x = true predicate invariant11 (self : uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant11 (self : uint32) : bool @@ -1560,7 +1563,7 @@ module C03StdIterators_Counter val inv11 (_x : uint32) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : uint32 . inv11 x = true + axiom inv11 : forall x : uint32 . inv11 x = true use Core_Slice_Iter_Iter_Type as Core_Slice_Iter_Iter_Type predicate invariant10 (self : borrowed (Core_Slice_Iter_Iter_Type.t_iter uint32)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1571,7 +1574,7 @@ module C03StdIterators_Counter val inv10 (_x : borrowed (Core_Slice_Iter_Iter_Type.t_iter uint32)) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : borrowed (Core_Slice_Iter_Iter_Type.t_iter uint32) . inv10 x = true + axiom inv10 : forall x : borrowed (Core_Slice_Iter_Iter_Type.t_iter uint32) . inv10 x = true predicate invariant9 (self : Seq.seq uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant9 (self : Seq.seq uint32) : bool @@ -1581,7 +1584,7 @@ module C03StdIterators_Counter val inv9 (_x : Seq.seq uint32) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Seq.seq uint32 . inv9 x = true + axiom inv9 : forall x : Seq.seq uint32 . inv9 x = true predicate inv6 (_x : Seq.seq uint32) val inv6 (_x : Seq.seq uint32) : bool ensures { result = inv6 _x } @@ -1608,7 +1611,7 @@ module C03StdIterators_Counter val invariant8 (self : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant8 self } - axiom inv8 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv8 x = true + axiom inv8 : forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv8 x = true use CreusotContracts_Std1_Iter_MapInv_MapInv_Type as CreusotContracts_Std1_Iter_MapInv_MapInv_Type use seq.Seq predicate inv5 (_x : CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv (Core_Slice_Iter_Iter_Type.t_iter uint32) uint32 C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0) @@ -1619,20 +1622,20 @@ module C03StdIterators_Counter function field_00 [#"../03_std_iterators.rs" 48 12 48 91] (self : C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0) : borrowed usize = - [#"../03_std_iterators.rs" 1 0 1 0] let C03StdIterators_Counter_Closure0.C03StdIterators_Counter_Closure0 a = self in a + let C03StdIterators_Counter_Closure0.C03StdIterators_Counter_Closure0 a = self in a val field_00 [#"../03_std_iterators.rs" 48 12 48 91] (self : C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0) : borrowed usize ensures { result = field_00 self } predicate unnest0 [#"../03_std_iterators.rs" 48 12 48 91] (self : C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0) (_2 : C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0) = - [#"../03_std_iterators.rs" 1 0 1 0] ^ field_00 _2 = ^ field_00 self + ^ field_00 _2 = ^ field_00 self use seq.Seq use prelude.Ghost predicate postcondition_mut0 [#"../03_std_iterators.rs" 48 12 48 91] (self : borrowed C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) = - [#"../03_std_iterators.rs" 1 0 1 0] (let (x, _prod) = args in UIntSize.to_int ( * field_00 ( ^ self)) = UIntSize.to_int ( * field_00 ( * self)) + 1 /\ UIntSize.to_int ( * field_00 ( ^ self)) = Seq.length (Ghost.inner _prod) + 1 /\ result = x) /\ unnest0 ( * self) ( ^ self) + (let (x, _prod) = args in UIntSize.to_int ( * field_00 ( ^ self)) = UIntSize.to_int ( * field_00 ( * self)) + 1 /\ UIntSize.to_int ( * field_00 ( ^ self)) = Seq.length (Ghost.inner _prod) + 1 /\ result = x) /\ unnest0 ( * self) ( ^ self) use seq.Seq predicate precondition0 [#"../03_std_iterators.rs" 48 12 48 91] (self : C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) @@ -1727,13 +1730,13 @@ module C03StdIterators_Counter val inv7 (_x : borrowed (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv (Core_Slice_Iter_Iter_Type.t_iter uint32) uint32 C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0)) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : borrowed (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv (Core_Slice_Iter_Iter_Type.t_iter uint32) uint32 C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0) . inv7 x = (inv5 ( * x) /\ inv5 ( ^ x)) + axiom inv7 : forall x : borrowed (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv (Core_Slice_Iter_Iter_Type.t_iter uint32) uint32 C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0) . inv7 x = (inv5 ( * x) /\ inv5 ( ^ x)) predicate invariant6 (self : Seq.seq uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant6 (self : Seq.seq uint32) : bool ensures { result = invariant6 self } - axiom inv6 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Seq.seq uint32 . inv6 x = true + axiom inv6 : forall x : Seq.seq uint32 . inv6 x = true use seq.Seq predicate inv3 (_x : uint32) val inv3 (_x : uint32) : bool @@ -1797,7 +1800,7 @@ module C03StdIterators_Counter val invariant5 (self : CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv (Core_Slice_Iter_Iter_Type.t_iter uint32) uint32 C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0) : bool ensures { result = invariant5 self } - axiom inv5 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv (Core_Slice_Iter_Iter_Type.t_iter uint32) uint32 C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0 . inv5 x = (invariant5 x /\ match x with + axiom inv5 : forall x : CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv (Core_Slice_Iter_Iter_Type.t_iter uint32) uint32 C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0 . inv5 x = (invariant5 x /\ match x with | CreusotContracts_Std1_Iter_MapInv_MapInv_Type.C_MapInv iter func produced -> true end) predicate invariant4 (self : C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0) = @@ -1805,7 +1808,7 @@ module C03StdIterators_Counter val invariant4 (self : C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0) : bool ensures { result = invariant4 self } - axiom inv4 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0 . inv4 x = true + axiom inv4 : forall x : C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0 . inv4 x = true function produces_trans1 (a : Core_Slice_Iter_Iter_Type.t_iter uint32) (ab : Seq.seq uint32) (b : Core_Slice_Iter_Iter_Type.t_iter uint32) (bc : Seq.seq uint32) (c : Core_Slice_Iter_Iter_Type.t_iter uint32) : () = @@ -1829,19 +1832,19 @@ module C03StdIterators_Counter val invariant3 (self : uint32) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : uint32 . inv3 x = true + axiom inv3 : forall x : uint32 . inv3 x = true predicate invariant2 (self : Core_Slice_Iter_Iter_Type.t_iter uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : Core_Slice_Iter_Iter_Type.t_iter uint32) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Core_Slice_Iter_Iter_Type.t_iter uint32 . inv2 x = true + axiom inv2 : forall x : Core_Slice_Iter_Iter_Type.t_iter uint32 . inv2 x = true predicate invariant1 (self : slice uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : slice uint32) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : slice uint32 . inv1 x = true + axiom inv1 : forall x : slice uint32 . inv1 x = true predicate invariant0 (self : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) : bool @@ -1851,7 +1854,7 @@ module C03StdIterators_Counter val inv0 (_x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true function produces_trans0 (a : Core_Slice_Iter_Iter_Type.t_iter uint32) (ab : Seq.seq uint32) (b : Core_Slice_Iter_Iter_Type.t_iter uint32) (bc : Seq.seq uint32) (c : Core_Slice_Iter_Iter_Type.t_iter uint32) : () val produces_trans0 (a : Core_Slice_Iter_Iter_Type.t_iter uint32) (ab : Seq.seq uint32) (b : Core_Slice_Iter_Iter_Type.t_iter uint32) (bc : Seq.seq uint32) (c : Core_Slice_Iter_Iter_Type.t_iter uint32) : () @@ -1911,7 +1914,7 @@ module C03StdIterators_Counter predicate resolve4 [#"../03_std_iterators.rs" 48 12 48 91] (_1 : C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0) = - [#"../03_std_iterators.rs" 1 0 1 0] resolve6 (field_00 _1) + resolve6 (field_00 _1) predicate resolve3 (self : Core_Slice_Iter_Iter_Type.t_iter uint32) = [#"../../../../../creusot-contracts/src/resolve.rs" 45 8 45 12] true val resolve3 (self : Core_Slice_Iter_Iter_Type.t_iter uint32) : bool @@ -1967,24 +1970,24 @@ module C03StdIterators_Counter goto BB0 } BB0 { - cnt <- ([#"../03_std_iterators.rs" 42 18 42 19] [#"../03_std_iterators.rs" 42 18 42 19] (0 : usize)); - _7 <- ([#"../03_std_iterators.rs" 44 22 45 15] deref0 ([#"../03_std_iterators.rs" 44 22 45 15] v)); + [#"../03_std_iterators.rs" 42 18 42 19] cnt <- ([#"../03_std_iterators.rs" 42 18 42 19] [#"../03_std_iterators.rs" 42 18 42 19] (0 : usize)); + [#"../03_std_iterators.rs" 44 22 45 15] _7 <- ([#"../03_std_iterators.rs" 44 22 45 15] deref0 ([#"../03_std_iterators.rs" 44 22 45 15] v)); goto BB1 } BB1 { - _5 <- ([#"../03_std_iterators.rs" 44 22 45 15] iter0 ([#"../03_std_iterators.rs" 44 22 45 15] _7)); + [#"../03_std_iterators.rs" 44 22 45 15] _5 <- ([#"../03_std_iterators.rs" 44 22 45 15] iter0 ([#"../03_std_iterators.rs" 44 22 45 15] _7)); goto BB2 } BB2 { - _10 <- Borrow.borrow_mut cnt; - cnt <- ^ _10; - _4 <- ([#"../03_std_iterators.rs" 44 22 53 9] map_inv0 _5 ([#"../03_std_iterators.rs" 48 12 48 91] C03StdIterators_Counter_Closure0.C03StdIterators_Counter_Closure0 _10)); + [#"../03_std_iterators.rs" 48 12 48 91] _10 <- Borrow.borrow_mut cnt; + [#"../03_std_iterators.rs" 48 12 48 91] cnt <- ^ _10; + [#"../03_std_iterators.rs" 44 22 53 9] _4 <- ([#"../03_std_iterators.rs" 44 22 53 9] map_inv0 _5 ([#"../03_std_iterators.rs" 48 12 48 91] C03StdIterators_Counter_Closure0.C03StdIterators_Counter_Closure0 _10)); _5 <- any Core_Slice_Iter_Iter_Type.t_iter uint32; _10 <- any borrowed usize; goto BB3 } BB3 { - x <- ([#"../03_std_iterators.rs" 44 22 54 18] collect0 _4); + [#"../03_std_iterators.rs" 44 22 54 18] x <- ([#"../03_std_iterators.rs" 44 22 54 18] collect0 _4); _4 <- any CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv (Core_Slice_Iter_Iter_Type.t_iter uint32) uint32 C03StdIterators_Counter_Closure0.c03stditerators_counter_closure0; goto BB4 } @@ -2003,7 +2006,7 @@ module C03StdIterators_Counter goto BB7 } BB7 { - _0 <- ([#"../03_std_iterators.rs" 41 28 59 1] ()); + [#"../03_std_iterators.rs" 41 28 59 1] _0 <- ([#"../03_std_iterators.rs" 41 28 59 1] ()); goto BB8 } BB8 { @@ -2039,7 +2042,7 @@ module C03StdIterators_SumRange val inv3 (_x : Seq.seq isize) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Seq.seq isize . inv3 x = true + axiom inv3 : forall x : Seq.seq isize . inv3 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant2 (self : Core_Option_Option_Type.t_option isize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -2050,7 +2053,7 @@ module C03StdIterators_SumRange val inv2 (_x : Core_Option_Option_Type.t_option isize) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option isize . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option isize . inv2 x = true use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type use prelude.Borrow predicate invariant1 (self : borrowed (Core_Ops_Range_Range_Type.t_range isize)) = @@ -2062,7 +2065,7 @@ module C03StdIterators_SumRange val inv1 (_x : borrowed (Core_Ops_Range_Range_Type.t_range isize)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : borrowed (Core_Ops_Range_Range_Type.t_range isize) . inv1 x = true + axiom inv1 : forall x : borrowed (Core_Ops_Range_Range_Type.t_range isize) . inv1 x = true use seq.Seq predicate inv0 (_x : Core_Ops_Range_Range_Type.t_range isize) val inv0 (_x : Core_Ops_Range_Range_Type.t_range isize) : bool @@ -2110,7 +2113,7 @@ module C03StdIterators_SumRange val invariant0 (self : Core_Ops_Range_Range_Type.t_range isize) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Core_Ops_Range_Range_Type.t_range isize . inv0 x = true + axiom inv0 : forall x : Core_Ops_Range_Range_Type.t_range isize . inv0 x = true use prelude.Ghost use seq.Seq predicate resolve0 (self : borrowed (Core_Ops_Range_Range_Type.t_range isize)) = @@ -2174,16 +2177,16 @@ module C03StdIterators_SumRange goto BB0 } BB0 { - i <- ([#"../03_std_iterators.rs" 64 16 64 17] [#"../03_std_iterators.rs" 64 16 64 17] (0 : isize)); - iter <- ([#"../03_std_iterators.rs" 65 4 65 48] into_iter0 ([#"../03_std_iterators.rs" 66 13 66 17] Core_Ops_Range_Range_Type.C_Range ([#"../03_std_iterators.rs" 66 13 66 14] [#"../03_std_iterators.rs" 66 13 66 14] (0 : isize)) n)); + [#"../03_std_iterators.rs" 64 16 64 17] i <- ([#"../03_std_iterators.rs" 64 16 64 17] [#"../03_std_iterators.rs" 64 16 64 17] (0 : isize)); + [#"../03_std_iterators.rs" 65 4 65 48] iter <- ([#"../03_std_iterators.rs" 65 4 65 48] into_iter0 ([#"../03_std_iterators.rs" 66 13 66 17] Core_Ops_Range_Range_Type.C_Range ([#"../03_std_iterators.rs" 66 13 66 14] [#"../03_std_iterators.rs" 66 13 66 14] (0 : isize)) ([#"../03_std_iterators.rs" 66 16 66 17] n))); goto BB1 } BB1 { - iter_old <- ([#"../03_std_iterators.rs" 65 4 65 48] Ghost.new iter); + [#"../03_std_iterators.rs" 65 4 65 48] iter_old <- ([#"../03_std_iterators.rs" 65 4 65 48] Ghost.new iter); goto BB2 } BB2 { - produced <- ([#"../03_std_iterators.rs" 65 4 65 48] Ghost.new (Seq.empty )); + [#"../03_std_iterators.rs" 65 4 65 48] produced <- ([#"../03_std_iterators.rs" 65 4 65 48] Ghost.new (Seq.empty )); goto BB3 } BB3 { @@ -2196,11 +2199,11 @@ module C03StdIterators_SumRange goto BB5 } BB5 { - _19 <- Borrow.borrow_mut iter; - iter <- ^ _19; - _18 <- Borrow.borrow_mut ( * _19); - _19 <- { _19 with current = ^ _18 }; - _17 <- ([#"../03_std_iterators.rs" 65 4 65 48] next0 _18); + [#"../03_std_iterators.rs" 65 4 65 48] _19 <- Borrow.borrow_mut iter; + [#"../03_std_iterators.rs" 65 4 65 48] iter <- ^ _19; + [#"../03_std_iterators.rs" 65 4 65 48] _18 <- Borrow.borrow_mut ( * _19); + [#"../03_std_iterators.rs" 65 4 65 48] _19 <- { _19 with current = ^ _18 }; + [#"../03_std_iterators.rs" 65 4 65 48] _17 <- ([#"../03_std_iterators.rs" 65 4 65 48] next0 _18); _18 <- any borrowed (Core_Ops_Range_Range_Type.t_range isize); goto BB6 } @@ -2212,24 +2215,25 @@ module C03StdIterators_SumRange end } BB7 { - _0 <- i; + [#"../03_std_iterators.rs" 69 4 69 5] _0 <- ([#"../03_std_iterators.rs" 69 4 69 5] i); return _0 } BB8 { goto BB10 } BB9 { + assert { [#"../03_std_iterators.rs" 65 4 65 48] false }; absurd } BB10 { - __creusot_proc_iter_elem <- Core_Option_Option_Type.some_0 _17; - _22 <- ([#"../03_std_iterators.rs" 65 4 65 48] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _17); + [#"../03_std_iterators.rs" 65 4 65 48] _22 <- ([#"../03_std_iterators.rs" 65 4 65 48] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); goto BB11 } BB11 { - produced <- _22; - _22 <- any Ghost.ghost_ty (Seq.seq isize); - i <- ([#"../03_std_iterators.rs" 67 8 67 14] i + ([#"../03_std_iterators.rs" 67 13 67 14] [#"../03_std_iterators.rs" 67 13 67 14] (1 : isize))); + [#"../03_std_iterators.rs" 65 4 65 48] produced <- ([#"../03_std_iterators.rs" 65 4 65 48] _22); + [#"../03_std_iterators.rs" 65 4 65 48] _22 <- any Ghost.ghost_ty (Seq.seq isize); + [#"../03_std_iterators.rs" 67 8 67 14] i <- ([#"../03_std_iterators.rs" 67 8 67 14] i + ([#"../03_std_iterators.rs" 67 13 67 14] [#"../03_std_iterators.rs" 67 13 67 14] (1 : isize))); goto BB4 } @@ -2254,7 +2258,7 @@ module C03StdIterators_EnumerateRange val inv6 (_x : borrowed (Core_Ops_Range_Range_Type.t_range usize)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv6 x = true + axiom inv6 : forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv6 x = true use seq.Seq predicate invariant5 (self : Seq.seq (usize, usize)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -2265,7 +2269,7 @@ module C03StdIterators_EnumerateRange val inv5 (_x : Seq.seq (usize, usize)) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Seq.seq (usize, usize) . inv5 x = true + axiom inv5 : forall x : Seq.seq (usize, usize) . inv5 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant4 (self : Core_Option_Option_Type.t_option (usize, usize)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -2276,7 +2280,7 @@ module C03StdIterators_EnumerateRange val inv4 (_x : Core_Option_Option_Type.t_option (usize, usize)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (usize, usize) . inv4 x = true + axiom inv4 : forall x : Core_Option_Option_Type.t_option (usize, usize) . inv4 x = true use seq.Seq predicate inv3 (_x : Seq.seq usize) val inv3 (_x : Seq.seq usize) : bool @@ -2328,13 +2332,13 @@ module C03StdIterators_EnumerateRange val invariant3 (self : Seq.seq usize) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Seq.seq usize . inv3 x = true + axiom inv3 : forall x : Seq.seq usize . inv3 x = true predicate invariant2 (self : Core_Ops_Range_Range_Type.t_range usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : Core_Ops_Range_Range_Type.t_range usize) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Core_Ops_Range_Range_Type.t_range usize . inv2 x = true + axiom inv2 : forall x : Core_Ops_Range_Range_Type.t_range usize . inv2 x = true use Core_Iter_Adapters_Enumerate_Enumerate_Type as Core_Iter_Adapters_Enumerate_Enumerate_Type predicate invariant1 (self : borrowed (Core_Iter_Adapters_Enumerate_Enumerate_Type.t_enumerate (Core_Ops_Range_Range_Type.t_range usize))) @@ -2353,7 +2357,7 @@ module C03StdIterators_EnumerateRange val inv1 (_x : borrowed (Core_Iter_Adapters_Enumerate_Enumerate_Type.t_enumerate (Core_Ops_Range_Range_Type.t_range usize))) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : borrowed (Core_Iter_Adapters_Enumerate_Enumerate_Type.t_enumerate (Core_Ops_Range_Range_Type.t_range usize)) . inv1 x = (inv0 ( * x) /\ inv0 ( ^ x)) + axiom inv1 : forall x : borrowed (Core_Iter_Adapters_Enumerate_Enumerate_Type.t_enumerate (Core_Ops_Range_Range_Type.t_range usize)) . inv1 x = (inv0 ( * x) /\ inv0 ( ^ x)) use seq.Seq use seq.Seq function iter0 (self : Core_Iter_Adapters_Enumerate_Enumerate_Type.t_enumerate (Core_Ops_Range_Range_Type.t_range usize)) : Core_Ops_Range_Range_Type.t_range usize @@ -2412,7 +2416,7 @@ module C03StdIterators_EnumerateRange val invariant0 (self : Core_Iter_Adapters_Enumerate_Enumerate_Type.t_enumerate (Core_Ops_Range_Range_Type.t_range usize)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Core_Iter_Adapters_Enumerate_Enumerate_Type.t_enumerate (Core_Ops_Range_Range_Type.t_range usize) . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : Core_Iter_Adapters_Enumerate_Enumerate_Type.t_enumerate (Core_Ops_Range_Range_Type.t_range usize) . inv0 x = (invariant0 x /\ match x with | Core_Iter_Adapters_Enumerate_Enumerate_Type.C_Enumerate iter count -> true end) use prelude.Ghost @@ -2516,20 +2520,20 @@ module C03StdIterators_EnumerateRange goto BB0 } BB0 { - _2 <- ([#"../03_std_iterators.rs" 74 19 74 38] enumerate0 ([#"../03_std_iterators.rs" 74 19 74 26] Core_Ops_Range_Range_Type.C_Range ([#"../03_std_iterators.rs" 74 20 74 21] [#"../03_std_iterators.rs" 74 20 74 21] (0 : usize)) ([#"../03_std_iterators.rs" 74 23 74 25] [#"../03_std_iterators.rs" 74 23 74 25] (10 : usize)))); + [#"../03_std_iterators.rs" 74 19 74 38] _2 <- ([#"../03_std_iterators.rs" 74 19 74 38] enumerate0 ([#"../03_std_iterators.rs" 74 19 74 26] Core_Ops_Range_Range_Type.C_Range ([#"../03_std_iterators.rs" 74 20 74 21] [#"../03_std_iterators.rs" 74 20 74 21] (0 : usize)) ([#"../03_std_iterators.rs" 74 23 74 25] [#"../03_std_iterators.rs" 74 23 74 25] (10 : usize)))); goto BB1 } BB1 { - iter <- ([#"../03_std_iterators.rs" 73 4 73 96] into_iter0 _2); + [#"../03_std_iterators.rs" 73 4 73 96] iter <- ([#"../03_std_iterators.rs" 73 4 73 96] into_iter0 _2); _2 <- any Core_Iter_Adapters_Enumerate_Enumerate_Type.t_enumerate (Core_Ops_Range_Range_Type.t_range usize); goto BB2 } BB2 { - iter_old <- ([#"../03_std_iterators.rs" 73 4 73 96] Ghost.new iter); + [#"../03_std_iterators.rs" 73 4 73 96] iter_old <- ([#"../03_std_iterators.rs" 73 4 73 96] Ghost.new iter); goto BB3 } BB3 { - produced <- ([#"../03_std_iterators.rs" 73 4 73 96] Ghost.new (Seq.empty )); + [#"../03_std_iterators.rs" 73 4 73 96] produced <- ([#"../03_std_iterators.rs" 73 4 73 96] Ghost.new (Seq.empty )); goto BB4 } BB4 { @@ -2542,13 +2546,13 @@ module C03StdIterators_EnumerateRange goto BB6 } BB6 { - _14 <- Borrow.borrow_mut iter; - iter <- ^ _14; + [#"../03_std_iterators.rs" 73 4 73 96] _14 <- Borrow.borrow_mut iter; + [#"../03_std_iterators.rs" 73 4 73 96] iter <- ^ _14; assume { inv0 ( ^ _14) }; - _13 <- Borrow.borrow_mut ( * _14); - _14 <- { _14 with current = ^ _13 }; + [#"../03_std_iterators.rs" 73 4 73 96] _13 <- Borrow.borrow_mut ( * _14); + [#"../03_std_iterators.rs" 73 4 73 96] _14 <- { _14 with current = ^ _13 }; assume { inv0 ( ^ _13) }; - _12 <- ([#"../03_std_iterators.rs" 73 4 73 96] next0 _13); + [#"../03_std_iterators.rs" 73 4 73 96] _12 <- ([#"../03_std_iterators.rs" 73 4 73 96] next0 _13); _13 <- any borrowed (Core_Iter_Adapters_Enumerate_Enumerate_Type.t_enumerate (Core_Ops_Range_Range_Type.t_range usize)); goto BB7 } @@ -2563,7 +2567,7 @@ module C03StdIterators_EnumerateRange BB8 { assert { [@expl:type invariant] inv0 iter }; assume { resolve2 iter }; - _0 <- ([#"../03_std_iterators.rs" 73 4 73 96] ()); + [#"../03_std_iterators.rs" 73 4 73 96] _0 <- ([#"../03_std_iterators.rs" 73 4 73 96] ()); return _0 } BB9 { @@ -2572,20 +2576,21 @@ module C03StdIterators_EnumerateRange BB10 { assert { [@expl:type invariant] inv0 iter }; assume { resolve2 iter }; + assert { [#"../03_std_iterators.rs" 73 4 73 96] false }; absurd } BB11 { - __creusot_proc_iter_elem <- Core_Option_Option_Type.some_0 _12; - _17 <- ([#"../03_std_iterators.rs" 73 4 73 96] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _12); + [#"../03_std_iterators.rs" 73 4 73 96] _17 <- ([#"../03_std_iterators.rs" 73 4 73 96] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); goto BB12 } BB12 { - produced <- _17; - _17 <- any Ghost.ghost_ty (Seq.seq (usize, usize)); - ix <- (let (a, _) = __creusot_proc_iter_elem in a); - x <- (let (_, a) = __creusot_proc_iter_elem in a); + [#"../03_std_iterators.rs" 73 4 73 96] produced <- ([#"../03_std_iterators.rs" 73 4 73 96] _17); + [#"../03_std_iterators.rs" 73 4 73 96] _17 <- any Ghost.ghost_ty (Seq.seq (usize, usize)); + [#"../03_std_iterators.rs" 74 9 74 11] ix <- ([#"../03_std_iterators.rs" 74 9 74 11] let (a, _) = __creusot_proc_iter_elem in a); + [#"../03_std_iterators.rs" 74 13 74 14] x <- ([#"../03_std_iterators.rs" 74 13 74 14] let (_, a) = __creusot_proc_iter_elem in a); assume { resolve1 __creusot_proc_iter_elem }; - _21 <- ([#"../03_std_iterators.rs" 75 16 75 23] (ix, x)); + [#"../03_std_iterators.rs" 75 16 75 23] _21 <- ([#"../03_std_iterators.rs" 75 16 75 23] (([#"../03_std_iterators.rs" 75 17 75 19] ix), ([#"../03_std_iterators.rs" 75 21 75 22] x))); assume { resolve1 _21 }; goto BB5 } @@ -2610,7 +2615,7 @@ module C03StdIterators_MyReverse val inv12 (_x : usize) : bool ensures { result = inv12 _x } - axiom inv12 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : usize . inv12 x = true + axiom inv12 : forall x : usize . inv12 x = true use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type use prelude.Borrow predicate invariant11 (self : borrowed (Core_Ops_Range_Range_Type.t_range usize)) = @@ -2622,7 +2627,7 @@ module C03StdIterators_MyReverse val inv11 (_x : borrowed (Core_Ops_Range_Range_Type.t_range usize)) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv11 x = true + axiom inv11 : forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv11 x = true use seq.Seq predicate invariant10 (self : Seq.seq (usize, usize)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -2633,7 +2638,7 @@ module C03StdIterators_MyReverse val inv10 (_x : Seq.seq (usize, usize)) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Seq.seq (usize, usize) . inv10 x = true + axiom inv10 : forall x : Seq.seq (usize, usize) . inv10 x = true predicate invariant9 (self : Seq.seq t) val invariant9 (self : Seq.seq t) : bool ensures { result = invariant9 self } @@ -2642,7 +2647,7 @@ module C03StdIterators_MyReverse val inv9 (_x : Seq.seq t) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Seq.seq t . inv9 x = true + axiom inv9 : forall x : Seq.seq t . inv9 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant8 (self : Core_Option_Option_Type.t_option (usize, usize)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -2653,7 +2658,7 @@ module C03StdIterators_MyReverse val inv8 (_x : Core_Option_Option_Type.t_option (usize, usize)) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (usize, usize) . inv8 x = true + axiom inv8 : forall x : Core_Option_Option_Type.t_option (usize, usize) . inv8 x = true use Core_Iter_Adapters_Zip_Zip_Type as Core_Iter_Adapters_Zip_Zip_Type predicate invariant7 (self : borrowed (Core_Iter_Adapters_Zip_Zip_Type.t_zip (Core_Ops_Range_Range_Type.t_range usize) (Core_Ops_Range_Range_Type.t_range usize))) @@ -2667,7 +2672,7 @@ module C03StdIterators_MyReverse val inv7 (_x : borrowed (Core_Iter_Adapters_Zip_Zip_Type.t_zip (Core_Ops_Range_Range_Type.t_range usize) (Core_Ops_Range_Range_Type.t_range usize))) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : borrowed (Core_Iter_Adapters_Zip_Zip_Type.t_zip (Core_Ops_Range_Range_Type.t_range usize) (Core_Ops_Range_Range_Type.t_range usize)) . inv7 x = true + axiom inv7 : forall x : borrowed (Core_Iter_Adapters_Zip_Zip_Type.t_zip (Core_Ops_Range_Range_Type.t_range usize) (Core_Ops_Range_Range_Type.t_range usize)) . inv7 x = true use seq.Seq predicate inv6 (_x : Seq.seq usize) val inv6 (_x : Seq.seq usize) : bool @@ -2719,13 +2724,13 @@ module C03StdIterators_MyReverse val invariant6 (self : Seq.seq usize) : bool ensures { result = invariant6 self } - axiom inv6 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Seq.seq usize . inv6 x = true + axiom inv6 : forall x : Seq.seq usize . inv6 x = true predicate invariant5 (self : Core_Ops_Range_Range_Type.t_range usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant5 (self : Core_Ops_Range_Range_Type.t_range usize) : bool ensures { result = invariant5 self } - axiom inv5 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Core_Ops_Range_Range_Type.t_range usize . inv5 x = true + axiom inv5 : forall x : Core_Ops_Range_Range_Type.t_range usize . inv5 x = true use prelude.Slice predicate invariant4 (self : slice t) val invariant4 (self : slice t) : bool @@ -2735,7 +2740,7 @@ module C03StdIterators_MyReverse val inv4 (_x : slice t) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : slice t . inv4 x = true + axiom inv4 : forall x : slice t . inv4 x = true predicate invariant3 (self : borrowed (slice t)) val invariant3 (self : borrowed (slice t)) : bool ensures { result = invariant3 self } @@ -2744,7 +2749,7 @@ module C03StdIterators_MyReverse val inv3 (_x : borrowed (slice t)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : borrowed (slice t) . inv3 x = true + axiom inv3 : forall x : borrowed (slice t) . inv3 x = true predicate invariant2 (self : slice t) val invariant2 (self : slice t) : bool ensures { result = invariant2 self } @@ -2753,7 +2758,7 @@ module C03StdIterators_MyReverse val inv2 (_x : slice t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : slice t . inv2 x = true + axiom inv2 : forall x : slice t . inv2 x = true use seq.Seq predicate inv1 (_x : Core_Iter_Adapters_Zip_Zip_Type.t_zip (Core_Ops_Range_Range_Type.t_range usize) (Core_Ops_Range_Range_Type.t_range usize)) @@ -2807,7 +2812,7 @@ module C03StdIterators_MyReverse val invariant1 (self : Core_Iter_Adapters_Zip_Zip_Type.t_zip (Core_Ops_Range_Range_Type.t_range usize) (Core_Ops_Range_Range_Type.t_range usize)) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Core_Iter_Adapters_Zip_Zip_Type.t_zip (Core_Ops_Range_Range_Type.t_range usize) (Core_Ops_Range_Range_Type.t_range usize) . inv1 x = true + axiom inv1 : forall x : Core_Iter_Adapters_Zip_Zip_Type.t_zip (Core_Ops_Range_Range_Type.t_range usize) (Core_Ops_Range_Range_Type.t_range usize) . inv1 x = true use prelude.Ghost predicate invariant0 (self : Ghost.ghost_ty (borrowed (slice t))) val invariant0 (self : Ghost.ghost_ty (borrowed (slice t))) : bool @@ -2817,7 +2822,7 @@ module C03StdIterators_MyReverse val inv0 (_x : Ghost.ghost_ty (borrowed (slice t))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../03_std_iterators.rs" 1 0 1 0] forall x : Ghost.ghost_ty (borrowed (slice t)) . inv0 x = true + axiom inv0 : forall x : Ghost.ghost_ty (borrowed (slice t)) . inv0 x = true use seq.Seq use seq.Reverse use prelude.Slice @@ -3002,40 +3007,40 @@ module C03StdIterators_MyReverse goto BB0 } BB0 { - n <- ([#"../03_std_iterators.rs" 95 12 95 23] len0 ([#"../03_std_iterators.rs" 95 12 95 23] * slice)); + [#"../03_std_iterators.rs" 95 12 95 23] n <- ([#"../03_std_iterators.rs" 95 12 95 23] len0 ([#"../03_std_iterators.rs" 95 12 95 23] * slice)); goto BB1 } BB1 { - old_v <- ([#"../03_std_iterators.rs" 96 33 96 46] Ghost.new slice); + [#"../03_std_iterators.rs" 96 33 96 46] old_v <- ([#"../03_std_iterators.rs" 96 33 96 46] Ghost.new slice); goto BB2 } BB2 { assert { [@expl:type invariant] inv0 old_v }; assume { resolve0 old_v }; - _12 <- ([#"../03_std_iterators.rs" 101 22 101 27] ([#"../03_std_iterators.rs" 101 26 101 27] [#"../03_std_iterators.rs" 101 26 101 27] (2 : usize)) = ([#"../03_std_iterators.rs" 101 22 101 27] [#"../03_std_iterators.rs" 101 22 101 27] (0 : usize))); + [#"../03_std_iterators.rs" 101 22 101 27] _12 <- ([#"../03_std_iterators.rs" 101 22 101 27] ([#"../03_std_iterators.rs" 101 26 101 27] [#"../03_std_iterators.rs" 101 26 101 27] (2 : usize)) = ([#"../03_std_iterators.rs" 101 22 101 27] [#"../03_std_iterators.rs" 101 22 101 27] (0 : usize))); assert { [@expl:division by zero] [#"../03_std_iterators.rs" 101 22 101 27] not _12 }; goto BB3 } BB3 { - _16 <- ([#"../03_std_iterators.rs" 101 36 101 41] ([#"../03_std_iterators.rs" 101 40 101 41] [#"../03_std_iterators.rs" 101 40 101 41] (2 : usize)) = ([#"../03_std_iterators.rs" 101 36 101 41] [#"../03_std_iterators.rs" 101 36 101 41] (0 : usize))); + [#"../03_std_iterators.rs" 101 36 101 41] _16 <- ([#"../03_std_iterators.rs" 101 36 101 41] ([#"../03_std_iterators.rs" 101 40 101 41] [#"../03_std_iterators.rs" 101 40 101 41] (2 : usize)) = ([#"../03_std_iterators.rs" 101 36 101 41] [#"../03_std_iterators.rs" 101 36 101 41] (0 : usize))); assert { [@expl:division by zero] [#"../03_std_iterators.rs" 101 36 101 41] not _16 }; goto BB4 } BB4 { - _8 <- ([#"../03_std_iterators.rs" 101 18 101 42] zip0 ([#"../03_std_iterators.rs" 101 18 101 28] Core_Ops_Range_Range_Type.C_Range ([#"../03_std_iterators.rs" 101 19 101 20] [#"../03_std_iterators.rs" 101 19 101 20] (0 : usize)) ([#"../03_std_iterators.rs" 101 22 101 27] n / ([#"../03_std_iterators.rs" 101 26 101 27] [#"../03_std_iterators.rs" 101 26 101 27] (2 : usize)))) ([#"../03_std_iterators.rs" 101 33 101 41] Core_Ops_Range_Range_Type.C_Range ([#"../03_std_iterators.rs" 101 33 101 34] [#"../03_std_iterators.rs" 101 33 101 34] (0 : usize)) ([#"../03_std_iterators.rs" 101 36 101 41] n / ([#"../03_std_iterators.rs" 101 40 101 41] [#"../03_std_iterators.rs" 101 40 101 41] (2 : usize))))); + [#"../03_std_iterators.rs" 101 18 101 42] _8 <- ([#"../03_std_iterators.rs" 101 18 101 42] zip0 ([#"../03_std_iterators.rs" 101 18 101 28] Core_Ops_Range_Range_Type.C_Range ([#"../03_std_iterators.rs" 101 19 101 20] [#"../03_std_iterators.rs" 101 19 101 20] (0 : usize)) ([#"../03_std_iterators.rs" 101 22 101 27] ([#"../03_std_iterators.rs" 101 22 101 23] n) / ([#"../03_std_iterators.rs" 101 26 101 27] [#"../03_std_iterators.rs" 101 26 101 27] (2 : usize)))) ([#"../03_std_iterators.rs" 101 33 101 41] Core_Ops_Range_Range_Type.C_Range ([#"../03_std_iterators.rs" 101 33 101 34] [#"../03_std_iterators.rs" 101 33 101 34] (0 : usize)) ([#"../03_std_iterators.rs" 101 36 101 41] ([#"../03_std_iterators.rs" 101 36 101 37] n) / ([#"../03_std_iterators.rs" 101 40 101 41] [#"../03_std_iterators.rs" 101 40 101 41] (2 : usize))))); goto BB5 } BB5 { - iter <- ([#"../03_std_iterators.rs" 97 4 97 36] into_iter0 _8); + [#"../03_std_iterators.rs" 97 4 97 36] iter <- ([#"../03_std_iterators.rs" 97 4 97 36] into_iter0 _8); _8 <- any Core_Iter_Adapters_Zip_Zip_Type.t_zip (Core_Ops_Range_Range_Type.t_range usize) (Core_Ops_Range_Range_Type.t_range usize); goto BB6 } BB6 { - iter_old <- ([#"../03_std_iterators.rs" 97 4 97 36] Ghost.new iter); + [#"../03_std_iterators.rs" 97 4 97 36] iter_old <- ([#"../03_std_iterators.rs" 97 4 97 36] Ghost.new iter); goto BB7 } BB7 { - produced <- ([#"../03_std_iterators.rs" 97 4 97 36] Ghost.new (Seq.empty )); + [#"../03_std_iterators.rs" 97 4 97 36] produced <- ([#"../03_std_iterators.rs" 97 4 97 36] Ghost.new (Seq.empty )); goto BB8 } BB8 { @@ -3051,11 +3056,11 @@ module C03StdIterators_MyReverse goto BB10 } BB10 { - _30 <- Borrow.borrow_mut iter; - iter <- ^ _30; - _29 <- Borrow.borrow_mut ( * _30); - _30 <- { _30 with current = ^ _29 }; - _28 <- ([#"../03_std_iterators.rs" 97 4 97 36] next0 _29); + [#"../03_std_iterators.rs" 97 4 97 36] _30 <- Borrow.borrow_mut iter; + [#"../03_std_iterators.rs" 97 4 97 36] iter <- ^ _30; + [#"../03_std_iterators.rs" 97 4 97 36] _29 <- Borrow.borrow_mut ( * _30); + [#"../03_std_iterators.rs" 97 4 97 36] _30 <- { _30 with current = ^ _29 }; + [#"../03_std_iterators.rs" 97 4 97 36] _28 <- ([#"../03_std_iterators.rs" 97 4 97 36] next0 _29); _29 <- any borrowed (Core_Iter_Adapters_Zip_Zip_Type.t_zip (Core_Ops_Range_Range_Type.t_range usize) (Core_Ops_Range_Range_Type.t_range usize)); goto BB11 } @@ -3069,7 +3074,7 @@ module C03StdIterators_MyReverse BB12 { assert { [@expl:type invariant] inv3 slice }; assume { resolve3 slice }; - _0 <- ([#"../03_std_iterators.rs" 97 4 97 36] ()); + [#"../03_std_iterators.rs" 97 4 97 36] _0 <- ([#"../03_std_iterators.rs" 97 4 97 36] ()); return _0 } BB13 { @@ -3078,23 +3083,24 @@ module C03StdIterators_MyReverse BB14 { assert { [@expl:type invariant] inv3 slice }; assume { resolve3 slice }; + assert { [#"../03_std_iterators.rs" 97 4 97 36] false }; absurd } BB15 { - __creusot_proc_iter_elem <- Core_Option_Option_Type.some_0 _28; - _33 <- ([#"../03_std_iterators.rs" 97 4 97 36] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _28); + [#"../03_std_iterators.rs" 97 4 97 36] _33 <- ([#"../03_std_iterators.rs" 97 4 97 36] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); goto BB16 } BB16 { - produced <- _33; - _33 <- any Ghost.ghost_ty (Seq.seq (usize, usize)); - i <- (let (a, _) = __creusot_proc_iter_elem in a); - j <- (let (_, a) = __creusot_proc_iter_elem in a); + [#"../03_std_iterators.rs" 97 4 97 36] produced <- ([#"../03_std_iterators.rs" 97 4 97 36] _33); + [#"../03_std_iterators.rs" 97 4 97 36] _33 <- any Ghost.ghost_ty (Seq.seq (usize, usize)); + [#"../03_std_iterators.rs" 101 9 101 10] i <- ([#"../03_std_iterators.rs" 101 9 101 10] let (a, _) = __creusot_proc_iter_elem in a); + [#"../03_std_iterators.rs" 101 12 101 13] j <- ([#"../03_std_iterators.rs" 101 12 101 13] let (_, a) = __creusot_proc_iter_elem in a); assume { resolve2 __creusot_proc_iter_elem }; - _38 <- Borrow.borrow_mut ( * slice); - slice <- { slice with current = ^ _38 }; + [#"../03_std_iterators.rs" 102 8 102 32] _38 <- Borrow.borrow_mut ( * slice); + [#"../03_std_iterators.rs" 102 8 102 32] slice <- { slice with current = ^ _38 }; assume { inv2 ( ^ _38) }; - _37 <- ([#"../03_std_iterators.rs" 102 8 102 32] swap0 _38 i ([#"../03_std_iterators.rs" 102 22 102 31] ([#"../03_std_iterators.rs" 102 22 102 27] n - j) - ([#"../03_std_iterators.rs" 102 30 102 31] [#"../03_std_iterators.rs" 102 30 102 31] (1 : usize)))); + [#"../03_std_iterators.rs" 102 8 102 32] _37 <- ([#"../03_std_iterators.rs" 102 8 102 32] swap0 _38 ([#"../03_std_iterators.rs" 102 19 102 20] i) ([#"../03_std_iterators.rs" 102 22 102 31] ([#"../03_std_iterators.rs" 102 22 102 27] ([#"../03_std_iterators.rs" 102 22 102 23] n) - ([#"../03_std_iterators.rs" 102 26 102 27] j)) - ([#"../03_std_iterators.rs" 102 30 102 31] [#"../03_std_iterators.rs" 102 30 102 31] (1 : usize)))); _38 <- any borrowed (slice t); goto BB17 } diff --git a/creusot/tests/should_succeed/iterators/04_skip.mlcfg b/creusot/tests/should_succeed/iterators/04_skip.mlcfg index 8770da05bf..e1fd2bb325 100644 --- a/creusot/tests/should_succeed/iterators/04_skip.mlcfg +++ b/creusot/tests/should_succeed/iterators/04_skip.mlcfg @@ -24,7 +24,7 @@ module C04Skip_Impl0_ProducesRefl_Impl val inv2 (_x : i) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../04_skip.rs" 1 0 1 0] forall x : i . inv2 x = true + axiom inv2 : forall x : i . inv2 x = true type item0 use seq.Seq predicate invariant1 (self : Seq.seq item0) @@ -35,7 +35,7 @@ module C04Skip_Impl0_ProducesRefl_Impl val inv1 (_x : Seq.seq item0) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../04_skip.rs" 1 0 1 0] forall x : Seq.seq item0 . inv1 x = true + axiom inv1 : forall x : Seq.seq item0 . inv1 x = true use seq.Seq predicate produces1 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) val produces1 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) : bool @@ -70,7 +70,7 @@ module C04Skip_Impl0_ProducesRefl_Impl val inv0 (_x : C04Skip_Skip_Type.t_skip i) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../04_skip.rs" 1 0 1 0] forall x : C04Skip_Skip_Type.t_skip i . inv0 x = true + axiom inv0 : forall x : C04Skip_Skip_Type.t_skip i . inv0 x = true predicate resolve0 (self : item0) val resolve0 (self : item0) : bool ensures { result = resolve0 self } @@ -103,7 +103,7 @@ module C04Skip_Impl0_ProducesTrans_Impl val inv2 (_x : i) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../04_skip.rs" 1 0 1 0] forall x : i . inv2 x = true + axiom inv2 : forall x : i . inv2 x = true type item0 use seq.Seq use seq.Seq @@ -139,7 +139,7 @@ module C04Skip_Impl0_ProducesTrans_Impl val invariant1 (self : Seq.seq item0) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../04_skip.rs" 1 0 1 0] forall x : Seq.seq item0 . inv1 x = true + axiom inv1 : forall x : Seq.seq item0 . inv1 x = true use C04Skip_Skip_Type as C04Skip_Skip_Type predicate invariant0 (self : C04Skip_Skip_Type.t_skip i) val invariant0 (self : C04Skip_Skip_Type.t_skip i) : bool @@ -149,7 +149,7 @@ module C04Skip_Impl0_ProducesTrans_Impl val inv0 (_x : C04Skip_Skip_Type.t_skip i) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../04_skip.rs" 1 0 1 0] forall x : C04Skip_Skip_Type.t_skip i . inv0 x = true + axiom inv0 : forall x : C04Skip_Skip_Type.t_skip i . inv0 x = true predicate resolve0 (self : item0) val resolve0 (self : item0) : bool ensures { result = resolve0 self } @@ -201,7 +201,7 @@ module C04Skip_Impl0_Next val inv9 (_x : Seq.seq item0) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../04_skip.rs" 1 0 1 0] forall x : Seq.seq item0 . inv9 x = true + axiom inv9 : forall x : Seq.seq item0 . inv9 x = true use prelude.Borrow predicate invariant8 (self : borrowed i) val invariant8 (self : borrowed i) : bool @@ -211,7 +211,7 @@ module C04Skip_Impl0_Next val inv8 (_x : borrowed i) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../04_skip.rs" 1 0 1 0] forall x : borrowed i . inv8 x = true + axiom inv8 : forall x : borrowed i . inv8 x = true use prelude.UIntSize predicate invariant7 (self : usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -222,7 +222,7 @@ module C04Skip_Impl0_Next val inv7 (_x : usize) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../04_skip.rs" 1 0 1 0] forall x : usize . inv7 x = true + axiom inv7 : forall x : usize . inv7 x = true predicate invariant6 (self : borrowed usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant6 (self : borrowed usize) : bool @@ -232,7 +232,7 @@ module C04Skip_Impl0_Next val inv6 (_x : borrowed usize) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../04_skip.rs" 1 0 1 0] forall x : borrowed usize . inv6 x = true + axiom inv6 : forall x : borrowed usize . inv6 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant5 (self : Core_Option_Option_Type.t_option item0) val invariant5 (self : Core_Option_Option_Type.t_option item0) : bool @@ -242,7 +242,7 @@ module C04Skip_Impl0_Next val inv5 (_x : Core_Option_Option_Type.t_option item0) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../04_skip.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option item0 . inv5 x = true + axiom inv5 : forall x : Core_Option_Option_Type.t_option item0 . inv5 x = true predicate invariant4 (self : item0) val invariant4 (self : item0) : bool ensures { result = invariant4 self } @@ -251,7 +251,7 @@ module C04Skip_Impl0_Next val inv4 (_x : item0) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../04_skip.rs" 1 0 1 0] forall x : item0 . inv4 x = true + axiom inv4 : forall x : item0 . inv4 x = true predicate invariant3 (self : i) val invariant3 (self : i) : bool ensures { result = invariant3 self } @@ -260,7 +260,7 @@ module C04Skip_Impl0_Next val inv3 (_x : i) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../04_skip.rs" 1 0 1 0] forall x : i . inv3 x = true + axiom inv3 : forall x : i . inv3 x = true use C04Skip_Skip_Type as C04Skip_Skip_Type predicate invariant2 (self : borrowed (C04Skip_Skip_Type.t_skip i)) val invariant2 (self : borrowed (C04Skip_Skip_Type.t_skip i)) : bool @@ -270,7 +270,7 @@ module C04Skip_Impl0_Next val inv2 (_x : borrowed (C04Skip_Skip_Type.t_skip i)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../04_skip.rs" 1 0 1 0] forall x : borrowed (C04Skip_Skip_Type.t_skip i) . inv2 x = true + axiom inv2 : forall x : borrowed (C04Skip_Skip_Type.t_skip i) . inv2 x = true use seq.Seq predicate produces0 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) val produces0 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) : bool @@ -305,7 +305,7 @@ module C04Skip_Impl0_Next val inv1 (_x : Ghost.ghost_ty (Seq.seq item0)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../04_skip.rs" 1 0 1 0] forall x : Ghost.ghost_ty (Seq.seq item0) . inv1 x = true + axiom inv1 : forall x : Ghost.ghost_ty (Seq.seq item0) . inv1 x = true predicate invariant0 (self : Ghost.ghost_ty (borrowed (C04Skip_Skip_Type.t_skip i))) val invariant0 (self : Ghost.ghost_ty (borrowed (C04Skip_Skip_Type.t_skip i))) : bool ensures { result = invariant0 self } @@ -314,7 +314,7 @@ module C04Skip_Impl0_Next val inv0 (_x : Ghost.ghost_ty (borrowed (C04Skip_Skip_Type.t_skip i))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../04_skip.rs" 1 0 1 0] forall x : Ghost.ghost_ty (borrowed (C04Skip_Skip_Type.t_skip i)) . inv0 x = true + axiom inv0 : forall x : Ghost.ghost_ty (borrowed (C04Skip_Skip_Type.t_skip i)) . inv0 x = true predicate resolve3 (self : item0) val resolve3 (self : item0) : bool ensures { result = resolve3 self } @@ -415,23 +415,23 @@ module C04Skip_Impl0_Next goto BB0 } BB0 { - old_self <- ([#"../04_skip.rs" 64 23 64 35] Ghost.new self); + [#"../04_skip.rs" 64 23 64 35] old_self <- ([#"../04_skip.rs" 64 23 64 35] Ghost.new self); goto BB1 } BB1 { assert { [@expl:type invariant] inv0 old_self }; assume { resolve0 old_self }; - _7 <- Borrow.borrow_mut (C04Skip_Skip_Type.skip_n ( * self)); - self <- { self with current = (let C04Skip_Skip_Type.C_Skip x0 x1 = * self in C04Skip_Skip_Type.C_Skip x0 ( ^ _7)) }; - _6 <- Borrow.borrow_mut ( * _7); - _7 <- { _7 with current = ^ _6 }; - n <- ([#"../04_skip.rs" 65 20 65 47] take0 _6); + [#"../04_skip.rs" 65 35 65 46] _7 <- Borrow.borrow_mut (C04Skip_Skip_Type.skip_n ( * self)); + [#"../04_skip.rs" 65 35 65 46] self <- { self with current = (let C04Skip_Skip_Type.C_Skip x0 x1 = * self in C04Skip_Skip_Type.C_Skip x0 ( ^ _7)) }; + [#"../04_skip.rs" 65 35 65 46] _6 <- Borrow.borrow_mut ( * _7); + [#"../04_skip.rs" 65 35 65 46] _7 <- { _7 with current = ^ _6 }; + [#"../04_skip.rs" 65 20 65 47] n <- ([#"../04_skip.rs" 65 20 65 47] take0 _6); _6 <- any borrowed usize; goto BB2 } BB2 { assume { resolve1 _7 }; - skipped <- ([#"../04_skip.rs" 66 26 66 44] Ghost.new (Seq.empty )); + [#"../04_skip.rs" 66 26 66 44] skipped <- ([#"../04_skip.rs" 66 26 66 44] Ghost.new (Seq.empty )); goto BB3 } BB3 { @@ -448,15 +448,15 @@ module C04Skip_Impl0_Next goto BB5 } BB5 { - _18 <- Borrow.borrow_mut (C04Skip_Skip_Type.skip_iter ( * self)); - self <- { self with current = (let C04Skip_Skip_Type.C_Skip x0 x1 = * self in C04Skip_Skip_Type.C_Skip ( ^ _18) x1) }; + [#"../04_skip.rs" 73 20 73 36] _18 <- Borrow.borrow_mut (C04Skip_Skip_Type.skip_iter ( * self)); + [#"../04_skip.rs" 73 20 73 36] self <- { self with current = (let C04Skip_Skip_Type.C_Skip x0 x1 = * self in C04Skip_Skip_Type.C_Skip ( ^ _18) x1) }; assume { inv3 ( ^ _18) }; - r <- ([#"../04_skip.rs" 73 20 73 36] next0 _18); + [#"../04_skip.rs" 73 20 73 36] r <- ([#"../04_skip.rs" 73 20 73 36] next0 _18); _18 <- any borrowed i; goto BB6 } BB6 { - switch ([#"../04_skip.rs" 74 15 74 21] n = ([#"../04_skip.rs" 74 20 74 21] [#"../04_skip.rs" 74 20 74 21] (0 : usize))) + switch ([#"../04_skip.rs" 74 15 74 21] ([#"../04_skip.rs" 74 15 74 16] n) = ([#"../04_skip.rs" 74 20 74 21] [#"../04_skip.rs" 74 20 74 21] (0 : usize))) | False -> goto BB8 | True -> goto BB7 end @@ -464,8 +464,8 @@ module C04Skip_Impl0_Next BB7 { assert { [@expl:type invariant] inv2 self }; assume { resolve5 self }; - _0 <- r; - r <- any Core_Option_Option_Type.t_option item0; + [#"../04_skip.rs" 75 23 75 24] _0 <- ([#"../04_skip.rs" 75 23 75 24] r); + [#"../04_skip.rs" 75 23 75 24] r <- any Core_Option_Option_Type.t_option item0; goto BB15 } BB8 { @@ -477,29 +477,29 @@ module C04Skip_Impl0_Next BB9 { assert { [@expl:type invariant] inv2 self }; assume { resolve5 self }; - _0 <- r; - r <- any Core_Option_Option_Type.t_option item0; + [#"../04_skip.rs" 81 23 81 24] _0 <- ([#"../04_skip.rs" 81 23 81 24] r); + [#"../04_skip.rs" 81 23 81 24] r <- any Core_Option_Option_Type.t_option item0; goto BB15 } BB10 { goto BB11 } BB11 { - x <- Core_Option_Option_Type.some_0 r; - r <- (let Core_Option_Option_Type.C_Some x0 = r in Core_Option_Option_Type.C_Some (any item0)); + [#"../04_skip.rs" 77 24 77 25] x <- ([#"../04_skip.rs" 77 24 77 25] Core_Option_Option_Type.some_0 r); + [#"../04_skip.rs" 77 24 77 25] r <- (let Core_Option_Option_Type.C_Some x0 = r in Core_Option_Option_Type.C_Some (any item0)); assert { [@expl:type invariant] inv4 x }; assume { resolve3 x }; assert { [@expl:type invariant] inv5 r }; assume { resolve4 r }; - _25 <- ([#"../04_skip.rs" 78 26 78 67] Ghost.new (Seq.(++) (Ghost.inner skipped) (Seq.singleton x))); + [#"../04_skip.rs" 78 26 78 67] _25 <- ([#"../04_skip.rs" 78 26 78 67] Ghost.new (Seq.(++) (Ghost.inner skipped) (Seq.singleton x))); goto BB12 } BB12 { - skipped <- _25; - _25 <- any Ghost.ghost_ty (Seq.seq item0); + [#"../04_skip.rs" 78 16 78 67] skipped <- ([#"../04_skip.rs" 78 16 78 67] _25); + [#"../04_skip.rs" 78 16 78 67] _25 <- any Ghost.ghost_ty (Seq.seq item0); assert { [@expl:type invariant] inv1 skipped }; assume { resolve2 skipped }; - n <- ([#"../04_skip.rs" 79 16 79 22] n - ([#"../04_skip.rs" 79 21 79 22] [#"../04_skip.rs" 79 21 79 22] (1 : usize))); + [#"../04_skip.rs" 79 16 79 22] n <- ([#"../04_skip.rs" 79 16 79 22] n - ([#"../04_skip.rs" 79 21 79 22] [#"../04_skip.rs" 79 21 79 22] (1 : usize))); goto BB13 } BB13 { @@ -527,7 +527,7 @@ module C04Skip_Impl0 val inv4 (_x : borrowed i) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../04_skip.rs" 1 0 1 0] forall x : borrowed i . inv4 x = true + axiom inv4 : forall x : borrowed i . inv4 x = true type item0 use seq.Seq predicate invariant3 (self : Seq.seq item0) @@ -538,7 +538,7 @@ module C04Skip_Impl0 val inv3 (_x : Seq.seq item0) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../04_skip.rs" 1 0 1 0] forall x : Seq.seq item0 . inv3 x = true + axiom inv3 : forall x : Seq.seq item0 . inv3 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant2 (self : Core_Option_Option_Type.t_option item0) val invariant2 (self : Core_Option_Option_Type.t_option item0) : bool @@ -548,7 +548,7 @@ module C04Skip_Impl0 val inv2 (_x : Core_Option_Option_Type.t_option item0) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../04_skip.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option item0 . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option item0 . inv2 x = true use C04Skip_Skip_Type as C04Skip_Skip_Type predicate invariant1 (self : borrowed (C04Skip_Skip_Type.t_skip i)) val invariant1 (self : borrowed (C04Skip_Skip_Type.t_skip i)) : bool @@ -558,7 +558,7 @@ module C04Skip_Impl0 val inv1 (_x : borrowed (C04Skip_Skip_Type.t_skip i)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../04_skip.rs" 1 0 1 0] forall x : borrowed (C04Skip_Skip_Type.t_skip i) . inv1 x = true + axiom inv1 : forall x : borrowed (C04Skip_Skip_Type.t_skip i) . inv1 x = true predicate invariant0 (self : C04Skip_Skip_Type.t_skip i) val invariant0 (self : C04Skip_Skip_Type.t_skip i) : bool ensures { result = invariant0 self } @@ -567,7 +567,7 @@ module C04Skip_Impl0 val inv0 (_x : C04Skip_Skip_Type.t_skip i) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../04_skip.rs" 1 0 1 0] forall x : C04Skip_Skip_Type.t_skip i . inv0 x = true + axiom inv0 : forall x : C04Skip_Skip_Type.t_skip i . inv0 x = true use seq.Seq use seq.Seq predicate completed1 [#"../common.rs" 11 4 11 36] (self : borrowed i) diff --git a/creusot/tests/should_succeed/iterators/05_map.mlcfg b/creusot/tests/should_succeed/iterators/05_map.mlcfg index ceb02ceb81..aa8f490f77 100644 --- a/creusot/tests/should_succeed/iterators/05_map.mlcfg +++ b/creusot/tests/should_succeed/iterators/05_map.mlcfg @@ -25,7 +25,7 @@ module C05Map_Impl0_ProducesRefl_Impl val inv9 (_x : item0) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../05_map.rs" 1 0 1 0] forall x : item0 . inv9 x = true + axiom inv9 : forall x : item0 . inv9 x = true use prelude.Borrow predicate invariant8 (self : borrowed i) val invariant8 (self : borrowed i) : bool @@ -35,7 +35,7 @@ module C05Map_Impl0_ProducesRefl_Impl val inv8 (_x : borrowed i) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../05_map.rs" 1 0 1 0] forall x : borrowed i . inv8 x = true + axiom inv8 : forall x : borrowed i . inv8 x = true predicate invariant7 (self : b) val invariant7 (self : b) : bool ensures { result = invariant7 self } @@ -44,7 +44,7 @@ module C05Map_Impl0_ProducesRefl_Impl val inv7 (_x : b) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../05_map.rs" 1 0 1 0] forall x : b . inv7 x = true + axiom inv7 : forall x : b . inv7 x = true predicate invariant6 (self : item0) val invariant6 (self : item0) : bool ensures { result = invariant6 self } @@ -53,7 +53,7 @@ module C05Map_Impl0_ProducesRefl_Impl val inv6 (_x : item0) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../05_map.rs" 1 0 1 0] forall x : item0 . inv6 x = true + axiom inv6 : forall x : item0 . inv6 x = true predicate invariant5 (self : borrowed f) val invariant5 (self : borrowed f) : bool ensures { result = invariant5 self } @@ -62,7 +62,7 @@ module C05Map_Impl0_ProducesRefl_Impl val inv5 (_x : borrowed f) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../05_map.rs" 1 0 1 0] forall x : borrowed f . inv5 x = true + axiom inv5 : forall x : borrowed f . inv5 x = true predicate invariant4 (self : f) val invariant4 (self : f) : bool ensures { result = invariant4 self } @@ -71,7 +71,7 @@ module C05Map_Impl0_ProducesRefl_Impl val inv4 (_x : f) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../05_map.rs" 1 0 1 0] forall x : f . inv4 x = true + axiom inv4 : forall x : f . inv4 x = true predicate invariant3 (self : i) val invariant3 (self : i) : bool ensures { result = invariant3 self } @@ -80,7 +80,7 @@ module C05Map_Impl0_ProducesRefl_Impl val inv3 (_x : i) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../05_map.rs" 1 0 1 0] forall x : i . inv3 x = true + axiom inv3 : forall x : i . inv3 x = true use seq.Seq predicate invariant2 (self : Seq.seq (borrowed f)) val invariant2 (self : Seq.seq (borrowed f)) : bool @@ -90,7 +90,7 @@ module C05Map_Impl0_ProducesRefl_Impl val inv2 (_x : Seq.seq (borrowed f)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../05_map.rs" 1 0 1 0] forall x : Seq.seq (borrowed f) . inv2 x = true + axiom inv2 : forall x : Seq.seq (borrowed f) . inv2 x = true predicate invariant1 (self : Seq.seq item0) val invariant1 (self : Seq.seq item0) : bool ensures { result = invariant1 self } @@ -99,7 +99,7 @@ module C05Map_Impl0_ProducesRefl_Impl val inv1 (_x : Seq.seq item0) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../05_map.rs" 1 0 1 0] forall x : Seq.seq item0 . inv1 x = true + axiom inv1 : forall x : Seq.seq item0 . inv1 x = true use seq.Seq predicate produces1 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) val produces1 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) : bool @@ -209,7 +209,7 @@ module C05Map_Impl0_ProducesRefl_Impl val inv0 (_x : C05Map_Map_Type.t_map i b f) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../05_map.rs" 1 0 1 0] forall x : C05Map_Map_Type.t_map i b f . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : C05Map_Map_Type.t_map i b f . inv0 x = (invariant0 x /\ match x with | C05Map_Map_Type.C_Map iter func -> true end) use seq.Seq @@ -251,7 +251,7 @@ module C05Map_Impl0_ProducesTrans_Impl val inv10 (_x : item0) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../05_map.rs" 1 0 1 0] forall x : item0 . inv10 x = true + axiom inv10 : forall x : item0 . inv10 x = true use prelude.Borrow predicate invariant9 (self : borrowed i) val invariant9 (self : borrowed i) : bool @@ -261,7 +261,7 @@ module C05Map_Impl0_ProducesTrans_Impl val inv9 (_x : borrowed i) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../05_map.rs" 1 0 1 0] forall x : borrowed i . inv9 x = true + axiom inv9 : forall x : borrowed i . inv9 x = true predicate invariant8 (self : b) val invariant8 (self : b) : bool ensures { result = invariant8 self } @@ -270,7 +270,7 @@ module C05Map_Impl0_ProducesTrans_Impl val inv8 (_x : b) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../05_map.rs" 1 0 1 0] forall x : b . inv8 x = true + axiom inv8 : forall x : b . inv8 x = true predicate invariant7 (self : item0) val invariant7 (self : item0) : bool ensures { result = invariant7 self } @@ -279,7 +279,7 @@ module C05Map_Impl0_ProducesTrans_Impl val inv7 (_x : item0) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../05_map.rs" 1 0 1 0] forall x : item0 . inv7 x = true + axiom inv7 : forall x : item0 . inv7 x = true predicate invariant6 (self : borrowed f) val invariant6 (self : borrowed f) : bool ensures { result = invariant6 self } @@ -288,7 +288,7 @@ module C05Map_Impl0_ProducesTrans_Impl val inv6 (_x : borrowed f) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../05_map.rs" 1 0 1 0] forall x : borrowed f . inv6 x = true + axiom inv6 : forall x : borrowed f . inv6 x = true predicate invariant5 (self : f) val invariant5 (self : f) : bool ensures { result = invariant5 self } @@ -297,7 +297,7 @@ module C05Map_Impl0_ProducesTrans_Impl val inv5 (_x : f) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../05_map.rs" 1 0 1 0] forall x : f . inv5 x = true + axiom inv5 : forall x : f . inv5 x = true predicate invariant4 (self : i) val invariant4 (self : i) : bool ensures { result = invariant4 self } @@ -306,7 +306,7 @@ module C05Map_Impl0_ProducesTrans_Impl val inv4 (_x : i) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../05_map.rs" 1 0 1 0] forall x : i . inv4 x = true + axiom inv4 : forall x : i . inv4 x = true use seq.Seq predicate invariant3 (self : Seq.seq (borrowed f)) val invariant3 (self : Seq.seq (borrowed f)) : bool @@ -316,7 +316,7 @@ module C05Map_Impl0_ProducesTrans_Impl val inv3 (_x : Seq.seq (borrowed f)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../05_map.rs" 1 0 1 0] forall x : Seq.seq (borrowed f) . inv3 x = true + axiom inv3 : forall x : Seq.seq (borrowed f) . inv3 x = true predicate invariant2 (self : Seq.seq item0) val invariant2 (self : Seq.seq item0) : bool ensures { result = invariant2 self } @@ -325,7 +325,7 @@ module C05Map_Impl0_ProducesTrans_Impl val inv2 (_x : Seq.seq item0) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../05_map.rs" 1 0 1 0] forall x : Seq.seq item0 . inv2 x = true + axiom inv2 : forall x : Seq.seq item0 . inv2 x = true use seq.Seq predicate produces1 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) val produces1 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) : bool @@ -408,7 +408,7 @@ module C05Map_Impl0_ProducesTrans_Impl val inv1 (_x : Seq.seq b) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../05_map.rs" 1 0 1 0] forall x : Seq.seq b . inv1 x = true + axiom inv1 : forall x : Seq.seq b . inv1 x = true predicate precondition0 (self : f) (_2 : item0) val precondition0 (self : f) (_2 : item0) : bool ensures { result = precondition0 self _2 } @@ -444,7 +444,7 @@ module C05Map_Impl0_ProducesTrans_Impl val inv0 (_x : C05Map_Map_Type.t_map i b f) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../05_map.rs" 1 0 1 0] forall x : C05Map_Map_Type.t_map i b f . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : C05Map_Map_Type.t_map i b f . inv0 x = (invariant0 x /\ match x with | C05Map_Map_Type.C_Map iter func -> true end) use seq.Seq @@ -503,7 +503,7 @@ module C05Map_Impl1_ProducesOne_Impl val inv10 (_x : borrowed i) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../05_map.rs" 1 0 1 0] forall x : borrowed i . inv10 x = true + axiom inv10 : forall x : borrowed i . inv10 x = true type item0 predicate invariant9 (self : item0) val invariant9 (self : item0) : bool @@ -513,7 +513,7 @@ module C05Map_Impl1_ProducesOne_Impl val inv9 (_x : item0) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../05_map.rs" 1 0 1 0] forall x : item0 . inv9 x = true + axiom inv9 : forall x : item0 . inv9 x = true use seq.Seq predicate invariant8 (self : Seq.seq b) val invariant8 (self : Seq.seq b) : bool @@ -523,7 +523,7 @@ module C05Map_Impl1_ProducesOne_Impl val inv8 (_x : Seq.seq b) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../05_map.rs" 1 0 1 0] forall x : Seq.seq b . inv8 x = true + axiom inv8 : forall x : Seq.seq b . inv8 x = true predicate invariant7 (self : f) val invariant7 (self : f) : bool ensures { result = invariant7 self } @@ -532,7 +532,7 @@ module C05Map_Impl1_ProducesOne_Impl val inv7 (_x : f) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../05_map.rs" 1 0 1 0] forall x : f . inv7 x = true + axiom inv7 : forall x : f . inv7 x = true predicate invariant6 (self : i) val invariant6 (self : i) : bool ensures { result = invariant6 self } @@ -541,7 +541,7 @@ module C05Map_Impl1_ProducesOne_Impl val inv6 (_x : i) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../05_map.rs" 1 0 1 0] forall x : i . inv6 x = true + axiom inv6 : forall x : i . inv6 x = true predicate invariant5 (self : Seq.seq (borrowed f)) val invariant5 (self : Seq.seq (borrowed f)) : bool ensures { result = invariant5 self } @@ -550,7 +550,7 @@ module C05Map_Impl1_ProducesOne_Impl val inv5 (_x : Seq.seq (borrowed f)) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../05_map.rs" 1 0 1 0] forall x : Seq.seq (borrowed f) . inv5 x = true + axiom inv5 : forall x : Seq.seq (borrowed f) . inv5 x = true predicate invariant4 (self : Seq.seq item0) val invariant4 (self : Seq.seq item0) : bool ensures { result = invariant4 self } @@ -559,7 +559,7 @@ module C05Map_Impl1_ProducesOne_Impl val inv4 (_x : Seq.seq item0) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../05_map.rs" 1 0 1 0] forall x : Seq.seq item0 . inv4 x = true + axiom inv4 : forall x : Seq.seq item0 . inv4 x = true predicate resolve0 (self : f) val resolve0 (self : f) : bool ensures { result = resolve0 self } @@ -625,7 +625,7 @@ module C05Map_Impl1_ProducesOne_Impl val inv3 (_x : item0) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../05_map.rs" 1 0 1 0] forall x : item0 . inv3 x = true + axiom inv3 : forall x : item0 . inv3 x = true use seq.Seq predicate produces1 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) val produces1 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) : bool @@ -655,7 +655,7 @@ module C05Map_Impl1_ProducesOne_Impl val invariant2 (self : borrowed f) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../05_map.rs" 1 0 1 0] forall x : borrowed f . inv2 x = true + axiom inv2 : forall x : borrowed f . inv2 x = true use C05Map_Map_Type as C05Map_Map_Type use seq.Seq predicate inv0 (_x : C05Map_Map_Type.t_map i b f) @@ -711,7 +711,7 @@ module C05Map_Impl1_ProducesOne_Impl val invariant1 (self : b) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../05_map.rs" 1 0 1 0] forall x : b . inv1 x = true + axiom inv1 : forall x : b . inv1 x = true use seq.Seq predicate next_precondition0 [#"../05_map.rs" 74 4 74 50] (iter : i) (func : f) = [#"../05_map.rs" 75 8 77 9] forall i : i . forall e : item0 . inv6 i -> inv3 e -> produces1 iter (Seq.singleton e) i -> precondition0 func (e) @@ -738,7 +738,7 @@ module C05Map_Impl1_ProducesOne_Impl val invariant0 [#"../05_map.rs" 131 4 131 30] (self : C05Map_Map_Type.t_map i b f) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../05_map.rs" 1 0 1 0] forall x : C05Map_Map_Type.t_map i b f . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : C05Map_Map_Type.t_map i b f . inv0 x = (invariant0 x /\ match x with | C05Map_Map_Type.C_Map iter func -> true end) use seq.Seq @@ -764,7 +764,7 @@ module C05Map_Impl1_ProducesOneInvariant_Impl val inv8 (_x : borrowed i) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../05_map.rs" 1 0 1 0] forall x : borrowed i . inv8 x = true + axiom inv8 : forall x : borrowed i . inv8 x = true predicate invariant7 (self : f) val invariant7 (self : f) : bool ensures { result = invariant7 self } @@ -773,7 +773,7 @@ module C05Map_Impl1_ProducesOneInvariant_Impl val inv7 (_x : f) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../05_map.rs" 1 0 1 0] forall x : f . inv7 x = true + axiom inv7 : forall x : f . inv7 x = true type item0 predicate invariant6 (self : item0) val invariant6 (self : item0) : bool @@ -783,7 +783,7 @@ module C05Map_Impl1_ProducesOneInvariant_Impl val inv6 (_x : item0) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../05_map.rs" 1 0 1 0] forall x : item0 . inv6 x = true + axiom inv6 : forall x : item0 . inv6 x = true use seq.Seq predicate invariant5 (self : Seq.seq item0) val invariant5 (self : Seq.seq item0) : bool @@ -793,7 +793,7 @@ module C05Map_Impl1_ProducesOneInvariant_Impl val inv5 (_x : Seq.seq item0) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../05_map.rs" 1 0 1 0] forall x : Seq.seq item0 . inv5 x = true + axiom inv5 : forall x : Seq.seq item0 . inv5 x = true predicate invariant4 (self : i) val invariant4 (self : i) : bool ensures { result = invariant4 self } @@ -802,7 +802,7 @@ module C05Map_Impl1_ProducesOneInvariant_Impl val inv4 (_x : i) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../05_map.rs" 1 0 1 0] forall x : i . inv4 x = true + axiom inv4 : forall x : i . inv4 x = true predicate invariant3 (self : borrowed f) val invariant3 (self : borrowed f) : bool ensures { result = invariant3 self } @@ -811,7 +811,7 @@ module C05Map_Impl1_ProducesOneInvariant_Impl val inv3 (_x : borrowed f) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../05_map.rs" 1 0 1 0] forall x : borrowed f . inv3 x = true + axiom inv3 : forall x : borrowed f . inv3 x = true predicate invariant2 (self : b) val invariant2 (self : b) : bool ensures { result = invariant2 self } @@ -820,7 +820,7 @@ module C05Map_Impl1_ProducesOneInvariant_Impl val inv2 (_x : b) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../05_map.rs" 1 0 1 0] forall x : b . inv2 x = true + axiom inv2 : forall x : b . inv2 x = true predicate invariant1 (self : item0) val invariant1 (self : item0) : bool ensures { result = invariant1 self } @@ -829,7 +829,7 @@ module C05Map_Impl1_ProducesOneInvariant_Impl val inv1 (_x : item0) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../05_map.rs" 1 0 1 0] forall x : item0 . inv1 x = true + axiom inv1 : forall x : item0 . inv1 x = true predicate precondition0 (self : f) (_2 : item0) val precondition0 (self : f) (_2 : item0) : bool ensures { result = precondition0 self _2 } @@ -877,7 +877,7 @@ module C05Map_Impl1_ProducesOneInvariant_Impl val inv0 (_x : C05Map_Map_Type.t_map i b f) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../05_map.rs" 1 0 1 0] forall x : C05Map_Map_Type.t_map i b f . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : C05Map_Map_Type.t_map i b f . inv0 x = (invariant0 x /\ match x with | C05Map_Map_Type.C_Map iter func -> true end) predicate resolve0 (self : f) @@ -971,7 +971,7 @@ module C05Map_Impl0_Next val inv12 (_x : Seq.seq (borrowed f)) : bool ensures { result = inv12 _x } - axiom inv12 : [#"../05_map.rs" 1 0 1 0] forall x : Seq.seq (borrowed f) . inv12 x = true + axiom inv12 : forall x : Seq.seq (borrowed f) . inv12 x = true type item0 predicate invariant11 (self : item0) val invariant11 (self : item0) : bool @@ -981,7 +981,7 @@ module C05Map_Impl0_Next val inv11 (_x : item0) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../05_map.rs" 1 0 1 0] forall x : item0 . inv11 x = true + axiom inv11 : forall x : item0 . inv11 x = true predicate invariant10 (self : Seq.seq item0) val invariant10 (self : Seq.seq item0) : bool ensures { result = invariant10 self } @@ -990,7 +990,7 @@ module C05Map_Impl0_Next val inv10 (_x : Seq.seq item0) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../05_map.rs" 1 0 1 0] forall x : Seq.seq item0 . inv10 x = true + axiom inv10 : forall x : Seq.seq item0 . inv10 x = true predicate invariant9 (self : borrowed f) val invariant9 (self : borrowed f) : bool ensures { result = invariant9 self } @@ -999,7 +999,7 @@ module C05Map_Impl0_Next val inv9 (_x : borrowed f) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../05_map.rs" 1 0 1 0] forall x : borrowed f . inv9 x = true + axiom inv9 : forall x : borrowed f . inv9 x = true predicate invariant8 (self : b) val invariant8 (self : b) : bool ensures { result = invariant8 self } @@ -1008,7 +1008,7 @@ module C05Map_Impl0_Next val inv8 (_x : b) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../05_map.rs" 1 0 1 0] forall x : b . inv8 x = true + axiom inv8 : forall x : b . inv8 x = true predicate invariant7 (self : item0) val invariant7 (self : item0) : bool ensures { result = invariant7 self } @@ -1017,7 +1017,7 @@ module C05Map_Impl0_Next val inv7 (_x : item0) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../05_map.rs" 1 0 1 0] forall x : item0 . inv7 x = true + axiom inv7 : forall x : item0 . inv7 x = true predicate inv2 (_x : f) val inv2 (_x : f) : bool ensures { result = inv2 _x } @@ -1077,7 +1077,7 @@ module C05Map_Impl0_Next val inv6 (_x : C05Map_Map_Type.t_map i b f) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../05_map.rs" 1 0 1 0] forall x : C05Map_Map_Type.t_map i b f . inv6 x = (invariant6 x /\ match x with + axiom inv6 : forall x : C05Map_Map_Type.t_map i b f . inv6 x = (invariant6 x /\ match x with | C05Map_Map_Type.C_Map iter func -> true end) predicate resolve3 (self : f) @@ -1125,7 +1125,7 @@ module C05Map_Impl0_Next val invariant5 (self : borrowed i) : bool ensures { result = invariant5 self } - axiom inv5 : [#"../05_map.rs" 1 0 1 0] forall x : borrowed i . inv5 x = true + axiom inv5 : forall x : borrowed i . inv5 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant4 (self : Core_Option_Option_Type.t_option b) val invariant4 (self : Core_Option_Option_Type.t_option b) : bool @@ -1135,7 +1135,7 @@ module C05Map_Impl0_Next val inv4 (_x : Core_Option_Option_Type.t_option b) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../05_map.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option b . inv4 x = true + axiom inv4 : forall x : Core_Option_Option_Type.t_option b . inv4 x = true predicate invariant3 (self : borrowed (C05Map_Map_Type.t_map i b f)) val invariant3 (self : borrowed (C05Map_Map_Type.t_map i b f)) : bool ensures { result = invariant3 self } @@ -1144,12 +1144,12 @@ module C05Map_Impl0_Next val inv3 (_x : borrowed (C05Map_Map_Type.t_map i b f)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../05_map.rs" 1 0 1 0] forall x : borrowed (C05Map_Map_Type.t_map i b f) . inv3 x = (inv6 ( * x) /\ inv6 ( ^ x)) + axiom inv3 : forall x : borrowed (C05Map_Map_Type.t_map i b f) . inv3 x = (inv6 ( * x) /\ inv6 ( ^ x)) predicate invariant2 (self : f) val invariant2 (self : f) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../05_map.rs" 1 0 1 0] forall x : f . inv2 x = true + axiom inv2 : forall x : f . inv2 x = true predicate invariant1 (self : Core_Option_Option_Type.t_option item0) val invariant1 (self : Core_Option_Option_Type.t_option item0) : bool ensures { result = invariant1 self } @@ -1158,7 +1158,7 @@ module C05Map_Impl0_Next val inv1 (_x : Core_Option_Option_Type.t_option item0) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../05_map.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option item0 . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option item0 . inv1 x = true use seq.Seq function produces_trans0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq.seq item0) (b : i) (bc : Seq.seq item0) (c : i) : () @@ -1184,7 +1184,7 @@ module C05Map_Impl0_Next val invariant0 (self : i) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../05_map.rs" 1 0 1 0] forall x : i . inv0 x = true + axiom inv0 : forall x : i . inv0 x = true use seq.Seq use seq.Seq use seq.Seq @@ -1285,10 +1285,10 @@ module C05Map_Impl0_Next goto BB0 } BB0 { - _4 <- Borrow.borrow_mut (C05Map_Map_Type.map_iter ( * self)); - self <- { self with current = (let C05Map_Map_Type.C_Map x0 x1 = * self in C05Map_Map_Type.C_Map ( ^ _4) x1) }; + [#"../05_map.rs" 61 14 61 30] _4 <- Borrow.borrow_mut (C05Map_Map_Type.map_iter ( * self)); + [#"../05_map.rs" 61 14 61 30] self <- { self with current = (let C05Map_Map_Type.C_Map x0 x1 = * self in C05Map_Map_Type.C_Map ( ^ _4) x1) }; assume { inv0 ( ^ _4) }; - _3 <- ([#"../05_map.rs" 61 14 61 30] next0 _4); + [#"../05_map.rs" 61 14 61 30] _3 <- ([#"../05_map.rs" 61 14 61 30] next0 _4); _4 <- any borrowed i; goto BB1 } @@ -1303,7 +1303,7 @@ module C05Map_Impl0_Next assume { resolve0 _3 }; assert { [@expl:type invariant] inv3 self }; assume { resolve2 self }; - _0 <- ([#"../05_map.rs" 67 20 67 24] Core_Option_Option_Type.C_None); + [#"../05_map.rs" 67 20 67 24] _0 <- ([#"../05_map.rs" 67 20 67 24] Core_Option_Option_Type.C_None); goto BB12 } BB3 { @@ -1314,28 +1314,29 @@ module C05Map_Impl0_Next assume { resolve0 _3 }; assert { [@expl:type invariant] inv3 self }; assume { resolve2 self }; + assert { [#"../05_map.rs" 61 14 61 30] false }; absurd } BB5 { - v <- Core_Option_Option_Type.some_0 _3; - _3 <- (let Core_Option_Option_Type.C_Some x0 = _3 in Core_Option_Option_Type.C_Some (any item0)); + [#"../05_map.rs" 62 17 62 18] v <- ([#"../05_map.rs" 62 17 62 18] Core_Option_Option_Type.some_0 _3); + [#"../05_map.rs" 62 17 62 18] _3 <- (let Core_Option_Option_Type.C_Some x0 = _3 in Core_Option_Option_Type.C_Some (any item0)); assert { [@expl:type invariant] inv1 _3 }; assume { resolve0 _3 }; assert { [@expl:assertion] [#"../05_map.rs" 63 16 63 62] precondition0 (C05Map_Map_Type.map_func ( * self)) (v) }; goto BB6 } BB6 { - _9 <- ([#"../05_map.rs" 64 16 64 52] Ghost.new ()); + [#"../05_map.rs" 64 16 64 52] _9 <- ([#"../05_map.rs" 64 16 64 52] Ghost.new ()); goto BB7 } BB7 { assume { resolve1 _9 }; - _12 <- Borrow.borrow_mut (C05Map_Map_Type.map_func ( * self)); - self <- { self with current = (let C05Map_Map_Type.C_Map x0 x1 = * self in C05Map_Map_Type.C_Map x0 ( ^ _12)) }; + [#"../05_map.rs" 65 21 65 32] _12 <- Borrow.borrow_mut (C05Map_Map_Type.map_func ( * self)); + [#"../05_map.rs" 65 21 65 32] self <- { self with current = (let C05Map_Map_Type.C_Map x0 x1 = * self in C05Map_Map_Type.C_Map x0 ( ^ _12)) }; assume { inv2 ( ^ _12) }; - _11 <- ([#"../05_map.rs" 65 21 65 35] call_mut0 _12 ([#"../05_map.rs" 65 21 65 35] (v))); + [#"../05_map.rs" 65 21 65 35] _11 <- ([#"../05_map.rs" 65 21 65 35] call_mut0 _12 ([#"../05_map.rs" 65 21 65 35] (([#"../05_map.rs" 65 33 65 34] v)))); _12 <- any borrowed f; - v <- any item0; + [#"../05_map.rs" 65 33 65 34] v <- any item0; goto BB8 } BB8 { @@ -1344,7 +1345,7 @@ module C05Map_Impl0_Next BB9 { assert { [@expl:type invariant] inv3 self }; assume { resolve2 self }; - _0 <- ([#"../05_map.rs" 65 16 65 36] Core_Option_Option_Type.C_Some _11); + [#"../05_map.rs" 65 16 65 36] _0 <- ([#"../05_map.rs" 65 16 65 36] Core_Option_Option_Type.C_Some _11); _11 <- any b; goto BB10 } @@ -1375,7 +1376,7 @@ module C05Map_Map val inv8 (_x : item0) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../05_map.rs" 1 0 1 0] forall x : item0 . inv8 x = true + axiom inv8 : forall x : item0 . inv8 x = true predicate resolve0 (self : f) val resolve0 (self : f) : bool ensures { result = resolve0 self } @@ -1447,17 +1448,17 @@ module C05Map_Map val inv7 (_x : Seq.seq item0) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../05_map.rs" 1 0 1 0] forall x : Seq.seq item0 . inv7 x = true + axiom inv7 : forall x : Seq.seq item0 . inv7 x = true predicate invariant6 (self : borrowed f) val invariant6 (self : borrowed f) : bool ensures { result = invariant6 self } - axiom inv6 : [#"../05_map.rs" 1 0 1 0] forall x : borrowed f . inv6 x = true + axiom inv6 : forall x : borrowed f . inv6 x = true predicate invariant5 (self : b) val invariant5 (self : b) : bool ensures { result = invariant5 self } - axiom inv5 : [#"../05_map.rs" 1 0 1 0] forall x : b . inv5 x = true + axiom inv5 : forall x : b . inv5 x = true predicate invariant4 (self : borrowed i) val invariant4 (self : borrowed i) : bool ensures { result = invariant4 self } @@ -1466,7 +1467,7 @@ module C05Map_Map val inv4 (_x : borrowed i) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../05_map.rs" 1 0 1 0] forall x : borrowed i . inv4 x = true + axiom inv4 : forall x : borrowed i . inv4 x = true predicate inv0 (_x : i) val inv0 (_x : i) : bool ensures { result = inv0 _x } @@ -1514,24 +1515,24 @@ module C05Map_Map val inv3 (_x : C05Map_Map_Type.t_map i b f) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../05_map.rs" 1 0 1 0] forall x : C05Map_Map_Type.t_map i b f . inv3 x = (invariant3 x /\ match x with + axiom inv3 : forall x : C05Map_Map_Type.t_map i b f . inv3 x = (invariant3 x /\ match x with | C05Map_Map_Type.C_Map iter func -> true end) predicate invariant2 (self : f) val invariant2 (self : f) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../05_map.rs" 1 0 1 0] forall x : f . inv2 x = true + axiom inv2 : forall x : f . inv2 x = true predicate invariant1 (self : item0) val invariant1 (self : item0) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../05_map.rs" 1 0 1 0] forall x : item0 . inv1 x = true + axiom inv1 : forall x : item0 . inv1 x = true predicate invariant0 (self : i) val invariant0 (self : i) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../05_map.rs" 1 0 1 0] forall x : i . inv0 x = true + axiom inv0 : forall x : i . inv0 x = true use seq.Seq function produces_trans0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq.seq item0) (b : i) (bc : Seq.seq item0) (c : i) : () @@ -1579,9 +1580,9 @@ module C05Map_Map goto BB3 } BB3 { - _0 <- ([#"../05_map.rs" 145 4 145 22] C05Map_Map_Type.C_Map iter func); - iter <- any i; - func <- any f; + [#"../05_map.rs" 145 4 145 22] _0 <- ([#"../05_map.rs" 145 4 145 22] C05Map_Map_Type.C_Map ([#"../05_map.rs" 145 10 145 14] iter) ([#"../05_map.rs" 145 16 145 20] func)); + [#"../05_map.rs" 145 10 145 14] iter <- any i; + [#"../05_map.rs" 145 16 145 20] func <- any f; goto BB4 } BB4 { @@ -1611,7 +1612,7 @@ module C05Map_Impl0 val inv11 (_x : borrowed i) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../05_map.rs" 1 0 1 0] forall x : borrowed i . inv11 x = true + axiom inv11 : forall x : borrowed i . inv11 x = true predicate invariant10 (self : f) val invariant10 (self : f) : bool ensures { result = invariant10 self } @@ -1620,7 +1621,7 @@ module C05Map_Impl0 val inv10 (_x : f) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../05_map.rs" 1 0 1 0] forall x : f . inv10 x = true + axiom inv10 : forall x : f . inv10 x = true predicate invariant9 (self : i) val invariant9 (self : i) : bool ensures { result = invariant9 self } @@ -1629,7 +1630,7 @@ module C05Map_Impl0 val inv9 (_x : i) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../05_map.rs" 1 0 1 0] forall x : i . inv9 x = true + axiom inv9 : forall x : i . inv9 x = true type item0 predicate invariant8 (self : item0) val invariant8 (self : item0) : bool @@ -1639,7 +1640,7 @@ module C05Map_Impl0 val inv8 (_x : item0) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../05_map.rs" 1 0 1 0] forall x : item0 . inv8 x = true + axiom inv8 : forall x : item0 . inv8 x = true predicate invariant7 (self : borrowed f) val invariant7 (self : borrowed f) : bool ensures { result = invariant7 self } @@ -1648,7 +1649,7 @@ module C05Map_Impl0 val inv7 (_x : borrowed f) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../05_map.rs" 1 0 1 0] forall x : borrowed f . inv7 x = true + axiom inv7 : forall x : borrowed f . inv7 x = true predicate invariant6 (self : b) val invariant6 (self : b) : bool ensures { result = invariant6 self } @@ -1657,7 +1658,7 @@ module C05Map_Impl0 val inv6 (_x : b) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../05_map.rs" 1 0 1 0] forall x : b . inv6 x = true + axiom inv6 : forall x : b . inv6 x = true use seq.Seq predicate invariant5 (self : Seq.seq (borrowed f)) val invariant5 (self : Seq.seq (borrowed f)) : bool @@ -1667,7 +1668,7 @@ module C05Map_Impl0 val inv5 (_x : Seq.seq (borrowed f)) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../05_map.rs" 1 0 1 0] forall x : Seq.seq (borrowed f) . inv5 x = true + axiom inv5 : forall x : Seq.seq (borrowed f) . inv5 x = true predicate invariant4 (self : Seq.seq item0) val invariant4 (self : Seq.seq item0) : bool ensures { result = invariant4 self } @@ -1676,7 +1677,7 @@ module C05Map_Impl0 val inv4 (_x : Seq.seq item0) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../05_map.rs" 1 0 1 0] forall x : Seq.seq item0 . inv4 x = true + axiom inv4 : forall x : Seq.seq item0 . inv4 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant3 (self : Core_Option_Option_Type.t_option b) val invariant3 (self : Core_Option_Option_Type.t_option b) : bool @@ -1686,7 +1687,7 @@ module C05Map_Impl0 val inv3 (_x : Core_Option_Option_Type.t_option b) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../05_map.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option b . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option b . inv3 x = true use C05Map_Map_Type as C05Map_Map_Type predicate invariant2 (self : borrowed (C05Map_Map_Type.t_map i b f)) val invariant2 (self : borrowed (C05Map_Map_Type.t_map i b f)) : bool @@ -1700,7 +1701,7 @@ module C05Map_Impl0 val inv2 (_x : borrowed (C05Map_Map_Type.t_map i b f)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../05_map.rs" 1 0 1 0] forall x : borrowed (C05Map_Map_Type.t_map i b f) . inv2 x = (inv0 ( * x) /\ inv0 ( ^ x)) + axiom inv2 : forall x : borrowed (C05Map_Map_Type.t_map i b f) . inv2 x = (inv0 ( * x) /\ inv0 ( ^ x)) predicate invariant1 (self : Seq.seq b) val invariant1 (self : Seq.seq b) : bool ensures { result = invariant1 self } @@ -1709,7 +1710,7 @@ module C05Map_Impl0 val inv1 (_x : Seq.seq b) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../05_map.rs" 1 0 1 0] forall x : Seq.seq b . inv1 x = true + axiom inv1 : forall x : Seq.seq b . inv1 x = true predicate precondition0 (self : f) (_2 : item0) val precondition0 (self : f) (_2 : item0) : bool ensures { result = precondition0 self _2 } @@ -1752,7 +1753,7 @@ module C05Map_Impl0 val invariant0 [#"../05_map.rs" 131 4 131 30] (self : C05Map_Map_Type.t_map i b f) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../05_map.rs" 1 0 1 0] forall x : C05Map_Map_Type.t_map i b f . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : C05Map_Map_Type.t_map i b f . inv0 x = (invariant0 x /\ match x with | C05Map_Map_Type.C_Map iter func -> true end) use seq.Seq diff --git a/creusot/tests/should_succeed/iterators/06_map_precond.mlcfg b/creusot/tests/should_succeed/iterators/06_map_precond.mlcfg index b420f88ca4..098d388e3c 100644 --- a/creusot/tests/should_succeed/iterators/06_map_precond.mlcfg +++ b/creusot/tests/should_succeed/iterators/06_map_precond.mlcfg @@ -35,7 +35,7 @@ module C06MapPrecond_Impl1_PreservationInv_Impl val inv6 (_x : (item0, Ghost.ghost_ty (Seq.seq item0))) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../06_map_precond.rs" 1 0 1 0] forall x : (item0, Ghost.ghost_ty (Seq.seq item0)) . inv6 x = true + axiom inv6 : forall x : (item0, Ghost.ghost_ty (Seq.seq item0)) . inv6 x = true predicate resolve0 (self : f) val resolve0 (self : f) : bool ensures { result = resolve0 self } @@ -106,17 +106,17 @@ module C06MapPrecond_Impl1_PreservationInv_Impl val inv5 (_x : item0) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../06_map_precond.rs" 1 0 1 0] forall x : item0 . inv5 x = true + axiom inv5 : forall x : item0 . inv5 x = true predicate invariant4 (self : borrowed f) val invariant4 (self : borrowed f) : bool ensures { result = invariant4 self } - axiom inv4 : [#"../06_map_precond.rs" 1 0 1 0] forall x : borrowed f . inv4 x = true + axiom inv4 : forall x : borrowed f . inv4 x = true predicate invariant3 (self : b) val invariant3 (self : b) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../06_map_precond.rs" 1 0 1 0] forall x : b . inv3 x = true + axiom inv3 : forall x : b . inv3 x = true use seq.Seq predicate inv2 (_x : Seq.seq item0) val inv2 (_x : Seq.seq item0) : bool @@ -154,17 +154,17 @@ module C06MapPrecond_Impl1_PreservationInv_Impl val invariant2 (self : Seq.seq item0) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Seq.seq item0 . inv2 x = true + axiom inv2 : forall x : Seq.seq item0 . inv2 x = true predicate invariant1 (self : f) val invariant1 (self : f) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../06_map_precond.rs" 1 0 1 0] forall x : f . inv1 x = true + axiom inv1 : forall x : f . inv1 x = true predicate invariant0 (self : i) val invariant0 (self : i) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../06_map_precond.rs" 1 0 1 0] forall x : i . inv0 x = true + axiom inv0 : forall x : i . inv0 x = true predicate precondition0 (self : f) (_2 : (item0, Ghost.ghost_ty (Seq.seq item0))) val precondition0 (self : f) (_2 : (item0, Ghost.ghost_ty (Seq.seq item0))) : bool ensures { result = precondition0 self _2 } @@ -198,7 +198,7 @@ module C06MapPrecond_Impl0_ProducesRefl_Impl val inv10 (_x : item0) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../06_map_precond.rs" 1 0 1 0] forall x : item0 . inv10 x = true + axiom inv10 : forall x : item0 . inv10 x = true use prelude.Borrow predicate invariant9 (self : borrowed i) val invariant9 (self : borrowed i) : bool @@ -208,7 +208,7 @@ module C06MapPrecond_Impl0_ProducesRefl_Impl val inv9 (_x : borrowed i) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../06_map_precond.rs" 1 0 1 0] forall x : borrowed i . inv9 x = true + axiom inv9 : forall x : borrowed i . inv9 x = true predicate invariant8 (self : b) val invariant8 (self : b) : bool ensures { result = invariant8 self } @@ -217,7 +217,7 @@ module C06MapPrecond_Impl0_ProducesRefl_Impl val inv8 (_x : b) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../06_map_precond.rs" 1 0 1 0] forall x : b . inv8 x = true + axiom inv8 : forall x : b . inv8 x = true use seq.Seq use prelude.Ghost predicate invariant7 (self : (item0, Ghost.ghost_ty (Seq.seq item0))) @@ -228,7 +228,7 @@ module C06MapPrecond_Impl0_ProducesRefl_Impl val inv7 (_x : (item0, Ghost.ghost_ty (Seq.seq item0))) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../06_map_precond.rs" 1 0 1 0] forall x : (item0, Ghost.ghost_ty (Seq.seq item0)) . inv7 x = true + axiom inv7 : forall x : (item0, Ghost.ghost_ty (Seq.seq item0)) . inv7 x = true predicate invariant6 (self : borrowed f) val invariant6 (self : borrowed f) : bool ensures { result = invariant6 self } @@ -237,7 +237,7 @@ module C06MapPrecond_Impl0_ProducesRefl_Impl val inv6 (_x : borrowed f) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../06_map_precond.rs" 1 0 1 0] forall x : borrowed f . inv6 x = true + axiom inv6 : forall x : borrowed f . inv6 x = true predicate invariant5 (self : Ghost.ghost_ty (Seq.seq item0)) val invariant5 (self : Ghost.ghost_ty (Seq.seq item0)) : bool ensures { result = invariant5 self } @@ -246,7 +246,7 @@ module C06MapPrecond_Impl0_ProducesRefl_Impl val inv5 (_x : Ghost.ghost_ty (Seq.seq item0)) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Ghost.ghost_ty (Seq.seq item0) . inv5 x = true + axiom inv5 : forall x : Ghost.ghost_ty (Seq.seq item0) . inv5 x = true predicate invariant4 (self : f) val invariant4 (self : f) : bool ensures { result = invariant4 self } @@ -255,7 +255,7 @@ module C06MapPrecond_Impl0_ProducesRefl_Impl val inv4 (_x : f) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../06_map_precond.rs" 1 0 1 0] forall x : f . inv4 x = true + axiom inv4 : forall x : f . inv4 x = true predicate invariant3 (self : i) val invariant3 (self : i) : bool ensures { result = invariant3 self } @@ -264,7 +264,7 @@ module C06MapPrecond_Impl0_ProducesRefl_Impl val inv3 (_x : i) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../06_map_precond.rs" 1 0 1 0] forall x : i . inv3 x = true + axiom inv3 : forall x : i . inv3 x = true predicate invariant2 (self : Seq.seq (borrowed f)) val invariant2 (self : Seq.seq (borrowed f)) : bool ensures { result = invariant2 self } @@ -273,7 +273,7 @@ module C06MapPrecond_Impl0_ProducesRefl_Impl val inv2 (_x : Seq.seq (borrowed f)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Seq.seq (borrowed f) . inv2 x = true + axiom inv2 : forall x : Seq.seq (borrowed f) . inv2 x = true predicate invariant1 (self : Seq.seq item0) val invariant1 (self : Seq.seq item0) : bool ensures { result = invariant1 self } @@ -282,7 +282,7 @@ module C06MapPrecond_Impl0_ProducesRefl_Impl val inv1 (_x : Seq.seq item0) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Seq.seq item0 . inv1 x = true + axiom inv1 : forall x : Seq.seq item0 . inv1 x = true predicate resolve0 (self : f) val resolve0 (self : f) : bool ensures { result = resolve0 self } @@ -403,7 +403,7 @@ module C06MapPrecond_Impl0_ProducesRefl_Impl val inv0 (_x : C06MapPrecond_Map_Type.t_map i b f item0) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../06_map_precond.rs" 1 0 1 0] forall x : C06MapPrecond_Map_Type.t_map i b f item0 . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : C06MapPrecond_Map_Type.t_map i b f item0 . inv0 x = (invariant0 x /\ match x with | C06MapPrecond_Map_Type.C_Map iter func produced -> true end) use seq.Seq @@ -447,7 +447,7 @@ module C06MapPrecond_Impl0_ProducesTrans_Impl val inv11 (_x : item0) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../06_map_precond.rs" 1 0 1 0] forall x : item0 . inv11 x = true + axiom inv11 : forall x : item0 . inv11 x = true use prelude.Borrow predicate invariant10 (self : borrowed i) val invariant10 (self : borrowed i) : bool @@ -457,7 +457,7 @@ module C06MapPrecond_Impl0_ProducesTrans_Impl val inv10 (_x : borrowed i) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../06_map_precond.rs" 1 0 1 0] forall x : borrowed i . inv10 x = true + axiom inv10 : forall x : borrowed i . inv10 x = true predicate invariant9 (self : b) val invariant9 (self : b) : bool ensures { result = invariant9 self } @@ -466,7 +466,7 @@ module C06MapPrecond_Impl0_ProducesTrans_Impl val inv9 (_x : b) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../06_map_precond.rs" 1 0 1 0] forall x : b . inv9 x = true + axiom inv9 : forall x : b . inv9 x = true use seq.Seq use prelude.Ghost predicate invariant8 (self : (item0, Ghost.ghost_ty (Seq.seq item0))) @@ -477,7 +477,7 @@ module C06MapPrecond_Impl0_ProducesTrans_Impl val inv8 (_x : (item0, Ghost.ghost_ty (Seq.seq item0))) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../06_map_precond.rs" 1 0 1 0] forall x : (item0, Ghost.ghost_ty (Seq.seq item0)) . inv8 x = true + axiom inv8 : forall x : (item0, Ghost.ghost_ty (Seq.seq item0)) . inv8 x = true predicate invariant7 (self : borrowed f) val invariant7 (self : borrowed f) : bool ensures { result = invariant7 self } @@ -486,7 +486,7 @@ module C06MapPrecond_Impl0_ProducesTrans_Impl val inv7 (_x : borrowed f) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../06_map_precond.rs" 1 0 1 0] forall x : borrowed f . inv7 x = true + axiom inv7 : forall x : borrowed f . inv7 x = true predicate invariant6 (self : Ghost.ghost_ty (Seq.seq item0)) val invariant6 (self : Ghost.ghost_ty (Seq.seq item0)) : bool ensures { result = invariant6 self } @@ -495,7 +495,7 @@ module C06MapPrecond_Impl0_ProducesTrans_Impl val inv6 (_x : Ghost.ghost_ty (Seq.seq item0)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Ghost.ghost_ty (Seq.seq item0) . inv6 x = true + axiom inv6 : forall x : Ghost.ghost_ty (Seq.seq item0) . inv6 x = true predicate invariant5 (self : f) val invariant5 (self : f) : bool ensures { result = invariant5 self } @@ -504,7 +504,7 @@ module C06MapPrecond_Impl0_ProducesTrans_Impl val inv5 (_x : f) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../06_map_precond.rs" 1 0 1 0] forall x : f . inv5 x = true + axiom inv5 : forall x : f . inv5 x = true predicate invariant4 (self : i) val invariant4 (self : i) : bool ensures { result = invariant4 self } @@ -513,7 +513,7 @@ module C06MapPrecond_Impl0_ProducesTrans_Impl val inv4 (_x : i) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../06_map_precond.rs" 1 0 1 0] forall x : i . inv4 x = true + axiom inv4 : forall x : i . inv4 x = true predicate invariant3 (self : Seq.seq (borrowed f)) val invariant3 (self : Seq.seq (borrowed f)) : bool ensures { result = invariant3 self } @@ -522,7 +522,7 @@ module C06MapPrecond_Impl0_ProducesTrans_Impl val inv3 (_x : Seq.seq (borrowed f)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Seq.seq (borrowed f) . inv3 x = true + axiom inv3 : forall x : Seq.seq (borrowed f) . inv3 x = true predicate invariant2 (self : Seq.seq item0) val invariant2 (self : Seq.seq item0) : bool ensures { result = invariant2 self } @@ -531,7 +531,7 @@ module C06MapPrecond_Impl0_ProducesTrans_Impl val inv2 (_x : Seq.seq item0) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Seq.seq item0 . inv2 x = true + axiom inv2 : forall x : Seq.seq item0 . inv2 x = true predicate resolve0 (self : f) val resolve0 (self : f) : bool ensures { result = resolve0 self } @@ -614,7 +614,7 @@ module C06MapPrecond_Impl0_ProducesTrans_Impl val inv1 (_x : Seq.seq b) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Seq.seq b . inv1 x = true + axiom inv1 : forall x : Seq.seq b . inv1 x = true predicate precondition0 (self : f) (_2 : (item0, Ghost.ghost_ty (Seq.seq item0))) val precondition0 (self : f) (_2 : (item0, Ghost.ghost_ty (Seq.seq item0))) : bool ensures { result = precondition0 self _2 } @@ -661,7 +661,7 @@ module C06MapPrecond_Impl0_ProducesTrans_Impl val inv0 (_x : C06MapPrecond_Map_Type.t_map i b f item0) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../06_map_precond.rs" 1 0 1 0] forall x : C06MapPrecond_Map_Type.t_map i b f item0 . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : C06MapPrecond_Map_Type.t_map i b f item0 . inv0 x = (invariant0 x /\ match x with | C06MapPrecond_Map_Type.C_Map iter func produced -> true end) use seq.Seq @@ -722,7 +722,7 @@ module C06MapPrecond_Impl1_ProducesOne_Impl val inv11 (_x : borrowed i) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../06_map_precond.rs" 1 0 1 0] forall x : borrowed i . inv11 x = true + axiom inv11 : forall x : borrowed i . inv11 x = true type item0 use seq.Seq use prelude.Ghost @@ -734,7 +734,7 @@ module C06MapPrecond_Impl1_ProducesOne_Impl val inv10 (_x : (item0, Ghost.ghost_ty (Seq.seq item0))) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../06_map_precond.rs" 1 0 1 0] forall x : (item0, Ghost.ghost_ty (Seq.seq item0)) . inv10 x = true + axiom inv10 : forall x : (item0, Ghost.ghost_ty (Seq.seq item0)) . inv10 x = true predicate invariant9 (self : Seq.seq b) val invariant9 (self : Seq.seq b) : bool ensures { result = invariant9 self } @@ -743,7 +743,7 @@ module C06MapPrecond_Impl1_ProducesOne_Impl val inv9 (_x : Seq.seq b) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Seq.seq b . inv9 x = true + axiom inv9 : forall x : Seq.seq b . inv9 x = true predicate invariant8 (self : Ghost.ghost_ty (Seq.seq item0)) val invariant8 (self : Ghost.ghost_ty (Seq.seq item0)) : bool ensures { result = invariant8 self } @@ -752,7 +752,7 @@ module C06MapPrecond_Impl1_ProducesOne_Impl val inv8 (_x : Ghost.ghost_ty (Seq.seq item0)) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Ghost.ghost_ty (Seq.seq item0) . inv8 x = true + axiom inv8 : forall x : Ghost.ghost_ty (Seq.seq item0) . inv8 x = true predicate invariant7 (self : f) val invariant7 (self : f) : bool ensures { result = invariant7 self } @@ -761,7 +761,7 @@ module C06MapPrecond_Impl1_ProducesOne_Impl val inv7 (_x : f) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../06_map_precond.rs" 1 0 1 0] forall x : f . inv7 x = true + axiom inv7 : forall x : f . inv7 x = true predicate invariant6 (self : i) val invariant6 (self : i) : bool ensures { result = invariant6 self } @@ -770,7 +770,7 @@ module C06MapPrecond_Impl1_ProducesOne_Impl val inv6 (_x : i) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../06_map_precond.rs" 1 0 1 0] forall x : i . inv6 x = true + axiom inv6 : forall x : i . inv6 x = true predicate invariant5 (self : Seq.seq (borrowed f)) val invariant5 (self : Seq.seq (borrowed f)) : bool ensures { result = invariant5 self } @@ -779,7 +779,7 @@ module C06MapPrecond_Impl1_ProducesOne_Impl val inv5 (_x : Seq.seq (borrowed f)) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Seq.seq (borrowed f) . inv5 x = true + axiom inv5 : forall x : Seq.seq (borrowed f) . inv5 x = true predicate invariant4 (self : Seq.seq item0) val invariant4 (self : Seq.seq item0) : bool ensures { result = invariant4 self } @@ -788,7 +788,7 @@ module C06MapPrecond_Impl1_ProducesOne_Impl val inv4 (_x : Seq.seq item0) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Seq.seq item0 . inv4 x = true + axiom inv4 : forall x : Seq.seq item0 . inv4 x = true predicate resolve0 (self : f) val resolve0 (self : f) : bool ensures { result = resolve0 self } @@ -854,12 +854,12 @@ module C06MapPrecond_Impl1_ProducesOne_Impl val inv3 (_x : item0) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../06_map_precond.rs" 1 0 1 0] forall x : item0 . inv3 x = true + axiom inv3 : forall x : item0 . inv3 x = true predicate invariant2 (self : borrowed f) val invariant2 (self : borrowed f) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../06_map_precond.rs" 1 0 1 0] forall x : borrowed f . inv2 x = true + axiom inv2 : forall x : borrowed f . inv2 x = true use seq.Seq predicate produces1 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) val produces1 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) : bool @@ -944,7 +944,7 @@ module C06MapPrecond_Impl1_ProducesOne_Impl val invariant1 (self : b) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../06_map_precond.rs" 1 0 1 0] forall x : b . inv1 x = true + axiom inv1 : forall x : b . inv1 x = true use seq.Seq predicate next_precondition0 [#"../06_map_precond.rs" 84 4 84 74] (iter : i) (func : f) (produced : Seq.seq item0) = [#"../06_map_precond.rs" 85 8 89 9] forall i : i . forall e : item0 . inv6 i -> inv3 e -> produces1 iter (Seq.singleton e) i -> precondition0 func (e, Ghost.new produced) @@ -980,7 +980,7 @@ module C06MapPrecond_Impl1_ProducesOne_Impl val invariant0 [#"../06_map_precond.rs" 158 4 158 30] (self : C06MapPrecond_Map_Type.t_map i b f item0) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../06_map_precond.rs" 1 0 1 0] forall x : C06MapPrecond_Map_Type.t_map i b f item0 . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : C06MapPrecond_Map_Type.t_map i b f item0 . inv0 x = (invariant0 x /\ match x with | C06MapPrecond_Map_Type.C_Map iter func produced -> true end) use seq.Seq @@ -1006,7 +1006,7 @@ module C06MapPrecond_Impl1_ProducesOneInvariant_Impl val inv9 (_x : borrowed i) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../06_map_precond.rs" 1 0 1 0] forall x : borrowed i . inv9 x = true + axiom inv9 : forall x : borrowed i . inv9 x = true type item0 use seq.Seq use prelude.Ghost @@ -1018,7 +1018,7 @@ module C06MapPrecond_Impl1_ProducesOneInvariant_Impl val inv8 (_x : Ghost.ghost_ty (Seq.seq item0)) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Ghost.ghost_ty (Seq.seq item0) . inv8 x = true + axiom inv8 : forall x : Ghost.ghost_ty (Seq.seq item0) . inv8 x = true predicate invariant7 (self : (item0, Ghost.ghost_ty (Seq.seq item0))) val invariant7 (self : (item0, Ghost.ghost_ty (Seq.seq item0))) : bool ensures { result = invariant7 self } @@ -1027,7 +1027,7 @@ module C06MapPrecond_Impl1_ProducesOneInvariant_Impl val inv7 (_x : (item0, Ghost.ghost_ty (Seq.seq item0))) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../06_map_precond.rs" 1 0 1 0] forall x : (item0, Ghost.ghost_ty (Seq.seq item0)) . inv7 x = true + axiom inv7 : forall x : (item0, Ghost.ghost_ty (Seq.seq item0)) . inv7 x = true predicate invariant6 (self : f) val invariant6 (self : f) : bool ensures { result = invariant6 self } @@ -1036,7 +1036,7 @@ module C06MapPrecond_Impl1_ProducesOneInvariant_Impl val inv6 (_x : f) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../06_map_precond.rs" 1 0 1 0] forall x : f . inv6 x = true + axiom inv6 : forall x : f . inv6 x = true predicate invariant5 (self : Seq.seq item0) val invariant5 (self : Seq.seq item0) : bool ensures { result = invariant5 self } @@ -1045,7 +1045,7 @@ module C06MapPrecond_Impl1_ProducesOneInvariant_Impl val inv5 (_x : Seq.seq item0) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Seq.seq item0 . inv5 x = true + axiom inv5 : forall x : Seq.seq item0 . inv5 x = true predicate invariant4 (self : i) val invariant4 (self : i) : bool ensures { result = invariant4 self } @@ -1054,7 +1054,7 @@ module C06MapPrecond_Impl1_ProducesOneInvariant_Impl val inv4 (_x : i) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../06_map_precond.rs" 1 0 1 0] forall x : i . inv4 x = true + axiom inv4 : forall x : i . inv4 x = true predicate invariant3 (self : borrowed f) val invariant3 (self : borrowed f) : bool ensures { result = invariant3 self } @@ -1063,7 +1063,7 @@ module C06MapPrecond_Impl1_ProducesOneInvariant_Impl val inv3 (_x : borrowed f) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../06_map_precond.rs" 1 0 1 0] forall x : borrowed f . inv3 x = true + axiom inv3 : forall x : borrowed f . inv3 x = true predicate invariant2 (self : b) val invariant2 (self : b) : bool ensures { result = invariant2 self } @@ -1072,7 +1072,7 @@ module C06MapPrecond_Impl1_ProducesOneInvariant_Impl val inv2 (_x : b) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../06_map_precond.rs" 1 0 1 0] forall x : b . inv2 x = true + axiom inv2 : forall x : b . inv2 x = true predicate invariant1 (self : item0) val invariant1 (self : item0) : bool ensures { result = invariant1 self } @@ -1081,7 +1081,7 @@ module C06MapPrecond_Impl1_ProducesOneInvariant_Impl val inv1 (_x : item0) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../06_map_precond.rs" 1 0 1 0] forall x : item0 . inv1 x = true + axiom inv1 : forall x : item0 . inv1 x = true predicate precondition0 (self : f) (_2 : (item0, Ghost.ghost_ty (Seq.seq item0))) val precondition0 (self : f) (_2 : (item0, Ghost.ghost_ty (Seq.seq item0))) : bool ensures { result = precondition0 self _2 } @@ -1142,7 +1142,7 @@ module C06MapPrecond_Impl1_ProducesOneInvariant_Impl val inv0 (_x : C06MapPrecond_Map_Type.t_map i b f item0) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../06_map_precond.rs" 1 0 1 0] forall x : C06MapPrecond_Map_Type.t_map i b f item0 . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : C06MapPrecond_Map_Type.t_map i b f item0 . inv0 x = (invariant0 x /\ match x with | C06MapPrecond_Map_Type.C_Map iter func produced -> true end) predicate resolve0 (self : f) @@ -1234,7 +1234,7 @@ module C06MapPrecond_Impl0_Next val inv13 (_x : Seq.seq (borrowed f)) : bool ensures { result = inv13 _x } - axiom inv13 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Seq.seq (borrowed f) . inv13 x = true + axiom inv13 : forall x : Seq.seq (borrowed f) . inv13 x = true type item0 predicate invariant12 (self : Seq.seq item0) val invariant12 (self : Seq.seq item0) : bool @@ -1244,7 +1244,7 @@ module C06MapPrecond_Impl0_Next val inv12 (_x : Seq.seq item0) : bool ensures { result = inv12 _x } - axiom inv12 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Seq.seq item0 . inv12 x = true + axiom inv12 : forall x : Seq.seq item0 . inv12 x = true predicate invariant11 (self : item0) val invariant11 (self : item0) : bool ensures { result = invariant11 self } @@ -1253,7 +1253,7 @@ module C06MapPrecond_Impl0_Next val inv11 (_x : item0) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../06_map_precond.rs" 1 0 1 0] forall x : item0 . inv11 x = true + axiom inv11 : forall x : item0 . inv11 x = true use prelude.Ghost predicate inv3 (_x : Ghost.ghost_ty (Seq.seq item0)) val inv3 (_x : Ghost.ghost_ty (Seq.seq item0)) : bool @@ -1339,14 +1339,14 @@ module C06MapPrecond_Impl0_Next val inv10 (_x : C06MapPrecond_Map_Type.t_map i b f item0) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../06_map_precond.rs" 1 0 1 0] forall x : C06MapPrecond_Map_Type.t_map i b f item0 . inv10 x = (invariant10 x /\ match x with + axiom inv10 : forall x : C06MapPrecond_Map_Type.t_map i b f item0 . inv10 x = (invariant10 x /\ match x with | C06MapPrecond_Map_Type.C_Map iter func produced -> true end) predicate invariant9 (self : b) val invariant9 (self : b) : bool ensures { result = invariant9 self } - axiom inv9 : [#"../06_map_precond.rs" 1 0 1 0] forall x : b . inv9 x = true + axiom inv9 : forall x : b . inv9 x = true predicate resolve4 (self : f) val resolve4 (self : f) : bool ensures { result = resolve4 self } @@ -1396,17 +1396,17 @@ module C06MapPrecond_Impl0_Next val invariant8 (self : (item0, Ghost.ghost_ty (Seq.seq item0))) : bool ensures { result = invariant8 self } - axiom inv8 : [#"../06_map_precond.rs" 1 0 1 0] forall x : (item0, Ghost.ghost_ty (Seq.seq item0)) . inv8 x = true + axiom inv8 : forall x : (item0, Ghost.ghost_ty (Seq.seq item0)) . inv8 x = true predicate invariant7 (self : borrowed f) val invariant7 (self : borrowed f) : bool ensures { result = invariant7 self } - axiom inv7 : [#"../06_map_precond.rs" 1 0 1 0] forall x : borrowed f . inv7 x = true + axiom inv7 : forall x : borrowed f . inv7 x = true predicate invariant6 (self : borrowed i) val invariant6 (self : borrowed i) : bool ensures { result = invariant6 self } - axiom inv6 : [#"../06_map_precond.rs" 1 0 1 0] forall x : borrowed i . inv6 x = true + axiom inv6 : forall x : borrowed i . inv6 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant5 (self : Core_Option_Option_Type.t_option b) val invariant5 (self : Core_Option_Option_Type.t_option b) : bool @@ -1416,7 +1416,7 @@ module C06MapPrecond_Impl0_Next val inv5 (_x : Core_Option_Option_Type.t_option b) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option b . inv5 x = true + axiom inv5 : forall x : Core_Option_Option_Type.t_option b . inv5 x = true predicate invariant4 (self : borrowed (C06MapPrecond_Map_Type.t_map i b f item0)) val invariant4 (self : borrowed (C06MapPrecond_Map_Type.t_map i b f item0)) : bool ensures { result = invariant4 self } @@ -1425,17 +1425,17 @@ module C06MapPrecond_Impl0_Next val inv4 (_x : borrowed (C06MapPrecond_Map_Type.t_map i b f item0)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../06_map_precond.rs" 1 0 1 0] forall x : borrowed (C06MapPrecond_Map_Type.t_map i b f item0) . inv4 x = (inv10 ( * x) /\ inv10 ( ^ x)) + axiom inv4 : forall x : borrowed (C06MapPrecond_Map_Type.t_map i b f item0) . inv4 x = (inv10 ( * x) /\ inv10 ( ^ x)) predicate invariant3 (self : Ghost.ghost_ty (Seq.seq item0)) val invariant3 (self : Ghost.ghost_ty (Seq.seq item0)) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Ghost.ghost_ty (Seq.seq item0) . inv3 x = true + axiom inv3 : forall x : Ghost.ghost_ty (Seq.seq item0) . inv3 x = true predicate invariant2 (self : f) val invariant2 (self : f) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../06_map_precond.rs" 1 0 1 0] forall x : f . inv2 x = true + axiom inv2 : forall x : f . inv2 x = true predicate invariant1 (self : Core_Option_Option_Type.t_option item0) val invariant1 (self : Core_Option_Option_Type.t_option item0) : bool ensures { result = invariant1 self } @@ -1444,7 +1444,7 @@ module C06MapPrecond_Impl0_Next val inv1 (_x : Core_Option_Option_Type.t_option item0) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option item0 . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option item0 . inv1 x = true function produces_trans0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq.seq item0) (b : i) (bc : Seq.seq item0) (c : i) : () val produces_trans0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq.seq item0) (b : i) (bc : Seq.seq item0) (c : i) : () @@ -1468,7 +1468,7 @@ module C06MapPrecond_Impl0_Next val invariant0 (self : i) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../06_map_precond.rs" 1 0 1 0] forall x : i . inv0 x = true + axiom inv0 : forall x : i . inv0 x = true use prelude.Ghost use seq.Seq use seq_ext.SeqExt @@ -1577,10 +1577,10 @@ module C06MapPrecond_Impl0_Next goto BB0 } BB0 { - _4 <- Borrow.borrow_mut (C06MapPrecond_Map_Type.map_iter ( * self)); - self <- { self with current = (let C06MapPrecond_Map_Type.C_Map x0 x1 x2 = * self in C06MapPrecond_Map_Type.C_Map ( ^ _4) x1 x2) }; + [#"../06_map_precond.rs" 64 14 64 30] _4 <- Borrow.borrow_mut (C06MapPrecond_Map_Type.map_iter ( * self)); + [#"../06_map_precond.rs" 64 14 64 30] self <- { self with current = (let C06MapPrecond_Map_Type.C_Map x0 x1 x2 = * self in C06MapPrecond_Map_Type.C_Map ( ^ _4) x1 x2) }; assume { inv0 ( ^ _4) }; - _3 <- ([#"../06_map_precond.rs" 64 14 64 30] next0 _4); + [#"../06_map_precond.rs" 64 14 64 30] _3 <- ([#"../06_map_precond.rs" 64 14 64 30] next0 _4); _4 <- any borrowed i; goto BB1 } @@ -1593,7 +1593,7 @@ module C06MapPrecond_Impl0_Next BB2 { assert { [@expl:type invariant] inv1 _3 }; assume { resolve0 _3 }; - _20 <- ([#"../06_map_precond.rs" 75 32 75 50] Ghost.new (Seq.empty )); + [#"../06_map_precond.rs" 75 32 75 50] _20 <- ([#"../06_map_precond.rs" 75 32 75 50] Ghost.new (Seq.empty )); goto BB14 } BB3 { @@ -1604,27 +1604,28 @@ module C06MapPrecond_Impl0_Next assume { resolve0 _3 }; assert { [@expl:type invariant] inv4 self }; assume { resolve3 self }; + assert { [#"../06_map_precond.rs" 64 14 64 30] false }; absurd } BB5 { - v <- Core_Option_Option_Type.some_0 _3; - _3 <- (let Core_Option_Option_Type.C_Some x0 = _3 in Core_Option_Option_Type.C_Some (any item0)); + [#"../06_map_precond.rs" 65 17 65 18] v <- ([#"../06_map_precond.rs" 65 17 65 18] Core_Option_Option_Type.some_0 _3); + [#"../06_map_precond.rs" 65 17 65 18] _3 <- (let Core_Option_Option_Type.C_Some x0 = _3 in Core_Option_Option_Type.C_Some (any item0)); assert { [@expl:type invariant] inv1 _3 }; assume { resolve0 _3 }; assert { [@expl:assertion] [#"../06_map_precond.rs" 66 16 66 76] precondition0 (C06MapPrecond_Map_Type.map_func ( * self)) (v, C06MapPrecond_Map_Type.map_produced ( * self)) }; goto BB6 } BB6 { - produced <- ([#"../06_map_precond.rs" 67 31 67 60] Ghost.new (Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced ( * self))) v)); + [#"../06_map_precond.rs" 67 31 67 60] produced <- ([#"../06_map_precond.rs" 67 31 67 60] Ghost.new (Seq.snoc (Ghost.inner (C06MapPrecond_Map_Type.map_produced ( * self))) v)); goto BB7 } BB7 { - _12 <- Borrow.borrow_mut (C06MapPrecond_Map_Type.map_func ( * self)); - self <- { self with current = (let C06MapPrecond_Map_Type.C_Map x0 x1 x2 = * self in C06MapPrecond_Map_Type.C_Map x0 ( ^ _12) x2) }; + [#"../06_map_precond.rs" 68 24 68 35] _12 <- Borrow.borrow_mut (C06MapPrecond_Map_Type.map_func ( * self)); + [#"../06_map_precond.rs" 68 24 68 35] self <- { self with current = (let C06MapPrecond_Map_Type.C_Map x0 x1 x2 = * self in C06MapPrecond_Map_Type.C_Map x0 ( ^ _12) x2) }; assume { inv2 ( ^ _12) }; - r <- ([#"../06_map_precond.rs" 68 24 68 53] call_mut0 _12 ([#"../06_map_precond.rs" 68 24 68 53] (v, C06MapPrecond_Map_Type.map_produced ( * self)))); + [#"../06_map_precond.rs" 68 24 68 53] r <- ([#"../06_map_precond.rs" 68 24 68 53] call_mut0 _12 ([#"../06_map_precond.rs" 68 24 68 53] (([#"../06_map_precond.rs" 68 36 68 37] v), ([#"../06_map_precond.rs" 68 39 68 52] C06MapPrecond_Map_Type.map_produced ( * self))))); _12 <- any borrowed f; - v <- any item0; + [#"../06_map_precond.rs" 68 36 68 37] v <- any item0; goto BB8 } BB8 { @@ -1633,16 +1634,16 @@ module C06MapPrecond_Impl0_Next BB9 { assert { [@expl:type invariant] inv3 produced }; assume { resolve1 produced }; - self <- { self with current = (let C06MapPrecond_Map_Type.C_Map x0 x1 x2 = * self in C06MapPrecond_Map_Type.C_Map x0 x1 produced) }; - _17 <- ([#"../06_map_precond.rs" 70 16 70 52] Ghost.new ()); + [#"../06_map_precond.rs" 69 16 69 40] self <- { self with current = (let C06MapPrecond_Map_Type.C_Map x0 x1 x2 = * self in C06MapPrecond_Map_Type.C_Map x0 x1 ([#"../06_map_precond.rs" 69 32 69 40] produced)) }; + [#"../06_map_precond.rs" 70 16 70 52] _17 <- ([#"../06_map_precond.rs" 70 16 70 52] Ghost.new ()); goto BB10 } BB10 { assume { resolve2 _17 }; assert { [@expl:type invariant] inv4 self }; assume { resolve3 self }; - _0 <- ([#"../06_map_precond.rs" 72 16 72 23] Core_Option_Option_Type.C_Some r); - r <- any b; + [#"../06_map_precond.rs" 72 16 72 23] _0 <- ([#"../06_map_precond.rs" 72 16 72 23] Core_Option_Option_Type.C_Some ([#"../06_map_precond.rs" 72 21 72 22] r)); + [#"../06_map_precond.rs" 72 21 72 22] r <- any b; goto BB11 } BB11 { @@ -1655,13 +1656,13 @@ module C06MapPrecond_Impl0_Next goto BB15 } BB14 { - self <- { self with current = (let C06MapPrecond_Map_Type.C_Map x0 x1 x2 = * self in C06MapPrecond_Map_Type.C_Map x0 x1 _20) }; - _20 <- any Ghost.ghost_ty (Seq.seq item0); + [#"../06_map_precond.rs" 75 16 75 50] self <- { self with current = (let C06MapPrecond_Map_Type.C_Map x0 x1 x2 = * self in C06MapPrecond_Map_Type.C_Map x0 x1 ([#"../06_map_precond.rs" 75 16 75 50] _20)) }; + [#"../06_map_precond.rs" 75 16 75 50] _20 <- any Ghost.ghost_ty (Seq.seq item0); assert { [@expl:type invariant] inv3 (C06MapPrecond_Map_Type.map_produced ( * self)) }; assume { resolve1 (C06MapPrecond_Map_Type.map_produced ( * self)) }; assert { [@expl:type invariant] inv4 self }; assume { resolve3 self }; - _0 <- ([#"../06_map_precond.rs" 76 16 76 20] Core_Option_Option_Type.C_None); + [#"../06_map_precond.rs" 76 16 76 20] _0 <- ([#"../06_map_precond.rs" 76 16 76 20] Core_Option_Option_Type.C_None); goto BB15 } BB15 { @@ -1687,7 +1688,7 @@ module C06MapPrecond_Map val inv9 (_x : (item0, Ghost.ghost_ty (Seq.seq item0))) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../06_map_precond.rs" 1 0 1 0] forall x : (item0, Ghost.ghost_ty (Seq.seq item0)) . inv9 x = true + axiom inv9 : forall x : (item0, Ghost.ghost_ty (Seq.seq item0)) . inv9 x = true predicate invariant8 (self : Ghost.ghost_ty (Seq.seq item0)) val invariant8 (self : Ghost.ghost_ty (Seq.seq item0)) : bool ensures { result = invariant8 self } @@ -1696,7 +1697,7 @@ module C06MapPrecond_Map val inv8 (_x : Ghost.ghost_ty (Seq.seq item0)) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Ghost.ghost_ty (Seq.seq item0) . inv8 x = true + axiom inv8 : forall x : Ghost.ghost_ty (Seq.seq item0) . inv8 x = true predicate resolve0 (self : f) val resolve0 (self : f) : bool ensures { result = resolve0 self } @@ -1767,17 +1768,17 @@ module C06MapPrecond_Map val inv7 (_x : Seq.seq item0) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Seq.seq item0 . inv7 x = true + axiom inv7 : forall x : Seq.seq item0 . inv7 x = true predicate invariant6 (self : borrowed f) val invariant6 (self : borrowed f) : bool ensures { result = invariant6 self } - axiom inv6 : [#"../06_map_precond.rs" 1 0 1 0] forall x : borrowed f . inv6 x = true + axiom inv6 : forall x : borrowed f . inv6 x = true predicate invariant5 (self : b) val invariant5 (self : b) : bool ensures { result = invariant5 self } - axiom inv5 : [#"../06_map_precond.rs" 1 0 1 0] forall x : b . inv5 x = true + axiom inv5 : forall x : b . inv5 x = true predicate invariant4 (self : borrowed i) val invariant4 (self : borrowed i) : bool ensures { result = invariant4 self } @@ -1786,7 +1787,7 @@ module C06MapPrecond_Map val inv4 (_x : borrowed i) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../06_map_precond.rs" 1 0 1 0] forall x : borrowed i . inv4 x = true + axiom inv4 : forall x : borrowed i . inv4 x = true predicate inv0 (_x : i) val inv0 (_x : i) : bool ensures { result = inv0 _x } @@ -1847,24 +1848,24 @@ module C06MapPrecond_Map val inv3 (_x : C06MapPrecond_Map_Type.t_map i b f item0) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../06_map_precond.rs" 1 0 1 0] forall x : C06MapPrecond_Map_Type.t_map i b f item0 . inv3 x = (invariant3 x /\ match x with + axiom inv3 : forall x : C06MapPrecond_Map_Type.t_map i b f item0 . inv3 x = (invariant3 x /\ match x with | C06MapPrecond_Map_Type.C_Map iter func produced -> true end) predicate invariant2 (self : f) val invariant2 (self : f) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../06_map_precond.rs" 1 0 1 0] forall x : f . inv2 x = true + axiom inv2 : forall x : f . inv2 x = true predicate invariant1 (self : item0) val invariant1 (self : item0) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../06_map_precond.rs" 1 0 1 0] forall x : item0 . inv1 x = true + axiom inv1 : forall x : item0 . inv1 x = true predicate invariant0 (self : i) val invariant0 (self : i) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../06_map_precond.rs" 1 0 1 0] forall x : i . inv0 x = true + axiom inv0 : forall x : i . inv0 x = true function produces_trans0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq.seq item0) (b : i) (bc : Seq.seq item0) (c : i) : () val produces_trans0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq.seq item0) (b : i) (bc : Seq.seq item0) (c : i) : () @@ -1911,13 +1912,13 @@ module C06MapPrecond_Map goto BB3 } BB3 { - _9 <- ([#"../06_map_precond.rs" 175 32 175 48] Ghost.new (Seq.empty )); + [#"../06_map_precond.rs" 175 32 175 48] _9 <- ([#"../06_map_precond.rs" 175 32 175 48] Ghost.new (Seq.empty )); goto BB4 } BB4 { - _0 <- ([#"../06_map_precond.rs" 175 4 175 50] C06MapPrecond_Map_Type.C_Map iter func _9); - iter <- any i; - func <- any f; + [#"../06_map_precond.rs" 175 4 175 50] _0 <- ([#"../06_map_precond.rs" 175 4 175 50] C06MapPrecond_Map_Type.C_Map ([#"../06_map_precond.rs" 175 10 175 14] iter) ([#"../06_map_precond.rs" 175 16 175 20] func) _9); + [#"../06_map_precond.rs" 175 10 175 14] iter <- any i; + [#"../06_map_precond.rs" 175 16 175 20] func <- any f; _9 <- any Ghost.ghost_ty (Seq.seq item0); goto BB5 } @@ -1957,7 +1958,7 @@ module C06MapPrecond_Identity_Closure0 val inv3 (_x : Seq.seq item0) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Seq.seq item0 . inv3 x = true + axiom inv3 : forall x : Seq.seq item0 . inv3 x = true predicate invariant2 (self : i) val invariant2 (self : i) : bool ensures { result = invariant2 self } @@ -1966,7 +1967,7 @@ module C06MapPrecond_Identity_Closure0 val inv2 (_x : i) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../06_map_precond.rs" 1 0 1 0] forall x : i . inv2 x = true + axiom inv2 : forall x : i . inv2 x = true predicate invariant1 (self : item0) val invariant1 (self : item0) : bool ensures { result = invariant1 self } @@ -1975,7 +1976,7 @@ module C06MapPrecond_Identity_Closure0 val inv1 (_x : item0) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../06_map_precond.rs" 1 0 1 0] forall x : item0 . inv1 x = true + axiom inv1 : forall x : item0 . inv1 x = true use prelude.Ghost predicate invariant0 (self : Ghost.ghost_ty (Seq.seq item0)) val invariant0 (self : Ghost.ghost_ty (Seq.seq item0)) : bool @@ -1985,7 +1986,7 @@ module C06MapPrecond_Identity_Closure0 val inv0 (_x : Ghost.ghost_ty (Seq.seq item0)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Ghost.ghost_ty (Seq.seq item0) . inv0 x = true + axiom inv0 : forall x : Ghost.ghost_ty (Seq.seq item0) . inv0 x = true use seq.Seq predicate produces0 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) val produces0 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) : bool @@ -2016,7 +2017,7 @@ module C06MapPrecond_Identity_Closure0 predicate unnest0 [#"../06_map_precond.rs" 179 14 179 20] (self : C06MapPrecond_Identity_Closure0.c06mapprecond_identity_closure0 i) (_2 : C06MapPrecond_Identity_Closure0.c06mapprecond_identity_closure0 i) = - [#"../06_map_precond.rs" 1 0 1 0] true + true use prelude.Borrow predicate resolve1 (self : borrowed (C06MapPrecond_Identity_Closure0.c06mapprecond_identity_closure0 i)) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self @@ -2029,8 +2030,8 @@ module C06MapPrecond_Identity_Closure0 let rec cfg c06MapPrecond_Identity_Closure0 [#"../06_map_precond.rs" 179 14 179 20] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : borrowed (C06MapPrecond_Identity_Closure0.c06mapprecond_identity_closure0 i)) (x : item0) (_3 : Ghost.ghost_ty (Seq.seq item0)) : item0 requires {[#"../06_map_precond.rs" 179 15 179 16] inv1 x} - requires {[#"../06_map_precond.rs" 1 0 1 0] inv0 _3} - ensures { [#"../06_map_precond.rs" 1 0 1 0] unnest0 ( * _1) ( ^ _1) } + requires {inv0 _3} + ensures { unnest0 ( * _1) ( ^ _1) } ensures { [#"../06_map_precond.rs" 179 14 179 20] inv1 result } = [@vc:do_not_keep_trace] [@vc:sp] @@ -2042,8 +2043,8 @@ module C06MapPrecond_Identity_Closure0 goto BB0 } BB0 { - _0 <- x; - x <- any item0; + [#"../06_map_precond.rs" 179 21 179 22] _0 <- ([#"../06_map_precond.rs" 179 21 179 22] x); + [#"../06_map_precond.rs" 179 21 179 22] x <- any item0; assert { [@expl:type invariant] inv0 _3 }; assume { resolve0 _3 }; assume { resolve1 _1 }; @@ -2067,7 +2068,7 @@ module C06MapPrecond_Identity val inv7 (_x : Ghost.ghost_ty (Seq.seq item0)) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Ghost.ghost_ty (Seq.seq item0) . inv7 x = true + axiom inv7 : forall x : Ghost.ghost_ty (Seq.seq item0) . inv7 x = true predicate invariant6 (self : Seq.seq item0) val invariant6 (self : Seq.seq item0) : bool ensures { result = invariant6 self } @@ -2076,7 +2077,7 @@ module C06MapPrecond_Identity val inv6 (_x : Seq.seq item0) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Seq.seq item0 . inv6 x = true + axiom inv6 : forall x : Seq.seq item0 . inv6 x = true use prelude.Int16 use C06MapPrecond_Identity_Closure0_Type as C06MapPrecond_Identity_Closure0 use prelude.Borrow @@ -2088,7 +2089,7 @@ module C06MapPrecond_Identity val inv5 (_x : borrowed (C06MapPrecond_Identity_Closure0.c06mapprecond_identity_closure0 i)) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../06_map_precond.rs" 1 0 1 0] forall x : borrowed (C06MapPrecond_Identity_Closure0.c06mapprecond_identity_closure0 i) . inv5 x = true + axiom inv5 : forall x : borrowed (C06MapPrecond_Identity_Closure0.c06mapprecond_identity_closure0 i) . inv5 x = true predicate invariant4 (self : borrowed i) val invariant4 (self : borrowed i) : bool ensures { result = invariant4 self } @@ -2097,7 +2098,7 @@ module C06MapPrecond_Identity val inv4 (_x : borrowed i) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../06_map_precond.rs" 1 0 1 0] forall x : borrowed i . inv4 x = true + axiom inv4 : forall x : borrowed i . inv4 x = true predicate invariant3 (self : C06MapPrecond_Identity_Closure0.c06mapprecond_identity_closure0 i) val invariant3 (self : C06MapPrecond_Identity_Closure0.c06mapprecond_identity_closure0 i) : bool ensures { result = invariant3 self } @@ -2106,7 +2107,7 @@ module C06MapPrecond_Identity val inv3 (_x : C06MapPrecond_Identity_Closure0.c06mapprecond_identity_closure0 i) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../06_map_precond.rs" 1 0 1 0] forall x : C06MapPrecond_Identity_Closure0.c06mapprecond_identity_closure0 i . inv3 x = true + axiom inv3 : forall x : C06MapPrecond_Identity_Closure0.c06mapprecond_identity_closure0 i . inv3 x = true predicate invariant2 (self : item0) val invariant2 (self : item0) : bool ensures { result = invariant2 self } @@ -2115,7 +2116,7 @@ module C06MapPrecond_Identity val inv2 (_x : item0) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../06_map_precond.rs" 1 0 1 0] forall x : item0 . inv2 x = true + axiom inv2 : forall x : item0 . inv2 x = true predicate invariant1 (self : i) val invariant1 (self : i) : bool ensures { result = invariant1 self } @@ -2124,7 +2125,7 @@ module C06MapPrecond_Identity val inv1 (_x : i) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../06_map_precond.rs" 1 0 1 0] forall x : i . inv1 x = true + axiom inv1 : forall x : i . inv1 x = true use seq.Seq predicate produces0 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) val produces0 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) : bool @@ -2153,7 +2154,7 @@ module C06MapPrecond_Identity predicate precondition0 [#"../06_map_precond.rs" 179 14 179 20] (self : C06MapPrecond_Identity_Closure0.c06mapprecond_identity_closure0 i) (args : (item0, Ghost.ghost_ty (Seq.seq item0))) = - [#"../06_map_precond.rs" 1 0 1 0] let (x, _3) = args in true + let (x, _3) = args in true use prelude.Ghost use seq.Seq predicate next_precondition0 [#"../06_map_precond.rs" 84 4 84 74] (iter : i) (func : C06MapPrecond_Identity_Closure0.c06mapprecond_identity_closure0 i) (produced : Seq.seq item0) @@ -2166,11 +2167,11 @@ module C06MapPrecond_Identity predicate unnest0 [#"../06_map_precond.rs" 179 14 179 20] (self : C06MapPrecond_Identity_Closure0.c06mapprecond_identity_closure0 i) (_2 : C06MapPrecond_Identity_Closure0.c06mapprecond_identity_closure0 i) = - [#"../06_map_precond.rs" 1 0 1 0] true + true predicate postcondition_mut0 [#"../06_map_precond.rs" 179 14 179 20] (self : borrowed (C06MapPrecond_Identity_Closure0.c06mapprecond_identity_closure0 i)) (args : (item0, Ghost.ghost_ty (Seq.seq item0))) (result : item0) = - [#"../06_map_precond.rs" 1 0 1 0] (let (x, _3) = args in true) /\ unnest0 ( * self) ( ^ self) + (let (x, _3) = args in true) /\ unnest0 ( * self) ( ^ self) use seq.Seq predicate preservation0 [#"../06_map_precond.rs" 106 4 106 45] (iter : i) (func : C06MapPrecond_Identity_Closure0.c06mapprecond_identity_closure0 i) @@ -2213,7 +2214,7 @@ module C06MapPrecond_Identity val inv0 (_x : C06MapPrecond_Map_Type.t_map i item0 (C06MapPrecond_Identity_Closure0.c06mapprecond_identity_closure0 i) item0) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../06_map_precond.rs" 1 0 1 0] forall x : C06MapPrecond_Map_Type.t_map i item0 (C06MapPrecond_Identity_Closure0.c06mapprecond_identity_closure0 i) item0 . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : C06MapPrecond_Map_Type.t_map i item0 (C06MapPrecond_Identity_Closure0.c06mapprecond_identity_closure0 i) item0 . inv0 x = (invariant0 x /\ match x with | C06MapPrecond_Map_Type.C_Map iter func produced -> true end) predicate resolve0 (self : C06MapPrecond_Map_Type.t_map i item0 (C06MapPrecond_Identity_Closure0.c06mapprecond_identity_closure0 i) item0) @@ -2241,8 +2242,8 @@ module C06MapPrecond_Identity goto BB0 } BB0 { - _2 <- ([#"../06_map_precond.rs" 179 4 179 23] map0 iter ([#"../06_map_precond.rs" 179 14 179 22] C06MapPrecond_Identity_Closure0.C06MapPrecond_Identity_Closure0)); - iter <- any i; + [#"../06_map_precond.rs" 179 4 179 23] _2 <- ([#"../06_map_precond.rs" 179 4 179 23] map0 ([#"../06_map_precond.rs" 179 8 179 12] iter) ([#"../06_map_precond.rs" 179 14 179 22] C06MapPrecond_Identity_Closure0.C06MapPrecond_Identity_Closure0)); + [#"../06_map_precond.rs" 179 8 179 12] iter <- any i; goto BB1 } BB1 { @@ -2251,7 +2252,7 @@ module C06MapPrecond_Identity goto BB2 } BB2 { - _0 <- ([#"../06_map_precond.rs" 178 38 180 1] ()); + [#"../06_map_precond.rs" 178 38 180 1] _0 <- ([#"../06_map_precond.rs" 178 38 180 1] ()); goto BB3 } BB3 { @@ -2278,7 +2279,7 @@ module C06MapPrecond_Increment_Closure2 predicate unnest0 [#"../06_map_precond.rs" 190 8 190 35] (self : C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u) (_2 : C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u) = - [#"../06_map_precond.rs" 1 0 1 0] true + true use prelude.UInt32 use prelude.Borrow use prelude.Int @@ -2290,7 +2291,7 @@ module C06MapPrecond_Increment_Closure2 let rec cfg c06MapPrecond_Increment_Closure2 [#"../06_map_precond.rs" 190 8 190 35] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : borrowed (C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u)) (x : uint32) (_3 : Ghost.ghost_ty (Seq.seq uint32)) : uint32 requires {[#"../06_map_precond.rs" 189 19 189 27] UInt32.to_int x <= 15} ensures { [#"../06_map_precond.rs" 190 18 190 33] UInt32.to_int result = UInt32.to_int x + 1 } - ensures { [#"../06_map_precond.rs" 1 0 1 0] unnest0 ( * _1) ( ^ _1) } + ensures { unnest0 ( * _1) ( ^ _1) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : uint32; @@ -2303,9 +2304,9 @@ module C06MapPrecond_Increment_Closure2 } BB0 { assume { resolve0 _1 }; - res1 <- ([#"../06_map_precond.rs" 191 20 191 25] x + ([#"../06_map_precond.rs" 191 24 191 25] [#"../06_map_precond.rs" 191 24 191 25] (1 : uint32))); - res <- res1; - _0 <- res; + [#"../06_map_precond.rs" 191 20 191 25] res1 <- ([#"../06_map_precond.rs" 191 20 191 25] ([#"../06_map_precond.rs" 191 20 191 21] x) + ([#"../06_map_precond.rs" 191 24 191 25] [#"../06_map_precond.rs" 191 24 191 25] (1 : uint32))); + [#"../06_map_precond.rs" 189 8 189 29] res <- ([#"../06_map_precond.rs" 189 8 189 29] res1); + [#"../06_map_precond.rs" 190 8 190 35] _0 <- ([#"../06_map_precond.rs" 190 8 190 35] res); return _0 } @@ -2324,7 +2325,7 @@ module C06MapPrecond_Increment val inv8 (_x : Ghost.ghost_ty (Seq.seq uint32)) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Ghost.ghost_ty (Seq.seq uint32) . inv8 x = true + axiom inv8 : forall x : Ghost.ghost_ty (Seq.seq uint32) . inv8 x = true use prelude.Int16 use C06MapPrecond_Increment_Closure2_Type as C06MapPrecond_Increment_Closure2 use prelude.Borrow @@ -2337,7 +2338,7 @@ module C06MapPrecond_Increment val inv7 (_x : borrowed (C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u)) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../06_map_precond.rs" 1 0 1 0] forall x : borrowed (C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u) . inv7 x = true + axiom inv7 : forall x : borrowed (C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u) . inv7 x = true predicate invariant6 (self : Seq.seq (borrowed (C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u))) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -2348,7 +2349,7 @@ module C06MapPrecond_Increment val inv6 (_x : Seq.seq (borrowed (C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u))) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Seq.seq (borrowed (C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u)) . inv6 x = true + axiom inv6 : forall x : Seq.seq (borrowed (C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u)) . inv6 x = true predicate invariant5 (self : Seq.seq uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant5 (self : Seq.seq uint32) : bool @@ -2358,7 +2359,7 @@ module C06MapPrecond_Increment val inv5 (_x : Seq.seq uint32) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Seq.seq uint32 . inv5 x = true + axiom inv5 : forall x : Seq.seq uint32 . inv5 x = true predicate invariant4 (self : C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant4 (self : C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u) : bool @@ -2368,7 +2369,7 @@ module C06MapPrecond_Increment val inv4 (_x : C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../06_map_precond.rs" 1 0 1 0] forall x : C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u . inv4 x = true + axiom inv4 : forall x : C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u . inv4 x = true predicate invariant3 (self : uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : uint32) : bool @@ -2378,7 +2379,7 @@ module C06MapPrecond_Increment val inv3 (_x : uint32) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../06_map_precond.rs" 1 0 1 0] forall x : uint32 . inv3 x = true + axiom inv3 : forall x : uint32 . inv3 x = true predicate invariant2 (self : u) val invariant2 (self : u) : bool ensures { result = invariant2 self } @@ -2387,7 +2388,7 @@ module C06MapPrecond_Increment val inv2 (_x : u) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../06_map_precond.rs" 1 0 1 0] forall x : u . inv2 x = true + axiom inv2 : forall x : u . inv2 x = true use seq.Seq predicate produces1 [#"../common.rs" 8 4 8 66] (self : u) (visited : Seq.seq uint32) (_o : u) val produces1 [#"../common.rs" 8 4 8 66] (self : u) (visited : Seq.seq uint32) (_o : u) : bool @@ -2421,7 +2422,7 @@ module C06MapPrecond_Increment val inv1 (_x : borrowed u) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../06_map_precond.rs" 1 0 1 0] forall x : borrowed u . inv1 x = true + axiom inv1 : forall x : borrowed u . inv1 x = true use C06MapPrecond_Map_Type as C06MapPrecond_Map_Type predicate inv0 (_x : C06MapPrecond_Map_Type.t_map u uint32 (C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u) uint32) @@ -2431,13 +2432,13 @@ module C06MapPrecond_Increment predicate unnest0 [#"../06_map_precond.rs" 190 8 190 35] (self : C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u) (_2 : C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u) = - [#"../06_map_precond.rs" 1 0 1 0] true + true use prelude.UInt32 use prelude.Int predicate postcondition_mut0 [#"../06_map_precond.rs" 190 8 190 35] (self : borrowed (C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u)) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) = - [#"../06_map_precond.rs" 1 0 1 0] (let (x, _3) = args in UInt32.to_int result = UInt32.to_int x + 1) /\ unnest0 ( * self) ( ^ self) + (let (x, _3) = args in UInt32.to_int result = UInt32.to_int x + 1) /\ unnest0 ( * self) ( ^ self) predicate precondition0 [#"../06_map_precond.rs" 190 8 190 35] (self : C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) = @@ -2528,7 +2529,7 @@ module C06MapPrecond_Increment val invariant0 [#"../06_map_precond.rs" 158 4 158 30] (self : C06MapPrecond_Map_Type.t_map u uint32 (C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u) uint32) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../06_map_precond.rs" 1 0 1 0] forall x : C06MapPrecond_Map_Type.t_map u uint32 (C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u) uint32 . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : C06MapPrecond_Map_Type.t_map u uint32 (C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u) uint32 . inv0 x = (invariant0 x /\ match x with | C06MapPrecond_Map_Type.C_Map iter func produced -> true end) predicate resolve0 (self : C06MapPrecond_Map_Type.t_map u uint32 (C06MapPrecond_Increment_Closure2.c06mapprecond_increment_closure2 u) uint32) @@ -2561,8 +2562,8 @@ module C06MapPrecond_Increment goto BB1 } BB1 { - i <- ([#"../06_map_precond.rs" 187 12 192 5] map0 iter ([#"../06_map_precond.rs" 190 8 190 35] C06MapPrecond_Increment_Closure2.C06MapPrecond_Increment_Closure2)); - iter <- any u; + [#"../06_map_precond.rs" 187 12 192 5] i <- ([#"../06_map_precond.rs" 187 12 192 5] map0 ([#"../06_map_precond.rs" 188 8 188 12] iter) ([#"../06_map_precond.rs" 190 8 190 35] C06MapPrecond_Increment_Closure2.C06MapPrecond_Increment_Closure2)); + [#"../06_map_precond.rs" 188 8 188 12] iter <- any u; goto BB2 } BB2 { @@ -2572,7 +2573,7 @@ module C06MapPrecond_Increment goto BB3 } BB3 { - _0 <- ([#"../06_map_precond.rs" 186 51 198 1] ()); + [#"../06_map_precond.rs" 186 51 198 1] _0 <- ([#"../06_map_precond.rs" 186 51 198 1] ()); goto BB4 } BB4 { @@ -2608,14 +2609,14 @@ module C06MapPrecond_Counter_Closure2 function field_00 [#"../06_map_precond.rs" 207 8 207 41] (self : C06MapPrecond_Counter_Closure2.c06mapprecond_counter_closure2 i) : borrowed usize = - [#"../06_map_precond.rs" 1 0 1 0] let C06MapPrecond_Counter_Closure2.C06MapPrecond_Counter_Closure2 a = self in a + let C06MapPrecond_Counter_Closure2.C06MapPrecond_Counter_Closure2 a = self in a val field_00 [#"../06_map_precond.rs" 207 8 207 41] (self : C06MapPrecond_Counter_Closure2.c06mapprecond_counter_closure2 i) : borrowed usize ensures { result = field_00 self } predicate unnest0 [#"../06_map_precond.rs" 207 8 207 41] (self : C06MapPrecond_Counter_Closure2.c06mapprecond_counter_closure2 i) (_2 : C06MapPrecond_Counter_Closure2.c06mapprecond_counter_closure2 i) = - [#"../06_map_precond.rs" 1 0 1 0] ^ field_00 _2 = ^ field_00 self + ^ field_00 _2 = ^ field_00 self let constant max0 : usize = [@vc:do_not_keep_trace] [@vc:sp] (18446744073709551615 : usize) use seq.Seq @@ -2629,7 +2630,7 @@ module C06MapPrecond_Counter_Closure2 let rec cfg c06MapPrecond_Counter_Closure2 [#"../06_map_precond.rs" 207 8 207 41] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : borrowed (C06MapPrecond_Counter_Closure2.c06mapprecond_counter_closure2 i)) (x : uint32) (_prod : Ghost.ghost_ty (Seq.seq uint32)) : uint32 requires {[#"../06_map_precond.rs" 206 19 206 61] UIntSize.to_int ( * field_00 ( * _1)) = Seq.length (Ghost.inner _prod) /\ * field_00 ( * _1) < max0} ensures { [#"../06_map_precond.rs" 207 18 207 39] UIntSize.to_int ( * field_00 ( ^ _1)) = UIntSize.to_int ( * field_00 ( * _1)) + 1 } - ensures { [#"../06_map_precond.rs" 1 0 1 0] unnest0 ( * _1) ( ^ _1) } + ensures { unnest0 ( * _1) ( ^ _1) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : uint32; @@ -2641,11 +2642,11 @@ module C06MapPrecond_Counter_Closure2 goto BB0 } BB0 { - _1 <- { _1 with current = (let C06MapPrecond_Counter_Closure2.C06MapPrecond_Counter_Closure2 x0 = * _1 in C06MapPrecond_Counter_Closure2.C06MapPrecond_Counter_Closure2 ({ (field_00 ( * _1)) with current = ([#"../06_map_precond.rs" 209 12 209 20] * field_00 ( * _1) + ([#"../06_map_precond.rs" 209 19 209 20] [#"../06_map_precond.rs" 209 19 209 20] (1 : usize))) })) }; + [#"../06_map_precond.rs" 209 12 209 20] _1 <- { _1 with current = (let C06MapPrecond_Counter_Closure2.C06MapPrecond_Counter_Closure2 x0 = * _1 in C06MapPrecond_Counter_Closure2.C06MapPrecond_Counter_Closure2 ({ (field_00 ( * _1)) with current = ([#"../06_map_precond.rs" 209 12 209 20] * field_00 ( * _1) + ([#"../06_map_precond.rs" 209 19 209 20] [#"../06_map_precond.rs" 209 19 209 20] (1 : usize))) })) }; assume { resolve0 _1 }; - res1 <- x; - res <- res1; - _0 <- res; + [#"../06_map_precond.rs" 210 12 210 13] res1 <- ([#"../06_map_precond.rs" 210 12 210 13] x); + [#"../06_map_precond.rs" 206 8 206 63] res <- ([#"../06_map_precond.rs" 206 8 206 63] res1); + [#"../06_map_precond.rs" 207 8 207 41] _0 <- ([#"../06_map_precond.rs" 207 8 207 41] res); return _0 } @@ -2664,7 +2665,7 @@ module C06MapPrecond_Counter val inv7 (_x : Ghost.ghost_ty (Seq.seq uint32)) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Ghost.ghost_ty (Seq.seq uint32) . inv7 x = true + axiom inv7 : forall x : Ghost.ghost_ty (Seq.seq uint32) . inv7 x = true predicate invariant6 (self : Seq.seq uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant6 (self : Seq.seq uint32) : bool @@ -2674,7 +2675,7 @@ module C06MapPrecond_Counter val inv6 (_x : Seq.seq uint32) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Seq.seq uint32 . inv6 x = true + axiom inv6 : forall x : Seq.seq uint32 . inv6 x = true use prelude.UIntSize use prelude.Int16 use prelude.Borrow @@ -2688,7 +2689,7 @@ module C06MapPrecond_Counter val inv5 (_x : borrowed (C06MapPrecond_Counter_Closure2.c06mapprecond_counter_closure2 i)) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../06_map_precond.rs" 1 0 1 0] forall x : borrowed (C06MapPrecond_Counter_Closure2.c06mapprecond_counter_closure2 i) . inv5 x = true + axiom inv5 : forall x : borrowed (C06MapPrecond_Counter_Closure2.c06mapprecond_counter_closure2 i) . inv5 x = true predicate invariant4 (self : C06MapPrecond_Counter_Closure2.c06mapprecond_counter_closure2 i) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant4 (self : C06MapPrecond_Counter_Closure2.c06mapprecond_counter_closure2 i) : bool @@ -2698,7 +2699,7 @@ module C06MapPrecond_Counter val inv4 (_x : C06MapPrecond_Counter_Closure2.c06mapprecond_counter_closure2 i) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../06_map_precond.rs" 1 0 1 0] forall x : C06MapPrecond_Counter_Closure2.c06mapprecond_counter_closure2 i . inv4 x = true + axiom inv4 : forall x : C06MapPrecond_Counter_Closure2.c06mapprecond_counter_closure2 i . inv4 x = true predicate invariant3 (self : uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : uint32) : bool @@ -2708,7 +2709,7 @@ module C06MapPrecond_Counter val inv3 (_x : uint32) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../06_map_precond.rs" 1 0 1 0] forall x : uint32 . inv3 x = true + axiom inv3 : forall x : uint32 . inv3 x = true predicate invariant2 (self : i) val invariant2 (self : i) : bool ensures { result = invariant2 self } @@ -2717,7 +2718,7 @@ module C06MapPrecond_Counter val inv2 (_x : i) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../06_map_precond.rs" 1 0 1 0] forall x : i . inv2 x = true + axiom inv2 : forall x : i . inv2 x = true use seq.Seq predicate produces0 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq uint32) (_o : i) val produces0 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq uint32) (_o : i) : bool @@ -2751,7 +2752,7 @@ module C06MapPrecond_Counter val inv1 (_x : borrowed i) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../06_map_precond.rs" 1 0 1 0] forall x : borrowed i . inv1 x = true + axiom inv1 : forall x : borrowed i . inv1 x = true use prelude.Int let constant max0 : usize = [@vc:do_not_keep_trace] [@vc:sp] (18446744073709551615 : usize) @@ -2761,7 +2762,7 @@ module C06MapPrecond_Counter function field_00 [#"../06_map_precond.rs" 207 8 207 41] (self : C06MapPrecond_Counter_Closure2.c06mapprecond_counter_closure2 i) : borrowed usize = - [#"../06_map_precond.rs" 1 0 1 0] let C06MapPrecond_Counter_Closure2.C06MapPrecond_Counter_Closure2 a = self in a + let C06MapPrecond_Counter_Closure2.C06MapPrecond_Counter_Closure2 a = self in a val field_00 [#"../06_map_precond.rs" 207 8 207 41] (self : C06MapPrecond_Counter_Closure2.c06mapprecond_counter_closure2 i) : borrowed usize ensures { result = field_00 self } @@ -2781,11 +2782,11 @@ module C06MapPrecond_Counter predicate unnest0 [#"../06_map_precond.rs" 207 8 207 41] (self : C06MapPrecond_Counter_Closure2.c06mapprecond_counter_closure2 i) (_2 : C06MapPrecond_Counter_Closure2.c06mapprecond_counter_closure2 i) = - [#"../06_map_precond.rs" 1 0 1 0] ^ field_00 _2 = ^ field_00 self + ^ field_00 _2 = ^ field_00 self predicate postcondition_mut0 [#"../06_map_precond.rs" 207 8 207 41] (self : borrowed (C06MapPrecond_Counter_Closure2.c06mapprecond_counter_closure2 i)) (args : (uint32, Ghost.ghost_ty (Seq.seq uint32))) (result : uint32) = - [#"../06_map_precond.rs" 1 0 1 0] (let (x, _prod) = args in UIntSize.to_int ( * field_00 ( ^ self)) = UIntSize.to_int ( * field_00 ( * self)) + 1) /\ unnest0 ( * self) ( ^ self) + (let (x, _prod) = args in UIntSize.to_int ( * field_00 ( ^ self)) = UIntSize.to_int ( * field_00 ( * self)) + 1) /\ unnest0 ( * self) ( ^ self) use seq.Seq predicate preservation0 [#"../06_map_precond.rs" 106 4 106 45] (iter : i) (func : C06MapPrecond_Counter_Closure2.c06mapprecond_counter_closure2 i) @@ -2827,7 +2828,7 @@ module C06MapPrecond_Counter val inv0 (_x : C06MapPrecond_Map_Type.t_map i uint32 (C06MapPrecond_Counter_Closure2.c06mapprecond_counter_closure2 i) uint32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../06_map_precond.rs" 1 0 1 0] forall x : C06MapPrecond_Map_Type.t_map i uint32 (C06MapPrecond_Counter_Closure2.c06mapprecond_counter_closure2 i) uint32 . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : C06MapPrecond_Map_Type.t_map i uint32 (C06MapPrecond_Counter_Closure2.c06mapprecond_counter_closure2 i) uint32 . inv0 x = (invariant0 x /\ match x with | C06MapPrecond_Map_Type.C_Map iter func produced -> true end) predicate resolve0 (self : C06MapPrecond_Map_Type.t_map i uint32 (C06MapPrecond_Counter_Closure2.c06mapprecond_counter_closure2 i) uint32) @@ -2862,11 +2863,11 @@ module C06MapPrecond_Counter goto BB1 } BB1 { - cnt <- ([#"../06_map_precond.rs" 203 18 203 19] [#"../06_map_precond.rs" 203 18 203 19] (0 : usize)); - _8 <- Borrow.borrow_mut cnt; - cnt <- ^ _8; - _5 <- ([#"../06_map_precond.rs" 204 4 212 5] map0 iter ([#"../06_map_precond.rs" 207 8 207 41] C06MapPrecond_Counter_Closure2.C06MapPrecond_Counter_Closure2 _8)); - iter <- any i; + [#"../06_map_precond.rs" 203 18 203 19] cnt <- ([#"../06_map_precond.rs" 203 18 203 19] [#"../06_map_precond.rs" 203 18 203 19] (0 : usize)); + [#"../06_map_precond.rs" 207 8 207 41] _8 <- Borrow.borrow_mut cnt; + [#"../06_map_precond.rs" 207 8 207 41] cnt <- ^ _8; + [#"../06_map_precond.rs" 204 4 212 5] _5 <- ([#"../06_map_precond.rs" 204 4 212 5] map0 ([#"../06_map_precond.rs" 205 8 205 12] iter) ([#"../06_map_precond.rs" 207 8 207 41] C06MapPrecond_Counter_Closure2.C06MapPrecond_Counter_Closure2 _8)); + [#"../06_map_precond.rs" 205 8 205 12] iter <- any i; _8 <- any borrowed usize; goto BB2 } @@ -2876,7 +2877,7 @@ module C06MapPrecond_Counter goto BB3 } BB3 { - _0 <- ([#"../06_map_precond.rs" 202 49 213 1] ()); + [#"../06_map_precond.rs" 202 49 213 1] _0 <- ([#"../06_map_precond.rs" 202 49 213 1] ()); goto BB4 } BB4 { @@ -2897,7 +2898,7 @@ module C06MapPrecond_Impl0 val inv12 (_x : borrowed i) : bool ensures { result = inv12 _x } - axiom inv12 : [#"../06_map_precond.rs" 1 0 1 0] forall x : borrowed i . inv12 x = true + axiom inv12 : forall x : borrowed i . inv12 x = true type item0 use seq.Seq use prelude.Ghost @@ -2909,7 +2910,7 @@ module C06MapPrecond_Impl0 val inv11 (_x : Ghost.ghost_ty (Seq.seq item0)) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Ghost.ghost_ty (Seq.seq item0) . inv11 x = true + axiom inv11 : forall x : Ghost.ghost_ty (Seq.seq item0) . inv11 x = true predicate invariant10 (self : f) val invariant10 (self : f) : bool ensures { result = invariant10 self } @@ -2918,7 +2919,7 @@ module C06MapPrecond_Impl0 val inv10 (_x : f) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../06_map_precond.rs" 1 0 1 0] forall x : f . inv10 x = true + axiom inv10 : forall x : f . inv10 x = true predicate invariant9 (self : i) val invariant9 (self : i) : bool ensures { result = invariant9 self } @@ -2927,7 +2928,7 @@ module C06MapPrecond_Impl0 val inv9 (_x : i) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../06_map_precond.rs" 1 0 1 0] forall x : i . inv9 x = true + axiom inv9 : forall x : i . inv9 x = true predicate invariant8 (self : item0) val invariant8 (self : item0) : bool ensures { result = invariant8 self } @@ -2936,7 +2937,7 @@ module C06MapPrecond_Impl0 val inv8 (_x : item0) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../06_map_precond.rs" 1 0 1 0] forall x : item0 . inv8 x = true + axiom inv8 : forall x : item0 . inv8 x = true predicate invariant7 (self : borrowed f) val invariant7 (self : borrowed f) : bool ensures { result = invariant7 self } @@ -2945,7 +2946,7 @@ module C06MapPrecond_Impl0 val inv7 (_x : borrowed f) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../06_map_precond.rs" 1 0 1 0] forall x : borrowed f . inv7 x = true + axiom inv7 : forall x : borrowed f . inv7 x = true predicate invariant6 (self : b) val invariant6 (self : b) : bool ensures { result = invariant6 self } @@ -2954,7 +2955,7 @@ module C06MapPrecond_Impl0 val inv6 (_x : b) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../06_map_precond.rs" 1 0 1 0] forall x : b . inv6 x = true + axiom inv6 : forall x : b . inv6 x = true predicate invariant5 (self : Seq.seq (borrowed f)) val invariant5 (self : Seq.seq (borrowed f)) : bool ensures { result = invariant5 self } @@ -2963,7 +2964,7 @@ module C06MapPrecond_Impl0 val inv5 (_x : Seq.seq (borrowed f)) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Seq.seq (borrowed f) . inv5 x = true + axiom inv5 : forall x : Seq.seq (borrowed f) . inv5 x = true predicate invariant4 (self : Seq.seq item0) val invariant4 (self : Seq.seq item0) : bool ensures { result = invariant4 self } @@ -2972,7 +2973,7 @@ module C06MapPrecond_Impl0 val inv4 (_x : Seq.seq item0) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Seq.seq item0 . inv4 x = true + axiom inv4 : forall x : Seq.seq item0 . inv4 x = true predicate invariant3 (self : Seq.seq b) val invariant3 (self : Seq.seq b) : bool ensures { result = invariant3 self } @@ -2981,7 +2982,7 @@ module C06MapPrecond_Impl0 val inv3 (_x : Seq.seq b) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Seq.seq b . inv3 x = true + axiom inv3 : forall x : Seq.seq b . inv3 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant2 (self : Core_Option_Option_Type.t_option b) val invariant2 (self : Core_Option_Option_Type.t_option b) : bool @@ -2991,7 +2992,7 @@ module C06MapPrecond_Impl0 val inv2 (_x : Core_Option_Option_Type.t_option b) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../06_map_precond.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option b . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option b . inv2 x = true use C06MapPrecond_Map_Type as C06MapPrecond_Map_Type predicate invariant1 (self : borrowed (C06MapPrecond_Map_Type.t_map i b f item0)) val invariant1 (self : borrowed (C06MapPrecond_Map_Type.t_map i b f item0)) : bool @@ -3005,7 +3006,7 @@ module C06MapPrecond_Impl0 val inv1 (_x : borrowed (C06MapPrecond_Map_Type.t_map i b f item0)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../06_map_precond.rs" 1 0 1 0] forall x : borrowed (C06MapPrecond_Map_Type.t_map i b f item0) . inv1 x = (inv0 ( * x) /\ inv0 ( ^ x)) + axiom inv1 : forall x : borrowed (C06MapPrecond_Map_Type.t_map i b f item0) . inv1 x = (inv0 ( * x) /\ inv0 ( ^ x)) predicate precondition0 (self : f) (_2 : (item0, Ghost.ghost_ty (Seq.seq item0))) val precondition0 (self : f) (_2 : (item0, Ghost.ghost_ty (Seq.seq item0))) : bool ensures { result = precondition0 self _2 } @@ -3061,7 +3062,7 @@ module C06MapPrecond_Impl0 val invariant0 [#"../06_map_precond.rs" 158 4 158 30] (self : C06MapPrecond_Map_Type.t_map i b f item0) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../06_map_precond.rs" 1 0 1 0] forall x : C06MapPrecond_Map_Type.t_map i b f item0 . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : C06MapPrecond_Map_Type.t_map i b f item0 . inv0 x = (invariant0 x /\ match x with | C06MapPrecond_Map_Type.C_Map iter func produced -> true end) use seq.Seq diff --git a/creusot/tests/should_succeed/iterators/07_fuse.mlcfg b/creusot/tests/should_succeed/iterators/07_fuse.mlcfg index d0fe23862b..cb3a31d5f6 100644 --- a/creusot/tests/should_succeed/iterators/07_fuse.mlcfg +++ b/creusot/tests/should_succeed/iterators/07_fuse.mlcfg @@ -32,7 +32,7 @@ module C07Fuse_Impl0_Next val inv6 (_x : Seq.seq item0) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../07_fuse.rs" 1 0 1 0] forall x : Seq.seq item0 . inv6 x = true + axiom inv6 : forall x : Seq.seq item0 . inv6 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant5 (self : Core_Option_Option_Type.t_option item0) val invariant5 (self : Core_Option_Option_Type.t_option item0) : bool @@ -42,7 +42,7 @@ module C07Fuse_Impl0_Next val inv5 (_x : Core_Option_Option_Type.t_option item0) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../07_fuse.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option item0 . inv5 x = true + axiom inv5 : forall x : Core_Option_Option_Type.t_option item0 . inv5 x = true use prelude.Borrow predicate invariant4 (self : borrowed i) val invariant4 (self : borrowed i) : bool @@ -52,7 +52,7 @@ module C07Fuse_Impl0_Next val inv4 (_x : borrowed i) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../07_fuse.rs" 1 0 1 0] forall x : borrowed i . inv4 x = true + axiom inv4 : forall x : borrowed i . inv4 x = true use seq.Seq predicate inv3 (_x : i) val inv3 (_x : i) : bool @@ -86,7 +86,7 @@ module C07Fuse_Impl0_Next val invariant3 (self : i) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../07_fuse.rs" 1 0 1 0] forall x : i . inv3 x = true + axiom inv3 : forall x : i . inv3 x = true use C07Fuse_Fuse_Type as C07Fuse_Fuse_Type predicate invariant2 (self : borrowed (C07Fuse_Fuse_Type.t_fuse i)) val invariant2 (self : borrowed (C07Fuse_Fuse_Type.t_fuse i)) : bool @@ -96,7 +96,7 @@ module C07Fuse_Impl0_Next val inv2 (_x : borrowed (C07Fuse_Fuse_Type.t_fuse i)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../07_fuse.rs" 1 0 1 0] forall x : borrowed (C07Fuse_Fuse_Type.t_fuse i) . inv2 x = true + axiom inv2 : forall x : borrowed (C07Fuse_Fuse_Type.t_fuse i) . inv2 x = true predicate invariant1 (self : borrowed (Core_Option_Option_Type.t_option i)) val invariant1 (self : borrowed (Core_Option_Option_Type.t_option i)) : bool ensures { result = invariant1 self } @@ -105,7 +105,7 @@ module C07Fuse_Impl0_Next val inv1 (_x : borrowed (Core_Option_Option_Type.t_option i)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../07_fuse.rs" 1 0 1 0] forall x : borrowed (Core_Option_Option_Type.t_option i) . inv1 x = true + axiom inv1 : forall x : borrowed (Core_Option_Option_Type.t_option i) . inv1 x = true predicate invariant0 (self : Core_Option_Option_Type.t_option i) val invariant0 (self : Core_Option_Option_Type.t_option i) : bool ensures { result = invariant0 self } @@ -114,7 +114,7 @@ module C07Fuse_Impl0_Next val inv0 (_x : Core_Option_Option_Type.t_option i) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../07_fuse.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option i . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option i . inv0 x = true predicate produces0 [#"../07_fuse.rs" 25 4 25 65] (self : C07Fuse_Fuse_Type.t_fuse i) (prod : Seq.seq item0) (other : C07Fuse_Fuse_Type.t_fuse i) = @@ -189,8 +189,8 @@ module C07Fuse_Impl0_Next goto BB0 } BB0 { - _3 <- Borrow.borrow_mut (C07Fuse_Fuse_Type.fuse_iter ( * self)); - self <- { self with current = (let C07Fuse_Fuse_Type.C_Fuse x0 = * self in C07Fuse_Fuse_Type.C_Fuse ( ^ _3)) }; + [#"../07_fuse.rs" 40 14 40 28] _3 <- Borrow.borrow_mut (C07Fuse_Fuse_Type.fuse_iter ( * self)); + [#"../07_fuse.rs" 40 14 40 28] self <- { self with current = (let C07Fuse_Fuse_Type.C_Fuse x0 = * self in C07Fuse_Fuse_Type.C_Fuse ( ^ _3)) }; assume { inv0 ( ^ _3) }; switch ( * _3) | Core_Option_Option_Type.C_None -> goto BB1 @@ -201,13 +201,13 @@ module C07Fuse_Impl0_Next goto BB4 } BB2 { - iter <- Borrow.borrow_mut (Core_Option_Option_Type.some_0 ( * _3)); - _3 <- { _3 with current = (let Core_Option_Option_Type.C_Some x0 = * _3 in Core_Option_Option_Type.C_Some ( ^ iter)) }; + [#"../07_fuse.rs" 42 17 42 21] iter <- Borrow.borrow_mut (Core_Option_Option_Type.some_0 ( * _3)); + [#"../07_fuse.rs" 42 17 42 21] _3 <- { _3 with current = (let Core_Option_Option_Type.C_Some x0 = * _3 in Core_Option_Option_Type.C_Some ( ^ iter)) }; assume { inv3 ( ^ iter) }; - _7 <- Borrow.borrow_mut ( * iter); - iter <- { iter with current = ^ _7 }; + [#"../07_fuse.rs" 42 32 42 43] _7 <- Borrow.borrow_mut ( * iter); + [#"../07_fuse.rs" 42 32 42 43] iter <- { iter with current = ^ _7 }; assume { inv3 ( ^ _7) }; - _6 <- ([#"../07_fuse.rs" 42 32 42 43] next0 _7); + [#"../07_fuse.rs" 42 32 42 43] _6 <- ([#"../07_fuse.rs" 42 32 42 43] next0 _7); _7 <- any borrowed i; goto BB5 } @@ -216,12 +216,13 @@ module C07Fuse_Impl0_Next assume { resolve0 _3 }; assert { [@expl:type invariant] inv2 self }; assume { resolve1 self }; + assert { [#"../07_fuse.rs" 40 14 40 28] false }; absurd } BB4 { assert { [@expl:type invariant] inv1 _3 }; assume { resolve0 _3 }; - _0 <- ([#"../07_fuse.rs" 41 20 41 24] Core_Option_Option_Type.C_None); + [#"../07_fuse.rs" 41 20 41 24] _0 <- ([#"../07_fuse.rs" 41 20 41 24] Core_Option_Option_Type.C_None); assert { [@expl:type invariant] inv2 self }; assume { resolve1 self }; goto BB15 @@ -242,10 +243,10 @@ module C07Fuse_Impl0_Next BB7 { assert { [@expl:type invariant] inv2 self }; assume { resolve1 self }; - x <- _6; - _6 <- any Core_Option_Option_Type.t_option item0; - _0 <- x; - x <- any Core_Option_Option_Type.t_option item0; + [#"../07_fuse.rs" 47 16 47 17] x <- ([#"../07_fuse.rs" 47 16 47 17] _6); + [#"../07_fuse.rs" 47 16 47 17] _6 <- any Core_Option_Option_Type.t_option item0; + [#"../07_fuse.rs" 47 21 47 22] _0 <- ([#"../07_fuse.rs" 47 21 47 22] x); + [#"../07_fuse.rs" 47 21 47 22] x <- any Core_Option_Option_Type.t_option item0; goto BB12 } BB8 { @@ -254,7 +255,7 @@ module C07Fuse_Impl0_Next goto BB9 } BB9 { - self <- { self with current = (let C07Fuse_Fuse_Type.C_Fuse x0 = * self in C07Fuse_Fuse_Type.C_Fuse ([#"../07_fuse.rs" 44 32 44 36] Core_Option_Option_Type.C_None)) }; + [#"../07_fuse.rs" 44 20 44 29] self <- { self with current = (let C07Fuse_Fuse_Type.C_Fuse x0 = * self in C07Fuse_Fuse_Type.C_Fuse ([#"../07_fuse.rs" 44 32 44 36] Core_Option_Option_Type.C_None)) }; assert { [@expl:type invariant] inv0 (C07Fuse_Fuse_Type.fuse_iter ( * self)) }; assume { resolve4 (C07Fuse_Fuse_Type.fuse_iter ( * self)) }; assert { [@expl:type invariant] inv2 self }; @@ -262,7 +263,7 @@ module C07Fuse_Impl0_Next goto BB11 } BB11 { - _0 <- ([#"../07_fuse.rs" 45 20 45 24] Core_Option_Option_Type.C_None); + [#"../07_fuse.rs" 45 20 45 24] _0 <- ([#"../07_fuse.rs" 45 20 45 24] Core_Option_Option_Type.C_None); goto BB13 } BB12 { @@ -291,7 +292,7 @@ module C07Fuse_Impl0_ProducesRefl_Impl val inv2 (_x : Seq.seq item0) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../07_fuse.rs" 1 0 1 0] forall x : Seq.seq item0 . inv2 x = true + axiom inv2 : forall x : Seq.seq item0 . inv2 x = true predicate invariant1 (self : i) val invariant1 (self : i) : bool ensures { result = invariant1 self } @@ -300,7 +301,7 @@ module C07Fuse_Impl0_ProducesRefl_Impl val inv1 (_x : i) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../07_fuse.rs" 1 0 1 0] forall x : i . inv1 x = true + axiom inv1 : forall x : i . inv1 x = true use seq.Seq predicate produces1 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) val produces1 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) : bool @@ -335,7 +336,7 @@ module C07Fuse_Impl0_ProducesRefl_Impl val inv0 (_x : C07Fuse_Fuse_Type.t_fuse i) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../07_fuse.rs" 1 0 1 0] forall x : C07Fuse_Fuse_Type.t_fuse i . inv0 x = true + axiom inv0 : forall x : C07Fuse_Fuse_Type.t_fuse i . inv0 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate produces0 [#"../07_fuse.rs" 25 4 25 65] (self : C07Fuse_Fuse_Type.t_fuse i) (prod : Seq.seq item0) (other : C07Fuse_Fuse_Type.t_fuse i) @@ -367,7 +368,7 @@ module C07Fuse_Impl0_ProducesTrans_Impl val inv2 (_x : i) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../07_fuse.rs" 1 0 1 0] forall x : i . inv2 x = true + axiom inv2 : forall x : i . inv2 x = true type item0 use seq.Seq use seq.Seq @@ -403,7 +404,7 @@ module C07Fuse_Impl0_ProducesTrans_Impl val invariant1 (self : Seq.seq item0) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../07_fuse.rs" 1 0 1 0] forall x : Seq.seq item0 . inv1 x = true + axiom inv1 : forall x : Seq.seq item0 . inv1 x = true use C07Fuse_Fuse_Type as C07Fuse_Fuse_Type predicate invariant0 (self : C07Fuse_Fuse_Type.t_fuse i) val invariant0 (self : C07Fuse_Fuse_Type.t_fuse i) : bool @@ -413,7 +414,7 @@ module C07Fuse_Impl0_ProducesTrans_Impl val inv0 (_x : C07Fuse_Fuse_Type.t_fuse i) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../07_fuse.rs" 1 0 1 0] forall x : C07Fuse_Fuse_Type.t_fuse i . inv0 x = true + axiom inv0 : forall x : C07Fuse_Fuse_Type.t_fuse i . inv0 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate produces0 [#"../07_fuse.rs" 25 4 25 65] (self : C07Fuse_Fuse_Type.t_fuse i) (prod : Seq.seq item0) (other : C07Fuse_Fuse_Type.t_fuse i) @@ -451,7 +452,7 @@ module C07Fuse_Impl1_IsFused_Impl val inv4 (_x : i) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../07_fuse.rs" 1 0 1 0] forall x : i . inv4 x = true + axiom inv4 : forall x : i . inv4 x = true use prelude.Borrow predicate invariant3 (self : borrowed i) val invariant3 (self : borrowed i) : bool @@ -461,7 +462,7 @@ module C07Fuse_Impl1_IsFused_Impl val inv3 (_x : borrowed i) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../07_fuse.rs" 1 0 1 0] forall x : borrowed i . inv3 x = true + axiom inv3 : forall x : borrowed i . inv3 x = true type item0 use seq.Seq use seq.Seq @@ -502,12 +503,12 @@ module C07Fuse_Impl1_IsFused_Impl val inv2 (_x : C07Fuse_Fuse_Type.t_fuse i) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../07_fuse.rs" 1 0 1 0] forall x : C07Fuse_Fuse_Type.t_fuse i . inv2 x = true + axiom inv2 : forall x : C07Fuse_Fuse_Type.t_fuse i . inv2 x = true predicate invariant1 (self : Seq.seq item0) val invariant1 (self : Seq.seq item0) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../07_fuse.rs" 1 0 1 0] forall x : Seq.seq item0 . inv1 x = true + axiom inv1 : forall x : Seq.seq item0 . inv1 x = true predicate invariant0 (self : borrowed (C07Fuse_Fuse_Type.t_fuse i)) val invariant0 (self : borrowed (C07Fuse_Fuse_Type.t_fuse i)) : bool ensures { result = invariant0 self } @@ -516,7 +517,7 @@ module C07Fuse_Impl1_IsFused_Impl val inv0 (_x : borrowed (C07Fuse_Fuse_Type.t_fuse i)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../07_fuse.rs" 1 0 1 0] forall x : borrowed (C07Fuse_Fuse_Type.t_fuse i) . inv0 x = true + axiom inv0 : forall x : borrowed (C07Fuse_Fuse_Type.t_fuse i) . inv0 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate produces0 [#"../07_fuse.rs" 25 4 25 65] (self : C07Fuse_Fuse_Type.t_fuse i) (prod : Seq.seq item0) (other : C07Fuse_Fuse_Type.t_fuse i) @@ -584,7 +585,7 @@ module C07Fuse_Impl0 val inv4 (_x : borrowed i) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../07_fuse.rs" 1 0 1 0] forall x : borrowed i . inv4 x = true + axiom inv4 : forall x : borrowed i . inv4 x = true type item0 use seq.Seq predicate invariant3 (self : Seq.seq item0) @@ -595,7 +596,7 @@ module C07Fuse_Impl0 val inv3 (_x : Seq.seq item0) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../07_fuse.rs" 1 0 1 0] forall x : Seq.seq item0 . inv3 x = true + axiom inv3 : forall x : Seq.seq item0 . inv3 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant2 (self : Core_Option_Option_Type.t_option item0) val invariant2 (self : Core_Option_Option_Type.t_option item0) : bool @@ -605,7 +606,7 @@ module C07Fuse_Impl0 val inv2 (_x : Core_Option_Option_Type.t_option item0) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../07_fuse.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option item0 . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option item0 . inv2 x = true use C07Fuse_Fuse_Type as C07Fuse_Fuse_Type predicate invariant1 (self : borrowed (C07Fuse_Fuse_Type.t_fuse i)) val invariant1 (self : borrowed (C07Fuse_Fuse_Type.t_fuse i)) : bool @@ -615,7 +616,7 @@ module C07Fuse_Impl0 val inv1 (_x : borrowed (C07Fuse_Fuse_Type.t_fuse i)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../07_fuse.rs" 1 0 1 0] forall x : borrowed (C07Fuse_Fuse_Type.t_fuse i) . inv1 x = true + axiom inv1 : forall x : borrowed (C07Fuse_Fuse_Type.t_fuse i) . inv1 x = true predicate invariant0 (self : C07Fuse_Fuse_Type.t_fuse i) val invariant0 (self : C07Fuse_Fuse_Type.t_fuse i) : bool ensures { result = invariant0 self } @@ -624,7 +625,7 @@ module C07Fuse_Impl0 val inv0 (_x : C07Fuse_Fuse_Type.t_fuse i) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../07_fuse.rs" 1 0 1 0] forall x : C07Fuse_Fuse_Type.t_fuse i . inv0 x = true + axiom inv0 : forall x : C07Fuse_Fuse_Type.t_fuse i . inv0 x = true use seq.Seq use seq.Seq predicate completed1 [#"../common.rs" 11 4 11 36] (self : borrowed i) @@ -676,7 +677,7 @@ module C07Fuse_Impl1 val inv3 (_x : borrowed i) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../07_fuse.rs" 1 0 1 0] forall x : borrowed i . inv3 x = true + axiom inv3 : forall x : borrowed i . inv3 x = true use C07Fuse_Fuse_Type as C07Fuse_Fuse_Type predicate invariant2 (self : borrowed (C07Fuse_Fuse_Type.t_fuse i)) val invariant2 (self : borrowed (C07Fuse_Fuse_Type.t_fuse i)) : bool @@ -686,7 +687,7 @@ module C07Fuse_Impl1 val inv2 (_x : borrowed (C07Fuse_Fuse_Type.t_fuse i)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../07_fuse.rs" 1 0 1 0] forall x : borrowed (C07Fuse_Fuse_Type.t_fuse i) . inv2 x = true + axiom inv2 : forall x : borrowed (C07Fuse_Fuse_Type.t_fuse i) . inv2 x = true type item0 use seq.Seq predicate invariant1 (self : Seq.seq item0) @@ -697,7 +698,7 @@ module C07Fuse_Impl1 val inv1 (_x : Seq.seq item0) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../07_fuse.rs" 1 0 1 0] forall x : Seq.seq item0 . inv1 x = true + axiom inv1 : forall x : Seq.seq item0 . inv1 x = true predicate invariant0 (self : C07Fuse_Fuse_Type.t_fuse i) val invariant0 (self : C07Fuse_Fuse_Type.t_fuse i) : bool ensures { result = invariant0 self } @@ -706,7 +707,7 @@ module C07Fuse_Impl1 val inv0 (_x : C07Fuse_Fuse_Type.t_fuse i) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../07_fuse.rs" 1 0 1 0] forall x : C07Fuse_Fuse_Type.t_fuse i . inv0 x = true + axiom inv0 : forall x : C07Fuse_Fuse_Type.t_fuse i . inv0 x = true use seq.Seq use seq.Seq predicate completed1 [#"../common.rs" 11 4 11 36] (self : borrowed i) diff --git a/creusot/tests/should_succeed/iterators/08_collect_extend.mlcfg b/creusot/tests/should_succeed/iterators/08_collect_extend.mlcfg index 44fc8afe17..42933b799e 100644 --- a/creusot/tests/should_succeed/iterators/08_collect_extend.mlcfg +++ b/creusot/tests/should_succeed/iterators/08_collect_extend.mlcfg @@ -60,7 +60,7 @@ module C08CollectExtend_Extend val inv9 (_x : t) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : t . inv9 x = true + axiom inv9 : forall x : t . inv9 x = true use seq.Seq predicate invariant8 (self : Seq.seq t) val invariant8 (self : Seq.seq t) : bool @@ -70,7 +70,7 @@ module C08CollectExtend_Extend val inv8 (_x : Seq.seq t) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : Seq.seq t . inv8 x = true + axiom inv8 : forall x : Seq.seq t . inv8 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Borrow @@ -82,7 +82,7 @@ module C08CollectExtend_Extend val inv7 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv7 x = true + axiom inv7 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv7 x = true use prelude.UIntSize use prelude.Int use prelude.UIntSize @@ -104,7 +104,7 @@ module C08CollectExtend_Extend val invariant6 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant6 self } - axiom inv6 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv6 x = true + axiom inv6 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv6 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant5 (self : Core_Option_Option_Type.t_option t) val invariant5 (self : Core_Option_Option_Type.t_option t) : bool @@ -114,7 +114,7 @@ module C08CollectExtend_Extend val inv5 (_x : Core_Option_Option_Type.t_option t) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option t . inv5 x = true + axiom inv5 : forall x : Core_Option_Option_Type.t_option t . inv5 x = true predicate invariant4 (self : borrowed i) val invariant4 (self : borrowed i) : bool ensures { result = invariant4 self } @@ -123,7 +123,7 @@ module C08CollectExtend_Extend val inv4 (_x : borrowed i) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : borrowed i . inv4 x = true + axiom inv4 : forall x : borrowed i . inv4 x = true use seq.Seq predicate inv3 (_x : i) val inv3 (_x : i) : bool @@ -156,7 +156,7 @@ module C08CollectExtend_Extend val invariant3 (self : i) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : i . inv3 x = true + axiom inv3 : forall x : i . inv3 x = true use prelude.Ghost predicate invariant2 (self : Ghost.ghost_ty (Seq.seq t)) val invariant2 (self : Ghost.ghost_ty (Seq.seq t)) : bool @@ -166,7 +166,7 @@ module C08CollectExtend_Extend val inv2 (_x : Ghost.ghost_ty (Seq.seq t)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : Ghost.ghost_ty (Seq.seq t) . inv2 x = true + axiom inv2 : forall x : Ghost.ghost_ty (Seq.seq t) . inv2 x = true predicate invariant1 (self : Ghost.ghost_ty i) val invariant1 (self : Ghost.ghost_ty i) : bool ensures { result = invariant1 self } @@ -175,7 +175,7 @@ module C08CollectExtend_Extend val inv1 (_x : Ghost.ghost_ty i) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : Ghost.ghost_ty i . inv1 x = true + axiom inv1 : forall x : Ghost.ghost_ty i . inv1 x = true predicate invariant0 (self : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)))) val invariant0 (self : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)))) : bool @@ -185,7 +185,7 @@ module C08CollectExtend_Extend val inv0 (_x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) . inv0 x = true + axiom inv0 : forall x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) . inv0 x = true predicate completed0 (self : borrowed i) val completed0 (self : borrowed i) : bool ensures { result = completed0 self } @@ -306,24 +306,24 @@ module C08CollectExtend_Extend goto BB1 } BB1 { - old_vec <- ([#"../08_collect_extend.rs" 26 18 26 29] Ghost.new vec); + [#"../08_collect_extend.rs" 26 18 26 29] old_vec <- ([#"../08_collect_extend.rs" 26 18 26 29] Ghost.new vec); goto BB2 } BB2 { assert { [@expl:type invariant] inv0 old_vec }; assume { resolve0 old_vec }; - iter1 <- ([#"../08_collect_extend.rs" 27 4 27 35] into_iter0 iter); - iter <- any i; + [#"../08_collect_extend.rs" 27 4 27 35] iter1 <- ([#"../08_collect_extend.rs" 27 4 27 35] into_iter0 ([#"../08_collect_extend.rs" 29 13 29 17] iter)); + [#"../08_collect_extend.rs" 29 13 29 17] iter <- any i; goto BB3 } BB3 { - iter_old <- ([#"../08_collect_extend.rs" 27 4 27 35] Ghost.new iter1); + [#"../08_collect_extend.rs" 27 4 27 35] iter_old <- ([#"../08_collect_extend.rs" 27 4 27 35] Ghost.new iter1); goto BB4 } BB4 { assert { [@expl:type invariant] inv1 iter_old }; assume { resolve1 iter_old }; - produced <- ([#"../08_collect_extend.rs" 27 4 27 35] Ghost.new (Seq.empty )); + [#"../08_collect_extend.rs" 27 4 27 35] produced <- ([#"../08_collect_extend.rs" 27 4 27 35] Ghost.new (Seq.empty )); goto BB5 } BB5 { @@ -345,13 +345,13 @@ module C08CollectExtend_Extend goto BB9 } BB9 { - _19 <- Borrow.borrow_mut iter1; - iter1 <- ^ _19; + [#"../08_collect_extend.rs" 27 4 27 35] _19 <- Borrow.borrow_mut iter1; + [#"../08_collect_extend.rs" 27 4 27 35] iter1 <- ^ _19; assume { inv3 ( ^ _19) }; - _18 <- Borrow.borrow_mut ( * _19); - _19 <- { _19 with current = ^ _18 }; + [#"../08_collect_extend.rs" 27 4 27 35] _18 <- Borrow.borrow_mut ( * _19); + [#"../08_collect_extend.rs" 27 4 27 35] _19 <- { _19 with current = ^ _18 }; assume { inv3 ( ^ _18) }; - _17 <- ([#"../08_collect_extend.rs" 27 4 27 35] next0 _18); + [#"../08_collect_extend.rs" 27 4 27 35] _17 <- ([#"../08_collect_extend.rs" 27 4 27 35] next0 _18); _18 <- any borrowed i; goto BB10 } @@ -370,7 +370,7 @@ module C08CollectExtend_Extend assume { resolve5 iter1 }; assert { [@expl:type invariant] inv7 vec }; assume { resolve6 vec }; - _0 <- ([#"../08_collect_extend.rs" 27 4 27 35] ()); + [#"../08_collect_extend.rs" 27 4 27 35] _0 <- ([#"../08_collect_extend.rs" 27 4 27 35] ()); goto BB20 } BB12 { @@ -383,29 +383,30 @@ module C08CollectExtend_Extend assume { resolve5 iter1 }; assert { [@expl:type invariant] inv7 vec }; assume { resolve6 vec }; + assert { [#"../08_collect_extend.rs" 27 4 27 35] false }; absurd } BB14 { - __creusot_proc_iter_elem <- Core_Option_Option_Type.some_0 _17; - _17 <- (let Core_Option_Option_Type.C_Some x0 = _17 in Core_Option_Option_Type.C_Some (any t)); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _17); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] _17 <- (let Core_Option_Option_Type.C_Some x0 = _17 in Core_Option_Option_Type.C_Some (any t)); assert { [@expl:type invariant] inv5 _17 }; assume { resolve4 _17 }; - _22 <- ([#"../08_collect_extend.rs" 27 4 27 35] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); + [#"../08_collect_extend.rs" 27 4 27 35] _22 <- ([#"../08_collect_extend.rs" 27 4 27 35] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); goto BB15 } BB15 { - produced <- _22; - _22 <- any Ghost.ghost_ty (Seq.seq t); + [#"../08_collect_extend.rs" 27 4 27 35] produced <- ([#"../08_collect_extend.rs" 27 4 27 35] _22); + [#"../08_collect_extend.rs" 27 4 27 35] _22 <- any Ghost.ghost_ty (Seq.seq t); assert { [@expl:type invariant] inv2 produced }; assume { resolve2 produced }; - x <- __creusot_proc_iter_elem; - __creusot_proc_iter_elem <- any t; - _26 <- Borrow.borrow_mut ( * vec); - vec <- { vec with current = ^ _26 }; + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] x <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- any t; + [#"../08_collect_extend.rs" 30 8 30 19] _26 <- Borrow.borrow_mut ( * vec); + [#"../08_collect_extend.rs" 30 8 30 19] vec <- { vec with current = ^ _26 }; assume { inv6 ( ^ _26) }; - _25 <- ([#"../08_collect_extend.rs" 30 8 30 19] push0 _26 x); + [#"../08_collect_extend.rs" 30 8 30 19] _25 <- ([#"../08_collect_extend.rs" 30 8 30 19] push0 _26 ([#"../08_collect_extend.rs" 30 17 30 18] x)); _26 <- any borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)); - x <- any t; + [#"../08_collect_extend.rs" 30 17 30 18] x <- any t; goto BB16 } BB16 { @@ -442,7 +443,7 @@ module C08CollectExtend_Collect val inv8 (_x : item0) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : item0 . inv8 x = true + axiom inv8 : forall x : item0 . inv8 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Borrow @@ -454,7 +455,7 @@ module C08CollectExtend_Collect val inv7 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec item0 (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec item0 (Alloc_Alloc_Global_Type.t_global)) . inv7 x = true + axiom inv7 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec item0 (Alloc_Alloc_Global_Type.t_global)) . inv7 x = true use seq.Seq predicate invariant6 (self : Seq.seq item0) val invariant6 (self : Seq.seq item0) : bool @@ -464,7 +465,7 @@ module C08CollectExtend_Collect val inv6 (_x : Seq.seq item0) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : Seq.seq item0 . inv6 x = true + axiom inv6 : forall x : Seq.seq item0 . inv6 x = true use prelude.UIntSize use prelude.Int use prelude.UIntSize @@ -486,7 +487,7 @@ module C08CollectExtend_Collect val invariant5 (self : Alloc_Vec_Vec_Type.t_vec item0 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant5 self } - axiom inv5 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec item0 (Alloc_Alloc_Global_Type.t_global) . inv5 x = true + axiom inv5 : forall x : Alloc_Vec_Vec_Type.t_vec item0 (Alloc_Alloc_Global_Type.t_global) . inv5 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant4 (self : Core_Option_Option_Type.t_option item0) val invariant4 (self : Core_Option_Option_Type.t_option item0) : bool @@ -496,7 +497,7 @@ module C08CollectExtend_Collect val inv4 (_x : Core_Option_Option_Type.t_option item0) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option item0 . inv4 x = true + axiom inv4 : forall x : Core_Option_Option_Type.t_option item0 . inv4 x = true predicate invariant3 (self : borrowed i) val invariant3 (self : borrowed i) : bool ensures { result = invariant3 self } @@ -505,7 +506,7 @@ module C08CollectExtend_Collect val inv3 (_x : borrowed i) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : borrowed i . inv3 x = true + axiom inv3 : forall x : borrowed i . inv3 x = true use seq.Seq predicate inv2 (_x : i) val inv2 (_x : i) : bool @@ -538,7 +539,7 @@ module C08CollectExtend_Collect val invariant2 (self : i) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : i . inv2 x = true + axiom inv2 : forall x : i . inv2 x = true use prelude.Ghost predicate invariant1 (self : Ghost.ghost_ty (Seq.seq item0)) val invariant1 (self : Ghost.ghost_ty (Seq.seq item0)) : bool @@ -548,7 +549,7 @@ module C08CollectExtend_Collect val inv1 (_x : Ghost.ghost_ty (Seq.seq item0)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : Ghost.ghost_ty (Seq.seq item0) . inv1 x = true + axiom inv1 : forall x : Ghost.ghost_ty (Seq.seq item0) . inv1 x = true predicate invariant0 (self : Ghost.ghost_ty i) val invariant0 (self : Ghost.ghost_ty i) : bool ensures { result = invariant0 self } @@ -557,7 +558,7 @@ module C08CollectExtend_Collect val inv0 (_x : Ghost.ghost_ty i) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : Ghost.ghost_ty i . inv0 x = true + axiom inv0 : forall x : Ghost.ghost_ty i . inv0 x = true predicate completed0 (self : borrowed i) val completed0 (self : borrowed i) : bool ensures { result = completed0 self } @@ -675,22 +676,22 @@ module C08CollectExtend_Collect goto BB1 } BB1 { - res <- ([#"../08_collect_extend.rs" 43 18 43 28] new0 ()); + [#"../08_collect_extend.rs" 43 18 43 28] res <- ([#"../08_collect_extend.rs" 43 18 43 28] new0 ()); goto BB2 } BB2 { - iter1 <- ([#"../08_collect_extend.rs" 45 4 45 40] into_iter0 iter); - iter <- any i; + [#"../08_collect_extend.rs" 45 4 45 40] iter1 <- ([#"../08_collect_extend.rs" 45 4 45 40] into_iter0 ([#"../08_collect_extend.rs" 46 13 46 17] iter)); + [#"../08_collect_extend.rs" 46 13 46 17] iter <- any i; goto BB3 } BB3 { - iter_old <- ([#"../08_collect_extend.rs" 45 4 45 40] Ghost.new iter1); + [#"../08_collect_extend.rs" 45 4 45 40] iter_old <- ([#"../08_collect_extend.rs" 45 4 45 40] Ghost.new iter1); goto BB4 } BB4 { assert { [@expl:type invariant] inv0 iter_old }; assume { resolve0 iter_old }; - produced <- ([#"../08_collect_extend.rs" 45 4 45 40] Ghost.new (Seq.empty )); + [#"../08_collect_extend.rs" 45 4 45 40] produced <- ([#"../08_collect_extend.rs" 45 4 45 40] Ghost.new (Seq.empty )); goto BB5 } BB5 { @@ -714,13 +715,13 @@ module C08CollectExtend_Collect goto BB10 } BB10 { - _17 <- Borrow.borrow_mut iter1; - iter1 <- ^ _17; + [#"../08_collect_extend.rs" 45 4 45 40] _17 <- Borrow.borrow_mut iter1; + [#"../08_collect_extend.rs" 45 4 45 40] iter1 <- ^ _17; assume { inv2 ( ^ _17) }; - _16 <- Borrow.borrow_mut ( * _17); - _17 <- { _17 with current = ^ _16 }; + [#"../08_collect_extend.rs" 45 4 45 40] _16 <- Borrow.borrow_mut ( * _17); + [#"../08_collect_extend.rs" 45 4 45 40] _17 <- { _17 with current = ^ _16 }; assume { inv2 ( ^ _16) }; - _15 <- ([#"../08_collect_extend.rs" 45 4 45 40] next0 _16); + [#"../08_collect_extend.rs" 45 4 45 40] _15 <- ([#"../08_collect_extend.rs" 45 4 45 40] next0 _16); _16 <- any borrowed i; goto BB11 } @@ -749,29 +750,30 @@ module C08CollectExtend_Collect assume { resolve4 iter1 }; assert { [@expl:type invariant] inv5 res }; assume { resolve5 res }; + assert { [#"../08_collect_extend.rs" 45 4 45 40] false }; absurd } BB15 { - __creusot_proc_iter_elem <- Core_Option_Option_Type.some_0 _15; - _15 <- (let Core_Option_Option_Type.C_Some x0 = _15 in Core_Option_Option_Type.C_Some (any item0)); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _15); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] _15 <- (let Core_Option_Option_Type.C_Some x0 = _15 in Core_Option_Option_Type.C_Some (any item0)); assert { [@expl:type invariant] inv4 _15 }; assume { resolve3 _15 }; - _20 <- ([#"../08_collect_extend.rs" 45 4 45 40] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); + [#"../08_collect_extend.rs" 45 4 45 40] _20 <- ([#"../08_collect_extend.rs" 45 4 45 40] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); goto BB16 } BB16 { - produced <- _20; - _20 <- any Ghost.ghost_ty (Seq.seq item0); + [#"../08_collect_extend.rs" 45 4 45 40] produced <- ([#"../08_collect_extend.rs" 45 4 45 40] _20); + [#"../08_collect_extend.rs" 45 4 45 40] _20 <- any Ghost.ghost_ty (Seq.seq item0); assert { [@expl:type invariant] inv1 produced }; assume { resolve1 produced }; - x <- __creusot_proc_iter_elem; - __creusot_proc_iter_elem <- any item0; - _24 <- Borrow.borrow_mut res; - res <- ^ _24; + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] x <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- any item0; + [#"../08_collect_extend.rs" 47 8 47 19] _24 <- Borrow.borrow_mut res; + [#"../08_collect_extend.rs" 47 8 47 19] res <- ^ _24; assume { inv5 ( ^ _24) }; - _23 <- ([#"../08_collect_extend.rs" 47 8 47 19] push0 _24 x); + [#"../08_collect_extend.rs" 47 8 47 19] _23 <- ([#"../08_collect_extend.rs" 47 8 47 19] push0 _24 ([#"../08_collect_extend.rs" 47 17 47 18] x)); _24 <- any borrowed (Alloc_Vec_Vec_Type.t_vec item0 (Alloc_Alloc_Global_Type.t_global)); - x <- any item0; + [#"../08_collect_extend.rs" 47 17 47 18] x <- any item0; goto BB17 } BB17 { @@ -790,8 +792,8 @@ module C08CollectExtend_Collect goto BB22 } BB22 { - _0 <- res; - res <- any Alloc_Vec_Vec_Type.t_vec item0 (Alloc_Alloc_Global_Type.t_global); + [#"../08_collect_extend.rs" 49 4 49 7] _0 <- ([#"../08_collect_extend.rs" 49 4 49 7] res); + [#"../08_collect_extend.rs" 49 4 49 7] res <- any Alloc_Vec_Vec_Type.t_vec item0 (Alloc_Alloc_Global_Type.t_global); goto BB23 } BB23 { @@ -830,7 +832,7 @@ module C08CollectExtend_ExtendIndex val inv7 (_x : slice uint32) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : slice uint32 . inv7 x = true + axiom inv7 : forall x : slice uint32 . inv7 x = true use seq.Seq use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_IntoIter_IntoIter_Type as Alloc_Vec_IntoIter_IntoIter_Type @@ -892,13 +894,13 @@ module C08CollectExtend_ExtendIndex val inv6 (_x : borrowed (Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter uint32 (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter uint32 (Alloc_Alloc_Global_Type.t_global)) . inv6 x = true + axiom inv6 : forall x : borrowed (Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter uint32 (Alloc_Alloc_Global_Type.t_global)) . inv6 x = true predicate invariant5 (self : Seq.seq uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant5 (self : Seq.seq uint32) : bool ensures { result = invariant5 self } - axiom inv5 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : Seq.seq uint32 . inv5 x = true + axiom inv5 : forall x : Seq.seq uint32 . inv5 x = true use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type predicate invariant4 (self : borrowed (Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -909,13 +911,13 @@ module C08CollectExtend_ExtendIndex val inv4 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) . inv4 x = true + axiom inv4 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) . inv4 x = true predicate invariant3 (self : Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter uint32 (Alloc_Alloc_Global_Type.t_global)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter uint32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter uint32 (Alloc_Alloc_Global_Type.t_global) . inv3 x = true + axiom inv3 : forall x : Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter uint32 (Alloc_Alloc_Global_Type.t_global) . inv3 x = true use prelude.UIntSize use prelude.Int use prelude.UIntSize @@ -937,7 +939,7 @@ module C08CollectExtend_ExtendIndex val invariant2 (self : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv2 x = true + axiom inv2 : forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv2 x = true predicate invariant1 (self : slice uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : slice uint32) : bool @@ -947,7 +949,7 @@ module C08CollectExtend_ExtendIndex val inv1 (_x : slice uint32) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : slice uint32 . inv1 x = true + axiom inv1 : forall x : slice uint32 . inv1 x = true predicate invariant0 (self : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) : bool @@ -957,7 +959,7 @@ module C08CollectExtend_ExtendIndex val inv0 (_x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use prelude.Ghost use seq.Seq use prelude.Slice @@ -1079,24 +1081,24 @@ module C08CollectExtend_ExtendIndex goto BB0 } BB0 { - oldv1 <- ([#"../08_collect_extend.rs" 53 16 53 27] Ghost.new (deref0 v1)); + [#"../08_collect_extend.rs" 53 16 53 27] oldv1 <- ([#"../08_collect_extend.rs" 53 16 53 27] Ghost.new (deref0 v1)); goto BB1 } BB1 { - oldv2 <- ([#"../08_collect_extend.rs" 54 16 54 27] Ghost.new (deref0 v2)); + [#"../08_collect_extend.rs" 54 16 54 27] oldv2 <- ([#"../08_collect_extend.rs" 54 16 54 27] Ghost.new (deref0 v2)); goto BB2 } BB2 { - _9 <- Borrow.borrow_mut v1; - v1 <- ^ _9; - _8 <- Borrow.borrow_mut ( * _9); - _9 <- { _9 with current = ^ _8 }; - _10 <- ([#"../08_collect_extend.rs" 55 20 55 34] into_iter0 v2); - v2 <- any Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global); + [#"../08_collect_extend.rs" 55 11 55 18] _9 <- Borrow.borrow_mut v1; + [#"../08_collect_extend.rs" 55 11 55 18] v1 <- ^ _9; + [#"../08_collect_extend.rs" 55 11 55 18] _8 <- Borrow.borrow_mut ( * _9); + [#"../08_collect_extend.rs" 55 11 55 18] _9 <- { _9 with current = ^ _8 }; + [#"../08_collect_extend.rs" 55 20 55 34] _10 <- ([#"../08_collect_extend.rs" 55 20 55 34] into_iter0 ([#"../08_collect_extend.rs" 55 20 55 22] v2)); + [#"../08_collect_extend.rs" 55 20 55 22] v2 <- any Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global); goto BB3 } BB3 { - _7 <- ([#"../08_collect_extend.rs" 55 4 55 35] extend0 _8 _10); + [#"../08_collect_extend.rs" 55 4 55 35] _7 <- ([#"../08_collect_extend.rs" 55 4 55 35] extend0 _8 _10); _8 <- any borrowed (Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)); _10 <- any Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter uint32 (Alloc_Alloc_Global_Type.t_global); goto BB4 @@ -1108,7 +1110,7 @@ module C08CollectExtend_ExtendIndex goto BB5 } BB5 { - _0 <- ([#"../08_collect_extend.rs" 52 52 58 1] ()); + [#"../08_collect_extend.rs" 52 52 58 1] _0 <- ([#"../08_collect_extend.rs" 52 52 58 1] ()); goto BB6 } BB6 { @@ -1150,7 +1152,7 @@ module C08CollectExtend_CollectExample val invariant3 (self : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv3 x = true + axiom inv3 : forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv3 x = true use prelude.Borrow predicate invariant2 (self : borrowed i) val invariant2 (self : borrowed i) : bool @@ -1160,13 +1162,13 @@ module C08CollectExtend_CollectExample val inv2 (_x : borrowed i) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : borrowed i . inv2 x = true + axiom inv2 : forall x : borrowed i . inv2 x = true predicate invariant1 (self : Seq.seq uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : Seq.seq uint32) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : Seq.seq uint32 . inv1 x = true + axiom inv1 : forall x : Seq.seq uint32 . inv1 x = true use seq.Seq predicate inv0 (_x : i) val inv0 (_x : i) : bool @@ -1199,7 +1201,7 @@ module C08CollectExtend_CollectExample val invariant0 (self : i) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../08_collect_extend.rs" 1 0 1 0] forall x : i . inv0 x = true + axiom inv0 : forall x : i . inv0 x = true use seq.Seq use prelude.UInt32 function index_logic0 [@inline:trivial] (self : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) (ix : int) : uint32 @@ -1243,8 +1245,8 @@ module C08CollectExtend_CollectExample goto BB1 } BB1 { - v <- ([#"../08_collect_extend.rs" 62 22 62 35] collect0 iter); - iter <- any i; + [#"../08_collect_extend.rs" 62 22 62 35] v <- ([#"../08_collect_extend.rs" 62 22 62 35] collect0 ([#"../08_collect_extend.rs" 62 30 62 34] iter)); + [#"../08_collect_extend.rs" 62 30 62 34] iter <- any i; goto BB2 } BB2 { @@ -1253,7 +1255,7 @@ module C08CollectExtend_CollectExample goto BB3 } BB3 { - _0 <- ([#"../08_collect_extend.rs" 61 57 65 1] ()); + [#"../08_collect_extend.rs" 61 57 65 1] _0 <- ([#"../08_collect_extend.rs" 61 57 65 1] ()); goto BB4 } BB4 { diff --git a/creusot/tests/should_succeed/iterators/09_empty.mlcfg b/creusot/tests/should_succeed/iterators/09_empty.mlcfg index e210b8b4cf..69ff5916a0 100644 --- a/creusot/tests/should_succeed/iterators/09_empty.mlcfg +++ b/creusot/tests/should_succeed/iterators/09_empty.mlcfg @@ -39,7 +39,7 @@ module C09Empty_Impl0_ProducesTrans_Impl val inv0 (_x : Seq.seq t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../09_empty.rs" 1 0 1 0] forall x : Seq.seq t . inv0 x = true + axiom inv0 : forall x : Seq.seq t . inv0 x = true use C09Empty_Empty_Type as C09Empty_Empty_Type use seq.Seq use seq.Seq @@ -77,7 +77,7 @@ module C09Empty_Impl0_Next val inv0 (_x : Core_Option_Option_Type.t_option t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../09_empty.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option t . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option t . inv0 x = true use seq.Seq use seq.Seq use C09Empty_Empty_Type as C09Empty_Empty_Type @@ -115,7 +115,7 @@ module C09Empty_Impl0_Next } BB0 { assume { resolve0 self }; - _0 <- ([#"../09_empty.rs" 42 8 42 12] Core_Option_Option_Type.C_None); + [#"../09_empty.rs" 42 8 42 12] _0 <- ([#"../09_empty.rs" 42 8 42 12] Core_Option_Option_Type.C_None); return _0 } @@ -131,7 +131,7 @@ module C09Empty_Impl0 val inv3 (_x : Core_Option_Option_Type.t_option t) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../09_empty.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option t . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option t . inv3 x = true use C09Empty_Empty_Type as C09Empty_Empty_Type use prelude.Borrow predicate invariant2 (self : borrowed (C09Empty_Empty_Type.t_empty t)) @@ -142,7 +142,7 @@ module C09Empty_Impl0 val inv2 (_x : borrowed (C09Empty_Empty_Type.t_empty t)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../09_empty.rs" 1 0 1 0] forall x : borrowed (C09Empty_Empty_Type.t_empty t) . inv2 x = true + axiom inv2 : forall x : borrowed (C09Empty_Empty_Type.t_empty t) . inv2 x = true use seq.Seq predicate invariant1 (self : Seq.seq t) val invariant1 (self : Seq.seq t) : bool @@ -152,7 +152,7 @@ module C09Empty_Impl0 val inv1 (_x : Seq.seq t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../09_empty.rs" 1 0 1 0] forall x : Seq.seq t . inv1 x = true + axiom inv1 : forall x : Seq.seq t . inv1 x = true predicate invariant0 (self : C09Empty_Empty_Type.t_empty t) val invariant0 (self : C09Empty_Empty_Type.t_empty t) : bool ensures { result = invariant0 self } @@ -161,7 +161,7 @@ module C09Empty_Impl0 val inv0 (_x : C09Empty_Empty_Type.t_empty t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../09_empty.rs" 1 0 1 0] forall x : C09Empty_Empty_Type.t_empty t . inv0 x = true + axiom inv0 : forall x : C09Empty_Empty_Type.t_empty t . inv0 x = true use seq.Seq predicate resolve0 (self : borrowed (C09Empty_Empty_Type.t_empty t)) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self diff --git a/creusot/tests/should_succeed/iterators/10_once.mlcfg b/creusot/tests/should_succeed/iterators/10_once.mlcfg index a4a7568e9b..a3af720a86 100644 --- a/creusot/tests/should_succeed/iterators/10_once.mlcfg +++ b/creusot/tests/should_succeed/iterators/10_once.mlcfg @@ -25,7 +25,7 @@ module C10Once_Impl0_ProducesRefl_Impl val inv1 (_x : t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../10_once.rs" 1 0 1 0] forall x : t . inv1 x = true + axiom inv1 : forall x : t . inv1 x = true use C10Once_Once_Type as C10Once_Once_Type predicate invariant0 (self : C10Once_Once_Type.t_once t) val invariant0 (self : C10Once_Once_Type.t_once t) : bool @@ -35,7 +35,7 @@ module C10Once_Impl0_ProducesRefl_Impl val inv0 (_x : C10Once_Once_Type.t_once t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../10_once.rs" 1 0 1 0] forall x : C10Once_Once_Type.t_once t . inv0 x = true + axiom inv0 : forall x : C10Once_Once_Type.t_once t . inv0 x = true use seq.Seq use Core_Option_Option_Type as Core_Option_Option_Type use seq.Seq @@ -64,7 +64,7 @@ module C10Once_Impl0_ProducesTrans_Impl val inv2 (_x : t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../10_once.rs" 1 0 1 0] forall x : t . inv2 x = true + axiom inv2 : forall x : t . inv2 x = true use seq.Seq predicate invariant1 (self : Seq.seq t) val invariant1 (self : Seq.seq t) : bool @@ -74,7 +74,7 @@ module C10Once_Impl0_ProducesTrans_Impl val inv1 (_x : Seq.seq t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../10_once.rs" 1 0 1 0] forall x : Seq.seq t . inv1 x = true + axiom inv1 : forall x : Seq.seq t . inv1 x = true use C10Once_Once_Type as C10Once_Once_Type predicate invariant0 (self : C10Once_Once_Type.t_once t) val invariant0 (self : C10Once_Once_Type.t_once t) : bool @@ -84,7 +84,7 @@ module C10Once_Impl0_ProducesTrans_Impl val inv0 (_x : C10Once_Once_Type.t_once t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../10_once.rs" 1 0 1 0] forall x : C10Once_Once_Type.t_once t . inv0 x = true + axiom inv0 : forall x : C10Once_Once_Type.t_once t . inv0 x = true use seq.Seq use seq.Seq use Core_Option_Option_Type as Core_Option_Option_Type @@ -119,7 +119,7 @@ module C10Once_Impl0_Next val inv3 (_x : t) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../10_once.rs" 1 0 1 0] forall x : t . inv3 x = true + axiom inv3 : forall x : t . inv3 x = true use Core_Option_Option_Type as Core_Option_Option_Type use prelude.Borrow predicate invariant2 (self : borrowed (Core_Option_Option_Type.t_option t)) @@ -130,7 +130,7 @@ module C10Once_Impl0_Next val inv2 (_x : borrowed (Core_Option_Option_Type.t_option t)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../10_once.rs" 1 0 1 0] forall x : borrowed (Core_Option_Option_Type.t_option t) . inv2 x = true + axiom inv2 : forall x : borrowed (Core_Option_Option_Type.t_option t) . inv2 x = true use C10Once_Once_Type as C10Once_Once_Type predicate invariant1 (self : borrowed (C10Once_Once_Type.t_once t)) val invariant1 (self : borrowed (C10Once_Once_Type.t_once t)) : bool @@ -140,7 +140,7 @@ module C10Once_Impl0_Next val inv1 (_x : borrowed (C10Once_Once_Type.t_once t)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../10_once.rs" 1 0 1 0] forall x : borrowed (C10Once_Once_Type.t_once t) . inv1 x = true + axiom inv1 : forall x : borrowed (C10Once_Once_Type.t_once t) . inv1 x = true predicate invariant0 (self : Core_Option_Option_Type.t_option t) val invariant0 (self : Core_Option_Option_Type.t_option t) : bool ensures { result = invariant0 self } @@ -149,7 +149,7 @@ module C10Once_Impl0_Next val inv0 (_x : Core_Option_Option_Type.t_option t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../10_once.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option t . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option t . inv0 x = true use seq.Seq use seq.Seq use seq.Seq @@ -191,10 +191,10 @@ module C10Once_Impl0_Next goto BB0 } BB0 { - _3 <- Borrow.borrow_mut (C10Once_Once_Type.once_0 ( * self)); - self <- { self with current = (let C10Once_Once_Type.C_Once x0 = * self in C10Once_Once_Type.C_Once ( ^ _3)) }; + [#"../10_once.rs" 45 8 45 21] _3 <- Borrow.borrow_mut (C10Once_Once_Type.once_0 ( * self)); + [#"../10_once.rs" 45 8 45 21] self <- { self with current = (let C10Once_Once_Type.C_Once x0 = * self in C10Once_Once_Type.C_Once ( ^ _3)) }; assume { inv0 ( ^ _3) }; - _0 <- ([#"../10_once.rs" 45 8 45 21] take0 _3); + [#"../10_once.rs" 45 8 45 21] _0 <- ([#"../10_once.rs" 45 8 45 21] take0 _3); _3 <- any borrowed (Core_Option_Option_Type.t_option t); goto BB1 } @@ -215,7 +215,7 @@ module C10Once_Impl0 val inv4 (_x : t) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../10_once.rs" 1 0 1 0] forall x : t . inv4 x = true + axiom inv4 : forall x : t . inv4 x = true use seq.Seq predicate invariant3 (self : Seq.seq t) val invariant3 (self : Seq.seq t) : bool @@ -225,7 +225,7 @@ module C10Once_Impl0 val inv3 (_x : Seq.seq t) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../10_once.rs" 1 0 1 0] forall x : Seq.seq t . inv3 x = true + axiom inv3 : forall x : Seq.seq t . inv3 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant2 (self : Core_Option_Option_Type.t_option t) val invariant2 (self : Core_Option_Option_Type.t_option t) : bool @@ -235,7 +235,7 @@ module C10Once_Impl0 val inv2 (_x : Core_Option_Option_Type.t_option t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../10_once.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option t . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option t . inv2 x = true use C10Once_Once_Type as C10Once_Once_Type use prelude.Borrow predicate invariant1 (self : borrowed (C10Once_Once_Type.t_once t)) @@ -246,7 +246,7 @@ module C10Once_Impl0 val inv1 (_x : borrowed (C10Once_Once_Type.t_once t)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../10_once.rs" 1 0 1 0] forall x : borrowed (C10Once_Once_Type.t_once t) . inv1 x = true + axiom inv1 : forall x : borrowed (C10Once_Once_Type.t_once t) . inv1 x = true predicate invariant0 (self : C10Once_Once_Type.t_once t) val invariant0 (self : C10Once_Once_Type.t_once t) : bool ensures { result = invariant0 self } @@ -255,7 +255,7 @@ module C10Once_Impl0 val inv0 (_x : C10Once_Once_Type.t_once t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../10_once.rs" 1 0 1 0] forall x : C10Once_Once_Type.t_once t . inv0 x = true + axiom inv0 : forall x : C10Once_Once_Type.t_once t . inv0 x = true use seq.Seq use seq.Seq predicate resolve0 (self : borrowed (C10Once_Once_Type.t_once t)) = diff --git a/creusot/tests/should_succeed/iterators/11_repeat.mlcfg b/creusot/tests/should_succeed/iterators/11_repeat.mlcfg index a7c1c22ca1..f8598db67c 100644 --- a/creusot/tests/should_succeed/iterators/11_repeat.mlcfg +++ b/creusot/tests/should_succeed/iterators/11_repeat.mlcfg @@ -19,7 +19,7 @@ module C11Repeat_Impl0_ProducesRefl_Impl val inv0 (_x : C11Repeat_Repeat_Type.t_repeat a) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../11_repeat.rs" 1 0 1 0] forall x : C11Repeat_Repeat_Type.t_repeat a . inv0 x = true + axiom inv0 : forall x : C11Repeat_Repeat_Type.t_repeat a . inv0 x = true use seq.Seq use seq.Seq use prelude.Int @@ -50,7 +50,7 @@ module C11Repeat_Impl0_ProducesTrans_Impl val inv1 (_x : Seq.seq a) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../11_repeat.rs" 1 0 1 0] forall x : Seq.seq a . inv1 x = true + axiom inv1 : forall x : Seq.seq a . inv1 x = true use C11Repeat_Repeat_Type as C11Repeat_Repeat_Type predicate invariant0 (self : C11Repeat_Repeat_Type.t_repeat a) val invariant0 (self : C11Repeat_Repeat_Type.t_repeat a) : bool @@ -60,7 +60,7 @@ module C11Repeat_Impl0_ProducesTrans_Impl val inv0 (_x : C11Repeat_Repeat_Type.t_repeat a) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../11_repeat.rs" 1 0 1 0] forall x : C11Repeat_Repeat_Type.t_repeat a . inv0 x = true + axiom inv0 : forall x : C11Repeat_Repeat_Type.t_repeat a . inv0 x = true use seq.Seq use seq.Seq use seq.Seq @@ -101,7 +101,7 @@ module C11Repeat_Impl0_Next val inv3 (_x : a) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../11_repeat.rs" 1 0 1 0] forall x : a . inv3 x = true + axiom inv3 : forall x : a . inv3 x = true predicate invariant2 (self : a) val invariant2 (self : a) : bool ensures { result = invariant2 self } @@ -110,7 +110,7 @@ module C11Repeat_Impl0_Next val inv2 (_x : a) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../11_repeat.rs" 1 0 1 0] forall x : a . inv2 x = true + axiom inv2 : forall x : a . inv2 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant1 (self : Core_Option_Option_Type.t_option a) val invariant1 (self : Core_Option_Option_Type.t_option a) : bool @@ -120,7 +120,7 @@ module C11Repeat_Impl0_Next val inv1 (_x : Core_Option_Option_Type.t_option a) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../11_repeat.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option a . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option a . inv1 x = true use C11Repeat_Repeat_Type as C11Repeat_Repeat_Type use prelude.Borrow predicate invariant0 (self : borrowed (C11Repeat_Repeat_Type.t_repeat a)) @@ -131,7 +131,7 @@ module C11Repeat_Impl0_Next val inv0 (_x : borrowed (C11Repeat_Repeat_Type.t_repeat a)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../11_repeat.rs" 1 0 1 0] forall x : borrowed (C11Repeat_Repeat_Type.t_repeat a) . inv0 x = true + axiom inv0 : forall x : borrowed (C11Repeat_Repeat_Type.t_repeat a) . inv0 x = true use seq.Seq use seq.Seq use prelude.Int @@ -175,13 +175,13 @@ module C11Repeat_Impl0_Next goto BB0 } BB0 { - _3 <- ([#"../11_repeat.rs" 47 13 47 33] clone0 ([#"../11_repeat.rs" 47 13 47 33] C11Repeat_Repeat_Type.repeat_element ( * self))); + [#"../11_repeat.rs" 47 13 47 33] _3 <- ([#"../11_repeat.rs" 47 13 47 33] clone0 ([#"../11_repeat.rs" 47 13 47 33] C11Repeat_Repeat_Type.repeat_element ( * self))); goto BB1 } BB1 { assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _0 <- ([#"../11_repeat.rs" 47 8 47 34] Core_Option_Option_Type.C_Some _3); + [#"../11_repeat.rs" 47 8 47 34] _0 <- ([#"../11_repeat.rs" 47 8 47 34] Core_Option_Option_Type.C_Some _3); _3 <- any a; goto BB2 } @@ -201,7 +201,7 @@ module C11Repeat_Impl0 val inv3 (_x : Core_Option_Option_Type.t_option a) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../11_repeat.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option a . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option a . inv3 x = true use C11Repeat_Repeat_Type as C11Repeat_Repeat_Type use prelude.Borrow predicate invariant2 (self : borrowed (C11Repeat_Repeat_Type.t_repeat a)) @@ -212,7 +212,7 @@ module C11Repeat_Impl0 val inv2 (_x : borrowed (C11Repeat_Repeat_Type.t_repeat a)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../11_repeat.rs" 1 0 1 0] forall x : borrowed (C11Repeat_Repeat_Type.t_repeat a) . inv2 x = true + axiom inv2 : forall x : borrowed (C11Repeat_Repeat_Type.t_repeat a) . inv2 x = true use seq.Seq predicate invariant1 (self : Seq.seq a) val invariant1 (self : Seq.seq a) : bool @@ -222,7 +222,7 @@ module C11Repeat_Impl0 val inv1 (_x : Seq.seq a) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../11_repeat.rs" 1 0 1 0] forall x : Seq.seq a . inv1 x = true + axiom inv1 : forall x : Seq.seq a . inv1 x = true predicate invariant0 (self : C11Repeat_Repeat_Type.t_repeat a) val invariant0 (self : C11Repeat_Repeat_Type.t_repeat a) : bool ensures { result = invariant0 self } @@ -231,7 +231,7 @@ module C11Repeat_Impl0 val inv0 (_x : C11Repeat_Repeat_Type.t_repeat a) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../11_repeat.rs" 1 0 1 0] forall x : C11Repeat_Repeat_Type.t_repeat a . inv0 x = true + axiom inv0 : forall x : C11Repeat_Repeat_Type.t_repeat a . inv0 x = true use seq.Seq predicate completed0 [#"../11_repeat.rs" 17 4 17 35] (self : borrowed (C11Repeat_Repeat_Type.t_repeat a)) = [#"../11_repeat.rs" 18 20 18 25] false diff --git a/creusot/tests/should_succeed/iterators/12_zip.mlcfg b/creusot/tests/should_succeed/iterators/12_zip.mlcfg index 2cd681bdb6..0b9388a92d 100644 --- a/creusot/tests/should_succeed/iterators/12_zip.mlcfg +++ b/creusot/tests/should_succeed/iterators/12_zip.mlcfg @@ -23,7 +23,7 @@ module C12Zip_Impl0_ProducesRefl_Impl val inv4 (_x : b) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../12_zip.rs" 1 0 1 0] forall x : b . inv4 x = true + axiom inv4 : forall x : b . inv4 x = true predicate invariant3 (self : a) val invariant3 (self : a) : bool ensures { result = invariant3 self } @@ -32,7 +32,7 @@ module C12Zip_Impl0_ProducesRefl_Impl val inv3 (_x : a) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../12_zip.rs" 1 0 1 0] forall x : a . inv3 x = true + axiom inv3 : forall x : a . inv3 x = true type item0 use seq.Seq predicate invariant2 (self : Seq.seq item0) @@ -43,7 +43,7 @@ module C12Zip_Impl0_ProducesRefl_Impl val inv2 (_x : Seq.seq item0) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../12_zip.rs" 1 0 1 0] forall x : Seq.seq item0 . inv2 x = true + axiom inv2 : forall x : Seq.seq item0 . inv2 x = true type item1 predicate invariant1 (self : Seq.seq item1) val invariant1 (self : Seq.seq item1) : bool @@ -53,7 +53,7 @@ module C12Zip_Impl0_ProducesRefl_Impl val inv1 (_x : Seq.seq item1) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../12_zip.rs" 1 0 1 0] forall x : Seq.seq item1 . inv1 x = true + axiom inv1 : forall x : Seq.seq item1 . inv1 x = true use seq.Seq predicate produces2 [#"../common.rs" 8 4 8 66] (self : b) (visited : Seq.seq item1) (_o : b) val produces2 [#"../common.rs" 8 4 8 66] (self : b) (visited : Seq.seq item1) (_o : b) : bool @@ -113,7 +113,7 @@ module C12Zip_Impl0_ProducesRefl_Impl val inv0 (_x : C12Zip_Zip_Type.t_zip a b) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../12_zip.rs" 1 0 1 0] forall x : C12Zip_Zip_Type.t_zip a b . inv0 x = true + axiom inv0 : forall x : C12Zip_Zip_Type.t_zip a b . inv0 x = true use seq.Seq use seq.Seq use seq.Seq @@ -147,7 +147,7 @@ module C12Zip_Impl0_ProducesTrans_Impl val inv5 (_x : b) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../12_zip.rs" 1 0 1 0] forall x : b . inv5 x = true + axiom inv5 : forall x : b . inv5 x = true predicate invariant4 (self : a) val invariant4 (self : a) : bool ensures { result = invariant4 self } @@ -156,7 +156,7 @@ module C12Zip_Impl0_ProducesTrans_Impl val inv4 (_x : a) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../12_zip.rs" 1 0 1 0] forall x : a . inv4 x = true + axiom inv4 : forall x : a . inv4 x = true type item0 use seq.Seq predicate invariant3 (self : Seq.seq item0) @@ -167,7 +167,7 @@ module C12Zip_Impl0_ProducesTrans_Impl val inv3 (_x : Seq.seq item0) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../12_zip.rs" 1 0 1 0] forall x : Seq.seq item0 . inv3 x = true + axiom inv3 : forall x : Seq.seq item0 . inv3 x = true type item1 predicate invariant2 (self : Seq.seq item1) val invariant2 (self : Seq.seq item1) : bool @@ -177,7 +177,7 @@ module C12Zip_Impl0_ProducesTrans_Impl val inv2 (_x : Seq.seq item1) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../12_zip.rs" 1 0 1 0] forall x : Seq.seq item1 . inv2 x = true + axiom inv2 : forall x : Seq.seq item1 . inv2 x = true use seq.Seq predicate produces2 [#"../common.rs" 8 4 8 66] (self : b) (visited : Seq.seq item1) (_o : b) val produces2 [#"../common.rs" 8 4 8 66] (self : b) (visited : Seq.seq item1) (_o : b) : bool @@ -236,7 +236,7 @@ module C12Zip_Impl0_ProducesTrans_Impl val inv1 (_x : Seq.seq (item0, item1)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../12_zip.rs" 1 0 1 0] forall x : Seq.seq (item0, item1) . inv1 x = true + axiom inv1 : forall x : Seq.seq (item0, item1) . inv1 x = true use C12Zip_Zip_Type as C12Zip_Zip_Type predicate invariant0 (self : C12Zip_Zip_Type.t_zip a b) val invariant0 (self : C12Zip_Zip_Type.t_zip a b) : bool @@ -246,7 +246,7 @@ module C12Zip_Impl0_ProducesTrans_Impl val inv0 (_x : C12Zip_Zip_Type.t_zip a b) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../12_zip.rs" 1 0 1 0] forall x : C12Zip_Zip_Type.t_zip a b . inv0 x = true + axiom inv0 : forall x : C12Zip_Zip_Type.t_zip a b . inv0 x = true use seq.Seq use seq.Seq use seq.Seq @@ -299,7 +299,7 @@ module C12Zip_Impl0_Next val inv10 (_x : Seq.seq item0) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../12_zip.rs" 1 0 1 0] forall x : Seq.seq item0 . inv10 x = true + axiom inv10 : forall x : Seq.seq item0 . inv10 x = true type item1 predicate invariant9 (self : Seq.seq item1) val invariant9 (self : Seq.seq item1) : bool @@ -309,7 +309,7 @@ module C12Zip_Impl0_Next val inv9 (_x : Seq.seq item1) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../12_zip.rs" 1 0 1 0] forall x : Seq.seq item1 . inv9 x = true + axiom inv9 : forall x : Seq.seq item1 . inv9 x = true use prelude.Borrow predicate invariant8 (self : borrowed b) val invariant8 (self : borrowed b) : bool @@ -319,7 +319,7 @@ module C12Zip_Impl0_Next val inv8 (_x : borrowed b) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../12_zip.rs" 1 0 1 0] forall x : borrowed b . inv8 x = true + axiom inv8 : forall x : borrowed b . inv8 x = true predicate invariant7 (self : borrowed a) val invariant7 (self : borrowed a) : bool ensures { result = invariant7 self } @@ -328,7 +328,7 @@ module C12Zip_Impl0_Next val inv7 (_x : borrowed a) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../12_zip.rs" 1 0 1 0] forall x : borrowed a . inv7 x = true + axiom inv7 : forall x : borrowed a . inv7 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant6 (self : Core_Option_Option_Type.t_option (item0, item1)) val invariant6 (self : Core_Option_Option_Type.t_option (item0, item1)) : bool @@ -338,7 +338,7 @@ module C12Zip_Impl0_Next val inv6 (_x : Core_Option_Option_Type.t_option (item0, item1)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../12_zip.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (item0, item1) . inv6 x = true + axiom inv6 : forall x : Core_Option_Option_Type.t_option (item0, item1) . inv6 x = true predicate invariant5 (self : item0) val invariant5 (self : item0) : bool ensures { result = invariant5 self } @@ -347,7 +347,7 @@ module C12Zip_Impl0_Next val inv5 (_x : item0) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../12_zip.rs" 1 0 1 0] forall x : item0 . inv5 x = true + axiom inv5 : forall x : item0 . inv5 x = true predicate invariant4 (self : Core_Option_Option_Type.t_option item1) val invariant4 (self : Core_Option_Option_Type.t_option item1) : bool ensures { result = invariant4 self } @@ -356,7 +356,7 @@ module C12Zip_Impl0_Next val inv4 (_x : Core_Option_Option_Type.t_option item1) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../12_zip.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option item1 . inv4 x = true + axiom inv4 : forall x : Core_Option_Option_Type.t_option item1 . inv4 x = true use seq.Seq predicate inv3 (_x : b) val inv3 (_x : b) : bool @@ -390,7 +390,7 @@ module C12Zip_Impl0_Next val invariant3 (self : b) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../12_zip.rs" 1 0 1 0] forall x : b . inv3 x = true + axiom inv3 : forall x : b . inv3 x = true use C12Zip_Zip_Type as C12Zip_Zip_Type predicate invariant2 (self : borrowed (C12Zip_Zip_Type.t_zip a b)) val invariant2 (self : borrowed (C12Zip_Zip_Type.t_zip a b)) : bool @@ -400,7 +400,7 @@ module C12Zip_Impl0_Next val inv2 (_x : borrowed (C12Zip_Zip_Type.t_zip a b)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../12_zip.rs" 1 0 1 0] forall x : borrowed (C12Zip_Zip_Type.t_zip a b) . inv2 x = true + axiom inv2 : forall x : borrowed (C12Zip_Zip_Type.t_zip a b) . inv2 x = true predicate invariant1 (self : Core_Option_Option_Type.t_option item0) val invariant1 (self : Core_Option_Option_Type.t_option item0) : bool ensures { result = invariant1 self } @@ -409,7 +409,7 @@ module C12Zip_Impl0_Next val inv1 (_x : Core_Option_Option_Type.t_option item0) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../12_zip.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option item0 . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option item0 . inv1 x = true use seq.Seq predicate inv0 (_x : a) val inv0 (_x : a) : bool @@ -443,7 +443,7 @@ module C12Zip_Impl0_Next val invariant0 (self : a) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../12_zip.rs" 1 0 1 0] forall x : a . inv0 x = true + axiom inv0 : forall x : a . inv0 x = true use seq.Seq use seq.Seq use seq.Seq @@ -530,10 +530,10 @@ module C12Zip_Impl0_Next goto BB0 } BB0 { - _5 <- Borrow.borrow_mut (C12Zip_Zip_Type.zip_a ( * self)); - self <- { self with current = (let C12Zip_Zip_Type.C_Zip x0 x1 = * self in C12Zip_Zip_Type.C_Zip ( ^ _5) x1) }; + [#"../12_zip.rs" 55 22 55 35] _5 <- Borrow.borrow_mut (C12Zip_Zip_Type.zip_a ( * self)); + [#"../12_zip.rs" 55 22 55 35] self <- { self with current = (let C12Zip_Zip_Type.C_Zip x0 x1 = * self in C12Zip_Zip_Type.C_Zip ( ^ _5) x1) }; assume { inv0 ( ^ _5) }; - _4 <- ([#"../12_zip.rs" 55 22 55 35] next0 _5); + [#"../12_zip.rs" 55 22 55 35] _4 <- ([#"../12_zip.rs" 55 22 55 35] next0 _5); _5 <- any borrowed a; goto BB1 } @@ -547,15 +547,16 @@ module C12Zip_Impl0_Next goto BB5 } BB3 { - x1 <- Core_Option_Option_Type.some_0 _4; - _4 <- (let Core_Option_Option_Type.C_Some x0 = _4 in Core_Option_Option_Type.C_Some (any item0)); + [#"../12_zip.rs" 57 17 57 18] x1 <- ([#"../12_zip.rs" 57 17 57 18] Core_Option_Option_Type.some_0 _4); + [#"../12_zip.rs" 57 17 57 18] _4 <- (let Core_Option_Option_Type.C_Some x0 = _4 in Core_Option_Option_Type.C_Some (any item0)); assert { [@expl:type invariant] inv1 _4 }; assume { resolve0 _4 }; - x <- x1; - x1 <- any item0; + [#"../12_zip.rs" 57 23 57 24] x <- ([#"../12_zip.rs" 57 23 57 24] x1); + [#"../12_zip.rs" 57 23 57 24] x1 <- any item0; goto BB6 } BB4 { + assert { [#"../12_zip.rs" 55 22 55 35] false }; absurd } BB5 { @@ -563,17 +564,17 @@ module C12Zip_Impl0_Next assume { resolve0 _4 }; assert { [@expl:type invariant] inv2 self }; assume { resolve1 self }; - _0 <- ([#"../12_zip.rs" 56 27 56 31] Core_Option_Option_Type.C_None); + [#"../12_zip.rs" 56 27 56 31] _0 <- ([#"../12_zip.rs" 56 27 56 31] Core_Option_Option_Type.C_None); goto BB20 } BB6 { goto BB7 } BB7 { - _11 <- Borrow.borrow_mut (C12Zip_Zip_Type.zip_b ( * self)); - self <- { self with current = (let C12Zip_Zip_Type.C_Zip x0 x1 = * self in C12Zip_Zip_Type.C_Zip x0 ( ^ _11)) }; + [#"../12_zip.rs" 59 22 59 35] _11 <- Borrow.borrow_mut (C12Zip_Zip_Type.zip_b ( * self)); + [#"../12_zip.rs" 59 22 59 35] self <- { self with current = (let C12Zip_Zip_Type.C_Zip x0 x1 = * self in C12Zip_Zip_Type.C_Zip x0 ( ^ _11)) }; assume { inv3 ( ^ _11) }; - _10 <- ([#"../12_zip.rs" 59 22 59 35] next1 _11); + [#"../12_zip.rs" 59 22 59 35] _10 <- ([#"../12_zip.rs" 59 22 59 35] next1 _11); _11 <- any borrowed b; goto BB8 } @@ -589,12 +590,12 @@ module C12Zip_Impl0_Next goto BB11 } BB10 { - y1 <- Core_Option_Option_Type.some_0 _10; - _10 <- (let Core_Option_Option_Type.C_Some x0 = _10 in Core_Option_Option_Type.C_Some (any item1)); + [#"../12_zip.rs" 61 17 61 18] y1 <- ([#"../12_zip.rs" 61 17 61 18] Core_Option_Option_Type.some_0 _10); + [#"../12_zip.rs" 61 17 61 18] _10 <- (let Core_Option_Option_Type.C_Some x0 = _10 in Core_Option_Option_Type.C_Some (any item1)); assert { [@expl:type invariant] inv4 _10 }; assume { resolve2 _10 }; - y <- y1; - y1 <- any item1; + [#"../12_zip.rs" 61 23 61 24] y <- ([#"../12_zip.rs" 61 23 61 24] y1); + [#"../12_zip.rs" 61 23 61 24] y1 <- any item1; goto BB12 } BB11 { @@ -602,7 +603,7 @@ module C12Zip_Impl0_Next assume { resolve2 _10 }; assert { [@expl:type invariant] inv5 x }; assume { resolve3 x }; - _0 <- ([#"../12_zip.rs" 60 27 60 31] Core_Option_Option_Type.C_None); + [#"../12_zip.rs" 60 27 60 31] _0 <- ([#"../12_zip.rs" 60 27 60 31] Core_Option_Option_Type.C_None); goto BB19 } BB12 { @@ -615,9 +616,9 @@ module C12Zip_Impl0_Next goto BB15 } BB15 { - _0 <- ([#"../12_zip.rs" 63 8 63 20] Core_Option_Option_Type.C_Some ([#"../12_zip.rs" 63 13 63 19] (x, y))); - x <- any item0; - y <- any item1; + [#"../12_zip.rs" 63 8 63 20] _0 <- ([#"../12_zip.rs" 63 8 63 20] Core_Option_Option_Type.C_Some ([#"../12_zip.rs" 63 13 63 19] (([#"../12_zip.rs" 63 14 63 15] x), ([#"../12_zip.rs" 63 17 63 18] y)))); + [#"../12_zip.rs" 63 14 63 15] x <- any item0; + [#"../12_zip.rs" 63 17 63 18] y <- any item1; goto BB16 } BB16 { @@ -669,7 +670,7 @@ module C12Zip_Impl0 val inv6 (_x : item0) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../12_zip.rs" 1 0 1 0] forall x : item0 . inv6 x = true + axiom inv6 : forall x : item0 . inv6 x = true use seq.Seq predicate invariant5 (self : Seq.seq item0) val invariant5 (self : Seq.seq item0) : bool @@ -679,7 +680,7 @@ module C12Zip_Impl0 val inv5 (_x : Seq.seq item0) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../12_zip.rs" 1 0 1 0] forall x : Seq.seq item0 . inv5 x = true + axiom inv5 : forall x : Seq.seq item0 . inv5 x = true type item1 predicate invariant4 (self : Seq.seq item1) val invariant4 (self : Seq.seq item1) : bool @@ -689,7 +690,7 @@ module C12Zip_Impl0 val inv4 (_x : Seq.seq item1) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../12_zip.rs" 1 0 1 0] forall x : Seq.seq item1 . inv4 x = true + axiom inv4 : forall x : Seq.seq item1 . inv4 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant3 (self : Core_Option_Option_Type.t_option (item0, item1)) val invariant3 (self : Core_Option_Option_Type.t_option (item0, item1)) : bool @@ -699,7 +700,7 @@ module C12Zip_Impl0 val inv3 (_x : Core_Option_Option_Type.t_option (item0, item1)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../12_zip.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (item0, item1) . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option (item0, item1) . inv3 x = true use C12Zip_Zip_Type as C12Zip_Zip_Type use prelude.Borrow predicate invariant2 (self : borrowed (C12Zip_Zip_Type.t_zip a b)) @@ -710,7 +711,7 @@ module C12Zip_Impl0 val inv2 (_x : borrowed (C12Zip_Zip_Type.t_zip a b)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../12_zip.rs" 1 0 1 0] forall x : borrowed (C12Zip_Zip_Type.t_zip a b) . inv2 x = true + axiom inv2 : forall x : borrowed (C12Zip_Zip_Type.t_zip a b) . inv2 x = true predicate invariant1 (self : Seq.seq (item0, item1)) val invariant1 (self : Seq.seq (item0, item1)) : bool ensures { result = invariant1 self } @@ -719,7 +720,7 @@ module C12Zip_Impl0 val inv1 (_x : Seq.seq (item0, item1)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../12_zip.rs" 1 0 1 0] forall x : Seq.seq (item0, item1) . inv1 x = true + axiom inv1 : forall x : Seq.seq (item0, item1) . inv1 x = true predicate invariant0 (self : C12Zip_Zip_Type.t_zip a b) val invariant0 (self : C12Zip_Zip_Type.t_zip a b) : bool ensures { result = invariant0 self } @@ -728,7 +729,7 @@ module C12Zip_Impl0 val inv0 (_x : C12Zip_Zip_Type.t_zip a b) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../12_zip.rs" 1 0 1 0] forall x : C12Zip_Zip_Type.t_zip a b . inv0 x = true + axiom inv0 : forall x : C12Zip_Zip_Type.t_zip a b . inv0 x = true use seq.Seq predicate completed2 [#"../common.rs" 11 4 11 36] (self : borrowed b) val completed2 [#"../common.rs" 11 4 11 36] (self : borrowed b) : bool diff --git a/creusot/tests/should_succeed/iterators/13_cloned.mlcfg b/creusot/tests/should_succeed/iterators/13_cloned.mlcfg index b777e15747..7078fcd60e 100644 --- a/creusot/tests/should_succeed/iterators/13_cloned.mlcfg +++ b/creusot/tests/should_succeed/iterators/13_cloned.mlcfg @@ -19,7 +19,7 @@ module C13Cloned_Impl0_ProducesRefl_Impl val inv2 (_x : i) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../13_cloned.rs" 1 0 1 0] forall x : i . inv2 x = true + axiom inv2 : forall x : i . inv2 x = true use seq.Seq use seq.Seq predicate inv1 (_x : Seq.seq t) @@ -53,7 +53,7 @@ module C13Cloned_Impl0_ProducesRefl_Impl val invariant1 (self : Seq.seq t) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../13_cloned.rs" 1 0 1 0] forall x : Seq.seq t . inv1 x = true + axiom inv1 : forall x : Seq.seq t . inv1 x = true use C13Cloned_Cloned_Type as C13Cloned_Cloned_Type predicate invariant0 (self : C13Cloned_Cloned_Type.t_cloned i) val invariant0 (self : C13Cloned_Cloned_Type.t_cloned i) : bool @@ -63,7 +63,7 @@ module C13Cloned_Impl0_ProducesRefl_Impl val inv0 (_x : C13Cloned_Cloned_Type.t_cloned i) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../13_cloned.rs" 1 0 1 0] forall x : C13Cloned_Cloned_Type.t_cloned i . inv0 x = true + axiom inv0 : forall x : C13Cloned_Cloned_Type.t_cloned i . inv0 x = true use seq.Seq use seq.Seq use prelude.Int @@ -96,7 +96,7 @@ module C13Cloned_Impl0_ProducesTrans_Impl val inv3 (_x : i) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../13_cloned.rs" 1 0 1 0] forall x : i . inv3 x = true + axiom inv3 : forall x : i . inv3 x = true use seq.Seq use seq.Seq predicate inv2 (_x : Seq.seq t) @@ -130,7 +130,7 @@ module C13Cloned_Impl0_ProducesTrans_Impl val invariant2 (self : Seq.seq t) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../13_cloned.rs" 1 0 1 0] forall x : Seq.seq t . inv2 x = true + axiom inv2 : forall x : Seq.seq t . inv2 x = true predicate invariant1 (self : Seq.seq t) val invariant1 (self : Seq.seq t) : bool ensures { result = invariant1 self } @@ -139,7 +139,7 @@ module C13Cloned_Impl0_ProducesTrans_Impl val inv1 (_x : Seq.seq t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../13_cloned.rs" 1 0 1 0] forall x : Seq.seq t . inv1 x = true + axiom inv1 : forall x : Seq.seq t . inv1 x = true use C13Cloned_Cloned_Type as C13Cloned_Cloned_Type predicate invariant0 (self : C13Cloned_Cloned_Type.t_cloned i) val invariant0 (self : C13Cloned_Cloned_Type.t_cloned i) : bool @@ -149,7 +149,7 @@ module C13Cloned_Impl0_ProducesTrans_Impl val inv0 (_x : C13Cloned_Cloned_Type.t_cloned i) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../13_cloned.rs" 1 0 1 0] forall x : C13Cloned_Cloned_Type.t_cloned i . inv0 x = true + axiom inv0 : forall x : C13Cloned_Cloned_Type.t_cloned i . inv0 x = true use seq.Seq use seq.Seq use seq.Seq @@ -195,7 +195,7 @@ module C13Cloned_Impl0_Next val inv6 (_x : Seq.seq t) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../13_cloned.rs" 1 0 1 0] forall x : Seq.seq t . inv6 x = true + axiom inv6 : forall x : Seq.seq t . inv6 x = true predicate invariant5 (self : t) val invariant5 (self : t) : bool ensures { result = invariant5 self } @@ -204,7 +204,7 @@ module C13Cloned_Impl0_Next val inv5 (_x : t) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../13_cloned.rs" 1 0 1 0] forall x : t . inv5 x = true + axiom inv5 : forall x : t . inv5 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant4 (self : Core_Option_Option_Type.t_option t) val invariant4 (self : Core_Option_Option_Type.t_option t) : bool @@ -214,7 +214,7 @@ module C13Cloned_Impl0_Next val inv4 (_x : Core_Option_Option_Type.t_option t) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../13_cloned.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option t . inv4 x = true + axiom inv4 : forall x : Core_Option_Option_Type.t_option t . inv4 x = true use prelude.Borrow predicate invariant3 (self : borrowed i) val invariant3 (self : borrowed i) : bool @@ -224,7 +224,7 @@ module C13Cloned_Impl0_Next val inv3 (_x : borrowed i) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../13_cloned.rs" 1 0 1 0] forall x : borrowed i . inv3 x = true + axiom inv3 : forall x : borrowed i . inv3 x = true predicate invariant2 (self : Core_Option_Option_Type.t_option t) val invariant2 (self : Core_Option_Option_Type.t_option t) : bool ensures { result = invariant2 self } @@ -233,7 +233,7 @@ module C13Cloned_Impl0_Next val inv2 (_x : Core_Option_Option_Type.t_option t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../13_cloned.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option t . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option t . inv2 x = true use C13Cloned_Cloned_Type as C13Cloned_Cloned_Type predicate invariant1 (self : borrowed (C13Cloned_Cloned_Type.t_cloned i)) val invariant1 (self : borrowed (C13Cloned_Cloned_Type.t_cloned i)) : bool @@ -243,7 +243,7 @@ module C13Cloned_Impl0_Next val inv1 (_x : borrowed (C13Cloned_Cloned_Type.t_cloned i)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../13_cloned.rs" 1 0 1 0] forall x : borrowed (C13Cloned_Cloned_Type.t_cloned i) . inv1 x = true + axiom inv1 : forall x : borrowed (C13Cloned_Cloned_Type.t_cloned i) . inv1 x = true use seq.Seq predicate inv0 (_x : i) val inv0 (_x : i) : bool @@ -276,7 +276,7 @@ module C13Cloned_Impl0_Next val invariant0 (self : i) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../13_cloned.rs" 1 0 1 0] forall x : i . inv0 x = true + axiom inv0 : forall x : i . inv0 x = true use seq.Seq use seq.Seq use prelude.Int @@ -336,17 +336,17 @@ module C13Cloned_Impl0_Next goto BB0 } BB0 { - _4 <- Borrow.borrow_mut (C13Cloned_Cloned_Type.cloned_iter ( * self)); - self <- { self with current = (let C13Cloned_Cloned_Type.C_Cloned x0 = * self in C13Cloned_Cloned_Type.C_Cloned ( ^ _4)) }; + [#"../13_cloned.rs" 53 8 53 24] _4 <- Borrow.borrow_mut (C13Cloned_Cloned_Type.cloned_iter ( * self)); + [#"../13_cloned.rs" 53 8 53 24] self <- { self with current = (let C13Cloned_Cloned_Type.C_Cloned x0 = * self in C13Cloned_Cloned_Type.C_Cloned ( ^ _4)) }; assume { inv0 ( ^ _4) }; - _3 <- ([#"../13_cloned.rs" 53 8 53 24] next0 _4); + [#"../13_cloned.rs" 53 8 53 24] _3 <- ([#"../13_cloned.rs" 53 8 53 24] next0 _4); _4 <- any borrowed i; goto BB1 } BB1 { assert { [@expl:type invariant] inv1 self }; assume { resolve0 self }; - _0 <- ([#"../13_cloned.rs" 53 8 53 33] cloned0 _3); + [#"../13_cloned.rs" 53 8 53 33] _0 <- ([#"../13_cloned.rs" 53 8 53 33] cloned0 _3); _3 <- any Core_Option_Option_Type.t_option t; goto BB2 } @@ -367,7 +367,7 @@ module C13Cloned_Impl0 val inv4 (_x : Seq.seq t) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../13_cloned.rs" 1 0 1 0] forall x : Seq.seq t . inv4 x = true + axiom inv4 : forall x : Seq.seq t . inv4 x = true predicate invariant3 (self : Seq.seq t) val invariant3 (self : Seq.seq t) : bool ensures { result = invariant3 self } @@ -376,7 +376,7 @@ module C13Cloned_Impl0 val inv3 (_x : Seq.seq t) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../13_cloned.rs" 1 0 1 0] forall x : Seq.seq t . inv3 x = true + axiom inv3 : forall x : Seq.seq t . inv3 x = true use C13Cloned_Cloned_Type as C13Cloned_Cloned_Type predicate invariant2 (self : C13Cloned_Cloned_Type.t_cloned i) val invariant2 (self : C13Cloned_Cloned_Type.t_cloned i) : bool @@ -386,7 +386,7 @@ module C13Cloned_Impl0 val inv2 (_x : C13Cloned_Cloned_Type.t_cloned i) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../13_cloned.rs" 1 0 1 0] forall x : C13Cloned_Cloned_Type.t_cloned i . inv2 x = true + axiom inv2 : forall x : C13Cloned_Cloned_Type.t_cloned i . inv2 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant1 (self : Core_Option_Option_Type.t_option t) val invariant1 (self : Core_Option_Option_Type.t_option t) : bool @@ -396,7 +396,7 @@ module C13Cloned_Impl0 val inv1 (_x : Core_Option_Option_Type.t_option t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../13_cloned.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option t . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option t . inv1 x = true use prelude.Borrow predicate invariant0 (self : borrowed (C13Cloned_Cloned_Type.t_cloned i)) val invariant0 (self : borrowed (C13Cloned_Cloned_Type.t_cloned i)) : bool @@ -406,7 +406,7 @@ module C13Cloned_Impl0 val inv0 (_x : borrowed (C13Cloned_Cloned_Type.t_cloned i)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../13_cloned.rs" 1 0 1 0] forall x : borrowed (C13Cloned_Cloned_Type.t_cloned i) . inv0 x = true + axiom inv0 : forall x : borrowed (C13Cloned_Cloned_Type.t_cloned i) . inv0 x = true use seq.Seq use seq.Seq use seq.Seq diff --git a/creusot/tests/should_succeed/iterators/14_copied.mlcfg b/creusot/tests/should_succeed/iterators/14_copied.mlcfg index 01b87d194d..f101739fda 100644 --- a/creusot/tests/should_succeed/iterators/14_copied.mlcfg +++ b/creusot/tests/should_succeed/iterators/14_copied.mlcfg @@ -19,7 +19,7 @@ module C14Copied_Impl0_ProducesRefl_Impl val inv2 (_x : i) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../14_copied.rs" 1 0 1 0] forall x : i . inv2 x = true + axiom inv2 : forall x : i . inv2 x = true use seq.Seq use seq.Seq predicate inv1 (_x : Seq.seq t) @@ -53,7 +53,7 @@ module C14Copied_Impl0_ProducesRefl_Impl val invariant1 (self : Seq.seq t) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../14_copied.rs" 1 0 1 0] forall x : Seq.seq t . inv1 x = true + axiom inv1 : forall x : Seq.seq t . inv1 x = true use C14Copied_Copied_Type as C14Copied_Copied_Type predicate invariant0 (self : C14Copied_Copied_Type.t_copied i) val invariant0 (self : C14Copied_Copied_Type.t_copied i) : bool @@ -63,7 +63,7 @@ module C14Copied_Impl0_ProducesRefl_Impl val inv0 (_x : C14Copied_Copied_Type.t_copied i) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../14_copied.rs" 1 0 1 0] forall x : C14Copied_Copied_Type.t_copied i . inv0 x = true + axiom inv0 : forall x : C14Copied_Copied_Type.t_copied i . inv0 x = true use seq.Seq use seq.Seq use prelude.Int @@ -96,7 +96,7 @@ module C14Copied_Impl0_ProducesTrans_Impl val inv3 (_x : i) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../14_copied.rs" 1 0 1 0] forall x : i . inv3 x = true + axiom inv3 : forall x : i . inv3 x = true use seq.Seq use seq.Seq predicate inv2 (_x : Seq.seq t) @@ -130,7 +130,7 @@ module C14Copied_Impl0_ProducesTrans_Impl val invariant2 (self : Seq.seq t) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../14_copied.rs" 1 0 1 0] forall x : Seq.seq t . inv2 x = true + axiom inv2 : forall x : Seq.seq t . inv2 x = true predicate invariant1 (self : Seq.seq t) val invariant1 (self : Seq.seq t) : bool ensures { result = invariant1 self } @@ -139,7 +139,7 @@ module C14Copied_Impl0_ProducesTrans_Impl val inv1 (_x : Seq.seq t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../14_copied.rs" 1 0 1 0] forall x : Seq.seq t . inv1 x = true + axiom inv1 : forall x : Seq.seq t . inv1 x = true use C14Copied_Copied_Type as C14Copied_Copied_Type predicate invariant0 (self : C14Copied_Copied_Type.t_copied i) val invariant0 (self : C14Copied_Copied_Type.t_copied i) : bool @@ -149,7 +149,7 @@ module C14Copied_Impl0_ProducesTrans_Impl val inv0 (_x : C14Copied_Copied_Type.t_copied i) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../14_copied.rs" 1 0 1 0] forall x : C14Copied_Copied_Type.t_copied i . inv0 x = true + axiom inv0 : forall x : C14Copied_Copied_Type.t_copied i . inv0 x = true use seq.Seq use seq.Seq use seq.Seq @@ -195,7 +195,7 @@ module C14Copied_Impl0_Next val inv6 (_x : Seq.seq t) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../14_copied.rs" 1 0 1 0] forall x : Seq.seq t . inv6 x = true + axiom inv6 : forall x : Seq.seq t . inv6 x = true predicate invariant5 (self : t) val invariant5 (self : t) : bool ensures { result = invariant5 self } @@ -204,7 +204,7 @@ module C14Copied_Impl0_Next val inv5 (_x : t) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../14_copied.rs" 1 0 1 0] forall x : t . inv5 x = true + axiom inv5 : forall x : t . inv5 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant4 (self : Core_Option_Option_Type.t_option t) val invariant4 (self : Core_Option_Option_Type.t_option t) : bool @@ -214,7 +214,7 @@ module C14Copied_Impl0_Next val inv4 (_x : Core_Option_Option_Type.t_option t) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../14_copied.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option t . inv4 x = true + axiom inv4 : forall x : Core_Option_Option_Type.t_option t . inv4 x = true use prelude.Borrow predicate invariant3 (self : borrowed i) val invariant3 (self : borrowed i) : bool @@ -224,7 +224,7 @@ module C14Copied_Impl0_Next val inv3 (_x : borrowed i) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../14_copied.rs" 1 0 1 0] forall x : borrowed i . inv3 x = true + axiom inv3 : forall x : borrowed i . inv3 x = true predicate invariant2 (self : Core_Option_Option_Type.t_option t) val invariant2 (self : Core_Option_Option_Type.t_option t) : bool ensures { result = invariant2 self } @@ -233,7 +233,7 @@ module C14Copied_Impl0_Next val inv2 (_x : Core_Option_Option_Type.t_option t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../14_copied.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option t . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option t . inv2 x = true use C14Copied_Copied_Type as C14Copied_Copied_Type predicate invariant1 (self : borrowed (C14Copied_Copied_Type.t_copied i)) val invariant1 (self : borrowed (C14Copied_Copied_Type.t_copied i)) : bool @@ -243,7 +243,7 @@ module C14Copied_Impl0_Next val inv1 (_x : borrowed (C14Copied_Copied_Type.t_copied i)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../14_copied.rs" 1 0 1 0] forall x : borrowed (C14Copied_Copied_Type.t_copied i) . inv1 x = true + axiom inv1 : forall x : borrowed (C14Copied_Copied_Type.t_copied i) . inv1 x = true use seq.Seq predicate inv0 (_x : i) val inv0 (_x : i) : bool @@ -276,7 +276,7 @@ module C14Copied_Impl0_Next val invariant0 (self : i) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../14_copied.rs" 1 0 1 0] forall x : i . inv0 x = true + axiom inv0 : forall x : i . inv0 x = true use seq.Seq use seq.Seq use prelude.Int @@ -336,17 +336,17 @@ module C14Copied_Impl0_Next goto BB0 } BB0 { - _4 <- Borrow.borrow_mut (C14Copied_Copied_Type.copied_iter ( * self)); - self <- { self with current = (let C14Copied_Copied_Type.C_Copied x0 = * self in C14Copied_Copied_Type.C_Copied ( ^ _4)) }; + [#"../14_copied.rs" 53 8 53 24] _4 <- Borrow.borrow_mut (C14Copied_Copied_Type.copied_iter ( * self)); + [#"../14_copied.rs" 53 8 53 24] self <- { self with current = (let C14Copied_Copied_Type.C_Copied x0 = * self in C14Copied_Copied_Type.C_Copied ( ^ _4)) }; assume { inv0 ( ^ _4) }; - _3 <- ([#"../14_copied.rs" 53 8 53 24] next0 _4); + [#"../14_copied.rs" 53 8 53 24] _3 <- ([#"../14_copied.rs" 53 8 53 24] next0 _4); _4 <- any borrowed i; goto BB1 } BB1 { assert { [@expl:type invariant] inv1 self }; assume { resolve0 self }; - _0 <- ([#"../14_copied.rs" 53 8 53 33] copied0 _3); + [#"../14_copied.rs" 53 8 53 33] _0 <- ([#"../14_copied.rs" 53 8 53 33] copied0 _3); _3 <- any Core_Option_Option_Type.t_option t; goto BB2 } @@ -367,7 +367,7 @@ module C14Copied_Impl0 val inv4 (_x : Seq.seq t) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../14_copied.rs" 1 0 1 0] forall x : Seq.seq t . inv4 x = true + axiom inv4 : forall x : Seq.seq t . inv4 x = true predicate invariant3 (self : Seq.seq t) val invariant3 (self : Seq.seq t) : bool ensures { result = invariant3 self } @@ -376,7 +376,7 @@ module C14Copied_Impl0 val inv3 (_x : Seq.seq t) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../14_copied.rs" 1 0 1 0] forall x : Seq.seq t . inv3 x = true + axiom inv3 : forall x : Seq.seq t . inv3 x = true use C14Copied_Copied_Type as C14Copied_Copied_Type predicate invariant2 (self : C14Copied_Copied_Type.t_copied i) val invariant2 (self : C14Copied_Copied_Type.t_copied i) : bool @@ -386,7 +386,7 @@ module C14Copied_Impl0 val inv2 (_x : C14Copied_Copied_Type.t_copied i) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../14_copied.rs" 1 0 1 0] forall x : C14Copied_Copied_Type.t_copied i . inv2 x = true + axiom inv2 : forall x : C14Copied_Copied_Type.t_copied i . inv2 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant1 (self : Core_Option_Option_Type.t_option t) val invariant1 (self : Core_Option_Option_Type.t_option t) : bool @@ -396,7 +396,7 @@ module C14Copied_Impl0 val inv1 (_x : Core_Option_Option_Type.t_option t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../14_copied.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option t . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option t . inv1 x = true use prelude.Borrow predicate invariant0 (self : borrowed (C14Copied_Copied_Type.t_copied i)) val invariant0 (self : borrowed (C14Copied_Copied_Type.t_copied i)) : bool @@ -406,7 +406,7 @@ module C14Copied_Impl0 val inv0 (_x : borrowed (C14Copied_Copied_Type.t_copied i)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../14_copied.rs" 1 0 1 0] forall x : borrowed (C14Copied_Copied_Type.t_copied i) . inv0 x = true + axiom inv0 : forall x : borrowed (C14Copied_Copied_Type.t_copied i) . inv0 x = true use seq.Seq use seq.Seq use seq.Seq diff --git a/creusot/tests/should_succeed/iterators/15_enumerate.mlcfg b/creusot/tests/should_succeed/iterators/15_enumerate.mlcfg index 07205b8bba..f4bee820aa 100644 --- a/creusot/tests/should_succeed/iterators/15_enumerate.mlcfg +++ b/creusot/tests/should_succeed/iterators/15_enumerate.mlcfg @@ -25,7 +25,7 @@ module C15Enumerate_Impl0_ProducesRefl_Impl val inv3 (_x : borrowed i) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../15_enumerate.rs" 1 0 1 0] forall x : borrowed i . inv3 x = true + axiom inv3 : forall x : borrowed i . inv3 x = true predicate invariant2 (self : i) val invariant2 (self : i) : bool ensures { result = invariant2 self } @@ -34,7 +34,7 @@ module C15Enumerate_Impl0_ProducesRefl_Impl val inv2 (_x : i) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../15_enumerate.rs" 1 0 1 0] forall x : i . inv2 x = true + axiom inv2 : forall x : i . inv2 x = true type item0 use seq.Seq predicate invariant1 (self : Seq.seq item0) @@ -45,7 +45,7 @@ module C15Enumerate_Impl0_ProducesRefl_Impl val inv1 (_x : Seq.seq item0) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../15_enumerate.rs" 1 0 1 0] forall x : Seq.seq item0 . inv1 x = true + axiom inv1 : forall x : Seq.seq item0 . inv1 x = true use seq.Seq predicate produces1 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) val produces1 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) : bool @@ -91,7 +91,7 @@ module C15Enumerate_Impl0_ProducesRefl_Impl val inv0 (_x : C15Enumerate_Enumerate_Type.t_enumerate i) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../15_enumerate.rs" 1 0 1 0] forall x : C15Enumerate_Enumerate_Type.t_enumerate i . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : C15Enumerate_Enumerate_Type.t_enumerate i . inv0 x = (invariant0 x /\ match x with | C15Enumerate_Enumerate_Type.C_Enumerate iter count -> true end) use seq.Seq @@ -123,7 +123,7 @@ module C15Enumerate_Impl0_ProducesTrans_Impl val inv4 (_x : borrowed i) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../15_enumerate.rs" 1 0 1 0] forall x : borrowed i . inv4 x = true + axiom inv4 : forall x : borrowed i . inv4 x = true predicate invariant3 (self : i) val invariant3 (self : i) : bool ensures { result = invariant3 self } @@ -132,7 +132,7 @@ module C15Enumerate_Impl0_ProducesTrans_Impl val inv3 (_x : i) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../15_enumerate.rs" 1 0 1 0] forall x : i . inv3 x = true + axiom inv3 : forall x : i . inv3 x = true type item0 use seq.Seq predicate invariant2 (self : Seq.seq item0) @@ -143,7 +143,7 @@ module C15Enumerate_Impl0_ProducesTrans_Impl val inv2 (_x : Seq.seq item0) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../15_enumerate.rs" 1 0 1 0] forall x : Seq.seq item0 . inv2 x = true + axiom inv2 : forall x : Seq.seq item0 . inv2 x = true use seq.Seq predicate produces1 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) val produces1 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) : bool @@ -178,7 +178,7 @@ module C15Enumerate_Impl0_ProducesTrans_Impl val inv1 (_x : Seq.seq (usize, item0)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../15_enumerate.rs" 1 0 1 0] forall x : Seq.seq (usize, item0) . inv1 x = true + axiom inv1 : forall x : Seq.seq (usize, item0) . inv1 x = true predicate completed0 [#"../common.rs" 11 4 11 36] (self : borrowed i) val completed0 [#"../common.rs" 11 4 11 36] (self : borrowed i) : bool ensures { result = completed0 self } @@ -198,7 +198,7 @@ module C15Enumerate_Impl0_ProducesTrans_Impl val inv0 (_x : C15Enumerate_Enumerate_Type.t_enumerate i) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../15_enumerate.rs" 1 0 1 0] forall x : C15Enumerate_Enumerate_Type.t_enumerate i . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : C15Enumerate_Enumerate_Type.t_enumerate i . inv0 x = (invariant0 x /\ match x with | C15Enumerate_Enumerate_Type.C_Enumerate iter count -> true end) use seq.Seq @@ -278,19 +278,19 @@ module C15Enumerate_Impl0_Next val inv6 (_x : C15Enumerate_Enumerate_Type.t_enumerate i) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../15_enumerate.rs" 1 0 1 0] forall x : C15Enumerate_Enumerate_Type.t_enumerate i . inv6 x = (invariant6 x /\ match x with + axiom inv6 : forall x : C15Enumerate_Enumerate_Type.t_enumerate i . inv6 x = (invariant6 x /\ match x with | C15Enumerate_Enumerate_Type.C_Enumerate iter count -> true end) predicate invariant5 (self : Seq.seq item0) val invariant5 (self : Seq.seq item0) : bool ensures { result = invariant5 self } - axiom inv5 : [#"../15_enumerate.rs" 1 0 1 0] forall x : Seq.seq item0 . inv5 x = true + axiom inv5 : forall x : Seq.seq item0 . inv5 x = true predicate invariant4 (self : borrowed i) val invariant4 (self : borrowed i) : bool ensures { result = invariant4 self } - axiom inv4 : [#"../15_enumerate.rs" 1 0 1 0] forall x : borrowed i . inv4 x = true + axiom inv4 : forall x : borrowed i . inv4 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant3 (self : Core_Option_Option_Type.t_option (usize, item0)) val invariant3 (self : Core_Option_Option_Type.t_option (usize, item0)) : bool @@ -300,7 +300,7 @@ module C15Enumerate_Impl0_Next val inv3 (_x : Core_Option_Option_Type.t_option (usize, item0)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../15_enumerate.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (usize, item0) . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option (usize, item0) . inv3 x = true predicate invariant2 (self : borrowed (C15Enumerate_Enumerate_Type.t_enumerate i)) val invariant2 (self : borrowed (C15Enumerate_Enumerate_Type.t_enumerate i)) : bool ensures { result = invariant2 self } @@ -309,7 +309,7 @@ module C15Enumerate_Impl0_Next val inv2 (_x : borrowed (C15Enumerate_Enumerate_Type.t_enumerate i)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../15_enumerate.rs" 1 0 1 0] forall x : borrowed (C15Enumerate_Enumerate_Type.t_enumerate i) . inv2 x = (inv6 ( * x) /\ inv6 ( ^ x)) + axiom inv2 : forall x : borrowed (C15Enumerate_Enumerate_Type.t_enumerate i) . inv2 x = (inv6 ( * x) /\ inv6 ( ^ x)) predicate invariant1 (self : Core_Option_Option_Type.t_option item0) val invariant1 (self : Core_Option_Option_Type.t_option item0) : bool ensures { result = invariant1 self } @@ -318,7 +318,7 @@ module C15Enumerate_Impl0_Next val inv1 (_x : Core_Option_Option_Type.t_option item0) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../15_enumerate.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option item0 . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option item0 . inv1 x = true use seq.Seq function produces_trans0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq.seq item0) (b : i) (bc : Seq.seq item0) (c : i) : () @@ -343,7 +343,7 @@ module C15Enumerate_Impl0_Next val invariant0 (self : i) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../15_enumerate.rs" 1 0 1 0] forall x : i . inv0 x = true + axiom inv0 : forall x : i . inv0 x = true use seq.Seq use seq.Seq use seq.Seq @@ -398,10 +398,10 @@ module C15Enumerate_Impl0_Next goto BB0 } BB0 { - _4 <- Borrow.borrow_mut (C15Enumerate_Enumerate_Type.enumerate_iter ( * self)); - self <- { self with current = (let C15Enumerate_Enumerate_Type.C_Enumerate x0 x1 = * self in C15Enumerate_Enumerate_Type.C_Enumerate ( ^ _4) x1) }; + [#"../15_enumerate.rs" 54 14 54 30] _4 <- Borrow.borrow_mut (C15Enumerate_Enumerate_Type.enumerate_iter ( * self)); + [#"../15_enumerate.rs" 54 14 54 30] self <- { self with current = (let C15Enumerate_Enumerate_Type.C_Enumerate x0 x1 = * self in C15Enumerate_Enumerate_Type.C_Enumerate ( ^ _4) x1) }; assume { inv0 ( ^ _4) }; - _3 <- ([#"../15_enumerate.rs" 54 14 54 30] next0 _4); + [#"../15_enumerate.rs" 54 14 54 30] _3 <- ([#"../15_enumerate.rs" 54 14 54 30] next0 _4); _4 <- any borrowed i; goto BB1 } @@ -415,12 +415,12 @@ module C15Enumerate_Impl0_Next goto BB5 } BB3 { - x <- Core_Option_Option_Type.some_0 _3; - _3 <- (let Core_Option_Option_Type.C_Some x0 = _3 in Core_Option_Option_Type.C_Some (any item0)); + [#"../15_enumerate.rs" 56 17 56 18] x <- ([#"../15_enumerate.rs" 56 17 56 18] Core_Option_Option_Type.some_0 _3); + [#"../15_enumerate.rs" 56 17 56 18] _3 <- (let Core_Option_Option_Type.C_Some x0 = _3 in Core_Option_Option_Type.C_Some (any item0)); assert { [@expl:type invariant] inv1 _3 }; assume { resolve0 _3 }; - n <- C15Enumerate_Enumerate_Type.enumerate_count ( * self); - self <- { self with current = (let C15Enumerate_Enumerate_Type.C_Enumerate x0 x1 = * self in C15Enumerate_Enumerate_Type.C_Enumerate x0 ([#"../15_enumerate.rs" 58 16 58 31] C15Enumerate_Enumerate_Type.enumerate_count ( * self) + ([#"../15_enumerate.rs" 58 30 58 31] [#"../15_enumerate.rs" 58 30 58 31] (1 : usize)))) }; + [#"../15_enumerate.rs" 57 24 57 34] n <- ([#"../15_enumerate.rs" 57 24 57 34] C15Enumerate_Enumerate_Type.enumerate_count ( * self)); + [#"../15_enumerate.rs" 58 16 58 31] self <- { self with current = (let C15Enumerate_Enumerate_Type.C_Enumerate x0 x1 = * self in C15Enumerate_Enumerate_Type.C_Enumerate x0 ([#"../15_enumerate.rs" 58 16 58 31] C15Enumerate_Enumerate_Type.enumerate_count ( * self) + ([#"../15_enumerate.rs" 58 30 58 31] [#"../15_enumerate.rs" 58 30 58 31] (1 : usize)))) }; assert { [@expl:type invariant] inv2 self }; assume { resolve1 self }; goto BB6 @@ -430,6 +430,7 @@ module C15Enumerate_Impl0_Next assume { resolve0 _3 }; assert { [@expl:type invariant] inv2 self }; assume { resolve1 self }; + assert { [#"../15_enumerate.rs" 54 14 54 30] false }; absurd } BB5 { @@ -437,12 +438,12 @@ module C15Enumerate_Impl0_Next assume { resolve0 _3 }; assert { [@expl:type invariant] inv2 self }; assume { resolve1 self }; - _0 <- ([#"../15_enumerate.rs" 55 20 55 24] Core_Option_Option_Type.C_None); + [#"../15_enumerate.rs" 55 20 55 24] _0 <- ([#"../15_enumerate.rs" 55 20 55 24] Core_Option_Option_Type.C_None); goto BB9 } BB6 { - _0 <- ([#"../15_enumerate.rs" 59 16 59 28] Core_Option_Option_Type.C_Some ([#"../15_enumerate.rs" 59 21 59 27] (n, x))); - x <- any item0; + [#"../15_enumerate.rs" 59 16 59 28] _0 <- ([#"../15_enumerate.rs" 59 16 59 28] Core_Option_Option_Type.C_Some ([#"../15_enumerate.rs" 59 21 59 27] (([#"../15_enumerate.rs" 59 22 59 23] n), ([#"../15_enumerate.rs" 59 25 59 26] x)))); + [#"../15_enumerate.rs" 59 25 59 26] x <- any item0; goto BB7 } BB7 { @@ -501,19 +502,19 @@ module C15Enumerate_Enumerate val inv3 (_x : C15Enumerate_Enumerate_Type.t_enumerate i) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../15_enumerate.rs" 1 0 1 0] forall x : C15Enumerate_Enumerate_Type.t_enumerate i . inv3 x = (invariant3 x /\ match x with + axiom inv3 : forall x : C15Enumerate_Enumerate_Type.t_enumerate i . inv3 x = (invariant3 x /\ match x with | C15Enumerate_Enumerate_Type.C_Enumerate iter count -> true end) predicate invariant2 (self : Seq.seq item0) val invariant2 (self : Seq.seq item0) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../15_enumerate.rs" 1 0 1 0] forall x : Seq.seq item0 . inv2 x = true + axiom inv2 : forall x : Seq.seq item0 . inv2 x = true predicate invariant1 (self : i) val invariant1 (self : i) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../15_enumerate.rs" 1 0 1 0] forall x : i . inv1 x = true + axiom inv1 : forall x : i . inv1 x = true use seq.Seq function produces_trans0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq.seq item0) (b : i) (bc : Seq.seq item0) (c : i) : () @@ -538,7 +539,7 @@ module C15Enumerate_Enumerate val invariant0 (self : borrowed i) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../15_enumerate.rs" 1 0 1 0] forall x : borrowed i . inv0 x = true + axiom inv0 : forall x : borrowed i . inv0 x = true let rec cfg enumerate [#"../15_enumerate.rs" 81 0 81 54] [@cfg:stackify] [@cfg:subregion_analysis] (iter : i) : C15Enumerate_Enumerate_Type.t_enumerate i requires {[#"../15_enumerate.rs" 79 0 79 75] forall i : borrowed i . inv0 i -> completed0 i -> produces0 ( * i) (Seq.empty ) ( ^ i)} requires {[#"../15_enumerate.rs" 80 0 80 93] forall i : i . forall s : Seq.seq item0 . inv1 i -> inv2 s -> produces0 iter s i -> Seq.length s < UIntSize.to_int max0} @@ -555,8 +556,8 @@ module C15Enumerate_Enumerate goto BB1 } BB1 { - _0 <- ([#"../15_enumerate.rs" 82 4 82 32] C15Enumerate_Enumerate_Type.C_Enumerate iter ([#"../15_enumerate.rs" 82 29 82 30] [#"../15_enumerate.rs" 82 29 82 30] (0 : usize))); - iter <- any i; + [#"../15_enumerate.rs" 82 4 82 32] _0 <- ([#"../15_enumerate.rs" 82 4 82 32] C15Enumerate_Enumerate_Type.C_Enumerate ([#"../15_enumerate.rs" 82 16 82 20] iter) ([#"../15_enumerate.rs" 82 29 82 30] [#"../15_enumerate.rs" 82 29 82 30] (0 : usize))); + [#"../15_enumerate.rs" 82 16 82 20] iter <- any i; goto BB2 } BB2 { @@ -578,7 +579,7 @@ module C15Enumerate_Impl0 val inv6 (_x : borrowed i) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../15_enumerate.rs" 1 0 1 0] forall x : borrowed i . inv6 x = true + axiom inv6 : forall x : borrowed i . inv6 x = true predicate invariant5 (self : i) val invariant5 (self : i) : bool ensures { result = invariant5 self } @@ -587,7 +588,7 @@ module C15Enumerate_Impl0 val inv5 (_x : i) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../15_enumerate.rs" 1 0 1 0] forall x : i . inv5 x = true + axiom inv5 : forall x : i . inv5 x = true type item0 use seq.Seq predicate invariant4 (self : Seq.seq item0) @@ -598,7 +599,7 @@ module C15Enumerate_Impl0 val inv4 (_x : Seq.seq item0) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../15_enumerate.rs" 1 0 1 0] forall x : Seq.seq item0 . inv4 x = true + axiom inv4 : forall x : Seq.seq item0 . inv4 x = true use prelude.UIntSize predicate invariant3 (self : Seq.seq (usize, item0)) val invariant3 (self : Seq.seq (usize, item0)) : bool @@ -608,7 +609,7 @@ module C15Enumerate_Impl0 val inv3 (_x : Seq.seq (usize, item0)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../15_enumerate.rs" 1 0 1 0] forall x : Seq.seq (usize, item0) . inv3 x = true + axiom inv3 : forall x : Seq.seq (usize, item0) . inv3 x = true use seq.Seq predicate completed1 [#"../common.rs" 11 4 11 36] (self : borrowed i) val completed1 [#"../common.rs" 11 4 11 36] (self : borrowed i) : bool @@ -633,7 +634,7 @@ module C15Enumerate_Impl0 val inv2 (_x : C15Enumerate_Enumerate_Type.t_enumerate i) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../15_enumerate.rs" 1 0 1 0] forall x : C15Enumerate_Enumerate_Type.t_enumerate i . inv2 x = (invariant2 x /\ match x with + axiom inv2 : forall x : C15Enumerate_Enumerate_Type.t_enumerate i . inv2 x = (invariant2 x /\ match x with | C15Enumerate_Enumerate_Type.C_Enumerate iter count -> true end) use Core_Option_Option_Type as Core_Option_Option_Type @@ -645,7 +646,7 @@ module C15Enumerate_Impl0 val inv1 (_x : Core_Option_Option_Type.t_option (usize, item0)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../15_enumerate.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (usize, item0) . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option (usize, item0) . inv1 x = true predicate invariant0 (self : borrowed (C15Enumerate_Enumerate_Type.t_enumerate i)) val invariant0 (self : borrowed (C15Enumerate_Enumerate_Type.t_enumerate i)) : bool ensures { result = invariant0 self } @@ -654,7 +655,7 @@ module C15Enumerate_Impl0 val inv0 (_x : borrowed (C15Enumerate_Enumerate_Type.t_enumerate i)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../15_enumerate.rs" 1 0 1 0] forall x : borrowed (C15Enumerate_Enumerate_Type.t_enumerate i) . inv0 x = (inv2 ( * x) /\ inv2 ( ^ x)) + axiom inv0 : forall x : borrowed (C15Enumerate_Enumerate_Type.t_enumerate i) . inv0 x = (inv2 ( * x) /\ inv2 ( ^ x)) use seq.Seq use seq.Seq use seq.Seq diff --git a/creusot/tests/should_succeed/iterators/16_take.mlcfg b/creusot/tests/should_succeed/iterators/16_take.mlcfg index c3991e812c..09235defd8 100644 --- a/creusot/tests/should_succeed/iterators/16_take.mlcfg +++ b/creusot/tests/should_succeed/iterators/16_take.mlcfg @@ -26,7 +26,7 @@ module C16Take_Impl0_ProducesRefl_Impl val inv2 (_x : Seq.seq item0) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../16_take.rs" 1 0 1 0] forall x : Seq.seq item0 . inv2 x = true + axiom inv2 : forall x : Seq.seq item0 . inv2 x = true predicate invariant1 (self : i) val invariant1 (self : i) : bool ensures { result = invariant1 self } @@ -35,7 +35,7 @@ module C16Take_Impl0_ProducesRefl_Impl val inv1 (_x : i) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../16_take.rs" 1 0 1 0] forall x : i . inv1 x = true + axiom inv1 : forall x : i . inv1 x = true use seq.Seq predicate produces1 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) val produces1 [#"../common.rs" 8 4 8 66] (self : i) (visited : Seq.seq item0) (_o : i) : bool @@ -70,7 +70,7 @@ module C16Take_Impl0_ProducesRefl_Impl val inv0 (_x : C16Take_Take_Type.t_take i) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../16_take.rs" 1 0 1 0] forall x : C16Take_Take_Type.t_take i . inv0 x = true + axiom inv0 : forall x : C16Take_Take_Type.t_take i . inv0 x = true use prelude.Int use seq.Seq use prelude.UIntSize @@ -98,7 +98,7 @@ module C16Take_Impl0_ProducesTrans_Impl val inv2 (_x : i) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../16_take.rs" 1 0 1 0] forall x : i . inv2 x = true + axiom inv2 : forall x : i . inv2 x = true type item0 use seq.Seq use seq.Seq @@ -134,7 +134,7 @@ module C16Take_Impl0_ProducesTrans_Impl val invariant1 (self : Seq.seq item0) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../16_take.rs" 1 0 1 0] forall x : Seq.seq item0 . inv1 x = true + axiom inv1 : forall x : Seq.seq item0 . inv1 x = true use C16Take_Take_Type as C16Take_Take_Type predicate invariant0 (self : C16Take_Take_Type.t_take i) val invariant0 (self : C16Take_Take_Type.t_take i) : bool @@ -144,7 +144,7 @@ module C16Take_Impl0_ProducesTrans_Impl val inv0 (_x : C16Take_Take_Type.t_take i) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../16_take.rs" 1 0 1 0] forall x : C16Take_Take_Type.t_take i . inv0 x = true + axiom inv0 : forall x : C16Take_Take_Type.t_take i . inv0 x = true use prelude.Int use seq.Seq use prelude.UIntSize @@ -186,7 +186,7 @@ module C16Take_Impl0_Next val inv4 (_x : Seq.seq item0) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../16_take.rs" 1 0 1 0] forall x : Seq.seq item0 . inv4 x = true + axiom inv4 : forall x : Seq.seq item0 . inv4 x = true use prelude.Borrow predicate invariant3 (self : borrowed i) val invariant3 (self : borrowed i) : bool @@ -196,7 +196,7 @@ module C16Take_Impl0_Next val inv3 (_x : borrowed i) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../16_take.rs" 1 0 1 0] forall x : borrowed i . inv3 x = true + axiom inv3 : forall x : borrowed i . inv3 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant2 (self : Core_Option_Option_Type.t_option item0) val invariant2 (self : Core_Option_Option_Type.t_option item0) : bool @@ -206,7 +206,7 @@ module C16Take_Impl0_Next val inv2 (_x : Core_Option_Option_Type.t_option item0) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../16_take.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option item0 . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option item0 . inv2 x = true use seq.Seq predicate inv1 (_x : i) val inv1 (_x : i) : bool @@ -240,7 +240,7 @@ module C16Take_Impl0_Next val invariant1 (self : i) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../16_take.rs" 1 0 1 0] forall x : i . inv1 x = true + axiom inv1 : forall x : i . inv1 x = true use C16Take_Take_Type as C16Take_Take_Type predicate invariant0 (self : borrowed (C16Take_Take_Type.t_take i)) val invariant0 (self : borrowed (C16Take_Take_Type.t_take i)) : bool @@ -250,7 +250,7 @@ module C16Take_Impl0_Next val inv0 (_x : borrowed (C16Take_Take_Type.t_take i)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../16_take.rs" 1 0 1 0] forall x : borrowed (C16Take_Take_Type.t_take i) . inv0 x = true + axiom inv0 : forall x : borrowed (C16Take_Take_Type.t_take i) . inv0 x = true use prelude.Int use seq.Seq use prelude.UIntSize @@ -301,17 +301,17 @@ module C16Take_Impl0_Next goto BB0 } BB0 { - switch ([#"../16_take.rs" 54 11 54 22] C16Take_Take_Type.take_n ( * self) <> ([#"../16_take.rs" 54 21 54 22] [#"../16_take.rs" 54 21 54 22] (0 : usize))) + switch ([#"../16_take.rs" 54 11 54 22] ([#"../16_take.rs" 54 11 54 17] C16Take_Take_Type.take_n ( * self)) <> ([#"../16_take.rs" 54 21 54 22] [#"../16_take.rs" 54 21 54 22] (0 : usize))) | False -> goto BB3 | True -> goto BB1 end } BB1 { - self <- { self with current = (let C16Take_Take_Type.C_Take x0 x1 = * self in C16Take_Take_Type.C_Take x0 ([#"../16_take.rs" 55 12 55 23] C16Take_Take_Type.take_n ( * self) - ([#"../16_take.rs" 55 22 55 23] [#"../16_take.rs" 55 22 55 23] (1 : usize)))) }; - _5 <- Borrow.borrow_mut (C16Take_Take_Type.take_iter ( * self)); - self <- { self with current = (let C16Take_Take_Type.C_Take x0 x1 = * self in C16Take_Take_Type.C_Take ( ^ _5) x1) }; + [#"../16_take.rs" 55 12 55 23] self <- { self with current = (let C16Take_Take_Type.C_Take x0 x1 = * self in C16Take_Take_Type.C_Take x0 ([#"../16_take.rs" 55 12 55 23] C16Take_Take_Type.take_n ( * self) - ([#"../16_take.rs" 55 22 55 23] [#"../16_take.rs" 55 22 55 23] (1 : usize)))) }; + [#"../16_take.rs" 56 12 56 28] _5 <- Borrow.borrow_mut (C16Take_Take_Type.take_iter ( * self)); + [#"../16_take.rs" 56 12 56 28] self <- { self with current = (let C16Take_Take_Type.C_Take x0 x1 = * self in C16Take_Take_Type.C_Take ( ^ _5) x1) }; assume { inv1 ( ^ _5) }; - _0 <- ([#"../16_take.rs" 56 12 56 28] next0 _5); + [#"../16_take.rs" 56 12 56 28] _0 <- ([#"../16_take.rs" 56 12 56 28] next0 _5); _5 <- any borrowed i; goto BB2 } @@ -323,7 +323,7 @@ module C16Take_Impl0_Next BB3 { assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _0 <- ([#"../16_take.rs" 58 12 58 16] Core_Option_Option_Type.C_None); + [#"../16_take.rs" 58 12 58 16] _0 <- ([#"../16_take.rs" 58 12 58 16] Core_Option_Option_Type.C_None); goto BB4 } BB4 { @@ -343,7 +343,7 @@ module C16Take_Impl0 val inv3 (_x : Seq.seq item0) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../16_take.rs" 1 0 1 0] forall x : Seq.seq item0 . inv3 x = true + axiom inv3 : forall x : Seq.seq item0 . inv3 x = true use C16Take_Take_Type as C16Take_Take_Type predicate invariant2 (self : C16Take_Take_Type.t_take i) val invariant2 (self : C16Take_Take_Type.t_take i) : bool @@ -353,7 +353,7 @@ module C16Take_Impl0 val inv2 (_x : C16Take_Take_Type.t_take i) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../16_take.rs" 1 0 1 0] forall x : C16Take_Take_Type.t_take i . inv2 x = true + axiom inv2 : forall x : C16Take_Take_Type.t_take i . inv2 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant1 (self : Core_Option_Option_Type.t_option item0) val invariant1 (self : Core_Option_Option_Type.t_option item0) : bool @@ -363,7 +363,7 @@ module C16Take_Impl0 val inv1 (_x : Core_Option_Option_Type.t_option item0) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../16_take.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option item0 . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option item0 . inv1 x = true use prelude.Borrow predicate invariant0 (self : borrowed (C16Take_Take_Type.t_take i)) val invariant0 (self : borrowed (C16Take_Take_Type.t_take i)) : bool @@ -373,7 +373,7 @@ module C16Take_Impl0 val inv0 (_x : borrowed (C16Take_Take_Type.t_take i)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../16_take.rs" 1 0 1 0] forall x : borrowed (C16Take_Take_Type.t_take i) . inv0 x = true + axiom inv0 : forall x : borrowed (C16Take_Take_Type.t_take i) . inv0 x = true use seq.Seq use seq.Seq use seq.Seq diff --git a/creusot/tests/should_succeed/knapsack.mlcfg b/creusot/tests/should_succeed/knapsack.mlcfg index 2ae4c81910..5b6fe5dc4b 100644 --- a/creusot/tests/should_succeed/knapsack.mlcfg +++ b/creusot/tests/should_succeed/knapsack.mlcfg @@ -16,17 +16,17 @@ module Knapsack_Max goto BB0 } BB0 { - switch ([#"../knapsack.rs" 16 7 16 12] a < b) + switch ([#"../knapsack.rs" 16 7 16 12] ([#"../knapsack.rs" 16 7 16 8] a) < ([#"../knapsack.rs" 16 11 16 12] b)) | False -> goto BB2 | True -> goto BB1 end } BB1 { - _0 <- b; + [#"../knapsack.rs" 17 8 17 9] _0 <- ([#"../knapsack.rs" 17 8 17 9] b); goto BB3 } BB2 { - _0 <- a; + [#"../knapsack.rs" 19 8 19 9] _0 <- ([#"../knapsack.rs" 19 8 19 9] a); goto BB3 } BB3 { @@ -61,7 +61,7 @@ module Knapsack_M_Impl val inv0 (_x : Seq.seq (Knapsack_Item_Type.t_item name)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../knapsack.rs" 1 0 1 0] forall x : Seq.seq (Knapsack_Item_Type.t_item name) . inv0 x = true + axiom inv0 : forall x : Seq.seq (Knapsack_Item_Type.t_item name) . inv0 x = true use int.MinMax use prelude.UIntSize use seq.Seq @@ -136,7 +136,7 @@ module Knapsack_Knapsack01Dyn val inv17 (_x : Seq.seq (Knapsack_Item_Type.t_item name)) : bool ensures { result = inv17 _x } - axiom inv17 : [#"../knapsack.rs" 1 0 1 0] forall x : Seq.seq (Knapsack_Item_Type.t_item name) . inv17 x = true + axiom inv17 : forall x : Seq.seq (Knapsack_Item_Type.t_item name) . inv17 x = true predicate inv8 (_x : Seq.seq (Knapsack_Item_Type.t_item name)) val inv8 (_x : Seq.seq (Knapsack_Item_Type.t_item name)) : bool ensures { result = inv8 _x } @@ -167,7 +167,7 @@ module Knapsack_Knapsack01Dyn val invariant16 (self : Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant16 self } - axiom inv16 : [#"../knapsack.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global) . inv16 x = true + axiom inv16 : forall x : Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global) . inv16 x = true use prelude.Borrow predicate invariant15 (self : borrowed usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -178,7 +178,7 @@ module Knapsack_Knapsack01Dyn val inv15 (_x : borrowed usize) : bool ensures { result = inv15 _x } - axiom inv15 : [#"../knapsack.rs" 1 0 1 0] forall x : borrowed usize . inv15 x = true + axiom inv15 : forall x : borrowed usize . inv15 x = true predicate invariant14 (self : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant14 (self : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool @@ -188,7 +188,7 @@ module Knapsack_Knapsack01Dyn val inv14 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv14 _x } - axiom inv14 : [#"../knapsack.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv14 x = true + axiom inv14 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv14 x = true predicate invariant13 (self : borrowed (Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global))) = @@ -201,7 +201,7 @@ module Knapsack_Knapsack01Dyn val inv13 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv13 _x } - axiom inv13 : [#"../knapsack.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) . inv13 x = true + axiom inv13 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) . inv13 x = true predicate invariant12 (self : borrowed (Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global))) val invariant12 (self : borrowed (Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global))) : bool @@ -212,7 +212,7 @@ module Knapsack_Knapsack01Dyn val inv12 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv12 _x } - axiom inv12 : [#"../knapsack.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)) . inv12 x = true + axiom inv12 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)) . inv12 x = true predicate invariant11 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant11 (self : usize) : bool @@ -222,7 +222,7 @@ module Knapsack_Knapsack01Dyn val inv11 (_x : usize) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../knapsack.rs" 1 0 1 0] forall x : usize . inv11 x = true + axiom inv11 : forall x : usize . inv11 x = true predicate invariant10 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant10 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool @@ -232,7 +232,7 @@ module Knapsack_Knapsack01Dyn val inv10 (_x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../knapsack.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv10 x = true + axiom inv10 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv10 x = true predicate invariant9 (self : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) = @@ -245,12 +245,12 @@ module Knapsack_Knapsack01Dyn val inv9 (_x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../knapsack.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global) . inv9 x = true + axiom inv9 : forall x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global) . inv9 x = true predicate invariant8 (self : Seq.seq (Knapsack_Item_Type.t_item name)) val invariant8 (self : Seq.seq (Knapsack_Item_Type.t_item name)) : bool ensures { result = invariant8 self } - axiom inv8 : [#"../knapsack.rs" 1 0 1 0] forall x : Seq.seq (Knapsack_Item_Type.t_item name) . inv8 x = true + axiom inv8 : forall x : Seq.seq (Knapsack_Item_Type.t_item name) . inv8 x = true predicate invariant7 (self : Seq.seq usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant7 (self : Seq.seq usize) : bool @@ -260,7 +260,7 @@ module Knapsack_Knapsack01Dyn val inv7 (_x : Seq.seq usize) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../knapsack.rs" 1 0 1 0] forall x : Seq.seq usize . inv7 x = true + axiom inv7 : forall x : Seq.seq usize . inv7 x = true predicate invariant6 (self : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant6 (self : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool @@ -270,7 +270,7 @@ module Knapsack_Knapsack01Dyn val inv6 (_x : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../knapsack.rs" 1 0 1 0] forall x : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv6 x = true + axiom inv6 : forall x : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv6 x = true use seq.Seq predicate inv5 (_x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) @@ -291,7 +291,7 @@ module Knapsack_Knapsack01Dyn val invariant5 (self : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant5 self } - axiom inv5 : [#"../knapsack.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global) . inv5 x = true + axiom inv5 : forall x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global) . inv5 x = true use seq.Seq predicate inv4 (_x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) val inv4 (_x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool @@ -308,7 +308,7 @@ module Knapsack_Knapsack01Dyn val invariant4 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant4 self } - axiom inv4 : [#"../knapsack.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv4 x = true + axiom inv4 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv4 x = true predicate invariant3 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : usize) : bool @@ -318,7 +318,7 @@ module Knapsack_Knapsack01Dyn val inv3 (_x : usize) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../knapsack.rs" 1 0 1 0] forall x : usize . inv3 x = true + axiom inv3 : forall x : usize . inv3 x = true use seq.Seq predicate inv2 (_x : Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)) val inv2 (_x : Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)) : bool @@ -338,7 +338,7 @@ module Knapsack_Knapsack01Dyn val invariant2 (self : Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../knapsack.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global) . inv2 x = true + axiom inv2 : forall x : Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global) . inv2 x = true predicate invariant1 (self : Knapsack_Item_Type.t_item name) val invariant1 (self : Knapsack_Item_Type.t_item name) : bool ensures { result = invariant1 self } @@ -347,7 +347,7 @@ module Knapsack_Knapsack01Dyn val inv1 (_x : Knapsack_Item_Type.t_item name) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../knapsack.rs" 1 0 1 0] forall x : Knapsack_Item_Type.t_item name . inv1 x = true + axiom inv1 : forall x : Knapsack_Item_Type.t_item name . inv1 x = true predicate invariant0 (self : Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)) val invariant0 (self : Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)) : bool @@ -357,7 +357,7 @@ module Knapsack_Knapsack01Dyn val inv0 (_x : Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../knapsack.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use seq.Seq function index_logic2 [@inline:trivial] (self : Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)) (ix : int) : Knapsack_Item_Type.t_item name @@ -644,21 +644,21 @@ module Knapsack_Knapsack01Dyn goto BB0 } BB0 { - _7 <- ([#"../knapsack.rs" 49 30 49 53] from_elem0 ([#"../knapsack.rs" 49 35 49 36] [#"../knapsack.rs" 49 35 49 36] (0 : usize)) ([#"../knapsack.rs" 49 38 49 52] max_weight + ([#"../knapsack.rs" 49 51 49 52] [#"../knapsack.rs" 49 51 49 52] (1 : usize)))); + [#"../../../../creusot-contracts/src/lib.rs" 250 8 250 40] _7 <- ([#"../knapsack.rs" 49 30 49 53] from_elem0 ([#"../knapsack.rs" 49 35 49 36] [#"../knapsack.rs" 49 35 49 36] (0 : usize)) ([#"../knapsack.rs" 49 38 49 52] ([#"../knapsack.rs" 49 38 49 48] max_weight) + ([#"../knapsack.rs" 49 51 49 52] [#"../knapsack.rs" 49 51 49 52] (1 : usize)))); goto BB1 } BB1 { - _11 <- ([#"../knapsack.rs" 49 55 49 66] len0 ([#"../knapsack.rs" 49 55 49 66] items)); + [#"../knapsack.rs" 49 55 49 66] _11 <- ([#"../knapsack.rs" 49 55 49 66] len0 ([#"../knapsack.rs" 49 55 49 66] items)); goto BB2 } BB2 { - best_value <- ([#"../knapsack.rs" 49 25 49 71] from_elem1 _7 ([#"../knapsack.rs" 49 55 49 70] _11 + ([#"../knapsack.rs" 49 69 49 70] [#"../knapsack.rs" 49 69 49 70] (1 : usize)))); + [#"../../../../creusot-contracts/src/lib.rs" 250 8 250 40] best_value <- ([#"../knapsack.rs" 49 25 49 71] from_elem1 _7 ([#"../knapsack.rs" 49 55 49 70] _11 + ([#"../knapsack.rs" 49 69 49 70] [#"../knapsack.rs" 49 69 49 70] (1 : usize)))); _7 <- any Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global); _11 <- any usize; goto BB3 } BB3 { - i <- ([#"../knapsack.rs" 50 16 50 17] [#"../knapsack.rs" 50 16 50 17] (0 : usize)); + [#"../knapsack.rs" 50 16 50 17] i <- ([#"../knapsack.rs" 50 16 50 17] [#"../knapsack.rs" 50 16 50 17] (0 : usize)); goto BB4 } BB4 { @@ -681,24 +681,24 @@ module Knapsack_Knapsack01Dyn goto BB9 } BB9 { - _22 <- ([#"../knapsack.rs" 59 14 59 25] len0 ([#"../knapsack.rs" 59 14 59 25] items)); + [#"../knapsack.rs" 59 14 59 25] _22 <- ([#"../knapsack.rs" 59 14 59 25] len0 ([#"../knapsack.rs" 59 14 59 25] items)); goto BB10 } BB10 { - switch ([#"../knapsack.rs" 59 10 59 25] i < _22) + switch ([#"../knapsack.rs" 59 10 59 25] ([#"../knapsack.rs" 59 10 59 11] i) < _22) | False -> goto BB34 | True -> goto BB11 end } BB11 { - _25 <- ([#"../knapsack.rs" 60 18 60 26] index0 ([#"../knapsack.rs" 60 18 60 23] items) i); + [#"../knapsack.rs" 60 18 60 26] _25 <- ([#"../knapsack.rs" 60 18 60 26] index0 ([#"../knapsack.rs" 60 18 60 23] items) ([#"../knapsack.rs" 60 24 60 25] i)); goto BB12 } BB12 { - it <- ([#"../knapsack.rs" 60 17 60 26] _25); + [#"../knapsack.rs" 60 17 60 26] it <- ([#"../knapsack.rs" 60 17 60 26] _25); assert { [@expl:type invariant] inv1 _25 }; assume { resolve2 _25 }; - w <- ([#"../knapsack.rs" 64 20 64 21] [#"../knapsack.rs" 64 20 64 21] (0 : usize)); + [#"../knapsack.rs" 64 20 64 21] w <- ([#"../knapsack.rs" 64 20 64 21] [#"../knapsack.rs" 64 20 64 21] (0 : usize)); goto BB13 } BB13 { @@ -725,94 +725,94 @@ module Knapsack_Knapsack01Dyn goto BB19 } BB19 { - switch ([#"../knapsack.rs" 76 14 76 29] w <= max_weight) + switch ([#"../knapsack.rs" 76 14 76 29] ([#"../knapsack.rs" 76 14 76 15] w) <= ([#"../knapsack.rs" 76 19 76 29] max_weight)) | False -> goto BB33 | True -> goto BB20 end } BB20 { - switch ([#"../knapsack.rs" 77 38 77 51] Knapsack_Item_Type.item_weight it > w) + switch ([#"../knapsack.rs" 77 38 77 51] ([#"../knapsack.rs" 77 38 77 47] Knapsack_Item_Type.item_weight it) > ([#"../knapsack.rs" 77 50 77 51] w)) | False -> goto BB24 | True -> goto BB21 end } BB21 { - _44 <- ([#"../knapsack.rs" 78 16 78 29] index1 ([#"../knapsack.rs" 78 16 78 26] best_value) i); + [#"../knapsack.rs" 78 16 78 29] _44 <- ([#"../knapsack.rs" 78 16 78 29] index1 ([#"../knapsack.rs" 78 16 78 26] best_value) ([#"../knapsack.rs" 78 27 78 28] i)); goto BB22 } BB22 { - _42 <- ([#"../knapsack.rs" 78 16 78 32] index2 ([#"../knapsack.rs" 78 16 78 29] _44) w); + [#"../knapsack.rs" 78 16 78 32] _42 <- ([#"../knapsack.rs" 78 16 78 32] index2 ([#"../knapsack.rs" 78 16 78 29] _44) ([#"../knapsack.rs" 78 30 78 31] w)); goto BB23 } BB23 { - _38 <- _42; + [#"../knapsack.rs" 78 16 78 32] _38 <- ([#"../knapsack.rs" 78 16 78 32] _42); goto BB30 } BB24 { - _51 <- ([#"../knapsack.rs" 80 20 80 33] index1 ([#"../knapsack.rs" 80 20 80 30] best_value) i); + [#"../knapsack.rs" 80 20 80 33] _51 <- ([#"../knapsack.rs" 80 20 80 33] index1 ([#"../knapsack.rs" 80 20 80 30] best_value) ([#"../knapsack.rs" 80 31 80 32] i)); goto BB25 } BB25 { - _49 <- ([#"../knapsack.rs" 80 20 80 36] index2 ([#"../knapsack.rs" 80 20 80 33] _51) w); + [#"../knapsack.rs" 80 20 80 36] _49 <- ([#"../knapsack.rs" 80 20 80 36] index2 ([#"../knapsack.rs" 80 20 80 33] _51) ([#"../knapsack.rs" 80 34 80 35] w)); goto BB26 } BB26 { - _59 <- ([#"../knapsack.rs" 80 38 80 51] index1 ([#"../knapsack.rs" 80 38 80 48] best_value) i); + [#"../knapsack.rs" 80 38 80 51] _59 <- ([#"../knapsack.rs" 80 38 80 51] index1 ([#"../knapsack.rs" 80 38 80 48] best_value) ([#"../knapsack.rs" 80 49 80 50] i)); goto BB27 } BB27 { - _57 <- ([#"../knapsack.rs" 80 38 80 66] index2 ([#"../knapsack.rs" 80 38 80 51] _59) ([#"../knapsack.rs" 80 52 80 65] w - Knapsack_Item_Type.item_weight it)); + [#"../knapsack.rs" 80 38 80 66] _57 <- ([#"../knapsack.rs" 80 38 80 66] index2 ([#"../knapsack.rs" 80 38 80 51] _59) ([#"../knapsack.rs" 80 52 80 65] ([#"../knapsack.rs" 80 52 80 53] w) - ([#"../knapsack.rs" 80 56 80 65] Knapsack_Item_Type.item_weight it))); goto BB28 } BB28 { - _38 <- ([#"../knapsack.rs" 80 16 80 78] max0 _49 ([#"../knapsack.rs" 80 38 80 77] _57 + Knapsack_Item_Type.item_value it)); + [#"../knapsack.rs" 80 16 80 78] _38 <- ([#"../knapsack.rs" 80 16 80 78] max0 ([#"../knapsack.rs" 80 20 80 36] _49) ([#"../knapsack.rs" 80 38 80 77] ([#"../knapsack.rs" 80 38 80 66] _57) + ([#"../knapsack.rs" 80 69 80 77] Knapsack_Item_Type.item_value it))); goto BB29 } BB29 { goto BB30 } BB30 { - _69 <- Borrow.borrow_mut best_value; - best_value <- ^ _69; - _68 <- ([#"../knapsack.rs" 77 12 77 29] index_mut0 _69 ([#"../knapsack.rs" 77 23 77 28] i + ([#"../knapsack.rs" 77 27 77 28] [#"../knapsack.rs" 77 27 77 28] (1 : usize)))); + [#"../knapsack.rs" 77 12 77 22] _69 <- Borrow.borrow_mut best_value; + [#"../knapsack.rs" 77 12 77 22] best_value <- ^ _69; + [#"../knapsack.rs" 77 12 77 29] _68 <- ([#"../knapsack.rs" 77 12 77 29] index_mut0 _69 ([#"../knapsack.rs" 77 23 77 28] ([#"../knapsack.rs" 77 23 77 24] i) + ([#"../knapsack.rs" 77 27 77 28] [#"../knapsack.rs" 77 27 77 28] (1 : usize)))); _69 <- any borrowed (Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)); goto BB31 } BB31 { - _67 <- Borrow.borrow_mut ( * _68); - _68 <- { _68 with current = ^ _67 }; - _66 <- ([#"../knapsack.rs" 77 12 77 32] index_mut1 _67 w); + [#"../knapsack.rs" 77 12 77 29] _67 <- Borrow.borrow_mut ( * _68); + [#"../knapsack.rs" 77 12 77 29] _68 <- { _68 with current = ^ _67 }; + [#"../knapsack.rs" 77 12 77 32] _66 <- ([#"../knapsack.rs" 77 12 77 32] index_mut1 _67 ([#"../knapsack.rs" 77 30 77 31] w)); _67 <- any borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)); goto BB32 } BB32 { - _66 <- { _66 with current = _38 }; - _38 <- any usize; + [#"../knapsack.rs" 77 12 81 13] _66 <- { _66 with current = ([#"../knapsack.rs" 77 12 81 13] _38) }; + [#"../knapsack.rs" 77 12 81 13] _38 <- any usize; assume { resolve3 _66 }; assume { resolve4 _68 }; - w <- ([#"../knapsack.rs" 82 12 82 18] w + ([#"../knapsack.rs" 82 17 82 18] [#"../knapsack.rs" 82 17 82 18] (1 : usize))); - _19 <- ([#"../knapsack.rs" 82 12 82 18] ()); + [#"../knapsack.rs" 82 12 82 18] w <- ([#"../knapsack.rs" 82 12 82 18] w + ([#"../knapsack.rs" 82 17 82 18] [#"../knapsack.rs" 82 17 82 18] (1 : usize))); + [#"../knapsack.rs" 82 12 82 18] _19 <- ([#"../knapsack.rs" 82 12 82 18] ()); goto BB18 } BB33 { assert { [@expl:type invariant] inv1 it }; assume { resolve2 it }; - i <- ([#"../knapsack.rs" 84 8 84 14] i + ([#"../knapsack.rs" 84 13 84 14] [#"../knapsack.rs" 84 13 84 14] (1 : usize))); - _19 <- ([#"../knapsack.rs" 84 8 84 14] ()); + [#"../knapsack.rs" 84 8 84 14] i <- ([#"../knapsack.rs" 84 8 84 14] i + ([#"../knapsack.rs" 84 13 84 14] [#"../knapsack.rs" 84 13 84 14] (1 : usize))); + [#"../knapsack.rs" 84 8 84 14] _19 <- ([#"../knapsack.rs" 84 8 84 14] ()); goto BB8 } BB34 { - _80 <- ([#"../knapsack.rs" 87 40 87 51] len0 ([#"../knapsack.rs" 87 40 87 51] items)); + [#"../knapsack.rs" 87 40 87 51] _80 <- ([#"../knapsack.rs" 87 40 87 51] len0 ([#"../knapsack.rs" 87 40 87 51] items)); goto BB35 } BB35 { - result <- ([#"../knapsack.rs" 87 21 87 52] with_capacity0 _80); + [#"../knapsack.rs" 87 21 87 52] result <- ([#"../knapsack.rs" 87 21 87 52] with_capacity0 _80); _80 <- any usize; goto BB36 } BB36 { - left_weight <- max_weight; - j <- ([#"../knapsack.rs" 90 16 90 27] len0 ([#"../knapsack.rs" 90 16 90 27] items)); + [#"../knapsack.rs" 88 26 88 36] left_weight <- ([#"../knapsack.rs" 88 26 88 36] max_weight); + [#"../knapsack.rs" 90 16 90 27] j <- ([#"../knapsack.rs" 90 16 90 27] len0 ([#"../knapsack.rs" 90 16 90 27] items)); goto BB37 } BB37 { @@ -824,60 +824,60 @@ module Knapsack_Knapsack01Dyn goto BB39 } BB39 { - switch ([#"../knapsack.rs" 93 10 93 15] ([#"../knapsack.rs" 93 10 93 11] [#"../knapsack.rs" 93 10 93 11] (0 : usize)) < j) + switch ([#"../knapsack.rs" 93 10 93 15] ([#"../knapsack.rs" 93 10 93 11] [#"../knapsack.rs" 93 10 93 11] (0 : usize)) < ([#"../knapsack.rs" 93 14 93 15] j)) | False -> goto BB50 | True -> goto BB40 end } BB40 { - j <- ([#"../knapsack.rs" 94 8 94 14] j - ([#"../knapsack.rs" 94 13 94 14] [#"../knapsack.rs" 94 13 94 14] (1 : usize))); - _91 <- ([#"../knapsack.rs" 95 18 95 26] index0 ([#"../knapsack.rs" 95 18 95 23] items) j); + [#"../knapsack.rs" 94 8 94 14] j <- ([#"../knapsack.rs" 94 8 94 14] j - ([#"../knapsack.rs" 94 13 94 14] [#"../knapsack.rs" 94 13 94 14] (1 : usize))); + [#"../knapsack.rs" 95 18 95 26] _91 <- ([#"../knapsack.rs" 95 18 95 26] index0 ([#"../knapsack.rs" 95 18 95 23] items) ([#"../knapsack.rs" 95 24 95 25] j)); goto BB41 } BB41 { - it1 <- ([#"../knapsack.rs" 95 17 95 26] _91); + [#"../knapsack.rs" 95 17 95 26] it1 <- ([#"../knapsack.rs" 95 17 95 26] _91); assert { [@expl:type invariant] inv1 _91 }; assume { resolve2 _91 }; - _98 <- ([#"../knapsack.rs" 96 11 96 28] index1 ([#"../knapsack.rs" 96 11 96 21] best_value) ([#"../knapsack.rs" 96 22 96 27] j + ([#"../knapsack.rs" 96 26 96 27] [#"../knapsack.rs" 96 26 96 27] (1 : usize)))); + [#"../knapsack.rs" 96 11 96 28] _98 <- ([#"../knapsack.rs" 96 11 96 28] index1 ([#"../knapsack.rs" 96 11 96 21] best_value) ([#"../knapsack.rs" 96 22 96 27] ([#"../knapsack.rs" 96 22 96 23] j) + ([#"../knapsack.rs" 96 26 96 27] [#"../knapsack.rs" 96 26 96 27] (1 : usize)))); goto BB42 } BB42 { - _96 <- ([#"../knapsack.rs" 96 11 96 41] index2 ([#"../knapsack.rs" 96 11 96 28] _98) left_weight); + [#"../knapsack.rs" 96 11 96 41] _96 <- ([#"../knapsack.rs" 96 11 96 41] index2 ([#"../knapsack.rs" 96 11 96 28] _98) ([#"../knapsack.rs" 96 29 96 40] left_weight)); goto BB43 } BB43 { - _106 <- ([#"../knapsack.rs" 96 45 96 58] index1 ([#"../knapsack.rs" 96 45 96 55] best_value) j); + [#"../knapsack.rs" 96 45 96 58] _106 <- ([#"../knapsack.rs" 96 45 96 58] index1 ([#"../knapsack.rs" 96 45 96 55] best_value) ([#"../knapsack.rs" 96 56 96 57] j)); goto BB44 } BB44 { - _104 <- ([#"../knapsack.rs" 96 45 96 71] index2 ([#"../knapsack.rs" 96 45 96 58] _106) left_weight); + [#"../knapsack.rs" 96 45 96 71] _104 <- ([#"../knapsack.rs" 96 45 96 71] index2 ([#"../knapsack.rs" 96 45 96 58] _106) ([#"../knapsack.rs" 96 59 96 70] left_weight)); goto BB45 } BB45 { - switch ([#"../knapsack.rs" 96 11 96 71] _96 <> _104) + switch ([#"../knapsack.rs" 96 11 96 71] ([#"../knapsack.rs" 96 11 96 41] _96) <> ([#"../knapsack.rs" 96 45 96 71] _104)) | False -> goto BB48 | True -> goto BB46 end } BB46 { - _111 <- Borrow.borrow_mut result; - result <- ^ _111; + [#"../knapsack.rs" 97 12 97 27] _111 <- Borrow.borrow_mut result; + [#"../knapsack.rs" 97 12 97 27] result <- ^ _111; assume { inv2 ( ^ _111) }; - _110 <- ([#"../knapsack.rs" 97 12 97 27] push0 _111 it1); + [#"../knapsack.rs" 97 12 97 27] _110 <- ([#"../knapsack.rs" 97 12 97 27] push0 _111 ([#"../knapsack.rs" 97 24 97 26] it1)); _111 <- any borrowed (Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)); goto BB47 } BB47 { assert { [@expl:type invariant] inv1 it1 }; assume { resolve2 it1 }; - left_weight <- ([#"../knapsack.rs" 98 12 98 36] left_weight - Knapsack_Item_Type.item_weight it1); - _19 <- ([#"../knapsack.rs" 96 72 99 9] ()); + [#"../knapsack.rs" 98 12 98 36] left_weight <- ([#"../knapsack.rs" 98 12 98 36] left_weight - ([#"../knapsack.rs" 98 27 98 36] Knapsack_Item_Type.item_weight it1)); + [#"../knapsack.rs" 96 72 99 9] _19 <- ([#"../knapsack.rs" 96 72 99 9] ()); goto BB49 } BB48 { assert { [@expl:type invariant] inv1 it1 }; assume { resolve2 it1 }; - _19 <- ([#"../knapsack.rs" 99 9 99 9] ()); + [#"../knapsack.rs" 99 9 99 9] _19 <- ([#"../knapsack.rs" 99 9 99 9] ()); goto BB49 } BB49 { @@ -887,8 +887,8 @@ module Knapsack_Knapsack01Dyn assume { resolve0 best_value }; assert { [@expl:type invariant] inv0 items }; assume { resolve1 items }; - _0 <- result; - result <- any Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global); + [#"../knapsack.rs" 102 4 102 10] _0 <- ([#"../knapsack.rs" 102 4 102 10] result); + [#"../knapsack.rs" 102 4 102 10] result <- any Alloc_Vec_Vec_Type.t_vec (Knapsack_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global); goto BB51 } BB51 { diff --git a/creusot/tests/should_succeed/knapsack_full.mlcfg b/creusot/tests/should_succeed/knapsack_full.mlcfg index 09a6ddbe90..c2237d0fc7 100644 --- a/creusot/tests/should_succeed/knapsack_full.mlcfg +++ b/creusot/tests/should_succeed/knapsack_full.mlcfg @@ -15,17 +15,17 @@ module KnapsackFull_Max goto BB0 } BB0 { - switch ([#"../knapsack_full.rs" 16 7 16 12] a < b) + switch ([#"../knapsack_full.rs" 16 7 16 12] ([#"../knapsack_full.rs" 16 7 16 8] a) < ([#"../knapsack_full.rs" 16 11 16 12] b)) | False -> goto BB2 | True -> goto BB1 end } BB1 { - _0 <- b; + [#"../knapsack_full.rs" 17 8 17 9] _0 <- ([#"../knapsack_full.rs" 17 8 17 9] b); goto BB3 } BB2 { - _0 <- a; + [#"../knapsack_full.rs" 19 8 19 9] _0 <- ([#"../knapsack_full.rs" 19 8 19 9] a); goto BB3 } BB3 { @@ -60,7 +60,7 @@ module KnapsackFull_SumWeights_Impl val inv0 (_x : Seq.seq (KnapsackFull_Item_Type.t_item name)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../knapsack_full.rs" 1 0 1 0] forall x : Seq.seq (KnapsackFull_Item_Type.t_item name) . inv0 x = true + axiom inv0 : forall x : Seq.seq (KnapsackFull_Item_Type.t_item name) . inv0 x = true use prelude.UIntSize use seq.Seq use prelude.Borrow @@ -132,7 +132,7 @@ module KnapsackFull_M_Impl val inv1 (_x : Seq.seq (KnapsackFull_Item_Type.t_item name)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../knapsack_full.rs" 1 0 1 0] forall x : Seq.seq (KnapsackFull_Item_Type.t_item name) . inv1 x = true + axiom inv1 : forall x : Seq.seq (KnapsackFull_Item_Type.t_item name) . inv1 x = true predicate invariant0 (self : Seq.seq (KnapsackFull_Item_Type.t_item name)) val invariant0 (self : Seq.seq (KnapsackFull_Item_Type.t_item name)) : bool ensures { result = invariant0 self } @@ -141,7 +141,7 @@ module KnapsackFull_M_Impl val inv0 (_x : Seq.seq (KnapsackFull_Item_Type.t_item name)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../knapsack_full.rs" 1 0 1 0] forall x : Seq.seq (KnapsackFull_Item_Type.t_item name) . inv0 x = true + axiom inv0 : forall x : Seq.seq (KnapsackFull_Item_Type.t_item name) . inv0 x = true use int.MinMax use prelude.UIntSize use seq.Seq @@ -315,7 +315,7 @@ module KnapsackFull_Knapsack01Dyn val invariant22 (self : Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant22 self } - axiom inv22 : [#"../knapsack_full.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global) . inv22 x = true + axiom inv22 : forall x : Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global) . inv22 x = true use prelude.Borrow predicate invariant21 (self : borrowed (Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global))) @@ -327,7 +327,7 @@ module KnapsackFull_Knapsack01Dyn val inv21 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv21 _x } - axiom inv21 : [#"../knapsack_full.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)) . inv21 x = true + axiom inv21 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)) . inv21 x = true predicate invariant20 (self : borrowed usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant20 (self : borrowed usize) : bool @@ -337,7 +337,7 @@ module KnapsackFull_Knapsack01Dyn val inv20 (_x : borrowed usize) : bool ensures { result = inv20 _x } - axiom inv20 : [#"../knapsack_full.rs" 1 0 1 0] forall x : borrowed usize . inv20 x = true + axiom inv20 : forall x : borrowed usize . inv20 x = true predicate invariant19 (self : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant19 (self : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool @@ -347,7 +347,7 @@ module KnapsackFull_Knapsack01Dyn val inv19 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv19 _x } - axiom inv19 : [#"../knapsack_full.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv19 x = true + axiom inv19 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv19 x = true predicate invariant18 (self : borrowed (Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global))) = @@ -360,7 +360,7 @@ module KnapsackFull_Knapsack01Dyn val inv18 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv18 _x } - axiom inv18 : [#"../knapsack_full.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) . inv18 x = true + axiom inv18 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) . inv18 x = true predicate invariant17 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant17 (self : usize) : bool @@ -370,7 +370,7 @@ module KnapsackFull_Knapsack01Dyn val inv17 (_x : usize) : bool ensures { result = inv17 _x } - axiom inv17 : [#"../knapsack_full.rs" 1 0 1 0] forall x : usize . inv17 x = true + axiom inv17 : forall x : usize . inv17 x = true predicate invariant16 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant16 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool @@ -380,7 +380,7 @@ module KnapsackFull_Knapsack01Dyn val inv16 (_x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv16 _x } - axiom inv16 : [#"../knapsack_full.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv16 x = true + axiom inv16 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv16 x = true predicate invariant15 (self : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) = @@ -393,7 +393,7 @@ module KnapsackFull_Knapsack01Dyn val inv15 (_x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv15 _x } - axiom inv15 : [#"../knapsack_full.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global) . inv15 x = true + axiom inv15 : forall x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global) . inv15 x = true use Core_Ops_Range_RangeInclusive_Type as Core_Ops_Range_RangeInclusive_Type predicate invariant14 (self : borrowed (Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -404,7 +404,7 @@ module KnapsackFull_Knapsack01Dyn val inv14 (_x : borrowed (Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize)) : bool ensures { result = inv14 _x } - axiom inv14 : [#"../knapsack_full.rs" 1 0 1 0] forall x : borrowed (Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize) . inv14 x = true + axiom inv14 : forall x : borrowed (Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize) . inv14 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant13 (self : Core_Option_Option_Type.t_option usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -415,7 +415,7 @@ module KnapsackFull_Knapsack01Dyn val inv13 (_x : Core_Option_Option_Type.t_option usize) : bool ensures { result = inv13 _x } - axiom inv13 : [#"../knapsack_full.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option usize . inv13 x = true + axiom inv13 : forall x : Core_Option_Option_Type.t_option usize . inv13 x = true use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type predicate invariant12 (self : borrowed (Core_Ops_Range_Range_Type.t_range usize)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -426,12 +426,12 @@ module KnapsackFull_Knapsack01Dyn val inv12 (_x : borrowed (Core_Ops_Range_Range_Type.t_range usize)) : bool ensures { result = inv12 _x } - axiom inv12 : [#"../knapsack_full.rs" 1 0 1 0] forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv12 x = true + axiom inv12 : forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv12 x = true predicate invariant11 (self : Seq.seq (KnapsackFull_Item_Type.t_item name)) val invariant11 (self : Seq.seq (KnapsackFull_Item_Type.t_item name)) : bool ensures { result = invariant11 self } - axiom inv11 : [#"../knapsack_full.rs" 1 0 1 0] forall x : Seq.seq (KnapsackFull_Item_Type.t_item name) . inv11 x = true + axiom inv11 : forall x : Seq.seq (KnapsackFull_Item_Type.t_item name) . inv11 x = true predicate invariant10 (self : Seq.seq usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant10 (self : Seq.seq usize) : bool @@ -441,7 +441,7 @@ module KnapsackFull_Knapsack01Dyn val inv10 (_x : Seq.seq usize) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../knapsack_full.rs" 1 0 1 0] forall x : Seq.seq usize . inv10 x = true + axiom inv10 : forall x : Seq.seq usize . inv10 x = true predicate invariant9 (self : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant9 (self : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool @@ -451,7 +451,7 @@ module KnapsackFull_Knapsack01Dyn val inv9 (_x : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../knapsack_full.rs" 1 0 1 0] forall x : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv9 x = true + axiom inv9 : forall x : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv9 x = true use seq.Seq predicate inv8 (_x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) @@ -472,7 +472,7 @@ module KnapsackFull_Knapsack01Dyn val invariant8 (self : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant8 self } - axiom inv8 : [#"../knapsack_full.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global) . inv8 x = true + axiom inv8 : forall x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global) . inv8 x = true use seq.Seq predicate inv7 (_x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) val inv7 (_x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool @@ -489,7 +489,7 @@ module KnapsackFull_Knapsack01Dyn val invariant7 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant7 self } - axiom inv7 : [#"../knapsack_full.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv7 x = true + axiom inv7 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv7 x = true predicate invariant6 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant6 (self : usize) : bool @@ -499,7 +499,7 @@ module KnapsackFull_Knapsack01Dyn val inv6 (_x : usize) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../knapsack_full.rs" 1 0 1 0] forall x : usize . inv6 x = true + axiom inv6 : forall x : usize . inv6 x = true predicate inv3 (_x : Seq.seq (KnapsackFull_Item_Type.t_item name)) val inv3 (_x : Seq.seq (KnapsackFull_Item_Type.t_item name)) : bool ensures { result = inv3 _x } @@ -523,7 +523,7 @@ module KnapsackFull_Knapsack01Dyn val invariant5 (self : Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant5 self } - axiom inv5 : [#"../knapsack_full.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global) . inv5 x = true + axiom inv5 : forall x : Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global) . inv5 x = true predicate invariant4 (self : Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)) val invariant4 (self : Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)) : bool @@ -533,12 +533,12 @@ module KnapsackFull_Knapsack01Dyn val inv4 (_x : Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../knapsack_full.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global) . inv4 x = true + axiom inv4 : forall x : Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global) . inv4 x = true predicate invariant3 (self : Seq.seq (KnapsackFull_Item_Type.t_item name)) val invariant3 (self : Seq.seq (KnapsackFull_Item_Type.t_item name)) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../knapsack_full.rs" 1 0 1 0] forall x : Seq.seq (KnapsackFull_Item_Type.t_item name) . inv3 x = true + axiom inv3 : forall x : Seq.seq (KnapsackFull_Item_Type.t_item name) . inv3 x = true use seq.Seq predicate inv2 (_x : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize) val inv2 (_x : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize) : bool @@ -612,7 +612,7 @@ module KnapsackFull_Knapsack01Dyn val invariant2 (self : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../knapsack_full.rs" 1 0 1 0] forall x : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize . inv2 x = true + axiom inv2 : forall x : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize . inv2 x = true predicate invariant1 (self : KnapsackFull_Item_Type.t_item name) val invariant1 (self : KnapsackFull_Item_Type.t_item name) : bool ensures { result = invariant1 self } @@ -621,7 +621,7 @@ module KnapsackFull_Knapsack01Dyn val inv1 (_x : KnapsackFull_Item_Type.t_item name) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../knapsack_full.rs" 1 0 1 0] forall x : KnapsackFull_Item_Type.t_item name . inv1 x = true + axiom inv1 : forall x : KnapsackFull_Item_Type.t_item name . inv1 x = true predicate inv0 (_x : Core_Ops_Range_Range_Type.t_range usize) val inv0 (_x : Core_Ops_Range_Range_Type.t_range usize) : bool ensures { result = inv0 _x } @@ -657,7 +657,7 @@ module KnapsackFull_Knapsack01Dyn val invariant0 (self : Core_Ops_Range_Range_Type.t_range usize) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../knapsack_full.rs" 1 0 1 0] forall x : Core_Ops_Range_Range_Type.t_range usize . inv0 x = true + axiom inv0 : forall x : Core_Ops_Range_Range_Type.t_range usize . inv0 x = true use seq.Seq function index_logic4 [@inline:trivial] (self : Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)) (ix : int) : KnapsackFull_Item_Type.t_item name @@ -1095,34 +1095,34 @@ module KnapsackFull_Knapsack01Dyn goto BB0 } BB0 { - _10 <- ([#"../knapsack_full.rs" 86 30 86 53] from_elem0 ([#"../knapsack_full.rs" 86 35 86 36] [#"../knapsack_full.rs" 86 35 86 36] (0 : usize)) ([#"../knapsack_full.rs" 86 38 86 52] max_weight + ([#"../knapsack_full.rs" 86 51 86 52] [#"../knapsack_full.rs" 86 51 86 52] (1 : usize)))); + [#"../../../../creusot-contracts/src/lib.rs" 250 8 250 40] _10 <- ([#"../knapsack_full.rs" 86 30 86 53] from_elem0 ([#"../knapsack_full.rs" 86 35 86 36] [#"../knapsack_full.rs" 86 35 86 36] (0 : usize)) ([#"../knapsack_full.rs" 86 38 86 52] ([#"../knapsack_full.rs" 86 38 86 48] max_weight) + ([#"../knapsack_full.rs" 86 51 86 52] [#"../knapsack_full.rs" 86 51 86 52] (1 : usize)))); goto BB1 } BB1 { - _14 <- ([#"../knapsack_full.rs" 86 55 86 66] len0 ([#"../knapsack_full.rs" 86 55 86 66] items)); + [#"../knapsack_full.rs" 86 55 86 66] _14 <- ([#"../knapsack_full.rs" 86 55 86 66] len0 ([#"../knapsack_full.rs" 86 55 86 66] items)); goto BB2 } BB2 { - best_value <- ([#"../knapsack_full.rs" 86 25 86 71] from_elem1 _10 ([#"../knapsack_full.rs" 86 55 86 70] _14 + ([#"../knapsack_full.rs" 86 69 86 70] [#"../knapsack_full.rs" 86 69 86 70] (1 : usize)))); + [#"../../../../creusot-contracts/src/lib.rs" 250 8 250 40] best_value <- ([#"../knapsack_full.rs" 86 25 86 71] from_elem1 _10 ([#"../knapsack_full.rs" 86 55 86 70] _14 + ([#"../knapsack_full.rs" 86 69 86 70] [#"../knapsack_full.rs" 86 69 86 70] (1 : usize)))); _10 <- any Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global); _14 <- any usize; goto BB3 } BB3 { - _19 <- ([#"../knapsack_full.rs" 95 16 95 27] len0 ([#"../knapsack_full.rs" 95 16 95 27] items)); + [#"../knapsack_full.rs" 95 16 95 27] _19 <- ([#"../knapsack_full.rs" 95 16 95 27] len0 ([#"../knapsack_full.rs" 95 16 95 27] items)); goto BB4 } BB4 { - iter <- ([#"../knapsack_full.rs" 88 4 88 55] into_iter0 ([#"../knapsack_full.rs" 95 13 95 27] Core_Ops_Range_Range_Type.C_Range ([#"../knapsack_full.rs" 95 13 95 14] [#"../knapsack_full.rs" 95 13 95 14] (0 : usize)) _19)); + [#"../knapsack_full.rs" 88 4 88 55] iter <- ([#"../knapsack_full.rs" 88 4 88 55] into_iter0 ([#"../knapsack_full.rs" 95 13 95 27] Core_Ops_Range_Range_Type.C_Range ([#"../knapsack_full.rs" 95 13 95 14] [#"../knapsack_full.rs" 95 13 95 14] (0 : usize)) _19)); _19 <- any usize; goto BB5 } BB5 { - iter_old <- ([#"../knapsack_full.rs" 88 4 88 55] Ghost.new iter); + [#"../knapsack_full.rs" 88 4 88 55] iter_old <- ([#"../knapsack_full.rs" 88 4 88 55] Ghost.new iter); goto BB6 } BB6 { - produced <- ([#"../knapsack_full.rs" 88 4 88 55] Ghost.new (Seq.empty )); + [#"../knapsack_full.rs" 88 4 88 55] produced <- ([#"../knapsack_full.rs" 88 4 88 55] Ghost.new (Seq.empty )); goto BB7 } BB7 { @@ -1150,11 +1150,11 @@ module KnapsackFull_Knapsack01Dyn goto BB13 } BB13 { - _34 <- Borrow.borrow_mut iter; - iter <- ^ _34; - _33 <- Borrow.borrow_mut ( * _34); - _34 <- { _34 with current = ^ _33 }; - _32 <- ([#"../knapsack_full.rs" 88 4 88 55] next0 _33); + [#"../knapsack_full.rs" 88 4 88 55] _34 <- Borrow.borrow_mut iter; + [#"../knapsack_full.rs" 88 4 88 55] iter <- ^ _34; + [#"../knapsack_full.rs" 88 4 88 55] _33 <- Borrow.borrow_mut ( * _34); + [#"../knapsack_full.rs" 88 4 88 55] _34 <- { _34 with current = ^ _33 }; + [#"../knapsack_full.rs" 88 4 88 55] _32 <- ([#"../knapsack_full.rs" 88 4 88 55] next0 _33); _33 <- any borrowed (Core_Ops_Range_Range_Type.t_range usize); goto BB14 } @@ -1166,45 +1166,46 @@ module KnapsackFull_Knapsack01Dyn end } BB15 { - _104 <- ([#"../knapsack_full.rs" 119 49 119 60] len0 ([#"../knapsack_full.rs" 119 49 119 60] items)); + [#"../knapsack_full.rs" 119 49 119 60] _104 <- ([#"../knapsack_full.rs" 119 49 119 60] len0 ([#"../knapsack_full.rs" 119 49 119 60] items)); goto BB49 } BB16 { goto BB18 } BB17 { + assert { [#"../knapsack_full.rs" 88 4 88 55] false }; absurd } BB18 { - __creusot_proc_iter_elem <- Core_Option_Option_Type.some_0 _32; - _37 <- ([#"../knapsack_full.rs" 88 4 88 55] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); + [#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- ([#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _32); + [#"../knapsack_full.rs" 88 4 88 55] _37 <- ([#"../knapsack_full.rs" 88 4 88 55] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); goto BB19 } BB19 { - produced <- _37; - _37 <- any Ghost.ghost_ty (Seq.seq usize); - i <- __creusot_proc_iter_elem; - _41 <- ([#"../knapsack_full.rs" 96 18 96 26] index0 ([#"../knapsack_full.rs" 96 18 96 23] items) i); + [#"../knapsack_full.rs" 88 4 88 55] produced <- ([#"../knapsack_full.rs" 88 4 88 55] _37); + [#"../knapsack_full.rs" 88 4 88 55] _37 <- any Ghost.ghost_ty (Seq.seq usize); + [#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] i <- ([#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem); + [#"../knapsack_full.rs" 96 18 96 26] _41 <- ([#"../knapsack_full.rs" 96 18 96 26] index0 ([#"../knapsack_full.rs" 96 18 96 23] items) ([#"../knapsack_full.rs" 96 24 96 25] i)); goto BB20 } BB20 { - it <- ([#"../knapsack_full.rs" 96 17 96 26] _41); + [#"../knapsack_full.rs" 96 17 96 26] it <- ([#"../knapsack_full.rs" 96 17 96 26] _41); assert { [@expl:type invariant] inv1 _41 }; assume { resolve1 _41 }; - _45 <- ([#"../knapsack_full.rs" 110 17 110 31] new2 ([#"../knapsack_full.rs" 110 17 110 18] [#"../knapsack_full.rs" 110 17 110 18] (0 : usize)) max_weight); + [#"../knapsack_full.rs" 110 17 110 31] _45 <- ([#"../knapsack_full.rs" 110 17 110 31] new2 ([#"../knapsack_full.rs" 110 17 110 18] [#"../knapsack_full.rs" 110 17 110 18] (0 : usize)) ([#"../knapsack_full.rs" 110 21 110 31] max_weight)); goto BB21 } BB21 { - iter1 <- ([#"../knapsack_full.rs" 98 8 98 59] into_iter1 _45); + [#"../knapsack_full.rs" 98 8 98 59] iter1 <- ([#"../knapsack_full.rs" 98 8 98 59] into_iter1 _45); _45 <- any Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize; goto BB22 } BB22 { - iter_old1 <- ([#"../knapsack_full.rs" 98 8 98 59] Ghost.new iter1); + [#"../knapsack_full.rs" 98 8 98 59] iter_old1 <- ([#"../knapsack_full.rs" 98 8 98 59] Ghost.new iter1); goto BB23 } BB23 { - produced1 <- ([#"../knapsack_full.rs" 98 8 98 59] Ghost.new (Seq.empty )); + [#"../knapsack_full.rs" 98 8 98 59] produced1 <- ([#"../knapsack_full.rs" 98 8 98 59] Ghost.new (Seq.empty )); goto BB24 } BB24 { @@ -1236,11 +1237,11 @@ module KnapsackFull_Knapsack01Dyn goto BB31 } BB31 { - _60 <- Borrow.borrow_mut iter1; - iter1 <- ^ _60; - _59 <- Borrow.borrow_mut ( * _60); - _60 <- { _60 with current = ^ _59 }; - _58 <- ([#"../knapsack_full.rs" 98 8 98 59] next1 _59); + [#"../knapsack_full.rs" 98 8 98 59] _60 <- Borrow.borrow_mut iter1; + [#"../knapsack_full.rs" 98 8 98 59] iter1 <- ^ _60; + [#"../knapsack_full.rs" 98 8 98 59] _59 <- Borrow.borrow_mut ( * _60); + [#"../knapsack_full.rs" 98 8 98 59] _60 <- { _60 with current = ^ _59 }; + [#"../knapsack_full.rs" 98 8 98 59] _58 <- ([#"../knapsack_full.rs" 98 8 98 59] next1 _59); _59 <- any borrowed (Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize); goto BB32 } @@ -1254,91 +1255,91 @@ module KnapsackFull_Knapsack01Dyn BB33 { assert { [@expl:type invariant] inv1 it }; assume { resolve1 it }; - _31 <- ([#"../knapsack_full.rs" 98 8 98 59] ()); + [#"../knapsack_full.rs" 98 8 98 59] _31 <- ([#"../knapsack_full.rs" 98 8 98 59] ()); goto BB12 } BB34 { goto BB35 } BB35 { - __creusot_proc_iter_elem1 <- Core_Option_Option_Type.some_0 _58; - _63 <- ([#"../knapsack_full.rs" 98 8 98 59] Ghost.new (Seq.(++) (Ghost.inner produced1) (Seq.singleton __creusot_proc_iter_elem1))); + [#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem1 <- ([#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _58); + [#"../knapsack_full.rs" 98 8 98 59] _63 <- ([#"../knapsack_full.rs" 98 8 98 59] Ghost.new (Seq.(++) (Ghost.inner produced1) (Seq.singleton __creusot_proc_iter_elem1))); goto BB36 } BB36 { - produced1 <- _63; - _63 <- any Ghost.ghost_ty (Seq.seq usize); - w <- __creusot_proc_iter_elem1; - switch ([#"../knapsack_full.rs" 111 38 111 51] KnapsackFull_Item_Type.item_weight it > w) + [#"../knapsack_full.rs" 98 8 98 59] produced1 <- ([#"../knapsack_full.rs" 98 8 98 59] _63); + [#"../knapsack_full.rs" 98 8 98 59] _63 <- any Ghost.ghost_ty (Seq.seq usize); + [#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] w <- ([#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem1); + switch ([#"../knapsack_full.rs" 111 38 111 51] ([#"../knapsack_full.rs" 111 38 111 47] KnapsackFull_Item_Type.item_weight it) > ([#"../knapsack_full.rs" 111 50 111 51] w)) | False -> goto BB40 | True -> goto BB37 end } BB37 { - _72 <- ([#"../knapsack_full.rs" 112 16 112 29] index1 ([#"../knapsack_full.rs" 112 16 112 26] best_value) i); + [#"../knapsack_full.rs" 112 16 112 29] _72 <- ([#"../knapsack_full.rs" 112 16 112 29] index1 ([#"../knapsack_full.rs" 112 16 112 26] best_value) ([#"../knapsack_full.rs" 112 27 112 28] i)); goto BB38 } BB38 { - _70 <- ([#"../knapsack_full.rs" 112 16 112 32] index2 ([#"../knapsack_full.rs" 112 16 112 29] _72) w); + [#"../knapsack_full.rs" 112 16 112 32] _70 <- ([#"../knapsack_full.rs" 112 16 112 32] index2 ([#"../knapsack_full.rs" 112 16 112 29] _72) ([#"../knapsack_full.rs" 112 30 112 31] w)); goto BB39 } BB39 { - _66 <- _70; + [#"../knapsack_full.rs" 112 16 112 32] _66 <- ([#"../knapsack_full.rs" 112 16 112 32] _70); goto BB46 } BB40 { - _79 <- ([#"../knapsack_full.rs" 114 20 114 33] index1 ([#"../knapsack_full.rs" 114 20 114 30] best_value) i); + [#"../knapsack_full.rs" 114 20 114 33] _79 <- ([#"../knapsack_full.rs" 114 20 114 33] index1 ([#"../knapsack_full.rs" 114 20 114 30] best_value) ([#"../knapsack_full.rs" 114 31 114 32] i)); goto BB41 } BB41 { - _77 <- ([#"../knapsack_full.rs" 114 20 114 36] index2 ([#"../knapsack_full.rs" 114 20 114 33] _79) w); + [#"../knapsack_full.rs" 114 20 114 36] _77 <- ([#"../knapsack_full.rs" 114 20 114 36] index2 ([#"../knapsack_full.rs" 114 20 114 33] _79) ([#"../knapsack_full.rs" 114 34 114 35] w)); goto BB42 } BB42 { - _87 <- ([#"../knapsack_full.rs" 114 38 114 51] index1 ([#"../knapsack_full.rs" 114 38 114 48] best_value) i); + [#"../knapsack_full.rs" 114 38 114 51] _87 <- ([#"../knapsack_full.rs" 114 38 114 51] index1 ([#"../knapsack_full.rs" 114 38 114 48] best_value) ([#"../knapsack_full.rs" 114 49 114 50] i)); goto BB43 } BB43 { - _85 <- ([#"../knapsack_full.rs" 114 38 114 66] index2 ([#"../knapsack_full.rs" 114 38 114 51] _87) ([#"../knapsack_full.rs" 114 52 114 65] w - KnapsackFull_Item_Type.item_weight it)); + [#"../knapsack_full.rs" 114 38 114 66] _85 <- ([#"../knapsack_full.rs" 114 38 114 66] index2 ([#"../knapsack_full.rs" 114 38 114 51] _87) ([#"../knapsack_full.rs" 114 52 114 65] ([#"../knapsack_full.rs" 114 52 114 53] w) - ([#"../knapsack_full.rs" 114 56 114 65] KnapsackFull_Item_Type.item_weight it))); goto BB44 } BB44 { - _66 <- ([#"../knapsack_full.rs" 114 16 114 78] max0 _77 ([#"../knapsack_full.rs" 114 38 114 77] _85 + KnapsackFull_Item_Type.item_value it)); + [#"../knapsack_full.rs" 114 16 114 78] _66 <- ([#"../knapsack_full.rs" 114 16 114 78] max0 ([#"../knapsack_full.rs" 114 20 114 36] _77) ([#"../knapsack_full.rs" 114 38 114 77] ([#"../knapsack_full.rs" 114 38 114 66] _85) + ([#"../knapsack_full.rs" 114 69 114 77] KnapsackFull_Item_Type.item_value it))); goto BB45 } BB45 { goto BB46 } BB46 { - _97 <- Borrow.borrow_mut best_value; - best_value <- ^ _97; - _96 <- ([#"../knapsack_full.rs" 111 12 111 29] index_mut0 _97 ([#"../knapsack_full.rs" 111 23 111 28] i + ([#"../knapsack_full.rs" 111 27 111 28] [#"../knapsack_full.rs" 111 27 111 28] (1 : usize)))); + [#"../knapsack_full.rs" 111 12 111 22] _97 <- Borrow.borrow_mut best_value; + [#"../knapsack_full.rs" 111 12 111 22] best_value <- ^ _97; + [#"../knapsack_full.rs" 111 12 111 29] _96 <- ([#"../knapsack_full.rs" 111 12 111 29] index_mut0 _97 ([#"../knapsack_full.rs" 111 23 111 28] ([#"../knapsack_full.rs" 111 23 111 24] i) + ([#"../knapsack_full.rs" 111 27 111 28] [#"../knapsack_full.rs" 111 27 111 28] (1 : usize)))); _97 <- any borrowed (Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)); goto BB47 } BB47 { - _95 <- Borrow.borrow_mut ( * _96); - _96 <- { _96 with current = ^ _95 }; - _94 <- ([#"../knapsack_full.rs" 111 12 111 32] index_mut1 _95 w); + [#"../knapsack_full.rs" 111 12 111 29] _95 <- Borrow.borrow_mut ( * _96); + [#"../knapsack_full.rs" 111 12 111 29] _96 <- { _96 with current = ^ _95 }; + [#"../knapsack_full.rs" 111 12 111 32] _94 <- ([#"../knapsack_full.rs" 111 12 111 32] index_mut1 _95 ([#"../knapsack_full.rs" 111 30 111 31] w)); _95 <- any borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)); goto BB48 } BB48 { - _94 <- { _94 with current = _66 }; - _66 <- any usize; + [#"../knapsack_full.rs" 111 12 115 13] _94 <- { _94 with current = ([#"../knapsack_full.rs" 111 12 115 13] _66) }; + [#"../knapsack_full.rs" 111 12 115 13] _66 <- any usize; assume { resolve3 _94 }; assume { resolve4 _96 }; - _31 <- ([#"../knapsack_full.rs" 110 32 116 9] ()); + [#"../knapsack_full.rs" 110 32 116 9] _31 <- ([#"../knapsack_full.rs" 110 32 116 9] ()); goto BB30 } BB49 { - result <- ([#"../knapsack_full.rs" 119 30 119 61] with_capacity0 _104); + [#"../knapsack_full.rs" 119 30 119 61] result <- ([#"../knapsack_full.rs" 119 30 119 61] with_capacity0 _104); _104 <- any usize; goto BB50 } BB50 { - left_weight <- max_weight; - j <- ([#"../knapsack_full.rs" 122 16 122 27] len0 ([#"../knapsack_full.rs" 122 16 122 27] items)); + [#"../knapsack_full.rs" 120 26 120 36] left_weight <- ([#"../knapsack_full.rs" 120 26 120 36] max_weight); + [#"../knapsack_full.rs" 122 16 122 27] j <- ([#"../knapsack_full.rs" 122 16 122 27] len0 ([#"../knapsack_full.rs" 122 16 122 27] items)); goto BB51 } BB51 { @@ -1362,60 +1363,60 @@ module KnapsackFull_Knapsack01Dyn goto BB56 } BB56 { - switch ([#"../knapsack_full.rs" 140 10 140 15] ([#"../knapsack_full.rs" 140 10 140 11] [#"../knapsack_full.rs" 140 10 140 11] (0 : usize)) < j) + switch ([#"../knapsack_full.rs" 140 10 140 15] ([#"../knapsack_full.rs" 140 10 140 11] [#"../knapsack_full.rs" 140 10 140 11] (0 : usize)) < ([#"../knapsack_full.rs" 140 14 140 15] j)) | False -> goto BB67 | True -> goto BB57 end } BB57 { - j <- ([#"../knapsack_full.rs" 141 8 141 14] j - ([#"../knapsack_full.rs" 141 13 141 14] [#"../knapsack_full.rs" 141 13 141 14] (1 : usize))); - _118 <- ([#"../knapsack_full.rs" 142 18 142 26] index0 ([#"../knapsack_full.rs" 142 18 142 23] items) j); + [#"../knapsack_full.rs" 141 8 141 14] j <- ([#"../knapsack_full.rs" 141 8 141 14] j - ([#"../knapsack_full.rs" 141 13 141 14] [#"../knapsack_full.rs" 141 13 141 14] (1 : usize))); + [#"../knapsack_full.rs" 142 18 142 26] _118 <- ([#"../knapsack_full.rs" 142 18 142 26] index0 ([#"../knapsack_full.rs" 142 18 142 23] items) ([#"../knapsack_full.rs" 142 24 142 25] j)); goto BB58 } BB58 { - it1 <- ([#"../knapsack_full.rs" 142 17 142 26] _118); + [#"../knapsack_full.rs" 142 17 142 26] it1 <- ([#"../knapsack_full.rs" 142 17 142 26] _118); assert { [@expl:type invariant] inv1 _118 }; assume { resolve1 _118 }; - _125 <- ([#"../knapsack_full.rs" 143 11 143 28] index1 ([#"../knapsack_full.rs" 143 11 143 21] best_value) ([#"../knapsack_full.rs" 143 22 143 27] j + ([#"../knapsack_full.rs" 143 26 143 27] [#"../knapsack_full.rs" 143 26 143 27] (1 : usize)))); + [#"../knapsack_full.rs" 143 11 143 28] _125 <- ([#"../knapsack_full.rs" 143 11 143 28] index1 ([#"../knapsack_full.rs" 143 11 143 21] best_value) ([#"../knapsack_full.rs" 143 22 143 27] ([#"../knapsack_full.rs" 143 22 143 23] j) + ([#"../knapsack_full.rs" 143 26 143 27] [#"../knapsack_full.rs" 143 26 143 27] (1 : usize)))); goto BB59 } BB59 { - _123 <- ([#"../knapsack_full.rs" 143 11 143 41] index2 ([#"../knapsack_full.rs" 143 11 143 28] _125) left_weight); + [#"../knapsack_full.rs" 143 11 143 41] _123 <- ([#"../knapsack_full.rs" 143 11 143 41] index2 ([#"../knapsack_full.rs" 143 11 143 28] _125) ([#"../knapsack_full.rs" 143 29 143 40] left_weight)); goto BB60 } BB60 { - _133 <- ([#"../knapsack_full.rs" 143 45 143 58] index1 ([#"../knapsack_full.rs" 143 45 143 55] best_value) j); + [#"../knapsack_full.rs" 143 45 143 58] _133 <- ([#"../knapsack_full.rs" 143 45 143 58] index1 ([#"../knapsack_full.rs" 143 45 143 55] best_value) ([#"../knapsack_full.rs" 143 56 143 57] j)); goto BB61 } BB61 { - _131 <- ([#"../knapsack_full.rs" 143 45 143 71] index2 ([#"../knapsack_full.rs" 143 45 143 58] _133) left_weight); + [#"../knapsack_full.rs" 143 45 143 71] _131 <- ([#"../knapsack_full.rs" 143 45 143 71] index2 ([#"../knapsack_full.rs" 143 45 143 58] _133) ([#"../knapsack_full.rs" 143 59 143 70] left_weight)); goto BB62 } BB62 { - switch ([#"../knapsack_full.rs" 143 11 143 71] _123 <> _131) + switch ([#"../knapsack_full.rs" 143 11 143 71] ([#"../knapsack_full.rs" 143 11 143 41] _123) <> ([#"../knapsack_full.rs" 143 45 143 71] _131)) | False -> goto BB65 | True -> goto BB63 end } BB63 { - _138 <- Borrow.borrow_mut result; - result <- ^ _138; + [#"../knapsack_full.rs" 144 12 144 27] _138 <- Borrow.borrow_mut result; + [#"../knapsack_full.rs" 144 12 144 27] result <- ^ _138; assume { inv5 ( ^ _138) }; - _137 <- ([#"../knapsack_full.rs" 144 12 144 27] push0 _138 ([#"../knapsack_full.rs" 144 24 144 26] it1)); + [#"../knapsack_full.rs" 144 12 144 27] _137 <- ([#"../knapsack_full.rs" 144 12 144 27] push0 _138 ([#"../knapsack_full.rs" 144 24 144 26] it1)); _138 <- any borrowed (Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global)); goto BB64 } BB64 { assert { [@expl:type invariant] inv1 it1 }; assume { resolve1 it1 }; - left_weight <- ([#"../knapsack_full.rs" 145 12 145 36] left_weight - KnapsackFull_Item_Type.item_weight it1); - _31 <- ([#"../knapsack_full.rs" 143 72 146 9] ()); + [#"../knapsack_full.rs" 145 12 145 36] left_weight <- ([#"../knapsack_full.rs" 145 12 145 36] left_weight - ([#"../knapsack_full.rs" 145 27 145 36] KnapsackFull_Item_Type.item_weight it1)); + [#"../knapsack_full.rs" 143 72 146 9] _31 <- ([#"../knapsack_full.rs" 143 72 146 9] ()); goto BB66 } BB65 { assert { [@expl:type invariant] inv1 it1 }; assume { resolve1 it1 }; - _31 <- ([#"../knapsack_full.rs" 146 9 146 9] ()); + [#"../knapsack_full.rs" 146 9 146 9] _31 <- ([#"../knapsack_full.rs" 146 9 146 9] ()); goto BB66 } BB66 { @@ -1425,8 +1426,8 @@ module KnapsackFull_Knapsack01Dyn assume { resolve5 best_value }; assert { [@expl:type invariant] inv4 items }; assume { resolve6 items }; - _0 <- result; - result <- any Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global); + [#"../knapsack_full.rs" 149 4 149 10] _0 <- ([#"../knapsack_full.rs" 149 4 149 10] result); + [#"../knapsack_full.rs" 149 4 149 10] result <- any Alloc_Vec_Vec_Type.t_vec (KnapsackFull_Item_Type.t_item name) (Alloc_Alloc_Global_Type.t_global); goto BB68 } BB68 { diff --git a/creusot/tests/should_succeed/lang/assoc_type.mlcfg b/creusot/tests/should_succeed/lang/assoc_type.mlcfg index a09bcdd0f8..f46b83d21a 100644 --- a/creusot/tests/should_succeed/lang/assoc_type.mlcfg +++ b/creusot/tests/should_succeed/lang/assoc_type.mlcfg @@ -23,13 +23,13 @@ module AssocType_Uses3 ensures { result = inv0 _x } type a1 - axiom inv0 : [#"../assoc_type.rs" 1 0 1 0] forall x : AssocType_Nested_Type.t_nested t a0 . inv0 x = true + axiom inv0 : forall x : AssocType_Nested_Type.t_nested t a0 . inv0 x = true predicate resolve0 (self : AssocType_Nested_Type.t_nested t a0) val resolve0 (self : AssocType_Nested_Type.t_nested t a0) : bool ensures { result = resolve0 self } let rec cfg uses3 [#"../assoc_type.rs" 36 0 36 33] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : AssocType_Nested_Type.t_nested t a0) : () - requires {[#"../assoc_type.rs" 1 0 1 0] inv0 _1} + requires {inv0 _1} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -38,7 +38,7 @@ module AssocType_Uses3 goto BB0 } BB0 { - _0 <- ([#"../assoc_type.rs" 36 34 36 36] ()); + [#"../assoc_type.rs" 36 34 36 36] _0 <- ([#"../assoc_type.rs" 36 34 36 36] ()); assert { [@expl:type invariant] inv0 _1 }; assume { resolve0 _1 }; goto BB1 diff --git a/creusot/tests/should_succeed/lang/branch_borrow_2.mlcfg b/creusot/tests/should_succeed/lang/branch_borrow_2.mlcfg index c62901211c..3836180856 100644 --- a/creusot/tests/should_succeed/lang/branch_borrow_2.mlcfg +++ b/creusot/tests/should_succeed/lang/branch_borrow_2.mlcfg @@ -25,15 +25,15 @@ module BranchBorrow2_F goto BB0 } BB0 { - a <- ([#"../branch_borrow_2.rs" 4 16 4 18] [#"../branch_borrow_2.rs" 4 16 4 18] (10 : int32)); - b <- ([#"../branch_borrow_2.rs" 5 16 5 18] [#"../branch_borrow_2.rs" 5 16 5 18] (10 : int32)); - c <- ([#"../branch_borrow_2.rs" 6 16 6 18] [#"../branch_borrow_2.rs" 6 16 6 18] (10 : int32)); - x <- Borrow.borrow_mut a; - a <- ^ x; - y <- Borrow.borrow_mut b; - b <- ^ y; - z <- Borrow.borrow_mut c; - c <- ^ z; + [#"../branch_borrow_2.rs" 4 16 4 18] a <- ([#"../branch_borrow_2.rs" 4 16 4 18] [#"../branch_borrow_2.rs" 4 16 4 18] (10 : int32)); + [#"../branch_borrow_2.rs" 5 16 5 18] b <- ([#"../branch_borrow_2.rs" 5 16 5 18] [#"../branch_borrow_2.rs" 5 16 5 18] (10 : int32)); + [#"../branch_borrow_2.rs" 6 16 6 18] c <- ([#"../branch_borrow_2.rs" 6 16 6 18] [#"../branch_borrow_2.rs" 6 16 6 18] (10 : int32)); + [#"../branch_borrow_2.rs" 8 12 8 18] x <- Borrow.borrow_mut a; + [#"../branch_borrow_2.rs" 8 12 8 18] a <- ^ x; + [#"../branch_borrow_2.rs" 9 12 9 18] y <- Borrow.borrow_mut b; + [#"../branch_borrow_2.rs" 9 12 9 18] b <- ^ y; + [#"../branch_borrow_2.rs" 10 12 10 18] z <- Borrow.borrow_mut c; + [#"../branch_borrow_2.rs" 10 12 10 18] c <- ^ z; switch (([#"../branch_borrow_2.rs" 13 10 13 11] [#"../branch_borrow_2.rs" 13 10 13 11] (3 : int32)) = 1) | True -> goto BB1 | False -> switch (([#"../branch_borrow_2.rs" 13 10 13 11] [#"../branch_borrow_2.rs" 13 10 13 11] (3 : int32)) = 2) @@ -49,48 +49,49 @@ module BranchBorrow2_F goto BB5 } BB3 { - z <- { z with current = ([#"../branch_borrow_2.rs" 23 17 23 18] [#"../branch_borrow_2.rs" 23 17 23 18] (8 : int32)) }; - _12 <- Borrow.borrow_mut ( * z); - z <- { z with current = ^ _12 }; - w <- _12; - _12 <- any borrowed int32; - _8 <- ([#"../branch_borrow_2.rs" 22 13 25 9] ()); + [#"../branch_borrow_2.rs" 23 12 23 18] z <- { z with current = ([#"../branch_borrow_2.rs" 23 12 23 18] [#"../branch_borrow_2.rs" 23 17 23 18] (8 : int32)) }; + [#"../branch_borrow_2.rs" 24 16 24 17] _12 <- Borrow.borrow_mut ( * z); + [#"../branch_borrow_2.rs" 24 16 24 17] z <- { z with current = ^ _12 }; + [#"../branch_borrow_2.rs" 24 12 24 17] w <- ([#"../branch_borrow_2.rs" 24 12 24 17] _12); + [#"../branch_borrow_2.rs" 24 12 24 17] _12 <- any borrowed int32; + [#"../branch_borrow_2.rs" 22 13 25 9] _8 <- ([#"../branch_borrow_2.rs" 22 13 25 9] ()); goto BB6 } BB4 { assume { resolve0 z }; assume { resolve0 y }; - x <- { x with current = ([#"../branch_borrow_2.rs" 15 17 15 18] [#"../branch_borrow_2.rs" 15 17 15 18] (6 : int32)) }; - w <- x; - x <- any borrowed int32; - _8 <- ([#"../branch_borrow_2.rs" 14 13 17 9] ()); + [#"../branch_borrow_2.rs" 15 12 15 18] x <- { x with current = ([#"../branch_borrow_2.rs" 15 12 15 18] [#"../branch_borrow_2.rs" 15 17 15 18] (6 : int32)) }; + [#"../branch_borrow_2.rs" 16 12 16 17] w <- ([#"../branch_borrow_2.rs" 16 16 16 17] x); + [#"../branch_borrow_2.rs" 16 16 16 17] x <- any borrowed int32; + [#"../branch_borrow_2.rs" 14 13 17 9] _8 <- ([#"../branch_borrow_2.rs" 14 13 17 9] ()); goto BB6 } BB5 { assume { resolve0 z }; - y <- { y with current = ([#"../branch_borrow_2.rs" 19 17 19 18] [#"../branch_borrow_2.rs" 19 17 19 18] (7 : int32)) }; - _11 <- Borrow.borrow_mut ( * y); - y <- { y with current = ^ _11 }; - w <- _11; - _11 <- any borrowed int32; - _8 <- ([#"../branch_borrow_2.rs" 18 13 21 9] ()); + [#"../branch_borrow_2.rs" 19 12 19 18] y <- { y with current = ([#"../branch_borrow_2.rs" 19 12 19 18] [#"../branch_borrow_2.rs" 19 17 19 18] (7 : int32)) }; + [#"../branch_borrow_2.rs" 20 16 20 17] _11 <- Borrow.borrow_mut ( * y); + [#"../branch_borrow_2.rs" 20 16 20 17] y <- { y with current = ^ _11 }; + [#"../branch_borrow_2.rs" 20 12 20 17] w <- ([#"../branch_borrow_2.rs" 20 12 20 17] _11); + [#"../branch_borrow_2.rs" 20 12 20 17] _11 <- any borrowed int32; + [#"../branch_borrow_2.rs" 18 13 21 9] _8 <- ([#"../branch_borrow_2.rs" 18 13 21 9] ()); goto BB6 } BB6 { - w <- { w with current = ([#"../branch_borrow_2.rs" 28 9 28 10] [#"../branch_borrow_2.rs" 28 9 28 10] (5 : int32)) }; + [#"../branch_borrow_2.rs" 28 4 28 10] w <- { w with current = ([#"../branch_borrow_2.rs" 28 4 28 10] [#"../branch_borrow_2.rs" 28 9 28 10] (5 : int32)) }; assume { resolve0 w }; assume { resolve0 z }; assume { resolve0 y }; - switch ([#"../branch_borrow_2.rs" 30 4 30 19] not ([#"../branch_borrow_2.rs" 30 12 30 18] c = ([#"../branch_borrow_2.rs" 30 17 30 18] [#"../branch_borrow_2.rs" 30 17 30 18] (5 : int32)))) + switch ([#"../branch_borrow_2.rs" 30 4 30 19] not ([#"../branch_borrow_2.rs" 30 12 30 18] ([#"../branch_borrow_2.rs" 30 12 30 13] c) = ([#"../branch_borrow_2.rs" 30 17 30 18] [#"../branch_borrow_2.rs" 30 17 30 18] (5 : int32)))) | False -> goto BB8 | True -> goto BB7 end } BB7 { + assert { [#"../branch_borrow_2.rs" 30 4 30 19] false }; absurd } BB8 { - _0 <- ([#"../branch_borrow_2.rs" 3 11 31 1] ()); + [#"../branch_borrow_2.rs" 3 11 31 1] _0 <- ([#"../branch_borrow_2.rs" 3 11 31 1] ()); return _0 } BB10 { @@ -155,18 +156,18 @@ module BranchBorrow2_G goto BB0 } BB0 { - a <- ([#"../branch_borrow_2.rs" 36 16 36 37] (([#"../branch_borrow_2.rs" 36 17 36 26] BranchBorrow2_MyInt_Type.C_MyInt ([#"../branch_borrow_2.rs" 36 23 36 25] [#"../branch_borrow_2.rs" 36 23 36 25] (10 : usize))), ([#"../branch_borrow_2.rs" 36 28 36 36] BranchBorrow2_MyInt_Type.C_MyInt ([#"../branch_borrow_2.rs" 36 34 36 35] [#"../branch_borrow_2.rs" 36 34 36 35] (5 : usize))))); - b <- Borrow.borrow_mut a; - a <- ^ b; - c <- Borrow.borrow_mut (let (_, a) = * b in a); - b <- { b with current = (let (x0, x1) = * b in (x0, ^ c)) }; - d <- Borrow.borrow_mut (let (a, _) = * b in a); - b <- { b with current = (let (x0, x1) = * b in ( ^ d, x1)) }; + [#"../branch_borrow_2.rs" 36 16 36 37] a <- ([#"../branch_borrow_2.rs" 36 16 36 37] (([#"../branch_borrow_2.rs" 36 17 36 26] BranchBorrow2_MyInt_Type.C_MyInt ([#"../branch_borrow_2.rs" 36 23 36 25] [#"../branch_borrow_2.rs" 36 23 36 25] (10 : usize))), ([#"../branch_borrow_2.rs" 36 28 36 36] BranchBorrow2_MyInt_Type.C_MyInt ([#"../branch_borrow_2.rs" 36 34 36 35] [#"../branch_borrow_2.rs" 36 34 36 35] (5 : usize))))); + [#"../branch_borrow_2.rs" 37 12 37 18] b <- Borrow.borrow_mut a; + [#"../branch_borrow_2.rs" 37 12 37 18] a <- ^ b; + [#"../branch_borrow_2.rs" 39 12 39 20] c <- Borrow.borrow_mut (let (_, a) = * b in a); + [#"../branch_borrow_2.rs" 39 12 39 20] b <- { b with current = (let (x0, x1) = * b in (x0, ^ c)) }; + [#"../branch_borrow_2.rs" 40 12 40 20] d <- Borrow.borrow_mut (let (a, _) = * b in a); + [#"../branch_borrow_2.rs" 40 12 40 20] b <- { b with current = (let (x0, x1) = * b in ( ^ d, x1)) }; assume { resolve0 c }; assume { resolve0 d }; assume { resolve1 b }; assume { resolve2 a }; - _0 <- ([#"../branch_borrow_2.rs" 35 11 43 1] ()); + [#"../branch_borrow_2.rs" 35 11 43 1] _0 <- ([#"../branch_borrow_2.rs" 35 11 43 1] ()); return _0 } @@ -194,12 +195,12 @@ module BranchBorrow2_H goto BB0 } BB0 { - a <- ([#"../branch_borrow_2.rs" 46 16 46 18] [#"../branch_borrow_2.rs" 46 16 46 18] (10 : int32)); - b <- ([#"../branch_borrow_2.rs" 47 16 47 18] [#"../branch_borrow_2.rs" 47 16 47 18] (10 : int32)); - x <- Borrow.borrow_mut a; - a <- ^ x; - y <- Borrow.borrow_mut b; - b <- ^ y; + [#"../branch_borrow_2.rs" 46 16 46 18] a <- ([#"../branch_borrow_2.rs" 46 16 46 18] [#"../branch_borrow_2.rs" 46 16 46 18] (10 : int32)); + [#"../branch_borrow_2.rs" 47 16 47 18] b <- ([#"../branch_borrow_2.rs" 47 16 47 18] [#"../branch_borrow_2.rs" 47 16 47 18] (10 : int32)); + [#"../branch_borrow_2.rs" 49 12 49 18] x <- Borrow.borrow_mut a; + [#"../branch_borrow_2.rs" 49 12 49 18] a <- ^ x; + [#"../branch_borrow_2.rs" 50 12 50 18] y <- Borrow.borrow_mut b; + [#"../branch_borrow_2.rs" 50 12 50 18] b <- ^ y; switch ([#"../branch_borrow_2.rs" 52 7 52 11] [#"../branch_borrow_2.rs" 52 7 52 11] true) | False -> goto BB2 | True -> goto BB1 @@ -207,25 +208,25 @@ module BranchBorrow2_H } BB1 { assume { resolve0 y }; - x <- { x with current = ([#"../branch_borrow_2.rs" 53 13 53 14] [#"../branch_borrow_2.rs" 53 13 53 14] (5 : int32)) }; - w <- x; - x <- any borrowed int32; - _6 <- ([#"../branch_borrow_2.rs" 52 12 55 5] ()); + [#"../branch_borrow_2.rs" 53 8 53 14] x <- { x with current = ([#"../branch_borrow_2.rs" 53 8 53 14] [#"../branch_borrow_2.rs" 53 13 53 14] (5 : int32)) }; + [#"../branch_borrow_2.rs" 54 8 54 13] w <- ([#"../branch_borrow_2.rs" 54 12 54 13] x); + [#"../branch_borrow_2.rs" 54 12 54 13] x <- any borrowed int32; + [#"../branch_borrow_2.rs" 52 12 55 5] _6 <- ([#"../branch_borrow_2.rs" 52 12 55 5] ()); goto BB3 } BB2 { assume { resolve0 x }; - y <- { y with current = ([#"../branch_borrow_2.rs" 56 13 56 14] [#"../branch_borrow_2.rs" 56 13 56 14] (6 : int32)) }; - _9 <- Borrow.borrow_mut ( * y); - y <- { y with current = ^ _9 }; - w <- _9; - _9 <- any borrowed int32; - _6 <- ([#"../branch_borrow_2.rs" 55 11 60 5] ()); + [#"../branch_borrow_2.rs" 56 8 56 14] y <- { y with current = ([#"../branch_borrow_2.rs" 56 8 56 14] [#"../branch_borrow_2.rs" 56 13 56 14] (6 : int32)) }; + [#"../branch_borrow_2.rs" 57 12 57 13] _9 <- Borrow.borrow_mut ( * y); + [#"../branch_borrow_2.rs" 57 12 57 13] y <- { y with current = ^ _9 }; + [#"../branch_borrow_2.rs" 57 8 57 13] w <- ([#"../branch_borrow_2.rs" 57 8 57 13] _9); + [#"../branch_borrow_2.rs" 57 8 57 13] _9 <- any borrowed int32; + [#"../branch_borrow_2.rs" 55 11 60 5] _6 <- ([#"../branch_borrow_2.rs" 55 11 60 5] ()); goto BB3 } BB3 { assume { resolve0 w }; - _0 <- ([#"../branch_borrow_2.rs" 45 11 68 1] ()); + [#"../branch_borrow_2.rs" 45 11 68 1] _0 <- ([#"../branch_borrow_2.rs" 45 11 68 1] ()); assume { resolve0 y }; return _0 } diff --git a/creusot/tests/should_succeed/lang/const.mlcfg b/creusot/tests/should_succeed/lang/const.mlcfg index 62fdaaac08..a792facef9 100644 --- a/creusot/tests/should_succeed/lang/const.mlcfg +++ b/creusot/tests/should_succeed/lang/const.mlcfg @@ -11,7 +11,7 @@ module Const_Foo goto BB0 } BB0 { - _0 <- ([#"../const.rs" 9 4 9 7] [#"../const.rs" 9 4 9 7] (42 : usize)); + [#"../const.rs" 9 4 9 7] _0 <- ([#"../const.rs" 9 4 9 7] [#"../const.rs" 9 4 9 7] (42 : usize)); return _0 } diff --git a/creusot/tests/should_succeed/lang/empty.mlcfg b/creusot/tests/should_succeed/lang/empty.mlcfg index 35124f58cc..f7c4f28c0a 100644 --- a/creusot/tests/should_succeed/lang/empty.mlcfg +++ b/creusot/tests/should_succeed/lang/empty.mlcfg @@ -7,7 +7,7 @@ module Empty_F goto BB0 } BB0 { - _0 <- ([#"../empty.rs" 4 4 4 10] ()); + [#"../empty.rs" 4 4 4 10] _0 <- ([#"../empty.rs" 4 4 4 10] ()); return _0 } diff --git a/creusot/tests/should_succeed/lang/float_ops.mlcfg b/creusot/tests/should_succeed/lang/float_ops.mlcfg index b2204227ef..bca734789b 100644 --- a/creusot/tests/should_succeed/lang/float_ops.mlcfg +++ b/creusot/tests/should_succeed/lang/float_ops.mlcfg @@ -10,7 +10,7 @@ module FloatOps_Eq goto BB0 } BB0 { - _0 <- ([#"../float_ops.rs" 6 4 6 14] ([#"../float_ops.rs" 6 4 6 7] [#"../float_ops.rs" 6 4 6 7] (1.0 : Float64.t)) .= ([#"../float_ops.rs" 6 11 6 14] [#"../float_ops.rs" 6 11 6 14] (2.0 : Float64.t))); + [#"../float_ops.rs" 6 4 6 14] _0 <- ([#"../float_ops.rs" 6 4 6 14] ([#"../float_ops.rs" 6 4 6 7] [#"../float_ops.rs" 6 4 6 7] (1.0 : Float64.t)) .= ([#"../float_ops.rs" 6 11 6 14] [#"../float_ops.rs" 6 11 6 14] (2.0 : Float64.t))); return _0 } @@ -26,7 +26,7 @@ module FloatOps_Lt goto BB0 } BB0 { - _0 <- ([#"../float_ops.rs" 11 4 11 13] ([#"../float_ops.rs" 11 4 11 7] [#"../float_ops.rs" 11 4 11 7] (1.0 : Float64.t)) .< ([#"../float_ops.rs" 11 10 11 13] [#"../float_ops.rs" 11 10 11 13] (2.0 : Float64.t))); + [#"../float_ops.rs" 11 4 11 13] _0 <- ([#"../float_ops.rs" 11 4 11 13] ([#"../float_ops.rs" 11 4 11 7] [#"../float_ops.rs" 11 4 11 7] (1.0 : Float64.t)) .< ([#"../float_ops.rs" 11 10 11 13] [#"../float_ops.rs" 11 10 11 13] (2.0 : Float64.t))); return _0 } @@ -42,7 +42,7 @@ module FloatOps_Le goto BB0 } BB0 { - _0 <- ([#"../float_ops.rs" 16 4 16 14] ([#"../float_ops.rs" 16 4 16 7] [#"../float_ops.rs" 16 4 16 7] (1.0 : Float64.t)) .<= ([#"../float_ops.rs" 16 11 16 14] [#"../float_ops.rs" 16 11 16 14] (2.0 : Float64.t))); + [#"../float_ops.rs" 16 4 16 14] _0 <- ([#"../float_ops.rs" 16 4 16 14] ([#"../float_ops.rs" 16 4 16 7] [#"../float_ops.rs" 16 4 16 7] (1.0 : Float64.t)) .<= ([#"../float_ops.rs" 16 11 16 14] [#"../float_ops.rs" 16 11 16 14] (2.0 : Float64.t))); return _0 } @@ -58,7 +58,7 @@ module FloatOps_Gt goto BB0 } BB0 { - _0 <- ([#"../float_ops.rs" 21 4 21 13] ([#"../float_ops.rs" 21 4 21 7] [#"../float_ops.rs" 21 4 21 7] (2.0 : Float64.t)) .> ([#"../float_ops.rs" 21 10 21 13] [#"../float_ops.rs" 21 10 21 13] (1.0 : Float64.t))); + [#"../float_ops.rs" 21 4 21 13] _0 <- ([#"../float_ops.rs" 21 4 21 13] ([#"../float_ops.rs" 21 4 21 7] [#"../float_ops.rs" 21 4 21 7] (2.0 : Float64.t)) .> ([#"../float_ops.rs" 21 10 21 13] [#"../float_ops.rs" 21 10 21 13] (1.0 : Float64.t))); return _0 } @@ -74,7 +74,7 @@ module FloatOps_Ge goto BB0 } BB0 { - _0 <- ([#"../float_ops.rs" 26 4 26 14] ([#"../float_ops.rs" 26 4 26 7] [#"../float_ops.rs" 26 4 26 7] (2.0 : Float64.t)) .>= ([#"../float_ops.rs" 26 11 26 14] [#"../float_ops.rs" 26 11 26 14] (1.0 : Float64.t))); + [#"../float_ops.rs" 26 4 26 14] _0 <- ([#"../float_ops.rs" 26 4 26 14] ([#"../float_ops.rs" 26 4 26 7] [#"../float_ops.rs" 26 4 26 7] (2.0 : Float64.t)) .>= ([#"../float_ops.rs" 26 11 26 14] [#"../float_ops.rs" 26 11 26 14] (1.0 : Float64.t))); return _0 } @@ -90,7 +90,7 @@ module FloatOps_Neg goto BB0 } BB0 { - _0 <- ([#"../float_ops.rs" 31 4 31 15] ([#"../float_ops.rs" 31 4 31 8] [#"../float_ops.rs" 31 4 31 8] (-2.0 : Float64.t)) .<= ([#"../float_ops.rs" 31 12 31 15] [#"../float_ops.rs" 31 12 31 15] (1.0 : Float64.t))); + [#"../float_ops.rs" 31 4 31 15] _0 <- ([#"../float_ops.rs" 31 4 31 15] ([#"../float_ops.rs" 31 4 31 8] [#"../float_ops.rs" 31 4 31 8] (-2.0 : Float64.t)) .<= ([#"../float_ops.rs" 31 12 31 15] [#"../float_ops.rs" 31 12 31 15] (1.0 : Float64.t))); return _0 } diff --git a/creusot/tests/should_succeed/lang/literals.mlcfg b/creusot/tests/should_succeed/lang/literals.mlcfg index e498fa9f46..5fa569fbe6 100644 --- a/creusot/tests/should_succeed/lang/literals.mlcfg +++ b/creusot/tests/should_succeed/lang/literals.mlcfg @@ -10,18 +10,18 @@ module Literals_FloatOperation goto BB0 } BB0 { - x <- ([#"../literals.rs" 4 17 4 20] [#"../literals.rs" 4 17 4 20] (0.0 : Float32.t)); - switch ([#"../literals.rs" 6 7 6 24] ([#"../literals.rs" 6 7 6 17] x .+ ([#"../literals.rs" 6 11 6 17] [#"../literals.rs" 6 11 6 17] (0x1.020c40000000p0 : Float32.t))) .= ([#"../literals.rs" 6 21 6 24] [#"../literals.rs" 6 21 6 24] (2.0 : Float32.t))) + [#"../literals.rs" 4 17 4 20] x <- ([#"../literals.rs" 4 17 4 20] [#"../literals.rs" 4 17 4 20] (0.0 : Float32.t)); + switch ([#"../literals.rs" 6 7 6 24] ([#"../literals.rs" 6 7 6 17] ([#"../literals.rs" 6 7 6 8] x) .+ ([#"../literals.rs" 6 11 6 17] [#"../literals.rs" 6 11 6 17] (0x1.020c40000000p0 : Float32.t))) .= ([#"../literals.rs" 6 21 6 24] [#"../literals.rs" 6 21 6 24] (2.0 : Float32.t))) | False -> goto BB2 | True -> goto BB1 end } BB1 { - _0 <- ([#"../literals.rs" 7 8 7 17] ([#"../literals.rs" 7 8 7 11] [#"../literals.rs" 7 8 7 11] (3.0 : Float32.t)) .- ([#"../literals.rs" 7 14 7 17] [#"../literals.rs" 7 14 7 17] (1.0 : Float32.t))); + [#"../literals.rs" 7 8 7 17] _0 <- ([#"../literals.rs" 7 8 7 17] ([#"../literals.rs" 7 8 7 11] [#"../literals.rs" 7 8 7 11] (3.0 : Float32.t)) .- ([#"../literals.rs" 7 14 7 17] [#"../literals.rs" 7 14 7 17] (1.0 : Float32.t))); goto BB3 } BB2 { - _0 <- ([#"../literals.rs" 9 8 9 11] [#"../literals.rs" 9 8 9 11] (0.0 : Float32.t)); + [#"../literals.rs" 9 8 9 11] _0 <- ([#"../literals.rs" 9 8 9 11] [#"../literals.rs" 9 8 9 11] (0.0 : Float32.t)); goto BB3 } BB3 { diff --git a/creusot/tests/should_succeed/lang/module_paths.mlcfg b/creusot/tests/should_succeed/lang/module_paths.mlcfg index 28eae8cfee..2fc2f76563 100644 --- a/creusot/tests/should_succeed/lang/module_paths.mlcfg +++ b/creusot/tests/should_succeed/lang/module_paths.mlcfg @@ -38,7 +38,7 @@ module ModulePaths_Test goto BB0 } BB0 { - _0 <- ([#"../module_paths.rs" 22 52 22 54] ()); + [#"../module_paths.rs" 22 52 22 54] _0 <- ([#"../module_paths.rs" 22 52 22 54] ()); return _0 } diff --git a/creusot/tests/should_succeed/lang/modules.mlcfg b/creusot/tests/should_succeed/lang/modules.mlcfg index 475a51a39b..a353e82c30 100644 --- a/creusot/tests/should_succeed/lang/modules.mlcfg +++ b/creusot/tests/should_succeed/lang/modules.mlcfg @@ -23,9 +23,9 @@ module Modules_Nested_InnerFunc goto BB0 } BB0 { - _2 <- ([#"../modules.rs" 14 16 14 28] Modules_Nested_Nested_Type.C_Test); + [#"../modules.rs" 14 16 14 28] _2 <- ([#"../modules.rs" 14 16 14 28] Modules_Nested_Nested_Type.C_Test); assume { resolve0 _2 }; - _0 <- ([#"../modules.rs" 15 8 15 12] [#"../modules.rs" 15 8 15 12] true); + [#"../modules.rs" 15 8 15 12] _0 <- ([#"../modules.rs" 15 8 15 12] [#"../modules.rs" 15 8 15 12] true); return _0 } @@ -38,7 +38,7 @@ module Modules_Nested_Further_Another goto BB0 } BB0 { - _0 <- ([#"../modules.rs" 20 12 20 17] [#"../modules.rs" 20 12 20 17] false); + [#"../modules.rs" 20 12 20 17] _0 <- ([#"../modules.rs" 20 12 20 17] [#"../modules.rs" 20 12 20 17] false); return _0 } @@ -57,15 +57,15 @@ module Modules_F goto BB0 } BB0 { - _1 <- ([#"../modules.rs" 26 4 26 24] inner_func0 ()); + [#"../modules.rs" 26 4 26 24] _1 <- ([#"../modules.rs" 26 4 26 24] inner_func0 ()); goto BB1 } BB1 { - _2 <- ([#"../modules.rs" 28 4 28 13] another0 ()); + [#"../modules.rs" 28 4 28 13] _2 <- ([#"../modules.rs" 28 4 28 13] another0 ()); goto BB2 } BB2 { - _0 <- ([#"../modules.rs" 25 11 29 1] ()); + [#"../modules.rs" 25 11 29 1] _0 <- ([#"../modules.rs" 25 11 29 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/lang/move_path.mlcfg b/creusot/tests/should_succeed/lang/move_path.mlcfg index 2e0bc5da15..3532e951e0 100644 --- a/creusot/tests/should_succeed/lang/move_path.mlcfg +++ b/creusot/tests/should_succeed/lang/move_path.mlcfg @@ -19,16 +19,16 @@ module MovePath_F goto BB0 } BB0 { - x <- ([#"../move_path.rs" 4 16 4 17] [#"../move_path.rs" 4 16 4 17] (1 : int32)); - y <- Borrow.borrow_mut x; - x <- ^ y; - d <- y; - y <- any borrowed int32; - z <- d; - d <- any borrowed int32; - z <- { z with current = ([#"../move_path.rs" 10 17 10 18] [#"../move_path.rs" 10 17 10 18] (2 : int32)) }; + [#"../move_path.rs" 4 16 4 17] x <- ([#"../move_path.rs" 4 16 4 17] [#"../move_path.rs" 4 16 4 17] (1 : int32)); + [#"../move_path.rs" 6 12 6 18] y <- Borrow.borrow_mut x; + [#"../move_path.rs" 6 12 6 18] x <- ^ y; + [#"../move_path.rs" 7 12 7 13] d <- ([#"../move_path.rs" 7 12 7 13] y); + [#"../move_path.rs" 7 12 7 13] y <- any borrowed int32; + [#"../move_path.rs" 8 12 8 13] z <- ([#"../move_path.rs" 8 12 8 13] d); + [#"../move_path.rs" 8 12 8 13] d <- any borrowed int32; + [#"../move_path.rs" 10 12 10 18] z <- { z with current = ([#"../move_path.rs" 10 12 10 18] [#"../move_path.rs" 10 17 10 18] (2 : int32)) }; assume { resolve0 z }; - _0 <- ([#"../move_path.rs" 3 11 15 1] ()); + [#"../move_path.rs" 3 11 15 1] _0 <- ([#"../move_path.rs" 3 11 15 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/lang/multiple_scopes.mlcfg b/creusot/tests/should_succeed/lang/multiple_scopes.mlcfg index 0a524dfe2b..6ad2202d29 100644 --- a/creusot/tests/should_succeed/lang/multiple_scopes.mlcfg +++ b/creusot/tests/should_succeed/lang/multiple_scopes.mlcfg @@ -13,11 +13,11 @@ module MultipleScopes_MultipleScopes goto BB0 } BB0 { - _x <- ([#"../multiple_scopes.rs" 5 17 5 18] [#"../multiple_scopes.rs" 5 17 5 18] (1 : int32)); - _y <- ([#"../multiple_scopes.rs" 6 13 6 14] [#"../multiple_scopes.rs" 6 13 6 14] (2 : int32)); - _y1 <- ([#"../multiple_scopes.rs" 8 17 8 18] [#"../multiple_scopes.rs" 8 17 8 18] (3 : int32)); - _x <- _y1; - _0 <- ([#"../multiple_scopes.rs" 7 4 10 5] ()); + [#"../multiple_scopes.rs" 5 17 5 18] _x <- ([#"../multiple_scopes.rs" 5 17 5 18] [#"../multiple_scopes.rs" 5 17 5 18] (1 : int32)); + [#"../multiple_scopes.rs" 6 13 6 14] _y <- ([#"../multiple_scopes.rs" 6 13 6 14] [#"../multiple_scopes.rs" 6 13 6 14] (2 : int32)); + [#"../multiple_scopes.rs" 8 17 8 18] _y1 <- ([#"../multiple_scopes.rs" 8 17 8 18] [#"../multiple_scopes.rs" 8 17 8 18] (3 : int32)); + [#"../multiple_scopes.rs" 9 8 9 15] _x <- ([#"../multiple_scopes.rs" 9 13 9 15] _y1); + [#"../multiple_scopes.rs" 7 4 10 5] _0 <- ([#"../multiple_scopes.rs" 7 4 10 5] ()); return _0 } diff --git a/creusot/tests/should_succeed/lang/promoted_constants.mlcfg b/creusot/tests/should_succeed/lang/promoted_constants.mlcfg index 643efa960e..1ee6a720cd 100644 --- a/creusot/tests/should_succeed/lang/promoted_constants.mlcfg +++ b/creusot/tests/should_succeed/lang/promoted_constants.mlcfg @@ -38,10 +38,10 @@ module PromotedConstants_PromotedNone goto BB0 } BB0 { - _ix <- ([#"../promoted_constants.rs" 4 14 4 21] Core_Option_Option_Type.C_Some ([#"../promoted_constants.rs" 4 19 4 20] [#"../promoted_constants.rs" 4 19 4 20] (0 : int32))); - _11 <- ([#"../promoted_constants.rs" 6 11 6 20] [#"../promoted_constants.rs" 6 11 6 20] promoted1); - _10 <- ([#"../promoted_constants.rs" 6 22 6 31] [#"../promoted_constants.rs" 6 22 6 31] promoted0); - _2 <- ([#"../promoted_constants.rs" 6 10 6 32] (([#"../promoted_constants.rs" 6 11 6 20] _11), ([#"../promoted_constants.rs" 6 22 6 31] _10))); + [#"../promoted_constants.rs" 4 14 4 21] _ix <- ([#"../promoted_constants.rs" 4 14 4 21] Core_Option_Option_Type.C_Some ([#"../promoted_constants.rs" 4 19 4 20] [#"../promoted_constants.rs" 4 19 4 20] (0 : int32))); + [#"../promoted_constants.rs" 6 11 6 20] _11 <- ([#"../promoted_constants.rs" 6 11 6 20] [#"../promoted_constants.rs" 6 11 6 20] promoted1); + [#"../promoted_constants.rs" 6 22 6 31] _10 <- ([#"../promoted_constants.rs" 6 22 6 31] [#"../promoted_constants.rs" 6 22 6 31] promoted0); + [#"../promoted_constants.rs" 6 10 6 32] _2 <- ([#"../promoted_constants.rs" 6 10 6 32] (([#"../promoted_constants.rs" 6 11 6 20] _11), ([#"../promoted_constants.rs" 6 22 6 31] _10))); switch (let (a, _) = _2 in a) | Core_Option_Option_Type.C_None -> goto BB1 | _ -> goto BB6 @@ -58,10 +58,11 @@ module PromotedConstants_PromotedNone goto BB4 } BB3 { - _0 <- ([#"../promoted_constants.rs" 8 13 8 15] ()); + [#"../promoted_constants.rs" 8 13 8 15] _0 <- ([#"../promoted_constants.rs" 8 13 8 15] ()); return _0 } BB4 { + assert { false }; absurd } BB6 { @@ -86,18 +87,19 @@ module PromotedConstants_PromotedInt goto BB0 } BB0 { - _9 <- ([#"../promoted_constants.rs" 13 13 13 26] [#"../promoted_constants.rs" 13 13 13 26] promoted0); - ix <- ([#"../promoted_constants.rs" 13 13 13 26] _9); - switch ([#"../promoted_constants.rs" 15 7 15 16] ix <> ([#"../promoted_constants.rs" 15 14 15 16] [#"../promoted_constants.rs" 15 14 15 16] (16 : int32))) + [#"../promoted_constants.rs" 13 13 13 26] _9 <- ([#"../promoted_constants.rs" 13 13 13 26] [#"../promoted_constants.rs" 13 13 13 26] promoted0); + [#"../promoted_constants.rs" 13 13 13 26] ix <- ([#"../promoted_constants.rs" 13 13 13 26] _9); + switch ([#"../promoted_constants.rs" 15 7 15 16] ([#"../promoted_constants.rs" 15 7 15 10] ix) <> ([#"../promoted_constants.rs" 15 14 15 16] [#"../promoted_constants.rs" 15 14 15 16] (16 : int32))) | False -> goto BB2 | True -> goto BB1 end } BB1 { + assert { false }; absurd } BB2 { - _0 <- ([#"../promoted_constants.rs" 17 5 17 5] ()); + [#"../promoted_constants.rs" 17 5 17 5] _0 <- ([#"../promoted_constants.rs" 17 5 17 5] ()); return _0 } @@ -160,7 +162,7 @@ module PromotedConstants_String goto BB0 } BB0 { - _0 <- ([#"../promoted_constants.rs" 20 26 20 28] ()); + [#"../promoted_constants.rs" 20 26 20 28] _0 <- ([#"../promoted_constants.rs" 20 26 20 28] ()); goto BB1 } BB1 { @@ -178,8 +180,8 @@ module PromotedConstants_Str goto BB0 } BB0 { - _s <- ([#"../promoted_constants.rs" 23 13 23 115] [#"../promoted_constants.rs" 23 13 23 115] "1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890"); - _0 <- ([#"../promoted_constants.rs" 22 13 24 1] ()); + [#"../promoted_constants.rs" 23 13 23 115] _s <- ([#"../promoted_constants.rs" 23 13 23 115] [#"../promoted_constants.rs" 23 13 23 115] "1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890"); + [#"../promoted_constants.rs" 22 13 24 1] _0 <- ([#"../promoted_constants.rs" 22 13 24 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/lang/unary_op.mlcfg b/creusot/tests/should_succeed/lang/unary_op.mlcfg index 7669b7ed0f..a8e84db9ce 100644 --- a/creusot/tests/should_succeed/lang/unary_op.mlcfg +++ b/creusot/tests/should_succeed/lang/unary_op.mlcfg @@ -13,10 +13,11 @@ module UnaryOp_F end } BB1 { + assert { [#"../unary_op.rs" 5 4 5 19] false }; absurd } BB2 { - _0 <- ([#"../unary_op.rs" 4 11 6 1] ()); + [#"../unary_op.rs" 4 11 6 1] _0 <- ([#"../unary_op.rs" 4 11 6 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/lang/unions.mlcfg b/creusot/tests/should_succeed/lang/unions.mlcfg index 16544c6cb7..55e9d71ede 100644 --- a/creusot/tests/should_succeed/lang/unions.mlcfg +++ b/creusot/tests/should_succeed/lang/unions.mlcfg @@ -17,7 +17,7 @@ module Unions_X goto BB0 } BB0 { - _0 <- ([#"../unions.rs" 10 24 10 26] ()); + [#"../unions.rs" 10 24 10 26] _0 <- ([#"../unions.rs" 10 24 10 26] ()); return _0 } diff --git a/creusot/tests/should_succeed/lang/while_let.mlcfg b/creusot/tests/should_succeed/lang/while_let.mlcfg index 6ffa21f23b..3a9c3032b5 100644 --- a/creusot/tests/should_succeed/lang/while_let.mlcfg +++ b/creusot/tests/should_succeed/lang/while_let.mlcfg @@ -24,9 +24,9 @@ module WhileLet_F goto BB0 } BB0 { - a <- ([#"../while_let.rs" 5 16 5 24] Core_Option_Option_Type.C_Some ([#"../while_let.rs" 5 21 5 23] [#"../while_let.rs" 5 21 5 23] (10 : int32))); - b <- Borrow.borrow_mut a; - a <- ^ b; + [#"../while_let.rs" 5 16 5 24] a <- ([#"../while_let.rs" 5 16 5 24] Core_Option_Option_Type.C_Some ([#"../while_let.rs" 5 21 5 23] [#"../while_let.rs" 5 21 5 23] (10 : int32))); + [#"../while_let.rs" 6 12 6 18] b <- Borrow.borrow_mut a; + [#"../while_let.rs" 6 12 6 18] a <- ^ b; goto BB1 } BB1 { @@ -43,12 +43,12 @@ module WhileLet_F goto BB4 } BB4 { - b <- { b with current = ([#"../while_let.rs" 10 13 10 17] Core_Option_Option_Type.C_None) }; + [#"../while_let.rs" 10 8 10 17] b <- { b with current = ([#"../while_let.rs" 10 13 10 17] Core_Option_Option_Type.C_None) }; goto BB1 } BB5 { assume { resolve0 b }; - _0 <- ([#"../while_let.rs" 9 4 11 5] ()); + [#"../while_let.rs" 9 4 11 5] _0 <- ([#"../while_let.rs" 9 4 11 5] ()); return _0 } diff --git a/creusot/tests/should_succeed/list_index_mut.mlcfg b/creusot/tests/should_succeed/list_index_mut.mlcfg index e709699128..8aae0b348d 100644 --- a/creusot/tests/should_succeed/list_index_mut.mlcfg +++ b/creusot/tests/should_succeed/list_index_mut.mlcfg @@ -34,7 +34,7 @@ module ListIndexMut_IndexMut val inv2 (_x : Core_Option_Option_Type.t_option (borrowed (ListIndexMut_List_Type.t_list))) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../list_index_mut.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (borrowed (ListIndexMut_List_Type.t_list)) . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option (borrowed (ListIndexMut_List_Type.t_list)) . inv2 x = true predicate invariant1 (self : borrowed (ListIndexMut_List_Type.t_list)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : borrowed (ListIndexMut_List_Type.t_list)) : bool @@ -44,7 +44,7 @@ module ListIndexMut_IndexMut val inv1 (_x : borrowed (ListIndexMut_List_Type.t_list)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../list_index_mut.rs" 1 0 1 0] forall x : borrowed (ListIndexMut_List_Type.t_list) . inv1 x = true + axiom inv1 : forall x : borrowed (ListIndexMut_List_Type.t_list) . inv1 x = true predicate invariant0 (self : borrowed (Core_Option_Option_Type.t_option (ListIndexMut_List_Type.t_list))) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : borrowed (Core_Option_Option_Type.t_option (ListIndexMut_List_Type.t_list))) : bool @@ -54,7 +54,7 @@ module ListIndexMut_IndexMut val inv0 (_x : borrowed (Core_Option_Option_Type.t_option (ListIndexMut_List_Type.t_list))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../list_index_mut.rs" 1 0 1 0] forall x : borrowed (Core_Option_Option_Type.t_option (ListIndexMut_List_Type.t_list)) . inv0 x = true + axiom inv0 : forall x : borrowed (Core_Option_Option_Type.t_option (ListIndexMut_List_Type.t_list)) . inv0 x = true use prelude.UInt32 use prelude.UIntSize use prelude.Ghost @@ -147,11 +147,11 @@ module ListIndexMut_IndexMut goto BB0 } BB0 { - old_l <- ([#"../list_index_mut.rs" 38 16 38 25] Ghost.new l); + [#"../list_index_mut.rs" 38 16 38 25] old_l <- ([#"../list_index_mut.rs" 38 16 38 25] Ghost.new l); goto BB1 } BB1 { - old_ix <- ([#"../list_index_mut.rs" 39 17 39 27] Ghost.new ix); + [#"../list_index_mut.rs" 39 17 39 27] old_ix <- ([#"../list_index_mut.rs" 39 17 39 27] Ghost.new ix); goto BB2 } BB2 { @@ -166,40 +166,40 @@ module ListIndexMut_IndexMut goto BB4 } BB4 { - switch ([#"../list_index_mut.rs" 49 10 49 16] ix > ([#"../list_index_mut.rs" 49 15 49 16] [#"../list_index_mut.rs" 49 15 49 16] (0 : usize))) + switch ([#"../list_index_mut.rs" 49 10 49 16] ([#"../list_index_mut.rs" 49 10 49 12] ix) > ([#"../list_index_mut.rs" 49 15 49 16] [#"../list_index_mut.rs" 49 15 49 16] (0 : usize))) | False -> goto BB8 | True -> goto BB5 end } BB5 { - _25 <- Borrow.borrow_mut (ListIndexMut_List_Type.list_1 ( * l)); - l <- { l with current = (let ListIndexMut_List_Type.C_List x0 x1 = * l in ListIndexMut_List_Type.C_List x0 ( ^ _25)) }; - _24 <- ([#"../list_index_mut.rs" 50 12 50 24] as_mut0 _25); + [#"../list_index_mut.rs" 50 12 50 24] _25 <- Borrow.borrow_mut (ListIndexMut_List_Type.list_1 ( * l)); + [#"../list_index_mut.rs" 50 12 50 24] l <- { l with current = (let ListIndexMut_List_Type.C_List x0 x1 = * l in ListIndexMut_List_Type.C_List x0 ( ^ _25)) }; + [#"../list_index_mut.rs" 50 12 50 24] _24 <- ([#"../list_index_mut.rs" 50 12 50 24] as_mut0 _25); _25 <- any borrowed (Core_Option_Option_Type.t_option (ListIndexMut_List_Type.t_list)); goto BB6 } BB6 { - _23 <- ([#"../list_index_mut.rs" 50 12 50 33] unwrap0 _24); + [#"../list_index_mut.rs" 50 12 50 33] _23 <- ([#"../list_index_mut.rs" 50 12 50 33] unwrap0 _24); _24 <- any Core_Option_Option_Type.t_option (borrowed (ListIndexMut_List_Type.t_list)); goto BB7 } BB7 { - _22 <- Borrow.borrow_mut ( * _23); - _23 <- { _23 with current = ^ _22 }; + [#"../list_index_mut.rs" 50 12 50 33] _22 <- Borrow.borrow_mut ( * _23); + [#"../list_index_mut.rs" 50 12 50 33] _23 <- { _23 with current = ^ _22 }; assume { resolve1 l }; - l <- _22; - _22 <- any borrowed (ListIndexMut_List_Type.t_list); + [#"../list_index_mut.rs" 50 8 50 33] l <- ([#"../list_index_mut.rs" 50 8 50 33] _22); + [#"../list_index_mut.rs" 50 8 50 33] _22 <- any borrowed (ListIndexMut_List_Type.t_list); assume { resolve2 _23 }; - ix <- ([#"../list_index_mut.rs" 52 8 52 15] ix - ([#"../list_index_mut.rs" 52 14 52 15] [#"../list_index_mut.rs" 52 14 52 15] (1 : usize))); + [#"../list_index_mut.rs" 52 8 52 15] ix <- ([#"../list_index_mut.rs" 52 8 52 15] ix - ([#"../list_index_mut.rs" 52 14 52 15] [#"../list_index_mut.rs" 52 14 52 15] (1 : usize))); goto BB3 } BB8 { - _29 <- Borrow.borrow_mut (ListIndexMut_List_Type.list_0 ( * l)); - l <- { l with current = (let ListIndexMut_List_Type.C_List x0 x1 = * l in ListIndexMut_List_Type.C_List ( ^ _29) x1) }; - _3 <- Borrow.borrow_mut ( * _29); - _29 <- { _29 with current = ^ _3 }; - _0 <- Borrow.borrow_mut ( * _3); - _3 <- { _3 with current = ^ _0 }; + [#"../list_index_mut.rs" 55 4 55 12] _29 <- Borrow.borrow_mut (ListIndexMut_List_Type.list_0 ( * l)); + [#"../list_index_mut.rs" 55 4 55 12] l <- { l with current = (let ListIndexMut_List_Type.C_List x0 x1 = * l in ListIndexMut_List_Type.C_List ( ^ _29) x1) }; + [#"../list_index_mut.rs" 55 4 55 12] _3 <- Borrow.borrow_mut ( * _29); + [#"../list_index_mut.rs" 55 4 55 12] _29 <- { _29 with current = ^ _3 }; + [#"../list_index_mut.rs" 55 4 55 12] _0 <- Borrow.borrow_mut ( * _3); + [#"../list_index_mut.rs" 55 4 55 12] _3 <- { _3 with current = ^ _0 }; assume { resolve0 _29 }; assume { resolve0 _3 }; assume { resolve1 l }; @@ -271,17 +271,17 @@ module ListIndexMut_Write goto BB0 } BB0 { - _10 <- Borrow.borrow_mut ( * l); - l <- { l with current = ^ _10 }; - _9 <- ([#"../list_index_mut.rs" 64 5 64 21] index_mut0 _10 ix); + [#"../list_index_mut.rs" 64 15 64 16] _10 <- Borrow.borrow_mut ( * l); + [#"../list_index_mut.rs" 64 15 64 16] l <- { l with current = ^ _10 }; + [#"../list_index_mut.rs" 64 5 64 21] _9 <- ([#"../list_index_mut.rs" 64 5 64 21] index_mut0 _10 ([#"../list_index_mut.rs" 64 18 64 20] ix)); _10 <- any borrowed (ListIndexMut_List_Type.t_list); goto BB1 } BB1 { - _9 <- { _9 with current = v }; + [#"../list_index_mut.rs" 64 4 64 25] _9 <- { _9 with current = ([#"../list_index_mut.rs" 64 24 64 25] v) }; assume { resolve0 _9 }; assume { resolve1 l }; - _0 <- ([#"../list_index_mut.rs" 63 46 65 1] ()); + [#"../list_index_mut.rs" 63 46 65 1] _0 <- ([#"../list_index_mut.rs" 63 46 65 1] ()); return _0 } @@ -347,21 +347,21 @@ module ListIndexMut_F goto BB3 } BB3 { - l <- ([#"../list_index_mut.rs" 68 16 68 55] ListIndexMut_List_Type.C_List ([#"../list_index_mut.rs" 68 21 68 22] [#"../list_index_mut.rs" 68 21 68 22] (1 : uint32)) ([#"../list_index_mut.rs" 68 24 68 54] Core_Option_Option_Type.C_Some ([#"../list_index_mut.rs" 68 38 68 52] ListIndexMut_List_Type.C_List ([#"../list_index_mut.rs" 68 43 68 45] [#"../list_index_mut.rs" 68 43 68 45] (10 : uint32)) ([#"../list_index_mut.rs" 68 47 68 51] Core_Option_Option_Type.C_None)))); + [#"../list_index_mut.rs" 68 16 68 55] l <- ([#"../list_index_mut.rs" 68 16 68 55] ListIndexMut_List_Type.C_List ([#"../list_index_mut.rs" 68 21 68 22] [#"../list_index_mut.rs" 68 21 68 22] (1 : uint32)) ([#"../list_index_mut.rs" 68 24 68 54] Core_Option_Option_Type.C_Some ([#"../list_index_mut.rs" 68 38 68 52] ListIndexMut_List_Type.C_List ([#"../list_index_mut.rs" 68 43 68 45] [#"../list_index_mut.rs" 68 43 68 45] (10 : uint32)) ([#"../list_index_mut.rs" 68 47 68 51] Core_Option_Option_Type.C_None)))); goto BB4 } BB4 { - _8 <- Borrow.borrow_mut l; - l <- ^ _8; - _7 <- Borrow.borrow_mut ( * _8); - _8 <- { _8 with current = ^ _7 }; - _6 <- ([#"../list_index_mut.rs" 69 4 69 23] write0 _7 ([#"../list_index_mut.rs" 69 18 69 19] [#"../list_index_mut.rs" 69 18 69 19] (0 : usize)) ([#"../list_index_mut.rs" 69 21 69 22] [#"../list_index_mut.rs" 69 21 69 22] (2 : uint32))); + [#"../list_index_mut.rs" 69 10 69 16] _8 <- Borrow.borrow_mut l; + [#"../list_index_mut.rs" 69 10 69 16] l <- ^ _8; + [#"../list_index_mut.rs" 69 10 69 16] _7 <- Borrow.borrow_mut ( * _8); + [#"../list_index_mut.rs" 69 10 69 16] _8 <- { _8 with current = ^ _7 }; + [#"../list_index_mut.rs" 69 4 69 23] _6 <- ([#"../list_index_mut.rs" 69 4 69 23] write0 _7 ([#"../list_index_mut.rs" 69 18 69 19] [#"../list_index_mut.rs" 69 18 69 19] (0 : usize)) ([#"../list_index_mut.rs" 69 21 69 22] [#"../list_index_mut.rs" 69 21 69 22] (2 : uint32))); _7 <- any borrowed (ListIndexMut_List_Type.t_list); goto BB5 } BB5 { assume { resolve0 _8 }; - _0 <- ([#"../list_index_mut.rs" 67 11 72 1] ()); + [#"../list_index_mut.rs" 67 11 72 1] _0 <- ([#"../list_index_mut.rs" 67 11 72 1] ()); goto BB6 } BB6 { diff --git a/creusot/tests/should_succeed/list_reversal_lasso.mlcfg b/creusot/tests/should_succeed/list_reversal_lasso.mlcfg index 2cd17daf58..7b2aad2834 100644 --- a/creusot/tests/should_succeed/list_reversal_lasso.mlcfg +++ b/creusot/tests/should_succeed/list_reversal_lasso.mlcfg @@ -64,7 +64,7 @@ module ListReversalLasso_Impl1_Index val inv4 (_x : Seq.seq usize) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : Seq.seq usize . inv4 x = true + axiom inv4 : forall x : Seq.seq usize . inv4 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -87,7 +87,7 @@ module ListReversalLasso_Impl1_Index val invariant3 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv3 x = true + axiom inv3 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv3 x = true predicate invariant2 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : usize) : bool @@ -97,7 +97,7 @@ module ListReversalLasso_Impl1_Index val inv2 (_x : usize) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : usize . inv2 x = true + axiom inv2 : forall x : usize . inv2 x = true predicate invariant1 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : usize) : bool @@ -107,7 +107,7 @@ module ListReversalLasso_Impl1_Index val inv1 (_x : usize) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : usize . inv1 x = true + axiom inv1 : forall x : usize . inv1 x = true predicate invariant0 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool @@ -117,7 +117,7 @@ module ListReversalLasso_Impl1_Index val inv0 (_x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use seq.Seq function index_logic1 [@inline:trivial] (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (ix : usize) : usize @@ -179,12 +179,12 @@ module ListReversalLasso_Impl1_Index goto BB0 } BB0 { - _6 <- ([#"../list_reversal_lasso.rs" 31 9 31 18] index0 ([#"../list_reversal_lasso.rs" 31 9 31 15] ListReversalLasso_Memory_Type.memory_0 self) i); + [#"../list_reversal_lasso.rs" 31 9 31 18] _6 <- ([#"../list_reversal_lasso.rs" 31 9 31 18] index0 ([#"../list_reversal_lasso.rs" 31 9 31 15] ListReversalLasso_Memory_Type.memory_0 self) ([#"../list_reversal_lasso.rs" 31 16 31 17] i)); goto BB1 } BB1 { - _5 <- ([#"../list_reversal_lasso.rs" 31 8 31 18] _6); - _0 <- ([#"../list_reversal_lasso.rs" 31 8 31 18] _5); + [#"../list_reversal_lasso.rs" 31 8 31 18] _5 <- ([#"../list_reversal_lasso.rs" 31 8 31 18] _6); + [#"../list_reversal_lasso.rs" 31 8 31 18] _0 <- ([#"../list_reversal_lasso.rs" 31 8 31 18] _5); return _0 } @@ -201,7 +201,7 @@ module ListReversalLasso_Impl2_IndexMut val inv4 (_x : Seq.seq usize) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : Seq.seq usize . inv4 x = true + axiom inv4 : forall x : Seq.seq usize . inv4 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -224,7 +224,7 @@ module ListReversalLasso_Impl2_IndexMut val invariant3 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv3 x = true + axiom inv3 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv3 x = true use prelude.Borrow predicate invariant2 (self : borrowed usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -235,7 +235,7 @@ module ListReversalLasso_Impl2_IndexMut val inv2 (_x : borrowed usize) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : borrowed usize . inv2 x = true + axiom inv2 : forall x : borrowed usize . inv2 x = true predicate invariant1 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : usize) : bool @@ -245,7 +245,7 @@ module ListReversalLasso_Impl2_IndexMut val inv1 (_x : usize) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : usize . inv1 x = true + axiom inv1 : forall x : usize . inv1 x = true predicate invariant0 (self : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool @@ -255,7 +255,7 @@ module ListReversalLasso_Impl2_IndexMut val inv0 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv0 x = true + axiom inv0 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv0 x = true use seq.Seq function index_logic1 [@inline:trivial] (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (ix : usize) : usize @@ -341,19 +341,19 @@ module ListReversalLasso_Impl2_IndexMut goto BB0 } BB0 { - _11 <- Borrow.borrow_mut (ListReversalLasso_Memory_Type.memory_0 ( * self)); - self <- { self with current = (let ListReversalLasso_Memory_Type.C_Memory x0 = * self in ListReversalLasso_Memory_Type.C_Memory ( ^ _11)) }; - _10 <- ([#"../list_reversal_lasso.rs" 42 13 42 22] index_mut0 _11 i); + [#"../list_reversal_lasso.rs" 42 13 42 19] _11 <- Borrow.borrow_mut (ListReversalLasso_Memory_Type.memory_0 ( * self)); + [#"../list_reversal_lasso.rs" 42 13 42 19] self <- { self with current = (let ListReversalLasso_Memory_Type.C_Memory x0 = * self in ListReversalLasso_Memory_Type.C_Memory ( ^ _11)) }; + [#"../list_reversal_lasso.rs" 42 13 42 22] _10 <- ([#"../list_reversal_lasso.rs" 42 13 42 22] index_mut0 _11 ([#"../list_reversal_lasso.rs" 42 20 42 21] i)); _11 <- any borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)); goto BB1 } BB1 { - _9 <- Borrow.borrow_mut ( * _10); - _10 <- { _10 with current = ^ _9 }; - _3 <- Borrow.borrow_mut ( * _9); - _9 <- { _9 with current = ^ _3 }; - _0 <- Borrow.borrow_mut ( * _3); - _3 <- { _3 with current = ^ _0 }; + [#"../list_reversal_lasso.rs" 42 8 42 22] _9 <- Borrow.borrow_mut ( * _10); + [#"../list_reversal_lasso.rs" 42 8 42 22] _10 <- { _10 with current = ^ _9 }; + [#"../list_reversal_lasso.rs" 42 8 42 22] _3 <- Borrow.borrow_mut ( * _9); + [#"../list_reversal_lasso.rs" 42 8 42 22] _9 <- { _9 with current = ^ _3 }; + [#"../list_reversal_lasso.rs" 42 8 42 22] _0 <- Borrow.borrow_mut ( * _3); + [#"../list_reversal_lasso.rs" 42 8 42 22] _3 <- { _3 with current = ^ _0 }; assume { resolve0 _10 }; assume { resolve0 _9 }; assume { resolve0 _3 }; @@ -374,7 +374,7 @@ module ListReversalLasso_Impl4_ListReversalSafe val inv1 (_x : Seq.seq usize) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : Seq.seq usize . inv1 x = true + axiom inv1 : forall x : Seq.seq usize . inv1 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -397,7 +397,7 @@ module ListReversalLasso_Impl4_ListReversalSafe val invariant0 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use prelude.Borrow predicate resolve1 (self : borrowed usize) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self @@ -469,7 +469,7 @@ module ListReversalLasso_Impl4_ListReversalSafe goto BB0 } BB0 { - r <- ([#"../list_reversal_lasso.rs" 66 20 66 24] [#"../list_reversal_lasso.rs" 66 20 66 24] (18446744073709551615 : usize)); + [#"../list_reversal_lasso.rs" 66 20 66 24] r <- ([#"../list_reversal_lasso.rs" 66 20 66 24] [#"../list_reversal_lasso.rs" 66 20 66 24] (18446744073709551615 : usize)); goto BB1 } BB1 { @@ -479,33 +479,33 @@ module ListReversalLasso_Impl4_ListReversalSafe goto BB2 } BB2 { - switch ([#"../list_reversal_lasso.rs" 71 14 71 23] l <> ([#"../list_reversal_lasso.rs" 71 19 71 23] [#"../list_reversal_lasso.rs" 71 19 71 23] (18446744073709551615 : usize))) + switch ([#"../list_reversal_lasso.rs" 71 14 71 23] ([#"../list_reversal_lasso.rs" 71 14 71 15] l) <> ([#"../list_reversal_lasso.rs" 71 19 71 23] [#"../list_reversal_lasso.rs" 71 19 71 23] (18446744073709551615 : usize))) | False -> goto BB6 | True -> goto BB3 end } BB3 { - tmp <- l; - _16 <- ([#"../list_reversal_lasso.rs" 73 16 73 23] index0 ([#"../list_reversal_lasso.rs" 73 16 73 20] * self) l); + [#"../list_reversal_lasso.rs" 72 22 72 23] tmp <- ([#"../list_reversal_lasso.rs" 72 22 72 23] l); + [#"../list_reversal_lasso.rs" 73 16 73 23] _16 <- ([#"../list_reversal_lasso.rs" 73 16 73 23] index0 ([#"../list_reversal_lasso.rs" 73 16 73 20] * self) ([#"../list_reversal_lasso.rs" 73 21 73 22] l)); goto BB4 } BB4 { - l <- _16; - _21 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _21 }; - _20 <- ([#"../list_reversal_lasso.rs" 74 12 74 21] index_mut0 _21 tmp); + [#"../list_reversal_lasso.rs" 73 12 73 23] l <- ([#"../list_reversal_lasso.rs" 73 16 73 23] _16); + [#"../list_reversal_lasso.rs" 74 12 74 16] _21 <- Borrow.borrow_mut ( * self); + [#"../list_reversal_lasso.rs" 74 12 74 16] self <- { self with current = ^ _21 }; + [#"../list_reversal_lasso.rs" 74 12 74 21] _20 <- ([#"../list_reversal_lasso.rs" 74 12 74 21] index_mut0 _21 ([#"../list_reversal_lasso.rs" 74 17 74 20] tmp)); _21 <- any borrowed (ListReversalLasso_Memory_Type.t_memory); goto BB5 } BB5 { - _20 <- { _20 with current = r }; + [#"../list_reversal_lasso.rs" 74 12 74 25] _20 <- { _20 with current = ([#"../list_reversal_lasso.rs" 74 24 74 25] r) }; assume { resolve1 _20 }; - r <- tmp; + [#"../list_reversal_lasso.rs" 75 12 75 19] r <- ([#"../list_reversal_lasso.rs" 75 16 75 19] tmp); goto BB1 } BB6 { assume { resolve0 self }; - _0 <- r; + [#"../list_reversal_lasso.rs" 77 15 77 16] _0 <- ([#"../list_reversal_lasso.rs" 77 15 77 16] r); return _0 } @@ -522,7 +522,7 @@ module ListReversalLasso_Impl4_ListReversalList val inv3 (_x : Seq.seq usize) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : Seq.seq usize . inv3 x = true + axiom inv3 : forall x : Seq.seq usize . inv3 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -545,7 +545,7 @@ module ListReversalLasso_Impl4_ListReversalList val invariant2 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv2 x = true + axiom inv2 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv2 x = true predicate invariant1 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : usize) : bool @@ -555,7 +555,7 @@ module ListReversalLasso_Impl4_ListReversalList val inv1 (_x : usize) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : usize . inv1 x = true + axiom inv1 : forall x : usize . inv1 x = true use prelude.Borrow predicate invariant0 (self : borrowed usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -566,7 +566,7 @@ module ListReversalLasso_Impl4_ListReversalList val inv0 (_x : borrowed usize) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : borrowed usize . inv0 x = true + axiom inv0 : forall x : borrowed usize . inv0 x = true use seq.Seq function index_logic2 [@inline:trivial] (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (ix : usize) : usize @@ -668,8 +668,8 @@ module ListReversalLasso_Impl4_ListReversalList goto BB0 } BB0 { - r <- ([#"../list_reversal_lasso.rs" 100 20 100 24] [#"../list_reversal_lasso.rs" 100 20 100 24] (18446744073709551615 : usize)); - n <- ([#"../list_reversal_lasso.rs" 101 20 101 29] Ghost.new 0); + [#"../list_reversal_lasso.rs" 100 20 100 24] r <- ([#"../list_reversal_lasso.rs" 100 20 100 24] [#"../list_reversal_lasso.rs" 100 20 100 24] (18446744073709551615 : usize)); + [#"../list_reversal_lasso.rs" 101 20 101 29] n <- ([#"../list_reversal_lasso.rs" 101 20 101 29] Ghost.new 0); goto BB1 } BB1 { @@ -682,34 +682,34 @@ module ListReversalLasso_Impl4_ListReversalList goto BB3 } BB3 { - switch ([#"../list_reversal_lasso.rs" 107 14 107 23] l <> ([#"../list_reversal_lasso.rs" 107 19 107 23] [#"../list_reversal_lasso.rs" 107 19 107 23] (18446744073709551615 : usize))) + switch ([#"../list_reversal_lasso.rs" 107 14 107 23] ([#"../list_reversal_lasso.rs" 107 14 107 15] l) <> ([#"../list_reversal_lasso.rs" 107 19 107 23] [#"../list_reversal_lasso.rs" 107 19 107 23] (18446744073709551615 : usize))) | False -> goto BB9 | True -> goto BB4 end } BB4 { - _21 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _21 }; - _20 <- ([#"../list_reversal_lasso.rs" 108 39 108 46] index_mut0 _21 l); + [#"../list_reversal_lasso.rs" 108 39 108 43] _21 <- Borrow.borrow_mut ( * self); + [#"../list_reversal_lasso.rs" 108 39 108 43] self <- { self with current = ^ _21 }; + [#"../list_reversal_lasso.rs" 108 39 108 46] _20 <- ([#"../list_reversal_lasso.rs" 108 39 108 46] index_mut0 _21 ([#"../list_reversal_lasso.rs" 108 44 108 45] l)); _21 <- any borrowed (ListReversalLasso_Memory_Type.t_memory); goto BB5 } BB5 { - _19 <- Borrow.borrow_mut ( * _20); - _20 <- { _20 with current = ^ _19 }; - _18 <- Borrow.borrow_mut ( * _19); - _19 <- { _19 with current = ^ _18 }; - _25 <- Borrow.borrow_mut r; - r <- ^ _25; - _24 <- Borrow.borrow_mut ( * _25); - _25 <- { _25 with current = ^ _24 }; - _23 <- ([#"../list_reversal_lasso.rs" 108 48 108 76] replace0 _24 l); + [#"../list_reversal_lasso.rs" 108 34 108 46] _19 <- Borrow.borrow_mut ( * _20); + [#"../list_reversal_lasso.rs" 108 34 108 46] _20 <- { _20 with current = ^ _19 }; + [#"../list_reversal_lasso.rs" 108 34 108 46] _18 <- Borrow.borrow_mut ( * _19); + [#"../list_reversal_lasso.rs" 108 34 108 46] _19 <- { _19 with current = ^ _18 }; + [#"../list_reversal_lasso.rs" 108 66 108 72] _25 <- Borrow.borrow_mut r; + [#"../list_reversal_lasso.rs" 108 66 108 72] r <- ^ _25; + [#"../list_reversal_lasso.rs" 108 66 108 72] _24 <- Borrow.borrow_mut ( * _25); + [#"../list_reversal_lasso.rs" 108 66 108 72] _25 <- { _25 with current = ^ _24 }; + [#"../list_reversal_lasso.rs" 108 48 108 76] _23 <- ([#"../list_reversal_lasso.rs" 108 48 108 76] replace0 _24 ([#"../list_reversal_lasso.rs" 108 74 108 75] l)); _24 <- any borrowed usize; goto BB6 } BB6 { assume { resolve1 _25 }; - _17 <- ([#"../list_reversal_lasso.rs" 108 16 108 77] replace0 _18 _23); + [#"../list_reversal_lasso.rs" 108 16 108 77] _17 <- ([#"../list_reversal_lasso.rs" 108 16 108 77] replace0 _18 _23); _18 <- any borrowed usize; _23 <- any usize; goto BB7 @@ -717,19 +717,19 @@ module ListReversalLasso_Impl4_ListReversalList BB7 { assume { resolve1 _20 }; assume { resolve1 _19 }; - l <- _17; - _17 <- any usize; - _27 <- ([#"../list_reversal_lasso.rs" 109 16 109 30] Ghost.new (Ghost.inner n + 1)); + [#"../list_reversal_lasso.rs" 108 12 108 77] l <- ([#"../list_reversal_lasso.rs" 108 12 108 77] _17); + [#"../list_reversal_lasso.rs" 108 12 108 77] _17 <- any usize; + [#"../list_reversal_lasso.rs" 109 16 109 30] _27 <- ([#"../list_reversal_lasso.rs" 109 16 109 30] Ghost.new (Ghost.inner n + 1)); goto BB8 } BB8 { - n <- _27; - _27 <- any Ghost.ghost_ty int; + [#"../list_reversal_lasso.rs" 109 12 109 30] n <- ([#"../list_reversal_lasso.rs" 109 12 109 30] _27); + [#"../list_reversal_lasso.rs" 109 12 109 30] _27 <- any Ghost.ghost_ty int; goto BB2 } BB9 { assume { resolve0 self }; - _0 <- r; + [#"../list_reversal_lasso.rs" 111 15 111 16] _0 <- ([#"../list_reversal_lasso.rs" 111 15 111 16] r); return _0 } @@ -746,7 +746,7 @@ module ListReversalLasso_Impl4_ListReversalLoop val inv3 (_x : Seq.seq usize) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : Seq.seq usize . inv3 x = true + axiom inv3 : forall x : Seq.seq usize . inv3 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -769,7 +769,7 @@ module ListReversalLasso_Impl4_ListReversalLoop val invariant2 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv2 x = true + axiom inv2 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv2 x = true predicate invariant1 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : usize) : bool @@ -779,7 +779,7 @@ module ListReversalLasso_Impl4_ListReversalLoop val inv1 (_x : usize) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : usize . inv1 x = true + axiom inv1 : forall x : usize . inv1 x = true use prelude.Borrow predicate invariant0 (self : borrowed usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -790,7 +790,7 @@ module ListReversalLasso_Impl4_ListReversalLoop val inv0 (_x : borrowed usize) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : borrowed usize . inv0 x = true + axiom inv0 : forall x : borrowed usize . inv0 x = true use seq.Seq function index_logic3 [@inline:trivial] (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (ix : usize) : usize @@ -901,8 +901,8 @@ module ListReversalLasso_Impl4_ListReversalLoop goto BB0 } BB0 { - r <- ([#"../list_reversal_lasso.rs" 126 20 126 24] [#"../list_reversal_lasso.rs" 126 20 126 24] (18446744073709551615 : usize)); - n <- ([#"../list_reversal_lasso.rs" 127 20 127 29] Ghost.new 0); + [#"../list_reversal_lasso.rs" 126 20 126 24] r <- ([#"../list_reversal_lasso.rs" 126 20 126 24] [#"../list_reversal_lasso.rs" 126 20 126 24] (18446744073709551615 : usize)); + [#"../list_reversal_lasso.rs" 127 20 127 29] n <- ([#"../list_reversal_lasso.rs" 127 20 127 29] Ghost.new 0); goto BB1 } BB1 { @@ -916,35 +916,35 @@ module ListReversalLasso_Impl4_ListReversalLoop goto BB3 } BB3 { - switch ([#"../list_reversal_lasso.rs" 137 14 137 23] l <> ([#"../list_reversal_lasso.rs" 137 19 137 23] [#"../list_reversal_lasso.rs" 137 19 137 23] (18446744073709551615 : usize))) + switch ([#"../list_reversal_lasso.rs" 137 14 137 23] ([#"../list_reversal_lasso.rs" 137 14 137 15] l) <> ([#"../list_reversal_lasso.rs" 137 19 137 23] [#"../list_reversal_lasso.rs" 137 19 137 23] (18446744073709551615 : usize))) | False -> goto BB9 | True -> goto BB4 end } BB4 { assert { [@expl:assertion] [#"../list_reversal_lasso.rs" 138 12 138 77] Ghost.inner n = Seq.length (Ghost.inner s) -> l = Seq.get (Reverse.reverse (Ghost.inner s)) (Seq.length (Ghost.inner s) - 1) }; - _25 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _25 }; - _24 <- ([#"../list_reversal_lasso.rs" 139 39 139 46] index_mut0 _25 l); + [#"../list_reversal_lasso.rs" 139 39 139 43] _25 <- Borrow.borrow_mut ( * self); + [#"../list_reversal_lasso.rs" 139 39 139 43] self <- { self with current = ^ _25 }; + [#"../list_reversal_lasso.rs" 139 39 139 46] _24 <- ([#"../list_reversal_lasso.rs" 139 39 139 46] index_mut0 _25 ([#"../list_reversal_lasso.rs" 139 44 139 45] l)); _25 <- any borrowed (ListReversalLasso_Memory_Type.t_memory); goto BB5 } BB5 { - _23 <- Borrow.borrow_mut ( * _24); - _24 <- { _24 with current = ^ _23 }; - _22 <- Borrow.borrow_mut ( * _23); - _23 <- { _23 with current = ^ _22 }; - _29 <- Borrow.borrow_mut r; - r <- ^ _29; - _28 <- Borrow.borrow_mut ( * _29); - _29 <- { _29 with current = ^ _28 }; - _27 <- ([#"../list_reversal_lasso.rs" 139 48 139 76] replace0 _28 l); + [#"../list_reversal_lasso.rs" 139 34 139 46] _23 <- Borrow.borrow_mut ( * _24); + [#"../list_reversal_lasso.rs" 139 34 139 46] _24 <- { _24 with current = ^ _23 }; + [#"../list_reversal_lasso.rs" 139 34 139 46] _22 <- Borrow.borrow_mut ( * _23); + [#"../list_reversal_lasso.rs" 139 34 139 46] _23 <- { _23 with current = ^ _22 }; + [#"../list_reversal_lasso.rs" 139 66 139 72] _29 <- Borrow.borrow_mut r; + [#"../list_reversal_lasso.rs" 139 66 139 72] r <- ^ _29; + [#"../list_reversal_lasso.rs" 139 66 139 72] _28 <- Borrow.borrow_mut ( * _29); + [#"../list_reversal_lasso.rs" 139 66 139 72] _29 <- { _29 with current = ^ _28 }; + [#"../list_reversal_lasso.rs" 139 48 139 76] _27 <- ([#"../list_reversal_lasso.rs" 139 48 139 76] replace0 _28 ([#"../list_reversal_lasso.rs" 139 74 139 75] l)); _28 <- any borrowed usize; goto BB6 } BB6 { assume { resolve1 _29 }; - _21 <- ([#"../list_reversal_lasso.rs" 139 16 139 77] replace0 _22 _27); + [#"../list_reversal_lasso.rs" 139 16 139 77] _21 <- ([#"../list_reversal_lasso.rs" 139 16 139 77] replace0 _22 _27); _22 <- any borrowed usize; _27 <- any usize; goto BB7 @@ -952,14 +952,14 @@ module ListReversalLasso_Impl4_ListReversalLoop BB7 { assume { resolve1 _24 }; assume { resolve1 _23 }; - l <- _21; - _21 <- any usize; - _31 <- ([#"../list_reversal_lasso.rs" 140 16 140 30] Ghost.new (Ghost.inner n + 1)); + [#"../list_reversal_lasso.rs" 139 12 139 77] l <- ([#"../list_reversal_lasso.rs" 139 12 139 77] _21); + [#"../list_reversal_lasso.rs" 139 12 139 77] _21 <- any usize; + [#"../list_reversal_lasso.rs" 140 16 140 30] _31 <- ([#"../list_reversal_lasso.rs" 140 16 140 30] Ghost.new (Ghost.inner n + 1)); goto BB8 } BB8 { - n <- _31; - _31 <- any Ghost.ghost_ty int; + [#"../list_reversal_lasso.rs" 140 12 140 30] n <- ([#"../list_reversal_lasso.rs" 140 12 140 30] _31); + [#"../list_reversal_lasso.rs" 140 12 140 30] _31 <- any Ghost.ghost_ty int; goto BB2 } BB9 { @@ -969,7 +969,7 @@ module ListReversalLasso_Impl4_ListReversalLoop else Seq.get (Reverse.reverse (Ghost.inner s)) (i - 1) ) }; - _0 <- r; + [#"../list_reversal_lasso.rs" 146 15 146 16] _0 <- ([#"../list_reversal_lasso.rs" 146 15 146 16] r); return _0 } @@ -986,7 +986,7 @@ module ListReversalLasso_Impl4_ListReversalLasso val inv3 (_x : Seq.seq usize) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : Seq.seq usize . inv3 x = true + axiom inv3 : forall x : Seq.seq usize . inv3 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -1009,7 +1009,7 @@ module ListReversalLasso_Impl4_ListReversalLasso val invariant2 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv2 x = true + axiom inv2 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv2 x = true predicate invariant1 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : usize) : bool @@ -1019,7 +1019,7 @@ module ListReversalLasso_Impl4_ListReversalLasso val inv1 (_x : usize) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : usize . inv1 x = true + axiom inv1 : forall x : usize . inv1 x = true use prelude.Borrow predicate invariant0 (self : borrowed usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1030,7 +1030,7 @@ module ListReversalLasso_Impl4_ListReversalLasso val inv0 (_x : borrowed usize) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : borrowed usize . inv0 x = true + axiom inv0 : forall x : borrowed usize . inv0 x = true use seq.Seq function index_logic3 [@inline:trivial] (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (ix : usize) : usize @@ -1142,8 +1142,8 @@ module ListReversalLasso_Impl4_ListReversalLasso goto BB0 } BB0 { - r <- ([#"../list_reversal_lasso.rs" 169 20 169 24] [#"../list_reversal_lasso.rs" 169 20 169 24] (18446744073709551615 : usize)); - n <- ([#"../list_reversal_lasso.rs" 170 20 170 29] Ghost.new 0); + [#"../list_reversal_lasso.rs" 169 20 169 24] r <- ([#"../list_reversal_lasso.rs" 169 20 169 24] [#"../list_reversal_lasso.rs" 169 20 169 24] (18446744073709551615 : usize)); + [#"../list_reversal_lasso.rs" 170 20 170 29] n <- ([#"../list_reversal_lasso.rs" 170 20 170 29] Ghost.new 0); goto BB1 } BB1 { @@ -1165,34 +1165,34 @@ module ListReversalLasso_Impl4_ListReversalLasso goto BB3 } BB3 { - switch ([#"../list_reversal_lasso.rs" 190 14 190 23] l <> ([#"../list_reversal_lasso.rs" 190 19 190 23] [#"../list_reversal_lasso.rs" 190 19 190 23] (18446744073709551615 : usize))) + switch ([#"../list_reversal_lasso.rs" 190 14 190 23] ([#"../list_reversal_lasso.rs" 190 14 190 15] l) <> ([#"../list_reversal_lasso.rs" 190 19 190 23] [#"../list_reversal_lasso.rs" 190 19 190 23] (18446744073709551615 : usize))) | False -> goto BB9 | True -> goto BB4 end } BB4 { - _23 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _23 }; - _22 <- ([#"../list_reversal_lasso.rs" 191 39 191 46] index_mut0 _23 l); + [#"../list_reversal_lasso.rs" 191 39 191 43] _23 <- Borrow.borrow_mut ( * self); + [#"../list_reversal_lasso.rs" 191 39 191 43] self <- { self with current = ^ _23 }; + [#"../list_reversal_lasso.rs" 191 39 191 46] _22 <- ([#"../list_reversal_lasso.rs" 191 39 191 46] index_mut0 _23 ([#"../list_reversal_lasso.rs" 191 44 191 45] l)); _23 <- any borrowed (ListReversalLasso_Memory_Type.t_memory); goto BB5 } BB5 { - _21 <- Borrow.borrow_mut ( * _22); - _22 <- { _22 with current = ^ _21 }; - _20 <- Borrow.borrow_mut ( * _21); - _21 <- { _21 with current = ^ _20 }; - _27 <- Borrow.borrow_mut r; - r <- ^ _27; - _26 <- Borrow.borrow_mut ( * _27); - _27 <- { _27 with current = ^ _26 }; - _25 <- ([#"../list_reversal_lasso.rs" 191 48 191 76] replace0 _26 l); + [#"../list_reversal_lasso.rs" 191 34 191 46] _21 <- Borrow.borrow_mut ( * _22); + [#"../list_reversal_lasso.rs" 191 34 191 46] _22 <- { _22 with current = ^ _21 }; + [#"../list_reversal_lasso.rs" 191 34 191 46] _20 <- Borrow.borrow_mut ( * _21); + [#"../list_reversal_lasso.rs" 191 34 191 46] _21 <- { _21 with current = ^ _20 }; + [#"../list_reversal_lasso.rs" 191 66 191 72] _27 <- Borrow.borrow_mut r; + [#"../list_reversal_lasso.rs" 191 66 191 72] r <- ^ _27; + [#"../list_reversal_lasso.rs" 191 66 191 72] _26 <- Borrow.borrow_mut ( * _27); + [#"../list_reversal_lasso.rs" 191 66 191 72] _27 <- { _27 with current = ^ _26 }; + [#"../list_reversal_lasso.rs" 191 48 191 76] _25 <- ([#"../list_reversal_lasso.rs" 191 48 191 76] replace0 _26 ([#"../list_reversal_lasso.rs" 191 74 191 75] l)); _26 <- any borrowed usize; goto BB6 } BB6 { assume { resolve1 _27 }; - _19 <- ([#"../list_reversal_lasso.rs" 191 16 191 77] replace0 _20 _25); + [#"../list_reversal_lasso.rs" 191 16 191 77] _19 <- ([#"../list_reversal_lasso.rs" 191 16 191 77] replace0 _20 _25); _20 <- any borrowed usize; _25 <- any usize; goto BB7 @@ -1200,19 +1200,19 @@ module ListReversalLasso_Impl4_ListReversalLasso BB7 { assume { resolve1 _22 }; assume { resolve1 _21 }; - l <- _19; - _19 <- any usize; - _29 <- ([#"../list_reversal_lasso.rs" 192 16 192 30] Ghost.new (Ghost.inner n + 1)); + [#"../list_reversal_lasso.rs" 191 12 191 77] l <- ([#"../list_reversal_lasso.rs" 191 12 191 77] _19); + [#"../list_reversal_lasso.rs" 191 12 191 77] _19 <- any usize; + [#"../list_reversal_lasso.rs" 192 16 192 30] _29 <- ([#"../list_reversal_lasso.rs" 192 16 192 30] Ghost.new (Ghost.inner n + 1)); goto BB8 } BB8 { - n <- _29; - _29 <- any Ghost.ghost_ty int; + [#"../list_reversal_lasso.rs" 192 12 192 30] n <- ([#"../list_reversal_lasso.rs" 192 12 192 30] _29); + [#"../list_reversal_lasso.rs" 192 12 192 30] _29 <- any Ghost.ghost_ty int; goto BB2 } BB9 { assume { resolve0 self }; - _0 <- r; + [#"../list_reversal_lasso.rs" 194 15 194 16] _0 <- ([#"../list_reversal_lasso.rs" 194 15 194 16] r); return _0 } @@ -1306,7 +1306,7 @@ module ListReversalLasso_Impl4_FindLassoAux_Impl val inv1 (_x : Seq.seq usize) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : Seq.seq usize . inv1 x = true + axiom inv1 : forall x : Seq.seq usize . inv1 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -1329,7 +1329,7 @@ module ListReversalLasso_Impl4_FindLassoAux_Impl val invariant0 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use prelude.Int use seq.Seq use Core_Option_Option_Type as Core_Option_Option_Type @@ -1470,7 +1470,7 @@ module ListReversalLasso_Impl4_FindLasso_Impl val inv1 (_x : Seq.seq usize) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : Seq.seq usize . inv1 x = true + axiom inv1 : forall x : Seq.seq usize . inv1 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -1493,7 +1493,7 @@ module ListReversalLasso_Impl4_FindLasso_Impl val invariant0 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../list_reversal_lasso.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use prelude.Int use seq.Seq use Core_Option_Option_Type as Core_Option_Option_Type diff --git a/creusot/tests/should_succeed/loop.mlcfg b/creusot/tests/should_succeed/loop.mlcfg index 9f1545e5a8..a1dbb9c526 100644 --- a/creusot/tests/should_succeed/loop.mlcfg +++ b/creusot/tests/should_succeed/loop.mlcfg @@ -17,10 +17,10 @@ module Loop_F goto BB0 } BB0 { - a <- ([#"../loop.rs" 4 16 4 18] [#"../loop.rs" 4 16 4 18] (10 : int32)); - b <- Borrow.borrow_mut a; - a <- ^ b; - b <- { b with current = ([#"../loop.rs" 6 9 6 10] [#"../loop.rs" 6 9 6 10] (5 : int32)) }; + [#"../loop.rs" 4 16 4 18] a <- ([#"../loop.rs" 4 16 4 18] [#"../loop.rs" 4 16 4 18] (10 : int32)); + [#"../loop.rs" 5 12 5 18] b <- Borrow.borrow_mut a; + [#"../loop.rs" 5 12 5 18] a <- ^ b; + [#"../loop.rs" 6 4 6 10] b <- { b with current = ([#"../loop.rs" 6 4 6 10] [#"../loop.rs" 6 9 6 10] (5 : int32)) }; assume { resolve0 b }; goto BB1 } @@ -34,7 +34,7 @@ module Loop_F end } BB3 { - _0 <- ([#"../loop.rs" 3 11 13 1] ()); + [#"../loop.rs" 3 11 13 1] _0 <- ([#"../loop.rs" 3 11 13 1] ()); return _0 } BB4 { diff --git a/creusot/tests/should_succeed/mapping_test.mlcfg b/creusot/tests/should_succeed/mapping_test.mlcfg index 52855ef0d8..4e84ba49a1 100644 --- a/creusot/tests/should_succeed/mapping_test.mlcfg +++ b/creusot/tests/should_succeed/mapping_test.mlcfg @@ -65,14 +65,14 @@ module MappingTest_Incr goto BB0 } BB0 { - old_t <- ([#"../mapping_test.rs" 31 16 31 25] Ghost.new t); + [#"../mapping_test.rs" 31 16 31 25] old_t <- ([#"../mapping_test.rs" 31 16 31 25] Ghost.new t); goto BB1 } BB1 { - t <- { t with current = (let MappingTest_T_Type.C_T x0 = * t in MappingTest_T_Type.C_T ([#"../mapping_test.rs" 32 4 32 15] MappingTest_T_Type.t_a ( * t) + ([#"../mapping_test.rs" 32 14 32 15] [#"../mapping_test.rs" 32 14 32 15] (1 : int32)))) }; + [#"../mapping_test.rs" 32 4 32 15] t <- { t with current = (let MappingTest_T_Type.C_T x0 = * t in MappingTest_T_Type.C_T ([#"../mapping_test.rs" 32 4 32 15] MappingTest_T_Type.t_a ( * t) + ([#"../mapping_test.rs" 32 14 32 15] [#"../mapping_test.rs" 32 14 32 15] (1 : int32)))) }; assume { resolve0 t }; assert { [@expl:assertion] [#"../mapping_test.rs" 35 19 35 50] shallow_model0 ( ^ t) = Map.set (shallow_model1 old_t) (Int32.to_int (MappingTest_T_Type.t_a ( * Ghost.inner old_t))) 1 }; - _0 <- ([#"../mapping_test.rs" 30 19 36 1] ()); + [#"../mapping_test.rs" 30 19 36 1] _0 <- ([#"../mapping_test.rs" 30 19 36 1] ()); return _0 } @@ -122,14 +122,14 @@ module MappingTest_F goto BB0 } BB0 { - x <- ([#"../mapping_test.rs" 39 16 39 27] MappingTest_T_Type.C_T ([#"../mapping_test.rs" 39 23 39 25] [#"../mapping_test.rs" 39 23 39 25] (42 : int32))); + [#"../mapping_test.rs" 39 16 39 27] x <- ([#"../mapping_test.rs" 39 16 39 27] MappingTest_T_Type.C_T ([#"../mapping_test.rs" 39 23 39 25] [#"../mapping_test.rs" 39 23 39 25] (42 : int32))); assert { [@expl:assertion] [#"../mapping_test.rs" 40 19 40 34] Map.get (shallow_model0 x) 13 = 1 }; assert { [@expl:assertion] [#"../mapping_test.rs" 41 19 41 34] Map.get (shallow_model0 x) 42 = 0 }; - _8 <- Borrow.borrow_mut x; - x <- ^ _8; - _7 <- Borrow.borrow_mut ( * _8); - _8 <- { _8 with current = ^ _7 }; - _6 <- ([#"../mapping_test.rs" 42 4 42 16] incr0 _7); + [#"../mapping_test.rs" 42 9 42 15] _8 <- Borrow.borrow_mut x; + [#"../mapping_test.rs" 42 9 42 15] x <- ^ _8; + [#"../mapping_test.rs" 42 9 42 15] _7 <- Borrow.borrow_mut ( * _8); + [#"../mapping_test.rs" 42 9 42 15] _8 <- { _8 with current = ^ _7 }; + [#"../mapping_test.rs" 42 4 42 16] _6 <- ([#"../mapping_test.rs" 42 4 42 16] incr0 _7); _7 <- any borrowed (MappingTest_T_Type.t_t); goto BB1 } @@ -137,7 +137,7 @@ module MappingTest_F assume { resolve0 _8 }; assert { [@expl:assertion] [#"../mapping_test.rs" 43 19 43 34] Map.get (shallow_model0 x) 13 = 1 }; assert { [@expl:assertion] [#"../mapping_test.rs" 44 19 44 34] Map.get (shallow_model0 x) 42 = 1 }; - _0 <- ([#"../mapping_test.rs" 38 11 45 1] ()); + [#"../mapping_test.rs" 38 11 45 1] _0 <- ([#"../mapping_test.rs" 38 11 45 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/match_int.mlcfg b/creusot/tests/should_succeed/match_int.mlcfg index 069aebbc25..d3ae415a53 100644 --- a/creusot/tests/should_succeed/match_int.mlcfg +++ b/creusot/tests/should_succeed/match_int.mlcfg @@ -10,7 +10,7 @@ module MatchInt_F goto BB0 } BB0 { - _1 <- ([#"../match_int.rs" 8 10 8 11] [#"../match_int.rs" 8 10 8 11] (1 : int32)); + [#"../match_int.rs" 8 10 8 11] _1 <- ([#"../match_int.rs" 8 10 8 11] [#"../match_int.rs" 8 10 8 11] (1 : int32)); switch ([#"../match_int.rs" 9 8 9 13] ([#"../match_int.rs" 9 8 9 13] [#"../match_int.rs" 9 8 9 13] (0 : int32)) <= _1) | False -> goto BB3 | True -> goto BB1 @@ -53,10 +53,11 @@ module MatchInt_F end } BB8 { + assert { [#"../match_int.rs" 10 12 10 25] false }; absurd } BB9 { - _0 <- ([#"../match_int.rs" 10 25 10 25] ()); + [#"../match_int.rs" 10 25 10 25] _0 <- ([#"../match_int.rs" 10 25 10 25] ()); goto BB15 } BB10 { @@ -66,17 +67,19 @@ module MatchInt_F end } BB11 { + assert { [#"../match_int.rs" 13 12 13 26] false }; absurd } BB12 { - _0 <- ([#"../match_int.rs" 13 26 13 26] ()); + [#"../match_int.rs" 13 26 13 26] _0 <- ([#"../match_int.rs" 13 26 13 26] ()); goto BB15 } BB13 { + assert { [#"../match_int.rs" 16 12 16 26] false }; absurd } BB14 { - _0 <- ([#"../match_int.rs" 16 26 16 26] ()); + [#"../match_int.rs" 16 26 16 26] _0 <- ([#"../match_int.rs" 16 26 16 26] ()); goto BB15 } BB15 { diff --git a/creusot/tests/should_succeed/match_int/why3shapes.gz b/creusot/tests/should_succeed/match_int/why3shapes.gz index 1563e82295..3fe316370b 100644 Binary files a/creusot/tests/should_succeed/match_int/why3shapes.gz and b/creusot/tests/should_succeed/match_int/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/mc91.mlcfg b/creusot/tests/should_succeed/mc91.mlcfg index 7c20c88b0d..d9c36fda93 100644 --- a/creusot/tests/should_succeed/mc91.mlcfg +++ b/creusot/tests/should_succeed/mc91.mlcfg @@ -13,21 +13,21 @@ module Mc91_Mc91 goto BB0 } BB0 { - switch ([#"../mc91.rs" 8 7 8 14] x > ([#"../mc91.rs" 8 11 8 14] [#"../mc91.rs" 8 11 8 14] (100 : uint32))) + switch ([#"../mc91.rs" 8 7 8 14] ([#"../mc91.rs" 8 7 8 8] x) > ([#"../mc91.rs" 8 11 8 14] [#"../mc91.rs" 8 11 8 14] (100 : uint32))) | False -> goto BB2 | True -> goto BB1 end } BB1 { - _0 <- ([#"../mc91.rs" 9 8 9 14] x - ([#"../mc91.rs" 9 12 9 14] [#"../mc91.rs" 9 12 9 14] (10 : uint32))); + [#"../mc91.rs" 9 8 9 14] _0 <- ([#"../mc91.rs" 9 8 9 14] ([#"../mc91.rs" 9 8 9 9] x) - ([#"../mc91.rs" 9 12 9 14] [#"../mc91.rs" 9 12 9 14] (10 : uint32))); goto BB5 } BB2 { - _6 <- ([#"../mc91.rs" 11 13 11 25] mc91 ([#"../mc91.rs" 11 18 11 24] x + ([#"../mc91.rs" 11 22 11 24] [#"../mc91.rs" 11 22 11 24] (11 : uint32)))); + [#"../mc91.rs" 11 13 11 25] _6 <- ([#"../mc91.rs" 11 13 11 25] mc91 ([#"../mc91.rs" 11 18 11 24] ([#"../mc91.rs" 11 18 11 19] x) + ([#"../mc91.rs" 11 22 11 24] [#"../mc91.rs" 11 22 11 24] (11 : uint32)))); goto BB3 } BB3 { - _0 <- ([#"../mc91.rs" 11 8 11 26] mc91 _6); + [#"../mc91.rs" 11 8 11 26] _0 <- ([#"../mc91.rs" 11 8 11 26] mc91 _6); _6 <- any uint32; goto BB4 } diff --git a/creusot/tests/should_succeed/mutex.mlcfg b/creusot/tests/should_succeed/mutex.mlcfg index 39b6c62444..e6f4cdbf35 100644 --- a/creusot/tests/should_succeed/mutex.mlcfg +++ b/creusot/tests/should_succeed/mutex.mlcfg @@ -57,7 +57,7 @@ module Mutex_Impl3_Call val inv6 (_x : uint32) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../mutex.rs" 1 0 1 0] forall x : uint32 . inv6 x = true + axiom inv6 : forall x : uint32 . inv6 x = true use Mutex_Even_Type as Mutex_Even_Type use Mutex_MutexGuard_Type as Mutex_MutexGuard_Type use prelude.Borrow @@ -70,7 +70,7 @@ module Mutex_Impl3_Call val inv5 (_x : borrowed (Mutex_MutexGuard_Type.t_mutexguard uint32 (Mutex_Even_Type.t_even))) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../mutex.rs" 1 0 1 0] forall x : borrowed (Mutex_MutexGuard_Type.t_mutexguard uint32 (Mutex_Even_Type.t_even)) . inv5 x = true + axiom inv5 : forall x : borrowed (Mutex_MutexGuard_Type.t_mutexguard uint32 (Mutex_Even_Type.t_even)) . inv5 x = true predicate invariant3 (self : uint32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : uint32) : bool @@ -80,7 +80,7 @@ module Mutex_Impl3_Call val inv4 (_x : uint32) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../mutex.rs" 1 0 1 0] forall x : uint32 . inv4 x = true + axiom inv4 : forall x : uint32 . inv4 x = true predicate invariant2 (self : Mutex_MutexGuard_Type.t_mutexguard uint32 (Mutex_Even_Type.t_even)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : Mutex_MutexGuard_Type.t_mutexguard uint32 (Mutex_Even_Type.t_even)) : bool @@ -90,7 +90,7 @@ module Mutex_Impl3_Call val inv2 (_x : Mutex_MutexGuard_Type.t_mutexguard uint32 (Mutex_Even_Type.t_even)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../mutex.rs" 1 0 1 0] forall x : Mutex_MutexGuard_Type.t_mutexguard uint32 (Mutex_Even_Type.t_even) . inv2 x = true + axiom inv2 : forall x : Mutex_MutexGuard_Type.t_mutexguard uint32 (Mutex_Even_Type.t_even) . inv2 x = true predicate invariant1 (self : Mutex_MutexGuard_Type.t_mutexguard uint32 (Mutex_Even_Type.t_even)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : Mutex_MutexGuard_Type.t_mutexguard uint32 (Mutex_Even_Type.t_even)) : bool @@ -100,7 +100,7 @@ module Mutex_Impl3_Call val inv1 (_x : Mutex_MutexGuard_Type.t_mutexguard uint32 (Mutex_Even_Type.t_even)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../mutex.rs" 1 0 1 0] forall x : Mutex_MutexGuard_Type.t_mutexguard uint32 (Mutex_Even_Type.t_even) . inv1 x = true + axiom inv1 : forall x : Mutex_MutexGuard_Type.t_mutexguard uint32 (Mutex_Even_Type.t_even) . inv1 x = true use Mutex_Mutex_Type as Mutex_Mutex_Type predicate invariant0 (self : Mutex_Mutex_Type.t_mutex uint32 (Mutex_Even_Type.t_even)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -111,7 +111,7 @@ module Mutex_Impl3_Call val inv0 (_x : Mutex_Mutex_Type.t_mutex uint32 (Mutex_Even_Type.t_even)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../mutex.rs" 1 0 1 0] forall x : Mutex_Mutex_Type.t_mutex uint32 (Mutex_Even_Type.t_even) . inv0 x = true + axiom inv0 : forall x : Mutex_Mutex_Type.t_mutex uint32 (Mutex_Even_Type.t_even) . inv0 x = true use prelude.Int predicate inv3 [#"../mutex.rs" 66 4 66 33] (self : Mutex_Even_Type.t_even) (x : uint32) = [#"../mutex.rs" 67 8 67 24] mod x (2 : uint32) = (0 : uint32) @@ -151,40 +151,40 @@ module Mutex_Impl3_Call goto BB0 } BB0 { - v <- ([#"../mutex.rs" 101 20 101 37] lock0 ([#"../mutex.rs" 101 20 101 37] Mutex_AddsTwo_Type.addstwo_mutex self)); + [#"../mutex.rs" 101 20 101 37] v <- ([#"../mutex.rs" 101 20 101 37] lock0 ([#"../mutex.rs" 101 20 101 37] Mutex_AddsTwo_Type.addstwo_mutex self)); goto BB1 } BB1 { - _5 <- ([#"../mutex.rs" 102 19 102 28] deref0 ([#"../mutex.rs" 102 19 102 28] v)); + [#"../mutex.rs" 102 19 102 28] _5 <- ([#"../mutex.rs" 102 19 102 28] deref0 ([#"../mutex.rs" 102 19 102 28] v)); goto BB2 } BB2 { - val' <- _5; - switch ([#"../mutex.rs" 103 11 103 23] val' < ([#"../mutex.rs" 103 17 103 23] [#"../mutex.rs" 103 17 103 23] (100000 : uint32))) + [#"../mutex.rs" 102 18 102 28] val' <- ([#"../mutex.rs" 102 18 102 28] _5); + switch ([#"../mutex.rs" 103 11 103 23] ([#"../mutex.rs" 103 11 103 14] val') < ([#"../mutex.rs" 103 17 103 23] [#"../mutex.rs" 103 17 103 23] (100000 : uint32))) | False -> goto BB5 | True -> goto BB3 end } BB3 { - _10 <- Borrow.borrow_mut v; - v <- ^ _10; - _9 <- ([#"../mutex.rs" 104 12 104 26] set0 _10 ([#"../mutex.rs" 104 18 104 25] val' + ([#"../mutex.rs" 104 24 104 25] [#"../mutex.rs" 104 24 104 25] (2 : uint32)))); + [#"../mutex.rs" 104 12 104 26] _10 <- Borrow.borrow_mut v; + [#"../mutex.rs" 104 12 104 26] v <- ^ _10; + [#"../mutex.rs" 104 12 104 26] _9 <- ([#"../mutex.rs" 104 12 104 26] set0 _10 ([#"../mutex.rs" 104 18 104 25] ([#"../mutex.rs" 104 18 104 21] val') + ([#"../mutex.rs" 104 24 104 25] [#"../mutex.rs" 104 24 104 25] (2 : uint32)))); _10 <- any borrowed (Mutex_MutexGuard_Type.t_mutexguard uint32 (Mutex_Even_Type.t_even)); goto BB4 } BB4 { - _0 <- ([#"../mutex.rs" 103 24 105 9] ()); + [#"../mutex.rs" 103 24 105 9] _0 <- ([#"../mutex.rs" 103 24 105 9] ()); goto BB7 } BB5 { - _14 <- Borrow.borrow_mut v; - v <- ^ _14; - _13 <- ([#"../mutex.rs" 106 12 106 20] set0 _14 ([#"../mutex.rs" 106 18 106 19] [#"../mutex.rs" 106 18 106 19] (0 : uint32))); + [#"../mutex.rs" 106 12 106 20] _14 <- Borrow.borrow_mut v; + [#"../mutex.rs" 106 12 106 20] v <- ^ _14; + [#"../mutex.rs" 106 12 106 20] _13 <- ([#"../mutex.rs" 106 12 106 20] set0 _14 ([#"../mutex.rs" 106 18 106 19] [#"../mutex.rs" 106 18 106 19] (0 : uint32))); _14 <- any borrowed (Mutex_MutexGuard_Type.t_mutexguard uint32 (Mutex_Even_Type.t_even)); goto BB6 } BB6 { - _0 <- ([#"../mutex.rs" 105 15 107 9] ()); + [#"../mutex.rs" 105 15 107 9] _0 <- ([#"../mutex.rs" 105 15 107 9] ()); goto BB7 } BB7 { @@ -264,7 +264,7 @@ module Mutex_Concurrent val inv9 (_x : Core_Result_Result_Type.t_result () ()) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../mutex.rs" 1 0 1 0] forall x : Core_Result_Result_Type.t_result () () . inv9 x = true + axiom inv9 : forall x : Core_Result_Result_Type.t_result () () . inv9 x = true use Mutex_AddsTwo_Type as Mutex_AddsTwo_Type use Mutex_SpawnPostCond_Type as Mutex_SpawnPostCond_Type use Mutex_JoinHandle_Type as Mutex_JoinHandle_Type @@ -280,7 +280,7 @@ module Mutex_Concurrent val inv7 (_x : Mutex_JoinHandle_Type.t_joinhandle () (Mutex_SpawnPostCond_Type.t_spawnpostcond (Mutex_AddsTwo_Type.t_addstwo))) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../mutex.rs" 1 0 1 0] forall x : Mutex_JoinHandle_Type.t_joinhandle () (Mutex_SpawnPostCond_Type.t_spawnpostcond (Mutex_AddsTwo_Type.t_addstwo)) . inv7 x = true + axiom inv7 : forall x : Mutex_JoinHandle_Type.t_joinhandle () (Mutex_SpawnPostCond_Type.t_spawnpostcond (Mutex_AddsTwo_Type.t_addstwo)) . inv7 x = true predicate invariant5 (self : Mutex_AddsTwo_Type.t_addstwo) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant5 (self : Mutex_AddsTwo_Type.t_addstwo) : bool @@ -290,7 +290,7 @@ module Mutex_Concurrent val inv6 (_x : Mutex_AddsTwo_Type.t_addstwo) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../mutex.rs" 1 0 1 0] forall x : Mutex_AddsTwo_Type.t_addstwo . inv6 x = true + axiom inv6 : forall x : Mutex_AddsTwo_Type.t_addstwo . inv6 x = true use Mutex_Even_Type as Mutex_Even_Type use prelude.UInt32 use Mutex_Mutex_Type as Mutex_Mutex_Type @@ -304,7 +304,7 @@ module Mutex_Concurrent val inv5 (_x : borrowed (Mutex_Mutex_Type.t_mutex uint32 (Mutex_Even_Type.t_even))) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../mutex.rs" 1 0 1 0] forall x : borrowed (Mutex_Mutex_Type.t_mutex uint32 (Mutex_Even_Type.t_even)) . inv5 x = true + axiom inv5 : forall x : borrowed (Mutex_Mutex_Type.t_mutex uint32 (Mutex_Even_Type.t_even)) . inv5 x = true predicate invariant3 (self : Mutex_Mutex_Type.t_mutex uint32 (Mutex_Even_Type.t_even)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : Mutex_Mutex_Type.t_mutex uint32 (Mutex_Even_Type.t_even)) : bool @@ -315,7 +315,7 @@ module Mutex_Concurrent ensures { result = inv4 _x } use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - axiom inv4 : [#"../mutex.rs" 1 0 1 0] forall x : Mutex_Mutex_Type.t_mutex uint32 (Mutex_Even_Type.t_even) . inv4 x = true + axiom inv4 : forall x : Mutex_Mutex_Type.t_mutex uint32 (Mutex_Even_Type.t_even) . inv4 x = true predicate invariant2 (self : Mutex_Mutex_Type.t_mutex uint32 (Mutex_Even_Type.t_even)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : Mutex_Mutex_Type.t_mutex uint32 (Mutex_Even_Type.t_even)) : bool @@ -325,7 +325,7 @@ module Mutex_Concurrent val inv3 (_x : Mutex_Mutex_Type.t_mutex uint32 (Mutex_Even_Type.t_even)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../mutex.rs" 1 0 1 0] forall x : Mutex_Mutex_Type.t_mutex uint32 (Mutex_Even_Type.t_even) . inv3 x = true + axiom inv3 : forall x : Mutex_Mutex_Type.t_mutex uint32 (Mutex_Even_Type.t_even) . inv3 x = true predicate invariant1 (self : Mutex_Even_Type.t_even) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : Mutex_Even_Type.t_even) : bool @@ -335,7 +335,7 @@ module Mutex_Concurrent val inv2 (_x : Mutex_Even_Type.t_even) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../mutex.rs" 1 0 1 0] forall x : Mutex_Even_Type.t_even . inv2 x = true + axiom inv2 : forall x : Mutex_Even_Type.t_even . inv2 x = true predicate invariant0 (self : uint32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : uint32) : bool @@ -345,7 +345,7 @@ module Mutex_Concurrent val inv1 (_x : uint32) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../mutex.rs" 1 0 1 0] forall x : uint32 . inv1 x = true + axiom inv1 : forall x : uint32 . inv1 x = true predicate postcondition0 [#"../mutex.rs" 96 4 96 41] (self : Mutex_AddsTwo_Type.t_addstwo) (_2 : ()) = [#"../mutex.rs" 97 8 97 12] true val postcondition0 [#"../mutex.rs" 96 4 96 41] (self : Mutex_AddsTwo_Type.t_addstwo) (_2 : ()) : bool @@ -417,45 +417,45 @@ module Mutex_Concurrent goto BB0 } BB0 { - _4 <- ([#"../mutex.rs" 164 38 164 57] new0 ([#"../mutex.rs" 164 49 164 50] [#"../mutex.rs" 164 49 164 50] (0 : uint32)) ([#"../mutex.rs" 164 52 164 56] Mutex_Even_Type.C_Even)); + [#"../mutex.rs" 164 38 164 57] _4 <- ([#"../mutex.rs" 164 38 164 57] new0 ([#"../mutex.rs" 164 49 164 50] [#"../mutex.rs" 164 49 164 50] (0 : uint32)) ([#"../mutex.rs" 164 52 164 56] Mutex_Even_Type.C_Even)); goto BB1 } BB1 { goto BB2 } BB2 { - _2 <- ([#"../mutex.rs" 164 24 164 59] leak0 _4); + [#"../mutex.rs" 164 24 164 59] _2 <- ([#"../mutex.rs" 164 24 164 59] leak0 _4); _4 <- any Mutex_Mutex_Type.t_mutex uint32 (Mutex_Even_Type.t_even); goto BB3 } BB3 { - m <- ([#"../mutex.rs" 164 24 164 59] * _2); + [#"../mutex.rs" 164 24 164 59] m <- ([#"../mutex.rs" 164 24 164 59] * _2); assume { resolve0 _2 }; - _8 <- ([#"../mutex.rs" 165 30 165 32] m); - t1 <- ([#"../mutex.rs" 165 13 165 34] Mutex_AddsTwo_Type.C_AddsTwo ([#"../mutex.rs" 165 30 165 32] _8)); - j1 <- ([#"../mutex.rs" 166 13 166 22] spawn0 t1); - t1 <- any Mutex_AddsTwo_Type.t_addstwo; + [#"../mutex.rs" 165 30 165 32] _8 <- ([#"../mutex.rs" 165 30 165 32] m); + [#"../mutex.rs" 165 13 165 34] t1 <- ([#"../mutex.rs" 165 13 165 34] Mutex_AddsTwo_Type.C_AddsTwo ([#"../mutex.rs" 165 30 165 32] _8)); + [#"../mutex.rs" 166 13 166 22] j1 <- ([#"../mutex.rs" 166 13 166 22] spawn0 ([#"../mutex.rs" 166 19 166 21] t1)); + [#"../mutex.rs" 166 19 166 21] t1 <- any Mutex_AddsTwo_Type.t_addstwo; goto BB4 } BB4 { - _13 <- ([#"../mutex.rs" 167 30 167 32] m); - t2 <- ([#"../mutex.rs" 167 13 167 34] Mutex_AddsTwo_Type.C_AddsTwo ([#"../mutex.rs" 167 30 167 32] _13)); - j2 <- ([#"../mutex.rs" 168 13 168 22] spawn0 t2); - t2 <- any Mutex_AddsTwo_Type.t_addstwo; + [#"../mutex.rs" 167 30 167 32] _13 <- ([#"../mutex.rs" 167 30 167 32] m); + [#"../mutex.rs" 167 13 167 34] t2 <- ([#"../mutex.rs" 167 13 167 34] Mutex_AddsTwo_Type.C_AddsTwo ([#"../mutex.rs" 167 30 167 32] _13)); + [#"../mutex.rs" 168 13 168 22] j2 <- ([#"../mutex.rs" 168 13 168 22] spawn0 ([#"../mutex.rs" 168 19 168 21] t2)); + [#"../mutex.rs" 168 19 168 21] t2 <- any Mutex_AddsTwo_Type.t_addstwo; goto BB5 } BB5 { - _16 <- ([#"../mutex.rs" 171 12 171 21] join0 j1); - j1 <- any Mutex_JoinHandle_Type.t_joinhandle () (Mutex_SpawnPostCond_Type.t_spawnpostcond (Mutex_AddsTwo_Type.t_addstwo)); + [#"../mutex.rs" 171 12 171 21] _16 <- ([#"../mutex.rs" 171 12 171 21] join0 ([#"../mutex.rs" 171 12 171 14] j1)); + [#"../mutex.rs" 171 12 171 14] j1 <- any Mutex_JoinHandle_Type.t_joinhandle () (Mutex_SpawnPostCond_Type.t_spawnpostcond (Mutex_AddsTwo_Type.t_addstwo)); goto BB6 } BB6 { - _18 <- ([#"../mutex.rs" 172 12 172 21] join0 j2); - j2 <- any Mutex_JoinHandle_Type.t_joinhandle () (Mutex_SpawnPostCond_Type.t_spawnpostcond (Mutex_AddsTwo_Type.t_addstwo)); + [#"../mutex.rs" 172 12 172 21] _18 <- ([#"../mutex.rs" 172 12 172 21] join0 ([#"../mutex.rs" 172 12 172 14] j2)); + [#"../mutex.rs" 172 12 172 14] j2 <- any Mutex_JoinHandle_Type.t_joinhandle () (Mutex_SpawnPostCond_Type.t_spawnpostcond (Mutex_AddsTwo_Type.t_addstwo)); goto BB7 } BB7 { - _0 <- ([#"../mutex.rs" 163 20 175 1] ()); + [#"../mutex.rs" 163 20 175 1] _0 <- ([#"../mutex.rs" 163 20 175 1] ()); goto BB8 } BB8 { @@ -482,7 +482,7 @@ module Mutex_Impl3 val inv1 (_x : ()) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../mutex.rs" 1 0 1 0] forall x : () . inv1 x = true + axiom inv1 : forall x : () . inv1 x = true use Mutex_AddsTwo_Type as Mutex_AddsTwo_Type predicate invariant0 (self : Mutex_AddsTwo_Type.t_addstwo) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -493,7 +493,7 @@ module Mutex_Impl3 val inv0 (_x : Mutex_AddsTwo_Type.t_addstwo) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../mutex.rs" 1 0 1 0] forall x : Mutex_AddsTwo_Type.t_addstwo . inv0 x = true + axiom inv0 : forall x : Mutex_AddsTwo_Type.t_addstwo . inv0 x = true predicate postcondition0 [#"../mutex.rs" 96 4 96 41] (self : Mutex_AddsTwo_Type.t_addstwo) (_2 : ()) = [#"../mutex.rs" 97 8 97 12] true val postcondition0 [#"../mutex.rs" 96 4 96 41] (self : Mutex_AddsTwo_Type.t_addstwo) (_2 : ()) : bool diff --git a/creusot/tests/should_succeed/one_side_update.mlcfg b/creusot/tests/should_succeed/one_side_update.mlcfg index aa31f50313..d4e11bdb10 100644 --- a/creusot/tests/should_succeed/one_side_update.mlcfg +++ b/creusot/tests/should_succeed/one_side_update.mlcfg @@ -25,9 +25,9 @@ module OneSideUpdate_F goto BB0 } BB0 { - a <- ([#"../one_side_update.rs" 6 16 6 25] OneSideUpdate_MyInt_Type.C_MyInt ([#"../one_side_update.rs" 6 22 6 24] [#"../one_side_update.rs" 6 22 6 24] (10 : usize))); - b <- Borrow.borrow_mut a; - a <- ^ b; + [#"../one_side_update.rs" 6 16 6 25] a <- ([#"../one_side_update.rs" 6 16 6 25] OneSideUpdate_MyInt_Type.C_MyInt ([#"../one_side_update.rs" 6 22 6 24] [#"../one_side_update.rs" 6 22 6 24] (10 : usize))); + [#"../one_side_update.rs" 7 12 7 18] b <- Borrow.borrow_mut a; + [#"../one_side_update.rs" 7 12 7 18] a <- ^ b; switch ([#"../one_side_update.rs" 8 7 8 11] [#"../one_side_update.rs" 8 7 8 11] true) | False -> goto BB2 | True -> goto BB1 @@ -35,13 +35,13 @@ module OneSideUpdate_F } BB1 { assume { resolve0 b }; - _0 <- ([#"../one_side_update.rs" 8 12 10 5] ()); + [#"../one_side_update.rs" 8 12 10 5] _0 <- ([#"../one_side_update.rs" 8 12 10 5] ()); goto BB3 } BB2 { - b <- { b with current = ([#"../one_side_update.rs" 11 13 11 21] OneSideUpdate_MyInt_Type.C_MyInt ([#"../one_side_update.rs" 11 19 11 20] [#"../one_side_update.rs" 11 19 11 20] (5 : usize))) }; + [#"../one_side_update.rs" 11 8 11 21] b <- { b with current = ([#"../one_side_update.rs" 11 13 11 21] OneSideUpdate_MyInt_Type.C_MyInt ([#"../one_side_update.rs" 11 19 11 20] [#"../one_side_update.rs" 11 19 11 20] (5 : usize))) }; assume { resolve0 b }; - _0 <- ([#"../one_side_update.rs" 10 11 12 5] ()); + [#"../one_side_update.rs" 10 11 12 5] _0 <- ([#"../one_side_update.rs" 10 11 12 5] ()); goto BB3 } BB3 { diff --git a/creusot/tests/should_succeed/option.mlcfg b/creusot/tests/should_succeed/option.mlcfg index f76ea6eb6d..dbc58c5ec0 100644 --- a/creusot/tests/should_succeed/option.mlcfg +++ b/creusot/tests/should_succeed/option.mlcfg @@ -17,7 +17,7 @@ module Option_TestOption val inv9 (_x : Core_Option_Option_Type.t_option int32) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../option.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int32 . inv9 x = true + axiom inv9 : forall x : Core_Option_Option_Type.t_option int32 . inv9 x = true predicate invariant8 (self : Core_Option_Option_Type.t_option int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant8 (self : Core_Option_Option_Type.t_option int32) : bool @@ -27,7 +27,7 @@ module Option_TestOption val inv8 (_x : Core_Option_Option_Type.t_option int32) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../option.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int32 . inv8 x = true + axiom inv8 : forall x : Core_Option_Option_Type.t_option int32 . inv8 x = true predicate invariant7 (self : int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant7 (self : int32) : bool @@ -37,7 +37,7 @@ module Option_TestOption val inv7 (_x : int32) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../option.rs" 1 0 1 0] forall x : int32 . inv7 x = true + axiom inv7 : forall x : int32 . inv7 x = true use prelude.Borrow predicate invariant6 (self : Core_Option_Option_Type.t_option (borrowed int32)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -48,7 +48,7 @@ module Option_TestOption val inv6 (_x : Core_Option_Option_Type.t_option (borrowed int32)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../option.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (borrowed int32) . inv6 x = true + axiom inv6 : forall x : Core_Option_Option_Type.t_option (borrowed int32) . inv6 x = true predicate invariant5 (self : Core_Option_Option_Type.t_option (borrowed int32)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant5 (self : Core_Option_Option_Type.t_option (borrowed int32)) : bool @@ -58,7 +58,7 @@ module Option_TestOption val inv5 (_x : Core_Option_Option_Type.t_option (borrowed int32)) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../option.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (borrowed int32) . inv5 x = true + axiom inv5 : forall x : Core_Option_Option_Type.t_option (borrowed int32) . inv5 x = true predicate invariant4 (self : borrowed int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant4 (self : borrowed int32) : bool @@ -68,7 +68,7 @@ module Option_TestOption val inv4 (_x : borrowed int32) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../option.rs" 1 0 1 0] forall x : borrowed int32 . inv4 x = true + axiom inv4 : forall x : borrowed int32 . inv4 x = true predicate invariant3 (self : borrowed (Core_Option_Option_Type.t_option int32)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : borrowed (Core_Option_Option_Type.t_option int32)) : bool @@ -78,7 +78,7 @@ module Option_TestOption val inv3 (_x : borrowed (Core_Option_Option_Type.t_option int32)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../option.rs" 1 0 1 0] forall x : borrowed (Core_Option_Option_Type.t_option int32) . inv3 x = true + axiom inv3 : forall x : borrowed (Core_Option_Option_Type.t_option int32) . inv3 x = true predicate invariant2 (self : int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : int32) : bool @@ -88,7 +88,7 @@ module Option_TestOption val inv2 (_x : int32) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../option.rs" 1 0 1 0] forall x : int32 . inv2 x = true + axiom inv2 : forall x : int32 . inv2 x = true predicate invariant1 (self : Core_Option_Option_Type.t_option int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : Core_Option_Option_Type.t_option int32) : bool @@ -98,7 +98,7 @@ module Option_TestOption val inv1 (_x : Core_Option_Option_Type.t_option int32) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../option.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int32 . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option int32 . inv1 x = true predicate invariant0 (self : Core_Option_Option_Type.t_option int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : Core_Option_Option_Type.t_option int32) : bool @@ -108,7 +108,7 @@ module Option_TestOption val inv0 (_x : Core_Option_Option_Type.t_option int32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../option.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int32 . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option int32 . inv0 x = true val flatten0 (self : Core_Option_Option_Type.t_option (Core_Option_Option_Type.t_option int32)) : Core_Option_Option_Type.t_option int32 ensures { [#"../../../../creusot-contracts/src/std/option.rs" 108 16 108 59] self = Core_Option_Option_Type.C_None -> result = Core_Option_Option_Type.C_None } ensures { [#"../../../../creusot-contracts/src/std/option.rs" 17 0 114 1] self = Core_Option_Option_Type.C_None \/ self = Core_Option_Option_Type.C_Some result } @@ -341,17 +341,17 @@ module Option_TestOption goto BB0 } BB0 { - none <- ([#"../option.rs" 5 32 5 36] Core_Option_Option_Type.C_None); - some <- ([#"../option.rs" 6 32 6 39] Core_Option_Option_Type.C_Some ([#"../option.rs" 6 37 6 38] [#"../option.rs" 6 37 6 38] (1 : int32))); - _6 <- ([#"../option.rs" 9 12 9 26] is_some0 ([#"../option.rs" 9 12 9 26] some)); + [#"../option.rs" 5 32 5 36] none <- ([#"../option.rs" 5 32 5 36] Core_Option_Option_Type.C_None); + [#"../option.rs" 6 32 6 39] some <- ([#"../option.rs" 6 32 6 39] Core_Option_Option_Type.C_Some ([#"../option.rs" 6 37 6 38] [#"../option.rs" 6 37 6 38] (1 : int32))); + [#"../option.rs" 9 12 9 26] _6 <- ([#"../option.rs" 9 12 9 26] is_some0 ([#"../option.rs" 9 12 9 26] some)); goto BB4 } BB1 { - _5 <- ([#"../option.rs" 9 12 9 45] [#"../option.rs" 9 12 9 45] false); + [#"../option.rs" 9 12 9 45] _5 <- ([#"../option.rs" 9 12 9 45] [#"../option.rs" 9 12 9 45] false); goto BB3 } BB2 { - _9 <- ([#"../option.rs" 9 31 9 45] is_some0 ([#"../option.rs" 9 31 9 45] none)); + [#"../option.rs" 9 31 9 45] _9 <- ([#"../option.rs" 9 31 9 45] is_some0 ([#"../option.rs" 9 31 9 45] none)); goto BB5 } BB3 { @@ -367,23 +367,24 @@ module Option_TestOption end } BB5 { - _5 <- ([#"../option.rs" 9 30 9 45] not _9); + [#"../option.rs" 9 12 9 45] _5 <- ([#"../option.rs" 9 30 9 45] not _9); _9 <- any bool; goto BB3 } BB6 { + assert { [#"../option.rs" 9 4 9 46] false }; absurd } BB7 { - _15 <- ([#"../option.rs" 11 12 11 26] is_none0 ([#"../option.rs" 11 12 11 26] none)); + [#"../option.rs" 11 12 11 26] _15 <- ([#"../option.rs" 11 12 11 26] is_none0 ([#"../option.rs" 11 12 11 26] none)); goto BB11 } BB8 { - _14 <- ([#"../option.rs" 11 12 11 45] [#"../option.rs" 11 12 11 45] false); + [#"../option.rs" 11 12 11 45] _14 <- ([#"../option.rs" 11 12 11 45] [#"../option.rs" 11 12 11 45] false); goto BB10 } BB9 { - _18 <- ([#"../option.rs" 11 31 11 45] is_none0 ([#"../option.rs" 11 31 11 45] some)); + [#"../option.rs" 11 31 11 45] _18 <- ([#"../option.rs" 11 31 11 45] is_none0 ([#"../option.rs" 11 31 11 45] some)); goto BB12 } BB10 { @@ -399,15 +400,16 @@ module Option_TestOption end } BB12 { - _14 <- ([#"../option.rs" 11 30 11 45] not _18); + [#"../option.rs" 11 12 11 45] _14 <- ([#"../option.rs" 11 30 11 45] not _18); _18 <- any bool; goto BB10 } BB13 { + assert { [#"../option.rs" 11 4 11 46] false }; absurd } BB14 { - _24 <- ([#"../option.rs" 14 12 14 25] unwrap0 some); + [#"../option.rs" 14 12 14 25] _24 <- ([#"../option.rs" 14 12 14 25] unwrap0 ([#"../option.rs" 14 12 14 16] some)); goto BB15 } BB15 { @@ -417,10 +419,11 @@ module Option_TestOption end } BB16 { + assert { [#"../option.rs" 14 4 14 31] false }; absurd } BB17 { - _30 <- ([#"../option.rs" 19 12 19 29] unwrap_or0 some ([#"../option.rs" 19 27 19 28] [#"../option.rs" 19 27 19 28] (2 : int32))); + [#"../option.rs" 19 12 19 29] _30 <- ([#"../option.rs" 19 12 19 29] unwrap_or0 ([#"../option.rs" 19 12 19 16] some) ([#"../option.rs" 19 27 19 28] [#"../option.rs" 19 27 19 28] (2 : int32))); goto BB18 } BB18 { @@ -430,10 +433,11 @@ module Option_TestOption end } BB19 { + assert { [#"../option.rs" 19 4 19 35] false }; absurd } BB20 { - _36 <- ([#"../option.rs" 20 12 20 29] unwrap_or0 none ([#"../option.rs" 20 27 20 28] [#"../option.rs" 20 27 20 28] (2 : int32))); + [#"../option.rs" 20 12 20 29] _36 <- ([#"../option.rs" 20 12 20 29] unwrap_or0 ([#"../option.rs" 20 12 20 16] none) ([#"../option.rs" 20 27 20 28] [#"../option.rs" 20 27 20 28] (2 : int32))); goto BB21 } BB21 { @@ -443,17 +447,18 @@ module Option_TestOption end } BB22 { + assert { [#"../option.rs" 20 4 20 35] false }; absurd } BB23 { - _44 <- Borrow.borrow_mut none; - none <- ^ _44; - _43 <- ([#"../option.rs" 23 12 23 25] as_mut0 _44); + [#"../option.rs" 23 12 23 25] _44 <- Borrow.borrow_mut none; + [#"../option.rs" 23 12 23 25] none <- ^ _44; + [#"../option.rs" 23 12 23 25] _43 <- ([#"../option.rs" 23 12 23 25] as_mut0 _44); _44 <- any borrowed (Core_Option_Option_Type.t_option int32); goto BB24 } BB24 { - _41 <- ([#"../option.rs" 23 12 23 35] is_none1 ([#"../option.rs" 23 12 23 35] _43)); + [#"../option.rs" 23 12 23 35] _41 <- ([#"../option.rs" 23 12 23 35] is_none1 ([#"../option.rs" 23 12 23 35] _43)); goto BB25 } BB25 { @@ -463,24 +468,25 @@ module Option_TestOption end } BB26 { + assert { [#"../option.rs" 23 4 23 36] false }; absurd } BB27 { - _48 <- Borrow.borrow_mut some; - some <- ^ _48; - _47 <- ([#"../option.rs" 24 5 24 18] as_mut0 _48); + [#"../option.rs" 24 5 24 18] _48 <- Borrow.borrow_mut some; + [#"../option.rs" 24 5 24 18] some <- ^ _48; + [#"../option.rs" 24 5 24 18] _47 <- ([#"../option.rs" 24 5 24 18] as_mut0 _48); _48 <- any borrowed (Core_Option_Option_Type.t_option int32); goto BB28 } BB28 { - _46 <- ([#"../option.rs" 24 5 24 27] unwrap1 _47); + [#"../option.rs" 24 5 24 27] _46 <- ([#"../option.rs" 24 5 24 27] unwrap1 _47); _47 <- any Core_Option_Option_Type.t_option (borrowed int32); goto BB29 } BB29 { - _46 <- { _46 with current = ([#"../option.rs" 24 30 24 31] [#"../option.rs" 24 30 24 31] (2 : int32)) }; + [#"../option.rs" 24 4 24 31] _46 <- { _46 with current = ([#"../option.rs" 24 4 24 31] [#"../option.rs" 24 30 24 31] (2 : int32)) }; assume { resolve0 _46 }; - _52 <- ([#"../option.rs" 25 12 25 25] unwrap0 some); + [#"../option.rs" 25 12 25 25] _52 <- ([#"../option.rs" 25 12 25 25] unwrap0 ([#"../option.rs" 25 12 25 16] some)); goto BB30 } BB30 { @@ -490,24 +496,25 @@ module Option_TestOption end } BB31 { + assert { [#"../option.rs" 25 4 25 31] false }; absurd } BB32 { - _57 <- Borrow.borrow_mut some; - some <- ^ _57; - _56 <- ([#"../option.rs" 26 5 26 18] as_mut0 _57); + [#"../option.rs" 26 5 26 18] _57 <- Borrow.borrow_mut some; + [#"../option.rs" 26 5 26 18] some <- ^ _57; + [#"../option.rs" 26 5 26 18] _56 <- ([#"../option.rs" 26 5 26 18] as_mut0 _57); _57 <- any borrowed (Core_Option_Option_Type.t_option int32); goto BB33 } BB33 { - _55 <- ([#"../option.rs" 26 5 26 27] unwrap1 _56); + [#"../option.rs" 26 5 26 27] _55 <- ([#"../option.rs" 26 5 26 27] unwrap1 _56); _56 <- any Core_Option_Option_Type.t_option (borrowed int32); goto BB34 } BB34 { - _55 <- { _55 with current = ([#"../option.rs" 26 30 26 31] [#"../option.rs" 26 30 26 31] (1 : int32)) }; + [#"../option.rs" 26 4 26 31] _55 <- { _55 with current = ([#"../option.rs" 26 4 26 31] [#"../option.rs" 26 30 26 31] (1 : int32)) }; assume { resolve0 _55 }; - _61 <- ([#"../option.rs" 27 12 27 25] unwrap0 some); + [#"../option.rs" 27 12 27 25] _61 <- ([#"../option.rs" 27 12 27 25] unwrap0 ([#"../option.rs" 27 12 27 16] some)); goto BB35 } BB35 { @@ -517,14 +524,15 @@ module Option_TestOption end } BB36 { + assert { [#"../option.rs" 27 4 27 31] false }; absurd } BB37 { - _68 <- ([#"../option.rs" 29 12 29 25] as_ref0 ([#"../option.rs" 29 12 29 25] none)); + [#"../option.rs" 29 12 29 25] _68 <- ([#"../option.rs" 29 12 29 25] as_ref0 ([#"../option.rs" 29 12 29 25] none)); goto BB38 } BB38 { - _66 <- ([#"../option.rs" 29 12 29 35] is_none2 ([#"../option.rs" 29 12 29 35] _68)); + [#"../option.rs" 29 12 29 35] _66 <- ([#"../option.rs" 29 12 29 35] is_none2 ([#"../option.rs" 29 12 29 35] _68)); goto BB39 } BB39 { @@ -534,32 +542,34 @@ module Option_TestOption end } BB40 { + assert { [#"../option.rs" 29 4 29 36] false }; absurd } BB41 { - _76 <- ([#"../option.rs" 30 13 30 26] as_ref0 ([#"../option.rs" 30 13 30 26] some)); + [#"../option.rs" 30 13 30 26] _76 <- ([#"../option.rs" 30 13 30 26] as_ref0 ([#"../option.rs" 30 13 30 26] some)); goto BB42 } BB42 { - _75 <- ([#"../option.rs" 30 13 30 35] unwrap2 _76); + [#"../option.rs" 30 13 30 35] _75 <- ([#"../option.rs" 30 13 30 35] unwrap2 _76); _76 <- any Core_Option_Option_Type.t_option int32; goto BB43 } BB43 { - switch ([#"../option.rs" 30 4 30 41] not ([#"../option.rs" 30 12 30 40] _75 = ([#"../option.rs" 30 39 30 40] [#"../option.rs" 30 39 30 40] (1 : int32)))) + switch ([#"../option.rs" 30 4 30 41] not ([#"../option.rs" 30 12 30 40] ([#"../option.rs" 30 12 30 35] _75) = ([#"../option.rs" 30 39 30 40] [#"../option.rs" 30 39 30 40] (1 : int32)))) | False -> goto BB45 | True -> goto BB44 end } BB44 { + assert { [#"../option.rs" 30 4 30 41] false }; absurd } BB45 { - _83 <- ([#"../option.rs" 33 12 33 26] and0 none none); + [#"../option.rs" 33 12 33 26] _83 <- ([#"../option.rs" 33 12 33 26] and0 ([#"../option.rs" 33 12 33 16] none) ([#"../option.rs" 33 21 33 25] none)); goto BB46 } BB46 { - _81 <- ([#"../option.rs" 33 12 33 36] is_none0 ([#"../option.rs" 33 12 33 36] _83)); + [#"../option.rs" 33 12 33 36] _81 <- ([#"../option.rs" 33 12 33 36] is_none0 ([#"../option.rs" 33 12 33 36] _83)); goto BB47 } BB47 { @@ -569,14 +579,15 @@ module Option_TestOption end } BB48 { + assert { [#"../option.rs" 33 4 33 37] false }; absurd } BB49 { - _91 <- ([#"../option.rs" 34 12 34 29] and0 none ([#"../option.rs" 34 21 34 28] Core_Option_Option_Type.C_Some ([#"../option.rs" 34 26 34 27] [#"../option.rs" 34 26 34 27] (2 : int32)))); + [#"../option.rs" 34 12 34 29] _91 <- ([#"../option.rs" 34 12 34 29] and0 ([#"../option.rs" 34 12 34 16] none) ([#"../option.rs" 34 21 34 28] Core_Option_Option_Type.C_Some ([#"../option.rs" 34 26 34 27] [#"../option.rs" 34 26 34 27] (2 : int32)))); goto BB50 } BB50 { - _89 <- ([#"../option.rs" 34 12 34 39] is_none0 ([#"../option.rs" 34 12 34 39] _91)); + [#"../option.rs" 34 12 34 39] _89 <- ([#"../option.rs" 34 12 34 39] is_none0 ([#"../option.rs" 34 12 34 39] _91)); goto BB51 } BB51 { @@ -586,14 +597,15 @@ module Option_TestOption end } BB52 { + assert { [#"../option.rs" 34 4 34 40] false }; absurd } BB53 { - _99 <- ([#"../option.rs" 35 12 35 26] and0 some none); + [#"../option.rs" 35 12 35 26] _99 <- ([#"../option.rs" 35 12 35 26] and0 ([#"../option.rs" 35 12 35 16] some) ([#"../option.rs" 35 21 35 25] none)); goto BB54 } BB54 { - _97 <- ([#"../option.rs" 35 12 35 36] is_none0 ([#"../option.rs" 35 12 35 36] _99)); + [#"../option.rs" 35 12 35 36] _97 <- ([#"../option.rs" 35 12 35 36] is_none0 ([#"../option.rs" 35 12 35 36] _99)); goto BB55 } BB55 { @@ -603,14 +615,15 @@ module Option_TestOption end } BB56 { + assert { [#"../option.rs" 35 4 35 37] false }; absurd } BB57 { - _107 <- ([#"../option.rs" 36 12 36 29] and0 some ([#"../option.rs" 36 21 36 28] Core_Option_Option_Type.C_Some ([#"../option.rs" 36 26 36 27] [#"../option.rs" 36 26 36 27] (2 : int32)))); + [#"../option.rs" 36 12 36 29] _107 <- ([#"../option.rs" 36 12 36 29] and0 ([#"../option.rs" 36 12 36 16] some) ([#"../option.rs" 36 21 36 28] Core_Option_Option_Type.C_Some ([#"../option.rs" 36 26 36 27] [#"../option.rs" 36 26 36 27] (2 : int32)))); goto BB58 } BB58 { - _106 <- ([#"../option.rs" 36 12 36 38] unwrap0 _107); + [#"../option.rs" 36 12 36 38] _106 <- ([#"../option.rs" 36 12 36 38] unwrap0 _107); _107 <- any Core_Option_Option_Type.t_option int32; goto BB59 } @@ -621,14 +634,15 @@ module Option_TestOption end } BB60 { + assert { [#"../option.rs" 36 4 36 44] false }; absurd } BB61 { - _115 <- ([#"../option.rs" 38 12 38 25] or0 none none); + [#"../option.rs" 38 12 38 25] _115 <- ([#"../option.rs" 38 12 38 25] or0 ([#"../option.rs" 38 12 38 16] none) ([#"../option.rs" 38 20 38 24] none)); goto BB62 } BB62 { - _113 <- ([#"../option.rs" 38 12 38 35] is_none0 ([#"../option.rs" 38 12 38 35] _115)); + [#"../option.rs" 38 12 38 35] _113 <- ([#"../option.rs" 38 12 38 35] is_none0 ([#"../option.rs" 38 12 38 35] _115)); goto BB63 } BB63 { @@ -638,14 +652,15 @@ module Option_TestOption end } BB64 { + assert { [#"../option.rs" 38 4 38 36] false }; absurd } BB65 { - _123 <- ([#"../option.rs" 39 12 39 28] or0 none ([#"../option.rs" 39 20 39 27] Core_Option_Option_Type.C_Some ([#"../option.rs" 39 25 39 26] [#"../option.rs" 39 25 39 26] (2 : int32)))); + [#"../option.rs" 39 12 39 28] _123 <- ([#"../option.rs" 39 12 39 28] or0 ([#"../option.rs" 39 12 39 16] none) ([#"../option.rs" 39 20 39 27] Core_Option_Option_Type.C_Some ([#"../option.rs" 39 25 39 26] [#"../option.rs" 39 25 39 26] (2 : int32)))); goto BB66 } BB66 { - _122 <- ([#"../option.rs" 39 12 39 37] unwrap0 _123); + [#"../option.rs" 39 12 39 37] _122 <- ([#"../option.rs" 39 12 39 37] unwrap0 _123); _123 <- any Core_Option_Option_Type.t_option int32; goto BB67 } @@ -656,14 +671,15 @@ module Option_TestOption end } BB68 { + assert { [#"../option.rs" 39 4 39 43] false }; absurd } BB69 { - _131 <- ([#"../option.rs" 40 12 40 25] or0 some none); + [#"../option.rs" 40 12 40 25] _131 <- ([#"../option.rs" 40 12 40 25] or0 ([#"../option.rs" 40 12 40 16] some) ([#"../option.rs" 40 20 40 24] none)); goto BB70 } BB70 { - _130 <- ([#"../option.rs" 40 12 40 34] unwrap0 _131); + [#"../option.rs" 40 12 40 34] _130 <- ([#"../option.rs" 40 12 40 34] unwrap0 _131); _131 <- any Core_Option_Option_Type.t_option int32; goto BB71 } @@ -674,14 +690,15 @@ module Option_TestOption end } BB72 { + assert { [#"../option.rs" 40 4 40 40] false }; absurd } BB73 { - _139 <- ([#"../option.rs" 41 12 41 28] or0 some ([#"../option.rs" 41 20 41 27] Core_Option_Option_Type.C_Some ([#"../option.rs" 41 25 41 26] [#"../option.rs" 41 25 41 26] (2 : int32)))); + [#"../option.rs" 41 12 41 28] _139 <- ([#"../option.rs" 41 12 41 28] or0 ([#"../option.rs" 41 12 41 16] some) ([#"../option.rs" 41 20 41 27] Core_Option_Option_Type.C_Some ([#"../option.rs" 41 25 41 26] [#"../option.rs" 41 25 41 26] (2 : int32)))); goto BB74 } BB74 { - _138 <- ([#"../option.rs" 41 12 41 37] unwrap0 _139); + [#"../option.rs" 41 12 41 37] _138 <- ([#"../option.rs" 41 12 41 37] unwrap0 _139); _139 <- any Core_Option_Option_Type.t_option int32; goto BB75 } @@ -692,17 +709,18 @@ module Option_TestOption end } BB76 { + assert { [#"../option.rs" 41 4 41 43] false }; absurd } BB77 { - _148 <- Borrow.borrow_mut none; - none <- ^ _148; - _147 <- ([#"../option.rs" 44 12 44 23] take0 _148); + [#"../option.rs" 44 12 44 23] _148 <- Borrow.borrow_mut none; + [#"../option.rs" 44 12 44 23] none <- ^ _148; + [#"../option.rs" 44 12 44 23] _147 <- ([#"../option.rs" 44 12 44 23] take0 _148); _148 <- any borrowed (Core_Option_Option_Type.t_option int32); goto BB78 } BB78 { - _145 <- ([#"../option.rs" 44 12 44 33] is_none0 ([#"../option.rs" 44 12 44 33] _147)); + [#"../option.rs" 44 12 44 33] _145 <- ([#"../option.rs" 44 12 44 33] is_none0 ([#"../option.rs" 44 12 44 33] _147)); goto BB79 } BB79 { @@ -712,10 +730,11 @@ module Option_TestOption end } BB80 { + assert { [#"../option.rs" 44 4 44 34] false }; absurd } BB81 { - _152 <- ([#"../option.rs" 45 12 45 26] is_none0 ([#"../option.rs" 45 12 45 26] none)); + [#"../option.rs" 45 12 45 26] _152 <- ([#"../option.rs" 45 12 45 26] is_none0 ([#"../option.rs" 45 12 45 26] none)); goto BB82 } BB82 { @@ -725,17 +744,18 @@ module Option_TestOption end } BB83 { + assert { [#"../option.rs" 45 4 45 27] false }; absurd } BB84 { - _160 <- Borrow.borrow_mut some; - some <- ^ _160; - _159 <- ([#"../option.rs" 46 12 46 23] take0 _160); + [#"../option.rs" 46 12 46 23] _160 <- Borrow.borrow_mut some; + [#"../option.rs" 46 12 46 23] some <- ^ _160; + [#"../option.rs" 46 12 46 23] _159 <- ([#"../option.rs" 46 12 46 23] take0 _160); _160 <- any borrowed (Core_Option_Option_Type.t_option int32); goto BB85 } BB85 { - _158 <- ([#"../option.rs" 46 12 46 32] unwrap0 _159); + [#"../option.rs" 46 12 46 32] _158 <- ([#"../option.rs" 46 12 46 32] unwrap0 _159); _159 <- any Core_Option_Option_Type.t_option int32; goto BB86 } @@ -746,10 +766,11 @@ module Option_TestOption end } BB87 { + assert { [#"../option.rs" 46 4 46 38] false }; absurd } BB88 { - _164 <- ([#"../option.rs" 47 12 47 26] is_none0 ([#"../option.rs" 47 12 47 26] some)); + [#"../option.rs" 47 12 47 26] _164 <- ([#"../option.rs" 47 12 47 26] is_none0 ([#"../option.rs" 47 12 47 26] some)); goto BB89 } BB89 { @@ -759,18 +780,19 @@ module Option_TestOption end } BB90 { + assert { [#"../option.rs" 47 4 47 27] false }; absurd } BB91 { - some <- ([#"../option.rs" 48 11 48 18] Core_Option_Option_Type.C_Some ([#"../option.rs" 48 16 48 17] [#"../option.rs" 48 16 48 17] (1 : int32))); - _173 <- Borrow.borrow_mut none; - none <- ^ _173; - _172 <- ([#"../option.rs" 50 12 50 27] replace0 _173 ([#"../option.rs" 50 25 50 26] [#"../option.rs" 50 25 50 26] (2 : int32))); + [#"../option.rs" 48 4 48 18] some <- ([#"../option.rs" 48 11 48 18] Core_Option_Option_Type.C_Some ([#"../option.rs" 48 16 48 17] [#"../option.rs" 48 16 48 17] (1 : int32))); + [#"../option.rs" 50 12 50 27] _173 <- Borrow.borrow_mut none; + [#"../option.rs" 50 12 50 27] none <- ^ _173; + [#"../option.rs" 50 12 50 27] _172 <- ([#"../option.rs" 50 12 50 27] replace0 _173 ([#"../option.rs" 50 25 50 26] [#"../option.rs" 50 25 50 26] (2 : int32))); _173 <- any borrowed (Core_Option_Option_Type.t_option int32); goto BB92 } BB92 { - _170 <- ([#"../option.rs" 50 12 50 37] is_none0 ([#"../option.rs" 50 12 50 37] _172)); + [#"../option.rs" 50 12 50 37] _170 <- ([#"../option.rs" 50 12 50 37] is_none0 ([#"../option.rs" 50 12 50 37] _172)); goto BB93 } BB93 { @@ -780,10 +802,11 @@ module Option_TestOption end } BB94 { + assert { [#"../option.rs" 50 4 50 38] false }; absurd } BB95 { - _178 <- ([#"../option.rs" 51 12 51 25] unwrap0 none); + [#"../option.rs" 51 12 51 25] _178 <- ([#"../option.rs" 51 12 51 25] unwrap0 ([#"../option.rs" 51 12 51 16] none)); goto BB96 } BB96 { @@ -793,18 +816,19 @@ module Option_TestOption end } BB97 { + assert { [#"../option.rs" 51 4 51 31] false }; absurd } BB98 { - none <- ([#"../option.rs" 52 11 52 15] Core_Option_Option_Type.C_None); - _187 <- Borrow.borrow_mut some; - some <- ^ _187; - _186 <- ([#"../option.rs" 53 12 53 27] replace0 _187 ([#"../option.rs" 53 25 53 26] [#"../option.rs" 53 25 53 26] (2 : int32))); + [#"../option.rs" 52 4 52 15] none <- ([#"../option.rs" 52 11 52 15] Core_Option_Option_Type.C_None); + [#"../option.rs" 53 12 53 27] _187 <- Borrow.borrow_mut some; + [#"../option.rs" 53 12 53 27] some <- ^ _187; + [#"../option.rs" 53 12 53 27] _186 <- ([#"../option.rs" 53 12 53 27] replace0 _187 ([#"../option.rs" 53 25 53 26] [#"../option.rs" 53 25 53 26] (2 : int32))); _187 <- any borrowed (Core_Option_Option_Type.t_option int32); goto BB99 } BB99 { - _185 <- ([#"../option.rs" 53 12 53 36] unwrap0 _186); + [#"../option.rs" 53 12 53 36] _185 <- ([#"../option.rs" 53 12 53 36] unwrap0 _186); _186 <- any Core_Option_Option_Type.t_option int32; goto BB100 } @@ -815,10 +839,11 @@ module Option_TestOption end } BB101 { + assert { [#"../option.rs" 53 4 53 42] false }; absurd } BB102 { - _192 <- ([#"../option.rs" 54 12 54 25] unwrap0 some); + [#"../option.rs" 54 12 54 25] _192 <- ([#"../option.rs" 54 12 54 25] unwrap0 ([#"../option.rs" 54 12 54 16] some)); goto BB103 } BB103 { @@ -828,17 +853,18 @@ module Option_TestOption end } BB104 { + assert { [#"../option.rs" 54 4 54 31] false }; absurd } BB105 { - _200 <- Borrow.borrow_mut some; - some <- ^ _200; - _199 <- ([#"../option.rs" 55 12 55 27] replace0 _200 ([#"../option.rs" 55 25 55 26] [#"../option.rs" 55 25 55 26] (1 : int32))); + [#"../option.rs" 55 12 55 27] _200 <- Borrow.borrow_mut some; + [#"../option.rs" 55 12 55 27] some <- ^ _200; + [#"../option.rs" 55 12 55 27] _199 <- ([#"../option.rs" 55 12 55 27] replace0 _200 ([#"../option.rs" 55 25 55 26] [#"../option.rs" 55 25 55 26] (1 : int32))); _200 <- any borrowed (Core_Option_Option_Type.t_option int32); goto BB106 } BB106 { - _198 <- ([#"../option.rs" 55 12 55 36] unwrap0 _199); + [#"../option.rs" 55 12 55 36] _198 <- ([#"../option.rs" 55 12 55 36] unwrap0 _199); _199 <- any Core_Option_Option_Type.t_option int32; goto BB107 } @@ -849,10 +875,11 @@ module Option_TestOption end } BB108 { + assert { [#"../option.rs" 55 4 55 42] false }; absurd } BB109 { - _205 <- ([#"../option.rs" 56 12 56 25] unwrap0 some); + [#"../option.rs" 56 12 56 25] _205 <- ([#"../option.rs" 56 12 56 25] unwrap0 ([#"../option.rs" 56 12 56 16] some)); goto BB110 } BB110 { @@ -862,10 +889,11 @@ module Option_TestOption end } BB111 { + assert { [#"../option.rs" 56 4 56 31] false }; absurd } BB112 { - _211 <- ([#"../option.rs" 59 12 59 36] unwrap_or_default0 none); + [#"../option.rs" 59 12 59 36] _211 <- ([#"../option.rs" 59 12 59 36] unwrap_or_default0 ([#"../option.rs" 59 12 59 16] none)); goto BB113 } BB113 { @@ -875,10 +903,11 @@ module Option_TestOption end } BB114 { + assert { [#"../option.rs" 59 4 59 42] false }; absurd } BB115 { - _217 <- ([#"../option.rs" 60 12 60 36] unwrap_or_default0 some); + [#"../option.rs" 60 12 60 36] _217 <- ([#"../option.rs" 60 12 60 36] unwrap_or_default0 ([#"../option.rs" 60 12 60 16] some)); goto BB116 } BB116 { @@ -888,19 +917,20 @@ module Option_TestOption end } BB117 { + assert { [#"../option.rs" 60 4 60 42] false }; absurd } BB118 { - _225 <- ([#"../option.rs" 63 12 63 25] as_ref0 ([#"../option.rs" 63 12 63 25] none)); + [#"../option.rs" 63 12 63 25] _225 <- ([#"../option.rs" 63 12 63 25] as_ref0 ([#"../option.rs" 63 12 63 25] none)); goto BB119 } BB119 { - _224 <- ([#"../option.rs" 63 12 63 34] copied0 _225); + [#"../option.rs" 63 12 63 34] _224 <- ([#"../option.rs" 63 12 63 34] copied0 _225); _225 <- any Core_Option_Option_Type.t_option int32; goto BB120 } BB120 { - _222 <- ([#"../option.rs" 63 12 63 44] is_none0 ([#"../option.rs" 63 12 63 44] _224)); + [#"../option.rs" 63 12 63 44] _222 <- ([#"../option.rs" 63 12 63 44] is_none0 ([#"../option.rs" 63 12 63 44] _224)); goto BB121 } BB121 { @@ -910,19 +940,20 @@ module Option_TestOption end } BB122 { + assert { [#"../option.rs" 63 4 63 45] false }; absurd } BB123 { - _233 <- ([#"../option.rs" 64 12 64 25] as_ref0 ([#"../option.rs" 64 12 64 25] some)); + [#"../option.rs" 64 12 64 25] _233 <- ([#"../option.rs" 64 12 64 25] as_ref0 ([#"../option.rs" 64 12 64 25] some)); goto BB124 } BB124 { - _232 <- ([#"../option.rs" 64 12 64 34] copied0 _233); + [#"../option.rs" 64 12 64 34] _232 <- ([#"../option.rs" 64 12 64 34] copied0 _233); _233 <- any Core_Option_Option_Type.t_option int32; goto BB125 } BB125 { - _231 <- ([#"../option.rs" 64 12 64 43] unwrap0 _232); + [#"../option.rs" 64 12 64 43] _231 <- ([#"../option.rs" 64 12 64 43] unwrap0 _232); _232 <- any Core_Option_Option_Type.t_option int32; goto BB126 } @@ -933,22 +964,23 @@ module Option_TestOption end } BB127 { + assert { [#"../option.rs" 64 4 64 49] false }; absurd } BB128 { - _242 <- Borrow.borrow_mut none; - none <- ^ _242; - _241 <- ([#"../option.rs" 65 12 65 25] as_mut0 _242); + [#"../option.rs" 65 12 65 25] _242 <- Borrow.borrow_mut none; + [#"../option.rs" 65 12 65 25] none <- ^ _242; + [#"../option.rs" 65 12 65 25] _241 <- ([#"../option.rs" 65 12 65 25] as_mut0 _242); _242 <- any borrowed (Core_Option_Option_Type.t_option int32); goto BB129 } BB129 { - _240 <- ([#"../option.rs" 65 12 65 34] copied1 _241); + [#"../option.rs" 65 12 65 34] _240 <- ([#"../option.rs" 65 12 65 34] copied1 _241); _241 <- any Core_Option_Option_Type.t_option (borrowed int32); goto BB130 } BB130 { - _238 <- ([#"../option.rs" 65 12 65 44] is_none0 ([#"../option.rs" 65 12 65 44] _240)); + [#"../option.rs" 65 12 65 44] _238 <- ([#"../option.rs" 65 12 65 44] is_none0 ([#"../option.rs" 65 12 65 44] _240)); goto BB131 } BB131 { @@ -958,22 +990,23 @@ module Option_TestOption end } BB132 { + assert { [#"../option.rs" 65 4 65 45] false }; absurd } BB133 { - _250 <- Borrow.borrow_mut some; - some <- ^ _250; - _249 <- ([#"../option.rs" 66 12 66 25] as_mut0 _250); + [#"../option.rs" 66 12 66 25] _250 <- Borrow.borrow_mut some; + [#"../option.rs" 66 12 66 25] some <- ^ _250; + [#"../option.rs" 66 12 66 25] _249 <- ([#"../option.rs" 66 12 66 25] as_mut0 _250); _250 <- any borrowed (Core_Option_Option_Type.t_option int32); goto BB134 } BB134 { - _248 <- ([#"../option.rs" 66 12 66 34] copied1 _249); + [#"../option.rs" 66 12 66 34] _248 <- ([#"../option.rs" 66 12 66 34] copied1 _249); _249 <- any Core_Option_Option_Type.t_option (borrowed int32); goto BB135 } BB135 { - _247 <- ([#"../option.rs" 66 12 66 43] unwrap0 _248); + [#"../option.rs" 66 12 66 43] _247 <- ([#"../option.rs" 66 12 66 43] unwrap0 _248); _248 <- any Core_Option_Option_Type.t_option int32; goto BB136 } @@ -984,19 +1017,20 @@ module Option_TestOption end } BB137 { + assert { [#"../option.rs" 66 4 66 49] false }; absurd } BB138 { - _257 <- ([#"../option.rs" 68 12 68 25] as_ref0 ([#"../option.rs" 68 12 68 25] none)); + [#"../option.rs" 68 12 68 25] _257 <- ([#"../option.rs" 68 12 68 25] as_ref0 ([#"../option.rs" 68 12 68 25] none)); goto BB139 } BB139 { - _256 <- ([#"../option.rs" 68 12 68 34] cloned0 _257); + [#"../option.rs" 68 12 68 34] _256 <- ([#"../option.rs" 68 12 68 34] cloned0 _257); _257 <- any Core_Option_Option_Type.t_option int32; goto BB140 } BB140 { - _254 <- ([#"../option.rs" 68 12 68 44] is_none0 ([#"../option.rs" 68 12 68 44] _256)); + [#"../option.rs" 68 12 68 44] _254 <- ([#"../option.rs" 68 12 68 44] is_none0 ([#"../option.rs" 68 12 68 44] _256)); goto BB141 } BB141 { @@ -1006,19 +1040,20 @@ module Option_TestOption end } BB142 { + assert { [#"../option.rs" 68 4 68 45] false }; absurd } BB143 { - _265 <- ([#"../option.rs" 69 12 69 25] as_ref0 ([#"../option.rs" 69 12 69 25] some)); + [#"../option.rs" 69 12 69 25] _265 <- ([#"../option.rs" 69 12 69 25] as_ref0 ([#"../option.rs" 69 12 69 25] some)); goto BB144 } BB144 { - _264 <- ([#"../option.rs" 69 12 69 34] cloned0 _265); + [#"../option.rs" 69 12 69 34] _264 <- ([#"../option.rs" 69 12 69 34] cloned0 _265); _265 <- any Core_Option_Option_Type.t_option int32; goto BB145 } BB145 { - _263 <- ([#"../option.rs" 69 12 69 43] unwrap0 _264); + [#"../option.rs" 69 12 69 43] _263 <- ([#"../option.rs" 69 12 69 43] unwrap0 _264); _264 <- any Core_Option_Option_Type.t_option int32; goto BB146 } @@ -1029,22 +1064,23 @@ module Option_TestOption end } BB147 { + assert { [#"../option.rs" 69 4 69 49] false }; absurd } BB148 { - _274 <- Borrow.borrow_mut none; - none <- ^ _274; - _273 <- ([#"../option.rs" 70 12 70 25] as_mut0 _274); + [#"../option.rs" 70 12 70 25] _274 <- Borrow.borrow_mut none; + [#"../option.rs" 70 12 70 25] none <- ^ _274; + [#"../option.rs" 70 12 70 25] _273 <- ([#"../option.rs" 70 12 70 25] as_mut0 _274); _274 <- any borrowed (Core_Option_Option_Type.t_option int32); goto BB149 } BB149 { - _272 <- ([#"../option.rs" 70 12 70 34] cloned1 _273); + [#"../option.rs" 70 12 70 34] _272 <- ([#"../option.rs" 70 12 70 34] cloned1 _273); _273 <- any Core_Option_Option_Type.t_option (borrowed int32); goto BB150 } BB150 { - _270 <- ([#"../option.rs" 70 12 70 44] is_none0 ([#"../option.rs" 70 12 70 44] _272)); + [#"../option.rs" 70 12 70 44] _270 <- ([#"../option.rs" 70 12 70 44] is_none0 ([#"../option.rs" 70 12 70 44] _272)); goto BB151 } BB151 { @@ -1054,22 +1090,23 @@ module Option_TestOption end } BB152 { + assert { [#"../option.rs" 70 4 70 45] false }; absurd } BB153 { - _282 <- Borrow.borrow_mut some; - some <- ^ _282; - _281 <- ([#"../option.rs" 71 12 71 25] as_mut0 _282); + [#"../option.rs" 71 12 71 25] _282 <- Borrow.borrow_mut some; + [#"../option.rs" 71 12 71 25] some <- ^ _282; + [#"../option.rs" 71 12 71 25] _281 <- ([#"../option.rs" 71 12 71 25] as_mut0 _282); _282 <- any borrowed (Core_Option_Option_Type.t_option int32); goto BB154 } BB154 { - _280 <- ([#"../option.rs" 71 12 71 34] cloned1 _281); + [#"../option.rs" 71 12 71 34] _280 <- ([#"../option.rs" 71 12 71 34] cloned1 _281); _281 <- any Core_Option_Option_Type.t_option (borrowed int32); goto BB155 } BB155 { - _279 <- ([#"../option.rs" 71 12 71 43] unwrap0 _280); + [#"../option.rs" 71 12 71 43] _279 <- ([#"../option.rs" 71 12 71 43] unwrap0 _280); _280 <- any Core_Option_Option_Type.t_option int32; goto BB156 } @@ -1080,15 +1117,16 @@ module Option_TestOption end } BB157 { + assert { [#"../option.rs" 71 4 71 49] false }; absurd } BB158 { - opt <- ([#"../option.rs" 74 35 74 39] Core_Option_Option_Type.C_None); - _289 <- ([#"../option.rs" 75 12 75 25] flatten0 opt); + [#"../option.rs" 74 35 74 39] opt <- ([#"../option.rs" 74 35 74 39] Core_Option_Option_Type.C_None); + [#"../option.rs" 75 12 75 25] _289 <- ([#"../option.rs" 75 12 75 25] flatten0 ([#"../option.rs" 75 12 75 15] opt)); goto BB159 } BB159 { - _287 <- ([#"../option.rs" 75 12 75 35] is_none0 ([#"../option.rs" 75 12 75 35] _289)); + [#"../option.rs" 75 12 75 35] _287 <- ([#"../option.rs" 75 12 75 35] is_none0 ([#"../option.rs" 75 12 75 35] _289)); goto BB160 } BB160 { @@ -1098,15 +1136,16 @@ module Option_TestOption end } BB161 { + assert { [#"../option.rs" 75 4 75 36] false }; absurd } BB162 { - opt1 <- ([#"../option.rs" 76 35 76 45] Core_Option_Option_Type.C_Some ([#"../option.rs" 76 40 76 44] Core_Option_Option_Type.C_None)); - _298 <- ([#"../option.rs" 77 12 77 25] flatten0 opt1); + [#"../option.rs" 76 35 76 45] opt1 <- ([#"../option.rs" 76 35 76 45] Core_Option_Option_Type.C_Some ([#"../option.rs" 76 40 76 44] Core_Option_Option_Type.C_None)); + [#"../option.rs" 77 12 77 25] _298 <- ([#"../option.rs" 77 12 77 25] flatten0 ([#"../option.rs" 77 12 77 15] opt1)); goto BB163 } BB163 { - _296 <- ([#"../option.rs" 77 12 77 35] is_none0 ([#"../option.rs" 77 12 77 35] _298)); + [#"../option.rs" 77 12 77 35] _296 <- ([#"../option.rs" 77 12 77 35] is_none0 ([#"../option.rs" 77 12 77 35] _298)); goto BB164 } BB164 { @@ -1116,15 +1155,16 @@ module Option_TestOption end } BB165 { + assert { [#"../option.rs" 77 4 77 36] false }; absurd } BB166 { - opt2 <- ([#"../option.rs" 78 35 78 48] Core_Option_Option_Type.C_Some ([#"../option.rs" 78 40 78 47] Core_Option_Option_Type.C_Some ([#"../option.rs" 78 45 78 46] [#"../option.rs" 78 45 78 46] (1 : int32)))); - _307 <- ([#"../option.rs" 79 12 79 25] flatten0 opt2); + [#"../option.rs" 78 35 78 48] opt2 <- ([#"../option.rs" 78 35 78 48] Core_Option_Option_Type.C_Some ([#"../option.rs" 78 40 78 47] Core_Option_Option_Type.C_Some ([#"../option.rs" 78 45 78 46] [#"../option.rs" 78 45 78 46] (1 : int32)))); + [#"../option.rs" 79 12 79 25] _307 <- ([#"../option.rs" 79 12 79 25] flatten0 ([#"../option.rs" 79 12 79 15] opt2)); goto BB167 } BB167 { - _306 <- ([#"../option.rs" 79 12 79 34] unwrap0 _307); + [#"../option.rs" 79 12 79 34] _306 <- ([#"../option.rs" 79 12 79 34] unwrap0 _307); _307 <- any Core_Option_Option_Type.t_option int32; goto BB168 } @@ -1135,10 +1175,11 @@ module Option_TestOption end } BB169 { + assert { [#"../option.rs" 79 4 79 40] false }; absurd } BB170 { - _0 <- ([#"../option.rs" 4 21 80 1] ()); + [#"../option.rs" 4 21 80 1] _0 <- ([#"../option.rs" 4 21 80 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/option/why3shapes.gz b/creusot/tests/should_succeed/option/why3shapes.gz index 4d8d968e9d..2a8bf738c9 100644 Binary files a/creusot/tests/should_succeed/option/why3shapes.gz and b/creusot/tests/should_succeed/option/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/ord_trait.mlcfg b/creusot/tests/should_succeed/ord_trait.mlcfg index 13fad3a055..92fceb55f1 100644 --- a/creusot/tests/should_succeed/ord_trait.mlcfg +++ b/creusot/tests/should_succeed/ord_trait.mlcfg @@ -17,7 +17,7 @@ module OrdTrait_X val inv2 (_x : deep_model_ty0) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../ord_trait.rs" 1 0 1 0] forall x : deep_model_ty0 . inv2 x = true + axiom inv2 : forall x : deep_model_ty0 . inv2 x = true use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type function cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering val cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering @@ -115,7 +115,7 @@ module OrdTrait_X val inv1 (_x : t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../ord_trait.rs" 1 0 1 0] forall x : t . inv1 x = true + axiom inv1 : forall x : t . inv1 x = true predicate invariant0 (self : t) val invariant0 (self : t) : bool ensures { result = invariant0 self } @@ -124,7 +124,7 @@ module OrdTrait_X val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../ord_trait.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true use prelude.Borrow predicate resolve0 (self : t) val resolve0 (self : t) : bool @@ -161,8 +161,8 @@ module OrdTrait_X goto BB0 } BB0 { - _5 <- ([#"../ord_trait.rs" 9 9 9 10] x); - _0 <- ([#"../ord_trait.rs" 9 4 9 10] le0 ([#"../ord_trait.rs" 9 4 9 5] x) ([#"../ord_trait.rs" 9 9 9 10] _5)); + [#"../ord_trait.rs" 9 9 9 10] _5 <- ([#"../ord_trait.rs" 9 9 9 10] x); + [#"../ord_trait.rs" 9 4 9 10] _0 <- ([#"../ord_trait.rs" 9 4 9 10] le0 ([#"../ord_trait.rs" 9 4 9 5] x) ([#"../ord_trait.rs" 9 9 9 10] _5)); goto BB1 } BB1 { @@ -185,7 +185,7 @@ module OrdTrait_GtOrLe val inv2 (_x : deep_model_ty0) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../ord_trait.rs" 1 0 1 0] forall x : deep_model_ty0 . inv2 x = true + axiom inv2 : forall x : deep_model_ty0 . inv2 x = true predicate invariant1 (self : t) val invariant1 (self : t) : bool ensures { result = invariant1 self } @@ -194,7 +194,7 @@ module OrdTrait_GtOrLe val inv1 (_x : t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../ord_trait.rs" 1 0 1 0] forall x : t . inv1 x = true + axiom inv1 : forall x : t . inv1 x = true use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type function cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering val cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering @@ -292,7 +292,7 @@ module OrdTrait_GtOrLe val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../ord_trait.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true function deep_model0 (self : t) : deep_model_ty0 val deep_model0 (self : t) : deep_model_ty0 ensures { result = deep_model0 self } @@ -331,10 +331,10 @@ module OrdTrait_GtOrLe goto BB0 } BB0 { - _6 <- ([#"../ord_trait.rs" 17 9 17 10] y); + [#"../ord_trait.rs" 17 9 17 10] _6 <- ([#"../ord_trait.rs" 17 9 17 10] y); assert { [@expl:type invariant] inv0 y }; assume { resolve0 y }; - _0 <- ([#"../ord_trait.rs" 17 4 17 10] ge0 ([#"../ord_trait.rs" 17 4 17 5] x) ([#"../ord_trait.rs" 17 9 17 10] _6)); + [#"../ord_trait.rs" 17 4 17 10] _0 <- ([#"../ord_trait.rs" 17 4 17 10] ge0 ([#"../ord_trait.rs" 17 4 17 5] x) ([#"../ord_trait.rs" 17 9 17 10] _6)); goto BB1 } BB1 { @@ -361,7 +361,7 @@ module OrdTrait_GtOrLeInt goto BB0 } BB0 { - _0 <- ([#"../ord_trait.rs" 22 4 22 10] x <= y); + [#"../ord_trait.rs" 22 4 22 10] _0 <- ([#"../ord_trait.rs" 22 4 22 10] ([#"../ord_trait.rs" 22 4 22 5] x) <= ([#"../ord_trait.rs" 22 9 22 10] y)); return _0 } diff --git a/creusot/tests/should_succeed/projection_toggle.mlcfg b/creusot/tests/should_succeed/projection_toggle.mlcfg index 781c5c61c9..8d08827e34 100644 --- a/creusot/tests/should_succeed/projection_toggle.mlcfg +++ b/creusot/tests/should_succeed/projection_toggle.mlcfg @@ -9,7 +9,7 @@ module ProjectionToggle_ProjToggle val inv1 (_x : t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../projection_toggle.rs" 1 0 1 0] forall x : t . inv1 x = true + axiom inv1 : forall x : t . inv1 x = true use prelude.Borrow predicate invariant0 (self : borrowed t) val invariant0 (self : borrowed t) : bool @@ -19,7 +19,7 @@ module ProjectionToggle_ProjToggle val inv0 (_x : borrowed t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../projection_toggle.rs" 1 0 1 0] forall x : borrowed t . inv0 x = true + axiom inv0 : forall x : borrowed t . inv0 x = true predicate resolve0 (self : borrowed t) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve0 (self : borrowed t) : bool @@ -47,7 +47,7 @@ module ProjectionToggle_ProjToggle goto BB0 } BB0 { - switch (toggle) + switch ([#"../projection_toggle.rs" 6 7 6 13] toggle) | False -> goto BB2 | True -> goto BB1 end @@ -55,11 +55,11 @@ module ProjectionToggle_ProjToggle BB1 { assert { [@expl:type invariant] inv0 b }; assume { resolve0 b }; - _8 <- Borrow.borrow_mut ( * a); - a <- { a with current = ^ _8 }; + [#"../projection_toggle.rs" 7 8 7 9] _8 <- Borrow.borrow_mut ( * a); + [#"../projection_toggle.rs" 7 8 7 9] a <- { a with current = ^ _8 }; assume { inv1 ( ^ _8) }; - _6 <- Borrow.borrow_mut ( * _8); - _8 <- { _8 with current = ^ _6 }; + [#"../projection_toggle.rs" 7 8 7 9] _6 <- Borrow.borrow_mut ( * _8); + [#"../projection_toggle.rs" 7 8 7 9] _8 <- { _8 with current = ^ _6 }; assume { inv1 ( ^ _6) }; assert { [@expl:type invariant] inv0 _8 }; assume { resolve0 _8 }; @@ -68,17 +68,17 @@ module ProjectionToggle_ProjToggle BB2 { assert { [@expl:type invariant] inv0 a }; assume { resolve0 a }; - _6 <- Borrow.borrow_mut ( * b); - b <- { b with current = ^ _6 }; + [#"../projection_toggle.rs" 9 8 9 9] _6 <- Borrow.borrow_mut ( * b); + [#"../projection_toggle.rs" 9 8 9 9] b <- { b with current = ^ _6 }; assume { inv1 ( ^ _6) }; goto BB3 } BB3 { - _4 <- Borrow.borrow_mut ( * _6); - _6 <- { _6 with current = ^ _4 }; + [#"../projection_toggle.rs" 6 4 10 5] _4 <- Borrow.borrow_mut ( * _6); + [#"../projection_toggle.rs" 6 4 10 5] _6 <- { _6 with current = ^ _4 }; assume { inv1 ( ^ _4) }; - _0 <- Borrow.borrow_mut ( * _4); - _4 <- { _4 with current = ^ _0 }; + [#"../projection_toggle.rs" 6 4 10 5] _0 <- Borrow.borrow_mut ( * _4); + [#"../projection_toggle.rs" 6 4 10 5] _4 <- { _4 with current = ^ _0 }; assume { inv1 ( ^ _0) }; assert { [@expl:type invariant] inv0 _6 }; assume { resolve0 _6 }; @@ -104,7 +104,7 @@ module ProjectionToggle_F val inv0 (_x : borrowed int32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../projection_toggle.rs" 1 0 1 0] forall x : borrowed int32 . inv0 x = true + axiom inv0 : forall x : borrowed int32 . inv0 x = true predicate resolve0 (self : borrowed int32) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve0 (self : borrowed int32) : bool @@ -135,17 +135,17 @@ module ProjectionToggle_F goto BB0 } BB0 { - a <- ([#"../projection_toggle.rs" 14 16 14 18] [#"../projection_toggle.rs" 14 16 14 18] (10 : int32)); - b <- ([#"../projection_toggle.rs" 15 16 15 17] [#"../projection_toggle.rs" 15 16 15 17] (5 : int32)); - _5 <- Borrow.borrow_mut a; - a <- ^ _5; - _4 <- Borrow.borrow_mut ( * _5); - _5 <- { _5 with current = ^ _4 }; - _7 <- Borrow.borrow_mut b; - b <- ^ _7; - _6 <- Borrow.borrow_mut ( * _7); - _7 <- { _7 with current = ^ _6 }; - x <- ([#"../projection_toggle.rs" 17 12 17 45] proj_toggle0 ([#"../projection_toggle.rs" 17 24 17 28] [#"../projection_toggle.rs" 17 24 17 28] true) _4 _6); + [#"../projection_toggle.rs" 14 16 14 18] a <- ([#"../projection_toggle.rs" 14 16 14 18] [#"../projection_toggle.rs" 14 16 14 18] (10 : int32)); + [#"../projection_toggle.rs" 15 16 15 17] b <- ([#"../projection_toggle.rs" 15 16 15 17] [#"../projection_toggle.rs" 15 16 15 17] (5 : int32)); + [#"../projection_toggle.rs" 17 30 17 36] _5 <- Borrow.borrow_mut a; + [#"../projection_toggle.rs" 17 30 17 36] a <- ^ _5; + [#"../projection_toggle.rs" 17 30 17 36] _4 <- Borrow.borrow_mut ( * _5); + [#"../projection_toggle.rs" 17 30 17 36] _5 <- { _5 with current = ^ _4 }; + [#"../projection_toggle.rs" 17 38 17 44] _7 <- Borrow.borrow_mut b; + [#"../projection_toggle.rs" 17 38 17 44] b <- ^ _7; + [#"../projection_toggle.rs" 17 38 17 44] _6 <- Borrow.borrow_mut ( * _7); + [#"../projection_toggle.rs" 17 38 17 44] _7 <- { _7 with current = ^ _6 }; + [#"../projection_toggle.rs" 17 12 17 45] x <- ([#"../projection_toggle.rs" 17 12 17 45] proj_toggle0 ([#"../projection_toggle.rs" 17 24 17 28] [#"../projection_toggle.rs" 17 24 17 28] true) _4 _6); _4 <- any borrowed int32; _6 <- any borrowed int32; goto BB1 @@ -153,18 +153,19 @@ module ProjectionToggle_F BB1 { assume { resolve0 _7 }; assume { resolve0 _5 }; - x <- { x with current = ([#"../projection_toggle.rs" 19 4 19 11] * x + ([#"../projection_toggle.rs" 19 10 19 11] [#"../projection_toggle.rs" 19 10 19 11] (5 : int32))) }; + [#"../projection_toggle.rs" 19 4 19 11] x <- { x with current = ([#"../projection_toggle.rs" 19 4 19 11] * x + ([#"../projection_toggle.rs" 19 10 19 11] [#"../projection_toggle.rs" 19 10 19 11] (5 : int32))) }; assume { resolve0 x }; - switch ([#"../projection_toggle.rs" 20 4 20 20] not ([#"../projection_toggle.rs" 20 12 20 19] a = ([#"../projection_toggle.rs" 20 17 20 19] [#"../projection_toggle.rs" 20 17 20 19] (15 : int32)))) + switch ([#"../projection_toggle.rs" 20 4 20 20] not ([#"../projection_toggle.rs" 20 12 20 19] ([#"../projection_toggle.rs" 20 12 20 13] a) = ([#"../projection_toggle.rs" 20 17 20 19] [#"../projection_toggle.rs" 20 17 20 19] (15 : int32)))) | False -> goto BB3 | True -> goto BB2 end } BB2 { + assert { [#"../projection_toggle.rs" 20 4 20 20] false }; absurd } BB3 { - _0 <- ([#"../projection_toggle.rs" 13 11 21 1] ()); + [#"../projection_toggle.rs" 13 11 21 1] _0 <- ([#"../projection_toggle.rs" 13 11 21 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/projection_toggle/why3shapes.gz b/creusot/tests/should_succeed/projection_toggle/why3shapes.gz index c5c3dc102b..c3d99d415b 100644 Binary files a/creusot/tests/should_succeed/projection_toggle/why3shapes.gz and b/creusot/tests/should_succeed/projection_toggle/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/projections.mlcfg b/creusot/tests/should_succeed/projections.mlcfg index e032f8f58f..10c0874b95 100644 --- a/creusot/tests/should_succeed/projections.mlcfg +++ b/creusot/tests/should_succeed/projections.mlcfg @@ -12,7 +12,7 @@ module Projections_CopyOutOfRef goto BB0 } BB0 { - _0 <- x; + [#"../projections.rs" 6 4 6 6] _0 <- ([#"../projections.rs" 6 4 6 6] x); return _0 } @@ -63,19 +63,20 @@ module Projections_CopyOutOfSum goto BB4 } BB2 { - y <- Core_Result_Result_Type.err_0 x; - x <- (let Core_Result_Result_Type.C_Err x0 = x in Core_Result_Result_Type.C_Err (any borrowed uint32)); - _0 <- * y; + [#"../projections.rs" 12 12 12 13] y <- ([#"../projections.rs" 12 12 12 13] Core_Result_Result_Type.err_0 x); + [#"../projections.rs" 12 12 12 13] x <- (let Core_Result_Result_Type.C_Err x0 = x in Core_Result_Result_Type.C_Err (any borrowed uint32)); + [#"../projections.rs" 12 18 12 20] _0 <- ([#"../projections.rs" 12 18 12 20] * y); assume { resolve0 y }; goto BB5 } BB3 { + assert { [#"../projections.rs" 10 10 10 11] false }; absurd } BB4 { - x1 <- Core_Result_Result_Type.ok_0 x; - x <- (let Core_Result_Result_Type.C_Ok x0 = x in Core_Result_Result_Type.C_Ok (any borrowed uint32)); - _0 <- * x1; + [#"../projections.rs" 11 11 11 12] x1 <- ([#"../projections.rs" 11 11 11 12] Core_Result_Result_Type.ok_0 x); + [#"../projections.rs" 11 11 11 12] x <- (let Core_Result_Result_Type.C_Ok x0 = x in Core_Result_Result_Type.C_Ok (any borrowed uint32)); + [#"../projections.rs" 11 17 11 19] _0 <- ([#"../projections.rs" 11 17 11 19] * x1); assume { resolve0 x1 }; goto BB5 } @@ -127,7 +128,7 @@ module Projections_WriteIntoSum } BB1 { assume { resolve1 x }; - _0 <- ([#"../projections.rs" 19 16 19 18] ()); + [#"../projections.rs" 19 16 19 18] _0 <- ([#"../projections.rs" 19 16 19 18] ()); goto BB5 } BB2 { @@ -135,14 +136,15 @@ module Projections_WriteIntoSum } BB3 { assume { resolve1 x }; + assert { [#"../projections.rs" 17 10 17 11] false }; absurd } BB4 { - y <- Borrow.borrow_mut (Core_Option_Option_Type.some_0 ( * x)); - x <- { x with current = (let Core_Option_Option_Type.C_Some x0 = * x in Core_Option_Option_Type.C_Some ( ^ y)) }; - y <- { y with current = ([#"../projections.rs" 18 24 18 26] [#"../projections.rs" 18 24 18 26] (10 : uint32)) }; + [#"../projections.rs" 18 13 18 14] y <- Borrow.borrow_mut (Core_Option_Option_Type.some_0 ( * x)); + [#"../projections.rs" 18 13 18 14] x <- { x with current = (let Core_Option_Option_Type.C_Some x0 = * x in Core_Option_Option_Type.C_Some ( ^ y)) }; + [#"../projections.rs" 18 19 18 26] y <- { y with current = ([#"../projections.rs" 18 19 18 26] [#"../projections.rs" 18 24 18 26] (10 : uint32)) }; assume { resolve0 y }; - _0 <- ([#"../projections.rs" 18 19 18 26] ()); + [#"../projections.rs" 18 19 18 26] _0 <- ([#"../projections.rs" 18 19 18 26] ()); assume { resolve1 x }; goto BB5 } @@ -165,29 +167,30 @@ module Projections_F goto BB0 } BB0 { - _2 <- ([#"../projections.rs" 24 10 24 18] Core_Option_Option_Type.C_Some ([#"../projections.rs" 24 15 24 17] [#"../projections.rs" 24 15 24 17] (10 : int32))); + [#"../projections.rs" 24 10 24 18] _2 <- ([#"../projections.rs" 24 10 24 18] Core_Option_Option_Type.C_Some ([#"../projections.rs" 24 15 24 17] [#"../projections.rs" 24 15 24 17] (10 : int32))); switch (_2) | Core_Option_Option_Type.C_None -> goto BB1 | Core_Option_Option_Type.C_Some _ -> goto BB2 end } BB1 { - _1 <- ([#"../projections.rs" 26 16 26 21] [#"../projections.rs" 26 16 26 21] false); + [#"../projections.rs" 26 16 26 21] _1 <- ([#"../projections.rs" 26 16 26 21] [#"../projections.rs" 26 16 26 21] false); goto BB5 } BB2 { goto BB4 } BB3 { + assert { [#"../projections.rs" 24 10 24 18] false }; absurd } BB4 { - x <- Core_Option_Option_Type.some_0 _2; - _1 <- ([#"../projections.rs" 25 19 25 25] x = ([#"../projections.rs" 25 24 25 25] [#"../projections.rs" 25 24 25 25] (0 : int32))); + [#"../projections.rs" 25 13 25 14] x <- ([#"../projections.rs" 25 13 25 14] Core_Option_Option_Type.some_0 _2); + [#"../projections.rs" 25 19 25 25] _1 <- ([#"../projections.rs" 25 19 25 25] ([#"../projections.rs" 25 19 25 20] x) = ([#"../projections.rs" 25 24 25 25] [#"../projections.rs" 25 24 25 25] (0 : int32))); goto BB5 } BB5 { - _0 <- ([#"../projections.rs" 23 11 28 1] ()); + [#"../projections.rs" 23 11 28 1] _0 <- ([#"../projections.rs" 23 11 28 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/prophecy.mlcfg b/creusot/tests/should_succeed/prophecy.mlcfg index cd3aed4333..578333e9da 100644 --- a/creusot/tests/should_succeed/prophecy.mlcfg +++ b/creusot/tests/should_succeed/prophecy.mlcfg @@ -17,12 +17,12 @@ module Prophecy_F goto BB0 } BB0 { - x <- ([#"../prophecy.rs" 4 16 4 17] [#"../prophecy.rs" 4 16 4 17] (0 : int32)); - y <- Borrow.borrow_mut x; - x <- ^ y; - y <- { y with current = ([#"../prophecy.rs" 9 9 9 10] [#"../prophecy.rs" 9 9 9 10] (5 : int32)) }; + [#"../prophecy.rs" 4 16 4 17] x <- ([#"../prophecy.rs" 4 16 4 17] [#"../prophecy.rs" 4 16 4 17] (0 : int32)); + [#"../prophecy.rs" 5 12 5 18] y <- Borrow.borrow_mut x; + [#"../prophecy.rs" 5 12 5 18] x <- ^ y; + [#"../prophecy.rs" 9 4 9 10] y <- { y with current = ([#"../prophecy.rs" 9 4 9 10] [#"../prophecy.rs" 9 9 9 10] (5 : int32)) }; assume { resolve0 y }; - _0 <- ([#"../prophecy.rs" 3 11 10 1] ()); + [#"../prophecy.rs" 3 11 10 1] _0 <- ([#"../prophecy.rs" 3 11 10 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/red_black_tree.mlcfg b/creusot/tests/should_succeed/red_black_tree.mlcfg index bfa13b0b5d..c9b4e01b25 100644 --- a/creusot/tests/should_succeed/red_black_tree.mlcfg +++ b/creusot/tests/should_succeed/red_black_tree.mlcfg @@ -27,14 +27,15 @@ module RedBlackTree_Impl16_Clone goto BB4 } BB2 { - _0 <- ([#"../red_black_tree.rs" 9 5 11 9] RedBlackTree_Color_Type.C_Black); + [#"../red_black_tree.rs" 9 5 11 9] _0 <- ([#"../red_black_tree.rs" 9 5 11 9] RedBlackTree_Color_Type.C_Black); goto BB5 } BB3 { + assert { [#"../red_black_tree.rs" 8 9 8 14] false }; absurd } BB4 { - _0 <- ([#"../red_black_tree.rs" 9 5 10 7] RedBlackTree_Color_Type.C_Red); + [#"../red_black_tree.rs" 9 5 10 7] _0 <- ([#"../red_black_tree.rs" 9 5 10 7] RedBlackTree_Color_Type.C_Red); goto BB5 } BB5 { @@ -101,7 +102,7 @@ module RedBlackTree_Impl0_ModelAccHasMapping_Impl val inv3 (_x : v) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../red_black_tree.rs" 1 0 1 0] forall x : v . inv3 x = true + axiom inv3 : forall x : v . inv3 x = true type deep_model_ty0 predicate invariant2 (self : deep_model_ty0) val invariant2 (self : deep_model_ty0) : bool @@ -111,7 +112,7 @@ module RedBlackTree_Impl0_ModelAccHasMapping_Impl val inv2 (_x : deep_model_ty0) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../red_black_tree.rs" 1 0 1 0] forall x : deep_model_ty0 . inv2 x = true + axiom inv2 : forall x : deep_model_ty0 . inv2 x = true use Core_Option_Option_Type as Core_Option_Option_Type use map.Map predicate invariant1 (self : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v)) @@ -122,7 +123,7 @@ module RedBlackTree_Impl0_ModelAccHasMapping_Impl val inv1 (_x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v) . inv1 x = true + axiom inv1 : forall x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v) . inv1 x = true use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type predicate invariant0 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant0 (self : RedBlackTree_Tree_Type.t_tree k v) : bool @@ -132,7 +133,7 @@ module RedBlackTree_Impl0_ModelAccHasMapping_Impl val inv0 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv0 x = true + axiom inv0 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv0 x = true use map.Map function deep_model0 (self : k) : deep_model_ty0 val deep_model0 (self : k) : deep_model_ty0 @@ -284,12 +285,12 @@ module RedBlackTree_Impl0_HasMappingModelAcc_Impl val inv3 (_x : v) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../red_black_tree.rs" 1 0 1 0] forall x : v . inv3 x = true + axiom inv3 : forall x : v . inv3 x = true predicate invariant2 (self : deep_model_ty0) val invariant2 (self : deep_model_ty0) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../red_black_tree.rs" 1 0 1 0] forall x : deep_model_ty0 . inv2 x = true + axiom inv2 : forall x : deep_model_ty0 . inv2 x = true use Core_Option_Option_Type as Core_Option_Option_Type use map.Map predicate invariant1 (self : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v)) @@ -300,7 +301,7 @@ module RedBlackTree_Impl0_HasMappingModelAcc_Impl val inv1 (_x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v) . inv1 x = true + axiom inv1 : forall x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v) . inv1 x = true use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type predicate invariant0 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant0 (self : RedBlackTree_Tree_Type.t_tree k v) : bool @@ -310,7 +311,7 @@ module RedBlackTree_Impl0_HasMappingModelAcc_Impl val inv0 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv0 x = true + axiom inv0 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv0 x = true use map.Map function deep_model0 (self : k) : deep_model_ty0 val deep_model0 (self : k) : deep_model_ty0 @@ -485,7 +486,7 @@ module RedBlackTree_Impl0_HasMappingModel_Impl val inv3 (_x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v) . inv3 x = true + axiom inv3 : forall x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v) . inv3 x = true predicate invariant2 (self : v) val invariant2 (self : v) : bool ensures { result = invariant2 self } @@ -494,12 +495,12 @@ module RedBlackTree_Impl0_HasMappingModel_Impl val inv2 (_x : v) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../red_black_tree.rs" 1 0 1 0] forall x : v . inv2 x = true + axiom inv2 : forall x : v . inv2 x = true predicate invariant1 (self : deep_model_ty0) val invariant1 (self : deep_model_ty0) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : deep_model_ty0 . inv1 x = true + axiom inv1 : forall x : deep_model_ty0 . inv1 x = true use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type predicate invariant0 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant0 (self : RedBlackTree_Tree_Type.t_tree k v) : bool @@ -509,7 +510,7 @@ module RedBlackTree_Impl0_HasMappingModel_Impl val inv0 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv0 x = true + axiom inv0 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv0 x = true use map.Map function deep_model0 (self : k) : deep_model_ty0 val deep_model0 (self : k) : deep_model_ty0 @@ -610,7 +611,7 @@ module RedBlackTree_Impl0_HasMappingInj_Impl val inv3 (_x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v) . inv3 x = true + axiom inv3 : forall x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v) . inv3 x = true use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type function cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering val cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering @@ -712,12 +713,12 @@ module RedBlackTree_Impl0_HasMappingInj_Impl val inv2 (_x : v) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../red_black_tree.rs" 1 0 1 0] forall x : v . inv2 x = true + axiom inv2 : forall x : v . inv2 x = true predicate invariant1 (self : deep_model_ty0) val invariant1 (self : deep_model_ty0) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : deep_model_ty0 . inv1 x = true + axiom inv1 : forall x : deep_model_ty0 . inv1 x = true use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type predicate invariant0 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant0 (self : RedBlackTree_Tree_Type.t_tree k v) : bool @@ -727,7 +728,7 @@ module RedBlackTree_Impl0_HasMappingInj_Impl val inv0 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv0 x = true + axiom inv0 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv0 x = true use map.Map use map.Map function deep_model0 (self : k) : deep_model_ty0 @@ -874,7 +875,7 @@ module RedBlackTree_Impl1_HasMapping_Impl ensures { result = inv3 _x } use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - axiom inv3 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv3 x = true + axiom inv3 : forall x : RedBlackTree_Node_Type.t_node k v . inv3 x = true predicate invariant2 (self : v) val invariant2 (self : v) : bool ensures { result = invariant2 self } @@ -883,7 +884,7 @@ module RedBlackTree_Impl1_HasMapping_Impl val inv2 (_x : v) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../red_black_tree.rs" 1 0 1 0] forall x : v . inv2 x = true + axiom inv2 : forall x : v . inv2 x = true type deep_model_ty0 predicate invariant1 (self : deep_model_ty0) val invariant1 (self : deep_model_ty0) : bool @@ -893,7 +894,7 @@ module RedBlackTree_Impl1_HasMapping_Impl val inv1 (_x : deep_model_ty0) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : deep_model_ty0 . inv1 x = true + axiom inv1 : forall x : deep_model_ty0 . inv1 x = true predicate invariant0 (self : RedBlackTree_Node_Type.t_node k v) val invariant0 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant0 self } @@ -902,7 +903,7 @@ module RedBlackTree_Impl1_HasMapping_Impl val inv0 (_x : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv0 x = true + axiom inv0 : forall x : RedBlackTree_Node_Type.t_node k v . inv0 x = true function deep_model0 (self : k) : deep_model_ty0 val deep_model0 (self : k) : deep_model_ty0 ensures { result = deep_model0 self } @@ -947,7 +948,7 @@ module RedBlackTree_Impl9_Height_Impl val inv0 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv0 x = true + axiom inv0 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv0 x = true use RedBlackTree_Color_Type as RedBlackTree_Color_Type use RedBlackTree_Node_Type as RedBlackTree_Node_Type use Core_Option_Option_Type as Core_Option_Option_Type @@ -977,7 +978,7 @@ module RedBlackTree_Impl10_Height_Impl val inv2 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv2 x = true + axiom inv2 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv2 x = true use RedBlackTree_Node_Type as RedBlackTree_Node_Type predicate invariant1 (self : RedBlackTree_Node_Type.t_node k v) val invariant1 (self : RedBlackTree_Node_Type.t_node k v) : bool @@ -988,7 +989,7 @@ module RedBlackTree_Impl10_Height_Impl ensures { result = inv1 _x } use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv1 x = true + axiom inv1 : forall x : RedBlackTree_Node_Type.t_node k v . inv1 x = true predicate invariant0 (self : RedBlackTree_Node_Type.t_node k v) val invariant0 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant0 self } @@ -997,7 +998,7 @@ module RedBlackTree_Impl10_Height_Impl val inv0 (_x : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv0 x = true + axiom inv0 : forall x : RedBlackTree_Node_Type.t_node k v . inv0 x = true use RedBlackTree_Color_Type as RedBlackTree_Color_Type use prelude.Int use Core_Option_Option_Type as Core_Option_Option_Type @@ -1036,7 +1037,7 @@ module RedBlackTree_Impl13_IsRed val inv0 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv0 x = true + axiom inv0 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv0 x = true use RedBlackTree_Node_Type as RedBlackTree_Node_Type use Core_Option_Option_Type as Core_Option_Option_Type use RedBlackTree_Color_Type as RedBlackTree_Color_Type @@ -1072,7 +1073,7 @@ module RedBlackTree_Impl13_IsRed end } BB1 { - _0 <- ([#"../red_black_tree.rs" 391 17 391 22] [#"../red_black_tree.rs" 391 17 391 22] false); + [#"../red_black_tree.rs" 391 17 391 22] _0 <- ([#"../red_black_tree.rs" 391 17 391 22] [#"../red_black_tree.rs" 391 17 391 22] false); goto BB5 } BB2 { @@ -1087,7 +1088,7 @@ module RedBlackTree_Impl13_IsRed goto BB4 } BB4 { - _0 <- ([#"../red_black_tree.rs" 390 49 390 53] [#"../red_black_tree.rs" 390 49 390 53] true); + [#"../red_black_tree.rs" 390 49 390 53] _0 <- ([#"../red_black_tree.rs" 390 49 390 53] [#"../red_black_tree.rs" 390 49 390 53] true); goto BB5 } BB5 { @@ -1112,7 +1113,7 @@ module RedBlackTree_Impl14_RotateRight val inv11 (_x : deep_model_ty0) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../red_black_tree.rs" 1 0 1 0] forall x : deep_model_ty0 . inv11 x = true + axiom inv11 : forall x : deep_model_ty0 . inv11 x = true predicate invariant10 (self : v) val invariant10 (self : v) : bool ensures { result = invariant10 self } @@ -1121,7 +1122,7 @@ module RedBlackTree_Impl14_RotateRight val inv10 (_x : v) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../red_black_tree.rs" 1 0 1 0] forall x : v . inv10 x = true + axiom inv10 : forall x : v . inv10 x = true use RedBlackTree_Color_Type as RedBlackTree_Color_Type use prelude.Borrow predicate invariant9 (self : borrowed (RedBlackTree_Color_Type.t_color)) = @@ -1133,7 +1134,7 @@ module RedBlackTree_Impl14_RotateRight val inv9 (_x : borrowed (RedBlackTree_Color_Type.t_color)) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Color_Type.t_color) . inv9 x = true + axiom inv9 : forall x : borrowed (RedBlackTree_Color_Type.t_color) . inv9 x = true use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type function cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering val cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering @@ -1232,7 +1233,7 @@ module RedBlackTree_Impl14_RotateRight val inv8 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv8 x = true + axiom inv8 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv8 x = true predicate invariant7 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) val invariant7 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant7 self } @@ -1241,7 +1242,7 @@ module RedBlackTree_Impl14_RotateRight val inv7 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv7 x = true + axiom inv7 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv7 x = true predicate invariant6 (self : RedBlackTree_Node_Type.t_node k v) val invariant6 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant6 self } @@ -1251,7 +1252,7 @@ module RedBlackTree_Impl14_RotateRight ensures { result = inv6 _x } use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - axiom inv6 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv6 x = true + axiom inv6 : forall x : RedBlackTree_Node_Type.t_node k v . inv6 x = true predicate invariant5 (self : RedBlackTree_Node_Type.t_node k v) val invariant5 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant5 self } @@ -1260,7 +1261,7 @@ module RedBlackTree_Impl14_RotateRight val inv5 (_x : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv5 x = true + axiom inv5 : forall x : RedBlackTree_Node_Type.t_node k v . inv5 x = true use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type predicate invariant4 (self : borrowed (RedBlackTree_Tree_Type.t_tree k v)) val invariant4 (self : borrowed (RedBlackTree_Tree_Type.t_tree k v)) : bool @@ -1270,7 +1271,7 @@ module RedBlackTree_Impl14_RotateRight val inv4 (_x : borrowed (RedBlackTree_Tree_Type.t_tree k v)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Tree_Type.t_tree k v) . inv4 x = true + axiom inv4 : forall x : borrowed (RedBlackTree_Tree_Type.t_tree k v) . inv4 x = true predicate invariant3 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant3 (self : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = invariant3 self } @@ -1279,7 +1280,7 @@ module RedBlackTree_Impl14_RotateRight val inv3 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv3 x = true + axiom inv3 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv3 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant2 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) val invariant2 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool @@ -1289,7 +1290,7 @@ module RedBlackTree_Impl14_RotateRight val inv2 (_x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv2 x = true + axiom inv2 : forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv2 x = true predicate invariant1 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) val invariant1 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant1 self } @@ -1298,7 +1299,7 @@ module RedBlackTree_Impl14_RotateRight val inv1 (_x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv1 x = true use prelude.Ghost predicate invariant0 (self : Ghost.ghost_ty (borrowed (RedBlackTree_Node_Type.t_node k v))) val invariant0 (self : Ghost.ghost_ty (borrowed (RedBlackTree_Node_Type.t_node k v))) : bool @@ -1308,7 +1309,7 @@ module RedBlackTree_Impl14_RotateRight val inv0 (_x : Ghost.ghost_ty (borrowed (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Ghost.ghost_ty (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv0 x = true + axiom inv0 : forall x : Ghost.ghost_ty (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv0 x = true use prelude.Int function height1 [#"../red_black_tree.rs" 296 4 296 26] (self : RedBlackTree_Tree_Type.t_tree k v) : int = [#"../red_black_tree.rs" 298 12 306 13] match self with @@ -1524,43 +1525,43 @@ module RedBlackTree_Impl14_RotateRight goto BB0 } BB0 { - old_self <- ([#"../red_black_tree.rs" 413 23 413 35] Ghost.new self); + [#"../red_black_tree.rs" 413 23 413 35] old_self <- ([#"../red_black_tree.rs" 413 23 413 35] Ghost.new self); goto BB1 } BB1 { assert { [@expl:type invariant] inv0 old_self }; assume { resolve0 old_self }; - _16 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_left ( * self))); - self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node (let RedBlackTree_Tree_Type.C_Tree x0 = RedBlackTree_Node_Type.node_left ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _16)) x1 x2 x3 x4) }; + [#"../red_black_tree.rs" 421 35 421 54] _16 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_left ( * self))); + [#"../red_black_tree.rs" 421 35 421 54] self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node (let RedBlackTree_Tree_Type.C_Tree x0 = RedBlackTree_Node_Type.node_left ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _16)) x1 x2 x3 x4) }; assume { inv1 ( ^ _16) }; - _15 <- Borrow.borrow_mut ( * _16); - _16 <- { _16 with current = ^ _15 }; + [#"../red_black_tree.rs" 421 35 421 54] _15 <- Borrow.borrow_mut ( * _16); + [#"../red_black_tree.rs" 421 35 421 54] _16 <- { _16 with current = ^ _15 }; assume { inv1 ( ^ _15) }; - _14 <- ([#"../red_black_tree.rs" 421 20 421 55] take0 _15); + [#"../red_black_tree.rs" 421 20 421 55] _14 <- ([#"../red_black_tree.rs" 421 20 421 55] take0 _15); _15 <- any borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)); goto BB2 } BB2 { assert { [@expl:type invariant] inv2 _16 }; assume { resolve1 _16 }; - x <- ([#"../red_black_tree.rs" 421 20 421 64] unwrap0 _14); + [#"../red_black_tree.rs" 421 20 421 64] x <- ([#"../red_black_tree.rs" 421 20 421 64] unwrap0 _14); _14 <- any Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v); goto BB3 } BB3 { - _19 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_left ( * self)); - self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node ( ^ _19) x1 x2 x3 x4) }; + [#"../red_black_tree.rs" 428 23 428 37] _19 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_left ( * self)); + [#"../red_black_tree.rs" 428 23 428 37] self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node ( ^ _19) x1 x2 x3 x4) }; assume { inv3 ( ^ _19) }; - _18 <- Borrow.borrow_mut ( * _19); - _19 <- { _19 with current = ^ _18 }; + [#"../red_black_tree.rs" 428 23 428 37] _18 <- Borrow.borrow_mut ( * _19); + [#"../red_black_tree.rs" 428 23 428 37] _19 <- { _19 with current = ^ _18 }; assume { inv3 ( ^ _18) }; - _21 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_right x); - x <- (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = x in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 ( ^ _21)); + [#"../red_black_tree.rs" 428 39 428 51] _21 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_right x); + [#"../red_black_tree.rs" 428 39 428 51] x <- (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = x in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 ( ^ _21)); assume { inv3 ( ^ _21) }; - _20 <- Borrow.borrow_mut ( * _21); - _21 <- { _21 with current = ^ _20 }; + [#"../red_black_tree.rs" 428 39 428 51] _20 <- Borrow.borrow_mut ( * _21); + [#"../red_black_tree.rs" 428 39 428 51] _21 <- { _21 with current = ^ _20 }; assume { inv3 ( ^ _20) }; - _17 <- ([#"../red_black_tree.rs" 428 8 428 52] swap0 _18 _20); + [#"../red_black_tree.rs" 428 8 428 52] _17 <- ([#"../red_black_tree.rs" 428 8 428 52] swap0 _18 _20); _18 <- any borrowed (RedBlackTree_Tree_Type.t_tree k v); _20 <- any borrowed (RedBlackTree_Tree_Type.t_tree k v); goto BB4 @@ -1570,16 +1571,16 @@ module RedBlackTree_Impl14_RotateRight assume { resolve2 _21 }; assert { [@expl:type invariant] inv4 _19 }; assume { resolve2 _19 }; - _23 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _23 }; + [#"../red_black_tree.rs" 434 23 434 27] _23 <- Borrow.borrow_mut ( * self); + [#"../red_black_tree.rs" 434 23 434 27] self <- { self with current = ^ _23 }; assume { inv5 ( ^ _23) }; - _25 <- Borrow.borrow_mut x; - x <- ^ _25; + [#"../red_black_tree.rs" 434 29 434 35] _25 <- Borrow.borrow_mut x; + [#"../red_black_tree.rs" 434 29 434 35] x <- ^ _25; assume { inv6 ( ^ _25) }; - _24 <- Borrow.borrow_mut ( * _25); - _25 <- { _25 with current = ^ _24 }; + [#"../red_black_tree.rs" 434 29 434 35] _24 <- Borrow.borrow_mut ( * _25); + [#"../red_black_tree.rs" 434 29 434 35] _25 <- { _25 with current = ^ _24 }; assume { inv5 ( ^ _24) }; - _22 <- ([#"../red_black_tree.rs" 434 8 434 36] swap1 _23 _24); + [#"../red_black_tree.rs" 434 8 434 36] _22 <- ([#"../red_black_tree.rs" 434 8 434 36] swap1 _23 _24); _23 <- any borrowed (RedBlackTree_Node_Type.t_node k v); _24 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB5 @@ -1587,15 +1588,15 @@ module RedBlackTree_Impl14_RotateRight BB5 { assert { [@expl:type invariant] inv7 _25 }; assume { resolve3 _25 }; - _28 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_color ( * self)); - self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node x0 ( ^ _28) x2 x3 x4) }; - _27 <- Borrow.borrow_mut ( * _28); - _28 <- { _28 with current = ^ _27 }; - _30 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_color x); - x <- (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = x in RedBlackTree_Node_Type.C_Node x0 ( ^ _30) x2 x3 x4); - _29 <- Borrow.borrow_mut ( * _30); - _30 <- { _30 with current = ^ _29 }; - _26 <- ([#"../red_black_tree.rs" 435 8 435 53] swap2 _27 _29); + [#"../red_black_tree.rs" 435 23 435 38] _28 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_color ( * self)); + [#"../red_black_tree.rs" 435 23 435 38] self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node x0 ( ^ _28) x2 x3 x4) }; + [#"../red_black_tree.rs" 435 23 435 38] _27 <- Borrow.borrow_mut ( * _28); + [#"../red_black_tree.rs" 435 23 435 38] _28 <- { _28 with current = ^ _27 }; + [#"../red_black_tree.rs" 435 40 435 52] _30 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_color x); + [#"../red_black_tree.rs" 435 40 435 52] x <- (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = x in RedBlackTree_Node_Type.C_Node x0 ( ^ _30) x2 x3 x4); + [#"../red_black_tree.rs" 435 40 435 52] _29 <- Borrow.borrow_mut ( * _30); + [#"../red_black_tree.rs" 435 40 435 52] _30 <- { _30 with current = ^ _29 }; + [#"../red_black_tree.rs" 435 8 435 53] _26 <- ([#"../red_black_tree.rs" 435 8 435 53] swap2 _27 _29); _27 <- any borrowed (RedBlackTree_Color_Type.t_color); _29 <- any borrowed (RedBlackTree_Color_Type.t_color); goto BB6 @@ -1613,8 +1614,8 @@ module RedBlackTree_Impl14_RotateRight goto BB9 } BB9 { - self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 ([#"../red_black_tree.rs" 442 21 442 43] RedBlackTree_Tree_Type.C_Tree ([#"../red_black_tree.rs" 442 34 442 41] Core_Option_Option_Type.C_Some x))) }; - x <- any RedBlackTree_Node_Type.t_node k v; + [#"../red_black_tree.rs" 442 8 442 18] self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 ([#"../red_black_tree.rs" 442 21 442 43] RedBlackTree_Tree_Type.C_Tree ([#"../red_black_tree.rs" 442 34 442 41] Core_Option_Option_Type.C_Some ([#"../red_black_tree.rs" 442 39 442 40] x)))) }; + [#"../red_black_tree.rs" 442 39 442 40] x <- any RedBlackTree_Node_Type.t_node k v; assert { [@expl:type invariant] inv3 (RedBlackTree_Node_Type.node_right ( * self)) }; assume { resolve5 (RedBlackTree_Node_Type.node_right ( * self)) }; assert { [@expl:type invariant] inv8 self }; @@ -1622,7 +1623,7 @@ module RedBlackTree_Impl14_RotateRight goto BB11 } BB11 { - _0 <- ([#"../red_black_tree.rs" 412 31 448 5] ()); + [#"../red_black_tree.rs" 412 31 448 5] _0 <- ([#"../red_black_tree.rs" 412 31 448 5] ()); goto BB12 } BB12 { @@ -1642,7 +1643,7 @@ module RedBlackTree_Impl14_RotateLeft val inv11 (_x : deep_model_ty0) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../red_black_tree.rs" 1 0 1 0] forall x : deep_model_ty0 . inv11 x = true + axiom inv11 : forall x : deep_model_ty0 . inv11 x = true predicate invariant10 (self : v) val invariant10 (self : v) : bool ensures { result = invariant10 self } @@ -1651,7 +1652,7 @@ module RedBlackTree_Impl14_RotateLeft val inv10 (_x : v) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../red_black_tree.rs" 1 0 1 0] forall x : v . inv10 x = true + axiom inv10 : forall x : v . inv10 x = true use RedBlackTree_Color_Type as RedBlackTree_Color_Type use prelude.Borrow predicate invariant9 (self : borrowed (RedBlackTree_Color_Type.t_color)) = @@ -1663,7 +1664,7 @@ module RedBlackTree_Impl14_RotateLeft val inv9 (_x : borrowed (RedBlackTree_Color_Type.t_color)) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Color_Type.t_color) . inv9 x = true + axiom inv9 : forall x : borrowed (RedBlackTree_Color_Type.t_color) . inv9 x = true use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type function cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering val cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering @@ -1762,7 +1763,7 @@ module RedBlackTree_Impl14_RotateLeft val inv8 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv8 x = true + axiom inv8 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv8 x = true predicate invariant7 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) val invariant7 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant7 self } @@ -1771,7 +1772,7 @@ module RedBlackTree_Impl14_RotateLeft val inv7 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv7 x = true + axiom inv7 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv7 x = true predicate invariant6 (self : RedBlackTree_Node_Type.t_node k v) val invariant6 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant6 self } @@ -1781,7 +1782,7 @@ module RedBlackTree_Impl14_RotateLeft ensures { result = inv6 _x } use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - axiom inv6 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv6 x = true + axiom inv6 : forall x : RedBlackTree_Node_Type.t_node k v . inv6 x = true predicate invariant5 (self : RedBlackTree_Node_Type.t_node k v) val invariant5 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant5 self } @@ -1790,7 +1791,7 @@ module RedBlackTree_Impl14_RotateLeft val inv5 (_x : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv5 x = true + axiom inv5 : forall x : RedBlackTree_Node_Type.t_node k v . inv5 x = true use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type predicate invariant4 (self : borrowed (RedBlackTree_Tree_Type.t_tree k v)) val invariant4 (self : borrowed (RedBlackTree_Tree_Type.t_tree k v)) : bool @@ -1800,7 +1801,7 @@ module RedBlackTree_Impl14_RotateLeft val inv4 (_x : borrowed (RedBlackTree_Tree_Type.t_tree k v)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Tree_Type.t_tree k v) . inv4 x = true + axiom inv4 : forall x : borrowed (RedBlackTree_Tree_Type.t_tree k v) . inv4 x = true predicate invariant3 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant3 (self : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = invariant3 self } @@ -1809,7 +1810,7 @@ module RedBlackTree_Impl14_RotateLeft val inv3 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv3 x = true + axiom inv3 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv3 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant2 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) val invariant2 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool @@ -1819,7 +1820,7 @@ module RedBlackTree_Impl14_RotateLeft val inv2 (_x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv2 x = true + axiom inv2 : forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv2 x = true predicate invariant1 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) val invariant1 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant1 self } @@ -1828,7 +1829,7 @@ module RedBlackTree_Impl14_RotateLeft val inv1 (_x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv1 x = true use prelude.Ghost predicate invariant0 (self : Ghost.ghost_ty (borrowed (RedBlackTree_Node_Type.t_node k v))) val invariant0 (self : Ghost.ghost_ty (borrowed (RedBlackTree_Node_Type.t_node k v))) : bool @@ -1838,7 +1839,7 @@ module RedBlackTree_Impl14_RotateLeft val inv0 (_x : Ghost.ghost_ty (borrowed (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Ghost.ghost_ty (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv0 x = true + axiom inv0 : forall x : Ghost.ghost_ty (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv0 x = true use prelude.Int function height1 [#"../red_black_tree.rs" 296 4 296 26] (self : RedBlackTree_Tree_Type.t_tree k v) : int = [#"../red_black_tree.rs" 298 12 306 13] match self with @@ -2054,43 +2055,43 @@ module RedBlackTree_Impl14_RotateLeft goto BB0 } BB0 { - old_self <- ([#"../red_black_tree.rs" 463 23 463 35] Ghost.new self); + [#"../red_black_tree.rs" 463 23 463 35] old_self <- ([#"../red_black_tree.rs" 463 23 463 35] Ghost.new self); goto BB1 } BB1 { assert { [@expl:type invariant] inv0 old_self }; assume { resolve0 old_self }; - _16 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_right ( * self))); - self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 (let RedBlackTree_Tree_Type.C_Tree x0 = RedBlackTree_Node_Type.node_right ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _16))) }; + [#"../red_black_tree.rs" 464 35 464 55] _16 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_right ( * self))); + [#"../red_black_tree.rs" 464 35 464 55] self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 (let RedBlackTree_Tree_Type.C_Tree x0 = RedBlackTree_Node_Type.node_right ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _16))) }; assume { inv1 ( ^ _16) }; - _15 <- Borrow.borrow_mut ( * _16); - _16 <- { _16 with current = ^ _15 }; + [#"../red_black_tree.rs" 464 35 464 55] _15 <- Borrow.borrow_mut ( * _16); + [#"../red_black_tree.rs" 464 35 464 55] _16 <- { _16 with current = ^ _15 }; assume { inv1 ( ^ _15) }; - _14 <- ([#"../red_black_tree.rs" 464 20 464 56] take0 _15); + [#"../red_black_tree.rs" 464 20 464 56] _14 <- ([#"../red_black_tree.rs" 464 20 464 56] take0 _15); _15 <- any borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)); goto BB2 } BB2 { assert { [@expl:type invariant] inv2 _16 }; assume { resolve1 _16 }; - x <- ([#"../red_black_tree.rs" 464 20 464 65] unwrap0 _14); + [#"../red_black_tree.rs" 464 20 464 65] x <- ([#"../red_black_tree.rs" 464 20 464 65] unwrap0 _14); _14 <- any Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v); goto BB3 } BB3 { - _19 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_right ( * self)); - self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 ( ^ _19)) }; + [#"../red_black_tree.rs" 465 23 465 38] _19 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_right ( * self)); + [#"../red_black_tree.rs" 465 23 465 38] self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 ( ^ _19)) }; assume { inv3 ( ^ _19) }; - _18 <- Borrow.borrow_mut ( * _19); - _19 <- { _19 with current = ^ _18 }; + [#"../red_black_tree.rs" 465 23 465 38] _18 <- Borrow.borrow_mut ( * _19); + [#"../red_black_tree.rs" 465 23 465 38] _19 <- { _19 with current = ^ _18 }; assume { inv3 ( ^ _18) }; - _21 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_left x); - x <- (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = x in RedBlackTree_Node_Type.C_Node ( ^ _21) x1 x2 x3 x4); + [#"../red_black_tree.rs" 465 40 465 51] _21 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_left x); + [#"../red_black_tree.rs" 465 40 465 51] x <- (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = x in RedBlackTree_Node_Type.C_Node ( ^ _21) x1 x2 x3 x4); assume { inv3 ( ^ _21) }; - _20 <- Borrow.borrow_mut ( * _21); - _21 <- { _21 with current = ^ _20 }; + [#"../red_black_tree.rs" 465 40 465 51] _20 <- Borrow.borrow_mut ( * _21); + [#"../red_black_tree.rs" 465 40 465 51] _21 <- { _21 with current = ^ _20 }; assume { inv3 ( ^ _20) }; - _17 <- ([#"../red_black_tree.rs" 465 8 465 52] swap0 _18 _20); + [#"../red_black_tree.rs" 465 8 465 52] _17 <- ([#"../red_black_tree.rs" 465 8 465 52] swap0 _18 _20); _18 <- any borrowed (RedBlackTree_Tree_Type.t_tree k v); _20 <- any borrowed (RedBlackTree_Tree_Type.t_tree k v); goto BB4 @@ -2100,16 +2101,16 @@ module RedBlackTree_Impl14_RotateLeft assume { resolve2 _21 }; assert { [@expl:type invariant] inv4 _19 }; assume { resolve2 _19 }; - _23 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _23 }; + [#"../red_black_tree.rs" 466 23 466 27] _23 <- Borrow.borrow_mut ( * self); + [#"../red_black_tree.rs" 466 23 466 27] self <- { self with current = ^ _23 }; assume { inv5 ( ^ _23) }; - _25 <- Borrow.borrow_mut x; - x <- ^ _25; + [#"../red_black_tree.rs" 466 29 466 35] _25 <- Borrow.borrow_mut x; + [#"../red_black_tree.rs" 466 29 466 35] x <- ^ _25; assume { inv6 ( ^ _25) }; - _24 <- Borrow.borrow_mut ( * _25); - _25 <- { _25 with current = ^ _24 }; + [#"../red_black_tree.rs" 466 29 466 35] _24 <- Borrow.borrow_mut ( * _25); + [#"../red_black_tree.rs" 466 29 466 35] _25 <- { _25 with current = ^ _24 }; assume { inv5 ( ^ _24) }; - _22 <- ([#"../red_black_tree.rs" 466 8 466 36] swap1 _23 _24); + [#"../red_black_tree.rs" 466 8 466 36] _22 <- ([#"../red_black_tree.rs" 466 8 466 36] swap1 _23 _24); _23 <- any borrowed (RedBlackTree_Node_Type.t_node k v); _24 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB5 @@ -2117,15 +2118,15 @@ module RedBlackTree_Impl14_RotateLeft BB5 { assert { [@expl:type invariant] inv7 _25 }; assume { resolve3 _25 }; - _28 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_color ( * self)); - self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node x0 ( ^ _28) x2 x3 x4) }; - _27 <- Borrow.borrow_mut ( * _28); - _28 <- { _28 with current = ^ _27 }; - _30 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_color x); - x <- (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = x in RedBlackTree_Node_Type.C_Node x0 ( ^ _30) x2 x3 x4); - _29 <- Borrow.borrow_mut ( * _30); - _30 <- { _30 with current = ^ _29 }; - _26 <- ([#"../red_black_tree.rs" 467 8 467 53] swap2 _27 _29); + [#"../red_black_tree.rs" 467 23 467 38] _28 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_color ( * self)); + [#"../red_black_tree.rs" 467 23 467 38] self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node x0 ( ^ _28) x2 x3 x4) }; + [#"../red_black_tree.rs" 467 23 467 38] _27 <- Borrow.borrow_mut ( * _28); + [#"../red_black_tree.rs" 467 23 467 38] _28 <- { _28 with current = ^ _27 }; + [#"../red_black_tree.rs" 467 40 467 52] _30 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_color x); + [#"../red_black_tree.rs" 467 40 467 52] x <- (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = x in RedBlackTree_Node_Type.C_Node x0 ( ^ _30) x2 x3 x4); + [#"../red_black_tree.rs" 467 40 467 52] _29 <- Borrow.borrow_mut ( * _30); + [#"../red_black_tree.rs" 467 40 467 52] _30 <- { _30 with current = ^ _29 }; + [#"../red_black_tree.rs" 467 8 467 53] _26 <- ([#"../red_black_tree.rs" 467 8 467 53] swap2 _27 _29); _27 <- any borrowed (RedBlackTree_Color_Type.t_color); _29 <- any borrowed (RedBlackTree_Color_Type.t_color); goto BB6 @@ -2143,8 +2144,8 @@ module RedBlackTree_Impl14_RotateLeft goto BB9 } BB9 { - self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node ([#"../red_black_tree.rs" 469 20 469 42] RedBlackTree_Tree_Type.C_Tree ([#"../red_black_tree.rs" 469 33 469 40] Core_Option_Option_Type.C_Some x)) x1 x2 x3 x4) }; - x <- any RedBlackTree_Node_Type.t_node k v; + [#"../red_black_tree.rs" 469 8 469 17] self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node ([#"../red_black_tree.rs" 469 20 469 42] RedBlackTree_Tree_Type.C_Tree ([#"../red_black_tree.rs" 469 33 469 40] Core_Option_Option_Type.C_Some ([#"../red_black_tree.rs" 469 38 469 39] x))) x1 x2 x3 x4) }; + [#"../red_black_tree.rs" 469 38 469 39] x <- any RedBlackTree_Node_Type.t_node k v; assert { [@expl:type invariant] inv3 (RedBlackTree_Node_Type.node_left ( * self)) }; assume { resolve5 (RedBlackTree_Node_Type.node_left ( * self)) }; assert { [@expl:type invariant] inv8 self }; @@ -2152,7 +2153,7 @@ module RedBlackTree_Impl14_RotateLeft goto BB11 } BB11 { - _0 <- ([#"../red_black_tree.rs" 462 30 470 5] ()); + [#"../red_black_tree.rs" 462 30 470 5] _0 <- ([#"../red_black_tree.rs" 462 30 470 5] ()); goto BB12 } BB12 { @@ -2266,12 +2267,12 @@ module RedBlackTree_Impl14_FlipColors val inv10 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv10 x = true + axiom inv10 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv10 x = true predicate invariant9 (self : deep_model_ty0) val invariant9 (self : deep_model_ty0) : bool ensures { result = invariant9 self } - axiom inv9 : [#"../red_black_tree.rs" 1 0 1 0] forall x : deep_model_ty0 . inv9 x = true + axiom inv9 : forall x : deep_model_ty0 . inv9 x = true predicate invariant8 (self : v) val invariant8 (self : v) : bool ensures { result = invariant8 self } @@ -2280,7 +2281,7 @@ module RedBlackTree_Impl14_FlipColors val inv8 (_x : v) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../red_black_tree.rs" 1 0 1 0] forall x : v . inv8 x = true + axiom inv8 : forall x : v . inv8 x = true use RedBlackTree_Node_Type as RedBlackTree_Node_Type predicate invariant7 (self : RedBlackTree_Node_Type.t_node k v) val invariant7 (self : RedBlackTree_Node_Type.t_node k v) : bool @@ -2290,7 +2291,7 @@ module RedBlackTree_Impl14_FlipColors val inv7 (_x : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv7 x = true + axiom inv7 : forall x : RedBlackTree_Node_Type.t_node k v . inv7 x = true use RedBlackTree_Color_Type as RedBlackTree_Color_Type use prelude.Borrow predicate invariant6 (self : borrowed (RedBlackTree_Color_Type.t_color)) = @@ -2302,7 +2303,7 @@ module RedBlackTree_Impl14_FlipColors val inv6 (_x : borrowed (RedBlackTree_Color_Type.t_color)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Color_Type.t_color) . inv6 x = true + axiom inv6 : forall x : borrowed (RedBlackTree_Color_Type.t_color) . inv6 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant5 (self : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v))) val invariant5 (self : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v))) : bool @@ -2312,7 +2313,7 @@ module RedBlackTree_Impl14_FlipColors val inv5 (_x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv5 x = true + axiom inv5 : forall x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv5 x = true predicate invariant4 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) val invariant4 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = invariant4 self } @@ -2321,7 +2322,7 @@ module RedBlackTree_Impl14_FlipColors val inv4 (_x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv4 x = true + axiom inv4 : forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv4 x = true predicate invariant3 (self : RedBlackTree_Node_Type.t_node k v) val invariant3 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant3 self } @@ -2331,7 +2332,7 @@ module RedBlackTree_Impl14_FlipColors ensures { result = inv3 _x } use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - axiom inv3 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv3 x = true + axiom inv3 : forall x : RedBlackTree_Node_Type.t_node k v . inv3 x = true predicate invariant2 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) val invariant2 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant2 self } @@ -2340,7 +2341,7 @@ module RedBlackTree_Impl14_FlipColors val inv2 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv2 x = true + axiom inv2 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv2 x = true predicate invariant1 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) val invariant1 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant1 self } @@ -2349,7 +2350,7 @@ module RedBlackTree_Impl14_FlipColors val inv1 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv1 x = true + axiom inv1 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv1 x = true predicate invariant0 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) val invariant0 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant0 self } @@ -2358,7 +2359,7 @@ module RedBlackTree_Impl14_FlipColors val inv0 (_x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv0 x = true function deep_model0 (self : k) : deep_model_ty0 val deep_model0 (self : k) : deep_model_ty0 ensures { result = deep_model0 self } @@ -2530,44 +2531,44 @@ module RedBlackTree_Impl14_FlipColors goto BB0 } BB0 { - _15 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_left ( * self))); - self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node (let RedBlackTree_Tree_Type.C_Tree x0 = RedBlackTree_Node_Type.node_left ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _15)) x1 x2 x3 x4) }; + [#"../red_black_tree.rs" 487 8 487 31] _15 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_left ( * self))); + [#"../red_black_tree.rs" 487 8 487 31] self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node (let RedBlackTree_Tree_Type.C_Tree x0 = RedBlackTree_Node_Type.node_left ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _15)) x1 x2 x3 x4) }; assume { inv0 ( ^ _15) }; - _14 <- ([#"../red_black_tree.rs" 487 8 487 31] as_mut0 _15); + [#"../red_black_tree.rs" 487 8 487 31] _14 <- ([#"../red_black_tree.rs" 487 8 487 31] as_mut0 _15); _15 <- any borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)); goto BB1 } BB1 { - _13 <- ([#"../red_black_tree.rs" 487 8 487 40] unwrap0 _14); + [#"../red_black_tree.rs" 487 8 487 40] _13 <- ([#"../red_black_tree.rs" 487 8 487 40] unwrap0 _14); _14 <- any Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)); goto BB2 } BB2 { - _13 <- { _13 with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * _13 in RedBlackTree_Node_Type.C_Node x0 (RedBlackTree_Node_Type.node_color ( * self)) x2 x3 x4) }; + [#"../red_black_tree.rs" 487 8 487 59] _13 <- { _13 with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * _13 in RedBlackTree_Node_Type.C_Node x0 ([#"../red_black_tree.rs" 487 49 487 59] RedBlackTree_Node_Type.node_color ( * self)) x2 x3 x4) }; assert { [@expl:type invariant] inv1 _13 }; assume { resolve0 _13 }; - _18 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_color ( * self)); - self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node x0 ( ^ _18) x2 x3 x4) }; - _17 <- Borrow.borrow_mut ( * _18); - _18 <- { _18 with current = ^ _17 }; - _23 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_right ( * self))); - self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 (let RedBlackTree_Tree_Type.C_Tree x0 = RedBlackTree_Node_Type.node_right ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _23))) }; + [#"../red_black_tree.rs" 488 23 488 38] _18 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_color ( * self)); + [#"../red_black_tree.rs" 488 23 488 38] self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node x0 ( ^ _18) x2 x3 x4) }; + [#"../red_black_tree.rs" 488 23 488 38] _17 <- Borrow.borrow_mut ( * _18); + [#"../red_black_tree.rs" 488 23 488 38] _18 <- { _18 with current = ^ _17 }; + [#"../red_black_tree.rs" 488 45 488 69] _23 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_right ( * self))); + [#"../red_black_tree.rs" 488 45 488 69] self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 (let RedBlackTree_Tree_Type.C_Tree x0 = RedBlackTree_Node_Type.node_right ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _23))) }; assume { inv0 ( ^ _23) }; - _22 <- ([#"../red_black_tree.rs" 488 45 488 69] as_mut0 _23); + [#"../red_black_tree.rs" 488 45 488 69] _22 <- ([#"../red_black_tree.rs" 488 45 488 69] as_mut0 _23); _23 <- any borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)); goto BB3 } BB3 { - _21 <- ([#"../red_black_tree.rs" 488 45 488 78] unwrap0 _22); + [#"../red_black_tree.rs" 488 45 488 78] _21 <- ([#"../red_black_tree.rs" 488 45 488 78] unwrap0 _22); _22 <- any Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)); goto BB4 } BB4 { - _20 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_color ( * _21)); - _21 <- { _21 with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * _21 in RedBlackTree_Node_Type.C_Node x0 ( ^ _20) x2 x3 x4) }; - _19 <- Borrow.borrow_mut ( * _20); - _20 <- { _20 with current = ^ _19 }; - _16 <- ([#"../red_black_tree.rs" 488 8 488 85] swap0 _17 _19); + [#"../red_black_tree.rs" 488 40 488 84] _20 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_color ( * _21)); + [#"../red_black_tree.rs" 488 40 488 84] _21 <- { _21 with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * _21 in RedBlackTree_Node_Type.C_Node x0 ( ^ _20) x2 x3 x4) }; + [#"../red_black_tree.rs" 488 40 488 84] _19 <- Borrow.borrow_mut ( * _20); + [#"../red_black_tree.rs" 488 40 488 84] _20 <- { _20 with current = ^ _19 }; + [#"../red_black_tree.rs" 488 8 488 85] _16 <- ([#"../red_black_tree.rs" 488 8 488 85] swap0 _17 _19); _17 <- any borrowed (RedBlackTree_Color_Type.t_color); _19 <- any borrowed (RedBlackTree_Color_Type.t_color); goto BB5 @@ -2579,7 +2580,7 @@ module RedBlackTree_Impl14_FlipColors assume { resolve1 _18 }; assert { [@expl:type invariant] inv2 self }; assume { resolve2 self }; - _0 <- ([#"../red_black_tree.rs" 486 30 489 5] ()); + [#"../red_black_tree.rs" 486 30 489 5] _0 <- ([#"../red_black_tree.rs" 486 30 489 5] ()); return _0 } @@ -2596,7 +2597,7 @@ module RedBlackTree_Impl14_Balance val inv9 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv9 x = true + axiom inv9 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv9 x = true type deep_model_ty0 predicate invariant8 (self : deep_model_ty0) val invariant8 (self : deep_model_ty0) : bool @@ -2606,7 +2607,7 @@ module RedBlackTree_Impl14_Balance val inv8 (_x : deep_model_ty0) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../red_black_tree.rs" 1 0 1 0] forall x : deep_model_ty0 . inv8 x = true + axiom inv8 : forall x : deep_model_ty0 . inv8 x = true predicate invariant7 (self : v) val invariant7 (self : v) : bool ensures { result = invariant7 self } @@ -2615,7 +2616,7 @@ module RedBlackTree_Impl14_Balance val inv7 (_x : v) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../red_black_tree.rs" 1 0 1 0] forall x : v . inv7 x = true + axiom inv7 : forall x : v . inv7 x = true use RedBlackTree_Node_Type as RedBlackTree_Node_Type use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant6 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) @@ -2626,7 +2627,7 @@ module RedBlackTree_Impl14_Balance val inv6 (_x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv6 x = true + axiom inv6 : forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv6 x = true predicate invariant5 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) val invariant5 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant5 self } @@ -2635,7 +2636,7 @@ module RedBlackTree_Impl14_Balance val inv5 (_x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv5 x = true + axiom inv5 : forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv5 x = true predicate invariant4 (self : RedBlackTree_Node_Type.t_node k v) val invariant4 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant4 self } @@ -2645,7 +2646,7 @@ module RedBlackTree_Impl14_Balance ensures { result = inv4 _x } use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - axiom inv4 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv4 x = true + axiom inv4 : forall x : RedBlackTree_Node_Type.t_node k v . inv4 x = true use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type function cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering val cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering @@ -2743,7 +2744,7 @@ module RedBlackTree_Impl14_Balance val inv3 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv3 x = true + axiom inv3 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv3 x = true use prelude.Borrow predicate invariant2 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) val invariant2 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool @@ -2753,7 +2754,7 @@ module RedBlackTree_Impl14_Balance val inv2 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv2 x = true + axiom inv2 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv2 x = true predicate invariant1 (self : RedBlackTree_Node_Type.t_node k v) val invariant1 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant1 self } @@ -2762,7 +2763,7 @@ module RedBlackTree_Impl14_Balance val inv1 (_x : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv1 x = true + axiom inv1 : forall x : RedBlackTree_Node_Type.t_node k v . inv1 x = true predicate invariant0 (self : RedBlackTree_Node_Type.t_node k v) val invariant0 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant0 self } @@ -2771,7 +2772,7 @@ module RedBlackTree_Impl14_Balance val inv0 (_x : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv0 x = true + axiom inv0 : forall x : RedBlackTree_Node_Type.t_node k v . inv0 x = true use RedBlackTree_Color_Type as RedBlackTree_Color_Type function color0 [#"../red_black_tree.rs" 256 4 256 27] (self : RedBlackTree_Tree_Type.t_tree k v) : RedBlackTree_Color_Type.t_color @@ -3029,15 +3030,15 @@ module RedBlackTree_Impl14_Balance goto BB0 } BB0 { - _16 <- ([#"../red_black_tree.rs" 511 11 511 30] is_red0 ([#"../red_black_tree.rs" 511 11 511 30] RedBlackTree_Node_Type.node_right ( * self))); + [#"../red_black_tree.rs" 511 11 511 30] _16 <- ([#"../red_black_tree.rs" 511 11 511 30] is_red0 ([#"../red_black_tree.rs" 511 11 511 30] RedBlackTree_Node_Type.node_right ( * self))); goto BB4 } BB1 { - _15 <- ([#"../red_black_tree.rs" 511 11 511 53] [#"../red_black_tree.rs" 511 11 511 53] false); + [#"../red_black_tree.rs" 511 11 511 53] _15 <- ([#"../red_black_tree.rs" 511 11 511 53] [#"../red_black_tree.rs" 511 11 511 53] false); goto BB3 } BB2 { - _19 <- ([#"../red_black_tree.rs" 511 35 511 53] is_red0 ([#"../red_black_tree.rs" 511 35 511 53] RedBlackTree_Node_Type.node_left ( * self))); + [#"../red_black_tree.rs" 511 35 511 53] _19 <- ([#"../red_black_tree.rs" 511 35 511 53] is_red0 ([#"../red_black_tree.rs" 511 35 511 53] RedBlackTree_Node_Type.node_left ( * self))); goto BB5 } BB3 { @@ -3053,36 +3054,36 @@ module RedBlackTree_Impl14_Balance end } BB5 { - _15 <- ([#"../red_black_tree.rs" 511 34 511 53] not _19); + [#"../red_black_tree.rs" 511 11 511 53] _15 <- ([#"../red_black_tree.rs" 511 34 511 53] not _19); _19 <- any bool; goto BB3 } BB6 { - _22 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _22 }; + [#"../red_black_tree.rs" 512 12 512 30] _22 <- Borrow.borrow_mut ( * self); + [#"../red_black_tree.rs" 512 12 512 30] self <- { self with current = ^ _22 }; assume { inv0 ( ^ _22) }; - _21 <- ([#"../red_black_tree.rs" 512 12 512 30] rotate_left0 _22); + [#"../red_black_tree.rs" 512 12 512 30] _21 <- ([#"../red_black_tree.rs" 512 12 512 30] rotate_left0 _22); _22 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB7 } BB7 { - _14 <- ([#"../red_black_tree.rs" 511 54 513 9] ()); + [#"../red_black_tree.rs" 511 54 513 9] _14 <- ([#"../red_black_tree.rs" 511 54 513 9] ()); goto BB9 } BB8 { - _14 <- ([#"../red_black_tree.rs" 513 9 513 9] ()); + [#"../red_black_tree.rs" 513 9 513 9] _14 <- ([#"../red_black_tree.rs" 513 9 513 9] ()); goto BB9 } BB9 { - _25 <- ([#"../red_black_tree.rs" 515 11 515 29] is_red0 ([#"../red_black_tree.rs" 515 11 515 29] RedBlackTree_Node_Type.node_left ( * self))); + [#"../red_black_tree.rs" 515 11 515 29] _25 <- ([#"../red_black_tree.rs" 515 11 515 29] is_red0 ([#"../red_black_tree.rs" 515 11 515 29] RedBlackTree_Node_Type.node_left ( * self))); goto BB13 } BB10 { - _24 <- ([#"../red_black_tree.rs" 515 11 515 79] [#"../red_black_tree.rs" 515 11 515 79] false); + [#"../red_black_tree.rs" 515 11 515 79] _24 <- ([#"../red_black_tree.rs" 515 11 515 79] [#"../red_black_tree.rs" 515 11 515 79] false); goto BB12 } BB11 { - _30 <- ([#"../red_black_tree.rs" 515 33 515 56] as_ref0 ([#"../red_black_tree.rs" 515 33 515 56] RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_left ( * self)))); + [#"../red_black_tree.rs" 515 33 515 56] _30 <- ([#"../red_black_tree.rs" 515 33 515 56] as_ref0 ([#"../red_black_tree.rs" 515 33 515 56] RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_left ( * self)))); goto BB14 } BB12 { @@ -3098,47 +3099,47 @@ module RedBlackTree_Impl14_Balance end } BB14 { - _29 <- ([#"../red_black_tree.rs" 515 33 515 65] unwrap0 _30); + [#"../red_black_tree.rs" 515 33 515 65] _29 <- ([#"../red_black_tree.rs" 515 33 515 65] unwrap0 _30); _30 <- any Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v); goto BB15 } BB15 { assert { [@expl:type invariant] inv1 _29 }; assume { resolve0 _29 }; - _27 <- ([#"../red_black_tree.rs" 515 33 515 79] is_red0 ([#"../red_black_tree.rs" 515 33 515 79] RedBlackTree_Node_Type.node_left _29)); + [#"../red_black_tree.rs" 515 33 515 79] _27 <- ([#"../red_black_tree.rs" 515 33 515 79] is_red0 ([#"../red_black_tree.rs" 515 33 515 79] RedBlackTree_Node_Type.node_left _29)); goto BB16 } BB16 { - _24 <- _27; - _27 <- any bool; + [#"../red_black_tree.rs" 515 11 515 79] _24 <- ([#"../red_black_tree.rs" 515 11 515 79] _27); + [#"../red_black_tree.rs" 515 11 515 79] _27 <- any bool; goto BB12 } BB17 { - _33 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _33 }; + [#"../red_black_tree.rs" 516 12 516 31] _33 <- Borrow.borrow_mut ( * self); + [#"../red_black_tree.rs" 516 12 516 31] self <- { self with current = ^ _33 }; assume { inv0 ( ^ _33) }; - _32 <- ([#"../red_black_tree.rs" 516 12 516 31] rotate_right0 _33); + [#"../red_black_tree.rs" 516 12 516 31] _32 <- ([#"../red_black_tree.rs" 516 12 516 31] rotate_right0 _33); _33 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB18 } BB18 { - _23 <- ([#"../red_black_tree.rs" 515 80 517 9] ()); + [#"../red_black_tree.rs" 515 80 517 9] _23 <- ([#"../red_black_tree.rs" 515 80 517 9] ()); goto BB20 } BB19 { - _23 <- ([#"../red_black_tree.rs" 517 9 517 9] ()); + [#"../red_black_tree.rs" 517 9 517 9] _23 <- ([#"../red_black_tree.rs" 517 9 517 9] ()); goto BB20 } BB20 { - _35 <- ([#"../red_black_tree.rs" 519 11 519 29] is_red0 ([#"../red_black_tree.rs" 519 11 519 29] RedBlackTree_Node_Type.node_left ( * self))); + [#"../red_black_tree.rs" 519 11 519 29] _35 <- ([#"../red_black_tree.rs" 519 11 519 29] is_red0 ([#"../red_black_tree.rs" 519 11 519 29] RedBlackTree_Node_Type.node_left ( * self))); goto BB24 } BB21 { - _34 <- ([#"../red_black_tree.rs" 519 11 519 52] [#"../red_black_tree.rs" 519 11 519 52] false); + [#"../red_black_tree.rs" 519 11 519 52] _34 <- ([#"../red_black_tree.rs" 519 11 519 52] [#"../red_black_tree.rs" 519 11 519 52] false); goto BB23 } BB22 { - _37 <- ([#"../red_black_tree.rs" 519 33 519 52] is_red0 ([#"../red_black_tree.rs" 519 33 519 52] RedBlackTree_Node_Type.node_right ( * self))); + [#"../red_black_tree.rs" 519 33 519 52] _37 <- ([#"../red_black_tree.rs" 519 33 519 52] is_red0 ([#"../red_black_tree.rs" 519 33 519 52] RedBlackTree_Node_Type.node_right ( * self))); goto BB25 } BB23 { @@ -3154,28 +3155,28 @@ module RedBlackTree_Impl14_Balance end } BB25 { - _34 <- _37; - _37 <- any bool; + [#"../red_black_tree.rs" 519 11 519 52] _34 <- ([#"../red_black_tree.rs" 519 11 519 52] _37); + [#"../red_black_tree.rs" 519 11 519 52] _37 <- any bool; goto BB23 } BB26 { - _40 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _40 }; + [#"../red_black_tree.rs" 520 12 520 30] _40 <- Borrow.borrow_mut ( * self); + [#"../red_black_tree.rs" 520 12 520 30] self <- { self with current = ^ _40 }; assume { inv0 ( ^ _40) }; - _39 <- ([#"../red_black_tree.rs" 520 12 520 30] flip_colors0 _40); + [#"../red_black_tree.rs" 520 12 520 30] _39 <- ([#"../red_black_tree.rs" 520 12 520 30] flip_colors0 _40); _40 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB27 } BB27 { assert { [@expl:type invariant] inv2 self }; assume { resolve1 self }; - _0 <- ([#"../red_black_tree.rs" 519 53 521 9] ()); + [#"../red_black_tree.rs" 519 53 521 9] _0 <- ([#"../red_black_tree.rs" 519 53 521 9] ()); goto BB29 } BB28 { assert { [@expl:type invariant] inv2 self }; assume { resolve1 self }; - _0 <- ([#"../red_black_tree.rs" 521 9 521 9] ()); + [#"../red_black_tree.rs" 521 9 521 9] _0 <- ([#"../red_black_tree.rs" 521 9 521 9] ()); goto BB29 } BB29 { @@ -3195,7 +3196,7 @@ module RedBlackTree_Impl14_MoveRedLeft val inv10 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv10 x = true + axiom inv10 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv10 x = true predicate invariant9 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant9 (self : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = invariant9 self } @@ -3204,7 +3205,7 @@ module RedBlackTree_Impl14_MoveRedLeft val inv9 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv9 x = true + axiom inv9 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv9 x = true use RedBlackTree_Node_Type as RedBlackTree_Node_Type use prelude.Borrow use Core_Option_Option_Type as Core_Option_Option_Type @@ -3216,7 +3217,7 @@ module RedBlackTree_Impl14_MoveRedLeft val inv8 (_x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv8 x = true + axiom inv8 : forall x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv8 x = true predicate invariant7 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) val invariant7 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = invariant7 self } @@ -3225,7 +3226,7 @@ module RedBlackTree_Impl14_MoveRedLeft val inv7 (_x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv7 x = true + axiom inv7 : forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv7 x = true predicate invariant6 (self : RedBlackTree_Node_Type.t_node k v) val invariant6 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant6 self } @@ -3235,7 +3236,7 @@ module RedBlackTree_Impl14_MoveRedLeft ensures { result = inv6 _x } use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - axiom inv6 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv6 x = true + axiom inv6 : forall x : RedBlackTree_Node_Type.t_node k v . inv6 x = true use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type type deep_model_ty0 function cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering @@ -3334,7 +3335,7 @@ module RedBlackTree_Impl14_MoveRedLeft val invariant5 (self : deep_model_ty0) : bool ensures { result = invariant5 self } - axiom inv5 : [#"../red_black_tree.rs" 1 0 1 0] forall x : deep_model_ty0 . inv5 x = true + axiom inv5 : forall x : deep_model_ty0 . inv5 x = true predicate invariant4 (self : v) val invariant4 (self : v) : bool ensures { result = invariant4 self } @@ -3343,7 +3344,7 @@ module RedBlackTree_Impl14_MoveRedLeft val inv4 (_x : v) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../red_black_tree.rs" 1 0 1 0] forall x : v . inv4 x = true + axiom inv4 : forall x : v . inv4 x = true predicate invariant3 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) val invariant3 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant3 self } @@ -3352,7 +3353,7 @@ module RedBlackTree_Impl14_MoveRedLeft val inv3 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv3 x = true + axiom inv3 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv3 x = true predicate invariant2 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) val invariant2 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant2 self } @@ -3361,7 +3362,7 @@ module RedBlackTree_Impl14_MoveRedLeft val inv2 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv2 x = true + axiom inv2 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv2 x = true predicate invariant1 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) val invariant1 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant1 self } @@ -3370,7 +3371,7 @@ module RedBlackTree_Impl14_MoveRedLeft val inv1 (_x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv1 x = true predicate invariant0 (self : RedBlackTree_Node_Type.t_node k v) val invariant0 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant0 self } @@ -3379,7 +3380,7 @@ module RedBlackTree_Impl14_MoveRedLeft val inv0 (_x : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv0 x = true + axiom inv0 : forall x : RedBlackTree_Node_Type.t_node k v . inv0 x = true use RedBlackTree_Color_Type as RedBlackTree_Color_Type function color0 [#"../red_black_tree.rs" 256 4 256 27] (self : RedBlackTree_Tree_Type.t_tree k v) : RedBlackTree_Color_Type.t_color @@ -3638,28 +3639,28 @@ module RedBlackTree_Impl14_MoveRedLeft goto BB0 } BB0 { - _16 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _16 }; + [#"../red_black_tree.rs" 543 8 543 26] _16 <- Borrow.borrow_mut ( * self); + [#"../red_black_tree.rs" 543 8 543 26] self <- { self with current = ^ _16 }; assume { inv0 ( ^ _16) }; - _15 <- ([#"../red_black_tree.rs" 543 8 543 26] flip_colors0 _16); + [#"../red_black_tree.rs" 543 8 543 26] _15 <- ([#"../red_black_tree.rs" 543 8 543 26] flip_colors0 _16); _16 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB1 } BB1 { - _22 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_right ( * self))); - self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 (let RedBlackTree_Tree_Type.C_Tree x0 = RedBlackTree_Node_Type.node_right ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _22))) }; + [#"../red_black_tree.rs" 544 11 544 35] _22 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_right ( * self))); + [#"../red_black_tree.rs" 544 11 544 35] self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 (let RedBlackTree_Tree_Type.C_Tree x0 = RedBlackTree_Node_Type.node_right ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _22))) }; assume { inv1 ( ^ _22) }; - _21 <- ([#"../red_black_tree.rs" 544 11 544 35] as_mut0 _22); + [#"../red_black_tree.rs" 544 11 544 35] _21 <- ([#"../red_black_tree.rs" 544 11 544 35] as_mut0 _22); _22 <- any borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)); goto BB2 } BB2 { - _20 <- ([#"../red_black_tree.rs" 544 11 544 44] unwrap0 _21); + [#"../red_black_tree.rs" 544 11 544 44] _20 <- ([#"../red_black_tree.rs" 544 11 544 44] unwrap0 _21); _21 <- any Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)); goto BB3 } BB3 { - _18 <- ([#"../red_black_tree.rs" 544 11 544 58] is_red0 ([#"../red_black_tree.rs" 544 11 544 58] RedBlackTree_Node_Type.node_left ( * _20))); + [#"../red_black_tree.rs" 544 11 544 58] _18 <- ([#"../red_black_tree.rs" 544 11 544 58] is_red0 ([#"../red_black_tree.rs" 544 11 544 58] RedBlackTree_Node_Type.node_left ( * _20))); goto BB4 } BB4 { @@ -3671,68 +3672,68 @@ module RedBlackTree_Impl14_MoveRedLeft end } BB5 { - _28 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_right ( * self))); - self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 (let RedBlackTree_Tree_Type.C_Tree x0 = RedBlackTree_Node_Type.node_right ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _28))) }; + [#"../red_black_tree.rs" 545 12 545 36] _28 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_right ( * self))); + [#"../red_black_tree.rs" 545 12 545 36] self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 (let RedBlackTree_Tree_Type.C_Tree x0 = RedBlackTree_Node_Type.node_right ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _28))) }; assume { inv1 ( ^ _28) }; - _27 <- ([#"../red_black_tree.rs" 545 12 545 36] as_mut0 _28); + [#"../red_black_tree.rs" 545 12 545 36] _27 <- ([#"../red_black_tree.rs" 545 12 545 36] as_mut0 _28); _28 <- any borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)); goto BB6 } BB6 { - _26 <- ([#"../red_black_tree.rs" 545 12 545 45] unwrap0 _27); + [#"../red_black_tree.rs" 545 12 545 45] _26 <- ([#"../red_black_tree.rs" 545 12 545 45] unwrap0 _27); _27 <- any Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)); goto BB7 } BB7 { - _25 <- Borrow.borrow_mut ( * _26); - _26 <- { _26 with current = ^ _25 }; + [#"../red_black_tree.rs" 545 12 545 60] _25 <- Borrow.borrow_mut ( * _26); + [#"../red_black_tree.rs" 545 12 545 60] _26 <- { _26 with current = ^ _25 }; assume { inv0 ( ^ _25) }; - _24 <- ([#"../red_black_tree.rs" 545 12 545 60] rotate_right0 _25); + [#"../red_black_tree.rs" 545 12 545 60] _24 <- ([#"../red_black_tree.rs" 545 12 545 60] rotate_right0 _25); _25 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB8 } BB8 { assert { [@expl:type invariant] inv2 _26 }; assume { resolve0 _26 }; - _30 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _30 }; + [#"../red_black_tree.rs" 546 12 546 30] _30 <- Borrow.borrow_mut ( * self); + [#"../red_black_tree.rs" 546 12 546 30] self <- { self with current = ^ _30 }; assume { inv0 ( ^ _30) }; - _29 <- ([#"../red_black_tree.rs" 546 12 546 30] rotate_left0 _30); + [#"../red_black_tree.rs" 546 12 546 30] _29 <- ([#"../red_black_tree.rs" 546 12 546 30] rotate_left0 _30); _30 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB9 } BB9 { - _32 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _32 }; + [#"../red_black_tree.rs" 547 12 547 30] _32 <- Borrow.borrow_mut ( * self); + [#"../red_black_tree.rs" 547 12 547 30] self <- { self with current = ^ _32 }; assume { inv0 ( ^ _32) }; - _31 <- ([#"../red_black_tree.rs" 547 12 547 30] flip_colors0 _32); + [#"../red_black_tree.rs" 547 12 547 30] _31 <- ([#"../red_black_tree.rs" 547 12 547 30] flip_colors0 _32); _32 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB10 } BB10 { - _35 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_left ( * self))); - self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node (let RedBlackTree_Tree_Type.C_Tree x0 = RedBlackTree_Node_Type.node_left ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _35)) x1 x2 x3 x4) }; + [#"../red_black_tree.rs" 548 19 548 42] _35 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_left ( * self))); + [#"../red_black_tree.rs" 548 19 548 42] self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node (let RedBlackTree_Tree_Type.C_Tree x0 = RedBlackTree_Node_Type.node_left ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _35)) x1 x2 x3 x4) }; assume { inv1 ( ^ _35) }; - _34 <- ([#"../red_black_tree.rs" 548 19 548 42] as_mut0 _35); + [#"../red_black_tree.rs" 548 19 548 42] _34 <- ([#"../red_black_tree.rs" 548 19 548 42] as_mut0 _35); _35 <- any borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)); goto BB11 } BB11 { - _33 <- ([#"../red_black_tree.rs" 548 19 548 51] unwrap0 _34); + [#"../red_black_tree.rs" 548 19 548 51] _33 <- ([#"../red_black_tree.rs" 548 19 548 51] unwrap0 _34); _34 <- any Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)); goto BB12 } BB12 { - _0 <- Borrow.borrow_mut ( * _33); - _33 <- { _33 with current = ^ _0 }; + [#"../red_black_tree.rs" 548 19 548 51] _0 <- Borrow.borrow_mut ( * _33); + [#"../red_black_tree.rs" 548 19 548 51] _33 <- { _33 with current = ^ _0 }; assume { inv0 ( ^ _0) }; assert { [@expl:type invariant] inv2 _33 }; assume { resolve0 _33 }; goto BB16 } BB13 { - _0 <- self; - self <- any borrowed (RedBlackTree_Node_Type.t_node k v); + [#"../red_black_tree.rs" 550 15 550 19] _0 <- ([#"../red_black_tree.rs" 550 15 550 19] self); + [#"../red_black_tree.rs" 550 15 550 19] self <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB14 } BB14 { @@ -3757,7 +3758,7 @@ module RedBlackTree_Impl14_MoveRedRight val inv10 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv10 x = true + axiom inv10 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv10 x = true predicate invariant9 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant9 (self : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = invariant9 self } @@ -3766,7 +3767,7 @@ module RedBlackTree_Impl14_MoveRedRight val inv9 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv9 x = true + axiom inv9 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv9 x = true use RedBlackTree_Node_Type as RedBlackTree_Node_Type use prelude.Borrow use Core_Option_Option_Type as Core_Option_Option_Type @@ -3778,7 +3779,7 @@ module RedBlackTree_Impl14_MoveRedRight val inv8 (_x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv8 x = true + axiom inv8 : forall x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv8 x = true predicate invariant7 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) val invariant7 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = invariant7 self } @@ -3787,7 +3788,7 @@ module RedBlackTree_Impl14_MoveRedRight val inv7 (_x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv7 x = true + axiom inv7 : forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv7 x = true predicate invariant6 (self : RedBlackTree_Node_Type.t_node k v) val invariant6 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant6 self } @@ -3797,7 +3798,7 @@ module RedBlackTree_Impl14_MoveRedRight ensures { result = inv6 _x } use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - axiom inv6 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv6 x = true + axiom inv6 : forall x : RedBlackTree_Node_Type.t_node k v . inv6 x = true use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type type deep_model_ty0 function cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering @@ -3896,7 +3897,7 @@ module RedBlackTree_Impl14_MoveRedRight val invariant5 (self : deep_model_ty0) : bool ensures { result = invariant5 self } - axiom inv5 : [#"../red_black_tree.rs" 1 0 1 0] forall x : deep_model_ty0 . inv5 x = true + axiom inv5 : forall x : deep_model_ty0 . inv5 x = true predicate invariant4 (self : v) val invariant4 (self : v) : bool ensures { result = invariant4 self } @@ -3905,7 +3906,7 @@ module RedBlackTree_Impl14_MoveRedRight val inv4 (_x : v) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../red_black_tree.rs" 1 0 1 0] forall x : v . inv4 x = true + axiom inv4 : forall x : v . inv4 x = true predicate invariant3 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) val invariant3 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant3 self } @@ -3914,7 +3915,7 @@ module RedBlackTree_Impl14_MoveRedRight val inv3 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv3 x = true + axiom inv3 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv3 x = true predicate invariant2 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) val invariant2 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant2 self } @@ -3923,7 +3924,7 @@ module RedBlackTree_Impl14_MoveRedRight val inv2 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv2 x = true + axiom inv2 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv2 x = true predicate invariant1 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) val invariant1 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant1 self } @@ -3932,7 +3933,7 @@ module RedBlackTree_Impl14_MoveRedRight val inv1 (_x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv1 x = true predicate invariant0 (self : RedBlackTree_Node_Type.t_node k v) val invariant0 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant0 self } @@ -3941,7 +3942,7 @@ module RedBlackTree_Impl14_MoveRedRight val inv0 (_x : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv0 x = true + axiom inv0 : forall x : RedBlackTree_Node_Type.t_node k v . inv0 x = true use RedBlackTree_Color_Type as RedBlackTree_Color_Type function color0 [#"../red_black_tree.rs" 256 4 256 27] (self : RedBlackTree_Tree_Type.t_tree k v) : RedBlackTree_Color_Type.t_color @@ -4183,28 +4184,28 @@ module RedBlackTree_Impl14_MoveRedRight goto BB0 } BB0 { - _16 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _16 }; + [#"../red_black_tree.rs" 572 8 572 26] _16 <- Borrow.borrow_mut ( * self); + [#"../red_black_tree.rs" 572 8 572 26] self <- { self with current = ^ _16 }; assume { inv0 ( ^ _16) }; - _15 <- ([#"../red_black_tree.rs" 572 8 572 26] flip_colors0 _16); + [#"../red_black_tree.rs" 572 8 572 26] _15 <- ([#"../red_black_tree.rs" 572 8 572 26] flip_colors0 _16); _16 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB1 } BB1 { - _22 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_left ( * self))); - self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node (let RedBlackTree_Tree_Type.C_Tree x0 = RedBlackTree_Node_Type.node_left ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _22)) x1 x2 x3 x4) }; + [#"../red_black_tree.rs" 573 11 573 34] _22 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_left ( * self))); + [#"../red_black_tree.rs" 573 11 573 34] self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node (let RedBlackTree_Tree_Type.C_Tree x0 = RedBlackTree_Node_Type.node_left ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _22)) x1 x2 x3 x4) }; assume { inv1 ( ^ _22) }; - _21 <- ([#"../red_black_tree.rs" 573 11 573 34] as_mut0 _22); + [#"../red_black_tree.rs" 573 11 573 34] _21 <- ([#"../red_black_tree.rs" 573 11 573 34] as_mut0 _22); _22 <- any borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)); goto BB2 } BB2 { - _20 <- ([#"../red_black_tree.rs" 573 11 573 43] unwrap0 _21); + [#"../red_black_tree.rs" 573 11 573 43] _20 <- ([#"../red_black_tree.rs" 573 11 573 43] unwrap0 _21); _21 <- any Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)); goto BB3 } BB3 { - _18 <- ([#"../red_black_tree.rs" 573 11 573 57] is_red0 ([#"../red_black_tree.rs" 573 11 573 57] RedBlackTree_Node_Type.node_left ( * _20))); + [#"../red_black_tree.rs" 573 11 573 57] _18 <- ([#"../red_black_tree.rs" 573 11 573 57] is_red0 ([#"../red_black_tree.rs" 573 11 573 57] RedBlackTree_Node_Type.node_left ( * _20))); goto BB4 } BB4 { @@ -4216,45 +4217,45 @@ module RedBlackTree_Impl14_MoveRedRight end } BB5 { - _25 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _25 }; + [#"../red_black_tree.rs" 574 12 574 31] _25 <- Borrow.borrow_mut ( * self); + [#"../red_black_tree.rs" 574 12 574 31] self <- { self with current = ^ _25 }; assume { inv0 ( ^ _25) }; - _24 <- ([#"../red_black_tree.rs" 574 12 574 31] rotate_right0 _25); + [#"../red_black_tree.rs" 574 12 574 31] _24 <- ([#"../red_black_tree.rs" 574 12 574 31] rotate_right0 _25); _25 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB6 } BB6 { - _27 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _27 }; + [#"../red_black_tree.rs" 575 12 575 30] _27 <- Borrow.borrow_mut ( * self); + [#"../red_black_tree.rs" 575 12 575 30] self <- { self with current = ^ _27 }; assume { inv0 ( ^ _27) }; - _26 <- ([#"../red_black_tree.rs" 575 12 575 30] flip_colors0 _27); + [#"../red_black_tree.rs" 575 12 575 30] _26 <- ([#"../red_black_tree.rs" 575 12 575 30] flip_colors0 _27); _27 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB7 } BB7 { - _30 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_right ( * self))); - self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 (let RedBlackTree_Tree_Type.C_Tree x0 = RedBlackTree_Node_Type.node_right ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _30))) }; + [#"../red_black_tree.rs" 576 19 576 43] _30 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_right ( * self))); + [#"../red_black_tree.rs" 576 19 576 43] self <- { self with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * self in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 (let RedBlackTree_Tree_Type.C_Tree x0 = RedBlackTree_Node_Type.node_right ( * self) in RedBlackTree_Tree_Type.C_Tree ( ^ _30))) }; assume { inv1 ( ^ _30) }; - _29 <- ([#"../red_black_tree.rs" 576 19 576 43] as_mut0 _30); + [#"../red_black_tree.rs" 576 19 576 43] _29 <- ([#"../red_black_tree.rs" 576 19 576 43] as_mut0 _30); _30 <- any borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)); goto BB8 } BB8 { - _28 <- ([#"../red_black_tree.rs" 576 19 576 52] unwrap0 _29); + [#"../red_black_tree.rs" 576 19 576 52] _28 <- ([#"../red_black_tree.rs" 576 19 576 52] unwrap0 _29); _29 <- any Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)); goto BB9 } BB9 { - _0 <- Borrow.borrow_mut ( * _28); - _28 <- { _28 with current = ^ _0 }; + [#"../red_black_tree.rs" 576 19 576 52] _0 <- Borrow.borrow_mut ( * _28); + [#"../red_black_tree.rs" 576 19 576 52] _28 <- { _28 with current = ^ _0 }; assume { inv0 ( ^ _0) }; assert { [@expl:type invariant] inv2 _28 }; assume { resolve0 _28 }; goto BB13 } BB10 { - _0 <- self; - self <- any borrowed (RedBlackTree_Node_Type.t_node k v); + [#"../red_black_tree.rs" 578 15 578 19] _0 <- ([#"../red_black_tree.rs" 578 15 578 19] self); + [#"../red_black_tree.rs" 578 15 578 19] self <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB11 } BB11 { @@ -4368,7 +4369,7 @@ module RedBlackTree_Impl15_New val invariant3 (self : deep_model_ty0) : bool ensures { result = invariant3 self } - axiom inv2 : [#"../red_black_tree.rs" 1 0 1 0] forall x : deep_model_ty0 . inv2 x = true + axiom inv2 : forall x : deep_model_ty0 . inv2 x = true predicate invariant2 (self : v) val invariant2 (self : v) : bool ensures { result = invariant2 self } @@ -4377,7 +4378,7 @@ module RedBlackTree_Impl15_New val inv1 (_x : v) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : v . inv1 x = true + axiom inv1 : forall x : v . inv1 x = true use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type predicate invariant1 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant1 (self : RedBlackTree_Tree_Type.t_tree k v) : bool @@ -4387,7 +4388,7 @@ module RedBlackTree_Impl15_New val inv0 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv0 x = true + axiom inv0 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv0 x = true use RedBlackTree_Color_Type as RedBlackTree_Color_Type use RedBlackTree_Node_Type as RedBlackTree_Node_Type use Core_Option_Option_Type as Core_Option_Option_Type @@ -4509,7 +4510,7 @@ module RedBlackTree_Impl15_New goto BB0 } BB0 { - _0 <- ([#"../red_black_tree.rs" 589 8 589 27] RedBlackTree_Tree_Type.C_Tree ([#"../red_black_tree.rs" 589 21 589 25] Core_Option_Option_Type.C_None)); + [#"../red_black_tree.rs" 589 8 589 27] _0 <- ([#"../red_black_tree.rs" 589 8 589 27] RedBlackTree_Tree_Type.C_Tree ([#"../red_black_tree.rs" 589 21 589 25] Core_Option_Option_Type.C_None)); goto BB1 } BB1 { @@ -4530,7 +4531,7 @@ module RedBlackTree_Impl15_InsertRec val inv11 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv11 x = true + axiom inv11 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv11 x = true use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type type deep_model_ty0 function cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering @@ -4629,7 +4630,7 @@ module RedBlackTree_Impl15_InsertRec val invariant10 (self : deep_model_ty0) : bool ensures { result = invariant10 self } - axiom inv10 : [#"../red_black_tree.rs" 1 0 1 0] forall x : deep_model_ty0 . inv10 x = true + axiom inv10 : forall x : deep_model_ty0 . inv10 x = true predicate invariant9 (self : RedBlackTree_Node_Type.t_node k v) val invariant9 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant9 self } @@ -4638,7 +4639,7 @@ module RedBlackTree_Impl15_InsertRec val inv9 (_x : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv9 x = true + axiom inv9 : forall x : RedBlackTree_Node_Type.t_node k v . inv9 x = true use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type predicate invariant8 (self : borrowed (RedBlackTree_Tree_Type.t_tree k v)) val invariant8 (self : borrowed (RedBlackTree_Tree_Type.t_tree k v)) : bool @@ -4648,7 +4649,7 @@ module RedBlackTree_Impl15_InsertRec val inv8 (_x : borrowed (RedBlackTree_Tree_Type.t_tree k v)) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Tree_Type.t_tree k v) . inv8 x = true + axiom inv8 : forall x : borrowed (RedBlackTree_Tree_Type.t_tree k v) . inv8 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant7 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) val invariant7 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool @@ -4658,7 +4659,7 @@ module RedBlackTree_Impl15_InsertRec val inv7 (_x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv7 x = true + axiom inv7 : forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv7 x = true predicate invariant6 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) val invariant6 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant6 self } @@ -4667,7 +4668,7 @@ module RedBlackTree_Impl15_InsertRec val inv6 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv6 x = true + axiom inv6 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv6 x = true predicate invariant5 (self : v) val invariant5 (self : v) : bool ensures { result = invariant5 self } @@ -4676,7 +4677,7 @@ module RedBlackTree_Impl15_InsertRec val inv5 (_x : v) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../red_black_tree.rs" 1 0 1 0] forall x : v . inv5 x = true + axiom inv5 : forall x : v . inv5 x = true predicate invariant4 (self : k) val invariant4 (self : k) : bool ensures { result = invariant4 self } @@ -4685,7 +4686,7 @@ module RedBlackTree_Impl15_InsertRec val inv4 (_x : k) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../red_black_tree.rs" 1 0 1 0] forall x : k . inv4 x = true + axiom inv4 : forall x : k . inv4 x = true predicate invariant3 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant3 (self : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = invariant3 self } @@ -4694,7 +4695,7 @@ module RedBlackTree_Impl15_InsertRec val inv3 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv3 x = true + axiom inv3 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv3 x = true predicate invariant2 (self : k) val invariant2 (self : k) : bool ensures { result = invariant2 self } @@ -4703,7 +4704,7 @@ module RedBlackTree_Impl15_InsertRec val inv2 (_x : k) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../red_black_tree.rs" 1 0 1 0] forall x : k . inv2 x = true + axiom inv2 : forall x : k . inv2 x = true predicate invariant1 (self : RedBlackTree_Node_Type.t_node k v) val invariant1 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant1 self } @@ -4713,7 +4714,7 @@ module RedBlackTree_Impl15_InsertRec ensures { result = inv1 _x } use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv1 x = true + axiom inv1 : forall x : RedBlackTree_Node_Type.t_node k v . inv1 x = true predicate invariant0 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) val invariant0 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant0 self } @@ -4722,7 +4723,7 @@ module RedBlackTree_Impl15_InsertRec val inv0 (_x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv0 x = true function deep_model0 (self : k) : deep_model_ty0 val deep_model0 (self : k) : deep_model_ty0 ensures { result = deep_model0 self } @@ -4969,8 +4970,8 @@ module RedBlackTree_Impl15_InsertRec goto BB2 } BB2 { - _11 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); - self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _11)) }; + [#"../red_black_tree.rs" 601 28 601 42] _11 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); + [#"../red_black_tree.rs" 601 28 601 42] self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _11)) }; assume { inv0 ( ^ _11) }; switch ( * _11) | Core_Option_Option_Type.C_Some _ -> goto BB3 @@ -4981,13 +4982,13 @@ module RedBlackTree_Impl15_InsertRec goto BB4 } BB4 { - node <- Borrow.borrow_mut (Core_Option_Option_Type.some_0 ( * _11)); - _11 <- { _11 with current = (let Core_Option_Option_Type.C_Some x0 = * _11 in Core_Option_Option_Type.C_Some ( ^ node)) }; + [#"../red_black_tree.rs" 601 20 601 24] node <- Borrow.borrow_mut (Core_Option_Option_Type.some_0 ( * _11)); + [#"../red_black_tree.rs" 601 20 601 24] _11 <- { _11 with current = (let Core_Option_Option_Type.C_Some x0 = * _11 in Core_Option_Option_Type.C_Some ( ^ node)) }; assume { inv1 ( ^ node) }; - _18 <- ([#"../red_black_tree.rs" 602 26 602 35] RedBlackTree_Node_Type.node_key ( * node)); + [#"../red_black_tree.rs" 602 26 602 35] _18 <- ([#"../red_black_tree.rs" 602 26 602 35] RedBlackTree_Node_Type.node_key ( * node)); assert { [@expl:type invariant] inv2 _18 }; assume { resolve0 _18 }; - _15 <- ([#"../red_black_tree.rs" 602 18 602 36] cmp0 ([#"../red_black_tree.rs" 602 18 602 36] key) ([#"../red_black_tree.rs" 602 26 602 35] _18)); + [#"../red_black_tree.rs" 602 18 602 36] _15 <- ([#"../red_black_tree.rs" 602 18 602 36] cmp0 ([#"../red_black_tree.rs" 602 18 602 36] key) ([#"../red_black_tree.rs" 602 26 602 35] _18)); goto BB5 } BB5 { @@ -5004,13 +5005,13 @@ module RedBlackTree_Impl15_InsertRec goto BB12 } BB8 { - _25 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_right ( * node)); - node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 ( ^ _25)) }; + [#"../red_black_tree.rs" 608 27 608 58] _25 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_right ( * node)); + [#"../red_black_tree.rs" 608 27 608 58] node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 ( ^ _25)) }; assume { inv3 ( ^ _25) }; - _14 <- ([#"../red_black_tree.rs" 608 27 608 58] insert_rec _25 key val'); + [#"../red_black_tree.rs" 608 27 608 58] _14 <- ([#"../red_black_tree.rs" 608 27 608 58] insert_rec _25 ([#"../red_black_tree.rs" 608 49 608 52] key) ([#"../red_black_tree.rs" 608 54 608 57] val')); _25 <- any borrowed (RedBlackTree_Tree_Type.t_tree k v); - key <- any k; - val' <- any v; + [#"../red_black_tree.rs" 608 49 608 52] key <- any k; + [#"../red_black_tree.rs" 608 54 608 57] val' <- any v; goto BB16 } BB9 { @@ -5024,16 +5025,17 @@ module RedBlackTree_Impl15_InsertRec assume { resolve4 _11 }; assert { [@expl:type invariant] inv8 self }; assume { resolve5 self }; + assert { [#"../red_black_tree.rs" 602 18 602 36] false }; absurd } BB10 { - _20 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_left ( * node)); - node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node ( ^ _20) x1 x2 x3 x4) }; + [#"../red_black_tree.rs" 603 24 603 54] _20 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_left ( * node)); + [#"../red_black_tree.rs" 603 24 603 54] node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node ( ^ _20) x1 x2 x3 x4) }; assume { inv3 ( ^ _20) }; - _14 <- ([#"../red_black_tree.rs" 603 24 603 54] insert_rec _20 key val'); + [#"../red_black_tree.rs" 603 24 603 54] _14 <- ([#"../red_black_tree.rs" 603 24 603 54] insert_rec _20 ([#"../red_black_tree.rs" 603 45 603 48] key) ([#"../red_black_tree.rs" 603 50 603 53] val')); _20 <- any borrowed (RedBlackTree_Tree_Type.t_tree k v); - key <- any k; - val' <- any v; + [#"../red_black_tree.rs" 603 45 603 48] key <- any k; + [#"../red_black_tree.rs" 603 50 603 53] val' <- any v; goto BB11 } BB11 { @@ -5045,8 +5047,8 @@ module RedBlackTree_Impl15_InsertRec goto BB13 } BB13 { - node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 x1 x2 val' x4) }; - val' <- any v; + [#"../red_black_tree.rs" 605 20 605 28] node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 x1 x2 ([#"../red_black_tree.rs" 605 31 605 34] val') x4) }; + [#"../red_black_tree.rs" 605 31 605 34] val' <- any v; assert { [@expl:type invariant] inv5 (RedBlackTree_Node_Type.node_val ( * node)) }; assume { resolve2 (RedBlackTree_Node_Type.node_val ( * node)) }; assert { [@expl:type invariant] inv6 node }; @@ -5058,17 +5060,17 @@ module RedBlackTree_Impl15_InsertRec assume { resolve4 _11 }; assert { [@expl:type invariant] inv8 self }; assume { resolve5 self }; - _0 <- ([#"../red_black_tree.rs" 606 20 606 26] ()); + [#"../red_black_tree.rs" 606 20 606 26] _0 <- ([#"../red_black_tree.rs" 606 20 606 26] ()); goto BB32 } BB16 { goto BB17 } BB17 { - _29 <- Borrow.borrow_mut ( * node); - node <- { node with current = ^ _29 }; + [#"../red_black_tree.rs" 610 12 610 26] _29 <- Borrow.borrow_mut ( * node); + [#"../red_black_tree.rs" 610 12 610 26] node <- { node with current = ^ _29 }; assume { inv9 ( ^ _29) }; - _28 <- ([#"../red_black_tree.rs" 610 12 610 26] balance0 _29); + [#"../red_black_tree.rs" 610 12 610 26] _28 <- ([#"../red_black_tree.rs" 610 12 610 26] balance0 _29); _29 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB18 } @@ -5079,7 +5081,7 @@ module RedBlackTree_Impl15_InsertRec assume { resolve4 _11 }; assert { [@expl:type invariant] inv8 self }; assume { resolve5 self }; - _0 <- ([#"../red_black_tree.rs" 601 43 611 9] ()); + [#"../red_black_tree.rs" 601 43 611 9] _0 <- ([#"../red_black_tree.rs" 601 43 611 9] ()); goto BB31 } BB19 { @@ -5112,9 +5114,9 @@ module RedBlackTree_Impl15_InsertRec goto BB28 } BB28 { - self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ([#"../red_black_tree.rs" 612 24 618 15] Core_Option_Option_Type.C_Some ([#"../red_black_tree.rs" 612 38 618 13] RedBlackTree_Node_Type.C_Node ([#"../red_black_tree.rs" 613 22 613 41] RedBlackTree_Tree_Type.C_Tree ([#"../red_black_tree.rs" 613 35 613 39] Core_Option_Option_Type.C_None)) ([#"../red_black_tree.rs" 614 23 614 26] RedBlackTree_Color_Type.C_Red) key val' ([#"../red_black_tree.rs" 617 23 617 42] RedBlackTree_Tree_Type.C_Tree ([#"../red_black_tree.rs" 617 36 617 40] Core_Option_Option_Type.C_None))))) }; - key <- any k; - val' <- any v; + [#"../red_black_tree.rs" 612 12 612 21] self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ([#"../red_black_tree.rs" 612 24 618 15] Core_Option_Option_Type.C_Some ([#"../red_black_tree.rs" 612 38 618 13] RedBlackTree_Node_Type.C_Node ([#"../red_black_tree.rs" 613 22 613 41] RedBlackTree_Tree_Type.C_Tree ([#"../red_black_tree.rs" 613 35 613 39] Core_Option_Option_Type.C_None)) ([#"../red_black_tree.rs" 614 23 614 26] RedBlackTree_Color_Type.C_Red) ([#"../red_black_tree.rs" 615 16 615 19] key) ([#"../red_black_tree.rs" 616 16 616 19] val') ([#"../red_black_tree.rs" 617 23 617 42] RedBlackTree_Tree_Type.C_Tree ([#"../red_black_tree.rs" 617 36 617 40] Core_Option_Option_Type.C_None))))) }; + [#"../red_black_tree.rs" 615 16 615 19] key <- any k; + [#"../red_black_tree.rs" 616 16 616 19] val' <- any v; assert { [@expl:type invariant] inv0 (RedBlackTree_Tree_Type.tree_node ( * self)) }; assume { resolve6 (RedBlackTree_Tree_Type.tree_node ( * self)) }; assert { [@expl:type invariant] inv8 self }; @@ -5122,7 +5124,7 @@ module RedBlackTree_Impl15_InsertRec goto BB30 } BB30 { - _0 <- ([#"../red_black_tree.rs" 619 12 619 18] ()); + [#"../red_black_tree.rs" 619 12 619 18] _0 <- ([#"../red_black_tree.rs" 619 12 619 18] ()); goto BB32 } BB31 { @@ -5246,7 +5248,7 @@ module RedBlackTree_Impl15_Insert val inv10 (_x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v)) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v) . inv10 x = true + axiom inv10 : forall x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v) . inv10 x = true use RedBlackTree_Node_Type as RedBlackTree_Node_Type predicate invariant10 (self : RedBlackTree_Node_Type.t_node k v) val invariant10 (self : RedBlackTree_Node_Type.t_node k v) : bool @@ -5257,7 +5259,7 @@ module RedBlackTree_Impl15_Insert ensures { result = inv9 _x } use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - axiom inv9 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv9 x = true + axiom inv9 : forall x : RedBlackTree_Node_Type.t_node k v . inv9 x = true use prelude.Borrow predicate invariant9 (self : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v))) val invariant9 (self : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v))) : bool @@ -5267,7 +5269,7 @@ module RedBlackTree_Impl15_Insert val inv8 (_x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv8 x = true + axiom inv8 : forall x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv8 x = true predicate invariant8 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) val invariant8 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = invariant8 self } @@ -5276,12 +5278,12 @@ module RedBlackTree_Impl15_Insert val inv7 (_x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv7 x = true + axiom inv7 : forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv7 x = true predicate invariant7 (self : deep_model_ty0) val invariant7 (self : deep_model_ty0) : bool ensures { result = invariant7 self } - axiom inv6 : [#"../red_black_tree.rs" 1 0 1 0] forall x : deep_model_ty0 . inv6 x = true + axiom inv6 : forall x : deep_model_ty0 . inv6 x = true predicate invariant6 (self : v) val invariant6 (self : v) : bool ensures { result = invariant6 self } @@ -5290,7 +5292,7 @@ module RedBlackTree_Impl15_Insert val inv5 (_x : v) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../red_black_tree.rs" 1 0 1 0] forall x : v . inv5 x = true + axiom inv5 : forall x : v . inv5 x = true predicate invariant5 (self : k) val invariant5 (self : k) : bool ensures { result = invariant5 self } @@ -5299,7 +5301,7 @@ module RedBlackTree_Impl15_Insert val inv4 (_x : k) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../red_black_tree.rs" 1 0 1 0] forall x : k . inv4 x = true + axiom inv4 : forall x : k . inv4 x = true use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type predicate invariant4 (self : borrowed (RedBlackTree_Tree_Type.t_tree k v)) val invariant4 (self : borrowed (RedBlackTree_Tree_Type.t_tree k v)) : bool @@ -5309,7 +5311,7 @@ module RedBlackTree_Impl15_Insert val inv3 (_x : borrowed (RedBlackTree_Tree_Type.t_tree k v)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Tree_Type.t_tree k v) . inv3 x = true + axiom inv3 : forall x : borrowed (RedBlackTree_Tree_Type.t_tree k v) . inv3 x = true predicate invariant3 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) val invariant3 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant3 self } @@ -5318,7 +5320,7 @@ module RedBlackTree_Impl15_Insert val inv2 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv2 x = true + axiom inv2 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv2 x = true predicate invariant2 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) val invariant2 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant2 self } @@ -5327,7 +5329,7 @@ module RedBlackTree_Impl15_Insert val inv1 (_x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv1 x = true predicate invariant1 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant1 (self : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = invariant1 self } @@ -5336,7 +5338,7 @@ module RedBlackTree_Impl15_Insert val inv0 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv0 x = true + axiom inv0 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv0 x = true use map.Map function deep_model0 (self : k) : deep_model_ty0 val deep_model0 (self : k) : deep_model_ty0 @@ -5576,40 +5578,40 @@ module RedBlackTree_Impl15_Insert goto BB1 } BB1 { - _8 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _8 }; + [#"../red_black_tree.rs" 627 8 627 33] _8 <- Borrow.borrow_mut ( * self); + [#"../red_black_tree.rs" 627 8 627 33] self <- { self with current = ^ _8 }; assume { inv0 ( ^ _8) }; - _7 <- ([#"../red_black_tree.rs" 627 8 627 33] insert_rec0 _8 key val'); + [#"../red_black_tree.rs" 627 8 627 33] _7 <- ([#"../red_black_tree.rs" 627 8 627 33] insert_rec0 _8 ([#"../red_black_tree.rs" 627 24 627 27] key) ([#"../red_black_tree.rs" 627 29 627 32] val')); _8 <- any borrowed (RedBlackTree_Tree_Type.t_tree k v); - key <- any k; - val' <- any v; + [#"../red_black_tree.rs" 627 24 627 27] key <- any k; + [#"../red_black_tree.rs" 627 29 627 32] val' <- any v; goto BB2 } BB2 { - _14 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); - self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _14)) }; + [#"../red_black_tree.rs" 628 8 628 26] _14 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); + [#"../red_black_tree.rs" 628 8 628 26] self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _14)) }; assume { inv1 ( ^ _14) }; - _13 <- ([#"../red_black_tree.rs" 628 8 628 26] as_mut0 _14); + [#"../red_black_tree.rs" 628 8 628 26] _13 <- ([#"../red_black_tree.rs" 628 8 628 26] as_mut0 _14); _14 <- any borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)); goto BB3 } BB3 { - _12 <- ([#"../red_black_tree.rs" 628 8 628 35] unwrap0 _13); + [#"../red_black_tree.rs" 628 8 628 35] _12 <- ([#"../red_black_tree.rs" 628 8 628 35] unwrap0 _13); _13 <- any Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)); goto BB4 } BB4 { - _12 <- { _12 with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * _12 in RedBlackTree_Node_Type.C_Node x0 ([#"../red_black_tree.rs" 628 44 628 49] RedBlackTree_Color_Type.C_Black) x2 x3 x4) }; + [#"../red_black_tree.rs" 628 8 628 49] _12 <- { _12 with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * _12 in RedBlackTree_Node_Type.C_Node x0 ([#"../red_black_tree.rs" 628 44 628 49] RedBlackTree_Color_Type.C_Black) x2 x3 x4) }; assert { [@expl:type invariant] inv2 _12 }; assume { resolve0 _12 }; assert { [@expl:type invariant] inv3 self }; assume { resolve1 self }; - _15 <- ([#"../red_black_tree.rs" 629 8 629 39] Ghost.new ()); + [#"../red_black_tree.rs" 629 8 629 39] _15 <- ([#"../red_black_tree.rs" 629 8 629 39] Ghost.new ()); goto BB5 } BB5 { assume { resolve2 _15 }; - _0 <- ([#"../red_black_tree.rs" 626 45 630 5] ()); + [#"../red_black_tree.rs" 626 45 630 5] _0 <- ([#"../red_black_tree.rs" 626 45 630 5] ()); goto BB6 } BB6 { @@ -5633,7 +5635,7 @@ module RedBlackTree_Impl15_DeleteMaxRec val inv15 (_x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv15 _x } - axiom inv15 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv15 x = true + axiom inv15 : forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv15 x = true predicate invariant14 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) val invariant14 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant14 self } @@ -5642,7 +5644,7 @@ module RedBlackTree_Impl15_DeleteMaxRec val inv14 (_x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv14 _x } - axiom inv14 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv14 x = true + axiom inv14 : forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv14 x = true use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type predicate invariant13 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant13 (self : RedBlackTree_Tree_Type.t_tree k v) : bool @@ -5652,7 +5654,7 @@ module RedBlackTree_Impl15_DeleteMaxRec val inv13 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv13 _x } - axiom inv13 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv13 x = true + axiom inv13 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv13 x = true use prelude.Borrow predicate invariant12 (self : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v))) val invariant12 (self : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v))) : bool @@ -5662,7 +5664,7 @@ module RedBlackTree_Impl15_DeleteMaxRec val inv12 (_x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv12 _x } - axiom inv12 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv12 x = true + axiom inv12 : forall x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv12 x = true predicate invariant11 (self : (k, v)) val invariant11 (self : (k, v)) : bool ensures { result = invariant11 self } @@ -5671,7 +5673,7 @@ module RedBlackTree_Impl15_DeleteMaxRec val inv11 (_x : (k, v)) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../red_black_tree.rs" 1 0 1 0] forall x : (k, v) . inv11 x = true + axiom inv11 : forall x : (k, v) . inv11 x = true use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type type deep_model_ty0 function cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering @@ -5770,7 +5772,7 @@ module RedBlackTree_Impl15_DeleteMaxRec val invariant10 (self : deep_model_ty0) : bool ensures { result = invariant10 self } - axiom inv10 : [#"../red_black_tree.rs" 1 0 1 0] forall x : deep_model_ty0 . inv10 x = true + axiom inv10 : forall x : deep_model_ty0 . inv10 x = true predicate invariant9 (self : v) val invariant9 (self : v) : bool ensures { result = invariant9 self } @@ -5779,7 +5781,7 @@ module RedBlackTree_Impl15_DeleteMaxRec val inv9 (_x : v) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../red_black_tree.rs" 1 0 1 0] forall x : v . inv9 x = true + axiom inv9 : forall x : v . inv9 x = true predicate invariant8 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant8 (self : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = invariant8 self } @@ -5788,7 +5790,7 @@ module RedBlackTree_Impl15_DeleteMaxRec val inv8 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv8 x = true + axiom inv8 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv8 x = true predicate invariant7 (self : RedBlackTree_Node_Type.t_node k v) val invariant7 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant7 self } @@ -5797,7 +5799,7 @@ module RedBlackTree_Impl15_DeleteMaxRec val inv7 (_x : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv7 x = true + axiom inv7 : forall x : RedBlackTree_Node_Type.t_node k v . inv7 x = true predicate invariant6 (self : borrowed (RedBlackTree_Tree_Type.t_tree k v)) val invariant6 (self : borrowed (RedBlackTree_Tree_Type.t_tree k v)) : bool ensures { result = invariant6 self } @@ -5806,7 +5808,7 @@ module RedBlackTree_Impl15_DeleteMaxRec val inv6 (_x : borrowed (RedBlackTree_Tree_Type.t_tree k v)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Tree_Type.t_tree k v) . inv6 x = true + axiom inv6 : forall x : borrowed (RedBlackTree_Tree_Type.t_tree k v) . inv6 x = true predicate invariant5 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) val invariant5 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = invariant5 self } @@ -5815,7 +5817,7 @@ module RedBlackTree_Impl15_DeleteMaxRec val inv5 (_x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv5 x = true + axiom inv5 : forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv5 x = true predicate invariant4 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) val invariant4 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant4 self } @@ -5824,7 +5826,7 @@ module RedBlackTree_Impl15_DeleteMaxRec val inv4 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv4 x = true + axiom inv4 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv4 x = true predicate invariant3 (self : RedBlackTree_Node_Type.t_node k v) val invariant3 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant3 self } @@ -5833,7 +5835,7 @@ module RedBlackTree_Impl15_DeleteMaxRec val inv3 (_x : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv3 x = true + axiom inv3 : forall x : RedBlackTree_Node_Type.t_node k v . inv3 x = true predicate invariant2 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) val invariant2 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant2 self } @@ -5842,7 +5844,7 @@ module RedBlackTree_Impl15_DeleteMaxRec val inv2 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv2 x = true + axiom inv2 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv2 x = true predicate invariant1 (self : RedBlackTree_Node_Type.t_node k v) val invariant1 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant1 self } @@ -5852,7 +5854,7 @@ module RedBlackTree_Impl15_DeleteMaxRec ensures { result = inv1 _x } use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv1 x = true + axiom inv1 : forall x : RedBlackTree_Node_Type.t_node k v . inv1 x = true predicate invariant0 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) val invariant0 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant0 self } @@ -5861,7 +5863,7 @@ module RedBlackTree_Impl15_DeleteMaxRec val inv0 (_x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv0 x = true use RedBlackTree_Color_Type as RedBlackTree_Color_Type function color0 [#"../red_black_tree.rs" 256 4 256 27] (self : RedBlackTree_Tree_Type.t_tree k v) : RedBlackTree_Color_Type.t_color @@ -6193,30 +6195,30 @@ module RedBlackTree_Impl15_DeleteMaxRec goto BB0 } BB0 { - _15 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); - self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _15)) }; + [#"../red_black_tree.rs" 644 23 644 41] _15 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); + [#"../red_black_tree.rs" 644 23 644 41] self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _15)) }; assume { inv0 ( ^ _15) }; - _14 <- ([#"../red_black_tree.rs" 644 23 644 41] as_mut0 _15); + [#"../red_black_tree.rs" 644 23 644 41] _14 <- ([#"../red_black_tree.rs" 644 23 644 41] as_mut0 _15); _15 <- any borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)); goto BB1 } BB1 { - _13 <- ([#"../red_black_tree.rs" 644 23 644 50] unwrap0 _14); + [#"../red_black_tree.rs" 644 23 644 50] _13 <- ([#"../red_black_tree.rs" 644 23 644 50] unwrap0 _14); _14 <- any Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)); goto BB2 } BB2 { - _12 <- Borrow.borrow_mut ( * _13); - _13 <- { _13 with current = ^ _12 }; + [#"../red_black_tree.rs" 644 23 644 59] _12 <- Borrow.borrow_mut ( * _13); + [#"../red_black_tree.rs" 644 23 644 59] _13 <- { _13 with current = ^ _12 }; assume { inv1 ( ^ _12) }; - node <- ([#"../red_black_tree.rs" 644 23 644 59] as_mut1 _12); + [#"../red_black_tree.rs" 644 23 644 59] node <- ([#"../red_black_tree.rs" 644 23 644 59] as_mut1 _12); _12 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB3 } BB3 { assert { [@expl:type invariant] inv2 _13 }; assume { resolve0 _13 }; - _17 <- ([#"../red_black_tree.rs" 645 11 645 29] is_red0 ([#"../red_black_tree.rs" 645 11 645 29] RedBlackTree_Node_Type.node_left ( * node))); + [#"../red_black_tree.rs" 645 11 645 29] _17 <- ([#"../red_black_tree.rs" 645 11 645 29] is_red0 ([#"../red_black_tree.rs" 645 11 645 29] RedBlackTree_Node_Type.node_left ( * node))); goto BB4 } BB4 { @@ -6226,10 +6228,10 @@ module RedBlackTree_Impl15_DeleteMaxRec end } BB5 { - _19 <- Borrow.borrow_mut ( * node); - node <- { node with current = ^ _19 }; + [#"../red_black_tree.rs" 646 12 646 31] _19 <- Borrow.borrow_mut ( * node); + [#"../red_black_tree.rs" 646 12 646 31] node <- { node with current = ^ _19 }; assume { inv3 ( ^ _19) }; - _16 <- ([#"../red_black_tree.rs" 646 12 646 31] rotate_right0 _19); + [#"../red_black_tree.rs" 646 12 646 31] _16 <- ([#"../red_black_tree.rs" 646 12 646 31] rotate_right0 _19); _19 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB6 } @@ -6237,7 +6239,7 @@ module RedBlackTree_Impl15_DeleteMaxRec goto BB8 } BB7 { - _16 <- ([#"../red_black_tree.rs" 647 9 647 9] ()); + [#"../red_black_tree.rs" 647 9 647 9] _16 <- ([#"../red_black_tree.rs" 647 9 647 9] ()); goto BB8 } BB8 { @@ -6252,13 +6254,13 @@ module RedBlackTree_Impl15_DeleteMaxRec BB10 { assert { [@expl:type invariant] inv4 node }; assume { resolve1 node }; - _26 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); - self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _26)) }; + [#"../red_black_tree.rs" 649 38 649 52] _26 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); + [#"../red_black_tree.rs" 649 38 649 52] self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _26)) }; assume { inv0 ( ^ _26) }; - _25 <- Borrow.borrow_mut ( * _26); - _26 <- { _26 with current = ^ _25 }; + [#"../red_black_tree.rs" 649 38 649 52] _25 <- Borrow.borrow_mut ( * _26); + [#"../red_black_tree.rs" 649 38 649 52] _26 <- { _26 with current = ^ _25 }; assume { inv0 ( ^ _25) }; - _24 <- ([#"../red_black_tree.rs" 649 23 649 53] take0 _25); + [#"../red_black_tree.rs" 649 23 649 53] _24 <- ([#"../red_black_tree.rs" 649 23 649 53] take0 _25); _25 <- any borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)); goto BB11 } @@ -6267,16 +6269,16 @@ module RedBlackTree_Impl15_DeleteMaxRec assume { resolve2 _26 }; assert { [@expl:type invariant] inv6 self }; assume { resolve3 self }; - node1 <- ([#"../red_black_tree.rs" 649 23 649 62] unwrap1 _24); + [#"../red_black_tree.rs" 649 23 649 62] node1 <- ([#"../red_black_tree.rs" 649 23 649 62] unwrap1 _24); _24 <- any Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v); goto BB12 } BB12 { assert { [@expl:type invariant] inv1 node1 }; assume { resolve4 node1 }; - _0 <- ([#"../red_black_tree.rs" 650 19 650 39] (RedBlackTree_Node_Type.node_key node1, RedBlackTree_Node_Type.node_val node1)); - node1 <- (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = node1 in RedBlackTree_Node_Type.C_Node x0 x1 (any k) x3 x4); - node1 <- (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = node1 in RedBlackTree_Node_Type.C_Node x0 x1 x2 (any v) x4); + [#"../red_black_tree.rs" 650 19 650 39] _0 <- ([#"../red_black_tree.rs" 650 19 650 39] (([#"../red_black_tree.rs" 650 20 650 28] RedBlackTree_Node_Type.node_key node1), ([#"../red_black_tree.rs" 650 30 650 38] RedBlackTree_Node_Type.node_val node1))); + [#"../red_black_tree.rs" 650 20 650 28] node1 <- (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = node1 in RedBlackTree_Node_Type.C_Node x0 x1 (any k) x3 x4); + [#"../red_black_tree.rs" 650 30 650 38] node1 <- (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = node1 in RedBlackTree_Node_Type.C_Node x0 x1 x2 (any v) x4); goto BB13 } BB13 { @@ -6286,15 +6288,15 @@ module RedBlackTree_Impl15_DeleteMaxRec goto BB30 } BB15 { - _32 <- ([#"../red_black_tree.rs" 652 12 652 31] is_red0 ([#"../red_black_tree.rs" 652 12 652 31] RedBlackTree_Node_Type.node_right ( * node))); + [#"../red_black_tree.rs" 652 12 652 31] _32 <- ([#"../red_black_tree.rs" 652 12 652 31] is_red0 ([#"../red_black_tree.rs" 652 12 652 31] RedBlackTree_Node_Type.node_right ( * node))); goto BB19 } BB16 { - _30 <- ([#"../red_black_tree.rs" 652 11 652 83] [#"../red_black_tree.rs" 652 11 652 83] false); + [#"../red_black_tree.rs" 652 11 652 83] _30 <- ([#"../red_black_tree.rs" 652 11 652 83] [#"../red_black_tree.rs" 652 11 652 83] false); goto BB18 } BB17 { - _38 <- ([#"../red_black_tree.rs" 652 36 652 60] as_ref0 ([#"../red_black_tree.rs" 652 36 652 60] RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_right ( * node)))); + [#"../red_black_tree.rs" 652 36 652 60] _38 <- ([#"../red_black_tree.rs" 652 36 652 60] as_ref0 ([#"../red_black_tree.rs" 652 36 652 60] RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_right ( * node)))); goto BB20 } BB18 { @@ -6310,59 +6312,59 @@ module RedBlackTree_Impl15_DeleteMaxRec end } BB20 { - _37 <- ([#"../red_black_tree.rs" 652 36 652 69] unwrap2 _38); + [#"../red_black_tree.rs" 652 36 652 69] _37 <- ([#"../red_black_tree.rs" 652 36 652 69] unwrap2 _38); _38 <- any Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v); goto BB21 } BB21 { assert { [@expl:type invariant] inv7 _37 }; assume { resolve5 _37 }; - _35 <- ([#"../red_black_tree.rs" 652 36 652 83] is_red0 ([#"../red_black_tree.rs" 652 36 652 83] RedBlackTree_Node_Type.node_left _37)); + [#"../red_black_tree.rs" 652 36 652 83] _35 <- ([#"../red_black_tree.rs" 652 36 652 83] is_red0 ([#"../red_black_tree.rs" 652 36 652 83] RedBlackTree_Node_Type.node_left _37)); goto BB22 } BB22 { - _30 <- ([#"../red_black_tree.rs" 652 35 652 83] not _35); + [#"../red_black_tree.rs" 652 11 652 83] _30 <- ([#"../red_black_tree.rs" 652 35 652 83] not _35); _35 <- any bool; goto BB18 } BB23 { - _42 <- Borrow.borrow_mut ( * node); - node <- { node with current = ^ _42 }; + [#"../red_black_tree.rs" 653 19 653 40] _42 <- Borrow.borrow_mut ( * node); + [#"../red_black_tree.rs" 653 19 653 40] node <- { node with current = ^ _42 }; assume { inv3 ( ^ _42) }; - _41 <- ([#"../red_black_tree.rs" 653 19 653 40] move_red_right0 _42); + [#"../red_black_tree.rs" 653 19 653 40] _41 <- ([#"../red_black_tree.rs" 653 19 653 40] move_red_right0 _42); _42 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB24 } BB24 { - _40 <- Borrow.borrow_mut ( * _41); - _41 <- { _41 with current = ^ _40 }; + [#"../red_black_tree.rs" 653 19 653 40] _40 <- Borrow.borrow_mut ( * _41); + [#"../red_black_tree.rs" 653 19 653 40] _41 <- { _41 with current = ^ _40 }; assume { inv3 ( ^ _40) }; assert { [@expl:type invariant] inv4 node }; assume { resolve1 node }; - node <- _40; - _40 <- any borrowed (RedBlackTree_Node_Type.t_node k v); + [#"../red_black_tree.rs" 653 12 653 40] node <- ([#"../red_black_tree.rs" 653 12 653 40] _40); + [#"../red_black_tree.rs" 653 12 653 40] _40 <- any borrowed (RedBlackTree_Node_Type.t_node k v); assert { [@expl:type invariant] inv4 _41 }; assume { resolve1 _41 }; - _29 <- ([#"../red_black_tree.rs" 652 84 654 9] ()); + [#"../red_black_tree.rs" 652 84 654 9] _29 <- ([#"../red_black_tree.rs" 652 84 654 9] ()); goto BB26 } BB25 { - _29 <- ([#"../red_black_tree.rs" 654 9 654 9] ()); + [#"../red_black_tree.rs" 654 9 654 9] _29 <- ([#"../red_black_tree.rs" 654 9 654 9] ()); goto BB26 } BB26 { - _44 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_right ( * node)); - node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 ( ^ _44)) }; + [#"../red_black_tree.rs" 655 16 655 43] _44 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_right ( * node)); + [#"../red_black_tree.rs" 655 16 655 43] node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 ( ^ _44)) }; assume { inv8 ( ^ _44) }; - r <- ([#"../red_black_tree.rs" 655 16 655 43] delete_max_rec _44); + [#"../red_black_tree.rs" 655 16 655 43] r <- ([#"../red_black_tree.rs" 655 16 655 43] delete_max_rec _44); _44 <- any borrowed (RedBlackTree_Tree_Type.t_tree k v); goto BB27 } BB27 { - _46 <- Borrow.borrow_mut ( * node); - node <- { node with current = ^ _46 }; + [#"../red_black_tree.rs" 656 8 656 22] _46 <- Borrow.borrow_mut ( * node); + [#"../red_black_tree.rs" 656 8 656 22] node <- { node with current = ^ _46 }; assume { inv3 ( ^ _46) }; - _45 <- ([#"../red_black_tree.rs" 656 8 656 22] balance0 _46); + [#"../red_black_tree.rs" 656 8 656 22] _45 <- ([#"../red_black_tree.rs" 656 8 656 22] balance0 _46); _46 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB28 } @@ -6371,8 +6373,8 @@ module RedBlackTree_Impl15_DeleteMaxRec assume { resolve1 node }; assert { [@expl:type invariant] inv6 self }; assume { resolve3 self }; - _0 <- r; - r <- any (k, v); + [#"../red_black_tree.rs" 657 8 657 9] _0 <- ([#"../red_black_tree.rs" 657 8 657 9] r); + [#"../red_black_tree.rs" 657 8 657 9] r <- any (k, v); goto BB29 } BB29 { @@ -6400,7 +6402,7 @@ module RedBlackTree_Impl15_DeleteMax val inv13 (_x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v)) : bool ensures { result = inv13 _x } - axiom inv13 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v) . inv13 x = true + axiom inv13 : forall x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v) . inv13 x = true use RedBlackTree_Node_Type as RedBlackTree_Node_Type use prelude.Borrow predicate invariant13 (self : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v))) @@ -6411,7 +6413,7 @@ module RedBlackTree_Impl15_DeleteMax val inv12 (_x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv12 _x } - axiom inv12 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv12 x = true + axiom inv12 : forall x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv12 x = true predicate invariant12 (self : (k, v)) val invariant12 (self : (k, v)) : bool ensures { result = invariant12 self } @@ -6420,7 +6422,7 @@ module RedBlackTree_Impl15_DeleteMax val inv11 (_x : (k, v)) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../red_black_tree.rs" 1 0 1 0] forall x : (k, v) . inv11 x = true + axiom inv11 : forall x : (k, v) . inv11 x = true predicate invariant11 (self : v) val invariant11 (self : v) : bool ensures { result = invariant11 self } @@ -6429,7 +6431,7 @@ module RedBlackTree_Impl15_DeleteMax val inv10 (_x : v) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../red_black_tree.rs" 1 0 1 0] forall x : v . inv10 x = true + axiom inv10 : forall x : v . inv10 x = true use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type predicate invariant10 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant10 (self : RedBlackTree_Tree_Type.t_tree k v) : bool @@ -6439,7 +6441,7 @@ module RedBlackTree_Impl15_DeleteMax val inv9 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv9 x = true + axiom inv9 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv9 x = true predicate invariant9 (self : Core_Option_Option_Type.t_option (k, v)) val invariant9 (self : Core_Option_Option_Type.t_option (k, v)) : bool ensures { result = invariant9 self } @@ -6448,7 +6450,7 @@ module RedBlackTree_Impl15_DeleteMax val inv8 (_x : Core_Option_Option_Type.t_option (k, v)) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (k, v) . inv8 x = true + axiom inv8 : forall x : Core_Option_Option_Type.t_option (k, v) . inv8 x = true use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type function cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering val cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering @@ -6546,7 +6548,7 @@ module RedBlackTree_Impl15_DeleteMax val invariant8 (self : deep_model_ty0) : bool ensures { result = invariant8 self } - axiom inv7 : [#"../red_black_tree.rs" 1 0 1 0] forall x : deep_model_ty0 . inv7 x = true + axiom inv7 : forall x : deep_model_ty0 . inv7 x = true predicate invariant7 (self : borrowed (RedBlackTree_Tree_Type.t_tree k v)) val invariant7 (self : borrowed (RedBlackTree_Tree_Type.t_tree k v)) : bool ensures { result = invariant7 self } @@ -6555,7 +6557,7 @@ module RedBlackTree_Impl15_DeleteMax val inv6 (_x : borrowed (RedBlackTree_Tree_Type.t_tree k v)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Tree_Type.t_tree k v) . inv6 x = true + axiom inv6 : forall x : borrowed (RedBlackTree_Tree_Type.t_tree k v) . inv6 x = true predicate invariant6 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant6 (self : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = invariant6 self } @@ -6564,7 +6566,7 @@ module RedBlackTree_Impl15_DeleteMax val inv5 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv5 x = true + axiom inv5 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv5 x = true predicate invariant5 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) val invariant5 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = invariant5 self } @@ -6573,7 +6575,7 @@ module RedBlackTree_Impl15_DeleteMax val inv4 (_x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv4 x = true + axiom inv4 : forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv4 x = true predicate invariant4 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) val invariant4 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant4 self } @@ -6582,7 +6584,7 @@ module RedBlackTree_Impl15_DeleteMax val inv3 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv3 x = true + axiom inv3 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv3 x = true predicate invariant3 (self : RedBlackTree_Node_Type.t_node k v) val invariant3 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant3 self } @@ -6592,7 +6594,7 @@ module RedBlackTree_Impl15_DeleteMax ensures { result = inv2 _x } use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - axiom inv2 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv2 x = true + axiom inv2 : forall x : RedBlackTree_Node_Type.t_node k v . inv2 x = true predicate invariant2 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) val invariant2 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant2 self } @@ -6601,7 +6603,7 @@ module RedBlackTree_Impl15_DeleteMax val inv1 (_x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv1 x = true + axiom inv1 : forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv1 x = true use prelude.Ghost predicate invariant1 (self : Ghost.ghost_ty (borrowed (RedBlackTree_Tree_Type.t_tree k v))) val invariant1 (self : Ghost.ghost_ty (borrowed (RedBlackTree_Tree_Type.t_tree k v))) : bool @@ -6611,7 +6613,7 @@ module RedBlackTree_Impl15_DeleteMax val inv0 (_x : Ghost.ghost_ty (borrowed (RedBlackTree_Tree_Type.t_tree k v))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Ghost.ghost_ty (borrowed (RedBlackTree_Tree_Type.t_tree k v)) . inv0 x = true + axiom inv0 : forall x : Ghost.ghost_ty (borrowed (RedBlackTree_Tree_Type.t_tree k v)) . inv0 x = true use map.Const use map.Map function deep_model0 (self : k) : deep_model_ty0 @@ -6877,14 +6879,14 @@ module RedBlackTree_Impl15_DeleteMax goto BB0 } BB0 { - old_self <- ([#"../red_black_tree.rs" 668 23 668 35] Ghost.new self); + [#"../red_black_tree.rs" 668 23 668 35] old_self <- ([#"../red_black_tree.rs" 668 23 668 35] Ghost.new self); goto BB1 } BB1 { assert { [@expl:type invariant] inv0 old_self }; assume { resolve0 old_self }; - _8 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); - self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _8)) }; + [#"../red_black_tree.rs" 669 28 669 42] _8 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); + [#"../red_black_tree.rs" 669 28 669 42] self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _8)) }; assume { inv1 ( ^ _8) }; switch ( * _8) | Core_Option_Option_Type.C_Some _ -> goto BB2 @@ -6895,10 +6897,10 @@ module RedBlackTree_Impl15_DeleteMax goto BB3 } BB3 { - node <- Borrow.borrow_mut (Core_Option_Option_Type.some_0 ( * _8)); - _8 <- { _8 with current = (let Core_Option_Option_Type.C_Some x0 = * _8 in Core_Option_Option_Type.C_Some ( ^ node)) }; + [#"../red_black_tree.rs" 669 20 669 24] node <- Borrow.borrow_mut (Core_Option_Option_Type.some_0 ( * _8)); + [#"../red_black_tree.rs" 669 20 669 24] _8 <- { _8 with current = (let Core_Option_Option_Type.C_Some x0 = * _8 in Core_Option_Option_Type.C_Some ( ^ node)) }; assume { inv2 ( ^ node) }; - _12 <- ([#"../red_black_tree.rs" 670 16 670 34] is_red0 ([#"../red_black_tree.rs" 670 16 670 34] RedBlackTree_Node_Type.node_left ( * node))); + [#"../red_black_tree.rs" 670 16 670 34] _12 <- ([#"../red_black_tree.rs" 670 16 670 34] is_red0 ([#"../red_black_tree.rs" 670 16 670 34] RedBlackTree_Node_Type.node_left ( * node))); goto BB4 } BB4 { @@ -6908,41 +6910,41 @@ module RedBlackTree_Impl15_DeleteMax end } BB5 { - node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 ([#"../red_black_tree.rs" 671 29 671 32] RedBlackTree_Color_Type.C_Red) x2 x3 x4) }; + [#"../red_black_tree.rs" 671 16 671 32] node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 ([#"../red_black_tree.rs" 671 29 671 32] RedBlackTree_Color_Type.C_Red) x2 x3 x4) }; assert { [@expl:type invariant] inv3 node }; assume { resolve1 node }; assert { [@expl:type invariant] inv4 _8 }; assume { resolve2 _8 }; - _7 <- ([#"../red_black_tree.rs" 670 35 672 13] ()); + [#"../red_black_tree.rs" 670 35 672 13] _7 <- ([#"../red_black_tree.rs" 670 35 672 13] ()); goto BB7 } BB6 { assert { [@expl:type invariant] inv3 node }; assume { resolve1 node }; - _7 <- ([#"../red_black_tree.rs" 672 13 672 13] ()); + [#"../red_black_tree.rs" 672 13 672 13] _7 <- ([#"../red_black_tree.rs" 672 13 672 13] ()); assert { [@expl:type invariant] inv4 _8 }; assume { resolve2 _8 }; goto BB7 } BB7 { assert { [@expl:assertion] [#"../red_black_tree.rs" 676 24 676 53] same_mappings0 ( * Ghost.inner old_self) ( * self) }; - _19 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _19 }; + [#"../red_black_tree.rs" 677 16 677 37] _19 <- Borrow.borrow_mut ( * self); + [#"../red_black_tree.rs" 677 16 677 37] self <- { self with current = ^ _19 }; assume { inv5 ( ^ _19) }; - r <- ([#"../red_black_tree.rs" 677 16 677 37] delete_max_rec0 _19); + [#"../red_black_tree.rs" 677 16 677 37] r <- ([#"../red_black_tree.rs" 677 16 677 37] delete_max_rec0 _19); _19 <- any borrowed (RedBlackTree_Tree_Type.t_tree k v); goto BB9 } BB8 { assert { [@expl:type invariant] inv4 _8 }; assume { resolve2 _8 }; - _0 <- ([#"../red_black_tree.rs" 674 19 674 23] Core_Option_Option_Type.C_None); + [#"../red_black_tree.rs" 674 19 674 23] _0 <- ([#"../red_black_tree.rs" 674 19 674 23] Core_Option_Option_Type.C_None); assert { [@expl:type invariant] inv6 self }; assume { resolve3 self }; goto BB19 } BB9 { - _21 <- ([#"../red_black_tree.rs" 678 11 678 24] is_red0 ([#"../red_black_tree.rs" 678 11 678 24] * self)); + [#"../red_black_tree.rs" 678 11 678 24] _21 <- ([#"../red_black_tree.rs" 678 11 678 24] is_red0 ([#"../red_black_tree.rs" 678 11 678 24] * self)); goto BB10 } BB10 { @@ -6952,41 +6954,41 @@ module RedBlackTree_Impl15_DeleteMax end } BB11 { - _26 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); - self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _26)) }; + [#"../red_black_tree.rs" 679 12 679 30] _26 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); + [#"../red_black_tree.rs" 679 12 679 30] self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _26)) }; assume { inv1 ( ^ _26) }; - _25 <- ([#"../red_black_tree.rs" 679 12 679 30] as_mut0 _26); + [#"../red_black_tree.rs" 679 12 679 30] _25 <- ([#"../red_black_tree.rs" 679 12 679 30] as_mut0 _26); _26 <- any borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)); goto BB12 } BB12 { - _24 <- ([#"../red_black_tree.rs" 679 12 679 39] unwrap0 _25); + [#"../red_black_tree.rs" 679 12 679 39] _24 <- ([#"../red_black_tree.rs" 679 12 679 39] unwrap0 _25); _25 <- any Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)); goto BB13 } BB13 { - _24 <- { _24 with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * _24 in RedBlackTree_Node_Type.C_Node x0 ([#"../red_black_tree.rs" 679 48 679 53] RedBlackTree_Color_Type.C_Black) x2 x3 x4) }; + [#"../red_black_tree.rs" 679 12 679 53] _24 <- { _24 with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * _24 in RedBlackTree_Node_Type.C_Node x0 ([#"../red_black_tree.rs" 679 48 679 53] RedBlackTree_Color_Type.C_Black) x2 x3 x4) }; assert { [@expl:type invariant] inv3 _24 }; assume { resolve1 _24 }; assert { [@expl:type invariant] inv6 self }; assume { resolve3 self }; - _20 <- ([#"../red_black_tree.rs" 678 25 680 9] ()); + [#"../red_black_tree.rs" 678 25 680 9] _20 <- ([#"../red_black_tree.rs" 678 25 680 9] ()); goto BB15 } BB14 { assert { [@expl:type invariant] inv6 self }; assume { resolve3 self }; - _20 <- ([#"../red_black_tree.rs" 680 9 680 9] ()); + [#"../red_black_tree.rs" 680 9 680 9] _20 <- ([#"../red_black_tree.rs" 680 9 680 9] ()); goto BB15 } BB15 { - _27 <- ([#"../red_black_tree.rs" 681 8 681 39] Ghost.new ()); + [#"../red_black_tree.rs" 681 8 681 39] _27 <- ([#"../red_black_tree.rs" 681 8 681 39] Ghost.new ()); goto BB16 } BB16 { assume { resolve4 _27 }; - _0 <- ([#"../red_black_tree.rs" 682 8 682 15] Core_Option_Option_Type.C_Some r); - r <- any (k, v); + [#"../red_black_tree.rs" 682 8 682 15] _0 <- ([#"../red_black_tree.rs" 682 8 682 15] Core_Option_Option_Type.C_Some ([#"../red_black_tree.rs" 682 13 682 14] r)); + [#"../red_black_tree.rs" 682 13 682 14] r <- any (k, v); goto BB17 } BB17 { @@ -7013,7 +7015,7 @@ module RedBlackTree_Impl15_DeleteMinRec val inv15 (_x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv15 _x } - axiom inv15 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv15 x = true + axiom inv15 : forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv15 x = true predicate invariant14 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) val invariant14 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant14 self } @@ -7022,7 +7024,7 @@ module RedBlackTree_Impl15_DeleteMinRec val inv14 (_x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv14 _x } - axiom inv14 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv14 x = true + axiom inv14 : forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv14 x = true use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type predicate invariant13 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant13 (self : RedBlackTree_Tree_Type.t_tree k v) : bool @@ -7032,7 +7034,7 @@ module RedBlackTree_Impl15_DeleteMinRec val inv13 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv13 _x } - axiom inv13 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv13 x = true + axiom inv13 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv13 x = true use prelude.Borrow predicate invariant12 (self : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v))) val invariant12 (self : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v))) : bool @@ -7042,7 +7044,7 @@ module RedBlackTree_Impl15_DeleteMinRec val inv12 (_x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv12 _x } - axiom inv12 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv12 x = true + axiom inv12 : forall x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv12 x = true predicate invariant11 (self : (k, v)) val invariant11 (self : (k, v)) : bool ensures { result = invariant11 self } @@ -7051,7 +7053,7 @@ module RedBlackTree_Impl15_DeleteMinRec val inv11 (_x : (k, v)) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../red_black_tree.rs" 1 0 1 0] forall x : (k, v) . inv11 x = true + axiom inv11 : forall x : (k, v) . inv11 x = true use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type type deep_model_ty0 function cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering @@ -7150,7 +7152,7 @@ module RedBlackTree_Impl15_DeleteMinRec val invariant10 (self : deep_model_ty0) : bool ensures { result = invariant10 self } - axiom inv10 : [#"../red_black_tree.rs" 1 0 1 0] forall x : deep_model_ty0 . inv10 x = true + axiom inv10 : forall x : deep_model_ty0 . inv10 x = true predicate invariant9 (self : v) val invariant9 (self : v) : bool ensures { result = invariant9 self } @@ -7159,7 +7161,7 @@ module RedBlackTree_Impl15_DeleteMinRec val inv9 (_x : v) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../red_black_tree.rs" 1 0 1 0] forall x : v . inv9 x = true + axiom inv9 : forall x : v . inv9 x = true predicate invariant8 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant8 (self : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = invariant8 self } @@ -7168,7 +7170,7 @@ module RedBlackTree_Impl15_DeleteMinRec val inv8 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv8 x = true + axiom inv8 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv8 x = true predicate invariant7 (self : RedBlackTree_Node_Type.t_node k v) val invariant7 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant7 self } @@ -7177,7 +7179,7 @@ module RedBlackTree_Impl15_DeleteMinRec val inv7 (_x : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv7 x = true + axiom inv7 : forall x : RedBlackTree_Node_Type.t_node k v . inv7 x = true predicate invariant6 (self : RedBlackTree_Node_Type.t_node k v) val invariant6 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant6 self } @@ -7186,7 +7188,7 @@ module RedBlackTree_Impl15_DeleteMinRec val inv6 (_x : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv6 x = true + axiom inv6 : forall x : RedBlackTree_Node_Type.t_node k v . inv6 x = true predicate invariant5 (self : borrowed (RedBlackTree_Tree_Type.t_tree k v)) val invariant5 (self : borrowed (RedBlackTree_Tree_Type.t_tree k v)) : bool ensures { result = invariant5 self } @@ -7195,7 +7197,7 @@ module RedBlackTree_Impl15_DeleteMinRec val inv5 (_x : borrowed (RedBlackTree_Tree_Type.t_tree k v)) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Tree_Type.t_tree k v) . inv5 x = true + axiom inv5 : forall x : borrowed (RedBlackTree_Tree_Type.t_tree k v) . inv5 x = true predicate invariant4 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) val invariant4 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = invariant4 self } @@ -7204,7 +7206,7 @@ module RedBlackTree_Impl15_DeleteMinRec val inv4 (_x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv4 x = true + axiom inv4 : forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv4 x = true predicate invariant3 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) val invariant3 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant3 self } @@ -7213,7 +7215,7 @@ module RedBlackTree_Impl15_DeleteMinRec val inv3 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv3 x = true + axiom inv3 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv3 x = true predicate invariant2 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) val invariant2 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant2 self } @@ -7222,7 +7224,7 @@ module RedBlackTree_Impl15_DeleteMinRec val inv2 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv2 x = true + axiom inv2 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv2 x = true predicate invariant1 (self : RedBlackTree_Node_Type.t_node k v) val invariant1 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant1 self } @@ -7232,7 +7234,7 @@ module RedBlackTree_Impl15_DeleteMinRec ensures { result = inv1 _x } use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv1 x = true + axiom inv1 : forall x : RedBlackTree_Node_Type.t_node k v . inv1 x = true predicate invariant0 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) val invariant0 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant0 self } @@ -7241,7 +7243,7 @@ module RedBlackTree_Impl15_DeleteMinRec val inv0 (_x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv0 x = true use RedBlackTree_Color_Type as RedBlackTree_Color_Type function color0 [#"../red_black_tree.rs" 256 4 256 27] (self : RedBlackTree_Tree_Type.t_tree k v) : RedBlackTree_Color_Type.t_color @@ -7558,23 +7560,23 @@ module RedBlackTree_Impl15_DeleteMinRec goto BB0 } BB0 { - _15 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); - self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _15)) }; + [#"../red_black_tree.rs" 697 23 697 41] _15 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); + [#"../red_black_tree.rs" 697 23 697 41] self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _15)) }; assume { inv0 ( ^ _15) }; - _14 <- ([#"../red_black_tree.rs" 697 23 697 41] as_mut0 _15); + [#"../red_black_tree.rs" 697 23 697 41] _14 <- ([#"../red_black_tree.rs" 697 23 697 41] as_mut0 _15); _15 <- any borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)); goto BB1 } BB1 { - _13 <- ([#"../red_black_tree.rs" 697 23 697 50] unwrap0 _14); + [#"../red_black_tree.rs" 697 23 697 50] _13 <- ([#"../red_black_tree.rs" 697 23 697 50] unwrap0 _14); _14 <- any Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)); goto BB2 } BB2 { - _12 <- Borrow.borrow_mut ( * _13); - _13 <- { _13 with current = ^ _12 }; + [#"../red_black_tree.rs" 697 23 697 59] _12 <- Borrow.borrow_mut ( * _13); + [#"../red_black_tree.rs" 697 23 697 59] _13 <- { _13 with current = ^ _12 }; assume { inv1 ( ^ _12) }; - node <- ([#"../red_black_tree.rs" 697 23 697 59] as_mut1 _12); + [#"../red_black_tree.rs" 697 23 697 59] node <- ([#"../red_black_tree.rs" 697 23 697 59] as_mut1 _12); _12 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB3 } @@ -7592,13 +7594,13 @@ module RedBlackTree_Impl15_DeleteMinRec BB5 { assert { [@expl:type invariant] inv3 node }; assume { resolve1 node }; - _22 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); - self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _22)) }; + [#"../red_black_tree.rs" 699 38 699 52] _22 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); + [#"../red_black_tree.rs" 699 38 699 52] self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _22)) }; assume { inv0 ( ^ _22) }; - _21 <- Borrow.borrow_mut ( * _22); - _22 <- { _22 with current = ^ _21 }; + [#"../red_black_tree.rs" 699 38 699 52] _21 <- Borrow.borrow_mut ( * _22); + [#"../red_black_tree.rs" 699 38 699 52] _22 <- { _22 with current = ^ _21 }; assume { inv0 ( ^ _21) }; - _20 <- ([#"../red_black_tree.rs" 699 23 699 53] take0 _21); + [#"../red_black_tree.rs" 699 23 699 53] _20 <- ([#"../red_black_tree.rs" 699 23 699 53] take0 _21); _21 <- any borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)); goto BB6 } @@ -7607,16 +7609,16 @@ module RedBlackTree_Impl15_DeleteMinRec assume { resolve2 _22 }; assert { [@expl:type invariant] inv5 self }; assume { resolve3 self }; - node1 <- ([#"../red_black_tree.rs" 699 23 699 62] unwrap1 _20); + [#"../red_black_tree.rs" 699 23 699 62] node1 <- ([#"../red_black_tree.rs" 699 23 699 62] unwrap1 _20); _20 <- any Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v); goto BB7 } BB7 { assert { [@expl:type invariant] inv1 node1 }; assume { resolve4 node1 }; - _0 <- ([#"../red_black_tree.rs" 700 19 700 39] (RedBlackTree_Node_Type.node_key node1, RedBlackTree_Node_Type.node_val node1)); - node1 <- (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = node1 in RedBlackTree_Node_Type.C_Node x0 x1 (any k) x3 x4); - node1 <- (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = node1 in RedBlackTree_Node_Type.C_Node x0 x1 x2 (any v) x4); + [#"../red_black_tree.rs" 700 19 700 39] _0 <- ([#"../red_black_tree.rs" 700 19 700 39] (([#"../red_black_tree.rs" 700 20 700 28] RedBlackTree_Node_Type.node_key node1), ([#"../red_black_tree.rs" 700 30 700 38] RedBlackTree_Node_Type.node_val node1))); + [#"../red_black_tree.rs" 700 20 700 28] node1 <- (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = node1 in RedBlackTree_Node_Type.C_Node x0 x1 (any k) x3 x4); + [#"../red_black_tree.rs" 700 30 700 38] node1 <- (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = node1 in RedBlackTree_Node_Type.C_Node x0 x1 x2 (any v) x4); goto BB8 } BB8 { @@ -7626,15 +7628,15 @@ module RedBlackTree_Impl15_DeleteMinRec goto BB25 } BB10 { - _28 <- ([#"../red_black_tree.rs" 702 12 702 30] is_red0 ([#"../red_black_tree.rs" 702 12 702 30] RedBlackTree_Node_Type.node_left ( * node))); + [#"../red_black_tree.rs" 702 12 702 30] _28 <- ([#"../red_black_tree.rs" 702 12 702 30] is_red0 ([#"../red_black_tree.rs" 702 12 702 30] RedBlackTree_Node_Type.node_left ( * node))); goto BB14 } BB11 { - _26 <- ([#"../red_black_tree.rs" 702 11 702 81] [#"../red_black_tree.rs" 702 11 702 81] false); + [#"../red_black_tree.rs" 702 11 702 81] _26 <- ([#"../red_black_tree.rs" 702 11 702 81] [#"../red_black_tree.rs" 702 11 702 81] false); goto BB13 } BB12 { - _34 <- ([#"../red_black_tree.rs" 702 35 702 58] as_ref0 ([#"../red_black_tree.rs" 702 35 702 58] RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_left ( * node)))); + [#"../red_black_tree.rs" 702 35 702 58] _34 <- ([#"../red_black_tree.rs" 702 35 702 58] as_ref0 ([#"../red_black_tree.rs" 702 35 702 58] RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_left ( * node)))); goto BB15 } BB13 { @@ -7650,59 +7652,59 @@ module RedBlackTree_Impl15_DeleteMinRec end } BB15 { - _33 <- ([#"../red_black_tree.rs" 702 35 702 67] unwrap2 _34); + [#"../red_black_tree.rs" 702 35 702 67] _33 <- ([#"../red_black_tree.rs" 702 35 702 67] unwrap2 _34); _34 <- any Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v); goto BB16 } BB16 { assert { [@expl:type invariant] inv6 _33 }; assume { resolve5 _33 }; - _31 <- ([#"../red_black_tree.rs" 702 35 702 81] is_red0 ([#"../red_black_tree.rs" 702 35 702 81] RedBlackTree_Node_Type.node_left _33)); + [#"../red_black_tree.rs" 702 35 702 81] _31 <- ([#"../red_black_tree.rs" 702 35 702 81] is_red0 ([#"../red_black_tree.rs" 702 35 702 81] RedBlackTree_Node_Type.node_left _33)); goto BB17 } BB17 { - _26 <- ([#"../red_black_tree.rs" 702 34 702 81] not _31); + [#"../red_black_tree.rs" 702 11 702 81] _26 <- ([#"../red_black_tree.rs" 702 34 702 81] not _31); _31 <- any bool; goto BB13 } BB18 { - _38 <- Borrow.borrow_mut ( * node); - node <- { node with current = ^ _38 }; + [#"../red_black_tree.rs" 703 19 703 39] _38 <- Borrow.borrow_mut ( * node); + [#"../red_black_tree.rs" 703 19 703 39] node <- { node with current = ^ _38 }; assume { inv7 ( ^ _38) }; - _37 <- ([#"../red_black_tree.rs" 703 19 703 39] move_red_left0 _38); + [#"../red_black_tree.rs" 703 19 703 39] _37 <- ([#"../red_black_tree.rs" 703 19 703 39] move_red_left0 _38); _38 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB19 } BB19 { - _36 <- Borrow.borrow_mut ( * _37); - _37 <- { _37 with current = ^ _36 }; + [#"../red_black_tree.rs" 703 19 703 39] _36 <- Borrow.borrow_mut ( * _37); + [#"../red_black_tree.rs" 703 19 703 39] _37 <- { _37 with current = ^ _36 }; assume { inv7 ( ^ _36) }; assert { [@expl:type invariant] inv3 node }; assume { resolve1 node }; - node <- _36; - _36 <- any borrowed (RedBlackTree_Node_Type.t_node k v); + [#"../red_black_tree.rs" 703 12 703 39] node <- ([#"../red_black_tree.rs" 703 12 703 39] _36); + [#"../red_black_tree.rs" 703 12 703 39] _36 <- any borrowed (RedBlackTree_Node_Type.t_node k v); assert { [@expl:type invariant] inv3 _37 }; assume { resolve1 _37 }; - _25 <- ([#"../red_black_tree.rs" 702 82 704 9] ()); + [#"../red_black_tree.rs" 702 82 704 9] _25 <- ([#"../red_black_tree.rs" 702 82 704 9] ()); goto BB21 } BB20 { - _25 <- ([#"../red_black_tree.rs" 704 9 704 9] ()); + [#"../red_black_tree.rs" 704 9 704 9] _25 <- ([#"../red_black_tree.rs" 704 9 704 9] ()); goto BB21 } BB21 { - _40 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_left ( * node)); - node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node ( ^ _40) x1 x2 x3 x4) }; + [#"../red_black_tree.rs" 705 16 705 42] _40 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_left ( * node)); + [#"../red_black_tree.rs" 705 16 705 42] node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node ( ^ _40) x1 x2 x3 x4) }; assume { inv8 ( ^ _40) }; - r <- ([#"../red_black_tree.rs" 705 16 705 42] delete_min_rec _40); + [#"../red_black_tree.rs" 705 16 705 42] r <- ([#"../red_black_tree.rs" 705 16 705 42] delete_min_rec _40); _40 <- any borrowed (RedBlackTree_Tree_Type.t_tree k v); goto BB22 } BB22 { - _42 <- Borrow.borrow_mut ( * node); - node <- { node with current = ^ _42 }; + [#"../red_black_tree.rs" 706 8 706 22] _42 <- Borrow.borrow_mut ( * node); + [#"../red_black_tree.rs" 706 8 706 22] node <- { node with current = ^ _42 }; assume { inv7 ( ^ _42) }; - _41 <- ([#"../red_black_tree.rs" 706 8 706 22] balance0 _42); + [#"../red_black_tree.rs" 706 8 706 22] _41 <- ([#"../red_black_tree.rs" 706 8 706 22] balance0 _42); _42 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB23 } @@ -7711,8 +7713,8 @@ module RedBlackTree_Impl15_DeleteMinRec assume { resolve1 node }; assert { [@expl:type invariant] inv5 self }; assume { resolve3 self }; - _0 <- r; - r <- any (k, v); + [#"../red_black_tree.rs" 707 8 707 9] _0 <- ([#"../red_black_tree.rs" 707 8 707 9] r); + [#"../red_black_tree.rs" 707 8 707 9] r <- any (k, v); goto BB24 } BB24 { @@ -7740,7 +7742,7 @@ module RedBlackTree_Impl15_DeleteMin val inv12 (_x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v)) : bool ensures { result = inv12 _x } - axiom inv12 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v) . inv12 x = true + axiom inv12 : forall x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v) . inv12 x = true use RedBlackTree_Node_Type as RedBlackTree_Node_Type use prelude.Borrow predicate invariant12 (self : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v))) @@ -7751,7 +7753,7 @@ module RedBlackTree_Impl15_DeleteMin val inv11 (_x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv11 x = true + axiom inv11 : forall x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv11 x = true predicate invariant11 (self : (k, v)) val invariant11 (self : (k, v)) : bool ensures { result = invariant11 self } @@ -7760,7 +7762,7 @@ module RedBlackTree_Impl15_DeleteMin val inv10 (_x : (k, v)) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../red_black_tree.rs" 1 0 1 0] forall x : (k, v) . inv10 x = true + axiom inv10 : forall x : (k, v) . inv10 x = true use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type predicate invariant10 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant10 (self : RedBlackTree_Tree_Type.t_tree k v) : bool @@ -7770,7 +7772,7 @@ module RedBlackTree_Impl15_DeleteMin val inv9 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv9 x = true + axiom inv9 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv9 x = true predicate invariant9 (self : v) val invariant9 (self : v) : bool ensures { result = invariant9 self } @@ -7779,7 +7781,7 @@ module RedBlackTree_Impl15_DeleteMin val inv8 (_x : v) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../red_black_tree.rs" 1 0 1 0] forall x : v . inv8 x = true + axiom inv8 : forall x : v . inv8 x = true predicate invariant8 (self : Core_Option_Option_Type.t_option (k, v)) val invariant8 (self : Core_Option_Option_Type.t_option (k, v)) : bool ensures { result = invariant8 self } @@ -7788,7 +7790,7 @@ module RedBlackTree_Impl15_DeleteMin val inv7 (_x : Core_Option_Option_Type.t_option (k, v)) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (k, v) . inv7 x = true + axiom inv7 : forall x : Core_Option_Option_Type.t_option (k, v) . inv7 x = true use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type function cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering val cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering @@ -7886,7 +7888,7 @@ module RedBlackTree_Impl15_DeleteMin val invariant7 (self : deep_model_ty0) : bool ensures { result = invariant7 self } - axiom inv6 : [#"../red_black_tree.rs" 1 0 1 0] forall x : deep_model_ty0 . inv6 x = true + axiom inv6 : forall x : deep_model_ty0 . inv6 x = true predicate invariant6 (self : borrowed (RedBlackTree_Tree_Type.t_tree k v)) val invariant6 (self : borrowed (RedBlackTree_Tree_Type.t_tree k v)) : bool ensures { result = invariant6 self } @@ -7895,7 +7897,7 @@ module RedBlackTree_Impl15_DeleteMin val inv5 (_x : borrowed (RedBlackTree_Tree_Type.t_tree k v)) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Tree_Type.t_tree k v) . inv5 x = true + axiom inv5 : forall x : borrowed (RedBlackTree_Tree_Type.t_tree k v) . inv5 x = true predicate invariant5 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant5 (self : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = invariant5 self } @@ -7904,7 +7906,7 @@ module RedBlackTree_Impl15_DeleteMin val inv4 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv4 x = true + axiom inv4 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv4 x = true predicate invariant4 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) val invariant4 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = invariant4 self } @@ -7913,7 +7915,7 @@ module RedBlackTree_Impl15_DeleteMin val inv3 (_x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv3 x = true + axiom inv3 : forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv3 x = true predicate invariant3 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) val invariant3 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant3 self } @@ -7922,7 +7924,7 @@ module RedBlackTree_Impl15_DeleteMin val inv2 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv2 x = true + axiom inv2 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv2 x = true predicate invariant2 (self : RedBlackTree_Node_Type.t_node k v) val invariant2 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant2 self } @@ -7932,7 +7934,7 @@ module RedBlackTree_Impl15_DeleteMin ensures { result = inv1 _x } use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv1 x = true + axiom inv1 : forall x : RedBlackTree_Node_Type.t_node k v . inv1 x = true predicate invariant1 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) val invariant1 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant1 self } @@ -7941,7 +7943,7 @@ module RedBlackTree_Impl15_DeleteMin val inv0 (_x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv0 x = true use map.Const use map.Map function deep_model0 (self : k) : deep_model_ty0 @@ -8194,13 +8196,13 @@ module RedBlackTree_Impl15_DeleteMin goto BB0 } BB0 { - _5 <- ([#"../red_black_tree.rs" 720 8 720 39] Ghost.new ()); + [#"../red_black_tree.rs" 720 8 720 39] _5 <- ([#"../red_black_tree.rs" 720 8 720 39] Ghost.new ()); goto BB1 } BB1 { assume { resolve0 _5 }; - _8 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); - self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _8)) }; + [#"../red_black_tree.rs" 722 28 722 42] _8 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); + [#"../red_black_tree.rs" 722 28 722 42] self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _8)) }; assume { inv0 ( ^ _8) }; switch ( * _8) | Core_Option_Option_Type.C_Some _ -> goto BB2 @@ -8211,10 +8213,10 @@ module RedBlackTree_Impl15_DeleteMin goto BB3 } BB3 { - node <- Borrow.borrow_mut (Core_Option_Option_Type.some_0 ( * _8)); - _8 <- { _8 with current = (let Core_Option_Option_Type.C_Some x0 = * _8 in Core_Option_Option_Type.C_Some ( ^ node)) }; + [#"../red_black_tree.rs" 722 20 722 24] node <- Borrow.borrow_mut (Core_Option_Option_Type.some_0 ( * _8)); + [#"../red_black_tree.rs" 722 20 722 24] _8 <- { _8 with current = (let Core_Option_Option_Type.C_Some x0 = * _8 in Core_Option_Option_Type.C_Some ( ^ node)) }; assume { inv1 ( ^ node) }; - _12 <- ([#"../red_black_tree.rs" 723 16 723 34] is_red0 ([#"../red_black_tree.rs" 723 16 723 34] RedBlackTree_Node_Type.node_left ( * node))); + [#"../red_black_tree.rs" 723 16 723 34] _12 <- ([#"../red_black_tree.rs" 723 16 723 34] is_red0 ([#"../red_black_tree.rs" 723 16 723 34] RedBlackTree_Node_Type.node_left ( * node))); goto BB4 } BB4 { @@ -8224,40 +8226,40 @@ module RedBlackTree_Impl15_DeleteMin end } BB5 { - node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 ([#"../red_black_tree.rs" 724 29 724 32] RedBlackTree_Color_Type.C_Red) x2 x3 x4) }; + [#"../red_black_tree.rs" 724 16 724 32] node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 ([#"../red_black_tree.rs" 724 29 724 32] RedBlackTree_Color_Type.C_Red) x2 x3 x4) }; assert { [@expl:type invariant] inv2 node }; assume { resolve1 node }; assert { [@expl:type invariant] inv3 _8 }; assume { resolve2 _8 }; - _7 <- ([#"../red_black_tree.rs" 723 35 725 13] ()); + [#"../red_black_tree.rs" 723 35 725 13] _7 <- ([#"../red_black_tree.rs" 723 35 725 13] ()); goto BB7 } BB6 { assert { [@expl:type invariant] inv2 node }; assume { resolve1 node }; - _7 <- ([#"../red_black_tree.rs" 725 13 725 13] ()); + [#"../red_black_tree.rs" 725 13 725 13] _7 <- ([#"../red_black_tree.rs" 725 13 725 13] ()); assert { [@expl:type invariant] inv3 _8 }; assume { resolve2 _8 }; goto BB7 } BB7 { - _17 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _17 }; + [#"../red_black_tree.rs" 729 16 729 37] _17 <- Borrow.borrow_mut ( * self); + [#"../red_black_tree.rs" 729 16 729 37] self <- { self with current = ^ _17 }; assume { inv4 ( ^ _17) }; - r <- ([#"../red_black_tree.rs" 729 16 729 37] delete_min_rec0 _17); + [#"../red_black_tree.rs" 729 16 729 37] r <- ([#"../red_black_tree.rs" 729 16 729 37] delete_min_rec0 _17); _17 <- any borrowed (RedBlackTree_Tree_Type.t_tree k v); goto BB9 } BB8 { assert { [@expl:type invariant] inv3 _8 }; assume { resolve2 _8 }; - _0 <- ([#"../red_black_tree.rs" 727 19 727 23] Core_Option_Option_Type.C_None); + [#"../red_black_tree.rs" 727 19 727 23] _0 <- ([#"../red_black_tree.rs" 727 19 727 23] Core_Option_Option_Type.C_None); assert { [@expl:type invariant] inv5 self }; assume { resolve3 self }; goto BB18 } BB9 { - _19 <- ([#"../red_black_tree.rs" 730 11 730 24] is_red0 ([#"../red_black_tree.rs" 730 11 730 24] * self)); + [#"../red_black_tree.rs" 730 11 730 24] _19 <- ([#"../red_black_tree.rs" 730 11 730 24] is_red0 ([#"../red_black_tree.rs" 730 11 730 24] * self)); goto BB10 } BB10 { @@ -8267,36 +8269,36 @@ module RedBlackTree_Impl15_DeleteMin end } BB11 { - _24 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); - self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _24)) }; + [#"../red_black_tree.rs" 731 12 731 30] _24 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); + [#"../red_black_tree.rs" 731 12 731 30] self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _24)) }; assume { inv0 ( ^ _24) }; - _23 <- ([#"../red_black_tree.rs" 731 12 731 30] as_mut0 _24); + [#"../red_black_tree.rs" 731 12 731 30] _23 <- ([#"../red_black_tree.rs" 731 12 731 30] as_mut0 _24); _24 <- any borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)); goto BB12 } BB12 { - _22 <- ([#"../red_black_tree.rs" 731 12 731 39] unwrap0 _23); + [#"../red_black_tree.rs" 731 12 731 39] _22 <- ([#"../red_black_tree.rs" 731 12 731 39] unwrap0 _23); _23 <- any Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)); goto BB13 } BB13 { - _22 <- { _22 with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * _22 in RedBlackTree_Node_Type.C_Node x0 ([#"../red_black_tree.rs" 731 48 731 53] RedBlackTree_Color_Type.C_Black) x2 x3 x4) }; + [#"../red_black_tree.rs" 731 12 731 53] _22 <- { _22 with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * _22 in RedBlackTree_Node_Type.C_Node x0 ([#"../red_black_tree.rs" 731 48 731 53] RedBlackTree_Color_Type.C_Black) x2 x3 x4) }; assert { [@expl:type invariant] inv2 _22 }; assume { resolve1 _22 }; assert { [@expl:type invariant] inv5 self }; assume { resolve3 self }; - _18 <- ([#"../red_black_tree.rs" 730 25 732 9] ()); + [#"../red_black_tree.rs" 730 25 732 9] _18 <- ([#"../red_black_tree.rs" 730 25 732 9] ()); goto BB15 } BB14 { assert { [@expl:type invariant] inv5 self }; assume { resolve3 self }; - _18 <- ([#"../red_black_tree.rs" 732 9 732 9] ()); + [#"../red_black_tree.rs" 732 9 732 9] _18 <- ([#"../red_black_tree.rs" 732 9 732 9] ()); goto BB15 } BB15 { - _0 <- ([#"../red_black_tree.rs" 733 8 733 15] Core_Option_Option_Type.C_Some r); - r <- any (k, v); + [#"../red_black_tree.rs" 733 8 733 15] _0 <- ([#"../red_black_tree.rs" 733 8 733 15] Core_Option_Option_Type.C_Some ([#"../red_black_tree.rs" 733 13 733 14] r)); + [#"../red_black_tree.rs" 733 13 733 14] r <- any (k, v); goto BB16 } BB16 { @@ -8324,7 +8326,7 @@ module RedBlackTree_Impl15_DeleteRec val inv21 (_x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v)) : bool ensures { result = inv21 _x } - axiom inv21 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v) . inv21 x = true + axiom inv21 : forall x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v) . inv21 x = true predicate invariant20 (self : (k, v)) val invariant20 (self : (k, v)) : bool ensures { result = invariant20 self } @@ -8333,7 +8335,7 @@ module RedBlackTree_Impl15_DeleteRec val inv20 (_x : (k, v)) : bool ensures { result = inv20 _x } - axiom inv20 : [#"../red_black_tree.rs" 1 0 1 0] forall x : (k, v) . inv20 x = true + axiom inv20 : forall x : (k, v) . inv20 x = true use RedBlackTree_Node_Type as RedBlackTree_Node_Type predicate invariant19 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) val invariant19 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool @@ -8343,7 +8345,7 @@ module RedBlackTree_Impl15_DeleteRec val inv19 (_x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv19 _x } - axiom inv19 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv19 x = true + axiom inv19 : forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv19 x = true use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type predicate invariant18 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant18 (self : RedBlackTree_Tree_Type.t_tree k v) : bool @@ -8353,7 +8355,7 @@ module RedBlackTree_Impl15_DeleteRec val inv18 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv18 _x } - axiom inv18 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv18 x = true + axiom inv18 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv18 x = true predicate invariant17 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) val invariant17 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant17 self } @@ -8362,7 +8364,7 @@ module RedBlackTree_Impl15_DeleteRec val inv17 (_x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv17 _x } - axiom inv17 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv17 x = true + axiom inv17 : forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv17 x = true use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type function cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering val cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering @@ -8465,7 +8467,7 @@ module RedBlackTree_Impl15_DeleteRec val inv16 (_x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv16 _x } - axiom inv16 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv16 x = true + axiom inv16 : forall x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv16 x = true predicate invariant15 (self : Core_Option_Option_Type.t_option (k, v)) val invariant15 (self : Core_Option_Option_Type.t_option (k, v)) : bool ensures { result = invariant15 self } @@ -8474,12 +8476,12 @@ module RedBlackTree_Impl15_DeleteRec val inv15 (_x : Core_Option_Option_Type.t_option (k, v)) : bool ensures { result = inv15 _x } - axiom inv15 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (k, v) . inv15 x = true + axiom inv15 : forall x : Core_Option_Option_Type.t_option (k, v) . inv15 x = true predicate invariant14 (self : deep_model_ty0) val invariant14 (self : deep_model_ty0) : bool ensures { result = invariant14 self } - axiom inv14 : [#"../red_black_tree.rs" 1 0 1 0] forall x : deep_model_ty0 . inv14 x = true + axiom inv14 : forall x : deep_model_ty0 . inv14 x = true predicate invariant13 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) val invariant13 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = invariant13 self } @@ -8488,7 +8490,7 @@ module RedBlackTree_Impl15_DeleteRec val inv13 (_x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv13 _x } - axiom inv13 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv13 x = true + axiom inv13 : forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv13 x = true predicate invariant12 (self : borrowed v) val invariant12 (self : borrowed v) : bool ensures { result = invariant12 self } @@ -8497,7 +8499,7 @@ module RedBlackTree_Impl15_DeleteRec val inv12 (_x : borrowed v) : bool ensures { result = inv12 _x } - axiom inv12 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed v . inv12 x = true + axiom inv12 : forall x : borrowed v . inv12 x = true predicate invariant11 (self : v) val invariant11 (self : v) : bool ensures { result = invariant11 self } @@ -8506,7 +8508,7 @@ module RedBlackTree_Impl15_DeleteRec val inv11 (_x : v) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../red_black_tree.rs" 1 0 1 0] forall x : v . inv11 x = true + axiom inv11 : forall x : v . inv11 x = true predicate invariant10 (self : borrowed k) val invariant10 (self : borrowed k) : bool ensures { result = invariant10 self } @@ -8515,7 +8517,7 @@ module RedBlackTree_Impl15_DeleteRec val inv10 (_x : borrowed k) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed k . inv10 x = true + axiom inv10 : forall x : borrowed k . inv10 x = true predicate invariant9 (self : k) val invariant9 (self : k) : bool ensures { result = invariant9 self } @@ -8524,7 +8526,7 @@ module RedBlackTree_Impl15_DeleteRec val inv9 (_x : k) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../red_black_tree.rs" 1 0 1 0] forall x : k . inv9 x = true + axiom inv9 : forall x : k . inv9 x = true predicate invariant8 (self : borrowed (RedBlackTree_Tree_Type.t_tree k v)) val invariant8 (self : borrowed (RedBlackTree_Tree_Type.t_tree k v)) : bool ensures { result = invariant8 self } @@ -8533,7 +8535,7 @@ module RedBlackTree_Impl15_DeleteRec val inv8 (_x : borrowed (RedBlackTree_Tree_Type.t_tree k v)) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Tree_Type.t_tree k v) . inv8 x = true + axiom inv8 : forall x : borrowed (RedBlackTree_Tree_Type.t_tree k v) . inv8 x = true predicate invariant7 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant7 (self : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = invariant7 self } @@ -8542,7 +8544,7 @@ module RedBlackTree_Impl15_DeleteRec val inv7 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv7 x = true + axiom inv7 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv7 x = true predicate invariant6 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) val invariant6 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant6 self } @@ -8551,7 +8553,7 @@ module RedBlackTree_Impl15_DeleteRec val inv6 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv6 x = true + axiom inv6 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv6 x = true predicate invariant5 (self : RedBlackTree_Node_Type.t_node k v) val invariant5 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant5 self } @@ -8560,7 +8562,7 @@ module RedBlackTree_Impl15_DeleteRec val inv5 (_x : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv5 x = true + axiom inv5 : forall x : RedBlackTree_Node_Type.t_node k v . inv5 x = true predicate invariant4 (self : RedBlackTree_Node_Type.t_node k v) val invariant4 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant4 self } @@ -8569,7 +8571,7 @@ module RedBlackTree_Impl15_DeleteRec val inv4 (_x : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv4 x = true + axiom inv4 : forall x : RedBlackTree_Node_Type.t_node k v . inv4 x = true predicate invariant3 (self : k) val invariant3 (self : k) : bool ensures { result = invariant3 self } @@ -8578,7 +8580,7 @@ module RedBlackTree_Impl15_DeleteRec val inv3 (_x : k) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../red_black_tree.rs" 1 0 1 0] forall x : k . inv3 x = true + axiom inv3 : forall x : k . inv3 x = true predicate invariant2 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) val invariant2 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant2 self } @@ -8587,7 +8589,7 @@ module RedBlackTree_Impl15_DeleteRec val inv2 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv2 x = true + axiom inv2 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv2 x = true predicate invariant1 (self : RedBlackTree_Node_Type.t_node k v) val invariant1 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant1 self } @@ -8597,7 +8599,7 @@ module RedBlackTree_Impl15_DeleteRec ensures { result = inv1 _x } use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv1 x = true + axiom inv1 : forall x : RedBlackTree_Node_Type.t_node k v . inv1 x = true predicate invariant0 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) val invariant0 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant0 self } @@ -8606,7 +8608,7 @@ module RedBlackTree_Impl15_DeleteRec val inv0 (_x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv0 x = true use RedBlackTree_Color_Type as RedBlackTree_Color_Type function color0 [#"../red_black_tree.rs" 256 4 256 27] (self : RedBlackTree_Tree_Type.t_tree k v) : RedBlackTree_Color_Type.t_color @@ -9126,33 +9128,33 @@ module RedBlackTree_Impl15_DeleteRec goto BB0 } BB0 { - _16 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); - self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _16)) }; + [#"../red_black_tree.rs" 750 23 750 41] _16 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); + [#"../red_black_tree.rs" 750 23 750 41] self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _16)) }; assume { inv0 ( ^ _16) }; - _15 <- ([#"../red_black_tree.rs" 750 23 750 41] as_mut0 _16); + [#"../red_black_tree.rs" 750 23 750 41] _15 <- ([#"../red_black_tree.rs" 750 23 750 41] as_mut0 _16); _16 <- any borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)); goto BB1 } BB1 { - _14 <- ([#"../red_black_tree.rs" 750 23 750 50] unwrap0 _15); + [#"../red_black_tree.rs" 750 23 750 50] _14 <- ([#"../red_black_tree.rs" 750 23 750 50] unwrap0 _15); _15 <- any Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)); goto BB2 } BB2 { - _13 <- Borrow.borrow_mut ( * _14); - _14 <- { _14 with current = ^ _13 }; + [#"../red_black_tree.rs" 750 23 750 59] _13 <- Borrow.borrow_mut ( * _14); + [#"../red_black_tree.rs" 750 23 750 59] _14 <- { _14 with current = ^ _13 }; assume { inv1 ( ^ _13) }; - node <- ([#"../red_black_tree.rs" 750 23 750 59] as_mut1 _13); + [#"../red_black_tree.rs" 750 23 750 59] node <- ([#"../red_black_tree.rs" 750 23 750 59] as_mut1 _13); _13 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB3 } BB3 { assert { [@expl:type invariant] inv2 _14 }; assume { resolve0 _14 }; - _21 <- ([#"../red_black_tree.rs" 751 22 751 31] RedBlackTree_Node_Type.node_key ( * node)); + [#"../red_black_tree.rs" 751 22 751 31] _21 <- ([#"../red_black_tree.rs" 751 22 751 31] RedBlackTree_Node_Type.node_key ( * node)); assert { [@expl:type invariant] inv3 _21 }; assume { resolve1 _21 }; - _18 <- ([#"../red_black_tree.rs" 751 14 751 32] cmp0 ([#"../red_black_tree.rs" 751 14 751 32] key) ([#"../red_black_tree.rs" 751 22 751 31] _21)); + [#"../red_black_tree.rs" 751 14 751 32] _18 <- ([#"../red_black_tree.rs" 751 14 751 32] cmp0 ([#"../red_black_tree.rs" 751 14 751 32] key) ([#"../red_black_tree.rs" 751 22 751 31] _21)); goto BB4 } BB4 { @@ -9165,12 +9167,12 @@ module RedBlackTree_Impl15_DeleteRec goto BB7 } BB6 { - ord <- _18; - _45 <- ([#"../red_black_tree.rs" 762 19 762 37] is_red0 ([#"../red_black_tree.rs" 762 19 762 37] RedBlackTree_Node_Type.node_left ( * node))); + [#"../red_black_tree.rs" 761 12 761 15] ord <- ([#"../red_black_tree.rs" 761 12 761 15] _18); + [#"../red_black_tree.rs" 762 19 762 37] _45 <- ([#"../red_black_tree.rs" 762 19 762 37] is_red0 ([#"../red_black_tree.rs" 762 19 762 37] RedBlackTree_Node_Type.node_left ( * node))); goto BB26 } BB7 { - _24 <- ([#"../red_black_tree.rs" 753 19 753 43] is_none0 ([#"../red_black_tree.rs" 753 19 753 43] RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_left ( * node)))); + [#"../red_black_tree.rs" 753 19 753 43] _24 <- ([#"../red_black_tree.rs" 753 19 753 43] is_none0 ([#"../red_black_tree.rs" 753 19 753 43] RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_left ( * node)))); goto BB8 } BB8 { @@ -9184,21 +9186,21 @@ module RedBlackTree_Impl15_DeleteRec assume { resolve3 node }; assert { [@expl:type invariant] inv3 key }; assume { resolve1 key }; - _0 <- ([#"../red_black_tree.rs" 754 27 754 31] Core_Option_Option_Type.C_None); + [#"../red_black_tree.rs" 754 27 754 31] _0 <- ([#"../red_black_tree.rs" 754 27 754 31] Core_Option_Option_Type.C_None); assert { [@expl:type invariant] inv8 self }; assume { resolve4 self }; goto BB74 } BB10 { - _30 <- ([#"../red_black_tree.rs" 756 20 756 38] is_red0 ([#"../red_black_tree.rs" 756 20 756 38] RedBlackTree_Node_Type.node_left ( * node))); + [#"../red_black_tree.rs" 756 20 756 38] _30 <- ([#"../red_black_tree.rs" 756 20 756 38] is_red0 ([#"../red_black_tree.rs" 756 20 756 38] RedBlackTree_Node_Type.node_left ( * node))); goto BB14 } BB11 { - _28 <- ([#"../red_black_tree.rs" 756 19 756 89] [#"../red_black_tree.rs" 756 19 756 89] false); + [#"../red_black_tree.rs" 756 19 756 89] _28 <- ([#"../red_black_tree.rs" 756 19 756 89] [#"../red_black_tree.rs" 756 19 756 89] false); goto BB13 } BB12 { - _36 <- ([#"../red_black_tree.rs" 756 43 756 66] as_ref0 ([#"../red_black_tree.rs" 756 43 756 66] RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_left ( * node)))); + [#"../red_black_tree.rs" 756 43 756 66] _36 <- ([#"../red_black_tree.rs" 756 43 756 66] as_ref0 ([#"../red_black_tree.rs" 756 43 756 66] RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_left ( * node)))); goto BB15 } BB13 { @@ -9214,53 +9216,53 @@ module RedBlackTree_Impl15_DeleteRec end } BB15 { - _35 <- ([#"../red_black_tree.rs" 756 43 756 75] unwrap1 _36); + [#"../red_black_tree.rs" 756 43 756 75] _35 <- ([#"../red_black_tree.rs" 756 43 756 75] unwrap1 _36); _36 <- any Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v); goto BB16 } BB16 { assert { [@expl:type invariant] inv4 _35 }; assume { resolve2 _35 }; - _33 <- ([#"../red_black_tree.rs" 756 43 756 89] is_red0 ([#"../red_black_tree.rs" 756 43 756 89] RedBlackTree_Node_Type.node_left _35)); + [#"../red_black_tree.rs" 756 43 756 89] _33 <- ([#"../red_black_tree.rs" 756 43 756 89] is_red0 ([#"../red_black_tree.rs" 756 43 756 89] RedBlackTree_Node_Type.node_left _35)); goto BB17 } BB17 { - _28 <- ([#"../red_black_tree.rs" 756 42 756 89] not _33); + [#"../red_black_tree.rs" 756 19 756 89] _28 <- ([#"../red_black_tree.rs" 756 42 756 89] not _33); _33 <- any bool; goto BB13 } BB18 { - _40 <- Borrow.borrow_mut ( * node); - node <- { node with current = ^ _40 }; + [#"../red_black_tree.rs" 757 27 757 47] _40 <- Borrow.borrow_mut ( * node); + [#"../red_black_tree.rs" 757 27 757 47] node <- { node with current = ^ _40 }; assume { inv5 ( ^ _40) }; - _39 <- ([#"../red_black_tree.rs" 757 27 757 47] move_red_left0 _40); + [#"../red_black_tree.rs" 757 27 757 47] _39 <- ([#"../red_black_tree.rs" 757 27 757 47] move_red_left0 _40); _40 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB19 } BB19 { - _38 <- Borrow.borrow_mut ( * _39); - _39 <- { _39 with current = ^ _38 }; + [#"../red_black_tree.rs" 757 27 757 47] _38 <- Borrow.borrow_mut ( * _39); + [#"../red_black_tree.rs" 757 27 757 47] _39 <- { _39 with current = ^ _38 }; assume { inv5 ( ^ _38) }; assert { [@expl:type invariant] inv6 node }; assume { resolve3 node }; - node <- _38; - _38 <- any borrowed (RedBlackTree_Node_Type.t_node k v); + [#"../red_black_tree.rs" 757 20 757 47] node <- ([#"../red_black_tree.rs" 757 20 757 47] _38); + [#"../red_black_tree.rs" 757 20 757 47] _38 <- any borrowed (RedBlackTree_Node_Type.t_node k v); assert { [@expl:type invariant] inv6 _39 }; assume { resolve3 _39 }; - _27 <- ([#"../red_black_tree.rs" 756 90 758 17] ()); + [#"../red_black_tree.rs" 756 90 758 17] _27 <- ([#"../red_black_tree.rs" 756 90 758 17] ()); goto BB21 } BB20 { - _27 <- ([#"../red_black_tree.rs" 758 17 758 17] ()); + [#"../red_black_tree.rs" 758 17 758 17] _27 <- ([#"../red_black_tree.rs" 758 17 758 17] ()); goto BB21 } BB21 { - _42 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_left ( * node)); - node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node ( ^ _42) x1 x2 x3 x4) }; + [#"../red_black_tree.rs" 759 20 759 45] _42 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_left ( * node)); + [#"../red_black_tree.rs" 759 20 759 45] node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node ( ^ _42) x1 x2 x3 x4) }; assume { inv7 ( ^ _42) }; assert { [@expl:type invariant] inv3 key }; assume { resolve1 key }; - _41 <- ([#"../red_black_tree.rs" 759 20 759 45] delete_rec _42 ([#"../red_black_tree.rs" 759 41 759 44] key)); + [#"../red_black_tree.rs" 759 20 759 45] _41 <- ([#"../red_black_tree.rs" 759 20 759 45] delete_rec _42 ([#"../red_black_tree.rs" 759 41 759 44] key)); _42 <- any borrowed (RedBlackTree_Tree_Type.t_tree k v); goto BB22 } @@ -9268,9 +9270,9 @@ module RedBlackTree_Impl15_DeleteRec goto BB23 } BB23 { - r <- _41; - _41 <- any Core_Option_Option_Type.t_option (k, v); - _17 <- ([#"../red_black_tree.rs" 759 16 759 45] ()); + [#"../red_black_tree.rs" 759 16 759 17] r <- ([#"../red_black_tree.rs" 759 16 759 17] _41); + [#"../red_black_tree.rs" 759 16 759 17] _41 <- any Core_Option_Option_Type.t_option (k, v); + [#"../red_black_tree.rs" 759 16 759 45] _17 <- ([#"../red_black_tree.rs" 759 16 759 45] ()); goto BB25 } BB25 { @@ -9283,20 +9285,20 @@ module RedBlackTree_Impl15_DeleteRec end } BB27 { - _48 <- Borrow.borrow_mut ( * node); - node <- { node with current = ^ _48 }; + [#"../red_black_tree.rs" 763 20 763 39] _48 <- Borrow.borrow_mut ( * node); + [#"../red_black_tree.rs" 763 20 763 39] node <- { node with current = ^ _48 }; assume { inv5 ( ^ _48) }; - _47 <- ([#"../red_black_tree.rs" 763 20 763 39] rotate_right0 _48); + [#"../red_black_tree.rs" 763 20 763 39] _47 <- ([#"../red_black_tree.rs" 763 20 763 39] rotate_right0 _48); _48 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB28 } BB28 { - _50 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_right ( * node)); - node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 ( ^ _50)) }; + [#"../red_black_tree.rs" 764 24 764 50] _50 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_right ( * node)); + [#"../red_black_tree.rs" 764 24 764 50] node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 ( ^ _50)) }; assume { inv7 ( ^ _50) }; assert { [@expl:type invariant] inv3 key }; assume { resolve1 key }; - _49 <- ([#"../red_black_tree.rs" 764 24 764 50] delete_rec _50 ([#"../red_black_tree.rs" 764 46 764 49] key)); + [#"../red_black_tree.rs" 764 24 764 50] _49 <- ([#"../red_black_tree.rs" 764 24 764 50] delete_rec _50 ([#"../red_black_tree.rs" 764 46 764 49] key)); _50 <- any borrowed (RedBlackTree_Tree_Type.t_tree k v); goto BB29 } @@ -9304,16 +9306,16 @@ module RedBlackTree_Impl15_DeleteRec goto BB30 } BB30 { - r <- _49; - _49 <- any Core_Option_Option_Type.t_option (k, v); - _17 <- ([#"../red_black_tree.rs" 764 20 764 50] ()); + [#"../red_black_tree.rs" 764 20 764 21] r <- ([#"../red_black_tree.rs" 764 20 764 21] _49); + [#"../red_black_tree.rs" 764 20 764 21] _49 <- any Core_Option_Option_Type.t_option (k, v); + [#"../red_black_tree.rs" 764 20 764 50] _17 <- ([#"../red_black_tree.rs" 764 20 764 50] ()); goto BB32 } BB32 { goto BB68 } BB33 { - _53 <- ([#"../red_black_tree.rs" 766 23 766 48] is_none0 ([#"../red_black_tree.rs" 766 23 766 48] RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_right ( * node)))); + [#"../red_black_tree.rs" 766 23 766 48] _53 <- ([#"../red_black_tree.rs" 766 23 766 48] is_none0 ([#"../red_black_tree.rs" 766 23 766 48] RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_right ( * node)))); goto BB34 } BB34 { @@ -9338,17 +9340,17 @@ module RedBlackTree_Impl15_DeleteRec BB37 { assert { [@expl:type invariant] inv8 self }; assume { resolve4 self }; - _0 <- ([#"../red_black_tree.rs" 768 35 768 39] Core_Option_Option_Type.C_None); + [#"../red_black_tree.rs" 768 35 768 39] _0 <- ([#"../red_black_tree.rs" 768 35 768 39] Core_Option_Option_Type.C_None); goto BB73 } BB38 { - _62 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); - self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _62)) }; + [#"../red_black_tree.rs" 770 50 770 64] _62 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); + [#"../red_black_tree.rs" 770 50 770 64] self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _62)) }; assume { inv0 ( ^ _62) }; - _61 <- Borrow.borrow_mut ( * _62); - _62 <- { _62 with current = ^ _61 }; + [#"../red_black_tree.rs" 770 50 770 64] _61 <- Borrow.borrow_mut ( * _62); + [#"../red_black_tree.rs" 770 50 770 64] _62 <- { _62 with current = ^ _61 }; assume { inv0 ( ^ _61) }; - _60 <- ([#"../red_black_tree.rs" 770 35 770 65] take0 _61); + [#"../red_black_tree.rs" 770 35 770 65] _60 <- ([#"../red_black_tree.rs" 770 35 770 65] take0 _61); _61 <- any borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)); goto BB39 } @@ -9357,7 +9359,7 @@ module RedBlackTree_Impl15_DeleteRec assume { resolve8 _62 }; assert { [@expl:type invariant] inv8 self }; assume { resolve4 self }; - node1 <- ([#"../red_black_tree.rs" 770 35 770 74] unwrap2 _60); + [#"../red_black_tree.rs" 770 35 770 74] node1 <- ([#"../red_black_tree.rs" 770 35 770 74] unwrap2 _60); _60 <- any Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v); goto BB40 } @@ -9370,27 +9372,27 @@ module RedBlackTree_Impl15_DeleteRec goto BB42 } BB42 { - _0 <- ([#"../red_black_tree.rs" 771 31 771 57] Core_Option_Option_Type.C_Some ([#"../red_black_tree.rs" 771 36 771 56] (RedBlackTree_Node_Type.node_key node1, RedBlackTree_Node_Type.node_val node1))); - node1 <- (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = node1 in RedBlackTree_Node_Type.C_Node x0 x1 (any k) x3 x4); - node1 <- (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = node1 in RedBlackTree_Node_Type.C_Node x0 x1 x2 (any v) x4); + [#"../red_black_tree.rs" 771 31 771 57] _0 <- ([#"../red_black_tree.rs" 771 31 771 57] Core_Option_Option_Type.C_Some ([#"../red_black_tree.rs" 771 36 771 56] (([#"../red_black_tree.rs" 771 37 771 45] RedBlackTree_Node_Type.node_key node1), ([#"../red_black_tree.rs" 771 47 771 55] RedBlackTree_Node_Type.node_val node1)))); + [#"../red_black_tree.rs" 771 37 771 45] node1 <- (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = node1 in RedBlackTree_Node_Type.C_Node x0 x1 (any k) x3 x4); + [#"../red_black_tree.rs" 771 47 771 55] node1 <- (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = node1 in RedBlackTree_Node_Type.C_Node x0 x1 x2 (any v) x4); goto BB43 } BB43 { goto BB72 } BB44 { - _71 <- ([#"../red_black_tree.rs" 773 24 773 48] as_ref0 ([#"../red_black_tree.rs" 773 24 773 48] RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_right ( * node)))); + [#"../red_black_tree.rs" 773 24 773 48] _71 <- ([#"../red_black_tree.rs" 773 24 773 48] as_ref0 ([#"../red_black_tree.rs" 773 24 773 48] RedBlackTree_Tree_Type.tree_node (RedBlackTree_Node_Type.node_right ( * node)))); goto BB45 } BB45 { - _70 <- ([#"../red_black_tree.rs" 773 24 773 57] unwrap1 _71); + [#"../red_black_tree.rs" 773 24 773 57] _70 <- ([#"../red_black_tree.rs" 773 24 773 57] unwrap1 _71); _71 <- any Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v); goto BB46 } BB46 { assert { [@expl:type invariant] inv4 _70 }; assume { resolve2 _70 }; - _68 <- ([#"../red_black_tree.rs" 773 24 773 71] is_red0 ([#"../red_black_tree.rs" 773 24 773 71] RedBlackTree_Node_Type.node_left _70)); + [#"../red_black_tree.rs" 773 24 773 71] _68 <- ([#"../red_black_tree.rs" 773 24 773 71] is_red0 ([#"../red_black_tree.rs" 773 24 773 71] RedBlackTree_Node_Type.node_left _70)); goto BB47 } BB47 { @@ -9400,28 +9402,28 @@ module RedBlackTree_Impl15_DeleteRec end } BB48 { - _75 <- Borrow.borrow_mut ( * node); - node <- { node with current = ^ _75 }; + [#"../red_black_tree.rs" 774 31 774 52] _75 <- Borrow.borrow_mut ( * node); + [#"../red_black_tree.rs" 774 31 774 52] node <- { node with current = ^ _75 }; assume { inv5 ( ^ _75) }; - _74 <- ([#"../red_black_tree.rs" 774 31 774 52] move_red_right0 _75); + [#"../red_black_tree.rs" 774 31 774 52] _74 <- ([#"../red_black_tree.rs" 774 31 774 52] move_red_right0 _75); _75 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB49 } BB49 { - _73 <- Borrow.borrow_mut ( * _74); - _74 <- { _74 with current = ^ _73 }; + [#"../red_black_tree.rs" 774 31 774 52] _73 <- Borrow.borrow_mut ( * _74); + [#"../red_black_tree.rs" 774 31 774 52] _74 <- { _74 with current = ^ _73 }; assume { inv5 ( ^ _73) }; assert { [@expl:type invariant] inv6 node }; assume { resolve3 node }; - node <- _73; - _73 <- any borrowed (RedBlackTree_Node_Type.t_node k v); + [#"../red_black_tree.rs" 774 24 774 52] node <- ([#"../red_black_tree.rs" 774 24 774 52] _73); + [#"../red_black_tree.rs" 774 24 774 52] _73 <- any borrowed (RedBlackTree_Node_Type.t_node k v); assert { [@expl:type invariant] inv6 _74 }; assume { resolve3 _74 }; - _66 <- ([#"../red_black_tree.rs" 773 72 775 21] ()); + [#"../red_black_tree.rs" 773 72 775 21] _66 <- ([#"../red_black_tree.rs" 773 72 775 21] ()); goto BB51 } BB50 { - _66 <- ([#"../red_black_tree.rs" 775 21 775 21] ()); + [#"../red_black_tree.rs" 775 21 775 21] _66 <- ([#"../red_black_tree.rs" 775 21 775 21] ()); goto BB51 } BB51 { @@ -9436,32 +9438,32 @@ module RedBlackTree_Impl15_DeleteRec BB53 { assert { [@expl:type invariant] inv3 key }; assume { resolve1 key }; - _78 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_right ( * node)); - node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 ( ^ _78)) }; + [#"../red_black_tree.rs" 777 37 777 64] _78 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_right ( * node)); + [#"../red_black_tree.rs" 777 37 777 64] node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 ( ^ _78)) }; assume { inv7 ( ^ _78) }; - kv <- ([#"../red_black_tree.rs" 777 37 777 64] delete_min_rec0 _78); + [#"../red_black_tree.rs" 777 37 777 64] kv <- ([#"../red_black_tree.rs" 777 37 777 64] delete_min_rec0 _78); _78 <- any borrowed (RedBlackTree_Tree_Type.t_tree k v); goto BB54 } BB54 { - _79 <- ([#"../red_black_tree.rs" 778 24 778 53] Ghost.new ()); + [#"../red_black_tree.rs" 778 24 778 53] _79 <- ([#"../red_black_tree.rs" 778 24 778 53] Ghost.new ()); goto BB55 } BB55 { assume { resolve5 _79 }; - _83 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_key ( * node)); - node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 x1 ( ^ _83) x3 x4) }; + [#"../red_black_tree.rs" 779 39 779 52] _83 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_key ( * node)); + [#"../red_black_tree.rs" 779 39 779 52] node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 x1 ( ^ _83) x3 x4) }; assume { inv9 ( ^ _83) }; - _82 <- Borrow.borrow_mut ( * _83); - _83 <- { _83 with current = ^ _82 }; + [#"../red_black_tree.rs" 779 39 779 52] _82 <- Borrow.borrow_mut ( * _83); + [#"../red_black_tree.rs" 779 39 779 52] _83 <- { _83 with current = ^ _82 }; assume { inv9 ( ^ _82) }; - _85 <- Borrow.borrow_mut (let (a, _) = kv in a); - kv <- (let (x0, x1) = kv in ( ^ _85, x1)); + [#"../red_black_tree.rs" 779 54 779 63] _85 <- Borrow.borrow_mut (let (a, _) = kv in a); + [#"../red_black_tree.rs" 779 54 779 63] kv <- (let (x0, x1) = kv in ( ^ _85, x1)); assume { inv9 ( ^ _85) }; - _84 <- Borrow.borrow_mut ( * _85); - _85 <- { _85 with current = ^ _84 }; + [#"../red_black_tree.rs" 779 54 779 63] _84 <- Borrow.borrow_mut ( * _85); + [#"../red_black_tree.rs" 779 54 779 63] _85 <- { _85 with current = ^ _84 }; assume { inv9 ( ^ _84) }; - _81 <- ([#"../red_black_tree.rs" 779 24 779 64] swap0 _82 _84); + [#"../red_black_tree.rs" 779 24 779 64] _81 <- ([#"../red_black_tree.rs" 779 24 779 64] swap0 _82 _84); _82 <- any borrowed k; _84 <- any borrowed k; goto BB56 @@ -9471,19 +9473,19 @@ module RedBlackTree_Impl15_DeleteRec assume { resolve6 _85 }; assert { [@expl:type invariant] inv10 _83 }; assume { resolve6 _83 }; - _88 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_val ( * node)); - node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 x1 x2 ( ^ _88) x4) }; + [#"../red_black_tree.rs" 780 39 780 52] _88 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_val ( * node)); + [#"../red_black_tree.rs" 780 39 780 52] node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 x1 x2 ( ^ _88) x4) }; assume { inv11 ( ^ _88) }; - _87 <- Borrow.borrow_mut ( * _88); - _88 <- { _88 with current = ^ _87 }; + [#"../red_black_tree.rs" 780 39 780 52] _87 <- Borrow.borrow_mut ( * _88); + [#"../red_black_tree.rs" 780 39 780 52] _88 <- { _88 with current = ^ _87 }; assume { inv11 ( ^ _87) }; - _90 <- Borrow.borrow_mut (let (_, a) = kv in a); - kv <- (let (x0, x1) = kv in (x0, ^ _90)); + [#"../red_black_tree.rs" 780 54 780 63] _90 <- Borrow.borrow_mut (let (_, a) = kv in a); + [#"../red_black_tree.rs" 780 54 780 63] kv <- (let (x0, x1) = kv in (x0, ^ _90)); assume { inv11 ( ^ _90) }; - _89 <- Borrow.borrow_mut ( * _90); - _90 <- { _90 with current = ^ _89 }; + [#"../red_black_tree.rs" 780 54 780 63] _89 <- Borrow.borrow_mut ( * _90); + [#"../red_black_tree.rs" 780 54 780 63] _90 <- { _90 with current = ^ _89 }; assume { inv11 ( ^ _89) }; - _86 <- ([#"../red_black_tree.rs" 780 24 780 64] swap1 _87 _89); + [#"../red_black_tree.rs" 780 24 780 64] _86 <- ([#"../red_black_tree.rs" 780 24 780 64] swap1 _87 _89); _87 <- any borrowed v; _89 <- any borrowed v; goto BB57 @@ -9499,9 +9501,9 @@ module RedBlackTree_Impl15_DeleteRec goto BB59 } BB59 { - r <- ([#"../red_black_tree.rs" 781 28 781 36] Core_Option_Option_Type.C_Some kv); - kv <- any (k, v); - _17 <- ([#"../red_black_tree.rs" 781 24 781 36] ()); + [#"../red_black_tree.rs" 781 24 781 25] r <- ([#"../red_black_tree.rs" 781 28 781 36] Core_Option_Option_Type.C_Some ([#"../red_black_tree.rs" 781 33 781 35] kv)); + [#"../red_black_tree.rs" 781 33 781 35] kv <- any (k, v); + [#"../red_black_tree.rs" 781 24 781 36] _17 <- ([#"../red_black_tree.rs" 781 24 781 36] ()); goto BB61 } BB61 { @@ -9511,12 +9513,12 @@ module RedBlackTree_Impl15_DeleteRec goto BB68 } BB63 { - _94 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_right ( * node)); - node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 ( ^ _94)) }; + [#"../red_black_tree.rs" 783 28 783 54] _94 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_right ( * node)); + [#"../red_black_tree.rs" 783 28 783 54] node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 ( ^ _94)) }; assume { inv7 ( ^ _94) }; assert { [@expl:type invariant] inv3 key }; assume { resolve1 key }; - _93 <- ([#"../red_black_tree.rs" 783 28 783 54] delete_rec _94 ([#"../red_black_tree.rs" 783 50 783 53] key)); + [#"../red_black_tree.rs" 783 28 783 54] _93 <- ([#"../red_black_tree.rs" 783 28 783 54] delete_rec _94 ([#"../red_black_tree.rs" 783 50 783 53] key)); _94 <- any borrowed (RedBlackTree_Tree_Type.t_tree k v); goto BB64 } @@ -9524,9 +9526,9 @@ module RedBlackTree_Impl15_DeleteRec goto BB65 } BB65 { - r <- _93; - _93 <- any Core_Option_Option_Type.t_option (k, v); - _17 <- ([#"../red_black_tree.rs" 783 24 783 54] ()); + [#"../red_black_tree.rs" 783 24 783 25] r <- ([#"../red_black_tree.rs" 783 24 783 25] _93); + [#"../red_black_tree.rs" 783 24 783 25] _93 <- any Core_Option_Option_Type.t_option (k, v); + [#"../red_black_tree.rs" 783 24 783 54] _17 <- ([#"../red_black_tree.rs" 783 24 783 54] ()); goto BB67 } BB67 { @@ -9536,10 +9538,10 @@ module RedBlackTree_Impl15_DeleteRec goto BB69 } BB69 { - _97 <- Borrow.borrow_mut ( * node); - node <- { node with current = ^ _97 }; + [#"../red_black_tree.rs" 788 8 788 22] _97 <- Borrow.borrow_mut ( * node); + [#"../red_black_tree.rs" 788 8 788 22] node <- { node with current = ^ _97 }; assume { inv5 ( ^ _97) }; - _96 <- ([#"../red_black_tree.rs" 788 8 788 22] balance0 _97); + [#"../red_black_tree.rs" 788 8 788 22] _96 <- ([#"../red_black_tree.rs" 788 8 788 22] balance0 _97); _97 <- any borrowed (RedBlackTree_Node_Type.t_node k v); goto BB70 } @@ -9548,8 +9550,8 @@ module RedBlackTree_Impl15_DeleteRec assume { resolve3 node }; assert { [@expl:type invariant] inv8 self }; assume { resolve4 self }; - _0 <- r; - r <- any Core_Option_Option_Type.t_option (k, v); + [#"../red_black_tree.rs" 789 8 789 9] _0 <- ([#"../red_black_tree.rs" 789 8 789 9] r); + [#"../red_black_tree.rs" 789 8 789 9] r <- any Core_Option_Option_Type.t_option (k, v); goto BB71 } BB71 { @@ -9679,7 +9681,7 @@ module RedBlackTree_Impl15_Delete val inv12 (_x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v)) : bool ensures { result = inv12 _x } - axiom inv12 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v) . inv12 x = true + axiom inv12 : forall x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v) . inv12 x = true use RedBlackTree_Node_Type as RedBlackTree_Node_Type use prelude.Borrow predicate invariant12 (self : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v))) @@ -9690,7 +9692,7 @@ module RedBlackTree_Impl15_Delete val inv11 (_x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv11 x = true + axiom inv11 : forall x : Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)) . inv11 x = true use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type predicate invariant11 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant11 (self : RedBlackTree_Tree_Type.t_tree k v) : bool @@ -9700,7 +9702,7 @@ module RedBlackTree_Impl15_Delete val inv10 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv10 x = true + axiom inv10 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv10 x = true predicate invariant10 (self : v) val invariant10 (self : v) : bool ensures { result = invariant10 self } @@ -9709,12 +9711,12 @@ module RedBlackTree_Impl15_Delete val inv9 (_x : v) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../red_black_tree.rs" 1 0 1 0] forall x : v . inv9 x = true + axiom inv9 : forall x : v . inv9 x = true predicate invariant9 (self : deep_model_ty0) val invariant9 (self : deep_model_ty0) : bool ensures { result = invariant9 self } - axiom inv8 : [#"../red_black_tree.rs" 1 0 1 0] forall x : deep_model_ty0 . inv8 x = true + axiom inv8 : forall x : deep_model_ty0 . inv8 x = true predicate invariant8 (self : Core_Option_Option_Type.t_option (k, v)) val invariant8 (self : Core_Option_Option_Type.t_option (k, v)) : bool ensures { result = invariant8 self } @@ -9723,7 +9725,7 @@ module RedBlackTree_Impl15_Delete val inv7 (_x : Core_Option_Option_Type.t_option (k, v)) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (k, v) . inv7 x = true + axiom inv7 : forall x : Core_Option_Option_Type.t_option (k, v) . inv7 x = true predicate invariant7 (self : borrowed (RedBlackTree_Tree_Type.t_tree k v)) val invariant7 (self : borrowed (RedBlackTree_Tree_Type.t_tree k v)) : bool ensures { result = invariant7 self } @@ -9732,7 +9734,7 @@ module RedBlackTree_Impl15_Delete val inv6 (_x : borrowed (RedBlackTree_Tree_Type.t_tree k v)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Tree_Type.t_tree k v) . inv6 x = true + axiom inv6 : forall x : borrowed (RedBlackTree_Tree_Type.t_tree k v) . inv6 x = true predicate invariant6 (self : k) val invariant6 (self : k) : bool ensures { result = invariant6 self } @@ -9741,7 +9743,7 @@ module RedBlackTree_Impl15_Delete val inv5 (_x : k) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../red_black_tree.rs" 1 0 1 0] forall x : k . inv5 x = true + axiom inv5 : forall x : k . inv5 x = true predicate invariant5 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant5 (self : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = invariant5 self } @@ -9750,7 +9752,7 @@ module RedBlackTree_Impl15_Delete val inv4 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv4 x = true + axiom inv4 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv4 x = true predicate invariant4 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) val invariant4 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = invariant4 self } @@ -9759,7 +9761,7 @@ module RedBlackTree_Impl15_Delete val inv3 (_x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv3 x = true + axiom inv3 : forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv3 x = true predicate invariant3 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) val invariant3 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant3 self } @@ -9768,7 +9770,7 @@ module RedBlackTree_Impl15_Delete val inv2 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv2 x = true + axiom inv2 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv2 x = true predicate invariant2 (self : RedBlackTree_Node_Type.t_node k v) val invariant2 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant2 self } @@ -9778,7 +9780,7 @@ module RedBlackTree_Impl15_Delete ensures { result = inv1 _x } use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv1 x = true + axiom inv1 : forall x : RedBlackTree_Node_Type.t_node k v . inv1 x = true predicate invariant1 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) val invariant1 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant1 self } @@ -9787,7 +9789,7 @@ module RedBlackTree_Impl15_Delete val inv0 (_x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv0 x = true + axiom inv0 : forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv0 x = true use map.Map function deep_model0 (self : k) : deep_model_ty0 val deep_model0 (self : k) : deep_model_ty0 @@ -10055,13 +10057,13 @@ module RedBlackTree_Impl15_Delete goto BB0 } BB0 { - _7 <- ([#"../red_black_tree.rs" 801 8 801 39] Ghost.new ()); + [#"../red_black_tree.rs" 801 8 801 39] _7 <- ([#"../red_black_tree.rs" 801 8 801 39] Ghost.new ()); goto BB1 } BB1 { assume { resolve0 _7 }; - _10 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); - self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _10)) }; + [#"../red_black_tree.rs" 803 28 803 42] _10 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); + [#"../red_black_tree.rs" 803 28 803 42] self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _10)) }; assume { inv0 ( ^ _10) }; switch ( * _10) | Core_Option_Option_Type.C_Some _ -> goto BB2 @@ -10072,10 +10074,10 @@ module RedBlackTree_Impl15_Delete goto BB3 } BB3 { - node <- Borrow.borrow_mut (Core_Option_Option_Type.some_0 ( * _10)); - _10 <- { _10 with current = (let Core_Option_Option_Type.C_Some x0 = * _10 in Core_Option_Option_Type.C_Some ( ^ node)) }; + [#"../red_black_tree.rs" 803 20 803 24] node <- Borrow.borrow_mut (Core_Option_Option_Type.some_0 ( * _10)); + [#"../red_black_tree.rs" 803 20 803 24] _10 <- { _10 with current = (let Core_Option_Option_Type.C_Some x0 = * _10 in Core_Option_Option_Type.C_Some ( ^ node)) }; assume { inv1 ( ^ node) }; - _14 <- ([#"../red_black_tree.rs" 804 16 804 34] is_red0 ([#"../red_black_tree.rs" 804 16 804 34] RedBlackTree_Node_Type.node_left ( * node))); + [#"../red_black_tree.rs" 804 16 804 34] _14 <- ([#"../red_black_tree.rs" 804 16 804 34] is_red0 ([#"../red_black_tree.rs" 804 16 804 34] RedBlackTree_Node_Type.node_left ( * node))); goto BB4 } BB4 { @@ -10085,29 +10087,29 @@ module RedBlackTree_Impl15_Delete end } BB5 { - node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 ([#"../red_black_tree.rs" 805 29 805 32] RedBlackTree_Color_Type.C_Red) x2 x3 x4) }; + [#"../red_black_tree.rs" 805 16 805 32] node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 ([#"../red_black_tree.rs" 805 29 805 32] RedBlackTree_Color_Type.C_Red) x2 x3 x4) }; assert { [@expl:type invariant] inv2 node }; assume { resolve1 node }; assert { [@expl:type invariant] inv3 _10 }; assume { resolve2 _10 }; - _9 <- ([#"../red_black_tree.rs" 804 35 806 13] ()); + [#"../red_black_tree.rs" 804 35 806 13] _9 <- ([#"../red_black_tree.rs" 804 35 806 13] ()); goto BB7 } BB6 { assert { [@expl:type invariant] inv2 node }; assume { resolve1 node }; - _9 <- ([#"../red_black_tree.rs" 806 13 806 13] ()); + [#"../red_black_tree.rs" 806 13 806 13] _9 <- ([#"../red_black_tree.rs" 806 13 806 13] ()); assert { [@expl:type invariant] inv3 _10 }; assume { resolve2 _10 }; goto BB7 } BB7 { - _19 <- Borrow.borrow_mut ( * self); - self <- { self with current = ^ _19 }; + [#"../red_black_tree.rs" 810 16 810 36] _19 <- Borrow.borrow_mut ( * self); + [#"../red_black_tree.rs" 810 16 810 36] self <- { self with current = ^ _19 }; assume { inv4 ( ^ _19) }; assert { [@expl:type invariant] inv5 key }; assume { resolve3 key }; - r <- ([#"../red_black_tree.rs" 810 16 810 36] delete_rec0 _19 ([#"../red_black_tree.rs" 810 32 810 35] key)); + [#"../red_black_tree.rs" 810 16 810 36] r <- ([#"../red_black_tree.rs" 810 16 810 36] delete_rec0 _19 ([#"../red_black_tree.rs" 810 32 810 35] key)); _19 <- any borrowed (RedBlackTree_Tree_Type.t_tree k v); goto BB9 } @@ -10116,13 +10118,13 @@ module RedBlackTree_Impl15_Delete assume { resolve2 _10 }; assert { [@expl:type invariant] inv5 key }; assume { resolve3 key }; - _0 <- ([#"../red_black_tree.rs" 808 19 808 23] Core_Option_Option_Type.C_None); + [#"../red_black_tree.rs" 808 19 808 23] _0 <- ([#"../red_black_tree.rs" 808 19 808 23] Core_Option_Option_Type.C_None); assert { [@expl:type invariant] inv6 self }; assume { resolve4 self }; goto BB17 } BB9 { - _22 <- ([#"../red_black_tree.rs" 811 11 811 24] is_red0 ([#"../red_black_tree.rs" 811 11 811 24] * self)); + [#"../red_black_tree.rs" 811 11 811 24] _22 <- ([#"../red_black_tree.rs" 811 11 811 24] is_red0 ([#"../red_black_tree.rs" 811 11 811 24] * self)); goto BB10 } BB10 { @@ -10132,36 +10134,36 @@ module RedBlackTree_Impl15_Delete end } BB11 { - _27 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); - self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _27)) }; + [#"../red_black_tree.rs" 812 12 812 30] _27 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * self)); + [#"../red_black_tree.rs" 812 12 812 30] self <- { self with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * self in RedBlackTree_Tree_Type.C_Tree ( ^ _27)) }; assume { inv0 ( ^ _27) }; - _26 <- ([#"../red_black_tree.rs" 812 12 812 30] as_mut0 _27); + [#"../red_black_tree.rs" 812 12 812 30] _26 <- ([#"../red_black_tree.rs" 812 12 812 30] as_mut0 _27); _27 <- any borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)); goto BB12 } BB12 { - _25 <- ([#"../red_black_tree.rs" 812 12 812 39] unwrap0 _26); + [#"../red_black_tree.rs" 812 12 812 39] _25 <- ([#"../red_black_tree.rs" 812 12 812 39] unwrap0 _26); _26 <- any Core_Option_Option_Type.t_option (borrowed (RedBlackTree_Node_Type.t_node k v)); goto BB13 } BB13 { - _25 <- { _25 with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * _25 in RedBlackTree_Node_Type.C_Node x0 ([#"../red_black_tree.rs" 812 48 812 53] RedBlackTree_Color_Type.C_Black) x2 x3 x4) }; + [#"../red_black_tree.rs" 812 12 812 53] _25 <- { _25 with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * _25 in RedBlackTree_Node_Type.C_Node x0 ([#"../red_black_tree.rs" 812 48 812 53] RedBlackTree_Color_Type.C_Black) x2 x3 x4) }; assert { [@expl:type invariant] inv2 _25 }; assume { resolve1 _25 }; assert { [@expl:type invariant] inv6 self }; assume { resolve4 self }; - _21 <- ([#"../red_black_tree.rs" 811 25 813 9] ()); + [#"../red_black_tree.rs" 811 25 813 9] _21 <- ([#"../red_black_tree.rs" 811 25 813 9] ()); goto BB15 } BB14 { assert { [@expl:type invariant] inv6 self }; assume { resolve4 self }; - _21 <- ([#"../red_black_tree.rs" 813 9 813 9] ()); + [#"../red_black_tree.rs" 813 9 813 9] _21 <- ([#"../red_black_tree.rs" 813 9 813 9] ()); goto BB15 } BB15 { - _0 <- r; - r <- any Core_Option_Option_Type.t_option (k, v); + [#"../red_black_tree.rs" 814 8 814 9] _0 <- ([#"../red_black_tree.rs" 814 8 814 9] r); + [#"../red_black_tree.rs" 814 8 814 9] r <- any Core_Option_Option_Type.t_option (k, v); goto BB16 } BB16 { @@ -10186,7 +10188,7 @@ module RedBlackTree_Impl15_Get val inv9 (_x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v)) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v) . inv9 x = true + axiom inv9 : forall x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v) . inv9 x = true use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type function cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering val cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering @@ -10284,7 +10286,7 @@ module RedBlackTree_Impl15_Get val invariant9 (self : deep_model_ty0) : bool ensures { result = invariant9 self } - axiom inv8 : [#"../red_black_tree.rs" 1 0 1 0] forall x : deep_model_ty0 . inv8 x = true + axiom inv8 : forall x : deep_model_ty0 . inv8 x = true use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type predicate invariant8 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant8 (self : RedBlackTree_Tree_Type.t_tree k v) : bool @@ -10294,7 +10296,7 @@ module RedBlackTree_Impl15_Get val inv7 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv7 x = true + axiom inv7 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv7 x = true predicate invariant7 (self : Core_Option_Option_Type.t_option v) val invariant7 (self : Core_Option_Option_Type.t_option v) : bool ensures { result = invariant7 self } @@ -10303,7 +10305,7 @@ module RedBlackTree_Impl15_Get val inv6 (_x : Core_Option_Option_Type.t_option v) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option v . inv6 x = true + axiom inv6 : forall x : Core_Option_Option_Type.t_option v . inv6 x = true predicate invariant6 (self : v) val invariant6 (self : v) : bool ensures { result = invariant6 self } @@ -10312,7 +10314,7 @@ module RedBlackTree_Impl15_Get val inv5 (_x : v) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../red_black_tree.rs" 1 0 1 0] forall x : v . inv5 x = true + axiom inv5 : forall x : v . inv5 x = true use RedBlackTree_Node_Type as RedBlackTree_Node_Type predicate invariant5 (self : RedBlackTree_Node_Type.t_node k v) val invariant5 (self : RedBlackTree_Node_Type.t_node k v) : bool @@ -10322,7 +10324,7 @@ module RedBlackTree_Impl15_Get val inv4 (_x : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv4 x = true + axiom inv4 : forall x : RedBlackTree_Node_Type.t_node k v . inv4 x = true predicate invariant4 (self : k) val invariant4 (self : k) : bool ensures { result = invariant4 self } @@ -10331,7 +10333,7 @@ module RedBlackTree_Impl15_Get val inv3 (_x : k) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../red_black_tree.rs" 1 0 1 0] forall x : k . inv3 x = true + axiom inv3 : forall x : k . inv3 x = true predicate invariant3 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) val invariant3 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant3 self } @@ -10340,7 +10342,7 @@ module RedBlackTree_Impl15_Get val inv2 (_x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv2 x = true predicate invariant2 (self : v) val invariant2 (self : v) : bool ensures { result = invariant2 self } @@ -10349,7 +10351,7 @@ module RedBlackTree_Impl15_Get val inv1 (_x : v) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : v . inv1 x = true + axiom inv1 : forall x : v . inv1 x = true predicate invariant1 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant1 (self : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = invariant1 self } @@ -10358,7 +10360,7 @@ module RedBlackTree_Impl15_Get val inv0 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv0 x = true + axiom inv0 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv0 x = true use map.Map use map.Map function deep_model1 (self : k) : deep_model_ty0 @@ -10579,12 +10581,12 @@ module RedBlackTree_Impl15_Get goto BB0 } BB0 { - _6 <- ([#"../red_black_tree.rs" 823 8 823 39] Ghost.new ()); + [#"../red_black_tree.rs" 823 8 823 39] _6 <- ([#"../red_black_tree.rs" 823 8 823 39] Ghost.new ()); goto BB1 } BB1 { assume { resolve0 _6 }; - tree <- self; + [#"../red_black_tree.rs" 825 23 825 27] tree <- ([#"../red_black_tree.rs" 825 23 825 27] self); assert { [@expl:type invariant] inv0 self }; assume { resolve1 self }; goto BB2 @@ -10595,7 +10597,7 @@ module RedBlackTree_Impl15_Get goto BB3 } BB3 { - _13 <- ([#"../red_black_tree.rs" 828 31 828 41] RedBlackTree_Tree_Type.tree_node tree); + [#"../red_black_tree.rs" 828 31 828 41] _13 <- ([#"../red_black_tree.rs" 828 31 828 41] RedBlackTree_Tree_Type.tree_node tree); assert { [@expl:type invariant] inv0 tree }; assume { resolve1 tree }; switch (_13) @@ -10607,13 +10609,13 @@ module RedBlackTree_Impl15_Get goto BB5 } BB5 { - node <- ([#"../red_black_tree.rs" 828 23 828 27] Core_Option_Option_Type.some_0 _13); + [#"../red_black_tree.rs" 828 23 828 27] node <- ([#"../red_black_tree.rs" 828 23 828 27] Core_Option_Option_Type.some_0 _13); assert { [@expl:type invariant] inv2 _13 }; assume { resolve2 _13 }; - _19 <- ([#"../red_black_tree.rs" 829 26 829 35] RedBlackTree_Node_Type.node_key node); + [#"../red_black_tree.rs" 829 26 829 35] _19 <- ([#"../red_black_tree.rs" 829 26 829 35] RedBlackTree_Node_Type.node_key node); assert { [@expl:type invariant] inv3 _19 }; assume { resolve3 _19 }; - _16 <- ([#"../red_black_tree.rs" 829 18 829 36] cmp0 ([#"../red_black_tree.rs" 829 18 829 36] key) ([#"../red_black_tree.rs" 829 26 829 35] _19)); + [#"../red_black_tree.rs" 829 18 829 36] _16 <- ([#"../red_black_tree.rs" 829 18 829 36] cmp0 ([#"../red_black_tree.rs" 829 18 829 36] key) ([#"../red_black_tree.rs" 829 26 829 35] _19)); goto BB6 } BB6 { @@ -10630,13 +10632,13 @@ module RedBlackTree_Impl15_Get goto BB12 } BB9 { - _27 <- ([#"../red_black_tree.rs" 832 34 832 45] RedBlackTree_Node_Type.node_right node); + [#"../red_black_tree.rs" 832 34 832 45] _27 <- ([#"../red_black_tree.rs" 832 34 832 45] RedBlackTree_Node_Type.node_right node); assert { [@expl:type invariant] inv4 node }; assume { resolve4 node }; assert { [@expl:type invariant] inv0 _27 }; assume { resolve1 _27 }; - tree <- ([#"../red_black_tree.rs" 832 34 832 45] _27); - _12 <- ([#"../red_black_tree.rs" 832 27 832 45] ()); + [#"../red_black_tree.rs" 832 27 832 45] tree <- ([#"../red_black_tree.rs" 832 34 832 45] _27); + [#"../red_black_tree.rs" 832 27 832 45] _12 <- ([#"../red_black_tree.rs" 832 27 832 45] ()); goto BB13 } BB10 { @@ -10644,27 +10646,28 @@ module RedBlackTree_Impl15_Get assume { resolve4 node }; assert { [@expl:type invariant] inv3 key }; assume { resolve3 key }; + assert { [#"../red_black_tree.rs" 829 18 829 36] false }; absurd } BB11 { - _22 <- ([#"../red_black_tree.rs" 830 31 830 41] RedBlackTree_Node_Type.node_left node); + [#"../red_black_tree.rs" 830 31 830 41] _22 <- ([#"../red_black_tree.rs" 830 31 830 41] RedBlackTree_Node_Type.node_left node); assert { [@expl:type invariant] inv4 node }; assume { resolve4 node }; assert { [@expl:type invariant] inv0 _22 }; assume { resolve1 _22 }; - tree <- ([#"../red_black_tree.rs" 830 31 830 41] _22); - _12 <- ([#"../red_black_tree.rs" 830 24 830 41] ()); + [#"../red_black_tree.rs" 830 24 830 41] tree <- ([#"../red_black_tree.rs" 830 31 830 41] _22); + [#"../red_black_tree.rs" 830 24 830 41] _12 <- ([#"../red_black_tree.rs" 830 24 830 41] ()); goto BB13 } BB12 { assert { [@expl:type invariant] inv3 key }; assume { resolve3 key }; - _25 <- ([#"../red_black_tree.rs" 831 37 831 46] RedBlackTree_Node_Type.node_val node); + [#"../red_black_tree.rs" 831 37 831 46] _25 <- ([#"../red_black_tree.rs" 831 37 831 46] RedBlackTree_Node_Type.node_val node); assert { [@expl:type invariant] inv4 node }; assume { resolve4 node }; assert { [@expl:type invariant] inv5 _25 }; assume { resolve5 _25 }; - _0 <- ([#"../red_black_tree.rs" 831 32 831 47] Core_Option_Option_Type.C_Some ([#"../red_black_tree.rs" 831 37 831 46] _25)); + [#"../red_black_tree.rs" 831 32 831 47] _0 <- ([#"../red_black_tree.rs" 831 32 831 47] Core_Option_Option_Type.C_Some ([#"../red_black_tree.rs" 831 37 831 46] _25)); goto BB15 } BB13 { @@ -10675,7 +10678,7 @@ module RedBlackTree_Impl15_Get assume { resolve2 _13 }; assert { [@expl:type invariant] inv3 key }; assume { resolve3 key }; - _0 <- ([#"../red_black_tree.rs" 835 15 835 19] Core_Option_Option_Type.C_None); + [#"../red_black_tree.rs" 835 15 835 19] _0 <- ([#"../red_black_tree.rs" 835 15 835 19] Core_Option_Option_Type.C_None); goto BB15 } BB15 { @@ -10697,7 +10700,7 @@ module RedBlackTree_Impl15_GetMut val inv12 (_x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v)) : bool ensures { result = inv12 _x } - axiom inv12 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v) . inv12 x = true + axiom inv12 : forall x : Map.map deep_model_ty0 (Core_Option_Option_Type.t_option v) . inv12 x = true use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type function cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering val cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering @@ -10800,7 +10803,7 @@ module RedBlackTree_Impl15_GetMut val inv11 (_x : Core_Option_Option_Type.t_option (borrowed v)) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (borrowed v) . inv11 x = true + axiom inv11 : forall x : Core_Option_Option_Type.t_option (borrowed v) . inv11 x = true use RedBlackTree_Node_Type as RedBlackTree_Node_Type predicate invariant11 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) val invariant11 (self : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool @@ -10810,7 +10813,7 @@ module RedBlackTree_Impl15_GetMut val inv10 (_x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v))) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv10 x = true + axiom inv10 : forall x : borrowed (Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) . inv10 x = true predicate invariant10 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) val invariant10 (self : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant10 self } @@ -10819,7 +10822,7 @@ module RedBlackTree_Impl15_GetMut val inv9 (_x : borrowed (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv9 x = true + axiom inv9 : forall x : borrowed (RedBlackTree_Node_Type.t_node k v) . inv9 x = true predicate invariant9 (self : borrowed v) val invariant9 (self : borrowed v) : bool ensures { result = invariant9 self } @@ -10828,7 +10831,7 @@ module RedBlackTree_Impl15_GetMut val inv8 (_x : borrowed v) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed v . inv8 x = true + axiom inv8 : forall x : borrowed v . inv8 x = true use RedBlackTree_Tree_Type as RedBlackTree_Tree_Type predicate invariant8 (self : borrowed (RedBlackTree_Tree_Type.t_tree k v)) val invariant8 (self : borrowed (RedBlackTree_Tree_Type.t_tree k v)) : bool @@ -10838,7 +10841,7 @@ module RedBlackTree_Impl15_GetMut val inv7 (_x : borrowed (RedBlackTree_Tree_Type.t_tree k v)) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../red_black_tree.rs" 1 0 1 0] forall x : borrowed (RedBlackTree_Tree_Type.t_tree k v) . inv7 x = true + axiom inv7 : forall x : borrowed (RedBlackTree_Tree_Type.t_tree k v) . inv7 x = true predicate invariant7 (self : RedBlackTree_Tree_Type.t_tree k v) val invariant7 (self : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = invariant7 self } @@ -10847,7 +10850,7 @@ module RedBlackTree_Impl15_GetMut val inv6 (_x : RedBlackTree_Tree_Type.t_tree k v) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Tree_Type.t_tree k v . inv6 x = true + axiom inv6 : forall x : RedBlackTree_Tree_Type.t_tree k v . inv6 x = true predicate invariant6 (self : k) val invariant6 (self : k) : bool ensures { result = invariant6 self } @@ -10856,7 +10859,7 @@ module RedBlackTree_Impl15_GetMut val inv5 (_x : k) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../red_black_tree.rs" 1 0 1 0] forall x : k . inv5 x = true + axiom inv5 : forall x : k . inv5 x = true predicate invariant5 (self : RedBlackTree_Node_Type.t_node k v) val invariant5 (self : RedBlackTree_Node_Type.t_node k v) : bool ensures { result = invariant5 self } @@ -10866,7 +10869,7 @@ module RedBlackTree_Impl15_GetMut ensures { result = inv4 _x } use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - axiom inv4 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Node_Type.t_node k v . inv4 x = true + axiom inv4 : forall x : RedBlackTree_Node_Type.t_node k v . inv4 x = true predicate invariant4 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) val invariant4 (self : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = invariant4 self } @@ -10875,12 +10878,12 @@ module RedBlackTree_Impl15_GetMut val inv3 (_x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option (RedBlackTree_Node_Type.t_node k v) . inv3 x = true predicate invariant3 (self : deep_model_ty0) val invariant3 (self : deep_model_ty0) : bool ensures { result = invariant3 self } - axiom inv2 : [#"../red_black_tree.rs" 1 0 1 0] forall x : deep_model_ty0 . inv2 x = true + axiom inv2 : forall x : deep_model_ty0 . inv2 x = true predicate invariant2 (self : v) val invariant2 (self : v) : bool ensures { result = invariant2 self } @@ -10889,7 +10892,7 @@ module RedBlackTree_Impl15_GetMut val inv1 (_x : v) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : v . inv1 x = true + axiom inv1 : forall x : v . inv1 x = true use prelude.Ghost predicate invariant1 (self : Ghost.ghost_ty (borrowed (RedBlackTree_Tree_Type.t_tree k v))) val invariant1 (self : Ghost.ghost_ty (borrowed (RedBlackTree_Tree_Type.t_tree k v))) : bool @@ -10899,7 +10902,7 @@ module RedBlackTree_Impl15_GetMut val inv0 (_x : Ghost.ghost_ty (borrowed (RedBlackTree_Tree_Type.t_tree k v))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : Ghost.ghost_ty (borrowed (RedBlackTree_Tree_Type.t_tree k v)) . inv0 x = true + axiom inv0 : forall x : Ghost.ghost_ty (borrowed (RedBlackTree_Tree_Type.t_tree k v)) . inv0 x = true use map.Map function deep_model1 (self : k) : deep_model_ty0 val deep_model1 (self : k) : deep_model_ty0 @@ -11144,19 +11147,19 @@ module RedBlackTree_Impl15_GetMut goto BB0 } BB0 { - _7 <- ([#"../red_black_tree.rs" 845 8 845 39] Ghost.new ()); + [#"../red_black_tree.rs" 845 8 845 39] _7 <- ([#"../red_black_tree.rs" 845 8 845 39] Ghost.new ()); goto BB1 } BB1 { assume { resolve0 _7 }; - old_self <- ([#"../red_black_tree.rs" 847 23 847 35] Ghost.new self); + [#"../red_black_tree.rs" 847 23 847 35] old_self <- ([#"../red_black_tree.rs" 847 23 847 35] Ghost.new self); goto BB2 } BB2 { assert { [@expl:type invariant] inv0 old_self }; assume { resolve1 old_self }; - tree <- self; - self <- any borrowed (RedBlackTree_Tree_Type.t_tree k v); + [#"../red_black_tree.rs" 848 23 848 27] tree <- ([#"../red_black_tree.rs" 848 23 848 27] self); + [#"../red_black_tree.rs" 848 23 848 27] self <- any borrowed (RedBlackTree_Tree_Type.t_tree k v); goto BB3 } BB3 { @@ -11172,8 +11175,8 @@ module RedBlackTree_Impl15_GetMut goto BB4 } BB4 { - _23 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * tree)); - tree <- { tree with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * tree in RedBlackTree_Tree_Type.C_Tree ( ^ _23)) }; + [#"../red_black_tree.rs" 862 31 862 45] _23 <- Borrow.borrow_mut (RedBlackTree_Tree_Type.tree_node ( * tree)); + [#"../red_black_tree.rs" 862 31 862 45] tree <- { tree with current = (let RedBlackTree_Tree_Type.C_Tree x0 = * tree in RedBlackTree_Tree_Type.C_Tree ( ^ _23)) }; assume { inv3 ( ^ _23) }; switch ( * _23) | Core_Option_Option_Type.C_Some _ -> goto BB5 @@ -11184,13 +11187,13 @@ module RedBlackTree_Impl15_GetMut goto BB6 } BB6 { - node <- Borrow.borrow_mut (Core_Option_Option_Type.some_0 ( * _23)); - _23 <- { _23 with current = (let Core_Option_Option_Type.C_Some x0 = * _23 in Core_Option_Option_Type.C_Some ( ^ node)) }; + [#"../red_black_tree.rs" 862 23 862 27] node <- Borrow.borrow_mut (Core_Option_Option_Type.some_0 ( * _23)); + [#"../red_black_tree.rs" 862 23 862 27] _23 <- { _23 with current = (let Core_Option_Option_Type.C_Some x0 = * _23 in Core_Option_Option_Type.C_Some ( ^ node)) }; assume { inv4 ( ^ node) }; - _29 <- ([#"../red_black_tree.rs" 863 26 863 35] RedBlackTree_Node_Type.node_key ( * node)); + [#"../red_black_tree.rs" 863 26 863 35] _29 <- ([#"../red_black_tree.rs" 863 26 863 35] RedBlackTree_Node_Type.node_key ( * node)); assert { [@expl:type invariant] inv5 _29 }; assume { resolve2 _29 }; - _26 <- ([#"../red_black_tree.rs" 863 18 863 36] cmp0 ([#"../red_black_tree.rs" 863 18 863 36] key) ([#"../red_black_tree.rs" 863 26 863 35] _29)); + [#"../red_black_tree.rs" 863 18 863 36] _26 <- ([#"../red_black_tree.rs" 863 18 863 36] cmp0 ([#"../red_black_tree.rs" 863 18 863 36] key) ([#"../red_black_tree.rs" 863 26 863 35] _29)); goto BB7 } BB7 { @@ -11207,17 +11210,17 @@ module RedBlackTree_Impl15_GetMut goto BB13 } BB10 { - _37 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_right ( * node)); - node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 ( ^ _37)) }; + [#"../red_black_tree.rs" 866 34 866 49] _37 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_right ( * node)); + [#"../red_black_tree.rs" 866 34 866 49] node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 ( ^ _37)) }; assume { inv6 ( ^ _37) }; - _36 <- Borrow.borrow_mut ( * _37); - _37 <- { _37 with current = ^ _36 }; + [#"../red_black_tree.rs" 866 34 866 49] _36 <- Borrow.borrow_mut ( * _37); + [#"../red_black_tree.rs" 866 34 866 49] _37 <- { _37 with current = ^ _36 }; assume { inv6 ( ^ _36) }; assert { [@expl:type invariant] inv7 tree }; assume { resolve3 tree }; - tree <- _36; - _36 <- any borrowed (RedBlackTree_Tree_Type.t_tree k v); - _22 <- ([#"../red_black_tree.rs" 866 27 866 49] ()); + [#"../red_black_tree.rs" 866 27 866 49] tree <- ([#"../red_black_tree.rs" 866 27 866 49] _36); + [#"../red_black_tree.rs" 866 27 866 49] _36 <- any borrowed (RedBlackTree_Tree_Type.t_tree k v); + [#"../red_black_tree.rs" 866 27 866 49] _22 <- ([#"../red_black_tree.rs" 866 27 866 49] ()); assert { [@expl:type invariant] inv7 _37 }; assume { resolve3 _37 }; goto BB14 @@ -11231,20 +11234,21 @@ module RedBlackTree_Impl15_GetMut assume { resolve6 _23 }; assert { [@expl:type invariant] inv7 tree }; assume { resolve3 tree }; + assert { [#"../red_black_tree.rs" 863 18 863 36] false }; absurd } BB12 { - _32 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_left ( * node)); - node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node ( ^ _32) x1 x2 x3 x4) }; + [#"../red_black_tree.rs" 864 31 864 45] _32 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_left ( * node)); + [#"../red_black_tree.rs" 864 31 864 45] node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node ( ^ _32) x1 x2 x3 x4) }; assume { inv6 ( ^ _32) }; - _31 <- Borrow.borrow_mut ( * _32); - _32 <- { _32 with current = ^ _31 }; + [#"../red_black_tree.rs" 864 31 864 45] _31 <- Borrow.borrow_mut ( * _32); + [#"../red_black_tree.rs" 864 31 864 45] _32 <- { _32 with current = ^ _31 }; assume { inv6 ( ^ _31) }; assert { [@expl:type invariant] inv7 tree }; assume { resolve3 tree }; - tree <- _31; - _31 <- any borrowed (RedBlackTree_Tree_Type.t_tree k v); - _22 <- ([#"../red_black_tree.rs" 864 24 864 45] ()); + [#"../red_black_tree.rs" 864 24 864 45] tree <- ([#"../red_black_tree.rs" 864 24 864 45] _31); + [#"../red_black_tree.rs" 864 24 864 45] _31 <- any borrowed (RedBlackTree_Tree_Type.t_tree k v); + [#"../red_black_tree.rs" 864 24 864 45] _22 <- ([#"../red_black_tree.rs" 864 24 864 45] ()); assert { [@expl:type invariant] inv7 _32 }; assume { resolve3 _32 }; goto BB14 @@ -11252,13 +11256,13 @@ module RedBlackTree_Impl15_GetMut BB13 { assert { [@expl:type invariant] inv5 key }; assume { resolve2 key }; - _35 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_val ( * node)); - node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 x1 x2 ( ^ _35) x4) }; + [#"../red_black_tree.rs" 865 37 865 50] _35 <- Borrow.borrow_mut (RedBlackTree_Node_Type.node_val ( * node)); + [#"../red_black_tree.rs" 865 37 865 50] node <- { node with current = (let RedBlackTree_Node_Type.C_Node x0 x1 x2 x3 x4 = * node in RedBlackTree_Node_Type.C_Node x0 x1 x2 ( ^ _35) x4) }; assume { inv1 ( ^ _35) }; - _34 <- Borrow.borrow_mut ( * _35); - _35 <- { _35 with current = ^ _34 }; + [#"../red_black_tree.rs" 865 37 865 50] _34 <- Borrow.borrow_mut ( * _35); + [#"../red_black_tree.rs" 865 37 865 50] _35 <- { _35 with current = ^ _34 }; assume { inv1 ( ^ _34) }; - _0 <- ([#"../red_black_tree.rs" 865 32 865 51] Core_Option_Option_Type.C_Some _34); + [#"../red_black_tree.rs" 865 32 865 51] _0 <- ([#"../red_black_tree.rs" 865 32 865 51] Core_Option_Option_Type.C_Some _34); _34 <- any borrowed v; assert { [@expl:type invariant] inv8 _35 }; assume { resolve4 _35 }; @@ -11280,7 +11284,7 @@ module RedBlackTree_Impl15_GetMut assume { resolve6 _23 }; assert { [@expl:type invariant] inv5 key }; assume { resolve2 key }; - _0 <- ([#"../red_black_tree.rs" 869 15 869 19] Core_Option_Option_Type.C_None); + [#"../red_black_tree.rs" 869 15 869 19] _0 <- ([#"../red_black_tree.rs" 869 15 869 19] Core_Option_Option_Type.C_None); goto BB16 } BB16 { @@ -11301,7 +11305,7 @@ module RedBlackTree_Impl16 val inv1 (_x : RedBlackTree_Color_Type.t_color) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Color_Type.t_color . inv1 x = true + axiom inv1 : forall x : RedBlackTree_Color_Type.t_color . inv1 x = true predicate invariant0 (self : RedBlackTree_Color_Type.t_color) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : RedBlackTree_Color_Type.t_color) : bool @@ -11311,7 +11315,7 @@ module RedBlackTree_Impl16 val inv0 (_x : RedBlackTree_Color_Type.t_color) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../red_black_tree.rs" 1 0 1 0] forall x : RedBlackTree_Color_Type.t_color . inv0 x = true + axiom inv0 : forall x : RedBlackTree_Color_Type.t_color . inv0 x = true use prelude.Borrow goal clone'_refn : [#"../red_black_tree.rs" 8 9 8 14] forall self : RedBlackTree_Color_Type.t_color . inv0 self -> (forall result : RedBlackTree_Color_Type.t_color . result = self -> inv1 result /\ result = self) end diff --git a/creusot/tests/should_succeed/replace.mlcfg b/creusot/tests/should_succeed/replace.mlcfg index 7ca92fb92a..c634fc596a 100644 --- a/creusot/tests/should_succeed/replace.mlcfg +++ b/creusot/tests/should_succeed/replace.mlcfg @@ -28,12 +28,12 @@ module Replace_Test goto BB1 } BB1 { - _a <- b; - b <- any Replace_Something_Type.t_something; + [#"../replace.rs" 9 4 9 6] _a <- ([#"../replace.rs" 9 9 9 10] b); + [#"../replace.rs" 9 9 9 10] b <- any Replace_Something_Type.t_something; goto BB3 } BB3 { - _0 <- ([#"../replace.rs" 8 45 10 1] ()); + [#"../replace.rs" 8 45 10 1] _0 <- ([#"../replace.rs" 8 45 10 1] ()); goto BB4 } BB4 { diff --git a/creusot/tests/should_succeed/resolve_uninit.mlcfg b/creusot/tests/should_succeed/resolve_uninit.mlcfg index bf32352ea0..d9da49e7aa 100644 --- a/creusot/tests/should_succeed/resolve_uninit.mlcfg +++ b/creusot/tests/should_succeed/resolve_uninit.mlcfg @@ -9,7 +9,7 @@ module ResolveUninit_MaybeUninit val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../resolve_uninit.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true predicate resolve0 (self : t) val resolve0 (self : t) : bool ensures { result = resolve0 self } @@ -37,44 +37,44 @@ module ResolveUninit_MaybeUninit goto BB0 } BB0 { - switch (b) + switch ([#"../resolve_uninit.rs" 7 7 7 8] b) | False -> goto BB6 | True -> goto BB1 end } BB1 { - _6 <- ([#"../resolve_uninit.rs" 8 12 8 24] default0 ()); + [#"../resolve_uninit.rs" 8 12 8 24] _6 <- ([#"../resolve_uninit.rs" 8 12 8 24] default0 ()); goto BB2 } BB2 { goto BB3 } BB3 { - x <- _6; - _6 <- any t; + [#"../resolve_uninit.rs" 8 8 8 9] x <- ([#"../resolve_uninit.rs" 8 8 8 9] _6); + [#"../resolve_uninit.rs" 8 8 8 9] _6 <- any t; assert { [@expl:type invariant] inv0 x }; assume { resolve0 x }; goto BB5 } BB5 { - _4 <- ([#"../resolve_uninit.rs" 7 9 9 5] ()); + [#"../resolve_uninit.rs" 7 9 9 5] _4 <- ([#"../resolve_uninit.rs" 7 9 9 5] ()); goto BB7 } BB6 { - _4 <- ([#"../resolve_uninit.rs" 9 5 9 5] ()); + [#"../resolve_uninit.rs" 9 5 9 5] _4 <- ([#"../resolve_uninit.rs" 9 5 9 5] ()); goto BB7 } BB7 { goto BB8 } BB8 { - x <- y; - y <- any t; + [#"../resolve_uninit.rs" 11 4 11 5] x <- ([#"../resolve_uninit.rs" 11 8 11 9] y); + [#"../resolve_uninit.rs" 11 8 11 9] y <- any t; goto BB10 } BB10 { - _0 <- x; - x <- any t; + [#"../resolve_uninit.rs" 12 4 12 5] _0 <- ([#"../resolve_uninit.rs" 12 4 12 5] x); + [#"../resolve_uninit.rs" 12 4 12 5] x <- any t; goto BB11 } BB11 { @@ -113,53 +113,54 @@ module ResolveUninit_InitJoin goto BB0 } BB0 { - switch (b) + switch ([#"../resolve_uninit.rs" 19 7 19 8] b) | False -> goto BB2 | True -> goto BB1 end } BB1 { - _8 <- Borrow.borrow_mut x; - x <- ^ _8; - _7 <- Borrow.borrow_mut ( * _8); - _8 <- { _8 with current = ^ _7 }; - z <- _7; - _7 <- any borrowed int32; + [#"../resolve_uninit.rs" 20 12 20 18] _8 <- Borrow.borrow_mut x; + [#"../resolve_uninit.rs" 20 12 20 18] x <- ^ _8; + [#"../resolve_uninit.rs" 20 12 20 18] _7 <- Borrow.borrow_mut ( * _8); + [#"../resolve_uninit.rs" 20 12 20 18] _8 <- { _8 with current = ^ _7 }; + [#"../resolve_uninit.rs" 20 8 20 18] z <- ([#"../resolve_uninit.rs" 20 8 20 18] _7); + [#"../resolve_uninit.rs" 20 8 20 18] _7 <- any borrowed int32; assume { resolve0 _8 }; - _10 <- Borrow.borrow_mut ( * z); - z <- { z with current = ^ _10 }; - _9 <- Borrow.borrow_mut ( * _10); - _10 <- { _10 with current = ^ _9 }; - y <- _9; - _9 <- any borrowed int32; + [#"../resolve_uninit.rs" 21 12 21 19] _10 <- Borrow.borrow_mut ( * z); + [#"../resolve_uninit.rs" 21 12 21 19] z <- { z with current = ^ _10 }; + [#"../resolve_uninit.rs" 21 12 21 19] _9 <- Borrow.borrow_mut ( * _10); + [#"../resolve_uninit.rs" 21 12 21 19] _10 <- { _10 with current = ^ _9 }; + [#"../resolve_uninit.rs" 21 8 21 19] y <- ([#"../resolve_uninit.rs" 21 8 21 19] _9); + [#"../resolve_uninit.rs" 21 8 21 19] _9 <- any borrowed int32; assume { resolve0 _10 }; - _5 <- ([#"../resolve_uninit.rs" 19 9 23 5] ()); + [#"../resolve_uninit.rs" 19 9 23 5] _5 <- ([#"../resolve_uninit.rs" 19 9 23 5] ()); goto BB7 } BB2 { - _12 <- Borrow.borrow_mut x; - x <- ^ _12; - _11 <- Borrow.borrow_mut ( * _12); - _12 <- { _12 with current = ^ _11 }; - y <- _11; - _11 <- any borrowed int32; + [#"../resolve_uninit.rs" 24 12 24 18] _12 <- Borrow.borrow_mut x; + [#"../resolve_uninit.rs" 24 12 24 18] x <- ^ _12; + [#"../resolve_uninit.rs" 24 12 24 18] _11 <- Borrow.borrow_mut ( * _12); + [#"../resolve_uninit.rs" 24 12 24 18] _12 <- { _12 with current = ^ _11 }; + [#"../resolve_uninit.rs" 24 8 24 18] y <- ([#"../resolve_uninit.rs" 24 8 24 18] _11); + [#"../resolve_uninit.rs" 24 8 24 18] _11 <- any borrowed int32; assume { resolve0 _12 }; - _5 <- ([#"../resolve_uninit.rs" 23 11 25 5] ()); + [#"../resolve_uninit.rs" 23 11 25 5] _5 <- ([#"../resolve_uninit.rs" 23 11 25 5] ()); goto BB3 } BB3 { - y <- { y with current = ([#"../resolve_uninit.rs" 27 9 27 10] [#"../resolve_uninit.rs" 27 9 27 10] (5 : int32)) }; + [#"../resolve_uninit.rs" 27 4 27 10] y <- { y with current = ([#"../resolve_uninit.rs" 27 4 27 10] [#"../resolve_uninit.rs" 27 9 27 10] (5 : int32)) }; assume { resolve0 y }; - switch ([#"../resolve_uninit.rs" 28 4 28 19] not ([#"../resolve_uninit.rs" 28 12 28 18] x = ([#"../resolve_uninit.rs" 28 17 28 18] [#"../resolve_uninit.rs" 28 17 28 18] (5 : int32)))) + switch ([#"../resolve_uninit.rs" 28 4 28 19] not ([#"../resolve_uninit.rs" 28 12 28 18] ([#"../resolve_uninit.rs" 28 12 28 13] x) = ([#"../resolve_uninit.rs" 28 17 28 18] [#"../resolve_uninit.rs" 28 17 28 18] (5 : int32)))) | False -> goto BB5 | True -> goto BB4 end } BB4 { + assert { [#"../resolve_uninit.rs" 28 4 28 19] false }; absurd } BB5 { - _0 <- ([#"../resolve_uninit.rs" 15 38 29 1] ()); + [#"../resolve_uninit.rs" 15 38 29 1] _0 <- ([#"../resolve_uninit.rs" 15 38 29 1] ()); return _0 } BB7 { diff --git a/creusot/tests/should_succeed/resolve_uninit/why3shapes.gz b/creusot/tests/should_succeed/resolve_uninit/why3shapes.gz index 8a3b0dd317..21777054c7 100644 Binary files a/creusot/tests/should_succeed/resolve_uninit/why3shapes.gz and b/creusot/tests/should_succeed/resolve_uninit/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/result/own.mlcfg b/creusot/tests/should_succeed/result/own.mlcfg index cf475872fc..168e748b9f 100644 --- a/creusot/tests/should_succeed/result/own.mlcfg +++ b/creusot/tests/should_succeed/result/own.mlcfg @@ -26,7 +26,7 @@ module Own_Impl0_IsOk val inv1 (_x : t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../own.rs" 1 0 1 0] forall x : t . inv1 x = true + axiom inv1 : forall x : t . inv1 x = true use Own_OwnResult_Type as Own_OwnResult_Type predicate invariant0 (self : Own_OwnResult_Type.t_ownresult t e) val invariant0 (self : Own_OwnResult_Type.t_ownresult t e) : bool @@ -36,7 +36,7 @@ module Own_Impl0_IsOk val inv0 (_x : Own_OwnResult_Type.t_ownresult t e) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult t e . inv0 x = true + axiom inv0 : forall x : Own_OwnResult_Type.t_ownresult t e . inv0 x = true use prelude.Borrow predicate resolve0 (self : Own_OwnResult_Type.t_ownresult t e) val resolve0 (self : Own_OwnResult_Type.t_ownresult t e) : bool @@ -87,7 +87,7 @@ module Own_Impl0_IsErr val inv2 (_x : t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../own.rs" 1 0 1 0] forall x : t . inv2 x = true + axiom inv2 : forall x : t . inv2 x = true predicate invariant1 (self : e) val invariant1 (self : e) : bool ensures { result = invariant1 self } @@ -96,7 +96,7 @@ module Own_Impl0_IsErr val inv1 (_x : e) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../own.rs" 1 0 1 0] forall x : e . inv1 x = true + axiom inv1 : forall x : e . inv1 x = true use Own_OwnResult_Type as Own_OwnResult_Type predicate invariant0 (self : Own_OwnResult_Type.t_ownresult t e) val invariant0 (self : Own_OwnResult_Type.t_ownresult t e) : bool @@ -106,7 +106,7 @@ module Own_Impl0_IsErr val inv0 (_x : Own_OwnResult_Type.t_ownresult t e) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult t e . inv0 x = true + axiom inv0 : forall x : Own_OwnResult_Type.t_ownresult t e . inv0 x = true use prelude.Borrow val is_ok0 [#"../own.rs" 25 4 25 31] (self : Own_OwnResult_Type.t_ownresult t e) : bool requires {[#"../own.rs" 25 18 25 22] inv0 self} @@ -130,11 +130,11 @@ module Own_Impl0_IsErr BB0 { assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _3 <- ([#"../own.rs" 31 9 31 21] is_ok0 ([#"../own.rs" 31 9 31 21] self)); + [#"../own.rs" 31 9 31 21] _3 <- ([#"../own.rs" 31 9 31 21] is_ok0 ([#"../own.rs" 31 9 31 21] self)); goto BB1 } BB1 { - _0 <- ([#"../own.rs" 31 8 31 21] not _3); + [#"../own.rs" 31 8 31 21] _0 <- ([#"../own.rs" 31 8 31 21] not _3); _3 <- any bool; return _0 } @@ -163,7 +163,7 @@ module Own_Impl0_Ok val inv3 (_x : Core_Option_Option_Type.t_option t) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../own.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option t . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option t . inv3 x = true predicate invariant2 (self : t) val invariant2 (self : t) : bool ensures { result = invariant2 self } @@ -172,7 +172,7 @@ module Own_Impl0_Ok val inv2 (_x : t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../own.rs" 1 0 1 0] forall x : t . inv2 x = true + axiom inv2 : forall x : t . inv2 x = true predicate invariant1 (self : e) val invariant1 (self : e) : bool ensures { result = invariant1 self } @@ -181,7 +181,7 @@ module Own_Impl0_Ok val inv1 (_x : e) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../own.rs" 1 0 1 0] forall x : e . inv1 x = true + axiom inv1 : forall x : e . inv1 x = true use Own_OwnResult_Type as Own_OwnResult_Type predicate invariant0 (self : Own_OwnResult_Type.t_ownresult t e) val invariant0 (self : Own_OwnResult_Type.t_ownresult t e) : bool @@ -191,7 +191,7 @@ module Own_Impl0_Ok val inv0 (_x : Own_OwnResult_Type.t_ownresult t e) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult t e . inv0 x = true + axiom inv0 : forall x : Own_OwnResult_Type.t_ownresult t e . inv0 x = true predicate resolve1 (self : e) val resolve1 (self : e) : bool ensures { result = resolve1 self } @@ -238,27 +238,28 @@ module Own_Impl0_Ok goto BB6 } BB4 { - x1 <- Own_OwnResult_Type.err_0 self; - self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); + [#"../own.rs" 40 27 40 28] x1 <- ([#"../own.rs" 40 27 40 28] Own_OwnResult_Type.err_0 self); + [#"../own.rs" 40 27 40 28] self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); assert { [@expl:type invariant] inv1 x1 }; assume { resolve1 x1 }; assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _0 <- ([#"../own.rs" 40 33 40 37] Core_Option_Option_Type.C_None); + [#"../own.rs" 40 33 40 37] _0 <- ([#"../own.rs" 40 33 40 37] Core_Option_Option_Type.C_None); goto BB9 } BB5 { assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; + assert { [#"../own.rs" 37 14 37 18] false }; absurd } BB6 { - x <- Own_OwnResult_Type.ok_0 self; - self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (any t)); + [#"../own.rs" 38 26 38 27] x <- ([#"../own.rs" 38 26 38 27] Own_OwnResult_Type.ok_0 self); + [#"../own.rs" 38 26 38 27] self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (any t)); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _0 <- ([#"../own.rs" 38 32 38 39] Core_Option_Option_Type.C_Some x); - x <- any t; + [#"../own.rs" 38 32 38 39] _0 <- ([#"../own.rs" 38 32 38 39] Core_Option_Option_Type.C_Some ([#"../own.rs" 38 37 38 38] x)); + [#"../own.rs" 38 37 38 38] x <- any t; goto BB7 } BB7 { @@ -290,7 +291,7 @@ module Own_Impl0_Err val inv3 (_x : Core_Option_Option_Type.t_option e) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../own.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option e . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option e . inv3 x = true predicate invariant2 (self : e) val invariant2 (self : e) : bool ensures { result = invariant2 self } @@ -299,7 +300,7 @@ module Own_Impl0_Err val inv2 (_x : e) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../own.rs" 1 0 1 0] forall x : e . inv2 x = true + axiom inv2 : forall x : e . inv2 x = true use Own_OwnResult_Type as Own_OwnResult_Type predicate invariant1 (self : Own_OwnResult_Type.t_ownresult t e) val invariant1 (self : Own_OwnResult_Type.t_ownresult t e) : bool @@ -309,7 +310,7 @@ module Own_Impl0_Err val inv1 (_x : Own_OwnResult_Type.t_ownresult t e) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult t e . inv1 x = true + axiom inv1 : forall x : Own_OwnResult_Type.t_ownresult t e . inv1 x = true predicate invariant0 (self : t) val invariant0 (self : t) : bool ensures { result = invariant0 self } @@ -318,7 +319,7 @@ module Own_Impl0_Err val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../own.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true predicate resolve2 (self : e) val resolve2 (self : e) : bool ensures { result = resolve2 self } @@ -365,27 +366,28 @@ module Own_Impl0_Err goto BB6 } BB4 { - x1 <- Own_OwnResult_Type.err_0 self; - self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); + [#"../own.rs" 50 27 50 28] x1 <- ([#"../own.rs" 50 27 50 28] Own_OwnResult_Type.err_0 self); + [#"../own.rs" 50 27 50 28] self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); assert { [@expl:type invariant] inv1 self }; assume { resolve1 self }; - _0 <- ([#"../own.rs" 50 33 50 40] Core_Option_Option_Type.C_Some x1); - x1 <- any e; + [#"../own.rs" 50 33 50 40] _0 <- ([#"../own.rs" 50 33 50 40] Core_Option_Option_Type.C_Some ([#"../own.rs" 50 38 50 39] x1)); + [#"../own.rs" 50 38 50 39] x1 <- any e; goto BB8 } BB5 { assert { [@expl:type invariant] inv1 self }; assume { resolve1 self }; + assert { [#"../own.rs" 47 14 47 18] false }; absurd } BB6 { - x <- Own_OwnResult_Type.ok_0 self; - self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (any t)); + [#"../own.rs" 49 26 49 27] x <- ([#"../own.rs" 49 26 49 27] Own_OwnResult_Type.ok_0 self); + [#"../own.rs" 49 26 49 27] self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (any t)); assert { [@expl:type invariant] inv0 x }; assume { resolve0 x }; assert { [@expl:type invariant] inv1 self }; assume { resolve1 self }; - _0 <- ([#"../own.rs" 49 32 49 36] Core_Option_Option_Type.C_None); + [#"../own.rs" 49 32 49 36] _0 <- ([#"../own.rs" 49 32 49 36] Core_Option_Option_Type.C_None); goto BB7 } BB7 { @@ -417,7 +419,7 @@ module Own_Impl0_AsRef val inv3 (_x : Own_OwnResult_Type.t_ownresult t e) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult t e . inv3 x = true + axiom inv3 : forall x : Own_OwnResult_Type.t_ownresult t e . inv3 x = true predicate invariant2 (self : e) val invariant2 (self : e) : bool ensures { result = invariant2 self } @@ -426,7 +428,7 @@ module Own_Impl0_AsRef val inv2 (_x : e) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../own.rs" 1 0 1 0] forall x : e . inv2 x = true + axiom inv2 : forall x : e . inv2 x = true predicate invariant1 (self : t) val invariant1 (self : t) : bool ensures { result = invariant1 self } @@ -435,7 +437,7 @@ module Own_Impl0_AsRef val inv1 (_x : t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../own.rs" 1 0 1 0] forall x : t . inv1 x = true + axiom inv1 : forall x : t . inv1 x = true predicate invariant0 (self : Own_OwnResult_Type.t_ownresult t e) val invariant0 (self : Own_OwnResult_Type.t_ownresult t e) : bool ensures { result = invariant0 self } @@ -444,7 +446,7 @@ module Own_Impl0_AsRef val inv0 (_x : Own_OwnResult_Type.t_ownresult t e) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult t e . inv0 x = true + axiom inv0 : forall x : Own_OwnResult_Type.t_ownresult t e . inv0 x = true use prelude.Borrow predicate resolve2 (self : e) val resolve2 (self : e) : bool @@ -482,26 +484,27 @@ module Own_Impl0_AsRef goto BB4 } BB2 { - x1 <- ([#"../own.rs" 59 27 59 32] Own_OwnResult_Type.err_0 self); + [#"../own.rs" 59 27 59 32] x1 <- ([#"../own.rs" 59 27 59 32] Own_OwnResult_Type.err_0 self); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; assert { [@expl:type invariant] inv2 x1 }; assume { resolve2 x1 }; - _0 <- ([#"../own.rs" 59 37 59 54] Own_OwnResult_Type.C_Err ([#"../own.rs" 59 52 59 53] x1)); + [#"../own.rs" 59 37 59 54] _0 <- ([#"../own.rs" 59 37 59 54] Own_OwnResult_Type.C_Err ([#"../own.rs" 59 52 59 53] x1)); goto BB5 } BB3 { assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; + assert { [#"../own.rs" 57 14 57 19] false }; absurd } BB4 { - x <- ([#"../own.rs" 58 26 58 31] Own_OwnResult_Type.ok_0 self); + [#"../own.rs" 58 26 58 31] x <- ([#"../own.rs" 58 26 58 31] Own_OwnResult_Type.ok_0 self); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; assert { [@expl:type invariant] inv1 x }; assume { resolve1 x }; - _0 <- ([#"../own.rs" 58 36 58 52] Own_OwnResult_Type.C_Ok ([#"../own.rs" 58 50 58 51] x)); + [#"../own.rs" 58 36 58 52] _0 <- ([#"../own.rs" 58 36 58 52] Own_OwnResult_Type.C_Ok ([#"../own.rs" 58 50 58 51] x)); goto BB5 } BB5 { @@ -522,7 +525,7 @@ module Own_Impl0_AsMut val inv5 (_x : Own_OwnResult_Type.t_ownresult (borrowed t) (borrowed e)) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult (borrowed t) (borrowed e) . inv5 x = true + axiom inv5 : forall x : Own_OwnResult_Type.t_ownresult (borrowed t) (borrowed e) . inv5 x = true predicate invariant4 (self : borrowed (Own_OwnResult_Type.t_ownresult t e)) val invariant4 (self : borrowed (Own_OwnResult_Type.t_ownresult t e)) : bool ensures { result = invariant4 self } @@ -531,7 +534,7 @@ module Own_Impl0_AsMut val inv4 (_x : borrowed (Own_OwnResult_Type.t_ownresult t e)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../own.rs" 1 0 1 0] forall x : borrowed (Own_OwnResult_Type.t_ownresult t e) . inv4 x = true + axiom inv4 : forall x : borrowed (Own_OwnResult_Type.t_ownresult t e) . inv4 x = true predicate invariant3 (self : borrowed e) val invariant3 (self : borrowed e) : bool ensures { result = invariant3 self } @@ -540,7 +543,7 @@ module Own_Impl0_AsMut val inv3 (_x : borrowed e) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../own.rs" 1 0 1 0] forall x : borrowed e . inv3 x = true + axiom inv3 : forall x : borrowed e . inv3 x = true predicate invariant2 (self : e) val invariant2 (self : e) : bool ensures { result = invariant2 self } @@ -549,7 +552,7 @@ module Own_Impl0_AsMut val inv2 (_x : e) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../own.rs" 1 0 1 0] forall x : e . inv2 x = true + axiom inv2 : forall x : e . inv2 x = true predicate invariant1 (self : borrowed t) val invariant1 (self : borrowed t) : bool ensures { result = invariant1 self } @@ -558,7 +561,7 @@ module Own_Impl0_AsMut val inv1 (_x : borrowed t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../own.rs" 1 0 1 0] forall x : borrowed t . inv1 x = true + axiom inv1 : forall x : borrowed t . inv1 x = true predicate invariant0 (self : t) val invariant0 (self : t) : bool ensures { result = invariant0 self } @@ -567,7 +570,7 @@ module Own_Impl0_AsMut val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../own.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true predicate resolve2 (self : borrowed (Own_OwnResult_Type.t_ownresult t e)) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve2 (self : borrowed (Own_OwnResult_Type.t_ownresult t e)) : bool @@ -608,13 +611,13 @@ module Own_Impl0_AsMut goto BB4 } BB2 { - x1 <- Borrow.borrow_mut (Own_OwnResult_Type.err_0 ( * self)); - self <- { self with current = (let Own_OwnResult_Type.C_Err x0 = * self in Own_OwnResult_Type.C_Err ( ^ x1)) }; + [#"../own.rs" 74 27 74 36] x1 <- Borrow.borrow_mut (Own_OwnResult_Type.err_0 ( * self)); + [#"../own.rs" 74 27 74 36] self <- { self with current = (let Own_OwnResult_Type.C_Err x0 = * self in Own_OwnResult_Type.C_Err ( ^ x1)) }; assume { inv2 ( ^ x1) }; - _7 <- Borrow.borrow_mut ( * x1); - x1 <- { x1 with current = ^ _7 }; + [#"../own.rs" 74 56 74 57] _7 <- Borrow.borrow_mut ( * x1); + [#"../own.rs" 74 56 74 57] x1 <- { x1 with current = ^ _7 }; assume { inv2 ( ^ _7) }; - _0 <- ([#"../own.rs" 74 41 74 58] Own_OwnResult_Type.C_Err _7); + [#"../own.rs" 74 41 74 58] _0 <- ([#"../own.rs" 74 41 74 58] Own_OwnResult_Type.C_Err _7); _7 <- any borrowed e; assert { [@expl:type invariant] inv3 x1 }; assume { resolve1 x1 }; @@ -623,16 +626,17 @@ module Own_Impl0_AsMut BB3 { assert { [@expl:type invariant] inv4 self }; assume { resolve2 self }; + assert { [#"../own.rs" 72 14 72 19] false }; absurd } BB4 { - x <- Borrow.borrow_mut (Own_OwnResult_Type.ok_0 ( * self)); - self <- { self with current = (let Own_OwnResult_Type.C_Ok x0 = * self in Own_OwnResult_Type.C_Ok ( ^ x)) }; + [#"../own.rs" 73 26 73 35] x <- Borrow.borrow_mut (Own_OwnResult_Type.ok_0 ( * self)); + [#"../own.rs" 73 26 73 35] self <- { self with current = (let Own_OwnResult_Type.C_Ok x0 = * self in Own_OwnResult_Type.C_Ok ( ^ x)) }; assume { inv0 ( ^ x) }; - _5 <- Borrow.borrow_mut ( * x); - x <- { x with current = ^ _5 }; + [#"../own.rs" 73 54 73 55] _5 <- Borrow.borrow_mut ( * x); + [#"../own.rs" 73 54 73 55] x <- { x with current = ^ _5 }; assume { inv0 ( ^ _5) }; - _0 <- ([#"../own.rs" 73 40 73 56] Own_OwnResult_Type.C_Ok _5); + [#"../own.rs" 73 40 73 56] _0 <- ([#"../own.rs" 73 40 73 56] Own_OwnResult_Type.C_Ok _5); _5 <- any borrowed t; assert { [@expl:type invariant] inv1 x }; assume { resolve0 x }; @@ -656,7 +660,7 @@ module Own_Impl0_Unwrap val inv2 (_x : t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../own.rs" 1 0 1 0] forall x : t . inv2 x = true + axiom inv2 : forall x : t . inv2 x = true predicate invariant1 (self : e) val invariant1 (self : e) : bool ensures { result = invariant1 self } @@ -665,7 +669,7 @@ module Own_Impl0_Unwrap val inv1 (_x : e) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../own.rs" 1 0 1 0] forall x : e . inv1 x = true + axiom inv1 : forall x : e . inv1 x = true use Own_OwnResult_Type as Own_OwnResult_Type predicate invariant0 (self : Own_OwnResult_Type.t_ownresult t e) val invariant0 (self : Own_OwnResult_Type.t_ownresult t e) : bool @@ -675,7 +679,7 @@ module Own_Impl0_Unwrap val inv0 (_x : Own_OwnResult_Type.t_ownresult t e) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult t e . inv0 x = true + axiom inv0 : forall x : Own_OwnResult_Type.t_ownresult t e . inv0 x = true predicate resolve1 (self : e) val resolve1 (self : e) : bool ensures { result = resolve1 self } @@ -722,26 +726,28 @@ module Own_Impl0_Unwrap goto BB6 } BB4 { - _e <- Own_OwnResult_Type.err_0 self; - self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); + [#"../own.rs" 86 27 86 29] _e <- ([#"../own.rs" 86 27 86 29] Own_OwnResult_Type.err_0 self); + [#"../own.rs" 86 27 86 29] self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); assert { [@expl:type invariant] inv1 _e }; assume { resolve1 _e }; assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; + assert { false }; absurd } BB5 { assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; + assert { [#"../own.rs" 84 14 84 18] false }; absurd } BB6 { - t <- Own_OwnResult_Type.ok_0 self; - self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (any t)); + [#"../own.rs" 85 26 85 27] t <- ([#"../own.rs" 85 26 85 27] Own_OwnResult_Type.ok_0 self); + [#"../own.rs" 85 26 85 27] self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (any t)); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _0 <- t; - t <- any t; + [#"../own.rs" 85 32 85 33] _0 <- ([#"../own.rs" 85 32 85 33] t); + [#"../own.rs" 85 32 85 33] t <- any t; goto BB7 } BB7 { @@ -763,7 +769,7 @@ module Own_Impl0_Expect val inv2 (_x : t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../own.rs" 1 0 1 0] forall x : t . inv2 x = true + axiom inv2 : forall x : t . inv2 x = true predicate invariant1 (self : e) val invariant1 (self : e) : bool ensures { result = invariant1 self } @@ -772,7 +778,7 @@ module Own_Impl0_Expect val inv1 (_x : e) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../own.rs" 1 0 1 0] forall x : e . inv1 x = true + axiom inv1 : forall x : e . inv1 x = true use Own_OwnResult_Type as Own_OwnResult_Type predicate invariant0 (self : Own_OwnResult_Type.t_ownresult t e) val invariant0 (self : Own_OwnResult_Type.t_ownresult t e) : bool @@ -782,7 +788,7 @@ module Own_Impl0_Expect val inv0 (_x : Own_OwnResult_Type.t_ownresult t e) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult t e . inv0 x = true + axiom inv0 : forall x : Own_OwnResult_Type.t_ownresult t e . inv0 x = true use prelude.Borrow predicate resolve1 (self : e) val resolve1 (self : e) : bool @@ -830,26 +836,28 @@ module Own_Impl0_Expect goto BB6 } BB4 { - _e <- Own_OwnResult_Type.err_0 self; - self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); + [#"../own.rs" 98 27 98 29] _e <- ([#"../own.rs" 98 27 98 29] Own_OwnResult_Type.err_0 self); + [#"../own.rs" 98 27 98 29] self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); assert { [@expl:type invariant] inv1 _e }; assume { resolve1 _e }; assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; + assert { false }; absurd } BB5 { assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; + assert { [#"../own.rs" 96 14 96 18] false }; absurd } BB6 { - t <- Own_OwnResult_Type.ok_0 self; - self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (any t)); + [#"../own.rs" 97 26 97 27] t <- ([#"../own.rs" 97 26 97 27] Own_OwnResult_Type.ok_0 self); + [#"../own.rs" 97 26 97 27] self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (any t)); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _0 <- t; - t <- any t; + [#"../own.rs" 97 32 97 33] _0 <- ([#"../own.rs" 97 32 97 33] t); + [#"../own.rs" 97 32 97 33] t <- any t; goto BB7 } BB7 { @@ -871,7 +879,7 @@ module Own_Impl0_UnwrapErr val inv2 (_x : e) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../own.rs" 1 0 1 0] forall x : e . inv2 x = true + axiom inv2 : forall x : e . inv2 x = true use Own_OwnResult_Type as Own_OwnResult_Type predicate invariant1 (self : Own_OwnResult_Type.t_ownresult t e) val invariant1 (self : Own_OwnResult_Type.t_ownresult t e) : bool @@ -881,7 +889,7 @@ module Own_Impl0_UnwrapErr val inv1 (_x : Own_OwnResult_Type.t_ownresult t e) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult t e . inv1 x = true + axiom inv1 : forall x : Own_OwnResult_Type.t_ownresult t e . inv1 x = true predicate invariant0 (self : t) val invariant0 (self : t) : bool ensures { result = invariant0 self } @@ -890,7 +898,7 @@ module Own_Impl0_UnwrapErr val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../own.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true predicate resolve2 (self : e) val resolve2 (self : e) : bool ensures { result = resolve2 self } @@ -937,26 +945,28 @@ module Own_Impl0_UnwrapErr goto BB6 } BB4 { - e <- Own_OwnResult_Type.err_0 self; - self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); + [#"../own.rs" 110 27 110 28] e <- ([#"../own.rs" 110 27 110 28] Own_OwnResult_Type.err_0 self); + [#"../own.rs" 110 27 110 28] self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); assert { [@expl:type invariant] inv1 self }; assume { resolve1 self }; - _0 <- e; - e <- any e; + [#"../own.rs" 110 33 110 34] _0 <- ([#"../own.rs" 110 33 110 34] e); + [#"../own.rs" 110 33 110 34] e <- any e; goto BB7 } BB5 { assert { [@expl:type invariant] inv1 self }; assume { resolve1 self }; + assert { [#"../own.rs" 108 14 108 18] false }; absurd } BB6 { - _t <- Own_OwnResult_Type.ok_0 self; - self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (any t)); + [#"../own.rs" 109 26 109 28] _t <- ([#"../own.rs" 109 26 109 28] Own_OwnResult_Type.ok_0 self); + [#"../own.rs" 109 26 109 28] self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (any t)); assert { [@expl:type invariant] inv0 _t }; assume { resolve0 _t }; assert { [@expl:type invariant] inv1 self }; assume { resolve1 self }; + assert { false }; absurd } BB7 { @@ -978,7 +988,7 @@ module Own_Impl0_UnwrapOr val inv2 (_x : e) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../own.rs" 1 0 1 0] forall x : e . inv2 x = true + axiom inv2 : forall x : e . inv2 x = true use Own_OwnResult_Type as Own_OwnResult_Type predicate invariant1 (self : Own_OwnResult_Type.t_ownresult t e) val invariant1 (self : Own_OwnResult_Type.t_ownresult t e) : bool @@ -988,7 +998,7 @@ module Own_Impl0_UnwrapOr val inv1 (_x : Own_OwnResult_Type.t_ownresult t e) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult t e . inv1 x = true + axiom inv1 : forall x : Own_OwnResult_Type.t_ownresult t e . inv1 x = true predicate invariant0 (self : t) val invariant0 (self : t) : bool ensures { result = invariant0 self } @@ -997,7 +1007,7 @@ module Own_Impl0_UnwrapOr val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../own.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true predicate resolve2 (self : e) val resolve2 (self : e) : bool ensures { result = resolve2 self } @@ -1046,14 +1056,14 @@ module Own_Impl0_UnwrapOr goto BB6 } BB4 { - e <- Own_OwnResult_Type.err_0 self; - self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); + [#"../own.rs" 120 27 120 28] e <- ([#"../own.rs" 120 27 120 28] Own_OwnResult_Type.err_0 self); + [#"../own.rs" 120 27 120 28] self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); assert { [@expl:type invariant] inv2 e }; assume { resolve2 e }; assert { [@expl:type invariant] inv1 self }; assume { resolve1 self }; - _0 <- default; - default <- any t; + [#"../own.rs" 120 33 120 40] _0 <- ([#"../own.rs" 120 33 120 40] default); + [#"../own.rs" 120 33 120 40] default <- any t; goto BB8 } BB5 { @@ -1061,17 +1071,18 @@ module Own_Impl0_UnwrapOr assume { resolve0 default }; assert { [@expl:type invariant] inv1 self }; assume { resolve1 self }; + assert { [#"../own.rs" 117 14 117 18] false }; absurd } BB6 { assert { [@expl:type invariant] inv0 default }; assume { resolve0 default }; - t <- Own_OwnResult_Type.ok_0 self; - self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (any t)); + [#"../own.rs" 118 26 118 27] t <- ([#"../own.rs" 118 26 118 27] Own_OwnResult_Type.ok_0 self); + [#"../own.rs" 118 26 118 27] self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (any t)); assert { [@expl:type invariant] inv1 self }; assume { resolve1 self }; - _0 <- t; - t <- any t; + [#"../own.rs" 118 32 118 33] _0 <- ([#"../own.rs" 118 32 118 33] t); + [#"../own.rs" 118 32 118 33] t <- any t; goto BB7 } BB7 { @@ -1102,7 +1113,7 @@ module Own_Impl0_UnwrapOrDefault val inv2 (_x : e) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../own.rs" 1 0 1 0] forall x : e . inv2 x = true + axiom inv2 : forall x : e . inv2 x = true predicate invariant1 (self : t) val invariant1 (self : t) : bool ensures { result = invariant1 self } @@ -1111,7 +1122,7 @@ module Own_Impl0_UnwrapOrDefault val inv1 (_x : t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../own.rs" 1 0 1 0] forall x : t . inv1 x = true + axiom inv1 : forall x : t . inv1 x = true use Own_OwnResult_Type as Own_OwnResult_Type predicate invariant0 (self : Own_OwnResult_Type.t_ownresult t e) val invariant0 (self : Own_OwnResult_Type.t_ownresult t e) : bool @@ -1121,7 +1132,7 @@ module Own_Impl0_UnwrapOrDefault val inv0 (_x : Own_OwnResult_Type.t_ownresult t e) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult t e . inv0 x = true + axiom inv0 : forall x : Own_OwnResult_Type.t_ownresult t e . inv0 x = true predicate is_default0 (self : t) val is_default0 (self : t) : bool ensures { result = is_default0 self } @@ -1177,21 +1188,22 @@ module Own_Impl0_UnwrapOrDefault BB4 { assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _0 <- ([#"../own.rs" 132 33 132 45] default0 ()); + [#"../own.rs" 132 33 132 45] _0 <- ([#"../own.rs" 132 33 132 45] default0 ()); goto BB8 } BB5 { assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; + assert { [#"../own.rs" 130 14 130 18] false }; absurd } BB6 { - x <- Own_OwnResult_Type.ok_0 self; - self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (any t)); + [#"../own.rs" 131 26 131 27] x <- ([#"../own.rs" 131 26 131 27] Own_OwnResult_Type.ok_0 self); + [#"../own.rs" 131 26 131 27] self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (any t)); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _0 <- x; - x <- any t; + [#"../own.rs" 131 32 131 33] _0 <- ([#"../own.rs" 131 32 131 33] x); + [#"../own.rs" 131 32 131 33] x <- any t; goto BB7 } BB7 { @@ -1217,7 +1229,7 @@ module Own_Impl0_And val inv3 (_x : e) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../own.rs" 1 0 1 0] forall x : e . inv3 x = true + axiom inv3 : forall x : e . inv3 x = true use Own_OwnResult_Type as Own_OwnResult_Type predicate invariant2 (self : Own_OwnResult_Type.t_ownresult u e) val invariant2 (self : Own_OwnResult_Type.t_ownresult u e) : bool @@ -1227,7 +1239,7 @@ module Own_Impl0_And val inv2 (_x : Own_OwnResult_Type.t_ownresult u e) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult u e . inv2 x = true + axiom inv2 : forall x : Own_OwnResult_Type.t_ownresult u e . inv2 x = true predicate invariant1 (self : Own_OwnResult_Type.t_ownresult t e) val invariant1 (self : Own_OwnResult_Type.t_ownresult t e) : bool ensures { result = invariant1 self } @@ -1236,7 +1248,7 @@ module Own_Impl0_And val inv1 (_x : Own_OwnResult_Type.t_ownresult t e) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult t e . inv1 x = true + axiom inv1 : forall x : Own_OwnResult_Type.t_ownresult t e . inv1 x = true predicate invariant0 (self : t) val invariant0 (self : t) : bool ensures { result = invariant0 self } @@ -1245,7 +1257,7 @@ module Own_Impl0_And val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../own.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true predicate resolve3 (self : e) val resolve3 (self : e) : bool ensures { result = resolve3 self } @@ -1308,12 +1320,12 @@ module Own_Impl0_And BB4 { assert { [@expl:type invariant] inv2 res }; assume { resolve2 res }; - e <- Own_OwnResult_Type.err_0 self; - self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); + [#"../own.rs" 142 27 142 28] e <- ([#"../own.rs" 142 27 142 28] Own_OwnResult_Type.err_0 self); + [#"../own.rs" 142 27 142 28] self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); assert { [@expl:type invariant] inv1 self }; assume { resolve1 self }; - _0 <- ([#"../own.rs" 142 33 142 50] Own_OwnResult_Type.C_Err e); - e <- any e; + [#"../own.rs" 142 33 142 50] _0 <- ([#"../own.rs" 142 33 142 50] Own_OwnResult_Type.C_Err ([#"../own.rs" 142 48 142 49] e)); + [#"../own.rs" 142 48 142 49] e <- any e; goto BB8 } BB5 { @@ -1321,17 +1333,18 @@ module Own_Impl0_And assume { resolve2 res }; assert { [@expl:type invariant] inv1 self }; assume { resolve1 self }; + assert { [#"../own.rs" 139 14 139 18] false }; absurd } BB6 { - x <- Own_OwnResult_Type.ok_0 self; - self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (any t)); + [#"../own.rs" 141 26 141 27] x <- ([#"../own.rs" 141 26 141 27] Own_OwnResult_Type.ok_0 self); + [#"../own.rs" 141 26 141 27] self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (any t)); assert { [@expl:type invariant] inv0 x }; assume { resolve0 x }; assert { [@expl:type invariant] inv1 self }; assume { resolve1 self }; - _0 <- res; - res <- any Own_OwnResult_Type.t_ownresult u e; + [#"../own.rs" 141 32 141 35] _0 <- ([#"../own.rs" 141 32 141 35] res); + [#"../own.rs" 141 32 141 35] res <- any Own_OwnResult_Type.t_ownresult u e; goto BB7 } BB7 { @@ -1366,7 +1379,7 @@ module Own_Impl0_Or val inv3 (_x : t) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../own.rs" 1 0 1 0] forall x : t . inv3 x = true + axiom inv3 : forall x : t . inv3 x = true predicate invariant2 (self : e) val invariant2 (self : e) : bool ensures { result = invariant2 self } @@ -1375,7 +1388,7 @@ module Own_Impl0_Or val inv2 (_x : e) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../own.rs" 1 0 1 0] forall x : e . inv2 x = true + axiom inv2 : forall x : e . inv2 x = true use Own_OwnResult_Type as Own_OwnResult_Type predicate invariant1 (self : Own_OwnResult_Type.t_ownresult t e) val invariant1 (self : Own_OwnResult_Type.t_ownresult t e) : bool @@ -1385,7 +1398,7 @@ module Own_Impl0_Or val inv1 (_x : Own_OwnResult_Type.t_ownresult t e) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult t e . inv1 x = true + axiom inv1 : forall x : Own_OwnResult_Type.t_ownresult t e . inv1 x = true predicate invariant0 (self : Own_OwnResult_Type.t_ownresult t f) val invariant0 (self : Own_OwnResult_Type.t_ownresult t f) : bool ensures { result = invariant0 self } @@ -1394,7 +1407,7 @@ module Own_Impl0_Or val inv0 (_x : Own_OwnResult_Type.t_ownresult t f) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult t f . inv0 x = true + axiom inv0 : forall x : Own_OwnResult_Type.t_ownresult t f . inv0 x = true predicate resolve2 (self : e) val resolve2 (self : e) : bool ensures { result = resolve2 self } @@ -1455,14 +1468,14 @@ module Own_Impl0_Or goto BB6 } BB4 { - e <- Own_OwnResult_Type.err_0 self; - self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); + [#"../own.rs" 152 27 152 28] e <- ([#"../own.rs" 152 27 152 28] Own_OwnResult_Type.err_0 self); + [#"../own.rs" 152 27 152 28] self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); assert { [@expl:type invariant] inv2 e }; assume { resolve2 e }; assert { [@expl:type invariant] inv1 self }; assume { resolve1 self }; - _0 <- res; - res <- any Own_OwnResult_Type.t_ownresult t f; + [#"../own.rs" 152 33 152 36] _0 <- ([#"../own.rs" 152 33 152 36] res); + [#"../own.rs" 152 33 152 36] res <- any Own_OwnResult_Type.t_ownresult t f; goto BB9 } BB5 { @@ -1470,17 +1483,18 @@ module Own_Impl0_Or assume { resolve0 res }; assert { [@expl:type invariant] inv1 self }; assume { resolve1 self }; + assert { [#"../own.rs" 149 14 149 18] false }; absurd } BB6 { assert { [@expl:type invariant] inv0 res }; assume { resolve0 res }; - v <- Own_OwnResult_Type.ok_0 self; - self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (any t)); + [#"../own.rs" 150 26 150 27] v <- ([#"../own.rs" 150 26 150 27] Own_OwnResult_Type.ok_0 self); + [#"../own.rs" 150 26 150 27] self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (any t)); assert { [@expl:type invariant] inv1 self }; assume { resolve1 self }; - _0 <- ([#"../own.rs" 150 32 150 48] Own_OwnResult_Type.C_Ok v); - v <- any t; + [#"../own.rs" 150 32 150 48] _0 <- ([#"../own.rs" 150 32 150 48] Own_OwnResult_Type.C_Ok ([#"../own.rs" 150 46 150 47] v)); + [#"../own.rs" 150 46 150 47] v <- any t; goto BB7 } BB7 { @@ -1515,7 +1529,7 @@ module Own_Impl1_Copied val inv3 (_x : Own_OwnResult_Type.t_ownresult t e) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult t e . inv3 x = true + axiom inv3 : forall x : Own_OwnResult_Type.t_ownresult t e . inv3 x = true predicate invariant2 (self : e) val invariant2 (self : e) : bool ensures { result = invariant2 self } @@ -1524,7 +1538,7 @@ module Own_Impl1_Copied val inv2 (_x : e) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../own.rs" 1 0 1 0] forall x : e . inv2 x = true + axiom inv2 : forall x : e . inv2 x = true predicate invariant1 (self : t) val invariant1 (self : t) : bool ensures { result = invariant1 self } @@ -1533,7 +1547,7 @@ module Own_Impl1_Copied val inv1 (_x : t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../own.rs" 1 0 1 0] forall x : t . inv1 x = true + axiom inv1 : forall x : t . inv1 x = true predicate invariant0 (self : Own_OwnResult_Type.t_ownresult t e) val invariant0 (self : Own_OwnResult_Type.t_ownresult t e) : bool ensures { result = invariant0 self } @@ -1542,7 +1556,7 @@ module Own_Impl1_Copied val inv0 (_x : Own_OwnResult_Type.t_ownresult t e) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult t e . inv0 x = true + axiom inv0 : forall x : Own_OwnResult_Type.t_ownresult t e . inv0 x = true use prelude.Borrow predicate resolve1 (self : t) val resolve1 (self : t) : bool @@ -1590,26 +1604,27 @@ module Own_Impl1_Copied goto BB6 } BB4 { - e <- Own_OwnResult_Type.err_0 self; - self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); + [#"../own.rs" 167 27 167 28] e <- ([#"../own.rs" 167 27 167 28] Own_OwnResult_Type.err_0 self); + [#"../own.rs" 167 27 167 28] self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _0 <- ([#"../own.rs" 167 33 167 50] Own_OwnResult_Type.C_Err e); - e <- any e; + [#"../own.rs" 167 33 167 50] _0 <- ([#"../own.rs" 167 33 167 50] Own_OwnResult_Type.C_Err ([#"../own.rs" 167 48 167 49] e)); + [#"../own.rs" 167 48 167 49] e <- any e; goto BB7 } BB5 { assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; + assert { [#"../own.rs" 165 14 165 18] false }; absurd } BB6 { - t <- Own_OwnResult_Type.ok_0 self; + [#"../own.rs" 166 26 166 27] t <- ([#"../own.rs" 166 26 166 27] Own_OwnResult_Type.ok_0 self); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; assert { [@expl:type invariant] inv1 t }; assume { resolve1 t }; - _0 <- ([#"../own.rs" 166 32 166 49] Own_OwnResult_Type.C_Ok t); + [#"../own.rs" 166 32 166 49] _0 <- ([#"../own.rs" 166 32 166 49] Own_OwnResult_Type.C_Ok ([#"../own.rs" 166 46 166 48] t)); goto BB9 } BB7 { @@ -1637,7 +1652,7 @@ module Own_Impl1_Cloned val inv4 (_x : t) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../own.rs" 1 0 1 0] forall x : t . inv4 x = true + axiom inv4 : forall x : t . inv4 x = true use Own_OwnResult_Type as Own_OwnResult_Type predicate invariant3 (self : Own_OwnResult_Type.t_ownresult t e) val invariant3 (self : Own_OwnResult_Type.t_ownresult t e) : bool @@ -1647,7 +1662,7 @@ module Own_Impl1_Cloned val inv3 (_x : Own_OwnResult_Type.t_ownresult t e) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult t e . inv3 x = true + axiom inv3 : forall x : Own_OwnResult_Type.t_ownresult t e . inv3 x = true predicate invariant2 (self : e) val invariant2 (self : e) : bool ensures { result = invariant2 self } @@ -1656,7 +1671,7 @@ module Own_Impl1_Cloned val inv2 (_x : e) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../own.rs" 1 0 1 0] forall x : e . inv2 x = true + axiom inv2 : forall x : e . inv2 x = true predicate invariant1 (self : t) val invariant1 (self : t) : bool ensures { result = invariant1 self } @@ -1665,7 +1680,7 @@ module Own_Impl1_Cloned val inv1 (_x : t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../own.rs" 1 0 1 0] forall x : t . inv1 x = true + axiom inv1 : forall x : t . inv1 x = true predicate invariant0 (self : Own_OwnResult_Type.t_ownresult t e) val invariant0 (self : Own_OwnResult_Type.t_ownresult t e) : bool ensures { result = invariant0 self } @@ -1674,7 +1689,7 @@ module Own_Impl1_Cloned val inv0 (_x : Own_OwnResult_Type.t_ownresult t e) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult t e . inv0 x = true + axiom inv0 : forall x : Own_OwnResult_Type.t_ownresult t e . inv0 x = true use prelude.Borrow val clone0 (self : t) : t requires {inv1 self} @@ -1728,30 +1743,31 @@ module Own_Impl1_Cloned goto BB6 } BB4 { - e <- Own_OwnResult_Type.err_0 self; - self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); + [#"../own.rs" 180 27 180 28] e <- ([#"../own.rs" 180 27 180 28] Own_OwnResult_Type.err_0 self); + [#"../own.rs" 180 27 180 28] self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _0 <- ([#"../own.rs" 180 33 180 50] Own_OwnResult_Type.C_Err e); - e <- any e; + [#"../own.rs" 180 33 180 50] _0 <- ([#"../own.rs" 180 33 180 50] Own_OwnResult_Type.C_Err ([#"../own.rs" 180 48 180 49] e)); + [#"../own.rs" 180 48 180 49] e <- any e; goto BB9 } BB5 { assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; + assert { [#"../own.rs" 178 14 178 18] false }; absurd } BB6 { - t <- Own_OwnResult_Type.ok_0 self; + [#"../own.rs" 179 26 179 27] t <- ([#"../own.rs" 179 26 179 27] Own_OwnResult_Type.ok_0 self); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; assert { [@expl:type invariant] inv1 t }; assume { resolve1 t }; - _6 <- ([#"../own.rs" 179 46 179 55] clone0 ([#"../own.rs" 179 46 179 55] t)); + [#"../own.rs" 179 46 179 55] _6 <- ([#"../own.rs" 179 46 179 55] clone0 ([#"../own.rs" 179 46 179 55] t)); goto BB7 } BB7 { - _0 <- ([#"../own.rs" 179 32 179 56] Own_OwnResult_Type.C_Ok _6); + [#"../own.rs" 179 32 179 56] _0 <- ([#"../own.rs" 179 32 179 56] Own_OwnResult_Type.C_Ok _6); _6 <- any t; goto BB8 } @@ -1784,7 +1800,7 @@ module Own_Impl2_Copied val inv3 (_x : Own_OwnResult_Type.t_ownresult t e) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult t e . inv3 x = true + axiom inv3 : forall x : Own_OwnResult_Type.t_ownresult t e . inv3 x = true predicate invariant2 (self : e) val invariant2 (self : e) : bool ensures { result = invariant2 self } @@ -1793,7 +1809,7 @@ module Own_Impl2_Copied val inv2 (_x : e) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../own.rs" 1 0 1 0] forall x : e . inv2 x = true + axiom inv2 : forall x : e . inv2 x = true use prelude.Borrow predicate invariant1 (self : borrowed t) val invariant1 (self : borrowed t) : bool @@ -1803,7 +1819,7 @@ module Own_Impl2_Copied val inv1 (_x : borrowed t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../own.rs" 1 0 1 0] forall x : borrowed t . inv1 x = true + axiom inv1 : forall x : borrowed t . inv1 x = true predicate invariant0 (self : Own_OwnResult_Type.t_ownresult (borrowed t) e) val invariant0 (self : Own_OwnResult_Type.t_ownresult (borrowed t) e) : bool ensures { result = invariant0 self } @@ -1812,7 +1828,7 @@ module Own_Impl2_Copied val inv0 (_x : Own_OwnResult_Type.t_ownresult (borrowed t) e) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult (borrowed t) e . inv0 x = true + axiom inv0 : forall x : Own_OwnResult_Type.t_ownresult (borrowed t) e . inv0 x = true predicate resolve1 (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve1 (self : borrowed t) : bool @@ -1860,27 +1876,28 @@ module Own_Impl2_Copied goto BB6 } BB4 { - e <- Own_OwnResult_Type.err_0 self; - self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); + [#"../own.rs" 195 27 195 28] e <- ([#"../own.rs" 195 27 195 28] Own_OwnResult_Type.err_0 self); + [#"../own.rs" 195 27 195 28] self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _0 <- ([#"../own.rs" 195 33 195 50] Own_OwnResult_Type.C_Err e); - e <- any e; + [#"../own.rs" 195 33 195 50] _0 <- ([#"../own.rs" 195 33 195 50] Own_OwnResult_Type.C_Err ([#"../own.rs" 195 48 195 49] e)); + [#"../own.rs" 195 48 195 49] e <- any e; goto BB7 } BB5 { assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; + assert { [#"../own.rs" 193 14 193 18] false }; absurd } BB6 { - t <- Own_OwnResult_Type.ok_0 self; - self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (any borrowed t)); + [#"../own.rs" 194 26 194 27] t <- ([#"../own.rs" 194 26 194 27] Own_OwnResult_Type.ok_0 self); + [#"../own.rs" 194 26 194 27] self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (any borrowed t)); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; assert { [@expl:type invariant] inv1 t }; assume { resolve1 t }; - _0 <- ([#"../own.rs" 194 32 194 49] Own_OwnResult_Type.C_Ok ( * t)); + [#"../own.rs" 194 32 194 49] _0 <- ([#"../own.rs" 194 32 194 49] Own_OwnResult_Type.C_Ok ([#"../own.rs" 194 46 194 48] * t)); goto BB9 } BB7 { @@ -1908,7 +1925,7 @@ module Own_Impl2_Cloned val inv5 (_x : t) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../own.rs" 1 0 1 0] forall x : t . inv5 x = true + axiom inv5 : forall x : t . inv5 x = true predicate invariant4 (self : t) val invariant4 (self : t) : bool ensures { result = invariant4 self } @@ -1917,7 +1934,7 @@ module Own_Impl2_Cloned val inv4 (_x : t) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../own.rs" 1 0 1 0] forall x : t . inv4 x = true + axiom inv4 : forall x : t . inv4 x = true use Own_OwnResult_Type as Own_OwnResult_Type predicate invariant3 (self : Own_OwnResult_Type.t_ownresult t e) val invariant3 (self : Own_OwnResult_Type.t_ownresult t e) : bool @@ -1927,7 +1944,7 @@ module Own_Impl2_Cloned val inv3 (_x : Own_OwnResult_Type.t_ownresult t e) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult t e . inv3 x = true + axiom inv3 : forall x : Own_OwnResult_Type.t_ownresult t e . inv3 x = true predicate invariant2 (self : e) val invariant2 (self : e) : bool ensures { result = invariant2 self } @@ -1936,7 +1953,7 @@ module Own_Impl2_Cloned val inv2 (_x : e) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../own.rs" 1 0 1 0] forall x : e . inv2 x = true + axiom inv2 : forall x : e . inv2 x = true use prelude.Borrow predicate invariant1 (self : borrowed t) val invariant1 (self : borrowed t) : bool @@ -1946,7 +1963,7 @@ module Own_Impl2_Cloned val inv1 (_x : borrowed t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../own.rs" 1 0 1 0] forall x : borrowed t . inv1 x = true + axiom inv1 : forall x : borrowed t . inv1 x = true predicate invariant0 (self : Own_OwnResult_Type.t_ownresult (borrowed t) e) val invariant0 (self : Own_OwnResult_Type.t_ownresult (borrowed t) e) : bool ensures { result = invariant0 self } @@ -1955,7 +1972,7 @@ module Own_Impl2_Cloned val inv0 (_x : Own_OwnResult_Type.t_ownresult (borrowed t) e) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult (borrowed t) e . inv0 x = true + axiom inv0 : forall x : Own_OwnResult_Type.t_ownresult (borrowed t) e . inv0 x = true predicate resolve1 (self : borrowed t) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve1 (self : borrowed t) : bool @@ -2009,31 +2026,32 @@ module Own_Impl2_Cloned goto BB6 } BB4 { - e <- Own_OwnResult_Type.err_0 self; - self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); + [#"../own.rs" 208 27 208 28] e <- ([#"../own.rs" 208 27 208 28] Own_OwnResult_Type.err_0 self); + [#"../own.rs" 208 27 208 28] self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _0 <- ([#"../own.rs" 208 33 208 50] Own_OwnResult_Type.C_Err e); - e <- any e; + [#"../own.rs" 208 33 208 50] _0 <- ([#"../own.rs" 208 33 208 50] Own_OwnResult_Type.C_Err ([#"../own.rs" 208 48 208 49] e)); + [#"../own.rs" 208 48 208 49] e <- any e; goto BB9 } BB5 { assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; + assert { [#"../own.rs" 206 14 206 18] false }; absurd } BB6 { - t <- Own_OwnResult_Type.ok_0 self; - self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (any borrowed t)); + [#"../own.rs" 207 26 207 27] t <- ([#"../own.rs" 207 26 207 27] Own_OwnResult_Type.ok_0 self); + [#"../own.rs" 207 26 207 27] self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (any borrowed t)); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _6 <- ([#"../own.rs" 207 46 207 55] clone0 ([#"../own.rs" 207 46 207 55] * t)); + [#"../own.rs" 207 46 207 55] _6 <- ([#"../own.rs" 207 46 207 55] clone0 ([#"../own.rs" 207 46 207 55] * t)); goto BB7 } BB7 { assert { [@expl:type invariant] inv1 t }; assume { resolve1 t }; - _0 <- ([#"../own.rs" 207 32 207 56] Own_OwnResult_Type.C_Ok _6); + [#"../own.rs" 207 32 207 56] _0 <- ([#"../own.rs" 207 32 207 56] Own_OwnResult_Type.C_Ok _6); _6 <- any t; goto BB8 } @@ -2067,7 +2085,7 @@ module Own_Impl3_Transpose val inv3 (_x : Core_Option_Option_Type.t_option (Own_OwnResult_Type.t_ownresult t e)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../own.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (Own_OwnResult_Type.t_ownresult t e) . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option (Own_OwnResult_Type.t_ownresult t e) . inv3 x = true predicate invariant2 (self : e) val invariant2 (self : e) : bool ensures { result = invariant2 self } @@ -2076,7 +2094,7 @@ module Own_Impl3_Transpose val inv2 (_x : e) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../own.rs" 1 0 1 0] forall x : e . inv2 x = true + axiom inv2 : forall x : e . inv2 x = true predicate invariant1 (self : t) val invariant1 (self : t) : bool ensures { result = invariant1 self } @@ -2085,7 +2103,7 @@ module Own_Impl3_Transpose val inv1 (_x : t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../own.rs" 1 0 1 0] forall x : t . inv1 x = true + axiom inv1 : forall x : t . inv1 x = true predicate invariant0 (self : Own_OwnResult_Type.t_ownresult (Core_Option_Option_Type.t_option t) e) val invariant0 (self : Own_OwnResult_Type.t_ownresult (Core_Option_Option_Type.t_option t) e) : bool ensures { result = invariant0 self } @@ -2094,7 +2112,7 @@ module Own_Impl3_Transpose val inv0 (_x : Own_OwnResult_Type.t_ownresult (Core_Option_Option_Type.t_option t) e) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../own.rs" 1 0 1 0] forall x : Own_OwnResult_Type.t_ownresult (Core_Option_Option_Type.t_option t) e . inv0 x = true + axiom inv0 : forall x : Own_OwnResult_Type.t_ownresult (Core_Option_Option_Type.t_option t) e . inv0 x = true predicate resolve2 (self : e) val resolve2 (self : e) : bool ensures { result = resolve2 self } @@ -2158,25 +2176,26 @@ module Own_Impl3_Transpose BB7 { assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; + assert { [#"../own.rs" 218 14 218 18] false }; absurd } BB8 { - e <- Own_OwnResult_Type.err_0 self; - self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); + [#"../own.rs" 221 27 221 28] e <- ([#"../own.rs" 221 27 221 28] Own_OwnResult_Type.err_0 self); + [#"../own.rs" 221 27 221 28] self <- (let Own_OwnResult_Type.C_Err x0 = self in Own_OwnResult_Type.C_Err (any e)); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; goto BB14 } BB9 { - x <- Core_Option_Option_Type.some_0 (Own_OwnResult_Type.ok_0 self); - self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (let Core_Option_Option_Type.C_Some x0 = Own_OwnResult_Type.ok_0 self in Core_Option_Option_Type.C_Some (any t))); + [#"../own.rs" 219 31 219 32] x <- ([#"../own.rs" 219 31 219 32] Core_Option_Option_Type.some_0 (Own_OwnResult_Type.ok_0 self)); + [#"../own.rs" 219 31 219 32] self <- (let Own_OwnResult_Type.C_Ok x0 = self in Own_OwnResult_Type.C_Ok (let Core_Option_Option_Type.C_Some x0 = Own_OwnResult_Type.ok_0 self in Core_Option_Option_Type.C_Some (any t))); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; goto BB10 } BB10 { - _0 <- ([#"../own.rs" 219 38 219 60] Core_Option_Option_Type.C_Some ([#"../own.rs" 219 43 219 59] Own_OwnResult_Type.C_Ok x)); - x <- any t; + [#"../own.rs" 219 38 219 60] _0 <- ([#"../own.rs" 219 38 219 60] Core_Option_Option_Type.C_Some ([#"../own.rs" 219 43 219 59] Own_OwnResult_Type.C_Ok ([#"../own.rs" 219 57 219 58] x))); + [#"../own.rs" 219 57 219 58] x <- any t; goto BB11 } BB11 { @@ -2188,12 +2207,12 @@ module Own_Impl3_Transpose BB13 { assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _0 <- ([#"../own.rs" 220 35 220 39] Core_Option_Option_Type.C_None); + [#"../own.rs" 220 35 220 39] _0 <- ([#"../own.rs" 220 35 220 39] Core_Option_Option_Type.C_None); goto BB17 } BB14 { - _0 <- ([#"../own.rs" 221 33 221 56] Core_Option_Option_Type.C_Some ([#"../own.rs" 221 38 221 55] Own_OwnResult_Type.C_Err e)); - e <- any e; + [#"../own.rs" 221 33 221 56] _0 <- ([#"../own.rs" 221 33 221 56] Core_Option_Option_Type.C_Some ([#"../own.rs" 221 38 221 55] Own_OwnResult_Type.C_Err ([#"../own.rs" 221 53 221 54] e))); + [#"../own.rs" 221 53 221 54] e <- any e; goto BB15 } BB15 { diff --git a/creusot/tests/should_succeed/result/result.mlcfg b/creusot/tests/should_succeed/result/result.mlcfg index 4955a923ff..d0162f43e7 100644 --- a/creusot/tests/should_succeed/result/result.mlcfg +++ b/creusot/tests/should_succeed/result/result.mlcfg @@ -24,7 +24,7 @@ module Result_TestResult val inv14 (_x : Core_Option_Option_Type.t_option (Core_Result_Result_Type.t_result int32 int32)) : bool ensures { result = inv14 _x } - axiom inv14 : [#"../result.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (Core_Result_Result_Type.t_result int32 int32) . inv14 x = true + axiom inv14 : forall x : Core_Option_Option_Type.t_option (Core_Result_Result_Type.t_result int32 int32) . inv14 x = true predicate invariant13 (self : Core_Option_Option_Type.t_option (Core_Result_Result_Type.t_result int32 int32)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant13 (self : Core_Option_Option_Type.t_option (Core_Result_Result_Type.t_result int32 int32)) : bool @@ -34,7 +34,7 @@ module Result_TestResult val inv13 (_x : Core_Option_Option_Type.t_option (Core_Result_Result_Type.t_result int32 int32)) : bool ensures { result = inv13 _x } - axiom inv13 : [#"../result.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (Core_Result_Result_Type.t_result int32 int32) . inv13 x = true + axiom inv13 : forall x : Core_Option_Option_Type.t_option (Core_Result_Result_Type.t_result int32 int32) . inv13 x = true predicate invariant12 (self : Core_Result_Result_Type.t_result (Core_Option_Option_Type.t_option int32) int32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant12 (self : Core_Result_Result_Type.t_result (Core_Option_Option_Type.t_option int32) int32) : bool @@ -44,7 +44,7 @@ module Result_TestResult val inv12 (_x : Core_Result_Result_Type.t_result (Core_Option_Option_Type.t_option int32) int32) : bool ensures { result = inv12 _x } - axiom inv12 : [#"../result.rs" 1 0 1 0] forall x : Core_Result_Result_Type.t_result (Core_Option_Option_Type.t_option int32) int32 . inv12 x = true + axiom inv12 : forall x : Core_Result_Result_Type.t_result (Core_Option_Option_Type.t_option int32) int32 . inv12 x = true use prelude.Borrow predicate invariant11 (self : Core_Result_Result_Type.t_result int32 (borrowed int32)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -55,7 +55,7 @@ module Result_TestResult val inv11 (_x : Core_Result_Result_Type.t_result int32 (borrowed int32)) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../result.rs" 1 0 1 0] forall x : Core_Result_Result_Type.t_result int32 (borrowed int32) . inv11 x = true + axiom inv11 : forall x : Core_Result_Result_Type.t_result int32 (borrowed int32) . inv11 x = true predicate invariant10 (self : Core_Result_Result_Type.t_result int32 int32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant10 (self : Core_Result_Result_Type.t_result int32 int32) : bool @@ -65,7 +65,7 @@ module Result_TestResult val inv10 (_x : Core_Result_Result_Type.t_result int32 int32) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../result.rs" 1 0 1 0] forall x : Core_Result_Result_Type.t_result int32 int32 . inv10 x = true + axiom inv10 : forall x : Core_Result_Result_Type.t_result int32 int32 . inv10 x = true predicate invariant9 (self : Core_Result_Result_Type.t_result (borrowed int32) (borrowed int32)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant9 (self : Core_Result_Result_Type.t_result (borrowed int32) (borrowed int32)) : bool @@ -75,7 +75,7 @@ module Result_TestResult val inv9 (_x : Core_Result_Result_Type.t_result (borrowed int32) (borrowed int32)) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../result.rs" 1 0 1 0] forall x : Core_Result_Result_Type.t_result (borrowed int32) (borrowed int32) . inv9 x = true + axiom inv9 : forall x : Core_Result_Result_Type.t_result (borrowed int32) (borrowed int32) . inv9 x = true predicate invariant8 (self : borrowed int32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant8 (self : borrowed int32) : bool @@ -85,7 +85,7 @@ module Result_TestResult val inv8 (_x : borrowed int32) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../result.rs" 1 0 1 0] forall x : borrowed int32 . inv8 x = true + axiom inv8 : forall x : borrowed int32 . inv8 x = true predicate invariant7 (self : borrowed (Core_Result_Result_Type.t_result int32 int32)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant7 (self : borrowed (Core_Result_Result_Type.t_result int32 int32)) : bool @@ -95,7 +95,7 @@ module Result_TestResult val inv7 (_x : borrowed (Core_Result_Result_Type.t_result int32 int32)) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../result.rs" 1 0 1 0] forall x : borrowed (Core_Result_Result_Type.t_result int32 int32) . inv7 x = true + axiom inv7 : forall x : borrowed (Core_Result_Result_Type.t_result int32 int32) . inv7 x = true predicate invariant6 (self : Core_Result_Result_Type.t_result int32 int32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant6 (self : Core_Result_Result_Type.t_result int32 int32) : bool @@ -105,7 +105,7 @@ module Result_TestResult val inv6 (_x : Core_Result_Result_Type.t_result int32 int32) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../result.rs" 1 0 1 0] forall x : Core_Result_Result_Type.t_result int32 int32 . inv6 x = true + axiom inv6 : forall x : Core_Result_Result_Type.t_result int32 int32 . inv6 x = true predicate invariant5 (self : int32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant5 (self : int32) : bool @@ -115,7 +115,7 @@ module Result_TestResult val inv5 (_x : int32) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../result.rs" 1 0 1 0] forall x : int32 . inv5 x = true + axiom inv5 : forall x : int32 . inv5 x = true predicate invariant4 (self : Core_Option_Option_Type.t_option int32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant4 (self : Core_Option_Option_Type.t_option int32) : bool @@ -125,7 +125,7 @@ module Result_TestResult val inv4 (_x : Core_Option_Option_Type.t_option int32) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../result.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int32 . inv4 x = true + axiom inv4 : forall x : Core_Option_Option_Type.t_option int32 . inv4 x = true predicate invariant3 (self : Core_Option_Option_Type.t_option int32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : Core_Option_Option_Type.t_option int32) : bool @@ -135,7 +135,7 @@ module Result_TestResult val inv3 (_x : Core_Option_Option_Type.t_option int32) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../result.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int32 . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option int32 . inv3 x = true predicate invariant2 (self : Core_Result_Result_Type.t_result int32 int32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : Core_Result_Result_Type.t_result int32 int32) : bool @@ -145,7 +145,7 @@ module Result_TestResult val inv2 (_x : Core_Result_Result_Type.t_result int32 int32) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../result.rs" 1 0 1 0] forall x : Core_Result_Result_Type.t_result int32 int32 . inv2 x = true + axiom inv2 : forall x : Core_Result_Result_Type.t_result int32 int32 . inv2 x = true predicate invariant1 (self : int32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : int32) : bool @@ -155,7 +155,7 @@ module Result_TestResult val inv1 (_x : int32) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../result.rs" 1 0 1 0] forall x : int32 . inv1 x = true + axiom inv1 : forall x : int32 . inv1 x = true predicate invariant0 (self : Core_Result_Result_Type.t_result int32 int32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : Core_Result_Result_Type.t_result int32 int32) : bool @@ -165,7 +165,7 @@ module Result_TestResult val inv0 (_x : Core_Result_Result_Type.t_result int32 int32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../result.rs" 1 0 1 0] forall x : Core_Result_Result_Type.t_result int32 int32 . inv0 x = true + axiom inv0 : forall x : Core_Result_Result_Type.t_result int32 int32 . inv0 x = true val unwrap6 (self : Core_Option_Option_Type.t_option (Core_Result_Result_Type.t_result int32 int32)) : Core_Result_Result_Type.t_result int32 int32 requires {[#"../../../../../creusot-contracts/src/std/option.rs" 17 0 114 1] self <> Core_Option_Option_Type.C_None} requires {inv13 self} @@ -450,17 +450,17 @@ module Result_TestResult goto BB0 } BB0 { - ok <- ([#"../result.rs" 4 35 4 40] Core_Result_Result_Type.C_Ok ([#"../result.rs" 4 38 4 39] [#"../result.rs" 4 38 4 39] (1 : int32))); - err <- ([#"../result.rs" 5 36 5 43] Core_Result_Result_Type.C_Err ([#"../result.rs" 5 40 5 42] [#"../result.rs" 5 40 5 42] (-1 : int32))); - _6 <- ([#"../result.rs" 8 12 8 22] is_ok0 ([#"../result.rs" 8 12 8 22] ok)); + [#"../result.rs" 4 35 4 40] ok <- ([#"../result.rs" 4 35 4 40] Core_Result_Result_Type.C_Ok ([#"../result.rs" 4 38 4 39] [#"../result.rs" 4 38 4 39] (1 : int32))); + [#"../result.rs" 5 36 5 43] err <- ([#"../result.rs" 5 36 5 43] Core_Result_Result_Type.C_Err ([#"../result.rs" 5 40 5 42] [#"../result.rs" 5 40 5 42] (-1 : int32))); + [#"../result.rs" 8 12 8 22] _6 <- ([#"../result.rs" 8 12 8 22] is_ok0 ([#"../result.rs" 8 12 8 22] ok)); goto BB4 } BB1 { - _5 <- ([#"../result.rs" 8 12 8 38] [#"../result.rs" 8 12 8 38] false); + [#"../result.rs" 8 12 8 38] _5 <- ([#"../result.rs" 8 12 8 38] [#"../result.rs" 8 12 8 38] false); goto BB3 } BB2 { - _9 <- ([#"../result.rs" 8 27 8 38] is_ok0 ([#"../result.rs" 8 27 8 38] err)); + [#"../result.rs" 8 27 8 38] _9 <- ([#"../result.rs" 8 27 8 38] is_ok0 ([#"../result.rs" 8 27 8 38] err)); goto BB5 } BB3 { @@ -476,23 +476,24 @@ module Result_TestResult end } BB5 { - _5 <- ([#"../result.rs" 8 26 8 38] not _9); + [#"../result.rs" 8 12 8 38] _5 <- ([#"../result.rs" 8 26 8 38] not _9); _9 <- any bool; goto BB3 } BB6 { + assert { [#"../result.rs" 8 4 8 39] false }; absurd } BB7 { - _15 <- ([#"../result.rs" 10 12 10 24] is_err0 ([#"../result.rs" 10 12 10 24] err)); + [#"../result.rs" 10 12 10 24] _15 <- ([#"../result.rs" 10 12 10 24] is_err0 ([#"../result.rs" 10 12 10 24] err)); goto BB11 } BB8 { - _14 <- ([#"../result.rs" 10 12 10 40] [#"../result.rs" 10 12 10 40] false); + [#"../result.rs" 10 12 10 40] _14 <- ([#"../result.rs" 10 12 10 40] [#"../result.rs" 10 12 10 40] false); goto BB10 } BB9 { - _18 <- ([#"../result.rs" 10 29 10 40] is_err0 ([#"../result.rs" 10 29 10 40] ok)); + [#"../result.rs" 10 29 10 40] _18 <- ([#"../result.rs" 10 29 10 40] is_err0 ([#"../result.rs" 10 29 10 40] ok)); goto BB12 } BB10 { @@ -508,19 +509,20 @@ module Result_TestResult end } BB12 { - _14 <- ([#"../result.rs" 10 28 10 40] not _18); + [#"../result.rs" 10 12 10 40] _14 <- ([#"../result.rs" 10 28 10 40] not _18); _18 <- any bool; goto BB10 } BB13 { + assert { [#"../result.rs" 10 4 10 41] false }; absurd } BB14 { - _25 <- ([#"../result.rs" 13 12 13 19] ok0 ok); + [#"../result.rs" 13 12 13 19] _25 <- ([#"../result.rs" 13 12 13 19] ok0 ([#"../result.rs" 13 12 13 14] ok)); goto BB15 } BB15 { - _24 <- ([#"../result.rs" 13 12 13 28] unwrap0 _25); + [#"../result.rs" 13 12 13 28] _24 <- ([#"../result.rs" 13 12 13 28] unwrap0 _25); _25 <- any Core_Option_Option_Type.t_option int32; goto BB16 } @@ -531,14 +533,15 @@ module Result_TestResult end } BB17 { + assert { [#"../result.rs" 13 4 13 34] false }; absurd } BB18 { - _32 <- ([#"../result.rs" 14 12 14 20] ok0 err); + [#"../result.rs" 14 12 14 20] _32 <- ([#"../result.rs" 14 12 14 20] ok0 ([#"../result.rs" 14 12 14 15] err)); goto BB19 } BB19 { - _30 <- ([#"../result.rs" 14 12 14 30] is_none0 ([#"../result.rs" 14 12 14 30] _32)); + [#"../result.rs" 14 12 14 30] _30 <- ([#"../result.rs" 14 12 14 30] is_none0 ([#"../result.rs" 14 12 14 30] _32)); goto BB20 } BB20 { @@ -548,14 +551,15 @@ module Result_TestResult end } BB21 { + assert { [#"../result.rs" 14 4 14 31] false }; absurd } BB22 { - _39 <- ([#"../result.rs" 16 12 16 20] err0 ok); + [#"../result.rs" 16 12 16 20] _39 <- ([#"../result.rs" 16 12 16 20] err0 ([#"../result.rs" 16 12 16 14] ok)); goto BB23 } BB23 { - _37 <- ([#"../result.rs" 16 12 16 30] is_none0 ([#"../result.rs" 16 12 16 30] _39)); + [#"../result.rs" 16 12 16 30] _37 <- ([#"../result.rs" 16 12 16 30] is_none0 ([#"../result.rs" 16 12 16 30] _39)); goto BB24 } BB24 { @@ -565,14 +569,15 @@ module Result_TestResult end } BB25 { + assert { [#"../result.rs" 16 4 16 31] false }; absurd } BB26 { - _46 <- ([#"../result.rs" 17 12 17 21] err0 err); + [#"../result.rs" 17 12 17 21] _46 <- ([#"../result.rs" 17 12 17 21] err0 ([#"../result.rs" 17 12 17 15] err)); goto BB27 } BB27 { - _45 <- ([#"../result.rs" 17 12 17 30] unwrap0 _46); + [#"../result.rs" 17 12 17 30] _45 <- ([#"../result.rs" 17 12 17 30] unwrap0 _46); _46 <- any Core_Option_Option_Type.t_option int32; goto BB28 } @@ -583,60 +588,63 @@ module Result_TestResult end } BB29 { + assert { [#"../result.rs" 17 4 17 37] false }; absurd } BB30 { - _54 <- ([#"../result.rs" 20 13 20 24] as_ref0 ([#"../result.rs" 20 13 20 24] ok)); + [#"../result.rs" 20 13 20 24] _54 <- ([#"../result.rs" 20 13 20 24] as_ref0 ([#"../result.rs" 20 13 20 24] ok)); goto BB31 } BB31 { - _53 <- ([#"../result.rs" 20 13 20 33] unwrap1 _54); + [#"../result.rs" 20 13 20 33] _53 <- ([#"../result.rs" 20 13 20 33] unwrap1 _54); _54 <- any Core_Result_Result_Type.t_result int32 int32; goto BB32 } BB32 { - switch ([#"../result.rs" 20 4 20 39] not ([#"../result.rs" 20 12 20 38] _53 = ([#"../result.rs" 20 37 20 38] [#"../result.rs" 20 37 20 38] (1 : int32)))) + switch ([#"../result.rs" 20 4 20 39] not ([#"../result.rs" 20 12 20 38] ([#"../result.rs" 20 12 20 33] _53) = ([#"../result.rs" 20 37 20 38] [#"../result.rs" 20 37 20 38] (1 : int32)))) | False -> goto BB34 | True -> goto BB33 end } BB33 { + assert { [#"../result.rs" 20 4 20 39] false }; absurd } BB34 { - _62 <- ([#"../result.rs" 21 13 21 25] as_ref0 ([#"../result.rs" 21 13 21 25] err)); + [#"../result.rs" 21 13 21 25] _62 <- ([#"../result.rs" 21 13 21 25] as_ref0 ([#"../result.rs" 21 13 21 25] err)); goto BB35 } BB35 { - _61 <- ([#"../result.rs" 21 13 21 38] unwrap_err0 _62); + [#"../result.rs" 21 13 21 38] _61 <- ([#"../result.rs" 21 13 21 38] unwrap_err0 _62); _62 <- any Core_Result_Result_Type.t_result int32 int32; goto BB36 } BB36 { - switch ([#"../result.rs" 21 4 21 45] not ([#"../result.rs" 21 12 21 44] _61 = ([#"../result.rs" 21 42 21 44] [#"../result.rs" 21 42 21 44] (-1 : int32)))) + switch ([#"../result.rs" 21 4 21 45] not ([#"../result.rs" 21 12 21 44] ([#"../result.rs" 21 12 21 38] _61) = ([#"../result.rs" 21 42 21 44] [#"../result.rs" 21 42 21 44] (-1 : int32)))) | False -> goto BB38 | True -> goto BB37 end } BB37 { + assert { [#"../result.rs" 21 4 21 45] false }; absurd } BB38 { - _67 <- Borrow.borrow_mut ok; - ok <- ^ _67; - _66 <- ([#"../result.rs" 23 5 23 16] as_mut0 _67); + [#"../result.rs" 23 5 23 16] _67 <- Borrow.borrow_mut ok; + [#"../result.rs" 23 5 23 16] ok <- ^ _67; + [#"../result.rs" 23 5 23 16] _66 <- ([#"../result.rs" 23 5 23 16] as_mut0 _67); _67 <- any borrowed (Core_Result_Result_Type.t_result int32 int32); goto BB39 } BB39 { - _65 <- ([#"../result.rs" 23 5 23 25] unwrap2 _66); + [#"../result.rs" 23 5 23 25] _65 <- ([#"../result.rs" 23 5 23 25] unwrap2 _66); _66 <- any Core_Result_Result_Type.t_result (borrowed int32) (borrowed int32); goto BB40 } BB40 { - _65 <- { _65 with current = ([#"../result.rs" 23 28 23 29] [#"../result.rs" 23 28 23 29] (0 : int32)) }; + [#"../result.rs" 23 4 23 29] _65 <- { _65 with current = ([#"../result.rs" 23 4 23 29] [#"../result.rs" 23 28 23 29] (0 : int32)) }; assume { resolve0 _65 }; - _71 <- ([#"../result.rs" 24 12 24 23] unwrap3 ok); + [#"../result.rs" 24 12 24 23] _71 <- ([#"../result.rs" 24 12 24 23] unwrap3 ([#"../result.rs" 24 12 24 14] ok)); goto BB41 } BB41 { @@ -646,24 +654,25 @@ module Result_TestResult end } BB42 { + assert { [#"../result.rs" 24 4 24 29] false }; absurd } BB43 { - _76 <- Borrow.borrow_mut ok; - ok <- ^ _76; - _75 <- ([#"../result.rs" 25 5 25 16] as_mut0 _76); + [#"../result.rs" 25 5 25 16] _76 <- Borrow.borrow_mut ok; + [#"../result.rs" 25 5 25 16] ok <- ^ _76; + [#"../result.rs" 25 5 25 16] _75 <- ([#"../result.rs" 25 5 25 16] as_mut0 _76); _76 <- any borrowed (Core_Result_Result_Type.t_result int32 int32); goto BB44 } BB44 { - _74 <- ([#"../result.rs" 25 5 25 25] unwrap2 _75); + [#"../result.rs" 25 5 25 25] _74 <- ([#"../result.rs" 25 5 25 25] unwrap2 _75); _75 <- any Core_Result_Result_Type.t_result (borrowed int32) (borrowed int32); goto BB45 } BB45 { - _74 <- { _74 with current = ([#"../result.rs" 25 28 25 29] [#"../result.rs" 25 28 25 29] (1 : int32)) }; + [#"../result.rs" 25 4 25 29] _74 <- { _74 with current = ([#"../result.rs" 25 4 25 29] [#"../result.rs" 25 28 25 29] (1 : int32)) }; assume { resolve0 _74 }; - _80 <- ([#"../result.rs" 26 12 26 23] unwrap3 ok); + [#"../result.rs" 26 12 26 23] _80 <- ([#"../result.rs" 26 12 26 23] unwrap3 ([#"../result.rs" 26 12 26 14] ok)); goto BB46 } BB46 { @@ -673,24 +682,25 @@ module Result_TestResult end } BB47 { + assert { [#"../result.rs" 26 4 26 29] false }; absurd } BB48 { - _85 <- Borrow.borrow_mut err; - err <- ^ _85; - _84 <- ([#"../result.rs" 27 5 27 17] as_mut0 _85); + [#"../result.rs" 27 5 27 17] _85 <- Borrow.borrow_mut err; + [#"../result.rs" 27 5 27 17] err <- ^ _85; + [#"../result.rs" 27 5 27 17] _84 <- ([#"../result.rs" 27 5 27 17] as_mut0 _85); _85 <- any borrowed (Core_Result_Result_Type.t_result int32 int32); goto BB49 } BB49 { - _83 <- ([#"../result.rs" 27 5 27 30] unwrap_err1 _84); + [#"../result.rs" 27 5 27 30] _83 <- ([#"../result.rs" 27 5 27 30] unwrap_err1 _84); _84 <- any Core_Result_Result_Type.t_result (borrowed int32) (borrowed int32); goto BB50 } BB50 { - _83 <- { _83 with current = ([#"../result.rs" 27 33 27 34] [#"../result.rs" 27 33 27 34] (0 : int32)) }; + [#"../result.rs" 27 4 27 34] _83 <- { _83 with current = ([#"../result.rs" 27 4 27 34] [#"../result.rs" 27 33 27 34] (0 : int32)) }; assume { resolve0 _83 }; - _89 <- ([#"../result.rs" 28 12 28 28] unwrap_err2 err); + [#"../result.rs" 28 12 28 28] _89 <- ([#"../result.rs" 28 12 28 28] unwrap_err2 ([#"../result.rs" 28 12 28 15] err)); goto BB51 } BB51 { @@ -700,24 +710,25 @@ module Result_TestResult end } BB52 { + assert { [#"../result.rs" 28 4 28 34] false }; absurd } BB53 { - _94 <- Borrow.borrow_mut err; - err <- ^ _94; - _93 <- ([#"../result.rs" 29 5 29 17] as_mut0 _94); + [#"../result.rs" 29 5 29 17] _94 <- Borrow.borrow_mut err; + [#"../result.rs" 29 5 29 17] err <- ^ _94; + [#"../result.rs" 29 5 29 17] _93 <- ([#"../result.rs" 29 5 29 17] as_mut0 _94); _94 <- any borrowed (Core_Result_Result_Type.t_result int32 int32); goto BB54 } BB54 { - _92 <- ([#"../result.rs" 29 5 29 30] unwrap_err1 _93); + [#"../result.rs" 29 5 29 30] _92 <- ([#"../result.rs" 29 5 29 30] unwrap_err1 _93); _93 <- any Core_Result_Result_Type.t_result (borrowed int32) (borrowed int32); goto BB55 } BB55 { - _92 <- { _92 with current = ([#"../result.rs" 29 33 29 35] [#"../result.rs" 29 33 29 35] (-1 : int32)) }; + [#"../result.rs" 29 4 29 35] _92 <- { _92 with current = ([#"../result.rs" 29 4 29 35] [#"../result.rs" 29 33 29 35] (-1 : int32)) }; assume { resolve0 _92 }; - _98 <- ([#"../result.rs" 30 12 30 28] unwrap_err2 err); + [#"../result.rs" 30 12 30 28] _98 <- ([#"../result.rs" 30 12 30 28] unwrap_err2 ([#"../result.rs" 30 12 30 15] err)); goto BB56 } BB56 { @@ -727,10 +738,11 @@ module Result_TestResult end } BB57 { + assert { [#"../result.rs" 30 4 30 35] false }; absurd } BB58 { - _104 <- ([#"../result.rs" 33 12 33 23] unwrap3 ok); + [#"../result.rs" 33 12 33 23] _104 <- ([#"../result.rs" 33 12 33 23] unwrap3 ([#"../result.rs" 33 12 33 14] ok)); goto BB59 } BB59 { @@ -740,10 +752,11 @@ module Result_TestResult end } BB60 { + assert { [#"../result.rs" 33 4 33 29] false }; absurd } BB61 { - _110 <- ([#"../result.rs" 37 12 37 28] unwrap_err2 err); + [#"../result.rs" 37 12 37 28] _110 <- ([#"../result.rs" 37 12 37 28] unwrap_err2 ([#"../result.rs" 37 12 37 15] err)); goto BB62 } BB62 { @@ -753,10 +766,11 @@ module Result_TestResult end } BB63 { + assert { [#"../result.rs" 37 4 37 35] false }; absurd } BB64 { - _116 <- ([#"../result.rs" 40 12 40 27] unwrap_or0 ok ([#"../result.rs" 40 25 40 26] [#"../result.rs" 40 25 40 26] (0 : int32))); + [#"../result.rs" 40 12 40 27] _116 <- ([#"../result.rs" 40 12 40 27] unwrap_or0 ([#"../result.rs" 40 12 40 14] ok) ([#"../result.rs" 40 25 40 26] [#"../result.rs" 40 25 40 26] (0 : int32))); goto BB65 } BB65 { @@ -766,10 +780,11 @@ module Result_TestResult end } BB66 { + assert { [#"../result.rs" 40 4 40 33] false }; absurd } BB67 { - _122 <- ([#"../result.rs" 41 12 41 28] unwrap_or0 err ([#"../result.rs" 41 26 41 27] [#"../result.rs" 41 26 41 27] (0 : int32))); + [#"../result.rs" 41 12 41 28] _122 <- ([#"../result.rs" 41 12 41 28] unwrap_or0 ([#"../result.rs" 41 12 41 15] err) ([#"../result.rs" 41 26 41 27] [#"../result.rs" 41 26 41 27] (0 : int32))); goto BB68 } BB68 { @@ -779,10 +794,11 @@ module Result_TestResult end } BB69 { + assert { [#"../result.rs" 41 4 41 34] false }; absurd } BB70 { - _128 <- ([#"../result.rs" 43 12 43 34] unwrap_or_default0 ok); + [#"../result.rs" 43 12 43 34] _128 <- ([#"../result.rs" 43 12 43 34] unwrap_or_default0 ([#"../result.rs" 43 12 43 14] ok)); goto BB71 } BB71 { @@ -792,10 +808,11 @@ module Result_TestResult end } BB72 { + assert { [#"../result.rs" 43 4 43 40] false }; absurd } BB73 { - _134 <- ([#"../result.rs" 44 12 44 35] unwrap_or_default0 err); + [#"../result.rs" 44 12 44 35] _134 <- ([#"../result.rs" 44 12 44 35] unwrap_or_default0 ([#"../result.rs" 44 12 44 15] err)); goto BB74 } BB74 { @@ -805,14 +822,15 @@ module Result_TestResult end } BB75 { + assert { [#"../result.rs" 44 4 44 41] false }; absurd } BB76 { - _141 <- ([#"../result.rs" 47 12 47 34] and0 ok ([#"../result.rs" 47 26 47 33] Core_Result_Result_Type.C_Err ([#"../result.rs" 47 30 47 32] [#"../result.rs" 47 30 47 32] (-2 : int32)))); + [#"../result.rs" 47 12 47 34] _141 <- ([#"../result.rs" 47 12 47 34] and0 ([#"../result.rs" 47 12 47 14] ok) ([#"../result.rs" 47 26 47 33] Core_Result_Result_Type.C_Err ([#"../result.rs" 47 30 47 32] [#"../result.rs" 47 30 47 32] (-2 : int32)))); goto BB77 } BB77 { - _140 <- ([#"../result.rs" 47 12 47 47] unwrap_err2 _141); + [#"../result.rs" 47 12 47 47] _140 <- ([#"../result.rs" 47 12 47 47] unwrap_err2 _141); _141 <- any Core_Result_Result_Type.t_result int32 int32; goto BB78 } @@ -823,14 +841,15 @@ module Result_TestResult end } BB79 { + assert { [#"../result.rs" 47 4 47 54] false }; absurd } BB80 { - _149 <- ([#"../result.rs" 48 12 48 25] and0 ok ([#"../result.rs" 48 19 48 24] Core_Result_Result_Type.C_Ok ([#"../result.rs" 48 22 48 23] [#"../result.rs" 48 22 48 23] (2 : int32)))); + [#"../result.rs" 48 12 48 25] _149 <- ([#"../result.rs" 48 12 48 25] and0 ([#"../result.rs" 48 12 48 14] ok) ([#"../result.rs" 48 19 48 24] Core_Result_Result_Type.C_Ok ([#"../result.rs" 48 22 48 23] [#"../result.rs" 48 22 48 23] (2 : int32)))); goto BB81 } BB81 { - _148 <- ([#"../result.rs" 48 12 48 34] unwrap3 _149); + [#"../result.rs" 48 12 48 34] _148 <- ([#"../result.rs" 48 12 48 34] unwrap3 _149); _149 <- any Core_Result_Result_Type.t_result int32 int32; goto BB82 } @@ -841,14 +860,15 @@ module Result_TestResult end } BB83 { + assert { [#"../result.rs" 48 4 48 40] false }; absurd } BB84 { - _157 <- ([#"../result.rs" 49 12 49 35] and0 err ([#"../result.rs" 49 27 49 34] Core_Result_Result_Type.C_Err ([#"../result.rs" 49 31 49 33] [#"../result.rs" 49 31 49 33] (-2 : int32)))); + [#"../result.rs" 49 12 49 35] _157 <- ([#"../result.rs" 49 12 49 35] and0 ([#"../result.rs" 49 12 49 15] err) ([#"../result.rs" 49 27 49 34] Core_Result_Result_Type.C_Err ([#"../result.rs" 49 31 49 33] [#"../result.rs" 49 31 49 33] (-2 : int32)))); goto BB85 } BB85 { - _156 <- ([#"../result.rs" 49 12 49 48] unwrap_err2 _157); + [#"../result.rs" 49 12 49 48] _156 <- ([#"../result.rs" 49 12 49 48] unwrap_err2 _157); _157 <- any Core_Result_Result_Type.t_result int32 int32; goto BB86 } @@ -859,14 +879,15 @@ module Result_TestResult end } BB87 { + assert { [#"../result.rs" 49 4 49 55] false }; absurd } BB88 { - _165 <- ([#"../result.rs" 50 12 50 26] and0 err ([#"../result.rs" 50 20 50 25] Core_Result_Result_Type.C_Ok ([#"../result.rs" 50 23 50 24] [#"../result.rs" 50 23 50 24] (2 : int32)))); + [#"../result.rs" 50 12 50 26] _165 <- ([#"../result.rs" 50 12 50 26] and0 ([#"../result.rs" 50 12 50 15] err) ([#"../result.rs" 50 20 50 25] Core_Result_Result_Type.C_Ok ([#"../result.rs" 50 23 50 24] [#"../result.rs" 50 23 50 24] (2 : int32)))); goto BB89 } BB89 { - _164 <- ([#"../result.rs" 50 12 50 39] unwrap_err2 _165); + [#"../result.rs" 50 12 50 39] _164 <- ([#"../result.rs" 50 12 50 39] unwrap_err2 _165); _165 <- any Core_Result_Result_Type.t_result int32 int32; goto BB90 } @@ -877,14 +898,15 @@ module Result_TestResult end } BB91 { + assert { [#"../result.rs" 50 4 50 46] false }; absurd } BB92 { - _173 <- ([#"../result.rs" 53 12 53 26] or0 ok ([#"../result.rs" 53 18 53 25] Core_Result_Result_Type.C_Err ([#"../result.rs" 53 22 53 24] [#"../result.rs" 53 22 53 24] (-2 : int32)))); + [#"../result.rs" 53 12 53 26] _173 <- ([#"../result.rs" 53 12 53 26] or0 ([#"../result.rs" 53 12 53 14] ok) ([#"../result.rs" 53 18 53 25] Core_Result_Result_Type.C_Err ([#"../result.rs" 53 22 53 24] [#"../result.rs" 53 22 53 24] (-2 : int32)))); goto BB93 } BB93 { - _172 <- ([#"../result.rs" 53 12 53 35] unwrap3 _173); + [#"../result.rs" 53 12 53 35] _172 <- ([#"../result.rs" 53 12 53 35] unwrap3 _173); _173 <- any Core_Result_Result_Type.t_result int32 int32; goto BB94 } @@ -895,14 +917,15 @@ module Result_TestResult end } BB95 { + assert { [#"../result.rs" 53 4 53 41] false }; absurd } BB96 { - _181 <- ([#"../result.rs" 54 12 54 31] or0 ok ([#"../result.rs" 54 25 54 30] Core_Result_Result_Type.C_Ok ([#"../result.rs" 54 28 54 29] [#"../result.rs" 54 28 54 29] (2 : int32)))); + [#"../result.rs" 54 12 54 31] _181 <- ([#"../result.rs" 54 12 54 31] or0 ([#"../result.rs" 54 12 54 14] ok) ([#"../result.rs" 54 25 54 30] Core_Result_Result_Type.C_Ok ([#"../result.rs" 54 28 54 29] [#"../result.rs" 54 28 54 29] (2 : int32)))); goto BB97 } BB97 { - _180 <- ([#"../result.rs" 54 12 54 40] unwrap3 _181); + [#"../result.rs" 54 12 54 40] _180 <- ([#"../result.rs" 54 12 54 40] unwrap3 _181); _181 <- any Core_Result_Result_Type.t_result int32 int32; goto BB98 } @@ -913,14 +936,15 @@ module Result_TestResult end } BB99 { + assert { [#"../result.rs" 54 4 54 46] false }; absurd } BB100 { - _189 <- ([#"../result.rs" 55 12 55 27] or0 err ([#"../result.rs" 55 19 55 26] Core_Result_Result_Type.C_Err ([#"../result.rs" 55 23 55 25] [#"../result.rs" 55 23 55 25] (-2 : int32)))); + [#"../result.rs" 55 12 55 27] _189 <- ([#"../result.rs" 55 12 55 27] or0 ([#"../result.rs" 55 12 55 15] err) ([#"../result.rs" 55 19 55 26] Core_Result_Result_Type.C_Err ([#"../result.rs" 55 23 55 25] [#"../result.rs" 55 23 55 25] (-2 : int32)))); goto BB101 } BB101 { - _188 <- ([#"../result.rs" 55 12 55 40] unwrap_err2 _189); + [#"../result.rs" 55 12 55 40] _188 <- ([#"../result.rs" 55 12 55 40] unwrap_err2 _189); _189 <- any Core_Result_Result_Type.t_result int32 int32; goto BB102 } @@ -931,14 +955,15 @@ module Result_TestResult end } BB103 { + assert { [#"../result.rs" 55 4 55 47] false }; absurd } BB104 { - _197 <- ([#"../result.rs" 56 12 56 32] or0 err ([#"../result.rs" 56 26 56 31] Core_Result_Result_Type.C_Ok ([#"../result.rs" 56 29 56 30] [#"../result.rs" 56 29 56 30] (2 : int32)))); + [#"../result.rs" 56 12 56 32] _197 <- ([#"../result.rs" 56 12 56 32] or0 ([#"../result.rs" 56 12 56 15] err) ([#"../result.rs" 56 26 56 31] Core_Result_Result_Type.C_Ok ([#"../result.rs" 56 29 56 30] [#"../result.rs" 56 29 56 30] (2 : int32)))); goto BB105 } BB105 { - _196 <- ([#"../result.rs" 56 12 56 41] unwrap3 _197); + [#"../result.rs" 56 12 56 41] _196 <- ([#"../result.rs" 56 12 56 41] unwrap3 _197); _197 <- any Core_Result_Result_Type.t_result int32 int32; goto BB106 } @@ -949,19 +974,20 @@ module Result_TestResult end } BB107 { + assert { [#"../result.rs" 56 4 56 47] false }; absurd } BB108 { - _206 <- ([#"../result.rs" 59 12 59 23] as_ref0 ([#"../result.rs" 59 12 59 23] ok)); + [#"../result.rs" 59 12 59 23] _206 <- ([#"../result.rs" 59 12 59 23] as_ref0 ([#"../result.rs" 59 12 59 23] ok)); goto BB109 } BB109 { - _205 <- ([#"../result.rs" 59 12 59 32] copied0 _206); + [#"../result.rs" 59 12 59 32] _205 <- ([#"../result.rs" 59 12 59 32] copied0 _206); _206 <- any Core_Result_Result_Type.t_result int32 int32; goto BB110 } BB110 { - _204 <- ([#"../result.rs" 59 12 59 41] unwrap4 _205); + [#"../result.rs" 59 12 59 41] _204 <- ([#"../result.rs" 59 12 59 41] unwrap4 _205); _205 <- any Core_Result_Result_Type.t_result int32 int32; goto BB111 } @@ -972,45 +998,47 @@ module Result_TestResult end } BB112 { + assert { [#"../result.rs" 59 4 59 47] false }; absurd } BB113 { - _215 <- ([#"../result.rs" 60 13 60 25] as_ref0 ([#"../result.rs" 60 13 60 25] err)); + [#"../result.rs" 60 13 60 25] _215 <- ([#"../result.rs" 60 13 60 25] as_ref0 ([#"../result.rs" 60 13 60 25] err)); goto BB114 } BB114 { - _214 <- ([#"../result.rs" 60 13 60 34] copied0 _215); + [#"../result.rs" 60 13 60 34] _214 <- ([#"../result.rs" 60 13 60 34] copied0 _215); _215 <- any Core_Result_Result_Type.t_result int32 int32; goto BB115 } BB115 { - _213 <- ([#"../result.rs" 60 13 60 47] unwrap_err3 _214); + [#"../result.rs" 60 13 60 47] _213 <- ([#"../result.rs" 60 13 60 47] unwrap_err3 _214); _214 <- any Core_Result_Result_Type.t_result int32 int32; goto BB116 } BB116 { - switch ([#"../result.rs" 60 4 60 54] not ([#"../result.rs" 60 12 60 53] _213 = ([#"../result.rs" 60 51 60 53] [#"../result.rs" 60 51 60 53] (-1 : int32)))) + switch ([#"../result.rs" 60 4 60 54] not ([#"../result.rs" 60 12 60 53] ([#"../result.rs" 60 12 60 47] _213) = ([#"../result.rs" 60 51 60 53] [#"../result.rs" 60 51 60 53] (-1 : int32)))) | False -> goto BB118 | True -> goto BB117 end } BB117 { + assert { [#"../result.rs" 60 4 60 54] false }; absurd } BB118 { - _224 <- Borrow.borrow_mut ok; - ok <- ^ _224; - _223 <- ([#"../result.rs" 61 12 61 23] as_mut0 _224); + [#"../result.rs" 61 12 61 23] _224 <- Borrow.borrow_mut ok; + [#"../result.rs" 61 12 61 23] ok <- ^ _224; + [#"../result.rs" 61 12 61 23] _223 <- ([#"../result.rs" 61 12 61 23] as_mut0 _224); _224 <- any borrowed (Core_Result_Result_Type.t_result int32 int32); goto BB119 } BB119 { - _222 <- ([#"../result.rs" 61 12 61 32] copied1 _223); + [#"../result.rs" 61 12 61 32] _222 <- ([#"../result.rs" 61 12 61 32] copied1 _223); _223 <- any Core_Result_Result_Type.t_result (borrowed int32) (borrowed int32); goto BB120 } BB120 { - _221 <- ([#"../result.rs" 61 12 61 41] unwrap5 _222); + [#"../result.rs" 61 12 61 41] _221 <- ([#"../result.rs" 61 12 61 41] unwrap5 _222); _222 <- any Core_Result_Result_Type.t_result int32 (borrowed int32); goto BB121 } @@ -1021,46 +1049,48 @@ module Result_TestResult end } BB122 { + assert { [#"../result.rs" 61 4 61 47] false }; absurd } BB123 { - _233 <- Borrow.borrow_mut err; - err <- ^ _233; - _232 <- ([#"../result.rs" 62 13 62 25] as_mut0 _233); + [#"../result.rs" 62 13 62 25] _233 <- Borrow.borrow_mut err; + [#"../result.rs" 62 13 62 25] err <- ^ _233; + [#"../result.rs" 62 13 62 25] _232 <- ([#"../result.rs" 62 13 62 25] as_mut0 _233); _233 <- any borrowed (Core_Result_Result_Type.t_result int32 int32); goto BB124 } BB124 { - _231 <- ([#"../result.rs" 62 13 62 34] copied1 _232); + [#"../result.rs" 62 13 62 34] _231 <- ([#"../result.rs" 62 13 62 34] copied1 _232); _232 <- any Core_Result_Result_Type.t_result (borrowed int32) (borrowed int32); goto BB125 } BB125 { - _230 <- ([#"../result.rs" 62 13 62 47] unwrap_err4 _231); + [#"../result.rs" 62 13 62 47] _230 <- ([#"../result.rs" 62 13 62 47] unwrap_err4 _231); _231 <- any Core_Result_Result_Type.t_result int32 (borrowed int32); goto BB126 } BB126 { assume { resolve0 _230 }; - switch ([#"../result.rs" 62 4 62 54] not ([#"../result.rs" 62 12 62 53] * _230 = ([#"../result.rs" 62 51 62 53] [#"../result.rs" 62 51 62 53] (-1 : int32)))) + switch ([#"../result.rs" 62 4 62 54] not ([#"../result.rs" 62 12 62 53] ([#"../result.rs" 62 12 62 47] * _230) = ([#"../result.rs" 62 51 62 53] [#"../result.rs" 62 51 62 53] (-1 : int32)))) | False -> goto BB128 | True -> goto BB127 end } BB127 { + assert { [#"../result.rs" 62 4 62 54] false }; absurd } BB128 { - _240 <- ([#"../result.rs" 64 12 64 23] as_ref0 ([#"../result.rs" 64 12 64 23] ok)); + [#"../result.rs" 64 12 64 23] _240 <- ([#"../result.rs" 64 12 64 23] as_ref0 ([#"../result.rs" 64 12 64 23] ok)); goto BB129 } BB129 { - _239 <- ([#"../result.rs" 64 12 64 32] cloned0 _240); + [#"../result.rs" 64 12 64 32] _239 <- ([#"../result.rs" 64 12 64 32] cloned0 _240); _240 <- any Core_Result_Result_Type.t_result int32 int32; goto BB130 } BB130 { - _238 <- ([#"../result.rs" 64 12 64 41] unwrap4 _239); + [#"../result.rs" 64 12 64 41] _238 <- ([#"../result.rs" 64 12 64 41] unwrap4 _239); _239 <- any Core_Result_Result_Type.t_result int32 int32; goto BB131 } @@ -1071,45 +1101,47 @@ module Result_TestResult end } BB132 { + assert { [#"../result.rs" 64 4 64 47] false }; absurd } BB133 { - _249 <- ([#"../result.rs" 65 13 65 25] as_ref0 ([#"../result.rs" 65 13 65 25] err)); + [#"../result.rs" 65 13 65 25] _249 <- ([#"../result.rs" 65 13 65 25] as_ref0 ([#"../result.rs" 65 13 65 25] err)); goto BB134 } BB134 { - _248 <- ([#"../result.rs" 65 13 65 34] cloned0 _249); + [#"../result.rs" 65 13 65 34] _248 <- ([#"../result.rs" 65 13 65 34] cloned0 _249); _249 <- any Core_Result_Result_Type.t_result int32 int32; goto BB135 } BB135 { - _247 <- ([#"../result.rs" 65 13 65 47] unwrap_err3 _248); + [#"../result.rs" 65 13 65 47] _247 <- ([#"../result.rs" 65 13 65 47] unwrap_err3 _248); _248 <- any Core_Result_Result_Type.t_result int32 int32; goto BB136 } BB136 { - switch ([#"../result.rs" 65 4 65 54] not ([#"../result.rs" 65 12 65 53] _247 = ([#"../result.rs" 65 51 65 53] [#"../result.rs" 65 51 65 53] (-1 : int32)))) + switch ([#"../result.rs" 65 4 65 54] not ([#"../result.rs" 65 12 65 53] ([#"../result.rs" 65 12 65 47] _247) = ([#"../result.rs" 65 51 65 53] [#"../result.rs" 65 51 65 53] (-1 : int32)))) | False -> goto BB138 | True -> goto BB137 end } BB137 { + assert { [#"../result.rs" 65 4 65 54] false }; absurd } BB138 { - _258 <- Borrow.borrow_mut ok; - ok <- ^ _258; - _257 <- ([#"../result.rs" 66 12 66 23] as_mut0 _258); + [#"../result.rs" 66 12 66 23] _258 <- Borrow.borrow_mut ok; + [#"../result.rs" 66 12 66 23] ok <- ^ _258; + [#"../result.rs" 66 12 66 23] _257 <- ([#"../result.rs" 66 12 66 23] as_mut0 _258); _258 <- any borrowed (Core_Result_Result_Type.t_result int32 int32); goto BB139 } BB139 { - _256 <- ([#"../result.rs" 66 12 66 32] cloned1 _257); + [#"../result.rs" 66 12 66 32] _256 <- ([#"../result.rs" 66 12 66 32] cloned1 _257); _257 <- any Core_Result_Result_Type.t_result (borrowed int32) (borrowed int32); goto BB140 } BB140 { - _255 <- ([#"../result.rs" 66 12 66 41] unwrap5 _256); + [#"../result.rs" 66 12 66 41] _255 <- ([#"../result.rs" 66 12 66 41] unwrap5 _256); _256 <- any Core_Result_Result_Type.t_result int32 (borrowed int32); goto BB141 } @@ -1120,42 +1152,44 @@ module Result_TestResult end } BB142 { + assert { [#"../result.rs" 66 4 66 47] false }; absurd } BB143 { - _267 <- Borrow.borrow_mut err; - err <- ^ _267; - _266 <- ([#"../result.rs" 67 13 67 25] as_mut0 _267); + [#"../result.rs" 67 13 67 25] _267 <- Borrow.borrow_mut err; + [#"../result.rs" 67 13 67 25] err <- ^ _267; + [#"../result.rs" 67 13 67 25] _266 <- ([#"../result.rs" 67 13 67 25] as_mut0 _267); _267 <- any borrowed (Core_Result_Result_Type.t_result int32 int32); goto BB144 } BB144 { - _265 <- ([#"../result.rs" 67 13 67 34] cloned1 _266); + [#"../result.rs" 67 13 67 34] _265 <- ([#"../result.rs" 67 13 67 34] cloned1 _266); _266 <- any Core_Result_Result_Type.t_result (borrowed int32) (borrowed int32); goto BB145 } BB145 { - _264 <- ([#"../result.rs" 67 13 67 47] unwrap_err4 _265); + [#"../result.rs" 67 13 67 47] _264 <- ([#"../result.rs" 67 13 67 47] unwrap_err4 _265); _265 <- any Core_Result_Result_Type.t_result int32 (borrowed int32); goto BB146 } BB146 { assume { resolve0 _264 }; - switch ([#"../result.rs" 67 4 67 54] not ([#"../result.rs" 67 12 67 53] * _264 = ([#"../result.rs" 67 51 67 53] [#"../result.rs" 67 51 67 53] (-1 : int32)))) + switch ([#"../result.rs" 67 4 67 54] not ([#"../result.rs" 67 12 67 53] ([#"../result.rs" 67 12 67 47] * _264) = ([#"../result.rs" 67 51 67 53] [#"../result.rs" 67 51 67 53] (-1 : int32)))) | False -> goto BB148 | True -> goto BB147 end } BB147 { + assert { [#"../result.rs" 67 4 67 54] false }; absurd } BB148 { - res <- ([#"../result.rs" 70 40 70 48] Core_Result_Result_Type.C_Ok ([#"../result.rs" 70 43 70 47] Core_Option_Option_Type.C_None)); - _275 <- ([#"../result.rs" 71 12 71 27] transpose0 res); + [#"../result.rs" 70 40 70 48] res <- ([#"../result.rs" 70 40 70 48] Core_Result_Result_Type.C_Ok ([#"../result.rs" 70 43 70 47] Core_Option_Option_Type.C_None)); + [#"../result.rs" 71 12 71 27] _275 <- ([#"../result.rs" 71 12 71 27] transpose0 ([#"../result.rs" 71 12 71 15] res)); goto BB149 } BB149 { - _273 <- ([#"../result.rs" 71 12 71 37] is_none1 ([#"../result.rs" 71 12 71 37] _275)); + [#"../result.rs" 71 12 71 37] _273 <- ([#"../result.rs" 71 12 71 37] is_none1 ([#"../result.rs" 71 12 71 37] _275)); goto BB150 } BB150 { @@ -1165,20 +1199,21 @@ module Result_TestResult end } BB151 { + assert { [#"../result.rs" 71 4 71 38] false }; absurd } BB152 { - res1 <- ([#"../result.rs" 72 40 72 51] Core_Result_Result_Type.C_Ok ([#"../result.rs" 72 43 72 50] Core_Option_Option_Type.C_Some ([#"../result.rs" 72 48 72 49] [#"../result.rs" 72 48 72 49] (1 : int32)))); - _285 <- ([#"../result.rs" 73 12 73 27] transpose0 res1); + [#"../result.rs" 72 40 72 51] res1 <- ([#"../result.rs" 72 40 72 51] Core_Result_Result_Type.C_Ok ([#"../result.rs" 72 43 72 50] Core_Option_Option_Type.C_Some ([#"../result.rs" 72 48 72 49] [#"../result.rs" 72 48 72 49] (1 : int32)))); + [#"../result.rs" 73 12 73 27] _285 <- ([#"../result.rs" 73 12 73 27] transpose0 ([#"../result.rs" 73 12 73 15] res1)); goto BB153 } BB153 { - _284 <- ([#"../result.rs" 73 12 73 36] unwrap6 _285); + [#"../result.rs" 73 12 73 36] _284 <- ([#"../result.rs" 73 12 73 36] unwrap6 _285); _285 <- any Core_Option_Option_Type.t_option (Core_Result_Result_Type.t_result int32 int32); goto BB154 } BB154 { - _283 <- ([#"../result.rs" 73 12 73 45] unwrap3 _284); + [#"../result.rs" 73 12 73 45] _283 <- ([#"../result.rs" 73 12 73 45] unwrap3 _284); _284 <- any Core_Result_Result_Type.t_result int32 int32; goto BB155 } @@ -1189,20 +1224,21 @@ module Result_TestResult end } BB156 { + assert { [#"../result.rs" 73 4 73 51] false }; absurd } BB157 { - res2 <- ([#"../result.rs" 74 40 74 47] Core_Result_Result_Type.C_Err ([#"../result.rs" 74 44 74 46] [#"../result.rs" 74 44 74 46] (-1 : int32))); - _294 <- ([#"../result.rs" 75 12 75 27] transpose0 res2); + [#"../result.rs" 74 40 74 47] res2 <- ([#"../result.rs" 74 40 74 47] Core_Result_Result_Type.C_Err ([#"../result.rs" 74 44 74 46] [#"../result.rs" 74 44 74 46] (-1 : int32))); + [#"../result.rs" 75 12 75 27] _294 <- ([#"../result.rs" 75 12 75 27] transpose0 ([#"../result.rs" 75 12 75 15] res2)); goto BB158 } BB158 { - _293 <- ([#"../result.rs" 75 12 75 36] unwrap6 _294); + [#"../result.rs" 75 12 75 36] _293 <- ([#"../result.rs" 75 12 75 36] unwrap6 _294); _294 <- any Core_Option_Option_Type.t_option (Core_Result_Result_Type.t_result int32 int32); goto BB159 } BB159 { - _292 <- ([#"../result.rs" 75 12 75 49] unwrap_err2 _293); + [#"../result.rs" 75 12 75 49] _292 <- ([#"../result.rs" 75 12 75 49] unwrap_err2 _293); _293 <- any Core_Result_Result_Type.t_result int32 int32; goto BB160 } @@ -1213,10 +1249,11 @@ module Result_TestResult end } BB161 { + assert { [#"../result.rs" 75 4 75 56] false }; absurd } BB162 { - _0 <- ([#"../result.rs" 3 21 76 1] ()); + [#"../result.rs" 3 21 76 1] _0 <- ([#"../result.rs" 3 21 76 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/rusthorn/inc_max.mlcfg b/creusot/tests/should_succeed/rusthorn/inc_max.mlcfg index dd9ad4c76b..0ccb885cab 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max.mlcfg +++ b/creusot/tests/should_succeed/rusthorn/inc_max.mlcfg @@ -26,31 +26,31 @@ module IncMax_TakeMax goto BB0 } BB0 { - switch ([#"../inc_max.rs" 7 7 7 17] * ma >= * mb) + switch ([#"../inc_max.rs" 7 7 7 17] ([#"../inc_max.rs" 7 7 7 10] * ma) >= ([#"../inc_max.rs" 7 14 7 17] * mb)) | False -> goto BB2 | True -> goto BB1 end } BB1 { assume { resolve0 mb }; - _9 <- Borrow.borrow_mut ( * ma); - ma <- { ma with current = ^ _9 }; - _5 <- Borrow.borrow_mut ( * _9); - _9 <- { _9 with current = ^ _5 }; + [#"../inc_max.rs" 8 8 8 10] _9 <- Borrow.borrow_mut ( * ma); + [#"../inc_max.rs" 8 8 8 10] ma <- { ma with current = ^ _9 }; + [#"../inc_max.rs" 8 8 8 10] _5 <- Borrow.borrow_mut ( * _9); + [#"../inc_max.rs" 8 8 8 10] _9 <- { _9 with current = ^ _5 }; assume { resolve0 _9 }; goto BB3 } BB2 { assume { resolve0 ma }; - _5 <- Borrow.borrow_mut ( * mb); - mb <- { mb with current = ^ _5 }; + [#"../inc_max.rs" 10 8 10 10] _5 <- Borrow.borrow_mut ( * mb); + [#"../inc_max.rs" 10 8 10 10] mb <- { mb with current = ^ _5 }; goto BB3 } BB3 { - _3 <- Borrow.borrow_mut ( * _5); - _5 <- { _5 with current = ^ _3 }; - _0 <- Borrow.borrow_mut ( * _3); - _3 <- { _3 with current = ^ _0 }; + [#"../inc_max.rs" 7 4 11 5] _3 <- Borrow.borrow_mut ( * _5); + [#"../inc_max.rs" 7 4 11 5] _5 <- { _5 with current = ^ _3 }; + [#"../inc_max.rs" 7 4 11 5] _0 <- Borrow.borrow_mut ( * _3); + [#"../inc_max.rs" 7 4 11 5] _3 <- { _3 with current = ^ _0 }; assume { resolve0 _5 }; assume { resolve0 _3 }; assume { resolve0 mb }; @@ -91,15 +91,15 @@ module IncMax_IncMax goto BB0 } BB0 { - _6 <- Borrow.borrow_mut a; - a <- ^ _6; - _5 <- Borrow.borrow_mut ( * _6); - _6 <- { _6 with current = ^ _5 }; - _8 <- Borrow.borrow_mut b; - b <- ^ _8; - _7 <- Borrow.borrow_mut ( * _8); - _8 <- { _8 with current = ^ _7 }; - mc <- ([#"../inc_max.rs" 16 13 16 37] take_max0 _5 _7); + [#"../inc_max.rs" 16 22 16 28] _6 <- Borrow.borrow_mut a; + [#"../inc_max.rs" 16 22 16 28] a <- ^ _6; + [#"../inc_max.rs" 16 22 16 28] _5 <- Borrow.borrow_mut ( * _6); + [#"../inc_max.rs" 16 22 16 28] _6 <- { _6 with current = ^ _5 }; + [#"../inc_max.rs" 16 30 16 36] _8 <- Borrow.borrow_mut b; + [#"../inc_max.rs" 16 30 16 36] b <- ^ _8; + [#"../inc_max.rs" 16 30 16 36] _7 <- Borrow.borrow_mut ( * _8); + [#"../inc_max.rs" 16 30 16 36] _8 <- { _8 with current = ^ _7 }; + [#"../inc_max.rs" 16 13 16 37] mc <- ([#"../inc_max.rs" 16 13 16 37] take_max0 _5 _7); _5 <- any borrowed uint32; _7 <- any borrowed uint32; goto BB1 @@ -107,18 +107,19 @@ module IncMax_IncMax BB1 { assume { resolve0 _8 }; assume { resolve0 _6 }; - mc <- { mc with current = ([#"../inc_max.rs" 17 4 17 12] * mc + ([#"../inc_max.rs" 17 11 17 12] [#"../inc_max.rs" 17 11 17 12] (1 : uint32))) }; + [#"../inc_max.rs" 17 4 17 12] mc <- { mc with current = ([#"../inc_max.rs" 17 4 17 12] * mc + ([#"../inc_max.rs" 17 11 17 12] [#"../inc_max.rs" 17 11 17 12] (1 : uint32))) }; assume { resolve0 mc }; - switch ([#"../inc_max.rs" 18 4 18 19] not ([#"../inc_max.rs" 18 12 18 18] a <> b)) + switch ([#"../inc_max.rs" 18 4 18 19] not ([#"../inc_max.rs" 18 12 18 18] ([#"../inc_max.rs" 18 12 18 13] a) <> ([#"../inc_max.rs" 18 17 18 18] b))) | False -> goto BB3 | True -> goto BB2 end } BB2 { + assert { [#"../inc_max.rs" 18 4 18 19] false }; absurd } BB3 { - _0 <- ([#"../inc_max.rs" 15 39 19 1] ()); + [#"../inc_max.rs" 15 39 19 1] _0 <- ([#"../inc_max.rs" 15 39 19 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/rusthorn/inc_max/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_max/why3shapes.gz index 52f2d8c441..def65a8d48 100644 Binary files a/creusot/tests/should_succeed/rusthorn/inc_max/why3shapes.gz and b/creusot/tests/should_succeed/rusthorn/inc_max/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_3.mlcfg b/creusot/tests/should_succeed/rusthorn/inc_max_3.mlcfg index c5c2b4e691..f0b2117f3b 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_3.mlcfg +++ b/creusot/tests/should_succeed/rusthorn/inc_max_3.mlcfg @@ -47,21 +47,21 @@ module IncMax3_IncMax3 goto BB0 } BB0 { - switch ([#"../inc_max_3.rs" 13 7 13 16] * ma < * mb) + switch ([#"../inc_max_3.rs" 13 7 13 16] ([#"../inc_max_3.rs" 13 7 13 10] * ma) < ([#"../inc_max_3.rs" 13 13 13 16] * mb)) | False -> goto BB3 | True -> goto BB1 end } BB1 { - _12 <- Borrow.borrow_mut ma; - ma <- ^ _12; - _11 <- Borrow.borrow_mut ( * _12); - _12 <- { _12 with current = ^ _11 }; - _14 <- Borrow.borrow_mut mb; - mb <- ^ _14; - _13 <- Borrow.borrow_mut ( * _14); - _14 <- { _14 with current = ^ _13 }; - _10 <- ([#"../inc_max_3.rs" 14 8 14 30] swap0 _11 _13); + [#"../inc_max_3.rs" 14 13 14 20] _12 <- Borrow.borrow_mut ma; + [#"../inc_max_3.rs" 14 13 14 20] ma <- ^ _12; + [#"../inc_max_3.rs" 14 13 14 20] _11 <- Borrow.borrow_mut ( * _12); + [#"../inc_max_3.rs" 14 13 14 20] _12 <- { _12 with current = ^ _11 }; + [#"../inc_max_3.rs" 14 22 14 29] _14 <- Borrow.borrow_mut mb; + [#"../inc_max_3.rs" 14 22 14 29] mb <- ^ _14; + [#"../inc_max_3.rs" 14 22 14 29] _13 <- Borrow.borrow_mut ( * _14); + [#"../inc_max_3.rs" 14 22 14 29] _14 <- { _14 with current = ^ _13 }; + [#"../inc_max_3.rs" 14 8 14 30] _10 <- ([#"../inc_max_3.rs" 14 8 14 30] swap0 _11 _13); _11 <- any borrowed (borrowed uint32); _13 <- any borrowed (borrowed uint32); goto BB2 @@ -69,29 +69,29 @@ module IncMax3_IncMax3 BB2 { assume { resolve0 _14 }; assume { resolve0 _12 }; - _6 <- ([#"../inc_max_3.rs" 13 17 15 5] ()); + [#"../inc_max_3.rs" 13 17 15 5] _6 <- ([#"../inc_max_3.rs" 13 17 15 5] ()); goto BB4 } BB3 { - _6 <- ([#"../inc_max_3.rs" 15 5 15 5] ()); + [#"../inc_max_3.rs" 15 5 15 5] _6 <- ([#"../inc_max_3.rs" 15 5 15 5] ()); goto BB4 } BB4 { - switch ([#"../inc_max_3.rs" 16 7 16 16] * mb < * mc) + switch ([#"../inc_max_3.rs" 16 7 16 16] ([#"../inc_max_3.rs" 16 7 16 10] * mb) < ([#"../inc_max_3.rs" 16 13 16 16] * mc)) | False -> goto BB7 | True -> goto BB5 end } BB5 { - _21 <- Borrow.borrow_mut mb; - mb <- ^ _21; - _20 <- Borrow.borrow_mut ( * _21); - _21 <- { _21 with current = ^ _20 }; - _23 <- Borrow.borrow_mut mc; - mc <- ^ _23; - _22 <- Borrow.borrow_mut ( * _23); - _23 <- { _23 with current = ^ _22 }; - _19 <- ([#"../inc_max_3.rs" 17 8 17 30] swap0 _20 _22); + [#"../inc_max_3.rs" 17 13 17 20] _21 <- Borrow.borrow_mut mb; + [#"../inc_max_3.rs" 17 13 17 20] mb <- ^ _21; + [#"../inc_max_3.rs" 17 13 17 20] _20 <- Borrow.borrow_mut ( * _21); + [#"../inc_max_3.rs" 17 13 17 20] _21 <- { _21 with current = ^ _20 }; + [#"../inc_max_3.rs" 17 22 17 29] _23 <- Borrow.borrow_mut mc; + [#"../inc_max_3.rs" 17 22 17 29] mc <- ^ _23; + [#"../inc_max_3.rs" 17 22 17 29] _22 <- Borrow.borrow_mut ( * _23); + [#"../inc_max_3.rs" 17 22 17 29] _23 <- { _23 with current = ^ _22 }; + [#"../inc_max_3.rs" 17 8 17 30] _19 <- ([#"../inc_max_3.rs" 17 8 17 30] swap0 _20 _22); _20 <- any borrowed (borrowed uint32); _22 <- any borrowed (borrowed uint32); goto BB6 @@ -100,30 +100,30 @@ module IncMax3_IncMax3 assume { resolve0 _23 }; assume { resolve0 _21 }; assume { resolve1 mc }; - _15 <- ([#"../inc_max_3.rs" 16 17 18 5] ()); + [#"../inc_max_3.rs" 16 17 18 5] _15 <- ([#"../inc_max_3.rs" 16 17 18 5] ()); goto BB8 } BB7 { assume { resolve1 mc }; - _15 <- ([#"../inc_max_3.rs" 18 5 18 5] ()); + [#"../inc_max_3.rs" 18 5 18 5] _15 <- ([#"../inc_max_3.rs" 18 5 18 5] ()); goto BB8 } BB8 { - switch ([#"../inc_max_3.rs" 19 7 19 16] * ma < * mb) + switch ([#"../inc_max_3.rs" 19 7 19 16] ([#"../inc_max_3.rs" 19 7 19 10] * ma) < ([#"../inc_max_3.rs" 19 13 19 16] * mb)) | False -> goto BB11 | True -> goto BB9 end } BB9 { - _30 <- Borrow.borrow_mut ma; - ma <- ^ _30; - _29 <- Borrow.borrow_mut ( * _30); - _30 <- { _30 with current = ^ _29 }; - _32 <- Borrow.borrow_mut mb; - mb <- ^ _32; - _31 <- Borrow.borrow_mut ( * _32); - _32 <- { _32 with current = ^ _31 }; - _28 <- ([#"../inc_max_3.rs" 20 8 20 30] swap0 _29 _31); + [#"../inc_max_3.rs" 20 13 20 20] _30 <- Borrow.borrow_mut ma; + [#"../inc_max_3.rs" 20 13 20 20] ma <- ^ _30; + [#"../inc_max_3.rs" 20 13 20 20] _29 <- Borrow.borrow_mut ( * _30); + [#"../inc_max_3.rs" 20 13 20 20] _30 <- { _30 with current = ^ _29 }; + [#"../inc_max_3.rs" 20 22 20 29] _32 <- Borrow.borrow_mut mb; + [#"../inc_max_3.rs" 20 22 20 29] mb <- ^ _32; + [#"../inc_max_3.rs" 20 22 20 29] _31 <- Borrow.borrow_mut ( * _32); + [#"../inc_max_3.rs" 20 22 20 29] _32 <- { _32 with current = ^ _31 }; + [#"../inc_max_3.rs" 20 8 20 30] _28 <- ([#"../inc_max_3.rs" 20 8 20 30] swap0 _29 _31); _29 <- any borrowed (borrowed uint32); _31 <- any borrowed (borrowed uint32); goto BB10 @@ -131,19 +131,19 @@ module IncMax3_IncMax3 BB10 { assume { resolve0 _32 }; assume { resolve0 _30 }; - _24 <- ([#"../inc_max_3.rs" 19 17 21 5] ()); + [#"../inc_max_3.rs" 19 17 21 5] _24 <- ([#"../inc_max_3.rs" 19 17 21 5] ()); goto BB12 } BB11 { - _24 <- ([#"../inc_max_3.rs" 21 5 21 5] ()); + [#"../inc_max_3.rs" 21 5 21 5] _24 <- ([#"../inc_max_3.rs" 21 5 21 5] ()); goto BB12 } BB12 { - ma <- { ma with current = ([#"../inc_max_3.rs" 22 4 22 12] * ma + ([#"../inc_max_3.rs" 22 11 22 12] [#"../inc_max_3.rs" 22 11 22 12] (2 : uint32))) }; + [#"../inc_max_3.rs" 22 4 22 12] ma <- { ma with current = ([#"../inc_max_3.rs" 22 4 22 12] * ma + ([#"../inc_max_3.rs" 22 11 22 12] [#"../inc_max_3.rs" 22 11 22 12] (2 : uint32))) }; assume { resolve1 ma }; - mb <- { mb with current = ([#"../inc_max_3.rs" 23 4 23 12] * mb + ([#"../inc_max_3.rs" 23 11 23 12] [#"../inc_max_3.rs" 23 11 23 12] (1 : uint32))) }; + [#"../inc_max_3.rs" 23 4 23 12] mb <- { mb with current = ([#"../inc_max_3.rs" 23 4 23 12] * mb + ([#"../inc_max_3.rs" 23 11 23 12] [#"../inc_max_3.rs" 23 11 23 12] (1 : uint32))) }; assume { resolve1 mb }; - _0 <- ([#"../inc_max_3.rs" 12 80 24 1] ()); + [#"../inc_max_3.rs" 12 80 24 1] _0 <- ([#"../inc_max_3.rs" 12 80 24 1] ()); return _0 } @@ -182,19 +182,19 @@ module IncMax3_TestIncMax3 goto BB0 } BB0 { - _7 <- Borrow.borrow_mut a; - a <- ^ _7; - _6 <- Borrow.borrow_mut ( * _7); - _7 <- { _7 with current = ^ _6 }; - _9 <- Borrow.borrow_mut b; - b <- ^ _9; - _8 <- Borrow.borrow_mut ( * _9); - _9 <- { _9 with current = ^ _8 }; - _11 <- Borrow.borrow_mut c; - c <- ^ _11; - _10 <- Borrow.borrow_mut ( * _11); - _11 <- { _11 with current = ^ _10 }; - _5 <- ([#"../inc_max_3.rs" 28 4 28 37] inc_max_30 _6 _8 _10); + [#"../inc_max_3.rs" 28 14 28 20] _7 <- Borrow.borrow_mut a; + [#"../inc_max_3.rs" 28 14 28 20] a <- ^ _7; + [#"../inc_max_3.rs" 28 14 28 20] _6 <- Borrow.borrow_mut ( * _7); + [#"../inc_max_3.rs" 28 14 28 20] _7 <- { _7 with current = ^ _6 }; + [#"../inc_max_3.rs" 28 22 28 28] _9 <- Borrow.borrow_mut b; + [#"../inc_max_3.rs" 28 22 28 28] b <- ^ _9; + [#"../inc_max_3.rs" 28 22 28 28] _8 <- Borrow.borrow_mut ( * _9); + [#"../inc_max_3.rs" 28 22 28 28] _9 <- { _9 with current = ^ _8 }; + [#"../inc_max_3.rs" 28 30 28 36] _11 <- Borrow.borrow_mut c; + [#"../inc_max_3.rs" 28 30 28 36] c <- ^ _11; + [#"../inc_max_3.rs" 28 30 28 36] _10 <- Borrow.borrow_mut ( * _11); + [#"../inc_max_3.rs" 28 30 28 36] _11 <- { _11 with current = ^ _10 }; + [#"../inc_max_3.rs" 28 4 28 37] _5 <- ([#"../inc_max_3.rs" 28 4 28 37] inc_max_30 _6 _8 _10); _6 <- any borrowed uint32; _8 <- any borrowed uint32; _10 <- any borrowed uint32; @@ -204,17 +204,17 @@ module IncMax3_TestIncMax3 assume { resolve0 _11 }; assume { resolve0 _9 }; assume { resolve0 _7 }; - switch ([#"../inc_max_3.rs" 29 12 29 18] a <> b) + switch ([#"../inc_max_3.rs" 29 12 29 18] ([#"../inc_max_3.rs" 29 12 29 13] a) <> ([#"../inc_max_3.rs" 29 17 29 18] b)) | False -> goto BB5 | True -> goto BB6 end } BB2 { - _14 <- ([#"../inc_max_3.rs" 29 12 29 38] [#"../inc_max_3.rs" 29 12 29 38] false); + [#"../inc_max_3.rs" 29 12 29 38] _14 <- ([#"../inc_max_3.rs" 29 12 29 38] [#"../inc_max_3.rs" 29 12 29 38] false); goto BB4 } BB3 { - _14 <- ([#"../inc_max_3.rs" 29 32 29 38] c <> a); + [#"../inc_max_3.rs" 29 12 29 38] _14 <- ([#"../inc_max_3.rs" 29 32 29 38] ([#"../inc_max_3.rs" 29 32 29 33] c) <> ([#"../inc_max_3.rs" 29 37 29 38] a)); goto BB4 } BB4 { @@ -224,11 +224,11 @@ module IncMax3_TestIncMax3 end } BB5 { - _15 <- ([#"../inc_max_3.rs" 29 12 29 28] [#"../inc_max_3.rs" 29 12 29 28] false); + [#"../inc_max_3.rs" 29 12 29 28] _15 <- ([#"../inc_max_3.rs" 29 12 29 28] [#"../inc_max_3.rs" 29 12 29 28] false); goto BB7 } BB6 { - _15 <- ([#"../inc_max_3.rs" 29 22 29 28] b <> c); + [#"../inc_max_3.rs" 29 12 29 28] _15 <- ([#"../inc_max_3.rs" 29 22 29 28] ([#"../inc_max_3.rs" 29 22 29 23] b) <> ([#"../inc_max_3.rs" 29 27 29 28] c)); goto BB7 } BB7 { @@ -238,10 +238,11 @@ module IncMax3_TestIncMax3 end } BB8 { + assert { [#"../inc_max_3.rs" 29 4 29 39] false }; absurd } BB9 { - _0 <- ([#"../inc_max_3.rs" 27 58 30 1] ()); + [#"../inc_max_3.rs" 27 58 30 1] _0 <- ([#"../inc_max_3.rs" 27 58 30 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_3/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_max_3/why3shapes.gz index 19e75b7fec..6b7f9de372 100644 Binary files a/creusot/tests/should_succeed/rusthorn/inc_max_3/why3shapes.gz and b/creusot/tests/should_succeed/rusthorn/inc_max_3/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_many.mlcfg b/creusot/tests/should_succeed/rusthorn/inc_max_many.mlcfg index b690042ed2..e72775b9f7 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_many.mlcfg +++ b/creusot/tests/should_succeed/rusthorn/inc_max_many.mlcfg @@ -26,31 +26,31 @@ module IncMaxMany_TakeMax goto BB0 } BB0 { - switch ([#"../inc_max_many.rs" 7 7 7 17] * ma >= * mb) + switch ([#"../inc_max_many.rs" 7 7 7 17] ([#"../inc_max_many.rs" 7 7 7 10] * ma) >= ([#"../inc_max_many.rs" 7 14 7 17] * mb)) | False -> goto BB2 | True -> goto BB1 end } BB1 { assume { resolve0 mb }; - _9 <- Borrow.borrow_mut ( * ma); - ma <- { ma with current = ^ _9 }; - _5 <- Borrow.borrow_mut ( * _9); - _9 <- { _9 with current = ^ _5 }; + [#"../inc_max_many.rs" 8 8 8 10] _9 <- Borrow.borrow_mut ( * ma); + [#"../inc_max_many.rs" 8 8 8 10] ma <- { ma with current = ^ _9 }; + [#"../inc_max_many.rs" 8 8 8 10] _5 <- Borrow.borrow_mut ( * _9); + [#"../inc_max_many.rs" 8 8 8 10] _9 <- { _9 with current = ^ _5 }; assume { resolve0 _9 }; goto BB3 } BB2 { assume { resolve0 ma }; - _5 <- Borrow.borrow_mut ( * mb); - mb <- { mb with current = ^ _5 }; + [#"../inc_max_many.rs" 10 8 10 10] _5 <- Borrow.borrow_mut ( * mb); + [#"../inc_max_many.rs" 10 8 10 10] mb <- { mb with current = ^ _5 }; goto BB3 } BB3 { - _3 <- Borrow.borrow_mut ( * _5); - _5 <- { _5 with current = ^ _3 }; - _0 <- Borrow.borrow_mut ( * _3); - _3 <- { _3 with current = ^ _0 }; + [#"../inc_max_many.rs" 7 4 11 5] _3 <- Borrow.borrow_mut ( * _5); + [#"../inc_max_many.rs" 7 4 11 5] _5 <- { _5 with current = ^ _3 }; + [#"../inc_max_many.rs" 7 4 11 5] _0 <- Borrow.borrow_mut ( * _3); + [#"../inc_max_many.rs" 7 4 11 5] _3 <- { _3 with current = ^ _0 }; assume { resolve0 _5 }; assume { resolve0 _3 }; assume { resolve0 mb }; @@ -93,15 +93,15 @@ module IncMaxMany_IncMaxMany goto BB0 } BB0 { - _7 <- Borrow.borrow_mut a; - a <- ^ _7; - _6 <- Borrow.borrow_mut ( * _7); - _7 <- { _7 with current = ^ _6 }; - _9 <- Borrow.borrow_mut b; - b <- ^ _9; - _8 <- Borrow.borrow_mut ( * _9); - _9 <- { _9 with current = ^ _8 }; - mc <- ([#"../inc_max_many.rs" 16 13 16 37] take_max0 _6 _8); + [#"../inc_max_many.rs" 16 22 16 28] _7 <- Borrow.borrow_mut a; + [#"../inc_max_many.rs" 16 22 16 28] a <- ^ _7; + [#"../inc_max_many.rs" 16 22 16 28] _6 <- Borrow.borrow_mut ( * _7); + [#"../inc_max_many.rs" 16 22 16 28] _7 <- { _7 with current = ^ _6 }; + [#"../inc_max_many.rs" 16 30 16 36] _9 <- Borrow.borrow_mut b; + [#"../inc_max_many.rs" 16 30 16 36] b <- ^ _9; + [#"../inc_max_many.rs" 16 30 16 36] _8 <- Borrow.borrow_mut ( * _9); + [#"../inc_max_many.rs" 16 30 16 36] _9 <- { _9 with current = ^ _8 }; + [#"../inc_max_many.rs" 16 13 16 37] mc <- ([#"../inc_max_many.rs" 16 13 16 37] take_max0 _6 _8); _6 <- any borrowed uint32; _8 <- any borrowed uint32; goto BB1 @@ -109,19 +109,19 @@ module IncMaxMany_IncMaxMany BB1 { assume { resolve0 _9 }; assume { resolve0 _7 }; - mc <- { mc with current = ([#"../inc_max_many.rs" 17 4 17 12] * mc + k) }; + [#"../inc_max_many.rs" 17 4 17 12] mc <- { mc with current = ([#"../inc_max_many.rs" 17 4 17 12] * mc + ([#"../inc_max_many.rs" 17 11 17 12] k)) }; assume { resolve0 mc }; - switch ([#"../inc_max_many.rs" 18 12 18 22] a >= ([#"../inc_max_many.rs" 18 17 18 22] b + k)) + switch ([#"../inc_max_many.rs" 18 12 18 22] ([#"../inc_max_many.rs" 18 12 18 13] a) >= ([#"../inc_max_many.rs" 18 17 18 22] ([#"../inc_max_many.rs" 18 17 18 18] b) + ([#"../inc_max_many.rs" 18 21 18 22] k))) | False -> goto BB3 | True -> goto BB2 end } BB2 { - _13 <- ([#"../inc_max_many.rs" 18 12 18 36] [#"../inc_max_many.rs" 18 12 18 36] true); + [#"../inc_max_many.rs" 18 12 18 36] _13 <- ([#"../inc_max_many.rs" 18 12 18 36] [#"../inc_max_many.rs" 18 12 18 36] true); goto BB4 } BB3 { - _13 <- ([#"../inc_max_many.rs" 18 26 18 36] b >= ([#"../inc_max_many.rs" 18 31 18 36] a + k)); + [#"../inc_max_many.rs" 18 12 18 36] _13 <- ([#"../inc_max_many.rs" 18 26 18 36] ([#"../inc_max_many.rs" 18 26 18 27] b) >= ([#"../inc_max_many.rs" 18 31 18 36] ([#"../inc_max_many.rs" 18 31 18 32] a) + ([#"../inc_max_many.rs" 18 35 18 36] k))); goto BB4 } BB4 { @@ -131,10 +131,11 @@ module IncMaxMany_IncMaxMany end } BB5 { + assert { [#"../inc_max_many.rs" 18 4 18 37] false }; absurd } BB6 { - _0 <- ([#"../inc_max_many.rs" 15 52 19 1] ()); + [#"../inc_max_many.rs" 15 52 19 1] _0 <- ([#"../inc_max_many.rs" 15 52 19 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_many/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_max_many/why3shapes.gz index 9b865e4b3c..19c3c52f1e 100644 Binary files a/creusot/tests/should_succeed/rusthorn/inc_max_many/why3shapes.gz and b/creusot/tests/should_succeed/rusthorn/inc_max_many/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_repeat.mlcfg b/creusot/tests/should_succeed/rusthorn/inc_max_repeat.mlcfg index bde8b2bdaf..c50aefebe3 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_repeat.mlcfg +++ b/creusot/tests/should_succeed/rusthorn/inc_max_repeat.mlcfg @@ -26,31 +26,31 @@ module IncMaxRepeat_TakeMax goto BB0 } BB0 { - switch ([#"../inc_max_repeat.rs" 7 7 7 17] * ma >= * mb) + switch ([#"../inc_max_repeat.rs" 7 7 7 17] ([#"../inc_max_repeat.rs" 7 7 7 10] * ma) >= ([#"../inc_max_repeat.rs" 7 14 7 17] * mb)) | False -> goto BB2 | True -> goto BB1 end } BB1 { assume { resolve0 mb }; - _9 <- Borrow.borrow_mut ( * ma); - ma <- { ma with current = ^ _9 }; - _5 <- Borrow.borrow_mut ( * _9); - _9 <- { _9 with current = ^ _5 }; + [#"../inc_max_repeat.rs" 8 8 8 10] _9 <- Borrow.borrow_mut ( * ma); + [#"../inc_max_repeat.rs" 8 8 8 10] ma <- { ma with current = ^ _9 }; + [#"../inc_max_repeat.rs" 8 8 8 10] _5 <- Borrow.borrow_mut ( * _9); + [#"../inc_max_repeat.rs" 8 8 8 10] _9 <- { _9 with current = ^ _5 }; assume { resolve0 _9 }; goto BB3 } BB2 { assume { resolve0 ma }; - _5 <- Borrow.borrow_mut ( * mb); - mb <- { mb with current = ^ _5 }; + [#"../inc_max_repeat.rs" 10 8 10 10] _5 <- Borrow.borrow_mut ( * mb); + [#"../inc_max_repeat.rs" 10 8 10 10] mb <- { mb with current = ^ _5 }; goto BB3 } BB3 { - _3 <- Borrow.borrow_mut ( * _5); - _5 <- { _5 with current = ^ _3 }; - _0 <- Borrow.borrow_mut ( * _3); - _3 <- { _3 with current = ^ _0 }; + [#"../inc_max_repeat.rs" 7 4 11 5] _3 <- Borrow.borrow_mut ( * _5); + [#"../inc_max_repeat.rs" 7 4 11 5] _5 <- { _5 with current = ^ _3 }; + [#"../inc_max_repeat.rs" 7 4 11 5] _0 <- Borrow.borrow_mut ( * _3); + [#"../inc_max_repeat.rs" 7 4 11 5] _3 <- { _3 with current = ^ _0 }; assume { resolve0 _5 }; assume { resolve0 _3 }; assume { resolve0 mb }; @@ -95,7 +95,7 @@ module IncMaxRepeat_IncMaxRepeat val inv3 (_x : Seq.seq uint32) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../inc_max_repeat.rs" 1 0 1 0] forall x : Seq.seq uint32 . inv3 x = true + axiom inv3 : forall x : Seq.seq uint32 . inv3 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant2 (self : Core_Option_Option_Type.t_option uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -106,7 +106,7 @@ module IncMaxRepeat_IncMaxRepeat val inv2 (_x : Core_Option_Option_Type.t_option uint32) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../inc_max_repeat.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option uint32 . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option uint32 . inv2 x = true use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type use prelude.Borrow predicate invariant1 (self : borrowed (Core_Ops_Range_Range_Type.t_range uint32)) = @@ -118,7 +118,7 @@ module IncMaxRepeat_IncMaxRepeat val inv1 (_x : borrowed (Core_Ops_Range_Range_Type.t_range uint32)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../inc_max_repeat.rs" 1 0 1 0] forall x : borrowed (Core_Ops_Range_Range_Type.t_range uint32) . inv1 x = true + axiom inv1 : forall x : borrowed (Core_Ops_Range_Range_Type.t_range uint32) . inv1 x = true use seq.Seq predicate inv0 (_x : Core_Ops_Range_Range_Type.t_range uint32) val inv0 (_x : Core_Ops_Range_Range_Type.t_range uint32) : bool @@ -166,7 +166,7 @@ module IncMaxRepeat_IncMaxRepeat val invariant0 (self : Core_Ops_Range_Range_Type.t_range uint32) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../inc_max_repeat.rs" 1 0 1 0] forall x : Core_Ops_Range_Range_Type.t_range uint32 . inv0 x = true + axiom inv0 : forall x : Core_Ops_Range_Range_Type.t_range uint32 . inv0 x = true use prelude.Ghost predicate resolve1 (self : borrowed uint32) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self @@ -248,15 +248,15 @@ module IncMaxRepeat_IncMaxRepeat goto BB0 } BB0 { - iter <- ([#"../inc_max_repeat.rs" 16 4 16 86] into_iter0 ([#"../inc_max_repeat.rs" 18 13 18 17] Core_Ops_Range_Range_Type.C_Range ([#"../inc_max_repeat.rs" 18 13 18 14] [#"../inc_max_repeat.rs" 18 13 18 14] (0 : uint32)) n)); + [#"../inc_max_repeat.rs" 16 4 16 86] iter <- ([#"../inc_max_repeat.rs" 16 4 16 86] into_iter0 ([#"../inc_max_repeat.rs" 18 13 18 17] Core_Ops_Range_Range_Type.C_Range ([#"../inc_max_repeat.rs" 18 13 18 14] [#"../inc_max_repeat.rs" 18 13 18 14] (0 : uint32)) ([#"../inc_max_repeat.rs" 18 16 18 17] n))); goto BB1 } BB1 { - iter_old <- ([#"../inc_max_repeat.rs" 16 4 16 86] Ghost.new iter); + [#"../inc_max_repeat.rs" 16 4 16 86] iter_old <- ([#"../inc_max_repeat.rs" 16 4 16 86] Ghost.new iter); goto BB2 } BB2 { - produced <- ([#"../inc_max_repeat.rs" 16 4 16 86] Ghost.new (Seq.empty )); + [#"../inc_max_repeat.rs" 16 4 16 86] produced <- ([#"../inc_max_repeat.rs" 16 4 16 86] Ghost.new (Seq.empty )); goto BB3 } BB3 { @@ -270,11 +270,11 @@ module IncMaxRepeat_IncMaxRepeat goto BB5 } BB5 { - _20 <- Borrow.borrow_mut iter; - iter <- ^ _20; - _19 <- Borrow.borrow_mut ( * _20); - _20 <- { _20 with current = ^ _19 }; - _18 <- ([#"../inc_max_repeat.rs" 16 4 16 86] next0 _19); + [#"../inc_max_repeat.rs" 16 4 16 86] _20 <- Borrow.borrow_mut iter; + [#"../inc_max_repeat.rs" 16 4 16 86] iter <- ^ _20; + [#"../inc_max_repeat.rs" 16 4 16 86] _19 <- Borrow.borrow_mut ( * _20); + [#"../inc_max_repeat.rs" 16 4 16 86] _20 <- { _20 with current = ^ _19 }; + [#"../inc_max_repeat.rs" 16 4 16 86] _18 <- ([#"../inc_max_repeat.rs" 16 4 16 86] next0 _19); _19 <- any borrowed (Core_Ops_Range_Range_Type.t_range uint32); goto BB6 } @@ -286,7 +286,7 @@ module IncMaxRepeat_IncMaxRepeat end } BB7 { - switch ([#"../inc_max_repeat.rs" 22 12 22 22] a >= ([#"../inc_max_repeat.rs" 22 17 22 22] b + n)) + switch ([#"../inc_max_repeat.rs" 22 12 22 22] ([#"../inc_max_repeat.rs" 22 12 22 13] a) >= ([#"../inc_max_repeat.rs" 22 17 22 22] ([#"../inc_max_repeat.rs" 22 17 22 18] b) + ([#"../inc_max_repeat.rs" 22 21 22 22] n))) | False -> goto BB14 | True -> goto BB13 end @@ -295,25 +295,26 @@ module IncMaxRepeat_IncMaxRepeat goto BB10 } BB9 { + assert { [#"../inc_max_repeat.rs" 16 4 16 86] false }; absurd } BB10 { - __creusot_proc_iter_elem <- Core_Option_Option_Type.some_0 _18; - _23 <- ([#"../inc_max_repeat.rs" 16 4 16 86] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _18); + [#"../inc_max_repeat.rs" 16 4 16 86] _23 <- ([#"../inc_max_repeat.rs" 16 4 16 86] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); goto BB11 } BB11 { - produced <- _23; - _23 <- any Ghost.ghost_ty (Seq.seq uint32); - _27 <- Borrow.borrow_mut a; - a <- ^ _27; - _26 <- Borrow.borrow_mut ( * _27); - _27 <- { _27 with current = ^ _26 }; - _29 <- Borrow.borrow_mut b; - b <- ^ _29; - _28 <- Borrow.borrow_mut ( * _29); - _29 <- { _29 with current = ^ _28 }; - mc <- ([#"../inc_max_repeat.rs" 19 17 19 41] take_max0 _26 _28); + [#"../inc_max_repeat.rs" 16 4 16 86] produced <- ([#"../inc_max_repeat.rs" 16 4 16 86] _23); + [#"../inc_max_repeat.rs" 16 4 16 86] _23 <- any Ghost.ghost_ty (Seq.seq uint32); + [#"../inc_max_repeat.rs" 19 26 19 32] _27 <- Borrow.borrow_mut a; + [#"../inc_max_repeat.rs" 19 26 19 32] a <- ^ _27; + [#"../inc_max_repeat.rs" 19 26 19 32] _26 <- Borrow.borrow_mut ( * _27); + [#"../inc_max_repeat.rs" 19 26 19 32] _27 <- { _27 with current = ^ _26 }; + [#"../inc_max_repeat.rs" 19 34 19 40] _29 <- Borrow.borrow_mut b; + [#"../inc_max_repeat.rs" 19 34 19 40] b <- ^ _29; + [#"../inc_max_repeat.rs" 19 34 19 40] _28 <- Borrow.borrow_mut ( * _29); + [#"../inc_max_repeat.rs" 19 34 19 40] _29 <- { _29 with current = ^ _28 }; + [#"../inc_max_repeat.rs" 19 17 19 41] mc <- ([#"../inc_max_repeat.rs" 19 17 19 41] take_max0 _26 _28); _26 <- any borrowed uint32; _28 <- any borrowed uint32; goto BB12 @@ -321,16 +322,16 @@ module IncMaxRepeat_IncMaxRepeat BB12 { assume { resolve1 _29 }; assume { resolve1 _27 }; - mc <- { mc with current = ([#"../inc_max_repeat.rs" 20 8 20 16] * mc + ([#"../inc_max_repeat.rs" 20 15 20 16] [#"../inc_max_repeat.rs" 20 15 20 16] (1 : uint32))) }; + [#"../inc_max_repeat.rs" 20 8 20 16] mc <- { mc with current = ([#"../inc_max_repeat.rs" 20 8 20 16] * mc + ([#"../inc_max_repeat.rs" 20 15 20 16] [#"../inc_max_repeat.rs" 20 15 20 16] (1 : uint32))) }; assume { resolve1 mc }; goto BB4 } BB13 { - _33 <- ([#"../inc_max_repeat.rs" 22 12 22 36] [#"../inc_max_repeat.rs" 22 12 22 36] true); + [#"../inc_max_repeat.rs" 22 12 22 36] _33 <- ([#"../inc_max_repeat.rs" 22 12 22 36] [#"../inc_max_repeat.rs" 22 12 22 36] true); goto BB15 } BB14 { - _33 <- ([#"../inc_max_repeat.rs" 22 26 22 36] b >= ([#"../inc_max_repeat.rs" 22 31 22 36] a + n)); + [#"../inc_max_repeat.rs" 22 12 22 36] _33 <- ([#"../inc_max_repeat.rs" 22 26 22 36] ([#"../inc_max_repeat.rs" 22 26 22 27] b) >= ([#"../inc_max_repeat.rs" 22 31 22 36] ([#"../inc_max_repeat.rs" 22 31 22 32] a) + ([#"../inc_max_repeat.rs" 22 35 22 36] n))); goto BB15 } BB15 { @@ -340,10 +341,11 @@ module IncMaxRepeat_IncMaxRepeat end } BB16 { + assert { [#"../inc_max_repeat.rs" 22 4 22 37] false }; absurd } BB17 { - _0 <- ([#"../inc_max_repeat.rs" 15 54 23 1] ()); + [#"../inc_max_repeat.rs" 15 54 23 1] _0 <- ([#"../inc_max_repeat.rs" 15 54 23 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3shapes.gz index dad1c9146e..59d6492d40 100644 Binary files a/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3shapes.gz and b/creusot/tests/should_succeed/rusthorn/inc_max_repeat/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_list.mlcfg b/creusot/tests/should_succeed/rusthorn/inc_some_2_list.mlcfg index b23c0a482a..5161ed570b 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_2_list.mlcfg +++ b/creusot/tests/should_succeed/rusthorn/inc_some_2_list.mlcfg @@ -77,20 +77,21 @@ module IncSome2List_Impl0_SumX goto BB4 } BB2 { - _0 <- ([#"../inc_some_2_list.rs" 46 19 46 20] [#"../inc_some_2_list.rs" 46 19 46 20] (0 : uint32)); + [#"../inc_some_2_list.rs" 46 19 46 20] _0 <- ([#"../inc_some_2_list.rs" 46 19 46 20] [#"../inc_some_2_list.rs" 46 19 46 20] (0 : uint32)); goto BB6 } BB3 { + assert { [#"../inc_some_2_list.rs" 44 14 44 18] false }; absurd } BB4 { - a <- ([#"../inc_some_2_list.rs" 45 17 45 18] IncSome2List_List_Type.cons_0 self); - l <- ([#"../inc_some_2_list.rs" 45 20 45 21] IncSome2List_List_Type.cons_1 self); - _8 <- ([#"../inc_some_2_list.rs" 45 31 45 40] sum_x ([#"../inc_some_2_list.rs" 45 31 45 40] l)); + [#"../inc_some_2_list.rs" 45 17 45 18] a <- ([#"../inc_some_2_list.rs" 45 17 45 18] IncSome2List_List_Type.cons_0 self); + [#"../inc_some_2_list.rs" 45 20 45 21] l <- ([#"../inc_some_2_list.rs" 45 20 45 21] IncSome2List_List_Type.cons_1 self); + [#"../inc_some_2_list.rs" 45 31 45 40] _8 <- ([#"../inc_some_2_list.rs" 45 31 45 40] sum_x ([#"../inc_some_2_list.rs" 45 31 45 40] l)); goto BB5 } BB5 { - _0 <- ([#"../inc_some_2_list.rs" 45 26 45 40] a + _8); + [#"../inc_some_2_list.rs" 45 26 45 40] _0 <- ([#"../inc_some_2_list.rs" 45 26 45 40] ([#"../inc_some_2_list.rs" 45 26 45 28] a) + _8); _8 <- any uint32; goto BB6 } @@ -179,18 +180,19 @@ module IncSome2List_Impl0_TakeSomeRest } BB3 { assume { resolve2 self }; + assert { [#"../inc_some_2_list.rs" 55 14 55 18] false }; absurd } BB4 { - ma <- Borrow.borrow_mut (IncSome2List_List_Type.cons_0 ( * self)); - self <- { self with current = (let IncSome2List_List_Type.C_Cons x0 x1 = * self in IncSome2List_List_Type.C_Cons ( ^ ma) x1) }; - ml <- Borrow.borrow_mut (IncSome2List_List_Type.cons_1 ( * self)); - self <- { self with current = (let IncSome2List_List_Type.C_Cons x0 x1 = * self in IncSome2List_List_Type.C_Cons x0 ( ^ ml)) }; - _8 <- ([#"../inc_some_2_list.rs" 57 16 57 45] Ghost.new (lemma_sum_nonneg0 ( * ml))); + [#"../inc_some_2_list.rs" 56 17 56 19] ma <- Borrow.borrow_mut (IncSome2List_List_Type.cons_0 ( * self)); + [#"../inc_some_2_list.rs" 56 17 56 19] self <- { self with current = (let IncSome2List_List_Type.C_Cons x0 x1 = * self in IncSome2List_List_Type.C_Cons ( ^ ma) x1) }; + [#"../inc_some_2_list.rs" 56 21 56 23] ml <- Borrow.borrow_mut (IncSome2List_List_Type.cons_1 ( * self)); + [#"../inc_some_2_list.rs" 56 21 56 23] self <- { self with current = (let IncSome2List_List_Type.C_Cons x0 x1 = * self in IncSome2List_List_Type.C_Cons x0 ( ^ ml)) }; + [#"../inc_some_2_list.rs" 57 16 57 45] _8 <- ([#"../inc_some_2_list.rs" 57 16 57 45] Ghost.new (lemma_sum_nonneg0 ( * ml))); goto BB5 } BB5 { - _10 <- ([#"../inc_some_2_list.rs" 58 19 58 27] random0 ()); + [#"../inc_some_2_list.rs" 58 19 58 27] _10 <- ([#"../inc_some_2_list.rs" 58 19 58 27] random0 ()); goto BB6 } BB6 { @@ -200,20 +202,20 @@ module IncSome2List_Impl0_TakeSomeRest end } BB7 { - _11 <- Borrow.borrow_mut ( * ma); - ma <- { ma with current = ^ _11 }; - _12 <- Borrow.borrow_mut ( * ml); - ml <- { ml with current = ^ _12 }; - _0 <- ([#"../inc_some_2_list.rs" 59 20 59 28] (_11, _12)); + [#"../inc_some_2_list.rs" 59 21 59 23] _11 <- Borrow.borrow_mut ( * ma); + [#"../inc_some_2_list.rs" 59 21 59 23] ma <- { ma with current = ^ _11 }; + [#"../inc_some_2_list.rs" 59 25 59 27] _12 <- Borrow.borrow_mut ( * ml); + [#"../inc_some_2_list.rs" 59 25 59 27] ml <- { ml with current = ^ _12 }; + [#"../inc_some_2_list.rs" 59 20 59 28] _0 <- ([#"../inc_some_2_list.rs" 59 20 59 28] (_11, _12)); _11 <- any borrowed uint32; _12 <- any borrowed (IncSome2List_List_Type.t_list); goto BB10 } BB8 { assume { resolve0 ma }; - _13 <- Borrow.borrow_mut ( * ml); - ml <- { ml with current = ^ _13 }; - _0 <- ([#"../inc_some_2_list.rs" 61 20 61 39] take_some_rest _13); + [#"../inc_some_2_list.rs" 61 20 61 39] _13 <- Borrow.borrow_mut ( * ml); + [#"../inc_some_2_list.rs" 61 20 61 39] ml <- { ml with current = ^ _13 }; + [#"../inc_some_2_list.rs" 61 20 61 39] _0 <- ([#"../inc_some_2_list.rs" 61 20 61 39] take_some_rest _13); _13 <- any borrowed (IncSome2List_List_Type.t_list); goto BB9 } @@ -302,51 +304,52 @@ module IncSome2List_IncSome2List goto BB1 } BB1 { - sum0 <- ([#"../inc_some_2_list.rs" 71 15 71 24] sum_x0 ([#"../inc_some_2_list.rs" 71 15 71 24] l)); + [#"../inc_some_2_list.rs" 71 15 71 24] sum0 <- ([#"../inc_some_2_list.rs" 71 15 71 24] sum_x0 ([#"../inc_some_2_list.rs" 71 15 71 24] l)); goto BB2 } BB2 { - _10 <- Borrow.borrow_mut l; - l <- ^ _10; - _9 <- ([#"../inc_some_2_list.rs" 72 19 72 37] take_some_rest0 _10); + [#"../inc_some_2_list.rs" 72 19 72 37] _10 <- Borrow.borrow_mut l; + [#"../inc_some_2_list.rs" 72 19 72 37] l <- ^ _10; + [#"../inc_some_2_list.rs" 72 19 72 37] _9 <- ([#"../inc_some_2_list.rs" 72 19 72 37] take_some_rest0 _10); _10 <- any borrowed (IncSome2List_List_Type.t_list); goto BB3 } BB3 { - ma <- (let (a, _) = _9 in a); - _9 <- (let (x0, x1) = _9 in (any borrowed uint32, x1)); - ml <- (let (_, a) = _9 in a); - _9 <- (let (x0, x1) = _9 in (x0, any borrowed (IncSome2List_List_Type.t_list))); + [#"../inc_some_2_list.rs" 72 9 72 11] ma <- ([#"../inc_some_2_list.rs" 72 9 72 11] let (a, _) = _9 in a); + [#"../inc_some_2_list.rs" 72 9 72 11] _9 <- (let (x0, x1) = _9 in (any borrowed uint32, x1)); + [#"../inc_some_2_list.rs" 72 13 72 15] ml <- ([#"../inc_some_2_list.rs" 72 13 72 15] let (_, a) = _9 in a); + [#"../inc_some_2_list.rs" 72 13 72 15] _9 <- (let (x0, x1) = _9 in (x0, any borrowed (IncSome2List_List_Type.t_list))); assume { resolve0 _9 }; - _13 <- Borrow.borrow_mut ( * ml); - ml <- { ml with current = ^ _13 }; - _12 <- ([#"../inc_some_2_list.rs" 73 18 73 37] take_some_rest0 _13); + [#"../inc_some_2_list.rs" 73 18 73 37] _13 <- Borrow.borrow_mut ( * ml); + [#"../inc_some_2_list.rs" 73 18 73 37] ml <- { ml with current = ^ _13 }; + [#"../inc_some_2_list.rs" 73 18 73 37] _12 <- ([#"../inc_some_2_list.rs" 73 18 73 37] take_some_rest0 _13); _13 <- any borrowed (IncSome2List_List_Type.t_list); goto BB4 } BB4 { - mb <- (let (a, _) = _12 in a); - _12 <- (let (x0, x1) = _12 in (any borrowed uint32, x1)); + [#"../inc_some_2_list.rs" 73 9 73 11] mb <- ([#"../inc_some_2_list.rs" 73 9 73 11] let (a, _) = _12 in a); + [#"../inc_some_2_list.rs" 73 9 73 11] _12 <- (let (x0, x1) = _12 in (any borrowed uint32, x1)); assume { resolve0 _12 }; - ma <- { ma with current = ([#"../inc_some_2_list.rs" 74 4 74 12] * ma + j) }; + [#"../inc_some_2_list.rs" 74 4 74 12] ma <- { ma with current = ([#"../inc_some_2_list.rs" 74 4 74 12] * ma + ([#"../inc_some_2_list.rs" 74 11 74 12] j)) }; assume { resolve1 ma }; - mb <- { mb with current = ([#"../inc_some_2_list.rs" 75 4 75 12] * mb + k) }; + [#"../inc_some_2_list.rs" 75 4 75 12] mb <- { mb with current = ([#"../inc_some_2_list.rs" 75 4 75 12] * mb + ([#"../inc_some_2_list.rs" 75 11 75 12] k)) }; assume { resolve1 mb }; assume { resolve2 ml }; - _19 <- ([#"../inc_some_2_list.rs" 76 12 76 21] sum_x0 ([#"../inc_some_2_list.rs" 76 12 76 21] l)); + [#"../inc_some_2_list.rs" 76 12 76 21] _19 <- ([#"../inc_some_2_list.rs" 76 12 76 21] sum_x0 ([#"../inc_some_2_list.rs" 76 12 76 21] l)); goto BB5 } BB5 { - switch ([#"../inc_some_2_list.rs" 76 4 76 38] not ([#"../inc_some_2_list.rs" 76 12 76 37] _19 = ([#"../inc_some_2_list.rs" 76 25 76 37] ([#"../inc_some_2_list.rs" 76 25 76 33] sum0 + j) + k))) + switch ([#"../inc_some_2_list.rs" 76 4 76 38] not ([#"../inc_some_2_list.rs" 76 12 76 37] _19 = ([#"../inc_some_2_list.rs" 76 25 76 37] ([#"../inc_some_2_list.rs" 76 25 76 33] ([#"../inc_some_2_list.rs" 76 25 76 29] sum0) + ([#"../inc_some_2_list.rs" 76 32 76 33] j)) + ([#"../inc_some_2_list.rs" 76 36 76 37] k)))) | False -> goto BB7 | True -> goto BB6 end } BB6 { + assert { [#"../inc_some_2_list.rs" 76 4 76 38] false }; absurd } BB7 { - _0 <- ([#"../inc_some_2_list.rs" 70 52 77 1] ()); + [#"../inc_some_2_list.rs" 70 52 77 1] _0 <- ([#"../inc_some_2_list.rs" 70 52 77 1] ()); goto BB8 } BB8 { diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_list/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_some_2_list/why3shapes.gz index 3ba42c2cb6..ac125aebb9 100644 Binary files a/creusot/tests/should_succeed/rusthorn/inc_some_2_list/why3shapes.gz and b/creusot/tests/should_succeed/rusthorn/inc_some_2_list/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.mlcfg b/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.mlcfg index 7a8e096635..ee571defc0 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.mlcfg +++ b/creusot/tests/should_succeed/rusthorn/inc_some_2_tree.mlcfg @@ -93,26 +93,27 @@ module IncSome2Tree_Impl0_SumX goto BB4 } BB2 { - _0 <- ([#"../inc_some_2_tree.rs" 55 20 55 21] [#"../inc_some_2_tree.rs" 55 20 55 21] (0 : uint32)); + [#"../inc_some_2_tree.rs" 55 20 55 21] _0 <- ([#"../inc_some_2_tree.rs" 55 20 55 21] [#"../inc_some_2_tree.rs" 55 20 55 21] (0 : uint32)); goto BB7 } BB3 { + assert { [#"../inc_some_2_tree.rs" 46 14 46 18] false }; absurd } BB4 { - tl <- ([#"../inc_some_2_tree.rs" 47 17 47 19] IncSome2Tree_Tree_Type.node_0 self); - a <- ([#"../inc_some_2_tree.rs" 47 21 47 22] IncSome2Tree_Tree_Type.node_1 self); - tr <- ([#"../inc_some_2_tree.rs" 47 24 47 26] IncSome2Tree_Tree_Type.node_2 self); + [#"../inc_some_2_tree.rs" 47 17 47 19] tl <- ([#"../inc_some_2_tree.rs" 47 17 47 19] IncSome2Tree_Tree_Type.node_0 self); + [#"../inc_some_2_tree.rs" 47 21 47 22] a <- ([#"../inc_some_2_tree.rs" 47 21 47 22] IncSome2Tree_Tree_Type.node_1 self); + [#"../inc_some_2_tree.rs" 47 24 47 26] tr <- ([#"../inc_some_2_tree.rs" 47 24 47 26] IncSome2Tree_Tree_Type.node_2 self); assert { [@expl:assertion] [#"../inc_some_2_tree.rs" 49 20 49 41] let _ = lemma_sum_nonneg0 tl in let _ = lemma_sum_nonneg0 tr in true }; - _11 <- ([#"../inc_some_2_tree.rs" 53 16 53 26] sum_x ([#"../inc_some_2_tree.rs" 53 16 53 26] tl)); + [#"../inc_some_2_tree.rs" 53 16 53 26] _11 <- ([#"../inc_some_2_tree.rs" 53 16 53 26] sum_x ([#"../inc_some_2_tree.rs" 53 16 53 26] tl)); goto BB5 } BB5 { - _14 <- ([#"../inc_some_2_tree.rs" 53 34 53 44] sum_x ([#"../inc_some_2_tree.rs" 53 34 53 44] tr)); + [#"../inc_some_2_tree.rs" 53 34 53 44] _14 <- ([#"../inc_some_2_tree.rs" 53 34 53 44] sum_x ([#"../inc_some_2_tree.rs" 53 34 53 44] tr)); goto BB6 } BB6 { - _0 <- ([#"../inc_some_2_tree.rs" 53 16 53 44] ([#"../inc_some_2_tree.rs" 53 16 53 31] _11 + a) + _14); + [#"../inc_some_2_tree.rs" 53 16 53 44] _0 <- ([#"../inc_some_2_tree.rs" 53 16 53 44] ([#"../inc_some_2_tree.rs" 53 16 53 31] _11 + ([#"../inc_some_2_tree.rs" 53 29 53 31] a)) + _14); _11 <- any uint32; _14 <- any uint32; goto BB7 @@ -205,17 +206,18 @@ module IncSome2Tree_Impl0_TakeSomeRest } BB3 { assume { resolve2 self }; + assert { [#"../inc_some_2_tree.rs" 64 14 64 18] false }; absurd } BB4 { - mtl <- Borrow.borrow_mut (IncSome2Tree_Tree_Type.node_0 ( * self)); - self <- { self with current = (let IncSome2Tree_Tree_Type.C_Node x0 x1 x2 = * self in IncSome2Tree_Tree_Type.C_Node ( ^ mtl) x1 x2) }; - ma <- Borrow.borrow_mut (IncSome2Tree_Tree_Type.node_1 ( * self)); - self <- { self with current = (let IncSome2Tree_Tree_Type.C_Node x0 x1 x2 = * self in IncSome2Tree_Tree_Type.C_Node x0 ( ^ ma) x2) }; - mtr <- Borrow.borrow_mut (IncSome2Tree_Tree_Type.node_2 ( * self)); - self <- { self with current = (let IncSome2Tree_Tree_Type.C_Node x0 x1 x2 = * self in IncSome2Tree_Tree_Type.C_Node x0 x1 ( ^ mtr)) }; + [#"../inc_some_2_tree.rs" 65 17 65 20] mtl <- Borrow.borrow_mut (IncSome2Tree_Tree_Type.node_0 ( * self)); + [#"../inc_some_2_tree.rs" 65 17 65 20] self <- { self with current = (let IncSome2Tree_Tree_Type.C_Node x0 x1 x2 = * self in IncSome2Tree_Tree_Type.C_Node ( ^ mtl) x1 x2) }; + [#"../inc_some_2_tree.rs" 65 22 65 24] ma <- Borrow.borrow_mut (IncSome2Tree_Tree_Type.node_1 ( * self)); + [#"../inc_some_2_tree.rs" 65 22 65 24] self <- { self with current = (let IncSome2Tree_Tree_Type.C_Node x0 x1 x2 = * self in IncSome2Tree_Tree_Type.C_Node x0 ( ^ ma) x2) }; + [#"../inc_some_2_tree.rs" 65 26 65 29] mtr <- Borrow.borrow_mut (IncSome2Tree_Tree_Type.node_2 ( * self)); + [#"../inc_some_2_tree.rs" 65 26 65 29] self <- { self with current = (let IncSome2Tree_Tree_Type.C_Node x0 x1 x2 = * self in IncSome2Tree_Tree_Type.C_Node x0 x1 ( ^ mtr)) }; assert { [@expl:assertion] [#"../inc_some_2_tree.rs" 67 20 67 42] let _ = lemma_sum_nonneg0 ( * mtl) in let _ = lemma_sum_nonneg0 ( * mtr) in true }; - _11 <- ([#"../inc_some_2_tree.rs" 71 19 71 27] random0 ()); + [#"../inc_some_2_tree.rs" 71 19 71 27] _11 <- ([#"../inc_some_2_tree.rs" 71 19 71 27] random0 ()); goto BB5 } BB5 { @@ -225,9 +227,9 @@ module IncSome2Tree_Impl0_TakeSomeRest end } BB6 { - _12 <- Borrow.borrow_mut ( * ma); - ma <- { ma with current = ^ _12 }; - _15 <- ([#"../inc_some_2_tree.rs" 72 28 72 36] random0 ()); + [#"../inc_some_2_tree.rs" 72 21 72 23] _12 <- Borrow.borrow_mut ( * ma); + [#"../inc_some_2_tree.rs" 72 21 72 23] ma <- { ma with current = ^ _12 }; + [#"../inc_some_2_tree.rs" 72 28 72 36] _15 <- ([#"../inc_some_2_tree.rs" 72 28 72 36] random0 ()); goto BB7 } BB7 { @@ -238,23 +240,23 @@ module IncSome2Tree_Impl0_TakeSomeRest } BB8 { assume { resolve1 mtr }; - _16 <- Borrow.borrow_mut ( * mtl); - mtl <- { mtl with current = ^ _16 }; - _14 <- Borrow.borrow_mut ( * _16); - _16 <- { _16 with current = ^ _14 }; + [#"../inc_some_2_tree.rs" 72 39 72 42] _16 <- Borrow.borrow_mut ( * mtl); + [#"../inc_some_2_tree.rs" 72 39 72 42] mtl <- { mtl with current = ^ _16 }; + [#"../inc_some_2_tree.rs" 72 39 72 42] _14 <- Borrow.borrow_mut ( * _16); + [#"../inc_some_2_tree.rs" 72 39 72 42] _16 <- { _16 with current = ^ _14 }; assume { resolve2 _16 }; goto BB10 } BB9 { assume { resolve1 mtl }; - _14 <- Borrow.borrow_mut ( * mtr); - mtr <- { mtr with current = ^ _14 }; + [#"../inc_some_2_tree.rs" 72 52 72 55] _14 <- Borrow.borrow_mut ( * mtr); + [#"../inc_some_2_tree.rs" 72 52 72 55] mtr <- { mtr with current = ^ _14 }; goto BB10 } BB10 { - _13 <- Borrow.borrow_mut ( * _14); - _14 <- { _14 with current = ^ _13 }; - _0 <- ([#"../inc_some_2_tree.rs" 72 20 72 58] (_12, _13)); + [#"../inc_some_2_tree.rs" 72 25 72 57] _13 <- Borrow.borrow_mut ( * _14); + [#"../inc_some_2_tree.rs" 72 25 72 57] _14 <- { _14 with current = ^ _13 }; + [#"../inc_some_2_tree.rs" 72 20 72 58] _0 <- ([#"../inc_some_2_tree.rs" 72 20 72 58] (_12, _13)); _12 <- any borrowed uint32; _13 <- any borrowed (IncSome2Tree_Tree_Type.t_tree); assume { resolve2 _14 }; @@ -262,7 +264,7 @@ module IncSome2Tree_Impl0_TakeSomeRest } BB11 { assume { resolve0 ma }; - _17 <- ([#"../inc_some_2_tree.rs" 73 26 73 34] random0 ()); + [#"../inc_some_2_tree.rs" 73 26 73 34] _17 <- ([#"../inc_some_2_tree.rs" 73 26 73 34] random0 ()); goto BB12 } BB12 { @@ -273,9 +275,9 @@ module IncSome2Tree_Impl0_TakeSomeRest } BB13 { assume { resolve1 mtr }; - _18 <- Borrow.borrow_mut ( * mtl); - mtl <- { mtl with current = ^ _18 }; - _0 <- ([#"../inc_some_2_tree.rs" 74 20 74 40] take_some_rest _18); + [#"../inc_some_2_tree.rs" 74 20 74 40] _18 <- Borrow.borrow_mut ( * mtl); + [#"../inc_some_2_tree.rs" 74 20 74 40] mtl <- { mtl with current = ^ _18 }; + [#"../inc_some_2_tree.rs" 74 20 74 40] _0 <- ([#"../inc_some_2_tree.rs" 74 20 74 40] take_some_rest _18); _18 <- any borrowed (IncSome2Tree_Tree_Type.t_tree); goto BB14 } @@ -284,9 +286,9 @@ module IncSome2Tree_Impl0_TakeSomeRest } BB15 { assume { resolve1 mtl }; - _19 <- Borrow.borrow_mut ( * mtr); - mtr <- { mtr with current = ^ _19 }; - _0 <- ([#"../inc_some_2_tree.rs" 76 20 76 40] take_some_rest _19); + [#"../inc_some_2_tree.rs" 76 20 76 40] _19 <- Borrow.borrow_mut ( * mtr); + [#"../inc_some_2_tree.rs" 76 20 76 40] mtr <- { mtr with current = ^ _19 }; + [#"../inc_some_2_tree.rs" 76 20 76 40] _0 <- ([#"../inc_some_2_tree.rs" 76 20 76 40] take_some_rest _19); _19 <- any borrowed (IncSome2Tree_Tree_Type.t_tree); goto BB16 } @@ -379,51 +381,52 @@ module IncSome2Tree_IncSome2Tree goto BB1 } BB1 { - sum0 <- ([#"../inc_some_2_tree.rs" 86 15 86 24] sum_x0 ([#"../inc_some_2_tree.rs" 86 15 86 24] t)); + [#"../inc_some_2_tree.rs" 86 15 86 24] sum0 <- ([#"../inc_some_2_tree.rs" 86 15 86 24] sum_x0 ([#"../inc_some_2_tree.rs" 86 15 86 24] t)); goto BB2 } BB2 { - _10 <- Borrow.borrow_mut t; - t <- ^ _10; - _9 <- ([#"../inc_some_2_tree.rs" 87 19 87 37] take_some_rest0 _10); + [#"../inc_some_2_tree.rs" 87 19 87 37] _10 <- Borrow.borrow_mut t; + [#"../inc_some_2_tree.rs" 87 19 87 37] t <- ^ _10; + [#"../inc_some_2_tree.rs" 87 19 87 37] _9 <- ([#"../inc_some_2_tree.rs" 87 19 87 37] take_some_rest0 _10); _10 <- any borrowed (IncSome2Tree_Tree_Type.t_tree); goto BB3 } BB3 { - ma <- (let (a, _) = _9 in a); - _9 <- (let (x0, x1) = _9 in (any borrowed uint32, x1)); - mt <- (let (_, a) = _9 in a); - _9 <- (let (x0, x1) = _9 in (x0, any borrowed (IncSome2Tree_Tree_Type.t_tree))); + [#"../inc_some_2_tree.rs" 87 9 87 11] ma <- ([#"../inc_some_2_tree.rs" 87 9 87 11] let (a, _) = _9 in a); + [#"../inc_some_2_tree.rs" 87 9 87 11] _9 <- (let (x0, x1) = _9 in (any borrowed uint32, x1)); + [#"../inc_some_2_tree.rs" 87 13 87 15] mt <- ([#"../inc_some_2_tree.rs" 87 13 87 15] let (_, a) = _9 in a); + [#"../inc_some_2_tree.rs" 87 13 87 15] _9 <- (let (x0, x1) = _9 in (x0, any borrowed (IncSome2Tree_Tree_Type.t_tree))); assume { resolve0 _9 }; - _13 <- Borrow.borrow_mut ( * mt); - mt <- { mt with current = ^ _13 }; - _12 <- ([#"../inc_some_2_tree.rs" 88 18 88 37] take_some_rest0 _13); + [#"../inc_some_2_tree.rs" 88 18 88 37] _13 <- Borrow.borrow_mut ( * mt); + [#"../inc_some_2_tree.rs" 88 18 88 37] mt <- { mt with current = ^ _13 }; + [#"../inc_some_2_tree.rs" 88 18 88 37] _12 <- ([#"../inc_some_2_tree.rs" 88 18 88 37] take_some_rest0 _13); _13 <- any borrowed (IncSome2Tree_Tree_Type.t_tree); goto BB4 } BB4 { - mb <- (let (a, _) = _12 in a); - _12 <- (let (x0, x1) = _12 in (any borrowed uint32, x1)); + [#"../inc_some_2_tree.rs" 88 9 88 11] mb <- ([#"../inc_some_2_tree.rs" 88 9 88 11] let (a, _) = _12 in a); + [#"../inc_some_2_tree.rs" 88 9 88 11] _12 <- (let (x0, x1) = _12 in (any borrowed uint32, x1)); assume { resolve0 _12 }; - ma <- { ma with current = ([#"../inc_some_2_tree.rs" 89 4 89 12] * ma + j) }; + [#"../inc_some_2_tree.rs" 89 4 89 12] ma <- { ma with current = ([#"../inc_some_2_tree.rs" 89 4 89 12] * ma + ([#"../inc_some_2_tree.rs" 89 11 89 12] j)) }; assume { resolve1 ma }; - mb <- { mb with current = ([#"../inc_some_2_tree.rs" 90 4 90 12] * mb + k) }; + [#"../inc_some_2_tree.rs" 90 4 90 12] mb <- { mb with current = ([#"../inc_some_2_tree.rs" 90 4 90 12] * mb + ([#"../inc_some_2_tree.rs" 90 11 90 12] k)) }; assume { resolve1 mb }; assume { resolve2 mt }; - _19 <- ([#"../inc_some_2_tree.rs" 91 12 91 21] sum_x0 ([#"../inc_some_2_tree.rs" 91 12 91 21] t)); + [#"../inc_some_2_tree.rs" 91 12 91 21] _19 <- ([#"../inc_some_2_tree.rs" 91 12 91 21] sum_x0 ([#"../inc_some_2_tree.rs" 91 12 91 21] t)); goto BB5 } BB5 { - switch ([#"../inc_some_2_tree.rs" 91 4 91 38] not ([#"../inc_some_2_tree.rs" 91 12 91 37] _19 = ([#"../inc_some_2_tree.rs" 91 25 91 37] ([#"../inc_some_2_tree.rs" 91 25 91 33] sum0 + j) + k))) + switch ([#"../inc_some_2_tree.rs" 91 4 91 38] not ([#"../inc_some_2_tree.rs" 91 12 91 37] _19 = ([#"../inc_some_2_tree.rs" 91 25 91 37] ([#"../inc_some_2_tree.rs" 91 25 91 33] ([#"../inc_some_2_tree.rs" 91 25 91 29] sum0) + ([#"../inc_some_2_tree.rs" 91 32 91 33] j)) + ([#"../inc_some_2_tree.rs" 91 36 91 37] k)))) | False -> goto BB7 | True -> goto BB6 end } BB6 { + assert { [#"../inc_some_2_tree.rs" 91 4 91 38] false }; absurd } BB7 { - _0 <- ([#"../inc_some_2_tree.rs" 85 52 92 1] ()); + [#"../inc_some_2_tree.rs" 85 52 92 1] _0 <- ([#"../inc_some_2_tree.rs" 85 52 92 1] ()); goto BB8 } BB8 { diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_2_tree/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_some_2_tree/why3shapes.gz index 4e1e7dfc4d..2a615417f7 100644 Binary files a/creusot/tests/should_succeed/rusthorn/inc_some_2_tree/why3shapes.gz and b/creusot/tests/should_succeed/rusthorn/inc_some_2_tree/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_list.mlcfg b/creusot/tests/should_succeed/rusthorn/inc_some_list.mlcfg index d9a25a3e46..3b75bf0e0a 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_list.mlcfg +++ b/creusot/tests/should_succeed/rusthorn/inc_some_list.mlcfg @@ -77,20 +77,21 @@ module IncSomeList_Impl0_SumX goto BB4 } BB2 { - _0 <- ([#"../inc_some_list.rs" 45 19 45 20] [#"../inc_some_list.rs" 45 19 45 20] (0 : uint32)); + [#"../inc_some_list.rs" 45 19 45 20] _0 <- ([#"../inc_some_list.rs" 45 19 45 20] [#"../inc_some_list.rs" 45 19 45 20] (0 : uint32)); goto BB6 } BB3 { + assert { [#"../inc_some_list.rs" 43 14 43 18] false }; absurd } BB4 { - a <- ([#"../inc_some_list.rs" 44 17 44 18] IncSomeList_List_Type.cons_0 self); - l <- ([#"../inc_some_list.rs" 44 20 44 21] IncSomeList_List_Type.cons_1 self); - _8 <- ([#"../inc_some_list.rs" 44 31 44 40] sum_x ([#"../inc_some_list.rs" 44 31 44 40] l)); + [#"../inc_some_list.rs" 44 17 44 18] a <- ([#"../inc_some_list.rs" 44 17 44 18] IncSomeList_List_Type.cons_0 self); + [#"../inc_some_list.rs" 44 20 44 21] l <- ([#"../inc_some_list.rs" 44 20 44 21] IncSomeList_List_Type.cons_1 self); + [#"../inc_some_list.rs" 44 31 44 40] _8 <- ([#"../inc_some_list.rs" 44 31 44 40] sum_x ([#"../inc_some_list.rs" 44 31 44 40] l)); goto BB5 } BB5 { - _0 <- ([#"../inc_some_list.rs" 44 26 44 40] a + _8); + [#"../inc_some_list.rs" 44 26 44 40] _0 <- ([#"../inc_some_list.rs" 44 26 44 40] ([#"../inc_some_list.rs" 44 26 44 28] a) + _8); _8 <- any uint32; goto BB6 } @@ -182,18 +183,19 @@ module IncSomeList_Impl0_TakeSome } BB3 { assume { resolve2 self }; + assert { [#"../inc_some_list.rs" 52 14 52 18] false }; absurd } BB4 { - ma <- Borrow.borrow_mut (IncSomeList_List_Type.cons_0 ( * self)); - self <- { self with current = (let IncSomeList_List_Type.C_Cons x0 x1 = * self in IncSomeList_List_Type.C_Cons ( ^ ma) x1) }; - ml <- Borrow.borrow_mut (IncSomeList_List_Type.cons_1 ( * self)); - self <- { self with current = (let IncSomeList_List_Type.C_Cons x0 x1 = * self in IncSomeList_List_Type.C_Cons x0 ( ^ ml)) }; - _10 <- ([#"../inc_some_list.rs" 54 16 54 45] Ghost.new (lemma_sum_nonneg0 ( * ml))); + [#"../inc_some_list.rs" 53 17 53 19] ma <- Borrow.borrow_mut (IncSomeList_List_Type.cons_0 ( * self)); + [#"../inc_some_list.rs" 53 17 53 19] self <- { self with current = (let IncSomeList_List_Type.C_Cons x0 x1 = * self in IncSomeList_List_Type.C_Cons ( ^ ma) x1) }; + [#"../inc_some_list.rs" 53 21 53 23] ml <- Borrow.borrow_mut (IncSomeList_List_Type.cons_1 ( * self)); + [#"../inc_some_list.rs" 53 21 53 23] self <- { self with current = (let IncSomeList_List_Type.C_Cons x0 x1 = * self in IncSomeList_List_Type.C_Cons x0 ( ^ ml)) }; + [#"../inc_some_list.rs" 54 16 54 45] _10 <- ([#"../inc_some_list.rs" 54 16 54 45] Ghost.new (lemma_sum_nonneg0 ( * ml))); goto BB5 } BB5 { - _13 <- ([#"../inc_some_list.rs" 55 19 55 27] random0 ()); + [#"../inc_some_list.rs" 55 19 55 27] _13 <- ([#"../inc_some_list.rs" 55 19 55 27] random0 ()); goto BB6 } BB6 { @@ -204,40 +206,40 @@ module IncSomeList_Impl0_TakeSome } BB7 { assume { resolve1 ml }; - _14 <- Borrow.borrow_mut ( * ma); - ma <- { ma with current = ^ _14 }; - _12 <- Borrow.borrow_mut ( * _14); - _14 <- { _14 with current = ^ _12 }; + [#"../inc_some_list.rs" 56 20 56 22] _14 <- Borrow.borrow_mut ( * ma); + [#"../inc_some_list.rs" 56 20 56 22] ma <- { ma with current = ^ _14 }; + [#"../inc_some_list.rs" 56 20 56 22] _12 <- Borrow.borrow_mut ( * _14); + [#"../inc_some_list.rs" 56 20 56 22] _14 <- { _14 with current = ^ _12 }; assume { resolve0 _14 }; goto BB10 } BB8 { assume { resolve0 ma }; - _16 <- Borrow.borrow_mut ( * ml); - ml <- { ml with current = ^ _16 }; - _15 <- ([#"../inc_some_list.rs" 58 20 58 34] take_some _16); + [#"../inc_some_list.rs" 58 20 58 34] _16 <- Borrow.borrow_mut ( * ml); + [#"../inc_some_list.rs" 58 20 58 34] ml <- { ml with current = ^ _16 }; + [#"../inc_some_list.rs" 58 20 58 34] _15 <- ([#"../inc_some_list.rs" 58 20 58 34] take_some _16); _16 <- any borrowed (IncSomeList_List_Type.t_list); goto BB9 } BB9 { - _12 <- Borrow.borrow_mut ( * _15); - _15 <- { _15 with current = ^ _12 }; + [#"../inc_some_list.rs" 58 20 58 34] _12 <- Borrow.borrow_mut ( * _15); + [#"../inc_some_list.rs" 58 20 58 34] _15 <- { _15 with current = ^ _12 }; assume { resolve0 _15 }; goto BB10 } BB10 { - _9 <- Borrow.borrow_mut ( * _12); - _12 <- { _12 with current = ^ _9 }; - _5 <- Borrow.borrow_mut ( * _9); - _9 <- { _9 with current = ^ _5 }; + [#"../inc_some_list.rs" 55 16 59 17] _9 <- Borrow.borrow_mut ( * _12); + [#"../inc_some_list.rs" 55 16 59 17] _12 <- { _12 with current = ^ _9 }; + [#"../inc_some_list.rs" 55 16 59 17] _5 <- Borrow.borrow_mut ( * _9); + [#"../inc_some_list.rs" 55 16 59 17] _9 <- { _9 with current = ^ _5 }; assume { resolve0 _12 }; assume { resolve0 _9 }; assume { resolve1 ml }; assume { resolve0 ma }; - _2 <- Borrow.borrow_mut ( * _5); - _5 <- { _5 with current = ^ _2 }; - _0 <- Borrow.borrow_mut ( * _2); - _2 <- { _2 with current = ^ _0 }; + [#"../inc_some_list.rs" 52 8 62 9] _2 <- Borrow.borrow_mut ( * _5); + [#"../inc_some_list.rs" 52 8 62 9] _5 <- { _5 with current = ^ _2 }; + [#"../inc_some_list.rs" 52 8 62 9] _0 <- Borrow.borrow_mut ( * _2); + [#"../inc_some_list.rs" 52 8 62 9] _2 <- { _2 with current = ^ _0 }; assume { resolve0 _5 }; assume { resolve0 _2 }; assume { resolve2 self }; @@ -302,33 +304,34 @@ module IncSomeList_IncSomeList goto BB1 } BB1 { - sum0 <- ([#"../inc_some_list.rs" 68 15 68 24] sum_x0 ([#"../inc_some_list.rs" 68 15 68 24] l)); + [#"../inc_some_list.rs" 68 15 68 24] sum0 <- ([#"../inc_some_list.rs" 68 15 68 24] sum_x0 ([#"../inc_some_list.rs" 68 15 68 24] l)); goto BB2 } BB2 { - _7 <- Borrow.borrow_mut l; - l <- ^ _7; - ma <- ([#"../inc_some_list.rs" 69 13 69 26] take_some0 _7); + [#"../inc_some_list.rs" 69 13 69 26] _7 <- Borrow.borrow_mut l; + [#"../inc_some_list.rs" 69 13 69 26] l <- ^ _7; + [#"../inc_some_list.rs" 69 13 69 26] ma <- ([#"../inc_some_list.rs" 69 13 69 26] take_some0 _7); _7 <- any borrowed (IncSomeList_List_Type.t_list); goto BB3 } BB3 { - ma <- { ma with current = ([#"../inc_some_list.rs" 70 4 70 12] * ma + k) }; + [#"../inc_some_list.rs" 70 4 70 12] ma <- { ma with current = ([#"../inc_some_list.rs" 70 4 70 12] * ma + ([#"../inc_some_list.rs" 70 11 70 12] k)) }; assume { resolve0 ma }; - _12 <- ([#"../inc_some_list.rs" 71 12 71 21] sum_x0 ([#"../inc_some_list.rs" 71 12 71 21] l)); + [#"../inc_some_list.rs" 71 12 71 21] _12 <- ([#"../inc_some_list.rs" 71 12 71 21] sum_x0 ([#"../inc_some_list.rs" 71 12 71 21] l)); goto BB4 } BB4 { - switch ([#"../inc_some_list.rs" 71 4 71 34] not ([#"../inc_some_list.rs" 71 12 71 33] _12 = ([#"../inc_some_list.rs" 71 25 71 33] sum0 + k))) + switch ([#"../inc_some_list.rs" 71 4 71 34] not ([#"../inc_some_list.rs" 71 12 71 33] _12 = ([#"../inc_some_list.rs" 71 25 71 33] ([#"../inc_some_list.rs" 71 25 71 29] sum0) + ([#"../inc_some_list.rs" 71 32 71 33] k)))) | False -> goto BB6 | True -> goto BB5 end } BB5 { + assert { [#"../inc_some_list.rs" 71 4 71 34] false }; absurd } BB6 { - _0 <- ([#"../inc_some_list.rs" 67 42 72 1] ()); + [#"../inc_some_list.rs" 67 42 72 1] _0 <- ([#"../inc_some_list.rs" 67 42 72 1] ()); goto BB7 } BB7 { diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_list/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_some_list/why3shapes.gz index 554d0e9da7..c1942438e5 100644 Binary files a/creusot/tests/should_succeed/rusthorn/inc_some_list/why3shapes.gz and b/creusot/tests/should_succeed/rusthorn/inc_some_list/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_tree.mlcfg b/creusot/tests/should_succeed/rusthorn/inc_some_tree.mlcfg index ba4f7f5982..a8ff031855 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_some_tree.mlcfg +++ b/creusot/tests/should_succeed/rusthorn/inc_some_tree.mlcfg @@ -93,26 +93,27 @@ module IncSomeTree_Impl0_SumX goto BB4 } BB2 { - _0 <- ([#"../inc_some_tree.rs" 55 20 55 21] [#"../inc_some_tree.rs" 55 20 55 21] (0 : uint32)); + [#"../inc_some_tree.rs" 55 20 55 21] _0 <- ([#"../inc_some_tree.rs" 55 20 55 21] [#"../inc_some_tree.rs" 55 20 55 21] (0 : uint32)); goto BB7 } BB3 { + assert { [#"../inc_some_tree.rs" 46 14 46 18] false }; absurd } BB4 { - tl <- ([#"../inc_some_tree.rs" 47 17 47 19] IncSomeTree_Tree_Type.node_0 self); - a <- ([#"../inc_some_tree.rs" 47 21 47 22] IncSomeTree_Tree_Type.node_1 self); - tr <- ([#"../inc_some_tree.rs" 47 24 47 26] IncSomeTree_Tree_Type.node_2 self); + [#"../inc_some_tree.rs" 47 17 47 19] tl <- ([#"../inc_some_tree.rs" 47 17 47 19] IncSomeTree_Tree_Type.node_0 self); + [#"../inc_some_tree.rs" 47 21 47 22] a <- ([#"../inc_some_tree.rs" 47 21 47 22] IncSomeTree_Tree_Type.node_1 self); + [#"../inc_some_tree.rs" 47 24 47 26] tr <- ([#"../inc_some_tree.rs" 47 24 47 26] IncSomeTree_Tree_Type.node_2 self); assert { [@expl:assertion] [#"../inc_some_tree.rs" 49 20 49 41] let _ = lemma_sum_nonneg0 tl in let _ = lemma_sum_nonneg0 tr in true }; - _11 <- ([#"../inc_some_tree.rs" 53 16 53 26] sum_x ([#"../inc_some_tree.rs" 53 16 53 26] tl)); + [#"../inc_some_tree.rs" 53 16 53 26] _11 <- ([#"../inc_some_tree.rs" 53 16 53 26] sum_x ([#"../inc_some_tree.rs" 53 16 53 26] tl)); goto BB5 } BB5 { - _14 <- ([#"../inc_some_tree.rs" 53 34 53 44] sum_x ([#"../inc_some_tree.rs" 53 34 53 44] tr)); + [#"../inc_some_tree.rs" 53 34 53 44] _14 <- ([#"../inc_some_tree.rs" 53 34 53 44] sum_x ([#"../inc_some_tree.rs" 53 34 53 44] tr)); goto BB6 } BB6 { - _0 <- ([#"../inc_some_tree.rs" 53 16 53 44] ([#"../inc_some_tree.rs" 53 16 53 31] _11 + a) + _14); + [#"../inc_some_tree.rs" 53 16 53 44] _0 <- ([#"../inc_some_tree.rs" 53 16 53 44] ([#"../inc_some_tree.rs" 53 16 53 31] _11 + ([#"../inc_some_tree.rs" 53 29 53 31] a)) + _14); _11 <- any uint32; _14 <- any uint32; goto BB7 @@ -207,17 +208,18 @@ module IncSomeTree_Impl0_TakeSome } BB3 { assume { resolve2 self }; + assert { [#"../inc_some_tree.rs" 62 14 62 18] false }; absurd } BB4 { - mtl <- Borrow.borrow_mut (IncSomeTree_Tree_Type.node_0 ( * self)); - self <- { self with current = (let IncSomeTree_Tree_Type.C_Node x0 x1 x2 = * self in IncSomeTree_Tree_Type.C_Node ( ^ mtl) x1 x2) }; - ma <- Borrow.borrow_mut (IncSomeTree_Tree_Type.node_1 ( * self)); - self <- { self with current = (let IncSomeTree_Tree_Type.C_Node x0 x1 x2 = * self in IncSomeTree_Tree_Type.C_Node x0 ( ^ ma) x2) }; - mtr <- Borrow.borrow_mut (IncSomeTree_Tree_Type.node_2 ( * self)); - self <- { self with current = (let IncSomeTree_Tree_Type.C_Node x0 x1 x2 = * self in IncSomeTree_Tree_Type.C_Node x0 x1 ( ^ mtr)) }; + [#"../inc_some_tree.rs" 63 17 63 20] mtl <- Borrow.borrow_mut (IncSomeTree_Tree_Type.node_0 ( * self)); + [#"../inc_some_tree.rs" 63 17 63 20] self <- { self with current = (let IncSomeTree_Tree_Type.C_Node x0 x1 x2 = * self in IncSomeTree_Tree_Type.C_Node ( ^ mtl) x1 x2) }; + [#"../inc_some_tree.rs" 63 22 63 24] ma <- Borrow.borrow_mut (IncSomeTree_Tree_Type.node_1 ( * self)); + [#"../inc_some_tree.rs" 63 22 63 24] self <- { self with current = (let IncSomeTree_Tree_Type.C_Node x0 x1 x2 = * self in IncSomeTree_Tree_Type.C_Node x0 ( ^ ma) x2) }; + [#"../inc_some_tree.rs" 63 26 63 29] mtr <- Borrow.borrow_mut (IncSomeTree_Tree_Type.node_2 ( * self)); + [#"../inc_some_tree.rs" 63 26 63 29] self <- { self with current = (let IncSomeTree_Tree_Type.C_Node x0 x1 x2 = * self in IncSomeTree_Tree_Type.C_Node x0 x1 ( ^ mtr)) }; assert { [@expl:assertion] [#"../inc_some_tree.rs" 65 20 65 42] let _ = lemma_sum_nonneg0 ( * mtl) in let _ = lemma_sum_nonneg0 ( * mtr) in true }; - _14 <- ([#"../inc_some_tree.rs" 69 19 69 27] random0 ()); + [#"../inc_some_tree.rs" 69 19 69 27] _14 <- ([#"../inc_some_tree.rs" 69 19 69 27] random0 ()); goto BB5 } BB5 { @@ -229,16 +231,16 @@ module IncSomeTree_Impl0_TakeSome BB6 { assume { resolve1 mtr }; assume { resolve1 mtl }; - _15 <- Borrow.borrow_mut ( * ma); - ma <- { ma with current = ^ _15 }; - _13 <- Borrow.borrow_mut ( * _15); - _15 <- { _15 with current = ^ _13 }; + [#"../inc_some_tree.rs" 70 20 70 22] _15 <- Borrow.borrow_mut ( * ma); + [#"../inc_some_tree.rs" 70 20 70 22] ma <- { ma with current = ^ _15 }; + [#"../inc_some_tree.rs" 70 20 70 22] _13 <- Borrow.borrow_mut ( * _15); + [#"../inc_some_tree.rs" 70 20 70 22] _15 <- { _15 with current = ^ _13 }; assume { resolve0 _15 }; goto BB14 } BB7 { assume { resolve0 ma }; - _16 <- ([#"../inc_some_tree.rs" 71 26 71 34] random0 ()); + [#"../inc_some_tree.rs" 71 26 71 34] _16 <- ([#"../inc_some_tree.rs" 71 26 71 34] random0 ()); goto BB8 } BB8 { @@ -249,32 +251,32 @@ module IncSomeTree_Impl0_TakeSome } BB9 { assume { resolve1 mtr }; - _19 <- Borrow.borrow_mut ( * mtl); - mtl <- { mtl with current = ^ _19 }; - _18 <- ([#"../inc_some_tree.rs" 72 20 72 35] take_some _19); + [#"../inc_some_tree.rs" 72 20 72 35] _19 <- Borrow.borrow_mut ( * mtl); + [#"../inc_some_tree.rs" 72 20 72 35] mtl <- { mtl with current = ^ _19 }; + [#"../inc_some_tree.rs" 72 20 72 35] _18 <- ([#"../inc_some_tree.rs" 72 20 72 35] take_some _19); _19 <- any borrowed (IncSomeTree_Tree_Type.t_tree); goto BB10 } BB10 { - _17 <- Borrow.borrow_mut ( * _18); - _18 <- { _18 with current = ^ _17 }; - _13 <- Borrow.borrow_mut ( * _17); - _17 <- { _17 with current = ^ _13 }; + [#"../inc_some_tree.rs" 72 20 72 35] _17 <- Borrow.borrow_mut ( * _18); + [#"../inc_some_tree.rs" 72 20 72 35] _18 <- { _18 with current = ^ _17 }; + [#"../inc_some_tree.rs" 72 20 72 35] _13 <- Borrow.borrow_mut ( * _17); + [#"../inc_some_tree.rs" 72 20 72 35] _17 <- { _17 with current = ^ _13 }; assume { resolve0 _18 }; assume { resolve0 _17 }; goto BB13 } BB11 { assume { resolve1 mtl }; - _21 <- Borrow.borrow_mut ( * mtr); - mtr <- { mtr with current = ^ _21 }; - _20 <- ([#"../inc_some_tree.rs" 74 20 74 35] take_some _21); + [#"../inc_some_tree.rs" 74 20 74 35] _21 <- Borrow.borrow_mut ( * mtr); + [#"../inc_some_tree.rs" 74 20 74 35] mtr <- { mtr with current = ^ _21 }; + [#"../inc_some_tree.rs" 74 20 74 35] _20 <- ([#"../inc_some_tree.rs" 74 20 74 35] take_some _21); _21 <- any borrowed (IncSomeTree_Tree_Type.t_tree); goto BB12 } BB12 { - _13 <- Borrow.borrow_mut ( * _20); - _20 <- { _20 with current = ^ _13 }; + [#"../inc_some_tree.rs" 74 20 74 35] _13 <- Borrow.borrow_mut ( * _20); + [#"../inc_some_tree.rs" 74 20 74 35] _20 <- { _20 with current = ^ _13 }; assume { resolve0 _20 }; goto BB13 } @@ -282,19 +284,19 @@ module IncSomeTree_Impl0_TakeSome goto BB14 } BB14 { - _10 <- Borrow.borrow_mut ( * _13); - _13 <- { _13 with current = ^ _10 }; - _5 <- Borrow.borrow_mut ( * _10); - _10 <- { _10 with current = ^ _5 }; + [#"../inc_some_tree.rs" 69 16 75 17] _10 <- Borrow.borrow_mut ( * _13); + [#"../inc_some_tree.rs" 69 16 75 17] _13 <- { _13 with current = ^ _10 }; + [#"../inc_some_tree.rs" 69 16 75 17] _5 <- Borrow.borrow_mut ( * _10); + [#"../inc_some_tree.rs" 69 16 75 17] _10 <- { _10 with current = ^ _5 }; assume { resolve0 _13 }; assume { resolve0 _10 }; assume { resolve1 mtr }; assume { resolve0 ma }; assume { resolve1 mtl }; - _2 <- Borrow.borrow_mut ( * _5); - _5 <- { _5 with current = ^ _2 }; - _0 <- Borrow.borrow_mut ( * _2); - _2 <- { _2 with current = ^ _0 }; + [#"../inc_some_tree.rs" 62 8 78 9] _2 <- Borrow.borrow_mut ( * _5); + [#"../inc_some_tree.rs" 62 8 78 9] _5 <- { _5 with current = ^ _2 }; + [#"../inc_some_tree.rs" 62 8 78 9] _0 <- Borrow.borrow_mut ( * _2); + [#"../inc_some_tree.rs" 62 8 78 9] _2 <- { _2 with current = ^ _0 }; assume { resolve0 _5 }; assume { resolve0 _2 }; assume { resolve2 self }; @@ -359,33 +361,34 @@ module IncSomeTree_IncSomeTree goto BB1 } BB1 { - sum0 <- ([#"../inc_some_tree.rs" 84 15 84 24] sum_x0 ([#"../inc_some_tree.rs" 84 15 84 24] t)); + [#"../inc_some_tree.rs" 84 15 84 24] sum0 <- ([#"../inc_some_tree.rs" 84 15 84 24] sum_x0 ([#"../inc_some_tree.rs" 84 15 84 24] t)); goto BB2 } BB2 { - _7 <- Borrow.borrow_mut t; - t <- ^ _7; - ma <- ([#"../inc_some_tree.rs" 85 13 85 26] take_some0 _7); + [#"../inc_some_tree.rs" 85 13 85 26] _7 <- Borrow.borrow_mut t; + [#"../inc_some_tree.rs" 85 13 85 26] t <- ^ _7; + [#"../inc_some_tree.rs" 85 13 85 26] ma <- ([#"../inc_some_tree.rs" 85 13 85 26] take_some0 _7); _7 <- any borrowed (IncSomeTree_Tree_Type.t_tree); goto BB3 } BB3 { - ma <- { ma with current = ([#"../inc_some_tree.rs" 86 4 86 12] * ma + k) }; + [#"../inc_some_tree.rs" 86 4 86 12] ma <- { ma with current = ([#"../inc_some_tree.rs" 86 4 86 12] * ma + ([#"../inc_some_tree.rs" 86 11 86 12] k)) }; assume { resolve0 ma }; - _12 <- ([#"../inc_some_tree.rs" 87 12 87 21] sum_x0 ([#"../inc_some_tree.rs" 87 12 87 21] t)); + [#"../inc_some_tree.rs" 87 12 87 21] _12 <- ([#"../inc_some_tree.rs" 87 12 87 21] sum_x0 ([#"../inc_some_tree.rs" 87 12 87 21] t)); goto BB4 } BB4 { - switch ([#"../inc_some_tree.rs" 87 4 87 34] not ([#"../inc_some_tree.rs" 87 12 87 33] _12 = ([#"../inc_some_tree.rs" 87 25 87 33] sum0 + k))) + switch ([#"../inc_some_tree.rs" 87 4 87 34] not ([#"../inc_some_tree.rs" 87 12 87 33] _12 = ([#"../inc_some_tree.rs" 87 25 87 33] ([#"../inc_some_tree.rs" 87 25 87 29] sum0) + ([#"../inc_some_tree.rs" 87 32 87 33] k)))) | False -> goto BB6 | True -> goto BB5 end } BB5 { + assert { [#"../inc_some_tree.rs" 87 4 87 34] false }; absurd } BB6 { - _0 <- ([#"../inc_some_tree.rs" 83 42 88 1] ()); + [#"../inc_some_tree.rs" 83 42 88 1] _0 <- ([#"../inc_some_tree.rs" 83 42 88 1] ()); goto BB7 } BB7 { diff --git a/creusot/tests/should_succeed/rusthorn/inc_some_tree/why3shapes.gz b/creusot/tests/should_succeed/rusthorn/inc_some_tree/why3shapes.gz index 124754126f..cd90effd96 100644 Binary files a/creusot/tests/should_succeed/rusthorn/inc_some_tree/why3shapes.gz and b/creusot/tests/should_succeed/rusthorn/inc_some_tree/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/selection_sort_generic.mlcfg b/creusot/tests/should_succeed/selection_sort_generic.mlcfg index ba3ec1114c..4d3cc5231a 100644 --- a/creusot/tests/should_succeed/selection_sort_generic.mlcfg +++ b/creusot/tests/should_succeed/selection_sort_generic.mlcfg @@ -80,7 +80,7 @@ module SelectionSortGeneric_SelectionSort val inv14 (_x : deep_model_ty0) : bool ensures { result = inv14 _x } - axiom inv14 : [#"../selection_sort_generic.rs" 1 0 1 0] forall x : deep_model_ty0 . inv14 x = true + axiom inv14 : forall x : deep_model_ty0 . inv14 x = true use prelude.UIntSize use seq.Seq predicate invariant13 (self : Seq.seq usize) = @@ -92,7 +92,7 @@ module SelectionSortGeneric_SelectionSort val inv13 (_x : Seq.seq usize) : bool ensures { result = inv13 _x } - axiom inv13 : [#"../selection_sort_generic.rs" 1 0 1 0] forall x : Seq.seq usize . inv13 x = true + axiom inv13 : forall x : Seq.seq usize . inv13 x = true predicate invariant12 (self : Seq.seq t) val invariant12 (self : Seq.seq t) : bool ensures { result = invariant12 self } @@ -101,7 +101,7 @@ module SelectionSortGeneric_SelectionSort val inv12 (_x : Seq.seq t) : bool ensures { result = inv12 _x } - axiom inv12 : [#"../selection_sort_generic.rs" 1 0 1 0] forall x : Seq.seq t . inv12 x = true + axiom inv12 : forall x : Seq.seq t . inv12 x = true predicate invariant11 (self : Seq.seq deep_model_ty0) val invariant11 (self : Seq.seq deep_model_ty0) : bool ensures { result = invariant11 self } @@ -110,7 +110,7 @@ module SelectionSortGeneric_SelectionSort val inv11 (_x : Seq.seq deep_model_ty0) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../selection_sort_generic.rs" 1 0 1 0] forall x : Seq.seq deep_model_ty0 . inv11 x = true + axiom inv11 : forall x : Seq.seq deep_model_ty0 . inv11 x = true predicate invariant10 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant10 (self : usize) : bool @@ -120,7 +120,7 @@ module SelectionSortGeneric_SelectionSort val inv10 (_x : usize) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../selection_sort_generic.rs" 1 0 1 0] forall x : usize . inv10 x = true + axiom inv10 : forall x : usize . inv10 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant9 (self : Core_Option_Option_Type.t_option usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -131,7 +131,7 @@ module SelectionSortGeneric_SelectionSort val inv9 (_x : Core_Option_Option_Type.t_option usize) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../selection_sort_generic.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option usize . inv9 x = true + axiom inv9 : forall x : Core_Option_Option_Type.t_option usize . inv9 x = true use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type use prelude.Borrow predicate invariant8 (self : borrowed (Core_Ops_Range_Range_Type.t_range usize)) = @@ -143,7 +143,7 @@ module SelectionSortGeneric_SelectionSort val inv8 (_x : borrowed (Core_Ops_Range_Range_Type.t_range usize)) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../selection_sort_generic.rs" 1 0 1 0] forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv8 x = true + axiom inv8 : forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv8 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type predicate invariant7 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) @@ -154,7 +154,7 @@ module SelectionSortGeneric_SelectionSort val inv7 (_x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../selection_sort_generic.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv7 x = true + axiom inv7 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv7 x = true predicate invariant6 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) val invariant6 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = invariant6 self } @@ -163,7 +163,7 @@ module SelectionSortGeneric_SelectionSort val inv6 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../selection_sort_generic.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv6 x = true + axiom inv6 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv6 x = true use prelude.Slice predicate invariant5 (self : borrowed (slice t)) val invariant5 (self : borrowed (slice t)) : bool @@ -173,7 +173,7 @@ module SelectionSortGeneric_SelectionSort val inv5 (_x : borrowed (slice t)) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../selection_sort_generic.rs" 1 0 1 0] forall x : borrowed (slice t) . inv5 x = true + axiom inv5 : forall x : borrowed (slice t) . inv5 x = true predicate invariant4 (self : slice t) val invariant4 (self : slice t) : bool ensures { result = invariant4 self } @@ -182,7 +182,7 @@ module SelectionSortGeneric_SelectionSort val inv4 (_x : slice t) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../selection_sort_generic.rs" 1 0 1 0] forall x : slice t . inv4 x = true + axiom inv4 : forall x : slice t . inv4 x = true use prelude.Int use prelude.UIntSize let constant max0 : usize = [@vc:do_not_keep_trace] [@vc:sp] @@ -203,7 +203,7 @@ module SelectionSortGeneric_SelectionSort val invariant3 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../selection_sort_generic.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv3 x = true + axiom inv3 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv3 x = true predicate invariant2 (self : t) val invariant2 (self : t) : bool ensures { result = invariant2 self } @@ -212,7 +212,7 @@ module SelectionSortGeneric_SelectionSort val inv2 (_x : t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../selection_sort_generic.rs" 1 0 1 0] forall x : t . inv2 x = true + axiom inv2 : forall x : t . inv2 x = true use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type function cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering val cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering @@ -347,7 +347,7 @@ module SelectionSortGeneric_SelectionSort val invariant1 (self : Core_Ops_Range_Range_Type.t_range usize) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../selection_sort_generic.rs" 1 0 1 0] forall x : Core_Ops_Range_Range_Type.t_range usize . inv1 x = true + axiom inv1 : forall x : Core_Ops_Range_Range_Type.t_range usize . inv1 x = true use prelude.Ghost predicate invariant0 (self : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)))) @@ -358,7 +358,7 @@ module SelectionSortGeneric_SelectionSort val inv0 (_x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../selection_sort_generic.rs" 1 0 1 0] forall x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) . inv0 x = true + axiom inv0 : forall x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) . inv0 x = true use seq.Seq predicate sorted_range0 [#"../selection_sort_generic.rs" 10 0 10 63] (s : Seq.seq deep_model_ty0) (l : int) (u : int) = @@ -592,26 +592,26 @@ module SelectionSortGeneric_SelectionSort goto BB0 } BB0 { - old_v <- ([#"../selection_sort_generic.rs" 34 16 34 25] Ghost.new v); + [#"../selection_sort_generic.rs" 34 16 34 25] old_v <- ([#"../selection_sort_generic.rs" 34 16 34 25] Ghost.new v); goto BB1 } BB1 { assert { [@expl:type invariant] inv0 old_v }; assume { resolve0 old_v }; - _8 <- ([#"../selection_sort_generic.rs" 38 16 38 23] len0 ([#"../selection_sort_generic.rs" 38 16 38 23] * v)); + [#"../selection_sort_generic.rs" 38 16 38 23] _8 <- ([#"../selection_sort_generic.rs" 38 16 38 23] len0 ([#"../selection_sort_generic.rs" 38 16 38 23] * v)); goto BB2 } BB2 { - iter <- ([#"../selection_sort_generic.rs" 35 4 35 43] into_iter0 ([#"../selection_sort_generic.rs" 38 13 38 23] Core_Ops_Range_Range_Type.C_Range ([#"../selection_sort_generic.rs" 38 13 38 14] [#"../selection_sort_generic.rs" 38 13 38 14] (0 : usize)) _8)); + [#"../selection_sort_generic.rs" 35 4 35 43] iter <- ([#"../selection_sort_generic.rs" 35 4 35 43] into_iter0 ([#"../selection_sort_generic.rs" 38 13 38 23] Core_Ops_Range_Range_Type.C_Range ([#"../selection_sort_generic.rs" 38 13 38 14] [#"../selection_sort_generic.rs" 38 13 38 14] (0 : usize)) _8)); _8 <- any usize; goto BB3 } BB3 { - iter_old <- ([#"../selection_sort_generic.rs" 35 4 35 43] Ghost.new iter); + [#"../selection_sort_generic.rs" 35 4 35 43] iter_old <- ([#"../selection_sort_generic.rs" 35 4 35 43] Ghost.new iter); goto BB4 } BB4 { - produced <- ([#"../selection_sort_generic.rs" 35 4 35 43] Ghost.new (Seq.empty )); + [#"../selection_sort_generic.rs" 35 4 35 43] produced <- ([#"../selection_sort_generic.rs" 35 4 35 43] Ghost.new (Seq.empty )); goto BB5 } BB5 { @@ -626,11 +626,11 @@ module SelectionSortGeneric_SelectionSort goto BB7 } BB7 { - _22 <- Borrow.borrow_mut iter; - iter <- ^ _22; - _21 <- Borrow.borrow_mut ( * _22); - _22 <- { _22 with current = ^ _21 }; - _20 <- ([#"../selection_sort_generic.rs" 35 4 35 43] next0 _21); + [#"../selection_sort_generic.rs" 35 4 35 43] _22 <- Borrow.borrow_mut iter; + [#"../selection_sort_generic.rs" 35 4 35 43] iter <- ^ _22; + [#"../selection_sort_generic.rs" 35 4 35 43] _21 <- Borrow.borrow_mut ( * _22); + [#"../selection_sort_generic.rs" 35 4 35 43] _22 <- { _22 with current = ^ _21 }; + [#"../selection_sort_generic.rs" 35 4 35 43] _20 <- ([#"../selection_sort_generic.rs" 35 4 35 43] next0 _21); _21 <- any borrowed (Core_Ops_Range_Range_Type.t_range usize); goto BB8 } @@ -644,39 +644,40 @@ module SelectionSortGeneric_SelectionSort BB9 { assert { [@expl:type invariant] inv6 v }; assume { resolve4 v }; - _0 <- ([#"../selection_sort_generic.rs" 35 4 35 43] ()); + [#"../selection_sort_generic.rs" 35 4 35 43] _0 <- ([#"../selection_sort_generic.rs" 35 4 35 43] ()); return _0 } BB10 { goto BB12 } BB11 { + assert { [#"../selection_sort_generic.rs" 35 4 35 43] false }; absurd } BB12 { - __creusot_proc_iter_elem <- Core_Option_Option_Type.some_0 _20; - _25 <- ([#"../selection_sort_generic.rs" 35 4 35 43] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); + [#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- ([#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _20); + [#"../selection_sort_generic.rs" 35 4 35 43] _25 <- ([#"../selection_sort_generic.rs" 35 4 35 43] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); goto BB13 } BB13 { - produced <- _25; - _25 <- any Ghost.ghost_ty (Seq.seq usize); - i <- __creusot_proc_iter_elem; - min <- i; - _34 <- ([#"../selection_sort_generic.rs" 43 26 43 33] len0 ([#"../selection_sort_generic.rs" 43 26 43 33] * v)); + [#"../selection_sort_generic.rs" 35 4 35 43] produced <- ([#"../selection_sort_generic.rs" 35 4 35 43] _25); + [#"../selection_sort_generic.rs" 35 4 35 43] _25 <- any Ghost.ghost_ty (Seq.seq usize); + [#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] i <- ([#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem); + [#"../selection_sort_generic.rs" 39 22 39 23] min <- ([#"../selection_sort_generic.rs" 39 22 39 23] i); + [#"../selection_sort_generic.rs" 43 26 43 33] _34 <- ([#"../selection_sort_generic.rs" 43 26 43 33] len0 ([#"../selection_sort_generic.rs" 43 26 43 33] * v)); goto BB14 } BB14 { - iter1 <- ([#"../selection_sort_generic.rs" 41 8 41 121] into_iter0 ([#"../selection_sort_generic.rs" 43 17 43 33] Core_Ops_Range_Range_Type.C_Range ([#"../selection_sort_generic.rs" 43 17 43 24] i + ([#"../selection_sort_generic.rs" 43 22 43 23] [#"../selection_sort_generic.rs" 43 22 43 23] (1 : usize))) _34)); + [#"../selection_sort_generic.rs" 41 8 41 121] iter1 <- ([#"../selection_sort_generic.rs" 41 8 41 121] into_iter0 ([#"../selection_sort_generic.rs" 43 17 43 33] Core_Ops_Range_Range_Type.C_Range ([#"../selection_sort_generic.rs" 43 17 43 24] ([#"../selection_sort_generic.rs" 43 18 43 19] i) + ([#"../selection_sort_generic.rs" 43 22 43 23] [#"../selection_sort_generic.rs" 43 22 43 23] (1 : usize))) _34)); _34 <- any usize; goto BB15 } BB15 { - iter_old1 <- ([#"../selection_sort_generic.rs" 41 8 41 121] Ghost.new iter1); + [#"../selection_sort_generic.rs" 41 8 41 121] iter_old1 <- ([#"../selection_sort_generic.rs" 41 8 41 121] Ghost.new iter1); goto BB16 } BB16 { - produced1 <- ([#"../selection_sort_generic.rs" 41 8 41 121] Ghost.new (Seq.empty )); + [#"../selection_sort_generic.rs" 41 8 41 121] produced1 <- ([#"../selection_sort_generic.rs" 41 8 41 121] Ghost.new (Seq.empty )); goto BB17 } BB17 { @@ -690,11 +691,11 @@ module SelectionSortGeneric_SelectionSort goto BB19 } BB19 { - _46 <- Borrow.borrow_mut iter1; - iter1 <- ^ _46; - _45 <- Borrow.borrow_mut ( * _46); - _46 <- { _46 with current = ^ _45 }; - _44 <- ([#"../selection_sort_generic.rs" 41 8 41 121] next0 _45); + [#"../selection_sort_generic.rs" 41 8 41 121] _46 <- Borrow.borrow_mut iter1; + [#"../selection_sort_generic.rs" 41 8 41 121] iter1 <- ^ _46; + [#"../selection_sort_generic.rs" 41 8 41 121] _45 <- Borrow.borrow_mut ( * _46); + [#"../selection_sort_generic.rs" 41 8 41 121] _46 <- { _46 with current = ^ _45 }; + [#"../selection_sort_generic.rs" 41 8 41 121] _44 <- ([#"../selection_sort_generic.rs" 41 8 41 121] next0 _45); _45 <- any borrowed (Core_Ops_Range_Range_Type.t_range usize); goto BB20 } @@ -706,10 +707,10 @@ module SelectionSortGeneric_SelectionSort end } BB21 { - _66 <- Borrow.borrow_mut ( * v); - v <- { v with current = ^ _66 }; + [#"../selection_sort_generic.rs" 48 8 48 22] _66 <- Borrow.borrow_mut ( * v); + [#"../selection_sort_generic.rs" 48 8 48 22] v <- { v with current = ^ _66 }; assume { inv3 ( ^ _66) }; - _65 <- ([#"../selection_sort_generic.rs" 48 8 48 22] deref_mut0 _66); + [#"../selection_sort_generic.rs" 48 8 48 22] _65 <- ([#"../selection_sort_generic.rs" 48 8 48 22] deref_mut0 _66); _66 <- any borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)); goto BB31 } @@ -717,27 +718,27 @@ module SelectionSortGeneric_SelectionSort goto BB23 } BB23 { - __creusot_proc_iter_elem1 <- Core_Option_Option_Type.some_0 _44; - _49 <- ([#"../selection_sort_generic.rs" 41 8 41 121] Ghost.new (Seq.(++) (Ghost.inner produced1) (Seq.singleton __creusot_proc_iter_elem1))); + [#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem1 <- ([#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _44); + [#"../selection_sort_generic.rs" 41 8 41 121] _49 <- ([#"../selection_sort_generic.rs" 41 8 41 121] Ghost.new (Seq.(++) (Ghost.inner produced1) (Seq.singleton __creusot_proc_iter_elem1))); goto BB24 } BB24 { - produced1 <- _49; - _49 <- any Ghost.ghost_ty (Seq.seq usize); - j <- __creusot_proc_iter_elem1; - _54 <- ([#"../selection_sort_generic.rs" 44 15 44 19] index0 ([#"../selection_sort_generic.rs" 44 15 44 16] * v) j); + [#"../selection_sort_generic.rs" 41 8 41 121] produced1 <- ([#"../selection_sort_generic.rs" 41 8 41 121] _49); + [#"../selection_sort_generic.rs" 41 8 41 121] _49 <- any Ghost.ghost_ty (Seq.seq usize); + [#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] j <- ([#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem1); + [#"../selection_sort_generic.rs" 44 15 44 19] _54 <- ([#"../selection_sort_generic.rs" 44 15 44 19] index0 ([#"../selection_sort_generic.rs" 44 15 44 16] * v) ([#"../selection_sort_generic.rs" 44 17 44 18] j)); goto BB25 } BB25 { assert { [@expl:type invariant] inv2 _54 }; assume { resolve2 _54 }; - _58 <- ([#"../selection_sort_generic.rs" 44 22 44 28] index0 ([#"../selection_sort_generic.rs" 44 22 44 23] * v) min); + [#"../selection_sort_generic.rs" 44 22 44 28] _58 <- ([#"../selection_sort_generic.rs" 44 22 44 28] index0 ([#"../selection_sort_generic.rs" 44 22 44 23] * v) ([#"../selection_sort_generic.rs" 44 24 44 27] min)); goto BB26 } BB26 { assert { [@expl:type invariant] inv2 _58 }; assume { resolve2 _58 }; - _52 <- ([#"../selection_sort_generic.rs" 44 15 44 28] lt0 ([#"../selection_sort_generic.rs" 44 15 44 19] _54) ([#"../selection_sort_generic.rs" 44 22 44 28] _58)); + [#"../selection_sort_generic.rs" 44 15 44 28] _52 <- ([#"../selection_sort_generic.rs" 44 15 44 28] lt0 ([#"../selection_sort_generic.rs" 44 15 44 19] _54) ([#"../selection_sort_generic.rs" 44 22 44 28] _58)); goto BB27 } BB27 { @@ -747,22 +748,22 @@ module SelectionSortGeneric_SelectionSort end } BB28 { - min <- j; - _19 <- ([#"../selection_sort_generic.rs" 44 29 46 13] ()); + [#"../selection_sort_generic.rs" 45 16 45 23] min <- ([#"../selection_sort_generic.rs" 45 22 45 23] j); + [#"../selection_sort_generic.rs" 44 29 46 13] _19 <- ([#"../selection_sort_generic.rs" 44 29 46 13] ()); goto BB30 } BB29 { - _19 <- ([#"../selection_sort_generic.rs" 46 13 46 13] ()); + [#"../selection_sort_generic.rs" 46 13 46 13] _19 <- ([#"../selection_sort_generic.rs" 46 13 46 13] ()); goto BB30 } BB30 { goto BB18 } BB31 { - _64 <- Borrow.borrow_mut ( * _65); - _65 <- { _65 with current = ^ _64 }; + [#"../selection_sort_generic.rs" 48 8 48 22] _64 <- Borrow.borrow_mut ( * _65); + [#"../selection_sort_generic.rs" 48 8 48 22] _65 <- { _65 with current = ^ _64 }; assume { inv4 ( ^ _64) }; - _63 <- ([#"../selection_sort_generic.rs" 48 8 48 22] swap0 _64 i min); + [#"../selection_sort_generic.rs" 48 8 48 22] _63 <- ([#"../selection_sort_generic.rs" 48 8 48 22] swap0 _64 ([#"../selection_sort_generic.rs" 48 15 48 16] i) ([#"../selection_sort_generic.rs" 48 18 48 21] min)); _64 <- any borrowed (slice t); goto BB32 } @@ -770,7 +771,7 @@ module SelectionSortGeneric_SelectionSort assert { [@expl:type invariant] inv5 _65 }; assume { resolve3 _65 }; assert { [@expl:assertion] [#"../selection_sort_generic.rs" 49 8 50 63] let i = Seq.length (Ghost.inner produced) in forall k2 : int . forall k1 : int . 0 <= k1 /\ k1 < i /\ i <= k2 /\ k2 < Seq.length (deep_model0 v) -> le_log0 (Seq.get (deep_model0 v) k1) (Seq.get (deep_model0 v) k2) }; - _19 <- ([#"../selection_sort_generic.rs" 38 24 51 5] ()); + [#"../selection_sort_generic.rs" 38 24 51 5] _19 <- ([#"../selection_sort_generic.rs" 38 24 51 5] ()); goto BB6 } BB34 { diff --git a/creusot/tests/should_succeed/slices/01.mlcfg b/creusot/tests/should_succeed/slices/01.mlcfg index e90d2e1147..15c407ebeb 100644 --- a/creusot/tests/should_succeed/slices/01.mlcfg +++ b/creusot/tests/should_succeed/slices/01.mlcfg @@ -11,7 +11,7 @@ module C01_IndexSlice val inv1 (_x : Seq.seq uint32) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../01.rs" 1 0 1 0] forall x : Seq.seq uint32 . inv1 x = true + axiom inv1 : forall x : Seq.seq uint32 . inv1 x = true use prelude.Slice predicate invariant0 (self : slice uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -22,7 +22,7 @@ module C01_IndexSlice val inv0 (_x : slice uint32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../01.rs" 1 0 1 0] forall x : slice uint32 . inv0 x = true + axiom inv0 : forall x : slice uint32 . inv0 x = true use seq.Seq use prelude.UIntSize use prelude.Slice @@ -54,13 +54,13 @@ module C01_IndexSlice goto BB0 } BB0 { - _3 <- ([#"../01.rs" 7 6 7 8] [#"../01.rs" 7 6 7 8] (10 : usize)); - _5 <- ([#"../01.rs" 7 4 7 9] _3 < ([#"../01.rs" 7 4 7 9] Slice.length a)); + [#"../01.rs" 7 6 7 8] _3 <- ([#"../01.rs" 7 6 7 8] [#"../01.rs" 7 6 7 8] (10 : usize)); + [#"../01.rs" 7 4 7 9] _5 <- ([#"../01.rs" 7 4 7 9] _3 < ([#"../01.rs" 7 4 7 9] Slice.length a)); assert { [@expl:index in bounds] [#"../01.rs" 7 4 7 9] _5 }; goto BB1 } BB1 { - _0 <- Slice.get a _3; + [#"../01.rs" 7 4 7 9] _0 <- ([#"../01.rs" 7 4 7 9] Slice.get a _3); return _0 } @@ -77,7 +77,7 @@ module C01_IndexMutSlice val inv1 (_x : Seq.seq uint32) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../01.rs" 1 0 1 0] forall x : Seq.seq uint32 . inv1 x = true + axiom inv1 : forall x : Seq.seq uint32 . inv1 x = true use prelude.Slice predicate invariant0 (self : slice uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -88,7 +88,7 @@ module C01_IndexMutSlice val inv0 (_x : slice uint32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../01.rs" 1 0 1 0] forall x : slice uint32 . inv0 x = true + axiom inv0 : forall x : slice uint32 . inv0 x = true use prelude.UInt32 use seq.Seq use prelude.UIntSize @@ -133,15 +133,15 @@ module C01_IndexMutSlice goto BB0 } BB0 { - _4 <- ([#"../01.rs" 13 6 13 7] [#"../01.rs" 13 6 13 7] (2 : usize)); - _6 <- ([#"../01.rs" 13 4 13 8] _4 < ([#"../01.rs" 13 4 13 8] Slice.length ( * a))); + [#"../01.rs" 13 6 13 7] _4 <- ([#"../01.rs" 13 6 13 7] [#"../01.rs" 13 6 13 7] (2 : usize)); + [#"../01.rs" 13 4 13 8] _6 <- ([#"../01.rs" 13 4 13 8] _4 < ([#"../01.rs" 13 4 13 8] Slice.length ( * a))); assert { [@expl:index in bounds] [#"../01.rs" 13 4 13 8] _6 }; goto BB1 } BB1 { - a <- { a with current = Slice.set ( * a) _4 ([#"../01.rs" 13 11 13 12] [#"../01.rs" 13 11 13 12] (3 : uint32)) }; + [#"../01.rs" 13 4 13 12] a <- { a with current = Slice.set ( * a) _4 ([#"../01.rs" 13 4 13 12] [#"../01.rs" 13 11 13 12] (3 : uint32)) }; assume { resolve0 a }; - _0 <- ([#"../01.rs" 12 38 14 1] ()); + [#"../01.rs" 12 38 14 1] _0 <- ([#"../01.rs" 12 38 14 1] ()); return _0 } @@ -163,7 +163,7 @@ module C01_SliceFirst val inv4 (_x : Seq.seq t) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../01.rs" 1 0 1 0] forall x : Seq.seq t . inv4 x = true + axiom inv4 : forall x : Seq.seq t . inv4 x = true use prelude.Slice predicate invariant3 (self : slice t) val invariant3 (self : slice t) : bool @@ -173,7 +173,7 @@ module C01_SliceFirst val inv3 (_x : slice t) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../01.rs" 1 0 1 0] forall x : slice t . inv3 x = true + axiom inv3 : forall x : slice t . inv3 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant2 (self : Core_Option_Option_Type.t_option t) val invariant2 (self : Core_Option_Option_Type.t_option t) : bool @@ -183,7 +183,7 @@ module C01_SliceFirst val inv2 (_x : Core_Option_Option_Type.t_option t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../01.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option t . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option t . inv2 x = true predicate invariant1 (self : t) val invariant1 (self : t) : bool ensures { result = invariant1 self } @@ -192,7 +192,7 @@ module C01_SliceFirst val inv1 (_x : t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../01.rs" 1 0 1 0] forall x : t . inv1 x = true + axiom inv1 : forall x : t . inv1 x = true predicate invariant0 (self : slice t) val invariant0 (self : slice t) : bool ensures { result = invariant0 self } @@ -201,7 +201,7 @@ module C01_SliceFirst val inv0 (_x : slice t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../01.rs" 1 0 1 0] forall x : slice t . inv0 x = true + axiom inv0 : forall x : slice t . inv0 x = true use seq.Seq use prelude.UIntSize use prelude.Slice @@ -258,7 +258,7 @@ module C01_SliceFirst goto BB0 } BB0 { - _4 <- ([#"../01.rs" 21 7 21 14] len0 ([#"../01.rs" 21 7 21 14] a)); + [#"../01.rs" 21 7 21 14] _4 <- ([#"../01.rs" 21 7 21 14] len0 ([#"../01.rs" 21 7 21 14] a)); goto BB1 } BB1 { @@ -268,24 +268,24 @@ module C01_SliceFirst end } BB2 { - _8 <- ([#"../01.rs" 22 16 22 17] [#"../01.rs" 22 16 22 17] (0 : usize)); - _10 <- ([#"../01.rs" 22 14 22 18] _8 < ([#"../01.rs" 22 14 22 18] Slice.length a)); + [#"../01.rs" 22 16 22 17] _8 <- ([#"../01.rs" 22 16 22 17] [#"../01.rs" 22 16 22 17] (0 : usize)); + [#"../01.rs" 22 14 22 18] _10 <- ([#"../01.rs" 22 14 22 18] _8 < ([#"../01.rs" 22 14 22 18] Slice.length a)); assert { [@expl:index in bounds] [#"../01.rs" 22 14 22 18] _10 }; goto BB3 } BB3 { - _7 <- ([#"../01.rs" 22 13 22 18] Slice.get a _8); + [#"../01.rs" 22 13 22 18] _7 <- ([#"../01.rs" 22 13 22 18] Slice.get a _8); assert { [@expl:type invariant] inv0 a }; assume { resolve0 a }; assert { [@expl:type invariant] inv1 _7 }; assume { resolve1 _7 }; - _0 <- ([#"../01.rs" 22 8 22 19] Core_Option_Option_Type.C_Some ([#"../01.rs" 22 13 22 18] _7)); + [#"../01.rs" 22 8 22 19] _0 <- ([#"../01.rs" 22 8 22 19] Core_Option_Option_Type.C_Some ([#"../01.rs" 22 13 22 18] _7)); goto BB5 } BB4 { assert { [@expl:type invariant] inv0 a }; assume { resolve0 a }; - _0 <- ([#"../01.rs" 24 8 24 12] Core_Option_Option_Type.C_None); + [#"../01.rs" 24 8 24 12] _0 <- ([#"../01.rs" 24 8 24 12] Core_Option_Option_Type.C_None); goto BB5 } BB5 { diff --git a/creusot/tests/should_succeed/slices/02_std.mlcfg b/creusot/tests/should_succeed/slices/02_std.mlcfg index dfa373a3d1..9b46016174 100644 --- a/creusot/tests/should_succeed/slices/02_std.mlcfg +++ b/creusot/tests/should_succeed/slices/02_std.mlcfg @@ -24,7 +24,7 @@ module C02Std_BinarySearch val inv6 (_x : Seq.seq uint32) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../02_std.rs" 1 0 1 0] forall x : Seq.seq uint32 . inv6 x = true + axiom inv6 : forall x : Seq.seq uint32 . inv6 x = true use prelude.Int predicate invariant5 (self : Seq.seq int) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -35,7 +35,7 @@ module C02Std_BinarySearch val inv5 (_x : Seq.seq int) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../02_std.rs" 1 0 1 0] forall x : Seq.seq int . inv5 x = true + axiom inv5 : forall x : Seq.seq int . inv5 x = true use prelude.Slice predicate invariant4 (self : slice uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -46,7 +46,7 @@ module C02Std_BinarySearch val inv4 (_x : slice uint32) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../02_std.rs" 1 0 1 0] forall x : slice uint32 . inv4 x = true + axiom inv4 : forall x : slice uint32 . inv4 x = true use prelude.UIntSize use Core_Result_Result_Type as Core_Result_Result_Type predicate invariant3 (self : Core_Result_Result_Type.t_result usize usize) = @@ -58,7 +58,7 @@ module C02Std_BinarySearch val inv3 (_x : Core_Result_Result_Type.t_result usize usize) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../02_std.rs" 1 0 1 0] forall x : Core_Result_Result_Type.t_result usize usize . inv3 x = true + axiom inv3 : forall x : Core_Result_Result_Type.t_result usize usize . inv3 x = true predicate invariant2 (self : usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : usize) : bool @@ -68,7 +68,7 @@ module C02Std_BinarySearch val inv2 (_x : usize) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../02_std.rs" 1 0 1 0] forall x : usize . inv2 x = true + axiom inv2 : forall x : usize . inv2 x = true predicate invariant1 (self : uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : uint32) : bool @@ -78,7 +78,7 @@ module C02Std_BinarySearch val inv1 (_x : uint32) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../02_std.rs" 1 0 1 0] forall x : uint32 . inv1 x = true + axiom inv1 : forall x : uint32 . inv1 x = true predicate invariant0 (self : slice uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : slice uint32) : bool @@ -88,7 +88,7 @@ module C02Std_BinarySearch val inv0 (_x : slice uint32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../02_std.rs" 1 0 1 0] forall x : slice uint32 . inv0 x = true + axiom inv0 : forall x : slice uint32 . inv0 x = true use prelude.UInt32 use seq.Seq use prelude.Slice @@ -181,19 +181,19 @@ module C02Std_BinarySearch goto BB0 } BB0 { - _12 <- ([#"../02_std.rs" 9 29 9 31] [#"../02_std.rs" 9 29 9 31] promoted0); - _8 <- ([#"../02_std.rs" 9 29 9 31] _12); - _5 <- ([#"../02_std.rs" 9 13 9 32] binary_search0 ([#"../02_std.rs" 9 13 9 32] s) ([#"../02_std.rs" 9 29 9 31] _8)); + [#"../02_std.rs" 9 29 9 31] _12 <- ([#"../02_std.rs" 9 29 9 31] [#"../02_std.rs" 9 29 9 31] promoted0); + [#"../02_std.rs" 9 29 9 31] _8 <- ([#"../02_std.rs" 9 29 9 31] _12); + [#"../02_std.rs" 9 13 9 32] _5 <- ([#"../02_std.rs" 9 13 9 32] binary_search0 ([#"../02_std.rs" 9 13 9 32] s) ([#"../02_std.rs" 9 29 9 31] _8)); goto BB1 } BB1 { - ix <- ([#"../02_std.rs" 9 13 9 41] unwrap0 _5); + [#"../02_std.rs" 9 13 9 41] ix <- ([#"../02_std.rs" 9 13 9 41] unwrap0 _5); _5 <- any Core_Result_Result_Type.t_result usize usize; goto BB2 } BB2 { assert { [@expl:assertion] [#"../02_std.rs" 11 20 11 27] UIntSize.to_int ix < 5 }; - _0 <- ix; + [#"../02_std.rs" 12 4 12 6] _0 <- ([#"../02_std.rs" 12 4 12 6] ix); return _0 } diff --git a/creusot/tests/should_succeed/sparse_array.mlcfg b/creusot/tests/should_succeed/sparse_array.mlcfg index 9abbe20633..af0983b9fe 100644 --- a/creusot/tests/should_succeed/sparse_array.mlcfg +++ b/creusot/tests/should_succeed/sparse_array.mlcfg @@ -87,7 +87,7 @@ module SparseArray_Impl2_Get val inv11 (_x : Seq.seq t) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../sparse_array.rs" 1 0 1 0] forall x : Seq.seq t . inv11 x = true + axiom inv11 : forall x : Seq.seq t . inv11 x = true use prelude.UIntSize use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -111,7 +111,7 @@ module SparseArray_Impl2_Get val invariant10 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant10 self } - axiom inv10 : [#"../sparse_array.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv10 x = true + axiom inv10 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv10 x = true predicate invariant9 (self : Seq.seq usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant9 (self : Seq.seq usize) : bool @@ -121,7 +121,7 @@ module SparseArray_Impl2_Get val inv9 (_x : Seq.seq usize) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../sparse_array.rs" 1 0 1 0] forall x : Seq.seq usize . inv9 x = true + axiom inv9 : forall x : Seq.seq usize . inv9 x = true use seq.Seq predicate inv8 (_x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) val inv8 (_x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool @@ -138,7 +138,7 @@ module SparseArray_Impl2_Get val invariant8 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant8 self } - axiom inv8 : [#"../sparse_array.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv8 x = true + axiom inv8 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv8 x = true use Core_Option_Option_Type as Core_Option_Option_Type use seq.Seq function index_logic4 [@inline:trivial] (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (ix : int) : usize @@ -188,7 +188,7 @@ module SparseArray_Impl2_Get val inv7 (_x : SparseArray_Sparse_Type.t_sparse t) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../sparse_array.rs" 1 0 1 0] forall x : SparseArray_Sparse_Type.t_sparse t . inv7 x = (invariant7 x /\ match x with + axiom inv7 : forall x : SparseArray_Sparse_Type.t_sparse t . inv7 x = (invariant7 x /\ match x with | SparseArray_Sparse_Type.C_Sparse size n values idx back -> true end) predicate invariant6 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) @@ -199,7 +199,7 @@ module SparseArray_Impl2_Get val inv6 (_x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../sparse_array.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv6 x = true + axiom inv6 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv6 x = true predicate invariant5 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant5 (self : usize) : bool @@ -209,7 +209,7 @@ module SparseArray_Impl2_Get val inv5 (_x : usize) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../sparse_array.rs" 1 0 1 0] forall x : usize . inv5 x = true + axiom inv5 : forall x : usize . inv5 x = true predicate invariant4 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant4 (self : usize) : bool @@ -219,7 +219,7 @@ module SparseArray_Impl2_Get val inv4 (_x : usize) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../sparse_array.rs" 1 0 1 0] forall x : usize . inv4 x = true + axiom inv4 : forall x : usize . inv4 x = true predicate invariant3 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool @@ -229,7 +229,7 @@ module SparseArray_Impl2_Get val inv3 (_x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../sparse_array.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv3 x = true + axiom inv3 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv3 x = true predicate invariant2 (self : Core_Option_Option_Type.t_option t) val invariant2 (self : Core_Option_Option_Type.t_option t) : bool ensures { result = invariant2 self } @@ -238,7 +238,7 @@ module SparseArray_Impl2_Get val inv2 (_x : Core_Option_Option_Type.t_option t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../sparse_array.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option t . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option t . inv2 x = true predicate invariant1 (self : t) val invariant1 (self : t) : bool ensures { result = invariant1 self } @@ -247,7 +247,7 @@ module SparseArray_Impl2_Get val inv1 (_x : t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../sparse_array.rs" 1 0 1 0] forall x : t . inv1 x = true + axiom inv1 : forall x : t . inv1 x = true predicate invariant0 (self : SparseArray_Sparse_Type.t_sparse t) val invariant0 (self : SparseArray_Sparse_Type.t_sparse t) : bool ensures { result = invariant0 self } @@ -256,7 +256,7 @@ module SparseArray_Impl2_Get val inv0 (_x : SparseArray_Sparse_Type.t_sparse t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../sparse_array.rs" 1 0 1 0] forall x : SparseArray_Sparse_Type.t_sparse t . inv0 x = inv7 x + axiom inv0 : forall x : SparseArray_Sparse_Type.t_sparse t . inv0 x = inv7 x use seq.Seq function shallow_model1 (self : SparseArray_Sparse_Type.t_sparse t) : Seq.seq (Core_Option_Option_Type.t_option t) = [#"../../../../creusot-contracts/src/model.rs" 83 8 83 31] shallow_model4 self @@ -343,22 +343,22 @@ module SparseArray_Impl2_Get goto BB0 } BB0 { - _7 <- ([#"../sparse_array.rs" 90 20 90 31] index0 ([#"../sparse_array.rs" 90 20 90 28] SparseArray_Sparse_Type.sparse_idx self) i); + [#"../sparse_array.rs" 90 20 90 31] _7 <- ([#"../sparse_array.rs" 90 20 90 31] index0 ([#"../sparse_array.rs" 90 20 90 28] SparseArray_Sparse_Type.sparse_idx self) ([#"../sparse_array.rs" 90 29 90 30] i)); goto BB1 } BB1 { - index <- _7; - switch ([#"../sparse_array.rs" 91 11 91 25] index < SparseArray_Sparse_Type.sparse_n self) + [#"../sparse_array.rs" 90 20 90 31] index <- ([#"../sparse_array.rs" 90 20 90 31] _7); + switch ([#"../sparse_array.rs" 91 11 91 25] ([#"../sparse_array.rs" 91 11 91 16] index) < ([#"../sparse_array.rs" 91 19 91 25] SparseArray_Sparse_Type.sparse_n self)) | False -> goto BB2 | True -> goto BB3 end } BB2 { - _10 <- ([#"../sparse_array.rs" 91 11 91 50] [#"../sparse_array.rs" 91 11 91 50] false); + [#"../sparse_array.rs" 91 11 91 50] _10 <- ([#"../sparse_array.rs" 91 11 91 50] [#"../sparse_array.rs" 91 11 91 50] false); goto BB4 } BB3 { - _16 <- ([#"../sparse_array.rs" 91 29 91 45] index0 ([#"../sparse_array.rs" 91 29 91 38] SparseArray_Sparse_Type.sparse_back self) index); + [#"../sparse_array.rs" 91 29 91 45] _16 <- ([#"../sparse_array.rs" 91 29 91 45] index0 ([#"../sparse_array.rs" 91 29 91 38] SparseArray_Sparse_Type.sparse_back self) ([#"../sparse_array.rs" 91 39 91 44] index)); goto BB5 } BB4 { @@ -368,28 +368,28 @@ module SparseArray_Impl2_Get end } BB5 { - _10 <- ([#"../sparse_array.rs" 91 29 91 50] _16 = i); + [#"../sparse_array.rs" 91 11 91 50] _10 <- ([#"../sparse_array.rs" 91 29 91 50] ([#"../sparse_array.rs" 91 29 91 45] _16) = ([#"../sparse_array.rs" 91 49 91 50] i)); goto BB4 } BB6 { assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _22 <- ([#"../sparse_array.rs" 92 18 92 32] index1 ([#"../sparse_array.rs" 92 18 92 29] SparseArray_Sparse_Type.sparse_values self) i); + [#"../sparse_array.rs" 92 18 92 32] _22 <- ([#"../sparse_array.rs" 92 18 92 32] index1 ([#"../sparse_array.rs" 92 18 92 29] SparseArray_Sparse_Type.sparse_values self) ([#"../sparse_array.rs" 92 30 92 31] i)); goto BB7 } BB7 { - _21 <- ([#"../sparse_array.rs" 92 17 92 32] _22); + [#"../sparse_array.rs" 92 17 92 32] _21 <- ([#"../sparse_array.rs" 92 17 92 32] _22); assert { [@expl:type invariant] inv1 _22 }; assume { resolve1 _22 }; assert { [@expl:type invariant] inv1 _21 }; assume { resolve1 _21 }; - _0 <- ([#"../sparse_array.rs" 92 12 92 33] Core_Option_Option_Type.C_Some ([#"../sparse_array.rs" 92 17 92 32] _21)); + [#"../sparse_array.rs" 92 12 92 33] _0 <- ([#"../sparse_array.rs" 92 12 92 33] Core_Option_Option_Type.C_Some ([#"../sparse_array.rs" 92 17 92 32] _21)); goto BB9 } BB8 { assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _0 <- ([#"../sparse_array.rs" 94 12 94 16] Core_Option_Option_Type.C_None); + [#"../sparse_array.rs" 94 12 94 16] _0 <- ([#"../sparse_array.rs" 94 12 94 16] Core_Option_Option_Type.C_None); goto BB9 } BB9 { @@ -408,7 +408,7 @@ module SparseArray_Impl2_LemmaPermutation_Impl val inv4 (_x : Seq.seq t) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../sparse_array.rs" 1 0 1 0] forall x : Seq.seq t . inv4 x = true + axiom inv4 : forall x : Seq.seq t . inv4 x = true use prelude.UIntSize predicate invariant3 (self : Seq.seq usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -419,7 +419,7 @@ module SparseArray_Impl2_LemmaPermutation_Impl val inv3 (_x : Seq.seq usize) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../sparse_array.rs" 1 0 1 0] forall x : Seq.seq usize . inv3 x = true + axiom inv3 : forall x : Seq.seq usize . inv3 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -442,7 +442,7 @@ module SparseArray_Impl2_LemmaPermutation_Impl val invariant2 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../sparse_array.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv2 x = true + axiom inv2 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv2 x = true use seq.Seq predicate inv1 (_x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) val inv1 (_x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool @@ -459,7 +459,7 @@ module SparseArray_Impl2_LemmaPermutation_Impl val invariant1 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../sparse_array.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv1 x = true + axiom inv1 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv1 x = true use Core_Option_Option_Type as Core_Option_Option_Type use seq.Seq function index_logic0 [@inline:trivial] (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (ix : int) : usize @@ -509,7 +509,7 @@ module SparseArray_Impl2_LemmaPermutation_Impl val inv0 (_x : SparseArray_Sparse_Type.t_sparse t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../sparse_array.rs" 1 0 1 0] forall x : SparseArray_Sparse_Type.t_sparse t . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : SparseArray_Sparse_Type.t_sparse t . inv0 x = (invariant0 x /\ match x with | SparseArray_Sparse_Type.C_Sparse size n values idx back -> true end) let rec ghost function lemma_permutation [#"../sparse_array.rs" 104 4 104 38] (self : SparseArray_Sparse_Type.t_sparse t) (i : int) : () @@ -534,7 +534,7 @@ module SparseArray_Impl2_Set val inv13 (_x : Seq.seq usize) : bool ensures { result = inv13 _x } - axiom inv13 : [#"../sparse_array.rs" 1 0 1 0] forall x : Seq.seq usize . inv13 x = true + axiom inv13 : forall x : Seq.seq usize . inv13 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -557,7 +557,7 @@ module SparseArray_Impl2_Set val invariant12 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant12 self } - axiom inv12 : [#"../sparse_array.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv12 x = true + axiom inv12 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv12 x = true predicate invariant11 (self : Seq.seq t) val invariant11 (self : Seq.seq t) : bool ensures { result = invariant11 self } @@ -566,7 +566,7 @@ module SparseArray_Impl2_Set val inv11 (_x : Seq.seq t) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../sparse_array.rs" 1 0 1 0] forall x : Seq.seq t . inv11 x = true + axiom inv11 : forall x : Seq.seq t . inv11 x = true use prelude.Borrow predicate invariant10 (self : borrowed usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -577,7 +577,7 @@ module SparseArray_Impl2_Set val inv10 (_x : borrowed usize) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../sparse_array.rs" 1 0 1 0] forall x : borrowed usize . inv10 x = true + axiom inv10 : forall x : borrowed usize . inv10 x = true predicate invariant9 (self : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant9 (self : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool @@ -587,7 +587,7 @@ module SparseArray_Impl2_Set val inv9 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../sparse_array.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv9 x = true + axiom inv9 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv9 x = true predicate inv0 (_x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) val inv0 (_x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv0 _x } @@ -647,7 +647,7 @@ module SparseArray_Impl2_Set val inv8 (_x : SparseArray_Sparse_Type.t_sparse t) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../sparse_array.rs" 1 0 1 0] forall x : SparseArray_Sparse_Type.t_sparse t . inv8 x = (invariant8 x /\ match x with + axiom inv8 : forall x : SparseArray_Sparse_Type.t_sparse t . inv8 x = (invariant8 x /\ match x with | SparseArray_Sparse_Type.C_Sparse size n values idx back -> true end) predicate invariant7 (self : usize) = @@ -659,7 +659,7 @@ module SparseArray_Impl2_Set val inv7 (_x : usize) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../sparse_array.rs" 1 0 1 0] forall x : usize . inv7 x = true + axiom inv7 : forall x : usize . inv7 x = true predicate invariant6 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant6 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool @@ -669,7 +669,7 @@ module SparseArray_Impl2_Set val inv6 (_x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../sparse_array.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv6 x = true + axiom inv6 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv6 x = true predicate invariant5 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant5 (self : usize) : bool @@ -679,7 +679,7 @@ module SparseArray_Impl2_Set val inv5 (_x : usize) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../sparse_array.rs" 1 0 1 0] forall x : usize . inv5 x = true + axiom inv5 : forall x : usize . inv5 x = true predicate invariant4 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) val invariant4 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = invariant4 self } @@ -688,7 +688,7 @@ module SparseArray_Impl2_Set val inv4 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../sparse_array.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv4 x = true + axiom inv4 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv4 x = true predicate invariant3 (self : borrowed (SparseArray_Sparse_Type.t_sparse t)) val invariant3 (self : borrowed (SparseArray_Sparse_Type.t_sparse t)) : bool ensures { result = invariant3 self } @@ -697,7 +697,7 @@ module SparseArray_Impl2_Set val inv3 (_x : borrowed (SparseArray_Sparse_Type.t_sparse t)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../sparse_array.rs" 1 0 1 0] forall x : borrowed (SparseArray_Sparse_Type.t_sparse t) . inv3 x = (inv8 ( * x) /\ inv8 ( ^ x)) + axiom inv3 : forall x : borrowed (SparseArray_Sparse_Type.t_sparse t) . inv3 x = (inv8 ( * x) /\ inv8 ( ^ x)) predicate invariant2 (self : borrowed t) val invariant2 (self : borrowed t) : bool ensures { result = invariant2 self } @@ -706,7 +706,7 @@ module SparseArray_Impl2_Set val inv2 (_x : borrowed t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../sparse_array.rs" 1 0 1 0] forall x : borrowed t . inv2 x = true + axiom inv2 : forall x : borrowed t . inv2 x = true predicate invariant1 (self : t) val invariant1 (self : t) : bool ensures { result = invariant1 self } @@ -715,13 +715,13 @@ module SparseArray_Impl2_Set val inv1 (_x : t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../sparse_array.rs" 1 0 1 0] forall x : t . inv1 x = true + axiom inv1 : forall x : t . inv1 x = true predicate invariant0 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) = [#"../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41] inv11 (shallow_model4 self) val invariant0 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../sparse_array.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use seq.Seq function shallow_model1 (self : borrowed (SparseArray_Sparse_Type.t_sparse t)) : Seq.seq (Core_Option_Option_Type.t_option t) @@ -873,10 +873,10 @@ module SparseArray_Impl2_Set goto BB1 } BB1 { - _10 <- Borrow.borrow_mut (SparseArray_Sparse_Type.sparse_values ( * self)); - self <- { self with current = (let SparseArray_Sparse_Type.C_Sparse x0 x1 x2 x3 x4 = * self in SparseArray_Sparse_Type.C_Sparse x0 x1 ( ^ _10) x3 x4) }; + [#"../sparse_array.rs" 113 8 113 19] _10 <- Borrow.borrow_mut (SparseArray_Sparse_Type.sparse_values ( * self)); + [#"../sparse_array.rs" 113 8 113 19] self <- { self with current = (let SparseArray_Sparse_Type.C_Sparse x0 x1 x2 x3 x4 = * self in SparseArray_Sparse_Type.C_Sparse x0 x1 ( ^ _10) x3 x4) }; assume { inv0 ( ^ _10) }; - _9 <- ([#"../sparse_array.rs" 113 8 113 22] index_mut0 _10 i); + [#"../sparse_array.rs" 113 8 113 22] _9 <- ([#"../sparse_array.rs" 113 8 113 22] index_mut0 _10 ([#"../sparse_array.rs" 113 20 113 21] i)); _10 <- any borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)); goto BB2 } @@ -884,8 +884,8 @@ module SparseArray_Impl2_Set goto BB3 } BB3 { - _9 <- { _9 with current = v }; - v <- any t; + [#"../sparse_array.rs" 113 8 113 22] _9 <- { _9 with current = ([#"../sparse_array.rs" 113 25 113 26] v) }; + [#"../sparse_array.rs" 113 25 113 26] v <- any t; assert { [@expl:type invariant] inv1 ( * _9) }; assume { resolve0 ( * _9) }; assert { [@expl:type invariant] inv2 _9 }; @@ -893,22 +893,22 @@ module SparseArray_Impl2_Set goto BB5 } BB5 { - _13 <- ([#"../sparse_array.rs" 114 20 114 31] index0 ([#"../sparse_array.rs" 114 20 114 28] SparseArray_Sparse_Type.sparse_idx ( * self)) i); + [#"../sparse_array.rs" 114 20 114 31] _13 <- ([#"../sparse_array.rs" 114 20 114 31] index0 ([#"../sparse_array.rs" 114 20 114 28] SparseArray_Sparse_Type.sparse_idx ( * self)) ([#"../sparse_array.rs" 114 29 114 30] i)); goto BB6 } BB6 { - index <- _13; - switch ([#"../sparse_array.rs" 115 13 115 27] index < SparseArray_Sparse_Type.sparse_n ( * self)) + [#"../sparse_array.rs" 114 20 114 31] index <- ([#"../sparse_array.rs" 114 20 114 31] _13); + switch ([#"../sparse_array.rs" 115 13 115 27] ([#"../sparse_array.rs" 115 13 115 18] index) < ([#"../sparse_array.rs" 115 21 115 27] SparseArray_Sparse_Type.sparse_n ( * self))) | False -> goto BB7 | True -> goto BB8 end } BB7 { - _17 <- ([#"../sparse_array.rs" 115 12 115 53] [#"../sparse_array.rs" 115 12 115 53] false); + [#"../sparse_array.rs" 115 12 115 53] _17 <- ([#"../sparse_array.rs" 115 12 115 53] [#"../sparse_array.rs" 115 12 115 53] false); goto BB9 } BB8 { - _23 <- ([#"../sparse_array.rs" 115 31 115 47] index0 ([#"../sparse_array.rs" 115 31 115 40] SparseArray_Sparse_Type.sparse_back ( * self)) index); + [#"../sparse_array.rs" 115 31 115 47] _23 <- ([#"../sparse_array.rs" 115 31 115 47] index0 ([#"../sparse_array.rs" 115 31 115 40] SparseArray_Sparse_Type.sparse_back ( * self)) ([#"../sparse_array.rs" 115 41 115 46] index)); goto BB10 } BB9 { @@ -918,44 +918,44 @@ module SparseArray_Impl2_Set end } BB10 { - _17 <- ([#"../sparse_array.rs" 115 31 115 52] _23 = i); + [#"../sparse_array.rs" 115 12 115 53] _17 <- ([#"../sparse_array.rs" 115 31 115 52] ([#"../sparse_array.rs" 115 31 115 47] _23) = ([#"../sparse_array.rs" 115 51 115 52] i)); goto BB9 } BB11 { - _27 <- ([#"../sparse_array.rs" 117 12 117 40] Ghost.new ()); + [#"../sparse_array.rs" 117 12 117 40] _27 <- ([#"../sparse_array.rs" 117 12 117 40] Ghost.new ()); goto BB12 } BB12 { assume { resolve3 _27 }; assert { [@expl:assertion] [#"../sparse_array.rs" 118 26 118 46] UIntSize.to_int (SparseArray_Sparse_Type.sparse_n ( * self)) < UIntSize.to_int (SparseArray_Sparse_Type.sparse_size ( * self)) }; - _33 <- Borrow.borrow_mut (SparseArray_Sparse_Type.sparse_idx ( * self)); - self <- { self with current = (let SparseArray_Sparse_Type.C_Sparse x0 x1 x2 x3 x4 = * self in SparseArray_Sparse_Type.C_Sparse x0 x1 x2 ( ^ _33) x4) }; - _32 <- ([#"../sparse_array.rs" 120 12 120 23] index_mut1 _33 i); + [#"../sparse_array.rs" 120 12 120 20] _33 <- Borrow.borrow_mut (SparseArray_Sparse_Type.sparse_idx ( * self)); + [#"../sparse_array.rs" 120 12 120 20] self <- { self with current = (let SparseArray_Sparse_Type.C_Sparse x0 x1 x2 x3 x4 = * self in SparseArray_Sparse_Type.C_Sparse x0 x1 x2 ( ^ _33) x4) }; + [#"../sparse_array.rs" 120 12 120 23] _32 <- ([#"../sparse_array.rs" 120 12 120 23] index_mut1 _33 ([#"../sparse_array.rs" 120 21 120 22] i)); _33 <- any borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)); goto BB13 } BB13 { - _32 <- { _32 with current = SparseArray_Sparse_Type.sparse_n ( * self) }; + [#"../sparse_array.rs" 120 12 120 32] _32 <- { _32 with current = ([#"../sparse_array.rs" 120 26 120 32] SparseArray_Sparse_Type.sparse_n ( * self)) }; assume { resolve4 _32 }; - _37 <- Borrow.borrow_mut (SparseArray_Sparse_Type.sparse_back ( * self)); - self <- { self with current = (let SparseArray_Sparse_Type.C_Sparse x0 x1 x2 x3 x4 = * self in SparseArray_Sparse_Type.C_Sparse x0 x1 x2 x3 ( ^ _37)) }; - _36 <- ([#"../sparse_array.rs" 121 12 121 29] index_mut1 _37 (SparseArray_Sparse_Type.sparse_n ( * self))); + [#"../sparse_array.rs" 121 12 121 21] _37 <- Borrow.borrow_mut (SparseArray_Sparse_Type.sparse_back ( * self)); + [#"../sparse_array.rs" 121 12 121 21] self <- { self with current = (let SparseArray_Sparse_Type.C_Sparse x0 x1 x2 x3 x4 = * self in SparseArray_Sparse_Type.C_Sparse x0 x1 x2 x3 ( ^ _37)) }; + [#"../sparse_array.rs" 121 12 121 29] _36 <- ([#"../sparse_array.rs" 121 12 121 29] index_mut1 _37 ([#"../sparse_array.rs" 121 22 121 28] SparseArray_Sparse_Type.sparse_n ( * self))); _37 <- any borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)); goto BB14 } BB14 { - _36 <- { _36 with current = i }; + [#"../sparse_array.rs" 121 12 121 33] _36 <- { _36 with current = ([#"../sparse_array.rs" 121 32 121 33] i) }; assume { resolve4 _36 }; - self <- { self with current = (let SparseArray_Sparse_Type.C_Sparse x0 x1 x2 x3 x4 = * self in SparseArray_Sparse_Type.C_Sparse x0 ([#"../sparse_array.rs" 122 12 122 23] SparseArray_Sparse_Type.sparse_n ( * self) + ([#"../sparse_array.rs" 122 22 122 23] [#"../sparse_array.rs" 122 22 122 23] (1 : usize))) x2 x3 x4) }; + [#"../sparse_array.rs" 122 12 122 23] self <- { self with current = (let SparseArray_Sparse_Type.C_Sparse x0 x1 x2 x3 x4 = * self in SparseArray_Sparse_Type.C_Sparse x0 ([#"../sparse_array.rs" 122 12 122 23] SparseArray_Sparse_Type.sparse_n ( * self) + ([#"../sparse_array.rs" 122 22 122 23] [#"../sparse_array.rs" 122 22 122 23] (1 : usize))) x2 x3 x4) }; assert { [@expl:type invariant] inv3 self }; assume { resolve2 self }; - _0 <- ([#"../sparse_array.rs" 115 54 123 9] ()); + [#"../sparse_array.rs" 115 54 123 9] _0 <- ([#"../sparse_array.rs" 115 54 123 9] ()); goto BB16 } BB15 { assert { [@expl:type invariant] inv3 self }; assume { resolve2 self }; - _0 <- ([#"../sparse_array.rs" 123 9 123 9] ()); + [#"../sparse_array.rs" 123 9 123 9] _0 <- ([#"../sparse_array.rs" 123 9 123 9] ()); goto BB16 } BB16 { @@ -979,7 +979,7 @@ module SparseArray_Create val inv6 (_x : Seq.seq usize) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../sparse_array.rs" 1 0 1 0] forall x : Seq.seq usize . inv6 x = true + axiom inv6 : forall x : Seq.seq usize . inv6 x = true predicate invariant5 (self : Seq.seq t) val invariant5 (self : Seq.seq t) : bool ensures { result = invariant5 self } @@ -988,7 +988,7 @@ module SparseArray_Create val inv5 (_x : Seq.seq t) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../sparse_array.rs" 1 0 1 0] forall x : Seq.seq t . inv5 x = true + axiom inv5 : forall x : Seq.seq t . inv5 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -1011,7 +1011,7 @@ module SparseArray_Create val invariant4 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant4 self } - axiom inv4 : [#"../sparse_array.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv4 x = true + axiom inv4 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv4 x = true predicate invariant3 (self : usize) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : usize) : bool @@ -1021,7 +1021,7 @@ module SparseArray_Create val inv3 (_x : usize) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../sparse_array.rs" 1 0 1 0] forall x : usize . inv3 x = true + axiom inv3 : forall x : usize . inv3 x = true use seq.Seq predicate inv2 (_x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) val inv2 (_x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool @@ -1038,7 +1038,7 @@ module SparseArray_Create val invariant2 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../sparse_array.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv2 x = true + axiom inv2 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv2 x = true use Core_Option_Option_Type as Core_Option_Option_Type use seq.Seq function index_logic2 [@inline:trivial] (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (ix : int) : usize @@ -1088,7 +1088,7 @@ module SparseArray_Create val inv1 (_x : SparseArray_Sparse_Type.t_sparse t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../sparse_array.rs" 1 0 1 0] forall x : SparseArray_Sparse_Type.t_sparse t . inv1 x = (invariant1 x /\ match x with + axiom inv1 : forall x : SparseArray_Sparse_Type.t_sparse t . inv1 x = (invariant1 x /\ match x with | SparseArray_Sparse_Type.C_Sparse size n values idx back -> true end) predicate invariant0 (self : t) @@ -1099,7 +1099,7 @@ module SparseArray_Create val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../sparse_array.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true use seq.Seq val from_elem1 (elem : usize) (n : usize) : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) requires {inv3 elem} @@ -1136,19 +1136,19 @@ module SparseArray_Create BB0 { assert { [@expl:type invariant] inv0 dummy }; assume { resolve0 dummy }; - _6 <- ([#"../sparse_array.rs" 135 37 135 52] from_elem0 dummy sz); + [#"../../../../creusot-contracts/src/lib.rs" 250 8 250 40] _6 <- ([#"../sparse_array.rs" 135 37 135 52] from_elem0 ([#"../sparse_array.rs" 135 42 135 47] dummy) ([#"../sparse_array.rs" 135 49 135 51] sz)); goto BB1 } BB1 { - _9 <- ([#"../sparse_array.rs" 135 59 135 70] from_elem1 ([#"../sparse_array.rs" 135 64 135 65] [#"../sparse_array.rs" 135 64 135 65] (0 : usize)) sz); + [#"../../../../creusot-contracts/src/lib.rs" 250 8 250 40] _9 <- ([#"../sparse_array.rs" 135 59 135 70] from_elem1 ([#"../sparse_array.rs" 135 64 135 65] [#"../sparse_array.rs" 135 64 135 65] (0 : usize)) ([#"../sparse_array.rs" 135 67 135 69] sz)); goto BB2 } BB2 { - _11 <- ([#"../sparse_array.rs" 135 78 135 89] from_elem1 ([#"../sparse_array.rs" 135 83 135 84] [#"../sparse_array.rs" 135 83 135 84] (0 : usize)) sz); + [#"../../../../creusot-contracts/src/lib.rs" 250 8 250 40] _11 <- ([#"../sparse_array.rs" 135 78 135 89] from_elem1 ([#"../sparse_array.rs" 135 83 135 84] [#"../sparse_array.rs" 135 83 135 84] (0 : usize)) ([#"../sparse_array.rs" 135 86 135 88] sz)); goto BB3 } BB3 { - _0 <- ([#"../sparse_array.rs" 135 4 135 91] SparseArray_Sparse_Type.C_Sparse sz ([#"../sparse_array.rs" 135 26 135 27] [#"../sparse_array.rs" 135 26 135 27] (0 : usize)) _6 _9 _11); + [#"../sparse_array.rs" 135 4 135 91] _0 <- ([#"../sparse_array.rs" 135 4 135 91] SparseArray_Sparse_Type.C_Sparse ([#"../sparse_array.rs" 135 19 135 21] sz) ([#"../sparse_array.rs" 135 26 135 27] [#"../sparse_array.rs" 135 26 135 27] (0 : usize)) _6 _9 _11); _6 <- any Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global); _9 <- any Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global); _11 <- any Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global); @@ -1177,7 +1177,7 @@ module SparseArray_F val inv8 (_x : Seq.seq usize) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../sparse_array.rs" 1 0 1 0] forall x : Seq.seq usize . inv8 x = true + axiom inv8 : forall x : Seq.seq usize . inv8 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -1200,7 +1200,7 @@ module SparseArray_F val invariant7 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant7 self } - axiom inv7 : [#"../sparse_array.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv7 x = true + axiom inv7 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv7 x = true use prelude.Int32 predicate invariant6 (self : Seq.seq int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1211,7 +1211,7 @@ module SparseArray_F val inv6 (_x : Seq.seq int32) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../sparse_array.rs" 1 0 1 0] forall x : Seq.seq int32 . inv6 x = true + axiom inv6 : forall x : Seq.seq int32 . inv6 x = true use seq.Seq predicate inv5 (_x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) val inv5 (_x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool @@ -1228,7 +1228,7 @@ module SparseArray_F val invariant5 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant5 self } - axiom inv5 : [#"../sparse_array.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv5 x = true + axiom inv5 : forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv5 x = true use SparseArray_Sparse_Type as SparseArray_Sparse_Type use prelude.Borrow predicate invariant4 (self : borrowed (SparseArray_Sparse_Type.t_sparse int32)) = @@ -1244,7 +1244,7 @@ module SparseArray_F val inv4 (_x : borrowed (SparseArray_Sparse_Type.t_sparse int32)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../sparse_array.rs" 1 0 1 0] forall x : borrowed (SparseArray_Sparse_Type.t_sparse int32) . inv4 x = (inv0 ( * x) /\ inv0 ( ^ x)) + axiom inv4 : forall x : borrowed (SparseArray_Sparse_Type.t_sparse int32) . inv4 x = (inv0 ( * x) /\ inv0 ( ^ x)) use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant3 (self : Core_Option_Option_Type.t_option int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1255,7 +1255,7 @@ module SparseArray_F val inv3 (_x : Core_Option_Option_Type.t_option int32) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../sparse_array.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option int32 . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option int32 . inv3 x = true predicate invariant2 (self : SparseArray_Sparse_Type.t_sparse int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : SparseArray_Sparse_Type.t_sparse int32) : bool @@ -1265,7 +1265,7 @@ module SparseArray_F val inv2 (_x : SparseArray_Sparse_Type.t_sparse int32) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../sparse_array.rs" 1 0 1 0] forall x : SparseArray_Sparse_Type.t_sparse int32 . inv2 x = inv0 x + axiom inv2 : forall x : SparseArray_Sparse_Type.t_sparse int32 . inv2 x = inv0 x predicate invariant1 (self : int32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : int32) : bool @@ -1275,7 +1275,7 @@ module SparseArray_F val inv1 (_x : int32) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../sparse_array.rs" 1 0 1 0] forall x : int32 . inv1 x = true + axiom inv1 : forall x : int32 . inv1 x = true use seq.Seq function index_logic2 [@inline:trivial] (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (ix : int) : usize @@ -1318,7 +1318,7 @@ module SparseArray_F val invariant0 [#"../sparse_array.rs" 49 4 49 30] (self : SparseArray_Sparse_Type.t_sparse int32) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../sparse_array.rs" 1 0 1 0] forall x : SparseArray_Sparse_Type.t_sparse int32 . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : SparseArray_Sparse_Type.t_sparse int32 . inv0 x = (invariant0 x /\ match x with | SparseArray_Sparse_Type.C_Sparse size n values idx back -> true end) use prelude.Int32 @@ -1394,52 +1394,52 @@ module SparseArray_F goto BB0 } BB0 { - default <- ([#"../sparse_array.rs" 141 18 141 19] [#"../sparse_array.rs" 141 18 141 19] (0 : int32)); - a <- ([#"../sparse_array.rs" 142 16 142 35] create0 ([#"../sparse_array.rs" 142 23 142 25] [#"../sparse_array.rs" 142 23 142 25] (10 : usize)) default); + [#"../sparse_array.rs" 141 18 141 19] default <- ([#"../sparse_array.rs" 141 18 141 19] [#"../sparse_array.rs" 141 18 141 19] (0 : int32)); + [#"../sparse_array.rs" 142 16 142 35] a <- ([#"../sparse_array.rs" 142 16 142 35] create0 ([#"../sparse_array.rs" 142 23 142 25] [#"../sparse_array.rs" 142 23 142 25] (10 : usize)) ([#"../sparse_array.rs" 142 27 142 34] default)); goto BB1 } BB1 { - b <- ([#"../sparse_array.rs" 143 16 143 35] create0 ([#"../sparse_array.rs" 143 23 143 25] [#"../sparse_array.rs" 143 23 143 25] (20 : usize)) default); + [#"../sparse_array.rs" 143 16 143 35] b <- ([#"../sparse_array.rs" 143 16 143 35] create0 ([#"../sparse_array.rs" 143 23 143 25] [#"../sparse_array.rs" 143 23 143 25] (20 : usize)) ([#"../sparse_array.rs" 143 27 143 34] default)); goto BB2 } BB2 { - x <- ([#"../sparse_array.rs" 144 16 144 24] get0 ([#"../sparse_array.rs" 144 16 144 24] a) ([#"../sparse_array.rs" 144 22 144 23] [#"../sparse_array.rs" 144 22 144 23] (5 : usize))); + [#"../sparse_array.rs" 144 16 144 24] x <- ([#"../sparse_array.rs" 144 16 144 24] get0 ([#"../sparse_array.rs" 144 16 144 24] a) ([#"../sparse_array.rs" 144 22 144 23] [#"../sparse_array.rs" 144 22 144 23] (5 : usize))); goto BB3 } BB3 { - y <- ([#"../sparse_array.rs" 145 16 145 24] get0 ([#"../sparse_array.rs" 145 16 145 24] b) ([#"../sparse_array.rs" 145 22 145 23] [#"../sparse_array.rs" 145 22 145 23] (7 : usize))); + [#"../sparse_array.rs" 145 16 145 24] y <- ([#"../sparse_array.rs" 145 16 145 24] get0 ([#"../sparse_array.rs" 145 16 145 24] b) ([#"../sparse_array.rs" 145 22 145 23] [#"../sparse_array.rs" 145 22 145 23] (7 : usize))); goto BB4 } BB4 { assert { [@expl:assertion] [#"../sparse_array.rs" 146 18 146 40] x = Core_Option_Option_Type.C_None /\ y = Core_Option_Option_Type.C_None }; - _13 <- Borrow.borrow_mut a; - a <- ^ _13; + [#"../sparse_array.rs" 148 4 148 15] _13 <- Borrow.borrow_mut a; + [#"../sparse_array.rs" 148 4 148 15] a <- ^ _13; assume { inv0 ( ^ _13) }; - _12 <- ([#"../sparse_array.rs" 148 4 148 15] set0 _13 ([#"../sparse_array.rs" 148 10 148 11] [#"../sparse_array.rs" 148 10 148 11] (5 : usize)) ([#"../sparse_array.rs" 148 13 148 14] [#"../sparse_array.rs" 148 13 148 14] (1 : int32))); + [#"../sparse_array.rs" 148 4 148 15] _12 <- ([#"../sparse_array.rs" 148 4 148 15] set0 _13 ([#"../sparse_array.rs" 148 10 148 11] [#"../sparse_array.rs" 148 10 148 11] (5 : usize)) ([#"../sparse_array.rs" 148 13 148 14] [#"../sparse_array.rs" 148 13 148 14] (1 : int32))); _13 <- any borrowed (SparseArray_Sparse_Type.t_sparse int32); goto BB5 } BB5 { - _15 <- Borrow.borrow_mut b; - b <- ^ _15; + [#"../sparse_array.rs" 149 4 149 15] _15 <- Borrow.borrow_mut b; + [#"../sparse_array.rs" 149 4 149 15] b <- ^ _15; assume { inv0 ( ^ _15) }; - _14 <- ([#"../sparse_array.rs" 149 4 149 15] set0 _15 ([#"../sparse_array.rs" 149 10 149 11] [#"../sparse_array.rs" 149 10 149 11] (7 : usize)) ([#"../sparse_array.rs" 149 13 149 14] [#"../sparse_array.rs" 149 13 149 14] (2 : int32))); + [#"../sparse_array.rs" 149 4 149 15] _14 <- ([#"../sparse_array.rs" 149 4 149 15] set0 _15 ([#"../sparse_array.rs" 149 10 149 11] [#"../sparse_array.rs" 149 10 149 11] (7 : usize)) ([#"../sparse_array.rs" 149 13 149 14] [#"../sparse_array.rs" 149 13 149 14] (2 : int32))); _15 <- any borrowed (SparseArray_Sparse_Type.t_sparse int32); goto BB6 } BB6 { - _16 <- ([#"../sparse_array.rs" 150 8 150 16] get0 ([#"../sparse_array.rs" 150 8 150 16] a) ([#"../sparse_array.rs" 150 14 150 15] [#"../sparse_array.rs" 150 14 150 15] (5 : usize))); + [#"../sparse_array.rs" 150 8 150 16] _16 <- ([#"../sparse_array.rs" 150 8 150 16] get0 ([#"../sparse_array.rs" 150 8 150 16] a) ([#"../sparse_array.rs" 150 14 150 15] [#"../sparse_array.rs" 150 14 150 15] (5 : usize))); goto BB7 } BB7 { - x <- _16; - _16 <- any Core_Option_Option_Type.t_option int32; - _18 <- ([#"../sparse_array.rs" 151 8 151 16] get0 ([#"../sparse_array.rs" 151 8 151 16] b) ([#"../sparse_array.rs" 151 14 151 15] [#"../sparse_array.rs" 151 14 151 15] (7 : usize))); + [#"../sparse_array.rs" 150 4 150 16] x <- ([#"../sparse_array.rs" 150 4 150 16] _16); + [#"../sparse_array.rs" 150 4 150 16] _16 <- any Core_Option_Option_Type.t_option int32; + [#"../sparse_array.rs" 151 8 151 16] _18 <- ([#"../sparse_array.rs" 151 8 151 16] get0 ([#"../sparse_array.rs" 151 8 151 16] b) ([#"../sparse_array.rs" 151 14 151 15] [#"../sparse_array.rs" 151 14 151 15] (7 : usize))); goto BB8 } BB8 { - y <- _18; - _18 <- any Core_Option_Option_Type.t_option int32; + [#"../sparse_array.rs" 151 4 151 16] y <- ([#"../sparse_array.rs" 151 4 151 16] _18); + [#"../sparse_array.rs" 151 4 151 16] _18 <- any Core_Option_Option_Type.t_option int32; assert { [@expl:assertion] [#"../sparse_array.rs" 152 18 155 5] match x with | Core_Option_Option_Type.C_None -> false | Core_Option_Option_Type.C_Some z -> shallow_model0 z = 1 @@ -1448,46 +1448,46 @@ module SparseArray_F | Core_Option_Option_Type.C_None -> false | Core_Option_Option_Type.C_Some z -> shallow_model0 z = 2 end }; - _24 <- ([#"../sparse_array.rs" 161 8 161 16] get0 ([#"../sparse_array.rs" 161 8 161 16] a) ([#"../sparse_array.rs" 161 14 161 15] [#"../sparse_array.rs" 161 14 161 15] (7 : usize))); + [#"../sparse_array.rs" 161 8 161 16] _24 <- ([#"../sparse_array.rs" 161 8 161 16] get0 ([#"../sparse_array.rs" 161 8 161 16] a) ([#"../sparse_array.rs" 161 14 161 15] [#"../sparse_array.rs" 161 14 161 15] (7 : usize))); goto BB9 } BB9 { - x <- _24; - _24 <- any Core_Option_Option_Type.t_option int32; - _26 <- ([#"../sparse_array.rs" 162 8 162 16] get0 ([#"../sparse_array.rs" 162 8 162 16] b) ([#"../sparse_array.rs" 162 14 162 15] [#"../sparse_array.rs" 162 14 162 15] (5 : usize))); + [#"../sparse_array.rs" 161 4 161 16] x <- ([#"../sparse_array.rs" 161 4 161 16] _24); + [#"../sparse_array.rs" 161 4 161 16] _24 <- any Core_Option_Option_Type.t_option int32; + [#"../sparse_array.rs" 162 8 162 16] _26 <- ([#"../sparse_array.rs" 162 8 162 16] get0 ([#"../sparse_array.rs" 162 8 162 16] b) ([#"../sparse_array.rs" 162 14 162 15] [#"../sparse_array.rs" 162 14 162 15] (5 : usize))); goto BB10 } BB10 { - y <- _26; - _26 <- any Core_Option_Option_Type.t_option int32; + [#"../sparse_array.rs" 162 4 162 16] y <- ([#"../sparse_array.rs" 162 4 162 16] _26); + [#"../sparse_array.rs" 162 4 162 16] _26 <- any Core_Option_Option_Type.t_option int32; assert { [@expl:assertion] [#"../sparse_array.rs" 163 18 163 40] x = Core_Option_Option_Type.C_None /\ y = Core_Option_Option_Type.C_None }; - _30 <- ([#"../sparse_array.rs" 165 8 165 16] get0 ([#"../sparse_array.rs" 165 8 165 16] a) ([#"../sparse_array.rs" 165 14 165 15] [#"../sparse_array.rs" 165 14 165 15] (0 : usize))); + [#"../sparse_array.rs" 165 8 165 16] _30 <- ([#"../sparse_array.rs" 165 8 165 16] get0 ([#"../sparse_array.rs" 165 8 165 16] a) ([#"../sparse_array.rs" 165 14 165 15] [#"../sparse_array.rs" 165 14 165 15] (0 : usize))); goto BB11 } BB11 { - x <- _30; - _30 <- any Core_Option_Option_Type.t_option int32; - _32 <- ([#"../sparse_array.rs" 166 8 166 16] get0 ([#"../sparse_array.rs" 166 8 166 16] b) ([#"../sparse_array.rs" 166 14 166 15] [#"../sparse_array.rs" 166 14 166 15] (0 : usize))); + [#"../sparse_array.rs" 165 4 165 16] x <- ([#"../sparse_array.rs" 165 4 165 16] _30); + [#"../sparse_array.rs" 165 4 165 16] _30 <- any Core_Option_Option_Type.t_option int32; + [#"../sparse_array.rs" 166 8 166 16] _32 <- ([#"../sparse_array.rs" 166 8 166 16] get0 ([#"../sparse_array.rs" 166 8 166 16] b) ([#"../sparse_array.rs" 166 14 166 15] [#"../sparse_array.rs" 166 14 166 15] (0 : usize))); goto BB12 } BB12 { - y <- _32; - _32 <- any Core_Option_Option_Type.t_option int32; + [#"../sparse_array.rs" 166 4 166 16] y <- ([#"../sparse_array.rs" 166 4 166 16] _32); + [#"../sparse_array.rs" 166 4 166 16] _32 <- any Core_Option_Option_Type.t_option int32; assert { [@expl:assertion] [#"../sparse_array.rs" 167 18 167 40] x = Core_Option_Option_Type.C_None /\ y = Core_Option_Option_Type.C_None }; - _36 <- ([#"../sparse_array.rs" 169 8 169 16] get0 ([#"../sparse_array.rs" 169 8 169 16] a) ([#"../sparse_array.rs" 169 14 169 15] [#"../sparse_array.rs" 169 14 169 15] (9 : usize))); + [#"../sparse_array.rs" 169 8 169 16] _36 <- ([#"../sparse_array.rs" 169 8 169 16] get0 ([#"../sparse_array.rs" 169 8 169 16] a) ([#"../sparse_array.rs" 169 14 169 15] [#"../sparse_array.rs" 169 14 169 15] (9 : usize))); goto BB13 } BB13 { - x <- _36; - _36 <- any Core_Option_Option_Type.t_option int32; - _38 <- ([#"../sparse_array.rs" 170 8 170 16] get0 ([#"../sparse_array.rs" 170 8 170 16] b) ([#"../sparse_array.rs" 170 14 170 15] [#"../sparse_array.rs" 170 14 170 15] (9 : usize))); + [#"../sparse_array.rs" 169 4 169 16] x <- ([#"../sparse_array.rs" 169 4 169 16] _36); + [#"../sparse_array.rs" 169 4 169 16] _36 <- any Core_Option_Option_Type.t_option int32; + [#"../sparse_array.rs" 170 8 170 16] _38 <- ([#"../sparse_array.rs" 170 8 170 16] get0 ([#"../sparse_array.rs" 170 8 170 16] b) ([#"../sparse_array.rs" 170 14 170 15] [#"../sparse_array.rs" 170 14 170 15] (9 : usize))); goto BB14 } BB14 { - y <- _38; - _38 <- any Core_Option_Option_Type.t_option int32; + [#"../sparse_array.rs" 170 4 170 16] y <- ([#"../sparse_array.rs" 170 4 170 16] _38); + [#"../sparse_array.rs" 170 4 170 16] _38 <- any Core_Option_Option_Type.t_option int32; assert { [@expl:assertion] [#"../sparse_array.rs" 171 18 171 40] x = Core_Option_Option_Type.C_None /\ y = Core_Option_Option_Type.C_None }; - _0 <- ([#"../sparse_array.rs" 171 4 171 41] ()); + [#"../sparse_array.rs" 171 4 171 41] _0 <- ([#"../sparse_array.rs" 171 4 171 41] ()); goto BB15 } BB15 { diff --git a/creusot/tests/should_succeed/spec_tests.mlcfg b/creusot/tests/should_succeed/spec_tests.mlcfg index 7b248b0155..a662169771 100644 --- a/creusot/tests/should_succeed/spec_tests.mlcfg +++ b/creusot/tests/should_succeed/spec_tests.mlcfg @@ -25,7 +25,7 @@ module SpecTests_TestSpecs goto BB0 } BB0 { - _0 <- ([#"../spec_tests.rs" 18 20 18 22] ()); + [#"../spec_tests.rs" 18 20 18 22] _0 <- ([#"../spec_tests.rs" 18 20 18 22] ()); return _0 } diff --git a/creusot/tests/should_succeed/specification/division.mlcfg b/creusot/tests/should_succeed/specification/division.mlcfg index 12d824753c..55664b635c 100644 --- a/creusot/tests/should_succeed/specification/division.mlcfg +++ b/creusot/tests/should_succeed/specification/division.mlcfg @@ -15,13 +15,13 @@ module Division_Divide goto BB0 } BB0 { - _5 <- x; - _6 <- ([#"../division.rs" 7 4 7 9] _5 = ([#"../division.rs" 7 4 7 9] [#"../division.rs" 7 4 7 9] (0 : uint32))); + [#"../division.rs" 7 8 7 9] _5 <- ([#"../division.rs" 7 8 7 9] x); + [#"../division.rs" 7 4 7 9] _6 <- ([#"../division.rs" 7 4 7 9] _5 = ([#"../division.rs" 7 4 7 9] [#"../division.rs" 7 4 7 9] (0 : uint32))); assert { [@expl:division by zero] [#"../division.rs" 7 4 7 9] not _6 }; goto BB1 } BB1 { - _0 <- ([#"../division.rs" 7 4 7 9] y / _5); + [#"../division.rs" 7 4 7 9] _0 <- ([#"../division.rs" 7 4 7 9] ([#"../division.rs" 7 4 7 5] y) / _5); _5 <- any uint32; return _0 } diff --git a/creusot/tests/should_succeed/specification/forall.mlcfg b/creusot/tests/should_succeed/specification/forall.mlcfg index a9fdce87f4..f4f9ba2051 100644 --- a/creusot/tests/should_succeed/specification/forall.mlcfg +++ b/creusot/tests/should_succeed/specification/forall.mlcfg @@ -11,7 +11,7 @@ module Forall_F goto BB0 } BB0 { - _0 <- ([#"../forall.rs" 6 11 6 13] ()); + [#"../forall.rs" 6 11 6 13] _0 <- ([#"../forall.rs" 6 11 6 13] ()); return _0 } diff --git a/creusot/tests/should_succeed/specification/logic_call.mlcfg b/creusot/tests/should_succeed/specification/logic_call.mlcfg index 9b1ce4ced7..9f18d949a6 100644 --- a/creusot/tests/should_succeed/specification/logic_call.mlcfg +++ b/creusot/tests/should_succeed/specification/logic_call.mlcfg @@ -16,7 +16,7 @@ module LogicCall_Dummy goto BB0 } BB0 { - _0 <- ([#"../logic_call.rs" 12 4 12 5] [#"../logic_call.rs" 12 4 12 5] (0 : uint32)); + [#"../logic_call.rs" 12 4 12 5] _0 <- ([#"../logic_call.rs" 12 4 12 5] [#"../logic_call.rs" 12 4 12 5] (0 : uint32)); return _0 } diff --git a/creusot/tests/should_succeed/specification/logic_functions.mlcfg b/creusot/tests/should_succeed/specification/logic_functions.mlcfg index 1e91bdf23a..3be1b9abd5 100644 --- a/creusot/tests/should_succeed/specification/logic_functions.mlcfg +++ b/creusot/tests/should_succeed/specification/logic_functions.mlcfg @@ -14,7 +14,7 @@ module LogicFunctions_UseLogic goto BB0 } BB0 { - _0 <- ([#"../logic_functions.rs" 10 19 10 21] ()); + [#"../logic_functions.rs" 10 19 10 21] _0 <- ([#"../logic_functions.rs" 10 19 10 21] ()); return _0 } @@ -34,7 +34,7 @@ module LogicFunctions_UseLogicPearlite goto BB0 } BB0 { - _0 <- ([#"../logic_functions.rs" 19 28 19 30] ()); + [#"../logic_functions.rs" 19 28 19 30] _0 <- ([#"../logic_functions.rs" 19 28 19 30] ()); return _0 } diff --git a/creusot/tests/should_succeed/specification/loops.mlcfg b/creusot/tests/should_succeed/specification/loops.mlcfg index 4019d2b9a4..b94afea8f7 100644 --- a/creusot/tests/should_succeed/specification/loops.mlcfg +++ b/creusot/tests/should_succeed/specification/loops.mlcfg @@ -15,7 +15,7 @@ module Loops_WhileLoopVariant goto BB2 } BB2 { - switch (x) + switch ([#"../loops.rs" 6 10 6 11] x) | False -> goto BB4 | True -> goto BB3 end @@ -24,7 +24,7 @@ module Loops_WhileLoopVariant goto BB1 } BB4 { - _0 <- ([#"../loops.rs" 6 4 6 14] ()); + [#"../loops.rs" 6 4 6 14] _0 <- ([#"../loops.rs" 6 4 6 14] ()); return _0 } diff --git a/creusot/tests/should_succeed/specification/model.mlcfg b/creusot/tests/should_succeed/specification/model.mlcfg index ca953b684e..20fe575c9a 100644 --- a/creusot/tests/should_succeed/specification/model.mlcfg +++ b/creusot/tests/should_succeed/specification/model.mlcfg @@ -68,7 +68,7 @@ module Model_TestArc goto BB1 } BB1 { - _0 <- ([#"../model.rs" 43 42 43 44] ()); + [#"../model.rs" 43 42 43 44] _0 <- ([#"../model.rs" 43 42 43 44] ()); goto BB2 } BB2 { @@ -119,7 +119,7 @@ module Model_TestRc goto BB1 } BB1 { - _0 <- ([#"../model.rs" 46 38 46 40] ()); + [#"../model.rs" 46 38 46 40] _0 <- ([#"../model.rs" 46 38 46 40] ()); goto BB2 } BB2 { diff --git a/creusot/tests/should_succeed/specification/opaque.mlcfg b/creusot/tests/should_succeed/specification/opaque.mlcfg index 58e0dac6a9..f44067afe1 100644 --- a/creusot/tests/should_succeed/specification/opaque.mlcfg +++ b/creusot/tests/should_succeed/specification/opaque.mlcfg @@ -19,7 +19,7 @@ module Opaque_Test BB0 { assert { [@expl:assertion] [#"../opaque.rs" 21 18 21 34] transparent0 () }; assert { [@expl:assertion] [#"../opaque.rs" 22 18 22 40] transparent_crate0 () }; - _0 <- ([#"../opaque.rs" 20 14 23 1] ()); + [#"../opaque.rs" 20 14 23 1] _0 <- ([#"../opaque.rs" 20 14 23 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/specification/trusted.mlcfg b/creusot/tests/should_succeed/specification/trusted.mlcfg index b91d8e757a..0cda691d90 100644 --- a/creusot/tests/should_succeed/specification/trusted.mlcfg +++ b/creusot/tests/should_succeed/specification/trusted.mlcfg @@ -14,7 +14,7 @@ module Trusted_VictimOfLie goto BB0 } BB0 { - _0 <- ([#"../trusted.rs" 19 4 19 9] lie0 ()); + [#"../trusted.rs" 19 4 19 9] _0 <- ([#"../trusted.rs" 19 4 19 9] lie0 ()); goto BB1 } BB1 { diff --git a/creusot/tests/should_succeed/split_borrow.mlcfg b/creusot/tests/should_succeed/split_borrow.mlcfg index c8ca2e18c3..09a9318d74 100644 --- a/creusot/tests/should_succeed/split_borrow.mlcfg +++ b/creusot/tests/should_succeed/split_borrow.mlcfg @@ -7,7 +7,7 @@ module SplitBorrow_Z goto BB0 } BB0 { - _0 <- ([#"../split_borrow.rs" 6 4 6 8] [#"../split_borrow.rs" 6 4 6 8] true); + [#"../split_borrow.rs" 6 4 6 8] _0 <- ([#"../split_borrow.rs" 6 4 6 8] [#"../split_borrow.rs" 6 4 6 8] true); return _0 } @@ -51,10 +51,10 @@ module SplitBorrow_F goto BB0 } BB0 { - x <- ([#"../split_borrow.rs" 10 16 10 36] (([#"../split_borrow.rs" 10 17 10 25] SplitBorrow_MyInt_Type.C_MyInt ([#"../split_borrow.rs" 10 23 10 24] [#"../split_borrow.rs" 10 23 10 24] (1 : usize))), ([#"../split_borrow.rs" 10 27 10 35] SplitBorrow_MyInt_Type.C_MyInt ([#"../split_borrow.rs" 10 33 10 34] [#"../split_borrow.rs" 10 33 10 34] (2 : usize))))); - y <- Borrow.borrow_mut x; - x <- ^ y; - _6 <- ([#"../split_borrow.rs" 13 7 13 10] z0 ()); + [#"../split_borrow.rs" 10 16 10 36] x <- ([#"../split_borrow.rs" 10 16 10 36] (([#"../split_borrow.rs" 10 17 10 25] SplitBorrow_MyInt_Type.C_MyInt ([#"../split_borrow.rs" 10 23 10 24] [#"../split_borrow.rs" 10 23 10 24] (1 : usize))), ([#"../split_borrow.rs" 10 27 10 35] SplitBorrow_MyInt_Type.C_MyInt ([#"../split_borrow.rs" 10 33 10 34] [#"../split_borrow.rs" 10 33 10 34] (2 : usize))))); + [#"../split_borrow.rs" 11 12 11 18] y <- Borrow.borrow_mut x; + [#"../split_borrow.rs" 11 12 11 18] x <- ^ y; + [#"../split_borrow.rs" 13 7 13 10] _6 <- ([#"../split_borrow.rs" 13 7 13 10] z0 ()); goto BB1 } BB1 { @@ -64,19 +64,19 @@ module SplitBorrow_F end } BB2 { - y <- { y with current = (let (x0, x1) = * y in (x0, ([#"../split_borrow.rs" 14 17 14 25] SplitBorrow_MyInt_Type.C_MyInt ([#"../split_borrow.rs" 14 23 14 24] [#"../split_borrow.rs" 14 23 14 24] (4 : usize))))) }; - _5 <- ([#"../split_borrow.rs" 13 11 15 5] ()); + [#"../split_borrow.rs" 14 8 14 25] y <- { y with current = (let (x0, x1) = * y in (x0, ([#"../split_borrow.rs" 14 17 14 25] SplitBorrow_MyInt_Type.C_MyInt ([#"../split_borrow.rs" 14 23 14 24] [#"../split_borrow.rs" 14 23 14 24] (4 : usize))))) }; + [#"../split_borrow.rs" 13 11 15 5] _5 <- ([#"../split_borrow.rs" 13 11 15 5] ()); goto BB4 } BB3 { - y <- { y with current = (let (x0, x1) = * y in (([#"../split_borrow.rs" 16 17 16 26] SplitBorrow_MyInt_Type.C_MyInt ([#"../split_borrow.rs" 16 23 16 25] [#"../split_borrow.rs" 16 23 16 25] (10 : usize))), x1)) }; - _5 <- ([#"../split_borrow.rs" 15 11 17 5] ()); + [#"../split_borrow.rs" 16 8 16 26] y <- { y with current = (let (x0, x1) = * y in (([#"../split_borrow.rs" 16 17 16 26] SplitBorrow_MyInt_Type.C_MyInt ([#"../split_borrow.rs" 16 23 16 25] [#"../split_borrow.rs" 16 23 16 25] (10 : usize))), x1)) }; + [#"../split_borrow.rs" 15 11 17 5] _5 <- ([#"../split_borrow.rs" 15 11 17 5] ()); goto BB4 } BB4 { assume { resolve0 y }; assume { resolve1 x }; - _0 <- ([#"../split_borrow.rs" 9 11 21 1] ()); + [#"../split_borrow.rs" 9 11 21 1] _0 <- ([#"../split_borrow.rs" 9 11 21 1] ()); return _0 } @@ -116,16 +116,16 @@ module SplitBorrow_G goto BB0 } BB0 { - a <- ([#"../split_borrow.rs" 24 16 24 36] (([#"../split_borrow.rs" 24 17 24 25] SplitBorrow_MyInt_Type.C_MyInt ([#"../split_borrow.rs" 24 23 24 24] [#"../split_borrow.rs" 24 23 24 24] (1 : usize))), ([#"../split_borrow.rs" 24 27 24 35] SplitBorrow_MyInt_Type.C_MyInt ([#"../split_borrow.rs" 24 33 24 34] [#"../split_borrow.rs" 24 33 24 34] (2 : usize))))); - x <- Borrow.borrow_mut a; - a <- ^ x; - _z <- Borrow.borrow_mut (let (_, a) = * x in a); - x <- { x with current = (let (x0, x1) = * x in (x0, ^ _z)) }; + [#"../split_borrow.rs" 24 16 24 36] a <- ([#"../split_borrow.rs" 24 16 24 36] (([#"../split_borrow.rs" 24 17 24 25] SplitBorrow_MyInt_Type.C_MyInt ([#"../split_borrow.rs" 24 23 24 24] [#"../split_borrow.rs" 24 23 24 24] (1 : usize))), ([#"../split_borrow.rs" 24 27 24 35] SplitBorrow_MyInt_Type.C_MyInt ([#"../split_borrow.rs" 24 33 24 34] [#"../split_borrow.rs" 24 33 24 34] (2 : usize))))); + [#"../split_borrow.rs" 25 12 25 18] x <- Borrow.borrow_mut a; + [#"../split_borrow.rs" 25 12 25 18] a <- ^ x; + [#"../split_borrow.rs" 27 13 27 21] _z <- Borrow.borrow_mut (let (_, a) = * x in a); + [#"../split_borrow.rs" 27 13 27 21] x <- { x with current = (let (x0, x1) = * x in (x0, ^ _z)) }; assume { resolve0 _z }; - x <- { x with current = (let (x0, x1) = * x in (([#"../split_borrow.rs" 29 13 29 21] SplitBorrow_MyInt_Type.C_MyInt ([#"../split_borrow.rs" 29 19 29 20] [#"../split_borrow.rs" 29 19 29 20] (3 : usize))), x1)) }; + [#"../split_borrow.rs" 29 4 29 21] x <- { x with current = (let (x0, x1) = * x in (([#"../split_borrow.rs" 29 13 29 21] SplitBorrow_MyInt_Type.C_MyInt ([#"../split_borrow.rs" 29 19 29 20] [#"../split_borrow.rs" 29 19 29 20] (3 : usize))), x1)) }; assume { resolve1 x }; assume { resolve2 a }; - _0 <- ([#"../split_borrow.rs" 23 11 32 1] ()); + [#"../split_borrow.rs" 23 11 32 1] _0 <- ([#"../split_borrow.rs" 23 11 32 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/std_types.mlcfg b/creusot/tests/should_succeed/std_types.mlcfg index 5cb93114e6..8517de6b44 100644 --- a/creusot/tests/should_succeed/std_types.mlcfg +++ b/creusot/tests/should_succeed/std_types.mlcfg @@ -23,7 +23,7 @@ module StdTypes_X goto BB0 } BB0 { - _0 <- ([#"../std_types.rs" 5 21 5 23] ()); + [#"../std_types.rs" 5 21 5 23] _0 <- ([#"../std_types.rs" 5 21 5 23] ()); return _0 } diff --git a/creusot/tests/should_succeed/sum.mlcfg b/creusot/tests/should_succeed/sum.mlcfg index 9975369af5..a3c78db1d2 100644 --- a/creusot/tests/should_succeed/sum.mlcfg +++ b/creusot/tests/should_succeed/sum.mlcfg @@ -34,7 +34,7 @@ module Sum_SumFirstN val inv4 (_x : Seq.seq uint32) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../sum.rs" 1 0 1 0] forall x : Seq.seq uint32 . inv4 x = true + axiom inv4 : forall x : Seq.seq uint32 . inv4 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant3 (self : Core_Option_Option_Type.t_option uint32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -45,7 +45,7 @@ module Sum_SumFirstN val inv3 (_x : Core_Option_Option_Type.t_option uint32) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../sum.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option uint32 . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option uint32 . inv3 x = true use Core_Ops_Range_RangeInclusive_Type as Core_Ops_Range_RangeInclusive_Type use prelude.Borrow predicate invariant2 (self : borrowed (Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive uint32)) = @@ -57,7 +57,7 @@ module Sum_SumFirstN val inv2 (_x : borrowed (Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive uint32)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../sum.rs" 1 0 1 0] forall x : borrowed (Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive uint32) . inv2 x = true + axiom inv2 : forall x : borrowed (Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive uint32) . inv2 x = true predicate invariant1 (self : uint32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : uint32) : bool @@ -67,7 +67,7 @@ module Sum_SumFirstN val inv1 (_x : uint32) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../sum.rs" 1 0 1 0] forall x : uint32 . inv1 x = true + axiom inv1 : forall x : uint32 . inv1 x = true use seq.Seq predicate inv0 (_x : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive uint32) val inv0 (_x : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive uint32) : bool @@ -144,7 +144,7 @@ module Sum_SumFirstN val invariant0 (self : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive uint32) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../sum.rs" 1 0 1 0] forall x : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive uint32 . inv0 x = true + axiom inv0 : forall x : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive uint32 . inv0 x = true use prelude.Ghost use seq.Seq predicate resolve0 (self : borrowed (Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive uint32)) = @@ -218,21 +218,21 @@ module Sum_SumFirstN goto BB0 } BB0 { - sum <- ([#"../sum.rs" 7 18 7 19] [#"../sum.rs" 7 18 7 19] (0 : uint32)); - _7 <- ([#"../sum.rs" 9 13 9 18] new0 ([#"../sum.rs" 9 13 9 14] [#"../sum.rs" 9 13 9 14] (1 : uint32)) n); + [#"../sum.rs" 7 18 7 19] sum <- ([#"../sum.rs" 7 18 7 19] [#"../sum.rs" 7 18 7 19] (0 : uint32)); + [#"../sum.rs" 9 13 9 18] _7 <- ([#"../sum.rs" 9 13 9 18] new0 ([#"../sum.rs" 9 13 9 14] [#"../sum.rs" 9 13 9 14] (1 : uint32)) ([#"../sum.rs" 9 17 9 18] n)); goto BB1 } BB1 { - iter <- ([#"../sum.rs" 8 4 8 67] into_iter0 _7); + [#"../sum.rs" 8 4 8 67] iter <- ([#"../sum.rs" 8 4 8 67] into_iter0 _7); _7 <- any Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive uint32; goto BB2 } BB2 { - iter_old <- ([#"../sum.rs" 8 4 8 67] Ghost.new iter); + [#"../sum.rs" 8 4 8 67] iter_old <- ([#"../sum.rs" 8 4 8 67] Ghost.new iter); goto BB3 } BB3 { - produced <- ([#"../sum.rs" 8 4 8 67] Ghost.new (Seq.empty )); + [#"../sum.rs" 8 4 8 67] produced <- ([#"../sum.rs" 8 4 8 67] Ghost.new (Seq.empty )); goto BB4 } BB4 { @@ -245,11 +245,11 @@ module Sum_SumFirstN goto BB6 } BB6 { - _19 <- Borrow.borrow_mut iter; - iter <- ^ _19; - _18 <- Borrow.borrow_mut ( * _19); - _19 <- { _19 with current = ^ _18 }; - _17 <- ([#"../sum.rs" 8 4 8 67] next0 _18); + [#"../sum.rs" 8 4 8 67] _19 <- Borrow.borrow_mut iter; + [#"../sum.rs" 8 4 8 67] iter <- ^ _19; + [#"../sum.rs" 8 4 8 67] _18 <- Borrow.borrow_mut ( * _19); + [#"../sum.rs" 8 4 8 67] _19 <- { _19 with current = ^ _18 }; + [#"../sum.rs" 8 4 8 67] _17 <- ([#"../sum.rs" 8 4 8 67] next0 _18); _18 <- any borrowed (Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive uint32); goto BB7 } @@ -261,25 +261,26 @@ module Sum_SumFirstN end } BB8 { - _0 <- sum; + [#"../sum.rs" 12 4 12 7] _0 <- ([#"../sum.rs" 12 4 12 7] sum); return _0 } BB9 { goto BB11 } BB10 { + assert { [#"../sum.rs" 8 4 8 67] false }; absurd } BB11 { - __creusot_proc_iter_elem <- Core_Option_Option_Type.some_0 _17; - _22 <- ([#"../sum.rs" 8 4 8 67] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); + [#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- ([#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _17); + [#"../sum.rs" 8 4 8 67] _22 <- ([#"../sum.rs" 8 4 8 67] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); goto BB12 } BB12 { - produced <- _22; - _22 <- any Ghost.ghost_ty (Seq.seq uint32); - i <- __creusot_proc_iter_elem; - sum <- ([#"../sum.rs" 10 8 10 16] sum + i); + [#"../sum.rs" 8 4 8 67] produced <- ([#"../sum.rs" 8 4 8 67] _22); + [#"../sum.rs" 8 4 8 67] _22 <- any Ghost.ghost_ty (Seq.seq uint32); + [#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] i <- ([#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem); + [#"../sum.rs" 10 8 10 16] sum <- ([#"../sum.rs" 10 8 10 16] sum + ([#"../sum.rs" 10 15 10 16] i)); goto BB5 } diff --git a/creusot/tests/should_succeed/sum_of_odds.mlcfg b/creusot/tests/should_succeed/sum_of_odds.mlcfg index f5cb129c26..45384b8a50 100644 --- a/creusot/tests/should_succeed/sum_of_odds.mlcfg +++ b/creusot/tests/should_succeed/sum_of_odds.mlcfg @@ -67,7 +67,7 @@ module SumOfOdds_ComputeSumOfOdd val inv3 (_x : Seq.seq uint32) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../sum_of_odds.rs" 1 0 1 0] forall x : Seq.seq uint32 . inv3 x = true + axiom inv3 : forall x : Seq.seq uint32 . inv3 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant2 (self : Core_Option_Option_Type.t_option uint32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -78,7 +78,7 @@ module SumOfOdds_ComputeSumOfOdd val inv2 (_x : Core_Option_Option_Type.t_option uint32) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../sum_of_odds.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option uint32 . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option uint32 . inv2 x = true use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type use prelude.Borrow predicate invariant1 (self : borrowed (Core_Ops_Range_Range_Type.t_range uint32)) = @@ -90,7 +90,7 @@ module SumOfOdds_ComputeSumOfOdd val inv1 (_x : borrowed (Core_Ops_Range_Range_Type.t_range uint32)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../sum_of_odds.rs" 1 0 1 0] forall x : borrowed (Core_Ops_Range_Range_Type.t_range uint32) . inv1 x = true + axiom inv1 : forall x : borrowed (Core_Ops_Range_Range_Type.t_range uint32) . inv1 x = true use seq.Seq predicate inv0 (_x : Core_Ops_Range_Range_Type.t_range uint32) val inv0 (_x : Core_Ops_Range_Range_Type.t_range uint32) : bool @@ -138,7 +138,7 @@ module SumOfOdds_ComputeSumOfOdd val invariant0 (self : Core_Ops_Range_Range_Type.t_range uint32) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../sum_of_odds.rs" 1 0 1 0] forall x : Core_Ops_Range_Range_Type.t_range uint32 . inv0 x = true + axiom inv0 : forall x : Core_Ops_Range_Range_Type.t_range uint32 . inv0 x = true use prelude.Ghost function sqr0 [#"../sum_of_odds.rs" 7 0 7 21] (x : int) : int = [#"../sum_of_odds.rs" 8 4 8 9] x * x @@ -228,16 +228,16 @@ module SumOfOdds_ComputeSumOfOdd goto BB0 } BB0 { - s <- ([#"../sum_of_odds.rs" 37 21 37 22] [#"../sum_of_odds.rs" 37 21 37 22] (0 : uint32)); - iter <- ([#"../sum_of_odds.rs" 38 4 38 50] into_iter0 ([#"../sum_of_odds.rs" 39 13 39 17] Core_Ops_Range_Range_Type.C_Range ([#"../sum_of_odds.rs" 39 13 39 14] [#"../sum_of_odds.rs" 39 13 39 14] (0 : uint32)) x)); + [#"../sum_of_odds.rs" 37 21 37 22] s <- ([#"../sum_of_odds.rs" 37 21 37 22] [#"../sum_of_odds.rs" 37 21 37 22] (0 : uint32)); + [#"../sum_of_odds.rs" 38 4 38 50] iter <- ([#"../sum_of_odds.rs" 38 4 38 50] into_iter0 ([#"../sum_of_odds.rs" 39 13 39 17] Core_Ops_Range_Range_Type.C_Range ([#"../sum_of_odds.rs" 39 13 39 14] [#"../sum_of_odds.rs" 39 13 39 14] (0 : uint32)) ([#"../sum_of_odds.rs" 39 16 39 17] x))); goto BB1 } BB1 { - iter_old <- ([#"../sum_of_odds.rs" 38 4 38 50] Ghost.new iter); + [#"../sum_of_odds.rs" 38 4 38 50] iter_old <- ([#"../sum_of_odds.rs" 38 4 38 50] Ghost.new iter); goto BB2 } BB2 { - produced <- ([#"../sum_of_odds.rs" 38 4 38 50] Ghost.new (Seq.empty )); + [#"../sum_of_odds.rs" 38 4 38 50] produced <- ([#"../sum_of_odds.rs" 38 4 38 50] Ghost.new (Seq.empty )); goto BB3 } BB3 { @@ -250,11 +250,11 @@ module SumOfOdds_ComputeSumOfOdd goto BB5 } BB5 { - _20 <- Borrow.borrow_mut iter; - iter <- ^ _20; - _19 <- Borrow.borrow_mut ( * _20); - _20 <- { _20 with current = ^ _19 }; - _18 <- ([#"../sum_of_odds.rs" 38 4 38 50] next0 _19); + [#"../sum_of_odds.rs" 38 4 38 50] _20 <- Borrow.borrow_mut iter; + [#"../sum_of_odds.rs" 38 4 38 50] iter <- ^ _20; + [#"../sum_of_odds.rs" 38 4 38 50] _19 <- Borrow.borrow_mut ( * _20); + [#"../sum_of_odds.rs" 38 4 38 50] _20 <- { _20 with current = ^ _19 }; + [#"../sum_of_odds.rs" 38 4 38 50] _18 <- ([#"../sum_of_odds.rs" 38 4 38 50] next0 _19); _19 <- any borrowed (Core_Ops_Range_Range_Type.t_range uint32); goto BB6 } @@ -266,26 +266,27 @@ module SumOfOdds_ComputeSumOfOdd end } BB7 { - _0 <- s; + [#"../sum_of_odds.rs" 46 11 46 12] _0 <- ([#"../sum_of_odds.rs" 46 11 46 12] s); return _0 } BB8 { goto BB10 } BB9 { + assert { [#"../sum_of_odds.rs" 38 4 38 50] false }; absurd } BB10 { - __creusot_proc_iter_elem <- Core_Option_Option_Type.some_0 _18; - _23 <- ([#"../sum_of_odds.rs" 38 4 38 50] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); + [#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- ([#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _18); + [#"../sum_of_odds.rs" 38 4 38 50] _23 <- ([#"../sum_of_odds.rs" 38 4 38 50] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); goto BB11 } BB11 { - produced <- _23; - _23 <- any Ghost.ghost_ty (Seq.seq uint32); - i <- __creusot_proc_iter_elem; + [#"../sum_of_odds.rs" 38 4 38 50] produced <- ([#"../sum_of_odds.rs" 38 4 38 50] _23); + [#"../sum_of_odds.rs" 38 4 38 50] _23 <- any Ghost.ghost_ty (Seq.seq uint32); + [#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] i <- ([#"../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem); assert { [@expl:assertion] [#"../sum_of_odds.rs" 41 12 41 33] let _ = sum_of_odd_is_sqr0 (UInt32.to_int i) in true }; - s <- ([#"../sum_of_odds.rs" 44 8 44 22] s + ([#"../sum_of_odds.rs" 44 13 44 22] ([#"../sum_of_odds.rs" 44 13 44 18] ([#"../sum_of_odds.rs" 44 13 44 14] [#"../sum_of_odds.rs" 44 13 44 14] (2 : uint32)) * i) + ([#"../sum_of_odds.rs" 44 21 44 22] [#"../sum_of_odds.rs" 44 21 44 22] (1 : uint32)))); + [#"../sum_of_odds.rs" 44 8 44 22] s <- ([#"../sum_of_odds.rs" 44 8 44 22] s + ([#"../sum_of_odds.rs" 44 13 44 22] ([#"../sum_of_odds.rs" 44 13 44 18] ([#"../sum_of_odds.rs" 44 13 44 14] [#"../sum_of_odds.rs" 44 13 44 14] (2 : uint32)) * ([#"../sum_of_odds.rs" 44 17 44 18] i)) + ([#"../sum_of_odds.rs" 44 21 44 22] [#"../sum_of_odds.rs" 44 21 44 22] (1 : uint32)))); goto BB4 } @@ -339,12 +340,12 @@ module SumOfOdds_Test goto BB0 } BB0 { - y <- ([#"../sum_of_odds.rs" 51 12 51 33] compute_sum_of_odd0 x); + [#"../sum_of_odds.rs" 51 12 51 33] y <- ([#"../sum_of_odds.rs" 51 12 51 33] compute_sum_of_odd0 ([#"../sum_of_odds.rs" 51 31 51 32] x)); goto BB1 } BB1 { assert { [@expl:assertion] [#"../sum_of_odds.rs" 53 8 53 29] let _ = sum_of_odd_is_sqr0 (UInt32.to_int x) in is_square0 (UInt32.to_int y) }; - _0 <- ([#"../sum_of_odds.rs" 52 4 55 5] ()); + [#"../sum_of_odds.rs" 52 4 55 5] _0 <- ([#"../sum_of_odds.rs" 52 4 55 5] ()); return _0 } diff --git a/creusot/tests/should_succeed/swap_borrows.mlcfg b/creusot/tests/should_succeed/swap_borrows.mlcfg index 836c9d886f..709ca72114 100644 --- a/creusot/tests/should_succeed/swap_borrows.mlcfg +++ b/creusot/tests/should_succeed/swap_borrows.mlcfg @@ -9,7 +9,7 @@ module SwapBorrows_Swap val inv0 (_x : (t, t)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../swap_borrows.rs" 1 0 1 0] forall x : (t, t) . inv0 x = true + axiom inv0 : forall x : (t, t) . inv0 x = true predicate resolve1 (self : t) val resolve1 (self : t) : bool ensures { result = resolve1 self } @@ -36,9 +36,9 @@ module SwapBorrows_Swap BB1 { assert { [@expl:type invariant] inv0 x }; assume { resolve0 x }; - _0 <- ([#"../swap_borrows.rs" 6 4 6 14] ((let (_, a) = x in a), (let (a, _) = x in a))); - x <- (let (x0, x1) = x in (x0, any t)); - x <- (let (x0, x1) = x in (any t, x1)); + [#"../swap_borrows.rs" 6 4 6 14] _0 <- ([#"../swap_borrows.rs" 6 4 6 14] (([#"../swap_borrows.rs" 6 5 6 8] let (_, a) = x in a), ([#"../swap_borrows.rs" 6 10 6 13] let (a, _) = x in a))); + [#"../swap_borrows.rs" 6 5 6 8] x <- (let (x0, x1) = x in (x0, any t)); + [#"../swap_borrows.rs" 6 10 6 13] x <- (let (x0, x1) = x in (any t, x1)); goto BB2 } BB2 { @@ -64,7 +64,7 @@ module SwapBorrows_F val inv0 (_x : (borrowed uint32, borrowed uint32)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../swap_borrows.rs" 1 0 1 0] forall x : (borrowed uint32, borrowed uint32) . inv0 x = true + axiom inv0 : forall x : (borrowed uint32, borrowed uint32) . inv0 x = true predicate resolve1 (self : borrowed uint32) = [#"../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve1 (self : borrowed uint32) : bool @@ -105,28 +105,28 @@ module SwapBorrows_F goto BB0 } BB0 { - _3 <- ([#"../swap_borrows.rs" 11 25 11 31] (([#"../swap_borrows.rs" 11 26 11 27] [#"../swap_borrows.rs" 11 26 11 27] (0 : uint32)), ([#"../swap_borrows.rs" 11 29 11 30] [#"../swap_borrows.rs" 11 29 11 30] (0 : uint32)))); - a <- (let (a, _) = _3 in a); - b <- (let (_, a) = _3 in a); + [#"../swap_borrows.rs" 11 25 11 31] _3 <- ([#"../swap_borrows.rs" 11 25 11 31] (([#"../swap_borrows.rs" 11 26 11 27] [#"../swap_borrows.rs" 11 26 11 27] (0 : uint32)), ([#"../swap_borrows.rs" 11 29 11 30] [#"../swap_borrows.rs" 11 29 11 30] (0 : uint32)))); + [#"../swap_borrows.rs" 11 9 11 14] a <- ([#"../swap_borrows.rs" 11 9 11 14] let (a, _) = _3 in a); + [#"../swap_borrows.rs" 11 16 11 21] b <- ([#"../swap_borrows.rs" 11 16 11 21] let (_, a) = _3 in a); assume { resolve0 _3 }; - _6 <- Borrow.borrow_mut a; - a <- ^ _6; - _8 <- Borrow.borrow_mut b; - b <- ^ _8; - _7 <- Borrow.borrow_mut ( * _8); - _8 <- { _8 with current = ^ _7 }; - p <- ([#"../swap_borrows.rs" 12 12 12 34] swap0 ([#"../swap_borrows.rs" 12 17 12 33] (_6, _7))); + [#"../swap_borrows.rs" 12 18 12 24] _6 <- Borrow.borrow_mut a; + [#"../swap_borrows.rs" 12 18 12 24] a <- ^ _6; + [#"../swap_borrows.rs" 12 26 12 32] _8 <- Borrow.borrow_mut b; + [#"../swap_borrows.rs" 12 26 12 32] b <- ^ _8; + [#"../swap_borrows.rs" 12 26 12 32] _7 <- Borrow.borrow_mut ( * _8); + [#"../swap_borrows.rs" 12 26 12 32] _8 <- { _8 with current = ^ _7 }; + [#"../swap_borrows.rs" 12 12 12 34] p <- ([#"../swap_borrows.rs" 12 12 12 34] swap0 ([#"../swap_borrows.rs" 12 17 12 33] (_6, _7))); _6 <- any borrowed uint32; _7 <- any borrowed uint32; goto BB1 } BB1 { assume { resolve1 _8 }; - p <- (let (x0, x1) = p in ({ (let (a, _) = p in a) with current = ([#"../swap_borrows.rs" 13 11 13 13] [#"../swap_borrows.rs" 13 11 13 13] (10 : uint32)) }, x1)); + [#"../swap_borrows.rs" 13 4 13 13] p <- (let (x0, x1) = p in ({ (let (a, _) = p in a) with current = ([#"../swap_borrows.rs" 13 4 13 13] [#"../swap_borrows.rs" 13 11 13 13] (10 : uint32)) }, x1)); assume { resolve2 p }; assert { [@expl:assertion] [#"../swap_borrows.rs" 15 20 15 30] b = (10 : uint32) }; assert { [@expl:assertion] [#"../swap_borrows.rs" 16 20 16 29] a = (0 : uint32) }; - _0 <- ([#"../swap_borrows.rs" 10 11 17 1] ()); + [#"../swap_borrows.rs" 10 11 17 1] _0 <- ([#"../swap_borrows.rs" 10 11 17 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/switch.mlcfg b/creusot/tests/should_succeed/switch.mlcfg index d1b6269369..700e0cee03 100644 --- a/creusot/tests/should_succeed/switch.mlcfg +++ b/creusot/tests/should_succeed/switch.mlcfg @@ -33,15 +33,16 @@ module Switch_Test goto BB4 } BB2 { - _0 <- ([#"../switch.rs" 12 16 12 21] [#"../switch.rs" 12 16 12 21] false); + [#"../switch.rs" 12 16 12 21] _0 <- ([#"../switch.rs" 12 16 12 21] [#"../switch.rs" 12 16 12 21] false); goto BB5 } BB3 { + assert { [#"../switch.rs" 10 10 10 11] false }; absurd } BB4 { - x <- Switch_Option_Type.some_0 o; - _0 <- ([#"../switch.rs" 11 19 11 24] x > ([#"../switch.rs" 11 23 11 24] [#"../switch.rs" 11 23 11 24] (0 : uint32))); + [#"../switch.rs" 11 13 11 14] x <- ([#"../switch.rs" 11 13 11 14] Switch_Option_Type.some_0 o); + [#"../switch.rs" 11 19 11 24] _0 <- ([#"../switch.rs" 11 19 11 24] ([#"../switch.rs" 11 19 11 20] x) > ([#"../switch.rs" 11 23 11 24] [#"../switch.rs" 11 23 11 24] (0 : uint32))); goto BB5 } BB5 { @@ -87,18 +88,19 @@ module Switch_Test2 goto BB4 } BB2 { - _0 <- (let (_, a) = o in a); + [#"../switch.rs" 19 16 19 19] _0 <- ([#"../switch.rs" 19 16 19 19] let (_, a) = o in a); assume { resolve0 o }; goto BB5 } BB3 { assume { resolve0 o }; + assert { [#"../switch.rs" 17 10 17 13] false }; absurd } BB4 { - x <- Switch_Option_Type.some_0 (let (a, _) = o in a); + [#"../switch.rs" 18 13 18 14] x <- ([#"../switch.rs" 18 13 18 14] Switch_Option_Type.some_0 (let (a, _) = o in a)); assume { resolve0 o }; - _0 <- x; + [#"../switch.rs" 18 19 18 20] _0 <- ([#"../switch.rs" 18 19 18 20] x); goto BB5 } BB5 { diff --git a/creusot/tests/should_succeed/switch_struct.mlcfg b/creusot/tests/should_succeed/switch_struct.mlcfg index f2d5194032..49ec529774 100644 --- a/creusot/tests/should_succeed/switch_struct.mlcfg +++ b/creusot/tests/should_succeed/switch_struct.mlcfg @@ -41,16 +41,17 @@ module SwitchStruct_Test goto BB4 } BB2 { - field2 <- SwitchStruct_M_Type.g_field2 o; - _0 <- ([#"../switch_struct.rs" 12 24 12 35] field2 = ([#"../switch_struct.rs" 12 34 12 35] [#"../switch_struct.rs" 12 34 12 35] (0 : uint32))); + [#"../switch_struct.rs" 12 12 12 18] field2 <- ([#"../switch_struct.rs" 12 12 12 18] SwitchStruct_M_Type.g_field2 o); + [#"../switch_struct.rs" 12 24 12 35] _0 <- ([#"../switch_struct.rs" 12 24 12 35] ([#"../switch_struct.rs" 12 24 12 30] field2) = ([#"../switch_struct.rs" 12 34 12 35] [#"../switch_struct.rs" 12 34 12 35] (0 : uint32))); goto BB5 } BB3 { + assert { [#"../switch_struct.rs" 10 10 10 11] false }; absurd } BB4 { - field1 <- SwitchStruct_M_Type.f_field1 o; - _0 <- ([#"../switch_struct.rs" 11 24 11 34] field1 > ([#"../switch_struct.rs" 11 33 11 34] [#"../switch_struct.rs" 11 33 11 34] (0 : uint32))); + [#"../switch_struct.rs" 11 12 11 18] field1 <- ([#"../switch_struct.rs" 11 12 11 18] SwitchStruct_M_Type.f_field1 o); + [#"../switch_struct.rs" 11 24 11 34] _0 <- ([#"../switch_struct.rs" 11 24 11 34] ([#"../switch_struct.rs" 11 24 11 30] field1) > ([#"../switch_struct.rs" 11 33 11 34] [#"../switch_struct.rs" 11 33 11 34] (0 : uint32))); goto BB5 } BB5 { diff --git a/creusot/tests/should_succeed/syntax/01_idents.mlcfg b/creusot/tests/should_succeed/syntax/01_idents.mlcfg index b174582105..f2db50cf1c 100644 --- a/creusot/tests/should_succeed/syntax/01_idents.mlcfg +++ b/creusot/tests/should_succeed/syntax/01_idents.mlcfg @@ -7,7 +7,7 @@ module C01Idents_Clone goto BB0 } BB0 { - _0 <- ([#"../01_idents.rs" 3 15 3 17] ()); + [#"../01_idents.rs" 3 15 3 17] _0 <- ([#"../01_idents.rs" 3 15 3 17] ()); return _0 } @@ -20,7 +20,7 @@ module C01Idents_Function goto BB0 } BB0 { - _0 <- ([#"../01_idents.rs" 5 18 5 20] ()); + [#"../01_idents.rs" 5 18 5 20] _0 <- ([#"../01_idents.rs" 5 18 5 20] ()); return _0 } @@ -33,7 +33,7 @@ module C01Idents_Import goto BB0 } BB0 { - _0 <- ([#"../01_idents.rs" 7 16 7 18] ()); + [#"../01_idents.rs" 7 16 7 18] _0 <- ([#"../01_idents.rs" 7 16 7 18] ()); return _0 } @@ -46,7 +46,7 @@ module C01Idents_Export goto BB0 } BB0 { - _0 <- ([#"../01_idents.rs" 9 16 9 18] ()); + [#"../01_idents.rs" 9 16 9 18] _0 <- ([#"../01_idents.rs" 9 16 9 18] ()); return _0 } @@ -59,7 +59,7 @@ module C01Idents_Result goto BB0 } BB0 { - _0 <- ([#"../01_idents.rs" 11 16 11 18] ()); + [#"../01_idents.rs" 11 16 11 18] _0 <- ([#"../01_idents.rs" 11 16 11 18] ()); return _0 } diff --git a/creusot/tests/should_succeed/syntax/02_operators.mlcfg b/creusot/tests/should_succeed/syntax/02_operators.mlcfg index e51f7bc411..1417306221 100644 --- a/creusot/tests/should_succeed/syntax/02_operators.mlcfg +++ b/creusot/tests/should_succeed/syntax/02_operators.mlcfg @@ -16,13 +16,13 @@ module C02Operators_Division goto BB0 } BB0 { - _5 <- y; - _6 <- ([#"../02_operators.rs" 9 4 9 9] _5 = ([#"../02_operators.rs" 9 4 9 9] [#"../02_operators.rs" 9 4 9 9] (0 : usize))); + [#"../02_operators.rs" 9 8 9 9] _5 <- ([#"../02_operators.rs" 9 8 9 9] y); + [#"../02_operators.rs" 9 4 9 9] _6 <- ([#"../02_operators.rs" 9 4 9 9] _5 = ([#"../02_operators.rs" 9 4 9 9] [#"../02_operators.rs" 9 4 9 9] (0 : usize))); assert { [@expl:division by zero] [#"../02_operators.rs" 9 4 9 9] not _6 }; goto BB1 } BB1 { - _0 <- ([#"../02_operators.rs" 9 4 9 9] x / _5); + [#"../02_operators.rs" 9 4 9 9] _0 <- ([#"../02_operators.rs" 9 4 9 9] ([#"../02_operators.rs" 9 4 9 5] x) / _5); _5 <- any usize; return _0 } @@ -45,13 +45,13 @@ module C02Operators_Modulus goto BB0 } BB0 { - _5 <- y; - _6 <- ([#"../02_operators.rs" 24 4 24 9] _5 = ([#"../02_operators.rs" 24 4 24 9] [#"../02_operators.rs" 24 4 24 9] (0 : usize))); + [#"../02_operators.rs" 24 8 24 9] _5 <- ([#"../02_operators.rs" 24 8 24 9] y); + [#"../02_operators.rs" 24 4 24 9] _6 <- ([#"../02_operators.rs" 24 4 24 9] _5 = ([#"../02_operators.rs" 24 4 24 9] [#"../02_operators.rs" 24 4 24 9] (0 : usize))); assert { [@expl:remainder by zero] [#"../02_operators.rs" 24 4 24 9] not _6 }; goto BB1 } BB1 { - _0 <- ([#"../02_operators.rs" 24 4 24 9] x % _5); + [#"../02_operators.rs" 24 4 24 9] _0 <- ([#"../02_operators.rs" 24 4 24 9] ([#"../02_operators.rs" 24 4 24 5] x) % _5); _5 <- any usize; return _0 } @@ -74,7 +74,7 @@ module C02Operators_Multiply goto BB0 } BB0 { - _0 <- ([#"../02_operators.rs" 39 4 39 9] x * y); + [#"../02_operators.rs" 39 4 39 9] _0 <- ([#"../02_operators.rs" 39 4 39 9] ([#"../02_operators.rs" 39 4 39 5] x) * ([#"../02_operators.rs" 39 8 39 9] y)); return _0 } @@ -96,7 +96,7 @@ module C02Operators_Add goto BB0 } BB0 { - _0 <- ([#"../02_operators.rs" 49 4 49 9] x + y); + [#"../02_operators.rs" 49 4 49 9] _0 <- ([#"../02_operators.rs" 49 4 49 9] ([#"../02_operators.rs" 49 4 49 5] x) + ([#"../02_operators.rs" 49 8 49 9] y)); return _0 } @@ -116,7 +116,7 @@ module C02Operators_Sub goto BB0 } BB0 { - _0 <- ([#"../02_operators.rs" 64 4 64 9] x - y); + [#"../02_operators.rs" 64 4 64 9] _0 <- ([#"../02_operators.rs" 64 4 64 9] ([#"../02_operators.rs" 64 4 64 5] x) - ([#"../02_operators.rs" 64 8 64 9] y)); return _0 } @@ -145,19 +145,19 @@ module C02Operators_Expression goto BB0 } BB0 { - _10 <- y; - _11 <- ([#"../02_operators.rs" 78 4 78 9] _10 = ([#"../02_operators.rs" 78 4 78 9] [#"../02_operators.rs" 78 4 78 9] (0 : usize))); + [#"../02_operators.rs" 78 8 78 9] _10 <- ([#"../02_operators.rs" 78 8 78 9] y); + [#"../02_operators.rs" 78 4 78 9] _11 <- ([#"../02_operators.rs" 78 4 78 9] _10 = ([#"../02_operators.rs" 78 4 78 9] [#"../02_operators.rs" 78 4 78 9] (0 : usize))); assert { [@expl:division by zero] [#"../02_operators.rs" 78 4 78 9] not _11 }; goto BB1 } BB1 { - _16 <- y; - _17 <- ([#"../02_operators.rs" 78 17 78 24] _16 = ([#"../02_operators.rs" 78 17 78 24] [#"../02_operators.rs" 78 17 78 24] (0 : usize))); + [#"../02_operators.rs" 78 22 78 23] _16 <- ([#"../02_operators.rs" 78 22 78 23] y); + [#"../02_operators.rs" 78 17 78 24] _17 <- ([#"../02_operators.rs" 78 17 78 24] _16 = ([#"../02_operators.rs" 78 17 78 24] [#"../02_operators.rs" 78 17 78 24] (0 : usize))); assert { [@expl:division by zero] [#"../02_operators.rs" 78 17 78 24] not _17 }; goto BB2 } BB2 { - _0 <- ([#"../02_operators.rs" 78 4 78 28] ([#"../02_operators.rs" 78 4 78 13] ([#"../02_operators.rs" 78 4 78 9] x / _10) * z) = ([#"../02_operators.rs" 78 17 78 28] ([#"../02_operators.rs" 78 17 78 24] x / _16) * z)); + [#"../02_operators.rs" 78 4 78 28] _0 <- ([#"../02_operators.rs" 78 4 78 28] ([#"../02_operators.rs" 78 4 78 13] ([#"../02_operators.rs" 78 4 78 9] ([#"../02_operators.rs" 78 4 78 5] x) / _10) * ([#"../02_operators.rs" 78 12 78 13] z)) = ([#"../02_operators.rs" 78 17 78 28] ([#"../02_operators.rs" 78 17 78 24] ([#"../02_operators.rs" 78 18 78 19] x) / _16) * ([#"../02_operators.rs" 78 27 78 28] z))); _10 <- any usize; _16 <- any usize; return _0 @@ -196,7 +196,7 @@ module C02Operators_PrimitiveComparison goto BB0 } BB0 { - _0 <- ([#"../02_operators.rs" 92 30 92 32] ()); + [#"../02_operators.rs" 92 30 92 32] _0 <- ([#"../02_operators.rs" 92 30 92 32] ()); return _0 } @@ -214,7 +214,7 @@ module C02Operators_BoolEq goto BB0 } BB0 { - _0 <- ([#"../02_operators.rs" 96 4 96 10] Bool.eqb a b); + [#"../02_operators.rs" 96 4 96 10] _0 <- ([#"../02_operators.rs" 96 4 96 10] Bool.eqb ([#"../02_operators.rs" 96 4 96 5] a) ([#"../02_operators.rs" 96 9 96 10] b)); return _0 } @@ -229,7 +229,7 @@ module C02Operators_OldTest goto BB0 } BB0 { - _0 <- ([#"../02_operators.rs" 100 21 100 23] ()); + [#"../02_operators.rs" 100 21 100 23] _0 <- ([#"../02_operators.rs" 100 21 100 23] ()); return _0 } diff --git a/creusot/tests/should_succeed/syntax/04_assoc_prec.mlcfg b/creusot/tests/should_succeed/syntax/04_assoc_prec.mlcfg index e6ce048f76..c5083b7d7b 100644 --- a/creusot/tests/should_succeed/syntax/04_assoc_prec.mlcfg +++ b/creusot/tests/should_succeed/syntax/04_assoc_prec.mlcfg @@ -25,7 +25,7 @@ module C04AssocPrec_RespectPrec } BB0 { assume { resolve0 x }; - _0 <- ([#"../04_assoc_prec.rs" 10 35 10 37] ()); + [#"../04_assoc_prec.rs" 10 35 10 37] _0 <- ([#"../04_assoc_prec.rs" 10 35 10 37] ()); return _0 } @@ -41,7 +41,7 @@ module C04AssocPrec_RespectAssoc goto BB0 } BB0 { - _0 <- ([#"../04_assoc_prec.rs" 13 23 13 25] ()); + [#"../04_assoc_prec.rs" 13 23 13 25] _0 <- ([#"../04_assoc_prec.rs" 13 23 13 25] ()); return _0 } diff --git a/creusot/tests/should_succeed/syntax/05_annotations.mlcfg b/creusot/tests/should_succeed/syntax/05_annotations.mlcfg index 9a469bbeb5..78a410f58d 100644 --- a/creusot/tests/should_succeed/syntax/05_annotations.mlcfg +++ b/creusot/tests/should_succeed/syntax/05_annotations.mlcfg @@ -9,7 +9,7 @@ module C05Annotations_Assertion val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../05_annotations.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true predicate resolve0 (self : t) val resolve0 (self : t) : bool ensures { result = resolve0 self } @@ -30,7 +30,7 @@ module C05Annotations_Assertion goto BB1 } BB1 { - _0 <- ([#"../05_annotations.rs" 5 26 7 1] ()); + [#"../05_annotations.rs" 5 26 7 1] _0 <- ([#"../05_annotations.rs" 5 26 7 1] ()); goto BB2 } BB2 { diff --git a/creusot/tests/should_succeed/syntax/05_pearlite.mlcfg b/creusot/tests/should_succeed/syntax/05_pearlite.mlcfg index 7506269e2b..eb3204e314 100644 --- a/creusot/tests/should_succeed/syntax/05_pearlite.mlcfg +++ b/creusot/tests/should_succeed/syntax/05_pearlite.mlcfg @@ -11,7 +11,7 @@ module C05Pearlite_HasLen3_Impl val inv1 (_x : Seq.seq uint32) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../05_pearlite.rs" 1 0 1 0] forall x : Seq.seq uint32 . inv1 x = true + axiom inv1 : forall x : Seq.seq uint32 . inv1 x = true use prelude.Slice predicate invariant0 (self : slice uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -22,7 +22,7 @@ module C05Pearlite_HasLen3_Impl val inv0 (_x : slice uint32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../05_pearlite.rs" 1 0 1 0] forall x : slice uint32 . inv0 x = true + axiom inv0 : forall x : slice uint32 . inv0 x = true use prelude.Int use prelude.Borrow use seq.Seq @@ -68,7 +68,7 @@ module C05Pearlite_StructInPearlite goto BB0 } BB0 { - _0 <- ([#"../05_pearlite.rs" 24 32 24 34] ()); + [#"../05_pearlite.rs" 24 32 24 34] _0 <- ([#"../05_pearlite.rs" 24 32 24 34] ()); return _0 } @@ -93,7 +93,7 @@ module C05Pearlite_StructOrder goto BB0 } BB0 { - _0 <- ([#"../05_pearlite.rs" 32 26 32 28] ()); + [#"../05_pearlite.rs" 32 26 32 28] _0 <- ([#"../05_pearlite.rs" 32 26 32 28] ()); return _0 } @@ -113,11 +113,11 @@ module C05Pearlite_GhostClosure goto BB0 } BB0 { - _x <- ([#"../05_pearlite.rs" 49 13 49 32] Ghost.new (Mapping.from_fn (fun (a : uint32) -> a))); + [#"../05_pearlite.rs" 49 13 49 32] _x <- ([#"../05_pearlite.rs" 49 13 49 32] Ghost.new (Mapping.from_fn (fun (a : uint32) -> a))); goto BB1 } BB1 { - _0 <- ([#"../05_pearlite.rs" 48 23 50 1] ()); + [#"../05_pearlite.rs" 48 23 50 1] _0 <- ([#"../05_pearlite.rs" 48 23 50 1] ()); return _0 } @@ -135,7 +135,7 @@ module C05Pearlite_PearliteClosure goto BB0 } BB0 { - _0 <- ([#"../05_pearlite.rs" 52 55 52 57] ()); + [#"../05_pearlite.rs" 52 55 52 57] _0 <- ([#"../05_pearlite.rs" 52 55 52 57] ()); return _0 } @@ -157,16 +157,16 @@ module C05Pearlite_Caller goto BB0 } BB0 { - _2 <- ([#"../05_pearlite.rs" 55 21 55 38] Ghost.new (Mapping.from_fn (fun (_a : uint32) -> true))); + [#"../05_pearlite.rs" 55 21 55 38] _2 <- ([#"../05_pearlite.rs" 55 21 55 38] Ghost.new (Mapping.from_fn (fun (_a : uint32) -> true))); goto BB1 } BB1 { - _1 <- ([#"../05_pearlite.rs" 55 4 55 39] pearlite_closure0 _2); + [#"../05_pearlite.rs" 55 4 55 39] _1 <- ([#"../05_pearlite.rs" 55 4 55 39] pearlite_closure0 _2); _2 <- any Ghost.ghost_ty (Map.map uint32 bool); goto BB2 } BB2 { - _0 <- ([#"../05_pearlite.rs" 54 16 56 1] ()); + [#"../05_pearlite.rs" 54 16 56 1] _0 <- ([#"../05_pearlite.rs" 54 16 56 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/syntax/07_extern_spec.mlcfg b/creusot/tests/should_succeed/syntax/07_extern_spec.mlcfg index 55c8f08896..c1687a288a 100644 --- a/creusot/tests/should_succeed/syntax/07_extern_spec.mlcfg +++ b/creusot/tests/should_succeed/syntax/07_extern_spec.mlcfg @@ -9,7 +9,7 @@ module C07ExternSpec_Impl0_Func goto BB0 } BB0 { - _0 <- ([#"../07_extern_spec.rs" 12 8 12 12] [#"../07_extern_spec.rs" 12 8 12 12] true); + [#"../07_extern_spec.rs" 12 8 12 12] _0 <- ([#"../07_extern_spec.rs" 12 8 12 12] [#"../07_extern_spec.rs" 12 8 12 12] true); return _0 } diff --git a/creusot/tests/should_succeed/syntax/09_maintains.mlcfg b/creusot/tests/should_succeed/syntax/09_maintains.mlcfg index 0e8a1ad909..bf775481c0 100644 --- a/creusot/tests/should_succeed/syntax/09_maintains.mlcfg +++ b/creusot/tests/should_succeed/syntax/09_maintains.mlcfg @@ -23,7 +23,7 @@ module C09Maintains_Test1 goto BB0 } BB0 { - _0 <- ([#"../09_maintains.rs" 28 37 28 39] ()); + [#"../09_maintains.rs" 28 37 28 39] _0 <- ([#"../09_maintains.rs" 28 37 28 39] ()); return _0 } @@ -55,7 +55,7 @@ module C09Maintains_Test2 } BB0 { assume { resolve0 a }; - _0 <- ([#"../09_maintains.rs" 31 42 31 44] ()); + [#"../09_maintains.rs" 31 42 31 44] _0 <- ([#"../09_maintains.rs" 31 42 31 44] ()); return _0 } @@ -94,7 +94,7 @@ module C09Maintains_Test3 BB0 { assume { resolve0 b }; assume { resolve1 a }; - _0 <- ([#"../09_maintains.rs" 34 47 34 49] ()); + [#"../09_maintains.rs" 34 47 34 49] _0 <- ([#"../09_maintains.rs" 34 47 34 49] ()); return _0 } @@ -119,7 +119,7 @@ module C09Maintains_Test5 goto BB0 } BB0 { - _0 <- ([#"../09_maintains.rs" 37 30 37 32] ()); + [#"../09_maintains.rs" 37 30 37 32] _0 <- ([#"../09_maintains.rs" 37 30 37 32] ()); return _0 } @@ -141,7 +141,7 @@ module C09Maintains_Test6 goto BB0 } BB0 { - _0 <- ([#"../09_maintains.rs" 40 29 40 31] ()); + [#"../09_maintains.rs" 40 29 40 31] _0 <- ([#"../09_maintains.rs" 40 29 40 31] ()); return _0 } diff --git a/creusot/tests/should_succeed/syntax/10_mutual_rec_types.mlcfg b/creusot/tests/should_succeed/syntax/10_mutual_rec_types.mlcfg index e05549cdd1..6a96c69f4e 100644 --- a/creusot/tests/should_succeed/syntax/10_mutual_rec_types.mlcfg +++ b/creusot/tests/should_succeed/syntax/10_mutual_rec_types.mlcfg @@ -46,7 +46,7 @@ module C10MutualRecTypes_UseTree goto BB0 } BB0 { - _0 <- ([#"../10_mutual_rec_types.rs" 13 26 13 28] ()); + [#"../10_mutual_rec_types.rs" 13 26 13 28] _0 <- ([#"../10_mutual_rec_types.rs" 13 26 13 28] ()); return _0 } @@ -69,7 +69,7 @@ module C10MutualRecTypes_Impl0_Height val inv0 (_x : uint64) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../10_mutual_rec_types.rs" 1 0 1 0] forall x : uint64 . inv0 x = true + axiom inv0 : forall x : uint64 . inv0 x = true use prelude.Borrow use prelude.Int use int.Int @@ -117,29 +117,30 @@ module C10MutualRecTypes_Impl0_Height goto BB4 } BB2 { - n <- ([#"../10_mutual_rec_types.rs" 19 22 19 23] Core_Option_Option_Type.some_0 (C10MutualRecTypes_Tree_Type.tree_0 self)); - _5 <- ([#"../10_mutual_rec_types.rs" 19 29 19 44] height ([#"../10_mutual_rec_types.rs" 19 29 19 44] C10MutualRecTypes_Node_Type.node_left n)); + [#"../10_mutual_rec_types.rs" 19 22 19 23] n <- ([#"../10_mutual_rec_types.rs" 19 22 19 23] Core_Option_Option_Type.some_0 (C10MutualRecTypes_Tree_Type.tree_0 self)); + [#"../10_mutual_rec_types.rs" 19 29 19 44] _5 <- ([#"../10_mutual_rec_types.rs" 19 29 19 44] height ([#"../10_mutual_rec_types.rs" 19 29 19 44] C10MutualRecTypes_Node_Type.node_left n)); goto BB5 } BB3 { + assert { [#"../10_mutual_rec_types.rs" 17 14 17 18] false }; absurd } BB4 { - _0 <- ([#"../10_mutual_rec_types.rs" 18 26 18 27] [#"../10_mutual_rec_types.rs" 18 26 18 27] (0 : uint64)); + [#"../10_mutual_rec_types.rs" 18 26 18 27] _0 <- ([#"../10_mutual_rec_types.rs" 18 26 18 27] [#"../10_mutual_rec_types.rs" 18 26 18 27] (0 : uint64)); goto BB8 } BB5 { - _7 <- ([#"../10_mutual_rec_types.rs" 19 49 19 65] height ([#"../10_mutual_rec_types.rs" 19 49 19 65] C10MutualRecTypes_Node_Type.node_right n)); + [#"../10_mutual_rec_types.rs" 19 49 19 65] _7 <- ([#"../10_mutual_rec_types.rs" 19 49 19 65] height ([#"../10_mutual_rec_types.rs" 19 49 19 65] C10MutualRecTypes_Node_Type.node_right n)); goto BB6 } BB6 { - _4 <- ([#"../10_mutual_rec_types.rs" 19 29 19 66] max0 _5 _7); + [#"../10_mutual_rec_types.rs" 19 29 19 66] _4 <- ([#"../10_mutual_rec_types.rs" 19 29 19 66] max0 _5 _7); _5 <- any uint64; _7 <- any uint64; goto BB7 } BB7 { - _0 <- ([#"../10_mutual_rec_types.rs" 19 29 19 70] _4 + ([#"../10_mutual_rec_types.rs" 19 69 19 70] [#"../10_mutual_rec_types.rs" 19 69 19 70] (1 : uint64))); + [#"../10_mutual_rec_types.rs" 19 29 19 70] _0 <- ([#"../10_mutual_rec_types.rs" 19 29 19 70] _4 + ([#"../10_mutual_rec_types.rs" 19 69 19 70] [#"../10_mutual_rec_types.rs" 19 69 19 70] (1 : uint64))); _4 <- any uint64; goto BB8 } diff --git a/creusot/tests/should_succeed/syntax/11_array_types.mlcfg b/creusot/tests/should_succeed/syntax/11_array_types.mlcfg index 3893bf876c..395084c784 100644 --- a/creusot/tests/should_succeed/syntax/11_array_types.mlcfg +++ b/creusot/tests/should_succeed/syntax/11_array_types.mlcfg @@ -41,15 +41,15 @@ module C11ArrayTypes_Omg goto BB0 } BB0 { - _3 <- ([#"../11_array_types.rs" 9 8 9 9] [#"../11_array_types.rs" 9 8 9 9] (0 : usize)); - _5 <- ([#"../11_array_types.rs" 9 4 9 10] _3 < ([#"../11_array_types.rs" 9 4 9 10] Slice.length (C11ArrayTypes_UsesArray_Type.usesarray_0 x))); + [#"../11_array_types.rs" 9 8 9 9] _3 <- ([#"../11_array_types.rs" 9 8 9 9] [#"../11_array_types.rs" 9 8 9 9] (0 : usize)); + [#"../11_array_types.rs" 9 4 9 10] _5 <- ([#"../11_array_types.rs" 9 4 9 10] _3 < ([#"../11_array_types.rs" 9 4 9 10] Slice.length (C11ArrayTypes_UsesArray_Type.usesarray_0 x))); assert { [@expl:index in bounds] [#"../11_array_types.rs" 9 4 9 10] _5 }; goto BB1 } BB1 { - x <- (let C11ArrayTypes_UsesArray_Type.C_UsesArray x0 = x in C11ArrayTypes_UsesArray_Type.C_UsesArray (Slice.set (C11ArrayTypes_UsesArray_Type.usesarray_0 x) _3 ([#"../11_array_types.rs" 9 13 9 14] [#"../11_array_types.rs" 9 13 9 14] (5 : int64)))); + [#"../11_array_types.rs" 9 4 9 14] x <- (let C11ArrayTypes_UsesArray_Type.C_UsesArray x0 = x in C11ArrayTypes_UsesArray_Type.C_UsesArray (Slice.set (C11ArrayTypes_UsesArray_Type.usesarray_0 x) _3 ([#"../11_array_types.rs" 9 4 9 14] [#"../11_array_types.rs" 9 13 9 14] (5 : int64)))); assert { [@expl:assertion] [#"../11_array_types.rs" 11 20 11 32] Int64.to_int (index_logic0 (C11ArrayTypes_UsesArray_Type.usesarray_0 x) 0) = 5 }; - _0 <- ([#"../11_array_types.rs" 8 29 12 1] ()); + [#"../11_array_types.rs" 8 29 12 1] _0 <- ([#"../11_array_types.rs" 8 29 12 1] ()); return _0 } @@ -76,8 +76,8 @@ module C11ArrayTypes_CallOmg goto BB0 } BB0 { - arr <- ([#"../11_array_types.rs" 15 14 15 24] Slice.create ([#"../11_array_types.rs" 15 14 15 24] [#"../11_array_types.rs" 15 14 15 24] (5 : usize)) (fun _ -> [#"../11_array_types.rs" 15 15 15 20] [#"../11_array_types.rs" 15 15 15 20] (3 : int64))); - _0 <- ([#"../11_array_types.rs" 16 4 16 23] omg0 ([#"../11_array_types.rs" 16 8 16 22] C11ArrayTypes_UsesArray_Type.C_UsesArray arr)); + [#"../11_array_types.rs" 15 14 15 24] arr <- ([#"../11_array_types.rs" 15 14 15 24] Slice.create ([#"../11_array_types.rs" 15 14 15 24] [#"../11_array_types.rs" 15 14 15 24] (5 : usize)) (fun _ -> [#"../11_array_types.rs" 15 15 15 20] [#"../11_array_types.rs" 15 15 15 20] (3 : int64))); + [#"../11_array_types.rs" 16 4 16 23] _0 <- ([#"../11_array_types.rs" 16 4 16 23] omg0 ([#"../11_array_types.rs" 16 8 16 22] C11ArrayTypes_UsesArray_Type.C_UsesArray ([#"../11_array_types.rs" 16 18 16 21] arr))); goto BB1 } BB1 { diff --git a/creusot/tests/should_succeed/syntax/12_ghost_code.mlcfg b/creusot/tests/should_succeed/syntax/12_ghost_code.mlcfg index ebc02d96f6..71dc793b92 100644 --- a/creusot/tests/should_succeed/syntax/12_ghost_code.mlcfg +++ b/creusot/tests/should_succeed/syntax/12_ghost_code.mlcfg @@ -15,11 +15,11 @@ module C12GhostCode_GhostArg goto BB0 } BB0 { - _x <- ([#"../12_ghost_code.rs" 5 25 5 35] Ghost.new (Ghost.inner g)); + [#"../12_ghost_code.rs" 5 25 5 35] _x <- ([#"../12_ghost_code.rs" 5 25 5 35] Ghost.new (Ghost.inner g)); goto BB1 } BB1 { - _0 <- ([#"../12_ghost_code.rs" 4 32 6 1] ()); + [#"../12_ghost_code.rs" 4 32 6 1] _0 <- ([#"../12_ghost_code.rs" 4 32 6 1] ()); return _0 } @@ -75,7 +75,7 @@ module C12GhostCode_GhostVec val inv1 (_x : Seq.seq uint32) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../12_ghost_code.rs" 1 0 1 0] forall x : Seq.seq uint32 . inv1 x = true + axiom inv1 : forall x : Seq.seq uint32 . inv1 x = true use prelude.UIntSize use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -99,7 +99,7 @@ module C12GhostCode_GhostVec val invariant0 (self : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../12_ghost_code.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use prelude.Ghost use prelude.Ghost predicate resolve1 (self : uint32) = @@ -133,16 +133,16 @@ module C12GhostCode_GhostVec goto BB0 } BB0 { - x <- ([#"../12_ghost_code.rs" 9 22 9 32] new0 ()); + [#"../12_ghost_code.rs" 9 22 9 32] x <- ([#"../12_ghost_code.rs" 9 22 9 32] new0 ()); goto BB1 } BB1 { assume { resolve0 x }; - _s <- ([#"../12_ghost_code.rs" 10 32 10 41] Ghost.new x); + [#"../12_ghost_code.rs" 10 32 10 41] _s <- ([#"../12_ghost_code.rs" 10 32 10 41] Ghost.new x); goto BB2 } BB2 { - _0 <- ([#"../12_ghost_code.rs" 8 19 11 1] ()); + [#"../12_ghost_code.rs" 8 19 11 1] _0 <- ([#"../12_ghost_code.rs" 8 19 11 1] ()); goto BB3 } BB3 { @@ -169,18 +169,18 @@ module C12GhostCode_GhostCopy goto BB0 } BB0 { - a <- ([#"../12_ghost_code.rs" 18 12 18 13] [#"../12_ghost_code.rs" 18 12 18 13] (0 : int32)); - _s <- ([#"../12_ghost_code.rs" 19 17 19 46] Ghost.new (Seq.snoc (Seq.empty ) (0 : int32))); + [#"../12_ghost_code.rs" 18 12 18 13] a <- ([#"../12_ghost_code.rs" 18 12 18 13] [#"../12_ghost_code.rs" 18 12 18 13] (0 : int32)); + [#"../12_ghost_code.rs" 19 17 19 46] _s <- ([#"../12_ghost_code.rs" 19 17 19 46] Ghost.new (Seq.snoc (Seq.empty ) (0 : int32))); goto BB1 } BB1 { - _4 <- ([#"../12_ghost_code.rs" 20 9 20 27] Ghost.new (Seq.snoc (Ghost.inner _s) a)); + [#"../12_ghost_code.rs" 20 9 20 27] _4 <- ([#"../12_ghost_code.rs" 20 9 20 27] Ghost.new (Seq.snoc (Ghost.inner _s) a)); goto BB2 } BB2 { - _s <- _4; - _4 <- any Ghost.ghost_ty (Seq.seq int32); - _0 <- ([#"../12_ghost_code.rs" 17 20 21 1] ()); + [#"../12_ghost_code.rs" 20 4 20 27] _s <- ([#"../12_ghost_code.rs" 20 4 20 27] _4); + [#"../12_ghost_code.rs" 20 4 20 27] _4 <- any Ghost.ghost_ty (Seq.seq int32); + [#"../12_ghost_code.rs" 17 20 21 1] _0 <- ([#"../12_ghost_code.rs" 17 20 21 1] ()); return _0 } @@ -208,18 +208,18 @@ module C12GhostCode_GhostIsCopy goto BB0 } BB0 { - x <- ([#"../12_ghost_code.rs" 24 16 24 17] [#"../12_ghost_code.rs" 24 16 24 17] (0 : int32)); - r <- Borrow.borrow_mut x; - x <- ^ r; + [#"../12_ghost_code.rs" 24 16 24 17] x <- ([#"../12_ghost_code.rs" 24 16 24 17] [#"../12_ghost_code.rs" 24 16 24 17] (0 : int32)); + [#"../12_ghost_code.rs" 25 12 25 18] r <- Borrow.borrow_mut x; + [#"../12_ghost_code.rs" 25 12 25 18] x <- ^ r; assume { resolve0 r }; - g <- ([#"../12_ghost_code.rs" 26 12 26 21] Ghost.new r); + [#"../12_ghost_code.rs" 26 12 26 21] g <- ([#"../12_ghost_code.rs" 26 12 26 21] Ghost.new r); goto BB1 } BB1 { - g1 <- g; - g2 <- g; + [#"../12_ghost_code.rs" 27 13 27 14] g1 <- ([#"../12_ghost_code.rs" 27 13 27 14] g); + [#"../12_ghost_code.rs" 28 13 28 14] g2 <- ([#"../12_ghost_code.rs" 28 13 28 14] g); assert { [@expl:assertion] [#"../12_ghost_code.rs" 29 18 29 26] g1 = g2 }; - _0 <- ([#"../12_ghost_code.rs" 23 23 30 1] ()); + [#"../12_ghost_code.rs" 23 23 30 1] _0 <- ([#"../12_ghost_code.rs" 23 23 30 1] ()); return _0 } @@ -236,7 +236,7 @@ module C12GhostCode_GhostCheck val inv4 (_x : Seq.seq int32) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../12_ghost_code.rs" 1 0 1 0] forall x : Seq.seq int32 . inv4 x = true + axiom inv4 : forall x : Seq.seq int32 . inv4 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type predicate invariant3 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) = @@ -248,7 +248,7 @@ module C12GhostCode_GhostCheck val inv3 (_x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../12_ghost_code.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv3 x = true + axiom inv3 : forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv3 x = true predicate invariant2 (self : int32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : int32) : bool @@ -258,7 +258,7 @@ module C12GhostCode_GhostCheck val inv2 (_x : int32) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../12_ghost_code.rs" 1 0 1 0] forall x : int32 . inv2 x = true + axiom inv2 : forall x : int32 . inv2 x = true use prelude.Borrow predicate invariant1 (self : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -269,7 +269,7 @@ module C12GhostCode_GhostCheck val inv1 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../12_ghost_code.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) . inv1 x = true + axiom inv1 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) . inv1 x = true use prelude.UIntSize use prelude.Int use prelude.UIntSize @@ -291,7 +291,7 @@ module C12GhostCode_GhostCheck val invariant0 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../12_ghost_code.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use prelude.Ghost predicate resolve1 (self : int32) = [#"../../../../../creusot-contracts/src/resolve.rs" 45 8 45 12] true @@ -357,22 +357,22 @@ module C12GhostCode_GhostCheck goto BB0 } BB0 { - x <- ([#"../12_ghost_code.rs" 36 16 36 26] new0 ()); + [#"../12_ghost_code.rs" 36 16 36 26] x <- ([#"../12_ghost_code.rs" 36 16 36 26] new0 ()); goto BB1 } BB1 { - _2 <- ([#"../12_ghost_code.rs" 39 4 39 25] Ghost.new (let _ = logi_drop0 x in ())); + [#"../12_ghost_code.rs" 39 4 39 25] _2 <- ([#"../12_ghost_code.rs" 39 4 39 25] Ghost.new (let _ = logi_drop0 x in ())); goto BB2 } BB2 { - _5 <- Borrow.borrow_mut x; - x <- ^ _5; - _4 <- ([#"../12_ghost_code.rs" 41 4 41 13] push0 _5 ([#"../12_ghost_code.rs" 41 11 41 12] [#"../12_ghost_code.rs" 41 11 41 12] (0 : int32))); + [#"../12_ghost_code.rs" 41 4 41 13] _5 <- Borrow.borrow_mut x; + [#"../12_ghost_code.rs" 41 4 41 13] x <- ^ _5; + [#"../12_ghost_code.rs" 41 4 41 13] _4 <- ([#"../12_ghost_code.rs" 41 4 41 13] push0 _5 ([#"../12_ghost_code.rs" 41 11 41 12] [#"../12_ghost_code.rs" 41 11 41 12] (0 : int32))); _5 <- any borrowed (Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)); goto BB3 } BB3 { - _9 <- ([#"../12_ghost_code.rs" 43 12 43 19] len0 ([#"../12_ghost_code.rs" 43 12 43 19] x)); + [#"../12_ghost_code.rs" 43 12 43 19] _9 <- ([#"../12_ghost_code.rs" 43 12 43 19] len0 ([#"../12_ghost_code.rs" 43 12 43 19] x)); goto BB4 } BB4 { @@ -383,10 +383,11 @@ module C12GhostCode_GhostCheck end } BB5 { + assert { [#"../12_ghost_code.rs" 43 4 43 25] false }; absurd } BB6 { - _0 <- ([#"../12_ghost_code.rs" 35 21 44 1] ()); + [#"../12_ghost_code.rs" 35 21 44 1] _0 <- ([#"../12_ghost_code.rs" 35 21 44 1] ()); goto BB7 } BB7 { @@ -441,13 +442,13 @@ module C12GhostCode_TakesStruct goto BB0 } BB0 { - _3 <- ([#"../12_ghost_code.rs" 53 10 53 21] Ghost.new (C12GhostCode_MyStruct_Type.mystruct_f x)); + [#"../12_ghost_code.rs" 53 10 53 21] _3 <- ([#"../12_ghost_code.rs" 53 10 53 21] Ghost.new (C12GhostCode_MyStruct_Type.mystruct_f x)); goto BB1 } BB1 { - x <- (let C12GhostCode_MyStruct_Type.C_MyStruct x0 x1 = x in C12GhostCode_MyStruct_Type.C_MyStruct x0 _3); - _3 <- any Ghost.ghost_ty uint32; - _0 <- ([#"../12_ghost_code.rs" 52 37 54 1] ()); + [#"../12_ghost_code.rs" 53 4 53 21] x <- (let C12GhostCode_MyStruct_Type.C_MyStruct x0 x1 = x in C12GhostCode_MyStruct_Type.C_MyStruct x0 ([#"../12_ghost_code.rs" 53 4 53 21] _3)); + [#"../12_ghost_code.rs" 53 4 53 21] _3 <- any Ghost.ghost_ty uint32; + [#"../12_ghost_code.rs" 52 37 54 1] _0 <- ([#"../12_ghost_code.rs" 52 37 54 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/syntax/12_ghost_code/why3shapes.gz b/creusot/tests/should_succeed/syntax/12_ghost_code/why3shapes.gz index 93216d8817..ac184bbd4d 100644 Binary files a/creusot/tests/should_succeed/syntax/12_ghost_code/why3shapes.gz and b/creusot/tests/should_succeed/syntax/12_ghost_code/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/syntax/13_vec_macro.mlcfg b/creusot/tests/should_succeed/syntax/13_vec_macro.mlcfg index 89e584e0ba..81c8029f71 100644 --- a/creusot/tests/should_succeed/syntax/13_vec_macro.mlcfg +++ b/creusot/tests/should_succeed/syntax/13_vec_macro.mlcfg @@ -56,7 +56,7 @@ module C13VecMacro_X val inv6 (_x : slice int32) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../13_vec_macro.rs" 1 0 1 0] forall x : slice int32 . inv6 x = true + axiom inv6 : forall x : slice int32 . inv6 x = true predicate invariant5 (self : slice int32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant5 (self : slice int32) : bool @@ -67,7 +67,7 @@ module C13VecMacro_X ensures { result = inv5 _x } use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - axiom inv5 : [#"../13_vec_macro.rs" 1 0 1 0] forall x : slice int32 . inv5 x = true + axiom inv5 : forall x : slice int32 . inv5 x = true use seq.Seq predicate invariant4 (self : Seq.seq int32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -78,7 +78,7 @@ module C13VecMacro_X val inv4 (_x : Seq.seq int32) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../13_vec_macro.rs" 1 0 1 0] forall x : Seq.seq int32 . inv4 x = true + axiom inv4 : forall x : Seq.seq int32 . inv4 x = true use prelude.UIntSize use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -101,7 +101,7 @@ module C13VecMacro_X val invariant3 (self : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../13_vec_macro.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv3 x = true + axiom inv3 : forall x : Alloc_Vec_Vec_Type.t_vec int32 (Alloc_Alloc_Global_Type.t_global) . inv3 x = true predicate invariant2 (self : int32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : int32) : bool @@ -111,7 +111,7 @@ module C13VecMacro_X val inv2 (_x : int32) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../13_vec_macro.rs" 1 0 1 0] forall x : int32 . inv2 x = true + axiom inv2 : forall x : int32 . inv2 x = true use prelude.UInt32 predicate invariant1 (self : Seq.seq uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -122,7 +122,7 @@ module C13VecMacro_X val inv1 (_x : Seq.seq uint32) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../13_vec_macro.rs" 1 0 1 0] forall x : Seq.seq uint32 . inv1 x = true + axiom inv1 : forall x : Seq.seq uint32 . inv1 x = true use seq.Seq predicate inv0 (_x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) val inv0 (_x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) : bool @@ -139,7 +139,7 @@ module C13VecMacro_X val invariant0 (self : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../13_vec_macro.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use prelude.Slice function shallow_model4 (self : slice int32) : Seq.seq int32 val shallow_model4 (self : slice int32) : Seq.seq int32 @@ -213,7 +213,7 @@ module C13VecMacro_X goto BB0 } BB0 { - v0 <- ([#"../13_vec_macro.rs" 6 23 6 29] new0 ()); + [#"../../../../../creusot-contracts/src/lib.rs" 247 8 247 30] v0 <- ([#"../13_vec_macro.rs" 6 23 6 29] new0 ()); goto BB1 } BB1 { @@ -222,7 +222,7 @@ module C13VecMacro_X goto BB2 } BB2 { - v1 <- ([#"../13_vec_macro.rs" 9 13 9 23] from_elem0 ([#"../13_vec_macro.rs" 9 18 9 19] [#"../13_vec_macro.rs" 9 18 9 19] (0 : int32)) ([#"../13_vec_macro.rs" 9 21 9 22] [#"../13_vec_macro.rs" 9 21 9 22] (2 : usize))); + [#"../../../../../creusot-contracts/src/lib.rs" 250 8 250 40] v1 <- ([#"../13_vec_macro.rs" 9 13 9 23] from_elem0 ([#"../13_vec_macro.rs" 9 18 9 19] [#"../13_vec_macro.rs" 9 18 9 19] (0 : int32)) ([#"../13_vec_macro.rs" 9 21 9 22] [#"../13_vec_macro.rs" 9 21 9 22] (2 : usize))); goto BB3 } BB3 { @@ -237,7 +237,7 @@ module C13VecMacro_X goto BB6 } BB6 { - v2 <- ([#"../13_vec_macro.rs" 12 13 12 26] into_vec0 ([#"../../../../../creusot-contracts/src/lib.rs" 253 47 253 56] let __arr_temp = any array int32 in assume {Seq.get (__arr_temp.elts) 0 = ([#"../13_vec_macro.rs" 12 18 12 19] [#"../13_vec_macro.rs" 12 18 12 19] (1 : int32))}; assume {Seq.get (__arr_temp.elts) 1 = ([#"../13_vec_macro.rs" 12 21 12 22] [#"../13_vec_macro.rs" 12 21 12 22] (2 : int32))}; assume {Seq.get (__arr_temp.elts) 2 = ([#"../13_vec_macro.rs" 12 24 12 25] [#"../13_vec_macro.rs" 12 24 12 25] (3 : int32))}; assume {Slice.length __arr_temp = 3}; __arr_temp)); + [#"../../../../../creusot-contracts/src/lib.rs" 253 8 253 58] v2 <- ([#"../13_vec_macro.rs" 12 13 12 26] into_vec0 ([#"../../../../../creusot-contracts/src/lib.rs" 253 47 253 56] let __arr_temp = any array int32 in assume {Seq.get (__arr_temp.elts) 0 = ([#"../13_vec_macro.rs" 12 18 12 19] [#"../13_vec_macro.rs" 12 18 12 19] (1 : int32))}; assume {Seq.get (__arr_temp.elts) 1 = ([#"../13_vec_macro.rs" 12 21 12 22] [#"../13_vec_macro.rs" 12 21 12 22] (2 : int32))}; assume {Seq.get (__arr_temp.elts) 2 = ([#"../13_vec_macro.rs" 12 24 12 25] [#"../13_vec_macro.rs" 12 24 12 25] (3 : int32))}; assume {Slice.length __arr_temp = 3}; __arr_temp)); goto BB7 } BB7 { @@ -246,7 +246,7 @@ module C13VecMacro_X goto BB8 } BB8 { - _0 <- ([#"../13_vec_macro.rs" 5 11 14 1] ()); + [#"../13_vec_macro.rs" 5 11 14 1] _0 <- ([#"../13_vec_macro.rs" 5 11 14 1] ()); goto BB9 } BB9 { diff --git a/creusot/tests/should_succeed/syntax/14_const_fns.mlcfg b/creusot/tests/should_succeed/syntax/14_const_fns.mlcfg index 6dd68e8c95..cc11542340 100644 --- a/creusot/tests/should_succeed/syntax/14_const_fns.mlcfg +++ b/creusot/tests/should_succeed/syntax/14_const_fns.mlcfg @@ -13,7 +13,7 @@ module C14ConstFns_Omg goto BB0 } BB0 { - _0 <- ([#"../14_const_fns.rs" 6 4 6 9] x - ([#"../14_const_fns.rs" 6 8 6 9] [#"../14_const_fns.rs" 6 8 6 9] (1 : int32))); + [#"../14_const_fns.rs" 6 4 6 9] _0 <- ([#"../14_const_fns.rs" 6 4 6 9] ([#"../14_const_fns.rs" 6 4 6 5] x) - ([#"../14_const_fns.rs" 6 8 6 9] [#"../14_const_fns.rs" 6 8 6 9] (1 : int32))); return _0 } diff --git a/creusot/tests/should_succeed/syntax/derive_macros.mlcfg b/creusot/tests/should_succeed/syntax/derive_macros.mlcfg index 63083272d9..ad82ae1b2c 100644 --- a/creusot/tests/should_succeed/syntax/derive_macros.mlcfg +++ b/creusot/tests/should_succeed/syntax/derive_macros.mlcfg @@ -23,7 +23,7 @@ module DeriveMacros_Impl2_Clone val inv5 (_x : b) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../derive_macros.rs" 1 0 1 0] forall x : b . inv5 x = true + axiom inv5 : forall x : b . inv5 x = true predicate invariant4 (self : a) val invariant4 (self : a) : bool ensures { result = invariant4 self } @@ -32,7 +32,7 @@ module DeriveMacros_Impl2_Clone val inv4 (_x : a) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../derive_macros.rs" 1 0 1 0] forall x : a . inv4 x = true + axiom inv4 : forall x : a . inv4 x = true use DeriveMacros_Product_Type as DeriveMacros_Product_Type predicate invariant3 (self : DeriveMacros_Product_Type.t_product a b) val invariant3 (self : DeriveMacros_Product_Type.t_product a b) : bool @@ -42,7 +42,7 @@ module DeriveMacros_Impl2_Clone val inv3 (_x : DeriveMacros_Product_Type.t_product a b) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../derive_macros.rs" 1 0 1 0] forall x : DeriveMacros_Product_Type.t_product a b . inv3 x = true + axiom inv3 : forall x : DeriveMacros_Product_Type.t_product a b . inv3 x = true predicate invariant2 (self : b) val invariant2 (self : b) : bool ensures { result = invariant2 self } @@ -51,7 +51,7 @@ module DeriveMacros_Impl2_Clone val inv2 (_x : b) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../derive_macros.rs" 1 0 1 0] forall x : b . inv2 x = true + axiom inv2 : forall x : b . inv2 x = true predicate invariant1 (self : DeriveMacros_Product_Type.t_product a b) val invariant1 (self : DeriveMacros_Product_Type.t_product a b) : bool ensures { result = invariant1 self } @@ -60,7 +60,7 @@ module DeriveMacros_Impl2_Clone val inv1 (_x : DeriveMacros_Product_Type.t_product a b) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../derive_macros.rs" 1 0 1 0] forall x : DeriveMacros_Product_Type.t_product a b . inv1 x = true + axiom inv1 : forall x : DeriveMacros_Product_Type.t_product a b . inv1 x = true predicate invariant0 (self : a) val invariant0 (self : a) : bool ensures { result = invariant0 self } @@ -69,7 +69,7 @@ module DeriveMacros_Impl2_Clone val inv0 (_x : a) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../derive_macros.rs" 1 0 1 0] forall x : a . inv0 x = true + axiom inv0 : forall x : a . inv0 x = true use prelude.Borrow val clone1 (self : b) : b requires {inv2 self} @@ -109,23 +109,23 @@ module DeriveMacros_Impl2_Clone goto BB0 } BB0 { - _5 <- ([#"../derive_macros.rs" 10 4 10 8] DeriveMacros_Product_Type.product_a self); + [#"../derive_macros.rs" 10 4 10 8] _5 <- ([#"../derive_macros.rs" 10 4 10 8] DeriveMacros_Product_Type.product_a self); assert { [@expl:type invariant] inv0 _5 }; assume { resolve0 _5 }; - _3 <- ([#"../derive_macros.rs" 10 4 10 8] clone0 ([#"../derive_macros.rs" 10 4 10 8] _5)); + [#"../derive_macros.rs" 10 4 10 8] _3 <- ([#"../derive_macros.rs" 10 4 10 8] clone0 ([#"../derive_macros.rs" 10 4 10 8] _5)); goto BB1 } BB1 { - _8 <- ([#"../derive_macros.rs" 11 4 11 8] DeriveMacros_Product_Type.product_b self); + [#"../derive_macros.rs" 11 4 11 8] _8 <- ([#"../derive_macros.rs" 11 4 11 8] DeriveMacros_Product_Type.product_b self); assert { [@expl:type invariant] inv1 self }; assume { resolve1 self }; assert { [@expl:type invariant] inv2 _8 }; assume { resolve2 _8 }; - _6 <- ([#"../derive_macros.rs" 11 4 11 8] clone1 ([#"../derive_macros.rs" 11 4 11 8] _8)); + [#"../derive_macros.rs" 11 4 11 8] _6 <- ([#"../derive_macros.rs" 11 4 11 8] clone1 ([#"../derive_macros.rs" 11 4 11 8] _8)); goto BB2 } BB2 { - _0 <- ([#"../derive_macros.rs" 8 9 8 14] DeriveMacros_Product_Type.C_Product _3 _6); + [#"../derive_macros.rs" 8 9 8 14] _0 <- ([#"../derive_macros.rs" 8 9 8 14] DeriveMacros_Product_Type.C_Product _3 _6); _3 <- any a; _6 <- any b; goto BB3 @@ -149,7 +149,7 @@ module DeriveMacros_Impl3_Eq val inv2 (_x : b) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../derive_macros.rs" 1 0 1 0] forall x : b . inv2 x = true + axiom inv2 : forall x : b . inv2 x = true use DeriveMacros_Product_Type as DeriveMacros_Product_Type predicate invariant1 (self : DeriveMacros_Product_Type.t_product a b) val invariant1 (self : DeriveMacros_Product_Type.t_product a b) : bool @@ -159,7 +159,7 @@ module DeriveMacros_Impl3_Eq val inv1 (_x : DeriveMacros_Product_Type.t_product a b) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../derive_macros.rs" 1 0 1 0] forall x : DeriveMacros_Product_Type.t_product a b . inv1 x = true + axiom inv1 : forall x : DeriveMacros_Product_Type.t_product a b . inv1 x = true predicate invariant0 (self : a) val invariant0 (self : a) : bool ensures { result = invariant0 self } @@ -168,7 +168,7 @@ module DeriveMacros_Impl3_Eq val inv0 (_x : a) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../derive_macros.rs" 1 0 1 0] forall x : a . inv0 x = true + axiom inv0 : forall x : a . inv0 x = true type deep_model_ty1 function deep_model5 (self : b) : deep_model_ty1 val deep_model5 (self : b) : deep_model_ty1 @@ -243,10 +243,10 @@ module DeriveMacros_Impl3_Eq goto BB0 } BB0 { - _7 <- ([#"../derive_macros.rs" 10 4 10 8] DeriveMacros_Product_Type.product_a rhs); + [#"../derive_macros.rs" 10 4 10 8] _7 <- ([#"../derive_macros.rs" 10 4 10 8] DeriveMacros_Product_Type.product_a rhs); assert { [@expl:type invariant] inv0 _7 }; assume { resolve0 _7 }; - _4 <- ([#"../derive_macros.rs" 10 4 10 8] eq0 ([#"../derive_macros.rs" 10 4 10 8] DeriveMacros_Product_Type.product_a self) ([#"../derive_macros.rs" 10 4 10 8] _7)); + [#"../derive_macros.rs" 10 4 10 8] _4 <- ([#"../derive_macros.rs" 10 4 10 8] eq0 ([#"../derive_macros.rs" 10 4 10 8] DeriveMacros_Product_Type.product_a self) ([#"../derive_macros.rs" 10 4 10 8] _7)); goto BB4 } BB1 { @@ -254,18 +254,18 @@ module DeriveMacros_Impl3_Eq assume { resolve1 rhs }; assert { [@expl:type invariant] inv1 self }; assume { resolve1 self }; - _0 <- ([#"../derive_macros.rs" 10 4 11 8] [#"../derive_macros.rs" 10 4 11 8] false); + [#"../derive_macros.rs" 10 4 11 8] _0 <- ([#"../derive_macros.rs" 10 4 11 8] [#"../derive_macros.rs" 10 4 11 8] false); goto BB3 } BB2 { assert { [@expl:type invariant] inv1 self }; assume { resolve1 self }; - _11 <- ([#"../derive_macros.rs" 11 4 11 8] DeriveMacros_Product_Type.product_b rhs); + [#"../derive_macros.rs" 11 4 11 8] _11 <- ([#"../derive_macros.rs" 11 4 11 8] DeriveMacros_Product_Type.product_b rhs); assert { [@expl:type invariant] inv1 rhs }; assume { resolve1 rhs }; assert { [@expl:type invariant] inv2 _11 }; assume { resolve2 _11 }; - _8 <- ([#"../derive_macros.rs" 11 4 11 8] eq1 ([#"../derive_macros.rs" 11 4 11 8] DeriveMacros_Product_Type.product_b self) ([#"../derive_macros.rs" 11 4 11 8] _11)); + [#"../derive_macros.rs" 11 4 11 8] _8 <- ([#"../derive_macros.rs" 11 4 11 8] eq1 ([#"../derive_macros.rs" 11 4 11 8] DeriveMacros_Product_Type.product_b self) ([#"../derive_macros.rs" 11 4 11 8] _11)); goto BB5 } BB3 { @@ -278,8 +278,8 @@ module DeriveMacros_Impl3_Eq end } BB5 { - _0 <- _8; - _8 <- any bool; + [#"../derive_macros.rs" 10 4 11 8] _0 <- ([#"../derive_macros.rs" 10 4 11 8] _8); + [#"../derive_macros.rs" 10 4 11 8] _8 <- any bool; goto BB3 } @@ -311,7 +311,7 @@ module DeriveMacros_Impl4_Clone val inv7 (_x : b) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../derive_macros.rs" 1 0 1 0] forall x : b . inv7 x = true + axiom inv7 : forall x : b . inv7 x = true predicate invariant6 (self : a) val invariant6 (self : a) : bool ensures { result = invariant6 self } @@ -320,7 +320,7 @@ module DeriveMacros_Impl4_Clone val inv6 (_x : a) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../derive_macros.rs" 1 0 1 0] forall x : a . inv6 x = true + axiom inv6 : forall x : a . inv6 x = true use DeriveMacros_Sum_Type as DeriveMacros_Sum_Type predicate invariant5 (self : DeriveMacros_Sum_Type.t_sum a b) val invariant5 (self : DeriveMacros_Sum_Type.t_sum a b) : bool @@ -330,7 +330,7 @@ module DeriveMacros_Impl4_Clone val inv5 (_x : DeriveMacros_Sum_Type.t_sum a b) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../derive_macros.rs" 1 0 1 0] forall x : DeriveMacros_Sum_Type.t_sum a b . inv5 x = true + axiom inv5 : forall x : DeriveMacros_Sum_Type.t_sum a b . inv5 x = true predicate invariant4 (self : b) val invariant4 (self : b) : bool ensures { result = invariant4 self } @@ -339,7 +339,7 @@ module DeriveMacros_Impl4_Clone val inv4 (_x : b) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../derive_macros.rs" 1 0 1 0] forall x : b . inv4 x = true + axiom inv4 : forall x : b . inv4 x = true predicate invariant3 (self : b) val invariant3 (self : b) : bool ensures { result = invariant3 self } @@ -348,7 +348,7 @@ module DeriveMacros_Impl4_Clone val inv3 (_x : b) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../derive_macros.rs" 1 0 1 0] forall x : b . inv3 x = true + axiom inv3 : forall x : b . inv3 x = true predicate invariant2 (self : a) val invariant2 (self : a) : bool ensures { result = invariant2 self } @@ -357,7 +357,7 @@ module DeriveMacros_Impl4_Clone val inv2 (_x : a) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../derive_macros.rs" 1 0 1 0] forall x : a . inv2 x = true + axiom inv2 : forall x : a . inv2 x = true predicate invariant1 (self : a) val invariant1 (self : a) : bool ensures { result = invariant1 self } @@ -366,7 +366,7 @@ module DeriveMacros_Impl4_Clone val inv1 (_x : a) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../derive_macros.rs" 1 0 1 0] forall x : a . inv1 x = true + axiom inv1 : forall x : a . inv1 x = true predicate invariant0 (self : DeriveMacros_Sum_Type.t_sum a b) val invariant0 (self : DeriveMacros_Sum_Type.t_sum a b) : bool ensures { result = invariant0 self } @@ -375,7 +375,7 @@ module DeriveMacros_Impl4_Clone val inv0 (_x : DeriveMacros_Sum_Type.t_sum a b) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../derive_macros.rs" 1 0 1 0] forall x : DeriveMacros_Sum_Type.t_sum a b . inv0 x = true + axiom inv0 : forall x : DeriveMacros_Sum_Type.t_sum a b . inv0 x = true use prelude.Borrow predicate resolve4 (self : b) val resolve4 (self : b) : bool @@ -434,34 +434,35 @@ module DeriveMacros_Impl4_Clone goto BB4 } BB2 { - v0_11 <- ([#"../derive_macros.rs" 28 9 28 14] DeriveMacros_Sum_Type.b_0 self); + [#"../derive_macros.rs" 28 9 28 14] v0_11 <- ([#"../derive_macros.rs" 28 9 28 14] DeriveMacros_Sum_Type.b_0 self); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _11 <- ([#"../derive_macros.rs" 28 9 28 14] v0_11); + [#"../derive_macros.rs" 28 9 28 14] _11 <- ([#"../derive_macros.rs" 28 9 28 14] v0_11); assert { [@expl:type invariant] inv3 _11 }; assume { resolve3 _11 }; - _9 <- ([#"../derive_macros.rs" 28 9 28 14] clone1 ([#"../derive_macros.rs" 28 9 28 14] _11)); + [#"../derive_macros.rs" 28 9 28 14] _9 <- ([#"../derive_macros.rs" 28 9 28 14] clone1 ([#"../derive_macros.rs" 28 9 28 14] _11)); goto BB7 } BB3 { assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; + assert { [#"../derive_macros.rs" 28 9 28 14] false }; absurd } BB4 { - v0_1 <- ([#"../derive_macros.rs" 28 9 28 14] DeriveMacros_Sum_Type.a_0 self); + [#"../derive_macros.rs" 28 9 28 14] v0_1 <- ([#"../derive_macros.rs" 28 9 28 14] DeriveMacros_Sum_Type.a_0 self); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _7 <- ([#"../derive_macros.rs" 28 9 28 14] v0_1); + [#"../derive_macros.rs" 28 9 28 14] _7 <- ([#"../derive_macros.rs" 28 9 28 14] v0_1); assert { [@expl:type invariant] inv1 _7 }; assume { resolve1 _7 }; - _5 <- ([#"../derive_macros.rs" 28 9 28 14] clone0 ([#"../derive_macros.rs" 28 9 28 14] _7)); + [#"../derive_macros.rs" 28 9 28 14] _5 <- ([#"../derive_macros.rs" 28 9 28 14] clone0 ([#"../derive_macros.rs" 28 9 28 14] _7)); goto BB5 } BB5 { assert { [@expl:type invariant] inv2 v0_1 }; assume { resolve2 v0_1 }; - _0 <- ([#"../derive_macros.rs" 28 9 28 14] DeriveMacros_Sum_Type.C_A _5); + [#"../derive_macros.rs" 28 9 28 14] _0 <- ([#"../derive_macros.rs" 28 9 28 14] DeriveMacros_Sum_Type.C_A _5); _5 <- any a; goto BB6 } @@ -471,7 +472,7 @@ module DeriveMacros_Impl4_Clone BB7 { assert { [@expl:type invariant] inv4 v0_11 }; assume { resolve4 v0_11 }; - _0 <- ([#"../derive_macros.rs" 28 9 28 14] DeriveMacros_Sum_Type.C_B _9); + [#"../derive_macros.rs" 28 9 28 14] _0 <- ([#"../derive_macros.rs" 28 9 28 14] DeriveMacros_Sum_Type.C_B _9); _9 <- any b; goto BB8 } @@ -494,7 +495,7 @@ module DeriveMacros_Impl5_Eq val inv3 (_x : b) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../derive_macros.rs" 1 0 1 0] forall x : b . inv3 x = true + axiom inv3 : forall x : b . inv3 x = true predicate invariant2 (self : a) val invariant2 (self : a) : bool ensures { result = invariant2 self } @@ -503,7 +504,7 @@ module DeriveMacros_Impl5_Eq val inv2 (_x : a) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../derive_macros.rs" 1 0 1 0] forall x : a . inv2 x = true + axiom inv2 : forall x : a . inv2 x = true use DeriveMacros_Sum_Type as DeriveMacros_Sum_Type predicate invariant1 (self : (DeriveMacros_Sum_Type.t_sum a b, DeriveMacros_Sum_Type.t_sum a b)) val invariant1 (self : (DeriveMacros_Sum_Type.t_sum a b, DeriveMacros_Sum_Type.t_sum a b)) : bool @@ -513,7 +514,7 @@ module DeriveMacros_Impl5_Eq val inv1 (_x : (DeriveMacros_Sum_Type.t_sum a b, DeriveMacros_Sum_Type.t_sum a b)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../derive_macros.rs" 1 0 1 0] forall x : (DeriveMacros_Sum_Type.t_sum a b, DeriveMacros_Sum_Type.t_sum a b) . inv1 x = true + axiom inv1 : forall x : (DeriveMacros_Sum_Type.t_sum a b, DeriveMacros_Sum_Type.t_sum a b) . inv1 x = true predicate invariant0 (self : DeriveMacros_Sum_Type.t_sum a b) val invariant0 (self : DeriveMacros_Sum_Type.t_sum a b) : bool ensures { result = invariant0 self } @@ -522,7 +523,7 @@ module DeriveMacros_Impl5_Eq val inv0 (_x : DeriveMacros_Sum_Type.t_sum a b) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../derive_macros.rs" 1 0 1 0] forall x : DeriveMacros_Sum_Type.t_sum a b . inv0 x = true + axiom inv0 : forall x : DeriveMacros_Sum_Type.t_sum a b . inv0 x = true type deep_model_ty1 function deep_model5 (self : b) : deep_model_ty1 val deep_model5 (self : b) : deep_model_ty1 @@ -612,7 +613,7 @@ module DeriveMacros_Impl5_Eq assume { resolve0 self }; assert { [@expl:type invariant] inv0 rhs }; assume { resolve0 rhs }; - _4 <- ([#"../derive_macros.rs" 28 16 28 25] (self, rhs)); + [#"../derive_macros.rs" 28 16 28 25] _4 <- ([#"../derive_macros.rs" 28 16 28 25] (([#"../derive_macros.rs" 28 16 28 25] self), ([#"../derive_macros.rs" 28 16 28 25] rhs))); switch (let (a, _) = _4 in a) | DeriveMacros_Sum_Type.C_A _ -> goto BB1 | DeriveMacros_Sum_Type.C_B _ -> goto BB4 @@ -630,7 +631,7 @@ module DeriveMacros_Impl5_Eq BB3 { assert { [@expl:type invariant] inv1 _4 }; assume { resolve1 _4 }; - _0 <- ([#"../derive_macros.rs" 28 16 28 25] [#"../derive_macros.rs" 28 16 28 25] false); + [#"../derive_macros.rs" 28 16 28 25] _0 <- ([#"../derive_macros.rs" 28 16 28 25] [#"../derive_macros.rs" 28 16 28 25] false); goto BB16 } BB4 { @@ -643,23 +644,23 @@ module DeriveMacros_Impl5_Eq goto BB11 } BB6 { - v0_1 <- ([#"../derive_macros.rs" 28 16 28 25] DeriveMacros_Sum_Type.a_0 (let (a, _) = _4 in a)); - v0_2 <- ([#"../derive_macros.rs" 28 16 28 25] DeriveMacros_Sum_Type.a_0 (let (_, a) = _4 in a)); + [#"../derive_macros.rs" 28 16 28 25] v0_1 <- ([#"../derive_macros.rs" 28 16 28 25] DeriveMacros_Sum_Type.a_0 (let (a, _) = _4 in a)); + [#"../derive_macros.rs" 28 16 28 25] v0_2 <- ([#"../derive_macros.rs" 28 16 28 25] DeriveMacros_Sum_Type.a_0 (let (_, a) = _4 in a)); assert { [@expl:type invariant] inv1 _4 }; assume { resolve1 _4 }; assert { [@expl:type invariant] inv2 v0_1 }; assume { resolve2 v0_1 }; assert { [@expl:type invariant] inv2 v0_2 }; assume { resolve2 v0_2 }; - _12 <- ([#"../derive_macros.rs" 28 16 28 25] eq0 ([#"../derive_macros.rs" 28 16 28 25] v0_1) ([#"../derive_macros.rs" 28 16 28 25] v0_2)); + [#"../derive_macros.rs" 28 16 28 25] _12 <- ([#"../derive_macros.rs" 28 16 28 25] eq0 ([#"../derive_macros.rs" 28 16 28 25] v0_1) ([#"../derive_macros.rs" 28 16 28 25] v0_2)); goto BB10 } BB7 { - _0 <- ([#"../derive_macros.rs" 28 16 28 25] [#"../derive_macros.rs" 28 16 28 25] false); + [#"../derive_macros.rs" 28 16 28 25] _0 <- ([#"../derive_macros.rs" 28 16 28 25] [#"../derive_macros.rs" 28 16 28 25] false); goto BB9 } BB8 { - _0 <- ([#"../derive_macros.rs" 28 16 28 25] [#"../derive_macros.rs" 28 16 28 25] true); + [#"../derive_macros.rs" 28 16 28 25] _0 <- ([#"../derive_macros.rs" 28 16 28 25] [#"../derive_macros.rs" 28 16 28 25] true); goto BB9 } BB9 { @@ -672,23 +673,23 @@ module DeriveMacros_Impl5_Eq end } BB11 { - v0_11 <- ([#"../derive_macros.rs" 28 16 28 25] DeriveMacros_Sum_Type.b_0 (let (a, _) = _4 in a)); - v0_21 <- ([#"../derive_macros.rs" 28 16 28 25] DeriveMacros_Sum_Type.b_0 (let (_, a) = _4 in a)); + [#"../derive_macros.rs" 28 16 28 25] v0_11 <- ([#"../derive_macros.rs" 28 16 28 25] DeriveMacros_Sum_Type.b_0 (let (a, _) = _4 in a)); + [#"../derive_macros.rs" 28 16 28 25] v0_21 <- ([#"../derive_macros.rs" 28 16 28 25] DeriveMacros_Sum_Type.b_0 (let (_, a) = _4 in a)); assert { [@expl:type invariant] inv1 _4 }; assume { resolve1 _4 }; assert { [@expl:type invariant] inv3 v0_11 }; assume { resolve3 v0_11 }; assert { [@expl:type invariant] inv3 v0_21 }; assume { resolve3 v0_21 }; - _17 <- ([#"../derive_macros.rs" 28 16 28 25] eq1 ([#"../derive_macros.rs" 28 16 28 25] v0_11) ([#"../derive_macros.rs" 28 16 28 25] v0_21)); + [#"../derive_macros.rs" 28 16 28 25] _17 <- ([#"../derive_macros.rs" 28 16 28 25] eq1 ([#"../derive_macros.rs" 28 16 28 25] v0_11) ([#"../derive_macros.rs" 28 16 28 25] v0_21)); goto BB15 } BB12 { - _0 <- ([#"../derive_macros.rs" 28 16 28 25] [#"../derive_macros.rs" 28 16 28 25] false); + [#"../derive_macros.rs" 28 16 28 25] _0 <- ([#"../derive_macros.rs" 28 16 28 25] [#"../derive_macros.rs" 28 16 28 25] false); goto BB14 } BB13 { - _0 <- ([#"../derive_macros.rs" 28 16 28 25] [#"../derive_macros.rs" 28 16 28 25] true); + [#"../derive_macros.rs" 28 16 28 25] _0 <- ([#"../derive_macros.rs" 28 16 28 25] [#"../derive_macros.rs" 28 16 28 25] true); goto BB14 } BB14 { @@ -830,7 +831,7 @@ module DeriveMacros_Impl2 val inv1 (_x : DeriveMacros_Product_Type.t_product a b) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../derive_macros.rs" 1 0 1 0] forall x : DeriveMacros_Product_Type.t_product a b . inv1 x = true + axiom inv1 : forall x : DeriveMacros_Product_Type.t_product a b . inv1 x = true predicate invariant0 (self : DeriveMacros_Product_Type.t_product a b) val invariant0 (self : DeriveMacros_Product_Type.t_product a b) : bool ensures { result = invariant0 self } @@ -839,7 +840,7 @@ module DeriveMacros_Impl2 val inv0 (_x : DeriveMacros_Product_Type.t_product a b) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../derive_macros.rs" 1 0 1 0] forall x : DeriveMacros_Product_Type.t_product a b . inv0 x = true + axiom inv0 : forall x : DeriveMacros_Product_Type.t_product a b . inv0 x = true use prelude.Borrow goal clone'_refn : [#"../derive_macros.rs" 8 9 8 14] forall self : DeriveMacros_Product_Type.t_product a b . inv0 self -> inv0 self /\ (forall result : DeriveMacros_Product_Type.t_product a b . inv1 result /\ result = self -> inv1 result /\ result = self) end @@ -855,7 +856,7 @@ module DeriveMacros_Impl4 val inv1 (_x : DeriveMacros_Sum_Type.t_sum a b) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../derive_macros.rs" 1 0 1 0] forall x : DeriveMacros_Sum_Type.t_sum a b . inv1 x = true + axiom inv1 : forall x : DeriveMacros_Sum_Type.t_sum a b . inv1 x = true predicate invariant0 (self : DeriveMacros_Sum_Type.t_sum a b) val invariant0 (self : DeriveMacros_Sum_Type.t_sum a b) : bool ensures { result = invariant0 self } @@ -864,7 +865,7 @@ module DeriveMacros_Impl4 val inv0 (_x : DeriveMacros_Sum_Type.t_sum a b) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../derive_macros.rs" 1 0 1 0] forall x : DeriveMacros_Sum_Type.t_sum a b . inv0 x = true + axiom inv0 : forall x : DeriveMacros_Sum_Type.t_sum a b . inv0 x = true use prelude.Borrow goal clone'_refn : [#"../derive_macros.rs" 28 9 28 14] forall self : DeriveMacros_Sum_Type.t_sum a b . inv0 self -> inv0 self /\ (forall result : DeriveMacros_Sum_Type.t_sum a b . inv1 result /\ result = self -> inv1 result /\ result = self) end @@ -880,7 +881,7 @@ module DeriveMacros_Impl3 val inv0 (_x : DeriveMacros_Product_Type.t_product a b) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../derive_macros.rs" 1 0 1 0] forall x : DeriveMacros_Product_Type.t_product a b . inv0 x = true + axiom inv0 : forall x : DeriveMacros_Product_Type.t_product a b . inv0 x = true type deep_model_ty1 function deep_model3 (self : b) : deep_model_ty1 val deep_model3 (self : b) : deep_model_ty1 @@ -920,7 +921,7 @@ module DeriveMacros_Impl5 val inv0 (_x : DeriveMacros_Sum_Type.t_sum a b) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../derive_macros.rs" 1 0 1 0] forall x : DeriveMacros_Sum_Type.t_sum a b . inv0 x = true + axiom inv0 : forall x : DeriveMacros_Sum_Type.t_sum a b . inv0 x = true type deep_model_ty1 function deep_model3 (self : b) : deep_model_ty1 val deep_model3 (self : b) : deep_model_ty1 diff --git a/creusot/tests/should_succeed/take_first_mut.mlcfg b/creusot/tests/should_succeed/take_first_mut.mlcfg index 290b1c10e4..a3138c788b 100644 --- a/creusot/tests/should_succeed/take_first_mut.mlcfg +++ b/creusot/tests/should_succeed/take_first_mut.mlcfg @@ -21,7 +21,7 @@ module TakeFirstMut_TakeFirstMut val inv7 (_x : Seq.seq t) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../take_first_mut.rs" 1 0 1 0] forall x : Seq.seq t . inv7 x = true + axiom inv7 : forall x : Seq.seq t . inv7 x = true use prelude.Borrow use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant6 (self : Core_Option_Option_Type.t_option (borrowed t)) @@ -32,7 +32,7 @@ module TakeFirstMut_TakeFirstMut val inv6 (_x : Core_Option_Option_Type.t_option (borrowed t)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../take_first_mut.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (borrowed t) . inv6 x = true + axiom inv6 : forall x : Core_Option_Option_Type.t_option (borrowed t) . inv6 x = true predicate invariant5 (self : borrowed t) val invariant5 (self : borrowed t) : bool ensures { result = invariant5 self } @@ -41,7 +41,7 @@ module TakeFirstMut_TakeFirstMut val inv5 (_x : borrowed t) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../take_first_mut.rs" 1 0 1 0] forall x : borrowed t . inv5 x = true + axiom inv5 : forall x : borrowed t . inv5 x = true predicate invariant4 (self : t) val invariant4 (self : t) : bool ensures { result = invariant4 self } @@ -50,7 +50,7 @@ module TakeFirstMut_TakeFirstMut val inv4 (_x : t) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../take_first_mut.rs" 1 0 1 0] forall x : t . inv4 x = true + axiom inv4 : forall x : t . inv4 x = true use prelude.Slice predicate invariant3 (self : borrowed (borrowed (slice t))) val invariant3 (self : borrowed (borrowed (slice t))) : bool @@ -60,7 +60,7 @@ module TakeFirstMut_TakeFirstMut val inv3 (_x : borrowed (borrowed (slice t))) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../take_first_mut.rs" 1 0 1 0] forall x : borrowed (borrowed (slice t)) . inv3 x = true + axiom inv3 : forall x : borrowed (borrowed (slice t)) . inv3 x = true predicate invariant2 (self : Core_Option_Option_Type.t_option (borrowed t, borrowed (slice t))) val invariant2 (self : Core_Option_Option_Type.t_option (borrowed t, borrowed (slice t))) : bool ensures { result = invariant2 self } @@ -69,7 +69,7 @@ module TakeFirstMut_TakeFirstMut val inv2 (_x : Core_Option_Option_Type.t_option (borrowed t, borrowed (slice t))) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../take_first_mut.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (borrowed t, borrowed (slice t)) . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option (borrowed t, borrowed (slice t)) . inv2 x = true predicate invariant1 (self : slice t) val invariant1 (self : slice t) : bool ensures { result = invariant1 self } @@ -78,7 +78,7 @@ module TakeFirstMut_TakeFirstMut val inv1 (_x : slice t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../take_first_mut.rs" 1 0 1 0] forall x : slice t . inv1 x = true + axiom inv1 : forall x : slice t . inv1 x = true predicate invariant0 (self : borrowed (slice t)) val invariant0 (self : borrowed (slice t)) : bool ensures { result = invariant0 self } @@ -87,7 +87,7 @@ module TakeFirstMut_TakeFirstMut val inv0 (_x : borrowed (slice t)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../take_first_mut.rs" 1 0 1 0] forall x : borrowed (slice t) . inv0 x = true + axiom inv0 : forall x : borrowed (slice t) . inv0 x = true use seq_ext.SeqExt use seq.Seq function tail0 (self : Seq.seq t) : Seq.seq t = @@ -180,18 +180,18 @@ module TakeFirstMut_TakeFirstMut goto BB0 } BB0 { - _6 <- Borrow.borrow_mut ( * self_); - self_ <- { self_ with current = ^ _6 }; + [#"../take_first_mut.rs" 15 20 15 25] _6 <- Borrow.borrow_mut ( * self_); + [#"../take_first_mut.rs" 15 20 15 25] self_ <- { self_ with current = ^ _6 }; assume { inv0 ( ^ _6) }; - _5 <- ([#"../take_first_mut.rs" 15 10 15 26] take0 _6); + [#"../take_first_mut.rs" 15 10 15 26] _5 <- ([#"../take_first_mut.rs" 15 10 15 26] take0 _6); _6 <- any borrowed (borrowed (slice t)); goto BB1 } BB1 { - _4 <- Borrow.borrow_mut ( * _5); - _5 <- { _5 with current = ^ _4 }; + [#"../take_first_mut.rs" 15 10 15 44] _4 <- Borrow.borrow_mut ( * _5); + [#"../take_first_mut.rs" 15 10 15 44] _5 <- { _5 with current = ^ _4 }; assume { inv1 ( ^ _4) }; - _3 <- ([#"../take_first_mut.rs" 15 10 15 44] split_first_mut0 _4); + [#"../take_first_mut.rs" 15 10 15 44] _3 <- ([#"../take_first_mut.rs" 15 10 15 44] split_first_mut0 _4); _4 <- any borrowed (slice t); goto BB2 } @@ -205,25 +205,25 @@ module TakeFirstMut_TakeFirstMut goto BB6 } BB4 { - first <- (let (a, _) = Core_Option_Option_Type.some_0 _3 in a); - _3 <- (let Core_Option_Option_Type.C_Some x0 = _3 in Core_Option_Option_Type.C_Some (let (x0, x1) = Core_Option_Option_Type.some_0 _3 in (any borrowed t, x1))); - rem <- (let (_, a) = Core_Option_Option_Type.some_0 _3 in a); - _3 <- (let Core_Option_Option_Type.C_Some x0 = _3 in Core_Option_Option_Type.C_Some (let (x0, x1) = Core_Option_Option_Type.some_0 _3 in (x0, any borrowed (slice t)))); + [#"../take_first_mut.rs" 17 14 17 19] first <- ([#"../take_first_mut.rs" 17 14 17 19] let (a, _) = Core_Option_Option_Type.some_0 _3 in a); + [#"../take_first_mut.rs" 17 14 17 19] _3 <- (let Core_Option_Option_Type.C_Some x0 = _3 in Core_Option_Option_Type.C_Some (let (x0, x1) = Core_Option_Option_Type.some_0 _3 in (any borrowed t, x1))); + [#"../take_first_mut.rs" 17 21 17 24] rem <- ([#"../take_first_mut.rs" 17 21 17 24] let (_, a) = Core_Option_Option_Type.some_0 _3 in a); + [#"../take_first_mut.rs" 17 21 17 24] _3 <- (let Core_Option_Option_Type.C_Some x0 = _3 in Core_Option_Option_Type.C_Some (let (x0, x1) = Core_Option_Option_Type.some_0 _3 in (x0, any borrowed (slice t)))); assert { [@expl:type invariant] inv2 _3 }; assume { resolve0 _3 }; - _11 <- Borrow.borrow_mut ( * rem); - rem <- { rem with current = ^ _11 }; + [#"../take_first_mut.rs" 18 21 18 24] _11 <- Borrow.borrow_mut ( * rem); + [#"../take_first_mut.rs" 18 21 18 24] rem <- { rem with current = ^ _11 }; assume { inv1 ( ^ _11) }; - self_ <- { self_ with current = _11 }; - _11 <- any borrowed (slice t); + [#"../take_first_mut.rs" 18 12 18 24] self_ <- { self_ with current = ([#"../take_first_mut.rs" 18 12 18 24] _11) }; + [#"../take_first_mut.rs" 18 12 18 24] _11 <- any borrowed (slice t); assert { [@expl:type invariant] inv0 ( * self_) }; assume { resolve2 ( * self_) }; assert { [@expl:type invariant] inv3 self_ }; assume { resolve1 self_ }; - _12 <- Borrow.borrow_mut ( * first); - first <- { first with current = ^ _12 }; + [#"../take_first_mut.rs" 19 17 19 22] _12 <- Borrow.borrow_mut ( * first); + [#"../take_first_mut.rs" 19 17 19 22] first <- { first with current = ^ _12 }; assume { inv4 ( ^ _12) }; - _0 <- ([#"../take_first_mut.rs" 19 12 19 23] Core_Option_Option_Type.C_Some _12); + [#"../take_first_mut.rs" 19 12 19 23] _0 <- ([#"../take_first_mut.rs" 19 12 19 23] Core_Option_Option_Type.C_Some _12); _12 <- any borrowed t; assert { [@expl:type invariant] inv0 rem }; assume { resolve2 rem }; @@ -240,6 +240,7 @@ module TakeFirstMut_TakeFirstMut assume { resolve1 self_ }; assert { [@expl:type invariant] inv0 _5 }; assume { resolve2 _5 }; + assert { [#"../take_first_mut.rs" 15 10 15 44] false }; absurd } BB6 { @@ -247,7 +248,7 @@ module TakeFirstMut_TakeFirstMut assume { resolve0 _3 }; assert { [@expl:type invariant] inv3 self_ }; assume { resolve1 self_ }; - _0 <- ([#"../take_first_mut.rs" 16 23 16 27] Core_Option_Option_Type.C_None); + [#"../take_first_mut.rs" 16 23 16 27] _0 <- ([#"../take_first_mut.rs" 16 23 16 27] Core_Option_Option_Type.C_None); assert { [@expl:type invariant] inv0 _5 }; assume { resolve2 _5 }; goto BB7 diff --git a/creusot/tests/should_succeed/trait.mlcfg b/creusot/tests/should_succeed/trait.mlcfg index 33f94ecd5d..37b9f6d5b8 100644 --- a/creusot/tests/should_succeed/trait.mlcfg +++ b/creusot/tests/should_succeed/trait.mlcfg @@ -11,7 +11,7 @@ module Trait_UsesCustom val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../trait.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true predicate resolve0 (self : t) val resolve0 (self : t) : bool ensures { result = resolve0 self } @@ -26,7 +26,7 @@ module Trait_UsesCustom goto BB0 } BB0 { - _0 <- ([#"../trait.rs" 9 55 9 57] ()); + [#"../trait.rs" 9 55 9 57] _0 <- ([#"../trait.rs" 9 55 9 57] ()); assert { [@expl:type invariant] inv0 _t }; assume { resolve0 _t }; goto BB1 @@ -48,7 +48,7 @@ module Trait_UsesCustom2 val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../trait.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true predicate resolve0 (self : t) val resolve0 (self : t) : bool ensures { result = resolve0 self } @@ -63,7 +63,7 @@ module Trait_UsesCustom2 goto BB0 } BB0 { - _0 <- ([#"../trait.rs" 13 62 13 64] ()); + [#"../trait.rs" 13 62 13 64] _0 <- ([#"../trait.rs" 13 62 13 64] ()); assert { [@expl:type invariant] inv0 _t }; assume { resolve0 _t }; goto BB1 diff --git a/creusot/tests/should_succeed/trait_impl.mlcfg b/creusot/tests/should_succeed/trait_impl.mlcfg index 982e86c2bf..72dd32901b 100644 --- a/creusot/tests/should_succeed/trait_impl.mlcfg +++ b/creusot/tests/should_succeed/trait_impl.mlcfg @@ -11,7 +11,7 @@ module TraitImpl_Impl0_X val inv0 (_x : (t1, t2)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../trait_impl.rs" 1 0 1 0] forall x : (t1, t2) . inv0 x = true + axiom inv0 : forall x : (t1, t2) . inv0 x = true predicate resolve2 (self : t2) val resolve2 (self : t2) : bool ensures { result = resolve2 self } @@ -35,7 +35,7 @@ module TraitImpl_Impl0_X goto BB0 } BB0 { - _0 <- ([#"../trait_impl.rs" 25 15 25 17] ()); + [#"../trait_impl.rs" 25 15 25 17] _0 <- ([#"../trait_impl.rs" 25 15 25 17] ()); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; goto BB1 @@ -56,7 +56,7 @@ module TraitImpl_Impl1_X goto BB0 } BB0 { - _0 <- ([#"../trait_impl.rs" 29 15 29 17] ()); + [#"../trait_impl.rs" 29 15 29 17] _0 <- ([#"../trait_impl.rs" 29 15 29 17] ()); return _0 } @@ -73,7 +73,7 @@ module TraitImpl_Impl0 val inv0 (_x : (t1, t2)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../trait_impl.rs" 1 0 1 0] forall x : (t1, t2) . inv0 x = true + axiom inv0 : forall x : (t1, t2) . inv0 x = true goal x_refn : [#"../trait_impl.rs" 25 4 25 14] forall self : (t1, t2) . inv0 self -> inv0 self end module TraitImpl_Impl1 diff --git a/creusot/tests/should_succeed/traits/01.mlcfg b/creusot/tests/should_succeed/traits/01.mlcfg index 000ea01dc0..2aa032fa9e 100644 --- a/creusot/tests/should_succeed/traits/01.mlcfg +++ b/creusot/tests/should_succeed/traits/01.mlcfg @@ -11,7 +11,7 @@ module C01_UsesGeneric val inv1 (_x : uint32) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../01.rs" 1 0 1 0] forall x : uint32 . inv1 x = true + axiom inv1 : forall x : uint32 . inv1 x = true predicate invariant0 (self : t) val invariant0 (self : t) : bool ensures { result = invariant0 self } @@ -20,7 +20,7 @@ module C01_UsesGeneric val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../01.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true use prelude.Int val from_b0 [#"../01.rs" 5 4 5 31] (x : t) : uint32 requires {[#"../01.rs" 5 17 5 18] inv0 x} @@ -36,8 +36,8 @@ module C01_UsesGeneric goto BB0 } BB0 { - _0 <- ([#"../01.rs" 9 4 9 16] from_b0 b); - b <- any t; + [#"../01.rs" 9 4 9 16] _0 <- ([#"../01.rs" 9 4 9 16] from_b0 ([#"../01.rs" 9 14 9 15] b)); + [#"../01.rs" 9 14 9 15] b <- any t; goto BB1 } BB1 { diff --git a/creusot/tests/should_succeed/traits/02.mlcfg b/creusot/tests/should_succeed/traits/02.mlcfg index 8e64b27f30..91ebe20c96 100644 --- a/creusot/tests/should_succeed/traits/02.mlcfg +++ b/creusot/tests/should_succeed/traits/02.mlcfg @@ -9,7 +9,7 @@ module C02_Omg val inv1 (_x : t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../02.rs" 1 0 1 0] forall x : t . inv1 x = true + axiom inv1 : forall x : t . inv1 x = true predicate invariant0 (self : t) val invariant0 (self : t) : bool ensures { result = invariant0 self } @@ -18,7 +18,7 @@ module C02_Omg val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../02.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true predicate resolve0 (self : t) val resolve0 (self : t) : bool ensures { result = resolve0 self } @@ -39,7 +39,7 @@ module C02_Omg goto BB0 } BB0 { - _0 <- ([#"../02.rs" 12 4 12 15] is_true0 ([#"../02.rs" 12 4 12 15] a)); + [#"../02.rs" 12 4 12 15] _0 <- ([#"../02.rs" 12 4 12 15] is_true0 ([#"../02.rs" 12 4 12 15] a)); goto BB1 } BB1 { diff --git a/creusot/tests/should_succeed/traits/03.mlcfg b/creusot/tests/should_succeed/traits/03.mlcfg index 8a0fa1e1f0..fecedca641 100644 --- a/creusot/tests/should_succeed/traits/03.mlcfg +++ b/creusot/tests/should_succeed/traits/03.mlcfg @@ -10,7 +10,7 @@ module C03_Impl0_F goto BB0 } BB0 { - _0 <- ([#"../03.rs" 10 8 10 9] [#"../03.rs" 10 8 10 9] (0 : int32)); + [#"../03.rs" 10 8 10 9] _0 <- ([#"../03.rs" 10 8 10 9] [#"../03.rs" 10 8 10 9] (0 : int32)); return _0 } @@ -26,7 +26,7 @@ module C03_Impl1_G goto BB0 } BB0 { - _0 <- ([#"../03.rs" 21 8 21 9] [#"../03.rs" 21 8 21 9] (1 : uint32)); + [#"../03.rs" 21 8 21 9] _0 <- ([#"../03.rs" 21 8 21 9] [#"../03.rs" 21 8 21 9] (1 : uint32)); return _0 } @@ -41,7 +41,7 @@ module C03_Impl2_H val inv0 (_x : g) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../03.rs" 1 0 1 0] forall x : g . inv0 x = true + axiom inv0 : forall x : g . inv0 x = true use prelude.Borrow predicate resolve0 (self : g) val resolve0 (self : g) : bool @@ -58,7 +58,7 @@ module C03_Impl2_H goto BB0 } BB0 { - _0 <- y; + [#"../03.rs" 31 8 31 9] _0 <- ([#"../03.rs" 31 8 31 9] y); assert { [@expl:type invariant] inv0 y }; assume { resolve0 y }; return _0 @@ -76,7 +76,7 @@ module C03_Impl0 val inv1 (_x : int32) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../03.rs" 1 0 1 0] forall x : int32 . inv1 x = true + axiom inv1 : forall x : int32 . inv1 x = true predicate invariant0 (self : int32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : int32) : bool @@ -86,7 +86,7 @@ module C03_Impl0 val inv0 (_x : int32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../03.rs" 1 0 1 0] forall x : int32 . inv0 x = true + axiom inv0 : forall x : int32 . inv0 x = true use prelude.Int use prelude.Borrow goal f_refn : [#"../03.rs" 9 4 9 23] forall self : int32 . inv0 self -> (forall result : int32 . inv1 result) @@ -102,7 +102,7 @@ module C03_Impl1 val inv1 (_x : uint32) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../03.rs" 1 0 1 0] forall x : uint32 . inv1 x = true + axiom inv1 : forall x : uint32 . inv1 x = true predicate invariant0 (self : uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : uint32) : bool @@ -112,7 +112,7 @@ module C03_Impl1 val inv0 (_x : uint32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../03.rs" 1 0 1 0] forall x : uint32 . inv0 x = true + axiom inv0 : forall x : uint32 . inv0 x = true use prelude.Int use prelude.Borrow goal g_refn : [#"../03.rs" 20 4 20 23] forall self : uint32 . inv0 self -> (forall result : uint32 . inv1 result /\ result = result) @@ -127,7 +127,7 @@ module C03_Impl2 val inv0 (_x : g) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../03.rs" 1 0 1 0] forall x : g . inv0 x = true + axiom inv0 : forall x : g . inv0 x = true use prelude.Borrow goal h_refn : [#"../03.rs" 30 4 30 24] forall x : g . inv0 x -> inv0 x /\ (forall result : g . inv0 result -> inv0 result) end diff --git a/creusot/tests/should_succeed/traits/04.mlcfg b/creusot/tests/should_succeed/traits/04.mlcfg index 9f51026330..87cdd3d97e 100644 --- a/creusot/tests/should_succeed/traits/04.mlcfg +++ b/creusot/tests/should_succeed/traits/04.mlcfg @@ -9,7 +9,7 @@ module C04_User val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../04.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true use prelude.Borrow val func30 [#"../04.rs" 8 4 8 38] (self : t) (o : t) : bool requires {[#"../04.rs" 8 14 8 18] inv0 self} @@ -44,7 +44,7 @@ module C04_User goto BB0 } BB0 { - _5 <- ([#"../04.rs" 13 4 13 14] func10 ([#"../04.rs" 13 4 13 14] a) ([#"../04.rs" 13 12 13 13] b)); + [#"../04.rs" 13 4 13 14] _5 <- ([#"../04.rs" 13 4 13 14] func10 ([#"../04.rs" 13 4 13 14] a) ([#"../04.rs" 13 12 13 13] b)); goto BB7 } BB1 { @@ -52,7 +52,7 @@ module C04_User assume { resolve0 b }; assert { [@expl:type invariant] inv0 a }; assume { resolve0 a }; - _0 <- ([#"../04.rs" 13 4 13 42] [#"../04.rs" 13 4 13 42] false); + [#"../04.rs" 13 4 13 42] _0 <- ([#"../04.rs" 13 4 13 42] [#"../04.rs" 13 4 13 42] false); goto BB3 } BB2 { @@ -60,18 +60,18 @@ module C04_User assume { resolve0 a }; assert { [@expl:type invariant] inv0 b }; assume { resolve0 b }; - _11 <- ([#"../04.rs" 13 32 13 42] func30 ([#"../04.rs" 13 32 13 42] a) ([#"../04.rs" 13 40 13 41] b)); + [#"../04.rs" 13 32 13 42] _11 <- ([#"../04.rs" 13 32 13 42] func30 ([#"../04.rs" 13 32 13 42] a) ([#"../04.rs" 13 40 13 41] b)); goto BB9 } BB3 { return _0 } BB4 { - _4 <- ([#"../04.rs" 13 4 13 28] [#"../04.rs" 13 4 13 28] false); + [#"../04.rs" 13 4 13 28] _4 <- ([#"../04.rs" 13 4 13 28] [#"../04.rs" 13 4 13 28] false); goto BB6 } BB5 { - _8 <- ([#"../04.rs" 13 18 13 28] func20 ([#"../04.rs" 13 18 13 28] b) ([#"../04.rs" 13 26 13 27] a)); + [#"../04.rs" 13 18 13 28] _8 <- ([#"../04.rs" 13 18 13 28] func20 ([#"../04.rs" 13 18 13 28] b) ([#"../04.rs" 13 26 13 27] a)); goto BB8 } BB6 { @@ -87,13 +87,13 @@ module C04_User end } BB8 { - _4 <- _8; - _8 <- any bool; + [#"../04.rs" 13 4 13 28] _4 <- ([#"../04.rs" 13 4 13 28] _8); + [#"../04.rs" 13 4 13 28] _8 <- any bool; goto BB6 } BB9 { - _0 <- _11; - _11 <- any bool; + [#"../04.rs" 13 4 13 42] _0 <- ([#"../04.rs" 13 4 13 42] _11); + [#"../04.rs" 13 4 13 42] _11 <- any bool; goto BB3 } diff --git a/creusot/tests/should_succeed/traits/06.mlcfg b/creusot/tests/should_succeed/traits/06.mlcfg index 2cc5d059de..00339481df 100644 --- a/creusot/tests/should_succeed/traits/06.mlcfg +++ b/creusot/tests/should_succeed/traits/06.mlcfg @@ -10,7 +10,7 @@ module C06_Test val inv1 (_x : tgt0) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../06.rs" 1 0 1 0] forall x : tgt0 . inv1 x = true + axiom inv1 : forall x : tgt0 . inv1 x = true predicate invariant0 (self : t) val invariant0 (self : t) : bool ensures { result = invariant0 self } @@ -19,7 +19,7 @@ module C06_Test val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../06.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true use prelude.Borrow use prelude.UIntSize use prelude.Int @@ -44,7 +44,7 @@ module C06_Test BB0 { assert { [@expl:type invariant] inv0 a }; assume { resolve0 a }; - _0 <- ([#"../06.rs" 13 4 13 11] ix0 ([#"../06.rs" 13 4 13 11] a) ([#"../06.rs" 13 9 13 10] [#"../06.rs" 13 9 13 10] (0 : usize))); + [#"../06.rs" 13 4 13 11] _0 <- ([#"../06.rs" 13 4 13 11] ix0 ([#"../06.rs" 13 4 13 11] a) ([#"../06.rs" 13 9 13 10] [#"../06.rs" 13 9 13 10] (0 : usize))); goto BB1 } BB1 { diff --git a/creusot/tests/should_succeed/traits/07.mlcfg b/creusot/tests/should_succeed/traits/07.mlcfg index a7ab124a6b..1414ce7ebf 100644 --- a/creusot/tests/should_succeed/traits/07.mlcfg +++ b/creusot/tests/should_succeed/traits/07.mlcfg @@ -10,7 +10,7 @@ module C07_Impl0_Ix goto BB0 } BB0 { - _0 <- ([#"../07.rs" 12 8 12 10] ()); + [#"../07.rs" 12 8 12 10] _0 <- ([#"../07.rs" 12 8 12 10] ()); return _0 } @@ -29,7 +29,7 @@ module C07_Test goto BB0 } BB0 { - _0 <- ([#"../07.rs" 17 4 17 8] [#"../07.rs" 17 4 17 8] true); + [#"../07.rs" 17 4 17 8] _0 <- ([#"../07.rs" 17 4 17 8] [#"../07.rs" 17 4 17 8] true); return _0 } @@ -47,7 +47,7 @@ module C07_Test2 goto BB0 } BB0 { - _0 <- ([#"../07.rs" 21 4 21 10] ix0 ([#"../07.rs" 21 4 21 10] a)); + [#"../07.rs" 21 4 21 10] _0 <- ([#"../07.rs" 21 4 21 10] ix0 ([#"../07.rs" 21 4 21 10] a)); goto BB1 } BB1 { @@ -65,7 +65,7 @@ module C07_Impl0 val inv1 (_x : ()) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../07.rs" 1 0 1 0] forall x : () . inv1 x = true + axiom inv1 : forall x : () . inv1 x = true use prelude.Int32 predicate invariant0 (self : int32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -76,7 +76,7 @@ module C07_Impl0 val inv0 (_x : int32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../07.rs" 1 0 1 0] forall x : int32 . inv0 x = true + axiom inv0 : forall x : int32 . inv0 x = true use prelude.Int use prelude.Borrow goal ix_refn : [#"../07.rs" 11 4 11 36] forall self : int32 . inv0 self -> (forall result : () . inv1 result) diff --git a/creusot/tests/should_succeed/traits/08.mlcfg b/creusot/tests/should_succeed/traits/08.mlcfg index 86257ff0d5..fb7f9560b3 100644 --- a/creusot/tests/should_succeed/traits/08.mlcfg +++ b/creusot/tests/should_succeed/traits/08.mlcfg @@ -9,7 +9,7 @@ module C08_Tr_Program val inv0 (_x : self) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../08.rs" 1 0 1 0] forall x : self . inv0 x = true + axiom inv0 : forall x : self . inv0 x = true use prelude.Borrow predicate resolve0 (self : self) val resolve0 (self : self) : bool @@ -25,7 +25,7 @@ module C08_Tr_Program goto BB0 } BB0 { - _0 <- ([#"../08.rs" 12 22 12 24] ()); + [#"../08.rs" 12 22 12 24] _0 <- ([#"../08.rs" 12 22 12 24] ()); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; return _0 @@ -42,13 +42,13 @@ module C08_Test val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../08.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true predicate resolve0 (self : t) val resolve0 (self : t) : bool ensures { result = resolve0 self } let rec cfg test [#"../08.rs" 15 0 15 24] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : t) : () - requires {[#"../08.rs" 1 0 1 0] inv0 _1} + requires {inv0 _1} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -57,7 +57,7 @@ module C08_Test goto BB0 } BB0 { - _0 <- ([#"../08.rs" 15 25 15 27] ()); + [#"../08.rs" 15 25 15 27] _0 <- ([#"../08.rs" 15 25 15 27] ()); assert { [@expl:type invariant] inv0 _1 }; assume { resolve0 _1 }; goto BB1 diff --git a/creusot/tests/should_succeed/traits/09.mlcfg b/creusot/tests/should_succeed/traits/09.mlcfg index e9a28f4af3..e808e87016 100644 --- a/creusot/tests/should_succeed/traits/09.mlcfg +++ b/creusot/tests/should_succeed/traits/09.mlcfg @@ -11,7 +11,7 @@ module C09_Test goto BB0 } BB0 { - _0 <- ([#"../09.rs" 8 4 8 9] t + ([#"../09.rs" 8 8 8 9] [#"../09.rs" 8 8 8 9] (0 : uint32))); + [#"../09.rs" 8 4 8 9] _0 <- ([#"../09.rs" 8 4 8 9] ([#"../09.rs" 8 4 8 5] t) + ([#"../09.rs" 8 8 8 9] [#"../09.rs" 8 8 8 9] (0 : uint32))); return _0 } @@ -28,7 +28,7 @@ module C09_Test2 val inv0 (_x : x0) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../09.rs" 1 0 1 0] forall x : x0 . inv0 x = true + axiom inv0 : forall x : x0 . inv0 x = true let rec cfg test2 [#"../09.rs" 11 0 11 53] [@cfg:stackify] [@cfg:subregion_analysis] (t : x0) : x0 requires {[#"../09.rs" 11 37 11 38] inv0 t} ensures { [#"../09.rs" 11 49 11 53] inv0 result } @@ -40,8 +40,8 @@ module C09_Test2 goto BB0 } BB0 { - _0 <- t; - t <- any x0; + [#"../09.rs" 12 4 12 5] _0 <- ([#"../09.rs" 12 4 12 5] t); + [#"../09.rs" 12 4 12 5] t <- any x0; goto BB1 } BB1 { diff --git a/creusot/tests/should_succeed/traits/11.mlcfg b/creusot/tests/should_succeed/traits/11.mlcfg index 6780b0c314..70fb6a02cf 100644 --- a/creusot/tests/should_succeed/traits/11.mlcfg +++ b/creusot/tests/should_succeed/traits/11.mlcfg @@ -9,13 +9,13 @@ module C11_Test val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../11.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true predicate resolve0 (self : t) val resolve0 (self : t) : bool ensures { result = resolve0 self } let rec cfg test [#"../11.rs" 18 0 18 23] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : t) : () - requires {[#"../11.rs" 1 0 1 0] inv0 _1} + requires {inv0 _1} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : (); @@ -24,7 +24,7 @@ module C11_Test goto BB0 } BB0 { - _0 <- ([#"../11.rs" 18 24 18 26] ()); + [#"../11.rs" 18 24 18 26] _0 <- ([#"../11.rs" 18 24 18 26] ()); assert { [@expl:type invariant] inv0 _1 }; assume { resolve0 _1 }; goto BB1 diff --git a/creusot/tests/should_succeed/traits/12_default_method.mlcfg b/creusot/tests/should_succeed/traits/12_default_method.mlcfg index 67352542a4..33d26ef727 100644 --- a/creusot/tests/should_succeed/traits/12_default_method.mlcfg +++ b/creusot/tests/should_succeed/traits/12_default_method.mlcfg @@ -9,7 +9,7 @@ module C12DefaultMethod_T_Default val inv0 (_x : self) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../12_default_method.rs" 1 0 1 0] forall x : self . inv0 x = true + axiom inv0 : forall x : self . inv0 x = true use prelude.Borrow predicate resolve0 (self : self) val resolve0 (self : self) : bool @@ -27,7 +27,7 @@ module C12DefaultMethod_T_Default goto BB0 } BB0 { - _0 <- ([#"../12_default_method.rs" 7 8 7 9] [#"../12_default_method.rs" 7 8 7 9] (0 : uint32)); + [#"../12_default_method.rs" 7 8 7 9] _0 <- ([#"../12_default_method.rs" 7 8 7 9] [#"../12_default_method.rs" 7 8 7 9] (0 : uint32)); assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; return _0 @@ -45,7 +45,7 @@ module C12DefaultMethod_ShouldUseImpl val inv0 (_x : uint32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../12_default_method.rs" 1 0 1 0] forall x : uint32 . inv0 x = true + axiom inv0 : forall x : uint32 . inv0 x = true function logic_default0 [#"../12_default_method.rs" 12 4 12 34] (self : uint32) : bool = [#"../12_default_method.rs" 13 8 13 12] true val logic_default0 [#"../12_default_method.rs" 12 4 12 34] (self : uint32) : bool @@ -67,11 +67,11 @@ module C12DefaultMethod_ShouldUseImpl goto BB0 } BB0 { - _3 <- ([#"../12_default_method.rs" 21 4 21 15] default0 ([#"../12_default_method.rs" 21 4 21 15] x)); + [#"../12_default_method.rs" 21 4 21 15] _3 <- ([#"../12_default_method.rs" 21 4 21 15] default0 ([#"../12_default_method.rs" 21 4 21 15] x)); goto BB1 } BB1 { - _0 <- ([#"../12_default_method.rs" 20 31 22 1] ()); + [#"../12_default_method.rs" 20 31 22 1] _0 <- ([#"../12_default_method.rs" 20 31 22 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/traits/13_assoc_types.mlcfg b/creusot/tests/should_succeed/traits/13_assoc_types.mlcfg index b2d4318d7e..a95013a9f8 100644 --- a/creusot/tests/should_succeed/traits/13_assoc_types.mlcfg +++ b/creusot/tests/should_succeed/traits/13_assoc_types.mlcfg @@ -10,7 +10,7 @@ module C13AssocTypes_Impl0_Model val inv1 (_x : model_ty0) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../13_assoc_types.rs" 1 0 1 0] forall x : model_ty0 . inv1 x = true + axiom inv1 : forall x : model_ty0 . inv1 x = true predicate invariant0 (self : t) val invariant0 (self : t) : bool ensures { result = invariant0 self } @@ -19,7 +19,7 @@ module C13AssocTypes_Impl0_Model val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../13_assoc_types.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true use prelude.Borrow predicate resolve0 (self : t) val resolve0 (self : t) : bool @@ -38,7 +38,7 @@ module C13AssocTypes_Impl0_Model BB0 { assert { [@expl:type invariant] inv0 self }; assume { resolve0 self }; - _0 <- ([#"../13_assoc_types.rs" 14 8 14 22] model ([#"../13_assoc_types.rs" 14 8 14 22] self)); + [#"../13_assoc_types.rs" 14 8 14 22] _0 <- ([#"../13_assoc_types.rs" 14 8 14 22] model ([#"../13_assoc_types.rs" 14 8 14 22] self)); goto BB1 } BB1 { @@ -57,7 +57,7 @@ module C13AssocTypes_Impl0 val inv1 (_x : model_ty0) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../13_assoc_types.rs" 1 0 1 0] forall x : model_ty0 . inv1 x = true + axiom inv1 : forall x : model_ty0 . inv1 x = true predicate invariant0 (self : t) val invariant0 (self : t) : bool ensures { result = invariant0 self } @@ -66,7 +66,7 @@ module C13AssocTypes_Impl0 val inv0 (_x : t) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../13_assoc_types.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true use prelude.Borrow goal model_refn : [#"../13_assoc_types.rs" 13 4 13 35] forall self : t . inv0 self -> inv0 self /\ (forall result : model_ty0 . inv1 result -> inv1 result) end diff --git a/creusot/tests/should_succeed/traits/15_impl_interfaces.mlcfg b/creusot/tests/should_succeed/traits/15_impl_interfaces.mlcfg index e8205de8aa..caff2ea273 100644 --- a/creusot/tests/should_succeed/traits/15_impl_interfaces.mlcfg +++ b/creusot/tests/should_succeed/traits/15_impl_interfaces.mlcfg @@ -13,7 +13,7 @@ module C15ImplInterfaces_Calls goto BB0 } BB0 { - _0 <- ([#"../15_impl_interfaces.rs" 23 37 23 39] ()); + [#"../15_impl_interfaces.rs" 23 37 23 39] _0 <- ([#"../15_impl_interfaces.rs" 23 37 23 39] ()); return _0 } diff --git a/creusot/tests/should_succeed/traits/16_impl_cloning.mlcfg b/creusot/tests/should_succeed/traits/16_impl_cloning.mlcfg index 71c3c93f31..8a88e4f01e 100644 --- a/creusot/tests/should_succeed/traits/16_impl_cloning.mlcfg +++ b/creusot/tests/should_succeed/traits/16_impl_cloning.mlcfg @@ -57,7 +57,7 @@ module C16ImplCloning_Test val inv0 (_x : borrowed (C16ImplCloning_Vec_Type.t_vec t)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../16_impl_cloning.rs" 1 0 1 0] forall x : borrowed (C16ImplCloning_Vec_Type.t_vec t) . inv0 x = true + axiom inv0 : forall x : borrowed (C16ImplCloning_Vec_Type.t_vec t) . inv0 x = true use seq.Seq function shallow_model1 [#"../16_impl_cloning.rs" 11 4 11 50] (self : C16ImplCloning_Vec_Type.t_vec t) : Seq.seq t val shallow_model1 [#"../16_impl_cloning.rs" 11 4 11 50] (self : C16ImplCloning_Vec_Type.t_vec t) : Seq.seq t @@ -86,7 +86,7 @@ module C16ImplCloning_Test BB0 { assert { [@expl:type invariant] inv0 x }; assume { resolve0 x }; - _0 <- ([#"../16_impl_cloning.rs" 17 31 17 33] ()); + [#"../16_impl_cloning.rs" 17 31 17 33] _0 <- ([#"../16_impl_cloning.rs" 17 31 17 33] ()); return _0 } diff --git a/creusot/tests/should_succeed/traits/18_trait_laws.mlcfg b/creusot/tests/should_succeed/traits/18_trait_laws.mlcfg index 6bf6f98e7c..101e578eff 100644 --- a/creusot/tests/should_succeed/traits/18_trait_laws.mlcfg +++ b/creusot/tests/should_succeed/traits/18_trait_laws.mlcfg @@ -20,7 +20,7 @@ module C18TraitLaws_UsesOp_Impl val invariant0 (self : t) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../18_trait_laws.rs" 1 0 1 0] forall x : t . inv0 x = true + axiom inv0 : forall x : t . inv0 x = true let rec ghost function uses_op [#"../18_trait_laws.rs" 16 0 16 48] (x : t) (y : t) : bool requires {[#"../18_trait_laws.rs" 16 29 16 30] inv0 x} requires {[#"../18_trait_laws.rs" 16 35 16 36] inv0 y} @@ -69,7 +69,7 @@ module C18TraitLaws_Impl0 val inv0 (_x : ()) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../18_trait_laws.rs" 1 0 1 0] forall x : () . inv0 x = true + axiom inv0 : forall x : () . inv0 x = true function op0 [#"../18_trait_laws.rs" 23 4 23 32] (self : ()) (_2 : ()) : () = [#"../18_trait_laws.rs" 24 8 24 10] () val op0 [#"../18_trait_laws.rs" 23 4 23 32] (self : ()) (_2 : ()) : () diff --git a/creusot/tests/should_succeed/two_modules.mlcfg b/creusot/tests/should_succeed/two_modules.mlcfg index d231e4eb1c..c461c70677 100644 --- a/creusot/tests/should_succeed/two_modules.mlcfg +++ b/creusot/tests/should_succeed/two_modules.mlcfg @@ -16,7 +16,7 @@ module TwoModules_Mod2_X goto BB0 } BB0 { - _0 <- ([#"../two_modules.rs" 16 8 16 12] [#"../two_modules.rs" 16 8 16 12] true); + [#"../two_modules.rs" 16 8 16 12] _0 <- ([#"../two_modules.rs" 16 8 16 12] [#"../two_modules.rs" 16 8 16 12] true); return _0 } @@ -32,11 +32,11 @@ module TwoModules_F goto BB0 } BB0 { - _1 <- ([#"../two_modules.rs" 23 4 23 14] x0 ([#"../two_modules.rs" 23 12 23 13] TwoModules_Mod1_T_Type.C_B)); + [#"../two_modules.rs" 23 4 23 14] _1 <- ([#"../two_modules.rs" 23 4 23 14] x0 ([#"../two_modules.rs" 23 12 23 13] TwoModules_Mod1_T_Type.C_B)); goto BB1 } BB1 { - _0 <- ([#"../two_modules.rs" 22 11 24 1] ()); + [#"../two_modules.rs" 22 11 24 1] _0 <- ([#"../two_modules.rs" 22 11 24 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/type_constructors.mlcfg b/creusot/tests/should_succeed/type_constructors.mlcfg index e5fb49c29a..ac9d580983 100644 --- a/creusot/tests/should_succeed/type_constructors.mlcfg +++ b/creusot/tests/should_succeed/type_constructors.mlcfg @@ -7,7 +7,7 @@ module TypeConstructors_F goto BB0 } BB0 { - _0 <- ([#"../type_constructors.rs" 16 11 19 1] ()); + [#"../type_constructors.rs" 16 11 19 1] _0 <- ([#"../type_constructors.rs" 16 11 19 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/type_invariants/borrows.mlcfg b/creusot/tests/should_succeed/type_invariants/borrows.mlcfg index aa194ca262..d77e000ba7 100644 --- a/creusot/tests/should_succeed/type_invariants/borrows.mlcfg +++ b/creusot/tests/should_succeed/type_invariants/borrows.mlcfg @@ -22,7 +22,7 @@ module Borrows_Impl1_New val inv0 (_x : Borrows_NonZero_Type.t_nonzero) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../borrows.rs" 1 0 1 0] forall x : Borrows_NonZero_Type.t_nonzero . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : Borrows_NonZero_Type.t_nonzero . inv0 x = (invariant0 x /\ match x with | Borrows_NonZero_Type.C_NonZero a_0 -> true end) use prelude.Int32 @@ -39,7 +39,7 @@ module Borrows_Impl1_New goto BB0 } BB0 { - _0 <- ([#"../borrows.rs" 18 8 18 15] Borrows_NonZero_Type.C_NonZero n); + [#"../borrows.rs" 18 8 18 15] _0 <- ([#"../borrows.rs" 18 8 18 15] Borrows_NonZero_Type.C_NonZero ([#"../borrows.rs" 18 13 18 14] n)); return _0 } @@ -56,7 +56,7 @@ module Borrows_Impl1_InnerMut val inv1 (_x : Borrows_NonZero_Type.t_nonzero) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../borrows.rs" 1 0 1 0] forall x : Borrows_NonZero_Type.t_nonzero . inv1 x = (invariant1 x /\ match x with + axiom inv1 : forall x : Borrows_NonZero_Type.t_nonzero . inv1 x = (invariant1 x /\ match x with | Borrows_NonZero_Type.C_NonZero a_0 -> true end) use prelude.Borrow @@ -69,7 +69,7 @@ module Borrows_Impl1_InnerMut val inv0 (_x : borrowed (Borrows_NonZero_Type.t_nonzero)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../borrows.rs" 1 0 1 0] forall x : borrowed (Borrows_NonZero_Type.t_nonzero) . inv0 x = (inv1 ( * x) /\ inv1 ( ^ x)) + axiom inv0 : forall x : borrowed (Borrows_NonZero_Type.t_nonzero) . inv0 x = (inv1 ( * x) /\ inv1 ( ^ x)) use prelude.Int32 use prelude.Int predicate resolve1 (self : borrowed (Borrows_NonZero_Type.t_nonzero)) = @@ -96,12 +96,12 @@ module Borrows_Impl1_InnerMut goto BB0 } BB0 { - _5 <- Borrow.borrow_mut (Borrows_NonZero_Type.nonzero_0 ( * self)); - self <- { self with current = (let Borrows_NonZero_Type.C_NonZero x0 = * self in Borrows_NonZero_Type.C_NonZero ( ^ _5)) }; - _2 <- Borrow.borrow_mut ( * _5); - _5 <- { _5 with current = ^ _2 }; - _0 <- Borrow.borrow_mut ( * _2); - _2 <- { _2 with current = ^ _0 }; + [#"../borrows.rs" 24 8 24 19] _5 <- Borrow.borrow_mut (Borrows_NonZero_Type.nonzero_0 ( * self)); + [#"../borrows.rs" 24 8 24 19] self <- { self with current = (let Borrows_NonZero_Type.C_NonZero x0 = * self in Borrows_NonZero_Type.C_NonZero ( ^ _5)) }; + [#"../borrows.rs" 24 8 24 19] _2 <- Borrow.borrow_mut ( * _5); + [#"../borrows.rs" 24 8 24 19] _5 <- { _5 with current = ^ _2 }; + [#"../borrows.rs" 24 8 24 19] _0 <- Borrow.borrow_mut ( * _2); + [#"../borrows.rs" 24 8 24 19] _2 <- { _2 with current = ^ _0 }; assume { resolve0 _5 }; assume { resolve0 _2 }; assert { [@expl:type invariant] inv0 self }; @@ -139,9 +139,9 @@ module Borrows_Inc goto BB0 } BB0 { - x <- { x with current = ([#"../borrows.rs" 102 4 102 11] * x + ([#"../borrows.rs" 102 10 102 11] [#"../borrows.rs" 102 10 102 11] (1 : int32))) }; + [#"../borrows.rs" 102 4 102 11] x <- { x with current = ([#"../borrows.rs" 102 4 102 11] * x + ([#"../borrows.rs" 102 10 102 11] [#"../borrows.rs" 102 10 102 11] (1 : int32))) }; assume { resolve0 x }; - _0 <- ([#"../borrows.rs" 101 24 103 1] ()); + [#"../borrows.rs" 101 24 103 1] _0 <- ([#"../borrows.rs" 101 24 103 1] ()); return _0 } @@ -158,7 +158,7 @@ module Borrows_Simple val inv1 (_x : Borrows_NonZero_Type.t_nonzero) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../borrows.rs" 1 0 1 0] forall x : Borrows_NonZero_Type.t_nonzero . inv1 x = (invariant1 x /\ match x with + axiom inv1 : forall x : Borrows_NonZero_Type.t_nonzero . inv1 x = (invariant1 x /\ match x with | Borrows_NonZero_Type.C_NonZero a_0 -> true end) use prelude.Borrow @@ -171,7 +171,7 @@ module Borrows_Simple val inv0 (_x : borrowed (Borrows_NonZero_Type.t_nonzero)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../borrows.rs" 1 0 1 0] forall x : borrowed (Borrows_NonZero_Type.t_nonzero) . inv0 x = (inv1 ( * x) /\ inv1 ( ^ x)) + axiom inv0 : forall x : borrowed (Borrows_NonZero_Type.t_nonzero) . inv0 x = (inv1 ( * x) /\ inv1 ( ^ x)) use prelude.Int32 use prelude.Int let constant max0 : int32 = [@vc:do_not_keep_trace] [@vc:sp] @@ -211,11 +211,11 @@ module Borrows_Simple goto BB0 } BB0 { - _6 <- Borrow.borrow_mut (Borrows_NonZero_Type.nonzero_0 ( * x)); - x <- { x with current = (let Borrows_NonZero_Type.C_NonZero x0 = * x in Borrows_NonZero_Type.C_NonZero ( ^ _6)) }; - _5 <- Borrow.borrow_mut ( * _6); - _6 <- { _6 with current = ^ _5 }; - _4 <- ([#"../borrows.rs" 32 4 32 17] inc0 _5); + [#"../borrows.rs" 32 8 32 16] _6 <- Borrow.borrow_mut (Borrows_NonZero_Type.nonzero_0 ( * x)); + [#"../borrows.rs" 32 8 32 16] x <- { x with current = (let Borrows_NonZero_Type.C_NonZero x0 = * x in Borrows_NonZero_Type.C_NonZero ( ^ _6)) }; + [#"../borrows.rs" 32 8 32 16] _5 <- Borrow.borrow_mut ( * _6); + [#"../borrows.rs" 32 8 32 16] _6 <- { _6 with current = ^ _5 }; + [#"../borrows.rs" 32 4 32 17] _4 <- ([#"../borrows.rs" 32 4 32 17] inc0 _5); _5 <- any borrowed int32; goto BB1 } @@ -223,7 +223,7 @@ module Borrows_Simple assume { resolve0 _6 }; assert { [@expl:type invariant] inv0 x }; assume { resolve1 x }; - _0 <- ([#"../borrows.rs" 31 31 34 1] ()); + [#"../borrows.rs" 31 31 34 1] _0 <- ([#"../borrows.rs" 31 31 34 1] ()); return _0 } @@ -244,14 +244,14 @@ module Borrows_Hard val inv1 (_x : borrowed (Borrows_NonZero_Type.t_nonzero)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../borrows.rs" 1 0 1 0] forall x : borrowed (Borrows_NonZero_Type.t_nonzero) . inv1 x = (inv0 ( * x) /\ inv0 ( ^ x)) + axiom inv1 : forall x : borrowed (Borrows_NonZero_Type.t_nonzero) . inv1 x = (inv0 ( * x) /\ inv0 ( ^ x)) use prelude.Int32 predicate invariant0 [#"../borrows.rs" 9 4 9 30] (self : Borrows_NonZero_Type.t_nonzero) = [#"../borrows.rs" 10 20 10 32] Int32.to_int (Borrows_NonZero_Type.nonzero_0 self) <> 0 val invariant0 [#"../borrows.rs" 9 4 9 30] (self : Borrows_NonZero_Type.t_nonzero) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../borrows.rs" 1 0 1 0] forall x : Borrows_NonZero_Type.t_nonzero . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : Borrows_NonZero_Type.t_nonzero . inv0 x = (invariant0 x /\ match x with | Borrows_NonZero_Type.C_NonZero a_0 -> true end) use prelude.Int32 @@ -299,17 +299,17 @@ module Borrows_Hard goto BB0 } BB0 { - _7 <- Borrow.borrow_mut ( * x); - x <- { x with current = ^ _7 }; + [#"../borrows.rs" 39 8 39 21] _7 <- Borrow.borrow_mut ( * x); + [#"../borrows.rs" 39 8 39 21] x <- { x with current = ^ _7 }; assume { inv0 ( ^ _7) }; - _6 <- ([#"../borrows.rs" 39 8 39 21] inner_mut0 _7); + [#"../borrows.rs" 39 8 39 21] _6 <- ([#"../borrows.rs" 39 8 39 21] inner_mut0 _7); _7 <- any borrowed (Borrows_NonZero_Type.t_nonzero); goto BB1 } BB1 { - _5 <- Borrow.borrow_mut ( * _6); - _6 <- { _6 with current = ^ _5 }; - _4 <- ([#"../borrows.rs" 39 4 39 22] inc0 _5); + [#"../borrows.rs" 39 8 39 21] _5 <- Borrow.borrow_mut ( * _6); + [#"../borrows.rs" 39 8 39 21] _6 <- { _6 with current = ^ _5 }; + [#"../borrows.rs" 39 4 39 22] _4 <- ([#"../borrows.rs" 39 4 39 22] inc0 _5); _5 <- any borrowed int32; goto BB2 } @@ -317,7 +317,7 @@ module Borrows_Hard assume { resolve0 _6 }; assert { [@expl:type invariant] inv1 x }; assume { resolve1 x }; - _0 <- ([#"../borrows.rs" 38 29 41 1] ()); + [#"../borrows.rs" 38 29 41 1] _0 <- ([#"../borrows.rs" 38 29 41 1] ()); return _0 } @@ -338,14 +338,14 @@ module Borrows_Tuple val inv2 (_x : borrowed (Borrows_NonZero_Type.t_nonzero)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../borrows.rs" 1 0 1 0] forall x : borrowed (Borrows_NonZero_Type.t_nonzero) . inv2 x = (inv1 ( * x) /\ inv1 ( ^ x)) + axiom inv2 : forall x : borrowed (Borrows_NonZero_Type.t_nonzero) . inv2 x = (inv1 ( * x) /\ inv1 ( ^ x)) use prelude.Int32 predicate invariant1 [#"../borrows.rs" 9 4 9 30] (self : Borrows_NonZero_Type.t_nonzero) = [#"../borrows.rs" 10 20 10 32] Int32.to_int (Borrows_NonZero_Type.nonzero_0 self) <> 0 val invariant1 [#"../borrows.rs" 9 4 9 30] (self : Borrows_NonZero_Type.t_nonzero) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../borrows.rs" 1 0 1 0] forall x : Borrows_NonZero_Type.t_nonzero . inv1 x = (invariant1 x /\ match x with + axiom inv1 : forall x : Borrows_NonZero_Type.t_nonzero . inv1 x = (invariant1 x /\ match x with | Borrows_NonZero_Type.C_NonZero a_0 -> true end) predicate invariant0 (self : (Borrows_NonZero_Type.t_nonzero, borrowed (Borrows_NonZero_Type.t_nonzero))) = @@ -357,7 +357,7 @@ module Borrows_Tuple val inv0 (_x : (Borrows_NonZero_Type.t_nonzero, borrowed (Borrows_NonZero_Type.t_nonzero))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../borrows.rs" 1 0 1 0] forall x : (Borrows_NonZero_Type.t_nonzero, borrowed (Borrows_NonZero_Type.t_nonzero)) . inv0 x = (let (a, b) = x in inv1 a /\ inv2 b) + axiom inv0 : forall x : (Borrows_NonZero_Type.t_nonzero, borrowed (Borrows_NonZero_Type.t_nonzero)) . inv0 x = (let (a, b) = x in inv1 a /\ inv2 b) use prelude.Int32 use prelude.Int let constant max0 : int32 = [@vc:do_not_keep_trace] [@vc:sp] @@ -407,12 +407,12 @@ module Borrows_Tuple goto BB0 } BB0 { - x <- (let (x0, x1) = x in ((let Borrows_NonZero_Type.C_NonZero x0 = let (a, _) = x in a in Borrows_NonZero_Type.C_NonZero ([#"../borrows.rs" 46 13 46 14] [#"../borrows.rs" 46 13 46 14] (0 : int32))), x1)); - _6 <- Borrow.borrow_mut (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a))); - x <- (let (x0, x1) = x in (x0, { (let (_, a) = x in a) with current = (let Borrows_NonZero_Type.C_NonZero x0 = * (let (_, a) = x in a) in Borrows_NonZero_Type.C_NonZero ( ^ _6)) })); - _5 <- Borrow.borrow_mut ( * _6); - _6 <- { _6 with current = ^ _5 }; - _4 <- ([#"../borrows.rs" 47 4 47 20] inc0 _5); + [#"../borrows.rs" 46 4 46 14] x <- (let (x0, x1) = x in ((let Borrows_NonZero_Type.C_NonZero x0 = let (a, _) = x in a in Borrows_NonZero_Type.C_NonZero ([#"../borrows.rs" 46 4 46 14] [#"../borrows.rs" 46 13 46 14] (0 : int32))), x1)); + [#"../borrows.rs" 47 8 47 19] _6 <- Borrow.borrow_mut (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a))); + [#"../borrows.rs" 47 8 47 19] x <- (let (x0, x1) = x in (x0, { (let (_, a) = x in a) with current = (let Borrows_NonZero_Type.C_NonZero x0 = * (let (_, a) = x in a) in Borrows_NonZero_Type.C_NonZero ( ^ _6)) })); + [#"../borrows.rs" 47 8 47 19] _5 <- Borrow.borrow_mut ( * _6); + [#"../borrows.rs" 47 8 47 19] _6 <- { _6 with current = ^ _5 }; + [#"../borrows.rs" 47 4 47 20] _4 <- ([#"../borrows.rs" 47 4 47 20] inc0 _5); _5 <- any borrowed int32; goto BB1 } @@ -420,7 +420,7 @@ module Borrows_Tuple assume { resolve0 _6 }; assert { [@expl:type invariant] inv0 x }; assume { resolve1 x }; - _0 <- ([#"../borrows.rs" 45 45 49 1] ()); + [#"../borrows.rs" 45 45 49 1] _0 <- ([#"../borrows.rs" 45 45 49 1] ()); return _0 } @@ -441,14 +441,14 @@ module Borrows_PartialMove val inv2 (_x : borrowed (Borrows_NonZero_Type.t_nonzero)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../borrows.rs" 1 0 1 0] forall x : borrowed (Borrows_NonZero_Type.t_nonzero) . inv2 x = (inv1 ( * x) /\ inv1 ( ^ x)) + axiom inv2 : forall x : borrowed (Borrows_NonZero_Type.t_nonzero) . inv2 x = (inv1 ( * x) /\ inv1 ( ^ x)) use prelude.Int32 predicate invariant1 [#"../borrows.rs" 9 4 9 30] (self : Borrows_NonZero_Type.t_nonzero) = [#"../borrows.rs" 10 20 10 32] Int32.to_int (Borrows_NonZero_Type.nonzero_0 self) <> 0 val invariant1 [#"../borrows.rs" 9 4 9 30] (self : Borrows_NonZero_Type.t_nonzero) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../borrows.rs" 1 0 1 0] forall x : Borrows_NonZero_Type.t_nonzero . inv1 x = (invariant1 x /\ match x with + axiom inv1 : forall x : Borrows_NonZero_Type.t_nonzero . inv1 x = (invariant1 x /\ match x with | Borrows_NonZero_Type.C_NonZero a_0 -> true end) predicate invariant0 (self : (Borrows_NonZero_Type.t_nonzero, borrowed (Borrows_NonZero_Type.t_nonzero))) = @@ -460,7 +460,7 @@ module Borrows_PartialMove val inv0 (_x : (Borrows_NonZero_Type.t_nonzero, borrowed (Borrows_NonZero_Type.t_nonzero))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../borrows.rs" 1 0 1 0] forall x : (Borrows_NonZero_Type.t_nonzero, borrowed (Borrows_NonZero_Type.t_nonzero)) . inv0 x = (let (a, b) = x in inv1 a /\ inv2 b) + axiom inv0 : forall x : (Borrows_NonZero_Type.t_nonzero, borrowed (Borrows_NonZero_Type.t_nonzero)) . inv0 x = (let (a, b) = x in inv1 a /\ inv2 b) use prelude.Int32 use prelude.Int let constant max0 : int32 = [@vc:do_not_keep_trace] [@vc:sp] @@ -511,13 +511,13 @@ module Borrows_PartialMove goto BB0 } BB0 { - a <- (let (a, _) = x in a); - x <- (let (x0, x1) = x in (any Borrows_NonZero_Type.t_nonzero, x1)); - _7 <- Borrow.borrow_mut (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a))); - x <- (let (x0, x1) = x in (x0, { (let (_, a) = x in a) with current = (let Borrows_NonZero_Type.C_NonZero x0 = * (let (_, a) = x in a) in Borrows_NonZero_Type.C_NonZero ( ^ _7)) })); - _6 <- Borrow.borrow_mut ( * _7); - _7 <- { _7 with current = ^ _6 }; - _5 <- ([#"../borrows.rs" 55 4 55 20] inc0 _6); + [#"../borrows.rs" 54 16 54 19] a <- ([#"../borrows.rs" 54 16 54 19] let (a, _) = x in a); + [#"../borrows.rs" 54 16 54 19] x <- (let (x0, x1) = x in (any Borrows_NonZero_Type.t_nonzero, x1)); + [#"../borrows.rs" 55 8 55 19] _7 <- Borrow.borrow_mut (Borrows_NonZero_Type.nonzero_0 ( * (let (_, a) = x in a))); + [#"../borrows.rs" 55 8 55 19] x <- (let (x0, x1) = x in (x0, { (let (_, a) = x in a) with current = (let Borrows_NonZero_Type.C_NonZero x0 = * (let (_, a) = x in a) in Borrows_NonZero_Type.C_NonZero ( ^ _7)) })); + [#"../borrows.rs" 55 8 55 19] _6 <- Borrow.borrow_mut ( * _7); + [#"../borrows.rs" 55 8 55 19] _7 <- { _7 with current = ^ _6 }; + [#"../borrows.rs" 55 4 55 20] _5 <- ([#"../borrows.rs" 55 4 55 20] inc0 _6); _6 <- any borrowed int32; goto BB1 } @@ -525,8 +525,8 @@ module Borrows_PartialMove assume { resolve0 _7 }; assert { [@expl:type invariant] inv0 x }; assume { resolve1 x }; - a <- (let Borrows_NonZero_Type.C_NonZero x0 = a in Borrows_NonZero_Type.C_NonZero ([#"../borrows.rs" 56 10 56 11] [#"../borrows.rs" 56 10 56 11] (0 : int32))); - _0 <- ([#"../borrows.rs" 53 48 57 1] ()); + [#"../borrows.rs" 56 4 56 11] a <- (let Borrows_NonZero_Type.C_NonZero x0 = a in Borrows_NonZero_Type.C_NonZero ([#"../borrows.rs" 56 4 56 11] [#"../borrows.rs" 56 10 56 11] (0 : int32))); + [#"../borrows.rs" 53 48 57 1] _0 <- ([#"../borrows.rs" 53 48 57 1] ()); return _0 } @@ -543,7 +543,7 @@ module Borrows_Destruct val inv2 (_x : Borrows_NonZero_Type.t_nonzero) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../borrows.rs" 1 0 1 0] forall x : Borrows_NonZero_Type.t_nonzero . inv2 x = (invariant2 x /\ match x with + axiom inv2 : forall x : Borrows_NonZero_Type.t_nonzero . inv2 x = (invariant2 x /\ match x with | Borrows_NonZero_Type.C_NonZero a_0 -> true end) use prelude.Borrow @@ -556,7 +556,7 @@ module Borrows_Destruct val inv1 (_x : borrowed (Borrows_NonZero_Type.t_nonzero)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../borrows.rs" 1 0 1 0] forall x : borrowed (Borrows_NonZero_Type.t_nonzero) . inv1 x = (inv2 ( * x) /\ inv2 ( ^ x)) + axiom inv1 : forall x : borrowed (Borrows_NonZero_Type.t_nonzero) . inv1 x = (inv2 ( * x) /\ inv2 ( ^ x)) predicate invariant0 (self : (Borrows_NonZero_Type.t_nonzero, borrowed (Borrows_NonZero_Type.t_nonzero))) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : (Borrows_NonZero_Type.t_nonzero, borrowed (Borrows_NonZero_Type.t_nonzero))) : bool @@ -566,7 +566,7 @@ module Borrows_Destruct val inv0 (_x : (Borrows_NonZero_Type.t_nonzero, borrowed (Borrows_NonZero_Type.t_nonzero))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../borrows.rs" 1 0 1 0] forall x : (Borrows_NonZero_Type.t_nonzero, borrowed (Borrows_NonZero_Type.t_nonzero)) . inv0 x = (let (a, b) = x in inv2 a /\ inv1 b) + axiom inv0 : forall x : (Borrows_NonZero_Type.t_nonzero, borrowed (Borrows_NonZero_Type.t_nonzero)) . inv0 x = (let (a, b) = x in inv2 a /\ inv1 b) use prelude.Int32 use prelude.Int let constant max0 : int32 = [@vc:do_not_keep_trace] [@vc:sp] @@ -618,18 +618,18 @@ module Borrows_Destruct goto BB0 } BB0 { - a <- (let (a, _) = x in a); - x <- (let (x0, x1) = x in (any Borrows_NonZero_Type.t_nonzero, x1)); - b <- (let (_, a) = x in a); - x <- (let (x0, x1) = x in (x0, any borrowed (Borrows_NonZero_Type.t_nonzero))); + [#"../borrows.rs" 62 9 62 14] a <- ([#"../borrows.rs" 62 9 62 14] let (a, _) = x in a); + [#"../borrows.rs" 62 9 62 14] x <- (let (x0, x1) = x in (any Borrows_NonZero_Type.t_nonzero, x1)); + [#"../borrows.rs" 62 16 62 17] b <- ([#"../borrows.rs" 62 16 62 17] let (_, a) = x in a); + [#"../borrows.rs" 62 16 62 17] x <- (let (x0, x1) = x in (x0, any borrowed (Borrows_NonZero_Type.t_nonzero))); assert { [@expl:type invariant] inv0 x }; assume { resolve0 x }; - a <- (let Borrows_NonZero_Type.C_NonZero x0 = a in Borrows_NonZero_Type.C_NonZero ([#"../borrows.rs" 63 10 63 11] [#"../borrows.rs" 63 10 63 11] (0 : int32))); - _8 <- Borrow.borrow_mut (Borrows_NonZero_Type.nonzero_0 ( * b)); - b <- { b with current = (let Borrows_NonZero_Type.C_NonZero x0 = * b in Borrows_NonZero_Type.C_NonZero ( ^ _8)) }; - _7 <- Borrow.borrow_mut ( * _8); - _8 <- { _8 with current = ^ _7 }; - _6 <- ([#"../borrows.rs" 64 4 64 17] inc0 _7); + [#"../borrows.rs" 63 4 63 11] a <- (let Borrows_NonZero_Type.C_NonZero x0 = a in Borrows_NonZero_Type.C_NonZero ([#"../borrows.rs" 63 4 63 11] [#"../borrows.rs" 63 10 63 11] (0 : int32))); + [#"../borrows.rs" 64 8 64 16] _8 <- Borrow.borrow_mut (Borrows_NonZero_Type.nonzero_0 ( * b)); + [#"../borrows.rs" 64 8 64 16] b <- { b with current = (let Borrows_NonZero_Type.C_NonZero x0 = * b in Borrows_NonZero_Type.C_NonZero ( ^ _8)) }; + [#"../borrows.rs" 64 8 64 16] _7 <- Borrow.borrow_mut ( * _8); + [#"../borrows.rs" 64 8 64 16] _8 <- { _8 with current = ^ _7 }; + [#"../borrows.rs" 64 4 64 17] _6 <- ([#"../borrows.rs" 64 4 64 17] inc0 _7); _7 <- any borrowed int32; goto BB1 } @@ -637,7 +637,7 @@ module Borrows_Destruct assume { resolve1 _8 }; assert { [@expl:type invariant] inv1 b }; assume { resolve2 b }; - _0 <- ([#"../borrows.rs" 61 44 65 1] ()); + [#"../borrows.rs" 61 44 65 1] _0 <- ([#"../borrows.rs" 61 44 65 1] ()); return _0 } @@ -658,14 +658,14 @@ module Borrows_FrozenDead val inv1 (_x : borrowed (Borrows_NonZero_Type.t_nonzero)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../borrows.rs" 1 0 1 0] forall x : borrowed (Borrows_NonZero_Type.t_nonzero) . inv1 x = (inv0 ( * x) /\ inv0 ( ^ x)) + axiom inv1 : forall x : borrowed (Borrows_NonZero_Type.t_nonzero) . inv1 x = (inv0 ( * x) /\ inv0 ( ^ x)) use prelude.Int32 predicate invariant0 [#"../borrows.rs" 9 4 9 30] (self : Borrows_NonZero_Type.t_nonzero) = [#"../borrows.rs" 10 20 10 32] Int32.to_int (Borrows_NonZero_Type.nonzero_0 self) <> 0 val invariant0 [#"../borrows.rs" 9 4 9 30] (self : Borrows_NonZero_Type.t_nonzero) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../borrows.rs" 1 0 1 0] forall x : Borrows_NonZero_Type.t_nonzero . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : Borrows_NonZero_Type.t_nonzero . inv0 x = (invariant0 x /\ match x with | Borrows_NonZero_Type.C_NonZero a_0 -> true end) use prelude.Int32 @@ -710,26 +710,26 @@ module Borrows_FrozenDead goto BB0 } BB0 { - _a <- Borrow.borrow_mut (Borrows_NonZero_Type.nonzero_0 ( * x)); - x <- { x with current = (let Borrows_NonZero_Type.C_NonZero x0 = * x in Borrows_NonZero_Type.C_NonZero ( ^ _a)) }; - _6 <- Borrow.borrow_mut ( * y); - y <- { y with current = ^ _6 }; + [#"../borrows.rs" 70 13 70 21] _a <- Borrow.borrow_mut (Borrows_NonZero_Type.nonzero_0 ( * x)); + [#"../borrows.rs" 70 13 70 21] x <- { x with current = (let Borrows_NonZero_Type.C_NonZero x0 = * x in Borrows_NonZero_Type.C_NonZero ( ^ _a)) }; + [#"../borrows.rs" 74 8 74 9] _6 <- Borrow.borrow_mut ( * y); + [#"../borrows.rs" 74 8 74 9] y <- { y with current = ^ _6 }; assume { inv0 ( ^ _6) }; assert { [@expl:type invariant] inv1 x }; assume { resolve0 x }; - x <- _6; - _6 <- any borrowed (Borrows_NonZero_Type.t_nonzero); + [#"../borrows.rs" 73 4 74 9] x <- ([#"../borrows.rs" 73 4 74 9] _6); + [#"../borrows.rs" 73 4 74 9] _6 <- any borrowed (Borrows_NonZero_Type.t_nonzero); assert { [@expl:type invariant] inv1 x }; assume { resolve0 x }; - _8 <- Borrow.borrow_mut ( * _a); - _a <- { _a with current = ^ _8 }; - _7 <- ([#"../borrows.rs" 75 4 75 11] inc0 _8); + [#"../borrows.rs" 75 8 75 10] _8 <- Borrow.borrow_mut ( * _a); + [#"../borrows.rs" 75 8 75 10] _a <- { _a with current = ^ _8 }; + [#"../borrows.rs" 75 4 75 11] _7 <- ([#"../borrows.rs" 75 4 75 11] inc0 _8); _8 <- any borrowed int32; goto BB1 } BB1 { assume { resolve1 _a }; - _0 <- ([#"../borrows.rs" 69 67 76 1] ()); + [#"../borrows.rs" 69 67 76 1] _0 <- ([#"../borrows.rs" 69 67 76 1] ()); assert { [@expl:type invariant] inv1 y }; assume { resolve0 y }; return _0 @@ -780,9 +780,9 @@ module Borrows_Dec goto BB0 } BB0 { - x <- { x with current = ([#"../borrows.rs" 108 4 108 11] * x - ([#"../borrows.rs" 108 10 108 11] [#"../borrows.rs" 108 10 108 11] (1 : int32))) }; + [#"../borrows.rs" 108 4 108 11] x <- { x with current = ([#"../borrows.rs" 108 4 108 11] * x - ([#"../borrows.rs" 108 10 108 11] [#"../borrows.rs" 108 10 108 11] (1 : int32))) }; assume { resolve0 x }; - _0 <- ([#"../borrows.rs" 107 24 109 1] ()); + [#"../borrows.rs" 107 24 109 1] _0 <- ([#"../borrows.rs" 107 24 109 1] ()); return _0 } @@ -800,7 +800,7 @@ module Borrows_Impl3_Foo val inv1 (_x : Borrows_SumTo10_Type.t_sumto10) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../borrows.rs" 1 0 1 0] forall x : Borrows_SumTo10_Type.t_sumto10 . inv1 x = (invariant1 x /\ match x with + axiom inv1 : forall x : Borrows_SumTo10_Type.t_sumto10 . inv1 x = (invariant1 x /\ match x with | Borrows_SumTo10_Type.C_SumTo10 a b -> true end) use prelude.Borrow @@ -813,7 +813,7 @@ module Borrows_Impl3_Foo val inv0 (_x : borrowed (Borrows_SumTo10_Type.t_sumto10)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../borrows.rs" 1 0 1 0] forall x : borrowed (Borrows_SumTo10_Type.t_sumto10) . inv0 x = (inv1 ( * x) /\ inv1 ( ^ x)) + axiom inv0 : forall x : borrowed (Borrows_SumTo10_Type.t_sumto10) . inv0 x = (inv1 ( * x) /\ inv1 ( ^ x)) use prelude.Int32 let constant max0 : int32 = [@vc:do_not_keep_trace] [@vc:sp] (2147483647 : int32) @@ -860,21 +860,21 @@ module Borrows_Impl3_Foo goto BB0 } BB0 { - _5 <- Borrow.borrow_mut (Borrows_SumTo10_Type.sumto10_a ( * self)); - self <- { self with current = (let Borrows_SumTo10_Type.C_SumTo10 x0 x1 = * self in Borrows_SumTo10_Type.C_SumTo10 ( ^ _5) x1) }; - _4 <- Borrow.borrow_mut ( * _5); - _5 <- { _5 with current = ^ _4 }; - _3 <- ([#"../borrows.rs" 94 8 94 24] inc0 _4); + [#"../borrows.rs" 94 12 94 23] _5 <- Borrow.borrow_mut (Borrows_SumTo10_Type.sumto10_a ( * self)); + [#"../borrows.rs" 94 12 94 23] self <- { self with current = (let Borrows_SumTo10_Type.C_SumTo10 x0 x1 = * self in Borrows_SumTo10_Type.C_SumTo10 ( ^ _5) x1) }; + [#"../borrows.rs" 94 12 94 23] _4 <- Borrow.borrow_mut ( * _5); + [#"../borrows.rs" 94 12 94 23] _5 <- { _5 with current = ^ _4 }; + [#"../borrows.rs" 94 8 94 24] _3 <- ([#"../borrows.rs" 94 8 94 24] inc0 _4); _4 <- any borrowed int32; goto BB1 } BB1 { assume { resolve0 _5 }; - _8 <- Borrow.borrow_mut (Borrows_SumTo10_Type.sumto10_b ( * self)); - self <- { self with current = (let Borrows_SumTo10_Type.C_SumTo10 x0 x1 = * self in Borrows_SumTo10_Type.C_SumTo10 x0 ( ^ _8)) }; - _7 <- Borrow.borrow_mut ( * _8); - _8 <- { _8 with current = ^ _7 }; - _6 <- ([#"../borrows.rs" 95 8 95 24] dec0 _7); + [#"../borrows.rs" 95 12 95 23] _8 <- Borrow.borrow_mut (Borrows_SumTo10_Type.sumto10_b ( * self)); + [#"../borrows.rs" 95 12 95 23] self <- { self with current = (let Borrows_SumTo10_Type.C_SumTo10 x0 x1 = * self in Borrows_SumTo10_Type.C_SumTo10 x0 ( ^ _8)) }; + [#"../borrows.rs" 95 12 95 23] _7 <- Borrow.borrow_mut ( * _8); + [#"../borrows.rs" 95 12 95 23] _8 <- { _8 with current = ^ _7 }; + [#"../borrows.rs" 95 8 95 24] _6 <- ([#"../borrows.rs" 95 8 95 24] dec0 _7); _7 <- any borrowed int32; goto BB2 } @@ -882,7 +882,7 @@ module Borrows_Impl3_Foo assume { resolve0 _8 }; assert { [@expl:type invariant] inv0 self }; assume { resolve1 self }; - _0 <- ([#"../borrows.rs" 93 26 96 5] ()); + [#"../borrows.rs" 93 26 96 5] _0 <- ([#"../borrows.rs" 93 26 96 5] ()); return _0 } diff --git a/creusot/tests/should_succeed/type_invariants/generated.mlcfg b/creusot/tests/should_succeed/type_invariants/generated.mlcfg index c0d2dededd..679f36dda7 100644 --- a/creusot/tests/should_succeed/type_invariants/generated.mlcfg +++ b/creusot/tests/should_succeed/type_invariants/generated.mlcfg @@ -35,7 +35,7 @@ module Generated_UseFoo val inv5 (_x : uint32) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../generated.rs" 1 0 1 0] forall x : uint32 . inv5 x = true + axiom inv5 : forall x : uint32 . inv5 x = true use Generated_Sum10_Type as Generated_Sum10_Type use prelude.Borrow use Generated_Foo_Type as Generated_Foo_Type @@ -52,7 +52,7 @@ module Generated_UseFoo val inv4 (_x : Generated_Foo_Type.t_foo uint32) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../generated.rs" 1 0 1 0] forall x : Generated_Foo_Type.t_foo uint32 . inv4 x = match x with + axiom inv4 : forall x : Generated_Foo_Type.t_foo uint32 . inv4 x = match x with | Generated_Foo_Type.C_A f1 f2 -> inv1 f1 | Generated_Foo_Type.C_B a_0 -> true end @@ -67,7 +67,7 @@ module Generated_UseFoo val inv3 (_x : Generated_Sum10_Type.t_sum10) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../generated.rs" 1 0 1 0] forall x : Generated_Sum10_Type.t_sum10 . inv3 x = (invariant3 x /\ match x with + axiom inv3 : forall x : Generated_Sum10_Type.t_sum10 . inv3 x = (invariant3 x /\ match x with | Generated_Sum10_Type.C_Sum10 a_0 a_1 -> true end) predicate invariant2 (self : (Generated_Foo_Type.t_foo uint32, borrowed (Generated_Sum10_Type.t_sum10))) = @@ -79,13 +79,13 @@ module Generated_UseFoo val inv2 (_x : (Generated_Foo_Type.t_foo uint32, borrowed (Generated_Sum10_Type.t_sum10))) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../generated.rs" 1 0 1 0] forall x : (Generated_Foo_Type.t_foo uint32, borrowed (Generated_Sum10_Type.t_sum10)) . inv2 x = (let (a, b) = x in inv4 a /\ inv1 b) + axiom inv2 : forall x : (Generated_Foo_Type.t_foo uint32, borrowed (Generated_Sum10_Type.t_sum10)) . inv2 x = (let (a, b) = x in inv4 a /\ inv1 b) predicate invariant1 (self : borrowed (Generated_Sum10_Type.t_sum10)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : borrowed (Generated_Sum10_Type.t_sum10)) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../generated.rs" 1 0 1 0] forall x : borrowed (Generated_Sum10_Type.t_sum10) . inv1 x = (inv3 ( * x) /\ inv3 ( ^ x)) + axiom inv1 : forall x : borrowed (Generated_Sum10_Type.t_sum10) . inv1 x = (inv3 ( * x) /\ inv3 ( ^ x)) predicate invariant0 (self : Generated_Foo_Type.t_foo (Generated_Foo_Type.t_foo uint32, borrowed (Generated_Sum10_Type.t_sum10))) = @@ -98,7 +98,7 @@ module Generated_UseFoo val inv0 (_x : Generated_Foo_Type.t_foo (Generated_Foo_Type.t_foo uint32, borrowed (Generated_Sum10_Type.t_sum10))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../generated.rs" 1 0 1 0] forall x : Generated_Foo_Type.t_foo (Generated_Foo_Type.t_foo uint32, borrowed (Generated_Sum10_Type.t_sum10)) . inv0 x = match x with + axiom inv0 : forall x : Generated_Foo_Type.t_foo (Generated_Foo_Type.t_foo uint32, borrowed (Generated_Sum10_Type.t_sum10)) . inv0 x = match x with | Generated_Foo_Type.C_A f1 f2 -> inv1 f1 | Generated_Foo_Type.C_B a_0 -> inv2 a_0 end @@ -113,7 +113,7 @@ module Generated_UseFoo } BB0 { assert { [@expl:assertion] [#"../generated.rs" 20 18 20 35] inv0 x }; - _0 <- ([#"../generated.rs" 19 62 21 1] ()); + [#"../generated.rs" 19 62 21 1] _0 <- ([#"../generated.rs" 19 62 21 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/type_invariants/non_zero.mlcfg b/creusot/tests/should_succeed/type_invariants/non_zero.mlcfg index f9f357e42e..b2658f8554 100644 --- a/creusot/tests/should_succeed/type_invariants/non_zero.mlcfg +++ b/creusot/tests/should_succeed/type_invariants/non_zero.mlcfg @@ -23,7 +23,7 @@ module NonZero_Impl1_New val inv0 (_x : NonZero_NonZeroU32_Type.t_nonzerou32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../non_zero.rs" 1 0 1 0] forall x : NonZero_NonZeroU32_Type.t_nonzerou32 . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : NonZero_NonZeroU32_Type.t_nonzerou32 . inv0 x = (invariant0 x /\ match x with | NonZero_NonZeroU32_Type.C_NonZeroU32 a_0 -> true end) use prelude.UInt32 @@ -38,7 +38,7 @@ module NonZero_Impl1_New goto BB0 } BB0 { - _0 <- ([#"../non_zero.rs" 17 8 17 15] NonZero_NonZeroU32_Type.C_NonZeroU32 n); + [#"../non_zero.rs" 17 8 17 15] _0 <- ([#"../non_zero.rs" 17 8 17 15] NonZero_NonZeroU32_Type.C_NonZeroU32 ([#"../non_zero.rs" 17 13 17 14] n)); return _0 } @@ -56,7 +56,7 @@ module NonZero_Impl1_Add val inv0 (_x : NonZero_NonZeroU32_Type.t_nonzerou32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../non_zero.rs" 1 0 1 0] forall x : NonZero_NonZeroU32_Type.t_nonzerou32 . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : NonZero_NonZeroU32_Type.t_nonzerou32 . inv0 x = (invariant0 x /\ match x with | NonZero_NonZeroU32_Type.C_NonZeroU32 a_0 -> true end) use prelude.UInt32 @@ -76,7 +76,7 @@ module NonZero_Impl1_Add goto BB0 } BB0 { - _0 <- ([#"../non_zero.rs" 22 8 22 28] NonZero_NonZeroU32_Type.C_NonZeroU32 ([#"../non_zero.rs" 22 13 22 27] NonZero_NonZeroU32_Type.nonzerou32_0 self + NonZero_NonZeroU32_Type.nonzerou32_0 rhs)); + [#"../non_zero.rs" 22 8 22 28] _0 <- ([#"../non_zero.rs" 22 8 22 28] NonZero_NonZeroU32_Type.C_NonZeroU32 ([#"../non_zero.rs" 22 13 22 27] ([#"../non_zero.rs" 22 13 22 19] NonZero_NonZeroU32_Type.nonzerou32_0 self) + ([#"../non_zero.rs" 22 22 22 27] NonZero_NonZeroU32_Type.nonzerou32_0 rhs))); return _0 } @@ -94,7 +94,7 @@ module NonZero_Impl1_SubPreTrans_Impl val inv0 (_x : NonZero_NonZeroU32_Type.t_nonzerou32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../non_zero.rs" 1 0 1 0] forall x : NonZero_NonZeroU32_Type.t_nonzerou32 . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : NonZero_NonZeroU32_Type.t_nonzerou32 . inv0 x = (invariant0 x /\ match x with | NonZero_NonZeroU32_Type.C_NonZeroU32 a_0 -> true end) predicate sub_pre0 [#"../non_zero.rs" 27 4 27 43] (self : NonZero_NonZeroU32_Type.t_nonzerou32) (rhs : NonZero_NonZeroU32_Type.t_nonzerou32) @@ -128,7 +128,7 @@ module NonZero_Impl1_Sub val inv0 (_x : NonZero_NonZeroU32_Type.t_nonzerou32) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../non_zero.rs" 1 0 1 0] forall x : NonZero_NonZeroU32_Type.t_nonzerou32 . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : NonZero_NonZeroU32_Type.t_nonzerou32 . inv0 x = (invariant0 x /\ match x with | NonZero_NonZeroU32_Type.C_NonZeroU32 a_0 -> true end) predicate sub_pre0 [#"../non_zero.rs" 27 4 27 43] (self : NonZero_NonZeroU32_Type.t_nonzerou32) (rhs : NonZero_NonZeroU32_Type.t_nonzerou32) @@ -153,7 +153,7 @@ module NonZero_Impl1_Sub goto BB0 } BB0 { - _0 <- ([#"../non_zero.rs" 41 8 41 28] NonZero_NonZeroU32_Type.C_NonZeroU32 ([#"../non_zero.rs" 41 13 41 27] NonZero_NonZeroU32_Type.nonzerou32_0 self - NonZero_NonZeroU32_Type.nonzerou32_0 rhs)); + [#"../non_zero.rs" 41 8 41 28] _0 <- ([#"../non_zero.rs" 41 8 41 28] NonZero_NonZeroU32_Type.C_NonZeroU32 ([#"../non_zero.rs" 41 13 41 27] ([#"../non_zero.rs" 41 13 41 19] NonZero_NonZeroU32_Type.nonzerou32_0 self) - ([#"../non_zero.rs" 41 22 41 27] NonZero_NonZeroU32_Type.nonzerou32_0 rhs))); return _0 } diff --git a/creusot/tests/should_succeed/type_invariants/quant.mlcfg b/creusot/tests/should_succeed/type_invariants/quant.mlcfg index 06aa890dbe..573a17ad37 100644 --- a/creusot/tests/should_succeed/type_invariants/quant.mlcfg +++ b/creusot/tests/should_succeed/type_invariants/quant.mlcfg @@ -15,7 +15,7 @@ module Quant_Forall_Impl val inv0 (_x : Quant_WithInvariant_Type.t_withinvariant) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../quant.rs" 1 0 1 0] forall x : Quant_WithInvariant_Type.t_withinvariant . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : Quant_WithInvariant_Type.t_withinvariant . inv0 x = (invariant0 x /\ match x with | Quant_WithInvariant_Type.C_WithInvariant -> true end) let rec ghost function forall' [#"../quant.rs" 17 0 17 15] (_1 : ()) : () @@ -35,7 +35,7 @@ module Quant_Exists_Impl val inv0 (_x : Quant_WithInvariant_Type.t_withinvariant) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../quant.rs" 1 0 1 0] forall x : Quant_WithInvariant_Type.t_withinvariant . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : Quant_WithInvariant_Type.t_withinvariant . inv0 x = (invariant0 x /\ match x with | Quant_WithInvariant_Type.C_WithInvariant -> true end) let rec ghost function exists' [#"../quant.rs" 22 0 22 15] (_1 : ()) : () diff --git a/creusot/tests/should_succeed/type_invariants/type_invariants.mlcfg b/creusot/tests/should_succeed/type_invariants/type_invariants.mlcfg index 05d780e425..c9c565eed0 100644 --- a/creusot/tests/should_succeed/type_invariants/type_invariants.mlcfg +++ b/creusot/tests/should_succeed/type_invariants/type_invariants.mlcfg @@ -15,7 +15,7 @@ module TypeInvariants_Id val inv0 (_x : TypeInvariants_WithInvariant_Type.t_withinvariant) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../type_invariants.rs" 1 0 1 0] forall x : TypeInvariants_WithInvariant_Type.t_withinvariant . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : TypeInvariants_WithInvariant_Type.t_withinvariant . inv0 x = (invariant0 x /\ match x with | TypeInvariants_WithInvariant_Type.C_WithInvariant -> true end) let rec cfg id [#"../type_invariants.rs" 14 0 14 44] [@cfg:stackify] [@cfg:subregion_analysis] (x : TypeInvariants_WithInvariant_Type.t_withinvariant) : TypeInvariants_WithInvariant_Type.t_withinvariant @@ -29,8 +29,8 @@ module TypeInvariants_Id goto BB0 } BB0 { - _0 <- x; - x <- any TypeInvariants_WithInvariant_Type.t_withinvariant; + [#"../type_invariants.rs" 15 4 15 5] _0 <- ([#"../type_invariants.rs" 15 4 15 5] x); + [#"../type_invariants.rs" 15 4 15 5] x <- any TypeInvariants_WithInvariant_Type.t_withinvariant; return _0 } diff --git a/creusot/tests/should_succeed/type_invariants/vec_inv.mlcfg b/creusot/tests/should_succeed/type_invariants/vec_inv.mlcfg index 1932adec9c..4b20e21335 100644 --- a/creusot/tests/should_succeed/type_invariants/vec_inv.mlcfg +++ b/creusot/tests/should_succeed/type_invariants/vec_inv.mlcfg @@ -66,7 +66,7 @@ module VecInv_Vec val inv5 (_x : VecInv_SumTo10_Type.t_sumto10) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../vec_inv.rs" 1 0 1 0] forall x : VecInv_SumTo10_Type.t_sumto10 . inv5 x = (invariant4 x /\ match x with + axiom inv5 : forall x : VecInv_SumTo10_Type.t_sumto10 . inv5 x = (invariant4 x /\ match x with | VecInv_SumTo10_Type.C_SumTo10 a b -> true end) use prelude.Borrow @@ -79,7 +79,7 @@ module VecInv_Vec val inv4 (_x : borrowed (VecInv_SumTo10_Type.t_sumto10)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../vec_inv.rs" 1 0 1 0] forall x : borrowed (VecInv_SumTo10_Type.t_sumto10) . inv4 x = (inv5 ( * x) /\ inv5 ( ^ x)) + axiom inv4 : forall x : borrowed (VecInv_SumTo10_Type.t_sumto10) . inv4 x = (inv5 ( * x) /\ inv5 ( ^ x)) use prelude.Slice predicate invariant1 (self : slice (borrowed (VecInv_SumTo10_Type.t_sumto10))) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -122,7 +122,7 @@ module VecInv_Vec ensures { result = slice_len0 x } use prelude.UInt64 - axiom inv3 : [#"../vec_inv.rs" 1 0 1 0] forall x : slice (borrowed (VecInv_SumTo10_Type.t_sumto10)) . inv3 x = (forall i : uint64 . 0 <= i -> i < slice_len0 x -> inv4 (index_logic2 x i)) + axiom inv3 : forall x : slice (borrowed (VecInv_SumTo10_Type.t_sumto10)) . inv3 x = (forall i : uint64 . 0 <= i -> i < slice_len0 x -> inv4 (index_logic2 x i)) use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_RawVec_RawVec_Type as Alloc_RawVec_RawVec_Type predicate invariant2 (self : Alloc_RawVec_RawVec_Type.t_rawvec (borrowed (VecInv_SumTo10_Type.t_sumto10)) (Alloc_Alloc_Global_Type.t_global)) @@ -137,8 +137,8 @@ module VecInv_Vec val inv2 (_x : Alloc_RawVec_RawVec_Type.t_rawvec (borrowed (VecInv_SumTo10_Type.t_sumto10)) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../vec_inv.rs" 1 0 1 0] forall x : Alloc_RawVec_RawVec_Type.t_rawvec (borrowed (VecInv_SumTo10_Type.t_sumto10)) (Alloc_Alloc_Global_Type.t_global) . inv2 x = true - axiom inv1 : [#"../vec_inv.rs" 1 0 1 0] forall x : Seq.seq (borrowed (VecInv_SumTo10_Type.t_sumto10)) . inv1 x = (forall i : int . 0 <= i -> i < Seq.length x -> inv4 (Seq.get x i)) + axiom inv2 : forall x : Alloc_RawVec_RawVec_Type.t_rawvec (borrowed (VecInv_SumTo10_Type.t_sumto10)) (Alloc_Alloc_Global_Type.t_global) . inv2 x = true + axiom inv1 : forall x : Seq.seq (borrowed (VecInv_SumTo10_Type.t_sumto10)) . inv1 x = (forall i : int . 0 <= i -> i < Seq.length x -> inv4 (Seq.get x i)) use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type predicate inv0 (_x : Alloc_Vec_Vec_Type.t_vec (borrowed (VecInv_SumTo10_Type.t_sumto10)) (Alloc_Alloc_Global_Type.t_global)) @@ -159,7 +159,7 @@ module VecInv_Vec val invariant0 (self : Alloc_Vec_Vec_Type.t_vec (borrowed (VecInv_SumTo10_Type.t_sumto10)) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../vec_inv.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (borrowed (VecInv_SumTo10_Type.t_sumto10)) (Alloc_Alloc_Global_Type.t_global) . inv0 x = (invariant0 x /\ match x with + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec (borrowed (VecInv_SumTo10_Type.t_sumto10)) (Alloc_Alloc_Global_Type.t_global) . inv0 x = (invariant0 x /\ match x with | Alloc_Vec_Vec_Type.C_Vec buf len -> true end) function index_logic0 [@inline:trivial] (self : Alloc_Vec_Vec_Type.t_vec (borrowed (VecInv_SumTo10_Type.t_sumto10)) (Alloc_Alloc_Global_Type.t_global)) (ix : int) : borrowed (VecInv_SumTo10_Type.t_sumto10) @@ -201,7 +201,7 @@ module VecInv_Vec goto BB2 } BB2 { - _0 <- ([#"../vec_inv.rs" 18 33 20 1] ()); + [#"../vec_inv.rs" 18 33 20 1] _0 <- ([#"../vec_inv.rs" 18 33 20 1] ()); goto BB3 } BB3 { diff --git a/creusot/tests/should_succeed/unnest.mlcfg b/creusot/tests/should_succeed/unnest.mlcfg index f13e69c94d..8e21a00b98 100644 --- a/creusot/tests/should_succeed/unnest.mlcfg +++ b/creusot/tests/should_succeed/unnest.mlcfg @@ -26,10 +26,10 @@ module Unnest_Unnest goto BB0 } BB0 { - _2 <- Borrow.borrow_mut ( * * x); - x <- { x with current = { ( * x) with current = ^ _2 } }; - _0 <- Borrow.borrow_mut ( * _2); - _2 <- { _2 with current = ^ _0 }; + [#"../unnest.rs" 9 4 9 6] _2 <- Borrow.borrow_mut ( * * x); + [#"../unnest.rs" 9 4 9 6] x <- { x with current = { ( * x) with current = ^ _2 } }; + [#"../unnest.rs" 9 4 9 6] _0 <- Borrow.borrow_mut ( * _2); + [#"../unnest.rs" 9 4 9 6] _2 <- { _2 with current = ^ _0 }; assume { resolve0 _2 }; assume { resolve1 x }; return _0 diff --git a/creusot/tests/should_succeed/unused_in_loop.mlcfg b/creusot/tests/should_succeed/unused_in_loop.mlcfg index 0f6aa0f782..83cb0a9cd5 100644 --- a/creusot/tests/should_succeed/unused_in_loop.mlcfg +++ b/creusot/tests/should_succeed/unused_in_loop.mlcfg @@ -13,7 +13,7 @@ module UnusedInLoop_UnusedInLoop goto BB0 } BB0 { - x <- ([#"../unused_in_loop.rs" 6 12 6 14] [#"../unused_in_loop.rs" 6 12 6 14] (10 : uint32)); + [#"../unused_in_loop.rs" 6 12 6 14] x <- ([#"../unused_in_loop.rs" 6 12 6 14] [#"../unused_in_loop.rs" 6 12 6 14] (10 : uint32)); goto BB1 } BB1 { @@ -21,13 +21,13 @@ module UnusedInLoop_UnusedInLoop goto BB2 } BB2 { - switch (b) + switch ([#"../unused_in_loop.rs" 9 11 9 12] b) | False -> goto BB4 | True -> goto BB3 end } BB3 { - _0 <- x; + [#"../unused_in_loop.rs" 13 4 13 5] _0 <- ([#"../unused_in_loop.rs" 13 4 13 5] x); return _0 } BB4 { diff --git a/creusot/tests/should_succeed/vecdeque.mlcfg b/creusot/tests/should_succeed/vecdeque.mlcfg index c463f1f5bd..6d5f210cfe 100644 --- a/creusot/tests/should_succeed/vecdeque.mlcfg +++ b/creusot/tests/should_succeed/vecdeque.mlcfg @@ -56,7 +56,7 @@ module Vecdeque_TestDeque val inv6 (_x : Seq.seq uint32) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../vecdeque.rs" 1 0 1 0] forall x : Seq.seq uint32 . inv6 x = true + axiom inv6 : forall x : Seq.seq uint32 . inv6 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Collections_VecDeque_VecDeque_Type as Alloc_Collections_VecDeque_VecDeque_Type predicate invariant5 (self : Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque uint32 (Alloc_Alloc_Global_Type.t_global)) @@ -70,7 +70,7 @@ module Vecdeque_TestDeque val inv5 (_x : Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque uint32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../vecdeque.rs" 1 0 1 0] forall x : Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque uint32 (Alloc_Alloc_Global_Type.t_global) . inv5 x = true + axiom inv5 : forall x : Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque uint32 (Alloc_Alloc_Global_Type.t_global) . inv5 x = true predicate invariant4 (self : uint32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant4 (self : uint32) : bool @@ -80,7 +80,7 @@ module Vecdeque_TestDeque val inv4 (_x : uint32) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../vecdeque.rs" 1 0 1 0] forall x : uint32 . inv4 x = true + axiom inv4 : forall x : uint32 . inv4 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant3 (self : Core_Option_Option_Type.t_option uint32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -91,7 +91,7 @@ module Vecdeque_TestDeque val inv3 (_x : Core_Option_Option_Type.t_option uint32) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../vecdeque.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option uint32 . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option uint32 . inv3 x = true predicate invariant2 (self : Core_Option_Option_Type.t_option uint32) = [#"../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : Core_Option_Option_Type.t_option uint32) : bool @@ -101,7 +101,7 @@ module Vecdeque_TestDeque val inv2 (_x : Core_Option_Option_Type.t_option uint32) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../vecdeque.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option uint32 . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option uint32 . inv2 x = true use prelude.Borrow predicate invariant1 (self : borrowed (Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque uint32 (Alloc_Alloc_Global_Type.t_global))) @@ -115,7 +115,7 @@ module Vecdeque_TestDeque val inv1 (_x : borrowed (Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque uint32 (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../vecdeque.rs" 1 0 1 0] forall x : borrowed (Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque uint32 (Alloc_Alloc_Global_Type.t_global)) . inv1 x = true + axiom inv1 : forall x : borrowed (Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque uint32 (Alloc_Alloc_Global_Type.t_global)) . inv1 x = true predicate invariant0 (self : Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque uint32 (Alloc_Alloc_Global_Type.t_global)) = @@ -127,7 +127,7 @@ module Vecdeque_TestDeque val inv0 (_x : Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque uint32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../vecdeque.rs" 1 0 1 0] forall x : Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque uint32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque uint32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use seq.Seq use prelude.UIntSize use prelude.Int @@ -279,11 +279,11 @@ module Vecdeque_TestDeque goto BB0 } BB0 { - deque <- ([#"../vecdeque.rs" 6 31 6 57] with_capacity0 ([#"../vecdeque.rs" 6 55 6 56] [#"../vecdeque.rs" 6 55 6 56] (5 : usize))); + [#"../vecdeque.rs" 6 31 6 57] deque <- ([#"../vecdeque.rs" 6 31 6 57] with_capacity0 ([#"../vecdeque.rs" 6 55 6 56] [#"../vecdeque.rs" 6 55 6 56] (5 : usize))); goto BB1 } BB1 { - _4 <- ([#"../vecdeque.rs" 8 12 8 28] is_empty0 ([#"../vecdeque.rs" 8 12 8 28] deque)); + [#"../vecdeque.rs" 8 12 8 28] _4 <- ([#"../vecdeque.rs" 8 12 8 28] is_empty0 ([#"../vecdeque.rs" 8 12 8 28] deque)); goto BB2 } BB2 { @@ -293,10 +293,11 @@ module Vecdeque_TestDeque end } BB3 { + assert { [#"../vecdeque.rs" 8 4 8 29] false }; absurd } BB4 { - _10 <- ([#"../vecdeque.rs" 9 12 9 23] len0 ([#"../vecdeque.rs" 9 12 9 23] deque)); + [#"../vecdeque.rs" 9 12 9 23] _10 <- ([#"../vecdeque.rs" 9 12 9 23] len0 ([#"../vecdeque.rs" 9 12 9 23] deque)); goto BB5 } BB5 { @@ -306,14 +307,15 @@ module Vecdeque_TestDeque end } BB6 { + assert { [#"../vecdeque.rs" 9 4 9 29] false }; absurd } BB7 { - deque1 <- ([#"../vecdeque.rs" 11 35 11 50] new0 ()); + [#"../vecdeque.rs" 11 35 11 50] deque1 <- ([#"../vecdeque.rs" 11 35 11 50] new0 ()); goto BB8 } BB8 { - _16 <- ([#"../vecdeque.rs" 13 12 13 28] is_empty0 ([#"../vecdeque.rs" 13 12 13 28] deque1)); + [#"../vecdeque.rs" 13 12 13 28] _16 <- ([#"../vecdeque.rs" 13 12 13 28] is_empty0 ([#"../vecdeque.rs" 13 12 13 28] deque1)); goto BB9 } BB9 { @@ -323,10 +325,11 @@ module Vecdeque_TestDeque end } BB10 { + assert { [#"../vecdeque.rs" 13 4 13 29] false }; absurd } BB11 { - _22 <- ([#"../vecdeque.rs" 14 12 14 23] len0 ([#"../vecdeque.rs" 14 12 14 23] deque1)); + [#"../vecdeque.rs" 14 12 14 23] _22 <- ([#"../vecdeque.rs" 14 12 14 23] len0 ([#"../vecdeque.rs" 14 12 14 23] deque1)); goto BB12 } BB12 { @@ -336,18 +339,19 @@ module Vecdeque_TestDeque end } BB13 { + assert { [#"../vecdeque.rs" 14 4 14 29] false }; absurd } BB14 { - _30 <- Borrow.borrow_mut deque1; - deque1 <- ^ _30; - _29 <- ([#"../vecdeque.rs" 16 12 16 29] pop_front0 _30); + [#"../vecdeque.rs" 16 12 16 29] _30 <- Borrow.borrow_mut deque1; + [#"../vecdeque.rs" 16 12 16 29] deque1 <- ^ _30; + [#"../vecdeque.rs" 16 12 16 29] _29 <- ([#"../vecdeque.rs" 16 12 16 29] pop_front0 _30); _30 <- any borrowed (Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque uint32 (Alloc_Alloc_Global_Type.t_global)); goto BB15 } BB15 { - _77 <- ([#"../vecdeque.rs" 16 33 16 37] [#"../vecdeque.rs" 16 33 16 37] promoted3); - _27 <- ([#"../vecdeque.rs" 16 12 16 37] eq0 ([#"../vecdeque.rs" 16 12 16 29] _29) ([#"../vecdeque.rs" 16 33 16 37] _77)); + [#"../vecdeque.rs" 16 33 16 37] _77 <- ([#"../vecdeque.rs" 16 33 16 37] [#"../vecdeque.rs" 16 33 16 37] promoted3); + [#"../vecdeque.rs" 16 12 16 37] _27 <- ([#"../vecdeque.rs" 16 12 16 37] eq0 ([#"../vecdeque.rs" 16 12 16 29] _29) ([#"../vecdeque.rs" 16 33 16 37] _77)); goto BB16 } BB16 { @@ -357,18 +361,19 @@ module Vecdeque_TestDeque end } BB17 { + assert { [#"../vecdeque.rs" 16 4 16 38] false }; absurd } BB18 { - _39 <- Borrow.borrow_mut deque1; - deque1 <- ^ _39; - _38 <- ([#"../vecdeque.rs" 17 12 17 28] pop_back0 _39); + [#"../vecdeque.rs" 17 12 17 28] _39 <- Borrow.borrow_mut deque1; + [#"../vecdeque.rs" 17 12 17 28] deque1 <- ^ _39; + [#"../vecdeque.rs" 17 12 17 28] _38 <- ([#"../vecdeque.rs" 17 12 17 28] pop_back0 _39); _39 <- any borrowed (Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque uint32 (Alloc_Alloc_Global_Type.t_global)); goto BB19 } BB19 { - _76 <- ([#"../vecdeque.rs" 17 32 17 36] [#"../vecdeque.rs" 17 32 17 36] promoted2); - _36 <- ([#"../vecdeque.rs" 17 12 17 36] eq0 ([#"../vecdeque.rs" 17 12 17 28] _38) ([#"../vecdeque.rs" 17 32 17 36] _76)); + [#"../vecdeque.rs" 17 32 17 36] _76 <- ([#"../vecdeque.rs" 17 32 17 36] [#"../vecdeque.rs" 17 32 17 36] promoted2); + [#"../vecdeque.rs" 17 12 17 36] _36 <- ([#"../vecdeque.rs" 17 12 17 36] eq0 ([#"../vecdeque.rs" 17 12 17 28] _38) ([#"../vecdeque.rs" 17 32 17 36] _76)); goto BB20 } BB20 { @@ -378,39 +383,40 @@ module Vecdeque_TestDeque end } BB21 { + assert { [#"../vecdeque.rs" 17 4 17 37] false }; absurd } BB22 { - _44 <- Borrow.borrow_mut deque1; - deque1 <- ^ _44; - _43 <- ([#"../vecdeque.rs" 19 4 19 23] push_front0 _44 ([#"../vecdeque.rs" 19 21 19 22] [#"../vecdeque.rs" 19 21 19 22] (1 : uint32))); + [#"../vecdeque.rs" 19 4 19 23] _44 <- Borrow.borrow_mut deque1; + [#"../vecdeque.rs" 19 4 19 23] deque1 <- ^ _44; + [#"../vecdeque.rs" 19 4 19 23] _43 <- ([#"../vecdeque.rs" 19 4 19 23] push_front0 _44 ([#"../vecdeque.rs" 19 21 19 22] [#"../vecdeque.rs" 19 21 19 22] (1 : uint32))); _44 <- any borrowed (Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque uint32 (Alloc_Alloc_Global_Type.t_global)); goto BB23 } BB23 { - _46 <- Borrow.borrow_mut deque1; - deque1 <- ^ _46; - _45 <- ([#"../vecdeque.rs" 20 4 20 23] push_front0 _46 ([#"../vecdeque.rs" 20 21 20 22] [#"../vecdeque.rs" 20 21 20 22] (2 : uint32))); + [#"../vecdeque.rs" 20 4 20 23] _46 <- Borrow.borrow_mut deque1; + [#"../vecdeque.rs" 20 4 20 23] deque1 <- ^ _46; + [#"../vecdeque.rs" 20 4 20 23] _45 <- ([#"../vecdeque.rs" 20 4 20 23] push_front0 _46 ([#"../vecdeque.rs" 20 21 20 22] [#"../vecdeque.rs" 20 21 20 22] (2 : uint32))); _46 <- any borrowed (Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque uint32 (Alloc_Alloc_Global_Type.t_global)); goto BB24 } BB24 { - _48 <- Borrow.borrow_mut deque1; - deque1 <- ^ _48; - _47 <- ([#"../vecdeque.rs" 21 4 21 22] push_back0 _48 ([#"../vecdeque.rs" 21 20 21 21] [#"../vecdeque.rs" 21 20 21 21] (3 : uint32))); + [#"../vecdeque.rs" 21 4 21 22] _48 <- Borrow.borrow_mut deque1; + [#"../vecdeque.rs" 21 4 21 22] deque1 <- ^ _48; + [#"../vecdeque.rs" 21 4 21 22] _47 <- ([#"../vecdeque.rs" 21 4 21 22] push_back0 _48 ([#"../vecdeque.rs" 21 20 21 21] [#"../vecdeque.rs" 21 20 21 21] (3 : uint32))); _48 <- any borrowed (Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque uint32 (Alloc_Alloc_Global_Type.t_global)); goto BB25 } BB25 { - _54 <- Borrow.borrow_mut deque1; - deque1 <- ^ _54; - _53 <- ([#"../vecdeque.rs" 23 12 23 29] pop_front0 _54); + [#"../vecdeque.rs" 23 12 23 29] _54 <- Borrow.borrow_mut deque1; + [#"../vecdeque.rs" 23 12 23 29] deque1 <- ^ _54; + [#"../vecdeque.rs" 23 12 23 29] _53 <- ([#"../vecdeque.rs" 23 12 23 29] pop_front0 _54); _54 <- any borrowed (Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque uint32 (Alloc_Alloc_Global_Type.t_global)); goto BB26 } BB26 { - _75 <- ([#"../vecdeque.rs" 23 33 23 40] [#"../vecdeque.rs" 23 33 23 40] promoted1); - _51 <- ([#"../vecdeque.rs" 23 12 23 40] eq0 ([#"../vecdeque.rs" 23 12 23 29] _53) ([#"../vecdeque.rs" 23 33 23 40] _75)); + [#"../vecdeque.rs" 23 33 23 40] _75 <- ([#"../vecdeque.rs" 23 33 23 40] [#"../vecdeque.rs" 23 33 23 40] promoted1); + [#"../vecdeque.rs" 23 12 23 40] _51 <- ([#"../vecdeque.rs" 23 12 23 40] eq0 ([#"../vecdeque.rs" 23 12 23 29] _53) ([#"../vecdeque.rs" 23 33 23 40] _75)); goto BB27 } BB27 { @@ -420,18 +426,19 @@ module Vecdeque_TestDeque end } BB28 { + assert { [#"../vecdeque.rs" 23 4 23 41] false }; absurd } BB29 { - _63 <- Borrow.borrow_mut deque1; - deque1 <- ^ _63; - _62 <- ([#"../vecdeque.rs" 24 12 24 28] pop_back0 _63); + [#"../vecdeque.rs" 24 12 24 28] _63 <- Borrow.borrow_mut deque1; + [#"../vecdeque.rs" 24 12 24 28] deque1 <- ^ _63; + [#"../vecdeque.rs" 24 12 24 28] _62 <- ([#"../vecdeque.rs" 24 12 24 28] pop_back0 _63); _63 <- any borrowed (Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque uint32 (Alloc_Alloc_Global_Type.t_global)); goto BB30 } BB30 { - _74 <- ([#"../vecdeque.rs" 24 32 24 39] [#"../vecdeque.rs" 24 32 24 39] promoted0); - _60 <- ([#"../vecdeque.rs" 24 12 24 39] eq0 ([#"../vecdeque.rs" 24 12 24 28] _62) ([#"../vecdeque.rs" 24 32 24 39] _74)); + [#"../vecdeque.rs" 24 32 24 39] _74 <- ([#"../vecdeque.rs" 24 32 24 39] [#"../vecdeque.rs" 24 32 24 39] promoted0); + [#"../vecdeque.rs" 24 12 24 39] _60 <- ([#"../vecdeque.rs" 24 12 24 39] eq0 ([#"../vecdeque.rs" 24 12 24 28] _62) ([#"../vecdeque.rs" 24 32 24 39] _74)); goto BB31 } BB31 { @@ -441,17 +448,18 @@ module Vecdeque_TestDeque end } BB32 { + assert { [#"../vecdeque.rs" 24 4 24 40] false }; absurd } BB33 { - _68 <- Borrow.borrow_mut deque1; - deque1 <- ^ _68; - _67 <- ([#"../vecdeque.rs" 25 4 25 17] clear0 _68); + [#"../vecdeque.rs" 25 4 25 17] _68 <- Borrow.borrow_mut deque1; + [#"../vecdeque.rs" 25 4 25 17] deque1 <- ^ _68; + [#"../vecdeque.rs" 25 4 25 17] _67 <- ([#"../vecdeque.rs" 25 4 25 17] clear0 _68); _68 <- any borrowed (Alloc_Collections_VecDeque_VecDeque_Type.t_vecdeque uint32 (Alloc_Alloc_Global_Type.t_global)); goto BB34 } BB34 { - _71 <- ([#"../vecdeque.rs" 26 12 26 28] is_empty0 ([#"../vecdeque.rs" 26 12 26 28] deque1)); + [#"../vecdeque.rs" 26 12 26 28] _71 <- ([#"../vecdeque.rs" 26 12 26 28] is_empty0 ([#"../vecdeque.rs" 26 12 26 28] deque1)); goto BB35 } BB35 { @@ -461,10 +469,11 @@ module Vecdeque_TestDeque end } BB36 { + assert { [#"../vecdeque.rs" 26 4 26 29] false }; absurd } BB37 { - _0 <- ([#"../vecdeque.rs" 5 20 27 1] ()); + [#"../vecdeque.rs" 5 20 27 1] _0 <- ([#"../vecdeque.rs" 5 20 27 1] ()); goto BB38 } BB38 { diff --git a/creusot/tests/should_succeed/vecdeque/why3session.xml b/creusot/tests/should_succeed/vecdeque/why3session.xml index 3e73c66286..8e8c782d51 100644 --- a/creusot/tests/should_succeed/vecdeque/why3session.xml +++ b/creusot/tests/should_succeed/vecdeque/why3session.xml @@ -12,101 +12,128 @@ - - + + - + - - + + - + - - + + - + - - + + - + - + - + - - + + - + - + - + - - + + - + - + - + - + - + - + - + - + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/creusot/tests/should_succeed/vecdeque/why3shapes.gz b/creusot/tests/should_succeed/vecdeque/why3shapes.gz index b9bdd99e60..0dae1679ba 100644 Binary files a/creusot/tests/should_succeed/vecdeque/why3shapes.gz and b/creusot/tests/should_succeed/vecdeque/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/vector/01.mlcfg b/creusot/tests/should_succeed/vector/01.mlcfg index 3a98917696..ac44353557 100644 --- a/creusot/tests/should_succeed/vector/01.mlcfg +++ b/creusot/tests/should_succeed/vector/01.mlcfg @@ -74,7 +74,7 @@ module C01_AllZero val inv9 (_x : Seq.seq usize) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../01.rs" 1 0 1 0] forall x : Seq.seq usize . inv9 x = true + axiom inv9 : forall x : Seq.seq usize . inv9 x = true use prelude.UInt32 predicate invariant8 (self : Seq.seq uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -85,7 +85,7 @@ module C01_AllZero val inv8 (_x : Seq.seq uint32) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../01.rs" 1 0 1 0] forall x : Seq.seq uint32 . inv8 x = true + axiom inv8 : forall x : Seq.seq uint32 . inv8 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -108,7 +108,7 @@ module C01_AllZero val invariant7 (self : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant7 self } - axiom inv7 : [#"../01.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv7 x = true + axiom inv7 : forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv7 x = true use prelude.Borrow predicate invariant6 (self : borrowed uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -119,7 +119,7 @@ module C01_AllZero val inv6 (_x : borrowed uint32) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../01.rs" 1 0 1 0] forall x : borrowed uint32 . inv6 x = true + axiom inv6 : forall x : borrowed uint32 . inv6 x = true predicate invariant5 (self : usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant5 (self : usize) : bool @@ -129,7 +129,7 @@ module C01_AllZero val inv5 (_x : usize) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../01.rs" 1 0 1 0] forall x : usize . inv5 x = true + axiom inv5 : forall x : usize . inv5 x = true predicate invariant4 (self : borrowed (Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant4 (self : borrowed (Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global))) : bool @@ -139,7 +139,7 @@ module C01_AllZero val inv4 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../01.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) . inv4 x = true + axiom inv4 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) . inv4 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant3 (self : Core_Option_Option_Type.t_option usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -150,7 +150,7 @@ module C01_AllZero val inv3 (_x : Core_Option_Option_Type.t_option usize) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../01.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option usize . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option usize . inv3 x = true use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type predicate invariant2 (self : borrowed (Core_Ops_Range_Range_Type.t_range usize)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -161,7 +161,7 @@ module C01_AllZero val inv2 (_x : borrowed (Core_Ops_Range_Range_Type.t_range usize)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../01.rs" 1 0 1 0] forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv2 x = true + axiom inv2 : forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv2 x = true predicate invariant1 (self : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) : bool @@ -171,7 +171,7 @@ module C01_AllZero val inv1 (_x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../01.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv1 x = true + axiom inv1 : forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv1 x = true use seq.Seq predicate inv0 (_x : Core_Ops_Range_Range_Type.t_range usize) val inv0 (_x : Core_Ops_Range_Range_Type.t_range usize) : bool @@ -217,7 +217,7 @@ module C01_AllZero val invariant0 (self : Core_Ops_Range_Range_Type.t_range usize) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../01.rs" 1 0 1 0] forall x : Core_Ops_Range_Range_Type.t_range usize . inv0 x = true + axiom inv0 : forall x : Core_Ops_Range_Range_Type.t_range usize . inv0 x = true use prelude.Ghost predicate resolve2 (self : borrowed (Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self @@ -361,24 +361,24 @@ module C01_AllZero goto BB0 } BB0 { - old_v <- ([#"../01.rs" 8 16 8 25] Ghost.new v); + [#"../01.rs" 8 16 8 25] old_v <- ([#"../01.rs" 8 16 8 25] Ghost.new v); goto BB1 } BB1 { - _8 <- ([#"../01.rs" 11 16 11 23] len0 ([#"../01.rs" 11 16 11 23] * v)); + [#"../01.rs" 11 16 11 23] _8 <- ([#"../01.rs" 11 16 11 23] len0 ([#"../01.rs" 11 16 11 23] * v)); goto BB2 } BB2 { - iter <- ([#"../01.rs" 9 4 9 42] into_iter0 ([#"../01.rs" 11 13 11 23] Core_Ops_Range_Range_Type.C_Range ([#"../01.rs" 11 13 11 14] [#"../01.rs" 11 13 11 14] (0 : usize)) _8)); + [#"../01.rs" 9 4 9 42] iter <- ([#"../01.rs" 9 4 9 42] into_iter0 ([#"../01.rs" 11 13 11 23] Core_Ops_Range_Range_Type.C_Range ([#"../01.rs" 11 13 11 14] [#"../01.rs" 11 13 11 14] (0 : usize)) _8)); _8 <- any usize; goto BB3 } BB3 { - iter_old <- ([#"../01.rs" 9 4 9 42] Ghost.new iter); + [#"../01.rs" 9 4 9 42] iter_old <- ([#"../01.rs" 9 4 9 42] Ghost.new iter); goto BB4 } BB4 { - produced <- ([#"../01.rs" 9 4 9 42] Ghost.new (Seq.empty )); + [#"../01.rs" 9 4 9 42] produced <- ([#"../01.rs" 9 4 9 42] Ghost.new (Seq.empty )); goto BB5 } BB5 { @@ -392,11 +392,11 @@ module C01_AllZero goto BB7 } BB7 { - _21 <- Borrow.borrow_mut iter; - iter <- ^ _21; - _20 <- Borrow.borrow_mut ( * _21); - _21 <- { _21 with current = ^ _20 }; - _19 <- ([#"../01.rs" 9 4 9 42] next0 _20); + [#"../01.rs" 9 4 9 42] _21 <- Borrow.borrow_mut iter; + [#"../01.rs" 9 4 9 42] iter <- ^ _21; + [#"../01.rs" 9 4 9 42] _20 <- Borrow.borrow_mut ( * _21); + [#"../01.rs" 9 4 9 42] _21 <- { _21 with current = ^ _20 }; + [#"../01.rs" 9 4 9 42] _19 <- ([#"../01.rs" 9 4 9 42] next0 _20); _20 <- any borrowed (Core_Ops_Range_Range_Type.t_range usize); goto BB8 } @@ -409,7 +409,7 @@ module C01_AllZero } BB9 { assume { resolve2 v }; - _0 <- ([#"../01.rs" 9 4 9 42] ()); + [#"../01.rs" 9 4 9 42] _0 <- ([#"../01.rs" 9 4 9 42] ()); return _0 } BB10 { @@ -417,25 +417,26 @@ module C01_AllZero } BB11 { assume { resolve2 v }; + assert { [#"../01.rs" 9 4 9 42] false }; absurd } BB12 { - __creusot_proc_iter_elem <- Core_Option_Option_Type.some_0 _19; - _24 <- ([#"../01.rs" 9 4 9 42] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _19); + [#"../01.rs" 9 4 9 42] _24 <- ([#"../01.rs" 9 4 9 42] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); goto BB13 } BB13 { - produced <- _24; - _24 <- any Ghost.ghost_ty (Seq.seq usize); - i <- __creusot_proc_iter_elem; - _28 <- Borrow.borrow_mut ( * v); - v <- { v with current = ^ _28 }; - _27 <- ([#"../01.rs" 12 8 12 12] index_mut0 _28 i); + [#"../01.rs" 9 4 9 42] produced <- ([#"../01.rs" 9 4 9 42] _24); + [#"../01.rs" 9 4 9 42] _24 <- any Ghost.ghost_ty (Seq.seq usize); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] i <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem); + [#"../01.rs" 12 8 12 9] _28 <- Borrow.borrow_mut ( * v); + [#"../01.rs" 12 8 12 9] v <- { v with current = ^ _28 }; + [#"../01.rs" 12 8 12 12] _27 <- ([#"../01.rs" 12 8 12 12] index_mut0 _28 ([#"../01.rs" 12 10 12 11] i)); _28 <- any borrowed (Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)); goto BB14 } BB14 { - _27 <- { _27 with current = ([#"../01.rs" 12 15 12 16] [#"../01.rs" 12 15 12 16] (0 : uint32)) }; + [#"../01.rs" 12 8 12 16] _27 <- { _27 with current = ([#"../01.rs" 12 8 12 16] [#"../01.rs" 12 15 12 16] (0 : uint32)) }; assume { resolve1 _27 }; goto BB6 } diff --git a/creusot/tests/should_succeed/vector/02_gnome.mlcfg b/creusot/tests/should_succeed/vector/02_gnome.mlcfg index 44141ff38b..9de5e83518 100644 --- a/creusot/tests/should_succeed/vector/02_gnome.mlcfg +++ b/creusot/tests/should_succeed/vector/02_gnome.mlcfg @@ -56,7 +56,7 @@ module C02Gnome_GnomeSort val inv10 (_x : deep_model_ty0) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../02_gnome.rs" 1 0 1 0] forall x : deep_model_ty0 . inv10 x = true + axiom inv10 : forall x : deep_model_ty0 . inv10 x = true use seq.Seq predicate invariant9 (self : Seq.seq t) val invariant9 (self : Seq.seq t) : bool @@ -66,7 +66,7 @@ module C02Gnome_GnomeSort val inv9 (_x : Seq.seq t) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../02_gnome.rs" 1 0 1 0] forall x : Seq.seq t . inv9 x = true + axiom inv9 : forall x : Seq.seq t . inv9 x = true predicate invariant8 (self : Seq.seq deep_model_ty0) val invariant8 (self : Seq.seq deep_model_ty0) : bool ensures { result = invariant8 self } @@ -75,7 +75,7 @@ module C02Gnome_GnomeSort val inv8 (_x : Seq.seq deep_model_ty0) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../02_gnome.rs" 1 0 1 0] forall x : Seq.seq deep_model_ty0 . inv8 x = true + axiom inv8 : forall x : Seq.seq deep_model_ty0 . inv8 x = true use prelude.UIntSize predicate invariant7 (self : usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -86,7 +86,7 @@ module C02Gnome_GnomeSort val inv7 (_x : usize) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../02_gnome.rs" 1 0 1 0] forall x : usize . inv7 x = true + axiom inv7 : forall x : usize . inv7 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type predicate invariant6 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) @@ -97,7 +97,7 @@ module C02Gnome_GnomeSort val inv6 (_x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../02_gnome.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv6 x = true + axiom inv6 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv6 x = true use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type function cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering val cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering @@ -197,7 +197,7 @@ module C02Gnome_GnomeSort val inv5 (_x : borrowed (slice t)) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../02_gnome.rs" 1 0 1 0] forall x : borrowed (slice t) . inv5 x = true + axiom inv5 : forall x : borrowed (slice t) . inv5 x = true predicate invariant4 (self : slice t) val invariant4 (self : slice t) : bool ensures { result = invariant4 self } @@ -206,7 +206,7 @@ module C02Gnome_GnomeSort val inv4 (_x : slice t) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../02_gnome.rs" 1 0 1 0] forall x : slice t . inv4 x = true + axiom inv4 : forall x : slice t . inv4 x = true use prelude.Int use prelude.UIntSize let constant max0 : usize = [@vc:do_not_keep_trace] [@vc:sp] @@ -227,7 +227,7 @@ module C02Gnome_GnomeSort val invariant3 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../02_gnome.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv3 x = true + axiom inv3 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv3 x = true predicate invariant2 (self : t) val invariant2 (self : t) : bool ensures { result = invariant2 self } @@ -236,7 +236,7 @@ module C02Gnome_GnomeSort val inv2 (_x : t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../02_gnome.rs" 1 0 1 0] forall x : t . inv2 x = true + axiom inv2 : forall x : t . inv2 x = true predicate invariant1 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) val invariant1 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = invariant1 self } @@ -245,7 +245,7 @@ module C02Gnome_GnomeSort val inv1 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../02_gnome.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv1 x = true + axiom inv1 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv1 x = true use prelude.Ghost predicate invariant0 (self : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)))) @@ -256,7 +256,7 @@ module C02Gnome_GnomeSort val inv0 (_x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../02_gnome.rs" 1 0 1 0] forall x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) . inv0 x = true + axiom inv0 : forall x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) . inv0 x = true use seq.Seq predicate sorted_range0 [#"../02_gnome.rs" 9 0 9 63] (s : Seq.seq deep_model_ty0) (l : int) (u : int) = [#"../02_gnome.rs" 10 4 12 5] forall j : int . forall i : int . l <= i /\ i < j /\ j < u -> le_log0 (Seq.get s i) (Seq.get s j) @@ -425,13 +425,13 @@ module C02Gnome_GnomeSort goto BB0 } BB0 { - old_v <- ([#"../02_gnome.rs" 26 16 26 25] Ghost.new v); + [#"../02_gnome.rs" 26 16 26 25] old_v <- ([#"../02_gnome.rs" 26 16 26 25] Ghost.new v); goto BB1 } BB1 { assert { [@expl:type invariant] inv0 old_v }; assume { resolve0 old_v }; - i <- ([#"../02_gnome.rs" 27 16 27 17] [#"../02_gnome.rs" 27 16 27 17] (0 : usize)); + [#"../02_gnome.rs" 27 16 27 17] i <- ([#"../02_gnome.rs" 27 16 27 17] [#"../02_gnome.rs" 27 16 27 17] (0 : usize)); goto BB2 } BB2 { @@ -440,27 +440,27 @@ module C02Gnome_GnomeSort goto BB3 } BB3 { - _12 <- ([#"../02_gnome.rs" 30 14 30 21] len0 ([#"../02_gnome.rs" 30 14 30 21] * v)); + [#"../02_gnome.rs" 30 14 30 21] _12 <- ([#"../02_gnome.rs" 30 14 30 21] len0 ([#"../02_gnome.rs" 30 14 30 21] * v)); goto BB4 } BB4 { - switch ([#"../02_gnome.rs" 30 10 30 21] i < _12) + switch ([#"../02_gnome.rs" 30 10 30 21] ([#"../02_gnome.rs" 30 10 30 11] i) < _12) | False -> goto BB17 | True -> goto BB5 end } BB5 { - switch ([#"../02_gnome.rs" 31 11 31 17] i = ([#"../02_gnome.rs" 31 16 31 17] [#"../02_gnome.rs" 31 16 31 17] (0 : usize))) + switch ([#"../02_gnome.rs" 31 11 31 17] ([#"../02_gnome.rs" 31 11 31 12] i) = ([#"../02_gnome.rs" 31 16 31 17] [#"../02_gnome.rs" 31 16 31 17] (0 : usize))) | False -> goto BB7 | True -> goto BB6 end } BB6 { - _14 <- ([#"../02_gnome.rs" 31 11 31 39] [#"../02_gnome.rs" 31 11 31 39] true); + [#"../02_gnome.rs" 31 11 31 39] _14 <- ([#"../02_gnome.rs" 31 11 31 39] [#"../02_gnome.rs" 31 11 31 39] true); goto BB8 } BB7 { - _19 <- ([#"../02_gnome.rs" 31 21 31 29] index0 ([#"../02_gnome.rs" 31 21 31 22] * v) ([#"../02_gnome.rs" 31 23 31 28] i - ([#"../02_gnome.rs" 31 27 31 28] [#"../02_gnome.rs" 31 27 31 28] (1 : usize)))); + [#"../02_gnome.rs" 31 21 31 29] _19 <- ([#"../02_gnome.rs" 31 21 31 29] index0 ([#"../02_gnome.rs" 31 21 31 22] * v) ([#"../02_gnome.rs" 31 23 31 28] ([#"../02_gnome.rs" 31 23 31 24] i) - ([#"../02_gnome.rs" 31 27 31 28] [#"../02_gnome.rs" 31 27 31 28] (1 : usize)))); goto BB9 } BB8 { @@ -472,49 +472,49 @@ module C02Gnome_GnomeSort BB9 { assert { [@expl:type invariant] inv2 _19 }; assume { resolve2 _19 }; - _25 <- ([#"../02_gnome.rs" 31 34 31 38] index0 ([#"../02_gnome.rs" 31 34 31 35] * v) i); + [#"../02_gnome.rs" 31 34 31 38] _25 <- ([#"../02_gnome.rs" 31 34 31 38] index0 ([#"../02_gnome.rs" 31 34 31 35] * v) ([#"../02_gnome.rs" 31 36 31 37] i)); goto BB10 } BB10 { - _24 <- ([#"../02_gnome.rs" 31 33 31 38] _25); + [#"../02_gnome.rs" 31 33 31 38] _24 <- ([#"../02_gnome.rs" 31 33 31 38] _25); assert { [@expl:type invariant] inv2 _25 }; assume { resolve2 _25 }; assert { [@expl:type invariant] inv2 _24 }; assume { resolve2 _24 }; - _17 <- ([#"../02_gnome.rs" 31 21 31 39] le0 ([#"../02_gnome.rs" 31 21 31 39] _19) ([#"../02_gnome.rs" 31 33 31 38] _24)); + [#"../02_gnome.rs" 31 21 31 39] _17 <- ([#"../02_gnome.rs" 31 21 31 39] le0 ([#"../02_gnome.rs" 31 21 31 39] _19) ([#"../02_gnome.rs" 31 33 31 38] _24)); goto BB11 } BB11 { - _14 <- _17; - _17 <- any bool; + [#"../02_gnome.rs" 31 11 31 39] _14 <- ([#"../02_gnome.rs" 31 11 31 39] _17); + [#"../02_gnome.rs" 31 11 31 39] _17 <- any bool; goto BB8 } BB12 { - i <- ([#"../02_gnome.rs" 32 12 32 18] i + ([#"../02_gnome.rs" 32 17 32 18] [#"../02_gnome.rs" 32 17 32 18] (1 : usize))); - _9 <- ([#"../02_gnome.rs" 31 40 33 9] ()); + [#"../02_gnome.rs" 32 12 32 18] i <- ([#"../02_gnome.rs" 32 12 32 18] i + ([#"../02_gnome.rs" 32 17 32 18] [#"../02_gnome.rs" 32 17 32 18] (1 : usize))); + [#"../02_gnome.rs" 31 40 33 9] _9 <- ([#"../02_gnome.rs" 31 40 33 9] ()); goto BB16 } BB13 { - _31 <- Borrow.borrow_mut ( * v); - v <- { v with current = ^ _31 }; + [#"../02_gnome.rs" 34 12 34 28] _31 <- Borrow.borrow_mut ( * v); + [#"../02_gnome.rs" 34 12 34 28] v <- { v with current = ^ _31 }; assume { inv3 ( ^ _31) }; - _30 <- ([#"../02_gnome.rs" 34 12 34 28] deref_mut0 _31); + [#"../02_gnome.rs" 34 12 34 28] _30 <- ([#"../02_gnome.rs" 34 12 34 28] deref_mut0 _31); _31 <- any borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)); goto BB14 } BB14 { - _29 <- Borrow.borrow_mut ( * _30); - _30 <- { _30 with current = ^ _29 }; + [#"../02_gnome.rs" 34 12 34 28] _29 <- Borrow.borrow_mut ( * _30); + [#"../02_gnome.rs" 34 12 34 28] _30 <- { _30 with current = ^ _29 }; assume { inv4 ( ^ _29) }; - _28 <- ([#"../02_gnome.rs" 34 12 34 28] swap0 _29 ([#"../02_gnome.rs" 34 19 34 24] i - ([#"../02_gnome.rs" 34 23 34 24] [#"../02_gnome.rs" 34 23 34 24] (1 : usize))) i); + [#"../02_gnome.rs" 34 12 34 28] _28 <- ([#"../02_gnome.rs" 34 12 34 28] swap0 _29 ([#"../02_gnome.rs" 34 19 34 24] ([#"../02_gnome.rs" 34 19 34 20] i) - ([#"../02_gnome.rs" 34 23 34 24] [#"../02_gnome.rs" 34 23 34 24] (1 : usize))) ([#"../02_gnome.rs" 34 26 34 27] i)); _29 <- any borrowed (slice t); goto BB15 } BB15 { assert { [@expl:type invariant] inv5 _30 }; assume { resolve3 _30 }; - i <- ([#"../02_gnome.rs" 35 12 35 18] i - ([#"../02_gnome.rs" 35 17 35 18] [#"../02_gnome.rs" 35 17 35 18] (1 : usize))); - _9 <- ([#"../02_gnome.rs" 33 15 36 9] ()); + [#"../02_gnome.rs" 35 12 35 18] i <- ([#"../02_gnome.rs" 35 12 35 18] i - ([#"../02_gnome.rs" 35 17 35 18] [#"../02_gnome.rs" 35 17 35 18] (1 : usize))); + [#"../02_gnome.rs" 33 15 36 9] _9 <- ([#"../02_gnome.rs" 33 15 36 9] ()); goto BB16 } BB16 { @@ -523,7 +523,7 @@ module C02Gnome_GnomeSort BB17 { assert { [@expl:type invariant] inv1 v }; assume { resolve1 v }; - _0 <- ([#"../02_gnome.rs" 30 4 37 5] ()); + [#"../02_gnome.rs" 30 4 37 5] _0 <- ([#"../02_gnome.rs" 30 4 37 5] ()); return _0 } diff --git a/creusot/tests/should_succeed/vector/03_knuth_shuffle.mlcfg b/creusot/tests/should_succeed/vector/03_knuth_shuffle.mlcfg index 17bca89c1b..ff5cbf0743 100644 --- a/creusot/tests/should_succeed/vector/03_knuth_shuffle.mlcfg +++ b/creusot/tests/should_succeed/vector/03_knuth_shuffle.mlcfg @@ -75,7 +75,7 @@ module C03KnuthShuffle_KnuthShuffle val inv10 (_x : Seq.seq usize) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../03_knuth_shuffle.rs" 1 0 1 0] forall x : Seq.seq usize . inv10 x = true + axiom inv10 : forall x : Seq.seq usize . inv10 x = true predicate invariant9 (self : Seq.seq t) val invariant9 (self : Seq.seq t) : bool ensures { result = invariant9 self } @@ -84,7 +84,7 @@ module C03KnuthShuffle_KnuthShuffle val inv9 (_x : Seq.seq t) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../03_knuth_shuffle.rs" 1 0 1 0] forall x : Seq.seq t . inv9 x = true + axiom inv9 : forall x : Seq.seq t . inv9 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant8 (self : Core_Option_Option_Type.t_option usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -95,7 +95,7 @@ module C03KnuthShuffle_KnuthShuffle val inv8 (_x : Core_Option_Option_Type.t_option usize) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../03_knuth_shuffle.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option usize . inv8 x = true + axiom inv8 : forall x : Core_Option_Option_Type.t_option usize . inv8 x = true use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type use prelude.Borrow predicate invariant7 (self : borrowed (Core_Ops_Range_Range_Type.t_range usize)) = @@ -107,7 +107,7 @@ module C03KnuthShuffle_KnuthShuffle val inv7 (_x : borrowed (Core_Ops_Range_Range_Type.t_range usize)) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../03_knuth_shuffle.rs" 1 0 1 0] forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv7 x = true + axiom inv7 : forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv7 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type predicate invariant6 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) @@ -118,7 +118,7 @@ module C03KnuthShuffle_KnuthShuffle val inv6 (_x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../03_knuth_shuffle.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv6 x = true + axiom inv6 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv6 x = true predicate invariant5 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) val invariant5 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = invariant5 self } @@ -127,7 +127,7 @@ module C03KnuthShuffle_KnuthShuffle val inv5 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../03_knuth_shuffle.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv5 x = true + axiom inv5 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv5 x = true use prelude.Slice predicate invariant4 (self : borrowed (slice t)) val invariant4 (self : borrowed (slice t)) : bool @@ -137,7 +137,7 @@ module C03KnuthShuffle_KnuthShuffle val inv4 (_x : borrowed (slice t)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../03_knuth_shuffle.rs" 1 0 1 0] forall x : borrowed (slice t) . inv4 x = true + axiom inv4 : forall x : borrowed (slice t) . inv4 x = true predicate invariant3 (self : slice t) val invariant3 (self : slice t) : bool ensures { result = invariant3 self } @@ -146,7 +146,7 @@ module C03KnuthShuffle_KnuthShuffle val inv3 (_x : slice t) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../03_knuth_shuffle.rs" 1 0 1 0] forall x : slice t . inv3 x = true + axiom inv3 : forall x : slice t . inv3 x = true use prelude.Int use prelude.UIntSize let constant max0 : usize = [@vc:do_not_keep_trace] [@vc:sp] @@ -167,7 +167,7 @@ module C03KnuthShuffle_KnuthShuffle val invariant2 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../03_knuth_shuffle.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv2 x = true + axiom inv2 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv2 x = true use seq.Seq predicate inv1 (_x : Core_Ops_Range_Range_Type.t_range usize) val inv1 (_x : Core_Ops_Range_Range_Type.t_range usize) : bool @@ -213,7 +213,7 @@ module C03KnuthShuffle_KnuthShuffle val invariant1 (self : Core_Ops_Range_Range_Type.t_range usize) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../03_knuth_shuffle.rs" 1 0 1 0] forall x : Core_Ops_Range_Range_Type.t_range usize . inv1 x = true + axiom inv1 : forall x : Core_Ops_Range_Range_Type.t_range usize . inv1 x = true use prelude.Ghost predicate invariant0 (self : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)))) @@ -224,7 +224,7 @@ module C03KnuthShuffle_KnuthShuffle val inv0 (_x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../03_knuth_shuffle.rs" 1 0 1 0] forall x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) . inv0 x = true + axiom inv0 : forall x : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) . inv0 x = true predicate resolve3 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve3 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool @@ -374,26 +374,26 @@ module C03KnuthShuffle_KnuthShuffle goto BB0 } BB0 { - old_v <- ([#"../03_knuth_shuffle.rs" 14 16 14 25] Ghost.new v); + [#"../03_knuth_shuffle.rs" 14 16 14 25] old_v <- ([#"../03_knuth_shuffle.rs" 14 16 14 25] Ghost.new v); goto BB1 } BB1 { assert { [@expl:type invariant] inv0 old_v }; assume { resolve0 old_v }; - _7 <- ([#"../03_knuth_shuffle.rs" 17 16 17 23] len0 ([#"../03_knuth_shuffle.rs" 17 16 17 23] * v)); + [#"../03_knuth_shuffle.rs" 17 16 17 23] _7 <- ([#"../03_knuth_shuffle.rs" 17 16 17 23] len0 ([#"../03_knuth_shuffle.rs" 17 16 17 23] * v)); goto BB2 } BB2 { - iter <- ([#"../03_knuth_shuffle.rs" 16 4 16 43] into_iter0 ([#"../03_knuth_shuffle.rs" 17 13 17 23] Core_Ops_Range_Range_Type.C_Range ([#"../03_knuth_shuffle.rs" 17 13 17 14] [#"../03_knuth_shuffle.rs" 17 13 17 14] (0 : usize)) _7)); + [#"../03_knuth_shuffle.rs" 16 4 16 43] iter <- ([#"../03_knuth_shuffle.rs" 16 4 16 43] into_iter0 ([#"../03_knuth_shuffle.rs" 17 13 17 23] Core_Ops_Range_Range_Type.C_Range ([#"../03_knuth_shuffle.rs" 17 13 17 14] [#"../03_knuth_shuffle.rs" 17 13 17 14] (0 : usize)) _7)); _7 <- any usize; goto BB3 } BB3 { - iter_old <- ([#"../03_knuth_shuffle.rs" 16 4 16 43] Ghost.new iter); + [#"../03_knuth_shuffle.rs" 16 4 16 43] iter_old <- ([#"../03_knuth_shuffle.rs" 16 4 16 43] Ghost.new iter); goto BB4 } BB4 { - produced <- ([#"../03_knuth_shuffle.rs" 16 4 16 43] Ghost.new (Seq.empty )); + [#"../03_knuth_shuffle.rs" 16 4 16 43] produced <- ([#"../03_knuth_shuffle.rs" 16 4 16 43] Ghost.new (Seq.empty )); goto BB5 } BB5 { @@ -406,11 +406,11 @@ module C03KnuthShuffle_KnuthShuffle goto BB7 } BB7 { - _19 <- Borrow.borrow_mut iter; - iter <- ^ _19; - _18 <- Borrow.borrow_mut ( * _19); - _19 <- { _19 with current = ^ _18 }; - _17 <- ([#"../03_knuth_shuffle.rs" 16 4 16 43] next0 _18); + [#"../03_knuth_shuffle.rs" 16 4 16 43] _19 <- Borrow.borrow_mut iter; + [#"../03_knuth_shuffle.rs" 16 4 16 43] iter <- ^ _19; + [#"../03_knuth_shuffle.rs" 16 4 16 43] _18 <- Borrow.borrow_mut ( * _19); + [#"../03_knuth_shuffle.rs" 16 4 16 43] _19 <- { _19 with current = ^ _18 }; + [#"../03_knuth_shuffle.rs" 16 4 16 43] _17 <- ([#"../03_knuth_shuffle.rs" 16 4 16 43] next0 _18); _18 <- any borrowed (Core_Ops_Range_Range_Type.t_range usize); goto BB8 } @@ -424,7 +424,7 @@ module C03KnuthShuffle_KnuthShuffle BB9 { assert { [@expl:type invariant] inv5 v }; assume { resolve3 v }; - _0 <- ([#"../03_knuth_shuffle.rs" 16 4 16 43] ()); + [#"../03_knuth_shuffle.rs" 16 4 16 43] _0 <- ([#"../03_knuth_shuffle.rs" 16 4 16 43] ()); return _0 } BB10 { @@ -433,39 +433,40 @@ module C03KnuthShuffle_KnuthShuffle BB11 { assert { [@expl:type invariant] inv5 v }; assume { resolve3 v }; + assert { [#"../03_knuth_shuffle.rs" 16 4 16 43] false }; absurd } BB12 { - __creusot_proc_iter_elem <- Core_Option_Option_Type.some_0 _17; - _22 <- ([#"../03_knuth_shuffle.rs" 16 4 16 43] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _17); + [#"../03_knuth_shuffle.rs" 16 4 16 43] _22 <- ([#"../03_knuth_shuffle.rs" 16 4 16 43] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); goto BB13 } BB13 { - produced <- _22; - _22 <- any Ghost.ghost_ty (Seq.seq usize); - n <- __creusot_proc_iter_elem; - _26 <- ([#"../03_knuth_shuffle.rs" 20 20 20 27] len0 ([#"../03_knuth_shuffle.rs" 20 20 20 27] * v)); + [#"../03_knuth_shuffle.rs" 16 4 16 43] produced <- ([#"../03_knuth_shuffle.rs" 16 4 16 43] _22); + [#"../03_knuth_shuffle.rs" 16 4 16 43] _22 <- any Ghost.ghost_ty (Seq.seq usize); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] n <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem); + [#"../03_knuth_shuffle.rs" 20 20 20 27] _26 <- ([#"../03_knuth_shuffle.rs" 20 20 20 27] len0 ([#"../03_knuth_shuffle.rs" 20 20 20 27] * v)); goto BB14 } BB14 { - upper <- ([#"../03_knuth_shuffle.rs" 20 20 20 31] _26 - n); + [#"../03_knuth_shuffle.rs" 20 20 20 31] upper <- ([#"../03_knuth_shuffle.rs" 20 20 20 31] _26 - ([#"../03_knuth_shuffle.rs" 20 30 20 31] n)); _26 <- any usize; - i <- ([#"../03_knuth_shuffle.rs" 21 16 21 39] rand_in_range0 ([#"../03_knuth_shuffle.rs" 21 30 21 31] [#"../03_knuth_shuffle.rs" 21 30 21 31] (0 : usize)) upper); + [#"../03_knuth_shuffle.rs" 21 16 21 39] i <- ([#"../03_knuth_shuffle.rs" 21 16 21 39] rand_in_range0 ([#"../03_knuth_shuffle.rs" 21 30 21 31] [#"../03_knuth_shuffle.rs" 21 30 21 31] (0 : usize)) ([#"../03_knuth_shuffle.rs" 21 33 21 38] upper)); goto BB15 } BB15 { - _34 <- Borrow.borrow_mut ( * v); - v <- { v with current = ^ _34 }; + [#"../03_knuth_shuffle.rs" 22 8 22 28] _34 <- Borrow.borrow_mut ( * v); + [#"../03_knuth_shuffle.rs" 22 8 22 28] v <- { v with current = ^ _34 }; assume { inv2 ( ^ _34) }; - _33 <- ([#"../03_knuth_shuffle.rs" 22 8 22 28] deref_mut0 _34); + [#"../03_knuth_shuffle.rs" 22 8 22 28] _33 <- ([#"../03_knuth_shuffle.rs" 22 8 22 28] deref_mut0 _34); _34 <- any borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)); goto BB16 } BB16 { - _32 <- Borrow.borrow_mut ( * _33); - _33 <- { _33 with current = ^ _32 }; + [#"../03_knuth_shuffle.rs" 22 8 22 28] _32 <- Borrow.borrow_mut ( * _33); + [#"../03_knuth_shuffle.rs" 22 8 22 28] _33 <- { _33 with current = ^ _32 }; assume { inv3 ( ^ _32) }; - _31 <- ([#"../03_knuth_shuffle.rs" 22 8 22 28] swap0 _32 i ([#"../03_knuth_shuffle.rs" 22 18 22 27] upper - ([#"../03_knuth_shuffle.rs" 22 26 22 27] [#"../03_knuth_shuffle.rs" 22 26 22 27] (1 : usize)))); + [#"../03_knuth_shuffle.rs" 22 8 22 28] _31 <- ([#"../03_knuth_shuffle.rs" 22 8 22 28] swap0 _32 ([#"../03_knuth_shuffle.rs" 22 15 22 16] i) ([#"../03_knuth_shuffle.rs" 22 18 22 27] ([#"../03_knuth_shuffle.rs" 22 18 22 23] upper) - ([#"../03_knuth_shuffle.rs" 22 26 22 27] [#"../03_knuth_shuffle.rs" 22 26 22 27] (1 : usize)))); _32 <- any borrowed (slice t); goto BB17 } diff --git a/creusot/tests/should_succeed/vector/04_binary_search.mlcfg b/creusot/tests/should_succeed/vector/04_binary_search.mlcfg index 6dc58d4e1b..c958169cba 100644 --- a/creusot/tests/should_succeed/vector/04_binary_search.mlcfg +++ b/creusot/tests/should_succeed/vector/04_binary_search.mlcfg @@ -56,7 +56,7 @@ module C04BinarySearch_BinarySearch val inv4 (_x : Seq.seq uint32) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../04_binary_search.rs" 1 0 1 0] forall x : Seq.seq uint32 . inv4 x = true + axiom inv4 : forall x : Seq.seq uint32 . inv4 x = true use prelude.UIntSize use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -80,7 +80,7 @@ module C04BinarySearch_BinarySearch val invariant3 (self : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../04_binary_search.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv3 x = true + axiom inv3 : forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv3 x = true predicate invariant2 (self : uint32) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : uint32) : bool @@ -90,7 +90,7 @@ module C04BinarySearch_BinarySearch val inv2 (_x : uint32) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../04_binary_search.rs" 1 0 1 0] forall x : uint32 . inv2 x = true + axiom inv2 : forall x : uint32 . inv2 x = true predicate invariant1 (self : usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : usize) : bool @@ -100,7 +100,7 @@ module C04BinarySearch_BinarySearch val inv1 (_x : usize) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../04_binary_search.rs" 1 0 1 0] forall x : usize . inv1 x = true + axiom inv1 : forall x : usize . inv1 x = true predicate invariant0 (self : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) : bool @@ -110,7 +110,7 @@ module C04BinarySearch_BinarySearch val inv0 (_x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../04_binary_search.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec uint32 (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use seq.Seq predicate sorted_range0 [#"../04_binary_search.rs" 8 0 8 52] (s : Seq.seq uint32) (l : int) (u : int) = [#"../04_binary_search.rs" 9 4 11 5] forall j : int . forall i : int . l <= i /\ i < j /\ j < u -> Seq.get s i <= Seq.get s j @@ -183,7 +183,7 @@ module C04BinarySearch_BinarySearch goto BB0 } BB0 { - _10 <- ([#"../04_binary_search.rs" 27 7 27 16] len0 ([#"../04_binary_search.rs" 27 7 27 16] arr)); + [#"../04_binary_search.rs" 27 7 27 16] _10 <- ([#"../04_binary_search.rs" 27 7 27 16] len0 ([#"../04_binary_search.rs" 27 7 27 16] arr)); goto BB1 } BB1 { @@ -193,15 +193,15 @@ module C04BinarySearch_BinarySearch end } BB2 { - _0 <- ([#"../04_binary_search.rs" 28 15 28 21] Core_Result_Result_Type.C_Err ([#"../04_binary_search.rs" 28 19 28 20] [#"../04_binary_search.rs" 28 19 28 20] (0 : usize))); + [#"../04_binary_search.rs" 28 15 28 21] _0 <- ([#"../04_binary_search.rs" 28 15 28 21] Core_Result_Result_Type.C_Err ([#"../04_binary_search.rs" 28 19 28 20] [#"../04_binary_search.rs" 28 19 28 20] (0 : usize))); goto BB21 } BB3 { - size <- ([#"../04_binary_search.rs" 30 19 30 28] len0 ([#"../04_binary_search.rs" 30 19 30 28] arr)); + [#"../04_binary_search.rs" 30 19 30 28] size <- ([#"../04_binary_search.rs" 30 19 30 28] len0 ([#"../04_binary_search.rs" 30 19 30 28] arr)); goto BB4 } BB4 { - base <- ([#"../04_binary_search.rs" 31 19 31 20] [#"../04_binary_search.rs" 31 19 31 20] (0 : usize)); + [#"../04_binary_search.rs" 31 19 31 20] base <- ([#"../04_binary_search.rs" 31 19 31 20] [#"../04_binary_search.rs" 31 19 31 20] (0 : usize)); goto BB5 } BB5 { @@ -211,69 +211,69 @@ module C04BinarySearch_BinarySearch goto BB6 } BB6 { - switch ([#"../04_binary_search.rs" 36 10 36 18] size > ([#"../04_binary_search.rs" 36 17 36 18] [#"../04_binary_search.rs" 36 17 36 18] (1 : usize))) + switch ([#"../04_binary_search.rs" 36 10 36 18] ([#"../04_binary_search.rs" 36 10 36 14] size) > ([#"../04_binary_search.rs" 36 17 36 18] [#"../04_binary_search.rs" 36 17 36 18] (1 : usize))) | False -> goto BB13 | True -> goto BB7 end } BB7 { - _25 <- ([#"../04_binary_search.rs" 37 19 37 27] ([#"../04_binary_search.rs" 37 26 37 27] [#"../04_binary_search.rs" 37 26 37 27] (2 : usize)) = ([#"../04_binary_search.rs" 37 19 37 27] [#"../04_binary_search.rs" 37 19 37 27] (0 : usize))); + [#"../04_binary_search.rs" 37 19 37 27] _25 <- ([#"../04_binary_search.rs" 37 19 37 27] ([#"../04_binary_search.rs" 37 26 37 27] [#"../04_binary_search.rs" 37 26 37 27] (2 : usize)) = ([#"../04_binary_search.rs" 37 19 37 27] [#"../04_binary_search.rs" 37 19 37 27] (0 : usize))); assert { [@expl:division by zero] [#"../04_binary_search.rs" 37 19 37 27] not _25 }; goto BB8 } BB8 { - half <- ([#"../04_binary_search.rs" 37 19 37 27] size / ([#"../04_binary_search.rs" 37 26 37 27] [#"../04_binary_search.rs" 37 26 37 27] (2 : usize))); - mid <- ([#"../04_binary_search.rs" 38 18 38 29] base + half); - _32 <- ([#"../04_binary_search.rs" 40 18 40 26] index0 ([#"../04_binary_search.rs" 40 18 40 21] arr) mid); + [#"../04_binary_search.rs" 37 19 37 27] half <- ([#"../04_binary_search.rs" 37 19 37 27] ([#"../04_binary_search.rs" 37 19 37 23] size) / ([#"../04_binary_search.rs" 37 26 37 27] [#"../04_binary_search.rs" 37 26 37 27] (2 : usize))); + [#"../04_binary_search.rs" 38 18 38 29] mid <- ([#"../04_binary_search.rs" 38 18 38 29] ([#"../04_binary_search.rs" 38 18 38 22] base) + ([#"../04_binary_search.rs" 38 25 38 29] half)); + [#"../04_binary_search.rs" 40 18 40 26] _32 <- ([#"../04_binary_search.rs" 40 18 40 26] index0 ([#"../04_binary_search.rs" 40 18 40 21] arr) ([#"../04_binary_search.rs" 40 22 40 25] mid)); goto BB9 } BB9 { - switch ([#"../04_binary_search.rs" 40 18 40 33] _32 > elem) + switch ([#"../04_binary_search.rs" 40 18 40 33] ([#"../04_binary_search.rs" 40 18 40 26] _32) > ([#"../04_binary_search.rs" 40 29 40 33] elem)) | False -> goto BB11 | True -> goto BB10 end } BB10 { - _29 <- base; + [#"../04_binary_search.rs" 40 36 40 40] _29 <- ([#"../04_binary_search.rs" 40 36 40 40] base); goto BB12 } BB11 { - _29 <- mid; + [#"../04_binary_search.rs" 40 50 40 53] _29 <- ([#"../04_binary_search.rs" 40 50 40 53] mid); goto BB12 } BB12 { - base <- _29; - _29 <- any usize; - size <- ([#"../04_binary_search.rs" 41 8 41 20] size - half); + [#"../04_binary_search.rs" 40 8 40 55] base <- ([#"../04_binary_search.rs" 40 8 40 55] _29); + [#"../04_binary_search.rs" 40 8 40 55] _29 <- any usize; + [#"../04_binary_search.rs" 41 8 41 20] size <- ([#"../04_binary_search.rs" 41 8 41 20] size - ([#"../04_binary_search.rs" 41 16 41 20] half)); goto BB5 } BB13 { - _41 <- ([#"../04_binary_search.rs" 44 14 44 23] index0 ([#"../04_binary_search.rs" 44 14 44 17] arr) base); + [#"../04_binary_search.rs" 44 14 44 23] _41 <- ([#"../04_binary_search.rs" 44 14 44 23] index0 ([#"../04_binary_search.rs" 44 14 44 17] arr) ([#"../04_binary_search.rs" 44 18 44 22] base)); goto BB14 } BB14 { - cmp <- _41; - switch ([#"../04_binary_search.rs" 45 7 45 18] cmp = elem) + [#"../04_binary_search.rs" 44 14 44 23] cmp <- ([#"../04_binary_search.rs" 44 14 44 23] _41); + switch ([#"../04_binary_search.rs" 45 7 45 18] ([#"../04_binary_search.rs" 45 7 45 10] cmp) = ([#"../04_binary_search.rs" 45 14 45 18] elem)) | False -> goto BB16 | True -> goto BB15 end } BB15 { - _0 <- ([#"../04_binary_search.rs" 46 8 46 16] Core_Result_Result_Type.C_Ok base); + [#"../04_binary_search.rs" 46 8 46 16] _0 <- ([#"../04_binary_search.rs" 46 8 46 16] Core_Result_Result_Type.C_Ok ([#"../04_binary_search.rs" 46 11 46 15] base)); goto BB20 } BB16 { - switch ([#"../04_binary_search.rs" 47 14 47 24] cmp < elem) + switch ([#"../04_binary_search.rs" 47 14 47 24] ([#"../04_binary_search.rs" 47 14 47 17] cmp) < ([#"../04_binary_search.rs" 47 20 47 24] elem)) | False -> goto BB18 | True -> goto BB17 end } BB17 { - _0 <- ([#"../04_binary_search.rs" 48 8 48 21] Core_Result_Result_Type.C_Err ([#"../04_binary_search.rs" 48 12 48 20] base + ([#"../04_binary_search.rs" 48 19 48 20] [#"../04_binary_search.rs" 48 19 48 20] (1 : usize)))); + [#"../04_binary_search.rs" 48 8 48 21] _0 <- ([#"../04_binary_search.rs" 48 8 48 21] Core_Result_Result_Type.C_Err ([#"../04_binary_search.rs" 48 12 48 20] ([#"../04_binary_search.rs" 48 12 48 16] base) + ([#"../04_binary_search.rs" 48 19 48 20] [#"../04_binary_search.rs" 48 19 48 20] (1 : usize)))); goto BB19 } BB18 { - _0 <- ([#"../04_binary_search.rs" 50 8 50 17] Core_Result_Result_Type.C_Err base); + [#"../04_binary_search.rs" 50 8 50 17] _0 <- ([#"../04_binary_search.rs" 50 8 50 17] Core_Result_Result_Type.C_Err ([#"../04_binary_search.rs" 50 12 50 16] base)); goto BB19 } BB19 { diff --git a/creusot/tests/should_succeed/vector/05_binary_search_generic.mlcfg b/creusot/tests/should_succeed/vector/05_binary_search_generic.mlcfg index 62beea21db..bb0e6c0bc6 100644 --- a/creusot/tests/should_succeed/vector/05_binary_search_generic.mlcfg +++ b/creusot/tests/should_succeed/vector/05_binary_search_generic.mlcfg @@ -62,7 +62,7 @@ module C05BinarySearchGeneric_BinarySearch val inv7 (_x : deep_model_ty0) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../05_binary_search_generic.rs" 1 0 1 0] forall x : deep_model_ty0 . inv7 x = true + axiom inv7 : forall x : deep_model_ty0 . inv7 x = true use seq.Seq predicate invariant6 (self : Seq.seq deep_model_ty0) val invariant6 (self : Seq.seq deep_model_ty0) : bool @@ -72,7 +72,7 @@ module C05BinarySearchGeneric_BinarySearch val inv6 (_x : Seq.seq deep_model_ty0) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../05_binary_search_generic.rs" 1 0 1 0] forall x : Seq.seq deep_model_ty0 . inv6 x = true + axiom inv6 : forall x : Seq.seq deep_model_ty0 . inv6 x = true predicate invariant5 (self : Seq.seq t) val invariant5 (self : Seq.seq t) : bool ensures { result = invariant5 self } @@ -81,7 +81,7 @@ module C05BinarySearchGeneric_BinarySearch val inv5 (_x : Seq.seq t) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../05_binary_search_generic.rs" 1 0 1 0] forall x : Seq.seq t . inv5 x = true + axiom inv5 : forall x : Seq.seq t . inv5 x = true use prelude.UIntSize use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -105,7 +105,7 @@ module C05BinarySearchGeneric_BinarySearch val invariant4 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant4 self } - axiom inv4 : [#"../05_binary_search_generic.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv4 x = true + axiom inv4 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv4 x = true predicate invariant3 (self : usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : usize) : bool @@ -115,7 +115,7 @@ module C05BinarySearchGeneric_BinarySearch val inv3 (_x : usize) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../05_binary_search_generic.rs" 1 0 1 0] forall x : usize . inv3 x = true + axiom inv3 : forall x : usize . inv3 x = true predicate invariant2 (self : t) val invariant2 (self : t) : bool ensures { result = invariant2 self } @@ -124,7 +124,7 @@ module C05BinarySearchGeneric_BinarySearch val inv2 (_x : t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../05_binary_search_generic.rs" 1 0 1 0] forall x : t . inv2 x = true + axiom inv2 : forall x : t . inv2 x = true predicate invariant1 (self : t) val invariant1 (self : t) : bool ensures { result = invariant1 self } @@ -133,7 +133,7 @@ module C05BinarySearchGeneric_BinarySearch val inv1 (_x : t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../05_binary_search_generic.rs" 1 0 1 0] forall x : t . inv1 x = true + axiom inv1 : forall x : t . inv1 x = true predicate invariant0 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) val invariant0 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant0 self } @@ -142,7 +142,7 @@ module C05BinarySearchGeneric_BinarySearch val inv0 (_x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../05_binary_search_generic.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use Core_Cmp_Ordering_Type as Core_Cmp_Ordering_Type function cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering val cmp_log0 (self : deep_model_ty0) (_2 : deep_model_ty0) : Core_Cmp_Ordering_Type.t_ordering @@ -363,7 +363,7 @@ module C05BinarySearchGeneric_BinarySearch goto BB3 } BB3 { - _10 <- ([#"../05_binary_search_generic.rs" 31 7 31 16] len0 ([#"../05_binary_search_generic.rs" 31 7 31 16] arr)); + [#"../05_binary_search_generic.rs" 31 7 31 16] _10 <- ([#"../05_binary_search_generic.rs" 31 7 31 16] len0 ([#"../05_binary_search_generic.rs" 31 7 31 16] arr)); goto BB4 } BB4 { @@ -377,18 +377,19 @@ module C05BinarySearchGeneric_BinarySearch assume { resolve2 elem }; assert { [@expl:type invariant] inv0 arr }; assume { resolve0 arr }; - _0 <- ([#"../05_binary_search_generic.rs" 32 15 32 21] Core_Result_Result_Type.C_Err ([#"../05_binary_search_generic.rs" 32 19 32 20] [#"../05_binary_search_generic.rs" 32 19 32 20] (0 : usize))); + [#"../05_binary_search_generic.rs" 32 15 32 21] _0 <- ([#"../05_binary_search_generic.rs" 32 15 32 21] Core_Result_Result_Type.C_Err ([#"../05_binary_search_generic.rs" 32 19 32 20] [#"../05_binary_search_generic.rs" 32 19 32 20] (0 : usize))); goto BB29 } BB6 { + assert { [#"../05_binary_search_generic.rs" 31 22 33 5] false }; absurd } BB7 { - size <- ([#"../05_binary_search_generic.rs" 34 26 34 35] len0 ([#"../05_binary_search_generic.rs" 34 26 34 35] arr)); + [#"../05_binary_search_generic.rs" 34 26 34 35] size <- ([#"../05_binary_search_generic.rs" 34 26 34 35] len0 ([#"../05_binary_search_generic.rs" 34 26 34 35] arr)); goto BB8 } BB8 { - base <- ([#"../05_binary_search_generic.rs" 35 26 35 27] [#"../05_binary_search_generic.rs" 35 26 35 27] (0 : usize)); + [#"../05_binary_search_generic.rs" 35 26 35 27] base <- ([#"../05_binary_search_generic.rs" 35 26 35 27] [#"../05_binary_search_generic.rs" 35 26 35 27] (0 : usize)); goto BB9 } BB9 { @@ -404,26 +405,26 @@ module C05BinarySearchGeneric_BinarySearch goto BB12 } BB12 { - switch ([#"../05_binary_search_generic.rs" 40 10 40 18] size > ([#"../05_binary_search_generic.rs" 40 17 40 18] [#"../05_binary_search_generic.rs" 40 17 40 18] (1 : usize))) + switch ([#"../05_binary_search_generic.rs" 40 10 40 18] ([#"../05_binary_search_generic.rs" 40 10 40 14] size) > ([#"../05_binary_search_generic.rs" 40 17 40 18] [#"../05_binary_search_generic.rs" 40 17 40 18] (1 : usize))) | False -> goto BB20 | True -> goto BB13 end } BB13 { - _25 <- ([#"../05_binary_search_generic.rs" 41 19 41 27] ([#"../05_binary_search_generic.rs" 41 26 41 27] [#"../05_binary_search_generic.rs" 41 26 41 27] (2 : usize)) = ([#"../05_binary_search_generic.rs" 41 19 41 27] [#"../05_binary_search_generic.rs" 41 19 41 27] (0 : usize))); + [#"../05_binary_search_generic.rs" 41 19 41 27] _25 <- ([#"../05_binary_search_generic.rs" 41 19 41 27] ([#"../05_binary_search_generic.rs" 41 26 41 27] [#"../05_binary_search_generic.rs" 41 26 41 27] (2 : usize)) = ([#"../05_binary_search_generic.rs" 41 19 41 27] [#"../05_binary_search_generic.rs" 41 19 41 27] (0 : usize))); assert { [@expl:division by zero] [#"../05_binary_search_generic.rs" 41 19 41 27] not _25 }; goto BB14 } BB14 { - half <- ([#"../05_binary_search_generic.rs" 41 19 41 27] size / ([#"../05_binary_search_generic.rs" 41 26 41 27] [#"../05_binary_search_generic.rs" 41 26 41 27] (2 : usize))); - mid <- ([#"../05_binary_search_generic.rs" 42 18 42 29] base + half); - _32 <- ([#"../05_binary_search_generic.rs" 44 18 44 26] index0 ([#"../05_binary_search_generic.rs" 44 18 44 21] arr) mid); + [#"../05_binary_search_generic.rs" 41 19 41 27] half <- ([#"../05_binary_search_generic.rs" 41 19 41 27] ([#"../05_binary_search_generic.rs" 41 19 41 23] size) / ([#"../05_binary_search_generic.rs" 41 26 41 27] [#"../05_binary_search_generic.rs" 41 26 41 27] (2 : usize))); + [#"../05_binary_search_generic.rs" 42 18 42 29] mid <- ([#"../05_binary_search_generic.rs" 42 18 42 29] ([#"../05_binary_search_generic.rs" 42 18 42 22] base) + ([#"../05_binary_search_generic.rs" 42 25 42 29] half)); + [#"../05_binary_search_generic.rs" 44 18 44 26] _32 <- ([#"../05_binary_search_generic.rs" 44 18 44 26] index0 ([#"../05_binary_search_generic.rs" 44 18 44 21] arr) ([#"../05_binary_search_generic.rs" 44 22 44 25] mid)); goto BB15 } BB15 { assert { [@expl:type invariant] inv1 _32 }; assume { resolve1 _32 }; - _30 <- ([#"../05_binary_search_generic.rs" 44 18 44 33] gt0 ([#"../05_binary_search_generic.rs" 44 18 44 26] _32) ([#"../05_binary_search_generic.rs" 44 29 44 33] elem)); + [#"../05_binary_search_generic.rs" 44 18 44 33] _30 <- ([#"../05_binary_search_generic.rs" 44 18 44 33] gt0 ([#"../05_binary_search_generic.rs" 44 18 44 26] _32) ([#"../05_binary_search_generic.rs" 44 29 44 33] elem)); goto BB16 } BB16 { @@ -433,35 +434,35 @@ module C05BinarySearchGeneric_BinarySearch end } BB17 { - _29 <- base; + [#"../05_binary_search_generic.rs" 44 36 44 40] _29 <- ([#"../05_binary_search_generic.rs" 44 36 44 40] base); goto BB19 } BB18 { - _29 <- mid; + [#"../05_binary_search_generic.rs" 44 50 44 53] _29 <- ([#"../05_binary_search_generic.rs" 44 50 44 53] mid); goto BB19 } BB19 { - base <- _29; - _29 <- any usize; - size <- ([#"../05_binary_search_generic.rs" 46 8 46 20] size - half); + [#"../05_binary_search_generic.rs" 44 8 44 55] base <- ([#"../05_binary_search_generic.rs" 44 8 44 55] _29); + [#"../05_binary_search_generic.rs" 44 8 44 55] _29 <- any usize; + [#"../05_binary_search_generic.rs" 46 8 46 20] size <- ([#"../05_binary_search_generic.rs" 46 8 46 20] size - ([#"../05_binary_search_generic.rs" 46 16 46 20] half)); goto BB11 } BB20 { assert { [@expl:type invariant] inv0 arr }; assume { resolve0 arr }; - _41 <- ([#"../05_binary_search_generic.rs" 49 15 49 24] index0 ([#"../05_binary_search_generic.rs" 49 15 49 18] arr) base); + [#"../05_binary_search_generic.rs" 49 15 49 24] _41 <- ([#"../05_binary_search_generic.rs" 49 15 49 24] index0 ([#"../05_binary_search_generic.rs" 49 15 49 18] arr) ([#"../05_binary_search_generic.rs" 49 19 49 23] base)); goto BB21 } BB21 { - cmp <- ([#"../05_binary_search_generic.rs" 49 14 49 24] _41); + [#"../05_binary_search_generic.rs" 49 14 49 24] cmp <- ([#"../05_binary_search_generic.rs" 49 14 49 24] _41); assert { [@expl:type invariant] inv1 _41 }; assume { resolve1 _41 }; assert { [@expl:type invariant] inv1 cmp }; assume { resolve1 cmp }; - _47 <- ([#"../05_binary_search_generic.rs" 51 18 51 23] elem); + [#"../05_binary_search_generic.rs" 51 18 51 23] _47 <- ([#"../05_binary_search_generic.rs" 51 18 51 23] elem); assert { [@expl:type invariant] inv1 _47 }; assume { resolve1 _47 }; - _44 <- ([#"../05_binary_search_generic.rs" 51 10 51 24] cmp0 ([#"../05_binary_search_generic.rs" 51 10 51 24] cmp) ([#"../05_binary_search_generic.rs" 51 18 51 23] _47)); + [#"../05_binary_search_generic.rs" 51 10 51 24] _44 <- ([#"../05_binary_search_generic.rs" 51 10 51 24] cmp0 ([#"../05_binary_search_generic.rs" 51 10 51 24] cmp) ([#"../05_binary_search_generic.rs" 51 18 51 23] _47)); goto BB22 } BB22 { @@ -480,15 +481,15 @@ module C05BinarySearchGeneric_BinarySearch goto BB26 } BB25 { - _0 <- ([#"../05_binary_search_generic.rs" 54 29 54 38] Core_Result_Result_Type.C_Err base); + [#"../05_binary_search_generic.rs" 54 29 54 38] _0 <- ([#"../05_binary_search_generic.rs" 54 29 54 38] Core_Result_Result_Type.C_Err ([#"../05_binary_search_generic.rs" 54 33 54 37] base)); goto BB28 } BB26 { - _0 <- ([#"../05_binary_search_generic.rs" 52 27 52 35] Core_Result_Result_Type.C_Ok base); + [#"../05_binary_search_generic.rs" 52 27 52 35] _0 <- ([#"../05_binary_search_generic.rs" 52 27 52 35] Core_Result_Result_Type.C_Ok ([#"../05_binary_search_generic.rs" 52 30 52 34] base)); goto BB28 } BB27 { - _0 <- ([#"../05_binary_search_generic.rs" 53 26 53 39] Core_Result_Result_Type.C_Err ([#"../05_binary_search_generic.rs" 53 30 53 38] base + ([#"../05_binary_search_generic.rs" 53 37 53 38] [#"../05_binary_search_generic.rs" 53 37 53 38] (1 : usize)))); + [#"../05_binary_search_generic.rs" 53 26 53 39] _0 <- ([#"../05_binary_search_generic.rs" 53 26 53 39] Core_Result_Result_Type.C_Err ([#"../05_binary_search_generic.rs" 53 30 53 38] ([#"../05_binary_search_generic.rs" 53 30 53 34] base) + ([#"../05_binary_search_generic.rs" 53 37 53 38] [#"../05_binary_search_generic.rs" 53 37 53 38] (1 : usize)))); goto BB28 } BB28 { diff --git a/creusot/tests/should_succeed/vector/06_knights_tour.mlcfg b/creusot/tests/should_succeed/vector/06_knights_tour.mlcfg index 8c37dff78a..ecb928b02e 100644 --- a/creusot/tests/should_succeed/vector/06_knights_tour.mlcfg +++ b/creusot/tests/should_succeed/vector/06_knights_tour.mlcfg @@ -36,17 +36,17 @@ module C06KnightsTour_Impl3_Clone goto BB0 } BB0 { - _5 <- ([#"../06_knights_tour.rs" 6 4 6 12] C06KnightsTour_Point_Type.point_x self); - _3 <- ([#"../06_knights_tour.rs" 6 4 6 12] clone0 ([#"../06_knights_tour.rs" 6 4 6 12] _5)); + [#"../06_knights_tour.rs" 6 4 6 12] _5 <- ([#"../06_knights_tour.rs" 6 4 6 12] C06KnightsTour_Point_Type.point_x self); + [#"../06_knights_tour.rs" 6 4 6 12] _3 <- ([#"../06_knights_tour.rs" 6 4 6 12] clone0 ([#"../06_knights_tour.rs" 6 4 6 12] _5)); goto BB1 } BB1 { - _8 <- ([#"../06_knights_tour.rs" 7 4 7 12] C06KnightsTour_Point_Type.point_y self); - _6 <- ([#"../06_knights_tour.rs" 7 4 7 12] clone0 ([#"../06_knights_tour.rs" 7 4 7 12] _8)); + [#"../06_knights_tour.rs" 7 4 7 12] _8 <- ([#"../06_knights_tour.rs" 7 4 7 12] C06KnightsTour_Point_Type.point_y self); + [#"../06_knights_tour.rs" 7 4 7 12] _6 <- ([#"../06_knights_tour.rs" 7 4 7 12] clone0 ([#"../06_knights_tour.rs" 7 4 7 12] _8)); goto BB2 } BB2 { - _0 <- ([#"../06_knights_tour.rs" 4 15 4 20] C06KnightsTour_Point_Type.C_Point _3 _6); + [#"../06_knights_tour.rs" 4 15 4 20] _0 <- ([#"../06_knights_tour.rs" 4 15 4 20] C06KnightsTour_Point_Type.C_Point _3 _6); _3 <- any isize; _6 <- any isize; return _0 @@ -75,7 +75,7 @@ module C06KnightsTour_Impl0_Mov goto BB0 } BB0 { - _0 <- ([#"../06_knights_tour.rs" 19 8 19 53] C06KnightsTour_Point_Type.C_Point ([#"../06_knights_tour.rs" 19 18 19 32] C06KnightsTour_Point_Type.point_x self + (let (a, _) = p in a)) ([#"../06_knights_tour.rs" 19 37 19 51] C06KnightsTour_Point_Type.point_y self + (let (_, a) = p in a))); + [#"../06_knights_tour.rs" 19 8 19 53] _0 <- ([#"../06_knights_tour.rs" 19 8 19 53] C06KnightsTour_Point_Type.C_Point ([#"../06_knights_tour.rs" 19 18 19 32] ([#"../06_knights_tour.rs" 19 19 19 25] C06KnightsTour_Point_Type.point_x self) + ([#"../06_knights_tour.rs" 19 28 19 31] let (a, _) = p in a)) ([#"../06_knights_tour.rs" 19 37 19 51] ([#"../06_knights_tour.rs" 19 38 19 44] C06KnightsTour_Point_Type.point_y self) + ([#"../06_knights_tour.rs" 19 47 19 50] let (_, a) = p in a))); return _0 } @@ -196,7 +196,7 @@ module C06KnightsTour_Impl1_New_Closure3 val inv2 (_x : Seq.seq usize) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Seq.seq usize . inv2 x = true + axiom inv2 : forall x : Seq.seq usize . inv2 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -219,7 +219,7 @@ module C06KnightsTour_Impl1_New_Closure3 val invariant1 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv1 x = true + axiom inv1 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv1 x = true predicate invariant0 (self : usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : usize) : bool @@ -229,7 +229,7 @@ module C06KnightsTour_Impl1_New_Closure3 val inv0 (_x : usize) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : usize . inv0 x = true + axiom inv0 : forall x : usize . inv0 x = true use prelude.Int16 use prelude.Ghost use prelude.Borrow @@ -237,14 +237,14 @@ module C06KnightsTour_Impl1_New_Closure3 function field_00 [#"../06_knights_tour.rs" 43 16 43 50] (self : C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3) : usize = - [#"../06_knights_tour.rs" 1 0 1 0] let C06KnightsTour_Impl1_New_Closure3.C06KnightsTour_Impl1_New_Closure3 a = self in a + let C06KnightsTour_Impl1_New_Closure3.C06KnightsTour_Impl1_New_Closure3 a = self in a val field_00 [#"../06_knights_tour.rs" 43 16 43 50] (self : C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3) : usize ensures { result = field_00 self } predicate unnest0 [#"../06_knights_tour.rs" 43 16 43 50] (self : C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3) (_2 : C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3) = - [#"../06_knights_tour.rs" 1 0 1 0] field_00 _2 = field_00 self + field_00 _2 = field_00 self use seq.Seq function index_logic0 [@inline:trivial] (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (ix : int) : usize @@ -266,7 +266,7 @@ module C06KnightsTour_Impl1_New_Closure3 let rec cfg c06KnightsTour_Impl1_New_Closure3 [#"../06_knights_tour.rs" 43 16 43 50] [@cfg:stackify] [@cfg:subregion_analysis] (_1 : borrowed C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3) (_2 : usize) (_3 : Ghost.ghost_ty (Seq.seq usize)) : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) ensures { [#"../06_knights_tour.rs" 43 26 43 48] Seq.length (shallow_model0 result) = UIntSize.to_int (field_00 ( ^ _1)) } - ensures { [#"../06_knights_tour.rs" 1 0 1 0] unnest0 ( * _1) ( ^ _1) } + ensures { unnest0 ( * _1) ( ^ _1) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global); @@ -277,15 +277,15 @@ module C06KnightsTour_Impl1_New_Closure3 } BB0 { assume { resolve0 _1 }; - res <- ([#"../06_knights_tour.rs" 44 23 44 36] from_elem0 ([#"../06_knights_tour.rs" 44 28 44 29] [#"../06_knights_tour.rs" 44 28 44 29] (0 : usize)) (field_00 ( * _1))); + [#"../../../../../creusot-contracts/src/lib.rs" 250 8 250 40] res <- ([#"../06_knights_tour.rs" 44 23 44 36] from_elem0 ([#"../06_knights_tour.rs" 44 28 44 29] [#"../06_knights_tour.rs" 44 28 44 29] (0 : usize)) ([#"../06_knights_tour.rs" 44 31 44 35] field_00 ( * _1))); goto BB1 } BB1 { goto BB2 } BB2 { - _0 <- res; - res <- any Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global); + [#"../06_knights_tour.rs" 43 16 43 50] _0 <- ([#"../06_knights_tour.rs" 43 16 43 50] res); + [#"../06_knights_tour.rs" 43 16 43 50] res <- any Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global); goto BB3 } BB3 { @@ -306,7 +306,7 @@ module C06KnightsTour_Impl1_New val inv12 (_x : Ghost.ghost_ty (Seq.seq usize)) : bool ensures { result = inv12 _x } - axiom inv12 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Ghost.ghost_ty (Seq.seq usize) . inv12 x = true + axiom inv12 : forall x : Ghost.ghost_ty (Seq.seq usize) . inv12 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int16 @@ -322,7 +322,7 @@ module C06KnightsTour_Impl1_New val inv11 (_x : Seq.seq (borrowed C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3)) : bool ensures { result = inv11 _x } - axiom inv11 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Seq.seq (borrowed C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3) . inv11 x = true + axiom inv11 : forall x : Seq.seq (borrowed C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3) . inv11 x = true predicate invariant10 (self : borrowed C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant10 (self : borrowed C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3) : bool @@ -332,7 +332,7 @@ module C06KnightsTour_Impl1_New val inv10 (_x : borrowed C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : borrowed C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3 . inv10 x = true + axiom inv10 : forall x : borrowed C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3 . inv10 x = true predicate inv7 (_x : Seq.seq usize) val inv7 (_x : Seq.seq usize) : bool ensures { result = inv7 _x } @@ -357,7 +357,7 @@ module C06KnightsTour_Impl1_New val invariant9 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant9 self } - axiom inv9 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv9 x = true + axiom inv9 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv9 x = true use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type predicate invariant8 (self : borrowed (Core_Ops_Range_Range_Type.t_range usize)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -368,13 +368,13 @@ module C06KnightsTour_Impl1_New val inv8 (_x : borrowed (Core_Ops_Range_Range_Type.t_range usize)) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv8 x = true + axiom inv8 : forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv8 x = true predicate invariant7 (self : Seq.seq usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant7 (self : Seq.seq usize) : bool ensures { result = invariant7 self } - axiom inv7 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Seq.seq usize . inv7 x = true + axiom inv7 : forall x : Seq.seq usize . inv7 x = true predicate inv4 (_x : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) val inv4 (_x : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv4 _x } @@ -399,7 +399,7 @@ module C06KnightsTour_Impl1_New val invariant6 (self : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant6 self } - axiom inv6 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global) . inv6 x = true + axiom inv6 : forall x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global) . inv6 x = true use CreusotContracts_Std1_Iter_MapInv_MapInv_Type as CreusotContracts_Std1_Iter_MapInv_MapInv_Type use seq.Seq predicate inv3 (_x : CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv (Core_Ops_Range_Range_Type.t_range usize) usize C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3) @@ -410,23 +410,23 @@ module C06KnightsTour_Impl1_New function field_00 [#"../06_knights_tour.rs" 43 16 43 50] (self : C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3) : usize = - [#"../06_knights_tour.rs" 1 0 1 0] let C06KnightsTour_Impl1_New_Closure3.C06KnightsTour_Impl1_New_Closure3 a = self in a + let C06KnightsTour_Impl1_New_Closure3.C06KnightsTour_Impl1_New_Closure3 a = self in a val field_00 [#"../06_knights_tour.rs" 43 16 43 50] (self : C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3) : usize ensures { result = field_00 self } predicate unnest0 [#"../06_knights_tour.rs" 43 16 43 50] (self : C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3) (_2 : C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3) = - [#"../06_knights_tour.rs" 1 0 1 0] field_00 _2 = field_00 self + field_00 _2 = field_00 self predicate postcondition_mut0 [#"../06_knights_tour.rs" 43 16 43 50] (self : borrowed C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3) (args : (usize, Ghost.ghost_ty (Seq.seq usize))) (result : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) = - [#"../06_knights_tour.rs" 1 0 1 0] (let (_2, _3) = args in Seq.length (shallow_model2 result) = UIntSize.to_int (field_00 ( ^ self))) /\ unnest0 ( * self) ( ^ self) + (let (_2, _3) = args in Seq.length (shallow_model2 result) = UIntSize.to_int (field_00 ( ^ self))) /\ unnest0 ( * self) ( ^ self) use seq.Seq predicate precondition0 [#"../06_knights_tour.rs" 43 16 43 50] (self : C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3) (args : (usize, Ghost.ghost_ty (Seq.seq usize))) = - [#"../06_knights_tour.rs" 1 0 1 0] let (_2, _3) = args in true + let (_2, _3) = args in true use prelude.Ghost use seq_ext.SeqExt use seq.Seq @@ -492,13 +492,13 @@ module C06KnightsTour_Impl1_New val inv5 (_x : borrowed (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv (Core_Ops_Range_Range_Type.t_range usize) usize C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3)) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : borrowed (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv (Core_Ops_Range_Range_Type.t_range usize) usize C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3) . inv5 x = (inv3 ( * x) /\ inv3 ( ^ x)) + axiom inv5 : forall x : borrowed (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv (Core_Ops_Range_Range_Type.t_range usize) usize C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3) . inv5 x = (inv3 ( * x) /\ inv3 ( ^ x)) predicate invariant4 (self : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant4 (self : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = invariant4 self } - axiom inv4 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv4 x = true + axiom inv4 : forall x : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv4 x = true use seq.Seq predicate inv1 (_x : usize) val inv1 (_x : usize) : bool @@ -557,7 +557,7 @@ module C06KnightsTour_Impl1_New val invariant3 (self : CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv (Core_Ops_Range_Range_Type.t_range usize) usize C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3) : bool ensures { result = invariant3 self } - axiom inv3 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv (Core_Ops_Range_Range_Type.t_range usize) usize C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3 . inv3 x = (invariant3 x /\ match x with + axiom inv3 : forall x : CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv (Core_Ops_Range_Range_Type.t_range usize) usize C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3 . inv3 x = (invariant3 x /\ match x with | CreusotContracts_Std1_Iter_MapInv_MapInv_Type.C_MapInv iter func produced -> true end) predicate invariant2 (self : C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3) = @@ -565,7 +565,7 @@ module C06KnightsTour_Impl1_New val invariant2 (self : C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3) : bool ensures { result = invariant2 self } - axiom inv2 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3 . inv2 x = true + axiom inv2 : forall x : C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3 . inv2 x = true function produces_trans1 (a : Core_Ops_Range_Range_Type.t_range usize) (ab : Seq.seq usize) (b : Core_Ops_Range_Range_Type.t_range usize) (bc : Seq.seq usize) (c : Core_Ops_Range_Range_Type.t_range usize) : () val produces_trans1 (a : Core_Ops_Range_Range_Type.t_range usize) (ab : Seq.seq usize) (b : Core_Ops_Range_Range_Type.t_range usize) (bc : Seq.seq usize) (c : Core_Ops_Range_Range_Type.t_range usize) : () @@ -590,13 +590,13 @@ module C06KnightsTour_Impl1_New val invariant1 (self : usize) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : usize . inv1 x = true + axiom inv1 : forall x : usize . inv1 x = true predicate invariant0 (self : Core_Ops_Range_Range_Type.t_range usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : Core_Ops_Range_Range_Type.t_range usize) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Core_Ops_Range_Range_Type.t_range usize . inv0 x = true + axiom inv0 : forall x : Core_Ops_Range_Range_Type.t_range usize . inv0 x = true function produces_trans0 (a : Core_Ops_Range_Range_Type.t_range usize) (ab : Seq.seq usize) (b : Core_Ops_Range_Range_Type.t_range usize) (bc : Seq.seq usize) (c : Core_Ops_Range_Range_Type.t_range usize) : () val produces_trans0 (a : Core_Ops_Range_Range_Type.t_range usize) (ab : Seq.seq usize) (b : Core_Ops_Range_Range_Type.t_range usize) (bc : Seq.seq usize) (c : Core_Ops_Range_Range_Type.t_range usize) : () @@ -646,7 +646,7 @@ module C06KnightsTour_Impl1_New predicate resolve2 [#"../06_knights_tour.rs" 43 16 43 50] (_1 : C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3) = - [#"../06_knights_tour.rs" 1 0 1 0] true + true predicate resolve1 (self : Core_Ops_Range_Range_Type.t_range usize) = [#"../../../../../creusot-contracts/src/resolve.rs" 45 8 45 12] true val resolve1 (self : Core_Ops_Range_Range_Type.t_range usize) : bool @@ -687,17 +687,17 @@ module C06KnightsTour_Impl1_New goto BB0 } BB0 { - _6 <- ([#"../06_knights_tour.rs" 41 19 45 13] map_inv0 ([#"../06_knights_tour.rs" 41 19 41 28] Core_Ops_Range_Range_Type.C_Range ([#"../06_knights_tour.rs" 41 20 41 21] [#"../06_knights_tour.rs" 41 20 41 21] (0 : usize)) size) ([#"../06_knights_tour.rs" 43 16 43 50] C06KnightsTour_Impl1_New_Closure3.C06KnightsTour_Impl1_New_Closure3 ([#"../06_knights_tour.rs" 43 16 43 50] size))); + [#"../06_knights_tour.rs" 41 19 45 13] _6 <- ([#"../06_knights_tour.rs" 41 19 45 13] map_inv0 ([#"../06_knights_tour.rs" 41 19 41 28] Core_Ops_Range_Range_Type.C_Range ([#"../06_knights_tour.rs" 41 20 41 21] [#"../06_knights_tour.rs" 41 20 41 21] (0 : usize)) ([#"../06_knights_tour.rs" 41 23 41 27] size)) ([#"../06_knights_tour.rs" 43 16 43 50] C06KnightsTour_Impl1_New_Closure3.C06KnightsTour_Impl1_New_Closure3 ([#"../06_knights_tour.rs" 43 16 43 50] size))); goto BB1 } BB1 { - rows <- ([#"../06_knights_tour.rs" 41 19 46 22] collect0 _6); + [#"../06_knights_tour.rs" 41 19 46 22] rows <- ([#"../06_knights_tour.rs" 41 19 46 22] collect0 _6); _6 <- any CreusotContracts_Std1_Iter_MapInv_MapInv_Type.t_mapinv (Core_Ops_Range_Range_Type.t_range usize) usize C06KnightsTour_Impl1_New_Closure3.c06knightstour_impl1_new_closure3; goto BB2 } BB2 { - _0 <- ([#"../06_knights_tour.rs" 47 8 47 34] C06KnightsTour_Board_Type.C_Board size rows); - rows <- any Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global); + [#"../06_knights_tour.rs" 47 8 47 34] _0 <- ([#"../06_knights_tour.rs" 47 8 47 34] C06KnightsTour_Board_Type.C_Board ([#"../06_knights_tour.rs" 47 15 47 19] size) ([#"../06_knights_tour.rs" 47 28 47 32] rows)); + [#"../06_knights_tour.rs" 47 28 47 32] rows <- any Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global); goto BB3 } BB3 { @@ -720,7 +720,7 @@ module C06KnightsTour_Impl1_Available val inv7 (_x : Seq.seq usize) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Seq.seq usize . inv7 x = true + axiom inv7 : forall x : Seq.seq usize . inv7 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -743,7 +743,7 @@ module C06KnightsTour_Impl1_Available val invariant6 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant6 self } - axiom inv6 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv6 x = true + axiom inv6 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv6 x = true predicate invariant5 (self : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant5 (self : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool @@ -753,7 +753,7 @@ module C06KnightsTour_Impl1_Available val inv5 (_x : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv5 x = true + axiom inv5 : forall x : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv5 x = true use seq.Seq predicate inv4 (_x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) @@ -774,7 +774,7 @@ module C06KnightsTour_Impl1_Available val invariant4 (self : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant4 self } - axiom inv4 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global) . inv4 x = true + axiom inv4 : forall x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global) . inv4 x = true predicate invariant3 (self : usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : usize) : bool @@ -784,7 +784,7 @@ module C06KnightsTour_Impl1_Available val inv3 (_x : usize) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : usize . inv3 x = true + axiom inv3 : forall x : usize . inv3 x = true predicate invariant2 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool @@ -794,7 +794,7 @@ module C06KnightsTour_Impl1_Available val inv2 (_x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv2 x = true + axiom inv2 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv2 x = true predicate invariant1 (self : usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : usize) : bool @@ -804,7 +804,7 @@ module C06KnightsTour_Impl1_Available val inv1 (_x : usize) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : usize . inv1 x = true + axiom inv1 : forall x : usize . inv1 x = true predicate invariant0 (self : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) = @@ -817,7 +817,7 @@ module C06KnightsTour_Impl1_Available val inv0 (_x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use prelude.IntSize use C06KnightsTour_Point_Type as C06KnightsTour_Point_Type use C06KnightsTour_Board_Type as C06KnightsTour_Board_Type @@ -912,28 +912,28 @@ module C06KnightsTour_Impl1_Available goto BB0 } BB0 { - switch ([#"../06_knights_tour.rs" 53 8 53 16] ([#"../06_knights_tour.rs" 53 8 53 9] [#"../06_knights_tour.rs" 53 8 53 9] (0 : isize)) <= C06KnightsTour_Point_Type.point_x p) + switch ([#"../06_knights_tour.rs" 53 8 53 16] ([#"../06_knights_tour.rs" 53 8 53 9] [#"../06_knights_tour.rs" 53 8 53 9] (0 : isize)) <= ([#"../06_knights_tour.rs" 53 13 53 16] C06KnightsTour_Point_Type.point_x p)) | False -> goto BB10 | True -> goto BB11 end } BB1 { - _0 <- ([#"../06_knights_tour.rs" 53 8 57 58] [#"../06_knights_tour.rs" 53 8 57 58] false); + [#"../06_knights_tour.rs" 53 8 57 58] _0 <- ([#"../06_knights_tour.rs" 53 8 57 58] [#"../06_knights_tour.rs" 53 8 57 58] false); goto BB3 } BB2 { - _24 <- ([#"../06_knights_tour.rs" 57 15 57 39] index0 ([#"../06_knights_tour.rs" 57 15 57 25] C06KnightsTour_Board_Type.board_field self) ([#"../06_knights_tour.rs" 57 26 57 38] UIntSize.of_int (IntSize.to_int (C06KnightsTour_Point_Type.point_x p)))); + [#"../06_knights_tour.rs" 57 15 57 39] _24 <- ([#"../06_knights_tour.rs" 57 15 57 39] index0 ([#"../06_knights_tour.rs" 57 15 57 25] C06KnightsTour_Board_Type.board_field self) ([#"../06_knights_tour.rs" 57 26 57 38] UIntSize.of_int (IntSize.to_int ([#"../06_knights_tour.rs" 57 26 57 29] C06KnightsTour_Point_Type.point_x p)))); goto BB13 } BB3 { return _0 } BB4 { - _5 <- ([#"../06_knights_tour.rs" 53 8 56 41] [#"../06_knights_tour.rs" 53 8 56 41] false); + [#"../06_knights_tour.rs" 53 8 56 41] _5 <- ([#"../06_knights_tour.rs" 53 8 56 41] [#"../06_knights_tour.rs" 53 8 56 41] false); goto BB6 } BB5 { - _5 <- ([#"../06_knights_tour.rs" 56 15 56 41] ([#"../06_knights_tour.rs" 56 15 56 29] UIntSize.of_int (IntSize.to_int (C06KnightsTour_Point_Type.point_y p))) < C06KnightsTour_Board_Type.board_size self); + [#"../06_knights_tour.rs" 53 8 56 41] _5 <- ([#"../06_knights_tour.rs" 56 15 56 41] ([#"../06_knights_tour.rs" 56 15 56 29] UIntSize.of_int (IntSize.to_int ([#"../06_knights_tour.rs" 56 16 56 19] C06KnightsTour_Point_Type.point_y p))) < ([#"../06_knights_tour.rs" 56 32 56 41] C06KnightsTour_Board_Type.board_size self)); goto BB6 } BB6 { @@ -943,11 +943,11 @@ module C06KnightsTour_Impl1_Available end } BB7 { - _6 <- ([#"../06_knights_tour.rs" 53 8 55 23] [#"../06_knights_tour.rs" 53 8 55 23] false); + [#"../06_knights_tour.rs" 53 8 55 23] _6 <- ([#"../06_knights_tour.rs" 53 8 55 23] [#"../06_knights_tour.rs" 53 8 55 23] false); goto BB9 } BB8 { - _6 <- ([#"../06_knights_tour.rs" 55 15 55 23] ([#"../06_knights_tour.rs" 55 15 55 16] [#"../06_knights_tour.rs" 55 15 55 16] (0 : isize)) <= C06KnightsTour_Point_Type.point_y p); + [#"../06_knights_tour.rs" 53 8 55 23] _6 <- ([#"../06_knights_tour.rs" 55 15 55 23] ([#"../06_knights_tour.rs" 55 15 55 16] [#"../06_knights_tour.rs" 55 15 55 16] (0 : isize)) <= ([#"../06_knights_tour.rs" 55 20 55 23] C06KnightsTour_Point_Type.point_y p)); goto BB9 } BB9 { @@ -957,11 +957,11 @@ module C06KnightsTour_Impl1_Available end } BB10 { - _7 <- ([#"../06_knights_tour.rs" 53 8 54 41] [#"../06_knights_tour.rs" 53 8 54 41] false); + [#"../06_knights_tour.rs" 53 8 54 41] _7 <- ([#"../06_knights_tour.rs" 53 8 54 41] [#"../06_knights_tour.rs" 53 8 54 41] false); goto BB12 } BB11 { - _7 <- ([#"../06_knights_tour.rs" 54 15 54 41] ([#"../06_knights_tour.rs" 54 15 54 29] UIntSize.of_int (IntSize.to_int (C06KnightsTour_Point_Type.point_x p))) < C06KnightsTour_Board_Type.board_size self); + [#"../06_knights_tour.rs" 53 8 54 41] _7 <- ([#"../06_knights_tour.rs" 54 15 54 41] ([#"../06_knights_tour.rs" 54 15 54 29] UIntSize.of_int (IntSize.to_int ([#"../06_knights_tour.rs" 54 16 54 19] C06KnightsTour_Point_Type.point_x p))) < ([#"../06_knights_tour.rs" 54 32 54 41] C06KnightsTour_Board_Type.board_size self)); goto BB12 } BB12 { @@ -971,11 +971,11 @@ module C06KnightsTour_Impl1_Available end } BB13 { - _22 <- ([#"../06_knights_tour.rs" 57 15 57 53] index1 ([#"../06_knights_tour.rs" 57 15 57 39] _24) ([#"../06_knights_tour.rs" 57 40 57 52] UIntSize.of_int (IntSize.to_int (C06KnightsTour_Point_Type.point_y p)))); + [#"../06_knights_tour.rs" 57 15 57 53] _22 <- ([#"../06_knights_tour.rs" 57 15 57 53] index1 ([#"../06_knights_tour.rs" 57 15 57 39] _24) ([#"../06_knights_tour.rs" 57 40 57 52] UIntSize.of_int (IntSize.to_int ([#"../06_knights_tour.rs" 57 40 57 43] C06KnightsTour_Point_Type.point_y p)))); goto BB14 } BB14 { - _0 <- ([#"../06_knights_tour.rs" 57 15 57 58] _22 = ([#"../06_knights_tour.rs" 57 57 57 58] [#"../06_knights_tour.rs" 57 57 57 58] (0 : usize))); + [#"../06_knights_tour.rs" 53 8 57 58] _0 <- ([#"../06_knights_tour.rs" 57 15 57 58] ([#"../06_knights_tour.rs" 57 15 57 53] _22) = ([#"../06_knights_tour.rs" 57 57 57 58] [#"../06_knights_tour.rs" 57 57 57 58] (0 : usize))); goto BB3 } @@ -1019,7 +1019,7 @@ module C06KnightsTour_Impl1_CountDegree val inv8 (_x : Seq.seq usize) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Seq.seq usize . inv8 x = true + axiom inv8 : forall x : Seq.seq usize . inv8 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -1042,7 +1042,7 @@ module C06KnightsTour_Impl1_CountDegree val invariant7 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant7 self } - axiom inv7 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv7 x = true + axiom inv7 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv7 x = true predicate invariant6 (self : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant6 (self : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool @@ -1052,7 +1052,7 @@ module C06KnightsTour_Impl1_CountDegree val inv6 (_x : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv6 x = true + axiom inv6 : forall x : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv6 x = true use seq.Seq predicate inv5 (_x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) @@ -1073,7 +1073,7 @@ module C06KnightsTour_Impl1_CountDegree val invariant5 (self : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant5 self } - axiom inv5 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global) . inv5 x = true + axiom inv5 : forall x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global) . inv5 x = true use prelude.IntSize predicate invariant4 (self : Seq.seq (isize, isize)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1084,7 +1084,7 @@ module C06KnightsTour_Impl1_CountDegree val inv4 (_x : Seq.seq (isize, isize)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Seq.seq (isize, isize) . inv4 x = true + axiom inv4 : forall x : Seq.seq (isize, isize) . inv4 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant3 (self : Core_Option_Option_Type.t_option (isize, isize)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1095,7 +1095,7 @@ module C06KnightsTour_Impl1_CountDegree val inv3 (_x : Core_Option_Option_Type.t_option (isize, isize)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (isize, isize) . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option (isize, isize) . inv3 x = true use Alloc_Vec_IntoIter_IntoIter_Type as Alloc_Vec_IntoIter_IntoIter_Type use prelude.Borrow predicate invariant2 (self : borrowed (Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter (isize, isize) (Alloc_Alloc_Global_Type.t_global))) @@ -1110,7 +1110,7 @@ module C06KnightsTour_Impl1_CountDegree val inv2 (_x : borrowed (Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter (isize, isize) (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter (isize, isize) (Alloc_Alloc_Global_Type.t_global)) . inv2 x = true + axiom inv2 : forall x : borrowed (Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter (isize, isize) (Alloc_Alloc_Global_Type.t_global)) . inv2 x = true use seq.Seq predicate inv1 (_x : Alloc_Vec_Vec_Type.t_vec (isize, isize) (Alloc_Alloc_Global_Type.t_global)) val inv1 (_x : Alloc_Vec_Vec_Type.t_vec (isize, isize) (Alloc_Alloc_Global_Type.t_global)) : bool @@ -1128,7 +1128,7 @@ module C06KnightsTour_Impl1_CountDegree val invariant1 (self : Alloc_Vec_Vec_Type.t_vec (isize, isize) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (isize, isize) (Alloc_Alloc_Global_Type.t_global) . inv1 x = true + axiom inv1 : forall x : Alloc_Vec_Vec_Type.t_vec (isize, isize) (Alloc_Alloc_Global_Type.t_global) . inv1 x = true use seq.Seq predicate inv0 (_x : Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter (isize, isize) (Alloc_Alloc_Global_Type.t_global)) val inv0 (_x : Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter (isize, isize) (Alloc_Alloc_Global_Type.t_global)) : bool @@ -1178,7 +1178,7 @@ module C06KnightsTour_Impl1_CountDegree val invariant0 (self : Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter (isize, isize) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter (isize, isize) (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter (isize, isize) (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use prelude.IntSize use C06KnightsTour_Point_Type as C06KnightsTour_Point_Type use C06KnightsTour_Board_Type as C06KnightsTour_Board_Type @@ -1324,21 +1324,21 @@ module C06KnightsTour_Impl1_CountDegree goto BB0 } BB0 { - count <- ([#"../06_knights_tour.rs" 71 24 71 25] [#"../06_knights_tour.rs" 71 24 71 25] (0 : usize)); - _8 <- ([#"../06_knights_tour.rs" 74 17 74 24] moves0 ()); + [#"../06_knights_tour.rs" 71 24 71 25] count <- ([#"../06_knights_tour.rs" 71 24 71 25] [#"../06_knights_tour.rs" 71 24 71 25] (0 : usize)); + [#"../06_knights_tour.rs" 74 17 74 24] _8 <- ([#"../06_knights_tour.rs" 74 17 74 24] moves0 ()); goto BB1 } BB1 { - iter <- ([#"../06_knights_tour.rs" 73 8 73 46] into_iter0 _8); + [#"../06_knights_tour.rs" 73 8 73 46] iter <- ([#"../06_knights_tour.rs" 73 8 73 46] into_iter0 _8); _8 <- any Alloc_Vec_Vec_Type.t_vec (isize, isize) (Alloc_Alloc_Global_Type.t_global); goto BB2 } BB2 { - iter_old <- ([#"../06_knights_tour.rs" 73 8 73 46] Ghost.new iter); + [#"../06_knights_tour.rs" 73 8 73 46] iter_old <- ([#"../06_knights_tour.rs" 73 8 73 46] Ghost.new iter); goto BB3 } BB3 { - produced <- ([#"../06_knights_tour.rs" 73 8 73 46] Ghost.new (Seq.empty )); + [#"../06_knights_tour.rs" 73 8 73 46] produced <- ([#"../06_knights_tour.rs" 73 8 73 46] Ghost.new (Seq.empty )); goto BB4 } BB4 { @@ -1357,11 +1357,11 @@ module C06KnightsTour_Impl1_CountDegree goto BB8 } BB8 { - _19 <- Borrow.borrow_mut iter; - iter <- ^ _19; - _18 <- Borrow.borrow_mut ( * _19); - _19 <- { _19 with current = ^ _18 }; - _17 <- ([#"../06_knights_tour.rs" 73 8 73 46] next0 _18); + [#"../06_knights_tour.rs" 73 8 73 46] _19 <- Borrow.borrow_mut iter; + [#"../06_knights_tour.rs" 73 8 73 46] iter <- ^ _19; + [#"../06_knights_tour.rs" 73 8 73 46] _18 <- Borrow.borrow_mut ( * _19); + [#"../06_knights_tour.rs" 73 8 73 46] _19 <- { _19 with current = ^ _18 }; + [#"../06_knights_tour.rs" 73 8 73 46] _17 <- ([#"../06_knights_tour.rs" 73 8 73 46] next0 _18); _18 <- any borrowed (Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter (isize, isize) (Alloc_Alloc_Global_Type.t_global)); goto BB9 } @@ -1381,25 +1381,26 @@ module C06KnightsTour_Impl1_CountDegree } BB12 { assume { resolve2 iter }; + assert { [#"../06_knights_tour.rs" 73 8 73 46] false }; absurd } BB13 { - __creusot_proc_iter_elem <- Core_Option_Option_Type.some_0 _17; - _22 <- ([#"../06_knights_tour.rs" 73 8 73 46] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _17); + [#"../06_knights_tour.rs" 73 8 73 46] _22 <- ([#"../06_knights_tour.rs" 73 8 73 46] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); goto BB14 } BB14 { - produced <- _22; - _22 <- any Ghost.ghost_ty (Seq.seq (isize, isize)); - m <- __creusot_proc_iter_elem; + [#"../06_knights_tour.rs" 73 8 73 46] produced <- ([#"../06_knights_tour.rs" 73 8 73 46] _22); + [#"../06_knights_tour.rs" 73 8 73 46] _22 <- any Ghost.ghost_ty (Seq.seq (isize, isize)); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] m <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem); assume { resolve1 __creusot_proc_iter_elem }; - _28 <- ([#"../06_knights_tour.rs" 75 29 75 31] m); - next <- ([#"../06_knights_tour.rs" 75 23 75 32] mov0 ([#"../06_knights_tour.rs" 75 23 75 32] p) ([#"../06_knights_tour.rs" 75 29 75 31] _28)); + [#"../06_knights_tour.rs" 75 29 75 31] _28 <- ([#"../06_knights_tour.rs" 75 29 75 31] m); + [#"../06_knights_tour.rs" 75 23 75 32] next <- ([#"../06_knights_tour.rs" 75 23 75 32] mov0 ([#"../06_knights_tour.rs" 75 23 75 32] p) ([#"../06_knights_tour.rs" 75 29 75 31] _28)); goto BB15 } BB15 { assume { resolve1 m }; - _29 <- ([#"../06_knights_tour.rs" 76 15 76 35] available0 ([#"../06_knights_tour.rs" 76 15 76 35] self) next); + [#"../06_knights_tour.rs" 76 15 76 35] _29 <- ([#"../06_knights_tour.rs" 76 15 76 35] available0 ([#"../06_knights_tour.rs" 76 15 76 35] self) ([#"../06_knights_tour.rs" 76 30 76 34] next)); goto BB16 } BB16 { @@ -1409,19 +1410,19 @@ module C06KnightsTour_Impl1_CountDegree end } BB17 { - count <- ([#"../06_knights_tour.rs" 77 16 77 26] count + ([#"../06_knights_tour.rs" 77 25 77 26] [#"../06_knights_tour.rs" 77 25 77 26] (1 : usize))); - _16 <- ([#"../06_knights_tour.rs" 76 36 78 13] ()); + [#"../06_knights_tour.rs" 77 16 77 26] count <- ([#"../06_knights_tour.rs" 77 16 77 26] count + ([#"../06_knights_tour.rs" 77 25 77 26] [#"../06_knights_tour.rs" 77 25 77 26] (1 : usize))); + [#"../06_knights_tour.rs" 76 36 78 13] _16 <- ([#"../06_knights_tour.rs" 76 36 78 13] ()); goto BB19 } BB18 { - _16 <- ([#"../06_knights_tour.rs" 78 13 78 13] ()); + [#"../06_knights_tour.rs" 78 13 78 13] _16 <- ([#"../06_knights_tour.rs" 78 13 78 13] ()); goto BB19 } BB19 { goto BB7 } BB20 { - _0 <- count; + [#"../06_knights_tour.rs" 80 8 80 13] _0 <- ([#"../06_knights_tour.rs" 80 8 80 13] count); return _0 } @@ -1438,7 +1439,7 @@ module C06KnightsTour_Impl1_Set val inv7 (_x : Seq.seq usize) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Seq.seq usize . inv7 x = true + axiom inv7 : forall x : Seq.seq usize . inv7 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -1461,7 +1462,7 @@ module C06KnightsTour_Impl1_Set val invariant6 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant6 self } - axiom inv6 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv6 x = true + axiom inv6 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv6 x = true predicate invariant5 (self : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant5 (self : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool @@ -1471,7 +1472,7 @@ module C06KnightsTour_Impl1_Set val inv5 (_x : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv5 x = true + axiom inv5 : forall x : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv5 x = true use seq.Seq predicate inv4 (_x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) @@ -1492,7 +1493,7 @@ module C06KnightsTour_Impl1_Set val invariant4 (self : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant4 self } - axiom inv4 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global) . inv4 x = true + axiom inv4 : forall x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global) . inv4 x = true use prelude.Borrow predicate invariant3 (self : borrowed usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1503,7 +1504,7 @@ module C06KnightsTour_Impl1_Set val inv3 (_x : borrowed usize) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : borrowed usize . inv3 x = true + axiom inv3 : forall x : borrowed usize . inv3 x = true predicate invariant2 (self : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool @@ -1513,7 +1514,7 @@ module C06KnightsTour_Impl1_Set val inv2 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv2 x = true + axiom inv2 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv2 x = true predicate invariant1 (self : usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant1 (self : usize) : bool @@ -1523,7 +1524,7 @@ module C06KnightsTour_Impl1_Set val inv1 (_x : usize) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : usize . inv1 x = true + axiom inv1 : forall x : usize . inv1 x = true predicate invariant0 (self : borrowed (Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global))) = @@ -1536,7 +1537,7 @@ module C06KnightsTour_Impl1_Set val inv0 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) . inv0 x = true + axiom inv0 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) . inv0 x = true use prelude.IntSize use C06KnightsTour_Point_Type as C06KnightsTour_Point_Type use C06KnightsTour_Board_Type as C06KnightsTour_Board_Type @@ -1667,23 +1668,23 @@ module C06KnightsTour_Impl1_Set goto BB0 } BB0 { - _12 <- Borrow.borrow_mut (C06KnightsTour_Board_Type.board_field ( * self)); - self <- { self with current = (let C06KnightsTour_Board_Type.C_Board x0 x1 = * self in C06KnightsTour_Board_Type.C_Board x0 ( ^ _12)) }; - _11 <- ([#"../06_knights_tour.rs" 88 8 88 32] index_mut0 _12 ([#"../06_knights_tour.rs" 88 19 88 31] UIntSize.of_int (IntSize.to_int (C06KnightsTour_Point_Type.point_x p)))); + [#"../06_knights_tour.rs" 88 8 88 18] _12 <- Borrow.borrow_mut (C06KnightsTour_Board_Type.board_field ( * self)); + [#"../06_knights_tour.rs" 88 8 88 18] self <- { self with current = (let C06KnightsTour_Board_Type.C_Board x0 x1 = * self in C06KnightsTour_Board_Type.C_Board x0 ( ^ _12)) }; + [#"../06_knights_tour.rs" 88 8 88 32] _11 <- ([#"../06_knights_tour.rs" 88 8 88 32] index_mut0 _12 ([#"../06_knights_tour.rs" 88 19 88 31] UIntSize.of_int (IntSize.to_int ([#"../06_knights_tour.rs" 88 19 88 22] C06KnightsTour_Point_Type.point_x p)))); _12 <- any borrowed (Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)); goto BB1 } BB1 { - _10 <- Borrow.borrow_mut ( * _11); - _11 <- { _11 with current = ^ _10 }; - _9 <- ([#"../06_knights_tour.rs" 88 8 88 46] index_mut1 _10 ([#"../06_knights_tour.rs" 88 33 88 45] UIntSize.of_int (IntSize.to_int (C06KnightsTour_Point_Type.point_y p)))); + [#"../06_knights_tour.rs" 88 8 88 32] _10 <- Borrow.borrow_mut ( * _11); + [#"../06_knights_tour.rs" 88 8 88 32] _11 <- { _11 with current = ^ _10 }; + [#"../06_knights_tour.rs" 88 8 88 46] _9 <- ([#"../06_knights_tour.rs" 88 8 88 46] index_mut1 _10 ([#"../06_knights_tour.rs" 88 33 88 45] UIntSize.of_int (IntSize.to_int ([#"../06_knights_tour.rs" 88 33 88 36] C06KnightsTour_Point_Type.point_y p)))); _10 <- any borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)); goto BB2 } BB2 { - _9 <- { _9 with current = v }; + [#"../06_knights_tour.rs" 88 8 88 50] _9 <- { _9 with current = ([#"../06_knights_tour.rs" 88 49 88 50] v) }; assume { resolve0 _9 }; - _0 <- ([#"../06_knights_tour.rs" 88 8 88 50] ()); + [#"../06_knights_tour.rs" 88 8 88 50] _0 <- ([#"../06_knights_tour.rs" 88 8 88 50] ()); assume { resolve1 _11 }; assume { resolve2 self }; return _0 @@ -1712,7 +1713,7 @@ module C06KnightsTour_Min val inv7 (_x : slice (usize, C06KnightsTour_Point_Type.t_point)) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : slice (usize, C06KnightsTour_Point_Type.t_point) . inv7 x = true + axiom inv7 : forall x : slice (usize, C06KnightsTour_Point_Type.t_point) . inv7 x = true use seq.Seq predicate invariant6 (self : Seq.seq (usize, C06KnightsTour_Point_Type.t_point)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1723,7 +1724,7 @@ module C06KnightsTour_Min val inv6 (_x : Seq.seq (usize, C06KnightsTour_Point_Type.t_point)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Seq.seq (usize, C06KnightsTour_Point_Type.t_point) . inv6 x = true + axiom inv6 : forall x : Seq.seq (usize, C06KnightsTour_Point_Type.t_point) . inv6 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int @@ -1750,7 +1751,7 @@ module C06KnightsTour_Min val invariant5 (self : Alloc_Vec_Vec_Type.t_vec (usize, C06KnightsTour_Point_Type.t_point) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant5 self } - axiom inv5 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (usize, C06KnightsTour_Point_Type.t_point) (Alloc_Alloc_Global_Type.t_global) . inv5 x = true + axiom inv5 : forall x : Alloc_Vec_Vec_Type.t_vec (usize, C06KnightsTour_Point_Type.t_point) (Alloc_Alloc_Global_Type.t_global) . inv5 x = true predicate invariant4 (self : slice (usize, C06KnightsTour_Point_Type.t_point)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant4 (self : slice (usize, C06KnightsTour_Point_Type.t_point)) : bool @@ -1760,7 +1761,7 @@ module C06KnightsTour_Min val inv4 (_x : slice (usize, C06KnightsTour_Point_Type.t_point)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : slice (usize, C06KnightsTour_Point_Type.t_point) . inv4 x = true + axiom inv4 : forall x : slice (usize, C06KnightsTour_Point_Type.t_point) . inv4 x = true predicate invariant3 (self : Seq.seq (usize, C06KnightsTour_Point_Type.t_point)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : Seq.seq (usize, C06KnightsTour_Point_Type.t_point)) : bool @@ -1770,7 +1771,7 @@ module C06KnightsTour_Min val inv3 (_x : Seq.seq (usize, C06KnightsTour_Point_Type.t_point)) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Seq.seq (usize, C06KnightsTour_Point_Type.t_point) . inv3 x = true + axiom inv3 : forall x : Seq.seq (usize, C06KnightsTour_Point_Type.t_point) . inv3 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant2 (self : Core_Option_Option_Type.t_option (usize, C06KnightsTour_Point_Type.t_point)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -1781,7 +1782,7 @@ module C06KnightsTour_Min val inv2 (_x : Core_Option_Option_Type.t_option (usize, C06KnightsTour_Point_Type.t_point)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (usize, C06KnightsTour_Point_Type.t_point) . inv2 x = true + axiom inv2 : forall x : Core_Option_Option_Type.t_option (usize, C06KnightsTour_Point_Type.t_point) . inv2 x = true predicate invariant1 (self : Alloc_Vec_Vec_Type.t_vec (usize, C06KnightsTour_Point_Type.t_point) (Alloc_Alloc_Global_Type.t_global)) = @@ -1794,7 +1795,7 @@ module C06KnightsTour_Min val inv1 (_x : Alloc_Vec_Vec_Type.t_vec (usize, C06KnightsTour_Point_Type.t_point) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (usize, C06KnightsTour_Point_Type.t_point) (Alloc_Alloc_Global_Type.t_global) . inv1 x = true + axiom inv1 : forall x : Alloc_Vec_Vec_Type.t_vec (usize, C06KnightsTour_Point_Type.t_point) (Alloc_Alloc_Global_Type.t_global) . inv1 x = true use prelude.Borrow use Core_Slice_Iter_Iter_Type as Core_Slice_Iter_Iter_Type use seq.Seq @@ -1870,7 +1871,7 @@ module C06KnightsTour_Min val inv0 (_x : Core_Slice_Iter_Iter_Type.t_iter (usize, C06KnightsTour_Point_Type.t_point)) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Core_Slice_Iter_Iter_Type.t_iter (usize, C06KnightsTour_Point_Type.t_point) . inv0 x = true + axiom inv0 : forall x : Core_Slice_Iter_Iter_Type.t_iter (usize, C06KnightsTour_Point_Type.t_point) . inv0 x = true use prelude.Ghost use seq.Seq predicate resolve0 (self : borrowed (Core_Slice_Iter_Iter_Type.t_iter (usize, C06KnightsTour_Point_Type.t_point))) = @@ -1957,16 +1958,16 @@ module C06KnightsTour_Min goto BB0 } BB0 { - min <- ([#"../06_knights_tour.rs" 112 18 112 22] Core_Option_Option_Type.C_None); - iter <- ([#"../06_knights_tour.rs" 113 4 114 74] into_iter0 v); + [#"../06_knights_tour.rs" 112 18 112 22] min <- ([#"../06_knights_tour.rs" 112 18 112 22] Core_Option_Option_Type.C_None); + [#"../06_knights_tour.rs" 113 4 114 74] iter <- ([#"../06_knights_tour.rs" 113 4 114 74] into_iter0 ([#"../06_knights_tour.rs" 115 13 115 14] v)); goto BB1 } BB1 { - iter_old <- ([#"../06_knights_tour.rs" 113 4 114 74] Ghost.new iter); + [#"../06_knights_tour.rs" 113 4 114 74] iter_old <- ([#"../06_knights_tour.rs" 113 4 114 74] Ghost.new iter); goto BB2 } BB2 { - produced <- ([#"../06_knights_tour.rs" 113 4 114 74] Ghost.new (Seq.empty )); + [#"../06_knights_tour.rs" 113 4 114 74] produced <- ([#"../06_knights_tour.rs" 113 4 114 74] Ghost.new (Seq.empty )); goto BB3 } BB3 { @@ -1979,11 +1980,11 @@ module C06KnightsTour_Min goto BB5 } BB5 { - _17 <- Borrow.borrow_mut iter; - iter <- ^ _17; - _16 <- Borrow.borrow_mut ( * _17); - _17 <- { _17 with current = ^ _16 }; - _15 <- ([#"../06_knights_tour.rs" 113 4 114 74] next0 _16); + [#"../06_knights_tour.rs" 113 4 114 74] _17 <- Borrow.borrow_mut iter; + [#"../06_knights_tour.rs" 113 4 114 74] iter <- ^ _17; + [#"../06_knights_tour.rs" 113 4 114 74] _16 <- Borrow.borrow_mut ( * _17); + [#"../06_knights_tour.rs" 113 4 114 74] _17 <- { _17 with current = ^ _16 }; + [#"../06_knights_tour.rs" 113 4 114 74] _15 <- ([#"../06_knights_tour.rs" 113 4 114 74] next0 _16); _16 <- any borrowed (Core_Slice_Iter_Iter_Type.t_iter (usize, C06KnightsTour_Point_Type.t_point)); goto BB6 } @@ -1995,24 +1996,25 @@ module C06KnightsTour_Min end } BB7 { - _0 <- min; + [#"../06_knights_tour.rs" 125 4 125 7] _0 <- ([#"../06_knights_tour.rs" 125 4 125 7] min); return _0 } BB8 { goto BB10 } BB9 { + assert { [#"../06_knights_tour.rs" 113 4 114 74] false }; absurd } BB10 { - __creusot_proc_iter_elem <- Core_Option_Option_Type.some_0 _15; - _20 <- ([#"../06_knights_tour.rs" 113 4 114 74] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _15); + [#"../06_knights_tour.rs" 113 4 114 74] _20 <- ([#"../06_knights_tour.rs" 113 4 114 74] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); goto BB11 } BB11 { - produced <- _20; - _20 <- any Ghost.ghost_ty (Seq.seq (usize, C06KnightsTour_Point_Type.t_point)); - x <- __creusot_proc_iter_elem; + [#"../06_knights_tour.rs" 113 4 114 74] produced <- ([#"../06_knights_tour.rs" 113 4 114 74] _20); + [#"../06_knights_tour.rs" 113 4 114 74] _20 <- any Ghost.ghost_ty (Seq.seq (usize, C06KnightsTour_Point_Type.t_point)); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] x <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem); switch (min) | Core_Option_Option_Type.C_None -> goto BB12 | Core_Option_Option_Type.C_Some _ -> goto BB13 @@ -2022,24 +2024,24 @@ module C06KnightsTour_Min goto BB14 } BB13 { - m <- Core_Option_Option_Type.some_0 min; - switch ([#"../06_knights_tour.rs" 119 19 119 28] (let (a, _) = x in a) < (let (a, _) = m in a)) + [#"../06_knights_tour.rs" 118 17 118 18] m <- ([#"../06_knights_tour.rs" 118 17 118 18] Core_Option_Option_Type.some_0 min); + switch ([#"../06_knights_tour.rs" 119 19 119 28] ([#"../06_knights_tour.rs" 119 19 119 22] let (a, _) = x in a) < ([#"../06_knights_tour.rs" 119 25 119 28] let (a, _) = m in a)) | False -> goto BB16 | True -> goto BB15 end } BB14 { - min <- ([#"../06_knights_tour.rs" 117 26 117 33] Core_Option_Option_Type.C_Some ([#"../06_knights_tour.rs" 117 31 117 32] x)); - _23 <- ([#"../06_knights_tour.rs" 117 20 117 33] ()); + [#"../06_knights_tour.rs" 117 20 117 33] min <- ([#"../06_knights_tour.rs" 117 26 117 33] Core_Option_Option_Type.C_Some ([#"../06_knights_tour.rs" 117 31 117 32] x)); + [#"../06_knights_tour.rs" 117 20 117 33] _23 <- ([#"../06_knights_tour.rs" 117 20 117 33] ()); goto BB18 } BB15 { - min <- ([#"../06_knights_tour.rs" 120 26 120 33] Core_Option_Option_Type.C_Some ([#"../06_knights_tour.rs" 120 31 120 32] x)); - _23 <- ([#"../06_knights_tour.rs" 120 20 120 33] ()); + [#"../06_knights_tour.rs" 120 20 120 33] min <- ([#"../06_knights_tour.rs" 120 26 120 33] Core_Option_Option_Type.C_Some ([#"../06_knights_tour.rs" 120 31 120 32] x)); + [#"../06_knights_tour.rs" 120 20 120 33] _23 <- ([#"../06_knights_tour.rs" 120 20 120 33] ()); goto BB17 } BB16 { - _23 <- ([#"../06_knights_tour.rs" 121 17 121 17] ()); + [#"../06_knights_tour.rs" 121 17 121 17] _23 <- ([#"../06_knights_tour.rs" 121 17 121 17] ()); goto BB17 } BB17 { @@ -2079,7 +2081,7 @@ module C06KnightsTour_KnightsTour val inv15 (_x : Seq.seq (isize, isize)) : bool ensures { result = inv15 _x } - axiom inv15 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Seq.seq (isize, isize) . inv15 x = true + axiom inv15 : forall x : Seq.seq (isize, isize) . inv15 x = true use prelude.UIntSize predicate inv11 (_x : Seq.seq usize) val inv11 (_x : Seq.seq usize) : bool @@ -2107,7 +2109,7 @@ module C06KnightsTour_KnightsTour val invariant14 (self : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant14 self } - axiom inv14 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv14 x = true + axiom inv14 : forall x : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global) . inv14 x = true predicate invariant13 (self : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant13 (self : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool @@ -2117,7 +2119,7 @@ module C06KnightsTour_KnightsTour val inv13 (_x : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv13 _x } - axiom inv13 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv13 x = true + axiom inv13 : forall x : Seq.seq (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) . inv13 x = true use seq.Seq predicate inv12 (_x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) @@ -2138,13 +2140,13 @@ module C06KnightsTour_KnightsTour val invariant12 (self : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant12 self } - axiom inv12 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global) . inv12 x = true + axiom inv12 : forall x : Alloc_Vec_Vec_Type.t_vec (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)) (Alloc_Alloc_Global_Type.t_global) . inv12 x = true predicate invariant11 (self : Seq.seq usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant11 (self : Seq.seq usize) : bool ensures { result = invariant11 self } - axiom inv11 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Seq.seq usize . inv11 x = true + axiom inv11 : forall x : Seq.seq usize . inv11 x = true use C06KnightsTour_Point_Type as C06KnightsTour_Point_Type predicate invariant10 (self : (usize, C06KnightsTour_Point_Type.t_point)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -2155,7 +2157,7 @@ module C06KnightsTour_KnightsTour val inv10 (_x : (usize, C06KnightsTour_Point_Type.t_point)) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : (usize, C06KnightsTour_Point_Type.t_point) . inv10 x = true + axiom inv10 : forall x : (usize, C06KnightsTour_Point_Type.t_point) . inv10 x = true use prelude.Borrow predicate invariant9 (self : borrowed (Alloc_Vec_Vec_Type.t_vec (usize, C06KnightsTour_Point_Type.t_point) (Alloc_Alloc_Global_Type.t_global))) @@ -2169,7 +2171,7 @@ module C06KnightsTour_KnightsTour val inv9 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec (usize, C06KnightsTour_Point_Type.t_point) (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv9 _x } - axiom inv9 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec (usize, C06KnightsTour_Point_Type.t_point) (Alloc_Alloc_Global_Type.t_global)) . inv9 x = true + axiom inv9 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec (usize, C06KnightsTour_Point_Type.t_point) (Alloc_Alloc_Global_Type.t_global)) . inv9 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant8 (self : Core_Option_Option_Type.t_option (isize, isize)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -2180,7 +2182,7 @@ module C06KnightsTour_KnightsTour val inv8 (_x : Core_Option_Option_Type.t_option (isize, isize)) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option (isize, isize) . inv8 x = true + axiom inv8 : forall x : Core_Option_Option_Type.t_option (isize, isize) . inv8 x = true use Alloc_Vec_IntoIter_IntoIter_Type as Alloc_Vec_IntoIter_IntoIter_Type predicate invariant7 (self : borrowed (Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter (isize, isize) (Alloc_Alloc_Global_Type.t_global))) @@ -2194,7 +2196,7 @@ module C06KnightsTour_KnightsTour val inv7 (_x : borrowed (Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter (isize, isize) (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter (isize, isize) (Alloc_Alloc_Global_Type.t_global)) . inv7 x = true + axiom inv7 : forall x : borrowed (Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter (isize, isize) (Alloc_Alloc_Global_Type.t_global)) . inv7 x = true predicate invariant6 (self : Seq.seq (usize, C06KnightsTour_Point_Type.t_point)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant6 (self : Seq.seq (usize, C06KnightsTour_Point_Type.t_point)) : bool @@ -2204,7 +2206,7 @@ module C06KnightsTour_KnightsTour val inv6 (_x : Seq.seq (usize, C06KnightsTour_Point_Type.t_point)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Seq.seq (usize, C06KnightsTour_Point_Type.t_point) . inv6 x = true + axiom inv6 : forall x : Seq.seq (usize, C06KnightsTour_Point_Type.t_point) . inv6 x = true use seq.Seq predicate inv5 (_x : Alloc_Vec_Vec_Type.t_vec (isize, isize) (Alloc_Alloc_Global_Type.t_global)) val inv5 (_x : Alloc_Vec_Vec_Type.t_vec (isize, isize) (Alloc_Alloc_Global_Type.t_global)) : bool @@ -2222,7 +2224,7 @@ module C06KnightsTour_KnightsTour val invariant5 (self : Alloc_Vec_Vec_Type.t_vec (isize, isize) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant5 self } - axiom inv5 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (isize, isize) (Alloc_Alloc_Global_Type.t_global) . inv5 x = true + axiom inv5 : forall x : Alloc_Vec_Vec_Type.t_vec (isize, isize) (Alloc_Alloc_Global_Type.t_global) . inv5 x = true use seq.Seq predicate inv4 (_x : Alloc_Vec_Vec_Type.t_vec (usize, C06KnightsTour_Point_Type.t_point) (Alloc_Alloc_Global_Type.t_global)) @@ -2243,7 +2245,7 @@ module C06KnightsTour_KnightsTour val invariant4 (self : Alloc_Vec_Vec_Type.t_vec (usize, C06KnightsTour_Point_Type.t_point) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant4 self } - axiom inv4 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec (usize, C06KnightsTour_Point_Type.t_point) (Alloc_Alloc_Global_Type.t_global) . inv4 x = true + axiom inv4 : forall x : Alloc_Vec_Vec_Type.t_vec (usize, C06KnightsTour_Point_Type.t_point) (Alloc_Alloc_Global_Type.t_global) . inv4 x = true predicate invariant3 (self : Core_Option_Option_Type.t_option usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : Core_Option_Option_Type.t_option usize) : bool @@ -2253,7 +2255,7 @@ module C06KnightsTour_KnightsTour val inv3 (_x : Core_Option_Option_Type.t_option usize) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option usize . inv3 x = true + axiom inv3 : forall x : Core_Option_Option_Type.t_option usize . inv3 x = true use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type predicate invariant2 (self : borrowed (Core_Ops_Range_Range_Type.t_range usize)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -2264,7 +2266,7 @@ module C06KnightsTour_KnightsTour val inv2 (_x : borrowed (Core_Ops_Range_Range_Type.t_range usize)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv2 x = true + axiom inv2 : forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv2 x = true use seq.Seq predicate inv1 (_x : Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter (isize, isize) (Alloc_Alloc_Global_Type.t_global)) val inv1 (_x : Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter (isize, isize) (Alloc_Alloc_Global_Type.t_global)) : bool @@ -2314,7 +2316,7 @@ module C06KnightsTour_KnightsTour val invariant1 (self : Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter (isize, isize) (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter (isize, isize) (Alloc_Alloc_Global_Type.t_global) . inv1 x = true + axiom inv1 : forall x : Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter (isize, isize) (Alloc_Alloc_Global_Type.t_global) . inv1 x = true use seq.Seq predicate inv0 (_x : Core_Ops_Range_Range_Type.t_range usize) val inv0 (_x : Core_Ops_Range_Range_Type.t_range usize) : bool @@ -2359,7 +2361,7 @@ module C06KnightsTour_KnightsTour val invariant0 (self : Core_Ops_Range_Range_Type.t_range usize) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : Core_Ops_Range_Range_Type.t_range usize . inv0 x = true + axiom inv0 : forall x : Core_Ops_Range_Range_Type.t_range usize . inv0 x = true use prelude.Ghost use C06KnightsTour_Board_Type as C06KnightsTour_Board_Type predicate resolve8 (self : C06KnightsTour_Point_Type.t_point) = @@ -2648,31 +2650,31 @@ module C06KnightsTour_KnightsTour goto BB0 } BB0 { - board <- ([#"../06_knights_tour.rs" 137 20 137 36] new0 size); + [#"../06_knights_tour.rs" 137 20 137 36] board <- ([#"../06_knights_tour.rs" 137 20 137 36] new0 ([#"../06_knights_tour.rs" 137 31 137 35] size)); goto BB1 } BB1 { - p <- ([#"../06_knights_tour.rs" 138 16 138 54] C06KnightsTour_Point_Type.C_Point ([#"../06_knights_tour.rs" 138 27 138 37] IntSize.of_int (UIntSize.to_int x)) ([#"../06_knights_tour.rs" 138 42 138 52] IntSize.of_int (UIntSize.to_int y))); - _15 <- Borrow.borrow_mut board; - board <- ^ _15; - _14 <- ([#"../06_knights_tour.rs" 139 4 139 19] set0 _15 p ([#"../06_knights_tour.rs" 139 17 139 18] [#"../06_knights_tour.rs" 139 17 139 18] (1 : usize))); + [#"../06_knights_tour.rs" 138 16 138 54] p <- ([#"../06_knights_tour.rs" 138 16 138 54] C06KnightsTour_Point_Type.C_Point ([#"../06_knights_tour.rs" 138 27 138 37] IntSize.of_int (UIntSize.to_int ([#"../06_knights_tour.rs" 138 27 138 28] x))) ([#"../06_knights_tour.rs" 138 42 138 52] IntSize.of_int (UIntSize.to_int ([#"../06_knights_tour.rs" 138 42 138 43] y)))); + [#"../06_knights_tour.rs" 139 4 139 19] _15 <- Borrow.borrow_mut board; + [#"../06_knights_tour.rs" 139 4 139 19] board <- ^ _15; + [#"../06_knights_tour.rs" 139 4 139 19] _14 <- ([#"../06_knights_tour.rs" 139 4 139 19] set0 _15 ([#"../06_knights_tour.rs" 139 14 139 15] p) ([#"../06_knights_tour.rs" 139 17 139 18] [#"../06_knights_tour.rs" 139 17 139 18] (1 : usize))); _15 <- any borrowed (C06KnightsTour_Board_Type.t_board); goto BB2 } BB2 { - _17 <- ([#"../06_knights_tour.rs" 141 4 141 38] Ghost.new (dumb_nonlinear_arith0 size)); + [#"../06_knights_tour.rs" 141 4 141 38] _17 <- ([#"../06_knights_tour.rs" 141 4 141 38] Ghost.new (dumb_nonlinear_arith0 size)); goto BB3 } BB3 { - iter <- ([#"../06_knights_tour.rs" 142 4 142 36] into_iter0 ([#"../06_knights_tour.rs" 145 16 145 32] Core_Ops_Range_Range_Type.C_Range ([#"../06_knights_tour.rs" 145 16 145 17] [#"../06_knights_tour.rs" 145 16 145 17] (2 : usize)) ([#"../06_knights_tour.rs" 145 19 145 32] size * size))); + [#"../06_knights_tour.rs" 142 4 142 36] iter <- ([#"../06_knights_tour.rs" 142 4 142 36] into_iter0 ([#"../06_knights_tour.rs" 145 16 145 32] Core_Ops_Range_Range_Type.C_Range ([#"../06_knights_tour.rs" 145 16 145 17] [#"../06_knights_tour.rs" 145 16 145 17] (2 : usize)) ([#"../06_knights_tour.rs" 145 19 145 32] ([#"../06_knights_tour.rs" 145 20 145 24] size) * ([#"../06_knights_tour.rs" 145 27 145 31] size)))); goto BB4 } BB4 { - iter_old <- ([#"../06_knights_tour.rs" 142 4 142 36] Ghost.new iter); + [#"../06_knights_tour.rs" 142 4 142 36] iter_old <- ([#"../06_knights_tour.rs" 142 4 142 36] Ghost.new iter); goto BB5 } BB5 { - produced <- ([#"../06_knights_tour.rs" 142 4 142 36] Ghost.new (Seq.empty )); + [#"../06_knights_tour.rs" 142 4 142 36] produced <- ([#"../06_knights_tour.rs" 142 4 142 36] Ghost.new (Seq.empty )); goto BB6 } BB6 { @@ -2693,11 +2695,11 @@ module C06KnightsTour_KnightsTour goto BB10 } BB10 { - _37 <- Borrow.borrow_mut iter; - iter <- ^ _37; - _36 <- Borrow.borrow_mut ( * _37); - _37 <- { _37 with current = ^ _36 }; - _35 <- ([#"../06_knights_tour.rs" 142 4 142 36] next0 _36); + [#"../06_knights_tour.rs" 142 4 142 36] _37 <- Borrow.borrow_mut iter; + [#"../06_knights_tour.rs" 142 4 142 36] iter <- ^ _37; + [#"../06_knights_tour.rs" 142 4 142 36] _36 <- Borrow.borrow_mut ( * _37); + [#"../06_knights_tour.rs" 142 4 142 36] _37 <- { _37 with current = ^ _36 }; + [#"../06_knights_tour.rs" 142 4 142 36] _35 <- ([#"../06_knights_tour.rs" 142 4 142 36] next0 _36); _36 <- any borrowed (Core_Ops_Range_Range_Type.t_range usize); goto BB11 } @@ -2709,43 +2711,44 @@ module C06KnightsTour_KnightsTour end } BB12 { - _0 <- ([#"../06_knights_tour.rs" 163 4 163 15] Core_Option_Option_Type.C_Some board); - board <- any C06KnightsTour_Board_Type.t_board; + [#"../06_knights_tour.rs" 163 4 163 15] _0 <- ([#"../06_knights_tour.rs" 163 4 163 15] Core_Option_Option_Type.C_Some ([#"../06_knights_tour.rs" 163 9 163 14] board)); + [#"../06_knights_tour.rs" 163 9 163 14] board <- any C06KnightsTour_Board_Type.t_board; goto BB46 } BB13 { goto BB15 } BB14 { + assert { [#"../06_knights_tour.rs" 142 4 142 36] false }; absurd } BB15 { - __creusot_proc_iter_elem <- Core_Option_Option_Type.some_0 _35; - _40 <- ([#"../06_knights_tour.rs" 142 4 142 36] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _35); + [#"../06_knights_tour.rs" 142 4 142 36] _40 <- ([#"../06_knights_tour.rs" 142 4 142 36] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); goto BB16 } BB16 { - produced <- _40; - _40 <- any Ghost.ghost_ty (Seq.seq usize); - step <- __creusot_proc_iter_elem; - candidates <- ([#"../06_knights_tour.rs" 147 50 147 60] new4 ()); + [#"../06_knights_tour.rs" 142 4 142 36] produced <- ([#"../06_knights_tour.rs" 142 4 142 36] _40); + [#"../06_knights_tour.rs" 142 4 142 36] _40 <- any Ghost.ghost_ty (Seq.seq usize); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] step <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem); + [#"../06_knights_tour.rs" 147 50 147 60] candidates <- ([#"../06_knights_tour.rs" 147 50 147 60] new4 ()); goto BB17 } BB17 { - _46 <- ([#"../06_knights_tour.rs" 150 17 150 24] moves0 ()); + [#"../06_knights_tour.rs" 150 17 150 24] _46 <- ([#"../06_knights_tour.rs" 150 17 150 24] moves0 ()); goto BB18 } BB18 { - iter1 <- ([#"../06_knights_tour.rs" 148 8 149 54] into_iter1 _46); + [#"../06_knights_tour.rs" 148 8 149 54] iter1 <- ([#"../06_knights_tour.rs" 148 8 149 54] into_iter1 _46); _46 <- any Alloc_Vec_Vec_Type.t_vec (isize, isize) (Alloc_Alloc_Global_Type.t_global); goto BB19 } BB19 { - iter_old1 <- ([#"../06_knights_tour.rs" 148 8 149 54] Ghost.new iter1); + [#"../06_knights_tour.rs" 148 8 149 54] iter_old1 <- ([#"../06_knights_tour.rs" 148 8 149 54] Ghost.new iter1); goto BB20 } BB20 { - produced1 <- ([#"../06_knights_tour.rs" 148 8 149 54] Ghost.new (Seq.empty )); + [#"../06_knights_tour.rs" 148 8 149 54] produced1 <- ([#"../06_knights_tour.rs" 148 8 149 54] Ghost.new (Seq.empty )); goto BB21 } BB21 { @@ -2767,11 +2770,11 @@ module C06KnightsTour_KnightsTour goto BB26 } BB26 { - _56 <- Borrow.borrow_mut iter1; - iter1 <- ^ _56; - _55 <- Borrow.borrow_mut ( * _56); - _56 <- { _56 with current = ^ _55 }; - _54 <- ([#"../06_knights_tour.rs" 148 8 149 54] next1 _55); + [#"../06_knights_tour.rs" 148 8 149 54] _56 <- Borrow.borrow_mut iter1; + [#"../06_knights_tour.rs" 148 8 149 54] iter1 <- ^ _56; + [#"../06_knights_tour.rs" 148 8 149 54] _55 <- Borrow.borrow_mut ( * _56); + [#"../06_knights_tour.rs" 148 8 149 54] _56 <- { _56 with current = ^ _55 }; + [#"../06_knights_tour.rs" 148 8 149 54] _54 <- ([#"../06_knights_tour.rs" 148 8 149 54] next1 _55); _55 <- any borrowed (Alloc_Vec_IntoIter_IntoIter_Type.t_intoiter (isize, isize) (Alloc_Alloc_Global_Type.t_global)); goto BB27 } @@ -2790,22 +2793,22 @@ module C06KnightsTour_KnightsTour goto BB30 } BB30 { - __creusot_proc_iter_elem1 <- Core_Option_Option_Type.some_0 _54; - _59 <- ([#"../06_knights_tour.rs" 148 8 149 54] Ghost.new (Seq.(++) (Ghost.inner produced1) (Seq.singleton __creusot_proc_iter_elem1))); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem1 <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _54); + [#"../06_knights_tour.rs" 148 8 149 54] _59 <- ([#"../06_knights_tour.rs" 148 8 149 54] Ghost.new (Seq.(++) (Ghost.inner produced1) (Seq.singleton __creusot_proc_iter_elem1))); goto BB31 } BB31 { - produced1 <- _59; - _59 <- any Ghost.ghost_ty (Seq.seq (isize, isize)); - m <- __creusot_proc_iter_elem1; + [#"../06_knights_tour.rs" 148 8 149 54] produced1 <- ([#"../06_knights_tour.rs" 148 8 149 54] _59); + [#"../06_knights_tour.rs" 148 8 149 54] _59 <- any Ghost.ghost_ty (Seq.seq (isize, isize)); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] m <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem1); assume { resolve2 __creusot_proc_iter_elem1 }; - _65 <- ([#"../06_knights_tour.rs" 151 28 151 30] m); - adj <- ([#"../06_knights_tour.rs" 151 22 151 31] mov0 ([#"../06_knights_tour.rs" 151 22 151 31] p) ([#"../06_knights_tour.rs" 151 28 151 30] _65)); + [#"../06_knights_tour.rs" 151 28 151 30] _65 <- ([#"../06_knights_tour.rs" 151 28 151 30] m); + [#"../06_knights_tour.rs" 151 22 151 31] adj <- ([#"../06_knights_tour.rs" 151 22 151 31] mov0 ([#"../06_knights_tour.rs" 151 22 151 31] p) ([#"../06_knights_tour.rs" 151 28 151 30] _65)); goto BB32 } BB32 { assume { resolve2 m }; - _66 <- ([#"../06_knights_tour.rs" 152 15 152 35] available0 ([#"../06_knights_tour.rs" 152 15 152 35] board) adj); + [#"../06_knights_tour.rs" 152 15 152 35] _66 <- ([#"../06_knights_tour.rs" 152 15 152 35] available0 ([#"../06_knights_tour.rs" 152 15 152 35] board) ([#"../06_knights_tour.rs" 152 31 152 34] adj)); goto BB33 } BB33 { @@ -2815,30 +2818,30 @@ module C06KnightsTour_KnightsTour end } BB34 { - degree <- ([#"../06_knights_tour.rs" 153 29 153 52] count_degree0 ([#"../06_knights_tour.rs" 153 29 153 52] board) adj); + [#"../06_knights_tour.rs" 153 29 153 52] degree <- ([#"../06_knights_tour.rs" 153 29 153 52] count_degree0 ([#"../06_knights_tour.rs" 153 29 153 52] board) ([#"../06_knights_tour.rs" 153 48 153 51] adj)); goto BB35 } BB35 { - _73 <- Borrow.borrow_mut candidates; - candidates <- ^ _73; - _72 <- ([#"../06_knights_tour.rs" 154 16 154 46] push0 _73 ([#"../06_knights_tour.rs" 154 32 154 45] (degree, adj))); + [#"../06_knights_tour.rs" 154 16 154 46] _73 <- Borrow.borrow_mut candidates; + [#"../06_knights_tour.rs" 154 16 154 46] candidates <- ^ _73; + [#"../06_knights_tour.rs" 154 16 154 46] _72 <- ([#"../06_knights_tour.rs" 154 16 154 46] push0 _73 ([#"../06_knights_tour.rs" 154 32 154 45] (([#"../06_knights_tour.rs" 154 33 154 39] degree), ([#"../06_knights_tour.rs" 154 41 154 44] adj)))); _73 <- any borrowed (Alloc_Vec_Vec_Type.t_vec (usize, C06KnightsTour_Point_Type.t_point) (Alloc_Alloc_Global_Type.t_global)); goto BB36 } BB36 { - _34 <- ([#"../06_knights_tour.rs" 152 36 155 13] ()); + [#"../06_knights_tour.rs" 152 36 155 13] _34 <- ([#"../06_knights_tour.rs" 152 36 155 13] ()); goto BB38 } BB37 { - _34 <- ([#"../06_knights_tour.rs" 155 13 155 13] ()); + [#"../06_knights_tour.rs" 155 13 155 13] _34 <- ([#"../06_knights_tour.rs" 155 13 155 13] ()); goto BB38 } BB38 { goto BB25 } BB39 { - _81 <- ([#"../06_knights_tour.rs" 157 18 157 29] candidates); - _79 <- ([#"../06_knights_tour.rs" 157 14 157 30] min0 ([#"../06_knights_tour.rs" 157 18 157 29] _81)); + [#"../06_knights_tour.rs" 157 18 157 29] _81 <- ([#"../06_knights_tour.rs" 157 18 157 29] candidates); + [#"../06_knights_tour.rs" 157 14 157 30] _79 <- ([#"../06_knights_tour.rs" 157 14 157 30] min0 ([#"../06_knights_tour.rs" 157 18 157 29] _81)); goto BB40 } BB40 { @@ -2848,7 +2851,7 @@ module C06KnightsTour_KnightsTour end } BB41 { - _0 <- ([#"../06_knights_tour.rs" 159 27 159 31] Core_Option_Option_Type.C_None); + [#"../06_knights_tour.rs" 159 27 159 31] _0 <- ([#"../06_knights_tour.rs" 159 27 159 31] Core_Option_Option_Type.C_None); assume { resolve4 candidates }; goto BB48 } @@ -2856,17 +2859,17 @@ module C06KnightsTour_KnightsTour goto BB43 } BB43 { - adj1 <- (let (_, a) = Core_Option_Option_Type.some_0 _79 in a); + [#"../06_knights_tour.rs" 158 22 158 25] adj1 <- ([#"../06_knights_tour.rs" 158 22 158 25] let (_, a) = Core_Option_Option_Type.some_0 _79 in a); assume { resolve4 candidates }; - p <- adj1; - _87 <- Borrow.borrow_mut board; - board <- ^ _87; - _86 <- ([#"../06_knights_tour.rs" 161 8 161 26] set0 _87 p step); + [#"../06_knights_tour.rs" 158 31 158 38] p <- ([#"../06_knights_tour.rs" 158 35 158 38] adj1); + [#"../06_knights_tour.rs" 161 8 161 26] _87 <- Borrow.borrow_mut board; + [#"../06_knights_tour.rs" 161 8 161 26] board <- ^ _87; + [#"../06_knights_tour.rs" 161 8 161 26] _86 <- ([#"../06_knights_tour.rs" 161 8 161 26] set0 _87 ([#"../06_knights_tour.rs" 161 18 161 19] p) ([#"../06_knights_tour.rs" 161 21 161 25] step)); _87 <- any borrowed (C06KnightsTour_Board_Type.t_board); goto BB44 } BB44 { - _34 <- ([#"../06_knights_tour.rs" 145 33 162 5] ()); + [#"../06_knights_tour.rs" 145 33 162 5] _34 <- ([#"../06_knights_tour.rs" 145 33 162 5] ()); goto BB45 } BB45 { @@ -2915,7 +2918,7 @@ module C06KnightsTour_Impl3 val inv1 (_x : C06KnightsTour_Point_Type.t_point) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : C06KnightsTour_Point_Type.t_point . inv1 x = true + axiom inv1 : forall x : C06KnightsTour_Point_Type.t_point . inv1 x = true predicate invariant0 (self : C06KnightsTour_Point_Type.t_point) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant0 (self : C06KnightsTour_Point_Type.t_point) : bool @@ -2925,7 +2928,7 @@ module C06KnightsTour_Impl3 val inv0 (_x : C06KnightsTour_Point_Type.t_point) : bool ensures { result = inv0 _x } - axiom inv0 : [#"../06_knights_tour.rs" 1 0 1 0] forall x : C06KnightsTour_Point_Type.t_point . inv0 x = true + axiom inv0 : forall x : C06KnightsTour_Point_Type.t_point . inv0 x = true use prelude.Borrow goal clone'_refn : [#"../06_knights_tour.rs" 4 15 4 20] forall self : C06KnightsTour_Point_Type.t_point . inv0 self -> (forall result : C06KnightsTour_Point_Type.t_point . result = self -> inv1 result /\ result = self) end diff --git a/creusot/tests/should_succeed/vector/07_read_write.mlcfg b/creusot/tests/should_succeed/vector/07_read_write.mlcfg index 969ca84a4b..2328b99083 100644 --- a/creusot/tests/should_succeed/vector/07_read_write.mlcfg +++ b/creusot/tests/should_succeed/vector/07_read_write.mlcfg @@ -49,7 +49,7 @@ module C07ReadWrite_ReadWrite val inv7 (_x : Seq.seq t) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../07_read_write.rs" 1 0 1 0] forall x : Seq.seq t . inv7 x = true + axiom inv7 : forall x : Seq.seq t . inv7 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type predicate invariant6 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) @@ -60,7 +60,7 @@ module C07ReadWrite_ReadWrite val inv6 (_x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../07_read_write.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv6 x = true + axiom inv6 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv6 x = true use prelude.UIntSize predicate invariant5 (self : usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -71,7 +71,7 @@ module C07ReadWrite_ReadWrite val inv5 (_x : usize) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../07_read_write.rs" 1 0 1 0] forall x : usize . inv5 x = true + axiom inv5 : forall x : usize . inv5 x = true use prelude.Borrow predicate invariant4 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) val invariant4 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool @@ -81,7 +81,7 @@ module C07ReadWrite_ReadWrite val inv4 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../07_read_write.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv4 x = true + axiom inv4 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv4 x = true predicate invariant3 (self : t) val invariant3 (self : t) : bool ensures { result = invariant3 self } @@ -90,7 +90,7 @@ module C07ReadWrite_ReadWrite val inv3 (_x : t) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../07_read_write.rs" 1 0 1 0] forall x : t . inv3 x = true + axiom inv3 : forall x : t . inv3 x = true predicate invariant2 (self : borrowed t) val invariant2 (self : borrowed t) : bool ensures { result = invariant2 self } @@ -99,7 +99,7 @@ module C07ReadWrite_ReadWrite val inv2 (_x : borrowed t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../07_read_write.rs" 1 0 1 0] forall x : borrowed t . inv2 x = true + axiom inv2 : forall x : borrowed t . inv2 x = true predicate invariant1 (self : t) val invariant1 (self : t) : bool ensures { result = invariant1 self } @@ -108,7 +108,7 @@ module C07ReadWrite_ReadWrite val inv1 (_x : t) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../07_read_write.rs" 1 0 1 0] forall x : t . inv1 x = true + axiom inv1 : forall x : t . inv1 x = true use prelude.Int use prelude.UIntSize let constant max0 : usize = [@vc:do_not_keep_trace] [@vc:sp] @@ -129,7 +129,7 @@ module C07ReadWrite_ReadWrite val invariant0 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../07_read_write.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv0 x = true function shallow_model1 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : Seq.seq t = [#"../../../../../creusot-contracts/src/model.rs" 101 8 101 31] shallow_model2 ( * self) @@ -226,26 +226,26 @@ module C07ReadWrite_ReadWrite goto BB0 } BB0 { - _7 <- Borrow.borrow_mut ( * a); - a <- { a with current = ^ _7 }; + [#"../07_read_write.rs" 7 4 7 5] _7 <- Borrow.borrow_mut ( * a); + [#"../07_read_write.rs" 7 4 7 5] a <- { a with current = ^ _7 }; assume { inv0 ( ^ _7) }; - _6 <- ([#"../07_read_write.rs" 7 4 7 8] index_mut0 _7 i); + [#"../07_read_write.rs" 7 4 7 8] _6 <- ([#"../07_read_write.rs" 7 4 7 8] index_mut0 _7 ([#"../07_read_write.rs" 7 6 7 7] i)); _7 <- any borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)); goto BB1 } BB1 { - _6 <- { _6 with current = x }; + [#"../07_read_write.rs" 7 4 7 12] _6 <- { _6 with current = ([#"../07_read_write.rs" 7 11 7 12] x) }; assert { [@expl:type invariant] inv1 ( * _6) }; assume { resolve0 ( * _6) }; assert { [@expl:type invariant] inv2 _6 }; assume { resolve1 _6 }; - _13 <- ([#"../07_read_write.rs" 8 12 8 16] index0 ([#"../07_read_write.rs" 8 12 8 13] * a) i); + [#"../07_read_write.rs" 8 12 8 16] _13 <- ([#"../07_read_write.rs" 8 12 8 16] index0 ([#"../07_read_write.rs" 8 12 8 13] * a) ([#"../07_read_write.rs" 8 14 8 15] i)); goto BB2 } BB2 { assert { [@expl:type invariant] inv3 _13 }; assume { resolve2 _13 }; - _11 <- ([#"../07_read_write.rs" 8 12 8 21] eq0 ([#"../07_read_write.rs" 8 12 8 16] _13) ([#"../07_read_write.rs" 8 20 8 21] x)); + [#"../07_read_write.rs" 8 12 8 21] _11 <- ([#"../07_read_write.rs" 8 12 8 21] eq0 ([#"../07_read_write.rs" 8 12 8 16] _13) ([#"../07_read_write.rs" 8 20 8 21] x)); goto BB3 } BB3 { @@ -259,10 +259,11 @@ module C07ReadWrite_ReadWrite end } BB4 { + assert { [#"../07_read_write.rs" 8 4 8 22] false }; absurd } BB5 { - _0 <- ([#"../07_read_write.rs" 6 76 9 1] ()); + [#"../07_read_write.rs" 6 76 9 1] _0 <- ([#"../07_read_write.rs" 6 76 9 1] ()); return _0 } diff --git a/creusot/tests/should_succeed/vector/07_read_write/why3shapes.gz b/creusot/tests/should_succeed/vector/07_read_write/why3shapes.gz index 7d318db01d..9a8d699ad5 100644 Binary files a/creusot/tests/should_succeed/vector/07_read_write/why3shapes.gz and b/creusot/tests/should_succeed/vector/07_read_write/why3shapes.gz differ diff --git a/creusot/tests/should_succeed/vector/08_haystack.mlcfg b/creusot/tests/should_succeed/vector/08_haystack.mlcfg index 290528ab92..2c584347f7 100644 --- a/creusot/tests/should_succeed/vector/08_haystack.mlcfg +++ b/creusot/tests/should_succeed/vector/08_haystack.mlcfg @@ -86,7 +86,7 @@ module C08Haystack_Search val inv10 (_x : Seq.seq uint8) : bool ensures { result = inv10 _x } - axiom inv10 : [#"../08_haystack.rs" 1 0 1 0] forall x : Seq.seq uint8 . inv10 x = true + axiom inv10 : forall x : Seq.seq uint8 . inv10 x = true use prelude.UIntSize use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -110,7 +110,7 @@ module C08Haystack_Search val invariant9 (self : Alloc_Vec_Vec_Type.t_vec uint8 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant9 self } - axiom inv9 : [#"../08_haystack.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec uint8 (Alloc_Alloc_Global_Type.t_global) . inv9 x = true + axiom inv9 : forall x : Alloc_Vec_Vec_Type.t_vec uint8 (Alloc_Alloc_Global_Type.t_global) . inv9 x = true predicate invariant8 (self : Seq.seq usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant8 (self : Seq.seq usize) : bool @@ -120,7 +120,7 @@ module C08Haystack_Search val inv8 (_x : Seq.seq usize) : bool ensures { result = inv8 _x } - axiom inv8 : [#"../08_haystack.rs" 1 0 1 0] forall x : Seq.seq usize . inv8 x = true + axiom inv8 : forall x : Seq.seq usize . inv8 x = true predicate invariant7 (self : uint8) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant7 (self : uint8) : bool @@ -130,7 +130,7 @@ module C08Haystack_Search val inv7 (_x : uint8) : bool ensures { result = inv7 _x } - axiom inv7 : [#"../08_haystack.rs" 1 0 1 0] forall x : uint8 . inv7 x = true + axiom inv7 : forall x : uint8 . inv7 x = true use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type use prelude.Borrow predicate invariant6 (self : borrowed (Core_Ops_Range_Range_Type.t_range usize)) = @@ -142,7 +142,7 @@ module C08Haystack_Search val inv6 (_x : borrowed (Core_Ops_Range_Range_Type.t_range usize)) : bool ensures { result = inv6 _x } - axiom inv6 : [#"../08_haystack.rs" 1 0 1 0] forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv6 x = true + axiom inv6 : forall x : borrowed (Core_Ops_Range_Range_Type.t_range usize) . inv6 x = true use Core_Option_Option_Type as Core_Option_Option_Type predicate invariant5 (self : Core_Option_Option_Type.t_option usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -153,7 +153,7 @@ module C08Haystack_Search val inv5 (_x : Core_Option_Option_Type.t_option usize) : bool ensures { result = inv5 _x } - axiom inv5 : [#"../08_haystack.rs" 1 0 1 0] forall x : Core_Option_Option_Type.t_option usize . inv5 x = true + axiom inv5 : forall x : Core_Option_Option_Type.t_option usize . inv5 x = true use Core_Ops_Range_RangeInclusive_Type as Core_Ops_Range_RangeInclusive_Type predicate invariant4 (self : borrowed (Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true @@ -164,7 +164,7 @@ module C08Haystack_Search val inv4 (_x : borrowed (Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize)) : bool ensures { result = inv4 _x } - axiom inv4 : [#"../08_haystack.rs" 1 0 1 0] forall x : borrowed (Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize) . inv4 x = true + axiom inv4 : forall x : borrowed (Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize) . inv4 x = true predicate invariant3 (self : usize) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant3 (self : usize) : bool @@ -174,7 +174,7 @@ module C08Haystack_Search val inv3 (_x : usize) : bool ensures { result = inv3 _x } - axiom inv3 : [#"../08_haystack.rs" 1 0 1 0] forall x : usize . inv3 x = true + axiom inv3 : forall x : usize . inv3 x = true predicate invariant2 (self : Alloc_Vec_Vec_Type.t_vec uint8 (Alloc_Alloc_Global_Type.t_global)) = [#"../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12] true val invariant2 (self : Alloc_Vec_Vec_Type.t_vec uint8 (Alloc_Alloc_Global_Type.t_global)) : bool @@ -184,7 +184,7 @@ module C08Haystack_Search val inv2 (_x : Alloc_Vec_Vec_Type.t_vec uint8 (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../08_haystack.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec uint8 (Alloc_Alloc_Global_Type.t_global) . inv2 x = true + axiom inv2 : forall x : Alloc_Vec_Vec_Type.t_vec uint8 (Alloc_Alloc_Global_Type.t_global) . inv2 x = true use seq.Seq predicate inv1 (_x : Core_Ops_Range_Range_Type.t_range usize) val inv1 (_x : Core_Ops_Range_Range_Type.t_range usize) : bool @@ -230,7 +230,7 @@ module C08Haystack_Search val invariant1 (self : Core_Ops_Range_Range_Type.t_range usize) : bool ensures { result = invariant1 self } - axiom inv1 : [#"../08_haystack.rs" 1 0 1 0] forall x : Core_Ops_Range_Range_Type.t_range usize . inv1 x = true + axiom inv1 : forall x : Core_Ops_Range_Range_Type.t_range usize . inv1 x = true predicate inv0 (_x : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize) val inv0 (_x : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize) : bool ensures { result = inv0 _x } @@ -295,7 +295,7 @@ module C08Haystack_Search val invariant0 (self : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../08_haystack.rs" 1 0 1 0] forall x : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize . inv0 x = true + axiom inv0 : forall x : Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize . inv0 x = true use prelude.Ghost use prelude.Slice use seq.Seq @@ -465,30 +465,30 @@ module C08Haystack_Search goto BB0 } BB0 { - _12 <- ([#"../08_haystack.rs" 23 21 23 35] len0 ([#"../08_haystack.rs" 23 21 23 35] haystack)); + [#"../08_haystack.rs" 23 21 23 35] _12 <- ([#"../08_haystack.rs" 23 21 23 35] len0 ([#"../08_haystack.rs" 23 21 23 35] haystack)); goto BB1 } BB1 { - _14 <- ([#"../08_haystack.rs" 23 38 23 50] len0 ([#"../08_haystack.rs" 23 38 23 50] needle)); + [#"../08_haystack.rs" 23 38 23 50] _14 <- ([#"../08_haystack.rs" 23 38 23 50] len0 ([#"../08_haystack.rs" 23 38 23 50] needle)); goto BB2 } BB2 { - _10 <- ([#"../08_haystack.rs" 23 17 23 50] new0 ([#"../08_haystack.rs" 23 17 23 18] [#"../08_haystack.rs" 23 17 23 18] (0 : usize)) ([#"../08_haystack.rs" 23 21 23 50] _12 - _14)); + [#"../08_haystack.rs" 23 17 23 50] _10 <- ([#"../08_haystack.rs" 23 17 23 50] new0 ([#"../08_haystack.rs" 23 17 23 18] [#"../08_haystack.rs" 23 17 23 18] (0 : usize)) ([#"../08_haystack.rs" 23 21 23 50] _12 - _14)); _12 <- any usize; _14 <- any usize; goto BB3 } BB3 { - iter <- ([#"../08_haystack.rs" 22 4 22 112] into_iter0 _10); + [#"../08_haystack.rs" 22 4 22 112] iter <- ([#"../08_haystack.rs" 22 4 22 112] into_iter0 _10); _10 <- any Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize; goto BB4 } BB4 { - iter_old <- ([#"../08_haystack.rs" 22 4 22 112] Ghost.new iter); + [#"../08_haystack.rs" 22 4 22 112] iter_old <- ([#"../08_haystack.rs" 22 4 22 112] Ghost.new iter); goto BB5 } BB5 { - produced <- ([#"../08_haystack.rs" 22 4 22 112] Ghost.new (Seq.empty )); + [#"../08_haystack.rs" 22 4 22 112] produced <- ([#"../08_haystack.rs" 22 4 22 112] Ghost.new (Seq.empty )); goto BB6 } BB6 { @@ -501,11 +501,11 @@ module C08Haystack_Search goto BB8 } BB8 { - _26 <- Borrow.borrow_mut iter; - iter <- ^ _26; - _25 <- Borrow.borrow_mut ( * _26); - _26 <- { _26 with current = ^ _25 }; - _24 <- ([#"../08_haystack.rs" 22 4 22 112] next0 _25); + [#"../08_haystack.rs" 22 4 22 112] _26 <- Borrow.borrow_mut iter; + [#"../08_haystack.rs" 22 4 22 112] iter <- ^ _26; + [#"../08_haystack.rs" 22 4 22 112] _25 <- Borrow.borrow_mut ( * _26); + [#"../08_haystack.rs" 22 4 22 112] _26 <- { _26 with current = ^ _25 }; + [#"../08_haystack.rs" 22 4 22 112] _24 <- ([#"../08_haystack.rs" 22 4 22 112] next0 _25); _25 <- any borrowed (Core_Ops_Range_RangeInclusive_Type.t_rangeinclusive usize); goto BB9 } @@ -517,38 +517,39 @@ module C08Haystack_Search end } BB10 { - _0 <- ([#"../08_haystack.rs" 33 11 33 25] len0 ([#"../08_haystack.rs" 33 11 33 25] haystack)); + [#"../08_haystack.rs" 33 11 33 25] _0 <- ([#"../08_haystack.rs" 33 11 33 25] len0 ([#"../08_haystack.rs" 33 11 33 25] haystack)); goto BB30 } BB11 { goto BB13 } BB12 { + assert { [#"../08_haystack.rs" 22 4 22 112] false }; absurd } BB13 { - __creusot_proc_iter_elem <- Core_Option_Option_Type.some_0 _24; - _29 <- ([#"../08_haystack.rs" 22 4 22 112] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _24); + [#"../08_haystack.rs" 22 4 22 112] _29 <- ([#"../08_haystack.rs" 22 4 22 112] Ghost.new (Seq.(++) (Ghost.inner produced) (Seq.singleton __creusot_proc_iter_elem))); goto BB14 } BB14 { - produced <- _29; - _29 <- any Ghost.ghost_ty (Seq.seq usize); - i <- __creusot_proc_iter_elem; - _36 <- ([#"../08_haystack.rs" 25 20 25 32] len0 ([#"../08_haystack.rs" 25 20 25 32] needle)); + [#"../08_haystack.rs" 22 4 22 112] produced <- ([#"../08_haystack.rs" 22 4 22 112] _29); + [#"../08_haystack.rs" 22 4 22 112] _29 <- any Ghost.ghost_ty (Seq.seq usize); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] i <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem); + [#"../08_haystack.rs" 25 20 25 32] _36 <- ([#"../08_haystack.rs" 25 20 25 32] len0 ([#"../08_haystack.rs" 25 20 25 32] needle)); goto BB15 } BB15 { - iter1 <- ([#"../08_haystack.rs" 24 8 24 68] into_iter1 ([#"../08_haystack.rs" 25 17 25 32] Core_Ops_Range_Range_Type.C_Range ([#"../08_haystack.rs" 25 17 25 18] [#"../08_haystack.rs" 25 17 25 18] (0 : usize)) _36)); + [#"../08_haystack.rs" 24 8 24 68] iter1 <- ([#"../08_haystack.rs" 24 8 24 68] into_iter1 ([#"../08_haystack.rs" 25 17 25 32] Core_Ops_Range_Range_Type.C_Range ([#"../08_haystack.rs" 25 17 25 18] [#"../08_haystack.rs" 25 17 25 18] (0 : usize)) _36)); _36 <- any usize; goto BB16 } BB16 { - iter_old1 <- ([#"../08_haystack.rs" 24 8 24 68] Ghost.new iter1); + [#"../08_haystack.rs" 24 8 24 68] iter_old1 <- ([#"../08_haystack.rs" 24 8 24 68] Ghost.new iter1); goto BB17 } BB17 { - produced1 <- ([#"../08_haystack.rs" 24 8 24 68] Ghost.new (Seq.empty )); + [#"../08_haystack.rs" 24 8 24 68] produced1 <- ([#"../08_haystack.rs" 24 8 24 68] Ghost.new (Seq.empty )); goto BB18 } BB18 { @@ -561,11 +562,11 @@ module C08Haystack_Search goto BB20 } BB20 { - _47 <- Borrow.borrow_mut iter1; - iter1 <- ^ _47; - _46 <- Borrow.borrow_mut ( * _47); - _47 <- { _47 with current = ^ _46 }; - _45 <- ([#"../08_haystack.rs" 24 8 24 68] next1 _46); + [#"../08_haystack.rs" 24 8 24 68] _47 <- Borrow.borrow_mut iter1; + [#"../08_haystack.rs" 24 8 24 68] iter1 <- ^ _47; + [#"../08_haystack.rs" 24 8 24 68] _46 <- Borrow.borrow_mut ( * _47); + [#"../08_haystack.rs" 24 8 24 68] _47 <- { _47 with current = ^ _46 }; + [#"../08_haystack.rs" 24 8 24 68] _45 <- ([#"../08_haystack.rs" 24 8 24 68] next1 _46); _46 <- any borrowed (Core_Ops_Range_Range_Type.t_range usize); goto BB21 } @@ -577,30 +578,30 @@ module C08Haystack_Search end } BB22 { - _0 <- i; + [#"../08_haystack.rs" 31 15 31 16] _0 <- ([#"../08_haystack.rs" 31 15 31 16] i); goto BB31 } BB23 { goto BB24 } BB24 { - __creusot_proc_iter_elem1 <- Core_Option_Option_Type.some_0 _45; - _50 <- ([#"../08_haystack.rs" 24 8 24 68] Ghost.new (Seq.(++) (Ghost.inner produced1) (Seq.singleton __creusot_proc_iter_elem1))); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem1 <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] Core_Option_Option_Type.some_0 _45); + [#"../08_haystack.rs" 24 8 24 68] _50 <- ([#"../08_haystack.rs" 24 8 24 68] Ghost.new (Seq.(++) (Ghost.inner produced1) (Seq.singleton __creusot_proc_iter_elem1))); goto BB25 } BB25 { - produced1 <- _50; - _50 <- any Ghost.ghost_ty (Seq.seq usize); - j <- __creusot_proc_iter_elem1; - _55 <- ([#"../08_haystack.rs" 26 15 26 24] index0 ([#"../08_haystack.rs" 26 15 26 21] needle) j); + [#"../08_haystack.rs" 24 8 24 68] produced1 <- ([#"../08_haystack.rs" 24 8 24 68] _50); + [#"../08_haystack.rs" 24 8 24 68] _50 <- any Ghost.ghost_ty (Seq.seq usize); + [#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] j <- ([#"../../../../../creusot-contracts-proc/src/lib.rs" 664 0 664 51] __creusot_proc_iter_elem1); + [#"../08_haystack.rs" 26 15 26 24] _55 <- ([#"../08_haystack.rs" 26 15 26 24] index0 ([#"../08_haystack.rs" 26 15 26 21] needle) ([#"../08_haystack.rs" 26 22 26 23] j)); goto BB26 } BB26 { - _59 <- ([#"../08_haystack.rs" 26 28 26 43] index0 ([#"../08_haystack.rs" 26 28 26 36] haystack) ([#"../08_haystack.rs" 26 37 26 42] i + j)); + [#"../08_haystack.rs" 26 28 26 43] _59 <- ([#"../08_haystack.rs" 26 28 26 43] index0 ([#"../08_haystack.rs" 26 28 26 36] haystack) ([#"../08_haystack.rs" 26 37 26 42] ([#"../08_haystack.rs" 26 37 26 38] i) + ([#"../08_haystack.rs" 26 41 26 42] j))); goto BB27 } BB27 { - switch ([#"../08_haystack.rs" 26 15 26 43] _55 <> _59) + switch ([#"../08_haystack.rs" 26 15 26 43] ([#"../08_haystack.rs" 26 15 26 24] _55) <> ([#"../08_haystack.rs" 26 28 26 43] _59)) | False -> goto BB28 | True -> goto BB29 end diff --git a/creusot/tests/should_succeed/vector/09_capacity.mlcfg b/creusot/tests/should_succeed/vector/09_capacity.mlcfg index d7035d409f..b96cbd31c6 100644 --- a/creusot/tests/should_succeed/vector/09_capacity.mlcfg +++ b/creusot/tests/should_succeed/vector/09_capacity.mlcfg @@ -49,7 +49,7 @@ module C09Capacity_ChangeCapacity val inv2 (_x : Seq.seq t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../09_capacity.rs" 1 0 1 0] forall x : Seq.seq t . inv2 x = true + axiom inv2 : forall x : Seq.seq t . inv2 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Borrow @@ -61,7 +61,7 @@ module C09Capacity_ChangeCapacity val inv1 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../09_capacity.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv1 x = true + axiom inv1 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv1 x = true use prelude.UIntSize use prelude.Int use prelude.UIntSize @@ -83,7 +83,7 @@ module C09Capacity_ChangeCapacity val invariant0 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../09_capacity.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use seq.Seq function index_logic0 [@inline:trivial] (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) (ix : int) : t @@ -139,41 +139,41 @@ module C09Capacity_ChangeCapacity goto BB0 } BB0 { - _5 <- Borrow.borrow_mut ( * v); - v <- { v with current = ^ _5 }; + [#"../09_capacity.rs" 7 4 7 18] _5 <- Borrow.borrow_mut ( * v); + [#"../09_capacity.rs" 7 4 7 18] v <- { v with current = ^ _5 }; assume { inv0 ( ^ _5) }; - _4 <- ([#"../09_capacity.rs" 7 4 7 18] reserve0 _5 ([#"../09_capacity.rs" 7 14 7 17] [#"../09_capacity.rs" 7 14 7 17] (100 : usize))); + [#"../09_capacity.rs" 7 4 7 18] _4 <- ([#"../09_capacity.rs" 7 4 7 18] reserve0 _5 ([#"../09_capacity.rs" 7 14 7 17] [#"../09_capacity.rs" 7 14 7 17] (100 : usize))); _5 <- any borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)); goto BB1 } BB1 { - _7 <- Borrow.borrow_mut ( * v); - v <- { v with current = ^ _7 }; + [#"../09_capacity.rs" 8 4 8 24] _7 <- Borrow.borrow_mut ( * v); + [#"../09_capacity.rs" 8 4 8 24] v <- { v with current = ^ _7 }; assume { inv0 ( ^ _7) }; - _6 <- ([#"../09_capacity.rs" 8 4 8 24] reserve_exact0 _7 ([#"../09_capacity.rs" 8 20 8 23] [#"../09_capacity.rs" 8 20 8 23] (200 : usize))); + [#"../09_capacity.rs" 8 4 8 24] _6 <- ([#"../09_capacity.rs" 8 4 8 24] reserve_exact0 _7 ([#"../09_capacity.rs" 8 20 8 23] [#"../09_capacity.rs" 8 20 8 23] (200 : usize))); _7 <- any borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)); goto BB2 } BB2 { - _9 <- Borrow.borrow_mut ( * v); - v <- { v with current = ^ _9 }; + [#"../09_capacity.rs" 9 4 9 21] _9 <- Borrow.borrow_mut ( * v); + [#"../09_capacity.rs" 9 4 9 21] v <- { v with current = ^ _9 }; assume { inv0 ( ^ _9) }; - _8 <- ([#"../09_capacity.rs" 9 4 9 21] shrink_to_fit0 _9); + [#"../09_capacity.rs" 9 4 9 21] _8 <- ([#"../09_capacity.rs" 9 4 9 21] shrink_to_fit0 _9); _9 <- any borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)); goto BB3 } BB3 { - _11 <- Borrow.borrow_mut ( * v); - v <- { v with current = ^ _11 }; + [#"../09_capacity.rs" 10 4 10 18] _11 <- Borrow.borrow_mut ( * v); + [#"../09_capacity.rs" 10 4 10 18] v <- { v with current = ^ _11 }; assume { inv0 ( ^ _11) }; - _10 <- ([#"../09_capacity.rs" 10 4 10 18] shrink_to0 _11 ([#"../09_capacity.rs" 10 16 10 17] [#"../09_capacity.rs" 10 16 10 17] (1 : usize))); + [#"../09_capacity.rs" 10 4 10 18] _10 <- ([#"../09_capacity.rs" 10 4 10 18] shrink_to0 _11 ([#"../09_capacity.rs" 10 16 10 17] [#"../09_capacity.rs" 10 16 10 17] (1 : usize))); _11 <- any borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)); goto BB4 } BB4 { assert { [@expl:type invariant] inv1 v }; assume { resolve0 v }; - _0 <- ([#"../09_capacity.rs" 6 42 11 1] ()); + [#"../09_capacity.rs" 6 42 11 1] _0 <- ([#"../09_capacity.rs" 6 42 11 1] ()); return _0 } @@ -189,7 +189,7 @@ module C09Capacity_ClearVec val inv2 (_x : Seq.seq t) : bool ensures { result = inv2 _x } - axiom inv2 : [#"../09_capacity.rs" 1 0 1 0] forall x : Seq.seq t . inv2 x = true + axiom inv2 : forall x : Seq.seq t . inv2 x = true use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Borrow @@ -201,7 +201,7 @@ module C09Capacity_ClearVec val inv1 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool ensures { result = inv1 _x } - axiom inv1 : [#"../09_capacity.rs" 1 0 1 0] forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv1 x = true + axiom inv1 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) . inv1 x = true use prelude.UIntSize use prelude.Int use prelude.UIntSize @@ -223,7 +223,7 @@ module C09Capacity_ClearVec val invariant0 (self : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)) : bool ensures { result = invariant0 self } - axiom inv0 : [#"../09_capacity.rs" 1 0 1 0] forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) . inv0 x = true predicate resolve0 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) = [#"../../../../../creusot-contracts/src/resolve.rs" 25 20 25 34] ^ self = * self val resolve0 (self : borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global))) : bool @@ -246,17 +246,17 @@ module C09Capacity_ClearVec goto BB0 } BB0 { - _4 <- Borrow.borrow_mut ( * v); - v <- { v with current = ^ _4 }; + [#"../09_capacity.rs" 15 4 15 13] _4 <- Borrow.borrow_mut ( * v); + [#"../09_capacity.rs" 15 4 15 13] v <- { v with current = ^ _4 }; assume { inv0 ( ^ _4) }; - _3 <- ([#"../09_capacity.rs" 15 4 15 13] clear0 _4); + [#"../09_capacity.rs" 15 4 15 13] _3 <- ([#"../09_capacity.rs" 15 4 15 13] clear0 _4); _4 <- any borrowed (Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global)); goto BB1 } BB1 { assert { [@expl:type invariant] inv1 v }; assume { resolve0 v }; - _0 <- ([#"../09_capacity.rs" 14 36 16 1] ()); + [#"../09_capacity.rs" 14 36 16 1] _0 <- ([#"../09_capacity.rs" 14 36 16 1] ()); return _0 } diff --git a/why3/Cargo.toml b/why3/Cargo.toml index 48cc8fbd74..3e73331ff6 100644 --- a/why3/Cargo.toml +++ b/why3/Cargo.toml @@ -13,6 +13,7 @@ pretty = "0.11" indexmap = "1.2.0" serde = { version = "1.0", optional = true, features = ["derive"] } num = "*" +serde_json = "1.0.107" [features] serialize = ["serde"] diff --git a/why3/src/ce_models.rs b/why3/src/ce_models.rs new file mode 100644 index 0000000000..a6e085ee32 --- /dev/null +++ b/why3/src/ce_models.rs @@ -0,0 +1,376 @@ +use serde::Deserialize; +use serde_json::Value as Json; +use std::fmt::{Debug, Formatter}; + +#[derive(Deserialize)] +#[serde(untagged)] +pub enum Loc { + Span(Why3Span), + Other(Json), +} + +#[allow(dead_code)] +#[derive(Deserialize)] +#[serde(rename_all = "kebab-case")] +pub struct Why3Span { + pub file_name: String, + pub start_line: u32, + pub start_char: u32, + pub end_line: u32, + pub end_char: u32, +} + +impl Debug for Loc { + fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { + match self { + Loc::Span(Why3Span { file_name, start_line, start_char, end_line, end_char }) => { + write!(f, "[#\"{file_name}\" {start_line} {start_char} {end_line} {end_char}]") + } + _ => write!(f, "[#???]"), + } + } +} + +#[derive(Deserialize, Debug)] +#[serde(untagged)] +pub enum Fallible { + Ok(T), + Err(Json), +} + +#[derive(Deserialize, Debug)] +#[serde(untagged)] +pub enum Model { + Model { answer: String, model: Vec> }, + Unknown(Json), +} + +#[derive(Deserialize, Debug)] +pub struct Model2 { + pub filename: String, + pub model: Vec>, +} + +#[derive(Deserialize, Debug)] +pub struct Model3 { + pub is_vc_line: bool, + pub line: String, + pub model_elements: Vec>, +} + +#[derive(Deserialize, Debug)] +pub struct LSymbol { + pub name: String, + pub attrs: Vec, + pub loc: Loc, +} + +#[derive(Deserialize, Debug)] +pub struct ModelElem { + pub attrs: Vec, + pub kind: String, + pub location: Loc, + pub lsymbol: LSymbol, + pub value: Value, +} + +#[derive(Deserialize, Debug)] +pub struct Value { + pub value_concrete_term: ConcreteTerm, + pub value_term: Term, + pub value_type: Type, +} + +#[derive(Deserialize)] +pub enum Type { + #[serde(rename = "Tyvar")] + Var(String), + #[serde(rename = "Tyapp")] + App { ty_symbol: String, ty_args: Vec }, + #[serde(untagged)] + Unknown(Json), +} + +impl Debug for Type { + fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { + match self { + Type::Var(v) => write!(f, "*{v}"), + Type::App { ty_symbol, ty_args } => { + write!(f, "{ty_symbol}")?; + if !ty_args.is_empty() { + f.debug_list().entries(ty_args).finish()?; + } + Ok(()) + } + Type::Unknown(json) => write!(f, "{json}"), + } + } +} + +#[derive(Deserialize, Debug)] +pub struct VSymbol { + pub vs_name: String, + pub vs_type: Type, +} + +#[derive(Deserialize, Debug)] +pub enum TBool { + #[serde(rename = "Ttrue")] + True, + #[serde(rename = "Tfalse")] + False, +} + +#[derive(Deserialize, Debug)] +pub enum Term { + #[serde(rename = "Tvar")] + Var(VSymbol), + #[serde(rename = "Tconst")] + Const { + #[serde(rename = "const_type")] + ty: String, + #[serde(rename = "const_value")] + val: String, + }, + #[serde(rename = "Tapp")] + App { + #[serde(rename = "app_ls")] + ls: String, + #[serde(rename = "app_args")] + args: Vec, + }, + #[serde(rename = "Tif")] + If { + #[serde(rename = "if")] + ift: Box, + then: Box, + #[serde(rename = "else")] + elset: Box, + }, + #[serde(rename = "Teps")] + Eps { + #[serde(rename = "eps_vs")] + vs: VSymbol, + #[serde(rename = "eps_t")] + t: Box, + }, + #[serde(rename = "Tfun")] + Fun { + #[serde(rename = "fun_args")] + args: Vec, + #[serde(rename = "fun_body")] + body: Box, + }, + #[serde(rename = "Tquant")] + Quant { + quant: String, + #[serde(rename = "quant_vs")] + vs: Vec, + #[serde(rename = "quant_t")] + t: Box, + }, + #[serde(rename = "Tbinop")] + Binop { + binop: String, + #[serde(rename = "binop_t1")] + t1: Box, + #[serde(rename = "binop_t2")] + t2: Box, + }, + #[serde(rename = "Tnot")] + Not(Box), + #[serde(rename = "Tlet")] + Let(String), + #[serde(rename = "Tcase")] + Case(String), + #[serde(untagged)] + Bool(TBool), + #[serde(untagged)] + Unknown(Json), +} + +#[derive(Deserialize, Debug)] +pub struct BitVector { + pub bv_value_as_decimal: String, + pub bv_length: u32, + pub bv_verbatim: String, +} + +#[derive(Deserialize, Debug)] +pub struct Real { + pub real_value: String, + pub real_verbatim: String, +} + +#[derive(Deserialize)] +pub struct Integer { + pub int_value: String, + pub int_verbatim: String, +} + +impl Integer { + fn try_to_u64(&self) -> Option { + if self.int_value != self.int_verbatim { + None + } else { + self.int_value.parse().ok() + } + } +} + +impl Debug for Integer { + fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { + match self.try_to_u64() { + Some(n) => write!(f, "{n}"), + None => f + .debug_struct("Integer") + .field("value", &self.int_value) + .field("verbatim", &self.int_verbatim) + .finish(), + } + } +} + +#[derive(Deserialize, Debug)] +pub enum Float { + Infinity, + #[serde(rename = "Plus_zero")] + PlusZero, + #[serde(rename = "Minus_zero")] + MinusZero, + #[serde(rename = "Float_value")] + Value { + float_hex: String, + }, +} + +#[allow(dead_code)] +#[derive(Deserialize, Debug)] +pub struct FunLitElt { + pub indice: ConcreteTerm, + pub value: ConcreteTerm, +} + +#[derive(Deserialize, Debug)] +#[serde(tag = "type", content = "val")] +pub enum ConcreteTerm { + Var(String), + Boolean(bool), + String(String), + Integer(Integer), + Real(Real), + BitVector(BitVector), + Fraction { + #[serde(rename = "frac_num")] + num: Real, + #[serde(rename = "frac_num")] + denom: Real, + #[serde(rename = "frac_verbatim")] + verbatim: String, + }, + Float(Float), + #[serde(rename = "Apply")] + App { + #[serde(rename = "app_ls")] + ls: String, + #[serde(rename = "app_args")] + args: Vec, + }, + If { + #[serde(rename = "if")] + ift: Box, + then: Box, + #[serde(rename = "else")] + elset: Box, + }, + #[serde(rename = "Epsilon")] + Eps { + #[serde(rename = "eps_var")] + var: String, + #[serde(rename = "eps_t")] + t: Box, + }, + #[serde(rename = "Function")] + Fun { + #[serde(rename = "fun_args")] + args: Vec, + #[serde(rename = "fun_body")] + body: Box, + }, + Quant { + quant: String, + #[serde(rename = "quant_vs")] + vs: Vec, + #[serde(rename = "quant_t")] + t: Box, + }, + Binop { + binop: String, + #[serde(rename = "binop_t1")] + t1: Box, + #[serde(rename = "binop_t2")] + t2: Box, + }, + Not(Box), + FunctionLiteral { + #[serde(rename = "funliteral_elts")] + elts: Vec, + #[serde(rename = "funliteral_others")] + other: Box, + }, + Proj { + #[serde(rename = "proj_name")] + name: String, + #[serde(rename = "proj_value")] + value: Box, + }, + #[serde(untagged)] + Unknown(Json), +} + +#[derive(Deserialize)] +pub struct Goal { + pub term: GoalTerm, + #[serde(alias = "prover-result")] + pub prover_result: ProverResult, +} + +#[derive(Deserialize, Debug)] +pub struct GoalTerm { + pub loc: Loc, + #[serde(alias = "goal-name")] //Why3 doesn't currently use kebab-case but this might change + pub goal_name: String, + pub explanations: Vec, +} +#[allow(dead_code)] +#[derive(Deserialize, Debug)] +pub struct ProverResult { + pub answer: String, + #[serde(rename = "ce-models")] + pub ce_models: Vec, + pub time: f32, + pub step: i32, +} + +impl ProverResult { + pub fn model_elems(&self) -> impl Iterator { + self.ce_models + .iter() + .flat_map(|x| match x { + Model::Model { model, .. } => &**model, + _ => &[], + }) + .flat_map(|x| match x { + Fallible::Ok(x) => &*x.model, + _ => &[], + }) + .flat_map(|x| match x { + Fallible::Ok(x) => &*x.model_elements, + _ => &[], + }) + .filter_map(|x| match x { + Fallible::Ok(x) => Some(x), + _ => None, + }) + } +} diff --git a/why3/src/lib.rs b/why3/src/lib.rs index 45defea055..7e17f3eee3 100644 --- a/why3/src/lib.rs +++ b/why3/src/lib.rs @@ -1,4 +1,5 @@ #![feature(box_patterns)] +pub mod ce_models; pub mod declaration; pub mod exp; pub mod mlcfg; diff --git a/why3/src/mlcfg.rs b/why3/src/mlcfg.rs index a10456ac8d..98c9d76fb0 100644 --- a/why3/src/mlcfg.rs +++ b/why3/src/mlcfg.rs @@ -1,4 +1,5 @@ use crate::{ + declaration::Attribute, exp::{Exp, Pattern}, ty::Type, Ident, QName, @@ -45,7 +46,7 @@ impl Terminator { #[derive(Debug, Clone)] #[cfg_attr(feature = "serialize", derive(Serialize, Deserialize))] pub enum Statement { - Assign { lhs: Ident, rhs: Exp }, + Assign { attr: Option, lhs: Ident, rhs: Exp }, Invariant(Exp), Variant(Exp), Assume(Exp), diff --git a/why3/src/mlcfg/printer.rs b/why3/src/mlcfg/printer.rs index a0f2bc4dc9..d9875791a5 100644 --- a/why3/src/mlcfg/printer.rs +++ b/why3/src/mlcfg/printer.rs @@ -830,6 +830,20 @@ impl Print for Binder { } } +fn pretty_attr<'b, 'a: 'b, A: DocAllocator<'a>>( + attr: &'a Option, + alloc: &'a A, + env: &mut PrintEnv, +) -> DocBuilder<'a, A> +where + A::Doc: Clone, +{ + match attr { + Some(attr) => attr.pretty(alloc, env).append(" "), + None => alloc.nil(), + } +} + impl Print for Statement { fn pretty<'b, 'a: 'b, A: DocAllocator<'a>>( &'a self, @@ -840,8 +854,8 @@ impl Print for Statement { A::Doc: Clone, { match self { - Statement::Assign { lhs, rhs } => lhs - .pretty(alloc, env) + Statement::Assign { attr, lhs, rhs } => pretty_attr(attr, alloc, env) + .append(lhs.pretty(alloc, env)) .append(" <- ") .append(parens!(alloc, env, Precedence::Impl, rhs)), Statement::Invariant(e) => {