diff --git a/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma b/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma index abad02a300..16cd216935 100644 --- a/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma +++ b/creusot/tests/should_fail/bug/01_resolve_unsoundness.coma @@ -101,22 +101,7 @@ module Alloc_Alloc_Global_Type end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C01ResolveUnsoundness_MakeVecOfSize let%span s01_resolve_unsoundness0 = "../01_resolve_unsoundness.rs" 10 29 10 39 @@ -135,55 +120,39 @@ module C01ResolveUnsoundness_MakeVecOfSize let%span span7 = "" 0 0 0 0 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - - let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - - let%span span12 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span13 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span9 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span19 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span20 = "" 0 0 0 0 - let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span21 = "" 0 0 0 0 - let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span22 = "../../../../../creusot-contracts/src/std/vec.rs" 82 26 82 51 - let%span span27 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span23 = "../../../../../creusot-contracts/src/std/vec.rs" 69 26 69 44 - let%span span28 = "" 0 0 0 0 - - let%span span29 = "" 0 0 0 0 - - let%span span30 = "../../../../../creusot-contracts/src/std/vec.rs" 82 26 82 51 - - let%span span31 = "../../../../../creusot-contracts/src/std/vec.rs" 69 26 69 44 - - let%span span32 = "" 0 0 0 0 + let%span span24 = "" 0 0 0 0 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 @@ -222,76 +191,61 @@ module C01ResolveUnsoundness_MakeVecOfSize constant max'0 : usize = [%#span7] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq bool) : int - axiom len'0_spec : forall self : Seq'0.t_seq bool . ([%#span8] inv'3 self) -> ([%#span9] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq bool . [%#span8] len'0 self >= 0 predicate inv'0 (_x : Vec'0.t_vec bool (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec bool (Global'0.t_global)) : Seq'0.t_seq bool - axiom shallow_model'0_spec : forall self : Vec'0.t_vec bool (Global'0.t_global) . ([%#span10] inv'0 self) - -> ([%#span12] inv'3 (shallow_model'0 self)) - && ([%#span11] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec bool (Global'0.t_global) . ([%#span9] inv'0 self) + -> ([%#span10] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'0 (self : Vec'0.t_vec bool (Global'0.t_global)) = - [%#span13] inv'3 (shallow_model'0 self) + [%#span11] inv'3 (shallow_model'0 self) axiom inv'0 : forall x : Vec'0.t_vec bool (Global'0.t_global) . inv'0 x = true - constant empty'0 : Seq'0.t_seq bool = [%#span14] () + constant empty'0 : Seq'0.t_seq bool - function empty_len'0 (_1 : ()) : () = - [%#span16] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span15] len'0 (empty'0 : Seq'0.t_seq bool) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span12] len'0 (empty'0 : Seq'0.t_seq bool) = 0 use prelude.prelude.Intrinsic - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq bool) (x : int) : bool + function index_logic'0 (self : Seq'0.t_seq bool) (_2 : int) : bool function concat'0 (self : Seq'0.t_seq bool) (other : Seq'0.t_seq bool) : Seq'0.t_seq bool - axiom concat'0_spec : forall self : Seq'0.t_seq bool, other : Seq'0.t_seq bool . ([%#span17] inv'3 self) - -> ([%#span18] inv'3 other) - -> ([%#span21] inv'3 (concat'0 self other)) - && ([%#span20] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq bool, other : Seq'0.t_seq bool . ([%#span14] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span19] len'0 (concat'0 self other) = len'0 self + len'0 other) - - use seq.Seq + && ([%#span13] len'0 (concat'0 self other) = len'0 self + len'0 other) function singleton'0 (v : bool) : Seq'0.t_seq bool - axiom singleton'0_spec : forall v : bool . ([%#span22] inv'2 v) - -> ([%#span25] inv'3 (singleton'0 v)) - && ([%#span24] index_logic'0 (singleton'0 v) 0 = v) && ([%#span23] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : bool . ([%#span15] inv'2 v) + -> ([%#span17] index_logic'0 (singleton'0 v) 0 = v) && ([%#span16] len'0 (singleton'0 v) = 1) function push'1 [@inline:trivial] (self : Seq'0.t_seq bool) (v : bool) : Seq'0.t_seq bool = - [%#span26] concat'0 self (singleton'0 v) + [%#span18] concat'0 self (singleton'0 v) function shallow_model'1 (self : borrowed (Vec'0.t_vec bool (Global'0.t_global))) : Seq'0.t_seq bool = - [%#span27] shallow_model'0 ( * self) + [%#span19] shallow_model'0 ( * self) - let rec push'0 (self:borrowed (Vec'0.t_vec bool (Global'0.t_global))) (value:bool) (return' (ret:()))= {[@expl:precondition] [%#span29] inv'2 value} - {[@expl:precondition] [%#span28] inv'1 self} + let rec push'0 (self:borrowed (Vec'0.t_vec bool (Global'0.t_global))) (value:bool) (return' (ret:()))= {[@expl:precondition] [%#span21] inv'2 value} + {[@expl:precondition] [%#span20] inv'1 self} any - [ return' (result:())-> {[%#span30] shallow_model'0 ( ^ self) = push'1 (shallow_model'1 self) value} + [ return' (result:())-> {[%#span22] shallow_model'0 ( ^ self) = push'1 (shallow_model'1 self) value} (! return' {result}) ] let rec new'0 (_1:()) (return' (ret:Vec'0.t_vec bool (Global'0.t_global)))= any - [ return' (result:Vec'0.t_vec bool (Global'0.t_global))-> {[%#span32] inv'0 result} - {[%#span31] len'0 (shallow_model'0 result) = 0} + [ return' (result:Vec'0.t_vec bool (Global'0.t_global))-> {[%#span24] inv'0 result} + {[%#span23] len'0 (shallow_model'0 result) = 0} (! return' {result}) ] diff --git a/creusot/tests/should_fail/bug/specialize.coma b/creusot/tests/should_fail/bug/specialize.coma index 616485f2c9..fbbc128c22 100644 --- a/creusot/tests/should_fail/bug/specialize.coma +++ b/creusot/tests/should_fail/bug/specialize.coma @@ -128,22 +128,7 @@ module Specialize_F end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module Specialize_G type t @@ -152,51 +137,38 @@ module Specialize_G let%span sspecialize1 = "../specialize.rs" 27 8 27 9 - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span7 = "" 0 0 0 0 + let%span span4 = "" 0 0 0 0 - let%span span8 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span5 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span9 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span6 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 - - let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span7 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span12 = "../specialize.rs" 6 9 6 13 + let%span span8 = "../specialize.rs" 6 9 6 13 use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'1 (_x : Seq'0.t_seq t) - function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span2] inv'1 self) -> ([%#span3] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span2] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq t = [%#span4] () + constant empty'0 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span6] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span5] len'0 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span3] len'0 (empty'0 : Seq'0.t_seq t) = 0 predicate invariant'1 (self : Seq'0.t_seq t) + predicate inv'1 (_x : Seq'0.t_seq t) + axiom inv'1 : forall x : Seq'0.t_seq t . inv'1 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -207,24 +179,23 @@ module Specialize_G use prelude.prelude.UIntSize - constant max'0 : usize = [%#span7] (18446744073709551615 : usize) + constant max'0 : usize = [%#span4] (18446744073709551615 : usize) predicate inv'0 (_x : Vec'0.t_vec t (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq t - axiom shallow_model'0_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span8] inv'0 self) - -> ([%#span10] inv'1 (shallow_model'0 self)) - && ([%#span9] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span5] inv'0 self) + -> ([%#span6] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'0 (self : Vec'0.t_vec t (Global'0.t_global)) = - [%#span11] inv'1 (shallow_model'0 self) + [%#span7] inv'1 (shallow_model'0 self) axiom inv'0 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'0 x = true use prelude.prelude.Intrinsic - let rec x'0 (self:Vec'0.t_vec t (Global'0.t_global)) (return' (ret:()))= {[@expl:precondition] [%#span12] inv'0 self} + let rec x'0 (self:Vec'0.t_vec t (Global'0.t_global)) (return' (ret:()))= {[@expl:precondition] [%#span8] inv'0 self} any [ return' (result:())-> (! return' {result}) ] let rec g (v:Vec'0.t_vec t (Global'0.t_global)) (return' (ret:()))= {[%#sspecialize1] inv'0 v} @@ -239,57 +210,44 @@ end module Specialize_H let%span sspecialize0 = "../specialize.rs" 37 20 37 25 - let%span span1 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span1 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span3 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span4 = "" 0 0 0 0 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span5 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span6 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 + let%span span6 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span7 = "" 0 0 0 0 - - let%span span8 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - - let%span span9 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - - let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 - - let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span7 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span12 = "../specialize.rs" 12 17 12 21 + let%span span8 = "../specialize.rs" 12 17 12 21 - let%span span13 = "../specialize.rs" 11 14 11 19 + let%span span9 = "../specialize.rs" 11 14 11 19 use prelude.prelude.Int - use seq.Seq - use prelude.prelude.Int32 - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'1 (_x : Seq'0.t_seq int32) - function len'0 (self : Seq'0.t_seq int32) : int - axiom len'0_spec : forall self : Seq'0.t_seq int32 . ([%#span1] inv'1 self) -> ([%#span2] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq int32 . [%#span1] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq int32 = [%#span3] () + constant empty'0 : Seq'0.t_seq int32 - function empty_len'0 (_1 : ()) : () = - [%#span5] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span4] len'0 (empty'0 : Seq'0.t_seq int32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span2] len'0 (empty'0 : Seq'0.t_seq int32) = 0 predicate invariant'1 (self : Seq'0.t_seq int32) = - [%#span6] true + [%#span3] true + + predicate inv'1 (_x : Seq'0.t_seq int32) axiom inv'1 : forall x : Seq'0.t_seq int32 . inv'1 x = true @@ -301,25 +259,24 @@ module Specialize_H use prelude.prelude.UIntSize - constant max'0 : usize = [%#span7] (18446744073709551615 : usize) + constant max'0 : usize = [%#span4] (18446744073709551615 : usize) predicate inv'0 (_x : Vec'0.t_vec int32 (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec int32 (Global'0.t_global)) : Seq'0.t_seq int32 - axiom shallow_model'0_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span8] inv'0 self) - -> ([%#span10] inv'1 (shallow_model'0 self)) - && ([%#span9] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span5] inv'0 self) + -> ([%#span6] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'0 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span11] inv'1 (shallow_model'0 self) + [%#span7] inv'1 (shallow_model'0 self) axiom inv'0 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'0 x = true use prelude.prelude.Intrinsic - let rec x'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:()))= {[@expl:precondition] [%#span12] inv'0 self} - any [ return' (result:())-> {[%#span13] false} (! return' {result}) ] + let rec x'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:()))= {[@expl:precondition] [%#span8] inv'0 self} + any [ return' (result:())-> {[%#span9] false} (! return' {result}) ] let rec h (v:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = x'0 {v} (fun (_ret':()) -> [ &_2 <- _ret' ] s1) | s1 = bb1 ] @@ -336,17 +293,13 @@ module Specialize_Impl0 let%span span1 = "" 0 0 0 0 - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span3 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span4 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span4 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span5 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - - let%span span6 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 - - let%span span7 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span5 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 @@ -368,24 +321,19 @@ module Specialize_Impl0 constant max'0 : usize = [%#span1] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq u) : int - axiom len'0_spec : forall self : Seq'0.t_seq u . ([%#span2] inv'1 self) -> ([%#span3] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq u . [%#span2] len'0 self >= 0 predicate inv'0 (_x : Vec'0.t_vec u (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec u (Global'0.t_global)) : Seq'0.t_seq u - axiom shallow_model'0_spec : forall self : Vec'0.t_vec u (Global'0.t_global) . ([%#span4] inv'0 self) - -> ([%#span6] inv'1 (shallow_model'0 self)) - && ([%#span5] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec u (Global'0.t_global) . ([%#span3] inv'0 self) + -> ([%#span4] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'0 (self : Vec'0.t_vec u (Global'0.t_global)) = - [%#span7] inv'1 (shallow_model'0 self) + [%#span5] inv'1 (shallow_model'0 self) axiom inv'0 : forall x : Vec'0.t_vec u (Global'0.t_global) . inv'0 x = true diff --git a/creusot/tests/should_fail/final_borrows.coma b/creusot/tests/should_fail/final_borrows.coma index c5155cfb16..b4e58a917c 100644 --- a/creusot/tests/should_fail/final_borrows.coma +++ b/creusot/tests/should_fail/final_borrows.coma @@ -232,22 +232,7 @@ module FinalBorrows_UnnestingFails end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module FinalBorrows_Indexing type t @@ -264,93 +249,63 @@ module FinalBorrows_Indexing let%span sfinal_borrows5 = "../final_borrows.rs" 37 35 37 41 - let%span span6 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span7 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span8 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span6 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span9 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span7 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span10 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span8 = "" 0 0 0 0 - let%span span11 = "" 0 0 0 0 + let%span span9 = "../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span12 = "../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 + let%span span10 = "../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span13 = "../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span11 = "../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 - let%span span14 = "../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span12 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span15 = "../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 + let%span span13 = "../../../../creusot-contracts/src/std/slice.rs" 67 23 67 27 - let%span span16 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span14 = "../../../../creusot-contracts/src/std/slice.rs" 64 14 64 41 - let%span span17 = "../../../../creusot-contracts/src/std/slice.rs" 67 23 67 27 + let%span span15 = "../../../../creusot-contracts/src/std/slice.rs" 65 4 65 82 - let%span span18 = "../../../../creusot-contracts/src/std/slice.rs" 64 14 64 41 + let%span span16 = "../../../../creusot-contracts/src/std/slice.rs" 66 4 66 85 - let%span span19 = "../../../../creusot-contracts/src/std/slice.rs" 65 4 65 82 - - let%span span20 = "../../../../creusot-contracts/src/std/slice.rs" 66 4 66 85 - - let%span span21 = "../../../../creusot-contracts/src/std/slice.rs" 67 4 67 43 - - let%span span22 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span17 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 use prelude.prelude.Slice - predicate invariant'5 (self : slice t) + predicate invariant'3 (self : slice t) - predicate inv'5 (_x : slice t) + predicate inv'3 (_x : slice t) - axiom inv'5 : forall x : slice t . inv'5 x = true - - use prelude.prelude.Borrow - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'4 (self : Seq'0.t_seq (borrowed t)) - - predicate inv'4 (_x : Seq'0.t_seq (borrowed t)) - - axiom inv'4 : forall x : Seq'0.t_seq (borrowed t) . inv'4 x = true + axiom inv'3 : forall x : slice t . inv'3 x = true use prelude.prelude.Int - use seq.Seq + use prelude.prelude.Borrow - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'1 (self : Seq'0.t_seq (borrowed t)) : int - axiom len'1_spec : forall self : Seq'0.t_seq (borrowed t) . ([%#span6] inv'4 self) -> ([%#span7] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq (borrowed t) . [%#span6] len'1 self >= 0 - constant empty'1 : Seq'0.t_seq (borrowed t) = [%#span8] () + constant empty'1 : Seq'0.t_seq (borrowed t) - function empty_len'1 (_1 : ()) : () = - [%#span10] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span9] len'1 (empty'1 : Seq'0.t_seq (borrowed t)) = 0 - - predicate invariant'3 (self : Seq'0.t_seq t) - - predicate inv'3 (_x : Seq'0.t_seq t) - - axiom inv'3 : forall x : Seq'0.t_seq t . inv'3 x = true - - use seq.Seq + axiom empty_len'1_spec : forall _1 : () . [%#span7] len'1 (empty'1 : Seq'0.t_seq (borrowed t)) = 0 function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span6] inv'3 self) -> ([%#span7] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span6] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq t = [%#span8] () + constant empty'0 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span10] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span9] len'0 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span7] len'0 (empty'0 : Seq'0.t_seq t) = 0 predicate invariant'2 (self : borrowed (slice t)) @@ -370,49 +325,43 @@ module FinalBorrows_Indexing axiom inv'0 : forall x : t . inv'0 x = true - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq (borrowed t)) (x : int) : borrowed t - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq (borrowed t)) (_2 : int) : borrowed t - function index_logic'2 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'2 (self : Seq'0.t_seq t) (_2 : int) : t use prelude.prelude.UIntSize use prelude.prelude.UIntSize - constant max'0 : usize = [%#span11] (18446744073709551615 : usize) + constant max'0 : usize = [%#span8] (18446744073709551615 : usize) function shallow_model'1 (self : slice t) : Seq'0.t_seq t - axiom shallow_model'1_spec : forall self : slice t . ([%#span12] inv'5 self) - -> ([%#span14] inv'3 (shallow_model'1 self)) - && ([%#span13] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'1_spec : forall self : slice t . ([%#span9] inv'3 self) + -> ([%#span10] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) function index_logic'1 [@inline:trivial] (self : slice t) (ix : int) : t = - [%#span15] index_logic'2 (shallow_model'1 self) ix + [%#span11] index_logic'2 (shallow_model'1 self) ix function shallow_model'0 (self : borrowed (slice t)) : Seq'0.t_seq t = - [%#span16] shallow_model'1 ( * self) + [%#span12] shallow_model'1 ( * self) function to_mut_seq'0 (self : borrowed (slice t)) : Seq'0.t_seq (borrowed t) - axiom to_mut_seq'0_spec : forall self : borrowed (slice t) . ([%#span17] inv'2 self) - -> ([%#span21] inv'4 (to_mut_seq'0 self)) - && ([%#span20] forall i : int . 0 <= i /\ i < len'1 (to_mut_seq'0 self) + axiom to_mut_seq'0_spec : forall self : borrowed (slice t) . ([%#span13] inv'2 self) + -> ([%#span16] forall i : int . 0 <= i /\ i < len'1 (to_mut_seq'0 self) -> ^ index_logic'0 (to_mut_seq'0 self) i = index_logic'1 ( ^ self) i) - && ([%#span19] forall i : int . 0 <= i /\ i < len'1 (to_mut_seq'0 self) + && ([%#span15] forall i : int . 0 <= i /\ i < len'1 (to_mut_seq'0 self) -> * index_logic'0 (to_mut_seq'0 self) i = index_logic'1 ( * self) i) - && ([%#span18] len'1 (to_mut_seq'0 self) = len'0 (shallow_model'0 self)) + && ([%#span14] len'1 (to_mut_seq'0 self) = len'0 (shallow_model'0 self)) use prelude.prelude.Intrinsic predicate resolve'1 (self : borrowed (slice t)) = - [%#span22] ^ self = * self + [%#span17] ^ self = * self predicate resolve'0 (self : borrowed t) = - [%#span22] ^ self = * self + [%#span17] ^ self = * self let rec indexing (x:borrowed (slice t)) (return' (ret:borrowed t))= {[%#sfinal_borrows3] inv'2 x} {[%#sfinal_borrows2] len'0 (shallow_model'0 x) >= 1} diff --git a/creusot/tests/should_succeed/100doors.coma b/creusot/tests/should_succeed/100doors.coma index 8dd27af1b9..4b2f8ca652 100644 --- a/creusot/tests/should_succeed/100doors.coma +++ b/creusot/tests/should_succeed/100doors.coma @@ -125,22 +125,7 @@ module CreusotContracts_Snapshot_Snapshot_Type type t_snapshot 't end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module Core_Option_Option_Type type t_option 't = @@ -191,209 +176,189 @@ module C100doors_F let%span span15 = "" 0 0 0 0 - let%span span16 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span16 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span17 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span17 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span18 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span18 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span19 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span19 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span20 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span20 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span21 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span21 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span22 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span22 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span23 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span23 = "../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 - let%span span24 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span24 = "../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 - let%span span25 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span25 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 - let%span span26 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span26 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 - let%span span27 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span27 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 - let%span span28 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span28 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 - let%span span29 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span29 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 - let%span span30 = "../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 + let%span span30 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 - let%span span31 = "../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 + let%span span31 = "../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 - let%span span32 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span span32 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 - let%span span33 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span span33 = "../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 - let%span span34 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 + let%span span34 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span35 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 31 40 33 + let%span span35 = "../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 - let%span span36 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 + let%span span36 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span37 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 61 40 63 + let%span span37 = "../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 - let%span span38 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 + let%span span38 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span39 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span span39 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span40 = "../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 + let%span span40 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span41 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span span41 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 - let%span span42 = "../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 + let%span span42 = "" 0 0 0 0 - let%span span43 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span43 = "" 0 0 0 0 - let%span span44 = "../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 + let%span span44 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 - let%span span45 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span45 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 - let%span span46 = "../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 + let%span span46 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 - let%span span47 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span47 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 - let%span span48 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span48 = "" 0 0 0 0 - let%span span49 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span49 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span50 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 + let%span span50 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 let%span span51 = "" 0 0 0 0 let%span span52 = "" 0 0 0 0 - let%span span53 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 + let%span span53 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 - let%span span54 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 + let%span span54 = "" 0 0 0 0 - let%span span55 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 + let%span span55 = "../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span56 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 + let%span span56 = "../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span57 = "" 0 0 0 0 + let%span span57 = "../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span58 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span58 = "../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 - let%span span59 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 + let%span span59 = "" 0 0 0 0 - let%span span60 = "" 0 0 0 0 + let%span span60 = "../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 let%span span61 = "" 0 0 0 0 - let%span span62 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 + let%span span62 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span63 = "" 0 0 0 0 + let%span span63 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span64 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span64 = "../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - let%span span65 = "../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span65 = "../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - let%span span66 = "../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span66 = "../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - let%span span67 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span67 = "" 0 0 0 0 - let%span span68 = "../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span span68 = "" 0 0 0 0 let%span span69 = "" 0 0 0 0 - let%span span70 = "../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 + let%span span70 = "../../../../creusot-contracts/src/std/vec.rs" 174 22 174 41 - let%span span71 = "" 0 0 0 0 + let%span span71 = "../../../../creusot-contracts/src/std/vec.rs" 175 12 175 78 - let%span span72 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span72 = "" 0 0 0 0 - let%span span73 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - - let%span span74 = "../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - - let%span span75 = "../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - - let%span span76 = "../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - - let%span span77 = "" 0 0 0 0 - - let%span span78 = "" 0 0 0 0 - - let%span span79 = "" 0 0 0 0 + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - let%span span80 = "../../../../creusot-contracts/src/std/vec.rs" 174 22 174 41 + predicate invariant'11 (self : Seq'0.t_seq bool) = + [%#span14] true - let%span span81 = "../../../../creusot-contracts/src/std/vec.rs" 175 12 175 78 + predicate inv'11 (_x : Seq'0.t_seq bool) - let%span span82 = "" 0 0 0 0 + axiom inv'11 : forall x : Seq'0.t_seq bool . inv'11 x = true use prelude.prelude.Borrow - predicate invariant'11 (self : borrowed bool) = + predicate invariant'10 (self : borrowed bool) = [%#span14] true - predicate inv'11 (_x : borrowed bool) + predicate inv'10 (_x : borrowed bool) - axiom inv'11 : forall x : borrowed bool . inv'11 x = true + axiom inv'10 : forall x : borrowed bool . inv'10 x = true use Alloc_Alloc_Global_Type as Global'0 use Alloc_Vec_Vec_Type as Vec'0 - predicate invariant'10 (self : borrowed (Vec'0.t_vec bool (Global'0.t_global))) = + predicate invariant'9 (self : borrowed (Vec'0.t_vec bool (Global'0.t_global))) = [%#span14] true - predicate inv'10 (_x : borrowed (Vec'0.t_vec bool (Global'0.t_global))) + predicate inv'9 (_x : borrowed (Vec'0.t_vec bool (Global'0.t_global))) - axiom inv'10 : forall x : borrowed (Vec'0.t_vec bool (Global'0.t_global)) . inv'10 x = true + axiom inv'9 : forall x : borrowed (Vec'0.t_vec bool (Global'0.t_global)) . inv'9 x = true - predicate invariant'9 (self : bool) = + predicate invariant'8 (self : bool) = [%#span14] true - predicate inv'9 (_x : bool) + predicate inv'8 (_x : bool) - axiom inv'9 : forall x : bool . inv'9 x = true + axiom inv'8 : forall x : bool . inv'8 x = true - predicate invariant'8 (self : Vec'0.t_vec bool (Global'0.t_global)) = + predicate invariant'7 (self : Vec'0.t_vec bool (Global'0.t_global)) = [%#span14] true - predicate inv'8 (_x : Vec'0.t_vec bool (Global'0.t_global)) + predicate inv'7 (_x : Vec'0.t_vec bool (Global'0.t_global)) - axiom inv'8 : forall x : Vec'0.t_vec bool (Global'0.t_global) . inv'8 x = true + axiom inv'7 : forall x : Vec'0.t_vec bool (Global'0.t_global) . inv'7 x = true use prelude.prelude.UIntSize - predicate invariant'7 (self : usize) = + predicate invariant'6 (self : usize) = [%#span14] true - predicate inv'7 (_x : usize) + predicate inv'6 (_x : usize) - axiom inv'7 : forall x : usize . inv'7 x = true + axiom inv'6 : forall x : usize . inv'6 x = true use Core_Option_Option_Type as Option'0 - predicate invariant'6 (self : Option'0.t_option usize) = + predicate invariant'5 (self : Option'0.t_option usize) = [%#span14] true - predicate inv'6 (_x : Option'0.t_option usize) + predicate inv'5 (_x : Option'0.t_option usize) - axiom inv'6 : forall x : Option'0.t_option usize . inv'6 x = true + axiom inv'5 : forall x : Option'0.t_option usize . inv'5 x = true use Core_Ops_Range_Range_Type as Range'0 - predicate invariant'5 (self : borrowed (Range'0.t_range usize)) = - [%#span14] true - - predicate inv'5 (_x : borrowed (Range'0.t_range usize)) - - axiom inv'5 : forall x : borrowed (Range'0.t_range usize) . inv'5 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'4 (self : Seq'0.t_seq bool) = + predicate invariant'4 (self : borrowed (Range'0.t_range usize)) = [%#span14] true - predicate inv'4 (_x : Seq'0.t_seq bool) + predicate inv'4 (_x : borrowed (Range'0.t_range usize)) - axiom inv'4 : forall x : Seq'0.t_seq bool . inv'4 x = true + axiom inv'4 : forall x : borrowed (Range'0.t_range usize) . inv'4 x = true predicate invariant'3 (self : Seq'0.t_seq usize) = [%#span14] true @@ -408,24 +373,19 @@ module C100doors_F constant max'0 : usize = [%#span15] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq bool) : int - axiom len'0_spec : forall self : Seq'0.t_seq bool . ([%#span16] inv'4 self) -> ([%#span17] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq bool . [%#span16] len'0 self >= 0 predicate inv'2 (_x : Vec'0.t_vec bool (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec bool (Global'0.t_global)) : Seq'0.t_seq bool - axiom shallow_model'0_spec : forall self : Vec'0.t_vec bool (Global'0.t_global) . ([%#span18] inv'2 self) - -> ([%#span20] inv'4 (shallow_model'0 self)) - && ([%#span19] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec bool (Global'0.t_global) . ([%#span17] inv'2 self) + -> ([%#span18] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'2 (self : Vec'0.t_vec bool (Global'0.t_global)) = - [%#span21] inv'4 (shallow_model'0 self) + [%#span19] inv'11 (shallow_model'0 self) axiom inv'2 : forall x : Vec'0.t_vec bool (Global'0.t_global) . inv'2 x = true @@ -436,46 +396,37 @@ module C100doors_F axiom inv'1 : forall x : bool . inv'1 x = true - constant empty'1 : Seq'0.t_seq bool = [%#span22] () - - function empty_len'1 (_1 : ()) : () = - [%#span24] () - - axiom empty_len'1_spec : forall _1 : () . [%#span23] len'0 (empty'1 : Seq'0.t_seq bool) = 0 + constant empty'1 : Seq'0.t_seq bool - use seq.Seq + function empty_len'1 (_1 : ()) : () - use seq.Seq + axiom empty_len'1_spec : forall _1 : () . [%#span20] len'0 (empty'1 : Seq'0.t_seq bool) = 0 - function index_logic'1 (self : Seq'0.t_seq usize) (x : int) : usize - - use seq.Seq + function index_logic'1 (self : Seq'0.t_seq usize) (_2 : int) : usize function len'1 (self : Seq'0.t_seq usize) : int - axiom len'1_spec : forall self : Seq'0.t_seq usize . ([%#span16] inv'3 self) -> ([%#span17] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq usize . [%#span16] len'1 self >= 0 function concat'0 (self : Seq'0.t_seq usize) (other : Seq'0.t_seq usize) : Seq'0.t_seq usize - axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span25] inv'3 self) - -> ([%#span26] inv'3 other) - -> ([%#span29] inv'3 (concat'0 self other)) - && ([%#span28] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span22] forall i : int . 0 <= i + /\ i < len'1 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'1 self then index_logic'1 self i else index_logic'1 other (i - len'1 self))) - && ([%#span27] len'1 (concat'0 self other) = len'1 self + len'1 other) + && ([%#span21] len'1 (concat'0 self other) = len'1 self + len'1 other) predicate inv'0 (_x : Range'0.t_range usize) use prelude.prelude.Int function deep_model'0 (self : usize) : int = - [%#span30] UIntSize.to_int self + [%#span23] UIntSize.to_int self use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type predicate produces'0 (self : Range'0.t_range usize) (visited : Seq'0.t_seq usize) (o : Range'0.t_range usize) = - [%#span31] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o + [%#span24] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start self) <= deep_model'0 (Core_Ops_Range_Range_Type.range_start o) /\ (len'1 visited > 0 @@ -488,109 +439,101 @@ module C100doors_F function produces_trans'0 (a : Range'0.t_range usize) (ab : Seq'0.t_seq usize) (b : Range'0.t_range usize) (bc : Seq'0.t_seq usize) (c : Range'0.t_range usize) : () - axiom produces_trans'0_spec : forall a : Range'0.t_range usize, ab : Seq'0.t_seq usize, b : Range'0.t_range usize, bc : Seq'0.t_seq usize, c : Range'0.t_range usize . ([%#span32] produces'0 a ab b) - -> ([%#span33] produces'0 b bc c) - -> ([%#span34] inv'0 a) - -> ([%#span35] inv'3 ab) - -> ([%#span36] inv'0 b) - -> ([%#span37] inv'3 bc) -> ([%#span38] inv'0 c) -> ([%#span39] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : Range'0.t_range usize, ab : Seq'0.t_seq usize, b : Range'0.t_range usize, bc : Seq'0.t_seq usize, c : Range'0.t_range usize . ([%#span25] produces'0 a ab b) + -> ([%#span26] produces'0 b bc c) + -> ([%#span27] inv'0 a) + -> ([%#span28] inv'0 b) -> ([%#span29] inv'0 c) -> ([%#span30] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq usize = [%#span22] () + constant empty'0 : Seq'0.t_seq usize function produces_refl'0 (self : Range'0.t_range usize) : () - axiom produces_refl'0_spec : forall self : Range'0.t_range usize . ([%#span40] inv'0 self) - -> ([%#span41] produces'0 self (empty'0 : Seq'0.t_seq usize) self) + axiom produces_refl'0_spec : forall self : Range'0.t_range usize . ([%#span31] inv'0 self) + -> ([%#span32] produces'0 self (empty'0 : Seq'0.t_seq usize) self) predicate invariant'0 (self : Range'0.t_range usize) = [%#span14] true axiom inv'0 : forall x : Range'0.t_range usize . inv'0 x = true - function empty_len'0 (_1 : ()) : () = - [%#span24] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span23] len'1 (empty'0 : Seq'0.t_seq usize) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span20] len'1 (empty'0 : Seq'0.t_seq usize) = 0 use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic predicate resolve'3 (self : bool) = - [%#span42] true - - use seq.Seq + [%#span33] true - function index_logic'2 (self : Seq'0.t_seq bool) (x : int) : bool + function index_logic'2 (self : Seq'0.t_seq bool) (_2 : int) : bool function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec bool (Global'0.t_global)) (ix : int) : bool = - [%#span43] index_logic'2 (shallow_model'0 self) ix + [%#span34] index_logic'2 (shallow_model'0 self) ix predicate resolve'2 (self : Vec'0.t_vec bool (Global'0.t_global)) = - [%#span44] forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 self) -> resolve'3 (index_logic'0 self i) + [%#span35] forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 self) -> resolve'3 (index_logic'0 self i) predicate resolve'1 (self : borrowed bool) = - [%#span45] ^ self = * self + [%#span36] ^ self = * self use prelude.prelude.Slice predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq'0.t_seq bool) (fin : Seq'0.t_seq bool) = - [%#span46] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'0 old' + [%#span37] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'0 old' -> index_logic'2 old' i = index_logic'2 fin i predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq bool) (out : bool) = - [%#span47] index_logic'2 seq (UIntSize.to_int self) = out + [%#span38] index_logic'2 seq (UIntSize.to_int self) = out predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq bool) = - [%#span48] UIntSize.to_int self < len'0 seq + [%#span39] UIntSize.to_int self < len'0 seq function shallow_model'2 (self : borrowed (Vec'0.t_vec bool (Global'0.t_global))) : Seq'0.t_seq bool = - [%#span49] shallow_model'0 ( * self) + [%#span40] shallow_model'0 ( * self) - let rec index_mut'0 (self:borrowed (Vec'0.t_vec bool (Global'0.t_global))) (index:usize) (return' (ret:borrowed bool))= {[@expl:precondition] [%#span52] inv'7 index} - {[@expl:precondition] [%#span51] inv'10 self} - {[@expl:precondition] [%#span50] in_bounds'0 index (shallow_model'2 self)} + let rec index_mut'0 (self:borrowed (Vec'0.t_vec bool (Global'0.t_global))) (index:usize) (return' (ret:borrowed bool))= {[@expl:precondition] [%#span43] inv'6 index} + {[@expl:precondition] [%#span42] inv'9 self} + {[@expl:precondition] [%#span41] in_bounds'0 index (shallow_model'2 self)} any - [ return' (result:borrowed bool)-> {[%#span57] inv'11 result} - {[%#span56] len'0 (shallow_model'0 ( ^ self)) = len'0 (shallow_model'2 self)} - {[%#span55] resolve_elswhere'0 index (shallow_model'2 self) (shallow_model'0 ( ^ self))} - {[%#span54] has_value'0 index (shallow_model'0 ( ^ self)) ( ^ result)} - {[%#span53] has_value'0 index (shallow_model'2 self) ( * result)} + [ return' (result:borrowed bool)-> {[%#span48] inv'10 result} + {[%#span47] len'0 (shallow_model'0 ( ^ self)) = len'0 (shallow_model'2 self)} + {[%#span46] resolve_elswhere'0 index (shallow_model'2 self) (shallow_model'0 ( ^ self))} + {[%#span45] has_value'0 index (shallow_model'0 ( ^ self)) ( ^ result)} + {[%#span44] has_value'0 index (shallow_model'2 self) ( * result)} (! return' {result}) ] function shallow_model'1 (self : Vec'0.t_vec bool (Global'0.t_global)) : Seq'0.t_seq bool = - [%#span58] shallow_model'0 self + [%#span49] shallow_model'0 self - let rec index'0 (self:Vec'0.t_vec bool (Global'0.t_global)) (index:usize) (return' (ret:bool))= {[@expl:precondition] [%#span61] inv'7 index} - {[@expl:precondition] [%#span60] inv'8 self} - {[@expl:precondition] [%#span59] in_bounds'0 index (shallow_model'1 self)} + let rec index'0 (self:Vec'0.t_vec bool (Global'0.t_global)) (index:usize) (return' (ret:bool))= {[@expl:precondition] [%#span52] inv'6 index} + {[@expl:precondition] [%#span51] inv'7 self} + {[@expl:precondition] [%#span50] in_bounds'0 index (shallow_model'1 self)} any - [ return' (result:bool)-> {[%#span63] inv'9 result} - {[%#span62] has_value'0 index (shallow_model'1 self) result} + [ return' (result:bool)-> {[%#span54] inv'8 result} + {[%#span53] has_value'0 index (shallow_model'1 self) result} (! return' {result}) ] - use seq.Seq - function singleton'0 (v : usize) : Seq'0.t_seq usize - axiom singleton'0_spec : forall v : usize . ([%#span64] inv'7 v) - -> ([%#span67] inv'3 (singleton'0 v)) - && ([%#span66] index_logic'1 (singleton'0 v) 0 = v) && ([%#span65] len'1 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : usize . ([%#span55] inv'6 v) + -> ([%#span57] index_logic'1 (singleton'0 v) 0 = v) && ([%#span56] len'1 (singleton'0 v) = 1) predicate resolve'0 (self : borrowed (Range'0.t_range usize)) = - [%#span45] ^ self = * self + [%#span36] ^ self = * self predicate completed'0 (self : borrowed (Range'0.t_range usize)) = - [%#span68] resolve'0 self + [%#span58] resolve'0 self /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start ( * self)) >= deep_model'0 (Core_Ops_Range_Range_Type.range_end ( * self)) - let rec next'0 (self:borrowed (Range'0.t_range usize)) (return' (ret:Option'0.t_option usize))= {[@expl:precondition] [%#span69] inv'5 self} + let rec next'0 (self:borrowed (Range'0.t_range usize)) (return' (ret:Option'0.t_option usize))= {[@expl:precondition] [%#span59] inv'4 self} any - [ return' (result:Option'0.t_option usize)-> {[%#span71] inv'6 result} - {[%#span70] match result with + [ return' (result:Option'0.t_option usize)-> {[%#span61] inv'5 result} + {[%#span60] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} @@ -607,31 +550,31 @@ module C100doors_F function new'1 (x : Seq'0.t_seq usize) : Snapshot'0.t_snapshot (Seq'0.t_seq usize) - axiom new'1_spec : forall x : Seq'0.t_seq usize . ([%#span72] inv'3 x) -> ([%#span73] deref'1 (new'1 x) = x) + axiom new'1_spec : forall x : Seq'0.t_seq usize . ([%#span62] inv'3 x) -> ([%#span63] deref'1 (new'1 x) = x) function new'0 (x : Range'0.t_range usize) : Snapshot'0.t_snapshot (Range'0.t_range usize) - axiom new'0_spec : forall x : Range'0.t_range usize . ([%#span72] inv'0 x) -> ([%#span73] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : Range'0.t_range usize . ([%#span62] inv'0 x) -> ([%#span63] deref'0 (new'0 x) = x) predicate into_iter_post'0 (self : Range'0.t_range usize) (res : Range'0.t_range usize) = - [%#span74] self = res + [%#span64] self = res predicate into_iter_pre'0 (self : Range'0.t_range usize) = - [%#span75] true + [%#span65] true - let rec into_iter'0 (self:Range'0.t_range usize) (return' (ret:Range'0.t_range usize))= {[@expl:precondition] [%#span77] inv'0 self} - {[@expl:precondition] [%#span76] into_iter_pre'0 self} + let rec into_iter'0 (self:Range'0.t_range usize) (return' (ret:Range'0.t_range usize))= {[@expl:precondition] [%#span67] inv'0 self} + {[@expl:precondition] [%#span66] into_iter_pre'0 self} any - [ return' (result:Range'0.t_range usize)-> {[%#span78] inv'0 result} - {[%#span76] into_iter_post'0 self result} + [ return' (result:Range'0.t_range usize)-> {[%#span68] inv'0 result} + {[%#span66] into_iter_post'0 self result} (! return' {result}) ] - let rec from_elem'0 (elem:bool) (n:usize) (return' (ret:Vec'0.t_vec bool (Global'0.t_global)))= {[@expl:precondition] [%#span79] inv'1 elem} + let rec from_elem'0 (elem:bool) (n:usize) (return' (ret:Vec'0.t_vec bool (Global'0.t_global)))= {[@expl:precondition] [%#span69] inv'1 elem} any - [ return' (result:Vec'0.t_vec bool (Global'0.t_global))-> {[%#span82] inv'2 result} - {[%#span81] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'0 result i = elem} - {[%#span80] len'0 (shallow_model'0 result) = UIntSize.to_int n} + [ return' (result:Vec'0.t_vec bool (Global'0.t_global))-> {[%#span72] inv'2 result} + {[%#span71] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'0 result i = elem} + {[%#span70] len'0 (shallow_model'0 result) = UIntSize.to_int n} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/bug/206.coma b/creusot/tests/should_succeed/bug/206.coma index baa8a3ead8..85a4177e79 100644 --- a/creusot/tests/should_succeed/bug/206.coma +++ b/creusot/tests/should_succeed/bug/206.coma @@ -125,47 +125,24 @@ module C206_A_Type end end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C206_U2_Impl let%span s2060 = "../206.rs" 8 10 8 22 let%span span1 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span4 = "" 0 0 0 0 - let%span span7 = "" 0 0 0 0 + let%span span5 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span8 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span6 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span9 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - - let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 - - let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span7 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 use prelude.prelude.UIntSize @@ -180,20 +157,15 @@ module C206_U2_Impl use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq usize) : int - axiom len'0_spec : forall self : Seq'0.t_seq usize . ([%#span2] inv'1 self) -> ([%#span3] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq usize . [%#span2] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq usize = [%#span4] () + constant empty'0 : Seq'0.t_seq usize - function empty_len'0 (_1 : ()) : () = - [%#span6] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span5] len'0 (empty'0 : Seq'0.t_seq usize) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span3] len'0 (empty'0 : Seq'0.t_seq usize) = 0 use Alloc_Alloc_Global_Type as Global'0 @@ -201,18 +173,17 @@ module C206_U2_Impl use prelude.prelude.UIntSize - constant max'0 : usize = [%#span7] (18446744073709551615 : usize) + constant max'0 : usize = [%#span4] (18446744073709551615 : usize) predicate inv'0 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span8] inv'0 self) - -> ([%#span10] inv'1 (shallow_model'0 self)) - && ([%#span9] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span5] inv'0 self) + -> ([%#span6] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'0 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span11] inv'1 (shallow_model'0 self) + [%#span7] inv'1 (shallow_model'0 self) axiom inv'0 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'0 x = true @@ -231,31 +202,23 @@ module C206_Ex let%span span1 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span4 = "" 0 0 0 0 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span5 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span7 = "" 0 0 0 0 + let%span span6 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span8 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span7 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span9 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span8 = "../206.rs" 8 10 8 22 - let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span9 = "../206.rs" 7 0 7 8 - let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - - let%span span12 = "../206.rs" 8 10 8 22 - - let%span span13 = "../206.rs" 7 0 7 8 - - let%span span14 = "../206.rs" 15 8 15 13 + let%span span10 = "../206.rs" 15 8 15 13 use prelude.prelude.UIntSize @@ -270,20 +233,15 @@ module C206_Ex use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq usize) : int - axiom len'0_spec : forall self : Seq'0.t_seq usize . ([%#span2] inv'1 self) -> ([%#span3] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq usize . [%#span2] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq usize = [%#span4] () + constant empty'0 : Seq'0.t_seq usize - function empty_len'0 (_1 : ()) : () = - [%#span6] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span5] len'0 (empty'0 : Seq'0.t_seq usize) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span3] len'0 (empty'0 : Seq'0.t_seq usize) = 0 use Alloc_Alloc_Global_Type as Global'0 @@ -291,18 +249,17 @@ module C206_Ex use prelude.prelude.UIntSize - constant max'0 : usize = [%#span7] (18446744073709551615 : usize) + constant max'0 : usize = [%#span4] (18446744073709551615 : usize) predicate inv'0 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span8] inv'0 self) - -> ([%#span10] inv'1 (shallow_model'0 self)) - && ([%#span9] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span5] inv'0 self) + -> ([%#span6] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'0 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span11] inv'1 (shallow_model'0 self) + [%#span7] inv'1 (shallow_model'0 self) axiom inv'0 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'0 x = true @@ -313,13 +270,13 @@ module C206_Ex use C206_A_Type as C206_A_Type function u2'0 [#"../206.rs" 9 0 9 11] (a : A'0.t_a) : () = - [%#span13] () + [%#span9] () - axiom u2'0_spec : forall a : A'0.t_a . [%#span12] shallow_model'0 (C206_A_Type.a_0 a) + axiom u2'0_spec : forall a : A'0.t_a . [%#span8] shallow_model'0 (C206_A_Type.a_0 a) = shallow_model'0 (C206_A_Type.a_0 a) function u'0 [#"../206.rs" 13 0 13 14] (a : A'0.t_a) : () = - [%#span14] u2'0 a + [%#span10] u2'0 a use prelude.prelude.Intrinsic diff --git a/creusot/tests/should_succeed/bug/217.coma b/creusot/tests/should_succeed/bug/217.coma index b4e372bd24..d899bb0934 100644 --- a/creusot/tests/should_succeed/bug/217.coma +++ b/creusot/tests/should_succeed/bug/217.coma @@ -1,95 +1,50 @@ module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C217_Ex_Impl let%span s2170 = "../217.rs" 10 10 10 17 - let%span sseq21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span sseq22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span3 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 + let%span sseq21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 66 8 66 39 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 62 8 62 39 use prelude.prelude.Int - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'0 (self : Seq'0.t_seq int) = - [%#span3] true - - predicate inv'0 (_x : Seq'0.t_seq int) - - axiom inv'0 : forall x : Seq'0.t_seq int . inv'0 x = true - use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'0 (self : Seq'0.t_seq int) : int - axiom len'0_spec : forall self : Seq'0.t_seq int . ([%#sseq21] inv'0 self) -> ([%#sseq22] len'0 self >= 0) - - constant empty'0 : Seq'0.t_seq int = [%#span4] () - - function empty_len'0 (_1 : ()) : () = - [%#span6] () + axiom len'0_spec : forall self : Seq'0.t_seq int . [%#sseq21] len'0 self >= 0 - axiom empty_len'0_spec : forall _1 : () . [%#span5] len'0 (empty'0 : Seq'0.t_seq int) = 0 + constant empty'0 : Seq'0.t_seq int - use prelude.seq_ext.SeqExt + function empty_len'0 (_1 : ()) : () - use seq.Seq + axiom empty_len'0_spec : forall _1 : () . [%#span2] len'0 (empty'0 : Seq'0.t_seq int) = 0 - function index_logic'0 (self : Seq'0.t_seq int) (x : int) : int + function index_logic'0 (self : Seq'0.t_seq int) (_2 : int) : int function subsequence'0 (self : Seq'0.t_seq int) (n : int) (m : int) : Seq'0.t_seq int - axiom subsequence'0_spec : forall self : Seq'0.t_seq int, n : int, m : int . ([%#span7] 0 <= n + axiom subsequence'0_spec : forall self : Seq'0.t_seq int, n : int, m : int . ([%#span3] 0 <= n /\ n <= m /\ m <= len'0 self) - -> ([%#span8] inv'0 self) - -> ([%#span11] inv'0 (subsequence'0 self n m)) - && ([%#span10] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) + -> ([%#span5] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) -> index_logic'0 (subsequence'0 self n m) i = index_logic'0 self (n + i)) - && ([%#span9] len'0 (subsequence'0 self n m) = m - n) + && ([%#span4] len'0 (subsequence'0 self n m) = m - n) function tail'0 [@inline:trivial] (self : Seq'0.t_seq int) : Seq'0.t_seq int = - [%#span12] subsequence'0 self 1 (len'0 self) + [%#span6] subsequence'0 self 1 (len'0 self) constant c : Seq'0.t_seq int @@ -97,10 +52,9 @@ module C217_Ex_Impl function ex [#"../217.rs" 11 0 11 37] (c : Seq'0.t_seq int) (a : int) : int - goal vc_ex : ([%#sseq21] inv'0 c) - /\ (([%#sseq22] len'0 c >= 0) + goal vc_ex : ([%#sseq21] len'0 c >= 0) -> match len'0 c = 0 with | True -> true | False -> 0 <= ([%#s2170] len'0 c) /\ ([%#s2170] len'0 (tail'0 c)) < ([%#s2170] len'0 c) - end) + end end diff --git a/creusot/tests/should_succeed/bug/874.coma b/creusot/tests/should_succeed/bug/874.coma index 42b64b4655..813040c85f 100644 --- a/creusot/tests/should_succeed/bug/874.coma +++ b/creusot/tests/should_succeed/bug/874.coma @@ -101,22 +101,7 @@ module Alloc_Alloc_Global_Type end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module Core_Mem_ManuallyDrop_ManuallyDrop_Type type t_manuallydrop 't = @@ -194,200 +179,164 @@ module C874_CanExtend let%span span13 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span17 = "../../../../../creusot-contracts/src/std/vec.rs" 254 12 254 41 - let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span18 = "../../../../../creusot-contracts/src/std/vec.rs" 265 15 265 32 - let%span span21 = "../../../../../creusot-contracts/src/std/vec.rs" 254 12 254 41 + let%span span19 = "../../../../../creusot-contracts/src/std/vec.rs" 266 15 266 32 - let%span span22 = "../../../../../creusot-contracts/src/std/vec.rs" 265 15 265 32 + let%span span20 = "../../../../../creusot-contracts/src/std/vec.rs" 268 22 268 23 - let%span span23 = "../../../../../creusot-contracts/src/std/vec.rs" 266 15 266 32 + let%span span21 = "../../../../../creusot-contracts/src/std/vec.rs" 268 43 268 44 - let%span span24 = "../../../../../creusot-contracts/src/std/vec.rs" 268 22 268 23 + let%span span22 = "../../../../../creusot-contracts/src/std/vec.rs" 268 64 268 65 - let%span span25 = "../../../../../creusot-contracts/src/std/vec.rs" 268 31 268 33 + let%span span23 = "../../../../../creusot-contracts/src/std/vec.rs" 267 14 267 42 - let%span span26 = "../../../../../creusot-contracts/src/std/vec.rs" 268 43 268 44 + let%span span24 = "../../../../../creusot-contracts/src/std/vec.rs" 263 4 263 10 - let%span span27 = "../../../../../creusot-contracts/src/std/vec.rs" 268 52 268 54 + let%span span25 = "../../../../../creusot-contracts/src/std/vec.rs" 261 21 261 25 - let%span span28 = "../../../../../creusot-contracts/src/std/vec.rs" 268 64 268 65 + let%span span26 = "../../../../../creusot-contracts/src/std/vec.rs" 260 14 260 45 - let%span span29 = "../../../../../creusot-contracts/src/std/vec.rs" 267 14 267 42 + let%span span27 = "../../../../../creusot-contracts/src/std/vec.rs" 258 4 258 10 - let%span span30 = "../../../../../creusot-contracts/src/std/vec.rs" 263 4 263 10 + let%span span28 = "" 0 0 0 0 - let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span29 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span32 = "../../../../../creusot-contracts/src/std/vec.rs" 261 21 261 25 + let%span span30 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span33 = "../../../../../creusot-contracts/src/std/vec.rs" 260 14 260 45 + let%span span31 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span34 = "../../../../../creusot-contracts/src/std/vec.rs" 258 4 258 10 + let%span span32 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span35 = "" 0 0 0 0 + let%span span33 = "../../../../../creusot-contracts/src/logic/seq2.rs" 87 4 87 38 - let%span span36 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span34 = "../../../../../creusot-contracts/src/logic/seq2.rs" 88 4 89 81 - let%span span37 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span35 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 - let%span span38 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span36 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span39 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span37 = "../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 - let%span span40 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span38 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span41 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span39 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span42 = "../../../../../creusot-contracts/src/logic/seq2.rs" 91 18 91 22 + let%span span40 = "../../../../../creusot-contracts/src/std/vec.rs" 247 20 247 57 - let%span span43 = "../../../../../creusot-contracts/src/logic/seq2.rs" 91 24 91 27 + let%span span41 = "../../../../../creusot-contracts/src/std/vec.rs" 191 20 191 33 - let%span span44 = "../../../../../creusot-contracts/src/logic/seq2.rs" 88 4 88 38 + let%span span42 = "../../../../../creusot-contracts/src/std/vec.rs" 185 20 185 24 - let%span span45 = "../../../../../creusot-contracts/src/logic/seq2.rs" 89 4 90 81 + let%span span43 = "../../../../../creusot-contracts/src/std/vec.rs" 134 27 134 47 - let%span span46 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 + let%span span44 = "" 0 0 0 0 - let%span span47 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span45 = "" 0 0 0 0 - let%span span48 = "../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 + let%span span46 = "../../../../../creusot-contracts/src/std/vec.rs" 135 16 138 18 - let%span span49 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span47 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span50 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span48 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span51 = "../../../../../creusot-contracts/src/std/vec.rs" 247 20 247 57 + let%span span49 = "../../../../../creusot-contracts/src/std/boxed.rs" 20 8 20 31 - let%span span52 = "../../../../../creusot-contracts/src/std/vec.rs" 191 20 191 33 + let%span span50 = "" 0 0 0 0 - let%span span53 = "../../../../../creusot-contracts/src/std/vec.rs" 185 20 185 24 + let%span span51 = "../../../../../creusot-contracts/src/std/slice.rs" 310 18 310 35 - let%span span54 = "../../../../../creusot-contracts/src/std/vec.rs" 134 27 134 47 + let%span span52 = "" 0 0 0 0 - let%span span55 = "" 0 0 0 0 - - let%span span56 = "" 0 0 0 0 - - let%span span57 = "../../../../../creusot-contracts/src/std/vec.rs" 135 16 138 18 - - let%span span58 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - - let%span span59 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - - let%span span60 = "../../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 - - let%span span61 = "../../../../../creusot-contracts/src/std/boxed.rs" 20 8 20 31 + use prelude.prelude.Int32 - let%span span62 = "" 0 0 0 0 + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - let%span span63 = "../../../../../creusot-contracts/src/std/slice.rs" 310 18 310 35 + predicate invariant'6 (self : Seq'0.t_seq int32) = + [%#span13] true - let%span span64 = "" 0 0 0 0 + predicate inv'6 (_x : Seq'0.t_seq int32) - use prelude.prelude.Int32 + axiom inv'6 : forall x : Seq'0.t_seq int32 . inv'6 x = true use prelude.prelude.Slice - predicate invariant'6 (self : slice int32) = + predicate invariant'5 (self : slice int32) = [%#span13] true - predicate inv'6 (_x : slice int32) + predicate inv'5 (_x : slice int32) - axiom inv'6 : forall x : slice int32 . inv'6 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + axiom inv'5 : forall x : slice int32 . inv'5 x = true use Alloc_Alloc_Global_Type as Global'0 use Alloc_Vec_IntoIter_IntoIter_Type as IntoIter'0 - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - use seq.Seq - use prelude.prelude.Int - function index_logic'1 (self : Seq'0.t_seq int32) (x : int) : int32 - - use seq.Seq - - predicate inv'3 (_x : Seq'0.t_seq int32) + function index_logic'1 (self : Seq'0.t_seq int32) (_2 : int) : int32 function len'0 (self : Seq'0.t_seq int32) : int - axiom len'0_spec : forall self : Seq'0.t_seq int32 . ([%#span14] inv'3 self) -> ([%#span15] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq int32 . [%#span14] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq int32) (other : Seq'0.t_seq int32) : Seq'0.t_seq int32 - axiom concat'0_spec : forall self : Seq'0.t_seq int32, other : Seq'0.t_seq int32 . ([%#span16] inv'3 self) - -> ([%#span17] inv'3 other) - -> ([%#span20] inv'3 (concat'0 self other)) - && ([%#span19] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq int32, other : Seq'0.t_seq int32 . ([%#span16] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'0 self then index_logic'1 self i else index_logic'1 other (i - len'0 self))) - && ([%#span18] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span15] len'0 (concat'0 self other) = len'0 self + len'0 other) - predicate inv'5 (_x : IntoIter'0.t_intoiter int32 (Global'0.t_global)) + predicate inv'4 (_x : IntoIter'0.t_intoiter int32 (Global'0.t_global)) function shallow_model'4 (self : IntoIter'0.t_intoiter int32 (Global'0.t_global)) : Seq'0.t_seq int32 predicate produces'0 (self : IntoIter'0.t_intoiter int32 (Global'0.t_global)) (visited : Seq'0.t_seq int32) (rhs : IntoIter'0.t_intoiter int32 (Global'0.t_global)) = - [%#span21] shallow_model'4 self = concat'0 visited (shallow_model'4 rhs) + [%#span17] shallow_model'4 self = concat'0 visited (shallow_model'4 rhs) function produces_trans'0 (a : IntoIter'0.t_intoiter int32 (Global'0.t_global)) (ab : Seq'0.t_seq int32) (b : IntoIter'0.t_intoiter int32 (Global'0.t_global)) (bc : Seq'0.t_seq int32) (c : IntoIter'0.t_intoiter int32 (Global'0.t_global)) : () = - [%#span30] () + [%#span24] () - axiom produces_trans'0_spec : forall a : IntoIter'0.t_intoiter int32 (Global'0.t_global), ab : Seq'0.t_seq int32, b : IntoIter'0.t_intoiter int32 (Global'0.t_global), bc : Seq'0.t_seq int32, c : IntoIter'0.t_intoiter int32 (Global'0.t_global) . ([%#span22] produces'0 a ab b) - -> ([%#span23] produces'0 b bc c) - -> ([%#span24] inv'5 a) - -> ([%#span25] inv'3 ab) - -> ([%#span26] inv'5 b) - -> ([%#span27] inv'3 bc) -> ([%#span28] inv'5 c) -> ([%#span29] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : IntoIter'0.t_intoiter int32 (Global'0.t_global), ab : Seq'0.t_seq int32, b : IntoIter'0.t_intoiter int32 (Global'0.t_global), bc : Seq'0.t_seq int32, c : IntoIter'0.t_intoiter int32 (Global'0.t_global) . ([%#span18] produces'0 a ab b) + -> ([%#span19] produces'0 b bc c) + -> ([%#span20] inv'4 a) + -> ([%#span21] inv'4 b) -> ([%#span22] inv'4 c) -> ([%#span23] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq int32 = [%#span31] () + constant empty'0 : Seq'0.t_seq int32 function produces_refl'0 (self : IntoIter'0.t_intoiter int32 (Global'0.t_global)) : () = - [%#span34] () + [%#span27] () - axiom produces_refl'0_spec : forall self : IntoIter'0.t_intoiter int32 (Global'0.t_global) . ([%#span32] inv'5 self) - -> ([%#span33] produces'0 self (empty'0 : Seq'0.t_seq int32) self) + axiom produces_refl'0_spec : forall self : IntoIter'0.t_intoiter int32 (Global'0.t_global) . ([%#span25] inv'4 self) + -> ([%#span26] produces'0 self (empty'0 : Seq'0.t_seq int32) self) - predicate invariant'5 (self : IntoIter'0.t_intoiter int32 (Global'0.t_global)) = + predicate invariant'4 (self : IntoIter'0.t_intoiter int32 (Global'0.t_global)) = [%#span13] true - axiom inv'5 : forall x : IntoIter'0.t_intoiter int32 (Global'0.t_global) . inv'5 x = true + axiom inv'4 : forall x : IntoIter'0.t_intoiter int32 (Global'0.t_global) . inv'4 x = true use prelude.prelude.Borrow - predicate invariant'4 (self : borrowed (IntoIter'0.t_intoiter int32 (Global'0.t_global))) = + predicate invariant'3 (self : borrowed (IntoIter'0.t_intoiter int32 (Global'0.t_global))) = [%#span13] true - predicate inv'4 (_x : borrowed (IntoIter'0.t_intoiter int32 (Global'0.t_global))) + predicate inv'3 (_x : borrowed (IntoIter'0.t_intoiter int32 (Global'0.t_global))) - axiom inv'4 : forall x : borrowed (IntoIter'0.t_intoiter int32 (Global'0.t_global)) . inv'4 x = true - - predicate invariant'3 (self : Seq'0.t_seq int32) = - [%#span13] true - - axiom inv'3 : forall x : Seq'0.t_seq int32 . inv'3 x = true + axiom inv'3 : forall x : borrowed (IntoIter'0.t_intoiter int32 (Global'0.t_global)) . inv'3 x = true use Alloc_Vec_Vec_Type as Vec'0 @@ -402,18 +351,17 @@ module C874_CanExtend use prelude.prelude.UIntSize - constant max'0 : usize = [%#span35] (18446744073709551615 : usize) + constant max'0 : usize = [%#span28] (18446744073709551615 : usize) predicate inv'1 (_x : Vec'0.t_vec int32 (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec int32 (Global'0.t_global)) : Seq'0.t_seq int32 - axiom shallow_model'0_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span36] inv'1 self) - -> ([%#span38] inv'3 (shallow_model'0 self)) - && ([%#span37] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span29] inv'1 self) + -> ([%#span30] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'1 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span39] inv'3 (shallow_model'0 self) + [%#span31] inv'6 (shallow_model'0 self) axiom inv'1 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'1 x = true @@ -424,59 +372,53 @@ module C874_CanExtend axiom inv'0 : forall x : slice int32 . inv'0 x = true - function empty_len'0 (_1 : ()) : () = - [%#span41] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span40] len'0 (empty'0 : Seq'0.t_seq int32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span32] len'0 (empty'0 : Seq'0.t_seq int32) = 0 use prelude.prelude.Intrinsic - use seq.Seq - predicate ext_eq'0 (self : Seq'0.t_seq int32) (oth : Seq'0.t_seq int32) - axiom ext_eq'0_spec : forall self : Seq'0.t_seq int32, oth : Seq'0.t_seq int32 . ([%#span42] inv'3 self) - -> ([%#span43] inv'3 oth) - -> ([%#span45] len'0 self = len'0 oth + axiom ext_eq'0_spec : forall self : Seq'0.t_seq int32, oth : Seq'0.t_seq int32 . ([%#span34] len'0 self = len'0 oth /\ (forall i : int . 0 <= i /\ i < len'0 self -> index_logic'1 self i = index_logic'1 oth i) -> ext_eq'0 self oth) - && ([%#span44] ext_eq'0 self oth -> self = oth) + && ([%#span33] ext_eq'0 self oth -> self = oth) predicate resolve'1 (self : int32) = - [%#span46] true + [%#span35] true function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec int32 (Global'0.t_global)) (ix : int) : int32 = - [%#span47] index_logic'1 (shallow_model'0 self) ix + [%#span36] index_logic'1 (shallow_model'0 self) ix predicate resolve'0 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span48] forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 self) -> resolve'1 (index_logic'0 self i) + [%#span37] forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 self) -> resolve'1 (index_logic'0 self i) function shallow_model'2 (self : borrowed (Vec'0.t_vec int32 (Global'0.t_global))) : Seq'0.t_seq int32 = - [%#span49] shallow_model'0 ( * self) + [%#span38] shallow_model'0 ( * self) function shallow_model'5 (self : borrowed (IntoIter'0.t_intoiter int32 (Global'0.t_global))) : Seq'0.t_seq int32 = - [%#span49] shallow_model'4 ( * self) + [%#span38] shallow_model'4 ( * self) predicate resolve'2 (self : borrowed (IntoIter'0.t_intoiter int32 (Global'0.t_global))) = - [%#span50] ^ self = * self + [%#span39] ^ self = * self predicate completed'0 (self : borrowed (IntoIter'0.t_intoiter int32 (Global'0.t_global))) = - [%#span51] resolve'2 self /\ shallow_model'5 self = (empty'0 : Seq'0.t_seq int32) + [%#span40] resolve'2 self /\ shallow_model'5 self = (empty'0 : Seq'0.t_seq int32) predicate into_iter_post'0 (self : Vec'0.t_vec int32 (Global'0.t_global)) (res : IntoIter'0.t_intoiter int32 (Global'0.t_global)) = - [%#span52] shallow_model'0 self = shallow_model'4 res + [%#span41] shallow_model'0 self = shallow_model'4 res predicate into_iter_pre'0 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span53] true + [%#span42] true - let rec extend'0 (self:borrowed (Vec'0.t_vec int32 (Global'0.t_global))) (iter:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:()))= {[@expl:precondition] [%#span56] inv'1 iter} - {[@expl:precondition] [%#span55] inv'2 self} - {[@expl:precondition] [%#span54] into_iter_pre'0 iter} + let rec extend'0 (self:borrowed (Vec'0.t_vec int32 (Global'0.t_global))) (iter:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:()))= {[@expl:precondition] [%#span45] inv'1 iter} + {[@expl:precondition] [%#span44] inv'2 self} + {[@expl:precondition] [%#span43] into_iter_pre'0 iter} any - [ return' (result:())-> {[%#span57] exists prod : Seq'0.t_seq int32 . exists done' : borrowed (IntoIter'0.t_intoiter int32 (Global'0.t_global)) . exists start_ : IntoIter'0.t_intoiter int32 (Global'0.t_global) . inv'3 prod - /\ inv'4 done' - /\ inv'5 start_ + [ return' (result:())-> {[%#span46] exists prod : Seq'0.t_seq int32 . exists done' : borrowed (IntoIter'0.t_intoiter int32 (Global'0.t_global)) . exists start_ : IntoIter'0.t_intoiter int32 (Global'0.t_global) . inv'3 done' + /\ inv'4 start_ /\ into_iter_post'0 iter start_ /\ completed'0 done' /\ produces'0 start_ prod ( * done') /\ shallow_model'0 ( ^ self) = concat'0 (shallow_model'2 self) prod} @@ -485,17 +427,16 @@ module C874_CanExtend function shallow_model'3 (self : slice int32) : Seq'0.t_seq int32 - axiom shallow_model'3_spec : forall self : slice int32 . ([%#span58] inv'6 self) - -> ([%#span60] inv'3 (shallow_model'3 self)) - && ([%#span59] len'0 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'3_spec : forall self : slice int32 . ([%#span47] inv'5 self) + -> ([%#span48] len'0 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) function shallow_model'1 (self : slice int32) : Seq'0.t_seq int32 = - [%#span61] shallow_model'3 self + [%#span49] shallow_model'3 self - let rec into_vec'0 (self:slice int32) (return' (ret:Vec'0.t_vec int32 (Global'0.t_global)))= {[@expl:precondition] [%#span62] inv'0 self} + let rec into_vec'0 (self:slice int32) (return' (ret:Vec'0.t_vec int32 (Global'0.t_global)))= {[@expl:precondition] [%#span50] inv'0 self} any - [ return' (result:Vec'0.t_vec int32 (Global'0.t_global))-> {[%#span64] inv'1 result} - {[%#span63] shallow_model'0 result = shallow_model'1 self} + [ return' (result:Vec'0.t_vec int32 (Global'0.t_global))-> {[%#span52] inv'1 result} + {[%#span51] shallow_model'0 result = shallow_model'1 self} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/bug/991.coma b/creusot/tests/should_succeed/bug/991.coma index dd0525faea..0e6752a4b9 100644 --- a/creusot/tests/should_succeed/bug/991.coma +++ b/creusot/tests/should_succeed/bug/991.coma @@ -130,51 +130,28 @@ module C991_Formula_Type end end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C991_Impl1_LoveAndHope let%span s9910 = "../991.rs" 21 14 21 28 let%span span1 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span7 = "" 0 0 0 0 + let%span span4 = "" 0 0 0 0 - let%span span8 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span5 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span9 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span6 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span7 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span8 = "../991.rs" 16 8 16 42 - let%span span12 = "../991.rs" 16 8 16 42 - - let%span span13 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span9 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 use prelude.prelude.UIntSize @@ -189,20 +166,15 @@ module C991_Impl1_LoveAndHope use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq usize) : int - axiom len'0_spec : forall self : Seq'0.t_seq usize . ([%#span2] inv'1 self) -> ([%#span3] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq usize . [%#span2] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq usize = [%#span4] () + constant empty'0 : Seq'0.t_seq usize - function empty_len'0 (_1 : ()) : () = - [%#span6] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span5] len'0 (empty'0 : Seq'0.t_seq usize) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span3] len'0 (empty'0 : Seq'0.t_seq usize) = 0 use Alloc_Alloc_Global_Type as Global'0 @@ -210,18 +182,17 @@ module C991_Impl1_LoveAndHope use prelude.prelude.UIntSize - constant max'0 : usize = [%#span7] (18446744073709551615 : usize) + constant max'0 : usize = [%#span4] (18446744073709551615 : usize) predicate inv'0 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'2 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'2_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span8] inv'0 self) - -> ([%#span10] inv'1 (shallow_model'2 self)) - && ([%#span9] len'0 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'2_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span5] inv'0 self) + -> ([%#span6] len'0 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'0 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span11] inv'1 (shallow_model'2 self) + [%#span7] inv'1 (shallow_model'2 self) axiom inv'0 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'0 x = true @@ -232,10 +203,10 @@ module C991_Impl1_LoveAndHope use C991_Formula_Type as C991_Formula_Type function shallow_model'1 [#"../991.rs" 15 4 15 50] (self : Formula'0.t_formula) : (Seq'0.t_seq usize, bool) = - [%#span12] (shallow_model'2 (C991_Formula_Type.formula_vec self), C991_Formula_Type.formula_b self) + [%#span8] (shallow_model'2 (C991_Formula_Type.formula_vec self), C991_Formula_Type.formula_b self) function shallow_model'0 (self : Formula'0.t_formula) : (Seq'0.t_seq usize, bool) = - [%#span13] shallow_model'1 self + [%#span9] shallow_model'1 self use prelude.prelude.Intrinsic diff --git a/creusot/tests/should_succeed/bug/two_phase.coma b/creusot/tests/should_succeed/bug/two_phase.coma index 15adbdd857..061b1aa928 100644 --- a/creusot/tests/should_succeed/bug/two_phase.coma +++ b/creusot/tests/should_succeed/bug/two_phase.coma @@ -101,91 +101,65 @@ module Alloc_Alloc_Global_Type end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module TwoPhase_Test let%span stwo_phase0 = "../two_phase.rs" 5 10 5 37 - let%span span1 = "" 0 0 0 0 + let%span span1 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span2 = "" 0 0 0 0 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 let%span span4 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 let%span span5 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span6 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 - - let%span span7 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - - let%span span8 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span12 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span6 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span13 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span14 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span8 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span9 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span10 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span17 = "" 0 0 0 0 - let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span18 = "" 0 0 0 0 - let%span span25 = "" 0 0 0 0 + let%span span19 = "../../../../../creusot-contracts/src/std/vec.rs" 82 26 82 51 - let%span span26 = "" 0 0 0 0 + let%span span20 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span27 = "../../../../../creusot-contracts/src/std/vec.rs" 82 26 82 51 + let%span span21 = "" 0 0 0 0 - let%span span28 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - - let%span span29 = "" 0 0 0 0 - - let%span span30 = "../../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 + let%span span22 = "../../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 use prelude.prelude.UIntSize use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'3 (_x : Seq'0.t_seq usize) + predicate invariant'4 (self : Seq'0.t_seq usize) = + [%#span1] true + + predicate inv'4 (_x : Seq'0.t_seq usize) + + axiom inv'4 : forall x : Seq'0.t_seq usize . inv'4 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -195,36 +169,26 @@ module TwoPhase_Test use prelude.prelude.Int - constant max'0 : usize = [%#span1] (18446744073709551615 : usize) - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + constant max'0 : usize = [%#span2] (18446744073709551615 : usize) function len'1 (self : Seq'0.t_seq usize) : int - axiom len'1_spec : forall self : Seq'0.t_seq usize . ([%#span2] inv'3 self) -> ([%#span3] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq usize . [%#span3] len'1 self >= 0 - predicate inv'4 (_x : Vec'0.t_vec usize (Global'0.t_global)) + predicate inv'3 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'2 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'2_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span4] inv'4 self) - -> ([%#span6] inv'3 (shallow_model'2 self)) - && ([%#span5] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'2_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span4] inv'3 self) + -> ([%#span5] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) - predicate invariant'4 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span7] inv'3 (shallow_model'2 self) + predicate invariant'3 (self : Vec'0.t_vec usize (Global'0.t_global)) = + [%#span6] inv'4 (shallow_model'2 self) - axiom inv'4 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'4 x = true - - predicate invariant'3 (self : Seq'0.t_seq usize) = - [%#span8] true - - axiom inv'3 : forall x : Seq'0.t_seq usize . inv'3 x = true + axiom inv'3 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'3 x = true predicate invariant'2 (self : usize) = - [%#span8] true + [%#span1] true predicate inv'2 (_x : usize) @@ -233,77 +197,67 @@ module TwoPhase_Test use prelude.prelude.Borrow predicate invariant'1 (self : borrowed (Vec'0.t_vec usize (Global'0.t_global))) = - [%#span8] true + [%#span1] true predicate inv'1 (_x : borrowed (Vec'0.t_vec usize (Global'0.t_global))) axiom inv'1 : forall x : borrowed (Vec'0.t_vec usize (Global'0.t_global)) . inv'1 x = true predicate invariant'0 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span8] true + [%#span1] true predicate inv'0 (_x : Vec'0.t_vec usize (Global'0.t_global)) axiom inv'0 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'0 x = true - constant empty'0 : Seq'0.t_seq usize = [%#span9] () - - function empty_len'0 (_1 : ()) : () = - [%#span11] () + constant empty'0 : Seq'0.t_seq usize - axiom empty_len'0_spec : forall _1 : () . [%#span10] len'1 (empty'0 : Seq'0.t_seq usize) = 0 + function empty_len'0 (_1 : ()) : () - use seq.Seq + axiom empty_len'0_spec : forall _1 : () . [%#span7] len'1 (empty'0 : Seq'0.t_seq usize) = 0 - function index_logic'1 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'1 (self : Seq'0.t_seq usize) (_2 : int) : usize function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec usize (Global'0.t_global)) (ix : int) : usize = - [%#span12] index_logic'1 (shallow_model'2 self) ix + [%#span8] index_logic'1 (shallow_model'2 self) ix function shallow_model'0 (self : borrowed (Vec'0.t_vec usize (Global'0.t_global))) : Seq'0.t_seq usize = - [%#span13] shallow_model'2 ( * self) + [%#span9] shallow_model'2 ( * self) use prelude.prelude.Intrinsic predicate resolve'0 (self : borrowed (Vec'0.t_vec usize (Global'0.t_global))) = - [%#span14] ^ self = * self - - use seq.Seq + [%#span10] ^ self = * self function concat'0 (self : Seq'0.t_seq usize) (other : Seq'0.t_seq usize) : Seq'0.t_seq usize - axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span15] inv'3 self) - -> ([%#span16] inv'3 other) - -> ([%#span19] inv'3 (concat'0 self other)) - && ([%#span18] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span12] forall i : int . 0 <= i + /\ i < len'1 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'1 self then index_logic'1 self i else index_logic'1 other (i - len'1 self))) - && ([%#span17] len'1 (concat'0 self other) = len'1 self + len'1 other) - - use seq.Seq + && ([%#span11] len'1 (concat'0 self other) = len'1 self + len'1 other) function singleton'0 (v : usize) : Seq'0.t_seq usize - axiom singleton'0_spec : forall v : usize . ([%#span20] inv'2 v) - -> ([%#span23] inv'3 (singleton'0 v)) - && ([%#span22] index_logic'1 (singleton'0 v) 0 = v) && ([%#span21] len'1 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : usize . ([%#span13] inv'2 v) + -> ([%#span15] index_logic'1 (singleton'0 v) 0 = v) && ([%#span14] len'1 (singleton'0 v) = 1) function push'1 [@inline:trivial] (self : Seq'0.t_seq usize) (v : usize) : Seq'0.t_seq usize = - [%#span24] concat'0 self (singleton'0 v) + [%#span16] concat'0 self (singleton'0 v) - let rec push'0 (self:borrowed (Vec'0.t_vec usize (Global'0.t_global))) (value:usize) (return' (ret:()))= {[@expl:precondition] [%#span26] inv'2 value} - {[@expl:precondition] [%#span25] inv'1 self} + let rec push'0 (self:borrowed (Vec'0.t_vec usize (Global'0.t_global))) (value:usize) (return' (ret:()))= {[@expl:precondition] [%#span18] inv'2 value} + {[@expl:precondition] [%#span17] inv'1 self} any - [ return' (result:())-> {[%#span27] shallow_model'2 ( ^ self) = push'1 (shallow_model'0 self) value} + [ return' (result:())-> {[%#span19] shallow_model'2 ( ^ self) = push'1 (shallow_model'0 self) value} (! return' {result}) ] function shallow_model'1 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize = - [%#span28] shallow_model'2 self + [%#span20] shallow_model'2 self - let rec len'0 (self:Vec'0.t_vec usize (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span29] inv'0 self} + let rec len'0 (self:Vec'0.t_vec usize (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span21] inv'0 self} any - [ return' (result:usize)-> {[%#span30] UIntSize.to_int result = len'1 (shallow_model'1 self)} (! return' {result}) ] + [ return' (result:usize)-> {[%#span22] UIntSize.to_int result = len'1 (shallow_model'1 self)} (! return' {result}) ] let rec test (v:borrowed (Vec'0.t_vec usize (Global'0.t_global))) (return' (ret:()))= (! bb0 diff --git a/creusot/tests/should_succeed/cell/02.coma b/creusot/tests/should_succeed/cell/02.coma index dfd630fbb7..7548b38363 100644 --- a/creusot/tests/should_succeed/cell/02.coma +++ b/creusot/tests/should_succeed/cell/02.coma @@ -233,22 +233,7 @@ module Alloc_Alloc_Global_Type end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module CreusotContracts_Snapshot_Snapshot_Type type t_snapshot 't @@ -282,81 +267,73 @@ module C02_FibMemo let%span s0213 = "../02.rs" 93 10 93 28 - let%span span14 = "" 0 0 0 0 + let%span span14 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span15 = "" 0 0 0 0 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 let%span span17 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 let%span span18 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span19 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 - - let%span span20 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - - let%span span21 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 + let%span span19 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span21 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span22 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span25 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span23 = "../02.rs" 85 4 87 5 - let%span span26 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span24 = "../02.rs" 31 10 31 11 - let%span span27 = "../02.rs" 85 4 87 5 + let%span span25 = "../02.rs" 29 0 29 8 - let%span span28 = "../02.rs" 31 10 31 11 + let%span span26 = "../02.rs" 72 12 75 13 - let%span span29 = "../02.rs" 29 0 29 8 + let%span span27 = "../02.rs" 23 4 23 38 - let%span span30 = "../02.rs" 72 12 75 13 + let%span span28 = "../02.rs" 24 16 24 20 - let%span span31 = "../02.rs" 23 4 23 38 + let%span span29 = "../02.rs" 24 22 24 23 - let%span span32 = "../02.rs" 24 16 24 20 + let%span span30 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span33 = "../02.rs" 24 22 24 23 + let%span span31 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span34 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span32 = "../02.rs" 44 11 44 17 - let%span span35 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span33 = "../02.rs" 45 10 45 28 - let%span span36 = "../02.rs" 44 11 44 17 + let%span span34 = "../02.rs" 46 10 46 11 - let%span span37 = "../02.rs" 45 10 45 28 + let%span span35 = "../02.rs" 43 0 43 8 - let%span span38 = "../02.rs" 46 10 46 11 + let%span span36 = "../02.rs" 61 10 61 49 - let%span span39 = "../02.rs" 43 0 43 8 + let%span span37 = "../02.rs" 60 0 60 8 - let%span span40 = "../02.rs" 61 10 61 49 + let%span span38 = "../02.rs" 18 16 18 20 - let%span span41 = "../02.rs" 60 0 60 8 + let%span span39 = "../02.rs" 17 4 17 42 - let%span span42 = "../02.rs" 18 16 18 20 + let%span span40 = "../02.rs" 18 25 18 26 - let%span span43 = "../02.rs" 17 4 17 42 + let%span span41 = "../../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span44 = "../02.rs" 18 25 18 26 + let%span span42 = "../../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span45 = "../../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span43 = "../../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 - let%span span46 = "../../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span44 = "" 0 0 0 0 - let%span span47 = "../../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 + let%span span45 = "" 0 0 0 0 - let%span span48 = "" 0 0 0 0 + let%span span46 = "../../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 - let%span span49 = "" 0 0 0 0 - - let%span span50 = "../../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 - - let%span span51 = "" 0 0 0 0 + let%span span47 = "" 0 0 0 0 use C02_Fib_Type as Fib'0 @@ -368,7 +345,12 @@ module C02_FibMemo use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'7 (_x : Seq'0.t_seq (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib))) + predicate invariant'7 (self : Seq'0.t_seq (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib))) = + [%#span14] true + + predicate inv'8 (_x : Seq'0.t_seq (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib))) + + axiom inv'8 : forall x : Seq'0.t_seq (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) . inv'8 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -378,68 +360,58 @@ module C02_FibMemo use prelude.prelude.Int - constant max'0 : usize = [%#span14] (18446744073709551615 : usize) - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + constant max'0 : usize = [%#span15] (18446744073709551615 : usize) function len'0 (self : Seq'0.t_seq (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib))) : int - axiom len'0_spec : forall self : Seq'0.t_seq (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) . ([%#span15] inv'7 self) - -> ([%#span16] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) . [%#span16] len'0 self + >= 0 - predicate inv'8 (_x : Vec'0.t_vec (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) (Global'0.t_global)) + predicate inv'7 (_x : Vec'0.t_vec (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) (Global'0.t_global)) function shallow_model'1 (self : Vec'0.t_vec (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) (Global'0.t_global)) : Seq'0.t_seq (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) - axiom shallow_model'1_spec : forall self : Vec'0.t_vec (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) (Global'0.t_global) . ([%#span17] inv'8 self) - -> ([%#span19] inv'7 (shallow_model'1 self)) - && ([%#span18] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'1_spec : forall self : Vec'0.t_vec (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) (Global'0.t_global) . ([%#span17] inv'7 self) + -> ([%#span18] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) - predicate invariant'7 (self : Vec'0.t_vec (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) (Global'0.t_global)) + predicate invariant'6 (self : Vec'0.t_vec (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) (Global'0.t_global)) = - [%#span20] inv'7 (shallow_model'1 self) + [%#span19] inv'8 (shallow_model'1 self) - axiom inv'8 : forall x : Vec'0.t_vec (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) (Global'0.t_global) . inv'8 x + axiom inv'7 : forall x : Vec'0.t_vec (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) (Global'0.t_global) . inv'7 x = true - predicate invariant'6 (self : Seq'0.t_seq (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib))) = - [%#span21] true - - axiom inv'7 : forall x : Seq'0.t_seq (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) . inv'7 x = true - predicate invariant'5 (self : ()) = - [%#span21] true + [%#span14] true predicate inv'6 (_x : ()) axiom inv'6 : forall x : () . inv'6 x = true predicate invariant'4 (self : ()) = - [%#span21] true + [%#span14] true predicate inv'5 (_x : ()) axiom inv'5 : forall x : () . inv'5 x = true predicate invariant'3 (self : Option'0.t_option usize) = - [%#span21] true + [%#span14] true predicate inv'4 (_x : Option'0.t_option usize) axiom inv'4 : forall x : Option'0.t_option usize . inv'4 x = true predicate invariant'2 (self : Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) = - [%#span21] true + [%#span14] true predicate inv'2 (_x : Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) axiom inv'2 : forall x : Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib) . inv'2 x = true predicate invariant'1 (self : usize) = - [%#span21] true + [%#span14] true predicate inv'1 (_x : usize) @@ -447,19 +419,18 @@ module C02_FibMemo predicate invariant'0 (self : Vec'0.t_vec (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) (Global'0.t_global)) = - [%#span21] true + [%#span14] true predicate inv'0 (_x : Vec'0.t_vec (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) (Global'0.t_global)) axiom inv'0 : forall x : Vec'0.t_vec (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) (Global'0.t_global) . inv'0 x = true - constant empty'0 : Seq'0.t_seq (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) = [%#span22] () + constant empty'0 : Seq'0.t_seq (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) - function empty_len'0 (_1 : ()) : () = - [%#span24] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span23] len'0 (empty'0 : Seq'0.t_seq (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib))) + axiom empty_len'0_spec : forall _1 : () . [%#span20] len'0 (empty'0 : Seq'0.t_seq (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib))) = 0 use prelude.prelude.Borrow @@ -467,26 +438,24 @@ module C02_FibMemo function shallow_model'0 (self : Vec'0.t_vec (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) (Global'0.t_global)) : Seq'0.t_seq (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) = - [%#span25] shallow_model'1 self + [%#span21] shallow_model'1 self use C02_Fib_Type as C02_Fib_Type use C02_Cell_Type as C02_Cell_Type - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib))) (x : int) : Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib) + function index_logic'1 (self : Seq'0.t_seq (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib))) (_2 : int) : Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib) function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) (Global'0.t_global)) (ix : int) : Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib) = - [%#span26] index_logic'1 (shallow_model'1 self) ix + [%#span22] index_logic'1 (shallow_model'1 self) ix predicate fib_cell'0 [#"../02.rs" 84 0 84 32] (v : Vec'0.t_vec (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) (Global'0.t_global)) = - [%#span27] forall i : int . UIntSize.to_int (C02_Fib_Type.fib_ix (C02_Cell_Type.cell_ghost_inv (index_logic'0 v i))) + [%#span23] forall i : int . UIntSize.to_int (C02_Fib_Type.fib_ix (C02_Cell_Type.cell_ghost_inv (index_logic'0 v i))) = i use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 @@ -496,54 +465,54 @@ module C02_FibMemo function fib'0 [#"../02.rs" 32 0 32 25] (i : int) : int axiom fib'0_def : forall i : int . fib'0 i - = ([%#span29] if i <= 0 then 0 else if i = 1 then 1 else fib'0 (i - 1) + fib'0 (i - 2)) + = ([%#span25] if i <= 0 then 0 else if i = 1 then 1 else fib'0 (i - 1) + fib'0 (i - 2)) predicate inv'3 [#"../02.rs" 70 4 70 43] (self : Fib'0.t_fib) (v : Option'0.t_option usize) = - [%#span30] match v with + [%#span26] match v with | Option'0.C_None -> true | Option'0.C_Some i -> UIntSize.to_int i = fib'0 (UIntSize.to_int (C02_Fib_Type.fib_ix self)) end - let rec set'0 (self:Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) (v:Option'0.t_option usize) (return' (ret:()))= {[@expl:precondition] [%#span33] inv'4 v} - {[@expl:precondition] [%#span32] inv'2 self} - {[@expl:precondition] [%#span31] inv'3 (C02_Cell_Type.cell_ghost_inv self) v} + let rec set'0 (self:Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) (v:Option'0.t_option usize) (return' (ret:()))= {[@expl:precondition] [%#span29] inv'4 v} + {[@expl:precondition] [%#span28] inv'2 self} + {[@expl:precondition] [%#span27] inv'3 (C02_Cell_Type.cell_ghost_inv self) v} any [ return' (result:())-> (! return' {result}) ] function deref'1 (self : Snapshot'0.t_snapshot ()) : () function new'1 (x : ()) : Snapshot'0.t_snapshot () - axiom new'1_spec : forall x : () . ([%#span34] inv'6 x) -> ([%#span35] deref'1 (new'1 x) = x) + axiom new'1_spec : forall x : () . ([%#span30] inv'6 x) -> ([%#span31] deref'1 (new'1 x) = x) use int.Power function lemma_fib_bound'0 [#"../02.rs" 47 0 47 30] (i : int) : () axiom lemma_fib_bound'0_def : forall i : int . lemma_fib_bound'0 i - = ([%#span39] if i = 0 then + = ([%#span35] if i = 0 then () else if i = 1 then () else let _ = lemma_fib_bound'0 (i - 2) in lemma_fib_bound'0 (i - 1) ) - axiom lemma_fib_bound'0_spec : forall i : int . ([%#span36] 0 <= i) -> ([%#span37] fib'0 i <= Power.power 2 i) + axiom lemma_fib_bound'0_spec : forall i : int . ([%#span32] 0 <= i) -> ([%#span33] fib'0 i <= Power.power 2 i) function deref'0 (self : Snapshot'0.t_snapshot ()) : () function new'0 (x : ()) : Snapshot'0.t_snapshot () - axiom new'0_spec : forall x : () . ([%#span34] inv'5 x) -> ([%#span35] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : () . ([%#span30] inv'5 x) -> ([%#span31] deref'0 (new'0 x) = x) function lemma_max_int'0 [#"../02.rs" 62 0 62 22] (_1 : ()) : () = - [%#span41] () + [%#span37] () - axiom lemma_max_int'0_spec : forall _1 : () . [%#span40] Power.power 2 63 + axiom lemma_max_int'0_spec : forall _1 : () . [%#span36] Power.power 2 63 < UIntSize.to_int (18446744073709551615 : usize) - let rec get'0 (self:Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) (return' (ret:Option'0.t_option usize))= {[@expl:precondition] [%#span42] inv'2 self} + let rec get'0 (self:Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) (return' (ret:Option'0.t_option usize))= {[@expl:precondition] [%#span38] inv'2 self} any - [ return' (result:Option'0.t_option usize)-> {[%#span44] inv'4 result} - {[%#span43] inv'3 (C02_Cell_Type.cell_ghost_inv self) result} + [ return' (result:Option'0.t_option usize)-> {[%#span40] inv'4 result} + {[%#span39] inv'3 (C02_Cell_Type.cell_ghost_inv self) result} (! return' {result}) ] @@ -552,19 +521,19 @@ module C02_FibMemo predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib))) (out : Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) = - [%#span45] index_logic'1 seq (UIntSize.to_int self) = out + [%#span41] index_logic'1 seq (UIntSize.to_int self) = out predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib))) = - [%#span46] UIntSize.to_int self < len'0 seq + [%#span42] UIntSize.to_int self < len'0 seq - let rec index'0 (self:Vec'0.t_vec (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) (Global'0.t_global)) (index:usize) (return' (ret:Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)))= {[@expl:precondition] [%#span49] inv'1 index} - {[@expl:precondition] [%#span48] inv'0 self} - {[@expl:precondition] [%#span47] in_bounds'0 index (shallow_model'0 self)} + let rec index'0 (self:Vec'0.t_vec (Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)) (Global'0.t_global)) (index:usize) (return' (ret:Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib)))= {[@expl:precondition] [%#span45] inv'1 index} + {[@expl:precondition] [%#span44] inv'0 self} + {[@expl:precondition] [%#span43] in_bounds'0 index (shallow_model'0 self)} any - [ return' (result:Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib))-> {[%#span51] inv'2 result} - {[%#span50] has_value'0 index (shallow_model'0 self) result} + [ return' (result:Cell'0.t_cell (Option'0.t_option usize) (Fib'0.t_fib))-> {[%#span47] inv'2 result} + {[%#span46] has_value'0 index (shallow_model'0 self) result} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/filter_positive.coma b/creusot/tests/should_succeed/filter_positive.coma index 7eaad3bd76..fc694dbd0d 100644 --- a/creusot/tests/should_succeed/filter_positive.coma +++ b/creusot/tests/should_succeed/filter_positive.coma @@ -1,38 +1,19 @@ module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module FilterPositive_NumOfPos_Impl let%span sfilter_positive0 = "../filter_positive.rs" 36 10 36 13 use prelude.prelude.Int32 - use seq.Seq + use prelude.prelude.Int use prelude.prelude.Int32 - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - use prelude.prelude.Int - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - function index_logic'0 (self : Seq'0.t_seq int32) (x : int) : int32 + function index_logic'0 (self : Seq'0.t_seq int32) (_2 : int) : int32 constant i : int @@ -67,13 +48,9 @@ module FilterPositive_LemmaNumOfPosIncreasing_Impl use prelude.prelude.Int32 - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - use prelude.prelude.Int - function index_logic'0 (self : Seq'0.t_seq int32) (x : int) : int32 + function index_logic'0 (self : Seq'0.t_seq int32) (_2 : int) : int32 function num_of_pos'0 [#"../filter_positive.rs" 37 0 37 49] (i : int) (j : int) (t : Seq'0.t_seq int32) : int @@ -111,60 +88,38 @@ module FilterPositive_LemmaNumOfPosStrictlyIncreasing_Impl let%span sfilter_positive2 = "../filter_positive.rs" 78 10 78 49 - let%span span3 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - - let%span span4 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span5 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span6 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span3 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span7 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span4 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span8 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span5 = "../filter_positive.rs" 36 10 36 13 - let%span span9 = "../filter_positive.rs" 36 10 36 13 + let%span span6 = "../filter_positive.rs" 38 4 46 5 - let%span span10 = "../filter_positive.rs" 38 4 46 5 + use prelude.prelude.Int use prelude.prelude.Int32 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'0 (self : Seq'0.t_seq int32) = - [%#span3] true - - predicate inv'0 (_x : Seq'0.t_seq int32) - - axiom inv'0 : forall x : Seq'0.t_seq int32 . inv'0 x = true - - use prelude.prelude.Int - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq int32) : int - axiom len'0_spec : forall self : Seq'0.t_seq int32 . ([%#span4] inv'0 self) -> ([%#span5] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq int32 . [%#span3] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq int32 = [%#span6] () + constant empty'0 : Seq'0.t_seq int32 - function empty_len'0 (_1 : ()) : () = - [%#span8] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span7] len'0 (empty'0 : Seq'0.t_seq int32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span4] len'0 (empty'0 : Seq'0.t_seq int32) = 0 use prelude.prelude.Int32 - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq int32) (x : int) : int32 + function index_logic'0 (self : Seq'0.t_seq int32) (_2 : int) : int32 function num_of_pos'0 [#"../filter_positive.rs" 37 0 37 49] (i : int) (j : int) (t : Seq'0.t_seq int32) : int axiom num_of_pos'0_def : forall i : int, j : int, t : Seq'0.t_seq int32 . num_of_pos'0 i j t - = ([%#span10] if i >= j then + = ([%#span6] if i >= j then 0 else if Int32.to_int (index_logic'0 t (j - 1)) > 0 then num_of_pos'0 i (j - 1) t + 1 else num_of_pos'0 i (j - 1) t @@ -323,128 +278,122 @@ module FilterPositive_M let%span span19 = "" 0 0 0 0 - let%span span20 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span20 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span21 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span21 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span22 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span22 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span23 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span23 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span24 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span24 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span25 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span25 = "../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 - let%span span26 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span26 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span27 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span27 = "../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 - let%span span28 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span28 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span29 = "../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 + let%span span29 = "../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 - let%span span30 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span30 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span31 = "../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 + let%span span31 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span32 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span32 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span33 = "../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 + let%span span33 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 - let%span span34 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span34 = "" 0 0 0 0 - let%span span35 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span35 = "" 0 0 0 0 - let%span span36 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span36 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 - let%span span37 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 + let%span span37 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 - let%span span38 = "" 0 0 0 0 + let%span span38 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 - let%span span39 = "" 0 0 0 0 + let%span span39 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 - let%span span40 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 + let%span span40 = "" 0 0 0 0 - let%span span41 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 + let%span span41 = "../filter_positive.rs" 36 10 36 13 - let%span span42 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 + let%span span42 = "../filter_positive.rs" 38 4 46 5 - let%span span43 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 + let%span span43 = "../filter_positive.rs" 62 11 62 17 - let%span span44 = "" 0 0 0 0 + let%span span44 = "../filter_positive.rs" 63 10 63 48 - let%span span45 = "../filter_positive.rs" 36 10 36 13 + let%span span45 = "../filter_positive.rs" 64 10 64 13 - let%span span46 = "../filter_positive.rs" 38 4 46 5 + let%span span46 = "../filter_positive.rs" 67 8 69 9 - let%span span47 = "../filter_positive.rs" 62 11 62 17 + let%span span47 = "../filter_positive.rs" 76 11 76 32 - let%span span48 = "../filter_positive.rs" 63 10 63 48 + let%span span48 = "../filter_positive.rs" 77 11 77 20 - let%span span49 = "../filter_positive.rs" 64 10 64 13 + let%span span49 = "../filter_positive.rs" 78 10 78 49 - let%span span50 = "../filter_positive.rs" 67 8 69 9 + let%span span50 = "../filter_positive.rs" 75 0 75 8 - let%span span51 = "../filter_positive.rs" 76 11 76 32 + let%span span51 = "" 0 0 0 0 - let%span span52 = "../filter_positive.rs" 77 11 77 20 + let%span span52 = "../../../../creusot-contracts/src/std/vec.rs" 174 22 174 41 - let%span span53 = "../filter_positive.rs" 78 10 78 49 + let%span span53 = "../../../../creusot-contracts/src/std/vec.rs" 175 12 175 78 - let%span span54 = "../filter_positive.rs" 75 0 75 8 + let%span span54 = "" 0 0 0 0 - let%span span55 = "" 0 0 0 0 + let%span span55 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span56 = "../../../../creusot-contracts/src/std/vec.rs" 174 22 174 41 + let%span span56 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 - let%span span57 = "../../../../creusot-contracts/src/std/vec.rs" 175 12 175 78 + let%span span57 = "" 0 0 0 0 let%span span58 = "" 0 0 0 0 - let%span span59 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span59 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 - let%span span60 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 + let%span span60 = "" 0 0 0 0 let%span span61 = "" 0 0 0 0 - let%span span62 = "" 0 0 0 0 + let%span span62 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 - let%span span63 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 + use prelude.prelude.Int32 - let%span span64 = "" 0 0 0 0 + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - let%span span65 = "" 0 0 0 0 + predicate invariant'7 (self : Seq'0.t_seq int32) = + [%#span18] true - let%span span66 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 + predicate inv'7 (_x : Seq'0.t_seq int32) - use prelude.prelude.Int32 + axiom inv'7 : forall x : Seq'0.t_seq int32 . inv'7 x = true use prelude.prelude.Borrow - predicate invariant'7 (self : borrowed int32) = + predicate invariant'6 (self : borrowed int32) = [%#span18] true - predicate inv'7 (_x : borrowed int32) + predicate inv'6 (_x : borrowed int32) - axiom inv'7 : forall x : borrowed int32 . inv'7 x = true + axiom inv'6 : forall x : borrowed int32 . inv'6 x = true use Alloc_Alloc_Global_Type as Global'0 use Alloc_Vec_Vec_Type as Vec'0 - predicate invariant'6 (self : borrowed (Vec'0.t_vec int32 (Global'0.t_global))) = + predicate invariant'5 (self : borrowed (Vec'0.t_vec int32 (Global'0.t_global))) = [%#span18] true - predicate inv'6 (_x : borrowed (Vec'0.t_vec int32 (Global'0.t_global))) - - axiom inv'6 : forall x : borrowed (Vec'0.t_vec int32 (Global'0.t_global)) . inv'6 x = true - - predicate invariant'5 (self : int32) = - [%#span18] true + predicate inv'5 (_x : borrowed (Vec'0.t_vec int32 (Global'0.t_global))) - predicate inv'5 (_x : int32) - - axiom inv'5 : forall x : int32 . inv'5 x = true + axiom inv'5 : forall x : borrowed (Vec'0.t_vec int32 (Global'0.t_global)) . inv'5 x = true predicate invariant'4 (self : int32) = [%#span18] true @@ -453,30 +402,28 @@ module FilterPositive_M axiom inv'4 : forall x : int32 . inv'4 x = true - use prelude.prelude.UIntSize - - predicate invariant'3 (self : usize) = + predicate invariant'3 (self : int32) = [%#span18] true - predicate inv'3 (_x : usize) + predicate inv'3 (_x : int32) - axiom inv'3 : forall x : usize . inv'3 x = true + axiom inv'3 : forall x : int32 . inv'3 x = true - predicate invariant'2 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span18] true + use prelude.prelude.UIntSize - predicate inv'2 (_x : Vec'0.t_vec int32 (Global'0.t_global)) + predicate invariant'2 (self : usize) = + [%#span18] true - axiom inv'2 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'2 x = true + predicate inv'2 (_x : usize) - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + axiom inv'2 : forall x : usize . inv'2 x = true - predicate invariant'1 (self : Seq'0.t_seq int32) = + predicate invariant'1 (self : Vec'0.t_vec int32 (Global'0.t_global)) = [%#span18] true - predicate inv'1 (_x : Seq'0.t_seq int32) + predicate inv'1 (_x : Vec'0.t_vec int32 (Global'0.t_global)) - axiom inv'1 : forall x : Seq'0.t_seq int32 . inv'1 x = true + axiom inv'1 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'1 x = true use prelude.prelude.UIntSize @@ -484,76 +431,68 @@ module FilterPositive_M constant max'0 : usize = [%#span19] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq int32) : int - axiom len'0_spec : forall self : Seq'0.t_seq int32 . ([%#span20] inv'1 self) -> ([%#span21] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq int32 . [%#span20] len'0 self >= 0 predicate inv'0 (_x : Vec'0.t_vec int32 (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec int32 (Global'0.t_global)) : Seq'0.t_seq int32 - axiom shallow_model'0_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span22] inv'0 self) - -> ([%#span24] inv'1 (shallow_model'0 self)) - && ([%#span23] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span21] inv'0 self) + -> ([%#span22] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'0 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span25] inv'1 (shallow_model'0 self) + [%#span23] inv'7 (shallow_model'0 self) axiom inv'0 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'0 x = true - constant empty'0 : Seq'0.t_seq int32 = [%#span26] () + constant empty'0 : Seq'0.t_seq int32 - function empty_len'0 (_1 : ()) : () = - [%#span28] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span27] len'0 (empty'0 : Seq'0.t_seq int32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span24] len'0 (empty'0 : Seq'0.t_seq int32) = 0 use prelude.prelude.Intrinsic predicate resolve'2 (self : int32) = - [%#span29] true - - use seq.Seq + [%#span25] true - function index_logic'0 (self : Seq'0.t_seq int32) (x : int) : int32 + function index_logic'0 (self : Seq'0.t_seq int32) (_2 : int) : int32 function index_logic'1 [@inline:trivial] (self : Vec'0.t_vec int32 (Global'0.t_global)) (ix : int) : int32 = - [%#span30] index_logic'0 (shallow_model'0 self) ix + [%#span26] index_logic'0 (shallow_model'0 self) ix predicate resolve'1 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span31] forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 self) -> resolve'2 (index_logic'1 self i) + [%#span27] forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 self) -> resolve'2 (index_logic'1 self i) predicate resolve'0 (self : borrowed int32) = - [%#span32] ^ self = * self + [%#span28] ^ self = * self use prelude.prelude.Slice predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq'0.t_seq int32) (fin : Seq'0.t_seq int32) = - [%#span33] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'0 old' + [%#span29] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'0 old' -> index_logic'0 old' i = index_logic'0 fin i predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq int32) (out : int32) = - [%#span34] index_logic'0 seq (UIntSize.to_int self) = out + [%#span30] index_logic'0 seq (UIntSize.to_int self) = out predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq int32) = - [%#span35] UIntSize.to_int self < len'0 seq + [%#span31] UIntSize.to_int self < len'0 seq function shallow_model'2 (self : borrowed (Vec'0.t_vec int32 (Global'0.t_global))) : Seq'0.t_seq int32 = - [%#span36] shallow_model'0 ( * self) + [%#span32] shallow_model'0 ( * self) - let rec index_mut'0 (self:borrowed (Vec'0.t_vec int32 (Global'0.t_global))) (index:usize) (return' (ret:borrowed int32))= {[@expl:precondition] [%#span39] inv'3 index} - {[@expl:precondition] [%#span38] inv'6 self} - {[@expl:precondition] [%#span37] in_bounds'0 index (shallow_model'2 self)} + let rec index_mut'0 (self:borrowed (Vec'0.t_vec int32 (Global'0.t_global))) (index:usize) (return' (ret:borrowed int32))= {[@expl:precondition] [%#span35] inv'2 index} + {[@expl:precondition] [%#span34] inv'5 self} + {[@expl:precondition] [%#span33] in_bounds'0 index (shallow_model'2 self)} any - [ return' (result:borrowed int32)-> {[%#span44] inv'7 result} - {[%#span43] len'0 (shallow_model'0 ( ^ self)) = len'0 (shallow_model'2 self)} - {[%#span42] resolve_elswhere'0 index (shallow_model'2 self) (shallow_model'0 ( ^ self))} - {[%#span41] has_value'0 index (shallow_model'0 ( ^ self)) ( ^ result)} - {[%#span40] has_value'0 index (shallow_model'2 self) ( * result)} + [ return' (result:borrowed int32)-> {[%#span40] inv'6 result} + {[%#span39] len'0 (shallow_model'0 ( ^ self)) = len'0 (shallow_model'2 self)} + {[%#span38] resolve_elswhere'0 index (shallow_model'2 self) (shallow_model'0 ( ^ self))} + {[%#span37] has_value'0 index (shallow_model'0 ( ^ self)) ( ^ result)} + {[%#span36] has_value'0 index (shallow_model'2 self) ( * result)} (! return' {result}) ] @@ -562,7 +501,7 @@ module FilterPositive_M function num_of_pos'0 [#"../filter_positive.rs" 37 0 37 49] (i : int) (j : int) (t : Seq'0.t_seq int32) : int axiom num_of_pos'0_def : forall i : int, j : int, t : Seq'0.t_seq int32 . num_of_pos'0 i j t - = ([%#span46] if i >= j then + = ([%#span42] if i >= j then 0 else if Int32.to_int (index_logic'0 t (j - 1)) > 0 then num_of_pos'0 i (j - 1) t + 1 else num_of_pos'0 i (j - 1) t @@ -572,43 +511,43 @@ module FilterPositive_M axiom lemma_num_of_pos_increasing'0_def : forall i : int, j : int, k : int, t : Seq'0.t_seq int32 . lemma_num_of_pos_increasing'0 i j k t - = ([%#span50] if j < k then lemma_num_of_pos_increasing'0 i (j + 1) k t else ()) + = ([%#span46] if j < k then lemma_num_of_pos_increasing'0 i (j + 1) k t else ()) - axiom lemma_num_of_pos_increasing'0_spec : forall i : int, j : int, k : int, t : Seq'0.t_seq int32 . ([%#span47] j - <= k) -> ([%#span48] num_of_pos'0 i j t <= num_of_pos'0 i k t) + axiom lemma_num_of_pos_increasing'0_spec : forall i : int, j : int, k : int, t : Seq'0.t_seq int32 . ([%#span43] j + <= k) -> ([%#span44] num_of_pos'0 i j t <= num_of_pos'0 i k t) function lemma_num_of_pos_strictly_increasing'0 [#"../filter_positive.rs" 79 0 79 60] (i : int) (t : Seq'0.t_seq int32) : () = - [%#span54] () + [%#span50] () - axiom lemma_num_of_pos_strictly_increasing'0_spec : forall i : int, t : Seq'0.t_seq int32 . ([%#span51] 0 <= i + axiom lemma_num_of_pos_strictly_increasing'0_spec : forall i : int, t : Seq'0.t_seq int32 . ([%#span47] 0 <= i /\ i < len'0 t) - -> ([%#span52] Int32.to_int (index_logic'0 t i) > 0) -> ([%#span53] num_of_pos'0 0 i t < num_of_pos'0 0 (i + 1) t) + -> ([%#span48] Int32.to_int (index_logic'0 t i) > 0) -> ([%#span49] num_of_pos'0 0 i t < num_of_pos'0 0 (i + 1) t) - let rec from_elem'0 (elem:int32) (n:usize) (return' (ret:Vec'0.t_vec int32 (Global'0.t_global)))= {[@expl:precondition] [%#span55] inv'5 elem} + let rec from_elem'0 (elem:int32) (n:usize) (return' (ret:Vec'0.t_vec int32 (Global'0.t_global)))= {[@expl:precondition] [%#span51] inv'4 elem} any - [ return' (result:Vec'0.t_vec int32 (Global'0.t_global))-> {[%#span58] inv'0 result} - {[%#span57] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'1 result i = elem} - {[%#span56] len'0 (shallow_model'0 result) = UIntSize.to_int n} + [ return' (result:Vec'0.t_vec int32 (Global'0.t_global))-> {[%#span54] inv'0 result} + {[%#span53] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'1 result i = elem} + {[%#span52] len'0 (shallow_model'0 result) = UIntSize.to_int n} (! return' {result}) ] function shallow_model'1 (self : Vec'0.t_vec int32 (Global'0.t_global)) : Seq'0.t_seq int32 = - [%#span59] shallow_model'0 self + [%#span55] shallow_model'0 self - let rec index'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (index:usize) (return' (ret:int32))= {[@expl:precondition] [%#span62] inv'3 index} - {[@expl:precondition] [%#span61] inv'2 self} - {[@expl:precondition] [%#span60] in_bounds'0 index (shallow_model'1 self)} + let rec index'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (index:usize) (return' (ret:int32))= {[@expl:precondition] [%#span58] inv'2 index} + {[@expl:precondition] [%#span57] inv'1 self} + {[@expl:precondition] [%#span56] in_bounds'0 index (shallow_model'1 self)} any - [ return' (result:int32)-> {[%#span64] inv'4 result} - {[%#span63] has_value'0 index (shallow_model'1 self) result} + [ return' (result:int32)-> {[%#span60] inv'3 result} + {[%#span59] has_value'0 index (shallow_model'1 self) result} (! return' {result}) ] - let rec len'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span65] inv'2 self} + let rec len'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span61] inv'1 self} any - [ return' (result:usize)-> {[%#span66] UIntSize.to_int result = len'0 (shallow_model'1 self)} (! return' {result}) ] + [ return' (result:usize)-> {[%#span62] UIntSize.to_int result = len'0 (shallow_model'1 self)} (! return' {result}) ] let rec m (t:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:Vec'0.t_vec int32 (Global'0.t_global)))= (! bb0 diff --git a/creusot/tests/should_succeed/hashmap.coma b/creusot/tests/should_succeed/hashmap.coma index 2c5d4dbeb0..c4e6f846a4 100644 --- a/creusot/tests/should_succeed/hashmap.coma +++ b/creusot/tests/should_succeed/hashmap.coma @@ -204,22 +204,7 @@ module Hashmap_MyHashMap_Type end end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module Hashmap_Impl5_New type k @@ -236,63 +221,55 @@ module Hashmap_Impl5_New let%span span4 = "" 0 0 0 0 - let%span span5 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span5 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span6 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span6 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span7 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span7 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span8 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span8 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span9 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span9 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span10 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span10 = "../hashmap.rs" 30 12 33 13 - let%span span11 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span11 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span12 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span12 = "../hashmap.rs" 90 20 90 66 - let%span span13 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span13 = "../hashmap.rs" 85 8 85 53 - let%span span14 = "../hashmap.rs" 30 12 33 13 - - let%span span15 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span14 = "../hashmap.rs" 79 20 79 45 - let%span span16 = "../hashmap.rs" 90 20 90 66 + let%span span15 = "../hashmap.rs" 40 12 43 13 - let%span span17 = "../hashmap.rs" 85 8 85 53 - - let%span span18 = "../hashmap.rs" 79 20 79 45 + let%span span16 = "../hashmap.rs" 200 8 202 9 - let%span span19 = "../hashmap.rs" 40 12 43 13 + let%span span17 = "../hashmap.rs" 209 8 212 9 - let%span span20 = "../hashmap.rs" 200 8 202 9 + let%span span18 = "" 0 0 0 0 - let%span span21 = "../hashmap.rs" 209 8 212 9 + let%span span19 = "../../../../creusot-contracts/src/std/vec.rs" 174 22 174 41 - let%span span22 = "" 0 0 0 0 + let%span span20 = "../../../../creusot-contracts/src/std/vec.rs" 175 12 175 78 - let%span span23 = "../../../../creusot-contracts/src/std/vec.rs" 174 22 174 41 + let%span span21 = "" 0 0 0 0 - let%span span24 = "../../../../creusot-contracts/src/std/vec.rs" 175 12 175 78 - - let%span span25 = "" 0 0 0 0 - - predicate invariant'5 (self : v) + use Hashmap_List_Type as List'0 - predicate inv'5 (_x : v) + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - axiom inv'5 : forall x : v . inv'5 x = true + predicate invariant'5 (self : Seq'0.t_seq (List'0.t_list (k, v))) - use Hashmap_List_Type as List'0 + predicate inv'5 (_x : Seq'0.t_seq (List'0.t_list (k, v))) - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + axiom inv'5 : forall x : Seq'0.t_seq (List'0.t_list (k, v)) . inv'5 x = true - predicate invariant'4 (self : Seq'0.t_seq (List'0.t_list (k, v))) + predicate invariant'4 (self : v) - predicate inv'4 (_x : Seq'0.t_seq (List'0.t_list (k, v))) + predicate inv'4 (_x : v) - axiom inv'4 : forall x : Seq'0.t_seq (List'0.t_list (k, v)) . inv'4 x = true + axiom inv'4 : forall x : v . inv'4 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -306,35 +283,28 @@ module Hashmap_Impl5_New constant max'0 : usize = [%#span4] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq (List'0.t_list (k, v))) : int - axiom len'0_spec : forall self : Seq'0.t_seq (List'0.t_list (k, v)) . ([%#span5] inv'4 self) - -> ([%#span6] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (List'0.t_list (k, v)) . [%#span5] len'0 self >= 0 predicate inv'3 (_x : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) function shallow_model'1 (self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) : Seq'0.t_seq (List'0.t_list (k, v)) - axiom shallow_model'1_spec : forall self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global) . ([%#span7] inv'3 self) - -> ([%#span9] inv'4 (shallow_model'1 self)) - && ([%#span8] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'1_spec : forall self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global) . ([%#span6] inv'3 self) + -> ([%#span7] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'3 (self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) = - [%#span10] inv'4 (shallow_model'1 self) + [%#span8] inv'5 (shallow_model'1 self) axiom inv'3 : forall x : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global) . inv'3 x = true - constant empty'0 : Seq'0.t_seq (List'0.t_list (k, v)) = [%#span11] () + constant empty'0 : Seq'0.t_seq (List'0.t_list (k, v)) - function empty_len'0 (_1 : ()) : () = - [%#span13] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span12] len'0 (empty'0 : Seq'0.t_seq (List'0.t_list (k, v))) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span9] len'0 (empty'0 : Seq'0.t_seq (List'0.t_list (k, v))) = 0 predicate invariant'2 (self : List'0.t_list (k, v)) @@ -369,19 +339,17 @@ module Hashmap_Impl5_New function get'0 [#"../hashmap.rs" 28 4 28 56] (self : List'0.t_list (k, v)) (index : deep_model_ty'0) : Option'0.t_option v = - [%#span14] match self with + [%#span10] match self with | List'0.C_Nil -> Option'0.C_None | List'0.C_Cons (k, v) tl -> if deep_model'0 k = index then Option'0.C_Some v else get'0 tl index end - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq (List'0.t_list (k, v))) (x : int) : List'0.t_list (k, v) + function index_logic'1 (self : Seq'0.t_seq (List'0.t_list (k, v))) (_2 : int) : List'0.t_list (k, v) function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) (ix : int) : List'0.t_list (k, v) = - [%#span15] index_logic'1 (shallow_model'1 self) ix + [%#span11] index_logic'1 (shallow_model'1 self) ix use int.EuclideanDivision @@ -390,22 +358,22 @@ module Hashmap_Impl5_New function hash_log'0 [#"../hashmap.rs" 54 4 54 45] (_1 : deep_model_ty'0) : int function bucket_ix'0 [#"../hashmap.rs" 89 4 89 48] (self : MyHashMap'0.t_myhashmap k v) (k : deep_model_ty'0) : int = - [%#span16] EuclideanDivision.mod (hash_log'0 k) (len'0 (shallow_model'1 (Hashmap_MyHashMap_Type.myhashmap_buckets self))) + [%#span12] EuclideanDivision.mod (hash_log'0 k) (len'0 (shallow_model'1 (Hashmap_MyHashMap_Type.myhashmap_buckets self))) function bucket'0 [#"../hashmap.rs" 84 4 84 54] (self : MyHashMap'0.t_myhashmap k v) (k : deep_model_ty'0) : List'0.t_list (k, v) = - [%#span17] index_logic'0 (Hashmap_MyHashMap_Type.myhashmap_buckets self) (bucket_ix'0 self k) + [%#span13] index_logic'0 (Hashmap_MyHashMap_Type.myhashmap_buckets self) (bucket_ix'0 self k) use map.Map function shallow_model'0 [#"../hashmap.rs" 78 4 78 50] (self : MyHashMap'0.t_myhashmap k v) : Map.map deep_model_ty'0 (Option'0.t_option v) = - [%#span18] Mapping.from_fn (fun (k : deep_model_ty'0) -> get'0 (bucket'0 self k) k) + [%#span14] Mapping.from_fn (fun (k : deep_model_ty'0) -> get'0 (bucket'0 self k) k) predicate no_double_binding'0 [#"../hashmap.rs" 38 4 38 38] (self : List'0.t_list (k, v)) = - [%#span19] match self with + [%#span15] match self with | List'0.C_Nil -> true | List'0.C_Cons (k, _) tl -> get'0 tl (deep_model'0 k) = Option'0.C_None /\ no_double_binding'0 tl end @@ -413,24 +381,24 @@ module Hashmap_Impl5_New predicate good_bucket'0 [#"../hashmap.rs" 199 4 199 57] (self : MyHashMap'0.t_myhashmap k v) (l : List'0.t_list (k, v)) (h : int) = - [%#span20] forall v : v . forall k : deep_model_ty'0 . inv'5 v + [%#span16] forall v : v . forall k : deep_model_ty'0 . inv'4 v -> inv'0 k -> get'0 l k = Option'0.C_Some v -> bucket_ix'0 self k = h use prelude.prelude.Borrow predicate hashmap_inv'0 [#"../hashmap.rs" 208 4 208 33] (self : MyHashMap'0.t_myhashmap k v) = - [%#span21] 0 < len'0 (shallow_model'1 (Hashmap_MyHashMap_Type.myhashmap_buckets self)) + [%#span17] 0 < len'0 (shallow_model'1 (Hashmap_MyHashMap_Type.myhashmap_buckets self)) /\ (forall i : int . 0 <= i /\ i < len'0 (shallow_model'1 (Hashmap_MyHashMap_Type.myhashmap_buckets self)) -> good_bucket'0 self (index_logic'0 (Hashmap_MyHashMap_Type.myhashmap_buckets self) i) i /\ no_double_binding'0 (index_logic'0 (Hashmap_MyHashMap_Type.myhashmap_buckets self) i)) use prelude.prelude.Intrinsic - let rec from_elem'0 (elem:List'0.t_list (k, v)) (n:usize) (return' (ret:Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)))= {[@expl:precondition] [%#span22] inv'2 elem} + let rec from_elem'0 (elem:List'0.t_list (k, v)) (n:usize) (return' (ret:Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)))= {[@expl:precondition] [%#span18] inv'2 elem} any - [ return' (result:Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global))-> {[%#span25] inv'3 result} - {[%#span24] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'0 result i = elem} - {[%#span23] len'0 (shallow_model'1 result) = UIntSize.to_int n} + [ return' (result:Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global))-> {[%#span21] inv'3 result} + {[%#span20] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'0 result i = elem} + {[%#span19] len'0 (shallow_model'1 result) = UIntSize.to_int n} (! return' {result}) ] @@ -511,89 +479,81 @@ module Hashmap_Impl5_Add let%span span14 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span15 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span15 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span16 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span16 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span17 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span17 = "" 0 0 0 0 - let%span span18 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span18 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span19 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span19 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span20 = "" 0 0 0 0 + let%span span20 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span21 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span21 = "../hashmap.rs" 30 12 33 13 - let%span span22 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span22 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span23 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span23 = "../hashmap.rs" 90 20 90 66 - let%span span24 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span24 = "../hashmap.rs" 85 8 85 53 - let%span span25 = "../hashmap.rs" 30 12 33 13 + let%span span25 = "../hashmap.rs" 79 20 79 45 - let%span span26 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span26 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span27 = "../hashmap.rs" 90 20 90 66 + let%span span27 = "../hashmap.rs" 40 12 43 13 - let%span span28 = "../hashmap.rs" 85 8 85 53 + let%span span28 = "../hashmap.rs" 200 8 202 9 - let%span span29 = "../hashmap.rs" 79 20 79 45 + let%span span29 = "../hashmap.rs" 209 8 212 9 - let%span span30 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span30 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span31 = "../hashmap.rs" 40 12 43 13 + let%span span31 = "../../../../creusot-contracts/src/model.rs" 81 8 81 28 - let%span span32 = "../hashmap.rs" 200 8 202 9 + let%span span32 = "" 0 0 0 0 - let%span span33 = "../hashmap.rs" 209 8 212 9 + let%span span33 = "" 0 0 0 0 - let%span span34 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span34 = "../../../../creusot-contracts/src/std/cmp.rs" 11 26 11 75 - let%span span35 = "../../../../creusot-contracts/src/model.rs" 81 8 81 28 + let%span span35 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span36 = "" 0 0 0 0 + let%span span36 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span37 = "" 0 0 0 0 + let%span span37 = "../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 - let%span span38 = "../../../../creusot-contracts/src/std/cmp.rs" 11 26 11 75 + let%span span38 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span39 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span39 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span40 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span40 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 - let%span span41 = "../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 + let%span span41 = "" 0 0 0 0 - let%span span42 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span42 = "" 0 0 0 0 - let%span span43 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span43 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 - let%span span44 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 + let%span span44 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 - let%span span45 = "" 0 0 0 0 + let%span span45 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 - let%span span46 = "" 0 0 0 0 + let%span span46 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 - let%span span47 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 + let%span span47 = "" 0 0 0 0 - let%span span48 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 + let%span span48 = "../hashmap.rs" 51 13 51 17 - let%span span49 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 + let%span span49 = "../hashmap.rs" 50 14 50 58 - let%span span50 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 + let%span span50 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 let%span span51 = "" 0 0 0 0 - let%span span52 = "../hashmap.rs" 51 13 51 17 - - let%span span53 = "../hashmap.rs" 50 14 50 58 - - let%span span54 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - - let%span span55 = "" 0 0 0 0 - - let%span span56 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 + let%span span52 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 use Hashmap_List_Type as List'0 @@ -634,21 +594,15 @@ module Hashmap_Impl5_Add use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'1 (self : Seq'0.t_seq (List'0.t_list (k, v))) : int - axiom len'1_spec : forall self : Seq'0.t_seq (List'0.t_list (k, v)) . ([%#span15] inv'15 self) - -> ([%#span16] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq (List'0.t_list (k, v)) . [%#span15] len'1 self >= 0 - constant empty'0 : Seq'0.t_seq (List'0.t_list (k, v)) = [%#span17] () + constant empty'0 : Seq'0.t_seq (List'0.t_list (k, v)) - function empty_len'0 (_1 : ()) : () = - [%#span19] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span18] len'1 (empty'0 : Seq'0.t_seq (List'0.t_list (k, v))) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span16] len'1 (empty'0 : Seq'0.t_seq (List'0.t_list (k, v))) = 0 predicate invariant'11 (self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) @@ -722,19 +676,18 @@ module Hashmap_Impl5_Add use prelude.prelude.UIntSize - constant max'0 : usize = [%#span20] (18446744073709551615 : usize) + constant max'0 : usize = [%#span17] (18446744073709551615 : usize) predicate inv'0 (_x : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) function shallow_model'4 (self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) : Seq'0.t_seq (List'0.t_list (k, v)) - axiom shallow_model'4_spec : forall self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global) . ([%#span21] inv'0 self) - -> ([%#span23] inv'15 (shallow_model'4 self)) - && ([%#span22] len'1 (shallow_model'4 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'4_spec : forall self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global) . ([%#span18] inv'0 self) + -> ([%#span19] len'1 (shallow_model'4 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'0 (self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) = - [%#span24] inv'15 (shallow_model'4 self) + [%#span20] inv'15 (shallow_model'4 self) axiom inv'0 : forall x : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global) . inv'0 x = true @@ -747,19 +700,17 @@ module Hashmap_Impl5_Add function get'0 [#"../hashmap.rs" 28 4 28 56] (self : List'0.t_list (k, v)) (index : deep_model_ty'0) : Option'0.t_option v = - [%#span25] match self with + [%#span21] match self with | List'0.C_Nil -> Option'0.C_None | List'0.C_Cons (k, v) tl -> if deep_model'0 k = index then Option'0.C_Some v else get'0 tl index end - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq (List'0.t_list (k, v))) (x : int) : List'0.t_list (k, v) + function index_logic'1 (self : Seq'0.t_seq (List'0.t_list (k, v))) (_2 : int) : List'0.t_list (k, v) function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) (ix : int) : List'0.t_list (k, v) = - [%#span26] index_logic'1 (shallow_model'4 self) ix + [%#span22] index_logic'1 (shallow_model'4 self) ix use int.EuclideanDivision @@ -768,24 +719,24 @@ module Hashmap_Impl5_Add function hash_log'0 [#"../hashmap.rs" 54 4 54 45] (_1 : deep_model_ty'0) : int function bucket_ix'0 [#"../hashmap.rs" 89 4 89 48] (self : MyHashMap'0.t_myhashmap k v) (k : deep_model_ty'0) : int = - [%#span27] EuclideanDivision.mod (hash_log'0 k) (len'1 (shallow_model'4 (Hashmap_MyHashMap_Type.myhashmap_buckets self))) + [%#span23] EuclideanDivision.mod (hash_log'0 k) (len'1 (shallow_model'4 (Hashmap_MyHashMap_Type.myhashmap_buckets self))) function bucket'0 [#"../hashmap.rs" 84 4 84 54] (self : MyHashMap'0.t_myhashmap k v) (k : deep_model_ty'0) : List'0.t_list (k, v) = - [%#span28] index_logic'0 (Hashmap_MyHashMap_Type.myhashmap_buckets self) (bucket_ix'0 self k) + [%#span24] index_logic'0 (Hashmap_MyHashMap_Type.myhashmap_buckets self) (bucket_ix'0 self k) use map.Map function shallow_model'0 [#"../hashmap.rs" 78 4 78 50] (self : MyHashMap'0.t_myhashmap k v) : Map.map deep_model_ty'0 (Option'0.t_option v) = - [%#span29] Mapping.from_fn (fun (k : deep_model_ty'0) -> get'0 (bucket'0 self k) k) + [%#span25] Mapping.from_fn (fun (k : deep_model_ty'0) -> get'0 (bucket'0 self k) k) function shallow_model'1 (self : borrowed (MyHashMap'0.t_myhashmap k v)) : Map.map deep_model_ty'0 (Option'0.t_option v) = - [%#span30] shallow_model'0 ( * self) + [%#span26] shallow_model'0 ( * self) use map.Map @@ -794,7 +745,7 @@ module Hashmap_Impl5_Add use prelude.prelude.Intrinsic predicate no_double_binding'0 [#"../hashmap.rs" 38 4 38 38] (self : List'0.t_list (k, v)) = - [%#span31] match self with + [%#span27] match self with | List'0.C_Nil -> true | List'0.C_Cons (k, _) tl -> get'0 tl (deep_model'0 k) = Option'0.C_None /\ no_double_binding'0 tl end @@ -802,17 +753,17 @@ module Hashmap_Impl5_Add predicate good_bucket'0 [#"../hashmap.rs" 199 4 199 57] (self : MyHashMap'0.t_myhashmap k v) (l : List'0.t_list (k, v)) (h : int) = - [%#span32] forall v : v . forall k : deep_model_ty'0 . inv'5 v + [%#span28] forall v : v . forall k : deep_model_ty'0 . inv'5 v -> inv'3 k -> get'0 l k = Option'0.C_Some v -> bucket_ix'0 self k = h predicate hashmap_inv'0 [#"../hashmap.rs" 208 4 208 33] (self : MyHashMap'0.t_myhashmap k v) = - [%#span33] 0 < len'1 (shallow_model'4 (Hashmap_MyHashMap_Type.myhashmap_buckets self)) + [%#span29] 0 < len'1 (shallow_model'4 (Hashmap_MyHashMap_Type.myhashmap_buckets self)) /\ (forall i : int . 0 <= i /\ i < len'1 (shallow_model'4 (Hashmap_MyHashMap_Type.myhashmap_buckets self)) -> good_bucket'0 self (index_logic'0 (Hashmap_MyHashMap_Type.myhashmap_buckets self) i) i /\ no_double_binding'0 (index_logic'0 (Hashmap_MyHashMap_Type.myhashmap_buckets self) i)) predicate resolve'9 (self : borrowed (MyHashMap'0.t_myhashmap k v)) = - [%#span34] ^ self = * self + [%#span30] ^ self = * self predicate resolve'8 (self : List'0.t_list (k, v)) @@ -821,20 +772,20 @@ module Hashmap_Impl5_Add predicate resolve'6 (self : k) predicate resolve'5 (self : borrowed (List'0.t_list (k, v))) = - [%#span34] ^ self = * self + [%#span30] ^ self = * self predicate resolve'4 (self : borrowed k) = - [%#span34] ^ self = * self + [%#span30] ^ self = * self predicate resolve'3 (self : borrowed v) = - [%#span34] ^ self = * self + [%#span30] ^ self = * self function deep_model'1 (self : k) : deep_model_ty'0 = - [%#span35] deep_model'0 self + [%#span31] deep_model'0 self - let rec eq'0 (self:k) (other:k) (return' (ret:bool))= {[@expl:precondition] [%#span37] inv'12 other} - {[@expl:precondition] [%#span36] inv'12 self} - any [ return' (result:bool)-> {[%#span38] result = (deep_model'1 self = deep_model'1 other)} (! return' {result}) ] + let rec eq'0 (self:k) (other:k) (return' (ret:bool))= {[@expl:precondition] [%#span33] inv'12 other} + {[@expl:precondition] [%#span32] inv'12 self} + any [ return' (result:bool)-> {[%#span34] result = (deep_model'1 self = deep_model'1 other)} (! return' {result}) ] function deref'1 (self : Snapshot'0.t_snapshot (borrowed (List'0.t_list (k, v)))) : borrowed (List'0.t_list (k, v)) @@ -847,42 +798,42 @@ module Hashmap_Impl5_Add function new'1 (x : borrowed (List'0.t_list (k, v))) : Snapshot'0.t_snapshot (borrowed (List'0.t_list (k, v))) - axiom new'1_spec : forall x : borrowed (List'0.t_list (k, v)) . ([%#span39] inv'2 x) - -> ([%#span40] deref'1 (new'1 x) = x) + axiom new'1_spec : forall x : borrowed (List'0.t_list (k, v)) . ([%#span35] inv'2 x) + -> ([%#span36] deref'1 (new'1 x) = x) predicate resolve'1 (self : borrowed (List'0.t_list (k, v))) = - [%#span34] ^ self = * self + [%#span30] ^ self = * self use prelude.prelude.Slice predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq'0.t_seq (List'0.t_list (k, v))) (fin : Seq'0.t_seq (List'0.t_list (k, v))) = - [%#span41] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'1 old' + [%#span37] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'1 old' -> index_logic'1 old' i = index_logic'1 fin i predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq (List'0.t_list (k, v))) (out : List'0.t_list (k, v)) = - [%#span42] index_logic'1 seq (UIntSize.to_int self) = out + [%#span38] index_logic'1 seq (UIntSize.to_int self) = out predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq (List'0.t_list (k, v))) = - [%#span43] UIntSize.to_int self < len'1 seq + [%#span39] UIntSize.to_int self < len'1 seq function shallow_model'3 (self : borrowed (Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global))) : Seq'0.t_seq (List'0.t_list (k, v)) = - [%#span30] shallow_model'4 ( * self) + [%#span26] shallow_model'4 ( * self) - let rec index_mut'0 (self:borrowed (Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global))) (index:usize) (return' (ret:borrowed (List'0.t_list (k, v))))= {[@expl:precondition] [%#span46] inv'14 index} - {[@expl:precondition] [%#span45] inv'13 self} - {[@expl:precondition] [%#span44] in_bounds'0 index (shallow_model'3 self)} + let rec index_mut'0 (self:borrowed (Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global))) (index:usize) (return' (ret:borrowed (List'0.t_list (k, v))))= {[@expl:precondition] [%#span42] inv'14 index} + {[@expl:precondition] [%#span41] inv'13 self} + {[@expl:precondition] [%#span40] in_bounds'0 index (shallow_model'3 self)} any - [ return' (result:borrowed (List'0.t_list (k, v)))-> {[%#span51] inv'2 result} - {[%#span50] len'1 (shallow_model'4 ( ^ self)) = len'1 (shallow_model'3 self)} - {[%#span49] resolve_elswhere'0 index (shallow_model'3 self) (shallow_model'4 ( ^ self))} - {[%#span48] has_value'0 index (shallow_model'4 ( ^ self)) ( ^ result)} - {[%#span47] has_value'0 index (shallow_model'3 self) ( * result)} + [ return' (result:borrowed (List'0.t_list (k, v)))-> {[%#span47] inv'2 result} + {[%#span46] len'1 (shallow_model'4 ( ^ self)) = len'1 (shallow_model'3 self)} + {[%#span45] resolve_elswhere'0 index (shallow_model'3 self) (shallow_model'4 ( ^ self))} + {[%#span44] has_value'0 index (shallow_model'4 ( ^ self)) ( ^ result)} + {[%#span43] has_value'0 index (shallow_model'3 self) ( * result)} (! return' {result}) ] @@ -890,20 +841,20 @@ module Hashmap_Impl5_Add use prelude.prelude.UInt64 - let rec hash'0 (self:k) (return' (ret:uint64))= {[@expl:precondition] [%#span52] inv'12 self} + let rec hash'0 (self:k) (return' (ret:uint64))= {[@expl:precondition] [%#span48] inv'12 self} any - [ return' (result:uint64)-> {[%#span53] UInt64.to_int result = hash_log'0 (deep_model'1 self)} + [ return' (result:uint64)-> {[%#span49] UInt64.to_int result = hash_log'0 (deep_model'1 self)} (! return' {result}) ] function shallow_model'2 (self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) : Seq'0.t_seq (List'0.t_list (k, v)) = - [%#span54] shallow_model'4 self + [%#span50] shallow_model'4 self - let rec len'0 (self:Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span55] inv'11 self} + let rec len'0 (self:Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span51] inv'11 self} any - [ return' (result:usize)-> {[%#span56] UIntSize.to_int result = len'1 (shallow_model'2 self)} (! return' {result}) ] + [ return' (result:usize)-> {[%#span52] UIntSize.to_int result = len'1 (shallow_model'2 self)} (! return' {result}) ] predicate resolve'0 (self : Snapshot'0.t_snapshot (borrowed (MyHashMap'0.t_myhashmap k v))) @@ -911,8 +862,8 @@ module Hashmap_Impl5_Add function new'0 (x : borrowed (MyHashMap'0.t_myhashmap k v)) : Snapshot'0.t_snapshot (borrowed (MyHashMap'0.t_myhashmap k v)) - axiom new'0_spec : forall x : borrowed (MyHashMap'0.t_myhashmap k v) . ([%#span39] inv'10 x) - -> ([%#span40] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : borrowed (MyHashMap'0.t_myhashmap k v) . ([%#span35] inv'10 x) + -> ([%#span36] deref'0 (new'0 x) = x) let rec add (self:borrowed (MyHashMap'0.t_myhashmap k v)) (key:k) (val':v) (return' (ret:()))= {[%#shashmap11] inv'5 val'} {[%#shashmap10] inv'4 key} @@ -1181,93 +1132,89 @@ module Hashmap_Impl5_Get let%span span7 = "" 0 0 0 0 - let%span span8 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span8 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span9 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span9 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span10 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span10 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span11 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span11 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span12 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span12 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span13 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span13 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span14 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 + let%span span14 = "../hashmap.rs" 30 12 33 13 - let%span span15 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span15 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span16 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span16 = "../hashmap.rs" 90 20 90 66 - let%span span17 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span17 = "../hashmap.rs" 85 8 85 53 - let%span span18 = "../hashmap.rs" 30 12 33 13 + let%span span18 = "../hashmap.rs" 79 20 79 45 - let%span span19 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span19 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span20 = "../hashmap.rs" 90 20 90 66 + let%span span20 = "../hashmap.rs" 40 12 43 13 - let%span span21 = "../hashmap.rs" 85 8 85 53 + let%span span21 = "../hashmap.rs" 200 8 202 9 - let%span span22 = "../hashmap.rs" 79 20 79 45 + let%span span22 = "../hashmap.rs" 209 8 212 9 - let%span span23 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span23 = "../../../../creusot-contracts/src/model.rs" 81 8 81 28 - let%span span24 = "../hashmap.rs" 40 12 43 13 + let%span span24 = "" 0 0 0 0 - let%span span25 = "../hashmap.rs" 200 8 202 9 + let%span span25 = "" 0 0 0 0 - let%span span26 = "../hashmap.rs" 209 8 212 9 + let%span span26 = "../../../../creusot-contracts/src/std/cmp.rs" 11 26 11 75 - let%span span27 = "../../../../creusot-contracts/src/model.rs" 81 8 81 28 + let%span span27 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span28 = "" 0 0 0 0 + let%span span28 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span29 = "" 0 0 0 0 + let%span span29 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 - let%span span30 = "../../../../creusot-contracts/src/std/cmp.rs" 11 26 11 75 + let%span span30 = "" 0 0 0 0 - let%span span31 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span31 = "" 0 0 0 0 - let%span span32 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span32 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 - let%span span33 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 + let%span span33 = "" 0 0 0 0 let%span span34 = "" 0 0 0 0 - let%span span35 = "" 0 0 0 0 + let%span span35 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 - let%span span36 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 + let%span span36 = "../hashmap.rs" 51 13 51 17 - let%span span37 = "" 0 0 0 0 + let%span span37 = "../hashmap.rs" 50 14 50 58 + + use Hashmap_List_Type as List'0 - let%span span38 = "" 0 0 0 0 + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - let%span span39 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 + predicate invariant'12 (self : Seq'0.t_seq (List'0.t_list (k, v))) - let%span span40 = "../hashmap.rs" 51 13 51 17 + predicate inv'12 (_x : Seq'0.t_seq (List'0.t_list (k, v))) - let%span span41 = "../hashmap.rs" 50 14 50 58 + axiom inv'12 : forall x : Seq'0.t_seq (List'0.t_list (k, v)) . inv'12 x = true type deep_model_ty'0 - predicate invariant'12 (self : deep_model_ty'0) - - predicate inv'12 (_x : deep_model_ty'0) + predicate invariant'11 (self : deep_model_ty'0) - axiom inv'12 : forall x : deep_model_ty'0 . inv'12 x = true + predicate inv'11 (_x : deep_model_ty'0) - predicate invariant'11 (self : v) + axiom inv'11 : forall x : deep_model_ty'0 . inv'11 x = true - predicate inv'11 (_x : v) + predicate invariant'10 (self : v) - axiom inv'11 : forall x : v . inv'11 x = true + predicate inv'10 (_x : v) - use Hashmap_List_Type as List'0 - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate inv'9 (_x : Seq'0.t_seq (List'0.t_list (k, v))) + axiom inv'10 : forall x : v . inv'10 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -1281,46 +1228,35 @@ module Hashmap_Impl5_Get constant max'0 : usize = [%#span7] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'1 (self : Seq'0.t_seq (List'0.t_list (k, v))) : int - axiom len'1_spec : forall self : Seq'0.t_seq (List'0.t_list (k, v)) . ([%#span8] inv'9 self) - -> ([%#span9] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq (List'0.t_list (k, v)) . [%#span8] len'1 self >= 0 - predicate inv'10 (_x : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) + predicate inv'9 (_x : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) function shallow_model'2 (self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) : Seq'0.t_seq (List'0.t_list (k, v)) - axiom shallow_model'2_spec : forall self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global) . ([%#span10] inv'10 self) - -> ([%#span12] inv'9 (shallow_model'2 self)) - && ([%#span11] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) - - predicate invariant'10 (self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) = - [%#span13] inv'9 (shallow_model'2 self) - - axiom inv'10 : forall x : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global) . inv'10 x = true + axiom shallow_model'2_spec : forall self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global) . ([%#span9] inv'9 self) + -> ([%#span10] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) - predicate invariant'9 (self : Seq'0.t_seq (List'0.t_list (k, v))) + predicate invariant'9 (self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) = + [%#span11] inv'12 (shallow_model'2 self) - axiom inv'9 : forall x : Seq'0.t_seq (List'0.t_list (k, v)) . inv'9 x = true + axiom inv'9 : forall x : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global) . inv'9 x = true predicate invariant'8 (self : usize) = - [%#span14] true + [%#span12] true predicate inv'8 (_x : usize) axiom inv'8 : forall x : usize . inv'8 x = true - constant empty'0 : Seq'0.t_seq (List'0.t_list (k, v)) = [%#span15] () + constant empty'0 : Seq'0.t_seq (List'0.t_list (k, v)) - function empty_len'0 (_1 : ()) : () = - [%#span17] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span16] len'1 (empty'0 : Seq'0.t_seq (List'0.t_list (k, v))) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span13] len'1 (empty'0 : Seq'0.t_seq (List'0.t_list (k, v))) = 0 predicate invariant'7 (self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) @@ -1383,19 +1319,17 @@ module Hashmap_Impl5_Get function get'0 [#"../hashmap.rs" 28 4 28 56] (self : List'0.t_list (k, v)) (index : deep_model_ty'0) : Option'0.t_option v = - [%#span18] match self with + [%#span14] match self with | List'0.C_Nil -> Option'0.C_None | List'0.C_Cons (k, v) tl -> if deep_model'0 k = index then Option'0.C_Some v else get'0 tl index end - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq (List'0.t_list (k, v))) (x : int) : List'0.t_list (k, v) + function index_logic'1 (self : Seq'0.t_seq (List'0.t_list (k, v))) (_2 : int) : List'0.t_list (k, v) function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) (ix : int) : List'0.t_list (k, v) = - [%#span19] index_logic'1 (shallow_model'2 self) ix + [%#span15] index_logic'1 (shallow_model'2 self) ix use int.EuclideanDivision @@ -1404,27 +1338,27 @@ module Hashmap_Impl5_Get function hash_log'0 [#"../hashmap.rs" 54 4 54 45] (_1 : deep_model_ty'0) : int function bucket_ix'0 [#"../hashmap.rs" 89 4 89 48] (self : MyHashMap'0.t_myhashmap k v) (k : deep_model_ty'0) : int = - [%#span20] EuclideanDivision.mod (hash_log'0 k) (len'1 (shallow_model'2 (Hashmap_MyHashMap_Type.myhashmap_buckets self))) + [%#span16] EuclideanDivision.mod (hash_log'0 k) (len'1 (shallow_model'2 (Hashmap_MyHashMap_Type.myhashmap_buckets self))) function bucket'0 [#"../hashmap.rs" 84 4 84 54] (self : MyHashMap'0.t_myhashmap k v) (k : deep_model_ty'0) : List'0.t_list (k, v) = - [%#span21] index_logic'0 (Hashmap_MyHashMap_Type.myhashmap_buckets self) (bucket_ix'0 self k) + [%#span17] index_logic'0 (Hashmap_MyHashMap_Type.myhashmap_buckets self) (bucket_ix'0 self k) use map.Map function shallow_model'3 [#"../hashmap.rs" 78 4 78 50] (self : MyHashMap'0.t_myhashmap k v) : Map.map deep_model_ty'0 (Option'0.t_option v) = - [%#span22] Mapping.from_fn (fun (k : deep_model_ty'0) -> get'0 (bucket'0 self k) k) + [%#span18] Mapping.from_fn (fun (k : deep_model_ty'0) -> get'0 (bucket'0 self k) k) use prelude.prelude.Borrow function shallow_model'0 (self : MyHashMap'0.t_myhashmap k v) : Map.map deep_model_ty'0 (Option'0.t_option v) = - [%#span23] shallow_model'3 self + [%#span19] shallow_model'3 self predicate no_double_binding'0 [#"../hashmap.rs" 38 4 38 38] (self : List'0.t_list (k, v)) = - [%#span24] match self with + [%#span20] match self with | List'0.C_Nil -> true | List'0.C_Cons (k, _) tl -> get'0 tl (deep_model'0 k) = Option'0.C_None /\ no_double_binding'0 tl end @@ -1432,11 +1366,11 @@ module Hashmap_Impl5_Get predicate good_bucket'0 [#"../hashmap.rs" 199 4 199 57] (self : MyHashMap'0.t_myhashmap k v) (l : List'0.t_list (k, v)) (h : int) = - [%#span25] forall v : v . forall k : deep_model_ty'0 . inv'11 v - -> inv'12 k -> get'0 l k = Option'0.C_Some v -> bucket_ix'0 self k = h + [%#span21] forall v : v . forall k : deep_model_ty'0 . inv'10 v + -> inv'11 k -> get'0 l k = Option'0.C_Some v -> bucket_ix'0 self k = h predicate hashmap_inv'0 [#"../hashmap.rs" 208 4 208 33] (self : MyHashMap'0.t_myhashmap k v) = - [%#span26] 0 < len'1 (shallow_model'2 (Hashmap_MyHashMap_Type.myhashmap_buckets self)) + [%#span22] 0 < len'1 (shallow_model'2 (Hashmap_MyHashMap_Type.myhashmap_buckets self)) /\ (forall i : int . 0 <= i /\ i < len'1 (shallow_model'2 (Hashmap_MyHashMap_Type.myhashmap_buckets self)) -> good_bucket'0 self (index_logic'0 (Hashmap_MyHashMap_Type.myhashmap_buckets self) i) i /\ no_double_binding'0 (index_logic'0 (Hashmap_MyHashMap_Type.myhashmap_buckets self) i)) @@ -1450,11 +1384,11 @@ module Hashmap_Impl5_Get predicate resolve'3 (self : v) function deep_model'1 (self : k) : deep_model_ty'0 = - [%#span27] deep_model'0 self + [%#span23] deep_model'0 self - let rec eq'0 (self:k) (other:k) (return' (ret:bool))= {[@expl:precondition] [%#span29] inv'2 other} - {[@expl:precondition] [%#span28] inv'2 self} - any [ return' (result:bool)-> {[%#span30] result = (deep_model'1 self = deep_model'1 other)} (! return' {result}) ] + let rec eq'0 (self:k) (other:k) (return' (ret:bool))= {[@expl:precondition] [%#span25] inv'2 other} + {[@expl:precondition] [%#span24] inv'2 self} + any [ return' (result:bool)-> {[%#span26] result = (deep_model'1 self = deep_model'1 other)} (! return' {result}) ] predicate resolve'2 (self : k) @@ -1465,39 +1399,39 @@ module Hashmap_Impl5_Get predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq (List'0.t_list (k, v))) (out : List'0.t_list (k, v)) = - [%#span31] index_logic'1 seq (UIntSize.to_int self) = out + [%#span27] index_logic'1 seq (UIntSize.to_int self) = out predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq (List'0.t_list (k, v))) = - [%#span32] UIntSize.to_int self < len'1 seq + [%#span28] UIntSize.to_int self < len'1 seq function shallow_model'1 (self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) : Seq'0.t_seq (List'0.t_list (k, v)) = - [%#span23] shallow_model'2 self + [%#span19] shallow_model'2 self - let rec index'0 (self:Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) (index:usize) (return' (ret:List'0.t_list (k, v)))= {[@expl:precondition] [%#span35] inv'8 index} - {[@expl:precondition] [%#span34] inv'7 self} - {[@expl:precondition] [%#span33] in_bounds'0 index (shallow_model'1 self)} + let rec index'0 (self:Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) (index:usize) (return' (ret:List'0.t_list (k, v)))= {[@expl:precondition] [%#span31] inv'8 index} + {[@expl:precondition] [%#span30] inv'7 self} + {[@expl:precondition] [%#span29] in_bounds'0 index (shallow_model'1 self)} any - [ return' (result:List'0.t_list (k, v))-> {[%#span37] inv'1 result} - {[%#span36] has_value'0 index (shallow_model'1 self) result} + [ return' (result:List'0.t_list (k, v))-> {[%#span33] inv'1 result} + {[%#span32] has_value'0 index (shallow_model'1 self) result} (! return' {result}) ] predicate resolve'0 (self : MyHashMap'0.t_myhashmap k v) - let rec len'0 (self:Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span38] inv'7 self} + let rec len'0 (self:Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span34] inv'7 self} any - [ return' (result:usize)-> {[%#span39] UIntSize.to_int result = len'1 (shallow_model'1 self)} (! return' {result}) ] + [ return' (result:usize)-> {[%#span35] UIntSize.to_int result = len'1 (shallow_model'1 self)} (! return' {result}) ] use prelude.prelude.UInt64 use prelude.prelude.UInt64 - let rec hash'0 (self:k) (return' (ret:uint64))= {[@expl:precondition] [%#span40] inv'2 self} + let rec hash'0 (self:k) (return' (ret:uint64))= {[@expl:precondition] [%#span36] inv'2 self} any - [ return' (result:uint64)-> {[%#span41] UInt64.to_int result = hash_log'0 (deep_model'1 self)} + [ return' (result:uint64)-> {[%#span37] UInt64.to_int result = hash_log'0 (deep_model'1 self)} (! return' {result}) ] @@ -1659,140 +1593,132 @@ module Hashmap_Impl5_Resize let%span span19 = "" 0 0 0 0 - let%span span20 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span20 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span21 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span21 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span22 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span22 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span23 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span23 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span24 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span24 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span25 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span25 = "../hashmap.rs" 30 12 33 13 - let%span span26 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span26 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span27 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span27 = "../hashmap.rs" 90 20 90 66 - let%span span28 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span28 = "../hashmap.rs" 85 8 85 53 - let%span span29 = "../hashmap.rs" 30 12 33 13 + let%span span29 = "../hashmap.rs" 79 20 79 45 - let%span span30 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span30 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span31 = "../hashmap.rs" 90 20 90 66 + let%span span31 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span32 = "../hashmap.rs" 85 8 85 53 + let%span span32 = "../../../../creusot-contracts/src/resolve.rs" 35 8 35 31 - let%span span33 = "../hashmap.rs" 79 20 79 45 + let%span span33 = "../hashmap.rs" 40 12 43 13 - let%span span34 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span34 = "../hashmap.rs" 200 8 202 9 - let%span span35 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span35 = "../hashmap.rs" 209 8 212 9 - let%span span36 = "../../../../creusot-contracts/src/resolve.rs" 35 8 35 31 + let%span span36 = "../hashmap.rs" 103 15 103 36 - let%span span37 = "../hashmap.rs" 40 12 43 13 + let%span span37 = "../hashmap.rs" 106 20 106 24 - let%span span38 = "../hashmap.rs" 200 8 202 9 + let%span span38 = "../hashmap.rs" 106 26 106 29 - let%span span39 = "../hashmap.rs" 209 8 212 9 + let%span span39 = "../hashmap.rs" 106 34 106 37 - let%span span40 = "../hashmap.rs" 103 15 103 36 + let%span span40 = "../hashmap.rs" 104 14 104 35 - let%span span41 = "../hashmap.rs" 106 20 106 24 + let%span span41 = "../hashmap.rs" 105 4 105 124 - let%span span42 = "../hashmap.rs" 106 26 106 29 + let%span span42 = "" 0 0 0 0 - let%span span43 = "../hashmap.rs" 106 34 106 37 + let%span span43 = "" 0 0 0 0 - let%span span44 = "../hashmap.rs" 104 14 104 35 + let%span span44 = "../../../../creusot-contracts/src/std/mem.rs" 8 22 8 34 - let%span span45 = "../hashmap.rs" 105 4 105 124 + let%span span45 = "../../../../creusot-contracts/src/std/mem.rs" 9 22 9 37 let%span span46 = "" 0 0 0 0 - let%span span47 = "" 0 0 0 0 + let%span span47 = "../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 - let%span span48 = "../../../../creusot-contracts/src/std/mem.rs" 8 22 8 34 + let%span span48 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span49 = "../../../../creusot-contracts/src/std/mem.rs" 9 22 9 37 + let%span span49 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span50 = "" 0 0 0 0 + let%span span50 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 - let%span span51 = "../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 + let%span span51 = "" 0 0 0 0 - let%span span52 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span52 = "" 0 0 0 0 - let%span span53 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span53 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 - let%span span54 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 + let%span span54 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 - let%span span55 = "" 0 0 0 0 + let%span span55 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 - let%span span56 = "" 0 0 0 0 + let%span span56 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 - let%span span57 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 + let%span span57 = "" 0 0 0 0 - let%span span58 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 + let%span span58 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span59 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 + let%span span59 = "../../../../creusot-contracts/src/snapshot.rs" 27 20 27 48 - let%span span60 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 + let%span span60 = "../hashmap.rs" 95 15 95 24 - let%span span61 = "" 0 0 0 0 + let%span span61 = "../hashmap.rs" 96 14 96 34 - let%span span62 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span62 = "../hashmap.rs" 97 4 97 64 - let%span span63 = "../../../../creusot-contracts/src/snapshot.rs" 27 20 27 48 + let%span span63 = "../hashmap.rs" 98 31 98 46 - let%span span64 = "../hashmap.rs" 95 15 95 24 + let%span span64 = "" 0 0 0 0 - let%span span65 = "../hashmap.rs" 96 14 96 34 + let%span span65 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 - let%span span66 = "../hashmap.rs" 97 4 97 64 + let%span span66 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span67 = "../hashmap.rs" 98 31 98 46 + let%span span67 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span68 = "" 0 0 0 0 + use Hashmap_List_Type as List'0 - let%span span69 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + + predicate invariant'12 (self : Seq'0.t_seq (List'0.t_list (k, v))) - let%span span70 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + predicate inv'12 (_x : Seq'0.t_seq (List'0.t_list (k, v))) - let%span span71 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + axiom inv'12 : forall x : Seq'0.t_seq (List'0.t_list (k, v)) . inv'12 x = true use prelude.prelude.UIntSize - predicate invariant'12 (self : usize) = + predicate invariant'11 (self : usize) = [%#span18] true - predicate inv'12 (_x : usize) + predicate inv'11 (_x : usize) - axiom inv'12 : forall x : usize . inv'12 x = true + axiom inv'11 : forall x : usize . inv'11 x = true use Alloc_Alloc_Global_Type as Global'0 - use Hashmap_List_Type as List'0 - use Alloc_Vec_Vec_Type as Vec'0 use prelude.prelude.Borrow - predicate invariant'11 (self : borrowed (Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global))) - - predicate inv'11 (_x : borrowed (Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global))) + predicate invariant'10 (self : borrowed (Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global))) - axiom inv'11 : forall x : borrowed (Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) . inv'11 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + predicate inv'10 (_x : borrowed (Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global))) - predicate invariant'10 (self : Seq'0.t_seq (List'0.t_list (k, v))) - - predicate inv'10 (_x : Seq'0.t_seq (List'0.t_list (k, v))) - - axiom inv'10 : forall x : Seq'0.t_seq (List'0.t_list (k, v)) . inv'10 x = true + axiom inv'10 : forall x : borrowed (Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) . inv'10 x = true predicate invariant'9 (self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) @@ -1850,35 +1776,28 @@ module Hashmap_Impl5_Resize constant max'0 : usize = [%#span19] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'1 (self : Seq'0.t_seq (List'0.t_list (k, v))) : int - axiom len'1_spec : forall self : Seq'0.t_seq (List'0.t_list (k, v)) . ([%#span20] inv'10 self) - -> ([%#span21] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq (List'0.t_list (k, v)) . [%#span20] len'1 self >= 0 predicate inv'1 (_x : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) function shallow_model'2 (self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) : Seq'0.t_seq (List'0.t_list (k, v)) - axiom shallow_model'2_spec : forall self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global) . ([%#span22] inv'1 self) - -> ([%#span24] inv'10 (shallow_model'2 self)) - && ([%#span23] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'2_spec : forall self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global) . ([%#span21] inv'1 self) + -> ([%#span22] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'1 (self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) = - [%#span25] inv'10 (shallow_model'2 self) + [%#span23] inv'12 (shallow_model'2 self) axiom inv'1 : forall x : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global) . inv'1 x = true - constant empty'0 : Seq'0.t_seq (List'0.t_list (k, v)) = [%#span26] () + constant empty'0 : Seq'0.t_seq (List'0.t_list (k, v)) - function empty_len'0 (_1 : ()) : () = - [%#span28] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span27] len'1 (empty'0 : Seq'0.t_seq (List'0.t_list (k, v))) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span24] len'1 (empty'0 : Seq'0.t_seq (List'0.t_list (k, v))) = 0 type deep_model_ty'0 @@ -1897,19 +1816,17 @@ module Hashmap_Impl5_Resize function get'0 [#"../hashmap.rs" 28 4 28 56] (self : List'0.t_list (k, v)) (index : deep_model_ty'0) : Option'0.t_option v = - [%#span29] match self with + [%#span25] match self with | List'0.C_Nil -> Option'0.C_None | List'0.C_Cons (k, v) tl -> if deep_model'0 k = index then Option'0.C_Some v else get'0 tl index end - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq (List'0.t_list (k, v))) (x : int) : List'0.t_list (k, v) + function index_logic'1 (self : Seq'0.t_seq (List'0.t_list (k, v))) (_2 : int) : List'0.t_list (k, v) function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) (ix : int) : List'0.t_list (k, v) = - [%#span30] index_logic'1 (shallow_model'2 self) ix + [%#span26] index_logic'1 (shallow_model'2 self) ix use int.EuclideanDivision @@ -1918,43 +1835,43 @@ module Hashmap_Impl5_Resize function hash_log'0 [#"../hashmap.rs" 54 4 54 45] (_1 : deep_model_ty'0) : int function bucket_ix'0 [#"../hashmap.rs" 89 4 89 48] (self : MyHashMap'0.t_myhashmap k v) (k : deep_model_ty'0) : int = - [%#span31] EuclideanDivision.mod (hash_log'0 k) (len'1 (shallow_model'2 (Hashmap_MyHashMap_Type.myhashmap_buckets self))) + [%#span27] EuclideanDivision.mod (hash_log'0 k) (len'1 (shallow_model'2 (Hashmap_MyHashMap_Type.myhashmap_buckets self))) function bucket'0 [#"../hashmap.rs" 84 4 84 54] (self : MyHashMap'0.t_myhashmap k v) (k : deep_model_ty'0) : List'0.t_list (k, v) = - [%#span32] index_logic'0 (Hashmap_MyHashMap_Type.myhashmap_buckets self) (bucket_ix'0 self k) + [%#span28] index_logic'0 (Hashmap_MyHashMap_Type.myhashmap_buckets self) (bucket_ix'0 self k) use map.Map function shallow_model'1 [#"../hashmap.rs" 78 4 78 50] (self : MyHashMap'0.t_myhashmap k v) : Map.map deep_model_ty'0 (Option'0.t_option v) = - [%#span33] Mapping.from_fn (fun (k : deep_model_ty'0) -> get'0 (bucket'0 self k) k) + [%#span29] Mapping.from_fn (fun (k : deep_model_ty'0) -> get'0 (bucket'0 self k) k) function shallow_model'3 (self : borrowed (MyHashMap'0.t_myhashmap k v)) : Map.map deep_model_ty'0 (Option'0.t_option v) = - [%#span34] shallow_model'1 ( * self) + [%#span30] shallow_model'1 ( * self) use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic predicate resolve'7 (self : borrowed (MyHashMap'0.t_myhashmap k v)) = - [%#span35] ^ self = * self + [%#span31] ^ self = * self predicate resolve'6 (self : MyHashMap'0.t_myhashmap k v) predicate resolve'2 (self : List'0.t_list (k, v)) predicate resolve'5 (self : List'0.t_list (k, v)) = - [%#span36] resolve'2 self + [%#span32] resolve'2 self use map.Map predicate no_double_binding'0 [#"../hashmap.rs" 38 4 38 38] (self : List'0.t_list (k, v)) = - [%#span37] match self with + [%#span33] match self with | List'0.C_Nil -> true | List'0.C_Cons (k, _) tl -> get'0 tl (deep_model'0 k) = Option'0.C_None /\ no_double_binding'0 tl end @@ -1962,24 +1879,24 @@ module Hashmap_Impl5_Resize predicate good_bucket'0 [#"../hashmap.rs" 199 4 199 57] (self : MyHashMap'0.t_myhashmap k v) (l : List'0.t_list (k, v)) (h : int) = - [%#span38] forall v : v . forall k : deep_model_ty'0 . inv'6 v + [%#span34] forall v : v . forall k : deep_model_ty'0 . inv'6 v -> inv'0 k -> get'0 l k = Option'0.C_Some v -> bucket_ix'0 self k = h predicate hashmap_inv'0 [#"../hashmap.rs" 208 4 208 33] (self : MyHashMap'0.t_myhashmap k v) = - [%#span39] 0 < len'1 (shallow_model'2 (Hashmap_MyHashMap_Type.myhashmap_buckets self)) + [%#span35] 0 < len'1 (shallow_model'2 (Hashmap_MyHashMap_Type.myhashmap_buckets self)) /\ (forall i : int . 0 <= i /\ i < len'1 (shallow_model'2 (Hashmap_MyHashMap_Type.myhashmap_buckets self)) -> good_bucket'0 self (index_logic'0 (Hashmap_MyHashMap_Type.myhashmap_buckets self) i) i /\ no_double_binding'0 (index_logic'0 (Hashmap_MyHashMap_Type.myhashmap_buckets self) i)) - let rec add'0 (self:borrowed (MyHashMap'0.t_myhashmap k v)) (key:k) (val':v) (return' (ret:()))= {[@expl:precondition] [%#span43] inv'6 val'} - {[@expl:precondition] [%#span42] inv'5 key} - {[@expl:precondition] [%#span41] inv'8 self} - {[@expl:precondition] [%#span40] hashmap_inv'0 ( * self)} + let rec add'0 (self:borrowed (MyHashMap'0.t_myhashmap k v)) (key:k) (val':v) (return' (ret:()))= {[@expl:precondition] [%#span39] inv'6 val'} + {[@expl:precondition] [%#span38] inv'5 key} + {[@expl:precondition] [%#span37] inv'8 self} + {[@expl:precondition] [%#span36] hashmap_inv'0 ( * self)} any - [ return' (result:())-> {[%#span45] forall i : deep_model_ty'0 . inv'0 i + [ return' (result:())-> {[%#span41] forall i : deep_model_ty'0 . inv'0 i -> Map.get (shallow_model'1 ( ^ self)) i = (if i = deep_model'0 key then Option'0.C_Some val' else Map.get (shallow_model'3 self) i)} - {[%#span44] hashmap_inv'0 ( ^ self)} + {[%#span40] hashmap_inv'0 ( ^ self)} (! return' {result}) ] @@ -1988,14 +1905,14 @@ module Hashmap_Impl5_Resize predicate resolve'3 (self : k) predicate resolve'1 (self : borrowed (List'0.t_list (k, v))) = - [%#span35] ^ self = * self + [%#span31] ^ self = * self - let rec replace'0 (dest:borrowed (List'0.t_list (k, v))) (src:List'0.t_list (k, v)) (return' (ret:List'0.t_list (k, v)))= {[@expl:precondition] [%#span47] inv'2 src} - {[@expl:precondition] [%#span46] inv'3 dest} + let rec replace'0 (dest:borrowed (List'0.t_list (k, v))) (src:List'0.t_list (k, v)) (return' (ret:List'0.t_list (k, v)))= {[@expl:precondition] [%#span43] inv'2 src} + {[@expl:precondition] [%#span42] inv'3 dest} any - [ return' (result:List'0.t_list (k, v))-> {[%#span50] inv'2 result} - {[%#span49] result = * dest} - {[%#span48] ^ dest = src} + [ return' (result:List'0.t_list (k, v))-> {[%#span46] inv'2 result} + {[%#span45] result = * dest} + {[%#span44] ^ dest = src} (! return' {result}) ] @@ -2004,38 +1921,38 @@ module Hashmap_Impl5_Resize predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq'0.t_seq (List'0.t_list (k, v))) (fin : Seq'0.t_seq (List'0.t_list (k, v))) = - [%#span51] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'1 old' + [%#span47] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'1 old' -> index_logic'1 old' i = index_logic'1 fin i predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq (List'0.t_list (k, v))) (out : List'0.t_list (k, v)) = - [%#span52] index_logic'1 seq (UIntSize.to_int self) = out + [%#span48] index_logic'1 seq (UIntSize.to_int self) = out predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq (List'0.t_list (k, v))) = - [%#span53] UIntSize.to_int self < len'1 seq + [%#span49] UIntSize.to_int self < len'1 seq function shallow_model'6 (self : borrowed (Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global))) : Seq'0.t_seq (List'0.t_list (k, v)) = - [%#span34] shallow_model'2 ( * self) + [%#span30] shallow_model'2 ( * self) - let rec index_mut'0 (self:borrowed (Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global))) (index:usize) (return' (ret:borrowed (List'0.t_list (k, v))))= {[@expl:precondition] [%#span56] inv'12 index} - {[@expl:precondition] [%#span55] inv'11 self} - {[@expl:precondition] [%#span54] in_bounds'0 index (shallow_model'6 self)} + let rec index_mut'0 (self:borrowed (Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global))) (index:usize) (return' (ret:borrowed (List'0.t_list (k, v))))= {[@expl:precondition] [%#span52] inv'11 index} + {[@expl:precondition] [%#span51] inv'10 self} + {[@expl:precondition] [%#span50] in_bounds'0 index (shallow_model'6 self)} any - [ return' (result:borrowed (List'0.t_list (k, v)))-> {[%#span61] inv'3 result} - {[%#span60] len'1 (shallow_model'2 ( ^ self)) = len'1 (shallow_model'6 self)} - {[%#span59] resolve_elswhere'0 index (shallow_model'6 self) (shallow_model'2 ( ^ self))} - {[%#span58] has_value'0 index (shallow_model'2 ( ^ self)) ( ^ result)} - {[%#span57] has_value'0 index (shallow_model'6 self) ( * result)} + [ return' (result:borrowed (List'0.t_list (k, v)))-> {[%#span57] inv'3 result} + {[%#span56] len'1 (shallow_model'2 ( ^ self)) = len'1 (shallow_model'6 self)} + {[%#span55] resolve_elswhere'0 index (shallow_model'6 self) (shallow_model'2 ( ^ self))} + {[%#span54] has_value'0 index (shallow_model'2 ( ^ self)) ( ^ result)} + {[%#span53] has_value'0 index (shallow_model'6 self) ( * result)} (! return' {result}) ] function shallow_model'5 (self : borrowed (MyHashMap'0.t_myhashmap k v)) : Map.map deep_model_ty'0 (Option'0.t_option v) = - [%#span62] shallow_model'3 self + [%#span58] shallow_model'3 self function deref'0 (self : Snapshot'0.t_snapshot (borrowed (MyHashMap'0.t_myhashmap k v))) : borrowed (MyHashMap'0.t_myhashmap k v) @@ -2043,25 +1960,25 @@ module Hashmap_Impl5_Resize function shallow_model'0 (self : Snapshot'0.t_snapshot (borrowed (MyHashMap'0.t_myhashmap k v))) : Map.map deep_model_ty'0 (Option'0.t_option v) = - [%#span63] shallow_model'5 (deref'0 self) + [%#span59] shallow_model'5 (deref'0 self) - let rec new'1 (size:usize) (return' (ret:MyHashMap'0.t_myhashmap k v))= {[@expl:precondition] [%#span64] 0 + let rec new'1 (size:usize) (return' (ret:MyHashMap'0.t_myhashmap k v))= {[@expl:precondition] [%#span60] 0 < UIntSize.to_int size} any - [ return' (result:MyHashMap'0.t_myhashmap k v)-> {[%#span67] inv'4 result} - {[%#span66] forall i : deep_model_ty'0 . inv'0 i -> Map.get (shallow_model'1 result) i = Option'0.C_None} - {[%#span65] hashmap_inv'0 result} + [ return' (result:MyHashMap'0.t_myhashmap k v)-> {[%#span63] inv'4 result} + {[%#span62] forall i : deep_model_ty'0 . inv'0 i -> Map.get (shallow_model'1 result) i = Option'0.C_None} + {[%#span61] hashmap_inv'0 result} (! return' {result}) ] function shallow_model'4 (self : Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) : Seq'0.t_seq (List'0.t_list (k, v)) = - [%#span62] shallow_model'2 self + [%#span58] shallow_model'2 self - let rec len'0 (self:Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span68] inv'9 self} + let rec len'0 (self:Vec'0.t_vec (List'0.t_list (k, v)) (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span64] inv'9 self} any - [ return' (result:usize)-> {[%#span69] UIntSize.to_int result = len'1 (shallow_model'4 self)} (! return' {result}) ] + [ return' (result:usize)-> {[%#span65] UIntSize.to_int result = len'1 (shallow_model'4 self)} (! return' {result}) ] predicate resolve'0 (self : Snapshot'0.t_snapshot (borrowed (MyHashMap'0.t_myhashmap k v))) @@ -2069,8 +1986,8 @@ module Hashmap_Impl5_Resize function new'0 (x : borrowed (MyHashMap'0.t_myhashmap k v)) : Snapshot'0.t_snapshot (borrowed (MyHashMap'0.t_myhashmap k v)) - axiom new'0_spec : forall x : borrowed (MyHashMap'0.t_myhashmap k v) . ([%#span70] inv'8 x) - -> ([%#span71] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : borrowed (MyHashMap'0.t_myhashmap k v) . ([%#span66] inv'8 x) + -> ([%#span67] deref'0 (new'0 x) = x) let rec resize (self:borrowed (MyHashMap'0.t_myhashmap k v)) (return' (ret:()))= {[%#shashmap15] inv'8 self} {[%#shashmap14] hashmap_inv'0 ( * self)} @@ -2321,77 +2238,69 @@ module Hashmap_Main let%span span19 = "" 0 0 0 0 - let%span span20 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span21 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span22 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span20 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span23 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - - let%span span24 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 - - let%span span25 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span21 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span26 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span22 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span27 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span23 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span28 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span24 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span29 = "../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 + let%span span25 = "../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 - let%span span30 = "../hashmap.rs" 30 12 33 13 + let%span span26 = "../hashmap.rs" 30 12 33 13 - let%span span31 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span27 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span32 = "../hashmap.rs" 65 20 65 21 + let%span span28 = "../hashmap.rs" 65 20 65 21 - let%span span33 = "../hashmap.rs" 90 20 90 66 + let%span span29 = "../hashmap.rs" 90 20 90 66 - let%span span34 = "../hashmap.rs" 85 8 85 53 + let%span span30 = "../hashmap.rs" 85 8 85 53 - let%span span35 = "../hashmap.rs" 79 20 79 45 + let%span span31 = "../hashmap.rs" 79 20 79 45 - let%span span36 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span32 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span37 = "../hashmap.rs" 40 12 43 13 + let%span span33 = "../hashmap.rs" 40 12 43 13 - let%span span38 = "../hashmap.rs" 200 8 202 9 + let%span span34 = "../hashmap.rs" 200 8 202 9 - let%span span39 = "../hashmap.rs" 209 8 212 9 + let%span span35 = "../hashmap.rs" 209 8 212 9 - let%span span40 = "../hashmap.rs" 103 15 103 36 + let%span span36 = "../hashmap.rs" 103 15 103 36 - let%span span41 = "../hashmap.rs" 106 20 106 24 + let%span span37 = "../hashmap.rs" 106 20 106 24 - let%span span42 = "../hashmap.rs" 106 26 106 29 + let%span span38 = "../hashmap.rs" 106 26 106 29 - let%span span43 = "../hashmap.rs" 106 34 106 37 + let%span span39 = "../hashmap.rs" 106 34 106 37 - let%span span44 = "../hashmap.rs" 104 14 104 35 + let%span span40 = "../hashmap.rs" 104 14 104 35 - let%span span45 = "../hashmap.rs" 105 4 105 124 + let%span span41 = "../hashmap.rs" 105 4 105 124 - let%span span46 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span42 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span47 = "../hashmap.rs" 136 15 136 33 + let%span span43 = "../hashmap.rs" 136 15 136 33 - let%span span48 = "../hashmap.rs" 141 16 141 20 + let%span span44 = "../hashmap.rs" 141 16 141 20 - let%span span49 = "../hashmap.rs" 141 22 141 25 + let%span span45 = "../hashmap.rs" 141 22 141 25 - let%span span50 = "../hashmap.rs" 137 14 140 5 + let%span span46 = "../hashmap.rs" 137 14 140 5 - let%span span51 = "../hashmap.rs" 141 33 141 43 + let%span span47 = "../hashmap.rs" 141 33 141 43 - let%span span52 = "../hashmap.rs" 95 15 95 24 + let%span span48 = "../hashmap.rs" 95 15 95 24 - let%span span53 = "../hashmap.rs" 96 14 96 34 + let%span span49 = "../hashmap.rs" 96 14 96 34 - let%span span54 = "../hashmap.rs" 97 4 97 64 + let%span span50 = "../hashmap.rs" 97 4 97 64 - let%span span55 = "../hashmap.rs" 98 31 98 46 + let%span span51 = "../hashmap.rs" 98 31 98 46 use prelude.prelude.IntSize @@ -2418,35 +2327,28 @@ module Hashmap_Main constant max'0 : usize = [%#span19] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq (List'0.t_list (usize, isize))) : int - axiom len'0_spec : forall self : Seq'0.t_seq (List'0.t_list (usize, isize)) . ([%#span20] inv'8 self) - -> ([%#span21] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (List'0.t_list (usize, isize)) . [%#span20] len'0 self >= 0 predicate inv'7 (_x : Vec'0.t_vec (List'0.t_list (usize, isize)) (Global'0.t_global)) function shallow_model'3 (self : Vec'0.t_vec (List'0.t_list (usize, isize)) (Global'0.t_global)) : Seq'0.t_seq (List'0.t_list (usize, isize)) - axiom shallow_model'3_spec : forall self : Vec'0.t_vec (List'0.t_list (usize, isize)) (Global'0.t_global) . ([%#span22] inv'7 self) - -> ([%#span24] inv'8 (shallow_model'3 self)) - && ([%#span23] len'0 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'3_spec : forall self : Vec'0.t_vec (List'0.t_list (usize, isize)) (Global'0.t_global) . ([%#span21] inv'7 self) + -> ([%#span22] len'0 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'7 (self : Vec'0.t_vec (List'0.t_list (usize, isize)) (Global'0.t_global)) = - [%#span25] inv'8 (shallow_model'3 self) + [%#span23] inv'8 (shallow_model'3 self) axiom inv'7 : forall x : Vec'0.t_vec (List'0.t_list (usize, isize)) (Global'0.t_global) . inv'7 x = true - constant empty'0 : Seq'0.t_seq (List'0.t_list (usize, isize)) = [%#span26] () + constant empty'0 : Seq'0.t_seq (List'0.t_list (usize, isize)) - function empty_len'0 (_1 : ()) : () = - [%#span28] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span27] len'0 (empty'0 : Seq'0.t_seq (List'0.t_list (usize, isize))) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span24] len'0 (empty'0 : Seq'0.t_seq (List'0.t_list (usize, isize))) = 0 predicate invariant'6 (self : isize) = [%#span18] true @@ -2512,54 +2414,52 @@ module Hashmap_Main use prelude.prelude.Mapping function deep_model'0 (self : usize) : int = - [%#span29] UIntSize.to_int self + [%#span25] UIntSize.to_int self function get'1 [#"../hashmap.rs" 28 4 28 56] (self : List'0.t_list (usize, isize)) (index : int) : Option'0.t_option isize = - [%#span30] match self with + [%#span26] match self with | List'0.C_Nil -> Option'0.C_None | List'0.C_Cons (k, v) tl -> if deep_model'0 k = index then Option'0.C_Some v else get'1 tl index end - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq (List'0.t_list (usize, isize))) (x : int) : List'0.t_list (usize, isize) + function index_logic'1 (self : Seq'0.t_seq (List'0.t_list (usize, isize))) (_2 : int) : List'0.t_list (usize, isize) function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec (List'0.t_list (usize, isize)) (Global'0.t_global)) (ix : int) : List'0.t_list (usize, isize) = - [%#span31] index_logic'1 (shallow_model'3 self) ix + [%#span27] index_logic'1 (shallow_model'3 self) ix use int.EuclideanDivision use Hashmap_MyHashMap_Type as Hashmap_MyHashMap_Type function hash_log'0 [#"../hashmap.rs" 64 4 64 30] (x : int) : int = - [%#span32] x + [%#span28] x function bucket_ix'0 [#"../hashmap.rs" 89 4 89 48] (self : MyHashMap'0.t_myhashmap usize isize) (k : int) : int = - [%#span33] EuclideanDivision.mod (hash_log'0 k) (len'0 (shallow_model'3 (Hashmap_MyHashMap_Type.myhashmap_buckets self))) + [%#span29] EuclideanDivision.mod (hash_log'0 k) (len'0 (shallow_model'3 (Hashmap_MyHashMap_Type.myhashmap_buckets self))) function bucket'0 [#"../hashmap.rs" 84 4 84 54] (self : MyHashMap'0.t_myhashmap usize isize) (k : int) : List'0.t_list (usize, isize) = - [%#span34] index_logic'0 (Hashmap_MyHashMap_Type.myhashmap_buckets self) (bucket_ix'0 self k) + [%#span30] index_logic'0 (Hashmap_MyHashMap_Type.myhashmap_buckets self) (bucket_ix'0 self k) function shallow_model'0 [#"../hashmap.rs" 78 4 78 50] (self : MyHashMap'0.t_myhashmap usize isize) : Map.map int (Option'0.t_option isize) = - [%#span35] Mapping.from_fn (fun (k : int) -> get'1 (bucket'0 self k) k) + [%#span31] Mapping.from_fn (fun (k : int) -> get'1 (bucket'0 self k) k) function shallow_model'2 (self : borrowed (MyHashMap'0.t_myhashmap usize isize)) : Map.map int (Option'0.t_option isize) = - [%#span36] shallow_model'0 ( * self) + [%#span32] shallow_model'0 ( * self) use map.Map predicate no_double_binding'0 [#"../hashmap.rs" 38 4 38 38] (self : List'0.t_list (usize, isize)) = - [%#span37] match self with + [%#span33] match self with | List'0.C_Nil -> true | List'0.C_Cons (k, _) tl -> get'1 tl (deep_model'0 k) = Option'0.C_None /\ no_double_binding'0 tl end @@ -2567,48 +2467,48 @@ module Hashmap_Main predicate good_bucket'0 [#"../hashmap.rs" 199 4 199 57] (self : MyHashMap'0.t_myhashmap usize isize) (l : List'0.t_list (usize, isize)) (h : int) = - [%#span38] forall v : isize . forall k : int . inv'6 v + [%#span34] forall v : isize . forall k : int . inv'6 v -> inv'0 k -> get'1 l k = Option'0.C_Some v -> bucket_ix'0 self k = h predicate hashmap_inv'0 [#"../hashmap.rs" 208 4 208 33] (self : MyHashMap'0.t_myhashmap usize isize) = - [%#span39] 0 < len'0 (shallow_model'3 (Hashmap_MyHashMap_Type.myhashmap_buckets self)) + [%#span35] 0 < len'0 (shallow_model'3 (Hashmap_MyHashMap_Type.myhashmap_buckets self)) /\ (forall i : int . 0 <= i /\ i < len'0 (shallow_model'3 (Hashmap_MyHashMap_Type.myhashmap_buckets self)) -> good_bucket'0 self (index_logic'0 (Hashmap_MyHashMap_Type.myhashmap_buckets self) i) i /\ no_double_binding'0 (index_logic'0 (Hashmap_MyHashMap_Type.myhashmap_buckets self) i)) - let rec add'0 (self:borrowed (MyHashMap'0.t_myhashmap usize isize)) (key:usize) (val':isize) (return' (ret:()))= {[@expl:precondition] [%#span43] inv'6 val'} - {[@expl:precondition] [%#span42] inv'3 key} - {[@expl:precondition] [%#span41] inv'5 self} - {[@expl:precondition] [%#span40] hashmap_inv'0 ( * self)} + let rec add'0 (self:borrowed (MyHashMap'0.t_myhashmap usize isize)) (key:usize) (val':isize) (return' (ret:()))= {[@expl:precondition] [%#span39] inv'6 val'} + {[@expl:precondition] [%#span38] inv'3 key} + {[@expl:precondition] [%#span37] inv'5 self} + {[@expl:precondition] [%#span36] hashmap_inv'0 ( * self)} any - [ return' (result:())-> {[%#span45] forall i : int . inv'0 i + [ return' (result:())-> {[%#span41] forall i : int . inv'0 i -> Map.get (shallow_model'0 ( ^ self)) i = (if i = deep_model'0 key then Option'0.C_Some val' else Map.get (shallow_model'2 self) i)} - {[%#span44] hashmap_inv'0 ( ^ self)} + {[%#span40] hashmap_inv'0 ( ^ self)} (! return' {result}) ] function shallow_model'1 (self : MyHashMap'0.t_myhashmap usize isize) : Map.map int (Option'0.t_option isize) = - [%#span46] shallow_model'0 self + [%#span42] shallow_model'0 self - let rec get'0 (self:MyHashMap'0.t_myhashmap usize isize) (key:usize) (return' (ret:Option'0.t_option isize))= {[@expl:precondition] [%#span49] inv'3 key} - {[@expl:precondition] [%#span48] inv'2 self} - {[@expl:precondition] [%#span47] hashmap_inv'0 self} + let rec get'0 (self:MyHashMap'0.t_myhashmap usize isize) (key:usize) (return' (ret:Option'0.t_option isize))= {[@expl:precondition] [%#span45] inv'3 key} + {[@expl:precondition] [%#span44] inv'2 self} + {[@expl:precondition] [%#span43] hashmap_inv'0 self} any - [ return' (result:Option'0.t_option isize)-> {[%#span51] inv'4 result} - {[%#span50] match result with + [ return' (result:Option'0.t_option isize)-> {[%#span47] inv'4 result} + {[%#span46] match result with | Option'0.C_Some v -> Map.get (shallow_model'1 self) (deep_model'0 key) = Option'0.C_Some v | Option'0.C_None -> Map.get (shallow_model'1 self) (deep_model'0 key) = Option'0.C_None end} (! return' {result}) ] - let rec new'0 (size:usize) (return' (ret:MyHashMap'0.t_myhashmap usize isize))= {[@expl:precondition] [%#span52] 0 + let rec new'0 (size:usize) (return' (ret:MyHashMap'0.t_myhashmap usize isize))= {[@expl:precondition] [%#span48] 0 < UIntSize.to_int size} any - [ return' (result:MyHashMap'0.t_myhashmap usize isize)-> {[%#span55] inv'1 result} - {[%#span54] forall i : int . inv'0 i -> Map.get (shallow_model'0 result) i = Option'0.C_None} - {[%#span53] hashmap_inv'0 result} + [ return' (result:MyHashMap'0.t_myhashmap usize isize)-> {[%#span51] inv'1 result} + {[%#span50] forall i : int . inv'0 i -> Map.get (shallow_model'0 result) i = Option'0.C_None} + {[%#span49] hashmap_inv'0 result} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/hillel.coma b/creusot/tests/should_succeed/hillel.coma index 14f8e1552d..99752ab4b6 100644 --- a/creusot/tests/should_succeed/hillel.coma +++ b/creusot/tests/should_succeed/hillel.coma @@ -3,22 +3,7 @@ module CreusotContracts_Snapshot_Snapshot_Type type t_snapshot 't end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module Core_Ptr_NonNull_NonNull_Type use prelude.prelude.Opaque @@ -150,85 +135,69 @@ module Hillel_RightPad let%span span12 = "" 0 0 0 0 - let%span span13 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span14 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span13 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span15 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span14 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span16 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span15 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span17 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span16 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span18 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span17 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span19 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span18 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span20 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span19 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span21 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span20 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span22 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span21 = "../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span23 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span22 = "../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span24 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span23 = "../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span25 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span24 = "../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span26 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span25 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span27 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span26 = "" 0 0 0 0 - let%span span28 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span27 = "" 0 0 0 0 - let%span span29 = "../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span28 = "../../../../creusot-contracts/src/std/vec.rs" 82 26 82 51 - let%span span30 = "../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span29 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span31 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span30 = "" 0 0 0 0 - let%span span32 = "../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span31 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 - let%span span33 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span32 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span34 = "" 0 0 0 0 + let%span span33 = "../../../../creusot-contracts/src/snapshot.rs" 27 20 27 48 - let%span span35 = "" 0 0 0 0 + let%span span34 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span36 = "../../../../creusot-contracts/src/std/vec.rs" 82 26 82 51 + let%span span35 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span37 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - - let%span span38 = "" 0 0 0 0 - - let%span span39 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 - - let%span span40 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - let%span span41 = "../../../../creusot-contracts/src/snapshot.rs" 27 20 27 48 + predicate invariant'4 (self : Seq'0.t_seq t) - let%span span42 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + predicate inv'4 (_x : Seq'0.t_seq t) - let%span span43 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + axiom inv'4 : forall x : Seq'0.t_seq t . inv'4 x = true use Alloc_Alloc_Global_Type as Global'0 use Alloc_Vec_Vec_Type as Vec'0 - predicate invariant'4 (self : Vec'0.t_vec t (Global'0.t_global)) + predicate invariant'3 (self : Vec'0.t_vec t (Global'0.t_global)) - predicate inv'4 (_x : Vec'0.t_vec t (Global'0.t_global)) + predicate inv'3 (_x : Vec'0.t_vec t (Global'0.t_global)) - axiom inv'4 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'4 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'3 (self : Seq'0.t_seq t) - - predicate inv'3 (_x : Seq'0.t_seq t) - - axiom inv'3 : forall x : Seq'0.t_seq t . inv'3 x = true + axiom inv'3 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'3 x = true use prelude.prelude.Borrow @@ -252,108 +221,93 @@ module Hillel_RightPad constant max'0 : usize = [%#span12] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span13] inv'3 self) -> ([%#span14] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span13] len'0 self >= 0 predicate inv'0 (_x : Vec'0.t_vec t (Global'0.t_global)) function shallow_model'2 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq t - axiom shallow_model'2_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span15] inv'0 self) - -> ([%#span17] inv'3 (shallow_model'2 self)) - && ([%#span16] len'0 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'2_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span14] inv'0 self) + -> ([%#span15] len'0 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'0 (self : Vec'0.t_vec t (Global'0.t_global)) = - [%#span18] inv'3 (shallow_model'2 self) + [%#span16] inv'4 (shallow_model'2 self) axiom inv'0 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'0 x = true - constant empty'0 : Seq'0.t_seq t = [%#span19] () + constant empty'0 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span21] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span20] len'0 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span17] len'0 (empty'0 : Seq'0.t_seq t) = 0 use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic predicate resolve'2 (self : borrowed (Vec'0.t_vec t (Global'0.t_global))) = - [%#span22] ^ self = * self + [%#span18] ^ self = * self predicate resolve'1 (self : t) - use seq.Seq - - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'1 (self : Seq'0.t_seq t) (_2 : int) : t function concat'0 (self : Seq'0.t_seq t) (other : Seq'0.t_seq t) : Seq'0.t_seq t - axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span23] inv'3 self) - -> ([%#span24] inv'3 other) - -> ([%#span27] inv'3 (concat'0 self other)) - && ([%#span26] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span20] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'0 self then index_logic'1 self i else index_logic'1 other (i - len'0 self))) - && ([%#span25] len'0 (concat'0 self other) = len'0 self + len'0 other) - - use seq.Seq + && ([%#span19] len'0 (concat'0 self other) = len'0 self + len'0 other) function singleton'0 (v : t) : Seq'0.t_seq t - axiom singleton'0_spec : forall v : t . ([%#span28] inv'1 v) - -> ([%#span31] inv'3 (singleton'0 v)) - && ([%#span30] index_logic'1 (singleton'0 v) 0 = v) && ([%#span29] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : t . ([%#span21] inv'1 v) + -> ([%#span23] index_logic'1 (singleton'0 v) 0 = v) && ([%#span22] len'0 (singleton'0 v) = 1) function push'1 [@inline:trivial] (self : Seq'0.t_seq t) (v : t) : Seq'0.t_seq t = - [%#span32] concat'0 self (singleton'0 v) + [%#span24] concat'0 self (singleton'0 v) function shallow_model'1 (self : borrowed (Vec'0.t_vec t (Global'0.t_global))) : Seq'0.t_seq t = - [%#span33] shallow_model'2 ( * self) + [%#span25] shallow_model'2 ( * self) - let rec push'0 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (value:t) (return' (ret:()))= {[@expl:precondition] [%#span35] inv'1 value} - {[@expl:precondition] [%#span34] inv'2 self} + let rec push'0 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (value:t) (return' (ret:()))= {[@expl:precondition] [%#span27] inv'1 value} + {[@expl:precondition] [%#span26] inv'2 self} any - [ return' (result:())-> {[%#span36] shallow_model'2 ( ^ self) = push'1 (shallow_model'1 self) value} + [ return' (result:())-> {[%#span28] shallow_model'2 ( ^ self) = push'1 (shallow_model'1 self) value} (! return' {result}) ] function shallow_model'4 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq t = - [%#span37] shallow_model'2 self + [%#span29] shallow_model'2 self - let rec len'1 (self:Vec'0.t_vec t (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span38] inv'4 self} + let rec len'1 (self:Vec'0.t_vec t (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span30] inv'3 self} any - [ return' (result:usize)-> {[%#span39] UIntSize.to_int result = len'0 (shallow_model'4 self)} (! return' {result}) ] + [ return' (result:usize)-> {[%#span31] UIntSize.to_int result = len'0 (shallow_model'4 self)} (! return' {result}) ] function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec t (Global'0.t_global)) (ix : int) : t = - [%#span40] index_logic'1 (shallow_model'2 self) ix + [%#span32] index_logic'1 (shallow_model'2 self) ix function shallow_model'3 (self : borrowed (Vec'0.t_vec t (Global'0.t_global))) : Seq'0.t_seq t = - [%#span37] shallow_model'1 self + [%#span29] shallow_model'1 self function deref'0 (self : Snapshot'0.t_snapshot (borrowed (Vec'0.t_vec t (Global'0.t_global)))) : borrowed (Vec'0.t_vec t (Global'0.t_global)) function shallow_model'0 (self : Snapshot'0.t_snapshot (borrowed (Vec'0.t_vec t (Global'0.t_global)))) : Seq'0.t_seq t = - [%#span41] shallow_model'3 (deref'0 self) + [%#span33] shallow_model'3 (deref'0 self) predicate resolve'0 (self : Snapshot'0.t_snapshot (borrowed (Vec'0.t_vec t (Global'0.t_global)))) function new'0 (x : borrowed (Vec'0.t_vec t (Global'0.t_global))) : Snapshot'0.t_snapshot (borrowed (Vec'0.t_vec t (Global'0.t_global))) - axiom new'0_spec : forall x : borrowed (Vec'0.t_vec t (Global'0.t_global)) . ([%#span42] inv'2 x) - -> ([%#span43] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : borrowed (Vec'0.t_vec t (Global'0.t_global)) . ([%#span34] inv'2 x) + -> ([%#span35] deref'0 (new'0 x) = x) let rec right_pad (str:borrowed (Vec'0.t_vec t (Global'0.t_global))) (len:usize) (pad:t) (return' (ret:()))= {[%#shillel5] inv'1 pad} {[%#shillel4] inv'2 str} @@ -461,71 +415,63 @@ module Hillel_LeftPad let%span span15 = "" 0 0 0 0 - let%span span16 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span16 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span17 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span17 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span18 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span18 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span19 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span19 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span20 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span20 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span21 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span21 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span22 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span22 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span23 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span23 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span24 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span24 = "" 0 0 0 0 - let%span span25 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span25 = "" 0 0 0 0 - let%span span26 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span26 = "../../../../creusot-contracts/src/std/vec.rs" 102 26 102 59 - let%span span27 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span27 = "../../../../creusot-contracts/src/std/vec.rs" 103 16 103 89 - let%span span28 = "" 0 0 0 0 + let%span span28 = "../../../../creusot-contracts/src/std/vec.rs" 104 26 104 52 - let%span span29 = "" 0 0 0 0 + let%span span29 = "../../../../creusot-contracts/src/std/vec.rs" 105 16 105 105 - let%span span30 = "../../../../creusot-contracts/src/std/vec.rs" 102 26 102 59 + let%span span30 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span31 = "../../../../creusot-contracts/src/std/vec.rs" 103 16 103 89 + let%span span31 = "" 0 0 0 0 - let%span span32 = "../../../../creusot-contracts/src/std/vec.rs" 104 26 104 52 + let%span span32 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 - let%span span33 = "../../../../creusot-contracts/src/std/vec.rs" 105 16 105 105 + let%span span33 = "../../../../creusot-contracts/src/snapshot.rs" 27 20 27 48 - let%span span34 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span34 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span35 = "" 0 0 0 0 + let%span span35 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span36 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - let%span span37 = "../../../../creusot-contracts/src/snapshot.rs" 27 20 27 48 + predicate invariant'5 (self : Seq'0.t_seq t) - let%span span38 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + predicate inv'5 (_x : Seq'0.t_seq t) - let%span span39 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + axiom inv'5 : forall x : Seq'0.t_seq t . inv'5 x = true use Alloc_Alloc_Global_Type as Global'0 use Alloc_Vec_Vec_Type as Vec'0 - predicate invariant'5 (self : Vec'0.t_vec t (Global'0.t_global)) - - predicate inv'5 (_x : Vec'0.t_vec t (Global'0.t_global)) - - axiom inv'5 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'5 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'4 (self : Seq'0.t_seq t) + predicate invariant'4 (self : Vec'0.t_vec t (Global'0.t_global)) - predicate inv'4 (_x : Seq'0.t_seq t) + predicate inv'4 (_x : Vec'0.t_vec t (Global'0.t_global)) - axiom inv'4 : forall x : Seq'0.t_seq t . inv'4 x = true + axiom inv'4 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'4 x = true use prelude.prelude.Int @@ -558,96 +504,88 @@ module Hillel_LeftPad constant max'0 : usize = [%#span15] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span16] inv'4 self) -> ([%#span17] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span16] len'0 self >= 0 predicate inv'0 (_x : Vec'0.t_vec t (Global'0.t_global)) function shallow_model'2 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq t - axiom shallow_model'2_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span18] inv'0 self) - -> ([%#span20] inv'4 (shallow_model'2 self)) - && ([%#span19] len'0 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'2_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span17] inv'0 self) + -> ([%#span18] len'0 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'0 (self : Vec'0.t_vec t (Global'0.t_global)) = - [%#span21] inv'4 (shallow_model'2 self) + [%#span19] inv'5 (shallow_model'2 self) axiom inv'0 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'0 x = true - constant empty'0 : Seq'0.t_seq t = [%#span22] () + constant empty'0 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span24] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span23] len'0 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span20] len'0 (empty'0 : Seq'0.t_seq t) = 0 use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic predicate resolve'2 (self : borrowed (Vec'0.t_vec t (Global'0.t_global))) = - [%#span25] ^ self = * self + [%#span21] ^ self = * self predicate resolve'1 (self : t) - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'1 (self : Seq'0.t_seq t) (_2 : int) : t function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec t (Global'0.t_global)) (ix : int) : t = - [%#span26] index_logic'1 (shallow_model'2 self) ix + [%#span22] index_logic'1 (shallow_model'2 self) ix function shallow_model'1 (self : borrowed (Vec'0.t_vec t (Global'0.t_global))) : Seq'0.t_seq t = - [%#span27] shallow_model'2 ( * self) + [%#span23] shallow_model'2 ( * self) - let rec insert'0 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (index:usize) (element:t) (return' (ret:()))= {[@expl:precondition] [%#span29] inv'1 element} - {[@expl:precondition] [%#span28] inv'2 self} + let rec insert'0 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (index:usize) (element:t) (return' (ret:()))= {[@expl:precondition] [%#span25] inv'1 element} + {[@expl:precondition] [%#span24] inv'2 self} any - [ return' (result:())-> {[%#span33] forall i : int . UIntSize.to_int index < i + [ return' (result:())-> {[%#span29] forall i : int . UIntSize.to_int index < i /\ i < len'0 (shallow_model'2 ( ^ self)) -> index_logic'0 ( ^ self) i = index_logic'0 ( * self) (i - 1)} - {[%#span32] index_logic'0 ( ^ self) (UIntSize.to_int index) = element} - {[%#span31] forall i : int . 0 <= i /\ i < UIntSize.to_int index + {[%#span28] index_logic'0 ( ^ self) (UIntSize.to_int index) = element} + {[%#span27] forall i : int . 0 <= i /\ i < UIntSize.to_int index -> index_logic'0 ( ^ self) i = index_logic'0 ( * self) i} - {[%#span30] len'0 (shallow_model'2 ( ^ self)) = len'0 (shallow_model'1 self) + 1} + {[%#span26] len'0 (shallow_model'2 ( ^ self)) = len'0 (shallow_model'1 self) + 1} (! return' {result}) ] function shallow_model'4 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq t = - [%#span34] shallow_model'2 self + [%#span30] shallow_model'2 self - let rec len'1 (self:Vec'0.t_vec t (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span35] inv'5 self} + let rec len'1 (self:Vec'0.t_vec t (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span31] inv'4 self} any - [ return' (result:usize)-> {[%#span36] UIntSize.to_int result = len'0 (shallow_model'4 self)} (! return' {result}) ] + [ return' (result:usize)-> {[%#span32] UIntSize.to_int result = len'0 (shallow_model'4 self)} (! return' {result}) ] function deref'1 (self : Snapshot'0.t_snapshot int) : int function shallow_model'3 (self : borrowed (Vec'0.t_vec t (Global'0.t_global))) : Seq'0.t_seq t = - [%#span34] shallow_model'1 self + [%#span30] shallow_model'1 self function deref'0 (self : Snapshot'0.t_snapshot (borrowed (Vec'0.t_vec t (Global'0.t_global)))) : borrowed (Vec'0.t_vec t (Global'0.t_global)) function shallow_model'0 (self : Snapshot'0.t_snapshot (borrowed (Vec'0.t_vec t (Global'0.t_global)))) : Seq'0.t_seq t = - [%#span37] shallow_model'3 (deref'0 self) + [%#span33] shallow_model'3 (deref'0 self) function new'1 (x : int) : Snapshot'0.t_snapshot int - axiom new'1_spec : forall x : int . ([%#span38] inv'3 x) -> ([%#span39] deref'1 (new'1 x) = x) + axiom new'1_spec : forall x : int . ([%#span34] inv'3 x) -> ([%#span35] deref'1 (new'1 x) = x) predicate resolve'0 (self : Snapshot'0.t_snapshot (borrowed (Vec'0.t_vec t (Global'0.t_global)))) function new'0 (x : borrowed (Vec'0.t_vec t (Global'0.t_global))) : Snapshot'0.t_snapshot (borrowed (Vec'0.t_vec t (Global'0.t_global))) - axiom new'0_spec : forall x : borrowed (Vec'0.t_vec t (Global'0.t_global)) . ([%#span38] inv'2 x) - -> ([%#span39] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : borrowed (Vec'0.t_vec t (Global'0.t_global)) . ([%#span34] inv'2 x) + -> ([%#span35] deref'0 (new'0 x) = x) let rec left_pad (str:borrowed (Vec'0.t_vec t (Global'0.t_global))) (len:usize) (pad:t) (return' (ret:()))= {[%#shillel9] inv'1 pad} {[%#shillel8] inv'2 str} @@ -728,109 +666,73 @@ end module Hillel_SubsetPush_Impl type t - let%span shillel0 = "../hillel.rs" 74 18 74 19 - - let%span shillel1 = "../hillel.rs" 74 29 74 33 + let%span shillel0 = "../hillel.rs" 74 29 74 33 - let%span shillel2 = "../hillel.rs" 73 10 73 36 + let%span shillel1 = "../hillel.rs" 73 10 73 36 - let%span span3 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span2 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span4 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span3 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span5 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span4 = "../hillel.rs" 60 4 62 5 - let%span span6 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span5 = "../hillel.rs" 67 4 69 5 - let%span span7 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span6 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span8 = "../hillel.rs" 60 4 62 5 + let%span span7 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span9 = "../hillel.rs" 67 4 69 5 + let%span span8 = "../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span10 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span9 = "../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span11 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span10 = "../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span12 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span13 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span14 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span15 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 - - let%span span16 = "../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 - - let%span span17 = "../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 - - let%span span18 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 - - let%span span19 = "../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span11 = "../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'0 (_x : Seq'0.t_seq t) - function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span3] inv'0 self) -> ([%#span4] len'0 self >= 0) - - constant empty'0 : Seq'0.t_seq t = [%#span5] () - - function empty_len'0 (_1 : ()) : () = - [%#span7] () + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span2] len'0 self >= 0 - axiom empty_len'0_spec : forall _1 : () . [%#span6] len'0 (empty'0 : Seq'0.t_seq t) = 0 + constant empty'0 : Seq'0.t_seq t - predicate invariant'1 (self : t) - - predicate inv'1 (_x : t) + function empty_len'0 (_1 : ()) : () - axiom inv'1 : forall x : t . inv'1 x = true + axiom empty_len'0_spec : forall _1 : () . [%#span3] len'0 (empty'0 : Seq'0.t_seq t) = 0 - predicate invariant'0 (self : Seq'0.t_seq t) + predicate invariant'0 (self : t) - axiom inv'0 : forall x : Seq'0.t_seq t . inv'0 x = true + predicate inv'0 (_x : t) - use seq.Seq + axiom inv'0 : forall x : t . inv'0 x = true - function index_logic'0 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'0 (self : Seq'0.t_seq t) (_2 : int) : t predicate contains'0 [#"../hillel.rs" 59 0 59 44] (seq : Seq'0.t_seq t) (elem : t) = - [%#span8] exists i : int . 0 <= i /\ i < len'0 seq /\ index_logic'0 seq i = elem + [%#span4] exists i : int . 0 <= i /\ i < len'0 seq /\ index_logic'0 seq i = elem predicate is_subset'0 [#"../hillel.rs" 66 0 66 49] (sub : Seq'0.t_seq t) (sup : Seq'0.t_seq t) = - [%#span9] forall i : int . 0 <= i /\ i < len'0 sub -> contains'0 sup (index_logic'0 sub i) - - use seq.Seq + [%#span5] forall i : int . 0 <= i /\ i < len'0 sub -> contains'0 sup (index_logic'0 sub i) function concat'0 (self : Seq'0.t_seq t) (other : Seq'0.t_seq t) : Seq'0.t_seq t - axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span10] inv'0 self) - -> ([%#span11] inv'0 other) - -> ([%#span14] inv'0 (concat'0 self other)) - && ([%#span13] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span7] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span12] len'0 (concat'0 self other) = len'0 self + len'0 other) - - use seq.Seq + && ([%#span6] len'0 (concat'0 self other) = len'0 self + len'0 other) function singleton'0 (v : t) : Seq'0.t_seq t - axiom singleton'0_spec : forall v : t . ([%#span15] inv'1 v) - -> ([%#span18] inv'0 (singleton'0 v)) - && ([%#span17] index_logic'0 (singleton'0 v) 0 = v) && ([%#span16] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : t . ([%#span8] inv'0 v) + -> ([%#span10] index_logic'0 (singleton'0 v) 0 = v) && ([%#span9] len'0 (singleton'0 v) = 1) function push'0 [@inline:trivial] (self : Seq'0.t_seq t) (v : t) : Seq'0.t_seq t = - [%#span19] concat'0 self (singleton'0 v) + [%#span11] concat'0 self (singleton'0 v) constant s : Seq'0.t_seq t @@ -838,8 +740,7 @@ module Hillel_SubsetPush_Impl function subset_push [#"../hillel.rs" 74 0 74 37] (s : Seq'0.t_seq t) (elem : t) : () - goal vc_subset_push : ([%#shillel1] inv'1 elem) - -> ([%#shillel0] inv'0 s) -> ([%#shillel2] is_subset'0 s (push'0 s elem)) + goal vc_subset_push : ([%#shillel0] inv'0 elem) -> ([%#shillel1] is_subset'0 s (push'0 s elem)) end module Core_Slice_Iter_Iter_Type use prelude.prelude.Borrow @@ -920,165 +821,129 @@ module Hillel_InsertUnique let%span shillel17 = "../hillel.rs" 80 10 80 58 - let%span span18 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span18 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span19 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span19 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span20 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span20 = "" 0 0 0 0 - let%span span21 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span21 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span22 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span22 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span23 = "" 0 0 0 0 + let%span span23 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span24 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span24 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span25 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span25 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span26 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span26 = "../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span27 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span27 = "../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span28 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span28 = "../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 - let%span span29 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span29 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span30 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span30 = "../../../../creusot-contracts/src/std/slice.rs" 76 19 76 23 - let%span span31 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span31 = "../../../../creusot-contracts/src/std/slice.rs" 74 14 74 41 - let%span span32 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span32 = "../../../../creusot-contracts/src/std/slice.rs" 75 4 75 82 - let%span span33 = "../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 + let%span span33 = "../../../../creusot-contracts/src/std/slice.rs" 384 12 384 66 - let%span span34 = "../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span34 = "../../../../creusot-contracts/src/std/slice.rs" 395 15 395 32 - let%span span35 = "../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span35 = "../../../../creusot-contracts/src/std/slice.rs" 396 15 396 32 - let%span span36 = "../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 + let%span span36 = "../../../../creusot-contracts/src/std/slice.rs" 397 14 397 42 - let%span span37 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span37 = "../../../../creusot-contracts/src/std/slice.rs" 393 4 393 10 - let%span span38 = "../../../../creusot-contracts/src/std/slice.rs" 76 19 76 23 + let%span span38 = "../../../../creusot-contracts/src/std/slice.rs" 390 14 390 45 - let%span span39 = "../../../../creusot-contracts/src/std/slice.rs" 74 14 74 41 + let%span span39 = "../../../../creusot-contracts/src/std/slice.rs" 388 4 388 10 - let%span span40 = "../../../../creusot-contracts/src/std/slice.rs" 75 4 75 82 + let%span span40 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span41 = "../../../../creusot-contracts/src/std/slice.rs" 76 4 76 35 + let%span span41 = "../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22 - let%span span42 = "../../../../creusot-contracts/src/std/slice.rs" 384 12 384 66 + let%span span42 = "../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56 - let%span span43 = "../../../../creusot-contracts/src/std/slice.rs" 395 15 395 32 + let%span span43 = "../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53 - let%span span44 = "../../../../creusot-contracts/src/std/slice.rs" 396 15 396 32 + let%span span44 = "../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span45 = "../../../../creusot-contracts/src/std/slice.rs" 398 31 398 33 + let%span span45 = "../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span46 = "../../../../creusot-contracts/src/std/slice.rs" 398 61 398 63 + let%span span46 = "../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span47 = "../../../../creusot-contracts/src/std/slice.rs" 397 14 397 42 + let%span span47 = "../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span48 = "../../../../creusot-contracts/src/std/slice.rs" 393 4 393 10 + let%span span48 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span49 = "../../../../creusot-contracts/src/std/slice.rs" 390 14 390 45 + let%span span49 = "" 0 0 0 0 - let%span span50 = "../../../../creusot-contracts/src/std/slice.rs" 388 4 388 10 + let%span span50 = "" 0 0 0 0 - let%span span51 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span51 = "../../../../creusot-contracts/src/std/vec.rs" 82 26 82 51 - let%span span52 = "../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22 + let%span span52 = "../hillel.rs" 53 4 55 5 - let%span span53 = "../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56 + let%span span53 = "../hillel.rs" 60 4 62 5 - let%span span54 = "../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53 + let%span span54 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span55 = "../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44 + let%span span55 = "../../../../creusot-contracts/src/model.rs" 81 8 81 28 - let%span span56 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span56 = "" 0 0 0 0 - let%span span57 = "../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span57 = "" 0 0 0 0 - let%span span58 = "../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span58 = "../../../../creusot-contracts/src/std/cmp.rs" 11 26 11 75 - let%span span59 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span59 = "../../../../creusot-contracts/src/std/slice.rs" 377 20 377 61 - let%span span60 = "../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span60 = "../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - let%span span61 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span61 = "" 0 0 0 0 - let%span span62 = "" 0 0 0 0 + let%span span62 = "../../../../creusot-contracts/src/logic/ops.rs" 87 8 87 33 - let%span span63 = "" 0 0 0 0 + let%span span63 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span64 = "../../../../creusot-contracts/src/std/vec.rs" 82 26 82 51 + let%span span64 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span65 = "../hillel.rs" 53 4 55 5 + let%span span65 = "../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - let%span span66 = "../hillel.rs" 60 4 62 5 + let%span span66 = "../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - let%span span67 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span67 = "../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - let%span span68 = "../../../../creusot-contracts/src/model.rs" 81 8 81 28 + let%span span68 = "" 0 0 0 0 let%span span69 = "" 0 0 0 0 let%span span70 = "" 0 0 0 0 - let%span span71 = "../../../../creusot-contracts/src/std/cmp.rs" 11 26 11 75 + let%span span71 = "../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 - let%span span72 = "../../../../creusot-contracts/src/std/slice.rs" 377 20 377 61 + let%span span72 = "" 0 0 0 0 - let%span span73 = "../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 + let%span span73 = "../../../../creusot-contracts/src/std/vec.rs" 163 26 163 42 let%span span74 = "" 0 0 0 0 - let%span span75 = "../../../../creusot-contracts/src/logic/ops.rs" 87 8 87 33 - - let%span span76 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - - let%span span77 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - - let%span span78 = "../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - - let%span span79 = "../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - - let%span span80 = "../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - - let%span span81 = "" 0 0 0 0 - - let%span span82 = "" 0 0 0 0 - - let%span span83 = "" 0 0 0 0 - - let%span span84 = "../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 - - let%span span85 = "" 0 0 0 0 - - let%span span86 = "../../../../creusot-contracts/src/std/vec.rs" 163 26 163 42 - - let%span span87 = "" 0 0 0 0 - - let%span span88 = "../hillel.rs" 67 4 69 5 - - let%span span89 = "../../../../creusot-contracts/src/model.rs" 99 8 99 28 - - let%span span90 = "../hillel.rs" 74 18 74 19 + let%span span75 = "../hillel.rs" 67 4 69 5 - let%span span91 = "../hillel.rs" 74 29 74 33 + let%span span76 = "../../../../creusot-contracts/src/model.rs" 99 8 99 28 - let%span span92 = "../hillel.rs" 73 10 73 36 + let%span span77 = "../hillel.rs" 74 29 74 33 - let%span span93 = "../hillel.rs" 72 0 72 8 + let%span span78 = "../hillel.rs" 73 10 73 36 - use prelude.prelude.Slice - - predicate invariant'14 (self : slice t) - - predicate inv'14 (_x : slice t) - - axiom inv'14 : forall x : slice t . inv'14 x = true + let%span span79 = "../hillel.rs" 72 0 72 8 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 @@ -1088,81 +953,77 @@ module Hillel_InsertUnique axiom inv'13 : forall x : Seq'0.t_seq t . inv'13 x = true - use prelude.prelude.Int + use prelude.prelude.Slice + + predicate invariant'12 (self : slice t) - use seq.Seq + predicate inv'12 (_x : slice t) - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + axiom inv'12 : forall x : slice t . inv'12 x = true + + use prelude.prelude.Int function len'2 (self : Seq'0.t_seq t) : int - axiom len'2_spec : forall self : Seq'0.t_seq t . ([%#span18] inv'13 self) -> ([%#span19] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq t . [%#span18] len'2 self >= 0 - constant empty'2 : Seq'0.t_seq t = [%#span20] () + constant empty'2 : Seq'0.t_seq t - function empty_len'2 (_1 : ()) : () = - [%#span22] () + function empty_len'2 (_1 : ()) : () - axiom empty_len'2_spec : forall _1 : () . [%#span21] len'2 (empty'2 : Seq'0.t_seq t) = 0 + axiom empty_len'2_spec : forall _1 : () . [%#span19] len'2 (empty'2 : Seq'0.t_seq t) = 0 - predicate invariant'12 (self : t) + predicate invariant'11 (self : t) - predicate inv'12 (_x : t) + predicate inv'11 (_x : t) - axiom inv'12 : forall x : t . inv'12 x = true + axiom inv'11 : forall x : t . inv'11 x = true - predicate invariant'11 (self : Seq'0.t_seq t) + predicate invariant'10 (self : Seq'0.t_seq t) - predicate inv'11 (_x : Seq'0.t_seq t) + predicate inv'10 (_x : Seq'0.t_seq t) - axiom inv'11 : forall x : Seq'0.t_seq t . inv'11 x = true + axiom inv'10 : forall x : Seq'0.t_seq t . inv'10 x = true use Alloc_Alloc_Global_Type as Global'0 use Alloc_Vec_Vec_Type as Vec'0 - predicate invariant'10 (self : Vec'0.t_vec t (Global'0.t_global)) + predicate invariant'9 (self : Vec'0.t_vec t (Global'0.t_global)) - predicate inv'10 (_x : Vec'0.t_vec t (Global'0.t_global)) + predicate inv'9 (_x : Vec'0.t_vec t (Global'0.t_global)) - axiom inv'10 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'10 x = true + axiom inv'9 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'9 x = true type deep_model_ty'0 - predicate invariant'9 (self : ()) + predicate invariant'8 (self : ()) - predicate inv'9 (_x : ()) + predicate inv'8 (_x : ()) - axiom inv'9 : forall x : () . inv'9 x = true + axiom inv'8 : forall x : () . inv'8 x = true - predicate invariant'8 (self : deep_model_ty'0) + predicate invariant'7 (self : deep_model_ty'0) - predicate inv'8 (_x : deep_model_ty'0) + predicate inv'7 (_x : deep_model_ty'0) - axiom inv'8 : forall x : deep_model_ty'0 . inv'8 x = true - - predicate invariant'7 (self : Seq'0.t_seq deep_model_ty'0) - - predicate inv'7 (_x : Seq'0.t_seq deep_model_ty'0) - - axiom inv'7 : forall x : Seq'0.t_seq deep_model_ty'0 . inv'7 x = true + axiom inv'7 : forall x : deep_model_ty'0 . inv'7 x = true use prelude.prelude.UIntSize use prelude.prelude.UIntSize - constant max'0 : usize = [%#span23] (18446744073709551615 : usize) + constant max'0 : usize = [%#span20] (18446744073709551615 : usize) predicate inv'6 (_x : Vec'0.t_vec t (Global'0.t_global)) function shallow_model'3 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq t - axiom shallow_model'3_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span24] inv'6 self) - -> ([%#span26] inv'13 (shallow_model'3 self)) - && ([%#span25] len'2 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'3_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span21] inv'6 self) + -> ([%#span22] len'2 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'6 (self : Vec'0.t_vec t (Global'0.t_global)) = - [%#span27] inv'13 (shallow_model'3 self) + [%#span23] inv'13 (shallow_model'3 self) axiom inv'6 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'6 x = true @@ -1196,74 +1057,61 @@ module Hillel_InsertUnique use Core_Slice_Iter_Iter_Type as Iter'0 - use seq.Seq - - use seq.Seq - - function index_logic'3 (self : Seq'0.t_seq t) (x : int) : t - - use seq.Seq + function index_logic'3 (self : Seq'0.t_seq t) (_2 : int) : t function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span18] inv'11 self) -> ([%#span19] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span18] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq t) (other : Seq'0.t_seq t) : Seq'0.t_seq t - axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span28] inv'11 self) - -> ([%#span29] inv'11 other) - -> ([%#span32] inv'11 (concat'0 self other)) - && ([%#span31] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span25] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'3 (concat'0 self other) i = (if i < len'0 self then index_logic'3 self i else index_logic'3 other (i - len'0 self))) - && ([%#span30] len'0 (concat'0 self other) = len'0 self + len'0 other) - - use seq.Seq + && ([%#span24] len'0 (concat'0 self other) = len'0 self + len'0 other) - function index_logic'4 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'4 (self : Seq'0.t_seq t) (_2 : int) : t function shallow_model'5 (self : slice t) : Seq'0.t_seq t - axiom shallow_model'5_spec : forall self : slice t . ([%#span33] inv'14 self) - -> ([%#span35] inv'13 (shallow_model'5 self)) - && ([%#span34] len'2 (shallow_model'5 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'5_spec : forall self : slice t . ([%#span26] inv'12 self) + -> ([%#span27] len'2 (shallow_model'5 self) <= UIntSize.to_int (max'0 : usize)) function index_logic'5 [@inline:trivial] (self : slice t) (ix : int) : t = - [%#span36] index_logic'4 (shallow_model'5 self) ix + [%#span28] index_logic'4 (shallow_model'5 self) ix function shallow_model'0 (self : slice t) : Seq'0.t_seq t = - [%#span37] shallow_model'5 self + [%#span29] shallow_model'5 self predicate inv'0 (_x : slice t) function to_ref_seq'0 (self : slice t) : Seq'0.t_seq t - axiom to_ref_seq'0_spec : forall self : slice t . ([%#span38] inv'0 self) - -> ([%#span41] inv'11 (to_ref_seq'0 self)) - && ([%#span40] forall i : int . 0 <= i /\ i < len'0 (to_ref_seq'0 self) + axiom to_ref_seq'0_spec : forall self : slice t . ([%#span30] inv'0 self) + -> ([%#span32] forall i : int . 0 <= i /\ i < len'0 (to_ref_seq'0 self) -> index_logic'3 (to_ref_seq'0 self) i = index_logic'5 self i) - && ([%#span39] len'0 (to_ref_seq'0 self) = len'2 (shallow_model'0 self)) + && ([%#span31] len'0 (to_ref_seq'0 self) = len'2 (shallow_model'0 self)) function shallow_model'2 (self : Iter'0.t_iter t) : slice t predicate produces'0 (self : Iter'0.t_iter t) (visited : Seq'0.t_seq t) (tl : Iter'0.t_iter t) = - [%#span42] to_ref_seq'0 (shallow_model'2 self) = concat'0 visited (to_ref_seq'0 (shallow_model'2 tl)) + [%#span33] to_ref_seq'0 (shallow_model'2 self) = concat'0 visited (to_ref_seq'0 (shallow_model'2 tl)) function produces_trans'0 (a : Iter'0.t_iter t) (ab : Seq'0.t_seq t) (b : Iter'0.t_iter t) (bc : Seq'0.t_seq t) (c : Iter'0.t_iter t) : () = - [%#span48] () + [%#span37] () - axiom produces_trans'0_spec : forall a : Iter'0.t_iter t, ab : Seq'0.t_seq t, b : Iter'0.t_iter t, bc : Seq'0.t_seq t, c : Iter'0.t_iter t . ([%#span43] produces'0 a ab b) - -> ([%#span44] produces'0 b bc c) - -> ([%#span45] inv'11 ab) -> ([%#span46] inv'11 bc) -> ([%#span47] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : Iter'0.t_iter t, ab : Seq'0.t_seq t, b : Iter'0.t_iter t, bc : Seq'0.t_seq t, c : Iter'0.t_iter t . ([%#span34] produces'0 a ab b) + -> ([%#span35] produces'0 b bc c) -> ([%#span36] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq t = [%#span20] () + constant empty'0 : Seq'0.t_seq t function produces_refl'0 (self : Iter'0.t_iter t) : () = - [%#span50] () + [%#span39] () - axiom produces_refl'0_spec : forall self : Iter'0.t_iter t . [%#span49] produces'0 self (empty'0 : Seq'0.t_seq t) self + axiom produces_refl'0_spec : forall self : Iter'0.t_iter t . [%#span38] produces'0 self (empty'0 : Seq'0.t_seq t) self predicate invariant'1 (self : Iter'0.t_iter t) @@ -1271,134 +1119,116 @@ module Hillel_InsertUnique axiom inv'1 : forall x : Iter'0.t_iter t . inv'1 x = true - function empty_len'1 (_1 : ()) : () = - [%#span22] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span21] len'0 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span19] len'0 (empty'0 : Seq'0.t_seq t) = 0 predicate invariant'0 (self : slice t) axiom inv'0 : forall x : slice t . inv'0 x = true - use seq.Seq - function len'1 (self : Seq'0.t_seq deep_model_ty'0) : int - axiom len'1_spec : forall self : Seq'0.t_seq deep_model_ty'0 . ([%#span18] inv'7 self) - -> ([%#span19] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq deep_model_ty'0 . [%#span18] len'1 self >= 0 - constant empty'1 : Seq'0.t_seq deep_model_ty'0 = [%#span20] () + constant empty'1 : Seq'0.t_seq deep_model_ty'0 - function empty_len'0 (_1 : ()) : () = - [%#span22] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span21] len'1 (empty'1 : Seq'0.t_seq deep_model_ty'0) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span19] len'1 (empty'1 : Seq'0.t_seq deep_model_ty'0) = 0 function deep_model'1 (self : t) : deep_model_ty'0 function index_logic'1 [@inline:trivial] (self : Vec'0.t_vec t (Global'0.t_global)) (ix : int) : t = - [%#span51] index_logic'4 (shallow_model'3 self) ix - - use seq.Seq + [%#span40] index_logic'4 (shallow_model'3 self) ix - function index_logic'2 (self : Seq'0.t_seq deep_model_ty'0) (x : int) : deep_model_ty'0 + function index_logic'2 (self : Seq'0.t_seq deep_model_ty'0) (_2 : int) : deep_model_ty'0 function deep_model'3 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq deep_model_ty'0 - axiom deep_model'3_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span52] inv'6 self) - -> ([%#span55] inv'7 (deep_model'3 self)) - && ([%#span54] forall i : int . 0 <= i /\ i < len'2 (shallow_model'3 self) + axiom deep_model'3_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span41] inv'6 self) + -> ([%#span43] forall i : int . 0 <= i /\ i < len'2 (shallow_model'3 self) -> index_logic'2 (deep_model'3 self) i = deep_model'1 (index_logic'1 self i)) - && ([%#span53] len'2 (shallow_model'3 self) = len'1 (deep_model'3 self)) + && ([%#span42] len'2 (shallow_model'3 self) = len'1 (deep_model'3 self)) use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic - use seq.Seq - function concat'2 (self : Seq'0.t_seq t) (other : Seq'0.t_seq t) : Seq'0.t_seq t - axiom concat'2_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span28] inv'13 self) - -> ([%#span29] inv'13 other) - -> ([%#span32] inv'13 (concat'2 self other)) - && ([%#span31] forall i : int . 0 <= i /\ i < len'2 (concat'2 self other) + axiom concat'2_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span25] forall i : int . 0 <= i + /\ i < len'2 (concat'2 self other) -> index_logic'4 (concat'2 self other) i = (if i < len'2 self then index_logic'4 self i else index_logic'4 other (i - len'2 self))) - && ([%#span30] len'2 (concat'2 self other) = len'2 self + len'2 other) - - use seq.Seq + && ([%#span24] len'2 (concat'2 self other) = len'2 self + len'2 other) function singleton'2 (v : t) : Seq'0.t_seq t - axiom singleton'2_spec : forall v : t . ([%#span56] inv'4 v) - -> ([%#span59] inv'13 (singleton'2 v)) - && ([%#span58] index_logic'4 (singleton'2 v) 0 = v) && ([%#span57] len'2 (singleton'2 v) = 1) + axiom singleton'2_spec : forall v : t . ([%#span44] inv'4 v) + -> ([%#span46] index_logic'4 (singleton'2 v) 0 = v) && ([%#span45] len'2 (singleton'2 v) = 1) function push'2 [@inline:trivial] (self : Seq'0.t_seq t) (v : t) : Seq'0.t_seq t = - [%#span60] concat'2 self (singleton'2 v) + [%#span47] concat'2 self (singleton'2 v) function shallow_model'4 (self : borrowed (Vec'0.t_vec t (Global'0.t_global))) : Seq'0.t_seq t = - [%#span61] shallow_model'3 ( * self) + [%#span48] shallow_model'3 ( * self) - let rec push'1 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (value:t) (return' (ret:()))= {[@expl:precondition] [%#span63] inv'4 value} - {[@expl:precondition] [%#span62] inv'5 self} + let rec push'1 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (value:t) (return' (ret:()))= {[@expl:precondition] [%#span50] inv'4 value} + {[@expl:precondition] [%#span49] inv'5 self} any - [ return' (result:())-> {[%#span64] shallow_model'3 ( ^ self) = push'2 (shallow_model'4 self) value} + [ return' (result:())-> {[%#span51] shallow_model'3 ( ^ self) = push'2 (shallow_model'4 self) value} (! return' {result}) ] predicate is_unique'0 [#"../hillel.rs" 52 0 52 34] (s : Seq'0.t_seq deep_model_ty'0) = - [%#span65] forall j : int . forall i : int . 0 <= i /\ i < len'1 s /\ 0 <= j /\ j < len'1 s + [%#span52] forall j : int . forall i : int . 0 <= i /\ i < len'1 s /\ 0 <= j /\ j < len'1 s -> index_logic'2 s i = index_logic'2 s j -> i = j predicate contains'0 [#"../hillel.rs" 59 0 59 44] (seq : Seq'0.t_seq deep_model_ty'0) (elem : deep_model_ty'0) = - [%#span66] exists i : int . 0 <= i /\ i < len'1 seq /\ index_logic'2 seq i = elem + [%#span53] exists i : int . 0 <= i /\ i < len'1 seq /\ index_logic'2 seq i = elem predicate resolve'10 (self : borrowed (Vec'0.t_vec t (Global'0.t_global))) = - [%#span67] ^ self = * self + [%#span54] ^ self = * self predicate resolve'9 (self : t) predicate resolve'8 (self : Iter'0.t_iter t) function deep_model'2 (self : t) : deep_model_ty'0 = - [%#span68] deep_model'1 self + [%#span55] deep_model'1 self function deep_model'4 (self : t) : deep_model_ty'0 = - [%#span68] deep_model'2 self + [%#span55] deep_model'2 self - let rec eq'0 (self:t) (other:t) (return' (ret:bool))= {[@expl:precondition] [%#span70] inv'12 other} - {[@expl:precondition] [%#span69] inv'12 self} - any [ return' (result:bool)-> {[%#span71] result = (deep_model'4 self = deep_model'4 other)} (! return' {result}) ] + let rec eq'0 (self:t) (other:t) (return' (ret:bool))= {[@expl:precondition] [%#span57] inv'11 other} + {[@expl:precondition] [%#span56] inv'11 self} + any [ return' (result:bool)-> {[%#span58] result = (deep_model'4 self = deep_model'4 other)} (! return' {result}) ] function deref'2 (self : Snapshot'0.t_snapshot (borrowed (Vec'0.t_vec t (Global'0.t_global)))) : borrowed (Vec'0.t_vec t (Global'0.t_global)) predicate resolve'7 (self : t) - use seq.Seq - function singleton'0 (v : t) : Seq'0.t_seq t - axiom singleton'0_spec : forall v : t . ([%#span56] inv'3 v) - -> ([%#span59] inv'11 (singleton'0 v)) - && ([%#span58] index_logic'3 (singleton'0 v) 0 = v) && ([%#span57] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : t . ([%#span44] inv'3 v) + -> ([%#span46] index_logic'3 (singleton'0 v) 0 = v) && ([%#span45] len'0 (singleton'0 v) = 1) predicate resolve'6 (self : Option'0.t_option t) predicate resolve'5 (self : borrowed (Iter'0.t_iter t)) = - [%#span67] ^ self = * self + [%#span54] ^ self = * self function shallow_model'6 (self : borrowed (Iter'0.t_iter t)) : slice t = - [%#span61] shallow_model'2 ( * self) + [%#span48] shallow_model'2 ( * self) predicate completed'0 (self : borrowed (Iter'0.t_iter t)) = - [%#span72] resolve'5 self /\ shallow_model'5 (shallow_model'6 self) = (empty'2 : Seq'0.t_seq t) + [%#span59] resolve'5 self /\ shallow_model'5 (shallow_model'6 self) = (empty'2 : Seq'0.t_seq t) let rec next'0 (self:borrowed (Iter'0.t_iter t)) (return' (ret:Option'0.t_option t))= any - [ return' (result:Option'0.t_option t)-> {[%#span74] inv'2 result} - {[%#span73] match result with + [ return' (result:Option'0.t_option t)-> {[%#span61] inv'2 result} + {[%#span60] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} @@ -1408,7 +1238,7 @@ module Hillel_InsertUnique function deref'1 (self : Snapshot'0.t_snapshot (Seq'0.t_seq t)) : Seq'0.t_seq t function index_logic'0 [@inline:trivial] (self : Snapshot'0.t_snapshot (Seq'0.t_seq t)) (ix : int) : t = - [%#span75] index_logic'3 (deref'1 self) ix + [%#span62] index_logic'3 (deref'1 self) ix function inner'1 (self : Snapshot'0.t_snapshot (Seq'0.t_seq t)) : Seq'0.t_seq t @@ -1420,40 +1250,40 @@ module Hillel_InsertUnique function new'3 (x : Seq'0.t_seq t) : Snapshot'0.t_snapshot (Seq'0.t_seq t) - axiom new'3_spec : forall x : Seq'0.t_seq t . ([%#span76] inv'11 x) -> ([%#span77] deref'1 (new'3 x) = x) + axiom new'3_spec : forall x : Seq'0.t_seq t . ([%#span63] inv'10 x) -> ([%#span64] deref'1 (new'3 x) = x) predicate resolve'3 (self : Snapshot'0.t_snapshot (Iter'0.t_iter t)) function new'2 (x : Iter'0.t_iter t) : Snapshot'0.t_snapshot (Iter'0.t_iter t) - axiom new'2_spec : forall x : Iter'0.t_iter t . ([%#span76] inv'1 x) -> ([%#span77] deref'4 (new'2 x) = x) + axiom new'2_spec : forall x : Iter'0.t_iter t . ([%#span63] inv'1 x) -> ([%#span64] deref'4 (new'2 x) = x) predicate into_iter_post'0 (self : Iter'0.t_iter t) (res : Iter'0.t_iter t) = - [%#span78] self = res + [%#span65] self = res predicate into_iter_pre'0 (self : Iter'0.t_iter t) = - [%#span79] true + [%#span66] true - let rec into_iter'0 (self:Iter'0.t_iter t) (return' (ret:Iter'0.t_iter t))= {[@expl:precondition] [%#span81] inv'1 self} - {[@expl:precondition] [%#span80] into_iter_pre'0 self} + let rec into_iter'0 (self:Iter'0.t_iter t) (return' (ret:Iter'0.t_iter t))= {[@expl:precondition] [%#span68] inv'1 self} + {[@expl:precondition] [%#span67] into_iter_pre'0 self} any - [ return' (result:Iter'0.t_iter t)-> {[%#span82] inv'1 result} - {[%#span80] into_iter_post'0 self result} + [ return' (result:Iter'0.t_iter t)-> {[%#span69] inv'1 result} + {[%#span67] into_iter_post'0 self result} (! return' {result}) ] - let rec iter'0 (self:slice t) (return' (ret:Iter'0.t_iter t))= {[@expl:precondition] [%#span83] inv'0 self} - any [ return' (result:Iter'0.t_iter t)-> {[%#span84] shallow_model'2 result = self} (! return' {result}) ] + let rec iter'0 (self:slice t) (return' (ret:Iter'0.t_iter t))= {[@expl:precondition] [%#span70] inv'0 self} + any [ return' (result:Iter'0.t_iter t)-> {[%#span71] shallow_model'2 result = self} (! return' {result}) ] predicate resolve'2 (self : slice t) function shallow_model'1 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq t = - [%#span37] shallow_model'3 self + [%#span29] shallow_model'3 self - let rec deref'0 (self:Vec'0.t_vec t (Global'0.t_global)) (return' (ret:slice t))= {[@expl:precondition] [%#span85] inv'10 self} + let rec deref'0 (self:Vec'0.t_vec t (Global'0.t_global)) (return' (ret:slice t))= {[@expl:precondition] [%#span72] inv'9 self} any - [ return' (result:slice t)-> {[%#span87] inv'0 result} - {[%#span86] shallow_model'0 result = shallow_model'1 self} + [ return' (result:slice t)-> {[%#span74] inv'0 result} + {[%#span73] shallow_model'0 result = shallow_model'1 self} (! return' {result}) ] @@ -1462,42 +1292,36 @@ module Hillel_InsertUnique function new'1 (x : borrowed (Vec'0.t_vec t (Global'0.t_global))) : Snapshot'0.t_snapshot (borrowed (Vec'0.t_vec t (Global'0.t_global))) - axiom new'1_spec : forall x : borrowed (Vec'0.t_vec t (Global'0.t_global)) . ([%#span76] inv'5 x) - -> ([%#span77] deref'2 (new'1 x) = x) + axiom new'1_spec : forall x : borrowed (Vec'0.t_vec t (Global'0.t_global)) . ([%#span63] inv'5 x) + -> ([%#span64] deref'2 (new'1 x) = x) predicate is_subset'0 [#"../hillel.rs" 66 0 66 49] (sub : Seq'0.t_seq deep_model_ty'0) (sup : Seq'0.t_seq deep_model_ty'0) = - [%#span88] forall i : int . 0 <= i /\ i < len'1 sub -> contains'0 sup (index_logic'2 sub i) - - use seq.Seq + [%#span75] forall i : int . 0 <= i /\ i < len'1 sub -> contains'0 sup (index_logic'2 sub i) function concat'1 (self : Seq'0.t_seq deep_model_ty'0) (other : Seq'0.t_seq deep_model_ty'0) : Seq'0.t_seq deep_model_ty'0 - axiom concat'1_spec : forall self : Seq'0.t_seq deep_model_ty'0, other : Seq'0.t_seq deep_model_ty'0 . ([%#span28] inv'7 self) - -> ([%#span29] inv'7 other) - -> ([%#span32] inv'7 (concat'1 self other)) - && ([%#span31] forall i : int . 0 <= i /\ i < len'1 (concat'1 self other) + axiom concat'1_spec : forall self : Seq'0.t_seq deep_model_ty'0, other : Seq'0.t_seq deep_model_ty'0 . ([%#span25] forall i : int . 0 + <= i + /\ i < len'1 (concat'1 self other) -> index_logic'2 (concat'1 self other) i = (if i < len'1 self then index_logic'2 self i else index_logic'2 other (i - len'1 self))) - && ([%#span30] len'1 (concat'1 self other) = len'1 self + len'1 other) - - use seq.Seq + && ([%#span24] len'1 (concat'1 self other) = len'1 self + len'1 other) function singleton'1 (v : deep_model_ty'0) : Seq'0.t_seq deep_model_ty'0 - axiom singleton'1_spec : forall v : deep_model_ty'0 . ([%#span56] inv'8 v) - -> ([%#span59] inv'7 (singleton'1 v)) - && ([%#span58] index_logic'2 (singleton'1 v) 0 = v) && ([%#span57] len'1 (singleton'1 v) = 1) + axiom singleton'1_spec : forall v : deep_model_ty'0 . ([%#span44] inv'7 v) + -> ([%#span46] index_logic'2 (singleton'1 v) 0 = v) && ([%#span45] len'1 (singleton'1 v) = 1) function push'0 [@inline:trivial] (self : Seq'0.t_seq deep_model_ty'0) (v : deep_model_ty'0) : Seq'0.t_seq deep_model_ty'0 = - [%#span60] concat'1 self (singleton'1 v) + [%#span47] concat'1 self (singleton'1 v) function deep_model'0 (self : borrowed (Vec'0.t_vec t (Global'0.t_global))) : Seq'0.t_seq deep_model_ty'0 = - [%#span89] deep_model'3 ( * self) + [%#span76] deep_model'3 ( * self) predicate resolve'0 (self : Snapshot'0.t_snapshot ()) @@ -1505,13 +1329,13 @@ module Hillel_InsertUnique function new'0 (x : ()) : Snapshot'0.t_snapshot () - axiom new'0_spec : forall x : () . ([%#span76] inv'9 x) -> ([%#span77] deref'3 (new'0 x) = x) + axiom new'0_spec : forall x : () . ([%#span63] inv'8 x) -> ([%#span64] deref'3 (new'0 x) = x) function subset_push'0 [#"../hillel.rs" 74 0 74 37] (s : Seq'0.t_seq deep_model_ty'0) (elem : deep_model_ty'0) : () = - [%#span93] () + [%#span79] () - axiom subset_push'0_spec : forall s : Seq'0.t_seq deep_model_ty'0, elem : deep_model_ty'0 . ([%#span90] inv'7 s) - -> ([%#span91] inv'8 elem) -> ([%#span92] is_subset'0 s (push'0 s elem)) + axiom subset_push'0_spec : forall s : Seq'0.t_seq deep_model_ty'0, elem : deep_model_ty'0 . ([%#span77] inv'7 elem) + -> ([%#span78] is_subset'0 s (push'0 s elem)) let rec insert_unique (vec:borrowed (Vec'0.t_vec t (Global'0.t_global))) (elem:t) (return' (ret:()))= {[%#shillel13] inv'4 elem} {[%#shillel12] inv'5 vec} @@ -1739,225 +1563,185 @@ module Hillel_Unique let%span span20 = "" 0 0 0 0 - let%span span21 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span21 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span22 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span22 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span23 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span23 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span24 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span24 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span25 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span25 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span26 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span26 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span27 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span27 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span28 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span28 = "../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 - let%span span29 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span29 = "../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 - let%span span30 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span30 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 - let%span span31 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span31 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 - let%span span32 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span32 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 - let%span span33 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span33 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 - let%span span34 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span34 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 - let%span span35 = "../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 + let%span span35 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 - let%span span36 = "../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 + let%span span36 = "../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 - let%span span37 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span span37 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 - let%span span38 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span span38 = "../../../../creusot-contracts/src/logic/seq2.rs" 87 4 87 38 - let%span span39 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 + let%span span39 = "../../../../creusot-contracts/src/logic/seq2.rs" 88 4 89 81 - let%span span40 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 31 40 33 + let%span span40 = "../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span41 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 + let%span span41 = "../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span42 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 61 40 63 + let%span span42 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span43 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 + let%span span43 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span44 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span span44 = "../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 - let%span span45 = "../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 + let%span span45 = "../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span46 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span span46 = "../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span47 = "../../../../creusot-contracts/src/logic/seq2.rs" 91 18 91 22 + let%span span47 = "../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span48 = "../../../../creusot-contracts/src/logic/seq2.rs" 91 24 91 27 + let%span span48 = "../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span49 = "../../../../creusot-contracts/src/logic/seq2.rs" 88 4 88 38 + let%span span49 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span50 = "../../../../creusot-contracts/src/logic/seq2.rs" 89 4 90 81 + let%span span50 = "../hillel.rs" 60 4 62 5 - let%span span51 = "../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 + let%span span51 = "../hillel.rs" 67 4 69 5 - let%span span52 = "../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span52 = "../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22 - let%span span53 = "../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span53 = "../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56 - let%span span54 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span54 = "../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53 - let%span span55 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span55 = "../hillel.rs" 53 4 55 5 - let%span span56 = "../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 + let%span span56 = "../../../../creusot-contracts/src/model.rs" 99 8 99 28 - let%span span57 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span57 = "../hillel.rs" 76 11 76 38 - let%span span58 = "../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span58 = "../hillel.rs" 81 36 81 39 - let%span span59 = "../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span59 = "../hillel.rs" 81 54 81 58 - let%span span60 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span60 = "../hillel.rs" 77 10 77 40 - let%span span61 = "../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span61 = "../hillel.rs" 78 10 78 58 - let%span span62 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span62 = "../hillel.rs" 79 10 79 82 - let%span span63 = "../hillel.rs" 60 4 62 5 + let%span span63 = "../hillel.rs" 80 10 80 58 - let%span span64 = "../hillel.rs" 67 4 69 5 + let%span span64 = "../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 - let%span span65 = "../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22 + let%span span65 = "" 0 0 0 0 - let%span span66 = "../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56 + let%span span66 = "../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - let%span span67 = "../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53 + let%span span67 = "" 0 0 0 0 - let%span span68 = "../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44 + let%span span68 = "../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span span69 = "../hillel.rs" 53 4 55 5 + let%span span69 = "../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span span70 = "../../../../creusot-contracts/src/model.rs" 99 8 99 28 + let%span span70 = "../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span span71 = "../hillel.rs" 76 11 76 38 + let%span span71 = "../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 - let%span span72 = "../hillel.rs" 81 36 81 39 + let%span span72 = "../../../../creusot-contracts/src/std/slice.rs" 31 18 31 22 - let%span span73 = "../hillel.rs" 81 54 81 58 + let%span span73 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 44 - let%span span74 = "../hillel.rs" 77 10 77 40 + let%span span74 = "../../../../creusot-contracts/src/std/slice.rs" 30 4 30 98 - let%span span75 = "../hillel.rs" 78 10 78 58 + let%span span75 = "../../../../creusot-contracts/src/model.rs" 81 8 81 28 - let%span span76 = "../hillel.rs" 79 10 79 82 + let%span span76 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span77 = "../hillel.rs" 80 10 80 58 + let%span span77 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span78 = "../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span span78 = "../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - let%span span79 = "" 0 0 0 0 + let%span span79 = "../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - let%span span80 = "../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 + let%span span80 = "../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 let%span span81 = "" 0 0 0 0 - let%span span82 = "../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 - - let%span span83 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 - - let%span span84 = "../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 - - let%span span85 = "../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 - - let%span span86 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 - - let%span span87 = "../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 - - let%span span88 = "../../../../creusot-contracts/src/std/slice.rs" 31 18 31 22 - - let%span span89 = "../../../../creusot-contracts/src/std/slice.rs" 29 14 29 44 - - let%span span90 = "../../../../creusot-contracts/src/std/slice.rs" 30 4 30 98 - - let%span span91 = "../../../../creusot-contracts/src/std/slice.rs" 31 4 31 44 - - let%span span92 = "../../../../creusot-contracts/src/model.rs" 81 8 81 28 - - let%span span93 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - - let%span span94 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - - let%span span95 = "../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - - let%span span96 = "../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - - let%span span97 = "../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - - let%span span98 = "" 0 0 0 0 - - let%span span99 = "" 0 0 0 0 + let%span span82 = "" 0 0 0 0 - let%span span100 = "" 0 0 0 0 + let%span span83 = "" 0 0 0 0 - let%span span101 = "../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 + let%span span84 = "../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 - let%span span102 = "../../../../creusot-contracts/src/std/vec.rs" 69 26 69 44 + let%span span85 = "../../../../creusot-contracts/src/std/vec.rs" 69 26 69 44 - let%span span103 = "" 0 0 0 0 + let%span span86 = "" 0 0 0 0 type deep_model_ty'0 - predicate invariant'12 (self : deep_model_ty'0) + predicate invariant'11 (self : deep_model_ty'0) - predicate inv'12 (_x : deep_model_ty'0) + predicate inv'11 (_x : deep_model_ty'0) - axiom inv'12 : forall x : deep_model_ty'0 . inv'12 x = true + axiom inv'11 : forall x : deep_model_ty'0 . inv'11 x = true use prelude.prelude.Slice - predicate invariant'11 (self : slice t) + predicate invariant'10 (self : slice t) - predicate inv'11 (_x : slice t) + predicate inv'10 (_x : slice t) - axiom inv'11 : forall x : slice t . inv'11 x = true + axiom inv'10 : forall x : slice t . inv'10 x = true use prelude.prelude.UIntSize - predicate invariant'10 (self : usize) = + predicate invariant'9 (self : usize) = [%#span19] true - predicate inv'10 (_x : usize) + predicate inv'9 (_x : usize) - axiom inv'10 : forall x : usize . inv'10 x = true + axiom inv'9 : forall x : usize . inv'9 x = true use Core_Option_Option_Type as Option'0 - predicate invariant'9 (self : Option'0.t_option usize) = + predicate invariant'8 (self : Option'0.t_option usize) = [%#span19] true - predicate inv'9 (_x : Option'0.t_option usize) + predicate inv'8 (_x : Option'0.t_option usize) - axiom inv'9 : forall x : Option'0.t_option usize . inv'9 x = true + axiom inv'8 : forall x : Option'0.t_option usize . inv'8 x = true use Core_Ops_Range_Range_Type as Range'0 use prelude.prelude.Borrow - predicate invariant'8 (self : borrowed (Range'0.t_range usize)) = + predicate invariant'7 (self : borrowed (Range'0.t_range usize)) = [%#span19] true - predicate inv'8 (_x : borrowed (Range'0.t_range usize)) + predicate inv'7 (_x : borrowed (Range'0.t_range usize)) - axiom inv'8 : forall x : borrowed (Range'0.t_range usize) . inv'8 x = true + axiom inv'7 : forall x : borrowed (Range'0.t_range usize) . inv'7 x = true use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'7 (self : Seq'0.t_seq deep_model_ty'0) - - predicate inv'7 (_x : Seq'0.t_seq deep_model_ty'0) - - axiom inv'7 : forall x : Seq'0.t_seq deep_model_ty'0 . inv'7 x = true - predicate invariant'6 (self : Seq'0.t_seq usize) = [%#span19] true @@ -1999,74 +1783,57 @@ module Hillel_Unique constant max'0 : usize = [%#span20] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'2 (self : Seq'0.t_seq t) : int - axiom len'2_spec : forall self : Seq'0.t_seq t . ([%#span21] inv'5 self) -> ([%#span22] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq t . [%#span21] len'2 self >= 0 predicate inv'1 (_x : Vec'0.t_vec t (Global'0.t_global)) function shallow_model'1 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq t - axiom shallow_model'1_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span23] inv'1 self) - -> ([%#span25] inv'5 (shallow_model'1 self)) - && ([%#span24] len'2 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'1_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span22] inv'1 self) + -> ([%#span23] len'2 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'1 (self : Vec'0.t_vec t (Global'0.t_global)) = - [%#span26] inv'5 (shallow_model'1 self) + [%#span24] inv'5 (shallow_model'1 self) axiom inv'1 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'1 x = true - use seq.Seq - function len'3 (self : Seq'0.t_seq deep_model_ty'0) : int - axiom len'3_spec : forall self : Seq'0.t_seq deep_model_ty'0 . ([%#span21] inv'7 self) - -> ([%#span22] len'3 self >= 0) + axiom len'3_spec : forall self : Seq'0.t_seq deep_model_ty'0 . [%#span21] len'3 self >= 0 - constant empty'2 : Seq'0.t_seq deep_model_ty'0 = [%#span27] () + constant empty'2 : Seq'0.t_seq deep_model_ty'0 - function empty_len'2 (_1 : ()) : () = - [%#span29] () + function empty_len'2 (_1 : ()) : () - axiom empty_len'2_spec : forall _1 : () . [%#span28] len'3 (empty'2 : Seq'0.t_seq deep_model_ty'0) = 0 + axiom empty_len'2_spec : forall _1 : () . [%#span25] len'3 (empty'2 : Seq'0.t_seq deep_model_ty'0) = 0 - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq usize) (x : int) : usize - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq usize) (_2 : int) : usize function len'1 (self : Seq'0.t_seq usize) : int - axiom len'1_spec : forall self : Seq'0.t_seq usize . ([%#span21] inv'6 self) -> ([%#span22] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq usize . [%#span21] len'1 self >= 0 function concat'0 (self : Seq'0.t_seq usize) (other : Seq'0.t_seq usize) : Seq'0.t_seq usize - axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span30] inv'6 self) - -> ([%#span31] inv'6 other) - -> ([%#span34] inv'6 (concat'0 self other)) - && ([%#span33] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span27] forall i : int . 0 <= i + /\ i < len'1 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'1 self then index_logic'0 self i else index_logic'0 other (i - len'1 self))) - && ([%#span32] len'1 (concat'0 self other) = len'1 self + len'1 other) + && ([%#span26] len'1 (concat'0 self other) = len'1 self + len'1 other) predicate inv'0 (_x : Range'0.t_range usize) use prelude.prelude.Int function deep_model'2 (self : usize) : int = - [%#span35] UIntSize.to_int self + [%#span28] UIntSize.to_int self use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type predicate produces'0 (self : Range'0.t_range usize) (visited : Seq'0.t_seq usize) (o : Range'0.t_range usize) = - [%#span36] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o + [%#span29] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ deep_model'2 (Core_Ops_Range_Range_Type.range_start self) <= deep_model'2 (Core_Ops_Range_Range_Type.range_start o) /\ (len'1 visited > 0 @@ -2079,221 +1846,187 @@ module Hillel_Unique function produces_trans'0 (a : Range'0.t_range usize) (ab : Seq'0.t_seq usize) (b : Range'0.t_range usize) (bc : Seq'0.t_seq usize) (c : Range'0.t_range usize) : () - axiom produces_trans'0_spec : forall a : Range'0.t_range usize, ab : Seq'0.t_seq usize, b : Range'0.t_range usize, bc : Seq'0.t_seq usize, c : Range'0.t_range usize . ([%#span37] produces'0 a ab b) - -> ([%#span38] produces'0 b bc c) - -> ([%#span39] inv'0 a) - -> ([%#span40] inv'6 ab) - -> ([%#span41] inv'0 b) - -> ([%#span42] inv'6 bc) -> ([%#span43] inv'0 c) -> ([%#span44] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : Range'0.t_range usize, ab : Seq'0.t_seq usize, b : Range'0.t_range usize, bc : Seq'0.t_seq usize, c : Range'0.t_range usize . ([%#span30] produces'0 a ab b) + -> ([%#span31] produces'0 b bc c) + -> ([%#span32] inv'0 a) + -> ([%#span33] inv'0 b) -> ([%#span34] inv'0 c) -> ([%#span35] produces'0 a (concat'0 ab bc) c) - constant empty'1 : Seq'0.t_seq usize = [%#span27] () + constant empty'1 : Seq'0.t_seq usize function produces_refl'0 (self : Range'0.t_range usize) : () - axiom produces_refl'0_spec : forall self : Range'0.t_range usize . ([%#span45] inv'0 self) - -> ([%#span46] produces'0 self (empty'1 : Seq'0.t_seq usize) self) + axiom produces_refl'0_spec : forall self : Range'0.t_range usize . ([%#span36] inv'0 self) + -> ([%#span37] produces'0 self (empty'1 : Seq'0.t_seq usize) self) predicate invariant'0 (self : Range'0.t_range usize) = [%#span19] true axiom inv'0 : forall x : Range'0.t_range usize . inv'0 x = true - function empty_len'1 (_1 : ()) : () = - [%#span29] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span28] len'1 (empty'1 : Seq'0.t_seq usize) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span25] len'1 (empty'1 : Seq'0.t_seq usize) = 0 - constant empty'0 : Seq'0.t_seq t = [%#span27] () + constant empty'0 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span29] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span28] len'2 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span25] len'2 (empty'0 : Seq'0.t_seq t) = 0 use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic - use seq.Seq - - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq deep_model_ty'0) (x : int) : deep_model_ty'0 + function index_logic'1 (self : Seq'0.t_seq deep_model_ty'0) (_2 : int) : deep_model_ty'0 predicate ext_eq'0 (self : Seq'0.t_seq deep_model_ty'0) (oth : Seq'0.t_seq deep_model_ty'0) - axiom ext_eq'0_spec : forall self : Seq'0.t_seq deep_model_ty'0, oth : Seq'0.t_seq deep_model_ty'0 . ([%#span47] inv'7 self) - -> ([%#span48] inv'7 oth) - -> ([%#span50] len'3 self = len'3 oth + axiom ext_eq'0_spec : forall self : Seq'0.t_seq deep_model_ty'0, oth : Seq'0.t_seq deep_model_ty'0 . ([%#span39] len'3 self + = len'3 oth /\ (forall i : int . 0 <= i /\ i < len'3 self -> index_logic'1 self i = index_logic'1 oth i) -> ext_eq'0 self oth) - && ([%#span49] ext_eq'0 self oth -> self = oth) + && ([%#span38] ext_eq'0 self oth -> self = oth) function shallow_model'2 (self : slice t) : Seq'0.t_seq t - axiom shallow_model'2_spec : forall self : slice t . ([%#span51] inv'11 self) - -> ([%#span53] inv'5 (shallow_model'2 self)) - && ([%#span52] len'2 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'2_spec : forall self : slice t . ([%#span40] inv'10 self) + -> ([%#span41] len'2 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) function shallow_model'0 (self : slice t) : Seq'0.t_seq t = - [%#span54] shallow_model'2 self + [%#span42] shallow_model'2 self predicate resolve'5 (self : slice t) predicate resolve'2 (self : t) - use seq.Seq - - function index_logic'3 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'3 (self : Seq'0.t_seq t) (_2 : int) : t function index_logic'2 [@inline:trivial] (self : Vec'0.t_vec t (Global'0.t_global)) (ix : int) : t = - [%#span55] index_logic'3 (shallow_model'1 self) ix + [%#span43] index_logic'3 (shallow_model'1 self) ix predicate resolve'4 (self : Vec'0.t_vec t (Global'0.t_global)) = - [%#span56] forall i : int . 0 <= i /\ i < len'2 (shallow_model'1 self) -> resolve'2 (index_logic'2 self i) - - use seq.Seq + [%#span44] forall i : int . 0 <= i /\ i < len'2 (shallow_model'1 self) -> resolve'2 (index_logic'2 self i) function concat'1 (self : Seq'0.t_seq t) (other : Seq'0.t_seq t) : Seq'0.t_seq t - axiom concat'1_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span30] inv'5 self) - -> ([%#span31] inv'5 other) - -> ([%#span34] inv'5 (concat'1 self other)) - && ([%#span33] forall i : int . 0 <= i /\ i < len'2 (concat'1 self other) + axiom concat'1_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span27] forall i : int . 0 <= i + /\ i < len'2 (concat'1 self other) -> index_logic'3 (concat'1 self other) i = (if i < len'2 self then index_logic'3 self i else index_logic'3 other (i - len'2 self))) - && ([%#span32] len'2 (concat'1 self other) = len'2 self + len'2 other) - - use seq.Seq + && ([%#span26] len'2 (concat'1 self other) = len'2 self + len'2 other) function singleton'1 (v : t) : Seq'0.t_seq t - axiom singleton'1_spec : forall v : t . ([%#span57] inv'2 v) - -> ([%#span60] inv'5 (singleton'1 v)) - && ([%#span59] index_logic'3 (singleton'1 v) 0 = v) && ([%#span58] len'2 (singleton'1 v) = 1) + axiom singleton'1_spec : forall v : t . ([%#span45] inv'2 v) + -> ([%#span47] index_logic'3 (singleton'1 v) 0 = v) && ([%#span46] len'2 (singleton'1 v) = 1) function push'0 [@inline:trivial] (self : Seq'0.t_seq t) (v : t) : Seq'0.t_seq t = - [%#span61] concat'1 self (singleton'1 v) + [%#span48] concat'1 self (singleton'1 v) function deref'1 (self : Snapshot'0.t_snapshot (Seq'0.t_seq t)) : Seq'0.t_seq t predicate resolve'3 (self : borrowed (Vec'0.t_vec t (Global'0.t_global))) = - [%#span62] ^ self = * self + [%#span49] ^ self = * self predicate contains'0 [#"../hillel.rs" 59 0 59 44] (seq : Seq'0.t_seq deep_model_ty'0) (elem : deep_model_ty'0) = - [%#span63] exists i : int . 0 <= i /\ i < len'3 seq /\ index_logic'1 seq i = elem - - use seq.Seq + [%#span50] exists i : int . 0 <= i /\ i < len'3 seq /\ index_logic'1 seq i = elem function concat'2 (self : Seq'0.t_seq deep_model_ty'0) (other : Seq'0.t_seq deep_model_ty'0) : Seq'0.t_seq deep_model_ty'0 - axiom concat'2_spec : forall self : Seq'0.t_seq deep_model_ty'0, other : Seq'0.t_seq deep_model_ty'0 . ([%#span30] inv'7 self) - -> ([%#span31] inv'7 other) - -> ([%#span34] inv'7 (concat'2 self other)) - && ([%#span33] forall i : int . 0 <= i /\ i < len'3 (concat'2 self other) + axiom concat'2_spec : forall self : Seq'0.t_seq deep_model_ty'0, other : Seq'0.t_seq deep_model_ty'0 . ([%#span27] forall i : int . 0 + <= i + /\ i < len'3 (concat'2 self other) -> index_logic'1 (concat'2 self other) i = (if i < len'3 self then index_logic'1 self i else index_logic'1 other (i - len'3 self))) - && ([%#span32] len'3 (concat'2 self other) = len'3 self + len'3 other) - - use seq.Seq + && ([%#span26] len'3 (concat'2 self other) = len'3 self + len'3 other) function singleton'2 (v : deep_model_ty'0) : Seq'0.t_seq deep_model_ty'0 - axiom singleton'2_spec : forall v : deep_model_ty'0 . ([%#span57] inv'12 v) - -> ([%#span60] inv'7 (singleton'2 v)) - && ([%#span59] index_logic'1 (singleton'2 v) 0 = v) && ([%#span58] len'3 (singleton'2 v) = 1) + axiom singleton'2_spec : forall v : deep_model_ty'0 . ([%#span45] inv'11 v) + -> ([%#span47] index_logic'1 (singleton'2 v) 0 = v) && ([%#span46] len'3 (singleton'2 v) = 1) function push'1 [@inline:trivial] (self : Seq'0.t_seq deep_model_ty'0) (v : deep_model_ty'0) : Seq'0.t_seq deep_model_ty'0 = - [%#span61] concat'2 self (singleton'2 v) + [%#span48] concat'2 self (singleton'2 v) function deep_model'3 (self : t) : deep_model_ty'0 predicate is_subset'0 [#"../hillel.rs" 66 0 66 49] (sub : Seq'0.t_seq deep_model_ty'0) (sup : Seq'0.t_seq deep_model_ty'0) = - [%#span64] forall i : int . 0 <= i /\ i < len'3 sub -> contains'0 sup (index_logic'1 sub i) + [%#span51] forall i : int . 0 <= i /\ i < len'3 sub -> contains'0 sup (index_logic'1 sub i) function deep_model'0 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq deep_model_ty'0 - axiom deep_model'0_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span65] inv'1 self) - -> ([%#span68] inv'7 (deep_model'0 self)) - && ([%#span67] forall i : int . 0 <= i /\ i < len'2 (shallow_model'1 self) + axiom deep_model'0_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span52] inv'1 self) + -> ([%#span54] forall i : int . 0 <= i /\ i < len'2 (shallow_model'1 self) -> index_logic'1 (deep_model'0 self) i = deep_model'3 (index_logic'2 self i)) - && ([%#span66] len'2 (shallow_model'1 self) = len'3 (deep_model'0 self)) + && ([%#span53] len'2 (shallow_model'1 self) = len'3 (deep_model'0 self)) predicate is_unique'0 [#"../hillel.rs" 52 0 52 34] (s : Seq'0.t_seq deep_model_ty'0) = - [%#span69] forall j : int . forall i : int . 0 <= i /\ i < len'3 s /\ 0 <= j /\ j < len'3 s + [%#span55] forall j : int . forall i : int . 0 <= i /\ i < len'3 s /\ 0 <= j /\ j < len'3 s -> index_logic'1 s i = index_logic'1 s j -> i = j function deep_model'5 (self : borrowed (Vec'0.t_vec t (Global'0.t_global))) : Seq'0.t_seq deep_model_ty'0 = - [%#span70] deep_model'0 ( * self) + [%#span56] deep_model'0 ( * self) - let rec insert_unique'0 (vec:borrowed (Vec'0.t_vec t (Global'0.t_global))) (elem:t) (return' (ret:()))= {[@expl:precondition] [%#span73] inv'2 elem} - {[@expl:precondition] [%#span72] inv'3 vec} - {[@expl:precondition] [%#span71] is_unique'0 (deep_model'5 vec)} + let rec insert_unique'0 (vec:borrowed (Vec'0.t_vec t (Global'0.t_global))) (elem:t) (return' (ret:()))= {[@expl:precondition] [%#span59] inv'2 elem} + {[@expl:precondition] [%#span58] inv'3 vec} + {[@expl:precondition] [%#span57] is_unique'0 (deep_model'5 vec)} any - [ return' (result:())-> {[%#span77] contains'0 (deep_model'0 ( ^ vec)) (deep_model'3 elem)} - {[%#span76] is_subset'0 (deep_model'0 ( ^ vec)) (push'1 (deep_model'5 vec) (deep_model'3 elem))} - {[%#span75] is_subset'0 (deep_model'5 vec) (deep_model'0 ( ^ vec))} - {[%#span74] is_unique'0 (deep_model'0 ( ^ vec))} + [ return' (result:())-> {[%#span63] contains'0 (deep_model'0 ( ^ vec)) (deep_model'3 elem)} + {[%#span62] is_subset'0 (deep_model'0 ( ^ vec)) (push'1 (deep_model'5 vec) (deep_model'3 elem))} + {[%#span61] is_subset'0 (deep_model'5 vec) (deep_model'0 ( ^ vec))} + {[%#span60] is_unique'0 (deep_model'0 ( ^ vec))} (! return' {result}) ] - use seq.Seq - function singleton'0 (v : usize) : Seq'0.t_seq usize - axiom singleton'0_spec : forall v : usize . ([%#span57] inv'10 v) - -> ([%#span60] inv'6 (singleton'0 v)) - && ([%#span59] index_logic'0 (singleton'0 v) 0 = v) && ([%#span58] len'1 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : usize . ([%#span45] inv'9 v) + -> ([%#span47] index_logic'0 (singleton'0 v) 0 = v) && ([%#span46] len'1 (singleton'0 v) = 1) predicate resolve'1 (self : borrowed (Range'0.t_range usize)) = - [%#span62] ^ self = * self + [%#span49] ^ self = * self predicate completed'0 (self : borrowed (Range'0.t_range usize)) = - [%#span78] resolve'1 self + [%#span64] resolve'1 self /\ deep_model'2 (Core_Ops_Range_Range_Type.range_start ( * self)) >= deep_model'2 (Core_Ops_Range_Range_Type.range_end ( * self)) - let rec next'0 (self:borrowed (Range'0.t_range usize)) (return' (ret:Option'0.t_option usize))= {[@expl:precondition] [%#span79] inv'8 self} + let rec next'0 (self:borrowed (Range'0.t_range usize)) (return' (ret:Option'0.t_option usize))= {[@expl:precondition] [%#span65] inv'7 self} any - [ return' (result:Option'0.t_option usize)-> {[%#span81] inv'9 result} - {[%#span80] match result with + [ return' (result:Option'0.t_option usize)-> {[%#span67] inv'8 result} + {[%#span66] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} (! return' {result}) ] - use prelude.seq_ext.SeqExt - function subsequence'0 (self : Seq'0.t_seq deep_model_ty'0) (n : int) (m : int) : Seq'0.t_seq deep_model_ty'0 - axiom subsequence'0_spec : forall self : Seq'0.t_seq deep_model_ty'0, n : int, m : int . ([%#span82] 0 <= n + axiom subsequence'0_spec : forall self : Seq'0.t_seq deep_model_ty'0, n : int, m : int . ([%#span68] 0 <= n /\ n <= m /\ m <= len'3 self) - -> ([%#span83] inv'7 self) - -> ([%#span86] inv'7 (subsequence'0 self n m)) - && ([%#span85] forall i : int . 0 <= i /\ i < len'3 (subsequence'0 self n m) + -> ([%#span70] forall i : int . 0 <= i /\ i < len'3 (subsequence'0 self n m) -> index_logic'1 (subsequence'0 self n m) i = index_logic'1 self (n + i)) - && ([%#span84] len'3 (subsequence'0 self n m) = m - n) + && ([%#span69] len'3 (subsequence'0 self n m) = m - n) function deref'0 (self : Snapshot'0.t_snapshot (Seq'0.t_seq usize)) : Seq'0.t_seq usize function index_logic'4 [@inline:trivial] (self : slice t) (ix : int) : t = - [%#span87] index_logic'3 (shallow_model'2 self) ix + [%#span71] index_logic'3 (shallow_model'2 self) ix function deep_model'4 (self : slice t) : Seq'0.t_seq deep_model_ty'0 - axiom deep_model'4_spec : forall self : slice t . ([%#span88] inv'11 self) - -> ([%#span91] inv'7 (deep_model'4 self)) - && ([%#span90] forall i : int . 0 <= i /\ i < len'3 (deep_model'4 self) + axiom deep_model'4_spec : forall self : slice t . ([%#span72] inv'10 self) + -> ([%#span74] forall i : int . 0 <= i /\ i < len'3 (deep_model'4 self) -> index_logic'1 (deep_model'4 self) i = deep_model'3 (index_logic'4 self i)) - && ([%#span89] len'2 (shallow_model'0 self) = len'3 (deep_model'4 self)) + && ([%#span73] len'2 (shallow_model'0 self) = len'3 (deep_model'4 self)) function deep_model'1 (self : slice t) : Seq'0.t_seq deep_model_ty'0 = - [%#span92] deep_model'4 self + [%#span75] deep_model'4 self function inner'1 (self : Snapshot'0.t_snapshot (Seq'0.t_seq usize)) : Seq'0.t_seq usize @@ -2303,41 +2036,40 @@ module Hillel_Unique function new'3 (x : Seq'0.t_seq usize) : Snapshot'0.t_snapshot (Seq'0.t_seq usize) - axiom new'3_spec : forall x : Seq'0.t_seq usize . ([%#span93] inv'6 x) -> ([%#span94] deref'0 (new'3 x) = x) + axiom new'3_spec : forall x : Seq'0.t_seq usize . ([%#span76] inv'6 x) -> ([%#span77] deref'0 (new'3 x) = x) function new'2 (x : Range'0.t_range usize) : Snapshot'0.t_snapshot (Range'0.t_range usize) - axiom new'2_spec : forall x : Range'0.t_range usize . ([%#span93] inv'0 x) -> ([%#span94] deref'2 (new'2 x) = x) + axiom new'2_spec : forall x : Range'0.t_range usize . ([%#span76] inv'0 x) -> ([%#span77] deref'2 (new'2 x) = x) predicate into_iter_post'0 (self : Range'0.t_range usize) (res : Range'0.t_range usize) = - [%#span95] self = res + [%#span78] self = res predicate into_iter_pre'0 (self : Range'0.t_range usize) = - [%#span96] true + [%#span79] true - let rec into_iter'0 (self:Range'0.t_range usize) (return' (ret:Range'0.t_range usize))= {[@expl:precondition] [%#span98] inv'0 self} - {[@expl:precondition] [%#span97] into_iter_pre'0 self} + let rec into_iter'0 (self:Range'0.t_range usize) (return' (ret:Range'0.t_range usize))= {[@expl:precondition] [%#span81] inv'0 self} + {[@expl:precondition] [%#span80] into_iter_pre'0 self} any - [ return' (result:Range'0.t_range usize)-> {[%#span99] inv'0 result} - {[%#span97] into_iter_post'0 self result} + [ return' (result:Range'0.t_range usize)-> {[%#span82] inv'0 result} + {[%#span80] into_iter_post'0 self result} (! return' {result}) ] - let rec len'0 (self:slice t) (return' (ret:usize))= {[@expl:precondition] [%#span100] inv'4 self} + let rec len'0 (self:slice t) (return' (ret:usize))= {[@expl:precondition] [%#span83] inv'4 self} any - [ return' (result:usize)-> {[%#span101] len'2 (shallow_model'0 self) = UIntSize.to_int result} - (! return' {result}) ] + [ return' (result:usize)-> {[%#span84] len'2 (shallow_model'0 self) = UIntSize.to_int result} (! return' {result}) ] predicate resolve'0 (self : Snapshot'0.t_snapshot (Seq'0.t_seq t)) function new'1 (x : Seq'0.t_seq t) : Snapshot'0.t_snapshot (Seq'0.t_seq t) - axiom new'1_spec : forall x : Seq'0.t_seq t . ([%#span93] inv'5 x) -> ([%#span94] deref'1 (new'1 x) = x) + axiom new'1_spec : forall x : Seq'0.t_seq t . ([%#span76] inv'5 x) -> ([%#span77] deref'1 (new'1 x) = x) let rec new'0 (_1:()) (return' (ret:Vec'0.t_vec t (Global'0.t_global)))= any - [ return' (result:Vec'0.t_vec t (Global'0.t_global))-> {[%#span103] inv'1 result} - {[%#span102] len'2 (shallow_model'1 result) = 0} + [ return' (result:Vec'0.t_vec t (Global'0.t_global))-> {[%#span86] inv'1 result} + {[%#span85] len'2 (shallow_model'1 result) = 0} (! return' {result}) ] @@ -2493,51 +2225,29 @@ module Hillel_SumRange_Impl let%span shillel2 = "../hillel.rs" 122 10 122 19 - let%span span3 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 + let%span span3 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span4 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span4 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span5 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span6 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span7 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span8 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + use prelude.prelude.Int use prelude.prelude.UInt32 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'0 (self : Seq'0.t_seq uint32) = - [%#span3] true - - predicate inv'0 (_x : Seq'0.t_seq uint32) - - axiom inv'0 : forall x : Seq'0.t_seq uint32 . inv'0 x = true - - use prelude.prelude.Int - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq uint32) : int - axiom len'0_spec : forall self : Seq'0.t_seq uint32 . ([%#span4] inv'0 self) -> ([%#span5] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq uint32 . [%#span3] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq uint32 = [%#span6] () + constant empty'0 : Seq'0.t_seq uint32 - function empty_len'0 (_1 : ()) : () = - [%#span8] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span7] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span4] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 use prelude.prelude.UInt32 - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq uint32) (x : int) : uint32 + function index_logic'0 (self : Seq'0.t_seq uint32) (_2 : int) : uint32 constant seq : Seq'0.t_seq uint32 @@ -2563,67 +2273,45 @@ module Hillel_SumRangeSplit_Impl let%span shillel2 = "../hillel.rs" 134 10 134 18 - let%span span3 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 + let%span span3 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span4 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span4 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span5 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span5 = "../hillel.rs" 123 11 123 53 - let%span span6 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span6 = "../hillel.rs" 124 10 124 21 - let%span span7 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span7 = "../hillel.rs" 122 10 122 19 - let%span span8 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span8 = "../hillel.rs" 121 0 121 8 - let%span span9 = "../hillel.rs" 123 11 123 53 - - let%span span10 = "../hillel.rs" 124 10 124 21 - - let%span span11 = "../hillel.rs" 122 10 122 19 - - let%span span12 = "../hillel.rs" 121 0 121 8 + use prelude.prelude.Int use prelude.prelude.UInt32 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'0 (self : Seq'0.t_seq uint32) = - [%#span3] true - - predicate inv'0 (_x : Seq'0.t_seq uint32) - - axiom inv'0 : forall x : Seq'0.t_seq uint32 . inv'0 x = true - - use prelude.prelude.Int - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq uint32) : int - axiom len'0_spec : forall self : Seq'0.t_seq uint32 . ([%#span4] inv'0 self) -> ([%#span5] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq uint32 . [%#span3] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq uint32 = [%#span6] () + constant empty'0 : Seq'0.t_seq uint32 - function empty_len'0 (_1 : ()) : () = - [%#span8] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span7] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span4] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 use prelude.prelude.UInt32 - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq uint32) (x : int) : uint32 + function index_logic'0 (self : Seq'0.t_seq uint32) (_2 : int) : uint32 function sum_range'0 [#"../hillel.rs" 125 0 125 54] (seq : Seq'0.t_seq uint32) (from : int) (to' : int) : int axiom sum_range'0_def : forall seq : Seq'0.t_seq uint32, from : int, to' : int . sum_range'0 seq from to' - = ([%#span12] if to' - from > 0 then UInt32.to_int (index_logic'0 seq from) + sum_range'0 seq (from + 1) to' else 0) + = ([%#span8] if to' - from > 0 then UInt32.to_int (index_logic'0 seq from) + sum_range'0 seq (from + 1) to' else 0) - axiom sum_range'0_spec : forall seq : Seq'0.t_seq uint32, from : int, to' : int . ([%#span9] 0 <= from - /\ from <= to' /\ to' <= len'0 seq) -> ([%#span10] sum_range'0 seq from to' >= 0) + axiom sum_range'0_spec : forall seq : Seq'0.t_seq uint32, from : int, to' : int . ([%#span5] 0 <= from + /\ from <= to' /\ to' <= len'0 seq) -> ([%#span6] sum_range'0 seq from to' >= 0) constant seq : Seq'0.t_seq uint32 @@ -2653,91 +2341,69 @@ module Hillel_Score_Impl let%span shillel2 = "../hillel.rs" 146 0 146 79 - let%span sseq23 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span sseq24 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span shillel5 = "../hillel.rs" 135 11 135 63 - - let%span shillel6 = "../hillel.rs" 136 10 136 85 + let%span sseq23 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span shillel7 = "../hillel.rs" 134 10 134 18 + let%span shillel4 = "../hillel.rs" 135 11 135 63 - let%span shillel8 = "../hillel.rs" 123 11 123 53 + let%span shillel5 = "../hillel.rs" 136 10 136 85 - let%span shillel9 = "../hillel.rs" 124 10 124 21 + let%span shillel6 = "../hillel.rs" 134 10 134 18 - let%span shillel10 = "../hillel.rs" 122 10 122 19 + let%span shillel7 = "../hillel.rs" 123 11 123 53 - let%span span11 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 + let%span shillel8 = "../hillel.rs" 124 10 124 21 - let%span span12 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span shillel9 = "../hillel.rs" 122 10 122 19 - let%span span13 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span10 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span14 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span11 = "../../../../creusot-contracts/src/logic/int.rs" 55 4 55 12 - let%span span15 = "../../../../creusot-contracts/src/logic/int.rs" 55 4 55 12 + let%span span12 = "../hillel.rs" 121 0 121 8 - let%span span16 = "../hillel.rs" 121 0 121 8 + let%span span13 = "../hillel.rs" 138 4 140 5 - let%span span17 = "../hillel.rs" 138 4 140 5 + use prelude.prelude.Int use prelude.prelude.UInt32 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'0 (self : Seq'0.t_seq uint32) = - [%#span11] true - - predicate inv'0 (_x : Seq'0.t_seq uint32) - - axiom inv'0 : forall x : Seq'0.t_seq uint32 . inv'0 x = true - - use prelude.prelude.Int - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq uint32) : int - axiom len'0_spec : forall self : Seq'0.t_seq uint32 . ([%#sseq23] inv'0 self) -> ([%#sseq24] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq uint32 . [%#sseq23] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq uint32 = [%#span12] () + constant empty'0 : Seq'0.t_seq uint32 - function empty_len'0 (_1 : ()) : () = - [%#span14] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span13] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span10] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 function abs_diff'0 (self : int) (other : int) : int = - [%#span15] if self < other then other - self else self - other + [%#span11] if self < other then other - self else self - other use prelude.prelude.UInt32 - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq uint32) (x : int) : uint32 + function index_logic'0 (self : Seq'0.t_seq uint32) (_2 : int) : uint32 function sum_range'0 [#"../hillel.rs" 125 0 125 54] (seq : Seq'0.t_seq uint32) (from : int) (to' : int) : int axiom sum_range'0_def : forall seq : Seq'0.t_seq uint32, from : int, to' : int . sum_range'0 seq from to' - = ([%#span16] if to' - from > 0 then UInt32.to_int (index_logic'0 seq from) + sum_range'0 seq (from + 1) to' else 0) + = ([%#span12] if to' - from > 0 then UInt32.to_int (index_logic'0 seq from) + sum_range'0 seq (from + 1) to' else 0) - axiom sum_range'0_spec : forall seq : Seq'0.t_seq uint32, from : int, to' : int . ([%#shillel8] 0 <= from - /\ from <= to' /\ to' <= len'0 seq) -> ([%#shillel9] sum_range'0 seq from to' >= 0) + axiom sum_range'0_spec : forall seq : Seq'0.t_seq uint32, from : int, to' : int . ([%#shillel7] 0 <= from + /\ from <= to' /\ to' <= len'0 seq) -> ([%#shillel8] sum_range'0 seq from to' >= 0) function sum_range_split'0 [#"../hillel.rs" 137 0 137 61] (seq : Seq'0.t_seq uint32) (from : int) (to' : int) (i : int) : () axiom sum_range_split'0_def : forall seq : Seq'0.t_seq uint32, from : int, to' : int, i : int . sum_range_split'0 seq from to' i - = ([%#span17] if i > from then let _ = sum_range_split'0 seq (from + 1) to' i in () else ()) + = ([%#span13] if i > from then let _ = sum_range_split'0 seq (from + 1) to' i in () else ()) - axiom sum_range_split'0_spec : forall seq : Seq'0.t_seq uint32, from : int, to' : int, i : int . ([%#shillel5] 0 + axiom sum_range_split'0_spec : forall seq : Seq'0.t_seq uint32, from : int, to' : int, i : int . ([%#shillel4] 0 <= from /\ from <= i /\ i <= to' /\ to' <= len'0 seq) - -> ([%#shillel6] sum_range'0 seq from to' = sum_range'0 seq from i + sum_range'0 seq i to') + -> ([%#shillel5] sum_range'0 seq from to' = sum_range'0 seq from i + sum_range'0 seq i to') constant seq : Seq'0.t_seq uint32 @@ -2746,19 +2412,17 @@ module Hillel_Score_Impl function score [#"../hillel.rs" 147 0 147 38] (seq : Seq'0.t_seq uint32) (i : int) : int goal vc_score : ([%#shillel0] 0 <= i /\ i <= len'0 seq) - -> ([%#sseq23] inv'0 seq) - /\ (([%#sseq24] len'0 seq >= 0) - -> ([%#shillel5] 0 <= 0 /\ 0 <= i /\ i <= len'0 seq /\ len'0 seq <= len'0 seq) - /\ (([%#shillel6] sum_range'0 seq 0 (len'0 seq) = sum_range'0 seq 0 i + sum_range'0 seq i (len'0 seq)) - -> (let _ = sum_range_split'0 seq 0 (len'0 seq) i in ([%#shillel8] 0 <= 0 /\ 0 <= i /\ i <= len'0 seq) - /\ (([%#shillel9] sum_range'0 seq 0 i >= 0) - -> ([%#sseq23] inv'0 seq) - /\ (([%#sseq24] len'0 seq >= 0) - -> ([%#shillel8] 0 <= i /\ i <= len'0 seq /\ len'0 seq <= len'0 seq) - /\ (([%#shillel9] sum_range'0 seq i (len'0 seq) >= 0) + -> ([%#sseq23] len'0 seq >= 0) + -> ([%#shillel4] 0 <= 0 /\ 0 <= i /\ i <= len'0 seq /\ len'0 seq <= len'0 seq) + /\ (([%#shillel5] sum_range'0 seq 0 (len'0 seq) = sum_range'0 seq 0 i + sum_range'0 seq i (len'0 seq)) + -> (let _ = sum_range_split'0 seq 0 (len'0 seq) i in ([%#shillel7] 0 <= 0 /\ 0 <= i /\ i <= len'0 seq) + /\ (([%#shillel8] sum_range'0 seq 0 i >= 0) + -> ([%#sseq23] len'0 seq >= 0) + -> ([%#shillel7] 0 <= i /\ i <= len'0 seq /\ len'0 seq <= len'0 seq) + /\ (([%#shillel8] sum_range'0 seq i (len'0 seq) >= 0) -> (let result = abs_diff'0 (sum_range'0 seq 0 i) (sum_range'0 seq i (len'0 seq)) in ([%#shillel2] 0 = i \/ i = len'0 seq -> result = sum_range'0 seq 0 (len'0 seq)) - && ([%#shillel1] 0 <= result /\ result <= sum_range'0 seq 0 (len'0 seq))))))))) + && ([%#shillel1] 0 <= result /\ result <= sum_range'0 seq 0 (len'0 seq))))))) end module Hillel_Fulcrum let%span shillel0 = "../hillel.rs" 160 25 160 26 @@ -2811,233 +2475,200 @@ module Hillel_Fulcrum let%span span24 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span25 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span26 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span27 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span28 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span29 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span30 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span31 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span32 = "../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 - - let%span span33 = "../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 - - let%span span34 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 - - let%span span35 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 - - let%span span36 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 - - let%span span37 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 31 40 33 - - let%span span38 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 + let%span span25 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span39 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 61 40 63 + let%span span26 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span40 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 + let%span span27 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span41 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span span28 = "../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 - let%span span42 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span29 = "../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 - let%span span43 = "../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 + let%span span30 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 - let%span span44 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span span31 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 - let%span span45 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span32 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 - let%span span46 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span33 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 - let%span span47 = "" 0 0 0 0 + let%span span34 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 - let%span span48 = "../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 + let%span span35 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 - let%span span49 = "../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span36 = "../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 - let%span span50 = "../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span37 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 - let%span span51 = "../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 + let%span span38 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span52 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span39 = "" 0 0 0 0 - let%span span53 = "../../../../creusot-contracts/src/std/slice.rs" 76 19 76 23 + let%span span40 = "../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span54 = "../../../../creusot-contracts/src/std/slice.rs" 74 14 74 41 + let%span span41 = "../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span55 = "../../../../creusot-contracts/src/std/slice.rs" 75 4 75 82 + let%span span42 = "../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 - let%span span56 = "../../../../creusot-contracts/src/std/slice.rs" 76 4 76 35 + let%span span43 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span57 = "../../../../creusot-contracts/src/std/slice.rs" 384 12 384 66 + let%span span44 = "../../../../creusot-contracts/src/std/slice.rs" 76 19 76 23 - let%span span58 = "../../../../creusot-contracts/src/std/slice.rs" 395 15 395 32 + let%span span45 = "../../../../creusot-contracts/src/std/slice.rs" 74 14 74 41 - let%span span59 = "../../../../creusot-contracts/src/std/slice.rs" 396 15 396 32 + let%span span46 = "../../../../creusot-contracts/src/std/slice.rs" 75 4 75 82 - let%span span60 = "../../../../creusot-contracts/src/std/slice.rs" 398 31 398 33 + let%span span47 = "../../../../creusot-contracts/src/std/slice.rs" 384 12 384 66 - let%span span61 = "../../../../creusot-contracts/src/std/slice.rs" 398 61 398 63 + let%span span48 = "../../../../creusot-contracts/src/std/slice.rs" 395 15 395 32 - let%span span62 = "../../../../creusot-contracts/src/std/slice.rs" 397 14 397 42 + let%span span49 = "../../../../creusot-contracts/src/std/slice.rs" 396 15 396 32 - let%span span63 = "../../../../creusot-contracts/src/std/slice.rs" 393 4 393 10 + let%span span50 = "../../../../creusot-contracts/src/std/slice.rs" 397 14 397 42 - let%span span64 = "../../../../creusot-contracts/src/std/slice.rs" 390 14 390 45 + let%span span51 = "../../../../creusot-contracts/src/std/slice.rs" 393 4 393 10 - let%span span65 = "../../../../creusot-contracts/src/std/slice.rs" 388 4 388 10 + let%span span52 = "../../../../creusot-contracts/src/std/slice.rs" 390 14 390 45 - let%span span66 = "../../../../creusot-contracts/src/logic/int.rs" 55 4 55 12 + let%span span53 = "../../../../creusot-contracts/src/std/slice.rs" 388 4 388 10 - let%span span67 = "../../../../creusot-contracts/src/std/num.rs" 221 26 221 59 + let%span span54 = "../../../../creusot-contracts/src/logic/int.rs" 55 4 55 12 - let%span span68 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span55 = "../../../../creusot-contracts/src/std/num.rs" 221 26 221 59 - let%span span69 = "../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span56 = "../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span70 = "../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span57 = "../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span71 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span58 = "../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span72 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span59 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span73 = "../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span span60 = "../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 - let%span span74 = "" 0 0 0 0 + let%span span61 = "" 0 0 0 0 - let%span span75 = "../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 + let%span span62 = "../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - let%span span76 = "" 0 0 0 0 + let%span span63 = "" 0 0 0 0 - let%span span77 = "../hillel.rs" 123 11 123 53 + let%span span64 = "../hillel.rs" 123 11 123 53 - let%span span78 = "../hillel.rs" 124 10 124 21 + let%span span65 = "../hillel.rs" 124 10 124 21 - let%span span79 = "../hillel.rs" 122 10 122 19 + let%span span66 = "../hillel.rs" 122 10 122 19 - let%span span80 = "../hillel.rs" 121 0 121 8 + let%span span67 = "../hillel.rs" 121 0 121 8 - let%span span81 = "../hillel.rs" 135 11 135 63 + let%span span68 = "../hillel.rs" 135 11 135 63 - let%span span82 = "../hillel.rs" 136 10 136 85 + let%span span69 = "../hillel.rs" 136 10 136 85 - let%span span83 = "../hillel.rs" 134 10 134 18 + let%span span70 = "../hillel.rs" 134 10 134 18 - let%span span84 = "../hillel.rs" 138 4 140 5 + let%span span71 = "../hillel.rs" 138 4 140 5 - let%span span85 = "../hillel.rs" 144 11 144 35 + let%span span72 = "../hillel.rs" 144 11 144 35 - let%span span86 = "../hillel.rs" 145 10 145 64 + let%span span73 = "../hillel.rs" 145 10 145 64 - let%span span87 = "../hillel.rs" 146 0 146 79 + let%span span74 = "../hillel.rs" 146 0 146 79 - let%span span88 = "../hillel.rs" 148 4 148 41 + let%span span75 = "../hillel.rs" 148 4 148 41 - let%span span89 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span76 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span90 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span77 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span91 = "../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 + let%span span78 = "../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - let%span span92 = "../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 + let%span span79 = "../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - let%span span93 = "../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 + let%span span80 = "../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - let%span span94 = "" 0 0 0 0 + let%span span81 = "" 0 0 0 0 - let%span span95 = "" 0 0 0 0 + let%span span82 = "" 0 0 0 0 - let%span span96 = "" 0 0 0 0 + let%span span83 = "" 0 0 0 0 - let%span span97 = "../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 + let%span span84 = "../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 - let%span span98 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span85 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span99 = "../../../../creusot-contracts/src/std/slice.rs" 377 20 377 61 + let%span span86 = "../../../../creusot-contracts/src/std/slice.rs" 377 20 377 61 - let%span span100 = "" 0 0 0 0 + let%span span87 = "" 0 0 0 0 - let%span span101 = "../../../../creusot-contracts/src/std/slice.rs" 344 20 344 32 + let%span span88 = "../../../../creusot-contracts/src/std/slice.rs" 344 20 344 32 - let%span span102 = "../../../../creusot-contracts/src/std/slice.rs" 338 20 338 24 + let%span span89 = "../../../../creusot-contracts/src/std/slice.rs" 338 20 338 24 - let%span span103 = "" 0 0 0 0 + let%span span90 = "" 0 0 0 0 use prelude.prelude.UInt32 use prelude.prelude.Slice - predicate invariant'11 (self : slice uint32) = + predicate invariant'10 (self : slice uint32) = [%#span24] true - predicate inv'11 (_x : slice uint32) + predicate inv'10 (_x : slice uint32) - axiom inv'11 : forall x : slice uint32 . inv'11 x = true + axiom inv'10 : forall x : slice uint32 . inv'10 x = true use prelude.prelude.UIntSize - predicate invariant'10 (self : usize) = + predicate invariant'9 (self : usize) = [%#span24] true - predicate inv'10 (_x : usize) + predicate inv'9 (_x : usize) - axiom inv'10 : forall x : usize . inv'10 x = true + axiom inv'9 : forall x : usize . inv'9 x = true use Core_Option_Option_Type as Option'0 - predicate invariant'9 (self : Option'0.t_option usize) = + predicate invariant'8 (self : Option'0.t_option usize) = [%#span24] true - predicate inv'9 (_x : Option'0.t_option usize) + predicate inv'8 (_x : Option'0.t_option usize) - axiom inv'9 : forall x : Option'0.t_option usize . inv'9 x = true + axiom inv'8 : forall x : Option'0.t_option usize . inv'8 x = true use Core_Ops_Range_Range_Type as Range'0 use prelude.prelude.Borrow - predicate invariant'8 (self : borrowed (Range'0.t_range usize)) = + predicate invariant'7 (self : borrowed (Range'0.t_range usize)) = [%#span24] true - predicate inv'8 (_x : borrowed (Range'0.t_range usize)) + predicate inv'7 (_x : borrowed (Range'0.t_range usize)) - axiom inv'8 : forall x : borrowed (Range'0.t_range usize) . inv'8 x = true + axiom inv'7 : forall x : borrowed (Range'0.t_range usize) . inv'7 x = true use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'7 (self : Seq'0.t_seq usize) = - [%#span24] true - - predicate inv'7 (_x : Seq'0.t_seq usize) - - axiom inv'7 : forall x : Seq'0.t_seq usize . inv'7 x = true - - predicate invariant'6 (self : uint32) = + predicate invariant'6 (self : Seq'0.t_seq usize) = [%#span24] true - predicate inv'6 (_x : uint32) + predicate inv'6 (_x : Seq'0.t_seq usize) - axiom inv'6 : forall x : uint32 . inv'6 x = true + axiom inv'6 : forall x : Seq'0.t_seq usize . inv'6 x = true - predicate invariant'5 (self : Option'0.t_option uint32) = + predicate invariant'5 (self : uint32) = [%#span24] true - predicate inv'5 (_x : Option'0.t_option uint32) + predicate inv'5 (_x : uint32) - axiom inv'5 : forall x : Option'0.t_option uint32 . inv'5 x = true + axiom inv'5 : forall x : uint32 . inv'5 x = true - predicate invariant'4 (self : Seq'0.t_seq uint32) = + predicate invariant'4 (self : Option'0.t_option uint32) = [%#span24] true - predicate inv'4 (_x : Seq'0.t_seq uint32) + predicate inv'4 (_x : Option'0.t_option uint32) - axiom inv'4 : forall x : Seq'0.t_seq uint32 . inv'4 x = true + axiom inv'4 : forall x : Option'0.t_option uint32 . inv'4 x = true predicate invariant'3 (self : Seq'0.t_seq uint32) = [%#span24] true @@ -3053,31 +2684,21 @@ module Hillel_Fulcrum axiom inv'2 : forall x : slice uint32 . inv'2 x = true - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - use seq.Seq - use prelude.prelude.Int - function index_logic'2 (self : Seq'0.t_seq usize) (x : int) : usize - - use seq.Seq + function index_logic'2 (self : Seq'0.t_seq usize) (_2 : int) : usize function len'3 (self : Seq'0.t_seq usize) : int - axiom len'3_spec : forall self : Seq'0.t_seq usize . ([%#span25] inv'7 self) -> ([%#span26] len'3 self >= 0) + axiom len'3_spec : forall self : Seq'0.t_seq usize . [%#span25] len'3 self >= 0 function concat'1 (self : Seq'0.t_seq usize) (other : Seq'0.t_seq usize) : Seq'0.t_seq usize - axiom concat'1_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span27] inv'7 self) - -> ([%#span28] inv'7 other) - -> ([%#span31] inv'7 (concat'1 self other)) - && ([%#span30] forall i : int . 0 <= i /\ i < len'3 (concat'1 self other) + axiom concat'1_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span27] forall i : int . 0 <= i + /\ i < len'3 (concat'1 self other) -> index_logic'2 (concat'1 self other) i = (if i < len'3 self then index_logic'2 self i else index_logic'2 other (i - len'3 self))) - && ([%#span29] len'3 (concat'1 self other) = len'3 self + len'3 other) + && ([%#span26] len'3 (concat'1 self other) = len'3 self + len'3 other) predicate inv'1 (_x : Range'0.t_range usize) @@ -3086,12 +2707,12 @@ module Hillel_Fulcrum use prelude.prelude.UIntSize function deep_model'0 (self : usize) : int = - [%#span32] UIntSize.to_int self + [%#span28] UIntSize.to_int self use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type predicate produces'1 (self : Range'0.t_range usize) (visited : Seq'0.t_seq usize) (o : Range'0.t_range usize) = - [%#span33] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o + [%#span29] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start self) <= deep_model'0 (Core_Ops_Range_Range_Type.range_start o) /\ (len'3 visited > 0 @@ -3104,113 +2725,95 @@ module Hillel_Fulcrum function produces_trans'1 (a : Range'0.t_range usize) (ab : Seq'0.t_seq usize) (b : Range'0.t_range usize) (bc : Seq'0.t_seq usize) (c : Range'0.t_range usize) : () - axiom produces_trans'1_spec : forall a : Range'0.t_range usize, ab : Seq'0.t_seq usize, b : Range'0.t_range usize, bc : Seq'0.t_seq usize, c : Range'0.t_range usize . ([%#span34] produces'1 a ab b) - -> ([%#span35] produces'1 b bc c) - -> ([%#span36] inv'1 a) - -> ([%#span37] inv'7 ab) - -> ([%#span38] inv'1 b) - -> ([%#span39] inv'7 bc) -> ([%#span40] inv'1 c) -> ([%#span41] produces'1 a (concat'1 ab bc) c) + axiom produces_trans'1_spec : forall a : Range'0.t_range usize, ab : Seq'0.t_seq usize, b : Range'0.t_range usize, bc : Seq'0.t_seq usize, c : Range'0.t_range usize . ([%#span30] produces'1 a ab b) + -> ([%#span31] produces'1 b bc c) + -> ([%#span32] inv'1 a) + -> ([%#span33] inv'1 b) -> ([%#span34] inv'1 c) -> ([%#span35] produces'1 a (concat'1 ab bc) c) - constant empty'1 : Seq'0.t_seq usize = [%#span42] () + constant empty'1 : Seq'0.t_seq usize function produces_refl'1 (self : Range'0.t_range usize) : () - axiom produces_refl'1_spec : forall self : Range'0.t_range usize . ([%#span43] inv'1 self) - -> ([%#span44] produces'1 self (empty'1 : Seq'0.t_seq usize) self) + axiom produces_refl'1_spec : forall self : Range'0.t_range usize . ([%#span36] inv'1 self) + -> ([%#span37] produces'1 self (empty'1 : Seq'0.t_seq usize) self) predicate invariant'1 (self : Range'0.t_range usize) = [%#span24] true axiom inv'1 : forall x : Range'0.t_range usize . inv'1 x = true - function empty_len'2 (_1 : ()) : () = - [%#span46] () + function empty_len'2 (_1 : ()) : () - axiom empty_len'2_spec : forall _1 : () . [%#span45] len'3 (empty'1 : Seq'0.t_seq usize) = 0 - - use seq.Seq + axiom empty_len'2_spec : forall _1 : () . [%#span38] len'3 (empty'1 : Seq'0.t_seq usize) = 0 function len'1 (self : Seq'0.t_seq uint32) : int - axiom len'1_spec : forall self : Seq'0.t_seq uint32 . ([%#span25] inv'4 self) -> ([%#span26] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq uint32 . [%#span25] len'1 self >= 0 - constant empty'2 : Seq'0.t_seq uint32 = [%#span42] () + constant empty'2 : Seq'0.t_seq uint32 - function empty_len'1 (_1 : ()) : () = - [%#span46] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span45] len'1 (empty'2 : Seq'0.t_seq uint32) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span38] len'1 (empty'2 : Seq'0.t_seq uint32) = 0 use Core_Slice_Iter_Iter_Type as Iter'0 - use seq.Seq - - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq uint32) (x : int) : uint32 - - use seq.Seq + function index_logic'1 (self : Seq'0.t_seq uint32) (_2 : int) : uint32 function len'0 (self : Seq'0.t_seq uint32) : int - axiom len'0_spec : forall self : Seq'0.t_seq uint32 . ([%#span25] inv'3 self) -> ([%#span26] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq uint32 . [%#span25] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq uint32) (other : Seq'0.t_seq uint32) : Seq'0.t_seq uint32 - axiom concat'0_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span27] inv'3 self) - -> ([%#span28] inv'3 other) - -> ([%#span31] inv'3 (concat'0 self other)) - && ([%#span30] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span27] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'0 self then index_logic'1 self i else index_logic'1 other (i - len'0 self))) - && ([%#span29] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span26] len'0 (concat'0 self other) = len'0 self + len'0 other) - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq uint32) (_2 : int) : uint32 - function index_logic'0 (self : Seq'0.t_seq uint32) (x : int) : uint32 - - constant max'0 : usize = [%#span47] (18446744073709551615 : usize) + constant max'0 : usize = [%#span39] (18446744073709551615 : usize) function shallow_model'2 (self : slice uint32) : Seq'0.t_seq uint32 - axiom shallow_model'2_spec : forall self : slice uint32 . ([%#span48] inv'11 self) - -> ([%#span50] inv'4 (shallow_model'2 self)) - && ([%#span49] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'2_spec : forall self : slice uint32 . ([%#span40] inv'10 self) + -> ([%#span41] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) function index_logic'3 [@inline:trivial] (self : slice uint32) (ix : int) : uint32 = - [%#span51] index_logic'0 (shallow_model'2 self) ix + [%#span42] index_logic'0 (shallow_model'2 self) ix function shallow_model'0 (self : slice uint32) : Seq'0.t_seq uint32 = - [%#span52] shallow_model'2 self + [%#span43] shallow_model'2 self function to_ref_seq'0 (self : slice uint32) : Seq'0.t_seq uint32 - axiom to_ref_seq'0_spec : forall self : slice uint32 . ([%#span53] inv'2 self) - -> ([%#span56] inv'3 (to_ref_seq'0 self)) - && ([%#span55] forall i : int . 0 <= i /\ i < len'0 (to_ref_seq'0 self) + axiom to_ref_seq'0_spec : forall self : slice uint32 . ([%#span44] inv'2 self) + -> ([%#span46] forall i : int . 0 <= i /\ i < len'0 (to_ref_seq'0 self) -> index_logic'1 (to_ref_seq'0 self) i = index_logic'3 self i) - && ([%#span54] len'0 (to_ref_seq'0 self) = len'1 (shallow_model'0 self)) + && ([%#span45] len'0 (to_ref_seq'0 self) = len'1 (shallow_model'0 self)) function shallow_model'1 (self : Iter'0.t_iter uint32) : slice uint32 predicate produces'0 (self : Iter'0.t_iter uint32) (visited : Seq'0.t_seq uint32) (tl : Iter'0.t_iter uint32) = - [%#span57] to_ref_seq'0 (shallow_model'1 self) = concat'0 visited (to_ref_seq'0 (shallow_model'1 tl)) + [%#span47] to_ref_seq'0 (shallow_model'1 self) = concat'0 visited (to_ref_seq'0 (shallow_model'1 tl)) function produces_trans'0 (a : Iter'0.t_iter uint32) (ab : Seq'0.t_seq uint32) (b : Iter'0.t_iter uint32) (bc : Seq'0.t_seq uint32) (c : Iter'0.t_iter uint32) : () = - [%#span63] () + [%#span51] () - axiom produces_trans'0_spec : forall a : Iter'0.t_iter uint32, ab : Seq'0.t_seq uint32, b : Iter'0.t_iter uint32, bc : Seq'0.t_seq uint32, c : Iter'0.t_iter uint32 . ([%#span58] produces'0 a ab b) - -> ([%#span59] produces'0 b bc c) - -> ([%#span60] inv'3 ab) -> ([%#span61] inv'3 bc) -> ([%#span62] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : Iter'0.t_iter uint32, ab : Seq'0.t_seq uint32, b : Iter'0.t_iter uint32, bc : Seq'0.t_seq uint32, c : Iter'0.t_iter uint32 . ([%#span48] produces'0 a ab b) + -> ([%#span49] produces'0 b bc c) -> ([%#span50] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq uint32 = [%#span42] () + constant empty'0 : Seq'0.t_seq uint32 function produces_refl'0 (self : Iter'0.t_iter uint32) : () = - [%#span65] () + [%#span53] () - axiom produces_refl'0_spec : forall self : Iter'0.t_iter uint32 . [%#span64] produces'0 self (empty'0 : Seq'0.t_seq uint32) self + axiom produces_refl'0_spec : forall self : Iter'0.t_iter uint32 . [%#span52] produces'0 self (empty'0 : Seq'0.t_seq uint32) self predicate invariant'0 (self : Iter'0.t_iter uint32) = [%#span24] true @@ -3219,46 +2822,42 @@ module Hillel_Fulcrum axiom inv'0 : forall x : Iter'0.t_iter uint32 . inv'0 x = true - function empty_len'0 (_1 : ()) : () = - [%#span46] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span45] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span38] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic function abs_diff'1 (self : int) (other : int) : int = - [%#span66] if self < other then other - self else self - other + [%#span54] if self < other then other - self else self - other use prelude.prelude.UInt32 let rec abs_diff'0 (self:uint32) (other:uint32) (return' (ret:uint32))= any - [ return' (result:uint32)-> {[%#span67] UInt32.to_int result + [ return' (result:uint32)-> {[%#span55] UInt32.to_int result = abs_diff'1 (UInt32.to_int self) (UInt32.to_int other)} (! return' {result}) ] - use seq.Seq - function singleton'1 (v : usize) : Seq'0.t_seq usize - axiom singleton'1_spec : forall v : usize . ([%#span68] inv'10 v) - -> ([%#span71] inv'7 (singleton'1 v)) - && ([%#span70] index_logic'2 (singleton'1 v) 0 = v) && ([%#span69] len'3 (singleton'1 v) = 1) + axiom singleton'1_spec : forall v : usize . ([%#span56] inv'9 v) + -> ([%#span58] index_logic'2 (singleton'1 v) 0 = v) && ([%#span57] len'3 (singleton'1 v) = 1) predicate resolve'1 (self : borrowed (Range'0.t_range usize)) = - [%#span72] ^ self = * self + [%#span59] ^ self = * self predicate completed'1 (self : borrowed (Range'0.t_range usize)) = - [%#span73] resolve'1 self + [%#span60] resolve'1 self /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start ( * self)) >= deep_model'0 (Core_Ops_Range_Range_Type.range_end ( * self)) - let rec next'1 (self:borrowed (Range'0.t_range usize)) (return' (ret:Option'0.t_option usize))= {[@expl:precondition] [%#span74] inv'8 self} + let rec next'1 (self:borrowed (Range'0.t_range usize)) (return' (ret:Option'0.t_option usize))= {[@expl:precondition] [%#span61] inv'7 self} any - [ return' (result:Option'0.t_option usize)-> {[%#span76] inv'9 result} - {[%#span75] match result with + [ return' (result:Option'0.t_option usize)-> {[%#span63] inv'8 result} + {[%#span62] match result with | Option'0.C_None -> completed'1 self | Option'0.C_Some v -> produces'1 ( * self) (singleton'1 v) ( ^ self) end} @@ -3268,27 +2867,27 @@ module Hillel_Fulcrum function sum_range'0 [#"../hillel.rs" 125 0 125 54] (seq : Seq'0.t_seq uint32) (from : int) (to' : int) : int axiom sum_range'0_def : forall seq : Seq'0.t_seq uint32, from : int, to' : int . sum_range'0 seq from to' - = ([%#span80] if to' - from > 0 then UInt32.to_int (index_logic'0 seq from) + sum_range'0 seq (from + 1) to' else 0) + = ([%#span67] if to' - from > 0 then UInt32.to_int (index_logic'0 seq from) + sum_range'0 seq (from + 1) to' else 0) - axiom sum_range'0_spec : forall seq : Seq'0.t_seq uint32, from : int, to' : int . ([%#span77] 0 <= from - /\ from <= to' /\ to' <= len'1 seq) -> ([%#span78] sum_range'0 seq from to' >= 0) + axiom sum_range'0_spec : forall seq : Seq'0.t_seq uint32, from : int, to' : int . ([%#span64] 0 <= from + /\ from <= to' /\ to' <= len'1 seq) -> ([%#span65] sum_range'0 seq from to' >= 0) function sum_range_split'0 [#"../hillel.rs" 137 0 137 61] (seq : Seq'0.t_seq uint32) (from : int) (to' : int) (i : int) : () axiom sum_range_split'0_def : forall seq : Seq'0.t_seq uint32, from : int, to' : int, i : int . sum_range_split'0 seq from to' i - = ([%#span84] if i > from then let _ = sum_range_split'0 seq (from + 1) to' i in () else ()) + = ([%#span71] if i > from then let _ = sum_range_split'0 seq (from + 1) to' i in () else ()) - axiom sum_range_split'0_spec : forall seq : Seq'0.t_seq uint32, from : int, to' : int, i : int . ([%#span81] 0 <= from + axiom sum_range_split'0_spec : forall seq : Seq'0.t_seq uint32, from : int, to' : int, i : int . ([%#span68] 0 <= from /\ from <= i /\ i <= to' /\ to' <= len'1 seq) - -> ([%#span82] sum_range'0 seq from to' = sum_range'0 seq from i + sum_range'0 seq i to') + -> ([%#span69] sum_range'0 seq from to' = sum_range'0 seq from i + sum_range'0 seq i to') function score'0 [#"../hillel.rs" 147 0 147 38] (seq : Seq'0.t_seq uint32) (i : int) : int = - [%#span88] let _ = sum_range_split'0 seq 0 (len'1 seq) i in abs_diff'1 (sum_range'0 seq 0 i) (sum_range'0 seq i (len'1 seq)) + [%#span75] let _ = sum_range_split'0 seq 0 (len'1 seq) i in abs_diff'1 (sum_range'0 seq 0 i) (sum_range'0 seq i (len'1 seq)) - axiom score'0_spec : forall seq : Seq'0.t_seq uint32, i : int . ([%#span85] 0 <= i /\ i <= len'1 seq) - -> ([%#span87] 0 = i \/ i = len'1 seq -> score'0 seq i = sum_range'0 seq 0 (len'1 seq)) - && ([%#span86] 0 <= score'0 seq i /\ score'0 seq i <= sum_range'0 seq 0 (len'1 seq)) + axiom score'0_spec : forall seq : Seq'0.t_seq uint32, i : int . ([%#span72] 0 <= i /\ i <= len'1 seq) + -> ([%#span74] 0 = i \/ i = len'1 seq -> score'0 seq i = sum_range'0 seq 0 (len'1 seq)) + && ([%#span73] 0 <= score'0 seq i /\ score'0 seq i <= sum_range'0 seq 0 (len'1 seq)) function deref'1 (self : Snapshot'0.t_snapshot (Seq'0.t_seq usize)) : Seq'0.t_seq usize @@ -3300,51 +2899,48 @@ module Hillel_Fulcrum function new'3 (x : Seq'0.t_seq usize) : Snapshot'0.t_snapshot (Seq'0.t_seq usize) - axiom new'3_spec : forall x : Seq'0.t_seq usize . ([%#span89] inv'7 x) -> ([%#span90] deref'1 (new'3 x) = x) + axiom new'3_spec : forall x : Seq'0.t_seq usize . ([%#span76] inv'6 x) -> ([%#span77] deref'1 (new'3 x) = x) function new'2 (x : Range'0.t_range usize) : Snapshot'0.t_snapshot (Range'0.t_range usize) - axiom new'2_spec : forall x : Range'0.t_range usize . ([%#span89] inv'1 x) -> ([%#span90] deref'3 (new'2 x) = x) + axiom new'2_spec : forall x : Range'0.t_range usize . ([%#span76] inv'1 x) -> ([%#span77] deref'3 (new'2 x) = x) predicate into_iter_post'1 (self : Range'0.t_range usize) (res : Range'0.t_range usize) = - [%#span91] self = res + [%#span78] self = res predicate into_iter_pre'1 (self : Range'0.t_range usize) = - [%#span92] true + [%#span79] true - let rec into_iter'1 (self:Range'0.t_range usize) (return' (ret:Range'0.t_range usize))= {[@expl:precondition] [%#span94] inv'1 self} - {[@expl:precondition] [%#span93] into_iter_pre'1 self} + let rec into_iter'1 (self:Range'0.t_range usize) (return' (ret:Range'0.t_range usize))= {[@expl:precondition] [%#span81] inv'1 self} + {[@expl:precondition] [%#span80] into_iter_pre'1 self} any - [ return' (result:Range'0.t_range usize)-> {[%#span95] inv'1 result} - {[%#span93] into_iter_post'1 self result} + [ return' (result:Range'0.t_range usize)-> {[%#span82] inv'1 result} + {[%#span80] into_iter_post'1 self result} (! return' {result}) ] - let rec len'2 (self:slice uint32) (return' (ret:usize))= {[@expl:precondition] [%#span96] inv'2 self} + let rec len'2 (self:slice uint32) (return' (ret:usize))= {[@expl:precondition] [%#span83] inv'2 self} any - [ return' (result:usize)-> {[%#span97] len'1 (shallow_model'0 self) = UIntSize.to_int result} (! return' {result}) ] + [ return' (result:usize)-> {[%#span84] len'1 (shallow_model'0 self) = UIntSize.to_int result} (! return' {result}) ] - use seq.Seq - function singleton'0 (v : uint32) : Seq'0.t_seq uint32 - axiom singleton'0_spec : forall v : uint32 . ([%#span68] inv'6 v) - -> ([%#span71] inv'3 (singleton'0 v)) - && ([%#span70] index_logic'1 (singleton'0 v) 0 = v) && ([%#span69] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : uint32 . ([%#span56] inv'5 v) + -> ([%#span58] index_logic'1 (singleton'0 v) 0 = v) && ([%#span57] len'0 (singleton'0 v) = 1) predicate resolve'0 (self : borrowed (Iter'0.t_iter uint32)) = - [%#span72] ^ self = * self + [%#span59] ^ self = * self function shallow_model'3 (self : borrowed (Iter'0.t_iter uint32)) : slice uint32 = - [%#span98] shallow_model'1 ( * self) + [%#span85] shallow_model'1 ( * self) predicate completed'0 (self : borrowed (Iter'0.t_iter uint32)) = - [%#span99] resolve'0 self /\ shallow_model'2 (shallow_model'3 self) = (empty'2 : Seq'0.t_seq uint32) + [%#span86] resolve'0 self /\ shallow_model'2 (shallow_model'3 self) = (empty'2 : Seq'0.t_seq uint32) let rec next'0 (self:borrowed (Iter'0.t_iter uint32)) (return' (ret:Option'0.t_option uint32))= any - [ return' (result:Option'0.t_option uint32)-> {[%#span100] inv'5 result} - {[%#span75] match result with + [ return' (result:Option'0.t_option uint32)-> {[%#span87] inv'4 result} + {[%#span62] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} @@ -3361,21 +2957,21 @@ module Hillel_Fulcrum function new'1 (x : Seq'0.t_seq uint32) : Snapshot'0.t_snapshot (Seq'0.t_seq uint32) - axiom new'1_spec : forall x : Seq'0.t_seq uint32 . ([%#span89] inv'3 x) -> ([%#span90] deref'0 (new'1 x) = x) + axiom new'1_spec : forall x : Seq'0.t_seq uint32 . ([%#span76] inv'3 x) -> ([%#span77] deref'0 (new'1 x) = x) function new'0 (x : Iter'0.t_iter uint32) : Snapshot'0.t_snapshot (Iter'0.t_iter uint32) - axiom new'0_spec : forall x : Iter'0.t_iter uint32 . ([%#span89] inv'0 x) -> ([%#span90] deref'2 (new'0 x) = x) + axiom new'0_spec : forall x : Iter'0.t_iter uint32 . ([%#span76] inv'0 x) -> ([%#span77] deref'2 (new'0 x) = x) predicate into_iter_post'0 (self : slice uint32) (res : Iter'0.t_iter uint32) = - [%#span101] self = shallow_model'1 res + [%#span88] self = shallow_model'1 res predicate into_iter_pre'0 (self : slice uint32) = - [%#span102] true + [%#span89] true - let rec into_iter'0 (self:slice uint32) (return' (ret:Iter'0.t_iter uint32))= {[@expl:precondition] [%#span103] inv'2 self} - {[@expl:precondition] [%#span93] into_iter_pre'0 self} - any [ return' (result:Iter'0.t_iter uint32)-> {[%#span93] into_iter_post'0 self result} (! return' {result}) ] + let rec into_iter'0 (self:slice uint32) (return' (ret:Iter'0.t_iter uint32))= {[@expl:precondition] [%#span90] inv'2 self} + {[@expl:precondition] [%#span80] into_iter_pre'0 self} + any [ return' (result:Iter'0.t_iter uint32)-> {[%#span80] into_iter_post'0 self result} (! return' {result}) ] let rec fulcrum (s:slice uint32) (return' (ret:usize))= {[%#shillel21] len'1 (shallow_model'0 s) > 0} {[%#shillel20] sum_range'0 (shallow_model'0 s) 0 (len'1 (shallow_model'0 s)) <= 1000} diff --git a/creusot/tests/should_succeed/index_range.coma b/creusot/tests/should_succeed/index_range.coma index fe917841d5..8586689195 100644 --- a/creusot/tests/should_succeed/index_range.coma +++ b/creusot/tests/should_succeed/index_range.coma @@ -101,22 +101,7 @@ module Alloc_Alloc_Global_Type end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module IndexRange_CreateArr let%span sindex_range0 = "../index_range.rs" 15 18 15 28 @@ -137,57 +122,41 @@ module IndexRange_CreateArr let%span span8 = "" 0 0 0 0 - let%span span9 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span10 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span11 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - - let%span span12 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - - let%span span13 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 - - let%span span14 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - - let%span span15 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span16 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span9 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span17 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span10 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span18 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span11 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span19 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span12 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span20 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span13 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span21 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span14 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span22 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span15 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span23 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span16 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span24 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span17 = "../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span25 = "../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span18 = "../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span26 = "../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span19 = "../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span27 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span20 = "../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span28 = "../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span21 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span29 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span22 = "" 0 0 0 0 - let%span span30 = "" 0 0 0 0 + let%span span23 = "" 0 0 0 0 - let%span span31 = "" 0 0 0 0 + let%span span24 = "../../../../creusot-contracts/src/std/vec.rs" 82 26 82 51 - let%span span32 = "../../../../creusot-contracts/src/std/vec.rs" 82 26 82 51 + let%span span25 = "../../../../creusot-contracts/src/std/vec.rs" 69 26 69 44 - let%span span33 = "../../../../creusot-contracts/src/std/vec.rs" 69 26 69 44 - - let%span span34 = "" 0 0 0 0 + let%span span26 = "" 0 0 0 0 use prelude.prelude.Int32 @@ -228,81 +197,66 @@ module IndexRange_CreateArr constant max'0 : usize = [%#span8] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq int32) : int - axiom len'0_spec : forall self : Seq'0.t_seq int32 . ([%#span9] inv'3 self) -> ([%#span10] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq int32 . [%#span9] len'0 self >= 0 predicate inv'0 (_x : Vec'0.t_vec int32 (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec int32 (Global'0.t_global)) : Seq'0.t_seq int32 - axiom shallow_model'0_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span11] inv'0 self) - -> ([%#span13] inv'3 (shallow_model'0 self)) - && ([%#span12] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span10] inv'0 self) + -> ([%#span11] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'0 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span14] inv'3 (shallow_model'0 self) + [%#span12] inv'3 (shallow_model'0 self) axiom inv'0 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'0 x = true - constant empty'0 : Seq'0.t_seq int32 = [%#span15] () + constant empty'0 : Seq'0.t_seq int32 - function empty_len'0 (_1 : ()) : () = - [%#span17] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span16] len'0 (empty'0 : Seq'0.t_seq int32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span13] len'0 (empty'0 : Seq'0.t_seq int32) = 0 use prelude.prelude.Int32 - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq int32) (x : int) : int32 + function index_logic'1 (self : Seq'0.t_seq int32) (_2 : int) : int32 function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec int32 (Global'0.t_global)) (ix : int) : int32 = - [%#span18] index_logic'1 (shallow_model'0 self) ix + [%#span14] index_logic'1 (shallow_model'0 self) ix use prelude.prelude.Intrinsic - use seq.Seq - function concat'0 (self : Seq'0.t_seq int32) (other : Seq'0.t_seq int32) : Seq'0.t_seq int32 - axiom concat'0_spec : forall self : Seq'0.t_seq int32, other : Seq'0.t_seq int32 . ([%#span19] inv'3 self) - -> ([%#span20] inv'3 other) - -> ([%#span23] inv'3 (concat'0 self other)) - && ([%#span22] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq int32, other : Seq'0.t_seq int32 . ([%#span16] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'0 self then index_logic'1 self i else index_logic'1 other (i - len'0 self))) - && ([%#span21] len'0 (concat'0 self other) = len'0 self + len'0 other) - - use seq.Seq + && ([%#span15] len'0 (concat'0 self other) = len'0 self + len'0 other) function singleton'0 (v : int32) : Seq'0.t_seq int32 - axiom singleton'0_spec : forall v : int32 . ([%#span24] inv'2 v) - -> ([%#span27] inv'3 (singleton'0 v)) - && ([%#span26] index_logic'1 (singleton'0 v) 0 = v) && ([%#span25] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : int32 . ([%#span17] inv'2 v) + -> ([%#span19] index_logic'1 (singleton'0 v) 0 = v) && ([%#span18] len'0 (singleton'0 v) = 1) function push'1 [@inline:trivial] (self : Seq'0.t_seq int32) (v : int32) : Seq'0.t_seq int32 = - [%#span28] concat'0 self (singleton'0 v) + [%#span20] concat'0 self (singleton'0 v) function shallow_model'1 (self : borrowed (Vec'0.t_vec int32 (Global'0.t_global))) : Seq'0.t_seq int32 = - [%#span29] shallow_model'0 ( * self) + [%#span21] shallow_model'0 ( * self) - let rec push'0 (self:borrowed (Vec'0.t_vec int32 (Global'0.t_global))) (value:int32) (return' (ret:()))= {[@expl:precondition] [%#span31] inv'2 value} - {[@expl:precondition] [%#span30] inv'1 self} + let rec push'0 (self:borrowed (Vec'0.t_vec int32 (Global'0.t_global))) (value:int32) (return' (ret:()))= {[@expl:precondition] [%#span23] inv'2 value} + {[@expl:precondition] [%#span22] inv'1 self} any - [ return' (result:())-> {[%#span32] shallow_model'0 ( ^ self) = push'1 (shallow_model'1 self) value} + [ return' (result:())-> {[%#span24] shallow_model'0 ( ^ self) = push'1 (shallow_model'1 self) value} (! return' {result}) ] let rec new'0 (_1:()) (return' (ret:Vec'0.t_vec int32 (Global'0.t_global)))= any - [ return' (result:Vec'0.t_vec int32 (Global'0.t_global))-> {[%#span34] inv'0 result} - {[%#span33] len'0 (shallow_model'0 result) = 0} + [ return' (result:Vec'0.t_vec int32 (Global'0.t_global))-> {[%#span26] inv'0 result} + {[%#span25] len'0 (shallow_model'0 result) = 0} (! return' {result}) ] @@ -555,137 +509,123 @@ module IndexRange_TestRange let%span span73 = "" 0 0 0 0 - let%span span74 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span74 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span75 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span75 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span76 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span76 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span77 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span77 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span78 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span78 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span79 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span79 = "../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 - let%span span80 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span80 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span81 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span81 = "../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 - let%span span82 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span82 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span83 = "../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 + let%span span83 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span84 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span84 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span85 = "../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 + let%span span85 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 - let%span span86 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span86 = "" 0 0 0 0 - let%span span87 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span87 = "" 0 0 0 0 - let%span span88 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span88 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 - let%span span89 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 + let%span span89 = "" 0 0 0 0 let%span span90 = "" 0 0 0 0 - let%span span91 = "" 0 0 0 0 + let%span span91 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 - let%span span92 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 + let%span span92 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span93 = "" 0 0 0 0 + let%span span93 = "../../../../creusot-contracts/src/std/slice.rs" 134 8 137 9 - let%span span94 = "" 0 0 0 0 + let%span span94 = "../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span95 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 + let%span span95 = "../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span96 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span96 = "../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span span97 = "../../../../creusot-contracts/src/std/slice.rs" 134 8 137 9 + let%span span97 = "../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span span98 = "../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 + let%span span98 = "../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span span99 = "../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span99 = "../../../../creusot-contracts/src/std/slice.rs" 128 20 128 67 - let%span span100 = "../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span100 = "../../../../creusot-contracts/src/std/slice.rs" 122 20 122 70 - let%span span101 = "../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 + let%span span101 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span102 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 + let%span span102 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 - let%span span103 = "../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 + let%span span103 = "" 0 0 0 0 - let%span span104 = "../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 + let%span span104 = "" 0 0 0 0 - let%span span105 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 + let%span span105 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 - let%span span106 = "../../../../creusot-contracts/src/std/slice.rs" 128 20 128 67 + let%span span106 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 - let%span span107 = "../../../../creusot-contracts/src/std/slice.rs" 122 20 122 70 + let%span span107 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 - let%span span108 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span108 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 - let%span span109 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 + let%span span109 = "" 0 0 0 0 let%span span110 = "" 0 0 0 0 - let%span span111 = "" 0 0 0 0 + let%span span111 = "../../../../creusot-contracts/src/std/option.rs" 38 26 38 51 - let%span span112 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 + let%span span112 = "" 0 0 0 0 - let%span span113 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 + let%span span113 = "" 0 0 0 0 - let%span span114 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 + let%span span114 = "../../../../creusot-contracts/src/std/slice.rs" 240 8 240 102 - let%span span115 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 + let%span span115 = "../../../../creusot-contracts/src/std/slice.rs" 241 18 241 55 let%span span116 = "" 0 0 0 0 let%span span117 = "" 0 0 0 0 - let%span span118 = "../../../../creusot-contracts/src/std/option.rs" 38 26 38 51 + let%span span118 = "../../../../creusot-contracts/src/std/vec.rs" 163 26 163 42 let%span span119 = "" 0 0 0 0 let%span span120 = "" 0 0 0 0 - let%span span121 = "../../../../creusot-contracts/src/std/slice.rs" 240 8 240 102 - - let%span span122 = "../../../../creusot-contracts/src/std/slice.rs" 241 18 241 55 - - let%span span123 = "" 0 0 0 0 + let%span span121 = "../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 - let%span span124 = "" 0 0 0 0 - - let%span span125 = "../../../../creusot-contracts/src/std/vec.rs" 163 26 163 42 - - let%span span126 = "" 0 0 0 0 - - let%span span127 = "" 0 0 0 0 - - let%span span128 = "../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 - - let%span span129 = "../index_range.rs" 7 4 12 22 + let%span span122 = "../index_range.rs" 7 4 12 22 use prelude.prelude.Int32 - use prelude.prelude.Slice + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'11 (self : slice int32) = + predicate invariant'11 (self : Seq'0.t_seq int32) = [%#span72] true - predicate inv'11 (_x : slice int32) + predicate inv'11 (_x : Seq'0.t_seq int32) - axiom inv'11 : forall x : slice int32 . inv'11 x = true + axiom inv'11 : forall x : Seq'0.t_seq int32 . inv'11 x = true - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + use prelude.prelude.Slice - predicate invariant'10 (self : Seq'0.t_seq int32) = + predicate invariant'10 (self : slice int32) = [%#span72] true - predicate inv'10 (_x : Seq'0.t_seq int32) + predicate inv'10 (_x : slice int32) - axiom inv'10 : forall x : Seq'0.t_seq int32 . inv'10 x = true + axiom inv'10 : forall x : slice int32 . inv'10 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -699,24 +639,19 @@ module IndexRange_TestRange constant max'0 : usize = [%#span73] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'2 (self : Seq'0.t_seq int32) : int - axiom len'2_spec : forall self : Seq'0.t_seq int32 . ([%#span74] inv'10 self) -> ([%#span75] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq int32 . [%#span74] len'2 self >= 0 predicate inv'9 (_x : Vec'0.t_vec int32 (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec int32 (Global'0.t_global)) : Seq'0.t_seq int32 - axiom shallow_model'0_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span76] inv'9 self) - -> ([%#span78] inv'10 (shallow_model'0 self)) - && ([%#span77] len'2 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span75] inv'9 self) + -> ([%#span76] len'2 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'9 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span79] inv'10 (shallow_model'0 self) + [%#span77] inv'11 (shallow_model'0 self) axiom inv'9 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'9 x = true @@ -789,147 +724,139 @@ module IndexRange_TestRange axiom inv'0 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'0 x = true - constant empty'0 : Seq'0.t_seq int32 = [%#span80] () + constant empty'0 : Seq'0.t_seq int32 - function empty_len'0 (_1 : ()) : () = - [%#span82] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span81] len'2 (empty'0 : Seq'0.t_seq int32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span78] len'2 (empty'0 : Seq'0.t_seq int32) = 0 use prelude.prelude.Intrinsic predicate resolve'2 (self : int32) = - [%#span83] true + [%#span79] true - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq int32) (x : int) : int32 + function index_logic'1 (self : Seq'0.t_seq int32) (_2 : int) : int32 function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec int32 (Global'0.t_global)) (ix : int) : int32 = - [%#span84] index_logic'1 (shallow_model'0 self) ix + [%#span80] index_logic'1 (shallow_model'0 self) ix predicate resolve'1 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span85] forall i : int . 0 <= i /\ i < len'2 (shallow_model'0 self) -> resolve'2 (index_logic'0 self i) + [%#span81] forall i : int . 0 <= i /\ i < len'2 (shallow_model'0 self) -> resolve'2 (index_logic'0 self i) predicate has_value'1 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq int32) (out : int32) = - [%#span86] index_logic'1 seq (UIntSize.to_int self) = out + [%#span82] index_logic'1 seq (UIntSize.to_int self) = out predicate in_bounds'1 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq int32) = - [%#span87] UIntSize.to_int self < len'2 seq + [%#span83] UIntSize.to_int self < len'2 seq function shallow_model'1 (self : Vec'0.t_vec int32 (Global'0.t_global)) : Seq'0.t_seq int32 = - [%#span88] shallow_model'0 self + [%#span84] shallow_model'0 self - let rec index'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (index:usize) (return' (ret:int32))= {[@expl:precondition] [%#span91] inv'7 index} - {[@expl:precondition] [%#span90] inv'0 self} - {[@expl:precondition] [%#span89] in_bounds'1 index (shallow_model'1 self)} + let rec index'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (index:usize) (return' (ret:int32))= {[@expl:precondition] [%#span87] inv'7 index} + {[@expl:precondition] [%#span86] inv'0 self} + {[@expl:precondition] [%#span85] in_bounds'1 index (shallow_model'1 self)} any - [ return' (result:int32)-> {[%#span93] inv'8 result} - {[%#span92] has_value'1 index (shallow_model'1 self) result} + [ return' (result:int32)-> {[%#span89] inv'8 result} + {[%#span88] has_value'1 index (shallow_model'1 self) result} (! return' {result}) ] - let rec len'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span94] inv'0 self} + let rec len'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span90] inv'0 self} any - [ return' (result:usize)-> {[%#span95] UIntSize.to_int result = len'2 (shallow_model'1 self)} (! return' {result}) ] + [ return' (result:usize)-> {[%#span91] UIntSize.to_int result = len'2 (shallow_model'1 self)} (! return' {result}) ] predicate resolve'0 (self : borrowed (slice int32)) = - [%#span96] ^ self = * self + [%#span92] ^ self = * self use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type predicate resolve_elswhere'0 (self : Range'0.t_range usize) (old' : Seq'0.t_seq int32) (fin : Seq'0.t_seq int32) = - [%#span97] forall i : int . 0 <= i + [%#span93] forall i : int . 0 <= i /\ (i < UIntSize.to_int (Core_Ops_Range_Range_Type.range_start self) \/ UIntSize.to_int (Core_Ops_Range_Range_Type.range_end self) <= i) /\ i < len'2 old' -> index_logic'1 old' i = index_logic'1 fin i function shallow_model'4 (self : slice int32) : Seq'0.t_seq int32 - axiom shallow_model'4_spec : forall self : slice int32 . ([%#span98] inv'11 self) - -> ([%#span100] inv'10 (shallow_model'4 self)) - && ([%#span99] len'2 (shallow_model'4 self) <= UIntSize.to_int (max'0 : usize)) - - use prelude.seq_ext.SeqExt + axiom shallow_model'4_spec : forall self : slice int32 . ([%#span94] inv'10 self) + -> ([%#span95] len'2 (shallow_model'4 self) <= UIntSize.to_int (max'0 : usize)) function subsequence'0 (self : Seq'0.t_seq int32) (n : int) (m : int) : Seq'0.t_seq int32 - axiom subsequence'0_spec : forall self : Seq'0.t_seq int32, n : int, m : int . ([%#span101] 0 <= n + axiom subsequence'0_spec : forall self : Seq'0.t_seq int32, n : int, m : int . ([%#span96] 0 <= n /\ n <= m /\ m <= len'2 self) - -> ([%#span102] inv'10 self) - -> ([%#span105] inv'10 (subsequence'0 self n m)) - && ([%#span104] forall i : int . 0 <= i /\ i < len'2 (subsequence'0 self n m) + -> ([%#span98] forall i : int . 0 <= i /\ i < len'2 (subsequence'0 self n m) -> index_logic'1 (subsequence'0 self n m) i = index_logic'1 self (n + i)) - && ([%#span103] len'2 (subsequence'0 self n m) = m - n) + && ([%#span97] len'2 (subsequence'0 self n m) = m - n) predicate has_value'0 (self : Range'0.t_range usize) (seq : Seq'0.t_seq int32) (out : slice int32) = - [%#span106] subsequence'0 seq (UIntSize.to_int (Core_Ops_Range_Range_Type.range_start self)) (UIntSize.to_int (Core_Ops_Range_Range_Type.range_end self)) + [%#span99] subsequence'0 seq (UIntSize.to_int (Core_Ops_Range_Range_Type.range_start self)) (UIntSize.to_int (Core_Ops_Range_Range_Type.range_end self)) = shallow_model'4 out predicate in_bounds'0 (self : Range'0.t_range usize) (seq : Seq'0.t_seq int32) = - [%#span107] UIntSize.to_int (Core_Ops_Range_Range_Type.range_start self) + [%#span100] UIntSize.to_int (Core_Ops_Range_Range_Type.range_start self) <= UIntSize.to_int (Core_Ops_Range_Range_Type.range_end self) /\ UIntSize.to_int (Core_Ops_Range_Range_Type.range_end self) <= len'2 seq function shallow_model'3 (self : borrowed (Vec'0.t_vec int32 (Global'0.t_global))) : Seq'0.t_seq int32 = - [%#span108] shallow_model'0 ( * self) + [%#span101] shallow_model'0 ( * self) - let rec index_mut'0 (self:borrowed (Vec'0.t_vec int32 (Global'0.t_global))) (index:Range'0.t_range usize) (return' (ret:borrowed (slice int32)))= {[@expl:precondition] [%#span111] inv'1 index} - {[@expl:precondition] [%#span110] inv'5 self} - {[@expl:precondition] [%#span109] in_bounds'0 index (shallow_model'3 self)} + let rec index_mut'0 (self:borrowed (Vec'0.t_vec int32 (Global'0.t_global))) (index:Range'0.t_range usize) (return' (ret:borrowed (slice int32)))= {[@expl:precondition] [%#span104] inv'1 index} + {[@expl:precondition] [%#span103] inv'5 self} + {[@expl:precondition] [%#span102] in_bounds'0 index (shallow_model'3 self)} any - [ return' (result:borrowed (slice int32))-> {[%#span116] inv'6 result} - {[%#span115] len'2 (shallow_model'0 ( ^ self)) = len'2 (shallow_model'3 self)} - {[%#span114] resolve_elswhere'0 index (shallow_model'3 self) (shallow_model'0 ( ^ self))} - {[%#span113] has_value'0 index (shallow_model'0 ( ^ self)) ( ^ result)} - {[%#span112] has_value'0 index (shallow_model'3 self) ( * result)} + [ return' (result:borrowed (slice int32))-> {[%#span109] inv'6 result} + {[%#span108] len'2 (shallow_model'0 ( ^ self)) = len'2 (shallow_model'3 self)} + {[%#span107] resolve_elswhere'0 index (shallow_model'3 self) (shallow_model'0 ( ^ self))} + {[%#span106] has_value'0 index (shallow_model'0 ( ^ self)) ( ^ result)} + {[%#span105] has_value'0 index (shallow_model'3 self) ( * result)} (! return' {result}) ] - let rec is_none'0 (self:Option'0.t_option (slice int32)) (return' (ret:bool))= {[@expl:precondition] [%#span117] inv'4 self} - any [ return' (result:bool)-> {[%#span118] result = (self = Option'0.C_None)} (! return' {result}) ] + let rec is_none'0 (self:Option'0.t_option (slice int32)) (return' (ret:bool))= {[@expl:precondition] [%#span110] inv'4 self} + any [ return' (result:bool)-> {[%#span111] result = (self = Option'0.C_None)} (! return' {result}) ] function shallow_model'2 (self : slice int32) : Seq'0.t_seq int32 = - [%#span88] shallow_model'4 self + [%#span84] shallow_model'4 self - let rec get'0 (self:slice int32) (index:Range'0.t_range usize) (return' (ret:Option'0.t_option (slice int32)))= {[@expl:precondition] [%#span120] inv'1 index} - {[@expl:precondition] [%#span119] inv'2 self} + let rec get'0 (self:slice int32) (index:Range'0.t_range usize) (return' (ret:Option'0.t_option (slice int32)))= {[@expl:precondition] [%#span113] inv'1 index} + {[@expl:precondition] [%#span112] inv'2 self} any - [ return' (result:Option'0.t_option (slice int32))-> {[%#span123] inv'3 result} - {[%#span122] in_bounds'0 index (shallow_model'2 self) \/ result = Option'0.C_None} - {[%#span121] in_bounds'0 index (shallow_model'2 self) + [ return' (result:Option'0.t_option (slice int32))-> {[%#span116] inv'3 result} + {[%#span115] in_bounds'0 index (shallow_model'2 self) \/ result = Option'0.C_None} + {[%#span114] in_bounds'0 index (shallow_model'2 self) -> (exists r : slice int32 . inv'2 r /\ result = Option'0.C_Some r /\ has_value'0 index (shallow_model'2 self) r)} (! return' {result}) ] - let rec deref'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:slice int32))= {[@expl:precondition] [%#span124] inv'0 self} + let rec deref'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:slice int32))= {[@expl:precondition] [%#span117] inv'0 self} any - [ return' (result:slice int32)-> {[%#span126] inv'2 result} - {[%#span125] shallow_model'2 result = shallow_model'1 self} + [ return' (result:slice int32)-> {[%#span119] inv'2 result} + {[%#span118] shallow_model'2 result = shallow_model'1 self} (! return' {result}) ] - let rec len'0 (self:slice int32) (return' (ret:usize))= {[@expl:precondition] [%#span127] inv'2 self} + let rec len'0 (self:slice int32) (return' (ret:usize))= {[@expl:precondition] [%#span120] inv'2 self} any - [ return' (result:usize)-> {[%#span128] len'2 (shallow_model'2 self) = UIntSize.to_int result} + [ return' (result:usize)-> {[%#span121] len'2 (shallow_model'2 self) = UIntSize.to_int result} (! return' {result}) ] - let rec index'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (index:Range'0.t_range usize) (return' (ret:slice int32))= {[@expl:precondition] [%#span91] inv'1 index} - {[@expl:precondition] [%#span90] inv'0 self} - {[@expl:precondition] [%#span89] in_bounds'0 index (shallow_model'1 self)} + let rec index'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (index:Range'0.t_range usize) (return' (ret:slice int32))= {[@expl:precondition] [%#span87] inv'1 index} + {[@expl:precondition] [%#span86] inv'0 self} + {[@expl:precondition] [%#span85] in_bounds'0 index (shallow_model'1 self)} any - [ return' (result:slice int32)-> {[%#span93] inv'2 result} - {[%#span92] has_value'0 index (shallow_model'1 self) result} + [ return' (result:slice int32)-> {[%#span89] inv'2 result} + {[%#span88] has_value'0 index (shallow_model'1 self) result} (! return' {result}) ] use prelude.prelude.Int32 let rec create_arr'0 (_1:()) (return' (ret:Vec'0.t_vec int32 (Global'0.t_global)))= any - [ return' (result:Vec'0.t_vec int32 (Global'0.t_global))-> {[%#span129] len'2 (shallow_model'0 result) = 5 + [ return' (result:Vec'0.t_vec int32 (Global'0.t_global))-> {[%#span122] len'2 (shallow_model'0 result) = 5 /\ Int32.to_int (index_logic'0 result 0) = 0 /\ Int32.to_int (index_logic'0 result 1) = 1 /\ Int32.to_int (index_logic'0 result 2) = 2 @@ -1391,137 +1318,123 @@ module IndexRange_TestRangeTo let%span span46 = "" 0 0 0 0 - let%span span47 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span47 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span48 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span48 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span49 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span49 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span50 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span50 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span51 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span51 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span52 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span52 = "../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 - let%span span53 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span53 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span54 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span54 = "../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 - let%span span55 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span55 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span56 = "../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 + let%span span56 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span57 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span57 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span58 = "../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 + let%span span58 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 - let%span span59 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span59 = "" 0 0 0 0 - let%span span60 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span60 = "" 0 0 0 0 - let%span span61 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span61 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 - let%span span62 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 + let%span span62 = "" 0 0 0 0 let%span span63 = "" 0 0 0 0 - let%span span64 = "" 0 0 0 0 + let%span span64 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 - let%span span65 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 + let%span span65 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span66 = "" 0 0 0 0 + let%span span66 = "../../../../creusot-contracts/src/std/slice.rs" 157 8 157 90 - let%span span67 = "" 0 0 0 0 + let%span span67 = "../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span68 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 + let%span span68 = "../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span69 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span69 = "../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span span70 = "../../../../creusot-contracts/src/std/slice.rs" 157 8 157 90 + let%span span70 = "../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span span71 = "../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 + let%span span71 = "../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span span72 = "../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span72 = "../../../../creusot-contracts/src/std/slice.rs" 151 20 151 57 - let%span span73 = "../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span73 = "../../../../creusot-contracts/src/std/slice.rs" 145 20 145 42 - let%span span74 = "../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 + let%span span74 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span75 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 + let%span span75 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 - let%span span76 = "../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 + let%span span76 = "" 0 0 0 0 - let%span span77 = "../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 + let%span span77 = "" 0 0 0 0 - let%span span78 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 + let%span span78 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 - let%span span79 = "../../../../creusot-contracts/src/std/slice.rs" 151 20 151 57 + let%span span79 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 - let%span span80 = "../../../../creusot-contracts/src/std/slice.rs" 145 20 145 42 + let%span span80 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 - let%span span81 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span81 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 - let%span span82 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 + let%span span82 = "" 0 0 0 0 let%span span83 = "" 0 0 0 0 - let%span span84 = "" 0 0 0 0 + let%span span84 = "../../../../creusot-contracts/src/std/option.rs" 38 26 38 51 - let%span span85 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 + let%span span85 = "" 0 0 0 0 - let%span span86 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 + let%span span86 = "" 0 0 0 0 - let%span span87 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 + let%span span87 = "../../../../creusot-contracts/src/std/slice.rs" 240 8 240 102 - let%span span88 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 + let%span span88 = "../../../../creusot-contracts/src/std/slice.rs" 241 18 241 55 let%span span89 = "" 0 0 0 0 let%span span90 = "" 0 0 0 0 - let%span span91 = "../../../../creusot-contracts/src/std/option.rs" 38 26 38 51 + let%span span91 = "../../../../creusot-contracts/src/std/vec.rs" 163 26 163 42 let%span span92 = "" 0 0 0 0 let%span span93 = "" 0 0 0 0 - let%span span94 = "../../../../creusot-contracts/src/std/slice.rs" 240 8 240 102 - - let%span span95 = "../../../../creusot-contracts/src/std/slice.rs" 241 18 241 55 - - let%span span96 = "" 0 0 0 0 - - let%span span97 = "" 0 0 0 0 - - let%span span98 = "../../../../creusot-contracts/src/std/vec.rs" 163 26 163 42 - - let%span span99 = "" 0 0 0 0 - - let%span span100 = "" 0 0 0 0 + let%span span94 = "../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 - let%span span101 = "../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 - - let%span span102 = "../index_range.rs" 7 4 12 22 + let%span span95 = "../index_range.rs" 7 4 12 22 use prelude.prelude.Int32 - use prelude.prelude.Slice + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'11 (self : slice int32) = + predicate invariant'11 (self : Seq'0.t_seq int32) = [%#span45] true - predicate inv'11 (_x : slice int32) + predicate inv'11 (_x : Seq'0.t_seq int32) - axiom inv'11 : forall x : slice int32 . inv'11 x = true + axiom inv'11 : forall x : Seq'0.t_seq int32 . inv'11 x = true - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + use prelude.prelude.Slice - predicate invariant'10 (self : Seq'0.t_seq int32) = + predicate invariant'10 (self : slice int32) = [%#span45] true - predicate inv'10 (_x : Seq'0.t_seq int32) + predicate inv'10 (_x : slice int32) - axiom inv'10 : forall x : Seq'0.t_seq int32 . inv'10 x = true + axiom inv'10 : forall x : slice int32 . inv'10 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -1535,24 +1448,19 @@ module IndexRange_TestRangeTo constant max'0 : usize = [%#span46] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'2 (self : Seq'0.t_seq int32) : int - axiom len'2_spec : forall self : Seq'0.t_seq int32 . ([%#span47] inv'10 self) -> ([%#span48] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq int32 . [%#span47] len'2 self >= 0 predicate inv'9 (_x : Vec'0.t_vec int32 (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec int32 (Global'0.t_global)) : Seq'0.t_seq int32 - axiom shallow_model'0_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span49] inv'9 self) - -> ([%#span51] inv'10 (shallow_model'0 self)) - && ([%#span50] len'2 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span48] inv'9 self) + -> ([%#span49] len'2 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'9 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span52] inv'10 (shallow_model'0 self) + [%#span50] inv'11 (shallow_model'0 self) axiom inv'9 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'9 x = true @@ -1625,143 +1533,134 @@ module IndexRange_TestRangeTo axiom inv'0 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'0 x = true - constant empty'0 : Seq'0.t_seq int32 = [%#span53] () + constant empty'0 : Seq'0.t_seq int32 - function empty_len'0 (_1 : ()) : () = - [%#span55] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span54] len'2 (empty'0 : Seq'0.t_seq int32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span51] len'2 (empty'0 : Seq'0.t_seq int32) = 0 use prelude.prelude.Intrinsic predicate resolve'2 (self : int32) = - [%#span56] true - - use seq.Seq + [%#span52] true - function index_logic'1 (self : Seq'0.t_seq int32) (x : int) : int32 + function index_logic'1 (self : Seq'0.t_seq int32) (_2 : int) : int32 function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec int32 (Global'0.t_global)) (ix : int) : int32 = - [%#span57] index_logic'1 (shallow_model'0 self) ix + [%#span53] index_logic'1 (shallow_model'0 self) ix predicate resolve'1 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span58] forall i : int . 0 <= i /\ i < len'2 (shallow_model'0 self) -> resolve'2 (index_logic'0 self i) + [%#span54] forall i : int . 0 <= i /\ i < len'2 (shallow_model'0 self) -> resolve'2 (index_logic'0 self i) predicate has_value'1 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq int32) (out : int32) = - [%#span59] index_logic'1 seq (UIntSize.to_int self) = out + [%#span55] index_logic'1 seq (UIntSize.to_int self) = out predicate in_bounds'1 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq int32) = - [%#span60] UIntSize.to_int self < len'2 seq + [%#span56] UIntSize.to_int self < len'2 seq function shallow_model'1 (self : Vec'0.t_vec int32 (Global'0.t_global)) : Seq'0.t_seq int32 = - [%#span61] shallow_model'0 self + [%#span57] shallow_model'0 self - let rec index'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (index:usize) (return' (ret:int32))= {[@expl:precondition] [%#span64] inv'7 index} - {[@expl:precondition] [%#span63] inv'0 self} - {[@expl:precondition] [%#span62] in_bounds'1 index (shallow_model'1 self)} + let rec index'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (index:usize) (return' (ret:int32))= {[@expl:precondition] [%#span60] inv'7 index} + {[@expl:precondition] [%#span59] inv'0 self} + {[@expl:precondition] [%#span58] in_bounds'1 index (shallow_model'1 self)} any - [ return' (result:int32)-> {[%#span66] inv'8 result} - {[%#span65] has_value'1 index (shallow_model'1 self) result} + [ return' (result:int32)-> {[%#span62] inv'8 result} + {[%#span61] has_value'1 index (shallow_model'1 self) result} (! return' {result}) ] - let rec len'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span67] inv'0 self} + let rec len'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span63] inv'0 self} any - [ return' (result:usize)-> {[%#span68] UIntSize.to_int result = len'2 (shallow_model'1 self)} (! return' {result}) ] + [ return' (result:usize)-> {[%#span64] UIntSize.to_int result = len'2 (shallow_model'1 self)} (! return' {result}) ] predicate resolve'0 (self : borrowed (slice int32)) = - [%#span69] ^ self = * self + [%#span65] ^ self = * self use Core_Ops_Range_RangeTo_Type as Core_Ops_Range_RangeTo_Type predicate resolve_elswhere'0 (self : RangeTo'0.t_rangeto usize) (old' : Seq'0.t_seq int32) (fin : Seq'0.t_seq int32) = - [%#span70] forall i : int . UIntSize.to_int (Core_Ops_Range_RangeTo_Type.rangeto_end self) <= i /\ i < len'2 old' + [%#span66] forall i : int . UIntSize.to_int (Core_Ops_Range_RangeTo_Type.rangeto_end self) <= i /\ i < len'2 old' -> index_logic'1 old' i = index_logic'1 fin i function shallow_model'4 (self : slice int32) : Seq'0.t_seq int32 - axiom shallow_model'4_spec : forall self : slice int32 . ([%#span71] inv'11 self) - -> ([%#span73] inv'10 (shallow_model'4 self)) - && ([%#span72] len'2 (shallow_model'4 self) <= UIntSize.to_int (max'0 : usize)) - - use prelude.seq_ext.SeqExt + axiom shallow_model'4_spec : forall self : slice int32 . ([%#span67] inv'10 self) + -> ([%#span68] len'2 (shallow_model'4 self) <= UIntSize.to_int (max'0 : usize)) function subsequence'0 (self : Seq'0.t_seq int32) (n : int) (m : int) : Seq'0.t_seq int32 - axiom subsequence'0_spec : forall self : Seq'0.t_seq int32, n : int, m : int . ([%#span74] 0 <= n + axiom subsequence'0_spec : forall self : Seq'0.t_seq int32, n : int, m : int . ([%#span69] 0 <= n /\ n <= m /\ m <= len'2 self) - -> ([%#span75] inv'10 self) - -> ([%#span78] inv'10 (subsequence'0 self n m)) - && ([%#span77] forall i : int . 0 <= i /\ i < len'2 (subsequence'0 self n m) + -> ([%#span71] forall i : int . 0 <= i /\ i < len'2 (subsequence'0 self n m) -> index_logic'1 (subsequence'0 self n m) i = index_logic'1 self (n + i)) - && ([%#span76] len'2 (subsequence'0 self n m) = m - n) + && ([%#span70] len'2 (subsequence'0 self n m) = m - n) predicate has_value'0 (self : RangeTo'0.t_rangeto usize) (seq : Seq'0.t_seq int32) (out : slice int32) = - [%#span79] subsequence'0 seq 0 (UIntSize.to_int (Core_Ops_Range_RangeTo_Type.rangeto_end self)) + [%#span72] subsequence'0 seq 0 (UIntSize.to_int (Core_Ops_Range_RangeTo_Type.rangeto_end self)) = shallow_model'4 out predicate in_bounds'0 (self : RangeTo'0.t_rangeto usize) (seq : Seq'0.t_seq int32) = - [%#span80] UIntSize.to_int (Core_Ops_Range_RangeTo_Type.rangeto_end self) <= len'2 seq + [%#span73] UIntSize.to_int (Core_Ops_Range_RangeTo_Type.rangeto_end self) <= len'2 seq function shallow_model'3 (self : borrowed (Vec'0.t_vec int32 (Global'0.t_global))) : Seq'0.t_seq int32 = - [%#span81] shallow_model'0 ( * self) + [%#span74] shallow_model'0 ( * self) - let rec index_mut'0 (self:borrowed (Vec'0.t_vec int32 (Global'0.t_global))) (index:RangeTo'0.t_rangeto usize) (return' (ret:borrowed (slice int32)))= {[@expl:precondition] [%#span84] inv'1 index} - {[@expl:precondition] [%#span83] inv'5 self} - {[@expl:precondition] [%#span82] in_bounds'0 index (shallow_model'3 self)} + let rec index_mut'0 (self:borrowed (Vec'0.t_vec int32 (Global'0.t_global))) (index:RangeTo'0.t_rangeto usize) (return' (ret:borrowed (slice int32)))= {[@expl:precondition] [%#span77] inv'1 index} + {[@expl:precondition] [%#span76] inv'5 self} + {[@expl:precondition] [%#span75] in_bounds'0 index (shallow_model'3 self)} any - [ return' (result:borrowed (slice int32))-> {[%#span89] inv'6 result} - {[%#span88] len'2 (shallow_model'0 ( ^ self)) = len'2 (shallow_model'3 self)} - {[%#span87] resolve_elswhere'0 index (shallow_model'3 self) (shallow_model'0 ( ^ self))} - {[%#span86] has_value'0 index (shallow_model'0 ( ^ self)) ( ^ result)} - {[%#span85] has_value'0 index (shallow_model'3 self) ( * result)} + [ return' (result:borrowed (slice int32))-> {[%#span82] inv'6 result} + {[%#span81] len'2 (shallow_model'0 ( ^ self)) = len'2 (shallow_model'3 self)} + {[%#span80] resolve_elswhere'0 index (shallow_model'3 self) (shallow_model'0 ( ^ self))} + {[%#span79] has_value'0 index (shallow_model'0 ( ^ self)) ( ^ result)} + {[%#span78] has_value'0 index (shallow_model'3 self) ( * result)} (! return' {result}) ] - let rec is_none'0 (self:Option'0.t_option (slice int32)) (return' (ret:bool))= {[@expl:precondition] [%#span90] inv'4 self} - any [ return' (result:bool)-> {[%#span91] result = (self = Option'0.C_None)} (! return' {result}) ] + let rec is_none'0 (self:Option'0.t_option (slice int32)) (return' (ret:bool))= {[@expl:precondition] [%#span83] inv'4 self} + any [ return' (result:bool)-> {[%#span84] result = (self = Option'0.C_None)} (! return' {result}) ] function shallow_model'2 (self : slice int32) : Seq'0.t_seq int32 = - [%#span61] shallow_model'4 self + [%#span57] shallow_model'4 self - let rec get'0 (self:slice int32) (index:RangeTo'0.t_rangeto usize) (return' (ret:Option'0.t_option (slice int32)))= {[@expl:precondition] [%#span93] inv'1 index} - {[@expl:precondition] [%#span92] inv'2 self} + let rec get'0 (self:slice int32) (index:RangeTo'0.t_rangeto usize) (return' (ret:Option'0.t_option (slice int32)))= {[@expl:precondition] [%#span86] inv'1 index} + {[@expl:precondition] [%#span85] inv'2 self} any - [ return' (result:Option'0.t_option (slice int32))-> {[%#span96] inv'3 result} - {[%#span95] in_bounds'0 index (shallow_model'2 self) \/ result = Option'0.C_None} - {[%#span94] in_bounds'0 index (shallow_model'2 self) + [ return' (result:Option'0.t_option (slice int32))-> {[%#span89] inv'3 result} + {[%#span88] in_bounds'0 index (shallow_model'2 self) \/ result = Option'0.C_None} + {[%#span87] in_bounds'0 index (shallow_model'2 self) -> (exists r : slice int32 . inv'2 r /\ result = Option'0.C_Some r /\ has_value'0 index (shallow_model'2 self) r)} (! return' {result}) ] - let rec deref'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:slice int32))= {[@expl:precondition] [%#span97] inv'0 self} + let rec deref'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:slice int32))= {[@expl:precondition] [%#span90] inv'0 self} any - [ return' (result:slice int32)-> {[%#span99] inv'2 result} - {[%#span98] shallow_model'2 result = shallow_model'1 self} + [ return' (result:slice int32)-> {[%#span92] inv'2 result} + {[%#span91] shallow_model'2 result = shallow_model'1 self} (! return' {result}) ] - let rec len'0 (self:slice int32) (return' (ret:usize))= {[@expl:precondition] [%#span100] inv'2 self} + let rec len'0 (self:slice int32) (return' (ret:usize))= {[@expl:precondition] [%#span93] inv'2 self} any - [ return' (result:usize)-> {[%#span101] len'2 (shallow_model'2 self) = UIntSize.to_int result} - (! return' {result}) ] + [ return' (result:usize)-> {[%#span94] len'2 (shallow_model'2 self) = UIntSize.to_int result} (! return' {result}) ] - let rec index'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (index:RangeTo'0.t_rangeto usize) (return' (ret:slice int32))= {[@expl:precondition] [%#span64] inv'1 index} - {[@expl:precondition] [%#span63] inv'0 self} - {[@expl:precondition] [%#span62] in_bounds'0 index (shallow_model'1 self)} + let rec index'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (index:RangeTo'0.t_rangeto usize) (return' (ret:slice int32))= {[@expl:precondition] [%#span60] inv'1 index} + {[@expl:precondition] [%#span59] inv'0 self} + {[@expl:precondition] [%#span58] in_bounds'0 index (shallow_model'1 self)} any - [ return' (result:slice int32)-> {[%#span66] inv'2 result} - {[%#span65] has_value'0 index (shallow_model'1 self) result} + [ return' (result:slice int32)-> {[%#span62] inv'2 result} + {[%#span61] has_value'0 index (shallow_model'1 self) result} (! return' {result}) ] use prelude.prelude.Int32 let rec create_arr'0 (_1:()) (return' (ret:Vec'0.t_vec int32 (Global'0.t_global)))= any - [ return' (result:Vec'0.t_vec int32 (Global'0.t_global))-> {[%#span102] len'2 (shallow_model'0 result) = 5 + [ return' (result:Vec'0.t_vec int32 (Global'0.t_global))-> {[%#span95] len'2 (shallow_model'0 result) = 5 /\ Int32.to_int (index_logic'0 result 0) = 0 /\ Int32.to_int (index_logic'0 result 1) = 1 /\ Int32.to_int (index_logic'0 result 2) = 2 @@ -2118,137 +2017,123 @@ module IndexRange_TestRangeFrom let%span span48 = "" 0 0 0 0 - let%span span49 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span49 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span50 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span50 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span51 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span51 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span52 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span52 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span53 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span53 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span54 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span54 = "../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 - let%span span55 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span55 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span56 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span56 = "../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 - let%span span57 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span57 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span58 = "../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 + let%span span58 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span59 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span59 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span60 = "../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 + let%span span60 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 - let%span span61 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span61 = "" 0 0 0 0 - let%span span62 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span62 = "" 0 0 0 0 - let%span span63 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span63 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 - let%span span64 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 + let%span span64 = "" 0 0 0 0 let%span span65 = "" 0 0 0 0 - let%span span66 = "" 0 0 0 0 + let%span span66 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 - let%span span67 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 + let%span span67 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span68 = "" 0 0 0 0 + let%span span68 = "../../../../creusot-contracts/src/std/slice.rs" 177 8 179 9 - let%span span69 = "" 0 0 0 0 + let%span span69 = "../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span70 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 + let%span span70 = "../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span71 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span71 = "../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span span72 = "../../../../creusot-contracts/src/std/slice.rs" 177 8 179 9 + let%span span72 = "../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span span73 = "../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 + let%span span73 = "../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span span74 = "../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span74 = "../../../../creusot-contracts/src/std/slice.rs" 171 20 171 67 - let%span span75 = "../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span75 = "../../../../creusot-contracts/src/std/slice.rs" 165 20 165 44 - let%span span76 = "../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 + let%span span76 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span77 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 + let%span span77 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 - let%span span78 = "../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 + let%span span78 = "" 0 0 0 0 - let%span span79 = "../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 + let%span span79 = "" 0 0 0 0 - let%span span80 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 + let%span span80 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 - let%span span81 = "../../../../creusot-contracts/src/std/slice.rs" 171 20 171 67 + let%span span81 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 - let%span span82 = "../../../../creusot-contracts/src/std/slice.rs" 165 20 165 44 + let%span span82 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 - let%span span83 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span83 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 - let%span span84 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 + let%span span84 = "" 0 0 0 0 let%span span85 = "" 0 0 0 0 - let%span span86 = "" 0 0 0 0 + let%span span86 = "../../../../creusot-contracts/src/std/option.rs" 38 26 38 51 - let%span span87 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 + let%span span87 = "" 0 0 0 0 - let%span span88 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 + let%span span88 = "" 0 0 0 0 - let%span span89 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 + let%span span89 = "../../../../creusot-contracts/src/std/slice.rs" 240 8 240 102 - let%span span90 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 + let%span span90 = "../../../../creusot-contracts/src/std/slice.rs" 241 18 241 55 let%span span91 = "" 0 0 0 0 let%span span92 = "" 0 0 0 0 - let%span span93 = "../../../../creusot-contracts/src/std/option.rs" 38 26 38 51 + let%span span93 = "../../../../creusot-contracts/src/std/vec.rs" 163 26 163 42 let%span span94 = "" 0 0 0 0 let%span span95 = "" 0 0 0 0 - let%span span96 = "../../../../creusot-contracts/src/std/slice.rs" 240 8 240 102 - - let%span span97 = "../../../../creusot-contracts/src/std/slice.rs" 241 18 241 55 - - let%span span98 = "" 0 0 0 0 - - let%span span99 = "" 0 0 0 0 - - let%span span100 = "../../../../creusot-contracts/src/std/vec.rs" 163 26 163 42 - - let%span span101 = "" 0 0 0 0 - - let%span span102 = "" 0 0 0 0 + let%span span96 = "../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 - let%span span103 = "../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 - - let%span span104 = "../index_range.rs" 7 4 12 22 + let%span span97 = "../index_range.rs" 7 4 12 22 use prelude.prelude.Int32 - use prelude.prelude.Slice + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'11 (self : slice int32) = + predicate invariant'11 (self : Seq'0.t_seq int32) = [%#span47] true - predicate inv'11 (_x : slice int32) + predicate inv'11 (_x : Seq'0.t_seq int32) - axiom inv'11 : forall x : slice int32 . inv'11 x = true + axiom inv'11 : forall x : Seq'0.t_seq int32 . inv'11 x = true - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + use prelude.prelude.Slice - predicate invariant'10 (self : Seq'0.t_seq int32) = + predicate invariant'10 (self : slice int32) = [%#span47] true - predicate inv'10 (_x : Seq'0.t_seq int32) + predicate inv'10 (_x : slice int32) - axiom inv'10 : forall x : Seq'0.t_seq int32 . inv'10 x = true + axiom inv'10 : forall x : slice int32 . inv'10 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -2262,24 +2147,19 @@ module IndexRange_TestRangeFrom constant max'0 : usize = [%#span48] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'2 (self : Seq'0.t_seq int32) : int - axiom len'2_spec : forall self : Seq'0.t_seq int32 . ([%#span49] inv'10 self) -> ([%#span50] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq int32 . [%#span49] len'2 self >= 0 predicate inv'9 (_x : Vec'0.t_vec int32 (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec int32 (Global'0.t_global)) : Seq'0.t_seq int32 - axiom shallow_model'0_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span51] inv'9 self) - -> ([%#span53] inv'10 (shallow_model'0 self)) - && ([%#span52] len'2 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span50] inv'9 self) + -> ([%#span51] len'2 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'9 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span54] inv'10 (shallow_model'0 self) + [%#span52] inv'11 (shallow_model'0 self) axiom inv'9 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'9 x = true @@ -2352,146 +2232,137 @@ module IndexRange_TestRangeFrom axiom inv'0 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'0 x = true - constant empty'0 : Seq'0.t_seq int32 = [%#span55] () + constant empty'0 : Seq'0.t_seq int32 - function empty_len'0 (_1 : ()) : () = - [%#span57] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span56] len'2 (empty'0 : Seq'0.t_seq int32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span53] len'2 (empty'0 : Seq'0.t_seq int32) = 0 use prelude.prelude.Intrinsic predicate resolve'2 (self : int32) = - [%#span58] true - - use seq.Seq + [%#span54] true - function index_logic'1 (self : Seq'0.t_seq int32) (x : int) : int32 + function index_logic'1 (self : Seq'0.t_seq int32) (_2 : int) : int32 function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec int32 (Global'0.t_global)) (ix : int) : int32 = - [%#span59] index_logic'1 (shallow_model'0 self) ix + [%#span55] index_logic'1 (shallow_model'0 self) ix predicate resolve'1 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span60] forall i : int . 0 <= i /\ i < len'2 (shallow_model'0 self) -> resolve'2 (index_logic'0 self i) + [%#span56] forall i : int . 0 <= i /\ i < len'2 (shallow_model'0 self) -> resolve'2 (index_logic'0 self i) predicate has_value'1 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq int32) (out : int32) = - [%#span61] index_logic'1 seq (UIntSize.to_int self) = out + [%#span57] index_logic'1 seq (UIntSize.to_int self) = out predicate in_bounds'1 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq int32) = - [%#span62] UIntSize.to_int self < len'2 seq + [%#span58] UIntSize.to_int self < len'2 seq function shallow_model'1 (self : Vec'0.t_vec int32 (Global'0.t_global)) : Seq'0.t_seq int32 = - [%#span63] shallow_model'0 self + [%#span59] shallow_model'0 self - let rec index'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (index:usize) (return' (ret:int32))= {[@expl:precondition] [%#span66] inv'7 index} - {[@expl:precondition] [%#span65] inv'0 self} - {[@expl:precondition] [%#span64] in_bounds'1 index (shallow_model'1 self)} + let rec index'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (index:usize) (return' (ret:int32))= {[@expl:precondition] [%#span62] inv'7 index} + {[@expl:precondition] [%#span61] inv'0 self} + {[@expl:precondition] [%#span60] in_bounds'1 index (shallow_model'1 self)} any - [ return' (result:int32)-> {[%#span68] inv'8 result} - {[%#span67] has_value'1 index (shallow_model'1 self) result} + [ return' (result:int32)-> {[%#span64] inv'8 result} + {[%#span63] has_value'1 index (shallow_model'1 self) result} (! return' {result}) ] - let rec len'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span69] inv'0 self} + let rec len'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span65] inv'0 self} any - [ return' (result:usize)-> {[%#span70] UIntSize.to_int result = len'2 (shallow_model'1 self)} (! return' {result}) ] + [ return' (result:usize)-> {[%#span66] UIntSize.to_int result = len'2 (shallow_model'1 self)} (! return' {result}) ] predicate resolve'0 (self : borrowed (slice int32)) = - [%#span71] ^ self = * self + [%#span67] ^ self = * self use Core_Ops_Range_RangeFrom_Type as Core_Ops_Range_RangeFrom_Type predicate resolve_elswhere'0 (self : RangeFrom'0.t_rangefrom usize) (old' : Seq'0.t_seq int32) (fin : Seq'0.t_seq int32) = - [%#span72] forall i : int . 0 <= i + [%#span68] forall i : int . 0 <= i /\ i < UIntSize.to_int (Core_Ops_Range_RangeFrom_Type.rangefrom_start self) /\ i < len'2 old' -> index_logic'1 old' i = index_logic'1 fin i function shallow_model'4 (self : slice int32) : Seq'0.t_seq int32 - axiom shallow_model'4_spec : forall self : slice int32 . ([%#span73] inv'11 self) - -> ([%#span75] inv'10 (shallow_model'4 self)) - && ([%#span74] len'2 (shallow_model'4 self) <= UIntSize.to_int (max'0 : usize)) - - use prelude.seq_ext.SeqExt + axiom shallow_model'4_spec : forall self : slice int32 . ([%#span69] inv'10 self) + -> ([%#span70] len'2 (shallow_model'4 self) <= UIntSize.to_int (max'0 : usize)) function subsequence'0 (self : Seq'0.t_seq int32) (n : int) (m : int) : Seq'0.t_seq int32 - axiom subsequence'0_spec : forall self : Seq'0.t_seq int32, n : int, m : int . ([%#span76] 0 <= n + axiom subsequence'0_spec : forall self : Seq'0.t_seq int32, n : int, m : int . ([%#span71] 0 <= n /\ n <= m /\ m <= len'2 self) - -> ([%#span77] inv'10 self) - -> ([%#span80] inv'10 (subsequence'0 self n m)) - && ([%#span79] forall i : int . 0 <= i /\ i < len'2 (subsequence'0 self n m) + -> ([%#span73] forall i : int . 0 <= i /\ i < len'2 (subsequence'0 self n m) -> index_logic'1 (subsequence'0 self n m) i = index_logic'1 self (n + i)) - && ([%#span78] len'2 (subsequence'0 self n m) = m - n) + && ([%#span72] len'2 (subsequence'0 self n m) = m - n) predicate has_value'0 (self : RangeFrom'0.t_rangefrom usize) (seq : Seq'0.t_seq int32) (out : slice int32) = - [%#span81] subsequence'0 seq (UIntSize.to_int (Core_Ops_Range_RangeFrom_Type.rangefrom_start self)) (len'2 seq) + [%#span74] subsequence'0 seq (UIntSize.to_int (Core_Ops_Range_RangeFrom_Type.rangefrom_start self)) (len'2 seq) = shallow_model'4 out predicate in_bounds'0 (self : RangeFrom'0.t_rangefrom usize) (seq : Seq'0.t_seq int32) = - [%#span82] UIntSize.to_int (Core_Ops_Range_RangeFrom_Type.rangefrom_start self) <= len'2 seq + [%#span75] UIntSize.to_int (Core_Ops_Range_RangeFrom_Type.rangefrom_start self) <= len'2 seq function shallow_model'3 (self : borrowed (Vec'0.t_vec int32 (Global'0.t_global))) : Seq'0.t_seq int32 = - [%#span83] shallow_model'0 ( * self) + [%#span76] shallow_model'0 ( * self) - let rec index_mut'0 (self:borrowed (Vec'0.t_vec int32 (Global'0.t_global))) (index:RangeFrom'0.t_rangefrom usize) (return' (ret:borrowed (slice int32)))= {[@expl:precondition] [%#span86] inv'1 index} - {[@expl:precondition] [%#span85] inv'5 self} - {[@expl:precondition] [%#span84] in_bounds'0 index (shallow_model'3 self)} + let rec index_mut'0 (self:borrowed (Vec'0.t_vec int32 (Global'0.t_global))) (index:RangeFrom'0.t_rangefrom usize) (return' (ret:borrowed (slice int32)))= {[@expl:precondition] [%#span79] inv'1 index} + {[@expl:precondition] [%#span78] inv'5 self} + {[@expl:precondition] [%#span77] in_bounds'0 index (shallow_model'3 self)} any - [ return' (result:borrowed (slice int32))-> {[%#span91] inv'6 result} - {[%#span90] len'2 (shallow_model'0 ( ^ self)) = len'2 (shallow_model'3 self)} - {[%#span89] resolve_elswhere'0 index (shallow_model'3 self) (shallow_model'0 ( ^ self))} - {[%#span88] has_value'0 index (shallow_model'0 ( ^ self)) ( ^ result)} - {[%#span87] has_value'0 index (shallow_model'3 self) ( * result)} + [ return' (result:borrowed (slice int32))-> {[%#span84] inv'6 result} + {[%#span83] len'2 (shallow_model'0 ( ^ self)) = len'2 (shallow_model'3 self)} + {[%#span82] resolve_elswhere'0 index (shallow_model'3 self) (shallow_model'0 ( ^ self))} + {[%#span81] has_value'0 index (shallow_model'0 ( ^ self)) ( ^ result)} + {[%#span80] has_value'0 index (shallow_model'3 self) ( * result)} (! return' {result}) ] - let rec is_none'0 (self:Option'0.t_option (slice int32)) (return' (ret:bool))= {[@expl:precondition] [%#span92] inv'4 self} - any [ return' (result:bool)-> {[%#span93] result = (self = Option'0.C_None)} (! return' {result}) ] + let rec is_none'0 (self:Option'0.t_option (slice int32)) (return' (ret:bool))= {[@expl:precondition] [%#span85] inv'4 self} + any [ return' (result:bool)-> {[%#span86] result = (self = Option'0.C_None)} (! return' {result}) ] function shallow_model'2 (self : slice int32) : Seq'0.t_seq int32 = - [%#span63] shallow_model'4 self + [%#span59] shallow_model'4 self - let rec get'0 (self:slice int32) (index:RangeFrom'0.t_rangefrom usize) (return' (ret:Option'0.t_option (slice int32)))= {[@expl:precondition] [%#span95] inv'1 index} - {[@expl:precondition] [%#span94] inv'2 self} + let rec get'0 (self:slice int32) (index:RangeFrom'0.t_rangefrom usize) (return' (ret:Option'0.t_option (slice int32)))= {[@expl:precondition] [%#span88] inv'1 index} + {[@expl:precondition] [%#span87] inv'2 self} any - [ return' (result:Option'0.t_option (slice int32))-> {[%#span98] inv'3 result} - {[%#span97] in_bounds'0 index (shallow_model'2 self) \/ result = Option'0.C_None} - {[%#span96] in_bounds'0 index (shallow_model'2 self) + [ return' (result:Option'0.t_option (slice int32))-> {[%#span91] inv'3 result} + {[%#span90] in_bounds'0 index (shallow_model'2 self) \/ result = Option'0.C_None} + {[%#span89] in_bounds'0 index (shallow_model'2 self) -> (exists r : slice int32 . inv'2 r /\ result = Option'0.C_Some r /\ has_value'0 index (shallow_model'2 self) r)} (! return' {result}) ] - let rec deref'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:slice int32))= {[@expl:precondition] [%#span99] inv'0 self} + let rec deref'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:slice int32))= {[@expl:precondition] [%#span92] inv'0 self} any - [ return' (result:slice int32)-> {[%#span101] inv'2 result} - {[%#span100] shallow_model'2 result = shallow_model'1 self} + [ return' (result:slice int32)-> {[%#span94] inv'2 result} + {[%#span93] shallow_model'2 result = shallow_model'1 self} (! return' {result}) ] - let rec len'0 (self:slice int32) (return' (ret:usize))= {[@expl:precondition] [%#span102] inv'2 self} + let rec len'0 (self:slice int32) (return' (ret:usize))= {[@expl:precondition] [%#span95] inv'2 self} any - [ return' (result:usize)-> {[%#span103] len'2 (shallow_model'2 self) = UIntSize.to_int result} - (! return' {result}) ] + [ return' (result:usize)-> {[%#span96] len'2 (shallow_model'2 self) = UIntSize.to_int result} (! return' {result}) ] - let rec index'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (index:RangeFrom'0.t_rangefrom usize) (return' (ret:slice int32))= {[@expl:precondition] [%#span66] inv'1 index} - {[@expl:precondition] [%#span65] inv'0 self} - {[@expl:precondition] [%#span64] in_bounds'0 index (shallow_model'1 self)} + let rec index'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (index:RangeFrom'0.t_rangefrom usize) (return' (ret:slice int32))= {[@expl:precondition] [%#span62] inv'1 index} + {[@expl:precondition] [%#span61] inv'0 self} + {[@expl:precondition] [%#span60] in_bounds'0 index (shallow_model'1 self)} any - [ return' (result:slice int32)-> {[%#span68] inv'2 result} - {[%#span67] has_value'0 index (shallow_model'1 self) result} + [ return' (result:slice int32)-> {[%#span64] inv'2 result} + {[%#span63] has_value'0 index (shallow_model'1 self) result} (! return' {result}) ] use prelude.prelude.Int32 let rec create_arr'0 (_1:()) (return' (ret:Vec'0.t_vec int32 (Global'0.t_global)))= any - [ return' (result:Vec'0.t_vec int32 (Global'0.t_global))-> {[%#span104] len'2 (shallow_model'0 result) = 5 + [ return' (result:Vec'0.t_vec int32 (Global'0.t_global))-> {[%#span97] len'2 (shallow_model'0 result) = 5 /\ Int32.to_int (index_logic'0 result 0) = 0 /\ Int32.to_int (index_logic'0 result 1) = 1 /\ Int32.to_int (index_logic'0 result 2) = 2 @@ -2847,107 +2718,97 @@ module IndexRange_TestRangeFull let%span span44 = "" 0 0 0 0 - let%span span45 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span45 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span46 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span46 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span47 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span47 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span48 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span48 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span49 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span49 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span50 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span50 = "../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 - let%span span51 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span51 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span52 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span52 = "../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 - let%span span53 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span53 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span54 = "../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 + let%span span54 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span55 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span55 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span56 = "../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 + let%span span56 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 - let%span span57 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span57 = "" 0 0 0 0 - let%span span58 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span58 = "" 0 0 0 0 - let%span span59 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span59 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 - let%span span60 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 + let%span span60 = "" 0 0 0 0 let%span span61 = "" 0 0 0 0 - let%span span62 = "" 0 0 0 0 + let%span span62 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 - let%span span63 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 + let%span span63 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span64 = "" 0 0 0 0 + let%span span64 = "../../../../creusot-contracts/src/std/slice.rs" 199 20 199 24 - let%span span65 = "" 0 0 0 0 + let%span span65 = "../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span66 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 + let%span span66 = "../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span67 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span67 = "../../../../creusot-contracts/src/std/slice.rs" 193 20 193 31 - let%span span68 = "../../../../creusot-contracts/src/std/slice.rs" 199 20 199 24 + let%span span68 = "../../../../creusot-contracts/src/std/slice.rs" 187 20 187 24 - let%span span69 = "../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 + let%span span69 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span70 = "../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span70 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 - let%span span71 = "../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span71 = "" 0 0 0 0 - let%span span72 = "../../../../creusot-contracts/src/std/slice.rs" 193 20 193 31 + let%span span72 = "" 0 0 0 0 - let%span span73 = "../../../../creusot-contracts/src/std/slice.rs" 187 20 187 24 + let%span span73 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 - let%span span74 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span74 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 - let%span span75 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 + let%span span75 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 - let%span span76 = "" 0 0 0 0 + let%span span76 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 let%span span77 = "" 0 0 0 0 - let%span span78 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 - - let%span span79 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 - - let%span span80 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 - - let%span span81 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 + let%span span78 = "" 0 0 0 0 - let%span span82 = "" 0 0 0 0 - - let%span span83 = "" 0 0 0 0 - - let%span span84 = "../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 + let%span span79 = "../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 - let%span span85 = "../index_range.rs" 7 4 12 22 + let%span span80 = "../index_range.rs" 7 4 12 22 use prelude.prelude.Int32 - use prelude.prelude.Slice + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'9 (self : slice int32) = + predicate invariant'9 (self : Seq'0.t_seq int32) = [%#span43] true - predicate inv'9 (_x : slice int32) + predicate inv'9 (_x : Seq'0.t_seq int32) - axiom inv'9 : forall x : slice int32 . inv'9 x = true + axiom inv'9 : forall x : Seq'0.t_seq int32 . inv'9 x = true - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + use prelude.prelude.Slice - predicate invariant'8 (self : Seq'0.t_seq int32) = + predicate invariant'8 (self : slice int32) = [%#span43] true - predicate inv'8 (_x : Seq'0.t_seq int32) + predicate inv'8 (_x : slice int32) - axiom inv'8 : forall x : Seq'0.t_seq int32 . inv'8 x = true + axiom inv'8 : forall x : slice int32 . inv'8 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -2961,24 +2822,19 @@ module IndexRange_TestRangeFull constant max'0 : usize = [%#span44] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'2 (self : Seq'0.t_seq int32) : int - axiom len'2_spec : forall self : Seq'0.t_seq int32 . ([%#span45] inv'8 self) -> ([%#span46] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq int32 . [%#span45] len'2 self >= 0 predicate inv'7 (_x : Vec'0.t_vec int32 (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec int32 (Global'0.t_global)) : Seq'0.t_seq int32 - axiom shallow_model'0_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span47] inv'7 self) - -> ([%#span49] inv'8 (shallow_model'0 self)) - && ([%#span48] len'2 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span46] inv'7 self) + -> ([%#span47] len'2 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'7 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span50] inv'8 (shallow_model'0 self) + [%#span48] inv'9 (shallow_model'0 self) axiom inv'7 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'7 x = true @@ -3035,105 +2891,101 @@ module IndexRange_TestRangeFull axiom inv'0 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'0 x = true - constant empty'0 : Seq'0.t_seq int32 = [%#span51] () + constant empty'0 : Seq'0.t_seq int32 - function empty_len'0 (_1 : ()) : () = - [%#span53] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span52] len'2 (empty'0 : Seq'0.t_seq int32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span49] len'2 (empty'0 : Seq'0.t_seq int32) = 0 use prelude.prelude.Intrinsic predicate resolve'2 (self : int32) = - [%#span54] true + [%#span50] true - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq int32) (x : int) : int32 + function index_logic'1 (self : Seq'0.t_seq int32) (_2 : int) : int32 function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec int32 (Global'0.t_global)) (ix : int) : int32 = - [%#span55] index_logic'1 (shallow_model'0 self) ix + [%#span51] index_logic'1 (shallow_model'0 self) ix predicate resolve'1 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span56] forall i : int . 0 <= i /\ i < len'2 (shallow_model'0 self) -> resolve'2 (index_logic'0 self i) + [%#span52] forall i : int . 0 <= i /\ i < len'2 (shallow_model'0 self) -> resolve'2 (index_logic'0 self i) predicate has_value'1 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq int32) (out : int32) = - [%#span57] index_logic'1 seq (UIntSize.to_int self) = out + [%#span53] index_logic'1 seq (UIntSize.to_int self) = out predicate in_bounds'1 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq int32) = - [%#span58] UIntSize.to_int self < len'2 seq + [%#span54] UIntSize.to_int self < len'2 seq function shallow_model'1 (self : Vec'0.t_vec int32 (Global'0.t_global)) : Seq'0.t_seq int32 = - [%#span59] shallow_model'0 self + [%#span55] shallow_model'0 self - let rec index'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (index:usize) (return' (ret:int32))= {[@expl:precondition] [%#span62] inv'5 index} - {[@expl:precondition] [%#span61] inv'0 self} - {[@expl:precondition] [%#span60] in_bounds'1 index (shallow_model'1 self)} + let rec index'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (index:usize) (return' (ret:int32))= {[@expl:precondition] [%#span58] inv'5 index} + {[@expl:precondition] [%#span57] inv'0 self} + {[@expl:precondition] [%#span56] in_bounds'1 index (shallow_model'1 self)} any - [ return' (result:int32)-> {[%#span64] inv'6 result} - {[%#span63] has_value'1 index (shallow_model'1 self) result} + [ return' (result:int32)-> {[%#span60] inv'6 result} + {[%#span59] has_value'1 index (shallow_model'1 self) result} (! return' {result}) ] - let rec len'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span65] inv'0 self} + let rec len'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span61] inv'0 self} any - [ return' (result:usize)-> {[%#span66] UIntSize.to_int result = len'2 (shallow_model'1 self)} (! return' {result}) ] + [ return' (result:usize)-> {[%#span62] UIntSize.to_int result = len'2 (shallow_model'1 self)} (! return' {result}) ] predicate resolve'0 (self : borrowed (slice int32)) = - [%#span67] ^ self = * self + [%#span63] ^ self = * self predicate resolve_elswhere'0 (self : RangeFull'0.t_rangefull) (_old : Seq'0.t_seq int32) (_fin : Seq'0.t_seq int32) = - [%#span68] true + [%#span64] true function shallow_model'4 (self : slice int32) : Seq'0.t_seq int32 - axiom shallow_model'4_spec : forall self : slice int32 . ([%#span69] inv'9 self) - -> ([%#span71] inv'8 (shallow_model'4 self)) - && ([%#span70] len'2 (shallow_model'4 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'4_spec : forall self : slice int32 . ([%#span65] inv'8 self) + -> ([%#span66] len'2 (shallow_model'4 self) <= UIntSize.to_int (max'0 : usize)) predicate has_value'0 (self : RangeFull'0.t_rangefull) (seq : Seq'0.t_seq int32) (out : slice int32) = - [%#span72] seq = shallow_model'4 out + [%#span67] seq = shallow_model'4 out predicate in_bounds'0 (self : RangeFull'0.t_rangefull) (_seq : Seq'0.t_seq int32) = - [%#span73] true + [%#span68] true function shallow_model'3 (self : borrowed (Vec'0.t_vec int32 (Global'0.t_global))) : Seq'0.t_seq int32 = - [%#span74] shallow_model'0 ( * self) + [%#span69] shallow_model'0 ( * self) - let rec index_mut'0 (self:borrowed (Vec'0.t_vec int32 (Global'0.t_global))) (index:RangeFull'0.t_rangefull) (return' (ret:borrowed (slice int32)))= {[@expl:precondition] [%#span77] inv'1 index} - {[@expl:precondition] [%#span76] inv'3 self} - {[@expl:precondition] [%#span75] in_bounds'0 index (shallow_model'3 self)} + let rec index_mut'0 (self:borrowed (Vec'0.t_vec int32 (Global'0.t_global))) (index:RangeFull'0.t_rangefull) (return' (ret:borrowed (slice int32)))= {[@expl:precondition] [%#span72] inv'1 index} + {[@expl:precondition] [%#span71] inv'3 self} + {[@expl:precondition] [%#span70] in_bounds'0 index (shallow_model'3 self)} any - [ return' (result:borrowed (slice int32))-> {[%#span82] inv'4 result} - {[%#span81] len'2 (shallow_model'0 ( ^ self)) = len'2 (shallow_model'3 self)} - {[%#span80] resolve_elswhere'0 index (shallow_model'3 self) (shallow_model'0 ( ^ self))} - {[%#span79] has_value'0 index (shallow_model'0 ( ^ self)) ( ^ result)} - {[%#span78] has_value'0 index (shallow_model'3 self) ( * result)} + [ return' (result:borrowed (slice int32))-> {[%#span77] inv'4 result} + {[%#span76] len'2 (shallow_model'0 ( ^ self)) = len'2 (shallow_model'3 self)} + {[%#span75] resolve_elswhere'0 index (shallow_model'3 self) (shallow_model'0 ( ^ self))} + {[%#span74] has_value'0 index (shallow_model'0 ( ^ self)) ( ^ result)} + {[%#span73] has_value'0 index (shallow_model'3 self) ( * result)} (! return' {result}) ] function shallow_model'2 (self : slice int32) : Seq'0.t_seq int32 = - [%#span59] shallow_model'4 self + [%#span55] shallow_model'4 self - let rec len'0 (self:slice int32) (return' (ret:usize))= {[@expl:precondition] [%#span83] inv'2 self} + let rec len'0 (self:slice int32) (return' (ret:usize))= {[@expl:precondition] [%#span78] inv'2 self} any - [ return' (result:usize)-> {[%#span84] len'2 (shallow_model'2 self) = UIntSize.to_int result} (! return' {result}) ] + [ return' (result:usize)-> {[%#span79] len'2 (shallow_model'2 self) = UIntSize.to_int result} (! return' {result}) ] - let rec index'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (index:RangeFull'0.t_rangefull) (return' (ret:slice int32))= {[@expl:precondition] [%#span62] inv'1 index} - {[@expl:precondition] [%#span61] inv'0 self} - {[@expl:precondition] [%#span60] in_bounds'0 index (shallow_model'1 self)} + let rec index'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (index:RangeFull'0.t_rangefull) (return' (ret:slice int32))= {[@expl:precondition] [%#span58] inv'1 index} + {[@expl:precondition] [%#span57] inv'0 self} + {[@expl:precondition] [%#span56] in_bounds'0 index (shallow_model'1 self)} any - [ return' (result:slice int32)-> {[%#span64] inv'2 result} - {[%#span63] has_value'0 index (shallow_model'1 self) result} + [ return' (result:slice int32)-> {[%#span60] inv'2 result} + {[%#span59] has_value'0 index (shallow_model'1 self) result} (! return' {result}) ] use prelude.prelude.Int32 let rec create_arr'0 (_1:()) (return' (ret:Vec'0.t_vec int32 (Global'0.t_global)))= any - [ return' (result:Vec'0.t_vec int32 (Global'0.t_global))-> {[%#span85] len'2 (shallow_model'0 result) = 5 + [ return' (result:Vec'0.t_vec int32 (Global'0.t_global))-> {[%#span80] len'2 (shallow_model'0 result) = 5 /\ Int32.to_int (index_logic'0 result 0) = 0 /\ Int32.to_int (index_logic'0 result 1) = 1 /\ Int32.to_int (index_logic'0 result 2) = 2 @@ -3490,137 +3342,123 @@ module IndexRange_TestRangeToInclusive let%span span43 = "" 0 0 0 0 - let%span span44 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span44 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span45 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span45 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span46 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span46 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span47 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span47 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span48 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span48 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span49 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span49 = "../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 - let%span span50 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span50 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span51 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span51 = "../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 - let%span span52 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span52 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span53 = "../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 + let%span span53 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span54 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span54 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span55 = "../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 + let%span span55 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 - let%span span56 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span56 = "" 0 0 0 0 - let%span span57 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span57 = "" 0 0 0 0 - let%span span58 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span58 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 - let%span span59 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 + let%span span59 = "" 0 0 0 0 let%span span60 = "" 0 0 0 0 - let%span span61 = "" 0 0 0 0 + let%span span61 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 - let%span span62 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 + let%span span62 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span63 = "" 0 0 0 0 + let%span span63 = "../../../../creusot-contracts/src/std/slice.rs" 219 8 219 89 - let%span span64 = "" 0 0 0 0 + let%span span64 = "../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span65 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 + let%span span65 = "../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span66 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span66 = "../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span span67 = "../../../../creusot-contracts/src/std/slice.rs" 219 8 219 89 + let%span span67 = "../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span span68 = "../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 + let%span span68 = "../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span span69 = "../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span69 = "../../../../creusot-contracts/src/std/slice.rs" 213 20 213 61 - let%span span70 = "../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span70 = "../../../../creusot-contracts/src/std/slice.rs" 207 20 207 41 - let%span span71 = "../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 + let%span span71 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span72 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 + let%span span72 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 - let%span span73 = "../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 + let%span span73 = "" 0 0 0 0 - let%span span74 = "../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 + let%span span74 = "" 0 0 0 0 - let%span span75 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 + let%span span75 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 - let%span span76 = "../../../../creusot-contracts/src/std/slice.rs" 213 20 213 61 + let%span span76 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 - let%span span77 = "../../../../creusot-contracts/src/std/slice.rs" 207 20 207 41 + let%span span77 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 - let%span span78 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span78 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 - let%span span79 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 + let%span span79 = "" 0 0 0 0 let%span span80 = "" 0 0 0 0 - let%span span81 = "" 0 0 0 0 + let%span span81 = "../../../../creusot-contracts/src/std/option.rs" 38 26 38 51 - let%span span82 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 + let%span span82 = "" 0 0 0 0 - let%span span83 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 + let%span span83 = "" 0 0 0 0 - let%span span84 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 + let%span span84 = "../../../../creusot-contracts/src/std/slice.rs" 240 8 240 102 - let%span span85 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 + let%span span85 = "../../../../creusot-contracts/src/std/slice.rs" 241 18 241 55 let%span span86 = "" 0 0 0 0 let%span span87 = "" 0 0 0 0 - let%span span88 = "../../../../creusot-contracts/src/std/option.rs" 38 26 38 51 + let%span span88 = "../../../../creusot-contracts/src/std/vec.rs" 163 26 163 42 let%span span89 = "" 0 0 0 0 let%span span90 = "" 0 0 0 0 - let%span span91 = "../../../../creusot-contracts/src/std/slice.rs" 240 8 240 102 - - let%span span92 = "../../../../creusot-contracts/src/std/slice.rs" 241 18 241 55 - - let%span span93 = "" 0 0 0 0 - - let%span span94 = "" 0 0 0 0 - - let%span span95 = "../../../../creusot-contracts/src/std/vec.rs" 163 26 163 42 - - let%span span96 = "" 0 0 0 0 - - let%span span97 = "" 0 0 0 0 - - let%span span98 = "../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 + let%span span91 = "../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 - let%span span99 = "../index_range.rs" 7 4 12 22 + let%span span92 = "../index_range.rs" 7 4 12 22 use prelude.prelude.Int32 - use prelude.prelude.Slice + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'11 (self : slice int32) = + predicate invariant'11 (self : Seq'0.t_seq int32) = [%#span42] true - predicate inv'11 (_x : slice int32) + predicate inv'11 (_x : Seq'0.t_seq int32) - axiom inv'11 : forall x : slice int32 . inv'11 x = true + axiom inv'11 : forall x : Seq'0.t_seq int32 . inv'11 x = true - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + use prelude.prelude.Slice - predicate invariant'10 (self : Seq'0.t_seq int32) = + predicate invariant'10 (self : slice int32) = [%#span42] true - predicate inv'10 (_x : Seq'0.t_seq int32) + predicate inv'10 (_x : slice int32) - axiom inv'10 : forall x : Seq'0.t_seq int32 . inv'10 x = true + axiom inv'10 : forall x : slice int32 . inv'10 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -3634,24 +3472,19 @@ module IndexRange_TestRangeToInclusive constant max'0 : usize = [%#span43] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'2 (self : Seq'0.t_seq int32) : int - axiom len'2_spec : forall self : Seq'0.t_seq int32 . ([%#span44] inv'10 self) -> ([%#span45] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq int32 . [%#span44] len'2 self >= 0 predicate inv'9 (_x : Vec'0.t_vec int32 (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec int32 (Global'0.t_global)) : Seq'0.t_seq int32 - axiom shallow_model'0_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span46] inv'9 self) - -> ([%#span48] inv'10 (shallow_model'0 self)) - && ([%#span47] len'2 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span45] inv'9 self) + -> ([%#span46] len'2 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'9 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span49] inv'10 (shallow_model'0 self) + [%#span47] inv'11 (shallow_model'0 self) axiom inv'9 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'9 x = true @@ -3724,147 +3557,139 @@ module IndexRange_TestRangeToInclusive axiom inv'0 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'0 x = true - constant empty'0 : Seq'0.t_seq int32 = [%#span50] () + constant empty'0 : Seq'0.t_seq int32 - function empty_len'0 (_1 : ()) : () = - [%#span52] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span51] len'2 (empty'0 : Seq'0.t_seq int32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span48] len'2 (empty'0 : Seq'0.t_seq int32) = 0 use prelude.prelude.Intrinsic predicate resolve'2 (self : int32) = - [%#span53] true + [%#span49] true - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq int32) (x : int) : int32 + function index_logic'1 (self : Seq'0.t_seq int32) (_2 : int) : int32 function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec int32 (Global'0.t_global)) (ix : int) : int32 = - [%#span54] index_logic'1 (shallow_model'0 self) ix + [%#span50] index_logic'1 (shallow_model'0 self) ix predicate resolve'1 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span55] forall i : int . 0 <= i /\ i < len'2 (shallow_model'0 self) -> resolve'2 (index_logic'0 self i) + [%#span51] forall i : int . 0 <= i /\ i < len'2 (shallow_model'0 self) -> resolve'2 (index_logic'0 self i) predicate has_value'1 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq int32) (out : int32) = - [%#span56] index_logic'1 seq (UIntSize.to_int self) = out + [%#span52] index_logic'1 seq (UIntSize.to_int self) = out predicate in_bounds'1 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq int32) = - [%#span57] UIntSize.to_int self < len'2 seq + [%#span53] UIntSize.to_int self < len'2 seq function shallow_model'1 (self : Vec'0.t_vec int32 (Global'0.t_global)) : Seq'0.t_seq int32 = - [%#span58] shallow_model'0 self + [%#span54] shallow_model'0 self - let rec index'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (index:usize) (return' (ret:int32))= {[@expl:precondition] [%#span61] inv'7 index} - {[@expl:precondition] [%#span60] inv'0 self} - {[@expl:precondition] [%#span59] in_bounds'1 index (shallow_model'1 self)} + let rec index'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (index:usize) (return' (ret:int32))= {[@expl:precondition] [%#span57] inv'7 index} + {[@expl:precondition] [%#span56] inv'0 self} + {[@expl:precondition] [%#span55] in_bounds'1 index (shallow_model'1 self)} any - [ return' (result:int32)-> {[%#span63] inv'8 result} - {[%#span62] has_value'1 index (shallow_model'1 self) result} + [ return' (result:int32)-> {[%#span59] inv'8 result} + {[%#span58] has_value'1 index (shallow_model'1 self) result} (! return' {result}) ] - let rec len'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span64] inv'0 self} + let rec len'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span60] inv'0 self} any - [ return' (result:usize)-> {[%#span65] UIntSize.to_int result = len'2 (shallow_model'1 self)} (! return' {result}) ] + [ return' (result:usize)-> {[%#span61] UIntSize.to_int result = len'2 (shallow_model'1 self)} (! return' {result}) ] predicate resolve'0 (self : borrowed (slice int32)) = - [%#span66] ^ self = * self + [%#span62] ^ self = * self use Core_Ops_Range_RangeToInclusive_Type as Core_Ops_Range_RangeToInclusive_Type predicate resolve_elswhere'0 (self : RangeToInclusive'0.t_rangetoinclusive usize) (old' : Seq'0.t_seq int32) (fin : Seq'0.t_seq int32) = - [%#span67] forall i : int . UIntSize.to_int (Core_Ops_Range_RangeToInclusive_Type.rangetoinclusive_end self) < i + [%#span63] forall i : int . UIntSize.to_int (Core_Ops_Range_RangeToInclusive_Type.rangetoinclusive_end self) < i /\ i < len'2 old' -> index_logic'1 old' i = index_logic'1 fin i function shallow_model'4 (self : slice int32) : Seq'0.t_seq int32 - axiom shallow_model'4_spec : forall self : slice int32 . ([%#span68] inv'11 self) - -> ([%#span70] inv'10 (shallow_model'4 self)) - && ([%#span69] len'2 (shallow_model'4 self) <= UIntSize.to_int (max'0 : usize)) - - use prelude.seq_ext.SeqExt + axiom shallow_model'4_spec : forall self : slice int32 . ([%#span64] inv'10 self) + -> ([%#span65] len'2 (shallow_model'4 self) <= UIntSize.to_int (max'0 : usize)) function subsequence'0 (self : Seq'0.t_seq int32) (n : int) (m : int) : Seq'0.t_seq int32 - axiom subsequence'0_spec : forall self : Seq'0.t_seq int32, n : int, m : int . ([%#span71] 0 <= n + axiom subsequence'0_spec : forall self : Seq'0.t_seq int32, n : int, m : int . ([%#span66] 0 <= n /\ n <= m /\ m <= len'2 self) - -> ([%#span72] inv'10 self) - -> ([%#span75] inv'10 (subsequence'0 self n m)) - && ([%#span74] forall i : int . 0 <= i /\ i < len'2 (subsequence'0 self n m) + -> ([%#span68] forall i : int . 0 <= i /\ i < len'2 (subsequence'0 self n m) -> index_logic'1 (subsequence'0 self n m) i = index_logic'1 self (n + i)) - && ([%#span73] len'2 (subsequence'0 self n m) = m - n) + && ([%#span67] len'2 (subsequence'0 self n m) = m - n) predicate has_value'0 (self : RangeToInclusive'0.t_rangetoinclusive usize) (seq : Seq'0.t_seq int32) (out : slice int32) = - [%#span76] subsequence'0 seq 0 (UIntSize.to_int (Core_Ops_Range_RangeToInclusive_Type.rangetoinclusive_end self) + [%#span69] subsequence'0 seq 0 (UIntSize.to_int (Core_Ops_Range_RangeToInclusive_Type.rangetoinclusive_end self) + 1) = shallow_model'4 out predicate in_bounds'0 (self : RangeToInclusive'0.t_rangetoinclusive usize) (seq : Seq'0.t_seq int32) = - [%#span77] UIntSize.to_int (Core_Ops_Range_RangeToInclusive_Type.rangetoinclusive_end self) < len'2 seq + [%#span70] UIntSize.to_int (Core_Ops_Range_RangeToInclusive_Type.rangetoinclusive_end self) < len'2 seq function shallow_model'3 (self : borrowed (Vec'0.t_vec int32 (Global'0.t_global))) : Seq'0.t_seq int32 = - [%#span78] shallow_model'0 ( * self) + [%#span71] shallow_model'0 ( * self) - let rec index_mut'0 (self:borrowed (Vec'0.t_vec int32 (Global'0.t_global))) (index:RangeToInclusive'0.t_rangetoinclusive usize) (return' (ret:borrowed (slice int32)))= {[@expl:precondition] [%#span81] inv'1 index} - {[@expl:precondition] [%#span80] inv'5 self} - {[@expl:precondition] [%#span79] in_bounds'0 index (shallow_model'3 self)} + let rec index_mut'0 (self:borrowed (Vec'0.t_vec int32 (Global'0.t_global))) (index:RangeToInclusive'0.t_rangetoinclusive usize) (return' (ret:borrowed (slice int32)))= {[@expl:precondition] [%#span74] inv'1 index} + {[@expl:precondition] [%#span73] inv'5 self} + {[@expl:precondition] [%#span72] in_bounds'0 index (shallow_model'3 self)} any - [ return' (result:borrowed (slice int32))-> {[%#span86] inv'6 result} - {[%#span85] len'2 (shallow_model'0 ( ^ self)) = len'2 (shallow_model'3 self)} - {[%#span84] resolve_elswhere'0 index (shallow_model'3 self) (shallow_model'0 ( ^ self))} - {[%#span83] has_value'0 index (shallow_model'0 ( ^ self)) ( ^ result)} - {[%#span82] has_value'0 index (shallow_model'3 self) ( * result)} + [ return' (result:borrowed (slice int32))-> {[%#span79] inv'6 result} + {[%#span78] len'2 (shallow_model'0 ( ^ self)) = len'2 (shallow_model'3 self)} + {[%#span77] resolve_elswhere'0 index (shallow_model'3 self) (shallow_model'0 ( ^ self))} + {[%#span76] has_value'0 index (shallow_model'0 ( ^ self)) ( ^ result)} + {[%#span75] has_value'0 index (shallow_model'3 self) ( * result)} (! return' {result}) ] - let rec is_none'0 (self:Option'0.t_option (slice int32)) (return' (ret:bool))= {[@expl:precondition] [%#span87] inv'4 self} - any [ return' (result:bool)-> {[%#span88] result = (self = Option'0.C_None)} (! return' {result}) ] + let rec is_none'0 (self:Option'0.t_option (slice int32)) (return' (ret:bool))= {[@expl:precondition] [%#span80] inv'4 self} + any [ return' (result:bool)-> {[%#span81] result = (self = Option'0.C_None)} (! return' {result}) ] function shallow_model'2 (self : slice int32) : Seq'0.t_seq int32 = - [%#span58] shallow_model'4 self + [%#span54] shallow_model'4 self - let rec get'0 (self:slice int32) (index:RangeToInclusive'0.t_rangetoinclusive usize) (return' (ret:Option'0.t_option (slice int32)))= {[@expl:precondition] [%#span90] inv'1 index} - {[@expl:precondition] [%#span89] inv'2 self} + let rec get'0 (self:slice int32) (index:RangeToInclusive'0.t_rangetoinclusive usize) (return' (ret:Option'0.t_option (slice int32)))= {[@expl:precondition] [%#span83] inv'1 index} + {[@expl:precondition] [%#span82] inv'2 self} any - [ return' (result:Option'0.t_option (slice int32))-> {[%#span93] inv'3 result} - {[%#span92] in_bounds'0 index (shallow_model'2 self) \/ result = Option'0.C_None} - {[%#span91] in_bounds'0 index (shallow_model'2 self) + [ return' (result:Option'0.t_option (slice int32))-> {[%#span86] inv'3 result} + {[%#span85] in_bounds'0 index (shallow_model'2 self) \/ result = Option'0.C_None} + {[%#span84] in_bounds'0 index (shallow_model'2 self) -> (exists r : slice int32 . inv'2 r /\ result = Option'0.C_Some r /\ has_value'0 index (shallow_model'2 self) r)} (! return' {result}) ] - let rec deref'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:slice int32))= {[@expl:precondition] [%#span94] inv'0 self} + let rec deref'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:slice int32))= {[@expl:precondition] [%#span87] inv'0 self} any - [ return' (result:slice int32)-> {[%#span96] inv'2 result} - {[%#span95] shallow_model'2 result = shallow_model'1 self} + [ return' (result:slice int32)-> {[%#span89] inv'2 result} + {[%#span88] shallow_model'2 result = shallow_model'1 self} (! return' {result}) ] - let rec len'0 (self:slice int32) (return' (ret:usize))= {[@expl:precondition] [%#span97] inv'2 self} + let rec len'0 (self:slice int32) (return' (ret:usize))= {[@expl:precondition] [%#span90] inv'2 self} any - [ return' (result:usize)-> {[%#span98] len'2 (shallow_model'2 self) = UIntSize.to_int result} (! return' {result}) ] + [ return' (result:usize)-> {[%#span91] len'2 (shallow_model'2 self) = UIntSize.to_int result} (! return' {result}) ] - let rec index'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (index:RangeToInclusive'0.t_rangetoinclusive usize) (return' (ret:slice int32))= {[@expl:precondition] [%#span61] inv'1 index} - {[@expl:precondition] [%#span60] inv'0 self} - {[@expl:precondition] [%#span59] in_bounds'0 index (shallow_model'1 self)} + let rec index'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (index:RangeToInclusive'0.t_rangetoinclusive usize) (return' (ret:slice int32))= {[@expl:precondition] [%#span57] inv'1 index} + {[@expl:precondition] [%#span56] inv'0 self} + {[@expl:precondition] [%#span55] in_bounds'0 index (shallow_model'1 self)} any - [ return' (result:slice int32)-> {[%#span63] inv'2 result} - {[%#span62] has_value'0 index (shallow_model'1 self) result} + [ return' (result:slice int32)-> {[%#span59] inv'2 result} + {[%#span58] has_value'0 index (shallow_model'1 self) result} (! return' {result}) ] use prelude.prelude.Int32 let rec create_arr'0 (_1:()) (return' (ret:Vec'0.t_vec int32 (Global'0.t_global)))= any - [ return' (result:Vec'0.t_vec int32 (Global'0.t_global))-> {[%#span99] len'2 (shallow_model'0 result) = 5 + [ return' (result:Vec'0.t_vec int32 (Global'0.t_global))-> {[%#span92] len'2 (shallow_model'0 result) = 5 /\ Int32.to_int (index_logic'0 result 0) = 0 /\ Int32.to_int (index_logic'0 result 1) = 1 /\ Int32.to_int (index_logic'0 result 2) = 2 diff --git a/creusot/tests/should_succeed/inferred_invarianrs.coma b/creusot/tests/should_succeed/inferred_invarianrs.coma index 5013062252..da3a802c64 100644 --- a/creusot/tests/should_succeed/inferred_invarianrs.coma +++ b/creusot/tests/should_succeed/inferred_invarianrs.coma @@ -227,22 +227,7 @@ module InferredInvarianrs_TempMove end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module Core_Ptr_NonNull_NonNull_Type use prelude.prelude.Opaque @@ -360,71 +345,68 @@ module InferredInvarianrs_Y let%span sinferred_invarianrs6 = "../inferred_invarianrs.rs" 46 15 46 17 - let%span span7 = "" 0 0 0 0 + let%span span7 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span8 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span8 = "" 0 0 0 0 - let%span span9 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span9 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 let%span span10 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 let%span span11 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span12 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 - - let%span span13 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - - let%span span14 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - - let%span span15 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span12 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span16 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span13 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span17 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span14 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span18 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span15 = "../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 - let%span span19 = "../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 + let%span span16 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span20 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span17 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span21 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span18 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span22 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span19 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 - let%span span23 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 + let%span span20 = "" 0 0 0 0 - let%span span24 = "" 0 0 0 0 + let%span span21 = "" 0 0 0 0 - let%span span25 = "" 0 0 0 0 + let%span span22 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 - let%span span26 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 + let%span span23 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 - let%span span27 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 + let%span span24 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 - let%span span28 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 + let%span span25 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 - let%span span29 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 + let%span span26 = "" 0 0 0 0 - let%span span30 = "" 0 0 0 0 + let%span span27 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span31 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span28 = "" 0 0 0 0 - let%span span32 = "" 0 0 0 0 + let%span span29 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 - let%span span33 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 + let%span span30 = "../../../../creusot-contracts/src/snapshot.rs" 27 20 27 48 - let%span span34 = "../../../../creusot-contracts/src/snapshot.rs" 27 20 27 48 + let%span span31 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span35 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - - let%span span36 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span32 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 use prelude.prelude.Int32 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'1 (_x : Seq'0.t_seq int32) + predicate invariant'5 (self : Seq'0.t_seq int32) = + [%#span7] true + + predicate inv'5 (_x : Seq'0.t_seq int32) + + axiom inv'5 : forall x : Seq'0.t_seq int32 . inv'5 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -436,136 +418,123 @@ module InferredInvarianrs_Y use prelude.prelude.Int - constant max'0 : usize = [%#span7] (18446744073709551615 : usize) - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + constant max'0 : usize = [%#span8] (18446744073709551615 : usize) function len'0 (self : Seq'0.t_seq int32) : int - axiom len'0_spec : forall self : Seq'0.t_seq int32 . ([%#span8] inv'1 self) -> ([%#span9] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq int32 . [%#span9] len'0 self >= 0 - predicate inv'5 (_x : Vec'0.t_vec int32 (Global'0.t_global)) + predicate inv'4 (_x : Vec'0.t_vec int32 (Global'0.t_global)) function shallow_model'3 (self : Vec'0.t_vec int32 (Global'0.t_global)) : Seq'0.t_seq int32 - axiom shallow_model'3_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span10] inv'5 self) - -> ([%#span12] inv'1 (shallow_model'3 self)) - && ([%#span11] len'0 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'3_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span10] inv'4 self) + -> ([%#span11] len'0 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) - predicate invariant'5 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span13] inv'1 (shallow_model'3 self) + predicate invariant'4 (self : Vec'0.t_vec int32 (Global'0.t_global)) = + [%#span12] inv'5 (shallow_model'3 self) - axiom inv'5 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'5 x = true + axiom inv'4 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'4 x = true use prelude.prelude.Borrow - predicate invariant'4 (self : borrowed int32) = - [%#span14] true - - predicate inv'4 (_x : borrowed int32) + predicate invariant'3 (self : borrowed int32) = + [%#span7] true - axiom inv'4 : forall x : borrowed int32 . inv'4 x = true + predicate inv'3 (_x : borrowed int32) - predicate invariant'3 (self : usize) = - [%#span14] true + axiom inv'3 : forall x : borrowed int32 . inv'3 x = true - predicate inv'3 (_x : usize) + predicate invariant'2 (self : usize) = + [%#span7] true - axiom inv'3 : forall x : usize . inv'3 x = true + predicate inv'2 (_x : usize) - predicate invariant'2 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span14] true + axiom inv'2 : forall x : usize . inv'2 x = true - predicate inv'2 (_x : Vec'0.t_vec int32 (Global'0.t_global)) + predicate invariant'1 (self : Vec'0.t_vec int32 (Global'0.t_global)) = + [%#span7] true - axiom inv'2 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'2 x = true + predicate inv'1 (_x : Vec'0.t_vec int32 (Global'0.t_global)) - predicate invariant'1 (self : Seq'0.t_seq int32) = - [%#span14] true - - axiom inv'1 : forall x : Seq'0.t_seq int32 . inv'1 x = true + axiom inv'1 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'1 x = true predicate invariant'0 (self : borrowed (Vec'0.t_vec int32 (Global'0.t_global))) = - [%#span14] true + [%#span7] true predicate inv'0 (_x : borrowed (Vec'0.t_vec int32 (Global'0.t_global))) axiom inv'0 : forall x : borrowed (Vec'0.t_vec int32 (Global'0.t_global)) . inv'0 x = true - constant empty'0 : Seq'0.t_seq int32 = [%#span15] () + constant empty'0 : Seq'0.t_seq int32 - function empty_len'0 (_1 : ()) : () = - [%#span17] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span16] len'0 (empty'0 : Seq'0.t_seq int32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span13] len'0 (empty'0 : Seq'0.t_seq int32) = 0 use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic predicate resolve'1 (self : borrowed (Vec'0.t_vec int32 (Global'0.t_global))) = - [%#span18] ^ self = * self + [%#span14] ^ self = * self predicate resolve'0 (self : borrowed int32) = - [%#span18] ^ self = * self + [%#span14] ^ self = * self use prelude.prelude.Slice - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq int32) (x : int) : int32 + function index_logic'0 (self : Seq'0.t_seq int32) (_2 : int) : int32 predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq'0.t_seq int32) (fin : Seq'0.t_seq int32) = - [%#span19] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'0 old' + [%#span15] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'0 old' -> index_logic'0 old' i = index_logic'0 fin i predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq int32) (out : int32) = - [%#span20] index_logic'0 seq (UIntSize.to_int self) = out + [%#span16] index_logic'0 seq (UIntSize.to_int self) = out predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq int32) = - [%#span21] UIntSize.to_int self < len'0 seq + [%#span17] UIntSize.to_int self < len'0 seq function shallow_model'1 (self : borrowed (Vec'0.t_vec int32 (Global'0.t_global))) : Seq'0.t_seq int32 = - [%#span22] shallow_model'3 ( * self) + [%#span18] shallow_model'3 ( * self) - let rec index_mut'0 (self:borrowed (Vec'0.t_vec int32 (Global'0.t_global))) (index:usize) (return' (ret:borrowed int32))= {[@expl:precondition] [%#span25] inv'3 index} - {[@expl:precondition] [%#span24] inv'0 self} - {[@expl:precondition] [%#span23] in_bounds'0 index (shallow_model'1 self)} + let rec index_mut'0 (self:borrowed (Vec'0.t_vec int32 (Global'0.t_global))) (index:usize) (return' (ret:borrowed int32))= {[@expl:precondition] [%#span21] inv'2 index} + {[@expl:precondition] [%#span20] inv'0 self} + {[@expl:precondition] [%#span19] in_bounds'0 index (shallow_model'1 self)} any - [ return' (result:borrowed int32)-> {[%#span30] inv'4 result} - {[%#span29] len'0 (shallow_model'3 ( ^ self)) = len'0 (shallow_model'1 self)} - {[%#span28] resolve_elswhere'0 index (shallow_model'1 self) (shallow_model'3 ( ^ self))} - {[%#span27] has_value'0 index (shallow_model'3 ( ^ self)) ( ^ result)} - {[%#span26] has_value'0 index (shallow_model'1 self) ( * result)} + [ return' (result:borrowed int32)-> {[%#span26] inv'3 result} + {[%#span25] len'0 (shallow_model'3 ( ^ self)) = len'0 (shallow_model'1 self)} + {[%#span24] resolve_elswhere'0 index (shallow_model'1 self) (shallow_model'3 ( ^ self))} + {[%#span23] has_value'0 index (shallow_model'3 ( ^ self)) ( ^ result)} + {[%#span22] has_value'0 index (shallow_model'1 self) ( * result)} (! return' {result}) ] function shallow_model'4 (self : Vec'0.t_vec int32 (Global'0.t_global)) : Seq'0.t_seq int32 = - [%#span31] shallow_model'3 self + [%#span27] shallow_model'3 self - let rec len'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span32] inv'2 self} + let rec len'1 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span28] inv'1 self} any - [ return' (result:usize)-> {[%#span33] UIntSize.to_int result = len'0 (shallow_model'4 self)} (! return' {result}) ] + [ return' (result:usize)-> {[%#span29] UIntSize.to_int result = len'0 (shallow_model'4 self)} (! return' {result}) ] function deref'0 (self : Snapshot'0.t_snapshot (borrowed (Vec'0.t_vec int32 (Global'0.t_global)))) : borrowed (Vec'0.t_vec int32 (Global'0.t_global)) function shallow_model'2 (self : borrowed (Vec'0.t_vec int32 (Global'0.t_global))) : Seq'0.t_seq int32 = - [%#span31] shallow_model'1 self + [%#span27] shallow_model'1 self function shallow_model'0 (self : Snapshot'0.t_snapshot (borrowed (Vec'0.t_vec int32 (Global'0.t_global)))) : Seq'0.t_seq int32 = - [%#span34] shallow_model'2 (deref'0 self) + [%#span30] shallow_model'2 (deref'0 self) function new'0 (x : borrowed (Vec'0.t_vec int32 (Global'0.t_global))) : Snapshot'0.t_snapshot (borrowed (Vec'0.t_vec int32 (Global'0.t_global))) - axiom new'0_spec : forall x : borrowed (Vec'0.t_vec int32 (Global'0.t_global)) . ([%#span35] inv'0 x) - -> ([%#span36] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : borrowed (Vec'0.t_vec int32 (Global'0.t_global)) . ([%#span31] inv'0 x) + -> ([%#span32] deref'0 (new'0 x) = x) let rec y (v:borrowed (Vec'0.t_vec int32 (Global'0.t_global))) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &old_v <- [%#sinferred_invarianrs0] new'0 v ] s1 | s1 = bb1 ] diff --git a/creusot/tests/should_succeed/invariant_moves.coma b/creusot/tests/should_succeed/invariant_moves.coma index a4b71faeaa..b874181946 100644 --- a/creusot/tests/should_succeed/invariant_moves.coma +++ b/creusot/tests/should_succeed/invariant_moves.coma @@ -117,22 +117,7 @@ module Core_Option_Option_Type end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module InvariantMoves_TestInvariantMove let%span sinvariant_moves0 = "../invariant_moves.rs" 6 16 6 22 @@ -141,87 +126,67 @@ module InvariantMoves_TestInvariantMove let%span span2 = "" 0 0 0 0 - let%span span3 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span4 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span5 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - - let%span span6 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - - let%span span7 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 - - let%span span8 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - - let%span span9 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span10 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span3 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span11 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span4 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span12 = "../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 + let%span span5 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span13 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span6 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span14 = "../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 + let%span span7 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span15 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span8 = "../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 - let%span span16 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span9 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span17 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span10 = "../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 - let%span span18 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span11 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span19 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span12 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span20 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span13 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span21 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span14 = "../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span22 = "../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span15 = "../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span23 = "../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span16 = "../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span24 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span17 = "../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span25 = "../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span18 = "../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span span26 = "../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 + let%span span19 = "../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span span27 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 + let%span span20 = "../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span span28 = "../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 + let%span span21 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span29 = "../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 + let%span span22 = "" 0 0 0 0 - let%span span30 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 + let%span span23 = "../../../../creusot-contracts/src/std/vec.rs" 86 26 91 17 - let%span span31 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - - let%span span32 = "" 0 0 0 0 - - let%span span33 = "../../../../creusot-contracts/src/std/vec.rs" 86 26 91 17 - - let%span span34 = "" 0 0 0 0 + let%span span24 = "" 0 0 0 0 use prelude.prelude.UInt32 - predicate invariant'4 (self : uint32) = - [%#span1] true + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'4 (_x : uint32) + predicate invariant'4 (self : Seq'0.t_seq uint32) = + [%#span1] true - axiom inv'4 : forall x : uint32 . inv'4 x = true + predicate inv'4 (_x : Seq'0.t_seq uint32) - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + axiom inv'4 : forall x : Seq'0.t_seq uint32 . inv'4 x = true - predicate invariant'3 (self : Seq'0.t_seq uint32) = + predicate invariant'3 (self : uint32) = [%#span1] true - predicate inv'3 (_x : Seq'0.t_seq uint32) + predicate inv'3 (_x : uint32) - axiom inv'3 : forall x : Seq'0.t_seq uint32 . inv'3 x = true + axiom inv'3 : forall x : uint32 . inv'3 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -235,24 +200,19 @@ module InvariantMoves_TestInvariantMove constant max'0 : usize = [%#span2] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq uint32) : int - axiom len'0_spec : forall self : Seq'0.t_seq uint32 . ([%#span3] inv'3 self) -> ([%#span4] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq uint32 . [%#span3] len'0 self >= 0 predicate inv'2 (_x : Vec'0.t_vec uint32 (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec uint32 (Global'0.t_global)) : Seq'0.t_seq uint32 - axiom shallow_model'0_spec : forall self : Vec'0.t_vec uint32 (Global'0.t_global) . ([%#span5] inv'2 self) - -> ([%#span7] inv'3 (shallow_model'0 self)) - && ([%#span6] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec uint32 (Global'0.t_global) . ([%#span4] inv'2 self) + -> ([%#span5] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'2 (self : Vec'0.t_vec uint32 (Global'0.t_global)) = - [%#span8] inv'3 (shallow_model'0 self) + [%#span6] inv'4 (shallow_model'0 self) axiom inv'2 : forall x : Vec'0.t_vec uint32 (Global'0.t_global) . inv'2 x = true @@ -265,12 +225,11 @@ module InvariantMoves_TestInvariantMove axiom inv'1 : forall x : Option'0.t_option uint32 . inv'1 x = true - constant empty'0 : Seq'0.t_seq uint32 = [%#span9] () + constant empty'0 : Seq'0.t_seq uint32 - function empty_len'0 (_1 : ()) : () = - [%#span11] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span10] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span7] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 use prelude.prelude.Borrow @@ -284,63 +243,51 @@ module InvariantMoves_TestInvariantMove use prelude.prelude.Intrinsic predicate resolve'2 (self : uint32) = - [%#span12] true - - use seq.Seq + [%#span8] true - function index_logic'1 (self : Seq'0.t_seq uint32) (x : int) : uint32 + function index_logic'1 (self : Seq'0.t_seq uint32) (_2 : int) : uint32 function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec uint32 (Global'0.t_global)) (ix : int) : uint32 = - [%#span13] index_logic'1 (shallow_model'0 self) ix + [%#span9] index_logic'1 (shallow_model'0 self) ix predicate resolve'1 (self : Vec'0.t_vec uint32 (Global'0.t_global)) = - [%#span14] forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 self) -> resolve'2 (index_logic'0 self i) + [%#span10] forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 self) -> resolve'2 (index_logic'0 self i) predicate resolve'0 (self : borrowed (Vec'0.t_vec uint32 (Global'0.t_global))) = - [%#span15] ^ self = * self - - use seq.Seq + [%#span11] ^ self = * self function concat'0 (self : Seq'0.t_seq uint32) (other : Seq'0.t_seq uint32) : Seq'0.t_seq uint32 - axiom concat'0_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span16] inv'3 self) - -> ([%#span17] inv'3 other) - -> ([%#span20] inv'3 (concat'0 self other)) - && ([%#span19] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span13] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'0 self then index_logic'1 self i else index_logic'1 other (i - len'0 self))) - && ([%#span18] len'0 (concat'0 self other) = len'0 self + len'0 other) - - use seq.Seq + && ([%#span12] len'0 (concat'0 self other) = len'0 self + len'0 other) function singleton'0 (v : uint32) : Seq'0.t_seq uint32 - axiom singleton'0_spec : forall v : uint32 . ([%#span21] inv'4 v) - -> ([%#span24] inv'3 (singleton'0 v)) - && ([%#span23] index_logic'1 (singleton'0 v) 0 = v) && ([%#span22] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : uint32 . ([%#span14] inv'3 v) + -> ([%#span16] index_logic'1 (singleton'0 v) 0 = v) && ([%#span15] len'0 (singleton'0 v) = 1) function push'0 [@inline:trivial] (self : Seq'0.t_seq uint32) (v : uint32) : Seq'0.t_seq uint32 = - [%#span25] concat'0 self (singleton'0 v) - - use prelude.seq_ext.SeqExt + [%#span17] concat'0 self (singleton'0 v) function subsequence'0 (self : Seq'0.t_seq uint32) (n : int) (m : int) : Seq'0.t_seq uint32 - axiom subsequence'0_spec : forall self : Seq'0.t_seq uint32, n : int, m : int . ([%#span26] 0 <= n + axiom subsequence'0_spec : forall self : Seq'0.t_seq uint32, n : int, m : int . ([%#span18] 0 <= n /\ n <= m /\ m <= len'0 self) - -> ([%#span27] inv'3 self) - -> ([%#span30] inv'3 (subsequence'0 self n m)) - && ([%#span29] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) + -> ([%#span20] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) -> index_logic'1 (subsequence'0 self n m) i = index_logic'1 self (n + i)) - && ([%#span28] len'0 (subsequence'0 self n m) = m - n) + && ([%#span19] len'0 (subsequence'0 self n m) = m - n) function shallow_model'1 (self : borrowed (Vec'0.t_vec uint32 (Global'0.t_global))) : Seq'0.t_seq uint32 = - [%#span31] shallow_model'0 ( * self) + [%#span21] shallow_model'0 ( * self) - let rec pop'0 (self:borrowed (Vec'0.t_vec uint32 (Global'0.t_global))) (return' (ret:Option'0.t_option uint32))= {[@expl:precondition] [%#span32] inv'0 self} + let rec pop'0 (self:borrowed (Vec'0.t_vec uint32 (Global'0.t_global))) (return' (ret:Option'0.t_option uint32))= {[@expl:precondition] [%#span22] inv'0 self} any - [ return' (result:Option'0.t_option uint32)-> {[%#span34] inv'1 result} - {[%#span33] match result with + [ return' (result:Option'0.t_option uint32)-> {[%#span24] inv'1 result} + {[%#span23] match result with | Option'0.C_Some t -> shallow_model'0 ( ^ self) = subsequence'0 (shallow_model'1 self) 0 (len'0 (shallow_model'1 self) - 1) /\ shallow_model'1 self = push'0 (shallow_model'0 ( ^ self)) t diff --git a/creusot/tests/should_succeed/iterators/01_range.coma b/creusot/tests/should_succeed/iterators/01_range.coma index 1ccf0d8ccd..9b60722a7f 100644 --- a/creusot/tests/should_succeed/iterators/01_range.coma +++ b/creusot/tests/should_succeed/iterators/01_range.coma @@ -25,73 +25,36 @@ module C01Range_Range_Type end end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C01Range_Impl0_ProducesRefl_Impl let%span s01_range0 = "../01_range.rs" 43 14 43 45 - let%span span1 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span1 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span3 = "../01_range.rs" 32 8 38 9 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span7 = "../01_range.rs" 32 8 38 9 + use prelude.prelude.Int use prelude.prelude.IntSize use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'0 (self : Seq'0.t_seq isize) = - [%#span1] true - - predicate inv'0 (_x : Seq'0.t_seq isize) - - axiom inv'0 : forall x : Seq'0.t_seq isize . inv'0 x = true - - use prelude.prelude.Int - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq isize) : int - axiom len'0_spec : forall self : Seq'0.t_seq isize . ([%#span2] inv'0 self) -> ([%#span3] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq isize . [%#span1] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq isize = [%#span4] () + constant empty'0 : Seq'0.t_seq isize - function empty_len'0 (_1 : ()) : () = - [%#span6] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span5] len'0 (empty'0 : Seq'0.t_seq isize) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span2] len'0 (empty'0 : Seq'0.t_seq isize) = 0 use C01Range_Range_Type as Range'0 - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq isize) (x : int) : isize + function index_logic'0 (self : Seq'0.t_seq isize) (_2 : int) : isize use prelude.prelude.IntSize @@ -100,7 +63,7 @@ module C01Range_Impl0_ProducesRefl_Impl predicate produces'0 [#"../01_range.rs" 31 4 31 64] (self : Range'0.t_range) (visited : Seq'0.t_seq isize) (o : Range'0.t_range) = - [%#span7] C01Range_Range_Type.range_end self = C01Range_Range_Type.range_end o + [%#span3] C01Range_Range_Type.range_end self = C01Range_Range_Type.range_end o /\ C01Range_Range_Type.range_start self <= C01Range_Range_Type.range_start o /\ (len'0 visited > 0 -> C01Range_Range_Type.range_start o <= C01Range_Range_Type.range_end o) /\ len'0 visited @@ -121,75 +84,43 @@ module C01Range_Impl0_ProducesTrans_Impl let%span s01_range2 = "../01_range.rs" 50 14 50 42 - let%span span3 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span7 = "../01_range.rs" 32 8 38 9 - let%span span14 = "../01_range.rs" 32 8 38 9 + use prelude.prelude.Int use prelude.prelude.IntSize use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'0 (self : Seq'0.t_seq isize) = - [%#span3] true - - predicate inv'0 (_x : Seq'0.t_seq isize) - - axiom inv'0 : forall x : Seq'0.t_seq isize . inv'0 x = true - - use prelude.prelude.Int - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq isize) : int - axiom len'0_spec : forall self : Seq'0.t_seq isize . ([%#span4] inv'0 self) -> ([%#span5] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq isize . [%#span3] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq isize = [%#span6] () + constant empty'0 : Seq'0.t_seq isize - function empty_len'0 (_1 : ()) : () = - [%#span8] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span7] len'0 (empty'0 : Seq'0.t_seq isize) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span4] len'0 (empty'0 : Seq'0.t_seq isize) = 0 use C01Range_Range_Type as Range'0 - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq isize) (x : int) : isize + function index_logic'0 (self : Seq'0.t_seq isize) (_2 : int) : isize function concat'0 (self : Seq'0.t_seq isize) (other : Seq'0.t_seq isize) : Seq'0.t_seq isize - axiom concat'0_spec : forall self : Seq'0.t_seq isize, other : Seq'0.t_seq isize . ([%#span9] inv'0 self) - -> ([%#span10] inv'0 other) - -> ([%#span13] inv'0 (concat'0 self other)) - && ([%#span12] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq isize, other : Seq'0.t_seq isize . ([%#span6] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span11] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span5] len'0 (concat'0 self other) = len'0 self + len'0 other) use prelude.prelude.IntSize @@ -198,7 +129,7 @@ module C01Range_Impl0_ProducesTrans_Impl predicate produces'0 [#"../01_range.rs" 31 4 31 64] (self : Range'0.t_range) (visited : Seq'0.t_seq isize) (o : Range'0.t_range) = - [%#span14] C01Range_Range_Type.range_end self = C01Range_Range_Type.range_end o + [%#span7] C01Range_Range_Type.range_end self = C01Range_Range_Type.range_end o /\ C01Range_Range_Type.range_start self <= C01Range_Range_Type.range_start o /\ (len'0 visited > 0 -> C01Range_Range_Type.range_start o <= C01Range_Range_Type.range_end o) /\ len'0 visited @@ -245,41 +176,24 @@ module C01Range_Impl0_Next let%span span2 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span5 = "../01_range.rs" 32 8 38 9 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span8 = "../01_range.rs" 32 8 38 9 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span9 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 - - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 - - let%span span13 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - - let%span span14 = "../01_range.rs" 25 12 25 52 + let%span span10 = "../01_range.rs" 25 12 25 52 use prelude.prelude.IntSize - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'1 (self : Seq'0.t_seq isize) = - [%#span2] true - - predicate inv'1 (_x : Seq'0.t_seq isize) - - axiom inv'1 : forall x : Seq'0.t_seq isize . inv'1 x = true - predicate invariant'0 (self : isize) = [%#span2] true @@ -289,24 +203,19 @@ module C01Range_Impl0_Next use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'0 (self : Seq'0.t_seq isize) : int - axiom len'0_spec : forall self : Seq'0.t_seq isize . ([%#span3] inv'1 self) -> ([%#span4] len'0 self >= 0) - - constant empty'0 : Seq'0.t_seq isize = [%#span5] () + axiom len'0_spec : forall self : Seq'0.t_seq isize . [%#span3] len'0 self >= 0 - function empty_len'0 (_1 : ()) : () = - [%#span7] () + constant empty'0 : Seq'0.t_seq isize - axiom empty_len'0_spec : forall _1 : () . [%#span6] len'0 (empty'0 : Seq'0.t_seq isize) = 0 + function empty_len'0 (_1 : ()) : () - use seq.Seq + axiom empty_len'0_spec : forall _1 : () . [%#span4] len'0 (empty'0 : Seq'0.t_seq isize) = 0 - function index_logic'0 (self : Seq'0.t_seq isize) (x : int) : isize + function index_logic'0 (self : Seq'0.t_seq isize) (_2 : int) : isize use prelude.prelude.IntSize @@ -317,7 +226,7 @@ module C01Range_Impl0_Next predicate produces'0 [#"../01_range.rs" 31 4 31 64] (self : Range'0.t_range) (visited : Seq'0.t_seq isize) (o : Range'0.t_range) = - [%#span8] C01Range_Range_Type.range_end self = C01Range_Range_Type.range_end o + [%#span5] C01Range_Range_Type.range_end self = C01Range_Range_Type.range_end o /\ C01Range_Range_Type.range_start self <= C01Range_Range_Type.range_start o /\ (len'0 visited > 0 -> C01Range_Range_Type.range_start o <= C01Range_Range_Type.range_end o) /\ len'0 visited @@ -325,21 +234,18 @@ module C01Range_Impl0_Next /\ (forall i : int . 0 <= i /\ i < len'0 visited -> IntSize.to_int (index_logic'0 visited i) = IntSize.to_int (C01Range_Range_Type.range_start self) + i) - use seq.Seq - function singleton'0 (v : isize) : Seq'0.t_seq isize - axiom singleton'0_spec : forall v : isize . ([%#span9] inv'0 v) - -> ([%#span12] inv'1 (singleton'0 v)) - && ([%#span11] index_logic'0 (singleton'0 v) 0 = v) && ([%#span10] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : isize . ([%#span6] inv'0 v) + -> ([%#span8] index_logic'0 (singleton'0 v) 0 = v) && ([%#span7] len'0 (singleton'0 v) = 1) use prelude.prelude.Borrow predicate resolve'0 (self : borrowed (Range'0.t_range)) = - [%#span13] ^ self = * self + [%#span9] ^ self = * self predicate completed'0 [#"../01_range.rs" 23 4 23 35] (self : borrowed (Range'0.t_range)) = - [%#span14] resolve'0 self /\ C01Range_Range_Type.range_start ( * self) >= C01Range_Range_Type.range_end ( * self) + [%#span10] resolve'0 self /\ C01Range_Range_Type.range_start ( * self) >= C01Range_Range_Type.range_end ( * self) use prelude.prelude.Intrinsic @@ -428,59 +334,45 @@ module C01Range_SumRange let%span span12 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span20 = "../01_range.rs" 32 8 38 9 - - let%span span21 = "../01_range.rs" 48 15 48 32 + let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span22 = "../01_range.rs" 49 15 49 32 + let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span23 = "../01_range.rs" 50 14 50 42 + let%span span16 = "../01_range.rs" 32 8 38 9 - let%span span24 = "../01_range.rs" 46 4 46 10 + let%span span17 = "../01_range.rs" 48 15 48 32 - let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span18 = "../01_range.rs" 49 15 49 32 - let%span span26 = "../01_range.rs" 43 14 43 45 + let%span span19 = "../01_range.rs" 50 14 50 42 - let%span span27 = "../01_range.rs" 41 4 41 10 + let%span span20 = "../01_range.rs" 46 4 46 10 - let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span21 = "../01_range.rs" 43 14 43 45 - let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span22 = "../01_range.rs" 41 4 41 10 - let%span span30 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span32 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span33 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span34 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span27 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span35 = "../01_range.rs" 25 12 25 52 + let%span span28 = "../01_range.rs" 25 12 25 52 - let%span span36 = "../01_range.rs" 53 14 56 5 + let%span span29 = "../01_range.rs" 53 14 56 5 - let%span span37 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span30 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span38 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span31 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span39 = "../01_range.rs" 69 14 69 28 + let%span span32 = "../01_range.rs" 69 14 69 28 use prelude.prelude.IntSize @@ -504,29 +396,19 @@ module C01Range_SumRange use C01Range_Range_Type as Range'0 - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq isize) (x : int) : isize - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq isize) (_2 : int) : isize function len'0 (self : Seq'0.t_seq isize) : int - axiom len'0_spec : forall self : Seq'0.t_seq isize . ([%#span13] inv'1 self) -> ([%#span14] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq isize . [%#span13] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq isize) (other : Seq'0.t_seq isize) : Seq'0.t_seq isize - axiom concat'0_spec : forall self : Seq'0.t_seq isize, other : Seq'0.t_seq isize . ([%#span15] inv'1 self) - -> ([%#span16] inv'1 other) - -> ([%#span19] inv'1 (concat'0 self other)) - && ([%#span18] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq isize, other : Seq'0.t_seq isize . ([%#span15] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span17] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span14] len'0 (concat'0 self other) = len'0 self + len'0 other) use prelude.prelude.IntSize @@ -535,7 +417,7 @@ module C01Range_SumRange predicate produces'0 [#"../01_range.rs" 31 4 31 64] (self : Range'0.t_range) (visited : Seq'0.t_seq isize) (o : Range'0.t_range) = - [%#span20] C01Range_Range_Type.range_end self = C01Range_Range_Type.range_end o + [%#span16] C01Range_Range_Type.range_end self = C01Range_Range_Type.range_end o /\ C01Range_Range_Type.range_start self <= C01Range_Range_Type.range_start o /\ (len'0 visited > 0 -> C01Range_Range_Type.range_start o <= C01Range_Range_Type.range_end o) /\ len'0 visited @@ -546,17 +428,17 @@ module C01Range_SumRange function produces_trans'0 [#"../01_range.rs" 51 4 51 90] (a : Range'0.t_range) (ab : Seq'0.t_seq isize) (b : Range'0.t_range) (bc : Seq'0.t_seq isize) (c : Range'0.t_range) : () = - [%#span24] () + [%#span20] () - axiom produces_trans'0_spec : forall a : Range'0.t_range, ab : Seq'0.t_seq isize, b : Range'0.t_range, bc : Seq'0.t_seq isize, c : Range'0.t_range . ([%#span21] produces'0 a ab b) - -> ([%#span22] produces'0 b bc c) -> ([%#span23] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : Range'0.t_range, ab : Seq'0.t_seq isize, b : Range'0.t_range, bc : Seq'0.t_seq isize, c : Range'0.t_range . ([%#span17] produces'0 a ab b) + -> ([%#span18] produces'0 b bc c) -> ([%#span19] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq isize = [%#span25] () + constant empty'0 : Seq'0.t_seq isize function produces_refl'0 [#"../01_range.rs" 44 4 44 26] (self : Range'0.t_range) : () = - [%#span27] () + [%#span22] () - axiom produces_refl'0_spec : forall self : Range'0.t_range . [%#span26] produces'0 self (empty'0 : Seq'0.t_seq isize) self + axiom produces_refl'0_spec : forall self : Range'0.t_range . [%#span21] produces'0 self (empty'0 : Seq'0.t_seq isize) self predicate invariant'0 (self : Range'0.t_range) = [%#span12] true @@ -565,35 +447,31 @@ module C01Range_SumRange axiom inv'0 : forall x : Range'0.t_range . inv'0 x = true - function empty_len'0 (_1 : ()) : () = - [%#span29] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span28] len'0 (empty'0 : Seq'0.t_seq isize) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span23] len'0 (empty'0 : Seq'0.t_seq isize) = 0 use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic - use seq.Seq - function singleton'0 (v : isize) : Seq'0.t_seq isize - axiom singleton'0_spec : forall v : isize . ([%#span30] inv'2 v) - -> ([%#span33] inv'1 (singleton'0 v)) - && ([%#span32] index_logic'0 (singleton'0 v) 0 = v) && ([%#span31] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : isize . ([%#span24] inv'2 v) + -> ([%#span26] index_logic'0 (singleton'0 v) 0 = v) && ([%#span25] len'0 (singleton'0 v) = 1) use Core_Option_Option_Type as Option'0 use prelude.prelude.Borrow predicate resolve'0 (self : borrowed (Range'0.t_range)) = - [%#span34] ^ self = * self + [%#span27] ^ self = * self predicate completed'0 [#"../01_range.rs" 23 4 23 35] (self : borrowed (Range'0.t_range)) = - [%#span35] resolve'0 self /\ C01Range_Range_Type.range_start ( * self) >= C01Range_Range_Type.range_end ( * self) + [%#span28] resolve'0 self /\ C01Range_Range_Type.range_start ( * self) >= C01Range_Range_Type.range_end ( * self) let rec next'0 (self:borrowed (Range'0.t_range)) (return' (ret:Option'0.t_option isize))= any - [ return' (result:Option'0.t_option isize)-> {[%#span36] match result with + [ return' (result:Option'0.t_option isize)-> {[%#span29] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} @@ -608,14 +486,14 @@ module C01Range_SumRange function new'1 (x : Seq'0.t_seq isize) : Snapshot'0.t_snapshot (Seq'0.t_seq isize) - axiom new'1_spec : forall x : Seq'0.t_seq isize . ([%#span37] inv'1 x) -> ([%#span38] deref'1 (new'1 x) = x) + axiom new'1_spec : forall x : Seq'0.t_seq isize . ([%#span30] inv'1 x) -> ([%#span31] deref'1 (new'1 x) = x) function new'0 (x : Range'0.t_range) : Snapshot'0.t_snapshot (Range'0.t_range) - axiom new'0_spec : forall x : Range'0.t_range . ([%#span37] inv'0 x) -> ([%#span38] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : Range'0.t_range . ([%#span30] inv'0 x) -> ([%#span31] deref'0 (new'0 x) = x) let rec into_iter'0 (self:Range'0.t_range) (return' (ret:Range'0.t_range))= any - [ return' (result:Range'0.t_range)-> {[%#span39] result = self} (! return' {result}) ] + [ return' (result:Range'0.t_range)-> {[%#span32] result = self} (! return' {result}) ] let rec sum_range (n:isize) (return' (ret:isize))= {[%#s01_range10] IntSize.to_int n >= 0} @@ -680,73 +558,52 @@ module C01Range_Impl0 let%span span3 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span10 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span11 = "../01_range.rs" 25 12 25 52 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span8 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span9 = "../01_range.rs" 25 12 25 52 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span18 = "../01_range.rs" 32 8 38 9 + let%span span12 = "../01_range.rs" 32 8 38 9 use prelude.prelude.IntSize - predicate invariant'4 (self : isize) = + predicate invariant'3 (self : isize) = [%#span3] true - predicate inv'4 (_x : isize) + predicate inv'3 (_x : isize) - axiom inv'4 : forall x : isize . inv'4 x = true + axiom inv'3 : forall x : isize . inv'3 x = true use Core_Option_Option_Type as Option'0 - predicate invariant'3 (self : Option'0.t_option isize) = + predicate invariant'2 (self : Option'0.t_option isize) = [%#span3] true - predicate inv'3 (_x : Option'0.t_option isize) + predicate inv'2 (_x : Option'0.t_option isize) - axiom inv'3 : forall x : Option'0.t_option isize . inv'3 x = true + axiom inv'2 : forall x : Option'0.t_option isize . inv'2 x = true use C01Range_Range_Type as Range'0 use prelude.prelude.Borrow - predicate invariant'2 (self : borrowed (Range'0.t_range)) = - [%#span3] true - - predicate inv'2 (_x : borrowed (Range'0.t_range)) - - axiom inv'2 : forall x : borrowed (Range'0.t_range) . inv'2 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'1 (self : Seq'0.t_seq isize) = + predicate invariant'1 (self : borrowed (Range'0.t_range)) = [%#span3] true - predicate inv'1 (_x : Seq'0.t_seq isize) + predicate inv'1 (_x : borrowed (Range'0.t_range)) - axiom inv'1 : forall x : Seq'0.t_seq isize . inv'1 x = true + axiom inv'1 : forall x : borrowed (Range'0.t_range) . inv'1 x = true predicate invariant'0 (self : Range'0.t_range) = [%#span3] true @@ -757,54 +614,43 @@ module C01Range_Impl0 use prelude.prelude.Int - use seq.Seq - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - function index_logic'0 (self : Seq'0.t_seq isize) (x : int) : isize + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq isize) (_2 : int) : isize function len'0 (self : Seq'0.t_seq isize) : int - axiom len'0_spec : forall self : Seq'0.t_seq isize . ([%#span4] inv'1 self) -> ([%#span5] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq isize . [%#span4] len'0 self >= 0 function singleton'0 (v : isize) : Seq'0.t_seq isize - axiom singleton'0_spec : forall v : isize . ([%#span6] inv'4 v) - -> ([%#span9] inv'1 (singleton'0 v)) - && ([%#span8] index_logic'0 (singleton'0 v) 0 = v) && ([%#span7] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : isize . ([%#span5] inv'3 v) + -> ([%#span7] index_logic'0 (singleton'0 v) 0 = v) && ([%#span6] len'0 (singleton'0 v) = 1) use C01Range_Range_Type as C01Range_Range_Type predicate resolve'0 (self : borrowed (Range'0.t_range)) = - [%#span10] ^ self = * self + [%#span8] ^ self = * self predicate completed'0 [#"../01_range.rs" 23 4 23 35] (self : borrowed (Range'0.t_range)) = - [%#span11] resolve'0 self /\ C01Range_Range_Type.range_start ( * self) >= C01Range_Range_Type.range_end ( * self) - - use seq.Seq + [%#span9] resolve'0 self /\ C01Range_Range_Type.range_start ( * self) >= C01Range_Range_Type.range_end ( * self) function concat'0 (self : Seq'0.t_seq isize) (other : Seq'0.t_seq isize) : Seq'0.t_seq isize - axiom concat'0_spec : forall self : Seq'0.t_seq isize, other : Seq'0.t_seq isize . ([%#span12] inv'1 self) - -> ([%#span13] inv'1 other) - -> ([%#span16] inv'1 (concat'0 self other)) - && ([%#span15] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq isize, other : Seq'0.t_seq isize . ([%#span11] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span14] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span10] len'0 (concat'0 self other) = len'0 self + len'0 other) - constant empty'0 : Seq'0.t_seq isize = [%#span17] () + constant empty'0 : Seq'0.t_seq isize use prelude.prelude.IntSize predicate produces'0 [#"../01_range.rs" 31 4 31 64] (self : Range'0.t_range) (visited : Seq'0.t_seq isize) (o : Range'0.t_range) = - [%#span18] C01Range_Range_Type.range_end self = C01Range_Range_Type.range_end o + [%#span12] C01Range_Range_Type.range_end self = C01Range_Range_Type.range_end o /\ C01Range_Range_Type.range_start self <= C01Range_Range_Type.range_start o /\ (len'0 visited > 0 -> C01Range_Range_Type.range_start o <= C01Range_Range_Type.range_end o) /\ len'0 visited @@ -812,23 +658,23 @@ module C01Range_Impl0 /\ (forall i : int . 0 <= i /\ i < len'0 visited -> IntSize.to_int (index_logic'0 visited i) = IntSize.to_int (C01Range_Range_Type.range_start self) + i) - constant empty'0 : Seq'0.t_seq isize = [%#span17] () + constant empty'0 : Seq'0.t_seq isize goal produces_refl_refn : [%#s01_range0] forall self : Range'0.t_range . inv'0 self -> (forall result : () . produces'0 self (empty'0 : Seq'0.t_seq isize) self -> produces'0 self (empty'1 : Seq'0.t_seq isize) self) goal produces_trans_refn : [%#s01_range1] forall a : Range'0.t_range . forall ab : Seq'0.t_seq isize . forall b : Range'0.t_range . forall bc : Seq'0.t_seq isize . forall c : Range'0.t_range . inv'0 c - /\ inv'1 bc /\ inv'0 b /\ inv'1 ab /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b + /\ inv'0 b /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (concat'0 ab bc) c -> produces'0 a (concat'0 ab bc) c) - goal next_refn : [%#s01_range2] forall self : borrowed (Range'0.t_range) . inv'2 self + goal next_refn : [%#s01_range2] forall self : borrowed (Range'0.t_range) . inv'1 self -> (forall result : Option'0.t_option isize . match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end - -> inv'3 result + -> inv'2 result /\ match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) diff --git a/creusot/tests/should_succeed/iterators/02_iter_mut.coma b/creusot/tests/should_succeed/iterators/02_iter_mut.coma index 6aa49f4e9b..d55a37c654 100644 --- a/creusot/tests/should_succeed/iterators/02_iter_mut.coma +++ b/creusot/tests/should_succeed/iterators/02_iter_mut.coma @@ -20,22 +20,7 @@ module C02IterMut_IterMut_Type end end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C02IterMut_Impl1_ProducesRefl_Impl type t @@ -44,130 +29,93 @@ module C02IterMut_Impl1_ProducesRefl_Impl let%span s02_iter_mut1 = "../02_iter_mut.rs" 49 14 49 45 - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span7 = "" 0 0 0 0 - - let%span span8 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - - let%span span9 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span10 = "../../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span11 = "../02_iter_mut.rs" 22 20 22 64 + let%span span4 = "" 0 0 0 0 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span5 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span6 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span7 = "../02_iter_mut.rs" 22 20 22 64 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span17 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 + let%span span10 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 - let%span span18 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span11 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span19 = "../../../../../creusot-contracts/src/std/slice.rs" 67 23 67 27 + let%span span12 = "../../../../../creusot-contracts/src/std/slice.rs" 67 23 67 27 - let%span span20 = "../../../../../creusot-contracts/src/std/slice.rs" 64 14 64 41 + let%span span13 = "../../../../../creusot-contracts/src/std/slice.rs" 64 14 64 41 - let%span span21 = "../../../../../creusot-contracts/src/std/slice.rs" 65 4 65 82 + let%span span14 = "../../../../../creusot-contracts/src/std/slice.rs" 65 4 65 82 - let%span span22 = "../../../../../creusot-contracts/src/std/slice.rs" 66 4 66 85 + let%span span15 = "../../../../../creusot-contracts/src/std/slice.rs" 66 4 66 85 - let%span span23 = "../../../../../creusot-contracts/src/std/slice.rs" 67 4 67 43 - - let%span span24 = "../02_iter_mut.rs" 39 12 43 13 + let%span span16 = "../02_iter_mut.rs" 39 12 43 13 use prelude.prelude.Slice - predicate invariant'4 (self : slice t) - - predicate inv'4 (_x : slice t) - - axiom inv'4 : forall x : slice t . inv'4 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'3 (self : Seq'0.t_seq t) + predicate invariant'2 (self : slice t) - predicate inv'3 (_x : Seq'0.t_seq t) + predicate inv'2 (_x : slice t) - axiom inv'3 : forall x : Seq'0.t_seq t . inv'3 x = true + axiom inv'2 : forall x : slice t . inv'2 x = true use prelude.prelude.Borrow - predicate invariant'2 (self : borrowed (slice t)) + predicate invariant'1 (self : borrowed (slice t)) - predicate inv'2 (_x : borrowed (slice t)) + predicate inv'1 (_x : borrowed (slice t)) - axiom inv'2 : forall x : borrowed (slice t) . inv'2 x = true + axiom inv'1 : forall x : borrowed (slice t) . inv'1 x = true use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span2] inv'3 self) -> ([%#span3] len'0 self >= 0) - - constant empty'1 : Seq'0.t_seq t = [%#span4] () - - function empty_len'1 (_1 : ()) : () = - [%#span6] () + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span2] len'0 self >= 0 - axiom empty_len'1_spec : forall _1 : () . [%#span5] len'0 (empty'1 : Seq'0.t_seq t) = 0 + constant empty'1 : Seq'0.t_seq t - predicate invariant'1 (self : Seq'0.t_seq (borrowed t)) + function empty_len'1 (_1 : ()) : () - predicate inv'1 (_x : Seq'0.t_seq (borrowed t)) - - axiom inv'1 : forall x : Seq'0.t_seq (borrowed t) . inv'1 x = true - - use seq.Seq + axiom empty_len'1_spec : forall _1 : () . [%#span3] len'0 (empty'1 : Seq'0.t_seq t) = 0 function len'1 (self : Seq'0.t_seq (borrowed t)) : int - axiom len'1_spec : forall self : Seq'0.t_seq (borrowed t) . ([%#span2] inv'1 self) -> ([%#span3] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq (borrowed t) . [%#span2] len'1 self >= 0 - constant empty'0 : Seq'0.t_seq (borrowed t) = [%#span4] () + constant empty'0 : Seq'0.t_seq (borrowed t) - function empty_len'0 (_1 : ()) : () = - [%#span6] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span5] len'1 (empty'0 : Seq'0.t_seq (borrowed t)) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span3] len'1 (empty'0 : Seq'0.t_seq (borrowed t)) = 0 use prelude.prelude.UIntSize use prelude.prelude.UIntSize - constant max'0 : usize = [%#span7] (18446744073709551615 : usize) + constant max'0 : usize = [%#span4] (18446744073709551615 : usize) function shallow_model'1 (self : slice t) : Seq'0.t_seq t - axiom shallow_model'1_spec : forall self : slice t . ([%#span8] inv'4 self) - -> ([%#span10] inv'3 (shallow_model'1 self)) - && ([%#span9] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'1_spec : forall self : slice t . ([%#span5] inv'2 self) + -> ([%#span6] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) use C02IterMut_IterMut_Type as C02IterMut_IterMut_Type use C02IterMut_IterMut_Type as IterMut'0 predicate invariant'0 [#"../02_iter_mut.rs" 20 4 20 30] (self : IterMut'0.t_itermut t) = - [%#span11] len'0 (shallow_model'1 ( ^ C02IterMut_IterMut_Type.itermut_inner self)) + [%#span7] len'0 (shallow_model'1 ( ^ C02IterMut_IterMut_Type.itermut_inner self)) = len'0 (shallow_model'1 ( * C02IterMut_IterMut_Type.itermut_inner self)) predicate inv'0 (_x : IterMut'0.t_itermut t) @@ -178,46 +126,38 @@ module C02IterMut_Impl1_ProducesRefl_Impl | IterMut'0.C_IterMut inner -> true end) - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq (borrowed t)) (x : int) : borrowed t + function index_logic'0 (self : Seq'0.t_seq (borrowed t)) (_2 : int) : borrowed t function concat'0 (self : Seq'0.t_seq (borrowed t)) (other : Seq'0.t_seq (borrowed t)) : Seq'0.t_seq (borrowed t) - axiom concat'0_spec : forall self : Seq'0.t_seq (borrowed t), other : Seq'0.t_seq (borrowed t) . ([%#span12] inv'1 self) - -> ([%#span13] inv'1 other) - -> ([%#span16] inv'1 (concat'0 self other)) - && ([%#span15] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq (borrowed t), other : Seq'0.t_seq (borrowed t) . ([%#span9] forall i : int . 0 + <= i + /\ i < len'1 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'1 self then index_logic'0 self i else index_logic'0 other (i - len'1 self))) - && ([%#span14] len'1 (concat'0 self other) = len'1 self + len'1 other) - - use seq.Seq + && ([%#span8] len'1 (concat'0 self other) = len'1 self + len'1 other) - function index_logic'2 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'2 (self : Seq'0.t_seq t) (_2 : int) : t function index_logic'1 [@inline:trivial] (self : slice t) (ix : int) : t = - [%#span17] index_logic'2 (shallow_model'1 self) ix + [%#span10] index_logic'2 (shallow_model'1 self) ix function shallow_model'0 (self : borrowed (slice t)) : Seq'0.t_seq t = - [%#span18] shallow_model'1 ( * self) + [%#span11] shallow_model'1 ( * self) function to_mut_seq'0 (self : borrowed (slice t)) : Seq'0.t_seq (borrowed t) - axiom to_mut_seq'0_spec : forall self : borrowed (slice t) . ([%#span19] inv'2 self) - -> ([%#span23] inv'1 (to_mut_seq'0 self)) - && ([%#span22] forall i : int . 0 <= i /\ i < len'1 (to_mut_seq'0 self) + axiom to_mut_seq'0_spec : forall self : borrowed (slice t) . ([%#span12] inv'1 self) + -> ([%#span15] forall i : int . 0 <= i /\ i < len'1 (to_mut_seq'0 self) -> ^ index_logic'0 (to_mut_seq'0 self) i = index_logic'1 ( ^ self) i) - && ([%#span21] forall i : int . 0 <= i /\ i < len'1 (to_mut_seq'0 self) + && ([%#span14] forall i : int . 0 <= i /\ i < len'1 (to_mut_seq'0 self) -> * index_logic'0 (to_mut_seq'0 self) i = index_logic'1 ( * self) i) - && ([%#span20] len'1 (to_mut_seq'0 self) = len'0 (shallow_model'0 self)) + && ([%#span13] len'1 (to_mut_seq'0 self) = len'0 (shallow_model'0 self)) predicate produces'0 [#"../02_iter_mut.rs" 37 4 37 65] (self : IterMut'0.t_itermut t) (visited : Seq'0.t_seq (borrowed t)) (tl : IterMut'0.t_itermut t) = - [%#span24] len'0 (shallow_model'0 (C02IterMut_IterMut_Type.itermut_inner self)) + [%#span16] len'0 (shallow_model'0 (C02IterMut_IterMut_Type.itermut_inner self)) = len'1 visited + len'0 (shallow_model'0 (C02IterMut_IterMut_Type.itermut_inner tl)) /\ (forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 (C02IterMut_IterMut_Type.itermut_inner self)) -> * index_logic'0 (to_mut_seq'0 (C02IterMut_IterMut_Type.itermut_inner self)) i @@ -241,140 +181,99 @@ module C02IterMut_Impl1_ProducesTrans_Impl let%span s02_iter_mut2 = "../02_iter_mut.rs" 57 22 57 23 - let%span s02_iter_mut3 = "../02_iter_mut.rs" 57 31 57 33 - - let%span s02_iter_mut4 = "../02_iter_mut.rs" 57 52 57 53 - - let%span s02_iter_mut5 = "../02_iter_mut.rs" 57 61 57 63 - - let%span s02_iter_mut6 = "../02_iter_mut.rs" 57 82 57 83 - - let%span s02_iter_mut7 = "../02_iter_mut.rs" 56 14 56 42 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span s02_iter_mut3 = "../02_iter_mut.rs" 57 52 57 53 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span s02_iter_mut4 = "../02_iter_mut.rs" 57 82 57 83 - let%span span13 = "" 0 0 0 0 + let%span s02_iter_mut5 = "../02_iter_mut.rs" 56 14 56 42 - let%span span14 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span15 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span16 = "../../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 - - let%span span17 = "../02_iter_mut.rs" 22 20 22 64 - - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span8 = "" 0 0 0 0 - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span9 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span10 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span11 = "../02_iter_mut.rs" 22 20 22 64 - let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span23 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 + let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span24 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span14 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 - let%span span25 = "../../../../../creusot-contracts/src/std/slice.rs" 67 23 67 27 + let%span span15 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span26 = "../../../../../creusot-contracts/src/std/slice.rs" 64 14 64 41 + let%span span16 = "../../../../../creusot-contracts/src/std/slice.rs" 67 23 67 27 - let%span span27 = "../../../../../creusot-contracts/src/std/slice.rs" 65 4 65 82 + let%span span17 = "../../../../../creusot-contracts/src/std/slice.rs" 64 14 64 41 - let%span span28 = "../../../../../creusot-contracts/src/std/slice.rs" 66 4 66 85 + let%span span18 = "../../../../../creusot-contracts/src/std/slice.rs" 65 4 65 82 - let%span span29 = "../../../../../creusot-contracts/src/std/slice.rs" 67 4 67 43 + let%span span19 = "../../../../../creusot-contracts/src/std/slice.rs" 66 4 66 85 - let%span span30 = "../02_iter_mut.rs" 39 12 43 13 + let%span span20 = "../02_iter_mut.rs" 39 12 43 13 use prelude.prelude.Slice - predicate invariant'4 (self : slice t) + predicate invariant'2 (self : slice t) - predicate inv'4 (_x : slice t) + predicate inv'2 (_x : slice t) - axiom inv'4 : forall x : slice t . inv'4 x = true + axiom inv'2 : forall x : slice t . inv'2 x = true use prelude.prelude.Borrow - predicate invariant'3 (self : borrowed (slice t)) - - predicate inv'3 (_x : borrowed (slice t)) - - axiom inv'3 : forall x : borrowed (slice t) . inv'3 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'2 (self : Seq'0.t_seq t) + predicate invariant'1 (self : borrowed (slice t)) - predicate inv'2 (_x : Seq'0.t_seq t) + predicate inv'1 (_x : borrowed (slice t)) - axiom inv'2 : forall x : Seq'0.t_seq t . inv'2 x = true + axiom inv'1 : forall x : borrowed (slice t) . inv'1 x = true use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span8] inv'2 self) -> ([%#span9] len'0 self >= 0) - - constant empty'1 : Seq'0.t_seq t = [%#span10] () + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span6] len'0 self >= 0 - function empty_len'1 (_1 : ()) : () = - [%#span12] () + constant empty'1 : Seq'0.t_seq t - axiom empty_len'1_spec : forall _1 : () . [%#span11] len'0 (empty'1 : Seq'0.t_seq t) = 0 + function empty_len'1 (_1 : ()) : () - use seq.Seq - - predicate inv'1 (_x : Seq'0.t_seq (borrowed t)) + axiom empty_len'1_spec : forall _1 : () . [%#span7] len'0 (empty'1 : Seq'0.t_seq t) = 0 function len'1 (self : Seq'0.t_seq (borrowed t)) : int - axiom len'1_spec : forall self : Seq'0.t_seq (borrowed t) . ([%#span8] inv'1 self) -> ([%#span9] len'1 self >= 0) - - constant empty'0 : Seq'0.t_seq (borrowed t) = [%#span10] () + axiom len'1_spec : forall self : Seq'0.t_seq (borrowed t) . [%#span6] len'1 self >= 0 - function empty_len'0 (_1 : ()) : () = - [%#span12] () + constant empty'0 : Seq'0.t_seq (borrowed t) - axiom empty_len'0_spec : forall _1 : () . [%#span11] len'1 (empty'0 : Seq'0.t_seq (borrowed t)) = 0 + function empty_len'0 (_1 : ()) : () - predicate invariant'1 (self : Seq'0.t_seq (borrowed t)) - - axiom inv'1 : forall x : Seq'0.t_seq (borrowed t) . inv'1 x = true + axiom empty_len'0_spec : forall _1 : () . [%#span7] len'1 (empty'0 : Seq'0.t_seq (borrowed t)) = 0 use prelude.prelude.UIntSize use prelude.prelude.UIntSize - constant max'0 : usize = [%#span13] (18446744073709551615 : usize) + constant max'0 : usize = [%#span8] (18446744073709551615 : usize) function shallow_model'1 (self : slice t) : Seq'0.t_seq t - axiom shallow_model'1_spec : forall self : slice t . ([%#span14] inv'4 self) - -> ([%#span16] inv'2 (shallow_model'1 self)) - && ([%#span15] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'1_spec : forall self : slice t . ([%#span9] inv'2 self) + -> ([%#span10] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) use C02IterMut_IterMut_Type as C02IterMut_IterMut_Type use C02IterMut_IterMut_Type as IterMut'0 predicate invariant'0 [#"../02_iter_mut.rs" 20 4 20 30] (self : IterMut'0.t_itermut t) = - [%#span17] len'0 (shallow_model'1 ( ^ C02IterMut_IterMut_Type.itermut_inner self)) + [%#span11] len'0 (shallow_model'1 ( ^ C02IterMut_IterMut_Type.itermut_inner self)) = len'0 (shallow_model'1 ( * C02IterMut_IterMut_Type.itermut_inner self)) predicate inv'0 (_x : IterMut'0.t_itermut t) @@ -385,46 +284,38 @@ module C02IterMut_Impl1_ProducesTrans_Impl | IterMut'0.C_IterMut inner -> true end) - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq (borrowed t)) (x : int) : borrowed t + function index_logic'0 (self : Seq'0.t_seq (borrowed t)) (_2 : int) : borrowed t function concat'0 (self : Seq'0.t_seq (borrowed t)) (other : Seq'0.t_seq (borrowed t)) : Seq'0.t_seq (borrowed t) - axiom concat'0_spec : forall self : Seq'0.t_seq (borrowed t), other : Seq'0.t_seq (borrowed t) . ([%#span18] inv'1 self) - -> ([%#span19] inv'1 other) - -> ([%#span22] inv'1 (concat'0 self other)) - && ([%#span21] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq (borrowed t), other : Seq'0.t_seq (borrowed t) . ([%#span13] forall i : int . 0 + <= i + /\ i < len'1 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'1 self then index_logic'0 self i else index_logic'0 other (i - len'1 self))) - && ([%#span20] len'1 (concat'0 self other) = len'1 self + len'1 other) - - use seq.Seq + && ([%#span12] len'1 (concat'0 self other) = len'1 self + len'1 other) - function index_logic'2 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'2 (self : Seq'0.t_seq t) (_2 : int) : t function index_logic'1 [@inline:trivial] (self : slice t) (ix : int) : t = - [%#span23] index_logic'2 (shallow_model'1 self) ix + [%#span14] index_logic'2 (shallow_model'1 self) ix function shallow_model'0 (self : borrowed (slice t)) : Seq'0.t_seq t = - [%#span24] shallow_model'1 ( * self) + [%#span15] shallow_model'1 ( * self) function to_mut_seq'0 (self : borrowed (slice t)) : Seq'0.t_seq (borrowed t) - axiom to_mut_seq'0_spec : forall self : borrowed (slice t) . ([%#span25] inv'3 self) - -> ([%#span29] inv'1 (to_mut_seq'0 self)) - && ([%#span28] forall i : int . 0 <= i /\ i < len'1 (to_mut_seq'0 self) + axiom to_mut_seq'0_spec : forall self : borrowed (slice t) . ([%#span16] inv'1 self) + -> ([%#span19] forall i : int . 0 <= i /\ i < len'1 (to_mut_seq'0 self) -> ^ index_logic'0 (to_mut_seq'0 self) i = index_logic'1 ( ^ self) i) - && ([%#span27] forall i : int . 0 <= i /\ i < len'1 (to_mut_seq'0 self) + && ([%#span18] forall i : int . 0 <= i /\ i < len'1 (to_mut_seq'0 self) -> * index_logic'0 (to_mut_seq'0 self) i = index_logic'1 ( * self) i) - && ([%#span26] len'1 (to_mut_seq'0 self) = len'0 (shallow_model'0 self)) + && ([%#span17] len'1 (to_mut_seq'0 self) = len'0 (shallow_model'0 self)) predicate produces'0 [#"../02_iter_mut.rs" 37 4 37 65] (self : IterMut'0.t_itermut t) (visited : Seq'0.t_seq (borrowed t)) (tl : IterMut'0.t_itermut t) = - [%#span30] len'0 (shallow_model'0 (C02IterMut_IterMut_Type.itermut_inner self)) + [%#span20] len'0 (shallow_model'0 (C02IterMut_IterMut_Type.itermut_inner self)) = len'1 visited + len'0 (shallow_model'0 (C02IterMut_IterMut_Type.itermut_inner tl)) /\ (forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 (C02IterMut_IterMut_Type.itermut_inner self)) -> * index_logic'0 (to_mut_seq'0 (C02IterMut_IterMut_Type.itermut_inner self)) i @@ -445,13 +336,11 @@ module C02IterMut_Impl1_ProducesTrans_Impl function produces_trans [#"../02_iter_mut.rs" 57 4 57 90] (a : IterMut'0.t_itermut t) (ab : Seq'0.t_seq (borrowed t)) (b : IterMut'0.t_itermut t) (bc : Seq'0.t_seq (borrowed t)) (c : IterMut'0.t_itermut t) : () - goal vc_produces_trans : ([%#s02_iter_mut6] inv'0 c) - -> ([%#s02_iter_mut5] inv'1 bc) - -> ([%#s02_iter_mut4] inv'0 b) - -> ([%#s02_iter_mut3] inv'1 ab) + goal vc_produces_trans : ([%#s02_iter_mut4] inv'0 c) + -> ([%#s02_iter_mut3] inv'0 b) -> ([%#s02_iter_mut2] inv'0 a) -> ([%#s02_iter_mut1] produces'0 b bc c) - -> ([%#s02_iter_mut0] produces'0 a ab b) -> ([%#s02_iter_mut7] produces'0 a (concat'0 ab bc) c) + -> ([%#s02_iter_mut0] produces'0 a ab b) -> ([%#s02_iter_mut5] produces'0 a (concat'0 ab bc) c) end module Core_Option_Option_Type type t_option 't = @@ -478,89 +367,63 @@ module C02IterMut_Impl1_Next let%span s02_iter_mut2 = "../02_iter_mut.rs" 63 26 63 44 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span5 = "" 0 0 0 0 - - let%span span6 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span7 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span4 = "" 0 0 0 0 - let%span span8 = "../../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span5 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span9 = "../02_iter_mut.rs" 22 20 22 64 + let%span span6 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span7 = "../02_iter_mut.rs" 22 20 22 64 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span18 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span19 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span20 = "../../../../../creusot-contracts/src/std/slice.rs" 67 23 67 27 + let%span span11 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 - let%span span21 = "../../../../../creusot-contracts/src/std/slice.rs" 64 14 64 41 + let%span span12 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span22 = "../../../../../creusot-contracts/src/std/slice.rs" 65 4 65 82 + let%span span13 = "../../../../../creusot-contracts/src/std/slice.rs" 67 23 67 27 - let%span span23 = "../../../../../creusot-contracts/src/std/slice.rs" 66 4 66 85 + let%span span14 = "../../../../../creusot-contracts/src/std/slice.rs" 64 14 64 41 - let%span span24 = "../../../../../creusot-contracts/src/std/slice.rs" 67 4 67 43 + let%span span15 = "../../../../../creusot-contracts/src/std/slice.rs" 65 4 65 82 - let%span span25 = "../02_iter_mut.rs" 39 12 43 13 + let%span span16 = "../../../../../creusot-contracts/src/std/slice.rs" 66 4 66 85 - let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span17 = "../02_iter_mut.rs" 39 12 43 13 - let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span30 = "../../../../../creusot-contracts/src/logic/seq2.rs" 91 18 91 22 + let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 87 4 87 38 - let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 91 24 91 27 + let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 88 4 89 81 - let%span span32 = "../../../../../creusot-contracts/src/logic/seq2.rs" 88 4 88 38 + let%span span23 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span33 = "../../../../../creusot-contracts/src/logic/seq2.rs" 89 4 90 81 + let%span span24 = "../02_iter_mut.rs" 32 8 32 76 - let%span span34 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span span35 = "../02_iter_mut.rs" 32 8 32 76 + let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span span36 = "../../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 + let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span span37 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 + let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 62 8 62 39 - let%span span38 = "../../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 + let%span span29 = "" 0 0 0 0 - let%span span39 = "../../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 + let%span span30 = "../../../../../creusot-contracts/src/std/slice.rs" 269 18 276 9 - let%span span40 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 - - let%span span41 = "../../../../../creusot-contracts/src/logic/seq2.rs" 66 8 66 39 - - let%span span42 = "" 0 0 0 0 - - let%span span43 = "../../../../../creusot-contracts/src/std/slice.rs" 269 18 276 9 - - let%span span44 = "" 0 0 0 0 + let%span span31 = "" 0 0 0 0 use prelude.prelude.Slice @@ -572,59 +435,42 @@ module C02IterMut_Impl1_Next use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - predicate inv'7 (_x : Seq'0.t_seq t) - function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span3] inv'7 self) -> ([%#span4] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span3] len'0 self >= 0 use prelude.prelude.UIntSize use prelude.prelude.UIntSize - constant max'0 : usize = [%#span5] (18446744073709551615 : usize) + constant max'0 : usize = [%#span4] (18446744073709551615 : usize) - predicate inv'6 (_x : slice t) + predicate inv'5 (_x : slice t) function shallow_model'0 (self : slice t) : Seq'0.t_seq t - axiom shallow_model'0_spec : forall self : slice t . ([%#span6] inv'6 self) - -> ([%#span8] inv'7 (shallow_model'0 self)) - && ([%#span7] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : slice t . ([%#span5] inv'5 self) + -> ([%#span6] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) use C02IterMut_IterMut_Type as C02IterMut_IterMut_Type use C02IterMut_IterMut_Type as IterMut'0 - predicate invariant'8 [#"../02_iter_mut.rs" 20 4 20 30] (self : IterMut'0.t_itermut t) = - [%#span9] len'0 (shallow_model'0 ( ^ C02IterMut_IterMut_Type.itermut_inner self)) + predicate invariant'6 [#"../02_iter_mut.rs" 20 4 20 30] (self : IterMut'0.t_itermut t) = + [%#span7] len'0 (shallow_model'0 ( ^ C02IterMut_IterMut_Type.itermut_inner self)) = len'0 (shallow_model'0 ( * C02IterMut_IterMut_Type.itermut_inner self)) - predicate inv'8 (_x : IterMut'0.t_itermut t) + predicate inv'6 (_x : IterMut'0.t_itermut t) - axiom inv'8 : forall x : IterMut'0.t_itermut t . inv'8 x - = (invariant'8 x + axiom inv'6 : forall x : IterMut'0.t_itermut t . inv'6 x + = (invariant'6 x /\ match x with | IterMut'0.C_IterMut inner -> true end) - predicate invariant'7 (self : Seq'0.t_seq t) - - axiom inv'7 : forall x : Seq'0.t_seq t . inv'7 x = true - - predicate invariant'6 (self : slice t) - - axiom inv'6 : forall x : slice t . inv'6 x = true + predicate invariant'5 (self : slice t) - predicate invariant'5 (self : Seq'0.t_seq (borrowed t)) - - predicate inv'5 (_x : Seq'0.t_seq (borrowed t)) - - axiom inv'5 : forall x : Seq'0.t_seq (borrowed t) . inv'5 x = true + axiom inv'5 : forall x : slice t . inv'5 x = true predicate invariant'4 (self : borrowed t) @@ -632,12 +478,11 @@ module C02IterMut_Impl1_Next axiom inv'4 : forall x : borrowed t . inv'4 x = true - constant empty'0 : Seq'0.t_seq t = [%#span10] () + constant empty'0 : Seq'0.t_seq t - function empty_len'1 (_1 : ()) : () = - [%#span12] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span11] len'0 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span8] len'0 (empty'0 : Seq'0.t_seq t) = 0 predicate invariant'3 (self : borrowed (borrowed (slice t))) @@ -653,69 +498,58 @@ module C02IterMut_Impl1_Next axiom inv'2 : forall x : Option'0.t_option (borrowed t) . inv'2 x = true - use seq.Seq - function len'1 (self : Seq'0.t_seq (borrowed t)) : int - axiom len'1_spec : forall self : Seq'0.t_seq (borrowed t) . ([%#span3] inv'5 self) -> ([%#span4] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq (borrowed t) . [%#span3] len'1 self >= 0 - constant empty'1 : Seq'0.t_seq (borrowed t) = [%#span10] () + constant empty'1 : Seq'0.t_seq (borrowed t) - function empty_len'0 (_1 : ()) : () = - [%#span12] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span11] len'1 (empty'1 : Seq'0.t_seq (borrowed t)) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span8] len'1 (empty'1 : Seq'0.t_seq (borrowed t)) = 0 predicate invariant'1 (self : borrowed (IterMut'0.t_itermut t)) predicate inv'1 (_x : borrowed (IterMut'0.t_itermut t)) - axiom inv'1 : forall x : borrowed (IterMut'0.t_itermut t) . inv'1 x = (inv'8 ( * x) /\ inv'8 ( ^ x)) + axiom inv'1 : forall x : borrowed (IterMut'0.t_itermut t) . inv'1 x = (inv'6 ( * x) /\ inv'6 ( ^ x)) predicate invariant'0 (self : borrowed (slice t)) axiom inv'0 : forall x : borrowed (slice t) . inv'0 x = true - use seq.Seq - - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq (borrowed t)) (x : int) : borrowed t + function index_logic'1 (self : Seq'0.t_seq (borrowed t)) (_2 : int) : borrowed t function concat'0 (self : Seq'0.t_seq (borrowed t)) (other : Seq'0.t_seq (borrowed t)) : Seq'0.t_seq (borrowed t) - axiom concat'0_spec : forall self : Seq'0.t_seq (borrowed t), other : Seq'0.t_seq (borrowed t) . ([%#span13] inv'5 self) - -> ([%#span14] inv'5 other) - -> ([%#span17] inv'5 (concat'0 self other)) - && ([%#span16] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq (borrowed t), other : Seq'0.t_seq (borrowed t) . ([%#span10] forall i : int . 0 + <= i + /\ i < len'1 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'1 self then index_logic'1 self i else index_logic'1 other (i - len'1 self))) - && ([%#span15] len'1 (concat'0 self other) = len'1 self + len'1 other) + && ([%#span9] len'1 (concat'0 self other) = len'1 self + len'1 other) - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'2 (self : Seq'0.t_seq t) (_2 : int) : t function index_logic'0 [@inline:trivial] (self : slice t) (ix : int) : t = - [%#span18] index_logic'2 (shallow_model'0 self) ix + [%#span11] index_logic'2 (shallow_model'0 self) ix function shallow_model'1 (self : borrowed (slice t)) : Seq'0.t_seq t = - [%#span19] shallow_model'0 ( * self) + [%#span12] shallow_model'0 ( * self) function to_mut_seq'0 (self : borrowed (slice t)) : Seq'0.t_seq (borrowed t) - axiom to_mut_seq'0_spec : forall self : borrowed (slice t) . ([%#span20] inv'0 self) - -> ([%#span24] inv'5 (to_mut_seq'0 self)) - && ([%#span23] forall i : int . 0 <= i /\ i < len'1 (to_mut_seq'0 self) + axiom to_mut_seq'0_spec : forall self : borrowed (slice t) . ([%#span13] inv'0 self) + -> ([%#span16] forall i : int . 0 <= i /\ i < len'1 (to_mut_seq'0 self) -> ^ index_logic'1 (to_mut_seq'0 self) i = index_logic'0 ( ^ self) i) - && ([%#span22] forall i : int . 0 <= i /\ i < len'1 (to_mut_seq'0 self) + && ([%#span15] forall i : int . 0 <= i /\ i < len'1 (to_mut_seq'0 self) -> * index_logic'1 (to_mut_seq'0 self) i = index_logic'0 ( * self) i) - && ([%#span21] len'1 (to_mut_seq'0 self) = len'0 (shallow_model'1 self)) + && ([%#span14] len'1 (to_mut_seq'0 self) = len'0 (shallow_model'1 self)) predicate produces'0 [#"../02_iter_mut.rs" 37 4 37 65] (self : IterMut'0.t_itermut t) (visited : Seq'0.t_seq (borrowed t)) (tl : IterMut'0.t_itermut t) = - [%#span25] len'0 (shallow_model'1 (C02IterMut_IterMut_Type.itermut_inner self)) + [%#span17] len'0 (shallow_model'1 (C02IterMut_IterMut_Type.itermut_inner self)) = len'1 visited + len'0 (shallow_model'1 (C02IterMut_IterMut_Type.itermut_inner tl)) /\ (forall i : int . 0 <= i /\ i < len'0 (shallow_model'1 (C02IterMut_IterMut_Type.itermut_inner self)) -> * index_logic'1 (to_mut_seq'0 (C02IterMut_IterMut_Type.itermut_inner self)) i @@ -723,55 +557,44 @@ module C02IterMut_Impl1_Next /\ ^ index_logic'1 (to_mut_seq'0 (C02IterMut_IterMut_Type.itermut_inner self)) i = ^ index_logic'1 (concat'0 visited (to_mut_seq'0 (C02IterMut_IterMut_Type.itermut_inner tl))) i) - use seq.Seq - function singleton'0 (v : borrowed t) : Seq'0.t_seq (borrowed t) - axiom singleton'0_spec : forall v : borrowed t . ([%#span26] inv'4 v) - -> ([%#span29] inv'5 (singleton'0 v)) - && ([%#span28] index_logic'1 (singleton'0 v) 0 = v) && ([%#span27] len'1 (singleton'0 v) = 1) - - use seq.Seq + axiom singleton'0_spec : forall v : borrowed t . ([%#span18] inv'4 v) + -> ([%#span20] index_logic'1 (singleton'0 v) 0 = v) && ([%#span19] len'1 (singleton'0 v) = 1) predicate ext_eq'0 (self : Seq'0.t_seq t) (oth : Seq'0.t_seq t) - axiom ext_eq'0_spec : forall self : Seq'0.t_seq t, oth : Seq'0.t_seq t . ([%#span30] inv'7 self) - -> ([%#span31] inv'7 oth) - -> ([%#span33] len'0 self = len'0 oth + axiom ext_eq'0_spec : forall self : Seq'0.t_seq t, oth : Seq'0.t_seq t . ([%#span22] len'0 self = len'0 oth /\ (forall i : int . 0 <= i /\ i < len'0 self -> index_logic'2 self i = index_logic'2 oth i) -> ext_eq'0 self oth) - && ([%#span32] ext_eq'0 self oth -> self = oth) + && ([%#span21] ext_eq'0 self oth -> self = oth) predicate resolve'1 (self : borrowed (slice t)) = - [%#span34] ^ self = * self + [%#span23] ^ self = * self predicate completed'0 [#"../02_iter_mut.rs" 31 4 31 35] (self : borrowed (IterMut'0.t_itermut t)) = - [%#span35] resolve'1 (C02IterMut_IterMut_Type.itermut_inner ( * self)) + [%#span24] resolve'1 (C02IterMut_IterMut_Type.itermut_inner ( * self)) /\ ext_eq'0 (shallow_model'1 (C02IterMut_IterMut_Type.itermut_inner ( * self))) (empty'0 : Seq'0.t_seq t) use prelude.prelude.Intrinsic predicate resolve'0 (self : borrowed (IterMut'0.t_itermut t)) = - [%#span34] ^ self = * self - - use prelude.seq_ext.SeqExt + [%#span23] ^ self = * self function subsequence'0 (self : Seq'0.t_seq t) (n : int) (m : int) : Seq'0.t_seq t - axiom subsequence'0_spec : forall self : Seq'0.t_seq t, n : int, m : int . ([%#span36] 0 <= n + axiom subsequence'0_spec : forall self : Seq'0.t_seq t, n : int, m : int . ([%#span25] 0 <= n /\ n <= m /\ m <= len'0 self) - -> ([%#span37] inv'7 self) - -> ([%#span40] inv'7 (subsequence'0 self n m)) - && ([%#span39] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) + -> ([%#span27] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) -> index_logic'2 (subsequence'0 self n m) i = index_logic'2 self (n + i)) - && ([%#span38] len'0 (subsequence'0 self n m) = m - n) + && ([%#span26] len'0 (subsequence'0 self n m) = m - n) function tail'0 [@inline:trivial] (self : Seq'0.t_seq t) : Seq'0.t_seq t = - [%#span41] subsequence'0 self 1 (len'0 self) + [%#span28] subsequence'0 self 1 (len'0 self) - let rec take_first_mut'0 (self:borrowed (borrowed (slice t))) (return' (ret:Option'0.t_option (borrowed t)))= {[@expl:precondition] [%#span42] inv'3 self} + let rec take_first_mut'0 (self:borrowed (borrowed (slice t))) (return' (ret:Option'0.t_option (borrowed t)))= {[@expl:precondition] [%#span29] inv'3 self} any - [ return' (result:Option'0.t_option (borrowed t))-> {[%#span44] inv'2 result} - {[%#span43] match result with + [ return' (result:Option'0.t_option (borrowed t))-> {[%#span31] inv'2 result} + {[%#span30] match result with | Option'0.C_Some r -> * r = index_logic'0 ( * * self) 0 /\ ^ r = index_logic'0 ( ^ * self) 0 /\ len'0 (shallow_model'0 ( * * self)) > 0 @@ -825,33 +648,17 @@ module C02IterMut_Impl2_IntoIter let%span s02_iter_mut2 = "../02_iter_mut.rs" 70 26 70 30 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span8 = "" 0 0 0 0 - - let%span span9 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - - let%span span10 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - - let%span span11 = "../../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 - - let%span span12 = "../02_iter_mut.rs" 22 20 22 64 - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + let%span span5 = "" 0 0 0 0 - predicate invariant'3 (self : Seq'0.t_seq t) + let%span span6 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - predicate inv'3 (_x : Seq'0.t_seq t) + let%span span7 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - axiom inv'3 : forall x : Seq'0.t_seq t . inv'3 x = true + let%span span8 = "../02_iter_mut.rs" 22 20 22 64 use prelude.prelude.Slice @@ -863,20 +670,17 @@ module C02IterMut_Impl2_IntoIter use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span3] inv'3 self) -> ([%#span4] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span3] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq t = [%#span5] () + constant empty'0 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span7] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span6] len'0 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span4] len'0 (empty'0 : Seq'0.t_seq t) = 0 use prelude.prelude.Borrow @@ -890,20 +694,19 @@ module C02IterMut_Impl2_IntoIter use prelude.prelude.UIntSize - constant max'0 : usize = [%#span8] (18446744073709551615 : usize) + constant max'0 : usize = [%#span5] (18446744073709551615 : usize) function shallow_model'0 (self : slice t) : Seq'0.t_seq t - axiom shallow_model'0_spec : forall self : slice t . ([%#span9] inv'2 self) - -> ([%#span11] inv'3 (shallow_model'0 self)) - && ([%#span10] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : slice t . ([%#span6] inv'2 self) + -> ([%#span7] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) use C02IterMut_IterMut_Type as C02IterMut_IterMut_Type use C02IterMut_IterMut_Type as IterMut'0 predicate invariant'0 [#"../02_iter_mut.rs" 20 4 20 30] (self : IterMut'0.t_itermut t) = - [%#span12] len'0 (shallow_model'0 ( ^ C02IterMut_IterMut_Type.itermut_inner self)) + [%#span8] len'0 (shallow_model'0 ( ^ C02IterMut_IterMut_Type.itermut_inner self)) = len'0 (shallow_model'0 ( * C02IterMut_IterMut_Type.itermut_inner self)) predicate inv'0 (_x : IterMut'0.t_itermut t) @@ -1054,60 +857,50 @@ module C02IterMut_IterMut let%span span5 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span7 = "" 0 0 0 0 - let%span span8 = "" 0 0 0 0 + let%span span8 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span9 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 + let%span span9 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span10 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span10 = "../02_iter_mut.rs" 22 20 22 64 - let%span span11 = "../../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span12 = "../02_iter_mut.rs" 22 20 22 64 + let%span span12 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span13 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span14 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span15 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span16 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span16 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span17 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span17 = "../../../../../creusot-contracts/src/std/slice.rs" 199 20 199 24 - let%span span18 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span18 = "../../../../../creusot-contracts/src/std/slice.rs" 193 20 193 31 - let%span span19 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span19 = "../../../../../creusot-contracts/src/std/slice.rs" 187 20 187 24 - let%span span20 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span20 = "../../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 - let%span span21 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span21 = "" 0 0 0 0 - let%span span22 = "../../../../../creusot-contracts/src/std/slice.rs" 199 20 199 24 + let%span span22 = "" 0 0 0 0 - let%span span23 = "../../../../../creusot-contracts/src/std/slice.rs" 193 20 193 31 + let%span span23 = "../../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 - let%span span24 = "../../../../../creusot-contracts/src/std/slice.rs" 187 20 187 24 + let%span span24 = "../../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 - let%span span25 = "../../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 + let%span span25 = "../../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 - let%span span26 = "" 0 0 0 0 + let%span span26 = "../../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 let%span span27 = "" 0 0 0 0 - let%span span28 = "../../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 - - let%span span29 = "../../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 - - let%span span30 = "../../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 - - let%span span31 = "../../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 - - let%span span32 = "" 0 0 0 0 - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 predicate invariant'6 (self : Seq'0.t_seq t) @@ -1133,34 +926,29 @@ module C02IterMut_IterMut use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span6] inv'6 self) -> ([%#span7] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span6] len'0 self >= 0 use prelude.prelude.UIntSize use prelude.prelude.UIntSize - constant max'0 : usize = [%#span8] (18446744073709551615 : usize) + constant max'0 : usize = [%#span7] (18446744073709551615 : usize) predicate inv'1 (_x : slice t) function shallow_model'2 (self : slice t) : Seq'0.t_seq t - axiom shallow_model'2_spec : forall self : slice t . ([%#span9] inv'1 self) - -> ([%#span11] inv'6 (shallow_model'2 self)) - && ([%#span10] len'0 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'2_spec : forall self : slice t . ([%#span8] inv'1 self) + -> ([%#span9] len'0 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) use C02IterMut_IterMut_Type as C02IterMut_IterMut_Type use C02IterMut_IterMut_Type as IterMut'0 predicate invariant'4 [#"../02_iter_mut.rs" 20 4 20 30] (self : IterMut'0.t_itermut t) = - [%#span12] len'0 (shallow_model'2 ( ^ C02IterMut_IterMut_Type.itermut_inner self)) + [%#span10] len'0 (shallow_model'2 ( ^ C02IterMut_IterMut_Type.itermut_inner self)) = len'0 (shallow_model'2 ( * C02IterMut_IterMut_Type.itermut_inner self)) predicate inv'4 (_x : IterMut'0.t_itermut t) @@ -1171,12 +959,11 @@ module C02IterMut_IterMut | IterMut'0.C_IterMut inner -> true end) - constant empty'0 : Seq'0.t_seq t = [%#span13] () + constant empty'0 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span15] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span14] len'0 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span11] len'0 (empty'0 : Seq'0.t_seq t) = 0 use Alloc_Alloc_Global_Type as Global'0 @@ -1200,47 +987,46 @@ module C02IterMut_IterMut function shallow_model'3 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq t - axiom shallow_model'3_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span16] inv'0 self) - -> ([%#span18] inv'6 (shallow_model'3 self)) - && ([%#span17] len'0 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'3_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span12] inv'0 self) + -> ([%#span13] len'0 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'0 (self : Vec'0.t_vec t (Global'0.t_global)) = - [%#span19] inv'6 (shallow_model'3 self) + [%#span14] inv'6 (shallow_model'3 self) axiom inv'0 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'0 x = true function shallow_model'1 (self : borrowed (Vec'0.t_vec t (Global'0.t_global))) : Seq'0.t_seq t = - [%#span20] shallow_model'3 ( * self) + [%#span15] shallow_model'3 ( * self) function shallow_model'0 (self : borrowed (slice t)) : Seq'0.t_seq t = - [%#span20] shallow_model'2 ( * self) + [%#span15] shallow_model'2 ( * self) use prelude.prelude.Intrinsic predicate resolve'1 (self : borrowed (Vec'0.t_vec t (Global'0.t_global))) = - [%#span21] ^ self = * self + [%#span16] ^ self = * self predicate resolve'0 (self : borrowed (slice t)) = - [%#span21] ^ self = * self + [%#span16] ^ self = * self predicate resolve_elswhere'0 (self : RangeFull'0.t_rangefull) (_old : Seq'0.t_seq t) (_fin : Seq'0.t_seq t) = - [%#span22] true + [%#span17] true predicate has_value'0 (self : RangeFull'0.t_rangefull) (seq : Seq'0.t_seq t) (out : slice t) = - [%#span23] seq = shallow_model'2 out + [%#span18] seq = shallow_model'2 out predicate in_bounds'0 (self : RangeFull'0.t_rangefull) (_seq : Seq'0.t_seq t) = - [%#span24] true + [%#span19] true - let rec index_mut'0 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (index:RangeFull'0.t_rangefull) (return' (ret:borrowed (slice t)))= {[@expl:precondition] [%#span27] inv'5 index} - {[@expl:precondition] [%#span26] inv'3 self} - {[@expl:precondition] [%#span25] in_bounds'0 index (shallow_model'1 self)} + let rec index_mut'0 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (index:RangeFull'0.t_rangefull) (return' (ret:borrowed (slice t)))= {[@expl:precondition] [%#span22] inv'5 index} + {[@expl:precondition] [%#span21] inv'3 self} + {[@expl:precondition] [%#span20] in_bounds'0 index (shallow_model'1 self)} any - [ return' (result:borrowed (slice t))-> {[%#span32] inv'2 result} - {[%#span31] len'0 (shallow_model'3 ( ^ self)) = len'0 (shallow_model'1 self)} - {[%#span30] resolve_elswhere'0 index (shallow_model'1 self) (shallow_model'3 ( ^ self))} - {[%#span29] has_value'0 index (shallow_model'3 ( ^ self)) ( ^ result)} - {[%#span28] has_value'0 index (shallow_model'1 self) ( * result)} + [ return' (result:borrowed (slice t))-> {[%#span27] inv'2 result} + {[%#span26] len'0 (shallow_model'3 ( ^ self)) = len'0 (shallow_model'1 self)} + {[%#span25] resolve_elswhere'0 index (shallow_model'1 self) (shallow_model'3 ( ^ self))} + {[%#span24] has_value'0 index (shallow_model'3 ( ^ self)) ( ^ result)} + {[%#span23] has_value'0 index (shallow_model'1 self) ( * result)} (! return' {result}) ] @@ -1319,160 +1105,132 @@ module C02IterMut_AllZero let%span span11 = "" 0 0 0 0 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span14 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - - let%span span15 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span16 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span13 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span17 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span14 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span15 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span19 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span20 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span21 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 - let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span22 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span26 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 + let%span span23 = "../../../../../creusot-contracts/src/std/slice.rs" 67 23 67 27 - let%span span27 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span24 = "../../../../../creusot-contracts/src/std/slice.rs" 64 14 64 41 - let%span span28 = "../../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span25 = "../../../../../creusot-contracts/src/std/slice.rs" 65 4 65 82 - let%span span29 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 + let%span span26 = "../../../../../creusot-contracts/src/std/slice.rs" 66 4 66 85 - let%span span30 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span27 = "../02_iter_mut.rs" 39 12 43 13 - let%span span31 = "../../../../../creusot-contracts/src/std/slice.rs" 67 23 67 27 + let%span span28 = "../02_iter_mut.rs" 54 15 54 32 - let%span span32 = "../../../../../creusot-contracts/src/std/slice.rs" 64 14 64 41 + let%span span29 = "../02_iter_mut.rs" 55 15 55 32 - let%span span33 = "../../../../../creusot-contracts/src/std/slice.rs" 65 4 65 82 + let%span span30 = "../02_iter_mut.rs" 57 22 57 23 - let%span span34 = "../../../../../creusot-contracts/src/std/slice.rs" 66 4 66 85 + let%span span31 = "../02_iter_mut.rs" 57 52 57 53 - let%span span35 = "../../../../../creusot-contracts/src/std/slice.rs" 67 4 67 43 + let%span span32 = "../02_iter_mut.rs" 57 82 57 83 - let%span span36 = "../02_iter_mut.rs" 39 12 43 13 + let%span span33 = "../02_iter_mut.rs" 56 14 56 42 - let%span span37 = "../02_iter_mut.rs" 54 15 54 32 + let%span span34 = "../02_iter_mut.rs" 52 4 52 10 - let%span span38 = "../02_iter_mut.rs" 55 15 55 32 + let%span span35 = "../02_iter_mut.rs" 50 21 50 25 - let%span span39 = "../02_iter_mut.rs" 57 22 57 23 + let%span span36 = "../02_iter_mut.rs" 49 14 49 45 - let%span span40 = "../02_iter_mut.rs" 57 31 57 33 + let%span span37 = "../02_iter_mut.rs" 47 4 47 10 - let%span span41 = "../02_iter_mut.rs" 57 52 57 53 + let%span span38 = "../02_iter_mut.rs" 22 20 22 64 - let%span span42 = "../02_iter_mut.rs" 57 61 57 63 + let%span span39 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span43 = "../02_iter_mut.rs" 57 82 57 83 + let%span span40 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span44 = "../02_iter_mut.rs" 56 14 56 42 + let%span span41 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span45 = "../02_iter_mut.rs" 52 4 52 10 + let%span span42 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span46 = "../02_iter_mut.rs" 50 21 50 25 + let%span span43 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span47 = "../02_iter_mut.rs" 49 14 49 45 + let%span span44 = "../../../../../creusot-contracts/src/logic/seq2.rs" 87 4 87 38 - let%span span48 = "../02_iter_mut.rs" 47 4 47 10 + let%span span45 = "../../../../../creusot-contracts/src/logic/seq2.rs" 88 4 89 81 - let%span span49 = "../02_iter_mut.rs" 22 20 22 64 + let%span span46 = "../02_iter_mut.rs" 32 8 32 76 - let%span span50 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span47 = "../02_iter_mut.rs" 63 17 63 21 - let%span span51 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span48 = "../02_iter_mut.rs" 59 14 62 5 - let%span span52 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span49 = "../02_iter_mut.rs" 63 26 63 44 - let%span span53 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span50 = "../../../../../creusot-contracts/src/logic/ops.rs" 87 8 87 33 - let%span span54 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span51 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span55 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span52 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span56 = "../../../../../creusot-contracts/src/logic/seq2.rs" 91 18 91 22 + let%span span53 = "../02_iter_mut.rs" 70 17 70 21 - let%span span57 = "../../../../../creusot-contracts/src/logic/seq2.rs" 91 24 91 27 + let%span span54 = "../02_iter_mut.rs" 69 14 69 28 - let%span span58 = "../../../../../creusot-contracts/src/logic/seq2.rs" 88 4 88 38 + let%span span55 = "../02_iter_mut.rs" 70 26 70 30 - let%span span59 = "../../../../../creusot-contracts/src/logic/seq2.rs" 89 4 90 81 + let%span span56 = "../02_iter_mut.rs" 78 19 78 20 - let%span span60 = "../02_iter_mut.rs" 32 8 32 76 + let%span span57 = "../02_iter_mut.rs" 75 10 75 29 - let%span span61 = "../02_iter_mut.rs" 63 17 63 21 + let%span span58 = "../02_iter_mut.rs" 76 10 76 35 - let%span span62 = "../02_iter_mut.rs" 59 14 62 5 + let%span span59 = "../02_iter_mut.rs" 77 10 77 33 - let%span span63 = "../02_iter_mut.rs" 63 26 63 44 + let%span span60 = "../02_iter_mut.rs" 78 41 78 55 - let%span span64 = "../../../../../creusot-contracts/src/logic/ops.rs" 87 8 87 33 - - let%span span65 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - - let%span span66 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - - let%span span67 = "../02_iter_mut.rs" 70 17 70 21 - - let%span span68 = "../02_iter_mut.rs" 69 14 69 28 - - let%span span69 = "../02_iter_mut.rs" 70 26 70 30 - - let%span span70 = "../02_iter_mut.rs" 78 19 78 20 - - let%span span71 = "../02_iter_mut.rs" 75 10 75 29 + use prelude.prelude.UIntSize - let%span span72 = "../02_iter_mut.rs" 76 10 76 35 + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - let%span span73 = "../02_iter_mut.rs" 77 10 77 33 + predicate invariant'9 (self : Seq'0.t_seq usize) = + [%#span10] true - let%span span74 = "../02_iter_mut.rs" 78 41 78 55 + predicate inv'9 (_x : Seq'0.t_seq usize) - use prelude.prelude.UIntSize + axiom inv'9 : forall x : Seq'0.t_seq usize . inv'9 x = true use prelude.prelude.Slice use prelude.prelude.Borrow - predicate invariant'9 (self : borrowed (slice usize)) = - [%#span10] true - - predicate inv'9 (_x : borrowed (slice usize)) - - axiom inv'9 : forall x : borrowed (slice usize) . inv'9 x = true - - predicate invariant'8 (self : slice usize) = + predicate invariant'8 (self : borrowed (slice usize)) = [%#span10] true - predicate inv'8 (_x : slice usize) - - axiom inv'8 : forall x : slice usize . inv'8 x = true + predicate inv'8 (_x : borrowed (slice usize)) - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + axiom inv'8 : forall x : borrowed (slice usize) . inv'8 x = true - predicate invariant'7 (self : Seq'0.t_seq usize) = + predicate invariant'7 (self : slice usize) = [%#span10] true - predicate inv'7 (_x : Seq'0.t_seq usize) + predicate inv'7 (_x : slice usize) - axiom inv'7 : forall x : Seq'0.t_seq usize . inv'7 x = true + axiom inv'7 : forall x : slice usize . inv'7 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -1484,24 +1242,19 @@ module C02IterMut_AllZero constant max'0 : usize = [%#span11] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'1 (self : Seq'0.t_seq usize) : int - axiom len'1_spec : forall self : Seq'0.t_seq usize . ([%#span12] inv'7 self) -> ([%#span13] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq usize . [%#span12] len'1 self >= 0 predicate inv'6 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span14] inv'6 self) - -> ([%#span16] inv'7 (shallow_model'0 self)) - && ([%#span15] len'1 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span13] inv'6 self) + -> ([%#span14] len'1 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'6 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span17] inv'7 (shallow_model'0 self) + [%#span15] inv'9 (shallow_model'0 self) axiom inv'6 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'6 x = true @@ -1546,69 +1299,56 @@ module C02IterMut_AllZero axiom inv'1 : forall x : borrowed (Vec'0.t_vec usize (Global'0.t_global)) . inv'1 x = true - constant empty'1 : Seq'0.t_seq usize = [%#span18] () - - function empty_len'1 (_1 : ()) : () = - [%#span20] () - - axiom empty_len'1_spec : forall _1 : () . [%#span19] len'1 (empty'1 : Seq'0.t_seq usize) = 0 - - use seq.Seq + constant empty'1 : Seq'0.t_seq usize - use seq.Seq + function empty_len'1 (_1 : ()) : () - function index_logic'2 (self : Seq'0.t_seq (borrowed usize)) (x : int) : borrowed usize + axiom empty_len'1_spec : forall _1 : () . [%#span16] len'1 (empty'1 : Seq'0.t_seq usize) = 0 - use seq.Seq + function index_logic'2 (self : Seq'0.t_seq (borrowed usize)) (_2 : int) : borrowed usize function len'0 (self : Seq'0.t_seq (borrowed usize)) : int - axiom len'0_spec : forall self : Seq'0.t_seq (borrowed usize) . ([%#span12] inv'2 self) - -> ([%#span13] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (borrowed usize) . [%#span12] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq (borrowed usize)) (other : Seq'0.t_seq (borrowed usize)) : Seq'0.t_seq (borrowed usize) - axiom concat'0_spec : forall self : Seq'0.t_seq (borrowed usize), other : Seq'0.t_seq (borrowed usize) . ([%#span21] inv'2 self) - -> ([%#span22] inv'2 other) - -> ([%#span25] inv'2 (concat'0 self other)) - && ([%#span24] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq (borrowed usize), other : Seq'0.t_seq (borrowed usize) . ([%#span18] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'2 (concat'0 self other) i = (if i < len'0 self then index_logic'2 self i else index_logic'2 other (i - len'0 self))) - && ([%#span23] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span17] len'0 (concat'0 self other) = len'0 self + len'0 other) - use seq.Seq - - function index_logic'3 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'3 (self : Seq'0.t_seq usize) (_2 : int) : usize function shallow_model'3 (self : slice usize) : Seq'0.t_seq usize - axiom shallow_model'3_spec : forall self : slice usize . ([%#span26] inv'8 self) - -> ([%#span28] inv'7 (shallow_model'3 self)) - && ([%#span27] len'1 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'3_spec : forall self : slice usize . ([%#span19] inv'7 self) + -> ([%#span20] len'1 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) function index_logic'4 [@inline:trivial] (self : slice usize) (ix : int) : usize = - [%#span29] index_logic'3 (shallow_model'3 self) ix + [%#span21] index_logic'3 (shallow_model'3 self) ix function shallow_model'2 (self : borrowed (slice usize)) : Seq'0.t_seq usize = - [%#span30] shallow_model'3 ( * self) + [%#span22] shallow_model'3 ( * self) function to_mut_seq'0 (self : borrowed (slice usize)) : Seq'0.t_seq (borrowed usize) - axiom to_mut_seq'0_spec : forall self : borrowed (slice usize) . ([%#span31] inv'9 self) - -> ([%#span35] inv'2 (to_mut_seq'0 self)) - && ([%#span34] forall i : int . 0 <= i /\ i < len'0 (to_mut_seq'0 self) + axiom to_mut_seq'0_spec : forall self : borrowed (slice usize) . ([%#span23] inv'8 self) + -> ([%#span26] forall i : int . 0 <= i /\ i < len'0 (to_mut_seq'0 self) -> ^ index_logic'2 (to_mut_seq'0 self) i = index_logic'4 ( ^ self) i) - && ([%#span33] forall i : int . 0 <= i /\ i < len'0 (to_mut_seq'0 self) + && ([%#span25] forall i : int . 0 <= i /\ i < len'0 (to_mut_seq'0 self) -> * index_logic'2 (to_mut_seq'0 self) i = index_logic'4 ( * self) i) - && ([%#span32] len'0 (to_mut_seq'0 self) = len'1 (shallow_model'2 self)) + && ([%#span24] len'0 (to_mut_seq'0 self) = len'1 (shallow_model'2 self)) use C02IterMut_IterMut_Type as C02IterMut_IterMut_Type predicate produces'0 [#"../02_iter_mut.rs" 37 4 37 65] (self : IterMut'0.t_itermut usize) (visited : Seq'0.t_seq (borrowed usize)) (tl : IterMut'0.t_itermut usize) = - [%#span36] len'1 (shallow_model'2 (C02IterMut_IterMut_Type.itermut_inner self)) + [%#span27] len'1 (shallow_model'2 (C02IterMut_IterMut_Type.itermut_inner self)) = len'0 visited + len'1 (shallow_model'2 (C02IterMut_IterMut_Type.itermut_inner tl)) /\ (forall i : int . 0 <= i /\ i < len'1 (shallow_model'2 (C02IterMut_IterMut_Type.itermut_inner self)) -> * index_logic'2 (to_mut_seq'0 (C02IterMut_IterMut_Type.itermut_inner self)) i @@ -1619,25 +1359,23 @@ module C02IterMut_AllZero function produces_trans'0 [#"../02_iter_mut.rs" 57 4 57 90] (a : IterMut'0.t_itermut usize) (ab : Seq'0.t_seq (borrowed usize)) (b : IterMut'0.t_itermut usize) (bc : Seq'0.t_seq (borrowed usize)) (c : IterMut'0.t_itermut usize) : () = - [%#span45] () + [%#span34] () - axiom produces_trans'0_spec : forall a : IterMut'0.t_itermut usize, ab : Seq'0.t_seq (borrowed usize), b : IterMut'0.t_itermut usize, bc : Seq'0.t_seq (borrowed usize), c : IterMut'0.t_itermut usize . ([%#span37] produces'0 a ab b) - -> ([%#span38] produces'0 b bc c) - -> ([%#span39] inv'0 a) - -> ([%#span40] inv'2 ab) - -> ([%#span41] inv'0 b) - -> ([%#span42] inv'2 bc) -> ([%#span43] inv'0 c) -> ([%#span44] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : IterMut'0.t_itermut usize, ab : Seq'0.t_seq (borrowed usize), b : IterMut'0.t_itermut usize, bc : Seq'0.t_seq (borrowed usize), c : IterMut'0.t_itermut usize . ([%#span28] produces'0 a ab b) + -> ([%#span29] produces'0 b bc c) + -> ([%#span30] inv'0 a) + -> ([%#span31] inv'0 b) -> ([%#span32] inv'0 c) -> ([%#span33] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq (borrowed usize) = [%#span18] () + constant empty'0 : Seq'0.t_seq (borrowed usize) function produces_refl'0 [#"../02_iter_mut.rs" 50 4 50 26] (self : IterMut'0.t_itermut usize) : () = - [%#span48] () + [%#span37] () - axiom produces_refl'0_spec : forall self : IterMut'0.t_itermut usize . ([%#span46] inv'0 self) - -> ([%#span47] produces'0 self (empty'0 : Seq'0.t_seq (borrowed usize)) self) + axiom produces_refl'0_spec : forall self : IterMut'0.t_itermut usize . ([%#span35] inv'0 self) + -> ([%#span36] produces'0 self (empty'0 : Seq'0.t_seq (borrowed usize)) self) predicate invariant'0 [#"../02_iter_mut.rs" 20 4 20 30] (self : IterMut'0.t_itermut usize) = - [%#span49] len'1 (shallow_model'3 ( ^ C02IterMut_IterMut_Type.itermut_inner self)) + [%#span38] len'1 (shallow_model'3 ( ^ C02IterMut_IterMut_Type.itermut_inner self)) = len'1 (shallow_model'3 ( * C02IterMut_IterMut_Type.itermut_inner self)) axiom inv'0 : forall x : IterMut'0.t_itermut usize . inv'0 x @@ -1646,56 +1384,48 @@ module C02IterMut_AllZero | IterMut'0.C_IterMut inner -> true end) - function empty_len'0 (_1 : ()) : () = - [%#span20] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span19] len'0 (empty'0 : Seq'0.t_seq (borrowed usize)) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span16] len'0 (empty'0 : Seq'0.t_seq (borrowed usize)) = 0 function index_logic'1 [@inline:trivial] (self : Vec'0.t_vec usize (Global'0.t_global)) (ix : int) : usize = - [%#span50] index_logic'3 (shallow_model'0 self) ix + [%#span39] index_logic'3 (shallow_model'0 self) ix function shallow_model'1 (self : borrowed (Vec'0.t_vec usize (Global'0.t_global))) : Seq'0.t_seq usize = - [%#span30] shallow_model'0 ( * self) + [%#span22] shallow_model'0 ( * self) use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic predicate resolve'1 (self : borrowed (Vec'0.t_vec usize (Global'0.t_global))) = - [%#span51] ^ self = * self + [%#span40] ^ self = * self predicate resolve'0 (self : borrowed usize) = - [%#span51] ^ self = * self - - use seq.Seq + [%#span40] ^ self = * self function singleton'0 (v : borrowed usize) : Seq'0.t_seq (borrowed usize) - axiom singleton'0_spec : forall v : borrowed usize . ([%#span52] inv'5 v) - -> ([%#span55] inv'2 (singleton'0 v)) - && ([%#span54] index_logic'2 (singleton'0 v) 0 = v) && ([%#span53] len'0 (singleton'0 v) = 1) - - use seq.Seq + axiom singleton'0_spec : forall v : borrowed usize . ([%#span41] inv'5 v) + -> ([%#span43] index_logic'2 (singleton'0 v) 0 = v) && ([%#span42] len'0 (singleton'0 v) = 1) predicate ext_eq'0 (self : Seq'0.t_seq usize) (oth : Seq'0.t_seq usize) - axiom ext_eq'0_spec : forall self : Seq'0.t_seq usize, oth : Seq'0.t_seq usize . ([%#span56] inv'7 self) - -> ([%#span57] inv'7 oth) - -> ([%#span59] len'1 self = len'1 oth + axiom ext_eq'0_spec : forall self : Seq'0.t_seq usize, oth : Seq'0.t_seq usize . ([%#span45] len'1 self = len'1 oth /\ (forall i : int . 0 <= i /\ i < len'1 self -> index_logic'3 self i = index_logic'3 oth i) -> ext_eq'0 self oth) - && ([%#span58] ext_eq'0 self oth -> self = oth) + && ([%#span44] ext_eq'0 self oth -> self = oth) predicate resolve'2 (self : borrowed (slice usize)) = - [%#span51] ^ self = * self + [%#span40] ^ self = * self predicate completed'0 [#"../02_iter_mut.rs" 31 4 31 35] (self : borrowed (IterMut'0.t_itermut usize)) = - [%#span60] resolve'2 (C02IterMut_IterMut_Type.itermut_inner ( * self)) + [%#span46] resolve'2 (C02IterMut_IterMut_Type.itermut_inner ( * self)) /\ ext_eq'0 (shallow_model'2 (C02IterMut_IterMut_Type.itermut_inner ( * self))) (empty'1 : Seq'0.t_seq usize) - let rec next'0 (self:borrowed (IterMut'0.t_itermut usize)) (return' (ret:Option'0.t_option (borrowed usize)))= {[@expl:precondition] [%#span61] inv'3 self} + let rec next'0 (self:borrowed (IterMut'0.t_itermut usize)) (return' (ret:Option'0.t_option (borrowed usize)))= {[@expl:precondition] [%#span47] inv'3 self} any - [ return' (result:Option'0.t_option (borrowed usize))-> {[%#span63] inv'4 result} - {[%#span62] match result with + [ return' (result:Option'0.t_option (borrowed usize))-> {[%#span49] inv'4 result} + {[%#span48] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} @@ -1707,7 +1437,7 @@ module C02IterMut_AllZero function index_logic'0 [@inline:trivial] (self : Snapshot'0.t_snapshot (Seq'0.t_seq (borrowed usize))) (ix : int) : borrowed usize = - [%#span64] index_logic'2 (deref'1 self) ix + [%#span50] index_logic'2 (deref'1 self) ix function inner'0 (self : Snapshot'0.t_snapshot (Seq'0.t_seq (borrowed usize))) : Seq'0.t_seq (borrowed usize) @@ -1715,26 +1445,26 @@ module C02IterMut_AllZero function new'1 (x : Seq'0.t_seq (borrowed usize)) : Snapshot'0.t_snapshot (Seq'0.t_seq (borrowed usize)) - axiom new'1_spec : forall x : Seq'0.t_seq (borrowed usize) . ([%#span65] inv'2 x) - -> ([%#span66] deref'1 (new'1 x) = x) + axiom new'1_spec : forall x : Seq'0.t_seq (borrowed usize) . ([%#span51] inv'2 x) + -> ([%#span52] deref'1 (new'1 x) = x) function new'0 (x : IterMut'0.t_itermut usize) : Snapshot'0.t_snapshot (IterMut'0.t_itermut usize) - axiom new'0_spec : forall x : IterMut'0.t_itermut usize . ([%#span65] inv'0 x) -> ([%#span66] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : IterMut'0.t_itermut usize . ([%#span51] inv'0 x) -> ([%#span52] deref'0 (new'0 x) = x) - let rec into_iter'0 (self:IterMut'0.t_itermut usize) (return' (ret:IterMut'0.t_itermut usize))= {[@expl:precondition] [%#span67] inv'0 self} + let rec into_iter'0 (self:IterMut'0.t_itermut usize) (return' (ret:IterMut'0.t_itermut usize))= {[@expl:precondition] [%#span53] inv'0 self} any - [ return' (result:IterMut'0.t_itermut usize)-> {[%#span69] inv'0 result} - {[%#span68] result = self} + [ return' (result:IterMut'0.t_itermut usize)-> {[%#span55] inv'0 result} + {[%#span54] result = self} (! return' {result}) ] - let rec iter_mut'0 (v:borrowed (Vec'0.t_vec usize (Global'0.t_global))) (return' (ret:IterMut'0.t_itermut usize))= {[@expl:precondition] [%#span70] inv'1 v} + let rec iter_mut'0 (v:borrowed (Vec'0.t_vec usize (Global'0.t_global))) (return' (ret:IterMut'0.t_itermut usize))= {[@expl:precondition] [%#span56] inv'1 v} any - [ return' (result:IterMut'0.t_itermut usize)-> {[%#span74] inv'0 result} - {[%#span73] len'1 (shallow_model'0 ( ^ v)) = len'1 (shallow_model'1 v)} - {[%#span72] shallow_model'3 ( ^ C02IterMut_IterMut_Type.itermut_inner result) = shallow_model'0 ( ^ v)} - {[%#span71] shallow_model'2 (C02IterMut_IterMut_Type.itermut_inner result) = shallow_model'1 v} + [ return' (result:IterMut'0.t_itermut usize)-> {[%#span60] inv'0 result} + {[%#span59] len'1 (shallow_model'0 ( ^ v)) = len'1 (shallow_model'1 v)} + {[%#span58] shallow_model'3 ( ^ C02IterMut_IterMut_Type.itermut_inner result) = shallow_model'0 ( ^ v)} + {[%#span57] shallow_model'2 (C02IterMut_IterMut_Type.itermut_inner result) = shallow_model'1 v} (! return' {result}) ] @@ -1824,103 +1554,69 @@ module C02IterMut_Impl1 let%span s02_iter_mut2 = "../02_iter_mut.rs" 57 4 57 90 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span4 = "" 0 0 0 0 - let%span span5 = "" 0 0 0 0 + let%span span5 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span6 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 + let%span span6 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span7 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span7 = "../02_iter_mut.rs" 22 20 22 64 - let%span span8 = "../../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span9 = "../02_iter_mut.rs" 22 20 22 64 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 - - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 - - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 - - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 - - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 91 18 91 22 + let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 87 4 87 38 - let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 91 24 91 27 + let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 88 4 89 81 - let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 88 4 88 38 + let%span span15 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 89 4 90 81 + let%span span16 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span17 = "../02_iter_mut.rs" 32 8 32 76 - let%span span24 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - - let%span span25 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - - let%span span26 = "../02_iter_mut.rs" 32 8 32 76 - - let%span span27 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 - - let%span span28 = "../../../../../creusot-contracts/src/std/slice.rs" 67 23 67 27 + let%span span18 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 - let%span span29 = "../../../../../creusot-contracts/src/std/slice.rs" 64 14 64 41 + let%span span19 = "../../../../../creusot-contracts/src/std/slice.rs" 67 23 67 27 - let%span span30 = "../../../../../creusot-contracts/src/std/slice.rs" 65 4 65 82 + let%span span20 = "../../../../../creusot-contracts/src/std/slice.rs" 64 14 64 41 - let%span span31 = "../../../../../creusot-contracts/src/std/slice.rs" 66 4 66 85 + let%span span21 = "../../../../../creusot-contracts/src/std/slice.rs" 65 4 65 82 - let%span span32 = "../../../../../creusot-contracts/src/std/slice.rs" 67 4 67 43 + let%span span22 = "../../../../../creusot-contracts/src/std/slice.rs" 66 4 66 85 - let%span span33 = "../02_iter_mut.rs" 39 12 43 13 + let%span span23 = "../02_iter_mut.rs" 39 12 43 13 use prelude.prelude.Slice - predicate invariant'7 (self : slice t) - - predicate inv'7 (_x : slice t) - - axiom inv'7 : forall x : slice t . inv'7 x = true + predicate invariant'5 (self : slice t) - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'6 (self : Seq'0.t_seq t) + predicate inv'5 (_x : slice t) - predicate inv'6 (_x : Seq'0.t_seq t) - - axiom inv'6 : forall x : Seq'0.t_seq t . inv'6 x = true + axiom inv'5 : forall x : slice t . inv'5 x = true use prelude.prelude.Borrow - predicate invariant'5 (self : borrowed (slice t)) + predicate invariant'4 (self : borrowed (slice t)) - predicate inv'5 (_x : borrowed (slice t)) + predicate inv'4 (_x : borrowed (slice t)) - axiom inv'5 : forall x : borrowed (slice t) . inv'5 x = true - - predicate invariant'4 (self : borrowed t) + axiom inv'4 : forall x : borrowed (slice t) . inv'4 x = true - predicate inv'4 (_x : borrowed t) - - axiom inv'4 : forall x : borrowed t . inv'4 x = true + predicate invariant'3 (self : borrowed t) - predicate invariant'3 (self : Seq'0.t_seq (borrowed t)) + predicate inv'3 (_x : borrowed t) - predicate inv'3 (_x : Seq'0.t_seq (borrowed t)) - - axiom inv'3 : forall x : Seq'0.t_seq (borrowed t) . inv'3 x = true + axiom inv'3 : forall x : borrowed t . inv'3 x = true use Core_Option_Option_Type as Option'0 @@ -1942,30 +1638,27 @@ module C02IterMut_Impl1 use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span3] inv'6 self) -> ([%#span4] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span3] len'0 self >= 0 use prelude.prelude.UIntSize use prelude.prelude.UIntSize - constant max'0 : usize = [%#span5] (18446744073709551615 : usize) + constant max'0 : usize = [%#span4] (18446744073709551615 : usize) function shallow_model'1 (self : slice t) : Seq'0.t_seq t - axiom shallow_model'1_spec : forall self : slice t . ([%#span6] inv'7 self) - -> ([%#span8] inv'6 (shallow_model'1 self)) - && ([%#span7] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'1_spec : forall self : slice t . ([%#span5] inv'5 self) + -> ([%#span6] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) use C02IterMut_IterMut_Type as C02IterMut_IterMut_Type predicate invariant'0 [#"../02_iter_mut.rs" 20 4 20 30] (self : IterMut'0.t_itermut t) = - [%#span9] len'0 (shallow_model'1 ( ^ C02IterMut_IterMut_Type.itermut_inner self)) + [%#span7] len'0 (shallow_model'1 ( ^ C02IterMut_IterMut_Type.itermut_inner self)) = len'0 (shallow_model'1 ( * C02IterMut_IterMut_Type.itermut_inner self)) axiom inv'0 : forall x : IterMut'0.t_itermut t . inv'0 x @@ -1974,81 +1667,64 @@ module C02IterMut_Impl1 | IterMut'0.C_IterMut inner -> true end) - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq (borrowed t)) (x : int) : borrowed t - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq (borrowed t)) (_2 : int) : borrowed t function len'1 (self : Seq'0.t_seq (borrowed t)) : int - axiom len'1_spec : forall self : Seq'0.t_seq (borrowed t) . ([%#span3] inv'3 self) -> ([%#span4] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq (borrowed t) . [%#span3] len'1 self >= 0 function concat'0 (self : Seq'0.t_seq (borrowed t)) (other : Seq'0.t_seq (borrowed t)) : Seq'0.t_seq (borrowed t) - axiom concat'0_spec : forall self : Seq'0.t_seq (borrowed t), other : Seq'0.t_seq (borrowed t) . ([%#span10] inv'3 self) - -> ([%#span11] inv'3 other) - -> ([%#span14] inv'3 (concat'0 self other)) - && ([%#span13] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq (borrowed t), other : Seq'0.t_seq (borrowed t) . ([%#span9] forall i : int . 0 + <= i + /\ i < len'1 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'1 self then index_logic'0 self i else index_logic'0 other (i - len'1 self))) - && ([%#span12] len'1 (concat'0 self other) = len'1 self + len'1 other) - - use seq.Seq + && ([%#span8] len'1 (concat'0 self other) = len'1 self + len'1 other) function singleton'0 (v : borrowed t) : Seq'0.t_seq (borrowed t) - axiom singleton'0_spec : forall v : borrowed t . ([%#span15] inv'4 v) - -> ([%#span18] inv'3 (singleton'0 v)) - && ([%#span17] index_logic'0 (singleton'0 v) 0 = v) && ([%#span16] len'1 (singleton'0 v) = 1) - - use seq.Seq - - use seq.Seq + axiom singleton'0_spec : forall v : borrowed t . ([%#span10] inv'3 v) + -> ([%#span12] index_logic'0 (singleton'0 v) 0 = v) && ([%#span11] len'1 (singleton'0 v) = 1) - function index_logic'2 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'2 (self : Seq'0.t_seq t) (_2 : int) : t predicate ext_eq'0 (self : Seq'0.t_seq t) (oth : Seq'0.t_seq t) - axiom ext_eq'0_spec : forall self : Seq'0.t_seq t, oth : Seq'0.t_seq t . ([%#span19] inv'6 self) - -> ([%#span20] inv'6 oth) - -> ([%#span22] len'0 self = len'0 oth + axiom ext_eq'0_spec : forall self : Seq'0.t_seq t, oth : Seq'0.t_seq t . ([%#span14] len'0 self = len'0 oth /\ (forall i : int . 0 <= i /\ i < len'0 self -> index_logic'2 self i = index_logic'2 oth i) -> ext_eq'0 self oth) - && ([%#span21] ext_eq'0 self oth -> self = oth) + && ([%#span13] ext_eq'0 self oth -> self = oth) - constant empty'2 : Seq'0.t_seq t = [%#span23] () + constant empty'2 : Seq'0.t_seq t function shallow_model'0 (self : borrowed (slice t)) : Seq'0.t_seq t = - [%#span24] shallow_model'1 ( * self) + [%#span15] shallow_model'1 ( * self) predicate resolve'0 (self : borrowed (slice t)) = - [%#span25] ^ self = * self + [%#span16] ^ self = * self predicate completed'0 [#"../02_iter_mut.rs" 31 4 31 35] (self : borrowed (IterMut'0.t_itermut t)) = - [%#span26] resolve'0 (C02IterMut_IterMut_Type.itermut_inner ( * self)) + [%#span17] resolve'0 (C02IterMut_IterMut_Type.itermut_inner ( * self)) /\ ext_eq'0 (shallow_model'0 (C02IterMut_IterMut_Type.itermut_inner ( * self))) (empty'2 : Seq'0.t_seq t) - constant empty'0 : Seq'0.t_seq (borrowed t) = [%#span23] () + constant empty'0 : Seq'0.t_seq (borrowed t) function index_logic'1 [@inline:trivial] (self : slice t) (ix : int) : t = - [%#span27] index_logic'2 (shallow_model'1 self) ix + [%#span18] index_logic'2 (shallow_model'1 self) ix function to_mut_seq'0 (self : borrowed (slice t)) : Seq'0.t_seq (borrowed t) - axiom to_mut_seq'0_spec : forall self : borrowed (slice t) . ([%#span28] inv'5 self) - -> ([%#span32] inv'3 (to_mut_seq'0 self)) - && ([%#span31] forall i : int . 0 <= i /\ i < len'1 (to_mut_seq'0 self) + axiom to_mut_seq'0_spec : forall self : borrowed (slice t) . ([%#span19] inv'4 self) + -> ([%#span22] forall i : int . 0 <= i /\ i < len'1 (to_mut_seq'0 self) -> ^ index_logic'0 (to_mut_seq'0 self) i = index_logic'1 ( ^ self) i) - && ([%#span30] forall i : int . 0 <= i /\ i < len'1 (to_mut_seq'0 self) + && ([%#span21] forall i : int . 0 <= i /\ i < len'1 (to_mut_seq'0 self) -> * index_logic'0 (to_mut_seq'0 self) i = index_logic'1 ( * self) i) - && ([%#span29] len'1 (to_mut_seq'0 self) = len'0 (shallow_model'0 self)) + && ([%#span20] len'1 (to_mut_seq'0 self) = len'0 (shallow_model'0 self)) predicate produces'0 [#"../02_iter_mut.rs" 37 4 37 65] (self : IterMut'0.t_itermut t) (visited : Seq'0.t_seq (borrowed t)) (tl : IterMut'0.t_itermut t) = - [%#span33] len'0 (shallow_model'0 (C02IterMut_IterMut_Type.itermut_inner self)) + [%#span23] len'0 (shallow_model'0 (C02IterMut_IterMut_Type.itermut_inner self)) = len'1 visited + len'0 (shallow_model'0 (C02IterMut_IterMut_Type.itermut_inner tl)) /\ (forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 (C02IterMut_IterMut_Type.itermut_inner self)) -> * index_logic'0 (to_mut_seq'0 (C02IterMut_IterMut_Type.itermut_inner self)) i @@ -2056,7 +1732,7 @@ module C02IterMut_Impl1 /\ ^ index_logic'0 (to_mut_seq'0 (C02IterMut_IterMut_Type.itermut_inner self)) i = ^ index_logic'0 (concat'0 visited (to_mut_seq'0 (C02IterMut_IterMut_Type.itermut_inner tl))) i) - constant empty'0 : Seq'0.t_seq (borrowed t) = [%#span23] () + constant empty'0 : Seq'0.t_seq (borrowed t) goal produces_refl_refn : [%#s02_iter_mut0] forall self : IterMut'0.t_itermut t . inv'0 self -> inv'0 self @@ -2077,11 +1753,9 @@ module C02IterMut_Impl1 end) goal produces_trans_refn : [%#s02_iter_mut2] forall a : IterMut'0.t_itermut t . forall ab : Seq'0.t_seq (borrowed t) . forall b : IterMut'0.t_itermut t . forall bc : Seq'0.t_seq (borrowed t) . forall c : IterMut'0.t_itermut t . inv'0 c - /\ inv'3 bc /\ inv'0 b /\ inv'3 ab /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b + /\ inv'0 b /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b -> inv'0 c - /\ inv'3 bc /\ inv'0 b - /\ inv'3 ab /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (concat'0 ab bc) c -> produces'0 a (concat'0 ab bc) c) diff --git a/creusot/tests/should_succeed/iterators/03_std_iterators.coma b/creusot/tests/should_succeed/iterators/03_std_iterators.coma index 6529879955..bf1a4ca083 100644 --- a/creusot/tests/should_succeed/iterators/03_std_iterators.coma +++ b/creusot/tests/should_succeed/iterators/03_std_iterators.coma @@ -50,22 +50,7 @@ module CreusotContracts_Snapshot_Snapshot_Type type t_snapshot 't end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module Core_Option_Option_Type type t_option 't = @@ -106,116 +91,88 @@ module C03StdIterators_SliceIter let%span s03_std_iterators9 = "../03_std_iterators.rs" 5 10 5 33 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span20 = "" 0 0 0 0 + let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span21 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 + let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span22 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span23 = "../../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span24 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 + let%span span14 = "" 0 0 0 0 - let%span span25 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span15 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span26 = "../../../../../creusot-contracts/src/std/slice.rs" 76 19 76 23 + let%span span16 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span27 = "../../../../../creusot-contracts/src/std/slice.rs" 74 14 74 41 + let%span span17 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 - let%span span28 = "../../../../../creusot-contracts/src/std/slice.rs" 75 4 75 82 + let%span span18 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span29 = "../../../../../creusot-contracts/src/std/slice.rs" 76 4 76 35 + let%span span19 = "../../../../../creusot-contracts/src/std/slice.rs" 76 19 76 23 - let%span span30 = "../../../../../creusot-contracts/src/std/slice.rs" 384 12 384 66 + let%span span20 = "../../../../../creusot-contracts/src/std/slice.rs" 74 14 74 41 - let%span span31 = "../../../../../creusot-contracts/src/std/slice.rs" 395 15 395 32 + let%span span21 = "../../../../../creusot-contracts/src/std/slice.rs" 75 4 75 82 - let%span span32 = "../../../../../creusot-contracts/src/std/slice.rs" 396 15 396 32 + let%span span22 = "../../../../../creusot-contracts/src/std/slice.rs" 384 12 384 66 - let%span span33 = "../../../../../creusot-contracts/src/std/slice.rs" 398 31 398 33 + let%span span23 = "../../../../../creusot-contracts/src/std/slice.rs" 395 15 395 32 - let%span span34 = "../../../../../creusot-contracts/src/std/slice.rs" 398 61 398 63 + let%span span24 = "../../../../../creusot-contracts/src/std/slice.rs" 396 15 396 32 - let%span span35 = "../../../../../creusot-contracts/src/std/slice.rs" 397 14 397 42 + let%span span25 = "../../../../../creusot-contracts/src/std/slice.rs" 397 14 397 42 - let%span span36 = "../../../../../creusot-contracts/src/std/slice.rs" 393 4 393 10 + let%span span26 = "../../../../../creusot-contracts/src/std/slice.rs" 393 4 393 10 - let%span span37 = "../../../../../creusot-contracts/src/std/slice.rs" 390 14 390 45 + let%span span27 = "../../../../../creusot-contracts/src/std/slice.rs" 390 14 390 45 - let%span span38 = "../../../../../creusot-contracts/src/std/slice.rs" 388 4 388 10 + let%span span28 = "../../../../../creusot-contracts/src/std/slice.rs" 388 4 388 10 - let%span span39 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span40 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span30 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span41 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span42 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span32 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span43 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span33 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span44 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span34 = "../../../../../creusot-contracts/src/std/slice.rs" 377 20 377 61 - let%span span45 = "../../../../../creusot-contracts/src/std/slice.rs" 377 20 377 61 + let%span span35 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - let%span span46 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 + let%span span36 = "" 0 0 0 0 - let%span span47 = "" 0 0 0 0 + let%span span37 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span48 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span38 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span49 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span39 = "../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - let%span span50 = "../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 + let%span span40 = "../../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - let%span span51 = "../../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 + let%span span41 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - let%span span52 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 + let%span span42 = "" 0 0 0 0 - let%span span53 = "" 0 0 0 0 + let%span span43 = "" 0 0 0 0 - let%span span54 = "" 0 0 0 0 + let%span span44 = "" 0 0 0 0 - let%span span55 = "" 0 0 0 0 - - let%span span56 = "../../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 + let%span span45 = "../../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 use prelude.prelude.Slice - predicate invariant'6 (self : slice t) + predicate invariant'5 (self : slice t) - predicate inv'6 (_x : slice t) + predicate inv'5 (_x : slice t) - axiom inv'6 : forall x : slice t . inv'6 x = true + axiom inv'5 : forall x : slice t . inv'5 x = true use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'5 (self : Seq'0.t_seq t) - - predicate inv'5 (_x : Seq'0.t_seq t) - - axiom inv'5 : forall x : Seq'0.t_seq t . inv'5 x = true - predicate invariant'4 (self : Seq'0.t_seq t) predicate inv'4 (_x : Seq'0.t_seq t) @@ -224,20 +181,15 @@ module C03StdIterators_SliceIter use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'1 (self : Seq'0.t_seq t) : int - axiom len'1_spec : forall self : Seq'0.t_seq t . ([%#span10] inv'5 self) -> ([%#span11] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq t . [%#span10] len'1 self >= 0 - constant empty'1 : Seq'0.t_seq t = [%#span12] () + constant empty'1 : Seq'0.t_seq t - function empty_len'1 (_1 : ()) : () = - [%#span14] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span13] len'1 (empty'1 : Seq'0.t_seq t) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span11] len'1 (empty'1 : Seq'0.t_seq t) = 0 predicate invariant'3 (self : t) @@ -257,80 +209,67 @@ module C03StdIterators_SliceIter use Core_Slice_Iter_Iter_Type as Iter'0 - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq t) (x : int) : t - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq t) (_2 : int) : t function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span10] inv'4 self) -> ([%#span11] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span10] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq t) (other : Seq'0.t_seq t) : Seq'0.t_seq t - axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span15] inv'4 self) - -> ([%#span16] inv'4 other) - -> ([%#span19] inv'4 (concat'0 self other)) - && ([%#span18] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span13] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span17] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span12] len'0 (concat'0 self other) = len'0 self + len'0 other) - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'2 (self : Seq'0.t_seq t) (_2 : int) : t use prelude.prelude.UIntSize use prelude.prelude.UIntSize - constant max'0 : usize = [%#span20] (18446744073709551615 : usize) + constant max'0 : usize = [%#span14] (18446744073709551615 : usize) function shallow_model'2 (self : slice t) : Seq'0.t_seq t - axiom shallow_model'2_spec : forall self : slice t . ([%#span21] inv'6 self) - -> ([%#span23] inv'5 (shallow_model'2 self)) - && ([%#span22] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'2_spec : forall self : slice t . ([%#span15] inv'5 self) + -> ([%#span16] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) function index_logic'1 [@inline:trivial] (self : slice t) (ix : int) : t = - [%#span24] index_logic'2 (shallow_model'2 self) ix + [%#span17] index_logic'2 (shallow_model'2 self) ix function shallow_model'0 (self : slice t) : Seq'0.t_seq t = - [%#span25] shallow_model'2 self + [%#span18] shallow_model'2 self predicate inv'0 (_x : slice t) function to_ref_seq'0 (self : slice t) : Seq'0.t_seq t - axiom to_ref_seq'0_spec : forall self : slice t . ([%#span26] inv'0 self) - -> ([%#span29] inv'4 (to_ref_seq'0 self)) - && ([%#span28] forall i : int . 0 <= i /\ i < len'0 (to_ref_seq'0 self) + axiom to_ref_seq'0_spec : forall self : slice t . ([%#span19] inv'0 self) + -> ([%#span21] forall i : int . 0 <= i /\ i < len'0 (to_ref_seq'0 self) -> index_logic'0 (to_ref_seq'0 self) i = index_logic'1 self i) - && ([%#span27] len'0 (to_ref_seq'0 self) = len'1 (shallow_model'0 self)) + && ([%#span20] len'0 (to_ref_seq'0 self) = len'1 (shallow_model'0 self)) function shallow_model'1 (self : Iter'0.t_iter t) : slice t predicate produces'0 (self : Iter'0.t_iter t) (visited : Seq'0.t_seq t) (tl : Iter'0.t_iter t) = - [%#span30] to_ref_seq'0 (shallow_model'1 self) = concat'0 visited (to_ref_seq'0 (shallow_model'1 tl)) + [%#span22] to_ref_seq'0 (shallow_model'1 self) = concat'0 visited (to_ref_seq'0 (shallow_model'1 tl)) function produces_trans'0 (a : Iter'0.t_iter t) (ab : Seq'0.t_seq t) (b : Iter'0.t_iter t) (bc : Seq'0.t_seq t) (c : Iter'0.t_iter t) : () = - [%#span36] () + [%#span26] () - axiom produces_trans'0_spec : forall a : Iter'0.t_iter t, ab : Seq'0.t_seq t, b : Iter'0.t_iter t, bc : Seq'0.t_seq t, c : Iter'0.t_iter t . ([%#span31] produces'0 a ab b) - -> ([%#span32] produces'0 b bc c) - -> ([%#span33] inv'4 ab) -> ([%#span34] inv'4 bc) -> ([%#span35] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : Iter'0.t_iter t, ab : Seq'0.t_seq t, b : Iter'0.t_iter t, bc : Seq'0.t_seq t, c : Iter'0.t_iter t . ([%#span23] produces'0 a ab b) + -> ([%#span24] produces'0 b bc c) -> ([%#span25] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq t = [%#span12] () + constant empty'0 : Seq'0.t_seq t function produces_refl'0 (self : Iter'0.t_iter t) : () = - [%#span38] () + [%#span28] () - axiom produces_refl'0_spec : forall self : Iter'0.t_iter t . [%#span37] produces'0 self (empty'0 : Seq'0.t_seq t) self + axiom produces_refl'0_spec : forall self : Iter'0.t_iter t . [%#span27] produces'0 self (empty'0 : Seq'0.t_seq t) self predicate invariant'1 (self : Iter'0.t_iter t) @@ -338,10 +277,9 @@ module C03StdIterators_SliceIter axiom inv'1 : forall x : Iter'0.t_iter t . inv'1 x = true - function empty_len'0 (_1 : ()) : () = - [%#span14] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span13] len'0 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span11] len'0 (empty'0 : Seq'0.t_seq t) = 0 predicate invariant'0 (self : slice t) @@ -355,28 +293,25 @@ module C03StdIterators_SliceIter predicate resolve'5 (self : t) - use seq.Seq - function singleton'0 (v : t) : Seq'0.t_seq t - axiom singleton'0_spec : forall v : t . ([%#span39] inv'3 v) - -> ([%#span42] inv'4 (singleton'0 v)) - && ([%#span41] index_logic'0 (singleton'0 v) 0 = v) && ([%#span40] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : t . ([%#span29] inv'3 v) + -> ([%#span31] index_logic'0 (singleton'0 v) 0 = v) && ([%#span30] len'0 (singleton'0 v) = 1) predicate resolve'4 (self : Option'0.t_option t) predicate resolve'3 (self : borrowed (Iter'0.t_iter t)) = - [%#span43] ^ self = * self + [%#span32] ^ self = * self function shallow_model'3 (self : borrowed (Iter'0.t_iter t)) : slice t = - [%#span44] shallow_model'1 ( * self) + [%#span33] shallow_model'1 ( * self) predicate completed'0 (self : borrowed (Iter'0.t_iter t)) = - [%#span45] resolve'3 self /\ shallow_model'2 (shallow_model'3 self) = (empty'1 : Seq'0.t_seq t) + [%#span34] resolve'3 self /\ shallow_model'2 (shallow_model'3 self) = (empty'1 : Seq'0.t_seq t) let rec next'0 (self:borrowed (Iter'0.t_iter t)) (return' (ret:Option'0.t_option t))= any - [ return' (result:Option'0.t_option t)-> {[%#span47] inv'2 result} - {[%#span46] match result with + [ return' (result:Option'0.t_option t)-> {[%#span36] inv'2 result} + {[%#span35] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} @@ -395,30 +330,30 @@ module C03StdIterators_SliceIter function new'1 (x : Seq'0.t_seq t) : Snapshot'0.t_snapshot (Seq'0.t_seq t) - axiom new'1_spec : forall x : Seq'0.t_seq t . ([%#span48] inv'4 x) -> ([%#span49] deref'0 (new'1 x) = x) + axiom new'1_spec : forall x : Seq'0.t_seq t . ([%#span37] inv'4 x) -> ([%#span38] deref'0 (new'1 x) = x) predicate resolve'1 (self : Snapshot'0.t_snapshot (Iter'0.t_iter t)) function new'0 (x : Iter'0.t_iter t) : Snapshot'0.t_snapshot (Iter'0.t_iter t) - axiom new'0_spec : forall x : Iter'0.t_iter t . ([%#span48] inv'1 x) -> ([%#span49] deref'1 (new'0 x) = x) + axiom new'0_spec : forall x : Iter'0.t_iter t . ([%#span37] inv'1 x) -> ([%#span38] deref'1 (new'0 x) = x) predicate into_iter_post'0 (self : Iter'0.t_iter t) (res : Iter'0.t_iter t) = - [%#span50] self = res + [%#span39] self = res predicate into_iter_pre'0 (self : Iter'0.t_iter t) = - [%#span51] true + [%#span40] true - let rec into_iter'0 (self:Iter'0.t_iter t) (return' (ret:Iter'0.t_iter t))= {[@expl:precondition] [%#span53] inv'1 self} - {[@expl:precondition] [%#span52] into_iter_pre'0 self} + let rec into_iter'0 (self:Iter'0.t_iter t) (return' (ret:Iter'0.t_iter t))= {[@expl:precondition] [%#span42] inv'1 self} + {[@expl:precondition] [%#span41] into_iter_pre'0 self} any - [ return' (result:Iter'0.t_iter t)-> {[%#span54] inv'1 result} - {[%#span52] into_iter_post'0 self result} + [ return' (result:Iter'0.t_iter t)-> {[%#span43] inv'1 result} + {[%#span41] into_iter_post'0 self result} (! return' {result}) ] - let rec iter'0 (self:slice t) (return' (ret:Iter'0.t_iter t))= {[@expl:precondition] [%#span55] inv'0 self} - any [ return' (result:Iter'0.t_iter t)-> {[%#span56] shallow_model'1 result = self} (! return' {result}) ] + let rec iter'0 (self:slice t) (return' (ret:Iter'0.t_iter t))= {[@expl:precondition] [%#span44] inv'0 self} + any [ return' (result:Iter'0.t_iter t)-> {[%#span45] shallow_model'1 result = self} (! return' {result}) ] predicate resolve'0 (self : slice t) @@ -617,111 +552,91 @@ module C03StdIterators_VecIter let%span span10 = "" 0 0 0 0 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span13 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span14 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span12 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span15 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span13 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span16 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span14 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span25 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 + let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span26 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span18 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span27 = "../../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span19 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span28 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 + let%span span20 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 - let%span span29 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span21 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span30 = "../../../../../creusot-contracts/src/std/slice.rs" 76 19 76 23 + let%span span22 = "../../../../../creusot-contracts/src/std/slice.rs" 76 19 76 23 - let%span span31 = "../../../../../creusot-contracts/src/std/slice.rs" 74 14 74 41 + let%span span23 = "../../../../../creusot-contracts/src/std/slice.rs" 74 14 74 41 - let%span span32 = "../../../../../creusot-contracts/src/std/slice.rs" 75 4 75 82 + let%span span24 = "../../../../../creusot-contracts/src/std/slice.rs" 75 4 75 82 - let%span span33 = "../../../../../creusot-contracts/src/std/slice.rs" 76 4 76 35 + let%span span25 = "../../../../../creusot-contracts/src/std/slice.rs" 384 12 384 66 - let%span span34 = "../../../../../creusot-contracts/src/std/slice.rs" 384 12 384 66 + let%span span26 = "../../../../../creusot-contracts/src/std/slice.rs" 395 15 395 32 - let%span span35 = "../../../../../creusot-contracts/src/std/slice.rs" 395 15 395 32 + let%span span27 = "../../../../../creusot-contracts/src/std/slice.rs" 396 15 396 32 - let%span span36 = "../../../../../creusot-contracts/src/std/slice.rs" 396 15 396 32 + let%span span28 = "../../../../../creusot-contracts/src/std/slice.rs" 397 14 397 42 - let%span span37 = "../../../../../creusot-contracts/src/std/slice.rs" 398 31 398 33 + let%span span29 = "../../../../../creusot-contracts/src/std/slice.rs" 393 4 393 10 - let%span span38 = "../../../../../creusot-contracts/src/std/slice.rs" 398 61 398 63 + let%span span30 = "../../../../../creusot-contracts/src/std/slice.rs" 390 14 390 45 - let%span span39 = "../../../../../creusot-contracts/src/std/slice.rs" 397 14 397 42 + let%span span31 = "../../../../../creusot-contracts/src/std/slice.rs" 388 4 388 10 - let%span span40 = "../../../../../creusot-contracts/src/std/slice.rs" 393 4 393 10 + let%span span32 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span41 = "../../../../../creusot-contracts/src/std/slice.rs" 390 14 390 45 + let%span span33 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span42 = "../../../../../creusot-contracts/src/std/slice.rs" 388 4 388 10 + let%span span34 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span43 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span35 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span44 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span36 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span45 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span37 = "../../../../../creusot-contracts/src/std/slice.rs" 377 20 377 61 - let%span span46 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span38 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - let%span span47 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span39 = "" 0 0 0 0 - let%span span48 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span40 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span49 = "../../../../../creusot-contracts/src/std/slice.rs" 377 20 377 61 + let%span span41 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span50 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 + let%span span42 = "../../../../../creusot-contracts/src/std/vec.rs" 205 20 205 34 - let%span span51 = "" 0 0 0 0 + let%span span43 = "../../../../../creusot-contracts/src/std/vec.rs" 199 20 199 24 - let%span span52 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span44 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - let%span span53 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span45 = "" 0 0 0 0 - let%span span54 = "../../../../../creusot-contracts/src/std/vec.rs" 205 20 205 34 + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - let%span span55 = "../../../../../creusot-contracts/src/std/vec.rs" 199 20 199 24 + predicate invariant'8 (self : Seq'0.t_seq t) - let%span span56 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 + predicate inv'8 (_x : Seq'0.t_seq t) - let%span span57 = "" 0 0 0 0 + axiom inv'8 : forall x : Seq'0.t_seq t . inv'8 x = true use prelude.prelude.Slice - predicate invariant'8 (self : slice t) + predicate invariant'7 (self : slice t) - predicate inv'8 (_x : slice t) + predicate inv'7 (_x : slice t) - axiom inv'8 : forall x : slice t . inv'8 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate inv'5 (_x : Seq'0.t_seq t) + axiom inv'7 : forall x : slice t . inv'7 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -735,36 +650,27 @@ module C03StdIterators_VecIter constant max'0 : usize = [%#span10] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'1 (self : Seq'0.t_seq t) : int - axiom len'1_spec : forall self : Seq'0.t_seq t . ([%#span11] inv'5 self) -> ([%#span12] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq t . [%#span11] len'1 self >= 0 - predicate inv'7 (_x : Vec'0.t_vec t (Global'0.t_global)) + predicate inv'6 (_x : Vec'0.t_vec t (Global'0.t_global)) function shallow_model'2 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq t - axiom shallow_model'2_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span13] inv'7 self) - -> ([%#span15] inv'5 (shallow_model'2 self)) - && ([%#span14] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) - - predicate invariant'7 (self : Vec'0.t_vec t (Global'0.t_global)) = - [%#span16] inv'5 (shallow_model'2 self) + axiom shallow_model'2_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span12] inv'6 self) + -> ([%#span13] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) - axiom inv'7 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'7 x = true + predicate invariant'6 (self : Vec'0.t_vec t (Global'0.t_global)) = + [%#span14] inv'8 (shallow_model'2 self) - predicate invariant'6 (self : slice t) + axiom inv'6 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'6 x = true - predicate inv'6 (_x : slice t) + predicate invariant'5 (self : slice t) - axiom inv'6 : forall x : slice t . inv'6 x = true + predicate inv'5 (_x : slice t) - predicate invariant'5 (self : Seq'0.t_seq t) - - axiom inv'5 : forall x : Seq'0.t_seq t . inv'5 x = true + axiom inv'5 : forall x : slice t . inv'5 x = true predicate invariant'4 (self : Seq'0.t_seq t) @@ -772,12 +678,11 @@ module C03StdIterators_VecIter axiom inv'4 : forall x : Seq'0.t_seq t . inv'4 x = true - constant empty'1 : Seq'0.t_seq t = [%#span17] () + constant empty'1 : Seq'0.t_seq t - function empty_len'1 (_1 : ()) : () = - [%#span19] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span18] len'1 (empty'1 : Seq'0.t_seq t) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span15] len'1 (empty'1 : Seq'0.t_seq t) = 0 predicate invariant'3 (self : t) @@ -797,72 +702,59 @@ module C03StdIterators_VecIter use Core_Slice_Iter_Iter_Type as Iter'0 - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq t) (x : int) : t - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq t) (_2 : int) : t function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span11] inv'4 self) -> ([%#span12] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span11] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq t) (other : Seq'0.t_seq t) : Seq'0.t_seq t - axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span20] inv'4 self) - -> ([%#span21] inv'4 other) - -> ([%#span24] inv'4 (concat'0 self other)) - && ([%#span23] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span17] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span22] len'0 (concat'0 self other) = len'0 self + len'0 other) - - use seq.Seq + && ([%#span16] len'0 (concat'0 self other) = len'0 self + len'0 other) - function index_logic'2 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'2 (self : Seq'0.t_seq t) (_2 : int) : t function shallow_model'5 (self : slice t) : Seq'0.t_seq t - axiom shallow_model'5_spec : forall self : slice t . ([%#span25] inv'8 self) - -> ([%#span27] inv'5 (shallow_model'5 self)) - && ([%#span26] len'1 (shallow_model'5 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'5_spec : forall self : slice t . ([%#span18] inv'7 self) + -> ([%#span19] len'1 (shallow_model'5 self) <= UIntSize.to_int (max'0 : usize)) function index_logic'1 [@inline:trivial] (self : slice t) (ix : int) : t = - [%#span28] index_logic'2 (shallow_model'5 self) ix + [%#span20] index_logic'2 (shallow_model'5 self) ix function shallow_model'3 (self : slice t) : Seq'0.t_seq t = - [%#span29] shallow_model'5 self + [%#span21] shallow_model'5 self function to_ref_seq'0 (self : slice t) : Seq'0.t_seq t - axiom to_ref_seq'0_spec : forall self : slice t . ([%#span30] inv'6 self) - -> ([%#span33] inv'4 (to_ref_seq'0 self)) - && ([%#span32] forall i : int . 0 <= i /\ i < len'0 (to_ref_seq'0 self) + axiom to_ref_seq'0_spec : forall self : slice t . ([%#span22] inv'5 self) + -> ([%#span24] forall i : int . 0 <= i /\ i < len'0 (to_ref_seq'0 self) -> index_logic'0 (to_ref_seq'0 self) i = index_logic'1 self i) - && ([%#span31] len'0 (to_ref_seq'0 self) = len'1 (shallow_model'3 self)) + && ([%#span23] len'0 (to_ref_seq'0 self) = len'1 (shallow_model'3 self)) function shallow_model'1 (self : Iter'0.t_iter t) : slice t predicate produces'0 (self : Iter'0.t_iter t) (visited : Seq'0.t_seq t) (tl : Iter'0.t_iter t) = - [%#span34] to_ref_seq'0 (shallow_model'1 self) = concat'0 visited (to_ref_seq'0 (shallow_model'1 tl)) + [%#span25] to_ref_seq'0 (shallow_model'1 self) = concat'0 visited (to_ref_seq'0 (shallow_model'1 tl)) function produces_trans'0 (a : Iter'0.t_iter t) (ab : Seq'0.t_seq t) (b : Iter'0.t_iter t) (bc : Seq'0.t_seq t) (c : Iter'0.t_iter t) : () = - [%#span40] () + [%#span29] () - axiom produces_trans'0_spec : forall a : Iter'0.t_iter t, ab : Seq'0.t_seq t, b : Iter'0.t_iter t, bc : Seq'0.t_seq t, c : Iter'0.t_iter t . ([%#span35] produces'0 a ab b) - -> ([%#span36] produces'0 b bc c) - -> ([%#span37] inv'4 ab) -> ([%#span38] inv'4 bc) -> ([%#span39] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : Iter'0.t_iter t, ab : Seq'0.t_seq t, b : Iter'0.t_iter t, bc : Seq'0.t_seq t, c : Iter'0.t_iter t . ([%#span26] produces'0 a ab b) + -> ([%#span27] produces'0 b bc c) -> ([%#span28] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq t = [%#span17] () + constant empty'0 : Seq'0.t_seq t function produces_refl'0 (self : Iter'0.t_iter t) : () = - [%#span42] () + [%#span31] () - axiom produces_refl'0_spec : forall self : Iter'0.t_iter t . [%#span41] produces'0 self (empty'0 : Seq'0.t_seq t) self + axiom produces_refl'0_spec : forall self : Iter'0.t_iter t . [%#span30] produces'0 self (empty'0 : Seq'0.t_seq t) self predicate invariant'1 (self : Iter'0.t_iter t) @@ -870,10 +762,9 @@ module C03StdIterators_VecIter axiom inv'1 : forall x : Iter'0.t_iter t . inv'1 x = true - function empty_len'0 (_1 : ()) : () = - [%#span19] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span18] len'0 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span15] len'0 (empty'0 : Seq'0.t_seq t) = 0 predicate invariant'0 (self : Vec'0.t_vec t (Global'0.t_global)) @@ -882,7 +773,7 @@ module C03StdIterators_VecIter axiom inv'0 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'0 x = true function shallow_model'0 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq t = - [%#span29] shallow_model'2 self + [%#span21] shallow_model'2 self use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 @@ -892,28 +783,25 @@ module C03StdIterators_VecIter predicate resolve'5 (self : t) - use seq.Seq - function singleton'0 (v : t) : Seq'0.t_seq t - axiom singleton'0_spec : forall v : t . ([%#span43] inv'3 v) - -> ([%#span46] inv'4 (singleton'0 v)) - && ([%#span45] index_logic'0 (singleton'0 v) 0 = v) && ([%#span44] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : t . ([%#span32] inv'3 v) + -> ([%#span34] index_logic'0 (singleton'0 v) 0 = v) && ([%#span33] len'0 (singleton'0 v) = 1) predicate resolve'4 (self : Option'0.t_option t) predicate resolve'3 (self : borrowed (Iter'0.t_iter t)) = - [%#span47] ^ self = * self + [%#span35] ^ self = * self function shallow_model'4 (self : borrowed (Iter'0.t_iter t)) : slice t = - [%#span48] shallow_model'1 ( * self) + [%#span36] shallow_model'1 ( * self) predicate completed'0 (self : borrowed (Iter'0.t_iter t)) = - [%#span49] resolve'3 self /\ shallow_model'5 (shallow_model'4 self) = (empty'1 : Seq'0.t_seq t) + [%#span37] resolve'3 self /\ shallow_model'5 (shallow_model'4 self) = (empty'1 : Seq'0.t_seq t) let rec next'0 (self:borrowed (Iter'0.t_iter t)) (return' (ret:Option'0.t_option t))= any - [ return' (result:Option'0.t_option t)-> {[%#span51] inv'2 result} - {[%#span50] match result with + [ return' (result:Option'0.t_option t)-> {[%#span39] inv'2 result} + {[%#span38] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} @@ -932,23 +820,23 @@ module C03StdIterators_VecIter function new'1 (x : Seq'0.t_seq t) : Snapshot'0.t_snapshot (Seq'0.t_seq t) - axiom new'1_spec : forall x : Seq'0.t_seq t . ([%#span52] inv'4 x) -> ([%#span53] deref'0 (new'1 x) = x) + axiom new'1_spec : forall x : Seq'0.t_seq t . ([%#span40] inv'4 x) -> ([%#span41] deref'0 (new'1 x) = x) predicate resolve'1 (self : Snapshot'0.t_snapshot (Iter'0.t_iter t)) function new'0 (x : Iter'0.t_iter t) : Snapshot'0.t_snapshot (Iter'0.t_iter t) - axiom new'0_spec : forall x : Iter'0.t_iter t . ([%#span52] inv'1 x) -> ([%#span53] deref'1 (new'0 x) = x) + axiom new'0_spec : forall x : Iter'0.t_iter t . ([%#span40] inv'1 x) -> ([%#span41] deref'1 (new'0 x) = x) predicate into_iter_post'0 (self : Vec'0.t_vec t (Global'0.t_global)) (res : Iter'0.t_iter t) = - [%#span54] shallow_model'0 self = shallow_model'3 (shallow_model'1 res) + [%#span42] shallow_model'0 self = shallow_model'3 (shallow_model'1 res) predicate into_iter_pre'0 (self : Vec'0.t_vec t (Global'0.t_global)) = - [%#span55] true + [%#span43] true - let rec into_iter'0 (self:Vec'0.t_vec t (Global'0.t_global)) (return' (ret:Iter'0.t_iter t))= {[@expl:precondition] [%#span57] inv'0 self} - {[@expl:precondition] [%#span56] into_iter_pre'0 self} - any [ return' (result:Iter'0.t_iter t)-> {[%#span56] into_iter_post'0 self result} (! return' {result}) ] + let rec into_iter'0 (self:Vec'0.t_vec t (Global'0.t_global)) (return' (ret:Iter'0.t_iter t))= {[@expl:precondition] [%#span45] inv'0 self} + {[@expl:precondition] [%#span44] into_iter_pre'0 self} + any [ return' (result:Iter'0.t_iter t)-> {[%#span44] into_iter_post'0 self result} (! return' {result}) ] predicate resolve'0 (self : Vec'0.t_vec t (Global'0.t_global)) @@ -1085,143 +973,119 @@ module C03StdIterators_AllZero let%span span8 = "" 0 0 0 0 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - - let%span span12 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - - let%span span13 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 - - let%span span14 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span12 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span23 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - - let%span span24 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - - let%span span25 = "../../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span26 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 + let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span27 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span16 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span28 = "../../../../../creusot-contracts/src/std/slice.rs" 67 23 67 27 + let%span span17 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span29 = "../../../../../creusot-contracts/src/std/slice.rs" 64 14 64 41 + let%span span18 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 - let%span span30 = "../../../../../creusot-contracts/src/std/slice.rs" 65 4 65 82 + let%span span19 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span31 = "../../../../../creusot-contracts/src/std/slice.rs" 66 4 66 85 + let%span span20 = "../../../../../creusot-contracts/src/std/slice.rs" 67 23 67 27 - let%span span32 = "../../../../../creusot-contracts/src/std/slice.rs" 67 4 67 43 + let%span span21 = "../../../../../creusot-contracts/src/std/slice.rs" 64 14 64 41 - let%span span33 = "../../../../../creusot-contracts/src/std/slice.rs" 407 14 407 50 + let%span span22 = "../../../../../creusot-contracts/src/std/slice.rs" 65 4 65 82 - let%span span34 = "../../../../../creusot-contracts/src/std/slice.rs" 408 4 408 50 + let%span span23 = "../../../../../creusot-contracts/src/std/slice.rs" 66 4 66 85 - let%span span35 = "../../../../../creusot-contracts/src/std/slice.rs" 433 12 433 66 + let%span span24 = "../../../../../creusot-contracts/src/std/slice.rs" 407 14 407 50 - let%span span36 = "../../../../../creusot-contracts/src/std/slice.rs" 444 15 444 32 + let%span span25 = "../../../../../creusot-contracts/src/std/slice.rs" 408 4 408 50 - let%span span37 = "../../../../../creusot-contracts/src/std/slice.rs" 445 15 445 32 + let%span span26 = "../../../../../creusot-contracts/src/std/slice.rs" 433 12 433 66 - let%span span38 = "../../../../../creusot-contracts/src/std/slice.rs" 447 31 447 33 + let%span span27 = "../../../../../creusot-contracts/src/std/slice.rs" 444 15 444 32 - let%span span39 = "../../../../../creusot-contracts/src/std/slice.rs" 447 61 447 63 + let%span span28 = "../../../../../creusot-contracts/src/std/slice.rs" 445 15 445 32 - let%span span40 = "../../../../../creusot-contracts/src/std/slice.rs" 446 14 446 42 + let%span span29 = "../../../../../creusot-contracts/src/std/slice.rs" 446 14 446 42 - let%span span41 = "../../../../../creusot-contracts/src/std/slice.rs" 442 4 442 10 + let%span span30 = "../../../../../creusot-contracts/src/std/slice.rs" 442 4 442 10 - let%span span42 = "../../../../../creusot-contracts/src/std/slice.rs" 439 14 439 45 + let%span span31 = "../../../../../creusot-contracts/src/std/slice.rs" 439 14 439 45 - let%span span43 = "../../../../../creusot-contracts/src/std/slice.rs" 437 4 437 10 + let%span span32 = "../../../../../creusot-contracts/src/std/slice.rs" 437 4 437 10 - let%span span44 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span33 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span45 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span34 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span46 = "../../../../../creusot-contracts/src/std/slice.rs" 418 20 418 36 + let%span span35 = "../../../../../creusot-contracts/src/std/slice.rs" 418 20 418 36 - let%span span47 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span36 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span48 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span37 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span49 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span38 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span50 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span39 = "../../../../../creusot-contracts/src/std/slice.rs" 426 20 426 61 - let%span span51 = "../../../../../creusot-contracts/src/std/slice.rs" 426 20 426 61 - - let%span span52 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 + let%span span40 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - let%span span53 = "" 0 0 0 0 + let%span span41 = "" 0 0 0 0 - let%span span54 = "../../../../../creusot-contracts/src/logic/ops.rs" 87 8 87 33 + let%span span42 = "../../../../../creusot-contracts/src/logic/ops.rs" 87 8 87 33 - let%span span55 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span43 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span56 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span44 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span57 = "../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 + let%span span45 = "../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - let%span span58 = "../../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 + let%span span46 = "../../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - let%span span59 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 + let%span span47 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - let%span span60 = "" 0 0 0 0 + let%span span48 = "" 0 0 0 0 - let%span span61 = "" 0 0 0 0 + let%span span49 = "" 0 0 0 0 - let%span span62 = "" 0 0 0 0 + let%span span50 = "" 0 0 0 0 - let%span span63 = "../../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 + let%span span51 = "../../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 - let%span span64 = "" 0 0 0 0 + let%span span52 = "" 0 0 0 0 - let%span span65 = "../../../../../creusot-contracts/src/std/vec.rs" 169 26 169 42 + let%span span53 = "../../../../../creusot-contracts/src/std/vec.rs" 169 26 169 42 - let%span span66 = "../../../../../creusot-contracts/src/std/vec.rs" 170 26 170 48 + let%span span54 = "../../../../../creusot-contracts/src/std/vec.rs" 170 26 170 48 - let%span span67 = "" 0 0 0 0 + let%span span55 = "" 0 0 0 0 use prelude.prelude.UIntSize - use prelude.prelude.Slice + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'8 (self : slice usize) = + predicate invariant'8 (self : Seq'0.t_seq usize) = [%#span7] true - predicate inv'8 (_x : slice usize) + predicate inv'8 (_x : Seq'0.t_seq usize) - axiom inv'8 : forall x : slice usize . inv'8 x = true + axiom inv'8 : forall x : Seq'0.t_seq usize . inv'8 x = true - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + use prelude.prelude.Slice - predicate invariant'7 (self : Seq'0.t_seq usize) = + predicate invariant'7 (self : slice usize) = [%#span7] true - predicate inv'7 (_x : Seq'0.t_seq usize) + predicate inv'7 (_x : slice usize) - axiom inv'7 : forall x : Seq'0.t_seq usize . inv'7 x = true + axiom inv'7 : forall x : slice usize . inv'7 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -1233,24 +1097,19 @@ module C03StdIterators_AllZero constant max'0 : usize = [%#span8] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'1 (self : Seq'0.t_seq usize) : int - axiom len'1_spec : forall self : Seq'0.t_seq usize . ([%#span9] inv'7 self) -> ([%#span10] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq usize . [%#span9] len'1 self >= 0 predicate inv'6 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span11] inv'6 self) - -> ([%#span13] inv'7 (shallow_model'0 self)) - && ([%#span12] len'1 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span10] inv'6 self) + -> ([%#span11] len'1 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'6 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span14] inv'7 (shallow_model'0 self) + [%#span12] inv'8 (shallow_model'0 self) axiom inv'6 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'6 x = true @@ -1293,90 +1152,76 @@ module C03StdIterators_AllZero axiom inv'1 : forall x : borrowed (Vec'0.t_vec usize (Global'0.t_global)) . inv'1 x = true - constant empty'1 : Seq'0.t_seq usize = [%#span15] () + constant empty'1 : Seq'0.t_seq usize - function empty_len'1 (_1 : ()) : () = - [%#span17] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span16] len'1 (empty'1 : Seq'0.t_seq usize) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span13] len'1 (empty'1 : Seq'0.t_seq usize) = 0 use Core_Slice_Iter_IterMut_Type as IterMut'0 - use seq.Seq - - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq (borrowed usize)) (x : int) : borrowed usize - - use seq.Seq + function index_logic'2 (self : Seq'0.t_seq (borrowed usize)) (_2 : int) : borrowed usize function len'0 (self : Seq'0.t_seq (borrowed usize)) : int - axiom len'0_spec : forall self : Seq'0.t_seq (borrowed usize) . ([%#span9] inv'3 self) - -> ([%#span10] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (borrowed usize) . [%#span9] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq (borrowed usize)) (other : Seq'0.t_seq (borrowed usize)) : Seq'0.t_seq (borrowed usize) - axiom concat'0_spec : forall self : Seq'0.t_seq (borrowed usize), other : Seq'0.t_seq (borrowed usize) . ([%#span18] inv'3 self) - -> ([%#span19] inv'3 other) - -> ([%#span22] inv'3 (concat'0 self other)) - && ([%#span21] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq (borrowed usize), other : Seq'0.t_seq (borrowed usize) . ([%#span15] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'2 (concat'0 self other) i = (if i < len'0 self then index_logic'2 self i else index_logic'2 other (i - len'0 self))) - && ([%#span20] len'0 (concat'0 self other) = len'0 self + len'0 other) - - use seq.Seq + && ([%#span14] len'0 (concat'0 self other) = len'0 self + len'0 other) - function index_logic'3 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'3 (self : Seq'0.t_seq usize) (_2 : int) : usize function shallow_model'3 (self : slice usize) : Seq'0.t_seq usize - axiom shallow_model'3_spec : forall self : slice usize . ([%#span23] inv'8 self) - -> ([%#span25] inv'7 (shallow_model'3 self)) - && ([%#span24] len'1 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'3_spec : forall self : slice usize . ([%#span16] inv'7 self) + -> ([%#span17] len'1 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) function index_logic'4 [@inline:trivial] (self : slice usize) (ix : int) : usize = - [%#span26] index_logic'3 (shallow_model'3 self) ix + [%#span18] index_logic'3 (shallow_model'3 self) ix function shallow_model'2 (self : borrowed (slice usize)) : Seq'0.t_seq usize = - [%#span27] shallow_model'3 ( * self) + [%#span19] shallow_model'3 ( * self) function to_mut_seq'0 (self : borrowed (slice usize)) : Seq'0.t_seq (borrowed usize) - axiom to_mut_seq'0_spec : forall self : borrowed (slice usize) . ([%#span28] inv'2 self) - -> ([%#span32] inv'3 (to_mut_seq'0 self)) - && ([%#span31] forall i : int . 0 <= i /\ i < len'0 (to_mut_seq'0 self) + axiom to_mut_seq'0_spec : forall self : borrowed (slice usize) . ([%#span20] inv'2 self) + -> ([%#span23] forall i : int . 0 <= i /\ i < len'0 (to_mut_seq'0 self) -> ^ index_logic'2 (to_mut_seq'0 self) i = index_logic'4 ( ^ self) i) - && ([%#span30] forall i : int . 0 <= i /\ i < len'0 (to_mut_seq'0 self) + && ([%#span22] forall i : int . 0 <= i /\ i < len'0 (to_mut_seq'0 self) -> * index_logic'2 (to_mut_seq'0 self) i = index_logic'4 ( * self) i) - && ([%#span29] len'0 (to_mut_seq'0 self) = len'1 (shallow_model'2 self)) + && ([%#span21] len'0 (to_mut_seq'0 self) = len'1 (shallow_model'2 self)) function shallow_model'4 (self : IterMut'0.t_itermut usize) : borrowed (slice usize) - axiom shallow_model'4_spec : forall self : IterMut'0.t_itermut usize . ([%#span34] inv'2 (shallow_model'4 self)) - && ([%#span33] len'1 (shallow_model'3 ( ^ shallow_model'4 self)) = len'1 (shallow_model'3 ( * shallow_model'4 self))) + axiom shallow_model'4_spec : forall self : IterMut'0.t_itermut usize . ([%#span25] inv'2 (shallow_model'4 self)) + && ([%#span24] len'1 (shallow_model'3 ( ^ shallow_model'4 self)) = len'1 (shallow_model'3 ( * shallow_model'4 self))) predicate produces'0 (self : IterMut'0.t_itermut usize) (visited : Seq'0.t_seq (borrowed usize)) (tl : IterMut'0.t_itermut usize) = - [%#span35] to_mut_seq'0 (shallow_model'4 self) = concat'0 visited (to_mut_seq'0 (shallow_model'4 tl)) + [%#span26] to_mut_seq'0 (shallow_model'4 self) = concat'0 visited (to_mut_seq'0 (shallow_model'4 tl)) function produces_trans'0 (a : IterMut'0.t_itermut usize) (ab : Seq'0.t_seq (borrowed usize)) (b : IterMut'0.t_itermut usize) (bc : Seq'0.t_seq (borrowed usize)) (c : IterMut'0.t_itermut usize) : () = - [%#span41] () + [%#span30] () - axiom produces_trans'0_spec : forall a : IterMut'0.t_itermut usize, ab : Seq'0.t_seq (borrowed usize), b : IterMut'0.t_itermut usize, bc : Seq'0.t_seq (borrowed usize), c : IterMut'0.t_itermut usize . ([%#span36] produces'0 a ab b) - -> ([%#span37] produces'0 b bc c) - -> ([%#span38] inv'3 ab) -> ([%#span39] inv'3 bc) -> ([%#span40] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : IterMut'0.t_itermut usize, ab : Seq'0.t_seq (borrowed usize), b : IterMut'0.t_itermut usize, bc : Seq'0.t_seq (borrowed usize), c : IterMut'0.t_itermut usize . ([%#span27] produces'0 a ab b) + -> ([%#span28] produces'0 b bc c) -> ([%#span29] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq (borrowed usize) = [%#span15] () + constant empty'0 : Seq'0.t_seq (borrowed usize) function produces_refl'0 (self : IterMut'0.t_itermut usize) : () = - [%#span43] () + [%#span32] () - axiom produces_refl'0_spec : forall self : IterMut'0.t_itermut usize . [%#span42] produces'0 self (empty'0 : Seq'0.t_seq (borrowed usize)) self + axiom produces_refl'0_spec : forall self : IterMut'0.t_itermut usize . [%#span31] produces'0 self (empty'0 : Seq'0.t_seq (borrowed usize)) self predicate invariant'0 (self : IterMut'0.t_itermut usize) = [%#span7] true @@ -1385,50 +1230,46 @@ module C03StdIterators_AllZero axiom inv'0 : forall x : IterMut'0.t_itermut usize . inv'0 x = true - function empty_len'0 (_1 : ()) : () = - [%#span17] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span16] len'0 (empty'0 : Seq'0.t_seq (borrowed usize)) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span13] len'0 (empty'0 : Seq'0.t_seq (borrowed usize)) = 0 function index_logic'1 [@inline:trivial] (self : Vec'0.t_vec usize (Global'0.t_global)) (ix : int) : usize = - [%#span44] index_logic'3 (shallow_model'0 self) ix + [%#span33] index_logic'3 (shallow_model'0 self) ix function shallow_model'1 (self : borrowed (Vec'0.t_vec usize (Global'0.t_global))) : Seq'0.t_seq usize = - [%#span27] shallow_model'0 ( * self) + [%#span19] shallow_model'0 ( * self) use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic predicate resolve'4 (self : borrowed (Vec'0.t_vec usize (Global'0.t_global))) = - [%#span45] ^ self = * self + [%#span34] ^ self = * self predicate resolve'3 (self : IterMut'0.t_itermut usize) = - [%#span46] * shallow_model'4 self = ^ shallow_model'4 self + [%#span35] * shallow_model'4 self = ^ shallow_model'4 self predicate resolve'2 (self : borrowed usize) = - [%#span45] ^ self = * self - - use seq.Seq + [%#span34] ^ self = * self function singleton'0 (v : borrowed usize) : Seq'0.t_seq (borrowed usize) - axiom singleton'0_spec : forall v : borrowed usize . ([%#span47] inv'5 v) - -> ([%#span50] inv'3 (singleton'0 v)) - && ([%#span49] index_logic'2 (singleton'0 v) 0 = v) && ([%#span48] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : borrowed usize . ([%#span36] inv'5 v) + -> ([%#span38] index_logic'2 (singleton'0 v) 0 = v) && ([%#span37] len'0 (singleton'0 v) = 1) predicate resolve'1 (self : borrowed (IterMut'0.t_itermut usize)) = - [%#span45] ^ self = * self + [%#span34] ^ self = * self function shallow_model'5 (self : borrowed (IterMut'0.t_itermut usize)) : borrowed (slice usize) = - [%#span27] shallow_model'4 ( * self) + [%#span19] shallow_model'4 ( * self) predicate completed'0 (self : borrowed (IterMut'0.t_itermut usize)) = - [%#span51] resolve'1 self /\ shallow_model'3 ( * shallow_model'5 self) = (empty'1 : Seq'0.t_seq usize) + [%#span39] resolve'1 self /\ shallow_model'3 ( * shallow_model'5 self) = (empty'1 : Seq'0.t_seq usize) let rec next'0 (self:borrowed (IterMut'0.t_itermut usize)) (return' (ret:Option'0.t_option (borrowed usize)))= any - [ return' (result:Option'0.t_option (borrowed usize))-> {[%#span53] inv'4 result} - {[%#span52] match result with + [ return' (result:Option'0.t_option (borrowed usize))-> {[%#span41] inv'4 result} + {[%#span40] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} @@ -1440,7 +1281,7 @@ module C03StdIterators_AllZero function index_logic'0 [@inline:trivial] (self : Snapshot'0.t_snapshot (Seq'0.t_seq (borrowed usize))) (ix : int) : borrowed usize = - [%#span54] index_logic'2 (deref'0 self) ix + [%#span42] index_logic'2 (deref'0 self) ix function inner'1 (self : Snapshot'0.t_snapshot (Seq'0.t_seq (borrowed usize))) : Seq'0.t_seq (borrowed usize) @@ -1450,40 +1291,40 @@ module C03StdIterators_AllZero function new'1 (x : Seq'0.t_seq (borrowed usize)) : Snapshot'0.t_snapshot (Seq'0.t_seq (borrowed usize)) - axiom new'1_spec : forall x : Seq'0.t_seq (borrowed usize) . ([%#span55] inv'3 x) - -> ([%#span56] deref'0 (new'1 x) = x) + axiom new'1_spec : forall x : Seq'0.t_seq (borrowed usize) . ([%#span43] inv'3 x) + -> ([%#span44] deref'0 (new'1 x) = x) function new'0 (x : IterMut'0.t_itermut usize) : Snapshot'0.t_snapshot (IterMut'0.t_itermut usize) - axiom new'0_spec : forall x : IterMut'0.t_itermut usize . ([%#span55] inv'0 x) -> ([%#span56] deref'1 (new'0 x) = x) + axiom new'0_spec : forall x : IterMut'0.t_itermut usize . ([%#span43] inv'0 x) -> ([%#span44] deref'1 (new'0 x) = x) predicate resolve'0 (self : borrowed (slice usize)) = - [%#span45] ^ self = * self + [%#span34] ^ self = * self predicate into_iter_post'0 (self : IterMut'0.t_itermut usize) (res : IterMut'0.t_itermut usize) = - [%#span57] self = res + [%#span45] self = res predicate into_iter_pre'0 (self : IterMut'0.t_itermut usize) = - [%#span58] true + [%#span46] true - let rec into_iter'0 (self:IterMut'0.t_itermut usize) (return' (ret:IterMut'0.t_itermut usize))= {[@expl:precondition] [%#span60] inv'0 self} - {[@expl:precondition] [%#span59] into_iter_pre'0 self} + let rec into_iter'0 (self:IterMut'0.t_itermut usize) (return' (ret:IterMut'0.t_itermut usize))= {[@expl:precondition] [%#span48] inv'0 self} + {[@expl:precondition] [%#span47] into_iter_pre'0 self} any - [ return' (result:IterMut'0.t_itermut usize)-> {[%#span61] inv'0 result} - {[%#span59] into_iter_post'0 self result} + [ return' (result:IterMut'0.t_itermut usize)-> {[%#span49] inv'0 result} + {[%#span47] into_iter_post'0 self result} (! return' {result}) ] - let rec iter_mut'0 (self:borrowed (slice usize)) (return' (ret:IterMut'0.t_itermut usize))= {[@expl:precondition] [%#span62] inv'2 self} + let rec iter_mut'0 (self:borrowed (slice usize)) (return' (ret:IterMut'0.t_itermut usize))= {[@expl:precondition] [%#span50] inv'2 self} any - [ return' (result:IterMut'0.t_itermut usize)-> {[%#span63] shallow_model'4 result = self} (! return' {result}) ] + [ return' (result:IterMut'0.t_itermut usize)-> {[%#span51] shallow_model'4 result = self} (! return' {result}) ] - let rec deref_mut'0 (self:borrowed (Vec'0.t_vec usize (Global'0.t_global))) (return' (ret:borrowed (slice usize)))= {[@expl:precondition] [%#span64] inv'1 self} + let rec deref_mut'0 (self:borrowed (Vec'0.t_vec usize (Global'0.t_global))) (return' (ret:borrowed (slice usize)))= {[@expl:precondition] [%#span52] inv'1 self} any - [ return' (result:borrowed (slice usize))-> {[%#span67] inv'2 result} - {[%#span66] shallow_model'3 ( ^ result) = shallow_model'0 ( ^ self)} - {[%#span65] shallow_model'2 result = shallow_model'1 self} + [ return' (result:borrowed (slice usize))-> {[%#span55] inv'2 result} + {[%#span54] shallow_model'3 ( ^ result) = shallow_model'0 ( ^ self)} + {[%#span53] shallow_model'2 result = shallow_model'1 self} (! return' {result}) ] @@ -1620,179 +1461,142 @@ module C03StdIterators_SkipTake let%span s03_std_iterators1 = "../03_std_iterators.rs" 35 30 35 34 - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span9 = "../../../../../creusot-contracts/src/std/iter.rs" 38 15 38 32 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span10 = "../../../../../creusot-contracts/src/std/iter.rs" 39 15 39 32 + let%span span5 = "../../../../../creusot-contracts/src/std/iter.rs" 38 15 38 32 - let%span span11 = "../../../../../creusot-contracts/src/std/iter.rs" 41 22 41 23 + let%span span6 = "../../../../../creusot-contracts/src/std/iter.rs" 39 15 39 32 - let%span span12 = "../../../../../creusot-contracts/src/std/iter.rs" 41 31 41 33 + let%span span7 = "../../../../../creusot-contracts/src/std/iter.rs" 41 22 41 23 - let%span span13 = "../../../../../creusot-contracts/src/std/iter.rs" 41 52 41 53 + let%span span8 = "../../../../../creusot-contracts/src/std/iter.rs" 41 52 41 53 - let%span span14 = "../../../../../creusot-contracts/src/std/iter.rs" 41 61 41 63 + let%span span9 = "../../../../../creusot-contracts/src/std/iter.rs" 41 82 41 83 - let%span span15 = "../../../../../creusot-contracts/src/std/iter.rs" 41 82 41 83 + let%span span10 = "../../../../../creusot-contracts/src/std/iter.rs" 40 14 40 42 - let%span span16 = "../../../../../creusot-contracts/src/std/iter.rs" 40 14 40 42 + let%span span11 = "../../../../../creusot-contracts/src/std/iter.rs" 35 21 35 25 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span12 = "../../../../../creusot-contracts/src/std/iter.rs" 34 14 34 45 - let%span span18 = "../../../../../creusot-contracts/src/std/iter.rs" 35 21 35 25 + let%span span13 = "" 0 0 0 0 - let%span span19 = "../../../../../creusot-contracts/src/std/iter.rs" 34 14 34 45 + let%span span14 = "../../../../../creusot-contracts/src/std/iter/take.rs" 34 9 34 13 - let%span span20 = "" 0 0 0 0 + let%span span15 = "../../../../../creusot-contracts/src/std/iter/take.rs" 33 14 33 50 - let%span span21 = "../../../../../creusot-contracts/src/std/iter/take.rs" 34 9 34 13 + let%span span16 = "../../../../../creusot-contracts/src/std/iter/take.rs" 64 12 64 88 - let%span span22 = "../../../../../creusot-contracts/src/std/iter/take.rs" 33 14 33 50 + let%span span17 = "../../../../../creusot-contracts/src/std/iter/take.rs" 75 15 75 32 - let%span span23 = "../../../../../creusot-contracts/src/std/iter/take.rs" 64 12 64 88 + let%span span18 = "../../../../../creusot-contracts/src/std/iter/take.rs" 76 15 76 32 - let%span span24 = "../../../../../creusot-contracts/src/std/iter/take.rs" 75 15 75 32 + let%span span19 = "../../../../../creusot-contracts/src/std/iter/take.rs" 78 22 78 23 - let%span span25 = "../../../../../creusot-contracts/src/std/iter/take.rs" 76 15 76 32 + let%span span20 = "../../../../../creusot-contracts/src/std/iter/take.rs" 78 52 78 53 - let%span span26 = "../../../../../creusot-contracts/src/std/iter/take.rs" 78 22 78 23 + let%span span21 = "../../../../../creusot-contracts/src/std/iter/take.rs" 78 82 78 83 - let%span span27 = "../../../../../creusot-contracts/src/std/iter/take.rs" 78 31 78 33 + let%span span22 = "../../../../../creusot-contracts/src/std/iter/take.rs" 77 14 77 42 - let%span span28 = "../../../../../creusot-contracts/src/std/iter/take.rs" 78 52 78 53 + let%span span23 = "../../../../../creusot-contracts/src/std/iter/take.rs" 71 21 71 25 - let%span span29 = "../../../../../creusot-contracts/src/std/iter/take.rs" 78 61 78 63 + let%span span24 = "../../../../../creusot-contracts/src/std/iter/take.rs" 70 14 70 45 - let%span span30 = "../../../../../creusot-contracts/src/std/iter/take.rs" 78 82 78 83 + let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span31 = "../../../../../creusot-contracts/src/std/iter/take.rs" 77 14 77 42 + let%span span26 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 23 9 23 13 - let%span span32 = "../../../../../creusot-contracts/src/std/iter/take.rs" 71 21 71 25 + let%span span27 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 22 14 22 50 - let%span span33 = "../../../../../creusot-contracts/src/std/iter/take.rs" 70 14 70 45 + let%span span28 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 57 8 64 9 - let%span span34 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span29 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 74 15 74 32 - let%span span35 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span30 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 75 15 75 32 - let%span span36 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 23 9 23 13 + let%span span31 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 77 22 77 23 - let%span span37 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 22 14 22 50 + let%span span32 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 77 52 77 53 - let%span span38 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 57 8 64 9 + let%span span33 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 77 82 77 83 - let%span span39 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 74 15 74 32 + let%span span34 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 76 14 76 42 - let%span span40 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 75 15 75 32 + let%span span35 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 70 21 70 25 - let%span span41 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 77 22 77 23 + let%span span36 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 69 14 69 45 - let%span span42 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 77 31 77 33 + let%span span37 = "../../../../../creusot-contracts/src/std/iter/take.rs" 45 12 45 33 - let%span span43 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 77 52 77 53 + let%span span38 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 34 12 34 33 - let%span span44 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 77 61 77 63 + let%span span39 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span45 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 77 82 77 83 + let%span span40 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span46 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 76 14 76 42 + let%span span41 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span47 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 70 21 70 25 + let%span span42 = "../../../../../creusot-contracts/src/std/iter/take.rs" 26 21 26 25 - let%span span48 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 69 14 69 45 + let%span span43 = "../../../../../creusot-contracts/src/std/iter/take.rs" 25 14 25 68 - let%span span49 = "../../../../../creusot-contracts/src/std/iter/take.rs" 45 12 45 33 + let%span span44 = "../../../../../creusot-contracts/src/std/iter/take.rs" 26 4 26 36 - let%span span50 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 34 12 34 33 - - let%span span51 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 - - let%span span52 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 - - let%span span53 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 - - let%span span54 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 - - let%span span55 = "../../../../../creusot-contracts/src/std/iter/take.rs" 26 21 26 25 - - let%span span56 = "../../../../../creusot-contracts/src/std/iter/take.rs" 25 14 25 68 - - let%span span57 = "../../../../../creusot-contracts/src/std/iter/take.rs" 26 4 26 36 - - let%span span58 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span45 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span59 = "../../../../../creusot-contracts/src/std/iter/take.rs" 55 12 56 92 + let%span span46 = "../../../../../creusot-contracts/src/std/iter/take.rs" 55 12 56 92 - let%span span60 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 43 8 51 9 + let%span span47 = "../../../../../creusot-contracts/src/std/iter/skip.rs" 43 8 51 9 - let%span span61 = "" 0 0 0 0 + let%span span48 = "" 0 0 0 0 - let%span span62 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 + let%span span49 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - let%span span63 = "" 0 0 0 0 + let%span span50 = "" 0 0 0 0 - let%span span64 = "" 0 0 0 0 + let%span span51 = "" 0 0 0 0 - let%span span65 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 + let%span span52 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - let%span span66 = "" 0 0 0 0 + let%span span53 = "" 0 0 0 0 - let%span span67 = "" 0 0 0 0 + let%span span54 = "" 0 0 0 0 - let%span span68 = "" 0 0 0 0 + let%span span55 = "" 0 0 0 0 use prelude.prelude.Borrow - predicate invariant'8 (self : borrowed i) + predicate invariant'7 (self : borrowed i) - predicate inv'8 (_x : borrowed i) + predicate inv'7 (_x : borrowed i) - axiom inv'8 : forall x : borrowed i . inv'8 x = true + axiom inv'7 : forall x : borrowed i . inv'7 x = true type item'0 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - use seq.Seq - use prelude.prelude.Int - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 - - use seq.Seq - - predicate inv'6 (_x : Seq'0.t_seq item'0) + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span2] inv'6 self) -> ([%#span3] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span2] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span4] inv'6 self) - -> ([%#span5] inv'6 other) - -> ([%#span8] inv'6 (concat'0 self other)) - && ([%#span7] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span4] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span6] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span3] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate inv'2 (_x : i) @@ -1800,25 +1604,23 @@ module C03StdIterators_SkipTake function produces_trans'2 (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'2_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span9] produces'2 a ab b) - -> ([%#span10] produces'2 b bc c) - -> ([%#span11] inv'2 a) - -> ([%#span12] inv'6 ab) - -> ([%#span13] inv'2 b) - -> ([%#span14] inv'6 bc) -> ([%#span15] inv'2 c) -> ([%#span16] produces'2 a (concat'0 ab bc) c) + axiom produces_trans'2_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span5] produces'2 a ab b) + -> ([%#span6] produces'2 b bc c) + -> ([%#span7] inv'2 a) + -> ([%#span8] inv'2 b) -> ([%#span9] inv'2 c) -> ([%#span10] produces'2 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq item'0 = [%#span17] () + constant empty'0 : Seq'0.t_seq item'0 function produces_refl'2 (self : i) : () - axiom produces_refl'2_spec : forall self : i . ([%#span18] inv'2 self) - -> ([%#span19] produces'2 self (empty'0 : Seq'0.t_seq item'0) self) + axiom produces_refl'2_spec : forall self : i . ([%#span11] inv'2 self) + -> ([%#span12] produces'2 self (empty'0 : Seq'0.t_seq item'0) self) - predicate invariant'7 (self : item'0) + predicate invariant'6 (self : item'0) - predicate inv'7 (_x : item'0) + predicate inv'6 (_x : item'0) - axiom inv'7 : forall x : item'0 . inv'7 x = true + axiom inv'6 : forall x : item'0 . inv'6 x = true use Core_Iter_Adapters_Take_Take_Type as Take'0 @@ -1830,34 +1632,28 @@ module C03StdIterators_SkipTake use prelude.prelude.UIntSize - constant max'0 : usize = [%#span20] (18446744073709551615 : usize) + constant max'0 : usize = [%#span13] (18446744073709551615 : usize) function n'0 (self : Take'0.t_take i) : int - axiom n'0_spec : forall self : Take'0.t_take i . ([%#span21] inv'3 self) - -> ([%#span22] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (max'0 : usize)) + axiom n'0_spec : forall self : Take'0.t_take i . ([%#span14] inv'3 self) + -> ([%#span15] n'0 self >= 0 /\ n'0 self <= UIntSize.to_int (max'0 : usize)) predicate produces'1 (self : Take'0.t_take i) (visited : Seq'0.t_seq item'0) (o : Take'0.t_take i) = - [%#span23] n'0 self = n'0 o + len'0 visited /\ produces'2 (iter'0 self) visited (iter'0 o) + [%#span16] n'0 self = n'0 o + len'0 visited /\ produces'2 (iter'0 self) visited (iter'0 o) function produces_trans'1 (a : Take'0.t_take i) (ab : Seq'0.t_seq item'0) (b : Take'0.t_take i) (bc : Seq'0.t_seq item'0) (c : Take'0.t_take i) : () - axiom produces_trans'1_spec : forall a : Take'0.t_take i, ab : Seq'0.t_seq item'0, b : Take'0.t_take i, bc : Seq'0.t_seq item'0, c : Take'0.t_take i . ([%#span24] produces'1 a ab b) - -> ([%#span25] produces'1 b bc c) - -> ([%#span26] inv'3 a) - -> ([%#span27] inv'6 ab) - -> ([%#span28] inv'3 b) - -> ([%#span29] inv'6 bc) -> ([%#span30] inv'3 c) -> ([%#span31] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'1_spec : forall a : Take'0.t_take i, ab : Seq'0.t_seq item'0, b : Take'0.t_take i, bc : Seq'0.t_seq item'0, c : Take'0.t_take i . ([%#span17] produces'1 a ab b) + -> ([%#span18] produces'1 b bc c) + -> ([%#span19] inv'3 a) + -> ([%#span20] inv'3 b) -> ([%#span21] inv'3 c) -> ([%#span22] produces'1 a (concat'0 ab bc) c) function produces_refl'1 (self : Take'0.t_take i) : () - axiom produces_refl'1_spec : forall self : Take'0.t_take i . ([%#span32] inv'3 self) - -> ([%#span33] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) - - predicate invariant'6 (self : Seq'0.t_seq item'0) - - axiom inv'6 : forall x : Seq'0.t_seq item'0 . inv'6 x = true + axiom produces_refl'1_spec : forall self : Take'0.t_take i . ([%#span23] inv'3 self) + -> ([%#span24] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) predicate invariant'5 (self : borrowed (Take'0.t_take i)) @@ -1865,10 +1661,9 @@ module C03StdIterators_SkipTake axiom inv'5 : forall x : borrowed (Take'0.t_take i) . inv'5 x = true - function empty_len'0 (_1 : ()) : () = - [%#span35] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span34] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span25] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 use Core_Iter_Adapters_Skip_Skip_Type as Skip'0 @@ -1880,34 +1675,31 @@ module C03StdIterators_SkipTake function n'1 (self : Skip'0.t_skip (Take'0.t_take i)) : int - axiom n'1_spec : forall self : Skip'0.t_skip (Take'0.t_take i) . ([%#span36] inv'0 self) - -> ([%#span37] n'1 self >= 0 /\ n'1 self <= UIntSize.to_int (max'0 : usize)) + axiom n'1_spec : forall self : Skip'0.t_skip (Take'0.t_take i) . ([%#span26] inv'0 self) + -> ([%#span27] n'1 self >= 0 /\ n'1 self <= UIntSize.to_int (max'0 : usize)) predicate produces'0 (self : Skip'0.t_skip (Take'0.t_take i)) (visited : Seq'0.t_seq item'0) (o : Skip'0.t_skip (Take'0.t_take i)) = - [%#span38] visited = (empty'0 : Seq'0.t_seq item'0) /\ self = o + [%#span28] visited = (empty'0 : Seq'0.t_seq item'0) /\ self = o \/ n'1 o = 0 /\ len'0 visited > 0 - /\ (exists s : Seq'0.t_seq item'0 . inv'6 s - /\ len'0 s = n'1 self + /\ (exists s : Seq'0.t_seq item'0 . len'0 s = n'1 self /\ produces'1 (iter'1 self) (concat'0 s visited) (iter'1 o) /\ (forall i : int . 0 <= i /\ i < len'0 s -> resolve'3 (index_logic'0 s i))) function produces_trans'0 (a : Skip'0.t_skip (Take'0.t_take i)) (ab : Seq'0.t_seq item'0) (b : Skip'0.t_skip (Take'0.t_take i)) (bc : Seq'0.t_seq item'0) (c : Skip'0.t_skip (Take'0.t_take i)) : () - axiom produces_trans'0_spec : forall a : Skip'0.t_skip (Take'0.t_take i), ab : Seq'0.t_seq item'0, b : Skip'0.t_skip (Take'0.t_take i), bc : Seq'0.t_seq item'0, c : Skip'0.t_skip (Take'0.t_take i) . ([%#span39] produces'0 a ab b) - -> ([%#span40] produces'0 b bc c) - -> ([%#span41] inv'0 a) - -> ([%#span42] inv'6 ab) - -> ([%#span43] inv'0 b) - -> ([%#span44] inv'6 bc) -> ([%#span45] inv'0 c) -> ([%#span46] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : Skip'0.t_skip (Take'0.t_take i), ab : Seq'0.t_seq item'0, b : Skip'0.t_skip (Take'0.t_take i), bc : Seq'0.t_seq item'0, c : Skip'0.t_skip (Take'0.t_take i) . ([%#span29] produces'0 a ab b) + -> ([%#span30] produces'0 b bc c) + -> ([%#span31] inv'0 a) + -> ([%#span32] inv'0 b) -> ([%#span33] inv'0 c) -> ([%#span34] produces'0 a (concat'0 ab bc) c) function produces_refl'0 (self : Skip'0.t_skip (Take'0.t_take i)) : () - axiom produces_refl'0_spec : forall self : Skip'0.t_skip (Take'0.t_take i) . ([%#span47] inv'0 self) - -> ([%#span48] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : Skip'0.t_skip (Take'0.t_take i) . ([%#span35] inv'0 self) + -> ([%#span36] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) predicate invariant'4 (self : borrowed (Skip'0.t_skip (Take'0.t_take i))) @@ -1942,64 +1734,60 @@ module C03StdIterators_SkipTake predicate resolve'4 (self : i) predicate resolve'2 (self : Take'0.t_take i) = - [%#span49] resolve'4 (iter'0 self) + [%#span37] resolve'4 (iter'0 self) predicate resolve'0 (self : Skip'0.t_skip (Take'0.t_take i)) = - [%#span50] resolve'2 (iter'1 self) - - use seq.Seq + [%#span38] resolve'2 (iter'1 self) function singleton'0 (v : item'0) : Seq'0.t_seq item'0 - axiom singleton'0_spec : forall v : item'0 . ([%#span51] inv'7 v) - -> ([%#span54] inv'6 (singleton'0 v)) - && ([%#span53] index_logic'0 (singleton'0 v) 0 = v) && ([%#span52] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : item'0 . ([%#span39] inv'6 v) + -> ([%#span41] index_logic'0 (singleton'0 v) 0 = v) && ([%#span40] len'0 (singleton'0 v) = 1) predicate completed'2 (self : borrowed i) function iter_mut'0 (self : borrowed (Take'0.t_take i)) : borrowed i - axiom iter_mut'0_spec : forall self : borrowed (Take'0.t_take i) . ([%#span55] inv'5 self) - -> ([%#span57] inv'8 (iter_mut'0 self)) - && ([%#span56] iter'0 ( * self) = * iter_mut'0 self /\ iter'0 ( ^ self) = ^ iter_mut'0 self) + axiom iter_mut'0_spec : forall self : borrowed (Take'0.t_take i) . ([%#span42] inv'5 self) + -> ([%#span44] inv'7 (iter_mut'0 self)) + && ([%#span43] iter'0 ( * self) = * iter_mut'0 self /\ iter'0 ( ^ self) = ^ iter_mut'0 self) predicate resolve'5 (self : borrowed (Take'0.t_take i)) = - [%#span58] ^ self = * self + [%#span45] ^ self = * self predicate completed'1 (self : borrowed (Take'0.t_take i)) = - [%#span59] n'0 ( * self) = 0 /\ resolve'5 self + [%#span46] n'0 ( * self) = 0 /\ resolve'5 self \/ n'0 ( * self) > 0 /\ n'0 ( * self) = n'0 ( ^ self) + 1 /\ completed'2 (iter_mut'0 self) predicate completed'0 (self : borrowed (Skip'0.t_skip (Take'0.t_take i))) = - [%#span60] n'1 ( ^ self) = 0 + [%#span47] n'1 ( ^ self) = 0 /\ (exists i : borrowed (Take'0.t_take i) . exists s : Seq'0.t_seq item'0 . inv'5 i - /\ inv'6 s /\ len'0 s <= n'1 ( * self) /\ produces'1 (iter'1 ( * self)) s ( * i) /\ (forall i : int . 0 <= i /\ i < len'0 s -> resolve'3 (index_logic'0 s i)) /\ completed'1 i /\ ^ i = iter'1 ( ^ self)) - let rec next'0 (self:borrowed (Skip'0.t_skip (Take'0.t_take i))) (return' (ret:Option'0.t_option item'0))= {[@expl:precondition] [%#span61] inv'4 self} + let rec next'0 (self:borrowed (Skip'0.t_skip (Take'0.t_take i))) (return' (ret:Option'0.t_option item'0))= {[@expl:precondition] [%#span48] inv'4 self} any - [ return' (result:Option'0.t_option item'0)-> {[%#span63] inv'1 result} - {[%#span62] match result with + [ return' (result:Option'0.t_option item'0)-> {[%#span50] inv'1 result} + {[%#span49] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} (! return' {result}) ] - let rec skip'0 (self:Take'0.t_take i) (n:usize) (return' (ret:Skip'0.t_skip (Take'0.t_take i)))= {[@expl:precondition] [%#span64] inv'3 self} + let rec skip'0 (self:Take'0.t_take i) (n:usize) (return' (ret:Skip'0.t_skip (Take'0.t_take i)))= {[@expl:precondition] [%#span51] inv'3 self} any - [ return' (result:Skip'0.t_skip (Take'0.t_take i))-> {[%#span66] inv'0 result} - {[%#span65] iter'1 result = self /\ n'1 result = UIntSize.to_int n} + [ return' (result:Skip'0.t_skip (Take'0.t_take i))-> {[%#span53] inv'0 result} + {[%#span52] iter'1 result = self /\ n'1 result = UIntSize.to_int n} (! return' {result}) ] - let rec take'0 (self:i) (n:usize) (return' (ret:Take'0.t_take i))= {[@expl:precondition] [%#span67] inv'2 self} + let rec take'0 (self:i) (n:usize) (return' (ret:Take'0.t_take i))= {[@expl:precondition] [%#span54] inv'2 self} any - [ return' (result:Take'0.t_take i)-> {[%#span68] inv'3 result} - {[%#span65] iter'0 result = self /\ n'0 result = UIntSize.to_int n} + [ return' (result:Take'0.t_take i)-> {[%#span55] inv'3 result} + {[%#span52] iter'0 result = self /\ n'0 result = UIntSize.to_int n} (! return' {result}) ] @@ -2100,49 +1888,29 @@ module C03StdIterators_Counter_Closure0 let%span s03_std_iterators2 = "../03_std_iterators.rs" 48 22 48 89 - let%span span3 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span5 = "" 0 0 0 0 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span6 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span9 = "" 0 0 0 0 - - let%span span10 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + use prelude.prelude.Int use prelude.prelude.UInt32 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'0 (self : Seq'0.t_seq uint32) = - [%#span3] true - - predicate inv'0 (_x : Seq'0.t_seq uint32) - - axiom inv'0 : forall x : Seq'0.t_seq uint32 . inv'0 x = true - - use prelude.prelude.Int - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq uint32) : int - axiom len'0_spec : forall self : Seq'0.t_seq uint32 . ([%#span4] inv'0 self) -> ([%#span5] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq uint32 . [%#span3] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq uint32 = [%#span6] () + constant empty'0 : Seq'0.t_seq uint32 - function empty_len'0 (_1 : ()) : () = - [%#span8] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span7] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span4] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 use prelude.prelude.Int16 @@ -2164,7 +1932,7 @@ module C03StdIterators_Counter_Closure0 = ^ field_0'0 _2 = ^ field_0'0 self - constant max'0 : usize = [%#span9] (18446744073709551615 : usize) + constant max'0 : usize = [%#span5] (18446744073709551615 : usize) function deref'0 (self : Snapshot'0.t_snapshot (Seq'0.t_seq uint32)) : Seq'0.t_seq uint32 @@ -2173,7 +1941,7 @@ module C03StdIterators_Counter_Closure0 use prelude.prelude.Intrinsic predicate resolve'0 (self : borrowed Closure'0.c03stditerators_counter_closure0) = - [%#span10] ^ self = * self + [%#span6] ^ self = * self let rec c03stditerators_counter_closure0 (_1:borrowed Closure'0.c03stditerators_counter_closure0) (x:uint32) (_prod:Snapshot'0.t_snapshot (Seq'0.t_seq uint32)) (return' (ret:uint32))= {[%#s03_std_iterators1] UIntSize.to_int ( * field_0'0 ( * _1)) = len'0 (deref'0 _prod) @@ -2221,229 +1989,192 @@ module C03StdIterators_Counter let%span span4 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span10 = "" 0 0 0 0 - - let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - - let%span span12 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - - let%span span13 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 - - let%span span14 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span20 = "../03_std_iterators.rs" 47 23 47 65 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span21 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span22 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span7 = "" 0 0 0 0 - let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 + let%span span8 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 + let%span span9 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 + let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 + let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 + let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span28 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 + let%span span13 = "../03_std_iterators.rs" 47 23 47 65 - let%span span29 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span14 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span30 = "../../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span15 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span31 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 + let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span span32 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span span33 = "../../../../../creusot-contracts/src/std/slice.rs" 76 19 76 23 + let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span span34 = "../../../../../creusot-contracts/src/std/slice.rs" 74 14 74 41 + let%span span19 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span35 = "../../../../../creusot-contracts/src/std/slice.rs" 75 4 75 82 + let%span span20 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span36 = "../../../../../creusot-contracts/src/std/slice.rs" 76 4 76 35 + let%span span21 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 - let%span span37 = "../../../../../creusot-contracts/src/std/slice.rs" 384 12 384 66 + let%span span22 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span38 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9 + let%span span23 = "../../../../../creusot-contracts/src/std/slice.rs" 76 19 76 23 - let%span span39 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 28 15 28 32 + let%span span24 = "../../../../../creusot-contracts/src/std/slice.rs" 74 14 74 41 - let%span span40 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 32 + let%span span25 = "../../../../../creusot-contracts/src/std/slice.rs" 75 4 75 82 - let%span span41 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 31 22 31 23 + let%span span26 = "../../../../../creusot-contracts/src/std/slice.rs" 384 12 384 66 - let%span span42 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 31 31 31 33 + let%span span27 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9 - let%span span43 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 31 52 31 53 + let%span span28 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 28 15 28 32 - let%span span44 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 31 61 31 63 + let%span span29 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 32 - let%span span45 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 31 82 31 83 + let%span span30 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 31 22 31 23 - let%span span46 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 30 14 30 42 + let%span span31 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 31 52 31 53 - let%span span47 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 24 21 24 25 + let%span span32 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 31 82 31 83 - let%span span48 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 23 14 23 45 + let%span span33 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 30 14 30 42 - let%span span49 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span34 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 24 21 24 25 - let%span span50 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span35 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 23 14 23 45 - let%span span51 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span36 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span52 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span37 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span53 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 112 8 116 9 + let%span span38 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span54 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span39 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 112 8 116 9 - let%span span55 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 135 8 142 9 + let%span span40 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span56 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 121 24 121 28 + let%span span41 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 135 8 142 9 - let%span span57 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 121 33 121 37 + let%span span42 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 121 24 121 28 - let%span span58 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 121 42 121 50 + let%span span43 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 121 33 121 37 - let%span span59 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 120 4 120 83 + let%span span44 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 120 4 120 83 - let%span span60 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span45 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span61 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span46 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span62 = "../../../../../creusot-contracts/src/std/slice.rs" 377 20 377 61 + let%span span47 = "../../../../../creusot-contracts/src/std/slice.rs" 377 20 377 61 - let%span span63 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 148 8 153 9 + let%span span48 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 148 8 153 9 - let%span span64 = "../../../../../creusot-contracts/src/std/slice.rs" 395 15 395 32 + let%span span49 = "../../../../../creusot-contracts/src/std/slice.rs" 395 15 395 32 - let%span span65 = "../../../../../creusot-contracts/src/std/slice.rs" 396 15 396 32 + let%span span50 = "../../../../../creusot-contracts/src/std/slice.rs" 396 15 396 32 - let%span span66 = "../../../../../creusot-contracts/src/std/slice.rs" 398 31 398 33 + let%span span51 = "../../../../../creusot-contracts/src/std/slice.rs" 397 14 397 42 - let%span span67 = "../../../../../creusot-contracts/src/std/slice.rs" 398 61 398 63 + let%span span52 = "../../../../../creusot-contracts/src/std/slice.rs" 393 4 393 10 - let%span span68 = "../../../../../creusot-contracts/src/std/slice.rs" 397 14 397 42 + let%span span53 = "../../../../../creusot-contracts/src/std/slice.rs" 390 14 390 45 - let%span span69 = "../../../../../creusot-contracts/src/std/slice.rs" 393 4 393 10 + let%span span54 = "../../../../../creusot-contracts/src/std/slice.rs" 388 4 388 10 - let%span span70 = "../../../../../creusot-contracts/src/std/slice.rs" 390 14 390 45 + let%span span55 = "../../../../../creusot-contracts/src/std/iter.rs" 38 15 38 32 - let%span span71 = "../../../../../creusot-contracts/src/std/slice.rs" 388 4 388 10 + let%span span56 = "../../../../../creusot-contracts/src/std/iter.rs" 39 15 39 32 - let%span span72 = "../../../../../creusot-contracts/src/std/iter.rs" 38 15 38 32 + let%span span57 = "../../../../../creusot-contracts/src/std/iter.rs" 41 22 41 23 - let%span span73 = "../../../../../creusot-contracts/src/std/iter.rs" 39 15 39 32 + let%span span58 = "../../../../../creusot-contracts/src/std/iter.rs" 41 52 41 53 - let%span span74 = "../../../../../creusot-contracts/src/std/iter.rs" 41 22 41 23 + let%span span59 = "../../../../../creusot-contracts/src/std/iter.rs" 41 82 41 83 - let%span span75 = "../../../../../creusot-contracts/src/std/iter.rs" 41 31 41 33 + let%span span60 = "../../../../../creusot-contracts/src/std/iter.rs" 40 14 40 42 - let%span span76 = "../../../../../creusot-contracts/src/std/iter.rs" 41 52 41 53 + let%span span61 = "../../../../../creusot-contracts/src/std/iter.rs" 35 21 35 25 - let%span span77 = "../../../../../creusot-contracts/src/std/iter.rs" 41 61 41 63 + let%span span62 = "../../../../../creusot-contracts/src/std/iter.rs" 34 14 34 45 - let%span span78 = "../../../../../creusot-contracts/src/std/iter.rs" 41 82 41 83 + let%span span63 = "../../../../../creusot-contracts/src/logic/seq2.rs" 87 4 87 38 - let%span span79 = "../../../../../creusot-contracts/src/std/iter.rs" 40 14 40 42 + let%span span64 = "../../../../../creusot-contracts/src/logic/seq2.rs" 88 4 89 81 - let%span span80 = "../../../../../creusot-contracts/src/std/iter.rs" 35 21 35 25 + let%span span65 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 - let%span span81 = "../../../../../creusot-contracts/src/std/iter.rs" 34 14 34 45 + let%span span66 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span82 = "../../../../../creusot-contracts/src/logic/seq2.rs" 91 18 91 22 + let%span span67 = "../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 - let%span span83 = "../../../../../creusot-contracts/src/logic/seq2.rs" 91 24 91 27 + let%span span68 = "../../../../../creusot-contracts/src/std/vec.rs" 275 20 275 32 - let%span span84 = "../../../../../creusot-contracts/src/logic/seq2.rs" 88 4 88 38 + let%span span69 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 15 8 18 9 - let%span span85 = "../../../../../creusot-contracts/src/logic/seq2.rs" 89 4 90 81 + let%span span70 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 56 4 56 27 - let%span span86 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 + let%span span71 = "" 0 0 0 0 - let%span span87 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span72 = "../../../../../creusot-contracts/src/std/iter.rs" 136 16 137 83 - let%span span88 = "../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 - - let%span span89 = "../../../../../creusot-contracts/src/std/vec.rs" 275 20 275 32 - - let%span span90 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 15 8 18 9 + let%span span73 = "" 0 0 0 0 - let%span span91 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 56 4 56 27 + let%span span74 = "../../../../../creusot-contracts/src/std/iter.rs" 43 4 43 141 - let%span span92 = "" 0 0 0 0 + let%span span75 = "../../../../../creusot-contracts/src/std/iter.rs" 44 15 44 51 - let%span span93 = "../../../../../creusot-contracts/src/std/iter.rs" 136 16 137 83 + let%span span76 = "../../../../../creusot-contracts/src/std/iter.rs" 45 15 45 70 - let%span span94 = "" 0 0 0 0 + let%span span77 = "../../../../../creusot-contracts/src/std/iter.rs" 47 21 47 25 - let%span span95 = "../../../../../creusot-contracts/src/std/iter.rs" 43 4 43 141 + let%span span78 = "../../../../../creusot-contracts/src/std/iter.rs" 47 27 47 31 - let%span span96 = "../../../../../creusot-contracts/src/std/iter.rs" 44 15 44 51 + let%span span79 = "../../../../../creusot-contracts/src/std/iter.rs" 46 14 46 88 - let%span span97 = "../../../../../creusot-contracts/src/std/iter.rs" 45 15 45 70 + let%span span80 = "../../../../../creusot-contracts/src/std/iter.rs" 47 4 50 61 - let%span span98 = "../../../../../creusot-contracts/src/std/iter.rs" 47 21 47 25 + let%span span81 = "" 0 0 0 0 - let%span span99 = "../../../../../creusot-contracts/src/std/iter.rs" 47 27 47 31 + let%span span82 = "../../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 - let%span span100 = "../../../../../creusot-contracts/src/std/iter.rs" 46 14 46 88 + let%span span83 = "" 0 0 0 0 - let%span span101 = "../../../../../creusot-contracts/src/std/iter.rs" 47 4 50 61 + let%span span84 = "../../../../../creusot-contracts/src/std/vec.rs" 163 26 163 42 - let%span span102 = "" 0 0 0 0 + let%span span85 = "" 0 0 0 0 - let%span span103 = "../../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 + use prelude.prelude.UInt32 - let%span span104 = "" 0 0 0 0 + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - let%span span105 = "../../../../../creusot-contracts/src/std/vec.rs" 163 26 163 42 + predicate invariant'13 (self : Seq'0.t_seq uint32) = + [%#span4] true - let%span span106 = "" 0 0 0 0 + predicate inv'13 (_x : Seq'0.t_seq uint32) - use prelude.prelude.UInt32 + axiom inv'13 : forall x : Seq'0.t_seq uint32 . inv'13 x = true use prelude.prelude.Slice - predicate invariant'14 (self : slice uint32) = + predicate invariant'12 (self : slice uint32) = [%#span4] true - predicate inv'14 (_x : slice uint32) + predicate inv'12 (_x : slice uint32) - axiom inv'14 : forall x : slice uint32 . inv'14 x = true + axiom inv'12 : forall x : slice uint32 . inv'12 x = true use prelude.prelude.Int - use seq.Seq - use prelude.prelude.UIntSize - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Int16 @@ -2452,59 +2183,47 @@ module C03StdIterators_Counter use C03StdIterators_Counter_Closure0_Type as Closure'0 - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - predicate inv'13 (_x : Seq'0.t_seq (borrowed Closure'0.c03stditerators_counter_closure0)) - function len'2 (self : Seq'0.t_seq (borrowed Closure'0.c03stditerators_counter_closure0)) : int - axiom len'2_spec : forall self : Seq'0.t_seq (borrowed Closure'0.c03stditerators_counter_closure0) . ([%#span5] inv'13 self) - -> ([%#span6] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq (borrowed Closure'0.c03stditerators_counter_closure0) . [%#span5] len'2 self + >= 0 - constant empty'2 : Seq'0.t_seq (borrowed Closure'0.c03stditerators_counter_closure0) = [%#span7] () + constant empty'2 : Seq'0.t_seq (borrowed Closure'0.c03stditerators_counter_closure0) - function empty_len'2 (_1 : ()) : () = - [%#span9] () + function empty_len'2 (_1 : ()) : () - axiom empty_len'2_spec : forall _1 : () . [%#span8] len'2 (empty'2 : Seq'0.t_seq (borrowed Closure'0.c03stditerators_counter_closure0)) + axiom empty_len'2_spec : forall _1 : () . [%#span6] len'2 (empty'2 : Seq'0.t_seq (borrowed Closure'0.c03stditerators_counter_closure0)) = 0 - predicate invariant'13 (self : Seq'0.t_seq (borrowed Closure'0.c03stditerators_counter_closure0)) = + predicate invariant'11 (self : borrowed Closure'0.c03stditerators_counter_closure0) = [%#span4] true - axiom inv'13 : forall x : Seq'0.t_seq (borrowed Closure'0.c03stditerators_counter_closure0) . inv'13 x = true + predicate inv'11 (_x : borrowed Closure'0.c03stditerators_counter_closure0) - predicate invariant'12 (self : borrowed Closure'0.c03stditerators_counter_closure0) = - [%#span4] true - - predicate inv'12 (_x : borrowed Closure'0.c03stditerators_counter_closure0) + axiom inv'11 : forall x : borrowed Closure'0.c03stditerators_counter_closure0 . inv'11 x = true - axiom inv'12 : forall x : borrowed Closure'0.c03stditerators_counter_closure0 . inv'12 x = true - - predicate invariant'11 (self : uint32) = + predicate invariant'10 (self : uint32) = [%#span4] true - predicate inv'11 (_x : uint32) + predicate inv'10 (_x : uint32) - axiom inv'11 : forall x : uint32 . inv'11 x = true + axiom inv'10 : forall x : uint32 . inv'10 x = true use Core_Slice_Iter_Iter_Type as Iter'0 - predicate invariant'10 (self : borrowed (Iter'0.t_iter uint32)) = + predicate invariant'9 (self : borrowed (Iter'0.t_iter uint32)) = [%#span4] true - predicate inv'10 (_x : borrowed (Iter'0.t_iter uint32)) + predicate inv'9 (_x : borrowed (Iter'0.t_iter uint32)) - axiom inv'10 : forall x : borrowed (Iter'0.t_iter uint32) . inv'10 x = true + axiom inv'9 : forall x : borrowed (Iter'0.t_iter uint32) . inv'9 x = true - predicate invariant'9 (self : Seq'0.t_seq uint32) = + predicate invariant'8 (self : Seq'0.t_seq uint32) = [%#span4] true - predicate inv'9 (_x : Seq'0.t_seq uint32) - - axiom inv'9 : forall x : Seq'0.t_seq uint32 . inv'9 x = true + predicate inv'8 (_x : Seq'0.t_seq uint32) - predicate inv'6 (_x : Seq'0.t_seq uint32) + axiom inv'8 : forall x : Seq'0.t_seq uint32 . inv'8 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -2512,44 +2231,36 @@ module C03StdIterators_Counter use prelude.prelude.UIntSize - constant max'0 : usize = [%#span10] (18446744073709551615 : usize) - - use seq.Seq + constant max'0 : usize = [%#span7] (18446744073709551615 : usize) function len'0 (self : Seq'0.t_seq uint32) : int - axiom len'0_spec : forall self : Seq'0.t_seq uint32 . ([%#span5] inv'6 self) -> ([%#span6] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq uint32 . [%#span5] len'0 self >= 0 - predicate inv'8 (_x : Vec'0.t_vec uint32 (Global'0.t_global)) + predicate inv'7 (_x : Vec'0.t_vec uint32 (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec uint32 (Global'0.t_global)) : Seq'0.t_seq uint32 - axiom shallow_model'0_spec : forall self : Vec'0.t_vec uint32 (Global'0.t_global) . ([%#span11] inv'8 self) - -> ([%#span13] inv'6 (shallow_model'0 self)) - && ([%#span12] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec uint32 (Global'0.t_global) . ([%#span8] inv'7 self) + -> ([%#span9] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) - predicate invariant'8 (self : Vec'0.t_vec uint32 (Global'0.t_global)) = - [%#span14] inv'6 (shallow_model'0 self) + predicate invariant'7 (self : Vec'0.t_vec uint32 (Global'0.t_global)) = + [%#span10] inv'13 (shallow_model'0 self) - axiom inv'8 : forall x : Vec'0.t_vec uint32 (Global'0.t_global) . inv'8 x = true + axiom inv'7 : forall x : Vec'0.t_vec uint32 (Global'0.t_global) . inv'7 x = true use CreusotContracts_Std1_Iter_MapInv_MapInv_Type as MapInv'0 - use seq.Seq - - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq uint32) (x : int) : uint32 + function index_logic'1 (self : Seq'0.t_seq uint32) (_2 : int) : uint32 function concat'1 (self : Seq'0.t_seq uint32) (other : Seq'0.t_seq uint32) : Seq'0.t_seq uint32 - axiom concat'1_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span15] inv'6 self) - -> ([%#span16] inv'6 other) - -> ([%#span19] inv'6 (concat'1 self other)) - && ([%#span18] forall i : int . 0 <= i /\ i < len'0 (concat'1 self other) + axiom concat'1_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span12] forall i : int . 0 + <= i + /\ i < len'0 (concat'1 self other) -> index_logic'1 (concat'1 self other) i = (if i < len'0 self then index_logic'1 self i else index_logic'1 other (i - len'0 self))) - && ([%#span17] len'0 (concat'1 self other) = len'0 self + len'0 other) + && ([%#span11] len'0 (concat'1 self other) = len'0 self + len'0 other) predicate inv'5 (_x : MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0) @@ -2563,11 +2274,9 @@ module C03StdIterators_Counter = ^ field_0'0 _2 = ^ field_0'0 self - use seq.Seq - function len'1 (self : Seq'0.t_seq uint32) : int - axiom len'1_spec : forall self : Seq'0.t_seq uint32 . ([%#span5] inv'9 self) -> ([%#span6] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq uint32 . [%#span5] len'1 self >= 0 function deref'1 (self : Snapshot'0.t_snapshot (Seq'0.t_seq uint32)) : Seq'0.t_seq uint32 @@ -2581,45 +2290,34 @@ module C03StdIterators_Counter predicate precondition'0 [#"../03_std_iterators.rs" 48 12 48 91] (self : Closure'0.c03stditerators_counter_closure0) (args : (uint32, Snapshot'0.t_snapshot (Seq'0.t_seq uint32))) = - [%#span20] let (x, _prod) = args in UIntSize.to_int ( * field_0'0 self) = len'1 (deref'1 _prod) + [%#span13] let (x, _prod) = args in UIntSize.to_int ( * field_0'0 self) = len'1 (deref'1 _prod) /\ * field_0'0 self < (max'0 : usize) function new'0 (x : Seq'0.t_seq uint32) : Snapshot'0.t_snapshot (Seq'0.t_seq uint32) - axiom new'0_spec : forall x : Seq'0.t_seq uint32 . ([%#span21] inv'9 x) -> ([%#span22] deref'1 (new'0 x) = x) + axiom new'0_spec : forall x : Seq'0.t_seq uint32 . ([%#span14] inv'8 x) -> ([%#span15] deref'1 (new'0 x) = x) - use prelude.seq_ext.SeqExt - - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq uint32) (x : int) : uint32 + function index_logic'2 (self : Seq'0.t_seq uint32) (_2 : int) : uint32 function subsequence'0 (self : Seq'0.t_seq uint32) (n : int) (m : int) : Seq'0.t_seq uint32 - axiom subsequence'0_spec : forall self : Seq'0.t_seq uint32, n : int, m : int . ([%#span23] 0 <= n + axiom subsequence'0_spec : forall self : Seq'0.t_seq uint32, n : int, m : int . ([%#span16] 0 <= n /\ n <= m /\ m <= len'1 self) - -> ([%#span24] inv'9 self) - -> ([%#span27] inv'9 (subsequence'0 self n m)) - && ([%#span26] forall i : int . 0 <= i /\ i < len'1 (subsequence'0 self n m) + -> ([%#span18] forall i : int . 0 <= i /\ i < len'1 (subsequence'0 self n m) -> index_logic'2 (subsequence'0 self n m) i = index_logic'2 self (n + i)) - && ([%#span25] len'1 (subsequence'0 self n m) = m - n) + && ([%#span17] len'1 (subsequence'0 self n m) = m - n) - use seq.Seq - - function index_logic'3 (self : Seq'0.t_seq (borrowed Closure'0.c03stditerators_counter_closure0)) (x : int) : borrowed Closure'0.c03stditerators_counter_closure0 + function index_logic'3 (self : Seq'0.t_seq (borrowed Closure'0.c03stditerators_counter_closure0)) (_2 : int) : borrowed Closure'0.c03stditerators_counter_closure0 - use seq.Seq - function concat'0 (self : Seq'0.t_seq uint32) (other : Seq'0.t_seq uint32) : Seq'0.t_seq uint32 - axiom concat'0_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span15] inv'9 self) - -> ([%#span16] inv'9 other) - -> ([%#span19] inv'9 (concat'0 self other)) - && ([%#span18] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span12] forall i : int . 0 + <= i + /\ i < len'1 (concat'0 self other) -> index_logic'2 (concat'0 self other) i = (if i < len'1 self then index_logic'2 self i else index_logic'2 other (i - len'1 self))) - && ([%#span17] len'1 (concat'0 self other) = len'1 self + len'1 other) + && ([%#span11] len'1 (concat'0 self other) = len'1 self + len'1 other) function inner'0 (self : Snapshot'0.t_snapshot (Seq'0.t_seq uint32)) : Seq'0.t_seq uint32 @@ -2627,42 +2325,38 @@ module C03StdIterators_Counter function shallow_model'4 (self : slice uint32) : Seq'0.t_seq uint32 - axiom shallow_model'4_spec : forall self : slice uint32 . ([%#span28] inv'14 self) - -> ([%#span30] inv'6 (shallow_model'4 self)) - && ([%#span29] len'0 (shallow_model'4 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'4_spec : forall self : slice uint32 . ([%#span19] inv'12 self) + -> ([%#span20] len'0 (shallow_model'4 self) <= UIntSize.to_int (max'0 : usize)) function index_logic'4 [@inline:trivial] (self : slice uint32) (ix : int) : uint32 = - [%#span31] index_logic'1 (shallow_model'4 self) ix + [%#span21] index_logic'1 (shallow_model'4 self) ix function shallow_model'1 (self : slice uint32) : Seq'0.t_seq uint32 = - [%#span32] shallow_model'4 self + [%#span22] shallow_model'4 self predicate inv'1 (_x : slice uint32) function to_ref_seq'0 (self : slice uint32) : Seq'0.t_seq uint32 - axiom to_ref_seq'0_spec : forall self : slice uint32 . ([%#span33] inv'1 self) - -> ([%#span36] inv'9 (to_ref_seq'0 self)) - && ([%#span35] forall i : int . 0 <= i /\ i < len'1 (to_ref_seq'0 self) + axiom to_ref_seq'0_spec : forall self : slice uint32 . ([%#span23] inv'1 self) + -> ([%#span25] forall i : int . 0 <= i /\ i < len'1 (to_ref_seq'0 self) -> index_logic'2 (to_ref_seq'0 self) i = index_logic'4 self i) - && ([%#span34] len'1 (to_ref_seq'0 self) = len'0 (shallow_model'1 self)) + && ([%#span24] len'1 (to_ref_seq'0 self) = len'0 (shallow_model'1 self)) function shallow_model'3 (self : Iter'0.t_iter uint32) : slice uint32 predicate produces'0 (self : Iter'0.t_iter uint32) (visited : Seq'0.t_seq uint32) (tl : Iter'0.t_iter uint32) = - [%#span37] to_ref_seq'0 (shallow_model'3 self) = concat'0 visited (to_ref_seq'0 (shallow_model'3 tl)) + [%#span26] to_ref_seq'0 (shallow_model'3 self) = concat'0 visited (to_ref_seq'0 (shallow_model'3 tl)) predicate produces'1 [@inline:trivial] (self : MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0) (visited : Seq'0.t_seq uint32) (succ : MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0) = - [%#span38] unnest'0 (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func self) (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func succ) - /\ (exists s : Seq'0.t_seq uint32 . inv'9 s - /\ len'1 s = len'0 visited + [%#span27] unnest'0 (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func self) (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func succ) + /\ (exists s : Seq'0.t_seq uint32 . len'1 s = len'0 visited /\ produces'0 (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter self) s (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter succ) /\ inner'0 (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced succ) = concat'0 (deref'1 (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced self)) s - /\ (exists fs : Seq'0.t_seq (borrowed Closure'0.c03stditerators_counter_closure0) . inv'13 fs - /\ len'2 fs = len'0 visited + /\ (exists fs : Seq'0.t_seq (borrowed Closure'0.c03stditerators_counter_closure0) . len'2 fs = len'0 visited /\ (forall i : int . 1 <= i /\ i < len'2 fs -> ^ index_logic'3 fs (i - 1) = * index_logic'3 fs i) /\ (if len'0 visited = 0 then CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func self @@ -2679,95 +2373,83 @@ module C03StdIterators_Counter function produces_trans'2 (a : MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0) (ab : Seq'0.t_seq uint32) (b : MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0) (bc : Seq'0.t_seq uint32) (c : MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0) : () - axiom produces_trans'2_spec : forall a : MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0, ab : Seq'0.t_seq uint32, b : MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0, bc : Seq'0.t_seq uint32, c : MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0 . ([%#span39] produces'1 a ab b) - -> ([%#span40] produces'1 b bc c) - -> ([%#span41] inv'5 a) - -> ([%#span42] inv'6 ab) - -> ([%#span43] inv'5 b) - -> ([%#span44] inv'6 bc) -> ([%#span45] inv'5 c) -> ([%#span46] produces'1 a (concat'1 ab bc) c) + axiom produces_trans'2_spec : forall a : MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0, ab : Seq'0.t_seq uint32, b : MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0, bc : Seq'0.t_seq uint32, c : MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0 . ([%#span28] produces'1 a ab b) + -> ([%#span29] produces'1 b bc c) + -> ([%#span30] inv'5 a) + -> ([%#span31] inv'5 b) -> ([%#span32] inv'5 c) -> ([%#span33] produces'1 a (concat'1 ab bc) c) - constant empty'1 : Seq'0.t_seq uint32 = [%#span7] () + constant empty'1 : Seq'0.t_seq uint32 function produces_refl'2 (self : MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0) : () - axiom produces_refl'2_spec : forall self : MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0 . ([%#span47] inv'5 self) - -> ([%#span48] produces'1 self (empty'1 : Seq'0.t_seq uint32) self) + axiom produces_refl'2_spec : forall self : MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0 . ([%#span34] inv'5 self) + -> ([%#span35] produces'1 self (empty'1 : Seq'0.t_seq uint32) self) - predicate invariant'7 (self : borrowed (MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0)) + predicate invariant'6 (self : borrowed (MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0)) = [%#span4] true - predicate inv'7 (_x : borrowed (MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0)) + predicate inv'6 (_x : borrowed (MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0)) - axiom inv'7 : forall x : borrowed (MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0) . inv'7 x + axiom inv'6 : forall x : borrowed (MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0) . inv'6 x = (inv'5 ( * x) /\ inv'5 ( ^ x)) - predicate invariant'6 (self : Seq'0.t_seq uint32) = - [%#span4] true - - axiom inv'6 : forall x : Seq'0.t_seq uint32 . inv'6 x = true - - use seq.Seq - predicate inv'3 (_x : uint32) function singleton'0 (v : uint32) : Seq'0.t_seq uint32 - axiom singleton'0_spec : forall v : uint32 . ([%#span49] inv'3 v) - -> ([%#span52] inv'9 (singleton'0 v)) - && ([%#span51] index_logic'2 (singleton'0 v) 0 = v) && ([%#span50] len'1 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : uint32 . ([%#span36] inv'3 v) + -> ([%#span38] index_logic'2 (singleton'0 v) 0 = v) && ([%#span37] len'1 (singleton'0 v) = 1) predicate inv'2 (_x : Iter'0.t_iter uint32) predicate next_precondition'0 (iter : Iter'0.t_iter uint32) (func : Closure'0.c03stditerators_counter_closure0) (produced : Seq'0.t_seq uint32) = - [%#span53] forall i : Iter'0.t_iter uint32 . forall e : uint32 . inv'2 i + [%#span39] forall i : Iter'0.t_iter uint32 . forall e : uint32 . inv'2 i -> inv'3 e -> produces'0 iter (singleton'0 e) i -> precondition'0 func (e, new'0 produced) function push'0 [@inline:trivial] (self : Seq'0.t_seq uint32) (v : uint32) : Seq'0.t_seq uint32 = - [%#span54] concat'0 self (singleton'0 v) + [%#span40] concat'0 self (singleton'0 v) predicate preservation'0 (iter : Iter'0.t_iter uint32) (func : Closure'0.c03stditerators_counter_closure0) = - [%#span55] forall i : Iter'0.t_iter uint32 . forall b : uint32 . forall f : borrowed Closure'0.c03stditerators_counter_closure0 . forall e2 : uint32 . forall e1 : uint32 . forall s : Seq'0.t_seq uint32 . inv'2 i - -> inv'11 b - -> inv'12 f + [%#span41] forall i : Iter'0.t_iter uint32 . forall b : uint32 . forall f : borrowed Closure'0.c03stditerators_counter_closure0 . forall e2 : uint32 . forall e1 : uint32 . forall s : Seq'0.t_seq uint32 . inv'2 i + -> inv'10 b + -> inv'11 f -> inv'3 e2 -> inv'3 e1 - -> inv'9 s -> unnest'0 func ( * f) -> produces'0 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 s) -> postcondition_mut'0 f (e1, new'0 s) b -> precondition'0 ( ^ f) (e2, new'0 (push'0 s e1)) - constant empty'0 : Seq'0.t_seq uint32 = [%#span7] () + constant empty'0 : Seq'0.t_seq uint32 predicate inv'4 (_x : Closure'0.c03stditerators_counter_closure0) predicate preservation_inv'0 (iter : Iter'0.t_iter uint32) (func : Closure'0.c03stditerators_counter_closure0) (produced : Seq'0.t_seq uint32) - axiom preservation_inv'0_spec : forall iter : Iter'0.t_iter uint32, func : Closure'0.c03stditerators_counter_closure0, produced : Seq'0.t_seq uint32 . ([%#span56] inv'2 iter) - -> ([%#span57] inv'4 func) - -> ([%#span58] inv'9 produced) - -> ([%#span59] produced = (empty'0 : Seq'0.t_seq uint32) + axiom preservation_inv'0_spec : forall iter : Iter'0.t_iter uint32, func : Closure'0.c03stditerators_counter_closure0, produced : Seq'0.t_seq uint32 . ([%#span42] inv'2 iter) + -> ([%#span43] inv'4 func) + -> ([%#span44] produced = (empty'0 : Seq'0.t_seq uint32) -> preservation_inv'0 iter func produced = preservation'0 iter func) function shallow_model'5 (self : borrowed (Iter'0.t_iter uint32)) : slice uint32 = - [%#span60] shallow_model'3 ( * self) + [%#span45] shallow_model'3 ( * self) predicate resolve'5 (self : borrowed (Iter'0.t_iter uint32)) = - [%#span61] ^ self = * self + [%#span46] ^ self = * self predicate completed'1 (self : borrowed (Iter'0.t_iter uint32)) = - [%#span62] resolve'5 self /\ shallow_model'4 (shallow_model'5 self) = (empty'1 : Seq'0.t_seq uint32) + [%#span47] resolve'5 self /\ shallow_model'4 (shallow_model'5 self) = (empty'1 : Seq'0.t_seq uint32) predicate reinitialize'0 (_1 : ()) = - [%#span63] forall func : Closure'0.c03stditerators_counter_closure0 . forall iter : borrowed (Iter'0.t_iter uint32) . inv'4 func - -> inv'10 iter + [%#span48] forall func : Closure'0.c03stditerators_counter_closure0 . forall iter : borrowed (Iter'0.t_iter uint32) . inv'4 func + -> inv'9 iter -> completed'1 iter -> next_precondition'0 ( ^ iter) func (empty'0 : Seq'0.t_seq uint32) /\ preservation'0 ( ^ iter) func @@ -2788,21 +2470,19 @@ module C03StdIterators_Counter function produces_trans'1 (a : Iter'0.t_iter uint32) (ab : Seq'0.t_seq uint32) (b : Iter'0.t_iter uint32) (bc : Seq'0.t_seq uint32) (c : Iter'0.t_iter uint32) : () = - [%#span69] () + [%#span52] () - axiom produces_trans'1_spec : forall a : Iter'0.t_iter uint32, ab : Seq'0.t_seq uint32, b : Iter'0.t_iter uint32, bc : Seq'0.t_seq uint32, c : Iter'0.t_iter uint32 . ([%#span64] produces'0 a ab b) - -> ([%#span65] produces'0 b bc c) - -> ([%#span66] inv'9 ab) -> ([%#span67] inv'9 bc) -> ([%#span68] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'1_spec : forall a : Iter'0.t_iter uint32, ab : Seq'0.t_seq uint32, b : Iter'0.t_iter uint32, bc : Seq'0.t_seq uint32, c : Iter'0.t_iter uint32 . ([%#span49] produces'0 a ab b) + -> ([%#span50] produces'0 b bc c) -> ([%#span51] produces'0 a (concat'0 ab bc) c) function produces_refl'1 (self : Iter'0.t_iter uint32) : () = - [%#span71] () + [%#span54] () - axiom produces_refl'1_spec : forall self : Iter'0.t_iter uint32 . [%#span70] produces'0 self (empty'0 : Seq'0.t_seq uint32) self + axiom produces_refl'1_spec : forall self : Iter'0.t_iter uint32 . [%#span53] produces'0 self (empty'0 : Seq'0.t_seq uint32) self - function empty_len'1 (_1 : ()) : () = - [%#span9] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span8] len'1 (empty'0 : Seq'0.t_seq uint32) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span6] len'1 (empty'0 : Seq'0.t_seq uint32) = 0 predicate invariant'3 (self : uint32) = [%#span4] true @@ -2826,106 +2506,98 @@ module C03StdIterators_Counter axiom inv'0 : forall x : Vec'0.t_vec uint32 (Global'0.t_global) . inv'0 x = true - function empty_len'0 (_1 : ()) : () = - [%#span9] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span8] len'0 (empty'1 : Seq'0.t_seq uint32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span6] len'0 (empty'1 : Seq'0.t_seq uint32) = 0 function produces_trans'0 (a : Iter'0.t_iter uint32) (ab : Seq'0.t_seq uint32) (b : Iter'0.t_iter uint32) (bc : Seq'0.t_seq uint32) (c : Iter'0.t_iter uint32) : () - axiom produces_trans'0_spec : forall a : Iter'0.t_iter uint32, ab : Seq'0.t_seq uint32, b : Iter'0.t_iter uint32, bc : Seq'0.t_seq uint32, c : Iter'0.t_iter uint32 . ([%#span72] produces'0 a ab b) - -> ([%#span73] produces'0 b bc c) - -> ([%#span74] inv'2 a) - -> ([%#span75] inv'9 ab) - -> ([%#span76] inv'2 b) - -> ([%#span77] inv'9 bc) -> ([%#span78] inv'2 c) -> ([%#span79] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : Iter'0.t_iter uint32, ab : Seq'0.t_seq uint32, b : Iter'0.t_iter uint32, bc : Seq'0.t_seq uint32, c : Iter'0.t_iter uint32 . ([%#span55] produces'0 a ab b) + -> ([%#span56] produces'0 b bc c) + -> ([%#span57] inv'2 a) + -> ([%#span58] inv'2 b) -> ([%#span59] inv'2 c) -> ([%#span60] produces'0 a (concat'0 ab bc) c) function produces_refl'0 (self : Iter'0.t_iter uint32) : () - axiom produces_refl'0_spec : forall self : Iter'0.t_iter uint32 . ([%#span80] inv'2 self) - -> ([%#span81] produces'0 self (empty'0 : Seq'0.t_seq uint32) self) + axiom produces_refl'0_spec : forall self : Iter'0.t_iter uint32 . ([%#span61] inv'2 self) + -> ([%#span62] produces'0 self (empty'0 : Seq'0.t_seq uint32) self) use prelude.prelude.Intrinsic - use seq.Seq - predicate ext_eq'0 (self : Seq'0.t_seq uint32) (oth : Seq'0.t_seq uint32) - axiom ext_eq'0_spec : forall self : Seq'0.t_seq uint32, oth : Seq'0.t_seq uint32 . ([%#span82] inv'6 self) - -> ([%#span83] inv'6 oth) - -> ([%#span85] len'0 self = len'0 oth + axiom ext_eq'0_spec : forall self : Seq'0.t_seq uint32, oth : Seq'0.t_seq uint32 . ([%#span64] len'0 self = len'0 oth /\ (forall i : int . 0 <= i /\ i < len'0 self -> index_logic'1 self i = index_logic'1 oth i) -> ext_eq'0 self oth) - && ([%#span84] ext_eq'0 self oth -> self = oth) + && ([%#span63] ext_eq'0 self oth -> self = oth) predicate resolve'2 (self : uint32) = - [%#span86] true + [%#span65] true function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec uint32 (Global'0.t_global)) (ix : int) : uint32 = - [%#span87] index_logic'1 (shallow_model'0 self) ix + [%#span66] index_logic'1 (shallow_model'0 self) ix predicate resolve'0 (self : Vec'0.t_vec uint32 (Global'0.t_global)) = - [%#span88] forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 self) -> resolve'2 (index_logic'0 self i) + [%#span67] forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 self) -> resolve'2 (index_logic'0 self i) predicate from_iter_post'0 (prod : Seq'0.t_seq uint32) (res : Vec'0.t_vec uint32 (Global'0.t_global)) = - [%#span89] prod = shallow_model'0 res + [%#span68] prod = shallow_model'0 res predicate completed'0 (self : borrowed (MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0)) = - [%#span90] deref'1 (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced ( ^ self)) + [%#span69] deref'1 (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced ( ^ self)) = (empty'0 : Seq'0.t_seq uint32) /\ completed'1 (Borrow.borrow_logic (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter ( * self)) (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) /\ CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func ( * self) = CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func ( ^ self) predicate resolve'6 (self : borrowed usize) = - [%#span61] ^ self = * self + [%#span46] ^ self = * self predicate resolve'4 [#"../03_std_iterators.rs" 48 12 48 91] (_1 : Closure'0.c03stditerators_counter_closure0) = resolve'6 (field_0'0 _1) predicate resolve'3 (self : Iter'0.t_iter uint32) = - [%#span86] true + [%#span65] true predicate resolve'1 (self : MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0) = - [%#span91] resolve'3 (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter self) + [%#span70] resolve'3 (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter self) /\ resolve'4 (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func self) - let rec collect'0 (self:MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0) (return' (ret:Vec'0.t_vec uint32 (Global'0.t_global)))= {[@expl:precondition] [%#span92] inv'5 self} + let rec collect'0 (self:MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0) (return' (ret:Vec'0.t_vec uint32 (Global'0.t_global)))= {[@expl:precondition] [%#span71] inv'5 self} any - [ return' (result:Vec'0.t_vec uint32 (Global'0.t_global))-> {[%#span94] inv'8 result} - {[%#span93] exists prod : Seq'0.t_seq uint32 . exists done' : borrowed (MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0) . inv'6 prod - /\ inv'7 done' + [ return' (result:Vec'0.t_vec uint32 (Global'0.t_global))-> {[%#span73] inv'7 result} + {[%#span72] exists prod : Seq'0.t_seq uint32 . exists done' : borrowed (MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0) . inv'6 done' /\ resolve'1 ( ^ done') /\ completed'0 done' /\ produces'1 self prod ( * done') /\ from_iter_post'0 prod result} (! return' {result}) ] - let rec map_inv'0 (self:Iter'0.t_iter uint32) (func:Closure'0.c03stditerators_counter_closure0) (return' (ret:MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0))= {[@expl:precondition] [%#span99] inv'4 func} - {[@expl:precondition] [%#span98] inv'2 self} - {[@expl:precondition] [%#span97] preservation'0 self func} - {[@expl:precondition] [%#span96] reinitialize'0 ()} - {[@expl:precondition] [%#span95] forall i2 : Iter'0.t_iter uint32 . forall e : uint32 . inv'2 i2 + let rec map_inv'0 (self:Iter'0.t_iter uint32) (func:Closure'0.c03stditerators_counter_closure0) (return' (ret:MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0))= {[@expl:precondition] [%#span78] inv'4 func} + {[@expl:precondition] [%#span77] inv'2 self} + {[@expl:precondition] [%#span76] preservation'0 self func} + {[@expl:precondition] [%#span75] reinitialize'0 ()} + {[@expl:precondition] [%#span74] forall i2 : Iter'0.t_iter uint32 . forall e : uint32 . inv'2 i2 -> inv'3 e -> produces'0 self (singleton'0 e) i2 -> precondition'0 func (e, new'0 (empty'0 : Seq'0.t_seq uint32))} any - [ return' (result:MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0)-> {[%#span101] inv'5 result} - {[%#span100] result = MapInv'0.C_MapInv self func (new'0 (empty'0 : Seq'0.t_seq uint32))} + [ return' (result:MapInv'0.t_mapinv (Iter'0.t_iter uint32) uint32 Closure'0.c03stditerators_counter_closure0)-> {[%#span80] inv'5 result} + {[%#span79] result = MapInv'0.C_MapInv self func (new'0 (empty'0 : Seq'0.t_seq uint32))} (! return' {result}) ] - let rec iter'0 (self:slice uint32) (return' (ret:Iter'0.t_iter uint32))= {[@expl:precondition] [%#span102] inv'1 self} - any [ return' (result:Iter'0.t_iter uint32)-> {[%#span103] shallow_model'3 result = self} (! return' {result}) ] + let rec iter'0 (self:slice uint32) (return' (ret:Iter'0.t_iter uint32))= {[@expl:precondition] [%#span81] inv'1 self} + any [ return' (result:Iter'0.t_iter uint32)-> {[%#span82] shallow_model'3 result = self} (! return' {result}) ] function shallow_model'2 (self : Vec'0.t_vec uint32 (Global'0.t_global)) : Seq'0.t_seq uint32 = - [%#span32] shallow_model'0 self + [%#span22] shallow_model'0 self - let rec deref'0 (self:Vec'0.t_vec uint32 (Global'0.t_global)) (return' (ret:slice uint32))= {[@expl:precondition] [%#span104] inv'0 self} + let rec deref'0 (self:Vec'0.t_vec uint32 (Global'0.t_global)) (return' (ret:slice uint32))= {[@expl:precondition] [%#span83] inv'0 self} any - [ return' (result:slice uint32)-> {[%#span106] inv'1 result} - {[%#span105] shallow_model'1 result = shallow_model'2 self} + [ return' (result:slice uint32)-> {[%#span85] inv'1 result} + {[%#span84] shallow_model'1 result = shallow_model'2 self} (! return' {result}) ] @@ -3020,82 +2692,64 @@ module C03StdIterators_SumRange let%span span10 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span14 = "../../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span15 = "../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span16 = "../../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span17 = "../../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 - let%span span18 = "../../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 + let%span span18 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 - let%span span19 = "../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 + let%span span19 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 - let%span span20 = "../../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span span20 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 - let%span span21 = "../../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span span21 = "../../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 - let%span span22 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 + let%span span22 = "../../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 - let%span span23 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 31 40 33 + let%span span23 = "../../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 - let%span span24 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 + let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span25 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 61 40 63 + let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span26 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 + let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span27 = "../../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span28 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span29 = "../../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 + let%span span29 = "../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 - let%span span30 = "../../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span span30 = "" 0 0 0 0 - let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span31 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - let%span span32 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span32 = "" 0 0 0 0 - let%span span33 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span33 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span34 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span34 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span35 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span35 = "../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - let%span span36 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span36 = "../../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - let%span span37 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span37 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - let%span span38 = "../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span span38 = "" 0 0 0 0 let%span span39 = "" 0 0 0 0 - let%span span40 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - - let%span span41 = "" 0 0 0 0 - - let%span span42 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - - let%span span43 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - - let%span span44 = "../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - - let%span span45 = "../../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - - let%span span46 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - - let%span span47 = "" 0 0 0 0 - - let%span span48 = "" 0 0 0 0 - use prelude.prelude.IntSize predicate invariant'4 (self : isize) = @@ -3134,31 +2788,21 @@ module C03StdIterators_SumRange axiom inv'1 : forall x : Seq'0.t_seq isize . inv'1 x = true - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - use seq.Seq - use prelude.prelude.Int - function index_logic'0 (self : Seq'0.t_seq isize) (x : int) : isize - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq isize) (_2 : int) : isize function len'0 (self : Seq'0.t_seq isize) : int - axiom len'0_spec : forall self : Seq'0.t_seq isize . ([%#span11] inv'1 self) -> ([%#span12] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq isize . [%#span11] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq isize) (other : Seq'0.t_seq isize) : Seq'0.t_seq isize - axiom concat'0_spec : forall self : Seq'0.t_seq isize, other : Seq'0.t_seq isize . ([%#span13] inv'1 self) - -> ([%#span14] inv'1 other) - -> ([%#span17] inv'1 (concat'0 self other)) - && ([%#span16] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq isize, other : Seq'0.t_seq isize . ([%#span13] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span15] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span12] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate inv'0 (_x : Range'0.t_range isize) @@ -3167,12 +2811,12 @@ module C03StdIterators_SumRange use prelude.prelude.IntSize function deep_model'0 (self : isize) : int = - [%#span18] IntSize.to_int self + [%#span14] IntSize.to_int self use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type predicate produces'0 (self : Range'0.t_range isize) (visited : Seq'0.t_seq isize) (o : Range'0.t_range isize) = - [%#span19] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o + [%#span15] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start self) <= deep_model'0 (Core_Ops_Range_Range_Type.range_start o) /\ (len'0 visited > 0 @@ -3185,54 +2829,48 @@ module C03StdIterators_SumRange function produces_trans'0 (a : Range'0.t_range isize) (ab : Seq'0.t_seq isize) (b : Range'0.t_range isize) (bc : Seq'0.t_seq isize) (c : Range'0.t_range isize) : () - axiom produces_trans'0_spec : forall a : Range'0.t_range isize, ab : Seq'0.t_seq isize, b : Range'0.t_range isize, bc : Seq'0.t_seq isize, c : Range'0.t_range isize . ([%#span20] produces'0 a ab b) - -> ([%#span21] produces'0 b bc c) - -> ([%#span22] inv'0 a) - -> ([%#span23] inv'1 ab) - -> ([%#span24] inv'0 b) - -> ([%#span25] inv'1 bc) -> ([%#span26] inv'0 c) -> ([%#span27] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : Range'0.t_range isize, ab : Seq'0.t_seq isize, b : Range'0.t_range isize, bc : Seq'0.t_seq isize, c : Range'0.t_range isize . ([%#span16] produces'0 a ab b) + -> ([%#span17] produces'0 b bc c) + -> ([%#span18] inv'0 a) + -> ([%#span19] inv'0 b) -> ([%#span20] inv'0 c) -> ([%#span21] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq isize = [%#span28] () + constant empty'0 : Seq'0.t_seq isize function produces_refl'0 (self : Range'0.t_range isize) : () - axiom produces_refl'0_spec : forall self : Range'0.t_range isize . ([%#span29] inv'0 self) - -> ([%#span30] produces'0 self (empty'0 : Seq'0.t_seq isize) self) + axiom produces_refl'0_spec : forall self : Range'0.t_range isize . ([%#span22] inv'0 self) + -> ([%#span23] produces'0 self (empty'0 : Seq'0.t_seq isize) self) predicate invariant'0 (self : Range'0.t_range isize) = [%#span10] true axiom inv'0 : forall x : Range'0.t_range isize . inv'0 x = true - function empty_len'0 (_1 : ()) : () = - [%#span32] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span31] len'0 (empty'0 : Seq'0.t_seq isize) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span24] len'0 (empty'0 : Seq'0.t_seq isize) = 0 use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic - use seq.Seq - function singleton'0 (v : isize) : Seq'0.t_seq isize - axiom singleton'0_spec : forall v : isize . ([%#span33] inv'4 v) - -> ([%#span36] inv'1 (singleton'0 v)) - && ([%#span35] index_logic'0 (singleton'0 v) 0 = v) && ([%#span34] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : isize . ([%#span25] inv'4 v) + -> ([%#span27] index_logic'0 (singleton'0 v) 0 = v) && ([%#span26] len'0 (singleton'0 v) = 1) predicate resolve'0 (self : borrowed (Range'0.t_range isize)) = - [%#span37] ^ self = * self + [%#span28] ^ self = * self predicate completed'0 (self : borrowed (Range'0.t_range isize)) = - [%#span38] resolve'0 self + [%#span29] resolve'0 self /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start ( * self)) >= deep_model'0 (Core_Ops_Range_Range_Type.range_end ( * self)) - let rec next'0 (self:borrowed (Range'0.t_range isize)) (return' (ret:Option'0.t_option isize))= {[@expl:precondition] [%#span39] inv'2 self} + let rec next'0 (self:borrowed (Range'0.t_range isize)) (return' (ret:Option'0.t_option isize))= {[@expl:precondition] [%#span30] inv'2 self} any - [ return' (result:Option'0.t_option isize)-> {[%#span41] inv'3 result} - {[%#span40] match result with + [ return' (result:Option'0.t_option isize)-> {[%#span32] inv'3 result} + {[%#span31] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} @@ -3249,23 +2887,23 @@ module C03StdIterators_SumRange function new'1 (x : Seq'0.t_seq isize) : Snapshot'0.t_snapshot (Seq'0.t_seq isize) - axiom new'1_spec : forall x : Seq'0.t_seq isize . ([%#span42] inv'1 x) -> ([%#span43] deref'0 (new'1 x) = x) + axiom new'1_spec : forall x : Seq'0.t_seq isize . ([%#span33] inv'1 x) -> ([%#span34] deref'0 (new'1 x) = x) function new'0 (x : Range'0.t_range isize) : Snapshot'0.t_snapshot (Range'0.t_range isize) - axiom new'0_spec : forall x : Range'0.t_range isize . ([%#span42] inv'0 x) -> ([%#span43] deref'1 (new'0 x) = x) + axiom new'0_spec : forall x : Range'0.t_range isize . ([%#span33] inv'0 x) -> ([%#span34] deref'1 (new'0 x) = x) predicate into_iter_post'0 (self : Range'0.t_range isize) (res : Range'0.t_range isize) = - [%#span44] self = res + [%#span35] self = res predicate into_iter_pre'0 (self : Range'0.t_range isize) = - [%#span45] true + [%#span36] true - let rec into_iter'0 (self:Range'0.t_range isize) (return' (ret:Range'0.t_range isize))= {[@expl:precondition] [%#span47] inv'0 self} - {[@expl:precondition] [%#span46] into_iter_pre'0 self} + let rec into_iter'0 (self:Range'0.t_range isize) (return' (ret:Range'0.t_range isize))= {[@expl:precondition] [%#span38] inv'0 self} + {[@expl:precondition] [%#span37] into_iter_pre'0 self} any - [ return' (result:Range'0.t_range isize)-> {[%#span48] inv'0 result} - {[%#span46] into_iter_post'0 self result} + [ return' (result:Range'0.t_range isize)-> {[%#span39] inv'0 result} + {[%#span37] into_iter_post'0 self result} (! return' {result}) ] @@ -3364,119 +3002,97 @@ module C03StdIterators_EnumerateRange let%span span6 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span11 = "../../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span12 = "../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span13 = "../../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span14 = "../../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span15 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span16 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 - let%span span17 = "../../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 + let%span span17 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 - let%span span18 = "../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 + let%span span18 = "../../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 - let%span span19 = "../../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span span19 = "../../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 - let%span span20 = "../../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span span20 = "../../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 - let%span span21 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 + let%span span21 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 62 8 67 9 - let%span span22 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 31 40 33 + let%span span22 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 77 15 77 32 - let%span span23 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 + let%span span23 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 78 15 78 32 - let%span span24 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 61 40 63 + let%span span24 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 80 22 80 23 - let%span span25 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 + let%span span25 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 80 52 80 53 - let%span span26 = "../../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span span26 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 80 82 80 83 - let%span span27 = "../../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 + let%span span27 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 79 14 79 42 - let%span span28 = "../../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span span28 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 73 21 73 25 - let%span span29 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 62 8 67 9 + let%span span29 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 72 14 72 45 - let%span span30 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 77 15 77 32 + let%span span30 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span31 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 78 15 78 32 + let%span span31 = "../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 - let%span span32 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 80 22 80 23 + let%span span32 = "" 0 0 0 0 - let%span span33 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 80 31 80 33 + let%span span33 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 - let%span span34 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 80 52 80 53 + let%span span34 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 33 12 33 33 - let%span span35 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 80 61 80 63 + let%span span35 = "../../../../../creusot-contracts/src/resolve.rs" 17 8 17 60 - let%span span36 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 80 82 80 83 + let%span span36 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span37 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 79 14 79 42 + let%span span37 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span38 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 73 21 73 25 + let%span span38 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span39 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 72 14 72 45 + let%span span39 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 56 8 56 115 - let%span span40 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span40 = "" 0 0 0 0 - let%span span41 = "../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span span41 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 let%span span42 = "" 0 0 0 0 - let%span span43 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 + let%span span43 = "../../../../../creusot-contracts/src/logic/ops.rs" 87 8 87 33 - let%span span44 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 33 12 33 33 + let%span span44 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span45 = "../../../../../creusot-contracts/src/resolve.rs" 17 8 17 60 + let%span span45 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span46 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span46 = "../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - let%span span47 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span47 = "../../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - let%span span48 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span48 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - let%span span49 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span49 = "" 0 0 0 0 - let%span span50 = "../../../../../creusot-contracts/src/std/iter/enumerate.rs" 56 8 56 115 + let%span span50 = "" 0 0 0 0 let%span span51 = "" 0 0 0 0 - let%span span52 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - - let%span span53 = "" 0 0 0 0 - - let%span span54 = "../../../../../creusot-contracts/src/logic/ops.rs" 87 8 87 33 - - let%span span55 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - - let%span span56 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - - let%span span57 = "../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - - let%span span58 = "../../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - - let%span span59 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - - let%span span60 = "" 0 0 0 0 - - let%span span61 = "" 0 0 0 0 - - let%span span62 = "" 0 0 0 0 - - let%span span63 = "" 0 0 0 0 + let%span span52 = "" 0 0 0 0 use prelude.prelude.UIntSize @@ -3484,65 +3100,52 @@ module C03StdIterators_EnumerateRange use prelude.prelude.Borrow - predicate invariant'7 (self : borrowed (Range'0.t_range usize)) = + predicate invariant'6 (self : borrowed (Range'0.t_range usize)) = [%#span6] true - predicate inv'7 (_x : borrowed (Range'0.t_range usize)) + predicate inv'6 (_x : borrowed (Range'0.t_range usize)) - axiom inv'7 : forall x : borrowed (Range'0.t_range usize) . inv'7 x = true + axiom inv'6 : forall x : borrowed (Range'0.t_range usize) . inv'6 x = true - predicate invariant'6 (self : (usize, usize)) = + predicate invariant'5 (self : (usize, usize)) = [%#span6] true - predicate inv'6 (_x : (usize, usize)) + predicate inv'5 (_x : (usize, usize)) - axiom inv'6 : forall x : (usize, usize) . inv'6 x = true + axiom inv'5 : forall x : (usize, usize) . inv'5 x = true use Core_Option_Option_Type as Option'0 - predicate invariant'5 (self : Option'0.t_option (usize, usize)) = + predicate invariant'4 (self : Option'0.t_option (usize, usize)) = [%#span6] true - predicate inv'5 (_x : Option'0.t_option (usize, usize)) + predicate inv'4 (_x : Option'0.t_option (usize, usize)) - axiom inv'5 : forall x : Option'0.t_option (usize, usize) . inv'5 x = true + axiom inv'4 : forall x : Option'0.t_option (usize, usize) . inv'4 x = true use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'4 (_x : Seq'0.t_seq usize) - function len'1 (self : Seq'0.t_seq usize) : int - axiom len'1_spec : forall self : Seq'0.t_seq usize . ([%#span7] inv'4 self) -> ([%#span8] len'1 self >= 0) - - constant empty'1 : Seq'0.t_seq usize = [%#span9] () + axiom len'1_spec : forall self : Seq'0.t_seq usize . [%#span7] len'1 self >= 0 - function empty_len'1 (_1 : ()) : () = - [%#span11] () + constant empty'1 : Seq'0.t_seq usize - axiom empty_len'1_spec : forall _1 : () . [%#span10] len'1 (empty'1 : Seq'0.t_seq usize) = 0 + function empty_len'1 (_1 : ()) : () - use seq.Seq + axiom empty_len'1_spec : forall _1 : () . [%#span8] len'1 (empty'1 : Seq'0.t_seq usize) = 0 - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'2 (self : Seq'0.t_seq usize) (_2 : int) : usize function concat'1 (self : Seq'0.t_seq usize) (other : Seq'0.t_seq usize) : Seq'0.t_seq usize - axiom concat'1_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span12] inv'4 self) - -> ([%#span13] inv'4 other) - -> ([%#span16] inv'4 (concat'1 self other)) - && ([%#span15] forall i : int . 0 <= i /\ i < len'1 (concat'1 self other) + axiom concat'1_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span10] forall i : int . 0 <= i + /\ i < len'1 (concat'1 self other) -> index_logic'2 (concat'1 self other) i = (if i < len'1 self then index_logic'2 self i else index_logic'2 other (i - len'1 self))) - && ([%#span14] len'1 (concat'1 self other) = len'1 self + len'1 other) + && ([%#span9] len'1 (concat'1 self other) = len'1 self + len'1 other) predicate inv'2 (_x : Range'0.t_range usize) @@ -3551,12 +3154,12 @@ module C03StdIterators_EnumerateRange use prelude.prelude.UIntSize function deep_model'0 (self : usize) : int = - [%#span17] UIntSize.to_int self + [%#span11] UIntSize.to_int self use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type predicate produces'1 (self : Range'0.t_range usize) (visited : Seq'0.t_seq usize) (o : Range'0.t_range usize) = - [%#span18] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o + [%#span12] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start self) <= deep_model'0 (Core_Ops_Range_Range_Type.range_start o) /\ (len'1 visited > 0 @@ -3569,22 +3172,15 @@ module C03StdIterators_EnumerateRange function produces_trans'1 (a : Range'0.t_range usize) (ab : Seq'0.t_seq usize) (b : Range'0.t_range usize) (bc : Seq'0.t_seq usize) (c : Range'0.t_range usize) : () - axiom produces_trans'1_spec : forall a : Range'0.t_range usize, ab : Seq'0.t_seq usize, b : Range'0.t_range usize, bc : Seq'0.t_seq usize, c : Range'0.t_range usize . ([%#span19] produces'1 a ab b) - -> ([%#span20] produces'1 b bc c) - -> ([%#span21] inv'2 a) - -> ([%#span22] inv'4 ab) - -> ([%#span23] inv'2 b) - -> ([%#span24] inv'4 bc) -> ([%#span25] inv'2 c) -> ([%#span26] produces'1 a (concat'1 ab bc) c) + axiom produces_trans'1_spec : forall a : Range'0.t_range usize, ab : Seq'0.t_seq usize, b : Range'0.t_range usize, bc : Seq'0.t_seq usize, c : Range'0.t_range usize . ([%#span13] produces'1 a ab b) + -> ([%#span14] produces'1 b bc c) + -> ([%#span15] inv'2 a) + -> ([%#span16] inv'2 b) -> ([%#span17] inv'2 c) -> ([%#span18] produces'1 a (concat'1 ab bc) c) function produces_refl'1 (self : Range'0.t_range usize) : () - axiom produces_refl'1_spec : forall self : Range'0.t_range usize . ([%#span27] inv'2 self) - -> ([%#span28] produces'1 self (empty'1 : Seq'0.t_seq usize) self) - - predicate invariant'4 (self : Seq'0.t_seq usize) = - [%#span6] true - - axiom inv'4 : forall x : Seq'0.t_seq usize . inv'4 x = true + axiom produces_refl'1_spec : forall self : Range'0.t_range usize . ([%#span19] inv'2 self) + -> ([%#span20] produces'1 self (empty'1 : Seq'0.t_seq usize) self) predicate invariant'3 (self : Seq'0.t_seq (usize, usize)) = [%#span6] true @@ -3610,28 +3206,21 @@ module C03StdIterators_EnumerateRange axiom inv'1 : forall x : borrowed (Enumerate'0.t_enumerate (Range'0.t_range usize)) . inv'1 x = (inv'0 ( * x) /\ inv'0 ( ^ x)) - use seq.Seq - - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq (usize, usize)) (x : int) : (usize, usize) - - use seq.Seq + function index_logic'1 (self : Seq'0.t_seq (usize, usize)) (_2 : int) : (usize, usize) function len'0 (self : Seq'0.t_seq (usize, usize)) : int - axiom len'0_spec : forall self : Seq'0.t_seq (usize, usize) . ([%#span7] inv'3 self) -> ([%#span8] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (usize, usize) . [%#span7] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq (usize, usize)) (other : Seq'0.t_seq (usize, usize)) : Seq'0.t_seq (usize, usize) - axiom concat'0_spec : forall self : Seq'0.t_seq (usize, usize), other : Seq'0.t_seq (usize, usize) . ([%#span12] inv'3 self) - -> ([%#span13] inv'3 other) - -> ([%#span16] inv'3 (concat'0 self other)) - && ([%#span15] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq (usize, usize), other : Seq'0.t_seq (usize, usize) . ([%#span10] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'0 self then index_logic'1 self i else index_logic'1 other (i - len'0 self))) - && ([%#span14] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span9] len'0 (concat'0 self other) = len'0 self + len'0 other) function iter'0 (self : Enumerate'0.t_enumerate (Range'0.t_range usize)) : Range'0.t_range usize @@ -3640,9 +3229,8 @@ module C03StdIterators_EnumerateRange predicate produces'0 (self : Enumerate'0.t_enumerate (Range'0.t_range usize)) (visited : Seq'0.t_seq (usize, usize)) (o : Enumerate'0.t_enumerate (Range'0.t_range usize)) = - [%#span29] len'0 visited = n'0 o - n'0 self - /\ (exists s : Seq'0.t_seq usize . inv'4 s - /\ produces'1 (iter'0 self) s (iter'0 o) + [%#span21] len'0 visited = n'0 o - n'0 self + /\ (exists s : Seq'0.t_seq usize . produces'1 (iter'0 self) s (iter'0 o) /\ len'0 visited = len'1 s /\ (forall i : int . 0 <= i /\ i < len'1 s -> UIntSize.to_int (let (a, _) = index_logic'1 visited i in a) = n'0 self + i @@ -3651,29 +3239,27 @@ module C03StdIterators_EnumerateRange function produces_trans'0 (a : Enumerate'0.t_enumerate (Range'0.t_range usize)) (ab : Seq'0.t_seq (usize, usize)) (b : Enumerate'0.t_enumerate (Range'0.t_range usize)) (bc : Seq'0.t_seq (usize, usize)) (c : Enumerate'0.t_enumerate (Range'0.t_range usize)) : () - axiom produces_trans'0_spec : forall a : Enumerate'0.t_enumerate (Range'0.t_range usize), ab : Seq'0.t_seq (usize, usize), b : Enumerate'0.t_enumerate (Range'0.t_range usize), bc : Seq'0.t_seq (usize, usize), c : Enumerate'0.t_enumerate (Range'0.t_range usize) . ([%#span30] produces'0 a ab b) - -> ([%#span31] produces'0 b bc c) - -> ([%#span32] inv'0 a) - -> ([%#span33] inv'3 ab) - -> ([%#span34] inv'0 b) - -> ([%#span35] inv'3 bc) -> ([%#span36] inv'0 c) -> ([%#span37] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : Enumerate'0.t_enumerate (Range'0.t_range usize), ab : Seq'0.t_seq (usize, usize), b : Enumerate'0.t_enumerate (Range'0.t_range usize), bc : Seq'0.t_seq (usize, usize), c : Enumerate'0.t_enumerate (Range'0.t_range usize) . ([%#span22] produces'0 a ab b) + -> ([%#span23] produces'0 b bc c) + -> ([%#span24] inv'0 a) + -> ([%#span25] inv'0 b) -> ([%#span26] inv'0 c) -> ([%#span27] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq (usize, usize) = [%#span9] () + constant empty'0 : Seq'0.t_seq (usize, usize) function produces_refl'0 (self : Enumerate'0.t_enumerate (Range'0.t_range usize)) : () - axiom produces_refl'0_spec : forall self : Enumerate'0.t_enumerate (Range'0.t_range usize) . ([%#span38] inv'0 self) - -> ([%#span39] produces'0 self (empty'0 : Seq'0.t_seq (usize, usize)) self) + axiom produces_refl'0_spec : forall self : Enumerate'0.t_enumerate (Range'0.t_range usize) . ([%#span28] inv'0 self) + -> ([%#span29] produces'0 self (empty'0 : Seq'0.t_seq (usize, usize)) self) predicate resolve'5 (self : borrowed (Range'0.t_range usize)) = - [%#span40] ^ self = * self + [%#span30] ^ self = * self predicate completed'1 (self : borrowed (Range'0.t_range usize)) = - [%#span41] resolve'5 self + [%#span31] resolve'5 self /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start ( * self)) >= deep_model'0 (Core_Ops_Range_Range_Type.range_end ( * self)) - constant max'0 : usize = [%#span42] (18446744073709551615 : usize) + constant max'0 : usize = [%#span32] (18446744073709551615 : usize) predicate invariant'0 (self : Enumerate'0.t_enumerate (Range'0.t_range usize)) @@ -3683,46 +3269,42 @@ module C03StdIterators_EnumerateRange | Enumerate'0.C_Enumerate iter count -> true end) - function empty_len'0 (_1 : ()) : () = - [%#span11] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span10] len'0 (empty'0 : Seq'0.t_seq (usize, usize)) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span8] len'0 (empty'0 : Seq'0.t_seq (usize, usize)) = 0 use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic predicate resolve'4 (self : Range'0.t_range usize) = - [%#span43] true + [%#span33] true predicate resolve'2 (self : Enumerate'0.t_enumerate (Range'0.t_range usize)) = - [%#span44] resolve'4 (iter'0 self) + [%#span34] resolve'4 (iter'0 self) predicate resolve'3 (self : usize) = - [%#span43] true + [%#span33] true predicate resolve'1 (self : (usize, usize)) = - [%#span45] resolve'3 (let (a, _) = self in a) /\ resolve'3 (let (_, a) = self in a) - - use seq.Seq + [%#span35] resolve'3 (let (a, _) = self in a) /\ resolve'3 (let (_, a) = self in a) function singleton'0 (v : (usize, usize)) : Seq'0.t_seq (usize, usize) - axiom singleton'0_spec : forall v : (usize, usize) . ([%#span46] inv'6 v) - -> ([%#span49] inv'3 (singleton'0 v)) - && ([%#span48] index_logic'1 (singleton'0 v) 0 = v) && ([%#span47] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : (usize, usize) . ([%#span36] inv'5 v) + -> ([%#span38] index_logic'1 (singleton'0 v) 0 = v) && ([%#span37] len'0 (singleton'0 v) = 1) predicate resolve'0 (self : borrowed (Enumerate'0.t_enumerate (Range'0.t_range usize))) = - [%#span40] ^ self = * self + [%#span30] ^ self = * self predicate completed'0 (self : borrowed (Enumerate'0.t_enumerate (Range'0.t_range usize))) = - [%#span50] exists inner : borrowed (Range'0.t_range usize) . inv'7 inner + [%#span39] exists inner : borrowed (Range'0.t_range usize) . inv'6 inner /\ * inner = iter'0 ( * self) /\ ^ inner = iter'0 ( ^ self) /\ completed'1 inner - let rec next'0 (self:borrowed (Enumerate'0.t_enumerate (Range'0.t_range usize))) (return' (ret:Option'0.t_option (usize, usize)))= {[@expl:precondition] [%#span51] inv'1 self} + let rec next'0 (self:borrowed (Enumerate'0.t_enumerate (Range'0.t_range usize))) (return' (ret:Option'0.t_option (usize, usize)))= {[@expl:precondition] [%#span40] inv'1 self} any - [ return' (result:Option'0.t_option (usize, usize))-> {[%#span53] inv'5 result} - {[%#span52] match result with + [ return' (result:Option'0.t_option (usize, usize))-> {[%#span42] inv'4 result} + {[%#span41] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} @@ -3734,7 +3316,7 @@ module C03StdIterators_EnumerateRange function index_logic'0 [@inline:trivial] (self : Snapshot'0.t_snapshot (Seq'0.t_seq (usize, usize))) (ix : int) : (usize, usize) = - [%#span54] index_logic'1 (deref'0 self) ix + [%#span43] index_logic'1 (deref'0 self) ix function inner'1 (self : Snapshot'0.t_snapshot (Seq'0.t_seq (usize, usize))) : Seq'0.t_seq (usize, usize) @@ -3746,34 +3328,34 @@ module C03StdIterators_EnumerateRange function new'1 (x : Seq'0.t_seq (usize, usize)) : Snapshot'0.t_snapshot (Seq'0.t_seq (usize, usize)) - axiom new'1_spec : forall x : Seq'0.t_seq (usize, usize) . ([%#span55] inv'3 x) -> ([%#span56] deref'0 (new'1 x) = x) + axiom new'1_spec : forall x : Seq'0.t_seq (usize, usize) . ([%#span44] inv'3 x) -> ([%#span45] deref'0 (new'1 x) = x) function new'0 (x : Enumerate'0.t_enumerate (Range'0.t_range usize)) : Snapshot'0.t_snapshot (Enumerate'0.t_enumerate (Range'0.t_range usize)) - axiom new'0_spec : forall x : Enumerate'0.t_enumerate (Range'0.t_range usize) . ([%#span55] inv'0 x) - -> ([%#span56] deref'1 (new'0 x) = x) + axiom new'0_spec : forall x : Enumerate'0.t_enumerate (Range'0.t_range usize) . ([%#span44] inv'0 x) + -> ([%#span45] deref'1 (new'0 x) = x) predicate into_iter_post'0 (self : Enumerate'0.t_enumerate (Range'0.t_range usize)) (res : Enumerate'0.t_enumerate (Range'0.t_range usize)) = - [%#span57] self = res + [%#span46] self = res predicate into_iter_pre'0 (self : Enumerate'0.t_enumerate (Range'0.t_range usize)) = - [%#span58] true + [%#span47] true - let rec into_iter'0 (self:Enumerate'0.t_enumerate (Range'0.t_range usize)) (return' (ret:Enumerate'0.t_enumerate (Range'0.t_range usize)))= {[@expl:precondition] [%#span60] inv'0 self} - {[@expl:precondition] [%#span59] into_iter_pre'0 self} + let rec into_iter'0 (self:Enumerate'0.t_enumerate (Range'0.t_range usize)) (return' (ret:Enumerate'0.t_enumerate (Range'0.t_range usize)))= {[@expl:precondition] [%#span49] inv'0 self} + {[@expl:precondition] [%#span48] into_iter_pre'0 self} any - [ return' (result:Enumerate'0.t_enumerate (Range'0.t_range usize))-> {[%#span61] inv'0 result} - {[%#span59] into_iter_post'0 self result} + [ return' (result:Enumerate'0.t_enumerate (Range'0.t_range usize))-> {[%#span50] inv'0 result} + {[%#span48] into_iter_post'0 self result} (! return' {result}) ] - let rec enumerate'0 (self:Range'0.t_range usize) (return' (ret:Enumerate'0.t_enumerate (Range'0.t_range usize)))= {[@expl:precondition] [%#span62] inv'2 self} + let rec enumerate'0 (self:Range'0.t_range usize) (return' (ret:Enumerate'0.t_enumerate (Range'0.t_range usize)))= {[@expl:precondition] [%#span51] inv'2 self} any - [ return' (result:Enumerate'0.t_enumerate (Range'0.t_range usize))-> {[%#span63] inv'0 result} - {[%#span59] iter'0 result = self /\ n'0 result = 0} + [ return' (result:Enumerate'0.t_enumerate (Range'0.t_range usize))-> {[%#span52] inv'0 result} + {[%#span48] iter'0 result = self /\ n'0 result = 0} (! return' {result}) ] @@ -3927,252 +3509,202 @@ module C03StdIterators_MyReverse let%span span20 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span24 = "../../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 - let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span25 = "../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 - let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span26 = "../../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 - let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span27 = "../../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 - let%span span28 = "../../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 + let%span span28 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 - let%span span29 = "../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 + let%span span29 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 - let%span span30 = "../../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span span30 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 - let%span span31 = "../../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span span31 = "../../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 - let%span span32 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 + let%span span32 = "../../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 - let%span span33 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 31 40 33 + let%span span33 = "../../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 - let%span span34 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 + let%span span34 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span35 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 61 40 63 + let%span span35 = "../../../../../creusot-contracts/src/std/iter/zip.rs" 44 8 50 9 - let%span span36 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 + let%span span36 = "../../../../../creusot-contracts/src/std/iter/zip.rs" 60 15 60 32 - let%span span37 = "../../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span span37 = "../../../../../creusot-contracts/src/std/iter/zip.rs" 61 15 61 32 - let%span span38 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span38 = "../../../../../creusot-contracts/src/std/iter/zip.rs" 63 22 63 23 - let%span span39 = "../../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 + let%span span39 = "../../../../../creusot-contracts/src/std/iter/zip.rs" 63 52 63 53 - let%span span40 = "../../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span span40 = "../../../../../creusot-contracts/src/std/iter/zip.rs" 63 82 63 83 - let%span span41 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span41 = "../../../../../creusot-contracts/src/std/iter/zip.rs" 62 14 62 42 - let%span span42 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span42 = "../../../../../creusot-contracts/src/std/iter/zip.rs" 56 21 56 25 - let%span span43 = "../../../../../creusot-contracts/src/std/iter/zip.rs" 44 8 50 9 + let%span span43 = "../../../../../creusot-contracts/src/std/iter/zip.rs" 55 14 55 45 - let%span span44 = "../../../../../creusot-contracts/src/std/iter/zip.rs" 60 15 60 32 + let%span span44 = "../../../../../creusot-contracts/src/logic/seq2.rs" 87 4 87 38 - let%span span45 = "../../../../../creusot-contracts/src/std/iter/zip.rs" 61 15 61 32 + let%span span45 = "../../../../../creusot-contracts/src/logic/seq2.rs" 88 4 89 81 - let%span span46 = "../../../../../creusot-contracts/src/std/iter/zip.rs" 63 22 63 23 + let%span span46 = "../../../../../creusot-contracts/src/logic/seq2.rs" 114 14 114 40 - let%span span47 = "../../../../../creusot-contracts/src/std/iter/zip.rs" 63 31 63 33 + let%span span47 = "../../../../../creusot-contracts/src/logic/seq2.rs" 115 4 115 100 - let%span span48 = "../../../../../creusot-contracts/src/std/iter/zip.rs" 63 52 63 53 + let%span span48 = "" 0 0 0 0 - let%span span49 = "../../../../../creusot-contracts/src/std/iter/zip.rs" 63 61 63 63 + let%span span49 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span50 = "../../../../../creusot-contracts/src/std/iter/zip.rs" 63 82 63 83 + let%span span50 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span51 = "../../../../../creusot-contracts/src/std/iter/zip.rs" 62 14 62 42 + let%span span51 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span52 = "../../../../../creusot-contracts/src/std/iter/zip.rs" 56 21 56 25 + let%span span52 = "../../../../../creusot-contracts/src/logic/ops.rs" 54 8 54 32 - let%span span53 = "../../../../../creusot-contracts/src/std/iter/zip.rs" 55 14 55 45 + let%span span53 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 - let%span span54 = "../../../../../creusot-contracts/src/logic/seq2.rs" 91 18 91 22 + let%span span54 = "../../../../../creusot-contracts/src/logic/seq2.rs" 135 8 142 110 - let%span span55 = "../../../../../creusot-contracts/src/logic/seq2.rs" 91 24 91 27 + let%span span55 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span56 = "../../../../../creusot-contracts/src/logic/seq2.rs" 88 4 88 38 + let%span span56 = "../../../../../creusot-contracts/src/std/slice.rs" 235 19 235 35 - let%span span57 = "../../../../../creusot-contracts/src/logic/seq2.rs" 89 4 90 81 + let%span span57 = "../../../../../creusot-contracts/src/std/slice.rs" 236 19 236 35 - let%span span58 = "../../../../../creusot-contracts/src/logic/seq2.rs" 115 19 115 23 + let%span span58 = "" 0 0 0 0 - let%span span59 = "../../../../../creusot-contracts/src/logic/seq2.rs" 113 14 113 40 + let%span span59 = "../../../../../creusot-contracts/src/std/slice.rs" 237 8 237 52 - let%span span60 = "../../../../../creusot-contracts/src/logic/seq2.rs" 114 4 114 100 + let%span span60 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 - let%span span61 = "../../../../../creusot-contracts/src/logic/seq2.rs" 115 4 115 32 + let%span span61 = "../../../../../creusot-contracts/src/resolve.rs" 17 8 17 60 - let%span span62 = "" 0 0 0 0 + let%span span62 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span63 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 + let%span span63 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span64 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span64 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span65 = "../../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span65 = "../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 - let%span span66 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span66 = "../../../../../creusot-contracts/src/std/iter/zip.rs" 31 8 38 9 - let%span span67 = "../../../../../creusot-contracts/src/logic/ops.rs" 54 8 54 32 + let%span span67 = "" 0 0 0 0 - let%span span68 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 + let%span span68 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - let%span span69 = "../../../../../creusot-contracts/src/logic/seq2.rs" 134 8 141 110 + let%span span69 = "" 0 0 0 0 - let%span span70 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span70 = "../03_std_iterators.rs" 88 4 90 5 - let%span span71 = "../../../../../creusot-contracts/src/std/slice.rs" 235 19 235 35 + let%span span71 = "../03_std_iterators.rs" 81 4 83 5 - let%span span72 = "../../../../../creusot-contracts/src/std/slice.rs" 236 19 236 35 + let%span span72 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span73 = "" 0 0 0 0 + let%span span73 = "../../../../../creusot-contracts/src/snapshot.rs" 27 20 27 48 - let%span span74 = "../../../../../creusot-contracts/src/std/slice.rs" 237 8 237 52 + let%span span74 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span75 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 + let%span span75 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span76 = "../../../../../creusot-contracts/src/resolve.rs" 17 8 17 60 + let%span span76 = "../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - let%span span77 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span77 = "../../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - let%span span78 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span78 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - let%span span79 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span79 = "" 0 0 0 0 - let%span span80 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span80 = "" 0 0 0 0 - let%span span81 = "../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span span81 = "../../../../../creusot-contracts/src/std/iter.rs" 129 27 129 48 - let%span span82 = "../../../../../creusot-contracts/src/std/iter/zip.rs" 31 8 38 9 + let%span span82 = "" 0 0 0 0 let%span span83 = "" 0 0 0 0 - let%span span84 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 + let%span span84 = "../../../../../creusot-contracts/src/std/iter.rs" 131 26 131 62 let%span span85 = "" 0 0 0 0 - let%span span86 = "../03_std_iterators.rs" 88 4 90 5 - - let%span span87 = "../03_std_iterators.rs" 81 4 83 5 - - let%span span88 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - - let%span span89 = "../../../../../creusot-contracts/src/snapshot.rs" 27 20 27 48 + let%span span86 = "" 0 0 0 0 - let%span span90 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - - let%span span91 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - - let%span span92 = "../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - - let%span span93 = "../../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - - let%span span94 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - - let%span span95 = "" 0 0 0 0 - - let%span span96 = "" 0 0 0 0 - - let%span span97 = "../../../../../creusot-contracts/src/std/iter.rs" 129 27 129 48 - - let%span span98 = "" 0 0 0 0 - - let%span span99 = "" 0 0 0 0 - - let%span span100 = "../../../../../creusot-contracts/src/std/iter.rs" 131 26 131 62 - - let%span span101 = "" 0 0 0 0 - - let%span span102 = "" 0 0 0 0 - - let%span span103 = "../../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 + let%span span87 = "../../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 use prelude.prelude.UIntSize - predicate invariant'12 (self : usize) = + predicate invariant'10 (self : usize) = [%#span20] true - predicate inv'12 (_x : usize) + predicate inv'10 (_x : usize) - axiom inv'12 : forall x : usize . inv'12 x = true + axiom inv'10 : forall x : usize . inv'10 x = true use Core_Ops_Range_Range_Type as Range'0 use prelude.prelude.Borrow - predicate invariant'11 (self : borrowed (Range'0.t_range usize)) = + predicate invariant'9 (self : borrowed (Range'0.t_range usize)) = [%#span20] true - predicate inv'11 (_x : borrowed (Range'0.t_range usize)) + predicate inv'9 (_x : borrowed (Range'0.t_range usize)) - axiom inv'11 : forall x : borrowed (Range'0.t_range usize) . inv'11 x = true + axiom inv'9 : forall x : borrowed (Range'0.t_range usize) . inv'9 x = true - predicate invariant'10 (self : (usize, usize)) = + predicate invariant'8 (self : (usize, usize)) = [%#span20] true - predicate inv'10 (_x : (usize, usize)) + predicate inv'8 (_x : (usize, usize)) - axiom inv'10 : forall x : (usize, usize) . inv'10 x = true + axiom inv'8 : forall x : (usize, usize) . inv'8 x = true use Core_Option_Option_Type as Option'0 - predicate invariant'9 (self : Option'0.t_option (usize, usize)) = + predicate invariant'7 (self : Option'0.t_option (usize, usize)) = [%#span20] true - predicate inv'9 (_x : Option'0.t_option (usize, usize)) + predicate inv'7 (_x : Option'0.t_option (usize, usize)) - axiom inv'9 : forall x : Option'0.t_option (usize, usize) . inv'9 x = true + axiom inv'7 : forall x : Option'0.t_option (usize, usize) . inv'7 x = true use Core_Iter_Adapters_Zip_Zip_Type as Zip'0 - predicate invariant'8 (self : borrowed (Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize))) = + predicate invariant'6 (self : borrowed (Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize))) = [%#span20] true - predicate inv'8 (_x : borrowed (Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize))) + predicate inv'6 (_x : borrowed (Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize))) - axiom inv'8 : forall x : borrowed (Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize)) . inv'8 x = true + axiom inv'6 : forall x : borrowed (Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize)) . inv'6 x = true use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'7 (self : Seq'0.t_seq t) - - predicate inv'7 (_x : Seq'0.t_seq t) - - axiom inv'7 : forall x : Seq'0.t_seq t . inv'7 x = true - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - use seq.Seq - use prelude.prelude.Int - function index_logic'3 (self : Seq'0.t_seq usize) (x : int) : usize - - use seq.Seq - - predicate inv'6 (_x : Seq'0.t_seq usize) + function index_logic'3 (self : Seq'0.t_seq usize) (_2 : int) : usize function len'3 (self : Seq'0.t_seq usize) : int - axiom len'3_spec : forall self : Seq'0.t_seq usize . ([%#span21] inv'6 self) -> ([%#span22] len'3 self >= 0) + axiom len'3_spec : forall self : Seq'0.t_seq usize . [%#span21] len'3 self >= 0 function concat'1 (self : Seq'0.t_seq usize) (other : Seq'0.t_seq usize) : Seq'0.t_seq usize - axiom concat'1_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span23] inv'6 self) - -> ([%#span24] inv'6 other) - -> ([%#span27] inv'6 (concat'1 self other)) - && ([%#span26] forall i : int . 0 <= i /\ i < len'3 (concat'1 self other) + axiom concat'1_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span23] forall i : int . 0 <= i + /\ i < len'3 (concat'1 self other) -> index_logic'3 (concat'1 self other) i = (if i < len'3 self then index_logic'3 self i else index_logic'3 other (i - len'3 self))) - && ([%#span25] len'3 (concat'1 self other) = len'3 self + len'3 other) + && ([%#span22] len'3 (concat'1 self other) = len'3 self + len'3 other) predicate inv'4 (_x : Range'0.t_range usize) @@ -4181,12 +3713,12 @@ module C03StdIterators_MyReverse use prelude.prelude.UIntSize function deep_model'0 (self : usize) : int = - [%#span28] UIntSize.to_int self + [%#span24] UIntSize.to_int self use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type predicate produces'1 (self : Range'0.t_range usize) (visited : Seq'0.t_seq usize) (o : Range'0.t_range usize) = - [%#span29] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o + [%#span25] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start self) <= deep_model'0 (Core_Ops_Range_Range_Type.range_start o) /\ (len'3 visited > 0 @@ -4199,29 +3731,21 @@ module C03StdIterators_MyReverse function produces_trans'1 (a : Range'0.t_range usize) (ab : Seq'0.t_seq usize) (b : Range'0.t_range usize) (bc : Seq'0.t_seq usize) (c : Range'0.t_range usize) : () - axiom produces_trans'1_spec : forall a : Range'0.t_range usize, ab : Seq'0.t_seq usize, b : Range'0.t_range usize, bc : Seq'0.t_seq usize, c : Range'0.t_range usize . ([%#span30] produces'1 a ab b) - -> ([%#span31] produces'1 b bc c) - -> ([%#span32] inv'4 a) - -> ([%#span33] inv'6 ab) - -> ([%#span34] inv'4 b) - -> ([%#span35] inv'6 bc) -> ([%#span36] inv'4 c) -> ([%#span37] produces'1 a (concat'1 ab bc) c) + axiom produces_trans'1_spec : forall a : Range'0.t_range usize, ab : Seq'0.t_seq usize, b : Range'0.t_range usize, bc : Seq'0.t_seq usize, c : Range'0.t_range usize . ([%#span26] produces'1 a ab b) + -> ([%#span27] produces'1 b bc c) + -> ([%#span28] inv'4 a) + -> ([%#span29] inv'4 b) -> ([%#span30] inv'4 c) -> ([%#span31] produces'1 a (concat'1 ab bc) c) - constant empty'2 : Seq'0.t_seq usize = [%#span38] () + constant empty'2 : Seq'0.t_seq usize function produces_refl'1 (self : Range'0.t_range usize) : () - axiom produces_refl'1_spec : forall self : Range'0.t_range usize . ([%#span39] inv'4 self) - -> ([%#span40] produces'1 self (empty'2 : Seq'0.t_seq usize) self) + axiom produces_refl'1_spec : forall self : Range'0.t_range usize . ([%#span32] inv'4 self) + -> ([%#span33] produces'1 self (empty'2 : Seq'0.t_seq usize) self) - function empty_len'2 (_1 : ()) : () = - [%#span42] () + function empty_len'2 (_1 : ()) : () - axiom empty_len'2_spec : forall _1 : () . [%#span41] len'3 (empty'2 : Seq'0.t_seq usize) = 0 - - predicate invariant'6 (self : Seq'0.t_seq usize) = - [%#span20] true - - axiom inv'6 : forall x : Seq'0.t_seq usize . inv'6 x = true + axiom empty_len'2_spec : forall _1 : () . [%#span34] len'3 (empty'2 : Seq'0.t_seq usize) = 0 predicate invariant'5 (self : Seq'0.t_seq (usize, usize)) = [%#span20] true @@ -4255,41 +3779,31 @@ module C03StdIterators_MyReverse axiom inv'1 : forall x : slice t . inv'1 x = true - use seq.Seq - function len'1 (self : Seq'0.t_seq t) : int - axiom len'1_spec : forall self : Seq'0.t_seq t . ([%#span21] inv'7 self) -> ([%#span22] len'1 self >= 0) - - constant empty'1 : Seq'0.t_seq t = [%#span38] () - - function empty_len'1 (_1 : ()) : () = - [%#span42] () + axiom len'1_spec : forall self : Seq'0.t_seq t . [%#span21] len'1 self >= 0 - axiom empty_len'1_spec : forall _1 : () . [%#span41] len'1 (empty'1 : Seq'0.t_seq t) = 0 + constant empty'1 : Seq'0.t_seq t - use seq.Seq + function empty_len'1 (_1 : ()) : () - use seq.Seq + axiom empty_len'1_spec : forall _1 : () . [%#span34] len'1 (empty'1 : Seq'0.t_seq t) = 0 - function index_logic'2 (self : Seq'0.t_seq (usize, usize)) (x : int) : (usize, usize) - - use seq.Seq + function index_logic'2 (self : Seq'0.t_seq (usize, usize)) (_2 : int) : (usize, usize) function len'2 (self : Seq'0.t_seq (usize, usize)) : int - axiom len'2_spec : forall self : Seq'0.t_seq (usize, usize) . ([%#span21] inv'5 self) -> ([%#span22] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq (usize, usize) . [%#span21] len'2 self >= 0 function concat'0 (self : Seq'0.t_seq (usize, usize)) (other : Seq'0.t_seq (usize, usize)) : Seq'0.t_seq (usize, usize) - axiom concat'0_spec : forall self : Seq'0.t_seq (usize, usize), other : Seq'0.t_seq (usize, usize) . ([%#span23] inv'5 self) - -> ([%#span24] inv'5 other) - -> ([%#span27] inv'5 (concat'0 self other)) - && ([%#span26] forall i : int . 0 <= i /\ i < len'2 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq (usize, usize), other : Seq'0.t_seq (usize, usize) . ([%#span23] forall i : int . 0 + <= i + /\ i < len'2 (concat'0 self other) -> index_logic'2 (concat'0 self other) i = (if i < len'2 self then index_logic'2 self i else index_logic'2 other (i - len'2 self))) - && ([%#span25] len'2 (concat'0 self other) = len'2 self + len'2 other) + && ([%#span22] len'2 (concat'0 self other) = len'2 self + len'2 other) predicate inv'0 (_x : Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize)) @@ -4300,9 +3814,7 @@ module C03StdIterators_MyReverse predicate produces'0 (self : Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize)) (visited : Seq'0.t_seq (usize, usize)) (o : Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize)) = - [%#span43] exists p2 : Seq'0.t_seq usize . exists p1 : Seq'0.t_seq usize . inv'6 p2 - /\ inv'6 p1 - /\ len'3 p1 = len'3 p2 + [%#span35] exists p2 : Seq'0.t_seq usize . exists p1 : Seq'0.t_seq usize . len'3 p1 = len'3 p2 /\ len'3 p2 = len'2 visited /\ (forall i : int . 0 <= i /\ i < len'2 visited -> index_logic'2 visited i = (index_logic'3 p1 i, index_logic'3 p2 i)) @@ -4311,77 +3823,63 @@ module C03StdIterators_MyReverse function produces_trans'0 (a : Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize)) (ab : Seq'0.t_seq (usize, usize)) (b : Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize)) (bc : Seq'0.t_seq (usize, usize)) (c : Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize)) : () - axiom produces_trans'0_spec : forall a : Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize), ab : Seq'0.t_seq (usize, usize), b : Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize), bc : Seq'0.t_seq (usize, usize), c : Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize) . ([%#span44] produces'0 a ab b) - -> ([%#span45] produces'0 b bc c) - -> ([%#span46] inv'0 a) - -> ([%#span47] inv'5 ab) - -> ([%#span48] inv'0 b) - -> ([%#span49] inv'5 bc) -> ([%#span50] inv'0 c) -> ([%#span51] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize), ab : Seq'0.t_seq (usize, usize), b : Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize), bc : Seq'0.t_seq (usize, usize), c : Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize) . ([%#span36] produces'0 a ab b) + -> ([%#span37] produces'0 b bc c) + -> ([%#span38] inv'0 a) + -> ([%#span39] inv'0 b) -> ([%#span40] inv'0 c) -> ([%#span41] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq (usize, usize) = [%#span38] () + constant empty'0 : Seq'0.t_seq (usize, usize) function produces_refl'0 (self : Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize)) : () - axiom produces_refl'0_spec : forall self : Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize) . ([%#span52] inv'0 self) - -> ([%#span53] produces'0 self (empty'0 : Seq'0.t_seq (usize, usize)) self) + axiom produces_refl'0_spec : forall self : Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize) . ([%#span42] inv'0 self) + -> ([%#span43] produces'0 self (empty'0 : Seq'0.t_seq (usize, usize)) self) predicate invariant'0 (self : Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize)) = [%#span20] true axiom inv'0 : forall x : Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize) . inv'0 x = true - function empty_len'0 (_1 : ()) : () = - [%#span42] () - - axiom empty_len'0_spec : forall _1 : () . [%#span41] len'2 (empty'0 : Seq'0.t_seq (usize, usize)) = 0 - - use seq.Seq + function empty_len'0 (_1 : ()) : () - use seq.Seq + axiom empty_len'0_spec : forall _1 : () . [%#span34] len'2 (empty'0 : Seq'0.t_seq (usize, usize)) = 0 - function index_logic'4 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'4 (self : Seq'0.t_seq t) (_2 : int) : t predicate ext_eq'0 (self : Seq'0.t_seq t) (oth : Seq'0.t_seq t) - axiom ext_eq'0_spec : forall self : Seq'0.t_seq t, oth : Seq'0.t_seq t . ([%#span54] inv'7 self) - -> ([%#span55] inv'7 oth) - -> ([%#span57] len'1 self = len'1 oth + axiom ext_eq'0_spec : forall self : Seq'0.t_seq t, oth : Seq'0.t_seq t . ([%#span45] len'1 self = len'1 oth /\ (forall i : int . 0 <= i /\ i < len'1 self -> index_logic'4 self i = index_logic'4 oth i) -> ext_eq'0 self oth) - && ([%#span56] ext_eq'0 self oth -> self = oth) - - use seq.Reverse + && ([%#span44] ext_eq'0 self oth -> self = oth) function reverse'0 (self : Seq'0.t_seq t) : Seq'0.t_seq t - axiom reverse'0_spec : forall self : Seq'0.t_seq t . ([%#span58] inv'7 self) - -> ([%#span61] inv'7 (reverse'0 self)) - && ([%#span60] forall i : int . 0 <= i /\ i < len'1 (reverse'0 self) + axiom reverse'0_spec : forall self : Seq'0.t_seq t . ([%#span47] forall i : int . 0 <= i /\ i < len'1 (reverse'0 self) -> index_logic'4 (reverse'0 self) i = index_logic'4 self (len'1 self - 1 - i)) - && ([%#span59] len'1 (reverse'0 self) = len'1 self) + && ([%#span46] len'1 (reverse'0 self) = len'1 self) - constant max'0 : usize = [%#span62] (18446744073709551615 : usize) + constant max'0 : usize = [%#span48] (18446744073709551615 : usize) function shallow_model'2 (self : slice t) : Seq'0.t_seq t - axiom shallow_model'2_spec : forall self : slice t . ([%#span63] inv'1 self) - -> ([%#span65] inv'7 (shallow_model'2 self)) - && ([%#span64] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'2_spec : forall self : slice t . ([%#span49] inv'1 self) + -> ([%#span50] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic predicate resolve'3 (self : borrowed (slice t)) = - [%#span66] ^ self = * self + [%#span51] ^ self = * self function index_logic'1 [@inline:trivial] (self : slice t) (ix : usize) : t = - [%#span67] index_logic'4 (shallow_model'2 self) (UIntSize.to_int ix) + [%#span52] index_logic'4 (shallow_model'2 self) (UIntSize.to_int ix) function index_logic'0 [@inline:trivial] (self : slice t) (ix : int) : t = - [%#span68] index_logic'4 (shallow_model'2 self) ix + [%#span53] index_logic'4 (shallow_model'2 self) ix predicate exchange'0 (self : Seq'0.t_seq t) (oth : Seq'0.t_seq t) (i : int) (j : int) = - [%#span69] len'1 self = len'1 oth + [%#span54] len'1 self = len'1 oth /\ 0 <= i /\ i < len'1 self /\ 0 <= j @@ -4391,63 +3889,57 @@ module C03StdIterators_MyReverse /\ (forall k : int . 0 <= k /\ k < len'1 self -> k <> i -> k <> j -> index_logic'4 self k = index_logic'4 oth k) function shallow_model'0 (self : borrowed (slice t)) : Seq'0.t_seq t = - [%#span70] shallow_model'2 ( * self) + [%#span55] shallow_model'2 ( * self) - let rec swap'0 (self:borrowed (slice t)) (a:usize) (b:usize) (return' (ret:()))= {[@expl:precondition] [%#span73] inv'2 self} - {[@expl:precondition] [%#span72] UIntSize.to_int b < len'1 (shallow_model'0 self)} - {[@expl:precondition] [%#span71] UIntSize.to_int a < len'1 (shallow_model'0 self)} + let rec swap'0 (self:borrowed (slice t)) (a:usize) (b:usize) (return' (ret:()))= {[@expl:precondition] [%#span58] inv'2 self} + {[@expl:precondition] [%#span57] UIntSize.to_int b < len'1 (shallow_model'0 self)} + {[@expl:precondition] [%#span56] UIntSize.to_int a < len'1 (shallow_model'0 self)} any - [ return' (result:())-> {[%#span74] exchange'0 (shallow_model'2 ( ^ self)) (shallow_model'0 self) (UIntSize.to_int a) (UIntSize.to_int b)} + [ return' (result:())-> {[%#span59] exchange'0 (shallow_model'2 ( ^ self)) (shallow_model'0 self) (UIntSize.to_int a) (UIntSize.to_int b)} (! return' {result}) ] predicate resolve'4 (self : usize) = - [%#span75] true + [%#span60] true predicate resolve'2 (self : (usize, usize)) = - [%#span76] resolve'4 (let (a, _) = self in a) /\ resolve'4 (let (_, a) = self in a) - - use seq.Seq + [%#span61] resolve'4 (let (a, _) = self in a) /\ resolve'4 (let (_, a) = self in a) function singleton'0 (v : (usize, usize)) : Seq'0.t_seq (usize, usize) - axiom singleton'0_spec : forall v : (usize, usize) . ([%#span77] inv'10 v) - -> ([%#span80] inv'5 (singleton'0 v)) - && ([%#span79] index_logic'2 (singleton'0 v) 0 = v) && ([%#span78] len'2 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : (usize, usize) . ([%#span62] inv'8 v) + -> ([%#span64] index_logic'2 (singleton'0 v) 0 = v) && ([%#span63] len'2 (singleton'0 v) = 1) predicate resolve'1 (self : borrowed (Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize))) = - [%#span66] ^ self = * self - - use seq.Seq + [%#span51] ^ self = * self function singleton'1 (v : usize) : Seq'0.t_seq usize - axiom singleton'1_spec : forall v : usize . ([%#span77] inv'12 v) - -> ([%#span80] inv'6 (singleton'1 v)) - && ([%#span79] index_logic'3 (singleton'1 v) 0 = v) && ([%#span78] len'3 (singleton'1 v) = 1) + axiom singleton'1_spec : forall v : usize . ([%#span62] inv'10 v) + -> ([%#span64] index_logic'3 (singleton'1 v) 0 = v) && ([%#span63] len'3 (singleton'1 v) = 1) predicate resolve'5 (self : borrowed (Range'0.t_range usize)) = - [%#span66] ^ self = * self + [%#span51] ^ self = * self predicate completed'1 (self : borrowed (Range'0.t_range usize)) = - [%#span81] resolve'5 self + [%#span65] resolve'5 self /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start ( * self)) >= deep_model'0 (Core_Ops_Range_Range_Type.range_end ( * self)) predicate completed'0 (self : borrowed (Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize))) = - [%#span82] exists b : borrowed (Range'0.t_range usize) . exists a : borrowed (Range'0.t_range usize) . inv'11 b - /\ inv'11 a + [%#span66] exists b : borrowed (Range'0.t_range usize) . exists a : borrowed (Range'0.t_range usize) . inv'9 b + /\ inv'9 a /\ * a = itera'0 ( * self) /\ * b = iterb'0 ( * self) /\ ^ a = itera'0 ( ^ self) /\ ^ b = iterb'0 ( ^ self) /\ (completed'1 a /\ resolve'5 b - \/ (exists x : usize . inv'12 x /\ produces'1 ( * a) (singleton'1 x) ( ^ a) /\ resolve'4 x /\ completed'1 b)) + \/ (exists x : usize . inv'10 x /\ produces'1 ( * a) (singleton'1 x) ( ^ a) /\ resolve'4 x /\ completed'1 b)) - let rec next'0 (self:borrowed (Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize))) (return' (ret:Option'0.t_option (usize, usize)))= {[@expl:precondition] [%#span83] inv'8 self} + let rec next'0 (self:borrowed (Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize))) (return' (ret:Option'0.t_option (usize, usize)))= {[@expl:precondition] [%#span67] inv'6 self} any - [ return' (result:Option'0.t_option (usize, usize))-> {[%#span85] inv'9 result} - {[%#span84] match result with + [ return' (result:Option'0.t_option (usize, usize))-> {[%#span69] inv'7 result} + {[%#span68] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} @@ -4457,22 +3949,22 @@ module C03StdIterators_MyReverse predicate equiv_reverse_range'0 [#"../03_std_iterators.rs" 87 0 87 81] (s1 : Seq'0.t_seq t) (s2 : Seq'0.t_seq t) (l : int) (u : int) (n : int) = - [%#span86] forall i : int . l <= i /\ i < u -> index_logic'4 s1 i = index_logic'4 s2 (n - i) + [%#span70] forall i : int . l <= i /\ i < u -> index_logic'4 s1 i = index_logic'4 s2 (n - i) predicate equiv_range'0 [#"../03_std_iterators.rs" 80 0 80 65] (s1 : Seq'0.t_seq t) (s2 : Seq'0.t_seq t) (l : int) (u : int) = - [%#span87] forall i : int . l <= i /\ i < u -> index_logic'4 s1 i = index_logic'4 s2 i + [%#span71] forall i : int . l <= i /\ i < u -> index_logic'4 s1 i = index_logic'4 s2 i function deref'1 (self : Snapshot'0.t_snapshot (Seq'0.t_seq (usize, usize))) : Seq'0.t_seq (usize, usize) function shallow_model'4 (self : borrowed (slice t)) : Seq'0.t_seq t = - [%#span88] shallow_model'0 self + [%#span72] shallow_model'0 self function deref'0 (self : Snapshot'0.t_snapshot (borrowed (slice t))) : borrowed (slice t) function shallow_model'1 (self : Snapshot'0.t_snapshot (borrowed (slice t))) : Seq'0.t_seq t = - [%#span89] shallow_model'4 (deref'0 self) + [%#span73] shallow_model'4 (deref'0 self) function inner'1 (self : Snapshot'0.t_snapshot (Seq'0.t_seq (usize, usize))) : Seq'0.t_seq (usize, usize) @@ -4484,43 +3976,43 @@ module C03StdIterators_MyReverse function new'2 (x : Seq'0.t_seq (usize, usize)) : Snapshot'0.t_snapshot (Seq'0.t_seq (usize, usize)) - axiom new'2_spec : forall x : Seq'0.t_seq (usize, usize) . ([%#span90] inv'5 x) -> ([%#span91] deref'1 (new'2 x) = x) + axiom new'2_spec : forall x : Seq'0.t_seq (usize, usize) . ([%#span74] inv'5 x) -> ([%#span75] deref'1 (new'2 x) = x) function new'1 (x : Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize)) : Snapshot'0.t_snapshot (Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize)) - axiom new'1_spec : forall x : Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize) . ([%#span90] inv'0 x) - -> ([%#span91] deref'2 (new'1 x) = x) + axiom new'1_spec : forall x : Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize) . ([%#span74] inv'0 x) + -> ([%#span75] deref'2 (new'1 x) = x) predicate into_iter_post'1 (self : Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize)) (res : Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize)) = - [%#span92] self = res + [%#span76] self = res predicate into_iter_pre'1 (self : Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize)) = - [%#span93] true + [%#span77] true - let rec into_iter'0 (self:Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize)) (return' (ret:Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize)))= {[@expl:precondition] [%#span95] inv'0 self} - {[@expl:precondition] [%#span94] into_iter_pre'1 self} + let rec into_iter'0 (self:Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize)) (return' (ret:Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize)))= {[@expl:precondition] [%#span79] inv'0 self} + {[@expl:precondition] [%#span78] into_iter_pre'1 self} any - [ return' (result:Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize))-> {[%#span96] inv'0 result} - {[%#span94] into_iter_post'1 self result} + [ return' (result:Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize))-> {[%#span80] inv'0 result} + {[%#span78] into_iter_post'1 self result} (! return' {result}) ] predicate into_iter_post'0 (self : Range'0.t_range usize) (res : Range'0.t_range usize) = - [%#span92] self = res + [%#span76] self = res predicate into_iter_pre'0 (self : Range'0.t_range usize) = - [%#span93] true + [%#span77] true - let rec zip'0 (self:Range'0.t_range usize) (other:Range'0.t_range usize) (return' (ret:Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize)))= {[@expl:precondition] [%#span99] inv'4 other} - {[@expl:precondition] [%#span98] inv'4 self} - {[@expl:precondition] [%#span97] into_iter_pre'0 other} + let rec zip'0 (self:Range'0.t_range usize) (other:Range'0.t_range usize) (return' (ret:Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize)))= {[@expl:precondition] [%#span83] inv'4 other} + {[@expl:precondition] [%#span82] inv'4 self} + {[@expl:precondition] [%#span81] into_iter_pre'0 other} any - [ return' (result:Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize))-> {[%#span101] inv'0 result} - {[%#span100] into_iter_post'0 other (iterb'0 result)} - {[%#span94] itera'0 result = self} + [ return' (result:Zip'0.t_zip (Range'0.t_range usize) (Range'0.t_range usize))-> {[%#span85] inv'0 result} + {[%#span84] into_iter_post'0 other (iterb'0 result)} + {[%#span78] itera'0 result = self} (! return' {result}) ] @@ -4528,15 +4020,14 @@ module C03StdIterators_MyReverse function new'0 (x : borrowed (slice t)) : Snapshot'0.t_snapshot (borrowed (slice t)) - axiom new'0_spec : forall x : borrowed (slice t) . ([%#span90] inv'2 x) -> ([%#span91] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : borrowed (slice t) . ([%#span74] inv'2 x) -> ([%#span75] deref'0 (new'0 x) = x) function shallow_model'3 (self : slice t) : Seq'0.t_seq t = - [%#span88] shallow_model'2 self + [%#span72] shallow_model'2 self - let rec len'0 (self:slice t) (return' (ret:usize))= {[@expl:precondition] [%#span102] inv'3 self} + let rec len'0 (self:slice t) (return' (ret:usize))= {[@expl:precondition] [%#span86] inv'3 self} any - [ return' (result:usize)-> {[%#span103] len'1 (shallow_model'3 self) = UIntSize.to_int result} - (! return' {result}) ] + [ return' (result:usize)-> {[%#span87] len'1 (shallow_model'3 self) = UIntSize.to_int result} (! return' {result}) ] let rec my_reverse (slice:borrowed (slice t)) (return' (ret:()))= {[%#s03_std_iterators18] inv'2 slice} diff --git a/creusot/tests/should_succeed/iterators/04_skip.coma b/creusot/tests/should_succeed/iterators/04_skip.coma index 8d75694f06..2176f2680d 100644 --- a/creusot/tests/should_succeed/iterators/04_skip.coma +++ b/creusot/tests/should_succeed/iterators/04_skip.coma @@ -25,22 +25,7 @@ module C04Skip_Skip_Type end end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C04Skip_Impl0_ProducesRefl_Impl type i @@ -49,113 +34,79 @@ module C04Skip_Impl0_ProducesRefl_Impl let%span s04_skip1 = "../04_skip.rs" 49 14 49 45 - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span9 = "../common.rs" 18 15 18 32 - - let%span span10 = "../common.rs" 19 15 19 32 - - let%span span11 = "../common.rs" 21 22 21 23 - - let%span span12 = "../common.rs" 21 31 21 33 + let%span span5 = "../common.rs" 18 15 18 32 - let%span span13 = "../common.rs" 21 52 21 53 + let%span span6 = "../common.rs" 19 15 19 32 - let%span span14 = "../common.rs" 21 61 21 63 + let%span span7 = "../common.rs" 21 22 21 23 - let%span span15 = "../common.rs" 21 82 21 83 + let%span span8 = "../common.rs" 21 52 21 53 - let%span span16 = "../common.rs" 20 14 20 42 + let%span span9 = "../common.rs" 21 82 21 83 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span10 = "../common.rs" 20 14 20 42 - let%span span18 = "../common.rs" 15 21 15 25 + let%span span11 = "../common.rs" 15 21 15 25 - let%span span19 = "../common.rs" 14 14 14 45 + let%span span12 = "../common.rs" 14 14 14 45 - let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span14 = "../04_skip.rs" 37 8 44 9 - let%span span22 = "../04_skip.rs" 37 8 44 9 - - predicate invariant'2 (self : i) + predicate invariant'1 (self : i) - predicate inv'2 (_x : i) + predicate inv'1 (_x : i) - axiom inv'2 : forall x : i . inv'2 x = true + axiom inv'1 : forall x : i . inv'1 x = true type item'0 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'1 (self : Seq'0.t_seq item'0) - - predicate inv'1 (_x : Seq'0.t_seq item'0) - - axiom inv'1 : forall x : Seq'0.t_seq item'0 . inv'1 x = true - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - use seq.Seq - use prelude.prelude.Int - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span2] inv'1 self) -> ([%#span3] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span2] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span4] inv'1 self) - -> ([%#span5] inv'1 other) - -> ([%#span8] inv'1 (concat'0 self other)) - && ([%#span7] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span4] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span6] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span3] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span9] produces'1 a ab b) - -> ([%#span10] produces'1 b bc c) - -> ([%#span11] inv'2 a) - -> ([%#span12] inv'1 ab) - -> ([%#span13] inv'2 b) - -> ([%#span14] inv'1 bc) -> ([%#span15] inv'2 c) -> ([%#span16] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span5] produces'1 a ab b) + -> ([%#span6] produces'1 b bc c) + -> ([%#span7] inv'1 a) + -> ([%#span8] inv'1 b) -> ([%#span9] inv'1 c) -> ([%#span10] produces'1 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq item'0 = [%#span17] () + constant empty'0 : Seq'0.t_seq item'0 function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span18] inv'2 self) - -> ([%#span19] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : i . ([%#span11] inv'1 self) + -> ([%#span12] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) - function empty_len'0 (_1 : ()) : () = - [%#span21] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span20] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span13] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 use C04Skip_Skip_Type as Skip'0 @@ -174,11 +125,10 @@ module C04Skip_Impl0_ProducesRefl_Impl predicate produces'0 [#"../04_skip.rs" 36 4 36 64] (self : Skip'0.t_skip i) (visited : Seq'0.t_seq item'0) (o : Skip'0.t_skip i) = - [%#span22] visited = (empty'0 : Seq'0.t_seq item'0) /\ self = o + [%#span14] visited = (empty'0 : Seq'0.t_seq item'0) /\ self = o \/ UIntSize.to_int (C04Skip_Skip_Type.skip_n o) = 0 /\ len'0 visited > 0 - /\ (exists s : Seq'0.t_seq item'0 . inv'1 s - /\ len'0 s = UIntSize.to_int (C04Skip_Skip_Type.skip_n self) + /\ (exists s : Seq'0.t_seq item'0 . len'0 s = UIntSize.to_int (C04Skip_Skip_Type.skip_n self) /\ produces'1 (C04Skip_Skip_Type.skip_iter self) (concat'0 s visited) (C04Skip_Skip_Type.skip_iter o) /\ (forall i : int . 0 <= i /\ i < len'0 s -> resolve'0 (index_logic'0 s i))) @@ -198,123 +148,85 @@ module C04Skip_Impl0_ProducesTrans_Impl let%span s04_skip2 = "../04_skip.rs" 57 22 57 23 - let%span s04_skip3 = "../04_skip.rs" 57 31 57 33 - - let%span s04_skip4 = "../04_skip.rs" 57 52 57 53 - - let%span s04_skip5 = "../04_skip.rs" 57 61 57 63 - - let%span s04_skip6 = "../04_skip.rs" 57 82 57 83 - - let%span s04_skip7 = "../04_skip.rs" 56 14 56 42 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span s04_skip3 = "../04_skip.rs" 57 52 57 53 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span s04_skip4 = "../04_skip.rs" 57 82 57 83 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span s04_skip5 = "../04_skip.rs" 56 14 56 42 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span15 = "../common.rs" 18 15 18 32 - - let%span span16 = "../common.rs" 19 15 19 32 - - let%span span17 = "../common.rs" 21 22 21 23 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span18 = "../common.rs" 21 31 21 33 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span19 = "../common.rs" 21 52 21 53 + let%span span9 = "../common.rs" 18 15 18 32 - let%span span20 = "../common.rs" 21 61 21 63 + let%span span10 = "../common.rs" 19 15 19 32 - let%span span21 = "../common.rs" 21 82 21 83 + let%span span11 = "../common.rs" 21 22 21 23 - let%span span22 = "../common.rs" 20 14 20 42 + let%span span12 = "../common.rs" 21 52 21 53 - let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span13 = "../common.rs" 21 82 21 83 - let%span span24 = "../common.rs" 15 21 15 25 + let%span span14 = "../common.rs" 20 14 20 42 - let%span span25 = "../common.rs" 14 14 14 45 + let%span span15 = "../common.rs" 15 21 15 25 - let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span16 = "../common.rs" 14 14 14 45 - let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span28 = "../04_skip.rs" 37 8 44 9 + let%span span18 = "../04_skip.rs" 37 8 44 9 - predicate invariant'2 (self : i) + predicate invariant'1 (self : i) - predicate inv'2 (_x : i) + predicate inv'1 (_x : i) - axiom inv'2 : forall x : i . inv'2 x = true + axiom inv'1 : forall x : i . inv'1 x = true type item'0 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - use seq.Seq - use prelude.prelude.Int - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 - - use seq.Seq - - predicate inv'1 (_x : Seq'0.t_seq item'0) + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span8] inv'1 self) -> ([%#span9] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span6] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span10] inv'1 self) - -> ([%#span11] inv'1 other) - -> ([%#span14] inv'1 (concat'0 self other)) - && ([%#span13] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span8] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span12] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span7] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span15] produces'1 a ab b) - -> ([%#span16] produces'1 b bc c) - -> ([%#span17] inv'2 a) - -> ([%#span18] inv'1 ab) - -> ([%#span19] inv'2 b) - -> ([%#span20] inv'1 bc) -> ([%#span21] inv'2 c) -> ([%#span22] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span9] produces'1 a ab b) + -> ([%#span10] produces'1 b bc c) + -> ([%#span11] inv'1 a) + -> ([%#span12] inv'1 b) -> ([%#span13] inv'1 c) -> ([%#span14] produces'1 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq item'0 = [%#span23] () + constant empty'0 : Seq'0.t_seq item'0 function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span24] inv'2 self) - -> ([%#span25] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) - - function empty_len'0 (_1 : ()) : () = - [%#span27] () + axiom produces_refl'0_spec : forall self : i . ([%#span15] inv'1 self) + -> ([%#span16] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) - axiom empty_len'0_spec : forall _1 : () . [%#span26] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 + function empty_len'0 (_1 : ()) : () - predicate invariant'1 (self : Seq'0.t_seq item'0) - - axiom inv'1 : forall x : Seq'0.t_seq item'0 . inv'1 x = true + axiom empty_len'0_spec : forall _1 : () . [%#span17] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 use C04Skip_Skip_Type as Skip'0 @@ -333,11 +245,10 @@ module C04Skip_Impl0_ProducesTrans_Impl predicate produces'0 [#"../04_skip.rs" 36 4 36 64] (self : Skip'0.t_skip i) (visited : Seq'0.t_seq item'0) (o : Skip'0.t_skip i) = - [%#span28] visited = (empty'0 : Seq'0.t_seq item'0) /\ self = o + [%#span18] visited = (empty'0 : Seq'0.t_seq item'0) /\ self = o \/ UIntSize.to_int (C04Skip_Skip_Type.skip_n o) = 0 /\ len'0 visited > 0 - /\ (exists s : Seq'0.t_seq item'0 . inv'1 s - /\ len'0 s = UIntSize.to_int (C04Skip_Skip_Type.skip_n self) + /\ (exists s : Seq'0.t_seq item'0 . len'0 s = UIntSize.to_int (C04Skip_Skip_Type.skip_n self) /\ produces'1 (C04Skip_Skip_Type.skip_iter self) (concat'0 s visited) (C04Skip_Skip_Type.skip_iter o) /\ (forall i : int . 0 <= i /\ i < len'0 s -> resolve'0 (index_logic'0 s i))) @@ -354,13 +265,11 @@ module C04Skip_Impl0_ProducesTrans_Impl function produces_trans [#"../04_skip.rs" 57 4 57 90] (a : Skip'0.t_skip i) (ab : Seq'0.t_seq item'0) (b : Skip'0.t_skip i) (bc : Seq'0.t_seq item'0) (c : Skip'0.t_skip i) : () - goal vc_produces_trans : ([%#s04_skip6] inv'0 c) - -> ([%#s04_skip5] inv'1 bc) - -> ([%#s04_skip4] inv'0 b) - -> ([%#s04_skip3] inv'1 ab) + goal vc_produces_trans : ([%#s04_skip4] inv'0 c) + -> ([%#s04_skip3] inv'0 b) -> ([%#s04_skip2] inv'0 a) -> ([%#s04_skip1] produces'0 b bc c) - -> ([%#s04_skip0] produces'0 a ab b) -> ([%#s04_skip7] produces'0 a (concat'0 ab bc) c) + -> ([%#s04_skip0] produces'0 a ab b) -> ([%#s04_skip5] produces'0 a (concat'0 ab bc) c) end module CreusotContracts_Snapshot_Snapshot_Type type t_snapshot 't @@ -412,81 +321,63 @@ module C04Skip_Impl0_Next let%span span13 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span21 = "../common.rs" 18 15 18 32 + let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span22 = "../common.rs" 19 15 19 32 + let%span span17 = "../common.rs" 18 15 18 32 - let%span span23 = "../common.rs" 21 22 21 23 + let%span span18 = "../common.rs" 19 15 19 32 - let%span span24 = "../common.rs" 21 31 21 33 + let%span span19 = "../common.rs" 21 22 21 23 - let%span span25 = "../common.rs" 21 52 21 53 + let%span span20 = "../common.rs" 21 52 21 53 - let%span span26 = "../common.rs" 21 61 21 63 - - let%span span27 = "../common.rs" 21 82 21 83 - - let%span span28 = "../common.rs" 20 14 20 42 - - let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span30 = "../common.rs" 15 21 15 25 + let%span span21 = "../common.rs" 21 82 21 83 - let%span span31 = "../common.rs" 14 14 14 45 + let%span span22 = "../common.rs" 20 14 20 42 - let%span span32 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span23 = "../common.rs" 15 21 15 25 - let%span span33 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span24 = "../common.rs" 14 14 14 45 - let%span span34 = "../04_skip.rs" 37 8 44 9 + let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span35 = "../04_skip.rs" 23 8 31 9 + let%span span26 = "../04_skip.rs" 37 8 44 9 - let%span span36 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span27 = "../04_skip.rs" 23 8 31 9 - let%span span37 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span28 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span38 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span39 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span30 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span40 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span41 = "../common.rs" 27 17 27 21 + let%span span32 = "../common.rs" 27 17 27 21 - let%span span42 = "../common.rs" 23 14 26 5 + let%span span33 = "../common.rs" 23 14 26 5 - let%span span43 = "../common.rs" 27 26 27 44 + let%span span34 = "../common.rs" 27 26 27 44 - let%span span44 = "../../../../../creusot-contracts/src/logic/ops.rs" 87 8 87 33 + let%span span35 = "../../../../../creusot-contracts/src/logic/ops.rs" 87 8 87 33 - let%span span45 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span36 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span46 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span37 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span47 = "../../../../../creusot-contracts/src/std/num.rs" 30 28 30 32 + let%span span38 = "../../../../../creusot-contracts/src/std/num.rs" 30 28 30 32 - let%span span48 = "" 0 0 0 0 + let%span span39 = "" 0 0 0 0 - let%span span49 = "../../../../../creusot-contracts/src/std/mem.rs" 17 22 17 37 + let%span span40 = "../../../../../creusot-contracts/src/std/mem.rs" 17 22 17 37 - let%span span50 = "../../../../../creusot-contracts/src/std/mem.rs" 18 22 18 42 + let%span span41 = "../../../../../creusot-contracts/src/std/mem.rs" 18 22 18 42 - let%span span51 = "" 0 0 0 0 + let%span span42 = "" 0 0 0 0 use prelude.prelude.Borrow @@ -550,55 +441,43 @@ module C04Skip_Impl0_Next axiom inv'0 : forall x : borrowed (Skip'0.t_skip i) . inv'0 x = true - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - use seq.Seq - use prelude.prelude.Int - function index_logic'1 (self : Seq'0.t_seq item'0) (x : int) : item'0 - - use seq.Seq + function index_logic'1 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span14] inv'6 self) -> ([%#span15] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span14] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span16] inv'6 self) - -> ([%#span17] inv'6 other) - -> ([%#span20] inv'6 (concat'0 self other)) - && ([%#span19] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span16] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'0 self then index_logic'1 self i else index_logic'1 other (i - len'0 self))) - && ([%#span18] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span15] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate produces'0 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span21] produces'0 a ab b) - -> ([%#span22] produces'0 b bc c) - -> ([%#span23] inv'1 a) - -> ([%#span24] inv'6 ab) - -> ([%#span25] inv'1 b) - -> ([%#span26] inv'6 bc) -> ([%#span27] inv'1 c) -> ([%#span28] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span17] produces'0 a ab b) + -> ([%#span18] produces'0 b bc c) + -> ([%#span19] inv'1 a) + -> ([%#span20] inv'1 b) -> ([%#span21] inv'1 c) -> ([%#span22] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq item'0 = [%#span29] () + constant empty'0 : Seq'0.t_seq item'0 function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span30] inv'1 self) - -> ([%#span31] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : i . ([%#span23] inv'1 self) + -> ([%#span24] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) - function empty_len'0 (_1 : ()) : () = - [%#span33] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span32] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span25] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 predicate resolve'3 (self : item'0) @@ -609,20 +488,18 @@ module C04Skip_Impl0_Next predicate produces'1 [#"../04_skip.rs" 36 4 36 64] (self : Skip'0.t_skip i) (visited : Seq'0.t_seq item'0) (o : Skip'0.t_skip i) = - [%#span34] visited = (empty'0 : Seq'0.t_seq item'0) /\ self = o + [%#span26] visited = (empty'0 : Seq'0.t_seq item'0) /\ self = o \/ UIntSize.to_int (C04Skip_Skip_Type.skip_n o) = 0 /\ len'0 visited > 0 - /\ (exists s : Seq'0.t_seq item'0 . inv'6 s - /\ len'0 s = UIntSize.to_int (C04Skip_Skip_Type.skip_n self) + /\ (exists s : Seq'0.t_seq item'0 . len'0 s = UIntSize.to_int (C04Skip_Skip_Type.skip_n self) /\ produces'0 (C04Skip_Skip_Type.skip_iter self) (concat'0 s visited) (C04Skip_Skip_Type.skip_iter o) /\ (forall i : int . 0 <= i /\ i < len'0 s -> resolve'3 (index_logic'1 s i))) predicate completed'1 [#"../common.rs" 11 4 11 36] (self : borrowed i) predicate completed'0 [#"../04_skip.rs" 22 4 22 35] (self : borrowed (Skip'0.t_skip i)) = - [%#span35] UIntSize.to_int (C04Skip_Skip_Type.skip_n ( ^ self)) = 0 + [%#span27] UIntSize.to_int (C04Skip_Skip_Type.skip_n ( ^ self)) = 0 /\ (exists i : borrowed i . exists s : Seq'0.t_seq item'0 . inv'7 i - /\ inv'6 s /\ len'0 s <= UIntSize.to_int (C04Skip_Skip_Type.skip_n ( * self)) /\ produces'0 (C04Skip_Skip_Type.skip_iter ( * self)) s ( * i) /\ (forall i : int . 0 <= i /\ i < len'0 s -> resolve'3 (index_logic'1 s i)) @@ -633,22 +510,19 @@ module C04Skip_Impl0_Next use prelude.prelude.Intrinsic predicate resolve'5 (self : borrowed (Skip'0.t_skip i)) = - [%#span36] ^ self = * self - - use seq.Seq + [%#span28] ^ self = * self function singleton'0 (v : item'0) : Seq'0.t_seq item'0 - axiom singleton'0_spec : forall v : item'0 . ([%#span37] inv'2 v) - -> ([%#span40] inv'6 (singleton'0 v)) - && ([%#span39] index_logic'1 (singleton'0 v) 0 = v) && ([%#span38] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : item'0 . ([%#span29] inv'2 v) + -> ([%#span31] index_logic'1 (singleton'0 v) 0 = v) && ([%#span30] len'0 (singleton'0 v) = 1) predicate resolve'4 (self : Option'0.t_option item'0) - let rec next'0 (self:borrowed i) (return' (ret:Option'0.t_option item'0))= {[@expl:precondition] [%#span41] inv'7 self} + let rec next'0 (self:borrowed i) (return' (ret:Option'0.t_option item'0))= {[@expl:precondition] [%#span32] inv'7 self} any - [ return' (result:Option'0.t_option item'0)-> {[%#span43] inv'3 result} - {[%#span42] match result with + [ return' (result:Option'0.t_option item'0)-> {[%#span34] inv'3 result} + {[%#span33] match result with | Option'0.C_None -> completed'1 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} @@ -658,7 +532,7 @@ module C04Skip_Impl0_Next function deref'0 (self : Snapshot'0.t_snapshot (Seq'0.t_seq item'0)) : Seq'0.t_seq item'0 function index_logic'0 [@inline:trivial] (self : Snapshot'0.t_snapshot (Seq'0.t_seq item'0)) (ix : int) : item'0 = - [%#span44] index_logic'1 (deref'0 self) ix + [%#span35] index_logic'1 (deref'0 self) ix function inner'0 (self : Snapshot'0.t_snapshot (Seq'0.t_seq item'0)) : Seq'0.t_seq item'0 @@ -668,19 +542,19 @@ module C04Skip_Impl0_Next function new'1 (x : Seq'0.t_seq item'0) : Snapshot'0.t_snapshot (Seq'0.t_seq item'0) - axiom new'1_spec : forall x : Seq'0.t_seq item'0 . ([%#span45] inv'6 x) -> ([%#span46] deref'0 (new'1 x) = x) + axiom new'1_spec : forall x : Seq'0.t_seq item'0 . ([%#span36] inv'6 x) -> ([%#span37] deref'0 (new'1 x) = x) predicate resolve'1 (self : borrowed usize) = - [%#span36] ^ self = * self + [%#span28] ^ self = * self predicate is_default'0 (self : usize) = - [%#span47] self = (0 : usize) + [%#span38] self = (0 : usize) - let rec take'0 (dest:borrowed usize) (return' (ret:usize))= {[@expl:precondition] [%#span48] inv'4 dest} + let rec take'0 (dest:borrowed usize) (return' (ret:usize))= {[@expl:precondition] [%#span39] inv'4 dest} any - [ return' (result:usize)-> {[%#span51] inv'5 result} - {[%#span50] is_default'0 ( ^ dest)} - {[%#span49] result = * dest} + [ return' (result:usize)-> {[%#span42] inv'5 result} + {[%#span41] is_default'0 ( ^ dest)} + {[%#span40] result = * dest} (! return' {result}) ] @@ -688,7 +562,7 @@ module C04Skip_Impl0_Next function new'0 (x : borrowed (Skip'0.t_skip i)) : Snapshot'0.t_snapshot (borrowed (Skip'0.t_skip i)) - axiom new'0_spec : forall x : borrowed (Skip'0.t_skip i) . ([%#span45] inv'0 x) -> ([%#span46] deref'1 (new'0 x) = x) + axiom new'0_spec : forall x : borrowed (Skip'0.t_skip i) . ([%#span36] inv'0 x) -> ([%#span37] deref'1 (new'0 x) = x) let rec next (self:borrowed (Skip'0.t_skip i)) (return' (ret:Option'0.t_option item'0))= {[%#s04_skip10] inv'0 self} (! bb0 @@ -818,57 +692,37 @@ module C04Skip_Impl0 let%span s04_skip2 = "../04_skip.rs" 57 4 57 90 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span11 = "../04_skip.rs" 37 8 44 9 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span6 = "../04_skip.rs" 37 8 44 9 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span16 = "../04_skip.rs" 23 8 31 9 + let%span span10 = "../04_skip.rs" 23 8 31 9 type item'0 - predicate invariant'5 (self : item'0) + predicate invariant'4 (self : item'0) - predicate inv'5 (_x : item'0) + predicate inv'4 (_x : item'0) - axiom inv'5 : forall x : item'0 . inv'5 x = true + axiom inv'4 : forall x : item'0 . inv'4 x = true use prelude.prelude.Borrow - predicate invariant'4 (self : borrowed i) - - predicate inv'4 (_x : borrowed i) - - axiom inv'4 : forall x : borrowed i . inv'4 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'3 (self : Seq'0.t_seq item'0) + predicate invariant'3 (self : borrowed i) - predicate inv'3 (_x : Seq'0.t_seq item'0) + predicate inv'3 (_x : borrowed i) - axiom inv'3 : forall x : Seq'0.t_seq item'0 . inv'3 x = true + axiom inv'3 : forall x : borrowed i . inv'3 x = true use C04Skip_Skip_Type as Skip'0 @@ -892,35 +746,28 @@ module C04Skip_Impl0 axiom inv'0 : forall x : borrowed (Skip'0.t_skip i) . inv'0 x = true - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - use seq.Seq + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 use prelude.prelude.Int - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span3] inv'3 self) -> ([%#span4] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span3] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span5] inv'3 self) - -> ([%#span6] inv'3 other) - -> ([%#span9] inv'3 (concat'0 self other)) - && ([%#span8] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span5] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span7] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span4] len'0 (concat'0 self other) = len'0 self + len'0 other) - constant empty'0 : Seq'0.t_seq item'0 = [%#span10] () + constant empty'0 : Seq'0.t_seq item'0 - constant empty'0 : Seq'0.t_seq item'0 = [%#span10] () + constant empty'0 : Seq'0.t_seq item'0 predicate resolve'0 (self : item'0) @@ -933,28 +780,23 @@ module C04Skip_Impl0 predicate produces'0 [#"../04_skip.rs" 36 4 36 64] (self : Skip'0.t_skip i) (visited : Seq'0.t_seq item'0) (o : Skip'0.t_skip i) = - [%#span11] visited = (empty'0 : Seq'0.t_seq item'0) /\ self = o + [%#span6] visited = (empty'0 : Seq'0.t_seq item'0) /\ self = o \/ UIntSize.to_int (C04Skip_Skip_Type.skip_n o) = 0 /\ len'0 visited > 0 - /\ (exists s : Seq'0.t_seq item'0 . inv'3 s - /\ len'0 s = UIntSize.to_int (C04Skip_Skip_Type.skip_n self) + /\ (exists s : Seq'0.t_seq item'0 . len'0 s = UIntSize.to_int (C04Skip_Skip_Type.skip_n self) /\ produces'1 (C04Skip_Skip_Type.skip_iter self) (concat'0 s visited) (C04Skip_Skip_Type.skip_iter o) /\ (forall i : int . 0 <= i /\ i < len'0 s -> resolve'0 (index_logic'0 s i))) - use seq.Seq - function singleton'0 (v : item'0) : Seq'0.t_seq item'0 - axiom singleton'0_spec : forall v : item'0 . ([%#span12] inv'5 v) - -> ([%#span15] inv'3 (singleton'0 v)) - && ([%#span14] index_logic'0 (singleton'0 v) 0 = v) && ([%#span13] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : item'0 . ([%#span7] inv'4 v) + -> ([%#span9] index_logic'0 (singleton'0 v) 0 = v) && ([%#span8] len'0 (singleton'0 v) = 1) predicate completed'1 [#"../common.rs" 11 4 11 36] (self : borrowed i) predicate completed'0 [#"../04_skip.rs" 22 4 22 35] (self : borrowed (Skip'0.t_skip i)) = - [%#span16] UIntSize.to_int (C04Skip_Skip_Type.skip_n ( ^ self)) = 0 - /\ (exists i : borrowed i . exists s : Seq'0.t_seq item'0 . inv'4 i - /\ inv'3 s + [%#span10] UIntSize.to_int (C04Skip_Skip_Type.skip_n ( ^ self)) = 0 + /\ (exists i : borrowed i . exists s : Seq'0.t_seq item'0 . inv'3 i /\ len'0 s <= UIntSize.to_int (C04Skip_Skip_Type.skip_n ( * self)) /\ produces'1 (C04Skip_Skip_Type.skip_iter ( * self)) s ( * i) /\ (forall i : int . 0 <= i /\ i < len'0 s -> resolve'0 (index_logic'0 s i)) @@ -979,11 +821,9 @@ module C04Skip_Impl0 -> produces'0 self (empty'1 : Seq'0.t_seq item'0) self) goal produces_trans_refn : [%#s04_skip2] forall a : Skip'0.t_skip i . forall ab : Seq'0.t_seq item'0 . forall b : Skip'0.t_skip i . forall bc : Seq'0.t_seq item'0 . forall c : Skip'0.t_skip i . inv'2 c - /\ inv'3 bc /\ inv'2 b /\ inv'3 ab /\ inv'2 a /\ produces'0 b bc c /\ produces'0 a ab b + /\ inv'2 b /\ inv'2 a /\ produces'0 b bc c /\ produces'0 a ab b -> inv'2 c - /\ inv'3 bc /\ inv'2 b - /\ inv'3 ab /\ inv'2 a /\ produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (concat'0 ab bc) c -> produces'0 a (concat'0 ab bc) c) diff --git a/creusot/tests/should_succeed/iterators/05_map.coma b/creusot/tests/should_succeed/iterators/05_map.coma index 9d4d196116..e36a3e366f 100644 --- a/creusot/tests/should_succeed/iterators/05_map.coma +++ b/creusot/tests/should_succeed/iterators/05_map.coma @@ -21,22 +21,7 @@ module C05Map_Map_Type end end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C05Map_Impl0_ProducesRefl_Impl type i @@ -49,222 +34,177 @@ module C05Map_Impl0_ProducesRefl_Impl let%span s05_map1 = "../05_map.rs" 28 14 28 45 - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span6 = "../common.rs" 18 15 18 32 - let%span span12 = "../common.rs" 18 15 18 32 + let%span span7 = "../common.rs" 19 15 19 32 - let%span span13 = "../common.rs" 19 15 19 32 + let%span span8 = "../common.rs" 21 22 21 23 - let%span span14 = "../common.rs" 21 22 21 23 + let%span span9 = "../common.rs" 21 52 21 53 - let%span span15 = "../common.rs" 21 31 21 33 + let%span span10 = "../common.rs" 21 82 21 83 - let%span span16 = "../common.rs" 21 52 21 53 + let%span span11 = "../common.rs" 20 14 20 42 - let%span span17 = "../common.rs" 21 61 21 63 + let%span span12 = "../common.rs" 15 21 15 25 - let%span span18 = "../common.rs" 21 82 21 83 + let%span span13 = "../common.rs" 14 14 14 45 - let%span span19 = "../common.rs" 20 14 20 42 - - let%span span20 = "../common.rs" 15 21 15 25 - - let%span span21 = "../common.rs" 14 14 14 45 - - let%span span22 = "../../../../../creusot-contracts/src/std/ops.rs" 123 19 123 23 - - let%span span23 = "../../../../../creusot-contracts/src/std/ops.rs" 123 25 123 29 + let%span span14 = "../../../../../creusot-contracts/src/std/ops.rs" 123 19 123 23 - let%span span24 = "../../../../../creusot-contracts/src/std/ops.rs" 123 37 123 40 + let%span span15 = "../../../../../creusot-contracts/src/std/ops.rs" 123 25 123 29 - let%span span25 = "../../../../../creusot-contracts/src/std/ops.rs" 122 14 122 135 + let%span span16 = "../../../../../creusot-contracts/src/std/ops.rs" 123 37 123 40 - let%span span26 = "../../../../../creusot-contracts/src/std/ops.rs" 114 15 114 29 + let%span span17 = "../../../../../creusot-contracts/src/std/ops.rs" 122 14 122 135 - let%span span27 = "../../../../../creusot-contracts/src/std/ops.rs" 115 15 115 26 + let%span span18 = "../../../../../creusot-contracts/src/std/ops.rs" 114 15 114 29 - let%span span28 = "../../../../../creusot-contracts/src/std/ops.rs" 117 20 117 24 + let%span span19 = "../../../../../creusot-contracts/src/std/ops.rs" 115 15 115 26 - let%span span29 = "../../../../../creusot-contracts/src/std/ops.rs" 117 26 117 27 + let%span span20 = "../../../../../creusot-contracts/src/std/ops.rs" 117 20 117 24 - let%span span30 = "../../../../../creusot-contracts/src/std/ops.rs" 117 35 117 36 + let%span span21 = "../../../../../creusot-contracts/src/std/ops.rs" 117 26 117 27 - let%span span31 = "../../../../../creusot-contracts/src/std/ops.rs" 116 14 116 28 + let%span span22 = "../../../../../creusot-contracts/src/std/ops.rs" 117 35 117 36 - let%span span32 = "../../../../../creusot-contracts/src/std/ops.rs" 110 19 110 23 + let%span span23 = "../../../../../creusot-contracts/src/std/ops.rs" 116 14 116 28 - let%span span33 = "../../../../../creusot-contracts/src/std/ops.rs" 109 14 109 31 + let%span span24 = "../../../../../creusot-contracts/src/std/ops.rs" 110 19 110 23 - let%span span34 = "../../../../../creusot-contracts/src/std/ops.rs" 103 15 103 48 + let%span span25 = "../../../../../creusot-contracts/src/std/ops.rs" 109 14 109 31 - let%span span35 = "../../../../../creusot-contracts/src/std/ops.rs" 105 37 105 41 + let%span span26 = "../../../../../creusot-contracts/src/std/ops.rs" 103 15 103 48 - let%span span36 = "../../../../../creusot-contracts/src/std/ops.rs" 105 43 105 47 + let%span span27 = "../../../../../creusot-contracts/src/std/ops.rs" 105 37 105 41 - let%span span37 = "../../../../../creusot-contracts/src/std/ops.rs" 105 55 105 58 + let%span span28 = "../../../../../creusot-contracts/src/std/ops.rs" 105 43 105 47 - let%span span38 = "../../../../../creusot-contracts/src/std/ops.rs" 104 14 104 35 + let%span span29 = "../../../../../creusot-contracts/src/std/ops.rs" 105 55 105 58 - let%span span39 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span30 = "../../../../../creusot-contracts/src/std/ops.rs" 104 14 104 35 - let%span span40 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span41 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span32 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span42 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span33 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span43 = "../05_map.rs" 75 8 77 9 + let%span span34 = "../05_map.rs" 75 8 77 9 - let%span span44 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span35 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span45 = "../05_map.rs" 82 8 89 9 + let%span span36 = "../05_map.rs" 82 8 89 9 - let%span span46 = "../05_map.rs" 94 8 98 9 + let%span span37 = "../05_map.rs" 94 8 98 9 - let%span span47 = "../05_map.rs" 133 12 135 57 + let%span span38 = "../05_map.rs" 133 12 135 57 - let%span span48 = "../05_map.rs" 42 8 53 9 + let%span span39 = "../05_map.rs" 42 8 53 9 type item'0 - predicate invariant'10 (self : item'0) + predicate invariant'7 (self : item'0) - predicate inv'10 (_x : item'0) + predicate inv'7 (_x : item'0) - axiom inv'10 : forall x : item'0 . inv'10 x = true + axiom inv'7 : forall x : item'0 . inv'7 x = true use prelude.prelude.Borrow - predicate invariant'9 (self : borrowed i) + predicate invariant'6 (self : borrowed i) - predicate inv'9 (_x : borrowed i) + predicate inv'6 (_x : borrowed i) - axiom inv'9 : forall x : borrowed i . inv'9 x = true + axiom inv'6 : forall x : borrowed i . inv'6 x = true - predicate invariant'8 (self : b) + predicate invariant'5 (self : b) - predicate inv'8 (_x : b) + predicate inv'5 (_x : b) - axiom inv'8 : forall x : b . inv'8 x = true + axiom inv'5 : forall x : b . inv'5 x = true - predicate invariant'7 (self : item'0) + predicate invariant'4 (self : item'0) - predicate inv'7 (_x : item'0) + predicate inv'4 (_x : item'0) - axiom inv'7 : forall x : item'0 . inv'7 x = true + axiom inv'4 : forall x : item'0 . inv'4 x = true - predicate invariant'6 (self : borrowed f) + predicate invariant'3 (self : borrowed f) - predicate inv'6 (_x : borrowed f) + predicate inv'3 (_x : borrowed f) - axiom inv'6 : forall x : borrowed f . inv'6 x = true + axiom inv'3 : forall x : borrowed f . inv'3 x = true - predicate invariant'5 (self : f) + predicate invariant'2 (self : f) - predicate inv'5 (_x : f) + predicate inv'2 (_x : f) - axiom inv'5 : forall x : f . inv'5 x = true + axiom inv'2 : forall x : f . inv'2 x = true - predicate invariant'4 (self : i) + predicate invariant'1 (self : i) - predicate inv'4 (_x : i) + predicate inv'1 (_x : i) - axiom inv'4 : forall x : i . inv'4 x = true + axiom inv'1 : forall x : i . inv'1 x = true use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'3 (_x : Seq'0.t_seq (borrowed f)) - function len'2 (self : Seq'0.t_seq (borrowed f)) : int - axiom len'2_spec : forall self : Seq'0.t_seq (borrowed f) . ([%#span2] inv'3 self) -> ([%#span3] len'2 self >= 0) - - constant empty'2 : Seq'0.t_seq (borrowed f) = [%#span4] () - - function empty_len'2 (_1 : ()) : () = - [%#span6] () - - axiom empty_len'2_spec : forall _1 : () . [%#span5] len'2 (empty'2 : Seq'0.t_seq (borrowed f)) = 0 + axiom len'2_spec : forall self : Seq'0.t_seq (borrowed f) . [%#span2] len'2 self >= 0 - predicate invariant'3 (self : Seq'0.t_seq (borrowed f)) + constant empty'2 : Seq'0.t_seq (borrowed f) - axiom inv'3 : forall x : Seq'0.t_seq (borrowed f) . inv'3 x = true + function empty_len'2 (_1 : ()) : () - use seq.Seq - - predicate inv'2 (_x : Seq'0.t_seq item'0) + axiom empty_len'2_spec : forall _1 : () . [%#span3] len'2 (empty'2 : Seq'0.t_seq (borrowed f)) = 0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span2] inv'2 self) -> ([%#span3] len'0 self >= 0) - - constant empty'1 : Seq'0.t_seq item'0 = [%#span4] () - - function empty_len'1 (_1 : ()) : () = - [%#span6] () + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span2] len'0 self >= 0 - axiom empty_len'1_spec : forall _1 : () . [%#span5] len'0 (empty'1 : Seq'0.t_seq item'0) = 0 + constant empty'1 : Seq'0.t_seq item'0 - predicate invariant'2 (self : Seq'0.t_seq item'0) + function empty_len'1 (_1 : ()) : () - axiom inv'2 : forall x : Seq'0.t_seq item'0 . inv'2 x = true + axiom empty_len'1_spec : forall _1 : () . [%#span3] len'0 (empty'1 : Seq'0.t_seq item'0) = 0 - use seq.Seq - - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq item'0) (x : int) : item'0 + function index_logic'1 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span7] inv'2 self) - -> ([%#span8] inv'2 other) - -> ([%#span11] inv'2 (concat'0 self other)) - && ([%#span10] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span5] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'0 self then index_logic'1 self i else index_logic'1 other (i - len'0 self))) - && ([%#span9] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span4] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span12] produces'1 a ab b) - -> ([%#span13] produces'1 b bc c) - -> ([%#span14] inv'4 a) - -> ([%#span15] inv'2 ab) - -> ([%#span16] inv'4 b) - -> ([%#span17] inv'2 bc) -> ([%#span18] inv'4 c) -> ([%#span19] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span6] produces'1 a ab b) + -> ([%#span7] produces'1 b bc c) + -> ([%#span8] inv'1 a) + -> ([%#span9] inv'1 b) -> ([%#span10] inv'1 c) -> ([%#span11] produces'1 a (concat'0 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span20] inv'4 self) - -> ([%#span21] produces'1 self (empty'1 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : i . ([%#span12] inv'1 self) + -> ([%#span13] produces'1 self (empty'1 : Seq'0.t_seq item'0) self) predicate resolve'0 (self : f) @@ -274,73 +214,60 @@ module C05Map_Impl0_ProducesRefl_Impl function fn_mut_once'0 (self : f) (args : item'0) (res : b) : () - axiom fn_mut_once'0_spec : forall self : f, args : item'0, res : b . ([%#span22] inv'5 self) - -> ([%#span23] inv'7 args) - -> ([%#span24] inv'8 res) - -> ([%#span25] postcondition_once'0 self args res - = (exists s : borrowed f . inv'6 s /\ * s = self /\ postcondition_mut'0 s args res /\ resolve'0 ( ^ s))) + axiom fn_mut_once'0_spec : forall self : f, args : item'0, res : b . ([%#span14] inv'2 self) + -> ([%#span15] inv'4 args) + -> ([%#span16] inv'5 res) + -> ([%#span17] postcondition_once'0 self args res + = (exists s : borrowed f . inv'3 s /\ * s = self /\ postcondition_mut'0 s args res /\ resolve'0 ( ^ s))) predicate unnest'0 (self : f) (_2 : f) function unnest_trans'0 (self : f) (b : f) (c : f) : () - axiom unnest_trans'0_spec : forall self : f, b : f, c : f . ([%#span26] unnest'0 self b) - -> ([%#span27] unnest'0 b c) - -> ([%#span28] inv'5 self) -> ([%#span29] inv'5 b) -> ([%#span30] inv'5 c) -> ([%#span31] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : f, b : f, c : f . ([%#span18] unnest'0 self b) + -> ([%#span19] unnest'0 b c) + -> ([%#span20] inv'2 self) -> ([%#span21] inv'2 b) -> ([%#span22] inv'2 c) -> ([%#span23] unnest'0 self c) function unnest_refl'0 (self : f) : () - axiom unnest_refl'0_spec : forall self : f . ([%#span32] inv'5 self) -> ([%#span33] unnest'0 self self) + axiom unnest_refl'0_spec : forall self : f . ([%#span24] inv'2 self) -> ([%#span25] unnest'0 self self) function postcondition_mut_unnest'0 (self : borrowed f) (args : item'0) (res : b) : () - axiom postcondition_mut_unnest'0_spec : forall self : borrowed f, args : item'0, res : b . ([%#span34] postcondition_mut'0 self args res) - -> ([%#span35] inv'6 self) - -> ([%#span36] inv'7 args) -> ([%#span37] inv'8 res) -> ([%#span38] unnest'0 ( * self) ( ^ self)) - - predicate invariant'1 (self : Seq'0.t_seq b) - - predicate inv'1 (_x : Seq'0.t_seq b) - - axiom inv'1 : forall x : Seq'0.t_seq b . inv'1 x = true - - use seq.Seq + axiom postcondition_mut_unnest'0_spec : forall self : borrowed f, args : item'0, res : b . ([%#span26] postcondition_mut'0 self args res) + -> ([%#span27] inv'3 self) + -> ([%#span28] inv'4 args) -> ([%#span29] inv'5 res) -> ([%#span30] unnest'0 ( * self) ( ^ self)) function len'1 (self : Seq'0.t_seq b) : int - axiom len'1_spec : forall self : Seq'0.t_seq b . ([%#span2] inv'1 self) -> ([%#span3] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq b . [%#span2] len'1 self >= 0 - constant empty'0 : Seq'0.t_seq b = [%#span4] () + constant empty'0 : Seq'0.t_seq b - function empty_len'0 (_1 : ()) : () = - [%#span6] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span5] len'1 (empty'0 : Seq'0.t_seq b) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span3] len'1 (empty'0 : Seq'0.t_seq b) = 0 predicate precondition'0 (self : f) (_2 : item'0) - use seq.Seq - function singleton'0 (v : item'0) : Seq'0.t_seq item'0 - axiom singleton'0_spec : forall v : item'0 . ([%#span39] inv'10 v) - -> ([%#span42] inv'2 (singleton'0 v)) - && ([%#span41] index_logic'1 (singleton'0 v) 0 = v) && ([%#span40] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : item'0 . ([%#span31] inv'7 v) + -> ([%#span33] index_logic'1 (singleton'0 v) 0 = v) && ([%#span32] len'0 (singleton'0 v) = 1) predicate next_precondition'0 [#"../05_map.rs" 74 4 74 50] (iter : i) (func : f) = - [%#span43] forall i : i . forall e : item'0 . inv'4 i - -> inv'10 e -> produces'1 iter (singleton'0 e) i -> precondition'0 func (e) + [%#span34] forall i : i . forall e : item'0 . inv'1 i + -> inv'7 e -> produces'1 iter (singleton'0 e) i -> precondition'0 func (e) function push'0 [@inline:trivial] (self : Seq'0.t_seq item'0) (v : item'0) : Seq'0.t_seq item'0 = - [%#span44] concat'0 self (singleton'0 v) + [%#span35] concat'0 self (singleton'0 v) predicate preservation'0 [#"../05_map.rs" 81 4 81 45] (iter : i) (func : f) = - [%#span45] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'4 i - -> inv'8 b - -> inv'6 f - -> inv'10 e2 - -> inv'10 e1 - -> inv'2 s + [%#span36] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'1 i + -> inv'5 b + -> inv'3 f + -> inv'7 e2 + -> inv'7 e1 -> unnest'0 func ( * f) -> produces'1 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1) -> postcondition_mut'0 f (e1) b -> precondition'0 ( ^ f) (e2) @@ -350,13 +277,13 @@ module C05Map_Impl0_ProducesRefl_Impl predicate completed'0 [#"../common.rs" 11 4 11 36] (self : borrowed i) predicate reinitialize'0 [#"../05_map.rs" 93 4 93 29] (_1 : ()) = - [%#span46] forall func : f . forall iter : borrowed i . inv'5 func - -> inv'9 iter -> completed'0 iter -> next_precondition'0 ( ^ iter) func /\ preservation'0 ( ^ iter) func + [%#span37] forall func : f . forall iter : borrowed i . inv'2 func + -> inv'6 iter -> completed'0 iter -> next_precondition'0 ( ^ iter) func /\ preservation'0 ( ^ iter) func use C05Map_Map_Type as Map'0 predicate invariant'0 [#"../05_map.rs" 131 4 131 30] (self : Map'0.t_map i b f) = - [%#span47] reinitialize'0 () + [%#span38] reinitialize'0 () /\ preservation'0 (C05Map_Map_Type.map_iter self) (C05Map_Map_Type.map_func self) /\ next_precondition'0 (C05Map_Map_Type.map_iter self) (C05Map_Map_Type.map_func self) @@ -368,23 +295,17 @@ module C05Map_Impl0_ProducesRefl_Impl | Map'0.C_Map iter func -> true end) - use seq.Seq + function index_logic'2 (self : Seq'0.t_seq b) (_2 : int) : b - function index_logic'2 (self : Seq'0.t_seq b) (x : int) : b - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq (borrowed f)) (x : int) : borrowed f + function index_logic'0 (self : Seq'0.t_seq (borrowed f)) (_2 : int) : borrowed f predicate produces'0 [@inline:trivial] [#"../05_map.rs" 41 4 41 67] (self : Map'0.t_map i b f) (visited : Seq'0.t_seq b) (succ : Map'0.t_map i b f) = - [%#span48] unnest'0 (C05Map_Map_Type.map_func self) (C05Map_Map_Type.map_func succ) - /\ (exists s : Seq'0.t_seq item'0 . inv'2 s - /\ len'0 s = len'1 visited + [%#span39] unnest'0 (C05Map_Map_Type.map_func self) (C05Map_Map_Type.map_func succ) + /\ (exists s : Seq'0.t_seq item'0 . len'0 s = len'1 visited /\ produces'1 (C05Map_Map_Type.map_iter self) s (C05Map_Map_Type.map_iter succ) - /\ (exists fs : Seq'0.t_seq (borrowed f) . inv'3 fs - /\ len'2 fs = len'1 visited + /\ (exists fs : Seq'0.t_seq (borrowed f) . len'2 fs = len'1 visited /\ (forall i : int . 1 <= i /\ i < len'2 fs -> ^ index_logic'0 fs (i - 1) = * index_logic'0 fs i) /\ (if len'1 visited = 0 then C05Map_Map_Type.map_func self = C05Map_Map_Type.map_func succ @@ -416,232 +337,183 @@ module C05Map_Impl0_ProducesTrans_Impl let%span s05_map2 = "../05_map.rs" 36 22 36 23 - let%span s05_map3 = "../05_map.rs" 36 31 36 33 - - let%span s05_map4 = "../05_map.rs" 36 52 36 53 - - let%span s05_map5 = "../05_map.rs" 36 61 36 63 - - let%span s05_map6 = "../05_map.rs" 36 82 36 83 - - let%span s05_map7 = "../05_map.rs" 35 14 35 42 + let%span s05_map3 = "../05_map.rs" 36 52 36 53 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span s05_map4 = "../05_map.rs" 36 82 36 83 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span s05_map5 = "../05_map.rs" 35 14 35 42 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span10 = "../common.rs" 18 15 18 32 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span11 = "../common.rs" 19 15 19 32 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span12 = "../common.rs" 21 22 21 23 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span13 = "../common.rs" 21 52 21 53 - let%span span18 = "../common.rs" 18 15 18 32 + let%span span14 = "../common.rs" 21 82 21 83 - let%span span19 = "../common.rs" 19 15 19 32 + let%span span15 = "../common.rs" 20 14 20 42 - let%span span20 = "../common.rs" 21 22 21 23 + let%span span16 = "../common.rs" 15 21 15 25 - let%span span21 = "../common.rs" 21 31 21 33 + let%span span17 = "../common.rs" 14 14 14 45 - let%span span22 = "../common.rs" 21 52 21 53 + let%span span18 = "../../../../../creusot-contracts/src/std/ops.rs" 123 19 123 23 - let%span span23 = "../common.rs" 21 61 21 63 + let%span span19 = "../../../../../creusot-contracts/src/std/ops.rs" 123 25 123 29 - let%span span24 = "../common.rs" 21 82 21 83 + let%span span20 = "../../../../../creusot-contracts/src/std/ops.rs" 123 37 123 40 - let%span span25 = "../common.rs" 20 14 20 42 + let%span span21 = "../../../../../creusot-contracts/src/std/ops.rs" 122 14 122 135 - let%span span26 = "../common.rs" 15 21 15 25 + let%span span22 = "../../../../../creusot-contracts/src/std/ops.rs" 114 15 114 29 - let%span span27 = "../common.rs" 14 14 14 45 + let%span span23 = "../../../../../creusot-contracts/src/std/ops.rs" 115 15 115 26 - let%span span28 = "../../../../../creusot-contracts/src/std/ops.rs" 123 19 123 23 + let%span span24 = "../../../../../creusot-contracts/src/std/ops.rs" 117 20 117 24 - let%span span29 = "../../../../../creusot-contracts/src/std/ops.rs" 123 25 123 29 + let%span span25 = "../../../../../creusot-contracts/src/std/ops.rs" 117 26 117 27 - let%span span30 = "../../../../../creusot-contracts/src/std/ops.rs" 123 37 123 40 + let%span span26 = "../../../../../creusot-contracts/src/std/ops.rs" 117 35 117 36 - let%span span31 = "../../../../../creusot-contracts/src/std/ops.rs" 122 14 122 135 + let%span span27 = "../../../../../creusot-contracts/src/std/ops.rs" 116 14 116 28 - let%span span32 = "../../../../../creusot-contracts/src/std/ops.rs" 114 15 114 29 + let%span span28 = "../../../../../creusot-contracts/src/std/ops.rs" 110 19 110 23 - let%span span33 = "../../../../../creusot-contracts/src/std/ops.rs" 115 15 115 26 + let%span span29 = "../../../../../creusot-contracts/src/std/ops.rs" 109 14 109 31 - let%span span34 = "../../../../../creusot-contracts/src/std/ops.rs" 117 20 117 24 + let%span span30 = "../../../../../creusot-contracts/src/std/ops.rs" 103 15 103 48 - let%span span35 = "../../../../../creusot-contracts/src/std/ops.rs" 117 26 117 27 + let%span span31 = "../../../../../creusot-contracts/src/std/ops.rs" 105 37 105 41 - let%span span36 = "../../../../../creusot-contracts/src/std/ops.rs" 117 35 117 36 + let%span span32 = "../../../../../creusot-contracts/src/std/ops.rs" 105 43 105 47 - let%span span37 = "../../../../../creusot-contracts/src/std/ops.rs" 116 14 116 28 + let%span span33 = "../../../../../creusot-contracts/src/std/ops.rs" 105 55 105 58 - let%span span38 = "../../../../../creusot-contracts/src/std/ops.rs" 110 19 110 23 + let%span span34 = "../../../../../creusot-contracts/src/std/ops.rs" 104 14 104 35 - let%span span39 = "../../../../../creusot-contracts/src/std/ops.rs" 109 14 109 31 + let%span span35 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span40 = "../../../../../creusot-contracts/src/std/ops.rs" 103 15 103 48 + let%span span36 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span41 = "../../../../../creusot-contracts/src/std/ops.rs" 105 37 105 41 + let%span span37 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span42 = "../../../../../creusot-contracts/src/std/ops.rs" 105 43 105 47 + let%span span38 = "../05_map.rs" 75 8 77 9 - let%span span43 = "../../../../../creusot-contracts/src/std/ops.rs" 105 55 105 58 + let%span span39 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span44 = "../../../../../creusot-contracts/src/std/ops.rs" 104 14 104 35 + let%span span40 = "../05_map.rs" 82 8 89 9 - let%span span45 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span41 = "../05_map.rs" 94 8 98 9 - let%span span46 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span42 = "../05_map.rs" 133 12 135 57 - let%span span47 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 - - let%span span48 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 - - let%span span49 = "../05_map.rs" 75 8 77 9 - - let%span span50 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 - - let%span span51 = "../05_map.rs" 82 8 89 9 - - let%span span52 = "../05_map.rs" 94 8 98 9 - - let%span span53 = "../05_map.rs" 133 12 135 57 - - let%span span54 = "../05_map.rs" 42 8 53 9 + let%span span43 = "../05_map.rs" 42 8 53 9 type item'0 - predicate invariant'10 (self : item'0) + predicate invariant'7 (self : item'0) - predicate inv'10 (_x : item'0) + predicate inv'7 (_x : item'0) - axiom inv'10 : forall x : item'0 . inv'10 x = true + axiom inv'7 : forall x : item'0 . inv'7 x = true use prelude.prelude.Borrow - predicate invariant'9 (self : borrowed i) + predicate invariant'6 (self : borrowed i) - predicate inv'9 (_x : borrowed i) + predicate inv'6 (_x : borrowed i) - axiom inv'9 : forall x : borrowed i . inv'9 x = true + axiom inv'6 : forall x : borrowed i . inv'6 x = true - predicate invariant'8 (self : b) + predicate invariant'5 (self : b) - predicate inv'8 (_x : b) + predicate inv'5 (_x : b) - axiom inv'8 : forall x : b . inv'8 x = true + axiom inv'5 : forall x : b . inv'5 x = true - predicate invariant'7 (self : item'0) + predicate invariant'4 (self : item'0) - predicate inv'7 (_x : item'0) + predicate inv'4 (_x : item'0) - axiom inv'7 : forall x : item'0 . inv'7 x = true + axiom inv'4 : forall x : item'0 . inv'4 x = true - predicate invariant'6 (self : borrowed f) + predicate invariant'3 (self : borrowed f) - predicate inv'6 (_x : borrowed f) + predicate inv'3 (_x : borrowed f) - axiom inv'6 : forall x : borrowed f . inv'6 x = true + axiom inv'3 : forall x : borrowed f . inv'3 x = true - predicate invariant'5 (self : f) + predicate invariant'2 (self : f) - predicate inv'5 (_x : f) + predicate inv'2 (_x : f) - axiom inv'5 : forall x : f . inv'5 x = true + axiom inv'2 : forall x : f . inv'2 x = true - predicate invariant'4 (self : i) + predicate invariant'1 (self : i) - predicate inv'4 (_x : i) + predicate inv'1 (_x : i) - axiom inv'4 : forall x : i . inv'4 x = true + axiom inv'1 : forall x : i . inv'1 x = true use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'3 (_x : Seq'0.t_seq (borrowed f)) - function len'2 (self : Seq'0.t_seq (borrowed f)) : int - axiom len'2_spec : forall self : Seq'0.t_seq (borrowed f) . ([%#span8] inv'3 self) -> ([%#span9] len'2 self >= 0) - - constant empty'2 : Seq'0.t_seq (borrowed f) = [%#span10] () - - function empty_len'2 (_1 : ()) : () = - [%#span12] () - - axiom empty_len'2_spec : forall _1 : () . [%#span11] len'2 (empty'2 : Seq'0.t_seq (borrowed f)) = 0 + axiom len'2_spec : forall self : Seq'0.t_seq (borrowed f) . [%#span6] len'2 self >= 0 - predicate invariant'3 (self : Seq'0.t_seq (borrowed f)) + constant empty'2 : Seq'0.t_seq (borrowed f) - axiom inv'3 : forall x : Seq'0.t_seq (borrowed f) . inv'3 x = true + function empty_len'2 (_1 : ()) : () - use seq.Seq - - predicate inv'2 (_x : Seq'0.t_seq item'0) + axiom empty_len'2_spec : forall _1 : () . [%#span7] len'2 (empty'2 : Seq'0.t_seq (borrowed f)) = 0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span8] inv'2 self) -> ([%#span9] len'0 self >= 0) - - constant empty'1 : Seq'0.t_seq item'0 = [%#span10] () - - function empty_len'1 (_1 : ()) : () = - [%#span12] () - - axiom empty_len'1_spec : forall _1 : () . [%#span11] len'0 (empty'1 : Seq'0.t_seq item'0) = 0 + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span6] len'0 self >= 0 - predicate invariant'2 (self : Seq'0.t_seq item'0) + constant empty'1 : Seq'0.t_seq item'0 - axiom inv'2 : forall x : Seq'0.t_seq item'0 . inv'2 x = true + function empty_len'1 (_1 : ()) : () - use seq.Seq + axiom empty_len'1_spec : forall _1 : () . [%#span7] len'0 (empty'1 : Seq'0.t_seq item'0) = 0 - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq item'0) (x : int) : item'0 + function index_logic'1 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function concat'1 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'1_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span13] inv'2 self) - -> ([%#span14] inv'2 other) - -> ([%#span17] inv'2 (concat'1 self other)) - && ([%#span16] forall i : int . 0 <= i /\ i < len'0 (concat'1 self other) + axiom concat'1_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span9] forall i : int . 0 + <= i + /\ i < len'0 (concat'1 self other) -> index_logic'1 (concat'1 self other) i = (if i < len'0 self then index_logic'1 self i else index_logic'1 other (i - len'0 self))) - && ([%#span15] len'0 (concat'1 self other) = len'0 self + len'0 other) + && ([%#span8] len'0 (concat'1 self other) = len'0 self + len'0 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span18] produces'1 a ab b) - -> ([%#span19] produces'1 b bc c) - -> ([%#span20] inv'4 a) - -> ([%#span21] inv'2 ab) - -> ([%#span22] inv'4 b) - -> ([%#span23] inv'2 bc) -> ([%#span24] inv'4 c) -> ([%#span25] produces'1 a (concat'1 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span10] produces'1 a ab b) + -> ([%#span11] produces'1 b bc c) + -> ([%#span12] inv'1 a) + -> ([%#span13] inv'1 b) -> ([%#span14] inv'1 c) -> ([%#span15] produces'1 a (concat'1 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span26] inv'4 self) - -> ([%#span27] produces'1 self (empty'1 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : i . ([%#span16] inv'1 self) + -> ([%#span17] produces'1 self (empty'1 : Seq'0.t_seq item'0) self) predicate resolve'0 (self : f) @@ -651,73 +523,60 @@ module C05Map_Impl0_ProducesTrans_Impl function fn_mut_once'0 (self : f) (args : item'0) (res : b) : () - axiom fn_mut_once'0_spec : forall self : f, args : item'0, res : b . ([%#span28] inv'5 self) - -> ([%#span29] inv'7 args) - -> ([%#span30] inv'8 res) - -> ([%#span31] postcondition_once'0 self args res - = (exists s : borrowed f . inv'6 s /\ * s = self /\ postcondition_mut'0 s args res /\ resolve'0 ( ^ s))) + axiom fn_mut_once'0_spec : forall self : f, args : item'0, res : b . ([%#span18] inv'2 self) + -> ([%#span19] inv'4 args) + -> ([%#span20] inv'5 res) + -> ([%#span21] postcondition_once'0 self args res + = (exists s : borrowed f . inv'3 s /\ * s = self /\ postcondition_mut'0 s args res /\ resolve'0 ( ^ s))) predicate unnest'0 (self : f) (_2 : f) function unnest_trans'0 (self : f) (b : f) (c : f) : () - axiom unnest_trans'0_spec : forall self : f, b : f, c : f . ([%#span32] unnest'0 self b) - -> ([%#span33] unnest'0 b c) - -> ([%#span34] inv'5 self) -> ([%#span35] inv'5 b) -> ([%#span36] inv'5 c) -> ([%#span37] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : f, b : f, c : f . ([%#span22] unnest'0 self b) + -> ([%#span23] unnest'0 b c) + -> ([%#span24] inv'2 self) -> ([%#span25] inv'2 b) -> ([%#span26] inv'2 c) -> ([%#span27] unnest'0 self c) function unnest_refl'0 (self : f) : () - axiom unnest_refl'0_spec : forall self : f . ([%#span38] inv'5 self) -> ([%#span39] unnest'0 self self) + axiom unnest_refl'0_spec : forall self : f . ([%#span28] inv'2 self) -> ([%#span29] unnest'0 self self) function postcondition_mut_unnest'0 (self : borrowed f) (args : item'0) (res : b) : () - axiom postcondition_mut_unnest'0_spec : forall self : borrowed f, args : item'0, res : b . ([%#span40] postcondition_mut'0 self args res) - -> ([%#span41] inv'6 self) - -> ([%#span42] inv'7 args) -> ([%#span43] inv'8 res) -> ([%#span44] unnest'0 ( * self) ( ^ self)) - - use seq.Seq - - predicate inv'1 (_x : Seq'0.t_seq b) + axiom postcondition_mut_unnest'0_spec : forall self : borrowed f, args : item'0, res : b . ([%#span30] postcondition_mut'0 self args res) + -> ([%#span31] inv'3 self) + -> ([%#span32] inv'4 args) -> ([%#span33] inv'5 res) -> ([%#span34] unnest'0 ( * self) ( ^ self)) function len'1 (self : Seq'0.t_seq b) : int - axiom len'1_spec : forall self : Seq'0.t_seq b . ([%#span8] inv'1 self) -> ([%#span9] len'1 self >= 0) - - constant empty'0 : Seq'0.t_seq b = [%#span10] () + axiom len'1_spec : forall self : Seq'0.t_seq b . [%#span6] len'1 self >= 0 - function empty_len'0 (_1 : ()) : () = - [%#span12] () + constant empty'0 : Seq'0.t_seq b - axiom empty_len'0_spec : forall _1 : () . [%#span11] len'1 (empty'0 : Seq'0.t_seq b) = 0 + function empty_len'0 (_1 : ()) : () - predicate invariant'1 (self : Seq'0.t_seq b) - - axiom inv'1 : forall x : Seq'0.t_seq b . inv'1 x = true + axiom empty_len'0_spec : forall _1 : () . [%#span7] len'1 (empty'0 : Seq'0.t_seq b) = 0 predicate precondition'0 (self : f) (_2 : item'0) - use seq.Seq - function singleton'0 (v : item'0) : Seq'0.t_seq item'0 - axiom singleton'0_spec : forall v : item'0 . ([%#span45] inv'10 v) - -> ([%#span48] inv'2 (singleton'0 v)) - && ([%#span47] index_logic'1 (singleton'0 v) 0 = v) && ([%#span46] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : item'0 . ([%#span35] inv'7 v) + -> ([%#span37] index_logic'1 (singleton'0 v) 0 = v) && ([%#span36] len'0 (singleton'0 v) = 1) predicate next_precondition'0 [#"../05_map.rs" 74 4 74 50] (iter : i) (func : f) = - [%#span49] forall i : i . forall e : item'0 . inv'4 i - -> inv'10 e -> produces'1 iter (singleton'0 e) i -> precondition'0 func (e) + [%#span38] forall i : i . forall e : item'0 . inv'1 i + -> inv'7 e -> produces'1 iter (singleton'0 e) i -> precondition'0 func (e) function push'0 [@inline:trivial] (self : Seq'0.t_seq item'0) (v : item'0) : Seq'0.t_seq item'0 = - [%#span50] concat'1 self (singleton'0 v) + [%#span39] concat'1 self (singleton'0 v) predicate preservation'0 [#"../05_map.rs" 81 4 81 45] (iter : i) (func : f) = - [%#span51] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'4 i - -> inv'8 b - -> inv'6 f - -> inv'10 e2 - -> inv'10 e1 - -> inv'2 s + [%#span40] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'1 i + -> inv'5 b + -> inv'3 f + -> inv'7 e2 + -> inv'7 e1 -> unnest'0 func ( * f) -> produces'1 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1) -> postcondition_mut'0 f (e1) b -> precondition'0 ( ^ f) (e2) @@ -727,13 +586,13 @@ module C05Map_Impl0_ProducesTrans_Impl predicate completed'0 [#"../common.rs" 11 4 11 36] (self : borrowed i) predicate reinitialize'0 [#"../05_map.rs" 93 4 93 29] (_1 : ()) = - [%#span52] forall func : f . forall iter : borrowed i . inv'5 func - -> inv'9 iter -> completed'0 iter -> next_precondition'0 ( ^ iter) func /\ preservation'0 ( ^ iter) func + [%#span41] forall func : f . forall iter : borrowed i . inv'2 func + -> inv'6 iter -> completed'0 iter -> next_precondition'0 ( ^ iter) func /\ preservation'0 ( ^ iter) func use C05Map_Map_Type as Map'0 predicate invariant'0 [#"../05_map.rs" 131 4 131 30] (self : Map'0.t_map i b f) = - [%#span53] reinitialize'0 () + [%#span42] reinitialize'0 () /\ preservation'0 (C05Map_Map_Type.map_iter self) (C05Map_Map_Type.map_func self) /\ next_precondition'0 (C05Map_Map_Type.map_iter self) (C05Map_Map_Type.map_func self) @@ -745,35 +604,25 @@ module C05Map_Impl0_ProducesTrans_Impl | Map'0.C_Map iter func -> true end) - use seq.Seq - - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq b) (x : int) : b + function index_logic'2 (self : Seq'0.t_seq b) (_2 : int) : b function concat'0 (self : Seq'0.t_seq b) (other : Seq'0.t_seq b) : Seq'0.t_seq b - axiom concat'0_spec : forall self : Seq'0.t_seq b, other : Seq'0.t_seq b . ([%#span13] inv'1 self) - -> ([%#span14] inv'1 other) - -> ([%#span17] inv'1 (concat'0 self other)) - && ([%#span16] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq b, other : Seq'0.t_seq b . ([%#span9] forall i : int . 0 <= i + /\ i < len'1 (concat'0 self other) -> index_logic'2 (concat'0 self other) i = (if i < len'1 self then index_logic'2 self i else index_logic'2 other (i - len'1 self))) - && ([%#span15] len'1 (concat'0 self other) = len'1 self + len'1 other) + && ([%#span8] len'1 (concat'0 self other) = len'1 self + len'1 other) - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq (borrowed f)) (x : int) : borrowed f + function index_logic'0 (self : Seq'0.t_seq (borrowed f)) (_2 : int) : borrowed f predicate produces'0 [@inline:trivial] [#"../05_map.rs" 41 4 41 67] (self : Map'0.t_map i b f) (visited : Seq'0.t_seq b) (succ : Map'0.t_map i b f) = - [%#span54] unnest'0 (C05Map_Map_Type.map_func self) (C05Map_Map_Type.map_func succ) - /\ (exists s : Seq'0.t_seq item'0 . inv'2 s - /\ len'0 s = len'1 visited + [%#span43] unnest'0 (C05Map_Map_Type.map_func self) (C05Map_Map_Type.map_func succ) + /\ (exists s : Seq'0.t_seq item'0 . len'0 s = len'1 visited /\ produces'1 (C05Map_Map_Type.map_iter self) s (C05Map_Map_Type.map_iter succ) - /\ (exists fs : Seq'0.t_seq (borrowed f) . inv'3 fs - /\ len'2 fs = len'1 visited + /\ (exists fs : Seq'0.t_seq (borrowed f) . len'2 fs = len'1 visited /\ (forall i : int . 1 <= i /\ i < len'2 fs -> ^ index_logic'0 fs (i - 1) = * index_logic'0 fs i) /\ (if len'1 visited = 0 then C05Map_Map_Type.map_func self = C05Map_Map_Type.map_func succ @@ -799,13 +648,11 @@ module C05Map_Impl0_ProducesTrans_Impl function produces_trans [#"../05_map.rs" 36 4 36 90] (a : Map'0.t_map i b f) (ab : Seq'0.t_seq b) (b : Map'0.t_map i b f) (bc : Seq'0.t_seq b) (c : Map'0.t_map i b f) : () - goal vc_produces_trans : ([%#s05_map6] inv'0 c) - -> ([%#s05_map5] inv'1 bc) - -> ([%#s05_map4] inv'0 b) - -> ([%#s05_map3] inv'1 ab) + goal vc_produces_trans : ([%#s05_map4] inv'0 c) + -> ([%#s05_map3] inv'0 b) -> ([%#s05_map2] inv'0 a) -> ([%#s05_map1] produces'0 b bc c) - -> ([%#s05_map0] produces'0 a ab b) -> ([%#s05_map7] produces'0 a (concat'0 ab bc) c) + -> ([%#s05_map0] produces'0 a ab b) -> ([%#s05_map5] produces'0 a (concat'0 ab bc) c) end module Core_Option_Option_Type type t_option 't = @@ -841,184 +688,145 @@ module C05Map_Impl1_ProducesOne_Impl let%span s05_map3 = "../05_map.rs" 116 14 116 68 - let%span sseq24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span sseq24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span sseq25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span sseq25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span sseq26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span sseq26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span sseq27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span s05_map7 = "../05_map.rs" 118 8 123 9 - let%span s05_map8 = "../05_map.rs" 118 8 123 9 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span10 = "../../../../../creusot-contracts/src/std/ops.rs" 123 19 123 23 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span11 = "../../../../../creusot-contracts/src/std/ops.rs" 123 25 123 29 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span12 = "../../../../../creusot-contracts/src/std/ops.rs" 123 37 123 40 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span13 = "../../../../../creusot-contracts/src/std/ops.rs" 122 14 122 135 - let%span span14 = "../../../../../creusot-contracts/src/std/ops.rs" 123 19 123 23 + let%span span14 = "../../../../../creusot-contracts/src/std/ops.rs" 114 15 114 29 - let%span span15 = "../../../../../creusot-contracts/src/std/ops.rs" 123 25 123 29 + let%span span15 = "../../../../../creusot-contracts/src/std/ops.rs" 115 15 115 26 - let%span span16 = "../../../../../creusot-contracts/src/std/ops.rs" 123 37 123 40 + let%span span16 = "../../../../../creusot-contracts/src/std/ops.rs" 117 20 117 24 - let%span span17 = "../../../../../creusot-contracts/src/std/ops.rs" 122 14 122 135 + let%span span17 = "../../../../../creusot-contracts/src/std/ops.rs" 117 26 117 27 - let%span span18 = "../../../../../creusot-contracts/src/std/ops.rs" 114 15 114 29 + let%span span18 = "../../../../../creusot-contracts/src/std/ops.rs" 117 35 117 36 - let%span span19 = "../../../../../creusot-contracts/src/std/ops.rs" 115 15 115 26 - - let%span span20 = "../../../../../creusot-contracts/src/std/ops.rs" 117 20 117 24 - - let%span span21 = "../../../../../creusot-contracts/src/std/ops.rs" 117 26 117 27 - - let%span span22 = "../../../../../creusot-contracts/src/std/ops.rs" 117 35 117 36 - - let%span span23 = "../../../../../creusot-contracts/src/std/ops.rs" 116 14 116 28 - - let%span span24 = "../../../../../creusot-contracts/src/std/ops.rs" 110 19 110 23 - - let%span span25 = "../../../../../creusot-contracts/src/std/ops.rs" 109 14 109 31 - - let%span span26 = "../../../../../creusot-contracts/src/std/ops.rs" 103 15 103 48 - - let%span span27 = "../../../../../creusot-contracts/src/std/ops.rs" 105 37 105 41 - - let%span span28 = "../../../../../creusot-contracts/src/std/ops.rs" 105 43 105 47 + let%span span19 = "../../../../../creusot-contracts/src/std/ops.rs" 116 14 116 28 - let%span span29 = "../../../../../creusot-contracts/src/std/ops.rs" 105 55 105 58 + let%span span20 = "../../../../../creusot-contracts/src/std/ops.rs" 110 19 110 23 - let%span span30 = "../../../../../creusot-contracts/src/std/ops.rs" 104 14 104 35 + let%span span21 = "../../../../../creusot-contracts/src/std/ops.rs" 109 14 109 31 - let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span22 = "../../../../../creusot-contracts/src/std/ops.rs" 103 15 103 48 - let%span span32 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span23 = "../../../../../creusot-contracts/src/std/ops.rs" 105 37 105 41 - let%span span33 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span24 = "../../../../../creusot-contracts/src/std/ops.rs" 105 43 105 47 - let%span span34 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span25 = "../../../../../creusot-contracts/src/std/ops.rs" 105 55 105 58 - let%span span35 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span26 = "../../../../../creusot-contracts/src/std/ops.rs" 104 14 104 35 - let%span span36 = "../common.rs" 18 15 18 32 + let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span37 = "../common.rs" 19 15 19 32 + let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span38 = "../common.rs" 21 22 21 23 + let%span span29 = "../common.rs" 18 15 18 32 - let%span span39 = "../common.rs" 21 31 21 33 + let%span span30 = "../common.rs" 19 15 19 32 - let%span span40 = "../common.rs" 21 52 21 53 + let%span span31 = "../common.rs" 21 22 21 23 - let%span span41 = "../common.rs" 21 61 21 63 + let%span span32 = "../common.rs" 21 52 21 53 - let%span span42 = "../common.rs" 21 82 21 83 + let%span span33 = "../common.rs" 21 82 21 83 - let%span span43 = "../common.rs" 20 14 20 42 + let%span span34 = "../common.rs" 20 14 20 42 - let%span span44 = "../common.rs" 15 21 15 25 + let%span span35 = "../common.rs" 15 21 15 25 - let%span span45 = "../common.rs" 14 14 14 45 + let%span span36 = "../common.rs" 14 14 14 45 - let%span span46 = "../05_map.rs" 42 8 53 9 + let%span span37 = "../05_map.rs" 42 8 53 9 - let%span span47 = "../05_map.rs" 33 15 33 32 + let%span span38 = "../05_map.rs" 33 15 33 32 - let%span span48 = "../05_map.rs" 34 15 34 32 + let%span span39 = "../05_map.rs" 34 15 34 32 - let%span span49 = "../05_map.rs" 36 22 36 23 + let%span span40 = "../05_map.rs" 36 22 36 23 - let%span span50 = "../05_map.rs" 36 31 36 33 + let%span span41 = "../05_map.rs" 36 52 36 53 - let%span span51 = "../05_map.rs" 36 52 36 53 + let%span span42 = "../05_map.rs" 36 82 36 83 - let%span span52 = "../05_map.rs" 36 61 36 63 + let%span span43 = "../05_map.rs" 35 14 35 42 - let%span span53 = "../05_map.rs" 36 82 36 83 + let%span span44 = "../05_map.rs" 31 4 31 10 - let%span span54 = "../05_map.rs" 35 14 35 42 + let%span span45 = "../05_map.rs" 29 21 29 25 - let%span span55 = "../05_map.rs" 31 4 31 10 + let%span span46 = "../05_map.rs" 28 14 28 45 - let%span span56 = "../05_map.rs" 29 21 29 25 + let%span span47 = "../05_map.rs" 26 4 26 10 - let%span span57 = "../05_map.rs" 28 14 28 45 + let%span span48 = "../05_map.rs" 75 8 77 9 - let%span span58 = "../05_map.rs" 26 4 26 10 + let%span span49 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span59 = "../05_map.rs" 75 8 77 9 + let%span span50 = "../05_map.rs" 82 8 89 9 - let%span span60 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span51 = "../05_map.rs" 94 8 98 9 - let%span span61 = "../05_map.rs" 82 8 89 9 - - let%span span62 = "../05_map.rs" 94 8 98 9 - - let%span span63 = "../05_map.rs" 133 12 135 57 + let%span span52 = "../05_map.rs" 133 12 135 57 use prelude.prelude.Borrow - predicate invariant'10 (self : borrowed i) + predicate invariant'7 (self : borrowed i) - predicate inv'10 (_x : borrowed i) + predicate inv'7 (_x : borrowed i) - axiom inv'10 : forall x : borrowed i . inv'10 x = true + axiom inv'7 : forall x : borrowed i . inv'7 x = true type item'0 - predicate invariant'9 (self : item'0) + predicate invariant'6 (self : item'0) - predicate inv'9 (_x : item'0) + predicate inv'6 (_x : item'0) - axiom inv'9 : forall x : item'0 . inv'9 x = true + axiom inv'6 : forall x : item'0 . inv'6 x = true - predicate invariant'8 (self : f) + predicate invariant'5 (self : f) - predicate inv'8 (_x : f) + predicate inv'5 (_x : f) - axiom inv'8 : forall x : f . inv'8 x = true + axiom inv'5 : forall x : f . inv'5 x = true - predicate invariant'7 (self : i) + predicate invariant'4 (self : i) - predicate inv'7 (_x : i) + predicate inv'4 (_x : i) - axiom inv'7 : forall x : i . inv'7 x = true + axiom inv'4 : forall x : i . inv'4 x = true use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'6 (_x : Seq'0.t_seq (borrowed f)) - function len'2 (self : Seq'0.t_seq (borrowed f)) : int - axiom len'2_spec : forall self : Seq'0.t_seq (borrowed f) . ([%#span9] inv'6 self) -> ([%#span10] len'2 self >= 0) - - constant empty'2 : Seq'0.t_seq (borrowed f) = [%#span11] () - - function empty_len'2 (_1 : ()) : () = - [%#span13] () - - axiom empty_len'2_spec : forall _1 : () . [%#span12] len'2 (empty'2 : Seq'0.t_seq (borrowed f)) = 0 - - predicate invariant'6 (self : Seq'0.t_seq (borrowed f)) - - axiom inv'6 : forall x : Seq'0.t_seq (borrowed f) . inv'6 x = true + axiom len'2_spec : forall self : Seq'0.t_seq (borrowed f) . [%#span8] len'2 self >= 0 - predicate invariant'5 (self : Seq'0.t_seq b) + constant empty'2 : Seq'0.t_seq (borrowed f) - predicate inv'5 (_x : Seq'0.t_seq b) + function empty_len'2 (_1 : ()) : () - axiom inv'5 : forall x : Seq'0.t_seq b . inv'5 x = true + axiom empty_len'2_spec : forall _1 : () . [%#span9] len'2 (empty'2 : Seq'0.t_seq (borrowed f)) = 0 predicate resolve'0 (self : f) @@ -1032,81 +840,65 @@ module C05Map_Impl1_ProducesOne_Impl function fn_mut_once'0 (self : f) (args : item'0) (res : b) : () - axiom fn_mut_once'0_spec : forall self : f, args : item'0, res : b . ([%#span14] inv'8 self) - -> ([%#span15] inv'9 args) - -> ([%#span16] inv'1 res) - -> ([%#span17] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : f, args : item'0, res : b . ([%#span10] inv'5 self) + -> ([%#span11] inv'6 args) + -> ([%#span12] inv'1 res) + -> ([%#span13] postcondition_once'0 self args res = (exists s : borrowed f . inv'2 s /\ * s = self /\ postcondition_mut'0 s args res /\ resolve'0 ( ^ s))) predicate unnest'0 (self : f) (_2 : f) function unnest_trans'0 (self : f) (b : f) (c : f) : () - axiom unnest_trans'0_spec : forall self : f, b : f, c : f . ([%#span18] unnest'0 self b) - -> ([%#span19] unnest'0 b c) - -> ([%#span20] inv'8 self) -> ([%#span21] inv'8 b) -> ([%#span22] inv'8 c) -> ([%#span23] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : f, b : f, c : f . ([%#span14] unnest'0 self b) + -> ([%#span15] unnest'0 b c) + -> ([%#span16] inv'5 self) -> ([%#span17] inv'5 b) -> ([%#span18] inv'5 c) -> ([%#span19] unnest'0 self c) function unnest_refl'0 (self : f) : () - axiom unnest_refl'0_spec : forall self : f . ([%#span24] inv'8 self) -> ([%#span25] unnest'0 self self) + axiom unnest_refl'0_spec : forall self : f . ([%#span20] inv'5 self) -> ([%#span21] unnest'0 self self) function postcondition_mut_unnest'0 (self : borrowed f) (args : item'0) (res : b) : () - axiom postcondition_mut_unnest'0_spec : forall self : borrowed f, args : item'0, res : b . ([%#span26] postcondition_mut'0 self args res) - -> ([%#span27] inv'2 self) - -> ([%#span28] inv'9 args) -> ([%#span29] inv'1 res) -> ([%#span30] unnest'0 ( * self) ( ^ self)) - - predicate invariant'4 (self : Seq'0.t_seq item'0) - - predicate inv'4 (_x : Seq'0.t_seq item'0) - - axiom inv'4 : forall x : Seq'0.t_seq item'0 . inv'4 x = true - - use seq.Seq + axiom postcondition_mut_unnest'0_spec : forall self : borrowed f, args : item'0, res : b . ([%#span22] postcondition_mut'0 self args res) + -> ([%#span23] inv'2 self) + -> ([%#span24] inv'6 args) -> ([%#span25] inv'1 res) -> ([%#span26] unnest'0 ( * self) ( ^ self)) function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span9] inv'4 self) -> ([%#span10] len'0 self >= 0) - - constant empty'1 : Seq'0.t_seq item'0 = [%#span11] () + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span8] len'0 self >= 0 - function empty_len'1 (_1 : ()) : () = - [%#span13] () + constant empty'1 : Seq'0.t_seq item'0 - axiom empty_len'1_spec : forall _1 : () . [%#span12] len'0 (empty'1 : Seq'0.t_seq item'0) = 0 + function empty_len'1 (_1 : ()) : () - use seq.Seq + axiom empty_len'1_spec : forall _1 : () . [%#span9] len'0 (empty'1 : Seq'0.t_seq item'0) = 0 - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function concat'1 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'1_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span31] inv'4 self) - -> ([%#span32] inv'4 other) - -> ([%#span35] inv'4 (concat'1 self other)) - && ([%#span34] forall i : int . 0 <= i /\ i < len'0 (concat'1 self other) + axiom concat'1_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span28] forall i : int . 0 + <= i + /\ i < len'0 (concat'1 self other) -> index_logic'0 (concat'1 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span33] len'0 (concat'1 self other) = len'0 self + len'0 other) + && ([%#span27] len'0 (concat'1 self other) = len'0 self + len'0 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) function produces_trans'1 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'1_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span36] produces'1 a ab b) - -> ([%#span37] produces'1 b bc c) - -> ([%#span38] inv'7 a) - -> ([%#span39] inv'4 ab) - -> ([%#span40] inv'7 b) - -> ([%#span41] inv'4 bc) -> ([%#span42] inv'7 c) -> ([%#span43] produces'1 a (concat'1 ab bc) c) + axiom produces_trans'1_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span29] produces'1 a ab b) + -> ([%#span30] produces'1 b bc c) + -> ([%#span31] inv'4 a) + -> ([%#span32] inv'4 b) -> ([%#span33] inv'4 c) -> ([%#span34] produces'1 a (concat'1 ab bc) c) function produces_refl'1 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'1_spec : forall self : i . ([%#span44] inv'7 self) - -> ([%#span45] produces'1 self (empty'1 : Seq'0.t_seq item'0) self) + axiom produces_refl'1_spec : forall self : i . ([%#span35] inv'4 self) + -> ([%#span36] produces'1 self (empty'1 : Seq'0.t_seq item'0) self) predicate invariant'3 (self : item'0) @@ -1120,47 +912,35 @@ module C05Map_Impl1_ProducesOne_Impl use C05Map_Map_Type as Map'0 - use seq.Seq - - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq b) (x : int) : b - - use seq.Seq + function index_logic'1 (self : Seq'0.t_seq b) (_2 : int) : b function len'1 (self : Seq'0.t_seq b) : int - axiom len'1_spec : forall self : Seq'0.t_seq b . ([%#span9] inv'5 self) -> ([%#span10] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq b . [%#span8] len'1 self >= 0 function concat'0 (self : Seq'0.t_seq b) (other : Seq'0.t_seq b) : Seq'0.t_seq b - axiom concat'0_spec : forall self : Seq'0.t_seq b, other : Seq'0.t_seq b . ([%#span31] inv'5 self) - -> ([%#span32] inv'5 other) - -> ([%#span35] inv'5 (concat'0 self other)) - && ([%#span34] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq b, other : Seq'0.t_seq b . ([%#span28] forall i : int . 0 <= i + /\ i < len'1 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'1 self then index_logic'1 self i else index_logic'1 other (i - len'1 self))) - && ([%#span33] len'1 (concat'0 self other) = len'1 self + len'1 other) + && ([%#span27] len'1 (concat'0 self other) = len'1 self + len'1 other) predicate inv'0 (_x : Map'0.t_map i b f) predicate precondition'0 (self : f) (_2 : item'0) - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq (borrowed f)) (x : int) : borrowed f + function index_logic'2 (self : Seq'0.t_seq (borrowed f)) (_2 : int) : borrowed f use C05Map_Map_Type as C05Map_Map_Type predicate produces'0 [@inline:trivial] [#"../05_map.rs" 41 4 41 67] (self : Map'0.t_map i b f) (visited : Seq'0.t_seq b) (succ : Map'0.t_map i b f) = - [%#span46] unnest'0 (C05Map_Map_Type.map_func self) (C05Map_Map_Type.map_func succ) - /\ (exists s : Seq'0.t_seq item'0 . inv'4 s - /\ len'0 s = len'1 visited + [%#span37] unnest'0 (C05Map_Map_Type.map_func self) (C05Map_Map_Type.map_func succ) + /\ (exists s : Seq'0.t_seq item'0 . len'0 s = len'1 visited /\ produces'1 (C05Map_Map_Type.map_iter self) s (C05Map_Map_Type.map_iter succ) - /\ (exists fs : Seq'0.t_seq (borrowed f) . inv'6 fs - /\ len'2 fs = len'1 visited + /\ (exists fs : Seq'0.t_seq (borrowed f) . len'2 fs = len'1 visited /\ (forall i : int . 1 <= i /\ i < len'2 fs -> ^ index_logic'2 fs (i - 1) = * index_logic'2 fs i) /\ (if len'1 visited = 0 then C05Map_Map_Type.map_func self = C05Map_Map_Type.map_func succ @@ -1176,54 +956,47 @@ module C05Map_Impl1_ProducesOne_Impl function produces_trans'0 [#"../05_map.rs" 36 4 36 90] (a : Map'0.t_map i b f) (ab : Seq'0.t_seq b) (b : Map'0.t_map i b f) (bc : Seq'0.t_seq b) (c : Map'0.t_map i b f) : () = - [%#span55] () + [%#span44] () - axiom produces_trans'0_spec : forall a : Map'0.t_map i b f, ab : Seq'0.t_seq b, b : Map'0.t_map i b f, bc : Seq'0.t_seq b, c : Map'0.t_map i b f . ([%#span47] produces'0 a ab b) - -> ([%#span48] produces'0 b bc c) - -> ([%#span49] inv'0 a) - -> ([%#span50] inv'5 ab) - -> ([%#span51] inv'0 b) - -> ([%#span52] inv'5 bc) -> ([%#span53] inv'0 c) -> ([%#span54] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : Map'0.t_map i b f, ab : Seq'0.t_seq b, b : Map'0.t_map i b f, bc : Seq'0.t_seq b, c : Map'0.t_map i b f . ([%#span38] produces'0 a ab b) + -> ([%#span39] produces'0 b bc c) + -> ([%#span40] inv'0 a) + -> ([%#span41] inv'0 b) -> ([%#span42] inv'0 c) -> ([%#span43] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq b = [%#span11] () + constant empty'0 : Seq'0.t_seq b function produces_refl'0 [#"../05_map.rs" 29 4 29 26] (self : Map'0.t_map i b f) : () = - [%#span58] () + [%#span47] () - axiom produces_refl'0_spec : forall self : Map'0.t_map i b f . ([%#span56] inv'0 self) - -> ([%#span57] produces'0 self (empty'0 : Seq'0.t_seq b) self) + axiom produces_refl'0_spec : forall self : Map'0.t_map i b f . ([%#span45] inv'0 self) + -> ([%#span46] produces'0 self (empty'0 : Seq'0.t_seq b) self) - function empty_len'0 (_1 : ()) : () = - [%#span13] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span12] len'1 (empty'0 : Seq'0.t_seq b) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span9] len'1 (empty'0 : Seq'0.t_seq b) = 0 predicate invariant'1 (self : b) axiom inv'1 : forall x : b . inv'1 x = true - use seq.Seq - function singleton'1 (v : item'0) : Seq'0.t_seq item'0 axiom singleton'1_spec : forall v : item'0 . ([%#sseq24] inv'3 v) - -> ([%#sseq27] inv'4 (singleton'1 v)) - && ([%#sseq26] index_logic'0 (singleton'1 v) 0 = v) && ([%#sseq25] len'0 (singleton'1 v) = 1) + -> ([%#sseq26] index_logic'0 (singleton'1 v) 0 = v) && ([%#sseq25] len'0 (singleton'1 v) = 1) predicate next_precondition'0 [#"../05_map.rs" 74 4 74 50] (iter : i) (func : f) = - [%#span59] forall i : i . forall e : item'0 . inv'7 i + [%#span48] forall i : i . forall e : item'0 . inv'4 i -> inv'3 e -> produces'1 iter (singleton'1 e) i -> precondition'0 func (e) function push'0 [@inline:trivial] (self : Seq'0.t_seq item'0) (v : item'0) : Seq'0.t_seq item'0 = - [%#span60] concat'1 self (singleton'1 v) + [%#span49] concat'1 self (singleton'1 v) predicate preservation'0 [#"../05_map.rs" 81 4 81 45] (iter : i) (func : f) = - [%#span61] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'7 i + [%#span50] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'4 i -> inv'1 b -> inv'2 f -> inv'3 e2 -> inv'3 e1 - -> inv'4 s -> unnest'0 func ( * f) -> produces'1 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1) -> postcondition_mut'0 f (e1) b -> precondition'0 ( ^ f) (e2) @@ -1231,11 +1004,11 @@ module C05Map_Impl1_ProducesOne_Impl predicate completed'0 [#"../common.rs" 11 4 11 36] (self : borrowed i) predicate reinitialize'0 [#"../05_map.rs" 93 4 93 29] (_1 : ()) = - [%#span62] forall func : f . forall iter : borrowed i . inv'8 func - -> inv'10 iter -> completed'0 iter -> next_precondition'0 ( ^ iter) func /\ preservation'0 ( ^ iter) func + [%#span51] forall func : f . forall iter : borrowed i . inv'5 func + -> inv'7 iter -> completed'0 iter -> next_precondition'0 ( ^ iter) func /\ preservation'0 ( ^ iter) func predicate invariant'0 [#"../05_map.rs" 131 4 131 30] (self : Map'0.t_map i b f) = - [%#span63] reinitialize'0 () + [%#span52] reinitialize'0 () /\ preservation'0 (C05Map_Map_Type.map_iter self) (C05Map_Map_Type.map_func self) /\ next_precondition'0 (C05Map_Map_Type.map_iter self) (C05Map_Map_Type.map_func self) @@ -1245,13 +1018,10 @@ module C05Map_Impl1_ProducesOne_Impl | Map'0.C_Map iter func -> true end) - use seq.Seq - function singleton'0 (v : b) : Seq'0.t_seq b axiom singleton'0_spec : forall v : b . ([%#sseq24] inv'1 v) - -> ([%#sseq27] inv'5 (singleton'0 v)) - && ([%#sseq26] index_logic'1 (singleton'0 v) 0 = v) && ([%#sseq25] len'1 (singleton'0 v) = 1) + -> ([%#sseq26] index_logic'1 (singleton'0 v) 0 = v) && ([%#sseq25] len'1 (singleton'0 v) = 1) constant self : Map'0.t_map i b f @@ -1278,7 +1048,7 @@ module C05Map_Impl1_ProducesOne_Impl else true ) - /\ ([%#s05_map3] ([%#s05_map8] exists f : borrowed f . inv'2 f + /\ ([%#s05_map3] ([%#s05_map7] exists f : borrowed f . inv'2 f /\ * f = C05Map_Map_Type.map_func self /\ ^ f = C05Map_Map_Type.map_func succ /\ (exists e : item'0 . inv'3 e @@ -1313,129 +1083,103 @@ module C05Map_Impl1_ProducesOneInvariant_Impl let%span s05_map9 = "../05_map.rs" 106 14 106 47 - let%span sseq210 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 - - let%span sseq211 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 - - let%span sseq212 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span sseq210 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span sseq213 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span sseq211 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span sseq214 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span sseq212 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span sseq215 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span sseq213 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span sseq216 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span sseq214 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span sseq217 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span s05_map15 = "../05_map.rs" 101 4 101 12 - let%span sseq218 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span s05_map19 = "../05_map.rs" 101 4 101 12 + let%span span17 = "../05_map.rs" 75 8 77 9 - let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span19 = "../05_map.rs" 82 8 89 9 - let%span span22 = "../05_map.rs" 75 8 77 9 + let%span span20 = "../05_map.rs" 94 8 98 9 - let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span21 = "../05_map.rs" 133 12 135 57 - let%span span24 = "../05_map.rs" 82 8 89 9 - - let%span span25 = "../05_map.rs" 94 8 98 9 - - let%span span26 = "../05_map.rs" 133 12 135 57 - - let%span span27 = "../../../../../creusot-contracts/src/std/ops.rs" 123 19 123 23 - - let%span span28 = "../../../../../creusot-contracts/src/std/ops.rs" 123 25 123 29 - - let%span span29 = "../../../../../creusot-contracts/src/std/ops.rs" 123 37 123 40 - - let%span span30 = "../../../../../creusot-contracts/src/std/ops.rs" 122 14 122 135 - - let%span span31 = "../../../../../creusot-contracts/src/std/ops.rs" 114 15 114 29 + let%span span22 = "../../../../../creusot-contracts/src/std/ops.rs" 123 19 123 23 - let%span span32 = "../../../../../creusot-contracts/src/std/ops.rs" 115 15 115 26 + let%span span23 = "../../../../../creusot-contracts/src/std/ops.rs" 123 25 123 29 - let%span span33 = "../../../../../creusot-contracts/src/std/ops.rs" 117 20 117 24 + let%span span24 = "../../../../../creusot-contracts/src/std/ops.rs" 123 37 123 40 - let%span span34 = "../../../../../creusot-contracts/src/std/ops.rs" 117 26 117 27 + let%span span25 = "../../../../../creusot-contracts/src/std/ops.rs" 122 14 122 135 - let%span span35 = "../../../../../creusot-contracts/src/std/ops.rs" 117 35 117 36 + let%span span26 = "../../../../../creusot-contracts/src/std/ops.rs" 114 15 114 29 - let%span span36 = "../../../../../creusot-contracts/src/std/ops.rs" 116 14 116 28 + let%span span27 = "../../../../../creusot-contracts/src/std/ops.rs" 115 15 115 26 - let%span span37 = "../../../../../creusot-contracts/src/std/ops.rs" 110 19 110 23 + let%span span28 = "../../../../../creusot-contracts/src/std/ops.rs" 117 20 117 24 - let%span span38 = "../../../../../creusot-contracts/src/std/ops.rs" 109 14 109 31 + let%span span29 = "../../../../../creusot-contracts/src/std/ops.rs" 117 26 117 27 - let%span span39 = "../../../../../creusot-contracts/src/std/ops.rs" 103 15 103 48 + let%span span30 = "../../../../../creusot-contracts/src/std/ops.rs" 117 35 117 36 - let%span span40 = "../../../../../creusot-contracts/src/std/ops.rs" 105 37 105 41 + let%span span31 = "../../../../../creusot-contracts/src/std/ops.rs" 116 14 116 28 - let%span span41 = "../../../../../creusot-contracts/src/std/ops.rs" 105 43 105 47 + let%span span32 = "../../../../../creusot-contracts/src/std/ops.rs" 110 19 110 23 - let%span span42 = "../../../../../creusot-contracts/src/std/ops.rs" 105 55 105 58 + let%span span33 = "../../../../../creusot-contracts/src/std/ops.rs" 109 14 109 31 - let%span span43 = "../../../../../creusot-contracts/src/std/ops.rs" 104 14 104 35 + let%span span34 = "../../../../../creusot-contracts/src/std/ops.rs" 103 15 103 48 - let%span span44 = "../common.rs" 18 15 18 32 + let%span span35 = "../../../../../creusot-contracts/src/std/ops.rs" 105 37 105 41 - let%span span45 = "../common.rs" 19 15 19 32 + let%span span36 = "../../../../../creusot-contracts/src/std/ops.rs" 105 43 105 47 - let%span span46 = "../common.rs" 21 22 21 23 + let%span span37 = "../../../../../creusot-contracts/src/std/ops.rs" 105 55 105 58 - let%span span47 = "../common.rs" 21 31 21 33 + let%span span38 = "../../../../../creusot-contracts/src/std/ops.rs" 104 14 104 35 - let%span span48 = "../common.rs" 21 52 21 53 + let%span span39 = "../common.rs" 18 15 18 32 - let%span span49 = "../common.rs" 21 61 21 63 + let%span span40 = "../common.rs" 19 15 19 32 - let%span span50 = "../common.rs" 21 82 21 83 + let%span span41 = "../common.rs" 21 22 21 23 - let%span span51 = "../common.rs" 20 14 20 42 + let%span span42 = "../common.rs" 21 52 21 53 - let%span span52 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span43 = "../common.rs" 21 82 21 83 - let%span span53 = "../common.rs" 15 21 15 25 + let%span span44 = "../common.rs" 20 14 20 42 - let%span span54 = "../common.rs" 14 14 14 45 + let%span span45 = "../common.rs" 15 21 15 25 - let%span span55 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span46 = "../common.rs" 14 14 14 45 - let%span span56 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span47 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 use prelude.prelude.Borrow - predicate invariant'8 (self : borrowed i) + predicate invariant'7 (self : borrowed i) - predicate inv'8 (_x : borrowed i) + predicate inv'7 (_x : borrowed i) - axiom inv'8 : forall x : borrowed i . inv'8 x = true + axiom inv'7 : forall x : borrowed i . inv'7 x = true - predicate invariant'7 (self : f) + predicate invariant'6 (self : f) - predicate inv'7 (_x : f) + predicate inv'6 (_x : f) - axiom inv'7 : forall x : f . inv'7 x = true + axiom inv'6 : forall x : f . inv'6 x = true type item'0 - predicate invariant'6 (self : item'0) - - predicate inv'6 (_x : item'0) - - axiom inv'6 : forall x : item'0 . inv'6 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + predicate invariant'5 (self : item'0) - predicate invariant'5 (self : Seq'0.t_seq item'0) + predicate inv'5 (_x : item'0) - predicate inv'5 (_x : Seq'0.t_seq item'0) - - axiom inv'5 : forall x : Seq'0.t_seq item'0 . inv'5 x = true + axiom inv'5 : forall x : item'0 . inv'5 x = true predicate invariant'4 (self : i) @@ -1461,62 +1205,51 @@ module C05Map_Impl1_ProducesOneInvariant_Impl axiom inv'1 : forall x : item'0 . inv'1 x = true + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + predicate precondition'0 (self : f) (_2 : item'0) predicate produces'0 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) use prelude.prelude.Int - use seq.Seq - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span20] inv'5 self) -> ([%#span21] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span16] len'0 self >= 0 function singleton'0 (v : item'0) : Seq'0.t_seq item'0 axiom singleton'0_spec : forall v : item'0 . ([%#sseq210] inv'1 v) - -> ([%#sseq213] inv'5 (singleton'0 v)) - && ([%#sseq212] index_logic'0 (singleton'0 v) 0 = v) && ([%#sseq211] len'0 (singleton'0 v) = 1) + -> ([%#sseq212] index_logic'0 (singleton'0 v) 0 = v) && ([%#sseq211] len'0 (singleton'0 v) = 1) predicate next_precondition'0 [#"../05_map.rs" 74 4 74 50] (iter : i) (func : f) = - [%#span22] forall i : i . forall e : item'0 . inv'4 i + [%#span17] forall i : i . forall e : item'0 . inv'4 i -> inv'1 e -> produces'0 iter (singleton'0 e) i -> precondition'0 func (e) predicate postcondition_mut'0 (self : borrowed f) (_2 : item'0) (_3 : b) - use seq.Seq - function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#sseq214] inv'5 self) - -> ([%#sseq215] inv'5 other) - -> ([%#sseq218] inv'5 (concat'0 self other)) - && ([%#sseq217] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#sseq214] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#sseq216] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#sseq213] len'0 (concat'0 self other) = len'0 self + len'0 other) function push'0 [@inline:trivial] (self : Seq'0.t_seq item'0) (v : item'0) : Seq'0.t_seq item'0 = - [%#span23] concat'0 self (singleton'0 v) + [%#span18] concat'0 self (singleton'0 v) predicate unnest'0 (self : f) (_2 : f) predicate preservation'0 [#"../05_map.rs" 81 4 81 45] (iter : i) (func : f) = - [%#span24] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'4 i + [%#span19] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'4 i -> inv'2 b -> inv'3 f -> inv'1 e2 -> inv'1 e1 - -> inv'5 s -> unnest'0 func ( * f) -> produces'0 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1) -> postcondition_mut'0 f (e1) b -> precondition'0 ( ^ f) (e2) @@ -1526,13 +1259,13 @@ module C05Map_Impl1_ProducesOneInvariant_Impl predicate completed'0 [#"../common.rs" 11 4 11 36] (self : borrowed i) predicate reinitialize'0 [#"../05_map.rs" 93 4 93 29] (_1 : ()) = - [%#span25] forall func : f . forall iter : borrowed i . inv'7 func - -> inv'8 iter -> completed'0 iter -> next_precondition'0 ( ^ iter) func /\ preservation'0 ( ^ iter) func + [%#span20] forall func : f . forall iter : borrowed i . inv'6 func + -> inv'7 iter -> completed'0 iter -> next_precondition'0 ( ^ iter) func /\ preservation'0 ( ^ iter) func use C05Map_Map_Type as Map'0 predicate invariant'0 [#"../05_map.rs" 131 4 131 30] (self : Map'0.t_map i b f) = - [%#span26] reinitialize'0 () + [%#span21] reinitialize'0 () /\ preservation'0 (C05Map_Map_Type.map_iter self) (C05Map_Map_Type.map_func self) /\ next_precondition'0 (C05Map_Map_Type.map_iter self) (C05Map_Map_Type.map_func self) @@ -1550,49 +1283,46 @@ module C05Map_Impl1_ProducesOneInvariant_Impl function fn_mut_once'0 (self : f) (args : item'0) (res : b) : () - axiom fn_mut_once'0_spec : forall self : f, args : item'0, res : b . ([%#span27] inv'7 self) - -> ([%#span28] inv'6 args) - -> ([%#span29] inv'2 res) - -> ([%#span30] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : f, args : item'0, res : b . ([%#span22] inv'6 self) + -> ([%#span23] inv'5 args) + -> ([%#span24] inv'2 res) + -> ([%#span25] postcondition_once'0 self args res = (exists s : borrowed f . inv'3 s /\ * s = self /\ postcondition_mut'0 s args res /\ resolve'0 ( ^ s))) function unnest_trans'0 (self : f) (b : f) (c : f) : () - axiom unnest_trans'0_spec : forall self : f, b : f, c : f . ([%#span31] unnest'0 self b) - -> ([%#span32] unnest'0 b c) - -> ([%#span33] inv'7 self) -> ([%#span34] inv'7 b) -> ([%#span35] inv'7 c) -> ([%#span36] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : f, b : f, c : f . ([%#span26] unnest'0 self b) + -> ([%#span27] unnest'0 b c) + -> ([%#span28] inv'6 self) -> ([%#span29] inv'6 b) -> ([%#span30] inv'6 c) -> ([%#span31] unnest'0 self c) function unnest_refl'0 (self : f) : () - axiom unnest_refl'0_spec : forall self : f . ([%#span37] inv'7 self) -> ([%#span38] unnest'0 self self) + axiom unnest_refl'0_spec : forall self : f . ([%#span32] inv'6 self) -> ([%#span33] unnest'0 self self) function postcondition_mut_unnest'0 (self : borrowed f) (args : item'0) (res : b) : () - axiom postcondition_mut_unnest'0_spec : forall self : borrowed f, args : item'0, res : b . ([%#span39] postcondition_mut'0 self args res) - -> ([%#span40] inv'3 self) - -> ([%#span41] inv'6 args) -> ([%#span42] inv'2 res) -> ([%#span43] unnest'0 ( * self) ( ^ self)) + axiom postcondition_mut_unnest'0_spec : forall self : borrowed f, args : item'0, res : b . ([%#span34] postcondition_mut'0 self args res) + -> ([%#span35] inv'3 self) + -> ([%#span36] inv'5 args) -> ([%#span37] inv'2 res) -> ([%#span38] unnest'0 ( * self) ( ^ self)) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span44] produces'0 a ab b) - -> ([%#span45] produces'0 b bc c) - -> ([%#span46] inv'4 a) - -> ([%#span47] inv'5 ab) - -> ([%#span48] inv'4 b) - -> ([%#span49] inv'5 bc) -> ([%#span50] inv'4 c) -> ([%#span51] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span39] produces'0 a ab b) + -> ([%#span40] produces'0 b bc c) + -> ([%#span41] inv'4 a) + -> ([%#span42] inv'4 b) -> ([%#span43] inv'4 c) -> ([%#span44] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq item'0 = [%#span52] () + constant empty'0 : Seq'0.t_seq item'0 function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span53] inv'4 self) - -> ([%#span54] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : i . ([%#span45] inv'4 self) + -> ([%#span46] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) - function empty_len'0 (_1 : ()) : () = - [%#span56] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span55] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span47] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 constant self : Map'0.t_map i b f @@ -1617,32 +1347,16 @@ module C05Map_Impl1_ProducesOneInvariant_Impl -> ([%#s05_map0] produces'0 (C05Map_Map_Type.map_iter self) (singleton'0 e) iter) -> (forall i : i . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . if inv'4 i then if inv'1 e2 then - if inv'1 e1 then - if inv'5 s then - if produces'0 iter (push'0 (push'0 s e1) e2) i then - ([%#sseq210] inv'1 e) - /\ (([%#sseq213] inv'5 (singleton'0 e)) - && ([%#sseq212] index_logic'0 (singleton'0 e) 0 = e) && ([%#sseq211] len'0 (singleton'0 e) = 1) - -> ([%#sseq215] inv'5 s) && ([%#sseq214] inv'5 (singleton'0 e))) - else - true - - else - true - - else - true - + if inv'1 e1 then if produces'0 iter (push'0 (push'0 s e1) e2) i then [%#sseq210] inv'1 e else true else true else true else true ) - /\ ([%#s05_map19] forall i : i . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'4 i + /\ ([%#s05_map15] forall i : i . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'4 i -> inv'1 e2 -> inv'1 e1 - -> inv'5 s -> produces'0 iter (push'0 (push'0 s e1) e2) i -> produces'0 (C05Map_Map_Type.map_iter self) (push'0 (push'0 (concat'0 (singleton'0 e) s) e1) e2) i) && (let _ = () in ([%#s05_map9] next_precondition'0 iter ( ^ f)) && ([%#s05_map8] preservation'0 iter ( ^ f))) @@ -1666,221 +1380,177 @@ module C05Map_Impl0_Next let%span s05_map5 = "../05_map.rs" 60 26 60 44 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 - - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 - - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 - - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 - - let%span span15 = "../05_map.rs" 75 8 77 9 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span11 = "../05_map.rs" 75 8 77 9 - let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span22 = "../05_map.rs" 82 8 89 9 + let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span23 = "../05_map.rs" 94 8 98 9 + let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span24 = "../05_map.rs" 133 12 135 57 + let%span span15 = "../05_map.rs" 82 8 89 9 - let%span span25 = "../../../../../creusot-contracts/src/std/ops.rs" 123 19 123 23 + let%span span16 = "../05_map.rs" 94 8 98 9 - let%span span26 = "../../../../../creusot-contracts/src/std/ops.rs" 123 25 123 29 + let%span span17 = "../05_map.rs" 133 12 135 57 - let%span span27 = "../../../../../creusot-contracts/src/std/ops.rs" 123 37 123 40 + let%span span18 = "../../../../../creusot-contracts/src/std/ops.rs" 123 19 123 23 - let%span span28 = "../../../../../creusot-contracts/src/std/ops.rs" 122 14 122 135 + let%span span19 = "../../../../../creusot-contracts/src/std/ops.rs" 123 25 123 29 - let%span span29 = "../../../../../creusot-contracts/src/std/ops.rs" 114 15 114 29 + let%span span20 = "../../../../../creusot-contracts/src/std/ops.rs" 123 37 123 40 - let%span span30 = "../../../../../creusot-contracts/src/std/ops.rs" 115 15 115 26 + let%span span21 = "../../../../../creusot-contracts/src/std/ops.rs" 122 14 122 135 - let%span span31 = "../../../../../creusot-contracts/src/std/ops.rs" 117 20 117 24 + let%span span22 = "../../../../../creusot-contracts/src/std/ops.rs" 114 15 114 29 - let%span span32 = "../../../../../creusot-contracts/src/std/ops.rs" 117 26 117 27 + let%span span23 = "../../../../../creusot-contracts/src/std/ops.rs" 115 15 115 26 - let%span span33 = "../../../../../creusot-contracts/src/std/ops.rs" 117 35 117 36 + let%span span24 = "../../../../../creusot-contracts/src/std/ops.rs" 117 20 117 24 - let%span span34 = "../../../../../creusot-contracts/src/std/ops.rs" 116 14 116 28 + let%span span25 = "../../../../../creusot-contracts/src/std/ops.rs" 117 26 117 27 - let%span span35 = "../../../../../creusot-contracts/src/std/ops.rs" 110 19 110 23 + let%span span26 = "../../../../../creusot-contracts/src/std/ops.rs" 117 35 117 36 - let%span span36 = "../../../../../creusot-contracts/src/std/ops.rs" 109 14 109 31 + let%span span27 = "../../../../../creusot-contracts/src/std/ops.rs" 116 14 116 28 - let%span span37 = "../../../../../creusot-contracts/src/std/ops.rs" 103 15 103 48 + let%span span28 = "../../../../../creusot-contracts/src/std/ops.rs" 110 19 110 23 - let%span span38 = "../../../../../creusot-contracts/src/std/ops.rs" 105 37 105 41 + let%span span29 = "../../../../../creusot-contracts/src/std/ops.rs" 109 14 109 31 - let%span span39 = "../../../../../creusot-contracts/src/std/ops.rs" 105 43 105 47 + let%span span30 = "../../../../../creusot-contracts/src/std/ops.rs" 103 15 103 48 - let%span span40 = "../../../../../creusot-contracts/src/std/ops.rs" 105 55 105 58 + let%span span31 = "../../../../../creusot-contracts/src/std/ops.rs" 105 37 105 41 - let%span span41 = "../../../../../creusot-contracts/src/std/ops.rs" 104 14 104 35 + let%span span32 = "../../../../../creusot-contracts/src/std/ops.rs" 105 43 105 47 - let%span span42 = "../common.rs" 18 15 18 32 + let%span span33 = "../../../../../creusot-contracts/src/std/ops.rs" 105 55 105 58 - let%span span43 = "../common.rs" 19 15 19 32 + let%span span34 = "../../../../../creusot-contracts/src/std/ops.rs" 104 14 104 35 - let%span span44 = "../common.rs" 21 22 21 23 + let%span span35 = "../common.rs" 18 15 18 32 - let%span span45 = "../common.rs" 21 31 21 33 + let%span span36 = "../common.rs" 19 15 19 32 - let%span span46 = "../common.rs" 21 52 21 53 + let%span span37 = "../common.rs" 21 22 21 23 - let%span span47 = "../common.rs" 21 61 21 63 + let%span span38 = "../common.rs" 21 52 21 53 - let%span span48 = "../common.rs" 21 82 21 83 + let%span span39 = "../common.rs" 21 82 21 83 - let%span span49 = "../common.rs" 20 14 20 42 + let%span span40 = "../common.rs" 20 14 20 42 - let%span span50 = "../common.rs" 15 21 15 25 + let%span span41 = "../common.rs" 15 21 15 25 - let%span span51 = "../common.rs" 14 14 14 45 + let%span span42 = "../common.rs" 14 14 14 45 - let%span span52 = "../05_map.rs" 42 8 53 9 + let%span span43 = "../05_map.rs" 42 8 53 9 - let%span span53 = "../05_map.rs" 117 20 117 24 + let%span span44 = "../05_map.rs" 117 20 117 24 - let%span span54 = "../05_map.rs" 117 26 117 33 + let%span span45 = "../05_map.rs" 117 26 117 33 - let%span span55 = "../05_map.rs" 117 38 117 42 + let%span span46 = "../05_map.rs" 117 38 117 42 - let%span span56 = "../05_map.rs" 116 14 116 68 + let%span span47 = "../05_map.rs" 116 14 116 68 - let%span span57 = "../05_map.rs" 118 8 123 9 + let%span span48 = "../05_map.rs" 118 8 123 9 - let%span span58 = "../05_map.rs" 23 8 23 75 + let%span span49 = "../05_map.rs" 23 8 23 75 - let%span span59 = "../../../../../creusot-contracts/src/std/ops.rs" 160 27 160 52 + let%span span50 = "../../../../../creusot-contracts/src/std/ops.rs" 160 27 160 52 - let%span span60 = "" 0 0 0 0 + let%span span51 = "" 0 0 0 0 - let%span span61 = "" 0 0 0 0 + let%span span52 = "" 0 0 0 0 - let%span span62 = "../../../../../creusot-contracts/src/std/ops.rs" 148 0 172 1 + let%span span53 = "../../../../../creusot-contracts/src/std/ops.rs" 148 0 172 1 - let%span span63 = "" 0 0 0 0 + let%span span54 = "" 0 0 0 0 - let%span span64 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span55 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span65 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span56 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span66 = "../05_map.rs" 102 4 102 60 + let%span span57 = "../05_map.rs" 102 4 102 60 - let%span span67 = "../05_map.rs" 103 15 103 30 + let%span span58 = "../05_map.rs" 103 15 103 30 - let%span span68 = "../05_map.rs" 104 15 104 43 + let%span span59 = "../05_map.rs" 104 15 104 43 - let%span span69 = "../05_map.rs" 107 30 107 34 + let%span span60 = "../05_map.rs" 107 30 107 34 - let%span span70 = "../05_map.rs" 107 36 107 37 + let%span span61 = "../05_map.rs" 107 36 107 37 - let%span span71 = "../05_map.rs" 107 48 107 49 + let%span span62 = "../05_map.rs" 107 48 107 49 - let%span span72 = "../05_map.rs" 107 54 107 55 + let%span span63 = "../05_map.rs" 107 54 107 55 - let%span span73 = "../05_map.rs" 107 65 107 69 + let%span span64 = "../05_map.rs" 107 65 107 69 - let%span span74 = "../05_map.rs" 105 14 105 42 + let%span span65 = "../05_map.rs" 105 14 105 42 - let%span span75 = "../05_map.rs" 106 14 106 47 + let%span span66 = "../05_map.rs" 106 14 106 47 - let%span span76 = "../05_map.rs" 101 4 101 12 + let%span span67 = "../05_map.rs" 101 4 101 12 - let%span span77 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span68 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span78 = "../common.rs" 27 17 27 21 + let%span span69 = "../common.rs" 27 17 27 21 - let%span span79 = "../common.rs" 23 14 26 5 + let%span span70 = "../common.rs" 23 14 26 5 - let%span span80 = "../common.rs" 27 26 27 44 + let%span span71 = "../common.rs" 27 26 27 44 use prelude.prelude.Int - use seq.Seq - use prelude.prelude.Borrow - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'14 (_x : Seq'0.t_seq (borrowed f)) - function len'2 (self : Seq'0.t_seq (borrowed f)) : int - axiom len'2_spec : forall self : Seq'0.t_seq (borrowed f) . ([%#span6] inv'14 self) -> ([%#span7] len'2 self >= 0) - - constant empty'2 : Seq'0.t_seq (borrowed f) = [%#span8] () + axiom len'2_spec : forall self : Seq'0.t_seq (borrowed f) . [%#span6] len'2 self >= 0 - function empty_len'2 (_1 : ()) : () = - [%#span10] () + constant empty'2 : Seq'0.t_seq (borrowed f) - axiom empty_len'2_spec : forall _1 : () . [%#span9] len'2 (empty'2 : Seq'0.t_seq (borrowed f)) = 0 + function empty_len'2 (_1 : ()) : () - predicate invariant'14 (self : Seq'0.t_seq (borrowed f)) - - axiom inv'14 : forall x : Seq'0.t_seq (borrowed f) . inv'14 x = true - - predicate invariant'13 (self : Seq'0.t_seq b) - - predicate inv'13 (_x : Seq'0.t_seq b) - - axiom inv'13 : forall x : Seq'0.t_seq b . inv'13 x = true - - use seq.Seq + axiom empty_len'2_spec : forall _1 : () . [%#span7] len'2 (empty'2 : Seq'0.t_seq (borrowed f)) = 0 function len'1 (self : Seq'0.t_seq b) : int - axiom len'1_spec : forall self : Seq'0.t_seq b . ([%#span6] inv'13 self) -> ([%#span7] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq b . [%#span6] len'1 self >= 0 - constant empty'1 : Seq'0.t_seq b = [%#span8] () + constant empty'1 : Seq'0.t_seq b - function empty_len'1 (_1 : ()) : () = - [%#span10] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span9] len'1 (empty'1 : Seq'0.t_seq b) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span7] len'1 (empty'1 : Seq'0.t_seq b) = 0 type item'0 - predicate invariant'12 (self : item'0) - - predicate inv'12 (_x : item'0) + predicate invariant'11 (self : item'0) - axiom inv'12 : forall x : item'0 . inv'12 x = true + predicate inv'11 (_x : item'0) - predicate invariant'11 (self : ()) + axiom inv'11 : forall x : item'0 . inv'11 x = true - predicate inv'11 (_x : ()) + predicate invariant'10 (self : ()) - axiom inv'11 : forall x : () . inv'11 x = true + predicate inv'10 (_x : ()) - predicate invariant'10 (self : Seq'0.t_seq item'0) - - predicate inv'10 (_x : Seq'0.t_seq item'0) - - axiom inv'10 : forall x : Seq'0.t_seq item'0 . inv'10 x = true + axiom inv'10 : forall x : () . inv'10 x = true predicate invariant'9 (self : borrowed f) @@ -1908,54 +1578,43 @@ module C05Map_Impl0_Next predicate produces'0 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span6] inv'10 self) -> ([%#span7] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span6] len'0 self >= 0 function singleton'0 (v : item'0) : Seq'0.t_seq item'0 - axiom singleton'0_spec : forall v : item'0 . ([%#span11] inv'7 v) - -> ([%#span14] inv'10 (singleton'0 v)) - && ([%#span13] index_logic'0 (singleton'0 v) 0 = v) && ([%#span12] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : item'0 . ([%#span8] inv'7 v) + -> ([%#span10] index_logic'0 (singleton'0 v) 0 = v) && ([%#span9] len'0 (singleton'0 v) = 1) predicate next_precondition'0 [#"../05_map.rs" 74 4 74 50] (iter : i) (func : f) = - [%#span15] forall i : i . forall e : item'0 . inv'0 i + [%#span11] forall i : i . forall e : item'0 . inv'0 i -> inv'7 e -> produces'0 iter (singleton'0 e) i -> precondition'0 func (e) predicate postcondition_mut'0 (self : borrowed f) (_2 : item'0) (_3 : b) - use seq.Seq - function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span16] inv'10 self) - -> ([%#span17] inv'10 other) - -> ([%#span20] inv'10 (concat'0 self other)) - && ([%#span19] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span13] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span18] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span12] len'0 (concat'0 self other) = len'0 self + len'0 other) function push'0 [@inline:trivial] (self : Seq'0.t_seq item'0) (v : item'0) : Seq'0.t_seq item'0 = - [%#span21] concat'0 self (singleton'0 v) + [%#span14] concat'0 self (singleton'0 v) predicate unnest'0 (self : f) (_2 : f) predicate preservation'0 [#"../05_map.rs" 81 4 81 45] (iter : i) (func : f) = - [%#span22] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'0 i + [%#span15] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'0 i -> inv'8 b -> inv'9 f -> inv'7 e2 -> inv'7 e1 - -> inv'10 s -> unnest'0 func ( * f) -> produces'0 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1) -> postcondition_mut'0 f (e1) b -> precondition'0 ( ^ f) (e2) @@ -1967,13 +1626,13 @@ module C05Map_Impl0_Next predicate inv'5 (_x : borrowed i) predicate reinitialize'0 [#"../05_map.rs" 93 4 93 29] (_1 : ()) = - [%#span23] forall func : f . forall iter : borrowed i . inv'3 func + [%#span16] forall func : f . forall iter : borrowed i . inv'3 func -> inv'5 iter -> completed'1 iter -> next_precondition'0 ( ^ iter) func /\ preservation'0 ( ^ iter) func use C05Map_Map_Type as Map'0 predicate invariant'6 [#"../05_map.rs" 131 4 131 30] (self : Map'0.t_map i b f) = - [%#span24] reinitialize'0 () + [%#span17] reinitialize'0 () /\ preservation'0 (C05Map_Map_Type.map_iter self) (C05Map_Map_Type.map_func self) /\ next_precondition'0 (C05Map_Map_Type.map_iter self) (C05Map_Map_Type.map_func self) @@ -1991,34 +1650,33 @@ module C05Map_Impl0_Next function fn_mut_once'0 (self : f) (args : item'0) (res : b) : () - axiom fn_mut_once'0_spec : forall self : f, args : item'0, res : b . ([%#span25] inv'3 self) - -> ([%#span26] inv'12 args) - -> ([%#span27] inv'8 res) - -> ([%#span28] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : f, args : item'0, res : b . ([%#span18] inv'3 self) + -> ([%#span19] inv'11 args) + -> ([%#span20] inv'8 res) + -> ([%#span21] postcondition_once'0 self args res = (exists s : borrowed f . inv'9 s /\ * s = self /\ postcondition_mut'0 s args res /\ resolve'3 ( ^ s))) function unnest_trans'0 (self : f) (b : f) (c : f) : () - axiom unnest_trans'0_spec : forall self : f, b : f, c : f . ([%#span29] unnest'0 self b) - -> ([%#span30] unnest'0 b c) - -> ([%#span31] inv'3 self) -> ([%#span32] inv'3 b) -> ([%#span33] inv'3 c) -> ([%#span34] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : f, b : f, c : f . ([%#span22] unnest'0 self b) + -> ([%#span23] unnest'0 b c) + -> ([%#span24] inv'3 self) -> ([%#span25] inv'3 b) -> ([%#span26] inv'3 c) -> ([%#span27] unnest'0 self c) function unnest_refl'0 (self : f) : () - axiom unnest_refl'0_spec : forall self : f . ([%#span35] inv'3 self) -> ([%#span36] unnest'0 self self) + axiom unnest_refl'0_spec : forall self : f . ([%#span28] inv'3 self) -> ([%#span29] unnest'0 self self) function postcondition_mut_unnest'0 (self : borrowed f) (args : item'0) (res : b) : () - axiom postcondition_mut_unnest'0_spec : forall self : borrowed f, args : item'0, res : b . ([%#span37] postcondition_mut'0 self args res) - -> ([%#span38] inv'9 self) - -> ([%#span39] inv'12 args) -> ([%#span40] inv'8 res) -> ([%#span41] unnest'0 ( * self) ( ^ self)) + axiom postcondition_mut_unnest'0_spec : forall self : borrowed f, args : item'0, res : b . ([%#span30] postcondition_mut'0 self args res) + -> ([%#span31] inv'9 self) + -> ([%#span32] inv'11 args) -> ([%#span33] inv'8 res) -> ([%#span34] unnest'0 ( * self) ( ^ self)) - constant empty'0 : Seq'0.t_seq item'0 = [%#span8] () + constant empty'0 : Seq'0.t_seq item'0 - function empty_len'0 (_1 : ()) : () = - [%#span10] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span9] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span7] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 predicate invariant'5 (self : borrowed i) @@ -2051,39 +1709,31 @@ module C05Map_Impl0_Next function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span42] produces'0 a ab b) - -> ([%#span43] produces'0 b bc c) - -> ([%#span44] inv'0 a) - -> ([%#span45] inv'10 ab) - -> ([%#span46] inv'0 b) - -> ([%#span47] inv'10 bc) -> ([%#span48] inv'0 c) -> ([%#span49] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span35] produces'0 a ab b) + -> ([%#span36] produces'0 b bc c) + -> ([%#span37] inv'0 a) + -> ([%#span38] inv'0 b) -> ([%#span39] inv'0 c) -> ([%#span40] produces'0 a (concat'0 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span50] inv'0 self) - -> ([%#span51] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : i . ([%#span41] inv'0 self) + -> ([%#span42] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) predicate invariant'0 (self : i) axiom inv'0 : forall x : i . inv'0 x = true - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq b) (x : int) : b - - use seq.Seq + function index_logic'1 (self : Seq'0.t_seq b) (_2 : int) : b - function index_logic'2 (self : Seq'0.t_seq (borrowed f)) (x : int) : borrowed f + function index_logic'2 (self : Seq'0.t_seq (borrowed f)) (_2 : int) : borrowed f predicate produces'1 [@inline:trivial] [#"../05_map.rs" 41 4 41 67] (self : Map'0.t_map i b f) (visited : Seq'0.t_seq b) (succ : Map'0.t_map i b f) = - [%#span52] unnest'0 (C05Map_Map_Type.map_func self) (C05Map_Map_Type.map_func succ) - /\ (exists s : Seq'0.t_seq item'0 . inv'10 s - /\ len'0 s = len'1 visited + [%#span43] unnest'0 (C05Map_Map_Type.map_func self) (C05Map_Map_Type.map_func succ) + /\ (exists s : Seq'0.t_seq item'0 . len'0 s = len'1 visited /\ produces'0 (C05Map_Map_Type.map_iter self) s (C05Map_Map_Type.map_iter succ) - /\ (exists fs : Seq'0.t_seq (borrowed f) . inv'14 fs - /\ len'2 fs = len'1 visited + /\ (exists fs : Seq'0.t_seq (borrowed f) . len'2 fs = len'1 visited /\ (forall i : int . 1 <= i /\ i < len'2 fs -> ^ index_logic'2 fs (i - 1) = * index_logic'2 fs i) /\ (if len'1 visited = 0 then C05Map_Map_Type.map_func self = C05Map_Map_Type.map_func succ @@ -2096,43 +1746,40 @@ module C05Map_Impl0_Next /\ precondition'0 ( * index_logic'2 fs i) (index_logic'0 s i) /\ postcondition_mut'0 (index_logic'2 fs i) (index_logic'0 s i) (index_logic'1 visited i)))) - use seq.Seq - function singleton'1 (v : b) : Seq'0.t_seq b - axiom singleton'1_spec : forall v : b . ([%#span11] inv'8 v) - -> ([%#span14] inv'13 (singleton'1 v)) - && ([%#span13] index_logic'1 (singleton'1 v) 0 = v) && ([%#span12] len'1 (singleton'1 v) = 1) + axiom singleton'1_spec : forall v : b . ([%#span8] inv'8 v) + -> ([%#span10] index_logic'1 (singleton'1 v) 0 = v) && ([%#span9] len'1 (singleton'1 v) = 1) predicate produces_one'0 [#"../05_map.rs" 117 4 117 57] (self : Map'0.t_map i b f) (visited : b) (succ : Map'0.t_map i b f) = - [%#span57] exists f : borrowed f . inv'9 f + [%#span48] exists f : borrowed f . inv'9 f /\ * f = C05Map_Map_Type.map_func self /\ ^ f = C05Map_Map_Type.map_func succ /\ (exists e : item'0 . inv'7 e /\ produces'0 (C05Map_Map_Type.map_iter self) (singleton'0 e) (C05Map_Map_Type.map_iter succ) /\ precondition'0 ( * f) (e) /\ postcondition_mut'0 f (e) visited) - axiom produces_one'0_spec : forall self : Map'0.t_map i b f, visited : b, succ : Map'0.t_map i b f . ([%#span53] inv'6 self) - -> ([%#span54] inv'8 visited) - -> ([%#span55] inv'6 succ) - -> ([%#span56] produces_one'0 self visited succ = produces'1 self (singleton'1 visited) succ) + axiom produces_one'0_spec : forall self : Map'0.t_map i b f, visited : b, succ : Map'0.t_map i b f . ([%#span44] inv'6 self) + -> ([%#span45] inv'8 visited) + -> ([%#span46] inv'6 succ) + -> ([%#span47] produces_one'0 self visited succ = produces'1 self (singleton'1 visited) succ) predicate completed'0 [#"../05_map.rs" 22 4 22 35] (self : borrowed (Map'0.t_map i b f)) = - [%#span58] completed'1 (Borrow.borrow_logic (C05Map_Map_Type.map_iter ( * self)) (C05Map_Map_Type.map_iter ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) + [%#span49] completed'1 (Borrow.borrow_logic (C05Map_Map_Type.map_iter ( * self)) (C05Map_Map_Type.map_iter ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) /\ C05Map_Map_Type.map_func ( * self) = C05Map_Map_Type.map_func ( ^ self) use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic - let rec call_mut'0 (self:borrowed f) (args:item'0) (return' (ret:b))= {[@expl:precondition] [%#span61] inv'12 args} - {[@expl:precondition] [%#span60] inv'9 self} - {[@expl:precondition] [%#span59] precondition'0 ( * self) args} + let rec call_mut'0 (self:borrowed f) (args:item'0) (return' (ret:b))= {[@expl:precondition] [%#span52] inv'11 args} + {[@expl:precondition] [%#span51] inv'9 self} + {[@expl:precondition] [%#span50] precondition'0 ( * self) args} any - [ return' (result:b)-> {[%#span63] inv'8 result} - {[%#span62] postcondition_mut'0 self args result} + [ return' (result:b)-> {[%#span54] inv'8 result} + {[%#span53] postcondition_mut'0 self args result} (! return' {result}) ] @@ -2142,30 +1789,30 @@ module C05Map_Impl0_Next function new'0 (x : ()) : Snapshot'0.t_snapshot () - axiom new'0_spec : forall x : () . ([%#span64] inv'11 x) -> ([%#span65] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : () . ([%#span55] inv'10 x) -> ([%#span56] deref'0 (new'0 x) = x) function produces_one_invariant'0 [#"../05_map.rs" 107 4 107 73] (self : Map'0.t_map i b f) (e : item'0) (r : b) (f : borrowed f) (iter : i) : () - axiom produces_one_invariant'0_spec : forall self : Map'0.t_map i b f, e : item'0, r : b, f : borrowed f, iter : i . ([%#span66] produces'0 (C05Map_Map_Type.map_iter self) (singleton'0 e) iter) - -> ([%#span67] * f = C05Map_Map_Type.map_func self) - -> ([%#span68] postcondition_mut'0 f (e) r) - -> ([%#span69] inv'6 self) - -> ([%#span70] inv'7 e) - -> ([%#span71] inv'8 r) - -> ([%#span72] inv'9 f) - -> ([%#span73] inv'0 iter) - -> ([%#span75] next_precondition'0 iter ( ^ f)) && ([%#span74] preservation'0 iter ( ^ f)) + axiom produces_one_invariant'0_spec : forall self : Map'0.t_map i b f, e : item'0, r : b, f : borrowed f, iter : i . ([%#span57] produces'0 (C05Map_Map_Type.map_iter self) (singleton'0 e) iter) + -> ([%#span58] * f = C05Map_Map_Type.map_func self) + -> ([%#span59] postcondition_mut'0 f (e) r) + -> ([%#span60] inv'6 self) + -> ([%#span61] inv'7 e) + -> ([%#span62] inv'8 r) + -> ([%#span63] inv'9 f) + -> ([%#span64] inv'0 iter) + -> ([%#span66] next_precondition'0 iter ( ^ f)) && ([%#span65] preservation'0 iter ( ^ f)) predicate resolve'1 (self : Option'0.t_option item'0) predicate resolve'0 (self : borrowed (Map'0.t_map i b f)) = - [%#span77] ^ self = * self + [%#span68] ^ self = * self - let rec next'0 (self:borrowed i) (return' (ret:Option'0.t_option item'0))= {[@expl:precondition] [%#span78] inv'5 self} + let rec next'0 (self:borrowed i) (return' (ret:Option'0.t_option item'0))= {[@expl:precondition] [%#span69] inv'5 self} any - [ return' (result:Option'0.t_option item'0)-> {[%#span80] inv'2 result} - {[%#span79] match result with + [ return' (result:Option'0.t_option item'0)-> {[%#span71] inv'2 result} + {[%#span70] match result with | Option'0.C_None -> completed'1 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} @@ -2320,71 +1967,53 @@ module C05Map_Map let%span span23 = "../../../../../creusot-contracts/src/std/ops.rs" 104 14 104 35 - let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span30 = "../05_map.rs" 75 8 77 9 + let%span span28 = "../05_map.rs" 75 8 77 9 - let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span32 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span30 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span33 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span34 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span32 = "../05_map.rs" 82 8 89 9 - let%span span35 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span33 = "../05_map.rs" 94 8 98 9 - let%span span36 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span34 = "../05_map.rs" 133 12 135 57 - let%span span37 = "../05_map.rs" 82 8 89 9 + let%span span35 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span38 = "../05_map.rs" 94 8 98 9 - - let%span span39 = "../05_map.rs" 133 12 135 57 - - let%span span40 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span41 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span42 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span43 = "../common.rs" 18 15 18 32 - - let%span span44 = "../common.rs" 19 15 19 32 - - let%span span45 = "../common.rs" 21 22 21 23 + let%span span36 = "../common.rs" 18 15 18 32 - let%span span46 = "../common.rs" 21 31 21 33 + let%span span37 = "../common.rs" 19 15 19 32 - let%span span47 = "../common.rs" 21 52 21 53 + let%span span38 = "../common.rs" 21 22 21 23 - let%span span48 = "../common.rs" 21 61 21 63 + let%span span39 = "../common.rs" 21 52 21 53 - let%span span49 = "../common.rs" 21 82 21 83 + let%span span40 = "../common.rs" 21 82 21 83 - let%span span50 = "../common.rs" 20 14 20 42 + let%span span41 = "../common.rs" 20 14 20 42 - let%span span51 = "../common.rs" 15 21 15 25 + let%span span42 = "../common.rs" 15 21 15 25 - let%span span52 = "../common.rs" 14 14 14 45 + let%span span43 = "../common.rs" 14 14 14 45 type item'0 - predicate invariant'8 (self : item'0) + predicate invariant'7 (self : item'0) - predicate inv'8 (_x : item'0) + predicate inv'7 (_x : item'0) - axiom inv'8 : forall x : item'0 . inv'8 x = true + axiom inv'7 : forall x : item'0 . inv'7 x = true predicate resolve'0 (self : f) @@ -2392,21 +2021,21 @@ module C05Map_Map predicate postcondition_mut'0 (self : borrowed f) (_2 : item'0) (_3 : b) - predicate inv'7 (_x : borrowed f) + predicate inv'6 (_x : borrowed f) predicate postcondition_once'0 (self : f) (_2 : item'0) (_3 : b) - predicate inv'6 (_x : b) + predicate inv'5 (_x : b) predicate inv'2 (_x : f) function fn_mut_once'0 (self : f) (args : item'0) (res : b) : () axiom fn_mut_once'0_spec : forall self : f, args : item'0, res : b . ([%#span7] inv'2 self) - -> ([%#span8] inv'8 args) - -> ([%#span9] inv'6 res) + -> ([%#span8] inv'7 args) + -> ([%#span9] inv'5 res) -> ([%#span10] postcondition_once'0 self args res - = (exists s : borrowed f . inv'7 s /\ * s = self /\ postcondition_mut'0 s args res /\ resolve'0 ( ^ s))) + = (exists s : borrowed f . inv'6 s /\ * s = self /\ postcondition_mut'0 s args res /\ resolve'0 ( ^ s))) predicate unnest'0 (self : f) (_2 : f) @@ -2423,87 +2052,68 @@ module C05Map_Map function postcondition_mut_unnest'0 (self : borrowed f) (args : item'0) (res : b) : () axiom postcondition_mut_unnest'0_spec : forall self : borrowed f, args : item'0, res : b . ([%#span19] postcondition_mut'0 self args res) - -> ([%#span20] inv'7 self) - -> ([%#span21] inv'8 args) -> ([%#span22] inv'6 res) -> ([%#span23] unnest'0 ( * self) ( ^ self)) - - predicate invariant'7 (self : borrowed f) - - axiom inv'7 : forall x : borrowed f . inv'7 x = true - - predicate invariant'6 (self : b) + -> ([%#span20] inv'6 self) + -> ([%#span21] inv'7 args) -> ([%#span22] inv'5 res) -> ([%#span23] unnest'0 ( * self) ( ^ self)) - axiom inv'6 : forall x : b . inv'6 x = true - - predicate invariant'5 (self : borrowed i) + predicate invariant'6 (self : borrowed f) - predicate inv'5 (_x : borrowed i) + axiom inv'6 : forall x : borrowed f . inv'6 x = true - axiom inv'5 : forall x : borrowed i . inv'5 x = true + predicate invariant'5 (self : b) - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + axiom inv'5 : forall x : b . inv'5 x = true - predicate invariant'4 (self : Seq'0.t_seq item'0) + predicate invariant'4 (self : borrowed i) - predicate inv'4 (_x : Seq'0.t_seq item'0) + predicate inv'4 (_x : borrowed i) - axiom inv'4 : forall x : Seq'0.t_seq item'0 . inv'4 x = true + axiom inv'4 : forall x : borrowed i . inv'4 x = true predicate inv'0 (_x : i) + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + predicate precondition'0 (self : f) (_2 : item'0) predicate produces'0 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) use prelude.prelude.Int - use seq.Seq - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span24] inv'4 self) -> ([%#span25] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span24] len'0 self >= 0 predicate inv'1 (_x : item'0) function singleton'0 (v : item'0) : Seq'0.t_seq item'0 - axiom singleton'0_spec : forall v : item'0 . ([%#span26] inv'1 v) - -> ([%#span29] inv'4 (singleton'0 v)) - && ([%#span28] index_logic'0 (singleton'0 v) 0 = v) && ([%#span27] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : item'0 . ([%#span25] inv'1 v) + -> ([%#span27] index_logic'0 (singleton'0 v) 0 = v) && ([%#span26] len'0 (singleton'0 v) = 1) predicate next_precondition'0 [#"../05_map.rs" 74 4 74 50] (iter : i) (func : f) = - [%#span30] forall i : i . forall e : item'0 . inv'0 i + [%#span28] forall i : i . forall e : item'0 . inv'0 i -> inv'1 e -> produces'0 iter (singleton'0 e) i -> precondition'0 func (e) - use seq.Seq - function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span31] inv'4 self) - -> ([%#span32] inv'4 other) - -> ([%#span35] inv'4 (concat'0 self other)) - && ([%#span34] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span30] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span33] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span29] len'0 (concat'0 self other) = len'0 self + len'0 other) function push'0 [@inline:trivial] (self : Seq'0.t_seq item'0) (v : item'0) : Seq'0.t_seq item'0 = - [%#span36] concat'0 self (singleton'0 v) + [%#span31] concat'0 self (singleton'0 v) predicate preservation'0 [#"../05_map.rs" 81 4 81 45] (iter : i) (func : f) = - [%#span37] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'0 i - -> inv'6 b - -> inv'7 f + [%#span32] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'0 i + -> inv'5 b + -> inv'6 f -> inv'1 e2 -> inv'1 e1 - -> inv'4 s -> unnest'0 func ( * f) -> produces'0 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1) -> postcondition_mut'0 f (e1) b -> precondition'0 ( ^ f) (e2) @@ -2513,13 +2123,13 @@ module C05Map_Map predicate completed'0 [#"../common.rs" 11 4 11 36] (self : borrowed i) predicate reinitialize'0 [#"../05_map.rs" 93 4 93 29] (_1 : ()) = - [%#span38] forall func : f . forall iter : borrowed i . inv'2 func - -> inv'5 iter -> completed'0 iter -> next_precondition'0 ( ^ iter) func /\ preservation'0 ( ^ iter) func + [%#span33] forall func : f . forall iter : borrowed i . inv'2 func + -> inv'4 iter -> completed'0 iter -> next_precondition'0 ( ^ iter) func /\ preservation'0 ( ^ iter) func use C05Map_Map_Type as Map'0 predicate invariant'3 [#"../05_map.rs" 131 4 131 30] (self : Map'0.t_map i b f) = - [%#span39] reinitialize'0 () + [%#span34] reinitialize'0 () /\ preservation'0 (C05Map_Map_Type.map_iter self) (C05Map_Map_Type.map_func self) /\ next_precondition'0 (C05Map_Map_Type.map_iter self) (C05Map_Map_Type.map_func self) @@ -2535,12 +2145,11 @@ module C05Map_Map axiom inv'2 : forall x : f . inv'2 x = true - constant empty'0 : Seq'0.t_seq item'0 = [%#span40] () + constant empty'0 : Seq'0.t_seq item'0 - function empty_len'0 (_1 : ()) : () = - [%#span42] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span41] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span35] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 predicate invariant'1 (self : item'0) @@ -2553,17 +2162,15 @@ module C05Map_Map function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span43] produces'0 a ab b) - -> ([%#span44] produces'0 b bc c) - -> ([%#span45] inv'0 a) - -> ([%#span46] inv'4 ab) - -> ([%#span47] inv'0 b) - -> ([%#span48] inv'4 bc) -> ([%#span49] inv'0 c) -> ([%#span50] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span36] produces'0 a ab b) + -> ([%#span37] produces'0 b bc c) + -> ([%#span38] inv'0 a) + -> ([%#span39] inv'0 b) -> ([%#span40] inv'0 c) -> ([%#span41] produces'0 a (concat'0 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span51] inv'0 self) - -> ([%#span52] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : i . ([%#span42] inv'0 self) + -> ([%#span43] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) use prelude.prelude.Intrinsic @@ -2605,113 +2212,83 @@ module C05Map_Impl0 let%span s05_map2 = "../05_map.rs" 29 4 29 26 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span7 = "../05_map.rs" 75 8 77 9 - let%span span9 = "../05_map.rs" 75 8 77 9 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span11 = "../05_map.rs" 82 8 89 9 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span12 = "../05_map.rs" 94 8 98 9 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span13 = "../05_map.rs" 133 12 135 57 - let%span span16 = "../05_map.rs" 82 8 89 9 + let%span span14 = "../05_map.rs" 42 8 53 9 - let%span span17 = "../05_map.rs" 94 8 98 9 + let%span span15 = "../05_map.rs" 117 20 117 24 - let%span span18 = "../05_map.rs" 133 12 135 57 + let%span span16 = "../05_map.rs" 117 26 117 33 - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span17 = "../05_map.rs" 117 38 117 42 - let%span span20 = "../05_map.rs" 42 8 53 9 + let%span span18 = "../05_map.rs" 116 14 116 68 - let%span span21 = "../05_map.rs" 117 20 117 24 + let%span span19 = "../05_map.rs" 118 8 123 9 - let%span span22 = "../05_map.rs" 117 26 117 33 - - let%span span23 = "../05_map.rs" 117 38 117 42 - - let%span span24 = "../05_map.rs" 116 14 116 68 - - let%span span25 = "../05_map.rs" 118 8 123 9 - - let%span span26 = "../05_map.rs" 23 8 23 75 + let%span span20 = "../05_map.rs" 23 8 23 75 use prelude.prelude.Borrow - predicate invariant'11 (self : borrowed i) - - predicate inv'11 (_x : borrowed i) - - axiom inv'11 : forall x : borrowed i . inv'11 x = true - - predicate invariant'10 (self : f) - - predicate inv'10 (_x : f) + predicate invariant'8 (self : borrowed i) - axiom inv'10 : forall x : f . inv'10 x = true + predicate inv'8 (_x : borrowed i) - predicate invariant'9 (self : i) + axiom inv'8 : forall x : borrowed i . inv'8 x = true - predicate inv'9 (_x : i) + predicate invariant'7 (self : f) - axiom inv'9 : forall x : i . inv'9 x = true + predicate inv'7 (_x : f) - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + axiom inv'7 : forall x : f . inv'7 x = true - predicate invariant'8 (self : Seq'0.t_seq (borrowed f)) + predicate invariant'6 (self : i) - predicate inv'8 (_x : Seq'0.t_seq (borrowed f)) + predicate inv'6 (_x : i) - axiom inv'8 : forall x : Seq'0.t_seq (borrowed f) . inv'8 x = true + axiom inv'6 : forall x : i . inv'6 x = true type item'0 - predicate invariant'7 (self : Seq'0.t_seq item'0) - - predicate inv'7 (_x : Seq'0.t_seq item'0) - - axiom inv'7 : forall x : Seq'0.t_seq item'0 . inv'7 x = true - - predicate invariant'6 (self : item'0) - - predicate inv'6 (_x : item'0) + predicate invariant'5 (self : item'0) - axiom inv'6 : forall x : item'0 . inv'6 x = true - - predicate invariant'5 (self : borrowed f) + predicate inv'5 (_x : item'0) - predicate inv'5 (_x : borrowed f) + axiom inv'5 : forall x : item'0 . inv'5 x = true - axiom inv'5 : forall x : borrowed f . inv'5 x = true + predicate invariant'4 (self : borrowed f) - predicate invariant'4 (self : b) + predicate inv'4 (_x : borrowed f) - predicate inv'4 (_x : b) + axiom inv'4 : forall x : borrowed f . inv'4 x = true - axiom inv'4 : forall x : b . inv'4 x = true + predicate invariant'3 (self : b) - predicate invariant'3 (self : Seq'0.t_seq b) + predicate inv'3 (_x : b) - predicate inv'3 (_x : Seq'0.t_seq b) + axiom inv'3 : forall x : b . inv'3 x = true - axiom inv'3 : forall x : Seq'0.t_seq b . inv'3 x = true + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 predicate precondition'0 (self : f) (_2 : item'0) @@ -2719,56 +2296,43 @@ module C05Map_Impl0 use prelude.prelude.Int - use seq.Seq - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - function index_logic'2 (self : Seq'0.t_seq item'0) (x : int) : item'0 - - use seq.Seq + function index_logic'2 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function len'1 (self : Seq'0.t_seq item'0) : int - axiom len'1_spec : forall self : Seq'0.t_seq item'0 . ([%#span3] inv'7 self) -> ([%#span4] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq item'0 . [%#span3] len'1 self >= 0 function singleton'1 (v : item'0) : Seq'0.t_seq item'0 - axiom singleton'1_spec : forall v : item'0 . ([%#span5] inv'6 v) - -> ([%#span8] inv'7 (singleton'1 v)) - && ([%#span7] index_logic'2 (singleton'1 v) 0 = v) && ([%#span6] len'1 (singleton'1 v) = 1) + axiom singleton'1_spec : forall v : item'0 . ([%#span4] inv'5 v) + -> ([%#span6] index_logic'2 (singleton'1 v) 0 = v) && ([%#span5] len'1 (singleton'1 v) = 1) predicate next_precondition'0 [#"../05_map.rs" 74 4 74 50] (iter : i) (func : f) = - [%#span9] forall i : i . forall e : item'0 . inv'9 i - -> inv'6 e -> produces'1 iter (singleton'1 e) i -> precondition'0 func (e) + [%#span7] forall i : i . forall e : item'0 . inv'6 i + -> inv'5 e -> produces'1 iter (singleton'1 e) i -> precondition'0 func (e) predicate postcondition_mut'0 (self : borrowed f) (_2 : item'0) (_3 : b) - use seq.Seq - function concat'1 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'1_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span10] inv'7 self) - -> ([%#span11] inv'7 other) - -> ([%#span14] inv'7 (concat'1 self other)) - && ([%#span13] forall i : int . 0 <= i /\ i < len'1 (concat'1 self other) + axiom concat'1_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span9] forall i : int . 0 + <= i + /\ i < len'1 (concat'1 self other) -> index_logic'2 (concat'1 self other) i = (if i < len'1 self then index_logic'2 self i else index_logic'2 other (i - len'1 self))) - && ([%#span12] len'1 (concat'1 self other) = len'1 self + len'1 other) + && ([%#span8] len'1 (concat'1 self other) = len'1 self + len'1 other) function push'0 [@inline:trivial] (self : Seq'0.t_seq item'0) (v : item'0) : Seq'0.t_seq item'0 = - [%#span15] concat'1 self (singleton'1 v) + [%#span10] concat'1 self (singleton'1 v) predicate unnest'0 (self : f) (_2 : f) predicate preservation'0 [#"../05_map.rs" 81 4 81 45] (iter : i) (func : f) = - [%#span16] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'9 i - -> inv'4 b - -> inv'5 f - -> inv'6 e2 - -> inv'6 e1 - -> inv'7 s + [%#span11] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'6 i + -> inv'3 b + -> inv'4 f + -> inv'5 e2 + -> inv'5 e1 -> unnest'0 func ( * f) -> produces'1 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1) -> postcondition_mut'0 f (e1) b -> precondition'0 ( ^ f) (e2) @@ -2778,13 +2342,13 @@ module C05Map_Impl0 predicate completed'1 [#"../common.rs" 11 4 11 36] (self : borrowed i) predicate reinitialize'0 [#"../05_map.rs" 93 4 93 29] (_1 : ()) = - [%#span17] forall func : f . forall iter : borrowed i . inv'10 func - -> inv'11 iter -> completed'1 iter -> next_precondition'0 ( ^ iter) func /\ preservation'0 ( ^ iter) func + [%#span12] forall func : f . forall iter : borrowed i . inv'7 func + -> inv'8 iter -> completed'1 iter -> next_precondition'0 ( ^ iter) func /\ preservation'0 ( ^ iter) func use C05Map_Map_Type as Map'0 predicate invariant'2 [#"../05_map.rs" 131 4 131 30] (self : Map'0.t_map i b f) = - [%#span18] reinitialize'0 () + [%#span13] reinitialize'0 () /\ preservation'0 (C05Map_Map_Type.map_iter self) (C05Map_Map_Type.map_func self) /\ next_precondition'0 (C05Map_Map_Type.map_iter self) (C05Map_Map_Type.map_func self) @@ -2810,51 +2374,37 @@ module C05Map_Impl0 axiom inv'0 : forall x : borrowed (Map'0.t_map i b f) . inv'0 x = (inv'2 ( * x) /\ inv'2 ( ^ x)) - constant empty'0 : Seq'0.t_seq b = [%#span19] () - - constant empty'0 : Seq'0.t_seq b = [%#span19] () + constant empty'0 : Seq'0.t_seq b - use seq.Seq + constant empty'0 : Seq'0.t_seq b - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq b) (x : int) : b - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq b) (_2 : int) : b function len'0 (self : Seq'0.t_seq b) : int - axiom len'0_spec : forall self : Seq'0.t_seq b . ([%#span3] inv'3 self) -> ([%#span4] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq b . [%#span3] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq b) (other : Seq'0.t_seq b) : Seq'0.t_seq b - axiom concat'0_spec : forall self : Seq'0.t_seq b, other : Seq'0.t_seq b . ([%#span10] inv'3 self) - -> ([%#span11] inv'3 other) - -> ([%#span14] inv'3 (concat'0 self other)) - && ([%#span13] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq b, other : Seq'0.t_seq b . ([%#span9] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span12] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span8] len'0 (concat'0 self other) = len'0 self + len'0 other) - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq (borrowed f)) (x : int) : borrowed f - - use seq.Seq + function index_logic'1 (self : Seq'0.t_seq (borrowed f)) (_2 : int) : borrowed f function len'2 (self : Seq'0.t_seq (borrowed f)) : int - axiom len'2_spec : forall self : Seq'0.t_seq (borrowed f) . ([%#span3] inv'8 self) -> ([%#span4] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq (borrowed f) . [%#span3] len'2 self >= 0 predicate produces'0 [@inline:trivial] [#"../05_map.rs" 41 4 41 67] (self : Map'0.t_map i b f) (visited : Seq'0.t_seq b) (succ : Map'0.t_map i b f) = - [%#span20] unnest'0 (C05Map_Map_Type.map_func self) (C05Map_Map_Type.map_func succ) - /\ (exists s : Seq'0.t_seq item'0 . inv'7 s - /\ len'1 s = len'0 visited + [%#span14] unnest'0 (C05Map_Map_Type.map_func self) (C05Map_Map_Type.map_func succ) + /\ (exists s : Seq'0.t_seq item'0 . len'1 s = len'0 visited /\ produces'1 (C05Map_Map_Type.map_iter self) s (C05Map_Map_Type.map_iter succ) - /\ (exists fs : Seq'0.t_seq (borrowed f) . inv'8 fs - /\ len'2 fs = len'0 visited + /\ (exists fs : Seq'0.t_seq (borrowed f) . len'2 fs = len'0 visited /\ (forall i : int . 1 <= i /\ i < len'2 fs -> ^ index_logic'1 fs (i - 1) = * index_logic'1 fs i) /\ (if len'0 visited = 0 then C05Map_Map_Type.map_func self = C05Map_Map_Type.map_func succ @@ -2867,31 +2417,28 @@ module C05Map_Impl0 /\ precondition'0 ( * index_logic'1 fs i) (index_logic'2 s i) /\ postcondition_mut'0 (index_logic'1 fs i) (index_logic'2 s i) (index_logic'0 visited i)))) - use seq.Seq - function singleton'0 (v : b) : Seq'0.t_seq b - axiom singleton'0_spec : forall v : b . ([%#span5] inv'4 v) - -> ([%#span8] inv'3 (singleton'0 v)) - && ([%#span7] index_logic'0 (singleton'0 v) 0 = v) && ([%#span6] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : b . ([%#span4] inv'3 v) + -> ([%#span6] index_logic'0 (singleton'0 v) 0 = v) && ([%#span5] len'0 (singleton'0 v) = 1) predicate produces_one'0 [#"../05_map.rs" 117 4 117 57] (self : Map'0.t_map i b f) (visited : b) (succ : Map'0.t_map i b f) = - [%#span25] exists f : borrowed f . inv'5 f + [%#span19] exists f : borrowed f . inv'4 f /\ * f = C05Map_Map_Type.map_func self /\ ^ f = C05Map_Map_Type.map_func succ - /\ (exists e : item'0 . inv'6 e + /\ (exists e : item'0 . inv'5 e /\ produces'1 (C05Map_Map_Type.map_iter self) (singleton'1 e) (C05Map_Map_Type.map_iter succ) /\ precondition'0 ( * f) (e) /\ postcondition_mut'0 f (e) visited) - axiom produces_one'0_spec : forall self : Map'0.t_map i b f, visited : b, succ : Map'0.t_map i b f . ([%#span21] inv'2 self) - -> ([%#span22] inv'4 visited) - -> ([%#span23] inv'2 succ) - -> ([%#span24] produces_one'0 self visited succ = produces'0 self (singleton'0 visited) succ) + axiom produces_one'0_spec : forall self : Map'0.t_map i b f, visited : b, succ : Map'0.t_map i b f . ([%#span15] inv'2 self) + -> ([%#span16] inv'3 visited) + -> ([%#span17] inv'2 succ) + -> ([%#span18] produces_one'0 self visited succ = produces'0 self (singleton'0 visited) succ) predicate completed'0 [#"../05_map.rs" 22 4 22 35] (self : borrowed (Map'0.t_map i b f)) = - [%#span26] completed'1 (Borrow.borrow_logic (C05Map_Map_Type.map_iter ( * self)) (C05Map_Map_Type.map_iter ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) + [%#span20] completed'1 (Borrow.borrow_logic (C05Map_Map_Type.map_iter ( * self)) (C05Map_Map_Type.map_iter ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) /\ C05Map_Map_Type.map_func ( * self) = C05Map_Map_Type.map_func ( ^ self) goal next_refn : [%#s05_map0] forall self : borrowed (Map'0.t_map i b f) . inv'0 self @@ -2908,11 +2455,9 @@ module C05Map_Impl0 end) goal produces_trans_refn : [%#s05_map1] forall a : Map'0.t_map i b f . forall ab : Seq'0.t_seq b . forall b : Map'0.t_map i b f . forall bc : Seq'0.t_seq b . forall c : Map'0.t_map i b f . inv'2 c - /\ inv'3 bc /\ inv'2 b /\ inv'3 ab /\ inv'2 a /\ produces'0 b bc c /\ produces'0 a ab b + /\ inv'2 b /\ inv'2 a /\ produces'0 b bc c /\ produces'0 a ab b -> inv'2 c - /\ inv'3 bc /\ inv'2 b - /\ inv'3 ab /\ inv'2 a /\ produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (concat'0 ab bc) c -> produces'0 a (concat'0 ab bc) c) diff --git a/creusot/tests/should_succeed/iterators/06_map_precond.coma b/creusot/tests/should_succeed/iterators/06_map_precond.coma index dcc24cbec2..dd9e9c325a 100644 --- a/creusot/tests/should_succeed/iterators/06_map_precond.coma +++ b/creusot/tests/should_succeed/iterators/06_map_precond.coma @@ -3,22 +3,7 @@ module CreusotContracts_Snapshot_Snapshot_Type type t_snapshot 't end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C06MapPrecond_Map_Type type item'0 @@ -68,101 +53,81 @@ module C06MapPrecond_Impl1_PreservationInv_Impl let%span s06_map_precond1 = "../06_map_precond.rs" 93 33 93 37 - let%span s06_map_precond2 = "../06_map_precond.rs" 93 42 93 50 - - let%span s06_map_precond3 = "../06_map_precond.rs" 92 4 92 83 - - let%span sseq24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span sseq25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span sseq26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span s06_map_precond2 = "../06_map_precond.rs" 92 4 92 83 - let%span sseq27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span sseq23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span sseq28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span sseq24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span ssnapshot9 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span ssnapshot5 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span ssnapshot10 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span ssnapshot6 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span s06_map_precond11 = "../06_map_precond.rs" 94 8 101 9 + let%span s06_map_precond7 = "../06_map_precond.rs" 94 8 101 9 - let%span span12 = "../../../../../creusot-contracts/src/std/ops.rs" 123 19 123 23 - - let%span span13 = "../../../../../creusot-contracts/src/std/ops.rs" 123 25 123 29 - - let%span span14 = "../../../../../creusot-contracts/src/std/ops.rs" 123 37 123 40 - - let%span span15 = "../../../../../creusot-contracts/src/std/ops.rs" 122 14 122 135 - - let%span span16 = "../../../../../creusot-contracts/src/std/ops.rs" 114 15 114 29 - - let%span span17 = "../../../../../creusot-contracts/src/std/ops.rs" 115 15 115 26 - - let%span span18 = "../../../../../creusot-contracts/src/std/ops.rs" 117 20 117 24 + let%span span8 = "../../../../../creusot-contracts/src/std/ops.rs" 123 19 123 23 - let%span span19 = "../../../../../creusot-contracts/src/std/ops.rs" 117 26 117 27 + let%span span9 = "../../../../../creusot-contracts/src/std/ops.rs" 123 25 123 29 - let%span span20 = "../../../../../creusot-contracts/src/std/ops.rs" 117 35 117 36 + let%span span10 = "../../../../../creusot-contracts/src/std/ops.rs" 123 37 123 40 - let%span span21 = "../../../../../creusot-contracts/src/std/ops.rs" 116 14 116 28 + let%span span11 = "../../../../../creusot-contracts/src/std/ops.rs" 122 14 122 135 - let%span span22 = "../../../../../creusot-contracts/src/std/ops.rs" 110 19 110 23 + let%span span12 = "../../../../../creusot-contracts/src/std/ops.rs" 114 15 114 29 - let%span span23 = "../../../../../creusot-contracts/src/std/ops.rs" 109 14 109 31 + let%span span13 = "../../../../../creusot-contracts/src/std/ops.rs" 115 15 115 26 - let%span span24 = "../../../../../creusot-contracts/src/std/ops.rs" 103 15 103 48 + let%span span14 = "../../../../../creusot-contracts/src/std/ops.rs" 117 20 117 24 - let%span span25 = "../../../../../creusot-contracts/src/std/ops.rs" 105 37 105 41 + let%span span15 = "../../../../../creusot-contracts/src/std/ops.rs" 117 26 117 27 - let%span span26 = "../../../../../creusot-contracts/src/std/ops.rs" 105 43 105 47 + let%span span16 = "../../../../../creusot-contracts/src/std/ops.rs" 117 35 117 36 - let%span span27 = "../../../../../creusot-contracts/src/std/ops.rs" 105 55 105 58 + let%span span17 = "../../../../../creusot-contracts/src/std/ops.rs" 116 14 116 28 - let%span span28 = "../../../../../creusot-contracts/src/std/ops.rs" 104 14 104 35 + let%span span18 = "../../../../../creusot-contracts/src/std/ops.rs" 110 19 110 23 - let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span19 = "../../../../../creusot-contracts/src/std/ops.rs" 109 14 109 31 - let%span span30 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span20 = "../../../../../creusot-contracts/src/std/ops.rs" 103 15 103 48 - let%span span31 = "../common.rs" 18 15 18 32 + let%span span21 = "../../../../../creusot-contracts/src/std/ops.rs" 105 37 105 41 - let%span span32 = "../common.rs" 19 15 19 32 + let%span span22 = "../../../../../creusot-contracts/src/std/ops.rs" 105 43 105 47 - let%span span33 = "../common.rs" 21 22 21 23 + let%span span23 = "../../../../../creusot-contracts/src/std/ops.rs" 105 55 105 58 - let%span span34 = "../common.rs" 21 31 21 33 + let%span span24 = "../../../../../creusot-contracts/src/std/ops.rs" 104 14 104 35 - let%span span35 = "../common.rs" 21 52 21 53 + let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span36 = "../common.rs" 21 61 21 63 + let%span span26 = "../common.rs" 18 15 18 32 - let%span span37 = "../common.rs" 21 82 21 83 + let%span span27 = "../common.rs" 19 15 19 32 - let%span span38 = "../common.rs" 20 14 20 42 + let%span span28 = "../common.rs" 21 22 21 23 - let%span span39 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span29 = "../common.rs" 21 52 21 53 - let%span span40 = "../common.rs" 15 21 15 25 + let%span span30 = "../common.rs" 21 82 21 83 - let%span span41 = "../common.rs" 14 14 14 45 + let%span span31 = "../common.rs" 20 14 20 42 - let%span span42 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span32 = "../common.rs" 15 21 15 25 - let%span span43 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span33 = "../common.rs" 14 14 14 45 - let%span span44 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span34 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span45 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span35 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span46 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span36 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span47 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span37 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span48 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span38 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span49 = "../06_map_precond.rs" 106 8 113 9 + let%span span39 = "../06_map_precond.rs" 106 8 113 9 type item'0 @@ -176,88 +141,83 @@ module C06MapPrecond_Impl1_PreservationInv_Impl axiom inv'6 : forall x : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)) . inv'6 x = true + predicate invariant'5 (self : Seq'0.t_seq item'0) + + predicate inv'5 (_x : Seq'0.t_seq item'0) + + axiom inv'5 : forall x : Seq'0.t_seq item'0 . inv'5 x = true + predicate resolve'0 (self : f) use prelude.prelude.Borrow predicate postcondition_mut'0 (self : borrowed f) (_2 : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) (_3 : b) - predicate inv'4 (_x : borrowed f) + predicate inv'3 (_x : borrowed f) predicate postcondition_once'0 (self : f) (_2 : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) (_3 : b) - predicate inv'3 (_x : b) + predicate inv'2 (_x : b) predicate inv'1 (_x : f) function fn_mut_once'0 (self : f) (args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) (res : b) : () - axiom fn_mut_once'0_spec : forall self : f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span12] inv'1 self) - -> ([%#span13] inv'6 args) - -> ([%#span14] inv'3 res) - -> ([%#span15] postcondition_once'0 self args res - = (exists s : borrowed f . inv'4 s /\ * s = self /\ postcondition_mut'0 s args res /\ resolve'0 ( ^ s))) + axiom fn_mut_once'0_spec : forall self : f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span8] inv'1 self) + -> ([%#span9] inv'6 args) + -> ([%#span10] inv'2 res) + -> ([%#span11] postcondition_once'0 self args res + = (exists s : borrowed f . inv'3 s /\ * s = self /\ postcondition_mut'0 s args res /\ resolve'0 ( ^ s))) predicate unnest'0 (self : f) (_2 : f) function unnest_trans'0 (self : f) (b : f) (c : f) : () - axiom unnest_trans'0_spec : forall self : f, b : f, c : f . ([%#span16] unnest'0 self b) - -> ([%#span17] unnest'0 b c) - -> ([%#span18] inv'1 self) -> ([%#span19] inv'1 b) -> ([%#span20] inv'1 c) -> ([%#span21] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : f, b : f, c : f . ([%#span12] unnest'0 self b) + -> ([%#span13] unnest'0 b c) + -> ([%#span14] inv'1 self) -> ([%#span15] inv'1 b) -> ([%#span16] inv'1 c) -> ([%#span17] unnest'0 self c) function unnest_refl'0 (self : f) : () - axiom unnest_refl'0_spec : forall self : f . ([%#span22] inv'1 self) -> ([%#span23] unnest'0 self self) + axiom unnest_refl'0_spec : forall self : f . ([%#span18] inv'1 self) -> ([%#span19] unnest'0 self self) function postcondition_mut_unnest'0 (self : borrowed f) (args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) (res : b) : () - axiom postcondition_mut_unnest'0_spec : forall self : borrowed f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span24] postcondition_mut'0 self args res) - -> ([%#span25] inv'4 self) - -> ([%#span26] inv'6 args) -> ([%#span27] inv'3 res) -> ([%#span28] unnest'0 ( * self) ( ^ self)) - - predicate invariant'5 (self : item'0) - - predicate inv'5 (_x : item'0) - - axiom inv'5 : forall x : item'0 . inv'5 x = true + axiom postcondition_mut_unnest'0_spec : forall self : borrowed f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span20] postcondition_mut'0 self args res) + -> ([%#span21] inv'3 self) + -> ([%#span22] inv'6 args) -> ([%#span23] inv'2 res) -> ([%#span24] unnest'0 ( * self) ( ^ self)) - predicate invariant'4 (self : borrowed f) + predicate invariant'4 (self : item'0) - axiom inv'4 : forall x : borrowed f . inv'4 x = true + predicate inv'4 (_x : item'0) - predicate invariant'3 (self : b) + axiom inv'4 : forall x : item'0 . inv'4 x = true - axiom inv'3 : forall x : b . inv'3 x = true + predicate invariant'3 (self : borrowed f) - use seq.Seq + axiom inv'3 : forall x : borrowed f . inv'3 x = true - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + predicate invariant'2 (self : b) - use seq.Seq + axiom inv'2 : forall x : b . inv'2 x = true use prelude.prelude.Int - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 - - use seq.Seq - - predicate inv'2 (_x : Seq'0.t_seq item'0) + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span29] inv'2 self) -> ([%#span30] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span25] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#sseq24] inv'2 self) - -> ([%#sseq25] inv'2 other) - -> ([%#sseq28] inv'2 (concat'0 self other)) - && ([%#sseq27] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#sseq24] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#sseq26] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#sseq23] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate inv'0 (_x : i) @@ -266,28 +226,21 @@ module C06MapPrecond_Impl1_PreservationInv_Impl function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span31] produces'0 a ab b) - -> ([%#span32] produces'0 b bc c) - -> ([%#span33] inv'0 a) - -> ([%#span34] inv'2 ab) - -> ([%#span35] inv'0 b) - -> ([%#span36] inv'2 bc) -> ([%#span37] inv'0 c) -> ([%#span38] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span26] produces'0 a ab b) + -> ([%#span27] produces'0 b bc c) + -> ([%#span28] inv'0 a) + -> ([%#span29] inv'0 b) -> ([%#span30] inv'0 c) -> ([%#span31] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq item'0 = [%#span39] () + constant empty'0 : Seq'0.t_seq item'0 function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span40] inv'0 self) - -> ([%#span41] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) - - function empty_len'0 (_1 : ()) : () = - [%#span43] () + axiom produces_refl'0_spec : forall self : i . ([%#span32] inv'0 self) + -> ([%#span33] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) - axiom empty_len'0_spec : forall _1 : () . [%#span42] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 + function empty_len'0 (_1 : ()) : () - predicate invariant'2 (self : Seq'0.t_seq item'0) - - axiom inv'2 : forall x : Seq'0.t_seq item'0 . inv'2 x = true + axiom empty_len'0_spec : forall _1 : () . [%#span34] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 predicate invariant'1 (self : f) @@ -303,27 +256,22 @@ module C06MapPrecond_Impl1_PreservationInv_Impl function new'0 (x : Seq'0.t_seq item'0) : Snapshot'0.t_snapshot (Seq'0.t_seq item'0) - axiom new'0_spec : forall x : Seq'0.t_seq item'0 . ([%#ssnapshot9] inv'2 x) - -> ([%#ssnapshot10] deref'0 (new'0 x) = x) - - use seq.Seq + axiom new'0_spec : forall x : Seq'0.t_seq item'0 . ([%#ssnapshot5] inv'5 x) -> ([%#ssnapshot6] deref'0 (new'0 x) = x) function singleton'0 (v : item'0) : Seq'0.t_seq item'0 - axiom singleton'0_spec : forall v : item'0 . ([%#span44] inv'5 v) - -> ([%#span47] inv'2 (singleton'0 v)) - && ([%#span46] index_logic'0 (singleton'0 v) 0 = v) && ([%#span45] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : item'0 . ([%#span35] inv'4 v) + -> ([%#span37] index_logic'0 (singleton'0 v) 0 = v) && ([%#span36] len'0 (singleton'0 v) = 1) function push'0 [@inline:trivial] (self : Seq'0.t_seq item'0) (v : item'0) : Seq'0.t_seq item'0 = - [%#span48] concat'0 self (singleton'0 v) + [%#span38] concat'0 self (singleton'0 v) predicate preservation'0 [#"../06_map_precond.rs" 105 4 105 45] (iter : i) (func : f) = - [%#span49] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'0 i - -> inv'3 b - -> inv'4 f - -> inv'5 e2 - -> inv'5 e1 - -> inv'2 s + [%#span39] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'0 i + -> inv'2 b + -> inv'3 f + -> inv'4 e2 + -> inv'4 e1 -> unnest'0 func ( * f) -> produces'0 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 s) @@ -337,51 +285,40 @@ module C06MapPrecond_Impl1_PreservationInv_Impl predicate preservation_inv [#"../06_map_precond.rs" 93 4 93 73] (iter : i) (func : f) (produced : Seq'0.t_seq item'0) - goal vc_preservation_inv : ([%#s06_map_precond2] inv'2 produced) - -> ([%#s06_map_precond1] inv'1 func) + goal vc_preservation_inv : ([%#s06_map_precond1] inv'1 func) -> ([%#s06_map_precond0] inv'0 iter) -> (forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . if inv'0 i then - if inv'3 b then - if inv'4 f then - if inv'5 e2 then - if inv'5 e1 then - if inv'2 s then - if unnest'0 func ( * f) then - if produces'0 iter (push'0 (push'0 s e1) e2) i then - (([%#sseq25] inv'2 s) && ([%#sseq24] inv'2 produced)) - /\ (([%#sseq28] inv'2 (concat'0 produced s)) - && ([%#sseq27] forall i : int . 0 <= i /\ i < len'0 (concat'0 produced s) + if inv'2 b then + if inv'3 f then + if inv'4 e2 then + if inv'4 e1 then + if unnest'0 func ( * f) then + if produces'0 iter (push'0 (push'0 s e1) e2) i then + ([%#sseq24] forall i : int . 0 <= i /\ i < len'0 (concat'0 produced s) + -> index_logic'0 (concat'0 produced s) i + = (if i < len'0 produced then index_logic'0 produced i else index_logic'0 s (i - len'0 produced))) + && ([%#sseq23] len'0 (concat'0 produced s) = len'0 produced + len'0 s) + -> ([%#ssnapshot5] inv'5 (concat'0 produced s)) + /\ (([%#ssnapshot6] deref'0 (new'0 (concat'0 produced s)) = concat'0 produced s) + -> (if precondition'0 ( * f) (e1, new'0 (concat'0 produced s)) then + ([%#sseq24] forall i : int . 0 <= i /\ i < len'0 (concat'0 produced s) -> index_logic'0 (concat'0 produced s) i = (if i < len'0 produced then index_logic'0 produced i else index_logic'0 s (i - len'0 produced))) - && ([%#sseq26] len'0 (concat'0 produced s) = len'0 produced + len'0 s) - -> ([%#ssnapshot9] inv'2 (concat'0 produced s)) - /\ (([%#ssnapshot10] deref'0 (new'0 (concat'0 produced s)) = concat'0 produced s) - -> (if precondition'0 ( * f) (e1, new'0 (concat'0 produced s)) then - (([%#sseq25] inv'2 s) && ([%#sseq24] inv'2 produced)) - /\ (([%#sseq28] inv'2 (concat'0 produced s)) - && ([%#sseq27] forall i : int . 0 <= i /\ i < len'0 (concat'0 produced s) + && ([%#sseq23] len'0 (concat'0 produced s) = len'0 produced + len'0 s) + -> ([%#ssnapshot5] inv'5 (concat'0 produced s)) + /\ (([%#ssnapshot6] deref'0 (new'0 (concat'0 produced s)) = concat'0 produced s) + -> (if postcondition_mut'0 f (e1, new'0 (concat'0 produced s)) b then + ([%#sseq24] forall i : int . 0 <= i /\ i < len'0 (concat'0 produced s) -> index_logic'0 (concat'0 produced s) i = (if i < len'0 produced then index_logic'0 produced i else index_logic'0 s (i - len'0 produced))) - && ([%#sseq26] len'0 (concat'0 produced s) = len'0 produced + len'0 s) - -> ([%#ssnapshot9] inv'2 (concat'0 produced s)) - /\ (([%#ssnapshot10] deref'0 (new'0 (concat'0 produced s)) = concat'0 produced s) - -> (if postcondition_mut'0 f (e1, new'0 (concat'0 produced s)) b then - (([%#sseq25] inv'2 s) && ([%#sseq24] inv'2 produced)) - /\ (([%#sseq28] inv'2 (concat'0 produced s)) - && ([%#sseq27] forall i : int . 0 <= i /\ i < len'0 (concat'0 produced s) - -> index_logic'0 (concat'0 produced s) i - = (if i < len'0 produced then index_logic'0 produced i else index_logic'0 s (i - len'0 produced))) - && ([%#sseq26] len'0 (concat'0 produced s) = len'0 produced + len'0 s) - -> ([%#ssnapshot9] inv'2 (push'0 (concat'0 produced s) e1))) - else - true - ))) + && ([%#sseq23] len'0 (concat'0 produced s) = len'0 produced + len'0 s) + -> ([%#ssnapshot5] inv'5 (push'0 (concat'0 produced s) e1)) else true - ))) + )) else true - + )) else true @@ -403,13 +340,12 @@ module C06MapPrecond_Impl1_PreservationInv_Impl else true ) - /\ ([%#s06_map_precond3] produced = (empty'0 : Seq'0.t_seq item'0) - -> ([%#s06_map_precond11] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'0 i - -> inv'3 b - -> inv'4 f - -> inv'5 e2 - -> inv'5 e1 - -> inv'2 s + /\ ([%#s06_map_precond2] produced = (empty'0 : Seq'0.t_seq item'0) + -> ([%#s06_map_precond7] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'0 i + -> inv'2 b + -> inv'3 f + -> inv'4 e2 + -> inv'4 e1 -> unnest'0 func ( * f) -> produces'0 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 (concat'0 produced s)) @@ -428,215 +364,177 @@ module C06MapPrecond_Impl0_ProducesRefl_Impl let%span s06_map_precond1 = "../06_map_precond.rs" 30 14 30 45 - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span4 = "../../../../../creusot-contracts/src/std/ops.rs" 123 19 123 23 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span5 = "../../../../../creusot-contracts/src/std/ops.rs" 123 25 123 29 - let%span span7 = "../../../../../creusot-contracts/src/std/ops.rs" 123 19 123 23 + let%span span6 = "../../../../../creusot-contracts/src/std/ops.rs" 123 37 123 40 - let%span span8 = "../../../../../creusot-contracts/src/std/ops.rs" 123 25 123 29 + let%span span7 = "../../../../../creusot-contracts/src/std/ops.rs" 122 14 122 135 - let%span span9 = "../../../../../creusot-contracts/src/std/ops.rs" 123 37 123 40 + let%span span8 = "../../../../../creusot-contracts/src/std/ops.rs" 114 15 114 29 - let%span span10 = "../../../../../creusot-contracts/src/std/ops.rs" 122 14 122 135 + let%span span9 = "../../../../../creusot-contracts/src/std/ops.rs" 115 15 115 26 - let%span span11 = "../../../../../creusot-contracts/src/std/ops.rs" 114 15 114 29 + let%span span10 = "../../../../../creusot-contracts/src/std/ops.rs" 117 20 117 24 - let%span span12 = "../../../../../creusot-contracts/src/std/ops.rs" 115 15 115 26 + let%span span11 = "../../../../../creusot-contracts/src/std/ops.rs" 117 26 117 27 - let%span span13 = "../../../../../creusot-contracts/src/std/ops.rs" 117 20 117 24 + let%span span12 = "../../../../../creusot-contracts/src/std/ops.rs" 117 35 117 36 - let%span span14 = "../../../../../creusot-contracts/src/std/ops.rs" 117 26 117 27 + let%span span13 = "../../../../../creusot-contracts/src/std/ops.rs" 116 14 116 28 - let%span span15 = "../../../../../creusot-contracts/src/std/ops.rs" 117 35 117 36 + let%span span14 = "../../../../../creusot-contracts/src/std/ops.rs" 110 19 110 23 - let%span span16 = "../../../../../creusot-contracts/src/std/ops.rs" 116 14 116 28 + let%span span15 = "../../../../../creusot-contracts/src/std/ops.rs" 109 14 109 31 - let%span span17 = "../../../../../creusot-contracts/src/std/ops.rs" 110 19 110 23 + let%span span16 = "../../../../../creusot-contracts/src/std/ops.rs" 103 15 103 48 - let%span span18 = "../../../../../creusot-contracts/src/std/ops.rs" 109 14 109 31 + let%span span17 = "../../../../../creusot-contracts/src/std/ops.rs" 105 37 105 41 - let%span span19 = "../../../../../creusot-contracts/src/std/ops.rs" 103 15 103 48 + let%span span18 = "../../../../../creusot-contracts/src/std/ops.rs" 105 43 105 47 - let%span span20 = "../../../../../creusot-contracts/src/std/ops.rs" 105 37 105 41 + let%span span19 = "../../../../../creusot-contracts/src/std/ops.rs" 105 55 105 58 - let%span span21 = "../../../../../creusot-contracts/src/std/ops.rs" 105 43 105 47 + let%span span20 = "../../../../../creusot-contracts/src/std/ops.rs" 104 14 104 35 - let%span span22 = "../../../../../creusot-contracts/src/std/ops.rs" 105 55 105 58 + let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span23 = "../../../../../creusot-contracts/src/std/ops.rs" 104 14 104 35 + let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span23 = "../common.rs" 18 15 18 32 - let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span24 = "../common.rs" 19 15 19 32 - let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span25 = "../common.rs" 21 22 21 23 - let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span26 = "../common.rs" 21 52 21 53 - let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span29 = "../common.rs" 18 15 18 32 - - let%span span30 = "../common.rs" 19 15 19 32 - - let%span span31 = "../common.rs" 21 22 21 23 + let%span span27 = "../common.rs" 21 82 21 83 - let%span span32 = "../common.rs" 21 31 21 33 + let%span span28 = "../common.rs" 20 14 20 42 - let%span span33 = "../common.rs" 21 52 21 53 + let%span span29 = "../common.rs" 15 21 15 25 - let%span span34 = "../common.rs" 21 61 21 63 + let%span span30 = "../common.rs" 14 14 14 45 - let%span span35 = "../common.rs" 21 82 21 83 + let%span span31 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span36 = "../common.rs" 20 14 20 42 + let%span span32 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span37 = "../common.rs" 15 21 15 25 + let%span span33 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span38 = "../common.rs" 14 14 14 45 + let%span span34 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span39 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span35 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span40 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span36 = "../06_map_precond.rs" 84 8 88 9 - let%span span41 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span37 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span42 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span38 = "../06_map_precond.rs" 106 8 113 9 - let%span span43 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span39 = "../06_map_precond.rs" 93 24 93 28 - let%span span44 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span40 = "../06_map_precond.rs" 93 33 93 37 - let%span span45 = "../06_map_precond.rs" 84 8 88 9 + let%span span41 = "../06_map_precond.rs" 92 4 92 83 - let%span span46 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span42 = "../06_map_precond.rs" 94 8 101 9 - let%span span47 = "../06_map_precond.rs" 106 8 113 9 + let%span span43 = "../06_map_precond.rs" 118 8 123 9 - let%span span48 = "../06_map_precond.rs" 93 24 93 28 + let%span span44 = "../06_map_precond.rs" 159 12 161 73 - let%span span49 = "../06_map_precond.rs" 93 33 93 37 + let%span span45 = "../../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span span50 = "../06_map_precond.rs" 93 42 93 50 + let%span span46 = "../../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span span51 = "../06_map_precond.rs" 92 4 92 83 + let%span span47 = "../../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span span52 = "../06_map_precond.rs" 94 8 101 9 - - let%span span53 = "../06_map_precond.rs" 118 8 123 9 - - let%span span54 = "../06_map_precond.rs" 159 12 161 73 - - let%span span55 = "../../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 - - let%span span56 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 - - let%span span57 = "../../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 - - let%span span58 = "../../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 - - let%span span59 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 - - let%span span60 = "../06_map_precond.rs" 44 8 56 9 + let%span span48 = "../06_map_precond.rs" 44 8 56 9 type item'0 - predicate invariant'10 (self : item'0) + predicate invariant'8 (self : item'0) - predicate inv'10 (_x : item'0) + predicate inv'8 (_x : item'0) - axiom inv'10 : forall x : item'0 . inv'10 x = true + axiom inv'8 : forall x : item'0 . inv'8 x = true use prelude.prelude.Borrow - predicate invariant'9 (self : borrowed i) + predicate invariant'7 (self : borrowed i) - predicate inv'9 (_x : borrowed i) + predicate inv'7 (_x : borrowed i) - axiom inv'9 : forall x : borrowed i . inv'9 x = true + axiom inv'7 : forall x : borrowed i . inv'7 x = true - predicate invariant'8 (self : b) + predicate invariant'6 (self : b) - predicate inv'8 (_x : b) + predicate inv'6 (_x : b) - axiom inv'8 : forall x : b . inv'8 x = true + axiom inv'6 : forall x : b . inv'6 x = true use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 - predicate invariant'7 (self : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) + predicate invariant'5 (self : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) - predicate inv'7 (_x : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) + predicate inv'5 (_x : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) - axiom inv'7 : forall x : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)) . inv'7 x = true + axiom inv'5 : forall x : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)) . inv'5 x = true - predicate invariant'6 (self : borrowed f) + predicate invariant'4 (self : borrowed f) - predicate inv'6 (_x : borrowed f) + predicate inv'4 (_x : borrowed f) - axiom inv'6 : forall x : borrowed f . inv'6 x = true + axiom inv'4 : forall x : borrowed f . inv'4 x = true - predicate invariant'5 (self : f) + predicate invariant'3 (self : Seq'0.t_seq item'0) - predicate inv'5 (_x : f) + predicate inv'3 (_x : Seq'0.t_seq item'0) - axiom inv'5 : forall x : f . inv'5 x = true + axiom inv'3 : forall x : Seq'0.t_seq item'0 . inv'3 x = true - predicate invariant'4 (self : i) + predicate invariant'2 (self : f) - predicate inv'4 (_x : i) + predicate inv'2 (_x : f) - axiom inv'4 : forall x : i . inv'4 x = true + axiom inv'2 : forall x : f . inv'2 x = true - use prelude.prelude.Int + predicate invariant'1 (self : i) - use seq.Seq + predicate inv'1 (_x : i) - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + axiom inv'1 : forall x : i . inv'1 x = true - predicate inv'3 (_x : Seq'0.t_seq (borrowed f)) + use prelude.prelude.Int function len'2 (self : Seq'0.t_seq (borrowed f)) : int - axiom len'2_spec : forall self : Seq'0.t_seq (borrowed f) . ([%#span2] inv'3 self) -> ([%#span3] len'2 self >= 0) - - constant empty'2 : Seq'0.t_seq (borrowed f) = [%#span4] () + axiom len'2_spec : forall self : Seq'0.t_seq (borrowed f) . [%#span2] len'2 self >= 0 - function empty_len'2 (_1 : ()) : () = - [%#span6] () + constant empty'2 : Seq'0.t_seq (borrowed f) - axiom empty_len'2_spec : forall _1 : () . [%#span5] len'2 (empty'2 : Seq'0.t_seq (borrowed f)) = 0 + function empty_len'2 (_1 : ()) : () - predicate invariant'3 (self : Seq'0.t_seq (borrowed f)) - - axiom inv'3 : forall x : Seq'0.t_seq (borrowed f) . inv'3 x = true - - use seq.Seq - - predicate inv'2 (_x : Seq'0.t_seq item'0) + axiom empty_len'2_spec : forall _1 : () . [%#span3] len'2 (empty'2 : Seq'0.t_seq (borrowed f)) = 0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span2] inv'2 self) -> ([%#span3] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span2] len'0 self >= 0 - constant empty'1 : Seq'0.t_seq item'0 = [%#span4] () + constant empty'1 : Seq'0.t_seq item'0 - function empty_len'1 (_1 : ()) : () = - [%#span6] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span5] len'0 (empty'1 : Seq'0.t_seq item'0) = 0 - - predicate invariant'2 (self : Seq'0.t_seq item'0) - - axiom inv'2 : forall x : Seq'0.t_seq item'0 . inv'2 x = true + axiom empty_len'1_spec : forall _1 : () . [%#span3] len'0 (empty'1 : Seq'0.t_seq item'0) = 0 predicate resolve'0 (self : f) @@ -646,82 +544,66 @@ module C06MapPrecond_Impl0_ProducesRefl_Impl function fn_mut_once'0 (self : f) (args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) (res : b) : () - axiom fn_mut_once'0_spec : forall self : f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span7] inv'5 self) - -> ([%#span8] inv'7 args) - -> ([%#span9] inv'8 res) - -> ([%#span10] postcondition_once'0 self args res - = (exists s : borrowed f . inv'6 s /\ * s = self /\ postcondition_mut'0 s args res /\ resolve'0 ( ^ s))) + axiom fn_mut_once'0_spec : forall self : f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span4] inv'2 self) + -> ([%#span5] inv'5 args) + -> ([%#span6] inv'6 res) + -> ([%#span7] postcondition_once'0 self args res + = (exists s : borrowed f . inv'4 s /\ * s = self /\ postcondition_mut'0 s args res /\ resolve'0 ( ^ s))) predicate unnest'0 (self : f) (_2 : f) function unnest_trans'0 (self : f) (b : f) (c : f) : () - axiom unnest_trans'0_spec : forall self : f, b : f, c : f . ([%#span11] unnest'0 self b) - -> ([%#span12] unnest'0 b c) - -> ([%#span13] inv'5 self) -> ([%#span14] inv'5 b) -> ([%#span15] inv'5 c) -> ([%#span16] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : f, b : f, c : f . ([%#span8] unnest'0 self b) + -> ([%#span9] unnest'0 b c) + -> ([%#span10] inv'2 self) -> ([%#span11] inv'2 b) -> ([%#span12] inv'2 c) -> ([%#span13] unnest'0 self c) function unnest_refl'0 (self : f) : () - axiom unnest_refl'0_spec : forall self : f . ([%#span17] inv'5 self) -> ([%#span18] unnest'0 self self) + axiom unnest_refl'0_spec : forall self : f . ([%#span14] inv'2 self) -> ([%#span15] unnest'0 self self) function postcondition_mut_unnest'0 (self : borrowed f) (args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) (res : b) : () - axiom postcondition_mut_unnest'0_spec : forall self : borrowed f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span19] postcondition_mut'0 self args res) - -> ([%#span20] inv'6 self) - -> ([%#span21] inv'7 args) -> ([%#span22] inv'8 res) -> ([%#span23] unnest'0 ( * self) ( ^ self)) + axiom postcondition_mut_unnest'0_spec : forall self : borrowed f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span16] postcondition_mut'0 self args res) + -> ([%#span17] inv'4 self) + -> ([%#span18] inv'5 args) -> ([%#span19] inv'6 res) -> ([%#span20] unnest'0 ( * self) ( ^ self)) - predicate invariant'1 (self : Seq'0.t_seq b) - - predicate inv'1 (_x : Seq'0.t_seq b) - - axiom inv'1 : forall x : Seq'0.t_seq b . inv'1 x = true - - use seq.Seq - - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq item'0) (x : int) : item'0 + function index_logic'1 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span24] inv'2 self) - -> ([%#span25] inv'2 other) - -> ([%#span28] inv'2 (concat'0 self other)) - && ([%#span27] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span22] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'0 self then index_logic'1 self i else index_logic'1 other (i - len'0 self))) - && ([%#span26] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span21] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span29] produces'1 a ab b) - -> ([%#span30] produces'1 b bc c) - -> ([%#span31] inv'4 a) - -> ([%#span32] inv'2 ab) - -> ([%#span33] inv'4 b) - -> ([%#span34] inv'2 bc) -> ([%#span35] inv'4 c) -> ([%#span36] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span23] produces'1 a ab b) + -> ([%#span24] produces'1 b bc c) + -> ([%#span25] inv'1 a) + -> ([%#span26] inv'1 b) -> ([%#span27] inv'1 c) -> ([%#span28] produces'1 a (concat'0 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span37] inv'4 self) - -> ([%#span38] produces'1 self (empty'1 : Seq'0.t_seq item'0) self) - - use seq.Seq + axiom produces_refl'0_spec : forall self : i . ([%#span29] inv'1 self) + -> ([%#span30] produces'1 self (empty'1 : Seq'0.t_seq item'0) self) function len'1 (self : Seq'0.t_seq b) : int - axiom len'1_spec : forall self : Seq'0.t_seq b . ([%#span2] inv'1 self) -> ([%#span3] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq b . [%#span2] len'1 self >= 0 - constant empty'0 : Seq'0.t_seq b = [%#span4] () + constant empty'0 : Seq'0.t_seq b - function empty_len'0 (_1 : ()) : () = - [%#span6] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span5] len'1 (empty'0 : Seq'0.t_seq b) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span3] len'1 (empty'0 : Seq'0.t_seq b) = 0 predicate precondition'0 (self : f) (_2 : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) @@ -729,32 +611,28 @@ module C06MapPrecond_Impl0_ProducesRefl_Impl function new'0 (x : Seq'0.t_seq item'0) : Snapshot'0.t_snapshot (Seq'0.t_seq item'0) - axiom new'0_spec : forall x : Seq'0.t_seq item'0 . ([%#span39] inv'2 x) -> ([%#span40] deref'0 (new'0 x) = x) - - use seq.Seq + axiom new'0_spec : forall x : Seq'0.t_seq item'0 . ([%#span31] inv'3 x) -> ([%#span32] deref'0 (new'0 x) = x) function singleton'0 (v : item'0) : Seq'0.t_seq item'0 - axiom singleton'0_spec : forall v : item'0 . ([%#span41] inv'10 v) - -> ([%#span44] inv'2 (singleton'0 v)) - && ([%#span43] index_logic'1 (singleton'0 v) 0 = v) && ([%#span42] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : item'0 . ([%#span33] inv'8 v) + -> ([%#span35] index_logic'1 (singleton'0 v) 0 = v) && ([%#span34] len'0 (singleton'0 v) = 1) predicate next_precondition'0 [#"../06_map_precond.rs" 83 4 83 74] (iter : i) (func : f) (produced : Seq'0.t_seq item'0) = - [%#span45] forall i : i . forall e : item'0 . inv'4 i - -> inv'10 e -> produces'1 iter (singleton'0 e) i -> precondition'0 func (e, new'0 produced) + [%#span36] forall i : i . forall e : item'0 . inv'1 i + -> inv'8 e -> produces'1 iter (singleton'0 e) i -> precondition'0 func (e, new'0 produced) function push'0 [@inline:trivial] (self : Seq'0.t_seq item'0) (v : item'0) : Seq'0.t_seq item'0 = - [%#span46] concat'0 self (singleton'0 v) + [%#span37] concat'0 self (singleton'0 v) predicate preservation'0 [#"../06_map_precond.rs" 105 4 105 45] (iter : i) (func : f) = - [%#span47] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'4 i - -> inv'8 b - -> inv'6 f - -> inv'10 e2 - -> inv'10 e1 - -> inv'2 s + [%#span38] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'1 i + -> inv'6 b + -> inv'4 f + -> inv'8 e2 + -> inv'8 e1 -> unnest'0 func ( * f) -> produces'1 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 s) @@ -763,22 +641,20 @@ module C06MapPrecond_Impl0_ProducesRefl_Impl predicate preservation_inv'0 [#"../06_map_precond.rs" 93 4 93 73] (iter : i) (func : f) (produced : Seq'0.t_seq item'0) = - [%#span52] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'4 i - -> inv'8 b - -> inv'6 f - -> inv'10 e2 - -> inv'10 e1 - -> inv'2 s + [%#span42] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'1 i + -> inv'6 b + -> inv'4 f + -> inv'8 e2 + -> inv'8 e1 -> unnest'0 func ( * f) -> produces'1 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 (concat'0 produced s)) -> postcondition_mut'0 f (e1, new'0 (concat'0 produced s)) b -> precondition'0 ( ^ f) (e2, new'0 (push'0 (concat'0 produced s) e1)) - axiom preservation_inv'0_spec : forall iter : i, func : f, produced : Seq'0.t_seq item'0 . ([%#span48] inv'4 iter) - -> ([%#span49] inv'5 func) - -> ([%#span50] inv'2 produced) - -> ([%#span51] produced = (empty'1 : Seq'0.t_seq item'0) + axiom preservation_inv'0_spec : forall iter : i, func : f, produced : Seq'0.t_seq item'0 . ([%#span39] inv'1 iter) + -> ([%#span40] inv'2 func) + -> ([%#span41] produced = (empty'1 : Seq'0.t_seq item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func) use C06MapPrecond_Map_Type as C06MapPrecond_Map_Type @@ -786,15 +662,15 @@ module C06MapPrecond_Impl0_ProducesRefl_Impl predicate completed'0 [#"../common.rs" 11 4 11 36] (self : borrowed i) predicate reinitialize'0 [#"../06_map_precond.rs" 117 4 117 29] (_1 : ()) = - [%#span53] forall func : f . forall iter : borrowed i . inv'5 func - -> inv'9 iter + [%#span43] forall func : f . forall iter : borrowed i . inv'2 func + -> inv'7 iter -> completed'0 iter -> next_precondition'0 ( ^ iter) func (empty'1 : Seq'0.t_seq item'0) /\ preservation'0 ( ^ iter) func use C06MapPrecond_Map_Type as Map'0 predicate invariant'0 [#"../06_map_precond.rs" 157 4 157 30] (self : Map'0.t_map i b f item'0) = - [%#span54] reinitialize'0 () + [%#span44] reinitialize'0 () /\ preservation_inv'0 (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (deref'0 (C06MapPrecond_Map_Type.map_produced self)) /\ next_precondition'0 (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (deref'0 (C06MapPrecond_Map_Type.map_produced self)) @@ -806,39 +682,29 @@ module C06MapPrecond_Impl0_ProducesRefl_Impl | Map'0.C_Map iter func produced -> true end) - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq b) (x : int) : b - - use prelude.seq_ext.SeqExt + function index_logic'2 (self : Seq'0.t_seq b) (_2 : int) : b function subsequence'0 (self : Seq'0.t_seq item'0) (n : int) (m : int) : Seq'0.t_seq item'0 - axiom subsequence'0_spec : forall self : Seq'0.t_seq item'0, n : int, m : int . ([%#span55] 0 <= n + axiom subsequence'0_spec : forall self : Seq'0.t_seq item'0, n : int, m : int . ([%#span45] 0 <= n /\ n <= m /\ m <= len'0 self) - -> ([%#span56] inv'2 self) - -> ([%#span59] inv'2 (subsequence'0 self n m)) - && ([%#span58] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) + -> ([%#span47] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) -> index_logic'1 (subsequence'0 self n m) i = index_logic'1 self (n + i)) - && ([%#span57] len'0 (subsequence'0 self n m) = m - n) - - use seq.Seq + && ([%#span46] len'0 (subsequence'0 self n m) = m - n) - function index_logic'0 (self : Seq'0.t_seq (borrowed f)) (x : int) : borrowed f + function index_logic'0 (self : Seq'0.t_seq (borrowed f)) (_2 : int) : borrowed f function inner'0 (self : Snapshot'0.t_snapshot (Seq'0.t_seq item'0)) : Seq'0.t_seq item'0 predicate produces'0 [@inline:trivial] [#"../06_map_precond.rs" 43 4 43 67] (self : Map'0.t_map i b f item'0) (visited : Seq'0.t_seq b) (succ : Map'0.t_map i b f item'0) = - [%#span60] unnest'0 (C06MapPrecond_Map_Type.map_func self) (C06MapPrecond_Map_Type.map_func succ) - /\ (exists s : Seq'0.t_seq item'0 . inv'2 s - /\ len'0 s = len'1 visited + [%#span48] unnest'0 (C06MapPrecond_Map_Type.map_func self) (C06MapPrecond_Map_Type.map_func succ) + /\ (exists s : Seq'0.t_seq item'0 . len'0 s = len'1 visited /\ produces'1 (C06MapPrecond_Map_Type.map_iter self) s (C06MapPrecond_Map_Type.map_iter succ) /\ inner'0 (C06MapPrecond_Map_Type.map_produced succ) = concat'0 (deref'0 (C06MapPrecond_Map_Type.map_produced self)) s - /\ (exists fs : Seq'0.t_seq (borrowed f) . inv'3 fs - /\ len'2 fs = len'1 visited + /\ (exists fs : Seq'0.t_seq (borrowed f) . len'2 fs = len'1 visited /\ (forall i : int . 1 <= i /\ i < len'2 fs -> ^ index_logic'0 fs (i - 1) = * index_logic'0 fs i) /\ (if len'1 visited = 0 then C06MapPrecond_Map_Type.map_func self = C06MapPrecond_Map_Type.map_func succ @@ -871,225 +737,183 @@ module C06MapPrecond_Impl0_ProducesTrans_Impl let%span s06_map_precond2 = "../06_map_precond.rs" 38 22 38 23 - let%span s06_map_precond3 = "../06_map_precond.rs" 38 31 38 33 - - let%span s06_map_precond4 = "../06_map_precond.rs" 38 52 38 53 - - let%span s06_map_precond5 = "../06_map_precond.rs" 38 61 38 63 - - let%span s06_map_precond6 = "../06_map_precond.rs" 38 82 38 83 - - let%span s06_map_precond7 = "../06_map_precond.rs" 37 14 37 42 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span13 = "../../../../../creusot-contracts/src/std/ops.rs" 123 19 123 23 + let%span s06_map_precond3 = "../06_map_precond.rs" 38 52 38 53 - let%span span14 = "../../../../../creusot-contracts/src/std/ops.rs" 123 25 123 29 + let%span s06_map_precond4 = "../06_map_precond.rs" 38 82 38 83 - let%span span15 = "../../../../../creusot-contracts/src/std/ops.rs" 123 37 123 40 + let%span s06_map_precond5 = "../06_map_precond.rs" 37 14 37 42 - let%span span16 = "../../../../../creusot-contracts/src/std/ops.rs" 122 14 122 135 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span17 = "../../../../../creusot-contracts/src/std/ops.rs" 114 15 114 29 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span18 = "../../../../../creusot-contracts/src/std/ops.rs" 115 15 115 26 - - let%span span19 = "../../../../../creusot-contracts/src/std/ops.rs" 117 20 117 24 - - let%span span20 = "../../../../../creusot-contracts/src/std/ops.rs" 117 26 117 27 - - let%span span21 = "../../../../../creusot-contracts/src/std/ops.rs" 117 35 117 36 - - let%span span22 = "../../../../../creusot-contracts/src/std/ops.rs" 116 14 116 28 + let%span span8 = "../../../../../creusot-contracts/src/std/ops.rs" 123 19 123 23 - let%span span23 = "../../../../../creusot-contracts/src/std/ops.rs" 110 19 110 23 + let%span span9 = "../../../../../creusot-contracts/src/std/ops.rs" 123 25 123 29 - let%span span24 = "../../../../../creusot-contracts/src/std/ops.rs" 109 14 109 31 + let%span span10 = "../../../../../creusot-contracts/src/std/ops.rs" 123 37 123 40 - let%span span25 = "../../../../../creusot-contracts/src/std/ops.rs" 103 15 103 48 + let%span span11 = "../../../../../creusot-contracts/src/std/ops.rs" 122 14 122 135 - let%span span26 = "../../../../../creusot-contracts/src/std/ops.rs" 105 37 105 41 + let%span span12 = "../../../../../creusot-contracts/src/std/ops.rs" 114 15 114 29 - let%span span27 = "../../../../../creusot-contracts/src/std/ops.rs" 105 43 105 47 + let%span span13 = "../../../../../creusot-contracts/src/std/ops.rs" 115 15 115 26 - let%span span28 = "../../../../../creusot-contracts/src/std/ops.rs" 105 55 105 58 + let%span span14 = "../../../../../creusot-contracts/src/std/ops.rs" 117 20 117 24 - let%span span29 = "../../../../../creusot-contracts/src/std/ops.rs" 104 14 104 35 + let%span span15 = "../../../../../creusot-contracts/src/std/ops.rs" 117 26 117 27 - let%span span30 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span16 = "../../../../../creusot-contracts/src/std/ops.rs" 117 35 117 36 - let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span17 = "../../../../../creusot-contracts/src/std/ops.rs" 116 14 116 28 - let%span span32 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span18 = "../../../../../creusot-contracts/src/std/ops.rs" 110 19 110 23 - let%span span33 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span19 = "../../../../../creusot-contracts/src/std/ops.rs" 109 14 109 31 - let%span span34 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span20 = "../../../../../creusot-contracts/src/std/ops.rs" 103 15 103 48 - let%span span35 = "../common.rs" 18 15 18 32 + let%span span21 = "../../../../../creusot-contracts/src/std/ops.rs" 105 37 105 41 - let%span span36 = "../common.rs" 19 15 19 32 + let%span span22 = "../../../../../creusot-contracts/src/std/ops.rs" 105 43 105 47 - let%span span37 = "../common.rs" 21 22 21 23 + let%span span23 = "../../../../../creusot-contracts/src/std/ops.rs" 105 55 105 58 - let%span span38 = "../common.rs" 21 31 21 33 + let%span span24 = "../../../../../creusot-contracts/src/std/ops.rs" 104 14 104 35 - let%span span39 = "../common.rs" 21 52 21 53 + let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span40 = "../common.rs" 21 61 21 63 + let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span41 = "../common.rs" 21 82 21 83 + let%span span27 = "../common.rs" 18 15 18 32 - let%span span42 = "../common.rs" 20 14 20 42 + let%span span28 = "../common.rs" 19 15 19 32 - let%span span43 = "../common.rs" 15 21 15 25 + let%span span29 = "../common.rs" 21 22 21 23 - let%span span44 = "../common.rs" 14 14 14 45 + let%span span30 = "../common.rs" 21 52 21 53 - let%span span45 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span31 = "../common.rs" 21 82 21 83 - let%span span46 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span32 = "../common.rs" 20 14 20 42 - let%span span47 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span33 = "../common.rs" 15 21 15 25 - let%span span48 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span34 = "../common.rs" 14 14 14 45 - let%span span49 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span35 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span50 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span36 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span51 = "../06_map_precond.rs" 84 8 88 9 + let%span span37 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span52 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span38 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span53 = "../06_map_precond.rs" 106 8 113 9 + let%span span39 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span54 = "../06_map_precond.rs" 93 24 93 28 + let%span span40 = "../06_map_precond.rs" 84 8 88 9 - let%span span55 = "../06_map_precond.rs" 93 33 93 37 + let%span span41 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span56 = "../06_map_precond.rs" 93 42 93 50 + let%span span42 = "../06_map_precond.rs" 106 8 113 9 - let%span span57 = "../06_map_precond.rs" 92 4 92 83 + let%span span43 = "../06_map_precond.rs" 93 24 93 28 - let%span span58 = "../06_map_precond.rs" 94 8 101 9 + let%span span44 = "../06_map_precond.rs" 93 33 93 37 - let%span span59 = "../06_map_precond.rs" 118 8 123 9 + let%span span45 = "../06_map_precond.rs" 92 4 92 83 - let%span span60 = "../06_map_precond.rs" 159 12 161 73 + let%span span46 = "../06_map_precond.rs" 94 8 101 9 - let%span span61 = "../../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 + let%span span47 = "../06_map_precond.rs" 118 8 123 9 - let%span span62 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 + let%span span48 = "../06_map_precond.rs" 159 12 161 73 - let%span span63 = "../../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 + let%span span49 = "../../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span span64 = "../../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 + let%span span50 = "../../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span span65 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 + let%span span51 = "../../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span span66 = "../06_map_precond.rs" 44 8 56 9 + let%span span52 = "../06_map_precond.rs" 44 8 56 9 type item'0 - predicate invariant'10 (self : item'0) + predicate invariant'8 (self : item'0) - predicate inv'10 (_x : item'0) + predicate inv'8 (_x : item'0) - axiom inv'10 : forall x : item'0 . inv'10 x = true + axiom inv'8 : forall x : item'0 . inv'8 x = true use prelude.prelude.Borrow - predicate invariant'9 (self : borrowed i) + predicate invariant'7 (self : borrowed i) - predicate inv'9 (_x : borrowed i) + predicate inv'7 (_x : borrowed i) - axiom inv'9 : forall x : borrowed i . inv'9 x = true + axiom inv'7 : forall x : borrowed i . inv'7 x = true - predicate invariant'8 (self : b) + predicate invariant'6 (self : b) - predicate inv'8 (_x : b) + predicate inv'6 (_x : b) - axiom inv'8 : forall x : b . inv'8 x = true + axiom inv'6 : forall x : b . inv'6 x = true use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 - predicate invariant'7 (self : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) + predicate invariant'5 (self : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) - predicate inv'7 (_x : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) + predicate inv'5 (_x : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) - axiom inv'7 : forall x : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)) . inv'7 x = true + axiom inv'5 : forall x : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)) . inv'5 x = true - predicate invariant'6 (self : borrowed f) + predicate invariant'4 (self : borrowed f) - predicate inv'6 (_x : borrowed f) + predicate inv'4 (_x : borrowed f) - axiom inv'6 : forall x : borrowed f . inv'6 x = true + axiom inv'4 : forall x : borrowed f . inv'4 x = true - predicate invariant'5 (self : f) + predicate invariant'3 (self : f) - predicate inv'5 (_x : f) + predicate inv'3 (_x : f) - axiom inv'5 : forall x : f . inv'5 x = true + axiom inv'3 : forall x : f . inv'3 x = true - predicate invariant'4 (self : i) + predicate invariant'2 (self : i) - predicate inv'4 (_x : i) + predicate inv'2 (_x : i) - axiom inv'4 : forall x : i . inv'4 x = true + axiom inv'2 : forall x : i . inv'2 x = true - use prelude.prelude.Int + predicate invariant'1 (self : Seq'0.t_seq item'0) - use seq.Seq + predicate inv'1 (_x : Seq'0.t_seq item'0) - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + axiom inv'1 : forall x : Seq'0.t_seq item'0 . inv'1 x = true - predicate inv'3 (_x : Seq'0.t_seq (borrowed f)) + use prelude.prelude.Int function len'2 (self : Seq'0.t_seq (borrowed f)) : int - axiom len'2_spec : forall self : Seq'0.t_seq (borrowed f) . ([%#span8] inv'3 self) -> ([%#span9] len'2 self >= 0) - - constant empty'2 : Seq'0.t_seq (borrowed f) = [%#span10] () - - function empty_len'2 (_1 : ()) : () = - [%#span12] () + axiom len'2_spec : forall self : Seq'0.t_seq (borrowed f) . [%#span6] len'2 self >= 0 - axiom empty_len'2_spec : forall _1 : () . [%#span11] len'2 (empty'2 : Seq'0.t_seq (borrowed f)) = 0 + constant empty'2 : Seq'0.t_seq (borrowed f) - predicate invariant'3 (self : Seq'0.t_seq (borrowed f)) + function empty_len'2 (_1 : ()) : () - axiom inv'3 : forall x : Seq'0.t_seq (borrowed f) . inv'3 x = true - - use seq.Seq - - predicate inv'2 (_x : Seq'0.t_seq item'0) + axiom empty_len'2_spec : forall _1 : () . [%#span7] len'2 (empty'2 : Seq'0.t_seq (borrowed f)) = 0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span8] inv'2 self) -> ([%#span9] len'0 self >= 0) - - constant empty'1 : Seq'0.t_seq item'0 = [%#span10] () + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span6] len'0 self >= 0 - function empty_len'1 (_1 : ()) : () = - [%#span12] () + constant empty'1 : Seq'0.t_seq item'0 - axiom empty_len'1_spec : forall _1 : () . [%#span11] len'0 (empty'1 : Seq'0.t_seq item'0) = 0 + function empty_len'1 (_1 : ()) : () - predicate invariant'2 (self : Seq'0.t_seq item'0) - - axiom inv'2 : forall x : Seq'0.t_seq item'0 . inv'2 x = true + axiom empty_len'1_spec : forall _1 : () . [%#span7] len'0 (empty'1 : Seq'0.t_seq item'0) = 0 predicate resolve'0 (self : f) @@ -1099,82 +923,66 @@ module C06MapPrecond_Impl0_ProducesTrans_Impl function fn_mut_once'0 (self : f) (args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) (res : b) : () - axiom fn_mut_once'0_spec : forall self : f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span13] inv'5 self) - -> ([%#span14] inv'7 args) - -> ([%#span15] inv'8 res) - -> ([%#span16] postcondition_once'0 self args res - = (exists s : borrowed f . inv'6 s /\ * s = self /\ postcondition_mut'0 s args res /\ resolve'0 ( ^ s))) + axiom fn_mut_once'0_spec : forall self : f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span8] inv'3 self) + -> ([%#span9] inv'5 args) + -> ([%#span10] inv'6 res) + -> ([%#span11] postcondition_once'0 self args res + = (exists s : borrowed f . inv'4 s /\ * s = self /\ postcondition_mut'0 s args res /\ resolve'0 ( ^ s))) predicate unnest'0 (self : f) (_2 : f) function unnest_trans'0 (self : f) (b : f) (c : f) : () - axiom unnest_trans'0_spec : forall self : f, b : f, c : f . ([%#span17] unnest'0 self b) - -> ([%#span18] unnest'0 b c) - -> ([%#span19] inv'5 self) -> ([%#span20] inv'5 b) -> ([%#span21] inv'5 c) -> ([%#span22] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : f, b : f, c : f . ([%#span12] unnest'0 self b) + -> ([%#span13] unnest'0 b c) + -> ([%#span14] inv'3 self) -> ([%#span15] inv'3 b) -> ([%#span16] inv'3 c) -> ([%#span17] unnest'0 self c) function unnest_refl'0 (self : f) : () - axiom unnest_refl'0_spec : forall self : f . ([%#span23] inv'5 self) -> ([%#span24] unnest'0 self self) + axiom unnest_refl'0_spec : forall self : f . ([%#span18] inv'3 self) -> ([%#span19] unnest'0 self self) function postcondition_mut_unnest'0 (self : borrowed f) (args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) (res : b) : () - axiom postcondition_mut_unnest'0_spec : forall self : borrowed f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span25] postcondition_mut'0 self args res) - -> ([%#span26] inv'6 self) - -> ([%#span27] inv'7 args) -> ([%#span28] inv'8 res) -> ([%#span29] unnest'0 ( * self) ( ^ self)) - - use seq.Seq - - use seq.Seq + axiom postcondition_mut_unnest'0_spec : forall self : borrowed f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span20] postcondition_mut'0 self args res) + -> ([%#span21] inv'4 self) + -> ([%#span22] inv'5 args) -> ([%#span23] inv'6 res) -> ([%#span24] unnest'0 ( * self) ( ^ self)) - function index_logic'1 (self : Seq'0.t_seq item'0) (x : int) : item'0 + function index_logic'1 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function concat'1 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'1_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span30] inv'2 self) - -> ([%#span31] inv'2 other) - -> ([%#span34] inv'2 (concat'1 self other)) - && ([%#span33] forall i : int . 0 <= i /\ i < len'0 (concat'1 self other) + axiom concat'1_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span26] forall i : int . 0 + <= i + /\ i < len'0 (concat'1 self other) -> index_logic'1 (concat'1 self other) i = (if i < len'0 self then index_logic'1 self i else index_logic'1 other (i - len'0 self))) - && ([%#span32] len'0 (concat'1 self other) = len'0 self + len'0 other) + && ([%#span25] len'0 (concat'1 self other) = len'0 self + len'0 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span35] produces'1 a ab b) - -> ([%#span36] produces'1 b bc c) - -> ([%#span37] inv'4 a) - -> ([%#span38] inv'2 ab) - -> ([%#span39] inv'4 b) - -> ([%#span40] inv'2 bc) -> ([%#span41] inv'4 c) -> ([%#span42] produces'1 a (concat'1 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span27] produces'1 a ab b) + -> ([%#span28] produces'1 b bc c) + -> ([%#span29] inv'2 a) + -> ([%#span30] inv'2 b) -> ([%#span31] inv'2 c) -> ([%#span32] produces'1 a (concat'1 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span43] inv'4 self) - -> ([%#span44] produces'1 self (empty'1 : Seq'0.t_seq item'0) self) - - use seq.Seq - - predicate inv'1 (_x : Seq'0.t_seq b) + axiom produces_refl'0_spec : forall self : i . ([%#span33] inv'2 self) + -> ([%#span34] produces'1 self (empty'1 : Seq'0.t_seq item'0) self) function len'1 (self : Seq'0.t_seq b) : int - axiom len'1_spec : forall self : Seq'0.t_seq b . ([%#span8] inv'1 self) -> ([%#span9] len'1 self >= 0) - - constant empty'0 : Seq'0.t_seq b = [%#span10] () + axiom len'1_spec : forall self : Seq'0.t_seq b . [%#span6] len'1 self >= 0 - function empty_len'0 (_1 : ()) : () = - [%#span12] () + constant empty'0 : Seq'0.t_seq b - axiom empty_len'0_spec : forall _1 : () . [%#span11] len'1 (empty'0 : Seq'0.t_seq b) = 0 + function empty_len'0 (_1 : ()) : () - predicate invariant'1 (self : Seq'0.t_seq b) - - axiom inv'1 : forall x : Seq'0.t_seq b . inv'1 x = true + axiom empty_len'0_spec : forall _1 : () . [%#span7] len'1 (empty'0 : Seq'0.t_seq b) = 0 predicate precondition'0 (self : f) (_2 : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) @@ -1182,32 +990,28 @@ module C06MapPrecond_Impl0_ProducesTrans_Impl function new'0 (x : Seq'0.t_seq item'0) : Snapshot'0.t_snapshot (Seq'0.t_seq item'0) - axiom new'0_spec : forall x : Seq'0.t_seq item'0 . ([%#span45] inv'2 x) -> ([%#span46] deref'0 (new'0 x) = x) - - use seq.Seq + axiom new'0_spec : forall x : Seq'0.t_seq item'0 . ([%#span35] inv'1 x) -> ([%#span36] deref'0 (new'0 x) = x) function singleton'0 (v : item'0) : Seq'0.t_seq item'0 - axiom singleton'0_spec : forall v : item'0 . ([%#span47] inv'10 v) - -> ([%#span50] inv'2 (singleton'0 v)) - && ([%#span49] index_logic'1 (singleton'0 v) 0 = v) && ([%#span48] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : item'0 . ([%#span37] inv'8 v) + -> ([%#span39] index_logic'1 (singleton'0 v) 0 = v) && ([%#span38] len'0 (singleton'0 v) = 1) predicate next_precondition'0 [#"../06_map_precond.rs" 83 4 83 74] (iter : i) (func : f) (produced : Seq'0.t_seq item'0) = - [%#span51] forall i : i . forall e : item'0 . inv'4 i - -> inv'10 e -> produces'1 iter (singleton'0 e) i -> precondition'0 func (e, new'0 produced) + [%#span40] forall i : i . forall e : item'0 . inv'2 i + -> inv'8 e -> produces'1 iter (singleton'0 e) i -> precondition'0 func (e, new'0 produced) function push'0 [@inline:trivial] (self : Seq'0.t_seq item'0) (v : item'0) : Seq'0.t_seq item'0 = - [%#span52] concat'1 self (singleton'0 v) + [%#span41] concat'1 self (singleton'0 v) predicate preservation'0 [#"../06_map_precond.rs" 105 4 105 45] (iter : i) (func : f) = - [%#span53] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'4 i - -> inv'8 b - -> inv'6 f - -> inv'10 e2 - -> inv'10 e1 - -> inv'2 s + [%#span42] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'2 i + -> inv'6 b + -> inv'4 f + -> inv'8 e2 + -> inv'8 e1 -> unnest'0 func ( * f) -> produces'1 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 s) @@ -1216,22 +1020,20 @@ module C06MapPrecond_Impl0_ProducesTrans_Impl predicate preservation_inv'0 [#"../06_map_precond.rs" 93 4 93 73] (iter : i) (func : f) (produced : Seq'0.t_seq item'0) = - [%#span58] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'4 i - -> inv'8 b - -> inv'6 f - -> inv'10 e2 - -> inv'10 e1 - -> inv'2 s + [%#span46] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'2 i + -> inv'6 b + -> inv'4 f + -> inv'8 e2 + -> inv'8 e1 -> unnest'0 func ( * f) -> produces'1 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 (concat'1 produced s)) -> postcondition_mut'0 f (e1, new'0 (concat'1 produced s)) b -> precondition'0 ( ^ f) (e2, new'0 (push'0 (concat'1 produced s) e1)) - axiom preservation_inv'0_spec : forall iter : i, func : f, produced : Seq'0.t_seq item'0 . ([%#span54] inv'4 iter) - -> ([%#span55] inv'5 func) - -> ([%#span56] inv'2 produced) - -> ([%#span57] produced = (empty'1 : Seq'0.t_seq item'0) + axiom preservation_inv'0_spec : forall iter : i, func : f, produced : Seq'0.t_seq item'0 . ([%#span43] inv'2 iter) + -> ([%#span44] inv'3 func) + -> ([%#span45] produced = (empty'1 : Seq'0.t_seq item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func) use C06MapPrecond_Map_Type as C06MapPrecond_Map_Type @@ -1239,15 +1041,15 @@ module C06MapPrecond_Impl0_ProducesTrans_Impl predicate completed'0 [#"../common.rs" 11 4 11 36] (self : borrowed i) predicate reinitialize'0 [#"../06_map_precond.rs" 117 4 117 29] (_1 : ()) = - [%#span59] forall func : f . forall iter : borrowed i . inv'5 func - -> inv'9 iter + [%#span47] forall func : f . forall iter : borrowed i . inv'3 func + -> inv'7 iter -> completed'0 iter -> next_precondition'0 ( ^ iter) func (empty'1 : Seq'0.t_seq item'0) /\ preservation'0 ( ^ iter) func use C06MapPrecond_Map_Type as Map'0 predicate invariant'0 [#"../06_map_precond.rs" 157 4 157 30] (self : Map'0.t_map i b f item'0) = - [%#span60] reinitialize'0 () + [%#span48] reinitialize'0 () /\ preservation_inv'0 (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (deref'0 (C06MapPrecond_Map_Type.map_produced self)) /\ next_precondition'0 (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (deref'0 (C06MapPrecond_Map_Type.map_produced self)) @@ -1259,51 +1061,37 @@ module C06MapPrecond_Impl0_ProducesTrans_Impl | Map'0.C_Map iter func produced -> true end) - use seq.Seq - - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq b) (x : int) : b + function index_logic'2 (self : Seq'0.t_seq b) (_2 : int) : b function concat'0 (self : Seq'0.t_seq b) (other : Seq'0.t_seq b) : Seq'0.t_seq b - axiom concat'0_spec : forall self : Seq'0.t_seq b, other : Seq'0.t_seq b . ([%#span30] inv'1 self) - -> ([%#span31] inv'1 other) - -> ([%#span34] inv'1 (concat'0 self other)) - && ([%#span33] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq b, other : Seq'0.t_seq b . ([%#span26] forall i : int . 0 <= i + /\ i < len'1 (concat'0 self other) -> index_logic'2 (concat'0 self other) i = (if i < len'1 self then index_logic'2 self i else index_logic'2 other (i - len'1 self))) - && ([%#span32] len'1 (concat'0 self other) = len'1 self + len'1 other) - - use prelude.seq_ext.SeqExt + && ([%#span25] len'1 (concat'0 self other) = len'1 self + len'1 other) function subsequence'0 (self : Seq'0.t_seq item'0) (n : int) (m : int) : Seq'0.t_seq item'0 - axiom subsequence'0_spec : forall self : Seq'0.t_seq item'0, n : int, m : int . ([%#span61] 0 <= n + axiom subsequence'0_spec : forall self : Seq'0.t_seq item'0, n : int, m : int . ([%#span49] 0 <= n /\ n <= m /\ m <= len'0 self) - -> ([%#span62] inv'2 self) - -> ([%#span65] inv'2 (subsequence'0 self n m)) - && ([%#span64] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) + -> ([%#span51] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) -> index_logic'1 (subsequence'0 self n m) i = index_logic'1 self (n + i)) - && ([%#span63] len'0 (subsequence'0 self n m) = m - n) - - use seq.Seq + && ([%#span50] len'0 (subsequence'0 self n m) = m - n) - function index_logic'0 (self : Seq'0.t_seq (borrowed f)) (x : int) : borrowed f + function index_logic'0 (self : Seq'0.t_seq (borrowed f)) (_2 : int) : borrowed f function inner'0 (self : Snapshot'0.t_snapshot (Seq'0.t_seq item'0)) : Seq'0.t_seq item'0 predicate produces'0 [@inline:trivial] [#"../06_map_precond.rs" 43 4 43 67] (self : Map'0.t_map i b f item'0) (visited : Seq'0.t_seq b) (succ : Map'0.t_map i b f item'0) = - [%#span66] unnest'0 (C06MapPrecond_Map_Type.map_func self) (C06MapPrecond_Map_Type.map_func succ) - /\ (exists s : Seq'0.t_seq item'0 . inv'2 s - /\ len'0 s = len'1 visited + [%#span52] unnest'0 (C06MapPrecond_Map_Type.map_func self) (C06MapPrecond_Map_Type.map_func succ) + /\ (exists s : Seq'0.t_seq item'0 . len'0 s = len'1 visited /\ produces'1 (C06MapPrecond_Map_Type.map_iter self) s (C06MapPrecond_Map_Type.map_iter succ) /\ inner'0 (C06MapPrecond_Map_Type.map_produced succ) = concat'1 (deref'0 (C06MapPrecond_Map_Type.map_produced self)) s - /\ (exists fs : Seq'0.t_seq (borrowed f) . inv'3 fs - /\ len'2 fs = len'1 visited + /\ (exists fs : Seq'0.t_seq (borrowed f) . len'2 fs = len'1 visited /\ (forall i : int . 1 <= i /\ i < len'2 fs -> ^ index_logic'0 fs (i - 1) = * index_logic'0 fs i) /\ (if len'1 visited = 0 then C06MapPrecond_Map_Type.map_func self = C06MapPrecond_Map_Type.map_func succ @@ -1329,13 +1117,11 @@ module C06MapPrecond_Impl0_ProducesTrans_Impl function produces_trans [#"../06_map_precond.rs" 38 4 38 90] (a : Map'0.t_map i b f item'0) (ab : Seq'0.t_seq b) (b : Map'0.t_map i b f item'0) (bc : Seq'0.t_seq b) (c : Map'0.t_map i b f item'0) : () - goal vc_produces_trans : ([%#s06_map_precond6] inv'0 c) - -> ([%#s06_map_precond5] inv'1 bc) - -> ([%#s06_map_precond4] inv'0 b) - -> ([%#s06_map_precond3] inv'1 ab) + goal vc_produces_trans : ([%#s06_map_precond4] inv'0 c) + -> ([%#s06_map_precond3] inv'0 b) -> ([%#s06_map_precond2] inv'0 a) -> ([%#s06_map_precond1] produces'0 b bc c) - -> ([%#s06_map_precond0] produces'0 a ab b) -> ([%#s06_map_precond7] produces'0 a (concat'0 ab bc) c) + -> ([%#s06_map_precond0] produces'0 a ab b) -> ([%#s06_map_precond5] produces'0 a (concat'0 ab bc) c) end module Core_Option_Option_Type type t_option 't = @@ -1368,157 +1154,129 @@ module C06MapPrecond_Impl1_ProducesOne_Impl let%span s06_map_precond3 = "../06_map_precond.rs" 141 14 141 68 - let%span sseq24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 - - let%span sseq25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 - - let%span sseq26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 - - let%span sseq27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 - - let%span s06_map_precond8 = "../06_map_precond.rs" 143 8 149 9 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span sseq24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span sseq25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span sseq26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span s06_map_precond7 = "../06_map_precond.rs" 143 8 149 9 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span14 = "../../../../../creusot-contracts/src/std/ops.rs" 123 19 123 23 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span15 = "../../../../../creusot-contracts/src/std/ops.rs" 123 25 123 29 + let%span span10 = "../../../../../creusot-contracts/src/std/ops.rs" 123 19 123 23 - let%span span16 = "../../../../../creusot-contracts/src/std/ops.rs" 123 37 123 40 + let%span span11 = "../../../../../creusot-contracts/src/std/ops.rs" 123 25 123 29 - let%span span17 = "../../../../../creusot-contracts/src/std/ops.rs" 122 14 122 135 + let%span span12 = "../../../../../creusot-contracts/src/std/ops.rs" 123 37 123 40 - let%span span18 = "../../../../../creusot-contracts/src/std/ops.rs" 114 15 114 29 + let%span span13 = "../../../../../creusot-contracts/src/std/ops.rs" 122 14 122 135 - let%span span19 = "../../../../../creusot-contracts/src/std/ops.rs" 115 15 115 26 + let%span span14 = "../../../../../creusot-contracts/src/std/ops.rs" 114 15 114 29 - let%span span20 = "../../../../../creusot-contracts/src/std/ops.rs" 117 20 117 24 + let%span span15 = "../../../../../creusot-contracts/src/std/ops.rs" 115 15 115 26 - let%span span21 = "../../../../../creusot-contracts/src/std/ops.rs" 117 26 117 27 + let%span span16 = "../../../../../creusot-contracts/src/std/ops.rs" 117 20 117 24 - let%span span22 = "../../../../../creusot-contracts/src/std/ops.rs" 117 35 117 36 + let%span span17 = "../../../../../creusot-contracts/src/std/ops.rs" 117 26 117 27 - let%span span23 = "../../../../../creusot-contracts/src/std/ops.rs" 116 14 116 28 + let%span span18 = "../../../../../creusot-contracts/src/std/ops.rs" 117 35 117 36 - let%span span24 = "../../../../../creusot-contracts/src/std/ops.rs" 110 19 110 23 + let%span span19 = "../../../../../creusot-contracts/src/std/ops.rs" 116 14 116 28 - let%span span25 = "../../../../../creusot-contracts/src/std/ops.rs" 109 14 109 31 + let%span span20 = "../../../../../creusot-contracts/src/std/ops.rs" 110 19 110 23 - let%span span26 = "../../../../../creusot-contracts/src/std/ops.rs" 103 15 103 48 + let%span span21 = "../../../../../creusot-contracts/src/std/ops.rs" 109 14 109 31 - let%span span27 = "../../../../../creusot-contracts/src/std/ops.rs" 105 37 105 41 + let%span span22 = "../../../../../creusot-contracts/src/std/ops.rs" 103 15 103 48 - let%span span28 = "../../../../../creusot-contracts/src/std/ops.rs" 105 43 105 47 + let%span span23 = "../../../../../creusot-contracts/src/std/ops.rs" 105 37 105 41 - let%span span29 = "../../../../../creusot-contracts/src/std/ops.rs" 105 55 105 58 + let%span span24 = "../../../../../creusot-contracts/src/std/ops.rs" 105 43 105 47 - let%span span30 = "../../../../../creusot-contracts/src/std/ops.rs" 104 14 104 35 + let%span span25 = "../../../../../creusot-contracts/src/std/ops.rs" 105 55 105 58 - let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span26 = "../../../../../creusot-contracts/src/std/ops.rs" 104 14 104 35 - let%span span32 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span33 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span34 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span35 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span36 = "../common.rs" 18 15 18 32 - - let%span span37 = "../common.rs" 19 15 19 32 - - let%span span38 = "../common.rs" 21 22 21 23 - - let%span span39 = "../common.rs" 21 31 21 33 - - let%span span40 = "../common.rs" 21 52 21 53 - - let%span span41 = "../common.rs" 21 61 21 63 - - let%span span42 = "../common.rs" 21 82 21 83 - - let%span span43 = "../common.rs" 20 14 20 42 + let%span span29 = "../common.rs" 18 15 18 32 - let%span span44 = "../common.rs" 15 21 15 25 + let%span span30 = "../common.rs" 19 15 19 32 - let%span span45 = "../common.rs" 14 14 14 45 + let%span span31 = "../common.rs" 21 22 21 23 - let%span span46 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span32 = "../common.rs" 21 52 21 53 - let%span span47 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span33 = "../common.rs" 21 82 21 83 - let%span span48 = "../../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 + let%span span34 = "../common.rs" 20 14 20 42 - let%span span49 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 + let%span span35 = "../common.rs" 15 21 15 25 - let%span span50 = "../../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 + let%span span36 = "../common.rs" 14 14 14 45 - let%span span51 = "../../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 + let%span span37 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span52 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 + let%span span38 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span53 = "../06_map_precond.rs" 44 8 56 9 + let%span span39 = "../../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span span54 = "../06_map_precond.rs" 35 15 35 32 + let%span span40 = "../../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span span55 = "../06_map_precond.rs" 36 15 36 32 + let%span span41 = "../../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span span56 = "../06_map_precond.rs" 38 22 38 23 + let%span span42 = "../06_map_precond.rs" 44 8 56 9 - let%span span57 = "../06_map_precond.rs" 38 31 38 33 + let%span span43 = "../06_map_precond.rs" 35 15 35 32 - let%span span58 = "../06_map_precond.rs" 38 52 38 53 + let%span span44 = "../06_map_precond.rs" 36 15 36 32 - let%span span59 = "../06_map_precond.rs" 38 61 38 63 + let%span span45 = "../06_map_precond.rs" 38 22 38 23 - let%span span60 = "../06_map_precond.rs" 38 82 38 83 + let%span span46 = "../06_map_precond.rs" 38 52 38 53 - let%span span61 = "../06_map_precond.rs" 37 14 37 42 + let%span span47 = "../06_map_precond.rs" 38 82 38 83 - let%span span62 = "../06_map_precond.rs" 33 4 33 10 + let%span span48 = "../06_map_precond.rs" 37 14 37 42 - let%span span63 = "../06_map_precond.rs" 31 21 31 25 + let%span span49 = "../06_map_precond.rs" 33 4 33 10 - let%span span64 = "../06_map_precond.rs" 30 14 30 45 + let%span span50 = "../06_map_precond.rs" 31 21 31 25 - let%span span65 = "../06_map_precond.rs" 28 4 28 10 + let%span span51 = "../06_map_precond.rs" 30 14 30 45 - let%span span66 = "../06_map_precond.rs" 84 8 88 9 + let%span span52 = "../06_map_precond.rs" 28 4 28 10 - let%span span67 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span53 = "../06_map_precond.rs" 84 8 88 9 - let%span span68 = "../06_map_precond.rs" 106 8 113 9 + let%span span54 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span69 = "../06_map_precond.rs" 93 24 93 28 + let%span span55 = "../06_map_precond.rs" 106 8 113 9 - let%span span70 = "../06_map_precond.rs" 93 33 93 37 + let%span span56 = "../06_map_precond.rs" 93 24 93 28 - let%span span71 = "../06_map_precond.rs" 93 42 93 50 + let%span span57 = "../06_map_precond.rs" 93 33 93 37 - let%span span72 = "../06_map_precond.rs" 92 4 92 83 + let%span span58 = "../06_map_precond.rs" 92 4 92 83 - let%span span73 = "../06_map_precond.rs" 94 8 101 9 + let%span span59 = "../06_map_precond.rs" 94 8 101 9 - let%span span74 = "../06_map_precond.rs" 118 8 123 9 + let%span span60 = "../06_map_precond.rs" 118 8 123 9 - let%span span75 = "../06_map_precond.rs" 159 12 161 73 + let%span span61 = "../06_map_precond.rs" 159 12 161 73 use prelude.prelude.Borrow - predicate invariant'10 (self : borrowed i) + predicate invariant'8 (self : borrowed i) - predicate inv'10 (_x : borrowed i) + predicate inv'8 (_x : borrowed i) - axiom inv'10 : forall x : borrowed i . inv'10 x = true + axiom inv'8 : forall x : borrowed i . inv'8 x = true type item'0 @@ -1526,52 +1284,41 @@ module C06MapPrecond_Impl1_ProducesOne_Impl use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 - predicate invariant'9 (self : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) + predicate invariant'7 (self : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) - predicate inv'9 (_x : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) + predicate inv'7 (_x : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) - axiom inv'9 : forall x : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)) . inv'9 x = true + axiom inv'7 : forall x : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)) . inv'7 x = true - predicate invariant'8 (self : f) + predicate invariant'6 (self : Seq'0.t_seq item'0) - predicate inv'8 (_x : f) + predicate inv'6 (_x : Seq'0.t_seq item'0) - axiom inv'8 : forall x : f . inv'8 x = true + axiom inv'6 : forall x : Seq'0.t_seq item'0 . inv'6 x = true - predicate invariant'7 (self : i) + predicate invariant'5 (self : f) - predicate inv'7 (_x : i) + predicate inv'5 (_x : f) - axiom inv'7 : forall x : i . inv'7 x = true + axiom inv'5 : forall x : f . inv'5 x = true - use prelude.prelude.Int + predicate invariant'4 (self : i) - use seq.Seq + predicate inv'4 (_x : i) - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + axiom inv'4 : forall x : i . inv'4 x = true - predicate inv'6 (_x : Seq'0.t_seq (borrowed f)) + use prelude.prelude.Int function len'2 (self : Seq'0.t_seq (borrowed f)) : int - axiom len'2_spec : forall self : Seq'0.t_seq (borrowed f) . ([%#span9] inv'6 self) -> ([%#span10] len'2 self >= 0) - - constant empty'2 : Seq'0.t_seq (borrowed f) = [%#span11] () + axiom len'2_spec : forall self : Seq'0.t_seq (borrowed f) . [%#span8] len'2 self >= 0 - function empty_len'2 (_1 : ()) : () = - [%#span13] () + constant empty'2 : Seq'0.t_seq (borrowed f) - axiom empty_len'2_spec : forall _1 : () . [%#span12] len'2 (empty'2 : Seq'0.t_seq (borrowed f)) = 0 + function empty_len'2 (_1 : ()) : () - predicate invariant'6 (self : Seq'0.t_seq (borrowed f)) - - axiom inv'6 : forall x : Seq'0.t_seq (borrowed f) . inv'6 x = true - - predicate invariant'5 (self : Seq'0.t_seq b) - - predicate inv'5 (_x : Seq'0.t_seq b) - - axiom inv'5 : forall x : Seq'0.t_seq b . inv'5 x = true + axiom empty_len'2_spec : forall _1 : () . [%#span9] len'2 (empty'2 : Seq'0.t_seq (borrowed f)) = 0 predicate resolve'0 (self : f) @@ -1585,49 +1332,40 @@ module C06MapPrecond_Impl1_ProducesOne_Impl function fn_mut_once'0 (self : f) (args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) (res : b) : () - axiom fn_mut_once'0_spec : forall self : f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span14] inv'8 self) - -> ([%#span15] inv'9 args) - -> ([%#span16] inv'1 res) - -> ([%#span17] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span10] inv'5 self) + -> ([%#span11] inv'7 args) + -> ([%#span12] inv'1 res) + -> ([%#span13] postcondition_once'0 self args res = (exists s : borrowed f . inv'2 s /\ * s = self /\ postcondition_mut'0 s args res /\ resolve'0 ( ^ s))) predicate unnest'0 (self : f) (_2 : f) function unnest_trans'0 (self : f) (b : f) (c : f) : () - axiom unnest_trans'0_spec : forall self : f, b : f, c : f . ([%#span18] unnest'0 self b) - -> ([%#span19] unnest'0 b c) - -> ([%#span20] inv'8 self) -> ([%#span21] inv'8 b) -> ([%#span22] inv'8 c) -> ([%#span23] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : f, b : f, c : f . ([%#span14] unnest'0 self b) + -> ([%#span15] unnest'0 b c) + -> ([%#span16] inv'5 self) -> ([%#span17] inv'5 b) -> ([%#span18] inv'5 c) -> ([%#span19] unnest'0 self c) function unnest_refl'0 (self : f) : () - axiom unnest_refl'0_spec : forall self : f . ([%#span24] inv'8 self) -> ([%#span25] unnest'0 self self) + axiom unnest_refl'0_spec : forall self : f . ([%#span20] inv'5 self) -> ([%#span21] unnest'0 self self) function postcondition_mut_unnest'0 (self : borrowed f) (args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) (res : b) : () - axiom postcondition_mut_unnest'0_spec : forall self : borrowed f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span26] postcondition_mut'0 self args res) - -> ([%#span27] inv'2 self) - -> ([%#span28] inv'9 args) -> ([%#span29] inv'1 res) -> ([%#span30] unnest'0 ( * self) ( ^ self)) - - predicate invariant'4 (self : Seq'0.t_seq item'0) - - predicate inv'4 (_x : Seq'0.t_seq item'0) - - axiom inv'4 : forall x : Seq'0.t_seq item'0 . inv'4 x = true - - use seq.Seq + axiom postcondition_mut_unnest'0_spec : forall self : borrowed f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span22] postcondition_mut'0 self args res) + -> ([%#span23] inv'2 self) + -> ([%#span24] inv'7 args) -> ([%#span25] inv'1 res) -> ([%#span26] unnest'0 ( * self) ( ^ self)) function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span9] inv'4 self) -> ([%#span10] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span8] len'0 self >= 0 - constant empty'1 : Seq'0.t_seq item'0 = [%#span11] () + constant empty'1 : Seq'0.t_seq item'0 - function empty_len'1 (_1 : ()) : () = - [%#span13] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span12] len'0 (empty'1 : Seq'0.t_seq item'0) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span9] len'0 (empty'1 : Seq'0.t_seq item'0) = 0 predicate invariant'3 (self : item'0) @@ -1639,62 +1377,47 @@ module C06MapPrecond_Impl1_ProducesOne_Impl axiom inv'2 : forall x : borrowed f . inv'2 x = true - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span31] inv'4 self) - -> ([%#span32] inv'4 other) - -> ([%#span35] inv'4 (concat'0 self other)) - && ([%#span34] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span28] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span33] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span27] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) function produces_trans'1 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'1_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span36] produces'1 a ab b) - -> ([%#span37] produces'1 b bc c) - -> ([%#span38] inv'7 a) - -> ([%#span39] inv'4 ab) - -> ([%#span40] inv'7 b) - -> ([%#span41] inv'4 bc) -> ([%#span42] inv'7 c) -> ([%#span43] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'1_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span29] produces'1 a ab b) + -> ([%#span30] produces'1 b bc c) + -> ([%#span31] inv'4 a) + -> ([%#span32] inv'4 b) -> ([%#span33] inv'4 c) -> ([%#span34] produces'1 a (concat'0 ab bc) c) function produces_refl'1 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'1_spec : forall self : i . ([%#span44] inv'7 self) - -> ([%#span45] produces'1 self (empty'1 : Seq'0.t_seq item'0) self) + axiom produces_refl'1_spec : forall self : i . ([%#span35] inv'4 self) + -> ([%#span36] produces'1 self (empty'1 : Seq'0.t_seq item'0) self) use C06MapPrecond_Map_Type as Map'0 - use seq.Seq - - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq b) (x : int) : b - - use seq.Seq + function index_logic'1 (self : Seq'0.t_seq b) (_2 : int) : b function len'1 (self : Seq'0.t_seq b) : int - axiom len'1_spec : forall self : Seq'0.t_seq b . ([%#span9] inv'5 self) -> ([%#span10] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq b . [%#span8] len'1 self >= 0 function concat'1 (self : Seq'0.t_seq b) (other : Seq'0.t_seq b) : Seq'0.t_seq b - axiom concat'1_spec : forall self : Seq'0.t_seq b, other : Seq'0.t_seq b . ([%#span31] inv'5 self) - -> ([%#span32] inv'5 other) - -> ([%#span35] inv'5 (concat'1 self other)) - && ([%#span34] forall i : int . 0 <= i /\ i < len'1 (concat'1 self other) + axiom concat'1_spec : forall self : Seq'0.t_seq b, other : Seq'0.t_seq b . ([%#span28] forall i : int . 0 <= i + /\ i < len'1 (concat'1 self other) -> index_logic'1 (concat'1 self other) i = (if i < len'1 self then index_logic'1 self i else index_logic'1 other (i - len'1 self))) - && ([%#span33] len'1 (concat'1 self other) = len'1 self + len'1 other) + && ([%#span27] len'1 (concat'1 self other) = len'1 self + len'1 other) predicate inv'0 (_x : Map'0.t_map i b f item'0) @@ -1704,23 +1427,17 @@ module C06MapPrecond_Impl1_ProducesOne_Impl function new'0 (x : Seq'0.t_seq item'0) : Snapshot'0.t_snapshot (Seq'0.t_seq item'0) - axiom new'0_spec : forall x : Seq'0.t_seq item'0 . ([%#span46] inv'4 x) -> ([%#span47] deref'0 (new'0 x) = x) - - use prelude.seq_ext.SeqExt + axiom new'0_spec : forall x : Seq'0.t_seq item'0 . ([%#span37] inv'6 x) -> ([%#span38] deref'0 (new'0 x) = x) function subsequence'0 (self : Seq'0.t_seq item'0) (n : int) (m : int) : Seq'0.t_seq item'0 - axiom subsequence'0_spec : forall self : Seq'0.t_seq item'0, n : int, m : int . ([%#span48] 0 <= n + axiom subsequence'0_spec : forall self : Seq'0.t_seq item'0, n : int, m : int . ([%#span39] 0 <= n /\ n <= m /\ m <= len'0 self) - -> ([%#span49] inv'4 self) - -> ([%#span52] inv'4 (subsequence'0 self n m)) - && ([%#span51] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) + -> ([%#span41] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) -> index_logic'0 (subsequence'0 self n m) i = index_logic'0 self (n + i)) - && ([%#span50] len'0 (subsequence'0 self n m) = m - n) - - use seq.Seq + && ([%#span40] len'0 (subsequence'0 self n m) = m - n) - function index_logic'2 (self : Seq'0.t_seq (borrowed f)) (x : int) : borrowed f + function index_logic'2 (self : Seq'0.t_seq (borrowed f)) (_2 : int) : borrowed f function inner'0 (self : Snapshot'0.t_snapshot (Seq'0.t_seq item'0)) : Seq'0.t_seq item'0 @@ -1729,14 +1446,12 @@ module C06MapPrecond_Impl1_ProducesOne_Impl predicate produces'0 [@inline:trivial] [#"../06_map_precond.rs" 43 4 43 67] (self : Map'0.t_map i b f item'0) (visited : Seq'0.t_seq b) (succ : Map'0.t_map i b f item'0) = - [%#span53] unnest'0 (C06MapPrecond_Map_Type.map_func self) (C06MapPrecond_Map_Type.map_func succ) - /\ (exists s : Seq'0.t_seq item'0 . inv'4 s - /\ len'0 s = len'1 visited + [%#span42] unnest'0 (C06MapPrecond_Map_Type.map_func self) (C06MapPrecond_Map_Type.map_func succ) + /\ (exists s : Seq'0.t_seq item'0 . len'0 s = len'1 visited /\ produces'1 (C06MapPrecond_Map_Type.map_iter self) s (C06MapPrecond_Map_Type.map_iter succ) /\ inner'0 (C06MapPrecond_Map_Type.map_produced succ) = concat'0 (deref'0 (C06MapPrecond_Map_Type.map_produced self)) s - /\ (exists fs : Seq'0.t_seq (borrowed f) . inv'6 fs - /\ len'2 fs = len'1 visited + /\ (exists fs : Seq'0.t_seq (borrowed f) . len'2 fs = len'1 visited /\ (forall i : int . 1 <= i /\ i < len'2 fs -> ^ index_logic'2 fs (i - 1) = * index_logic'2 fs i) /\ (if len'1 visited = 0 then C06MapPrecond_Map_Type.map_func self = C06MapPrecond_Map_Type.map_func succ @@ -1752,56 +1467,49 @@ module C06MapPrecond_Impl1_ProducesOne_Impl function produces_trans'0 [#"../06_map_precond.rs" 38 4 38 90] (a : Map'0.t_map i b f item'0) (ab : Seq'0.t_seq b) (b : Map'0.t_map i b f item'0) (bc : Seq'0.t_seq b) (c : Map'0.t_map i b f item'0) : () = - [%#span62] () + [%#span49] () - axiom produces_trans'0_spec : forall a : Map'0.t_map i b f item'0, ab : Seq'0.t_seq b, b : Map'0.t_map i b f item'0, bc : Seq'0.t_seq b, c : Map'0.t_map i b f item'0 . ([%#span54] produces'0 a ab b) - -> ([%#span55] produces'0 b bc c) - -> ([%#span56] inv'0 a) - -> ([%#span57] inv'5 ab) - -> ([%#span58] inv'0 b) - -> ([%#span59] inv'5 bc) -> ([%#span60] inv'0 c) -> ([%#span61] produces'0 a (concat'1 ab bc) c) + axiom produces_trans'0_spec : forall a : Map'0.t_map i b f item'0, ab : Seq'0.t_seq b, b : Map'0.t_map i b f item'0, bc : Seq'0.t_seq b, c : Map'0.t_map i b f item'0 . ([%#span43] produces'0 a ab b) + -> ([%#span44] produces'0 b bc c) + -> ([%#span45] inv'0 a) + -> ([%#span46] inv'0 b) -> ([%#span47] inv'0 c) -> ([%#span48] produces'0 a (concat'1 ab bc) c) - constant empty'0 : Seq'0.t_seq b = [%#span11] () + constant empty'0 : Seq'0.t_seq b function produces_refl'0 [#"../06_map_precond.rs" 31 4 31 26] (self : Map'0.t_map i b f item'0) : () = - [%#span65] () + [%#span52] () - axiom produces_refl'0_spec : forall self : Map'0.t_map i b f item'0 . ([%#span63] inv'0 self) - -> ([%#span64] produces'0 self (empty'0 : Seq'0.t_seq b) self) + axiom produces_refl'0_spec : forall self : Map'0.t_map i b f item'0 . ([%#span50] inv'0 self) + -> ([%#span51] produces'0 self (empty'0 : Seq'0.t_seq b) self) - function empty_len'0 (_1 : ()) : () = - [%#span13] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span12] len'1 (empty'0 : Seq'0.t_seq b) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span9] len'1 (empty'0 : Seq'0.t_seq b) = 0 predicate invariant'1 (self : b) axiom inv'1 : forall x : b . inv'1 x = true - use seq.Seq - function singleton'1 (v : item'0) : Seq'0.t_seq item'0 axiom singleton'1_spec : forall v : item'0 . ([%#sseq24] inv'3 v) - -> ([%#sseq27] inv'4 (singleton'1 v)) - && ([%#sseq26] index_logic'0 (singleton'1 v) 0 = v) && ([%#sseq25] len'0 (singleton'1 v) = 1) + -> ([%#sseq26] index_logic'0 (singleton'1 v) 0 = v) && ([%#sseq25] len'0 (singleton'1 v) = 1) predicate next_precondition'0 [#"../06_map_precond.rs" 83 4 83 74] (iter : i) (func : f) (produced : Seq'0.t_seq item'0) = - [%#span66] forall i : i . forall e : item'0 . inv'7 i + [%#span53] forall i : i . forall e : item'0 . inv'4 i -> inv'3 e -> produces'1 iter (singleton'1 e) i -> precondition'0 func (e, new'0 produced) function push'0 [@inline:trivial] (self : Seq'0.t_seq item'0) (v : item'0) : Seq'0.t_seq item'0 = - [%#span67] concat'0 self (singleton'1 v) + [%#span54] concat'0 self (singleton'1 v) predicate preservation'0 [#"../06_map_precond.rs" 105 4 105 45] (iter : i) (func : f) = - [%#span68] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'7 i + [%#span55] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'4 i -> inv'1 b -> inv'2 f -> inv'3 e2 -> inv'3 e1 - -> inv'4 s -> unnest'0 func ( * f) -> produces'1 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 s) @@ -1810,34 +1518,32 @@ module C06MapPrecond_Impl1_ProducesOne_Impl predicate preservation_inv'0 [#"../06_map_precond.rs" 93 4 93 73] (iter : i) (func : f) (produced : Seq'0.t_seq item'0) = - [%#span73] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'7 i + [%#span59] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'4 i -> inv'1 b -> inv'2 f -> inv'3 e2 -> inv'3 e1 - -> inv'4 s -> unnest'0 func ( * f) -> produces'1 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 (concat'0 produced s)) -> postcondition_mut'0 f (e1, new'0 (concat'0 produced s)) b -> precondition'0 ( ^ f) (e2, new'0 (push'0 (concat'0 produced s) e1)) - axiom preservation_inv'0_spec : forall iter : i, func : f, produced : Seq'0.t_seq item'0 . ([%#span69] inv'7 iter) - -> ([%#span70] inv'8 func) - -> ([%#span71] inv'4 produced) - -> ([%#span72] produced = (empty'1 : Seq'0.t_seq item'0) + axiom preservation_inv'0_spec : forall iter : i, func : f, produced : Seq'0.t_seq item'0 . ([%#span56] inv'4 iter) + -> ([%#span57] inv'5 func) + -> ([%#span58] produced = (empty'1 : Seq'0.t_seq item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func) predicate completed'0 [#"../common.rs" 11 4 11 36] (self : borrowed i) predicate reinitialize'0 [#"../06_map_precond.rs" 117 4 117 29] (_1 : ()) = - [%#span74] forall func : f . forall iter : borrowed i . inv'8 func - -> inv'10 iter + [%#span60] forall func : f . forall iter : borrowed i . inv'5 func + -> inv'8 iter -> completed'0 iter -> next_precondition'0 ( ^ iter) func (empty'1 : Seq'0.t_seq item'0) /\ preservation'0 ( ^ iter) func predicate invariant'0 [#"../06_map_precond.rs" 157 4 157 30] (self : Map'0.t_map i b f item'0) = - [%#span75] reinitialize'0 () + [%#span61] reinitialize'0 () /\ preservation_inv'0 (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (deref'0 (C06MapPrecond_Map_Type.map_produced self)) /\ next_precondition'0 (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (deref'0 (C06MapPrecond_Map_Type.map_produced self)) @@ -1847,13 +1553,10 @@ module C06MapPrecond_Impl1_ProducesOne_Impl | Map'0.C_Map iter func produced -> true end) - use seq.Seq - function singleton'0 (v : b) : Seq'0.t_seq b axiom singleton'0_spec : forall v : b . ([%#sseq24] inv'1 v) - -> ([%#sseq27] inv'5 (singleton'0 v)) - && ([%#sseq26] index_logic'1 (singleton'0 v) 0 = v) && ([%#sseq25] len'1 (singleton'0 v) = 1) + -> ([%#sseq26] index_logic'1 (singleton'0 v) 0 = v) && ([%#sseq25] len'1 (singleton'0 v) = 1) constant self : Map'0.t_map i b f item'0 @@ -1880,7 +1583,7 @@ module C06MapPrecond_Impl1_ProducesOne_Impl else true ) - /\ ([%#s06_map_precond3] ([%#s06_map_precond8] exists f : borrowed f . inv'2 f + /\ ([%#s06_map_precond3] ([%#s06_map_precond7] exists f : borrowed f . inv'2 f /\ * f = C06MapPrecond_Map_Type.map_func self /\ ^ f = C06MapPrecond_Map_Type.map_func succ /\ (exists e : item'0 . inv'3 e @@ -1917,113 +1620,93 @@ module C06MapPrecond_Impl1_ProducesOneInvariant_Impl let%span s06_map_precond9 = "../06_map_precond.rs" 131 14 131 70 - let%span sseq210 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span sseq210 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span sseq211 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span sseq211 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span sseq212 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span sseq212 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span sseq213 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span sseq213 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span sseq214 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span sseq214 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span sseq215 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span s06_map_precond15 = "../06_map_precond.rs" 126 4 126 12 - let%span sseq216 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span16 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span sseq217 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span17 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span sseq218 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span s06_map_precond19 = "../06_map_precond.rs" 126 4 126 12 - - let%span span20 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - - let%span span21 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - - let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span24 = "../06_map_precond.rs" 84 8 88 9 - - let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 - - let%span span26 = "../06_map_precond.rs" 106 8 113 9 - - let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span28 = "../06_map_precond.rs" 93 24 93 28 - - let%span span29 = "../06_map_precond.rs" 93 33 93 37 + let%span span19 = "../06_map_precond.rs" 84 8 88 9 - let%span span30 = "../06_map_precond.rs" 93 42 93 50 + let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span31 = "../06_map_precond.rs" 92 4 92 83 + let%span span21 = "../06_map_precond.rs" 106 8 113 9 - let%span span32 = "../06_map_precond.rs" 94 8 101 9 + let%span span22 = "../06_map_precond.rs" 93 24 93 28 - let%span span33 = "../06_map_precond.rs" 118 8 123 9 + let%span span23 = "../06_map_precond.rs" 93 33 93 37 - let%span span34 = "../06_map_precond.rs" 159 12 161 73 + let%span span24 = "../06_map_precond.rs" 92 4 92 83 - let%span span35 = "../../../../../creusot-contracts/src/std/ops.rs" 123 19 123 23 + let%span span25 = "../06_map_precond.rs" 94 8 101 9 - let%span span36 = "../../../../../creusot-contracts/src/std/ops.rs" 123 25 123 29 + let%span span26 = "../06_map_precond.rs" 118 8 123 9 - let%span span37 = "../../../../../creusot-contracts/src/std/ops.rs" 123 37 123 40 + let%span span27 = "../06_map_precond.rs" 159 12 161 73 - let%span span38 = "../../../../../creusot-contracts/src/std/ops.rs" 122 14 122 135 + let%span span28 = "../../../../../creusot-contracts/src/std/ops.rs" 123 19 123 23 - let%span span39 = "../../../../../creusot-contracts/src/std/ops.rs" 114 15 114 29 + let%span span29 = "../../../../../creusot-contracts/src/std/ops.rs" 123 25 123 29 - let%span span40 = "../../../../../creusot-contracts/src/std/ops.rs" 115 15 115 26 + let%span span30 = "../../../../../creusot-contracts/src/std/ops.rs" 123 37 123 40 - let%span span41 = "../../../../../creusot-contracts/src/std/ops.rs" 117 20 117 24 + let%span span31 = "../../../../../creusot-contracts/src/std/ops.rs" 122 14 122 135 - let%span span42 = "../../../../../creusot-contracts/src/std/ops.rs" 117 26 117 27 + let%span span32 = "../../../../../creusot-contracts/src/std/ops.rs" 114 15 114 29 - let%span span43 = "../../../../../creusot-contracts/src/std/ops.rs" 117 35 117 36 + let%span span33 = "../../../../../creusot-contracts/src/std/ops.rs" 115 15 115 26 - let%span span44 = "../../../../../creusot-contracts/src/std/ops.rs" 116 14 116 28 + let%span span34 = "../../../../../creusot-contracts/src/std/ops.rs" 117 20 117 24 - let%span span45 = "../../../../../creusot-contracts/src/std/ops.rs" 110 19 110 23 + let%span span35 = "../../../../../creusot-contracts/src/std/ops.rs" 117 26 117 27 - let%span span46 = "../../../../../creusot-contracts/src/std/ops.rs" 109 14 109 31 + let%span span36 = "../../../../../creusot-contracts/src/std/ops.rs" 117 35 117 36 - let%span span47 = "../../../../../creusot-contracts/src/std/ops.rs" 103 15 103 48 + let%span span37 = "../../../../../creusot-contracts/src/std/ops.rs" 116 14 116 28 - let%span span48 = "../../../../../creusot-contracts/src/std/ops.rs" 105 37 105 41 + let%span span38 = "../../../../../creusot-contracts/src/std/ops.rs" 110 19 110 23 - let%span span49 = "../../../../../creusot-contracts/src/std/ops.rs" 105 43 105 47 + let%span span39 = "../../../../../creusot-contracts/src/std/ops.rs" 109 14 109 31 - let%span span50 = "../../../../../creusot-contracts/src/std/ops.rs" 105 55 105 58 + let%span span40 = "../../../../../creusot-contracts/src/std/ops.rs" 103 15 103 48 - let%span span51 = "../../../../../creusot-contracts/src/std/ops.rs" 104 14 104 35 + let%span span41 = "../../../../../creusot-contracts/src/std/ops.rs" 105 37 105 41 - let%span span52 = "../common.rs" 18 15 18 32 + let%span span42 = "../../../../../creusot-contracts/src/std/ops.rs" 105 43 105 47 - let%span span53 = "../common.rs" 19 15 19 32 + let%span span43 = "../../../../../creusot-contracts/src/std/ops.rs" 105 55 105 58 - let%span span54 = "../common.rs" 21 22 21 23 + let%span span44 = "../../../../../creusot-contracts/src/std/ops.rs" 104 14 104 35 - let%span span55 = "../common.rs" 21 31 21 33 + let%span span45 = "../common.rs" 18 15 18 32 - let%span span56 = "../common.rs" 21 52 21 53 + let%span span46 = "../common.rs" 19 15 19 32 - let%span span57 = "../common.rs" 21 61 21 63 + let%span span47 = "../common.rs" 21 22 21 23 - let%span span58 = "../common.rs" 21 82 21 83 + let%span span48 = "../common.rs" 21 52 21 53 - let%span span59 = "../common.rs" 20 14 20 42 + let%span span49 = "../common.rs" 21 82 21 83 - let%span span60 = "../common.rs" 15 21 15 25 + let%span span50 = "../common.rs" 20 14 20 42 - let%span span61 = "../common.rs" 14 14 14 45 + let%span span51 = "../common.rs" 15 21 15 25 - let%span span62 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span52 = "../common.rs" 14 14 14 45 - let%span span63 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span53 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 use prelude.prelude.Borrow @@ -2037,25 +1720,25 @@ module C06MapPrecond_Impl1_ProducesOneInvariant_Impl use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 + predicate invariant'7 (self : Seq'0.t_seq item'0) - predicate invariant'7 (self : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) + predicate inv'7 (_x : Seq'0.t_seq item'0) - predicate inv'7 (_x : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) + axiom inv'7 : forall x : Seq'0.t_seq item'0 . inv'7 x = true - axiom inv'7 : forall x : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)) . inv'7 x = true + use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 - predicate invariant'6 (self : f) + predicate invariant'6 (self : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) - predicate inv'6 (_x : f) + predicate inv'6 (_x : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) - axiom inv'6 : forall x : f . inv'6 x = true + axiom inv'6 : forall x : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)) . inv'6 x = true - predicate invariant'5 (self : Seq'0.t_seq item'0) + predicate invariant'5 (self : f) - predicate inv'5 (_x : Seq'0.t_seq item'0) + predicate inv'5 (_x : f) - axiom inv'5 : forall x : Seq'0.t_seq item'0 . inv'5 x = true + axiom inv'5 : forall x : f . inv'5 x = true predicate invariant'4 (self : i) @@ -2087,90 +1770,75 @@ module C06MapPrecond_Impl1_ProducesOneInvariant_Impl function new'0 (x : Seq'0.t_seq item'0) : Snapshot'0.t_snapshot (Seq'0.t_seq item'0) - axiom new'0_spec : forall x : Seq'0.t_seq item'0 . ([%#span20] inv'5 x) -> ([%#span21] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : Seq'0.t_seq item'0 . ([%#span16] inv'7 x) -> ([%#span17] deref'0 (new'0 x) = x) predicate produces'0 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) use prelude.prelude.Int - use seq.Seq - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span22] inv'5 self) -> ([%#span23] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span18] len'0 self >= 0 function singleton'0 (v : item'0) : Seq'0.t_seq item'0 axiom singleton'0_spec : forall v : item'0 . ([%#sseq210] inv'1 v) - -> ([%#sseq213] inv'5 (singleton'0 v)) - && ([%#sseq212] index_logic'0 (singleton'0 v) 0 = v) && ([%#sseq211] len'0 (singleton'0 v) = 1) + -> ([%#sseq212] index_logic'0 (singleton'0 v) 0 = v) && ([%#sseq211] len'0 (singleton'0 v) = 1) predicate next_precondition'0 [#"../06_map_precond.rs" 83 4 83 74] (iter : i) (func : f) (produced : Seq'0.t_seq item'0) = - [%#span24] forall i : i . forall e : item'0 . inv'4 i + [%#span19] forall i : i . forall e : item'0 . inv'4 i -> inv'1 e -> produces'0 iter (singleton'0 e) i -> precondition'0 func (e, new'0 produced) predicate postcondition_mut'0 (self : borrowed f) (_2 : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) (_3 : b) - use seq.Seq - function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#sseq214] inv'5 self) - -> ([%#sseq215] inv'5 other) - -> ([%#sseq218] inv'5 (concat'0 self other)) - && ([%#sseq217] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#sseq214] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#sseq216] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#sseq213] len'0 (concat'0 self other) = len'0 self + len'0 other) function push'0 [@inline:trivial] (self : Seq'0.t_seq item'0) (v : item'0) : Seq'0.t_seq item'0 = - [%#span25] concat'0 self (singleton'0 v) + [%#span20] concat'0 self (singleton'0 v) predicate unnest'0 (self : f) (_2 : f) predicate preservation'0 [#"../06_map_precond.rs" 105 4 105 45] (iter : i) (func : f) = - [%#span26] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'4 i + [%#span21] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'4 i -> inv'2 b -> inv'3 f -> inv'1 e2 -> inv'1 e1 - -> inv'5 s -> unnest'0 func ( * f) -> produces'0 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 s) -> postcondition_mut'0 f (e1, new'0 s) b -> precondition'0 ( ^ f) (e2, new'0 (push'0 s e1)) - constant empty'0 : Seq'0.t_seq item'0 = [%#span27] () + constant empty'0 : Seq'0.t_seq item'0 predicate preservation_inv'0 [#"../06_map_precond.rs" 93 4 93 73] (iter : i) (func : f) (produced : Seq'0.t_seq item'0) = - [%#span32] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'4 i + [%#span25] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'4 i -> inv'2 b -> inv'3 f -> inv'1 e2 -> inv'1 e1 - -> inv'5 s -> unnest'0 func ( * f) -> produces'0 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 (concat'0 produced s)) -> postcondition_mut'0 f (e1, new'0 (concat'0 produced s)) b -> precondition'0 ( ^ f) (e2, new'0 (push'0 (concat'0 produced s) e1)) - axiom preservation_inv'0_spec : forall iter : i, func : f, produced : Seq'0.t_seq item'0 . ([%#span28] inv'4 iter) - -> ([%#span29] inv'6 func) - -> ([%#span30] inv'5 produced) - -> ([%#span31] produced = (empty'0 : Seq'0.t_seq item'0) + axiom preservation_inv'0_spec : forall iter : i, func : f, produced : Seq'0.t_seq item'0 . ([%#span22] inv'4 iter) + -> ([%#span23] inv'5 func) + -> ([%#span24] produced = (empty'0 : Seq'0.t_seq item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func) use C06MapPrecond_Map_Type as C06MapPrecond_Map_Type @@ -2178,7 +1846,7 @@ module C06MapPrecond_Impl1_ProducesOneInvariant_Impl predicate completed'0 [#"../common.rs" 11 4 11 36] (self : borrowed i) predicate reinitialize'0 [#"../06_map_precond.rs" 117 4 117 29] (_1 : ()) = - [%#span33] forall func : f . forall iter : borrowed i . inv'6 func + [%#span26] forall func : f . forall iter : borrowed i . inv'5 func -> inv'8 iter -> completed'0 iter -> next_precondition'0 ( ^ iter) func (empty'0 : Seq'0.t_seq item'0) /\ preservation'0 ( ^ iter) func @@ -2186,7 +1854,7 @@ module C06MapPrecond_Impl1_ProducesOneInvariant_Impl use C06MapPrecond_Map_Type as Map'0 predicate invariant'0 [#"../06_map_precond.rs" 157 4 157 30] (self : Map'0.t_map i b f item'0) = - [%#span34] reinitialize'0 () + [%#span27] reinitialize'0 () /\ preservation_inv'0 (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (deref'0 (C06MapPrecond_Map_Type.map_produced self)) /\ next_precondition'0 (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (deref'0 (C06MapPrecond_Map_Type.map_produced self)) @@ -2204,48 +1872,45 @@ module C06MapPrecond_Impl1_ProducesOneInvariant_Impl function fn_mut_once'0 (self : f) (args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) (res : b) : () - axiom fn_mut_once'0_spec : forall self : f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span35] inv'6 self) - -> ([%#span36] inv'7 args) - -> ([%#span37] inv'2 res) - -> ([%#span38] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span28] inv'5 self) + -> ([%#span29] inv'6 args) + -> ([%#span30] inv'2 res) + -> ([%#span31] postcondition_once'0 self args res = (exists s : borrowed f . inv'3 s /\ * s = self /\ postcondition_mut'0 s args res /\ resolve'0 ( ^ s))) function unnest_trans'0 (self : f) (b : f) (c : f) : () - axiom unnest_trans'0_spec : forall self : f, b : f, c : f . ([%#span39] unnest'0 self b) - -> ([%#span40] unnest'0 b c) - -> ([%#span41] inv'6 self) -> ([%#span42] inv'6 b) -> ([%#span43] inv'6 c) -> ([%#span44] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : f, b : f, c : f . ([%#span32] unnest'0 self b) + -> ([%#span33] unnest'0 b c) + -> ([%#span34] inv'5 self) -> ([%#span35] inv'5 b) -> ([%#span36] inv'5 c) -> ([%#span37] unnest'0 self c) function unnest_refl'0 (self : f) : () - axiom unnest_refl'0_spec : forall self : f . ([%#span45] inv'6 self) -> ([%#span46] unnest'0 self self) + axiom unnest_refl'0_spec : forall self : f . ([%#span38] inv'5 self) -> ([%#span39] unnest'0 self self) function postcondition_mut_unnest'0 (self : borrowed f) (args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) (res : b) : () - axiom postcondition_mut_unnest'0_spec : forall self : borrowed f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span47] postcondition_mut'0 self args res) - -> ([%#span48] inv'3 self) - -> ([%#span49] inv'7 args) -> ([%#span50] inv'2 res) -> ([%#span51] unnest'0 ( * self) ( ^ self)) + axiom postcondition_mut_unnest'0_spec : forall self : borrowed f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span40] postcondition_mut'0 self args res) + -> ([%#span41] inv'3 self) + -> ([%#span42] inv'6 args) -> ([%#span43] inv'2 res) -> ([%#span44] unnest'0 ( * self) ( ^ self)) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span52] produces'0 a ab b) - -> ([%#span53] produces'0 b bc c) - -> ([%#span54] inv'4 a) - -> ([%#span55] inv'5 ab) - -> ([%#span56] inv'4 b) - -> ([%#span57] inv'5 bc) -> ([%#span58] inv'4 c) -> ([%#span59] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span45] produces'0 a ab b) + -> ([%#span46] produces'0 b bc c) + -> ([%#span47] inv'4 a) + -> ([%#span48] inv'4 b) -> ([%#span49] inv'4 c) -> ([%#span50] produces'0 a (concat'0 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span60] inv'4 self) - -> ([%#span61] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : i . ([%#span51] inv'4 self) + -> ([%#span52] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) - function empty_len'0 (_1 : ()) : () = - [%#span63] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span62] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span53] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 constant self : Map'0.t_map i b f item'0 @@ -2270,32 +1935,16 @@ module C06MapPrecond_Impl1_ProducesOneInvariant_Impl -> ([%#s06_map_precond0] produces'0 (C06MapPrecond_Map_Type.map_iter self) (singleton'0 e) iter) -> (forall i : i . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . if inv'4 i then if inv'1 e2 then - if inv'1 e1 then - if inv'5 s then - if produces'0 iter (push'0 (push'0 s e1) e2) i then - ([%#sseq210] inv'1 e) - /\ (([%#sseq213] inv'5 (singleton'0 e)) - && ([%#sseq212] index_logic'0 (singleton'0 e) 0 = e) && ([%#sseq211] len'0 (singleton'0 e) = 1) - -> ([%#sseq215] inv'5 s) && ([%#sseq214] inv'5 (singleton'0 e))) - else - true - - else - true - - else - true - + if inv'1 e1 then if produces'0 iter (push'0 (push'0 s e1) e2) i then [%#sseq210] inv'1 e else true else true else true else true ) - /\ ([%#s06_map_precond19] forall i : i . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'4 i + /\ ([%#s06_map_precond15] forall i : i . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'4 i -> inv'1 e2 -> inv'1 e1 - -> inv'5 s -> produces'0 iter (push'0 (push'0 s e1) e2) i -> produces'0 (C06MapPrecond_Map_Type.map_iter self) (push'0 (push'0 (concat'0 (singleton'0 e) s) e1) e2) i) && (let _ = () in ([%#s06_map_precond9] next_precondition'0 iter ( ^ f) (push'0 (deref'0 (C06MapPrecond_Map_Type.map_produced self)) e)) @@ -2312,233 +1961,189 @@ module C06MapPrecond_Impl0_Next let%span s06_map_precond1 = "../06_map_precond.rs" 66 16 66 76 - let%span s06_map_precond2 = "../06_map_precond.rs" 67 31 67 66 - - let%span s06_map_precond3 = "../06_map_precond.rs" 70 16 70 58 - - let%span s06_map_precond4 = "../06_map_precond.rs" 74 32 74 56 - - let%span s06_map_precond5 = "../06_map_precond.rs" 63 17 63 21 - - let%span s06_map_precond6 = "../06_map_precond.rs" 59 14 62 5 - - let%span s06_map_precond7 = "../06_map_precond.rs" 63 26 63 44 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span13 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - - let%span span14 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span s06_map_precond2 = "../06_map_precond.rs" 67 31 67 66 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span s06_map_precond3 = "../06_map_precond.rs" 70 16 70 58 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span s06_map_precond4 = "../06_map_precond.rs" 74 32 74 56 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span s06_map_precond5 = "../06_map_precond.rs" 63 17 63 21 - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span s06_map_precond6 = "../06_map_precond.rs" 59 14 62 5 - let%span span19 = "../06_map_precond.rs" 84 8 88 9 + let%span s06_map_precond7 = "../06_map_precond.rs" 63 26 63 44 - let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span10 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span11 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span26 = "../06_map_precond.rs" 106 8 113 9 + let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span27 = "../06_map_precond.rs" 93 24 93 28 + let%span span15 = "../06_map_precond.rs" 84 8 88 9 - let%span span28 = "../06_map_precond.rs" 93 33 93 37 + let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span29 = "../06_map_precond.rs" 93 42 93 50 + let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span30 = "../06_map_precond.rs" 92 4 92 83 + let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span31 = "../06_map_precond.rs" 94 8 101 9 + let%span span19 = "../06_map_precond.rs" 106 8 113 9 - let%span span32 = "../06_map_precond.rs" 118 8 123 9 + let%span span20 = "../06_map_precond.rs" 93 24 93 28 - let%span span33 = "../06_map_precond.rs" 159 12 161 73 + let%span span21 = "../06_map_precond.rs" 93 33 93 37 - let%span span34 = "../../../../../creusot-contracts/src/std/ops.rs" 123 19 123 23 + let%span span22 = "../06_map_precond.rs" 92 4 92 83 - let%span span35 = "../../../../../creusot-contracts/src/std/ops.rs" 123 25 123 29 + let%span span23 = "../06_map_precond.rs" 94 8 101 9 - let%span span36 = "../../../../../creusot-contracts/src/std/ops.rs" 123 37 123 40 + let%span span24 = "../06_map_precond.rs" 118 8 123 9 - let%span span37 = "../../../../../creusot-contracts/src/std/ops.rs" 122 14 122 135 + let%span span25 = "../06_map_precond.rs" 159 12 161 73 - let%span span38 = "../../../../../creusot-contracts/src/std/ops.rs" 114 15 114 29 + let%span span26 = "../../../../../creusot-contracts/src/std/ops.rs" 123 19 123 23 - let%span span39 = "../../../../../creusot-contracts/src/std/ops.rs" 115 15 115 26 + let%span span27 = "../../../../../creusot-contracts/src/std/ops.rs" 123 25 123 29 - let%span span40 = "../../../../../creusot-contracts/src/std/ops.rs" 117 20 117 24 + let%span span28 = "../../../../../creusot-contracts/src/std/ops.rs" 123 37 123 40 - let%span span41 = "../../../../../creusot-contracts/src/std/ops.rs" 117 26 117 27 + let%span span29 = "../../../../../creusot-contracts/src/std/ops.rs" 122 14 122 135 - let%span span42 = "../../../../../creusot-contracts/src/std/ops.rs" 117 35 117 36 + let%span span30 = "../../../../../creusot-contracts/src/std/ops.rs" 114 15 114 29 - let%span span43 = "../../../../../creusot-contracts/src/std/ops.rs" 116 14 116 28 + let%span span31 = "../../../../../creusot-contracts/src/std/ops.rs" 115 15 115 26 - let%span span44 = "../../../../../creusot-contracts/src/std/ops.rs" 110 19 110 23 + let%span span32 = "../../../../../creusot-contracts/src/std/ops.rs" 117 20 117 24 - let%span span45 = "../../../../../creusot-contracts/src/std/ops.rs" 109 14 109 31 + let%span span33 = "../../../../../creusot-contracts/src/std/ops.rs" 117 26 117 27 - let%span span46 = "../../../../../creusot-contracts/src/std/ops.rs" 103 15 103 48 + let%span span34 = "../../../../../creusot-contracts/src/std/ops.rs" 117 35 117 36 - let%span span47 = "../../../../../creusot-contracts/src/std/ops.rs" 105 37 105 41 + let%span span35 = "../../../../../creusot-contracts/src/std/ops.rs" 116 14 116 28 - let%span span48 = "../../../../../creusot-contracts/src/std/ops.rs" 105 43 105 47 + let%span span36 = "../../../../../creusot-contracts/src/std/ops.rs" 110 19 110 23 - let%span span49 = "../../../../../creusot-contracts/src/std/ops.rs" 105 55 105 58 + let%span span37 = "../../../../../creusot-contracts/src/std/ops.rs" 109 14 109 31 - let%span span50 = "../../../../../creusot-contracts/src/std/ops.rs" 104 14 104 35 + let%span span38 = "../../../../../creusot-contracts/src/std/ops.rs" 103 15 103 48 - let%span span51 = "../common.rs" 18 15 18 32 + let%span span39 = "../../../../../creusot-contracts/src/std/ops.rs" 105 37 105 41 - let%span span52 = "../common.rs" 19 15 19 32 + let%span span40 = "../../../../../creusot-contracts/src/std/ops.rs" 105 43 105 47 - let%span span53 = "../common.rs" 21 22 21 23 + let%span span41 = "../../../../../creusot-contracts/src/std/ops.rs" 105 55 105 58 - let%span span54 = "../common.rs" 21 31 21 33 + let%span span42 = "../../../../../creusot-contracts/src/std/ops.rs" 104 14 104 35 - let%span span55 = "../common.rs" 21 52 21 53 + let%span span43 = "../common.rs" 18 15 18 32 - let%span span56 = "../common.rs" 21 61 21 63 + let%span span44 = "../common.rs" 19 15 19 32 - let%span span57 = "../common.rs" 21 82 21 83 + let%span span45 = "../common.rs" 21 22 21 23 - let%span span58 = "../common.rs" 20 14 20 42 + let%span span46 = "../common.rs" 21 52 21 53 - let%span span59 = "../common.rs" 15 21 15 25 + let%span span47 = "../common.rs" 21 82 21 83 - let%span span60 = "../common.rs" 14 14 14 45 + let%span span48 = "../common.rs" 20 14 20 42 - let%span span61 = "../../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 + let%span span49 = "../common.rs" 15 21 15 25 - let%span span62 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 + let%span span50 = "../common.rs" 14 14 14 45 - let%span span63 = "../../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 + let%span span51 = "../../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span span64 = "../../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 + let%span span52 = "../../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span span65 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 + let%span span53 = "../../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span span66 = "../06_map_precond.rs" 44 8 56 9 + let%span span54 = "../06_map_precond.rs" 44 8 56 9 - let%span span67 = "../06_map_precond.rs" 142 20 142 24 + let%span span55 = "../06_map_precond.rs" 142 20 142 24 - let%span span68 = "../06_map_precond.rs" 142 26 142 33 + let%span span56 = "../06_map_precond.rs" 142 26 142 33 - let%span span69 = "../06_map_precond.rs" 142 38 142 42 + let%span span57 = "../06_map_precond.rs" 142 38 142 42 - let%span span70 = "../06_map_precond.rs" 141 14 141 68 + let%span span58 = "../06_map_precond.rs" 141 14 141 68 - let%span span71 = "../06_map_precond.rs" 143 8 149 9 + let%span span59 = "../06_map_precond.rs" 143 8 149 9 - let%span span72 = "../06_map_precond.rs" 22 8 25 9 + let%span span60 = "../06_map_precond.rs" 22 8 25 9 - let%span span73 = "../06_map_precond.rs" 127 4 127 60 + let%span span61 = "../06_map_precond.rs" 127 4 127 60 - let%span span74 = "../06_map_precond.rs" 128 15 128 30 + let%span span62 = "../06_map_precond.rs" 128 15 128 30 - let%span span75 = "../06_map_precond.rs" 129 15 129 57 + let%span span63 = "../06_map_precond.rs" 129 15 129 57 - let%span span76 = "../06_map_precond.rs" 132 30 132 34 + let%span span64 = "../06_map_precond.rs" 132 30 132 34 - let%span span77 = "../06_map_precond.rs" 132 36 132 37 + let%span span65 = "../06_map_precond.rs" 132 36 132 37 - let%span span78 = "../06_map_precond.rs" 132 48 132 49 + let%span span66 = "../06_map_precond.rs" 132 48 132 49 - let%span span79 = "../06_map_precond.rs" 132 54 132 55 + let%span span67 = "../06_map_precond.rs" 132 54 132 55 - let%span span80 = "../06_map_precond.rs" 132 65 132 69 + let%span span68 = "../06_map_precond.rs" 132 65 132 69 - let%span span81 = "../06_map_precond.rs" 130 14 130 69 + let%span span69 = "../06_map_precond.rs" 130 14 130 69 - let%span span82 = "../06_map_precond.rs" 131 14 131 70 + let%span span70 = "../06_map_precond.rs" 131 14 131 70 - let%span span83 = "../06_map_precond.rs" 126 4 126 12 + let%span span71 = "../06_map_precond.rs" 126 4 126 12 - let%span span84 = "../../../../../creusot-contracts/src/std/ops.rs" 160 27 160 52 + let%span span72 = "../../../../../creusot-contracts/src/std/ops.rs" 160 27 160 52 - let%span span85 = "" 0 0 0 0 + let%span span73 = "" 0 0 0 0 - let%span span86 = "" 0 0 0 0 + let%span span74 = "" 0 0 0 0 - let%span span87 = "../../../../../creusot-contracts/src/std/ops.rs" 148 0 172 1 + let%span span75 = "../../../../../creusot-contracts/src/std/ops.rs" 148 0 172 1 - let%span span88 = "" 0 0 0 0 + let%span span76 = "" 0 0 0 0 - let%span span89 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span77 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span90 = "../common.rs" 27 17 27 21 + let%span span78 = "../common.rs" 27 17 27 21 - let%span span91 = "../common.rs" 23 14 26 5 + let%span span79 = "../common.rs" 23 14 26 5 - let%span span92 = "../common.rs" 27 26 27 44 + let%span span80 = "../common.rs" 27 26 27 44 use prelude.prelude.Int - use seq.Seq - use prelude.prelude.Borrow - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'14 (_x : Seq'0.t_seq (borrowed f)) - function len'2 (self : Seq'0.t_seq (borrowed f)) : int - axiom len'2_spec : forall self : Seq'0.t_seq (borrowed f) . ([%#span8] inv'14 self) -> ([%#span9] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq (borrowed f) . [%#span8] len'2 self >= 0 - constant empty'2 : Seq'0.t_seq (borrowed f) = [%#span10] () + constant empty'2 : Seq'0.t_seq (borrowed f) - function empty_len'2 (_1 : ()) : () = - [%#span12] () + function empty_len'2 (_1 : ()) : () - axiom empty_len'2_spec : forall _1 : () . [%#span11] len'2 (empty'2 : Seq'0.t_seq (borrowed f)) = 0 - - predicate invariant'14 (self : Seq'0.t_seq (borrowed f)) - - axiom inv'14 : forall x : Seq'0.t_seq (borrowed f) . inv'14 x = true - - predicate invariant'13 (self : Seq'0.t_seq b) - - predicate inv'13 (_x : Seq'0.t_seq b) - - axiom inv'13 : forall x : Seq'0.t_seq b . inv'13 x = true - - use seq.Seq + axiom empty_len'2_spec : forall _1 : () . [%#span9] len'2 (empty'2 : Seq'0.t_seq (borrowed f)) = 0 function len'1 (self : Seq'0.t_seq b) : int - axiom len'1_spec : forall self : Seq'0.t_seq b . ([%#span8] inv'13 self) -> ([%#span9] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq b . [%#span8] len'1 self >= 0 - constant empty'1 : Seq'0.t_seq b = [%#span10] () + constant empty'1 : Seq'0.t_seq b - function empty_len'1 (_1 : ()) : () = - [%#span12] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span11] len'1 (empty'1 : Seq'0.t_seq b) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span9] len'1 (empty'1 : Seq'0.t_seq b) = 0 predicate invariant'12 (self : ()) @@ -2568,50 +2173,40 @@ module C06MapPrecond_Impl0_Next function new'0 (x : Seq'0.t_seq item'0) : Snapshot'0.t_snapshot (Seq'0.t_seq item'0) - axiom new'0_spec : forall x : Seq'0.t_seq item'0 . ([%#span13] inv'6 x) -> ([%#span14] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : Seq'0.t_seq item'0 . ([%#span10] inv'6 x) -> ([%#span11] deref'0 (new'0 x) = x) predicate produces'0 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span8] inv'6 self) -> ([%#span9] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span8] len'0 self >= 0 function singleton'0 (v : item'0) : Seq'0.t_seq item'0 - axiom singleton'0_spec : forall v : item'0 . ([%#span15] inv'11 v) - -> ([%#span18] inv'6 (singleton'0 v)) - && ([%#span17] index_logic'0 (singleton'0 v) 0 = v) && ([%#span16] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : item'0 . ([%#span12] inv'11 v) + -> ([%#span14] index_logic'0 (singleton'0 v) 0 = v) && ([%#span13] len'0 (singleton'0 v) = 1) predicate next_precondition'0 [#"../06_map_precond.rs" 83 4 83 74] (iter : i) (func : f) (produced : Seq'0.t_seq item'0) = - [%#span19] forall i : i . forall e : item'0 . inv'0 i + [%#span15] forall i : i . forall e : item'0 . inv'0 i -> inv'11 e -> produces'0 iter (singleton'0 e) i -> precondition'0 func (e, new'0 produced) predicate postcondition_mut'0 (self : borrowed f) (_2 : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) (_3 : b) - use seq.Seq - function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span20] inv'6 self) - -> ([%#span21] inv'6 other) - -> ([%#span24] inv'6 (concat'0 self other)) - && ([%#span23] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span17] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span22] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span16] len'0 (concat'0 self other) = len'0 self + len'0 other) function push'0 [@inline:trivial] (self : Seq'0.t_seq item'0) (v : item'0) : Seq'0.t_seq item'0 = - [%#span25] concat'0 self (singleton'0 v) + [%#span18] concat'0 self (singleton'0 v) predicate unnest'0 (self : f) (_2 : f) @@ -2620,38 +2215,35 @@ module C06MapPrecond_Impl0_Next predicate inv'9 (_x : b) predicate preservation'0 [#"../06_map_precond.rs" 105 4 105 45] (iter : i) (func : f) = - [%#span26] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'0 i + [%#span19] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'0 i -> inv'9 b -> inv'7 f -> inv'11 e2 -> inv'11 e1 - -> inv'6 s -> unnest'0 func ( * f) -> produces'0 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 s) -> postcondition_mut'0 f (e1, new'0 s) b -> precondition'0 ( ^ f) (e2, new'0 (push'0 s e1)) - constant empty'0 : Seq'0.t_seq item'0 = [%#span10] () + constant empty'0 : Seq'0.t_seq item'0 predicate preservation_inv'0 [#"../06_map_precond.rs" 93 4 93 73] (iter : i) (func : f) (produced : Seq'0.t_seq item'0) = - [%#span31] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'0 i + [%#span23] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'0 i -> inv'9 b -> inv'7 f -> inv'11 e2 -> inv'11 e1 - -> inv'6 s -> unnest'0 func ( * f) -> produces'0 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 (concat'0 produced s)) -> postcondition_mut'0 f (e1, new'0 (concat'0 produced s)) b -> precondition'0 ( ^ f) (e2, new'0 (push'0 (concat'0 produced s) e1)) - axiom preservation_inv'0_spec : forall iter : i, func : f, produced : Seq'0.t_seq item'0 . ([%#span27] inv'0 iter) - -> ([%#span28] inv'3 func) - -> ([%#span29] inv'6 produced) - -> ([%#span30] produced = (empty'0 : Seq'0.t_seq item'0) + axiom preservation_inv'0_spec : forall iter : i, func : f, produced : Seq'0.t_seq item'0 . ([%#span20] inv'0 iter) + -> ([%#span21] inv'3 func) + -> ([%#span22] produced = (empty'0 : Seq'0.t_seq item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func) use C06MapPrecond_Map_Type as C06MapPrecond_Map_Type @@ -2661,7 +2253,7 @@ module C06MapPrecond_Impl0_Next predicate inv'5 (_x : borrowed i) predicate reinitialize'0 [#"../06_map_precond.rs" 117 4 117 29] (_1 : ()) = - [%#span32] forall func : f . forall iter : borrowed i . inv'3 func + [%#span24] forall func : f . forall iter : borrowed i . inv'3 func -> inv'5 iter -> completed'1 iter -> next_precondition'0 ( ^ iter) func (empty'0 : Seq'0.t_seq item'0) /\ preservation'0 ( ^ iter) func @@ -2669,7 +2261,7 @@ module C06MapPrecond_Impl0_Next use C06MapPrecond_Map_Type as Map'0 predicate invariant'10 [#"../06_map_precond.rs" 157 4 157 30] (self : Map'0.t_map i b f item'0) = - [%#span33] reinitialize'0 () + [%#span25] reinitialize'0 () /\ preservation_inv'0 (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (deref'0 (C06MapPrecond_Map_Type.map_produced self)) /\ next_precondition'0 (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (deref'0 (C06MapPrecond_Map_Type.map_produced self)) @@ -2693,28 +2285,28 @@ module C06MapPrecond_Impl0_Next function fn_mut_once'0 (self : f) (args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) (res : b) : () - axiom fn_mut_once'0_spec : forall self : f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span34] inv'3 self) - -> ([%#span35] inv'8 args) - -> ([%#span36] inv'9 res) - -> ([%#span37] postcondition_once'0 self args res + axiom fn_mut_once'0_spec : forall self : f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span26] inv'3 self) + -> ([%#span27] inv'8 args) + -> ([%#span28] inv'9 res) + -> ([%#span29] postcondition_once'0 self args res = (exists s : borrowed f . inv'7 s /\ * s = self /\ postcondition_mut'0 s args res /\ resolve'4 ( ^ s))) function unnest_trans'0 (self : f) (b : f) (c : f) : () - axiom unnest_trans'0_spec : forall self : f, b : f, c : f . ([%#span38] unnest'0 self b) - -> ([%#span39] unnest'0 b c) - -> ([%#span40] inv'3 self) -> ([%#span41] inv'3 b) -> ([%#span42] inv'3 c) -> ([%#span43] unnest'0 self c) + axiom unnest_trans'0_spec : forall self : f, b : f, c : f . ([%#span30] unnest'0 self b) + -> ([%#span31] unnest'0 b c) + -> ([%#span32] inv'3 self) -> ([%#span33] inv'3 b) -> ([%#span34] inv'3 c) -> ([%#span35] unnest'0 self c) function unnest_refl'0 (self : f) : () - axiom unnest_refl'0_spec : forall self : f . ([%#span44] inv'3 self) -> ([%#span45] unnest'0 self self) + axiom unnest_refl'0_spec : forall self : f . ([%#span36] inv'3 self) -> ([%#span37] unnest'0 self self) function postcondition_mut_unnest'0 (self : borrowed f) (args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) (res : b) : () - axiom postcondition_mut_unnest'0_spec : forall self : borrowed f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span46] postcondition_mut'0 self args res) - -> ([%#span47] inv'7 self) - -> ([%#span48] inv'8 args) -> ([%#span49] inv'9 res) -> ([%#span50] unnest'0 ( * self) ( ^ self)) + axiom postcondition_mut_unnest'0_spec : forall self : borrowed f, args : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0)), res : b . ([%#span38] postcondition_mut'0 self args res) + -> ([%#span39] inv'7 self) + -> ([%#span40] inv'8 args) -> ([%#span41] inv'9 res) -> ([%#span42] unnest'0 ( * self) ( ^ self)) predicate invariant'8 (self : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) @@ -2744,10 +2336,9 @@ module C06MapPrecond_Impl0_Next axiom inv'3 : forall x : f . inv'3 x = true - function empty_len'0 (_1 : ()) : () = - [%#span12] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span11] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span9] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 predicate invariant'2 (self : Option'0.t_option item'0) @@ -2768,51 +2359,39 @@ module C06MapPrecond_Impl0_Next function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span51] produces'0 a ab b) - -> ([%#span52] produces'0 b bc c) - -> ([%#span53] inv'0 a) - -> ([%#span54] inv'6 ab) - -> ([%#span55] inv'0 b) - -> ([%#span56] inv'6 bc) -> ([%#span57] inv'0 c) -> ([%#span58] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span43] produces'0 a ab b) + -> ([%#span44] produces'0 b bc c) + -> ([%#span45] inv'0 a) + -> ([%#span46] inv'0 b) -> ([%#span47] inv'0 c) -> ([%#span48] produces'0 a (concat'0 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span59] inv'0 self) - -> ([%#span60] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : i . ([%#span49] inv'0 self) + -> ([%#span50] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) function inner'0 (self : Snapshot'0.t_snapshot (Seq'0.t_seq item'0)) : Seq'0.t_seq item'0 - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq b) (x : int) : b - - use prelude.seq_ext.SeqExt + function index_logic'1 (self : Seq'0.t_seq b) (_2 : int) : b function subsequence'0 (self : Seq'0.t_seq item'0) (n : int) (m : int) : Seq'0.t_seq item'0 - axiom subsequence'0_spec : forall self : Seq'0.t_seq item'0, n : int, m : int . ([%#span61] 0 <= n + axiom subsequence'0_spec : forall self : Seq'0.t_seq item'0, n : int, m : int . ([%#span51] 0 <= n /\ n <= m /\ m <= len'0 self) - -> ([%#span62] inv'6 self) - -> ([%#span65] inv'6 (subsequence'0 self n m)) - && ([%#span64] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) + -> ([%#span53] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) -> index_logic'0 (subsequence'0 self n m) i = index_logic'0 self (n + i)) - && ([%#span63] len'0 (subsequence'0 self n m) = m - n) - - use seq.Seq + && ([%#span52] len'0 (subsequence'0 self n m) = m - n) - function index_logic'2 (self : Seq'0.t_seq (borrowed f)) (x : int) : borrowed f + function index_logic'2 (self : Seq'0.t_seq (borrowed f)) (_2 : int) : borrowed f predicate produces'1 [@inline:trivial] [#"../06_map_precond.rs" 43 4 43 67] (self : Map'0.t_map i b f item'0) (visited : Seq'0.t_seq b) (succ : Map'0.t_map i b f item'0) = - [%#span66] unnest'0 (C06MapPrecond_Map_Type.map_func self) (C06MapPrecond_Map_Type.map_func succ) - /\ (exists s : Seq'0.t_seq item'0 . inv'6 s - /\ len'0 s = len'1 visited + [%#span54] unnest'0 (C06MapPrecond_Map_Type.map_func self) (C06MapPrecond_Map_Type.map_func succ) + /\ (exists s : Seq'0.t_seq item'0 . len'0 s = len'1 visited /\ produces'0 (C06MapPrecond_Map_Type.map_iter self) s (C06MapPrecond_Map_Type.map_iter succ) /\ inner'0 (C06MapPrecond_Map_Type.map_produced succ) = concat'0 (deref'0 (C06MapPrecond_Map_Type.map_produced self)) s - /\ (exists fs : Seq'0.t_seq (borrowed f) . inv'14 fs - /\ len'2 fs = len'1 visited + /\ (exists fs : Seq'0.t_seq (borrowed f) . len'2 fs = len'1 visited /\ (forall i : int . 1 <= i /\ i < len'2 fs -> ^ index_logic'2 fs (i - 1) = * index_logic'2 fs i) /\ (if len'1 visited = 0 then C06MapPrecond_Map_Type.map_func self = C06MapPrecond_Map_Type.map_func succ @@ -2825,18 +2404,15 @@ module C06MapPrecond_Impl0_Next /\ precondition'0 ( * index_logic'2 fs i) (index_logic'0 s i, new'0 (concat'0 (deref'0 (C06MapPrecond_Map_Type.map_produced self)) (subsequence'0 s 0 i))) /\ postcondition_mut'0 (index_logic'2 fs i) (index_logic'0 s i, new'0 (concat'0 (deref'0 (C06MapPrecond_Map_Type.map_produced self)) (subsequence'0 s 0 i))) (index_logic'1 visited i)))) - use seq.Seq - function singleton'1 (v : b) : Seq'0.t_seq b - axiom singleton'1_spec : forall v : b . ([%#span15] inv'9 v) - -> ([%#span18] inv'13 (singleton'1 v)) - && ([%#span17] index_logic'1 (singleton'1 v) 0 = v) && ([%#span16] len'1 (singleton'1 v) = 1) + axiom singleton'1_spec : forall v : b . ([%#span12] inv'9 v) + -> ([%#span14] index_logic'1 (singleton'1 v) 0 = v) && ([%#span13] len'1 (singleton'1 v) = 1) predicate produces_one'0 [#"../06_map_precond.rs" 142 4 142 57] (self : Map'0.t_map i b f item'0) (visited : b) (succ : Map'0.t_map i b f item'0) = - [%#span71] exists f : borrowed f . inv'7 f + [%#span59] exists f : borrowed f . inv'7 f /\ * f = C06MapPrecond_Map_Type.map_func self /\ ^ f = C06MapPrecond_Map_Type.map_func succ /\ (exists e : item'0 . inv'11 e @@ -2846,13 +2422,13 @@ module C06MapPrecond_Impl0_Next /\ precondition'0 ( * f) (e, C06MapPrecond_Map_Type.map_produced self) /\ postcondition_mut'0 f (e, C06MapPrecond_Map_Type.map_produced self) visited) - axiom produces_one'0_spec : forall self : Map'0.t_map i b f item'0, visited : b, succ : Map'0.t_map i b f item'0 . ([%#span67] inv'10 self) - -> ([%#span68] inv'9 visited) - -> ([%#span69] inv'10 succ) - -> ([%#span70] produces_one'0 self visited succ = produces'1 self (singleton'1 visited) succ) + axiom produces_one'0_spec : forall self : Map'0.t_map i b f item'0, visited : b, succ : Map'0.t_map i b f item'0 . ([%#span55] inv'10 self) + -> ([%#span56] inv'9 visited) + -> ([%#span57] inv'10 succ) + -> ([%#span58] produces_one'0 self visited succ = produces'1 self (singleton'1 visited) succ) predicate completed'0 [#"../06_map_precond.rs" 21 4 21 35] (self : borrowed (Map'0.t_map i b f item'0)) = - [%#span72] deref'0 (C06MapPrecond_Map_Type.map_produced ( ^ self)) = (empty'0 : Seq'0.t_seq item'0) + [%#span60] deref'0 (C06MapPrecond_Map_Type.map_produced ( ^ self)) = (empty'0 : Seq'0.t_seq item'0) /\ completed'1 (Borrow.borrow_logic (C06MapPrecond_Map_Type.map_iter ( * self)) (C06MapPrecond_Map_Type.map_iter ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) /\ C06MapPrecond_Map_Type.map_func ( * self) = C06MapPrecond_Map_Type.map_func ( ^ self) @@ -2864,42 +2440,42 @@ module C06MapPrecond_Impl0_Next function new'1 (x : ()) : Snapshot'0.t_snapshot () - axiom new'1_spec : forall x : () . ([%#span13] inv'12 x) -> ([%#span14] deref'1 (new'1 x) = x) + axiom new'1_spec : forall x : () . ([%#span10] inv'12 x) -> ([%#span11] deref'1 (new'1 x) = x) function produces_one_invariant'0 [#"../06_map_precond.rs" 132 4 132 73] (self : Map'0.t_map i b f item'0) (e : item'0) (r : b) (f : borrowed f) (iter : i) : () - axiom produces_one_invariant'0_spec : forall self : Map'0.t_map i b f item'0, e : item'0, r : b, f : borrowed f, iter : i . ([%#span73] produces'0 (C06MapPrecond_Map_Type.map_iter self) (singleton'0 e) iter) - -> ([%#span74] * f = C06MapPrecond_Map_Type.map_func self) - -> ([%#span75] postcondition_mut'0 f (e, C06MapPrecond_Map_Type.map_produced self) r) - -> ([%#span76] inv'10 self) - -> ([%#span77] inv'11 e) - -> ([%#span78] inv'9 r) - -> ([%#span79] inv'7 f) - -> ([%#span80] inv'0 iter) - -> ([%#span82] next_precondition'0 iter ( ^ f) (push'0 (deref'0 (C06MapPrecond_Map_Type.map_produced self)) e)) - && ([%#span81] preservation_inv'0 iter ( ^ f) (push'0 (deref'0 (C06MapPrecond_Map_Type.map_produced self)) e)) + axiom produces_one_invariant'0_spec : forall self : Map'0.t_map i b f item'0, e : item'0, r : b, f : borrowed f, iter : i . ([%#span61] produces'0 (C06MapPrecond_Map_Type.map_iter self) (singleton'0 e) iter) + -> ([%#span62] * f = C06MapPrecond_Map_Type.map_func self) + -> ([%#span63] postcondition_mut'0 f (e, C06MapPrecond_Map_Type.map_produced self) r) + -> ([%#span64] inv'10 self) + -> ([%#span65] inv'11 e) + -> ([%#span66] inv'9 r) + -> ([%#span67] inv'7 f) + -> ([%#span68] inv'0 iter) + -> ([%#span70] next_precondition'0 iter ( ^ f) (push'0 (deref'0 (C06MapPrecond_Map_Type.map_produced self)) e)) + && ([%#span69] preservation_inv'0 iter ( ^ f) (push'0 (deref'0 (C06MapPrecond_Map_Type.map_produced self)) e)) predicate resolve'2 (self : Snapshot'0.t_snapshot (Seq'0.t_seq item'0)) - let rec call_mut'0 (self:borrowed f) (args:(item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) (return' (ret:b))= {[@expl:precondition] [%#span86] inv'8 args} - {[@expl:precondition] [%#span85] inv'7 self} - {[@expl:precondition] [%#span84] precondition'0 ( * self) args} + let rec call_mut'0 (self:borrowed f) (args:(item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) (return' (ret:b))= {[@expl:precondition] [%#span74] inv'8 args} + {[@expl:precondition] [%#span73] inv'7 self} + {[@expl:precondition] [%#span72] precondition'0 ( * self) args} any - [ return' (result:b)-> {[%#span88] inv'9 result} - {[%#span87] postcondition_mut'0 self args result} + [ return' (result:b)-> {[%#span76] inv'9 result} + {[%#span75] postcondition_mut'0 self args result} (! return' {result}) ] predicate resolve'1 (self : Option'0.t_option item'0) predicate resolve'0 (self : borrowed (Map'0.t_map i b f item'0)) = - [%#span89] ^ self = * self + [%#span77] ^ self = * self - let rec next'0 (self:borrowed i) (return' (ret:Option'0.t_option item'0))= {[@expl:precondition] [%#span90] inv'5 self} + let rec next'0 (self:borrowed i) (return' (ret:Option'0.t_option item'0))= {[@expl:precondition] [%#span78] inv'5 self} any - [ return' (result:Option'0.t_option item'0)-> {[%#span92] inv'2 result} - {[%#span91] match result with + [ return' (result:Option'0.t_option item'0)-> {[%#span80] inv'2 result} + {[%#span79] match result with | Option'0.C_None -> completed'1 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} @@ -3098,73 +2674,53 @@ module C06MapPrecond_Map let%span span26 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 - - let%span span30 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 - - let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 - - let%span span32 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 - - let%span span33 = "../06_map_precond.rs" 84 8 88 9 - - let%span span34 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span35 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span36 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span37 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span30 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span38 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span31 = "../06_map_precond.rs" 84 8 88 9 - let%span span39 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 - - let%span span40 = "../06_map_precond.rs" 106 8 113 9 - - let%span span41 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span42 = "../06_map_precond.rs" 93 24 93 28 + let%span span32 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span43 = "../06_map_precond.rs" 93 33 93 37 + let%span span33 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span44 = "../06_map_precond.rs" 93 42 93 50 + let%span span34 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span45 = "../06_map_precond.rs" 92 4 92 83 + let%span span35 = "../06_map_precond.rs" 106 8 113 9 - let%span span46 = "../06_map_precond.rs" 94 8 101 9 + let%span span36 = "../06_map_precond.rs" 93 24 93 28 - let%span span47 = "../06_map_precond.rs" 118 8 123 9 + let%span span37 = "../06_map_precond.rs" 93 33 93 37 - let%span span48 = "../06_map_precond.rs" 159 12 161 73 + let%span span38 = "../06_map_precond.rs" 92 4 92 83 - let%span span49 = "../common.rs" 18 15 18 32 + let%span span39 = "../06_map_precond.rs" 94 8 101 9 - let%span span50 = "../common.rs" 19 15 19 32 + let%span span40 = "../06_map_precond.rs" 118 8 123 9 - let%span span51 = "../common.rs" 21 22 21 23 + let%span span41 = "../06_map_precond.rs" 159 12 161 73 - let%span span52 = "../common.rs" 21 31 21 33 + let%span span42 = "../common.rs" 18 15 18 32 - let%span span53 = "../common.rs" 21 52 21 53 + let%span span43 = "../common.rs" 19 15 19 32 - let%span span54 = "../common.rs" 21 61 21 63 + let%span span44 = "../common.rs" 21 22 21 23 - let%span span55 = "../common.rs" 21 82 21 83 + let%span span45 = "../common.rs" 21 52 21 53 - let%span span56 = "../common.rs" 20 14 20 42 + let%span span46 = "../common.rs" 21 82 21 83 - let%span span57 = "../common.rs" 15 21 15 25 + let%span span47 = "../common.rs" 20 14 20 42 - let%span span58 = "../common.rs" 14 14 14 45 + let%span span48 = "../common.rs" 15 21 15 25 - let%span span59 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span49 = "../common.rs" 14 14 14 45 - let%span span60 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span50 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 type item'0 @@ -3253,82 +2809,67 @@ module C06MapPrecond_Map use prelude.prelude.Int - use seq.Seq - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span27] inv'4 self) -> ([%#span28] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span27] len'0 self >= 0 predicate inv'1 (_x : item'0) function singleton'0 (v : item'0) : Seq'0.t_seq item'0 - axiom singleton'0_spec : forall v : item'0 . ([%#span29] inv'1 v) - -> ([%#span32] inv'4 (singleton'0 v)) - && ([%#span31] index_logic'0 (singleton'0 v) 0 = v) && ([%#span30] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : item'0 . ([%#span28] inv'1 v) + -> ([%#span30] index_logic'0 (singleton'0 v) 0 = v) && ([%#span29] len'0 (singleton'0 v) = 1) predicate next_precondition'0 [#"../06_map_precond.rs" 83 4 83 74] (iter : i) (func : f) (produced : Seq'0.t_seq item'0) = - [%#span33] forall i : i . forall e : item'0 . inv'0 i + [%#span31] forall i : i . forall e : item'0 . inv'0 i -> inv'1 e -> produces'0 iter (singleton'0 e) i -> precondition'0 func (e, new'0 produced) - use seq.Seq - function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span34] inv'4 self) - -> ([%#span35] inv'4 other) - -> ([%#span38] inv'4 (concat'0 self other)) - && ([%#span37] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span33] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span36] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span32] len'0 (concat'0 self other) = len'0 self + len'0 other) function push'0 [@inline:trivial] (self : Seq'0.t_seq item'0) (v : item'0) : Seq'0.t_seq item'0 = - [%#span39] concat'0 self (singleton'0 v) + [%#span34] concat'0 self (singleton'0 v) predicate preservation'0 [#"../06_map_precond.rs" 105 4 105 45] (iter : i) (func : f) = - [%#span40] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'0 i + [%#span35] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'0 i -> inv'6 b -> inv'7 f -> inv'1 e2 -> inv'1 e1 - -> inv'4 s -> unnest'0 func ( * f) -> produces'0 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 s) -> postcondition_mut'0 f (e1, new'0 s) b -> precondition'0 ( ^ f) (e2, new'0 (push'0 s e1)) - constant empty'0 : Seq'0.t_seq item'0 = [%#span41] () + constant empty'0 : Seq'0.t_seq item'0 predicate preservation_inv'0 [#"../06_map_precond.rs" 93 4 93 73] (iter : i) (func : f) (produced : Seq'0.t_seq item'0) = - [%#span46] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'0 i + [%#span39] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'0 i -> inv'6 b -> inv'7 f -> inv'1 e2 -> inv'1 e1 - -> inv'4 s -> unnest'0 func ( * f) -> produces'0 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 (concat'0 produced s)) -> postcondition_mut'0 f (e1, new'0 (concat'0 produced s)) b -> precondition'0 ( ^ f) (e2, new'0 (push'0 (concat'0 produced s) e1)) - axiom preservation_inv'0_spec : forall iter : i, func : f, produced : Seq'0.t_seq item'0 . ([%#span42] inv'0 iter) - -> ([%#span43] inv'2 func) - -> ([%#span44] inv'4 produced) - -> ([%#span45] produced = (empty'0 : Seq'0.t_seq item'0) + axiom preservation_inv'0_spec : forall iter : i, func : f, produced : Seq'0.t_seq item'0 . ([%#span36] inv'0 iter) + -> ([%#span37] inv'2 func) + -> ([%#span38] produced = (empty'0 : Seq'0.t_seq item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func) use C06MapPrecond_Map_Type as C06MapPrecond_Map_Type @@ -3336,7 +2877,7 @@ module C06MapPrecond_Map predicate completed'0 [#"../common.rs" 11 4 11 36] (self : borrowed i) predicate reinitialize'0 [#"../06_map_precond.rs" 117 4 117 29] (_1 : ()) = - [%#span47] forall func : f . forall iter : borrowed i . inv'2 func + [%#span40] forall func : f . forall iter : borrowed i . inv'2 func -> inv'5 iter -> completed'0 iter -> next_precondition'0 ( ^ iter) func (empty'0 : Seq'0.t_seq item'0) /\ preservation'0 ( ^ iter) func @@ -3344,7 +2885,7 @@ module C06MapPrecond_Map use C06MapPrecond_Map_Type as Map'0 predicate invariant'3 [#"../06_map_precond.rs" 157 4 157 30] (self : Map'0.t_map i b f item'0) = - [%#span48] reinitialize'0 () + [%#span41] reinitialize'0 () /\ preservation_inv'0 (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (deref'0 (C06MapPrecond_Map_Type.map_produced self)) /\ next_precondition'0 (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (deref'0 (C06MapPrecond_Map_Type.map_produced self)) @@ -3371,22 +2912,19 @@ module C06MapPrecond_Map function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span49] produces'0 a ab b) - -> ([%#span50] produces'0 b bc c) - -> ([%#span51] inv'0 a) - -> ([%#span52] inv'4 ab) - -> ([%#span53] inv'0 b) - -> ([%#span54] inv'4 bc) -> ([%#span55] inv'0 c) -> ([%#span56] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span42] produces'0 a ab b) + -> ([%#span43] produces'0 b bc c) + -> ([%#span44] inv'0 a) + -> ([%#span45] inv'0 b) -> ([%#span46] inv'0 c) -> ([%#span47] produces'0 a (concat'0 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span57] inv'0 self) - -> ([%#span58] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : i . ([%#span48] inv'0 self) + -> ([%#span49] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) - function empty_len'0 (_1 : ()) : () = - [%#span60] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span59] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span50] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 use prelude.prelude.Intrinsic @@ -3429,17 +2967,9 @@ module C06MapPrecond_Map end module C06MapPrecond_Identity_Closure0_Type - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - use seq.Seq - - use seq.Seq + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 @@ -3460,74 +2990,47 @@ module C06MapPrecond_Identity_Closure0 let%span s06_map_precond1 = "../06_map_precond.rs" 178 14 178 20 - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span12 = "../common.rs" 18 15 18 32 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span13 = "../common.rs" 19 15 19 32 + let%span span6 = "../common.rs" 18 15 18 32 - let%span span14 = "../common.rs" 21 22 21 23 + let%span span7 = "../common.rs" 19 15 19 32 - let%span span15 = "../common.rs" 21 31 21 33 + let%span span8 = "../common.rs" 21 22 21 23 - let%span span16 = "../common.rs" 21 52 21 53 + let%span span9 = "../common.rs" 21 52 21 53 - let%span span17 = "../common.rs" 21 61 21 63 + let%span span10 = "../common.rs" 21 82 21 83 - let%span span18 = "../common.rs" 21 82 21 83 + let%span span11 = "../common.rs" 20 14 20 42 - let%span span19 = "../common.rs" 20 14 20 42 + let%span span12 = "../common.rs" 15 21 15 25 - let%span span20 = "../common.rs" 15 21 15 25 + let%span span13 = "../common.rs" 14 14 14 45 - let%span span21 = "../common.rs" 14 14 14 45 + let%span span14 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span22 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + use prelude.prelude.Int type item'0 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'2 (self : Seq'0.t_seq item'0) - - predicate inv'2 (_x : Seq'0.t_seq item'0) - - axiom inv'2 : forall x : Seq'0.t_seq item'0 . inv'2 x = true - - use prelude.prelude.Int - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span2] inv'2 self) -> ([%#span3] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span2] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq item'0 = [%#span4] () + constant empty'0 : Seq'0.t_seq item'0 - function empty_len'0 (_1 : ()) : () = - [%#span6] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span5] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span3] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 predicate invariant'1 (self : i) @@ -3541,38 +3044,31 @@ module C06MapPrecond_Identity_Closure0 axiom inv'0 : forall x : item'0 . inv'0 x = true - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span7] inv'2 self) - -> ([%#span8] inv'2 other) - -> ([%#span11] inv'2 (concat'0 self other)) - && ([%#span10] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span5] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span9] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span4] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate produces'0 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span12] produces'0 a ab b) - -> ([%#span13] produces'0 b bc c) - -> ([%#span14] inv'1 a) - -> ([%#span15] inv'2 ab) - -> ([%#span16] inv'1 b) - -> ([%#span17] inv'2 bc) -> ([%#span18] inv'1 c) -> ([%#span19] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span6] produces'0 a ab b) + -> ([%#span7] produces'0 b bc c) + -> ([%#span8] inv'1 a) + -> ([%#span9] inv'1 b) -> ([%#span10] inv'1 c) -> ([%#span11] produces'0 a (concat'0 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span20] inv'1 self) - -> ([%#span21] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : i . ([%#span12] inv'1 self) + -> ([%#span13] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) use prelude.prelude.Int16 @@ -3590,7 +3086,7 @@ module C06MapPrecond_Identity_Closure0 use prelude.prelude.Intrinsic predicate resolve'1 (self : borrowed (Closure'0.c06mapprecond_identity_closure0 i)) = - [%#span22] ^ self = * self + [%#span14] ^ self = * self predicate resolve'0 (self : Snapshot'0.t_snapshot (Seq'0.t_seq item'0)) @@ -3619,91 +3115,71 @@ module C06MapPrecond_Identity let%span s06_map_precond0 = "../06_map_precond.rs" 177 29 177 33 - let%span span1 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span1 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span6 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - - let%span span7 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 - - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 - - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 - - let%span span12 = "../06_map_precond.rs" 84 8 88 9 - - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span3 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span4 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span8 = "../06_map_precond.rs" 84 8 88 9 - let%span span19 = "../06_map_precond.rs" 106 8 113 9 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span20 = "../06_map_precond.rs" 93 24 93 28 + let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span21 = "../06_map_precond.rs" 93 33 93 37 + let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span22 = "../06_map_precond.rs" 93 42 93 50 + let%span span12 = "../06_map_precond.rs" 106 8 113 9 - let%span span23 = "../06_map_precond.rs" 92 4 92 83 + let%span span13 = "../06_map_precond.rs" 93 24 93 28 - let%span span24 = "../06_map_precond.rs" 94 8 101 9 + let%span span14 = "../06_map_precond.rs" 93 33 93 37 - let%span span25 = "../06_map_precond.rs" 118 8 123 9 + let%span span15 = "../06_map_precond.rs" 92 4 92 83 - let%span span26 = "../06_map_precond.rs" 159 12 161 73 + let%span span16 = "../06_map_precond.rs" 94 8 101 9 - let%span span27 = "../common.rs" 18 15 18 32 + let%span span17 = "../06_map_precond.rs" 118 8 123 9 - let%span span28 = "../common.rs" 19 15 19 32 + let%span span18 = "../06_map_precond.rs" 159 12 161 73 - let%span span29 = "../common.rs" 21 22 21 23 + let%span span19 = "../common.rs" 18 15 18 32 - let%span span30 = "../common.rs" 21 31 21 33 + let%span span20 = "../common.rs" 19 15 19 32 - let%span span31 = "../common.rs" 21 52 21 53 + let%span span21 = "../common.rs" 21 22 21 23 - let%span span32 = "../common.rs" 21 61 21 63 + let%span span22 = "../common.rs" 21 52 21 53 - let%span span33 = "../common.rs" 21 82 21 83 + let%span span23 = "../common.rs" 21 82 21 83 - let%span span34 = "../common.rs" 20 14 20 42 + let%span span24 = "../common.rs" 20 14 20 42 - let%span span35 = "../common.rs" 15 21 15 25 + let%span span25 = "../common.rs" 15 21 15 25 - let%span span36 = "../common.rs" 14 14 14 45 + let%span span26 = "../common.rs" 14 14 14 45 - let%span span37 = "../06_map_precond.rs" 166 0 166 131 + let%span span27 = "../06_map_precond.rs" 166 0 166 131 - let%span span38 = "../06_map_precond.rs" 167 11 167 41 + let%span span28 = "../06_map_precond.rs" 167 11 167 41 - let%span span39 = "../06_map_precond.rs" 168 11 168 51 + let%span span29 = "../06_map_precond.rs" 168 11 168 51 - let%span span40 = "../06_map_precond.rs" 171 4 171 8 + let%span span30 = "../06_map_precond.rs" 171 4 171 8 - let%span span41 = "../06_map_precond.rs" 172 4 172 8 + let%span span31 = "../06_map_precond.rs" 172 4 172 8 - let%span span42 = "../06_map_precond.rs" 169 10 169 75 + let%span span32 = "../06_map_precond.rs" 169 10 169 75 - let%span span43 = "../06_map_precond.rs" 173 5 173 17 + let%span span33 = "../06_map_precond.rs" 173 5 173 17 type item'0 @@ -3743,20 +3219,15 @@ module C06MapPrecond_Identity use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span1] inv'4 self) -> ([%#span2] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span1] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq item'0 = [%#span3] () + constant empty'0 : Seq'0.t_seq item'0 - function empty_len'0 (_1 : ()) : () = - [%#span5] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span4] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span2] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 predicate invariant'2 (self : item'0) @@ -3779,26 +3250,21 @@ module C06MapPrecond_Identity function new'0 (x : Seq'0.t_seq item'0) : Snapshot'0.t_snapshot (Seq'0.t_seq item'0) - axiom new'0_spec : forall x : Seq'0.t_seq item'0 . ([%#span6] inv'4 x) -> ([%#span7] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : Seq'0.t_seq item'0 . ([%#span3] inv'4 x) -> ([%#span4] deref'0 (new'0 x) = x) predicate produces'0 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function singleton'0 (v : item'0) : Seq'0.t_seq item'0 - axiom singleton'0_spec : forall v : item'0 . ([%#span8] inv'2 v) - -> ([%#span11] inv'4 (singleton'0 v)) - && ([%#span10] index_logic'0 (singleton'0 v) 0 = v) && ([%#span9] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : item'0 . ([%#span5] inv'2 v) + -> ([%#span7] index_logic'0 (singleton'0 v) 0 = v) && ([%#span6] len'0 (singleton'0 v) = 1) predicate next_precondition'0 [#"../06_map_precond.rs" 83 4 83 74] (iter : i) (func : Closure'0.c06mapprecond_identity_closure0 i) (produced : Seq'0.t_seq item'0) = - [%#span12] forall i : i . forall e : item'0 . inv'1 i + [%#span8] forall i : i . forall e : item'0 . inv'1 i -> inv'2 e -> produces'0 iter (singleton'0 e) i -> precondition'0 func (e, new'0 produced) predicate unnest'0 [#"../06_map_precond.rs" 178 14 178 20] (self : Closure'0.c06mapprecond_identity_closure0 i) (_2 : Closure'0.c06mapprecond_identity_closure0 i) @@ -3811,30 +3277,26 @@ module C06MapPrecond_Identity = (let (x, _3) = args in true) /\ unnest'0 ( * self) ( ^ self) - use seq.Seq - function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span13] inv'4 self) - -> ([%#span14] inv'4 other) - -> ([%#span17] inv'4 (concat'0 self other)) - && ([%#span16] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span10] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span15] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span9] len'0 (concat'0 self other) = len'0 self + len'0 other) function push'0 [@inline:trivial] (self : Seq'0.t_seq item'0) (v : item'0) : Seq'0.t_seq item'0 = - [%#span18] concat'0 self (singleton'0 v) + [%#span11] concat'0 self (singleton'0 v) predicate preservation'0 [#"../06_map_precond.rs" 105 4 105 45] (iter : i) (func : Closure'0.c06mapprecond_identity_closure0 i) = - [%#span19] forall i : i . forall b : item'0 . forall f : borrowed (Closure'0.c06mapprecond_identity_closure0 i) . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'1 i + [%#span12] forall i : i . forall b : item'0 . forall f : borrowed (Closure'0.c06mapprecond_identity_closure0 i) . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'1 i -> inv'2 b -> inv'6 f -> inv'2 e2 -> inv'2 e1 - -> inv'4 s -> unnest'0 func ( * f) -> produces'0 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 s) @@ -3843,22 +3305,20 @@ module C06MapPrecond_Identity predicate preservation_inv'0 [#"../06_map_precond.rs" 93 4 93 73] (iter : i) (func : Closure'0.c06mapprecond_identity_closure0 i) (produced : Seq'0.t_seq item'0) = - [%#span24] forall i : i . forall b : item'0 . forall f : borrowed (Closure'0.c06mapprecond_identity_closure0 i) . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'1 i + [%#span16] forall i : i . forall b : item'0 . forall f : borrowed (Closure'0.c06mapprecond_identity_closure0 i) . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'1 i -> inv'2 b -> inv'6 f -> inv'2 e2 -> inv'2 e1 - -> inv'4 s -> unnest'0 func ( * f) -> produces'0 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 (concat'0 produced s)) -> postcondition_mut'0 f (e1, new'0 (concat'0 produced s)) b -> precondition'0 ( ^ f) (e2, new'0 (push'0 (concat'0 produced s) e1)) - axiom preservation_inv'0_spec : forall iter : i, func : Closure'0.c06mapprecond_identity_closure0 i, produced : Seq'0.t_seq item'0 . ([%#span20] inv'1 iter) - -> ([%#span21] inv'3 func) - -> ([%#span22] inv'4 produced) - -> ([%#span23] produced = (empty'0 : Seq'0.t_seq item'0) + axiom preservation_inv'0_spec : forall iter : i, func : Closure'0.c06mapprecond_identity_closure0 i, produced : Seq'0.t_seq item'0 . ([%#span13] inv'1 iter) + -> ([%#span14] inv'3 func) + -> ([%#span15] produced = (empty'0 : Seq'0.t_seq item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func) use C06MapPrecond_Map_Type as C06MapPrecond_Map_Type @@ -3866,7 +3326,7 @@ module C06MapPrecond_Identity predicate completed'0 [#"../common.rs" 11 4 11 36] (self : borrowed i) predicate reinitialize'0 [#"../06_map_precond.rs" 117 4 117 29] (_1 : ()) = - [%#span25] forall func : Closure'0.c06mapprecond_identity_closure0 i . forall iter : borrowed i . inv'3 func + [%#span17] forall func : Closure'0.c06mapprecond_identity_closure0 i . forall iter : borrowed i . inv'3 func -> inv'5 iter -> completed'0 iter -> next_precondition'0 ( ^ iter) func (empty'0 : Seq'0.t_seq item'0) /\ preservation'0 ( ^ iter) func @@ -3876,7 +3336,7 @@ module C06MapPrecond_Identity predicate invariant'0 [#"../06_map_precond.rs" 157 4 157 30] (self : Map'0.t_map i item'0 (Closure'0.c06mapprecond_identity_closure0 i) item'0) = - [%#span26] reinitialize'0 () + [%#span18] reinitialize'0 () /\ preservation_inv'0 (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (deref'0 (C06MapPrecond_Map_Type.map_produced self)) /\ next_precondition'0 (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (deref'0 (C06MapPrecond_Map_Type.map_produced self)) @@ -3891,32 +3351,30 @@ module C06MapPrecond_Identity function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span27] produces'0 a ab b) - -> ([%#span28] produces'0 b bc c) - -> ([%#span29] inv'1 a) - -> ([%#span30] inv'4 ab) - -> ([%#span31] inv'1 b) - -> ([%#span32] inv'4 bc) -> ([%#span33] inv'1 c) -> ([%#span34] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span19] produces'0 a ab b) + -> ([%#span20] produces'0 b bc c) + -> ([%#span21] inv'1 a) + -> ([%#span22] inv'1 b) -> ([%#span23] inv'1 c) -> ([%#span24] produces'0 a (concat'0 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span35] inv'1 self) - -> ([%#span36] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : i . ([%#span25] inv'1 self) + -> ([%#span26] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) use prelude.prelude.Intrinsic predicate resolve'0 (self : Map'0.t_map i item'0 (Closure'0.c06mapprecond_identity_closure0 i) item'0) - let rec map'0 (iter:i) (func:Closure'0.c06mapprecond_identity_closure0 i) (return' (ret:Map'0.t_map i item'0 (Closure'0.c06mapprecond_identity_closure0 i) item'0))= {[@expl:precondition] [%#span41] inv'3 func} - {[@expl:precondition] [%#span40] inv'1 iter} - {[@expl:precondition] [%#span39] preservation'0 iter func} - {[@expl:precondition] [%#span38] reinitialize'0 ()} - {[@expl:precondition] [%#span37] forall i2 : i . forall e : item'0 . inv'1 i2 + let rec map'0 (iter:i) (func:Closure'0.c06mapprecond_identity_closure0 i) (return' (ret:Map'0.t_map i item'0 (Closure'0.c06mapprecond_identity_closure0 i) item'0))= {[@expl:precondition] [%#span31] inv'3 func} + {[@expl:precondition] [%#span30] inv'1 iter} + {[@expl:precondition] [%#span29] preservation'0 iter func} + {[@expl:precondition] [%#span28] reinitialize'0 ()} + {[@expl:precondition] [%#span27] forall i2 : i . forall e : item'0 . inv'1 i2 -> inv'2 e -> produces'0 iter (singleton'0 e) i2 -> precondition'0 func (e, new'0 (empty'0 : Seq'0.t_seq item'0))} any - [ return' (result:Map'0.t_map i item'0 (Closure'0.c06mapprecond_identity_closure0 i) item'0)-> {[%#span43] inv'0 result} - {[%#span42] result = Map'0.C_Map iter func (new'0 (empty'0 : Seq'0.t_seq item'0))} + [ return' (result:Map'0.t_map i item'0 (Closure'0.c06mapprecond_identity_closure0 i) item'0)-> {[%#span33] inv'0 result} + {[%#span32] result = Map'0.C_Map iter func (new'0 (empty'0 : Seq'0.t_seq item'0))} (! return' {result}) ] @@ -4029,129 +3487,101 @@ module C06MapPrecond_Increment let%span span4 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span15 = "../common.rs" 18 15 18 32 - - let%span span16 = "../common.rs" 19 15 19 32 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span17 = "../common.rs" 21 22 21 23 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span18 = "../common.rs" 21 31 21 33 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span19 = "../common.rs" 21 52 21 53 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span20 = "../common.rs" 21 61 21 63 + let%span span9 = "../common.rs" 18 15 18 32 - let%span span21 = "../common.rs" 21 82 21 83 + let%span span10 = "../common.rs" 19 15 19 32 - let%span span22 = "../common.rs" 20 14 20 42 + let%span span11 = "../common.rs" 21 22 21 23 - let%span span23 = "../common.rs" 15 21 15 25 + let%span span12 = "../common.rs" 21 52 21 53 - let%span span24 = "../common.rs" 14 14 14 45 + let%span span13 = "../common.rs" 21 82 21 83 - let%span span25 = "../06_map_precond.rs" 188 19 188 27 + let%span span14 = "../common.rs" 20 14 20 42 - let%span span26 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span15 = "../common.rs" 15 21 15 25 - let%span span27 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span16 = "../common.rs" 14 14 14 45 - let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 + let%span span17 = "../06_map_precond.rs" 188 19 188 27 - let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 + let%span span18 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span30 = "../../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 + let%span span19 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 + let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span span32 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 + let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span span33 = "../06_map_precond.rs" 44 8 56 9 + let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span span34 = "../06_map_precond.rs" 35 15 35 32 + let%span span23 = "../06_map_precond.rs" 44 8 56 9 - let%span span35 = "../06_map_precond.rs" 36 15 36 32 + let%span span24 = "../06_map_precond.rs" 35 15 35 32 - let%span span36 = "../06_map_precond.rs" 38 22 38 23 + let%span span25 = "../06_map_precond.rs" 36 15 36 32 - let%span span37 = "../06_map_precond.rs" 38 31 38 33 + let%span span26 = "../06_map_precond.rs" 38 22 38 23 - let%span span38 = "../06_map_precond.rs" 38 52 38 53 + let%span span27 = "../06_map_precond.rs" 38 52 38 53 - let%span span39 = "../06_map_precond.rs" 38 61 38 63 + let%span span28 = "../06_map_precond.rs" 38 82 38 83 - let%span span40 = "../06_map_precond.rs" 38 82 38 83 + let%span span29 = "../06_map_precond.rs" 37 14 37 42 - let%span span41 = "../06_map_precond.rs" 37 14 37 42 + let%span span30 = "../06_map_precond.rs" 33 4 33 10 - let%span span42 = "../06_map_precond.rs" 33 4 33 10 + let%span span31 = "../06_map_precond.rs" 31 21 31 25 - let%span span43 = "../06_map_precond.rs" 31 21 31 25 + let%span span32 = "../06_map_precond.rs" 30 14 30 45 - let%span span44 = "../06_map_precond.rs" 30 14 30 45 + let%span span33 = "../06_map_precond.rs" 28 4 28 10 - let%span span45 = "../06_map_precond.rs" 28 4 28 10 + let%span span34 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span46 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span35 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span47 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span36 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span48 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span37 = "../06_map_precond.rs" 84 8 88 9 - let%span span49 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span38 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span50 = "../06_map_precond.rs" 84 8 88 9 + let%span span39 = "../06_map_precond.rs" 106 8 113 9 - let%span span51 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span40 = "../06_map_precond.rs" 93 24 93 28 - let%span span52 = "../06_map_precond.rs" 106 8 113 9 + let%span span41 = "../06_map_precond.rs" 93 33 93 37 - let%span span53 = "../06_map_precond.rs" 93 24 93 28 + let%span span42 = "../06_map_precond.rs" 92 4 92 83 - let%span span54 = "../06_map_precond.rs" 93 33 93 37 + let%span span43 = "../06_map_precond.rs" 94 8 101 9 - let%span span55 = "../06_map_precond.rs" 93 42 93 50 + let%span span44 = "../06_map_precond.rs" 118 8 123 9 - let%span span56 = "../06_map_precond.rs" 92 4 92 83 + let%span span45 = "../06_map_precond.rs" 159 12 161 73 - let%span span57 = "../06_map_precond.rs" 94 8 101 9 + let%span span46 = "../06_map_precond.rs" 166 0 166 131 - let%span span58 = "../06_map_precond.rs" 118 8 123 9 + let%span span47 = "../06_map_precond.rs" 167 11 167 41 - let%span span59 = "../06_map_precond.rs" 159 12 161 73 + let%span span48 = "../06_map_precond.rs" 168 11 168 51 - let%span span60 = "../06_map_precond.rs" 166 0 166 131 + let%span span49 = "../06_map_precond.rs" 171 4 171 8 - let%span span61 = "../06_map_precond.rs" 167 11 167 41 + let%span span50 = "../06_map_precond.rs" 172 4 172 8 - let%span span62 = "../06_map_precond.rs" 168 11 168 51 + let%span span51 = "../06_map_precond.rs" 169 10 169 75 - let%span span63 = "../06_map_precond.rs" 171 4 171 8 - - let%span span64 = "../06_map_precond.rs" 172 4 172 8 - - let%span span65 = "../06_map_precond.rs" 169 10 169 75 - - let%span span66 = "../06_map_precond.rs" 173 5 173 17 + let%span span52 = "../06_map_precond.rs" 173 5 173 17 use prelude.prelude.UInt32 @@ -4165,46 +3595,34 @@ module C06MapPrecond_Increment use prelude.prelude.Borrow - predicate invariant'7 (self : borrowed (Closure'0.c06mapprecond_increment_closure2 u)) = + predicate invariant'6 (self : borrowed (Closure'0.c06mapprecond_increment_closure2 u)) = [%#span4] true - predicate inv'7 (_x : borrowed (Closure'0.c06mapprecond_increment_closure2 u)) + predicate inv'6 (_x : borrowed (Closure'0.c06mapprecond_increment_closure2 u)) - axiom inv'7 : forall x : borrowed (Closure'0.c06mapprecond_increment_closure2 u) . inv'7 x = true + axiom inv'6 : forall x : borrowed (Closure'0.c06mapprecond_increment_closure2 u) . inv'6 x = true - use prelude.prelude.Int + predicate invariant'5 (self : Seq'0.t_seq uint32) = + [%#span4] true - use seq.Seq + predicate inv'5 (_x : Seq'0.t_seq uint32) - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + axiom inv'5 : forall x : Seq'0.t_seq uint32 . inv'5 x = true - predicate inv'6 (_x : Seq'0.t_seq (borrowed (Closure'0.c06mapprecond_increment_closure2 u))) + use prelude.prelude.Int function len'1 (self : Seq'0.t_seq (borrowed (Closure'0.c06mapprecond_increment_closure2 u))) : int - axiom len'1_spec : forall self : Seq'0.t_seq (borrowed (Closure'0.c06mapprecond_increment_closure2 u)) . ([%#span5] inv'6 self) - -> ([%#span6] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq (borrowed (Closure'0.c06mapprecond_increment_closure2 u)) . [%#span5] len'1 self + >= 0 - constant empty'1 : Seq'0.t_seq (borrowed (Closure'0.c06mapprecond_increment_closure2 u)) = [%#span7] () + constant empty'1 : Seq'0.t_seq (borrowed (Closure'0.c06mapprecond_increment_closure2 u)) - function empty_len'1 (_1 : ()) : () = - [%#span9] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span8] len'1 (empty'1 : Seq'0.t_seq (borrowed (Closure'0.c06mapprecond_increment_closure2 u))) + axiom empty_len'1_spec : forall _1 : () . [%#span6] len'1 (empty'1 : Seq'0.t_seq (borrowed (Closure'0.c06mapprecond_increment_closure2 u))) = 0 - predicate invariant'6 (self : Seq'0.t_seq (borrowed (Closure'0.c06mapprecond_increment_closure2 u))) = - [%#span4] true - - axiom inv'6 : forall x : Seq'0.t_seq (borrowed (Closure'0.c06mapprecond_increment_closure2 u)) . inv'6 x = true - - predicate invariant'5 (self : Seq'0.t_seq uint32) = - [%#span4] true - - predicate inv'5 (_x : Seq'0.t_seq uint32) - - axiom inv'5 : forall x : Seq'0.t_seq uint32 . inv'5 x = true - predicate invariant'4 (self : Closure'0.c06mapprecond_increment_closure2 u) = [%#span4] true @@ -4225,46 +3643,37 @@ module C06MapPrecond_Increment axiom inv'2 : forall x : u . inv'2 x = true - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq uint32) (x : int) : uint32 - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq uint32) (_2 : int) : uint32 function len'0 (self : Seq'0.t_seq uint32) : int - axiom len'0_spec : forall self : Seq'0.t_seq uint32 . ([%#span5] inv'5 self) -> ([%#span6] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq uint32 . [%#span5] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq uint32) (other : Seq'0.t_seq uint32) : Seq'0.t_seq uint32 - axiom concat'0_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span10] inv'5 self) - -> ([%#span11] inv'5 other) - -> ([%#span14] inv'5 (concat'0 self other)) - && ([%#span13] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span8] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span12] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span7] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : u) (visited : Seq'0.t_seq uint32) (o : u) function produces_trans'1 [#"../common.rs" 21 4 21 91] (a : u) (ab : Seq'0.t_seq uint32) (b : u) (bc : Seq'0.t_seq uint32) (c : u) : () - axiom produces_trans'1_spec : forall a : u, ab : Seq'0.t_seq uint32, b : u, bc : Seq'0.t_seq uint32, c : u . ([%#span15] produces'1 a ab b) - -> ([%#span16] produces'1 b bc c) - -> ([%#span17] inv'2 a) - -> ([%#span18] inv'5 ab) - -> ([%#span19] inv'2 b) - -> ([%#span20] inv'5 bc) -> ([%#span21] inv'2 c) -> ([%#span22] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'1_spec : forall a : u, ab : Seq'0.t_seq uint32, b : u, bc : Seq'0.t_seq uint32, c : u . ([%#span9] produces'1 a ab b) + -> ([%#span10] produces'1 b bc c) + -> ([%#span11] inv'2 a) + -> ([%#span12] inv'2 b) -> ([%#span13] inv'2 c) -> ([%#span14] produces'1 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq uint32 = [%#span7] () + constant empty'0 : Seq'0.t_seq uint32 function produces_refl'1 [#"../common.rs" 15 4 15 27] (self : u) : () - axiom produces_refl'1_spec : forall self : u . ([%#span23] inv'2 self) - -> ([%#span24] produces'1 self (empty'0 : Seq'0.t_seq uint32) self) + axiom produces_refl'1_spec : forall self : u . ([%#span15] inv'2 self) + -> ([%#span16] produces'1 self (empty'0 : Seq'0.t_seq uint32) self) predicate invariant'1 (self : borrowed u) @@ -4272,10 +3681,9 @@ module C06MapPrecond_Increment axiom inv'1 : forall x : borrowed u . inv'1 x = true - function empty_len'0 (_1 : ()) : () = - [%#span9] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span8] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span6] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 use C06MapPrecond_Map_Type as Map'0 @@ -4296,29 +3704,23 @@ module C06MapPrecond_Increment predicate precondition'0 [#"../06_map_precond.rs" 189 8 189 35] (self : Closure'0.c06mapprecond_increment_closure2 u) (args : (uint32, Snapshot'0.t_snapshot (Seq'0.t_seq uint32))) = - [%#span25] let (x, _3) = args in UInt32.to_int x <= 15 + [%#span17] let (x, _3) = args in UInt32.to_int x <= 15 function deref'0 (self : Snapshot'0.t_snapshot (Seq'0.t_seq uint32)) : Seq'0.t_seq uint32 function new'0 (x : Seq'0.t_seq uint32) : Snapshot'0.t_snapshot (Seq'0.t_seq uint32) - axiom new'0_spec : forall x : Seq'0.t_seq uint32 . ([%#span26] inv'5 x) -> ([%#span27] deref'0 (new'0 x) = x) - - use prelude.seq_ext.SeqExt + axiom new'0_spec : forall x : Seq'0.t_seq uint32 . ([%#span18] inv'5 x) -> ([%#span19] deref'0 (new'0 x) = x) function subsequence'0 (self : Seq'0.t_seq uint32) (n : int) (m : int) : Seq'0.t_seq uint32 - axiom subsequence'0_spec : forall self : Seq'0.t_seq uint32, n : int, m : int . ([%#span28] 0 <= n + axiom subsequence'0_spec : forall self : Seq'0.t_seq uint32, n : int, m : int . ([%#span20] 0 <= n /\ n <= m /\ m <= len'0 self) - -> ([%#span29] inv'5 self) - -> ([%#span32] inv'5 (subsequence'0 self n m)) - && ([%#span31] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) + -> ([%#span22] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) -> index_logic'0 (subsequence'0 self n m) i = index_logic'0 self (n + i)) - && ([%#span30] len'0 (subsequence'0 self n m) = m - n) - - use seq.Seq + && ([%#span21] len'0 (subsequence'0 self n m) = m - n) - function index_logic'1 (self : Seq'0.t_seq (borrowed (Closure'0.c06mapprecond_increment_closure2 u))) (x : int) : borrowed (Closure'0.c06mapprecond_increment_closure2 u) + function index_logic'1 (self : Seq'0.t_seq (borrowed (Closure'0.c06mapprecond_increment_closure2 u))) (_2 : int) : borrowed (Closure'0.c06mapprecond_increment_closure2 u) function inner'0 (self : Snapshot'0.t_snapshot (Seq'0.t_seq uint32)) : Seq'0.t_seq uint32 @@ -4328,14 +3730,12 @@ module C06MapPrecond_Increment predicate produces'0 [@inline:trivial] [#"../06_map_precond.rs" 43 4 43 67] (self : Map'0.t_map u uint32 (Closure'0.c06mapprecond_increment_closure2 u) uint32) (visited : Seq'0.t_seq uint32) (succ : Map'0.t_map u uint32 (Closure'0.c06mapprecond_increment_closure2 u) uint32) = - [%#span33] unnest'0 (C06MapPrecond_Map_Type.map_func self) (C06MapPrecond_Map_Type.map_func succ) - /\ (exists s : Seq'0.t_seq uint32 . inv'5 s - /\ len'0 s = len'0 visited + [%#span23] unnest'0 (C06MapPrecond_Map_Type.map_func self) (C06MapPrecond_Map_Type.map_func succ) + /\ (exists s : Seq'0.t_seq uint32 . len'0 s = len'0 visited /\ produces'1 (C06MapPrecond_Map_Type.map_iter self) s (C06MapPrecond_Map_Type.map_iter succ) /\ inner'0 (C06MapPrecond_Map_Type.map_produced succ) = concat'0 (deref'0 (C06MapPrecond_Map_Type.map_produced self)) s - /\ (exists fs : Seq'0.t_seq (borrowed (Closure'0.c06mapprecond_increment_closure2 u)) . inv'6 fs - /\ len'1 fs = len'0 visited + /\ (exists fs : Seq'0.t_seq (borrowed (Closure'0.c06mapprecond_increment_closure2 u)) . len'1 fs = len'0 visited /\ (forall i : int . 1 <= i /\ i < len'1 fs -> ^ index_logic'1 fs (i - 1) = * index_logic'1 fs i) /\ (if len'0 visited = 0 then C06MapPrecond_Map_Type.map_func self = C06MapPrecond_Map_Type.map_func succ @@ -4351,49 +3751,43 @@ module C06MapPrecond_Increment function produces_trans'0 [#"../06_map_precond.rs" 38 4 38 90] (a : Map'0.t_map u uint32 (Closure'0.c06mapprecond_increment_closure2 u) uint32) (ab : Seq'0.t_seq uint32) (b : Map'0.t_map u uint32 (Closure'0.c06mapprecond_increment_closure2 u) uint32) (bc : Seq'0.t_seq uint32) (c : Map'0.t_map u uint32 (Closure'0.c06mapprecond_increment_closure2 u) uint32) : () = - [%#span42] () + [%#span30] () - axiom produces_trans'0_spec : forall a : Map'0.t_map u uint32 (Closure'0.c06mapprecond_increment_closure2 u) uint32, ab : Seq'0.t_seq uint32, b : Map'0.t_map u uint32 (Closure'0.c06mapprecond_increment_closure2 u) uint32, bc : Seq'0.t_seq uint32, c : Map'0.t_map u uint32 (Closure'0.c06mapprecond_increment_closure2 u) uint32 . ([%#span34] produces'0 a ab b) - -> ([%#span35] produces'0 b bc c) - -> ([%#span36] inv'0 a) - -> ([%#span37] inv'5 ab) - -> ([%#span38] inv'0 b) - -> ([%#span39] inv'5 bc) -> ([%#span40] inv'0 c) -> ([%#span41] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : Map'0.t_map u uint32 (Closure'0.c06mapprecond_increment_closure2 u) uint32, ab : Seq'0.t_seq uint32, b : Map'0.t_map u uint32 (Closure'0.c06mapprecond_increment_closure2 u) uint32, bc : Seq'0.t_seq uint32, c : Map'0.t_map u uint32 (Closure'0.c06mapprecond_increment_closure2 u) uint32 . ([%#span24] produces'0 a ab b) + -> ([%#span25] produces'0 b bc c) + -> ([%#span26] inv'0 a) + -> ([%#span27] inv'0 b) -> ([%#span28] inv'0 c) -> ([%#span29] produces'0 a (concat'0 ab bc) c) function produces_refl'0 [#"../06_map_precond.rs" 31 4 31 26] (self : Map'0.t_map u uint32 (Closure'0.c06mapprecond_increment_closure2 u) uint32) : () = - [%#span45] () + [%#span33] () - axiom produces_refl'0_spec : forall self : Map'0.t_map u uint32 (Closure'0.c06mapprecond_increment_closure2 u) uint32 . ([%#span43] inv'0 self) - -> ([%#span44] produces'0 self (empty'0 : Seq'0.t_seq uint32) self) - - use seq.Seq + axiom produces_refl'0_spec : forall self : Map'0.t_map u uint32 (Closure'0.c06mapprecond_increment_closure2 u) uint32 . ([%#span31] inv'0 self) + -> ([%#span32] produces'0 self (empty'0 : Seq'0.t_seq uint32) self) function singleton'0 (v : uint32) : Seq'0.t_seq uint32 - axiom singleton'0_spec : forall v : uint32 . ([%#span46] inv'3 v) - -> ([%#span49] inv'5 (singleton'0 v)) - && ([%#span48] index_logic'0 (singleton'0 v) 0 = v) && ([%#span47] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : uint32 . ([%#span34] inv'3 v) + -> ([%#span36] index_logic'0 (singleton'0 v) 0 = v) && ([%#span35] len'0 (singleton'0 v) = 1) predicate next_precondition'0 [#"../06_map_precond.rs" 83 4 83 74] (iter : u) (func : Closure'0.c06mapprecond_increment_closure2 u) (produced : Seq'0.t_seq uint32) = - [%#span50] forall i : u . forall e : uint32 . inv'2 i + [%#span37] forall i : u . forall e : uint32 . inv'2 i -> inv'3 e -> produces'1 iter (singleton'0 e) i -> precondition'0 func (e, new'0 produced) function push'0 [@inline:trivial] (self : Seq'0.t_seq uint32) (v : uint32) : Seq'0.t_seq uint32 = - [%#span51] concat'0 self (singleton'0 v) + [%#span38] concat'0 self (singleton'0 v) predicate preservation'0 [#"../06_map_precond.rs" 105 4 105 45] (iter : u) (func : Closure'0.c06mapprecond_increment_closure2 u) = - [%#span52] forall i : u . forall b : uint32 . forall f : borrowed (Closure'0.c06mapprecond_increment_closure2 u) . forall e2 : uint32 . forall e1 : uint32 . forall s : Seq'0.t_seq uint32 . inv'2 i + [%#span39] forall i : u . forall b : uint32 . forall f : borrowed (Closure'0.c06mapprecond_increment_closure2 u) . forall e2 : uint32 . forall e1 : uint32 . forall s : Seq'0.t_seq uint32 . inv'2 i -> inv'3 b - -> inv'7 f + -> inv'6 f -> inv'3 e2 -> inv'3 e1 - -> inv'5 s -> unnest'0 func ( * f) -> produces'1 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 s) @@ -4402,28 +3796,26 @@ module C06MapPrecond_Increment predicate preservation_inv'0 [#"../06_map_precond.rs" 93 4 93 73] (iter : u) (func : Closure'0.c06mapprecond_increment_closure2 u) (produced : Seq'0.t_seq uint32) = - [%#span57] forall i : u . forall b : uint32 . forall f : borrowed (Closure'0.c06mapprecond_increment_closure2 u) . forall e2 : uint32 . forall e1 : uint32 . forall s : Seq'0.t_seq uint32 . inv'2 i + [%#span43] forall i : u . forall b : uint32 . forall f : borrowed (Closure'0.c06mapprecond_increment_closure2 u) . forall e2 : uint32 . forall e1 : uint32 . forall s : Seq'0.t_seq uint32 . inv'2 i -> inv'3 b - -> inv'7 f + -> inv'6 f -> inv'3 e2 -> inv'3 e1 - -> inv'5 s -> unnest'0 func ( * f) -> produces'1 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 (concat'0 produced s)) -> postcondition_mut'0 f (e1, new'0 (concat'0 produced s)) b -> precondition'0 ( ^ f) (e2, new'0 (push'0 (concat'0 produced s) e1)) - axiom preservation_inv'0_spec : forall iter : u, func : Closure'0.c06mapprecond_increment_closure2 u, produced : Seq'0.t_seq uint32 . ([%#span53] inv'2 iter) - -> ([%#span54] inv'4 func) - -> ([%#span55] inv'5 produced) - -> ([%#span56] produced = (empty'0 : Seq'0.t_seq uint32) + axiom preservation_inv'0_spec : forall iter : u, func : Closure'0.c06mapprecond_increment_closure2 u, produced : Seq'0.t_seq uint32 . ([%#span40] inv'2 iter) + -> ([%#span41] inv'4 func) + -> ([%#span42] produced = (empty'0 : Seq'0.t_seq uint32) -> preservation_inv'0 iter func produced = preservation'0 iter func) predicate completed'0 [#"../common.rs" 11 4 11 36] (self : borrowed u) predicate reinitialize'0 [#"../06_map_precond.rs" 117 4 117 29] (_1 : ()) = - [%#span58] forall func : Closure'0.c06mapprecond_increment_closure2 u . forall iter : borrowed u . inv'4 func + [%#span44] forall func : Closure'0.c06mapprecond_increment_closure2 u . forall iter : borrowed u . inv'4 func -> inv'1 iter -> completed'0 iter -> next_precondition'0 ( ^ iter) func (empty'0 : Seq'0.t_seq uint32) /\ preservation'0 ( ^ iter) func @@ -4431,7 +3823,7 @@ module C06MapPrecond_Increment predicate invariant'0 [#"../06_map_precond.rs" 157 4 157 30] (self : Map'0.t_map u uint32 (Closure'0.c06mapprecond_increment_closure2 u) uint32) = - [%#span59] reinitialize'0 () + [%#span45] reinitialize'0 () /\ preservation_inv'0 (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (deref'0 (C06MapPrecond_Map_Type.map_produced self)) /\ next_precondition'0 (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (deref'0 (C06MapPrecond_Map_Type.map_produced self)) @@ -4445,16 +3837,16 @@ module C06MapPrecond_Increment predicate resolve'0 (self : Map'0.t_map u uint32 (Closure'0.c06mapprecond_increment_closure2 u) uint32) - let rec map'0 (iter:u) (func:Closure'0.c06mapprecond_increment_closure2 u) (return' (ret:Map'0.t_map u uint32 (Closure'0.c06mapprecond_increment_closure2 u) uint32))= {[@expl:precondition] [%#span64] inv'4 func} - {[@expl:precondition] [%#span63] inv'2 iter} - {[@expl:precondition] [%#span62] preservation'0 iter func} - {[@expl:precondition] [%#span61] reinitialize'0 ()} - {[@expl:precondition] [%#span60] forall i2 : u . forall e : uint32 . inv'2 i2 + let rec map'0 (iter:u) (func:Closure'0.c06mapprecond_increment_closure2 u) (return' (ret:Map'0.t_map u uint32 (Closure'0.c06mapprecond_increment_closure2 u) uint32))= {[@expl:precondition] [%#span50] inv'4 func} + {[@expl:precondition] [%#span49] inv'2 iter} + {[@expl:precondition] [%#span48] preservation'0 iter func} + {[@expl:precondition] [%#span47] reinitialize'0 ()} + {[@expl:precondition] [%#span46] forall i2 : u . forall e : uint32 . inv'2 i2 -> inv'3 e -> produces'1 iter (singleton'0 e) i2 -> precondition'0 func (e, new'0 (empty'0 : Seq'0.t_seq uint32))} any - [ return' (result:Map'0.t_map u uint32 (Closure'0.c06mapprecond_increment_closure2 u) uint32)-> {[%#span66] inv'0 result} - {[%#span65] result = Map'0.C_Map iter func (new'0 (empty'0 : Seq'0.t_seq uint32))} + [ return' (result:Map'0.t_map u uint32 (Closure'0.c06mapprecond_increment_closure2 u) uint32)-> {[%#span52] inv'0 result} + {[%#span51] result = Map'0.C_Map iter func (new'0 (empty'0 : Seq'0.t_seq uint32))} (! return' {result}) ] @@ -4527,49 +3919,29 @@ module C06MapPrecond_Counter_Closure2 let%span s06_map_precond2 = "../06_map_precond.rs" 206 18 206 39 - let%span span3 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span5 = "" 0 0 0 0 - let%span span9 = "" 0 0 0 0 + let%span span6 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span10 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + use prelude.prelude.Int use prelude.prelude.UInt32 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'0 (self : Seq'0.t_seq uint32) = - [%#span3] true - - predicate inv'0 (_x : Seq'0.t_seq uint32) - - axiom inv'0 : forall x : Seq'0.t_seq uint32 . inv'0 x = true - - use prelude.prelude.Int - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq uint32) : int - axiom len'0_spec : forall self : Seq'0.t_seq uint32 . ([%#span4] inv'0 self) -> ([%#span5] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq uint32 . [%#span3] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq uint32 = [%#span6] () + constant empty'0 : Seq'0.t_seq uint32 - function empty_len'0 (_1 : ()) : () = - [%#span8] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span7] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span4] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 use prelude.prelude.Int16 @@ -4591,7 +3963,7 @@ module C06MapPrecond_Counter_Closure2 = ^ field_0'0 _2 = ^ field_0'0 self - constant max'0 : usize = [%#span9] (18446744073709551615 : usize) + constant max'0 : usize = [%#span5] (18446744073709551615 : usize) function deref'0 (self : Snapshot'0.t_snapshot (Seq'0.t_seq uint32)) : Seq'0.t_seq uint32 @@ -4600,7 +3972,7 @@ module C06MapPrecond_Counter_Closure2 use prelude.prelude.Intrinsic predicate resolve'0 (self : borrowed (Closure'0.c06mapprecond_counter_closure2 i)) = - [%#span10] ^ self = * self + [%#span6] ^ self = * self let rec c06mapprecond_counter_closure2 (_1:borrowed (Closure'0.c06mapprecond_counter_closure2 i)) (x:uint32) (_prod:Snapshot'0.t_snapshot (Seq'0.t_seq uint32)) (return' (ret:uint32))= {[%#s06_map_precond1] UIntSize.to_int ( * field_0'0 ( * _1)) = len'0 (deref'0 _prod) @@ -4649,95 +4021,75 @@ module C06MapPrecond_Counter let%span span4 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span15 = "../common.rs" 18 15 18 32 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span16 = "../common.rs" 19 15 19 32 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span17 = "../common.rs" 21 22 21 23 + let%span span9 = "../common.rs" 18 15 18 32 - let%span span18 = "../common.rs" 21 31 21 33 + let%span span10 = "../common.rs" 19 15 19 32 - let%span span19 = "../common.rs" 21 52 21 53 + let%span span11 = "../common.rs" 21 22 21 23 - let%span span20 = "../common.rs" 21 61 21 63 + let%span span12 = "../common.rs" 21 52 21 53 - let%span span21 = "../common.rs" 21 82 21 83 + let%span span13 = "../common.rs" 21 82 21 83 - let%span span22 = "../common.rs" 20 14 20 42 + let%span span14 = "../common.rs" 20 14 20 42 - let%span span23 = "../common.rs" 15 21 15 25 + let%span span15 = "../common.rs" 15 21 15 25 - let%span span24 = "../common.rs" 14 14 14 45 + let%span span16 = "../common.rs" 14 14 14 45 - let%span span25 = "" 0 0 0 0 + let%span span17 = "" 0 0 0 0 - let%span span26 = "../06_map_precond.rs" 205 19 205 61 + let%span span18 = "../06_map_precond.rs" 205 19 205 61 - let%span span27 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span19 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span28 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span20 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span30 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span32 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 - - let%span span33 = "../06_map_precond.rs" 84 8 88 9 - - let%span span34 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span24 = "../06_map_precond.rs" 84 8 88 9 - let%span span35 = "../06_map_precond.rs" 106 8 113 9 + let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span36 = "../06_map_precond.rs" 93 24 93 28 + let%span span26 = "../06_map_precond.rs" 106 8 113 9 - let%span span37 = "../06_map_precond.rs" 93 33 93 37 + let%span span27 = "../06_map_precond.rs" 93 24 93 28 - let%span span38 = "../06_map_precond.rs" 93 42 93 50 + let%span span28 = "../06_map_precond.rs" 93 33 93 37 - let%span span39 = "../06_map_precond.rs" 92 4 92 83 + let%span span29 = "../06_map_precond.rs" 92 4 92 83 - let%span span40 = "../06_map_precond.rs" 94 8 101 9 + let%span span30 = "../06_map_precond.rs" 94 8 101 9 - let%span span41 = "../06_map_precond.rs" 118 8 123 9 + let%span span31 = "../06_map_precond.rs" 118 8 123 9 - let%span span42 = "../06_map_precond.rs" 159 12 161 73 + let%span span32 = "../06_map_precond.rs" 159 12 161 73 - let%span span43 = "../06_map_precond.rs" 166 0 166 131 + let%span span33 = "../06_map_precond.rs" 166 0 166 131 - let%span span44 = "../06_map_precond.rs" 167 11 167 41 + let%span span34 = "../06_map_precond.rs" 167 11 167 41 - let%span span45 = "../06_map_precond.rs" 168 11 168 51 + let%span span35 = "../06_map_precond.rs" 168 11 168 51 - let%span span46 = "../06_map_precond.rs" 171 4 171 8 + let%span span36 = "../06_map_precond.rs" 171 4 171 8 - let%span span47 = "../06_map_precond.rs" 172 4 172 8 + let%span span37 = "../06_map_precond.rs" 172 4 172 8 - let%span span48 = "../06_map_precond.rs" 169 10 169 75 + let%span span38 = "../06_map_precond.rs" 169 10 169 75 - let%span span49 = "../06_map_precond.rs" 173 5 173 17 + let%span span39 = "../06_map_precond.rs" 173 5 173 17 use prelude.prelude.UIntSize @@ -4783,20 +4135,15 @@ module C06MapPrecond_Counter use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq uint32) : int - axiom len'0_spec : forall self : Seq'0.t_seq uint32 . ([%#span5] inv'5 self) -> ([%#span6] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq uint32 . [%#span5] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq uint32 = [%#span7] () + constant empty'0 : Seq'0.t_seq uint32 - function empty_len'0 (_1 : ()) : () = - [%#span9] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span8] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span6] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 predicate invariant'2 (self : i) @@ -4804,38 +4151,31 @@ module C06MapPrecond_Counter axiom inv'2 : forall x : i . inv'2 x = true - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq uint32) (x : int) : uint32 + function index_logic'0 (self : Seq'0.t_seq uint32) (_2 : int) : uint32 function concat'0 (self : Seq'0.t_seq uint32) (other : Seq'0.t_seq uint32) : Seq'0.t_seq uint32 - axiom concat'0_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span10] inv'5 self) - -> ([%#span11] inv'5 other) - -> ([%#span14] inv'5 (concat'0 self other)) - && ([%#span13] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span8] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span12] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span7] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate produces'0 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq uint32) (o : i) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq uint32) (b : i) (bc : Seq'0.t_seq uint32) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq uint32, b : i, bc : Seq'0.t_seq uint32, c : i . ([%#span15] produces'0 a ab b) - -> ([%#span16] produces'0 b bc c) - -> ([%#span17] inv'2 a) - -> ([%#span18] inv'5 ab) - -> ([%#span19] inv'2 b) - -> ([%#span20] inv'5 bc) -> ([%#span21] inv'2 c) -> ([%#span22] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq uint32, b : i, bc : Seq'0.t_seq uint32, c : i . ([%#span9] produces'0 a ab b) + -> ([%#span10] produces'0 b bc c) + -> ([%#span11] inv'2 a) + -> ([%#span12] inv'2 b) -> ([%#span13] inv'2 c) -> ([%#span14] produces'0 a (concat'0 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span23] inv'2 self) - -> ([%#span24] produces'0 self (empty'0 : Seq'0.t_seq uint32) self) + axiom produces_refl'0_spec : forall self : i . ([%#span15] inv'2 self) + -> ([%#span16] produces'0 self (empty'0 : Seq'0.t_seq uint32) self) predicate invariant'1 (self : borrowed i) @@ -4843,7 +4183,7 @@ module C06MapPrecond_Counter axiom inv'1 : forall x : borrowed i . inv'1 x = true - constant max'0 : usize = [%#span25] (18446744073709551615 : usize) + constant max'0 : usize = [%#span17] (18446744073709551615 : usize) function deref'0 (self : Snapshot'0.t_snapshot (Seq'0.t_seq uint32)) : Seq'0.t_seq uint32 @@ -4857,25 +4197,22 @@ module C06MapPrecond_Counter predicate precondition'0 [#"../06_map_precond.rs" 206 8 206 41] (self : Closure'0.c06mapprecond_counter_closure2 i) (args : (uint32, Snapshot'0.t_snapshot (Seq'0.t_seq uint32))) = - [%#span26] let (x, _prod) = args in UIntSize.to_int ( * field_0'0 self) = len'0 (deref'0 _prod) + [%#span18] let (x, _prod) = args in UIntSize.to_int ( * field_0'0 self) = len'0 (deref'0 _prod) /\ * field_0'0 self < (max'0 : usize) function new'0 (x : Seq'0.t_seq uint32) : Snapshot'0.t_snapshot (Seq'0.t_seq uint32) - axiom new'0_spec : forall x : Seq'0.t_seq uint32 . ([%#span27] inv'5 x) -> ([%#span28] deref'0 (new'0 x) = x) - - use seq.Seq + axiom new'0_spec : forall x : Seq'0.t_seq uint32 . ([%#span19] inv'5 x) -> ([%#span20] deref'0 (new'0 x) = x) function singleton'0 (v : uint32) : Seq'0.t_seq uint32 - axiom singleton'0_spec : forall v : uint32 . ([%#span29] inv'3 v) - -> ([%#span32] inv'5 (singleton'0 v)) - && ([%#span31] index_logic'0 (singleton'0 v) 0 = v) && ([%#span30] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : uint32 . ([%#span21] inv'3 v) + -> ([%#span23] index_logic'0 (singleton'0 v) 0 = v) && ([%#span22] len'0 (singleton'0 v) = 1) predicate next_precondition'0 [#"../06_map_precond.rs" 83 4 83 74] (iter : i) (func : Closure'0.c06mapprecond_counter_closure2 i) (produced : Seq'0.t_seq uint32) = - [%#span33] forall i : i . forall e : uint32 . inv'2 i + [%#span24] forall i : i . forall e : uint32 . inv'2 i -> inv'3 e -> produces'0 iter (singleton'0 e) i -> precondition'0 func (e, new'0 produced) predicate unnest'0 [#"../06_map_precond.rs" 206 8 206 41] (self : Closure'0.c06mapprecond_counter_closure2 i) (_2 : Closure'0.c06mapprecond_counter_closure2 i) @@ -4890,17 +4227,16 @@ module C06MapPrecond_Counter /\ unnest'0 ( * self) ( ^ self) function push'0 [@inline:trivial] (self : Seq'0.t_seq uint32) (v : uint32) : Seq'0.t_seq uint32 = - [%#span34] concat'0 self (singleton'0 v) + [%#span25] concat'0 self (singleton'0 v) predicate preservation'0 [#"../06_map_precond.rs" 105 4 105 45] (iter : i) (func : Closure'0.c06mapprecond_counter_closure2 i) = - [%#span35] forall i : i . forall b : uint32 . forall f : borrowed (Closure'0.c06mapprecond_counter_closure2 i) . forall e2 : uint32 . forall e1 : uint32 . forall s : Seq'0.t_seq uint32 . inv'2 i + [%#span26] forall i : i . forall b : uint32 . forall f : borrowed (Closure'0.c06mapprecond_counter_closure2 i) . forall e2 : uint32 . forall e1 : uint32 . forall s : Seq'0.t_seq uint32 . inv'2 i -> inv'3 b -> inv'6 f -> inv'3 e2 -> inv'3 e1 - -> inv'5 s -> unnest'0 func ( * f) -> produces'0 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 s) @@ -4909,22 +4245,20 @@ module C06MapPrecond_Counter predicate preservation_inv'0 [#"../06_map_precond.rs" 93 4 93 73] (iter : i) (func : Closure'0.c06mapprecond_counter_closure2 i) (produced : Seq'0.t_seq uint32) = - [%#span40] forall i : i . forall b : uint32 . forall f : borrowed (Closure'0.c06mapprecond_counter_closure2 i) . forall e2 : uint32 . forall e1 : uint32 . forall s : Seq'0.t_seq uint32 . inv'2 i + [%#span30] forall i : i . forall b : uint32 . forall f : borrowed (Closure'0.c06mapprecond_counter_closure2 i) . forall e2 : uint32 . forall e1 : uint32 . forall s : Seq'0.t_seq uint32 . inv'2 i -> inv'3 b -> inv'6 f -> inv'3 e2 -> inv'3 e1 - -> inv'5 s -> unnest'0 func ( * f) -> produces'0 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 (concat'0 produced s)) -> postcondition_mut'0 f (e1, new'0 (concat'0 produced s)) b -> precondition'0 ( ^ f) (e2, new'0 (push'0 (concat'0 produced s) e1)) - axiom preservation_inv'0_spec : forall iter : i, func : Closure'0.c06mapprecond_counter_closure2 i, produced : Seq'0.t_seq uint32 . ([%#span36] inv'2 iter) - -> ([%#span37] inv'4 func) - -> ([%#span38] inv'5 produced) - -> ([%#span39] produced = (empty'0 : Seq'0.t_seq uint32) + axiom preservation_inv'0_spec : forall iter : i, func : Closure'0.c06mapprecond_counter_closure2 i, produced : Seq'0.t_seq uint32 . ([%#span27] inv'2 iter) + -> ([%#span28] inv'4 func) + -> ([%#span29] produced = (empty'0 : Seq'0.t_seq uint32) -> preservation_inv'0 iter func produced = preservation'0 iter func) use C06MapPrecond_Map_Type as C06MapPrecond_Map_Type @@ -4932,7 +4266,7 @@ module C06MapPrecond_Counter predicate completed'0 [#"../common.rs" 11 4 11 36] (self : borrowed i) predicate reinitialize'0 [#"../06_map_precond.rs" 117 4 117 29] (_1 : ()) = - [%#span41] forall func : Closure'0.c06mapprecond_counter_closure2 i . forall iter : borrowed i . inv'4 func + [%#span31] forall func : Closure'0.c06mapprecond_counter_closure2 i . forall iter : borrowed i . inv'4 func -> inv'1 iter -> completed'0 iter -> next_precondition'0 ( ^ iter) func (empty'0 : Seq'0.t_seq uint32) /\ preservation'0 ( ^ iter) func @@ -4942,7 +4276,7 @@ module C06MapPrecond_Counter predicate invariant'0 [#"../06_map_precond.rs" 157 4 157 30] (self : Map'0.t_map i uint32 (Closure'0.c06mapprecond_counter_closure2 i) uint32) = - [%#span42] reinitialize'0 () + [%#span32] reinitialize'0 () /\ preservation_inv'0 (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (deref'0 (C06MapPrecond_Map_Type.map_produced self)) /\ next_precondition'0 (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (deref'0 (C06MapPrecond_Map_Type.map_produced self)) @@ -4958,16 +4292,16 @@ module C06MapPrecond_Counter predicate resolve'0 (self : Map'0.t_map i uint32 (Closure'0.c06mapprecond_counter_closure2 i) uint32) - let rec map'0 (iter:i) (func:Closure'0.c06mapprecond_counter_closure2 i) (return' (ret:Map'0.t_map i uint32 (Closure'0.c06mapprecond_counter_closure2 i) uint32))= {[@expl:precondition] [%#span47] inv'4 func} - {[@expl:precondition] [%#span46] inv'2 iter} - {[@expl:precondition] [%#span45] preservation'0 iter func} - {[@expl:precondition] [%#span44] reinitialize'0 ()} - {[@expl:precondition] [%#span43] forall i2 : i . forall e : uint32 . inv'2 i2 + let rec map'0 (iter:i) (func:Closure'0.c06mapprecond_counter_closure2 i) (return' (ret:Map'0.t_map i uint32 (Closure'0.c06mapprecond_counter_closure2 i) uint32))= {[@expl:precondition] [%#span37] inv'4 func} + {[@expl:precondition] [%#span36] inv'2 iter} + {[@expl:precondition] [%#span35] preservation'0 iter func} + {[@expl:precondition] [%#span34] reinitialize'0 ()} + {[@expl:precondition] [%#span33] forall i2 : i . forall e : uint32 . inv'2 i2 -> inv'3 e -> produces'0 iter (singleton'0 e) i2 -> precondition'0 func (e, new'0 (empty'0 : Seq'0.t_seq uint32))} any - [ return' (result:Map'0.t_map i uint32 (Closure'0.c06mapprecond_counter_closure2 i) uint32)-> {[%#span49] inv'0 result} - {[%#span48] result = Map'0.C_Map iter func (new'0 (empty'0 : Seq'0.t_seq uint32))} + [ return' (result:Map'0.t_map i uint32 (Closure'0.c06mapprecond_counter_closure2 i) uint32)-> {[%#span39] inv'0 result} + {[%#span38] result = Map'0.C_Map iter func (new'0 (empty'0 : Seq'0.t_seq uint32))} (! return' {result}) ] @@ -5018,133 +4352,103 @@ module C06MapPrecond_Impl0 let%span span4 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span9 = "../06_map_precond.rs" 84 8 88 9 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span11 = "../06_map_precond.rs" 84 8 88 9 + let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span13 = "../06_map_precond.rs" 106 8 113 9 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span14 = "../06_map_precond.rs" 93 24 93 28 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span15 = "../06_map_precond.rs" 93 33 93 37 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span16 = "../06_map_precond.rs" 92 4 92 83 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span17 = "../06_map_precond.rs" 94 8 101 9 - let%span span18 = "../06_map_precond.rs" 106 8 113 9 + let%span span18 = "../06_map_precond.rs" 118 8 123 9 - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span19 = "../06_map_precond.rs" 159 12 161 73 - let%span span20 = "../06_map_precond.rs" 93 24 93 28 - - let%span span21 = "../06_map_precond.rs" 93 33 93 37 - - let%span span22 = "../06_map_precond.rs" 93 42 93 50 - - let%span span23 = "../06_map_precond.rs" 92 4 92 83 - - let%span span24 = "../06_map_precond.rs" 94 8 101 9 - - let%span span25 = "../06_map_precond.rs" 118 8 123 9 - - let%span span26 = "../06_map_precond.rs" 159 12 161 73 + let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 + let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 + let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 + let%span span23 = "../06_map_precond.rs" 44 8 56 9 - let%span span30 = "../../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 + let%span span24 = "../06_map_precond.rs" 142 20 142 24 - let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 + let%span span25 = "../06_map_precond.rs" 142 26 142 33 - let%span span32 = "../06_map_precond.rs" 44 8 56 9 + let%span span26 = "../06_map_precond.rs" 142 38 142 42 - let%span span33 = "../06_map_precond.rs" 142 20 142 24 + let%span span27 = "../06_map_precond.rs" 141 14 141 68 - let%span span34 = "../06_map_precond.rs" 142 26 142 33 + let%span span28 = "../06_map_precond.rs" 143 8 149 9 - let%span span35 = "../06_map_precond.rs" 142 38 142 42 - - let%span span36 = "../06_map_precond.rs" 141 14 141 68 - - let%span span37 = "../06_map_precond.rs" 143 8 149 9 - - let%span span38 = "../06_map_precond.rs" 22 8 25 9 + let%span span29 = "../06_map_precond.rs" 22 8 25 9 use prelude.prelude.Borrow - predicate invariant'11 (self : borrowed i) - - predicate inv'11 (_x : borrowed i) - - axiom inv'11 : forall x : borrowed i . inv'11 x = true - - predicate invariant'10 (self : f) - - predicate inv'10 (_x : f) + predicate invariant'9 (self : borrowed i) - axiom inv'10 : forall x : f . inv'10 x = true + predicate inv'9 (_x : borrowed i) - predicate invariant'9 (self : i) + axiom inv'9 : forall x : borrowed i . inv'9 x = true - predicate inv'9 (_x : i) + predicate invariant'8 (self : f) - axiom inv'9 : forall x : i . inv'9 x = true + predicate inv'8 (_x : f) - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + axiom inv'8 : forall x : f . inv'8 x = true - predicate invariant'8 (self : Seq'0.t_seq (borrowed f)) + predicate invariant'7 (self : i) - predicate inv'8 (_x : Seq'0.t_seq (borrowed f)) + predicate inv'7 (_x : i) - axiom inv'8 : forall x : Seq'0.t_seq (borrowed f) . inv'8 x = true + axiom inv'7 : forall x : i . inv'7 x = true type item'0 - predicate invariant'7 (self : Seq'0.t_seq item'0) - - predicate inv'7 (_x : Seq'0.t_seq item'0) - - axiom inv'7 : forall x : Seq'0.t_seq item'0 . inv'7 x = true + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'6 (self : item'0) + predicate invariant'6 (self : Seq'0.t_seq item'0) - predicate inv'6 (_x : item'0) + predicate inv'6 (_x : Seq'0.t_seq item'0) - axiom inv'6 : forall x : item'0 . inv'6 x = true + axiom inv'6 : forall x : Seq'0.t_seq item'0 . inv'6 x = true - predicate invariant'5 (self : borrowed f) + predicate invariant'5 (self : item'0) - predicate inv'5 (_x : borrowed f) + predicate inv'5 (_x : item'0) - axiom inv'5 : forall x : borrowed f . inv'5 x = true + axiom inv'5 : forall x : item'0 . inv'5 x = true - predicate invariant'4 (self : b) + predicate invariant'4 (self : borrowed f) - predicate inv'4 (_x : b) + predicate inv'4 (_x : borrowed f) - axiom inv'4 : forall x : b . inv'4 x = true + axiom inv'4 : forall x : borrowed f . inv'4 x = true - predicate invariant'3 (self : Seq'0.t_seq b) + predicate invariant'3 (self : b) - predicate inv'3 (_x : Seq'0.t_seq b) + predicate inv'3 (_x : b) - axiom inv'3 : forall x : Seq'0.t_seq b . inv'3 x = true + axiom inv'3 : forall x : b . inv'3 x = true use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 @@ -5154,90 +4458,75 @@ module C06MapPrecond_Impl0 function new'0 (x : Seq'0.t_seq item'0) : Snapshot'0.t_snapshot (Seq'0.t_seq item'0) - axiom new'0_spec : forall x : Seq'0.t_seq item'0 . ([%#span3] inv'7 x) -> ([%#span4] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : Seq'0.t_seq item'0 . ([%#span3] inv'6 x) -> ([%#span4] deref'0 (new'0 x) = x) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) use prelude.prelude.Int - use seq.Seq - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - function index_logic'2 (self : Seq'0.t_seq item'0) (x : int) : item'0 - - use seq.Seq + function index_logic'2 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function len'1 (self : Seq'0.t_seq item'0) : int - axiom len'1_spec : forall self : Seq'0.t_seq item'0 . ([%#span5] inv'7 self) -> ([%#span6] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq item'0 . [%#span5] len'1 self >= 0 function singleton'1 (v : item'0) : Seq'0.t_seq item'0 - axiom singleton'1_spec : forall v : item'0 . ([%#span7] inv'6 v) - -> ([%#span10] inv'7 (singleton'1 v)) - && ([%#span9] index_logic'2 (singleton'1 v) 0 = v) && ([%#span8] len'1 (singleton'1 v) = 1) + axiom singleton'1_spec : forall v : item'0 . ([%#span6] inv'5 v) + -> ([%#span8] index_logic'2 (singleton'1 v) 0 = v) && ([%#span7] len'1 (singleton'1 v) = 1) predicate next_precondition'0 [#"../06_map_precond.rs" 83 4 83 74] (iter : i) (func : f) (produced : Seq'0.t_seq item'0) = - [%#span11] forall i : i . forall e : item'0 . inv'9 i - -> inv'6 e -> produces'1 iter (singleton'1 e) i -> precondition'0 func (e, new'0 produced) + [%#span9] forall i : i . forall e : item'0 . inv'7 i + -> inv'5 e -> produces'1 iter (singleton'1 e) i -> precondition'0 func (e, new'0 produced) predicate postcondition_mut'0 (self : borrowed f) (_2 : (item'0, Snapshot'0.t_snapshot (Seq'0.t_seq item'0))) (_3 : b) - use seq.Seq - function concat'1 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'1_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span12] inv'7 self) - -> ([%#span13] inv'7 other) - -> ([%#span16] inv'7 (concat'1 self other)) - && ([%#span15] forall i : int . 0 <= i /\ i < len'1 (concat'1 self other) + axiom concat'1_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span11] forall i : int . 0 + <= i + /\ i < len'1 (concat'1 self other) -> index_logic'2 (concat'1 self other) i = (if i < len'1 self then index_logic'2 self i else index_logic'2 other (i - len'1 self))) - && ([%#span14] len'1 (concat'1 self other) = len'1 self + len'1 other) + && ([%#span10] len'1 (concat'1 self other) = len'1 self + len'1 other) function push'0 [@inline:trivial] (self : Seq'0.t_seq item'0) (v : item'0) : Seq'0.t_seq item'0 = - [%#span17] concat'1 self (singleton'1 v) + [%#span12] concat'1 self (singleton'1 v) predicate unnest'0 (self : f) (_2 : f) predicate preservation'0 [#"../06_map_precond.rs" 105 4 105 45] (iter : i) (func : f) = - [%#span18] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'9 i - -> inv'4 b - -> inv'5 f - -> inv'6 e2 - -> inv'6 e1 - -> inv'7 s + [%#span13] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'7 i + -> inv'3 b + -> inv'4 f + -> inv'5 e2 + -> inv'5 e1 -> unnest'0 func ( * f) -> produces'1 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 s) -> postcondition_mut'0 f (e1, new'0 s) b -> precondition'0 ( ^ f) (e2, new'0 (push'0 s e1)) - constant empty'2 : Seq'0.t_seq item'0 = [%#span19] () + constant empty'2 : Seq'0.t_seq item'0 predicate preservation_inv'0 [#"../06_map_precond.rs" 93 4 93 73] (iter : i) (func : f) (produced : Seq'0.t_seq item'0) = - [%#span24] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'9 i - -> inv'4 b - -> inv'5 f - -> inv'6 e2 - -> inv'6 e1 - -> inv'7 s + [%#span17] forall i : i . forall b : b . forall f : borrowed f . forall e2 : item'0 . forall e1 : item'0 . forall s : Seq'0.t_seq item'0 . inv'7 i + -> inv'3 b + -> inv'4 f + -> inv'5 e2 + -> inv'5 e1 -> unnest'0 func ( * f) -> produces'1 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 (concat'1 produced s)) -> postcondition_mut'0 f (e1, new'0 (concat'1 produced s)) b -> precondition'0 ( ^ f) (e2, new'0 (push'0 (concat'1 produced s) e1)) - axiom preservation_inv'0_spec : forall iter : i, func : f, produced : Seq'0.t_seq item'0 . ([%#span20] inv'9 iter) - -> ([%#span21] inv'10 func) - -> ([%#span22] inv'7 produced) - -> ([%#span23] produced = (empty'2 : Seq'0.t_seq item'0) + axiom preservation_inv'0_spec : forall iter : i, func : f, produced : Seq'0.t_seq item'0 . ([%#span14] inv'7 iter) + -> ([%#span15] inv'8 func) + -> ([%#span16] produced = (empty'2 : Seq'0.t_seq item'0) -> preservation_inv'0 iter func produced = preservation'0 iter func) use C06MapPrecond_Map_Type as C06MapPrecond_Map_Type @@ -5245,15 +4534,15 @@ module C06MapPrecond_Impl0 predicate completed'1 [#"../common.rs" 11 4 11 36] (self : borrowed i) predicate reinitialize'0 [#"../06_map_precond.rs" 117 4 117 29] (_1 : ()) = - [%#span25] forall func : f . forall iter : borrowed i . inv'10 func - -> inv'11 iter + [%#span18] forall func : f . forall iter : borrowed i . inv'8 func + -> inv'9 iter -> completed'1 iter -> next_precondition'0 ( ^ iter) func (empty'2 : Seq'0.t_seq item'0) /\ preservation'0 ( ^ iter) func use C06MapPrecond_Map_Type as Map'0 predicate invariant'2 [#"../06_map_precond.rs" 157 4 157 30] (self : Map'0.t_map i b f item'0) = - [%#span26] reinitialize'0 () + [%#span19] reinitialize'0 () /\ preservation_inv'0 (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (deref'0 (C06MapPrecond_Map_Type.map_produced self)) /\ next_precondition'0 (C06MapPrecond_Map_Type.map_iter self) (C06MapPrecond_Map_Type.map_func self) (deref'0 (C06MapPrecond_Map_Type.map_produced self)) @@ -5279,67 +4568,49 @@ module C06MapPrecond_Impl0 axiom inv'0 : forall x : borrowed (Map'0.t_map i b f item'0) . inv'0 x = (inv'2 ( * x) /\ inv'2 ( ^ x)) - constant empty'0 : Seq'0.t_seq b = [%#span19] () - - constant empty'0 : Seq'0.t_seq b = [%#span19] () - - use seq.Seq - - use seq.Seq + constant empty'0 : Seq'0.t_seq b - function index_logic'0 (self : Seq'0.t_seq b) (x : int) : b + constant empty'0 : Seq'0.t_seq b - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq b) (_2 : int) : b function len'0 (self : Seq'0.t_seq b) : int - axiom len'0_spec : forall self : Seq'0.t_seq b . ([%#span5] inv'3 self) -> ([%#span6] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq b . [%#span5] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq b) (other : Seq'0.t_seq b) : Seq'0.t_seq b - axiom concat'0_spec : forall self : Seq'0.t_seq b, other : Seq'0.t_seq b . ([%#span12] inv'3 self) - -> ([%#span13] inv'3 other) - -> ([%#span16] inv'3 (concat'0 self other)) - && ([%#span15] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq b, other : Seq'0.t_seq b . ([%#span11] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span14] len'0 (concat'0 self other) = len'0 self + len'0 other) - - use prelude.seq_ext.SeqExt + && ([%#span10] len'0 (concat'0 self other) = len'0 self + len'0 other) function subsequence'0 (self : Seq'0.t_seq item'0) (n : int) (m : int) : Seq'0.t_seq item'0 - axiom subsequence'0_spec : forall self : Seq'0.t_seq item'0, n : int, m : int . ([%#span27] 0 <= n + axiom subsequence'0_spec : forall self : Seq'0.t_seq item'0, n : int, m : int . ([%#span20] 0 <= n /\ n <= m /\ m <= len'1 self) - -> ([%#span28] inv'7 self) - -> ([%#span31] inv'7 (subsequence'0 self n m)) - && ([%#span30] forall i : int . 0 <= i /\ i < len'1 (subsequence'0 self n m) + -> ([%#span22] forall i : int . 0 <= i /\ i < len'1 (subsequence'0 self n m) -> index_logic'2 (subsequence'0 self n m) i = index_logic'2 self (n + i)) - && ([%#span29] len'1 (subsequence'0 self n m) = m - n) - - use seq.Seq + && ([%#span21] len'1 (subsequence'0 self n m) = m - n) - function index_logic'1 (self : Seq'0.t_seq (borrowed f)) (x : int) : borrowed f - - use seq.Seq + function index_logic'1 (self : Seq'0.t_seq (borrowed f)) (_2 : int) : borrowed f function len'2 (self : Seq'0.t_seq (borrowed f)) : int - axiom len'2_spec : forall self : Seq'0.t_seq (borrowed f) . ([%#span5] inv'8 self) -> ([%#span6] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq (borrowed f) . [%#span5] len'2 self >= 0 function inner'0 (self : Snapshot'0.t_snapshot (Seq'0.t_seq item'0)) : Seq'0.t_seq item'0 predicate produces'0 [@inline:trivial] [#"../06_map_precond.rs" 43 4 43 67] (self : Map'0.t_map i b f item'0) (visited : Seq'0.t_seq b) (succ : Map'0.t_map i b f item'0) = - [%#span32] unnest'0 (C06MapPrecond_Map_Type.map_func self) (C06MapPrecond_Map_Type.map_func succ) - /\ (exists s : Seq'0.t_seq item'0 . inv'7 s - /\ len'1 s = len'0 visited + [%#span23] unnest'0 (C06MapPrecond_Map_Type.map_func self) (C06MapPrecond_Map_Type.map_func succ) + /\ (exists s : Seq'0.t_seq item'0 . len'1 s = len'0 visited /\ produces'1 (C06MapPrecond_Map_Type.map_iter self) s (C06MapPrecond_Map_Type.map_iter succ) /\ inner'0 (C06MapPrecond_Map_Type.map_produced succ) = concat'1 (deref'0 (C06MapPrecond_Map_Type.map_produced self)) s - /\ (exists fs : Seq'0.t_seq (borrowed f) . inv'8 fs - /\ len'2 fs = len'0 visited + /\ (exists fs : Seq'0.t_seq (borrowed f) . len'2 fs = len'0 visited /\ (forall i : int . 1 <= i /\ i < len'2 fs -> ^ index_logic'1 fs (i - 1) = * index_logic'1 fs i) /\ (if len'0 visited = 0 then C06MapPrecond_Map_Type.map_func self = C06MapPrecond_Map_Type.map_func succ @@ -5352,34 +4623,31 @@ module C06MapPrecond_Impl0 /\ precondition'0 ( * index_logic'1 fs i) (index_logic'2 s i, new'0 (concat'1 (deref'0 (C06MapPrecond_Map_Type.map_produced self)) (subsequence'0 s 0 i))) /\ postcondition_mut'0 (index_logic'1 fs i) (index_logic'2 s i, new'0 (concat'1 (deref'0 (C06MapPrecond_Map_Type.map_produced self)) (subsequence'0 s 0 i))) (index_logic'0 visited i)))) - use seq.Seq - function singleton'0 (v : b) : Seq'0.t_seq b - axiom singleton'0_spec : forall v : b . ([%#span7] inv'4 v) - -> ([%#span10] inv'3 (singleton'0 v)) - && ([%#span9] index_logic'0 (singleton'0 v) 0 = v) && ([%#span8] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : b . ([%#span6] inv'3 v) + -> ([%#span8] index_logic'0 (singleton'0 v) 0 = v) && ([%#span7] len'0 (singleton'0 v) = 1) predicate produces_one'0 [#"../06_map_precond.rs" 142 4 142 57] (self : Map'0.t_map i b f item'0) (visited : b) (succ : Map'0.t_map i b f item'0) = - [%#span37] exists f : borrowed f . inv'5 f + [%#span28] exists f : borrowed f . inv'4 f /\ * f = C06MapPrecond_Map_Type.map_func self /\ ^ f = C06MapPrecond_Map_Type.map_func succ - /\ (exists e : item'0 . inv'6 e + /\ (exists e : item'0 . inv'5 e /\ produces'1 (C06MapPrecond_Map_Type.map_iter self) (singleton'1 e) (C06MapPrecond_Map_Type.map_iter succ) /\ inner'0 (C06MapPrecond_Map_Type.map_produced succ) = push'0 (deref'0 (C06MapPrecond_Map_Type.map_produced self)) e /\ precondition'0 ( * f) (e, C06MapPrecond_Map_Type.map_produced self) /\ postcondition_mut'0 f (e, C06MapPrecond_Map_Type.map_produced self) visited) - axiom produces_one'0_spec : forall self : Map'0.t_map i b f item'0, visited : b, succ : Map'0.t_map i b f item'0 . ([%#span33] inv'2 self) - -> ([%#span34] inv'4 visited) - -> ([%#span35] inv'2 succ) - -> ([%#span36] produces_one'0 self visited succ = produces'0 self (singleton'0 visited) succ) + axiom produces_one'0_spec : forall self : Map'0.t_map i b f item'0, visited : b, succ : Map'0.t_map i b f item'0 . ([%#span24] inv'2 self) + -> ([%#span25] inv'3 visited) + -> ([%#span26] inv'2 succ) + -> ([%#span27] produces_one'0 self visited succ = produces'0 self (singleton'0 visited) succ) predicate completed'0 [#"../06_map_precond.rs" 21 4 21 35] (self : borrowed (Map'0.t_map i b f item'0)) = - [%#span38] deref'0 (C06MapPrecond_Map_Type.map_produced ( ^ self)) = (empty'2 : Seq'0.t_seq item'0) + [%#span29] deref'0 (C06MapPrecond_Map_Type.map_produced ( ^ self)) = (empty'2 : Seq'0.t_seq item'0) /\ completed'1 (Borrow.borrow_logic (C06MapPrecond_Map_Type.map_iter ( * self)) (C06MapPrecond_Map_Type.map_iter ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) /\ C06MapPrecond_Map_Type.map_func ( * self) = C06MapPrecond_Map_Type.map_func ( ^ self) @@ -5397,11 +4665,9 @@ module C06MapPrecond_Impl0 end) goal produces_trans_refn : [%#s06_map_precond1] forall a : Map'0.t_map i b f item'0 . forall ab : Seq'0.t_seq b . forall b : Map'0.t_map i b f item'0 . forall bc : Seq'0.t_seq b . forall c : Map'0.t_map i b f item'0 . inv'2 c - /\ inv'3 bc /\ inv'2 b /\ inv'3 ab /\ inv'2 a /\ produces'0 b bc c /\ produces'0 a ab b + /\ inv'2 b /\ inv'2 a /\ produces'0 b bc c /\ produces'0 a ab b -> inv'2 c - /\ inv'3 bc /\ inv'2 b - /\ inv'3 ab /\ inv'2 a /\ produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (concat'0 ab bc) c -> produces'0 a (concat'0 ab bc) c) diff --git a/creusot/tests/should_succeed/iterators/07_fuse.coma b/creusot/tests/should_succeed/iterators/07_fuse.coma index 7d2b23e203..b925201ddc 100644 --- a/creusot/tests/should_succeed/iterators/07_fuse.coma +++ b/creusot/tests/should_succeed/iterators/07_fuse.coma @@ -34,22 +34,7 @@ module C07Fuse_Fuse_Type end end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C07Fuse_Impl0_Next type i @@ -62,76 +47,50 @@ module C07Fuse_Impl0_Next let%span s07_fuse3 = "../07_fuse.rs" 39 26 39 44 - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span14 = "../common.rs" 18 15 18 32 - - let%span span15 = "../common.rs" 19 15 19 32 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span16 = "../common.rs" 21 22 21 23 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span17 = "../common.rs" 21 31 21 33 + let%span span8 = "../common.rs" 18 15 18 32 - let%span span18 = "../common.rs" 21 52 21 53 + let%span span9 = "../common.rs" 19 15 19 32 - let%span span19 = "../common.rs" 21 61 21 63 + let%span span10 = "../common.rs" 21 22 21 23 - let%span span20 = "../common.rs" 21 82 21 83 + let%span span11 = "../common.rs" 21 52 21 53 - let%span span21 = "../common.rs" 20 14 20 42 + let%span span12 = "../common.rs" 21 82 21 83 - let%span span22 = "../common.rs" 15 21 15 25 + let%span span13 = "../common.rs" 20 14 20 42 - let%span span23 = "../common.rs" 14 14 14 45 + let%span span14 = "../common.rs" 15 21 15 25 - let%span span24 = "../07_fuse.rs" 26 8 32 9 + let%span span15 = "../common.rs" 14 14 14 45 - let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span16 = "../07_fuse.rs" 26 8 32 9 - let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span29 = "../07_fuse.rs" 18 12 19 32 + let%span span20 = "../07_fuse.rs" 18 12 19 32 - let%span span30 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span21 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span31 = "../common.rs" 27 17 27 21 + let%span span22 = "../common.rs" 27 17 27 21 - let%span span32 = "../common.rs" 23 14 26 5 + let%span span23 = "../common.rs" 23 14 26 5 - let%span span33 = "../common.rs" 27 26 27 44 + let%span span24 = "../common.rs" 27 26 27 44 type item'0 - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'7 (self : Seq'0.t_seq item'0) - - predicate inv'7 (_x : Seq'0.t_seq item'0) - - axiom inv'7 : forall x : Seq'0.t_seq item'0 . inv'7 x = true - predicate invariant'6 (self : item'0) predicate inv'6 (_x : item'0) @@ -140,20 +99,17 @@ module C07Fuse_Impl0_Next use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span4] inv'7 self) -> ([%#span5] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span4] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq item'0 = [%#span6] () + constant empty'0 : Seq'0.t_seq item'0 - function empty_len'0 (_1 : ()) : () = - [%#span8] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span7] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span5] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 use Core_Option_Option_Type as Option'0 @@ -171,21 +127,16 @@ module C07Fuse_Impl0_Next axiom inv'4 : forall x : borrowed i . inv'4 x = true - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span9] inv'7 self) - -> ([%#span10] inv'7 other) - -> ([%#span13] inv'7 (concat'0 self other)) - && ([%#span12] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span7] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span11] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span6] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate inv'3 (_x : i) @@ -194,17 +145,15 @@ module C07Fuse_Impl0_Next function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span14] produces'1 a ab b) - -> ([%#span15] produces'1 b bc c) - -> ([%#span16] inv'3 a) - -> ([%#span17] inv'7 ab) - -> ([%#span18] inv'3 b) - -> ([%#span19] inv'7 bc) -> ([%#span20] inv'3 c) -> ([%#span21] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span8] produces'1 a ab b) + -> ([%#span9] produces'1 b bc c) + -> ([%#span10] inv'3 a) + -> ([%#span11] inv'3 b) -> ([%#span12] inv'3 c) -> ([%#span13] produces'1 a (concat'0 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span22] inv'3 self) - -> ([%#span23] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : i . ([%#span14] inv'3 self) + -> ([%#span15] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) predicate invariant'3 (self : i) @@ -235,7 +184,7 @@ module C07Fuse_Impl0_Next predicate produces'0 [#"../07_fuse.rs" 25 4 25 65] (self : Fuse'0.t_fuse i) (prod : Seq'0.t_seq item'0) (other : Fuse'0.t_fuse i) = - [%#span24] match C07Fuse_Fuse_Type.fuse_iter self with + [%#span16] match C07Fuse_Fuse_Type.fuse_iter self with | Option'0.C_None -> prod = (empty'0 : Seq'0.t_seq item'0) /\ C07Fuse_Fuse_Type.fuse_iter other = C07Fuse_Fuse_Type.fuse_iter self | Option'0.C_Some i -> match C07Fuse_Fuse_Type.fuse_iter other with @@ -244,18 +193,15 @@ module C07Fuse_Impl0_Next end end - use seq.Seq - function singleton'0 (v : item'0) : Seq'0.t_seq item'0 - axiom singleton'0_spec : forall v : item'0 . ([%#span25] inv'6 v) - -> ([%#span28] inv'7 (singleton'0 v)) - && ([%#span27] index_logic'0 (singleton'0 v) 0 = v) && ([%#span26] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : item'0 . ([%#span17] inv'6 v) + -> ([%#span19] index_logic'0 (singleton'0 v) 0 = v) && ([%#span18] len'0 (singleton'0 v) = 1) predicate completed'1 [#"../common.rs" 11 4 11 36] (self : borrowed i) predicate completed'0 [#"../07_fuse.rs" 16 4 16 35] (self : borrowed (Fuse'0.t_fuse i)) = - [%#span29] (C07Fuse_Fuse_Type.fuse_iter ( * self) = Option'0.C_None + [%#span20] (C07Fuse_Fuse_Type.fuse_iter ( * self) = Option'0.C_None \/ (exists it : borrowed i . inv'4 it /\ completed'1 it /\ C07Fuse_Fuse_Type.fuse_iter ( * self) = Option'0.C_Some ( * it))) /\ C07Fuse_Fuse_Type.fuse_iter ( ^ self) = Option'0.C_None @@ -267,12 +213,12 @@ module C07Fuse_Impl0_Next predicate resolve'3 (self : Option'0.t_option item'0) predicate resolve'2 (self : borrowed i) = - [%#span30] ^ self = * self + [%#span21] ^ self = * self - let rec next'0 (self:borrowed i) (return' (ret:Option'0.t_option item'0))= {[@expl:precondition] [%#span31] inv'4 self} + let rec next'0 (self:borrowed i) (return' (ret:Option'0.t_option item'0))= {[@expl:precondition] [%#span22] inv'4 self} any - [ return' (result:Option'0.t_option item'0)-> {[%#span33] inv'5 result} - {[%#span32] match result with + [ return' (result:Option'0.t_option item'0)-> {[%#span24] inv'5 result} + {[%#span23] match result with | Option'0.C_None -> completed'1 self | Option'0.C_Some v -> produces'1 ( * self) (singleton'0 v) ( ^ self) end} @@ -280,10 +226,10 @@ module C07Fuse_Impl0_Next predicate resolve'1 (self : borrowed (Fuse'0.t_fuse i)) = - [%#span30] ^ self = * self + [%#span21] ^ self = * self predicate resolve'0 (self : borrowed (Option'0.t_option i)) = - [%#span30] ^ self = * self + [%#span21] ^ self = * self let rec next (self:borrowed (Fuse'0.t_fuse i)) (return' (ret:Option'0.t_option item'0))= {[%#s07_fuse1] inv'2 self} (! bb0 @@ -394,113 +340,79 @@ module C07Fuse_Impl0_ProducesRefl_Impl let%span s07_fuse1 = "../07_fuse.rs" 54 14 54 45 - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span5 = "../common.rs" 18 15 18 32 - let%span span9 = "../common.rs" 18 15 18 32 + let%span span6 = "../common.rs" 19 15 19 32 - let%span span10 = "../common.rs" 19 15 19 32 + let%span span7 = "../common.rs" 21 22 21 23 - let%span span11 = "../common.rs" 21 22 21 23 + let%span span8 = "../common.rs" 21 52 21 53 - let%span span12 = "../common.rs" 21 31 21 33 + let%span span9 = "../common.rs" 21 82 21 83 - let%span span13 = "../common.rs" 21 52 21 53 + let%span span10 = "../common.rs" 20 14 20 42 - let%span span14 = "../common.rs" 21 61 21 63 + let%span span11 = "../common.rs" 15 21 15 25 - let%span span15 = "../common.rs" 21 82 21 83 + let%span span12 = "../common.rs" 14 14 14 45 - let%span span16 = "../common.rs" 20 14 20 42 + let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span14 = "../07_fuse.rs" 26 8 32 9 - let%span span18 = "../common.rs" 15 21 15 25 + predicate invariant'1 (self : i) - let%span span19 = "../common.rs" 14 14 14 45 + predicate inv'1 (_x : i) - let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span22 = "../07_fuse.rs" 26 8 32 9 - - predicate invariant'2 (self : i) - - predicate inv'2 (_x : i) - - axiom inv'2 : forall x : i . inv'2 x = true + axiom inv'1 : forall x : i . inv'1 x = true type item'0 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'1 (self : Seq'0.t_seq item'0) - - predicate inv'1 (_x : Seq'0.t_seq item'0) - - axiom inv'1 : forall x : Seq'0.t_seq item'0 . inv'1 x = true - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - use seq.Seq - use prelude.prelude.Int - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span2] inv'1 self) -> ([%#span3] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span2] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span4] inv'1 self) - -> ([%#span5] inv'1 other) - -> ([%#span8] inv'1 (concat'0 self other)) - && ([%#span7] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span4] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span6] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span3] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span9] produces'1 a ab b) - -> ([%#span10] produces'1 b bc c) - -> ([%#span11] inv'2 a) - -> ([%#span12] inv'1 ab) - -> ([%#span13] inv'2 b) - -> ([%#span14] inv'1 bc) -> ([%#span15] inv'2 c) -> ([%#span16] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span5] produces'1 a ab b) + -> ([%#span6] produces'1 b bc c) + -> ([%#span7] inv'1 a) + -> ([%#span8] inv'1 b) -> ([%#span9] inv'1 c) -> ([%#span10] produces'1 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq item'0 = [%#span17] () + constant empty'0 : Seq'0.t_seq item'0 function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span18] inv'2 self) - -> ([%#span19] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : i . ([%#span11] inv'1 self) + -> ([%#span12] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) - function empty_len'0 (_1 : ()) : () = - [%#span21] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span20] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span13] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 use C07Fuse_Fuse_Type as Fuse'0 @@ -517,7 +429,7 @@ module C07Fuse_Impl0_ProducesRefl_Impl predicate produces'0 [#"../07_fuse.rs" 25 4 25 65] (self : Fuse'0.t_fuse i) (prod : Seq'0.t_seq item'0) (other : Fuse'0.t_fuse i) = - [%#span22] match C07Fuse_Fuse_Type.fuse_iter self with + [%#span14] match C07Fuse_Fuse_Type.fuse_iter self with | Option'0.C_None -> prod = (empty'0 : Seq'0.t_seq item'0) /\ C07Fuse_Fuse_Type.fuse_iter other = C07Fuse_Fuse_Type.fuse_iter self | Option'0.C_Some i -> match C07Fuse_Fuse_Type.fuse_iter other with @@ -542,123 +454,85 @@ module C07Fuse_Impl0_ProducesTrans_Impl let%span s07_fuse2 = "../07_fuse.rs" 62 22 62 23 - let%span s07_fuse3 = "../07_fuse.rs" 62 31 62 33 - - let%span s07_fuse4 = "../07_fuse.rs" 62 52 62 53 - - let%span s07_fuse5 = "../07_fuse.rs" 62 61 62 63 - - let%span s07_fuse6 = "../07_fuse.rs" 62 82 62 83 - - let%span s07_fuse7 = "../07_fuse.rs" 61 14 61 42 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span s07_fuse3 = "../07_fuse.rs" 62 52 62 53 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span s07_fuse4 = "../07_fuse.rs" 62 82 62 83 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span s07_fuse5 = "../07_fuse.rs" 61 14 61 42 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span15 = "../common.rs" 18 15 18 32 - - let%span span16 = "../common.rs" 19 15 19 32 - - let%span span17 = "../common.rs" 21 22 21 23 - - let%span span18 = "../common.rs" 21 31 21 33 - - let%span span19 = "../common.rs" 21 52 21 53 + let%span span9 = "../common.rs" 18 15 18 32 - let%span span20 = "../common.rs" 21 61 21 63 + let%span span10 = "../common.rs" 19 15 19 32 - let%span span21 = "../common.rs" 21 82 21 83 + let%span span11 = "../common.rs" 21 22 21 23 - let%span span22 = "../common.rs" 20 14 20 42 + let%span span12 = "../common.rs" 21 52 21 53 - let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span13 = "../common.rs" 21 82 21 83 - let%span span24 = "../common.rs" 15 21 15 25 + let%span span14 = "../common.rs" 20 14 20 42 - let%span span25 = "../common.rs" 14 14 14 45 + let%span span15 = "../common.rs" 15 21 15 25 - let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span16 = "../common.rs" 14 14 14 45 - let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span28 = "../07_fuse.rs" 26 8 32 9 + let%span span18 = "../07_fuse.rs" 26 8 32 9 - predicate invariant'2 (self : i) + predicate invariant'1 (self : i) - predicate inv'2 (_x : i) + predicate inv'1 (_x : i) - axiom inv'2 : forall x : i . inv'2 x = true + axiom inv'1 : forall x : i . inv'1 x = true type item'0 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - use seq.Seq - use prelude.prelude.Int - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 - - use seq.Seq - - predicate inv'1 (_x : Seq'0.t_seq item'0) + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span8] inv'1 self) -> ([%#span9] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span6] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span10] inv'1 self) - -> ([%#span11] inv'1 other) - -> ([%#span14] inv'1 (concat'0 self other)) - && ([%#span13] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span8] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span12] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span7] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span15] produces'1 a ab b) - -> ([%#span16] produces'1 b bc c) - -> ([%#span17] inv'2 a) - -> ([%#span18] inv'1 ab) - -> ([%#span19] inv'2 b) - -> ([%#span20] inv'1 bc) -> ([%#span21] inv'2 c) -> ([%#span22] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span9] produces'1 a ab b) + -> ([%#span10] produces'1 b bc c) + -> ([%#span11] inv'1 a) + -> ([%#span12] inv'1 b) -> ([%#span13] inv'1 c) -> ([%#span14] produces'1 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq item'0 = [%#span23] () + constant empty'0 : Seq'0.t_seq item'0 function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span24] inv'2 self) - -> ([%#span25] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : i . ([%#span15] inv'1 self) + -> ([%#span16] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) - function empty_len'0 (_1 : ()) : () = - [%#span27] () - - axiom empty_len'0_spec : forall _1 : () . [%#span26] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 + function empty_len'0 (_1 : ()) : () - predicate invariant'1 (self : Seq'0.t_seq item'0) - - axiom inv'1 : forall x : Seq'0.t_seq item'0 . inv'1 x = true + axiom empty_len'0_spec : forall _1 : () . [%#span17] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 use C07Fuse_Fuse_Type as Fuse'0 @@ -675,7 +549,7 @@ module C07Fuse_Impl0_ProducesTrans_Impl predicate produces'0 [#"../07_fuse.rs" 25 4 25 65] (self : Fuse'0.t_fuse i) (prod : Seq'0.t_seq item'0) (other : Fuse'0.t_fuse i) = - [%#span28] match C07Fuse_Fuse_Type.fuse_iter self with + [%#span18] match C07Fuse_Fuse_Type.fuse_iter self with | Option'0.C_None -> prod = (empty'0 : Seq'0.t_seq item'0) /\ C07Fuse_Fuse_Type.fuse_iter other = C07Fuse_Fuse_Type.fuse_iter self | Option'0.C_Some i -> match C07Fuse_Fuse_Type.fuse_iter other with @@ -697,13 +571,11 @@ module C07Fuse_Impl0_ProducesTrans_Impl function produces_trans [#"../07_fuse.rs" 62 4 62 90] (a : Fuse'0.t_fuse i) (ab : Seq'0.t_seq item'0) (b : Fuse'0.t_fuse i) (bc : Seq'0.t_seq item'0) (c : Fuse'0.t_fuse i) : () - goal vc_produces_trans : ([%#s07_fuse6] inv'0 c) - -> ([%#s07_fuse5] inv'1 bc) - -> ([%#s07_fuse4] inv'0 b) - -> ([%#s07_fuse3] inv'1 ab) + goal vc_produces_trans : ([%#s07_fuse4] inv'0 c) + -> ([%#s07_fuse3] inv'0 b) -> ([%#s07_fuse2] inv'0 a) -> ([%#s07_fuse1] produces'0 b bc c) - -> ([%#s07_fuse0] produces'0 a ab b) -> ([%#s07_fuse7] produces'0 a (concat'0 ab bc) c) + -> ([%#s07_fuse0] produces'0 a ab b) -> ([%#s07_fuse5] produces'0 a (concat'0 ab bc) c) end module C07Fuse_Impl1_IsFused_Impl type i @@ -714,161 +586,121 @@ module C07Fuse_Impl1_IsFused_Impl let%span s07_fuse2 = "../07_fuse.rs" 81 21 81 25 - let%span s07_fuse3 = "../07_fuse.rs" 81 27 81 32 - - let%span s07_fuse4 = "../07_fuse.rs" 81 51 81 55 + let%span s07_fuse3 = "../07_fuse.rs" 81 51 81 55 - let%span s07_fuse5 = "../07_fuse.rs" 80 14 80 50 + let%span s07_fuse4 = "../07_fuse.rs" 80 14 80 50 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span13 = "../common.rs" 18 15 18 32 - - let%span span14 = "../common.rs" 19 15 19 32 - - let%span span15 = "../common.rs" 21 22 21 23 - - let%span span16 = "../common.rs" 21 31 21 33 - - let%span span17 = "../common.rs" 21 52 21 53 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span18 = "../common.rs" 21 61 21 63 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span19 = "../common.rs" 21 82 21 83 + let%span span8 = "../common.rs" 18 15 18 32 - let%span span20 = "../common.rs" 20 14 20 42 + let%span span9 = "../common.rs" 19 15 19 32 - let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span10 = "../common.rs" 21 22 21 23 - let%span span22 = "../common.rs" 15 21 15 25 + let%span span11 = "../common.rs" 21 52 21 53 - let%span span23 = "../common.rs" 14 14 14 45 + let%span span12 = "../common.rs" 21 82 21 83 - let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span13 = "../common.rs" 20 14 20 42 - let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span14 = "../common.rs" 15 21 15 25 - let%span span26 = "../07_fuse.rs" 26 8 32 9 + let%span span15 = "../common.rs" 14 14 14 45 - let%span span27 = "../07_fuse.rs" 59 15 59 32 + let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span28 = "../07_fuse.rs" 60 15 60 32 + let%span span17 = "../07_fuse.rs" 26 8 32 9 - let%span span29 = "../07_fuse.rs" 62 22 62 23 + let%span span18 = "../07_fuse.rs" 59 15 59 32 - let%span span30 = "../07_fuse.rs" 62 31 62 33 + let%span span19 = "../07_fuse.rs" 60 15 60 32 - let%span span31 = "../07_fuse.rs" 62 52 62 53 + let%span span20 = "../07_fuse.rs" 62 22 62 23 - let%span span32 = "../07_fuse.rs" 62 61 62 63 + let%span span21 = "../07_fuse.rs" 62 52 62 53 - let%span span33 = "../07_fuse.rs" 62 82 62 83 + let%span span22 = "../07_fuse.rs" 62 82 62 83 - let%span span34 = "../07_fuse.rs" 61 14 61 42 + let%span span23 = "../07_fuse.rs" 61 14 61 42 - let%span span35 = "../07_fuse.rs" 57 4 57 10 + let%span span24 = "../07_fuse.rs" 57 4 57 10 - let%span span36 = "../07_fuse.rs" 55 21 55 25 + let%span span25 = "../07_fuse.rs" 55 21 55 25 - let%span span37 = "../07_fuse.rs" 54 14 54 45 + let%span span26 = "../07_fuse.rs" 54 14 54 45 - let%span span38 = "../07_fuse.rs" 52 4 52 10 + let%span span27 = "../07_fuse.rs" 52 4 52 10 - let%span span39 = "../07_fuse.rs" 18 12 19 32 + let%span span28 = "../07_fuse.rs" 18 12 19 32 - predicate invariant'4 (self : i) + predicate invariant'3 (self : i) - predicate inv'4 (_x : i) + predicate inv'3 (_x : i) - axiom inv'4 : forall x : i . inv'4 x = true + axiom inv'3 : forall x : i . inv'3 x = true use prelude.prelude.Borrow - predicate invariant'3 (self : borrowed i) + predicate invariant'2 (self : borrowed i) - predicate inv'3 (_x : borrowed i) + predicate inv'2 (_x : borrowed i) - axiom inv'3 : forall x : borrowed i . inv'3 x = true + axiom inv'2 : forall x : borrowed i . inv'2 x = true type item'0 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - use seq.Seq - use prelude.prelude.Int - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 - - use seq.Seq - - predicate inv'1 (_x : Seq'0.t_seq item'0) + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span6] inv'1 self) -> ([%#span7] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span5] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span8] inv'1 self) - -> ([%#span9] inv'1 other) - -> ([%#span12] inv'1 (concat'0 self other)) - && ([%#span11] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span7] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span10] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span6] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) function produces_trans'1 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'1_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span13] produces'1 a ab b) - -> ([%#span14] produces'1 b bc c) - -> ([%#span15] inv'4 a) - -> ([%#span16] inv'1 ab) - -> ([%#span17] inv'4 b) - -> ([%#span18] inv'1 bc) -> ([%#span19] inv'4 c) -> ([%#span20] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'1_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span8] produces'1 a ab b) + -> ([%#span9] produces'1 b bc c) + -> ([%#span10] inv'3 a) + -> ([%#span11] inv'3 b) -> ([%#span12] inv'3 c) -> ([%#span13] produces'1 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq item'0 = [%#span21] () + constant empty'0 : Seq'0.t_seq item'0 function produces_refl'1 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'1_spec : forall self : i . ([%#span22] inv'4 self) - -> ([%#span23] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) + axiom produces_refl'1_spec : forall self : i . ([%#span14] inv'3 self) + -> ([%#span15] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) - function empty_len'0 (_1 : ()) : () = - [%#span25] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span24] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span16] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 use C07Fuse_Fuse_Type as Fuse'0 - predicate invariant'2 (self : Fuse'0.t_fuse i) - - predicate inv'2 (_x : Fuse'0.t_fuse i) + predicate invariant'1 (self : Fuse'0.t_fuse i) - axiom inv'2 : forall x : Fuse'0.t_fuse i . inv'2 x = true + predicate inv'1 (_x : Fuse'0.t_fuse i) - predicate invariant'1 (self : Seq'0.t_seq item'0) - - axiom inv'1 : forall x : Seq'0.t_seq item'0 . inv'1 x = true + axiom inv'1 : forall x : Fuse'0.t_fuse i . inv'1 x = true predicate invariant'0 (self : borrowed (Fuse'0.t_fuse i)) @@ -883,7 +715,7 @@ module C07Fuse_Impl1_IsFused_Impl predicate produces'0 [#"../07_fuse.rs" 25 4 25 65] (self : Fuse'0.t_fuse i) (prod : Seq'0.t_seq item'0) (other : Fuse'0.t_fuse i) = - [%#span26] match C07Fuse_Fuse_Type.fuse_iter self with + [%#span17] match C07Fuse_Fuse_Type.fuse_iter self with | Option'0.C_None -> prod = (empty'0 : Seq'0.t_seq item'0) /\ C07Fuse_Fuse_Type.fuse_iter other = C07Fuse_Fuse_Type.fuse_iter self | Option'0.C_Some i -> match C07Fuse_Fuse_Type.fuse_iter other with @@ -895,26 +727,24 @@ module C07Fuse_Impl1_IsFused_Impl function produces_trans'0 [#"../07_fuse.rs" 62 4 62 90] (a : Fuse'0.t_fuse i) (ab : Seq'0.t_seq item'0) (b : Fuse'0.t_fuse i) (bc : Seq'0.t_seq item'0) (c : Fuse'0.t_fuse i) : () = - [%#span35] () + [%#span24] () - axiom produces_trans'0_spec : forall a : Fuse'0.t_fuse i, ab : Seq'0.t_seq item'0, b : Fuse'0.t_fuse i, bc : Seq'0.t_seq item'0, c : Fuse'0.t_fuse i . ([%#span27] produces'0 a ab b) - -> ([%#span28] produces'0 b bc c) - -> ([%#span29] inv'2 a) - -> ([%#span30] inv'1 ab) - -> ([%#span31] inv'2 b) - -> ([%#span32] inv'1 bc) -> ([%#span33] inv'2 c) -> ([%#span34] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : Fuse'0.t_fuse i, ab : Seq'0.t_seq item'0, b : Fuse'0.t_fuse i, bc : Seq'0.t_seq item'0, c : Fuse'0.t_fuse i . ([%#span18] produces'0 a ab b) + -> ([%#span19] produces'0 b bc c) + -> ([%#span20] inv'1 a) + -> ([%#span21] inv'1 b) -> ([%#span22] inv'1 c) -> ([%#span23] produces'0 a (concat'0 ab bc) c) function produces_refl'0 [#"../07_fuse.rs" 55 4 55 26] (self : Fuse'0.t_fuse i) : () = - [%#span38] () + [%#span27] () - axiom produces_refl'0_spec : forall self : Fuse'0.t_fuse i . ([%#span36] inv'2 self) - -> ([%#span37] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : Fuse'0.t_fuse i . ([%#span25] inv'1 self) + -> ([%#span26] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) predicate completed'1 [#"../common.rs" 11 4 11 36] (self : borrowed i) predicate completed'0 [#"../07_fuse.rs" 16 4 16 35] (self : borrowed (Fuse'0.t_fuse i)) = - [%#span39] (C07Fuse_Fuse_Type.fuse_iter ( * self) = Option'0.C_None - \/ (exists it : borrowed i . inv'3 it + [%#span28] (C07Fuse_Fuse_Type.fuse_iter ( * self) = Option'0.C_None + \/ (exists it : borrowed i . inv'2 it /\ completed'1 it /\ C07Fuse_Fuse_Type.fuse_iter ( * self) = Option'0.C_Some ( * it))) /\ C07Fuse_Fuse_Type.fuse_iter ( ^ self) = Option'0.C_None @@ -927,11 +757,10 @@ module C07Fuse_Impl1_IsFused_Impl function is_fused [#"../07_fuse.rs" 81 4 81 62] (self : borrowed (Fuse'0.t_fuse i)) (steps : Seq'0.t_seq item'0) (next : Fuse'0.t_fuse i) : () - goal vc_is_fused : ([%#s07_fuse4] inv'2 next) - -> ([%#s07_fuse3] inv'1 steps) + goal vc_is_fused : ([%#s07_fuse3] inv'1 next) -> ([%#s07_fuse2] inv'0 self) -> ([%#s07_fuse1] produces'0 ( ^ self) steps next) - -> ([%#s07_fuse0] completed'0 self) -> ([%#s07_fuse5] steps = (empty'0 : Seq'0.t_seq item'0) /\ ^ self = next) + -> ([%#s07_fuse0] completed'0 self) -> ([%#s07_fuse4] steps = (empty'0 : Seq'0.t_seq item'0) /\ ^ self = next) end module C07Fuse_Impl0 type i @@ -942,73 +771,53 @@ module C07Fuse_Impl0 let%span s07_fuse2 = "../07_fuse.rs" 55 4 55 26 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span7 = "../07_fuse.rs" 18 12 19 32 - let%span span10 = "../07_fuse.rs" 18 12 19 32 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span16 = "../07_fuse.rs" 26 8 32 9 + let%span span10 = "../07_fuse.rs" 26 8 32 9 type item'0 - predicate invariant'5 (self : item'0) + predicate invariant'4 (self : item'0) - predicate inv'5 (_x : item'0) + predicate inv'4 (_x : item'0) - axiom inv'5 : forall x : item'0 . inv'5 x = true + axiom inv'4 : forall x : item'0 . inv'4 x = true use prelude.prelude.Borrow - predicate invariant'4 (self : borrowed i) + predicate invariant'3 (self : borrowed i) - predicate inv'4 (_x : borrowed i) + predicate inv'3 (_x : borrowed i) - axiom inv'4 : forall x : borrowed i . inv'4 x = true + axiom inv'3 : forall x : borrowed i . inv'3 x = true use Core_Option_Option_Type as Option'0 - predicate invariant'3 (self : Option'0.t_option item'0) + predicate invariant'2 (self : Option'0.t_option item'0) - predicate inv'3 (_x : Option'0.t_option item'0) + predicate inv'2 (_x : Option'0.t_option item'0) - axiom inv'3 : forall x : Option'0.t_option item'0 . inv'3 x = true + axiom inv'2 : forall x : Option'0.t_option item'0 . inv'2 x = true use C07Fuse_Fuse_Type as Fuse'0 - predicate invariant'2 (self : borrowed (Fuse'0.t_fuse i)) - - predicate inv'2 (_x : borrowed (Fuse'0.t_fuse i)) - - axiom inv'2 : forall x : borrowed (Fuse'0.t_fuse i) . inv'2 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'1 (self : Seq'0.t_seq item'0) + predicate invariant'1 (self : borrowed (Fuse'0.t_fuse i)) - predicate inv'1 (_x : Seq'0.t_seq item'0) + predicate inv'1 (_x : borrowed (Fuse'0.t_fuse i)) - axiom inv'1 : forall x : Seq'0.t_seq item'0 . inv'1 x = true + axiom inv'1 : forall x : borrowed (Fuse'0.t_fuse i) . inv'1 x = true predicate invariant'0 (self : Fuse'0.t_fuse i) @@ -1016,60 +825,50 @@ module C07Fuse_Impl0 axiom inv'0 : forall x : Fuse'0.t_fuse i . inv'0 x = true - constant empty'0 : Seq'0.t_seq item'0 = [%#span3] () - - constant empty'0 : Seq'0.t_seq item'0 = [%#span3] () - - use prelude.prelude.Int - - use seq.Seq + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - use seq.Seq + constant empty'0 : Seq'0.t_seq item'0 - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + constant empty'0 : Seq'0.t_seq item'0 - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 + use prelude.prelude.Int - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span4] inv'1 self) -> ([%#span5] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span3] len'0 self >= 0 function singleton'0 (v : item'0) : Seq'0.t_seq item'0 - axiom singleton'0_spec : forall v : item'0 . ([%#span6] inv'5 v) - -> ([%#span9] inv'1 (singleton'0 v)) - && ([%#span8] index_logic'0 (singleton'0 v) 0 = v) && ([%#span7] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : item'0 . ([%#span4] inv'4 v) + -> ([%#span6] index_logic'0 (singleton'0 v) 0 = v) && ([%#span5] len'0 (singleton'0 v) = 1) predicate completed'1 [#"../common.rs" 11 4 11 36] (self : borrowed i) use C07Fuse_Fuse_Type as C07Fuse_Fuse_Type predicate completed'0 [#"../07_fuse.rs" 16 4 16 35] (self : borrowed (Fuse'0.t_fuse i)) = - [%#span10] (C07Fuse_Fuse_Type.fuse_iter ( * self) = Option'0.C_None - \/ (exists it : borrowed i . inv'4 it + [%#span7] (C07Fuse_Fuse_Type.fuse_iter ( * self) = Option'0.C_None + \/ (exists it : borrowed i . inv'3 it /\ completed'1 it /\ C07Fuse_Fuse_Type.fuse_iter ( * self) = Option'0.C_Some ( * it))) /\ C07Fuse_Fuse_Type.fuse_iter ( ^ self) = Option'0.C_None - use seq.Seq - function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span11] inv'1 self) - -> ([%#span12] inv'1 other) - -> ([%#span15] inv'1 (concat'0 self other)) - && ([%#span14] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span9] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span13] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span8] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) predicate produces'0 [#"../07_fuse.rs" 25 4 25 65] (self : Fuse'0.t_fuse i) (prod : Seq'0.t_seq item'0) (other : Fuse'0.t_fuse i) = - [%#span16] match C07Fuse_Fuse_Type.fuse_iter self with + [%#span10] match C07Fuse_Fuse_Type.fuse_iter self with | Option'0.C_None -> prod = (empty'0 : Seq'0.t_seq item'0) /\ C07Fuse_Fuse_Type.fuse_iter other = C07Fuse_Fuse_Type.fuse_iter self | Option'0.C_Some i -> match C07Fuse_Fuse_Type.fuse_iter other with @@ -1079,23 +878,21 @@ module C07Fuse_Impl0 end goal produces_trans_refn : [%#s07_fuse0] forall a : Fuse'0.t_fuse i . forall ab : Seq'0.t_seq item'0 . forall b : Fuse'0.t_fuse i . forall bc : Seq'0.t_seq item'0 . forall c : Fuse'0.t_fuse i . inv'0 c - /\ inv'1 bc /\ inv'0 b /\ inv'1 ab /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b + /\ inv'0 b /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b -> inv'0 c - /\ inv'1 bc /\ inv'0 b - /\ inv'1 ab /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (concat'0 ab bc) c -> produces'0 a (concat'0 ab bc) c) - goal next_refn : [%#s07_fuse1] forall self : borrowed (Fuse'0.t_fuse i) . inv'2 self - -> inv'2 self - /\ (forall result : Option'0.t_option item'0 . inv'3 result + goal next_refn : [%#s07_fuse1] forall self : borrowed (Fuse'0.t_fuse i) . inv'1 self + -> inv'1 self + /\ (forall result : Option'0.t_option item'0 . inv'2 result /\ match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end - -> inv'3 result + -> inv'2 result /\ match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) @@ -1111,37 +908,25 @@ module C07Fuse_Impl1 let%span s07_fuse0 = "../07_fuse.rs" 81 4 81 62 - let%span span1 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span1 = "../07_fuse.rs" 18 12 19 32 - let%span span2 = "../07_fuse.rs" 18 12 19 32 - - let%span span3 = "../07_fuse.rs" 26 8 32 9 + let%span span2 = "../07_fuse.rs" 26 8 32 9 use prelude.prelude.Borrow - predicate invariant'3 (self : borrowed i) + predicate invariant'2 (self : borrowed i) - predicate inv'3 (_x : borrowed i) + predicate inv'2 (_x : borrowed i) - axiom inv'3 : forall x : borrowed i . inv'3 x = true + axiom inv'2 : forall x : borrowed i . inv'2 x = true use C07Fuse_Fuse_Type as Fuse'0 - predicate invariant'2 (self : borrowed (Fuse'0.t_fuse i)) - - predicate inv'2 (_x : borrowed (Fuse'0.t_fuse i)) + predicate invariant'1 (self : borrowed (Fuse'0.t_fuse i)) - axiom inv'2 : forall x : borrowed (Fuse'0.t_fuse i) . inv'2 x = true + predicate inv'1 (_x : borrowed (Fuse'0.t_fuse i)) - type item'0 - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'1 (self : Seq'0.t_seq item'0) - - predicate inv'1 (_x : Seq'0.t_seq item'0) - - axiom inv'1 : forall x : Seq'0.t_seq item'0 . inv'1 x = true + axiom inv'1 : forall x : borrowed (Fuse'0.t_fuse i) . inv'1 x = true predicate invariant'0 (self : Fuse'0.t_fuse i) @@ -1149,9 +934,13 @@ module C07Fuse_Impl1 axiom inv'0 : forall x : Fuse'0.t_fuse i . inv'0 x = true - constant empty'0 : Seq'0.t_seq item'0 = [%#span1] () + type item'0 - constant empty'0 : Seq'0.t_seq item'0 = [%#span1] () + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + + constant empty'0 : Seq'0.t_seq item'0 + + constant empty'0 : Seq'0.t_seq item'0 predicate completed'1 [#"../common.rs" 11 4 11 36] (self : borrowed i) @@ -1160,8 +949,8 @@ module C07Fuse_Impl1 use C07Fuse_Fuse_Type as C07Fuse_Fuse_Type predicate completed'0 [#"../07_fuse.rs" 16 4 16 35] (self : borrowed (Fuse'0.t_fuse i)) = - [%#span2] (C07Fuse_Fuse_Type.fuse_iter ( * self) = Option'0.C_None - \/ (exists it : borrowed i . inv'3 it + [%#span1] (C07Fuse_Fuse_Type.fuse_iter ( * self) = Option'0.C_None + \/ (exists it : borrowed i . inv'2 it /\ completed'1 it /\ C07Fuse_Fuse_Type.fuse_iter ( * self) = Option'0.C_Some ( * it))) /\ C07Fuse_Fuse_Type.fuse_iter ( ^ self) = Option'0.C_None @@ -1170,7 +959,7 @@ module C07Fuse_Impl1 predicate produces'0 [#"../07_fuse.rs" 25 4 25 65] (self : Fuse'0.t_fuse i) (prod : Seq'0.t_seq item'0) (other : Fuse'0.t_fuse i) = - [%#span3] match C07Fuse_Fuse_Type.fuse_iter self with + [%#span2] match C07Fuse_Fuse_Type.fuse_iter self with | Option'0.C_None -> prod = (empty'0 : Seq'0.t_seq item'0) /\ C07Fuse_Fuse_Type.fuse_iter other = C07Fuse_Fuse_Type.fuse_iter self | Option'0.C_Some i -> match C07Fuse_Fuse_Type.fuse_iter other with @@ -1180,10 +969,9 @@ module C07Fuse_Impl1 end goal is_fused_refn : [%#s07_fuse0] forall self : borrowed (Fuse'0.t_fuse i) . forall steps : Seq'0.t_seq item'0 . forall next : Fuse'0.t_fuse i . inv'0 next - /\ inv'1 steps /\ inv'2 self /\ produces'0 ( ^ self) steps next /\ completed'0 self + /\ inv'1 self /\ produces'0 ( ^ self) steps next /\ completed'0 self -> inv'0 next - /\ inv'1 steps - /\ inv'2 self + /\ inv'1 self /\ produces'0 ( ^ self) steps next /\ completed'0 self /\ (forall result : () . steps = (empty'0 : Seq'0.t_seq item'0) /\ ^ self = next diff --git a/creusot/tests/should_succeed/iterators/08_collect_extend.coma b/creusot/tests/should_succeed/iterators/08_collect_extend.coma index c7e1eafab9..1e79d64a3c 100644 --- a/creusot/tests/should_succeed/iterators/08_collect_extend.coma +++ b/creusot/tests/should_succeed/iterators/08_collect_extend.coma @@ -3,22 +3,7 @@ module CreusotContracts_Snapshot_Snapshot_Type type t_snapshot 't end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module Core_Option_Option_Type type t_option 't = @@ -162,105 +147,81 @@ module C08CollectExtend_Extend let%span span9 = "" 0 0 0 0 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span12 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span12 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span13 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span13 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span14 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span15 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span16 = "../../../../../creusot-contracts/src/std/iter.rs" 38 15 38 32 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span17 = "../../../../../creusot-contracts/src/std/iter.rs" 39 15 39 32 - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span18 = "../../../../../creusot-contracts/src/std/iter.rs" 41 22 41 23 - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span19 = "../../../../../creusot-contracts/src/std/iter.rs" 41 52 41 53 - let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span20 = "../../../../../creusot-contracts/src/std/iter.rs" 41 82 41 83 - let%span span21 = "../../../../../creusot-contracts/src/std/iter.rs" 38 15 38 32 + let%span span21 = "../../../../../creusot-contracts/src/std/iter.rs" 40 14 40 42 - let%span span22 = "../../../../../creusot-contracts/src/std/iter.rs" 39 15 39 32 + let%span span22 = "../../../../../creusot-contracts/src/std/iter.rs" 35 21 35 25 - let%span span23 = "../../../../../creusot-contracts/src/std/iter.rs" 41 22 41 23 + let%span span23 = "../../../../../creusot-contracts/src/std/iter.rs" 34 14 34 45 - let%span span24 = "../../../../../creusot-contracts/src/std/iter.rs" 41 31 41 33 + let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span25 = "../../../../../creusot-contracts/src/std/iter.rs" 41 52 41 53 + let%span span25 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span26 = "../../../../../creusot-contracts/src/std/iter.rs" 41 61 41 63 + let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span27 = "../../../../../creusot-contracts/src/std/iter.rs" 41 82 41 83 + let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span28 = "../../../../../creusot-contracts/src/std/iter.rs" 40 14 40 42 + let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span30 = "../../../../../creusot-contracts/src/std/iter.rs" 35 21 35 25 + let%span span30 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span31 = "../../../../../creusot-contracts/src/std/iter.rs" 34 14 34 45 + let%span span31 = "" 0 0 0 0 - let%span span32 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span32 = "" 0 0 0 0 - let%span span33 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span33 = "../../../../../creusot-contracts/src/std/vec.rs" 82 26 82 51 - let%span span34 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span34 = "" 0 0 0 0 - let%span span35 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span35 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - let%span span36 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span36 = "" 0 0 0 0 - let%span span37 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span37 = "../../../../../creusot-contracts/src/logic/seq2.rs" 87 4 87 38 - let%span span38 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span38 = "../../../../../creusot-contracts/src/logic/seq2.rs" 88 4 89 81 - let%span span39 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span39 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span40 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span40 = "../../../../../creusot-contracts/src/snapshot.rs" 27 20 27 48 - let%span span41 = "" 0 0 0 0 + let%span span41 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span42 = "" 0 0 0 0 + let%span span42 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span43 = "../../../../../creusot-contracts/src/std/vec.rs" 82 26 82 51 + let%span span43 = "../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - let%span span44 = "" 0 0 0 0 + let%span span44 = "../../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - let%span span45 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 + let%span span45 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 let%span span46 = "" 0 0 0 0 - let%span span47 = "../../../../../creusot-contracts/src/logic/seq2.rs" 91 18 91 22 - - let%span span48 = "../../../../../creusot-contracts/src/logic/seq2.rs" 91 24 91 27 - - let%span span49 = "../../../../../creusot-contracts/src/logic/seq2.rs" 88 4 88 38 - - let%span span50 = "../../../../../creusot-contracts/src/logic/seq2.rs" 89 4 90 81 - - let%span span51 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - - let%span span52 = "../../../../../creusot-contracts/src/snapshot.rs" 27 20 27 48 - - let%span span53 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - - let%span span54 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - - let%span span55 = "../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - - let%span span56 = "../../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - - let%span span57 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - - let%span span58 = "" 0 0 0 0 - - let%span span59 = "" 0 0 0 0 + let%span span47 = "" 0 0 0 0 predicate invariant'6 (self : t) @@ -296,24 +257,19 @@ module C08CollectExtend_Extend constant max'0 : usize = [%#span9] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span10] inv'5 self) -> ([%#span11] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span10] len'0 self >= 0 predicate inv'3 (_x : Vec'0.t_vec t (Global'0.t_global)) function shallow_model'2 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq t - axiom shallow_model'2_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span12] inv'3 self) - -> ([%#span14] inv'5 (shallow_model'2 self)) - && ([%#span13] len'0 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'2_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span11] inv'3 self) + -> ([%#span12] len'0 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'3 (self : Vec'0.t_vec t (Global'0.t_global)) = - [%#span15] inv'5 (shallow_model'2 self) + [%#span13] inv'5 (shallow_model'2 self) axiom inv'3 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'3 x = true @@ -331,21 +287,15 @@ module C08CollectExtend_Extend axiom inv'1 : forall x : borrowed i . inv'1 x = true - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'0 (self : Seq'0.t_seq t) (_2 : int) : t function concat'0 (self : Seq'0.t_seq t) (other : Seq'0.t_seq t) : Seq'0.t_seq t - axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span16] inv'5 self) - -> ([%#span17] inv'5 other) - -> ([%#span20] inv'5 (concat'0 self other)) - && ([%#span19] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span15] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span18] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span14] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate inv'0 (_x : i) @@ -353,28 +303,25 @@ module C08CollectExtend_Extend function produces_trans'0 (a : i) (ab : Seq'0.t_seq t) (b : i) (bc : Seq'0.t_seq t) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq t, b : i, bc : Seq'0.t_seq t, c : i . ([%#span21] produces'0 a ab b) - -> ([%#span22] produces'0 b bc c) - -> ([%#span23] inv'0 a) - -> ([%#span24] inv'5 ab) - -> ([%#span25] inv'0 b) - -> ([%#span26] inv'5 bc) -> ([%#span27] inv'0 c) -> ([%#span28] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq t, b : i, bc : Seq'0.t_seq t, c : i . ([%#span16] produces'0 a ab b) + -> ([%#span17] produces'0 b bc c) + -> ([%#span18] inv'0 a) + -> ([%#span19] inv'0 b) -> ([%#span20] inv'0 c) -> ([%#span21] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq t = [%#span29] () + constant empty'0 : Seq'0.t_seq t function produces_refl'0 (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span30] inv'0 self) - -> ([%#span31] produces'0 self (empty'0 : Seq'0.t_seq t) self) + axiom produces_refl'0_spec : forall self : i . ([%#span22] inv'0 self) + -> ([%#span23] produces'0 self (empty'0 : Seq'0.t_seq t) self) predicate invariant'0 (self : i) axiom inv'0 : forall x : i . inv'0 x = true - function empty_len'0 (_1 : ()) : () = - [%#span33] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span32] len'0 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span24] len'0 (empty'0 : Seq'0.t_seq t) = 0 predicate completed'0 (self : borrowed i) @@ -383,67 +330,60 @@ module C08CollectExtend_Extend use prelude.prelude.Intrinsic predicate resolve'6 (self : borrowed (Vec'0.t_vec t (Global'0.t_global))) = - [%#span34] ^ self = * self + [%#span25] ^ self = * self predicate resolve'5 (self : i) - use seq.Seq - function singleton'0 (v : t) : Seq'0.t_seq t - axiom singleton'0_spec : forall v : t . ([%#span35] inv'6 v) - -> ([%#span38] inv'5 (singleton'0 v)) - && ([%#span37] index_logic'0 (singleton'0 v) 0 = v) && ([%#span36] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : t . ([%#span26] inv'6 v) + -> ([%#span28] index_logic'0 (singleton'0 v) 0 = v) && ([%#span27] len'0 (singleton'0 v) = 1) function push'1 [@inline:trivial] (self : Seq'0.t_seq t) (v : t) : Seq'0.t_seq t = - [%#span39] concat'0 self (singleton'0 v) + [%#span29] concat'0 self (singleton'0 v) function shallow_model'0 (self : borrowed (Vec'0.t_vec t (Global'0.t_global))) : Seq'0.t_seq t = - [%#span40] shallow_model'2 ( * self) + [%#span30] shallow_model'2 ( * self) - let rec push'0 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (value:t) (return' (ret:()))= {[@expl:precondition] [%#span42] inv'6 value} - {[@expl:precondition] [%#span41] inv'4 self} + let rec push'0 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (value:t) (return' (ret:()))= {[@expl:precondition] [%#span32] inv'6 value} + {[@expl:precondition] [%#span31] inv'4 self} any - [ return' (result:())-> {[%#span43] shallow_model'2 ( ^ self) = push'1 (shallow_model'0 self) value} + [ return' (result:())-> {[%#span33] shallow_model'2 ( ^ self) = push'1 (shallow_model'0 self) value} (! return' {result}) ] predicate resolve'4 (self : Option'0.t_option t) predicate resolve'3 (self : borrowed i) = - [%#span34] ^ self = * self + [%#span25] ^ self = * self - let rec next'0 (self:borrowed i) (return' (ret:Option'0.t_option t))= {[@expl:precondition] [%#span44] inv'1 self} + let rec next'0 (self:borrowed i) (return' (ret:Option'0.t_option t))= {[@expl:precondition] [%#span34] inv'1 self} any - [ return' (result:Option'0.t_option t)-> {[%#span46] inv'2 result} - {[%#span45] match result with + [ return' (result:Option'0.t_option t)-> {[%#span36] inv'2 result} + {[%#span35] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} (! return' {result}) ] - use seq.Seq - predicate ext_eq'0 (self : Seq'0.t_seq t) (oth : Seq'0.t_seq t) - axiom ext_eq'0_spec : forall self : Seq'0.t_seq t, oth : Seq'0.t_seq t . ([%#span47] inv'5 self) - -> ([%#span48] inv'5 oth) - -> ([%#span50] len'0 self = len'0 oth + axiom ext_eq'0_spec : forall self : Seq'0.t_seq t, oth : Seq'0.t_seq t . ([%#span38] len'0 self = len'0 oth /\ (forall i : int . 0 <= i /\ i < len'0 self -> index_logic'0 self i = index_logic'0 oth i) -> ext_eq'0 self oth) - && ([%#span49] ext_eq'0 self oth -> self = oth) + && ([%#span37] ext_eq'0 self oth -> self = oth) function deref'1 (self : Snapshot'0.t_snapshot (Seq'0.t_seq t)) : Seq'0.t_seq t function shallow_model'3 (self : borrowed (Vec'0.t_vec t (Global'0.t_global))) : Seq'0.t_seq t = - [%#span51] shallow_model'0 self + [%#span39] shallow_model'0 self function deref'0 (self : Snapshot'0.t_snapshot (borrowed (Vec'0.t_vec t (Global'0.t_global)))) : borrowed (Vec'0.t_vec t (Global'0.t_global)) function shallow_model'1 (self : Snapshot'0.t_snapshot (borrowed (Vec'0.t_vec t (Global'0.t_global)))) : Seq'0.t_seq t = - [%#span52] shallow_model'3 (deref'0 self) + [%#span40] shallow_model'3 (deref'0 self) function inner'1 (self : Snapshot'0.t_snapshot (Seq'0.t_seq t)) : Seq'0.t_seq t @@ -455,24 +395,24 @@ module C08CollectExtend_Extend function new'2 (x : Seq'0.t_seq t) : Snapshot'0.t_snapshot (Seq'0.t_seq t) - axiom new'2_spec : forall x : Seq'0.t_seq t . ([%#span53] inv'5 x) -> ([%#span54] deref'1 (new'2 x) = x) + axiom new'2_spec : forall x : Seq'0.t_seq t . ([%#span41] inv'5 x) -> ([%#span42] deref'1 (new'2 x) = x) predicate resolve'1 (self : Snapshot'0.t_snapshot i) function new'1 (x : i) : Snapshot'0.t_snapshot i - axiom new'1_spec : forall x : i . ([%#span53] inv'0 x) -> ([%#span54] deref'2 (new'1 x) = x) + axiom new'1_spec : forall x : i . ([%#span41] inv'0 x) -> ([%#span42] deref'2 (new'1 x) = x) predicate into_iter_post'0 (self : i) (res : i) = - [%#span55] self = res + [%#span43] self = res predicate into_iter_pre'0 (self : i) = - [%#span56] true + [%#span44] true - let rec into_iter'0 (self:i) (return' (ret:i))= {[@expl:precondition] [%#span58] inv'0 self} - {[@expl:precondition] [%#span57] into_iter_pre'0 self} + let rec into_iter'0 (self:i) (return' (ret:i))= {[@expl:precondition] [%#span46] inv'0 self} + {[@expl:precondition] [%#span45] into_iter_pre'0 self} any - [ return' (result:i)-> {[%#span59] inv'0 result} {[%#span57] into_iter_post'0 self result} (! return' {result}) ] + [ return' (result:i)-> {[%#span47] inv'0 result} {[%#span45] into_iter_post'0 self result} (! return' {result}) ] predicate resolve'0 (self : Snapshot'0.t_snapshot (borrowed (Vec'0.t_vec t (Global'0.t_global)))) @@ -480,8 +420,8 @@ module C08CollectExtend_Extend function new'0 (x : borrowed (Vec'0.t_vec t (Global'0.t_global))) : Snapshot'0.t_snapshot (borrowed (Vec'0.t_vec t (Global'0.t_global))) - axiom new'0_spec : forall x : borrowed (Vec'0.t_vec t (Global'0.t_global)) . ([%#span53] inv'4 x) - -> ([%#span54] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : borrowed (Vec'0.t_vec t (Global'0.t_global)) . ([%#span41] inv'4 x) + -> ([%#span42] deref'0 (new'0 x) = x) let rec extend (vec:borrowed (Vec'0.t_vec t (Global'0.t_global))) (iter:i) (return' (ret:()))= {[%#s08_collect_extend7] inv'0 iter} {[%#s08_collect_extend6] inv'4 vec} @@ -597,8 +537,7 @@ module C08CollectExtend_Extend | & _26 : borrowed (Vec'0.t_vec t (Global'0.t_global)) = any_l () | & old_8_0 : Snapshot'0.t_snapshot (borrowed (Vec'0.t_vec t (Global'0.t_global))) = any_l () ] - [ return' (result:())-> {[@expl:postcondition] [%#s08_collect_extend8] exists prod : Seq'0.t_seq t . exists done' : borrowed i . inv'5 prod - /\ inv'1 done' + [ return' (result:())-> {[@expl:postcondition] [%#s08_collect_extend8] exists prod : Seq'0.t_seq t . exists done' : borrowed i . inv'1 done' /\ completed'0 done' /\ produces'0 iter prod ( * done') /\ shallow_model'2 ( ^ vec) = concat'0 (shallow_model'0 vec) prod} (! return' {result}) ] @@ -625,109 +564,85 @@ module C08CollectExtend_Collect let%span span8 = "" 0 0 0 0 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span12 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span12 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span13 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span14 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span15 = "../../../../../creusot-contracts/src/std/iter.rs" 38 15 38 32 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span16 = "../../../../../creusot-contracts/src/std/iter.rs" 39 15 39 32 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span17 = "../../../../../creusot-contracts/src/std/iter.rs" 41 22 41 23 - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span18 = "../../../../../creusot-contracts/src/std/iter.rs" 41 52 41 53 - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span19 = "../../../../../creusot-contracts/src/std/iter.rs" 41 82 41 83 - let%span span20 = "../../../../../creusot-contracts/src/std/iter.rs" 38 15 38 32 + let%span span20 = "../../../../../creusot-contracts/src/std/iter.rs" 40 14 40 42 - let%span span21 = "../../../../../creusot-contracts/src/std/iter.rs" 39 15 39 32 + let%span span21 = "../../../../../creusot-contracts/src/std/iter.rs" 35 21 35 25 - let%span span22 = "../../../../../creusot-contracts/src/std/iter.rs" 41 22 41 23 + let%span span22 = "../../../../../creusot-contracts/src/std/iter.rs" 34 14 34 45 - let%span span23 = "../../../../../creusot-contracts/src/std/iter.rs" 41 31 41 33 + let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span24 = "../../../../../creusot-contracts/src/std/iter.rs" 41 52 41 53 + let%span span24 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span25 = "../../../../../creusot-contracts/src/std/iter.rs" 41 61 41 63 + let%span span25 = "../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 - let%span span26 = "../../../../../creusot-contracts/src/std/iter.rs" 41 82 41 83 + let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span27 = "../../../../../creusot-contracts/src/std/iter.rs" 40 14 40 42 + let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span29 = "../../../../../creusot-contracts/src/std/iter.rs" 35 21 35 25 + let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span30 = "../../../../../creusot-contracts/src/std/iter.rs" 34 14 34 45 + let%span span30 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span31 = "" 0 0 0 0 - let%span span32 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span32 = "" 0 0 0 0 - let%span span33 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span33 = "../../../../../creusot-contracts/src/std/vec.rs" 82 26 82 51 - let%span span34 = "../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 + let%span span34 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span35 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span35 = "" 0 0 0 0 - let%span span36 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span36 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - let%span span37 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span37 = "" 0 0 0 0 - let%span span38 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span38 = "../../../../../creusot-contracts/src/logic/seq2.rs" 87 4 87 38 - let%span span39 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span39 = "../../../../../creusot-contracts/src/logic/seq2.rs" 88 4 89 81 - let%span span40 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span40 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span41 = "" 0 0 0 0 + let%span span41 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span42 = "" 0 0 0 0 + let%span span42 = "../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - let%span span43 = "../../../../../creusot-contracts/src/std/vec.rs" 82 26 82 51 + let%span span43 = "../../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - let%span span44 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span44 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 let%span span45 = "" 0 0 0 0 - let%span span46 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - - let%span span47 = "" 0 0 0 0 - - let%span span48 = "../../../../../creusot-contracts/src/logic/seq2.rs" 91 18 91 22 - - let%span span49 = "../../../../../creusot-contracts/src/logic/seq2.rs" 91 24 91 27 - - let%span span50 = "../../../../../creusot-contracts/src/logic/seq2.rs" 88 4 88 38 - - let%span span51 = "../../../../../creusot-contracts/src/logic/seq2.rs" 89 4 90 81 - - let%span span52 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - - let%span span53 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - - let%span span54 = "../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - - let%span span55 = "../../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - - let%span span56 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - - let%span span57 = "" 0 0 0 0 - - let%span span58 = "" 0 0 0 0 + let%span span46 = "" 0 0 0 0 - let%span span59 = "../../../../../creusot-contracts/src/std/vec.rs" 69 26 69 44 + let%span span47 = "../../../../../creusot-contracts/src/std/vec.rs" 69 26 69 44 - let%span span60 = "" 0 0 0 0 + let%span span48 = "" 0 0 0 0 use Alloc_Alloc_Global_Type as Global'0 @@ -765,24 +680,19 @@ module C08CollectExtend_Collect constant max'0 : usize = [%#span8] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span9] inv'4 self) -> ([%#span10] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span9] len'0 self >= 0 predicate inv'3 (_x : Vec'0.t_vec item'0 (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec item'0 (Global'0.t_global)) : Seq'0.t_seq item'0 - axiom shallow_model'0_spec : forall self : Vec'0.t_vec item'0 (Global'0.t_global) . ([%#span11] inv'3 self) - -> ([%#span13] inv'4 (shallow_model'0 self)) - && ([%#span12] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec item'0 (Global'0.t_global) . ([%#span10] inv'3 self) + -> ([%#span11] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'3 (self : Vec'0.t_vec item'0 (Global'0.t_global)) = - [%#span14] inv'4 (shallow_model'0 self) + [%#span12] inv'4 (shallow_model'0 self) axiom inv'3 : forall x : Vec'0.t_vec item'0 (Global'0.t_global) . inv'3 x = true @@ -800,21 +710,16 @@ module C08CollectExtend_Collect axiom inv'1 : forall x : borrowed i . inv'1 x = true - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span15] inv'4 self) - -> ([%#span16] inv'4 other) - -> ([%#span19] inv'4 (concat'0 self other)) - && ([%#span18] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span14] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span17] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span13] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate inv'0 (_x : i) @@ -822,28 +727,25 @@ module C08CollectExtend_Collect function produces_trans'0 (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span20] produces'0 a ab b) - -> ([%#span21] produces'0 b bc c) - -> ([%#span22] inv'0 a) - -> ([%#span23] inv'4 ab) - -> ([%#span24] inv'0 b) - -> ([%#span25] inv'4 bc) -> ([%#span26] inv'0 c) -> ([%#span27] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span15] produces'0 a ab b) + -> ([%#span16] produces'0 b bc c) + -> ([%#span17] inv'0 a) + -> ([%#span18] inv'0 b) -> ([%#span19] inv'0 c) -> ([%#span20] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq item'0 = [%#span28] () + constant empty'0 : Seq'0.t_seq item'0 function produces_refl'0 (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span29] inv'0 self) - -> ([%#span30] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : i . ([%#span21] inv'0 self) + -> ([%#span22] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) predicate invariant'0 (self : i) axiom inv'0 : forall x : i . inv'0 x = true - function empty_len'0 (_1 : ()) : () = - [%#span32] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span31] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span23] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 predicate completed'0 (self : borrowed i) @@ -854,58 +756,51 @@ module C08CollectExtend_Collect predicate resolve'6 (self : item'0) function index_logic'1 [@inline:trivial] (self : Vec'0.t_vec item'0 (Global'0.t_global)) (ix : int) : item'0 = - [%#span33] index_logic'0 (shallow_model'0 self) ix + [%#span24] index_logic'0 (shallow_model'0 self) ix predicate resolve'5 (self : Vec'0.t_vec item'0 (Global'0.t_global)) = - [%#span34] forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 self) -> resolve'6 (index_logic'1 self i) + [%#span25] forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 self) -> resolve'6 (index_logic'1 self i) predicate resolve'4 (self : i) - use seq.Seq - function singleton'0 (v : item'0) : Seq'0.t_seq item'0 - axiom singleton'0_spec : forall v : item'0 . ([%#span35] inv'5 v) - -> ([%#span38] inv'4 (singleton'0 v)) - && ([%#span37] index_logic'0 (singleton'0 v) 0 = v) && ([%#span36] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : item'0 . ([%#span26] inv'5 v) + -> ([%#span28] index_logic'0 (singleton'0 v) 0 = v) && ([%#span27] len'0 (singleton'0 v) = 1) function push'1 [@inline:trivial] (self : Seq'0.t_seq item'0) (v : item'0) : Seq'0.t_seq item'0 = - [%#span39] concat'0 self (singleton'0 v) + [%#span29] concat'0 self (singleton'0 v) function shallow_model'1 (self : borrowed (Vec'0.t_vec item'0 (Global'0.t_global))) : Seq'0.t_seq item'0 = - [%#span40] shallow_model'0 ( * self) + [%#span30] shallow_model'0 ( * self) - let rec push'0 (self:borrowed (Vec'0.t_vec item'0 (Global'0.t_global))) (value:item'0) (return' (ret:()))= {[@expl:precondition] [%#span42] inv'5 value} - {[@expl:precondition] [%#span41] inv'6 self} + let rec push'0 (self:borrowed (Vec'0.t_vec item'0 (Global'0.t_global))) (value:item'0) (return' (ret:()))= {[@expl:precondition] [%#span32] inv'5 value} + {[@expl:precondition] [%#span31] inv'6 self} any - [ return' (result:())-> {[%#span43] shallow_model'0 ( ^ self) = push'1 (shallow_model'1 self) value} + [ return' (result:())-> {[%#span33] shallow_model'0 ( ^ self) = push'1 (shallow_model'1 self) value} (! return' {result}) ] predicate resolve'3 (self : Option'0.t_option item'0) predicate resolve'2 (self : borrowed i) = - [%#span44] ^ self = * self + [%#span34] ^ self = * self - let rec next'0 (self:borrowed i) (return' (ret:Option'0.t_option item'0))= {[@expl:precondition] [%#span45] inv'1 self} + let rec next'0 (self:borrowed i) (return' (ret:Option'0.t_option item'0))= {[@expl:precondition] [%#span35] inv'1 self} any - [ return' (result:Option'0.t_option item'0)-> {[%#span47] inv'2 result} - {[%#span46] match result with + [ return' (result:Option'0.t_option item'0)-> {[%#span37] inv'2 result} + {[%#span36] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} (! return' {result}) ] - use seq.Seq - predicate ext_eq'0 (self : Seq'0.t_seq item'0) (oth : Seq'0.t_seq item'0) - axiom ext_eq'0_spec : forall self : Seq'0.t_seq item'0, oth : Seq'0.t_seq item'0 . ([%#span48] inv'4 self) - -> ([%#span49] inv'4 oth) - -> ([%#span51] len'0 self = len'0 oth + axiom ext_eq'0_spec : forall self : Seq'0.t_seq item'0, oth : Seq'0.t_seq item'0 . ([%#span39] len'0 self = len'0 oth /\ (forall i : int . 0 <= i /\ i < len'0 self -> index_logic'0 self i = index_logic'0 oth i) -> ext_eq'0 self oth) - && ([%#span50] ext_eq'0 self oth -> self = oth) + && ([%#span38] ext_eq'0 self oth -> self = oth) function deref'0 (self : Snapshot'0.t_snapshot (Seq'0.t_seq item'0)) : Seq'0.t_seq item'0 @@ -919,29 +814,29 @@ module C08CollectExtend_Collect function new'2 (x : Seq'0.t_seq item'0) : Snapshot'0.t_snapshot (Seq'0.t_seq item'0) - axiom new'2_spec : forall x : Seq'0.t_seq item'0 . ([%#span52] inv'4 x) -> ([%#span53] deref'0 (new'2 x) = x) + axiom new'2_spec : forall x : Seq'0.t_seq item'0 . ([%#span40] inv'4 x) -> ([%#span41] deref'0 (new'2 x) = x) predicate resolve'0 (self : Snapshot'0.t_snapshot i) function new'1 (x : i) : Snapshot'0.t_snapshot i - axiom new'1_spec : forall x : i . ([%#span52] inv'0 x) -> ([%#span53] deref'1 (new'1 x) = x) + axiom new'1_spec : forall x : i . ([%#span40] inv'0 x) -> ([%#span41] deref'1 (new'1 x) = x) predicate into_iter_post'0 (self : i) (res : i) = - [%#span54] self = res + [%#span42] self = res predicate into_iter_pre'0 (self : i) = - [%#span55] true + [%#span43] true - let rec into_iter'0 (self:i) (return' (ret:i))= {[@expl:precondition] [%#span57] inv'0 self} - {[@expl:precondition] [%#span56] into_iter_pre'0 self} + let rec into_iter'0 (self:i) (return' (ret:i))= {[@expl:precondition] [%#span45] inv'0 self} + {[@expl:precondition] [%#span44] into_iter_pre'0 self} any - [ return' (result:i)-> {[%#span58] inv'0 result} {[%#span56] into_iter_post'0 self result} (! return' {result}) ] + [ return' (result:i)-> {[%#span46] inv'0 result} {[%#span44] into_iter_post'0 self result} (! return' {result}) ] let rec new'0 (_1:()) (return' (ret:Vec'0.t_vec item'0 (Global'0.t_global)))= any - [ return' (result:Vec'0.t_vec item'0 (Global'0.t_global))-> {[%#span60] inv'3 result} - {[%#span59] len'0 (shallow_model'0 result) = 0} + [ return' (result:Vec'0.t_vec item'0 (Global'0.t_global))-> {[%#span48] inv'3 result} + {[%#span47] len'0 (shallow_model'0 result) = 0} (! return' {result}) ] @@ -1063,8 +958,8 @@ module C08CollectExtend_Collect | & _24 : borrowed (Vec'0.t_vec item'0 (Global'0.t_global)) = any_l () ] [ return' (result:Vec'0.t_vec item'0 (Global'0.t_global))-> {[@expl:postcondition] [%#s08_collect_extend7] inv'3 result} - {[@expl:postcondition] [%#s08_collect_extend6] exists prod : Seq'0.t_seq item'0 . exists done' : borrowed i . inv'4 prod - /\ inv'1 done' /\ completed'0 done' /\ produces'0 iter prod ( * done') /\ shallow_model'0 result = prod} + {[@expl:postcondition] [%#s08_collect_extend6] exists prod : Seq'0.t_seq item'0 . exists done' : borrowed i . inv'1 done' + /\ completed'0 done' /\ produces'0 iter prod ( * done') /\ shallow_model'0 result = prod} (! return' {result}) ] end @@ -1114,143 +1009,117 @@ module C08CollectExtend_ExtendIndex let%span s08_collect_extend2 = "../08_collect_extend.rs" 57 4 57 55 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span3 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 254 12 254 41 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 265 15 265 32 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span12 = "../../../../../creusot-contracts/src/std/vec.rs" 266 15 266 32 + let%span span7 = "../../../../../creusot-contracts/src/std/vec.rs" 254 12 254 41 - let%span span13 = "../../../../../creusot-contracts/src/std/vec.rs" 268 22 268 23 + let%span span8 = "../../../../../creusot-contracts/src/std/vec.rs" 265 15 265 32 - let%span span14 = "../../../../../creusot-contracts/src/std/vec.rs" 268 31 268 33 + let%span span9 = "../../../../../creusot-contracts/src/std/vec.rs" 266 15 266 32 - let%span span15 = "../../../../../creusot-contracts/src/std/vec.rs" 268 43 268 44 + let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 268 22 268 23 - let%span span16 = "../../../../../creusot-contracts/src/std/vec.rs" 268 52 268 54 + let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 268 43 268 44 - let%span span17 = "../../../../../creusot-contracts/src/std/vec.rs" 268 64 268 65 + let%span span12 = "../../../../../creusot-contracts/src/std/vec.rs" 268 64 268 65 - let%span span18 = "../../../../../creusot-contracts/src/std/vec.rs" 267 14 267 42 + let%span span13 = "../../../../../creusot-contracts/src/std/vec.rs" 267 14 267 42 - let%span span19 = "../../../../../creusot-contracts/src/std/vec.rs" 263 4 263 10 + let%span span14 = "../../../../../creusot-contracts/src/std/vec.rs" 263 4 263 10 - let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span15 = "../../../../../creusot-contracts/src/std/vec.rs" 261 21 261 25 - let%span span21 = "../../../../../creusot-contracts/src/std/vec.rs" 261 21 261 25 + let%span span16 = "../../../../../creusot-contracts/src/std/vec.rs" 260 14 260 45 - let%span span22 = "../../../../../creusot-contracts/src/std/vec.rs" 260 14 260 45 + let%span span17 = "../../../../../creusot-contracts/src/std/vec.rs" 258 4 258 10 - let%span span23 = "../../../../../creusot-contracts/src/std/vec.rs" 258 4 258 10 + let%span span18 = "" 0 0 0 0 - let%span span24 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 + let%span span19 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span25 = "" 0 0 0 0 + let%span span20 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span26 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span21 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span27 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span28 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 87 4 87 38 - let%span span29 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 88 4 89 81 - let%span span30 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span25 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span26 = "../../../../../creusot-contracts/src/snapshot.rs" 27 20 27 48 - let%span span32 = "../../../../../creusot-contracts/src/logic/seq2.rs" 91 18 91 22 + let%span span27 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 - let%span span33 = "../../../../../creusot-contracts/src/logic/seq2.rs" 91 24 91 27 + let%span span28 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span34 = "../../../../../creusot-contracts/src/logic/seq2.rs" 88 4 88 38 + let%span span29 = "../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 - let%span span35 = "../../../../../creusot-contracts/src/logic/seq2.rs" 89 4 90 81 + let%span span30 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span36 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span31 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span37 = "../../../../../creusot-contracts/src/snapshot.rs" 27 20 27 48 + let%span span32 = "../../../../../creusot-contracts/src/std/vec.rs" 247 20 247 57 - let%span span38 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 + let%span span33 = "../08_collect_extend.rs" 25 40 25 43 - let%span span39 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span34 = "../08_collect_extend.rs" 25 58 25 62 - let%span span40 = "../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 + let%span span35 = "../08_collect_extend.rs" 21 0 24 2 - let%span span41 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span36 = "../../../../../creusot-contracts/src/std/vec.rs" 191 20 191 33 - let%span span42 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span37 = "../../../../../creusot-contracts/src/std/vec.rs" 185 20 185 24 - let%span span43 = "../../../../../creusot-contracts/src/std/vec.rs" 247 20 247 57 + let%span span38 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - let%span span44 = "../08_collect_extend.rs" 25 40 25 43 + let%span span39 = "" 0 0 0 0 - let%span span45 = "../08_collect_extend.rs" 25 58 25 62 + let%span span40 = "" 0 0 0 0 - let%span span46 = "../08_collect_extend.rs" 21 0 24 2 + let%span span41 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span47 = "../../../../../creusot-contracts/src/std/vec.rs" 191 20 191 33 - - let%span span48 = "../../../../../creusot-contracts/src/std/vec.rs" 185 20 185 24 - - let%span span49 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - - let%span span50 = "" 0 0 0 0 - - let%span span51 = "" 0 0 0 0 - - let%span span52 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - - let%span span53 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span42 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 use prelude.prelude.UInt32 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - use Alloc_Alloc_Global_Type as Global'0 + predicate invariant'4 (self : Seq'0.t_seq uint32) = + [%#span3] true - use Alloc_Vec_IntoIter_IntoIter_Type as IntoIter'0 + predicate inv'4 (_x : Seq'0.t_seq uint32) - use seq.Seq + axiom inv'4 : forall x : Seq'0.t_seq uint32 . inv'4 x = true - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use Alloc_Alloc_Global_Type as Global'0 - use seq.Seq + use Alloc_Vec_IntoIter_IntoIter_Type as IntoIter'0 use prelude.prelude.Int - function index_logic'1 (self : Seq'0.t_seq uint32) (x : int) : uint32 - - use seq.Seq - - predicate inv'3 (_x : Seq'0.t_seq uint32) + function index_logic'1 (self : Seq'0.t_seq uint32) (_2 : int) : uint32 function len'0 (self : Seq'0.t_seq uint32) : int - axiom len'0_spec : forall self : Seq'0.t_seq uint32 . ([%#span3] inv'3 self) -> ([%#span4] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq uint32 . [%#span4] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq uint32) (other : Seq'0.t_seq uint32) : Seq'0.t_seq uint32 - axiom concat'0_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span5] inv'3 self) - -> ([%#span6] inv'3 other) - -> ([%#span9] inv'3 (concat'0 self other)) - && ([%#span8] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span6] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'0 self then index_logic'1 self i else index_logic'1 other (i - len'0 self))) - && ([%#span7] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span5] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate inv'1 (_x : IntoIter'0.t_intoiter uint32 (Global'0.t_global)) @@ -1259,53 +1128,46 @@ module C08CollectExtend_ExtendIndex predicate produces'0 (self : IntoIter'0.t_intoiter uint32 (Global'0.t_global)) (visited : Seq'0.t_seq uint32) (rhs : IntoIter'0.t_intoiter uint32 (Global'0.t_global)) = - [%#span10] shallow_model'4 self = concat'0 visited (shallow_model'4 rhs) + [%#span7] shallow_model'4 self = concat'0 visited (shallow_model'4 rhs) function produces_trans'0 (a : IntoIter'0.t_intoiter uint32 (Global'0.t_global)) (ab : Seq'0.t_seq uint32) (b : IntoIter'0.t_intoiter uint32 (Global'0.t_global)) (bc : Seq'0.t_seq uint32) (c : IntoIter'0.t_intoiter uint32 (Global'0.t_global)) : () = - [%#span19] () + [%#span14] () - axiom produces_trans'0_spec : forall a : IntoIter'0.t_intoiter uint32 (Global'0.t_global), ab : Seq'0.t_seq uint32, b : IntoIter'0.t_intoiter uint32 (Global'0.t_global), bc : Seq'0.t_seq uint32, c : IntoIter'0.t_intoiter uint32 (Global'0.t_global) . ([%#span11] produces'0 a ab b) - -> ([%#span12] produces'0 b bc c) - -> ([%#span13] inv'1 a) - -> ([%#span14] inv'3 ab) - -> ([%#span15] inv'1 b) - -> ([%#span16] inv'3 bc) -> ([%#span17] inv'1 c) -> ([%#span18] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : IntoIter'0.t_intoiter uint32 (Global'0.t_global), ab : Seq'0.t_seq uint32, b : IntoIter'0.t_intoiter uint32 (Global'0.t_global), bc : Seq'0.t_seq uint32, c : IntoIter'0.t_intoiter uint32 (Global'0.t_global) . ([%#span8] produces'0 a ab b) + -> ([%#span9] produces'0 b bc c) + -> ([%#span10] inv'1 a) + -> ([%#span11] inv'1 b) -> ([%#span12] inv'1 c) -> ([%#span13] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq uint32 = [%#span20] () + constant empty'0 : Seq'0.t_seq uint32 function produces_refl'0 (self : IntoIter'0.t_intoiter uint32 (Global'0.t_global)) : () = - [%#span23] () + [%#span17] () - axiom produces_refl'0_spec : forall self : IntoIter'0.t_intoiter uint32 (Global'0.t_global) . ([%#span21] inv'1 self) - -> ([%#span22] produces'0 self (empty'0 : Seq'0.t_seq uint32) self) + axiom produces_refl'0_spec : forall self : IntoIter'0.t_intoiter uint32 (Global'0.t_global) . ([%#span15] inv'1 self) + -> ([%#span16] produces'0 self (empty'0 : Seq'0.t_seq uint32) self) use prelude.prelude.Borrow - predicate invariant'4 (self : borrowed (IntoIter'0.t_intoiter uint32 (Global'0.t_global))) = - [%#span24] true + predicate invariant'3 (self : borrowed (IntoIter'0.t_intoiter uint32 (Global'0.t_global))) = + [%#span3] true - predicate inv'4 (_x : borrowed (IntoIter'0.t_intoiter uint32 (Global'0.t_global))) + predicate inv'3 (_x : borrowed (IntoIter'0.t_intoiter uint32 (Global'0.t_global))) - axiom inv'4 : forall x : borrowed (IntoIter'0.t_intoiter uint32 (Global'0.t_global)) . inv'4 x = true - - predicate invariant'3 (self : Seq'0.t_seq uint32) = - [%#span24] true - - axiom inv'3 : forall x : Seq'0.t_seq uint32 . inv'3 x = true + axiom inv'3 : forall x : borrowed (IntoIter'0.t_intoiter uint32 (Global'0.t_global)) . inv'3 x = true use Alloc_Vec_Vec_Type as Vec'0 predicate invariant'2 (self : borrowed (Vec'0.t_vec uint32 (Global'0.t_global))) = - [%#span24] true + [%#span3] true predicate inv'2 (_x : borrowed (Vec'0.t_vec uint32 (Global'0.t_global))) axiom inv'2 : forall x : borrowed (Vec'0.t_vec uint32 (Global'0.t_global)) . inv'2 x = true predicate invariant'1 (self : IntoIter'0.t_intoiter uint32 (Global'0.t_global)) = - [%#span24] true + [%#span3] true axiom inv'1 : forall x : IntoIter'0.t_intoiter uint32 (Global'0.t_global) . inv'1 x = true @@ -1313,79 +1175,72 @@ module C08CollectExtend_ExtendIndex use prelude.prelude.UIntSize - constant max'0 : usize = [%#span25] (18446744073709551615 : usize) + constant max'0 : usize = [%#span18] (18446744073709551615 : usize) predicate inv'0 (_x : Vec'0.t_vec uint32 (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec uint32 (Global'0.t_global)) : Seq'0.t_seq uint32 - axiom shallow_model'0_spec : forall self : Vec'0.t_vec uint32 (Global'0.t_global) . ([%#span26] inv'0 self) - -> ([%#span28] inv'3 (shallow_model'0 self)) - && ([%#span27] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec uint32 (Global'0.t_global) . ([%#span19] inv'0 self) + -> ([%#span20] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'0 (self : Vec'0.t_vec uint32 (Global'0.t_global)) = - [%#span29] inv'3 (shallow_model'0 self) + [%#span21] inv'4 (shallow_model'0 self) axiom inv'0 : forall x : Vec'0.t_vec uint32 (Global'0.t_global) . inv'0 x = true - function empty_len'0 (_1 : ()) : () = - [%#span31] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span30] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span22] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic - use seq.Seq - predicate ext_eq'0 (self : Seq'0.t_seq uint32) (oth : Seq'0.t_seq uint32) - axiom ext_eq'0_spec : forall self : Seq'0.t_seq uint32, oth : Seq'0.t_seq uint32 . ([%#span32] inv'3 self) - -> ([%#span33] inv'3 oth) - -> ([%#span35] len'0 self = len'0 oth + axiom ext_eq'0_spec : forall self : Seq'0.t_seq uint32, oth : Seq'0.t_seq uint32 . ([%#span24] len'0 self = len'0 oth /\ (forall i : int . 0 <= i /\ i < len'0 self -> index_logic'1 self i = index_logic'1 oth i) -> ext_eq'0 self oth) - && ([%#span34] ext_eq'0 self oth -> self = oth) + && ([%#span23] ext_eq'0 self oth -> self = oth) function shallow_model'3 (self : Vec'0.t_vec uint32 (Global'0.t_global)) : Seq'0.t_seq uint32 = - [%#span36] shallow_model'0 self + [%#span25] shallow_model'0 self function deref'0 (self : Snapshot'0.t_snapshot (Vec'0.t_vec uint32 (Global'0.t_global))) : Vec'0.t_vec uint32 (Global'0.t_global) function shallow_model'1 (self : Snapshot'0.t_snapshot (Vec'0.t_vec uint32 (Global'0.t_global))) : Seq'0.t_seq uint32 = - [%#span37] shallow_model'3 (deref'0 self) + [%#span26] shallow_model'3 (deref'0 self) predicate resolve'2 (self : uint32) = - [%#span38] true + [%#span27] true function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec uint32 (Global'0.t_global)) (ix : int) : uint32 = - [%#span39] index_logic'1 (shallow_model'0 self) ix + [%#span28] index_logic'1 (shallow_model'0 self) ix predicate resolve'1 (self : Vec'0.t_vec uint32 (Global'0.t_global)) = - [%#span40] forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 self) -> resolve'2 (index_logic'0 self i) + [%#span29] forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 self) -> resolve'2 (index_logic'0 self i) predicate resolve'0 (self : borrowed (Vec'0.t_vec uint32 (Global'0.t_global))) = - [%#span41] ^ self = * self + [%#span30] ^ self = * self function shallow_model'2 (self : borrowed (Vec'0.t_vec uint32 (Global'0.t_global))) : Seq'0.t_seq uint32 = - [%#span42] shallow_model'0 ( * self) + [%#span31] shallow_model'0 ( * self) function shallow_model'5 (self : borrowed (IntoIter'0.t_intoiter uint32 (Global'0.t_global))) : Seq'0.t_seq uint32 = - [%#span42] shallow_model'4 ( * self) + [%#span31] shallow_model'4 ( * self) predicate resolve'3 (self : borrowed (IntoIter'0.t_intoiter uint32 (Global'0.t_global))) = - [%#span41] ^ self = * self + [%#span30] ^ self = * self predicate completed'0 (self : borrowed (IntoIter'0.t_intoiter uint32 (Global'0.t_global))) = - [%#span43] resolve'3 self /\ shallow_model'5 self = (empty'0 : Seq'0.t_seq uint32) + [%#span32] resolve'3 self /\ shallow_model'5 self = (empty'0 : Seq'0.t_seq uint32) - let rec extend'0 (vec:borrowed (Vec'0.t_vec uint32 (Global'0.t_global))) (iter:IntoIter'0.t_intoiter uint32 (Global'0.t_global)) (return' (ret:()))= {[@expl:precondition] [%#span45] inv'1 iter} - {[@expl:precondition] [%#span44] inv'2 vec} + let rec extend'0 (vec:borrowed (Vec'0.t_vec uint32 (Global'0.t_global))) (iter:IntoIter'0.t_intoiter uint32 (Global'0.t_global)) (return' (ret:()))= {[@expl:precondition] [%#span34] inv'1 iter} + {[@expl:precondition] [%#span33] inv'2 vec} any - [ return' (result:())-> {[%#span46] exists prod : Seq'0.t_seq uint32 . exists done' : borrowed (IntoIter'0.t_intoiter uint32 (Global'0.t_global)) . inv'3 prod - /\ inv'4 done' + [ return' (result:())-> {[%#span35] exists prod : Seq'0.t_seq uint32 . exists done' : borrowed (IntoIter'0.t_intoiter uint32 (Global'0.t_global)) . inv'3 done' /\ completed'0 done' /\ produces'0 iter prod ( * done') /\ shallow_model'0 ( ^ vec) = concat'0 (shallow_model'2 vec) prod} (! return' {result}) ] @@ -1394,24 +1249,24 @@ module C08CollectExtend_ExtendIndex predicate into_iter_post'0 (self : Vec'0.t_vec uint32 (Global'0.t_global)) (res : IntoIter'0.t_intoiter uint32 (Global'0.t_global)) = - [%#span47] shallow_model'0 self = shallow_model'4 res + [%#span36] shallow_model'0 self = shallow_model'4 res predicate into_iter_pre'0 (self : Vec'0.t_vec uint32 (Global'0.t_global)) = - [%#span48] true + [%#span37] true - let rec into_iter'0 (self:Vec'0.t_vec uint32 (Global'0.t_global)) (return' (ret:IntoIter'0.t_intoiter uint32 (Global'0.t_global)))= {[@expl:precondition] [%#span50] inv'0 self} - {[@expl:precondition] [%#span49] into_iter_pre'0 self} + let rec into_iter'0 (self:Vec'0.t_vec uint32 (Global'0.t_global)) (return' (ret:IntoIter'0.t_intoiter uint32 (Global'0.t_global)))= {[@expl:precondition] [%#span39] inv'0 self} + {[@expl:precondition] [%#span38] into_iter_pre'0 self} any - [ return' (result:IntoIter'0.t_intoiter uint32 (Global'0.t_global))-> {[%#span51] inv'1 result} - {[%#span49] into_iter_post'0 self result} + [ return' (result:IntoIter'0.t_intoiter uint32 (Global'0.t_global))-> {[%#span40] inv'1 result} + {[%#span38] into_iter_post'0 self result} (! return' {result}) ] function new'0 (x : Vec'0.t_vec uint32 (Global'0.t_global)) : Snapshot'0.t_snapshot (Vec'0.t_vec uint32 (Global'0.t_global)) - axiom new'0_spec : forall x : Vec'0.t_vec uint32 (Global'0.t_global) . ([%#span52] inv'0 x) - -> ([%#span53] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : Vec'0.t_vec uint32 (Global'0.t_global) . ([%#span41] inv'0 x) + -> ([%#span42] deref'0 (new'0 x) = x) let rec extend_index (v1:Vec'0.t_vec uint32 (Global'0.t_global)) (v2:Vec'0.t_vec uint32 (Global'0.t_global)) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &oldv1 <- [%#s08_collect_extend0] new'0 v1 ] s1 | s1 = bb1 ] @@ -1459,75 +1314,62 @@ module C08CollectExtend_CollectExample let%span s08_collect_extend2 = "../08_collect_extend.rs" 61 48 61 52 - let%span span3 = "" 0 0 0 0 + let%span span3 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span4 = "" 0 0 0 0 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 let%span span6 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 let%span span7 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span8 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span8 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span9 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span10 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 + let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span11 = "../../../../../creusot-contracts/src/std/iter.rs" 38 15 38 32 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span12 = "../../../../../creusot-contracts/src/std/iter.rs" 39 15 39 32 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span13 = "../../../../../creusot-contracts/src/std/iter.rs" 41 22 41 23 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span14 = "../../../../../creusot-contracts/src/std/iter.rs" 41 52 41 53 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span15 = "../../../../../creusot-contracts/src/std/iter.rs" 41 82 41 83 - let%span span16 = "../../../../../creusot-contracts/src/std/iter.rs" 38 15 38 32 + let%span span16 = "../../../../../creusot-contracts/src/std/iter.rs" 40 14 40 42 - let%span span17 = "../../../../../creusot-contracts/src/std/iter.rs" 39 15 39 32 - - let%span span18 = "../../../../../creusot-contracts/src/std/iter.rs" 41 22 41 23 - - let%span span19 = "../../../../../creusot-contracts/src/std/iter.rs" 41 31 41 33 - - let%span span20 = "../../../../../creusot-contracts/src/std/iter.rs" 41 52 41 53 - - let%span span21 = "../../../../../creusot-contracts/src/std/iter.rs" 41 61 41 63 - - let%span span22 = "../../../../../creusot-contracts/src/std/iter.rs" 41 82 41 83 - - let%span span23 = "../../../../../creusot-contracts/src/std/iter.rs" 40 14 40 42 + let%span span17 = "../../../../../creusot-contracts/src/std/iter.rs" 35 21 35 25 - let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span18 = "../../../../../creusot-contracts/src/std/iter.rs" 34 14 34 45 - let%span span25 = "../../../../../creusot-contracts/src/std/iter.rs" 35 21 35 25 + let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span26 = "../../../../../creusot-contracts/src/std/iter.rs" 34 14 34 45 + let%span span20 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span21 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 - let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span22 = "../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 - let%span span29 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span23 = "../08_collect_extend.rs" 42 28 42 32 - let%span span30 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 + let%span span24 = "../08_collect_extend.rs" 38 0 41 2 - let%span span31 = "../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 - - let%span span32 = "../08_collect_extend.rs" 42 28 42 32 - - let%span span33 = "../08_collect_extend.rs" 38 0 41 2 - - let%span span34 = "../08_collect_extend.rs" 42 40 42 52 + let%span span25 = "../08_collect_extend.rs" 42 40 42 52 use prelude.prelude.UInt32 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'1 (_x : Seq'0.t_seq uint32) + predicate invariant'3 (self : Seq'0.t_seq uint32) = + [%#span3] true + + predicate inv'3 (_x : Seq'0.t_seq uint32) + + axiom inv'3 : forall x : Seq'0.t_seq uint32 . inv'3 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -1539,57 +1381,42 @@ module C08CollectExtend_CollectExample use prelude.prelude.Int - constant max'0 : usize = [%#span3] (18446744073709551615 : usize) - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + constant max'0 : usize = [%#span4] (18446744073709551615 : usize) function len'0 (self : Seq'0.t_seq uint32) : int - axiom len'0_spec : forall self : Seq'0.t_seq uint32 . ([%#span4] inv'1 self) -> ([%#span5] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq uint32 . [%#span5] len'0 self >= 0 - predicate inv'3 (_x : Vec'0.t_vec uint32 (Global'0.t_global)) + predicate inv'2 (_x : Vec'0.t_vec uint32 (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec uint32 (Global'0.t_global)) : Seq'0.t_seq uint32 - axiom shallow_model'0_spec : forall self : Vec'0.t_vec uint32 (Global'0.t_global) . ([%#span6] inv'3 self) - -> ([%#span8] inv'1 (shallow_model'0 self)) - && ([%#span7] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec uint32 (Global'0.t_global) . ([%#span6] inv'2 self) + -> ([%#span7] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) - predicate invariant'3 (self : Vec'0.t_vec uint32 (Global'0.t_global)) = - [%#span9] inv'1 (shallow_model'0 self) + predicate invariant'2 (self : Vec'0.t_vec uint32 (Global'0.t_global)) = + [%#span8] inv'3 (shallow_model'0 self) - axiom inv'3 : forall x : Vec'0.t_vec uint32 (Global'0.t_global) . inv'3 x = true + axiom inv'2 : forall x : Vec'0.t_vec uint32 (Global'0.t_global) . inv'2 x = true use prelude.prelude.Borrow - predicate invariant'2 (self : borrowed i) - - predicate inv'2 (_x : borrowed i) - - axiom inv'2 : forall x : borrowed i . inv'2 x = true - - predicate invariant'1 (self : Seq'0.t_seq uint32) = - [%#span10] true - - axiom inv'1 : forall x : Seq'0.t_seq uint32 . inv'1 x = true + predicate invariant'1 (self : borrowed i) - use seq.Seq + predicate inv'1 (_x : borrowed i) - use seq.Seq + axiom inv'1 : forall x : borrowed i . inv'1 x = true - function index_logic'1 (self : Seq'0.t_seq uint32) (x : int) : uint32 + function index_logic'1 (self : Seq'0.t_seq uint32) (_2 : int) : uint32 function concat'0 (self : Seq'0.t_seq uint32) (other : Seq'0.t_seq uint32) : Seq'0.t_seq uint32 - axiom concat'0_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span11] inv'1 self) - -> ([%#span12] inv'1 other) - -> ([%#span15] inv'1 (concat'0 self other)) - && ([%#span14] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span10] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'0 self then index_logic'1 self i else index_logic'1 other (i - len'0 self))) - && ([%#span13] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span9] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate inv'0 (_x : i) @@ -1597,49 +1424,46 @@ module C08CollectExtend_CollectExample function produces_trans'0 (a : i) (ab : Seq'0.t_seq uint32) (b : i) (bc : Seq'0.t_seq uint32) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq uint32, b : i, bc : Seq'0.t_seq uint32, c : i . ([%#span16] produces'0 a ab b) - -> ([%#span17] produces'0 b bc c) - -> ([%#span18] inv'0 a) - -> ([%#span19] inv'1 ab) - -> ([%#span20] inv'0 b) - -> ([%#span21] inv'1 bc) -> ([%#span22] inv'0 c) -> ([%#span23] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq uint32, b : i, bc : Seq'0.t_seq uint32, c : i . ([%#span11] produces'0 a ab b) + -> ([%#span12] produces'0 b bc c) + -> ([%#span13] inv'0 a) + -> ([%#span14] inv'0 b) -> ([%#span15] inv'0 c) -> ([%#span16] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq uint32 = [%#span24] () + constant empty'0 : Seq'0.t_seq uint32 function produces_refl'0 (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span25] inv'0 self) - -> ([%#span26] produces'0 self (empty'0 : Seq'0.t_seq uint32) self) + axiom produces_refl'0_spec : forall self : i . ([%#span17] inv'0 self) + -> ([%#span18] produces'0 self (empty'0 : Seq'0.t_seq uint32) self) predicate invariant'0 (self : i) axiom inv'0 : forall x : i . inv'0 x = true - function empty_len'0 (_1 : ()) : () = - [%#span28] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span27] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span19] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 use prelude.prelude.Intrinsic use prelude.prelude.UInt32 function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec uint32 (Global'0.t_global)) (ix : int) : uint32 = - [%#span29] index_logic'1 (shallow_model'0 self) ix + [%#span20] index_logic'1 (shallow_model'0 self) ix predicate resolve'1 (self : uint32) = - [%#span30] true + [%#span21] true predicate resolve'0 (self : Vec'0.t_vec uint32 (Global'0.t_global)) = - [%#span31] forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 self) -> resolve'1 (index_logic'0 self i) + [%#span22] forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 self) -> resolve'1 (index_logic'0 self i) predicate completed'0 (self : borrowed i) - let rec collect'0 (iter:i) (return' (ret:Vec'0.t_vec uint32 (Global'0.t_global)))= {[@expl:precondition] [%#span32] inv'0 iter} + let rec collect'0 (iter:i) (return' (ret:Vec'0.t_vec uint32 (Global'0.t_global)))= {[@expl:precondition] [%#span23] inv'0 iter} any - [ return' (result:Vec'0.t_vec uint32 (Global'0.t_global))-> {[%#span34] inv'3 result} - {[%#span33] exists prod : Seq'0.t_seq uint32 . exists done' : borrowed i . inv'1 prod - /\ inv'2 done' /\ completed'0 done' /\ produces'0 iter prod ( * done') /\ shallow_model'0 result = prod} + [ return' (result:Vec'0.t_vec uint32 (Global'0.t_global))-> {[%#span25] inv'2 result} + {[%#span24] exists prod : Seq'0.t_seq uint32 . exists done' : borrowed i . inv'1 done' + /\ completed'0 done' /\ produces'0 iter prod ( * done') /\ shallow_model'0 result = prod} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/iterators/09_empty.coma b/creusot/tests/should_succeed/iterators/09_empty.coma index d99a3d53a7..2287b7148d 100644 --- a/creusot/tests/should_succeed/iterators/09_empty.coma +++ b/creusot/tests/should_succeed/iterators/09_empty.coma @@ -23,71 +23,39 @@ module C09Empty_Empty_Type end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C09Empty_Impl0_ProducesRefl_Impl type t let%span s09_empty0 = "../09_empty.rs" 27 14 27 45 - let%span span1 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span1 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span6 = "../09_empty.rs" 22 20 22 54 - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'0 (self : Seq'0.t_seq t) - - predicate inv'0 (_x : Seq'0.t_seq t) - - axiom inv'0 : forall x : Seq'0.t_seq t . inv'0 x = true + let%span span3 = "../09_empty.rs" 22 20 22 54 use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span1] inv'0 self) -> ([%#span2] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span1] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq t = [%#span3] () + constant empty'0 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span5] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span4] len'0 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span2] len'0 (empty'0 : Seq'0.t_seq t) = 0 use C09Empty_Empty_Type as Empty'0 predicate produces'0 [#"../09_empty.rs" 21 4 21 64] (self : Empty'0.t_empty t) (visited : Seq'0.t_seq t) (o : Empty'0.t_empty t) = - [%#span6] visited = (empty'0 : Seq'0.t_seq t) /\ self = o + [%#span3] visited = (empty'0 : Seq'0.t_seq t) /\ self = o constant self : Empty'0.t_empty t @@ -102,81 +70,48 @@ module C09Empty_Impl0_ProducesTrans_Impl let%span s09_empty1 = "../09_empty.rs" 33 15 33 32 - let%span s09_empty2 = "../09_empty.rs" 35 31 35 33 + let%span s09_empty2 = "../09_empty.rs" 34 14 34 42 - let%span s09_empty3 = "../09_empty.rs" 35 61 35 63 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span s09_empty4 = "../09_empty.rs" 34 14 34 42 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span15 = "../09_empty.rs" 22 20 22 54 + let%span span7 = "../09_empty.rs" 22 20 22 54 use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'0 (_x : Seq'0.t_seq t) - function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span5] inv'0 self) -> ([%#span6] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span3] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq t = [%#span7] () + constant empty'0 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span9] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span8] len'0 (empty'0 : Seq'0.t_seq t) = 0 - - predicate invariant'0 (self : Seq'0.t_seq t) - - axiom inv'0 : forall x : Seq'0.t_seq t . inv'0 x = true + axiom empty_len'0_spec : forall _1 : () . [%#span4] len'0 (empty'0 : Seq'0.t_seq t) = 0 use C09Empty_Empty_Type as Empty'0 - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'0 (self : Seq'0.t_seq t) (_2 : int) : t function concat'0 (self : Seq'0.t_seq t) (other : Seq'0.t_seq t) : Seq'0.t_seq t - axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span10] inv'0 self) - -> ([%#span11] inv'0 other) - -> ([%#span14] inv'0 (concat'0 self other)) - && ([%#span13] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span6] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span12] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span5] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate produces'0 [#"../09_empty.rs" 21 4 21 64] (self : Empty'0.t_empty t) (visited : Seq'0.t_seq t) (o : Empty'0.t_empty t) = - [%#span15] visited = (empty'0 : Seq'0.t_seq t) /\ self = o + [%#span7] visited = (empty'0 : Seq'0.t_seq t) /\ self = o constant a : Empty'0.t_empty t @@ -191,10 +126,8 @@ module C09Empty_Impl0_ProducesTrans_Impl function produces_trans [#"../09_empty.rs" 35 4 35 90] (a : Empty'0.t_empty t) (ab : Seq'0.t_seq t) (b : Empty'0.t_empty t) (bc : Seq'0.t_seq t) (c : Empty'0.t_empty t) : () - goal vc_produces_trans : ([%#s09_empty3] inv'0 bc) - -> ([%#s09_empty2] inv'0 ab) - -> ([%#s09_empty1] produces'0 b bc c) - -> ([%#s09_empty0] produces'0 a ab b) -> ([%#s09_empty4] produces'0 a (concat'0 ab bc) c) + goal vc_produces_trans : ([%#s09_empty1] produces'0 b bc c) + -> ([%#s09_empty0] produces'0 a ab b) -> ([%#s09_empty2] produces'0 a (concat'0 ab bc) c) end module Core_Option_Option_Type type t_option 't = @@ -219,37 +152,21 @@ module C09Empty_Impl0_Next let%span s09_empty1 = "../09_empty.rs" 41 26 41 35 - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span4 = "../09_empty.rs" 22 20 22 54 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span7 = "../09_empty.rs" 22 20 22 54 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span8 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 - - let%span span12 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - - let%span span13 = "../09_empty.rs" 16 20 16 34 - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'2 (self : Seq'0.t_seq t) - - predicate inv'2 (_x : Seq'0.t_seq t) - - axiom inv'2 : forall x : Seq'0.t_seq t . inv'2 x = true + let%span span9 = "../09_empty.rs" 16 20 16 34 predicate invariant'1 (self : t) @@ -267,47 +184,39 @@ module C09Empty_Impl0_Next use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span2] inv'2 self) -> ([%#span3] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span2] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq t = [%#span4] () + constant empty'0 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span6] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span5] len'0 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span3] len'0 (empty'0 : Seq'0.t_seq t) = 0 use C09Empty_Empty_Type as Empty'0 predicate produces'0 [#"../09_empty.rs" 21 4 21 64] (self : Empty'0.t_empty t) (visited : Seq'0.t_seq t) (o : Empty'0.t_empty t) = - [%#span7] visited = (empty'0 : Seq'0.t_seq t) /\ self = o - - use seq.Seq - - use seq.Seq + [%#span4] visited = (empty'0 : Seq'0.t_seq t) /\ self = o - function index_logic'0 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'0 (self : Seq'0.t_seq t) (_2 : int) : t function singleton'0 (v : t) : Seq'0.t_seq t - axiom singleton'0_spec : forall v : t . ([%#span8] inv'1 v) - -> ([%#span11] inv'2 (singleton'0 v)) - && ([%#span10] index_logic'0 (singleton'0 v) 0 = v) && ([%#span9] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : t . ([%#span5] inv'1 v) + -> ([%#span7] index_logic'0 (singleton'0 v) 0 = v) && ([%#span6] len'0 (singleton'0 v) = 1) use prelude.prelude.Borrow predicate resolve'0 (self : borrowed (Empty'0.t_empty t)) = - [%#span12] ^ self = * self + [%#span8] ^ self = * self predicate completed'0 [#"../09_empty.rs" 15 4 15 35] (self : borrowed (Empty'0.t_empty t)) = - [%#span13] resolve'0 self + [%#span9] resolve'0 self use prelude.prelude.Intrinsic @@ -331,49 +240,29 @@ module C09Empty_Impl0 let%span s09_empty2 = "../09_empty.rs" 35 4 35 90 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span9 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span10 = "../09_empty.rs" 16 20 16 34 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span11 = "../09_empty.rs" 22 20 22 54 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + predicate invariant'3 (self : t) - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + predicate inv'3 (_x : t) - let%span span14 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - - let%span span15 = "../09_empty.rs" 16 20 16 34 - - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span17 = "../09_empty.rs" 22 20 22 54 - - predicate invariant'4 (self : t) - - predicate inv'4 (_x : t) - - axiom inv'4 : forall x : t . inv'4 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'3 (self : Seq'0.t_seq t) - - predicate inv'3 (_x : Seq'0.t_seq t) - - axiom inv'3 : forall x : Seq'0.t_seq t . inv'3 x = true + axiom inv'3 : forall x : t . inv'3 x = true use Core_Option_Option_Type as Option'0 @@ -399,54 +288,43 @@ module C09Empty_Impl0 axiom inv'0 : forall x : Empty'0.t_empty t . inv'0 x = true - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - use seq.Seq + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 use prelude.prelude.Int - function index_logic'0 (self : Seq'0.t_seq t) (x : int) : t - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq t) (_2 : int) : t function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span3] inv'3 self) -> ([%#span4] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span3] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq t) (other : Seq'0.t_seq t) : Seq'0.t_seq t - axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span5] inv'3 self) - -> ([%#span6] inv'3 other) - -> ([%#span9] inv'3 (concat'0 self other)) - && ([%#span8] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span5] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span7] len'0 (concat'0 self other) = len'0 self + len'0 other) - - use seq.Seq + && ([%#span4] len'0 (concat'0 self other) = len'0 self + len'0 other) function singleton'0 (v : t) : Seq'0.t_seq t - axiom singleton'0_spec : forall v : t . ([%#span10] inv'4 v) - -> ([%#span13] inv'3 (singleton'0 v)) - && ([%#span12] index_logic'0 (singleton'0 v) 0 = v) && ([%#span11] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : t . ([%#span6] inv'3 v) + -> ([%#span8] index_logic'0 (singleton'0 v) 0 = v) && ([%#span7] len'0 (singleton'0 v) = 1) predicate resolve'0 (self : borrowed (Empty'0.t_empty t)) = - [%#span14] ^ self = * self + [%#span9] ^ self = * self predicate completed'0 [#"../09_empty.rs" 15 4 15 35] (self : borrowed (Empty'0.t_empty t)) = - [%#span15] resolve'0 self + [%#span10] resolve'0 self - constant empty'0 : Seq'0.t_seq t = [%#span16] () + constant empty'0 : Seq'0.t_seq t - constant empty'0 : Seq'0.t_seq t = [%#span16] () + constant empty'0 : Seq'0.t_seq t predicate produces'0 [#"../09_empty.rs" 21 4 21 64] (self : Empty'0.t_empty t) (visited : Seq'0.t_seq t) (o : Empty'0.t_empty t) = - [%#span17] visited = (empty'0 : Seq'0.t_seq t) /\ self = o + [%#span11] visited = (empty'0 : Seq'0.t_seq t) /\ self = o goal produces_refl_refn : [%#s09_empty0] forall self : Empty'0.t_empty t . inv'0 self -> (forall result : () . produces'0 self (empty'0 : Seq'0.t_seq t) self @@ -465,9 +343,7 @@ module C09Empty_Impl0 end) goal produces_trans_refn : [%#s09_empty2] forall a : Empty'0.t_empty t . forall ab : Seq'0.t_seq t . forall b : Empty'0.t_empty t . forall bc : Seq'0.t_seq t . forall c : Empty'0.t_empty t . inv'0 c - /\ inv'3 bc /\ inv'0 b /\ inv'3 ab /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b - -> inv'3 bc - /\ inv'3 ab - /\ produces'0 b bc c + /\ inv'0 b /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b + -> produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (concat'0 ab bc) c -> produces'0 a (concat'0 ab bc) c) end diff --git a/creusot/tests/should_succeed/iterators/10_once.coma b/creusot/tests/should_succeed/iterators/10_once.coma index 38645564f7..97399b9e4a 100644 --- a/creusot/tests/should_succeed/iterators/10_once.coma +++ b/creusot/tests/should_succeed/iterators/10_once.coma @@ -29,22 +29,7 @@ module C10Once_Once_Type end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C10Once_Impl0_ProducesRefl_Impl type t @@ -53,56 +38,37 @@ module C10Once_Impl0_ProducesRefl_Impl let%span s10_once1 = "../10_once.rs" 30 14 30 45 - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 - - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 - - let%span span11 = "../10_once.rs" 22 8 25 9 + let%span span7 = "../10_once.rs" 22 8 25 9 - predicate invariant'2 (self : t) + predicate invariant'1 (self : t) - predicate inv'2 (_x : t) + predicate inv'1 (_x : t) - axiom inv'2 : forall x : t . inv'2 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'1 (self : Seq'0.t_seq t) - - predicate inv'1 (_x : Seq'0.t_seq t) - - axiom inv'1 : forall x : Seq'0.t_seq t . inv'1 x = true + axiom inv'1 : forall x : t . inv'1 x = true use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span2] inv'1 self) -> ([%#span3] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span2] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq t = [%#span4] () + constant empty'0 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span6] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span5] len'0 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span3] len'0 (empty'0 : Seq'0.t_seq t) = 0 use C10Once_Once_Type as Once'0 @@ -112,25 +78,20 @@ module C10Once_Impl0_ProducesRefl_Impl axiom inv'0 : forall x : Once'0.t_once t . inv'0 x = true - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'0 (self : Seq'0.t_seq t) (_2 : int) : t function singleton'0 (v : t) : Seq'0.t_seq t - axiom singleton'0_spec : forall v : t . ([%#span7] inv'2 v) - -> ([%#span10] inv'1 (singleton'0 v)) - && ([%#span9] index_logic'0 (singleton'0 v) 0 = v) && ([%#span8] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : t . ([%#span4] inv'1 v) + -> ([%#span6] index_logic'0 (singleton'0 v) 0 = v) && ([%#span5] len'0 (singleton'0 v) = 1) use Core_Option_Option_Type as Option'0 predicate produces'0 [#"../10_once.rs" 21 4 21 64] (self : Once'0.t_once t) (visited : Seq'0.t_seq t) (o : Once'0.t_once t) = - [%#span11] visited = (empty'0 : Seq'0.t_seq t) /\ self = o - \/ (exists e : t . inv'2 e + [%#span7] visited = (empty'0 : Seq'0.t_seq t) /\ self = o + \/ (exists e : t . inv'1 e /\ self = Once'0.C_Once (Option'0.C_Some e) /\ visited = singleton'0 e /\ o = Once'0.C_Once (Option'0.C_None)) constant self : Once'0.t_once t @@ -148,76 +109,47 @@ module C10Once_Impl0_ProducesTrans_Impl let%span s10_once2 = "../10_once.rs" 38 22 38 23 - let%span s10_once3 = "../10_once.rs" 38 31 38 33 + let%span s10_once3 = "../10_once.rs" 38 52 38 53 - let%span s10_once4 = "../10_once.rs" 38 52 38 53 + let%span s10_once4 = "../10_once.rs" 38 82 38 83 - let%span s10_once5 = "../10_once.rs" 38 61 38 63 + let%span s10_once5 = "../10_once.rs" 37 14 37 42 - let%span s10_once6 = "../10_once.rs" 38 82 38 83 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span s10_once7 = "../10_once.rs" 37 14 37 42 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span13 = "../10_once.rs" 22 8 25 9 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + predicate invariant'1 (self : t) - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + predicate inv'1 (_x : t) - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 - - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 - - let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 - - let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 - - let%span span22 = "../10_once.rs" 22 8 25 9 - - predicate invariant'2 (self : t) - - predicate inv'2 (_x : t) - - axiom inv'2 : forall x : t . inv'2 x = true + axiom inv'1 : forall x : t . inv'1 x = true use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'1 (_x : Seq'0.t_seq t) - function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span8] inv'1 self) -> ([%#span9] len'0 self >= 0) - - constant empty'0 : Seq'0.t_seq t = [%#span10] () - - function empty_len'0 (_1 : ()) : () = - [%#span12] () + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span6] len'0 self >= 0 - axiom empty_len'0_spec : forall _1 : () . [%#span11] len'0 (empty'0 : Seq'0.t_seq t) = 0 + constant empty'0 : Seq'0.t_seq t - predicate invariant'1 (self : Seq'0.t_seq t) + function empty_len'0 (_1 : ()) : () - axiom inv'1 : forall x : Seq'0.t_seq t . inv'1 x = true + axiom empty_len'0_spec : forall _1 : () . [%#span7] len'0 (empty'0 : Seq'0.t_seq t) = 0 use C10Once_Once_Type as Once'0 @@ -227,37 +159,28 @@ module C10Once_Impl0_ProducesTrans_Impl axiom inv'0 : forall x : Once'0.t_once t . inv'0 x = true - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'0 (self : Seq'0.t_seq t) (_2 : int) : t function concat'0 (self : Seq'0.t_seq t) (other : Seq'0.t_seq t) : Seq'0.t_seq t - axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span13] inv'1 self) - -> ([%#span14] inv'1 other) - -> ([%#span17] inv'1 (concat'0 self other)) - && ([%#span16] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span9] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span15] len'0 (concat'0 self other) = len'0 self + len'0 other) - - use seq.Seq + && ([%#span8] len'0 (concat'0 self other) = len'0 self + len'0 other) function singleton'0 (v : t) : Seq'0.t_seq t - axiom singleton'0_spec : forall v : t . ([%#span18] inv'2 v) - -> ([%#span21] inv'1 (singleton'0 v)) - && ([%#span20] index_logic'0 (singleton'0 v) 0 = v) && ([%#span19] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : t . ([%#span10] inv'1 v) + -> ([%#span12] index_logic'0 (singleton'0 v) 0 = v) && ([%#span11] len'0 (singleton'0 v) = 1) use Core_Option_Option_Type as Option'0 predicate produces'0 [#"../10_once.rs" 21 4 21 64] (self : Once'0.t_once t) (visited : Seq'0.t_seq t) (o : Once'0.t_once t) = - [%#span22] visited = (empty'0 : Seq'0.t_seq t) /\ self = o - \/ (exists e : t . inv'2 e + [%#span13] visited = (empty'0 : Seq'0.t_seq t) /\ self = o + \/ (exists e : t . inv'1 e /\ self = Once'0.C_Once (Option'0.C_Some e) /\ visited = singleton'0 e /\ o = Once'0.C_Once (Option'0.C_None)) constant a : Once'0.t_once t @@ -273,13 +196,11 @@ module C10Once_Impl0_ProducesTrans_Impl function produces_trans [#"../10_once.rs" 38 4 38 90] (a : Once'0.t_once t) (ab : Seq'0.t_seq t) (b : Once'0.t_once t) (bc : Seq'0.t_seq t) (c : Once'0.t_once t) : () - goal vc_produces_trans : ([%#s10_once6] inv'0 c) - -> ([%#s10_once5] inv'1 bc) - -> ([%#s10_once4] inv'0 b) - -> ([%#s10_once3] inv'1 ab) + goal vc_produces_trans : ([%#s10_once4] inv'0 c) + -> ([%#s10_once3] inv'0 b) -> ([%#s10_once2] inv'0 a) -> ([%#s10_once1] produces'0 b bc c) - -> ([%#s10_once0] produces'0 a ab b) -> ([%#s10_once7] produces'0 a (concat'0 ab bc) c) + -> ([%#s10_once0] produces'0 a ab b) -> ([%#s10_once5] produces'0 a (concat'0 ab bc) c) end module C10Once_Impl0_Next type t @@ -290,43 +211,27 @@ module C10Once_Impl0_Next let%span s10_once2 = "../10_once.rs" 44 26 44 35 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span12 = "../10_once.rs" 22 8 25 9 + let%span span8 = "../10_once.rs" 22 8 25 9 - let%span span13 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - - let%span span14 = "../10_once.rs" 16 20 16 57 - - let%span span15 = "" 0 0 0 0 - - let%span span16 = "../../../../../creusot-contracts/src/std/option.rs" 29 0 140 1 - - let%span span17 = "" 0 0 0 0 + let%span span9 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + let%span span10 = "../10_once.rs" 16 20 16 57 - predicate invariant'4 (self : Seq'0.t_seq t) + let%span span11 = "" 0 0 0 0 - predicate inv'4 (_x : Seq'0.t_seq t) + let%span span12 = "../../../../../creusot-contracts/src/std/option.rs" 29 0 140 1 - axiom inv'4 : forall x : Seq'0.t_seq t . inv'4 x = true + let%span span13 = "" 0 0 0 0 predicate invariant'3 (self : t) @@ -346,20 +251,17 @@ module C10Once_Impl0_Next use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span3] inv'4 self) -> ([%#span4] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span3] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq t = [%#span5] () + constant empty'0 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span7] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span6] len'0 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span4] len'0 (empty'0 : Seq'0.t_seq t) = 0 use C10Once_Once_Type as Once'0 @@ -375,37 +277,32 @@ module C10Once_Impl0_Next axiom inv'0 : forall x : Option'0.t_option t . inv'0 x = true - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'0 (self : Seq'0.t_seq t) (_2 : int) : t function singleton'0 (v : t) : Seq'0.t_seq t - axiom singleton'0_spec : forall v : t . ([%#span8] inv'3 v) - -> ([%#span11] inv'4 (singleton'0 v)) - && ([%#span10] index_logic'0 (singleton'0 v) 0 = v) && ([%#span9] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : t . ([%#span5] inv'3 v) + -> ([%#span7] index_logic'0 (singleton'0 v) 0 = v) && ([%#span6] len'0 (singleton'0 v) = 1) predicate produces'0 [#"../10_once.rs" 21 4 21 64] (self : Once'0.t_once t) (visited : Seq'0.t_seq t) (o : Once'0.t_once t) = - [%#span12] visited = (empty'0 : Seq'0.t_seq t) /\ self = o + [%#span8] visited = (empty'0 : Seq'0.t_seq t) /\ self = o \/ (exists e : t . inv'3 e /\ self = Once'0.C_Once (Option'0.C_Some e) /\ visited = singleton'0 e /\ o = Once'0.C_Once (Option'0.C_None)) predicate resolve'0 (self : borrowed (Once'0.t_once t)) = - [%#span13] ^ self = * self + [%#span9] ^ self = * self predicate completed'0 [#"../10_once.rs" 15 4 15 35] (self : borrowed (Once'0.t_once t)) = - [%#span14] * self = Once'0.C_Once (Option'0.C_None) /\ resolve'0 self + [%#span10] * self = Once'0.C_Once (Option'0.C_None) /\ resolve'0 self use prelude.prelude.Intrinsic - let rec take'0 (self:borrowed (Option'0.t_option t)) (return' (ret:Option'0.t_option t))= {[@expl:precondition] [%#span15] inv'2 self} + let rec take'0 (self:borrowed (Option'0.t_option t)) (return' (ret:Option'0.t_option t))= {[@expl:precondition] [%#span11] inv'2 self} any - [ return' (result:Option'0.t_option t)-> {[%#span17] inv'0 result} - {[%#span16] result = * self /\ ^ self = Option'0.C_None} + [ return' (result:Option'0.t_option t)-> {[%#span13] inv'0 result} + {[%#span12] result = * self /\ ^ self = Option'0.C_None} (! return' {result}) ] @@ -448,67 +345,47 @@ module C10Once_Impl0 let%span s10_once2 = "../10_once.rs" 44 4 44 35 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 - - let%span span9 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - - let%span span10 = "../10_once.rs" 16 20 16 57 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span7 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span8 = "../10_once.rs" 16 20 16 57 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span17 = "../10_once.rs" 22 8 25 9 + let%span span11 = "../10_once.rs" 22 8 25 9 - predicate invariant'4 (self : t) + predicate invariant'3 (self : t) - predicate inv'4 (_x : t) + predicate inv'3 (_x : t) - axiom inv'4 : forall x : t . inv'4 x = true + axiom inv'3 : forall x : t . inv'3 x = true use Core_Option_Option_Type as Option'0 - predicate invariant'3 (self : Option'0.t_option t) + predicate invariant'2 (self : Option'0.t_option t) - predicate inv'3 (_x : Option'0.t_option t) + predicate inv'2 (_x : Option'0.t_option t) - axiom inv'3 : forall x : Option'0.t_option t . inv'3 x = true + axiom inv'2 : forall x : Option'0.t_option t . inv'2 x = true use C10Once_Once_Type as Once'0 use prelude.prelude.Borrow - predicate invariant'2 (self : borrowed (Once'0.t_once t)) - - predicate inv'2 (_x : borrowed (Once'0.t_once t)) - - axiom inv'2 : forall x : borrowed (Once'0.t_once t) . inv'2 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'1 (self : Seq'0.t_seq t) + predicate invariant'1 (self : borrowed (Once'0.t_once t)) - predicate inv'1 (_x : Seq'0.t_seq t) + predicate inv'1 (_x : borrowed (Once'0.t_once t)) - axiom inv'1 : forall x : Seq'0.t_seq t . inv'1 x = true + axiom inv'1 : forall x : borrowed (Once'0.t_once t) . inv'1 x = true predicate invariant'0 (self : Once'0.t_once t) @@ -518,61 +395,48 @@ module C10Once_Impl0 use prelude.prelude.Int - use seq.Seq - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - function index_logic'0 (self : Seq'0.t_seq t) (x : int) : t + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq t) (_2 : int) : t function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span3] inv'1 self) -> ([%#span4] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span3] len'0 self >= 0 function singleton'0 (v : t) : Seq'0.t_seq t - axiom singleton'0_spec : forall v : t . ([%#span5] inv'4 v) - -> ([%#span8] inv'1 (singleton'0 v)) - && ([%#span7] index_logic'0 (singleton'0 v) 0 = v) && ([%#span6] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : t . ([%#span4] inv'3 v) + -> ([%#span6] index_logic'0 (singleton'0 v) 0 = v) && ([%#span5] len'0 (singleton'0 v) = 1) predicate resolve'0 (self : borrowed (Once'0.t_once t)) = - [%#span9] ^ self = * self + [%#span7] ^ self = * self predicate completed'0 [#"../10_once.rs" 15 4 15 35] (self : borrowed (Once'0.t_once t)) = - [%#span10] * self = Once'0.C_Once (Option'0.C_None) /\ resolve'0 self - - constant empty'0 : Seq'0.t_seq t = [%#span11] () + [%#span8] * self = Once'0.C_Once (Option'0.C_None) /\ resolve'0 self - constant empty'0 : Seq'0.t_seq t = [%#span11] () + constant empty'0 : Seq'0.t_seq t - use seq.Seq + constant empty'0 : Seq'0.t_seq t function concat'0 (self : Seq'0.t_seq t) (other : Seq'0.t_seq t) : Seq'0.t_seq t - axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span12] inv'1 self) - -> ([%#span13] inv'1 other) - -> ([%#span16] inv'1 (concat'0 self other)) - && ([%#span15] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span10] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span14] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span9] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate produces'0 [#"../10_once.rs" 21 4 21 64] (self : Once'0.t_once t) (visited : Seq'0.t_seq t) (o : Once'0.t_once t) = - [%#span17] visited = (empty'0 : Seq'0.t_seq t) /\ self = o - \/ (exists e : t . inv'4 e + [%#span11] visited = (empty'0 : Seq'0.t_seq t) /\ self = o + \/ (exists e : t . inv'3 e /\ self = Once'0.C_Once (Option'0.C_Some e) /\ visited = singleton'0 e /\ o = Once'0.C_Once (Option'0.C_None)) goal produces_trans_refn : [%#s10_once0] forall a : Once'0.t_once t . forall ab : Seq'0.t_seq t . forall b : Once'0.t_once t . forall bc : Seq'0.t_seq t . forall c : Once'0.t_once t . inv'0 c - /\ inv'1 bc /\ inv'0 b /\ inv'1 ab /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b + /\ inv'0 b /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b -> inv'0 c - /\ inv'1 bc /\ inv'0 b - /\ inv'1 ab /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (concat'0 ab bc) c -> produces'0 a (concat'0 ab bc) c) @@ -582,14 +446,14 @@ module C10Once_Impl0 /\ (forall result : () . produces'0 self (empty'0 : Seq'0.t_seq t) self -> produces'0 self (empty'1 : Seq'0.t_seq t) self) - goal next_refn : [%#s10_once2] forall self : borrowed (Once'0.t_once t) . inv'2 self - -> inv'2 self - /\ (forall result : Option'0.t_option t . inv'3 result + goal next_refn : [%#s10_once2] forall self : borrowed (Once'0.t_once t) . inv'1 self + -> inv'1 self + /\ (forall result : Option'0.t_option t . inv'2 result /\ match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end - -> inv'3 result + -> inv'2 result /\ match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) diff --git a/creusot/tests/should_succeed/iterators/11_repeat.coma b/creusot/tests/should_succeed/iterators/11_repeat.coma index 67e1861d93..2a621f7607 100644 --- a/creusot/tests/should_succeed/iterators/11_repeat.coma +++ b/creusot/tests/should_succeed/iterators/11_repeat.coma @@ -16,22 +16,7 @@ module C11Repeat_Repeat_Type end end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C11Repeat_Impl0_ProducesRefl_Impl type a @@ -40,42 +25,25 @@ module C11Repeat_Impl0_ProducesRefl_Impl let%span s11_repeat1 = "../11_repeat.rs" 32 14 32 45 - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span7 = "../11_repeat.rs" 24 8 27 9 - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'1 (self : Seq'0.t_seq a) - - predicate inv'1 (_x : Seq'0.t_seq a) - - axiom inv'1 : forall x : Seq'0.t_seq a . inv'1 x = true + let%span span4 = "../11_repeat.rs" 24 8 27 9 use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'0 (self : Seq'0.t_seq a) : int - axiom len'0_spec : forall self : Seq'0.t_seq a . ([%#span2] inv'1 self) -> ([%#span3] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq a . [%#span2] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq a = [%#span4] () + constant empty'0 : Seq'0.t_seq a - function empty_len'0 (_1 : ()) : () = - [%#span6] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span5] len'0 (empty'0 : Seq'0.t_seq a) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span3] len'0 (empty'0 : Seq'0.t_seq a) = 0 use C11Repeat_Repeat_Type as Repeat'0 @@ -87,14 +55,12 @@ module C11Repeat_Impl0_ProducesRefl_Impl use C11Repeat_Repeat_Type as C11Repeat_Repeat_Type - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq a) (x : int) : a + function index_logic'0 (self : Seq'0.t_seq a) (_2 : int) : a predicate produces'0 [#"../11_repeat.rs" 23 4 23 64] (self : Repeat'0.t_repeat a) (visited : Seq'0.t_seq a) (o : Repeat'0.t_repeat a) = - [%#span7] self = o + [%#span4] self = o /\ (forall i : int . 0 <= i /\ i < len'0 visited -> index_logic'0 visited i = C11Repeat_Repeat_Type.repeat_element self) @@ -114,62 +80,35 @@ module C11Repeat_Impl0_ProducesTrans_Impl let%span s11_repeat2 = "../11_repeat.rs" 40 22 40 23 - let%span s11_repeat3 = "../11_repeat.rs" 40 31 40 33 - - let%span s11_repeat4 = "../11_repeat.rs" 40 52 40 53 - - let%span s11_repeat5 = "../11_repeat.rs" 40 61 40 63 - - let%span s11_repeat6 = "../11_repeat.rs" 40 82 40 83 - - let%span s11_repeat7 = "../11_repeat.rs" 39 14 39 42 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span s11_repeat3 = "../11_repeat.rs" 40 52 40 53 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span s11_repeat4 = "../11_repeat.rs" 40 82 40 83 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span s11_repeat5 = "../11_repeat.rs" 39 14 39 42 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span18 = "../11_repeat.rs" 24 8 27 9 + let%span span10 = "../11_repeat.rs" 24 8 27 9 use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'1 (_x : Seq'0.t_seq a) - function len'0 (self : Seq'0.t_seq a) : int - axiom len'0_spec : forall self : Seq'0.t_seq a . ([%#span8] inv'1 self) -> ([%#span9] len'0 self >= 0) - - constant empty'0 : Seq'0.t_seq a = [%#span10] () + axiom len'0_spec : forall self : Seq'0.t_seq a . [%#span6] len'0 self >= 0 - function empty_len'0 (_1 : ()) : () = - [%#span12] () + constant empty'0 : Seq'0.t_seq a - axiom empty_len'0_spec : forall _1 : () . [%#span11] len'0 (empty'0 : Seq'0.t_seq a) = 0 + function empty_len'0 (_1 : ()) : () - predicate invariant'1 (self : Seq'0.t_seq a) - - axiom inv'1 : forall x : Seq'0.t_seq a . inv'1 x = true + axiom empty_len'0_spec : forall _1 : () . [%#span7] len'0 (empty'0 : Seq'0.t_seq a) = 0 use C11Repeat_Repeat_Type as Repeat'0 @@ -179,28 +118,22 @@ module C11Repeat_Impl0_ProducesTrans_Impl axiom inv'0 : forall x : Repeat'0.t_repeat a . inv'0 x = true - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq a) (x : int) : a + function index_logic'0 (self : Seq'0.t_seq a) (_2 : int) : a function concat'0 (self : Seq'0.t_seq a) (other : Seq'0.t_seq a) : Seq'0.t_seq a - axiom concat'0_spec : forall self : Seq'0.t_seq a, other : Seq'0.t_seq a . ([%#span13] inv'1 self) - -> ([%#span14] inv'1 other) - -> ([%#span17] inv'1 (concat'0 self other)) - && ([%#span16] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq a, other : Seq'0.t_seq a . ([%#span9] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span15] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span8] len'0 (concat'0 self other) = len'0 self + len'0 other) use C11Repeat_Repeat_Type as C11Repeat_Repeat_Type predicate produces'0 [#"../11_repeat.rs" 23 4 23 64] (self : Repeat'0.t_repeat a) (visited : Seq'0.t_seq a) (o : Repeat'0.t_repeat a) = - [%#span18] self = o + [%#span10] self = o /\ (forall i : int . 0 <= i /\ i < len'0 visited -> index_logic'0 visited i = C11Repeat_Repeat_Type.repeat_element self) @@ -217,13 +150,11 @@ module C11Repeat_Impl0_ProducesTrans_Impl function produces_trans [#"../11_repeat.rs" 40 4 40 90] (a : Repeat'0.t_repeat a) (ab : Seq'0.t_seq a) (b : Repeat'0.t_repeat a) (bc : Seq'0.t_seq a) (c : Repeat'0.t_repeat a) : () - goal vc_produces_trans : ([%#s11_repeat6] inv'0 c) - -> ([%#s11_repeat5] inv'1 bc) - -> ([%#s11_repeat4] inv'0 b) - -> ([%#s11_repeat3] inv'1 ab) + goal vc_produces_trans : ([%#s11_repeat4] inv'0 c) + -> ([%#s11_repeat3] inv'0 b) -> ([%#s11_repeat2] inv'0 a) -> ([%#s11_repeat1] produces'0 b bc c) - -> ([%#s11_repeat0] produces'0 a ab b) -> ([%#s11_repeat7] produces'0 a (concat'0 ab bc) c) + -> ([%#s11_repeat0] produces'0 a ab b) -> ([%#s11_repeat5] produces'0 a (concat'0 ab bc) c) end module Core_Option_Option_Type type t_option 't = @@ -250,43 +181,27 @@ module C11Repeat_Impl0_Next let%span s11_repeat2 = "../11_repeat.rs" 46 26 46 35 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span8 = "../11_repeat.rs" 24 8 27 9 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span5 = "../11_repeat.rs" 24 8 27 9 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span13 = "../11_repeat.rs" 18 20 18 25 + let%span span9 = "../11_repeat.rs" 18 20 18 25 - let%span span14 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span10 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span15 = "" 0 0 0 0 - - let%span span16 = "../../../../../creusot-contracts/src/std/clone.rs" 7 0 20 1 - - let%span span17 = "" 0 0 0 0 - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + let%span span11 = "" 0 0 0 0 - predicate invariant'4 (self : Seq'0.t_seq a) + let%span span12 = "../../../../../creusot-contracts/src/std/clone.rs" 7 0 20 1 - predicate inv'4 (_x : Seq'0.t_seq a) - - axiom inv'4 : forall x : Seq'0.t_seq a . inv'4 x = true + let%span span13 = "" 0 0 0 0 predicate invariant'3 (self : a) @@ -310,20 +225,17 @@ module C11Repeat_Impl0_Next use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'0 (self : Seq'0.t_seq a) : int - axiom len'0_spec : forall self : Seq'0.t_seq a . ([%#span3] inv'4 self) -> ([%#span4] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq a . [%#span3] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq a = [%#span5] () + constant empty'0 : Seq'0.t_seq a - function empty_len'0 (_1 : ()) : () = - [%#span7] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span6] len'0 (empty'0 : Seq'0.t_seq a) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span4] len'0 (empty'0 : Seq'0.t_seq a) = 0 use C11Repeat_Repeat_Type as Repeat'0 @@ -337,35 +249,30 @@ module C11Repeat_Impl0_Next use C11Repeat_Repeat_Type as C11Repeat_Repeat_Type - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq a) (x : int) : a + function index_logic'0 (self : Seq'0.t_seq a) (_2 : int) : a predicate produces'0 [#"../11_repeat.rs" 23 4 23 64] (self : Repeat'0.t_repeat a) (visited : Seq'0.t_seq a) (o : Repeat'0.t_repeat a) = - [%#span8] self = o + [%#span5] self = o /\ (forall i : int . 0 <= i /\ i < len'0 visited -> index_logic'0 visited i = C11Repeat_Repeat_Type.repeat_element self) - use seq.Seq - function singleton'0 (v : a) : Seq'0.t_seq a - axiom singleton'0_spec : forall v : a . ([%#span9] inv'3 v) - -> ([%#span12] inv'4 (singleton'0 v)) - && ([%#span11] index_logic'0 (singleton'0 v) 0 = v) && ([%#span10] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : a . ([%#span6] inv'3 v) + -> ([%#span8] index_logic'0 (singleton'0 v) 0 = v) && ([%#span7] len'0 (singleton'0 v) = 1) predicate completed'0 [#"../11_repeat.rs" 17 4 17 35] (self : borrowed (Repeat'0.t_repeat a)) = - [%#span13] false + [%#span9] false use prelude.prelude.Intrinsic predicate resolve'0 (self : borrowed (Repeat'0.t_repeat a)) = - [%#span14] ^ self = * self + [%#span10] ^ self = * self - let rec clone'0 (self:a) (return' (ret:a))= {[@expl:precondition] [%#span15] inv'2 self} - any [ return' (result:a)-> {[%#span17] inv'3 result} {[%#span16] result = self} (! return' {result}) ] + let rec clone'0 (self:a) (return' (ret:a))= {[@expl:precondition] [%#span11] inv'2 self} + any [ return' (result:a)-> {[%#span13] inv'3 result} {[%#span12] result = self} (! return' {result}) ] let rec next (self:borrowed (Repeat'0.t_repeat a)) (return' (ret:Option'0.t_option a))= {[%#s11_repeat0] inv'0 self} (! bb0 @@ -399,47 +306,27 @@ module C11Repeat_Impl0 let%span s11_repeat2 = "../11_repeat.rs" 40 4 40 90 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span6 = "../11_repeat.rs" 24 8 27 9 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span11 = "../11_repeat.rs" 24 8 27 9 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span10 = "../11_repeat.rs" 18 20 18 25 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 - - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 - - let%span span16 = "../11_repeat.rs" 18 20 18 25 - - predicate invariant'4 (self : a) - - predicate inv'4 (_x : a) - - axiom inv'4 : forall x : a . inv'4 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'3 (self : Seq'0.t_seq a) + predicate invariant'3 (self : a) - predicate inv'3 (_x : Seq'0.t_seq a) + predicate inv'3 (_x : a) - axiom inv'3 : forall x : Seq'0.t_seq a . inv'3 x = true + axiom inv'3 : forall x : a . inv'3 x = true use C11Repeat_Repeat_Type as Repeat'0 @@ -465,55 +352,44 @@ module C11Repeat_Impl0 axiom inv'0 : forall x : borrowed (Repeat'0.t_repeat a) . inv'0 x = true - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - use seq.Seq + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 use prelude.prelude.Int - function index_logic'0 (self : Seq'0.t_seq a) (x : int) : a - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq a) (_2 : int) : a function len'0 (self : Seq'0.t_seq a) : int - axiom len'0_spec : forall self : Seq'0.t_seq a . ([%#span3] inv'3 self) -> ([%#span4] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq a . [%#span3] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq a) (other : Seq'0.t_seq a) : Seq'0.t_seq a - axiom concat'0_spec : forall self : Seq'0.t_seq a, other : Seq'0.t_seq a . ([%#span5] inv'3 self) - -> ([%#span6] inv'3 other) - -> ([%#span9] inv'3 (concat'0 self other)) - && ([%#span8] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq a, other : Seq'0.t_seq a . ([%#span5] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span7] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span4] len'0 (concat'0 self other) = len'0 self + len'0 other) - constant empty'0 : Seq'0.t_seq a = [%#span10] () + constant empty'0 : Seq'0.t_seq a - constant empty'0 : Seq'0.t_seq a = [%#span10] () + constant empty'0 : Seq'0.t_seq a use C11Repeat_Repeat_Type as C11Repeat_Repeat_Type predicate produces'0 [#"../11_repeat.rs" 23 4 23 64] (self : Repeat'0.t_repeat a) (visited : Seq'0.t_seq a) (o : Repeat'0.t_repeat a) = - [%#span11] self = o + [%#span6] self = o /\ (forall i : int . 0 <= i /\ i < len'0 visited -> index_logic'0 visited i = C11Repeat_Repeat_Type.repeat_element self) - use seq.Seq - function singleton'0 (v : a) : Seq'0.t_seq a - axiom singleton'0_spec : forall v : a . ([%#span12] inv'4 v) - -> ([%#span15] inv'3 (singleton'0 v)) - && ([%#span14] index_logic'0 (singleton'0 v) 0 = v) && ([%#span13] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : a . ([%#span7] inv'3 v) + -> ([%#span9] index_logic'0 (singleton'0 v) 0 = v) && ([%#span8] len'0 (singleton'0 v) = 1) predicate completed'0 [#"../11_repeat.rs" 17 4 17 35] (self : borrowed (Repeat'0.t_repeat a)) = - [%#span16] false + [%#span10] false goal next_refn : [%#s11_repeat0] forall self : borrowed (Repeat'0.t_repeat a) . inv'0 self -> inv'0 self @@ -534,11 +410,9 @@ module C11Repeat_Impl0 -> produces'0 self (empty'1 : Seq'0.t_seq a) self) goal produces_trans_refn : [%#s11_repeat2] forall a : Repeat'0.t_repeat a . forall ab : Seq'0.t_seq a . forall b : Repeat'0.t_repeat a . forall bc : Seq'0.t_seq a . forall c : Repeat'0.t_repeat a . inv'2 c - /\ inv'3 bc /\ inv'2 b /\ inv'3 ab /\ inv'2 a /\ produces'0 b bc c /\ produces'0 a ab b + /\ inv'2 b /\ inv'2 a /\ produces'0 b bc c /\ produces'0 a ab b -> inv'2 c - /\ inv'3 bc /\ inv'2 b - /\ inv'3 ab /\ inv'2 a /\ produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (concat'0 ab bc) c -> produces'0 a (concat'0 ab bc) c) diff --git a/creusot/tests/should_succeed/iterators/12_zip.coma b/creusot/tests/should_succeed/iterators/12_zip.coma index f62da705fb..55f8ab74ff 100644 --- a/creusot/tests/should_succeed/iterators/12_zip.coma +++ b/creusot/tests/should_succeed/iterators/12_zip.coma @@ -20,22 +20,7 @@ module C12Zip_Zip_Type end end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C12Zip_Impl0_ProducesRefl_Impl type a @@ -46,192 +31,133 @@ module C12Zip_Impl0_ProducesRefl_Impl let%span s12_zip1 = "../12_zip.rs" 40 14 40 45 - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span6 = "../common.rs" 18 15 18 32 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span7 = "../common.rs" 19 15 19 32 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span8 = "../common.rs" 21 22 21 23 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span9 = "../common.rs" 21 52 21 53 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span10 = "../common.rs" 21 82 21 83 - let%span span12 = "../common.rs" 18 15 18 32 + let%span span11 = "../common.rs" 20 14 20 42 - let%span span13 = "../common.rs" 19 15 19 32 + let%span span12 = "../common.rs" 15 21 15 25 - let%span span14 = "../common.rs" 21 22 21 23 + let%span span13 = "../common.rs" 14 14 14 45 - let%span span15 = "../common.rs" 21 31 21 33 + let%span span14 = "../12_zip.rs" 29 8 35 9 - let%span span16 = "../common.rs" 21 52 21 53 + predicate invariant'2 (self : b) - let%span span17 = "../common.rs" 21 61 21 63 + predicate inv'2 (_x : b) - let%span span18 = "../common.rs" 21 82 21 83 + axiom inv'2 : forall x : b . inv'2 x = true - let%span span19 = "../common.rs" 20 14 20 42 + predicate invariant'1 (self : a) - let%span span20 = "../common.rs" 15 21 15 25 + predicate inv'1 (_x : a) - let%span span21 = "../common.rs" 14 14 14 45 - - let%span span22 = "../12_zip.rs" 29 8 35 9 - - predicate invariant'5 (self : b) - - predicate inv'5 (_x : b) - - axiom inv'5 : forall x : b . inv'5 x = true - - predicate invariant'4 (self : a) - - predicate inv'4 (_x : a) - - axiom inv'4 : forall x : a . inv'4 x = true + axiom inv'1 : forall x : a . inv'1 x = true use prelude.prelude.Int - use seq.Seq - type item'1 - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'2 (_x : Seq'0.t_seq item'1) - function len'1 (self : Seq'0.t_seq item'1) : int - axiom len'1_spec : forall self : Seq'0.t_seq item'1 . ([%#span2] inv'2 self) -> ([%#span3] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq item'1 . [%#span2] len'1 self >= 0 - constant empty'2 : Seq'0.t_seq item'1 = [%#span4] () + constant empty'2 : Seq'0.t_seq item'1 - function empty_len'2 (_1 : ()) : () = - [%#span6] () + function empty_len'2 (_1 : ()) : () - axiom empty_len'2_spec : forall _1 : () . [%#span5] len'1 (empty'2 : Seq'0.t_seq item'1) = 0 - - use seq.Seq + axiom empty_len'2_spec : forall _1 : () . [%#span3] len'1 (empty'2 : Seq'0.t_seq item'1) = 0 type item'0 - predicate inv'3 (_x : Seq'0.t_seq item'0) - function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span2] inv'3 self) -> ([%#span3] len'0 self >= 0) - - constant empty'1 : Seq'0.t_seq item'0 = [%#span4] () - - function empty_len'1 (_1 : ()) : () = - [%#span6] () - - axiom empty_len'1_spec : forall _1 : () . [%#span5] len'0 (empty'1 : Seq'0.t_seq item'0) = 0 - - predicate invariant'3 (self : Seq'0.t_seq item'0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span2] len'0 self >= 0 - axiom inv'3 : forall x : Seq'0.t_seq item'0 . inv'3 x = true + constant empty'1 : Seq'0.t_seq item'0 - predicate invariant'2 (self : Seq'0.t_seq item'1) + function empty_len'1 (_1 : ()) : () - axiom inv'2 : forall x : Seq'0.t_seq item'1 . inv'2 x = true + axiom empty_len'1_spec : forall _1 : () . [%#span3] len'0 (empty'1 : Seq'0.t_seq item'0) = 0 - predicate invariant'1 (self : Seq'0.t_seq (item'0, item'1)) - - predicate inv'1 (_x : Seq'0.t_seq (item'0, item'1)) - - axiom inv'1 : forall x : Seq'0.t_seq (item'0, item'1) . inv'1 x = true - - use seq.Seq - - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq item'1) (x : int) : item'1 + function index_logic'2 (self : Seq'0.t_seq item'1) (_2 : int) : item'1 function concat'1 (self : Seq'0.t_seq item'1) (other : Seq'0.t_seq item'1) : Seq'0.t_seq item'1 - axiom concat'1_spec : forall self : Seq'0.t_seq item'1, other : Seq'0.t_seq item'1 . ([%#span7] inv'2 self) - -> ([%#span8] inv'2 other) - -> ([%#span11] inv'2 (concat'1 self other)) - && ([%#span10] forall i : int . 0 <= i /\ i < len'1 (concat'1 self other) + axiom concat'1_spec : forall self : Seq'0.t_seq item'1, other : Seq'0.t_seq item'1 . ([%#span5] forall i : int . 0 + <= i + /\ i < len'1 (concat'1 self other) -> index_logic'2 (concat'1 self other) i = (if i < len'1 self then index_logic'2 self i else index_logic'2 other (i - len'1 self))) - && ([%#span9] len'1 (concat'1 self other) = len'1 self + len'1 other) + && ([%#span4] len'1 (concat'1 self other) = len'1 self + len'1 other) predicate produces'2 [#"../common.rs" 8 4 8 65] (self : b) (visited : Seq'0.t_seq item'1) (o : b) function produces_trans'1 [#"../common.rs" 21 4 21 91] (a : b) (ab : Seq'0.t_seq item'1) (b : b) (bc : Seq'0.t_seq item'1) (c : b) : () - axiom produces_trans'1_spec : forall a : b, ab : Seq'0.t_seq item'1, b : b, bc : Seq'0.t_seq item'1, c : b . ([%#span12] produces'2 a ab b) - -> ([%#span13] produces'2 b bc c) - -> ([%#span14] inv'5 a) - -> ([%#span15] inv'2 ab) - -> ([%#span16] inv'5 b) - -> ([%#span17] inv'2 bc) -> ([%#span18] inv'5 c) -> ([%#span19] produces'2 a (concat'1 ab bc) c) + axiom produces_trans'1_spec : forall a : b, ab : Seq'0.t_seq item'1, b : b, bc : Seq'0.t_seq item'1, c : b . ([%#span6] produces'2 a ab b) + -> ([%#span7] produces'2 b bc c) + -> ([%#span8] inv'2 a) + -> ([%#span9] inv'2 b) -> ([%#span10] inv'2 c) -> ([%#span11] produces'2 a (concat'1 ab bc) c) function produces_refl'1 [#"../common.rs" 15 4 15 27] (self : b) : () - axiom produces_refl'1_spec : forall self : b . ([%#span20] inv'5 self) - -> ([%#span21] produces'2 self (empty'2 : Seq'0.t_seq item'1) self) - - use seq.Seq + axiom produces_refl'1_spec : forall self : b . ([%#span12] inv'2 self) + -> ([%#span13] produces'2 self (empty'2 : Seq'0.t_seq item'1) self) - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq item'0) (x : int) : item'0 + function index_logic'1 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span7] inv'3 self) - -> ([%#span8] inv'3 other) - -> ([%#span11] inv'3 (concat'0 self other)) - && ([%#span10] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span5] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'0 self then index_logic'1 self i else index_logic'1 other (i - len'0 self))) - && ([%#span9] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span4] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : a) (visited : Seq'0.t_seq item'0) (o : a) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : a) (ab : Seq'0.t_seq item'0) (b : a) (bc : Seq'0.t_seq item'0) (c : a) : () - axiom produces_trans'0_spec : forall a : a, ab : Seq'0.t_seq item'0, b : a, bc : Seq'0.t_seq item'0, c : a . ([%#span12] produces'1 a ab b) - -> ([%#span13] produces'1 b bc c) - -> ([%#span14] inv'4 a) - -> ([%#span15] inv'3 ab) - -> ([%#span16] inv'4 b) - -> ([%#span17] inv'3 bc) -> ([%#span18] inv'4 c) -> ([%#span19] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : a, ab : Seq'0.t_seq item'0, b : a, bc : Seq'0.t_seq item'0, c : a . ([%#span6] produces'1 a ab b) + -> ([%#span7] produces'1 b bc c) + -> ([%#span8] inv'1 a) + -> ([%#span9] inv'1 b) -> ([%#span10] inv'1 c) -> ([%#span11] produces'1 a (concat'0 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : a) : () - axiom produces_refl'0_spec : forall self : a . ([%#span20] inv'4 self) - -> ([%#span21] produces'1 self (empty'1 : Seq'0.t_seq item'0) self) - - use seq.Seq + axiom produces_refl'0_spec : forall self : a . ([%#span12] inv'1 self) + -> ([%#span13] produces'1 self (empty'1 : Seq'0.t_seq item'0) self) function len'2 (self : Seq'0.t_seq (item'0, item'1)) : int - axiom len'2_spec : forall self : Seq'0.t_seq (item'0, item'1) . ([%#span2] inv'1 self) -> ([%#span3] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq (item'0, item'1) . [%#span2] len'2 self >= 0 - constant empty'0 : Seq'0.t_seq (item'0, item'1) = [%#span4] () + constant empty'0 : Seq'0.t_seq (item'0, item'1) - function empty_len'0 (_1 : ()) : () = - [%#span6] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span5] len'2 (empty'0 : Seq'0.t_seq (item'0, item'1)) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span3] len'2 (empty'0 : Seq'0.t_seq (item'0, item'1)) = 0 use C12Zip_Zip_Type as Zip'0 @@ -243,16 +169,12 @@ module C12Zip_Impl0_ProducesRefl_Impl use C12Zip_Zip_Type as C12Zip_Zip_Type - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq (item'0, item'1)) (x : int) : (item'0, item'1) + function index_logic'0 (self : Seq'0.t_seq (item'0, item'1)) (_2 : int) : (item'0, item'1) predicate produces'0 [#"../12_zip.rs" 28 4 28 65] (self : Zip'0.t_zip a b) (visited : Seq'0.t_seq (item'0, item'1)) (tl : Zip'0.t_zip a b) = - [%#span22] exists p2 : Seq'0.t_seq item'1 . exists p1 : Seq'0.t_seq item'0 . inv'2 p2 - /\ inv'3 p1 - /\ len'0 p1 = len'1 p2 + [%#span14] exists p2 : Seq'0.t_seq item'1 . exists p1 : Seq'0.t_seq item'0 . len'0 p1 = len'1 p2 /\ len'1 p2 = len'2 visited /\ (forall i : int . 0 <= i /\ i < len'2 visited -> index_logic'0 visited i = (index_logic'1 p1 i, index_logic'2 p2 i)) @@ -277,202 +199,139 @@ module C12Zip_Impl0_ProducesTrans_Impl let%span s12_zip2 = "../12_zip.rs" 48 22 48 23 - let%span s12_zip3 = "../12_zip.rs" 48 31 48 33 - - let%span s12_zip4 = "../12_zip.rs" 48 52 48 53 - - let%span s12_zip5 = "../12_zip.rs" 48 61 48 63 - - let%span s12_zip6 = "../12_zip.rs" 48 82 48 83 - - let%span s12_zip7 = "../12_zip.rs" 47 14 47 42 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span s12_zip3 = "../12_zip.rs" 48 52 48 53 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span s12_zip4 = "../12_zip.rs" 48 82 48 83 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span s12_zip5 = "../12_zip.rs" 47 14 47 42 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span18 = "../common.rs" 18 15 18 32 + let%span span10 = "../common.rs" 18 15 18 32 - let%span span19 = "../common.rs" 19 15 19 32 + let%span span11 = "../common.rs" 19 15 19 32 - let%span span20 = "../common.rs" 21 22 21 23 + let%span span12 = "../common.rs" 21 22 21 23 - let%span span21 = "../common.rs" 21 31 21 33 + let%span span13 = "../common.rs" 21 52 21 53 - let%span span22 = "../common.rs" 21 52 21 53 + let%span span14 = "../common.rs" 21 82 21 83 - let%span span23 = "../common.rs" 21 61 21 63 + let%span span15 = "../common.rs" 20 14 20 42 - let%span span24 = "../common.rs" 21 82 21 83 + let%span span16 = "../common.rs" 15 21 15 25 - let%span span25 = "../common.rs" 20 14 20 42 + let%span span17 = "../common.rs" 14 14 14 45 - let%span span26 = "../common.rs" 15 21 15 25 + let%span span18 = "../12_zip.rs" 29 8 35 9 - let%span span27 = "../common.rs" 14 14 14 45 + predicate invariant'2 (self : b) - let%span span28 = "../12_zip.rs" 29 8 35 9 + predicate inv'2 (_x : b) - predicate invariant'5 (self : b) + axiom inv'2 : forall x : b . inv'2 x = true - predicate inv'5 (_x : b) + predicate invariant'1 (self : a) - axiom inv'5 : forall x : b . inv'5 x = true + predicate inv'1 (_x : a) - predicate invariant'4 (self : a) - - predicate inv'4 (_x : a) - - axiom inv'4 : forall x : a . inv'4 x = true + axiom inv'1 : forall x : a . inv'1 x = true use prelude.prelude.Int - use seq.Seq - type item'1 - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'2 (_x : Seq'0.t_seq item'1) - function len'1 (self : Seq'0.t_seq item'1) : int - axiom len'1_spec : forall self : Seq'0.t_seq item'1 . ([%#span8] inv'2 self) -> ([%#span9] len'1 self >= 0) - - constant empty'2 : Seq'0.t_seq item'1 = [%#span10] () + axiom len'1_spec : forall self : Seq'0.t_seq item'1 . [%#span6] len'1 self >= 0 - function empty_len'2 (_1 : ()) : () = - [%#span12] () + constant empty'2 : Seq'0.t_seq item'1 - axiom empty_len'2_spec : forall _1 : () . [%#span11] len'1 (empty'2 : Seq'0.t_seq item'1) = 0 + function empty_len'2 (_1 : ()) : () - use seq.Seq + axiom empty_len'2_spec : forall _1 : () . [%#span7] len'1 (empty'2 : Seq'0.t_seq item'1) = 0 type item'0 - predicate inv'3 (_x : Seq'0.t_seq item'0) - function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span8] inv'3 self) -> ([%#span9] len'0 self >= 0) - - constant empty'1 : Seq'0.t_seq item'0 = [%#span10] () + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span6] len'0 self >= 0 - function empty_len'1 (_1 : ()) : () = - [%#span12] () + constant empty'1 : Seq'0.t_seq item'0 - axiom empty_len'1_spec : forall _1 : () . [%#span11] len'0 (empty'1 : Seq'0.t_seq item'0) = 0 + function empty_len'1 (_1 : ()) : () - predicate invariant'3 (self : Seq'0.t_seq item'0) + axiom empty_len'1_spec : forall _1 : () . [%#span7] len'0 (empty'1 : Seq'0.t_seq item'0) = 0 - axiom inv'3 : forall x : Seq'0.t_seq item'0 . inv'3 x = true - - predicate invariant'2 (self : Seq'0.t_seq item'1) - - axiom inv'2 : forall x : Seq'0.t_seq item'1 . inv'2 x = true - - use seq.Seq - - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq item'1) (x : int) : item'1 + function index_logic'2 (self : Seq'0.t_seq item'1) (_2 : int) : item'1 function concat'2 (self : Seq'0.t_seq item'1) (other : Seq'0.t_seq item'1) : Seq'0.t_seq item'1 - axiom concat'2_spec : forall self : Seq'0.t_seq item'1, other : Seq'0.t_seq item'1 . ([%#span13] inv'2 self) - -> ([%#span14] inv'2 other) - -> ([%#span17] inv'2 (concat'2 self other)) - && ([%#span16] forall i : int . 0 <= i /\ i < len'1 (concat'2 self other) + axiom concat'2_spec : forall self : Seq'0.t_seq item'1, other : Seq'0.t_seq item'1 . ([%#span9] forall i : int . 0 + <= i + /\ i < len'1 (concat'2 self other) -> index_logic'2 (concat'2 self other) i = (if i < len'1 self then index_logic'2 self i else index_logic'2 other (i - len'1 self))) - && ([%#span15] len'1 (concat'2 self other) = len'1 self + len'1 other) + && ([%#span8] len'1 (concat'2 self other) = len'1 self + len'1 other) predicate produces'2 [#"../common.rs" 8 4 8 65] (self : b) (visited : Seq'0.t_seq item'1) (o : b) function produces_trans'1 [#"../common.rs" 21 4 21 91] (a : b) (ab : Seq'0.t_seq item'1) (b : b) (bc : Seq'0.t_seq item'1) (c : b) : () - axiom produces_trans'1_spec : forall a : b, ab : Seq'0.t_seq item'1, b : b, bc : Seq'0.t_seq item'1, c : b . ([%#span18] produces'2 a ab b) - -> ([%#span19] produces'2 b bc c) - -> ([%#span20] inv'5 a) - -> ([%#span21] inv'2 ab) - -> ([%#span22] inv'5 b) - -> ([%#span23] inv'2 bc) -> ([%#span24] inv'5 c) -> ([%#span25] produces'2 a (concat'2 ab bc) c) + axiom produces_trans'1_spec : forall a : b, ab : Seq'0.t_seq item'1, b : b, bc : Seq'0.t_seq item'1, c : b . ([%#span10] produces'2 a ab b) + -> ([%#span11] produces'2 b bc c) + -> ([%#span12] inv'2 a) + -> ([%#span13] inv'2 b) -> ([%#span14] inv'2 c) -> ([%#span15] produces'2 a (concat'2 ab bc) c) function produces_refl'1 [#"../common.rs" 15 4 15 27] (self : b) : () - axiom produces_refl'1_spec : forall self : b . ([%#span26] inv'5 self) - -> ([%#span27] produces'2 self (empty'2 : Seq'0.t_seq item'1) self) - - use seq.Seq + axiom produces_refl'1_spec : forall self : b . ([%#span16] inv'2 self) + -> ([%#span17] produces'2 self (empty'2 : Seq'0.t_seq item'1) self) - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq item'0) (x : int) : item'0 + function index_logic'1 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function concat'1 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'1_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span13] inv'3 self) - -> ([%#span14] inv'3 other) - -> ([%#span17] inv'3 (concat'1 self other)) - && ([%#span16] forall i : int . 0 <= i /\ i < len'0 (concat'1 self other) + axiom concat'1_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span9] forall i : int . 0 + <= i + /\ i < len'0 (concat'1 self other) -> index_logic'1 (concat'1 self other) i = (if i < len'0 self then index_logic'1 self i else index_logic'1 other (i - len'0 self))) - && ([%#span15] len'0 (concat'1 self other) = len'0 self + len'0 other) + && ([%#span8] len'0 (concat'1 self other) = len'0 self + len'0 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : a) (visited : Seq'0.t_seq item'0) (o : a) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : a) (ab : Seq'0.t_seq item'0) (b : a) (bc : Seq'0.t_seq item'0) (c : a) : () - axiom produces_trans'0_spec : forall a : a, ab : Seq'0.t_seq item'0, b : a, bc : Seq'0.t_seq item'0, c : a . ([%#span18] produces'1 a ab b) - -> ([%#span19] produces'1 b bc c) - -> ([%#span20] inv'4 a) - -> ([%#span21] inv'3 ab) - -> ([%#span22] inv'4 b) - -> ([%#span23] inv'3 bc) -> ([%#span24] inv'4 c) -> ([%#span25] produces'1 a (concat'1 ab bc) c) + axiom produces_trans'0_spec : forall a : a, ab : Seq'0.t_seq item'0, b : a, bc : Seq'0.t_seq item'0, c : a . ([%#span10] produces'1 a ab b) + -> ([%#span11] produces'1 b bc c) + -> ([%#span12] inv'1 a) + -> ([%#span13] inv'1 b) -> ([%#span14] inv'1 c) -> ([%#span15] produces'1 a (concat'1 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : a) : () - axiom produces_refl'0_spec : forall self : a . ([%#span26] inv'4 self) - -> ([%#span27] produces'1 self (empty'1 : Seq'0.t_seq item'0) self) - - use seq.Seq - - predicate inv'1 (_x : Seq'0.t_seq (item'0, item'1)) + axiom produces_refl'0_spec : forall self : a . ([%#span16] inv'1 self) + -> ([%#span17] produces'1 self (empty'1 : Seq'0.t_seq item'0) self) function len'2 (self : Seq'0.t_seq (item'0, item'1)) : int - axiom len'2_spec : forall self : Seq'0.t_seq (item'0, item'1) . ([%#span8] inv'1 self) -> ([%#span9] len'2 self >= 0) - - constant empty'0 : Seq'0.t_seq (item'0, item'1) = [%#span10] () + axiom len'2_spec : forall self : Seq'0.t_seq (item'0, item'1) . [%#span6] len'2 self >= 0 - function empty_len'0 (_1 : ()) : () = - [%#span12] () + constant empty'0 : Seq'0.t_seq (item'0, item'1) - axiom empty_len'0_spec : forall _1 : () . [%#span11] len'2 (empty'0 : Seq'0.t_seq (item'0, item'1)) = 0 + function empty_len'0 (_1 : ()) : () - predicate invariant'1 (self : Seq'0.t_seq (item'0, item'1)) - - axiom inv'1 : forall x : Seq'0.t_seq (item'0, item'1) . inv'1 x = true + axiom empty_len'0_spec : forall _1 : () . [%#span7] len'2 (empty'0 : Seq'0.t_seq (item'0, item'1)) = 0 use C12Zip_Zip_Type as Zip'0 @@ -482,31 +341,24 @@ module C12Zip_Impl0_ProducesTrans_Impl axiom inv'0 : forall x : Zip'0.t_zip a b . inv'0 x = true - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq (item'0, item'1)) (x : int) : (item'0, item'1) + function index_logic'0 (self : Seq'0.t_seq (item'0, item'1)) (_2 : int) : (item'0, item'1) function concat'0 (self : Seq'0.t_seq (item'0, item'1)) (other : Seq'0.t_seq (item'0, item'1)) : Seq'0.t_seq (item'0, item'1) - axiom concat'0_spec : forall self : Seq'0.t_seq (item'0, item'1), other : Seq'0.t_seq (item'0, item'1) . ([%#span13] inv'1 self) - -> ([%#span14] inv'1 other) - -> ([%#span17] inv'1 (concat'0 self other)) - && ([%#span16] forall i : int . 0 <= i /\ i < len'2 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq (item'0, item'1), other : Seq'0.t_seq (item'0, item'1) . ([%#span9] forall i : int . 0 + <= i + /\ i < len'2 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'2 self then index_logic'0 self i else index_logic'0 other (i - len'2 self))) - && ([%#span15] len'2 (concat'0 self other) = len'2 self + len'2 other) + && ([%#span8] len'2 (concat'0 self other) = len'2 self + len'2 other) use C12Zip_Zip_Type as C12Zip_Zip_Type predicate produces'0 [#"../12_zip.rs" 28 4 28 65] (self : Zip'0.t_zip a b) (visited : Seq'0.t_seq (item'0, item'1)) (tl : Zip'0.t_zip a b) = - [%#span28] exists p2 : Seq'0.t_seq item'1 . exists p1 : Seq'0.t_seq item'0 . inv'2 p2 - /\ inv'3 p1 - /\ len'0 p1 = len'1 p2 + [%#span18] exists p2 : Seq'0.t_seq item'1 . exists p1 : Seq'0.t_seq item'0 . len'0 p1 = len'1 p2 /\ len'1 p2 = len'2 visited /\ (forall i : int . 0 <= i /\ i < len'2 visited -> index_logic'0 visited i = (index_logic'1 p1 i, index_logic'2 p2 i)) @@ -526,13 +378,11 @@ module C12Zip_Impl0_ProducesTrans_Impl function produces_trans [#"../12_zip.rs" 48 4 48 90] (a : Zip'0.t_zip a b) (ab : Seq'0.t_seq (item'0, item'1)) (b : Zip'0.t_zip a b) (bc : Seq'0.t_seq (item'0, item'1)) (c : Zip'0.t_zip a b) : () - goal vc_produces_trans : ([%#s12_zip6] inv'0 c) - -> ([%#s12_zip5] inv'1 bc) - -> ([%#s12_zip4] inv'0 b) - -> ([%#s12_zip3] inv'1 ab) + goal vc_produces_trans : ([%#s12_zip4] inv'0 c) + -> ([%#s12_zip3] inv'0 b) -> ([%#s12_zip2] inv'0 a) -> ([%#s12_zip1] produces'0 b bc c) - -> ([%#s12_zip0] produces'0 a ab b) -> ([%#s12_zip7] produces'0 a (concat'0 ab bc) c) + -> ([%#s12_zip0] produces'0 a ab b) -> ([%#s12_zip5] produces'0 a (concat'0 ab bc) c) end module Core_Option_Option_Type type t_option 't = @@ -565,96 +415,58 @@ module C12Zip_Impl0_Next let%span s12_zip4 = "../12_zip.rs" 54 26 54 44 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span15 = "../common.rs" 18 15 18 32 - - let%span span16 = "../common.rs" 19 15 19 32 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span17 = "../common.rs" 21 22 21 23 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span18 = "../common.rs" 21 31 21 33 + let%span span9 = "../common.rs" 18 15 18 32 - let%span span19 = "../common.rs" 21 52 21 53 + let%span span10 = "../common.rs" 19 15 19 32 - let%span span20 = "../common.rs" 21 61 21 63 + let%span span11 = "../common.rs" 21 22 21 23 - let%span span21 = "../common.rs" 21 82 21 83 + let%span span12 = "../common.rs" 21 52 21 53 - let%span span22 = "../common.rs" 20 14 20 42 + let%span span13 = "../common.rs" 21 82 21 83 - let%span span23 = "../common.rs" 15 21 15 25 + let%span span14 = "../common.rs" 20 14 20 42 - let%span span24 = "../common.rs" 14 14 14 45 + let%span span15 = "../common.rs" 15 21 15 25 - let%span span25 = "../12_zip.rs" 29 8 35 9 + let%span span16 = "../common.rs" 14 14 14 45 - let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span17 = "../12_zip.rs" 29 8 35 9 - let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span30 = "../12_zip.rs" 20 13 22 67 + let%span span21 = "../12_zip.rs" 20 13 22 67 - let%span span31 = "../common.rs" 27 17 27 21 + let%span span22 = "../common.rs" 27 17 27 21 - let%span span32 = "../common.rs" 23 14 26 5 + let%span span23 = "../common.rs" 23 14 26 5 - let%span span33 = "../common.rs" 27 26 27 44 + let%span span24 = "../common.rs" 27 26 27 44 - let%span span34 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span25 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 type item'1 - predicate invariant'13 (self : item'1) + predicate invariant'10 (self : item'1) - predicate inv'13 (_x : item'1) + predicate inv'10 (_x : item'1) - axiom inv'13 : forall x : item'1 . inv'13 x = true + axiom inv'10 : forall x : item'1 . inv'10 x = true type item'0 - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'12 (self : Seq'0.t_seq item'0) - - predicate inv'12 (_x : Seq'0.t_seq item'0) - - axiom inv'12 : forall x : Seq'0.t_seq item'0 . inv'12 x = true - - predicate invariant'11 (self : Seq'0.t_seq item'1) - - predicate inv'11 (_x : Seq'0.t_seq item'1) - - axiom inv'11 : forall x : Seq'0.t_seq item'1 . inv'11 x = true - - predicate invariant'10 (self : Seq'0.t_seq (item'0, item'1)) - - predicate inv'10 (_x : Seq'0.t_seq (item'0, item'1)) - - axiom inv'10 : forall x : Seq'0.t_seq (item'0, item'1) . inv'10 x = true - predicate invariant'9 (self : (item'0, item'1)) predicate inv'9 (_x : (item'0, item'1)) @@ -663,20 +475,17 @@ module C12Zip_Impl0_Next use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'2 (self : Seq'0.t_seq item'1) : int - axiom len'2_spec : forall self : Seq'0.t_seq item'1 . ([%#span5] inv'11 self) -> ([%#span6] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq item'1 . [%#span5] len'2 self >= 0 - constant empty'1 : Seq'0.t_seq item'1 = [%#span7] () + constant empty'1 : Seq'0.t_seq item'1 - function empty_len'2 (_1 : ()) : () = - [%#span9] () + function empty_len'2 (_1 : ()) : () - axiom empty_len'2_spec : forall _1 : () . [%#span8] len'2 (empty'1 : Seq'0.t_seq item'1) = 0 + axiom empty_len'2_spec : forall _1 : () . [%#span6] len'2 (empty'1 : Seq'0.t_seq item'1) = 0 use prelude.prelude.Borrow @@ -686,18 +495,15 @@ module C12Zip_Impl0_Next axiom inv'8 : forall x : borrowed b . inv'8 x = true - use seq.Seq - function len'1 (self : Seq'0.t_seq item'0) : int - axiom len'1_spec : forall self : Seq'0.t_seq item'0 . ([%#span5] inv'12 self) -> ([%#span6] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq item'0 . [%#span5] len'1 self >= 0 - constant empty'0 : Seq'0.t_seq item'0 = [%#span7] () + constant empty'0 : Seq'0.t_seq item'0 - function empty_len'1 (_1 : ()) : () = - [%#span9] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span8] len'1 (empty'0 : Seq'0.t_seq item'0) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span6] len'1 (empty'0 : Seq'0.t_seq item'0) = 0 predicate invariant'7 (self : borrowed a) @@ -713,19 +519,15 @@ module C12Zip_Impl0_Next axiom inv'6 : forall x : Option'0.t_option (item'0, item'1) . inv'6 x = true - use seq.Seq - function len'0 (self : Seq'0.t_seq (item'0, item'1)) : int - axiom len'0_spec : forall self : Seq'0.t_seq (item'0, item'1) . ([%#span5] inv'10 self) - -> ([%#span6] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (item'0, item'1) . [%#span5] len'0 self >= 0 - constant empty'2 : Seq'0.t_seq (item'0, item'1) = [%#span7] () + constant empty'2 : Seq'0.t_seq (item'0, item'1) - function empty_len'0 (_1 : ()) : () = - [%#span9] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span8] len'0 (empty'2 : Seq'0.t_seq (item'0, item'1)) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span6] len'0 (empty'2 : Seq'0.t_seq (item'0, item'1)) = 0 predicate invariant'5 (self : Option'0.t_option item'1) @@ -739,21 +541,16 @@ module C12Zip_Impl0_Next axiom inv'4 : forall x : item'0 . inv'4 x = true - use seq.Seq - - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq item'1) (x : int) : item'1 + function index_logic'2 (self : Seq'0.t_seq item'1) (_2 : int) : item'1 function concat'1 (self : Seq'0.t_seq item'1) (other : Seq'0.t_seq item'1) : Seq'0.t_seq item'1 - axiom concat'1_spec : forall self : Seq'0.t_seq item'1, other : Seq'0.t_seq item'1 . ([%#span10] inv'11 self) - -> ([%#span11] inv'11 other) - -> ([%#span14] inv'11 (concat'1 self other)) - && ([%#span13] forall i : int . 0 <= i /\ i < len'2 (concat'1 self other) + axiom concat'1_spec : forall self : Seq'0.t_seq item'1, other : Seq'0.t_seq item'1 . ([%#span8] forall i : int . 0 + <= i + /\ i < len'2 (concat'1 self other) -> index_logic'2 (concat'1 self other) i = (if i < len'2 self then index_logic'2 self i else index_logic'2 other (i - len'2 self))) - && ([%#span12] len'2 (concat'1 self other) = len'2 self + len'2 other) + && ([%#span7] len'2 (concat'1 self other) = len'2 self + len'2 other) predicate inv'3 (_x : b) @@ -762,17 +559,15 @@ module C12Zip_Impl0_Next function produces_trans'1 [#"../common.rs" 21 4 21 91] (a : b) (ab : Seq'0.t_seq item'1) (b : b) (bc : Seq'0.t_seq item'1) (c : b) : () - axiom produces_trans'1_spec : forall a : b, ab : Seq'0.t_seq item'1, b : b, bc : Seq'0.t_seq item'1, c : b . ([%#span15] produces'2 a ab b) - -> ([%#span16] produces'2 b bc c) - -> ([%#span17] inv'3 a) - -> ([%#span18] inv'11 ab) - -> ([%#span19] inv'3 b) - -> ([%#span20] inv'11 bc) -> ([%#span21] inv'3 c) -> ([%#span22] produces'2 a (concat'1 ab bc) c) + axiom produces_trans'1_spec : forall a : b, ab : Seq'0.t_seq item'1, b : b, bc : Seq'0.t_seq item'1, c : b . ([%#span9] produces'2 a ab b) + -> ([%#span10] produces'2 b bc c) + -> ([%#span11] inv'3 a) + -> ([%#span12] inv'3 b) -> ([%#span13] inv'3 c) -> ([%#span14] produces'2 a (concat'1 ab bc) c) function produces_refl'1 [#"../common.rs" 15 4 15 27] (self : b) : () - axiom produces_refl'1_spec : forall self : b . ([%#span23] inv'3 self) - -> ([%#span24] produces'2 self (empty'1 : Seq'0.t_seq item'1) self) + axiom produces_refl'1_spec : forall self : b . ([%#span15] inv'3 self) + -> ([%#span16] produces'2 self (empty'1 : Seq'0.t_seq item'1) self) predicate invariant'3 (self : b) @@ -792,21 +587,16 @@ module C12Zip_Impl0_Next axiom inv'1 : forall x : borrowed (Zip'0.t_zip a b) . inv'1 x = true - use seq.Seq - - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq item'0) (x : int) : item'0 + function index_logic'1 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span10] inv'12 self) - -> ([%#span11] inv'12 other) - -> ([%#span14] inv'12 (concat'0 self other)) - && ([%#span13] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span8] forall i : int . 0 + <= i + /\ i < len'1 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'1 self then index_logic'1 self i else index_logic'1 other (i - len'1 self))) - && ([%#span12] len'1 (concat'0 self other) = len'1 self + len'1 other) + && ([%#span7] len'1 (concat'0 self other) = len'1 self + len'1 other) predicate inv'0 (_x : a) @@ -815,17 +605,15 @@ module C12Zip_Impl0_Next function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : a) (ab : Seq'0.t_seq item'0) (b : a) (bc : Seq'0.t_seq item'0) (c : a) : () - axiom produces_trans'0_spec : forall a : a, ab : Seq'0.t_seq item'0, b : a, bc : Seq'0.t_seq item'0, c : a . ([%#span15] produces'1 a ab b) - -> ([%#span16] produces'1 b bc c) - -> ([%#span17] inv'0 a) - -> ([%#span18] inv'12 ab) - -> ([%#span19] inv'0 b) - -> ([%#span20] inv'12 bc) -> ([%#span21] inv'0 c) -> ([%#span22] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : a, ab : Seq'0.t_seq item'0, b : a, bc : Seq'0.t_seq item'0, c : a . ([%#span9] produces'1 a ab b) + -> ([%#span10] produces'1 b bc c) + -> ([%#span11] inv'0 a) + -> ([%#span12] inv'0 b) -> ([%#span13] inv'0 c) -> ([%#span14] produces'1 a (concat'0 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : a) : () - axiom produces_refl'0_spec : forall self : a . ([%#span23] inv'0 self) - -> ([%#span24] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : a . ([%#span15] inv'0 self) + -> ([%#span16] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) predicate invariant'0 (self : a) @@ -833,46 +621,36 @@ module C12Zip_Impl0_Next use C12Zip_Zip_Type as C12Zip_Zip_Type - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq (item'0, item'1)) (x : int) : (item'0, item'1) + function index_logic'0 (self : Seq'0.t_seq (item'0, item'1)) (_2 : int) : (item'0, item'1) predicate produces'0 [#"../12_zip.rs" 28 4 28 65] (self : Zip'0.t_zip a b) (visited : Seq'0.t_seq (item'0, item'1)) (tl : Zip'0.t_zip a b) = - [%#span25] exists p2 : Seq'0.t_seq item'1 . exists p1 : Seq'0.t_seq item'0 . inv'11 p2 - /\ inv'12 p1 - /\ len'1 p1 = len'2 p2 + [%#span17] exists p2 : Seq'0.t_seq item'1 . exists p1 : Seq'0.t_seq item'0 . len'1 p1 = len'2 p2 /\ len'2 p2 = len'0 visited /\ (forall i : int . 0 <= i /\ i < len'0 visited -> index_logic'0 visited i = (index_logic'1 p1 i, index_logic'2 p2 i)) /\ produces'1 (C12Zip_Zip_Type.zip_a self) p1 (C12Zip_Zip_Type.zip_a tl) /\ produces'2 (C12Zip_Zip_Type.zip_b self) p2 (C12Zip_Zip_Type.zip_b tl) - use seq.Seq - function singleton'0 (v : (item'0, item'1)) : Seq'0.t_seq (item'0, item'1) - axiom singleton'0_spec : forall v : (item'0, item'1) . ([%#span26] inv'9 v) - -> ([%#span29] inv'10 (singleton'0 v)) - && ([%#span28] index_logic'0 (singleton'0 v) 0 = v) && ([%#span27] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : (item'0, item'1) . ([%#span18] inv'9 v) + -> ([%#span20] index_logic'0 (singleton'0 v) 0 = v) && ([%#span19] len'0 (singleton'0 v) = 1) predicate completed'2 [#"../common.rs" 11 4 11 36] (self : borrowed b) predicate resolve'2 (self : item'0) - use seq.Seq - function singleton'1 (v : item'0) : Seq'0.t_seq item'0 - axiom singleton'1_spec : forall v : item'0 . ([%#span26] inv'4 v) - -> ([%#span29] inv'12 (singleton'1 v)) - && ([%#span28] index_logic'1 (singleton'1 v) 0 = v) && ([%#span27] len'1 (singleton'1 v) = 1) + axiom singleton'1_spec : forall v : item'0 . ([%#span18] inv'4 v) + -> ([%#span20] index_logic'1 (singleton'1 v) 0 = v) && ([%#span19] len'1 (singleton'1 v) = 1) predicate completed'1 [#"../common.rs" 11 4 11 36] (self : borrowed a) predicate completed'0 [#"../12_zip.rs" 18 4 18 35] (self : borrowed (Zip'0.t_zip a b)) = - [%#span30] completed'1 (Borrow.borrow_logic (C12Zip_Zip_Type.zip_a ( * self)) (C12Zip_Zip_Type.zip_a ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) + [%#span21] completed'1 (Borrow.borrow_logic (C12Zip_Zip_Type.zip_a ( * self)) (C12Zip_Zip_Type.zip_a ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) /\ C12Zip_Zip_Type.zip_b ( * self) = C12Zip_Zip_Type.zip_b ( ^ self) \/ (exists x : item'0 . inv'4 x /\ produces'1 (C12Zip_Zip_Type.zip_a ( * self)) (singleton'1 x) (C12Zip_Zip_Type.zip_a ( ^ self)) @@ -883,18 +661,15 @@ module C12Zip_Impl0_Next predicate resolve'3 (self : Option'0.t_option item'1) - use seq.Seq - function singleton'2 (v : item'1) : Seq'0.t_seq item'1 - axiom singleton'2_spec : forall v : item'1 . ([%#span26] inv'13 v) - -> ([%#span29] inv'11 (singleton'2 v)) - && ([%#span28] index_logic'2 (singleton'2 v) 0 = v) && ([%#span27] len'2 (singleton'2 v) = 1) + axiom singleton'2_spec : forall v : item'1 . ([%#span18] inv'10 v) + -> ([%#span20] index_logic'2 (singleton'2 v) 0 = v) && ([%#span19] len'2 (singleton'2 v) = 1) - let rec next'1 (self:borrowed b) (return' (ret:Option'0.t_option item'1))= {[@expl:precondition] [%#span31] inv'8 self} + let rec next'1 (self:borrowed b) (return' (ret:Option'0.t_option item'1))= {[@expl:precondition] [%#span22] inv'8 self} any - [ return' (result:Option'0.t_option item'1)-> {[%#span33] inv'5 result} - {[%#span32] match result with + [ return' (result:Option'0.t_option item'1)-> {[%#span24] inv'5 result} + {[%#span23] match result with | Option'0.C_None -> completed'2 self | Option'0.C_Some v -> produces'2 ( * self) (singleton'2 v) ( ^ self) end} @@ -904,12 +679,12 @@ module C12Zip_Impl0_Next predicate resolve'1 (self : Option'0.t_option item'0) predicate resolve'0 (self : borrowed (Zip'0.t_zip a b)) = - [%#span34] ^ self = * self + [%#span25] ^ self = * self - let rec next'0 (self:borrowed a) (return' (ret:Option'0.t_option item'0))= {[@expl:precondition] [%#span31] inv'7 self} + let rec next'0 (self:borrowed a) (return' (ret:Option'0.t_option item'0))= {[@expl:precondition] [%#span22] inv'7 self} any - [ return' (result:Option'0.t_option item'0)-> {[%#span33] inv'2 result} - {[%#span32] match result with + [ return' (result:Option'0.t_option item'0)-> {[%#span24] inv'2 result} + {[%#span23] match result with | Option'0.C_None -> completed'1 self | Option'0.C_Some v -> produces'1 ( * self) (singleton'1 v) ( ^ self) end} @@ -1057,69 +832,37 @@ module C12Zip_Impl0 let%span s12_zip2 = "../12_zip.rs" 48 4 48 90 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span11 = "../12_zip.rs" 29 8 35 9 + let%span span6 = "../12_zip.rs" 29 8 35 9 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 - - let%span span16 = "../12_zip.rs" 20 13 22 67 - - type item'0 - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'7 (self : Seq'0.t_seq item'0) - - predicate inv'7 (_x : Seq'0.t_seq item'0) - - axiom inv'7 : forall x : Seq'0.t_seq item'0 . inv'7 x = true + let%span span10 = "../12_zip.rs" 20 13 22 67 type item'1 - predicate invariant'6 (self : Seq'0.t_seq item'1) - - predicate inv'6 (_x : Seq'0.t_seq item'1) - - axiom inv'6 : forall x : Seq'0.t_seq item'1 . inv'6 x = true - - predicate invariant'5 (self : (item'0, item'1)) - - predicate inv'5 (_x : (item'0, item'1)) - - axiom inv'5 : forall x : (item'0, item'1) . inv'5 x = true + type item'0 - predicate invariant'4 (self : item'0) + predicate invariant'4 (self : (item'0, item'1)) - predicate inv'4 (_x : item'0) + predicate inv'4 (_x : (item'0, item'1)) - axiom inv'4 : forall x : item'0 . inv'4 x = true + axiom inv'4 : forall x : (item'0, item'1) . inv'4 x = true - predicate invariant'3 (self : Seq'0.t_seq (item'0, item'1)) + predicate invariant'3 (self : item'0) - predicate inv'3 (_x : Seq'0.t_seq (item'0, item'1)) + predicate inv'3 (_x : item'0) - axiom inv'3 : forall x : Seq'0.t_seq (item'0, item'1) . inv'3 x = true + axiom inv'3 : forall x : item'0 . inv'3 x = true use C12Zip_Zip_Type as Zip'0 @@ -1145,36 +888,29 @@ module C12Zip_Impl0 axiom inv'0 : forall x : borrowed (Zip'0.t_zip a b) . inv'0 x = true - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - use seq.Seq + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 use prelude.prelude.Int - function index_logic'0 (self : Seq'0.t_seq (item'0, item'1)) (x : int) : (item'0, item'1) - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq (item'0, item'1)) (_2 : int) : (item'0, item'1) function len'0 (self : Seq'0.t_seq (item'0, item'1)) : int - axiom len'0_spec : forall self : Seq'0.t_seq (item'0, item'1) . ([%#span3] inv'3 self) -> ([%#span4] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (item'0, item'1) . [%#span3] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq (item'0, item'1)) (other : Seq'0.t_seq (item'0, item'1)) : Seq'0.t_seq (item'0, item'1) - axiom concat'0_spec : forall self : Seq'0.t_seq (item'0, item'1), other : Seq'0.t_seq (item'0, item'1) . ([%#span5] inv'3 self) - -> ([%#span6] inv'3 other) - -> ([%#span9] inv'3 (concat'0 self other)) - && ([%#span8] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq (item'0, item'1), other : Seq'0.t_seq (item'0, item'1) . ([%#span5] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span7] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span4] len'0 (concat'0 self other) = len'0 self + len'0 other) - constant empty'0 : Seq'0.t_seq (item'0, item'1) = [%#span10] () + constant empty'0 : Seq'0.t_seq (item'0, item'1) - constant empty'0 : Seq'0.t_seq (item'0, item'1) = [%#span10] () + constant empty'0 : Seq'0.t_seq (item'0, item'1) predicate produces'2 [#"../common.rs" 8 4 8 65] (self : b) (visited : Seq'0.t_seq item'1) (o : b) @@ -1182,64 +918,48 @@ module C12Zip_Impl0 predicate produces'1 [#"../common.rs" 8 4 8 65] (self : a) (visited : Seq'0.t_seq item'0) (o : a) - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq item'1) (x : int) : item'1 - - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq item'0) (x : int) : item'0 + function index_logic'2 (self : Seq'0.t_seq item'1) (_2 : int) : item'1 - use seq.Seq + function index_logic'1 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function len'2 (self : Seq'0.t_seq item'1) : int - axiom len'2_spec : forall self : Seq'0.t_seq item'1 . ([%#span3] inv'6 self) -> ([%#span4] len'2 self >= 0) - - use seq.Seq + axiom len'2_spec : forall self : Seq'0.t_seq item'1 . [%#span3] len'2 self >= 0 function len'1 (self : Seq'0.t_seq item'0) : int - axiom len'1_spec : forall self : Seq'0.t_seq item'0 . ([%#span3] inv'7 self) -> ([%#span4] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq item'0 . [%#span3] len'1 self >= 0 predicate produces'0 [#"../12_zip.rs" 28 4 28 65] (self : Zip'0.t_zip a b) (visited : Seq'0.t_seq (item'0, item'1)) (tl : Zip'0.t_zip a b) = - [%#span11] exists p2 : Seq'0.t_seq item'1 . exists p1 : Seq'0.t_seq item'0 . inv'6 p2 - /\ inv'7 p1 - /\ len'1 p1 = len'2 p2 + [%#span6] exists p2 : Seq'0.t_seq item'1 . exists p1 : Seq'0.t_seq item'0 . len'1 p1 = len'2 p2 /\ len'2 p2 = len'0 visited /\ (forall i : int . 0 <= i /\ i < len'0 visited -> index_logic'0 visited i = (index_logic'1 p1 i, index_logic'2 p2 i)) /\ produces'1 (C12Zip_Zip_Type.zip_a self) p1 (C12Zip_Zip_Type.zip_a tl) /\ produces'2 (C12Zip_Zip_Type.zip_b self) p2 (C12Zip_Zip_Type.zip_b tl) - use seq.Seq - function singleton'0 (v : (item'0, item'1)) : Seq'0.t_seq (item'0, item'1) - axiom singleton'0_spec : forall v : (item'0, item'1) . ([%#span12] inv'5 v) - -> ([%#span15] inv'3 (singleton'0 v)) - && ([%#span14] index_logic'0 (singleton'0 v) 0 = v) && ([%#span13] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : (item'0, item'1) . ([%#span7] inv'4 v) + -> ([%#span9] index_logic'0 (singleton'0 v) 0 = v) && ([%#span8] len'0 (singleton'0 v) = 1) predicate completed'2 [#"../common.rs" 11 4 11 36] (self : borrowed b) predicate resolve'0 (self : item'0) - use seq.Seq - function singleton'1 (v : item'0) : Seq'0.t_seq item'0 - axiom singleton'1_spec : forall v : item'0 . ([%#span12] inv'4 v) - -> ([%#span15] inv'7 (singleton'1 v)) - && ([%#span14] index_logic'1 (singleton'1 v) 0 = v) && ([%#span13] len'1 (singleton'1 v) = 1) + axiom singleton'1_spec : forall v : item'0 . ([%#span7] inv'3 v) + -> ([%#span9] index_logic'1 (singleton'1 v) 0 = v) && ([%#span8] len'1 (singleton'1 v) = 1) predicate completed'1 [#"../common.rs" 11 4 11 36] (self : borrowed a) predicate completed'0 [#"../12_zip.rs" 18 4 18 35] (self : borrowed (Zip'0.t_zip a b)) = - [%#span16] completed'1 (Borrow.borrow_logic (C12Zip_Zip_Type.zip_a ( * self)) (C12Zip_Zip_Type.zip_a ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) + [%#span10] completed'1 (Borrow.borrow_logic (C12Zip_Zip_Type.zip_a ( * self)) (C12Zip_Zip_Type.zip_a ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) /\ C12Zip_Zip_Type.zip_b ( * self) = C12Zip_Zip_Type.zip_b ( ^ self) - \/ (exists x : item'0 . inv'4 x + \/ (exists x : item'0 . inv'3 x /\ produces'1 (C12Zip_Zip_Type.zip_a ( * self)) (singleton'1 x) (C12Zip_Zip_Type.zip_a ( ^ self)) /\ resolve'0 x /\ completed'2 (Borrow.borrow_logic (C12Zip_Zip_Type.zip_b ( * self)) (C12Zip_Zip_Type.zip_b ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 2))) @@ -1263,11 +983,9 @@ module C12Zip_Impl0 -> produces'0 self (empty'1 : Seq'0.t_seq (item'0, item'1)) self) goal produces_trans_refn : [%#s12_zip2] forall a : Zip'0.t_zip a b . forall ab : Seq'0.t_seq (item'0, item'1) . forall b : Zip'0.t_zip a b . forall bc : Seq'0.t_seq (item'0, item'1) . forall c : Zip'0.t_zip a b . inv'2 c - /\ inv'3 bc /\ inv'2 b /\ inv'3 ab /\ inv'2 a /\ produces'0 b bc c /\ produces'0 a ab b + /\ inv'2 b /\ inv'2 a /\ produces'0 b bc c /\ produces'0 a ab b -> inv'2 c - /\ inv'3 bc /\ inv'2 b - /\ inv'3 ab /\ inv'2 a /\ produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (concat'0 ab bc) c -> produces'0 a (concat'0 ab bc) c) diff --git a/creusot/tests/should_succeed/iterators/13_cloned.coma b/creusot/tests/should_succeed/iterators/13_cloned.coma index 72baf86de4..bf42494ff6 100644 --- a/creusot/tests/should_succeed/iterators/13_cloned.coma +++ b/creusot/tests/should_succeed/iterators/13_cloned.coma @@ -15,22 +15,7 @@ module C13Cloned_Cloned_Type end end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C13Cloned_Impl0_ProducesRefl_Impl type i @@ -41,130 +26,86 @@ module C13Cloned_Impl0_ProducesRefl_Impl let%span s13_cloned1 = "../13_cloned.rs" 38 14 38 45 - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span12 = "../common.rs" 18 15 18 32 + let%span span6 = "../common.rs" 18 15 18 32 - let%span span13 = "../common.rs" 19 15 19 32 + let%span span7 = "../common.rs" 19 15 19 32 - let%span span14 = "../common.rs" 21 22 21 23 + let%span span8 = "../common.rs" 21 22 21 23 - let%span span15 = "../common.rs" 21 31 21 33 + let%span span9 = "../common.rs" 21 52 21 53 - let%span span16 = "../common.rs" 21 52 21 53 + let%span span10 = "../common.rs" 21 82 21 83 - let%span span17 = "../common.rs" 21 61 21 63 + let%span span11 = "../common.rs" 20 14 20 42 - let%span span18 = "../common.rs" 21 82 21 83 + let%span span12 = "../common.rs" 15 21 15 25 - let%span span19 = "../common.rs" 20 14 20 42 + let%span span13 = "../common.rs" 14 14 14 45 - let%span span20 = "../common.rs" 15 21 15 25 + let%span span14 = "../13_cloned.rs" 29 8 33 9 - let%span span21 = "../common.rs" 14 14 14 45 + predicate invariant'1 (self : i) - let%span span22 = "../13_cloned.rs" 29 8 33 9 + predicate inv'1 (_x : i) - predicate invariant'3 (self : i) - - predicate inv'3 (_x : i) - - axiom inv'3 : forall x : i . inv'3 x = true + axiom inv'1 : forall x : i . inv'1 x = true use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'2 (_x : Seq'0.t_seq t) - function len'1 (self : Seq'0.t_seq t) : int - axiom len'1_spec : forall self : Seq'0.t_seq t . ([%#span2] inv'2 self) -> ([%#span3] len'1 self >= 0) - - constant empty'1 : Seq'0.t_seq t = [%#span4] () - - function empty_len'1 (_1 : ()) : () = - [%#span6] () + axiom len'1_spec : forall self : Seq'0.t_seq t . [%#span2] len'1 self >= 0 - axiom empty_len'1_spec : forall _1 : () . [%#span5] len'1 (empty'1 : Seq'0.t_seq t) = 0 + constant empty'1 : Seq'0.t_seq t - use seq.Seq + function empty_len'1 (_1 : ()) : () - use seq.Seq + axiom empty_len'1_spec : forall _1 : () . [%#span3] len'1 (empty'1 : Seq'0.t_seq t) = 0 - function index_logic'1 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'1 (self : Seq'0.t_seq t) (_2 : int) : t function concat'0 (self : Seq'0.t_seq t) (other : Seq'0.t_seq t) : Seq'0.t_seq t - axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span7] inv'2 self) - -> ([%#span8] inv'2 other) - -> ([%#span11] inv'2 (concat'0 self other)) - && ([%#span10] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span5] forall i : int . 0 <= i + /\ i < len'1 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'1 self then index_logic'1 self i else index_logic'1 other (i - len'1 self))) - && ([%#span9] len'1 (concat'0 self other) = len'1 self + len'1 other) + && ([%#span4] len'1 (concat'0 self other) = len'1 self + len'1 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq t) (o : i) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq t) (b : i) (bc : Seq'0.t_seq t) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq t, b : i, bc : Seq'0.t_seq t, c : i . ([%#span12] produces'1 a ab b) - -> ([%#span13] produces'1 b bc c) - -> ([%#span14] inv'3 a) - -> ([%#span15] inv'2 ab) - -> ([%#span16] inv'3 b) - -> ([%#span17] inv'2 bc) -> ([%#span18] inv'3 c) -> ([%#span19] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq t, b : i, bc : Seq'0.t_seq t, c : i . ([%#span6] produces'1 a ab b) + -> ([%#span7] produces'1 b bc c) + -> ([%#span8] inv'1 a) + -> ([%#span9] inv'1 b) -> ([%#span10] inv'1 c) -> ([%#span11] produces'1 a (concat'0 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span20] inv'3 self) - -> ([%#span21] produces'1 self (empty'1 : Seq'0.t_seq t) self) - - predicate invariant'2 (self : Seq'0.t_seq t) - - axiom inv'2 : forall x : Seq'0.t_seq t . inv'2 x = true - - predicate invariant'1 (self : Seq'0.t_seq t) - - predicate inv'1 (_x : Seq'0.t_seq t) - - axiom inv'1 : forall x : Seq'0.t_seq t . inv'1 x = true - - use seq.Seq + axiom produces_refl'0_spec : forall self : i . ([%#span12] inv'1 self) + -> ([%#span13] produces'1 self (empty'1 : Seq'0.t_seq t) self) function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span2] inv'1 self) -> ([%#span3] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span2] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq t = [%#span4] () + constant empty'0 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span6] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span5] len'0 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span3] len'0 (empty'0 : Seq'0.t_seq t) = 0 use C13Cloned_Cloned_Type as Cloned'0 @@ -174,9 +115,7 @@ module C13Cloned_Impl0_ProducesRefl_Impl axiom inv'0 : forall x : Cloned'0.t_cloned i . inv'0 x = true - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'0 (self : Seq'0.t_seq t) (_2 : int) : t use C13Cloned_Cloned_Type as C13Cloned_Cloned_Type @@ -185,8 +124,7 @@ module C13Cloned_Impl0_ProducesRefl_Impl predicate produces'0 [#"../13_cloned.rs" 28 4 28 64] (self : Cloned'0.t_cloned i) (visited : Seq'0.t_seq t) (o : Cloned'0.t_cloned i) = - [%#span22] exists s : Seq'0.t_seq t . inv'2 s - /\ produces'1 (C13Cloned_Cloned_Type.cloned_iter self) s (C13Cloned_Cloned_Type.cloned_iter o) + [%#span14] exists s : Seq'0.t_seq t . produces'1 (C13Cloned_Cloned_Type.cloned_iter self) s (C13Cloned_Cloned_Type.cloned_iter o) /\ len'0 visited = len'1 s /\ (forall i : int . 0 <= i /\ i < len'1 s -> index_logic'0 visited i = index_logic'1 s i) @@ -208,140 +146,92 @@ module C13Cloned_Impl0_ProducesTrans_Impl let%span s13_cloned2 = "../13_cloned.rs" 46 22 46 23 - let%span s13_cloned3 = "../13_cloned.rs" 46 31 46 33 - - let%span s13_cloned4 = "../13_cloned.rs" 46 52 46 53 - - let%span s13_cloned5 = "../13_cloned.rs" 46 61 46 63 - - let%span s13_cloned6 = "../13_cloned.rs" 46 82 46 83 - - let%span s13_cloned7 = "../13_cloned.rs" 45 14 45 42 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span s13_cloned3 = "../13_cloned.rs" 46 52 46 53 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span s13_cloned4 = "../13_cloned.rs" 46 82 46 83 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span s13_cloned5 = "../13_cloned.rs" 45 14 45 42 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span10 = "../common.rs" 18 15 18 32 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span11 = "../common.rs" 19 15 19 32 - let%span span18 = "../common.rs" 18 15 18 32 + let%span span12 = "../common.rs" 21 22 21 23 - let%span span19 = "../common.rs" 19 15 19 32 + let%span span13 = "../common.rs" 21 52 21 53 - let%span span20 = "../common.rs" 21 22 21 23 + let%span span14 = "../common.rs" 21 82 21 83 - let%span span21 = "../common.rs" 21 31 21 33 + let%span span15 = "../common.rs" 20 14 20 42 - let%span span22 = "../common.rs" 21 52 21 53 + let%span span16 = "../common.rs" 15 21 15 25 - let%span span23 = "../common.rs" 21 61 21 63 + let%span span17 = "../common.rs" 14 14 14 45 - let%span span24 = "../common.rs" 21 82 21 83 + let%span span18 = "../13_cloned.rs" 29 8 33 9 - let%span span25 = "../common.rs" 20 14 20 42 + predicate invariant'1 (self : i) - let%span span26 = "../common.rs" 15 21 15 25 + predicate inv'1 (_x : i) - let%span span27 = "../common.rs" 14 14 14 45 - - let%span span28 = "../13_cloned.rs" 29 8 33 9 - - predicate invariant'3 (self : i) - - predicate inv'3 (_x : i) - - axiom inv'3 : forall x : i . inv'3 x = true + axiom inv'1 : forall x : i . inv'1 x = true use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'2 (_x : Seq'0.t_seq t) - function len'1 (self : Seq'0.t_seq t) : int - axiom len'1_spec : forall self : Seq'0.t_seq t . ([%#span8] inv'2 self) -> ([%#span9] len'1 self >= 0) - - constant empty'1 : Seq'0.t_seq t = [%#span10] () + axiom len'1_spec : forall self : Seq'0.t_seq t . [%#span6] len'1 self >= 0 - function empty_len'1 (_1 : ()) : () = - [%#span12] () + constant empty'1 : Seq'0.t_seq t - axiom empty_len'1_spec : forall _1 : () . [%#span11] len'1 (empty'1 : Seq'0.t_seq t) = 0 + function empty_len'1 (_1 : ()) : () - use seq.Seq + axiom empty_len'1_spec : forall _1 : () . [%#span7] len'1 (empty'1 : Seq'0.t_seq t) = 0 - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'1 (self : Seq'0.t_seq t) (_2 : int) : t function concat'1 (self : Seq'0.t_seq t) (other : Seq'0.t_seq t) : Seq'0.t_seq t - axiom concat'1_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span13] inv'2 self) - -> ([%#span14] inv'2 other) - -> ([%#span17] inv'2 (concat'1 self other)) - && ([%#span16] forall i : int . 0 <= i /\ i < len'1 (concat'1 self other) + axiom concat'1_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span9] forall i : int . 0 <= i + /\ i < len'1 (concat'1 self other) -> index_logic'1 (concat'1 self other) i = (if i < len'1 self then index_logic'1 self i else index_logic'1 other (i - len'1 self))) - && ([%#span15] len'1 (concat'1 self other) = len'1 self + len'1 other) + && ([%#span8] len'1 (concat'1 self other) = len'1 self + len'1 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq t) (o : i) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq t) (b : i) (bc : Seq'0.t_seq t) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq t, b : i, bc : Seq'0.t_seq t, c : i . ([%#span18] produces'1 a ab b) - -> ([%#span19] produces'1 b bc c) - -> ([%#span20] inv'3 a) - -> ([%#span21] inv'2 ab) - -> ([%#span22] inv'3 b) - -> ([%#span23] inv'2 bc) -> ([%#span24] inv'3 c) -> ([%#span25] produces'1 a (concat'1 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq t, b : i, bc : Seq'0.t_seq t, c : i . ([%#span10] produces'1 a ab b) + -> ([%#span11] produces'1 b bc c) + -> ([%#span12] inv'1 a) + -> ([%#span13] inv'1 b) -> ([%#span14] inv'1 c) -> ([%#span15] produces'1 a (concat'1 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span26] inv'3 self) - -> ([%#span27] produces'1 self (empty'1 : Seq'0.t_seq t) self) - - predicate invariant'2 (self : Seq'0.t_seq t) - - axiom inv'2 : forall x : Seq'0.t_seq t . inv'2 x = true - - use seq.Seq - - predicate inv'1 (_x : Seq'0.t_seq t) + axiom produces_refl'0_spec : forall self : i . ([%#span16] inv'1 self) + -> ([%#span17] produces'1 self (empty'1 : Seq'0.t_seq t) self) function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span8] inv'1 self) -> ([%#span9] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span6] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq t = [%#span10] () + constant empty'0 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span12] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span11] len'0 (empty'0 : Seq'0.t_seq t) = 0 - - predicate invariant'1 (self : Seq'0.t_seq t) - - axiom inv'1 : forall x : Seq'0.t_seq t . inv'1 x = true + axiom empty_len'0_spec : forall _1 : () . [%#span7] len'0 (empty'0 : Seq'0.t_seq t) = 0 use C13Cloned_Cloned_Type as Cloned'0 @@ -351,21 +241,15 @@ module C13Cloned_Impl0_ProducesTrans_Impl axiom inv'0 : forall x : Cloned'0.t_cloned i . inv'0 x = true - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'0 (self : Seq'0.t_seq t) (_2 : int) : t function concat'0 (self : Seq'0.t_seq t) (other : Seq'0.t_seq t) : Seq'0.t_seq t - axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span13] inv'1 self) - -> ([%#span14] inv'1 other) - -> ([%#span17] inv'1 (concat'0 self other)) - && ([%#span16] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span9] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span15] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span8] len'0 (concat'0 self other) = len'0 self + len'0 other) use C13Cloned_Cloned_Type as C13Cloned_Cloned_Type @@ -374,8 +258,7 @@ module C13Cloned_Impl0_ProducesTrans_Impl predicate produces'0 [#"../13_cloned.rs" 28 4 28 64] (self : Cloned'0.t_cloned i) (visited : Seq'0.t_seq t) (o : Cloned'0.t_cloned i) = - [%#span28] exists s : Seq'0.t_seq t . inv'2 s - /\ produces'1 (C13Cloned_Cloned_Type.cloned_iter self) s (C13Cloned_Cloned_Type.cloned_iter o) + [%#span18] exists s : Seq'0.t_seq t . produces'1 (C13Cloned_Cloned_Type.cloned_iter self) s (C13Cloned_Cloned_Type.cloned_iter o) /\ len'0 visited = len'1 s /\ (forall i : int . 0 <= i /\ i < len'1 s -> index_logic'0 visited i = index_logic'1 s i) @@ -392,13 +275,11 @@ module C13Cloned_Impl0_ProducesTrans_Impl function produces_trans [#"../13_cloned.rs" 46 4 46 90] (a : Cloned'0.t_cloned i) (ab : Seq'0.t_seq t) (b : Cloned'0.t_cloned i) (bc : Seq'0.t_seq t) (c : Cloned'0.t_cloned i) : () - goal vc_produces_trans : ([%#s13_cloned6] inv'0 c) - -> ([%#s13_cloned5] inv'1 bc) - -> ([%#s13_cloned4] inv'0 b) - -> ([%#s13_cloned3] inv'1 ab) + goal vc_produces_trans : ([%#s13_cloned4] inv'0 c) + -> ([%#s13_cloned3] inv'0 b) -> ([%#s13_cloned2] inv'0 a) -> ([%#s13_cloned1] produces'0 b bc c) - -> ([%#s13_cloned0] produces'0 a ab b) -> ([%#s13_cloned7] produces'0 a (concat'0 ab bc) c) + -> ([%#s13_cloned0] produces'0 a ab b) -> ([%#s13_cloned5] produces'0 a (concat'0 ab bc) c) end module Core_Option_Option_Type type t_option 't = @@ -427,87 +308,55 @@ module C13Cloned_Impl0_Next let%span s13_cloned2 = "../13_cloned.rs" 52 26 52 35 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span7 = "../common.rs" 18 15 18 32 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span8 = "../common.rs" 19 15 19 32 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span9 = "../common.rs" 21 22 21 23 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span10 = "../common.rs" 21 52 21 53 - let%span span13 = "../common.rs" 18 15 18 32 + let%span span11 = "../common.rs" 21 82 21 83 - let%span span14 = "../common.rs" 19 15 19 32 + let%span span12 = "../common.rs" 20 14 20 42 - let%span span15 = "../common.rs" 21 22 21 23 + let%span span13 = "../common.rs" 15 21 15 25 - let%span span16 = "../common.rs" 21 31 21 33 + let%span span14 = "../common.rs" 14 14 14 45 - let%span span17 = "../common.rs" 21 52 21 53 + let%span span15 = "../13_cloned.rs" 29 8 33 9 - let%span span18 = "../common.rs" 21 61 21 63 + let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span19 = "../common.rs" 21 82 21 83 + let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span20 = "../common.rs" 20 14 20 42 + let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span21 = "../common.rs" 15 21 15 25 + let%span span19 = "../13_cloned.rs" 23 8 23 43 - let%span span22 = "../common.rs" 14 14 14 45 + let%span span20 = "" 0 0 0 0 - let%span span23 = "../13_cloned.rs" 29 8 33 9 + let%span span21 = "../../../../../creusot-contracts/src/std/option.rs" 104 16 104 59 - let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span22 = "../../../../../creusot-contracts/src/std/option.rs" 29 0 140 1 - let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span23 = "" 0 0 0 0 - let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span24 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span25 = "../common.rs" 27 17 27 21 - let%span span28 = "../13_cloned.rs" 23 8 23 43 + let%span span26 = "../common.rs" 23 14 26 5 - let%span span29 = "" 0 0 0 0 - - let%span span30 = "../../../../../creusot-contracts/src/std/option.rs" 104 16 104 59 - - let%span span31 = "../../../../../creusot-contracts/src/std/option.rs" 29 0 140 1 - - let%span span32 = "" 0 0 0 0 - - let%span span33 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - - let%span span34 = "../common.rs" 27 17 27 21 - - let%span span35 = "../common.rs" 23 14 26 5 - - let%span span36 = "../common.rs" 27 26 27 44 - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'8 (self : Seq'0.t_seq t) - - predicate inv'8 (_x : Seq'0.t_seq t) - - axiom inv'8 : forall x : Seq'0.t_seq t . inv'8 x = true - - predicate invariant'7 (self : Seq'0.t_seq t) - - predicate inv'7 (_x : Seq'0.t_seq t) - - axiom inv'7 : forall x : Seq'0.t_seq t . inv'7 x = true + let%span span27 = "../common.rs" 27 26 27 44 predicate invariant'6 (self : t) @@ -531,20 +380,17 @@ module C13Cloned_Impl0_Next use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'1 (self : Seq'0.t_seq t) : int - axiom len'1_spec : forall self : Seq'0.t_seq t . ([%#span3] inv'8 self) -> ([%#span4] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq t . [%#span3] len'1 self >= 0 - constant empty'0 : Seq'0.t_seq t = [%#span5] () + constant empty'0 : Seq'0.t_seq t - function empty_len'1 (_1 : ()) : () = - [%#span7] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span6] len'1 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span4] len'1 (empty'0 : Seq'0.t_seq t) = 0 use prelude.prelude.Borrow @@ -560,18 +406,15 @@ module C13Cloned_Impl0_Next axiom inv'2 : forall x : Option'0.t_option t . inv'2 x = true - use seq.Seq - function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span3] inv'7 self) -> ([%#span4] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span3] len'0 self >= 0 - constant empty'1 : Seq'0.t_seq t = [%#span5] () + constant empty'1 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span7] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span6] len'0 (empty'1 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span4] len'0 (empty'1 : Seq'0.t_seq t) = 0 use C13Cloned_Cloned_Type as Cloned'0 @@ -581,21 +424,15 @@ module C13Cloned_Impl0_Next axiom inv'1 : forall x : borrowed (Cloned'0.t_cloned i) . inv'1 x = true - use seq.Seq - - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'1 (self : Seq'0.t_seq t) (_2 : int) : t function concat'0 (self : Seq'0.t_seq t) (other : Seq'0.t_seq t) : Seq'0.t_seq t - axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span8] inv'8 self) - -> ([%#span9] inv'8 other) - -> ([%#span12] inv'8 (concat'0 self other)) - && ([%#span11] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span6] forall i : int . 0 <= i + /\ i < len'1 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'1 self then index_logic'1 self i else index_logic'1 other (i - len'1 self))) - && ([%#span10] len'1 (concat'0 self other) = len'1 self + len'1 other) + && ([%#span5] len'1 (concat'0 self other) = len'1 self + len'1 other) predicate inv'0 (_x : i) @@ -604,75 +441,64 @@ module C13Cloned_Impl0_Next function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq t) (b : i) (bc : Seq'0.t_seq t) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq t, b : i, bc : Seq'0.t_seq t, c : i . ([%#span13] produces'1 a ab b) - -> ([%#span14] produces'1 b bc c) - -> ([%#span15] inv'0 a) - -> ([%#span16] inv'8 ab) - -> ([%#span17] inv'0 b) - -> ([%#span18] inv'8 bc) -> ([%#span19] inv'0 c) -> ([%#span20] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq t, b : i, bc : Seq'0.t_seq t, c : i . ([%#span7] produces'1 a ab b) + -> ([%#span8] produces'1 b bc c) + -> ([%#span9] inv'0 a) + -> ([%#span10] inv'0 b) -> ([%#span11] inv'0 c) -> ([%#span12] produces'1 a (concat'0 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span21] inv'0 self) - -> ([%#span22] produces'1 self (empty'0 : Seq'0.t_seq t) self) + axiom produces_refl'0_spec : forall self : i . ([%#span13] inv'0 self) + -> ([%#span14] produces'1 self (empty'0 : Seq'0.t_seq t) self) predicate invariant'0 (self : i) axiom inv'0 : forall x : i . inv'0 x = true - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'0 (self : Seq'0.t_seq t) (_2 : int) : t use C13Cloned_Cloned_Type as C13Cloned_Cloned_Type predicate produces'0 [#"../13_cloned.rs" 28 4 28 64] (self : Cloned'0.t_cloned i) (visited : Seq'0.t_seq t) (o : Cloned'0.t_cloned i) = - [%#span23] exists s : Seq'0.t_seq t . inv'8 s - /\ produces'1 (C13Cloned_Cloned_Type.cloned_iter self) s (C13Cloned_Cloned_Type.cloned_iter o) + [%#span15] exists s : Seq'0.t_seq t . produces'1 (C13Cloned_Cloned_Type.cloned_iter self) s (C13Cloned_Cloned_Type.cloned_iter o) /\ len'0 visited = len'1 s /\ (forall i : int . 0 <= i /\ i < len'1 s -> index_logic'0 visited i = index_logic'1 s i) - use seq.Seq - function singleton'0 (v : t) : Seq'0.t_seq t - axiom singleton'0_spec : forall v : t . ([%#span24] inv'6 v) - -> ([%#span27] inv'7 (singleton'0 v)) - && ([%#span26] index_logic'0 (singleton'0 v) 0 = v) && ([%#span25] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : t . ([%#span16] inv'6 v) + -> ([%#span18] index_logic'0 (singleton'0 v) 0 = v) && ([%#span17] len'0 (singleton'0 v) = 1) predicate completed'1 [#"../common.rs" 11 4 11 36] (self : borrowed i) predicate completed'0 [#"../13_cloned.rs" 22 4 22 35] (self : borrowed (Cloned'0.t_cloned i)) = - [%#span28] completed'1 (Borrow.borrow_logic (C13Cloned_Cloned_Type.cloned_iter ( * self)) (C13Cloned_Cloned_Type.cloned_iter ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) + [%#span19] completed'1 (Borrow.borrow_logic (C13Cloned_Cloned_Type.cloned_iter ( * self)) (C13Cloned_Cloned_Type.cloned_iter ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) use prelude.prelude.Intrinsic - let rec cloned'0 (self:Option'0.t_option t) (return' (ret:Option'0.t_option t))= {[@expl:precondition] [%#span29] inv'4 self} + let rec cloned'0 (self:Option'0.t_option t) (return' (ret:Option'0.t_option t))= {[@expl:precondition] [%#span20] inv'4 self} any - [ return' (result:Option'0.t_option t)-> {[%#span32] inv'2 result} - {[%#span31] self = Option'0.C_None + [ return' (result:Option'0.t_option t)-> {[%#span23] inv'2 result} + {[%#span22] self = Option'0.C_None \/ (exists t : t . inv'5 t /\ self = Option'0.C_Some t /\ result = Option'0.C_Some t)} - {[%#span30] self = Option'0.C_None -> result = Option'0.C_None} + {[%#span21] self = Option'0.C_None -> result = Option'0.C_None} (! return' {result}) ] predicate resolve'0 (self : borrowed (Cloned'0.t_cloned i)) = - [%#span33] ^ self = * self - - use seq.Seq + [%#span24] ^ self = * self function singleton'1 (v : t) : Seq'0.t_seq t - axiom singleton'1_spec : forall v : t . ([%#span24] inv'5 v) - -> ([%#span27] inv'8 (singleton'1 v)) - && ([%#span26] index_logic'1 (singleton'1 v) 0 = v) && ([%#span25] len'1 (singleton'1 v) = 1) + axiom singleton'1_spec : forall v : t . ([%#span16] inv'5 v) + -> ([%#span18] index_logic'1 (singleton'1 v) 0 = v) && ([%#span17] len'1 (singleton'1 v) = 1) - let rec next'0 (self:borrowed i) (return' (ret:Option'0.t_option t))= {[@expl:precondition] [%#span34] inv'3 self} + let rec next'0 (self:borrowed i) (return' (ret:Option'0.t_option t))= {[@expl:precondition] [%#span25] inv'3 self} any - [ return' (result:Option'0.t_option t)-> {[%#span36] inv'4 result} - {[%#span35] match result with + [ return' (result:Option'0.t_option t)-> {[%#span27] inv'4 result} + {[%#span26] match result with | Option'0.C_None -> completed'1 self | Option'0.C_Some v -> produces'1 ( * self) (singleton'1 v) ( ^ self) end} @@ -725,71 +551,45 @@ module C13Cloned_Impl0 let%span s13_cloned2 = "../13_cloned.rs" 52 4 52 35 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span7 = "../13_cloned.rs" 23 8 23 43 - let%span span9 = "../13_cloned.rs" 23 8 23 43 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span10 = "../13_cloned.rs" 29 8 33 9 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + predicate invariant'3 (self : t) - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + predicate inv'3 (_x : t) - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span16 = "../13_cloned.rs" 29 8 33 9 - - predicate invariant'5 (self : t) - - predicate inv'5 (_x : t) - - axiom inv'5 : forall x : t . inv'5 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'4 (self : Seq'0.t_seq t) - - predicate inv'4 (_x : Seq'0.t_seq t) - - axiom inv'4 : forall x : Seq'0.t_seq t . inv'4 x = true + axiom inv'3 : forall x : t . inv'3 x = true use Core_Option_Option_Type as Option'0 - predicate invariant'3 (self : Option'0.t_option t) + predicate invariant'2 (self : Option'0.t_option t) - predicate inv'3 (_x : Option'0.t_option t) + predicate inv'2 (_x : Option'0.t_option t) - axiom inv'3 : forall x : Option'0.t_option t . inv'3 x = true + axiom inv'2 : forall x : Option'0.t_option t . inv'2 x = true use C13Cloned_Cloned_Type as Cloned'0 use prelude.prelude.Borrow - predicate invariant'2 (self : borrowed (Cloned'0.t_cloned i)) - - predicate inv'2 (_x : borrowed (Cloned'0.t_cloned i)) - - axiom inv'2 : forall x : borrowed (Cloned'0.t_cloned i) . inv'2 x = true - - predicate invariant'1 (self : Seq'0.t_seq t) + predicate invariant'1 (self : borrowed (Cloned'0.t_cloned i)) - predicate inv'1 (_x : Seq'0.t_seq t) + predicate inv'1 (_x : borrowed (Cloned'0.t_cloned i)) - axiom inv'1 : forall x : Seq'0.t_seq t . inv'1 x = true + axiom inv'1 : forall x : borrowed (Cloned'0.t_cloned i) . inv'1 x = true predicate invariant'0 (self : Cloned'0.t_cloned i) @@ -799,75 +599,57 @@ module C13Cloned_Impl0 use prelude.prelude.Int - use seq.Seq - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - function index_logic'0 (self : Seq'0.t_seq t) (x : int) : t + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq t) (_2 : int) : t function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span3] inv'1 self) -> ([%#span4] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span3] len'0 self >= 0 function singleton'0 (v : t) : Seq'0.t_seq t - axiom singleton'0_spec : forall v : t . ([%#span5] inv'5 v) - -> ([%#span8] inv'1 (singleton'0 v)) - && ([%#span7] index_logic'0 (singleton'0 v) 0 = v) && ([%#span6] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : t . ([%#span4] inv'3 v) + -> ([%#span6] index_logic'0 (singleton'0 v) 0 = v) && ([%#span5] len'0 (singleton'0 v) = 1) predicate completed'1 [#"../common.rs" 11 4 11 36] (self : borrowed i) use C13Cloned_Cloned_Type as C13Cloned_Cloned_Type predicate completed'0 [#"../13_cloned.rs" 22 4 22 35] (self : borrowed (Cloned'0.t_cloned i)) = - [%#span9] completed'1 (Borrow.borrow_logic (C13Cloned_Cloned_Type.cloned_iter ( * self)) (C13Cloned_Cloned_Type.cloned_iter ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) + [%#span7] completed'1 (Borrow.borrow_logic (C13Cloned_Cloned_Type.cloned_iter ( * self)) (C13Cloned_Cloned_Type.cloned_iter ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) - constant empty'0 : Seq'0.t_seq t = [%#span10] () + constant empty'0 : Seq'0.t_seq t - constant empty'0 : Seq'0.t_seq t = [%#span10] () - - use seq.Seq + constant empty'0 : Seq'0.t_seq t function concat'0 (self : Seq'0.t_seq t) (other : Seq'0.t_seq t) : Seq'0.t_seq t - axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span11] inv'1 self) - -> ([%#span12] inv'1 other) - -> ([%#span15] inv'1 (concat'0 self other)) - && ([%#span14] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span9] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span13] len'0 (concat'0 self other) = len'0 self + len'0 other) - - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq t) (x : int) : t + && ([%#span8] len'0 (concat'0 self other) = len'0 self + len'0 other) - use seq.Seq + function index_logic'1 (self : Seq'0.t_seq t) (_2 : int) : t function len'1 (self : Seq'0.t_seq t) : int - axiom len'1_spec : forall self : Seq'0.t_seq t . ([%#span3] inv'4 self) -> ([%#span4] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq t . [%#span3] len'1 self >= 0 predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq t) (o : i) predicate produces'0 [#"../13_cloned.rs" 28 4 28 64] (self : Cloned'0.t_cloned i) (visited : Seq'0.t_seq t) (o : Cloned'0.t_cloned i) = - [%#span16] exists s : Seq'0.t_seq t . inv'4 s - /\ produces'1 (C13Cloned_Cloned_Type.cloned_iter self) s (C13Cloned_Cloned_Type.cloned_iter o) + [%#span10] exists s : Seq'0.t_seq t . produces'1 (C13Cloned_Cloned_Type.cloned_iter self) s (C13Cloned_Cloned_Type.cloned_iter o) /\ len'0 visited = len'1 s /\ (forall i : int . 0 <= i /\ i < len'1 s -> index_logic'0 visited i = index_logic'1 s i) goal produces_trans_refn : [%#s13_cloned0] forall a : Cloned'0.t_cloned i . forall ab : Seq'0.t_seq t . forall b : Cloned'0.t_cloned i . forall bc : Seq'0.t_seq t . forall c : Cloned'0.t_cloned i . inv'0 c - /\ inv'1 bc /\ inv'0 b /\ inv'1 ab /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b + /\ inv'0 b /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b -> inv'0 c - /\ inv'1 bc /\ inv'0 b - /\ inv'1 ab /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (concat'0 ab bc) c -> produces'0 a (concat'0 ab bc) c) @@ -877,14 +659,14 @@ module C13Cloned_Impl0 /\ (forall result : () . produces'0 self (empty'0 : Seq'0.t_seq t) self -> produces'0 self (empty'1 : Seq'0.t_seq t) self) - goal next_refn : [%#s13_cloned2] forall self : borrowed (Cloned'0.t_cloned i) . inv'2 self - -> inv'2 self - /\ (forall result : Option'0.t_option t . inv'3 result + goal next_refn : [%#s13_cloned2] forall self : borrowed (Cloned'0.t_cloned i) . inv'1 self + -> inv'1 self + /\ (forall result : Option'0.t_option t . inv'2 result /\ match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end - -> inv'3 result + -> inv'2 result /\ match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) diff --git a/creusot/tests/should_succeed/iterators/14_copied.coma b/creusot/tests/should_succeed/iterators/14_copied.coma index 558a436de7..f43b791afb 100644 --- a/creusot/tests/should_succeed/iterators/14_copied.coma +++ b/creusot/tests/should_succeed/iterators/14_copied.coma @@ -15,22 +15,7 @@ module C14Copied_Copied_Type end end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C14Copied_Impl0_ProducesRefl_Impl type i @@ -41,130 +26,86 @@ module C14Copied_Impl0_ProducesRefl_Impl let%span s14_copied1 = "../14_copied.rs" 38 14 38 45 - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span12 = "../common.rs" 18 15 18 32 + let%span span6 = "../common.rs" 18 15 18 32 - let%span span13 = "../common.rs" 19 15 19 32 + let%span span7 = "../common.rs" 19 15 19 32 - let%span span14 = "../common.rs" 21 22 21 23 + let%span span8 = "../common.rs" 21 22 21 23 - let%span span15 = "../common.rs" 21 31 21 33 + let%span span9 = "../common.rs" 21 52 21 53 - let%span span16 = "../common.rs" 21 52 21 53 + let%span span10 = "../common.rs" 21 82 21 83 - let%span span17 = "../common.rs" 21 61 21 63 + let%span span11 = "../common.rs" 20 14 20 42 - let%span span18 = "../common.rs" 21 82 21 83 + let%span span12 = "../common.rs" 15 21 15 25 - let%span span19 = "../common.rs" 20 14 20 42 + let%span span13 = "../common.rs" 14 14 14 45 - let%span span20 = "../common.rs" 15 21 15 25 + let%span span14 = "../14_copied.rs" 29 8 33 9 - let%span span21 = "../common.rs" 14 14 14 45 + predicate invariant'1 (self : i) - let%span span22 = "../14_copied.rs" 29 8 33 9 + predicate inv'1 (_x : i) - predicate invariant'3 (self : i) - - predicate inv'3 (_x : i) - - axiom inv'3 : forall x : i . inv'3 x = true + axiom inv'1 : forall x : i . inv'1 x = true use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'2 (_x : Seq'0.t_seq t) - function len'1 (self : Seq'0.t_seq t) : int - axiom len'1_spec : forall self : Seq'0.t_seq t . ([%#span2] inv'2 self) -> ([%#span3] len'1 self >= 0) - - constant empty'1 : Seq'0.t_seq t = [%#span4] () - - function empty_len'1 (_1 : ()) : () = - [%#span6] () + axiom len'1_spec : forall self : Seq'0.t_seq t . [%#span2] len'1 self >= 0 - axiom empty_len'1_spec : forall _1 : () . [%#span5] len'1 (empty'1 : Seq'0.t_seq t) = 0 + constant empty'1 : Seq'0.t_seq t - use seq.Seq + function empty_len'1 (_1 : ()) : () - use seq.Seq + axiom empty_len'1_spec : forall _1 : () . [%#span3] len'1 (empty'1 : Seq'0.t_seq t) = 0 - function index_logic'1 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'1 (self : Seq'0.t_seq t) (_2 : int) : t function concat'0 (self : Seq'0.t_seq t) (other : Seq'0.t_seq t) : Seq'0.t_seq t - axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span7] inv'2 self) - -> ([%#span8] inv'2 other) - -> ([%#span11] inv'2 (concat'0 self other)) - && ([%#span10] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span5] forall i : int . 0 <= i + /\ i < len'1 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'1 self then index_logic'1 self i else index_logic'1 other (i - len'1 self))) - && ([%#span9] len'1 (concat'0 self other) = len'1 self + len'1 other) + && ([%#span4] len'1 (concat'0 self other) = len'1 self + len'1 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq t) (o : i) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq t) (b : i) (bc : Seq'0.t_seq t) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq t, b : i, bc : Seq'0.t_seq t, c : i . ([%#span12] produces'1 a ab b) - -> ([%#span13] produces'1 b bc c) - -> ([%#span14] inv'3 a) - -> ([%#span15] inv'2 ab) - -> ([%#span16] inv'3 b) - -> ([%#span17] inv'2 bc) -> ([%#span18] inv'3 c) -> ([%#span19] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq t, b : i, bc : Seq'0.t_seq t, c : i . ([%#span6] produces'1 a ab b) + -> ([%#span7] produces'1 b bc c) + -> ([%#span8] inv'1 a) + -> ([%#span9] inv'1 b) -> ([%#span10] inv'1 c) -> ([%#span11] produces'1 a (concat'0 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span20] inv'3 self) - -> ([%#span21] produces'1 self (empty'1 : Seq'0.t_seq t) self) - - predicate invariant'2 (self : Seq'0.t_seq t) - - axiom inv'2 : forall x : Seq'0.t_seq t . inv'2 x = true - - predicate invariant'1 (self : Seq'0.t_seq t) - - predicate inv'1 (_x : Seq'0.t_seq t) - - axiom inv'1 : forall x : Seq'0.t_seq t . inv'1 x = true - - use seq.Seq + axiom produces_refl'0_spec : forall self : i . ([%#span12] inv'1 self) + -> ([%#span13] produces'1 self (empty'1 : Seq'0.t_seq t) self) function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span2] inv'1 self) -> ([%#span3] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span2] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq t = [%#span4] () + constant empty'0 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span6] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span5] len'0 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span3] len'0 (empty'0 : Seq'0.t_seq t) = 0 use C14Copied_Copied_Type as Copied'0 @@ -174,9 +115,7 @@ module C14Copied_Impl0_ProducesRefl_Impl axiom inv'0 : forall x : Copied'0.t_copied i . inv'0 x = true - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'0 (self : Seq'0.t_seq t) (_2 : int) : t use C14Copied_Copied_Type as C14Copied_Copied_Type @@ -185,8 +124,7 @@ module C14Copied_Impl0_ProducesRefl_Impl predicate produces'0 [#"../14_copied.rs" 28 4 28 64] (self : Copied'0.t_copied i) (visited : Seq'0.t_seq t) (o : Copied'0.t_copied i) = - [%#span22] exists s : Seq'0.t_seq t . inv'2 s - /\ produces'1 (C14Copied_Copied_Type.copied_iter self) s (C14Copied_Copied_Type.copied_iter o) + [%#span14] exists s : Seq'0.t_seq t . produces'1 (C14Copied_Copied_Type.copied_iter self) s (C14Copied_Copied_Type.copied_iter o) /\ len'0 visited = len'1 s /\ (forall i : int . 0 <= i /\ i < len'1 s -> index_logic'0 visited i = index_logic'1 s i) @@ -208,140 +146,92 @@ module C14Copied_Impl0_ProducesTrans_Impl let%span s14_copied2 = "../14_copied.rs" 46 22 46 23 - let%span s14_copied3 = "../14_copied.rs" 46 31 46 33 - - let%span s14_copied4 = "../14_copied.rs" 46 52 46 53 - - let%span s14_copied5 = "../14_copied.rs" 46 61 46 63 - - let%span s14_copied6 = "../14_copied.rs" 46 82 46 83 - - let%span s14_copied7 = "../14_copied.rs" 45 14 45 42 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span s14_copied3 = "../14_copied.rs" 46 52 46 53 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span s14_copied4 = "../14_copied.rs" 46 82 46 83 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span s14_copied5 = "../14_copied.rs" 45 14 45 42 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span10 = "../common.rs" 18 15 18 32 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span11 = "../common.rs" 19 15 19 32 - let%span span18 = "../common.rs" 18 15 18 32 + let%span span12 = "../common.rs" 21 22 21 23 - let%span span19 = "../common.rs" 19 15 19 32 + let%span span13 = "../common.rs" 21 52 21 53 - let%span span20 = "../common.rs" 21 22 21 23 + let%span span14 = "../common.rs" 21 82 21 83 - let%span span21 = "../common.rs" 21 31 21 33 + let%span span15 = "../common.rs" 20 14 20 42 - let%span span22 = "../common.rs" 21 52 21 53 + let%span span16 = "../common.rs" 15 21 15 25 - let%span span23 = "../common.rs" 21 61 21 63 + let%span span17 = "../common.rs" 14 14 14 45 - let%span span24 = "../common.rs" 21 82 21 83 + let%span span18 = "../14_copied.rs" 29 8 33 9 - let%span span25 = "../common.rs" 20 14 20 42 + predicate invariant'1 (self : i) - let%span span26 = "../common.rs" 15 21 15 25 + predicate inv'1 (_x : i) - let%span span27 = "../common.rs" 14 14 14 45 - - let%span span28 = "../14_copied.rs" 29 8 33 9 - - predicate invariant'3 (self : i) - - predicate inv'3 (_x : i) - - axiom inv'3 : forall x : i . inv'3 x = true + axiom inv'1 : forall x : i . inv'1 x = true use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'2 (_x : Seq'0.t_seq t) - function len'1 (self : Seq'0.t_seq t) : int - axiom len'1_spec : forall self : Seq'0.t_seq t . ([%#span8] inv'2 self) -> ([%#span9] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq t . [%#span6] len'1 self >= 0 - constant empty'1 : Seq'0.t_seq t = [%#span10] () + constant empty'1 : Seq'0.t_seq t - function empty_len'1 (_1 : ()) : () = - [%#span12] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span11] len'1 (empty'1 : Seq'0.t_seq t) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span7] len'1 (empty'1 : Seq'0.t_seq t) = 0 - use seq.Seq - - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'1 (self : Seq'0.t_seq t) (_2 : int) : t function concat'1 (self : Seq'0.t_seq t) (other : Seq'0.t_seq t) : Seq'0.t_seq t - axiom concat'1_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span13] inv'2 self) - -> ([%#span14] inv'2 other) - -> ([%#span17] inv'2 (concat'1 self other)) - && ([%#span16] forall i : int . 0 <= i /\ i < len'1 (concat'1 self other) + axiom concat'1_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span9] forall i : int . 0 <= i + /\ i < len'1 (concat'1 self other) -> index_logic'1 (concat'1 self other) i = (if i < len'1 self then index_logic'1 self i else index_logic'1 other (i - len'1 self))) - && ([%#span15] len'1 (concat'1 self other) = len'1 self + len'1 other) + && ([%#span8] len'1 (concat'1 self other) = len'1 self + len'1 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq t) (o : i) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq t) (b : i) (bc : Seq'0.t_seq t) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq t, b : i, bc : Seq'0.t_seq t, c : i . ([%#span18] produces'1 a ab b) - -> ([%#span19] produces'1 b bc c) - -> ([%#span20] inv'3 a) - -> ([%#span21] inv'2 ab) - -> ([%#span22] inv'3 b) - -> ([%#span23] inv'2 bc) -> ([%#span24] inv'3 c) -> ([%#span25] produces'1 a (concat'1 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq t, b : i, bc : Seq'0.t_seq t, c : i . ([%#span10] produces'1 a ab b) + -> ([%#span11] produces'1 b bc c) + -> ([%#span12] inv'1 a) + -> ([%#span13] inv'1 b) -> ([%#span14] inv'1 c) -> ([%#span15] produces'1 a (concat'1 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span26] inv'3 self) - -> ([%#span27] produces'1 self (empty'1 : Seq'0.t_seq t) self) - - predicate invariant'2 (self : Seq'0.t_seq t) - - axiom inv'2 : forall x : Seq'0.t_seq t . inv'2 x = true - - use seq.Seq - - predicate inv'1 (_x : Seq'0.t_seq t) + axiom produces_refl'0_spec : forall self : i . ([%#span16] inv'1 self) + -> ([%#span17] produces'1 self (empty'1 : Seq'0.t_seq t) self) function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span8] inv'1 self) -> ([%#span9] len'0 self >= 0) - - constant empty'0 : Seq'0.t_seq t = [%#span10] () + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span6] len'0 self >= 0 - function empty_len'0 (_1 : ()) : () = - [%#span12] () + constant empty'0 : Seq'0.t_seq t - axiom empty_len'0_spec : forall _1 : () . [%#span11] len'0 (empty'0 : Seq'0.t_seq t) = 0 + function empty_len'0 (_1 : ()) : () - predicate invariant'1 (self : Seq'0.t_seq t) - - axiom inv'1 : forall x : Seq'0.t_seq t . inv'1 x = true + axiom empty_len'0_spec : forall _1 : () . [%#span7] len'0 (empty'0 : Seq'0.t_seq t) = 0 use C14Copied_Copied_Type as Copied'0 @@ -351,21 +241,15 @@ module C14Copied_Impl0_ProducesTrans_Impl axiom inv'0 : forall x : Copied'0.t_copied i . inv'0 x = true - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'0 (self : Seq'0.t_seq t) (_2 : int) : t function concat'0 (self : Seq'0.t_seq t) (other : Seq'0.t_seq t) : Seq'0.t_seq t - axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span13] inv'1 self) - -> ([%#span14] inv'1 other) - -> ([%#span17] inv'1 (concat'0 self other)) - && ([%#span16] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span9] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span15] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span8] len'0 (concat'0 self other) = len'0 self + len'0 other) use C14Copied_Copied_Type as C14Copied_Copied_Type @@ -374,8 +258,7 @@ module C14Copied_Impl0_ProducesTrans_Impl predicate produces'0 [#"../14_copied.rs" 28 4 28 64] (self : Copied'0.t_copied i) (visited : Seq'0.t_seq t) (o : Copied'0.t_copied i) = - [%#span28] exists s : Seq'0.t_seq t . inv'2 s - /\ produces'1 (C14Copied_Copied_Type.copied_iter self) s (C14Copied_Copied_Type.copied_iter o) + [%#span18] exists s : Seq'0.t_seq t . produces'1 (C14Copied_Copied_Type.copied_iter self) s (C14Copied_Copied_Type.copied_iter o) /\ len'0 visited = len'1 s /\ (forall i : int . 0 <= i /\ i < len'1 s -> index_logic'0 visited i = index_logic'1 s i) @@ -392,13 +275,11 @@ module C14Copied_Impl0_ProducesTrans_Impl function produces_trans [#"../14_copied.rs" 46 4 46 90] (a : Copied'0.t_copied i) (ab : Seq'0.t_seq t) (b : Copied'0.t_copied i) (bc : Seq'0.t_seq t) (c : Copied'0.t_copied i) : () - goal vc_produces_trans : ([%#s14_copied6] inv'0 c) - -> ([%#s14_copied5] inv'1 bc) - -> ([%#s14_copied4] inv'0 b) - -> ([%#s14_copied3] inv'1 ab) + goal vc_produces_trans : ([%#s14_copied4] inv'0 c) + -> ([%#s14_copied3] inv'0 b) -> ([%#s14_copied2] inv'0 a) -> ([%#s14_copied1] produces'0 b bc c) - -> ([%#s14_copied0] produces'0 a ab b) -> ([%#s14_copied7] produces'0 a (concat'0 ab bc) c) + -> ([%#s14_copied0] produces'0 a ab b) -> ([%#s14_copied5] produces'0 a (concat'0 ab bc) c) end module Core_Option_Option_Type type t_option 't = @@ -427,87 +308,55 @@ module C14Copied_Impl0_Next let%span s14_copied2 = "../14_copied.rs" 52 26 52 35 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span7 = "../common.rs" 18 15 18 32 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span8 = "../common.rs" 19 15 19 32 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span9 = "../common.rs" 21 22 21 23 - let%span span13 = "../common.rs" 18 15 18 32 + let%span span10 = "../common.rs" 21 52 21 53 - let%span span14 = "../common.rs" 19 15 19 32 + let%span span11 = "../common.rs" 21 82 21 83 - let%span span15 = "../common.rs" 21 22 21 23 + let%span span12 = "../common.rs" 20 14 20 42 - let%span span16 = "../common.rs" 21 31 21 33 + let%span span13 = "../common.rs" 15 21 15 25 - let%span span17 = "../common.rs" 21 52 21 53 + let%span span14 = "../common.rs" 14 14 14 45 - let%span span18 = "../common.rs" 21 61 21 63 + let%span span15 = "../14_copied.rs" 29 8 33 9 - let%span span19 = "../common.rs" 21 82 21 83 + let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span20 = "../common.rs" 20 14 20 42 + let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span21 = "../common.rs" 15 21 15 25 + let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span22 = "../common.rs" 14 14 14 45 + let%span span19 = "../14_copied.rs" 23 8 23 43 - let%span span23 = "../14_copied.rs" 29 8 33 9 + let%span span20 = "" 0 0 0 0 - let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span21 = "../../../../../creusot-contracts/src/std/option.rs" 98 16 98 59 - let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span22 = "../../../../../creusot-contracts/src/std/option.rs" 29 0 140 1 - let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span23 = "" 0 0 0 0 - let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span24 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span28 = "../14_copied.rs" 23 8 23 43 + let%span span25 = "../common.rs" 27 17 27 21 - let%span span29 = "" 0 0 0 0 + let%span span26 = "../common.rs" 23 14 26 5 - let%span span30 = "../../../../../creusot-contracts/src/std/option.rs" 98 16 98 59 - - let%span span31 = "../../../../../creusot-contracts/src/std/option.rs" 29 0 140 1 - - let%span span32 = "" 0 0 0 0 - - let%span span33 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - - let%span span34 = "../common.rs" 27 17 27 21 - - let%span span35 = "../common.rs" 23 14 26 5 - - let%span span36 = "../common.rs" 27 26 27 44 - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'8 (self : Seq'0.t_seq t) - - predicate inv'8 (_x : Seq'0.t_seq t) - - axiom inv'8 : forall x : Seq'0.t_seq t . inv'8 x = true - - predicate invariant'7 (self : Seq'0.t_seq t) - - predicate inv'7 (_x : Seq'0.t_seq t) - - axiom inv'7 : forall x : Seq'0.t_seq t . inv'7 x = true + let%span span27 = "../common.rs" 27 26 27 44 predicate invariant'6 (self : t) @@ -531,20 +380,17 @@ module C14Copied_Impl0_Next use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'1 (self : Seq'0.t_seq t) : int - axiom len'1_spec : forall self : Seq'0.t_seq t . ([%#span3] inv'8 self) -> ([%#span4] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq t . [%#span3] len'1 self >= 0 - constant empty'0 : Seq'0.t_seq t = [%#span5] () + constant empty'0 : Seq'0.t_seq t - function empty_len'1 (_1 : ()) : () = - [%#span7] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span6] len'1 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span4] len'1 (empty'0 : Seq'0.t_seq t) = 0 use prelude.prelude.Borrow @@ -560,18 +406,15 @@ module C14Copied_Impl0_Next axiom inv'2 : forall x : Option'0.t_option t . inv'2 x = true - use seq.Seq - function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span3] inv'7 self) -> ([%#span4] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span3] len'0 self >= 0 - constant empty'1 : Seq'0.t_seq t = [%#span5] () + constant empty'1 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span7] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span6] len'0 (empty'1 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span4] len'0 (empty'1 : Seq'0.t_seq t) = 0 use C14Copied_Copied_Type as Copied'0 @@ -581,21 +424,15 @@ module C14Copied_Impl0_Next axiom inv'1 : forall x : borrowed (Copied'0.t_copied i) . inv'1 x = true - use seq.Seq - - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'1 (self : Seq'0.t_seq t) (_2 : int) : t function concat'0 (self : Seq'0.t_seq t) (other : Seq'0.t_seq t) : Seq'0.t_seq t - axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span8] inv'8 self) - -> ([%#span9] inv'8 other) - -> ([%#span12] inv'8 (concat'0 self other)) - && ([%#span11] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span6] forall i : int . 0 <= i + /\ i < len'1 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'1 self then index_logic'1 self i else index_logic'1 other (i - len'1 self))) - && ([%#span10] len'1 (concat'0 self other) = len'1 self + len'1 other) + && ([%#span5] len'1 (concat'0 self other) = len'1 self + len'1 other) predicate inv'0 (_x : i) @@ -604,75 +441,64 @@ module C14Copied_Impl0_Next function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq t) (b : i) (bc : Seq'0.t_seq t) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq t, b : i, bc : Seq'0.t_seq t, c : i . ([%#span13] produces'1 a ab b) - -> ([%#span14] produces'1 b bc c) - -> ([%#span15] inv'0 a) - -> ([%#span16] inv'8 ab) - -> ([%#span17] inv'0 b) - -> ([%#span18] inv'8 bc) -> ([%#span19] inv'0 c) -> ([%#span20] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq t, b : i, bc : Seq'0.t_seq t, c : i . ([%#span7] produces'1 a ab b) + -> ([%#span8] produces'1 b bc c) + -> ([%#span9] inv'0 a) + -> ([%#span10] inv'0 b) -> ([%#span11] inv'0 c) -> ([%#span12] produces'1 a (concat'0 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span21] inv'0 self) - -> ([%#span22] produces'1 self (empty'0 : Seq'0.t_seq t) self) + axiom produces_refl'0_spec : forall self : i . ([%#span13] inv'0 self) + -> ([%#span14] produces'1 self (empty'0 : Seq'0.t_seq t) self) predicate invariant'0 (self : i) axiom inv'0 : forall x : i . inv'0 x = true - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'0 (self : Seq'0.t_seq t) (_2 : int) : t use C14Copied_Copied_Type as C14Copied_Copied_Type predicate produces'0 [#"../14_copied.rs" 28 4 28 64] (self : Copied'0.t_copied i) (visited : Seq'0.t_seq t) (o : Copied'0.t_copied i) = - [%#span23] exists s : Seq'0.t_seq t . inv'8 s - /\ produces'1 (C14Copied_Copied_Type.copied_iter self) s (C14Copied_Copied_Type.copied_iter o) + [%#span15] exists s : Seq'0.t_seq t . produces'1 (C14Copied_Copied_Type.copied_iter self) s (C14Copied_Copied_Type.copied_iter o) /\ len'0 visited = len'1 s /\ (forall i : int . 0 <= i /\ i < len'1 s -> index_logic'0 visited i = index_logic'1 s i) - use seq.Seq - function singleton'0 (v : t) : Seq'0.t_seq t - axiom singleton'0_spec : forall v : t . ([%#span24] inv'6 v) - -> ([%#span27] inv'7 (singleton'0 v)) - && ([%#span26] index_logic'0 (singleton'0 v) 0 = v) && ([%#span25] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : t . ([%#span16] inv'6 v) + -> ([%#span18] index_logic'0 (singleton'0 v) 0 = v) && ([%#span17] len'0 (singleton'0 v) = 1) predicate completed'1 [#"../common.rs" 11 4 11 36] (self : borrowed i) predicate completed'0 [#"../14_copied.rs" 22 4 22 35] (self : borrowed (Copied'0.t_copied i)) = - [%#span28] completed'1 (Borrow.borrow_logic (C14Copied_Copied_Type.copied_iter ( * self)) (C14Copied_Copied_Type.copied_iter ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) + [%#span19] completed'1 (Borrow.borrow_logic (C14Copied_Copied_Type.copied_iter ( * self)) (C14Copied_Copied_Type.copied_iter ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) use prelude.prelude.Intrinsic - let rec copied'0 (self:Option'0.t_option t) (return' (ret:Option'0.t_option t))= {[@expl:precondition] [%#span29] inv'4 self} + let rec copied'0 (self:Option'0.t_option t) (return' (ret:Option'0.t_option t))= {[@expl:precondition] [%#span20] inv'4 self} any - [ return' (result:Option'0.t_option t)-> {[%#span32] inv'2 result} - {[%#span31] self = Option'0.C_None + [ return' (result:Option'0.t_option t)-> {[%#span23] inv'2 result} + {[%#span22] self = Option'0.C_None \/ (exists t : t . inv'5 t /\ self = Option'0.C_Some t /\ result = Option'0.C_Some t)} - {[%#span30] self = Option'0.C_None -> result = Option'0.C_None} + {[%#span21] self = Option'0.C_None -> result = Option'0.C_None} (! return' {result}) ] predicate resolve'0 (self : borrowed (Copied'0.t_copied i)) = - [%#span33] ^ self = * self - - use seq.Seq + [%#span24] ^ self = * self function singleton'1 (v : t) : Seq'0.t_seq t - axiom singleton'1_spec : forall v : t . ([%#span24] inv'5 v) - -> ([%#span27] inv'8 (singleton'1 v)) - && ([%#span26] index_logic'1 (singleton'1 v) 0 = v) && ([%#span25] len'1 (singleton'1 v) = 1) + axiom singleton'1_spec : forall v : t . ([%#span16] inv'5 v) + -> ([%#span18] index_logic'1 (singleton'1 v) 0 = v) && ([%#span17] len'1 (singleton'1 v) = 1) - let rec next'0 (self:borrowed i) (return' (ret:Option'0.t_option t))= {[@expl:precondition] [%#span34] inv'3 self} + let rec next'0 (self:borrowed i) (return' (ret:Option'0.t_option t))= {[@expl:precondition] [%#span25] inv'3 self} any - [ return' (result:Option'0.t_option t)-> {[%#span36] inv'4 result} - {[%#span35] match result with + [ return' (result:Option'0.t_option t)-> {[%#span27] inv'4 result} + {[%#span26] match result with | Option'0.C_None -> completed'1 self | Option'0.C_Some v -> produces'1 ( * self) (singleton'1 v) ( ^ self) end} @@ -725,71 +551,45 @@ module C14Copied_Impl0 let%span s14_copied2 = "../14_copied.rs" 39 4 39 26 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span10 = "../14_copied.rs" 23 8 23 43 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span7 = "../14_copied.rs" 23 8 23 43 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span10 = "../14_copied.rs" 29 8 33 9 - let%span span16 = "../14_copied.rs" 29 8 33 9 + predicate invariant'3 (self : t) - predicate invariant'5 (self : t) - - predicate inv'5 (_x : t) - - axiom inv'5 : forall x : t . inv'5 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + predicate inv'3 (_x : t) - predicate invariant'4 (self : Seq'0.t_seq t) - - predicate inv'4 (_x : Seq'0.t_seq t) - - axiom inv'4 : forall x : Seq'0.t_seq t . inv'4 x = true + axiom inv'3 : forall x : t . inv'3 x = true use Core_Option_Option_Type as Option'0 - predicate invariant'3 (self : Option'0.t_option t) + predicate invariant'2 (self : Option'0.t_option t) - predicate inv'3 (_x : Option'0.t_option t) + predicate inv'2 (_x : Option'0.t_option t) - axiom inv'3 : forall x : Option'0.t_option t . inv'3 x = true + axiom inv'2 : forall x : Option'0.t_option t . inv'2 x = true use C14Copied_Copied_Type as Copied'0 use prelude.prelude.Borrow - predicate invariant'2 (self : borrowed (Copied'0.t_copied i)) - - predicate inv'2 (_x : borrowed (Copied'0.t_copied i)) - - axiom inv'2 : forall x : borrowed (Copied'0.t_copied i) . inv'2 x = true - - predicate invariant'1 (self : Seq'0.t_seq t) + predicate invariant'1 (self : borrowed (Copied'0.t_copied i)) - predicate inv'1 (_x : Seq'0.t_seq t) + predicate inv'1 (_x : borrowed (Copied'0.t_copied i)) - axiom inv'1 : forall x : Seq'0.t_seq t . inv'1 x = true + axiom inv'1 : forall x : borrowed (Copied'0.t_copied i) . inv'1 x = true predicate invariant'0 (self : Copied'0.t_copied i) @@ -797,89 +597,71 @@ module C14Copied_Impl0 axiom inv'0 : forall x : Copied'0.t_copied i . inv'0 x = true - constant empty'0 : Seq'0.t_seq t = [%#span3] () - - constant empty'0 : Seq'0.t_seq t = [%#span3] () - - use prelude.prelude.Int - - use seq.Seq + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - use seq.Seq + constant empty'0 : Seq'0.t_seq t - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + constant empty'0 : Seq'0.t_seq t - function index_logic'0 (self : Seq'0.t_seq t) (x : int) : t + use prelude.prelude.Int - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq t) (_2 : int) : t function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span4] inv'1 self) -> ([%#span5] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span3] len'0 self >= 0 function singleton'0 (v : t) : Seq'0.t_seq t - axiom singleton'0_spec : forall v : t . ([%#span6] inv'5 v) - -> ([%#span9] inv'1 (singleton'0 v)) - && ([%#span8] index_logic'0 (singleton'0 v) 0 = v) && ([%#span7] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : t . ([%#span4] inv'3 v) + -> ([%#span6] index_logic'0 (singleton'0 v) 0 = v) && ([%#span5] len'0 (singleton'0 v) = 1) predicate completed'1 [#"../common.rs" 11 4 11 36] (self : borrowed i) use C14Copied_Copied_Type as C14Copied_Copied_Type predicate completed'0 [#"../14_copied.rs" 22 4 22 35] (self : borrowed (Copied'0.t_copied i)) = - [%#span10] completed'1 (Borrow.borrow_logic (C14Copied_Copied_Type.copied_iter ( * self)) (C14Copied_Copied_Type.copied_iter ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) - - use seq.Seq + [%#span7] completed'1 (Borrow.borrow_logic (C14Copied_Copied_Type.copied_iter ( * self)) (C14Copied_Copied_Type.copied_iter ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) function concat'0 (self : Seq'0.t_seq t) (other : Seq'0.t_seq t) : Seq'0.t_seq t - axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span11] inv'1 self) - -> ([%#span12] inv'1 other) - -> ([%#span15] inv'1 (concat'0 self other)) - && ([%#span14] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq t, other : Seq'0.t_seq t . ([%#span9] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span13] len'0 (concat'0 self other) = len'0 self + len'0 other) - - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq t) (x : int) : t + && ([%#span8] len'0 (concat'0 self other) = len'0 self + len'0 other) - use seq.Seq + function index_logic'1 (self : Seq'0.t_seq t) (_2 : int) : t function len'1 (self : Seq'0.t_seq t) : int - axiom len'1_spec : forall self : Seq'0.t_seq t . ([%#span4] inv'4 self) -> ([%#span5] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq t . [%#span3] len'1 self >= 0 predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq t) (o : i) predicate produces'0 [#"../14_copied.rs" 28 4 28 64] (self : Copied'0.t_copied i) (visited : Seq'0.t_seq t) (o : Copied'0.t_copied i) = - [%#span16] exists s : Seq'0.t_seq t . inv'4 s - /\ produces'1 (C14Copied_Copied_Type.copied_iter self) s (C14Copied_Copied_Type.copied_iter o) + [%#span10] exists s : Seq'0.t_seq t . produces'1 (C14Copied_Copied_Type.copied_iter self) s (C14Copied_Copied_Type.copied_iter o) /\ len'0 visited = len'1 s /\ (forall i : int . 0 <= i /\ i < len'1 s -> index_logic'0 visited i = index_logic'1 s i) goal produces_trans_refn : [%#s14_copied0] forall a : Copied'0.t_copied i . forall ab : Seq'0.t_seq t . forall b : Copied'0.t_copied i . forall bc : Seq'0.t_seq t . forall c : Copied'0.t_copied i . inv'0 c - /\ inv'1 bc /\ inv'0 b /\ inv'1 ab /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b + /\ inv'0 b /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b -> inv'0 c - /\ inv'1 bc /\ inv'0 b - /\ inv'1 ab /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (concat'0 ab bc) c -> produces'0 a (concat'0 ab bc) c) - goal next_refn : [%#s14_copied1] forall self : borrowed (Copied'0.t_copied i) . inv'2 self - -> inv'2 self - /\ (forall result : Option'0.t_option t . inv'3 result + goal next_refn : [%#s14_copied1] forall self : borrowed (Copied'0.t_copied i) . inv'1 self + -> inv'1 self + /\ (forall result : Option'0.t_option t . inv'2 result /\ match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end - -> inv'3 result + -> inv'2 result /\ match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) diff --git a/creusot/tests/should_succeed/iterators/15_enumerate.coma b/creusot/tests/should_succeed/iterators/15_enumerate.coma index a12d45e813..99f8872d19 100644 --- a/creusot/tests/should_succeed/iterators/15_enumerate.coma +++ b/creusot/tests/should_succeed/iterators/15_enumerate.coma @@ -25,22 +25,7 @@ module C15Enumerate_Enumerate_Type end end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C15Enumerate_Impl0_ProducesRefl_Impl type i @@ -49,150 +34,107 @@ module C15Enumerate_Impl0_ProducesRefl_Impl let%span s15_enumerate1 = "../15_enumerate.rs" 39 14 39 45 - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span12 = "../common.rs" 18 15 18 32 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span13 = "../common.rs" 19 15 19 32 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span14 = "../common.rs" 21 22 21 23 + let%span span6 = "../common.rs" 18 15 18 32 - let%span span15 = "../common.rs" 21 31 21 33 + let%span span7 = "../common.rs" 19 15 19 32 - let%span span16 = "../common.rs" 21 52 21 53 + let%span span8 = "../common.rs" 21 22 21 23 - let%span span17 = "../common.rs" 21 61 21 63 + let%span span9 = "../common.rs" 21 52 21 53 - let%span span18 = "../common.rs" 21 82 21 83 + let%span span10 = "../common.rs" 21 82 21 83 - let%span span19 = "../common.rs" 20 14 20 42 + let%span span11 = "../common.rs" 20 14 20 42 - let%span span20 = "../common.rs" 15 21 15 25 + let%span span12 = "../common.rs" 15 21 15 25 - let%span span21 = "../common.rs" 14 14 14 45 + let%span span13 = "../common.rs" 14 14 14 45 - let%span span22 = "" 0 0 0 0 + let%span span14 = "" 0 0 0 0 - let%span span23 = "../15_enumerate.rs" 73 12 74 79 + let%span span15 = "../15_enumerate.rs" 73 12 74 79 - let%span span24 = "../15_enumerate.rs" 29 8 34 9 + let%span span16 = "../15_enumerate.rs" 29 8 34 9 use prelude.prelude.Borrow - predicate invariant'4 (self : borrowed i) + predicate invariant'2 (self : borrowed i) - predicate inv'4 (_x : borrowed i) + predicate inv'2 (_x : borrowed i) - axiom inv'4 : forall x : borrowed i . inv'4 x = true + axiom inv'2 : forall x : borrowed i . inv'2 x = true - predicate invariant'3 (self : i) + predicate invariant'1 (self : i) - predicate inv'3 (_x : i) + predicate inv'1 (_x : i) - axiom inv'3 : forall x : i . inv'3 x = true + axiom inv'1 : forall x : i . inv'1 x = true use prelude.prelude.Int - use seq.Seq - type item'0 - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'2 (_x : Seq'0.t_seq item'0) - function len'1 (self : Seq'0.t_seq item'0) : int - axiom len'1_spec : forall self : Seq'0.t_seq item'0 . ([%#span2] inv'2 self) -> ([%#span3] len'1 self >= 0) - - constant empty'1 : Seq'0.t_seq item'0 = [%#span4] () - - function empty_len'1 (_1 : ()) : () = - [%#span6] () - - axiom empty_len'1_spec : forall _1 : () . [%#span5] len'1 (empty'1 : Seq'0.t_seq item'0) = 0 - - predicate invariant'2 (self : Seq'0.t_seq item'0) - - axiom inv'2 : forall x : Seq'0.t_seq item'0 . inv'2 x = true - - use prelude.prelude.UIntSize - - predicate invariant'1 (self : Seq'0.t_seq (usize, item'0)) - - predicate inv'1 (_x : Seq'0.t_seq (usize, item'0)) + axiom len'1_spec : forall self : Seq'0.t_seq item'0 . [%#span2] len'1 self >= 0 - axiom inv'1 : forall x : Seq'0.t_seq (usize, item'0) . inv'1 x = true + constant empty'1 : Seq'0.t_seq item'0 - use seq.Seq + function empty_len'1 (_1 : ()) : () - use seq.Seq + axiom empty_len'1_spec : forall _1 : () . [%#span3] len'1 (empty'1 : Seq'0.t_seq item'0) = 0 - function index_logic'1 (self : Seq'0.t_seq item'0) (x : int) : item'0 + function index_logic'1 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span7] inv'2 self) - -> ([%#span8] inv'2 other) - -> ([%#span11] inv'2 (concat'0 self other)) - && ([%#span10] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span5] forall i : int . 0 + <= i + /\ i < len'1 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'1 self then index_logic'1 self i else index_logic'1 other (i - len'1 self))) - && ([%#span9] len'1 (concat'0 self other) = len'1 self + len'1 other) + && ([%#span4] len'1 (concat'0 self other) = len'1 self + len'1 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span12] produces'1 a ab b) - -> ([%#span13] produces'1 b bc c) - -> ([%#span14] inv'3 a) - -> ([%#span15] inv'2 ab) - -> ([%#span16] inv'3 b) - -> ([%#span17] inv'2 bc) -> ([%#span18] inv'3 c) -> ([%#span19] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span6] produces'1 a ab b) + -> ([%#span7] produces'1 b bc c) + -> ([%#span8] inv'1 a) + -> ([%#span9] inv'1 b) -> ([%#span10] inv'1 c) -> ([%#span11] produces'1 a (concat'0 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span20] inv'3 self) - -> ([%#span21] produces'1 self (empty'1 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : i . ([%#span12] inv'1 self) + -> ([%#span13] produces'1 self (empty'1 : Seq'0.t_seq item'0) self) - use seq.Seq + use prelude.prelude.UIntSize function len'0 (self : Seq'0.t_seq (usize, item'0)) : int - axiom len'0_spec : forall self : Seq'0.t_seq (usize, item'0) . ([%#span2] inv'1 self) -> ([%#span3] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (usize, item'0) . [%#span2] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq (usize, item'0) = [%#span4] () + constant empty'0 : Seq'0.t_seq (usize, item'0) - function empty_len'0 (_1 : ()) : () = - [%#span6] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span5] len'0 (empty'0 : Seq'0.t_seq (usize, item'0)) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span3] len'0 (empty'0 : Seq'0.t_seq (usize, item'0)) = 0 predicate completed'0 [#"../common.rs" 11 4 11 36] (self : borrowed i) - constant max'0 : usize = [%#span22] (18446744073709551615 : usize) + constant max'0 : usize = [%#span14] (18446744073709551615 : usize) use prelude.prelude.UIntSize @@ -201,11 +143,10 @@ module C15Enumerate_Impl0_ProducesRefl_Impl use C15Enumerate_Enumerate_Type as Enumerate'0 predicate invariant'0 [#"../15_enumerate.rs" 71 4 71 30] (self : Enumerate'0.t_enumerate i) = - [%#span23] (forall i : i . forall s : Seq'0.t_seq item'0 . inv'3 i - -> inv'2 s + [%#span15] (forall i : i . forall s : Seq'0.t_seq item'0 . inv'1 i -> produces'1 (C15Enumerate_Enumerate_Type.enumerate_iter self) s i -> UIntSize.to_int (C15Enumerate_Enumerate_Type.enumerate_count self) + len'1 s < UIntSize.to_int max'0) - /\ (forall i : borrowed i . inv'4 i -> completed'0 i -> produces'1 ( * i) (empty'1 : Seq'0.t_seq item'0) ( ^ i)) + /\ (forall i : borrowed i . inv'2 i -> completed'0 i -> produces'1 ( * i) (empty'1 : Seq'0.t_seq item'0) ( ^ i)) predicate inv'0 (_x : Enumerate'0.t_enumerate i) @@ -215,18 +156,15 @@ module C15Enumerate_Impl0_ProducesRefl_Impl | Enumerate'0.C_Enumerate iter count -> true end) - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq (usize, item'0)) (x : int) : (usize, item'0) + function index_logic'0 (self : Seq'0.t_seq (usize, item'0)) (_2 : int) : (usize, item'0) predicate produces'0 [#"../15_enumerate.rs" 28 4 28 64] (self : Enumerate'0.t_enumerate i) (visited : Seq'0.t_seq (usize, item'0)) (o : Enumerate'0.t_enumerate i) = - [%#span24] len'0 visited + [%#span16] len'0 visited = UIntSize.to_int (C15Enumerate_Enumerate_Type.enumerate_count o) - UIntSize.to_int (C15Enumerate_Enumerate_Type.enumerate_count self) - /\ (exists s : Seq'0.t_seq item'0 . inv'2 s - /\ produces'1 (C15Enumerate_Enumerate_Type.enumerate_iter self) s (C15Enumerate_Enumerate_Type.enumerate_iter o) + /\ (exists s : Seq'0.t_seq item'0 . produces'1 (C15Enumerate_Enumerate_Type.enumerate_iter self) s (C15Enumerate_Enumerate_Type.enumerate_iter o) /\ len'0 visited = len'1 s /\ (forall i : int . 0 <= i /\ i < len'1 s -> UIntSize.to_int (let (a, _) = index_logic'0 visited i in a) @@ -249,160 +187,113 @@ module C15Enumerate_Impl0_ProducesTrans_Impl let%span s15_enumerate2 = "../15_enumerate.rs" 47 22 47 23 - let%span s15_enumerate3 = "../15_enumerate.rs" 47 31 47 33 - - let%span s15_enumerate4 = "../15_enumerate.rs" 47 52 47 53 - - let%span s15_enumerate5 = "../15_enumerate.rs" 47 61 47 63 - - let%span s15_enumerate6 = "../15_enumerate.rs" 47 82 47 83 - - let%span s15_enumerate7 = "../15_enumerate.rs" 46 14 46 42 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span s15_enumerate3 = "../15_enumerate.rs" 47 52 47 53 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span s15_enumerate4 = "../15_enumerate.rs" 47 82 47 83 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span s15_enumerate5 = "../15_enumerate.rs" 46 14 46 42 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span10 = "../common.rs" 18 15 18 32 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span11 = "../common.rs" 19 15 19 32 - let%span span18 = "../common.rs" 18 15 18 32 + let%span span12 = "../common.rs" 21 22 21 23 - let%span span19 = "../common.rs" 19 15 19 32 + let%span span13 = "../common.rs" 21 52 21 53 - let%span span20 = "../common.rs" 21 22 21 23 + let%span span14 = "../common.rs" 21 82 21 83 - let%span span21 = "../common.rs" 21 31 21 33 + let%span span15 = "../common.rs" 20 14 20 42 - let%span span22 = "../common.rs" 21 52 21 53 + let%span span16 = "../common.rs" 15 21 15 25 - let%span span23 = "../common.rs" 21 61 21 63 + let%span span17 = "../common.rs" 14 14 14 45 - let%span span24 = "../common.rs" 21 82 21 83 + let%span span18 = "" 0 0 0 0 - let%span span25 = "../common.rs" 20 14 20 42 + let%span span19 = "../15_enumerate.rs" 73 12 74 79 - let%span span26 = "../common.rs" 15 21 15 25 - - let%span span27 = "../common.rs" 14 14 14 45 - - let%span span28 = "" 0 0 0 0 - - let%span span29 = "../15_enumerate.rs" 73 12 74 79 - - let%span span30 = "../15_enumerate.rs" 29 8 34 9 + let%span span20 = "../15_enumerate.rs" 29 8 34 9 use prelude.prelude.Borrow - predicate invariant'4 (self : borrowed i) + predicate invariant'2 (self : borrowed i) - predicate inv'4 (_x : borrowed i) + predicate inv'2 (_x : borrowed i) - axiom inv'4 : forall x : borrowed i . inv'4 x = true + axiom inv'2 : forall x : borrowed i . inv'2 x = true - predicate invariant'3 (self : i) + predicate invariant'1 (self : i) - predicate inv'3 (_x : i) + predicate inv'1 (_x : i) - axiom inv'3 : forall x : i . inv'3 x = true + axiom inv'1 : forall x : i . inv'1 x = true use prelude.prelude.Int - use seq.Seq - type item'0 - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'2 (_x : Seq'0.t_seq item'0) - function len'1 (self : Seq'0.t_seq item'0) : int - axiom len'1_spec : forall self : Seq'0.t_seq item'0 . ([%#span8] inv'2 self) -> ([%#span9] len'1 self >= 0) - - constant empty'1 : Seq'0.t_seq item'0 = [%#span10] () + axiom len'1_spec : forall self : Seq'0.t_seq item'0 . [%#span6] len'1 self >= 0 - function empty_len'1 (_1 : ()) : () = - [%#span12] () + constant empty'1 : Seq'0.t_seq item'0 - axiom empty_len'1_spec : forall _1 : () . [%#span11] len'1 (empty'1 : Seq'0.t_seq item'0) = 0 + function empty_len'1 (_1 : ()) : () - predicate invariant'2 (self : Seq'0.t_seq item'0) + axiom empty_len'1_spec : forall _1 : () . [%#span7] len'1 (empty'1 : Seq'0.t_seq item'0) = 0 - axiom inv'2 : forall x : Seq'0.t_seq item'0 . inv'2 x = true - - use seq.Seq - - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq item'0) (x : int) : item'0 + function index_logic'1 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function concat'1 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'1_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span13] inv'2 self) - -> ([%#span14] inv'2 other) - -> ([%#span17] inv'2 (concat'1 self other)) - && ([%#span16] forall i : int . 0 <= i /\ i < len'1 (concat'1 self other) + axiom concat'1_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span9] forall i : int . 0 + <= i + /\ i < len'1 (concat'1 self other) -> index_logic'1 (concat'1 self other) i = (if i < len'1 self then index_logic'1 self i else index_logic'1 other (i - len'1 self))) - && ([%#span15] len'1 (concat'1 self other) = len'1 self + len'1 other) + && ([%#span8] len'1 (concat'1 self other) = len'1 self + len'1 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span18] produces'1 a ab b) - -> ([%#span19] produces'1 b bc c) - -> ([%#span20] inv'3 a) - -> ([%#span21] inv'2 ab) - -> ([%#span22] inv'3 b) - -> ([%#span23] inv'2 bc) -> ([%#span24] inv'3 c) -> ([%#span25] produces'1 a (concat'1 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span10] produces'1 a ab b) + -> ([%#span11] produces'1 b bc c) + -> ([%#span12] inv'1 a) + -> ([%#span13] inv'1 b) -> ([%#span14] inv'1 c) -> ([%#span15] produces'1 a (concat'1 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span26] inv'3 self) - -> ([%#span27] produces'1 self (empty'1 : Seq'0.t_seq item'0) self) - - use seq.Seq + axiom produces_refl'0_spec : forall self : i . ([%#span16] inv'1 self) + -> ([%#span17] produces'1 self (empty'1 : Seq'0.t_seq item'0) self) use prelude.prelude.UIntSize - predicate inv'1 (_x : Seq'0.t_seq (usize, item'0)) - function len'0 (self : Seq'0.t_seq (usize, item'0)) : int - axiom len'0_spec : forall self : Seq'0.t_seq (usize, item'0) . ([%#span8] inv'1 self) -> ([%#span9] len'0 self >= 0) - - constant empty'0 : Seq'0.t_seq (usize, item'0) = [%#span10] () - - function empty_len'0 (_1 : ()) : () = - [%#span12] () + axiom len'0_spec : forall self : Seq'0.t_seq (usize, item'0) . [%#span6] len'0 self >= 0 - axiom empty_len'0_spec : forall _1 : () . [%#span11] len'0 (empty'0 : Seq'0.t_seq (usize, item'0)) = 0 + constant empty'0 : Seq'0.t_seq (usize, item'0) - predicate invariant'1 (self : Seq'0.t_seq (usize, item'0)) + function empty_len'0 (_1 : ()) : () - axiom inv'1 : forall x : Seq'0.t_seq (usize, item'0) . inv'1 x = true + axiom empty_len'0_spec : forall _1 : () . [%#span7] len'0 (empty'0 : Seq'0.t_seq (usize, item'0)) = 0 predicate completed'0 [#"../common.rs" 11 4 11 36] (self : borrowed i) - constant max'0 : usize = [%#span28] (18446744073709551615 : usize) + constant max'0 : usize = [%#span18] (18446744073709551615 : usize) use prelude.prelude.UIntSize @@ -411,11 +302,10 @@ module C15Enumerate_Impl0_ProducesTrans_Impl use C15Enumerate_Enumerate_Type as Enumerate'0 predicate invariant'0 [#"../15_enumerate.rs" 71 4 71 30] (self : Enumerate'0.t_enumerate i) = - [%#span29] (forall i : i . forall s : Seq'0.t_seq item'0 . inv'3 i - -> inv'2 s + [%#span19] (forall i : i . forall s : Seq'0.t_seq item'0 . inv'1 i -> produces'1 (C15Enumerate_Enumerate_Type.enumerate_iter self) s i -> UIntSize.to_int (C15Enumerate_Enumerate_Type.enumerate_count self) + len'1 s < UIntSize.to_int max'0) - /\ (forall i : borrowed i . inv'4 i -> completed'0 i -> produces'1 ( * i) (empty'1 : Seq'0.t_seq item'0) ( ^ i)) + /\ (forall i : borrowed i . inv'2 i -> completed'0 i -> produces'1 ( * i) (empty'1 : Seq'0.t_seq item'0) ( ^ i)) predicate inv'0 (_x : Enumerate'0.t_enumerate i) @@ -425,31 +315,25 @@ module C15Enumerate_Impl0_ProducesTrans_Impl | Enumerate'0.C_Enumerate iter count -> true end) - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq (usize, item'0)) (x : int) : (usize, item'0) + function index_logic'0 (self : Seq'0.t_seq (usize, item'0)) (_2 : int) : (usize, item'0) function concat'0 (self : Seq'0.t_seq (usize, item'0)) (other : Seq'0.t_seq (usize, item'0)) : Seq'0.t_seq (usize, item'0) - axiom concat'0_spec : forall self : Seq'0.t_seq (usize, item'0), other : Seq'0.t_seq (usize, item'0) . ([%#span13] inv'1 self) - -> ([%#span14] inv'1 other) - -> ([%#span17] inv'1 (concat'0 self other)) - && ([%#span16] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq (usize, item'0), other : Seq'0.t_seq (usize, item'0) . ([%#span9] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span15] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span8] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate produces'0 [#"../15_enumerate.rs" 28 4 28 64] (self : Enumerate'0.t_enumerate i) (visited : Seq'0.t_seq (usize, item'0)) (o : Enumerate'0.t_enumerate i) = - [%#span30] len'0 visited + [%#span20] len'0 visited = UIntSize.to_int (C15Enumerate_Enumerate_Type.enumerate_count o) - UIntSize.to_int (C15Enumerate_Enumerate_Type.enumerate_count self) - /\ (exists s : Seq'0.t_seq item'0 . inv'2 s - /\ produces'1 (C15Enumerate_Enumerate_Type.enumerate_iter self) s (C15Enumerate_Enumerate_Type.enumerate_iter o) + /\ (exists s : Seq'0.t_seq item'0 . produces'1 (C15Enumerate_Enumerate_Type.enumerate_iter self) s (C15Enumerate_Enumerate_Type.enumerate_iter o) /\ len'0 visited = len'1 s /\ (forall i : int . 0 <= i /\ i < len'1 s -> UIntSize.to_int (let (a, _) = index_logic'0 visited i in a) @@ -469,13 +353,11 @@ module C15Enumerate_Impl0_ProducesTrans_Impl function produces_trans [#"../15_enumerate.rs" 47 4 47 90] (a : Enumerate'0.t_enumerate i) (ab : Seq'0.t_seq (usize, item'0)) (b : Enumerate'0.t_enumerate i) (bc : Seq'0.t_seq (usize, item'0)) (c : Enumerate'0.t_enumerate i) : () - goal vc_produces_trans : ([%#s15_enumerate6] inv'0 c) - -> ([%#s15_enumerate5] inv'1 bc) - -> ([%#s15_enumerate4] inv'0 b) - -> ([%#s15_enumerate3] inv'1 ab) + goal vc_produces_trans : ([%#s15_enumerate4] inv'0 c) + -> ([%#s15_enumerate3] inv'0 b) -> ([%#s15_enumerate2] inv'0 a) -> ([%#s15_enumerate1] produces'0 b bc c) - -> ([%#s15_enumerate0] produces'0 a ab b) -> ([%#s15_enumerate7] produces'0 a (concat'0 ab bc) c) + -> ([%#s15_enumerate0] produces'0 a ab b) -> ([%#s15_enumerate5] produces'0 a (concat'0 ab bc) c) end module Core_Option_Option_Type type t_option 't = @@ -506,69 +388,51 @@ module C15Enumerate_Impl0_Next let%span s15_enumerate4 = "../15_enumerate.rs" 53 26 53 44 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span6 = "" 0 0 0 0 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span9 = "../15_enumerate.rs" 73 12 74 79 + let%span span5 = "" 0 0 0 0 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span7 = "../15_enumerate.rs" 73 12 74 79 - let%span span17 = "../common.rs" 18 15 18 32 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span18 = "../common.rs" 19 15 19 32 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span19 = "../common.rs" 21 22 21 23 + let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span20 = "../common.rs" 21 31 21 33 + let%span span11 = "../common.rs" 18 15 18 32 - let%span span21 = "../common.rs" 21 52 21 53 + let%span span12 = "../common.rs" 19 15 19 32 - let%span span22 = "../common.rs" 21 61 21 63 + let%span span13 = "../common.rs" 21 22 21 23 - let%span span23 = "../common.rs" 21 82 21 83 + let%span span14 = "../common.rs" 21 52 21 53 - let%span span24 = "../common.rs" 20 14 20 42 + let%span span15 = "../common.rs" 21 82 21 83 - let%span span25 = "../common.rs" 15 21 15 25 + let%span span16 = "../common.rs" 20 14 20 42 - let%span span26 = "../common.rs" 14 14 14 45 + let%span span17 = "../common.rs" 15 21 15 25 - let%span span27 = "../15_enumerate.rs" 29 8 34 9 + let%span span18 = "../common.rs" 14 14 14 45 - let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span19 = "../15_enumerate.rs" 29 8 34 9 - let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span30 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span32 = "../15_enumerate.rs" 23 8 23 43 + let%span span23 = "../15_enumerate.rs" 23 8 23 43 - let%span span33 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span24 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span34 = "../common.rs" 27 17 27 21 + let%span span25 = "../common.rs" 27 17 27 21 - let%span span35 = "../common.rs" 23 14 26 5 + let%span span26 = "../common.rs" 23 14 26 5 - let%span span36 = "../common.rs" 27 26 27 44 + let%span span27 = "../common.rs" 27 26 27 44 predicate inv'0 (_x : i) @@ -578,9 +442,7 @@ module C15Enumerate_Impl0_Next use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'7 (_x : Seq'0.t_seq item'0) - - constant empty'0 : Seq'0.t_seq item'0 = [%#span5] () + constant empty'0 : Seq'0.t_seq item'0 use prelude.prelude.Borrow @@ -590,15 +452,11 @@ module C15Enumerate_Impl0_Next use prelude.prelude.Int - constant max'0 : usize = [%#span6] (18446744073709551615 : usize) - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + constant max'0 : usize = [%#span5] (18446744073709551615 : usize) function len'1 (self : Seq'0.t_seq item'0) : int - axiom len'1_spec : forall self : Seq'0.t_seq item'0 . ([%#span7] inv'7 self) -> ([%#span8] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq item'0 . [%#span6] len'1 self >= 0 use prelude.prelude.UIntSize @@ -608,36 +466,25 @@ module C15Enumerate_Impl0_Next use C15Enumerate_Enumerate_Type as Enumerate'0 - predicate invariant'9 [#"../15_enumerate.rs" 71 4 71 30] (self : Enumerate'0.t_enumerate i) = - [%#span9] (forall i : i . forall s : Seq'0.t_seq item'0 . inv'0 i - -> inv'7 s + predicate invariant'7 [#"../15_enumerate.rs" 71 4 71 30] (self : Enumerate'0.t_enumerate i) = + [%#span7] (forall i : i . forall s : Seq'0.t_seq item'0 . inv'0 i -> produces'1 (C15Enumerate_Enumerate_Type.enumerate_iter self) s i -> UIntSize.to_int (C15Enumerate_Enumerate_Type.enumerate_count self) + len'1 s < UIntSize.to_int max'0) /\ (forall i : borrowed i . inv'4 i -> completed'1 i -> produces'1 ( * i) (empty'0 : Seq'0.t_seq item'0) ( ^ i)) - predicate inv'9 (_x : Enumerate'0.t_enumerate i) + predicate inv'7 (_x : Enumerate'0.t_enumerate i) - axiom inv'9 : forall x : Enumerate'0.t_enumerate i . inv'9 x - = (invariant'9 x + axiom inv'7 : forall x : Enumerate'0.t_enumerate i . inv'7 x + = (invariant'7 x /\ match x with | Enumerate'0.C_Enumerate iter count -> true end) - predicate invariant'8 (self : item'0) - - predicate inv'8 (_x : item'0) - - axiom inv'8 : forall x : item'0 . inv'8 x = true - - predicate invariant'7 (self : Seq'0.t_seq item'0) + predicate invariant'6 (self : item'0) - axiom inv'7 : forall x : Seq'0.t_seq item'0 . inv'7 x = true + predicate inv'6 (_x : item'0) - predicate invariant'6 (self : Seq'0.t_seq (usize, item'0)) - - predicate inv'6 (_x : Seq'0.t_seq (usize, item'0)) - - axiom inv'6 : forall x : Seq'0.t_seq (usize, item'0) . inv'6 x = true + axiom inv'6 : forall x : item'0 . inv'6 x = true predicate invariant'5 (self : (usize, item'0)) @@ -645,10 +492,9 @@ module C15Enumerate_Impl0_Next axiom inv'5 : forall x : (usize, item'0) . inv'5 x = true - function empty_len'1 (_1 : ()) : () = - [%#span11] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span10] len'1 (empty'0 : Seq'0.t_seq item'0) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span8] len'1 (empty'0 : Seq'0.t_seq item'0) = 0 predicate invariant'4 (self : borrowed i) @@ -662,18 +508,15 @@ module C15Enumerate_Impl0_Next axiom inv'3 : forall x : Option'0.t_option (usize, item'0) . inv'3 x = true - use seq.Seq - function len'0 (self : Seq'0.t_seq (usize, item'0)) : int - axiom len'0_spec : forall self : Seq'0.t_seq (usize, item'0) . ([%#span7] inv'6 self) -> ([%#span8] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (usize, item'0) . [%#span6] len'0 self >= 0 - constant empty'1 : Seq'0.t_seq (usize, item'0) = [%#span5] () + constant empty'1 : Seq'0.t_seq (usize, item'0) - function empty_len'0 (_1 : ()) : () = - [%#span11] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span10] len'0 (empty'1 : Seq'0.t_seq (usize, item'0)) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span8] len'0 (empty'1 : Seq'0.t_seq (usize, item'0)) = 0 predicate invariant'2 (self : Option'0.t_option item'0) @@ -685,91 +528,75 @@ module C15Enumerate_Impl0_Next predicate inv'1 (_x : borrowed (Enumerate'0.t_enumerate i)) - axiom inv'1 : forall x : borrowed (Enumerate'0.t_enumerate i) . inv'1 x = (inv'9 ( * x) /\ inv'9 ( ^ x)) - - use seq.Seq + axiom inv'1 : forall x : borrowed (Enumerate'0.t_enumerate i) . inv'1 x = (inv'7 ( * x) /\ inv'7 ( ^ x)) - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq item'0) (x : int) : item'0 + function index_logic'1 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span12] inv'7 self) - -> ([%#span13] inv'7 other) - -> ([%#span16] inv'7 (concat'0 self other)) - && ([%#span15] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span10] forall i : int . 0 + <= i + /\ i < len'1 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'1 self then index_logic'1 self i else index_logic'1 other (i - len'1 self))) - && ([%#span14] len'1 (concat'0 self other) = len'1 self + len'1 other) + && ([%#span9] len'1 (concat'0 self other) = len'1 self + len'1 other) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span17] produces'1 a ab b) - -> ([%#span18] produces'1 b bc c) - -> ([%#span19] inv'0 a) - -> ([%#span20] inv'7 ab) - -> ([%#span21] inv'0 b) - -> ([%#span22] inv'7 bc) -> ([%#span23] inv'0 c) -> ([%#span24] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span11] produces'1 a ab b) + -> ([%#span12] produces'1 b bc c) + -> ([%#span13] inv'0 a) + -> ([%#span14] inv'0 b) -> ([%#span15] inv'0 c) -> ([%#span16] produces'1 a (concat'0 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span25] inv'0 self) - -> ([%#span26] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : i . ([%#span17] inv'0 self) + -> ([%#span18] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) predicate invariant'0 (self : i) axiom inv'0 : forall x : i . inv'0 x = true - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq (usize, item'0)) (x : int) : (usize, item'0) + function index_logic'0 (self : Seq'0.t_seq (usize, item'0)) (_2 : int) : (usize, item'0) predicate produces'0 [#"../15_enumerate.rs" 28 4 28 64] (self : Enumerate'0.t_enumerate i) (visited : Seq'0.t_seq (usize, item'0)) (o : Enumerate'0.t_enumerate i) = - [%#span27] len'0 visited + [%#span19] len'0 visited = UIntSize.to_int (C15Enumerate_Enumerate_Type.enumerate_count o) - UIntSize.to_int (C15Enumerate_Enumerate_Type.enumerate_count self) - /\ (exists s : Seq'0.t_seq item'0 . inv'7 s - /\ produces'1 (C15Enumerate_Enumerate_Type.enumerate_iter self) s (C15Enumerate_Enumerate_Type.enumerate_iter o) + /\ (exists s : Seq'0.t_seq item'0 . produces'1 (C15Enumerate_Enumerate_Type.enumerate_iter self) s (C15Enumerate_Enumerate_Type.enumerate_iter o) /\ len'0 visited = len'1 s /\ (forall i : int . 0 <= i /\ i < len'1 s -> UIntSize.to_int (let (a, _) = index_logic'0 visited i in a) = UIntSize.to_int (C15Enumerate_Enumerate_Type.enumerate_count self) + i /\ (let (_, a) = index_logic'0 visited i in a) = index_logic'1 s i)) - use seq.Seq - function singleton'0 (v : (usize, item'0)) : Seq'0.t_seq (usize, item'0) - axiom singleton'0_spec : forall v : (usize, item'0) . ([%#span28] inv'5 v) - -> ([%#span31] inv'6 (singleton'0 v)) - && ([%#span30] index_logic'0 (singleton'0 v) 0 = v) && ([%#span29] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : (usize, item'0) . ([%#span20] inv'5 v) + -> ([%#span22] index_logic'0 (singleton'0 v) 0 = v) && ([%#span21] len'0 (singleton'0 v) = 1) predicate completed'0 [#"../15_enumerate.rs" 22 4 22 35] (self : borrowed (Enumerate'0.t_enumerate i)) = - [%#span32] completed'1 (Borrow.borrow_logic (C15Enumerate_Enumerate_Type.enumerate_iter ( * self)) (C15Enumerate_Enumerate_Type.enumerate_iter ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) + [%#span23] completed'1 (Borrow.borrow_logic (C15Enumerate_Enumerate_Type.enumerate_iter ( * self)) (C15Enumerate_Enumerate_Type.enumerate_iter ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) use prelude.prelude.Intrinsic predicate resolve'1 (self : Option'0.t_option item'0) predicate resolve'0 (self : borrowed (Enumerate'0.t_enumerate i)) = - [%#span33] ^ self = * self - - use seq.Seq + [%#span24] ^ self = * self function singleton'1 (v : item'0) : Seq'0.t_seq item'0 - axiom singleton'1_spec : forall v : item'0 . ([%#span28] inv'8 v) - -> ([%#span31] inv'7 (singleton'1 v)) - && ([%#span30] index_logic'1 (singleton'1 v) 0 = v) && ([%#span29] len'1 (singleton'1 v) = 1) + axiom singleton'1_spec : forall v : item'0 . ([%#span20] inv'6 v) + -> ([%#span22] index_logic'1 (singleton'1 v) 0 = v) && ([%#span21] len'1 (singleton'1 v) = 1) - let rec next'0 (self:borrowed i) (return' (ret:Option'0.t_option item'0))= {[@expl:precondition] [%#span34] inv'4 self} + let rec next'0 (self:borrowed i) (return' (ret:Option'0.t_option item'0))= {[@expl:precondition] [%#span25] inv'4 self} any - [ return' (result:Option'0.t_option item'0)-> {[%#span36] inv'2 result} - {[%#span35] match result with + [ return' (result:Option'0.t_option item'0)-> {[%#span27] inv'2 result} + {[%#span26] match result with | Option'0.C_None -> completed'1 self | Option'0.C_Some v -> produces'1 ( * self) (singleton'1 v) ( ^ self) end} @@ -871,49 +698,33 @@ module C15Enumerate_Enumerate let%span s15_enumerate4 = "../15_enumerate.rs" 81 42 81 54 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span6 = "" 0 0 0 0 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span9 = "../15_enumerate.rs" 73 12 74 79 + let%span span5 = "" 0 0 0 0 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span7 = "../15_enumerate.rs" 73 12 74 79 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span17 = "../common.rs" 18 15 18 32 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span18 = "../common.rs" 19 15 19 32 + let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span19 = "../common.rs" 21 22 21 23 + let%span span11 = "../common.rs" 18 15 18 32 - let%span span20 = "../common.rs" 21 31 21 33 + let%span span12 = "../common.rs" 19 15 19 32 - let%span span21 = "../common.rs" 21 52 21 53 + let%span span13 = "../common.rs" 21 22 21 23 - let%span span22 = "../common.rs" 21 61 21 63 + let%span span14 = "../common.rs" 21 52 21 53 - let%span span23 = "../common.rs" 21 82 21 83 + let%span span15 = "../common.rs" 21 82 21 83 - let%span span24 = "../common.rs" 20 14 20 42 + let%span span16 = "../common.rs" 20 14 20 42 - let%span span25 = "../common.rs" 15 21 15 25 + let%span span17 = "../common.rs" 15 21 15 25 - let%span span26 = "../common.rs" 14 14 14 45 + let%span span18 = "../common.rs" 14 14 14 45 predicate inv'1 (_x : i) @@ -923,9 +734,7 @@ module C15Enumerate_Enumerate use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'2 (_x : Seq'0.t_seq item'0) - - constant empty'0 : Seq'0.t_seq item'0 = [%#span5] () + constant empty'0 : Seq'0.t_seq item'0 use prelude.prelude.Borrow @@ -935,15 +744,11 @@ module C15Enumerate_Enumerate use prelude.prelude.Int - constant max'0 : usize = [%#span6] (18446744073709551615 : usize) - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + constant max'0 : usize = [%#span5] (18446744073709551615 : usize) function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span7] inv'2 self) -> ([%#span8] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span6] len'0 self >= 0 use prelude.prelude.UIntSize @@ -953,64 +758,51 @@ module C15Enumerate_Enumerate use C15Enumerate_Enumerate_Type as Enumerate'0 - predicate invariant'3 [#"../15_enumerate.rs" 71 4 71 30] (self : Enumerate'0.t_enumerate i) = - [%#span9] (forall i : i . forall s : Seq'0.t_seq item'0 . inv'1 i - -> inv'2 s + predicate invariant'2 [#"../15_enumerate.rs" 71 4 71 30] (self : Enumerate'0.t_enumerate i) = + [%#span7] (forall i : i . forall s : Seq'0.t_seq item'0 . inv'1 i -> produces'0 (C15Enumerate_Enumerate_Type.enumerate_iter self) s i -> UIntSize.to_int (C15Enumerate_Enumerate_Type.enumerate_count self) + len'0 s < UIntSize.to_int max'0) /\ (forall i : borrowed i . inv'0 i -> completed'0 i -> produces'0 ( * i) (empty'0 : Seq'0.t_seq item'0) ( ^ i)) - predicate inv'3 (_x : Enumerate'0.t_enumerate i) + predicate inv'2 (_x : Enumerate'0.t_enumerate i) - axiom inv'3 : forall x : Enumerate'0.t_enumerate i . inv'3 x - = (invariant'3 x + axiom inv'2 : forall x : Enumerate'0.t_enumerate i . inv'2 x + = (invariant'2 x /\ match x with | Enumerate'0.C_Enumerate iter count -> true end) - predicate invariant'2 (self : Seq'0.t_seq item'0) - - axiom inv'2 : forall x : Seq'0.t_seq item'0 . inv'2 x = true - predicate invariant'1 (self : i) axiom inv'1 : forall x : i . inv'1 x = true - function empty_len'0 (_1 : ()) : () = - [%#span11] () - - axiom empty_len'0_spec : forall _1 : () . [%#span10] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 - - use seq.Seq + function empty_len'0 (_1 : ()) : () - use seq.Seq + axiom empty_len'0_spec : forall _1 : () . [%#span8] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span12] inv'2 self) - -> ([%#span13] inv'2 other) - -> ([%#span16] inv'2 (concat'0 self other)) - && ([%#span15] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span10] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span14] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span9] len'0 (concat'0 self other) = len'0 self + len'0 other) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span17] produces'0 a ab b) - -> ([%#span18] produces'0 b bc c) - -> ([%#span19] inv'1 a) - -> ([%#span20] inv'2 ab) - -> ([%#span21] inv'1 b) - -> ([%#span22] inv'2 bc) -> ([%#span23] inv'1 c) -> ([%#span24] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span11] produces'0 a ab b) + -> ([%#span12] produces'0 b bc c) + -> ([%#span13] inv'1 a) + -> ([%#span14] inv'1 b) -> ([%#span15] inv'1 c) -> ([%#span16] produces'0 a (concat'0 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span25] inv'1 self) - -> ([%#span26] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : i . ([%#span17] inv'1 self) + -> ([%#span18] produces'0 self (empty'0 : Seq'0.t_seq item'0) self) predicate invariant'0 (self : borrowed i) @@ -1020,7 +812,7 @@ module C15Enumerate_Enumerate let rec enumerate (iter:i) (return' (ret:Enumerate'0.t_enumerate i))= {[%#s15_enumerate3] inv'1 iter} {[%#s15_enumerate2] forall i : i . forall s : Seq'0.t_seq item'0 . inv'1 i - -> inv'2 s -> produces'0 iter s i -> len'0 s < UIntSize.to_int max'0} + -> produces'0 iter s i -> len'0 s < UIntSize.to_int max'0} {[%#s15_enumerate1] forall i : borrowed i . inv'0 i -> completed'0 i -> produces'0 ( * i) (empty'0 : Seq'0.t_seq item'0) ( ^ i)} (! bb0 @@ -1033,7 +825,7 @@ module C15Enumerate_Enumerate | bb2 = bb3 | bb3 = return' {_0} ] ) [ & _0 : Enumerate'0.t_enumerate i = any_l () | & iter : i = iter ] - [ return' (result:Enumerate'0.t_enumerate i)-> {[@expl:postcondition] [%#s15_enumerate4] inv'3 result} + [ return' (result:Enumerate'0.t_enumerate i)-> {[@expl:postcondition] [%#s15_enumerate4] inv'2 result} (! return' {result}) ] end @@ -1046,109 +838,81 @@ module C15Enumerate_Impl0 let%span s15_enumerate2 = "../15_enumerate.rs" 53 4 53 44 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span4 = "" 0 0 0 0 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span7 = "../15_enumerate.rs" 73 12 74 79 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span3 = "" 0 0 0 0 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span5 = "../15_enumerate.rs" 73 12 74 79 - let%span span12 = "../15_enumerate.rs" 23 8 23 43 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span9 = "../15_enumerate.rs" 23 8 23 43 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span18 = "../15_enumerate.rs" 29 8 34 9 + let%span span12 = "../15_enumerate.rs" 29 8 34 9 use prelude.prelude.Borrow - predicate invariant'7 (self : borrowed i) + predicate invariant'5 (self : borrowed i) - predicate inv'7 (_x : borrowed i) + predicate inv'5 (_x : borrowed i) - axiom inv'7 : forall x : borrowed i . inv'7 x = true + axiom inv'5 : forall x : borrowed i . inv'5 x = true - predicate invariant'6 (self : i) + predicate invariant'4 (self : i) - predicate inv'6 (_x : i) + predicate inv'4 (_x : i) - axiom inv'6 : forall x : i . inv'6 x = true + axiom inv'4 : forall x : i . inv'4 x = true type item'0 use prelude.prelude.UIntSize - predicate invariant'5 (self : (usize, item'0)) + predicate invariant'3 (self : (usize, item'0)) - predicate inv'5 (_x : (usize, item'0)) - - axiom inv'5 : forall x : (usize, item'0) . inv'5 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + predicate inv'3 (_x : (usize, item'0)) - predicate invariant'4 (self : Seq'0.t_seq item'0) - - predicate inv'4 (_x : Seq'0.t_seq item'0) - - axiom inv'4 : forall x : Seq'0.t_seq item'0 . inv'4 x = true + axiom inv'3 : forall x : (usize, item'0) . inv'3 x = true use Core_Option_Option_Type as Option'0 - predicate invariant'3 (self : Option'0.t_option (usize, item'0)) + predicate invariant'2 (self : Option'0.t_option (usize, item'0)) - predicate inv'3 (_x : Option'0.t_option (usize, item'0)) + predicate inv'2 (_x : Option'0.t_option (usize, item'0)) - axiom inv'3 : forall x : Option'0.t_option (usize, item'0) . inv'3 x = true + axiom inv'2 : forall x : Option'0.t_option (usize, item'0) . inv'2 x = true use C15Enumerate_Enumerate_Type as Enumerate'0 - predicate invariant'2 (self : borrowed (Enumerate'0.t_enumerate i)) + predicate invariant'1 (self : borrowed (Enumerate'0.t_enumerate i)) predicate inv'0 (_x : Enumerate'0.t_enumerate i) - predicate inv'2 (_x : borrowed (Enumerate'0.t_enumerate i)) - - axiom inv'2 : forall x : borrowed (Enumerate'0.t_enumerate i) . inv'2 x = (inv'0 ( * x) /\ inv'0 ( ^ x)) - - predicate invariant'1 (self : Seq'0.t_seq (usize, item'0)) + predicate inv'1 (_x : borrowed (Enumerate'0.t_enumerate i)) - predicate inv'1 (_x : Seq'0.t_seq (usize, item'0)) + axiom inv'1 : forall x : borrowed (Enumerate'0.t_enumerate i) . inv'1 x = (inv'0 ( * x) /\ inv'0 ( ^ x)) - axiom inv'1 : forall x : Seq'0.t_seq (usize, item'0) . inv'1 x = true + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - constant empty'2 : Seq'0.t_seq item'0 = [%#span3] () + constant empty'2 : Seq'0.t_seq item'0 predicate completed'1 [#"../common.rs" 11 4 11 36] (self : borrowed i) use prelude.prelude.Int - constant max'0 : usize = [%#span4] (18446744073709551615 : usize) - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + constant max'0 : usize = [%#span3] (18446744073709551615 : usize) function len'1 (self : Seq'0.t_seq item'0) : int - axiom len'1_spec : forall self : Seq'0.t_seq item'0 . ([%#span5] inv'4 self) -> ([%#span6] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq item'0 . [%#span4] len'1 self >= 0 use prelude.prelude.UIntSize @@ -1157,11 +921,10 @@ module C15Enumerate_Impl0 predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) predicate invariant'0 [#"../15_enumerate.rs" 71 4 71 30] (self : Enumerate'0.t_enumerate i) = - [%#span7] (forall i : i . forall s : Seq'0.t_seq item'0 . inv'6 i - -> inv'4 s + [%#span5] (forall i : i . forall s : Seq'0.t_seq item'0 . inv'4 i -> produces'1 (C15Enumerate_Enumerate_Type.enumerate_iter self) s i -> UIntSize.to_int (C15Enumerate_Enumerate_Type.enumerate_count self) + len'1 s < UIntSize.to_int max'0) - /\ (forall i : borrowed i . inv'7 i -> completed'1 i -> produces'1 ( * i) (empty'2 : Seq'0.t_seq item'0) ( ^ i)) + /\ (forall i : borrowed i . inv'5 i -> completed'1 i -> produces'1 ( * i) (empty'2 : Seq'0.t_seq item'0) ( ^ i)) axiom inv'0 : forall x : Enumerate'0.t_enumerate i . inv'0 x = (invariant'0 x @@ -1169,61 +932,48 @@ module C15Enumerate_Impl0 | Enumerate'0.C_Enumerate iter count -> true end) - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq (usize, item'0)) (x : int) : (usize, item'0) - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq (usize, item'0)) (_2 : int) : (usize, item'0) function len'0 (self : Seq'0.t_seq (usize, item'0)) : int - axiom len'0_spec : forall self : Seq'0.t_seq (usize, item'0) . ([%#span5] inv'1 self) -> ([%#span6] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (usize, item'0) . [%#span4] len'0 self >= 0 function singleton'0 (v : (usize, item'0)) : Seq'0.t_seq (usize, item'0) - axiom singleton'0_spec : forall v : (usize, item'0) . ([%#span8] inv'5 v) - -> ([%#span11] inv'1 (singleton'0 v)) - && ([%#span10] index_logic'0 (singleton'0 v) 0 = v) && ([%#span9] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : (usize, item'0) . ([%#span6] inv'3 v) + -> ([%#span8] index_logic'0 (singleton'0 v) 0 = v) && ([%#span7] len'0 (singleton'0 v) = 1) predicate completed'0 [#"../15_enumerate.rs" 22 4 22 35] (self : borrowed (Enumerate'0.t_enumerate i)) = - [%#span12] completed'1 (Borrow.borrow_logic (C15Enumerate_Enumerate_Type.enumerate_iter ( * self)) (C15Enumerate_Enumerate_Type.enumerate_iter ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) - - use seq.Seq + [%#span9] completed'1 (Borrow.borrow_logic (C15Enumerate_Enumerate_Type.enumerate_iter ( * self)) (C15Enumerate_Enumerate_Type.enumerate_iter ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) function concat'0 (self : Seq'0.t_seq (usize, item'0)) (other : Seq'0.t_seq (usize, item'0)) : Seq'0.t_seq (usize, item'0) - axiom concat'0_spec : forall self : Seq'0.t_seq (usize, item'0), other : Seq'0.t_seq (usize, item'0) . ([%#span13] inv'1 self) - -> ([%#span14] inv'1 other) - -> ([%#span17] inv'1 (concat'0 self other)) - && ([%#span16] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq (usize, item'0), other : Seq'0.t_seq (usize, item'0) . ([%#span11] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span15] len'0 (concat'0 self other) = len'0 self + len'0 other) - - constant empty'0 : Seq'0.t_seq (usize, item'0) = [%#span3] () + && ([%#span10] len'0 (concat'0 self other) = len'0 self + len'0 other) - use seq.Seq + constant empty'0 : Seq'0.t_seq (usize, item'0) - function index_logic'1 (self : Seq'0.t_seq item'0) (x : int) : item'0 + function index_logic'1 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 predicate produces'0 [#"../15_enumerate.rs" 28 4 28 64] (self : Enumerate'0.t_enumerate i) (visited : Seq'0.t_seq (usize, item'0)) (o : Enumerate'0.t_enumerate i) = - [%#span18] len'0 visited + [%#span12] len'0 visited = UIntSize.to_int (C15Enumerate_Enumerate_Type.enumerate_count o) - UIntSize.to_int (C15Enumerate_Enumerate_Type.enumerate_count self) - /\ (exists s : Seq'0.t_seq item'0 . inv'4 s - /\ produces'1 (C15Enumerate_Enumerate_Type.enumerate_iter self) s (C15Enumerate_Enumerate_Type.enumerate_iter o) + /\ (exists s : Seq'0.t_seq item'0 . produces'1 (C15Enumerate_Enumerate_Type.enumerate_iter self) s (C15Enumerate_Enumerate_Type.enumerate_iter o) /\ len'0 visited = len'1 s /\ (forall i : int . 0 <= i /\ i < len'1 s -> UIntSize.to_int (let (a, _) = index_logic'0 visited i in a) = UIntSize.to_int (C15Enumerate_Enumerate_Type.enumerate_count self) + i /\ (let (_, a) = index_logic'0 visited i in a) = index_logic'1 s i)) - constant empty'0 : Seq'0.t_seq (usize, item'0) = [%#span3] () + constant empty'0 : Seq'0.t_seq (usize, item'0) goal produces_refl_refn : [%#s15_enumerate0] forall self : Enumerate'0.t_enumerate i . inv'0 self -> inv'0 self @@ -1231,23 +981,21 @@ module C15Enumerate_Impl0 -> produces'0 self (empty'1 : Seq'0.t_seq (usize, item'0)) self) goal produces_trans_refn : [%#s15_enumerate1] forall a : Enumerate'0.t_enumerate i . forall ab : Seq'0.t_seq (usize, item'0) . forall b : Enumerate'0.t_enumerate i . forall bc : Seq'0.t_seq (usize, item'0) . forall c : Enumerate'0.t_enumerate i . inv'0 c - /\ inv'1 bc /\ inv'0 b /\ inv'1 ab /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b + /\ inv'0 b /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b -> inv'0 c - /\ inv'1 bc /\ inv'0 b - /\ inv'1 ab /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (concat'0 ab bc) c -> produces'0 a (concat'0 ab bc) c) - goal next_refn : [%#s15_enumerate2] forall self : borrowed (Enumerate'0.t_enumerate i) . inv'2 self - -> inv'2 self - /\ (forall result : Option'0.t_option (usize, item'0) . inv'3 result + goal next_refn : [%#s15_enumerate2] forall self : borrowed (Enumerate'0.t_enumerate i) . inv'1 self + -> inv'1 self + /\ (forall result : Option'0.t_option (usize, item'0) . inv'2 result /\ match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end - -> inv'3 result + -> inv'2 result /\ match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) diff --git a/creusot/tests/should_succeed/iterators/16_take.coma b/creusot/tests/should_succeed/iterators/16_take.coma index fa4059147d..2087eb31fe 100644 --- a/creusot/tests/should_succeed/iterators/16_take.coma +++ b/creusot/tests/should_succeed/iterators/16_take.coma @@ -25,22 +25,7 @@ module C16Take_Take_Type end end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C16Take_Impl0_ProducesRefl_Impl type i @@ -49,113 +34,79 @@ module C16Take_Impl0_ProducesRefl_Impl let%span s16_take1 = "../16_take.rs" 39 14 39 45 - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span9 = "../common.rs" 18 15 18 32 - - let%span span10 = "../common.rs" 19 15 19 32 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span11 = "../common.rs" 21 22 21 23 + let%span span5 = "../common.rs" 18 15 18 32 - let%span span12 = "../common.rs" 21 31 21 33 + let%span span6 = "../common.rs" 19 15 19 32 - let%span span13 = "../common.rs" 21 52 21 53 + let%span span7 = "../common.rs" 21 22 21 23 - let%span span14 = "../common.rs" 21 61 21 63 + let%span span8 = "../common.rs" 21 52 21 53 - let%span span15 = "../common.rs" 21 82 21 83 + let%span span9 = "../common.rs" 21 82 21 83 - let%span span16 = "../common.rs" 20 14 20 42 + let%span span10 = "../common.rs" 20 14 20 42 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span11 = "../common.rs" 15 21 15 25 - let%span span18 = "../common.rs" 15 21 15 25 + let%span span12 = "../common.rs" 14 14 14 45 - let%span span19 = "../common.rs" 14 14 14 45 + let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span14 = "../16_take.rs" 32 8 34 9 - let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + predicate invariant'1 (self : i) - let%span span22 = "../16_take.rs" 32 8 34 9 + predicate inv'1 (_x : i) - predicate invariant'2 (self : i) - - predicate inv'2 (_x : i) - - axiom inv'2 : forall x : i . inv'2 x = true + axiom inv'1 : forall x : i . inv'1 x = true type item'0 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'1 (self : Seq'0.t_seq item'0) - - predicate inv'1 (_x : Seq'0.t_seq item'0) - - axiom inv'1 : forall x : Seq'0.t_seq item'0 . inv'1 x = true - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - use seq.Seq - use prelude.prelude.Int - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span2] inv'1 self) -> ([%#span3] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span2] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span4] inv'1 self) - -> ([%#span5] inv'1 other) - -> ([%#span8] inv'1 (concat'0 self other)) - && ([%#span7] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span4] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span6] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span3] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span9] produces'1 a ab b) - -> ([%#span10] produces'1 b bc c) - -> ([%#span11] inv'2 a) - -> ([%#span12] inv'1 ab) - -> ([%#span13] inv'2 b) - -> ([%#span14] inv'1 bc) -> ([%#span15] inv'2 c) -> ([%#span16] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span5] produces'1 a ab b) + -> ([%#span6] produces'1 b bc c) + -> ([%#span7] inv'1 a) + -> ([%#span8] inv'1 b) -> ([%#span9] inv'1 c) -> ([%#span10] produces'1 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq item'0 = [%#span17] () + constant empty'0 : Seq'0.t_seq item'0 function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span18] inv'2 self) - -> ([%#span19] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : i . ([%#span11] inv'1 self) + -> ([%#span12] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) - function empty_len'0 (_1 : ()) : () = - [%#span21] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span20] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span13] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 use C16Take_Take_Type as Take'0 @@ -172,7 +123,7 @@ module C16Take_Impl0_ProducesRefl_Impl predicate produces'0 [#"../16_take.rs" 31 4 31 64] (self : Take'0.t_take i) (visited : Seq'0.t_seq item'0) (o : Take'0.t_take i) = - [%#span22] UIntSize.to_int (C16Take_Take_Type.take_n self) + [%#span14] UIntSize.to_int (C16Take_Take_Type.take_n self) = UIntSize.to_int (C16Take_Take_Type.take_n o) + len'0 visited /\ produces'1 (C16Take_Take_Type.take_iter self) visited (C16Take_Take_Type.take_iter o) @@ -192,123 +143,85 @@ module C16Take_Impl0_ProducesTrans_Impl let%span s16_take2 = "../16_take.rs" 47 22 47 23 - let%span s16_take3 = "../16_take.rs" 47 31 47 33 - - let%span s16_take4 = "../16_take.rs" 47 52 47 53 - - let%span s16_take5 = "../16_take.rs" 47 61 47 63 - - let%span s16_take6 = "../16_take.rs" 47 82 47 83 - - let%span s16_take7 = "../16_take.rs" 46 14 46 42 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span s16_take3 = "../16_take.rs" 47 52 47 53 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span s16_take4 = "../16_take.rs" 47 82 47 83 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span s16_take5 = "../16_take.rs" 46 14 46 42 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span15 = "../common.rs" 18 15 18 32 - - let%span span16 = "../common.rs" 19 15 19 32 - - let%span span17 = "../common.rs" 21 22 21 23 - - let%span span18 = "../common.rs" 21 31 21 33 - - let%span span19 = "../common.rs" 21 52 21 53 + let%span span9 = "../common.rs" 18 15 18 32 - let%span span20 = "../common.rs" 21 61 21 63 + let%span span10 = "../common.rs" 19 15 19 32 - let%span span21 = "../common.rs" 21 82 21 83 + let%span span11 = "../common.rs" 21 22 21 23 - let%span span22 = "../common.rs" 20 14 20 42 + let%span span12 = "../common.rs" 21 52 21 53 - let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span13 = "../common.rs" 21 82 21 83 - let%span span24 = "../common.rs" 15 21 15 25 + let%span span14 = "../common.rs" 20 14 20 42 - let%span span25 = "../common.rs" 14 14 14 45 + let%span span15 = "../common.rs" 15 21 15 25 - let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span16 = "../common.rs" 14 14 14 45 - let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span28 = "../16_take.rs" 32 8 34 9 + let%span span18 = "../16_take.rs" 32 8 34 9 - predicate invariant'2 (self : i) + predicate invariant'1 (self : i) - predicate inv'2 (_x : i) + predicate inv'1 (_x : i) - axiom inv'2 : forall x : i . inv'2 x = true + axiom inv'1 : forall x : i . inv'1 x = true type item'0 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - use seq.Seq - use prelude.prelude.Int - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 - - use seq.Seq - - predicate inv'1 (_x : Seq'0.t_seq item'0) + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span8] inv'1 self) -> ([%#span9] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span6] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span10] inv'1 self) - -> ([%#span11] inv'1 other) - -> ([%#span14] inv'1 (concat'0 self other)) - && ([%#span13] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span8] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span12] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span7] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span15] produces'1 a ab b) - -> ([%#span16] produces'1 b bc c) - -> ([%#span17] inv'2 a) - -> ([%#span18] inv'1 ab) - -> ([%#span19] inv'2 b) - -> ([%#span20] inv'1 bc) -> ([%#span21] inv'2 c) -> ([%#span22] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span9] produces'1 a ab b) + -> ([%#span10] produces'1 b bc c) + -> ([%#span11] inv'1 a) + -> ([%#span12] inv'1 b) -> ([%#span13] inv'1 c) -> ([%#span14] produces'1 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq item'0 = [%#span23] () + constant empty'0 : Seq'0.t_seq item'0 function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span24] inv'2 self) - -> ([%#span25] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) - - function empty_len'0 (_1 : ()) : () = - [%#span27] () + axiom produces_refl'0_spec : forall self : i . ([%#span15] inv'1 self) + -> ([%#span16] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) - axiom empty_len'0_spec : forall _1 : () . [%#span26] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 + function empty_len'0 (_1 : ()) : () - predicate invariant'1 (self : Seq'0.t_seq item'0) - - axiom inv'1 : forall x : Seq'0.t_seq item'0 . inv'1 x = true + axiom empty_len'0_spec : forall _1 : () . [%#span17] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 use C16Take_Take_Type as Take'0 @@ -325,7 +238,7 @@ module C16Take_Impl0_ProducesTrans_Impl predicate produces'0 [#"../16_take.rs" 31 4 31 64] (self : Take'0.t_take i) (visited : Seq'0.t_seq item'0) (o : Take'0.t_take i) = - [%#span28] UIntSize.to_int (C16Take_Take_Type.take_n self) + [%#span18] UIntSize.to_int (C16Take_Take_Type.take_n self) = UIntSize.to_int (C16Take_Take_Type.take_n o) + len'0 visited /\ produces'1 (C16Take_Take_Type.take_iter self) visited (C16Take_Take_Type.take_iter o) @@ -342,13 +255,11 @@ module C16Take_Impl0_ProducesTrans_Impl function produces_trans [#"../16_take.rs" 47 4 47 90] (a : Take'0.t_take i) (ab : Seq'0.t_seq item'0) (b : Take'0.t_take i) (bc : Seq'0.t_seq item'0) (c : Take'0.t_take i) : () - goal vc_produces_trans : ([%#s16_take6] inv'0 c) - -> ([%#s16_take5] inv'1 bc) - -> ([%#s16_take4] inv'0 b) - -> ([%#s16_take3] inv'1 ab) + goal vc_produces_trans : ([%#s16_take4] inv'0 c) + -> ([%#s16_take3] inv'0 b) -> ([%#s16_take2] inv'0 a) -> ([%#s16_take1] produces'0 b bc c) - -> ([%#s16_take0] produces'0 a ab b) -> ([%#s16_take7] produces'0 a (concat'0 ab bc) c) + -> ([%#s16_take0] produces'0 a ab b) -> ([%#s16_take5] produces'0 a (concat'0 ab bc) c) end module Core_Option_Option_Type type t_option 't = @@ -379,76 +290,50 @@ module C16Take_Impl0_Next let%span s16_take4 = "../16_take.rs" 53 26 53 41 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span15 = "../common.rs" 18 15 18 32 - - let%span span16 = "../common.rs" 19 15 19 32 - - let%span span17 = "../common.rs" 21 22 21 23 - - let%span span18 = "../common.rs" 21 31 21 33 + let%span span9 = "../common.rs" 18 15 18 32 - let%span span19 = "../common.rs" 21 52 21 53 + let%span span10 = "../common.rs" 19 15 19 32 - let%span span20 = "../common.rs" 21 61 21 63 + let%span span11 = "../common.rs" 21 22 21 23 - let%span span21 = "../common.rs" 21 82 21 83 + let%span span12 = "../common.rs" 21 52 21 53 - let%span span22 = "../common.rs" 20 14 20 42 + let%span span13 = "../common.rs" 21 82 21 83 - let%span span23 = "../common.rs" 15 21 15 25 + let%span span14 = "../common.rs" 20 14 20 42 - let%span span24 = "../common.rs" 14 14 14 45 + let%span span15 = "../common.rs" 15 21 15 25 - let%span span25 = "../16_take.rs" 32 8 34 9 + let%span span16 = "../common.rs" 14 14 14 45 - let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span17 = "../16_take.rs" 32 8 34 9 - let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span30 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span21 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span31 = "../16_take.rs" 23 8 26 9 + let%span span22 = "../16_take.rs" 23 8 26 9 - let%span span32 = "../common.rs" 27 17 27 21 + let%span span23 = "../common.rs" 27 17 27 21 - let%span span33 = "../common.rs" 23 14 26 5 + let%span span24 = "../common.rs" 23 14 26 5 - let%span span34 = "../common.rs" 27 26 27 44 + let%span span25 = "../common.rs" 27 26 27 44 type item'0 - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'5 (self : Seq'0.t_seq item'0) - - predicate inv'5 (_x : Seq'0.t_seq item'0) - - axiom inv'5 : forall x : Seq'0.t_seq item'0 . inv'5 x = true - predicate invariant'4 (self : item'0) predicate inv'4 (_x : item'0) @@ -473,20 +358,17 @@ module C16Take_Impl0_Next use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span5] inv'5 self) -> ([%#span6] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span5] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq item'0 = [%#span7] () + constant empty'0 : Seq'0.t_seq item'0 - function empty_len'0 (_1 : ()) : () = - [%#span9] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span8] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span6] len'0 (empty'0 : Seq'0.t_seq item'0) = 0 use C16Take_Take_Type as Take'0 @@ -496,21 +378,16 @@ module C16Take_Impl0_Next axiom inv'1 : forall x : borrowed (Take'0.t_take i) . inv'1 x = true - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span10] inv'5 self) - -> ([%#span11] inv'5 other) - -> ([%#span14] inv'5 (concat'0 self other)) - && ([%#span13] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span8] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span12] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span7] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate inv'0 (_x : i) @@ -519,17 +396,15 @@ module C16Take_Impl0_Next function produces_trans'0 [#"../common.rs" 21 4 21 91] (a : i) (ab : Seq'0.t_seq item'0) (b : i) (bc : Seq'0.t_seq item'0) (c : i) : () - axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span15] produces'1 a ab b) - -> ([%#span16] produces'1 b bc c) - -> ([%#span17] inv'0 a) - -> ([%#span18] inv'5 ab) - -> ([%#span19] inv'0 b) - -> ([%#span20] inv'5 bc) -> ([%#span21] inv'0 c) -> ([%#span22] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : i, ab : Seq'0.t_seq item'0, b : i, bc : Seq'0.t_seq item'0, c : i . ([%#span9] produces'1 a ab b) + -> ([%#span10] produces'1 b bc c) + -> ([%#span11] inv'0 a) + -> ([%#span12] inv'0 b) -> ([%#span13] inv'0 c) -> ([%#span14] produces'1 a (concat'0 ab bc) c) function produces_refl'0 [#"../common.rs" 15 4 15 27] (self : i) : () - axiom produces_refl'0_spec : forall self : i . ([%#span23] inv'0 self) - -> ([%#span24] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) + axiom produces_refl'0_spec : forall self : i . ([%#span15] inv'0 self) + -> ([%#span16] produces'1 self (empty'0 : Seq'0.t_seq item'0) self) predicate invariant'0 (self : i) @@ -542,35 +417,32 @@ module C16Take_Impl0_Next predicate produces'0 [#"../16_take.rs" 31 4 31 64] (self : Take'0.t_take i) (visited : Seq'0.t_seq item'0) (o : Take'0.t_take i) = - [%#span25] UIntSize.to_int (C16Take_Take_Type.take_n self) + [%#span17] UIntSize.to_int (C16Take_Take_Type.take_n self) = UIntSize.to_int (C16Take_Take_Type.take_n o) + len'0 visited /\ produces'1 (C16Take_Take_Type.take_iter self) visited (C16Take_Take_Type.take_iter o) - use seq.Seq - function singleton'0 (v : item'0) : Seq'0.t_seq item'0 - axiom singleton'0_spec : forall v : item'0 . ([%#span26] inv'4 v) - -> ([%#span29] inv'5 (singleton'0 v)) - && ([%#span28] index_logic'0 (singleton'0 v) 0 = v) && ([%#span27] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : item'0 . ([%#span18] inv'4 v) + -> ([%#span20] index_logic'0 (singleton'0 v) 0 = v) && ([%#span19] len'0 (singleton'0 v) = 1) predicate completed'1 [#"../common.rs" 11 4 11 36] (self : borrowed i) predicate resolve'0 (self : borrowed (Take'0.t_take i)) = - [%#span30] ^ self = * self + [%#span21] ^ self = * self predicate completed'0 [#"../16_take.rs" 22 4 22 35] (self : borrowed (Take'0.t_take i)) = - [%#span31] UIntSize.to_int (C16Take_Take_Type.take_n ( * self)) = 0 /\ resolve'0 self + [%#span22] UIntSize.to_int (C16Take_Take_Type.take_n ( * self)) = 0 /\ resolve'0 self \/ UIntSize.to_int (C16Take_Take_Type.take_n ( * self)) > 0 /\ UIntSize.to_int (C16Take_Take_Type.take_n ( * self)) = UIntSize.to_int (C16Take_Take_Type.take_n ( ^ self)) + 1 /\ completed'1 (Borrow.borrow_logic (C16Take_Take_Type.take_iter ( * self)) (C16Take_Take_Type.take_iter ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) use prelude.prelude.Intrinsic - let rec next'0 (self:borrowed i) (return' (ret:Option'0.t_option item'0))= {[@expl:precondition] [%#span32] inv'3 self} + let rec next'0 (self:borrowed i) (return' (ret:Option'0.t_option item'0))= {[@expl:precondition] [%#span23] inv'3 self} any - [ return' (result:Option'0.t_option item'0)-> {[%#span34] inv'2 result} - {[%#span33] match result with + [ return' (result:Option'0.t_option item'0)-> {[%#span25] inv'2 result} + {[%#span24] match result with | Option'0.C_None -> completed'1 self | Option'0.C_Some v -> produces'1 ( * self) (singleton'0 v) ( ^ self) end} @@ -640,69 +512,49 @@ module C16Take_Impl0 let%span s16_take2 = "../16_take.rs" 53 4 53 41 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span9 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span7 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span10 = "../16_take.rs" 23 8 26 9 + let%span span8 = "../16_take.rs" 23 8 26 9 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span17 = "../16_take.rs" 32 8 34 9 + let%span span11 = "../16_take.rs" 32 8 34 9 type item'0 - predicate invariant'4 (self : item'0) + predicate invariant'3 (self : item'0) - predicate inv'4 (_x : item'0) + predicate inv'3 (_x : item'0) - axiom inv'4 : forall x : item'0 . inv'4 x = true + axiom inv'3 : forall x : item'0 . inv'3 x = true use Core_Option_Option_Type as Option'0 - predicate invariant'3 (self : Option'0.t_option item'0) + predicate invariant'2 (self : Option'0.t_option item'0) - predicate inv'3 (_x : Option'0.t_option item'0) + predicate inv'2 (_x : Option'0.t_option item'0) - axiom inv'3 : forall x : Option'0.t_option item'0 . inv'3 x = true + axiom inv'2 : forall x : Option'0.t_option item'0 . inv'2 x = true use C16Take_Take_Type as Take'0 use prelude.prelude.Borrow - predicate invariant'2 (self : borrowed (Take'0.t_take i)) - - predicate inv'2 (_x : borrowed (Take'0.t_take i)) - - axiom inv'2 : forall x : borrowed (Take'0.t_take i) . inv'2 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'1 (self : Seq'0.t_seq item'0) + predicate invariant'1 (self : borrowed (Take'0.t_take i)) - predicate inv'1 (_x : Seq'0.t_seq item'0) + predicate inv'1 (_x : borrowed (Take'0.t_take i)) - axiom inv'1 : forall x : Seq'0.t_seq item'0 . inv'1 x = true + axiom inv'1 : forall x : borrowed (Take'0.t_take i) . inv'1 x = true predicate invariant'0 (self : Take'0.t_take i) @@ -712,72 +564,60 @@ module C16Take_Impl0 use prelude.prelude.Int - use seq.Seq - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - function index_logic'0 (self : Seq'0.t_seq item'0) (x : int) : item'0 + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq item'0) (_2 : int) : item'0 function len'0 (self : Seq'0.t_seq item'0) : int - axiom len'0_spec : forall self : Seq'0.t_seq item'0 . ([%#span3] inv'1 self) -> ([%#span4] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq item'0 . [%#span3] len'0 self >= 0 function singleton'0 (v : item'0) : Seq'0.t_seq item'0 - axiom singleton'0_spec : forall v : item'0 . ([%#span5] inv'4 v) - -> ([%#span8] inv'1 (singleton'0 v)) - && ([%#span7] index_logic'0 (singleton'0 v) 0 = v) && ([%#span6] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : item'0 . ([%#span4] inv'3 v) + -> ([%#span6] index_logic'0 (singleton'0 v) 0 = v) && ([%#span5] len'0 (singleton'0 v) = 1) predicate completed'1 [#"../common.rs" 11 4 11 36] (self : borrowed i) use C16Take_Take_Type as C16Take_Take_Type predicate resolve'0 (self : borrowed (Take'0.t_take i)) = - [%#span9] ^ self = * self + [%#span7] ^ self = * self use prelude.prelude.UIntSize predicate completed'0 [#"../16_take.rs" 22 4 22 35] (self : borrowed (Take'0.t_take i)) = - [%#span10] UIntSize.to_int (C16Take_Take_Type.take_n ( * self)) = 0 /\ resolve'0 self + [%#span8] UIntSize.to_int (C16Take_Take_Type.take_n ( * self)) = 0 /\ resolve'0 self \/ UIntSize.to_int (C16Take_Take_Type.take_n ( * self)) > 0 /\ UIntSize.to_int (C16Take_Take_Type.take_n ( * self)) = UIntSize.to_int (C16Take_Take_Type.take_n ( ^ self)) + 1 /\ completed'1 (Borrow.borrow_logic (C16Take_Take_Type.take_iter ( * self)) (C16Take_Take_Type.take_iter ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) - constant empty'0 : Seq'0.t_seq item'0 = [%#span11] () - - constant empty'0 : Seq'0.t_seq item'0 = [%#span11] () + constant empty'0 : Seq'0.t_seq item'0 - use seq.Seq + constant empty'0 : Seq'0.t_seq item'0 function concat'0 (self : Seq'0.t_seq item'0) (other : Seq'0.t_seq item'0) : Seq'0.t_seq item'0 - axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span12] inv'1 self) - -> ([%#span13] inv'1 other) - -> ([%#span16] inv'1 (concat'0 self other)) - && ([%#span15] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq item'0, other : Seq'0.t_seq item'0 . ([%#span10] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span14] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span9] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate produces'1 [#"../common.rs" 8 4 8 65] (self : i) (visited : Seq'0.t_seq item'0) (o : i) predicate produces'0 [#"../16_take.rs" 31 4 31 64] (self : Take'0.t_take i) (visited : Seq'0.t_seq item'0) (o : Take'0.t_take i) = - [%#span17] UIntSize.to_int (C16Take_Take_Type.take_n self) + [%#span11] UIntSize.to_int (C16Take_Take_Type.take_n self) = UIntSize.to_int (C16Take_Take_Type.take_n o) + len'0 visited /\ produces'1 (C16Take_Take_Type.take_iter self) visited (C16Take_Take_Type.take_iter o) goal produces_trans_refn : [%#s16_take0] forall a : Take'0.t_take i . forall ab : Seq'0.t_seq item'0 . forall b : Take'0.t_take i . forall bc : Seq'0.t_seq item'0 . forall c : Take'0.t_take i . inv'0 c - /\ inv'1 bc /\ inv'0 b /\ inv'1 ab /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b + /\ inv'0 b /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b -> inv'0 c - /\ inv'1 bc /\ inv'0 b - /\ inv'1 ab /\ inv'0 a /\ produces'0 b bc c /\ produces'0 a ab b /\ (forall result : () . produces'0 a (concat'0 ab bc) c -> produces'0 a (concat'0 ab bc) c) @@ -787,14 +627,14 @@ module C16Take_Impl0 /\ (forall result : () . produces'0 self (empty'0 : Seq'0.t_seq item'0) self -> produces'0 self (empty'1 : Seq'0.t_seq item'0) self) - goal next_refn : [%#s16_take2] forall self : borrowed (Take'0.t_take i) . inv'2 self - -> inv'2 self - /\ (forall result : Option'0.t_option item'0 . inv'3 result + goal next_refn : [%#s16_take2] forall self : borrowed (Take'0.t_take i) . inv'1 self + -> inv'1 self + /\ (forall result : Option'0.t_option item'0 . inv'2 result /\ match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end - -> inv'3 result + -> inv'2 result /\ match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) diff --git a/creusot/tests/should_succeed/knapsack.coma b/creusot/tests/should_succeed/knapsack.coma index 12b9442499..88e6c97ab1 100644 --- a/creusot/tests/should_succeed/knapsack.coma +++ b/creusot/tests/should_succeed/knapsack.coma @@ -30,22 +30,7 @@ module Knapsack_Max end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module Knapsack_Item_Type use prelude.prelude.UIntSize @@ -80,49 +65,29 @@ module Knapsack_M_Impl let%span sknapsack1 = "../knapsack.rs" 32 11 32 17 - let%span sknapsack2 = "../knapsack.rs" 34 11 34 16 - - let%span sknapsack3 = "../knapsack.rs" 33 10 33 21 - - let%span sknapsack4 = "../knapsack.rs" 30 10 30 11 - - let%span span5 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span sknapsack2 = "../knapsack.rs" 33 10 33 21 - let%span span6 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span sknapsack3 = "../knapsack.rs" 30 10 30 11 - let%span span7 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span4 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span8 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span5 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span9 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + use prelude.prelude.Int use Knapsack_Item_Type as Item'0 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'0 (self : Seq'0.t_seq (Item'0.t_item name)) - - predicate inv'0 (_x : Seq'0.t_seq (Item'0.t_item name)) - - axiom inv'0 : forall x : Seq'0.t_seq (Item'0.t_item name) . inv'0 x = true - - use prelude.prelude.Int - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq (Item'0.t_item name)) : int - axiom len'0_spec : forall self : Seq'0.t_seq (Item'0.t_item name) . ([%#span5] inv'0 self) - -> ([%#span6] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (Item'0.t_item name) . [%#span4] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq (Item'0.t_item name) = [%#span7] () + constant empty'0 : Seq'0.t_seq (Item'0.t_item name) - function empty_len'0 (_1 : ()) : () = - [%#span9] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span8] len'0 (empty'0 : Seq'0.t_seq (Item'0.t_item name)) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span5] len'0 (empty'0 : Seq'0.t_seq (Item'0.t_item name)) = 0 use int.MinMax @@ -132,9 +97,7 @@ module Knapsack_M_Impl use prelude.prelude.UIntSize - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq (Item'0.t_item name)) (x : int) : Item'0.t_item name + function index_logic'0 (self : Seq'0.t_seq (Item'0.t_item name)) (_2 : int) : Item'0.t_item name constant items : Seq'0.t_seq (Item'0.t_item name) @@ -144,28 +107,24 @@ module Knapsack_M_Impl function m [#"../knapsack.rs" 34 0 34 57] (items : Seq'0.t_seq (Item'0.t_item name)) (i : int) (w : int) : int - goal vc_m : ([%#sknapsack2] inv'0 items) - -> ([%#sknapsack1] 0 <= w) + goal vc_m : ([%#sknapsack1] 0 <= w) -> ([%#sknapsack0] 0 <= i /\ i <= len'0 items) -> match i = 0 with - | True -> [%#sknapsack3] 0 >= 0 + | True -> [%#sknapsack2] 0 >= 0 | False -> match UIntSize.to_int (Knapsack_Item_Type.item_weight (index_logic'0 items (i - 1))) > w with - | True -> ((([%#sknapsack2] inv'0 items) - && ([%#sknapsack1] 0 <= w) && ([%#sknapsack0] 0 <= i - 1 /\ i - 1 <= len'0 items)) - /\ 0 <= ([%#sknapsack4] i) /\ ([%#sknapsack4] i - 1) < ([%#sknapsack4] i)) - /\ (([%#sknapsack3] m items (i - 1) w >= 0) -> ([%#sknapsack3] m items (i - 1) w >= 0)) - | False -> ((([%#sknapsack2] inv'0 items) - && ([%#sknapsack1] 0 <= w) && ([%#sknapsack0] 0 <= i - 1 /\ i - 1 <= len'0 items)) - /\ 0 <= ([%#sknapsack4] i) /\ ([%#sknapsack4] i - 1) < ([%#sknapsack4] i)) - /\ (([%#sknapsack3] m items (i - 1) w >= 0) - -> ((([%#sknapsack2] inv'0 items) - && ([%#sknapsack1] 0 <= w - UIntSize.to_int (Knapsack_Item_Type.item_weight (index_logic'0 items (i - 1)))) + | True -> ((([%#sknapsack1] 0 <= w) && ([%#sknapsack0] 0 <= i - 1 /\ i - 1 <= len'0 items)) + /\ 0 <= ([%#sknapsack3] i) /\ ([%#sknapsack3] i - 1) < ([%#sknapsack3] i)) + /\ (([%#sknapsack2] m items (i - 1) w >= 0) -> ([%#sknapsack2] m items (i - 1) w >= 0)) + | False -> ((([%#sknapsack1] 0 <= w) && ([%#sknapsack0] 0 <= i - 1 /\ i - 1 <= len'0 items)) + /\ 0 <= ([%#sknapsack3] i) /\ ([%#sknapsack3] i - 1) < ([%#sknapsack3] i)) + /\ (([%#sknapsack2] m items (i - 1) w >= 0) + -> ((([%#sknapsack1] 0 <= w - UIntSize.to_int (Knapsack_Item_Type.item_weight (index_logic'0 items (i - 1)))) && ([%#sknapsack0] 0 <= i - 1 /\ i - 1 <= len'0 items)) - /\ 0 <= ([%#sknapsack4] i) /\ ([%#sknapsack4] i - 1) < ([%#sknapsack4] i)) - /\ (([%#sknapsack3] m items (i - 1) (w + /\ 0 <= ([%#sknapsack3] i) /\ ([%#sknapsack3] i - 1) < ([%#sknapsack3] i)) + /\ (([%#sknapsack2] m items (i - 1) (w - UIntSize.to_int (Knapsack_Item_Type.item_weight (index_logic'0 items (i - 1)))) >= 0) - -> ([%#sknapsack3] MinMax.max (m items (i - 1) w) (m items (i - 1) (w + -> ([%#sknapsack2] MinMax.max (m items (i - 1) w) (m items (i - 1) (w - UIntSize.to_int (Knapsack_Item_Type.item_weight (index_logic'0 items (i - 1)))) + UIntSize.to_int (Knapsack_Item_Type.item_value (index_logic'0 items (i - 1)))) >= 0))) @@ -320,266 +279,235 @@ module Knapsack_Knapsack01Dyn let%span sknapsack21 = "../knapsack.rs" 48 75 48 91 - let%span span22 = "" 0 0 0 0 + let%span span22 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span23 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span23 = "" 0 0 0 0 - let%span span24 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span24 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 let%span span25 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 let%span span26 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span27 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span27 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span28 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span28 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span29 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span29 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span30 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span30 = "../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 - let%span span31 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span31 = "../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 - let%span span32 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 + let%span span32 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span33 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span33 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span34 = "../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 + let%span span34 = "../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span35 = "../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 + let%span span35 = "../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span36 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span36 = "../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span37 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span37 = "../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span38 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span38 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span39 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span39 = "" 0 0 0 0 - let%span span40 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span40 = "" 0 0 0 0 - let%span span41 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span41 = "../../../../creusot-contracts/src/std/vec.rs" 82 26 82 51 - let%span span42 = "../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span42 = "../../../../creusot-contracts/src/std/vec.rs" 73 26 73 44 - let%span span43 = "../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span43 = "" 0 0 0 0 - let%span span44 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span44 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span45 = "../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span45 = "../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 - let%span span46 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span46 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span47 = "" 0 0 0 0 + let%span span47 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span48 = "" 0 0 0 0 + let%span span48 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 - let%span span49 = "../../../../creusot-contracts/src/std/vec.rs" 82 26 82 51 + let%span span49 = "" 0 0 0 0 - let%span span50 = "../../../../creusot-contracts/src/std/vec.rs" 73 26 73 44 + let%span span50 = "" 0 0 0 0 - let%span span51 = "" 0 0 0 0 + let%span span51 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 - let%span span52 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span52 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 - let%span span53 = "../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 + let%span span53 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 - let%span span54 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span54 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 - let%span span55 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span55 = "" 0 0 0 0 - let%span span56 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 + let%span span56 = "../knapsack.rs" 13 11 13 15 - let%span span57 = "" 0 0 0 0 + let%span span57 = "../knapsack.rs" 14 10 14 31 - let%span span58 = "" 0 0 0 0 + let%span span58 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span59 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 + let%span span59 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 - let%span span60 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 + let%span span60 = "" 0 0 0 0 - let%span span61 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 + let%span span61 = "" 0 0 0 0 - let%span span62 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 + let%span span62 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 let%span span63 = "" 0 0 0 0 - let%span span64 = "../knapsack.rs" 13 11 13 15 + let%span span64 = "../knapsack.rs" 31 11 31 37 - let%span span65 = "../knapsack.rs" 14 10 14 31 + let%span span65 = "../knapsack.rs" 32 11 32 17 - let%span span66 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span66 = "../knapsack.rs" 33 10 33 21 - let%span span67 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 + let%span span67 = "../knapsack.rs" 30 10 30 11 - let%span span68 = "" 0 0 0 0 + let%span span68 = "../knapsack.rs" 35 4 42 5 let%span span69 = "" 0 0 0 0 - let%span span70 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 - - let%span span71 = "" 0 0 0 0 + let%span span70 = "../../../../creusot-contracts/src/std/vec.rs" 174 22 174 41 - let%span span72 = "../knapsack.rs" 31 11 31 37 + let%span span71 = "../../../../creusot-contracts/src/std/vec.rs" 175 12 175 78 - let%span span73 = "../knapsack.rs" 32 11 32 17 + let%span span72 = "" 0 0 0 0 - let%span span74 = "../knapsack.rs" 34 11 34 16 + let%span span73 = "" 0 0 0 0 - let%span span75 = "../knapsack.rs" 33 10 33 21 + let%span span74 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 - let%span span76 = "../knapsack.rs" 30 10 30 11 + use Knapsack_Item_Type as Item'0 - let%span span77 = "../knapsack.rs" 35 4 42 5 + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - let%span span78 = "" 0 0 0 0 + predicate invariant'17 (self : Seq'0.t_seq (Item'0.t_item name)) - let%span span79 = "../../../../creusot-contracts/src/std/vec.rs" 174 22 174 41 + predicate inv'17 (_x : Seq'0.t_seq (Item'0.t_item name)) - let%span span80 = "../../../../creusot-contracts/src/std/vec.rs" 175 12 175 78 + axiom inv'17 : forall x : Seq'0.t_seq (Item'0.t_item name) . inv'17 x = true - let%span span81 = "" 0 0 0 0 + use Alloc_Alloc_Global_Type as Global'0 - let%span span82 = "" 0 0 0 0 + use prelude.prelude.UIntSize - let%span span83 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 + use Alloc_Vec_Vec_Type as Vec'0 - use Knapsack_Item_Type as Item'0 + predicate invariant'16 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = + [%#span22] true - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + predicate inv'16 (_x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) - predicate invariant'17 (self : Seq'0.t_seq (Item'0.t_item name)) + axiom inv'16 : forall x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . inv'16 x = true - predicate inv'17 (_x : Seq'0.t_seq (Item'0.t_item name)) + predicate invariant'15 (self : Seq'0.t_seq usize) = + [%#span22] true - axiom inv'17 : forall x : Seq'0.t_seq (Item'0.t_item name) . inv'17 x = true + predicate inv'15 (_x : Seq'0.t_seq usize) - predicate inv'6 (_x : Seq'0.t_seq (Item'0.t_item name)) + axiom inv'15 : forall x : Seq'0.t_seq usize . inv'15 x = true - use Alloc_Alloc_Global_Type as Global'0 + predicate invariant'14 (self : Seq'0.t_seq (Item'0.t_item name)) - use Alloc_Vec_Vec_Type as Vec'0 + predicate inv'14 (_x : Seq'0.t_seq (Item'0.t_item name)) - use prelude.prelude.UIntSize + axiom inv'14 : forall x : Seq'0.t_seq (Item'0.t_item name) . inv'14 x = true use prelude.prelude.UIntSize use prelude.prelude.Int - constant max'1 : usize = [%#span22] (18446744073709551615 : usize) - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + constant max'1 : usize = [%#span23] (18446744073709551615 : usize) function len'1 (self : Seq'0.t_seq (Item'0.t_item name)) : int - axiom len'1_spec : forall self : Seq'0.t_seq (Item'0.t_item name) . ([%#span23] inv'6 self) - -> ([%#span24] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq (Item'0.t_item name) . [%#span24] len'1 self >= 0 - predicate inv'16 (_x : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) + predicate inv'13 (_x : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) function shallow_model'3 (self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) : Seq'0.t_seq (Item'0.t_item name) - axiom shallow_model'3_spec : forall self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global) . ([%#span25] inv'16 self) - -> ([%#span27] inv'6 (shallow_model'3 self)) - && ([%#span26] len'1 (shallow_model'3 self) <= UIntSize.to_int (max'1 : usize)) + axiom shallow_model'3_spec : forall self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global) . ([%#span25] inv'13 self) + -> ([%#span26] len'1 (shallow_model'3 self) <= UIntSize.to_int (max'1 : usize)) - predicate invariant'16 (self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) = - [%#span28] inv'6 (shallow_model'3 self) + predicate invariant'13 (self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) = + [%#span27] inv'17 (shallow_model'3 self) - axiom inv'16 : forall x : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global) . inv'16 x = true + axiom inv'13 : forall x : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global) . inv'13 x = true use prelude.prelude.Borrow - predicate invariant'15 (self : borrowed (Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global))) + predicate invariant'12 (self : borrowed (Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global))) - predicate inv'15 (_x : borrowed (Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global))) + predicate inv'12 (_x : borrowed (Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global))) - axiom inv'15 : forall x : borrowed (Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) . inv'15 x = true - - use seq.Seq + axiom inv'12 : forall x : borrowed (Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) . inv'12 x = true function len'4 (self : Seq'0.t_seq (Item'0.t_item name)) : int - axiom len'4_spec : forall self : Seq'0.t_seq (Item'0.t_item name) . ([%#span23] inv'17 self) - -> ([%#span24] len'4 self >= 0) + axiom len'4_spec : forall self : Seq'0.t_seq (Item'0.t_item name) . [%#span24] len'4 self >= 0 - constant empty'3 : Seq'0.t_seq (Item'0.t_item name) = [%#span29] () + constant empty'3 : Seq'0.t_seq (Item'0.t_item name) - function empty_len'3 (_1 : ()) : () = - [%#span31] () + function empty_len'3 (_1 : ()) : () - axiom empty_len'3_spec : forall _1 : () . [%#span30] len'4 (empty'3 : Seq'0.t_seq (Item'0.t_item name)) = 0 + axiom empty_len'3_spec : forall _1 : () . [%#span28] len'4 (empty'3 : Seq'0.t_seq (Item'0.t_item name)) = 0 - predicate invariant'14 (self : borrowed usize) = - [%#span32] true + predicate invariant'11 (self : borrowed usize) = + [%#span22] true - predicate inv'14 (_x : borrowed usize) + predicate inv'11 (_x : borrowed usize) - axiom inv'14 : forall x : borrowed usize . inv'14 x = true + axiom inv'11 : forall x : borrowed usize . inv'11 x = true - predicate invariant'13 (self : borrowed (Vec'0.t_vec usize (Global'0.t_global))) = - [%#span32] true + predicate invariant'10 (self : borrowed (Vec'0.t_vec usize (Global'0.t_global))) = + [%#span22] true - predicate inv'13 (_x : borrowed (Vec'0.t_vec usize (Global'0.t_global))) + predicate inv'10 (_x : borrowed (Vec'0.t_vec usize (Global'0.t_global))) - axiom inv'13 : forall x : borrowed (Vec'0.t_vec usize (Global'0.t_global)) . inv'13 x = true + axiom inv'10 : forall x : borrowed (Vec'0.t_vec usize (Global'0.t_global)) . inv'10 x = true - predicate invariant'12 (self : borrowed (Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global))) = - [%#span32] true + predicate invariant'9 (self : borrowed (Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global))) = + [%#span22] true - predicate inv'12 (_x : borrowed (Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global))) + predicate inv'9 (_x : borrowed (Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global))) - axiom inv'12 : forall x : borrowed (Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) . inv'12 x + axiom inv'9 : forall x : borrowed (Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) . inv'9 x = true - predicate invariant'11 (self : usize) = - [%#span32] true - - predicate inv'11 (_x : usize) - - axiom inv'11 : forall x : usize . inv'11 x = true + predicate invariant'8 (self : usize) = + [%#span22] true - predicate invariant'10 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span32] true + predicate inv'8 (_x : usize) - predicate inv'10 (_x : Vec'0.t_vec usize (Global'0.t_global)) + axiom inv'8 : forall x : usize . inv'8 x = true - axiom inv'10 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'10 x = true + predicate invariant'7 (self : Vec'0.t_vec usize (Global'0.t_global)) = + [%#span22] true - predicate invariant'9 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) = - [%#span32] true + predicate inv'7 (_x : Vec'0.t_vec usize (Global'0.t_global)) - predicate inv'9 (_x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) + axiom inv'7 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'7 x = true - axiom inv'9 : forall x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . inv'9 x = true + predicate invariant'6 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) = + [%#span22] true - predicate invariant'8 (self : Seq'0.t_seq usize) = - [%#span32] true + predicate inv'6 (_x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) - predicate inv'8 (_x : Seq'0.t_seq usize) - - axiom inv'8 : forall x : Seq'0.t_seq usize . inv'8 x = true - - predicate invariant'7 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = - [%#span32] true - - predicate inv'7 (_x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) - - axiom inv'7 : forall x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . inv'7 x = true - - predicate invariant'6 (self : Seq'0.t_seq (Item'0.t_item name)) - - axiom inv'6 : forall x : Seq'0.t_seq (Item'0.t_item name) . inv'6 x = true - - use seq.Seq + axiom inv'6 : forall x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . inv'6 x = true function len'2 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) : int - axiom len'2_spec : forall self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . ([%#span23] inv'7 self) - -> ([%#span24] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . [%#span24] len'2 self >= 0 predicate inv'5 (_x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) @@ -587,35 +515,31 @@ module Knapsack_Knapsack01Dyn axiom shallow_model'1_spec : forall self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . ([%#span25] inv'5 self) - -> ([%#span27] inv'7 (shallow_model'1 self)) - && ([%#span26] len'2 (shallow_model'1 self) <= UIntSize.to_int (max'1 : usize)) + -> ([%#span26] len'2 (shallow_model'1 self) <= UIntSize.to_int (max'1 : usize)) predicate invariant'5 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) = - [%#span28] inv'7 (shallow_model'1 self) + [%#span27] inv'16 (shallow_model'1 self) axiom inv'5 : forall x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . inv'5 x = true - use seq.Seq - function len'3 (self : Seq'0.t_seq usize) : int - axiom len'3_spec : forall self : Seq'0.t_seq usize . ([%#span23] inv'8 self) -> ([%#span24] len'3 self >= 0) + axiom len'3_spec : forall self : Seq'0.t_seq usize . [%#span24] len'3 self >= 0 predicate inv'4 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'2 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize axiom shallow_model'2_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span25] inv'4 self) - -> ([%#span27] inv'8 (shallow_model'2 self)) - && ([%#span26] len'3 (shallow_model'2 self) <= UIntSize.to_int (max'1 : usize)) + -> ([%#span26] len'3 (shallow_model'2 self) <= UIntSize.to_int (max'1 : usize)) predicate invariant'4 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span28] inv'8 (shallow_model'2 self) + [%#span27] inv'15 (shallow_model'2 self) axiom inv'4 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'4 x = true predicate invariant'3 (self : usize) = - [%#span32] true + [%#span22] true predicate inv'3 (_x : usize) @@ -633,11 +557,10 @@ module Knapsack_Knapsack01Dyn axiom shallow_model'8_spec : forall self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global) . ([%#span25] inv'1 self) - -> ([%#span27] inv'17 (shallow_model'8 self)) - && ([%#span26] len'4 (shallow_model'8 self) <= UIntSize.to_int (max'1 : usize)) + -> ([%#span26] len'4 (shallow_model'8 self) <= UIntSize.to_int (max'1 : usize)) predicate invariant'1 (self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) = - [%#span28] inv'17 (shallow_model'8 self) + [%#span27] inv'14 (shallow_model'8 self) axiom inv'1 : forall x : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global) . inv'1 x = true @@ -647,212 +570,195 @@ module Knapsack_Knapsack01Dyn axiom inv'0 : forall x : Item'0.t_item name . inv'0 x = true - constant empty'2 : Seq'0.t_seq usize = [%#span29] () + constant empty'2 : Seq'0.t_seq usize - function empty_len'2 (_1 : ()) : () = - [%#span31] () + function empty_len'2 (_1 : ()) : () - axiom empty_len'2_spec : forall _1 : () . [%#span30] len'3 (empty'2 : Seq'0.t_seq usize) = 0 + axiom empty_len'2_spec : forall _1 : () . [%#span28] len'3 (empty'2 : Seq'0.t_seq usize) = 0 - constant empty'1 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) = [%#span29] () + constant empty'1 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) - function empty_len'1 (_1 : ()) : () = - [%#span31] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span30] len'2 (empty'1 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) + axiom empty_len'1_spec : forall _1 : () . [%#span28] len'2 (empty'1 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = 0 - constant empty'0 : Seq'0.t_seq (Item'0.t_item name) = [%#span29] () + constant empty'0 : Seq'0.t_seq (Item'0.t_item name) - function empty_len'0 (_1 : ()) : () = - [%#span31] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span30] len'1 (empty'0 : Seq'0.t_seq (Item'0.t_item name)) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span28] len'1 (empty'0 : Seq'0.t_seq (Item'0.t_item name)) = 0 use Knapsack_Item_Type as Knapsack_Item_Type - use seq.Seq - - function index_logic'5 (self : Seq'0.t_seq (Item'0.t_item name)) (x : int) : Item'0.t_item name + function index_logic'5 (self : Seq'0.t_seq (Item'0.t_item name)) (_2 : int) : Item'0.t_item name function index_logic'2 [@inline:trivial] (self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) (ix : int) : Item'0.t_item name = - [%#span33] index_logic'5 (shallow_model'3 self) ix + [%#span29] index_logic'5 (shallow_model'3 self) ix use prelude.prelude.Intrinsic predicate resolve'4 (self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) predicate resolve'6 (self : usize) = - [%#span34] true + [%#span30] true - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'1 (self : Seq'0.t_seq usize) (_2 : int) : usize function index_logic'3 [@inline:trivial] (self : Vec'0.t_vec usize (Global'0.t_global)) (ix : int) : usize = - [%#span33] index_logic'1 (shallow_model'2 self) ix + [%#span29] index_logic'1 (shallow_model'2 self) ix predicate resolve'5 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span35] forall i : int . 0 <= i /\ i < len'3 (shallow_model'2 self) -> resolve'6 (index_logic'3 self i) - - use seq.Seq + [%#span31] forall i : int . 0 <= i /\ i < len'3 (shallow_model'2 self) -> resolve'6 (index_logic'3 self i) - function index_logic'4 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (x : int) : Vec'0.t_vec usize (Global'0.t_global) + function index_logic'4 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (_2 : int) : Vec'0.t_vec usize (Global'0.t_global) function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) (ix : int) : Vec'0.t_vec usize (Global'0.t_global) = - [%#span33] index_logic'4 (shallow_model'1 self) ix + [%#span29] index_logic'4 (shallow_model'1 self) ix predicate resolve'3 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) = - [%#span35] forall i : int . 0 <= i /\ i < len'2 (shallow_model'1 self) -> resolve'5 (index_logic'0 self i) + [%#span31] forall i : int . 0 <= i /\ i < len'2 (shallow_model'1 self) -> resolve'5 (index_logic'0 self i) - use seq.Seq - - use seq.Seq - - function index_logic'6 (self : Seq'0.t_seq (Item'0.t_item name)) (x : int) : Item'0.t_item name + function index_logic'6 (self : Seq'0.t_seq (Item'0.t_item name)) (_2 : int) : Item'0.t_item name function concat'0 (self : Seq'0.t_seq (Item'0.t_item name)) (other : Seq'0.t_seq (Item'0.t_item name)) : Seq'0.t_seq (Item'0.t_item name) - axiom concat'0_spec : forall self : Seq'0.t_seq (Item'0.t_item name), other : Seq'0.t_seq (Item'0.t_item name) . ([%#span36] inv'17 self) - -> ([%#span37] inv'17 other) - -> ([%#span40] inv'17 (concat'0 self other)) - && ([%#span39] forall i : int . 0 <= i /\ i < len'4 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq (Item'0.t_item name), other : Seq'0.t_seq (Item'0.t_item name) . ([%#span33] forall i : int . 0 + <= i + /\ i < len'4 (concat'0 self other) -> index_logic'6 (concat'0 self other) i = (if i < len'4 self then index_logic'6 self i else index_logic'6 other (i - len'4 self))) - && ([%#span38] len'4 (concat'0 self other) = len'4 self + len'4 other) - - use seq.Seq + && ([%#span32] len'4 (concat'0 self other) = len'4 self + len'4 other) function singleton'0 (v : Item'0.t_item name) : Seq'0.t_seq (Item'0.t_item name) - axiom singleton'0_spec : forall v : Item'0.t_item name . ([%#span41] inv'0 v) - -> ([%#span44] inv'17 (singleton'0 v)) - && ([%#span43] index_logic'6 (singleton'0 v) 0 = v) && ([%#span42] len'4 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : Item'0.t_item name . ([%#span34] inv'0 v) + -> ([%#span36] index_logic'6 (singleton'0 v) 0 = v) && ([%#span35] len'4 (singleton'0 v) = 1) function push'1 [@inline:trivial] (self : Seq'0.t_seq (Item'0.t_item name)) (v : Item'0.t_item name) : Seq'0.t_seq (Item'0.t_item name) = - [%#span45] concat'0 self (singleton'0 v) + [%#span37] concat'0 self (singleton'0 v) function shallow_model'9 (self : borrowed (Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global))) : Seq'0.t_seq (Item'0.t_item name) = - [%#span46] shallow_model'8 ( * self) + [%#span38] shallow_model'8 ( * self) - let rec push'0 (self:borrowed (Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global))) (value:Item'0.t_item name) (return' (ret:()))= {[@expl:precondition] [%#span48] inv'0 value} - {[@expl:precondition] [%#span47] inv'15 self} + let rec push'0 (self:borrowed (Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global))) (value:Item'0.t_item name) (return' (ret:()))= {[@expl:precondition] [%#span40] inv'0 value} + {[@expl:precondition] [%#span39] inv'12 self} any - [ return' (result:())-> {[%#span49] shallow_model'8 ( ^ self) = push'1 (shallow_model'9 self) value} + [ return' (result:())-> {[%#span41] shallow_model'8 ( ^ self) = push'1 (shallow_model'9 self) value} (! return' {result}) ] let rec with_capacity'0 (capacity:usize) (return' (ret:Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)))= any - [ return' (result:Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global))-> {[%#span51] inv'1 result} - {[%#span50] len'4 (shallow_model'8 result) = 0} + [ return' (result:Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global))-> {[%#span43] inv'1 result} + {[%#span42] len'4 (shallow_model'8 result) = 0} (! return' {result}) ] predicate resolve'2 (self : borrowed (Vec'0.t_vec usize (Global'0.t_global))) = - [%#span52] ^ self = * self + [%#span44] ^ self = * self predicate resolve'1 (self : borrowed usize) = - [%#span52] ^ self = * self + [%#span44] ^ self = * self use prelude.prelude.Slice predicate resolve_elswhere'1 [@inline:trivial] (self : usize) (old' : Seq'0.t_seq usize) (fin : Seq'0.t_seq usize) = - [%#span53] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'3 old' + [%#span45] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'3 old' -> index_logic'1 old' i = index_logic'1 fin i predicate has_value'2 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq usize) (out : usize) = - [%#span54] index_logic'1 seq (UIntSize.to_int self) = out + [%#span46] index_logic'1 seq (UIntSize.to_int self) = out predicate in_bounds'2 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq usize) = - [%#span55] UIntSize.to_int self < len'3 seq + [%#span47] UIntSize.to_int self < len'3 seq function shallow_model'7 (self : borrowed (Vec'0.t_vec usize (Global'0.t_global))) : Seq'0.t_seq usize = - [%#span46] shallow_model'2 ( * self) + [%#span38] shallow_model'2 ( * self) - let rec index_mut'1 (self:borrowed (Vec'0.t_vec usize (Global'0.t_global))) (index:usize) (return' (ret:borrowed usize))= {[@expl:precondition] [%#span58] inv'3 index} - {[@expl:precondition] [%#span57] inv'13 self} - {[@expl:precondition] [%#span56] in_bounds'2 index (shallow_model'7 self)} + let rec index_mut'1 (self:borrowed (Vec'0.t_vec usize (Global'0.t_global))) (index:usize) (return' (ret:borrowed usize))= {[@expl:precondition] [%#span50] inv'3 index} + {[@expl:precondition] [%#span49] inv'10 self} + {[@expl:precondition] [%#span48] in_bounds'2 index (shallow_model'7 self)} any - [ return' (result:borrowed usize)-> {[%#span63] inv'14 result} - {[%#span62] len'3 (shallow_model'2 ( ^ self)) = len'3 (shallow_model'7 self)} - {[%#span61] resolve_elswhere'1 index (shallow_model'7 self) (shallow_model'2 ( ^ self))} - {[%#span60] has_value'2 index (shallow_model'2 ( ^ self)) ( ^ result)} - {[%#span59] has_value'2 index (shallow_model'7 self) ( * result)} + [ return' (result:borrowed usize)-> {[%#span55] inv'11 result} + {[%#span54] len'3 (shallow_model'2 ( ^ self)) = len'3 (shallow_model'7 self)} + {[%#span53] resolve_elswhere'1 index (shallow_model'7 self) (shallow_model'2 ( ^ self))} + {[%#span52] has_value'2 index (shallow_model'2 ( ^ self)) ( ^ result)} + {[%#span51] has_value'2 index (shallow_model'7 self) ( * result)} (! return' {result}) ] predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (fin : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = - [%#span53] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'2 old' + [%#span45] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'2 old' -> index_logic'4 old' i = index_logic'4 fin i predicate has_value'1 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (out : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span54] index_logic'4 seq (UIntSize.to_int self) = out + [%#span46] index_logic'4 seq (UIntSize.to_int self) = out predicate in_bounds'1 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = - [%#span55] UIntSize.to_int self < len'2 seq + [%#span47] UIntSize.to_int self < len'2 seq function shallow_model'6 (self : borrowed (Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global))) : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) = - [%#span46] shallow_model'1 ( * self) + [%#span38] shallow_model'1 ( * self) - let rec index_mut'0 (self:borrowed (Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global))) (index:usize) (return' (ret:borrowed (Vec'0.t_vec usize (Global'0.t_global))))= {[@expl:precondition] [%#span58] inv'3 index} - {[@expl:precondition] [%#span57] inv'12 self} - {[@expl:precondition] [%#span56] in_bounds'1 index (shallow_model'6 self)} + let rec index_mut'0 (self:borrowed (Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global))) (index:usize) (return' (ret:borrowed (Vec'0.t_vec usize (Global'0.t_global))))= {[@expl:precondition] [%#span50] inv'3 index} + {[@expl:precondition] [%#span49] inv'9 self} + {[@expl:precondition] [%#span48] in_bounds'1 index (shallow_model'6 self)} any - [ return' (result:borrowed (Vec'0.t_vec usize (Global'0.t_global)))-> {[%#span63] inv'13 result} - {[%#span62] len'2 (shallow_model'1 ( ^ self)) = len'2 (shallow_model'6 self)} - {[%#span61] resolve_elswhere'0 index (shallow_model'6 self) (shallow_model'1 ( ^ self))} - {[%#span60] has_value'1 index (shallow_model'1 ( ^ self)) ( ^ result)} - {[%#span59] has_value'1 index (shallow_model'6 self) ( * result)} + [ return' (result:borrowed (Vec'0.t_vec usize (Global'0.t_global)))-> {[%#span55] inv'10 result} + {[%#span54] len'2 (shallow_model'1 ( ^ self)) = len'2 (shallow_model'6 self)} + {[%#span53] resolve_elswhere'0 index (shallow_model'6 self) (shallow_model'1 ( ^ self))} + {[%#span52] has_value'1 index (shallow_model'1 ( ^ self)) ( ^ result)} + {[%#span51] has_value'1 index (shallow_model'6 self) ( * result)} (! return' {result}) ] use int.MinMax - let rec max'0 (a:usize) (b:usize) (return' (ret:usize))= {[@expl:precondition] [%#span64] true} + let rec max'0 (a:usize) (b:usize) (return' (ret:usize))= {[@expl:precondition] [%#span56] true} any - [ return' (result:usize)-> {[%#span65] UIntSize.to_int result = MinMax.max (UIntSize.to_int a) (UIntSize.to_int b)} + [ return' (result:usize)-> {[%#span57] UIntSize.to_int result = MinMax.max (UIntSize.to_int a) (UIntSize.to_int b)} (! return' {result}) ] function shallow_model'5 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize = - [%#span66] shallow_model'2 self + [%#span58] shallow_model'2 self - let rec index'2 (self:Vec'0.t_vec usize (Global'0.t_global)) (index:usize) (return' (ret:usize))= {[@expl:precondition] [%#span69] inv'3 index} - {[@expl:precondition] [%#span68] inv'10 self} - {[@expl:precondition] [%#span67] in_bounds'2 index (shallow_model'5 self)} + let rec index'2 (self:Vec'0.t_vec usize (Global'0.t_global)) (index:usize) (return' (ret:usize))= {[@expl:precondition] [%#span61] inv'3 index} + {[@expl:precondition] [%#span60] inv'7 self} + {[@expl:precondition] [%#span59] in_bounds'2 index (shallow_model'5 self)} any - [ return' (result:usize)-> {[%#span71] inv'11 result} - {[%#span70] has_value'2 index (shallow_model'5 self) result} + [ return' (result:usize)-> {[%#span63] inv'8 result} + {[%#span62] has_value'2 index (shallow_model'5 self) result} (! return' {result}) ] function shallow_model'4 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) = - [%#span66] shallow_model'1 self + [%#span58] shallow_model'1 self - let rec index'1 (self:Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) (index:usize) (return' (ret:Vec'0.t_vec usize (Global'0.t_global)))= {[@expl:precondition] [%#span69] inv'3 index} - {[@expl:precondition] [%#span68] inv'9 self} - {[@expl:precondition] [%#span67] in_bounds'1 index (shallow_model'4 self)} + let rec index'1 (self:Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) (index:usize) (return' (ret:Vec'0.t_vec usize (Global'0.t_global)))= {[@expl:precondition] [%#span61] inv'3 index} + {[@expl:precondition] [%#span60] inv'6 self} + {[@expl:precondition] [%#span59] in_bounds'1 index (shallow_model'4 self)} any - [ return' (result:Vec'0.t_vec usize (Global'0.t_global))-> {[%#span71] inv'10 result} - {[%#span70] has_value'1 index (shallow_model'4 self) result} + [ return' (result:Vec'0.t_vec usize (Global'0.t_global))-> {[%#span63] inv'7 result} + {[%#span62] has_value'1 index (shallow_model'4 self) result} (! return' {result}) ] @@ -861,29 +767,29 @@ module Knapsack_Knapsack01Dyn predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq (Item'0.t_item name)) (out : Item'0.t_item name) = - [%#span54] index_logic'5 seq (UIntSize.to_int self) = out + [%#span46] index_logic'5 seq (UIntSize.to_int self) = out predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq (Item'0.t_item name)) = - [%#span55] UIntSize.to_int self < len'1 seq + [%#span47] UIntSize.to_int self < len'1 seq function shallow_model'0 (self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) : Seq'0.t_seq (Item'0.t_item name) = - [%#span66] shallow_model'3 self + [%#span58] shallow_model'3 self - let rec index'0 (self:Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) (index:usize) (return' (ret:Item'0.t_item name))= {[@expl:precondition] [%#span69] inv'3 index} - {[@expl:precondition] [%#span68] inv'2 self} - {[@expl:precondition] [%#span67] in_bounds'0 index (shallow_model'0 self)} + let rec index'0 (self:Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) (index:usize) (return' (ret:Item'0.t_item name))= {[@expl:precondition] [%#span61] inv'3 index} + {[@expl:precondition] [%#span60] inv'2 self} + {[@expl:precondition] [%#span59] in_bounds'0 index (shallow_model'0 self)} any - [ return' (result:Item'0.t_item name)-> {[%#span71] inv'0 result} - {[%#span70] has_value'0 index (shallow_model'0 self) result} + [ return' (result:Item'0.t_item name)-> {[%#span63] inv'0 result} + {[%#span62] has_value'0 index (shallow_model'0 self) result} (! return' {result}) ] function m'0 [#"../knapsack.rs" 34 0 34 57] (items : Seq'0.t_seq (Item'0.t_item name)) (i : int) (w : int) : int axiom m'0_def : forall items : Seq'0.t_seq (Item'0.t_item name), i : int, w : int . m'0 items i w - = ([%#span77] if i = 0 then + = ([%#span68] if i = 0 then 0 else if UIntSize.to_int (Knapsack_Item_Type.item_weight (index_logic'5 items (i - 1))) > w then @@ -895,27 +801,27 @@ module Knapsack_Knapsack01Dyn ) - axiom m'0_spec : forall items : Seq'0.t_seq (Item'0.t_item name), i : int, w : int . ([%#span72] 0 <= i - /\ i <= len'1 items) -> ([%#span73] 0 <= w) -> ([%#span74] inv'6 items) -> ([%#span75] m'0 items i w >= 0) + axiom m'0_spec : forall items : Seq'0.t_seq (Item'0.t_item name), i : int, w : int . ([%#span64] 0 <= i + /\ i <= len'1 items) -> ([%#span65] 0 <= w) -> ([%#span66] m'0 items i w >= 0) - let rec from_elem'1 (elem:Vec'0.t_vec usize (Global'0.t_global)) (n:usize) (return' (ret:Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)))= {[@expl:precondition] [%#span78] inv'4 elem} + let rec from_elem'1 (elem:Vec'0.t_vec usize (Global'0.t_global)) (n:usize) (return' (ret:Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)))= {[@expl:precondition] [%#span69] inv'4 elem} any - [ return' (result:Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global))-> {[%#span81] inv'5 result} - {[%#span80] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'0 result i = elem} - {[%#span79] len'2 (shallow_model'1 result) = UIntSize.to_int n} + [ return' (result:Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global))-> {[%#span72] inv'5 result} + {[%#span71] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'0 result i = elem} + {[%#span70] len'2 (shallow_model'1 result) = UIntSize.to_int n} (! return' {result}) ] - let rec len'0 (self:Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span82] inv'2 self} + let rec len'0 (self:Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span73] inv'2 self} any - [ return' (result:usize)-> {[%#span83] UIntSize.to_int result = len'1 (shallow_model'0 self)} (! return' {result}) ] + [ return' (result:usize)-> {[%#span74] UIntSize.to_int result = len'1 (shallow_model'0 self)} (! return' {result}) ] - let rec from_elem'0 (elem:usize) (n:usize) (return' (ret:Vec'0.t_vec usize (Global'0.t_global)))= {[@expl:precondition] [%#span78] inv'3 elem} + let rec from_elem'0 (elem:usize) (n:usize) (return' (ret:Vec'0.t_vec usize (Global'0.t_global)))= {[@expl:precondition] [%#span69] inv'3 elem} any - [ return' (result:Vec'0.t_vec usize (Global'0.t_global))-> {[%#span81] inv'4 result} - {[%#span80] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'3 result i = elem} - {[%#span79] len'3 (shallow_model'2 result) = UIntSize.to_int n} + [ return' (result:Vec'0.t_vec usize (Global'0.t_global))-> {[%#span72] inv'4 result} + {[%#span71] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'3 result i = elem} + {[%#span70] len'3 (shallow_model'2 result) = UIntSize.to_int n} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/knapsack_full.coma b/creusot/tests/should_succeed/knapsack_full.coma index 9daa891751..896becea67 100644 --- a/creusot/tests/should_succeed/knapsack_full.coma +++ b/creusot/tests/should_succeed/knapsack_full.coma @@ -27,22 +27,7 @@ module KnapsackFull_Max end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module KnapsackFull_Item_Type use prelude.prelude.UIntSize @@ -75,57 +60,35 @@ module KnapsackFull_SumWeights_Impl let%span sknapsack_full0 = "../knapsack_full.rs" 25 11 25 33 - let%span sknapsack_full1 = "../knapsack_full.rs" 27 21 27 22 - - let%span sknapsack_full2 = "../knapsack_full.rs" 26 10 26 21 - - let%span sknapsack_full3 = "../knapsack_full.rs" 24 10 24 19 - - let%span sseq24 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span sknapsack_full1 = "../knapsack_full.rs" 26 10 26 21 - let%span sseq25 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span sknapsack_full2 = "../knapsack_full.rs" 24 10 24 19 - let%span span6 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span sseq23 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span7 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span4 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span8 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + use prelude.prelude.Int use KnapsackFull_Item_Type as Item'0 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'0 (self : Seq'0.t_seq (Item'0.t_item name)) - - predicate inv'0 (_x : Seq'0.t_seq (Item'0.t_item name)) - - axiom inv'0 : forall x : Seq'0.t_seq (Item'0.t_item name) . inv'0 x = true - - use prelude.prelude.Int - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq (Item'0.t_item name)) : int - axiom len'0_spec : forall self : Seq'0.t_seq (Item'0.t_item name) . ([%#sseq24] inv'0 self) - -> ([%#sseq25] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (Item'0.t_item name) . [%#sseq23] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq (Item'0.t_item name) = [%#span6] () + constant empty'0 : Seq'0.t_seq (Item'0.t_item name) - function empty_len'0 (_1 : ()) : () = - [%#span8] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span7] len'0 (empty'0 : Seq'0.t_seq (Item'0.t_item name)) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span4] len'0 (empty'0 : Seq'0.t_seq (Item'0.t_item name)) = 0 use prelude.prelude.UIntSize use prelude.prelude.UIntSize - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq (Item'0.t_item name)) (x : int) : Item'0.t_item name + function index_logic'0 (self : Seq'0.t_seq (Item'0.t_item name)) (_2 : int) : Item'0.t_item name use KnapsackFull_Item_Type as KnapsackFull_Item_Type @@ -137,20 +100,18 @@ module KnapsackFull_SumWeights_Impl function sum_weights [#"../knapsack_full.rs" 27 0 27 56] (s : Seq'0.t_seq (Item'0.t_item name)) (i : int) : int - goal vc_sum_weights : ([%#sknapsack_full1] inv'0 s) - -> ([%#sknapsack_full0] 0 <= i /\ i <= len'0 s) - -> ([%#sseq24] inv'0 s) - /\ (([%#sseq25] len'0 s >= 0) + goal vc_sum_weights : ([%#sknapsack_full0] 0 <= i /\ i <= len'0 s) + -> ([%#sseq23] len'0 s >= 0) -> match i = len'0 s with - | True -> [%#sknapsack_full2] 0 >= 0 - | False -> ((([%#sknapsack_full1] inv'0 s) && ([%#sknapsack_full0] 0 <= i + 1 /\ i + 1 <= len'0 s)) - /\ 0 <= ([%#sknapsack_full3] len'0 s - i) - /\ ([%#sknapsack_full3] len'0 s - (i + 1)) < ([%#sknapsack_full3] len'0 s - i)) - /\ (([%#sknapsack_full2] sum_weights s (i + 1) >= 0) - -> ([%#sknapsack_full2] UIntSize.to_int (KnapsackFull_Item_Type.item_weight (index_logic'0 s i)) + | True -> [%#sknapsack_full1] 0 >= 0 + | False -> (([%#sknapsack_full0] 0 <= i + 1 /\ i + 1 <= len'0 s) + /\ 0 <= ([%#sknapsack_full2] len'0 s - i) + /\ ([%#sknapsack_full2] len'0 s - (i + 1)) < ([%#sknapsack_full2] len'0 s - i)) + /\ (([%#sknapsack_full1] sum_weights s (i + 1) >= 0) + -> ([%#sknapsack_full1] UIntSize.to_int (KnapsackFull_Item_Type.item_weight (index_logic'0 s i)) + sum_weights s (i + 1) >= 0)) - end) + end end module KnapsackFull_SumValues_Impl type name @@ -159,51 +120,31 @@ module KnapsackFull_SumValues_Impl let%span sknapsack_full1 = "../knapsack_full.rs" 35 10 35 19 - let%span sseq22 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span sseq22 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span sseq23 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span3 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span4 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span5 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span6 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + use prelude.prelude.Int use KnapsackFull_Item_Type as Item'0 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'0 (self : Seq'0.t_seq (Item'0.t_item name)) - - predicate inv'0 (_x : Seq'0.t_seq (Item'0.t_item name)) - - axiom inv'0 : forall x : Seq'0.t_seq (Item'0.t_item name) . inv'0 x = true - - use prelude.prelude.Int - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq (Item'0.t_item name)) : int - axiom len'0_spec : forall self : Seq'0.t_seq (Item'0.t_item name) . ([%#sseq22] inv'0 self) - -> ([%#sseq23] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (Item'0.t_item name) . [%#sseq22] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq (Item'0.t_item name) = [%#span4] () + constant empty'0 : Seq'0.t_seq (Item'0.t_item name) - function empty_len'0 (_1 : ()) : () = - [%#span6] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span5] len'0 (empty'0 : Seq'0.t_seq (Item'0.t_item name)) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span3] len'0 (empty'0 : Seq'0.t_seq (Item'0.t_item name)) = 0 use prelude.prelude.UIntSize use prelude.prelude.UIntSize - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq (Item'0.t_item name)) (x : int) : Item'0.t_item name + function index_logic'0 (self : Seq'0.t_seq (Item'0.t_item name)) (_2 : int) : Item'0.t_item name use KnapsackFull_Item_Type as KnapsackFull_Item_Type @@ -216,14 +157,13 @@ module KnapsackFull_SumValues_Impl function sum_values [#"../knapsack_full.rs" 37 0 37 55] (s : Seq'0.t_seq (Item'0.t_item name)) (i : int) : int goal vc_sum_values : ([%#sknapsack_full0] i >= 0 /\ i <= len'0 s) - -> ([%#sseq22] inv'0 s) - /\ (([%#sseq23] len'0 s >= 0) + -> ([%#sseq22] len'0 s >= 0) -> match i = len'0 s with | True -> true | False -> ([%#sknapsack_full0] i + 1 >= 0 /\ i + 1 <= len'0 s) /\ 0 <= ([%#sknapsack_full1] len'0 s - i) /\ ([%#sknapsack_full1] len'0 s - (i + 1)) < ([%#sknapsack_full1] len'0 s - i) - end) + end end module KnapsackFull_SubseqRev_Impl type t @@ -234,67 +174,37 @@ module KnapsackFull_SubseqRev_Impl let%span sknapsack_full2 = "../knapsack_full.rs" 45 10 45 12 - let%span sseq23 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span sseq24 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span5 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span6 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span7 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'1 (self : Seq'0.t_seq t) + let%span sseq23 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - predicate inv'1 (_x : Seq'0.t_seq t) - - axiom inv'1 : forall x : Seq'0.t_seq t . inv'1 x = true - - predicate invariant'0 (self : Seq'0.t_seq t) - - predicate inv'0 (_x : Seq'0.t_seq t) - - axiom inv'0 : forall x : Seq'0.t_seq t . inv'0 x = true + let%span span4 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'1 (self : Seq'0.t_seq t) : int - axiom len'1_spec : forall self : Seq'0.t_seq t . ([%#sseq23] inv'1 self) -> ([%#sseq24] len'1 self >= 0) - - constant empty'1 : Seq'0.t_seq t = [%#span5] () + axiom len'1_spec : forall self : Seq'0.t_seq t . [%#sseq23] len'1 self >= 0 - function empty_len'1 (_1 : ()) : () = - [%#span7] () + constant empty'1 : Seq'0.t_seq t - axiom empty_len'1_spec : forall _1 : () . [%#span6] len'1 (empty'1 : Seq'0.t_seq t) = 0 + function empty_len'1 (_1 : ()) : () - use seq.Seq + axiom empty_len'1_spec : forall _1 : () . [%#span4] len'1 (empty'1 : Seq'0.t_seq t) = 0 function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#sseq23] inv'0 self) -> ([%#sseq24] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#sseq23] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq t = [%#span5] () + constant empty'0 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span7] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span6] len'0 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span4] len'0 (empty'0 : Seq'0.t_seq t) = 0 - use seq.Seq + function index_logic'1 (self : Seq'0.t_seq t) (_2 : int) : t - function index_logic'1 (self : Seq'0.t_seq t) (x : int) : t - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'0 (self : Seq'0.t_seq t) (_2 : int) : t use prelude.prelude.Borrow @@ -312,9 +222,8 @@ module KnapsackFull_SubseqRev_Impl goal vc_subseq_rev : ([%#sknapsack_full1] 0 <= i2 /\ i2 <= len'1 s2) -> ([%#sknapsack_full0] 0 <= i1 /\ i1 <= len'0 s1) -> match i2 = 0 with - | True -> [%#sseq23] inv'0 s1 - | False -> ([%#sseq23] inv'0 s1) - /\ (([%#sseq24] len'0 s1 >= 0) + | True -> true + | False -> ([%#sseq23] len'0 s1 >= 0) -> (if i1 < len'0 s1 then if index_logic'0 s1 i1 = index_logic'1 s2 (i2 - 1) then ((([%#sknapsack_full1] 0 <= i2 - 1 /\ i2 - 1 <= len'1 s2) @@ -329,7 +238,7 @@ module KnapsackFull_SubseqRev_Impl else (([%#sknapsack_full1] 0 <= i2 - 1 /\ i2 - 1 <= len'1 s2) && ([%#sknapsack_full0] 0 <= i1 /\ i1 <= len'0 s1)) /\ 0 <= ([%#sknapsack_full2] i2) /\ ([%#sknapsack_full2] i2 - 1) < ([%#sknapsack_full2] i2) - )) + ) end end module KnapsackFull_M_Impl @@ -339,95 +248,63 @@ module KnapsackFull_M_Impl let%span sknapsack_full1 = "../knapsack_full.rs" 61 11 61 17 - let%span sknapsack_full2 = "../knapsack_full.rs" 66 11 66 16 - - let%span sknapsack_full3 = "../knapsack_full.rs" 62 10 62 21 - - let%span sknapsack_full4 = "../knapsack_full.rs" 63 0 65 2 + let%span sknapsack_full2 = "../knapsack_full.rs" 62 10 62 21 - let%span sknapsack_full5 = "../knapsack_full.rs" 59 10 59 11 + let%span sknapsack_full3 = "../knapsack_full.rs" 63 0 65 2 - let%span span6 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span sknapsack_full4 = "../knapsack_full.rs" 59 10 59 11 - let%span span7 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span5 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span8 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span6 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span9 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span7 = "../knapsack_full.rs" 36 11 36 33 - let%span span10 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span8 = "../knapsack_full.rs" 35 10 35 19 - let%span span11 = "../knapsack_full.rs" 36 11 36 33 + let%span span9 = "../knapsack_full.rs" 38 4 41 5 - let%span span12 = "../knapsack_full.rs" 35 10 35 19 + let%span span10 = "../knapsack_full.rs" 25 11 25 33 - let%span span13 = "../knapsack_full.rs" 38 4 41 5 + let%span span11 = "../knapsack_full.rs" 26 10 26 21 - let%span span14 = "../knapsack_full.rs" 25 11 25 33 + let%span span12 = "../knapsack_full.rs" 24 10 24 19 - let%span span15 = "../knapsack_full.rs" 27 21 27 22 + let%span span13 = "../knapsack_full.rs" 28 4 31 5 - let%span span16 = "../knapsack_full.rs" 26 10 26 21 + let%span span14 = "../knapsack_full.rs" 46 11 46 36 - let%span span17 = "../knapsack_full.rs" 24 10 24 19 + let%span span15 = "../knapsack_full.rs" 47 11 47 36 - let%span span18 = "../knapsack_full.rs" 28 4 31 5 + let%span span16 = "../knapsack_full.rs" 45 10 45 12 - let%span span19 = "../knapsack_full.rs" 46 11 46 36 - - let%span span20 = "../knapsack_full.rs" 47 11 47 36 - - let%span span21 = "../knapsack_full.rs" 45 10 45 12 - - let%span span22 = "../knapsack_full.rs" 49 4 55 5 + let%span span17 = "../knapsack_full.rs" 49 4 55 5 use prelude.prelude.Int - use seq.Seq - use KnapsackFull_Item_Type as Item'0 - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'1 (_x : Seq'0.t_seq (Item'0.t_item name)) - function len'1 (self : Seq'0.t_seq (Item'0.t_item name)) : int - axiom len'1_spec : forall self : Seq'0.t_seq (Item'0.t_item name) . ([%#span6] inv'1 self) - -> ([%#span7] len'1 self >= 0) - - constant empty'1 : Seq'0.t_seq (Item'0.t_item name) = [%#span8] () + axiom len'1_spec : forall self : Seq'0.t_seq (Item'0.t_item name) . [%#span5] len'1 self >= 0 - function empty_len'1 (_1 : ()) : () = - [%#span10] () + constant empty'1 : Seq'0.t_seq (Item'0.t_item name) - axiom empty_len'1_spec : forall _1 : () . [%#span9] len'1 (empty'1 : Seq'0.t_seq (Item'0.t_item name)) = 0 + function empty_len'1 (_1 : ()) : () - predicate invariant'1 (self : Seq'0.t_seq (Item'0.t_item name)) - - axiom inv'1 : forall x : Seq'0.t_seq (Item'0.t_item name) . inv'1 x = true - - predicate invariant'0 (self : Seq'0.t_seq (Item'0.t_item name)) - - predicate inv'0 (_x : Seq'0.t_seq (Item'0.t_item name)) - - axiom inv'0 : forall x : Seq'0.t_seq (Item'0.t_item name) . inv'0 x = true - - use seq.Seq + axiom empty_len'1_spec : forall _1 : () . [%#span6] len'1 (empty'1 : Seq'0.t_seq (Item'0.t_item name)) = 0 function len'0 (self : Seq'0.t_seq (Item'0.t_item name)) : int - axiom len'0_spec : forall self : Seq'0.t_seq (Item'0.t_item name) . ([%#span6] inv'0 self) - -> ([%#span7] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (Item'0.t_item name) . [%#span5] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq (Item'0.t_item name) = [%#span8] () + constant empty'0 : Seq'0.t_seq (Item'0.t_item name) - function empty_len'0 (_1 : ()) : () = - [%#span10] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span9] len'0 (empty'0 : Seq'0.t_seq (Item'0.t_item name)) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span6] len'0 (empty'0 : Seq'0.t_seq (Item'0.t_item name)) = 0 use int.MinMax @@ -437,20 +314,16 @@ module KnapsackFull_M_Impl use prelude.prelude.UIntSize - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq (Item'0.t_item name)) (x : int) : Item'0.t_item name - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq (Item'0.t_item name)) (_2 : int) : Item'0.t_item name - function index_logic'1 (self : Seq'0.t_seq (Item'0.t_item name)) (x : int) : Item'0.t_item name + function index_logic'1 (self : Seq'0.t_seq (Item'0.t_item name)) (_2 : int) : Item'0.t_item name use prelude.prelude.Borrow function sum_values'0 [#"../knapsack_full.rs" 37 0 37 55] (s : Seq'0.t_seq (Item'0.t_item name)) (i : int) : int axiom sum_values'0_def : forall s : Seq'0.t_seq (Item'0.t_item name), i : int . sum_values'0 s i - = ([%#span13] if i = len'1 s then + = ([%#span9] if i = len'1 s then 0 else UIntSize.to_int (KnapsackFull_Item_Type.item_value (index_logic'1 s i)) + sum_values'0 s (i + 1) @@ -459,20 +332,20 @@ module KnapsackFull_M_Impl function sum_weights'0 [#"../knapsack_full.rs" 27 0 27 56] (s : Seq'0.t_seq (Item'0.t_item name)) (i : int) : int axiom sum_weights'0_def : forall s : Seq'0.t_seq (Item'0.t_item name), i : int . sum_weights'0 s i - = ([%#span18] if i = len'1 s then + = ([%#span13] if i = len'1 s then 0 else UIntSize.to_int (KnapsackFull_Item_Type.item_weight (index_logic'1 s i)) + sum_weights'0 s (i + 1) ) - axiom sum_weights'0_spec : forall s : Seq'0.t_seq (Item'0.t_item name), i : int . ([%#span14] 0 <= i /\ i <= len'1 s) - -> ([%#span15] inv'1 s) -> ([%#span16] sum_weights'0 s i >= 0) + axiom sum_weights'0_spec : forall s : Seq'0.t_seq (Item'0.t_item name), i : int . ([%#span10] 0 <= i /\ i <= len'1 s) + -> ([%#span11] sum_weights'0 s i >= 0) predicate subseq_rev'0 [#"../knapsack_full.rs" 48 0 48 67] (s1 : Seq'0.t_seq (Item'0.t_item name)) (i1 : int) (s2 : Seq'0.t_seq (Item'0.t_item name)) (i2 : int) axiom subseq_rev'0_def : forall s1 : Seq'0.t_seq (Item'0.t_item name), i1 : int, s2 : Seq'0.t_seq (Item'0.t_item name), i2 : int . subseq_rev'0 s1 i1 s2 i2 - = ([%#span22] if i2 = 0 then + = ([%#span17] if i2 = 0 then i1 = len'1 s1 else i1 < len'1 s1 /\ index_logic'1 s1 i1 = index_logic'0 s2 (i2 - 1) /\ subseq_rev'0 s1 (i1 + 1) s2 (i2 - 1) @@ -487,53 +360,49 @@ module KnapsackFull_M_Impl function m [#"../knapsack_full.rs" 66 0 66 57] (items : Seq'0.t_seq (Item'0.t_item name)) (i : int) (w : int) : int - goal vc_m : ([%#sknapsack_full2] inv'0 items) - -> ([%#sknapsack_full1] 0 <= w) + goal vc_m : ([%#sknapsack_full1] 0 <= w) -> ([%#sknapsack_full0] 0 <= i /\ i <= len'0 items) -> match i = 0 with - | True -> let result = 0 in ([%#sknapsack_full4] forall j : int . forall s : Seq'0.t_seq (Item'0.t_item name) . inv'1 s - -> 0 <= j /\ j <= len'1 s /\ subseq_rev'0 s j items i /\ sum_weights'0 s j <= w -> sum_values'0 s j <= result) - && ([%#sknapsack_full3] result >= 0) + | True -> let result = 0 in ([%#sknapsack_full3] forall j : int . forall s : Seq'0.t_seq (Item'0.t_item name) . 0 + <= j + /\ j <= len'1 s /\ subseq_rev'0 s j items i /\ sum_weights'0 s j <= w -> sum_values'0 s j <= result) + && ([%#sknapsack_full2] result >= 0) | False -> match UIntSize.to_int (KnapsackFull_Item_Type.item_weight (index_logic'0 items (i - 1))) > w with - | True -> ((([%#sknapsack_full2] inv'0 items) - && ([%#sknapsack_full1] 0 <= w) && ([%#sknapsack_full0] 0 <= i - 1 /\ i - 1 <= len'0 items)) - /\ 0 <= ([%#sknapsack_full5] i) /\ ([%#sknapsack_full5] i - 1) < ([%#sknapsack_full5] i)) - /\ (([%#sknapsack_full4] forall j : int . forall s : Seq'0.t_seq (Item'0.t_item name) . inv'1 s - -> 0 <= j /\ j <= len'1 s /\ subseq_rev'0 s j items (i - 1) /\ sum_weights'0 s j <= w + | True -> ((([%#sknapsack_full1] 0 <= w) && ([%#sknapsack_full0] 0 <= i - 1 /\ i - 1 <= len'0 items)) + /\ 0 <= ([%#sknapsack_full4] i) /\ ([%#sknapsack_full4] i - 1) < ([%#sknapsack_full4] i)) + /\ (([%#sknapsack_full3] forall j : int . forall s : Seq'0.t_seq (Item'0.t_item name) . 0 <= j + /\ j <= len'1 s /\ subseq_rev'0 s j items (i - 1) /\ sum_weights'0 s j <= w -> sum_values'0 s j <= m items (i - 1) w) - && ([%#sknapsack_full3] m items (i - 1) w >= 0) + && ([%#sknapsack_full2] m items (i - 1) w >= 0) -> (let result = m items (i - - 1) w in ([%#sknapsack_full4] forall j : int . forall s : Seq'0.t_seq (Item'0.t_item name) . inv'1 s - -> 0 <= j /\ j <= len'1 s /\ subseq_rev'0 s j items i /\ sum_weights'0 s j <= w -> sum_values'0 s j <= result) - && ([%#sknapsack_full3] result >= 0))) - | False -> ((([%#sknapsack_full2] inv'0 items) - && ([%#sknapsack_full1] 0 <= w) && ([%#sknapsack_full0] 0 <= i - 1 /\ i - 1 <= len'0 items)) - /\ 0 <= ([%#sknapsack_full5] i) /\ ([%#sknapsack_full5] i - 1) < ([%#sknapsack_full5] i)) - /\ (([%#sknapsack_full4] forall j : int . forall s : Seq'0.t_seq (Item'0.t_item name) . inv'1 s - -> 0 <= j /\ j <= len'1 s /\ subseq_rev'0 s j items (i - 1) /\ sum_weights'0 s j <= w + - 1) w in ([%#sknapsack_full3] forall j : int . forall s : Seq'0.t_seq (Item'0.t_item name) . 0 <= j + /\ j <= len'1 s /\ subseq_rev'0 s j items i /\ sum_weights'0 s j <= w -> sum_values'0 s j <= result) + && ([%#sknapsack_full2] result >= 0))) + | False -> ((([%#sknapsack_full1] 0 <= w) && ([%#sknapsack_full0] 0 <= i - 1 /\ i - 1 <= len'0 items)) + /\ 0 <= ([%#sknapsack_full4] i) /\ ([%#sknapsack_full4] i - 1) < ([%#sknapsack_full4] i)) + /\ (([%#sknapsack_full3] forall j : int . forall s : Seq'0.t_seq (Item'0.t_item name) . 0 <= j + /\ j <= len'1 s /\ subseq_rev'0 s j items (i - 1) /\ sum_weights'0 s j <= w -> sum_values'0 s j <= m items (i - 1) w) - && ([%#sknapsack_full3] m items (i - 1) w >= 0) - -> ((([%#sknapsack_full2] inv'0 items) - && ([%#sknapsack_full1] 0 + && ([%#sknapsack_full2] m items (i - 1) w >= 0) + -> ((([%#sknapsack_full1] 0 <= w - UIntSize.to_int (KnapsackFull_Item_Type.item_weight (index_logic'0 items (i - 1)))) && ([%#sknapsack_full0] 0 <= i - 1 /\ i - 1 <= len'0 items)) - /\ 0 <= ([%#sknapsack_full5] i) /\ ([%#sknapsack_full5] i - 1) < ([%#sknapsack_full5] i)) - /\ (([%#sknapsack_full4] forall j : int . forall s : Seq'0.t_seq (Item'0.t_item name) . inv'1 s - -> 0 <= j + /\ 0 <= ([%#sknapsack_full4] i) /\ ([%#sknapsack_full4] i - 1) < ([%#sknapsack_full4] i)) + /\ (([%#sknapsack_full3] forall j : int . forall s : Seq'0.t_seq (Item'0.t_item name) . 0 <= j /\ j <= len'1 s /\ subseq_rev'0 s j items (i - 1) /\ sum_weights'0 s j <= w - UIntSize.to_int (KnapsackFull_Item_Type.item_weight (index_logic'0 items (i - 1))) -> sum_values'0 s j <= m items (i - 1) (w - UIntSize.to_int (KnapsackFull_Item_Type.item_weight (index_logic'0 items (i - 1))))) - && ([%#sknapsack_full3] m items (i - 1) (w + && ([%#sknapsack_full2] m items (i - 1) (w - UIntSize.to_int (KnapsackFull_Item_Type.item_weight (index_logic'0 items (i - 1)))) >= 0) -> (let result = MinMax.max (m items (i - 1) w) (m items (i - 1) (w - UIntSize.to_int (KnapsackFull_Item_Type.item_weight (index_logic'0 items (i - 1)))) + UIntSize.to_int (KnapsackFull_Item_Type.item_value (index_logic'0 items (i - - 1)))) in ([%#sknapsack_full4] forall j : int . forall s : Seq'0.t_seq (Item'0.t_item name) . inv'1 s - -> 0 <= j /\ j <= len'1 s /\ subseq_rev'0 s j items i /\ sum_weights'0 s j <= w -> sum_values'0 s j <= result) - && ([%#sknapsack_full3] result >= 0)))) + - 1)))) in ([%#sknapsack_full3] forall j : int . forall s : Seq'0.t_seq (Item'0.t_item name) . 0 <= j + /\ j <= len'1 s /\ subseq_rev'0 s j items i /\ sum_weights'0 s j <= w -> sum_values'0 s j <= result) + && ([%#sknapsack_full2] result >= 0)))) end end end @@ -773,471 +642,425 @@ module KnapsackFull_Knapsack01Dyn let%span sknapsack_full29 = "../knapsack_full.rs" 85 75 85 91 - let%span span30 = "" 0 0 0 0 + let%span span30 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span31 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span31 = "" 0 0 0 0 - let%span span32 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span32 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 let%span span33 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 let%span span34 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span35 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span35 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span36 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span36 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span37 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 + let%span span37 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span38 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span38 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span39 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span39 = "../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 - let%span span40 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span40 = "../../../../creusot-contracts/src/std/ops.rs" 207 20 207 24 - let%span span41 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span41 = "../../../../creusot-contracts/src/std/ops.rs" 206 4 206 88 - let%span span42 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span42 = "../../../../creusot-contracts/src/std/iter/range.rs" 46 62 46 63 - let%span span43 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span43 = "../../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 - let%span span44 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span44 = "../../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 - let%span span45 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span45 = "../../../../creusot-contracts/src/std/iter/range.rs" 65 8 71 9 - let%span span46 = "../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 + let%span span46 = "../../../../creusot-contracts/src/std/iter/range.rs" 81 15 81 32 - let%span span47 = "../../../../creusot-contracts/src/std/ops.rs" 207 20 207 24 + let%span span47 = "../../../../creusot-contracts/src/std/iter/range.rs" 82 15 82 32 - let%span span48 = "../../../../creusot-contracts/src/std/ops.rs" 206 4 206 88 + let%span span48 = "../../../../creusot-contracts/src/std/iter/range.rs" 84 22 84 23 - let%span span49 = "../../../../creusot-contracts/src/std/iter/range.rs" 46 62 46 63 + let%span span49 = "../../../../creusot-contracts/src/std/iter/range.rs" 84 52 84 53 - let%span span50 = "../../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 + let%span span50 = "../../../../creusot-contracts/src/std/iter/range.rs" 84 82 84 83 - let%span span51 = "../../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 + let%span span51 = "../../../../creusot-contracts/src/std/iter/range.rs" 83 14 83 42 - let%span span52 = "../../../../creusot-contracts/src/std/iter/range.rs" 65 8 71 9 + let%span span52 = "../../../../creusot-contracts/src/std/iter/range.rs" 79 4 79 10 - let%span span53 = "../../../../creusot-contracts/src/std/iter/range.rs" 81 15 81 32 + let%span span53 = "../../../../creusot-contracts/src/std/iter/range.rs" 77 21 77 25 - let%span span54 = "../../../../creusot-contracts/src/std/iter/range.rs" 82 15 82 32 + let%span span54 = "../../../../creusot-contracts/src/std/iter/range.rs" 76 14 76 45 - let%span span55 = "../../../../creusot-contracts/src/std/iter/range.rs" 84 22 84 23 + let%span span55 = "../../../../creusot-contracts/src/std/iter/range.rs" 74 4 74 10 - let%span span56 = "../../../../creusot-contracts/src/std/iter/range.rs" 84 31 84 33 + let%span span56 = "../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 - let%span span57 = "../../../../creusot-contracts/src/std/iter/range.rs" 84 52 84 53 + let%span span57 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 - let%span span58 = "../../../../creusot-contracts/src/std/iter/range.rs" 84 61 84 63 + let%span span58 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 - let%span span59 = "../../../../creusot-contracts/src/std/iter/range.rs" 84 82 84 83 + let%span span59 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 - let%span span60 = "../../../../creusot-contracts/src/std/iter/range.rs" 83 14 83 42 + let%span span60 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 - let%span span61 = "../../../../creusot-contracts/src/std/iter/range.rs" 79 4 79 10 + let%span span61 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 - let%span span62 = "../../../../creusot-contracts/src/std/iter/range.rs" 77 21 77 25 + let%span span62 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 - let%span span63 = "../../../../creusot-contracts/src/std/iter/range.rs" 76 14 76 45 + let%span span63 = "../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 - let%span span64 = "../../../../creusot-contracts/src/std/iter/range.rs" 74 4 74 10 + let%span span64 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 - let%span span65 = "../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 + let%span span65 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span66 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span span66 = "../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span67 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span span67 = "../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span68 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 + let%span span68 = "../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span69 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 31 40 33 + let%span span69 = "../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span70 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 + let%span span70 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span71 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 61 40 63 + let%span span71 = "" 0 0 0 0 - let%span span72 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 + let%span span72 = "" 0 0 0 0 - let%span span73 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span span73 = "../../../../creusot-contracts/src/std/vec.rs" 82 26 82 51 - let%span span74 = "../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 + let%span span74 = "../knapsack_full.rs" 46 11 46 36 - let%span span75 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span span75 = "../knapsack_full.rs" 47 11 47 36 - let%span span76 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span76 = "../knapsack_full.rs" 45 10 45 12 - let%span span77 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span77 = "../knapsack_full.rs" 49 4 55 5 - let%span span78 = "../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span78 = "../knapsack_full.rs" 36 11 36 33 - let%span span79 = "../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span79 = "../knapsack_full.rs" 35 10 35 19 - let%span span80 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span80 = "../knapsack_full.rs" 38 4 41 5 - let%span span81 = "../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span81 = "../knapsack_full.rs" 25 11 25 33 - let%span span82 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span82 = "../knapsack_full.rs" 26 10 26 21 - let%span span83 = "" 0 0 0 0 + let%span span83 = "../knapsack_full.rs" 24 10 24 19 - let%span span84 = "" 0 0 0 0 + let%span span84 = "../knapsack_full.rs" 28 4 31 5 - let%span span85 = "../../../../creusot-contracts/src/std/vec.rs" 82 26 82 51 + let%span span85 = "../../../../creusot-contracts/src/std/vec.rs" 73 26 73 44 - let%span span86 = "../knapsack_full.rs" 46 11 46 36 + let%span span86 = "" 0 0 0 0 - let%span span87 = "../knapsack_full.rs" 47 11 47 36 + let%span span87 = "../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 - let%span span88 = "../knapsack_full.rs" 45 10 45 12 + let%span span88 = "../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 - let%span span89 = "../knapsack_full.rs" 49 4 55 5 + let%span span89 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span90 = "../knapsack_full.rs" 36 11 36 33 + let%span span90 = "../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 - let%span span91 = "../knapsack_full.rs" 35 10 35 19 + let%span span91 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span92 = "../knapsack_full.rs" 38 4 41 5 + let%span span92 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span93 = "../knapsack_full.rs" 25 11 25 33 + let%span span93 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 - let%span span94 = "../knapsack_full.rs" 27 21 27 22 + let%span span94 = "" 0 0 0 0 - let%span span95 = "../knapsack_full.rs" 26 10 26 21 + let%span span95 = "" 0 0 0 0 - let%span span96 = "../knapsack_full.rs" 24 10 24 19 + let%span span96 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 - let%span span97 = "../knapsack_full.rs" 28 4 31 5 + let%span span97 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 - let%span span98 = "../../../../creusot-contracts/src/std/vec.rs" 73 26 73 44 + let%span span98 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 - let%span span99 = "" 0 0 0 0 + let%span span99 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 - let%span span100 = "../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 + let%span span100 = "" 0 0 0 0 - let%span span101 = "../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 + let%span span101 = "../knapsack_full.rs" 14 10 14 31 - let%span span102 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span102 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span103 = "../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 + let%span span103 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 - let%span span104 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span104 = "" 0 0 0 0 - let%span span105 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span105 = "" 0 0 0 0 - let%span span106 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 + let%span span106 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 let%span span107 = "" 0 0 0 0 - let%span span108 = "" 0 0 0 0 + let%span span108 = "../../../../creusot-contracts/src/std/iter/range.rs" 58 12 58 57 - let%span span109 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 + let%span span109 = "" 0 0 0 0 - let%span span110 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 + let%span span110 = "../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - let%span span111 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 + let%span span111 = "" 0 0 0 0 - let%span span112 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 + let%span span112 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span113 = "" 0 0 0 0 + let%span span113 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span114 = "../knapsack_full.rs" 14 10 14 31 + let%span span114 = "../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - let%span span115 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span115 = "../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - let%span span116 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 + let%span span116 = "../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 let%span span117 = "" 0 0 0 0 let%span span118 = "" 0 0 0 0 - let%span span119 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 + let%span span119 = "" 0 0 0 0 let%span span120 = "" 0 0 0 0 - let%span span121 = "../../../../creusot-contracts/src/std/iter/range.rs" 58 12 58 57 + let%span span121 = "../../../../creusot-contracts/src/std/ops.rs" 220 26 220 53 - let%span span122 = "" 0 0 0 0 + let%span span122 = "../../../../creusot-contracts/src/std/ops.rs" 221 26 221 49 - let%span span123 = "../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 + let%span span123 = "../../../../creusot-contracts/src/std/ops.rs" 222 16 222 93 let%span span124 = "" 0 0 0 0 - let%span span125 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span125 = "../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 - let%span span126 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span126 = "" 0 0 0 0 - let%span span127 = "../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 + let%span span127 = "" 0 0 0 0 - let%span span128 = "../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 + let%span span128 = "../knapsack_full.rs" 60 11 60 37 - let%span span129 = "../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 + let%span span129 = "../knapsack_full.rs" 61 11 61 17 - let%span span130 = "" 0 0 0 0 + let%span span130 = "../knapsack_full.rs" 62 10 62 21 - let%span span131 = "" 0 0 0 0 + let%span span131 = "../knapsack_full.rs" 63 0 65 2 - let%span span132 = "" 0 0 0 0 + let%span span132 = "../knapsack_full.rs" 59 10 59 11 - let%span span133 = "" 0 0 0 0 + let%span span133 = "../knapsack_full.rs" 67 4 74 5 - let%span span134 = "../../../../creusot-contracts/src/std/ops.rs" 220 26 220 53 + let%span span134 = "" 0 0 0 0 - let%span span135 = "../../../../creusot-contracts/src/std/ops.rs" 221 26 221 49 + let%span span135 = "../../../../creusot-contracts/src/std/vec.rs" 174 22 174 41 - let%span span136 = "../../../../creusot-contracts/src/std/ops.rs" 222 16 222 93 + let%span span136 = "../../../../creusot-contracts/src/std/vec.rs" 175 12 175 78 let%span span137 = "" 0 0 0 0 - let%span span138 = "../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 - - let%span span139 = "" 0 0 0 0 - - let%span span140 = "" 0 0 0 0 + let%span span138 = "" 0 0 0 0 - let%span span141 = "../knapsack_full.rs" 60 11 60 37 + let%span span139 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 - let%span span142 = "../knapsack_full.rs" 61 11 61 17 - - let%span span143 = "../knapsack_full.rs" 66 11 66 16 + use KnapsackFull_Item_Type as Item'0 - let%span span144 = "../knapsack_full.rs" 62 10 62 21 + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - let%span span145 = "../knapsack_full.rs" 63 0 65 2 + predicate invariant'22 (self : Seq'0.t_seq (Item'0.t_item name)) - let%span span146 = "../knapsack_full.rs" 59 10 59 11 + predicate inv'22 (_x : Seq'0.t_seq (Item'0.t_item name)) - let%span span147 = "../knapsack_full.rs" 67 4 74 5 + axiom inv'22 : forall x : Seq'0.t_seq (Item'0.t_item name) . inv'22 x = true - let%span span148 = "" 0 0 0 0 + use Alloc_Alloc_Global_Type as Global'0 - let%span span149 = "../../../../creusot-contracts/src/std/vec.rs" 174 22 174 41 + use prelude.prelude.UIntSize - let%span span150 = "../../../../creusot-contracts/src/std/vec.rs" 175 12 175 78 + use Alloc_Vec_Vec_Type as Vec'0 - let%span span151 = "" 0 0 0 0 + predicate invariant'21 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = + [%#span30] true - let%span span152 = "" 0 0 0 0 + predicate inv'21 (_x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) - let%span span153 = "../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 + axiom inv'21 : forall x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . inv'21 x = true - use KnapsackFull_Item_Type as Item'0 + predicate invariant'20 (self : Seq'0.t_seq (Item'0.t_item name)) - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + predicate inv'20 (_x : Seq'0.t_seq (Item'0.t_item name)) - predicate inv'10 (_x : Seq'0.t_seq (Item'0.t_item name)) - - use Alloc_Alloc_Global_Type as Global'0 - - use Alloc_Vec_Vec_Type as Vec'0 - - use prelude.prelude.UIntSize + axiom inv'20 : forall x : Seq'0.t_seq (Item'0.t_item name) . inv'20 x = true use prelude.prelude.UIntSize use prelude.prelude.Int - constant max'1 : usize = [%#span30] (18446744073709551615 : usize) - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + constant max'1 : usize = [%#span31] (18446744073709551615 : usize) function len'1 (self : Seq'0.t_seq (Item'0.t_item name)) : int - axiom len'1_spec : forall self : Seq'0.t_seq (Item'0.t_item name) . ([%#span31] inv'10 self) - -> ([%#span32] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq (Item'0.t_item name) . [%#span32] len'1 self >= 0 - predicate inv'22 (_x : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) + predicate inv'19 (_x : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) function shallow_model'4 (self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) : Seq'0.t_seq (Item'0.t_item name) - axiom shallow_model'4_spec : forall self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global) . ([%#span33] inv'22 self) - -> ([%#span35] inv'10 (shallow_model'4 self)) - && ([%#span34] len'1 (shallow_model'4 self) <= UIntSize.to_int (max'1 : usize)) + axiom shallow_model'4_spec : forall self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global) . ([%#span33] inv'19 self) + -> ([%#span34] len'1 (shallow_model'4 self) <= UIntSize.to_int (max'1 : usize)) - predicate invariant'22 (self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) = - [%#span36] inv'10 (shallow_model'4 self) + predicate invariant'19 (self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) = + [%#span35] inv'22 (shallow_model'4 self) - axiom inv'22 : forall x : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global) . inv'22 x = true + axiom inv'19 : forall x : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global) . inv'19 x = true use prelude.prelude.Borrow - predicate invariant'21 (self : borrowed (Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global))) + predicate invariant'18 (self : borrowed (Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global))) - predicate inv'21 (_x : borrowed (Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global))) + predicate inv'18 (_x : borrowed (Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global))) - axiom inv'21 : forall x : borrowed (Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) . inv'21 x = true + axiom inv'18 : forall x : borrowed (Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) . inv'18 x = true - predicate invariant'20 (self : borrowed usize) = - [%#span37] true + predicate invariant'17 (self : borrowed usize) = + [%#span30] true - predicate inv'20 (_x : borrowed usize) + predicate inv'17 (_x : borrowed usize) - axiom inv'20 : forall x : borrowed usize . inv'20 x = true + axiom inv'17 : forall x : borrowed usize . inv'17 x = true - predicate invariant'19 (self : borrowed (Vec'0.t_vec usize (Global'0.t_global))) = - [%#span37] true + predicate invariant'16 (self : borrowed (Vec'0.t_vec usize (Global'0.t_global))) = + [%#span30] true - predicate inv'19 (_x : borrowed (Vec'0.t_vec usize (Global'0.t_global))) + predicate inv'16 (_x : borrowed (Vec'0.t_vec usize (Global'0.t_global))) - axiom inv'19 : forall x : borrowed (Vec'0.t_vec usize (Global'0.t_global)) . inv'19 x = true + axiom inv'16 : forall x : borrowed (Vec'0.t_vec usize (Global'0.t_global)) . inv'16 x = true - predicate invariant'18 (self : borrowed (Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global))) = - [%#span37] true + predicate invariant'15 (self : borrowed (Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global))) = + [%#span30] true - predicate inv'18 (_x : borrowed (Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global))) + predicate inv'15 (_x : borrowed (Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global))) - axiom inv'18 : forall x : borrowed (Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) . inv'18 x + axiom inv'15 : forall x : borrowed (Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) . inv'15 x = true - predicate invariant'17 (self : usize) = - [%#span37] true + predicate invariant'14 (self : usize) = + [%#span30] true - predicate inv'17 (_x : usize) + predicate inv'14 (_x : usize) - axiom inv'17 : forall x : usize . inv'17 x = true + axiom inv'14 : forall x : usize . inv'14 x = true - predicate invariant'16 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span37] true + predicate invariant'13 (self : Vec'0.t_vec usize (Global'0.t_global)) = + [%#span30] true - predicate inv'16 (_x : Vec'0.t_vec usize (Global'0.t_global)) + predicate inv'13 (_x : Vec'0.t_vec usize (Global'0.t_global)) - axiom inv'16 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'16 x = true + axiom inv'13 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'13 x = true - predicate invariant'15 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) = - [%#span37] true + predicate invariant'12 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) = + [%#span30] true - predicate inv'15 (_x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) + predicate inv'12 (_x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) - axiom inv'15 : forall x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . inv'15 x = true + axiom inv'12 : forall x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . inv'12 x = true use Core_Ops_Range_RangeInclusive_Type as RangeInclusive'0 - predicate invariant'14 (self : borrowed (RangeInclusive'0.t_rangeinclusive usize)) = - [%#span37] true + predicate invariant'11 (self : borrowed (RangeInclusive'0.t_rangeinclusive usize)) = + [%#span30] true - predicate inv'14 (_x : borrowed (RangeInclusive'0.t_rangeinclusive usize)) + predicate inv'11 (_x : borrowed (RangeInclusive'0.t_rangeinclusive usize)) - axiom inv'14 : forall x : borrowed (RangeInclusive'0.t_rangeinclusive usize) . inv'14 x = true + axiom inv'11 : forall x : borrowed (RangeInclusive'0.t_rangeinclusive usize) . inv'11 x = true use Core_Option_Option_Type as Option'0 - predicate invariant'13 (self : Option'0.t_option usize) = - [%#span37] true + predicate invariant'10 (self : Option'0.t_option usize) = + [%#span30] true - predicate inv'13 (_x : Option'0.t_option usize) + predicate inv'10 (_x : Option'0.t_option usize) - axiom inv'13 : forall x : Option'0.t_option usize . inv'13 x = true + axiom inv'10 : forall x : Option'0.t_option usize . inv'10 x = true use Core_Ops_Range_Range_Type as Range'0 - predicate invariant'12 (self : borrowed (Range'0.t_range usize)) = - [%#span37] true - - predicate inv'12 (_x : borrowed (Range'0.t_range usize)) - - axiom inv'12 : forall x : borrowed (Range'0.t_range usize) . inv'12 x = true - - predicate invariant'11 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = - [%#span37] true - - predicate inv'11 (_x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) - - axiom inv'11 : forall x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . inv'11 x = true - - predicate invariant'10 (self : Seq'0.t_seq (Item'0.t_item name)) + predicate invariant'9 (self : borrowed (Range'0.t_range usize)) = + [%#span30] true - axiom inv'10 : forall x : Seq'0.t_seq (Item'0.t_item name) . inv'10 x = true + predicate inv'9 (_x : borrowed (Range'0.t_range usize)) - predicate invariant'9 (self : Seq'0.t_seq usize) = - [%#span37] true + axiom inv'9 : forall x : borrowed (Range'0.t_range usize) . inv'9 x = true - predicate inv'9 (_x : Seq'0.t_seq usize) + predicate invariant'8 (self : Seq'0.t_seq usize) = + [%#span30] true - axiom inv'9 : forall x : Seq'0.t_seq usize . inv'9 x = true + predicate inv'8 (_x : Seq'0.t_seq usize) - use seq.Seq + axiom inv'8 : forall x : Seq'0.t_seq usize . inv'8 x = true function len'2 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) : int - axiom len'2_spec : forall self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . ([%#span31] inv'11 self) - -> ([%#span32] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . [%#span32] len'2 self >= 0 - predicate inv'8 (_x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) + predicate inv'7 (_x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) function shallow_model'1 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) - axiom shallow_model'1_spec : forall self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . ([%#span33] inv'8 self) - -> ([%#span35] inv'11 (shallow_model'1 self)) - && ([%#span34] len'2 (shallow_model'1 self) <= UIntSize.to_int (max'1 : usize)) + axiom shallow_model'1_spec : forall self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . ([%#span33] inv'7 self) + -> ([%#span34] len'2 (shallow_model'1 self) <= UIntSize.to_int (max'1 : usize)) - predicate invariant'8 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) = - [%#span36] inv'11 (shallow_model'1 self) + predicate invariant'7 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) = + [%#span35] inv'21 (shallow_model'1 self) - axiom inv'8 : forall x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . inv'8 x = true - - use seq.Seq + axiom inv'7 : forall x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . inv'7 x = true function len'3 (self : Seq'0.t_seq usize) : int - axiom len'3_spec : forall self : Seq'0.t_seq usize . ([%#span31] inv'9 self) -> ([%#span32] len'3 self >= 0) + axiom len'3_spec : forall self : Seq'0.t_seq usize . [%#span32] len'3 self >= 0 - predicate inv'7 (_x : Vec'0.t_vec usize (Global'0.t_global)) + predicate inv'6 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'2 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'2_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span33] inv'7 self) - -> ([%#span35] inv'9 (shallow_model'2 self)) - && ([%#span34] len'3 (shallow_model'2 self) <= UIntSize.to_int (max'1 : usize)) - - predicate invariant'7 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span36] inv'9 (shallow_model'2 self) + axiom shallow_model'2_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span33] inv'6 self) + -> ([%#span34] len'3 (shallow_model'2 self) <= UIntSize.to_int (max'1 : usize)) - axiom inv'7 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'7 x = true + predicate invariant'6 (self : Vec'0.t_vec usize (Global'0.t_global)) = + [%#span35] inv'8 (shallow_model'2 self) - predicate invariant'6 (self : usize) = - [%#span37] true + axiom inv'6 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'6 x = true - predicate inv'6 (_x : usize) + predicate invariant'5 (self : usize) = + [%#span30] true - axiom inv'6 : forall x : usize . inv'6 x = true + predicate inv'5 (_x : usize) - predicate inv'4 (_x : Seq'0.t_seq (Item'0.t_item name)) - - use seq.Seq + axiom inv'5 : forall x : usize . inv'5 x = true function len'4 (self : Seq'0.t_seq (Item'0.t_item name)) : int - axiom len'4_spec : forall self : Seq'0.t_seq (Item'0.t_item name) . ([%#span31] inv'4 self) - -> ([%#span32] len'4 self >= 0) + axiom len'4_spec : forall self : Seq'0.t_seq (Item'0.t_item name) . [%#span32] len'4 self >= 0 - predicate inv'5 (_x : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) + predicate inv'4 (_x : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) function shallow_model'3 (self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) : Seq'0.t_seq (Item'0.t_item name) - axiom shallow_model'3_spec : forall self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global) . ([%#span33] inv'5 self) - -> ([%#span35] inv'4 (shallow_model'3 self)) - && ([%#span34] len'4 (shallow_model'3 self) <= UIntSize.to_int (max'1 : usize)) - - predicate invariant'5 (self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) = - [%#span36] inv'4 (shallow_model'3 self) + axiom shallow_model'3_spec : forall self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global) . ([%#span33] inv'4 self) + -> ([%#span34] len'4 (shallow_model'3 self) <= UIntSize.to_int (max'1 : usize)) - axiom inv'5 : forall x : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global) . inv'5 x = true + predicate invariant'4 (self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) = + [%#span35] inv'20 (shallow_model'3 self) - constant empty'3 : Seq'0.t_seq (Item'0.t_item name) = [%#span38] () + axiom inv'4 : forall x : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global) . inv'4 x = true - function empty_len'3 (_1 : ()) : () = - [%#span40] () + constant empty'3 : Seq'0.t_seq (Item'0.t_item name) - axiom empty_len'3_spec : forall _1 : () . [%#span39] len'4 (empty'3 : Seq'0.t_seq (Item'0.t_item name)) = 0 + function empty_len'3 (_1 : ()) : () - predicate invariant'4 (self : Seq'0.t_seq (Item'0.t_item name)) - - axiom inv'4 : forall x : Seq'0.t_seq (Item'0.t_item name) . inv'4 x = true + axiom empty_len'3_spec : forall _1 : () . [%#span36] len'4 (empty'3 : Seq'0.t_seq (Item'0.t_item name)) = 0 predicate invariant'3 (self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) @@ -1245,21 +1068,15 @@ module KnapsackFull_Knapsack01Dyn axiom inv'3 : forall x : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global) . inv'3 x = true - use seq.Seq - - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'1 (self : Seq'0.t_seq usize) (_2 : int) : usize function concat'0 (self : Seq'0.t_seq usize) (other : Seq'0.t_seq usize) : Seq'0.t_seq usize - axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span41] inv'9 self) - -> ([%#span42] inv'9 other) - -> ([%#span45] inv'9 (concat'0 self other)) - && ([%#span44] forall i : int . 0 <= i /\ i < len'3 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span38] forall i : int . 0 <= i + /\ i < len'3 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'3 self then index_logic'1 self i else index_logic'1 other (i - len'3 self))) - && ([%#span43] len'3 (concat'0 self other) = len'3 self + len'3 other) + && ([%#span37] len'3 (concat'0 self other) = len'3 self + len'3 other) predicate inv'2 (_x : RangeInclusive'0.t_rangeinclusive usize) @@ -1268,7 +1085,7 @@ module KnapsackFull_Knapsack01Dyn function start_log'0 (self : RangeInclusive'0.t_rangeinclusive usize) : usize function deep_model'0 (self : usize) : int = - [%#span46] UIntSize.to_int self + [%#span39] UIntSize.to_int self function end_log'0 (self : RangeInclusive'0.t_rangeinclusive usize) : usize @@ -1276,19 +1093,19 @@ module KnapsackFull_Knapsack01Dyn function is_empty_log'0 (self : RangeInclusive'0.t_rangeinclusive usize) : bool - axiom is_empty_log'0_spec : forall self : RangeInclusive'0.t_rangeinclusive usize . ([%#span47] inv'2 self) - -> ([%#span48] not is_empty_log'0 self -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self)) + axiom is_empty_log'0_spec : forall self : RangeInclusive'0.t_rangeinclusive usize . ([%#span40] inv'2 self) + -> ([%#span41] not is_empty_log'0 self -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self)) function range_inclusive_len'0 (r : RangeInclusive'0.t_rangeinclusive usize) : int = - [%#span51] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 + [%#span44] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 - axiom range_inclusive_len'0_spec : forall r : RangeInclusive'0.t_rangeinclusive usize . ([%#span49] inv'2 r) - -> ([%#span50] is_empty_log'0 r = (range_inclusive_len'0 r = 0)) + axiom range_inclusive_len'0_spec : forall r : RangeInclusive'0.t_rangeinclusive usize . ([%#span42] inv'2 r) + -> ([%#span43] is_empty_log'0 r = (range_inclusive_len'0 r = 0)) predicate produces'1 (self : RangeInclusive'0.t_rangeinclusive usize) (visited : Seq'0.t_seq usize) (o : RangeInclusive'0.t_rangeinclusive usize) = - [%#span52] len'3 visited = range_inclusive_len'0 self - range_inclusive_len'0 o + [%#span45] len'3 visited = range_inclusive_len'0 self - range_inclusive_len'0 o /\ (is_empty_log'0 self -> is_empty_log'0 o) /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) /\ (forall i : int . 0 <= i /\ i < len'3 visited @@ -1297,25 +1114,23 @@ module KnapsackFull_Knapsack01Dyn function produces_trans'1 (a : RangeInclusive'0.t_rangeinclusive usize) (ab : Seq'0.t_seq usize) (b : RangeInclusive'0.t_rangeinclusive usize) (bc : Seq'0.t_seq usize) (c : RangeInclusive'0.t_rangeinclusive usize) : () = - [%#span61] () + [%#span52] () - axiom produces_trans'1_spec : forall a : RangeInclusive'0.t_rangeinclusive usize, ab : Seq'0.t_seq usize, b : RangeInclusive'0.t_rangeinclusive usize, bc : Seq'0.t_seq usize, c : RangeInclusive'0.t_rangeinclusive usize . ([%#span53] produces'1 a ab b) - -> ([%#span54] produces'1 b bc c) - -> ([%#span55] inv'2 a) - -> ([%#span56] inv'9 ab) - -> ([%#span57] inv'2 b) - -> ([%#span58] inv'9 bc) -> ([%#span59] inv'2 c) -> ([%#span60] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'1_spec : forall a : RangeInclusive'0.t_rangeinclusive usize, ab : Seq'0.t_seq usize, b : RangeInclusive'0.t_rangeinclusive usize, bc : Seq'0.t_seq usize, c : RangeInclusive'0.t_rangeinclusive usize . ([%#span46] produces'1 a ab b) + -> ([%#span47] produces'1 b bc c) + -> ([%#span48] inv'2 a) + -> ([%#span49] inv'2 b) -> ([%#span50] inv'2 c) -> ([%#span51] produces'1 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq usize = [%#span38] () + constant empty'0 : Seq'0.t_seq usize function produces_refl'1 (self : RangeInclusive'0.t_rangeinclusive usize) : () = - [%#span64] () + [%#span55] () - axiom produces_refl'1_spec : forall self : RangeInclusive'0.t_rangeinclusive usize . ([%#span62] inv'2 self) - -> ([%#span63] produces'1 self (empty'0 : Seq'0.t_seq usize) self) + axiom produces_refl'1_spec : forall self : RangeInclusive'0.t_rangeinclusive usize . ([%#span53] inv'2 self) + -> ([%#span54] produces'1 self (empty'0 : Seq'0.t_seq usize) self) predicate invariant'2 (self : RangeInclusive'0.t_rangeinclusive usize) = - [%#span37] true + [%#span30] true axiom inv'2 : forall x : RangeInclusive'0.t_rangeinclusive usize . inv'2 x = true @@ -1325,27 +1140,25 @@ module KnapsackFull_Knapsack01Dyn axiom inv'1 : forall x : Item'0.t_item name . inv'1 x = true - constant empty'2 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) = [%#span38] () + constant empty'2 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) - function empty_len'2 (_1 : ()) : () = - [%#span40] () + function empty_len'2 (_1 : ()) : () - axiom empty_len'2_spec : forall _1 : () . [%#span39] len'2 (empty'2 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) + axiom empty_len'2_spec : forall _1 : () . [%#span36] len'2 (empty'2 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = 0 - constant empty'1 : Seq'0.t_seq (Item'0.t_item name) = [%#span38] () + constant empty'1 : Seq'0.t_seq (Item'0.t_item name) - function empty_len'1 (_1 : ()) : () = - [%#span40] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span39] len'1 (empty'1 : Seq'0.t_seq (Item'0.t_item name)) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span36] len'1 (empty'1 : Seq'0.t_seq (Item'0.t_item name)) = 0 predicate inv'0 (_x : Range'0.t_range usize) use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type predicate produces'0 (self : Range'0.t_range usize) (visited : Seq'0.t_seq usize) (o : Range'0.t_range usize) = - [%#span65] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o + [%#span56] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start self) <= deep_model'0 (Core_Ops_Range_Range_Type.range_start o) /\ (len'3 visited > 0 @@ -1358,82 +1171,69 @@ module KnapsackFull_Knapsack01Dyn function produces_trans'0 (a : Range'0.t_range usize) (ab : Seq'0.t_seq usize) (b : Range'0.t_range usize) (bc : Seq'0.t_seq usize) (c : Range'0.t_range usize) : () - axiom produces_trans'0_spec : forall a : Range'0.t_range usize, ab : Seq'0.t_seq usize, b : Range'0.t_range usize, bc : Seq'0.t_seq usize, c : Range'0.t_range usize . ([%#span66] produces'0 a ab b) - -> ([%#span67] produces'0 b bc c) - -> ([%#span68] inv'0 a) - -> ([%#span69] inv'9 ab) - -> ([%#span70] inv'0 b) - -> ([%#span71] inv'9 bc) -> ([%#span72] inv'0 c) -> ([%#span73] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : Range'0.t_range usize, ab : Seq'0.t_seq usize, b : Range'0.t_range usize, bc : Seq'0.t_seq usize, c : Range'0.t_range usize . ([%#span57] produces'0 a ab b) + -> ([%#span58] produces'0 b bc c) + -> ([%#span59] inv'0 a) + -> ([%#span60] inv'0 b) -> ([%#span61] inv'0 c) -> ([%#span62] produces'0 a (concat'0 ab bc) c) function produces_refl'0 (self : Range'0.t_range usize) : () - axiom produces_refl'0_spec : forall self : Range'0.t_range usize . ([%#span74] inv'0 self) - -> ([%#span75] produces'0 self (empty'0 : Seq'0.t_seq usize) self) + axiom produces_refl'0_spec : forall self : Range'0.t_range usize . ([%#span63] inv'0 self) + -> ([%#span64] produces'0 self (empty'0 : Seq'0.t_seq usize) self) predicate invariant'0 (self : Range'0.t_range usize) = - [%#span37] true + [%#span30] true axiom inv'0 : forall x : Range'0.t_range usize . inv'0 x = true - function empty_len'0 (_1 : ()) : () = - [%#span40] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span39] len'3 (empty'0 : Seq'0.t_seq usize) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span36] len'3 (empty'0 : Seq'0.t_seq usize) = 0 use KnapsackFull_Item_Type as KnapsackFull_Item_Type - use seq.Seq - - function index_logic'7 (self : Seq'0.t_seq (Item'0.t_item name)) (x : int) : Item'0.t_item name + function index_logic'7 (self : Seq'0.t_seq (Item'0.t_item name)) (_2 : int) : Item'0.t_item name function index_logic'4 [@inline:trivial] (self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) (ix : int) : Item'0.t_item name = - [%#span76] index_logic'7 (shallow_model'4 self) ix + [%#span65] index_logic'7 (shallow_model'4 self) ix use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic - use seq.Seq - - use seq.Seq - - function index_logic'3 (self : Seq'0.t_seq (Item'0.t_item name)) (x : int) : Item'0.t_item name + function index_logic'3 (self : Seq'0.t_seq (Item'0.t_item name)) (_2 : int) : Item'0.t_item name function concat'1 (self : Seq'0.t_seq (Item'0.t_item name)) (other : Seq'0.t_seq (Item'0.t_item name)) : Seq'0.t_seq (Item'0.t_item name) - axiom concat'1_spec : forall self : Seq'0.t_seq (Item'0.t_item name), other : Seq'0.t_seq (Item'0.t_item name) . ([%#span41] inv'4 self) - -> ([%#span42] inv'4 other) - -> ([%#span45] inv'4 (concat'1 self other)) - && ([%#span44] forall i : int . 0 <= i /\ i < len'4 (concat'1 self other) + axiom concat'1_spec : forall self : Seq'0.t_seq (Item'0.t_item name), other : Seq'0.t_seq (Item'0.t_item name) . ([%#span38] forall i : int . 0 + <= i + /\ i < len'4 (concat'1 self other) -> index_logic'3 (concat'1 self other) i = (if i < len'4 self then index_logic'3 self i else index_logic'3 other (i - len'4 self))) - && ([%#span43] len'4 (concat'1 self other) = len'4 self + len'4 other) - - use seq.Seq + && ([%#span37] len'4 (concat'1 self other) = len'4 self + len'4 other) function singleton'1 (v : Item'0.t_item name) : Seq'0.t_seq (Item'0.t_item name) - axiom singleton'1_spec : forall v : Item'0.t_item name . ([%#span77] inv'1 v) - -> ([%#span80] inv'4 (singleton'1 v)) - && ([%#span79] index_logic'3 (singleton'1 v) 0 = v) && ([%#span78] len'4 (singleton'1 v) = 1) + axiom singleton'1_spec : forall v : Item'0.t_item name . ([%#span66] inv'1 v) + -> ([%#span68] index_logic'3 (singleton'1 v) 0 = v) && ([%#span67] len'4 (singleton'1 v) = 1) function push'1 [@inline:trivial] (self : Seq'0.t_seq (Item'0.t_item name)) (v : Item'0.t_item name) : Seq'0.t_seq (Item'0.t_item name) = - [%#span81] concat'1 self (singleton'1 v) + [%#span69] concat'1 self (singleton'1 v) function shallow_model'9 (self : borrowed (Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global))) : Seq'0.t_seq (Item'0.t_item name) = - [%#span82] shallow_model'3 ( * self) + [%#span70] shallow_model'3 ( * self) - let rec push'0 (self:borrowed (Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global))) (value:Item'0.t_item name) (return' (ret:()))= {[@expl:precondition] [%#span84] inv'1 value} - {[@expl:precondition] [%#span83] inv'21 self} + let rec push'0 (self:borrowed (Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global))) (value:Item'0.t_item name) (return' (ret:()))= {[@expl:precondition] [%#span72] inv'1 value} + {[@expl:precondition] [%#span71] inv'18 self} any - [ return' (result:())-> {[%#span85] shallow_model'3 ( ^ self) = push'1 (shallow_model'9 self) value} + [ return' (result:())-> {[%#span73] shallow_model'3 ( ^ self) = push'1 (shallow_model'9 self) value} (! return' {result}) ] @@ -1441,7 +1241,7 @@ module KnapsackFull_Knapsack01Dyn axiom subseq_rev'0_def : forall s1 : Seq'0.t_seq (Item'0.t_item name), i1 : int, s2 : Seq'0.t_seq (Item'0.t_item name), i2 : int . subseq_rev'0 s1 i1 s2 i2 - = ([%#span89] if i2 = 0 then + = ([%#span77] if i2 = 0 then i1 = len'4 s1 else i1 < len'4 s1 /\ index_logic'3 s1 i1 = index_logic'7 s2 (i2 - 1) /\ subseq_rev'0 s1 (i1 + 1) s2 (i2 - 1) @@ -1451,7 +1251,7 @@ module KnapsackFull_Knapsack01Dyn function sum_values'0 [#"../knapsack_full.rs" 37 0 37 55] (s : Seq'0.t_seq (Item'0.t_item name)) (i : int) : int axiom sum_values'0_def : forall s : Seq'0.t_seq (Item'0.t_item name), i : int . sum_values'0 s i - = ([%#span92] if i = len'4 s then + = ([%#span80] if i = len'4 s then 0 else UIntSize.to_int (KnapsackFull_Item_Type.item_value (index_logic'3 s i)) + sum_values'0 s (i + 1) @@ -1460,165 +1260,160 @@ module KnapsackFull_Knapsack01Dyn function sum_weights'0 [#"../knapsack_full.rs" 27 0 27 56] (s : Seq'0.t_seq (Item'0.t_item name)) (i : int) : int axiom sum_weights'0_def : forall s : Seq'0.t_seq (Item'0.t_item name), i : int . sum_weights'0 s i - = ([%#span97] if i = len'4 s then + = ([%#span84] if i = len'4 s then 0 else UIntSize.to_int (KnapsackFull_Item_Type.item_weight (index_logic'3 s i)) + sum_weights'0 s (i + 1) ) - axiom sum_weights'0_spec : forall s : Seq'0.t_seq (Item'0.t_item name), i : int . ([%#span93] 0 <= i /\ i <= len'4 s) - -> ([%#span94] inv'4 s) -> ([%#span95] sum_weights'0 s i >= 0) + axiom sum_weights'0_spec : forall s : Seq'0.t_seq (Item'0.t_item name), i : int . ([%#span81] 0 <= i /\ i <= len'4 s) + -> ([%#span82] sum_weights'0 s i >= 0) function index_logic'2 [@inline:trivial] (self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) (ix : int) : Item'0.t_item name = - [%#span76] index_logic'3 (shallow_model'3 self) ix + [%#span65] index_logic'3 (shallow_model'3 self) ix let rec with_capacity'0 (capacity:usize) (return' (ret:Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)))= any - [ return' (result:Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global))-> {[%#span99] inv'5 result} - {[%#span98] len'4 (shallow_model'3 result) = 0} + [ return' (result:Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global))-> {[%#span86] inv'4 result} + {[%#span85] len'4 (shallow_model'3 result) = 0} (! return' {result}) ] predicate resolve'6 (self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) predicate resolve'8 (self : usize) = - [%#span100] true + [%#span87] true function index_logic'5 [@inline:trivial] (self : Vec'0.t_vec usize (Global'0.t_global)) (ix : int) : usize = - [%#span76] index_logic'1 (shallow_model'2 self) ix + [%#span65] index_logic'1 (shallow_model'2 self) ix predicate resolve'7 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span101] forall i : int . 0 <= i /\ i < len'3 (shallow_model'2 self) -> resolve'8 (index_logic'5 self i) - - use seq.Seq + [%#span88] forall i : int . 0 <= i /\ i < len'3 (shallow_model'2 self) -> resolve'8 (index_logic'5 self i) - function index_logic'6 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (x : int) : Vec'0.t_vec usize (Global'0.t_global) + function index_logic'6 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (_2 : int) : Vec'0.t_vec usize (Global'0.t_global) function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) (ix : int) : Vec'0.t_vec usize (Global'0.t_global) = - [%#span76] index_logic'6 (shallow_model'1 self) ix + [%#span65] index_logic'6 (shallow_model'1 self) ix predicate resolve'5 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) = - [%#span101] forall i : int . 0 <= i /\ i < len'2 (shallow_model'1 self) -> resolve'7 (index_logic'0 self i) + [%#span88] forall i : int . 0 <= i /\ i < len'2 (shallow_model'1 self) -> resolve'7 (index_logic'0 self i) predicate resolve'4 (self : borrowed (Vec'0.t_vec usize (Global'0.t_global))) = - [%#span102] ^ self = * self + [%#span89] ^ self = * self predicate resolve'3 (self : borrowed usize) = - [%#span102] ^ self = * self + [%#span89] ^ self = * self use prelude.prelude.Slice predicate resolve_elswhere'1 [@inline:trivial] (self : usize) (old' : Seq'0.t_seq usize) (fin : Seq'0.t_seq usize) = - [%#span103] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'3 old' + [%#span90] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'3 old' -> index_logic'1 old' i = index_logic'1 fin i predicate has_value'2 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq usize) (out : usize) = - [%#span104] index_logic'1 seq (UIntSize.to_int self) = out + [%#span91] index_logic'1 seq (UIntSize.to_int self) = out predicate in_bounds'2 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq usize) = - [%#span105] UIntSize.to_int self < len'3 seq + [%#span92] UIntSize.to_int self < len'3 seq function shallow_model'8 (self : borrowed (Vec'0.t_vec usize (Global'0.t_global))) : Seq'0.t_seq usize = - [%#span82] shallow_model'2 ( * self) + [%#span70] shallow_model'2 ( * self) - let rec index_mut'1 (self:borrowed (Vec'0.t_vec usize (Global'0.t_global))) (index:usize) (return' (ret:borrowed usize))= {[@expl:precondition] [%#span108] inv'6 index} - {[@expl:precondition] [%#span107] inv'19 self} - {[@expl:precondition] [%#span106] in_bounds'2 index (shallow_model'8 self)} + let rec index_mut'1 (self:borrowed (Vec'0.t_vec usize (Global'0.t_global))) (index:usize) (return' (ret:borrowed usize))= {[@expl:precondition] [%#span95] inv'5 index} + {[@expl:precondition] [%#span94] inv'16 self} + {[@expl:precondition] [%#span93] in_bounds'2 index (shallow_model'8 self)} any - [ return' (result:borrowed usize)-> {[%#span113] inv'20 result} - {[%#span112] len'3 (shallow_model'2 ( ^ self)) = len'3 (shallow_model'8 self)} - {[%#span111] resolve_elswhere'1 index (shallow_model'8 self) (shallow_model'2 ( ^ self))} - {[%#span110] has_value'2 index (shallow_model'2 ( ^ self)) ( ^ result)} - {[%#span109] has_value'2 index (shallow_model'8 self) ( * result)} + [ return' (result:borrowed usize)-> {[%#span100] inv'17 result} + {[%#span99] len'3 (shallow_model'2 ( ^ self)) = len'3 (shallow_model'8 self)} + {[%#span98] resolve_elswhere'1 index (shallow_model'8 self) (shallow_model'2 ( ^ self))} + {[%#span97] has_value'2 index (shallow_model'2 ( ^ self)) ( ^ result)} + {[%#span96] has_value'2 index (shallow_model'8 self) ( * result)} (! return' {result}) ] predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (fin : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = - [%#span103] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'2 old' + [%#span90] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'2 old' -> index_logic'6 old' i = index_logic'6 fin i predicate has_value'1 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (out : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span104] index_logic'6 seq (UIntSize.to_int self) = out + [%#span91] index_logic'6 seq (UIntSize.to_int self) = out predicate in_bounds'1 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = - [%#span105] UIntSize.to_int self < len'2 seq + [%#span92] UIntSize.to_int self < len'2 seq function shallow_model'7 (self : borrowed (Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global))) : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) = - [%#span82] shallow_model'1 ( * self) + [%#span70] shallow_model'1 ( * self) - let rec index_mut'0 (self:borrowed (Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global))) (index:usize) (return' (ret:borrowed (Vec'0.t_vec usize (Global'0.t_global))))= {[@expl:precondition] [%#span108] inv'6 index} - {[@expl:precondition] [%#span107] inv'18 self} - {[@expl:precondition] [%#span106] in_bounds'1 index (shallow_model'7 self)} + let rec index_mut'0 (self:borrowed (Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global))) (index:usize) (return' (ret:borrowed (Vec'0.t_vec usize (Global'0.t_global))))= {[@expl:precondition] [%#span95] inv'5 index} + {[@expl:precondition] [%#span94] inv'15 self} + {[@expl:precondition] [%#span93] in_bounds'1 index (shallow_model'7 self)} any - [ return' (result:borrowed (Vec'0.t_vec usize (Global'0.t_global)))-> {[%#span113] inv'19 result} - {[%#span112] len'2 (shallow_model'1 ( ^ self)) = len'2 (shallow_model'7 self)} - {[%#span111] resolve_elswhere'0 index (shallow_model'7 self) (shallow_model'1 ( ^ self))} - {[%#span110] has_value'1 index (shallow_model'1 ( ^ self)) ( ^ result)} - {[%#span109] has_value'1 index (shallow_model'7 self) ( * result)} + [ return' (result:borrowed (Vec'0.t_vec usize (Global'0.t_global)))-> {[%#span100] inv'16 result} + {[%#span99] len'2 (shallow_model'1 ( ^ self)) = len'2 (shallow_model'7 self)} + {[%#span98] resolve_elswhere'0 index (shallow_model'7 self) (shallow_model'1 ( ^ self))} + {[%#span97] has_value'1 index (shallow_model'1 ( ^ self)) ( ^ result)} + {[%#span96] has_value'1 index (shallow_model'7 self) ( * result)} (! return' {result}) ] use int.MinMax let rec max'0 (a:usize) (b:usize) (return' (ret:usize))= any - [ return' (result:usize)-> {[%#span114] UIntSize.to_int result = MinMax.max (UIntSize.to_int a) (UIntSize.to_int b)} + [ return' (result:usize)-> {[%#span101] UIntSize.to_int result = MinMax.max (UIntSize.to_int a) (UIntSize.to_int b)} (! return' {result}) ] function shallow_model'6 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize = - [%#span115] shallow_model'2 self + [%#span102] shallow_model'2 self - let rec index'2 (self:Vec'0.t_vec usize (Global'0.t_global)) (index:usize) (return' (ret:usize))= {[@expl:precondition] [%#span118] inv'6 index} - {[@expl:precondition] [%#span117] inv'16 self} - {[@expl:precondition] [%#span116] in_bounds'2 index (shallow_model'6 self)} + let rec index'2 (self:Vec'0.t_vec usize (Global'0.t_global)) (index:usize) (return' (ret:usize))= {[@expl:precondition] [%#span105] inv'5 index} + {[@expl:precondition] [%#span104] inv'13 self} + {[@expl:precondition] [%#span103] in_bounds'2 index (shallow_model'6 self)} any - [ return' (result:usize)-> {[%#span120] inv'17 result} - {[%#span119] has_value'2 index (shallow_model'6 self) result} + [ return' (result:usize)-> {[%#span107] inv'14 result} + {[%#span106] has_value'2 index (shallow_model'6 self) result} (! return' {result}) ] function shallow_model'5 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) = - [%#span115] shallow_model'1 self + [%#span102] shallow_model'1 self - let rec index'1 (self:Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) (index:usize) (return' (ret:Vec'0.t_vec usize (Global'0.t_global)))= {[@expl:precondition] [%#span118] inv'6 index} - {[@expl:precondition] [%#span117] inv'15 self} - {[@expl:precondition] [%#span116] in_bounds'1 index (shallow_model'5 self)} + let rec index'1 (self:Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) (index:usize) (return' (ret:Vec'0.t_vec usize (Global'0.t_global)))= {[@expl:precondition] [%#span105] inv'5 index} + {[@expl:precondition] [%#span104] inv'12 self} + {[@expl:precondition] [%#span103] in_bounds'1 index (shallow_model'5 self)} any - [ return' (result:Vec'0.t_vec usize (Global'0.t_global))-> {[%#span120] inv'16 result} - {[%#span119] has_value'1 index (shallow_model'5 self) result} + [ return' (result:Vec'0.t_vec usize (Global'0.t_global))-> {[%#span107] inv'13 result} + {[%#span106] has_value'1 index (shallow_model'5 self) result} (! return' {result}) ] predicate resolve'2 (self : borrowed (RangeInclusive'0.t_rangeinclusive usize)) = - [%#span102] ^ self = * self - - use seq.Seq + [%#span89] ^ self = * self function singleton'0 (v : usize) : Seq'0.t_seq usize - axiom singleton'0_spec : forall v : usize . ([%#span77] inv'6 v) - -> ([%#span80] inv'9 (singleton'0 v)) - && ([%#span79] index_logic'1 (singleton'0 v) 0 = v) && ([%#span78] len'3 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : usize . ([%#span66] inv'5 v) + -> ([%#span68] index_logic'1 (singleton'0 v) 0 = v) && ([%#span67] len'3 (singleton'0 v) = 1) predicate completed'1 (self : borrowed (RangeInclusive'0.t_rangeinclusive usize)) = - [%#span121] is_empty_log'0 ( * self) /\ is_empty_log'0 ( ^ self) + [%#span108] is_empty_log'0 ( * self) /\ is_empty_log'0 ( ^ self) - let rec next'1 (self:borrowed (RangeInclusive'0.t_rangeinclusive usize)) (return' (ret:Option'0.t_option usize))= {[@expl:precondition] [%#span122] inv'14 self} + let rec next'1 (self:borrowed (RangeInclusive'0.t_rangeinclusive usize)) (return' (ret:Option'0.t_option usize))= {[@expl:precondition] [%#span109] inv'11 self} any - [ return' (result:Option'0.t_option usize)-> {[%#span124] inv'13 result} - {[%#span123] match result with + [ return' (result:Option'0.t_option usize)-> {[%#span111] inv'10 result} + {[%#span110] match result with | Option'0.C_None -> completed'1 self | Option'0.C_Some v -> produces'1 ( * self) (singleton'0 v) ( ^ self) end} @@ -1634,32 +1429,32 @@ module KnapsackFull_Knapsack01Dyn function new'3 (x : RangeInclusive'0.t_rangeinclusive usize) : Snapshot'0.t_snapshot (RangeInclusive'0.t_rangeinclusive usize) - axiom new'3_spec : forall x : RangeInclusive'0.t_rangeinclusive usize . ([%#span125] inv'2 x) - -> ([%#span126] deref'2 (new'3 x) = x) + axiom new'3_spec : forall x : RangeInclusive'0.t_rangeinclusive usize . ([%#span112] inv'2 x) + -> ([%#span113] deref'2 (new'3 x) = x) predicate into_iter_post'1 (self : RangeInclusive'0.t_rangeinclusive usize) (res : RangeInclusive'0.t_rangeinclusive usize) = - [%#span127] self = res + [%#span114] self = res predicate into_iter_pre'1 (self : RangeInclusive'0.t_rangeinclusive usize) = - [%#span128] true + [%#span115] true - let rec into_iter'1 (self:RangeInclusive'0.t_rangeinclusive usize) (return' (ret:RangeInclusive'0.t_rangeinclusive usize))= {[@expl:precondition] [%#span130] inv'2 self} - {[@expl:precondition] [%#span129] into_iter_pre'1 self} + let rec into_iter'1 (self:RangeInclusive'0.t_rangeinclusive usize) (return' (ret:RangeInclusive'0.t_rangeinclusive usize))= {[@expl:precondition] [%#span117] inv'2 self} + {[@expl:precondition] [%#span116] into_iter_pre'1 self} any - [ return' (result:RangeInclusive'0.t_rangeinclusive usize)-> {[%#span131] inv'2 result} - {[%#span129] into_iter_post'1 self result} + [ return' (result:RangeInclusive'0.t_rangeinclusive usize)-> {[%#span118] inv'2 result} + {[%#span116] into_iter_post'1 self result} (! return' {result}) ] - let rec new'2 (start:usize) (end':usize) (return' (ret:RangeInclusive'0.t_rangeinclusive usize))= {[@expl:precondition] [%#span133] inv'6 end'} - {[@expl:precondition] [%#span132] inv'6 start} + let rec new'2 (start:usize) (end':usize) (return' (ret:RangeInclusive'0.t_rangeinclusive usize))= {[@expl:precondition] [%#span120] inv'5 end'} + {[@expl:precondition] [%#span119] inv'5 start} any - [ return' (result:RangeInclusive'0.t_rangeinclusive usize)-> {[%#span137] inv'2 result} - {[%#span136] deep_model'0 start <= deep_model'0 end' -> not is_empty_log'0 result} - {[%#span135] end_log'0 result = end'} - {[%#span134] start_log'0 result = start} + [ return' (result:RangeInclusive'0.t_rangeinclusive usize)-> {[%#span124] inv'2 result} + {[%#span123] deep_model'0 start <= deep_model'0 end' -> not is_empty_log'0 result} + {[%#span122] end_log'0 result = end'} + {[%#span121] start_log'0 result = start} (! return' {result}) ] @@ -1668,37 +1463,37 @@ module KnapsackFull_Knapsack01Dyn predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq (Item'0.t_item name)) (out : Item'0.t_item name) = - [%#span104] index_logic'7 seq (UIntSize.to_int self) = out + [%#span91] index_logic'7 seq (UIntSize.to_int self) = out predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq (Item'0.t_item name)) = - [%#span105] UIntSize.to_int self < len'1 seq + [%#span92] UIntSize.to_int self < len'1 seq function shallow_model'0 (self : Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) : Seq'0.t_seq (Item'0.t_item name) = - [%#span115] shallow_model'4 self + [%#span102] shallow_model'4 self - let rec index'0 (self:Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) (index:usize) (return' (ret:Item'0.t_item name))= {[@expl:precondition] [%#span118] inv'6 index} - {[@expl:precondition] [%#span117] inv'3 self} - {[@expl:precondition] [%#span116] in_bounds'0 index (shallow_model'0 self)} + let rec index'0 (self:Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) (index:usize) (return' (ret:Item'0.t_item name))= {[@expl:precondition] [%#span105] inv'5 index} + {[@expl:precondition] [%#span104] inv'3 self} + {[@expl:precondition] [%#span103] in_bounds'0 index (shallow_model'0 self)} any - [ return' (result:Item'0.t_item name)-> {[%#span120] inv'1 result} - {[%#span119] has_value'0 index (shallow_model'0 self) result} + [ return' (result:Item'0.t_item name)-> {[%#span107] inv'1 result} + {[%#span106] has_value'0 index (shallow_model'0 self) result} (! return' {result}) ] predicate resolve'0 (self : borrowed (Range'0.t_range usize)) = - [%#span102] ^ self = * self + [%#span89] ^ self = * self predicate completed'0 (self : borrowed (Range'0.t_range usize)) = - [%#span138] resolve'0 self + [%#span125] resolve'0 self /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start ( * self)) >= deep_model'0 (Core_Ops_Range_Range_Type.range_end ( * self)) - let rec next'0 (self:borrowed (Range'0.t_range usize)) (return' (ret:Option'0.t_option usize))= {[@expl:precondition] [%#span139] inv'12 self} + let rec next'0 (self:borrowed (Range'0.t_range usize)) (return' (ret:Option'0.t_option usize))= {[@expl:precondition] [%#span126] inv'9 self} any - [ return' (result:Option'0.t_option usize)-> {[%#span140] inv'13 result} - {[%#span123] match result with + [ return' (result:Option'0.t_option usize)-> {[%#span127] inv'10 result} + {[%#span110] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} @@ -1708,7 +1503,7 @@ module KnapsackFull_Knapsack01Dyn function m'0 [#"../knapsack_full.rs" 66 0 66 57] (items : Seq'0.t_seq (Item'0.t_item name)) (i : int) (w : int) : int axiom m'0_def : forall items : Seq'0.t_seq (Item'0.t_item name), i : int, w : int . m'0 items i w - = ([%#span147] if i = 0 then + = ([%#span133] if i = 0 then 0 else if UIntSize.to_int (KnapsackFull_Item_Type.item_weight (index_logic'7 items (i - 1))) > w then @@ -1720,14 +1515,12 @@ module KnapsackFull_Knapsack01Dyn ) - axiom m'0_spec : forall items : Seq'0.t_seq (Item'0.t_item name), i : int, w : int . ([%#span141] 0 <= i + axiom m'0_spec : forall items : Seq'0.t_seq (Item'0.t_item name), i : int, w : int . ([%#span128] 0 <= i /\ i <= len'1 items) - -> ([%#span142] 0 <= w) - -> ([%#span143] inv'10 items) - -> ([%#span145] forall j : int . forall s : Seq'0.t_seq (Item'0.t_item name) . inv'4 s - -> 0 <= j /\ j <= len'4 s /\ subseq_rev'0 s j items i /\ sum_weights'0 s j <= w - -> sum_values'0 s j <= m'0 items i w) - && ([%#span144] m'0 items i w >= 0) + -> ([%#span129] 0 <= w) + -> ([%#span131] forall j : int . forall s : Seq'0.t_seq (Item'0.t_item name) . 0 <= j + /\ j <= len'4 s /\ subseq_rev'0 s j items i /\ sum_weights'0 s j <= w -> sum_values'0 s j <= m'0 items i w) + && ([%#span130] m'0 items i w >= 0) function deref'0 (self : Snapshot'0.t_snapshot (Seq'0.t_seq usize)) : Seq'0.t_seq usize @@ -1739,45 +1532,45 @@ module KnapsackFull_Knapsack01Dyn function new'1 (x : Seq'0.t_seq usize) : Snapshot'0.t_snapshot (Seq'0.t_seq usize) - axiom new'1_spec : forall x : Seq'0.t_seq usize . ([%#span125] inv'9 x) -> ([%#span126] deref'0 (new'1 x) = x) + axiom new'1_spec : forall x : Seq'0.t_seq usize . ([%#span112] inv'8 x) -> ([%#span113] deref'0 (new'1 x) = x) function new'0 (x : Range'0.t_range usize) : Snapshot'0.t_snapshot (Range'0.t_range usize) - axiom new'0_spec : forall x : Range'0.t_range usize . ([%#span125] inv'0 x) -> ([%#span126] deref'1 (new'0 x) = x) + axiom new'0_spec : forall x : Range'0.t_range usize . ([%#span112] inv'0 x) -> ([%#span113] deref'1 (new'0 x) = x) predicate into_iter_post'0 (self : Range'0.t_range usize) (res : Range'0.t_range usize) = - [%#span127] self = res + [%#span114] self = res predicate into_iter_pre'0 (self : Range'0.t_range usize) = - [%#span128] true + [%#span115] true - let rec into_iter'0 (self:Range'0.t_range usize) (return' (ret:Range'0.t_range usize))= {[@expl:precondition] [%#span130] inv'0 self} - {[@expl:precondition] [%#span129] into_iter_pre'0 self} + let rec into_iter'0 (self:Range'0.t_range usize) (return' (ret:Range'0.t_range usize))= {[@expl:precondition] [%#span117] inv'0 self} + {[@expl:precondition] [%#span116] into_iter_pre'0 self} any - [ return' (result:Range'0.t_range usize)-> {[%#span131] inv'0 result} - {[%#span129] into_iter_post'0 self result} + [ return' (result:Range'0.t_range usize)-> {[%#span118] inv'0 result} + {[%#span116] into_iter_post'0 self result} (! return' {result}) ] - let rec from_elem'1 (elem:Vec'0.t_vec usize (Global'0.t_global)) (n:usize) (return' (ret:Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)))= {[@expl:precondition] [%#span148] inv'7 elem} + let rec from_elem'1 (elem:Vec'0.t_vec usize (Global'0.t_global)) (n:usize) (return' (ret:Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)))= {[@expl:precondition] [%#span134] inv'6 elem} any - [ return' (result:Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global))-> {[%#span151] inv'8 result} - {[%#span150] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'0 result i = elem} - {[%#span149] len'2 (shallow_model'1 result) = UIntSize.to_int n} + [ return' (result:Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global))-> {[%#span137] inv'7 result} + {[%#span136] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'0 result i = elem} + {[%#span135] len'2 (shallow_model'1 result) = UIntSize.to_int n} (! return' {result}) ] - let rec len'0 (self:Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span152] inv'3 self} + let rec len'0 (self:Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span138] inv'3 self} any - [ return' (result:usize)-> {[%#span153] UIntSize.to_int result = len'1 (shallow_model'0 self)} + [ return' (result:usize)-> {[%#span139] UIntSize.to_int result = len'1 (shallow_model'0 self)} (! return' {result}) ] - let rec from_elem'0 (elem:usize) (n:usize) (return' (ret:Vec'0.t_vec usize (Global'0.t_global)))= {[@expl:precondition] [%#span148] inv'6 elem} + let rec from_elem'0 (elem:usize) (n:usize) (return' (ret:Vec'0.t_vec usize (Global'0.t_global)))= {[@expl:precondition] [%#span134] inv'5 elem} any - [ return' (result:Vec'0.t_vec usize (Global'0.t_global))-> {[%#span151] inv'7 result} - {[%#span150] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'5 result i = elem} - {[%#span149] len'3 (shallow_model'2 result) = UIntSize.to_int n} + [ return' (result:Vec'0.t_vec usize (Global'0.t_global))-> {[%#span137] inv'6 result} + {[%#span136] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'5 result i = elem} + {[%#span135] len'3 (shallow_model'2 result) = UIntSize.to_int n} (! return' {result}) ] @@ -2039,21 +1832,21 @@ module KnapsackFull_Knapsack01Dyn | bb54 = bb55 | bb55 = bb56 | bb56 = bb56 - [ bb56 = {[@expl:loop invariant] [%#sknapsack_full18] forall r : Seq'0.t_seq (Item'0.t_item name) . inv'4 r - -> len'4 (shallow_model'3 result) <= len'4 r + [ bb56 = {[@expl:loop invariant] [%#sknapsack_full18] forall r : Seq'0.t_seq (Item'0.t_item name) . len'4 (shallow_model'3 result) + <= len'4 r /\ (forall i : int . 0 <= i /\ i < len'4 (shallow_model'3 result) -> index_logic'2 result i = index_logic'3 r i) /\ subseq_rev'0 r (len'4 (shallow_model'3 result)) (shallow_model'0 items) (UIntSize.to_int j) -> subseq_rev'0 r 0 (shallow_model'0 items) (len'1 (shallow_model'0 items))} - {[@expl:loop invariant] [%#sknapsack_full18] forall r : Seq'0.t_seq (Item'0.t_item name) . inv'4 r - -> len'4 (shallow_model'3 result) <= len'4 r + {[@expl:loop invariant] [%#sknapsack_full18] forall r : Seq'0.t_seq (Item'0.t_item name) . len'4 (shallow_model'3 result) + <= len'4 r /\ (forall i : int . 0 <= i /\ i < len'4 (shallow_model'3 result) -> index_logic'2 result i = index_logic'3 r i) /\ sum_values'0 r (len'4 (shallow_model'3 result)) = m'0 (shallow_model'0 items) (UIntSize.to_int j) (UIntSize.to_int left_weight) -> sum_values'0 r 0 = m'0 (shallow_model'0 items) (len'1 (shallow_model'0 items)) (UIntSize.to_int max_weight)} - {[@expl:loop invariant] [%#sknapsack_full18] forall r : Seq'0.t_seq (Item'0.t_item name) . inv'4 r - -> len'4 (shallow_model'3 result) <= len'4 r + {[@expl:loop invariant] [%#sknapsack_full18] forall r : Seq'0.t_seq (Item'0.t_item name) . len'4 (shallow_model'3 result) + <= len'4 r /\ (forall i : int . 0 <= i /\ i < len'4 (shallow_model'3 result) -> index_logic'2 result i = index_logic'3 r i) /\ sum_weights'0 r (len'4 (shallow_model'3 result)) <= UIntSize.to_int left_weight @@ -2095,7 +1888,7 @@ module KnapsackFull_Knapsack01Dyn [ &_138 <- _ret' ] [ &result <- ^ _138 ] s1) - | s1 = -{inv'5 ( ^ _138)}- s2 + | s1 = -{inv'4 ( ^ _138)}- s2 | s2 = push'0 {_138} {it1} (fun (_ret':()) -> [ &_137 <- _ret' ] s3) | s3 = bb65 ] @@ -2184,9 +1977,8 @@ module KnapsackFull_Knapsack01Dyn | & _137 : () = any_l () | & _138 : borrowed (Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global)) = any_l () ] - [ return' (result:Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global))-> {[@expl:postcondition] [%#sknapsack_full29] inv'5 result} - {[@expl:postcondition] [%#sknapsack_full28] forall s : Seq'0.t_seq (Item'0.t_item name) . inv'4 s - -> subseq_rev'0 s 0 (shallow_model'0 items) (len'1 (shallow_model'0 items)) + [ return' (result:Vec'0.t_vec (Item'0.t_item name) (Global'0.t_global))-> {[@expl:postcondition] [%#sknapsack_full29] inv'4 result} + {[@expl:postcondition] [%#sknapsack_full28] forall s : Seq'0.t_seq (Item'0.t_item name) . subseq_rev'0 s 0 (shallow_model'0 items) (len'1 (shallow_model'0 items)) /\ sum_weights'0 s (len'4 s) <= UIntSize.to_int max_weight -> sum_values'0 s (len'4 s) <= sum_values'0 (shallow_model'3 result) (len'4 (shallow_model'3 result))} {[@expl:postcondition] [%#sknapsack_full27] subseq_rev'0 (shallow_model'3 result) 0 (shallow_model'0 items) (len'1 (shallow_model'0 items))} diff --git a/creusot/tests/should_succeed/list_reversal_lasso.coma b/creusot/tests/should_succeed/list_reversal_lasso.coma index 8eda9eb9c0..98f177d2d7 100644 --- a/creusot/tests/should_succeed/list_reversal_lasso.coma +++ b/creusot/tests/should_succeed/list_reversal_lasso.coma @@ -125,22 +125,7 @@ module ListReversalLasso_Memory_Type end end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module ListReversalLasso_Impl1_Index let%span slist_reversal_lasso0 = "../list_reversal_lasso.rs" 28 15 28 34 @@ -151,45 +136,37 @@ module ListReversalLasso_Impl1_Index let%span span3 = "" 0 0 0 0 - let%span span4 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span4 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span5 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span5 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span6 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span6 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span7 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span7 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span8 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span8 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span9 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span9 = "../../../../creusot-contracts/src/logic/ops.rs" 31 8 31 32 - let%span span10 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span10 = "../list_reversal_lasso.rs" 21 8 21 31 - let%span span11 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span11 = "../list_reversal_lasso.rs" 50 20 50 70 - let%span span12 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span12 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span13 = "../../../../creusot-contracts/src/logic/ops.rs" 31 8 31 32 + let%span span13 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span14 = "../list_reversal_lasso.rs" 21 8 21 31 + let%span span14 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span15 = "../list_reversal_lasso.rs" 50 20 50 70 + let%span span15 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 - let%span span16 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span16 = "" 0 0 0 0 - let%span span17 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span17 = "" 0 0 0 0 - let%span span18 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span18 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 - let%span span19 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 - - let%span span20 = "" 0 0 0 0 - - let%span span21 = "" 0 0 0 0 - - let%span span22 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 - - let%span span23 = "" 0 0 0 0 + let%span span19 = "" 0 0 0 0 use prelude.prelude.UIntSize @@ -212,33 +189,27 @@ module ListReversalLasso_Impl1_Index constant max'0 : usize = [%#span3] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq usize) : int - axiom len'0_spec : forall self : Seq'0.t_seq usize . ([%#span4] inv'4 self) -> ([%#span5] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq usize . [%#span4] len'0 self >= 0 predicate inv'3 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'1 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'1_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span6] inv'3 self) - -> ([%#span8] inv'4 (shallow_model'1 self)) - && ([%#span7] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'1_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span5] inv'3 self) + -> ([%#span6] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'3 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span9] inv'4 (shallow_model'1 self) + [%#span7] inv'4 (shallow_model'1 self) axiom inv'3 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'3 x = true - constant empty'0 : Seq'0.t_seq usize = [%#span10] () + constant empty'0 : Seq'0.t_seq usize - function empty_len'0 (_1 : ()) : () = - [%#span12] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span11] len'0 (empty'0 : Seq'0.t_seq usize) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span8] len'0 (empty'0 : Seq'0.t_seq usize) = 0 predicate invariant'2 (self : usize) = [%#span2] true @@ -261,22 +232,20 @@ module ListReversalLasso_Impl1_Index axiom inv'0 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'0 x = true - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'2 (self : Seq'0.t_seq usize) (_2 : int) : usize function index_logic'1 [@inline:trivial] (self : Vec'0.t_vec usize (Global'0.t_global)) (ix : usize) : usize = - [%#span13] index_logic'2 (shallow_model'1 self) (UIntSize.to_int ix) + [%#span9] index_logic'2 (shallow_model'1 self) (UIntSize.to_int ix) use ListReversalLasso_Memory_Type as ListReversalLasso_Memory_Type use ListReversalLasso_Memory_Type as Memory'0 function index_logic'0 [#"../list_reversal_lasso.rs" 20 4 20 39] (self : Memory'0.t_memory) (i : usize) : usize = - [%#span14] index_logic'1 (ListReversalLasso_Memory_Type.memory_0 self) i + [%#span10] index_logic'1 (ListReversalLasso_Memory_Type.memory_0 self) i predicate nonnull_ptr'0 [#"../list_reversal_lasso.rs" 49 4 49 44] (self : Memory'0.t_memory) (i : usize) = - [%#span15] len'0 (shallow_model'1 (ListReversalLasso_Memory_Type.memory_0 self)) <= UIntSize.to_int (max'0 : usize) + [%#span11] len'0 (shallow_model'1 (ListReversalLasso_Memory_Type.memory_0 self)) <= UIntSize.to_int (max'0 : usize) /\ UIntSize.to_int i < len'0 (shallow_model'1 (ListReversalLasso_Memory_Type.memory_0 self)) use prelude.prelude.Intrinsic @@ -286,20 +255,20 @@ module ListReversalLasso_Impl1_Index use prelude.prelude.Slice predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq usize) (out : usize) = - [%#span16] index_logic'2 seq (UIntSize.to_int self) = out + [%#span12] index_logic'2 seq (UIntSize.to_int self) = out predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq usize) = - [%#span17] UIntSize.to_int self < len'0 seq + [%#span13] UIntSize.to_int self < len'0 seq function shallow_model'0 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize = - [%#span18] shallow_model'1 self + [%#span14] shallow_model'1 self - let rec index'0 (self:Vec'0.t_vec usize (Global'0.t_global)) (index:usize) (return' (ret:usize))= {[@expl:precondition] [%#span21] inv'1 index} - {[@expl:precondition] [%#span20] inv'0 self} - {[@expl:precondition] [%#span19] in_bounds'0 index (shallow_model'0 self)} + let rec index'0 (self:Vec'0.t_vec usize (Global'0.t_global)) (index:usize) (return' (ret:usize))= {[@expl:precondition] [%#span17] inv'1 index} + {[@expl:precondition] [%#span16] inv'0 self} + {[@expl:precondition] [%#span15] in_bounds'0 index (shallow_model'0 self)} any - [ return' (result:usize)-> {[%#span23] inv'2 result} - {[%#span22] has_value'0 index (shallow_model'0 self) result} + [ return' (result:usize)-> {[%#span19] inv'2 result} + {[%#span18] has_value'0 index (shallow_model'0 self) result} (! return' {result}) ] @@ -338,55 +307,47 @@ module ListReversalLasso_Impl2_IndexMut let%span span6 = "" 0 0 0 0 - let%span span7 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span8 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span9 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span7 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span10 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span8 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span11 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span9 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span12 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - - let%span span13 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span10 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span14 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span11 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span15 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span16 = "../../../../creusot-contracts/src/logic/ops.rs" 31 8 31 32 + let%span span12 = "../../../../creusot-contracts/src/logic/ops.rs" 31 8 31 32 - let%span span17 = "../list_reversal_lasso.rs" 21 8 21 31 + let%span span13 = "../list_reversal_lasso.rs" 21 8 21 31 - let%span span18 = "../list_reversal_lasso.rs" 50 20 50 70 + let%span span14 = "../list_reversal_lasso.rs" 50 20 50 70 - let%span span19 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span15 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span20 = "../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 + let%span span16 = "../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 - let%span span21 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span17 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span22 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span18 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span23 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span19 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span24 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 + let%span span20 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 - let%span span25 = "" 0 0 0 0 + let%span span21 = "" 0 0 0 0 - let%span span26 = "" 0 0 0 0 + let%span span22 = "" 0 0 0 0 - let%span span27 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 + let%span span23 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 - let%span span28 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 + let%span span24 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 - let%span span29 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 + let%span span25 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 - let%span span30 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 + let%span span26 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 - let%span span31 = "" 0 0 0 0 + let%span span27 = "" 0 0 0 0 use prelude.prelude.UIntSize @@ -409,24 +370,19 @@ module ListReversalLasso_Impl2_IndexMut constant max'0 : usize = [%#span6] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq usize) : int - axiom len'0_spec : forall self : Seq'0.t_seq usize . ([%#span7] inv'4 self) -> ([%#span8] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq usize . [%#span7] len'0 self >= 0 predicate inv'3 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span9] inv'3 self) - -> ([%#span11] inv'4 (shallow_model'0 self)) - && ([%#span10] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span8] inv'3 self) + -> ([%#span9] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'3 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span12] inv'4 (shallow_model'0 self) + [%#span10] inv'4 (shallow_model'0 self) axiom inv'3 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'3 x = true @@ -453,63 +409,60 @@ module ListReversalLasso_Impl2_IndexMut axiom inv'0 : forall x : borrowed (Vec'0.t_vec usize (Global'0.t_global)) . inv'0 x = true - constant empty'0 : Seq'0.t_seq usize = [%#span13] () + constant empty'0 : Seq'0.t_seq usize - function empty_len'0 (_1 : ()) : () = - [%#span15] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span14] len'0 (empty'0 : Seq'0.t_seq usize) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span11] len'0 (empty'0 : Seq'0.t_seq usize) = 0 use ListReversalLasso_Memory_Type as ListReversalLasso_Memory_Type - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'2 (self : Seq'0.t_seq usize) (_2 : int) : usize function index_logic'1 [@inline:trivial] (self : Vec'0.t_vec usize (Global'0.t_global)) (ix : usize) : usize = - [%#span16] index_logic'2 (shallow_model'0 self) (UIntSize.to_int ix) + [%#span12] index_logic'2 (shallow_model'0 self) (UIntSize.to_int ix) use ListReversalLasso_Memory_Type as Memory'0 function index_logic'0 [#"../list_reversal_lasso.rs" 20 4 20 39] (self : Memory'0.t_memory) (i : usize) : usize = - [%#span17] index_logic'1 (ListReversalLasso_Memory_Type.memory_0 self) i + [%#span13] index_logic'1 (ListReversalLasso_Memory_Type.memory_0 self) i predicate nonnull_ptr'0 [#"../list_reversal_lasso.rs" 49 4 49 44] (self : Memory'0.t_memory) (i : usize) = - [%#span18] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) <= UIntSize.to_int (max'0 : usize) + [%#span14] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) <= UIntSize.to_int (max'0 : usize) /\ UIntSize.to_int i < len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) use prelude.prelude.Intrinsic predicate resolve'1 (self : borrowed (Memory'0.t_memory)) = - [%#span19] ^ self = * self + [%#span15] ^ self = * self predicate resolve'0 (self : borrowed usize) = - [%#span19] ^ self = * self + [%#span15] ^ self = * self use prelude.prelude.Slice predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq'0.t_seq usize) (fin : Seq'0.t_seq usize) = - [%#span20] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'0 old' + [%#span16] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'0 old' -> index_logic'2 old' i = index_logic'2 fin i predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq usize) (out : usize) = - [%#span21] index_logic'2 seq (UIntSize.to_int self) = out + [%#span17] index_logic'2 seq (UIntSize.to_int self) = out predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq usize) = - [%#span22] UIntSize.to_int self < len'0 seq + [%#span18] UIntSize.to_int self < len'0 seq function shallow_model'1 (self : borrowed (Vec'0.t_vec usize (Global'0.t_global))) : Seq'0.t_seq usize = - [%#span23] shallow_model'0 ( * self) + [%#span19] shallow_model'0 ( * self) - let rec index_mut'0 (self:borrowed (Vec'0.t_vec usize (Global'0.t_global))) (index:usize) (return' (ret:borrowed usize))= {[@expl:precondition] [%#span26] inv'1 index} - {[@expl:precondition] [%#span25] inv'0 self} - {[@expl:precondition] [%#span24] in_bounds'0 index (shallow_model'1 self)} + let rec index_mut'0 (self:borrowed (Vec'0.t_vec usize (Global'0.t_global))) (index:usize) (return' (ret:borrowed usize))= {[@expl:precondition] [%#span22] inv'1 index} + {[@expl:precondition] [%#span21] inv'0 self} + {[@expl:precondition] [%#span20] in_bounds'0 index (shallow_model'1 self)} any - [ return' (result:borrowed usize)-> {[%#span31] inv'2 result} - {[%#span30] len'0 (shallow_model'0 ( ^ self)) = len'0 (shallow_model'1 self)} - {[%#span29] resolve_elswhere'0 index (shallow_model'1 self) (shallow_model'0 ( ^ self))} - {[%#span28] has_value'0 index (shallow_model'0 ( ^ self)) ( ^ result)} - {[%#span27] has_value'0 index (shallow_model'1 self) ( * result)} + [ return' (result:borrowed usize)-> {[%#span27] inv'2 result} + {[%#span26] len'0 (shallow_model'0 ( ^ self)) = len'0 (shallow_model'1 self)} + {[%#span25] resolve_elswhere'0 index (shallow_model'1 self) (shallow_model'0 ( ^ self))} + {[%#span24] has_value'0 index (shallow_model'0 ( ^ self)) ( ^ result)} + {[%#span23] has_value'0 index (shallow_model'1 self) ( * result)} (! return' {result}) ] @@ -584,53 +537,45 @@ module ListReversalLasso_Impl4_ListReversalSafe let%span span8 = "" 0 0 0 0 - let%span span9 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span10 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span11 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - - let%span span12 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - - let%span span13 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span9 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span14 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span10 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span15 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span11 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span16 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span12 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span17 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span13 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span18 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span14 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span19 = "../../../../creusot-contracts/src/logic/ops.rs" 31 8 31 32 + let%span span15 = "../../../../creusot-contracts/src/logic/ops.rs" 31 8 31 32 - let%span span20 = "../list_reversal_lasso.rs" 21 8 21 31 + let%span span16 = "../list_reversal_lasso.rs" 21 8 21 31 - let%span span21 = "../list_reversal_lasso.rs" 50 20 50 70 + let%span span17 = "../list_reversal_lasso.rs" 50 20 50 70 - let%span span22 = "../list_reversal_lasso.rs" 36 15 36 34 + let%span span18 = "../list_reversal_lasso.rs" 36 15 36 34 - let%span span23 = "../list_reversal_lasso.rs" 37 14 37 47 + let%span span19 = "../list_reversal_lasso.rs" 37 14 37 47 - let%span span24 = "../list_reversal_lasso.rs" 38 14 38 47 + let%span span20 = "../list_reversal_lasso.rs" 38 14 38 47 - let%span span25 = "../list_reversal_lasso.rs" 39 14 39 47 + let%span span21 = "../list_reversal_lasso.rs" 39 14 39 47 - let%span span26 = "../list_reversal_lasso.rs" 40 4 40 113 + let%span span22 = "../list_reversal_lasso.rs" 40 4 40 113 - let%span span27 = "../list_reversal_lasso.rs" 28 15 28 34 + let%span span23 = "../list_reversal_lasso.rs" 28 15 28 34 - let%span span28 = "../list_reversal_lasso.rs" 29 14 29 44 + let%span span24 = "../list_reversal_lasso.rs" 29 14 29 44 - let%span span29 = "../list_reversal_lasso.rs" 13 0 13 15 + let%span span25 = "../list_reversal_lasso.rs" 13 0 13 15 - let%span span30 = "../list_reversal_lasso.rs" 56 8 58 9 + let%span span26 = "../list_reversal_lasso.rs" 56 8 58 9 - let%span span31 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span27 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span32 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span28 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 use prelude.prelude.UIntSize @@ -653,33 +598,27 @@ module ListReversalLasso_Impl4_ListReversalSafe constant max'0 : usize = [%#span8] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq usize) : int - axiom len'0_spec : forall self : Seq'0.t_seq usize . ([%#span9] inv'2 self) -> ([%#span10] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq usize . [%#span9] len'0 self >= 0 predicate inv'1 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span11] inv'1 self) - -> ([%#span13] inv'2 (shallow_model'0 self)) - && ([%#span12] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span10] inv'1 self) + -> ([%#span11] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'1 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span14] inv'2 (shallow_model'0 self) + [%#span12] inv'2 (shallow_model'0 self) axiom inv'1 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'1 x = true - constant empty'0 : Seq'0.t_seq usize = [%#span15] () + constant empty'0 : Seq'0.t_seq usize - function empty_len'0 (_1 : ()) : () = - [%#span17] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span16] len'0 (empty'0 : Seq'0.t_seq usize) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span13] len'0 (empty'0 : Seq'0.t_seq usize) = 0 use ListReversalLasso_Memory_Type as Memory'0 @@ -697,53 +636,51 @@ module ListReversalLasso_Impl4_ListReversalSafe use prelude.prelude.Intrinsic predicate resolve'1 (self : borrowed (Memory'0.t_memory)) = - [%#span18] ^ self = * self + [%#span14] ^ self = * self predicate resolve'0 (self : borrowed usize) = - [%#span18] ^ self = * self + [%#span14] ^ self = * self use ListReversalLasso_Memory_Type as ListReversalLasso_Memory_Type - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'2 (self : Seq'0.t_seq usize) (_2 : int) : usize function index_logic'1 [@inline:trivial] (self : Vec'0.t_vec usize (Global'0.t_global)) (ix : usize) : usize = - [%#span19] index_logic'2 (shallow_model'0 self) (UIntSize.to_int ix) + [%#span15] index_logic'2 (shallow_model'0 self) (UIntSize.to_int ix) function index_logic'0 [#"../list_reversal_lasso.rs" 20 4 20 39] (self : Memory'0.t_memory) (i : usize) : usize = - [%#span20] index_logic'1 (ListReversalLasso_Memory_Type.memory_0 self) i + [%#span16] index_logic'1 (ListReversalLasso_Memory_Type.memory_0 self) i predicate nonnull_ptr'0 [#"../list_reversal_lasso.rs" 49 4 49 44] (self : Memory'0.t_memory) (i : usize) = - [%#span21] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) <= UIntSize.to_int (max'0 : usize) + [%#span17] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) <= UIntSize.to_int (max'0 : usize) /\ UIntSize.to_int i < len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) - let rec index_mut'0 (self:borrowed (Memory'0.t_memory)) (i:usize) (return' (ret:borrowed usize))= {[@expl:precondition] [%#span22] nonnull_ptr'0 ( * self) i} + let rec index_mut'0 (self:borrowed (Memory'0.t_memory)) (i:usize) (return' (ret:borrowed usize))= {[@expl:precondition] [%#span18] nonnull_ptr'0 ( * self) i} any - [ return' (result:borrowed usize)-> {[%#span26] forall j : usize . nonnull_ptr'0 ( * self) j /\ i <> j + [ return' (result:borrowed usize)-> {[%#span22] forall j : usize . nonnull_ptr'0 ( * self) j /\ i <> j -> index_logic'0 ( ^ self) j = index_logic'0 ( * self) j} - {[%#span25] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 ( * self))) + {[%#span21] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 ( * self))) = len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 ( ^ self)))} - {[%#span24] ^ result = index_logic'0 ( ^ self) i} - {[%#span23] * result = index_logic'0 ( * self) i} + {[%#span20] ^ result = index_logic'0 ( ^ self) i} + {[%#span19] * result = index_logic'0 ( * self) i} (! return' {result}) ] - let rec index'0 (self:Memory'0.t_memory) (i:usize) (return' (ret:usize))= {[@expl:precondition] [%#span27] nonnull_ptr'0 self i} - any [ return' (result:usize)-> {[%#span28] result = index_logic'0 self i} (! return' {result}) ] + let rec index'0 (self:Memory'0.t_memory) (i:usize) (return' (ret:usize))= {[@expl:precondition] [%#span23] nonnull_ptr'0 self i} + any [ return' (result:usize)-> {[%#span24] result = index_logic'0 self i} (! return' {result}) ] function deref'0 (self : Snapshot'0.t_snapshot (borrowed (Memory'0.t_memory))) : borrowed (Memory'0.t_memory) - constant null'0 : usize = [%#span29] (18446744073709551615 : usize) + constant null'0 : usize = [%#span25] (18446744073709551615 : usize) predicate mem_is_well_formed'0 [#"../list_reversal_lasso.rs" 55 4 55 43] (self : Memory'0.t_memory) = - [%#span30] forall i : usize . nonnull_ptr'0 self i + [%#span26] forall i : usize . nonnull_ptr'0 self i -> index_logic'0 self i = null'0 \/ nonnull_ptr'0 self (index_logic'0 self i) function new'0 (x : borrowed (Memory'0.t_memory)) : Snapshot'0.t_snapshot (borrowed (Memory'0.t_memory)) - axiom new'0_spec : forall x : borrowed (Memory'0.t_memory) . ([%#span31] inv'0 x) - -> ([%#span32] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : borrowed (Memory'0.t_memory) . ([%#span27] inv'0 x) + -> ([%#span28] deref'0 (new'0 x) = x) let rec list_reversal_safe (self:borrowed (Memory'0.t_memory)) (l:usize) (return' (ret:usize))= {[%#slist_reversal_lasso6] l = null'0 @@ -822,79 +759,72 @@ module ListReversalLasso_Impl4_ListReversalList let%span slist_reversal_lasso8 = "../list_reversal_lasso.rs" 98 14 98 47 - let%span span9 = "" 0 0 0 0 + let%span span9 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span10 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span10 = "" 0 0 0 0 - let%span span11 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span11 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 let%span span12 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 let%span span13 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span14 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span14 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span15 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span15 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span16 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 + let%span span16 = "../../../../creusot-contracts/src/logic/ops.rs" 31 8 31 32 - let%span span17 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span17 = "../list_reversal_lasso.rs" 21 8 21 31 - let%span span18 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span18 = "../list_reversal_lasso.rs" 50 20 50 70 - let%span span19 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span19 = "../list_reversal_lasso.rs" 83 12 85 98 - let%span span20 = "../../../../creusot-contracts/src/logic/ops.rs" 31 8 31 32 + let%span span20 = "../list_reversal_lasso.rs" 13 0 13 15 - let%span span21 = "../list_reversal_lasso.rs" 21 8 21 31 + let%span span21 = "../list_reversal_lasso.rs" 93 12 93 53 - let%span span22 = "../list_reversal_lasso.rs" 50 20 50 70 + let%span span22 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span23 = "../list_reversal_lasso.rs" 83 12 85 98 + let%span span23 = "" 0 0 0 0 - let%span span24 = "../list_reversal_lasso.rs" 13 0 13 15 + let%span span24 = "" 0 0 0 0 - let%span span25 = "../list_reversal_lasso.rs" 93 12 93 53 + let%span span25 = "../../../../creusot-contracts/src/std/mem.rs" 8 22 8 34 - let%span span26 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span26 = "../../../../creusot-contracts/src/std/mem.rs" 9 22 9 37 let%span span27 = "" 0 0 0 0 - let%span span28 = "" 0 0 0 0 - - let%span span29 = "../../../../creusot-contracts/src/std/mem.rs" 8 22 8 34 - - let%span span30 = "../../../../creusot-contracts/src/std/mem.rs" 9 22 9 37 - - let%span span31 = "" 0 0 0 0 - - let%span span32 = "../list_reversal_lasso.rs" 36 15 36 34 + let%span span28 = "../list_reversal_lasso.rs" 36 15 36 34 - let%span span33 = "../list_reversal_lasso.rs" 37 14 37 47 + let%span span29 = "../list_reversal_lasso.rs" 37 14 37 47 - let%span span34 = "../list_reversal_lasso.rs" 38 14 38 47 + let%span span30 = "../list_reversal_lasso.rs" 38 14 38 47 - let%span span35 = "../list_reversal_lasso.rs" 39 14 39 47 + let%span span31 = "../list_reversal_lasso.rs" 39 14 39 47 - let%span span36 = "../list_reversal_lasso.rs" 40 4 40 113 + let%span span32 = "../list_reversal_lasso.rs" 40 4 40 113 - let%span span37 = "../../../../creusot-contracts/src/logic/seq2.rs" 115 19 115 23 + let%span span33 = "../../../../creusot-contracts/src/logic/seq2.rs" 114 14 114 40 - let%span span38 = "../../../../creusot-contracts/src/logic/seq2.rs" 113 14 113 40 + let%span span34 = "../../../../creusot-contracts/src/logic/seq2.rs" 115 4 115 100 - let%span span39 = "../../../../creusot-contracts/src/logic/seq2.rs" 114 4 114 100 + let%span span35 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span40 = "../../../../creusot-contracts/src/logic/seq2.rs" 115 4 115 32 - - let%span span41 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - - let%span span42 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span36 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 use prelude.prelude.UIntSize use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'2 (_x : Seq'0.t_seq usize) + predicate invariant'5 (self : Seq'0.t_seq usize) = + [%#span9] true + + predicate inv'5 (_x : Seq'0.t_seq usize) + + axiom inv'5 : forall x : Seq'0.t_seq usize . inv'5 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -904,54 +834,44 @@ module ListReversalLasso_Impl4_ListReversalList use prelude.prelude.Int - constant max'0 : usize = [%#span9] (18446744073709551615 : usize) - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + constant max'0 : usize = [%#span10] (18446744073709551615 : usize) function len'0 (self : Seq'0.t_seq usize) : int - axiom len'0_spec : forall self : Seq'0.t_seq usize . ([%#span10] inv'2 self) -> ([%#span11] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq usize . [%#span11] len'0 self >= 0 - predicate inv'5 (_x : Vec'0.t_vec usize (Global'0.t_global)) + predicate inv'4 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span12] inv'5 self) - -> ([%#span14] inv'2 (shallow_model'0 self)) - && ([%#span13] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span12] inv'4 self) + -> ([%#span13] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) - predicate invariant'5 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span15] inv'2 (shallow_model'0 self) + predicate invariant'4 (self : Vec'0.t_vec usize (Global'0.t_global)) = + [%#span14] inv'5 (shallow_model'0 self) - axiom inv'5 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'5 x = true + axiom inv'4 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'4 x = true - predicate invariant'4 (self : usize) = - [%#span16] true + predicate invariant'3 (self : usize) = + [%#span9] true - predicate inv'4 (_x : usize) + predicate inv'3 (_x : usize) - axiom inv'4 : forall x : usize . inv'4 x = true + axiom inv'3 : forall x : usize . inv'3 x = true use prelude.prelude.Borrow - predicate invariant'3 (self : borrowed usize) = - [%#span16] true - - predicate inv'3 (_x : borrowed usize) - - axiom inv'3 : forall x : borrowed usize . inv'3 x = true + predicate invariant'2 (self : borrowed usize) = + [%#span9] true - predicate invariant'2 (self : Seq'0.t_seq usize) = - [%#span16] true + predicate inv'2 (_x : borrowed usize) - axiom inv'2 : forall x : Seq'0.t_seq usize . inv'2 x = true + axiom inv'2 : forall x : borrowed usize . inv'2 x = true use ListReversalLasso_Memory_Type as Memory'0 predicate invariant'1 (self : borrowed (Memory'0.t_memory)) = - [%#span16] true + [%#span9] true predicate inv'1 (_x : borrowed (Memory'0.t_memory)) @@ -960,93 +880,86 @@ module ListReversalLasso_Impl4_ListReversalList use prelude.prelude.Int predicate invariant'0 (self : int) = - [%#span16] true + [%#span9] true predicate inv'0 (_x : int) axiom inv'0 : forall x : int . inv'0 x = true - constant empty'0 : Seq'0.t_seq usize = [%#span17] () + constant empty'0 : Seq'0.t_seq usize - function empty_len'0 (_1 : ()) : () = - [%#span19] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span18] len'0 (empty'0 : Seq'0.t_seq usize) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span15] len'0 (empty'0 : Seq'0.t_seq usize) = 0 - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'0 (self : Seq'0.t_seq usize) (_2 : int) : usize function index_logic'2 [@inline:trivial] (self : Vec'0.t_vec usize (Global'0.t_global)) (ix : usize) : usize = - [%#span20] index_logic'0 (shallow_model'0 self) (UIntSize.to_int ix) + [%#span16] index_logic'0 (shallow_model'0 self) (UIntSize.to_int ix) use ListReversalLasso_Memory_Type as ListReversalLasso_Memory_Type function index_logic'1 [#"../list_reversal_lasso.rs" 20 4 20 39] (self : Memory'0.t_memory) (i : usize) : usize = - [%#span21] index_logic'2 (ListReversalLasso_Memory_Type.memory_0 self) i + [%#span17] index_logic'2 (ListReversalLasso_Memory_Type.memory_0 self) i predicate nonnull_ptr'0 [#"../list_reversal_lasso.rs" 49 4 49 44] (self : Memory'0.t_memory) (i : usize) = - [%#span22] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) <= UIntSize.to_int (max'0 : usize) + [%#span18] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) <= UIntSize.to_int (max'0 : usize) /\ UIntSize.to_int i < len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) predicate list_seg'0 [#"../list_reversal_lasso.rs" 81 4 81 81] (self : Memory'0.t_memory) (first : usize) (s : Seq'0.t_seq usize) (last : usize) (l : int) (h : int) = - [%#span23] first = (if h = l then last else index_logic'0 s l) + [%#span19] first = (if h = l then last else index_logic'0 s l) /\ (forall i : int . l <= i /\ i < h -> nonnull_ptr'0 self (index_logic'0 s i) /\ index_logic'1 self (index_logic'0 s i) = (if i = h - 1 then last else index_logic'0 s (i + 1))) /\ (forall j : int . forall i : int . l <= i /\ i < h /\ l <= j /\ j < h /\ i <> j -> index_logic'0 s i <> index_logic'0 s j) - constant null'0 : usize = [%#span24] (18446744073709551615 : usize) + constant null'0 : usize = [%#span20] (18446744073709551615 : usize) predicate list'0 [#"../list_reversal_lasso.rs" 91 4 91 54] (self : Memory'0.t_memory) (first : usize) (s : Seq'0.t_seq usize) = - [%#span25] list_seg'0 self first s null'0 0 (len'0 s) + [%#span21] list_seg'0 self first s null'0 0 (len'0 s) use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic predicate resolve'1 (self : borrowed (Memory'0.t_memory)) = - [%#span26] ^ self = * self + [%#span22] ^ self = * self predicate resolve'0 (self : borrowed usize) = - [%#span26] ^ self = * self + [%#span22] ^ self = * self - let rec replace'0 (dest:borrowed usize) (src:usize) (return' (ret:usize))= {[@expl:precondition] [%#span28] inv'4 src} - {[@expl:precondition] [%#span27] inv'3 dest} + let rec replace'0 (dest:borrowed usize) (src:usize) (return' (ret:usize))= {[@expl:precondition] [%#span24] inv'3 src} + {[@expl:precondition] [%#span23] inv'2 dest} any - [ return' (result:usize)-> {[%#span31] inv'4 result} - {[%#span30] result = * dest} - {[%#span29] ^ dest = src} + [ return' (result:usize)-> {[%#span27] inv'3 result} + {[%#span26] result = * dest} + {[%#span25] ^ dest = src} (! return' {result}) ] - let rec index_mut'0 (self:borrowed (Memory'0.t_memory)) (i:usize) (return' (ret:borrowed usize))= {[@expl:precondition] [%#span32] nonnull_ptr'0 ( * self) i} + let rec index_mut'0 (self:borrowed (Memory'0.t_memory)) (i:usize) (return' (ret:borrowed usize))= {[@expl:precondition] [%#span28] nonnull_ptr'0 ( * self) i} any - [ return' (result:borrowed usize)-> {[%#span36] forall j : usize . nonnull_ptr'0 ( * self) j /\ i <> j + [ return' (result:borrowed usize)-> {[%#span32] forall j : usize . nonnull_ptr'0 ( * self) j /\ i <> j -> index_logic'1 ( ^ self) j = index_logic'1 ( * self) j} - {[%#span35] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 ( * self))) + {[%#span31] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 ( * self))) = len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 ( ^ self)))} - {[%#span34] ^ result = index_logic'1 ( ^ self) i} - {[%#span33] * result = index_logic'1 ( * self) i} + {[%#span30] ^ result = index_logic'1 ( ^ self) i} + {[%#span29] * result = index_logic'1 ( * self) i} (! return' {result}) ] function deref'2 (self : Snapshot'0.t_snapshot (borrowed (Memory'0.t_memory))) : borrowed (Memory'0.t_memory) - use seq.Reverse - function reverse'0 (self : Seq'0.t_seq usize) : Seq'0.t_seq usize - axiom reverse'0_spec : forall self : Seq'0.t_seq usize . ([%#span37] inv'2 self) - -> ([%#span40] inv'2 (reverse'0 self)) - && ([%#span39] forall i : int . 0 <= i /\ i < len'0 (reverse'0 self) - -> index_logic'0 (reverse'0 self) i = index_logic'0 self (len'0 self - 1 - i)) - && ([%#span38] len'0 (reverse'0 self) = len'0 self) + axiom reverse'0_spec : forall self : Seq'0.t_seq usize . ([%#span34] forall i : int . 0 <= i + /\ i < len'0 (reverse'0 self) -> index_logic'0 (reverse'0 self) i = index_logic'0 self (len'0 self - 1 - i)) + && ([%#span33] len'0 (reverse'0 self) = len'0 self) function deref'1 (self : Snapshot'0.t_snapshot (Seq'0.t_seq usize)) : Seq'0.t_seq usize @@ -1054,12 +967,12 @@ module ListReversalLasso_Impl4_ListReversalList function new'1 (x : borrowed (Memory'0.t_memory)) : Snapshot'0.t_snapshot (borrowed (Memory'0.t_memory)) - axiom new'1_spec : forall x : borrowed (Memory'0.t_memory) . ([%#span41] inv'1 x) - -> ([%#span42] deref'2 (new'1 x) = x) + axiom new'1_spec : forall x : borrowed (Memory'0.t_memory) . ([%#span35] inv'1 x) + -> ([%#span36] deref'2 (new'1 x) = x) function new'0 (x : int) : Snapshot'0.t_snapshot int - axiom new'0_spec : forall x : int . ([%#span41] inv'0 x) -> ([%#span42] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : int . ([%#span35] inv'0 x) -> ([%#span36] deref'0 (new'0 x) = x) let rec list_reversal_list (self:borrowed (Memory'0.t_memory)) (l:usize) (s:Snapshot'0.t_snapshot (Seq'0.t_seq usize)) (return' (ret:usize))= {[%#slist_reversal_lasso7] list'0 ( * self) l (deref'1 s)} (! bb0 @@ -1165,109 +1078,90 @@ module ListReversalLasso_Impl4_ListReversalLoop let%span slist_reversal_lasso10 = "../list_reversal_lasso.rs" 124 14 124 101 - let%span span11 = "" 0 0 0 0 + let%span span11 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span12 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span12 = "" 0 0 0 0 - let%span span13 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span13 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 let%span span14 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 let%span span15 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span16 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 - - let%span span17 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - - let%span span18 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - - let%span span19 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span20 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span21 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span16 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span22 = "../../../../creusot-contracts/src/logic/ops.rs" 31 8 31 32 + let%span span17 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span23 = "../list_reversal_lasso.rs" 21 8 21 31 + let%span span18 = "../../../../creusot-contracts/src/logic/ops.rs" 31 8 31 32 - let%span span24 = "../list_reversal_lasso.rs" 50 20 50 70 + let%span span19 = "../list_reversal_lasso.rs" 21 8 21 31 - let%span span25 = "../list_reversal_lasso.rs" 83 12 85 98 + let%span span20 = "../list_reversal_lasso.rs" 50 20 50 70 - let%span span26 = "../list_reversal_lasso.rs" 118 12 118 53 + let%span span21 = "../list_reversal_lasso.rs" 83 12 85 98 - let%span span27 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span22 = "../list_reversal_lasso.rs" 118 12 118 53 - let%span span28 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span23 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span29 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span24 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span30 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span25 = "../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span span31 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span26 = "../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span span32 = "../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 + let%span span27 = "../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span span33 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 + let%span span28 = "../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span34 = "../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 + let%span span29 = "../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span35 = "../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 + let%span span30 = "../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span36 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 + let%span span31 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span37 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span32 = "" 0 0 0 0 - let%span span38 = "../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span33 = "" 0 0 0 0 - let%span span39 = "../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span34 = "../../../../creusot-contracts/src/std/mem.rs" 8 22 8 34 - let%span span40 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span35 = "../../../../creusot-contracts/src/std/mem.rs" 9 22 9 37 - let%span span41 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span36 = "" 0 0 0 0 - let%span span42 = "" 0 0 0 0 + let%span span37 = "../list_reversal_lasso.rs" 36 15 36 34 - let%span span43 = "" 0 0 0 0 + let%span span38 = "../list_reversal_lasso.rs" 37 14 37 47 - let%span span44 = "../../../../creusot-contracts/src/std/mem.rs" 8 22 8 34 + let%span span39 = "../list_reversal_lasso.rs" 38 14 38 47 - let%span span45 = "../../../../creusot-contracts/src/std/mem.rs" 9 22 9 37 + let%span span40 = "../list_reversal_lasso.rs" 39 14 39 47 - let%span span46 = "" 0 0 0 0 + let%span span41 = "../list_reversal_lasso.rs" 40 4 40 113 - let%span span47 = "../list_reversal_lasso.rs" 36 15 36 34 + let%span span42 = "../../../../creusot-contracts/src/logic/seq2.rs" 114 14 114 40 - let%span span48 = "../list_reversal_lasso.rs" 37 14 37 47 + let%span span43 = "../../../../creusot-contracts/src/logic/seq2.rs" 115 4 115 100 - let%span span49 = "../list_reversal_lasso.rs" 38 14 38 47 + let%span span44 = "../../../../creusot-contracts/src/logic/ops.rs" 87 8 87 33 - let%span span50 = "../list_reversal_lasso.rs" 39 14 39 47 + let%span span45 = "../list_reversal_lasso.rs" 13 0 13 15 - let%span span51 = "../list_reversal_lasso.rs" 40 4 40 113 + let%span span46 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span52 = "../../../../creusot-contracts/src/logic/seq2.rs" 115 19 115 23 - - let%span span53 = "../../../../creusot-contracts/src/logic/seq2.rs" 113 14 113 40 - - let%span span54 = "../../../../creusot-contracts/src/logic/seq2.rs" 114 4 114 100 - - let%span span55 = "../../../../creusot-contracts/src/logic/seq2.rs" 115 4 115 32 - - let%span span56 = "../../../../creusot-contracts/src/logic/ops.rs" 87 8 87 33 - - let%span span57 = "../list_reversal_lasso.rs" 13 0 13 15 - - let%span span58 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - - let%span span59 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span47 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 use prelude.prelude.UIntSize use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'2 (_x : Seq'0.t_seq usize) + predicate invariant'5 (self : Seq'0.t_seq usize) = + [%#span11] true + + predicate inv'5 (_x : Seq'0.t_seq usize) + + axiom inv'5 : forall x : Seq'0.t_seq usize . inv'5 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -1277,54 +1171,44 @@ module ListReversalLasso_Impl4_ListReversalLoop use prelude.prelude.Int - constant max'0 : usize = [%#span11] (18446744073709551615 : usize) - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + constant max'0 : usize = [%#span12] (18446744073709551615 : usize) function len'0 (self : Seq'0.t_seq usize) : int - axiom len'0_spec : forall self : Seq'0.t_seq usize . ([%#span12] inv'2 self) -> ([%#span13] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq usize . [%#span13] len'0 self >= 0 - predicate inv'5 (_x : Vec'0.t_vec usize (Global'0.t_global)) + predicate inv'4 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span14] inv'5 self) - -> ([%#span16] inv'2 (shallow_model'0 self)) - && ([%#span15] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span14] inv'4 self) + -> ([%#span15] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) - predicate invariant'5 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span17] inv'2 (shallow_model'0 self) + predicate invariant'4 (self : Vec'0.t_vec usize (Global'0.t_global)) = + [%#span16] inv'5 (shallow_model'0 self) - axiom inv'5 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'5 x = true + axiom inv'4 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'4 x = true - predicate invariant'4 (self : usize) = - [%#span18] true + predicate invariant'3 (self : usize) = + [%#span11] true - predicate inv'4 (_x : usize) + predicate inv'3 (_x : usize) - axiom inv'4 : forall x : usize . inv'4 x = true + axiom inv'3 : forall x : usize . inv'3 x = true use prelude.prelude.Borrow - predicate invariant'3 (self : borrowed usize) = - [%#span18] true - - predicate inv'3 (_x : borrowed usize) - - axiom inv'3 : forall x : borrowed usize . inv'3 x = true + predicate invariant'2 (self : borrowed usize) = + [%#span11] true - predicate invariant'2 (self : Seq'0.t_seq usize) = - [%#span18] true + predicate inv'2 (_x : borrowed usize) - axiom inv'2 : forall x : Seq'0.t_seq usize . inv'2 x = true + axiom inv'2 : forall x : borrowed usize . inv'2 x = true use ListReversalLasso_Memory_Type as Memory'0 predicate invariant'1 (self : borrowed (Memory'0.t_memory)) = - [%#span18] true + [%#span11] true predicate inv'1 (_x : borrowed (Memory'0.t_memory)) @@ -1333,39 +1217,36 @@ module ListReversalLasso_Impl4_ListReversalLoop use prelude.prelude.Int predicate invariant'0 (self : int) = - [%#span18] true + [%#span11] true predicate inv'0 (_x : int) axiom inv'0 : forall x : int . inv'0 x = true - constant empty'0 : Seq'0.t_seq usize = [%#span19] () + constant empty'0 : Seq'0.t_seq usize - function empty_len'0 (_1 : ()) : () = - [%#span21] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span20] len'0 (empty'0 : Seq'0.t_seq usize) = 0 - - use seq.Seq + axiom empty_len'0_spec : forall _1 : () . [%#span17] len'0 (empty'0 : Seq'0.t_seq usize) = 0 - function index_logic'2 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'2 (self : Seq'0.t_seq usize) (_2 : int) : usize function index_logic'3 [@inline:trivial] (self : Vec'0.t_vec usize (Global'0.t_global)) (ix : usize) : usize = - [%#span22] index_logic'2 (shallow_model'0 self) (UIntSize.to_int ix) + [%#span18] index_logic'2 (shallow_model'0 self) (UIntSize.to_int ix) use ListReversalLasso_Memory_Type as ListReversalLasso_Memory_Type function index_logic'1 [#"../list_reversal_lasso.rs" 20 4 20 39] (self : Memory'0.t_memory) (i : usize) : usize = - [%#span23] index_logic'3 (ListReversalLasso_Memory_Type.memory_0 self) i + [%#span19] index_logic'3 (ListReversalLasso_Memory_Type.memory_0 self) i predicate nonnull_ptr'0 [#"../list_reversal_lasso.rs" 49 4 49 44] (self : Memory'0.t_memory) (i : usize) = - [%#span24] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) <= UIntSize.to_int (max'0 : usize) + [%#span20] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) <= UIntSize.to_int (max'0 : usize) /\ UIntSize.to_int i < len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) predicate list_seg'0 [#"../list_reversal_lasso.rs" 81 4 81 81] (self : Memory'0.t_memory) (first : usize) (s : Seq'0.t_seq usize) (last : usize) (l : int) (h : int) = - [%#span25] first = (if h = l then last else index_logic'2 s l) + [%#span21] first = (if h = l then last else index_logic'2 s l) /\ (forall i : int . l <= i /\ i < h -> nonnull_ptr'0 self (index_logic'2 s i) /\ index_logic'1 self (index_logic'2 s i) = (if i = h - 1 then last else index_logic'2 s (i + 1))) @@ -1375,99 +1256,84 @@ module ListReversalLasso_Impl4_ListReversalLoop predicate loop'0 [#"../list_reversal_lasso.rs" 116 4 116 55] (self : Memory'0.t_memory) (first : usize) (s : Seq'0.t_seq usize) = - [%#span26] list_seg'0 self first s (index_logic'2 s 0) 0 (len'0 s) + [%#span22] list_seg'0 self first s (index_logic'2 s 0) 0 (len'0 s) use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic - use seq.Seq - function concat'0 (self : Seq'0.t_seq usize) (other : Seq'0.t_seq usize) : Seq'0.t_seq usize - axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span27] inv'2 self) - -> ([%#span28] inv'2 other) - -> ([%#span31] inv'2 (concat'0 self other)) - && ([%#span30] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span24] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'2 (concat'0 self other) i = (if i < len'0 self then index_logic'2 self i else index_logic'2 other (i - len'0 self))) - && ([%#span29] len'0 (concat'0 self other) = len'0 self + len'0 other) - - use prelude.seq_ext.SeqExt + && ([%#span23] len'0 (concat'0 self other) = len'0 self + len'0 other) function subsequence'0 (self : Seq'0.t_seq usize) (n : int) (m : int) : Seq'0.t_seq usize - axiom subsequence'0_spec : forall self : Seq'0.t_seq usize, n : int, m : int . ([%#span32] 0 <= n + axiom subsequence'0_spec : forall self : Seq'0.t_seq usize, n : int, m : int . ([%#span25] 0 <= n /\ n <= m /\ m <= len'0 self) - -> ([%#span33] inv'2 self) - -> ([%#span36] inv'2 (subsequence'0 self n m)) - && ([%#span35] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) + -> ([%#span27] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) -> index_logic'2 (subsequence'0 self n m) i = index_logic'2 self (n + i)) - && ([%#span34] len'0 (subsequence'0 self n m) = m - n) - - use seq.Seq + && ([%#span26] len'0 (subsequence'0 self n m) = m - n) function singleton'0 (v : usize) : Seq'0.t_seq usize - axiom singleton'0_spec : forall v : usize . ([%#span37] inv'4 v) - -> ([%#span40] inv'2 (singleton'0 v)) - && ([%#span39] index_logic'2 (singleton'0 v) 0 = v) && ([%#span38] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : usize . ([%#span28] inv'3 v) + -> ([%#span30] index_logic'2 (singleton'0 v) 0 = v) && ([%#span29] len'0 (singleton'0 v) = 1) predicate resolve'1 (self : borrowed (Memory'0.t_memory)) = - [%#span41] ^ self = * self + [%#span31] ^ self = * self predicate resolve'0 (self : borrowed usize) = - [%#span41] ^ self = * self + [%#span31] ^ self = * self - let rec replace'0 (dest:borrowed usize) (src:usize) (return' (ret:usize))= {[@expl:precondition] [%#span43] inv'4 src} - {[@expl:precondition] [%#span42] inv'3 dest} + let rec replace'0 (dest:borrowed usize) (src:usize) (return' (ret:usize))= {[@expl:precondition] [%#span33] inv'3 src} + {[@expl:precondition] [%#span32] inv'2 dest} any - [ return' (result:usize)-> {[%#span46] inv'4 result} - {[%#span45] result = * dest} - {[%#span44] ^ dest = src} + [ return' (result:usize)-> {[%#span36] inv'3 result} + {[%#span35] result = * dest} + {[%#span34] ^ dest = src} (! return' {result}) ] - let rec index_mut'0 (self:borrowed (Memory'0.t_memory)) (i:usize) (return' (ret:borrowed usize))= {[@expl:precondition] [%#span47] nonnull_ptr'0 ( * self) i} + let rec index_mut'0 (self:borrowed (Memory'0.t_memory)) (i:usize) (return' (ret:borrowed usize))= {[@expl:precondition] [%#span37] nonnull_ptr'0 ( * self) i} any - [ return' (result:borrowed usize)-> {[%#span51] forall j : usize . nonnull_ptr'0 ( * self) j /\ i <> j + [ return' (result:borrowed usize)-> {[%#span41] forall j : usize . nonnull_ptr'0 ( * self) j /\ i <> j -> index_logic'1 ( ^ self) j = index_logic'1 ( * self) j} - {[%#span50] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 ( * self))) + {[%#span40] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 ( * self))) = len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 ( ^ self)))} - {[%#span49] ^ result = index_logic'1 ( ^ self) i} - {[%#span48] * result = index_logic'1 ( * self) i} + {[%#span39] ^ result = index_logic'1 ( ^ self) i} + {[%#span38] * result = index_logic'1 ( * self) i} (! return' {result}) ] function deref'2 (self : Snapshot'0.t_snapshot (borrowed (Memory'0.t_memory))) : borrowed (Memory'0.t_memory) - use seq.Reverse - function reverse'0 (self : Seq'0.t_seq usize) : Seq'0.t_seq usize - axiom reverse'0_spec : forall self : Seq'0.t_seq usize . ([%#span52] inv'2 self) - -> ([%#span55] inv'2 (reverse'0 self)) - && ([%#span54] forall i : int . 0 <= i /\ i < len'0 (reverse'0 self) - -> index_logic'2 (reverse'0 self) i = index_logic'2 self (len'0 self - 1 - i)) - && ([%#span53] len'0 (reverse'0 self) = len'0 self) + axiom reverse'0_spec : forall self : Seq'0.t_seq usize . ([%#span43] forall i : int . 0 <= i + /\ i < len'0 (reverse'0 self) -> index_logic'2 (reverse'0 self) i = index_logic'2 self (len'0 self - 1 - i)) + && ([%#span42] len'0 (reverse'0 self) = len'0 self) function deref'1 (self : Snapshot'0.t_snapshot (Seq'0.t_seq usize)) : Seq'0.t_seq usize function index_logic'0 [@inline:trivial] (self : Snapshot'0.t_snapshot (Seq'0.t_seq usize)) (ix : int) : usize = - [%#span56] index_logic'2 (deref'1 self) ix + [%#span44] index_logic'2 (deref'1 self) ix - constant null'0 : usize = [%#span57] (18446744073709551615 : usize) + constant null'0 : usize = [%#span45] (18446744073709551615 : usize) function deref'0 (self : Snapshot'0.t_snapshot int) : int function new'1 (x : borrowed (Memory'0.t_memory)) : Snapshot'0.t_snapshot (borrowed (Memory'0.t_memory)) - axiom new'1_spec : forall x : borrowed (Memory'0.t_memory) . ([%#span58] inv'1 x) - -> ([%#span59] deref'2 (new'1 x) = x) + axiom new'1_spec : forall x : borrowed (Memory'0.t_memory) . ([%#span46] inv'1 x) + -> ([%#span47] deref'2 (new'1 x) = x) function new'0 (x : int) : Snapshot'0.t_snapshot int - axiom new'0_spec : forall x : int . ([%#span58] inv'0 x) -> ([%#span59] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : int . ([%#span46] inv'0 x) -> ([%#span47] deref'0 (new'0 x) = x) let rec list_reversal_loop (self:borrowed (Memory'0.t_memory)) (l:usize) (s:Snapshot'0.t_snapshot (Seq'0.t_seq usize)) (return' (ret:usize))= {[%#slist_reversal_lasso9] loop'0 ( * self) l (deref'1 s)} {[%#slist_reversal_lasso8] len'0 (deref'1 s) > 0} @@ -1587,81 +1453,74 @@ module ListReversalLasso_Impl4_ListReversalLasso let%span slist_reversal_lasso7 = "../list_reversal_lasso.rs" 162 14 162 54 - let%span span8 = "" 0 0 0 0 + let%span span8 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span9 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span9 = "" 0 0 0 0 - let%span span10 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span10 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 let%span span11 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 let%span span12 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span13 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span13 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span14 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span14 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span15 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 + let%span span15 = "../../../../creusot-contracts/src/logic/ops.rs" 31 8 31 32 - let%span span16 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span16 = "../list_reversal_lasso.rs" 21 8 21 31 - let%span span17 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span17 = "../list_reversal_lasso.rs" 50 20 50 70 - let%span span18 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span18 = "../list_reversal_lasso.rs" 83 12 85 98 - let%span span19 = "../../../../creusot-contracts/src/logic/ops.rs" 31 8 31 32 + let%span span19 = "../list_reversal_lasso.rs" 152 8 158 9 - let%span span20 = "../list_reversal_lasso.rs" 21 8 21 31 + let%span span20 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span21 = "../list_reversal_lasso.rs" 50 20 50 70 + let%span span21 = "" 0 0 0 0 - let%span span22 = "../list_reversal_lasso.rs" 83 12 85 98 + let%span span22 = "" 0 0 0 0 - let%span span23 = "../list_reversal_lasso.rs" 152 8 158 9 + let%span span23 = "../../../../creusot-contracts/src/std/mem.rs" 8 22 8 34 - let%span span24 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span24 = "../../../../creusot-contracts/src/std/mem.rs" 9 22 9 37 let%span span25 = "" 0 0 0 0 - let%span span26 = "" 0 0 0 0 - - let%span span27 = "../../../../creusot-contracts/src/std/mem.rs" 8 22 8 34 + let%span span26 = "../list_reversal_lasso.rs" 36 15 36 34 - let%span span28 = "../../../../creusot-contracts/src/std/mem.rs" 9 22 9 37 + let%span span27 = "../list_reversal_lasso.rs" 37 14 37 47 - let%span span29 = "" 0 0 0 0 + let%span span28 = "../list_reversal_lasso.rs" 38 14 38 47 - let%span span30 = "../list_reversal_lasso.rs" 36 15 36 34 + let%span span29 = "../list_reversal_lasso.rs" 39 14 39 47 - let%span span31 = "../list_reversal_lasso.rs" 37 14 37 47 + let%span span30 = "../list_reversal_lasso.rs" 40 4 40 113 - let%span span32 = "../list_reversal_lasso.rs" 38 14 38 47 + let%span span31 = "../list_reversal_lasso.rs" 13 0 13 15 - let%span span33 = "../list_reversal_lasso.rs" 39 14 39 47 + let%span span32 = "../../../../creusot-contracts/src/logic/seq2.rs" 114 14 114 40 - let%span span34 = "../list_reversal_lasso.rs" 40 4 40 113 + let%span span33 = "../../../../creusot-contracts/src/logic/seq2.rs" 115 4 115 100 - let%span span35 = "../list_reversal_lasso.rs" 13 0 13 15 + let%span span34 = "../../../../creusot-contracts/src/logic/ops.rs" 87 8 87 33 - let%span span36 = "../../../../creusot-contracts/src/logic/seq2.rs" 115 19 115 23 + let%span span35 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span37 = "../../../../creusot-contracts/src/logic/seq2.rs" 113 14 113 40 - - let%span span38 = "../../../../creusot-contracts/src/logic/seq2.rs" 114 4 114 100 - - let%span span39 = "../../../../creusot-contracts/src/logic/seq2.rs" 115 4 115 32 - - let%span span40 = "../../../../creusot-contracts/src/logic/ops.rs" 87 8 87 33 - - let%span span41 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - - let%span span42 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span36 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 use prelude.prelude.UIntSize use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'2 (_x : Seq'0.t_seq usize) + predicate invariant'5 (self : Seq'0.t_seq usize) = + [%#span8] true + + predicate inv'5 (_x : Seq'0.t_seq usize) + + axiom inv'5 : forall x : Seq'0.t_seq usize . inv'5 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -1671,54 +1530,44 @@ module ListReversalLasso_Impl4_ListReversalLasso use prelude.prelude.Int - constant max'0 : usize = [%#span8] (18446744073709551615 : usize) - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + constant max'0 : usize = [%#span9] (18446744073709551615 : usize) function len'0 (self : Seq'0.t_seq usize) : int - axiom len'0_spec : forall self : Seq'0.t_seq usize . ([%#span9] inv'2 self) -> ([%#span10] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq usize . [%#span10] len'0 self >= 0 - predicate inv'5 (_x : Vec'0.t_vec usize (Global'0.t_global)) + predicate inv'4 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span11] inv'5 self) - -> ([%#span13] inv'2 (shallow_model'0 self)) - && ([%#span12] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span11] inv'4 self) + -> ([%#span12] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) - predicate invariant'5 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span14] inv'2 (shallow_model'0 self) + predicate invariant'4 (self : Vec'0.t_vec usize (Global'0.t_global)) = + [%#span13] inv'5 (shallow_model'0 self) - axiom inv'5 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'5 x = true + axiom inv'4 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'4 x = true - predicate invariant'4 (self : usize) = - [%#span15] true + predicate invariant'3 (self : usize) = + [%#span8] true - predicate inv'4 (_x : usize) + predicate inv'3 (_x : usize) - axiom inv'4 : forall x : usize . inv'4 x = true + axiom inv'3 : forall x : usize . inv'3 x = true use prelude.prelude.Borrow - predicate invariant'3 (self : borrowed usize) = - [%#span15] true - - predicate inv'3 (_x : borrowed usize) - - axiom inv'3 : forall x : borrowed usize . inv'3 x = true + predicate invariant'2 (self : borrowed usize) = + [%#span8] true - predicate invariant'2 (self : Seq'0.t_seq usize) = - [%#span15] true + predicate inv'2 (_x : borrowed usize) - axiom inv'2 : forall x : Seq'0.t_seq usize . inv'2 x = true + axiom inv'2 : forall x : borrowed usize . inv'2 x = true use ListReversalLasso_Memory_Type as Memory'0 predicate invariant'1 (self : borrowed (Memory'0.t_memory)) = - [%#span15] true + [%#span8] true predicate inv'1 (_x : borrowed (Memory'0.t_memory)) @@ -1727,39 +1576,36 @@ module ListReversalLasso_Impl4_ListReversalLasso use prelude.prelude.Int predicate invariant'0 (self : int) = - [%#span15] true + [%#span8] true predicate inv'0 (_x : int) axiom inv'0 : forall x : int . inv'0 x = true - constant empty'0 : Seq'0.t_seq usize = [%#span16] () - - function empty_len'0 (_1 : ()) : () = - [%#span18] () + constant empty'0 : Seq'0.t_seq usize - axiom empty_len'0_spec : forall _1 : () . [%#span17] len'0 (empty'0 : Seq'0.t_seq usize) = 0 + function empty_len'0 (_1 : ()) : () - use seq.Seq + axiom empty_len'0_spec : forall _1 : () . [%#span14] len'0 (empty'0 : Seq'0.t_seq usize) = 0 - function index_logic'1 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'1 (self : Seq'0.t_seq usize) (_2 : int) : usize function index_logic'3 [@inline:trivial] (self : Vec'0.t_vec usize (Global'0.t_global)) (ix : usize) : usize = - [%#span19] index_logic'1 (shallow_model'0 self) (UIntSize.to_int ix) + [%#span15] index_logic'1 (shallow_model'0 self) (UIntSize.to_int ix) use ListReversalLasso_Memory_Type as ListReversalLasso_Memory_Type function index_logic'2 [#"../list_reversal_lasso.rs" 20 4 20 39] (self : Memory'0.t_memory) (i : usize) : usize = - [%#span20] index_logic'3 (ListReversalLasso_Memory_Type.memory_0 self) i + [%#span16] index_logic'3 (ListReversalLasso_Memory_Type.memory_0 self) i predicate nonnull_ptr'0 [#"../list_reversal_lasso.rs" 49 4 49 44] (self : Memory'0.t_memory) (i : usize) = - [%#span21] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) <= UIntSize.to_int (max'0 : usize) + [%#span17] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) <= UIntSize.to_int (max'0 : usize) /\ UIntSize.to_int i < len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) predicate list_seg'0 [#"../list_reversal_lasso.rs" 81 4 81 81] (self : Memory'0.t_memory) (first : usize) (s : Seq'0.t_seq usize) (last : usize) (l : int) (h : int) = - [%#span22] first = (if h = l then last else index_logic'1 s l) + [%#span18] first = (if h = l then last else index_logic'1 s l) /\ (forall i : int . l <= i /\ i < h -> nonnull_ptr'0 self (index_logic'1 s i) /\ index_logic'2 self (index_logic'1 s i) = (if i = h - 1 then last else index_logic'1 s (i + 1))) @@ -1769,7 +1615,7 @@ module ListReversalLasso_Impl4_ListReversalLasso predicate lasso'0 [#"../list_reversal_lasso.rs" 151 4 151 70] (self : Memory'0.t_memory) (first : usize) (s1 : Seq'0.t_seq usize) (s2 : Seq'0.t_seq usize) = - [%#span23] let mid = if len'0 s2 = 0 then index_logic'1 s1 (len'0 s1 - 1) else index_logic'1 s2 0 in len'0 s1 > 0 + [%#span19] let mid = if len'0 s2 = 0 then index_logic'1 s1 (len'0 s1 - 1) else index_logic'1 s2 0 in len'0 s1 > 0 /\ (forall j : int . forall i : int . 0 <= i /\ i < len'0 s1 /\ 0 <= j /\ j < len'0 s2 -> index_logic'1 s1 i <> index_logic'1 s2 j) /\ list_seg'0 self first s1 mid 0 (len'0 s1) @@ -1780,60 +1626,56 @@ module ListReversalLasso_Impl4_ListReversalLasso use prelude.prelude.Intrinsic predicate resolve'1 (self : borrowed (Memory'0.t_memory)) = - [%#span24] ^ self = * self + [%#span20] ^ self = * self predicate resolve'0 (self : borrowed usize) = - [%#span24] ^ self = * self + [%#span20] ^ self = * self - let rec replace'0 (dest:borrowed usize) (src:usize) (return' (ret:usize))= {[@expl:precondition] [%#span26] inv'4 src} - {[@expl:precondition] [%#span25] inv'3 dest} + let rec replace'0 (dest:borrowed usize) (src:usize) (return' (ret:usize))= {[@expl:precondition] [%#span22] inv'3 src} + {[@expl:precondition] [%#span21] inv'2 dest} any - [ return' (result:usize)-> {[%#span29] inv'4 result} - {[%#span28] result = * dest} - {[%#span27] ^ dest = src} + [ return' (result:usize)-> {[%#span25] inv'3 result} + {[%#span24] result = * dest} + {[%#span23] ^ dest = src} (! return' {result}) ] - let rec index_mut'0 (self:borrowed (Memory'0.t_memory)) (i:usize) (return' (ret:borrowed usize))= {[@expl:precondition] [%#span30] nonnull_ptr'0 ( * self) i} + let rec index_mut'0 (self:borrowed (Memory'0.t_memory)) (i:usize) (return' (ret:borrowed usize))= {[@expl:precondition] [%#span26] nonnull_ptr'0 ( * self) i} any - [ return' (result:borrowed usize)-> {[%#span34] forall j : usize . nonnull_ptr'0 ( * self) j /\ i <> j + [ return' (result:borrowed usize)-> {[%#span30] forall j : usize . nonnull_ptr'0 ( * self) j /\ i <> j -> index_logic'2 ( ^ self) j = index_logic'2 ( * self) j} - {[%#span33] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 ( * self))) + {[%#span29] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 ( * self))) = len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 ( ^ self)))} - {[%#span32] ^ result = index_logic'2 ( ^ self) i} - {[%#span31] * result = index_logic'2 ( * self) i} + {[%#span28] ^ result = index_logic'2 ( ^ self) i} + {[%#span27] * result = index_logic'2 ( * self) i} (! return' {result}) ] function deref'2 (self : Snapshot'0.t_snapshot (borrowed (Memory'0.t_memory))) : borrowed (Memory'0.t_memory) - constant null'0 : usize = [%#span35] (18446744073709551615 : usize) - - use seq.Reverse + constant null'0 : usize = [%#span31] (18446744073709551615 : usize) function reverse'0 (self : Seq'0.t_seq usize) : Seq'0.t_seq usize - axiom reverse'0_spec : forall self : Seq'0.t_seq usize . ([%#span36] inv'2 self) - -> ([%#span39] inv'2 (reverse'0 self)) - && ([%#span38] forall i : int . 0 <= i /\ i < len'0 (reverse'0 self) - -> index_logic'1 (reverse'0 self) i = index_logic'1 self (len'0 self - 1 - i)) - && ([%#span37] len'0 (reverse'0 self) = len'0 self) + axiom reverse'0_spec : forall self : Seq'0.t_seq usize . ([%#span33] forall i : int . 0 <= i + /\ i < len'0 (reverse'0 self) -> index_logic'1 (reverse'0 self) i = index_logic'1 self (len'0 self - 1 - i)) + && ([%#span32] len'0 (reverse'0 self) = len'0 self) function deref'1 (self : Snapshot'0.t_snapshot (Seq'0.t_seq usize)) : Seq'0.t_seq usize function index_logic'0 [@inline:trivial] (self : Snapshot'0.t_snapshot (Seq'0.t_seq usize)) (ix : int) : usize = - [%#span40] index_logic'1 (deref'1 self) ix + [%#span34] index_logic'1 (deref'1 self) ix function deref'0 (self : Snapshot'0.t_snapshot int) : int function new'1 (x : borrowed (Memory'0.t_memory)) : Snapshot'0.t_snapshot (borrowed (Memory'0.t_memory)) - axiom new'1_spec : forall x : borrowed (Memory'0.t_memory) . ([%#span41] inv'1 x) - -> ([%#span42] deref'2 (new'1 x) = x) + axiom new'1_spec : forall x : borrowed (Memory'0.t_memory) . ([%#span35] inv'1 x) + -> ([%#span36] deref'2 (new'1 x) = x) function new'0 (x : int) : Snapshot'0.t_snapshot int - axiom new'0_spec : forall x : int . ([%#span41] inv'0 x) -> ([%#span42] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : int . ([%#span35] inv'0 x) -> ([%#span36] deref'0 (new'0 x) = x) let rec list_reversal_lasso (self:borrowed (Memory'0.t_memory)) (l:usize) (s1:Snapshot'0.t_snapshot (Seq'0.t_seq usize)) (s2:Snapshot'0.t_snapshot (Seq'0.t_seq usize)) (return' (ret:usize))= {[%#slist_reversal_lasso6] lasso'0 ( * self) l (deref'1 s1) (deref'1 s2)} (! bb0 @@ -1965,51 +1807,29 @@ module ListReversalLasso_Impl4_FindPtrInSeq_Impl let%span slist_reversal_lasso2 = "../list_reversal_lasso.rs" 203 14 203 25 - let%span sseq23 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span sseq24 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span5 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - - let%span span6 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span sseq23 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span7 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span4 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span8 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + use prelude.prelude.Int use prelude.prelude.UIntSize use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'0 (self : Seq'0.t_seq usize) = - [%#span5] true - - predicate inv'0 (_x : Seq'0.t_seq usize) - - axiom inv'0 : forall x : Seq'0.t_seq usize . inv'0 x = true - - use prelude.prelude.Int - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq usize) : int - axiom len'0_spec : forall self : Seq'0.t_seq usize . ([%#sseq23] inv'0 self) -> ([%#sseq24] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq usize . [%#sseq23] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq usize = [%#span6] () + constant empty'0 : Seq'0.t_seq usize - function empty_len'0 (_1 : ()) : () = - [%#span8] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span7] len'0 (empty'0 : Seq'0.t_seq usize) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span4] len'0 (empty'0 : Seq'0.t_seq usize) = 0 use prelude.prelude.UIntSize - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'0 (self : Seq'0.t_seq usize) (_2 : int) : usize use prelude.prelude.Int @@ -2025,8 +1845,7 @@ module ListReversalLasso_Impl4_FindPtrInSeq_Impl goal vc_find_ptr_in_seq : ([%#slist_reversal_lasso0] 0 <= i /\ i <= len'0 s) - -> ([%#sseq23] inv'0 s) - /\ (([%#sseq24] len'0 s >= 0) + -> ([%#sseq23] len'0 s >= 0) -> match i = len'0 s with | True -> [%#slist_reversal_lasso1] match Option'0.C_None with | Option'0.C_None -> forall j : int . i <= j /\ j < len'0 s -> UIntSize.to_int (index_logic'0 s j) <> p @@ -2049,7 +1868,7 @@ module ListReversalLasso_Impl4_FindPtrInSeq_Impl | Option'0.C_Some j -> i <= j /\ j < len'0 s /\ UIntSize.to_int (index_logic'0 s j) = p end)) end - end) + end end module ListReversalLasso_Impl4_Pigeon_Impl let%span slist_reversal_lasso0 = "../list_reversal_lasso.rs" 213 15 213 21 @@ -2070,95 +1889,56 @@ module ListReversalLasso_Impl4_Pigeon_Impl let%span slist_reversal_lasso8 = "../list_reversal_lasso.rs" 203 14 203 25 - let%span sseq29 = "../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 - - let%span sseq210 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 - - let%span sseq211 = "../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 - - let%span sseq212 = "../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 + let%span sseq29 = "../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span sseq213 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 + let%span sseq210 = "../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span sseq214 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span sseq211 = "../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span sseq215 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span sseq212 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span sseq216 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span sseq213 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span sseq217 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span sseq214 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span sseq218 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span15 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span sseq219 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span16 = "../list_reversal_lasso.rs" 205 8 209 9 - let%span sseq220 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span21 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - - let%span span22 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span23 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span24 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span25 = "../list_reversal_lasso.rs" 205 8 209 9 + use prelude.prelude.Int use prelude.prelude.UIntSize use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'0 (self : Seq'0.t_seq usize) = - [%#span21] true - - predicate inv'0 (_x : Seq'0.t_seq usize) - - axiom inv'0 : forall x : Seq'0.t_seq usize . inv'0 x = true - - use prelude.prelude.Int - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq usize) : int - axiom len'0_spec : forall self : Seq'0.t_seq usize . ([%#sseq214] inv'0 self) -> ([%#sseq215] len'0 self >= 0) - - constant empty'0 : Seq'0.t_seq usize = [%#span22] () + axiom len'0_spec : forall self : Seq'0.t_seq usize . [%#sseq212] len'0 self >= 0 - function empty_len'0 (_1 : ()) : () = - [%#span24] () - - axiom empty_len'0_spec : forall _1 : () . [%#span23] len'0 (empty'0 : Seq'0.t_seq usize) = 0 + constant empty'0 : Seq'0.t_seq usize - use seq.Seq + function empty_len'0 (_1 : ()) : () - use seq.Seq + axiom empty_len'0_spec : forall _1 : () . [%#span15] len'0 (empty'0 : Seq'0.t_seq usize) = 0 - function index_logic'0 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'0 (self : Seq'0.t_seq usize) (_2 : int) : usize function concat'0 (self : Seq'0.t_seq usize) (other : Seq'0.t_seq usize) : Seq'0.t_seq usize - axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#sseq216] inv'0 self) - -> ([%#sseq217] inv'0 other) - -> ([%#sseq220] inv'0 (concat'0 self other)) - && ([%#sseq219] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#sseq214] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#sseq218] len'0 (concat'0 self other) = len'0 self + len'0 other) - - use prelude.seq_ext.SeqExt + && ([%#sseq213] len'0 (concat'0 self other) = len'0 self + len'0 other) function subsequence'0 (self : Seq'0.t_seq usize) (n : int) (m : int) : Seq'0.t_seq usize axiom subsequence'0_spec : forall self : Seq'0.t_seq usize, n : int, m : int . ([%#sseq29] 0 <= n /\ n <= m /\ m <= len'0 self) - -> ([%#sseq210] inv'0 self) - -> ([%#sseq213] inv'0 (subsequence'0 self n m)) - && ([%#sseq212] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) + -> ([%#sseq211] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) -> index_logic'0 (subsequence'0 self n m) i = index_logic'0 self (n + i)) - && ([%#sseq211] len'0 (subsequence'0 self n m) = m - n) + && ([%#sseq210] len'0 (subsequence'0 self n m) = m - n) use prelude.prelude.Int @@ -2170,7 +1950,7 @@ module ListReversalLasso_Impl4_Pigeon_Impl axiom find_ptr_in_seq'0_def : forall s : Seq'0.t_seq usize, i : int, p : int . find_ptr_in_seq'0 s i p - = ([%#span25] if i = len'0 s then + = ([%#span16] if i = len'0 s then Option'0.C_None else if UIntSize.to_int (index_logic'0 s i) = p then Option'0.C_Some i else find_ptr_in_seq'0 s (i + 1) p @@ -2215,21 +1995,16 @@ module ListReversalLasso_Impl4_Pigeon_Impl | Option'0.C_Some j -> i + 1 <= j /\ j < len'0 s /\ UIntSize.to_int (index_logic'0 s j) = n - 1 end) -> match find_ptr_in_seq'0 s (i + 1) (n - 1) with - | Option'0.C_None -> (([%#sseq210] inv'0 s) && ([%#sseq29] 0 <= 0 /\ 0 <= i /\ i <= len'0 s)) - /\ (([%#sseq213] inv'0 (subsequence'0 s 0 i)) - && ([%#sseq212] forall i' : int . 0 <= i' /\ i' < len'0 (subsequence'0 s 0 i) + | Option'0.C_None -> ([%#sseq29] 0 <= 0 /\ 0 <= i /\ i <= len'0 s) + /\ (([%#sseq211] forall i' : int . 0 <= i' /\ i' < len'0 (subsequence'0 s 0 i) -> index_logic'0 (subsequence'0 s 0 i) i' = index_logic'0 s (0 + i')) - && ([%#sseq211] len'0 (subsequence'0 s 0 i) = i - 0) - -> ([%#sseq214] inv'0 s) - /\ (([%#sseq215] len'0 s >= 0) - -> (([%#sseq210] inv'0 s) && ([%#sseq29] 0 <= i + 1 /\ i + 1 <= len'0 s /\ len'0 s <= len'0 s)) - /\ (([%#sseq213] inv'0 (subsequence'0 s (i + 1) (len'0 s))) - && ([%#sseq212] forall i' : int . 0 <= i' /\ i' < len'0 (subsequence'0 s (i + 1) (len'0 s)) + && ([%#sseq210] len'0 (subsequence'0 s 0 i) = i - 0) + -> ([%#sseq212] len'0 s >= 0) + -> ([%#sseq29] 0 <= i + 1 /\ i + 1 <= len'0 s /\ len'0 s <= len'0 s) + /\ (([%#sseq211] forall i' : int . 0 <= i' /\ i' < len'0 (subsequence'0 s (i + 1) (len'0 s)) -> index_logic'0 (subsequence'0 s (i + 1) (len'0 s)) i' = index_logic'0 s (i + 1 + i')) - && ([%#sseq211] len'0 (subsequence'0 s (i + 1) (len'0 s)) = len'0 s - (i + 1)) - -> (([%#sseq217] inv'0 (subsequence'0 s (i + 1) (len'0 s))) && ([%#sseq216] inv'0 (subsequence'0 s 0 i))) - /\ (([%#sseq220] inv'0 (concat'0 (subsequence'0 s 0 i) (subsequence'0 s (i + 1) (len'0 s)))) - && ([%#sseq219] forall i' : int . 0 <= i' + && ([%#sseq210] len'0 (subsequence'0 s (i + 1) (len'0 s)) = len'0 s - (i + 1)) + -> ([%#sseq214] forall i' : int . 0 <= i' /\ i' < len'0 (concat'0 (subsequence'0 s 0 i) (subsequence'0 s (i + 1) (len'0 s))) -> index_logic'0 (concat'0 (subsequence'0 s 0 i) (subsequence'0 s (i + 1) (len'0 s))) i' = (if i' < len'0 (subsequence'0 s 0 i) then @@ -2237,7 +2012,7 @@ module ListReversalLasso_Impl4_Pigeon_Impl else index_logic'0 (subsequence'0 s (i + 1) (len'0 s)) (i' - len'0 (subsequence'0 s 0 i)) )) - && ([%#sseq218] len'0 (concat'0 (subsequence'0 s 0 i) (subsequence'0 s (i + 1) (len'0 s))) + && ([%#sseq213] len'0 (concat'0 (subsequence'0 s 0 i) (subsequence'0 s (i + 1) (len'0 s))) = len'0 (subsequence'0 s 0 i) + len'0 (subsequence'0 s (i + 1) (len'0 s))) -> ((([%#slist_reversal_lasso2] forall j : int . forall i' : int . 0 <= i' /\ i' < len'0 (concat'0 (subsequence'0 s 0 i) (subsequence'0 s (i + 1) (len'0 s))) @@ -2256,7 +2031,7 @@ module ListReversalLasso_Impl4_Pigeon_Impl <= n - 1) -> ([%#slist_reversal_lasso4] pigeon (concat'0 (subsequence'0 s 0 i) (subsequence'0 s (i + 1) (len'0 s))) (n - 1)) - && ([%#slist_reversal_lasso3] len'0 s <= n)))))) + && ([%#slist_reversal_lasso3] len'0 s <= n)))) | Option'0.C_Some _ -> ([%#slist_reversal_lasso4] true) && ([%#slist_reversal_lasso3] len'0 s <= n) end) end) @@ -2283,103 +2058,83 @@ module ListReversalLasso_Impl4_FindLassoAux_Impl let%span svec9 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span svec10 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 - - let%span sseq211 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span sseq212 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span slist_reversal_lasso13 = "../list_reversal_lasso.rs" 213 15 213 21 + let%span sseq210 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span slist_reversal_lasso14 = "../list_reversal_lasso.rs" 214 4 214 67 + let%span slist_reversal_lasso11 = "../list_reversal_lasso.rs" 213 15 213 21 - let%span slist_reversal_lasso15 = "../list_reversal_lasso.rs" 215 4 215 113 + let%span slist_reversal_lasso12 = "../list_reversal_lasso.rs" 214 4 214 67 - let%span slist_reversal_lasso16 = "../list_reversal_lasso.rs" 216 14 216 26 + let%span slist_reversal_lasso13 = "../list_reversal_lasso.rs" 215 4 215 113 - let%span slist_reversal_lasso17 = "../list_reversal_lasso.rs" 217 14 217 20 + let%span slist_reversal_lasso14 = "../list_reversal_lasso.rs" 216 14 216 26 - let%span slist_reversal_lasso18 = "../list_reversal_lasso.rs" 218 14 218 15 + let%span slist_reversal_lasso15 = "../list_reversal_lasso.rs" 217 14 217 20 - let%span sseq219 = "../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 + let%span slist_reversal_lasso16 = "../list_reversal_lasso.rs" 218 14 218 15 - let%span sseq220 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 + let%span sseq217 = "../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span sseq221 = "../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 + let%span sseq218 = "../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span sseq222 = "../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 - - let%span sseq223 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 - - let%span span24 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - - let%span span25 = "" 0 0 0 0 + let%span sseq219 = "../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span span26 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span20 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span27 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span28 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span29 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span30 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span31 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span21 = "" 0 0 0 0 - let%span span32 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span22 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span33 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span23 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span34 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span24 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span35 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span25 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span36 = "../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span26 = "../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span37 = "../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span27 = "../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span38 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span28 = "../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span39 = "../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span29 = "../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span40 = "../../../../creusot-contracts/src/logic/ops.rs" 31 8 31 32 + let%span span30 = "../../../../creusot-contracts/src/logic/ops.rs" 31 8 31 32 - let%span span41 = "../list_reversal_lasso.rs" 21 8 21 31 + let%span span31 = "../list_reversal_lasso.rs" 21 8 21 31 - let%span span42 = "../list_reversal_lasso.rs" 205 8 209 9 + let%span span32 = "../list_reversal_lasso.rs" 205 8 209 9 - let%span span43 = "../list_reversal_lasso.rs" 220 8 232 9 + let%span span33 = "../list_reversal_lasso.rs" 220 8 232 9 - let%span span44 = "../list_reversal_lasso.rs" 50 20 50 70 + let%span span34 = "../list_reversal_lasso.rs" 50 20 50 70 - let%span span45 = "../list_reversal_lasso.rs" 83 12 85 98 + let%span span35 = "../list_reversal_lasso.rs" 83 12 85 98 - let%span span46 = "../list_reversal_lasso.rs" 152 8 158 9 + let%span span36 = "../list_reversal_lasso.rs" 152 8 158 9 - let%span span47 = "../list_reversal_lasso.rs" 13 0 13 15 + let%span span37 = "../list_reversal_lasso.rs" 13 0 13 15 - let%span span48 = "../list_reversal_lasso.rs" 93 12 93 53 + let%span span38 = "../list_reversal_lasso.rs" 93 12 93 53 - let%span span49 = "../list_reversal_lasso.rs" 56 8 58 9 + let%span span39 = "../list_reversal_lasso.rs" 56 8 58 9 use prelude.prelude.UIntSize - predicate invariant'2 (self : usize) = - [%#span24] true + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'2 (_x : usize) + predicate invariant'2 (self : Seq'0.t_seq usize) = + [%#span20] true - axiom inv'2 : forall x : usize . inv'2 x = true + predicate inv'2 (_x : Seq'0.t_seq usize) - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + axiom inv'2 : forall x : Seq'0.t_seq usize . inv'2 x = true - predicate invariant'1 (self : Seq'0.t_seq usize) = - [%#span24] true + predicate invariant'1 (self : usize) = + [%#span20] true - predicate inv'1 (_x : Seq'0.t_seq usize) + predicate inv'1 (_x : usize) - axiom inv'1 : forall x : Seq'0.t_seq usize . inv'1 x = true + axiom inv'1 : forall x : usize . inv'1 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -2389,84 +2144,65 @@ module ListReversalLasso_Impl4_FindLassoAux_Impl use prelude.prelude.Int - constant max'0 : usize = [%#span25] (18446744073709551615 : usize) - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + constant max'0 : usize = [%#span21] (18446744073709551615 : usize) function len'0 (self : Seq'0.t_seq usize) : int - axiom len'0_spec : forall self : Seq'0.t_seq usize . ([%#sseq211] inv'1 self) -> ([%#sseq212] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq usize . [%#sseq210] len'0 self >= 0 predicate inv'0 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#svec8] inv'0 self) - -> ([%#svec10] inv'1 (shallow_model'0 self)) - && ([%#svec9] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + -> ([%#svec9] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'0 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span26] inv'1 (shallow_model'0 self) + [%#span22] inv'2 (shallow_model'0 self) axiom inv'0 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'0 x = true - constant empty'0 : Seq'0.t_seq usize = [%#span27] () - - function empty_len'0 (_1 : ()) : () = - [%#span29] () + constant empty'0 : Seq'0.t_seq usize - axiom empty_len'0_spec : forall _1 : () . [%#span28] len'0 (empty'0 : Seq'0.t_seq usize) = 0 + function empty_len'0 (_1 : ()) : () - use prelude.seq_ext.SeqExt - - use seq.Seq + axiom empty_len'0_spec : forall _1 : () . [%#span23] len'0 (empty'0 : Seq'0.t_seq usize) = 0 - function index_logic'0 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'0 (self : Seq'0.t_seq usize) (_2 : int) : usize function subsequence'0 (self : Seq'0.t_seq usize) (n : int) (m : int) : Seq'0.t_seq usize - axiom subsequence'0_spec : forall self : Seq'0.t_seq usize, n : int, m : int . ([%#sseq219] 0 <= n + axiom subsequence'0_spec : forall self : Seq'0.t_seq usize, n : int, m : int . ([%#sseq217] 0 <= n /\ n <= m /\ m <= len'0 self) - -> ([%#sseq220] inv'1 self) - -> ([%#sseq223] inv'1 (subsequence'0 self n m)) - && ([%#sseq222] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) + -> ([%#sseq219] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) -> index_logic'0 (subsequence'0 self n m) i = index_logic'0 self (n + i)) - && ([%#sseq221] len'0 (subsequence'0 self n m) = m - n) - - use seq.Seq + && ([%#sseq218] len'0 (subsequence'0 self n m) = m - n) function concat'0 (self : Seq'0.t_seq usize) (other : Seq'0.t_seq usize) : Seq'0.t_seq usize - axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span30] inv'1 self) - -> ([%#span31] inv'1 other) - -> ([%#span34] inv'1 (concat'0 self other)) - && ([%#span33] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span25] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span32] len'0 (concat'0 self other) = len'0 self + len'0 other) - - use seq.Seq + && ([%#span24] len'0 (concat'0 self other) = len'0 self + len'0 other) function singleton'0 (v : usize) : Seq'0.t_seq usize - axiom singleton'0_spec : forall v : usize . ([%#span35] inv'2 v) - -> ([%#span38] inv'1 (singleton'0 v)) - && ([%#span37] index_logic'0 (singleton'0 v) 0 = v) && ([%#span36] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : usize . ([%#span26] inv'1 v) + -> ([%#span28] index_logic'0 (singleton'0 v) 0 = v) && ([%#span27] len'0 (singleton'0 v) = 1) function push'0 [@inline:trivial] (self : Seq'0.t_seq usize) (v : usize) : Seq'0.t_seq usize = - [%#span39] concat'0 self (singleton'0 v) + [%#span29] concat'0 self (singleton'0 v) function index_logic'2 [@inline:trivial] (self : Vec'0.t_vec usize (Global'0.t_global)) (ix : usize) : usize = - [%#span40] index_logic'0 (shallow_model'0 self) (UIntSize.to_int ix) + [%#span30] index_logic'0 (shallow_model'0 self) (UIntSize.to_int ix) use ListReversalLasso_Memory_Type as ListReversalLasso_Memory_Type use ListReversalLasso_Memory_Type as Memory'0 function index_logic'1 [#"../list_reversal_lasso.rs" 20 4 20 39] (self : Memory'0.t_memory) (i : usize) : usize = - [%#span41] index_logic'2 (ListReversalLasso_Memory_Type.memory_0 self) i + [%#span31] index_logic'2 (ListReversalLasso_Memory_Type.memory_0 self) i use prelude.prelude.Int @@ -2476,7 +2212,7 @@ module ListReversalLasso_Impl4_FindLassoAux_Impl axiom find_ptr_in_seq'0_def : forall s : Seq'0.t_seq usize, i : int, p : int . find_ptr_in_seq'0 s i p - = ([%#span42] if i = len'0 s then + = ([%#span32] if i = len'0 s then Option'0.C_None else if UIntSize.to_int (index_logic'0 s i) = p then Option'0.C_Some i else find_ptr_in_seq'0 s (i + 1) p @@ -2492,7 +2228,7 @@ module ListReversalLasso_Impl4_FindLassoAux_Impl function pigeon'0 [#"../list_reversal_lasso.rs" 219 4 219 42] (s : Seq'0.t_seq usize) (n : int) : bool axiom pigeon'0_def : forall s : Seq'0.t_seq usize, n : int . pigeon'0 s n - = ([%#span43] if n = 0 then + = ([%#span33] if n = 0 then true else match find_ptr_in_seq'0 s 0 (n - 1) with @@ -2504,20 +2240,20 @@ module ListReversalLasso_Impl4_FindLassoAux_Impl end ) - axiom pigeon'0_spec : forall s : Seq'0.t_seq usize, n : int . ([%#slist_reversal_lasso13] 0 <= n) - -> ([%#slist_reversal_lasso14] forall i : int . 0 <= i /\ i < len'0 s -> UIntSize.to_int (index_logic'0 s i) < n) - -> ([%#slist_reversal_lasso15] forall j : int . forall i : int . 0 <= i + axiom pigeon'0_spec : forall s : Seq'0.t_seq usize, n : int . ([%#slist_reversal_lasso11] 0 <= n) + -> ([%#slist_reversal_lasso12] forall i : int . 0 <= i /\ i < len'0 s -> UIntSize.to_int (index_logic'0 s i) < n) + -> ([%#slist_reversal_lasso13] forall j : int . forall i : int . 0 <= i /\ i < len'0 s /\ 0 <= j /\ j < len'0 s /\ i <> j -> index_logic'0 s i <> index_logic'0 s j) - -> ([%#slist_reversal_lasso17] pigeon'0 s n) && ([%#slist_reversal_lasso16] len'0 s <= n) + -> ([%#slist_reversal_lasso15] pigeon'0 s n) && ([%#slist_reversal_lasso14] len'0 s <= n) predicate nonnull_ptr'0 [#"../list_reversal_lasso.rs" 49 4 49 44] (self : Memory'0.t_memory) (i : usize) = - [%#span44] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) <= UIntSize.to_int (max'0 : usize) + [%#span34] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) <= UIntSize.to_int (max'0 : usize) /\ UIntSize.to_int i < len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) predicate list_seg'0 [#"../list_reversal_lasso.rs" 81 4 81 81] (self : Memory'0.t_memory) (first : usize) (s : Seq'0.t_seq usize) (last : usize) (l : int) (h : int) = - [%#span45] first = (if h = l then last else index_logic'0 s l) + [%#span35] first = (if h = l then last else index_logic'0 s l) /\ (forall i : int . l <= i /\ i < h -> nonnull_ptr'0 self (index_logic'0 s i) /\ index_logic'1 self (index_logic'0 s i) = (if i = h - 1 then last else index_logic'0 s (i + 1))) @@ -2527,21 +2263,21 @@ module ListReversalLasso_Impl4_FindLassoAux_Impl predicate lasso'0 [#"../list_reversal_lasso.rs" 151 4 151 70] (self : Memory'0.t_memory) (first : usize) (s1 : Seq'0.t_seq usize) (s2 : Seq'0.t_seq usize) = - [%#span46] let mid = if len'0 s2 = 0 then index_logic'0 s1 (len'0 s1 - 1) else index_logic'0 s2 0 in len'0 s1 > 0 + [%#span36] let mid = if len'0 s2 = 0 then index_logic'0 s1 (len'0 s1 - 1) else index_logic'0 s2 0 in len'0 s1 > 0 /\ (forall j : int . forall i : int . 0 <= i /\ i < len'0 s1 /\ 0 <= j /\ j < len'0 s2 -> index_logic'0 s1 i <> index_logic'0 s2 j) /\ list_seg'0 self first s1 mid 0 (len'0 s1) /\ list_seg'0 self mid s2 (index_logic'0 s1 (len'0 s1 - 1)) 0 (len'0 s2) - constant null'0 : usize = [%#span47] (18446744073709551615 : usize) + constant null'0 : usize = [%#span37] (18446744073709551615 : usize) predicate list'0 [#"../list_reversal_lasso.rs" 91 4 91 54] (self : Memory'0.t_memory) (first : usize) (s : Seq'0.t_seq usize) = - [%#span48] list_seg'0 self first s null'0 0 (len'0 s) + [%#span38] list_seg'0 self first s null'0 0 (len'0 s) predicate mem_is_well_formed'0 [#"../list_reversal_lasso.rs" 55 4 55 43] (self : Memory'0.t_memory) = - [%#span49] forall i : usize . nonnull_ptr'0 self i + [%#span39] forall i : usize . nonnull_ptr'0 self i -> index_logic'1 self i = null'0 \/ nonnull_ptr'0 self (index_logic'1 self i) constant self : Memory'0.t_memory @@ -2571,18 +2307,16 @@ module ListReversalLasso_Impl4_FindLassoAux_Impl end) -> match find_ptr_in_seq'0 s 0 (UIntSize.to_int last) with | Option'0.C_None -> ([%#svec8] inv'0 (ListReversalLasso_Memory_Type.memory_0 self)) - /\ (([%#svec10] inv'1 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self))) - && ([%#svec9] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) + /\ (([%#svec9] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) <= UIntSize.to_int (max'0 : usize)) - -> ([%#sseq211] inv'1 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self))) - /\ (([%#sseq212] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) >= 0) - -> (([%#slist_reversal_lasso15] forall j : int . forall i : int . 0 <= i + -> ([%#sseq210] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) >= 0) + -> (([%#slist_reversal_lasso13] forall j : int . forall i : int . 0 <= i /\ i < len'0 s /\ 0 <= j /\ j < len'0 s /\ i <> j -> index_logic'0 s i <> index_logic'0 s j) - && ([%#slist_reversal_lasso14] forall i : int . 0 <= i /\ i < len'0 s + && ([%#slist_reversal_lasso12] forall i : int . 0 <= i /\ i < len'0 s -> UIntSize.to_int (index_logic'0 s i) < len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self))) - && ([%#slist_reversal_lasso13] 0 <= len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)))) - /\ (([%#slist_reversal_lasso17] pigeon'0 s (len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)))) - && ([%#slist_reversal_lasso16] len'0 s <= len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self))) + && ([%#slist_reversal_lasso11] 0 <= len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)))) + /\ (([%#slist_reversal_lasso15] pigeon'0 s (len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)))) + && ([%#slist_reversal_lasso14] len'0 s <= len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self))) -> match pigeon'0 s (len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self))) with | True -> ((([%#slist_reversal_lasso2] list_seg'0 self first (push'0 s last) (index_logic'1 self last) 0 (len'0 (push'0 s last))) && ([%#slist_reversal_lasso1] index_logic'1 self last = null'0 \/ nonnull_ptr'0 self (index_logic'1 self last)) @@ -2604,24 +2338,21 @@ module ListReversalLasso_Impl4_FindLassoAux_Impl | (s, Option'0.C_None) -> list'0 self first s | (s1, Option'0.C_Some s2) -> lasso'0 self first s1 s2 end - end))) - | Option'0.C_Some i -> (([%#sseq220] inv'1 s) && ([%#sseq219] 0 <= 0 /\ 0 <= i + 1 /\ i + 1 <= len'0 s)) - /\ (([%#sseq223] inv'1 (subsequence'0 s 0 (i + 1))) - && ([%#sseq222] forall i' : int . 0 <= i' /\ i' < len'0 (subsequence'0 s 0 (i + 1)) + end)) + | Option'0.C_Some i -> ([%#sseq217] 0 <= 0 /\ 0 <= i + 1 /\ i + 1 <= len'0 s) + /\ (([%#sseq219] forall i' : int . 0 <= i' /\ i' < len'0 (subsequence'0 s 0 (i + 1)) -> index_logic'0 (subsequence'0 s 0 (i + 1)) i' = index_logic'0 s (0 + i')) - && ([%#sseq221] len'0 (subsequence'0 s 0 (i + 1)) = i + 1 - 0) - -> ([%#sseq211] inv'1 s) - /\ (([%#sseq212] len'0 s >= 0) - -> (([%#sseq220] inv'1 s) && ([%#sseq219] 0 <= i + 1 /\ i + 1 <= len'0 s /\ len'0 s <= len'0 s)) - /\ (([%#sseq223] inv'1 (subsequence'0 s (i + 1) (len'0 s))) - && ([%#sseq222] forall i' : int . 0 <= i' /\ i' < len'0 (subsequence'0 s (i + 1) (len'0 s)) + && ([%#sseq218] len'0 (subsequence'0 s 0 (i + 1)) = i + 1 - 0) + -> ([%#sseq210] len'0 s >= 0) + -> ([%#sseq217] 0 <= i + 1 /\ i + 1 <= len'0 s /\ len'0 s <= len'0 s) + /\ (([%#sseq219] forall i' : int . 0 <= i' /\ i' < len'0 (subsequence'0 s (i + 1) (len'0 s)) -> index_logic'0 (subsequence'0 s (i + 1) (len'0 s)) i' = index_logic'0 s (i + 1 + i')) - && ([%#sseq221] len'0 (subsequence'0 s (i + 1) (len'0 s)) = len'0 s - (i + 1)) + && ([%#sseq218] len'0 (subsequence'0 s (i + 1) (len'0 s)) = len'0 s - (i + 1)) -> ([%#slist_reversal_lasso3] match (subsequence'0 s 0 (i + 1), Option'0.C_Some (subsequence'0 s (i + 1) (len'0 s))) with | (s, Option'0.C_None) -> list'0 self first s | (s1, Option'0.C_Some s2) -> lasso'0 self first s1 s2 - end)))) + end))) end) end end @@ -2646,106 +2377,91 @@ module ListReversalLasso_Impl4_FindLasso_Impl let%span span9 = "" 0 0 0 0 - let%span span10 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span11 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span12 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - - let%span span13 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span10 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span14 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 - - let%span span15 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - - let%span span16 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span17 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span11 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span18 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span12 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span19 = "../../../../creusot-contracts/src/logic/ops.rs" 31 8 31 32 + let%span span13 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span20 = "../list_reversal_lasso.rs" 21 8 21 31 + let%span span14 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span21 = "../list_reversal_lasso.rs" 50 20 50 70 + let%span span15 = "../../../../creusot-contracts/src/logic/ops.rs" 31 8 31 32 - let%span span22 = "../list_reversal_lasso.rs" 83 12 85 98 + let%span span16 = "../list_reversal_lasso.rs" 21 8 21 31 - let%span span23 = "../list_reversal_lasso.rs" 198 15 198 37 + let%span span17 = "../list_reversal_lasso.rs" 50 20 50 70 - let%span span24 = "../list_reversal_lasso.rs" 199 14 202 5 + let%span span18 = "../list_reversal_lasso.rs" 83 12 85 98 - let%span span25 = "../list_reversal_lasso.rs" 203 14 203 25 + let%span span19 = "../list_reversal_lasso.rs" 198 15 198 37 - let%span span26 = "../list_reversal_lasso.rs" 205 8 209 9 + let%span span20 = "../list_reversal_lasso.rs" 199 14 202 5 - let%span span27 = "../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 + let%span span21 = "../list_reversal_lasso.rs" 203 14 203 25 - let%span span28 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 + let%span span22 = "../list_reversal_lasso.rs" 205 8 209 9 - let%span span29 = "../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 + let%span span23 = "../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span span30 = "../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 + let%span span24 = "../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span span31 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 + let%span span25 = "../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span span32 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span26 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span33 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span27 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span34 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span28 = "../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span35 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span29 = "../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span36 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span30 = "../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span37 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span31 = "../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span38 = "../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span32 = "../list_reversal_lasso.rs" 213 15 213 21 - let%span span39 = "../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span33 = "../list_reversal_lasso.rs" 214 4 214 67 - let%span span40 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span34 = "../list_reversal_lasso.rs" 215 4 215 113 - let%span span41 = "../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span35 = "../list_reversal_lasso.rs" 216 14 216 26 - let%span span42 = "../list_reversal_lasso.rs" 213 15 213 21 + let%span span36 = "../list_reversal_lasso.rs" 217 14 217 20 - let%span span43 = "../list_reversal_lasso.rs" 214 4 214 67 + let%span span37 = "../list_reversal_lasso.rs" 218 14 218 15 - let%span span44 = "../list_reversal_lasso.rs" 215 4 215 113 + let%span span38 = "../list_reversal_lasso.rs" 220 8 232 9 - let%span span45 = "../list_reversal_lasso.rs" 216 14 216 26 + let%span span39 = "../list_reversal_lasso.rs" 152 8 158 9 - let%span span46 = "../list_reversal_lasso.rs" 217 14 217 20 + let%span span40 = "../list_reversal_lasso.rs" 13 0 13 15 - let%span span47 = "../list_reversal_lasso.rs" 218 14 218 15 + let%span span41 = "../list_reversal_lasso.rs" 93 12 93 53 - let%span span48 = "../list_reversal_lasso.rs" 220 8 232 9 + let%span span42 = "../list_reversal_lasso.rs" 56 8 58 9 - let%span span49 = "../list_reversal_lasso.rs" 152 8 158 9 + let%span span43 = "../list_reversal_lasso.rs" 245 8 259 9 - let%span span50 = "../list_reversal_lasso.rs" 13 0 13 15 + use prelude.prelude.UIntSize - let%span span51 = "../list_reversal_lasso.rs" 93 12 93 53 + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - let%span span52 = "../list_reversal_lasso.rs" 56 8 58 9 + predicate invariant'2 (self : Seq'0.t_seq usize) = + [%#span8] true - let%span span53 = "../list_reversal_lasso.rs" 245 8 259 9 + predicate inv'2 (_x : Seq'0.t_seq usize) - use prelude.prelude.UIntSize + axiom inv'2 : forall x : Seq'0.t_seq usize . inv'2 x = true - predicate invariant'2 (self : usize) = + predicate invariant'1 (self : usize) = [%#span8] true - predicate inv'2 (_x : usize) - - axiom inv'2 : forall x : usize . inv'2 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + predicate inv'1 (_x : usize) - predicate inv'0 (_x : Seq'0.t_seq usize) + axiom inv'1 : forall x : usize . inv'1 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -2757,61 +2473,48 @@ module ListReversalLasso_Impl4_FindLasso_Impl constant max'0 : usize = [%#span9] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq usize) : int - axiom len'0_spec : forall self : Seq'0.t_seq usize . ([%#span10] inv'0 self) -> ([%#span11] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq usize . [%#span10] len'0 self >= 0 - predicate inv'1 (_x : Vec'0.t_vec usize (Global'0.t_global)) + predicate inv'0 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span12] inv'1 self) - -> ([%#span14] inv'0 (shallow_model'0 self)) - && ([%#span13] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) - - predicate invariant'1 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span15] inv'0 (shallow_model'0 self) - - axiom inv'1 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'1 x = true + axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span11] inv'0 self) + -> ([%#span12] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) - predicate invariant'0 (self : Seq'0.t_seq usize) = - [%#span8] true + predicate invariant'0 (self : Vec'0.t_vec usize (Global'0.t_global)) = + [%#span13] inv'2 (shallow_model'0 self) - axiom inv'0 : forall x : Seq'0.t_seq usize . inv'0 x = true + axiom inv'0 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'0 x = true - constant empty'0 : Seq'0.t_seq usize = [%#span16] () + constant empty'0 : Seq'0.t_seq usize - function empty_len'0 (_1 : ()) : () = - [%#span18] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span17] len'0 (empty'0 : Seq'0.t_seq usize) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span14] len'0 (empty'0 : Seq'0.t_seq usize) = 0 use ListReversalLasso_Memory_Type as ListReversalLasso_Memory_Type - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'1 (self : Seq'0.t_seq usize) (_2 : int) : usize function index_logic'2 [@inline:trivial] (self : Vec'0.t_vec usize (Global'0.t_global)) (ix : usize) : usize = - [%#span19] index_logic'1 (shallow_model'0 self) (UIntSize.to_int ix) + [%#span15] index_logic'1 (shallow_model'0 self) (UIntSize.to_int ix) use ListReversalLasso_Memory_Type as Memory'0 function index_logic'0 [#"../list_reversal_lasso.rs" 20 4 20 39] (self : Memory'0.t_memory) (i : usize) : usize = - [%#span20] index_logic'2 (ListReversalLasso_Memory_Type.memory_0 self) i + [%#span16] index_logic'2 (ListReversalLasso_Memory_Type.memory_0 self) i predicate nonnull_ptr'0 [#"../list_reversal_lasso.rs" 49 4 49 44] (self : Memory'0.t_memory) (i : usize) = - [%#span21] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) <= UIntSize.to_int (max'0 : usize) + [%#span17] len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) <= UIntSize.to_int (max'0 : usize) /\ UIntSize.to_int i < len'0 (shallow_model'0 (ListReversalLasso_Memory_Type.memory_0 self)) predicate list_seg'0 [#"../list_reversal_lasso.rs" 81 4 81 81] (self : Memory'0.t_memory) (first : usize) (s : Seq'0.t_seq usize) (last : usize) (l : int) (h : int) = - [%#span22] first = (if h = l then last else index_logic'1 s l) + [%#span18] first = (if h = l then last else index_logic'1 s l) /\ (forall i : int . l <= i /\ i < h -> nonnull_ptr'0 self (index_logic'1 s i) /\ index_logic'0 self (index_logic'1 s i) = (if i = h - 1 then last else index_logic'1 s (i + 1))) @@ -2826,57 +2529,46 @@ module ListReversalLasso_Impl4_FindLasso_Impl axiom find_ptr_in_seq'0_def : forall s : Seq'0.t_seq usize, i : int, p : int . find_ptr_in_seq'0 s i p - = ([%#span26] if i = len'0 s then + = ([%#span22] if i = len'0 s then Option'0.C_None else if UIntSize.to_int (index_logic'1 s i) = p then Option'0.C_Some i else find_ptr_in_seq'0 s (i + 1) p ) - axiom find_ptr_in_seq'0_spec : forall s : Seq'0.t_seq usize, i : int, p : int . ([%#span23] 0 <= i /\ i <= len'0 s) - -> ([%#span24] match find_ptr_in_seq'0 s i p with + axiom find_ptr_in_seq'0_spec : forall s : Seq'0.t_seq usize, i : int, p : int . ([%#span19] 0 <= i /\ i <= len'0 s) + -> ([%#span20] match find_ptr_in_seq'0 s i p with | Option'0.C_None -> forall j : int . i <= j /\ j < len'0 s -> UIntSize.to_int (index_logic'1 s j) <> p | Option'0.C_Some j -> i <= j /\ j < len'0 s /\ UIntSize.to_int (index_logic'1 s j) = p end) - use prelude.seq_ext.SeqExt - function subsequence'0 (self : Seq'0.t_seq usize) (n : int) (m : int) : Seq'0.t_seq usize - axiom subsequence'0_spec : forall self : Seq'0.t_seq usize, n : int, m : int . ([%#span27] 0 <= n + axiom subsequence'0_spec : forall self : Seq'0.t_seq usize, n : int, m : int . ([%#span23] 0 <= n /\ n <= m /\ m <= len'0 self) - -> ([%#span28] inv'0 self) - -> ([%#span31] inv'0 (subsequence'0 self n m)) - && ([%#span30] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) + -> ([%#span25] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) -> index_logic'1 (subsequence'0 self n m) i = index_logic'1 self (n + i)) - && ([%#span29] len'0 (subsequence'0 self n m) = m - n) - - use seq.Seq + && ([%#span24] len'0 (subsequence'0 self n m) = m - n) function concat'0 (self : Seq'0.t_seq usize) (other : Seq'0.t_seq usize) : Seq'0.t_seq usize - axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span32] inv'0 self) - -> ([%#span33] inv'0 other) - -> ([%#span36] inv'0 (concat'0 self other)) - && ([%#span35] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span27] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'0 self then index_logic'1 self i else index_logic'1 other (i - len'0 self))) - && ([%#span34] len'0 (concat'0 self other) = len'0 self + len'0 other) - - use seq.Seq + && ([%#span26] len'0 (concat'0 self other) = len'0 self + len'0 other) function singleton'0 (v : usize) : Seq'0.t_seq usize - axiom singleton'0_spec : forall v : usize . ([%#span37] inv'2 v) - -> ([%#span40] inv'0 (singleton'0 v)) - && ([%#span39] index_logic'1 (singleton'0 v) 0 = v) && ([%#span38] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : usize . ([%#span28] inv'1 v) + -> ([%#span30] index_logic'1 (singleton'0 v) 0 = v) && ([%#span29] len'0 (singleton'0 v) = 1) function push'0 [@inline:trivial] (self : Seq'0.t_seq usize) (v : usize) : Seq'0.t_seq usize = - [%#span41] concat'0 self (singleton'0 v) + [%#span31] concat'0 self (singleton'0 v) function pigeon'0 [#"../list_reversal_lasso.rs" 219 4 219 42] (s : Seq'0.t_seq usize) (n : int) : bool axiom pigeon'0_def : forall s : Seq'0.t_seq usize, n : int . pigeon'0 s n - = ([%#span48] if n = 0 then + = ([%#span38] if n = 0 then true else match find_ptr_in_seq'0 s 0 (n - 1) with @@ -2888,36 +2580,36 @@ module ListReversalLasso_Impl4_FindLasso_Impl end ) - axiom pigeon'0_spec : forall s : Seq'0.t_seq usize, n : int . ([%#span42] 0 <= n) - -> ([%#span43] forall i : int . 0 <= i /\ i < len'0 s -> UIntSize.to_int (index_logic'1 s i) < n) - -> ([%#span44] forall j : int . forall i : int . 0 <= i /\ i < len'0 s /\ 0 <= j /\ j < len'0 s /\ i <> j - -> index_logic'1 s i <> index_logic'1 s j) -> ([%#span46] pigeon'0 s n) && ([%#span45] len'0 s <= n) + axiom pigeon'0_spec : forall s : Seq'0.t_seq usize, n : int . ([%#span32] 0 <= n) + -> ([%#span33] forall i : int . 0 <= i /\ i < len'0 s -> UIntSize.to_int (index_logic'1 s i) < n) + -> ([%#span34] forall j : int . forall i : int . 0 <= i /\ i < len'0 s /\ 0 <= j /\ j < len'0 s /\ i <> j + -> index_logic'1 s i <> index_logic'1 s j) -> ([%#span36] pigeon'0 s n) && ([%#span35] len'0 s <= n) predicate lasso'0 [#"../list_reversal_lasso.rs" 151 4 151 70] (self : Memory'0.t_memory) (first : usize) (s1 : Seq'0.t_seq usize) (s2 : Seq'0.t_seq usize) = - [%#span49] let mid = if len'0 s2 = 0 then index_logic'1 s1 (len'0 s1 - 1) else index_logic'1 s2 0 in len'0 s1 > 0 + [%#span39] let mid = if len'0 s2 = 0 then index_logic'1 s1 (len'0 s1 - 1) else index_logic'1 s2 0 in len'0 s1 > 0 /\ (forall j : int . forall i : int . 0 <= i /\ i < len'0 s1 /\ 0 <= j /\ j < len'0 s2 -> index_logic'1 s1 i <> index_logic'1 s2 j) /\ list_seg'0 self first s1 mid 0 (len'0 s1) /\ list_seg'0 self mid s2 (index_logic'1 s1 (len'0 s1 - 1)) 0 (len'0 s2) - constant null'0 : usize = [%#span50] (18446744073709551615 : usize) + constant null'0 : usize = [%#span40] (18446744073709551615 : usize) predicate list'0 [#"../list_reversal_lasso.rs" 91 4 91 54] (self : Memory'0.t_memory) (first : usize) (s : Seq'0.t_seq usize) = - [%#span51] list_seg'0 self first s null'0 0 (len'0 s) + [%#span41] list_seg'0 self first s null'0 0 (len'0 s) predicate mem_is_well_formed'0 [#"../list_reversal_lasso.rs" 55 4 55 43] (self : Memory'0.t_memory) = - [%#span52] forall i : usize . nonnull_ptr'0 self i + [%#span42] forall i : usize . nonnull_ptr'0 self i -> index_logic'0 self i = null'0 \/ nonnull_ptr'0 self (index_logic'0 self i) function find_lasso_aux'0 [#"../list_reversal_lasso.rs" 244 4 244 95] (self : Memory'0.t_memory) (first : usize) (last : usize) (s : Seq'0.t_seq usize) : (Seq'0.t_seq usize, Option'0.t_option (Seq'0.t_seq usize)) axiom find_lasso_aux'0_def : forall self : Memory'0.t_memory, first : usize, last : usize, s : Seq'0.t_seq usize . find_lasso_aux'0 self first last s - = ([%#span53] if last = null'0 then + = ([%#span43] if last = null'0 then (s, Option'0.C_None) else match find_ptr_in_seq'0 s 0 (UIntSize.to_int last) with diff --git a/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma b/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma index 05b727ccb3..db751792d2 100644 --- a/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma +++ b/creusot/tests/should_succeed/rusthorn/inc_max_repeat.coma @@ -88,22 +88,7 @@ module CreusotContracts_Snapshot_Snapshot_Type type t_snapshot 't end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module Core_Option_Option_Type type t_option 't = @@ -144,84 +129,66 @@ module IncMaxRepeat_IncMaxRepeat let%span span10 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span14 = "../../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span15 = "../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span16 = "../../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span17 = "../../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 - let%span span18 = "../../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 + let%span span18 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 - let%span span19 = "../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 + let%span span19 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 - let%span span20 = "../../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span span20 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 - let%span span21 = "../../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span span21 = "../../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 - let%span span22 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 + let%span span22 = "../../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 - let%span span23 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 31 40 33 + let%span span23 = "../../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 - let%span span24 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 + let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span25 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 61 40 63 + let%span span25 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span26 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 + let%span span26 = "../inc_max_repeat.rs" 4 0 5 56 - let%span span27 = "../../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span29 = "../../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 + let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span30 = "../../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span span30 = "../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 - let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span31 = "" 0 0 0 0 - let%span span32 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span32 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - let%span span33 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span33 = "" 0 0 0 0 - let%span span34 = "../inc_max_repeat.rs" 4 0 5 56 + let%span span34 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span35 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span35 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span36 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span36 = "../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - let%span span37 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span37 = "../../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - let%span span38 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span38 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - let%span span39 = "../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span span39 = "" 0 0 0 0 let%span span40 = "" 0 0 0 0 - let%span span41 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - - let%span span42 = "" 0 0 0 0 - - let%span span43 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - - let%span span44 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - - let%span span45 = "../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - - let%span span46 = "../../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - - let%span span47 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - - let%span span48 = "" 0 0 0 0 - - let%span span49 = "" 0 0 0 0 - use prelude.prelude.UInt32 predicate invariant'4 (self : uint32) = @@ -260,31 +227,22 @@ module IncMaxRepeat_IncMaxRepeat axiom inv'1 : forall x : Seq'0.t_seq uint32 . inv'1 x = true - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - use seq.Seq - use prelude.prelude.Int - function index_logic'0 (self : Seq'0.t_seq uint32) (x : int) : uint32 - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq uint32) (_2 : int) : uint32 function len'0 (self : Seq'0.t_seq uint32) : int - axiom len'0_spec : forall self : Seq'0.t_seq uint32 . ([%#span11] inv'1 self) -> ([%#span12] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq uint32 . [%#span11] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq uint32) (other : Seq'0.t_seq uint32) : Seq'0.t_seq uint32 - axiom concat'0_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span13] inv'1 self) - -> ([%#span14] inv'1 other) - -> ([%#span17] inv'1 (concat'0 self other)) - && ([%#span16] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span13] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span15] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span12] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate inv'0 (_x : Range'0.t_range uint32) @@ -293,12 +251,12 @@ module IncMaxRepeat_IncMaxRepeat use prelude.prelude.UInt32 function deep_model'0 (self : uint32) : int = - [%#span18] UInt32.to_int self + [%#span14] UInt32.to_int self use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type predicate produces'0 (self : Range'0.t_range uint32) (visited : Seq'0.t_seq uint32) (o : Range'0.t_range uint32) = - [%#span19] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o + [%#span15] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start self) <= deep_model'0 (Core_Ops_Range_Range_Type.range_start o) /\ (len'0 visited > 0 @@ -311,39 +269,36 @@ module IncMaxRepeat_IncMaxRepeat function produces_trans'0 (a : Range'0.t_range uint32) (ab : Seq'0.t_seq uint32) (b : Range'0.t_range uint32) (bc : Seq'0.t_seq uint32) (c : Range'0.t_range uint32) : () - axiom produces_trans'0_spec : forall a : Range'0.t_range uint32, ab : Seq'0.t_seq uint32, b : Range'0.t_range uint32, bc : Seq'0.t_seq uint32, c : Range'0.t_range uint32 . ([%#span20] produces'0 a ab b) - -> ([%#span21] produces'0 b bc c) - -> ([%#span22] inv'0 a) - -> ([%#span23] inv'1 ab) - -> ([%#span24] inv'0 b) - -> ([%#span25] inv'1 bc) -> ([%#span26] inv'0 c) -> ([%#span27] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : Range'0.t_range uint32, ab : Seq'0.t_seq uint32, b : Range'0.t_range uint32, bc : Seq'0.t_seq uint32, c : Range'0.t_range uint32 . ([%#span16] produces'0 a ab b) + -> ([%#span17] produces'0 b bc c) + -> ([%#span18] inv'0 a) + -> ([%#span19] inv'0 b) -> ([%#span20] inv'0 c) -> ([%#span21] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq uint32 = [%#span28] () + constant empty'0 : Seq'0.t_seq uint32 function produces_refl'0 (self : Range'0.t_range uint32) : () - axiom produces_refl'0_spec : forall self : Range'0.t_range uint32 . ([%#span29] inv'0 self) - -> ([%#span30] produces'0 self (empty'0 : Seq'0.t_seq uint32) self) + axiom produces_refl'0_spec : forall self : Range'0.t_range uint32 . ([%#span22] inv'0 self) + -> ([%#span23] produces'0 self (empty'0 : Seq'0.t_seq uint32) self) predicate invariant'0 (self : Range'0.t_range uint32) = [%#span10] true axiom inv'0 : forall x : Range'0.t_range uint32 . inv'0 x = true - function empty_len'0 (_1 : ()) : () = - [%#span32] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span31] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span24] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic predicate resolve'1 (self : borrowed uint32) = - [%#span33] ^ self = * self + [%#span25] ^ self = * self let rec take_max'0 (ma:borrowed uint32) (mb:borrowed uint32) (return' (ret:borrowed uint32))= any - [ return' (result:borrowed uint32)-> {[%#span34] if * ma >= * mb then + [ return' (result:borrowed uint32)-> {[%#span26] if * ma >= * mb then * mb = ^ mb /\ result = ma else * ma = ^ ma /\ result = mb @@ -351,26 +306,23 @@ module IncMaxRepeat_IncMaxRepeat (! return' {result}) ] - use seq.Seq - function singleton'0 (v : uint32) : Seq'0.t_seq uint32 - axiom singleton'0_spec : forall v : uint32 . ([%#span35] inv'4 v) - -> ([%#span38] inv'1 (singleton'0 v)) - && ([%#span37] index_logic'0 (singleton'0 v) 0 = v) && ([%#span36] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : uint32 . ([%#span27] inv'4 v) + -> ([%#span29] index_logic'0 (singleton'0 v) 0 = v) && ([%#span28] len'0 (singleton'0 v) = 1) predicate resolve'0 (self : borrowed (Range'0.t_range uint32)) = - [%#span33] ^ self = * self + [%#span25] ^ self = * self predicate completed'0 (self : borrowed (Range'0.t_range uint32)) = - [%#span39] resolve'0 self + [%#span30] resolve'0 self /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start ( * self)) >= deep_model'0 (Core_Ops_Range_Range_Type.range_end ( * self)) - let rec next'0 (self:borrowed (Range'0.t_range uint32)) (return' (ret:Option'0.t_option uint32))= {[@expl:precondition] [%#span40] inv'2 self} + let rec next'0 (self:borrowed (Range'0.t_range uint32)) (return' (ret:Option'0.t_option uint32))= {[@expl:precondition] [%#span31] inv'2 self} any - [ return' (result:Option'0.t_option uint32)-> {[%#span42] inv'3 result} - {[%#span41] match result with + [ return' (result:Option'0.t_option uint32)-> {[%#span33] inv'3 result} + {[%#span32] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} @@ -387,23 +339,23 @@ module IncMaxRepeat_IncMaxRepeat function new'1 (x : Seq'0.t_seq uint32) : Snapshot'0.t_snapshot (Seq'0.t_seq uint32) - axiom new'1_spec : forall x : Seq'0.t_seq uint32 . ([%#span43] inv'1 x) -> ([%#span44] deref'0 (new'1 x) = x) + axiom new'1_spec : forall x : Seq'0.t_seq uint32 . ([%#span34] inv'1 x) -> ([%#span35] deref'0 (new'1 x) = x) function new'0 (x : Range'0.t_range uint32) : Snapshot'0.t_snapshot (Range'0.t_range uint32) - axiom new'0_spec : forall x : Range'0.t_range uint32 . ([%#span43] inv'0 x) -> ([%#span44] deref'1 (new'0 x) = x) + axiom new'0_spec : forall x : Range'0.t_range uint32 . ([%#span34] inv'0 x) -> ([%#span35] deref'1 (new'0 x) = x) predicate into_iter_post'0 (self : Range'0.t_range uint32) (res : Range'0.t_range uint32) = - [%#span45] self = res + [%#span36] self = res predicate into_iter_pre'0 (self : Range'0.t_range uint32) = - [%#span46] true + [%#span37] true - let rec into_iter'0 (self:Range'0.t_range uint32) (return' (ret:Range'0.t_range uint32))= {[@expl:precondition] [%#span48] inv'0 self} - {[@expl:precondition] [%#span47] into_iter_pre'0 self} + let rec into_iter'0 (self:Range'0.t_range uint32) (return' (ret:Range'0.t_range uint32))= {[@expl:precondition] [%#span39] inv'0 self} + {[@expl:precondition] [%#span38] into_iter_pre'0 self} any - [ return' (result:Range'0.t_range uint32)-> {[%#span49] inv'0 result} - {[%#span47] into_iter_post'0 self result} + [ return' (result:Range'0.t_range uint32)-> {[%#span40] inv'0 result} + {[%#span38] into_iter_post'0 self result} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/slices/01.coma b/creusot/tests/should_succeed/slices/01.coma index d4e1ca8a2c..616790e2a3 100644 --- a/creusot/tests/should_succeed/slices/01.coma +++ b/creusot/tests/should_succeed/slices/01.coma @@ -1,21 +1,6 @@ module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C01_IndexSlice let%span s010 = "../01.rs" 7 6 7 8 @@ -26,79 +11,58 @@ module C01_IndexSlice let%span span3 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span6 = "" 0 0 0 0 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span7 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span8 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span9 = "" 0 0 0 0 - - let%span span10 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - - let%span span11 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - - let%span span12 = "../../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 - - let%span span13 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span9 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 use prelude.prelude.UInt32 use prelude.prelude.Slice - predicate invariant'1 (self : slice uint32) = + predicate invariant'0 (self : slice uint32) = [%#span3] true - predicate inv'1 (_x : slice uint32) - - axiom inv'1 : forall x : slice uint32 . inv'1 x = true + predicate inv'0 (_x : slice uint32) - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'0 (self : Seq'0.t_seq uint32) = - [%#span3] true - - predicate inv'0 (_x : Seq'0.t_seq uint32) - - axiom inv'0 : forall x : Seq'0.t_seq uint32 . inv'0 x = true + axiom inv'0 : forall x : slice uint32 . inv'0 x = true use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'0 (self : Seq'0.t_seq uint32) : int - axiom len'0_spec : forall self : Seq'0.t_seq uint32 . ([%#span4] inv'0 self) -> ([%#span5] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq uint32 . [%#span4] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq uint32 = [%#span6] () + constant empty'0 : Seq'0.t_seq uint32 - function empty_len'0 (_1 : ()) : () = - [%#span8] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span7] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span5] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 use prelude.prelude.UIntSize use prelude.prelude.UIntSize - constant max'0 : usize = [%#span9] (18446744073709551615 : usize) + constant max'0 : usize = [%#span6] (18446744073709551615 : usize) function shallow_model'1 (self : slice uint32) : Seq'0.t_seq uint32 - axiom shallow_model'1_spec : forall self : slice uint32 . ([%#span10] inv'1 self) - -> ([%#span12] inv'0 (shallow_model'1 self)) - && ([%#span11] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'1_spec : forall self : slice uint32 . ([%#span7] inv'0 self) + -> ([%#span8] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) use prelude.prelude.Borrow function shallow_model'0 (self : slice uint32) : Seq'0.t_seq uint32 = - [%#span13] shallow_model'1 self + [%#span9] shallow_model'1 self use prelude.prelude.Intrinsic @@ -133,97 +97,74 @@ module C01_IndexMutSlice let%span span5 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span11 = "" 0 0 0 0 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span12 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 + let%span span8 = "" 0 0 0 0 - let%span span13 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span9 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span14 = "../../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span10 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span15 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 + let%span span11 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 - let%span span16 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span12 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span17 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span13 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 use prelude.prelude.UInt32 use prelude.prelude.Slice - predicate invariant'1 (self : slice uint32) = + predicate invariant'0 (self : slice uint32) = [%#span5] true - predicate inv'1 (_x : slice uint32) + predicate inv'0 (_x : slice uint32) - axiom inv'1 : forall x : slice uint32 . inv'1 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'0 (self : Seq'0.t_seq uint32) = - [%#span5] true - - predicate inv'0 (_x : Seq'0.t_seq uint32) - - axiom inv'0 : forall x : Seq'0.t_seq uint32 . inv'0 x = true + axiom inv'0 : forall x : slice uint32 . inv'0 x = true use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'0 (self : Seq'0.t_seq uint32) : int - axiom len'0_spec : forall self : Seq'0.t_seq uint32 . ([%#span6] inv'0 self) -> ([%#span7] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq uint32 . [%#span6] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq uint32 = [%#span8] () + constant empty'0 : Seq'0.t_seq uint32 - function empty_len'0 (_1 : ()) : () = - [%#span10] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span9] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span7] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 use prelude.prelude.UInt32 - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq uint32) (x : int) : uint32 + function index_logic'1 (self : Seq'0.t_seq uint32) (_2 : int) : uint32 use prelude.prelude.UIntSize use prelude.prelude.UIntSize - constant max'0 : usize = [%#span11] (18446744073709551615 : usize) + constant max'0 : usize = [%#span8] (18446744073709551615 : usize) function shallow_model'1 (self : slice uint32) : Seq'0.t_seq uint32 - axiom shallow_model'1_spec : forall self : slice uint32 . ([%#span12] inv'1 self) - -> ([%#span14] inv'0 (shallow_model'1 self)) - && ([%#span13] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'1_spec : forall self : slice uint32 . ([%#span9] inv'0 self) + -> ([%#span10] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) function index_logic'0 [@inline:trivial] (self : slice uint32) (ix : int) : uint32 = - [%#span15] index_logic'1 (shallow_model'1 self) ix + [%#span11] index_logic'1 (shallow_model'1 self) ix use prelude.prelude.Borrow function shallow_model'0 (self : borrowed (slice uint32)) : Seq'0.t_seq uint32 = - [%#span16] shallow_model'1 ( * self) + [%#span12] shallow_model'1 ( * self) use prelude.prelude.Intrinsic predicate resolve'0 (self : borrowed (slice uint32)) = - [%#span17] ^ self = * self + [%#span13] ^ self = * self let rec index_mut_slice (a:borrowed (slice uint32)) (return' (ret:()))= {[%#s013] len'0 (shallow_model'0 a) = 5} (! bb0 @@ -284,47 +225,31 @@ module C01_SliceFirst let%span s015 = "../01.rs" 20 34 20 44 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span8 = "" 0 0 0 0 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span9 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span11 = "" 0 0 0 0 + let%span span10 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span12 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 + let%span span11 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span13 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span12 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 - let%span span14 = "../../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span13 = "" 0 0 0 0 - let%span span15 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - - let%span span16 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 - - let%span span17 = "" 0 0 0 0 - - let%span span18 = "../../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 + let%span span14 = "../../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 use prelude.prelude.Slice - predicate invariant'4 (self : slice t) + predicate invariant'3 (self : slice t) - predicate inv'4 (_x : slice t) - - axiom inv'4 : forall x : slice t . inv'4 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + predicate inv'3 (_x : slice t) - predicate invariant'3 (self : Seq'0.t_seq t) - - predicate inv'3 (_x : Seq'0.t_seq t) - - axiom inv'3 : forall x : Seq'0.t_seq t . inv'3 x = true + axiom inv'3 : forall x : slice t . inv'3 x = true use Core_Option_Option_Type as Option'0 @@ -336,20 +261,17 @@ module C01_SliceFirst use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'1 (self : Seq'0.t_seq t) : int - axiom len'1_spec : forall self : Seq'0.t_seq t . ([%#span6] inv'3 self) -> ([%#span7] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq t . [%#span6] len'1 self >= 0 - constant empty'0 : Seq'0.t_seq t = [%#span8] () + constant empty'0 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span10] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span9] len'1 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span7] len'1 (empty'0 : Seq'0.t_seq t) = 0 predicate invariant'1 (self : t) @@ -367,25 +289,22 @@ module C01_SliceFirst use prelude.prelude.UIntSize - constant max'0 : usize = [%#span11] (18446744073709551615 : usize) + constant max'0 : usize = [%#span8] (18446744073709551615 : usize) function shallow_model'1 (self : slice t) : Seq'0.t_seq t - axiom shallow_model'1_spec : forall self : slice t . ([%#span12] inv'4 self) - -> ([%#span14] inv'3 (shallow_model'1 self)) - && ([%#span13] len'1 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'1_spec : forall self : slice t . ([%#span9] inv'3 self) + -> ([%#span10] len'1 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) use prelude.prelude.Borrow function shallow_model'0 (self : slice t) : Seq'0.t_seq t = - [%#span15] shallow_model'1 self - - use seq.Seq + [%#span11] shallow_model'1 self - function index_logic'1 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'1 (self : Seq'0.t_seq t) (_2 : int) : t function index_logic'0 [@inline:trivial] (self : slice t) (ix : int) : t = - [%#span16] index_logic'1 (shallow_model'1 self) ix + [%#span12] index_logic'1 (shallow_model'1 self) ix use prelude.prelude.Intrinsic @@ -393,9 +312,9 @@ module C01_SliceFirst predicate resolve'0 (self : slice t) - let rec len'0 (self:slice t) (return' (ret:usize))= {[@expl:precondition] [%#span17] inv'0 self} + let rec len'0 (self:slice t) (return' (ret:usize))= {[@expl:precondition] [%#span13] inv'0 self} any - [ return' (result:usize)-> {[%#span18] len'1 (shallow_model'0 self) = UIntSize.to_int result} (! return' {result}) ] + [ return' (result:usize)-> {[%#span14] len'1 (shallow_model'0 self) = UIntSize.to_int result} (! return' {result}) ] let rec slice_first (a:slice t) (return' (ret:Option'0.t_option t))= {[%#s013] inv'0 a} diff --git a/creusot/tests/should_succeed/slices/02_std.coma b/creusot/tests/should_succeed/slices/02_std.coma index b6dc5c5389..8110aaf912 100644 --- a/creusot/tests/should_succeed/slices/02_std.coma +++ b/creusot/tests/should_succeed/slices/02_std.coma @@ -17,22 +17,7 @@ module Core_Result_Result_Type end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module Core_Cmp_Ordering_Type type t_ordering = @@ -65,94 +50,66 @@ module C02Std_BinarySearch let%span span4 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span10 = "" 0 0 0 0 - - let%span span11 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - - let%span span12 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - - let%span span13 = "../../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span14 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span15 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span7 = "" 0 0 0 0 - let%span span16 = "../../../../../creusot-contracts/src/std/result.rs" 53 16 53 55 + let%span span8 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span17 = "" 0 0 0 0 + let%span span9 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span18 = "../../../../../creusot-contracts/src/std/result.rs" 18 0 135 1 + let%span span10 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 - let%span span19 = "" 0 0 0 0 + let%span span11 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span20 = "../../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 + let%span span12 = "../../../../../creusot-contracts/src/std/result.rs" 53 16 53 55 - let%span span21 = "../../../../../creusot-contracts/src/model.rs" 81 8 81 28 + let%span span13 = "" 0 0 0 0 - let%span span22 = "../../../../../creusot-contracts/src/std/slice.rs" 31 18 31 22 + let%span span14 = "../../../../../creusot-contracts/src/std/result.rs" 18 0 135 1 - let%span span23 = "../../../../../creusot-contracts/src/std/slice.rs" 29 14 29 44 + let%span span15 = "" 0 0 0 0 - let%span span24 = "../../../../../creusot-contracts/src/std/slice.rs" 30 4 30 98 + let%span span16 = "../../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 - let%span span25 = "../../../../../creusot-contracts/src/std/slice.rs" 31 4 31 44 + let%span span17 = "../../../../../creusot-contracts/src/model.rs" 81 8 81 28 - let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 156 8 158 9 + let%span span18 = "../../../../../creusot-contracts/src/std/slice.rs" 31 18 31 22 - let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 167 8 167 40 + let%span span19 = "../../../../../creusot-contracts/src/std/slice.rs" 29 14 29 44 - let%span span28 = "../../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 + let%span span20 = "../../../../../creusot-contracts/src/std/slice.rs" 30 4 30 98 - let%span span29 = "" 0 0 0 0 + let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 157 8 159 9 - let%span span30 = "" 0 0 0 0 + let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 168 8 168 40 - let%span span31 = "../../../../../creusot-contracts/src/std/slice.rs" 299 8 299 118 + let%span span23 = "../../../../../creusot-contracts/src/std/slice.rs" 223 0 332 1 - let%span span32 = "../../../../../creusot-contracts/src/std/slice.rs" 300 8 301 96 + let%span span24 = "" 0 0 0 0 - let%span span33 = "../../../../../creusot-contracts/src/std/slice.rs" 302 8 303 78 + let%span span25 = "" 0 0 0 0 - let%span span34 = "../../../../../creusot-contracts/src/std/slice.rs" 304 8 305 99 + let%span span26 = "../../../../../creusot-contracts/src/std/slice.rs" 299 8 299 118 - use prelude.prelude.Int - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + let%span span27 = "../../../../../creusot-contracts/src/std/slice.rs" 300 8 301 96 - predicate invariant'6 (self : Seq'0.t_seq int) = - [%#span4] true + let%span span28 = "../../../../../creusot-contracts/src/std/slice.rs" 302 8 303 78 - predicate inv'6 (_x : Seq'0.t_seq int) - - axiom inv'6 : forall x : Seq'0.t_seq int . inv'6 x = true + let%span span29 = "../../../../../creusot-contracts/src/std/slice.rs" 304 8 305 99 use prelude.prelude.UInt32 use prelude.prelude.Slice - predicate invariant'5 (self : slice uint32) = - [%#span4] true - - predicate inv'5 (_x : slice uint32) - - axiom inv'5 : forall x : slice uint32 . inv'5 x = true - - predicate invariant'4 (self : Seq'0.t_seq uint32) = + predicate invariant'4 (self : slice uint32) = [%#span4] true - predicate inv'4 (_x : Seq'0.t_seq uint32) + predicate inv'4 (_x : slice uint32) - axiom inv'4 : forall x : Seq'0.t_seq uint32 . inv'4 x = true + axiom inv'4 : forall x : slice uint32 . inv'4 x = true use prelude.prelude.UIntSize @@ -188,112 +145,102 @@ module C02Std_BinarySearch use prelude.prelude.Int - use seq.Seq + use prelude.prelude.Int - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'1 (self : Seq'0.t_seq int) : int - axiom len'1_spec : forall self : Seq'0.t_seq int . ([%#span5] inv'6 self) -> ([%#span6] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq int . [%#span5] len'1 self >= 0 - constant empty'1 : Seq'0.t_seq int = [%#span7] () + constant empty'1 : Seq'0.t_seq int - function empty_len'1 (_1 : ()) : () = - [%#span9] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span8] len'1 (empty'1 : Seq'0.t_seq int) = 0 - - use seq.Seq + axiom empty_len'1_spec : forall _1 : () . [%#span6] len'1 (empty'1 : Seq'0.t_seq int) = 0 function len'0 (self : Seq'0.t_seq uint32) : int - axiom len'0_spec : forall self : Seq'0.t_seq uint32 . ([%#span5] inv'4 self) -> ([%#span6] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq uint32 . [%#span5] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq uint32 = [%#span7] () + constant empty'0 : Seq'0.t_seq uint32 - function empty_len'0 (_1 : ()) : () = - [%#span9] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span8] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span6] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 use prelude.prelude.UInt32 - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq uint32) (x : int) : uint32 + function index_logic'2 (self : Seq'0.t_seq uint32) (_2 : int) : uint32 use prelude.prelude.UIntSize - constant max'0 : usize = [%#span10] (18446744073709551615 : usize) + constant max'0 : usize = [%#span7] (18446744073709551615 : usize) function shallow_model'1 (self : slice uint32) : Seq'0.t_seq uint32 - axiom shallow_model'1_spec : forall self : slice uint32 . ([%#span11] inv'5 self) - -> ([%#span13] inv'4 (shallow_model'1 self)) - && ([%#span12] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'1_spec : forall self : slice uint32 . ([%#span8] inv'4 self) + -> ([%#span9] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) function index_logic'0 [@inline:trivial] (self : slice uint32) (ix : int) : uint32 = - [%#span14] index_logic'2 (shallow_model'1 self) ix + [%#span10] index_logic'2 (shallow_model'1 self) ix use prelude.prelude.Borrow function shallow_model'0 (self : slice uint32) : Seq'0.t_seq uint32 = - [%#span15] shallow_model'1 self + [%#span11] shallow_model'1 self use prelude.prelude.Intrinsic - let rec unwrap'0 (self:Result'0.t_result usize usize) (return' (ret:usize))= {[@expl:precondition] [%#span17] inv'3 self} - {[@expl:precondition] [%#span16] exists t : usize . inv'2 t /\ self = Result'0.C_Ok t} + let rec unwrap'0 (self:Result'0.t_result usize usize) (return' (ret:usize))= {[@expl:precondition] [%#span13] inv'3 self} + {[@expl:precondition] [%#span12] exists t : usize . inv'2 t /\ self = Result'0.C_Ok t} any - [ return' (result:usize)-> {[%#span19] inv'2 result} {[%#span18] Result'0.C_Ok result = self} (! return' {result}) ] + [ return' (result:usize)-> {[%#span15] inv'2 result} {[%#span14] Result'0.C_Ok result = self} (! return' {result}) ] use int.Int function deep_model'3 (self : uint32) : int = - [%#span20] UInt32.to_int self + [%#span16] UInt32.to_int self function deep_model'2 (self : uint32) : int = - [%#span21] deep_model'3 self - - use seq.Seq + [%#span17] deep_model'3 self - function index_logic'1 (self : Seq'0.t_seq int) (x : int) : int + function index_logic'1 (self : Seq'0.t_seq int) (_2 : int) : int function deep_model'1 (self : slice uint32) : Seq'0.t_seq int - axiom deep_model'1_spec : forall self : slice uint32 . ([%#span22] inv'5 self) - -> ([%#span25] inv'6 (deep_model'1 self)) - && ([%#span24] forall i : int . 0 <= i /\ i < len'1 (deep_model'1 self) + axiom deep_model'1_spec : forall self : slice uint32 . ([%#span18] inv'4 self) + -> ([%#span20] forall i : int . 0 <= i /\ i < len'1 (deep_model'1 self) -> index_logic'1 (deep_model'1 self) i = deep_model'3 (index_logic'0 self i)) - && ([%#span23] len'0 (shallow_model'0 self) = len'1 (deep_model'1 self)) + && ([%#span19] len'0 (shallow_model'0 self) = len'1 (deep_model'1 self)) use int.Int predicate sorted_range'0 (self : Seq'0.t_seq int) (l : int) (u : int) = - [%#span26] forall j : int . forall i : int . l <= i /\ i <= j /\ j < u + [%#span21] forall j : int . forall i : int . l <= i /\ i <= j /\ j < u -> index_logic'1 self i <= index_logic'1 self j predicate sorted'0 (self : Seq'0.t_seq int) = - [%#span27] sorted_range'0 self 0 (len'1 self) + [%#span22] sorted_range'0 self 0 (len'1 self) function deep_model'0 (self : slice uint32) : Seq'0.t_seq int = - [%#span21] deep_model'1 self + [%#span17] deep_model'1 self - let rec binary_search'0 (self:slice uint32) (x:uint32) (return' (ret:Result'0.t_result usize usize))= {[@expl:precondition] [%#span30] inv'1 x} - {[@expl:precondition] [%#span29] inv'0 self} - {[@expl:precondition] [%#span28] sorted'0 (deep_model'0 self)} + let rec binary_search'0 (self:slice uint32) (x:uint32) (return' (ret:Result'0.t_result usize usize))= {[@expl:precondition] [%#span25] inv'1 x} + {[@expl:precondition] [%#span24] inv'0 self} + {[@expl:precondition] [%#span23] sorted'0 (deep_model'0 self)} any - [ return' (result:Result'0.t_result usize usize)-> {[%#span34] forall i : usize . result = Result'0.C_Err i + [ return' (result:Result'0.t_result usize usize)-> {[%#span29] forall i : usize . result = Result'0.C_Err i -> (forall j : usize . i <= j /\ UIntSize.to_int j < len'0 (shallow_model'0 self) -> deep_model'2 x < index_logic'1 (deep_model'0 self) (UIntSize.to_int j))} - {[%#span33] forall i : usize . result = Result'0.C_Err i + {[%#span28] forall i : usize . result = Result'0.C_Err i -> (forall j : usize . j < i -> index_logic'1 (deep_model'0 self) (UIntSize.to_int j) < deep_model'2 x)} - {[%#span32] forall i : usize . result = Result'0.C_Err i + {[%#span27] forall i : usize . result = Result'0.C_Err i -> UIntSize.to_int i <= len'0 (shallow_model'0 self) /\ (forall j : int . 0 <= j /\ j < len'0 (shallow_model'0 self) -> index_logic'1 (deep_model'0 self) j <> deep_model'2 x)} - {[%#span31] forall i : usize . result = Result'0.C_Ok i + {[%#span26] forall i : usize . result = Result'0.C_Ok i -> UIntSize.to_int i < len'0 (shallow_model'0 self) /\ index_logic'1 (deep_model'1 self) (UIntSize.to_int i) = deep_model'2 x} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/sparse_array.coma b/creusot/tests/should_succeed/sparse_array.coma index 6017815eac..5c4efb982b 100644 --- a/creusot/tests/should_succeed/sparse_array.coma +++ b/creusot/tests/should_succeed/sparse_array.coma @@ -150,22 +150,7 @@ module SparseArray_Sparse_Type end end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module Core_Option_Option_Type type t_option 't = @@ -196,81 +181,80 @@ module SparseArray_Impl2_Get let%span ssparse_array4 = "../sparse_array.rs" 89 35 89 45 - let%span span5 = "" 0 0 0 0 + let%span span5 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span6 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span6 = "" 0 0 0 0 - let%span span7 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span7 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 let%span span8 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 let%span span9 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span10 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 - - let%span span11 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span10 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span12 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 + let%span span11 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span13 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span12 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span14 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span13 = "../../../../creusot-contracts/src/logic/seq2.rs" 22 15 22 23 - let%span span15 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span14 = "../../../../creusot-contracts/src/logic/seq2.rs" 25 25 25 29 - let%span span16 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span15 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 33 - let%span span17 = "../../../../creusot-contracts/src/logic/seq2.rs" 28 15 28 23 + let%span span16 = "../../../../creusot-contracts/src/logic/seq2.rs" 24 4 24 87 - let%span span18 = "../../../../creusot-contracts/src/logic/seq2.rs" 31 25 31 29 + let%span span17 = "../sparse_array.rs" 73 20 74 52 - let%span span19 = "../../../../creusot-contracts/src/logic/seq2.rs" 29 14 29 33 + let%span span18 = "../sparse_array.rs" 40 12 41 82 - let%span span20 = "../../../../creusot-contracts/src/logic/seq2.rs" 30 4 30 87 + let%span span19 = "../sparse_array.rs" 50 8 61 9 - let%span span21 = "../../../../creusot-contracts/src/logic/seq2.rs" 31 4 31 55 + let%span span20 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span22 = "../sparse_array.rs" 73 20 74 52 + let%span span21 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span23 = "../sparse_array.rs" 40 12 41 82 + let%span span22 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span24 = "../sparse_array.rs" 50 8 61 9 + let%span span23 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 - let%span span25 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span24 = "" 0 0 0 0 - let%span span26 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span25 = "" 0 0 0 0 - let%span span27 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span26 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 - let%span span28 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 + let%span span27 = "" 0 0 0 0 - let%span span29 = "" 0 0 0 0 + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - let%span span30 = "" 0 0 0 0 + predicate invariant'12 (self : Seq'0.t_seq t) - let%span span31 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 + predicate inv'12 (_x : Seq'0.t_seq t) - let%span span32 = "" 0 0 0 0 + axiom inv'12 : forall x : Seq'0.t_seq t . inv'12 x = true - use Core_Option_Option_Type as Option'0 + use prelude.prelude.UIntSize - use prelude.prelude.Int + predicate invariant'11 (self : Seq'0.t_seq usize) = + [%#span5] true - use map.Map + predicate inv'11 (_x : Seq'0.t_seq usize) - predicate invariant'13 (self : Map.map int (Option'0.t_option t)) + axiom inv'11 : forall x : Seq'0.t_seq usize . inv'11 x = true - predicate inv'13 (_x : Map.map int (Option'0.t_option t)) + use Core_Option_Option_Type as Option'0 - axiom inv'13 : forall x : Map.map int (Option'0.t_option t) . inv'13 x = true + use prelude.prelude.Int - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + use map.Map - predicate invariant'12 (self : Seq'0.t_seq t) + predicate invariant'10 (self : Map.map int (Option'0.t_option t)) - predicate inv'12 (_x : Seq'0.t_seq t) + predicate inv'10 (_x : Map.map int (Option'0.t_option t)) - axiom inv'12 : forall x : Seq'0.t_seq t . inv'12 x = true + axiom inv'10 : forall x : Map.map int (Option'0.t_option t) . inv'10 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -278,116 +262,84 @@ module SparseArray_Impl2_Get use prelude.prelude.UIntSize - use prelude.prelude.UIntSize - use prelude.prelude.Int - constant max'0 : usize = [%#span5] (18446744073709551615 : usize) - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + constant max'0 : usize = [%#span6] (18446744073709551615 : usize) function len'2 (self : Seq'0.t_seq t) : int - axiom len'2_spec : forall self : Seq'0.t_seq t . ([%#span6] inv'12 self) -> ([%#span7] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq t . [%#span7] len'2 self >= 0 - predicate inv'11 (_x : Vec'0.t_vec t (Global'0.t_global)) + predicate inv'9 (_x : Vec'0.t_vec t (Global'0.t_global)) function shallow_model'5 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq t - axiom shallow_model'5_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span8] inv'11 self) - -> ([%#span10] inv'12 (shallow_model'5 self)) - && ([%#span9] len'2 (shallow_model'5 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'5_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span8] inv'9 self) + -> ([%#span9] len'2 (shallow_model'5 self) <= UIntSize.to_int (max'0 : usize)) - predicate invariant'11 (self : Vec'0.t_vec t (Global'0.t_global)) = - [%#span11] inv'12 (shallow_model'5 self) + predicate invariant'9 (self : Vec'0.t_vec t (Global'0.t_global)) = + [%#span10] inv'12 (shallow_model'5 self) - axiom inv'11 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'11 x = true - - predicate invariant'10 (self : Seq'0.t_seq usize) = - [%#span12] true - - predicate inv'10 (_x : Seq'0.t_seq usize) - - axiom inv'10 : forall x : Seq'0.t_seq usize . inv'10 x = true - - use seq.Seq + axiom inv'9 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'9 x = true function len'1 (self : Seq'0.t_seq usize) : int - axiom len'1_spec : forall self : Seq'0.t_seq usize . ([%#span6] inv'10 self) -> ([%#span7] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq usize . [%#span7] len'1 self >= 0 - predicate inv'9 (_x : Vec'0.t_vec usize (Global'0.t_global)) + predicate inv'8 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'4 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'4_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span8] inv'9 self) - -> ([%#span10] inv'10 (shallow_model'4 self)) - && ([%#span9] len'1 (shallow_model'4 self) <= UIntSize.to_int (max'0 : usize)) - - predicate invariant'9 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span11] inv'10 (shallow_model'4 self) + axiom shallow_model'4_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span8] inv'8 self) + -> ([%#span9] len'1 (shallow_model'4 self) <= UIntSize.to_int (max'0 : usize)) - axiom inv'9 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'9 x = true + predicate invariant'8 (self : Vec'0.t_vec usize (Global'0.t_global)) = + [%#span10] inv'11 (shallow_model'4 self) - constant empty'2 : Seq'0.t_seq t = [%#span13] () + axiom inv'8 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'8 x = true - function empty_len'2 (_1 : ()) : () = - [%#span15] () + constant empty'2 : Seq'0.t_seq t - axiom empty_len'2_spec : forall _1 : () . [%#span14] len'2 (empty'2 : Seq'0.t_seq t) = 0 + function empty_len'2 (_1 : ()) : () - use seq.Seq + axiom empty_len'2_spec : forall _1 : () . [%#span11] len'2 (empty'2 : Seq'0.t_seq t) = 0 - function index_logic'1 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'1 (self : Seq'0.t_seq usize) (_2 : int) : usize function index_logic'4 [@inline:trivial] (self : Vec'0.t_vec usize (Global'0.t_global)) (ix : int) : usize = - [%#span16] index_logic'1 (shallow_model'4 self) ix + [%#span12] index_logic'1 (shallow_model'4 self) ix use SparseArray_Sparse_Type as SparseArray_Sparse_Type - use seq.Seq - - predicate inv'7 (_x : Seq'0.t_seq (Option'0.t_option t)) - function len'0 (self : Seq'0.t_seq (Option'0.t_option t)) : int - axiom len'0_spec : forall self : Seq'0.t_seq (Option'0.t_option t) . ([%#span6] inv'7 self) - -> ([%#span7] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (Option'0.t_option t) . [%#span7] len'0 self >= 0 use prelude.prelude.Borrow - use seq.Seq - use map.Map - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq (Option'0.t_option t)) (x : int) : Option'0.t_option t + function index_logic'0 (self : Seq'0.t_seq (Option'0.t_option t)) (_2 : int) : Option'0.t_option t function new'0 (len : int) (data : Map.map int (Option'0.t_option t)) : Seq'0.t_seq (Option'0.t_option t) - axiom new'0_spec : forall len : int, data : Map.map int (Option'0.t_option t) . ([%#span17] len >= 0) - -> ([%#span18] inv'13 data) - -> ([%#span21] inv'7 (new'0 len data)) - && ([%#span20] forall i : int . 0 <= i /\ i < len'0 (new'0 len data) + axiom new'0_spec : forall len : int, data : Map.map int (Option'0.t_option t) . ([%#span13] len >= 0) + -> ([%#span14] inv'10 data) + -> ([%#span16] forall i : int . 0 <= i /\ i < len'0 (new'0 len data) -> index_logic'0 (new'0 len data) i = Map.get data i) - && ([%#span19] len'0 (new'0 len data) = len) + && ([%#span15] len'0 (new'0 len data) = len) use prelude.prelude.Mapping - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'2 (self : Seq'0.t_seq t) (_2 : int) : t function index_logic'3 [@inline:trivial] (self : Vec'0.t_vec t (Global'0.t_global)) (ix : int) : t = - [%#span16] index_logic'2 (shallow_model'5 self) ix + [%#span12] index_logic'2 (shallow_model'5 self) ix use SparseArray_Sparse_Type as Sparse'0 function is_elt'0 [#"../sparse_array.rs" 72 4 72 36] (self : Sparse'0.t_sparse t) (i : int) : bool = - [%#span22] UIntSize.to_int (index_logic'4 (SparseArray_Sparse_Type.sparse_idx self) i) + [%#span17] UIntSize.to_int (index_logic'4 (SparseArray_Sparse_Type.sparse_idx self) i) < UIntSize.to_int (SparseArray_Sparse_Type.sparse_n self) /\ UIntSize.to_int (index_logic'4 (SparseArray_Sparse_Type.sparse_back self) (UIntSize.to_int (index_logic'4 (SparseArray_Sparse_Type.sparse_idx self) i))) = i @@ -395,14 +347,14 @@ module SparseArray_Impl2_Get function shallow_model'3 [#"../sparse_array.rs" 38 4 38 50] (self : Sparse'0.t_sparse t) : Seq'0.t_seq (Option'0.t_option t) = - [%#span23] new'0 (UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self)) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then + [%#span18] new'0 (UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self)) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then Option'0.C_Some (index_logic'3 (SparseArray_Sparse_Type.sparse_values self) i) else Option'0.C_None )) - predicate invariant'8 [#"../sparse_array.rs" 49 4 49 30] (self : Sparse'0.t_sparse t) = - [%#span24] UIntSize.to_int (SparseArray_Sparse_Type.sparse_n self) + predicate invariant'7 [#"../sparse_array.rs" 49 4 49 30] (self : Sparse'0.t_sparse t) = + [%#span19] UIntSize.to_int (SparseArray_Sparse_Type.sparse_n self) <= UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self) /\ len'0 (shallow_model'3 self) = UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self) /\ len'2 (shallow_model'5 (SparseArray_Sparse_Type.sparse_values self)) @@ -418,24 +370,19 @@ module SparseArray_Impl2_Get /\ UIntSize.to_int (index_logic'4 (SparseArray_Sparse_Type.sparse_idx self) (UIntSize.to_int j)) = i end) - predicate inv'8 (_x : Sparse'0.t_sparse t) + predicate inv'7 (_x : Sparse'0.t_sparse t) - axiom inv'8 : forall x : Sparse'0.t_sparse t . inv'8 x - = (invariant'8 x + axiom inv'7 : forall x : Sparse'0.t_sparse t . inv'7 x + = (invariant'7 x /\ match x with | Sparse'0.C_Sparse size n values idx back -> true end) - constant empty'1 : Seq'0.t_seq usize = [%#span13] () + constant empty'1 : Seq'0.t_seq usize - function empty_len'1 (_1 : ()) : () = - [%#span15] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span14] len'1 (empty'1 : Seq'0.t_seq usize) = 0 - - predicate invariant'7 (self : Seq'0.t_seq (Option'0.t_option t)) - - axiom inv'7 : forall x : Seq'0.t_seq (Option'0.t_option t) . inv'7 x = true + axiom empty_len'1_spec : forall _1 : () . [%#span11] len'1 (empty'1 : Seq'0.t_seq usize) = 0 predicate invariant'6 (self : Vec'0.t_vec t (Global'0.t_global)) @@ -444,21 +391,21 @@ module SparseArray_Impl2_Get axiom inv'6 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'6 x = true predicate invariant'5 (self : usize) = - [%#span12] true + [%#span5] true predicate inv'5 (_x : usize) axiom inv'5 : forall x : usize . inv'5 x = true predicate invariant'4 (self : usize) = - [%#span12] true + [%#span5] true predicate inv'4 (_x : usize) axiom inv'4 : forall x : usize . inv'4 x = true predicate invariant'3 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span12] true + [%#span5] true predicate inv'3 (_x : Vec'0.t_vec usize (Global'0.t_global)) @@ -470,12 +417,11 @@ module SparseArray_Impl2_Get axiom inv'2 : forall x : Option'0.t_option t . inv'2 x = true - constant empty'0 : Seq'0.t_seq (Option'0.t_option t) = [%#span13] () + constant empty'0 : Seq'0.t_seq (Option'0.t_option t) - function empty_len'0 (_1 : ()) : () = - [%#span15] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span14] len'0 (empty'0 : Seq'0.t_seq (Option'0.t_option t)) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span11] len'0 (empty'0 : Seq'0.t_seq (Option'0.t_option t)) = 0 predicate invariant'1 (self : t) @@ -487,10 +433,10 @@ module SparseArray_Impl2_Get predicate inv'0 (_x : Sparse'0.t_sparse t) - axiom inv'0 : forall x : Sparse'0.t_sparse t . inv'0 x = inv'8 x + axiom inv'0 : forall x : Sparse'0.t_sparse t . inv'0 x = inv'7 x function shallow_model'0 (self : Sparse'0.t_sparse t) : Seq'0.t_seq (Option'0.t_option t) = - [%#span25] shallow_model'3 self + [%#span20] shallow_model'3 self use prelude.prelude.Intrinsic @@ -499,40 +445,40 @@ module SparseArray_Impl2_Get use prelude.prelude.Slice predicate has_value'1 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq t) (out : t) = - [%#span26] index_logic'2 seq (UIntSize.to_int self) = out + [%#span21] index_logic'2 seq (UIntSize.to_int self) = out predicate in_bounds'1 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq t) = - [%#span27] UIntSize.to_int self < len'2 seq + [%#span22] UIntSize.to_int self < len'2 seq function shallow_model'2 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq t = - [%#span25] shallow_model'5 self + [%#span20] shallow_model'5 self - let rec index'1 (self:Vec'0.t_vec t (Global'0.t_global)) (index:usize) (return' (ret:t))= {[@expl:precondition] [%#span30] inv'4 index} - {[@expl:precondition] [%#span29] inv'6 self} - {[@expl:precondition] [%#span28] in_bounds'1 index (shallow_model'2 self)} + let rec index'1 (self:Vec'0.t_vec t (Global'0.t_global)) (index:usize) (return' (ret:t))= {[@expl:precondition] [%#span25] inv'4 index} + {[@expl:precondition] [%#span24] inv'6 self} + {[@expl:precondition] [%#span23] in_bounds'1 index (shallow_model'2 self)} any - [ return' (result:t)-> {[%#span32] inv'1 result} - {[%#span31] has_value'1 index (shallow_model'2 self) result} + [ return' (result:t)-> {[%#span27] inv'1 result} + {[%#span26] has_value'1 index (shallow_model'2 self) result} (! return' {result}) ] predicate resolve'0 (self : Sparse'0.t_sparse t) predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq usize) (out : usize) = - [%#span26] index_logic'1 seq (UIntSize.to_int self) = out + [%#span21] index_logic'1 seq (UIntSize.to_int self) = out predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq usize) = - [%#span27] UIntSize.to_int self < len'1 seq + [%#span22] UIntSize.to_int self < len'1 seq function shallow_model'1 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize = - [%#span25] shallow_model'4 self + [%#span20] shallow_model'4 self - let rec index'0 (self:Vec'0.t_vec usize (Global'0.t_global)) (index:usize) (return' (ret:usize))= {[@expl:precondition] [%#span30] inv'4 index} - {[@expl:precondition] [%#span29] inv'3 self} - {[@expl:precondition] [%#span28] in_bounds'0 index (shallow_model'1 self)} + let rec index'0 (self:Vec'0.t_vec usize (Global'0.t_global)) (index:usize) (return' (ret:usize))= {[@expl:precondition] [%#span25] inv'4 index} + {[@expl:precondition] [%#span24] inv'3 self} + {[@expl:precondition] [%#span23] in_bounds'0 index (shallow_model'1 self)} any - [ return' (result:usize)-> {[%#span32] inv'5 result} - {[%#span31] has_value'0 index (shallow_model'1 self) result} + [ return' (result:usize)-> {[%#span27] inv'5 result} + {[%#span26] has_value'0 index (shallow_model'1 self) result} (! return' {result}) ] @@ -622,76 +568,60 @@ module SparseArray_Impl2_LemmaPermutation_Impl let%span span5 = "" 0 0 0 0 - let%span span6 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span7 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span8 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - - let%span span9 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - - let%span span10 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span6 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span11 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span7 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span12 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span8 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span13 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span9 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span14 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span10 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span15 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span11 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span16 = "../../../../creusot-contracts/src/logic/seq2.rs" 28 15 28 23 + let%span span12 = "../../../../creusot-contracts/src/logic/seq2.rs" 22 15 22 23 - let%span span17 = "../../../../creusot-contracts/src/logic/seq2.rs" 31 25 31 29 + let%span span13 = "../../../../creusot-contracts/src/logic/seq2.rs" 25 25 25 29 - let%span span18 = "../../../../creusot-contracts/src/logic/seq2.rs" 29 14 29 33 + let%span span14 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 33 - let%span span19 = "../../../../creusot-contracts/src/logic/seq2.rs" 30 4 30 87 + let%span span15 = "../../../../creusot-contracts/src/logic/seq2.rs" 24 4 24 87 - let%span span20 = "../../../../creusot-contracts/src/logic/seq2.rs" 31 4 31 55 + let%span span16 = "../sparse_array.rs" 73 20 74 52 - let%span span21 = "../sparse_array.rs" 73 20 74 52 - - let%span span22 = "../sparse_array.rs" 40 12 41 82 - - let%span span23 = "../sparse_array.rs" 50 8 61 9 - - use Core_Option_Option_Type as Option'0 - - use prelude.prelude.Int + let%span span17 = "../sparse_array.rs" 40 12 41 82 - use map.Map + let%span span18 = "../sparse_array.rs" 50 8 61 9 - predicate invariant'6 (self : Map.map int (Option'0.t_option t)) + use prelude.prelude.UIntSize - predicate inv'6 (_x : Map.map int (Option'0.t_option t)) + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - axiom inv'6 : forall x : Map.map int (Option'0.t_option t) . inv'6 x = true + predicate invariant'5 (self : Seq'0.t_seq usize) = + [%#span4] true - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + predicate inv'5 (_x : Seq'0.t_seq usize) - predicate invariant'5 (self : Seq'0.t_seq t) + axiom inv'5 : forall x : Seq'0.t_seq usize . inv'5 x = true - predicate inv'5 (_x : Seq'0.t_seq t) + predicate invariant'4 (self : Seq'0.t_seq t) - axiom inv'5 : forall x : Seq'0.t_seq t . inv'5 x = true + predicate inv'4 (_x : Seq'0.t_seq t) - predicate invariant'4 (self : Seq'0.t_seq (Option'0.t_option t)) + axiom inv'4 : forall x : Seq'0.t_seq t . inv'4 x = true - predicate inv'4 (_x : Seq'0.t_seq (Option'0.t_option t)) + use Core_Option_Option_Type as Option'0 - axiom inv'4 : forall x : Seq'0.t_seq (Option'0.t_option t) . inv'4 x = true + use prelude.prelude.Int - use prelude.prelude.UIntSize + use map.Map - predicate invariant'3 (self : Seq'0.t_seq usize) = - [%#span4] true + predicate invariant'3 (self : Map.map int (Option'0.t_option t)) - predicate inv'3 (_x : Seq'0.t_seq usize) + predicate inv'3 (_x : Map.map int (Option'0.t_option t)) - axiom inv'3 : forall x : Seq'0.t_seq usize . inv'3 x = true + axiom inv'3 : forall x : Map.map int (Option'0.t_option t) . inv'3 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -703,115 +633,92 @@ module SparseArray_Impl2_LemmaPermutation_Impl constant max'0 : usize = [%#span5] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'2 (self : Seq'0.t_seq usize) : int - axiom len'2_spec : forall self : Seq'0.t_seq usize . ([%#span6] inv'3 self) -> ([%#span7] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq usize . [%#span6] len'2 self >= 0 predicate inv'2 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span8] inv'2 self) - -> ([%#span10] inv'3 (shallow_model'0 self)) - && ([%#span9] len'2 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span7] inv'2 self) + -> ([%#span8] len'2 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'2 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span11] inv'3 (shallow_model'0 self) + [%#span9] inv'5 (shallow_model'0 self) axiom inv'2 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'2 x = true - constant empty'2 : Seq'0.t_seq usize = [%#span12] () + constant empty'2 : Seq'0.t_seq usize - function empty_len'2 (_1 : ()) : () = - [%#span14] () + function empty_len'2 (_1 : ()) : () - axiom empty_len'2_spec : forall _1 : () . [%#span13] len'2 (empty'2 : Seq'0.t_seq usize) = 0 - - use seq.Seq + axiom empty_len'2_spec : forall _1 : () . [%#span10] len'2 (empty'2 : Seq'0.t_seq usize) = 0 function len'1 (self : Seq'0.t_seq t) : int - axiom len'1_spec : forall self : Seq'0.t_seq t . ([%#span6] inv'5 self) -> ([%#span7] len'1 self >= 0) - - constant empty'1 : Seq'0.t_seq t = [%#span12] () + axiom len'1_spec : forall self : Seq'0.t_seq t . [%#span6] len'1 self >= 0 - function empty_len'1 (_1 : ()) : () = - [%#span14] () + constant empty'1 : Seq'0.t_seq t - axiom empty_len'1_spec : forall _1 : () . [%#span13] len'1 (empty'1 : Seq'0.t_seq t) = 0 + function empty_len'1 (_1 : ()) : () - use seq.Seq + axiom empty_len'1_spec : forall _1 : () . [%#span10] len'1 (empty'1 : Seq'0.t_seq t) = 0 function len'0 (self : Seq'0.t_seq (Option'0.t_option t)) : int - axiom len'0_spec : forall self : Seq'0.t_seq (Option'0.t_option t) . ([%#span6] inv'4 self) - -> ([%#span7] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (Option'0.t_option t) . [%#span6] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq (Option'0.t_option t) = [%#span12] () + constant empty'0 : Seq'0.t_seq (Option'0.t_option t) - function empty_len'0 (_1 : ()) : () = - [%#span14] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span13] len'0 (empty'0 : Seq'0.t_seq (Option'0.t_option t)) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span10] len'0 (empty'0 : Seq'0.t_seq (Option'0.t_option t)) = 0 predicate inv'1 (_x : Vec'0.t_vec t (Global'0.t_global)) function shallow_model'2 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq t - axiom shallow_model'2_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span8] inv'1 self) - -> ([%#span10] inv'5 (shallow_model'2 self)) - && ([%#span9] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'2_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span7] inv'1 self) + -> ([%#span8] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'1 (self : Vec'0.t_vec t (Global'0.t_global)) = - [%#span11] inv'5 (shallow_model'2 self) + [%#span9] inv'4 (shallow_model'2 self) axiom inv'1 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'1 x = true - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'1 (self : Seq'0.t_seq usize) (_2 : int) : usize function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec usize (Global'0.t_global)) (ix : int) : usize = - [%#span15] index_logic'1 (shallow_model'0 self) ix + [%#span11] index_logic'1 (shallow_model'0 self) ix use SparseArray_Sparse_Type as SparseArray_Sparse_Type use prelude.prelude.Borrow - use seq.Seq - use map.Map - use seq.Seq - - function index_logic'4 (self : Seq'0.t_seq (Option'0.t_option t)) (x : int) : Option'0.t_option t + function index_logic'4 (self : Seq'0.t_seq (Option'0.t_option t)) (_2 : int) : Option'0.t_option t function new'0 (len : int) (data : Map.map int (Option'0.t_option t)) : Seq'0.t_seq (Option'0.t_option t) - axiom new'0_spec : forall len : int, data : Map.map int (Option'0.t_option t) . ([%#span16] len >= 0) - -> ([%#span17] inv'6 data) - -> ([%#span20] inv'4 (new'0 len data)) - && ([%#span19] forall i : int . 0 <= i /\ i < len'0 (new'0 len data) + axiom new'0_spec : forall len : int, data : Map.map int (Option'0.t_option t) . ([%#span12] len >= 0) + -> ([%#span13] inv'3 data) + -> ([%#span15] forall i : int . 0 <= i /\ i < len'0 (new'0 len data) -> index_logic'4 (new'0 len data) i = Map.get data i) - && ([%#span18] len'0 (new'0 len data) = len) + && ([%#span14] len'0 (new'0 len data) = len) use prelude.prelude.Mapping - use seq.Seq - - function index_logic'3 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'3 (self : Seq'0.t_seq t) (_2 : int) : t function index_logic'2 [@inline:trivial] (self : Vec'0.t_vec t (Global'0.t_global)) (ix : int) : t = - [%#span15] index_logic'3 (shallow_model'2 self) ix + [%#span11] index_logic'3 (shallow_model'2 self) ix use SparseArray_Sparse_Type as Sparse'0 function is_elt'0 [#"../sparse_array.rs" 72 4 72 36] (self : Sparse'0.t_sparse t) (i : int) : bool = - [%#span21] UIntSize.to_int (index_logic'0 (SparseArray_Sparse_Type.sparse_idx self) i) + [%#span16] UIntSize.to_int (index_logic'0 (SparseArray_Sparse_Type.sparse_idx self) i) < UIntSize.to_int (SparseArray_Sparse_Type.sparse_n self) /\ UIntSize.to_int (index_logic'0 (SparseArray_Sparse_Type.sparse_back self) (UIntSize.to_int (index_logic'0 (SparseArray_Sparse_Type.sparse_idx self) i))) = i @@ -819,14 +726,14 @@ module SparseArray_Impl2_LemmaPermutation_Impl function shallow_model'1 [#"../sparse_array.rs" 38 4 38 50] (self : Sparse'0.t_sparse t) : Seq'0.t_seq (Option'0.t_option t) = - [%#span22] new'0 (UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self)) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then + [%#span17] new'0 (UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self)) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then Option'0.C_Some (index_logic'2 (SparseArray_Sparse_Type.sparse_values self) i) else Option'0.C_None )) predicate invariant'0 [#"../sparse_array.rs" 49 4 49 30] (self : Sparse'0.t_sparse t) = - [%#span23] UIntSize.to_int (SparseArray_Sparse_Type.sparse_n self) + [%#span18] UIntSize.to_int (SparseArray_Sparse_Type.sparse_n self) <= UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self) /\ len'0 (shallow_model'1 self) = UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self) /\ len'1 (shallow_model'2 (SparseArray_Sparse_Type.sparse_values self)) @@ -889,116 +796,112 @@ module SparseArray_Impl2_Set let%span span10 = "" 0 0 0 0 - let%span span11 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span11 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span12 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span12 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span13 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span13 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span14 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span14 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span15 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span15 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span16 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span16 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span17 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span17 = "../../../../creusot-contracts/src/logic/seq2.rs" 22 15 22 23 - let%span span18 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span18 = "../../../../creusot-contracts/src/logic/seq2.rs" 25 25 25 29 - let%span span19 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span19 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 33 - let%span span20 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span20 = "../../../../creusot-contracts/src/logic/seq2.rs" 24 4 24 87 - let%span span21 = "../../../../creusot-contracts/src/logic/seq2.rs" 28 15 28 23 + let%span span21 = "../sparse_array.rs" 73 20 74 52 - let%span span22 = "../../../../creusot-contracts/src/logic/seq2.rs" 31 25 31 29 + let%span span22 = "../sparse_array.rs" 40 12 41 82 - let%span span23 = "../../../../creusot-contracts/src/logic/seq2.rs" 29 14 29 33 + let%span span23 = "../sparse_array.rs" 50 8 61 9 - let%span span24 = "../../../../creusot-contracts/src/logic/seq2.rs" 30 4 30 87 + let%span span24 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span25 = "../../../../creusot-contracts/src/logic/seq2.rs" 31 4 31 55 + let%span span25 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span26 = "../sparse_array.rs" 73 20 74 52 + let%span span26 = "../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 - let%span span27 = "../sparse_array.rs" 40 12 41 82 + let%span span27 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span28 = "../sparse_array.rs" 50 8 61 9 + let%span span28 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span29 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span29 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 - let%span span30 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span30 = "" 0 0 0 0 - let%span span31 = "../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 + let%span span31 = "" 0 0 0 0 - let%span span32 = "../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span32 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 - let%span span33 = "../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span33 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 - let%span span34 = "../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 + let%span span34 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 - let%span span35 = "" 0 0 0 0 + let%span span35 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 let%span span36 = "" 0 0 0 0 - let%span span37 = "../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 + let%span span37 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span38 = "../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 + let%span span38 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span39 = "../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 + let%span span39 = "../sparse_array.rs" 101 15 101 34 - let%span span40 = "../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 + let%span span40 = "../sparse_array.rs" 102 15 102 39 - let%span span41 = "" 0 0 0 0 + let%span span41 = "../sparse_array.rs" 104 25 104 29 - let%span span42 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span42 = "../sparse_array.rs" 103 14 103 28 - let%span span43 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span43 = "../sparse_array.rs" 100 4 100 12 - let%span span44 = "../sparse_array.rs" 101 15 101 34 + let%span span44 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span45 = "../sparse_array.rs" 102 15 102 39 + let%span span45 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 - let%span span46 = "../sparse_array.rs" 104 25 104 29 + let%span span46 = "" 0 0 0 0 - let%span span47 = "../sparse_array.rs" 103 14 103 28 + let%span span47 = "" 0 0 0 0 - let%span span48 = "../sparse_array.rs" 100 4 100 12 + let%span span48 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 - let%span span49 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span49 = "" 0 0 0 0 - let%span span50 = "../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 - - let%span span51 = "" 0 0 0 0 - - let%span span52 = "" 0 0 0 0 + use prelude.prelude.UIntSize - let%span span53 = "../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - let%span span54 = "" 0 0 0 0 + predicate invariant'15 (self : Seq'0.t_seq usize) = + [%#span9] true - use Core_Option_Option_Type as Option'0 + predicate inv'15 (_x : Seq'0.t_seq usize) - use prelude.prelude.Int + axiom inv'15 : forall x : Seq'0.t_seq usize . inv'15 x = true - use map.Map + predicate invariant'14 (self : Seq'0.t_seq t) - predicate invariant'16 (self : Map.map int (Option'0.t_option t)) + predicate inv'14 (_x : Seq'0.t_seq t) - predicate inv'16 (_x : Map.map int (Option'0.t_option t)) + axiom inv'14 : forall x : Seq'0.t_seq t . inv'14 x = true - axiom inv'16 : forall x : Map.map int (Option'0.t_option t) . inv'16 x = true + use Core_Option_Option_Type as Option'0 - use prelude.prelude.UIntSize + use prelude.prelude.Int - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + use map.Map - predicate invariant'15 (self : Seq'0.t_seq usize) = - [%#span9] true + predicate invariant'13 (self : Map.map int (Option'0.t_option t)) - predicate inv'15 (_x : Seq'0.t_seq usize) + predicate inv'13 (_x : Map.map int (Option'0.t_option t)) - axiom inv'15 : forall x : Seq'0.t_seq usize . inv'15 x = true + axiom inv'13 : forall x : Map.map int (Option'0.t_option t) . inv'13 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -1010,38 +913,21 @@ module SparseArray_Impl2_Set constant max'0 : usize = [%#span10] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'2 (self : Seq'0.t_seq usize) : int - axiom len'2_spec : forall self : Seq'0.t_seq usize . ([%#span11] inv'15 self) -> ([%#span12] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq usize . [%#span11] len'2 self >= 0 - predicate inv'14 (_x : Vec'0.t_vec usize (Global'0.t_global)) + predicate inv'12 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'6 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'6_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span13] inv'14 self) - -> ([%#span15] inv'15 (shallow_model'6 self)) - && ([%#span14] len'2 (shallow_model'6 self) <= UIntSize.to_int (max'0 : usize)) - - predicate invariant'14 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span16] inv'15 (shallow_model'6 self) - - axiom inv'14 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'14 x = true + axiom shallow_model'6_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span12] inv'12 self) + -> ([%#span13] len'2 (shallow_model'6 self) <= UIntSize.to_int (max'0 : usize)) - predicate invariant'13 (self : Seq'0.t_seq t) + predicate invariant'12 (self : Vec'0.t_vec usize (Global'0.t_global)) = + [%#span14] inv'15 (shallow_model'6 self) - predicate inv'13 (_x : Seq'0.t_seq t) - - axiom inv'13 : forall x : Seq'0.t_seq t . inv'13 x = true - - predicate invariant'12 (self : Seq'0.t_seq (Option'0.t_option t)) - - predicate inv'12 (_x : Seq'0.t_seq (Option'0.t_option t)) - - axiom inv'12 : forall x : Seq'0.t_seq (Option'0.t_option t) . inv'12 x = true + axiom inv'12 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'12 x = true use prelude.prelude.Borrow @@ -1052,12 +938,11 @@ module SparseArray_Impl2_Set axiom inv'11 : forall x : borrowed usize . inv'11 x = true - constant empty'2 : Seq'0.t_seq usize = [%#span17] () + constant empty'2 : Seq'0.t_seq usize - function empty_len'2 (_1 : ()) : () = - [%#span19] () + function empty_len'2 (_1 : ()) : () - axiom empty_len'2_spec : forall _1 : () . [%#span18] len'2 (empty'2 : Seq'0.t_seq usize) = 0 + axiom empty_len'2_spec : forall _1 : () . [%#span15] len'2 (empty'2 : Seq'0.t_seq usize) = 0 predicate invariant'10 (self : borrowed (Vec'0.t_vec usize (Global'0.t_global))) = [%#span9] true @@ -1074,64 +959,49 @@ module SparseArray_Impl2_Set predicate inv'0 (_x : Vec'0.t_vec t (Global'0.t_global)) - use seq.Seq - - function index_logic'3 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'3 (self : Seq'0.t_seq usize) (_2 : int) : usize function index_logic'4 [@inline:trivial] (self : Vec'0.t_vec usize (Global'0.t_global)) (ix : int) : usize = - [%#span20] index_logic'3 (shallow_model'6 self) ix + [%#span16] index_logic'3 (shallow_model'6 self) ix use SparseArray_Sparse_Type as SparseArray_Sparse_Type - use seq.Seq - function len'1 (self : Seq'0.t_seq t) : int - axiom len'1_spec : forall self : Seq'0.t_seq t . ([%#span11] inv'13 self) -> ([%#span12] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq t . [%#span11] len'1 self >= 0 function shallow_model'3 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq t - axiom shallow_model'3_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span13] inv'0 self) - -> ([%#span15] inv'13 (shallow_model'3 self)) - && ([%#span14] len'1 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) - - use seq.Seq + axiom shallow_model'3_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span12] inv'0 self) + -> ([%#span13] len'1 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) function len'0 (self : Seq'0.t_seq (Option'0.t_option t)) : int - axiom len'0_spec : forall self : Seq'0.t_seq (Option'0.t_option t) . ([%#span11] inv'12 self) - -> ([%#span12] len'0 self >= 0) - - use seq.Seq + axiom len'0_spec : forall self : Seq'0.t_seq (Option'0.t_option t) . [%#span11] len'0 self >= 0 use map.Map - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq (Option'0.t_option t)) (x : int) : Option'0.t_option t + function index_logic'0 (self : Seq'0.t_seq (Option'0.t_option t)) (_2 : int) : Option'0.t_option t function new'1 (len : int) (data : Map.map int (Option'0.t_option t)) : Seq'0.t_seq (Option'0.t_option t) - axiom new'1_spec : forall len : int, data : Map.map int (Option'0.t_option t) . ([%#span21] len >= 0) - -> ([%#span22] inv'16 data) - -> ([%#span25] inv'12 (new'1 len data)) - && ([%#span24] forall i : int . 0 <= i /\ i < len'0 (new'1 len data) + axiom new'1_spec : forall len : int, data : Map.map int (Option'0.t_option t) . ([%#span17] len >= 0) + -> ([%#span18] inv'13 data) + -> ([%#span20] forall i : int . 0 <= i /\ i < len'0 (new'1 len data) -> index_logic'0 (new'1 len data) i = Map.get data i) - && ([%#span23] len'0 (new'1 len data) = len) + && ([%#span19] len'0 (new'1 len data) = len) use prelude.prelude.Mapping - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'2 (self : Seq'0.t_seq t) (_2 : int) : t function index_logic'1 [@inline:trivial] (self : Vec'0.t_vec t (Global'0.t_global)) (ix : int) : t = - [%#span20] index_logic'2 (shallow_model'3 self) ix + [%#span16] index_logic'2 (shallow_model'3 self) ix use SparseArray_Sparse_Type as Sparse'0 function is_elt'0 [#"../sparse_array.rs" 72 4 72 36] (self : Sparse'0.t_sparse t) (i : int) : bool = - [%#span26] UIntSize.to_int (index_logic'4 (SparseArray_Sparse_Type.sparse_idx self) i) + [%#span21] UIntSize.to_int (index_logic'4 (SparseArray_Sparse_Type.sparse_idx self) i) < UIntSize.to_int (SparseArray_Sparse_Type.sparse_n self) /\ UIntSize.to_int (index_logic'4 (SparseArray_Sparse_Type.sparse_back self) (UIntSize.to_int (index_logic'4 (SparseArray_Sparse_Type.sparse_idx self) i))) = i @@ -1139,14 +1009,14 @@ module SparseArray_Impl2_Set function shallow_model'1 [#"../sparse_array.rs" 38 4 38 50] (self : Sparse'0.t_sparse t) : Seq'0.t_seq (Option'0.t_option t) = - [%#span27] new'1 (UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self)) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then + [%#span22] new'1 (UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self)) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then Option'0.C_Some (index_logic'1 (SparseArray_Sparse_Type.sparse_values self) i) else Option'0.C_None )) predicate invariant'8 [#"../sparse_array.rs" 49 4 49 30] (self : Sparse'0.t_sparse t) = - [%#span28] UIntSize.to_int (SparseArray_Sparse_Type.sparse_n self) + [%#span23] UIntSize.to_int (SparseArray_Sparse_Type.sparse_n self) <= UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self) /\ len'0 (shallow_model'1 self) = UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self) /\ len'1 (shallow_model'3 (SparseArray_Sparse_Type.sparse_values self)) @@ -1184,12 +1054,11 @@ module SparseArray_Impl2_Set axiom inv'6 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'6 x = true - constant empty'1 : Seq'0.t_seq t = [%#span17] () + constant empty'1 : Seq'0.t_seq t - function empty_len'1 (_1 : ()) : () = - [%#span19] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span18] len'1 (empty'1 : Seq'0.t_seq t) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span15] len'1 (empty'1 : Seq'0.t_seq t) = 0 predicate invariant'5 (self : usize) = [%#span9] true @@ -1204,12 +1073,11 @@ module SparseArray_Impl2_Set axiom inv'4 : forall x : borrowed (Vec'0.t_vec t (Global'0.t_global)) . inv'4 x = true - constant empty'0 : Seq'0.t_seq (Option'0.t_option t) = [%#span17] () + constant empty'0 : Seq'0.t_seq (Option'0.t_option t) - function empty_len'0 (_1 : ()) : () = - [%#span19] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span18] len'0 (empty'0 : Seq'0.t_seq (Option'0.t_option t)) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span15] len'0 (empty'0 : Seq'0.t_seq (Option'0.t_option t)) = 0 predicate invariant'3 (self : borrowed (Sparse'0.t_sparse t)) @@ -1230,44 +1098,44 @@ module SparseArray_Impl2_Set axiom inv'1 : forall x : t . inv'1 x = true predicate invariant'0 (self : Vec'0.t_vec t (Global'0.t_global)) = - [%#span16] inv'13 (shallow_model'3 self) + [%#span14] inv'14 (shallow_model'3 self) axiom inv'0 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'0 x = true function shallow_model'0 (self : borrowed (Sparse'0.t_sparse t)) : Seq'0.t_seq (Option'0.t_option t) = - [%#span29] shallow_model'1 ( * self) + [%#span24] shallow_model'1 ( * self) use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic predicate resolve'4 (self : borrowed usize) = - [%#span30] ^ self = * self + [%#span25] ^ self = * self use prelude.prelude.Slice predicate resolve_elswhere'1 [@inline:trivial] (self : usize) (old' : Seq'0.t_seq usize) (fin : Seq'0.t_seq usize) = - [%#span31] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'2 old' + [%#span26] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'2 old' -> index_logic'3 old' i = index_logic'3 fin i predicate has_value'1 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq usize) (out : usize) = - [%#span32] index_logic'3 seq (UIntSize.to_int self) = out + [%#span27] index_logic'3 seq (UIntSize.to_int self) = out predicate in_bounds'1 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq usize) = - [%#span33] UIntSize.to_int self < len'2 seq + [%#span28] UIntSize.to_int self < len'2 seq function shallow_model'5 (self : borrowed (Vec'0.t_vec usize (Global'0.t_global))) : Seq'0.t_seq usize = - [%#span29] shallow_model'6 ( * self) + [%#span24] shallow_model'6 ( * self) - let rec index_mut'1 (self:borrowed (Vec'0.t_vec usize (Global'0.t_global))) (index:usize) (return' (ret:borrowed usize))= {[@expl:precondition] [%#span36] inv'5 index} - {[@expl:precondition] [%#span35] inv'10 self} - {[@expl:precondition] [%#span34] in_bounds'1 index (shallow_model'5 self)} + let rec index_mut'1 (self:borrowed (Vec'0.t_vec usize (Global'0.t_global))) (index:usize) (return' (ret:borrowed usize))= {[@expl:precondition] [%#span31] inv'5 index} + {[@expl:precondition] [%#span30] inv'10 self} + {[@expl:precondition] [%#span29] in_bounds'1 index (shallow_model'5 self)} any - [ return' (result:borrowed usize)-> {[%#span41] inv'11 result} - {[%#span40] len'2 (shallow_model'6 ( ^ self)) = len'2 (shallow_model'5 self)} - {[%#span39] resolve_elswhere'1 index (shallow_model'5 self) (shallow_model'6 ( ^ self))} - {[%#span38] has_value'1 index (shallow_model'6 ( ^ self)) ( ^ result)} - {[%#span37] has_value'1 index (shallow_model'5 self) ( * result)} + [ return' (result:borrowed usize)-> {[%#span36] inv'11 result} + {[%#span35] len'2 (shallow_model'6 ( ^ self)) = len'2 (shallow_model'5 self)} + {[%#span34] resolve_elswhere'1 index (shallow_model'5 self) (shallow_model'6 ( ^ self))} + {[%#span33] has_value'1 index (shallow_model'6 ( ^ self)) ( ^ result)} + {[%#span32] has_value'1 index (shallow_model'5 self) ( * result)} (! return' {result}) ] @@ -1277,58 +1145,58 @@ module SparseArray_Impl2_Set function new'0 (x : ()) : Snapshot'0.t_snapshot () - axiom new'0_spec : forall x : () . ([%#span42] inv'9 x) -> ([%#span43] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : () . ([%#span37] inv'9 x) -> ([%#span38] deref'0 (new'0 x) = x) function lemma_permutation'0 [#"../sparse_array.rs" 104 4 104 38] (self : Sparse'0.t_sparse t) (i : int) : () = - [%#span48] () + [%#span43] () - axiom lemma_permutation'0_spec : forall self : Sparse'0.t_sparse t, i : int . ([%#span44] SparseArray_Sparse_Type.sparse_n self + axiom lemma_permutation'0_spec : forall self : Sparse'0.t_sparse t, i : int . ([%#span39] SparseArray_Sparse_Type.sparse_n self = SparseArray_Sparse_Type.sparse_size self) - -> ([%#span45] 0 <= i /\ i < UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self)) - -> ([%#span46] inv'8 self) -> ([%#span47] is_elt'0 self i) + -> ([%#span40] 0 <= i /\ i < UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self)) + -> ([%#span41] inv'8 self) -> ([%#span42] is_elt'0 self i) predicate resolve'2 (self : borrowed (Sparse'0.t_sparse t)) = - [%#span30] ^ self = * self + [%#span25] ^ self = * self function shallow_model'4 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize = - [%#span49] shallow_model'6 self + [%#span44] shallow_model'6 self - let rec index'0 (self:Vec'0.t_vec usize (Global'0.t_global)) (index:usize) (return' (ret:usize))= {[@expl:precondition] [%#span52] inv'5 index} - {[@expl:precondition] [%#span51] inv'6 self} - {[@expl:precondition] [%#span50] in_bounds'1 index (shallow_model'4 self)} + let rec index'0 (self:Vec'0.t_vec usize (Global'0.t_global)) (index:usize) (return' (ret:usize))= {[@expl:precondition] [%#span47] inv'5 index} + {[@expl:precondition] [%#span46] inv'6 self} + {[@expl:precondition] [%#span45] in_bounds'1 index (shallow_model'4 self)} any - [ return' (result:usize)-> {[%#span54] inv'7 result} - {[%#span53] has_value'1 index (shallow_model'4 self) result} + [ return' (result:usize)-> {[%#span49] inv'7 result} + {[%#span48] has_value'1 index (shallow_model'4 self) result} (! return' {result}) ] predicate resolve'1 (self : borrowed t) = - [%#span30] ^ self = * self + [%#span25] ^ self = * self predicate resolve'0 (self : t) predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq'0.t_seq t) (fin : Seq'0.t_seq t) = - [%#span31] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'1 old' + [%#span26] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'1 old' -> index_logic'2 old' i = index_logic'2 fin i predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq t) (out : t) = - [%#span32] index_logic'2 seq (UIntSize.to_int self) = out + [%#span27] index_logic'2 seq (UIntSize.to_int self) = out predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq t) = - [%#span33] UIntSize.to_int self < len'1 seq + [%#span28] UIntSize.to_int self < len'1 seq function shallow_model'2 (self : borrowed (Vec'0.t_vec t (Global'0.t_global))) : Seq'0.t_seq t = - [%#span29] shallow_model'3 ( * self) + [%#span24] shallow_model'3 ( * self) - let rec index_mut'0 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (index:usize) (return' (ret:borrowed t))= {[@expl:precondition] [%#span36] inv'5 index} - {[@expl:precondition] [%#span35] inv'4 self} - {[@expl:precondition] [%#span34] in_bounds'0 index (shallow_model'2 self)} + let rec index_mut'0 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (index:usize) (return' (ret:borrowed t))= {[@expl:precondition] [%#span31] inv'5 index} + {[@expl:precondition] [%#span30] inv'4 self} + {[@expl:precondition] [%#span29] in_bounds'0 index (shallow_model'2 self)} any - [ return' (result:borrowed t)-> {[%#span41] inv'2 result} - {[%#span40] len'1 (shallow_model'3 ( ^ self)) = len'1 (shallow_model'2 self)} - {[%#span39] resolve_elswhere'0 index (shallow_model'2 self) (shallow_model'3 ( ^ self))} - {[%#span38] has_value'0 index (shallow_model'3 ( ^ self)) ( ^ result)} - {[%#span37] has_value'0 index (shallow_model'2 self) ( * result)} + [ return' (result:borrowed t)-> {[%#span36] inv'2 result} + {[%#span35] len'1 (shallow_model'3 ( ^ self)) = len'1 (shallow_model'2 self)} + {[%#span34] resolve_elswhere'0 index (shallow_model'2 self) (shallow_model'3 ( ^ self))} + {[%#span33] has_value'0 index (shallow_model'3 ( ^ self)) ( ^ result)} + {[%#span32] has_value'0 index (shallow_model'2 self) ( * result)} (! return' {result}) ] @@ -1502,104 +1370,82 @@ module SparseArray_Create let%span span7 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span8 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span8 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span9 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span9 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span10 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span11 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span10 = "" 0 0 0 0 - let%span span12 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span11 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span13 = "" 0 0 0 0 + let%span span12 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span14 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span13 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span15 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span14 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span16 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span15 = "../../../../creusot-contracts/src/logic/seq2.rs" 22 15 22 23 - let%span span17 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span16 = "../../../../creusot-contracts/src/logic/seq2.rs" 25 25 25 29 - let%span span18 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span17 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 33 - let%span span19 = "../../../../creusot-contracts/src/logic/seq2.rs" 28 15 28 23 + let%span span18 = "../../../../creusot-contracts/src/logic/seq2.rs" 24 4 24 87 - let%span span20 = "../../../../creusot-contracts/src/logic/seq2.rs" 31 25 31 29 + let%span span19 = "../sparse_array.rs" 73 20 74 52 - let%span span21 = "../../../../creusot-contracts/src/logic/seq2.rs" 29 14 29 33 + let%span span20 = "../sparse_array.rs" 40 12 41 82 - let%span span22 = "../../../../creusot-contracts/src/logic/seq2.rs" 30 4 30 87 + let%span span21 = "../sparse_array.rs" 50 8 61 9 - let%span span23 = "../../../../creusot-contracts/src/logic/seq2.rs" 31 4 31 55 + let%span span22 = "" 0 0 0 0 - let%span span24 = "../sparse_array.rs" 73 20 74 52 + let%span span23 = "../../../../creusot-contracts/src/std/vec.rs" 174 22 174 41 - let%span span25 = "../sparse_array.rs" 40 12 41 82 + let%span span24 = "../../../../creusot-contracts/src/std/vec.rs" 175 12 175 78 - let%span span26 = "../sparse_array.rs" 50 8 61 9 + let%span span25 = "" 0 0 0 0 - let%span span27 = "" 0 0 0 0 + use prelude.prelude.UIntSize - let%span span28 = "../../../../creusot-contracts/src/std/vec.rs" 174 22 174 41 + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - let%span span29 = "../../../../creusot-contracts/src/std/vec.rs" 175 12 175 78 + predicate invariant'7 (self : Seq'0.t_seq usize) = + [%#span7] true - let%span span30 = "" 0 0 0 0 + predicate inv'7 (_x : Seq'0.t_seq usize) - use Core_Option_Option_Type as Option'0 + axiom inv'7 : forall x : Seq'0.t_seq usize . inv'7 x = true - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + predicate invariant'6 (self : Seq'0.t_seq t) - predicate invariant'8 (self : Seq'0.t_seq (Option'0.t_option t)) + predicate inv'6 (_x : Seq'0.t_seq t) - predicate inv'8 (_x : Seq'0.t_seq (Option'0.t_option t)) + axiom inv'6 : forall x : Seq'0.t_seq t . inv'6 x = true - axiom inv'8 : forall x : Seq'0.t_seq (Option'0.t_option t) . inv'8 x = true + use Core_Option_Option_Type as Option'0 use prelude.prelude.Int use map.Map - predicate invariant'7 (self : Map.map int (Option'0.t_option t)) - - predicate inv'7 (_x : Map.map int (Option'0.t_option t)) - - axiom inv'7 : forall x : Map.map int (Option'0.t_option t) . inv'7 x = true + predicate invariant'5 (self : Map.map int (Option'0.t_option t)) - use prelude.prelude.UIntSize - - predicate invariant'6 (self : Seq'0.t_seq usize) = - [%#span7] true - - predicate inv'6 (_x : Seq'0.t_seq usize) - - axiom inv'6 : forall x : Seq'0.t_seq usize . inv'6 x = true - - predicate invariant'5 (self : Seq'0.t_seq t) + predicate inv'5 (_x : Map.map int (Option'0.t_option t)) - predicate inv'5 (_x : Seq'0.t_seq t) - - axiom inv'5 : forall x : Seq'0.t_seq t . inv'5 x = true + axiom inv'5 : forall x : Map.map int (Option'0.t_option t) . inv'5 x = true use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'2 (self : Seq'0.t_seq (Option'0.t_option t)) : int - axiom len'2_spec : forall self : Seq'0.t_seq (Option'0.t_option t) . ([%#span8] inv'8 self) - -> ([%#span9] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq (Option'0.t_option t) . [%#span8] len'2 self >= 0 - constant empty'2 : Seq'0.t_seq (Option'0.t_option t) = [%#span10] () + constant empty'2 : Seq'0.t_seq (Option'0.t_option t) - function empty_len'2 (_1 : ()) : () = - [%#span12] () + function empty_len'2 (_1 : ()) : () - axiom empty_len'2_spec : forall _1 : () . [%#span11] len'2 (empty'2 : Seq'0.t_seq (Option'0.t_option t)) = 0 + axiom empty_len'2_spec : forall _1 : () . [%#span9] len'2 (empty'2 : Seq'0.t_seq (Option'0.t_option t)) = 0 use Alloc_Alloc_Global_Type as Global'0 @@ -1607,33 +1453,29 @@ module SparseArray_Create use prelude.prelude.UIntSize - constant max'0 : usize = [%#span13] (18446744073709551615 : usize) - - use seq.Seq + constant max'0 : usize = [%#span10] (18446744073709551615 : usize) function len'1 (self : Seq'0.t_seq usize) : int - axiom len'1_spec : forall self : Seq'0.t_seq usize . ([%#span8] inv'6 self) -> ([%#span9] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq usize . [%#span8] len'1 self >= 0 predicate inv'4 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'2 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'2_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span14] inv'4 self) - -> ([%#span16] inv'6 (shallow_model'2 self)) - && ([%#span15] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'2_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span11] inv'4 self) + -> ([%#span12] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'4 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span17] inv'6 (shallow_model'2 self) + [%#span13] inv'7 (shallow_model'2 self) axiom inv'4 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'4 x = true - constant empty'1 : Seq'0.t_seq usize = [%#span10] () + constant empty'1 : Seq'0.t_seq usize - function empty_len'1 (_1 : ()) : () = - [%#span12] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span11] len'1 (empty'1 : Seq'0.t_seq usize) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span9] len'1 (empty'1 : Seq'0.t_seq usize) = 0 predicate invariant'3 (self : usize) = [%#span7] true @@ -1642,73 +1484,60 @@ module SparseArray_Create axiom inv'3 : forall x : usize . inv'3 x = true - use seq.Seq - function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span8] inv'5 self) -> ([%#span9] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span8] len'0 self >= 0 predicate inv'2 (_x : Vec'0.t_vec t (Global'0.t_global)) function shallow_model'1 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq t - axiom shallow_model'1_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span14] inv'2 self) - -> ([%#span16] inv'5 (shallow_model'1 self)) - && ([%#span15] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'1_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span11] inv'2 self) + -> ([%#span12] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'2 (self : Vec'0.t_vec t (Global'0.t_global)) = - [%#span17] inv'5 (shallow_model'1 self) + [%#span13] inv'6 (shallow_model'1 self) axiom inv'2 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'2 x = true - constant empty'0 : Seq'0.t_seq t = [%#span10] () - - function empty_len'0 (_1 : ()) : () = - [%#span12] () + constant empty'0 : Seq'0.t_seq t - axiom empty_len'0_spec : forall _1 : () . [%#span11] len'0 (empty'0 : Seq'0.t_seq t) = 0 + function empty_len'0 (_1 : ()) : () - use seq.Seq + axiom empty_len'0_spec : forall _1 : () . [%#span9] len'0 (empty'0 : Seq'0.t_seq t) = 0 - function index_logic'4 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'4 (self : Seq'0.t_seq usize) (_2 : int) : usize function index_logic'2 [@inline:trivial] (self : Vec'0.t_vec usize (Global'0.t_global)) (ix : int) : usize = - [%#span18] index_logic'4 (shallow_model'2 self) ix + [%#span14] index_logic'4 (shallow_model'2 self) ix use SparseArray_Sparse_Type as SparseArray_Sparse_Type use prelude.prelude.Borrow - use seq.Seq - use map.Map - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq (Option'0.t_option t)) (x : int) : Option'0.t_option t + function index_logic'0 (self : Seq'0.t_seq (Option'0.t_option t)) (_2 : int) : Option'0.t_option t function new'0 (len : int) (data : Map.map int (Option'0.t_option t)) : Seq'0.t_seq (Option'0.t_option t) - axiom new'0_spec : forall len : int, data : Map.map int (Option'0.t_option t) . ([%#span19] len >= 0) - -> ([%#span20] inv'7 data) - -> ([%#span23] inv'8 (new'0 len data)) - && ([%#span22] forall i : int . 0 <= i /\ i < len'2 (new'0 len data) + axiom new'0_spec : forall len : int, data : Map.map int (Option'0.t_option t) . ([%#span15] len >= 0) + -> ([%#span16] inv'5 data) + -> ([%#span18] forall i : int . 0 <= i /\ i < len'2 (new'0 len data) -> index_logic'0 (new'0 len data) i = Map.get data i) - && ([%#span21] len'2 (new'0 len data) = len) + && ([%#span17] len'2 (new'0 len data) = len) use prelude.prelude.Mapping - use seq.Seq - - function index_logic'3 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'3 (self : Seq'0.t_seq t) (_2 : int) : t function index_logic'1 [@inline:trivial] (self : Vec'0.t_vec t (Global'0.t_global)) (ix : int) : t = - [%#span18] index_logic'3 (shallow_model'1 self) ix + [%#span14] index_logic'3 (shallow_model'1 self) ix use SparseArray_Sparse_Type as Sparse'0 function is_elt'0 [#"../sparse_array.rs" 72 4 72 36] (self : Sparse'0.t_sparse t) (i : int) : bool = - [%#span24] UIntSize.to_int (index_logic'2 (SparseArray_Sparse_Type.sparse_idx self) i) + [%#span19] UIntSize.to_int (index_logic'2 (SparseArray_Sparse_Type.sparse_idx self) i) < UIntSize.to_int (SparseArray_Sparse_Type.sparse_n self) /\ UIntSize.to_int (index_logic'2 (SparseArray_Sparse_Type.sparse_back self) (UIntSize.to_int (index_logic'2 (SparseArray_Sparse_Type.sparse_idx self) i))) = i @@ -1716,14 +1545,14 @@ module SparseArray_Create function shallow_model'0 [#"../sparse_array.rs" 38 4 38 50] (self : Sparse'0.t_sparse t) : Seq'0.t_seq (Option'0.t_option t) = - [%#span25] new'0 (UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self)) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then + [%#span20] new'0 (UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self)) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then Option'0.C_Some (index_logic'1 (SparseArray_Sparse_Type.sparse_values self) i) else Option'0.C_None )) predicate invariant'1 [#"../sparse_array.rs" 49 4 49 30] (self : Sparse'0.t_sparse t) = - [%#span26] UIntSize.to_int (SparseArray_Sparse_Type.sparse_n self) + [%#span21] UIntSize.to_int (SparseArray_Sparse_Type.sparse_n self) <= UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self) /\ len'2 (shallow_model'0 self) = UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self) /\ len'0 (shallow_model'1 (SparseArray_Sparse_Type.sparse_values self)) @@ -1755,19 +1584,19 @@ module SparseArray_Create use prelude.prelude.Intrinsic - let rec from_elem'1 (elem:usize) (n:usize) (return' (ret:Vec'0.t_vec usize (Global'0.t_global)))= {[@expl:precondition] [%#span27] inv'3 elem} + let rec from_elem'1 (elem:usize) (n:usize) (return' (ret:Vec'0.t_vec usize (Global'0.t_global)))= {[@expl:precondition] [%#span22] inv'3 elem} any - [ return' (result:Vec'0.t_vec usize (Global'0.t_global))-> {[%#span30] inv'4 result} - {[%#span29] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'2 result i = elem} - {[%#span28] len'1 (shallow_model'2 result) = UIntSize.to_int n} + [ return' (result:Vec'0.t_vec usize (Global'0.t_global))-> {[%#span25] inv'4 result} + {[%#span24] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'2 result i = elem} + {[%#span23] len'1 (shallow_model'2 result) = UIntSize.to_int n} (! return' {result}) ] - let rec from_elem'0 (elem:t) (n:usize) (return' (ret:Vec'0.t_vec t (Global'0.t_global)))= {[@expl:precondition] [%#span27] inv'0 elem} + let rec from_elem'0 (elem:t) (n:usize) (return' (ret:Vec'0.t_vec t (Global'0.t_global)))= {[@expl:precondition] [%#span22] inv'0 elem} any - [ return' (result:Vec'0.t_vec t (Global'0.t_global))-> {[%#span30] inv'2 result} - {[%#span29] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'1 result i = elem} - {[%#span28] len'0 (shallow_model'1 result) = UIntSize.to_int n} + [ return' (result:Vec'0.t_vec t (Global'0.t_global))-> {[%#span25] inv'2 result} + {[%#span24] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'1 result i = elem} + {[%#span23] len'0 (shallow_model'1 result) = UIntSize.to_int n} (! return' {result}) ] @@ -1871,86 +1700,85 @@ module SparseArray_F let%span span24 = "" 0 0 0 0 - let%span span25 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span26 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span25 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span27 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span26 = "../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span28 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span27 = "../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span29 = "../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span28 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span30 = "../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span29 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span31 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span30 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span32 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span31 = "../../../../creusot-contracts/src/logic/seq2.rs" 22 15 22 23 - let%span span33 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span32 = "../../../../creusot-contracts/src/logic/seq2.rs" 25 25 25 29 - let%span span34 = "../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span33 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 33 - let%span span35 = "../../../../creusot-contracts/src/logic/seq2.rs" 28 15 28 23 + let%span span34 = "../../../../creusot-contracts/src/logic/seq2.rs" 24 4 24 87 - let%span span36 = "../../../../creusot-contracts/src/logic/seq2.rs" 31 25 31 29 + let%span span35 = "../sparse_array.rs" 73 20 74 52 - let%span span37 = "../../../../creusot-contracts/src/logic/seq2.rs" 29 14 29 33 + let%span span36 = "../sparse_array.rs" 40 12 41 82 - let%span span38 = "../../../../creusot-contracts/src/logic/seq2.rs" 30 4 30 87 + let%span span37 = "../sparse_array.rs" 50 8 61 9 - let%span span39 = "../../../../creusot-contracts/src/logic/seq2.rs" 31 4 31 55 + let%span span38 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span40 = "../sparse_array.rs" 73 20 74 52 + let%span span39 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span41 = "../sparse_array.rs" 40 12 41 82 + let%span span40 = "../sparse_array.rs" 108 15 108 31 - let%span span42 = "../sparse_array.rs" 50 8 61 9 + let%span span41 = "../sparse_array.rs" 112 20 112 24 - let%span span43 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span42 = "../sparse_array.rs" 112 36 112 37 - let%span span44 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span43 = "../sparse_array.rs" 109 14 109 43 - let%span span45 = "../sparse_array.rs" 108 15 108 31 + let%span span44 = "../sparse_array.rs" 110 4 110 95 - let%span span46 = "../sparse_array.rs" 112 20 112 24 + let%span span45 = "../sparse_array.rs" 111 14 111 37 - let%span span47 = "../sparse_array.rs" 112 36 112 37 + let%span span46 = "../sparse_array.rs" 80 15 80 31 - let%span span48 = "../sparse_array.rs" 109 14 109 43 + let%span span47 = "../sparse_array.rs" 89 16 89 20 - let%span span49 = "../sparse_array.rs" 110 4 110 95 + let%span span48 = "../sparse_array.rs" 81 14 84 5 - let%span span50 = "../sparse_array.rs" 111 14 111 37 + let%span span49 = "../sparse_array.rs" 85 14 88 5 - let%span span51 = "../sparse_array.rs" 80 15 80 31 + let%span span50 = "../sparse_array.rs" 89 35 89 45 - let%span span52 = "../sparse_array.rs" 89 16 89 20 + let%span span51 = "../sparse_array.rs" 134 42 134 47 - let%span span53 = "../sparse_array.rs" 81 14 84 5 + let%span span52 = "../sparse_array.rs" 132 10 132 27 - let%span span54 = "../sparse_array.rs" 85 14 88 5 + let%span span53 = "../sparse_array.rs" 133 0 133 67 - let%span span55 = "../sparse_array.rs" 89 35 89 45 + let%span span54 = "../sparse_array.rs" 134 55 134 64 - let%span span56 = "../sparse_array.rs" 134 42 134 47 + use prelude.prelude.UIntSize - let%span span57 = "../sparse_array.rs" 132 10 132 27 + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - let%span span58 = "../sparse_array.rs" 133 0 133 67 + predicate invariant'9 (self : Seq'0.t_seq usize) = + [%#span23] true - let%span span59 = "../sparse_array.rs" 134 55 134 64 + predicate inv'9 (_x : Seq'0.t_seq usize) - use prelude.prelude.UIntSize + axiom inv'9 : forall x : Seq'0.t_seq usize . inv'9 x = true - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + use prelude.prelude.Int32 - predicate invariant'10 (self : Seq'0.t_seq usize) = + predicate invariant'8 (self : Seq'0.t_seq int32) = [%#span23] true - predicate inv'10 (_x : Seq'0.t_seq usize) + predicate inv'8 (_x : Seq'0.t_seq int32) - axiom inv'10 : forall x : Seq'0.t_seq usize . inv'10 x = true + axiom inv'8 : forall x : Seq'0.t_seq int32 . inv'8 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -1962,55 +1790,37 @@ module SparseArray_F constant max'0 : usize = [%#span24] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'2 (self : Seq'0.t_seq usize) : int - axiom len'2_spec : forall self : Seq'0.t_seq usize . ([%#span25] inv'10 self) -> ([%#span26] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq usize . [%#span25] len'2 self >= 0 - predicate inv'9 (_x : Vec'0.t_vec usize (Global'0.t_global)) + predicate inv'7 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'5 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'5_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span27] inv'9 self) - -> ([%#span29] inv'10 (shallow_model'5 self)) - && ([%#span28] len'2 (shallow_model'5 self) <= UIntSize.to_int (max'0 : usize)) - - predicate invariant'9 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span30] inv'10 (shallow_model'5 self) - - axiom inv'9 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'9 x = true - - use prelude.prelude.Int32 - - predicate invariant'8 (self : Seq'0.t_seq int32) = - [%#span23] true - - predicate inv'8 (_x : Seq'0.t_seq int32) + axiom shallow_model'5_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span26] inv'7 self) + -> ([%#span27] len'2 (shallow_model'5 self) <= UIntSize.to_int (max'0 : usize)) - axiom inv'8 : forall x : Seq'0.t_seq int32 . inv'8 x = true + predicate invariant'7 (self : Vec'0.t_vec usize (Global'0.t_global)) = + [%#span28] inv'9 (shallow_model'5 self) - constant empty'2 : Seq'0.t_seq usize = [%#span31] () + axiom inv'7 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'7 x = true - function empty_len'2 (_1 : ()) : () = - [%#span33] () + constant empty'2 : Seq'0.t_seq usize - axiom empty_len'2_spec : forall _1 : () . [%#span32] len'2 (empty'2 : Seq'0.t_seq usize) = 0 + function empty_len'2 (_1 : ()) : () - use seq.Seq + axiom empty_len'2_spec : forall _1 : () . [%#span29] len'2 (empty'2 : Seq'0.t_seq usize) = 0 function len'1 (self : Seq'0.t_seq int32) : int - axiom len'1_spec : forall self : Seq'0.t_seq int32 . ([%#span25] inv'8 self) -> ([%#span26] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq int32 . [%#span25] len'1 self >= 0 - constant empty'1 : Seq'0.t_seq int32 = [%#span31] () + constant empty'1 : Seq'0.t_seq int32 - function empty_len'1 (_1 : ()) : () = - [%#span33] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span32] len'1 (empty'1 : Seq'0.t_seq int32) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span29] len'1 (empty'1 : Seq'0.t_seq int32) = 0 use Core_Option_Option_Type as Option'0 @@ -2018,32 +1828,24 @@ module SparseArray_F use map.Map - predicate invariant'7 (self : Map.map int (Option'0.t_option int32)) = + predicate invariant'6 (self : Map.map int (Option'0.t_option int32)) = [%#span23] true - predicate inv'7 (_x : Map.map int (Option'0.t_option int32)) + predicate inv'6 (_x : Map.map int (Option'0.t_option int32)) - axiom inv'7 : forall x : Map.map int (Option'0.t_option int32) . inv'7 x = true + axiom inv'6 : forall x : Map.map int (Option'0.t_option int32) . inv'6 x = true - predicate inv'6 (_x : Vec'0.t_vec int32 (Global'0.t_global)) + predicate inv'5 (_x : Vec'0.t_vec int32 (Global'0.t_global)) function shallow_model'4 (self : Vec'0.t_vec int32 (Global'0.t_global)) : Seq'0.t_seq int32 - axiom shallow_model'4_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span27] inv'6 self) - -> ([%#span29] inv'8 (shallow_model'4 self)) - && ([%#span28] len'1 (shallow_model'4 self) <= UIntSize.to_int (max'0 : usize)) - - predicate invariant'6 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span30] inv'8 (shallow_model'4 self) - - axiom inv'6 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'6 x = true - - predicate invariant'5 (self : Seq'0.t_seq (Option'0.t_option int32)) = - [%#span23] true + axiom shallow_model'4_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span26] inv'5 self) + -> ([%#span27] len'1 (shallow_model'4 self) <= UIntSize.to_int (max'0 : usize)) - predicate inv'5 (_x : Seq'0.t_seq (Option'0.t_option int32)) + predicate invariant'5 (self : Vec'0.t_vec int32 (Global'0.t_global)) = + [%#span28] inv'8 (shallow_model'4 self) - axiom inv'5 : forall x : Seq'0.t_seq (Option'0.t_option int32) . inv'5 x = true + axiom inv'5 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'5 x = true use SparseArray_Sparse_Type as Sparse'0 @@ -2072,19 +1874,15 @@ module SparseArray_F axiom inv'2 : forall x : Sparse'0.t_sparse int32 . inv'2 x = inv'0 x - use seq.Seq - function len'0 (self : Seq'0.t_seq (Option'0.t_option int32)) : int - axiom len'0_spec : forall self : Seq'0.t_seq (Option'0.t_option int32) . ([%#span25] inv'5 self) - -> ([%#span26] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (Option'0.t_option int32) . [%#span25] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq (Option'0.t_option int32) = [%#span31] () + constant empty'0 : Seq'0.t_seq (Option'0.t_option int32) - function empty_len'0 (_1 : ()) : () = - [%#span33] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span32] len'0 (empty'0 : Seq'0.t_seq (Option'0.t_option int32)) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span29] len'0 (empty'0 : Seq'0.t_seq (Option'0.t_option int32)) = 0 predicate invariant'1 (self : int32) = [%#span23] true @@ -2093,43 +1891,34 @@ module SparseArray_F axiom inv'1 : forall x : int32 . inv'1 x = true - use seq.Seq - - function index_logic'4 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'4 (self : Seq'0.t_seq usize) (_2 : int) : usize function index_logic'2 [@inline:trivial] (self : Vec'0.t_vec usize (Global'0.t_global)) (ix : int) : usize = - [%#span34] index_logic'4 (shallow_model'5 self) ix + [%#span30] index_logic'4 (shallow_model'5 self) ix use SparseArray_Sparse_Type as SparseArray_Sparse_Type - use seq.Seq - use map.Map - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq (Option'0.t_option int32)) (x : int) : Option'0.t_option int32 + function index_logic'0 (self : Seq'0.t_seq (Option'0.t_option int32)) (_2 : int) : Option'0.t_option int32 function new'0 (len : int) (data : Map.map int (Option'0.t_option int32)) : Seq'0.t_seq (Option'0.t_option int32) - axiom new'0_spec : forall len : int, data : Map.map int (Option'0.t_option int32) . ([%#span35] len >= 0) - -> ([%#span36] inv'7 data) - -> ([%#span39] inv'5 (new'0 len data)) - && ([%#span38] forall i : int . 0 <= i /\ i < len'0 (new'0 len data) + axiom new'0_spec : forall len : int, data : Map.map int (Option'0.t_option int32) . ([%#span31] len >= 0) + -> ([%#span32] inv'6 data) + -> ([%#span34] forall i : int . 0 <= i /\ i < len'0 (new'0 len data) -> index_logic'0 (new'0 len data) i = Map.get data i) - && ([%#span37] len'0 (new'0 len data) = len) + && ([%#span33] len'0 (new'0 len data) = len) use prelude.prelude.Mapping - use seq.Seq - - function index_logic'3 (self : Seq'0.t_seq int32) (x : int) : int32 + function index_logic'3 (self : Seq'0.t_seq int32) (_2 : int) : int32 function index_logic'1 [@inline:trivial] (self : Vec'0.t_vec int32 (Global'0.t_global)) (ix : int) : int32 = - [%#span34] index_logic'3 (shallow_model'4 self) ix + [%#span30] index_logic'3 (shallow_model'4 self) ix function is_elt'0 [#"../sparse_array.rs" 72 4 72 36] (self : Sparse'0.t_sparse int32) (i : int) : bool = - [%#span40] UIntSize.to_int (index_logic'2 (SparseArray_Sparse_Type.sparse_idx self) i) + [%#span35] UIntSize.to_int (index_logic'2 (SparseArray_Sparse_Type.sparse_idx self) i) < UIntSize.to_int (SparseArray_Sparse_Type.sparse_n self) /\ UIntSize.to_int (index_logic'2 (SparseArray_Sparse_Type.sparse_back self) (UIntSize.to_int (index_logic'2 (SparseArray_Sparse_Type.sparse_idx self) i))) = i @@ -2137,14 +1926,14 @@ module SparseArray_F function shallow_model'1 [#"../sparse_array.rs" 38 4 38 50] (self : Sparse'0.t_sparse int32) : Seq'0.t_seq (Option'0.t_option int32) = - [%#span41] new'0 (UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self)) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then + [%#span36] new'0 (UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self)) (Mapping.from_fn (fun (i : int) -> if is_elt'0 self i then Option'0.C_Some (index_logic'1 (SparseArray_Sparse_Type.sparse_values self) i) else Option'0.C_None )) predicate invariant'0 [#"../sparse_array.rs" 49 4 49 30] (self : Sparse'0.t_sparse int32) = - [%#span42] UIntSize.to_int (SparseArray_Sparse_Type.sparse_n self) + [%#span37] UIntSize.to_int (SparseArray_Sparse_Type.sparse_n self) <= UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self) /\ len'0 (shallow_model'1 self) = UIntSize.to_int (SparseArray_Sparse_Type.sparse_size self) /\ len'1 (shallow_model'4 (SparseArray_Sparse_Type.sparse_values self)) @@ -2171,47 +1960,47 @@ module SparseArray_F use prelude.prelude.Int32 function shallow_model'0 (self : int32) : int = - [%#span43] Int32.to_int self + [%#span38] Int32.to_int self function shallow_model'3 (self : borrowed (Sparse'0.t_sparse int32)) : Seq'0.t_seq (Option'0.t_option int32) = - [%#span44] shallow_model'1 ( * self) + [%#span39] shallow_model'1 ( * self) - let rec set'0 (self:borrowed (Sparse'0.t_sparse int32)) (i:usize) (v:int32) (return' (ret:()))= {[@expl:precondition] [%#span47] inv'1 v} - {[@expl:precondition] [%#span46] inv'4 self} - {[@expl:precondition] [%#span45] UIntSize.to_int i < len'0 (shallow_model'3 self)} + let rec set'0 (self:borrowed (Sparse'0.t_sparse int32)) (i:usize) (v:int32) (return' (ret:()))= {[@expl:precondition] [%#span42] inv'1 v} + {[@expl:precondition] [%#span41] inv'4 self} + {[@expl:precondition] [%#span40] UIntSize.to_int i < len'0 (shallow_model'3 self)} any - [ return' (result:())-> {[%#span50] index_logic'0 (shallow_model'1 ( ^ self)) (UIntSize.to_int i) + [ return' (result:())-> {[%#span45] index_logic'0 (shallow_model'1 ( ^ self)) (UIntSize.to_int i) = Option'0.C_Some v} - {[%#span49] forall j : int . 0 <= j /\ j < len'0 (shallow_model'3 self) /\ j <> UIntSize.to_int i + {[%#span44] forall j : int . 0 <= j /\ j < len'0 (shallow_model'3 self) /\ j <> UIntSize.to_int i -> index_logic'0 (shallow_model'1 ( ^ self)) j = index_logic'0 (shallow_model'3 self) j} - {[%#span48] len'0 (shallow_model'1 ( ^ self)) = len'0 (shallow_model'3 self)} + {[%#span43] len'0 (shallow_model'1 ( ^ self)) = len'0 (shallow_model'3 self)} (! return' {result}) ] function shallow_model'2 (self : Sparse'0.t_sparse int32) : Seq'0.t_seq (Option'0.t_option int32) = - [%#span43] shallow_model'1 self + [%#span38] shallow_model'1 self - let rec get'0 (self:Sparse'0.t_sparse int32) (i:usize) (return' (ret:Option'0.t_option int32))= {[@expl:precondition] [%#span52] inv'2 self} - {[@expl:precondition] [%#span51] UIntSize.to_int i < len'0 (shallow_model'2 self)} + let rec get'0 (self:Sparse'0.t_sparse int32) (i:usize) (return' (ret:Option'0.t_option int32))= {[@expl:precondition] [%#span47] inv'2 self} + {[@expl:precondition] [%#span46] UIntSize.to_int i < len'0 (shallow_model'2 self)} any - [ return' (result:Option'0.t_option int32)-> {[%#span55] inv'3 result} - {[%#span54] match index_logic'0 (shallow_model'2 self) (UIntSize.to_int i) with + [ return' (result:Option'0.t_option int32)-> {[%#span50] inv'3 result} + {[%#span49] match index_logic'0 (shallow_model'2 self) (UIntSize.to_int i) with | Option'0.C_None -> result = Option'0.C_None | Option'0.C_Some _ -> true end} - {[%#span53] match result with + {[%#span48] match result with | Option'0.C_None -> index_logic'0 (shallow_model'2 self) (UIntSize.to_int i) = Option'0.C_None | Option'0.C_Some x -> index_logic'0 (shallow_model'2 self) (UIntSize.to_int i) = Option'0.C_Some x end} (! return' {result}) ] - let rec create'0 (sz:usize) (dummy:int32) (return' (ret:Sparse'0.t_sparse int32))= {[@expl:precondition] [%#span56] inv'1 dummy} + let rec create'0 (sz:usize) (dummy:int32) (return' (ret:Sparse'0.t_sparse int32))= {[@expl:precondition] [%#span51] inv'1 dummy} any - [ return' (result:Sparse'0.t_sparse int32)-> {[%#span59] inv'0 result} - {[%#span58] forall i : int . 0 <= i /\ i < UIntSize.to_int sz + [ return' (result:Sparse'0.t_sparse int32)-> {[%#span54] inv'0 result} + {[%#span53] forall i : int . 0 <= i /\ i < UIntSize.to_int sz -> index_logic'0 (shallow_model'1 result) i = Option'0.C_None} - {[%#span57] SparseArray_Sparse_Type.sparse_size result = sz} + {[%#span52] SparseArray_Sparse_Type.sparse_size result = sz} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/sum.coma b/creusot/tests/should_succeed/sum.coma index 884001832b..d23a907b5e 100644 --- a/creusot/tests/should_succeed/sum.coma +++ b/creusot/tests/should_succeed/sum.coma @@ -15,22 +15,7 @@ module CreusotContracts_Snapshot_Snapshot_Type type t_snapshot 't end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module Core_Cmp_Ordering_Type type t_ordering = @@ -89,107 +74,89 @@ module Sum_SumFirstN let%span span9 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span10 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span10 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span11 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span11 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span12 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span12 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span13 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span13 = "../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 - let%span span14 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span14 = "../../../../creusot-contracts/src/std/ops.rs" 207 20 207 24 - let%span span15 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span15 = "../../../../creusot-contracts/src/std/ops.rs" 206 4 206 88 - let%span span16 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span16 = "../../../../creusot-contracts/src/std/iter/range.rs" 46 62 46 63 - let%span span17 = "../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 + let%span span17 = "../../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 - let%span span18 = "../../../../creusot-contracts/src/std/ops.rs" 207 20 207 24 + let%span span18 = "../../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 - let%span span19 = "../../../../creusot-contracts/src/std/ops.rs" 206 4 206 88 + let%span span19 = "../../../../creusot-contracts/src/std/iter/range.rs" 65 8 71 9 - let%span span20 = "../../../../creusot-contracts/src/std/iter/range.rs" 46 62 46 63 + let%span span20 = "../../../../creusot-contracts/src/std/iter/range.rs" 81 15 81 32 - let%span span21 = "../../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 + let%span span21 = "../../../../creusot-contracts/src/std/iter/range.rs" 82 15 82 32 - let%span span22 = "../../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 + let%span span22 = "../../../../creusot-contracts/src/std/iter/range.rs" 84 22 84 23 - let%span span23 = "../../../../creusot-contracts/src/std/iter/range.rs" 65 8 71 9 + let%span span23 = "../../../../creusot-contracts/src/std/iter/range.rs" 84 52 84 53 - let%span span24 = "../../../../creusot-contracts/src/std/iter/range.rs" 81 15 81 32 + let%span span24 = "../../../../creusot-contracts/src/std/iter/range.rs" 84 82 84 83 - let%span span25 = "../../../../creusot-contracts/src/std/iter/range.rs" 82 15 82 32 + let%span span25 = "../../../../creusot-contracts/src/std/iter/range.rs" 83 14 83 42 - let%span span26 = "../../../../creusot-contracts/src/std/iter/range.rs" 84 22 84 23 + let%span span26 = "../../../../creusot-contracts/src/std/iter/range.rs" 79 4 79 10 - let%span span27 = "../../../../creusot-contracts/src/std/iter/range.rs" 84 31 84 33 + let%span span27 = "../../../../creusot-contracts/src/std/iter/range.rs" 77 21 77 25 - let%span span28 = "../../../../creusot-contracts/src/std/iter/range.rs" 84 52 84 53 + let%span span28 = "../../../../creusot-contracts/src/std/iter/range.rs" 76 14 76 45 - let%span span29 = "../../../../creusot-contracts/src/std/iter/range.rs" 84 61 84 63 + let%span span29 = "../../../../creusot-contracts/src/std/iter/range.rs" 74 4 74 10 - let%span span30 = "../../../../creusot-contracts/src/std/iter/range.rs" 84 82 84 83 + let%span span30 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span31 = "../../../../creusot-contracts/src/std/iter/range.rs" 83 14 83 42 + let%span span31 = "../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span32 = "../../../../creusot-contracts/src/std/iter/range.rs" 79 4 79 10 + let%span span32 = "../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span33 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span33 = "../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span34 = "../../../../creusot-contracts/src/std/iter/range.rs" 77 21 77 25 + let%span span34 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span35 = "../../../../creusot-contracts/src/std/iter/range.rs" 76 14 76 45 + let%span span35 = "../../../../creusot-contracts/src/std/iter/range.rs" 58 12 58 57 - let%span span36 = "../../../../creusot-contracts/src/std/iter/range.rs" 74 4 74 10 + let%span span36 = "" 0 0 0 0 - let%span span37 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span37 = "../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - let%span span38 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span38 = "" 0 0 0 0 - let%span span39 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span39 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span40 = "../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span40 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span41 = "../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span41 = "../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - let%span span42 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span42 = "../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - let%span span43 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span43 = "../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - let%span span44 = "../../../../creusot-contracts/src/std/iter/range.rs" 58 12 58 57 + let%span span44 = "" 0 0 0 0 let%span span45 = "" 0 0 0 0 - let%span span46 = "../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 + let%span span46 = "" 0 0 0 0 let%span span47 = "" 0 0 0 0 - let%span span48 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - - let%span span49 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - - let%span span50 = "../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - - let%span span51 = "../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - - let%span span52 = "../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 + let%span span48 = "../../../../creusot-contracts/src/std/ops.rs" 220 26 220 53 - let%span span53 = "" 0 0 0 0 + let%span span49 = "../../../../creusot-contracts/src/std/ops.rs" 221 26 221 49 - let%span span54 = "" 0 0 0 0 + let%span span50 = "../../../../creusot-contracts/src/std/ops.rs" 222 16 222 93 - let%span span55 = "" 0 0 0 0 - - let%span span56 = "" 0 0 0 0 - - let%span span57 = "../../../../creusot-contracts/src/std/ops.rs" 220 26 220 53 - - let%span span58 = "../../../../creusot-contracts/src/std/ops.rs" 221 26 221 49 - - let%span span59 = "../../../../creusot-contracts/src/std/ops.rs" 222 16 222 93 - - let%span span60 = "" 0 0 0 0 + let%span span51 = "" 0 0 0 0 use prelude.prelude.UInt32 @@ -229,31 +196,22 @@ module Sum_SumFirstN axiom inv'1 : forall x : uint32 . inv'1 x = true - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - use seq.Seq - use prelude.prelude.Int - function index_logic'0 (self : Seq'0.t_seq uint32) (x : int) : uint32 - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq uint32) (_2 : int) : uint32 function len'0 (self : Seq'0.t_seq uint32) : int - axiom len'0_spec : forall self : Seq'0.t_seq uint32 . ([%#span10] inv'2 self) -> ([%#span11] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq uint32 . [%#span10] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq uint32) (other : Seq'0.t_seq uint32) : Seq'0.t_seq uint32 - axiom concat'0_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span12] inv'2 self) - -> ([%#span13] inv'2 other) - -> ([%#span16] inv'2 (concat'0 self other)) - && ([%#span15] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span12] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span14] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span11] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate inv'0 (_x : RangeInclusive'0.t_rangeinclusive uint32) @@ -264,7 +222,7 @@ module Sum_SumFirstN use prelude.prelude.UInt32 function deep_model'0 (self : uint32) : int = - [%#span17] UInt32.to_int self + [%#span13] UInt32.to_int self function end_log'0 (self : RangeInclusive'0.t_rangeinclusive uint32) : uint32 @@ -272,19 +230,19 @@ module Sum_SumFirstN function is_empty_log'0 (self : RangeInclusive'0.t_rangeinclusive uint32) : bool - axiom is_empty_log'0_spec : forall self : RangeInclusive'0.t_rangeinclusive uint32 . ([%#span18] inv'0 self) - -> ([%#span19] not is_empty_log'0 self -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self)) + axiom is_empty_log'0_spec : forall self : RangeInclusive'0.t_rangeinclusive uint32 . ([%#span14] inv'0 self) + -> ([%#span15] not is_empty_log'0 self -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self)) function range_inclusive_len'0 (r : RangeInclusive'0.t_rangeinclusive uint32) : int = - [%#span22] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 + [%#span18] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 - axiom range_inclusive_len'0_spec : forall r : RangeInclusive'0.t_rangeinclusive uint32 . ([%#span20] inv'0 r) - -> ([%#span21] is_empty_log'0 r = (range_inclusive_len'0 r = 0)) + axiom range_inclusive_len'0_spec : forall r : RangeInclusive'0.t_rangeinclusive uint32 . ([%#span16] inv'0 r) + -> ([%#span17] is_empty_log'0 r = (range_inclusive_len'0 r = 0)) predicate produces'0 (self : RangeInclusive'0.t_rangeinclusive uint32) (visited : Seq'0.t_seq uint32) (o : RangeInclusive'0.t_rangeinclusive uint32) = - [%#span23] len'0 visited = range_inclusive_len'0 self - range_inclusive_len'0 o + [%#span19] len'0 visited = range_inclusive_len'0 self - range_inclusive_len'0 o /\ (is_empty_log'0 self -> is_empty_log'0 o) /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) /\ (forall i : int . 0 <= i /\ i < len'0 visited @@ -293,55 +251,49 @@ module Sum_SumFirstN function produces_trans'0 (a : RangeInclusive'0.t_rangeinclusive uint32) (ab : Seq'0.t_seq uint32) (b : RangeInclusive'0.t_rangeinclusive uint32) (bc : Seq'0.t_seq uint32) (c : RangeInclusive'0.t_rangeinclusive uint32) : () = - [%#span32] () + [%#span26] () - axiom produces_trans'0_spec : forall a : RangeInclusive'0.t_rangeinclusive uint32, ab : Seq'0.t_seq uint32, b : RangeInclusive'0.t_rangeinclusive uint32, bc : Seq'0.t_seq uint32, c : RangeInclusive'0.t_rangeinclusive uint32 . ([%#span24] produces'0 a ab b) - -> ([%#span25] produces'0 b bc c) - -> ([%#span26] inv'0 a) - -> ([%#span27] inv'2 ab) - -> ([%#span28] inv'0 b) - -> ([%#span29] inv'2 bc) -> ([%#span30] inv'0 c) -> ([%#span31] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : RangeInclusive'0.t_rangeinclusive uint32, ab : Seq'0.t_seq uint32, b : RangeInclusive'0.t_rangeinclusive uint32, bc : Seq'0.t_seq uint32, c : RangeInclusive'0.t_rangeinclusive uint32 . ([%#span20] produces'0 a ab b) + -> ([%#span21] produces'0 b bc c) + -> ([%#span22] inv'0 a) + -> ([%#span23] inv'0 b) -> ([%#span24] inv'0 c) -> ([%#span25] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq uint32 = [%#span33] () + constant empty'0 : Seq'0.t_seq uint32 function produces_refl'0 (self : RangeInclusive'0.t_rangeinclusive uint32) : () = - [%#span36] () + [%#span29] () - axiom produces_refl'0_spec : forall self : RangeInclusive'0.t_rangeinclusive uint32 . ([%#span34] inv'0 self) - -> ([%#span35] produces'0 self (empty'0 : Seq'0.t_seq uint32) self) + axiom produces_refl'0_spec : forall self : RangeInclusive'0.t_rangeinclusive uint32 . ([%#span27] inv'0 self) + -> ([%#span28] produces'0 self (empty'0 : Seq'0.t_seq uint32) self) predicate invariant'0 (self : RangeInclusive'0.t_rangeinclusive uint32) = [%#span9] true axiom inv'0 : forall x : RangeInclusive'0.t_rangeinclusive uint32 . inv'0 x = true - function empty_len'0 (_1 : ()) : () = - [%#span38] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span37] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span30] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic - use seq.Seq - function singleton'0 (v : uint32) : Seq'0.t_seq uint32 - axiom singleton'0_spec : forall v : uint32 . ([%#span39] inv'1 v) - -> ([%#span42] inv'2 (singleton'0 v)) - && ([%#span41] index_logic'0 (singleton'0 v) 0 = v) && ([%#span40] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : uint32 . ([%#span31] inv'1 v) + -> ([%#span33] index_logic'0 (singleton'0 v) 0 = v) && ([%#span32] len'0 (singleton'0 v) = 1) predicate resolve'0 (self : borrowed (RangeInclusive'0.t_rangeinclusive uint32)) = - [%#span43] ^ self = * self + [%#span34] ^ self = * self predicate completed'0 (self : borrowed (RangeInclusive'0.t_rangeinclusive uint32)) = - [%#span44] is_empty_log'0 ( * self) /\ is_empty_log'0 ( ^ self) + [%#span35] is_empty_log'0 ( * self) /\ is_empty_log'0 ( ^ self) - let rec next'0 (self:borrowed (RangeInclusive'0.t_rangeinclusive uint32)) (return' (ret:Option'0.t_option uint32))= {[@expl:precondition] [%#span45] inv'3 self} + let rec next'0 (self:borrowed (RangeInclusive'0.t_rangeinclusive uint32)) (return' (ret:Option'0.t_option uint32))= {[@expl:precondition] [%#span36] inv'3 self} any - [ return' (result:Option'0.t_option uint32)-> {[%#span47] inv'4 result} - {[%#span46] match result with + [ return' (result:Option'0.t_option uint32)-> {[%#span38] inv'4 result} + {[%#span37] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} @@ -360,37 +312,37 @@ module Sum_SumFirstN function new'2 (x : Seq'0.t_seq uint32) : Snapshot'0.t_snapshot (Seq'0.t_seq uint32) - axiom new'2_spec : forall x : Seq'0.t_seq uint32 . ([%#span48] inv'2 x) -> ([%#span49] deref'0 (new'2 x) = x) + axiom new'2_spec : forall x : Seq'0.t_seq uint32 . ([%#span39] inv'2 x) -> ([%#span40] deref'0 (new'2 x) = x) function new'1 (x : RangeInclusive'0.t_rangeinclusive uint32) : Snapshot'0.t_snapshot (RangeInclusive'0.t_rangeinclusive uint32) - axiom new'1_spec : forall x : RangeInclusive'0.t_rangeinclusive uint32 . ([%#span48] inv'0 x) - -> ([%#span49] deref'1 (new'1 x) = x) + axiom new'1_spec : forall x : RangeInclusive'0.t_rangeinclusive uint32 . ([%#span39] inv'0 x) + -> ([%#span40] deref'1 (new'1 x) = x) predicate into_iter_post'0 (self : RangeInclusive'0.t_rangeinclusive uint32) (res : RangeInclusive'0.t_rangeinclusive uint32) = - [%#span50] self = res + [%#span41] self = res predicate into_iter_pre'0 (self : RangeInclusive'0.t_rangeinclusive uint32) = - [%#span51] true + [%#span42] true - let rec into_iter'0 (self:RangeInclusive'0.t_rangeinclusive uint32) (return' (ret:RangeInclusive'0.t_rangeinclusive uint32))= {[@expl:precondition] [%#span53] inv'0 self} - {[@expl:precondition] [%#span52] into_iter_pre'0 self} + let rec into_iter'0 (self:RangeInclusive'0.t_rangeinclusive uint32) (return' (ret:RangeInclusive'0.t_rangeinclusive uint32))= {[@expl:precondition] [%#span44] inv'0 self} + {[@expl:precondition] [%#span43] into_iter_pre'0 self} any - [ return' (result:RangeInclusive'0.t_rangeinclusive uint32)-> {[%#span54] inv'0 result} - {[%#span52] into_iter_post'0 self result} + [ return' (result:RangeInclusive'0.t_rangeinclusive uint32)-> {[%#span45] inv'0 result} + {[%#span43] into_iter_post'0 self result} (! return' {result}) ] - let rec new'0 (start:uint32) (end':uint32) (return' (ret:RangeInclusive'0.t_rangeinclusive uint32))= {[@expl:precondition] [%#span56] inv'1 end'} - {[@expl:precondition] [%#span55] inv'1 start} + let rec new'0 (start:uint32) (end':uint32) (return' (ret:RangeInclusive'0.t_rangeinclusive uint32))= {[@expl:precondition] [%#span47] inv'1 end'} + {[@expl:precondition] [%#span46] inv'1 start} any - [ return' (result:RangeInclusive'0.t_rangeinclusive uint32)-> {[%#span60] inv'0 result} - {[%#span59] deep_model'0 start <= deep_model'0 end' -> not is_empty_log'0 result} - {[%#span58] end_log'0 result = end'} - {[%#span57] start_log'0 result = start} + [ return' (result:RangeInclusive'0.t_rangeinclusive uint32)-> {[%#span51] inv'0 result} + {[%#span50] deep_model'0 start <= deep_model'0 end' -> not is_empty_log'0 result} + {[%#span49] end_log'0 result = end'} + {[%#span48] start_log'0 result = start} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/sum_of_odds.coma b/creusot/tests/should_succeed/sum_of_odds.coma index 3967ea33f7..8074d5eac6 100644 --- a/creusot/tests/should_succeed/sum_of_odds.coma +++ b/creusot/tests/should_succeed/sum_of_odds.coma @@ -73,22 +73,7 @@ module CreusotContracts_Snapshot_Snapshot_Type type t_snapshot 't end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module Core_Option_Option_Type type t_option 't = @@ -133,96 +118,78 @@ module SumOfOdds_ComputeSumOfOdd let%span span12 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span13 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span13 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span14 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span14 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span15 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span15 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span16 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span16 = "../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 - let%span span17 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span17 = "../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 - let%span span18 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span18 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 - let%span span19 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span19 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 - let%span span20 = "../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 + let%span span20 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 - let%span span21 = "../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 + let%span span21 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 - let%span span22 = "../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span span22 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 - let%span span23 = "../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span span23 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 - let%span span24 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 + let%span span24 = "../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 - let%span span25 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 31 40 33 + let%span span25 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 - let%span span26 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 + let%span span26 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span27 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 61 40 63 + let%span span27 = "../sum_of_odds.rs" 8 4 8 9 - let%span span28 = "../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 + let%span span28 = "../sum_of_odds.rs" 17 10 17 11 - let%span span29 = "../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span span29 = "../sum_of_odds.rs" 16 0 16 8 - let%span span30 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span30 = "../sum_of_odds.rs" 27 11 27 17 - let%span span31 = "../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 + let%span span31 = "../sum_of_odds.rs" 28 10 28 33 - let%span span32 = "../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span span32 = "../sum_of_odds.rs" 29 10 29 11 - let%span span33 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span33 = "../sum_of_odds.rs" 31 4 31 65 - let%span span34 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span34 = "../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span35 = "../sum_of_odds.rs" 8 4 8 9 + let%span span35 = "../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span36 = "../sum_of_odds.rs" 17 10 17 11 + let%span span36 = "../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span37 = "../sum_of_odds.rs" 16 0 16 8 + let%span span37 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span38 = "../sum_of_odds.rs" 27 11 27 17 + let%span span38 = "../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 - let%span span39 = "../sum_of_odds.rs" 28 10 28 33 + let%span span39 = "" 0 0 0 0 - let%span span40 = "../sum_of_odds.rs" 29 10 29 11 + let%span span40 = "../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - let%span span41 = "../sum_of_odds.rs" 31 4 31 65 + let%span span41 = "" 0 0 0 0 - let%span span42 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span42 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span43 = "../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span43 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span44 = "../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span44 = "../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - let%span span45 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span45 = "../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - let%span span46 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span46 = "../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - let%span span47 = "../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span span47 = "" 0 0 0 0 let%span span48 = "" 0 0 0 0 - let%span span49 = "../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - - let%span span50 = "" 0 0 0 0 - - let%span span51 = "../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - - let%span span52 = "../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - - let%span span53 = "../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - - let%span span54 = "../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - - let%span span55 = "../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - - let%span span56 = "" 0 0 0 0 - - let%span span57 = "" 0 0 0 0 - use prelude.prelude.UInt32 predicate invariant'4 (self : uint32) = @@ -261,31 +228,22 @@ module SumOfOdds_ComputeSumOfOdd axiom inv'1 : forall x : Seq'0.t_seq uint32 . inv'1 x = true - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - use seq.Seq - use prelude.prelude.Int - function index_logic'0 (self : Seq'0.t_seq uint32) (x : int) : uint32 - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq uint32) (_2 : int) : uint32 function len'0 (self : Seq'0.t_seq uint32) : int - axiom len'0_spec : forall self : Seq'0.t_seq uint32 . ([%#span13] inv'1 self) -> ([%#span14] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq uint32 . [%#span13] len'0 self >= 0 function concat'0 (self : Seq'0.t_seq uint32) (other : Seq'0.t_seq uint32) : Seq'0.t_seq uint32 - axiom concat'0_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span15] inv'1 self) - -> ([%#span16] inv'1 other) - -> ([%#span19] inv'1 (concat'0 self other)) - && ([%#span18] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span15] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span17] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span14] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate inv'0 (_x : Range'0.t_range uint32) @@ -294,12 +252,12 @@ module SumOfOdds_ComputeSumOfOdd use prelude.prelude.UInt32 function deep_model'0 (self : uint32) : int = - [%#span20] UInt32.to_int self + [%#span16] UInt32.to_int self use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type predicate produces'0 (self : Range'0.t_range uint32) (visited : Seq'0.t_seq uint32) (o : Range'0.t_range uint32) = - [%#span21] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o + [%#span17] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start self) <= deep_model'0 (Core_Ops_Range_Range_Type.range_start o) /\ (len'0 visited > 0 @@ -312,69 +270,63 @@ module SumOfOdds_ComputeSumOfOdd function produces_trans'0 (a : Range'0.t_range uint32) (ab : Seq'0.t_seq uint32) (b : Range'0.t_range uint32) (bc : Seq'0.t_seq uint32) (c : Range'0.t_range uint32) : () - axiom produces_trans'0_spec : forall a : Range'0.t_range uint32, ab : Seq'0.t_seq uint32, b : Range'0.t_range uint32, bc : Seq'0.t_seq uint32, c : Range'0.t_range uint32 . ([%#span22] produces'0 a ab b) - -> ([%#span23] produces'0 b bc c) - -> ([%#span24] inv'0 a) - -> ([%#span25] inv'1 ab) - -> ([%#span26] inv'0 b) - -> ([%#span27] inv'1 bc) -> ([%#span28] inv'0 c) -> ([%#span29] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : Range'0.t_range uint32, ab : Seq'0.t_seq uint32, b : Range'0.t_range uint32, bc : Seq'0.t_seq uint32, c : Range'0.t_range uint32 . ([%#span18] produces'0 a ab b) + -> ([%#span19] produces'0 b bc c) + -> ([%#span20] inv'0 a) + -> ([%#span21] inv'0 b) -> ([%#span22] inv'0 c) -> ([%#span23] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq uint32 = [%#span30] () + constant empty'0 : Seq'0.t_seq uint32 function produces_refl'0 (self : Range'0.t_range uint32) : () - axiom produces_refl'0_spec : forall self : Range'0.t_range uint32 . ([%#span31] inv'0 self) - -> ([%#span32] produces'0 self (empty'0 : Seq'0.t_seq uint32) self) + axiom produces_refl'0_spec : forall self : Range'0.t_range uint32 . ([%#span24] inv'0 self) + -> ([%#span25] produces'0 self (empty'0 : Seq'0.t_seq uint32) self) predicate invariant'0 (self : Range'0.t_range uint32) = [%#span12] true axiom inv'0 : forall x : Range'0.t_range uint32 . inv'0 x = true - function empty_len'0 (_1 : ()) : () = - [%#span34] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span33] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span26] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic function sqr'0 [#"../sum_of_odds.rs" 7 0 7 21] (x : int) : int = - [%#span35] x * x + [%#span27] x * x function sum_of_odd'0 [#"../sum_of_odds.rs" 18 0 18 28] (x : int) : int axiom sum_of_odd'0_def : forall x : int . sum_of_odd'0 x - = ([%#span37] if x <= 0 then 0 else sum_of_odd'0 (x - 1) + 2 * x - 1) + = ([%#span29] if x <= 0 then 0 else sum_of_odd'0 (x - 1) + 2 * x - 1) function sum_of_odd_is_sqr'0 [#"../sum_of_odds.rs" 30 0 30 28] (x : int) : () axiom sum_of_odd_is_sqr'0_def : forall x : int . sum_of_odd_is_sqr'0 x - = ([%#span41] if x > 0 then sum_of_odd_is_sqr'0 (x - 1) else ()) - - axiom sum_of_odd_is_sqr'0_spec : forall x : int . ([%#span38] x >= 0) -> ([%#span39] sum_of_odd'0 x = sqr'0 x) + = ([%#span33] if x > 0 then sum_of_odd_is_sqr'0 (x - 1) else ()) - use seq.Seq + axiom sum_of_odd_is_sqr'0_spec : forall x : int . ([%#span30] x >= 0) -> ([%#span31] sum_of_odd'0 x = sqr'0 x) function singleton'0 (v : uint32) : Seq'0.t_seq uint32 - axiom singleton'0_spec : forall v : uint32 . ([%#span42] inv'4 v) - -> ([%#span45] inv'1 (singleton'0 v)) - && ([%#span44] index_logic'0 (singleton'0 v) 0 = v) && ([%#span43] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : uint32 . ([%#span34] inv'4 v) + -> ([%#span36] index_logic'0 (singleton'0 v) 0 = v) && ([%#span35] len'0 (singleton'0 v) = 1) predicate resolve'0 (self : borrowed (Range'0.t_range uint32)) = - [%#span46] ^ self = * self + [%#span37] ^ self = * self predicate completed'0 (self : borrowed (Range'0.t_range uint32)) = - [%#span47] resolve'0 self + [%#span38] resolve'0 self /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start ( * self)) >= deep_model'0 (Core_Ops_Range_Range_Type.range_end ( * self)) - let rec next'0 (self:borrowed (Range'0.t_range uint32)) (return' (ret:Option'0.t_option uint32))= {[@expl:precondition] [%#span48] inv'2 self} + let rec next'0 (self:borrowed (Range'0.t_range uint32)) (return' (ret:Option'0.t_option uint32))= {[@expl:precondition] [%#span39] inv'2 self} any - [ return' (result:Option'0.t_option uint32)-> {[%#span50] inv'3 result} - {[%#span49] match result with + [ return' (result:Option'0.t_option uint32)-> {[%#span41] inv'3 result} + {[%#span40] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} @@ -391,23 +343,23 @@ module SumOfOdds_ComputeSumOfOdd function new'1 (x : Seq'0.t_seq uint32) : Snapshot'0.t_snapshot (Seq'0.t_seq uint32) - axiom new'1_spec : forall x : Seq'0.t_seq uint32 . ([%#span51] inv'1 x) -> ([%#span52] deref'0 (new'1 x) = x) + axiom new'1_spec : forall x : Seq'0.t_seq uint32 . ([%#span42] inv'1 x) -> ([%#span43] deref'0 (new'1 x) = x) function new'0 (x : Range'0.t_range uint32) : Snapshot'0.t_snapshot (Range'0.t_range uint32) - axiom new'0_spec : forall x : Range'0.t_range uint32 . ([%#span51] inv'0 x) -> ([%#span52] deref'1 (new'0 x) = x) + axiom new'0_spec : forall x : Range'0.t_range uint32 . ([%#span42] inv'0 x) -> ([%#span43] deref'1 (new'0 x) = x) predicate into_iter_post'0 (self : Range'0.t_range uint32) (res : Range'0.t_range uint32) = - [%#span53] self = res + [%#span44] self = res predicate into_iter_pre'0 (self : Range'0.t_range uint32) = - [%#span54] true + [%#span45] true - let rec into_iter'0 (self:Range'0.t_range uint32) (return' (ret:Range'0.t_range uint32))= {[@expl:precondition] [%#span56] inv'0 self} - {[@expl:precondition] [%#span55] into_iter_pre'0 self} + let rec into_iter'0 (self:Range'0.t_range uint32) (return' (ret:Range'0.t_range uint32))= {[@expl:precondition] [%#span47] inv'0 self} + {[@expl:precondition] [%#span46] into_iter_pre'0 self} any - [ return' (result:Range'0.t_range uint32)-> {[%#span57] inv'0 result} - {[%#span55] into_iter_post'0 self result} + [ return' (result:Range'0.t_range uint32)-> {[%#span48] inv'0 result} + {[%#span46] into_iter_post'0 self result} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/syntax/06_logic_function_contracts.coma b/creusot/tests/should_succeed/syntax/06_logic_function_contracts.coma index e70b5f4f77..0bd26e87eb 100644 --- a/creusot/tests/should_succeed/syntax/06_logic_function_contracts.coma +++ b/creusot/tests/should_succeed/syntax/06_logic_function_contracts.coma @@ -1,207 +1,124 @@ module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C06LogicFunctionContracts_Sum_Impl let%span s06_logic_function_contracts0 = "../06_logic_function_contracts.rs" 9 10 9 19 - let%span sseq21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span sseq22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span sseq23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 - - let%span sseq24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 - - let%span sseq25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 - - let%span sseq26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 + let%span sseq21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span sseq27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 + let%span sseq22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span span8 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 + let%span sseq23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span sseq24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 use prelude.prelude.Int - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'0 (self : Seq'0.t_seq int) = - [%#span8] true - - predicate inv'0 (_x : Seq'0.t_seq int) - - axiom inv'0 : forall x : Seq'0.t_seq int . inv'0 x = true - use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'0 (self : Seq'0.t_seq int) : int - axiom len'0_spec : forall self : Seq'0.t_seq int . ([%#sseq21] inv'0 self) -> ([%#sseq22] len'0 self >= 0) - - constant empty'0 : Seq'0.t_seq int = [%#span9] () + axiom len'0_spec : forall self : Seq'0.t_seq int . [%#sseq21] len'0 self >= 0 - function empty_len'0 (_1 : ()) : () = - [%#span11] () + constant empty'0 : Seq'0.t_seq int - axiom empty_len'0_spec : forall _1 : () . [%#span10] len'0 (empty'0 : Seq'0.t_seq int) = 0 + function empty_len'0 (_1 : ()) : () - use prelude.seq_ext.SeqExt + axiom empty_len'0_spec : forall _1 : () . [%#span5] len'0 (empty'0 : Seq'0.t_seq int) = 0 - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq int) (x : int) : int + function index_logic'0 (self : Seq'0.t_seq int) (_2 : int) : int function subsequence'0 (self : Seq'0.t_seq int) (n : int) (m : int) : Seq'0.t_seq int - axiom subsequence'0_spec : forall self : Seq'0.t_seq int, n : int, m : int . ([%#sseq23] 0 <= n + axiom subsequence'0_spec : forall self : Seq'0.t_seq int, n : int, m : int . ([%#sseq22] 0 <= n /\ n <= m /\ m <= len'0 self) - -> ([%#sseq24] inv'0 self) - -> ([%#sseq27] inv'0 (subsequence'0 self n m)) - && ([%#sseq26] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) + -> ([%#sseq24] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) -> index_logic'0 (subsequence'0 self n m) i = index_logic'0 self (n + i)) - && ([%#sseq25] len'0 (subsequence'0 self n m) = m - n) + && ([%#sseq23] len'0 (subsequence'0 self n m) = m - n) constant seq : Seq'0.t_seq int function sum [#"../06_logic_function_contracts.rs" 10 0 10 32] (seq : Seq'0.t_seq int) : int - goal vc_sum : ([%#sseq21] inv'0 seq) - /\ (([%#sseq22] len'0 seq >= 0) + goal vc_sum : ([%#sseq21] len'0 seq >= 0) -> match len'0 seq = 0 with | True -> true - | False -> ([%#sseq21] inv'0 seq) - /\ (([%#sseq22] len'0 seq >= 0) - -> ([%#sseq21] inv'0 seq) - /\ (([%#sseq22] len'0 seq >= 0) - -> (([%#sseq24] inv'0 seq) && ([%#sseq23] 0 <= 0 /\ 0 <= len'0 seq - 1 /\ len'0 seq - 1 <= len'0 seq)) - /\ (([%#sseq27] inv'0 (subsequence'0 seq 0 (len'0 seq - 1))) - && ([%#sseq26] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 seq 0 (len'0 seq - 1)) + | False -> ([%#sseq21] len'0 seq >= 0) + -> ([%#sseq21] len'0 seq >= 0) + -> ([%#sseq22] 0 <= 0 /\ 0 <= len'0 seq - 1 /\ len'0 seq - 1 <= len'0 seq) + /\ (([%#sseq24] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 seq 0 (len'0 seq - 1)) -> index_logic'0 (subsequence'0 seq 0 (len'0 seq - 1)) i = index_logic'0 seq (0 + i)) - && ([%#sseq25] len'0 (subsequence'0 seq 0 (len'0 seq - 1)) = len'0 seq - 1 - 0) + && ([%#sseq23] len'0 (subsequence'0 seq 0 (len'0 seq - 1)) = len'0 seq - 1 - 0) -> 0 <= ([%#s06_logic_function_contracts0] len'0 seq) /\ ([%#s06_logic_function_contracts0] len'0 (subsequence'0 seq 0 (len'0 seq - 1))) - < ([%#s06_logic_function_contracts0] len'0 seq)))) - end) + < ([%#s06_logic_function_contracts0] len'0 seq)) + end end module C06LogicFunctionContracts_AllZero_Impl let%span s06_logic_function_contracts0 = "../06_logic_function_contracts.rs" 21 10 21 19 - let%span sseq21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span sseq22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span sseq23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 - - let%span sseq24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 + let%span sseq21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span sseq25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 + let%span sseq22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span sseq26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 + let%span sseq23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span sseq27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 + let%span sseq24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span span8 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 use prelude.prelude.Int - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'0 (self : Seq'0.t_seq int) = - [%#span8] true - - predicate inv'0 (_x : Seq'0.t_seq int) - - axiom inv'0 : forall x : Seq'0.t_seq int . inv'0 x = true - use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'0 (self : Seq'0.t_seq int) : int - axiom len'0_spec : forall self : Seq'0.t_seq int . ([%#sseq21] inv'0 self) -> ([%#sseq22] len'0 self >= 0) - - constant empty'0 : Seq'0.t_seq int = [%#span9] () + axiom len'0_spec : forall self : Seq'0.t_seq int . [%#sseq21] len'0 self >= 0 - function empty_len'0 (_1 : ()) : () = - [%#span11] () + constant empty'0 : Seq'0.t_seq int - axiom empty_len'0_spec : forall _1 : () . [%#span10] len'0 (empty'0 : Seq'0.t_seq int) = 0 + function empty_len'0 (_1 : ()) : () - use prelude.seq_ext.SeqExt + axiom empty_len'0_spec : forall _1 : () . [%#span5] len'0 (empty'0 : Seq'0.t_seq int) = 0 - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq int) (x : int) : int + function index_logic'0 (self : Seq'0.t_seq int) (_2 : int) : int function subsequence'0 (self : Seq'0.t_seq int) (n : int) (m : int) : Seq'0.t_seq int - axiom subsequence'0_spec : forall self : Seq'0.t_seq int, n : int, m : int . ([%#sseq23] 0 <= n + axiom subsequence'0_spec : forall self : Seq'0.t_seq int, n : int, m : int . ([%#sseq22] 0 <= n /\ n <= m /\ m <= len'0 self) - -> ([%#sseq24] inv'0 self) - -> ([%#sseq27] inv'0 (subsequence'0 self n m)) - && ([%#sseq26] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) + -> ([%#sseq24] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) -> index_logic'0 (subsequence'0 self n m) i = index_logic'0 self (n + i)) - && ([%#sseq25] len'0 (subsequence'0 self n m) = m - n) + && ([%#sseq23] len'0 (subsequence'0 self n m) = m - n) constant seq : Seq'0.t_seq int predicate all_zero [#"../06_logic_function_contracts.rs" 22 0 22 38] (seq : Seq'0.t_seq int) - goal vc_all_zero : ([%#sseq21] inv'0 seq) - /\ (([%#sseq22] len'0 seq >= 0) + goal vc_all_zero : ([%#sseq21] len'0 seq >= 0) -> match len'0 seq = 0 with | True -> true - | False -> ([%#sseq21] inv'0 seq) - /\ (([%#sseq22] len'0 seq >= 0) + | False -> ([%#sseq21] len'0 seq >= 0) -> (if index_logic'0 seq (len'0 seq - 1) = 0 then - ([%#sseq21] inv'0 seq) - /\ (([%#sseq22] len'0 seq >= 0) - -> (([%#sseq24] inv'0 seq) && ([%#sseq23] 0 <= 0 /\ 0 <= len'0 seq - 1 /\ len'0 seq - 1 <= len'0 seq)) - /\ (([%#sseq27] inv'0 (subsequence'0 seq 0 (len'0 seq - 1))) - && ([%#sseq26] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 seq 0 (len'0 seq - 1)) + ([%#sseq21] len'0 seq >= 0) + -> ([%#sseq22] 0 <= 0 /\ 0 <= len'0 seq - 1 /\ len'0 seq - 1 <= len'0 seq) + /\ (([%#sseq24] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 seq 0 (len'0 seq - 1)) -> index_logic'0 (subsequence'0 seq 0 (len'0 seq - 1)) i = index_logic'0 seq (0 + i)) - && ([%#sseq25] len'0 (subsequence'0 seq 0 (len'0 seq - 1)) = len'0 seq - 1 - 0) + && ([%#sseq23] len'0 (subsequence'0 seq 0 (len'0 seq - 1)) = len'0 seq - 1 - 0) -> 0 <= ([%#s06_logic_function_contracts0] len'0 seq) /\ ([%#s06_logic_function_contracts0] len'0 (subsequence'0 seq 0 (len'0 seq - 1))) - < ([%#s06_logic_function_contracts0] len'0 seq))) + < ([%#s06_logic_function_contracts0] len'0 seq)) else true - )) - end) + ) + end end module C06LogicFunctionContracts_Stupid_Impl type t diff --git a/creusot/tests/should_succeed/syntax/08_const.coma b/creusot/tests/should_succeed/syntax/08_const.coma index 60b4e4b9a7..09ff978568 100644 --- a/creusot/tests/should_succeed/syntax/08_const.coma +++ b/creusot/tests/should_succeed/syntax/08_const.coma @@ -1,14 +1,4 @@ module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - + type t_seq 't end diff --git a/creusot/tests/should_succeed/syntax/11_array_types.coma b/creusot/tests/should_succeed/syntax/11_array_types.coma index b8aa65e6ec..2c4a207c41 100644 --- a/creusot/tests/should_succeed/syntax/11_array_types.coma +++ b/creusot/tests/should_succeed/syntax/11_array_types.coma @@ -22,22 +22,7 @@ module C11ArrayTypes_UsesArray_Type end end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C11ArrayTypes_Omg let%span s11_array_types0 = "../11_array_types.rs" 9 8 9 9 @@ -50,55 +35,35 @@ module C11ArrayTypes_Omg let%span s11_array_types4 = "../11_array_types.rs" 7 11 7 53 - let%span span5 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span7 = "" 0 0 0 0 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span8 = "../../../../../creusot-contracts/src/logic/ops.rs" 65 8 65 31 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span11 = "" 0 0 0 0 - - let%span span12 = "../../../../../creusot-contracts/src/logic/ops.rs" 65 8 65 31 + use prelude.prelude.Int use prelude.prelude.Int64 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'0 (self : Seq'0.t_seq int64) = - [%#span5] true - - predicate inv'0 (_x : Seq'0.t_seq int64) - - axiom inv'0 : forall x : Seq'0.t_seq int64 . inv'0 x = true - - use prelude.prelude.Int - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq int64) : int - axiom len'0_spec : forall self : Seq'0.t_seq int64 . ([%#span6] inv'0 self) -> ([%#span7] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq int64 . [%#span5] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq int64 = [%#span8] () + constant empty'0 : Seq'0.t_seq int64 - function empty_len'0 (_1 : ()) : () = - [%#span10] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span9] len'0 (empty'0 : Seq'0.t_seq int64) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span6] len'0 (empty'0 : Seq'0.t_seq int64) = 0 use prelude.prelude.UIntSize use prelude.prelude.UIntSize - constant max'0 : usize = [%#span11] (18446744073709551615 : usize) + constant max'0 : usize = [%#span7] (18446744073709551615 : usize) use prelude.prelude.Slice @@ -106,14 +71,12 @@ module C11ArrayTypes_Omg use prelude.prelude.Int64 - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq int64) (x : int) : int64 + function index_logic'1 (self : Seq'0.t_seq int64) (_2 : int) : int64 use prelude.prelude.Slice function index_logic'0 [@inline:trivial] (self : array int64) (ix : int) : int64 = - [%#span12] index_logic'1 (Slice.id self) ix + [%#span8] index_logic'1 (Slice.id self) ix use C11ArrayTypes_UsesArray_Type as C11ArrayTypes_UsesArray_Type @@ -155,49 +118,29 @@ module C11ArrayTypes_CallOmg let%span s11_array_types1 = "../11_array_types.rs" 15 15 15 20 - let%span span2 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span4 = "" 0 0 0 0 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span5 = "../11_array_types.rs" 7 11 7 53 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span8 = "" 0 0 0 0 - - let%span span9 = "../11_array_types.rs" 7 11 7 53 + use prelude.prelude.Int use prelude.prelude.Int64 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate invariant'0 (self : Seq'0.t_seq int64) = - [%#span2] true - - predicate inv'0 (_x : Seq'0.t_seq int64) - - axiom inv'0 : forall x : Seq'0.t_seq int64 . inv'0 x = true - - use prelude.prelude.Int - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq int64) : int - axiom len'0_spec : forall self : Seq'0.t_seq int64 . ([%#span3] inv'0 self) -> ([%#span4] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq int64 . [%#span2] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq int64 = [%#span5] () + constant empty'0 : Seq'0.t_seq int64 - function empty_len'0 (_1 : ()) : () = - [%#span7] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span6] len'0 (empty'0 : Seq'0.t_seq int64) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span3] len'0 (empty'0 : Seq'0.t_seq int64) = 0 use prelude.prelude.Intrinsic @@ -207,13 +150,13 @@ module C11ArrayTypes_CallOmg use prelude.prelude.UIntSize - constant max'0 : usize = [%#span8] (18446744073709551615 : usize) + constant max'0 : usize = [%#span4] (18446744073709551615 : usize) use prelude.prelude.Slice use C11ArrayTypes_UsesArray_Type as C11ArrayTypes_UsesArray_Type - let rec omg'0 (x:UsesArray'0.t_usesarray) (return' (ret:()))= {[@expl:precondition] [%#span9] len'0 (Slice.id (C11ArrayTypes_UsesArray_Type.usesarray_0 x)) + let rec omg'0 (x:UsesArray'0.t_usesarray) (return' (ret:()))= {[@expl:precondition] [%#span5] len'0 (Slice.id (C11ArrayTypes_UsesArray_Type.usesarray_0 x)) > 0 /\ len'0 (Slice.id (C11ArrayTypes_UsesArray_Type.usesarray_0 x)) < UIntSize.to_int (max'0 : usize)} any [ return' (result:())-> (! return' {result}) ] diff --git a/creusot/tests/should_succeed/syntax/12_ghost_code.coma b/creusot/tests/should_succeed/syntax/12_ghost_code.coma index 4763f5d803..e76ef673aa 100644 --- a/creusot/tests/should_succeed/syntax/12_ghost_code.coma +++ b/creusot/tests/should_succeed/syntax/12_ghost_code.coma @@ -142,22 +142,7 @@ module Alloc_Alloc_Global_Type end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C12GhostCode_GhostVec let%span s12_ghost_code0 = "../12_ghost_code.rs" 9 22 9 32 @@ -168,37 +153,29 @@ module C12GhostCode_GhostVec let%span span3 = "" 0 0 0 0 - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span6 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - - let%span span7 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span8 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span5 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span9 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span6 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span7 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span13 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span9 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span14 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span10 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span15 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 + let%span span11 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 - let%span span16 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span12 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span17 = "../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 + let%span span13 = "../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 - let%span span18 = "../../../../../creusot-contracts/src/std/vec.rs" 69 26 69 44 + let%span span14 = "../../../../../creusot-contracts/src/std/vec.rs" 69 26 69 44 - let%span span19 = "" 0 0 0 0 + let%span span15 = "" 0 0 0 0 use prelude.prelude.UInt32 @@ -223,33 +200,27 @@ module C12GhostCode_GhostVec constant max'0 : usize = [%#span3] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq uint32) : int - axiom len'0_spec : forall self : Seq'0.t_seq uint32 . ([%#span4] inv'1 self) -> ([%#span5] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq uint32 . [%#span4] len'0 self >= 0 predicate inv'0 (_x : Vec'0.t_vec uint32 (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec uint32 (Global'0.t_global)) : Seq'0.t_seq uint32 - axiom shallow_model'0_spec : forall self : Vec'0.t_vec uint32 (Global'0.t_global) . ([%#span6] inv'0 self) - -> ([%#span8] inv'1 (shallow_model'0 self)) - && ([%#span7] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec uint32 (Global'0.t_global) . ([%#span5] inv'0 self) + -> ([%#span6] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'0 (self : Vec'0.t_vec uint32 (Global'0.t_global)) = - [%#span9] inv'1 (shallow_model'0 self) + [%#span7] inv'1 (shallow_model'0 self) axiom inv'0 : forall x : Vec'0.t_vec uint32 (Global'0.t_global) . inv'0 x = true - constant empty'0 : Seq'0.t_seq uint32 = [%#span10] () + constant empty'0 : Seq'0.t_seq uint32 - function empty_len'0 (_1 : ()) : () = - [%#span12] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span11] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span8] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 @@ -263,25 +234,23 @@ module C12GhostCode_GhostVec function new'1 (x : Vec'0.t_vec uint32 (Global'0.t_global)) : Snapshot'0.t_snapshot (Vec'0.t_vec uint32 (Global'0.t_global)) - axiom new'1_spec : forall x : Vec'0.t_vec uint32 (Global'0.t_global) . ([%#span13] inv'0 x) - -> ([%#span14] deref'0 (new'1 x) = x) + axiom new'1_spec : forall x : Vec'0.t_vec uint32 (Global'0.t_global) . ([%#span9] inv'0 x) + -> ([%#span10] deref'0 (new'1 x) = x) predicate resolve'1 (self : uint32) = - [%#span15] true - - use seq.Seq + [%#span11] true - function index_logic'1 (self : Seq'0.t_seq uint32) (x : int) : uint32 + function index_logic'1 (self : Seq'0.t_seq uint32) (_2 : int) : uint32 function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec uint32 (Global'0.t_global)) (ix : int) : uint32 = - [%#span16] index_logic'1 (shallow_model'0 self) ix + [%#span12] index_logic'1 (shallow_model'0 self) ix predicate resolve'0 (self : Vec'0.t_vec uint32 (Global'0.t_global)) = - [%#span17] forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 self) -> resolve'1 (index_logic'0 self i) + [%#span13] forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 self) -> resolve'1 (index_logic'0 self i) let rec new'0 (_1:()) (return' (ret:Vec'0.t_vec uint32 (Global'0.t_global)))= any - [ return' (result:Vec'0.t_vec uint32 (Global'0.t_global))-> {[%#span19] inv'0 result} - {[%#span18] len'0 (shallow_model'0 result) = 0} + [ return' (result:Vec'0.t_vec uint32 (Global'0.t_global))-> {[%#span15] inv'0 result} + {[%#span14] len'0 (shallow_model'0 result) = 0} (! return' {result}) ] @@ -308,39 +277,25 @@ module C12GhostCode_GhostCopy let%span span3 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span9 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - - let%span span10 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span6 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span7 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 - - let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 use prelude.prelude.Int32 @@ -362,20 +317,15 @@ module C12GhostCode_GhostCopy use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq int32) : int - axiom len'0_spec : forall self : Seq'0.t_seq int32 . ([%#span4] inv'0 self) -> ([%#span5] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq int32 . [%#span4] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq int32 = [%#span6] () + constant empty'0 : Seq'0.t_seq int32 - function empty_len'0 (_1 : ()) : () = - [%#span8] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span7] len'0 (empty'0 : Seq'0.t_seq int32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span5] len'0 (empty'0 : Seq'0.t_seq int32) = 0 use prelude.prelude.Intrinsic @@ -387,34 +337,25 @@ module C12GhostCode_GhostCopy function new'0 (x : Seq'0.t_seq int32) : Snapshot'0.t_snapshot (Seq'0.t_seq int32) - axiom new'0_spec : forall x : Seq'0.t_seq int32 . ([%#span9] inv'0 x) -> ([%#span10] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : Seq'0.t_seq int32 . ([%#span6] inv'0 x) -> ([%#span7] deref'0 (new'0 x) = x) - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq int32) (x : int) : int32 + function index_logic'0 (self : Seq'0.t_seq int32) (_2 : int) : int32 function concat'0 (self : Seq'0.t_seq int32) (other : Seq'0.t_seq int32) : Seq'0.t_seq int32 - axiom concat'0_spec : forall self : Seq'0.t_seq int32, other : Seq'0.t_seq int32 . ([%#span11] inv'0 self) - -> ([%#span12] inv'0 other) - -> ([%#span15] inv'0 (concat'0 self other)) - && ([%#span14] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq int32, other : Seq'0.t_seq int32 . ([%#span9] forall i : int . 0 <= i + /\ i < len'0 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'0 self then index_logic'0 self i else index_logic'0 other (i - len'0 self))) - && ([%#span13] len'0 (concat'0 self other) = len'0 self + len'0 other) - - use seq.Seq + && ([%#span8] len'0 (concat'0 self other) = len'0 self + len'0 other) function singleton'0 (v : int32) : Seq'0.t_seq int32 - axiom singleton'0_spec : forall v : int32 . ([%#span16] inv'1 v) - -> ([%#span19] inv'0 (singleton'0 v)) - && ([%#span18] index_logic'0 (singleton'0 v) 0 = v) && ([%#span17] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : int32 . ([%#span10] inv'1 v) + -> ([%#span12] index_logic'0 (singleton'0 v) 0 = v) && ([%#span11] len'0 (singleton'0 v) = 1) function push'0 [@inline:trivial] (self : Seq'0.t_seq int32) (v : int32) : Seq'0.t_seq int32 = - [%#span20] concat'0 self (singleton'0 v) + [%#span13] concat'0 self (singleton'0 v) let rec ghost_copy (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 @@ -513,73 +454,57 @@ module C12GhostCode_GhostCheck let%span span6 = "" 0 0 0 0 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span9 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span8 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span9 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span12 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span12 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span13 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span16 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 + let%span span14 = "../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 - let%span span17 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span15 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span18 = "../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 + let%span span16 = "" 0 0 0 0 - let%span span19 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span17 = "../../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 - let%span span20 = "" 0 0 0 0 + let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span21 = "../../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 + let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span24 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span25 = "" 0 0 0 0 - let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span26 = "" 0 0 0 0 - let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span27 = "../../../../../creusot-contracts/src/std/vec.rs" 82 26 82 51 - let%span span30 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span28 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span29 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span32 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span30 = "../12_ghost_code.rs" 32 0 32 8 - let%span span33 = "" 0 0 0 0 + let%span span31 = "../../../../../creusot-contracts/src/std/vec.rs" 69 26 69 44 - let%span span34 = "" 0 0 0 0 - - let%span span35 = "../../../../../creusot-contracts/src/std/vec.rs" 82 26 82 51 - - let%span span36 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - - let%span span37 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - - let%span span38 = "../12_ghost_code.rs" 32 0 32 8 - - let%span span39 = "../../../../../creusot-contracts/src/std/vec.rs" 69 26 69 44 - - let%span span40 = "" 0 0 0 0 + let%span span32 = "" 0 0 0 0 use prelude.prelude.Int32 @@ -634,89 +559,74 @@ module C12GhostCode_GhostCheck constant max'0 : usize = [%#span6] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'1 (self : Seq'0.t_seq int32) : int - axiom len'1_spec : forall self : Seq'0.t_seq int32 . ([%#span7] inv'5 self) -> ([%#span8] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq int32 . [%#span7] len'1 self >= 0 predicate inv'0 (_x : Vec'0.t_vec int32 (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec int32 (Global'0.t_global)) : Seq'0.t_seq int32 - axiom shallow_model'0_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span9] inv'0 self) - -> ([%#span11] inv'5 (shallow_model'0 self)) - && ([%#span10] len'1 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span8] inv'0 self) + -> ([%#span9] len'1 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'0 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span12] inv'5 (shallow_model'0 self) + [%#span10] inv'5 (shallow_model'0 self) axiom inv'0 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'0 x = true - constant empty'0 : Seq'0.t_seq int32 = [%#span13] () + constant empty'0 : Seq'0.t_seq int32 - function empty_len'0 (_1 : ()) : () = - [%#span15] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span14] len'1 (empty'0 : Seq'0.t_seq int32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span11] len'1 (empty'0 : Seq'0.t_seq int32) = 0 use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic predicate resolve'1 (self : int32) = - [%#span16] true - - use seq.Seq + [%#span12] true - function index_logic'1 (self : Seq'0.t_seq int32) (x : int) : int32 + function index_logic'1 (self : Seq'0.t_seq int32) (_2 : int) : int32 function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec int32 (Global'0.t_global)) (ix : int) : int32 = - [%#span17] index_logic'1 (shallow_model'0 self) ix + [%#span13] index_logic'1 (shallow_model'0 self) ix predicate resolve'0 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span18] forall i : int . 0 <= i /\ i < len'1 (shallow_model'0 self) -> resolve'1 (index_logic'0 self i) + [%#span14] forall i : int . 0 <= i /\ i < len'1 (shallow_model'0 self) -> resolve'1 (index_logic'0 self i) function shallow_model'2 (self : Vec'0.t_vec int32 (Global'0.t_global)) : Seq'0.t_seq int32 = - [%#span19] shallow_model'0 self + [%#span15] shallow_model'0 self - let rec len'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span20] inv'4 self} + let rec len'0 (self:Vec'0.t_vec int32 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span16] inv'4 self} any - [ return' (result:usize)-> {[%#span21] UIntSize.to_int result = len'1 (shallow_model'2 self)} (! return' {result}) ] + [ return' (result:usize)-> {[%#span17] UIntSize.to_int result = len'1 (shallow_model'2 self)} (! return' {result}) ] - use seq.Seq - function concat'0 (self : Seq'0.t_seq int32) (other : Seq'0.t_seq int32) : Seq'0.t_seq int32 - axiom concat'0_spec : forall self : Seq'0.t_seq int32, other : Seq'0.t_seq int32 . ([%#span22] inv'5 self) - -> ([%#span23] inv'5 other) - -> ([%#span26] inv'5 (concat'0 self other)) - && ([%#span25] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq int32, other : Seq'0.t_seq int32 . ([%#span19] forall i : int . 0 <= i + /\ i < len'1 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'1 self then index_logic'1 self i else index_logic'1 other (i - len'1 self))) - && ([%#span24] len'1 (concat'0 self other) = len'1 self + len'1 other) - - use seq.Seq + && ([%#span18] len'1 (concat'0 self other) = len'1 self + len'1 other) function singleton'0 (v : int32) : Seq'0.t_seq int32 - axiom singleton'0_spec : forall v : int32 . ([%#span27] inv'3 v) - -> ([%#span30] inv'5 (singleton'0 v)) - && ([%#span29] index_logic'1 (singleton'0 v) 0 = v) && ([%#span28] len'1 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : int32 . ([%#span20] inv'3 v) + -> ([%#span22] index_logic'1 (singleton'0 v) 0 = v) && ([%#span21] len'1 (singleton'0 v) = 1) function push'1 [@inline:trivial] (self : Seq'0.t_seq int32) (v : int32) : Seq'0.t_seq int32 = - [%#span31] concat'0 self (singleton'0 v) + [%#span23] concat'0 self (singleton'0 v) function shallow_model'1 (self : borrowed (Vec'0.t_vec int32 (Global'0.t_global))) : Seq'0.t_seq int32 = - [%#span32] shallow_model'0 ( * self) + [%#span24] shallow_model'0 ( * self) - let rec push'0 (self:borrowed (Vec'0.t_vec int32 (Global'0.t_global))) (value:int32) (return' (ret:()))= {[@expl:precondition] [%#span34] inv'3 value} - {[@expl:precondition] [%#span33] inv'2 self} + let rec push'0 (self:borrowed (Vec'0.t_vec int32 (Global'0.t_global))) (value:int32) (return' (ret:()))= {[@expl:precondition] [%#span26] inv'3 value} + {[@expl:precondition] [%#span25] inv'2 self} any - [ return' (result:())-> {[%#span35] shallow_model'0 ( ^ self) = push'1 (shallow_model'1 self) value} + [ return' (result:())-> {[%#span27] shallow_model'0 ( ^ self) = push'1 (shallow_model'1 self) value} (! return' {result}) ] @@ -724,14 +634,14 @@ module C12GhostCode_GhostCheck function new'1 (x : ()) : Snapshot'0.t_snapshot () - axiom new'1_spec : forall x : () . ([%#span36] inv'1 x) -> ([%#span37] deref'0 (new'1 x) = x) + axiom new'1_spec : forall x : () . ([%#span28] inv'1 x) -> ([%#span29] deref'0 (new'1 x) = x) function logi_drop'0 [#"../12_ghost_code.rs" 33 0 33 21] (_1 : Vec'0.t_vec int32 (Global'0.t_global)) : () = - [%#span38] () + [%#span30] () let rec new'0 (_1:()) (return' (ret:Vec'0.t_vec int32 (Global'0.t_global)))= any - [ return' (result:Vec'0.t_vec int32 (Global'0.t_global))-> {[%#span40] inv'0 result} - {[%#span39] len'1 (shallow_model'0 result) = 0} + [ return' (result:Vec'0.t_vec int32 (Global'0.t_global))-> {[%#span32] inv'0 result} + {[%#span31] len'1 (shallow_model'0 result) = 0} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/syntax/13_vec_macro.coma b/creusot/tests/should_succeed/syntax/13_vec_macro.coma index 19f61663f3..742c36ca2c 100644 --- a/creusot/tests/should_succeed/syntax/13_vec_macro.coma +++ b/creusot/tests/should_succeed/syntax/13_vec_macro.coma @@ -101,22 +101,7 @@ module Alloc_Alloc_Global_Type end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module Alloc_Boxed_Box_Type use Core_Ptr_Unique_Unique_Type as Unique'0 @@ -149,82 +134,81 @@ module C13VecMacro_X let%span span10 = "" 0 0 0 0 - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span12 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span13 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span13 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span14 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span14 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span15 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span16 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span16 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span17 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span18 = "../../../../../creusot-contracts/src/std/boxed.rs" 20 8 20 31 - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span19 = "" 0 0 0 0 - let%span span20 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 + let%span span20 = "../../../../../creusot-contracts/src/std/slice.rs" 310 18 310 35 - let%span span21 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span21 = "" 0 0 0 0 - let%span span22 = "../../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span22 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 - let%span span23 = "../../../../../creusot-contracts/src/std/boxed.rs" 20 8 20 31 + let%span span23 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span24 = "" 0 0 0 0 + let%span span24 = "../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 - let%span span25 = "../../../../../creusot-contracts/src/std/slice.rs" 310 18 310 35 + let%span span25 = "" 0 0 0 0 - let%span span26 = "" 0 0 0 0 + let%span span26 = "../../../../../creusot-contracts/src/std/vec.rs" 174 22 174 41 - let%span span27 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 + let%span span27 = "../../../../../creusot-contracts/src/std/vec.rs" 175 12 175 78 - let%span span28 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span28 = "" 0 0 0 0 - let%span span29 = "../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 + let%span span29 = "../../../../../creusot-contracts/src/std/vec.rs" 69 26 69 44 let%span span30 = "" 0 0 0 0 - let%span span31 = "../../../../../creusot-contracts/src/std/vec.rs" 174 22 174 41 - - let%span span32 = "../../../../../creusot-contracts/src/std/vec.rs" 175 12 175 78 + use prelude.prelude.Int32 - let%span span33 = "" 0 0 0 0 + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - let%span span34 = "../../../../../creusot-contracts/src/std/vec.rs" 69 26 69 44 + predicate invariant'6 (self : Seq'0.t_seq int32) = + [%#span9] true - let%span span35 = "" 0 0 0 0 + predicate inv'6 (_x : Seq'0.t_seq int32) - use prelude.prelude.Int32 + axiom inv'6 : forall x : Seq'0.t_seq int32 . inv'6 x = true - use prelude.prelude.Slice + use prelude.prelude.UInt32 - predicate invariant'6 (self : slice int32) = + predicate invariant'5 (self : Seq'0.t_seq uint32) = [%#span9] true - predicate inv'6 (_x : slice int32) + predicate inv'5 (_x : Seq'0.t_seq uint32) - axiom inv'6 : forall x : slice int32 . inv'6 x = true + axiom inv'5 : forall x : Seq'0.t_seq uint32 . inv'5 x = true - predicate invariant'5 (self : slice int32) = - [%#span9] true + use prelude.prelude.Slice - predicate inv'5 (_x : slice int32) + predicate invariant'4 (self : slice int32) = + [%#span9] true - axiom inv'5 : forall x : slice int32 . inv'5 x = true + predicate inv'4 (_x : slice int32) - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + axiom inv'4 : forall x : slice int32 . inv'4 x = true - predicate invariant'4 (self : Seq'0.t_seq int32) = + predicate invariant'3 (self : slice int32) = [%#span9] true - predicate inv'4 (_x : Seq'0.t_seq int32) + predicate inv'3 (_x : slice int32) - axiom inv'4 : forall x : Seq'0.t_seq int32 . inv'4 x = true + axiom inv'3 : forall x : slice int32 . inv'3 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -238,131 +222,107 @@ module C13VecMacro_X constant max'0 : usize = [%#span10] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'1 (self : Seq'0.t_seq int32) : int - axiom len'1_spec : forall self : Seq'0.t_seq int32 . ([%#span11] inv'4 self) -> ([%#span12] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq int32 . [%#span11] len'1 self >= 0 - predicate inv'3 (_x : Vec'0.t_vec int32 (Global'0.t_global)) + predicate inv'2 (_x : Vec'0.t_vec int32 (Global'0.t_global)) function shallow_model'1 (self : Vec'0.t_vec int32 (Global'0.t_global)) : Seq'0.t_seq int32 - axiom shallow_model'1_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span13] inv'3 self) - -> ([%#span15] inv'4 (shallow_model'1 self)) - && ([%#span14] len'1 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) - - predicate invariant'3 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span16] inv'4 (shallow_model'1 self) - - axiom inv'3 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'3 x = true + axiom shallow_model'1_spec : forall self : Vec'0.t_vec int32 (Global'0.t_global) . ([%#span12] inv'2 self) + -> ([%#span13] len'1 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) - predicate invariant'2 (self : int32) = - [%#span9] true - - predicate inv'2 (_x : int32) + predicate invariant'2 (self : Vec'0.t_vec int32 (Global'0.t_global)) = + [%#span14] inv'6 (shallow_model'1 self) - axiom inv'2 : forall x : int32 . inv'2 x = true - - use prelude.prelude.UInt32 + axiom inv'2 : forall x : Vec'0.t_vec int32 (Global'0.t_global) . inv'2 x = true - predicate invariant'1 (self : Seq'0.t_seq uint32) = + predicate invariant'1 (self : int32) = [%#span9] true - predicate inv'1 (_x : Seq'0.t_seq uint32) + predicate inv'1 (_x : int32) - axiom inv'1 : forall x : Seq'0.t_seq uint32 . inv'1 x = true - - use seq.Seq + axiom inv'1 : forall x : int32 . inv'1 x = true function len'0 (self : Seq'0.t_seq uint32) : int - axiom len'0_spec : forall self : Seq'0.t_seq uint32 . ([%#span11] inv'1 self) -> ([%#span12] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq uint32 . [%#span11] len'0 self >= 0 predicate inv'0 (_x : Vec'0.t_vec uint32 (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec uint32 (Global'0.t_global)) : Seq'0.t_seq uint32 - axiom shallow_model'0_spec : forall self : Vec'0.t_vec uint32 (Global'0.t_global) . ([%#span13] inv'0 self) - -> ([%#span15] inv'1 (shallow_model'0 self)) - && ([%#span14] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec uint32 (Global'0.t_global) . ([%#span12] inv'0 self) + -> ([%#span13] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'0 (self : Vec'0.t_vec uint32 (Global'0.t_global)) = - [%#span16] inv'1 (shallow_model'0 self) + [%#span14] inv'5 (shallow_model'0 self) axiom inv'0 : forall x : Vec'0.t_vec uint32 (Global'0.t_global) . inv'0 x = true - constant empty'1 : Seq'0.t_seq int32 = [%#span17] () + constant empty'1 : Seq'0.t_seq int32 - function empty_len'1 (_1 : ()) : () = - [%#span19] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span18] len'1 (empty'1 : Seq'0.t_seq int32) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span15] len'1 (empty'1 : Seq'0.t_seq int32) = 0 - constant empty'0 : Seq'0.t_seq uint32 = [%#span17] () + constant empty'0 : Seq'0.t_seq uint32 - function empty_len'0 (_1 : ()) : () = - [%#span19] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span18] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span15] len'0 (empty'0 : Seq'0.t_seq uint32) = 0 use prelude.prelude.Intrinsic function shallow_model'3 (self : slice int32) : Seq'0.t_seq int32 - axiom shallow_model'3_spec : forall self : slice int32 . ([%#span20] inv'6 self) - -> ([%#span22] inv'4 (shallow_model'3 self)) - && ([%#span21] len'1 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'3_spec : forall self : slice int32 . ([%#span16] inv'4 self) + -> ([%#span17] len'1 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) function shallow_model'2 (self : slice int32) : Seq'0.t_seq int32 = - [%#span23] shallow_model'3 self + [%#span18] shallow_model'3 self - let rec into_vec'0 (self:slice int32) (return' (ret:Vec'0.t_vec int32 (Global'0.t_global)))= {[@expl:precondition] [%#span24] inv'5 self} + let rec into_vec'0 (self:slice int32) (return' (ret:Vec'0.t_vec int32 (Global'0.t_global)))= {[@expl:precondition] [%#span19] inv'3 self} any - [ return' (result:Vec'0.t_vec int32 (Global'0.t_global))-> {[%#span26] inv'3 result} - {[%#span25] shallow_model'1 result = shallow_model'2 self} + [ return' (result:Vec'0.t_vec int32 (Global'0.t_global))-> {[%#span21] inv'2 result} + {[%#span20] shallow_model'1 result = shallow_model'2 self} (! return' {result}) ] predicate resolve'3 (self : int32) = - [%#span27] true - - use seq.Seq + [%#span22] true - function index_logic'3 (self : Seq'0.t_seq int32) (x : int) : int32 + function index_logic'3 (self : Seq'0.t_seq int32) (_2 : int) : int32 function index_logic'1 [@inline:trivial] (self : Vec'0.t_vec int32 (Global'0.t_global)) (ix : int) : int32 = - [%#span28] index_logic'3 (shallow_model'1 self) ix + [%#span23] index_logic'3 (shallow_model'1 self) ix predicate resolve'1 (self : Vec'0.t_vec int32 (Global'0.t_global)) = - [%#span29] forall i : int . 0 <= i /\ i < len'1 (shallow_model'1 self) -> resolve'3 (index_logic'1 self i) + [%#span24] forall i : int . 0 <= i /\ i < len'1 (shallow_model'1 self) -> resolve'3 (index_logic'1 self i) - let rec from_elem'0 (elem:int32) (n:usize) (return' (ret:Vec'0.t_vec int32 (Global'0.t_global)))= {[@expl:precondition] [%#span30] inv'2 elem} + let rec from_elem'0 (elem:int32) (n:usize) (return' (ret:Vec'0.t_vec int32 (Global'0.t_global)))= {[@expl:precondition] [%#span25] inv'1 elem} any - [ return' (result:Vec'0.t_vec int32 (Global'0.t_global))-> {[%#span33] inv'3 result} - {[%#span32] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'1 result i = elem} - {[%#span31] len'1 (shallow_model'1 result) = UIntSize.to_int n} + [ return' (result:Vec'0.t_vec int32 (Global'0.t_global))-> {[%#span28] inv'2 result} + {[%#span27] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'1 result i = elem} + {[%#span26] len'1 (shallow_model'1 result) = UIntSize.to_int n} (! return' {result}) ] predicate resolve'2 (self : uint32) = - [%#span27] true - - use seq.Seq + [%#span22] true - function index_logic'2 (self : Seq'0.t_seq uint32) (x : int) : uint32 + function index_logic'2 (self : Seq'0.t_seq uint32) (_2 : int) : uint32 function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec uint32 (Global'0.t_global)) (ix : int) : uint32 = - [%#span28] index_logic'2 (shallow_model'0 self) ix + [%#span23] index_logic'2 (shallow_model'0 self) ix predicate resolve'0 (self : Vec'0.t_vec uint32 (Global'0.t_global)) = - [%#span29] forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 self) -> resolve'2 (index_logic'0 self i) + [%#span24] forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 self) -> resolve'2 (index_logic'0 self i) let rec new'0 (_1:()) (return' (ret:Vec'0.t_vec uint32 (Global'0.t_global)))= any - [ return' (result:Vec'0.t_vec uint32 (Global'0.t_global))-> {[%#span35] inv'0 result} - {[%#span34] len'0 (shallow_model'0 result) = 0} + [ return' (result:Vec'0.t_vec uint32 (Global'0.t_global))-> {[%#span30] inv'0 result} + {[%#span29] len'0 (shallow_model'0 result) = 0} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/syntax/derive_macros.coma b/creusot/tests/should_succeed/syntax/derive_macros.coma index ae63b1bafd..f1f55c7de5 100644 --- a/creusot/tests/should_succeed/syntax/derive_macros.coma +++ b/creusot/tests/should_succeed/syntax/derive_macros.coma @@ -724,22 +724,7 @@ module DeriveMacros_Product2_Type end end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module DeriveMacros_Sum2_Type type t_sum2 'a 'b = diff --git a/creusot/tests/should_succeed/take_first_mut.coma b/creusot/tests/should_succeed/take_first_mut.coma index b2874fd5fd..3202b967f1 100644 --- a/creusot/tests/should_succeed/take_first_mut.coma +++ b/creusot/tests/should_succeed/take_first_mut.coma @@ -16,22 +16,7 @@ module Core_Option_Option_Type end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module TakeFirstMut_TakeFirstMut type t @@ -44,65 +29,45 @@ module TakeFirstMut_TakeFirstMut let%span stake_first_mut3 = "../take_first_mut.rs" 14 57 14 74 - let%span span4 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span5 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span6 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span7 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span8 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span9 = "../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 + let%span span4 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span10 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 + let%span span5 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span11 = "../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 + let%span span6 = "../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span span12 = "../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 + let%span span7 = "../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span span13 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 + let%span span8 = "../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span span14 = "../../../../creusot-contracts/src/logic/seq2.rs" 66 8 66 39 + let%span span9 = "../../../../creusot-contracts/src/logic/seq2.rs" 62 8 62 39 - let%span span15 = "" 0 0 0 0 + let%span span10 = "" 0 0 0 0 - let%span span16 = "../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 + let%span span11 = "../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span17 = "../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span12 = "../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span18 = "../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span13 = "../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 - let%span span19 = "../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 + let%span span14 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span20 = "../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span15 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span21 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span16 = "" 0 0 0 0 - let%span span22 = "" 0 0 0 0 + let%span span17 = "../../../../creusot-contracts/src/std/slice.rs" 257 18 265 9 - let%span span23 = "../../../../creusot-contracts/src/std/slice.rs" 257 18 265 9 + let%span span18 = "" 0 0 0 0 - let%span span24 = "" 0 0 0 0 + let%span span19 = "../../../../creusot-contracts/src/std/slice.rs" 40 20 40 65 - let%span span25 = "../../../../creusot-contracts/src/std/slice.rs" 40 20 40 65 + let%span span20 = "" 0 0 0 0 - let%span span26 = "" 0 0 0 0 + let%span span21 = "../../../../creusot-contracts/src/std/mem.rs" 17 22 17 37 - let%span span27 = "../../../../creusot-contracts/src/std/mem.rs" 17 22 17 37 + let%span span22 = "../../../../creusot-contracts/src/std/mem.rs" 18 22 18 42 - let%span span28 = "../../../../creusot-contracts/src/std/mem.rs" 18 22 18 42 - - let%span span29 = "" 0 0 0 0 - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'7 (self : Seq'0.t_seq t) - - predicate inv'7 (_x : Seq'0.t_seq t) - - axiom inv'7 : forall x : Seq'0.t_seq t . inv'7 x = true + let%span span23 = "" 0 0 0 0 use prelude.prelude.Borrow @@ -116,20 +81,17 @@ module TakeFirstMut_TakeFirstMut use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span4] inv'7 self) -> ([%#span5] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span4] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq t = [%#span6] () + constant empty'0 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span8] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span7] len'0 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span5] len'0 (empty'0 : Seq'0.t_seq t) = 0 predicate invariant'5 (self : borrowed t) @@ -169,60 +131,53 @@ module TakeFirstMut_TakeFirstMut axiom inv'0 : forall x : borrowed (slice t) . inv'0 x = true - use prelude.seq_ext.SeqExt - - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'1 (self : Seq'0.t_seq t) (_2 : int) : t function subsequence'0 (self : Seq'0.t_seq t) (n : int) (m : int) : Seq'0.t_seq t - axiom subsequence'0_spec : forall self : Seq'0.t_seq t, n : int, m : int . ([%#span9] 0 <= n + axiom subsequence'0_spec : forall self : Seq'0.t_seq t, n : int, m : int . ([%#span6] 0 <= n /\ n <= m /\ m <= len'0 self) - -> ([%#span10] inv'7 self) - -> ([%#span13] inv'7 (subsequence'0 self n m)) - && ([%#span12] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) + -> ([%#span8] forall i : int . 0 <= i /\ i < len'0 (subsequence'0 self n m) -> index_logic'1 (subsequence'0 self n m) i = index_logic'1 self (n + i)) - && ([%#span11] len'0 (subsequence'0 self n m) = m - n) + && ([%#span7] len'0 (subsequence'0 self n m) = m - n) function tail'0 [@inline:trivial] (self : Seq'0.t_seq t) : Seq'0.t_seq t = - [%#span14] subsequence'0 self 1 (len'0 self) + [%#span9] subsequence'0 self 1 (len'0 self) use prelude.prelude.UIntSize use prelude.prelude.UIntSize - constant max'0 : usize = [%#span15] (18446744073709551615 : usize) + constant max'0 : usize = [%#span10] (18446744073709551615 : usize) function shallow_model'0 (self : slice t) : Seq'0.t_seq t - axiom shallow_model'0_spec : forall self : slice t . ([%#span16] inv'1 self) - -> ([%#span18] inv'7 (shallow_model'0 self)) - && ([%#span17] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : slice t . ([%#span11] inv'1 self) + -> ([%#span12] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) function index_logic'0 [@inline:trivial] (self : slice t) (ix : int) : t = - [%#span19] index_logic'1 (shallow_model'0 self) ix + [%#span13] index_logic'1 (shallow_model'0 self) ix use prelude.prelude.Intrinsic predicate resolve'3 (self : borrowed t) = - [%#span20] ^ self = * self + [%#span14] ^ self = * self predicate resolve'2 (self : borrowed (slice t)) = - [%#span20] ^ self = * self + [%#span14] ^ self = * self predicate resolve'1 (self : Option'0.t_option (borrowed t, borrowed (slice t))) predicate resolve'0 (self : borrowed (borrowed (slice t))) = - [%#span20] ^ self = * self + [%#span14] ^ self = * self function shallow_model'1 (self : borrowed (slice t)) : Seq'0.t_seq t = - [%#span21] shallow_model'0 ( * self) + [%#span15] shallow_model'0 ( * self) - let rec split_first_mut'0 (self:borrowed (slice t)) (return' (ret:Option'0.t_option (borrowed t, borrowed (slice t))))= {[@expl:precondition] [%#span22] inv'0 self} + let rec split_first_mut'0 (self:borrowed (slice t)) (return' (ret:Option'0.t_option (borrowed t, borrowed (slice t))))= {[@expl:precondition] [%#span16] inv'0 self} any - [ return' (result:Option'0.t_option (borrowed t, borrowed (slice t)))-> {[%#span24] inv'3 result} - {[%#span23] match result with + [ return' (result:Option'0.t_option (borrowed t, borrowed (slice t)))-> {[%#span18] inv'3 result} + {[%#span17] match result with | Option'0.C_Some (first, tail) -> * first = index_logic'0 ( * self) 0 /\ ^ first = index_logic'0 ( ^ self) 0 /\ len'0 (shallow_model'0 ( * self)) > 0 @@ -236,13 +191,13 @@ module TakeFirstMut_TakeFirstMut predicate is_default'0 (self : borrowed (slice t)) = - [%#span25] shallow_model'1 self = (empty'0 : Seq'0.t_seq t) /\ shallow_model'0 ( ^ self) = (empty'0 : Seq'0.t_seq t) + [%#span19] shallow_model'1 self = (empty'0 : Seq'0.t_seq t) /\ shallow_model'0 ( ^ self) = (empty'0 : Seq'0.t_seq t) - let rec take'0 (dest:borrowed (borrowed (slice t))) (return' (ret:borrowed (slice t)))= {[@expl:precondition] [%#span26] inv'2 dest} + let rec take'0 (dest:borrowed (borrowed (slice t))) (return' (ret:borrowed (slice t)))= {[@expl:precondition] [%#span20] inv'2 dest} any - [ return' (result:borrowed (slice t))-> {[%#span29] inv'0 result} - {[%#span28] is_default'0 ( ^ dest)} - {[%#span27] result = * dest} + [ return' (result:borrowed (slice t))-> {[%#span23] inv'0 result} + {[%#span22] is_default'0 ( ^ dest)} + {[%#span21] result = * dest} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/traits/16_impl_cloning.coma b/creusot/tests/should_succeed/traits/16_impl_cloning.coma index 82373b2d37..93b8f6ac32 100644 --- a/creusot/tests/should_succeed/traits/16_impl_cloning.coma +++ b/creusot/tests/should_succeed/traits/16_impl_cloning.coma @@ -116,17 +116,7 @@ module C16ImplCloning_Vec_Type end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - + type t_seq 't end module C16ImplCloning_Test type t diff --git a/creusot/tests/should_succeed/vecdeque.coma b/creusot/tests/should_succeed/vecdeque.coma index 2d4469560f..742348cca5 100644 --- a/creusot/tests/should_succeed/vecdeque.coma +++ b/creusot/tests/should_succeed/vecdeque.coma @@ -118,22 +118,7 @@ module Core_Option_Option_Type end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module Vecdeque_TestDeque let%span svecdeque0 = "../vecdeque.rs" 6 55 6 56 @@ -174,125 +159,96 @@ module Vecdeque_TestDeque let%span span18 = "../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span19 = "../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span19 = "../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span20 = "../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span20 = "../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span21 = "../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span21 = "" 0 0 0 0 - let%span span22 = "../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span22 = "../../../../creusot-contracts/src/std/deque.rs" 12 21 12 25 - let%span span23 = "../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span23 = "../../../../creusot-contracts/src/std/deque.rs" 11 14 11 41 let%span span24 = "" 0 0 0 0 - let%span span25 = "../../../../creusot-contracts/src/std/deque.rs" 12 21 12 25 + let%span span25 = "../../../../creusot-contracts/src/std/deque.rs" 76 26 76 45 - let%span span26 = "../../../../creusot-contracts/src/std/deque.rs" 11 14 11 41 + let%span span26 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span27 = "../../../../creusot-contracts/src/std/deque.rs" 12 4 12 36 + let%span span27 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span28 = "" 0 0 0 0 + let%span span28 = "../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span29 = "../../../../creusot-contracts/src/std/deque.rs" 76 26 76 45 + let%span span29 = "../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span30 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span30 = "../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span31 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span31 = "../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span32 = "../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span32 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span33 = "../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span33 = "" 0 0 0 0 - let%span span34 = "../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span34 = "" 0 0 0 0 - let%span span35 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span35 = "../../../../creusot-contracts/src/std/deque.rs" 103 26 103 55 - let%span span36 = "../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span36 = "" 0 0 0 0 - let%span span37 = "../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span37 = "" 0 0 0 0 - let%span span38 = "../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span38 = "../../../../creusot-contracts/src/std/deque.rs" 98 26 98 59 - let%span span39 = "../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span39 = "../../../../creusot-contracts/src/std/deque.rs" 99 26 99 73 - let%span span40 = "../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span40 = "../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span span41 = "" 0 0 0 0 + let%span span41 = "../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span span42 = "" 0 0 0 0 + let%span span42 = "../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span span43 = "../../../../creusot-contracts/src/std/deque.rs" 103 26 103 55 + let%span span43 = "" 0 0 0 0 - let%span span44 = "" 0 0 0 0 + let%span span44 = "../../../../creusot-contracts/src/std/deque.rs" 89 26 94 17 let%span span45 = "" 0 0 0 0 - let%span span46 = "../../../../creusot-contracts/src/std/deque.rs" 98 26 98 59 + let%span span46 = "../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 - let%span span47 = "../../../../creusot-contracts/src/std/deque.rs" 99 26 99 73 + let%span span47 = "../../../../creusot-contracts/src/std/option.rs" 10 8 13 9 - let%span span48 = "../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 + let%span span48 = "../../../../creusot-contracts/src/model.rs" 81 8 81 28 - let%span span49 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 + let%span span49 = "" 0 0 0 0 - let%span span50 = "../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 + let%span span50 = "" 0 0 0 0 - let%span span51 = "../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 + let%span span51 = "../../../../creusot-contracts/src/std/option.rs" 22 26 22 75 - let%span span52 = "../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 + let%span span52 = "" 0 0 0 0 - let%span span53 = "" 0 0 0 0 + let%span span53 = "../../../../creusot-contracts/src/std/deque.rs" 80 26 85 17 - let%span span54 = "../../../../creusot-contracts/src/std/deque.rs" 89 26 94 17 + let%span span54 = "" 0 0 0 0 - let%span span55 = "" 0 0 0 0 + let%span span55 = "../../../../creusot-contracts/src/std/deque.rs" 58 26 58 44 - let%span span56 = "../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 + let%span span56 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span57 = "../../../../creusot-contracts/src/std/option.rs" 10 8 13 9 + let%span span57 = "" 0 0 0 0 - let%span span58 = "../../../../creusot-contracts/src/model.rs" 81 8 81 28 + let%span span58 = "../../../../creusot-contracts/src/std/deque.rs" 68 26 68 48 let%span span59 = "" 0 0 0 0 - let%span span60 = "" 0 0 0 0 - - let%span span61 = "../../../../creusot-contracts/src/std/option.rs" 22 26 22 75 - - let%span span62 = "" 0 0 0 0 - - let%span span63 = "../../../../creusot-contracts/src/std/deque.rs" 80 26 85 17 - - let%span span64 = "" 0 0 0 0 - - let%span span65 = "../../../../creusot-contracts/src/std/deque.rs" 58 26 58 44 - - let%span span66 = "../../../../creusot-contracts/src/model.rs" 90 8 90 31 - - let%span span67 = "" 0 0 0 0 - - let%span span68 = "../../../../creusot-contracts/src/std/deque.rs" 68 26 68 48 - - let%span span69 = "" 0 0 0 0 + let%span span60 = "../../../../creusot-contracts/src/std/deque.rs" 72 26 72 54 - let%span span70 = "../../../../creusot-contracts/src/std/deque.rs" 72 26 72 54 + let%span span61 = "../../../../creusot-contracts/src/std/deque.rs" 62 26 62 44 - let%span span71 = "../../../../creusot-contracts/src/std/deque.rs" 62 26 62 44 + use Alloc_Alloc_Global_Type as Global'0 use prelude.prelude.UInt32 - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate invariant'6 (self : Seq'0.t_seq uint32) = - [%#span18] true - - predicate inv'6 (_x : Seq'0.t_seq uint32) - - axiom inv'6 : forall x : Seq'0.t_seq uint32 . inv'6 x = true - - use Alloc_Alloc_Global_Type as Global'0 - use Alloc_Collections_VecDeque_VecDeque_Type as VecDeque'0 predicate invariant'5 (self : VecDeque'0.t_vecdeque uint32 (Global'0.t_global)) = @@ -343,20 +299,17 @@ module Vecdeque_TestDeque use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 function len'1 (self : Seq'0.t_seq uint32) : int - axiom len'1_spec : forall self : Seq'0.t_seq uint32 . ([%#span19] inv'6 self) -> ([%#span20] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq uint32 . [%#span19] len'1 self >= 0 - constant empty'0 : Seq'0.t_seq uint32 = [%#span21] () + constant empty'0 : Seq'0.t_seq uint32 - function empty_len'0 (_1 : ()) : () = - [%#span23] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span22] len'1 (empty'0 : Seq'0.t_seq uint32) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span20] len'1 (empty'0 : Seq'0.t_seq uint32) = 0 use prelude.prelude.Intrinsic @@ -364,78 +317,65 @@ module Vecdeque_TestDeque use prelude.prelude.UIntSize - constant max'0 : usize = [%#span24] (18446744073709551615 : usize) + constant max'0 : usize = [%#span21] (18446744073709551615 : usize) function shallow_model'0 (self : VecDeque'0.t_vecdeque uint32 (Global'0.t_global)) : Seq'0.t_seq uint32 - axiom shallow_model'0_spec : forall self : VecDeque'0.t_vecdeque uint32 (Global'0.t_global) . ([%#span25] inv'5 self) - -> ([%#span27] inv'6 (shallow_model'0 self)) - && ([%#span26] len'1 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) - - let rec clear'0 (self:borrowed (VecDeque'0.t_vecdeque uint32 (Global'0.t_global))) (return' (ret:()))= {[@expl:precondition] [%#span28] inv'1 self} - any [ return' (result:())-> {[%#span29] len'1 (shallow_model'0 ( ^ self)) = 0} (! return' {result}) ] + axiom shallow_model'0_spec : forall self : VecDeque'0.t_vecdeque uint32 (Global'0.t_global) . ([%#span22] inv'5 self) + -> ([%#span23] len'1 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) - use seq.Seq + let rec clear'0 (self:borrowed (VecDeque'0.t_vecdeque uint32 (Global'0.t_global))) (return' (ret:()))= {[@expl:precondition] [%#span24] inv'1 self} + any [ return' (result:())-> {[%#span25] len'1 (shallow_model'0 ( ^ self)) = 0} (! return' {result}) ] - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq uint32) (x : int) : uint32 + function index_logic'0 (self : Seq'0.t_seq uint32) (_2 : int) : uint32 function concat'0 (self : Seq'0.t_seq uint32) (other : Seq'0.t_seq uint32) : Seq'0.t_seq uint32 - axiom concat'0_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span30] inv'6 self) - -> ([%#span31] inv'6 other) - -> ([%#span34] inv'6 (concat'0 self other)) - && ([%#span33] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq uint32, other : Seq'0.t_seq uint32 . ([%#span27] forall i : int . 0 + <= i + /\ i < len'1 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'1 self then index_logic'0 self i else index_logic'0 other (i - len'1 self))) - && ([%#span32] len'1 (concat'0 self other) = len'1 self + len'1 other) - - use seq.Seq + && ([%#span26] len'1 (concat'0 self other) = len'1 self + len'1 other) function singleton'0 (v : uint32) : Seq'0.t_seq uint32 - axiom singleton'0_spec : forall v : uint32 . ([%#span35] inv'4 v) - -> ([%#span38] inv'6 (singleton'0 v)) - && ([%#span37] index_logic'0 (singleton'0 v) 0 = v) && ([%#span36] len'1 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : uint32 . ([%#span28] inv'4 v) + -> ([%#span30] index_logic'0 (singleton'0 v) 0 = v) && ([%#span29] len'1 (singleton'0 v) = 1) function push'0 [@inline:trivial] (self : Seq'0.t_seq uint32) (v : uint32) : Seq'0.t_seq uint32 = - [%#span39] concat'0 self (singleton'0 v) + [%#span31] concat'0 self (singleton'0 v) function shallow_model'2 (self : borrowed (VecDeque'0.t_vecdeque uint32 (Global'0.t_global))) : Seq'0.t_seq uint32 = - [%#span40] shallow_model'0 ( * self) + [%#span32] shallow_model'0 ( * self) - let rec push_back'0 (self:borrowed (VecDeque'0.t_vecdeque uint32 (Global'0.t_global))) (value:uint32) (return' (ret:()))= {[@expl:precondition] [%#span42] inv'4 value} - {[@expl:precondition] [%#span41] inv'1 self} + let rec push_back'0 (self:borrowed (VecDeque'0.t_vecdeque uint32 (Global'0.t_global))) (value:uint32) (return' (ret:()))= {[@expl:precondition] [%#span34] inv'4 value} + {[@expl:precondition] [%#span33] inv'1 self} any - [ return' (result:())-> {[%#span43] shallow_model'0 ( ^ self) = push'0 (shallow_model'2 self) value} + [ return' (result:())-> {[%#span35] shallow_model'0 ( ^ self) = push'0 (shallow_model'2 self) value} (! return' {result}) ] - let rec push_front'0 (self:borrowed (VecDeque'0.t_vecdeque uint32 (Global'0.t_global))) (value:uint32) (return' (ret:()))= {[@expl:precondition] [%#span45] inv'4 value} - {[@expl:precondition] [%#span44] inv'1 self} + let rec push_front'0 (self:borrowed (VecDeque'0.t_vecdeque uint32 (Global'0.t_global))) (value:uint32) (return' (ret:()))= {[@expl:precondition] [%#span37] inv'4 value} + {[@expl:precondition] [%#span36] inv'1 self} any - [ return' (result:())-> {[%#span47] shallow_model'0 ( ^ self) = concat'0 (singleton'0 value) (shallow_model'2 self)} - {[%#span46] len'1 (shallow_model'0 ( ^ self)) = len'1 (shallow_model'2 self) + 1} + [ return' (result:())-> {[%#span39] shallow_model'0 ( ^ self) = concat'0 (singleton'0 value) (shallow_model'2 self)} + {[%#span38] len'1 (shallow_model'0 ( ^ self)) = len'1 (shallow_model'2 self) + 1} (! return' {result}) ] - use prelude.seq_ext.SeqExt - function subsequence'0 (self : Seq'0.t_seq uint32) (n : int) (m : int) : Seq'0.t_seq uint32 - axiom subsequence'0_spec : forall self : Seq'0.t_seq uint32, n : int, m : int . ([%#span48] 0 <= n + axiom subsequence'0_spec : forall self : Seq'0.t_seq uint32, n : int, m : int . ([%#span40] 0 <= n /\ n <= m /\ m <= len'1 self) - -> ([%#span49] inv'6 self) - -> ([%#span52] inv'6 (subsequence'0 self n m)) - && ([%#span51] forall i : int . 0 <= i /\ i < len'1 (subsequence'0 self n m) + -> ([%#span42] forall i : int . 0 <= i /\ i < len'1 (subsequence'0 self n m) -> index_logic'0 (subsequence'0 self n m) i = index_logic'0 self (n + i)) - && ([%#span50] len'1 (subsequence'0 self n m) = m - n) + && ([%#span41] len'1 (subsequence'0 self n m) = m - n) - let rec pop_back'0 (self:borrowed (VecDeque'0.t_vecdeque uint32 (Global'0.t_global))) (return' (ret:Option'0.t_option uint32))= {[@expl:precondition] [%#span53] inv'1 self} + let rec pop_back'0 (self:borrowed (VecDeque'0.t_vecdeque uint32 (Global'0.t_global))) (return' (ret:Option'0.t_option uint32))= {[@expl:precondition] [%#span43] inv'1 self} any - [ return' (result:Option'0.t_option uint32)-> {[%#span55] inv'2 result} - {[%#span54] match result with + [ return' (result:Option'0.t_option uint32)-> {[%#span45] inv'2 result} + {[%#span44] match result with | Option'0.C_Some t -> shallow_model'0 ( ^ self) = subsequence'0 (shallow_model'2 self) 0 (len'1 (shallow_model'2 self) - 1) /\ shallow_model'2 self = push'0 (shallow_model'0 ( ^ self)) t @@ -449,25 +389,25 @@ module Vecdeque_TestDeque use prelude.prelude.UInt32 function deep_model'2 (self : uint32) : int = - [%#span56] UInt32.to_int self + [%#span46] UInt32.to_int self function deep_model'1 (self : Option'0.t_option uint32) : Option'0.t_option int = - [%#span57] match self with + [%#span47] match self with | Option'0.C_Some t -> Option'0.C_Some (deep_model'2 t) | Option'0.C_None -> Option'0.C_None end function deep_model'0 (self : Option'0.t_option uint32) : Option'0.t_option int = - [%#span58] deep_model'1 self + [%#span48] deep_model'1 self - let rec eq'0 (self:Option'0.t_option uint32) (other:Option'0.t_option uint32) (return' (ret:bool))= {[@expl:precondition] [%#span60] inv'3 other} - {[@expl:precondition] [%#span59] inv'3 self} - any [ return' (result:bool)-> {[%#span61] result = (deep_model'0 self = deep_model'0 other)} (! return' {result}) ] + let rec eq'0 (self:Option'0.t_option uint32) (other:Option'0.t_option uint32) (return' (ret:bool))= {[@expl:precondition] [%#span50] inv'3 other} + {[@expl:precondition] [%#span49] inv'3 self} + any [ return' (result:bool)-> {[%#span51] result = (deep_model'0 self = deep_model'0 other)} (! return' {result}) ] - let rec pop_front'0 (self:borrowed (VecDeque'0.t_vecdeque uint32 (Global'0.t_global))) (return' (ret:Option'0.t_option uint32))= {[@expl:precondition] [%#span62] inv'1 self} + let rec pop_front'0 (self:borrowed (VecDeque'0.t_vecdeque uint32 (Global'0.t_global))) (return' (ret:Option'0.t_option uint32))= {[@expl:precondition] [%#span52] inv'1 self} any - [ return' (result:Option'0.t_option uint32)-> {[%#span64] inv'2 result} - {[%#span63] match result with + [ return' (result:Option'0.t_option uint32)-> {[%#span54] inv'2 result} + {[%#span53] match result with | Option'0.C_Some t -> shallow_model'0 ( ^ self) = subsequence'0 (shallow_model'2 self) 1 (len'1 (shallow_model'2 self)) /\ shallow_model'2 self = concat'0 (singleton'0 t) (shallow_model'0 ( ^ self)) @@ -477,24 +417,24 @@ module Vecdeque_TestDeque let rec new'0 (_1:()) (return' (ret:VecDeque'0.t_vecdeque uint32 (Global'0.t_global)))= any - [ return' (result:VecDeque'0.t_vecdeque uint32 (Global'0.t_global))-> {[%#span65] len'1 (shallow_model'0 result) + [ return' (result:VecDeque'0.t_vecdeque uint32 (Global'0.t_global))-> {[%#span55] len'1 (shallow_model'0 result) = 0} (! return' {result}) ] function shallow_model'1 (self : VecDeque'0.t_vecdeque uint32 (Global'0.t_global)) : Seq'0.t_seq uint32 = - [%#span66] shallow_model'0 self + [%#span56] shallow_model'0 self - let rec len'0 (self:VecDeque'0.t_vecdeque uint32 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span67] inv'0 self} + let rec len'0 (self:VecDeque'0.t_vecdeque uint32 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span57] inv'0 self} any - [ return' (result:usize)-> {[%#span68] UIntSize.to_int result = len'1 (shallow_model'1 self)} (! return' {result}) ] + [ return' (result:usize)-> {[%#span58] UIntSize.to_int result = len'1 (shallow_model'1 self)} (! return' {result}) ] - let rec is_empty'0 (self:VecDeque'0.t_vecdeque uint32 (Global'0.t_global)) (return' (ret:bool))= {[@expl:precondition] [%#span69] inv'0 self} - any [ return' (result:bool)-> {[%#span70] result = (len'1 (shallow_model'1 self) = 0)} (! return' {result}) ] + let rec is_empty'0 (self:VecDeque'0.t_vecdeque uint32 (Global'0.t_global)) (return' (ret:bool))= {[@expl:precondition] [%#span59] inv'0 self} + any [ return' (result:bool)-> {[%#span60] result = (len'1 (shallow_model'1 self) = 0)} (! return' {result}) ] let rec with_capacity'0 (capacity:usize) (return' (ret:VecDeque'0.t_vecdeque uint32 (Global'0.t_global)))= any - [ return' (result:VecDeque'0.t_vecdeque uint32 (Global'0.t_global))-> {[%#span71] len'1 (shallow_model'0 result) + [ return' (result:VecDeque'0.t_vecdeque uint32 (Global'0.t_global))-> {[%#span61] len'1 (shallow_model'0 result) = 0} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/vector/01.coma b/creusot/tests/should_succeed/vector/01.coma index 43022b6515..185acae084 100644 --- a/creusot/tests/should_succeed/vector/01.coma +++ b/creusot/tests/should_succeed/vector/01.coma @@ -24,22 +24,7 @@ module Core_Ops_Range_Range_Type end end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module Core_Ptr_NonNull_NonNull_Type use prelude.prelude.Opaque @@ -181,133 +166,118 @@ module C01_AllZero let%span s0110 = "../01.rs" 6 10 6 33 - let%span span11 = "" 0 0 0 0 + let%span span11 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span12 = "" 0 0 0 0 - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 let%span span14 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 let%span span15 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span16 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span16 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span17 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span18 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 + let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span20 = "../../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 - let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span21 = "../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 - let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span22 = "../../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 - let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span23 = "../../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 - let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span24 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 - let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span25 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 - let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span26 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 - let%span span27 = "../../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 + let%span span27 = "../../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 - let%span span28 = "../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 + let%span span28 = "../../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 - let%span span29 = "../../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span span29 = "../../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 - let%span span30 = "../../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span span30 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span31 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 + let%span span31 = "../../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 - let%span span32 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 31 40 33 + let%span span32 = "../../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span33 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 + let%span span33 = "../../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span34 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 61 40 63 + let%span span34 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span35 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 + let%span span35 = "../../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 - let%span span36 = "../../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span span36 = "" 0 0 0 0 - let%span span37 = "../../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 + let%span span37 = "" 0 0 0 0 - let%span span38 = "../../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span span38 = "../../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 - let%span span39 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span39 = "../../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 - let%span span40 = "../../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 + let%span span40 = "../../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 - let%span span41 = "../../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span41 = "../../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 - let%span span42 = "../../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span42 = "" 0 0 0 0 - let%span span43 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span43 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span44 = "../../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 + let%span span44 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span45 = "" 0 0 0 0 + let%span span45 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span46 = "" 0 0 0 0 + let%span span46 = "../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 - let%span span47 = "../../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 + let%span span47 = "" 0 0 0 0 - let%span span48 = "../../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 + let%span span48 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - let%span span49 = "../../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 + let%span span49 = "" 0 0 0 0 - let%span span50 = "../../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 + let%span span50 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span51 = "" 0 0 0 0 + let%span span51 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span52 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span52 = "../../../../../creusot-contracts/src/snapshot.rs" 27 20 27 48 - let%span span53 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span53 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span54 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span54 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span55 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span55 = "../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - let%span span56 = "../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span span56 = "../../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - let%span span57 = "" 0 0 0 0 + let%span span57 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - let%span span58 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 + let%span span58 = "" 0 0 0 0 let%span span59 = "" 0 0 0 0 - let%span span60 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - - let%span span61 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - - let%span span62 = "../../../../../creusot-contracts/src/snapshot.rs" 27 20 27 48 - - let%span span63 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - - let%span span64 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - - let%span span65 = "../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - - let%span span66 = "../../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - - let%span span67 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 + let%span span60 = "" 0 0 0 0 - let%span span68 = "" 0 0 0 0 - - let%span span69 = "" 0 0 0 0 - - let%span span70 = "" 0 0 0 0 - - let%span span71 = "../../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 + let%span span61 = "../../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 use prelude.prelude.UInt32 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'4 (_x : Seq'0.t_seq uint32) + predicate invariant'9 (self : Seq'0.t_seq uint32) = + [%#span11] true + + predicate inv'9 (_x : Seq'0.t_seq uint32) + + axiom inv'9 : forall x : Seq'0.t_seq uint32 . inv'9 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -319,129 +289,110 @@ module C01_AllZero use prelude.prelude.Int - constant max'0 : usize = [%#span11] (18446744073709551615 : usize) - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + constant max'0 : usize = [%#span12] (18446744073709551615 : usize) function len'1 (self : Seq'0.t_seq uint32) : int - axiom len'1_spec : forall self : Seq'0.t_seq uint32 . ([%#span12] inv'4 self) -> ([%#span13] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq uint32 . [%#span13] len'1 self >= 0 - predicate inv'9 (_x : Vec'0.t_vec uint32 (Global'0.t_global)) + predicate inv'8 (_x : Vec'0.t_vec uint32 (Global'0.t_global)) function shallow_model'2 (self : Vec'0.t_vec uint32 (Global'0.t_global)) : Seq'0.t_seq uint32 - axiom shallow_model'2_spec : forall self : Vec'0.t_vec uint32 (Global'0.t_global) . ([%#span14] inv'9 self) - -> ([%#span16] inv'4 (shallow_model'2 self)) - && ([%#span15] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'2_spec : forall self : Vec'0.t_vec uint32 (Global'0.t_global) . ([%#span14] inv'8 self) + -> ([%#span15] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) - predicate invariant'9 (self : Vec'0.t_vec uint32 (Global'0.t_global)) = - [%#span17] inv'4 (shallow_model'2 self) + predicate invariant'8 (self : Vec'0.t_vec uint32 (Global'0.t_global)) = + [%#span16] inv'9 (shallow_model'2 self) - axiom inv'9 : forall x : Vec'0.t_vec uint32 (Global'0.t_global) . inv'9 x = true + axiom inv'8 : forall x : Vec'0.t_vec uint32 (Global'0.t_global) . inv'8 x = true use prelude.prelude.Borrow - predicate invariant'8 (self : borrowed uint32) = - [%#span18] true + predicate invariant'7 (self : borrowed uint32) = + [%#span11] true - predicate inv'8 (_x : borrowed uint32) + predicate inv'7 (_x : borrowed uint32) - axiom inv'8 : forall x : borrowed uint32 . inv'8 x = true + axiom inv'7 : forall x : borrowed uint32 . inv'7 x = true - predicate invariant'7 (self : usize) = - [%#span18] true + predicate invariant'6 (self : usize) = + [%#span11] true - predicate inv'7 (_x : usize) + predicate inv'6 (_x : usize) - axiom inv'7 : forall x : usize . inv'7 x = true + axiom inv'6 : forall x : usize . inv'6 x = true use Core_Option_Option_Type as Option'0 - predicate invariant'6 (self : Option'0.t_option usize) = - [%#span18] true + predicate invariant'5 (self : Option'0.t_option usize) = + [%#span11] true - predicate inv'6 (_x : Option'0.t_option usize) + predicate inv'5 (_x : Option'0.t_option usize) - axiom inv'6 : forall x : Option'0.t_option usize . inv'6 x = true + axiom inv'5 : forall x : Option'0.t_option usize . inv'5 x = true use Core_Ops_Range_Range_Type as Range'0 - predicate invariant'5 (self : borrowed (Range'0.t_range usize)) = - [%#span18] true + predicate invariant'4 (self : borrowed (Range'0.t_range usize)) = + [%#span11] true - predicate inv'5 (_x : borrowed (Range'0.t_range usize)) + predicate inv'4 (_x : borrowed (Range'0.t_range usize)) - axiom inv'5 : forall x : borrowed (Range'0.t_range usize) . inv'5 x = true - - predicate invariant'4 (self : Seq'0.t_seq uint32) = - [%#span18] true - - axiom inv'4 : forall x : Seq'0.t_seq uint32 . inv'4 x = true + axiom inv'4 : forall x : borrowed (Range'0.t_range usize) . inv'4 x = true predicate invariant'3 (self : Seq'0.t_seq usize) = - [%#span18] true + [%#span11] true predicate inv'3 (_x : Seq'0.t_seq usize) axiom inv'3 : forall x : Seq'0.t_seq usize . inv'3 x = true predicate invariant'2 (self : Vec'0.t_vec uint32 (Global'0.t_global)) = - [%#span18] true + [%#span11] true predicate inv'2 (_x : Vec'0.t_vec uint32 (Global'0.t_global)) axiom inv'2 : forall x : Vec'0.t_vec uint32 (Global'0.t_global) . inv'2 x = true predicate invariant'1 (self : borrowed (Vec'0.t_vec uint32 (Global'0.t_global))) = - [%#span18] true + [%#span11] true predicate inv'1 (_x : borrowed (Vec'0.t_vec uint32 (Global'0.t_global))) axiom inv'1 : forall x : borrowed (Vec'0.t_vec uint32 (Global'0.t_global)) . inv'1 x = true - constant empty'1 : Seq'0.t_seq uint32 = [%#span19] () - - function empty_len'1 (_1 : ()) : () = - [%#span21] () - - axiom empty_len'1_spec : forall _1 : () . [%#span20] len'1 (empty'1 : Seq'0.t_seq uint32) = 0 + constant empty'1 : Seq'0.t_seq uint32 - use seq.Seq + function empty_len'1 (_1 : ()) : () - use seq.Seq + axiom empty_len'1_spec : forall _1 : () . [%#span17] len'1 (empty'1 : Seq'0.t_seq uint32) = 0 - function index_logic'1 (self : Seq'0.t_seq usize) (x : int) : usize - - use seq.Seq + function index_logic'1 (self : Seq'0.t_seq usize) (_2 : int) : usize function len'2 (self : Seq'0.t_seq usize) : int - axiom len'2_spec : forall self : Seq'0.t_seq usize . ([%#span12] inv'3 self) -> ([%#span13] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq usize . [%#span13] len'2 self >= 0 function concat'0 (self : Seq'0.t_seq usize) (other : Seq'0.t_seq usize) : Seq'0.t_seq usize - axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span22] inv'3 self) - -> ([%#span23] inv'3 other) - -> ([%#span26] inv'3 (concat'0 self other)) - && ([%#span25] forall i : int . 0 <= i /\ i < len'2 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span19] forall i : int . 0 <= i + /\ i < len'2 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'2 self then index_logic'1 self i else index_logic'1 other (i - len'2 self))) - && ([%#span24] len'2 (concat'0 self other) = len'2 self + len'2 other) + && ([%#span18] len'2 (concat'0 self other) = len'2 self + len'2 other) predicate inv'0 (_x : Range'0.t_range usize) use prelude.prelude.Int function deep_model'0 (self : usize) : int = - [%#span27] UIntSize.to_int self + [%#span20] UIntSize.to_int self use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type predicate produces'0 (self : Range'0.t_range usize) (visited : Seq'0.t_seq usize) (o : Range'0.t_range usize) = - [%#span28] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o + [%#span21] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start self) <= deep_model'0 (Core_Ops_Range_Range_Type.range_start o) /\ (len'2 visited > 0 @@ -454,91 +405,83 @@ module C01_AllZero function produces_trans'0 (a : Range'0.t_range usize) (ab : Seq'0.t_seq usize) (b : Range'0.t_range usize) (bc : Seq'0.t_seq usize) (c : Range'0.t_range usize) : () - axiom produces_trans'0_spec : forall a : Range'0.t_range usize, ab : Seq'0.t_seq usize, b : Range'0.t_range usize, bc : Seq'0.t_seq usize, c : Range'0.t_range usize . ([%#span29] produces'0 a ab b) - -> ([%#span30] produces'0 b bc c) - -> ([%#span31] inv'0 a) - -> ([%#span32] inv'3 ab) - -> ([%#span33] inv'0 b) - -> ([%#span34] inv'3 bc) -> ([%#span35] inv'0 c) -> ([%#span36] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : Range'0.t_range usize, ab : Seq'0.t_seq usize, b : Range'0.t_range usize, bc : Seq'0.t_seq usize, c : Range'0.t_range usize . ([%#span22] produces'0 a ab b) + -> ([%#span23] produces'0 b bc c) + -> ([%#span24] inv'0 a) + -> ([%#span25] inv'0 b) -> ([%#span26] inv'0 c) -> ([%#span27] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq usize = [%#span19] () + constant empty'0 : Seq'0.t_seq usize function produces_refl'0 (self : Range'0.t_range usize) : () - axiom produces_refl'0_spec : forall self : Range'0.t_range usize . ([%#span37] inv'0 self) - -> ([%#span38] produces'0 self (empty'0 : Seq'0.t_seq usize) self) + axiom produces_refl'0_spec : forall self : Range'0.t_range usize . ([%#span28] inv'0 self) + -> ([%#span29] produces'0 self (empty'0 : Seq'0.t_seq usize) self) predicate invariant'0 (self : Range'0.t_range usize) = - [%#span18] true + [%#span11] true axiom inv'0 : forall x : Range'0.t_range usize . inv'0 x = true - function empty_len'0 (_1 : ()) : () = - [%#span21] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span20] len'2 (empty'0 : Seq'0.t_seq usize) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span17] len'2 (empty'0 : Seq'0.t_seq usize) = 0 use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic predicate resolve'2 (self : borrowed (Vec'0.t_vec uint32 (Global'0.t_global))) = - [%#span39] ^ self = * self + [%#span30] ^ self = * self predicate resolve'1 (self : borrowed uint32) = - [%#span39] ^ self = * self + [%#span30] ^ self = * self use prelude.prelude.Slice - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq uint32) (x : int) : uint32 + function index_logic'2 (self : Seq'0.t_seq uint32) (_2 : int) : uint32 predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq'0.t_seq uint32) (fin : Seq'0.t_seq uint32) = - [%#span40] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'1 old' + [%#span31] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'1 old' -> index_logic'2 old' i = index_logic'2 fin i predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq uint32) (out : uint32) = - [%#span41] index_logic'2 seq (UIntSize.to_int self) = out + [%#span32] index_logic'2 seq (UIntSize.to_int self) = out predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq uint32) = - [%#span42] UIntSize.to_int self < len'1 seq + [%#span33] UIntSize.to_int self < len'1 seq function shallow_model'0 (self : borrowed (Vec'0.t_vec uint32 (Global'0.t_global))) : Seq'0.t_seq uint32 = - [%#span43] shallow_model'2 ( * self) + [%#span34] shallow_model'2 ( * self) - let rec index_mut'0 (self:borrowed (Vec'0.t_vec uint32 (Global'0.t_global))) (index:usize) (return' (ret:borrowed uint32))= {[@expl:precondition] [%#span46] inv'7 index} - {[@expl:precondition] [%#span45] inv'1 self} - {[@expl:precondition] [%#span44] in_bounds'0 index (shallow_model'0 self)} + let rec index_mut'0 (self:borrowed (Vec'0.t_vec uint32 (Global'0.t_global))) (index:usize) (return' (ret:borrowed uint32))= {[@expl:precondition] [%#span37] inv'6 index} + {[@expl:precondition] [%#span36] inv'1 self} + {[@expl:precondition] [%#span35] in_bounds'0 index (shallow_model'0 self)} any - [ return' (result:borrowed uint32)-> {[%#span51] inv'8 result} - {[%#span50] len'1 (shallow_model'2 ( ^ self)) = len'1 (shallow_model'0 self)} - {[%#span49] resolve_elswhere'0 index (shallow_model'0 self) (shallow_model'2 ( ^ self))} - {[%#span48] has_value'0 index (shallow_model'2 ( ^ self)) ( ^ result)} - {[%#span47] has_value'0 index (shallow_model'0 self) ( * result)} + [ return' (result:borrowed uint32)-> {[%#span42] inv'7 result} + {[%#span41] len'1 (shallow_model'2 ( ^ self)) = len'1 (shallow_model'0 self)} + {[%#span40] resolve_elswhere'0 index (shallow_model'0 self) (shallow_model'2 ( ^ self))} + {[%#span39] has_value'0 index (shallow_model'2 ( ^ self)) ( ^ result)} + {[%#span38] has_value'0 index (shallow_model'0 self) ( * result)} (! return' {result}) ] - use seq.Seq - function singleton'0 (v : usize) : Seq'0.t_seq usize - axiom singleton'0_spec : forall v : usize . ([%#span52] inv'7 v) - -> ([%#span55] inv'3 (singleton'0 v)) - && ([%#span54] index_logic'1 (singleton'0 v) 0 = v) && ([%#span53] len'2 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : usize . ([%#span43] inv'6 v) + -> ([%#span45] index_logic'1 (singleton'0 v) 0 = v) && ([%#span44] len'2 (singleton'0 v) = 1) predicate resolve'0 (self : borrowed (Range'0.t_range usize)) = - [%#span39] ^ self = * self + [%#span30] ^ self = * self predicate completed'0 (self : borrowed (Range'0.t_range usize)) = - [%#span56] resolve'0 self + [%#span46] resolve'0 self /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start ( * self)) >= deep_model'0 (Core_Ops_Range_Range_Type.range_end ( * self)) - let rec next'0 (self:borrowed (Range'0.t_range usize)) (return' (ret:Option'0.t_option usize))= {[@expl:precondition] [%#span57] inv'5 self} + let rec next'0 (self:borrowed (Range'0.t_range usize)) (return' (ret:Option'0.t_option usize))= {[@expl:precondition] [%#span47] inv'4 self} any - [ return' (result:Option'0.t_option usize)-> {[%#span59] inv'6 result} - {[%#span58] match result with + [ return' (result:Option'0.t_option usize)-> {[%#span49] inv'5 result} + {[%#span48] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} @@ -546,12 +489,12 @@ module C01_AllZero function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec uint32 (Global'0.t_global)) (ix : int) : uint32 = - [%#span60] index_logic'2 (shallow_model'2 self) ix + [%#span50] index_logic'2 (shallow_model'2 self) ix function deref'1 (self : Snapshot'0.t_snapshot (Seq'0.t_seq usize)) : Seq'0.t_seq usize function shallow_model'4 (self : borrowed (Vec'0.t_vec uint32 (Global'0.t_global))) : Seq'0.t_seq uint32 = - [%#span61] shallow_model'0 self + [%#span51] shallow_model'0 self function deref'0 (self : Snapshot'0.t_snapshot (borrowed (Vec'0.t_vec uint32 (Global'0.t_global)))) : borrowed (Vec'0.t_vec uint32 (Global'0.t_global)) @@ -559,7 +502,7 @@ module C01_AllZero function shallow_model'1 (self : Snapshot'0.t_snapshot (borrowed (Vec'0.t_vec uint32 (Global'0.t_global)))) : Seq'0.t_seq uint32 = - [%#span62] shallow_model'4 (deref'0 self) + [%#span52] shallow_model'4 (deref'0 self) function inner'1 (self : Snapshot'0.t_snapshot (Seq'0.t_seq usize)) : Seq'0.t_seq usize @@ -569,39 +512,39 @@ module C01_AllZero function new'2 (x : Seq'0.t_seq usize) : Snapshot'0.t_snapshot (Seq'0.t_seq usize) - axiom new'2_spec : forall x : Seq'0.t_seq usize . ([%#span63] inv'3 x) -> ([%#span64] deref'1 (new'2 x) = x) + axiom new'2_spec : forall x : Seq'0.t_seq usize . ([%#span53] inv'3 x) -> ([%#span54] deref'1 (new'2 x) = x) function new'1 (x : Range'0.t_range usize) : Snapshot'0.t_snapshot (Range'0.t_range usize) - axiom new'1_spec : forall x : Range'0.t_range usize . ([%#span63] inv'0 x) -> ([%#span64] deref'2 (new'1 x) = x) + axiom new'1_spec : forall x : Range'0.t_range usize . ([%#span53] inv'0 x) -> ([%#span54] deref'2 (new'1 x) = x) predicate into_iter_post'0 (self : Range'0.t_range usize) (res : Range'0.t_range usize) = - [%#span65] self = res + [%#span55] self = res predicate into_iter_pre'0 (self : Range'0.t_range usize) = - [%#span66] true + [%#span56] true - let rec into_iter'0 (self:Range'0.t_range usize) (return' (ret:Range'0.t_range usize))= {[@expl:precondition] [%#span68] inv'0 self} - {[@expl:precondition] [%#span67] into_iter_pre'0 self} + let rec into_iter'0 (self:Range'0.t_range usize) (return' (ret:Range'0.t_range usize))= {[@expl:precondition] [%#span58] inv'0 self} + {[@expl:precondition] [%#span57] into_iter_pre'0 self} any - [ return' (result:Range'0.t_range usize)-> {[%#span69] inv'0 result} - {[%#span67] into_iter_post'0 self result} + [ return' (result:Range'0.t_range usize)-> {[%#span59] inv'0 result} + {[%#span57] into_iter_post'0 self result} (! return' {result}) ] function shallow_model'3 (self : Vec'0.t_vec uint32 (Global'0.t_global)) : Seq'0.t_seq uint32 = - [%#span61] shallow_model'2 self + [%#span51] shallow_model'2 self - let rec len'0 (self:Vec'0.t_vec uint32 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span70] inv'2 self} + let rec len'0 (self:Vec'0.t_vec uint32 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span60] inv'2 self} any - [ return' (result:usize)-> {[%#span71] UIntSize.to_int result = len'1 (shallow_model'3 self)} (! return' {result}) ] + [ return' (result:usize)-> {[%#span61] UIntSize.to_int result = len'1 (shallow_model'3 self)} (! return' {result}) ] function new'0 (x : borrowed (Vec'0.t_vec uint32 (Global'0.t_global))) : Snapshot'0.t_snapshot (borrowed (Vec'0.t_vec uint32 (Global'0.t_global))) - axiom new'0_spec : forall x : borrowed (Vec'0.t_vec uint32 (Global'0.t_global)) . ([%#span63] inv'1 x) - -> ([%#span64] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : borrowed (Vec'0.t_vec uint32 (Global'0.t_global)) . ([%#span53] inv'1 x) + -> ([%#span54] deref'0 (new'0 x) = x) let rec all_zero (v:borrowed (Vec'0.t_vec uint32 (Global'0.t_global))) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &old_v <- [%#s010] new'0 v ] s1 | s1 = bb1 ] diff --git a/creusot/tests/should_succeed/vector/04_binary_search.coma b/creusot/tests/should_succeed/vector/04_binary_search.coma index 4479e35524..7a79c1d273 100644 --- a/creusot/tests/should_succeed/vector/04_binary_search.coma +++ b/creusot/tests/should_succeed/vector/04_binary_search.coma @@ -1,21 +1,6 @@ module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module Core_Ptr_NonNull_NonNull_Type use prelude.prelude.Opaque @@ -164,59 +149,56 @@ module C04BinarySearch_BinarySearch let%span s04_binary_search13 = "../04_binary_search.rs" 24 0 25 65 - let%span span14 = "" 0 0 0 0 + let%span span14 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span15 = "" 0 0 0 0 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 let%span span17 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 let%span span18 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span19 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span19 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span20 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span21 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 + let%span span21 = "../04_binary_search.rs" 9 4 11 5 - let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span22 = "../04_binary_search.rs" 16 4 16 31 - let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span23 = "../../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span24 = "../../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span25 = "../04_binary_search.rs" 9 4 11 5 + let%span span25 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span26 = "../04_binary_search.rs" 16 4 16 31 + let%span span26 = "../../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 - let%span span27 = "../../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span27 = "" 0 0 0 0 - let%span span28 = "../../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span28 = "" 0 0 0 0 - let%span span29 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span29 = "../../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 - let%span span30 = "../../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 + let%span span30 = "" 0 0 0 0 - let%span span31 = "" 0 0 0 0 + let%span span31 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 let%span span32 = "" 0 0 0 0 - let%span span33 = "../../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 - - let%span span34 = "" 0 0 0 0 - - let%span span35 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - - let%span span36 = "" 0 0 0 0 - - let%span span37 = "../../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 + let%span span33 = "../../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 use prelude.prelude.UInt32 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'1 (_x : Seq'0.t_seq uint32) + predicate invariant'4 (self : Seq'0.t_seq uint32) = + [%#span14] true + + predicate inv'4 (_x : Seq'0.t_seq uint32) + + axiom inv'4 : forall x : Seq'0.t_seq uint32 . inv'4 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -228,71 +210,58 @@ module C04BinarySearch_BinarySearch use prelude.prelude.Int - constant max'0 : usize = [%#span14] (18446744073709551615 : usize) - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + constant max'0 : usize = [%#span15] (18446744073709551615 : usize) function len'1 (self : Seq'0.t_seq uint32) : int - axiom len'1_spec : forall self : Seq'0.t_seq uint32 . ([%#span15] inv'1 self) -> ([%#span16] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq uint32 . [%#span16] len'1 self >= 0 - predicate inv'4 (_x : Vec'0.t_vec uint32 (Global'0.t_global)) + predicate inv'3 (_x : Vec'0.t_vec uint32 (Global'0.t_global)) function shallow_model'1 (self : Vec'0.t_vec uint32 (Global'0.t_global)) : Seq'0.t_seq uint32 - axiom shallow_model'1_spec : forall self : Vec'0.t_vec uint32 (Global'0.t_global) . ([%#span17] inv'4 self) - -> ([%#span19] inv'1 (shallow_model'1 self)) - && ([%#span18] len'1 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) - - predicate invariant'4 (self : Vec'0.t_vec uint32 (Global'0.t_global)) = - [%#span20] inv'1 (shallow_model'1 self) + axiom shallow_model'1_spec : forall self : Vec'0.t_vec uint32 (Global'0.t_global) . ([%#span17] inv'3 self) + -> ([%#span18] len'1 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) - axiom inv'4 : forall x : Vec'0.t_vec uint32 (Global'0.t_global) . inv'4 x = true + predicate invariant'3 (self : Vec'0.t_vec uint32 (Global'0.t_global)) = + [%#span19] inv'4 (shallow_model'1 self) - predicate invariant'3 (self : uint32) = - [%#span21] true + axiom inv'3 : forall x : Vec'0.t_vec uint32 (Global'0.t_global) . inv'3 x = true - predicate inv'3 (_x : uint32) + predicate invariant'2 (self : uint32) = + [%#span14] true - axiom inv'3 : forall x : uint32 . inv'3 x = true + predicate inv'2 (_x : uint32) - predicate invariant'2 (self : usize) = - [%#span21] true + axiom inv'2 : forall x : uint32 . inv'2 x = true - predicate inv'2 (_x : usize) + predicate invariant'1 (self : usize) = + [%#span14] true - axiom inv'2 : forall x : usize . inv'2 x = true + predicate inv'1 (_x : usize) - predicate invariant'1 (self : Seq'0.t_seq uint32) = - [%#span21] true - - axiom inv'1 : forall x : Seq'0.t_seq uint32 . inv'1 x = true + axiom inv'1 : forall x : usize . inv'1 x = true predicate invariant'0 (self : Vec'0.t_vec uint32 (Global'0.t_global)) = - [%#span21] true + [%#span14] true predicate inv'0 (_x : Vec'0.t_vec uint32 (Global'0.t_global)) axiom inv'0 : forall x : Vec'0.t_vec uint32 (Global'0.t_global) . inv'0 x = true - constant empty'0 : Seq'0.t_seq uint32 = [%#span22] () - - function empty_len'0 (_1 : ()) : () = - [%#span24] () + constant empty'0 : Seq'0.t_seq uint32 - axiom empty_len'0_spec : forall _1 : () . [%#span23] len'1 (empty'0 : Seq'0.t_seq uint32) = 0 + function empty_len'0 (_1 : ()) : () - use seq.Seq + axiom empty_len'0_spec : forall _1 : () . [%#span20] len'1 (empty'0 : Seq'0.t_seq uint32) = 0 - function index_logic'1 (self : Seq'0.t_seq uint32) (x : int) : uint32 + function index_logic'1 (self : Seq'0.t_seq uint32) (_2 : int) : uint32 predicate sorted_range'0 [#"../04_binary_search.rs" 8 0 8 52] (s : Seq'0.t_seq uint32) (l : int) (u : int) = - [%#span25] forall j : int . forall i : int . l <= i /\ i < j /\ j < u -> index_logic'1 s i <= index_logic'1 s j + [%#span21] forall j : int . forall i : int . l <= i /\ i < j /\ j < u -> index_logic'1 s i <= index_logic'1 s j predicate sorted'0 [#"../04_binary_search.rs" 15 0 15 30] (s : Seq'0.t_seq uint32) = - [%#span26] sorted_range'0 s 0 (len'1 s) + [%#span22] sorted_range'0 s 0 (len'1 s) use prelude.prelude.Intrinsic @@ -301,31 +270,31 @@ module C04BinarySearch_BinarySearch use prelude.prelude.Slice predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq uint32) (out : uint32) = - [%#span27] index_logic'1 seq (UIntSize.to_int self) = out + [%#span23] index_logic'1 seq (UIntSize.to_int self) = out predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq uint32) = - [%#span28] UIntSize.to_int self < len'1 seq + [%#span24] UIntSize.to_int self < len'1 seq function shallow_model'0 (self : Vec'0.t_vec uint32 (Global'0.t_global)) : Seq'0.t_seq uint32 = - [%#span29] shallow_model'1 self + [%#span25] shallow_model'1 self - let rec index'0 (self:Vec'0.t_vec uint32 (Global'0.t_global)) (index:usize) (return' (ret:uint32))= {[@expl:precondition] [%#span32] inv'2 index} - {[@expl:precondition] [%#span31] inv'0 self} - {[@expl:precondition] [%#span30] in_bounds'0 index (shallow_model'0 self)} + let rec index'0 (self:Vec'0.t_vec uint32 (Global'0.t_global)) (index:usize) (return' (ret:uint32))= {[@expl:precondition] [%#span28] inv'1 index} + {[@expl:precondition] [%#span27] inv'0 self} + {[@expl:precondition] [%#span26] in_bounds'0 index (shallow_model'0 self)} any - [ return' (result:uint32)-> {[%#span34] inv'3 result} - {[%#span33] has_value'0 index (shallow_model'0 self) result} + [ return' (result:uint32)-> {[%#span30] inv'2 result} + {[%#span29] has_value'0 index (shallow_model'0 self) result} (! return' {result}) ] function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec uint32 (Global'0.t_global)) (ix : int) : uint32 = - [%#span35] index_logic'1 (shallow_model'1 self) ix + [%#span31] index_logic'1 (shallow_model'1 self) ix use Core_Result_Result_Type as Result'0 - let rec len'0 (self:Vec'0.t_vec uint32 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span36] inv'0 self} + let rec len'0 (self:Vec'0.t_vec uint32 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span32] inv'0 self} any - [ return' (result:usize)-> {[%#span37] UIntSize.to_int result = len'1 (shallow_model'0 self)} (! return' {result}) ] + [ return' (result:usize)-> {[%#span33] UIntSize.to_int result = len'1 (shallow_model'0 self)} (! return' {result}) ] let rec binary_search (arr:Vec'0.t_vec uint32 (Global'0.t_global)) (elem:uint32) (return' (ret:Result'0.t_result usize usize))= {[%#s04_binary_search10] sorted'0 (shallow_model'0 arr)} diff --git a/creusot/tests/should_succeed/vector/05_binary_search_generic.coma b/creusot/tests/should_succeed/vector/05_binary_search_generic.coma index f33a760868..4f75e00711 100644 --- a/creusot/tests/should_succeed/vector/05_binary_search_generic.coma +++ b/creusot/tests/should_succeed/vector/05_binary_search_generic.coma @@ -1,21 +1,6 @@ module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module Core_Cmp_Ordering_Type type t_ordering = @@ -194,153 +179,141 @@ module C05BinarySearchGeneric_BinarySearch let%span span17 = "" 0 0 0 0 - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span19 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span20 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span20 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span21 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span21 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span22 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span23 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span23 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span24 = "../../../../../creusot-contracts/src/logic/ord.rs" 70 14 70 15 - let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span25 = "../../../../../creusot-contracts/src/logic/ord.rs" 70 23 70 24 - let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span26 = "../../../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 - let%span span27 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 + let%span span27 = "../../../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 - let%span span28 = "../../../../../creusot-contracts/src/logic/ord.rs" 70 14 70 15 + let%span span28 = "../../../../../creusot-contracts/src/logic/ord.rs" 66 16 66 17 - let%span span29 = "../../../../../creusot-contracts/src/logic/ord.rs" 70 23 70 24 + let%span span29 = "../../../../../creusot-contracts/src/logic/ord.rs" 66 25 66 26 - let%span span30 = "../../../../../creusot-contracts/src/logic/ord.rs" 69 14 69 59 + let%span span30 = "../../../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 - let%span span31 = "../../../../../creusot-contracts/src/logic/ord.rs" 64 15 64 48 + let%span span31 = "../../../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 - let%span span32 = "../../../../../creusot-contracts/src/logic/ord.rs" 66 16 66 17 + let%span span32 = "../../../../../creusot-contracts/src/logic/ord.rs" 61 16 61 17 - let%span span33 = "../../../../../creusot-contracts/src/logic/ord.rs" 66 25 66 26 + let%span span33 = "../../../../../creusot-contracts/src/logic/ord.rs" 61 25 61 26 - let%span span34 = "../../../../../creusot-contracts/src/logic/ord.rs" 65 14 65 44 + let%span span34 = "../../../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 - let%span span35 = "../../../../../creusot-contracts/src/logic/ord.rs" 59 15 59 45 + let%span span35 = "../../../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 - let%span span36 = "../../../../../creusot-contracts/src/logic/ord.rs" 61 16 61 17 + let%span span36 = "../../../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 - let%span span37 = "../../../../../creusot-contracts/src/logic/ord.rs" 61 25 61 26 + let%span span37 = "../../../../../creusot-contracts/src/logic/ord.rs" 56 13 56 14 - let%span span38 = "../../../../../creusot-contracts/src/logic/ord.rs" 60 14 60 47 + let%span span38 = "../../../../../creusot-contracts/src/logic/ord.rs" 56 22 56 23 - let%span span39 = "../../../../../creusot-contracts/src/logic/ord.rs" 53 15 53 32 + let%span span39 = "../../../../../creusot-contracts/src/logic/ord.rs" 56 31 56 32 - let%span span40 = "../../../../../creusot-contracts/src/logic/ord.rs" 54 15 54 32 + let%span span40 = "../../../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 - let%span span41 = "../../../../../creusot-contracts/src/logic/ord.rs" 56 13 56 14 + let%span span41 = "../../../../../creusot-contracts/src/logic/ord.rs" 50 12 50 13 - let%span span42 = "../../../../../creusot-contracts/src/logic/ord.rs" 56 22 56 23 + let%span span42 = "../../../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 - let%span span43 = "../../../../../creusot-contracts/src/logic/ord.rs" 56 31 56 32 + let%span span43 = "../../../../../creusot-contracts/src/logic/ord.rs" 46 18 46 19 - let%span span44 = "../../../../../creusot-contracts/src/logic/ord.rs" 55 14 55 31 + let%span span44 = "../../../../../creusot-contracts/src/logic/ord.rs" 46 27 46 28 - let%span span45 = "../../../../../creusot-contracts/src/logic/ord.rs" 50 12 50 13 + let%span span45 = "../../../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 - let%span span46 = "../../../../../creusot-contracts/src/logic/ord.rs" 49 14 49 45 + let%span span46 = "../../../../../creusot-contracts/src/logic/ord.rs" 36 18 36 19 - let%span span47 = "../../../../../creusot-contracts/src/logic/ord.rs" 46 18 46 19 + let%span span47 = "../../../../../creusot-contracts/src/logic/ord.rs" 36 27 36 28 - let%span span48 = "../../../../../creusot-contracts/src/logic/ord.rs" 46 27 46 28 + let%span span48 = "../../../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 - let%span span49 = "../../../../../creusot-contracts/src/logic/ord.rs" 45 14 45 64 + let%span span49 = "../../../../../creusot-contracts/src/logic/ord.rs" 26 18 26 19 - let%span span50 = "../../../../../creusot-contracts/src/logic/ord.rs" 36 18 36 19 + let%span span50 = "../../../../../creusot-contracts/src/logic/ord.rs" 26 27 26 28 - let%span span51 = "../../../../../creusot-contracts/src/logic/ord.rs" 36 27 36 28 + let%span span51 = "../../../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 - let%span span52 = "../../../../../creusot-contracts/src/logic/ord.rs" 35 14 35 61 + let%span span52 = "../../../../../creusot-contracts/src/logic/ord.rs" 16 18 16 19 - let%span span53 = "../../../../../creusot-contracts/src/logic/ord.rs" 26 18 26 19 + let%span span53 = "../../../../../creusot-contracts/src/logic/ord.rs" 16 27 16 28 - let%span span54 = "../../../../../creusot-contracts/src/logic/ord.rs" 26 27 26 28 + let%span span54 = "../../../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 - let%span span55 = "../../../../../creusot-contracts/src/logic/ord.rs" 25 14 25 61 + let%span span55 = "../05_binary_search_generic.rs" 10 4 12 5 - let%span span56 = "../../../../../creusot-contracts/src/logic/ord.rs" 16 18 16 19 + let%span span56 = "../05_binary_search_generic.rs" 17 4 17 31 - let%span span57 = "../../../../../creusot-contracts/src/logic/ord.rs" 16 27 16 28 + let%span span57 = "" 0 0 0 0 - let%span span58 = "../../../../../creusot-contracts/src/logic/ord.rs" 15 14 15 64 + let%span span58 = "" 0 0 0 0 - let%span span59 = "../05_binary_search_generic.rs" 10 4 12 5 + let%span span59 = "../../../../../creusot-contracts/src/std/cmp.rs" 50 26 50 85 - let%span span60 = "../05_binary_search_generic.rs" 17 4 17 31 + let%span span60 = "../../../../../creusot-contracts/src/model.rs" 81 8 81 28 let%span span61 = "" 0 0 0 0 let%span span62 = "" 0 0 0 0 - let%span span63 = "../../../../../creusot-contracts/src/std/cmp.rs" 50 26 50 85 + let%span span63 = "../../../../../creusot-contracts/src/std/cmp.rs" 39 26 39 76 - let%span span64 = "../../../../../creusot-contracts/src/model.rs" 81 8 81 28 + let%span span64 = "../../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span65 = "" 0 0 0 0 + let%span span65 = "../../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span66 = "" 0 0 0 0 + let%span span66 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span67 = "../../../../../creusot-contracts/src/std/cmp.rs" 39 26 39 76 + let%span span67 = "../../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 - let%span span68 = "../../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span68 = "" 0 0 0 0 - let%span span69 = "../../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span69 = "" 0 0 0 0 - let%span span70 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span70 = "../../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 - let%span span71 = "../../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 + let%span span71 = "" 0 0 0 0 - let%span span72 = "" 0 0 0 0 + let%span span72 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span73 = "" 0 0 0 0 + let%span span73 = "../../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22 - let%span span74 = "../../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 + let%span span74 = "../../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56 - let%span span75 = "" 0 0 0 0 + let%span span75 = "../../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53 - let%span span76 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span76 = "" 0 0 0 0 - let%span span77 = "../../../../../creusot-contracts/src/std/vec.rs" 33 18 33 22 + let%span span77 = "../../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 - let%span span78 = "../../../../../creusot-contracts/src/std/vec.rs" 30 14 30 56 - - let%span span79 = "../../../../../creusot-contracts/src/std/vec.rs" 31 4 32 53 + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - let%span span80 = "../../../../../creusot-contracts/src/std/vec.rs" 33 4 33 44 + predicate invariant'6 (self : Seq'0.t_seq t) - let%span span81 = "" 0 0 0 0 + predicate inv'6 (_x : Seq'0.t_seq t) - let%span span82 = "../../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 + axiom inv'6 : forall x : Seq'0.t_seq t . inv'6 x = true type deep_model_ty'0 - predicate invariant'7 (self : deep_model_ty'0) - - predicate inv'7 (_x : deep_model_ty'0) - - axiom inv'7 : forall x : deep_model_ty'0 . inv'7 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + predicate invariant'5 (self : deep_model_ty'0) - predicate invariant'6 (self : Seq'0.t_seq deep_model_ty'0) + predicate inv'5 (_x : deep_model_ty'0) - predicate inv'6 (_x : Seq'0.t_seq deep_model_ty'0) - - axiom inv'6 : forall x : Seq'0.t_seq deep_model_ty'0 . inv'6 x = true - - predicate inv'3 (_x : Seq'0.t_seq t) + axiom inv'5 : forall x : deep_model_ty'0 . inv'5 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -354,51 +327,38 @@ module C05BinarySearchGeneric_BinarySearch constant max'0 : usize = [%#span17] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'1 (self : Seq'0.t_seq t) : int - axiom len'1_spec : forall self : Seq'0.t_seq t . ([%#span18] inv'3 self) -> ([%#span19] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq t . [%#span18] len'1 self >= 0 - predicate inv'5 (_x : Vec'0.t_vec t (Global'0.t_global)) + predicate inv'4 (_x : Vec'0.t_vec t (Global'0.t_global)) function shallow_model'1 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq t - axiom shallow_model'1_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span20] inv'5 self) - -> ([%#span22] inv'3 (shallow_model'1 self)) - && ([%#span21] len'1 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) - - predicate invariant'5 (self : Vec'0.t_vec t (Global'0.t_global)) = - [%#span23] inv'3 (shallow_model'1 self) + axiom shallow_model'1_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span19] inv'4 self) + -> ([%#span20] len'1 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) - axiom inv'5 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'5 x = true + predicate invariant'4 (self : Vec'0.t_vec t (Global'0.t_global)) = + [%#span21] inv'6 (shallow_model'1 self) - use seq.Seq + axiom inv'4 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'4 x = true function len'2 (self : Seq'0.t_seq deep_model_ty'0) : int - axiom len'2_spec : forall self : Seq'0.t_seq deep_model_ty'0 . ([%#span18] inv'6 self) - -> ([%#span19] len'2 self >= 0) - - constant empty'1 : Seq'0.t_seq deep_model_ty'0 = [%#span24] () + axiom len'2_spec : forall self : Seq'0.t_seq deep_model_ty'0 . [%#span18] len'2 self >= 0 - function empty_len'1 (_1 : ()) : () = - [%#span26] () + constant empty'1 : Seq'0.t_seq deep_model_ty'0 - axiom empty_len'1_spec : forall _1 : () . [%#span25] len'2 (empty'1 : Seq'0.t_seq deep_model_ty'0) = 0 + function empty_len'1 (_1 : ()) : () - predicate invariant'4 (self : usize) = - [%#span27] true + axiom empty_len'1_spec : forall _1 : () . [%#span22] len'2 (empty'1 : Seq'0.t_seq deep_model_ty'0) = 0 - predicate inv'4 (_x : usize) + predicate invariant'3 (self : usize) = + [%#span23] true - axiom inv'4 : forall x : usize . inv'4 x = true + predicate inv'3 (_x : usize) - predicate invariant'3 (self : Seq'0.t_seq t) - - axiom inv'3 : forall x : Seq'0.t_seq t . inv'3 x = true + axiom inv'3 : forall x : usize . inv'3 x = true predicate invariant'2 (self : t) @@ -412,67 +372,66 @@ module C05BinarySearchGeneric_BinarySearch function eq_cmp'0 (x : deep_model_ty'0) (y : deep_model_ty'0) : () - axiom eq_cmp'0_spec : forall x : deep_model_ty'0, y : deep_model_ty'0 . ([%#span28] inv'7 x) - -> ([%#span29] inv'7 y) -> ([%#span30] (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal)) + axiom eq_cmp'0_spec : forall x : deep_model_ty'0, y : deep_model_ty'0 . ([%#span24] inv'5 x) + -> ([%#span25] inv'5 y) -> ([%#span26] (x = y) = (cmp_log'0 x y = Ordering'0.C_Equal)) function antisym2'0 (x : deep_model_ty'0) (y : deep_model_ty'0) : () - axiom antisym2'0_spec : forall x : deep_model_ty'0, y : deep_model_ty'0 . ([%#span31] cmp_log'0 x y + axiom antisym2'0_spec : forall x : deep_model_ty'0, y : deep_model_ty'0 . ([%#span27] cmp_log'0 x y = Ordering'0.C_Greater) - -> ([%#span32] inv'7 x) -> ([%#span33] inv'7 y) -> ([%#span34] cmp_log'0 y x = Ordering'0.C_Less) + -> ([%#span28] inv'5 x) -> ([%#span29] inv'5 y) -> ([%#span30] cmp_log'0 y x = Ordering'0.C_Less) function antisym1'0 (x : deep_model_ty'0) (y : deep_model_ty'0) : () - axiom antisym1'0_spec : forall x : deep_model_ty'0, y : deep_model_ty'0 . ([%#span35] cmp_log'0 x y + axiom antisym1'0_spec : forall x : deep_model_ty'0, y : deep_model_ty'0 . ([%#span31] cmp_log'0 x y = Ordering'0.C_Less) - -> ([%#span36] inv'7 x) -> ([%#span37] inv'7 y) -> ([%#span38] cmp_log'0 y x = Ordering'0.C_Greater) + -> ([%#span32] inv'5 x) -> ([%#span33] inv'5 y) -> ([%#span34] cmp_log'0 y x = Ordering'0.C_Greater) function trans'0 (x : deep_model_ty'0) (y : deep_model_ty'0) (z : deep_model_ty'0) (o : Ordering'0.t_ordering) : () - axiom trans'0_spec : forall x : deep_model_ty'0, y : deep_model_ty'0, z : deep_model_ty'0, o : Ordering'0.t_ordering . ([%#span39] cmp_log'0 x y + axiom trans'0_spec : forall x : deep_model_ty'0, y : deep_model_ty'0, z : deep_model_ty'0, o : Ordering'0.t_ordering . ([%#span35] cmp_log'0 x y = o) - -> ([%#span40] cmp_log'0 y z = o) - -> ([%#span41] inv'7 x) -> ([%#span42] inv'7 y) -> ([%#span43] inv'7 z) -> ([%#span44] cmp_log'0 x z = o) + -> ([%#span36] cmp_log'0 y z = o) + -> ([%#span37] inv'5 x) -> ([%#span38] inv'5 y) -> ([%#span39] inv'5 z) -> ([%#span40] cmp_log'0 x z = o) function refl'0 (x : deep_model_ty'0) : () - axiom refl'0_spec : forall x : deep_model_ty'0 . ([%#span45] inv'7 x) - -> ([%#span46] cmp_log'0 x x = Ordering'0.C_Equal) + axiom refl'0_spec : forall x : deep_model_ty'0 . ([%#span41] inv'5 x) + -> ([%#span42] cmp_log'0 x x = Ordering'0.C_Equal) function gt_log'0 (self : deep_model_ty'0) (o : deep_model_ty'0) : bool function cmp_gt_log'0 (x : deep_model_ty'0) (y : deep_model_ty'0) : () - axiom cmp_gt_log'0_spec : forall x : deep_model_ty'0, y : deep_model_ty'0 . ([%#span47] inv'7 x) - -> ([%#span48] inv'7 y) -> ([%#span49] gt_log'0 x y = (cmp_log'0 x y = Ordering'0.C_Greater)) + axiom cmp_gt_log'0_spec : forall x : deep_model_ty'0, y : deep_model_ty'0 . ([%#span43] inv'5 x) + -> ([%#span44] inv'5 y) -> ([%#span45] gt_log'0 x y = (cmp_log'0 x y = Ordering'0.C_Greater)) function ge_log'0 (self : deep_model_ty'0) (o : deep_model_ty'0) : bool function cmp_ge_log'0 (x : deep_model_ty'0) (y : deep_model_ty'0) : () - axiom cmp_ge_log'0_spec : forall x : deep_model_ty'0, y : deep_model_ty'0 . ([%#span50] inv'7 x) - -> ([%#span51] inv'7 y) -> ([%#span52] ge_log'0 x y = (cmp_log'0 x y <> Ordering'0.C_Less)) + axiom cmp_ge_log'0_spec : forall x : deep_model_ty'0, y : deep_model_ty'0 . ([%#span46] inv'5 x) + -> ([%#span47] inv'5 y) -> ([%#span48] ge_log'0 x y = (cmp_log'0 x y <> Ordering'0.C_Less)) function lt_log'0 (self : deep_model_ty'0) (o : deep_model_ty'0) : bool function cmp_lt_log'0 (x : deep_model_ty'0) (y : deep_model_ty'0) : () - axiom cmp_lt_log'0_spec : forall x : deep_model_ty'0, y : deep_model_ty'0 . ([%#span53] inv'7 x) - -> ([%#span54] inv'7 y) -> ([%#span55] lt_log'0 x y = (cmp_log'0 x y = Ordering'0.C_Less)) + axiom cmp_lt_log'0_spec : forall x : deep_model_ty'0, y : deep_model_ty'0 . ([%#span49] inv'5 x) + -> ([%#span50] inv'5 y) -> ([%#span51] lt_log'0 x y = (cmp_log'0 x y = Ordering'0.C_Less)) function le_log'0 (self : deep_model_ty'0) (o : deep_model_ty'0) : bool function cmp_le_log'0 (x : deep_model_ty'0) (y : deep_model_ty'0) : () - axiom cmp_le_log'0_spec : forall x : deep_model_ty'0, y : deep_model_ty'0 . ([%#span56] inv'7 x) - -> ([%#span57] inv'7 y) -> ([%#span58] le_log'0 x y = (cmp_log'0 x y <> Ordering'0.C_Greater)) + axiom cmp_le_log'0_spec : forall x : deep_model_ty'0, y : deep_model_ty'0 . ([%#span52] inv'5 x) + -> ([%#span53] inv'5 y) -> ([%#span54] le_log'0 x y = (cmp_log'0 x y <> Ordering'0.C_Greater)) - constant empty'0 : Seq'0.t_seq t = [%#span24] () + constant empty'0 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span26] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span25] len'1 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span22] len'1 (empty'0 : Seq'0.t_seq t) = 0 predicate invariant'1 (self : Vec'0.t_vec t (Global'0.t_global)) @@ -486,18 +445,16 @@ module C05BinarySearchGeneric_BinarySearch axiom inv'0 : forall x : t . inv'0 x = true - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq deep_model_ty'0) (x : int) : deep_model_ty'0 + function index_logic'0 (self : Seq'0.t_seq deep_model_ty'0) (_2 : int) : deep_model_ty'0 predicate sorted_range'0 [#"../05_binary_search_generic.rs" 9 0 9 63] (s : Seq'0.t_seq deep_model_ty'0) (l : int) (u : int) = - [%#span59] forall j : int . forall i : int . l <= i /\ i <= j /\ j < u + [%#span55] forall j : int . forall i : int . l <= i /\ i <= j /\ j < u -> le_log'0 (index_logic'0 s i) (index_logic'0 s j) predicate sorted'0 [#"../05_binary_search_generic.rs" 16 0 16 41] (s : Seq'0.t_seq deep_model_ty'0) = - [%#span60] sorted_range'0 s 0 (len'2 s) + [%#span56] sorted_range'0 s 0 (len'2 s) use prelude.prelude.Intrinsic @@ -505,20 +462,20 @@ module C05BinarySearchGeneric_BinarySearch function deep_model'1 (self : t) : deep_model_ty'0 - let rec cmp'0 (self:t) (other:t) (return' (ret:Ordering'0.t_ordering))= {[@expl:precondition] [%#span62] inv'2 other} - {[@expl:precondition] [%#span61] inv'2 self} + let rec cmp'0 (self:t) (other:t) (return' (ret:Ordering'0.t_ordering))= {[@expl:precondition] [%#span58] inv'2 other} + {[@expl:precondition] [%#span57] inv'2 self} any - [ return' (result:Ordering'0.t_ordering)-> {[%#span63] result = cmp_log'0 (deep_model'1 self) (deep_model'1 other)} + [ return' (result:Ordering'0.t_ordering)-> {[%#span59] result = cmp_log'0 (deep_model'1 self) (deep_model'1 other)} (! return' {result}) ] function deep_model'3 (self : t) : deep_model_ty'0 = - [%#span64] deep_model'1 self + [%#span60] deep_model'1 self - let rec gt'0 (self:t) (other:t) (return' (ret:bool))= {[@expl:precondition] [%#span66] inv'2 other} - {[@expl:precondition] [%#span65] inv'2 self} + let rec gt'0 (self:t) (other:t) (return' (ret:bool))= {[@expl:precondition] [%#span62] inv'2 other} + {[@expl:precondition] [%#span61] inv'2 self} any - [ return' (result:bool)-> {[%#span67] result = gt_log'0 (deep_model'3 self) (deep_model'3 other)} + [ return' (result:bool)-> {[%#span63] result = gt_log'0 (deep_model'3 self) (deep_model'3 other)} (! return' {result}) ] @@ -526,41 +483,38 @@ module C05BinarySearchGeneric_BinarySearch use prelude.prelude.Slice - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'2 (self : Seq'0.t_seq t) (_2 : int) : t predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq t) (out : t) = - [%#span68] index_logic'2 seq (UIntSize.to_int self) = out + [%#span64] index_logic'2 seq (UIntSize.to_int self) = out predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq t) = - [%#span69] UIntSize.to_int self < len'1 seq + [%#span65] UIntSize.to_int self < len'1 seq function shallow_model'0 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq t = - [%#span70] shallow_model'1 self + [%#span66] shallow_model'1 self - let rec index'0 (self:Vec'0.t_vec t (Global'0.t_global)) (index:usize) (return' (ret:t))= {[@expl:precondition] [%#span73] inv'4 index} - {[@expl:precondition] [%#span72] inv'1 self} - {[@expl:precondition] [%#span71] in_bounds'0 index (shallow_model'0 self)} + let rec index'0 (self:Vec'0.t_vec t (Global'0.t_global)) (index:usize) (return' (ret:t))= {[@expl:precondition] [%#span69] inv'3 index} + {[@expl:precondition] [%#span68] inv'1 self} + {[@expl:precondition] [%#span67] in_bounds'0 index (shallow_model'0 self)} any - [ return' (result:t)-> {[%#span75] inv'2 result} - {[%#span74] has_value'0 index (shallow_model'0 self) result} + [ return' (result:t)-> {[%#span71] inv'2 result} + {[%#span70] has_value'0 index (shallow_model'0 self) result} (! return' {result}) ] function index_logic'1 [@inline:trivial] (self : Vec'0.t_vec t (Global'0.t_global)) (ix : int) : t = - [%#span76] index_logic'2 (shallow_model'1 self) ix + [%#span72] index_logic'2 (shallow_model'1 self) ix function deep_model'2 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq deep_model_ty'0 - axiom deep_model'2_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span77] inv'5 self) - -> ([%#span80] inv'6 (deep_model'2 self)) - && ([%#span79] forall i : int . 0 <= i /\ i < len'1 (shallow_model'1 self) + axiom deep_model'2_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span73] inv'4 self) + -> ([%#span75] forall i : int . 0 <= i /\ i < len'1 (shallow_model'1 self) -> index_logic'0 (deep_model'2 self) i = deep_model'1 (index_logic'1 self i)) - && ([%#span78] len'1 (shallow_model'1 self) = len'2 (deep_model'2 self)) + && ([%#span74] len'1 (shallow_model'1 self) = len'2 (deep_model'2 self)) function deep_model'0 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq deep_model_ty'0 = - [%#span64] deep_model'2 self + [%#span60] deep_model'2 self use Core_Result_Result_Type as Result'0 @@ -568,9 +522,9 @@ module C05BinarySearchGeneric_BinarySearch predicate resolve'0 (self : t) - let rec len'0 (self:Vec'0.t_vec t (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span81] inv'1 self} + let rec len'0 (self:Vec'0.t_vec t (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span76] inv'1 self} any - [ return' (result:usize)-> {[%#span82] UIntSize.to_int result = len'1 (shallow_model'0 self)} (! return' {result}) ] + [ return' (result:usize)-> {[%#span77] UIntSize.to_int result = len'1 (shallow_model'0 self)} (! return' {result}) ] let rec binary_search (arr:Vec'0.t_vec t (Global'0.t_global)) (elem:t) (return' (ret:Result'0.t_result usize usize))= {[%#s05_binary_search_generic13] inv'0 elem} diff --git a/creusot/tests/should_succeed/vector/06_knights_tour.coma b/creusot/tests/should_succeed/vector/06_knights_tour.coma index 666f5de186..74c73a8a66 100644 --- a/creusot/tests/should_succeed/vector/06_knights_tour.coma +++ b/creusot/tests/should_succeed/vector/06_knights_tour.coma @@ -271,22 +271,7 @@ module C06KnightsTour_Board_Type end end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module CreusotContracts_Snapshot_Snapshot_Type type t_snapshot 't @@ -379,35 +364,27 @@ module C06KnightsTour_Impl1_New_Closure3 let%span span3 = "" 0 0 0 0 - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span5 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span6 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span6 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span7 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span7 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span8 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span9 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span9 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span13 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - - let%span span14 = "" 0 0 0 0 + let%span span10 = "" 0 0 0 0 - let%span span15 = "../../../../../creusot-contracts/src/std/vec.rs" 174 22 174 41 + let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 174 22 174 41 - let%span span16 = "../../../../../creusot-contracts/src/std/vec.rs" 175 12 175 78 + let%span span12 = "../../../../../creusot-contracts/src/std/vec.rs" 175 12 175 78 - let%span span17 = "" 0 0 0 0 + let%span span13 = "" 0 0 0 0 - let%span span18 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span14 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 use prelude.prelude.UIntSize @@ -430,24 +407,19 @@ module C06KnightsTour_Impl1_New_Closure3 constant max'0 : usize = [%#span3] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq usize) : int - axiom len'0_spec : forall self : Seq'0.t_seq usize . ([%#span4] inv'2 self) -> ([%#span5] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq usize . [%#span4] len'0 self >= 0 predicate inv'1 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span6] inv'1 self) - -> ([%#span8] inv'2 (shallow_model'0 self)) - && ([%#span7] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span5] inv'1 self) + -> ([%#span6] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'1 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span9] inv'2 (shallow_model'0 self) + [%#span7] inv'2 (shallow_model'0 self) axiom inv'1 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'1 x = true @@ -458,12 +430,11 @@ module C06KnightsTour_Impl1_New_Closure3 axiom inv'0 : forall x : usize . inv'0 x = true - constant empty'0 : Seq'0.t_seq usize = [%#span10] () + constant empty'0 : Seq'0.t_seq usize - function empty_len'0 (_1 : ()) : () = - [%#span12] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span11] len'0 (empty'0 : Seq'0.t_seq usize) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span8] len'0 (empty'0 : Seq'0.t_seq usize) = 0 use prelude.prelude.Int16 @@ -484,23 +455,21 @@ module C06KnightsTour_Impl1_New_Closure3 use prelude.prelude.Intrinsic - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'1 (self : Seq'0.t_seq usize) (_2 : int) : usize function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec usize (Global'0.t_global)) (ix : int) : usize = - [%#span13] index_logic'1 (shallow_model'0 self) ix + [%#span9] index_logic'1 (shallow_model'0 self) ix - let rec from_elem'0 (elem:usize) (n:usize) (return' (ret:Vec'0.t_vec usize (Global'0.t_global)))= {[@expl:precondition] [%#span14] inv'0 elem} + let rec from_elem'0 (elem:usize) (n:usize) (return' (ret:Vec'0.t_vec usize (Global'0.t_global)))= {[@expl:precondition] [%#span10] inv'0 elem} any - [ return' (result:Vec'0.t_vec usize (Global'0.t_global))-> {[%#span17] inv'1 result} - {[%#span16] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'0 result i = elem} - {[%#span15] len'0 (shallow_model'0 result) = UIntSize.to_int n} + [ return' (result:Vec'0.t_vec usize (Global'0.t_global))-> {[%#span13] inv'1 result} + {[%#span12] forall i : int . 0 <= i /\ i < UIntSize.to_int n -> index_logic'0 result i = elem} + {[%#span11] len'0 (shallow_model'0 result) = UIntSize.to_int n} (! return' {result}) ] predicate resolve'0 (self : borrowed Closure'0.c06knightstour_impl1_new_closure3) = - [%#span18] ^ self = * self + [%#span14] ^ self = * self let rec c06knightstour_impl1_new_closure3 (_1:borrowed Closure'0.c06knightstour_impl1_new_closure3) (_2:usize) (_3:Snapshot'0.t_snapshot (Seq'0.t_seq usize)) (return' (ret:Vec'0.t_vec usize (Global'0.t_global)))= (! bb0 [ bb0 = s0 @@ -536,190 +505,161 @@ module C06KnightsTour_Impl1_New let%span s06_knights_tour3 = "../06_knights_tour.rs" 39 14 39 25 - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span9 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - - let%span span10 = "" 0 0 0 0 - - let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - - let%span span12 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - - let%span span13 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 - - let%span span14 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span4 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span7 = "" 0 0 0 0 - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span8 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span9 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span20 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span21 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span11 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 47 15 47 50 + let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 23 50 27 + let%span span13 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 48 14 48 35 + let%span span14 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 49 4 49 87 + let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 42 15 42 50 - let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 50 4 50 52 + let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 43 14 43 35 - let%span span27 = "../../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 + let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 44 4 44 87 - let%span span28 = "../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 + let%span span18 = "../../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 - let%span span29 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9 + let%span span19 = "../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 - let%span span30 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 28 15 28 32 + let%span span20 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 37 8 49 9 - let%span span31 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 32 + let%span span21 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 28 15 28 32 - let%span span32 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 31 22 31 23 + let%span span22 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 29 15 29 32 - let%span span33 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 31 31 31 33 + let%span span23 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 31 22 31 23 - let%span span34 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 31 52 31 53 + let%span span24 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 31 52 31 53 - let%span span35 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 31 61 31 63 + let%span span25 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 31 82 31 83 - let%span span36 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 31 82 31 83 + let%span span26 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 30 14 30 42 - let%span span37 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 30 14 30 42 + let%span span27 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 24 21 24 25 - let%span span38 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 24 21 24 25 + let%span span28 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 23 14 23 45 - let%span span39 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 23 14 23 45 + let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span40 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span30 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span41 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span42 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span32 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 112 8 116 9 - let%span span43 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span33 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span44 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 112 8 116 9 + let%span span34 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 135 8 142 9 - let%span span45 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span35 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 121 24 121 28 - let%span span46 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 135 8 142 9 + let%span span36 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 121 33 121 37 - let%span span47 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 121 24 121 28 + let%span span37 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 120 4 120 83 - let%span span48 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 121 33 121 37 + let%span span38 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span49 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 121 42 121 50 + let%span span39 = "../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 - let%span span50 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 120 4 120 83 + let%span span40 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 148 8 153 9 - let%span span51 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span41 = "../../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 - let%span span52 = "../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span span42 = "../../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 - let%span span53 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 148 8 153 9 + let%span span43 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 - let%span span54 = "../../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span span44 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 - let%span span55 = "../../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span span45 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 - let%span span56 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 + let%span span46 = "../../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 - let%span span57 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 31 40 33 + let%span span47 = "../../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 - let%span span58 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 + let%span span48 = "../../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 - let%span span59 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 61 40 63 + let%span span49 = "../../../../../creusot-contracts/src/std/iter.rs" 38 15 38 32 - let%span span60 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 + let%span span50 = "../../../../../creusot-contracts/src/std/iter.rs" 39 15 39 32 - let%span span61 = "../../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span span51 = "../../../../../creusot-contracts/src/std/iter.rs" 41 22 41 23 - let%span span62 = "../../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 + let%span span52 = "../../../../../creusot-contracts/src/std/iter.rs" 41 52 41 53 - let%span span63 = "../../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span span53 = "../../../../../creusot-contracts/src/std/iter.rs" 41 82 41 83 - let%span span64 = "../../../../../creusot-contracts/src/std/iter.rs" 38 15 38 32 + let%span span54 = "../../../../../creusot-contracts/src/std/iter.rs" 40 14 40 42 - let%span span65 = "../../../../../creusot-contracts/src/std/iter.rs" 39 15 39 32 + let%span span55 = "../../../../../creusot-contracts/src/std/iter.rs" 35 21 35 25 - let%span span66 = "../../../../../creusot-contracts/src/std/iter.rs" 41 22 41 23 + let%span span56 = "../../../../../creusot-contracts/src/std/iter.rs" 34 14 34 45 - let%span span67 = "../../../../../creusot-contracts/src/std/iter.rs" 41 31 41 33 + let%span span57 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span68 = "../../../../../creusot-contracts/src/std/iter.rs" 41 52 41 53 + let%span span58 = "../06_knights_tour.rs" 31 8 35 9 - let%span span69 = "../../../../../creusot-contracts/src/std/iter.rs" 41 61 41 63 + let%span span59 = "../../../../../creusot-contracts/src/std/vec.rs" 275 20 275 32 - let%span span70 = "../../../../../creusot-contracts/src/std/iter.rs" 41 82 41 83 + let%span span60 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 15 8 18 9 - let%span span71 = "../../../../../creusot-contracts/src/std/iter.rs" 40 14 40 42 + let%span span61 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 - let%span span72 = "../../../../../creusot-contracts/src/std/iter.rs" 35 21 35 25 + let%span span62 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 56 4 56 27 - let%span span73 = "../../../../../creusot-contracts/src/std/iter.rs" 34 14 34 45 + let%span span63 = "" 0 0 0 0 - let%span span74 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span64 = "../../../../../creusot-contracts/src/std/iter.rs" 136 16 137 83 - let%span span75 = "../06_knights_tour.rs" 31 8 35 9 + let%span span65 = "" 0 0 0 0 - let%span span76 = "../../../../../creusot-contracts/src/std/vec.rs" 275 20 275 32 + let%span span66 = "../../../../../creusot-contracts/src/std/iter.rs" 43 4 43 141 - let%span span77 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 15 8 18 9 + let%span span67 = "../../../../../creusot-contracts/src/std/iter.rs" 44 15 44 51 - let%span span78 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 + let%span span68 = "../../../../../creusot-contracts/src/std/iter.rs" 45 15 45 70 - let%span span79 = "../../../../../creusot-contracts/src/std/iter/map_inv.rs" 56 4 56 27 + let%span span69 = "../../../../../creusot-contracts/src/std/iter.rs" 47 21 47 25 - let%span span80 = "" 0 0 0 0 + let%span span70 = "../../../../../creusot-contracts/src/std/iter.rs" 47 27 47 31 - let%span span81 = "../../../../../creusot-contracts/src/std/iter.rs" 136 16 137 83 + let%span span71 = "../../../../../creusot-contracts/src/std/iter.rs" 46 14 46 88 - let%span span82 = "" 0 0 0 0 + let%span span72 = "../../../../../creusot-contracts/src/std/iter.rs" 47 4 50 61 - let%span span83 = "../../../../../creusot-contracts/src/std/iter.rs" 43 4 43 141 + use Alloc_Alloc_Global_Type as Global'0 - let%span span84 = "../../../../../creusot-contracts/src/std/iter.rs" 44 15 44 51 + use prelude.prelude.UIntSize - let%span span85 = "../../../../../creusot-contracts/src/std/iter.rs" 45 15 45 70 + use Alloc_Vec_Vec_Type as Vec'0 - let%span span86 = "../../../../../creusot-contracts/src/std/iter.rs" 47 21 47 25 + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - let%span span87 = "../../../../../creusot-contracts/src/std/iter.rs" 47 27 47 31 + predicate invariant'10 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = + [%#span4] true - let%span span88 = "../../../../../creusot-contracts/src/std/iter.rs" 46 14 46 88 + predicate inv'10 (_x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) - let%span span89 = "../../../../../creusot-contracts/src/std/iter.rs" 47 4 50 61 + axiom inv'10 : forall x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . inv'10 x = true use prelude.prelude.Int - use seq.Seq - - use Alloc_Alloc_Global_Type as Global'0 - - use prelude.prelude.UIntSize - - use Alloc_Vec_Vec_Type as Vec'0 - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Int16 @@ -728,124 +668,99 @@ module C06KnightsTour_Impl1_New use prelude.prelude.Borrow - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - - predicate inv'11 (_x : Seq'0.t_seq (borrowed Closure'0.c06knightstour_impl1_new_closure3)) - function len'2 (self : Seq'0.t_seq (borrowed Closure'0.c06knightstour_impl1_new_closure3)) : int - axiom len'2_spec : forall self : Seq'0.t_seq (borrowed Closure'0.c06knightstour_impl1_new_closure3) . ([%#span4] inv'11 self) - -> ([%#span5] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq (borrowed Closure'0.c06knightstour_impl1_new_closure3) . [%#span5] len'2 self + >= 0 - constant empty'2 : Seq'0.t_seq (borrowed Closure'0.c06knightstour_impl1_new_closure3) = [%#span6] () + constant empty'2 : Seq'0.t_seq (borrowed Closure'0.c06knightstour_impl1_new_closure3) - function empty_len'2 (_1 : ()) : () = - [%#span8] () + function empty_len'2 (_1 : ()) : () - axiom empty_len'2_spec : forall _1 : () . [%#span7] len'2 (empty'2 : Seq'0.t_seq (borrowed Closure'0.c06knightstour_impl1_new_closure3)) + axiom empty_len'2_spec : forall _1 : () . [%#span6] len'2 (empty'2 : Seq'0.t_seq (borrowed Closure'0.c06knightstour_impl1_new_closure3)) = 0 - predicate invariant'11 (self : Seq'0.t_seq (borrowed Closure'0.c06knightstour_impl1_new_closure3)) = - [%#span9] true - - axiom inv'11 : forall x : Seq'0.t_seq (borrowed Closure'0.c06knightstour_impl1_new_closure3) . inv'11 x = true - - predicate invariant'10 (self : borrowed Closure'0.c06knightstour_impl1_new_closure3) = - [%#span9] true + predicate invariant'9 (self : borrowed Closure'0.c06knightstour_impl1_new_closure3) = + [%#span4] true - predicate inv'10 (_x : borrowed Closure'0.c06knightstour_impl1_new_closure3) + predicate inv'9 (_x : borrowed Closure'0.c06knightstour_impl1_new_closure3) - axiom inv'10 : forall x : borrowed Closure'0.c06knightstour_impl1_new_closure3 . inv'10 x = true + axiom inv'9 : forall x : borrowed Closure'0.c06knightstour_impl1_new_closure3 . inv'9 x = true - predicate inv'7 (_x : Seq'0.t_seq usize) + predicate inv'6 (_x : Seq'0.t_seq usize) use prelude.prelude.UIntSize - constant max'0 : usize = [%#span10] (18446744073709551615 : usize) - - use seq.Seq + constant max'0 : usize = [%#span7] (18446744073709551615 : usize) function len'1 (self : Seq'0.t_seq usize) : int - axiom len'1_spec : forall self : Seq'0.t_seq usize . ([%#span4] inv'7 self) -> ([%#span5] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq usize . [%#span5] len'1 self >= 0 - predicate inv'9 (_x : Vec'0.t_vec usize (Global'0.t_global)) + predicate inv'8 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'1 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'1_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span11] inv'9 self) - -> ([%#span13] inv'7 (shallow_model'1 self)) - && ([%#span12] len'1 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'1_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span8] inv'8 self) + -> ([%#span9] len'1 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) - predicate invariant'9 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span14] inv'7 (shallow_model'1 self) + predicate invariant'8 (self : Vec'0.t_vec usize (Global'0.t_global)) = + [%#span10] inv'6 (shallow_model'1 self) - axiom inv'9 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'9 x = true + axiom inv'8 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'8 x = true use Core_Ops_Range_Range_Type as Range'0 - predicate invariant'8 (self : borrowed (Range'0.t_range usize)) = - [%#span9] true - - predicate inv'8 (_x : borrowed (Range'0.t_range usize)) - - axiom inv'8 : forall x : borrowed (Range'0.t_range usize) . inv'8 x = true + predicate invariant'7 (self : borrowed (Range'0.t_range usize)) = + [%#span4] true - predicate invariant'7 (self : Seq'0.t_seq usize) = - [%#span9] true + predicate inv'7 (_x : borrowed (Range'0.t_range usize)) - axiom inv'7 : forall x : Seq'0.t_seq usize . inv'7 x = true + axiom inv'7 : forall x : borrowed (Range'0.t_range usize) . inv'7 x = true - use seq.Seq + predicate invariant'6 (self : Seq'0.t_seq usize) = + [%#span4] true - predicate inv'4 (_x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) + axiom inv'6 : forall x : Seq'0.t_seq usize . inv'6 x = true function len'0 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) : int - axiom len'0_spec : forall self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . ([%#span4] inv'4 self) - -> ([%#span5] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . [%#span5] len'0 self >= 0 - constant empty'1 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) = [%#span6] () + constant empty'1 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) - function empty_len'1 (_1 : ()) : () = - [%#span8] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span7] len'0 (empty'1 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) + axiom empty_len'1_spec : forall _1 : () . [%#span6] len'0 (empty'1 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = 0 - predicate inv'6 (_x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) + predicate inv'5 (_x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) - axiom shallow_model'0_spec : forall self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . ([%#span11] inv'6 self) - -> ([%#span13] inv'4 (shallow_model'0 self)) - && ([%#span12] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . ([%#span8] inv'5 self) + -> ([%#span9] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) - predicate invariant'6 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) = - [%#span14] inv'4 (shallow_model'0 self) + predicate invariant'5 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) = + [%#span10] inv'10 (shallow_model'0 self) - axiom inv'6 : forall x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . inv'6 x = true + axiom inv'5 : forall x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . inv'5 x = true use CreusotContracts_Std1_Iter_MapInv_MapInv_Type as MapInv'0 - use seq.Seq - - use seq.Seq - - function index_logic'3 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (x : int) : Vec'0.t_vec usize (Global'0.t_global) + function index_logic'3 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (_2 : int) : Vec'0.t_vec usize (Global'0.t_global) function concat'1 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (other : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) - axiom concat'1_spec : forall self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)), other : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . ([%#span15] inv'4 self) - -> ([%#span16] inv'4 other) - -> ([%#span19] inv'4 (concat'1 self other)) - && ([%#span18] forall i : int . 0 <= i /\ i < len'0 (concat'1 self other) + axiom concat'1_spec : forall self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)), other : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . ([%#span12] forall i : int . 0 + <= i + /\ i < len'0 (concat'1 self other) -> index_logic'3 (concat'1 self other) i = (if i < len'0 self then index_logic'3 self i else index_logic'3 other (i - len'0 self))) - && ([%#span17] len'0 (concat'1 self other) = len'0 self + len'0 other) + && ([%#span11] len'0 (concat'1 self other) = len'0 self + len'0 other) predicate inv'3 (_x : MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3) @@ -873,40 +788,28 @@ module C06KnightsTour_Impl1_New function new'0 (x : Seq'0.t_seq usize) : Snapshot'0.t_snapshot (Seq'0.t_seq usize) - axiom new'0_spec : forall x : Seq'0.t_seq usize . ([%#span20] inv'7 x) -> ([%#span21] deref'0 (new'0 x) = x) - - use prelude.seq_ext.SeqExt + axiom new'0_spec : forall x : Seq'0.t_seq usize . ([%#span13] inv'6 x) -> ([%#span14] deref'0 (new'0 x) = x) - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'1 (self : Seq'0.t_seq usize) (_2 : int) : usize function subsequence'0 (self : Seq'0.t_seq usize) (n : int) (m : int) : Seq'0.t_seq usize - axiom subsequence'0_spec : forall self : Seq'0.t_seq usize, n : int, m : int . ([%#span22] 0 <= n + axiom subsequence'0_spec : forall self : Seq'0.t_seq usize, n : int, m : int . ([%#span15] 0 <= n /\ n <= m /\ m <= len'1 self) - -> ([%#span23] inv'7 self) - -> ([%#span26] inv'7 (subsequence'0 self n m)) - && ([%#span25] forall i : int . 0 <= i /\ i < len'1 (subsequence'0 self n m) + -> ([%#span17] forall i : int . 0 <= i /\ i < len'1 (subsequence'0 self n m) -> index_logic'1 (subsequence'0 self n m) i = index_logic'1 self (n + i)) - && ([%#span24] len'1 (subsequence'0 self n m) = m - n) - - use seq.Seq + && ([%#span16] len'1 (subsequence'0 self n m) = m - n) - function index_logic'2 (self : Seq'0.t_seq (borrowed Closure'0.c06knightstour_impl1_new_closure3)) (x : int) : borrowed Closure'0.c06knightstour_impl1_new_closure3 + function index_logic'2 (self : Seq'0.t_seq (borrowed Closure'0.c06knightstour_impl1_new_closure3)) (_2 : int) : borrowed Closure'0.c06knightstour_impl1_new_closure3 - use seq.Seq - function concat'0 (self : Seq'0.t_seq usize) (other : Seq'0.t_seq usize) : Seq'0.t_seq usize - axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span15] inv'7 self) - -> ([%#span16] inv'7 other) - -> ([%#span19] inv'7 (concat'0 self other)) - && ([%#span18] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span12] forall i : int . 0 <= i + /\ i < len'1 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'1 self then index_logic'1 self i else index_logic'1 other (i - len'1 self))) - && ([%#span17] len'1 (concat'0 self other) = len'1 self + len'1 other) + && ([%#span11] len'1 (concat'0 self other) = len'1 self + len'1 other) function inner'0 (self : Snapshot'0.t_snapshot (Seq'0.t_seq usize)) : Seq'0.t_seq usize @@ -915,12 +818,12 @@ module C06KnightsTour_Impl1_New use prelude.prelude.Int function deep_model'0 (self : usize) : int = - [%#span27] UIntSize.to_int self + [%#span18] UIntSize.to_int self use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type predicate produces'0 (self : Range'0.t_range usize) (visited : Seq'0.t_seq usize) (o : Range'0.t_range usize) = - [%#span28] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o + [%#span19] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start self) <= deep_model'0 (Core_Ops_Range_Range_Type.range_start o) /\ (len'1 visited > 0 @@ -933,14 +836,12 @@ module C06KnightsTour_Impl1_New predicate produces'1 [@inline:trivial] (self : MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3) (visited : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (succ : MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3) = - [%#span29] unnest'0 (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func self) (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func succ) - /\ (exists s : Seq'0.t_seq usize . inv'7 s - /\ len'1 s = len'0 visited + [%#span20] unnest'0 (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func self) (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func succ) + /\ (exists s : Seq'0.t_seq usize . len'1 s = len'0 visited /\ produces'0 (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter self) s (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter succ) /\ inner'0 (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced succ) = concat'0 (deref'0 (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced self)) s - /\ (exists fs : Seq'0.t_seq (borrowed Closure'0.c06knightstour_impl1_new_closure3) . inv'11 fs - /\ len'2 fs = len'0 visited + /\ (exists fs : Seq'0.t_seq (borrowed Closure'0.c06knightstour_impl1_new_closure3) . len'2 fs = len'0 visited /\ (forall i : int . 1 <= i /\ i < len'2 fs -> ^ index_logic'2 fs (i - 1) = * index_logic'2 fs i) /\ (if len'0 visited = 0 then CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func self @@ -957,92 +858,80 @@ module C06KnightsTour_Impl1_New function produces_trans'2 (a : MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3) (ab : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (b : MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3) (bc : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (c : MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3) : () - axiom produces_trans'2_spec : forall a : MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3, ab : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)), b : MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3, bc : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)), c : MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3 . ([%#span30] produces'1 a ab b) - -> ([%#span31] produces'1 b bc c) - -> ([%#span32] inv'3 a) - -> ([%#span33] inv'4 ab) - -> ([%#span34] inv'3 b) - -> ([%#span35] inv'4 bc) -> ([%#span36] inv'3 c) -> ([%#span37] produces'1 a (concat'1 ab bc) c) + axiom produces_trans'2_spec : forall a : MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3, ab : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)), b : MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3, bc : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)), c : MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3 . ([%#span21] produces'1 a ab b) + -> ([%#span22] produces'1 b bc c) + -> ([%#span23] inv'3 a) + -> ([%#span24] inv'3 b) -> ([%#span25] inv'3 c) -> ([%#span26] produces'1 a (concat'1 ab bc) c) function produces_refl'2 (self : MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3) : () - axiom produces_refl'2_spec : forall self : MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3 . ([%#span38] inv'3 self) - -> ([%#span39] produces'1 self (empty'1 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) self) + axiom produces_refl'2_spec : forall self : MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3 . ([%#span27] inv'3 self) + -> ([%#span28] produces'1 self (empty'1 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) self) - predicate invariant'5 (self : borrowed (MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3)) + predicate invariant'4 (self : borrowed (MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3)) = - [%#span9] true + [%#span4] true - predicate inv'5 (_x : borrowed (MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3)) + predicate inv'4 (_x : borrowed (MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3)) - axiom inv'5 : forall x : borrowed (MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3) . inv'5 x + axiom inv'4 : forall x : borrowed (MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3) . inv'4 x = (inv'3 ( * x) /\ inv'3 ( ^ x)) - predicate invariant'4 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = - [%#span9] true - - axiom inv'4 : forall x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . inv'4 x = true - - use seq.Seq - predicate inv'1 (_x : usize) function singleton'0 (v : usize) : Seq'0.t_seq usize - axiom singleton'0_spec : forall v : usize . ([%#span40] inv'1 v) - -> ([%#span43] inv'7 (singleton'0 v)) - && ([%#span42] index_logic'1 (singleton'0 v) 0 = v) && ([%#span41] len'1 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : usize . ([%#span29] inv'1 v) + -> ([%#span31] index_logic'1 (singleton'0 v) 0 = v) && ([%#span30] len'1 (singleton'0 v) = 1) predicate inv'0 (_x : Range'0.t_range usize) predicate next_precondition'0 (iter : Range'0.t_range usize) (func : Closure'0.c06knightstour_impl1_new_closure3) (produced : Seq'0.t_seq usize) = - [%#span44] forall i : Range'0.t_range usize . forall e : usize . inv'0 i + [%#span32] forall i : Range'0.t_range usize . forall e : usize . inv'0 i -> inv'1 e -> produces'0 iter (singleton'0 e) i -> precondition'0 func (e, new'0 produced) function push'0 [@inline:trivial] (self : Seq'0.t_seq usize) (v : usize) : Seq'0.t_seq usize = - [%#span45] concat'0 self (singleton'0 v) + [%#span33] concat'0 self (singleton'0 v) predicate preservation'0 (iter : Range'0.t_range usize) (func : Closure'0.c06knightstour_impl1_new_closure3) = - [%#span46] forall i : Range'0.t_range usize . forall b : Vec'0.t_vec usize (Global'0.t_global) . forall f : borrowed Closure'0.c06knightstour_impl1_new_closure3 . forall e2 : usize . forall e1 : usize . forall s : Seq'0.t_seq usize . inv'0 i - -> inv'9 b - -> inv'10 f + [%#span34] forall i : Range'0.t_range usize . forall b : Vec'0.t_vec usize (Global'0.t_global) . forall f : borrowed Closure'0.c06knightstour_impl1_new_closure3 . forall e2 : usize . forall e1 : usize . forall s : Seq'0.t_seq usize . inv'0 i + -> inv'8 b + -> inv'9 f -> inv'1 e2 -> inv'1 e1 - -> inv'7 s -> unnest'0 func ( * f) -> produces'0 iter (push'0 (push'0 s e1) e2) i -> precondition'0 ( * f) (e1, new'0 s) -> postcondition_mut'0 f (e1, new'0 s) b -> precondition'0 ( ^ f) (e2, new'0 (push'0 s e1)) - constant empty'0 : Seq'0.t_seq usize = [%#span6] () + constant empty'0 : Seq'0.t_seq usize predicate inv'2 (_x : Closure'0.c06knightstour_impl1_new_closure3) predicate preservation_inv'0 (iter : Range'0.t_range usize) (func : Closure'0.c06knightstour_impl1_new_closure3) (produced : Seq'0.t_seq usize) - axiom preservation_inv'0_spec : forall iter : Range'0.t_range usize, func : Closure'0.c06knightstour_impl1_new_closure3, produced : Seq'0.t_seq usize . ([%#span47] inv'0 iter) - -> ([%#span48] inv'2 func) - -> ([%#span49] inv'7 produced) - -> ([%#span50] produced = (empty'0 : Seq'0.t_seq usize) + axiom preservation_inv'0_spec : forall iter : Range'0.t_range usize, func : Closure'0.c06knightstour_impl1_new_closure3, produced : Seq'0.t_seq usize . ([%#span35] inv'0 iter) + -> ([%#span36] inv'2 func) + -> ([%#span37] produced = (empty'0 : Seq'0.t_seq usize) -> preservation_inv'0 iter func produced = preservation'0 iter func) predicate resolve'3 (self : borrowed (Range'0.t_range usize)) = - [%#span51] ^ self = * self + [%#span38] ^ self = * self predicate completed'1 (self : borrowed (Range'0.t_range usize)) = - [%#span52] resolve'3 self + [%#span39] resolve'3 self /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start ( * self)) >= deep_model'0 (Core_Ops_Range_Range_Type.range_end ( * self)) predicate reinitialize'0 (_1 : ()) = - [%#span53] forall func : Closure'0.c06knightstour_impl1_new_closure3 . forall iter : borrowed (Range'0.t_range usize) . inv'2 func - -> inv'8 iter + [%#span40] forall func : Closure'0.c06knightstour_impl1_new_closure3 . forall iter : borrowed (Range'0.t_range usize) . inv'2 func + -> inv'7 iter -> completed'1 iter -> next_precondition'0 ( ^ iter) func (empty'0 : Seq'0.t_seq usize) /\ preservation'0 ( ^ iter) func @@ -1056,66 +945,61 @@ module C06KnightsTour_Impl1_New end) predicate invariant'2 (self : Closure'0.c06knightstour_impl1_new_closure3) = - [%#span9] true + [%#span4] true axiom inv'2 : forall x : Closure'0.c06knightstour_impl1_new_closure3 . inv'2 x = true function produces_trans'1 (a : Range'0.t_range usize) (ab : Seq'0.t_seq usize) (b : Range'0.t_range usize) (bc : Seq'0.t_seq usize) (c : Range'0.t_range usize) : () - axiom produces_trans'1_spec : forall a : Range'0.t_range usize, ab : Seq'0.t_seq usize, b : Range'0.t_range usize, bc : Seq'0.t_seq usize, c : Range'0.t_range usize . ([%#span54] produces'0 a ab b) - -> ([%#span55] produces'0 b bc c) - -> ([%#span56] inv'0 a) - -> ([%#span57] inv'7 ab) - -> ([%#span58] inv'0 b) - -> ([%#span59] inv'7 bc) -> ([%#span60] inv'0 c) -> ([%#span61] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'1_spec : forall a : Range'0.t_range usize, ab : Seq'0.t_seq usize, b : Range'0.t_range usize, bc : Seq'0.t_seq usize, c : Range'0.t_range usize . ([%#span41] produces'0 a ab b) + -> ([%#span42] produces'0 b bc c) + -> ([%#span43] inv'0 a) + -> ([%#span44] inv'0 b) -> ([%#span45] inv'0 c) -> ([%#span46] produces'0 a (concat'0 ab bc) c) function produces_refl'1 (self : Range'0.t_range usize) : () - axiom produces_refl'1_spec : forall self : Range'0.t_range usize . ([%#span62] inv'0 self) - -> ([%#span63] produces'0 self (empty'0 : Seq'0.t_seq usize) self) + axiom produces_refl'1_spec : forall self : Range'0.t_range usize . ([%#span47] inv'0 self) + -> ([%#span48] produces'0 self (empty'0 : Seq'0.t_seq usize) self) - function empty_len'0 (_1 : ()) : () = - [%#span8] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span7] len'1 (empty'0 : Seq'0.t_seq usize) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span6] len'1 (empty'0 : Seq'0.t_seq usize) = 0 predicate invariant'1 (self : usize) = - [%#span9] true + [%#span4] true axiom inv'1 : forall x : usize . inv'1 x = true predicate invariant'0 (self : Range'0.t_range usize) = - [%#span9] true + [%#span4] true axiom inv'0 : forall x : Range'0.t_range usize . inv'0 x = true function produces_trans'0 (a : Range'0.t_range usize) (ab : Seq'0.t_seq usize) (b : Range'0.t_range usize) (bc : Seq'0.t_seq usize) (c : Range'0.t_range usize) : () - axiom produces_trans'0_spec : forall a : Range'0.t_range usize, ab : Seq'0.t_seq usize, b : Range'0.t_range usize, bc : Seq'0.t_seq usize, c : Range'0.t_range usize . ([%#span64] produces'0 a ab b) - -> ([%#span65] produces'0 b bc c) - -> ([%#span66] inv'0 a) - -> ([%#span67] inv'7 ab) - -> ([%#span68] inv'0 b) - -> ([%#span69] inv'7 bc) -> ([%#span70] inv'0 c) -> ([%#span71] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : Range'0.t_range usize, ab : Seq'0.t_seq usize, b : Range'0.t_range usize, bc : Seq'0.t_seq usize, c : Range'0.t_range usize . ([%#span49] produces'0 a ab b) + -> ([%#span50] produces'0 b bc c) + -> ([%#span51] inv'0 a) + -> ([%#span52] inv'0 b) -> ([%#span53] inv'0 c) -> ([%#span54] produces'0 a (concat'0 ab bc) c) function produces_refl'0 (self : Range'0.t_range usize) : () - axiom produces_refl'0_spec : forall self : Range'0.t_range usize . ([%#span72] inv'0 self) - -> ([%#span73] produces'0 self (empty'0 : Seq'0.t_seq usize) self) + axiom produces_refl'0_spec : forall self : Range'0.t_range usize . ([%#span55] inv'0 self) + -> ([%#span56] produces'0 self (empty'0 : Seq'0.t_seq usize) self) function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) (ix : int) : Vec'0.t_vec usize (Global'0.t_global) = - [%#span74] index_logic'3 (shallow_model'0 self) ix + [%#span57] index_logic'3 (shallow_model'0 self) ix use C06KnightsTour_Board_Type as C06KnightsTour_Board_Type use C06KnightsTour_Board_Type as Board'0 predicate wf'0 [#"../06_knights_tour.rs" 30 4 30 23] (self : Board'0.t_board) = - [%#span75] UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) <= 1000 + [%#span58] UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) <= 1000 /\ len'0 (shallow_model'0 (C06KnightsTour_Board_Type.board_field self)) = UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) @@ -1127,12 +1011,12 @@ module C06KnightsTour_Impl1_New predicate from_iter_post'0 (prod : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (res : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) = - [%#span76] prod = shallow_model'0 res + [%#span59] prod = shallow_model'0 res predicate completed'0 (self : borrowed (MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3)) = - [%#span77] deref'0 (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced ( ^ self)) + [%#span60] deref'0 (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_produced ( ^ self)) = (empty'0 : Seq'0.t_seq usize) /\ completed'1 (Borrow.borrow_logic (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter ( * self)) (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter ( ^ self)) (Borrow.inherit_id (Borrow.get_id self) 1)) /\ CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func ( * self) @@ -1142,32 +1026,31 @@ module C06KnightsTour_Impl1_New true predicate resolve'1 (self : Range'0.t_range usize) = - [%#span78] true + [%#span61] true predicate resolve'0 (self : MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3) = - [%#span79] resolve'1 (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter self) + [%#span62] resolve'1 (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_iter self) /\ resolve'2 (CreusotContracts_Std1_Iter_MapInv_MapInv_Type.mapinv_func self) - let rec collect'0 (self:MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3) (return' (ret:Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)))= {[@expl:precondition] [%#span80] inv'3 self} + let rec collect'0 (self:MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3) (return' (ret:Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)))= {[@expl:precondition] [%#span63] inv'3 self} any - [ return' (result:Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global))-> {[%#span82] inv'6 result} - {[%#span81] exists prod : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . exists done' : borrowed (MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3) . inv'4 prod - /\ inv'5 done' + [ return' (result:Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global))-> {[%#span65] inv'5 result} + {[%#span64] exists prod : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . exists done' : borrowed (MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3) . inv'4 done' /\ resolve'0 ( ^ done') /\ completed'0 done' /\ produces'1 self prod ( * done') /\ from_iter_post'0 prod result} (! return' {result}) ] - let rec map_inv'0 (self:Range'0.t_range usize) (func:Closure'0.c06knightstour_impl1_new_closure3) (return' (ret:MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3))= {[@expl:precondition] [%#span87] inv'2 func} - {[@expl:precondition] [%#span86] inv'0 self} - {[@expl:precondition] [%#span85] preservation'0 self func} - {[@expl:precondition] [%#span84] reinitialize'0 ()} - {[@expl:precondition] [%#span83] forall i2 : Range'0.t_range usize . forall e : usize . inv'0 i2 + let rec map_inv'0 (self:Range'0.t_range usize) (func:Closure'0.c06knightstour_impl1_new_closure3) (return' (ret:MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3))= {[@expl:precondition] [%#span70] inv'2 func} + {[@expl:precondition] [%#span69] inv'0 self} + {[@expl:precondition] [%#span68] preservation'0 self func} + {[@expl:precondition] [%#span67] reinitialize'0 ()} + {[@expl:precondition] [%#span66] forall i2 : Range'0.t_range usize . forall e : usize . inv'0 i2 -> inv'1 e -> produces'0 self (singleton'0 e) i2 -> precondition'0 func (e, new'0 (empty'0 : Seq'0.t_seq usize))} any - [ return' (result:MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3)-> {[%#span89] inv'3 result} - {[%#span88] result = MapInv'0.C_MapInv self func (new'0 (empty'0 : Seq'0.t_seq usize))} + [ return' (result:MapInv'0.t_mapinv (Range'0.t_range usize) usize Closure'0.c06knightstour_impl1_new_closure3)-> {[%#span72] inv'3 result} + {[%#span71] result = MapInv'0.C_MapInv self func (new'0 (empty'0 : Seq'0.t_seq usize))} (! return' {result}) ] @@ -1229,45 +1112,37 @@ module C06KnightsTour_Impl1_Available let%span span7 = "" 0 0 0 0 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - - let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span12 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span9 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span13 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span17 = "../06_knights_tour.rs" 63 12 63 75 + let%span span13 = "../06_knights_tour.rs" 63 12 63 75 - let%span span18 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span14 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span19 = "../06_knights_tour.rs" 31 8 35 9 + let%span span15 = "../06_knights_tour.rs" 31 8 35 9 - let%span span20 = "../../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span16 = "../../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span21 = "../../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span17 = "../../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span22 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span18 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span23 = "../../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 + let%span span19 = "../../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 - let%span span24 = "" 0 0 0 0 + let%span span20 = "" 0 0 0 0 - let%span span25 = "" 0 0 0 0 + let%span span21 = "" 0 0 0 0 - let%span span26 = "../../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 + let%span span22 = "../../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 - let%span span27 = "" 0 0 0 0 + let%span span23 = "" 0 0 0 0 use prelude.prelude.UIntSize @@ -1284,74 +1159,63 @@ module C06KnightsTour_Impl1_Available use Alloc_Vec_Vec_Type as Vec'0 + predicate invariant'6 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = + [%#span6] true + + predicate inv'6 (_x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) + + axiom inv'6 : forall x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . inv'6 x = true + use prelude.prelude.UIntSize use prelude.prelude.Int constant max'0 : usize = [%#span7] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'1 (self : Seq'0.t_seq usize) : int - axiom len'1_spec : forall self : Seq'0.t_seq usize . ([%#span8] inv'7 self) -> ([%#span9] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq usize . [%#span8] len'1 self >= 0 - predicate inv'6 (_x : Vec'0.t_vec usize (Global'0.t_global)) + predicate inv'5 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'3 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'3_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span10] inv'6 self) - -> ([%#span12] inv'7 (shallow_model'3 self)) - && ([%#span11] len'1 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) - - predicate invariant'6 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span13] inv'7 (shallow_model'3 self) - - axiom inv'6 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'6 x = true + axiom shallow_model'3_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span9] inv'5 self) + -> ([%#span10] len'1 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) - predicate invariant'5 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = - [%#span6] true - - predicate inv'5 (_x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) - - axiom inv'5 : forall x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . inv'5 x = true + predicate invariant'5 (self : Vec'0.t_vec usize (Global'0.t_global)) = + [%#span11] inv'7 (shallow_model'3 self) - use seq.Seq + axiom inv'5 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'5 x = true function len'0 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) : int - axiom len'0_spec : forall self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . ([%#span8] inv'5 self) - -> ([%#span9] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . [%#span8] len'0 self >= 0 predicate inv'4 (_x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) function shallow_model'2 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) - axiom shallow_model'2_spec : forall self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . ([%#span10] inv'4 self) - -> ([%#span12] inv'5 (shallow_model'2 self)) - && ([%#span11] len'0 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'2_spec : forall self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . ([%#span9] inv'4 self) + -> ([%#span10] len'0 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'4 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) = - [%#span13] inv'5 (shallow_model'2 self) + [%#span11] inv'6 (shallow_model'2 self) axiom inv'4 : forall x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . inv'4 x = true - constant empty'1 : Seq'0.t_seq usize = [%#span14] () + constant empty'1 : Seq'0.t_seq usize - function empty_len'1 (_1 : ()) : () = - [%#span16] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span15] len'1 (empty'1 : Seq'0.t_seq usize) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span12] len'1 (empty'1 : Seq'0.t_seq usize) = 0 - constant empty'0 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) = [%#span14] () + constant empty'0 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) - function empty_len'0 (_1 : ()) : () = - [%#span16] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span15] len'0 (empty'0 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) + axiom empty_len'0_spec : forall _1 : () . [%#span12] len'0 (empty'0 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = 0 predicate invariant'3 (self : usize) = @@ -1393,25 +1257,23 @@ module C06KnightsTour_Impl1_Available use C06KnightsTour_Board_Type as Board'0 predicate in_bounds'0 [#"../06_knights_tour.rs" 61 4 61 40] (self : Board'0.t_board) (p : Point'0.t_point) = - [%#span17] 0 <= IntSize.to_int (C06KnightsTour_Point_Type.point_x p) + [%#span13] 0 <= IntSize.to_int (C06KnightsTour_Point_Type.point_x p) /\ IntSize.to_int (C06KnightsTour_Point_Type.point_x p) < UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) /\ 0 <= IntSize.to_int (C06KnightsTour_Point_Type.point_y p) /\ IntSize.to_int (C06KnightsTour_Point_Type.point_y p) < UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (x : int) : Vec'0.t_vec usize (Global'0.t_global) + function index_logic'1 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (_2 : int) : Vec'0.t_vec usize (Global'0.t_global) function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) (ix : int) : Vec'0.t_vec usize (Global'0.t_global) = - [%#span18] index_logic'1 (shallow_model'2 self) ix + [%#span14] index_logic'1 (shallow_model'2 self) ix predicate wf'0 [#"../06_knights_tour.rs" 30 4 30 23] (self : Board'0.t_board) = - [%#span19] UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) <= 1000 + [%#span15] UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) <= 1000 /\ len'0 (shallow_model'2 (C06KnightsTour_Board_Type.board_field self)) = UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) @@ -1424,47 +1286,45 @@ module C06KnightsTour_Impl1_Available use prelude.prelude.Borrow - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'2 (self : Seq'0.t_seq usize) (_2 : int) : usize predicate has_value'1 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq usize) (out : usize) = - [%#span20] index_logic'2 seq (UIntSize.to_int self) = out + [%#span16] index_logic'2 seq (UIntSize.to_int self) = out predicate in_bounds'2 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq usize) = - [%#span21] UIntSize.to_int self < len'1 seq + [%#span17] UIntSize.to_int self < len'1 seq function shallow_model'1 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize = - [%#span22] shallow_model'3 self + [%#span18] shallow_model'3 self - let rec index'1 (self:Vec'0.t_vec usize (Global'0.t_global)) (index:usize) (return' (ret:usize))= {[@expl:precondition] [%#span25] inv'1 index} - {[@expl:precondition] [%#span24] inv'2 self} - {[@expl:precondition] [%#span23] in_bounds'2 index (shallow_model'1 self)} + let rec index'1 (self:Vec'0.t_vec usize (Global'0.t_global)) (index:usize) (return' (ret:usize))= {[@expl:precondition] [%#span21] inv'1 index} + {[@expl:precondition] [%#span20] inv'2 self} + {[@expl:precondition] [%#span19] in_bounds'2 index (shallow_model'1 self)} any - [ return' (result:usize)-> {[%#span27] inv'3 result} - {[%#span26] has_value'1 index (shallow_model'1 self) result} + [ return' (result:usize)-> {[%#span23] inv'3 result} + {[%#span22] has_value'1 index (shallow_model'1 self) result} (! return' {result}) ] predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (out : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span20] index_logic'1 seq (UIntSize.to_int self) = out + [%#span16] index_logic'1 seq (UIntSize.to_int self) = out predicate in_bounds'1 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = - [%#span21] UIntSize.to_int self < len'0 seq + [%#span17] UIntSize.to_int self < len'0 seq function shallow_model'0 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) = - [%#span22] shallow_model'2 self + [%#span18] shallow_model'2 self - let rec index'0 (self:Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) (index:usize) (return' (ret:Vec'0.t_vec usize (Global'0.t_global)))= {[@expl:precondition] [%#span25] inv'1 index} - {[@expl:precondition] [%#span24] inv'0 self} - {[@expl:precondition] [%#span23] in_bounds'1 index (shallow_model'0 self)} + let rec index'0 (self:Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) (index:usize) (return' (ret:Vec'0.t_vec usize (Global'0.t_global)))= {[@expl:precondition] [%#span21] inv'1 index} + {[@expl:precondition] [%#span20] inv'0 self} + {[@expl:precondition] [%#span19] in_bounds'1 index (shallow_model'0 self)} any - [ return' (result:Vec'0.t_vec usize (Global'0.t_global))-> {[%#span27] inv'2 result} - {[%#span26] has_value'0 index (shallow_model'0 self) result} + [ return' (result:Vec'0.t_vec usize (Global'0.t_global))-> {[%#span23] inv'2 result} + {[%#span22] has_value'0 index (shallow_model'0 self) result} (! return' {result}) ] @@ -1629,125 +1489,105 @@ module C06KnightsTour_Impl1_CountDegree let%span span11 = "" 0 0 0 0 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span14 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span13 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span15 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span14 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span16 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span15 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span17 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 - - let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 - - let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - - let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - - let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 - - let%span span26 = "../../../../../creusot-contracts/src/std/vec.rs" 254 12 254 41 + let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span27 = "../../../../../creusot-contracts/src/std/vec.rs" 265 15 265 32 + let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span28 = "../../../../../creusot-contracts/src/std/vec.rs" 266 15 266 32 + let%span span19 = "../../../../../creusot-contracts/src/std/vec.rs" 254 12 254 41 - let%span span29 = "../../../../../creusot-contracts/src/std/vec.rs" 268 22 268 23 + let%span span20 = "../../../../../creusot-contracts/src/std/vec.rs" 265 15 265 32 - let%span span30 = "../../../../../creusot-contracts/src/std/vec.rs" 268 31 268 33 + let%span span21 = "../../../../../creusot-contracts/src/std/vec.rs" 266 15 266 32 - let%span span31 = "../../../../../creusot-contracts/src/std/vec.rs" 268 43 268 44 + let%span span22 = "../../../../../creusot-contracts/src/std/vec.rs" 268 22 268 23 - let%span span32 = "../../../../../creusot-contracts/src/std/vec.rs" 268 52 268 54 + let%span span23 = "../../../../../creusot-contracts/src/std/vec.rs" 268 43 268 44 - let%span span33 = "../../../../../creusot-contracts/src/std/vec.rs" 268 64 268 65 + let%span span24 = "../../../../../creusot-contracts/src/std/vec.rs" 268 64 268 65 - let%span span34 = "../../../../../creusot-contracts/src/std/vec.rs" 267 14 267 42 + let%span span25 = "../../../../../creusot-contracts/src/std/vec.rs" 267 14 267 42 - let%span span35 = "../../../../../creusot-contracts/src/std/vec.rs" 263 4 263 10 + let%span span26 = "../../../../../creusot-contracts/src/std/vec.rs" 263 4 263 10 - let%span span36 = "../../../../../creusot-contracts/src/std/vec.rs" 261 21 261 25 + let%span span27 = "../../../../../creusot-contracts/src/std/vec.rs" 261 21 261 25 - let%span span37 = "../../../../../creusot-contracts/src/std/vec.rs" 260 14 260 45 + let%span span28 = "../../../../../creusot-contracts/src/std/vec.rs" 260 14 260 45 - let%span span38 = "../../../../../creusot-contracts/src/std/vec.rs" 258 4 258 10 + let%span span29 = "../../../../../creusot-contracts/src/std/vec.rs" 258 4 258 10 - let%span span39 = "../06_knights_tour.rs" 63 12 63 75 + let%span span30 = "../06_knights_tour.rs" 63 12 63 75 - let%span span40 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span31 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span41 = "../06_knights_tour.rs" 31 8 35 9 + let%span span32 = "../06_knights_tour.rs" 31 8 35 9 - let%span span42 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 + let%span span33 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 - let%span span43 = "../../../../../creusot-contracts/src/resolve.rs" 17 8 17 60 + let%span span34 = "../../../../../creusot-contracts/src/resolve.rs" 17 8 17 60 - let%span span44 = "../../../../../creusot-contracts/src/std/vec.rs" 239 8 239 85 + let%span span35 = "../../../../../creusot-contracts/src/std/vec.rs" 239 8 239 85 - let%span span45 = "../06_knights_tour.rs" 50 15 50 24 + let%span span36 = "../06_knights_tour.rs" 50 15 50 24 - let%span span46 = "../06_knights_tour.rs" 51 4 51 44 + let%span span37 = "../06_knights_tour.rs" 51 4 51 44 - let%span span47 = "../06_knights_tour.rs" 12 15 12 52 + let%span span38 = "../06_knights_tour.rs" 12 15 12 52 - let%span span48 = "../06_knights_tour.rs" 13 15 13 52 + let%span span39 = "../06_knights_tour.rs" 13 15 13 52 - let%span span49 = "../06_knights_tour.rs" 14 15 14 46 + let%span span40 = "../06_knights_tour.rs" 14 15 14 46 - let%span span50 = "../06_knights_tour.rs" 15 15 15 46 + let%span span41 = "../06_knights_tour.rs" 15 15 15 46 - let%span span51 = "../06_knights_tour.rs" 16 14 16 41 + let%span span42 = "../06_knights_tour.rs" 16 14 16 41 - let%span span52 = "../06_knights_tour.rs" 17 14 17 41 + let%span span43 = "../06_knights_tour.rs" 17 14 17 41 - let%span span53 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span44 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span54 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span45 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span55 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span46 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span56 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span47 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span57 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span48 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span58 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span49 = "../../../../../creusot-contracts/src/std/vec.rs" 247 20 247 57 - let%span span59 = "../../../../../creusot-contracts/src/std/vec.rs" 247 20 247 57 + let%span span50 = "" 0 0 0 0 - let%span span60 = "" 0 0 0 0 + let%span span51 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - let%span span61 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 + let%span span52 = "" 0 0 0 0 - let%span span62 = "" 0 0 0 0 + let%span span53 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span63 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span54 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span64 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span55 = "../../../../../creusot-contracts/src/std/vec.rs" 191 20 191 33 - let%span span65 = "../../../../../creusot-contracts/src/std/vec.rs" 191 20 191 33 + let%span span56 = "../../../../../creusot-contracts/src/std/vec.rs" 185 20 185 24 - let%span span66 = "../../../../../creusot-contracts/src/std/vec.rs" 185 20 185 24 + let%span span57 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - let%span span67 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 + let%span span58 = "" 0 0 0 0 - let%span span68 = "" 0 0 0 0 + let%span span59 = "" 0 0 0 0 - let%span span69 = "" 0 0 0 0 + let%span span60 = "../06_knights_tour.rs" 93 10 93 28 - let%span span70 = "../06_knights_tour.rs" 93 10 93 28 - - let%span span71 = "../06_knights_tour.rs" 94 0 94 130 + let%span span61 = "../06_knights_tour.rs" 94 0 94 130 use prelude.prelude.UIntSize @@ -1764,74 +1604,63 @@ module C06KnightsTour_Impl1_CountDegree use Alloc_Vec_Vec_Type as Vec'0 + predicate invariant'8 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = + [%#span10] true + + predicate inv'8 (_x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) + + axiom inv'8 : forall x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . inv'8 x = true + use prelude.prelude.UIntSize use prelude.prelude.Int constant max'0 : usize = [%#span11] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'2 (self : Seq'0.t_seq usize) : int - axiom len'2_spec : forall self : Seq'0.t_seq usize . ([%#span12] inv'9 self) -> ([%#span13] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq usize . [%#span12] len'2 self >= 0 - predicate inv'8 (_x : Vec'0.t_vec usize (Global'0.t_global)) + predicate inv'7 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'3 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'3_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span14] inv'8 self) - -> ([%#span16] inv'9 (shallow_model'3 self)) - && ([%#span15] len'2 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'3_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span13] inv'7 self) + -> ([%#span14] len'2 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) - predicate invariant'8 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span17] inv'9 (shallow_model'3 self) + predicate invariant'7 (self : Vec'0.t_vec usize (Global'0.t_global)) = + [%#span15] inv'9 (shallow_model'3 self) - axiom inv'8 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'8 x = true - - predicate invariant'7 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = - [%#span10] true - - predicate inv'7 (_x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) - - axiom inv'7 : forall x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . inv'7 x = true - - use seq.Seq + axiom inv'7 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'7 x = true function len'1 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) : int - axiom len'1_spec : forall self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . ([%#span12] inv'7 self) - -> ([%#span13] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . [%#span12] len'1 self >= 0 predicate inv'6 (_x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) function shallow_model'2 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) - axiom shallow_model'2_spec : forall self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . ([%#span14] inv'6 self) - -> ([%#span16] inv'7 (shallow_model'2 self)) - && ([%#span15] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'2_spec : forall self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . ([%#span13] inv'6 self) + -> ([%#span14] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'6 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) = - [%#span17] inv'7 (shallow_model'2 self) + [%#span15] inv'8 (shallow_model'2 self) axiom inv'6 : forall x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . inv'6 x = true - constant empty'2 : Seq'0.t_seq usize = [%#span18] () + constant empty'2 : Seq'0.t_seq usize - function empty_len'2 (_1 : ()) : () = - [%#span20] () + function empty_len'2 (_1 : ()) : () - axiom empty_len'2_spec : forall _1 : () . [%#span19] len'2 (empty'2 : Seq'0.t_seq usize) = 0 + axiom empty_len'2_spec : forall _1 : () . [%#span16] len'2 (empty'2 : Seq'0.t_seq usize) = 0 - constant empty'1 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) = [%#span18] () + constant empty'1 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) - function empty_len'1 (_1 : ()) : () = - [%#span20] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span19] len'1 (empty'1 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) + axiom empty_len'1_spec : forall _1 : () . [%#span16] len'1 (empty'1 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = 0 use prelude.prelude.IntSize @@ -1870,41 +1699,33 @@ module C06KnightsTour_Impl1_CountDegree axiom inv'2 : forall x : Seq'0.t_seq (isize, isize) . inv'2 x = true - use seq.Seq - function len'0 (self : Seq'0.t_seq (isize, isize)) : int - axiom len'0_spec : forall self : Seq'0.t_seq (isize, isize) . ([%#span12] inv'2 self) -> ([%#span13] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (isize, isize) . [%#span12] len'0 self >= 0 predicate inv'1 (_x : Vec'0.t_vec (isize, isize) (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec (isize, isize) (Global'0.t_global)) : Seq'0.t_seq (isize, isize) - axiom shallow_model'0_spec : forall self : Vec'0.t_vec (isize, isize) (Global'0.t_global) . ([%#span14] inv'1 self) - -> ([%#span16] inv'2 (shallow_model'0 self)) - && ([%#span15] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec (isize, isize) (Global'0.t_global) . ([%#span13] inv'1 self) + -> ([%#span14] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'1 (self : Vec'0.t_vec (isize, isize) (Global'0.t_global)) = - [%#span17] inv'2 (shallow_model'0 self) + [%#span15] inv'2 (shallow_model'0 self) axiom inv'1 : forall x : Vec'0.t_vec (isize, isize) (Global'0.t_global) . inv'1 x = true - use seq.Seq - - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq (isize, isize)) (x : int) : (isize, isize) + function index_logic'1 (self : Seq'0.t_seq (isize, isize)) (_2 : int) : (isize, isize) function concat'0 (self : Seq'0.t_seq (isize, isize)) (other : Seq'0.t_seq (isize, isize)) : Seq'0.t_seq (isize, isize) - axiom concat'0_spec : forall self : Seq'0.t_seq (isize, isize), other : Seq'0.t_seq (isize, isize) . ([%#span21] inv'2 self) - -> ([%#span22] inv'2 other) - -> ([%#span25] inv'2 (concat'0 self other)) - && ([%#span24] forall i : int . 0 <= i /\ i < len'0 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq (isize, isize), other : Seq'0.t_seq (isize, isize) . ([%#span18] forall i : int . 0 + <= i + /\ i < len'0 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'0 self then index_logic'1 self i else index_logic'1 other (i - len'0 self))) - && ([%#span23] len'0 (concat'0 self other) = len'0 self + len'0 other) + && ([%#span17] len'0 (concat'0 self other) = len'0 self + len'0 other) predicate inv'0 (_x : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) @@ -1914,37 +1735,34 @@ module C06KnightsTour_Impl1_CountDegree predicate produces'0 (self : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) (visited : Seq'0.t_seq (isize, isize)) (rhs : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) = - [%#span26] shallow_model'1 self = concat'0 visited (shallow_model'1 rhs) + [%#span19] shallow_model'1 self = concat'0 visited (shallow_model'1 rhs) function produces_trans'0 (a : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) (ab : Seq'0.t_seq (isize, isize)) (b : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) (bc : Seq'0.t_seq (isize, isize)) (c : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) : () = - [%#span35] () + [%#span26] () - axiom produces_trans'0_spec : forall a : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global), ab : Seq'0.t_seq (isize, isize), b : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global), bc : Seq'0.t_seq (isize, isize), c : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global) . ([%#span27] produces'0 a ab b) - -> ([%#span28] produces'0 b bc c) - -> ([%#span29] inv'0 a) - -> ([%#span30] inv'2 ab) - -> ([%#span31] inv'0 b) - -> ([%#span32] inv'2 bc) -> ([%#span33] inv'0 c) -> ([%#span34] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global), ab : Seq'0.t_seq (isize, isize), b : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global), bc : Seq'0.t_seq (isize, isize), c : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global) . ([%#span20] produces'0 a ab b) + -> ([%#span21] produces'0 b bc c) + -> ([%#span22] inv'0 a) + -> ([%#span23] inv'0 b) -> ([%#span24] inv'0 c) -> ([%#span25] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq (isize, isize) = [%#span18] () + constant empty'0 : Seq'0.t_seq (isize, isize) function produces_refl'0 (self : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) : () = - [%#span38] () + [%#span29] () - axiom produces_refl'0_spec : forall self : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global) . ([%#span36] inv'0 self) - -> ([%#span37] produces'0 self (empty'0 : Seq'0.t_seq (isize, isize)) self) + axiom produces_refl'0_spec : forall self : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global) . ([%#span27] inv'0 self) + -> ([%#span28] produces'0 self (empty'0 : Seq'0.t_seq (isize, isize)) self) predicate invariant'0 (self : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) = [%#span10] true axiom inv'0 : forall x : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global) . inv'0 x = true - function empty_len'0 (_1 : ()) : () = - [%#span20] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span19] len'0 (empty'0 : Seq'0.t_seq (isize, isize)) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span16] len'0 (empty'0 : Seq'0.t_seq (isize, isize)) = 0 use C06KnightsTour_Point_Type as C06KnightsTour_Point_Type @@ -1957,25 +1775,23 @@ module C06KnightsTour_Impl1_CountDegree use C06KnightsTour_Board_Type as Board'0 predicate in_bounds'0 [#"../06_knights_tour.rs" 61 4 61 40] (self : Board'0.t_board) (p : Point'0.t_point) = - [%#span39] 0 <= IntSize.to_int (C06KnightsTour_Point_Type.point_x p) + [%#span30] 0 <= IntSize.to_int (C06KnightsTour_Point_Type.point_x p) /\ IntSize.to_int (C06KnightsTour_Point_Type.point_x p) < UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) /\ 0 <= IntSize.to_int (C06KnightsTour_Point_Type.point_y p) /\ IntSize.to_int (C06KnightsTour_Point_Type.point_y p) < UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) - use seq.Seq - - function index_logic'3 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (x : int) : Vec'0.t_vec usize (Global'0.t_global) + function index_logic'3 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (_2 : int) : Vec'0.t_vec usize (Global'0.t_global) function index_logic'2 [@inline:trivial] (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) (ix : int) : Vec'0.t_vec usize (Global'0.t_global) = - [%#span40] index_logic'3 (shallow_model'2 self) ix + [%#span31] index_logic'3 (shallow_model'2 self) ix predicate wf'0 [#"../06_knights_tour.rs" 30 4 30 23] (self : Board'0.t_board) = - [%#span41] UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) <= 1000 + [%#span32] UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) <= 1000 /\ len'1 (shallow_model'2 (C06KnightsTour_Board_Type.board_field self)) = UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) @@ -1987,58 +1803,55 @@ module C06KnightsTour_Impl1_CountDegree use prelude.prelude.Intrinsic predicate resolve'3 (self : isize) = - [%#span42] true + [%#span33] true predicate resolve'1 (self : (isize, isize)) = - [%#span43] resolve'3 (let (a, _) = self in a) /\ resolve'3 (let (_, a) = self in a) + [%#span34] resolve'3 (let (a, _) = self in a) /\ resolve'3 (let (_, a) = self in a) predicate resolve'2 (self : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) = - [%#span44] forall i : int . 0 <= i /\ i < len'0 (shallow_model'1 self) + [%#span35] forall i : int . 0 <= i /\ i < len'0 (shallow_model'1 self) -> resolve'1 (index_logic'1 (shallow_model'1 self) i) - let rec available'0 (self:Board'0.t_board) (p:Point'0.t_point) (return' (ret:bool))= {[@expl:precondition] [%#span45] wf'0 self} - any [ return' (result:bool)-> {[%#span46] result -> in_bounds'0 self p} (! return' {result}) ] + let rec available'0 (self:Board'0.t_board) (p:Point'0.t_point) (return' (ret:bool))= {[@expl:precondition] [%#span36] wf'0 self} + any [ return' (result:bool)-> {[%#span37] result -> in_bounds'0 self p} (! return' {result}) ] - let rec mov'0 (self:Point'0.t_point) (p:(isize, isize)) (return' (ret:Point'0.t_point))= {[@expl:precondition] [%#span50] - 10000 + let rec mov'0 (self:Point'0.t_point) (p:(isize, isize)) (return' (ret:Point'0.t_point))= {[@expl:precondition] [%#span41] - 10000 <= IntSize.to_int (let (_, a) = p in a) /\ IntSize.to_int (let (_, a) = p in a) <= 10000} - {[@expl:precondition] [%#span49] - 10000 <= IntSize.to_int (let (a, _) = p in a) + {[@expl:precondition] [%#span40] - 10000 <= IntSize.to_int (let (a, _) = p in a) /\ IntSize.to_int (let (a, _) = p in a) <= 10000} - {[@expl:precondition] [%#span48] - 10000 <= IntSize.to_int (C06KnightsTour_Point_Type.point_y self) + {[@expl:precondition] [%#span39] - 10000 <= IntSize.to_int (C06KnightsTour_Point_Type.point_y self) /\ IntSize.to_int (C06KnightsTour_Point_Type.point_y self) <= 10000} - {[@expl:precondition] [%#span47] - 10000 <= IntSize.to_int (C06KnightsTour_Point_Type.point_x self) + {[@expl:precondition] [%#span38] - 10000 <= IntSize.to_int (C06KnightsTour_Point_Type.point_x self) /\ IntSize.to_int (C06KnightsTour_Point_Type.point_x self) <= 10000} any - [ return' (result:Point'0.t_point)-> {[%#span52] IntSize.to_int (C06KnightsTour_Point_Type.point_y result) + [ return' (result:Point'0.t_point)-> {[%#span43] IntSize.to_int (C06KnightsTour_Point_Type.point_y result) = IntSize.to_int (C06KnightsTour_Point_Type.point_y self) + IntSize.to_int (let (_, a) = p in a)} - {[%#span51] IntSize.to_int (C06KnightsTour_Point_Type.point_x result) + {[%#span42] IntSize.to_int (C06KnightsTour_Point_Type.point_x result) = IntSize.to_int (C06KnightsTour_Point_Type.point_x self) + IntSize.to_int (let (a, _) = p in a)} (! return' {result}) ] - use seq.Seq - function singleton'0 (v : (isize, isize)) : Seq'0.t_seq (isize, isize) - axiom singleton'0_spec : forall v : (isize, isize) . ([%#span53] inv'5 v) - -> ([%#span56] inv'2 (singleton'0 v)) - && ([%#span55] index_logic'1 (singleton'0 v) 0 = v) && ([%#span54] len'0 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : (isize, isize) . ([%#span44] inv'5 v) + -> ([%#span46] index_logic'1 (singleton'0 v) 0 = v) && ([%#span45] len'0 (singleton'0 v) = 1) predicate resolve'0 (self : borrowed (IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global))) = - [%#span57] ^ self = * self + [%#span47] ^ self = * self function shallow_model'4 (self : borrowed (IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global))) : Seq'0.t_seq (isize, isize) = - [%#span58] shallow_model'1 ( * self) + [%#span48] shallow_model'1 ( * self) predicate completed'0 (self : borrowed (IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global))) = - [%#span59] resolve'0 self /\ shallow_model'4 self = (empty'0 : Seq'0.t_seq (isize, isize)) + [%#span49] resolve'0 self /\ shallow_model'4 self = (empty'0 : Seq'0.t_seq (isize, isize)) - let rec next'0 (self:borrowed (IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global))) (return' (ret:Option'0.t_option (isize, isize)))= {[@expl:precondition] [%#span60] inv'3 self} + let rec next'0 (self:borrowed (IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global))) (return' (ret:Option'0.t_option (isize, isize)))= {[@expl:precondition] [%#span50] inv'3 self} any - [ return' (result:Option'0.t_option (isize, isize))-> {[%#span62] inv'4 result} - {[%#span61] match result with + [ return' (result:Option'0.t_option (isize, isize))-> {[%#span52] inv'4 result} + {[%#span51] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} @@ -2057,42 +1870,42 @@ module C06KnightsTour_Impl1_CountDegree function new'1 (x : Seq'0.t_seq (isize, isize)) : Snapshot'0.t_snapshot (Seq'0.t_seq (isize, isize)) - axiom new'1_spec : forall x : Seq'0.t_seq (isize, isize) . ([%#span63] inv'2 x) -> ([%#span64] deref'0 (new'1 x) = x) + axiom new'1_spec : forall x : Seq'0.t_seq (isize, isize) . ([%#span53] inv'2 x) -> ([%#span54] deref'0 (new'1 x) = x) function new'0 (x : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) : Snapshot'0.t_snapshot (IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) - axiom new'0_spec : forall x : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global) . ([%#span63] inv'0 x) - -> ([%#span64] deref'1 (new'0 x) = x) + axiom new'0_spec : forall x : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global) . ([%#span53] inv'0 x) + -> ([%#span54] deref'1 (new'0 x) = x) predicate into_iter_post'0 (self : Vec'0.t_vec (isize, isize) (Global'0.t_global)) (res : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) = - [%#span65] shallow_model'0 self = shallow_model'1 res + [%#span55] shallow_model'0 self = shallow_model'1 res predicate into_iter_pre'0 (self : Vec'0.t_vec (isize, isize) (Global'0.t_global)) = - [%#span66] true + [%#span56] true - let rec into_iter'0 (self:Vec'0.t_vec (isize, isize) (Global'0.t_global)) (return' (ret:IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)))= {[@expl:precondition] [%#span68] inv'1 self} - {[@expl:precondition] [%#span67] into_iter_pre'0 self} + let rec into_iter'0 (self:Vec'0.t_vec (isize, isize) (Global'0.t_global)) (return' (ret:IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)))= {[@expl:precondition] [%#span58] inv'1 self} + {[@expl:precondition] [%#span57] into_iter_pre'0 self} any - [ return' (result:IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global))-> {[%#span69] inv'0 result} - {[%#span67] into_iter_post'0 self result} + [ return' (result:IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global))-> {[%#span59] inv'0 result} + {[%#span57] into_iter_post'0 self result} (! return' {result}) ] function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec (isize, isize) (Global'0.t_global)) (ix : int) : (isize, isize) = - [%#span40] index_logic'1 (shallow_model'0 self) ix + [%#span31] index_logic'1 (shallow_model'0 self) ix let rec moves'0 (_1:()) (return' (ret:Vec'0.t_vec (isize, isize) (Global'0.t_global)))= any - [ return' (result:Vec'0.t_vec (isize, isize) (Global'0.t_global))-> {[%#span71] forall i : int . 0 <= i /\ i < 8 + [ return' (result:Vec'0.t_vec (isize, isize) (Global'0.t_global))-> {[%#span61] forall i : int . 0 <= i /\ i < 8 -> - 2 <= IntSize.to_int (let (a, _) = index_logic'0 result i in a) /\ IntSize.to_int (let (a, _) = index_logic'0 result i in a) <= 2 /\ - 2 <= IntSize.to_int (let (_, a) = index_logic'0 result i in a) /\ IntSize.to_int (let (_, a) = index_logic'0 result i in a) <= 2} - {[%#span70] len'0 (shallow_model'0 result) = 8} + {[%#span60] len'0 (shallow_model'0 result) = 8} (! return' {result}) ] @@ -2214,55 +2027,47 @@ module C06KnightsTour_Impl1_Set let%span span5 = "" 0 0 0 0 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span8 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - - let%span span9 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span7 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span8 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 - - let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span9 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span15 = "../06_knights_tour.rs" 63 12 63 75 + let%span span11 = "../06_knights_tour.rs" 63 12 63 75 - let%span span16 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span12 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span17 = "../06_knights_tour.rs" 31 8 35 9 + let%span span13 = "../06_knights_tour.rs" 31 8 35 9 - let%span span18 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span14 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span19 = "../../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 + let%span span15 = "../../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 - let%span span20 = "../../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span16 = "../../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span21 = "../../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span17 = "../../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span22 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span18 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span23 = "../../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 + let%span span19 = "../../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 - let%span span24 = "" 0 0 0 0 + let%span span20 = "" 0 0 0 0 - let%span span25 = "" 0 0 0 0 + let%span span21 = "" 0 0 0 0 - let%span span26 = "../../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 + let%span span22 = "../../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 - let%span span27 = "../../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 + let%span span23 = "../../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 - let%span span28 = "../../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 + let%span span24 = "../../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 - let%span span29 = "../../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 + let%span span25 = "../../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 - let%span span30 = "" 0 0 0 0 + let%span span26 = "" 0 0 0 0 use prelude.prelude.UIntSize @@ -2279,58 +2084,49 @@ module C06KnightsTour_Impl1_Set use Alloc_Vec_Vec_Type as Vec'0 + predicate invariant'6 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = + [%#span4] true + + predicate inv'6 (_x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) + + axiom inv'6 : forall x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . inv'6 x = true + use prelude.prelude.UIntSize use prelude.prelude.Int constant max'0 : usize = [%#span5] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'1 (self : Seq'0.t_seq usize) : int - axiom len'1_spec : forall self : Seq'0.t_seq usize . ([%#span6] inv'7 self) -> ([%#span7] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq usize . [%#span6] len'1 self >= 0 - predicate inv'6 (_x : Vec'0.t_vec usize (Global'0.t_global)) + predicate inv'5 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'3 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'3_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span8] inv'6 self) - -> ([%#span10] inv'7 (shallow_model'3 self)) - && ([%#span9] len'1 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) - - predicate invariant'6 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span11] inv'7 (shallow_model'3 self) - - axiom inv'6 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'6 x = true - - predicate invariant'5 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = - [%#span4] true - - predicate inv'5 (_x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) + axiom shallow_model'3_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span7] inv'5 self) + -> ([%#span8] len'1 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) - axiom inv'5 : forall x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . inv'5 x = true + predicate invariant'5 (self : Vec'0.t_vec usize (Global'0.t_global)) = + [%#span9] inv'7 (shallow_model'3 self) - use seq.Seq + axiom inv'5 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'5 x = true function len'0 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) : int - axiom len'0_spec : forall self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . ([%#span6] inv'5 self) - -> ([%#span7] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . [%#span6] len'0 self >= 0 predicate inv'4 (_x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) function shallow_model'1 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) - axiom shallow_model'1_spec : forall self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . ([%#span8] inv'4 self) - -> ([%#span10] inv'5 (shallow_model'1 self)) - && ([%#span9] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'1_spec : forall self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . ([%#span7] inv'4 self) + -> ([%#span8] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'4 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) = - [%#span11] inv'5 (shallow_model'1 self) + [%#span9] inv'6 (shallow_model'1 self) axiom inv'4 : forall x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . inv'4 x = true @@ -2343,12 +2139,11 @@ module C06KnightsTour_Impl1_Set axiom inv'3 : forall x : borrowed usize . inv'3 x = true - constant empty'1 : Seq'0.t_seq usize = [%#span12] () + constant empty'1 : Seq'0.t_seq usize - function empty_len'1 (_1 : ()) : () = - [%#span14] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span13] len'1 (empty'1 : Seq'0.t_seq usize) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span10] len'1 (empty'1 : Seq'0.t_seq usize) = 0 predicate invariant'2 (self : borrowed (Vec'0.t_vec usize (Global'0.t_global))) = [%#span4] true @@ -2357,12 +2152,11 @@ module C06KnightsTour_Impl1_Set axiom inv'2 : forall x : borrowed (Vec'0.t_vec usize (Global'0.t_global)) . inv'2 x = true - constant empty'0 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) = [%#span12] () + constant empty'0 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) - function empty_len'0 (_1 : ()) : () = - [%#span14] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span13] len'0 (empty'0 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) + axiom empty_len'0_spec : forall _1 : () . [%#span10] len'0 (empty'0 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = 0 predicate invariant'1 (self : usize) = @@ -2391,25 +2185,23 @@ module C06KnightsTour_Impl1_Set use C06KnightsTour_Board_Type as Board'0 predicate in_bounds'0 [#"../06_knights_tour.rs" 61 4 61 40] (self : Board'0.t_board) (p : Point'0.t_point) = - [%#span15] 0 <= IntSize.to_int (C06KnightsTour_Point_Type.point_x p) + [%#span11] 0 <= IntSize.to_int (C06KnightsTour_Point_Type.point_x p) /\ IntSize.to_int (C06KnightsTour_Point_Type.point_x p) < UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) /\ 0 <= IntSize.to_int (C06KnightsTour_Point_Type.point_y p) /\ IntSize.to_int (C06KnightsTour_Point_Type.point_y p) < UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (x : int) : Vec'0.t_vec usize (Global'0.t_global) + function index_logic'1 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (_2 : int) : Vec'0.t_vec usize (Global'0.t_global) function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) (ix : int) : Vec'0.t_vec usize (Global'0.t_global) = - [%#span16] index_logic'1 (shallow_model'1 self) ix + [%#span12] index_logic'1 (shallow_model'1 self) ix predicate wf'0 [#"../06_knights_tour.rs" 30 4 30 23] (self : Board'0.t_board) = - [%#span17] UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) <= 1000 + [%#span13] UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) <= 1000 /\ len'0 (shallow_model'1 (C06KnightsTour_Board_Type.board_field self)) = UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) @@ -2419,73 +2211,71 @@ module C06KnightsTour_Impl1_Set use prelude.prelude.Intrinsic predicate resolve'2 (self : borrowed (Board'0.t_board)) = - [%#span18] ^ self = * self + [%#span14] ^ self = * self predicate resolve'1 (self : borrowed (Vec'0.t_vec usize (Global'0.t_global))) = - [%#span18] ^ self = * self + [%#span14] ^ self = * self predicate resolve'0 (self : borrowed usize) = - [%#span18] ^ self = * self + [%#span14] ^ self = * self use prelude.prelude.Slice - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'2 (self : Seq'0.t_seq usize) (_2 : int) : usize predicate resolve_elswhere'1 [@inline:trivial] (self : usize) (old' : Seq'0.t_seq usize) (fin : Seq'0.t_seq usize) = - [%#span19] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'1 old' + [%#span15] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'1 old' -> index_logic'2 old' i = index_logic'2 fin i predicate has_value'1 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq usize) (out : usize) = - [%#span20] index_logic'2 seq (UIntSize.to_int self) = out + [%#span16] index_logic'2 seq (UIntSize.to_int self) = out predicate in_bounds'2 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq usize) = - [%#span21] UIntSize.to_int self < len'1 seq + [%#span17] UIntSize.to_int self < len'1 seq function shallow_model'2 (self : borrowed (Vec'0.t_vec usize (Global'0.t_global))) : Seq'0.t_seq usize = - [%#span22] shallow_model'3 ( * self) + [%#span18] shallow_model'3 ( * self) - let rec index_mut'1 (self:borrowed (Vec'0.t_vec usize (Global'0.t_global))) (index:usize) (return' (ret:borrowed usize))= {[@expl:precondition] [%#span25] inv'1 index} - {[@expl:precondition] [%#span24] inv'2 self} - {[@expl:precondition] [%#span23] in_bounds'2 index (shallow_model'2 self)} + let rec index_mut'1 (self:borrowed (Vec'0.t_vec usize (Global'0.t_global))) (index:usize) (return' (ret:borrowed usize))= {[@expl:precondition] [%#span21] inv'1 index} + {[@expl:precondition] [%#span20] inv'2 self} + {[@expl:precondition] [%#span19] in_bounds'2 index (shallow_model'2 self)} any - [ return' (result:borrowed usize)-> {[%#span30] inv'3 result} - {[%#span29] len'1 (shallow_model'3 ( ^ self)) = len'1 (shallow_model'2 self)} - {[%#span28] resolve_elswhere'1 index (shallow_model'2 self) (shallow_model'3 ( ^ self))} - {[%#span27] has_value'1 index (shallow_model'3 ( ^ self)) ( ^ result)} - {[%#span26] has_value'1 index (shallow_model'2 self) ( * result)} + [ return' (result:borrowed usize)-> {[%#span26] inv'3 result} + {[%#span25] len'1 (shallow_model'3 ( ^ self)) = len'1 (shallow_model'2 self)} + {[%#span24] resolve_elswhere'1 index (shallow_model'2 self) (shallow_model'3 ( ^ self))} + {[%#span23] has_value'1 index (shallow_model'3 ( ^ self)) ( ^ result)} + {[%#span22] has_value'1 index (shallow_model'2 self) ( * result)} (! return' {result}) ] predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (fin : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = - [%#span19] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'0 old' + [%#span15] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'0 old' -> index_logic'1 old' i = index_logic'1 fin i predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (out : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span20] index_logic'1 seq (UIntSize.to_int self) = out + [%#span16] index_logic'1 seq (UIntSize.to_int self) = out predicate in_bounds'1 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = - [%#span21] UIntSize.to_int self < len'0 seq + [%#span17] UIntSize.to_int self < len'0 seq function shallow_model'0 (self : borrowed (Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global))) : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) = - [%#span22] shallow_model'1 ( * self) + [%#span18] shallow_model'1 ( * self) - let rec index_mut'0 (self:borrowed (Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global))) (index:usize) (return' (ret:borrowed (Vec'0.t_vec usize (Global'0.t_global))))= {[@expl:precondition] [%#span25] inv'1 index} - {[@expl:precondition] [%#span24] inv'0 self} - {[@expl:precondition] [%#span23] in_bounds'1 index (shallow_model'0 self)} + let rec index_mut'0 (self:borrowed (Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global))) (index:usize) (return' (ret:borrowed (Vec'0.t_vec usize (Global'0.t_global))))= {[@expl:precondition] [%#span21] inv'1 index} + {[@expl:precondition] [%#span20] inv'0 self} + {[@expl:precondition] [%#span19] in_bounds'1 index (shallow_model'0 self)} any - [ return' (result:borrowed (Vec'0.t_vec usize (Global'0.t_global)))-> {[%#span30] inv'2 result} - {[%#span29] len'0 (shallow_model'1 ( ^ self)) = len'0 (shallow_model'0 self)} - {[%#span28] resolve_elswhere'0 index (shallow_model'0 self) (shallow_model'1 ( ^ self))} - {[%#span27] has_value'0 index (shallow_model'1 ( ^ self)) ( ^ result)} - {[%#span26] has_value'0 index (shallow_model'0 self) ( * result)} + [ return' (result:borrowed (Vec'0.t_vec usize (Global'0.t_global)))-> {[%#span26] inv'2 result} + {[%#span25] len'0 (shallow_model'1 ( ^ self)) = len'0 (shallow_model'0 self)} + {[%#span24] resolve_elswhere'0 index (shallow_model'0 self) (shallow_model'1 ( ^ self))} + {[%#span23] has_value'0 index (shallow_model'1 ( ^ self)) ( ^ result)} + {[%#span22] has_value'0 index (shallow_model'0 self) ( * result)} (! return' {result}) ] @@ -2592,118 +2382,99 @@ module C06KnightsTour_Min let%span span7 = "" 0 0 0 0 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 - - let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - - let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - - let%span span12 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 - - let%span span13 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span9 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span15 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 - - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 - - let%span span18 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span19 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span12 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span20 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span13 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span14 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span22 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 + let%span span15 = "../../../../../creusot-contracts/src/std/slice.rs" 18 21 18 25 - let%span span23 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 + let%span span16 = "../../../../../creusot-contracts/src/std/slice.rs" 17 14 17 41 - let%span span24 = "../../../../../creusot-contracts/src/std/slice.rs" 18 4 18 50 + let%span span17 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 - let%span span25 = "../../../../../creusot-contracts/src/logic/ops.rs" 43 8 43 31 + let%span span18 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span26 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span19 = "../../../../../creusot-contracts/src/std/slice.rs" 76 19 76 23 - let%span span27 = "../../../../../creusot-contracts/src/std/slice.rs" 76 19 76 23 + let%span span20 = "../../../../../creusot-contracts/src/std/slice.rs" 74 14 74 41 - let%span span28 = "../../../../../creusot-contracts/src/std/slice.rs" 74 14 74 41 + let%span span21 = "../../../../../creusot-contracts/src/std/slice.rs" 75 4 75 82 - let%span span29 = "../../../../../creusot-contracts/src/std/slice.rs" 75 4 75 82 + let%span span22 = "../../../../../creusot-contracts/src/std/slice.rs" 384 12 384 66 - let%span span30 = "../../../../../creusot-contracts/src/std/slice.rs" 76 4 76 35 + let%span span23 = "../../../../../creusot-contracts/src/std/slice.rs" 395 15 395 32 - let%span span31 = "../../../../../creusot-contracts/src/std/slice.rs" 384 12 384 66 + let%span span24 = "../../../../../creusot-contracts/src/std/slice.rs" 396 15 396 32 - let%span span32 = "../../../../../creusot-contracts/src/std/slice.rs" 395 15 395 32 + let%span span25 = "../../../../../creusot-contracts/src/std/slice.rs" 397 14 397 42 - let%span span33 = "../../../../../creusot-contracts/src/std/slice.rs" 396 15 396 32 + let%span span26 = "../../../../../creusot-contracts/src/std/slice.rs" 393 4 393 10 - let%span span34 = "../../../../../creusot-contracts/src/std/slice.rs" 398 31 398 33 + let%span span27 = "../../../../../creusot-contracts/src/std/slice.rs" 390 14 390 45 - let%span span35 = "../../../../../creusot-contracts/src/std/slice.rs" 398 61 398 63 + let%span span28 = "../../../../../creusot-contracts/src/std/slice.rs" 388 4 388 10 - let%span span36 = "../../../../../creusot-contracts/src/std/slice.rs" 397 14 397 42 + let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span37 = "../../../../../creusot-contracts/src/std/slice.rs" 393 4 393 10 + let%span span30 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span38 = "../../../../../creusot-contracts/src/std/slice.rs" 390 14 390 45 + let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span39 = "../../../../../creusot-contracts/src/std/slice.rs" 388 4 388 10 + let%span span32 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span40 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span33 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span41 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span34 = "../../../../../creusot-contracts/src/std/slice.rs" 377 20 377 61 - let%span span42 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span35 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - let%span span43 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span36 = "" 0 0 0 0 - let%span span44 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span37 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span45 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span38 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span46 = "../../../../../creusot-contracts/src/std/slice.rs" 377 20 377 61 + let%span span39 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span47 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 + let%span span40 = "../../../../../creusot-contracts/src/std/vec.rs" 205 20 205 34 - let%span span48 = "" 0 0 0 0 + let%span span41 = "../../../../../creusot-contracts/src/std/vec.rs" 199 20 199 24 - let%span span49 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span42 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - let%span span50 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span43 = "" 0 0 0 0 - let%span span51 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + use C06KnightsTour_Point_Type as Point'0 - let%span span52 = "../../../../../creusot-contracts/src/std/vec.rs" 205 20 205 34 + use prelude.prelude.UIntSize - let%span span53 = "../../../../../creusot-contracts/src/std/vec.rs" 199 20 199 24 + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - let%span span54 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 + predicate invariant'8 (self : Seq'0.t_seq (usize, Point'0.t_point)) = + [%#span6] true - let%span span55 = "" 0 0 0 0 + predicate inv'8 (_x : Seq'0.t_seq (usize, Point'0.t_point)) - use C06KnightsTour_Point_Type as Point'0 - - use prelude.prelude.UIntSize + axiom inv'8 : forall x : Seq'0.t_seq (usize, Point'0.t_point) . inv'8 x = true use prelude.prelude.Slice - predicate invariant'8 (self : slice (usize, Point'0.t_point)) = + predicate invariant'7 (self : slice (usize, Point'0.t_point)) = [%#span6] true - predicate inv'8 (_x : slice (usize, Point'0.t_point)) + predicate inv'7 (_x : slice (usize, Point'0.t_point)) - axiom inv'8 : forall x : slice (usize, Point'0.t_point) . inv'8 x = true - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - - predicate inv'3 (_x : Seq'0.t_seq (usize, Point'0.t_point)) + axiom inv'7 : forall x : slice (usize, Point'0.t_point) . inv'7 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -2715,56 +2486,45 @@ module C06KnightsTour_Min constant max'0 : usize = [%#span7] (18446744073709551615 : usize) - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq (usize, Point'0.t_point)) : int - axiom len'0_spec : forall self : Seq'0.t_seq (usize, Point'0.t_point) . ([%#span8] inv'3 self) - -> ([%#span9] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (usize, Point'0.t_point) . [%#span8] len'0 self >= 0 - predicate inv'7 (_x : Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global)) + predicate inv'6 (_x : Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global)) function shallow_model'2 (self : Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global)) : Seq'0.t_seq (usize, Point'0.t_point) - axiom shallow_model'2_spec : forall self : Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global) . ([%#span10] inv'7 self) - -> ([%#span12] inv'3 (shallow_model'2 self)) - && ([%#span11] len'0 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'2_spec : forall self : Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global) . ([%#span9] inv'6 self) + -> ([%#span10] len'0 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) - predicate invariant'7 (self : Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global)) = - [%#span13] inv'3 (shallow_model'2 self) + predicate invariant'6 (self : Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global)) = + [%#span11] inv'8 (shallow_model'2 self) - axiom inv'7 : forall x : Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global) . inv'7 x = true + axiom inv'6 : forall x : Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global) . inv'6 x = true - predicate invariant'6 (self : slice (usize, Point'0.t_point)) = + predicate invariant'5 (self : slice (usize, Point'0.t_point)) = [%#span6] true - predicate inv'6 (_x : slice (usize, Point'0.t_point)) + predicate inv'5 (_x : slice (usize, Point'0.t_point)) - axiom inv'6 : forall x : slice (usize, Point'0.t_point) . inv'6 x = true + axiom inv'5 : forall x : slice (usize, Point'0.t_point) . inv'5 x = true - predicate invariant'5 (self : (usize, Point'0.t_point)) = + predicate invariant'4 (self : (usize, Point'0.t_point)) = [%#span6] true - predicate inv'5 (_x : (usize, Point'0.t_point)) + predicate inv'4 (_x : (usize, Point'0.t_point)) - axiom inv'5 : forall x : (usize, Point'0.t_point) . inv'5 x = true + axiom inv'4 : forall x : (usize, Point'0.t_point) . inv'4 x = true use Core_Option_Option_Type as Option'0 - predicate invariant'4 (self : Option'0.t_option (usize, Point'0.t_point)) = + predicate invariant'3 (self : Option'0.t_option (usize, Point'0.t_point)) = [%#span6] true - predicate inv'4 (_x : Option'0.t_option (usize, Point'0.t_point)) - - axiom inv'4 : forall x : Option'0.t_option (usize, Point'0.t_point) . inv'4 x = true + predicate inv'3 (_x : Option'0.t_option (usize, Point'0.t_point)) - predicate invariant'3 (self : Seq'0.t_seq (usize, Point'0.t_point)) = - [%#span6] true - - axiom inv'3 : forall x : Seq'0.t_seq (usize, Point'0.t_point) . inv'3 x = true + axiom inv'3 : forall x : Option'0.t_option (usize, Point'0.t_point) . inv'3 x = true predicate invariant'2 (self : Seq'0.t_seq (usize, Point'0.t_point)) = [%#span6] true @@ -2780,88 +2540,74 @@ module C06KnightsTour_Min axiom inv'1 : forall x : Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global) . inv'1 x = true - constant empty'1 : Seq'0.t_seq (usize, Point'0.t_point) = [%#span14] () + constant empty'1 : Seq'0.t_seq (usize, Point'0.t_point) - function empty_len'1 (_1 : ()) : () = - [%#span16] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span15] len'0 (empty'1 : Seq'0.t_seq (usize, Point'0.t_point)) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span12] len'0 (empty'1 : Seq'0.t_seq (usize, Point'0.t_point)) = 0 use prelude.prelude.Borrow use Core_Slice_Iter_Iter_Type as Iter'0 - use seq.Seq - - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq (usize, Point'0.t_point)) (x : int) : (usize, Point'0.t_point) - - use seq.Seq + function index_logic'2 (self : Seq'0.t_seq (usize, Point'0.t_point)) (_2 : int) : (usize, Point'0.t_point) function len'1 (self : Seq'0.t_seq (usize, Point'0.t_point)) : int - axiom len'1_spec : forall self : Seq'0.t_seq (usize, Point'0.t_point) . ([%#span8] inv'2 self) - -> ([%#span9] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq (usize, Point'0.t_point) . [%#span8] len'1 self >= 0 function concat'0 (self : Seq'0.t_seq (usize, Point'0.t_point)) (other : Seq'0.t_seq (usize, Point'0.t_point)) : Seq'0.t_seq (usize, Point'0.t_point) - axiom concat'0_spec : forall self : Seq'0.t_seq (usize, Point'0.t_point), other : Seq'0.t_seq (usize, Point'0.t_point) . ([%#span17] inv'2 self) - -> ([%#span18] inv'2 other) - -> ([%#span21] inv'2 (concat'0 self other)) - && ([%#span20] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq (usize, Point'0.t_point), other : Seq'0.t_seq (usize, Point'0.t_point) . ([%#span14] forall i : int . 0 + <= i + /\ i < len'1 (concat'0 self other) -> index_logic'2 (concat'0 self other) i = (if i < len'1 self then index_logic'2 self i else index_logic'2 other (i - len'1 self))) - && ([%#span19] len'1 (concat'0 self other) = len'1 self + len'1 other) - - use seq.Seq + && ([%#span13] len'1 (concat'0 self other) = len'1 self + len'1 other) - function index_logic'1 (self : Seq'0.t_seq (usize, Point'0.t_point)) (x : int) : (usize, Point'0.t_point) + function index_logic'1 (self : Seq'0.t_seq (usize, Point'0.t_point)) (_2 : int) : (usize, Point'0.t_point) function shallow_model'5 (self : slice (usize, Point'0.t_point)) : Seq'0.t_seq (usize, Point'0.t_point) - axiom shallow_model'5_spec : forall self : slice (usize, Point'0.t_point) . ([%#span22] inv'8 self) - -> ([%#span24] inv'3 (shallow_model'5 self)) - && ([%#span23] len'0 (shallow_model'5 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'5_spec : forall self : slice (usize, Point'0.t_point) . ([%#span15] inv'7 self) + -> ([%#span16] len'0 (shallow_model'5 self) <= UIntSize.to_int (max'0 : usize)) function index_logic'3 [@inline:trivial] (self : slice (usize, Point'0.t_point)) (ix : int) : (usize, Point'0.t_point) = - [%#span25] index_logic'1 (shallow_model'5 self) ix + [%#span17] index_logic'1 (shallow_model'5 self) ix function shallow_model'3 (self : slice (usize, Point'0.t_point)) : Seq'0.t_seq (usize, Point'0.t_point) = - [%#span26] shallow_model'5 self + [%#span18] shallow_model'5 self function to_ref_seq'0 (self : slice (usize, Point'0.t_point)) : Seq'0.t_seq (usize, Point'0.t_point) - axiom to_ref_seq'0_spec : forall self : slice (usize, Point'0.t_point) . ([%#span27] inv'6 self) - -> ([%#span30] inv'2 (to_ref_seq'0 self)) - && ([%#span29] forall i : int . 0 <= i /\ i < len'1 (to_ref_seq'0 self) + axiom to_ref_seq'0_spec : forall self : slice (usize, Point'0.t_point) . ([%#span19] inv'5 self) + -> ([%#span21] forall i : int . 0 <= i /\ i < len'1 (to_ref_seq'0 self) -> index_logic'2 (to_ref_seq'0 self) i = index_logic'3 self i) - && ([%#span28] len'1 (to_ref_seq'0 self) = len'0 (shallow_model'3 self)) + && ([%#span20] len'1 (to_ref_seq'0 self) = len'0 (shallow_model'3 self)) function shallow_model'1 (self : Iter'0.t_iter (usize, Point'0.t_point)) : slice (usize, Point'0.t_point) predicate produces'0 (self : Iter'0.t_iter (usize, Point'0.t_point)) (visited : Seq'0.t_seq (usize, Point'0.t_point)) (tl : Iter'0.t_iter (usize, Point'0.t_point)) = - [%#span31] to_ref_seq'0 (shallow_model'1 self) = concat'0 visited (to_ref_seq'0 (shallow_model'1 tl)) + [%#span22] to_ref_seq'0 (shallow_model'1 self) = concat'0 visited (to_ref_seq'0 (shallow_model'1 tl)) function produces_trans'0 (a : Iter'0.t_iter (usize, Point'0.t_point)) (ab : Seq'0.t_seq (usize, Point'0.t_point)) (b : Iter'0.t_iter (usize, Point'0.t_point)) (bc : Seq'0.t_seq (usize, Point'0.t_point)) (c : Iter'0.t_iter (usize, Point'0.t_point)) : () = - [%#span37] () + [%#span26] () - axiom produces_trans'0_spec : forall a : Iter'0.t_iter (usize, Point'0.t_point), ab : Seq'0.t_seq (usize, Point'0.t_point), b : Iter'0.t_iter (usize, Point'0.t_point), bc : Seq'0.t_seq (usize, Point'0.t_point), c : Iter'0.t_iter (usize, Point'0.t_point) . ([%#span32] produces'0 a ab b) - -> ([%#span33] produces'0 b bc c) - -> ([%#span34] inv'2 ab) -> ([%#span35] inv'2 bc) -> ([%#span36] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : Iter'0.t_iter (usize, Point'0.t_point), ab : Seq'0.t_seq (usize, Point'0.t_point), b : Iter'0.t_iter (usize, Point'0.t_point), bc : Seq'0.t_seq (usize, Point'0.t_point), c : Iter'0.t_iter (usize, Point'0.t_point) . ([%#span23] produces'0 a ab b) + -> ([%#span24] produces'0 b bc c) -> ([%#span25] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq (usize, Point'0.t_point) = [%#span14] () + constant empty'0 : Seq'0.t_seq (usize, Point'0.t_point) function produces_refl'0 (self : Iter'0.t_iter (usize, Point'0.t_point)) : () = - [%#span39] () + [%#span28] () - axiom produces_refl'0_spec : forall self : Iter'0.t_iter (usize, Point'0.t_point) . [%#span38] produces'0 self (empty'0 : Seq'0.t_seq (usize, Point'0.t_point)) self + axiom produces_refl'0_spec : forall self : Iter'0.t_iter (usize, Point'0.t_point) . [%#span27] produces'0 self (empty'0 : Seq'0.t_seq (usize, Point'0.t_point)) self predicate invariant'0 (self : Iter'0.t_iter (usize, Point'0.t_point)) = [%#span6] true @@ -2870,36 +2616,32 @@ module C06KnightsTour_Min axiom inv'0 : forall x : Iter'0.t_iter (usize, Point'0.t_point) . inv'0 x = true - function empty_len'0 (_1 : ()) : () = - [%#span16] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span15] len'1 (empty'0 : Seq'0.t_seq (usize, Point'0.t_point)) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span12] len'1 (empty'0 : Seq'0.t_seq (usize, Point'0.t_point)) = 0 use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 use prelude.prelude.Intrinsic - use seq.Seq - function singleton'0 (v : (usize, Point'0.t_point)) : Seq'0.t_seq (usize, Point'0.t_point) - axiom singleton'0_spec : forall v : (usize, Point'0.t_point) . ([%#span40] inv'5 v) - -> ([%#span43] inv'2 (singleton'0 v)) - && ([%#span42] index_logic'2 (singleton'0 v) 0 = v) && ([%#span41] len'1 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : (usize, Point'0.t_point) . ([%#span29] inv'4 v) + -> ([%#span31] index_logic'2 (singleton'0 v) 0 = v) && ([%#span30] len'1 (singleton'0 v) = 1) predicate resolve'0 (self : borrowed (Iter'0.t_iter (usize, Point'0.t_point))) = - [%#span44] ^ self = * self + [%#span32] ^ self = * self function shallow_model'4 (self : borrowed (Iter'0.t_iter (usize, Point'0.t_point))) : slice (usize, Point'0.t_point) = - [%#span45] shallow_model'1 ( * self) + [%#span33] shallow_model'1 ( * self) predicate completed'0 (self : borrowed (Iter'0.t_iter (usize, Point'0.t_point))) = - [%#span46] resolve'0 self + [%#span34] resolve'0 self /\ shallow_model'5 (shallow_model'4 self) = (empty'1 : Seq'0.t_seq (usize, Point'0.t_point)) let rec next'0 (self:borrowed (Iter'0.t_iter (usize, Point'0.t_point))) (return' (ret:Option'0.t_option (usize, Point'0.t_point)))= any - [ return' (result:Option'0.t_option (usize, Point'0.t_point))-> {[%#span48] inv'4 result} - {[%#span47] match result with + [ return' (result:Option'0.t_option (usize, Point'0.t_point))-> {[%#span36] inv'3 result} + {[%#span35] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} @@ -2909,12 +2651,12 @@ module C06KnightsTour_Min function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global)) (ix : int) : (usize, Point'0.t_point) = - [%#span49] index_logic'1 (shallow_model'2 self) ix + [%#span37] index_logic'1 (shallow_model'2 self) ix function shallow_model'0 (self : Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global)) : Seq'0.t_seq (usize, Point'0.t_point) = - [%#span26] shallow_model'2 self + [%#span18] shallow_model'2 self function deref'1 (self : Snapshot'0.t_snapshot (Seq'0.t_seq (usize, Point'0.t_point))) : Seq'0.t_seq (usize, Point'0.t_point) @@ -2931,27 +2673,27 @@ module C06KnightsTour_Min function new'1 (x : Seq'0.t_seq (usize, Point'0.t_point)) : Snapshot'0.t_snapshot (Seq'0.t_seq (usize, Point'0.t_point)) - axiom new'1_spec : forall x : Seq'0.t_seq (usize, Point'0.t_point) . ([%#span50] inv'2 x) - -> ([%#span51] deref'1 (new'1 x) = x) + axiom new'1_spec : forall x : Seq'0.t_seq (usize, Point'0.t_point) . ([%#span38] inv'2 x) + -> ([%#span39] deref'1 (new'1 x) = x) function new'0 (x : Iter'0.t_iter (usize, Point'0.t_point)) : Snapshot'0.t_snapshot (Iter'0.t_iter (usize, Point'0.t_point)) - axiom new'0_spec : forall x : Iter'0.t_iter (usize, Point'0.t_point) . ([%#span50] inv'0 x) - -> ([%#span51] deref'0 (new'0 x) = x) + axiom new'0_spec : forall x : Iter'0.t_iter (usize, Point'0.t_point) . ([%#span38] inv'0 x) + -> ([%#span39] deref'0 (new'0 x) = x) predicate into_iter_post'0 (self : Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global)) (res : Iter'0.t_iter (usize, Point'0.t_point)) = - [%#span52] shallow_model'0 self = shallow_model'3 (shallow_model'1 res) + [%#span40] shallow_model'0 self = shallow_model'3 (shallow_model'1 res) predicate into_iter_pre'0 (self : Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global)) = - [%#span53] true + [%#span41] true - let rec into_iter'0 (self:Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global)) (return' (ret:Iter'0.t_iter (usize, Point'0.t_point)))= {[@expl:precondition] [%#span55] inv'1 self} - {[@expl:precondition] [%#span54] into_iter_pre'0 self} + let rec into_iter'0 (self:Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global)) (return' (ret:Iter'0.t_iter (usize, Point'0.t_point)))= {[@expl:precondition] [%#span43] inv'1 self} + {[@expl:precondition] [%#span42] into_iter_pre'0 self} any - [ return' (result:Iter'0.t_iter (usize, Point'0.t_point))-> {[%#span54] into_iter_post'0 self result} + [ return' (result:Iter'0.t_iter (usize, Point'0.t_point))-> {[%#span42] into_iter_post'0 self result} (! return' {result}) ] @@ -3125,359 +2867,320 @@ module C06KnightsTour_KnightsTour let%span s06_knights_tour19 = "../06_knights_tour.rs" 135 11 135 19 - let%span span20 = "" 0 0 0 0 + let%span span20 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span21 = "" 0 0 0 0 - let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 let%span span23 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 let%span span24 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span25 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span25 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span26 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span27 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 + let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span28 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span29 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span29 = "../../../../../creusot-contracts/src/std/vec.rs" 254 12 254 41 - let%span span30 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span30 = "../../../../../creusot-contracts/src/std/vec.rs" 265 15 265 32 - let%span span31 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span31 = "../../../../../creusot-contracts/src/std/vec.rs" 266 15 266 32 - let%span span32 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span32 = "../../../../../creusot-contracts/src/std/vec.rs" 268 22 268 23 - let%span span33 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span33 = "../../../../../creusot-contracts/src/std/vec.rs" 268 43 268 44 - let%span span34 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span34 = "../../../../../creusot-contracts/src/std/vec.rs" 268 64 268 65 - let%span span35 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span35 = "../../../../../creusot-contracts/src/std/vec.rs" 267 14 267 42 - let%span span36 = "../../../../../creusot-contracts/src/std/vec.rs" 254 12 254 41 + let%span span36 = "../../../../../creusot-contracts/src/std/vec.rs" 263 4 263 10 - let%span span37 = "../../../../../creusot-contracts/src/std/vec.rs" 265 15 265 32 + let%span span37 = "../../../../../creusot-contracts/src/std/vec.rs" 261 21 261 25 - let%span span38 = "../../../../../creusot-contracts/src/std/vec.rs" 266 15 266 32 + let%span span38 = "../../../../../creusot-contracts/src/std/vec.rs" 260 14 260 45 - let%span span39 = "../../../../../creusot-contracts/src/std/vec.rs" 268 22 268 23 + let%span span39 = "../../../../../creusot-contracts/src/std/vec.rs" 258 4 258 10 - let%span span40 = "../../../../../creusot-contracts/src/std/vec.rs" 268 31 268 33 + let%span span40 = "../../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 - let%span span41 = "../../../../../creusot-contracts/src/std/vec.rs" 268 43 268 44 + let%span span41 = "../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 - let%span span42 = "../../../../../creusot-contracts/src/std/vec.rs" 268 52 268 54 + let%span span42 = "../../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 - let%span span43 = "../../../../../creusot-contracts/src/std/vec.rs" 268 64 268 65 + let%span span43 = "../../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 - let%span span44 = "../../../../../creusot-contracts/src/std/vec.rs" 267 14 267 42 + let%span span44 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 - let%span span45 = "../../../../../creusot-contracts/src/std/vec.rs" 263 4 263 10 + let%span span45 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 - let%span span46 = "../../../../../creusot-contracts/src/std/vec.rs" 261 21 261 25 + let%span span46 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 - let%span span47 = "../../../../../creusot-contracts/src/std/vec.rs" 260 14 260 45 + let%span span47 = "../../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 - let%span span48 = "../../../../../creusot-contracts/src/std/vec.rs" 258 4 258 10 + let%span span48 = "../../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 - let%span span49 = "../../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 + let%span span49 = "../../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 - let%span span50 = "../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 + let%span span50 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 - let%span span51 = "../../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span span51 = "../../../../../creusot-contracts/src/resolve.rs" 17 8 17 60 - let%span span52 = "../../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span span52 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span53 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 + let%span span53 = "../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 - let%span span54 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 31 40 33 + let%span span54 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span55 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 + let%span span55 = "../06_knights_tour.rs" 109 0 110 62 - let%span span56 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 61 40 63 + let%span span56 = "../../../../../creusot-contracts/src/std/vec.rs" 239 8 239 85 - let%span span57 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 + let%span span57 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span58 = "../../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span span58 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span59 = "../../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 + let%span span59 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span60 = "../../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span span60 = "../../../../../creusot-contracts/src/logic/seq2.rs" 98 8 98 39 - let%span span61 = "../../../../../creusot-contracts/src/resolve.rs" 46 8 46 12 + let%span span61 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span62 = "../../../../../creusot-contracts/src/resolve.rs" 17 8 17 60 + let%span span62 = "" 0 0 0 0 - let%span span63 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span63 = "" 0 0 0 0 - let%span span64 = "../../../../../creusot-contracts/src/std/vec.rs" 51 8 51 85 + let%span span64 = "../../../../../creusot-contracts/src/std/vec.rs" 82 26 82 51 - let%span span65 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span65 = "../06_knights_tour.rs" 63 12 63 75 - let%span span66 = "../06_knights_tour.rs" 109 0 110 62 + let%span span66 = "../06_knights_tour.rs" 31 8 35 9 - let%span span67 = "../../../../../creusot-contracts/src/std/vec.rs" 239 8 239 85 + let%span span67 = "../06_knights_tour.rs" 68 15 68 24 - let%span span68 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span68 = "../06_knights_tour.rs" 69 15 69 32 - let%span span69 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span69 = "../06_knights_tour.rs" 50 15 50 24 - let%span span70 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span70 = "../06_knights_tour.rs" 51 4 51 44 - let%span span71 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span71 = "../06_knights_tour.rs" 12 15 12 52 - let%span span72 = "../../../../../creusot-contracts/src/logic/seq2.rs" 99 8 99 39 + let%span span72 = "../06_knights_tour.rs" 13 15 13 52 - let%span span73 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span73 = "../06_knights_tour.rs" 14 15 14 46 - let%span span74 = "" 0 0 0 0 + let%span span74 = "../06_knights_tour.rs" 15 15 15 46 - let%span span75 = "" 0 0 0 0 + let%span span75 = "../06_knights_tour.rs" 16 14 16 41 - let%span span76 = "../../../../../creusot-contracts/src/std/vec.rs" 82 26 82 51 + let%span span76 = "../06_knights_tour.rs" 17 14 17 41 - let%span span77 = "../06_knights_tour.rs" 63 12 63 75 + let%span span77 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span78 = "../06_knights_tour.rs" 31 8 35 9 + let%span span78 = "../../../../../creusot-contracts/src/std/vec.rs" 247 20 247 57 - let%span span79 = "../06_knights_tour.rs" 68 15 68 24 + let%span span79 = "" 0 0 0 0 - let%span span80 = "../06_knights_tour.rs" 69 15 69 32 + let%span span80 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 - let%span span81 = "../06_knights_tour.rs" 50 15 50 24 + let%span span81 = "" 0 0 0 0 - let%span span82 = "../06_knights_tour.rs" 51 4 51 44 + let%span span82 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span83 = "../06_knights_tour.rs" 12 15 12 52 + let%span span83 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span84 = "../06_knights_tour.rs" 13 15 13 52 + let%span span84 = "../../../../../creusot-contracts/src/std/vec.rs" 191 20 191 33 - let%span span85 = "../06_knights_tour.rs" 14 15 14 46 + let%span span85 = "../../../../../creusot-contracts/src/std/vec.rs" 185 20 185 24 - let%span span86 = "../06_knights_tour.rs" 15 15 15 46 + let%span span86 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - let%span span87 = "../06_knights_tour.rs" 16 14 16 41 + let%span span87 = "" 0 0 0 0 - let%span span88 = "../06_knights_tour.rs" 17 14 17 41 + let%span span88 = "" 0 0 0 0 - let%span span89 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span89 = "../06_knights_tour.rs" 93 10 93 28 - let%span span90 = "../../../../../creusot-contracts/src/std/vec.rs" 247 20 247 57 + let%span span90 = "../06_knights_tour.rs" 94 0 94 130 - let%span span91 = "" 0 0 0 0 + let%span span91 = "../../../../../creusot-contracts/src/std/vec.rs" 69 26 69 44 - let%span span92 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 + let%span span92 = "" 0 0 0 0 - let%span span93 = "" 0 0 0 0 + let%span span93 = "../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 - let%span span94 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span94 = "" 0 0 0 0 - let%span span95 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span95 = "" 0 0 0 0 - let%span span96 = "../../../../../creusot-contracts/src/std/vec.rs" 191 20 191 33 + let%span span96 = "../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - let%span span97 = "../../../../../creusot-contracts/src/std/vec.rs" 185 20 185 24 + let%span span97 = "../../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - let%span span98 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 + let%span span98 = "" 0 0 0 0 let%span span99 = "" 0 0 0 0 - let%span span100 = "" 0 0 0 0 + let%span span100 = "../06_knights_tour.rs" 129 11 129 22 - let%span span101 = "../06_knights_tour.rs" 93 10 93 28 + let%span span101 = "../06_knights_tour.rs" 130 10 130 30 - let%span span102 = "../06_knights_tour.rs" 94 0 94 130 + let%span span102 = "../06_knights_tour.rs" 128 0 128 8 - let%span span103 = "../../../../../creusot-contracts/src/std/vec.rs" 69 26 69 44 + let%span span103 = "../06_knights_tour.rs" 83 15 83 24 - let%span span104 = "" 0 0 0 0 + let%span span104 = "../06_knights_tour.rs" 84 15 84 32 - let%span span105 = "../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span span105 = "../06_knights_tour.rs" 85 14 85 26 - let%span span106 = "" 0 0 0 0 + let%span span106 = "../06_knights_tour.rs" 86 14 86 42 - let%span span107 = "" 0 0 0 0 + let%span span107 = "../06_knights_tour.rs" 37 15 37 28 - let%span span108 = "../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 + let%span span108 = "../06_knights_tour.rs" 38 14 38 33 - let%span span109 = "../../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 + let%span span109 = "../06_knights_tour.rs" 39 14 39 25 - let%span span110 = "" 0 0 0 0 - - let%span span111 = "" 0 0 0 0 - - let%span span112 = "../06_knights_tour.rs" 129 11 129 22 + use Alloc_Alloc_Global_Type as Global'0 - let%span span113 = "../06_knights_tour.rs" 130 10 130 30 + use prelude.prelude.UIntSize - let%span span114 = "../06_knights_tour.rs" 128 0 128 8 + use Alloc_Vec_Vec_Type as Vec'0 - let%span span115 = "../06_knights_tour.rs" 83 15 83 24 + use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - let%span span116 = "../06_knights_tour.rs" 84 15 84 32 + predicate invariant'18 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = + [%#span20] true - let%span span117 = "../06_knights_tour.rs" 85 14 85 26 + predicate inv'18 (_x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) - let%span span118 = "../06_knights_tour.rs" 86 14 86 42 + axiom inv'18 : forall x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . inv'18 x = true - let%span span119 = "../06_knights_tour.rs" 37 15 37 28 + use C06KnightsTour_Point_Type as Point'0 - let%span span120 = "../06_knights_tour.rs" 38 14 38 33 + predicate invariant'17 (self : Seq'0.t_seq (usize, Point'0.t_point)) = + [%#span20] true - let%span span121 = "../06_knights_tour.rs" 39 14 39 25 + predicate inv'17 (_x : Seq'0.t_seq (usize, Point'0.t_point)) - use prelude.prelude.UIntSize - - use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 + axiom inv'17 : forall x : Seq'0.t_seq (usize, Point'0.t_point) . inv'17 x = true predicate inv'3 (_x : Seq'0.t_seq usize) - use Alloc_Alloc_Global_Type as Global'0 - - use Alloc_Vec_Vec_Type as Vec'0 - use prelude.prelude.UIntSize use prelude.prelude.Int - constant max'0 : usize = [%#span20] (18446744073709551615 : usize) - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + constant max'0 : usize = [%#span21] (18446744073709551615 : usize) function len'1 (self : Seq'0.t_seq usize) : int - axiom len'1_spec : forall self : Seq'0.t_seq usize . ([%#span21] inv'3 self) -> ([%#span22] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq usize . [%#span22] len'1 self >= 0 - predicate inv'18 (_x : Vec'0.t_vec usize (Global'0.t_global)) + predicate inv'16 (_x : Vec'0.t_vec usize (Global'0.t_global)) function shallow_model'2 (self : Vec'0.t_vec usize (Global'0.t_global)) : Seq'0.t_seq usize - axiom shallow_model'2_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span23] inv'18 self) - -> ([%#span25] inv'3 (shallow_model'2 self)) - && ([%#span24] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) - - predicate invariant'18 (self : Vec'0.t_vec usize (Global'0.t_global)) = - [%#span26] inv'3 (shallow_model'2 self) - - axiom inv'18 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'18 x = true - - predicate invariant'17 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = - [%#span27] true + axiom shallow_model'2_spec : forall self : Vec'0.t_vec usize (Global'0.t_global) . ([%#span23] inv'16 self) + -> ([%#span24] len'1 (shallow_model'2 self) <= UIntSize.to_int (max'0 : usize)) - predicate inv'17 (_x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) + predicate invariant'16 (self : Vec'0.t_vec usize (Global'0.t_global)) = + [%#span25] inv'3 (shallow_model'2 self) - axiom inv'17 : forall x : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . inv'17 x = true - - use seq.Seq + axiom inv'16 : forall x : Vec'0.t_vec usize (Global'0.t_global) . inv'16 x = true function len'2 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) : int - axiom len'2_spec : forall self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . ([%#span21] inv'17 self) - -> ([%#span22] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) . [%#span22] len'2 self >= 0 - predicate inv'16 (_x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) + predicate inv'15 (_x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) function shallow_model'1 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) - axiom shallow_model'1_spec : forall self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . ([%#span23] inv'16 self) - -> ([%#span25] inv'17 (shallow_model'1 self)) - && ([%#span24] len'2 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) - - predicate invariant'16 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) = - [%#span26] inv'17 (shallow_model'1 self) + axiom shallow_model'1_spec : forall self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . ([%#span23] inv'15 self) + -> ([%#span24] len'2 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) - axiom inv'16 : forall x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . inv'16 x = true + predicate invariant'15 (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) = + [%#span25] inv'18 (shallow_model'1 self) - use C06KnightsTour_Point_Type as Point'0 + axiom inv'15 : forall x : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global) . inv'15 x = true - predicate invariant'15 (self : (usize, Point'0.t_point)) = - [%#span27] true + predicate invariant'14 (self : (usize, Point'0.t_point)) = + [%#span20] true - predicate inv'15 (_x : (usize, Point'0.t_point)) + predicate inv'14 (_x : (usize, Point'0.t_point)) - axiom inv'15 : forall x : (usize, Point'0.t_point) . inv'15 x = true + axiom inv'14 : forall x : (usize, Point'0.t_point) . inv'14 x = true use prelude.prelude.Borrow - predicate invariant'14 (self : borrowed (Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global))) = - [%#span27] true + predicate invariant'13 (self : borrowed (Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global))) = + [%#span20] true - predicate inv'14 (_x : borrowed (Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global))) + predicate inv'13 (_x : borrowed (Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global))) - axiom inv'14 : forall x : borrowed (Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global)) . inv'14 x = true + axiom inv'13 : forall x : borrowed (Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global)) . inv'13 x = true use prelude.prelude.IntSize - predicate invariant'13 (self : (isize, isize)) = - [%#span27] true + predicate invariant'12 (self : (isize, isize)) = + [%#span20] true - predicate inv'13 (_x : (isize, isize)) + predicate inv'12 (_x : (isize, isize)) - axiom inv'13 : forall x : (isize, isize) . inv'13 x = true + axiom inv'12 : forall x : (isize, isize) . inv'12 x = true use Core_Option_Option_Type as Option'0 - predicate invariant'12 (self : Option'0.t_option (isize, isize)) = - [%#span27] true + predicate invariant'11 (self : Option'0.t_option (isize, isize)) = + [%#span20] true - predicate inv'12 (_x : Option'0.t_option (isize, isize)) + predicate inv'11 (_x : Option'0.t_option (isize, isize)) - axiom inv'12 : forall x : Option'0.t_option (isize, isize) . inv'12 x = true + axiom inv'11 : forall x : Option'0.t_option (isize, isize) . inv'11 x = true use Alloc_Vec_IntoIter_IntoIter_Type as IntoIter'0 - predicate invariant'11 (self : borrowed (IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global))) = - [%#span27] true - - predicate inv'11 (_x : borrowed (IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global))) + predicate invariant'10 (self : borrowed (IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global))) = + [%#span20] true - axiom inv'11 : forall x : borrowed (IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) . inv'11 x = true + predicate inv'10 (_x : borrowed (IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global))) - predicate invariant'10 (self : Seq'0.t_seq (usize, Point'0.t_point)) = - [%#span27] true - - predicate inv'10 (_x : Seq'0.t_seq (usize, Point'0.t_point)) - - axiom inv'10 : forall x : Seq'0.t_seq (usize, Point'0.t_point) . inv'10 x = true + axiom inv'10 : forall x : borrowed (IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) . inv'10 x = true predicate invariant'9 (self : Seq'0.t_seq (isize, isize)) = - [%#span27] true + [%#span20] true predicate inv'9 (_x : Seq'0.t_seq (isize, isize)) axiom inv'9 : forall x : Seq'0.t_seq (isize, isize) . inv'9 x = true - use seq.Seq - function len'3 (self : Seq'0.t_seq (isize, isize)) : int - axiom len'3_spec : forall self : Seq'0.t_seq (isize, isize) . ([%#span21] inv'9 self) -> ([%#span22] len'3 self >= 0) + axiom len'3_spec : forall self : Seq'0.t_seq (isize, isize) . [%#span22] len'3 self >= 0 predicate inv'8 (_x : Vec'0.t_vec (isize, isize) (Global'0.t_global)) function shallow_model'3 (self : Vec'0.t_vec (isize, isize) (Global'0.t_global)) : Seq'0.t_seq (isize, isize) axiom shallow_model'3_spec : forall self : Vec'0.t_vec (isize, isize) (Global'0.t_global) . ([%#span23] inv'8 self) - -> ([%#span25] inv'9 (shallow_model'3 self)) - && ([%#span24] len'3 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) + -> ([%#span24] len'3 (shallow_model'3 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'8 (self : Vec'0.t_vec (isize, isize) (Global'0.t_global)) = - [%#span26] inv'9 (shallow_model'3 self) + [%#span25] inv'9 (shallow_model'3 self) axiom inv'8 : forall x : Vec'0.t_vec (isize, isize) (Global'0.t_global) . inv'8 x = true - use seq.Seq - function len'0 (self : Seq'0.t_seq (usize, Point'0.t_point)) : int - axiom len'0_spec : forall self : Seq'0.t_seq (usize, Point'0.t_point) . ([%#span21] inv'10 self) - -> ([%#span22] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq (usize, Point'0.t_point) . [%#span22] len'0 self >= 0 predicate inv'7 (_x : Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global)) @@ -3485,23 +3188,22 @@ module C06KnightsTour_KnightsTour axiom shallow_model'0_spec : forall self : Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global) . ([%#span23] inv'7 self) - -> ([%#span25] inv'10 (shallow_model'0 self)) - && ([%#span24] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + -> ([%#span24] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'7 (self : Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global)) = - [%#span26] inv'10 (shallow_model'0 self) + [%#span25] inv'17 (shallow_model'0 self) axiom inv'7 : forall x : Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global) . inv'7 x = true predicate invariant'6 (self : usize) = - [%#span27] true + [%#span20] true predicate inv'6 (_x : usize) axiom inv'6 : forall x : usize . inv'6 x = true predicate invariant'5 (self : Option'0.t_option usize) = - [%#span27] true + [%#span20] true predicate inv'5 (_x : Option'0.t_option usize) @@ -3510,55 +3212,48 @@ module C06KnightsTour_KnightsTour use Core_Ops_Range_Range_Type as Range'0 predicate invariant'4 (self : borrowed (Range'0.t_range usize)) = - [%#span27] true + [%#span20] true predicate inv'4 (_x : borrowed (Range'0.t_range usize)) axiom inv'4 : forall x : borrowed (Range'0.t_range usize) . inv'4 x = true - constant empty'3 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) = [%#span28] () + constant empty'3 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global)) - function empty_len'3 (_1 : ()) : () = - [%#span30] () + function empty_len'3 (_1 : ()) : () - axiom empty_len'3_spec : forall _1 : () . [%#span29] len'2 (empty'3 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) + axiom empty_len'3_spec : forall _1 : () . [%#span26] len'2 (empty'3 : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) = 0 predicate invariant'3 (self : Seq'0.t_seq usize) = - [%#span27] true + [%#span20] true axiom inv'3 : forall x : Seq'0.t_seq usize . inv'3 x = true predicate invariant'2 (self : ()) = - [%#span27] true + [%#span20] true predicate inv'2 (_x : ()) axiom inv'2 : forall x : () . inv'2 x = true - constant empty'2 : Seq'0.t_seq (usize, Point'0.t_point) = [%#span28] () + constant empty'2 : Seq'0.t_seq (usize, Point'0.t_point) - function empty_len'2 (_1 : ()) : () = - [%#span30] () + function empty_len'2 (_1 : ()) : () - axiom empty_len'2_spec : forall _1 : () . [%#span29] len'0 (empty'2 : Seq'0.t_seq (usize, Point'0.t_point)) = 0 + axiom empty_len'2_spec : forall _1 : () . [%#span26] len'0 (empty'2 : Seq'0.t_seq (usize, Point'0.t_point)) = 0 - use seq.Seq - - use seq.Seq - - function index_logic'5 (self : Seq'0.t_seq (isize, isize)) (x : int) : (isize, isize) + function index_logic'5 (self : Seq'0.t_seq (isize, isize)) (_2 : int) : (isize, isize) function concat'1 (self : Seq'0.t_seq (isize, isize)) (other : Seq'0.t_seq (isize, isize)) : Seq'0.t_seq (isize, isize) - axiom concat'1_spec : forall self : Seq'0.t_seq (isize, isize), other : Seq'0.t_seq (isize, isize) . ([%#span31] inv'9 self) - -> ([%#span32] inv'9 other) - -> ([%#span35] inv'9 (concat'1 self other)) - && ([%#span34] forall i : int . 0 <= i /\ i < len'3 (concat'1 self other) + axiom concat'1_spec : forall self : Seq'0.t_seq (isize, isize), other : Seq'0.t_seq (isize, isize) . ([%#span28] forall i : int . 0 + <= i + /\ i < len'3 (concat'1 self other) -> index_logic'5 (concat'1 self other) i = (if i < len'3 self then index_logic'5 self i else index_logic'5 other (i - len'3 self))) - && ([%#span33] len'3 (concat'1 self other) = len'3 self + len'3 other) + && ([%#span27] len'3 (concat'1 self other) = len'3 self + len'3 other) predicate inv'1 (_x : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) @@ -3568,65 +3263,56 @@ module C06KnightsTour_KnightsTour predicate produces'1 (self : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) (visited : Seq'0.t_seq (isize, isize)) (rhs : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) = - [%#span36] shallow_model'4 self = concat'1 visited (shallow_model'4 rhs) + [%#span29] shallow_model'4 self = concat'1 visited (shallow_model'4 rhs) function produces_trans'1 (a : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) (ab : Seq'0.t_seq (isize, isize)) (b : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) (bc : Seq'0.t_seq (isize, isize)) (c : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) : () = - [%#span45] () + [%#span36] () - axiom produces_trans'1_spec : forall a : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global), ab : Seq'0.t_seq (isize, isize), b : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global), bc : Seq'0.t_seq (isize, isize), c : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global) . ([%#span37] produces'1 a ab b) - -> ([%#span38] produces'1 b bc c) - -> ([%#span39] inv'1 a) - -> ([%#span40] inv'9 ab) - -> ([%#span41] inv'1 b) - -> ([%#span42] inv'9 bc) -> ([%#span43] inv'1 c) -> ([%#span44] produces'1 a (concat'1 ab bc) c) + axiom produces_trans'1_spec : forall a : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global), ab : Seq'0.t_seq (isize, isize), b : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global), bc : Seq'0.t_seq (isize, isize), c : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global) . ([%#span30] produces'1 a ab b) + -> ([%#span31] produces'1 b bc c) + -> ([%#span32] inv'1 a) + -> ([%#span33] inv'1 b) -> ([%#span34] inv'1 c) -> ([%#span35] produces'1 a (concat'1 ab bc) c) - constant empty'1 : Seq'0.t_seq (isize, isize) = [%#span28] () + constant empty'1 : Seq'0.t_seq (isize, isize) function produces_refl'1 (self : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) : () = - [%#span48] () + [%#span39] () - axiom produces_refl'1_spec : forall self : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global) . ([%#span46] inv'1 self) - -> ([%#span47] produces'1 self (empty'1 : Seq'0.t_seq (isize, isize)) self) + axiom produces_refl'1_spec : forall self : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global) . ([%#span37] inv'1 self) + -> ([%#span38] produces'1 self (empty'1 : Seq'0.t_seq (isize, isize)) self) predicate invariant'1 (self : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) = - [%#span27] true + [%#span20] true axiom inv'1 : forall x : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global) . inv'1 x = true - function empty_len'1 (_1 : ()) : () = - [%#span30] () - - axiom empty_len'1_spec : forall _1 : () . [%#span29] len'3 (empty'1 : Seq'0.t_seq (isize, isize)) = 0 + function empty_len'1 (_1 : ()) : () - use seq.Seq + axiom empty_len'1_spec : forall _1 : () . [%#span26] len'3 (empty'1 : Seq'0.t_seq (isize, isize)) = 0 - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq usize) (x : int) : usize + function index_logic'1 (self : Seq'0.t_seq usize) (_2 : int) : usize function concat'0 (self : Seq'0.t_seq usize) (other : Seq'0.t_seq usize) : Seq'0.t_seq usize - axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span31] inv'3 self) - -> ([%#span32] inv'3 other) - -> ([%#span35] inv'3 (concat'0 self other)) - && ([%#span34] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span28] forall i : int . 0 <= i + /\ i < len'1 (concat'0 self other) -> index_logic'1 (concat'0 self other) i = (if i < len'1 self then index_logic'1 self i else index_logic'1 other (i - len'1 self))) - && ([%#span33] len'1 (concat'0 self other) = len'1 self + len'1 other) + && ([%#span27] len'1 (concat'0 self other) = len'1 self + len'1 other) predicate inv'0 (_x : Range'0.t_range usize) use prelude.prelude.Int function deep_model'0 (self : usize) : int = - [%#span49] UIntSize.to_int self + [%#span40] UIntSize.to_int self use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type predicate produces'0 (self : Range'0.t_range usize) (visited : Seq'0.t_seq usize) (o : Range'0.t_range usize) = - [%#span50] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o + [%#span41] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start self) <= deep_model'0 (Core_Ops_Range_Range_Type.range_start o) /\ (len'1 visited > 0 @@ -3639,29 +3325,26 @@ module C06KnightsTour_KnightsTour function produces_trans'0 (a : Range'0.t_range usize) (ab : Seq'0.t_seq usize) (b : Range'0.t_range usize) (bc : Seq'0.t_seq usize) (c : Range'0.t_range usize) : () - axiom produces_trans'0_spec : forall a : Range'0.t_range usize, ab : Seq'0.t_seq usize, b : Range'0.t_range usize, bc : Seq'0.t_seq usize, c : Range'0.t_range usize . ([%#span51] produces'0 a ab b) - -> ([%#span52] produces'0 b bc c) - -> ([%#span53] inv'0 a) - -> ([%#span54] inv'3 ab) - -> ([%#span55] inv'0 b) - -> ([%#span56] inv'3 bc) -> ([%#span57] inv'0 c) -> ([%#span58] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : Range'0.t_range usize, ab : Seq'0.t_seq usize, b : Range'0.t_range usize, bc : Seq'0.t_seq usize, c : Range'0.t_range usize . ([%#span42] produces'0 a ab b) + -> ([%#span43] produces'0 b bc c) + -> ([%#span44] inv'0 a) + -> ([%#span45] inv'0 b) -> ([%#span46] inv'0 c) -> ([%#span47] produces'0 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq usize = [%#span28] () + constant empty'0 : Seq'0.t_seq usize function produces_refl'0 (self : Range'0.t_range usize) : () - axiom produces_refl'0_spec : forall self : Range'0.t_range usize . ([%#span59] inv'0 self) - -> ([%#span60] produces'0 self (empty'0 : Seq'0.t_seq usize) self) + axiom produces_refl'0_spec : forall self : Range'0.t_range usize . ([%#span48] inv'0 self) + -> ([%#span49] produces'0 self (empty'0 : Seq'0.t_seq usize) self) predicate invariant'0 (self : Range'0.t_range usize) = - [%#span27] true + [%#span20] true axiom inv'0 : forall x : Range'0.t_range usize . inv'0 x = true - function empty_len'0 (_1 : ()) : () = - [%#span30] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span29] len'1 (empty'0 : Seq'0.t_seq usize) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span26] len'1 (empty'0 : Seq'0.t_seq usize) = 0 use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 @@ -3670,82 +3353,74 @@ module C06KnightsTour_KnightsTour use C06KnightsTour_Board_Type as Board'0 predicate resolve'8 (self : Point'0.t_point) = - [%#span61] true + [%#span50] true predicate resolve'7 (self : usize) = - [%#span61] true + [%#span50] true predicate resolve'6 (self : (usize, Point'0.t_point)) = - [%#span62] resolve'7 (let (a, _) = self in a) /\ resolve'8 (let (_, a) = self in a) - - use seq.Seq + [%#span51] resolve'7 (let (a, _) = self in a) /\ resolve'8 (let (_, a) = self in a) - function index_logic'4 (self : Seq'0.t_seq (usize, Point'0.t_point)) (x : int) : (usize, Point'0.t_point) + function index_logic'4 (self : Seq'0.t_seq (usize, Point'0.t_point)) (_2 : int) : (usize, Point'0.t_point) function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global)) (ix : int) : (usize, Point'0.t_point) = - [%#span63] index_logic'4 (shallow_model'0 self) ix + [%#span52] index_logic'4 (shallow_model'0 self) ix predicate resolve'4 (self : Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global)) = - [%#span64] forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 self) -> resolve'6 (index_logic'0 self i) + [%#span53] forall i : int . 0 <= i /\ i < len'0 (shallow_model'0 self) -> resolve'6 (index_logic'0 self i) function shallow_model'6 (self : Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global)) : Seq'0.t_seq (usize, Point'0.t_point) = - [%#span65] shallow_model'0 self + [%#span54] shallow_model'0 self let rec min'0 (v:Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global)) (return' (ret:Option'0.t_option (usize, Point'0.t_point)))= any - [ return' (result:Option'0.t_option (usize, Point'0.t_point))-> {[%#span66] forall r : (usize, Point'0.t_point) . result + [ return' (result:Option'0.t_option (usize, Point'0.t_point))-> {[%#span55] forall r : (usize, Point'0.t_point) . result = Option'0.C_Some r -> (exists i : int . 0 <= i /\ i < len'0 (shallow_model'6 v) /\ index_logic'0 v i = r)} (! return' {result}) ] predicate resolve'5 (self : isize) = - [%#span61] true + [%#span50] true predicate resolve'2 (self : (isize, isize)) = - [%#span62] resolve'5 (let (a, _) = self in a) /\ resolve'5 (let (_, a) = self in a) + [%#span51] resolve'5 (let (a, _) = self in a) /\ resolve'5 (let (_, a) = self in a) predicate resolve'3 (self : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) = - [%#span67] forall i : int . 0 <= i /\ i < len'3 (shallow_model'4 self) + [%#span56] forall i : int . 0 <= i /\ i < len'3 (shallow_model'4 self) -> resolve'2 (index_logic'5 (shallow_model'4 self) i) - use seq.Seq - function concat'2 (self : Seq'0.t_seq (usize, Point'0.t_point)) (other : Seq'0.t_seq (usize, Point'0.t_point)) : Seq'0.t_seq (usize, Point'0.t_point) - axiom concat'2_spec : forall self : Seq'0.t_seq (usize, Point'0.t_point), other : Seq'0.t_seq (usize, Point'0.t_point) . ([%#span31] inv'10 self) - -> ([%#span32] inv'10 other) - -> ([%#span35] inv'10 (concat'2 self other)) - && ([%#span34] forall i : int . 0 <= i /\ i < len'0 (concat'2 self other) + axiom concat'2_spec : forall self : Seq'0.t_seq (usize, Point'0.t_point), other : Seq'0.t_seq (usize, Point'0.t_point) . ([%#span28] forall i : int . 0 + <= i + /\ i < len'0 (concat'2 self other) -> index_logic'4 (concat'2 self other) i = (if i < len'0 self then index_logic'4 self i else index_logic'4 other (i - len'0 self))) - && ([%#span33] len'0 (concat'2 self other) = len'0 self + len'0 other) - - use seq.Seq + && ([%#span27] len'0 (concat'2 self other) = len'0 self + len'0 other) function singleton'2 (v : (usize, Point'0.t_point)) : Seq'0.t_seq (usize, Point'0.t_point) - axiom singleton'2_spec : forall v : (usize, Point'0.t_point) . ([%#span68] inv'15 v) - -> ([%#span71] inv'10 (singleton'2 v)) - && ([%#span70] index_logic'4 (singleton'2 v) 0 = v) && ([%#span69] len'0 (singleton'2 v) = 1) + axiom singleton'2_spec : forall v : (usize, Point'0.t_point) . ([%#span57] inv'14 v) + -> ([%#span59] index_logic'4 (singleton'2 v) 0 = v) && ([%#span58] len'0 (singleton'2 v) = 1) function push'1 [@inline:trivial] (self : Seq'0.t_seq (usize, Point'0.t_point)) (v : (usize, Point'0.t_point)) : Seq'0.t_seq (usize, Point'0.t_point) = - [%#span72] concat'2 self (singleton'2 v) + [%#span60] concat'2 self (singleton'2 v) function shallow_model'5 (self : borrowed (Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global))) : Seq'0.t_seq (usize, Point'0.t_point) = - [%#span73] shallow_model'0 ( * self) + [%#span61] shallow_model'0 ( * self) - let rec push'0 (self:borrowed (Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global))) (value:(usize, Point'0.t_point)) (return' (ret:()))= {[@expl:precondition] [%#span75] inv'15 value} - {[@expl:precondition] [%#span74] inv'14 self} + let rec push'0 (self:borrowed (Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global))) (value:(usize, Point'0.t_point)) (return' (ret:()))= {[@expl:precondition] [%#span63] inv'14 value} + {[@expl:precondition] [%#span62] inv'13 self} any - [ return' (result:())-> {[%#span76] shallow_model'0 ( ^ self) = push'1 (shallow_model'5 self) value} + [ return' (result:())-> {[%#span64] shallow_model'0 ( ^ self) = push'1 (shallow_model'5 self) value} (! return' {result}) ] @@ -3756,78 +3431,73 @@ module C06KnightsTour_KnightsTour use prelude.prelude.IntSize predicate in_bounds'0 [#"../06_knights_tour.rs" 61 4 61 40] (self : Board'0.t_board) (p : Point'0.t_point) = - [%#span77] 0 <= IntSize.to_int (C06KnightsTour_Point_Type.point_x p) + [%#span65] 0 <= IntSize.to_int (C06KnightsTour_Point_Type.point_x p) /\ IntSize.to_int (C06KnightsTour_Point_Type.point_x p) < UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) /\ 0 <= IntSize.to_int (C06KnightsTour_Point_Type.point_y p) /\ IntSize.to_int (C06KnightsTour_Point_Type.point_y p) < UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) - use seq.Seq - - function index_logic'6 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (x : int) : Vec'0.t_vec usize (Global'0.t_global) + function index_logic'6 (self : Seq'0.t_seq (Vec'0.t_vec usize (Global'0.t_global))) (_2 : int) : Vec'0.t_vec usize (Global'0.t_global) function index_logic'2 [@inline:trivial] (self : Vec'0.t_vec (Vec'0.t_vec usize (Global'0.t_global)) (Global'0.t_global)) (ix : int) : Vec'0.t_vec usize (Global'0.t_global) = - [%#span63] index_logic'6 (shallow_model'1 self) ix + [%#span52] index_logic'6 (shallow_model'1 self) ix predicate wf'0 [#"../06_knights_tour.rs" 30 4 30 23] (self : Board'0.t_board) = - [%#span78] UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) <= 1000 + [%#span66] UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) <= 1000 /\ len'2 (shallow_model'1 (C06KnightsTour_Board_Type.board_field self)) = UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int (C06KnightsTour_Board_Type.board_size self) -> len'1 (shallow_model'2 (index_logic'2 (C06KnightsTour_Board_Type.board_field self) i)) = UIntSize.to_int (C06KnightsTour_Board_Type.board_size self)) - let rec count_degree'0 (self:Board'0.t_board) (p:Point'0.t_point) (return' (ret:usize))= {[@expl:precondition] [%#span80] in_bounds'0 self p} - {[@expl:precondition] [%#span79] wf'0 self} + let rec count_degree'0 (self:Board'0.t_board) (p:Point'0.t_point) (return' (ret:usize))= {[@expl:precondition] [%#span68] in_bounds'0 self p} + {[@expl:precondition] [%#span67] wf'0 self} any [ return' (result:usize)-> (! return' {result}) ] - let rec available'0 (self:Board'0.t_board) (p:Point'0.t_point) (return' (ret:bool))= {[@expl:precondition] [%#span81] wf'0 self} - any [ return' (result:bool)-> {[%#span82] result -> in_bounds'0 self p} (! return' {result}) ] + let rec available'0 (self:Board'0.t_board) (p:Point'0.t_point) (return' (ret:bool))= {[@expl:precondition] [%#span69] wf'0 self} + any [ return' (result:bool)-> {[%#span70] result -> in_bounds'0 self p} (! return' {result}) ] - let rec mov'0 (self:Point'0.t_point) (p:(isize, isize)) (return' (ret:Point'0.t_point))= {[@expl:precondition] [%#span86] - 10000 + let rec mov'0 (self:Point'0.t_point) (p:(isize, isize)) (return' (ret:Point'0.t_point))= {[@expl:precondition] [%#span74] - 10000 <= IntSize.to_int (let (_, a) = p in a) /\ IntSize.to_int (let (_, a) = p in a) <= 10000} - {[@expl:precondition] [%#span85] - 10000 <= IntSize.to_int (let (a, _) = p in a) + {[@expl:precondition] [%#span73] - 10000 <= IntSize.to_int (let (a, _) = p in a) /\ IntSize.to_int (let (a, _) = p in a) <= 10000} - {[@expl:precondition] [%#span84] - 10000 <= IntSize.to_int (C06KnightsTour_Point_Type.point_y self) + {[@expl:precondition] [%#span72] - 10000 <= IntSize.to_int (C06KnightsTour_Point_Type.point_y self) /\ IntSize.to_int (C06KnightsTour_Point_Type.point_y self) <= 10000} - {[@expl:precondition] [%#span83] - 10000 <= IntSize.to_int (C06KnightsTour_Point_Type.point_x self) + {[@expl:precondition] [%#span71] - 10000 <= IntSize.to_int (C06KnightsTour_Point_Type.point_x self) /\ IntSize.to_int (C06KnightsTour_Point_Type.point_x self) <= 10000} any - [ return' (result:Point'0.t_point)-> {[%#span88] IntSize.to_int (C06KnightsTour_Point_Type.point_y result) + [ return' (result:Point'0.t_point)-> {[%#span76] IntSize.to_int (C06KnightsTour_Point_Type.point_y result) = IntSize.to_int (C06KnightsTour_Point_Type.point_y self) + IntSize.to_int (let (_, a) = p in a)} - {[%#span87] IntSize.to_int (C06KnightsTour_Point_Type.point_x result) + {[%#span75] IntSize.to_int (C06KnightsTour_Point_Type.point_x result) = IntSize.to_int (C06KnightsTour_Point_Type.point_x self) + IntSize.to_int (let (a, _) = p in a)} (! return' {result}) ] - use seq.Seq - function singleton'1 (v : (isize, isize)) : Seq'0.t_seq (isize, isize) - axiom singleton'1_spec : forall v : (isize, isize) . ([%#span68] inv'13 v) - -> ([%#span71] inv'9 (singleton'1 v)) - && ([%#span70] index_logic'5 (singleton'1 v) 0 = v) && ([%#span69] len'3 (singleton'1 v) = 1) + axiom singleton'1_spec : forall v : (isize, isize) . ([%#span57] inv'12 v) + -> ([%#span59] index_logic'5 (singleton'1 v) 0 = v) && ([%#span58] len'3 (singleton'1 v) = 1) predicate resolve'1 (self : borrowed (IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global))) = - [%#span89] ^ self = * self + [%#span77] ^ self = * self function shallow_model'7 (self : borrowed (IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global))) : Seq'0.t_seq (isize, isize) = - [%#span73] shallow_model'4 ( * self) + [%#span61] shallow_model'4 ( * self) predicate completed'1 (self : borrowed (IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global))) = - [%#span90] resolve'1 self /\ shallow_model'7 self = (empty'1 : Seq'0.t_seq (isize, isize)) + [%#span78] resolve'1 self /\ shallow_model'7 self = (empty'1 : Seq'0.t_seq (isize, isize)) - let rec next'1 (self:borrowed (IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global))) (return' (ret:Option'0.t_option (isize, isize)))= {[@expl:precondition] [%#span91] inv'11 self} + let rec next'1 (self:borrowed (IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global))) (return' (ret:Option'0.t_option (isize, isize)))= {[@expl:precondition] [%#span79] inv'10 self} any - [ return' (result:Option'0.t_option (isize, isize))-> {[%#span93] inv'12 result} - {[%#span92] match result with + [ return' (result:Option'0.t_option (isize, isize))-> {[%#span81] inv'11 result} + {[%#span80] match result with | Option'0.C_None -> completed'1 self | Option'0.C_Some v -> produces'1 ( * self) (singleton'1 v) ( ^ self) end} @@ -3846,71 +3516,68 @@ module C06KnightsTour_KnightsTour function new'6 (x : Seq'0.t_seq (isize, isize)) : Snapshot'0.t_snapshot (Seq'0.t_seq (isize, isize)) - axiom new'6_spec : forall x : Seq'0.t_seq (isize, isize) . ([%#span94] inv'9 x) -> ([%#span95] deref'4 (new'6 x) = x) + axiom new'6_spec : forall x : Seq'0.t_seq (isize, isize) . ([%#span82] inv'9 x) -> ([%#span83] deref'4 (new'6 x) = x) function new'5 (x : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) : Snapshot'0.t_snapshot (IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) - axiom new'5_spec : forall x : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global) . ([%#span94] inv'1 x) - -> ([%#span95] deref'3 (new'5 x) = x) + axiom new'5_spec : forall x : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global) . ([%#span82] inv'1 x) + -> ([%#span83] deref'3 (new'5 x) = x) predicate into_iter_post'1 (self : Vec'0.t_vec (isize, isize) (Global'0.t_global)) (res : IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)) = - [%#span96] shallow_model'3 self = shallow_model'4 res + [%#span84] shallow_model'3 self = shallow_model'4 res predicate into_iter_pre'1 (self : Vec'0.t_vec (isize, isize) (Global'0.t_global)) = - [%#span97] true + [%#span85] true - let rec into_iter'1 (self:Vec'0.t_vec (isize, isize) (Global'0.t_global)) (return' (ret:IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)))= {[@expl:precondition] [%#span99] inv'8 self} - {[@expl:precondition] [%#span98] into_iter_pre'1 self} + let rec into_iter'1 (self:Vec'0.t_vec (isize, isize) (Global'0.t_global)) (return' (ret:IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global)))= {[@expl:precondition] [%#span87] inv'8 self} + {[@expl:precondition] [%#span86] into_iter_pre'1 self} any - [ return' (result:IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global))-> {[%#span100] inv'1 result} - {[%#span98] into_iter_post'1 self result} + [ return' (result:IntoIter'0.t_intoiter (isize, isize) (Global'0.t_global))-> {[%#span88] inv'1 result} + {[%#span86] into_iter_post'1 self result} (! return' {result}) ] function index_logic'3 [@inline:trivial] (self : Vec'0.t_vec (isize, isize) (Global'0.t_global)) (ix : int) : (isize, isize) = - [%#span63] index_logic'5 (shallow_model'3 self) ix + [%#span52] index_logic'5 (shallow_model'3 self) ix let rec moves'0 (_1:()) (return' (ret:Vec'0.t_vec (isize, isize) (Global'0.t_global)))= any - [ return' (result:Vec'0.t_vec (isize, isize) (Global'0.t_global))-> {[%#span102] forall i : int . 0 <= i /\ i < 8 + [ return' (result:Vec'0.t_vec (isize, isize) (Global'0.t_global))-> {[%#span90] forall i : int . 0 <= i /\ i < 8 -> - 2 <= IntSize.to_int (let (a, _) = index_logic'3 result i in a) /\ IntSize.to_int (let (a, _) = index_logic'3 result i in a) <= 2 /\ - 2 <= IntSize.to_int (let (_, a) = index_logic'3 result i in a) /\ IntSize.to_int (let (_, a) = index_logic'3 result i in a) <= 2} - {[%#span101] len'3 (shallow_model'3 result) = 8} + {[%#span89] len'3 (shallow_model'3 result) = 8} (! return' {result}) ] let rec new'4 (_1:()) (return' (ret:Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global)))= any - [ return' (result:Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global))-> {[%#span104] inv'7 result} - {[%#span103] len'0 (shallow_model'0 result) = 0} + [ return' (result:Vec'0.t_vec (usize, Point'0.t_point) (Global'0.t_global))-> {[%#span92] inv'7 result} + {[%#span91] len'0 (shallow_model'0 result) = 0} (! return' {result}) ] - use seq.Seq - function singleton'0 (v : usize) : Seq'0.t_seq usize - axiom singleton'0_spec : forall v : usize . ([%#span68] inv'6 v) - -> ([%#span71] inv'3 (singleton'0 v)) - && ([%#span70] index_logic'1 (singleton'0 v) 0 = v) && ([%#span69] len'1 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : usize . ([%#span57] inv'6 v) + -> ([%#span59] index_logic'1 (singleton'0 v) 0 = v) && ([%#span58] len'1 (singleton'0 v) = 1) predicate resolve'0 (self : borrowed (Range'0.t_range usize)) = - [%#span89] ^ self = * self + [%#span77] ^ self = * self predicate completed'0 (self : borrowed (Range'0.t_range usize)) = - [%#span105] resolve'0 self + [%#span93] resolve'0 self /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start ( * self)) >= deep_model'0 (Core_Ops_Range_Range_Type.range_end ( * self)) - let rec next'0 (self:borrowed (Range'0.t_range usize)) (return' (ret:Option'0.t_option usize))= {[@expl:precondition] [%#span106] inv'4 self} + let rec next'0 (self:borrowed (Range'0.t_range usize)) (return' (ret:Option'0.t_option usize))= {[@expl:precondition] [%#span94] inv'4 self} any - [ return' (result:Option'0.t_option usize)-> {[%#span107] inv'5 result} - {[%#span92] match result with + [ return' (result:Option'0.t_option usize)-> {[%#span95] inv'5 result} + {[%#span80] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} @@ -3927,23 +3594,23 @@ module C06KnightsTour_KnightsTour function new'3 (x : Seq'0.t_seq usize) : Snapshot'0.t_snapshot (Seq'0.t_seq usize) - axiom new'3_spec : forall x : Seq'0.t_seq usize . ([%#span94] inv'3 x) -> ([%#span95] deref'2 (new'3 x) = x) + axiom new'3_spec : forall x : Seq'0.t_seq usize . ([%#span82] inv'3 x) -> ([%#span83] deref'2 (new'3 x) = x) function new'2 (x : Range'0.t_range usize) : Snapshot'0.t_snapshot (Range'0.t_range usize) - axiom new'2_spec : forall x : Range'0.t_range usize . ([%#span94] inv'0 x) -> ([%#span95] deref'1 (new'2 x) = x) + axiom new'2_spec : forall x : Range'0.t_range usize . ([%#span82] inv'0 x) -> ([%#span83] deref'1 (new'2 x) = x) predicate into_iter_post'0 (self : Range'0.t_range usize) (res : Range'0.t_range usize) = - [%#span108] self = res + [%#span96] self = res predicate into_iter_pre'0 (self : Range'0.t_range usize) = - [%#span109] true + [%#span97] true - let rec into_iter'0 (self:Range'0.t_range usize) (return' (ret:Range'0.t_range usize))= {[@expl:precondition] [%#span110] inv'0 self} - {[@expl:precondition] [%#span98] into_iter_pre'0 self} + let rec into_iter'0 (self:Range'0.t_range usize) (return' (ret:Range'0.t_range usize))= {[@expl:precondition] [%#span98] inv'0 self} + {[@expl:precondition] [%#span86] into_iter_pre'0 self} any - [ return' (result:Range'0.t_range usize)-> {[%#span111] inv'0 result} - {[%#span98] into_iter_post'0 self result} + [ return' (result:Range'0.t_range usize)-> {[%#span99] inv'0 result} + {[%#span86] into_iter_post'0 self result} (! return' {result}) ] @@ -3951,28 +3618,28 @@ module C06KnightsTour_KnightsTour function new'1 (x : ()) : Snapshot'0.t_snapshot () - axiom new'1_spec : forall x : () . ([%#span94] inv'2 x) -> ([%#span95] deref'0 (new'1 x) = x) + axiom new'1_spec : forall x : () . ([%#span82] inv'2 x) -> ([%#span83] deref'0 (new'1 x) = x) function dumb_nonlinear_arith'0 [#"../06_knights_tour.rs" 131 0 131 33] (a : usize) : () = - [%#span114] () + [%#span102] () - axiom dumb_nonlinear_arith'0_spec : forall a : usize . ([%#span112] UIntSize.to_int a <= 1000) - -> ([%#span113] UIntSize.to_int a * UIntSize.to_int a <= 1000000) + axiom dumb_nonlinear_arith'0_spec : forall a : usize . ([%#span100] UIntSize.to_int a <= 1000) + -> ([%#span101] UIntSize.to_int a * UIntSize.to_int a <= 1000000) - let rec set'0 (self:borrowed (Board'0.t_board)) (p:Point'0.t_point) (v:usize) (return' (ret:()))= {[@expl:precondition] [%#span116] in_bounds'0 ( * self) p} - {[@expl:precondition] [%#span115] wf'0 ( * self)} + let rec set'0 (self:borrowed (Board'0.t_board)) (p:Point'0.t_point) (v:usize) (return' (ret:()))= {[@expl:precondition] [%#span104] in_bounds'0 ( * self) p} + {[@expl:precondition] [%#span103] wf'0 ( * self)} any - [ return' (result:())-> {[%#span118] C06KnightsTour_Board_Type.board_size ( ^ self) + [ return' (result:())-> {[%#span106] C06KnightsTour_Board_Type.board_size ( ^ self) = C06KnightsTour_Board_Type.board_size ( * self)} - {[%#span117] wf'0 ( ^ self)} + {[%#span105] wf'0 ( ^ self)} (! return' {result}) ] - let rec new'0 (size:usize) (return' (ret:Board'0.t_board))= {[@expl:precondition] [%#span119] UIntSize.to_int size + let rec new'0 (size:usize) (return' (ret:Board'0.t_board))= {[@expl:precondition] [%#span107] UIntSize.to_int size <= 1000} any - [ return' (result:Board'0.t_board)-> {[%#span121] wf'0 result} - {[%#span120] C06KnightsTour_Board_Type.board_size result = size} + [ return' (result:Board'0.t_board)-> {[%#span109] wf'0 result} + {[%#span108] C06KnightsTour_Board_Type.board_size result = size} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/vector/07_read_write.coma b/creusot/tests/should_succeed/vector/07_read_write.coma index 1eb997237e..9b2b09bbaf 100644 --- a/creusot/tests/should_succeed/vector/07_read_write.coma +++ b/creusot/tests/should_succeed/vector/07_read_write.coma @@ -101,22 +101,7 @@ module Alloc_Alloc_Global_Type end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C07ReadWrite_ReadWrite type t @@ -131,71 +116,63 @@ module C07ReadWrite_ReadWrite let%span span4 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span7 = "" 0 0 0 0 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span8 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span9 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span10 = "" 0 0 0 0 + let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span11 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span12 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span12 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span13 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span13 = "../../../../../creusot-contracts/src/model.rs" 81 8 81 28 - let%span span14 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span14 = "" 0 0 0 0 - let%span span15 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span15 = "" 0 0 0 0 - let%span span16 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span16 = "../../../../../creusot-contracts/src/std/cmp.rs" 11 26 11 75 - let%span span17 = "../../../../../creusot-contracts/src/model.rs" 81 8 81 28 + let%span span17 = "../../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span18 = "" 0 0 0 0 + let%span span18 = "../../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span19 = "" 0 0 0 0 + let%span span19 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span20 = "../../../../../creusot-contracts/src/std/cmp.rs" 11 26 11 75 + let%span span20 = "../../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 - let%span span21 = "../../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span21 = "" 0 0 0 0 - let%span span22 = "../../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span22 = "" 0 0 0 0 - let%span span23 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span23 = "../../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 - let%span span24 = "../../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 + let%span span24 = "" 0 0 0 0 - let%span span25 = "" 0 0 0 0 + let%span span25 = "../../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 - let%span span26 = "" 0 0 0 0 + let%span span26 = "../../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 - let%span span27 = "../../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 + let%span span27 = "" 0 0 0 0 let%span span28 = "" 0 0 0 0 - let%span span29 = "../../../../../creusot-contracts/src/std/slice.rs" 114 8 114 96 - - let%span span30 = "../../../../../creusot-contracts/src/std/vec.rs" 146 27 146 46 + let%span span29 = "../../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 - let%span span31 = "" 0 0 0 0 + let%span span30 = "../../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 - let%span span32 = "" 0 0 0 0 + let%span span31 = "../../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 - let%span span33 = "../../../../../creusot-contracts/src/std/vec.rs" 147 26 147 54 + let%span span32 = "../../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 - let%span span34 = "../../../../../creusot-contracts/src/std/vec.rs" 148 26 148 57 - - let%span span35 = "../../../../../creusot-contracts/src/std/vec.rs" 149 26 149 62 - - let%span span36 = "../../../../../creusot-contracts/src/std/vec.rs" 150 26 150 55 - - let%span span37 = "" 0 0 0 0 + let%span span33 = "" 0 0 0 0 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 @@ -226,20 +203,15 @@ module C07ReadWrite_ReadWrite use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span5] inv'7 self) -> ([%#span6] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span5] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq t = [%#span7] () + constant empty'0 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span9] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span8] len'0 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span6] len'0 (empty'0 : Seq'0.t_seq t) = 0 use prelude.prelude.Borrow @@ -269,84 +241,81 @@ module C07ReadWrite_ReadWrite use prelude.prelude.UIntSize - constant max'0 : usize = [%#span10] (18446744073709551615 : usize) + constant max'0 : usize = [%#span7] (18446744073709551615 : usize) predicate inv'0 (_x : Vec'0.t_vec t (Global'0.t_global)) function shallow_model'1 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq t - axiom shallow_model'1_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span11] inv'0 self) - -> ([%#span13] inv'7 (shallow_model'1 self)) - && ([%#span12] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'1_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span8] inv'0 self) + -> ([%#span9] len'0 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'0 (self : Vec'0.t_vec t (Global'0.t_global)) = - [%#span14] inv'7 (shallow_model'1 self) + [%#span10] inv'7 (shallow_model'1 self) axiom inv'0 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'0 x = true function shallow_model'0 (self : borrowed (Vec'0.t_vec t (Global'0.t_global))) : Seq'0.t_seq t = - [%#span15] shallow_model'1 ( * self) + [%#span11] shallow_model'1 ( * self) use prelude.prelude.Intrinsic predicate resolve'3 (self : borrowed (Vec'0.t_vec t (Global'0.t_global))) = - [%#span16] ^ self = * self + [%#span12] ^ self = * self type deep_model_ty'0 function deep_model'1 (self : t) : deep_model_ty'0 function deep_model'0 (self : t) : deep_model_ty'0 = - [%#span17] deep_model'1 self + [%#span13] deep_model'1 self - let rec eq'0 (self:t) (other:t) (return' (ret:bool))= {[@expl:precondition] [%#span19] inv'3 other} - {[@expl:precondition] [%#span18] inv'3 self} - any [ return' (result:bool)-> {[%#span20] result = (deep_model'0 self = deep_model'0 other)} (! return' {result}) ] + let rec eq'0 (self:t) (other:t) (return' (ret:bool))= {[@expl:precondition] [%#span15] inv'3 other} + {[@expl:precondition] [%#span14] inv'3 self} + any [ return' (result:bool)-> {[%#span16] result = (deep_model'0 self = deep_model'0 other)} (! return' {result}) ] predicate resolve'2 (self : t) use prelude.prelude.Slice - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'0 (self : Seq'0.t_seq t) (_2 : int) : t predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq t) (out : t) = - [%#span21] index_logic'0 seq (UIntSize.to_int self) = out + [%#span17] index_logic'0 seq (UIntSize.to_int self) = out predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq t) = - [%#span22] UIntSize.to_int self < len'0 seq + [%#span18] UIntSize.to_int self < len'0 seq function shallow_model'2 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq t = - [%#span23] shallow_model'1 self + [%#span19] shallow_model'1 self - let rec index'0 (self:Vec'0.t_vec t (Global'0.t_global)) (index:usize) (return' (ret:t))= {[@expl:precondition] [%#span26] inv'5 index} - {[@expl:precondition] [%#span25] inv'6 self} - {[@expl:precondition] [%#span24] in_bounds'0 index (shallow_model'2 self)} + let rec index'0 (self:Vec'0.t_vec t (Global'0.t_global)) (index:usize) (return' (ret:t))= {[@expl:precondition] [%#span22] inv'5 index} + {[@expl:precondition] [%#span21] inv'6 self} + {[@expl:precondition] [%#span20] in_bounds'0 index (shallow_model'2 self)} any - [ return' (result:t)-> {[%#span28] inv'3 result} - {[%#span27] has_value'0 index (shallow_model'2 self) result} + [ return' (result:t)-> {[%#span24] inv'3 result} + {[%#span23] has_value'0 index (shallow_model'2 self) result} (! return' {result}) ] predicate resolve'1 (self : borrowed t) = - [%#span16] ^ self = * self + [%#span12] ^ self = * self predicate resolve'0 (self : t) predicate resolve_elswhere'0 [@inline:trivial] (self : usize) (old' : Seq'0.t_seq t) (fin : Seq'0.t_seq t) = - [%#span29] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'0 old' + [%#span25] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < len'0 old' -> index_logic'0 old' i = index_logic'0 fin i - let rec index_mut'0 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (index:usize) (return' (ret:borrowed t))= {[@expl:precondition] [%#span32] inv'5 index} - {[@expl:precondition] [%#span31] inv'4 self} - {[@expl:precondition] [%#span30] in_bounds'0 index (shallow_model'0 self)} + let rec index_mut'0 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (index:usize) (return' (ret:borrowed t))= {[@expl:precondition] [%#span28] inv'5 index} + {[@expl:precondition] [%#span27] inv'4 self} + {[@expl:precondition] [%#span26] in_bounds'0 index (shallow_model'0 self)} any - [ return' (result:borrowed t)-> {[%#span37] inv'2 result} - {[%#span36] len'0 (shallow_model'1 ( ^ self)) = len'0 (shallow_model'0 self)} - {[%#span35] resolve_elswhere'0 index (shallow_model'0 self) (shallow_model'1 ( ^ self))} - {[%#span34] has_value'0 index (shallow_model'1 ( ^ self)) ( ^ result)} - {[%#span33] has_value'0 index (shallow_model'0 self) ( * result)} + [ return' (result:borrowed t)-> {[%#span33] inv'2 result} + {[%#span32] len'0 (shallow_model'1 ( ^ self)) = len'0 (shallow_model'0 self)} + {[%#span31] resolve_elswhere'0 index (shallow_model'0 self) (shallow_model'1 ( ^ self))} + {[%#span30] has_value'0 index (shallow_model'1 ( ^ self)) ( ^ result)} + {[%#span29] has_value'0 index (shallow_model'0 self) ( * result)} (! return' {result}) ] diff --git a/creusot/tests/should_succeed/vector/08_haystack.coma b/creusot/tests/should_succeed/vector/08_haystack.coma index 544b91acd1..248f10f490 100644 --- a/creusot/tests/should_succeed/vector/08_haystack.coma +++ b/creusot/tests/should_succeed/vector/08_haystack.coma @@ -101,22 +101,7 @@ module Alloc_Alloc_Global_Type end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module Core_Ops_Range_RangeInclusive_Type type t_rangeinclusive 'idx = @@ -221,177 +206,158 @@ module C08Haystack_Search let%span s08_haystack14 = "../08_haystack.rs" 20 0 20 139 - let%span span15 = "" 0 0 0 0 + let%span span15 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 - let%span span16 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span16 = "" 0 0 0 0 - let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span17 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 let%span span18 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 let%span span19 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span20 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span20 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span21 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span21 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 - let%span span22 = "../../../../../creusot-contracts/src/invariant.rs" 8 8 8 12 + let%span span22 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 - let%span span23 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 18 107 22 + let%span span23 = "../../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 - let%span span24 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 24 107 29 + let%span span24 = "../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 - let%span span25 = "../../../../../creusot-contracts/src/logic/seq2.rs" 104 14 104 54 + let%span span25 = "../../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 - let%span span26 = "../../../../../creusot-contracts/src/logic/seq2.rs" 105 4 106 62 + let%span span26 = "../../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 - let%span span27 = "../../../../../creusot-contracts/src/logic/seq2.rs" 107 4 107 44 + let%span span27 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 - let%span span28 = "../../../../../creusot-contracts/src/std/num.rs" 22 16 22 35 + let%span span28 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 - let%span span29 = "../../../../../creusot-contracts/src/std/iter/range.rs" 21 8 27 9 + let%span span29 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 - let%span span30 = "../../../../../creusot-contracts/src/std/iter/range.rs" 37 15 37 32 + let%span span30 = "../../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 - let%span span31 = "../../../../../creusot-contracts/src/std/iter/range.rs" 38 15 38 32 + let%span span31 = "../../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 - let%span span32 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 22 40 23 + let%span span32 = "../../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 - let%span span33 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 31 40 33 + let%span span33 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span34 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 52 40 53 + let%span span34 = "../../../../../creusot-contracts/src/std/ops.rs" 207 20 207 24 - let%span span35 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 61 40 63 + let%span span35 = "../../../../../creusot-contracts/src/std/ops.rs" 206 4 206 88 - let%span span36 = "../../../../../creusot-contracts/src/std/iter/range.rs" 40 82 40 83 + let%span span36 = "../../../../../creusot-contracts/src/std/iter/range.rs" 46 62 46 63 - let%span span37 = "../../../../../creusot-contracts/src/std/iter/range.rs" 39 14 39 42 + let%span span37 = "../../../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 - let%span span38 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span38 = "../../../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 - let%span span39 = "../../../../../creusot-contracts/src/std/iter/range.rs" 33 21 33 25 + let%span span39 = "../../../../../creusot-contracts/src/std/iter/range.rs" 65 8 71 9 - let%span span40 = "../../../../../creusot-contracts/src/std/iter/range.rs" 32 14 32 45 + let%span span40 = "../../../../../creusot-contracts/src/std/iter/range.rs" 81 15 81 32 - let%span span41 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span41 = "../../../../../creusot-contracts/src/std/iter/range.rs" 82 15 82 32 - let%span span42 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span42 = "../../../../../creusot-contracts/src/std/iter/range.rs" 84 22 84 23 - let%span span43 = "../../../../../creusot-contracts/src/std/ops.rs" 207 20 207 24 + let%span span43 = "../../../../../creusot-contracts/src/std/iter/range.rs" 84 52 84 53 - let%span span44 = "../../../../../creusot-contracts/src/std/ops.rs" 206 4 206 88 + let%span span44 = "../../../../../creusot-contracts/src/std/iter/range.rs" 84 82 84 83 - let%span span45 = "../../../../../creusot-contracts/src/std/iter/range.rs" 46 62 46 63 + let%span span45 = "../../../../../creusot-contracts/src/std/iter/range.rs" 83 14 83 42 - let%span span46 = "../../../../../creusot-contracts/src/std/iter/range.rs" 45 10 45 43 + let%span span46 = "../../../../../creusot-contracts/src/std/iter/range.rs" 79 4 79 10 - let%span span47 = "../../../../../creusot-contracts/src/std/iter/range.rs" 47 4 50 5 + let%span span47 = "../../../../../creusot-contracts/src/std/iter/range.rs" 77 21 77 25 - let%span span48 = "../../../../../creusot-contracts/src/std/iter/range.rs" 65 8 71 9 + let%span span48 = "../../../../../creusot-contracts/src/std/iter/range.rs" 76 14 76 45 - let%span span49 = "../../../../../creusot-contracts/src/std/iter/range.rs" 81 15 81 32 + let%span span49 = "../../../../../creusot-contracts/src/std/iter/range.rs" 74 4 74 10 - let%span span50 = "../../../../../creusot-contracts/src/std/iter/range.rs" 82 15 82 32 + let%span span50 = "../../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 - let%span span51 = "../../../../../creusot-contracts/src/std/iter/range.rs" 84 22 84 23 + let%span span51 = "../../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 - let%span span52 = "../../../../../creusot-contracts/src/std/iter/range.rs" 84 31 84 33 + let%span span52 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 - let%span span53 = "../../../../../creusot-contracts/src/std/iter/range.rs" 84 52 84 53 + let%span span53 = "../../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 - let%span span54 = "../../../../../creusot-contracts/src/std/iter/range.rs" 84 61 84 63 + let%span span54 = "" 0 0 0 0 - let%span span55 = "../../../../../creusot-contracts/src/std/iter/range.rs" 84 82 84 83 + let%span span55 = "" 0 0 0 0 - let%span span56 = "../../../../../creusot-contracts/src/std/iter/range.rs" 83 14 83 42 + let%span span56 = "../../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 - let%span span57 = "../../../../../creusot-contracts/src/std/iter/range.rs" 79 4 79 10 + let%span span57 = "" 0 0 0 0 - let%span span58 = "../../../../../creusot-contracts/src/std/iter/range.rs" 77 21 77 25 + let%span span58 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span59 = "../../../../../creusot-contracts/src/std/iter/range.rs" 76 14 76 45 + let%span span59 = "../../../../../creusot-contracts/src/logic/seq2.rs" 54 21 54 22 - let%span span60 = "../../../../../creusot-contracts/src/std/iter/range.rs" 74 4 74 10 + let%span span60 = "../../../../../creusot-contracts/src/logic/seq2.rs" 52 14 52 31 - let%span span61 = "../../../../../creusot-contracts/src/std/slice.rs" 107 20 107 37 + let%span span61 = "../../../../../creusot-contracts/src/logic/seq2.rs" 53 14 53 28 - let%span span62 = "../../../../../creusot-contracts/src/std/slice.rs" 100 20 100 37 + let%span span62 = "../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 - let%span span63 = "../../../../../creusot-contracts/src/model.rs" 90 8 90 31 + let%span span63 = "" 0 0 0 0 - let%span span64 = "../../../../../creusot-contracts/src/std/vec.rs" 156 27 156 46 + let%span span64 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 let%span span65 = "" 0 0 0 0 - let%span span66 = "" 0 0 0 0 + let%span span66 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 - let%span span67 = "../../../../../creusot-contracts/src/std/vec.rs" 157 26 157 54 + let%span span67 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 - let%span span68 = "" 0 0 0 0 + let%span span68 = "../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 - let%span span69 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span69 = "../../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 - let%span span70 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 21 58 22 + let%span span70 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 - let%span span71 = "../../../../../creusot-contracts/src/logic/seq2.rs" 56 14 56 31 + let%span span71 = "" 0 0 0 0 - let%span span72 = "../../../../../creusot-contracts/src/logic/seq2.rs" 57 14 57 28 + let%span span72 = "" 0 0 0 0 - let%span span73 = "../../../../../creusot-contracts/src/logic/seq2.rs" 58 4 58 34 + let%span span73 = "../../../../../creusot-contracts/src/std/iter/range.rs" 58 12 58 57 - let%span span74 = "../../../../../creusot-contracts/src/std/iter/range.rs" 14 12 14 78 + let%span span74 = "" 0 0 0 0 let%span span75 = "" 0 0 0 0 - let%span span76 = "../../../../../creusot-contracts/src/std/iter.rs" 95 26 98 17 + let%span span76 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span77 = "" 0 0 0 0 + let%span span77 = "../08_haystack.rs" 8 4 12 5 - let%span span78 = "../../../../../creusot-contracts/src/snapshot.rs" 45 15 45 16 + let%span span78 = "" 0 0 0 0 - let%span span79 = "../../../../../creusot-contracts/src/snapshot.rs" 43 14 43 28 + let%span span79 = "" 0 0 0 0 - let%span span80 = "../../../../../creusot-contracts/src/std/iter.rs" 80 8 80 19 + let%span span80 = "../../../../../creusot-contracts/src/std/ops.rs" 220 26 220 53 - let%span span81 = "../../../../../creusot-contracts/src/std/iter.rs" 74 20 74 24 + let%span span81 = "../../../../../creusot-contracts/src/std/ops.rs" 221 26 221 49 - let%span span82 = "../../../../../creusot-contracts/src/std/iter.rs" 89 0 175 1 + let%span span82 = "../../../../../creusot-contracts/src/std/ops.rs" 222 16 222 93 let%span span83 = "" 0 0 0 0 let%span span84 = "" 0 0 0 0 - let%span span85 = "../../../../../creusot-contracts/src/std/iter/range.rs" 58 12 58 57 - - let%span span86 = "" 0 0 0 0 - - let%span span87 = "" 0 0 0 0 - - let%span span88 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - - let%span span89 = "../08_haystack.rs" 8 4 12 5 - - let%span span90 = "" 0 0 0 0 - - let%span span91 = "" 0 0 0 0 - - let%span span92 = "../../../../../creusot-contracts/src/std/ops.rs" 220 26 220 53 - - let%span span93 = "../../../../../creusot-contracts/src/std/ops.rs" 221 26 221 49 - - let%span span94 = "../../../../../creusot-contracts/src/std/ops.rs" 222 16 222 93 - - let%span span95 = "" 0 0 0 0 - - let%span span96 = "" 0 0 0 0 - - let%span span97 = "../../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 + let%span span85 = "../../../../../creusot-contracts/src/std/vec.rs" 78 26 78 48 use prelude.prelude.UInt8 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 - predicate inv'5 (_x : Seq'0.t_seq uint8) + predicate invariant'10 (self : Seq'0.t_seq uint8) = + [%#span15] true + + predicate inv'10 (_x : Seq'0.t_seq uint8) + + axiom inv'10 : forall x : Seq'0.t_seq uint8 . inv'10 x = true use Alloc_Alloc_Global_Type as Global'0 @@ -403,124 +369,106 @@ module C08Haystack_Search use prelude.prelude.Int - constant max'0 : usize = [%#span15] (18446744073709551615 : usize) - - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type + constant max'0 : usize = [%#span16] (18446744073709551615 : usize) function len'2 (self : Seq'0.t_seq uint8) : int - axiom len'2_spec : forall self : Seq'0.t_seq uint8 . ([%#span16] inv'5 self) -> ([%#span17] len'2 self >= 0) + axiom len'2_spec : forall self : Seq'0.t_seq uint8 . [%#span17] len'2 self >= 0 - predicate inv'10 (_x : Vec'0.t_vec uint8 (Global'0.t_global)) + predicate inv'9 (_x : Vec'0.t_vec uint8 (Global'0.t_global)) function shallow_model'1 (self : Vec'0.t_vec uint8 (Global'0.t_global)) : Seq'0.t_seq uint8 - axiom shallow_model'1_spec : forall self : Vec'0.t_vec uint8 (Global'0.t_global) . ([%#span18] inv'10 self) - -> ([%#span20] inv'5 (shallow_model'1 self)) - && ([%#span19] len'2 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'1_spec : forall self : Vec'0.t_vec uint8 (Global'0.t_global) . ([%#span18] inv'9 self) + -> ([%#span19] len'2 (shallow_model'1 self) <= UIntSize.to_int (max'0 : usize)) - predicate invariant'10 (self : Vec'0.t_vec uint8 (Global'0.t_global)) = - [%#span21] inv'5 (shallow_model'1 self) + predicate invariant'9 (self : Vec'0.t_vec uint8 (Global'0.t_global)) = + [%#span20] inv'10 (shallow_model'1 self) - axiom inv'10 : forall x : Vec'0.t_vec uint8 (Global'0.t_global) . inv'10 x = true + axiom inv'9 : forall x : Vec'0.t_vec uint8 (Global'0.t_global) . inv'9 x = true - predicate invariant'9 (self : uint8) = - [%#span22] true + predicate invariant'8 (self : uint8) = + [%#span15] true - predicate inv'9 (_x : uint8) + predicate inv'8 (_x : uint8) - axiom inv'9 : forall x : uint8 . inv'9 x = true + axiom inv'8 : forall x : uint8 . inv'8 x = true use Core_Ops_Range_Range_Type as Range'0 use prelude.prelude.Borrow - predicate invariant'8 (self : borrowed (Range'0.t_range usize)) = - [%#span22] true + predicate invariant'7 (self : borrowed (Range'0.t_range usize)) = + [%#span15] true - predicate inv'8 (_x : borrowed (Range'0.t_range usize)) + predicate inv'7 (_x : borrowed (Range'0.t_range usize)) - axiom inv'8 : forall x : borrowed (Range'0.t_range usize) . inv'8 x = true + axiom inv'7 : forall x : borrowed (Range'0.t_range usize) . inv'7 x = true use Core_Option_Option_Type as Option'0 - predicate invariant'7 (self : Option'0.t_option usize) = - [%#span22] true + predicate invariant'6 (self : Option'0.t_option usize) = + [%#span15] true - predicate inv'7 (_x : Option'0.t_option usize) + predicate inv'6 (_x : Option'0.t_option usize) - axiom inv'7 : forall x : Option'0.t_option usize . inv'7 x = true + axiom inv'6 : forall x : Option'0.t_option usize . inv'6 x = true use Core_Ops_Range_RangeInclusive_Type as RangeInclusive'0 - predicate invariant'6 (self : borrowed (RangeInclusive'0.t_rangeinclusive usize)) = - [%#span22] true + predicate invariant'5 (self : borrowed (RangeInclusive'0.t_rangeinclusive usize)) = + [%#span15] true - predicate inv'6 (_x : borrowed (RangeInclusive'0.t_rangeinclusive usize)) + predicate inv'5 (_x : borrowed (RangeInclusive'0.t_rangeinclusive usize)) - axiom inv'6 : forall x : borrowed (RangeInclusive'0.t_rangeinclusive usize) . inv'6 x = true - - predicate invariant'5 (self : Seq'0.t_seq uint8) = - [%#span22] true - - axiom inv'5 : forall x : Seq'0.t_seq uint8 . inv'5 x = true + axiom inv'5 : forall x : borrowed (RangeInclusive'0.t_rangeinclusive usize) . inv'5 x = true predicate invariant'4 (self : Seq'0.t_seq usize) = - [%#span22] true + [%#span15] true predicate inv'4 (_x : Seq'0.t_seq usize) axiom inv'4 : forall x : Seq'0.t_seq usize . inv'4 x = true predicate invariant'3 (self : usize) = - [%#span22] true + [%#span15] true predicate inv'3 (_x : usize) axiom inv'3 : forall x : usize . inv'3 x = true predicate invariant'2 (self : Vec'0.t_vec uint8 (Global'0.t_global)) = - [%#span22] true + [%#span15] true predicate inv'2 (_x : Vec'0.t_vec uint8 (Global'0.t_global)) axiom inv'2 : forall x : Vec'0.t_vec uint8 (Global'0.t_global) . inv'2 x = true - use seq.Seq - - use seq.Seq - - function index_logic'0 (self : Seq'0.t_seq usize) (x : int) : usize - - use seq.Seq + function index_logic'0 (self : Seq'0.t_seq usize) (_2 : int) : usize function len'1 (self : Seq'0.t_seq usize) : int - axiom len'1_spec : forall self : Seq'0.t_seq usize . ([%#span16] inv'4 self) -> ([%#span17] len'1 self >= 0) + axiom len'1_spec : forall self : Seq'0.t_seq usize . [%#span17] len'1 self >= 0 function concat'0 (self : Seq'0.t_seq usize) (other : Seq'0.t_seq usize) : Seq'0.t_seq usize - axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span23] inv'4 self) - -> ([%#span24] inv'4 other) - -> ([%#span27] inv'4 (concat'0 self other)) - && ([%#span26] forall i : int . 0 <= i /\ i < len'1 (concat'0 self other) + axiom concat'0_spec : forall self : Seq'0.t_seq usize, other : Seq'0.t_seq usize . ([%#span22] forall i : int . 0 <= i + /\ i < len'1 (concat'0 self other) -> index_logic'0 (concat'0 self other) i = (if i < len'1 self then index_logic'0 self i else index_logic'0 other (i - len'1 self))) - && ([%#span25] len'1 (concat'0 self other) = len'1 self + len'1 other) + && ([%#span21] len'1 (concat'0 self other) = len'1 self + len'1 other) predicate inv'1 (_x : Range'0.t_range usize) use prelude.prelude.Int function deep_model'0 (self : usize) : int = - [%#span28] UIntSize.to_int self + [%#span23] UIntSize.to_int self use Core_Ops_Range_Range_Type as Core_Ops_Range_Range_Type predicate produces'1 (self : Range'0.t_range usize) (visited : Seq'0.t_seq usize) (o : Range'0.t_range usize) = - [%#span29] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o + [%#span24] Core_Ops_Range_Range_Type.range_end self = Core_Ops_Range_Range_Type.range_end o /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start self) <= deep_model'0 (Core_Ops_Range_Range_Type.range_start o) /\ (len'1 visited > 0 @@ -533,31 +481,28 @@ module C08Haystack_Search function produces_trans'1 (a : Range'0.t_range usize) (ab : Seq'0.t_seq usize) (b : Range'0.t_range usize) (bc : Seq'0.t_seq usize) (c : Range'0.t_range usize) : () - axiom produces_trans'1_spec : forall a : Range'0.t_range usize, ab : Seq'0.t_seq usize, b : Range'0.t_range usize, bc : Seq'0.t_seq usize, c : Range'0.t_range usize . ([%#span30] produces'1 a ab b) - -> ([%#span31] produces'1 b bc c) - -> ([%#span32] inv'1 a) - -> ([%#span33] inv'4 ab) - -> ([%#span34] inv'1 b) - -> ([%#span35] inv'4 bc) -> ([%#span36] inv'1 c) -> ([%#span37] produces'1 a (concat'0 ab bc) c) + axiom produces_trans'1_spec : forall a : Range'0.t_range usize, ab : Seq'0.t_seq usize, b : Range'0.t_range usize, bc : Seq'0.t_seq usize, c : Range'0.t_range usize . ([%#span25] produces'1 a ab b) + -> ([%#span26] produces'1 b bc c) + -> ([%#span27] inv'1 a) + -> ([%#span28] inv'1 b) -> ([%#span29] inv'1 c) -> ([%#span30] produces'1 a (concat'0 ab bc) c) - constant empty'0 : Seq'0.t_seq usize = [%#span38] () + constant empty'0 : Seq'0.t_seq usize function produces_refl'1 (self : Range'0.t_range usize) : () - axiom produces_refl'1_spec : forall self : Range'0.t_range usize . ([%#span39] inv'1 self) - -> ([%#span40] produces'1 self (empty'0 : Seq'0.t_seq usize) self) + axiom produces_refl'1_spec : forall self : Range'0.t_range usize . ([%#span31] inv'1 self) + -> ([%#span32] produces'1 self (empty'0 : Seq'0.t_seq usize) self) predicate invariant'1 (self : Range'0.t_range usize) = - [%#span22] true + [%#span15] true axiom inv'1 : forall x : Range'0.t_range usize . inv'1 x = true - constant empty'1 : Seq'0.t_seq uint8 = [%#span38] () + constant empty'1 : Seq'0.t_seq uint8 - function empty_len'1 (_1 : ()) : () = - [%#span42] () + function empty_len'1 (_1 : ()) : () - axiom empty_len'1_spec : forall _1 : () . [%#span41] len'2 (empty'1 : Seq'0.t_seq uint8) = 0 + axiom empty_len'1_spec : forall _1 : () . [%#span33] len'2 (empty'1 : Seq'0.t_seq uint8) = 0 predicate inv'0 (_x : RangeInclusive'0.t_rangeinclusive usize) @@ -569,19 +514,19 @@ module C08Haystack_Search function is_empty_log'0 (self : RangeInclusive'0.t_rangeinclusive usize) : bool - axiom is_empty_log'0_spec : forall self : RangeInclusive'0.t_rangeinclusive usize . ([%#span43] inv'0 self) - -> ([%#span44] not is_empty_log'0 self -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self)) + axiom is_empty_log'0_spec : forall self : RangeInclusive'0.t_rangeinclusive usize . ([%#span34] inv'0 self) + -> ([%#span35] not is_empty_log'0 self -> deep_model'0 (start_log'0 self) <= deep_model'0 (end_log'0 self)) function range_inclusive_len'0 (r : RangeInclusive'0.t_rangeinclusive usize) : int = - [%#span47] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 + [%#span38] if is_empty_log'0 r then 0 else deep_model'0 (end_log'0 r) - deep_model'0 (start_log'0 r) + 1 - axiom range_inclusive_len'0_spec : forall r : RangeInclusive'0.t_rangeinclusive usize . ([%#span45] inv'0 r) - -> ([%#span46] is_empty_log'0 r = (range_inclusive_len'0 r = 0)) + axiom range_inclusive_len'0_spec : forall r : RangeInclusive'0.t_rangeinclusive usize . ([%#span36] inv'0 r) + -> ([%#span37] is_empty_log'0 r = (range_inclusive_len'0 r = 0)) predicate produces'0 (self : RangeInclusive'0.t_rangeinclusive usize) (visited : Seq'0.t_seq usize) (o : RangeInclusive'0.t_rangeinclusive usize) = - [%#span48] len'1 visited = range_inclusive_len'0 self - range_inclusive_len'0 o + [%#span39] len'1 visited = range_inclusive_len'0 self - range_inclusive_len'0 o /\ (is_empty_log'0 self -> is_empty_log'0 o) /\ (is_empty_log'0 o \/ end_log'0 self = end_log'0 o) /\ (forall i : int . 0 <= i /\ i < len'1 visited @@ -590,30 +535,27 @@ module C08Haystack_Search function produces_trans'0 (a : RangeInclusive'0.t_rangeinclusive usize) (ab : Seq'0.t_seq usize) (b : RangeInclusive'0.t_rangeinclusive usize) (bc : Seq'0.t_seq usize) (c : RangeInclusive'0.t_rangeinclusive usize) : () = - [%#span57] () + [%#span46] () - axiom produces_trans'0_spec : forall a : RangeInclusive'0.t_rangeinclusive usize, ab : Seq'0.t_seq usize, b : RangeInclusive'0.t_rangeinclusive usize, bc : Seq'0.t_seq usize, c : RangeInclusive'0.t_rangeinclusive usize . ([%#span49] produces'0 a ab b) - -> ([%#span50] produces'0 b bc c) - -> ([%#span51] inv'0 a) - -> ([%#span52] inv'4 ab) - -> ([%#span53] inv'0 b) - -> ([%#span54] inv'4 bc) -> ([%#span55] inv'0 c) -> ([%#span56] produces'0 a (concat'0 ab bc) c) + axiom produces_trans'0_spec : forall a : RangeInclusive'0.t_rangeinclusive usize, ab : Seq'0.t_seq usize, b : RangeInclusive'0.t_rangeinclusive usize, bc : Seq'0.t_seq usize, c : RangeInclusive'0.t_rangeinclusive usize . ([%#span40] produces'0 a ab b) + -> ([%#span41] produces'0 b bc c) + -> ([%#span42] inv'0 a) + -> ([%#span43] inv'0 b) -> ([%#span44] inv'0 c) -> ([%#span45] produces'0 a (concat'0 ab bc) c) function produces_refl'0 (self : RangeInclusive'0.t_rangeinclusive usize) : () = - [%#span60] () + [%#span49] () - axiom produces_refl'0_spec : forall self : RangeInclusive'0.t_rangeinclusive usize . ([%#span58] inv'0 self) - -> ([%#span59] produces'0 self (empty'0 : Seq'0.t_seq usize) self) + axiom produces_refl'0_spec : forall self : RangeInclusive'0.t_rangeinclusive usize . ([%#span47] inv'0 self) + -> ([%#span48] produces'0 self (empty'0 : Seq'0.t_seq usize) self) predicate invariant'0 (self : RangeInclusive'0.t_rangeinclusive usize) = - [%#span22] true + [%#span15] true axiom inv'0 : forall x : RangeInclusive'0.t_rangeinclusive usize . inv'0 x = true - function empty_len'0 (_1 : ()) : () = - [%#span42] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span41] len'1 (empty'0 : Seq'0.t_seq usize) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span33] len'1 (empty'0 : Seq'0.t_seq usize) = 0 use CreusotContracts_Snapshot_Snapshot_Type as Snapshot'0 @@ -621,48 +563,43 @@ module C08Haystack_Search use prelude.prelude.Slice - use seq.Seq - - function index_logic'2 (self : Seq'0.t_seq uint8) (x : int) : uint8 + function index_logic'2 (self : Seq'0.t_seq uint8) (_2 : int) : uint8 predicate has_value'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq uint8) (out : uint8) = - [%#span61] index_logic'2 seq (UIntSize.to_int self) = out + [%#span50] index_logic'2 seq (UIntSize.to_int self) = out predicate in_bounds'0 [@inline:trivial] (self : usize) (seq : Seq'0.t_seq uint8) = - [%#span62] UIntSize.to_int self < len'2 seq + [%#span51] UIntSize.to_int self < len'2 seq function shallow_model'0 (self : Vec'0.t_vec uint8 (Global'0.t_global)) : Seq'0.t_seq uint8 = - [%#span63] shallow_model'1 self + [%#span52] shallow_model'1 self - let rec index'0 (self:Vec'0.t_vec uint8 (Global'0.t_global)) (index:usize) (return' (ret:uint8))= {[@expl:precondition] [%#span66] inv'3 index} - {[@expl:precondition] [%#span65] inv'2 self} - {[@expl:precondition] [%#span64] in_bounds'0 index (shallow_model'0 self)} + let rec index'0 (self:Vec'0.t_vec uint8 (Global'0.t_global)) (index:usize) (return' (ret:uint8))= {[@expl:precondition] [%#span55] inv'3 index} + {[@expl:precondition] [%#span54] inv'2 self} + {[@expl:precondition] [%#span53] in_bounds'0 index (shallow_model'0 self)} any - [ return' (result:uint8)-> {[%#span68] inv'9 result} - {[%#span67] has_value'0 index (shallow_model'0 self) result} + [ return' (result:uint8)-> {[%#span57] inv'8 result} + {[%#span56] has_value'0 index (shallow_model'0 self) result} (! return' {result}) ] predicate resolve'1 (self : borrowed (Range'0.t_range usize)) = - [%#span69] ^ self = * self - - use seq.Seq + [%#span58] ^ self = * self function singleton'0 (v : usize) : Seq'0.t_seq usize - axiom singleton'0_spec : forall v : usize . ([%#span70] inv'3 v) - -> ([%#span73] inv'4 (singleton'0 v)) - && ([%#span72] index_logic'0 (singleton'0 v) 0 = v) && ([%#span71] len'1 (singleton'0 v) = 1) + axiom singleton'0_spec : forall v : usize . ([%#span59] inv'3 v) + -> ([%#span61] index_logic'0 (singleton'0 v) 0 = v) && ([%#span60] len'1 (singleton'0 v) = 1) predicate completed'1 (self : borrowed (Range'0.t_range usize)) = - [%#span74] resolve'1 self + [%#span62] resolve'1 self /\ deep_model'0 (Core_Ops_Range_Range_Type.range_start ( * self)) >= deep_model'0 (Core_Ops_Range_Range_Type.range_end ( * self)) - let rec next'1 (self:borrowed (Range'0.t_range usize)) (return' (ret:Option'0.t_option usize))= {[@expl:precondition] [%#span75] inv'8 self} + let rec next'1 (self:borrowed (Range'0.t_range usize)) (return' (ret:Option'0.t_option usize))= {[@expl:precondition] [%#span63] inv'7 self} any - [ return' (result:Option'0.t_option usize)-> {[%#span77] inv'7 result} - {[%#span76] match result with + [ return' (result:Option'0.t_option usize)-> {[%#span65] inv'6 result} + {[%#span64] match result with | Option'0.C_None -> completed'1 self | Option'0.C_Some v -> produces'1 ( * self) (singleton'0 v) ( ^ self) end} @@ -675,32 +612,32 @@ module C08Haystack_Search function new'3 (x : Range'0.t_range usize) : Snapshot'0.t_snapshot (Range'0.t_range usize) - axiom new'3_spec : forall x : Range'0.t_range usize . ([%#span78] inv'1 x) -> ([%#span79] deref'2 (new'3 x) = x) + axiom new'3_spec : forall x : Range'0.t_range usize . ([%#span66] inv'1 x) -> ([%#span67] deref'2 (new'3 x) = x) predicate into_iter_post'1 (self : Range'0.t_range usize) (res : Range'0.t_range usize) = - [%#span80] self = res + [%#span68] self = res predicate into_iter_pre'1 (self : Range'0.t_range usize) = - [%#span81] true + [%#span69] true - let rec into_iter'1 (self:Range'0.t_range usize) (return' (ret:Range'0.t_range usize))= {[@expl:precondition] [%#span83] inv'1 self} - {[@expl:precondition] [%#span82] into_iter_pre'1 self} + let rec into_iter'1 (self:Range'0.t_range usize) (return' (ret:Range'0.t_range usize))= {[@expl:precondition] [%#span71] inv'1 self} + {[@expl:precondition] [%#span70] into_iter_pre'1 self} any - [ return' (result:Range'0.t_range usize)-> {[%#span84] inv'1 result} - {[%#span82] into_iter_post'1 self result} + [ return' (result:Range'0.t_range usize)-> {[%#span72] inv'1 result} + {[%#span70] into_iter_post'1 self result} (! return' {result}) ] predicate resolve'0 (self : borrowed (RangeInclusive'0.t_rangeinclusive usize)) = - [%#span69] ^ self = * self + [%#span58] ^ self = * self predicate completed'0 (self : borrowed (RangeInclusive'0.t_rangeinclusive usize)) = - [%#span85] is_empty_log'0 ( * self) /\ is_empty_log'0 ( ^ self) + [%#span73] is_empty_log'0 ( * self) /\ is_empty_log'0 ( ^ self) - let rec next'0 (self:borrowed (RangeInclusive'0.t_rangeinclusive usize)) (return' (ret:Option'0.t_option usize))= {[@expl:precondition] [%#span86] inv'6 self} + let rec next'0 (self:borrowed (RangeInclusive'0.t_rangeinclusive usize)) (return' (ret:Option'0.t_option usize))= {[@expl:precondition] [%#span74] inv'5 self} any - [ return' (result:Option'0.t_option usize)-> {[%#span87] inv'7 result} - {[%#span76] match result with + [ return' (result:Option'0.t_option usize)-> {[%#span75] inv'6 result} + {[%#span64] match result with | Option'0.C_None -> completed'0 self | Option'0.C_Some v -> produces'0 ( * self) (singleton'0 v) ( ^ self) end} @@ -708,12 +645,12 @@ module C08Haystack_Search function index_logic'1 [@inline:trivial] (self : Vec'0.t_vec uint8 (Global'0.t_global)) (ix : int) : uint8 = - [%#span88] index_logic'2 (shallow_model'1 self) ix + [%#span76] index_logic'2 (shallow_model'1 self) ix predicate match_at'0 [#"../08_haystack.rs" 7 0 7 77] (needle : Vec'0.t_vec uint8 (Global'0.t_global)) (haystack : Vec'0.t_vec uint8 (Global'0.t_global)) (pos : int) (len : int) = - [%#span89] len <= len'2 (shallow_model'0 needle) + [%#span77] len <= len'2 (shallow_model'0 needle) /\ pos <= len'2 (shallow_model'0 haystack) - len /\ (forall i : int . 0 <= i /\ i < len -> index_logic'1 needle i = index_logic'1 haystack (pos + i)) @@ -729,43 +666,43 @@ module C08Haystack_Search function new'2 (x : Seq'0.t_seq usize) : Snapshot'0.t_snapshot (Seq'0.t_seq usize) - axiom new'2_spec : forall x : Seq'0.t_seq usize . ([%#span78] inv'4 x) -> ([%#span79] deref'0 (new'2 x) = x) + axiom new'2_spec : forall x : Seq'0.t_seq usize . ([%#span66] inv'4 x) -> ([%#span67] deref'0 (new'2 x) = x) function new'1 (x : RangeInclusive'0.t_rangeinclusive usize) : Snapshot'0.t_snapshot (RangeInclusive'0.t_rangeinclusive usize) - axiom new'1_spec : forall x : RangeInclusive'0.t_rangeinclusive usize . ([%#span78] inv'0 x) - -> ([%#span79] deref'1 (new'1 x) = x) + axiom new'1_spec : forall x : RangeInclusive'0.t_rangeinclusive usize . ([%#span66] inv'0 x) + -> ([%#span67] deref'1 (new'1 x) = x) predicate into_iter_post'0 (self : RangeInclusive'0.t_rangeinclusive usize) (res : RangeInclusive'0.t_rangeinclusive usize) = - [%#span80] self = res + [%#span68] self = res predicate into_iter_pre'0 (self : RangeInclusive'0.t_rangeinclusive usize) = - [%#span81] true + [%#span69] true - let rec into_iter'0 (self:RangeInclusive'0.t_rangeinclusive usize) (return' (ret:RangeInclusive'0.t_rangeinclusive usize))= {[@expl:precondition] [%#span83] inv'0 self} - {[@expl:precondition] [%#span82] into_iter_pre'0 self} + let rec into_iter'0 (self:RangeInclusive'0.t_rangeinclusive usize) (return' (ret:RangeInclusive'0.t_rangeinclusive usize))= {[@expl:precondition] [%#span71] inv'0 self} + {[@expl:precondition] [%#span70] into_iter_pre'0 self} any - [ return' (result:RangeInclusive'0.t_rangeinclusive usize)-> {[%#span84] inv'0 result} - {[%#span82] into_iter_post'0 self result} + [ return' (result:RangeInclusive'0.t_rangeinclusive usize)-> {[%#span72] inv'0 result} + {[%#span70] into_iter_post'0 self result} (! return' {result}) ] - let rec new'0 (start:usize) (end':usize) (return' (ret:RangeInclusive'0.t_rangeinclusive usize))= {[@expl:precondition] [%#span91] inv'3 end'} - {[@expl:precondition] [%#span90] inv'3 start} + let rec new'0 (start:usize) (end':usize) (return' (ret:RangeInclusive'0.t_rangeinclusive usize))= {[@expl:precondition] [%#span79] inv'3 end'} + {[@expl:precondition] [%#span78] inv'3 start} any - [ return' (result:RangeInclusive'0.t_rangeinclusive usize)-> {[%#span95] inv'0 result} - {[%#span94] deep_model'0 start <= deep_model'0 end' -> not is_empty_log'0 result} - {[%#span93] end_log'0 result = end'} - {[%#span92] start_log'0 result = start} + [ return' (result:RangeInclusive'0.t_rangeinclusive usize)-> {[%#span83] inv'0 result} + {[%#span82] deep_model'0 start <= deep_model'0 end' -> not is_empty_log'0 result} + {[%#span81] end_log'0 result = end'} + {[%#span80] start_log'0 result = start} (! return' {result}) ] - let rec len'0 (self:Vec'0.t_vec uint8 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span96] inv'2 self} + let rec len'0 (self:Vec'0.t_vec uint8 (Global'0.t_global)) (return' (ret:usize))= {[@expl:precondition] [%#span84] inv'2 self} any - [ return' (result:usize)-> {[%#span97] UIntSize.to_int result = len'2 (shallow_model'0 self)} (! return' {result}) ] + [ return' (result:usize)-> {[%#span85] UIntSize.to_int result = len'2 (shallow_model'0 self)} (! return' {result}) ] let rec search (needle:Vec'0.t_vec uint8 (Global'0.t_global)) (haystack:Vec'0.t_vec uint8 (Global'0.t_global)) (return' (ret:usize))= {[%#s08_haystack11] len'2 (shallow_model'0 needle) diff --git a/creusot/tests/should_succeed/vector/09_capacity.coma b/creusot/tests/should_succeed/vector/09_capacity.coma index aa68d9c222..278c886575 100644 --- a/creusot/tests/should_succeed/vector/09_capacity.coma +++ b/creusot/tests/should_succeed/vector/09_capacity.coma @@ -101,22 +101,7 @@ module Alloc_Alloc_Global_Type end module CreusotContracts_Logic_Seq2_Seq_Type - use seq.Seq - - type t_seq 't = - | C_Seq (Seq.seq 't) - - function any_l (_ : 'b) : 'a - - let rec t_seq < 't > (input:t_seq 't) (ret (field_0:Seq.seq 't))= any - [ good (field_0:Seq.seq 't)-> {C_Seq field_0 = input} (! ret {field_0}) - | bad (field_0:Seq.seq 't)-> {C_Seq field_0 <> input} {false} any ] - - - function seq_0 [@inline:trivial] (self : t_seq 't) : Seq.seq 't = - match self with - | C_Seq a -> a - end + type t_seq 't end module C09Capacity_ChangeCapacity type t @@ -133,47 +118,39 @@ module C09Capacity_ChangeCapacity let%span s09_capacity5 = "../09_capacity.rs" 5 0 5 69 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 + let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span7 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span8 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span8 = "" 0 0 0 0 - let%span span9 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span9 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span10 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span11 = "" 0 0 0 0 + let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span12 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span12 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 - let%span span13 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span13 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 - let%span span14 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span14 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span15 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 + let%span span15 = "" 0 0 0 0 - let%span span16 = "../../../../../creusot-contracts/src/logic/ops.rs" 20 8 20 31 + let%span span16 = "../../../../../creusot-contracts/src/std/vec.rs" 125 26 125 43 - let%span span17 = "../../../../../creusot-contracts/src/model.rs" 108 8 108 31 + let%span span17 = "" 0 0 0 0 - let%span span18 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 + let%span span18 = "../../../../../creusot-contracts/src/std/vec.rs" 121 26 121 43 let%span span19 = "" 0 0 0 0 - let%span span20 = "../../../../../creusot-contracts/src/std/vec.rs" 125 26 125 43 + let%span span20 = "../../../../../creusot-contracts/src/std/vec.rs" 117 26 117 43 let%span span21 = "" 0 0 0 0 - let%span span22 = "../../../../../creusot-contracts/src/std/vec.rs" 121 26 121 43 - - let%span span23 = "" 0 0 0 0 - - let%span span24 = "../../../../../creusot-contracts/src/std/vec.rs" 117 26 117 43 - - let%span span25 = "" 0 0 0 0 - - let%span span26 = "../../../../../creusot-contracts/src/std/vec.rs" 113 26 113 43 + let%span span22 = "../../../../../creusot-contracts/src/std/vec.rs" 113 26 113 43 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 @@ -185,20 +162,15 @@ module C09Capacity_ChangeCapacity use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span6] inv'2 self) -> ([%#span7] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span6] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq t = [%#span8] () + constant empty'0 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span10] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span9] len'0 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span7] len'0 (empty'0 : Seq'0.t_seq t) = 0 use Alloc_Alloc_Global_Type as Global'0 @@ -216,47 +188,44 @@ module C09Capacity_ChangeCapacity use prelude.prelude.UIntSize - constant max'0 : usize = [%#span11] (18446744073709551615 : usize) + constant max'0 : usize = [%#span8] (18446744073709551615 : usize) predicate inv'0 (_x : Vec'0.t_vec t (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq t - axiom shallow_model'0_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span12] inv'0 self) - -> ([%#span14] inv'2 (shallow_model'0 self)) - && ([%#span13] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span9] inv'0 self) + -> ([%#span10] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'0 (self : Vec'0.t_vec t (Global'0.t_global)) = - [%#span15] inv'2 (shallow_model'0 self) + [%#span11] inv'2 (shallow_model'0 self) axiom inv'0 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'0 x = true - use seq.Seq - - function index_logic'1 (self : Seq'0.t_seq t) (x : int) : t + function index_logic'1 (self : Seq'0.t_seq t) (_2 : int) : t function index_logic'0 [@inline:trivial] (self : Vec'0.t_vec t (Global'0.t_global)) (ix : int) : t = - [%#span16] index_logic'1 (shallow_model'0 self) ix + [%#span12] index_logic'1 (shallow_model'0 self) ix function shallow_model'1 (self : borrowed (Vec'0.t_vec t (Global'0.t_global))) : Seq'0.t_seq t = - [%#span17] shallow_model'0 ( * self) + [%#span13] shallow_model'0 ( * self) use prelude.prelude.Intrinsic predicate resolve'0 (self : borrowed (Vec'0.t_vec t (Global'0.t_global))) = - [%#span18] ^ self = * self + [%#span14] ^ self = * self - let rec shrink_to'0 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (min_capacity:usize) (return' (ret:()))= {[@expl:precondition] [%#span19] inv'1 self} - any [ return' (result:())-> {[%#span20] shallow_model'0 ( ^ self) = shallow_model'1 self} (! return' {result}) ] + let rec shrink_to'0 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (min_capacity:usize) (return' (ret:()))= {[@expl:precondition] [%#span15] inv'1 self} + any [ return' (result:())-> {[%#span16] shallow_model'0 ( ^ self) = shallow_model'1 self} (! return' {result}) ] - let rec shrink_to_fit'0 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (return' (ret:()))= {[@expl:precondition] [%#span21] inv'1 self} - any [ return' (result:())-> {[%#span22] shallow_model'0 ( ^ self) = shallow_model'1 self} (! return' {result}) ] + let rec shrink_to_fit'0 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (return' (ret:()))= {[@expl:precondition] [%#span17] inv'1 self} + any [ return' (result:())-> {[%#span18] shallow_model'0 ( ^ self) = shallow_model'1 self} (! return' {result}) ] - let rec reserve_exact'0 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (additional:usize) (return' (ret:()))= {[@expl:precondition] [%#span23] inv'1 self} - any [ return' (result:())-> {[%#span24] shallow_model'0 ( ^ self) = shallow_model'1 self} (! return' {result}) ] + let rec reserve_exact'0 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (additional:usize) (return' (ret:()))= {[@expl:precondition] [%#span19] inv'1 self} + any [ return' (result:())-> {[%#span20] shallow_model'0 ( ^ self) = shallow_model'1 self} (! return' {result}) ] - let rec reserve'0 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (additional:usize) (return' (ret:()))= {[@expl:precondition] [%#span25] inv'1 self} - any [ return' (result:())-> {[%#span26] shallow_model'0 ( ^ self) = shallow_model'1 self} (! return' {result}) ] + let rec reserve'0 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (additional:usize) (return' (ret:()))= {[@expl:precondition] [%#span21] inv'1 self} + any [ return' (result:())-> {[%#span22] shallow_model'0 ( ^ self) = shallow_model'1 self} (! return' {result}) ] let rec change_capacity (v:borrowed (Vec'0.t_vec t (Global'0.t_global))) (return' (ret:()))= {[%#s09_capacity3] inv'1 v} (! bb0 @@ -326,31 +295,23 @@ module C09Capacity_ClearVec let%span s09_capacity1 = "../09_capacity.rs" 13 10 13 26 - let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 72 15 72 19 - - let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 71 14 71 25 + let%span span2 = "../../../../../creusot-contracts/src/logic/seq2.rs" 68 14 68 25 - let%span span4 = "../../../../../creusot-contracts/src/logic/seq2.rs" 19 4 19 25 + let%span span3 = "../../../../../creusot-contracts/src/logic/seq2.rs" 16 14 16 36 - let%span span5 = "../../../../../creusot-contracts/src/logic/seq2.rs" 23 14 23 36 + let%span span4 = "" 0 0 0 0 - let%span span6 = "../../../../../creusot-contracts/src/logic/seq2.rs" 21 4 21 10 + let%span span5 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 - let%span span7 = "" 0 0 0 0 + let%span span6 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 - let%span span8 = "../../../../../creusot-contracts/src/std/vec.rs" 19 21 19 25 + let%span span7 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - let%span span9 = "../../../../../creusot-contracts/src/std/vec.rs" 18 14 18 41 + let%span span8 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 19 4 19 36 + let%span span9 = "" 0 0 0 0 - let%span span11 = "../../../../../creusot-contracts/src/std/vec.rs" 60 20 60 41 - - let%span span12 = "../../../../../creusot-contracts/src/resolve.rs" 26 20 26 34 - - let%span span13 = "" 0 0 0 0 - - let%span span14 = "../../../../../creusot-contracts/src/std/vec.rs" 129 26 129 45 + let%span span10 = "../../../../../creusot-contracts/src/std/vec.rs" 129 26 129 45 use CreusotContracts_Logic_Seq2_Seq_Type as Seq'0 @@ -362,20 +323,15 @@ module C09Capacity_ClearVec use prelude.prelude.Int - use seq.Seq - - use CreusotContracts_Logic_Seq2_Seq_Type as CreusotContracts_Logic_Seq2_Seq_Type - function len'0 (self : Seq'0.t_seq t) : int - axiom len'0_spec : forall self : Seq'0.t_seq t . ([%#span2] inv'2 self) -> ([%#span3] len'0 self >= 0) + axiom len'0_spec : forall self : Seq'0.t_seq t . [%#span2] len'0 self >= 0 - constant empty'0 : Seq'0.t_seq t = [%#span4] () + constant empty'0 : Seq'0.t_seq t - function empty_len'0 (_1 : ()) : () = - [%#span6] () + function empty_len'0 (_1 : ()) : () - axiom empty_len'0_spec : forall _1 : () . [%#span5] len'0 (empty'0 : Seq'0.t_seq t) = 0 + axiom empty_len'0_spec : forall _1 : () . [%#span3] len'0 (empty'0 : Seq'0.t_seq t) = 0 use Alloc_Alloc_Global_Type as Global'0 @@ -393,28 +349,27 @@ module C09Capacity_ClearVec use prelude.prelude.UIntSize - constant max'0 : usize = [%#span7] (18446744073709551615 : usize) + constant max'0 : usize = [%#span4] (18446744073709551615 : usize) predicate inv'0 (_x : Vec'0.t_vec t (Global'0.t_global)) function shallow_model'0 (self : Vec'0.t_vec t (Global'0.t_global)) : Seq'0.t_seq t - axiom shallow_model'0_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span8] inv'0 self) - -> ([%#span10] inv'2 (shallow_model'0 self)) - && ([%#span9] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) + axiom shallow_model'0_spec : forall self : Vec'0.t_vec t (Global'0.t_global) . ([%#span5] inv'0 self) + -> ([%#span6] len'0 (shallow_model'0 self) <= UIntSize.to_int (max'0 : usize)) predicate invariant'0 (self : Vec'0.t_vec t (Global'0.t_global)) = - [%#span11] inv'2 (shallow_model'0 self) + [%#span7] inv'2 (shallow_model'0 self) axiom inv'0 : forall x : Vec'0.t_vec t (Global'0.t_global) . inv'0 x = true use prelude.prelude.Intrinsic predicate resolve'0 (self : borrowed (Vec'0.t_vec t (Global'0.t_global))) = - [%#span12] ^ self = * self + [%#span8] ^ self = * self - let rec clear'0 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (return' (ret:()))= {[@expl:precondition] [%#span13] inv'1 self} - any [ return' (result:())-> {[%#span14] len'0 (shallow_model'0 ( ^ self)) = 0} (! return' {result}) ] + let rec clear'0 (self:borrowed (Vec'0.t_vec t (Global'0.t_global))) (return' (ret:()))= {[@expl:precondition] [%#span9] inv'1 self} + any [ return' (result:())-> {[%#span10] len'0 (shallow_model'0 ( ^ self)) = 0} (! return' {result}) ] let rec clear_vec (v:borrowed (Vec'0.t_vec t (Global'0.t_global))) (return' (ret:()))= {[%#s09_capacity0] inv'1 v} (! bb0