From 0db8682dabc5e357cf1fc415abd74e7785ce21dd Mon Sep 17 00:00:00 2001 From: arnaudgolfouse Date: Tue, 18 Feb 2025 15:56:49 +0100 Subject: [PATCH 1/6] Make `ghost!` into a block --- creusot-contracts-proc/src/invariant.rs | 2 +- creusot-contracts-proc/src/lib.rs | 10 +- creusot-contracts/src/stubs.rs | 7 - creusot/src/backend/program.rs | 5 +- creusot/src/contracts_items/attributes.rs | 1 - .../src/contracts_items/diagnostic_items.rs | 2 - creusot/src/lib.rs | 1 + creusot/src/lints.rs | 1 + creusot/src/translation/function.rs | 7 +- .../src/translation/function/terminator.rs | 171 ++--------------- creusot/src/validate.rs | 137 +++++++++++--- creusot/src/validate/ghost.rs | 177 ++++++++++++++++++ creusot/src/validate_terminates.rs | 125 ++++++++++--- 13 files changed, 406 insertions(+), 240 deletions(-) create mode 100644 creusot/src/validate/ghost.rs diff --git a/creusot-contracts-proc/src/invariant.rs b/creusot-contracts-proc/src/invariant.rs index 7e290925da..1a14a4a8e4 100644 --- a/creusot-contracts-proc/src/invariant.rs +++ b/creusot-contracts-proc/src/invariant.rs @@ -100,7 +100,7 @@ fn filter_invariants( parse_push_invariant(&mut invariants, tag, invariant)?; let attrs = attrs.extract_if(0.., |attr| { - attr.path().get_ident().map_or(false, |i| i == "invariant" || i == "variant") + attr.path().get_ident().is_some_and(|i| i == "invariant" || i == "variant") }); for attr in attrs { let i = if attr.path().get_ident().map(|i| i == "invariant").unwrap_or(false) { diff --git a/creusot-contracts-proc/src/lib.rs b/creusot-contracts-proc/src/lib.rs index 1c5e37fee4..3897d5a23e 100644 --- a/creusot-contracts-proc/src/lib.rs +++ b/creusot-contracts-proc/src/lib.rs @@ -440,12 +440,10 @@ pub fn ghost(body: TS1) -> TS1 { let body = proc_macro2::TokenStream::from(ghost::ghost_preprocess(body)); TS1::from(quote! { { - ::creusot_contracts::__stubs::ghost_from_fn({ - #[creusot::ghost] - #[::creusot_contracts::pure] - || ::creusot_contracts::ghost::GhostBox::new({ #body }) - }, - ()) + #[creusot::ghost_block] + { + ::creusot_contracts::ghost::GhostBox::new({ #body }) + } } }) } diff --git a/creusot-contracts/src/stubs.rs b/creusot-contracts/src/stubs.rs index 6ecf91c651..33536c975c 100644 --- a/creusot-contracts/src/stubs.rs +++ b/creusot-contracts/src/stubs.rs @@ -71,13 +71,6 @@ pub fn snapshot_from_fn crate::Snapshot>(_: F) -> crate panic!() } -#[crate::pure] -#[creusot::no_translate] -#[rustc_diagnostic_item = "ghost_from_fn"] -pub fn ghost_from_fn T>(f: F, _arg: ()) -> T { - f() -} - #[logic] #[trusted] #[creusot::no_translate] diff --git a/creusot/src/backend/program.rs b/creusot/src/backend/program.rs index f9d19e8c30..6cde5a6fb2 100644 --- a/creusot/src/backend/program.rs +++ b/creusot/src/backend/program.rs @@ -13,7 +13,6 @@ use crate::{ wto::{weak_topological_order, Component}, NameSupply, Namer, Why3Generator, }, - contracts_items::is_ghost_closure, ctx::{BodyId, Dependencies}, fmir::{self, Body, BorrowKind, Operand, TrivialInv}, naming::ident_of, @@ -192,9 +191,7 @@ pub fn to_why<'tcx, N: Namer<'tcx>>( // a closure with no contract || inferred_closure_spec // a promoted item - || body_id.promoted.is_some() - // a ghost closure - || is_ghost_closure(ctx.tcx, body_id.def_id()); + || body_id.promoted.is_some(); let ensures = sig.contract.ensures.into_iter().map(Condition::labelled_exp); diff --git a/creusot/src/contracts_items/attributes.rs b/creusot/src/contracts_items/attributes.rs index fab06818eb..b88a095157 100644 --- a/creusot/src/contracts_items/attributes.rs +++ b/creusot/src/contracts_items/attributes.rs @@ -45,7 +45,6 @@ attribute_functions! { [creusot::before_loop] => is_before_loop [creusot::spec::assert] => is_assertion [creusot::spec::snapshot] => is_snapshot_closure - [creusot::ghost] => is_ghost_closure [creusot::decl::logic] => is_logic [creusot::decl::logic::prophetic] => is_prophetic [creusot::decl::predicate] => is_predicate diff --git a/creusot/src/contracts_items/diagnostic_items.rs b/creusot/src/contracts_items/diagnostic_items.rs index 94a35f88bf..92e69015e9 100644 --- a/creusot/src/contracts_items/diagnostic_items.rs +++ b/creusot/src/contracts_items/diagnostic_items.rs @@ -78,8 +78,6 @@ contracts_items! { is_snapshot_deref get_snapshot_deref fn GhostBox::new ["ghost_box_new"] is_ghost_new get_ghost_new - fn GhostBox::from_fn ["ghost_from_fn"] - is_ghost_from_fn get_ghost_from_fn fn GhostBox::into_inner ["ghost_box_into_inner"] is_ghost_into_inner get_ghost_into_inner fn GhostBox::inner_logic ["ghost_box_inner_logic"] diff --git a/creusot/src/lib.rs b/creusot/src/lib.rs index 4090048f57..8cd7a0ce4d 100644 --- a/creusot/src/lib.rs +++ b/creusot/src/lib.rs @@ -16,6 +16,7 @@ extern crate rustc_driver; extern crate rustc_errors; extern crate rustc_fluent_macro; extern crate rustc_hir; +extern crate rustc_hir_typeck; extern crate rustc_index; extern crate rustc_infer; extern crate rustc_interface; diff --git a/creusot/src/lints.rs b/creusot/src/lints.rs index 4d0ae9a8d6..410f6de67f 100644 --- a/creusot/src/lints.rs +++ b/creusot/src/lints.rs @@ -9,5 +9,6 @@ pub fn register_lints(_sess: &Session, store: &mut LintStore) { experimental_types::EXPERIMENTAL, contractless_external_function::CONTRACTLESS_EXTERNAL_FUNCTION, ]); + store.register_late_pass(move |_| Box::new(crate::validate::GhostValidate {})); store.register_late_pass(move |_| Box::new(experimental_types::Experimental {})); } diff --git a/creusot/src/translation/function.rs b/creusot/src/translation/function.rs index b50beffd14..bd1a93aa3d 100644 --- a/creusot/src/translation/function.rs +++ b/creusot/src/translation/function.rs @@ -3,8 +3,8 @@ use crate::{ backend::ty_inv::is_tyinv_trivial, constant::from_mir_constant, contracts_items::{ - get_fn_mut_impl_unnest, get_resolve_function, get_resolve_method, is_ghost_closure, - is_snapshot_closure, is_spec, + get_fn_mut_impl_unnest, get_resolve_function, get_resolve_method, is_snapshot_closure, + is_spec, }, ctx::*, extended_location::ExtendedLocation, @@ -90,8 +90,6 @@ struct BodyTranslator<'a, 'tcx> { assertions: IndexMap>, /// Map of the `snapshot!` blocks to their translated version. snapshots: IndexMap>, - /// Indicate that the current function is a `ghost!` closure. - is_ghost_closure: bool, borrows: Option<&'a BorrowSet<'tcx>>, @@ -178,7 +176,6 @@ impl<'body, 'tcx> BodyTranslator<'body, 'tcx> { invariant_assertions: invariants.assertions, assertions, snapshots, - is_ghost_closure: is_ghost_closure(tcx, body_id.def_id()), borrows, }) } diff --git a/creusot/src/translation/function/terminator.rs b/creusot/src/translation/function/terminator.rs index be6a6a494a..14946bf040 100644 --- a/creusot/src/translation/function/terminator.rs +++ b/creusot/src/translation/function/terminator.rs @@ -1,9 +1,6 @@ use super::BodyTranslator; use crate::{ - contracts_items::{ - is_box_new, is_deref, is_deref_mut, is_ghost_from_fn, is_ghost_into_inner, is_ghost_new, - is_ghost_ty, is_snap_from_fn, - }, + contracts_items::{is_box_new, is_snap_from_fn}, ctx::TranslationCtx, extended_location::ExtendedLocation, fmir, @@ -34,7 +31,7 @@ use rustc_mir_dataflow::{ move_paths::{HasMoveData, LookupResult}, on_all_children_bits, }; -use rustc_span::{source_map::Spanned, Span}; +use rustc_span::Span; use rustc_trait_selection::error_reporting::InferCtxtErrorExt; use std::collections::{HashMap, HashSet}; @@ -83,7 +80,7 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { term = Terminator::Return } Unreachable => term = Terminator::Abort(terminator.source_info.span), - Call { func, args, destination, mut target, fn_span, .. } => { + Call { func, args, destination, mut target, .. } => { let (fun_def_id, subst) = func_defid(func).expect("expected call with function"); if let Some((need, resolved)) = resolved_during.take() { self.resolve_before_assignment(need, &resolved, location, *destination) @@ -104,9 +101,6 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { self.check_use_in_logic(&assertion, location); self.emit_ghost_assign(*destination, assertion, span); } else { - let call_ghost = self.check_ghost_call(fun_def_id, subst); - self.check_no_ghost_in_program(args, *fn_span, fun_def_id, subst); - let mut func_args: Vec<_> = args.iter().map(|arg| self.translate_operand(&arg.node)).collect(); if func_args.is_empty() { @@ -123,7 +117,7 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { assert_eq!(func_args.len(), 1); self.emit_assignment( - &destination, + destination, RValue::Operand(func_args.remove(0)), span, ); @@ -132,7 +126,7 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { .ctx .extern_spec(fun_def_id) .map(|p| p.predicates_for(self.tcx(), subst)) - .unwrap_or_else(Vec::new); + .unwrap_or_default(); let infcx = self .ctx @@ -149,23 +143,13 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { infcx.err_ctxt().report_fulfillment_errors(errs); } - let (fun_def_id, subst) = { - let (fun_id, subst) = - if let Some((ghost_def_id, ghost_args_ty)) = call_ghost { - // Directly call the ghost closure - assert_eq!(func_args.len(), 2); - (ghost_def_id, ghost_args_ty) - } else { - (fun_def_id, subst) - }; - resolve_function( - self.ctx, - self.typing_env(), - fun_id, - subst, - (self.body, span, location), - ) - }; + let (fun_def_id, subst) = resolve_function( + self.ctx, + self.typing_env(), + fun_def_id, + subst, + (self.body, span, location), + ); if self.ctx.sig(fun_def_id).contract.is_requires_false() { target = None @@ -265,125 +249,6 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { self.emit_terminator(term) } - /// Determine if the given type `ty` is a `GhostBox`. - fn is_ghost_box(&self, ty: Ty<'tcx>) -> bool { - match ty.kind() { - rustc_type_ir::TyKind::Adt(containing_type, _) => { - is_ghost_ty(self.ctx.tcx, containing_type.did()) - } - _ => false, - } - } - - /// If the function we are calling represents a `ghost!` block, we need to: - /// - Check that all the captures of the ghost closure are correct with respect to - /// the ghost restrictions. - /// - Call the ghost closure directly. Here we return the function to call and its - /// type parameters. - fn check_ghost_call( - &mut self, - fun_def_id: DefId, - subst: GenericArgsRef<'tcx>, - ) -> Option<(DefId, GenericArgsRef<'tcx>)> { - if is_ghost_from_fn(self.ctx.tcx, fun_def_id) { - let &[_, ty] = subst.as_slice() else { - unreachable!(); - }; - let GenericArgKind::Type(ty) = ty.unpack() else { unreachable!() }; - let TyKind::Closure(ghost_def_id, ghost_args_ty) = ty.kind() else { unreachable!() }; - - // Check that all captures are `GhostBox`s - let typing_env = self.ctx.typing_env(*ghost_def_id); - let captures = self.ctx.closure_captures(ghost_def_id.expect_local()); - for capture in captures.into_iter().rev() { - let copy_allowed = match capture.info.capture_kind { - ty::UpvarCapture::ByRef( - ty::BorrowKind::Mutable | ty::BorrowKind::UniqueImmutable, - ) => false, - _ => true, - }; - let place_ty = capture.place.ty(); - - let is_ghost = self.is_ghost_box(place_ty); - let is_copy = - copy_allowed && self.tcx().type_is_copy_modulo_regions(typing_env, place_ty); - - if !is_ghost && !is_copy { - let mut error = self.ctx.error( - capture.get_path_span(self.tcx()), - &format!("not a ghost variable: {}", capture.var_ident.as_str()), - ); - error.span_note(capture.var_ident.span, String::from("variable defined here")); - error.emit(); - } - } - - Some((*ghost_def_id, ghost_args_ty)) - } else { - None - } - } - - /// This function will raise errors if we are in program code, and the function we - /// are calling is ghost-only. - /// - /// Ghost-only functions are `GhostBox::new` and `GhostBox::deref`. - fn check_no_ghost_in_program( - &self, - args: &[Spanned], - fn_span: Span, - fun_def_id: DefId, - subst: GenericArgsRef<'tcx>, - ) { - if self.is_ghost_closure { - return; - } - // We are indeed in program code. - - // Check that we do not call `GhostBox::into_inner` in normal code - if is_ghost_into_inner(self.ctx.tcx, fun_def_id) { - self.ctx - .error( - fn_span, - "trying to access the contents of a ghost variable in program context", - ) - .with_note("This method can only be used inside a `ghost!` block") - .emit(); - } - - // Check that we do not create/dereference a ghost variable in normal code. - if is_deref(self.ctx.tcx, fun_def_id) || is_deref_mut(self.ctx.tcx, fun_def_id) { - let GenericArgKind::Type(ty) = subst.get(0).unwrap().unpack() else { unreachable!() }; - if self.is_ghost_box(ty) { - self.ctx - .error(fn_span, "dereference of a ghost variable in program context") - .with_span_suggestion( - fn_span, - "try wrapping this expression in a ghost block", - format!( - "ghost!{{ {} }}", - self.ctx.sess.source_map().span_to_snippet(fn_span).unwrap() - ), - rustc_errors::Applicability::MachineApplicable, - ) - .emit(); - } - } else if is_ghost_new(self.ctx.tcx, fun_def_id) { - self.ctx - .error(fn_span, "cannot create a ghost variable in program context") - .with_span_suggestion( - fn_span, - "try wrapping this expression in `ghost!` instead", - format!( - "ghost!({})", - self.ctx.sess.source_map().span_to_snippet(args[0].span).unwrap() - ), - rustc_errors::Applicability::MachineApplicable, - ) - .emit(); - } - } - fn get_explanation(&mut self, msg: &mir::AssertKind>) -> String { match msg { AssertKind::BoundsCheck { len: _, index: _ } => format!("expl:index in bounds"), @@ -480,14 +345,13 @@ fn make_switch<'tcx>( let branches: Vec<_> = targets.iter().map(|(disc, tgt)| (d_to_var[&disc], (tgt))).collect(); - let default; - if targets.iter().map(|(disc, _)| disc).collect::>().len() + let default = if targets.iter().map(|(disc, _)| disc).collect::>().len() == def.variants().len() { - default = None + None } else { - default = Some(targets.otherwise()) - } + Some(targets.otherwise()) + }; Terminator::Switch(discr, Branches::Constructor(*def, substs, branches, default)) } @@ -507,8 +371,7 @@ fn make_switch<'tcx>( ctx.crash_and_error(si.span, "Float patterns are currently unsupported") } TyKind::Uint(_) => { - let branches: Vec<(_, BasicBlock)> = - targets.iter().map(|(val, tgt)| (val, tgt)).collect(); + let branches: Vec<(_, BasicBlock)> = targets.iter().collect(); Terminator::Switch(discr, Branches::Uint(branches, targets.otherwise())) } TyKind::Int(_) => { diff --git a/creusot/src/validate.rs b/creusot/src/validate.rs index 525e908ae4..56152d2c16 100644 --- a/creusot/src/validate.rs +++ b/creusot/src/validate.rs @@ -1,3 +1,7 @@ +mod ghost; + +pub(crate) use self::ghost::{is_ghost_block, GhostValidate}; + use rustc_hir::{ def::DefKind, def_id::{DefId, LocalDefId}, @@ -10,9 +14,9 @@ use rustc_span::Span; use crate::{ contracts_items::{ - get_builtin, is_ghost_deref, is_ghost_deref_mut, is_law, is_logic, is_no_translate, - is_open_inv_result, is_predicate, is_prophetic, is_snapshot_closure, is_snapshot_deref, - is_spec, is_trusted, opacity_witness_name, + get_builtin, is_ghost_deref, is_ghost_deref_mut, is_ghost_into_inner, is_ghost_new, is_law, + is_logic, is_no_translate, is_open_inv_result, is_predicate, is_prophetic, + is_snapshot_closure, is_snapshot_deref, is_spec, is_trusted, opacity_witness_name, }, ctx::TranslationCtx, error::CannotFetchThir, @@ -43,7 +47,7 @@ pub(crate) fn validate_opacity(ctx: &TranslationCtx, item: DefId) -> Result<(), source_item: DefId, } - impl<'a, 'tcx> OpacityVisitor<'a, 'tcx> { + impl OpacityVisitor<'_, '_> { fn is_visible_enough(&self, id: DefId) -> bool { match self.opacity { None => self.ctx.visibility(id) == Visibility::Public, @@ -62,7 +66,7 @@ pub(crate) fn validate_opacity(ctx: &TranslationCtx, item: DefId) -> Result<(), } } - impl<'a, 'tcx> TermVisitor<'tcx> for OpacityVisitor<'a, 'tcx> { + impl<'tcx> TermVisitor<'tcx> for OpacityVisitor<'_, 'tcx> { fn visit_term(&mut self, term: &crate::translation::pearlite::Term<'tcx>) { match &term.kind { TermKind::Item(id, _) => { @@ -238,8 +242,16 @@ pub(crate) fn validate_impls(ctx: &TranslationCtx) { #[derive(Clone, Copy, PartialEq, Eq, Debug)] pub(crate) enum Purity { - Program { terminates: bool, no_panic: bool }, - Logic { prophetic: bool }, + /// Same as `Program { terminates: true, no_panic: true }`, but can also call the few + /// ghost-only functions (e.g. `GhostBox::new`). + Ghost, + Program { + terminates: bool, + no_panic: bool, + }, + Logic { + prophetic: bool, + }, } impl Purity { @@ -260,6 +272,10 @@ impl Purity { } } + fn is_logic(self) -> bool { + matches!(self, Self::Logic { .. }) + } + fn can_call(self, other: Purity) -> bool { match (self, other) { (Purity::Logic { prophetic }, Purity::Logic { prophetic: prophetic2 }) => { @@ -269,12 +285,17 @@ impl Purity { Purity::Program { no_panic, terminates }, Purity::Program { no_panic: no_panic2, terminates: terminates2 }, ) => no_panic <= no_panic2 && terminates <= terminates2, + ( + Purity::Ghost, + Purity::Ghost | Purity::Program { no_panic: true, terminates: true }, + ) => true, (_, _) => false, } } fn as_str(&self) -> &'static str { match self { + Purity::Ghost => "ghost", Purity::Program { terminates, no_panic } => match (*terminates, *no_panic) { (true, true) => "program (pure)", (true, false) => "program (terminates)", @@ -325,21 +346,28 @@ struct PurityVisitor<'a, 'tcx> { thir_failed: bool, } -impl<'a, 'tcx> PurityVisitor<'a, 'tcx> { +impl PurityVisitor<'_, '_> { fn purity(&self, fun: thir::ExprId, func_did: DefId) -> Purity { - let stub = pearlite_stub(self.ctx.tcx, self.thir[fun].ty); + let tcx = self.ctx.tcx; + let stub = pearlite_stub(tcx, self.thir[fun].ty); if matches!(stub, Some(Stub::Fin)) - || is_predicate(self.ctx.tcx, func_did) && is_prophetic(self.ctx.tcx, func_did) - || is_logic(self.ctx.tcx, func_did) && is_prophetic(self.ctx.tcx, func_did) + || is_predicate(tcx, func_did) && is_prophetic(tcx, func_did) + || is_logic(tcx, func_did) && is_prophetic(tcx, func_did) { Purity::Logic { prophetic: true } - } else if is_predicate(self.ctx.tcx, func_did) - || is_logic(self.ctx.tcx, func_did) - || get_builtin(self.ctx.tcx, func_did).is_some() + } else if is_predicate(tcx, func_did) + || is_logic(tcx, func_did) + || get_builtin(tcx, func_did).is_some() || stub.is_some() { Purity::Logic { prophetic: false } + } else if is_ghost_into_inner(tcx, func_did) + || is_ghost_new(tcx, func_did) + || is_ghost_deref(tcx, func_did) + || is_ghost_deref_mut(tcx, func_did) + { + Purity::Ghost } else { let contract = contract_of(self.ctx, func_did); let terminates = contract.terminates; @@ -356,7 +384,7 @@ impl<'a, 'tcx> thir::visit::Visitor<'a, 'tcx> for PurityVisitor<'a, 'tcx> { fn visit_expr(&mut self, expr: &'a thir::Expr<'tcx>) { match expr.kind { - ExprKind::Call { fun, .. } => { + ExprKind::Call { fun, ref args, .. } => { if let &FnDef(func_did, subst) = self.thir[fun].ty.kind() { // try to specialize the called function if it is a trait method. let subst = self.ctx.erase_regions(subst); @@ -375,25 +403,60 @@ impl<'a, 'tcx> thir::visit::Visitor<'a, 'tcx> for PurityVisitor<'a, 'tcx> { }; let fn_purity = self.purity(fun, func_did); - if !self.context.can_call(fn_purity) - && !is_overloaded_item(self.ctx.tcx, func_did) + if !(self.context.can_call(fn_purity) + || fn_purity.is_logic() && is_overloaded_item(self.ctx.tcx, func_did)) { - let (caller, callee) = match (self.context, fn_purity) { - (Purity::Program { .. }, Purity::Program { .. }) - | (Purity::Logic { .. }, Purity::Logic { .. }) => { - (self.context.as_str(), fn_purity.as_str()) + // Emit a nicer error specifically for calls of ghost functions. + if fn_purity == Purity::Ghost + && matches!(self.context, Purity::Program { .. }) + { + let tcx = self.ctx.tcx; + let msg = if is_ghost_into_inner(tcx, func_did) { + "trying to access the contents of a ghost variable in program context" + } else if is_ghost_deref(tcx, func_did) + || is_ghost_deref_mut(tcx, func_did) + { + "dereference of a ghost variable in program context" + } else { + "cannot create a ghost variable in program context" + }; + + let mut err = self.ctx.error(self.thir[fun].span, msg); + if is_ghost_new(tcx, func_did) { + err = err.with_span_suggestion( + expr.span, + "try wrapping this expression in `ghost!` instead", + format!( + "ghost!({})", + self.ctx + .sess + .source_map() + .span_to_snippet(self.thir.exprs[args[0]].span) + .unwrap() + ), + rustc_errors::Applicability::MachineApplicable, + ); } - (Purity::Program { .. }, Purity::Logic { .. }) => ("program", "logic"), - (Purity::Logic { .. }, Purity::Program { .. }) => ("logic", "program"), - }; - let msg = format!( - "called {callee} function `{}` in {caller} context", - self.ctx.def_path_str(func_did), - ); - - self.ctx.dcx().span_err(self.thir[fun].span, msg); + err.emit(); + } else { + let (caller, callee) = match (self.context, fn_purity) { + (Purity::Program { .. } | Purity::Ghost, Purity::Logic { .. }) => { + ("program", "logic") + } + (Purity::Logic { .. }, Purity::Program { .. } | Purity::Ghost) => { + ("logic", "program") + } + _ => (self.context.as_str(), fn_purity.as_str()), + }; + let msg = format!( + "called {callee} function `{}` in {caller} context", + self.ctx.def_path_str(func_did), + ); + + self.ctx.dcx().span_err(self.thir[fun].span, msg); + } } - } else if !matches!(self.context, Purity::Program { .. }) { + } else if matches!(self.context, Purity::Logic { .. }) { // TODO Add a "code" back in self.ctx.dcx().span_fatal(expr.span, "non function call in logical context") } @@ -422,6 +485,18 @@ impl<'a, 'tcx> thir::visit::Visitor<'a, 'tcx> for PurityVisitor<'a, 'tcx> { return; } } + ExprKind::Scope { + region_scope: _, + lint_level: thir::LintLevel::Explicit(hir_id), + value: _, + } => { + if self::ghost::is_ghost_block(self.ctx.tcx, hir_id) { + let old_context = std::mem::replace(&mut self.context, Purity::Ghost); + thir::visit::walk_expr(self, expr); + self.context = old_context; + return; + } + } _ => {} } thir::visit::walk_expr(self, expr) diff --git a/creusot/src/validate/ghost.rs b/creusot/src/validate/ghost.rs new file mode 100644 index 0000000000..d99f651114 --- /dev/null +++ b/creusot/src/validate/ghost.rs @@ -0,0 +1,177 @@ +//! Validate that `ghost!` does not modify program variables + +use rustc_hir::HirId; +use rustc_hir_typeck::expr_use_visitor::{Delegate, ExprUseVisitor, PlaceWithHirId}; +use rustc_lint::{LateLintPass, LintPass}; +use rustc_middle::ty::{Ty, TyCtxt}; +use rustc_span::Symbol; +use std::collections::HashSet; + +use crate::contracts_items::is_ghost_ty; + +pub(crate) fn is_ghost_block(tcx: TyCtxt, id: HirId) -> bool { + let attrs = tcx.hir().attrs(id); + attrs + .iter() + .any(|a| a.path_matches(&[Symbol::intern("creusot"), Symbol::intern("ghost_block")])) +} + +pub struct GhostValidate {} + +impl LintPass for GhostValidate { + fn name(&self) -> &'static str { + "" + } + fn get_lints(&self) -> rustc_lint::LintVec { + Vec::new() + } +} + +impl<'tcx> LateLintPass<'tcx> for GhostValidate { + fn check_expr( + &mut self, + cx: &rustc_lint::LateContext<'tcx>, + expr: &'tcx rustc_hir::Expr<'tcx>, + ) { + if !is_ghost_block(cx.tcx, expr.hir_id) { + return; + } + + // Check that all captures are ghost/copy + let mut places = GhostValidatePlaces { + bound_variables: HashSet::new(), + tcx: cx.tcx, + errors: Vec::new(), + }; + let visitor = ExprUseVisitor::for_clippy(cx, expr.hir_id.owner.def_id, &mut places); + // Error type is `!` + let _ = visitor.walk_expr(expr); + let tcx = cx.tcx; + for &(id, base, written) in &places.errors { + let mut err = if written { + tcx.dcx().struct_err("cannot write to a non-ghost variable in a `ghost!` block") + } else { + tcx.dcx().struct_err("cannot move a non-ghost variable into a `ghost!` block") + }; + err.span(tcx.hir().span(id)); + if let Some(base) = base { + err.span_note( + tcx.hir().span(base), + if written { + "variable defined here" + } else { + "variable defined here is not copy" + }, + ); + } + err.emit(); + } + cx.tcx.dcx().abort_if_errors(); + } +} + +struct GhostValidatePlaces<'tcx> { + bound_variables: HashSet, + tcx: TyCtxt<'tcx>, + /// Contains the hir node of the written node, as well as the (eventual) node for + /// the definition of the variable. + /// + /// The third field determines if the value was written to or moved (for diagnostics) + errors: Vec<(HirId, Option, bool)>, +} + +impl<'tcx> GhostValidatePlaces<'tcx> { + fn bound_in_block(&self, place_with_id: &PlaceWithHirId) -> bool { + match place_with_id.place.base { + rustc_hir_typeck::expr_use_visitor::PlaceBase::Rvalue => true, + rustc_hir_typeck::expr_use_visitor::PlaceBase::Local(hir_id) => { + self.bound_variables.contains(&hir_id) + } + rustc_hir_typeck::expr_use_visitor::PlaceBase::Upvar(upvar_id) => { + self.bound_variables.contains(&upvar_id.var_path.hir_id) + } + _ => false, + } + } + + /// Determine if the given type `ty` is a `GhostBox`. + fn is_ghost_box(&self, ty: Ty<'tcx>) -> bool { + match ty.kind() { + rustc_type_ir::TyKind::Adt(containing_type, _) => { + is_ghost_ty(self.tcx, containing_type.did()) + } + _ => false, + } + } +} + +fn base_hir_node(place: &PlaceWithHirId) -> Option { + match place.place.base { + rustc_hir_typeck::expr_use_visitor::PlaceBase::Rvalue + | rustc_hir_typeck::expr_use_visitor::PlaceBase::StaticItem => None, + rustc_hir_typeck::expr_use_visitor::PlaceBase::Local(hir_id) + | rustc_hir_typeck::expr_use_visitor::PlaceBase::Upvar(rustc_middle::ty::UpvarId { + var_path: rustc_middle::ty::UpvarPath { hir_id }, + closure_expr_id: _, + }) => Some(hir_id), + } +} + +impl<'tcx> Delegate<'tcx> for GhostValidatePlaces<'tcx> { + fn consume(&mut self, place_with_id: &PlaceWithHirId<'tcx>, diag_expr_id: HirId) { + let ty = place_with_id.place.ty(); + // No need to check for copy types, they cannot appear here + if self.bound_in_block(place_with_id) || self.is_ghost_box(ty) { + return; + } + self.errors.push((diag_expr_id, base_hir_node(place_with_id), false)); + } + + fn borrow( + &mut self, + place_with_id: &PlaceWithHirId<'tcx>, + diag_expr_id: HirId, + bk: rustc_middle::ty::BorrowKind, + ) { + let ty = place_with_id.place.ty(); + if self.bound_in_block(place_with_id) || self.is_ghost_box(ty) { + return; + } + match bk { + rustc_middle::ty::BorrowKind::Immutable => {} + rustc_middle::ty::BorrowKind::UniqueImmutable + | rustc_middle::ty::BorrowKind::Mutable => { + self.errors.push((diag_expr_id, base_hir_node(place_with_id), true)); + } + } + } + + fn mutate(&mut self, assignee_place: &PlaceWithHirId<'tcx>, diag_expr_id: HirId) { + let ty = assignee_place.place.ty(); + if self.bound_in_block(assignee_place) || self.is_ghost_box(ty) { + return; + } + self.errors.push((diag_expr_id, base_hir_node(assignee_place), true)); + } + + fn fake_read( + &mut self, + _: &PlaceWithHirId<'tcx>, + _: rustc_middle::mir::FakeReadCause, + _: HirId, + ) { + // Fake reads are noops, so no need to do anything + } + + fn copy(&mut self, _: &PlaceWithHirId<'tcx>, _: HirId) { + // It is always ok to copy data inside a ghost block + } + + fn bind(&mut self, binding_place: &PlaceWithHirId<'tcx>, _: HirId) { + let var = match binding_place.place.base { + rustc_hir_typeck::expr_use_visitor::PlaceBase::Local(hir_id) => hir_id, + _ => unreachable!(), + }; + self.bound_variables.insert(var); + } +} diff --git a/creusot/src/validate_terminates.rs b/creusot/src/validate_terminates.rs index daef9bf0fb..a1d46ab8fd 100644 --- a/creusot/src/validate_terminates.rs +++ b/creusot/src/validate_terminates.rs @@ -32,9 +32,7 @@ use crate::{ backend::is_trusted_function, - contracts_items::{ - has_variant_clause, is_ghost_closure, is_ghost_from_fn, is_no_translate, is_pearlite, - }, + contracts_items::{has_variant_clause, is_no_translate, is_pearlite}, ctx::TranslationCtx, error::CannotFetchThir, pearlite::{TermKind, TermVisitor}, @@ -48,10 +46,7 @@ use rustc_hir::def_id::{DefId, LocalDefId}; use rustc_infer::{infer::TyCtxtInferExt as _, traits::ObligationCause}; use rustc_middle::{ thir, - ty::{ - Clauses, EarlyBinder, FnDef, GenericArgKind, GenericArgs, GenericArgsRef, TyCtxt, TyKind, - TypingEnv, TypingMode, - }, + ty::{Clauses, EarlyBinder, FnDef, GenericArgs, GenericArgsRef, TyCtxt, TypingEnv, TypingMode}, }; use rustc_span::Span; use rustc_trait_selection::traits::normalize_param_env_or_error; @@ -66,7 +61,12 @@ use rustc_trait_selection::traits::normalize_param_env_or_error; pub(crate) fn validate_terminates(ctx: &TranslationCtx) -> Result<(), CannotFetchThir> { ctx.tcx.dcx().abort_if_errors(); // There may have been errors before, if a `#[terminates]` calls a non-`#[terminates]`. - let CallGraph { graph: mut call_graph, additional_data } = CallGraph::build(ctx)?; + let CallGraph { graph: mut call_graph, additional_data, loops_in_ghost } = + CallGraph::build(ctx)?; + + for loop_in_ghost in loops_in_ghost { + ctx.error(loop_in_ghost, "`ghost!` blocks must not contain loops.").emit(); + } // Detect simple recursion, and loops for fun_index in call_graph.node_indices() { @@ -94,11 +94,7 @@ pub(crate) fn validate_terminates(ctx: &TranslationCtx) -> Result<(), CannotFetc }; if let Some(loop_span) = function_data.has_loops { let fun_span = ctx.tcx.def_span(def_id); - let mut error = if is_ghost_closure(ctx.tcx, def_id) { - ctx.error(fun_span, "`ghost!` block must not contain loops.") - } else { - ctx.error(fun_span, "`#[terminates]` function must not contain loops.") - }; + let mut error = ctx.error(fun_span, "`#[terminates]` function must not contain loops."); error.span_note(loop_span, "looping occurs here"); error.emit(); } @@ -167,7 +163,6 @@ pub(crate) fn validate_terminates(ctx: &TranslationCtx) -> Result<(), CannotFetc CallKind::Direct(span) => { error.span_note(span, format!("{adverb} `{f1}` calls `{f2}`{punct}")); } - CallKind::Ghost => { /* skip the ghost call in the message */ } CallKind::GenericBound(indirect_id, span) => { let f3 = ctx.tcx.def_path_str(indirect_id); error.span_note( @@ -191,6 +186,7 @@ pub(crate) fn validate_terminates(ctx: &TranslationCtx) -> Result<(), CannotFetc struct CallGraph { graph: graph::DiGraph, additional_data: IndexMap, + loops_in_ghost: Vec, } #[derive(Default)] @@ -259,8 +255,6 @@ impl GraphNode { enum CallKind { /// Call of a function. Direct(Span), - /// Call of the closure inside a `ghost!` block. - Ghost, /// 'Indirect' call, this is an egde going inside an `impl` block. This happens when /// calling a generic function while specializing a type. For example: /// ```rust @@ -328,18 +322,6 @@ impl<'tcx> BuildFunctionsGraph<'tcx> { } else { (called_id, generic_args) }; - if is_ghost_from_fn(tcx, called_id) { - // This is a `ghost!` call, so it needs special handling. - let &[_, ty] = generic_args.as_slice() else { - unreachable!(); - }; - let GenericArgKind::Type(ty) = ty.unpack() else { unreachable!() }; - let TyKind::Closure(ghost_def_id, _) = ty.kind() else { unreachable!() }; - - let ghost_node = self.insert_function(tcx, GraphNode::Function(*ghost_def_id)); - self.graph.update_edge(node, ghost_node, CallKind::Ghost); - return Ok(()); - } // TODO: this code is kind of a soup, rework or refactor into a function let (called_node, bounds, impl_self_bound) = 'bl: { @@ -556,6 +538,26 @@ impl CallGraph { } } + let mut loops_in_ghost = Vec::new(); + + for local_id in ctx.hir().body_owners() { + let def_id = local_id.to_def_id(); + if is_trusted_function(ctx.tcx, def_id) || is_no_translate(ctx.tcx, def_id) { + continue; + } + let (thir, expr) = ctx.thir_body(local_id).unwrap(); + let thir = thir.borrow(); + let mut visitor = GhostLoops { + thir: &thir, + tcx, + thir_failed: false, + loops_in_ghost: Vec::new(), + is_in_ghost: false, + }; + ::visit_expr(&mut visitor, &thir[expr]); + loops_in_ghost.extend(visitor.loops_in_ghost); + } + for local_id in ctx.hir().body_owners() { if !(is_pearlite(ctx.tcx, local_id.to_def_id()) || contract_of(ctx, local_id.to_def_id()).terminates) @@ -605,6 +607,7 @@ impl CallGraph { Ok(Self { graph: build_call_graph.graph, additional_data: build_call_graph.additional_data, + loops_in_ghost, }) } } @@ -658,7 +661,71 @@ impl<'thir, 'tcx> thir::visit::Visitor<'thir, 'tcx> for FunctionCalls<'thir, 'tc self.calls.extend(closure_visitor.calls); self.has_loops = self.has_loops.or(closure_visitor.has_loops); } - thir::ExprKind::Loop { .. } => self.has_loops = Some(expr.span), + thir::ExprKind::Loop { .. } => { + self.has_loops = Some(expr.span); + } + _ => {} + } + thir::visit::walk_expr(self, expr); + } +} + +/// Gather the loops in `ghost!` code for a given function. +struct GhostLoops<'thir, 'tcx> { + thir: &'thir thir::Thir<'tcx>, + tcx: TyCtxt<'tcx>, + /// loop constructs in ghost code are forbidden for now. + loops_in_ghost: Vec, + is_in_ghost: bool, + /// If `true`, we should error with a [`CannotFetchThir`] error. + thir_failed: bool, +} + +impl<'thir, 'tcx> thir::visit::Visitor<'thir, 'tcx> for GhostLoops<'thir, 'tcx> { + fn thir(&self) -> &'thir thir::Thir<'tcx> { + self.thir + } + + fn visit_expr(&mut self, expr: &'thir thir::Expr<'tcx>) { + match expr.kind { + thir::ExprKind::Closure(box thir::ClosureExpr { closure_id, .. }) => { + let Ok((thir, expr)) = self.tcx.thir_body(closure_id) else { + self.thir_failed = true; + return; + }; + let thir = thir.borrow(); + + let mut closure_visitor = GhostLoops { + thir: &thir, + tcx: self.tcx, + loops_in_ghost: Vec::new(), + is_in_ghost: self.is_in_ghost, + thir_failed: false, + }; + thir::visit::walk_expr(&mut closure_visitor, &thir[expr]); + if closure_visitor.thir_failed { + self.thir_failed = true; + return; + } + self.loops_in_ghost.extend(closure_visitor.loops_in_ghost); + } + thir::ExprKind::Loop { .. } => { + if self.is_in_ghost { + self.loops_in_ghost.push(expr.span); + } + } + thir::ExprKind::Scope { + region_scope: _, + lint_level: thir::LintLevel::Explicit(hir_id), + value: _, + } => { + if crate::validate::is_ghost_block(self.tcx, hir_id) { + let old_is_ghost = std::mem::replace(&mut self.is_in_ghost, true); + thir::visit::walk_expr(self, expr); + self.is_in_ghost = old_is_ghost; + return; + } + } _ => {} } thir::visit::walk_expr(self, expr); From 819892805929acec5750467c4946d6761cba27b0 Mon Sep 17 00:00:00 2001 From: arnaudgolfouse Date: Tue, 18 Feb 2025 16:15:27 +0100 Subject: [PATCH 2/6] Reorganize the validates module --- creusot/src/lib.rs | 1 - creusot/src/translation.rs | 4 +- creusot/src/translation/function.rs | 2 +- .../src/translation/function/terminator.rs | 2 +- creusot/src/validate.rs | 491 +----------------- creusot/src/validate/ghost.rs | 10 +- creusot/src/validate/opacity.rs | 79 +++ creusot/src/validate/purity.rs | 283 ++++++++++ .../terminates.rs} | 2 +- creusot/src/validate/traits.rs | 141 +++++ 10 files changed, 534 insertions(+), 481 deletions(-) create mode 100644 creusot/src/validate/opacity.rs create mode 100644 creusot/src/validate/purity.rs rename creusot/src/{validate_terminates.rs => validate/terminates.rs} (99%) create mode 100644 creusot/src/validate/traits.rs diff --git a/creusot/src/lib.rs b/creusot/src/lib.rs index 8cd7a0ce4d..9e903b07aa 100644 --- a/creusot/src/lib.rs +++ b/creusot/src/lib.rs @@ -60,7 +60,6 @@ mod translation; use translation::*; mod util; mod validate; -mod validate_terminates; mod very_stable_hash; rustc_fluent_macro::fluent_messages! { "../messages.ftl" } diff --git a/creusot/src/translation.rs b/creusot/src/translation.rs index 99609e4a8d..dd4109971f 100644 --- a/creusot/src/translation.rs +++ b/creusot/src/translation.rs @@ -19,9 +19,9 @@ use crate::{ options::Output, translated_item::FileModule, validate::{ - validate_impls, validate_opacity, validate_purity, validate_traits, validate_trusted, + validate_impls, validate_opacity, validate_purity, validate_terminates, validate_traits, + validate_trusted, }, - validate_terminates::validate_terminates, }; use ctx::TranslationCtx; use rustc_hir::{def::DefKind, def_id::DefId}; diff --git a/creusot/src/translation/function.rs b/creusot/src/translation/function.rs index bd1a93aa3d..32951a3e6a 100644 --- a/creusot/src/translation/function.rs +++ b/creusot/src/translation/function.rs @@ -339,7 +339,7 @@ impl<'body, 'tcx> BodyTranslator<'body, 'tcx> { ); } - fn emit_ghost_assign(&mut self, lhs: Place<'tcx>, rhs: Term<'tcx>, span: Span) { + fn emit_snapshot_assign(&mut self, lhs: Place<'tcx>, rhs: Term<'tcx>, span: Span) { self.emit_assignment(&lhs, fmir::RValue::Ghost(rhs), span) } diff --git a/creusot/src/translation/function/terminator.rs b/creusot/src/translation/function/terminator.rs index 14946bf040..59c3637440 100644 --- a/creusot/src/translation/function/terminator.rs +++ b/creusot/src/translation/function/terminator.rs @@ -99,7 +99,7 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { terminator.source_info, )); self.check_use_in_logic(&assertion, location); - self.emit_ghost_assign(*destination, assertion, span); + self.emit_snapshot_assign(*destination, assertion, span); } else { let mut func_args: Vec<_> = args.iter().map(|arg| self.translate_operand(&arg.node)).collect(); diff --git a/creusot/src/validate.rs b/creusot/src/validate.rs index 56152d2c16..cd82993007 100644 --- a/creusot/src/validate.rs +++ b/creusot/src/validate.rs @@ -1,32 +1,31 @@ -mod ghost; - -pub(crate) use self::ghost::{is_ghost_block, GhostValidate}; +//! Creusot-specific validations -use rustc_hir::{ - def::DefKind, - def_id::{DefId, LocalDefId}, -}; -use rustc_middle::{ - thir::{self, ClosureExpr, ExprKind, Thir}, - ty::{FnDef, TyCtxt, TypingEnv, Visibility}, +mod ghost; +mod opacity; +mod purity; +mod terminates; +mod traits; + +pub(crate) use self::{ + ghost::GhostValidate, + opacity::validate_opacity, + purity::validate_purity, + terminates::validate_terminates, + traits::{validate_impls, validate_traits}, }; -use rustc_span::Span; + +use rustc_hir::{def_id::DefId, HirId}; +use rustc_middle::ty::TyCtxt; +use rustc_span::Symbol; use crate::{ contracts_items::{ - get_builtin, is_ghost_deref, is_ghost_deref_mut, is_ghost_into_inner, is_ghost_new, is_law, - is_logic, is_no_translate, is_open_inv_result, is_predicate, is_prophetic, - is_snapshot_closure, is_snapshot_deref, is_spec, is_trusted, opacity_witness_name, + get_builtin, is_ghost_deref, is_ghost_deref_mut, is_snapshot_deref, is_trusted, }, ctx::TranslationCtx, - error::CannotFetchThir, - pearlite::{pearlite_stub, Stub}, - specification::contract_of, - traits::TraitResolved, - translation::pearlite::{super_visit_term, TermKind, TermVisitor}, - util::parent_module, }; +/// Validate that creusot buitins are annotated with `#[trusted]`. pub(crate) fn validate_trusted(ctx: &TranslationCtx) { for def_id in ctx.hir_crate_items(()).definitions() { let def_id = def_id.to_def_id(); @@ -40,95 +39,8 @@ pub(crate) fn validate_trusted(ctx: &TranslationCtx) { } } -pub(crate) fn validate_opacity(ctx: &TranslationCtx, item: DefId) -> Result<(), CannotFetchThir> { - struct OpacityVisitor<'a, 'tcx> { - ctx: &'a TranslationCtx<'tcx>, - opacity: Option, - source_item: DefId, - } - - impl OpacityVisitor<'_, '_> { - fn is_visible_enough(&self, id: DefId) -> bool { - match self.opacity { - None => self.ctx.visibility(id) == Visibility::Public, - Some(opa) => self.ctx.visibility(id).is_accessible_from(opa, self.ctx.tcx), - } - } - - fn error(&self, id: DefId, span: Span) { - self.ctx.error( - span, - &format!( - "Cannot make `{:?}` transparent in `{:?}` as it would call a less-visible item.", - self.ctx.def_path_str(id), self.ctx.def_path_str(self.source_item) - ), - ).emit(); - } - } - - impl<'tcx> TermVisitor<'tcx> for OpacityVisitor<'_, 'tcx> { - fn visit_term(&mut self, term: &crate::translation::pearlite::Term<'tcx>) { - match &term.kind { - TermKind::Item(id, _) => { - if !self.is_visible_enough(*id) { - self.error(*id, term.span) - } - } - TermKind::Call { id, .. } => { - if !self.is_visible_enough(*id) { - self.error(*id, term.span) - } - } - TermKind::Constructor { typ, .. } => { - if !self.is_visible_enough(*typ) { - self.error(*typ, term.span) - } - } - _ => super_visit_term(term, self), - } - } - } - - if is_spec(ctx.tcx, item) { - return Ok(()); - } - - // UGLY clone... - let Some(term) = ctx.term(item)?.cloned() else { return Ok(()) }; - - if ctx.visibility(item) != Visibility::Restricted(parent_module(ctx.tcx, item)) - && opacity_witness_name(ctx.tcx, item).is_none() - { - ctx.error(ctx.def_span(item), "Non private definitions must have an explicit transparency. Please add #[open(..)] to your definition").emit(); - } - - let opacity = ctx.opacity(item).scope(); - OpacityVisitor { opacity, ctx, source_item: item }.visit_term(&term); - Ok(()) -} - -// Validate that laws have no additional generic parameters. -// This is because laws are auto-loaded, and we do not want to generate polymorphic WhyML code -pub(crate) fn validate_traits(ctx: &TranslationCtx) { - let mut law_violations = Vec::new(); - - for trait_item_id in ctx.hir_crate_items(()).trait_items() { - let trait_item = ctx.hir().trait_item(trait_item_id); - - if is_law(ctx.tcx, trait_item.owner_id.def_id.to_def_id()) - && !ctx.generics_of(trait_item.owner_id.def_id).own_params.is_empty() - { - law_violations.push((trait_item.owner_id.def_id, trait_item.span)) - } - } - - for (_, sp) in law_violations { - ctx.error(sp, "Laws cannot have additional generic parameters").emit(); - } -} - -// These methods are allowed to cheat the purity restrictions because they are lang items we cannot redefine fn is_overloaded_item(tcx: TyCtxt, def_id: DefId) -> bool { + // These methods are allowed to cheat the purity restrictions because they are lang items we cannot redefine if let Some(name) = tcx.get_diagnostic_name(def_id) { match name.as_str() { "box_new" | "deref_method" | "deref_mut_method" => true, @@ -143,362 +55,9 @@ fn is_overloaded_item(tcx: TyCtxt, def_id: DefId) -> bool { } } -pub(crate) fn validate_impls(ctx: &TranslationCtx) { - for impl_id in ctx.all_local_trait_impls(()).values().flat_map(|i| i.iter()) { - if !matches!(ctx.def_kind(*impl_id), DefKind::Impl { .. }) { - continue; - } - use rustc_middle::ty::print::PrintTraitRefExt; - let trait_ref = ctx.impl_trait_ref(*impl_id).unwrap().skip_binder(); - - if is_trusted(ctx.tcx, trait_ref.def_id) != is_trusted(ctx.tcx, impl_id.to_def_id()) { - let msg = if is_trusted(ctx.tcx, trait_ref.def_id) { - format!( - "Expected implementation of trait `{}` for `{}` to be marked as `#[trusted]`", - trait_ref.print_only_trait_path(), - trait_ref.self_ty() - ) - } else { - format!( - "Cannot have trusted implementation of untrusted trait `{}`", - trait_ref.print_only_trait_path() - ) - }; - ctx.error(ctx.def_span(impl_id.to_def_id()), &msg).emit(); - } - - let implementors = ctx.impl_item_implementor_ids(impl_id.to_def_id()); - - let implementors = - ctx.with_stable_hashing_context(|hcx| implementors.to_sorted(&hcx, true)); - for (&trait_item, &impl_item) in implementors { - if let Some(open_inv_trait) = ctx.params_open_inv(trait_item) { - let open_inv_impl = ctx.params_open_inv(impl_item).unwrap(); - for &i in open_inv_trait { - if !open_inv_impl.contains(&i) { - let name_param = ctx.fn_arg_names(impl_item)[i]; - ctx.error( - ctx.def_span(impl_item), - &format!( - "Parameter `{name_param}` has the `#[creusot::open_inv]` attribute in the trait declaration, but not in the implementation." - ), - ).emit(); - } - } - } - - if is_open_inv_result(ctx.tcx, impl_item) && !is_open_inv_result(ctx.tcx, trait_item) { - ctx.error( - ctx.def_span(impl_item), - &format!( - "Function `{}` should not have the `#[open_inv_result]` attribute, as specified by the trait declaration", - ctx.item_name(impl_item), - ), - ).emit(); - } - - if is_overloaded_item(ctx.tcx, trait_item) { - continue; - }; - - let item_type = ctx.item_type(impl_item); - let trait_type = ctx.item_type(trait_item); - if !item_type.can_implement(trait_type) { - ctx.error( - ctx.def_span(impl_item), - &format!( - "Expected `{}` to be a {} as specified by the trait declaration", - ctx.item_name(impl_item), - trait_type.to_str() - ), - ) - .emit(); - } else { - let item_contract = crate::specification::contract_of(ctx, impl_item); - let trait_contract = crate::specification::contract_of(ctx, trait_item); - if trait_contract.no_panic && !item_contract.no_panic { - ctx.error( - ctx.def_span(impl_item), - &format!( - "Expected `{}` to be `#[pure]` as specified by the trait declaration", - ctx.item_name(impl_item), - ), - ) - .emit(); - } else if trait_contract.terminates && !item_contract.terminates { - ctx.error( - ctx.def_span(impl_item), - &format!( - "Expected `{}` to be `#[terminates]` as specified by the trait declaration", - ctx.item_name(impl_item), - ), - ) - .emit(); - } - } - } - } -} - -#[derive(Clone, Copy, PartialEq, Eq, Debug)] -pub(crate) enum Purity { - /// Same as `Program { terminates: true, no_panic: true }`, but can also call the few - /// ghost-only functions (e.g. `GhostBox::new`). - Ghost, - Program { - terminates: bool, - no_panic: bool, - }, - Logic { - prophetic: bool, - }, -} - -impl Purity { - pub(crate) fn of_def_id(ctx: &TranslationCtx, def_id: DefId) -> Self { - let is_snapshot = is_snapshot_closure(ctx.tcx, def_id); - if is_predicate(ctx.tcx, def_id) && is_prophetic(ctx.tcx, def_id) - || is_logic(ctx.tcx, def_id) && is_prophetic(ctx.tcx, def_id) - || is_spec(ctx.tcx, def_id) && !is_snapshot - { - Purity::Logic { prophetic: true } - } else if is_predicate(ctx.tcx, def_id) || is_logic(ctx.tcx, def_id) || is_snapshot { - Purity::Logic { prophetic: false } - } else { - let contract = contract_of(ctx, def_id); - let terminates = contract.terminates; - let no_panic = contract.no_panic; - Purity::Program { terminates, no_panic } - } - } - - fn is_logic(self) -> bool { - matches!(self, Self::Logic { .. }) - } - - fn can_call(self, other: Purity) -> bool { - match (self, other) { - (Purity::Logic { prophetic }, Purity::Logic { prophetic: prophetic2 }) => { - prophetic || !prophetic2 - } - ( - Purity::Program { no_panic, terminates }, - Purity::Program { no_panic: no_panic2, terminates: terminates2 }, - ) => no_panic <= no_panic2 && terminates <= terminates2, - ( - Purity::Ghost, - Purity::Ghost | Purity::Program { no_panic: true, terminates: true }, - ) => true, - (_, _) => false, - } - } - - fn as_str(&self) -> &'static str { - match self { - Purity::Ghost => "ghost", - Purity::Program { terminates, no_panic } => match (*terminates, *no_panic) { - (true, true) => "program (pure)", - (true, false) => "program (terminates)", - (false, true) => "program (no panic)", - (false, false) => "program", - }, - Purity::Logic { prophetic: false } => "logic", - Purity::Logic { prophetic: true } => "prophetic logic", - } - } -} - -pub(crate) fn validate_purity( - ctx: &TranslationCtx, - def_id: LocalDefId, -) -> Result<(), CannotFetchThir> { - let (thir, expr) = ctx.fetch_thir(def_id)?; - let thir = thir.borrow(); - if thir.exprs.is_empty() { - // TODO: put this inside `fetch_thir`? - return Err(CannotFetchThir); - } - - let def_id = def_id.to_def_id(); - let purity = Purity::of_def_id(ctx, def_id); - if matches!(purity, Purity::Program { .. }) && is_no_translate(ctx.tcx, def_id) { - return Ok(()); - } - let typing_env = ctx.typing_env(def_id); - - let mut visitor = - PurityVisitor { ctx, thir: &thir, context: purity, typing_env, thir_failed: false }; - thir::visit::walk_expr(&mut visitor, &thir[expr]); - if visitor.thir_failed { - Err(CannotFetchThir) - } else { - Ok(()) - } -} - -struct PurityVisitor<'a, 'tcx> { - ctx: &'a TranslationCtx<'tcx>, - thir: &'a Thir<'tcx>, - context: Purity, - /// Typing environment of the caller function - typing_env: TypingEnv<'tcx>, - // If `true`, we should error with a [`CannotFetchThir`] error. - thir_failed: bool, -} - -impl PurityVisitor<'_, '_> { - fn purity(&self, fun: thir::ExprId, func_did: DefId) -> Purity { - let tcx = self.ctx.tcx; - let stub = pearlite_stub(tcx, self.thir[fun].ty); - - if matches!(stub, Some(Stub::Fin)) - || is_predicate(tcx, func_did) && is_prophetic(tcx, func_did) - || is_logic(tcx, func_did) && is_prophetic(tcx, func_did) - { - Purity::Logic { prophetic: true } - } else if is_predicate(tcx, func_did) - || is_logic(tcx, func_did) - || get_builtin(tcx, func_did).is_some() - || stub.is_some() - { - Purity::Logic { prophetic: false } - } else if is_ghost_into_inner(tcx, func_did) - || is_ghost_new(tcx, func_did) - || is_ghost_deref(tcx, func_did) - || is_ghost_deref_mut(tcx, func_did) - { - Purity::Ghost - } else { - let contract = contract_of(self.ctx, func_did); - let terminates = contract.terminates; - let no_panic = contract.no_panic; - Purity::Program { terminates, no_panic } - } - } -} - -impl<'a, 'tcx> thir::visit::Visitor<'a, 'tcx> for PurityVisitor<'a, 'tcx> { - fn thir(&self) -> &'a thir::Thir<'tcx> { - self.thir - } - - fn visit_expr(&mut self, expr: &'a thir::Expr<'tcx>) { - match expr.kind { - ExprKind::Call { fun, ref args, .. } => { - if let &FnDef(func_did, subst) = self.thir[fun].ty.kind() { - // try to specialize the called function if it is a trait method. - let subst = self.ctx.erase_regions(subst); - let func_did = if TraitResolved::is_trait_item(self.ctx.tcx, func_did) { - match TraitResolved::resolve_item( - self.ctx.tcx, - self.typing_env, - func_did, - subst, - ) { - TraitResolved::Instance(id, _) => id, - _ => func_did, - } - } else { - func_did - }; - - let fn_purity = self.purity(fun, func_did); - if !(self.context.can_call(fn_purity) - || fn_purity.is_logic() && is_overloaded_item(self.ctx.tcx, func_did)) - { - // Emit a nicer error specifically for calls of ghost functions. - if fn_purity == Purity::Ghost - && matches!(self.context, Purity::Program { .. }) - { - let tcx = self.ctx.tcx; - let msg = if is_ghost_into_inner(tcx, func_did) { - "trying to access the contents of a ghost variable in program context" - } else if is_ghost_deref(tcx, func_did) - || is_ghost_deref_mut(tcx, func_did) - { - "dereference of a ghost variable in program context" - } else { - "cannot create a ghost variable in program context" - }; - - let mut err = self.ctx.error(self.thir[fun].span, msg); - if is_ghost_new(tcx, func_did) { - err = err.with_span_suggestion( - expr.span, - "try wrapping this expression in `ghost!` instead", - format!( - "ghost!({})", - self.ctx - .sess - .source_map() - .span_to_snippet(self.thir.exprs[args[0]].span) - .unwrap() - ), - rustc_errors::Applicability::MachineApplicable, - ); - } - err.emit(); - } else { - let (caller, callee) = match (self.context, fn_purity) { - (Purity::Program { .. } | Purity::Ghost, Purity::Logic { .. }) => { - ("program", "logic") - } - (Purity::Logic { .. }, Purity::Program { .. } | Purity::Ghost) => { - ("logic", "program") - } - _ => (self.context.as_str(), fn_purity.as_str()), - }; - let msg = format!( - "called {callee} function `{}` in {caller} context", - self.ctx.def_path_str(func_did), - ); - - self.ctx.dcx().span_err(self.thir[fun].span, msg); - } - } - } else if matches!(self.context, Purity::Logic { .. }) { - // TODO Add a "code" back in - self.ctx.dcx().span_fatal(expr.span, "non function call in logical context") - } - } - ExprKind::Closure(box ClosureExpr { closure_id, .. }) => { - if is_spec(self.ctx.tcx, closure_id.into()) { - return; - } - - let Ok((thir, expr)) = self.ctx.thir_body(closure_id) else { - self.thir_failed = true; - return; - }; - let thir = thir.borrow(); - - let mut visitor = PurityVisitor { - ctx: self.ctx, - thir: &thir, - context: self.context, - typing_env: self.typing_env, - thir_failed: false, - }; - thir::visit::walk_expr(&mut visitor, &thir[expr]); - if visitor.thir_failed { - self.thir_failed = true; - return; - } - } - ExprKind::Scope { - region_scope: _, - lint_level: thir::LintLevel::Explicit(hir_id), - value: _, - } => { - if self::ghost::is_ghost_block(self.ctx.tcx, hir_id) { - let old_context = std::mem::replace(&mut self.context, Purity::Ghost); - thir::visit::walk_expr(self, expr); - self.context = old_context; - return; - } - } - _ => {} - } - thir::visit::walk_expr(self, expr) - } +fn is_ghost_block(tcx: TyCtxt, id: HirId) -> bool { + let attrs = tcx.hir().attrs(id); + attrs + .iter() + .any(|a| a.path_matches(&[Symbol::intern("creusot"), Symbol::intern("ghost_block")])) } diff --git a/creusot/src/validate/ghost.rs b/creusot/src/validate/ghost.rs index d99f651114..bc43f0c988 100644 --- a/creusot/src/validate/ghost.rs +++ b/creusot/src/validate/ghost.rs @@ -4,18 +4,10 @@ use rustc_hir::HirId; use rustc_hir_typeck::expr_use_visitor::{Delegate, ExprUseVisitor, PlaceWithHirId}; use rustc_lint::{LateLintPass, LintPass}; use rustc_middle::ty::{Ty, TyCtxt}; -use rustc_span::Symbol; use std::collections::HashSet; use crate::contracts_items::is_ghost_ty; -pub(crate) fn is_ghost_block(tcx: TyCtxt, id: HirId) -> bool { - let attrs = tcx.hir().attrs(id); - attrs - .iter() - .any(|a| a.path_matches(&[Symbol::intern("creusot"), Symbol::intern("ghost_block")])) -} - pub struct GhostValidate {} impl LintPass for GhostValidate { @@ -33,7 +25,7 @@ impl<'tcx> LateLintPass<'tcx> for GhostValidate { cx: &rustc_lint::LateContext<'tcx>, expr: &'tcx rustc_hir::Expr<'tcx>, ) { - if !is_ghost_block(cx.tcx, expr.hir_id) { + if !super::is_ghost_block(cx.tcx, expr.hir_id) { return; } diff --git a/creusot/src/validate/opacity.rs b/creusot/src/validate/opacity.rs new file mode 100644 index 0000000000..774245cbb1 --- /dev/null +++ b/creusot/src/validate/opacity.rs @@ -0,0 +1,79 @@ +use rustc_hir::def_id::DefId; +use rustc_middle::ty::Visibility; +use rustc_span::Span; + +use crate::{ + contracts_items::{is_spec, opacity_witness_name}, + ctx::TranslationCtx, + error::CannotFetchThir, + translation::pearlite::{super_visit_term, TermKind, TermVisitor}, + util::parent_module, +}; + +/// Validates that an `#[open]` function is not made visible in a less opened one. +pub(crate) fn validate_opacity(ctx: &TranslationCtx, item: DefId) -> Result<(), CannotFetchThir> { + struct OpacityVisitor<'a, 'tcx> { + ctx: &'a TranslationCtx<'tcx>, + opacity: Option, + source_item: DefId, + } + + impl OpacityVisitor<'_, '_> { + fn is_visible_enough(&self, id: DefId) -> bool { + match self.opacity { + None => self.ctx.visibility(id) == Visibility::Public, + Some(opa) => self.ctx.visibility(id).is_accessible_from(opa, self.ctx.tcx), + } + } + + fn error(&self, id: DefId, span: Span) { + self.ctx.error( + span, + &format!( + "Cannot make `{:?}` transparent in `{:?}` as it would call a less-visible item.", + self.ctx.def_path_str(id), self.ctx.def_path_str(self.source_item) + ), + ).emit(); + } + } + + impl<'tcx> TermVisitor<'tcx> for OpacityVisitor<'_, 'tcx> { + fn visit_term(&mut self, term: &crate::translation::pearlite::Term<'tcx>) { + match &term.kind { + TermKind::Item(id, _) => { + if !self.is_visible_enough(*id) { + self.error(*id, term.span) + } + } + TermKind::Call { id, .. } => { + if !self.is_visible_enough(*id) { + self.error(*id, term.span) + } + } + TermKind::Constructor { typ, .. } => { + if !self.is_visible_enough(*typ) { + self.error(*typ, term.span) + } + } + _ => super_visit_term(term, self), + } + } + } + + if is_spec(ctx.tcx, item) { + return Ok(()); + } + + // UGLY clone... + let Some(term) = ctx.term(item)?.cloned() else { return Ok(()) }; + + if ctx.visibility(item) != Visibility::Restricted(parent_module(ctx.tcx, item)) + && opacity_witness_name(ctx.tcx, item).is_none() + { + ctx.error(ctx.def_span(item), "Non private definitions must have an explicit transparency. Please add #[open(..)] to your definition").emit(); + } + + let opacity = ctx.opacity(item).scope(); + OpacityVisitor { opacity, ctx, source_item: item }.visit_term(&term); + Ok(()) +} diff --git a/creusot/src/validate/purity.rs b/creusot/src/validate/purity.rs new file mode 100644 index 0000000000..03363cd187 --- /dev/null +++ b/creusot/src/validate/purity.rs @@ -0,0 +1,283 @@ +use rustc_hir::def_id::{DefId, LocalDefId}; +use rustc_middle::{ + thir::{self, ClosureExpr, ExprKind, Thir}, + ty::{FnDef, TypingEnv}, +}; + +use crate::{ + contracts_items::{ + get_builtin, is_ghost_deref, is_ghost_deref_mut, is_ghost_into_inner, is_ghost_new, + is_logic, is_no_translate, is_predicate, is_prophetic, is_snapshot_closure, is_spec, + }, + ctx::TranslationCtx, + error::CannotFetchThir, + pearlite::{pearlite_stub, Stub}, + specification::contract_of, + traits::TraitResolved, +}; + +use super::is_overloaded_item; + +#[derive(Clone, Copy, PartialEq, Eq, Debug)] +pub(crate) enum Purity { + /// Same as `Program { terminates: true, no_panic: true }`, but can also call the few + /// ghost-only functions (e.g. `GhostBox::new`). + Ghost, + Program { + terminates: bool, + no_panic: bool, + }, + Logic { + prophetic: bool, + }, +} + +impl Purity { + pub(crate) fn of_def_id(ctx: &TranslationCtx, def_id: DefId) -> Self { + let is_snapshot = is_snapshot_closure(ctx.tcx, def_id); + if is_predicate(ctx.tcx, def_id) && is_prophetic(ctx.tcx, def_id) + || is_logic(ctx.tcx, def_id) && is_prophetic(ctx.tcx, def_id) + || is_spec(ctx.tcx, def_id) && !is_snapshot + { + Purity::Logic { prophetic: true } + } else if is_predicate(ctx.tcx, def_id) || is_logic(ctx.tcx, def_id) || is_snapshot { + Purity::Logic { prophetic: false } + } else { + let contract = contract_of(ctx, def_id); + let terminates = contract.terminates; + let no_panic = contract.no_panic; + Purity::Program { terminates, no_panic } + } + } + + fn is_logic(self) -> bool { + matches!(self, Self::Logic { .. }) + } + + fn can_call(self, other: Purity) -> bool { + match (self, other) { + (Purity::Logic { prophetic }, Purity::Logic { prophetic: prophetic2 }) => { + prophetic || !prophetic2 + } + ( + Purity::Program { no_panic, terminates }, + Purity::Program { no_panic: no_panic2, terminates: terminates2 }, + ) => no_panic <= no_panic2 && terminates <= terminates2, + ( + Purity::Ghost, + Purity::Ghost | Purity::Program { no_panic: true, terminates: true }, + ) => true, + (_, _) => false, + } + } + + fn as_str(&self) -> &'static str { + match self { + Purity::Ghost => "ghost", + Purity::Program { terminates, no_panic } => match (*terminates, *no_panic) { + (true, true) => "program (pure)", + (true, false) => "program (terminates)", + (false, true) => "program (no panic)", + (false, false) => "program", + }, + Purity::Logic { prophetic: false } => "logic", + Purity::Logic { prophetic: true } => "prophetic logic", + } + } +} + +pub(crate) fn validate_purity( + ctx: &TranslationCtx, + def_id: LocalDefId, +) -> Result<(), CannotFetchThir> { + let (thir, expr) = ctx.fetch_thir(def_id)?; + let thir = thir.borrow(); + if thir.exprs.is_empty() { + // TODO: put this inside `fetch_thir`? + return Err(CannotFetchThir); + } + + let def_id = def_id.to_def_id(); + let purity = Purity::of_def_id(ctx, def_id); + if matches!(purity, Purity::Program { .. }) && is_no_translate(ctx.tcx, def_id) { + return Ok(()); + } + let typing_env = ctx.typing_env(def_id); + + let mut visitor = + PurityVisitor { ctx, thir: &thir, context: purity, typing_env, thir_failed: false }; + thir::visit::walk_expr(&mut visitor, &thir[expr]); + if visitor.thir_failed { + Err(CannotFetchThir) + } else { + Ok(()) + } +} + +struct PurityVisitor<'a, 'tcx> { + ctx: &'a TranslationCtx<'tcx>, + thir: &'a Thir<'tcx>, + context: Purity, + /// Typing environment of the caller function + typing_env: TypingEnv<'tcx>, + // If `true`, we should error with a [`CannotFetchThir`] error. + thir_failed: bool, +} + +impl PurityVisitor<'_, '_> { + fn purity(&self, fun: thir::ExprId, func_did: DefId) -> Purity { + let tcx = self.ctx.tcx; + let stub = pearlite_stub(tcx, self.thir[fun].ty); + + if matches!(stub, Some(Stub::Fin)) + || is_predicate(tcx, func_did) && is_prophetic(tcx, func_did) + || is_logic(tcx, func_did) && is_prophetic(tcx, func_did) + { + Purity::Logic { prophetic: true } + } else if is_predicate(tcx, func_did) + || is_logic(tcx, func_did) + || get_builtin(tcx, func_did).is_some() + || stub.is_some() + { + Purity::Logic { prophetic: false } + } else if is_ghost_into_inner(tcx, func_did) + || is_ghost_new(tcx, func_did) + || is_ghost_deref(tcx, func_did) + || is_ghost_deref_mut(tcx, func_did) + { + Purity::Ghost + } else { + let contract = contract_of(self.ctx, func_did); + let terminates = contract.terminates; + let no_panic = contract.no_panic; + Purity::Program { terminates, no_panic } + } + } +} + +impl<'a, 'tcx> thir::visit::Visitor<'a, 'tcx> for PurityVisitor<'a, 'tcx> { + fn thir(&self) -> &'a thir::Thir<'tcx> { + self.thir + } + + fn visit_expr(&mut self, expr: &'a thir::Expr<'tcx>) { + match expr.kind { + ExprKind::Call { fun, ref args, .. } => { + if let &FnDef(func_did, subst) = self.thir[fun].ty.kind() { + // try to specialize the called function if it is a trait method. + let subst = self.ctx.erase_regions(subst); + let func_did = if TraitResolved::is_trait_item(self.ctx.tcx, func_did) { + match TraitResolved::resolve_item( + self.ctx.tcx, + self.typing_env, + func_did, + subst, + ) { + TraitResolved::Instance(id, _) => id, + _ => func_did, + } + } else { + func_did + }; + + let fn_purity = self.purity(fun, func_did); + if !(self.context.can_call(fn_purity) + || fn_purity.is_logic() && is_overloaded_item(self.ctx.tcx, func_did)) + { + // Emit a nicer error specifically for calls of ghost functions. + if fn_purity == Purity::Ghost + && matches!(self.context, Purity::Program { .. }) + { + let tcx = self.ctx.tcx; + let msg = if is_ghost_into_inner(tcx, func_did) { + "trying to access the contents of a ghost variable in program context" + } else if is_ghost_deref(tcx, func_did) + || is_ghost_deref_mut(tcx, func_did) + { + "dereference of a ghost variable in program context" + } else { + "cannot create a ghost variable in program context" + }; + + let mut err = self.ctx.error(self.thir[fun].span, msg); + if is_ghost_new(tcx, func_did) { + err = err.with_span_suggestion( + expr.span, + "try wrapping this expression in `ghost!` instead", + format!( + "ghost!({})", + self.ctx + .sess + .source_map() + .span_to_snippet(self.thir.exprs[args[0]].span) + .unwrap() + ), + rustc_errors::Applicability::MachineApplicable, + ); + } + err.emit(); + } else { + let (caller, callee) = match (self.context, fn_purity) { + (Purity::Program { .. } | Purity::Ghost, Purity::Logic { .. }) => { + ("program", "logic") + } + (Purity::Ghost, Purity::Program { .. }) => ("ghost", "non-pure"), + (Purity::Logic { .. }, Purity::Program { .. } | Purity::Ghost) => { + ("logic", "program") + } + _ => (self.context.as_str(), fn_purity.as_str()), + }; + let msg = format!( + "called {callee} function `{}` in {caller} context", + self.ctx.def_path_str(func_did), + ); + + self.ctx.dcx().span_err(self.thir[fun].span, msg); + } + } + } else if matches!(self.context, Purity::Logic { .. }) { + // TODO Add a "code" back in + self.ctx.dcx().span_fatal(expr.span, "non function call in logical context") + } + } + ExprKind::Closure(box ClosureExpr { closure_id, .. }) => { + if is_spec(self.ctx.tcx, closure_id.into()) { + return; + } + + let Ok((thir, expr)) = self.ctx.thir_body(closure_id) else { + self.thir_failed = true; + return; + }; + let thir = thir.borrow(); + + let mut visitor = PurityVisitor { + ctx: self.ctx, + thir: &thir, + context: self.context, + typing_env: self.typing_env, + thir_failed: false, + }; + thir::visit::walk_expr(&mut visitor, &thir[expr]); + if visitor.thir_failed { + self.thir_failed = true; + return; + } + } + ExprKind::Scope { + region_scope: _, + lint_level: thir::LintLevel::Explicit(hir_id), + value: _, + } => { + if super::is_ghost_block(self.ctx.tcx, hir_id) { + let old_context = std::mem::replace(&mut self.context, Purity::Ghost); + thir::visit::walk_expr(self, expr); + self.context = old_context; + return; + } + } + _ => {} + } + thir::visit::walk_expr(self, expr) + } +} diff --git a/creusot/src/validate_terminates.rs b/creusot/src/validate/terminates.rs similarity index 99% rename from creusot/src/validate_terminates.rs rename to creusot/src/validate/terminates.rs index a1d46ab8fd..d240f54ebd 100644 --- a/creusot/src/validate_terminates.rs +++ b/creusot/src/validate/terminates.rs @@ -719,7 +719,7 @@ impl<'thir, 'tcx> thir::visit::Visitor<'thir, 'tcx> for GhostLoops<'thir, 'tcx> lint_level: thir::LintLevel::Explicit(hir_id), value: _, } => { - if crate::validate::is_ghost_block(self.tcx, hir_id) { + if super::is_ghost_block(self.tcx, hir_id) { let old_is_ghost = std::mem::replace(&mut self.is_in_ghost, true); thir::visit::walk_expr(self, expr); self.is_in_ghost = old_is_ghost; diff --git a/creusot/src/validate/traits.rs b/creusot/src/validate/traits.rs new file mode 100644 index 0000000000..888014f2a1 --- /dev/null +++ b/creusot/src/validate/traits.rs @@ -0,0 +1,141 @@ +use rustc_hir::def::DefKind; + +use crate::{ + contracts_items::{is_law, is_open_inv_result, is_trusted}, + ctx::TranslationCtx, +}; + +/// Validate that laws have no additional generic parameters. +/// +/// This is because laws are auto-loaded, and we do not want to generate polymorphic WhyML code. +pub(crate) fn validate_traits(ctx: &TranslationCtx) { + let mut law_violations = Vec::new(); + + for trait_item_id in ctx.hir_crate_items(()).trait_items() { + let trait_item = ctx.hir().trait_item(trait_item_id); + + if is_law(ctx.tcx, trait_item.owner_id.def_id.to_def_id()) + && !ctx.generics_of(trait_item.owner_id.def_id).own_params.is_empty() + { + law_violations.push((trait_item.owner_id.def_id, trait_item.span)) + } + } + + for (_, sp) in law_violations { + ctx.error(sp, "Laws cannot have additional generic parameters").emit(); + } +} + +/// Validates that trait implementations have some of the same attributes as the trait item. +/// +/// # Example +/// +/// ```creusot +/// trait Tr { +/// #[logic] +/// fn foo(); +/// #[terminates] +/// fn bar(); +/// } +/// +/// impl Tr for MyType { +/// fn foo() {} // ! ERROR ! foo should be marked `#[logic]` +/// fn bar() {} // ! ERROR ! bar should be marked `#[terminates]` +/// } +/// ``` +pub(crate) fn validate_impls(ctx: &TranslationCtx) { + for impl_id in ctx.all_local_trait_impls(()).values().flat_map(|i| i.iter()) { + if !matches!(ctx.def_kind(*impl_id), DefKind::Impl { .. }) { + continue; + } + use rustc_middle::ty::print::PrintTraitRefExt; + let trait_ref = ctx.impl_trait_ref(*impl_id).unwrap().skip_binder(); + + if is_trusted(ctx.tcx, trait_ref.def_id) != is_trusted(ctx.tcx, impl_id.to_def_id()) { + let msg = if is_trusted(ctx.tcx, trait_ref.def_id) { + format!( + "Expected implementation of trait `{}` for `{}` to be marked as `#[trusted]`", + trait_ref.print_only_trait_path(), + trait_ref.self_ty() + ) + } else { + format!( + "Cannot have trusted implementation of untrusted trait `{}`", + trait_ref.print_only_trait_path() + ) + }; + ctx.error(ctx.def_span(impl_id.to_def_id()), &msg).emit(); + } + + let implementors = ctx.impl_item_implementor_ids(impl_id.to_def_id()); + + let implementors = + ctx.with_stable_hashing_context(|hcx| implementors.to_sorted(&hcx, true)); + for (&trait_item, &impl_item) in implementors { + if let Some(open_inv_trait) = ctx.params_open_inv(trait_item) { + let open_inv_impl = ctx.params_open_inv(impl_item).unwrap(); + for &i in open_inv_trait { + if !open_inv_impl.contains(&i) { + let name_param = ctx.fn_arg_names(impl_item)[i]; + ctx.error( + ctx.def_span(impl_item), + &format!( + "Parameter `{name_param}` has the `#[creusot::open_inv]` attribute in the trait declaration, but not in the implementation." + ), + ).emit(); + } + } + } + + if is_open_inv_result(ctx.tcx, impl_item) && !is_open_inv_result(ctx.tcx, trait_item) { + ctx.error( + ctx.def_span(impl_item), + &format!( + "Function `{}` should not have the `#[open_inv_result]` attribute, as specified by the trait declaration", + ctx.item_name(impl_item), + ), + ).emit(); + } + + if super::is_overloaded_item(ctx.tcx, trait_item) { + continue; + }; + + let item_type = ctx.item_type(impl_item); + let trait_type = ctx.item_type(trait_item); + if !item_type.can_implement(trait_type) { + ctx.error( + ctx.def_span(impl_item), + &format!( + "Expected `{}` to be a {} as specified by the trait declaration", + ctx.item_name(impl_item), + trait_type.to_str() + ), + ) + .emit(); + } else { + let item_contract = crate::specification::contract_of(ctx, impl_item); + let trait_contract = crate::specification::contract_of(ctx, trait_item); + if trait_contract.no_panic && !item_contract.no_panic { + ctx.error( + ctx.def_span(impl_item), + &format!( + "Expected `{}` to be `#[pure]` as specified by the trait declaration", + ctx.item_name(impl_item), + ), + ) + .emit(); + } else if trait_contract.terminates && !item_contract.terminates { + ctx.error( + ctx.def_span(impl_item), + &format!( + "Expected `{}` to be `#[terminates]` as specified by the trait declaration", + ctx.item_name(impl_item), + ), + ) + .emit(); + } + } + } + } +} From 9f585f22ec543c4120543bf9da6b0a01ea735bf4 Mon Sep 17 00:00:00 2001 From: arnaudgolfouse Date: Tue, 18 Feb 2025 16:18:52 +0100 Subject: [PATCH 3/6] Fix dereference of GhostBox in logic --- creusot/src/validate/purity.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/creusot/src/validate/purity.rs b/creusot/src/validate/purity.rs index 03363cd187..60b2c09f6b 100644 --- a/creusot/src/validate/purity.rs +++ b/creusot/src/validate/purity.rs @@ -182,7 +182,7 @@ impl<'a, 'tcx> thir::visit::Visitor<'a, 'tcx> for PurityVisitor<'a, 'tcx> { let fn_purity = self.purity(fun, func_did); if !(self.context.can_call(fn_purity) - || fn_purity.is_logic() && is_overloaded_item(self.ctx.tcx, func_did)) + || self.context.is_logic() && is_overloaded_item(self.ctx.tcx, func_did)) { // Emit a nicer error specifically for calls of ghost functions. if fn_purity == Purity::Ghost @@ -199,7 +199,7 @@ impl<'a, 'tcx> thir::visit::Visitor<'a, 'tcx> for PurityVisitor<'a, 'tcx> { "cannot create a ghost variable in program context" }; - let mut err = self.ctx.error(self.thir[fun].span, msg); + let mut err = self.ctx.error(expr.span, msg); if is_ghost_new(tcx, func_did) { err = err.with_span_suggestion( expr.span, From ca15170118a193f2d0f99dffe0e09fa18a9c7021 Mon Sep 17 00:00:00 2001 From: arnaudgolfouse Date: Thu, 20 Feb 2025 14:32:07 +0100 Subject: [PATCH 4/6] Rename `RValue::Ghost` to `RValue::Snapshot` --- creusot/src/backend/optimization.rs | 6 +++--- creusot/src/backend/optimization/invariants.rs | 2 +- creusot/src/backend/program.rs | 2 +- creusot/src/translation/fmir.rs | 8 ++++---- creusot/src/translation/function.rs | 4 ++-- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/creusot/src/backend/optimization.rs b/creusot/src/backend/optimization.rs index 2368111089..28566f553f 100644 --- a/creusot/src/backend/optimization.rs +++ b/creusot/src/backend/optimization.rs @@ -111,7 +111,7 @@ impl<'a, 'tcx> LocalUsage<'a, 'tcx> { fn visit_rvalue(&mut self, r: &RValue<'tcx>) { match r { - RValue::Ghost(t) => self.visit_term(t), + RValue::Snapshot(t) => self.visit_term(t), RValue::Borrow(_, p, _) | RValue::Ptr(p) => { self.read_place(p); self.read_place(p) @@ -250,7 +250,7 @@ impl<'tcx> SimplePropagator<'tcx> { self.prop.insert(l.local, op); self.dead.insert(l.local); } - Statement::Assignment(_, RValue::Ghost(_), _) => { + Statement::Assignment(_, RValue::Snapshot(_), _) => { out_stmts.push(s) } Statement::Assignment(ref l, ref r, _) if self.should_erase(l.local) && r.is_pure() => { @@ -293,7 +293,7 @@ impl<'tcx> SimplePropagator<'tcx> { fn visit_rvalue(&mut self, r: &mut RValue<'tcx>) { match r { - RValue::Ghost(t) => self.visit_term(t), + RValue::Snapshot(t) => self.visit_term(t), RValue::Ptr(p) | RValue::Borrow(_, p, _) => { assert!(self.prop.get(&p.local).is_none(), "Trying to propagate borrowed variable") } diff --git a/creusot/src/backend/optimization/invariants.rs b/creusot/src/backend/optimization/invariants.rs index 8d7ca2dc07..abd4bfd4e4 100644 --- a/creusot/src/backend/optimization/invariants.rs +++ b/creusot/src/backend/optimization/invariants.rs @@ -83,7 +83,7 @@ pub fn infer_proph_invariants<'tcx>(ctx: &TranslationCtx<'tcx>, body: &mut fmir: } prev_block.stmts.push(Statement::Assignment( Place { local, projection: Vec::new() }, - RValue::Ghost(Term::call_no_normalize( + RValue::Snapshot(Term::call_no_normalize( tcx, snap_new, subst, diff --git a/creusot/src/backend/program.rs b/creusot/src/backend/program.rs index 6cde5a6fb2..0b1adc97c1 100644 --- a/creusot/src/backend/program.rs +++ b/creusot/src/backend/program.rs @@ -587,7 +587,7 @@ impl<'tcx> RValue<'tcx> { Exp::var("_res") } - RValue::Ghost(t) => lower_pure(lower.ctx, lower.names, &t), + RValue::Snapshot(t) => lower_pure(lower.ctx, lower.names, &t), RValue::Borrow(_, _, _) => unreachable!(), // Handled in Statement::to_why RValue::UnaryOp(UnOp::PtrMetadata, op) => { match op.ty(lower.ctx.tcx, lower.locals).kind() { diff --git a/creusot/src/translation/fmir.rs b/creusot/src/translation/fmir.rs index 73dcea8a71..dbe7f827fe 100644 --- a/creusot/src/translation/fmir.rs +++ b/creusot/src/translation/fmir.rs @@ -104,7 +104,7 @@ pub enum TrivialInv { #[derive(Clone, Debug)] pub enum RValue<'tcx> { - Ghost(Term<'tcx>), + Snapshot(Term<'tcx>), Borrow(BorrowKind, Place<'tcx>, TrivialInv), Operand(Operand<'tcx>), BinOp(BinOp, Operand<'tcx>, Operand<'tcx>), @@ -118,7 +118,7 @@ pub enum RValue<'tcx> { Ptr(Place<'tcx>), } -impl<'tcx> RValue<'tcx> { +impl RValue<'_> { /// Returns false if the expression generates verification conditions pub fn is_pure(&self) -> bool { match self { @@ -165,7 +165,7 @@ impl<'tcx> RValue<'tcx> { RValue::Len(_) => true, RValue::Array(_) => true, RValue::Repeat(_, _) => true, - RValue::Ghost(_) => true, + RValue::Snapshot(_) => true, RValue::Borrow(_, _, _) => true, RValue::Ptr(_) => true, } @@ -415,7 +415,7 @@ pub(crate) fn super_visit_terminator<'tcx, V: FmirVisitor<'tcx>>( pub(crate) fn super_visit_rvalue<'tcx, V: FmirVisitor<'tcx>>(visitor: &mut V, rval: &RValue<'tcx>) { match rval { - RValue::Ghost(term) => { + RValue::Snapshot(term) => { visitor.visit_term(term); } RValue::Borrow(_, place, _) => { diff --git a/creusot/src/translation/function.rs b/creusot/src/translation/function.rs index 32951a3e6a..0590166a01 100644 --- a/creusot/src/translation/function.rs +++ b/creusot/src/translation/function.rs @@ -340,7 +340,7 @@ impl<'body, 'tcx> BodyTranslator<'body, 'tcx> { } fn emit_snapshot_assign(&mut self, lhs: Place<'tcx>, rhs: Term<'tcx>, span: Span) { - self.emit_assignment(&lhs, fmir::RValue::Ghost(rhs), span) + self.emit_assignment(&lhs, fmir::RValue::Snapshot(rhs), span) } fn emit_assignment(&mut self, lhs: &Place<'tcx>, rhs: RValue<'tcx>, span: Span) { @@ -357,7 +357,7 @@ impl<'body, 'tcx> BodyTranslator<'body, 'tcx> { ) { // The assignement may, in theory, modify a variable that needs to be resolved. // Hence we resolve before the assignment. - self.resolve_places(need, &resolved); + self.resolve_places(need, resolved); // We resolve the destination place, if necessary match self.move_data().rev_lookup.find(destination.as_ref()) { From 87a53828ae6908470c47cf62e22f8026222f1223 Mon Sep 17 00:00:00 2001 From: arnaudgolfouse Date: Thu, 20 Feb 2025 14:43:32 +0100 Subject: [PATCH 5/6] Don't error when moving a var inside pearlite in ghost code --- creusot/src/validate/ghost.rs | 35 +++++++------ .../ghost/snapshot_in_ghost.coma | 52 +++++++++++++++++++ .../should_succeed/ghost/snapshot_in_ghost.rs | 10 ++++ 3 files changed, 82 insertions(+), 15 deletions(-) diff --git a/creusot/src/validate/ghost.rs b/creusot/src/validate/ghost.rs index bc43f0c988..a50f8ac1c6 100644 --- a/creusot/src/validate/ghost.rs +++ b/creusot/src/validate/ghost.rs @@ -29,16 +29,14 @@ impl<'tcx> LateLintPass<'tcx> for GhostValidate { return; } + let tcx = cx.tcx; + // Check that all captures are ghost/copy - let mut places = GhostValidatePlaces { - bound_variables: HashSet::new(), - tcx: cx.tcx, - errors: Vec::new(), - }; + let mut places = + GhostValidatePlaces { bound_variables: HashSet::new(), tcx, errors: Vec::new() }; let visitor = ExprUseVisitor::for_clippy(cx, expr.hir_id.owner.def_id, &mut places); // Error type is `!` let _ = visitor.walk_expr(expr); - let tcx = cx.tcx; for &(id, base, written) in &places.errors { let mut err = if written { tcx.dcx().struct_err("cannot write to a non-ghost variable in a `ghost!` block") @@ -58,7 +56,7 @@ impl<'tcx> LateLintPass<'tcx> for GhostValidate { } err.emit(); } - cx.tcx.dcx().abort_if_errors(); + tcx.dcx().abort_if_errors(); } } @@ -116,6 +114,16 @@ impl<'tcx> Delegate<'tcx> for GhostValidatePlaces<'tcx> { if self.bound_in_block(place_with_id) || self.is_ghost_box(ty) { return; } + + let mut enclosing_def_ids = self.tcx.hir().parent_iter(place_with_id.hir_id); + if enclosing_def_ids.any(|(_, node)| { + node.associated_body().is_some_and(|(def_id, _)| { + crate::contracts_items::is_pearlite(self.tcx, def_id.to_def_id()) + }) + }) { + // Moving into a pearlite closure is ok + return; + } self.errors.push((diag_expr_id, base_hir_node(place_with_id), false)); } @@ -126,16 +134,13 @@ impl<'tcx> Delegate<'tcx> for GhostValidatePlaces<'tcx> { bk: rustc_middle::ty::BorrowKind, ) { let ty = place_with_id.place.ty(); - if self.bound_in_block(place_with_id) || self.is_ghost_box(ty) { + if self.bound_in_block(place_with_id) + || self.is_ghost_box(ty) + || bk == rustc_middle::ty::BorrowKind::Immutable + { return; } - match bk { - rustc_middle::ty::BorrowKind::Immutable => {} - rustc_middle::ty::BorrowKind::UniqueImmutable - | rustc_middle::ty::BorrowKind::Mutable => { - self.errors.push((diag_expr_id, base_hir_node(place_with_id), true)); - } - } + self.errors.push((diag_expr_id, base_hir_node(place_with_id), true)); } fn mutate(&mut self, assignee_place: &PlaceWithHirId<'tcx>, diag_expr_id: HirId) { diff --git a/creusot/tests/should_succeed/ghost/snapshot_in_ghost.coma b/creusot/tests/should_succeed/ghost/snapshot_in_ghost.coma index 38c4c7f72b..dd45e7cba5 100644 --- a/creusot/tests/should_succeed/ghost/snapshot_in_ghost.coma +++ b/creusot/tests/should_succeed/ghost/snapshot_in_ghost.coma @@ -81,3 +81,55 @@ module M_snapshot_in_ghost__is_pure [#"snapshot_in_ghost.rs" 14 0 14 16] [ return' (result:())-> (! return' {result}) ] end +module M_snapshot_in_ghost__bar [#"snapshot_in_ghost.rs" 21 0 21 12] + let%span ssnapshot_in_ghost0 = "snapshot_in_ghost.rs" 22 21 22 25 + let%span ssnapshot_in_ghost1 = "snapshot_in_ghost.rs" 24 16 24 28 + let%span ssnapshot_in_ghost2 = "snapshot_in_ghost.rs" 25 22 25 55 + let%span sghost3 = "../../../../creusot-contracts/src/ghost.rs" 185 15 185 16 + let%span sghost4 = "../../../../creusot-contracts/src/ghost.rs" 185 4 185 28 + let%span sghost5 = "../../../../creusot-contracts/src/ghost.rs" 183 14 183 28 + + use creusot.int.Int32 + + use creusot.prelude.Snapshot + + predicate inv'0 (_1 : ()) + + axiom inv_axiom'0 [@rewrite] : forall x : () [inv'0 x] . inv'0 x = true + + type t_GhostBox'0 = + { t_GhostBox__0'0: () } + + predicate inv'1 (_1 : t_GhostBox'0) + + axiom inv_axiom'1 [@rewrite] : forall x : t_GhostBox'0 [inv'1 x] . inv'1 x = true + + let rec new'0 (x:()) (return' (ret:t_GhostBox'0))= {[@expl:new 'x' type invariant] [%#sghost3] inv'0 x} + any + [ return' (result:t_GhostBox'0)-> {[%#sghost4] inv'1 result} + {[%#sghost5] result.t_GhostBox__0'0 = x} + (! return' {result}) ] + + + use creusot.prelude.Intrinsic + + use creusot.prelude.Snapshot + + meta "compute_max_steps" 1000000 + + let rec bar'0[#"snapshot_in_ghost.rs" 21 0 21 12] (_1:()) (return' (ret:()))= (! bb0 + [ bb0 = s0 [ s0 = [ &x <- [%#ssnapshot_in_ghost0] (1 : Int32.t) ] s1 | s1 = bb1 ] + | bb1 = s0 [ s0 = [ &_4 <- [%#ssnapshot_in_ghost1] Snapshot.new x ] s1 | s1 = bb2 ] + | bb2 = s0 [ s0 = {[@expl:assertion] [%#ssnapshot_in_ghost2] exists y : Int32.t . x = y} s1 | s1 = bb3 ] + | bb3 = s0 [ s0 = new'0 {_3} (fun (_ret':t_GhostBox'0) -> [ &_2 <- _ret' ] s1) | s1 = bb4 ] + | bb4 = bb5 + | bb5 = bb6 + | bb6 = return' {_0} ] + ) + [ & _0 : () = Intrinsic.any_l () + | & x : Int32.t = Intrinsic.any_l () + | & _2 : t_GhostBox'0 = Intrinsic.any_l () + | & _3 : () = Intrinsic.any_l () + | & _4 : Snapshot.snap_ty Int32.t = Intrinsic.any_l () ] + [ return' (result:())-> (! return' {result}) ] +end diff --git a/creusot/tests/should_succeed/ghost/snapshot_in_ghost.rs b/creusot/tests/should_succeed/ghost/snapshot_in_ghost.rs index 62edb96329..7add4fcc03 100644 --- a/creusot/tests/should_succeed/ghost/snapshot_in_ghost.rs +++ b/creusot/tests/should_succeed/ghost/snapshot_in_ghost.rs @@ -15,3 +15,13 @@ pub fn is_pure() { let x = snapshot!(1); proof_assert!(*x == 1); } + +// Check that we can make move variable into pearlite functions, without triggering the +// "program variable used in ghost block" check. +pub fn bar() { + let x = Box::new(1i32); + ghost! { + let _ = snapshot!(x); + proof_assert!(exists **Box::new(x) == y); + }; +} From 912d261ca2e10b409583b8ecc75fb128bcd3d8f3 Mon Sep 17 00:00:00 2001 From: arnaudgolfouse Date: Tue, 18 Feb 2025 16:29:27 +0100 Subject: [PATCH 6/6] Update tests --- .../ghost/capture_non_copy_data.stderr | 4 +- .../should_fail/ghost/deref_in_program.stderr | 10 +- .../ghost/mutate_in_program.stderr | 2 +- .../tests/should_fail/ghost/non_pure.stderr | 2 +- .../should_fail/ghost/non_terminating.rs | 1 + .../should_fail/ghost/non_terminating.stderr | 31 +- .../should_succeed/ghost/assert_in_ghost.coma | 168 +- .../ghost/assert_in_ghost/proof.json | 15 +- .../ghost/disjoint_raw_ptr.coma | 266 +- .../ghost/disjoint_raw_ptr/proof.json | 11 +- .../tests/should_succeed/ghost/ghost_map.coma | 950 +++-- .../should_succeed/ghost/ghost_map/proof.json | 64 +- .../tests/should_succeed/ghost/ghost_set.coma | 406 +- .../should_succeed/ghost/ghost_set/proof.json | 7 +- .../tests/should_succeed/ghost/ghost_vec.coma | 1003 +++-- .../should_succeed/ghost/ghost_vec/proof.json | 6 +- .../tests/should_succeed/ghost/integers.coma | 155 +- .../should_succeed/ghost/integers/proof.json | 9 +- .../ghost/snapshot_in_ghost.coma | 25 +- .../ghost/snapshot_in_ghost/proof.json | 9 +- .../tests/should_succeed/ghost/typing.coma | 249 +- .../should_succeed/ghost/typing/proof.json | 11 +- creusot/tests/should_succeed/linked_list.coma | 1117 +++--- .../should_succeed/linked_list/proof.json | 39 +- .../should_succeed/syntax/int_suffix.coma | 55 +- .../syntax/int_suffix/proof.json | 3 +- creusot/tests/should_succeed/union_find.coma | 3385 ++++++++--------- .../should_succeed/union_find/proof.json | 815 ++-- 28 files changed, 3917 insertions(+), 4901 deletions(-) diff --git a/creusot/tests/should_fail/ghost/capture_non_copy_data.stderr b/creusot/tests/should_fail/ghost/capture_non_copy_data.stderr index 356cdba101..e0e1ae7c9e 100644 --- a/creusot/tests/should_fail/ghost/capture_non_copy_data.stderr +++ b/creusot/tests/should_fail/ghost/capture_non_copy_data.stderr @@ -1,10 +1,10 @@ -error: not a ghost variable: v +error: cannot move a non-ghost variable into a `ghost!` block --> capture_non_copy_data.rs:5:12 | 5 | ghost!(v); | ^ | -note: variable defined here +note: variable defined here is not copy --> capture_non_copy_data.rs:4:30 | 4 | pub fn capture_non_copy_data(v: Vec) { diff --git a/creusot/tests/should_fail/ghost/deref_in_program.stderr b/creusot/tests/should_fail/ghost/deref_in_program.stderr index c8711ffee6..df4a9398c9 100644 --- a/creusot/tests/should_fail/ghost/deref_in_program.stderr +++ b/creusot/tests/should_fail/ghost/deref_in_program.stderr @@ -2,21 +2,19 @@ error: dereference of a ghost variable in program context --> deref_in_program.rs:6:20 | 6 | let _: &i32 = &*g; - | ^^ help: try wrapping this expression in a ghost block: `ghost!{ *g }` + | ^^ error: dereference of a ghost variable in program context --> deref_in_program.rs:11:28 | 11 | let _: &mut i32 = &mut *g; - | ^^ help: try wrapping this expression in a ghost block: `ghost!{ *g }` + | ^^ error: trying to access the contents of a ghost variable in program context - --> deref_in_program.rs:16:20 + --> deref_in_program.rs:16:18 | 16 | let _: i32 = g.into_inner(); - | ^^^^^^^^^^^^ - | - = note: This method can only be used inside a `ghost!` block + | ^^^^^^^^^^^^^^ error: aborting due to 3 previous errors diff --git a/creusot/tests/should_fail/ghost/mutate_in_program.stderr b/creusot/tests/should_fail/ghost/mutate_in_program.stderr index 93a303799c..3c1e8c28a9 100644 --- a/creusot/tests/should_fail/ghost/mutate_in_program.stderr +++ b/creusot/tests/should_fail/ghost/mutate_in_program.stderr @@ -2,7 +2,7 @@ error: dereference of a ghost variable in program context --> mutate_in_program.rs:6:5 | 6 | *g = 3; - | ^^ help: try wrapping this expression in a ghost block: `ghost!{ *g }` + | ^^ error: aborting due to 1 previous error diff --git a/creusot/tests/should_fail/ghost/non_pure.stderr b/creusot/tests/should_fail/ghost/non_pure.stderr index f519776a58..4d7c12d3de 100644 --- a/creusot/tests/should_fail/ghost/non_pure.stderr +++ b/creusot/tests/should_fail/ghost/non_pure.stderr @@ -1,4 +1,4 @@ -error: called program (terminates) function `terminating` in program (pure) context +error: called non-pure function `terminating` in ghost context --> non_pure.rs:9:9 | 9 | terminating(); diff --git a/creusot/tests/should_fail/ghost/non_terminating.rs b/creusot/tests/should_fail/ghost/non_terminating.rs index d6575eae43..ccfb30655d 100644 --- a/creusot/tests/should_fail/ghost/non_terminating.rs +++ b/creusot/tests/should_fail/ghost/non_terminating.rs @@ -14,6 +14,7 @@ fn f() { recursive(); } +#[allow(unreachable_code)] pub fn looping() { let _g: GhostBox = ghost! { loop {} diff --git a/creusot/tests/should_fail/ghost/non_terminating.stderr b/creusot/tests/should_fail/ghost/non_terminating.stderr index 068db4028b..d1e97f63c9 100644 --- a/creusot/tests/should_fail/ghost/non_terminating.stderr +++ b/creusot/tests/should_fail/ghost/non_terminating.stderr @@ -1,31 +1,8 @@ -warning: unreachable call - --> non_terminating.rs:18:29 +error: `ghost!` blocks must not contain loops. + --> non_terminating.rs:20:9 | -18 | let _g: GhostBox = ghost! { - | _____________________________^ -19 | | loop {} - | | ------- any code following this expression is unreachable -20 | | }; - | |_____^ unreachable call - | - = note: `#[warn(unreachable_code)]` on by default - = note: this warning originates in the macro `ghost` (in Nightly builds, run with -Z macro-backtrace for more info) - -error: `ghost!` block must not contain loops. - --> non_terminating.rs:18:29 - | -18 | let _g: GhostBox = ghost! { - | _____________________________^ -19 | | loop {} -20 | | }; - | |_____^ - | -note: looping occurs here - --> non_terminating.rs:19:9 - | -19 | loop {} +20 | loop {} | ^^^^^^^ - = note: this error originates in the macro `ghost` (in Nightly builds, run with -Z macro-backtrace for more info) error: Mutually recursive functions: when calling `f`... --> non_terminating.rs:13:1 @@ -44,5 +21,5 @@ note: finally `recursive` calls `f`. 7 | f(); | ^^^ -error: aborting due to 2 previous errors; 1 warning emitted +error: aborting due to 2 previous errors diff --git a/creusot/tests/should_succeed/ghost/assert_in_ghost.coma b/creusot/tests/should_succeed/ghost/assert_in_ghost.coma index 73b1596a54..9a85caee9e 100644 --- a/creusot/tests/should_succeed/ghost/assert_in_ghost.coma +++ b/creusot/tests/should_succeed/ghost/assert_in_ghost.coma @@ -27,23 +27,14 @@ module M_assert_in_ghost__ghost_only [#"assert_in_ghost.rs" 4 0 4 19] use creusot.prelude.Intrinsic - let rec closure0'0[#"assert_in_ghost.rs" 5 4 8 5] [@coma:extspec] (_1:()) (return' (ret:t_GhostBox'0))= bb0 - [ bb0 = s0 - [ s0 = [ &x <- [%#sassert_in_ghost0] (1 : Int32.t) ] s1 - | s1 = {[@expl:assertion] [%#sassert_in_ghost1] x = (1 : Int32.t)} s2 - | s2 = new'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_0 <- _ret' ] s3) - | s3 = bb1 ] - - | bb1 = return' {_0} ] - [ & _0 : t_GhostBox'0 = Intrinsic.any_l () | & _2 : () = Intrinsic.any_l () | & x : Int32.t = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'0)-> return' {result} ] - - meta "compute_max_steps" 1000000 let rec ghost_only'0[#"assert_in_ghost.rs" 4 0 4 19] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &_2 <- () ] s1 | s1 = closure0'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_1 <- _ret' ] s2) | s2 = bb1 ] + [ s0 = [ &x <- [%#sassert_in_ghost0] (1 : Int32.t) ] s1 + | s1 = {[@expl:assertion] [%#sassert_in_ghost1] x = (1 : Int32.t)} s2 + | s2 = new'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_1 <- _ret' ] s3) + | s3 = bb1 ] | bb1 = bb2 | bb2 = return' {_0} ] @@ -51,7 +42,7 @@ module M_assert_in_ghost__ghost_only [#"assert_in_ghost.rs" 4 0 4 19] [ & _0 : () = Intrinsic.any_l () | & _1 : t_GhostBox'0 = Intrinsic.any_l () | & _2 : () = Intrinsic.any_l () - | & _3 : () = Intrinsic.any_l () ] + | & x : Int32.t = Intrinsic.any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_assert_in_ghost__ghost_capture [#"assert_in_ghost.rs" 11 0 11 22] @@ -83,32 +74,15 @@ module M_assert_in_ghost__ghost_capture [#"assert_in_ghost.rs" 11 0 11 22] use creusot.prelude.Intrinsic - type closure0'1 = - { field_0'0: Int32.t } - - let rec closure0'0[#"assert_in_ghost.rs" 14 4 17 5] [@coma:extspec] (_1:closure0'1) (return' (ret:t_GhostBox'0))= bb0 - [ bb0 = s0 - [ s0 = [ &y <- _1.field_0'0 ] s1 - | s1 = {[@expl:assertion] [%#sassert_in_ghost1] y = (42 : Int32.t)} s2 - | s2 = new'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_0 <- _ret' ] s3) - | s3 = bb1 ] - - | bb1 = return' {_0} ] - - [ & _0 : t_GhostBox'0 = Intrinsic.any_l () - | & _1 : closure0'1 = _1 - | & _2 : () = Intrinsic.any_l () - | & y : Int32.t = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'0)-> return' {result} ] - meta "compute_max_steps" 1000000 let rec ghost_capture'0[#"assert_in_ghost.rs" 11 0 11 22] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#sassert_in_ghost0] (42 : Int32.t) ] s1 - | s1 = [ &_3 <- { field_0'0 = x } ] s2 - | s2 = closure0'0 {_3} (fun (_ret':t_GhostBox'0) -> [ &_2 <- _ret' ] s3) - | s3 = bb1 ] + | s1 = [ &y <- x ] s2 + | s2 = {[@expl:assertion] [%#sassert_in_ghost1] y = (42 : Int32.t)} s3 + | s3 = new'0 {_3} (fun (_ret':t_GhostBox'0) -> [ &_2 <- _ret' ] s4) + | s4 = bb1 ] | bb1 = bb2 | bb2 = return' {_0} ] @@ -116,8 +90,8 @@ module M_assert_in_ghost__ghost_capture [#"assert_in_ghost.rs" 11 0 11 22] [ & _0 : () = Intrinsic.any_l () | & x : Int32.t = Intrinsic.any_l () | & _2 : t_GhostBox'0 = Intrinsic.any_l () - | & _3 : closure0'1 = Intrinsic.any_l () - | & _5 : () = Intrinsic.any_l () ] + | & _3 : () = Intrinsic.any_l () + | & y : Int32.t = Intrinsic.any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_assert_in_ghost__ghost_mutate [#"assert_in_ghost.rs" 20 0 20 21] @@ -155,19 +129,6 @@ module M_assert_in_ghost__ghost_mutate [#"assert_in_ghost.rs" 20 0 20 21] (! return' {result}) ] - use creusot.prelude.Intrinsic - - let rec closure0'0[#"assert_in_ghost.rs" 21 16 21 37] [@coma:extspec] (_1:()) (return' (ret:t_GhostBox'0))= bb0 - [ bb0 = s0 - [ s0 = [ &_2 <- (([%#sassert_in_ghost0] (2 : Int32.t)), ([%#sassert_in_ghost1] (3 : Int32.t))) ] s1 - | s1 = new'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_0 <- _ret' ] s2) - | s2 = bb1 ] - - | bb1 = return' {_0} ] - [ & _0 : t_GhostBox'0 = Intrinsic.any_l () | & _2 : (Int32.t, Int32.t) = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'0)-> return' {result} ] - - use creusot.prelude.MutBorrow predicate inv'2 (_1 : MutBorrow.t (t_GhostBox'0)) @@ -186,23 +147,11 @@ module M_assert_in_ghost__ghost_mutate [#"assert_in_ghost.rs" 20 0 20 21] (! return' {result}) ] - predicate resolve'2 (self : MutBorrow.t (Int32.t, Int32.t)) = + predicate resolve'1 (self : MutBorrow.t (Int32.t, Int32.t)) = [%#sresolve12] self.final = self.current predicate resolve'0 (_1 : MutBorrow.t (Int32.t, Int32.t)) = - resolve'2 _1 - - type closure1'1 = - { field_0'0: MutBorrow.t (t_GhostBox'0) } - - predicate resolve'4 (self : MutBorrow.t (t_GhostBox'0)) = - [%#sresolve12] self.final = self.current - - predicate resolve'3 (_1 : MutBorrow.t (t_GhostBox'0)) = - resolve'4 _1 - - predicate resolve'1 (_1 : closure1'1) = - resolve'3 _1.field_0'0 + resolve'1 _1 predicate inv'4 (_1 : ()) @@ -222,86 +171,53 @@ module M_assert_in_ghost__ghost_mutate [#"assert_in_ghost.rs" 20 0 20 21] (! return' {result}) ] - let rec closure1'0[#"assert_in_ghost.rs" 23 4 25 5] [@coma:extspec] (_1:closure1'1) (return' (ret:t_GhostBox'1))= bb0 - [ bb0 = s0 - [ s0 = MutBorrow.borrow_final {(_1.field_0'0).current} {MutBorrow.get_id _1.field_0'0} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_4 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s1) - | s1 = deref_mut'0 {_4} (fun (_ret':MutBorrow.t (Int32.t, Int32.t)) -> [ &_3 <- _ret' ] s2) - | s2 = bb1 ] - - | bb1 = s0 - [ s0 = - [ &_3 <- { _3 with current = (let (_, r'1) = _3.current in (([%#sassert_in_ghost2] (4 : Int32.t)), r'1)) } ] - - s1 - | s1 = -{resolve'0 _3}- s2 - | s2 = -{resolve'1 _1}- s3 - | s3 = new'1 {_2} (fun (_ret':t_GhostBox'1) -> [ &_0 <- _ret' ] s4) - | s4 = bb2 ] - - | bb2 = return' {_0} ] - - [ & _0 : t_GhostBox'1 = Intrinsic.any_l () - | & _1 : closure1'1 = _1 - | & _2 : () = Intrinsic.any_l () - | & _3 : MutBorrow.t (Int32.t, Int32.t) = Intrinsic.any_l () - | & _4 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'1)-> return' {result} ] - function inner_logic'0 (self : t_GhostBox'0) : (Int32.t, Int32.t) = [%#sghost11] self.t_GhostBox__0'0 - type closure2'1 = - { field_0'1: t_GhostBox'0 } - - let rec closure2'0[#"assert_in_ghost.rs" 27 4 30 5] [@coma:extspec] (_1:closure2'1) (return' (ret:t_GhostBox'1))= bb0 - [ bb0 = s0 - [ s0 = {[@expl:assertion] [%#sassert_in_ghost3] (let (a, _) = inner_logic'0 _1.field_0'1 in a) = (4 : Int32.t)} s1 - | s1 = {[@expl:assertion] [%#sassert_in_ghost4] (let (_, a) = inner_logic'0 _1.field_0'1 in a) = (3 : Int32.t)} s2 - | s2 = new'1 {_2} (fun (_ret':t_GhostBox'1) -> [ &_0 <- _ret' ] s3) - | s3 = bb1 ] - - | bb1 = return' {_0} ] - [ & _0 : t_GhostBox'1 = Intrinsic.any_l () | & _1 : closure2'1 = _1 | & _2 : () = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'1)-> return' {result} ] - + use creusot.prelude.Intrinsic meta "compute_max_steps" 1000000 let rec ghost_mutate'0[#"assert_in_ghost.rs" 20 0 20 21] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &_2 <- () ] s1 | s1 = closure0'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &p <- _ret' ] s2) | s2 = bb1 ] + [ s0 = [ &_2 <- (([%#sassert_in_ghost0] (2 : Int32.t)), ([%#sassert_in_ghost1] (3 : Int32.t))) ] s1 + | s1 = new'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &p <- _ret' ] s2) + | s2 = bb1 ] | bb1 = s0 [ s0 = MutBorrow.borrow_mut {p} (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_6 <- _ret' ] [ &p <- _ret'.final ] s1) - | s1 = [ &_5 <- { field_0'0 = _6 } ] s2 - | s2 = closure1'0 {_5} (fun (_ret':t_GhostBox'1) -> [ &_4 <- _ret' ] s3) - | s3 = bb2 ] + | s1 = deref_mut'0 {_6} (fun (_ret':MutBorrow.t (Int32.t, Int32.t)) -> [ &_5 <- _ret' ] s2) + | s2 = bb2 ] - | bb2 = bb3 - | bb3 = s0 - [ s0 = [ &_9 <- { field_0'1 = p } ] s1 - | s1 = closure2'0 {_9} (fun (_ret':t_GhostBox'1) -> [ &_8 <- _ret' ] s2) - | s2 = bb4 ] + | bb2 = s0 + [ s0 = + [ &_5 <- { _5 with current = (let (_, r'1) = _5.current in (([%#sassert_in_ghost2] (4 : Int32.t)), r'1)) } ] + + s1 + | s1 = -{resolve'0 _5}- s2 + | s2 = new'1 {_4} (fun (_ret':t_GhostBox'1) -> [ &_3 <- _ret' ] s3) + | s3 = bb3 ] + + | bb3 = bb4 + | bb4 = s0 + [ s0 = {[@expl:assertion] [%#sassert_in_ghost3] (let (a, _) = inner_logic'0 p in a) = (4 : Int32.t)} s1 + | s1 = {[@expl:assertion] [%#sassert_in_ghost4] (let (_, a) = inner_logic'0 p in a) = (3 : Int32.t)} s2 + | s2 = new'1 {_8} (fun (_ret':t_GhostBox'1) -> [ &_7 <- _ret' ] s3) + | s3 = bb5 ] - | bb4 = bb5 | bb5 = bb6 - | bb6 = return' {_0} ] + | bb6 = bb7 + | bb7 = return' {_0} ] ) [ & _0 : () = Intrinsic.any_l () | & p : t_GhostBox'0 = Intrinsic.any_l () - | & _2 : () = Intrinsic.any_l () - | & _3 : () = Intrinsic.any_l () - | & _4 : t_GhostBox'1 = Intrinsic.any_l () - | & _5 : closure1'1 = Intrinsic.any_l () + | & _2 : (Int32.t, Int32.t) = Intrinsic.any_l () + | & _3 : t_GhostBox'1 = Intrinsic.any_l () + | & _4 : () = Intrinsic.any_l () + | & _5 : MutBorrow.t (Int32.t, Int32.t) = Intrinsic.any_l () | & _6 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & _7 : () = Intrinsic.any_l () - | & _8 : t_GhostBox'1 = Intrinsic.any_l () - | & _9 : closure2'1 = Intrinsic.any_l () - | & _11 : () = Intrinsic.any_l () ] + | & _7 : t_GhostBox'1 = Intrinsic.any_l () + | & _8 : () = Intrinsic.any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/ghost/assert_in_ghost/proof.json b/creusot/tests/should_succeed/ghost/assert_in_ghost/proof.json index 0a9e7fdb93..9fa1d6f25c 100644 --- a/creusot/tests/should_succeed/ghost/assert_in_ghost/proof.json +++ b/creusot/tests/should_succeed/ghost/assert_in_ghost/proof.json @@ -7,23 +7,18 @@ ], "proofs": { "M_assert_in_ghost__ghost_capture": { - "vc_closure0'0": { "prover": "cvc5@1.0.5", "time": 0.03 }, - "vc_ghost_capture'0": { "prover": "cvc5@1.0.5", "time": 0.064 }, - "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.061 } + "vc_ghost_capture'0": { "prover": "cvc5@1.0.5", "time": 0.022 }, + "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.03 } }, "M_assert_in_ghost__ghost_mutate": { - "vc_closure0'0": { "prover": "cvc5@1.0.5", "time": 0.029 }, - "vc_closure1'0": { "prover": "cvc5@1.0.5", "time": 0.02 }, - "vc_closure2'0": { "prover": "cvc5@1.0.5", "time": 0.032 }, - "vc_deref_mut'0": { "prover": "cvc5@1.0.5", "time": 0.034 }, + "vc_deref_mut'0": { "prover": "cvc5@1.0.5", "time": 0.016 }, "vc_ghost_mutate'0": { "prover": "cvc5@1.0.5", "time": 0.036 }, "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.026 }, "vc_new'1": { "prover": "cvc5@1.0.5", "time": 0.028 } }, "M_assert_in_ghost__ghost_only": { - "vc_closure0'0": { "prover": "cvc5@1.0.5", "time": 0.063 }, - "vc_ghost_only'0": { "prover": "cvc5@1.0.5", "time": 0.061 }, - "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.064 } + "vc_ghost_only'0": { "prover": "cvc5@1.0.5", "time": 0.022 }, + "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.03 } } } } diff --git a/creusot/tests/should_succeed/ghost/disjoint_raw_ptr.coma b/creusot/tests/should_succeed/ghost/disjoint_raw_ptr.coma index 3484c5aed0..a684680842 100644 --- a/creusot/tests/should_succeed/ghost/disjoint_raw_ptr.coma +++ b/creusot/tests/should_succeed/ghost/disjoint_raw_ptr.coma @@ -6,26 +6,26 @@ module M_disjoint_raw_ptr__foo [#"disjoint_raw_ptr.rs" 4 0 4 12] let%span sptr_own4 = "../../../../creusot-contracts/src/ptr_own.rs" 52 15 52 16 let%span sptr_own5 = "../../../../creusot-contracts/src/ptr_own.rs" 52 4 52 56 let%span sptr_own6 = "../../../../creusot-contracts/src/ptr_own.rs" 51 14 51 64 - let%span sghost7 = "../../../../creusot-contracts/src/ghost.rs" 228 9 228 15 - let%span sghost8 = "../../../../creusot-contracts/src/ghost.rs" 141 27 141 31 - let%span sghost9 = "../../../../creusot-contracts/src/ghost.rs" 141 4 141 52 - let%span sghost10 = "../../../../creusot-contracts/src/ghost.rs" 140 14 140 39 - let%span sghost11 = "../../../../creusot-contracts/src/ghost.rs" 85 22 85 26 - let%span sghost12 = "../../../../creusot-contracts/src/ghost.rs" 85 4 85 48 - let%span sghost13 = "../../../../creusot-contracts/src/ghost.rs" 84 14 84 36 - let%span sghost14 = "../../../../creusot-contracts/src/ghost.rs" 127 19 127 23 - let%span sghost15 = "../../../../creusot-contracts/src/ghost.rs" 127 4 127 40 - let%span sghost16 = "../../../../creusot-contracts/src/ghost.rs" 126 14 126 35 - let%span sghost17 = "../../../../creusot-contracts/src/ghost.rs" 69 14 69 18 - let%span sghost18 = "../../../../creusot-contracts/src/ghost.rs" 69 4 69 36 - let%span sghost19 = "../../../../creusot-contracts/src/ghost.rs" 68 14 68 35 - let%span sptr_own20 = "../../../../creusot-contracts/src/ptr_own.rs" 108 26 108 30 - let%span sptr_own21 = "../../../../creusot-contracts/src/ptr_own.rs" 108 48 108 52 - let%span sptr_own22 = "../../../../creusot-contracts/src/ptr_own.rs" 105 14 105 64 - let%span sptr_own23 = "../../../../creusot-contracts/src/ptr_own.rs" 106 14 106 28 - let%span sghost24 = "../../../../creusot-contracts/src/ghost.rs" 185 15 185 16 - let%span sghost25 = "../../../../creusot-contracts/src/ghost.rs" 185 4 185 28 - let%span sghost26 = "../../../../creusot-contracts/src/ghost.rs" 183 14 183 28 + let%span sghost7 = "../../../../creusot-contracts/src/ghost.rs" 141 27 141 31 + let%span sghost8 = "../../../../creusot-contracts/src/ghost.rs" 141 4 141 52 + let%span sghost9 = "../../../../creusot-contracts/src/ghost.rs" 140 14 140 39 + let%span sghost10 = "../../../../creusot-contracts/src/ghost.rs" 85 22 85 26 + let%span sghost11 = "../../../../creusot-contracts/src/ghost.rs" 85 4 85 48 + let%span sghost12 = "../../../../creusot-contracts/src/ghost.rs" 84 14 84 36 + let%span sghost13 = "../../../../creusot-contracts/src/ghost.rs" 127 19 127 23 + let%span sghost14 = "../../../../creusot-contracts/src/ghost.rs" 127 4 127 40 + let%span sghost15 = "../../../../creusot-contracts/src/ghost.rs" 126 14 126 35 + let%span sghost16 = "../../../../creusot-contracts/src/ghost.rs" 69 14 69 18 + let%span sghost17 = "../../../../creusot-contracts/src/ghost.rs" 69 4 69 36 + let%span sghost18 = "../../../../creusot-contracts/src/ghost.rs" 68 14 68 35 + let%span sptr_own19 = "../../../../creusot-contracts/src/ptr_own.rs" 108 26 108 30 + let%span sptr_own20 = "../../../../creusot-contracts/src/ptr_own.rs" 108 48 108 52 + let%span sptr_own21 = "../../../../creusot-contracts/src/ptr_own.rs" 105 14 105 64 + let%span sptr_own22 = "../../../../creusot-contracts/src/ptr_own.rs" 106 14 106 28 + let%span sghost23 = "../../../../creusot-contracts/src/ghost.rs" 185 15 185 16 + let%span sghost24 = "../../../../creusot-contracts/src/ghost.rs" 185 4 185 28 + let%span sghost25 = "../../../../creusot-contracts/src/ghost.rs" 183 14 183 28 + let%span sghost26 = "../../../../creusot-contracts/src/ghost.rs" 228 9 228 15 let%span sghost27 = "../../../../creusot-contracts/src/ghost.rs" 108 4 108 27 let%span sresolve28 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 let%span sresolve29 = "../../../../creusot-contracts/src/resolve.rs" 68 8 68 23 @@ -48,7 +48,7 @@ module M_disjoint_raw_ptr__foo [#"disjoint_raw_ptr.rs" 4 0 4 12] axiom inv_axiom'1 [@rewrite] : forall x : (Opaque.ptr, t_GhostBox'0) [inv'1 x] . inv'1 x = true function inner_logic'0 (self : t_GhostBox'0) : t_PtrOwn'0 = - [%#sghost7] self.t_GhostBox__0'0 + [%#sghost26] self.t_GhostBox__0'0 function ptr'0 (self : t_PtrOwn'0) : Opaque.ptr @@ -68,34 +68,34 @@ module M_disjoint_raw_ptr__foo [#"disjoint_raw_ptr.rs" 4 0 4 12] axiom inv_axiom'2 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'0) [inv'2 x] . inv'2 x = true - type t_GhostBox'2 = - { t_GhostBox__0'2: MutBorrow.t (t_PtrOwn'0) } + type t_GhostBox'1 = + { t_GhostBox__0'1: MutBorrow.t (t_PtrOwn'0) } - predicate inv'3 (_1 : t_GhostBox'2) + predicate inv'3 (_1 : t_GhostBox'1) - axiom inv_axiom'3 [@rewrite] : forall x : t_GhostBox'2 [inv'3 x] . inv'3 x = true + axiom inv_axiom'3 [@rewrite] : forall x : t_GhostBox'1 [inv'3 x] . inv'3 x = true - let rec borrow_mut'0 (self:MutBorrow.t (t_GhostBox'0)) (return' (ret:t_GhostBox'2))= {[@expl:borrow_mut 'self' type invariant] [%#sghost8] inv'2 self} + let rec borrow_mut'0 (self:MutBorrow.t (t_GhostBox'0)) (return' (ret:t_GhostBox'1))= {[@expl:borrow_mut 'self' type invariant] [%#sghost7] inv'2 self} any - [ return' (result:t_GhostBox'2)-> {[%#sghost9] inv'3 result} - {[%#sghost10] result.t_GhostBox__0'2 + [ return' (result:t_GhostBox'1)-> {[%#sghost8] inv'3 result} + {[%#sghost9] result.t_GhostBox__0'1 = MutBorrow.borrow_logic (self.current).t_GhostBox__0'0 (self.final).t_GhostBox__0'0 (MutBorrow.inherit_id (MutBorrow.get_id self) 1)} (! return' {result}) ] - predicate inv'4 (_1 : MutBorrow.t (t_GhostBox'2)) + predicate inv'4 (_1 : MutBorrow.t (t_GhostBox'1)) - axiom inv_axiom'4 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'2) [inv'4 x] . inv'4 x = true + axiom inv_axiom'4 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'1) [inv'4 x] . inv'4 x = true predicate inv'5 (_1 : MutBorrow.t (MutBorrow.t (t_PtrOwn'0))) axiom inv_axiom'5 [@rewrite] : forall x : MutBorrow.t (MutBorrow.t (t_PtrOwn'0)) [inv'5 x] . inv'5 x = true - let rec deref_mut'0 (self:MutBorrow.t (t_GhostBox'2)) (return' (ret:MutBorrow.t (MutBorrow.t (t_PtrOwn'0))))= {[@expl:deref_mut 'self' type invariant] [%#sghost11] inv'4 self} + let rec deref_mut'0 (self:MutBorrow.t (t_GhostBox'1)) (return' (ret:MutBorrow.t (MutBorrow.t (t_PtrOwn'0))))= {[@expl:deref_mut 'self' type invariant] [%#sghost10] inv'4 self} any - [ return' (result:MutBorrow.t (MutBorrow.t (t_PtrOwn'0)))-> {[%#sghost12] inv'5 result} - {[%#sghost13] result - = MutBorrow.borrow_logic (self.current).t_GhostBox__0'2 (self.final).t_GhostBox__0'2 (MutBorrow.inherit_id (MutBorrow.get_id self) 1)} + [ return' (result:MutBorrow.t (MutBorrow.t (t_PtrOwn'0)))-> {[%#sghost11] inv'5 result} + {[%#sghost12] result + = MutBorrow.borrow_logic (self.current).t_GhostBox__0'1 (self.final).t_GhostBox__0'1 (MutBorrow.inherit_id (MutBorrow.get_id self) 1)} (! return' {result}) ] @@ -103,46 +103,46 @@ module M_disjoint_raw_ptr__foo [#"disjoint_raw_ptr.rs" 4 0 4 12] axiom inv_axiom'6 [@rewrite] : forall x : t_GhostBox'0 [inv'6 x] . inv'6 x = true - type t_GhostBox'3 = - { t_GhostBox__0'3: t_PtrOwn'0 } + type t_GhostBox'2 = + { t_GhostBox__0'2: t_PtrOwn'0 } - predicate inv'7 (_1 : t_GhostBox'3) + predicate inv'7 (_1 : t_GhostBox'2) - axiom inv_axiom'7 [@rewrite] : forall x : t_GhostBox'3 [inv'7 x] . inv'7 x = true + axiom inv_axiom'7 [@rewrite] : forall x : t_GhostBox'2 [inv'7 x] . inv'7 x = true - let rec borrow'0 (self:t_GhostBox'0) (return' (ret:t_GhostBox'3))= {[@expl:borrow 'self' type invariant] [%#sghost14] inv'6 self} + let rec borrow'0 (self:t_GhostBox'0) (return' (ret:t_GhostBox'2))= {[@expl:borrow 'self' type invariant] [%#sghost13] inv'6 self} any - [ return' (result:t_GhostBox'3)-> {[%#sghost15] inv'7 result} - {[%#sghost16] result.t_GhostBox__0'3 = self.t_GhostBox__0'0} + [ return' (result:t_GhostBox'2)-> {[%#sghost14] inv'7 result} + {[%#sghost15] result.t_GhostBox__0'2 = self.t_GhostBox__0'0} (! return' {result}) ] - predicate inv'8 (_1 : t_GhostBox'3) + predicate inv'8 (_1 : t_GhostBox'2) - axiom inv_axiom'8 [@rewrite] : forall x : t_GhostBox'3 [inv'8 x] . inv'8 x = true + axiom inv_axiom'8 [@rewrite] : forall x : t_GhostBox'2 [inv'8 x] . inv'8 x = true predicate inv'9 (_1 : t_PtrOwn'0) axiom inv_axiom'9 [@rewrite] : forall x : t_PtrOwn'0 [inv'9 x] . inv'9 x = true - let rec deref'0 (self:t_GhostBox'3) (return' (ret:t_PtrOwn'0))= {[@expl:deref 'self' type invariant] [%#sghost17] inv'8 self} + let rec deref'0 (self:t_GhostBox'2) (return' (ret:t_PtrOwn'0))= {[@expl:deref 'self' type invariant] [%#sghost16] inv'8 self} any - [ return' (result:t_PtrOwn'0)-> {[%#sghost18] inv'9 result} - {[%#sghost19] self.t_GhostBox__0'3 = result} + [ return' (result:t_PtrOwn'0)-> {[%#sghost17] inv'9 result} + {[%#sghost18] self.t_GhostBox__0'2 = result} (! return' {result}) ] - predicate resolve'11 (_1 : t_PtrOwn'0) = + predicate resolve'8 (_1 : t_PtrOwn'0) = true - predicate resolve'8 (self : t_PtrOwn'0) = - [%#sresolve29] resolve'11 self + predicate resolve'6 (self : t_PtrOwn'0) = + [%#sresolve29] resolve'8 self - predicate resolve'4 (self : t_GhostBox'3) = - [%#sghost27] resolve'8 self.t_GhostBox__0'3 + predicate resolve'3 (self : t_GhostBox'2) = + [%#sghost27] resolve'6 self.t_GhostBox__0'2 - predicate resolve'0 (_1 : t_GhostBox'3) = - resolve'4 _1 + predicate resolve'0 (_1 : t_GhostBox'2) = + resolve'3 _1 predicate inv'10 (_1 : MutBorrow.t (t_PtrOwn'0)) @@ -154,116 +154,55 @@ module M_disjoint_raw_ptr__foo [#"disjoint_raw_ptr.rs" 4 0 4 12] function addr_logic'0 (self : Opaque.ptr) : int - let rec disjoint_lemma'0 (own1:MutBorrow.t (t_PtrOwn'0)) (own2:t_PtrOwn'0) (return' (ret:()))= {[@expl:disjoint_lemma 'own1' type invariant] [%#sptr_own20] inv'10 own1} - {[@expl:disjoint_lemma 'own2' type invariant] [%#sptr_own21] inv'11 own2} + let rec disjoint_lemma'0 (own1:MutBorrow.t (t_PtrOwn'0)) (own2:t_PtrOwn'0) (return' (ret:()))= {[@expl:disjoint_lemma 'own1' type invariant] [%#sptr_own19] inv'10 own1} + {[@expl:disjoint_lemma 'own2' type invariant] [%#sptr_own20] inv'11 own2} any - [ return' (result:())-> {[%#sptr_own22] addr_logic'0 (ptr'0 own1.current) <> addr_logic'0 (ptr'0 own2)} - {[%#sptr_own23] own1.current = own1.final} + [ return' (result:())-> {[%#sptr_own21] addr_logic'0 (ptr'0 own1.current) <> addr_logic'0 (ptr'0 own2)} + {[%#sptr_own22] own1.current = own1.final} (! return' {result}) ] - predicate resolve'13 (self : MutBorrow.t (t_PtrOwn'0)) = + predicate resolve'10 (self : MutBorrow.t (t_PtrOwn'0)) = [%#sresolve28] self.final = self.current - predicate resolve'12 (_1 : MutBorrow.t (t_PtrOwn'0)) = - resolve'13 _1 + predicate resolve'9 (_1 : MutBorrow.t (t_PtrOwn'0)) = + resolve'10 _1 - predicate resolve'9 (self : MutBorrow.t (t_PtrOwn'0)) = - [%#sresolve29] resolve'12 self + predicate resolve'7 (self : MutBorrow.t (t_PtrOwn'0)) = + [%#sresolve29] resolve'9 self - predicate resolve'5 (self : t_GhostBox'2) = - [%#sghost27] resolve'9 self.t_GhostBox__0'2 + predicate resolve'4 (self : t_GhostBox'1) = + [%#sghost27] resolve'7 self.t_GhostBox__0'1 - predicate resolve'1 (_1 : t_GhostBox'2) = - resolve'5 _1 + predicate resolve'1 (_1 : t_GhostBox'1) = + resolve'4 _1 - predicate resolve'6 (self : MutBorrow.t (MutBorrow.t (t_PtrOwn'0))) = + predicate resolve'5 (self : MutBorrow.t (MutBorrow.t (t_PtrOwn'0))) = [%#sresolve28] self.final = self.current predicate resolve'2 (_1 : MutBorrow.t (MutBorrow.t (t_PtrOwn'0))) = - resolve'6 _1 - - type closure0'1 = - { field_0'0: MutBorrow.t (t_GhostBox'0); field_1'0: t_GhostBox'0 } - - predicate resolve'10 (self : MutBorrow.t (t_GhostBox'0)) = - [%#sresolve28] self.final = self.current - - predicate resolve'7 (_1 : MutBorrow.t (t_GhostBox'0)) = - resolve'10 _1 - - predicate resolve'3 (_1 : closure0'1) = - resolve'7 _1.field_0'0 + resolve'5 _1 predicate inv'12 (_1 : ()) axiom inv_axiom'12 [@rewrite] : forall x : () [inv'12 x] . inv'12 x = true - type t_GhostBox'1 = - { t_GhostBox__0'1: () } + type t_GhostBox'3 = + { t_GhostBox__0'3: () } - predicate inv'13 (_1 : t_GhostBox'1) + predicate inv'13 (_1 : t_GhostBox'3) - axiom inv_axiom'13 [@rewrite] : forall x : t_GhostBox'1 [inv'13 x] . inv'13 x = true + axiom inv_axiom'13 [@rewrite] : forall x : t_GhostBox'3 [inv'13 x] . inv'13 x = true - let rec new'1 (x:()) (return' (ret:t_GhostBox'1))= {[@expl:new 'x' type invariant] [%#sghost24] inv'12 x} + let rec new'1 (x:()) (return' (ret:t_GhostBox'3))= {[@expl:new 'x' type invariant] [%#sghost23] inv'12 x} any - [ return' (result:t_GhostBox'1)-> {[%#sghost25] inv'13 result} - {[%#sghost26] result.t_GhostBox__0'1 = x} + [ return' (result:t_GhostBox'3)-> {[%#sghost24] inv'13 result} + {[%#sghost25] result.t_GhostBox__0'3 = x} (! return' {result}) ] use creusot.prelude.Intrinsic - let rec closure0'0[#"disjoint_raw_ptr.rs" 8 4 10 5] [@coma:extspec] (_1:closure0'1) (return' (ret:t_GhostBox'1))= bb0 - [ bb0 = s0 - [ s0 = MutBorrow.borrow_final {(_1.field_0'0).current} {MutBorrow.get_id _1.field_0'0} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_8 <- _ret' ] - [ &_1 <- { _1 with field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s1) - | s1 = borrow_mut'0 {_8} (fun (_ret':t_GhostBox'2) -> [ &_7 <- _ret' ] s2) - | s2 = bb1 ] - - | bb1 = s0 - [ s0 = MutBorrow.borrow_mut {_7} - (fun (_ret':MutBorrow.t (t_GhostBox'2)) -> [ &_6 <- _ret' ] [ &_7 <- _ret'.final ] s1) - | s1 = deref_mut'0 {_6} (fun (_ret':MutBorrow.t (MutBorrow.t (t_PtrOwn'0))) -> [ &_5 <- _ret' ] s2) - | s2 = bb2 ] - - | bb2 = s0 - [ s0 = MutBorrow.borrow_mut {(_5.current).current} - (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> - [ &_4 <- _ret' ] - [ &_5 <- { _5 with current = { _5.current with current = _ret'.final } } ] - s1) - | s1 = borrow'0 {_1.field_1'0} (fun (_ret':t_GhostBox'3) -> [ &_12 <- _ret' ] s2) - | s2 = bb3 ] - - | bb3 = s0 [ s0 = deref'0 {_12} (fun (_ret':t_PtrOwn'0) -> [ &_10 <- _ret' ] s1) | s1 = bb4 ] - | bb4 = s0 - [ s0 = -{resolve'0 _12}- s1 - | s1 = disjoint_lemma'0 {_4} {_10} (fun (_ret':()) -> [ &_3 <- _ret' ] s2) - | s2 = bb5 ] - - | bb5 = s0 [ s0 = -{resolve'1 _7}- s1 | s1 = -{resolve'2 _5}- s2 | s2 = -{resolve'3 _1}- s3 | s3 = bb6 ] - | bb6 = bb7 - | bb7 = s0 [ s0 = new'1 {_2} (fun (_ret':t_GhostBox'1) -> [ &_0 <- _ret' ] s1) | s1 = bb8 ] - | bb8 = return' {_0} ] - - [ & _0 : t_GhostBox'1 = Intrinsic.any_l () - | & _1 : closure0'1 = _1 - | & _2 : () = Intrinsic.any_l () - | & _3 : () = Intrinsic.any_l () - | & _4 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () - | & _5 : MutBorrow.t (MutBorrow.t (t_PtrOwn'0)) = Intrinsic.any_l () - | & _6 : MutBorrow.t (t_GhostBox'2) = Intrinsic.any_l () - | & _7 : t_GhostBox'2 = Intrinsic.any_l () - | & _8 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & _10 : t_PtrOwn'0 = Intrinsic.any_l () - | & _12 : t_GhostBox'3 = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'1)-> return' {result} ] - meta "compute_max_steps" 1000000 let rec foo'0[#"disjoint_raw_ptr.rs" 4 0 4 12] (_1:()) (return' (ret:()))= (! bb0 @@ -285,16 +224,39 @@ module M_disjoint_raw_ptr__foo [#"disjoint_raw_ptr.rs" 4 0 4 12] | bb4 = s0 [ s0 = MutBorrow.borrow_mut {own1} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_9 <- _ret' ] [ &own1 <- _ret'.final ] s1) - | s1 = [ &_8 <- { field_0'0 = _9; field_1'0 = own2 } ] s2 - | s2 = closure0'0 {_8} (fun (_ret':t_GhostBox'1) -> [ &_7 <- _ret' ] s3) - | s3 = bb5 ] + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_14 <- _ret' ] [ &own1 <- _ret'.final ] s1) + | s1 = borrow_mut'0 {_14} (fun (_ret':t_GhostBox'1) -> [ &_13 <- _ret' ] s2) + | s2 = bb5 ] + + | bb5 = s0 + [ s0 = MutBorrow.borrow_mut {_13} + (fun (_ret':MutBorrow.t (t_GhostBox'1)) -> [ &_12 <- _ret' ] [ &_13 <- _ret'.final ] s1) + | s1 = deref_mut'0 {_12} (fun (_ret':MutBorrow.t (MutBorrow.t (t_PtrOwn'0))) -> [ &_11 <- _ret' ] s2) + | s2 = bb6 ] + + | bb6 = s0 + [ s0 = MutBorrow.borrow_mut {(_11.current).current} + (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> + [ &_10 <- _ret' ] + [ &_11 <- { _11 with current = { _11.current with current = _ret'.final } } ] + s1) + | s1 = borrow'0 {own2} (fun (_ret':t_GhostBox'2) -> [ &_18 <- _ret' ] s2) + | s2 = bb7 ] + + | bb7 = s0 [ s0 = deref'0 {_18} (fun (_ret':t_PtrOwn'0) -> [ &_16 <- _ret' ] s1) | s1 = bb8 ] + | bb8 = s0 + [ s0 = -{resolve'0 _18}- s1 + | s1 = disjoint_lemma'0 {_10} {_16} (fun (_ret':()) -> [ &_9 <- _ret' ] s2) + | s2 = bb9 ] - | bb5 = bb6 - | bb6 = s0 [ s0 = {[@expl:assertion] [%#sdisjoint_raw_ptr2] own1 <> own2} s1 | s1 = bb7 ] - | bb7 = s0 [ s0 = {[@expl:assertion] [%#sdisjoint_raw_ptr3] p1 <> p2} s1 | s1 = bb8 ] - | bb8 = bb9 - | bb9 = return' {_0} ] + | bb9 = s0 [ s0 = -{resolve'1 _13}- s1 | s1 = -{resolve'2 _11}- s2 | s2 = bb10 ] + | bb10 = bb11 + | bb11 = s0 [ s0 = new'1 {_8} (fun (_ret':t_GhostBox'3) -> [ &_7 <- _ret' ] s1) | s1 = bb12 ] + | bb12 = bb13 + | bb13 = s0 [ s0 = {[@expl:assertion] [%#sdisjoint_raw_ptr2] own1 <> own2} s1 | s1 = bb14 ] + | bb14 = s0 [ s0 = {[@expl:assertion] [%#sdisjoint_raw_ptr3] p1 <> p2} s1 | s1 = bb15 ] + | bb15 = bb16 + | bb16 = return' {_0} ] ) [ & _0 : () = Intrinsic.any_l () | & p1 : Opaque.ptr = Intrinsic.any_l () @@ -303,9 +265,15 @@ module M_disjoint_raw_ptr__foo [#"disjoint_raw_ptr.rs" 4 0 4 12] | & p2 : Opaque.ptr = Intrinsic.any_l () | & own2 : t_GhostBox'0 = Intrinsic.any_l () | & _6 : (Opaque.ptr, t_GhostBox'0) = Intrinsic.any_l () - | & _7 : t_GhostBox'1 = Intrinsic.any_l () - | & _8 : closure0'1 = Intrinsic.any_l () - | & _9 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & _11 : () = Intrinsic.any_l () ] + | & _7 : t_GhostBox'3 = Intrinsic.any_l () + | & _8 : () = Intrinsic.any_l () + | & _9 : () = Intrinsic.any_l () + | & _10 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () + | & _11 : MutBorrow.t (MutBorrow.t (t_PtrOwn'0)) = Intrinsic.any_l () + | & _12 : MutBorrow.t (t_GhostBox'1) = Intrinsic.any_l () + | & _13 : t_GhostBox'1 = Intrinsic.any_l () + | & _14 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & _16 : t_PtrOwn'0 = Intrinsic.any_l () + | & _18 : t_GhostBox'2 = Intrinsic.any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/ghost/disjoint_raw_ptr/proof.json b/creusot/tests/should_succeed/ghost/disjoint_raw_ptr/proof.json index c9e6deee90..1c3871612d 100644 --- a/creusot/tests/should_succeed/ghost/disjoint_raw_ptr/proof.json +++ b/creusot/tests/should_succeed/ghost/disjoint_raw_ptr/proof.json @@ -7,12 +7,11 @@ ], "proofs": { "M_disjoint_raw_ptr__foo": { - "vc_borrow'0": { "prover": "cvc5@1.0.5", "time": 0.05 }, - "vc_borrow_mut'0": { "prover": "cvc5@1.0.5", "time": 0.05 }, - "vc_closure0'0": { "prover": "cvc5@1.0.5", "time": 0.027 }, - "vc_deref'0": { "prover": "cvc5@1.0.5", "time": 0.056 }, - "vc_deref_mut'0": { "prover": "cvc5@1.0.5", "time": 0.042 }, - "vc_disjoint_lemma'0": { "prover": "cvc5@1.0.5", "time": 0.045 }, + "vc_borrow'0": { "prover": "cvc5@1.0.5", "time": 0.018 }, + "vc_borrow_mut'0": { "prover": "cvc5@1.0.5", "time": 0.018 }, + "vc_deref'0": { "prover": "cvc5@1.0.5", "time": 0.014 }, + "vc_deref_mut'0": { "prover": "cvc5@1.0.5", "time": 0.021 }, + "vc_disjoint_lemma'0": { "prover": "cvc5@1.0.5", "time": 0.022 }, "vc_foo'0": { "prover": "cvc5@1.0.5", "time": 0.064 }, "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.04 }, "vc_new'1": { "prover": "cvc5@1.0.5", "time": 0.031 } diff --git a/creusot/tests/should_succeed/ghost/ghost_map.coma b/creusot/tests/should_succeed/ghost/ghost_map.coma index 56ea4f0d2f..b6c44f9012 100644 --- a/creusot/tests/should_succeed/ghost/ghost_map.coma +++ b/creusot/tests/should_succeed/ghost/ghost_map.coma @@ -1,109 +1,109 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] let%span sghost_map0 = "ghost_map.rs" 5 18 5 41 - let%span sfmap1 = "../../../../creusot-contracts/src/logic/fmap.rs" 240 4 240 34 - let%span sfmap2 = "../../../../creusot-contracts/src/logic/fmap.rs" 238 14 238 31 - let%span sghost_map3 = "ghost_map.rs" 7 22 7 53 - let%span sghost_map4 = "ghost_map.rs" 8 25 8 26 - let%span sghost_map5 = "ghost_map.rs" 8 28 8 30 - let%span sghost_map6 = "ghost_map.rs" 10 22 10 47 - let%span sghost_map7 = "ghost_map.rs" 11 22 11 34 - let%span sghost_map8 = "ghost_map.rs" 13 17 13 19 - let%span sghost_map9 = "ghost_map.rs" 15 22 15 47 - let%span sghost_map10 = "ghost_map.rs" 17 45 17 46 - let%span sghost_map11 = "ghost_map.rs" 17 48 17 50 - let%span sghost_map12 = "ghost_map.rs" 18 45 18 46 - let%span sghost_map13 = "ghost_map.rs" 18 48 18 51 - let%span sghost_map14 = "ghost_map.rs" 20 22 20 43 - let%span sghost_map15 = "ghost_map.rs" 21 22 21 50 - let%span sghost_map16 = "ghost_map.rs" 22 22 22 34 - let%span sghost_map17 = "ghost_map.rs" 23 22 23 48 - let%span sghost_map18 = "ghost_map.rs" 24 22 24 47 - let%span sghost_map19 = "ghost_map.rs" 27 17 27 19 - let%span sghost_map20 = "ghost_map.rs" 28 30 28 31 - let%span sghost_map21 = "ghost_map.rs" 28 33 28 36 - let%span sghost_map22 = "ghost_map.rs" 29 30 29 31 - let%span sghost_map23 = "ghost_map.rs" 29 33 29 35 - let%span sghost_map24 = "ghost_map.rs" 31 22 31 47 - let%span sghost_map25 = "ghost_map.rs" 32 22 32 48 - let%span sghost_map26 = "ghost_map.rs" 37 22 37 42 - let%span sghost_map27 = "ghost_map.rs" 38 22 38 49 - let%span sghost_map28 = "ghost_map.rs" 39 22 39 42 - let%span sghost_map29 = "ghost_map.rs" 40 22 40 43 - let%span sghost_map30 = "ghost_map.rs" 45 22 45 31 - let%span sghost_map31 = "ghost_map.rs" 46 22 46 32 - let%span sghost_map32 = "ghost_map.rs" 47 22 47 32 - let%span sghost_map33 = "ghost_map.rs" 52 22 52 42 - let%span sghost_map34 = "ghost_map.rs" 53 22 53 34 - let%span sghost_map35 = "ghost_map.rs" 54 22 54 34 + let%span sghost_map1 = "ghost_map.rs" 7 22 7 53 + let%span sghost_map2 = "ghost_map.rs" 8 25 8 26 + let%span sghost_map3 = "ghost_map.rs" 8 28 8 30 + let%span sghost_map4 = "ghost_map.rs" 10 22 10 47 + let%span sghost_map5 = "ghost_map.rs" 11 22 11 34 + let%span sghost_map6 = "ghost_map.rs" 13 17 13 19 + let%span sghost_map7 = "ghost_map.rs" 15 22 15 47 + let%span sghost_map8 = "ghost_map.rs" 17 45 17 46 + let%span sghost_map9 = "ghost_map.rs" 17 48 17 50 + let%span sghost_map10 = "ghost_map.rs" 18 45 18 46 + let%span sghost_map11 = "ghost_map.rs" 18 48 18 51 + let%span sghost_map12 = "ghost_map.rs" 20 22 20 43 + let%span sghost_map13 = "ghost_map.rs" 21 22 21 50 + let%span sghost_map14 = "ghost_map.rs" 22 22 22 34 + let%span sghost_map15 = "ghost_map.rs" 23 22 23 48 + let%span sghost_map16 = "ghost_map.rs" 24 22 24 47 + let%span sghost_map17 = "ghost_map.rs" 27 17 27 19 + let%span sghost_map18 = "ghost_map.rs" 28 30 28 31 + let%span sghost_map19 = "ghost_map.rs" 28 33 28 36 + let%span sghost_map20 = "ghost_map.rs" 29 30 29 31 + let%span sghost_map21 = "ghost_map.rs" 29 33 29 35 + let%span sghost_map22 = "ghost_map.rs" 31 22 31 47 + let%span sghost_map23 = "ghost_map.rs" 32 22 32 48 + let%span sghost_map24 = "ghost_map.rs" 37 22 37 42 + let%span sghost_map25 = "ghost_map.rs" 38 22 38 49 + let%span sghost_map26 = "ghost_map.rs" 39 22 39 42 + let%span sghost_map27 = "ghost_map.rs" 40 22 40 43 + let%span sghost_map28 = "ghost_map.rs" 45 22 45 31 + let%span sghost_map29 = "ghost_map.rs" 46 22 46 32 + let%span sghost_map30 = "ghost_map.rs" 47 22 47 32 + let%span sghost_map31 = "ghost_map.rs" 52 22 52 42 + let%span sghost_map32 = "ghost_map.rs" 53 22 53 34 + let%span sghost_map33 = "ghost_map.rs" 54 22 54 34 + let%span sfmap34 = "../../../../creusot-contracts/src/logic/fmap.rs" 240 4 240 34 + let%span sfmap35 = "../../../../creusot-contracts/src/logic/fmap.rs" 238 14 238 31 let%span sghost36 = "../../../../creusot-contracts/src/ghost.rs" 228 9 228 15 - let%span sfmap37 = "../../../../creusot-contracts/src/logic/fmap.rs" 140 8 140 34 - let%span sfmap38 = "../../../../creusot-contracts/src/logic/fmap.rs" 133 8 133 35 - let%span sghost39 = "../../../../creusot-contracts/src/ghost.rs" 85 22 85 26 - let%span sghost40 = "../../../../creusot-contracts/src/ghost.rs" 85 4 85 48 - let%span sghost41 = "../../../../creusot-contracts/src/ghost.rs" 84 14 84 36 - let%span sfmap42 = "../../../../creusot-contracts/src/logic/fmap.rs" 414 29 414 33 - let%span sfmap43 = "../../../../creusot-contracts/src/logic/fmap.rs" 414 35 414 38 - let%span sfmap44 = "../../../../creusot-contracts/src/logic/fmap.rs" 414 43 414 48 - let%span sfmap45 = "../../../../creusot-contracts/src/logic/fmap.rs" 414 4 416 17 - let%span sfmap46 = "../../../../creusot-contracts/src/logic/fmap.rs" 412 14 412 49 - let%span sfmap47 = "../../../../creusot-contracts/src/logic/fmap.rs" 413 14 413 40 - let%span sghost48 = "../../../../creusot-contracts/src/ghost.rs" 69 14 69 18 - let%span sghost49 = "../../../../creusot-contracts/src/ghost.rs" 69 4 69 36 - let%span sghost50 = "../../../../creusot-contracts/src/ghost.rs" 68 14 68 35 - let%span sfmap51 = "../../../../creusot-contracts/src/logic/fmap.rs" 266 22 266 26 - let%span sfmap52 = "../../../../creusot-contracts/src/logic/fmap.rs" 265 14 265 34 - let%span sfmap53 = "../../../../creusot-contracts/src/logic/fmap.rs" 117 9 117 31 - let%span sghost_map54 = "ghost_map.rs" 12 44 12 45 - let%span sfmap55 = "../../../../creusot-contracts/src/logic/fmap.rs" 349 30 349 34 - let%span sfmap56 = "../../../../creusot-contracts/src/logic/fmap.rs" 349 36 349 39 - let%span sfmap57 = "../../../../creusot-contracts/src/logic/fmap.rs" 349 4 349 62 - let%span sfmap58 = "../../../../creusot-contracts/src/logic/fmap.rs" 337 4 346 11 - let%span sfmap59 = "../../../../creusot-contracts/src/logic/fmap.rs" 347 14 347 89 - let%span sfmap60 = "../../../../creusot-contracts/src/logic/fmap.rs" 348 14 348 44 - let%span sghost_map61 = "ghost_map.rs" 26 54 26 55 - let%span sfmap62 = "../../../../creusot-contracts/src/logic/fmap.rs" 386 32 386 36 - let%span sfmap63 = "../../../../creusot-contracts/src/logic/fmap.rs" 386 38 386 41 - let%span sfmap64 = "../../../../creusot-contracts/src/logic/fmap.rs" 386 4 386 77 - let%span sfmap65 = "../../../../creusot-contracts/src/logic/fmap.rs" 377 4 385 7 - let%span sghost_map66 = "ghost_map.rs" 34 45 34 46 - let%span sfmap67 = "../../../../creusot-contracts/src/logic/fmap.rs" 453 29 453 33 - let%span sfmap68 = "../../../../creusot-contracts/src/logic/fmap.rs" 453 35 453 38 - let%span sfmap69 = "../../../../creusot-contracts/src/logic/fmap.rs" 453 4 455 17 - let%span sfmap70 = "../../../../creusot-contracts/src/logic/fmap.rs" 451 14 451 43 - let%span sfmap71 = "../../../../creusot-contracts/src/logic/fmap.rs" 452 14 452 41 - let%span sghost_map72 = "ghost_map.rs" 35 44 35 45 - let%span sghost_map73 = "ghost_map.rs" 36 45 36 46 - let%span sfmap74 = "../../../../creusot-contracts/src/logic/fmap.rs" 93 8 96 9 - let%span sghost_map75 = "ghost_map.rs" 42 44 42 45 - let%span sfmap76 = "../../../../creusot-contracts/src/logic/fmap.rs" 286 27 286 31 - let%span sfmap77 = "../../../../creusot-contracts/src/logic/fmap.rs" 286 33 286 36 - let%span sfmap78 = "../../../../creusot-contracts/src/logic/fmap.rs" 285 14 285 43 - let%span sghost_map79 = "ghost_map.rs" 43 44 43 45 - let%span sghost_map80 = "ghost_map.rs" 44 44 44 45 - let%span sghost_map81 = "ghost_map.rs" 49 34 49 35 - let%span sfmap82 = "../../../../creusot-contracts/src/logic/fmap.rs" 315 22 315 26 - let%span sfmap83 = "../../../../creusot-contracts/src/logic/fmap.rs" 315 28 315 31 - let%span sfmap84 = "../../../../creusot-contracts/src/logic/fmap.rs" 315 4 315 50 - let%span sfmap85 = "../../../../creusot-contracts/src/logic/fmap.rs" 307 4 314 11 - let%span sghost_map86 = "ghost_map.rs" 50 34 50 35 - let%span sghost_map87 = "ghost_map.rs" 51 34 51 35 - let%span sghost88 = "../../../../creusot-contracts/src/ghost.rs" 185 15 185 16 - let%span sghost89 = "../../../../creusot-contracts/src/ghost.rs" 185 4 185 28 - let%span sghost90 = "../../../../creusot-contracts/src/ghost.rs" 183 14 183 28 - let%span sfmap91 = "../../../../creusot-contracts/src/logic/fmap.rs" 40 14 40 31 - let%span sfmap92 = "../../../../creusot-contracts/src/logic/fmap.rs" 41 14 41 49 - let%span sfmap93 = "../../../../creusot-contracts/src/logic/fmap.rs" 215 14 215 38 - let%span sfmap94 = "../../../../creusot-contracts/src/logic/fmap.rs" 216 14 216 83 - let%span sfmap95 = "../../../../creusot-contracts/src/logic/fmap.rs" 218 8 218 35 - let%span sfmap96 = "../../../../creusot-contracts/src/logic/fmap.rs" 104 8 104 26 - let%span sfmap97 = "../../../../creusot-contracts/src/logic/fmap.rs" 67 14 67 71 - let%span sfmap98 = "../../../../creusot-contracts/src/logic/fmap.rs" 68 14 68 61 - let%span sfmap99 = "../../../../creusot-contracts/src/logic/fmap.rs" 69 14 69 66 - let%span sresolve100 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sfmap101 = "../../../../creusot-contracts/src/logic/fmap.rs" 49 14 49 25 - let%span sfmap102 = "../../../../creusot-contracts/src/logic/fmap.rs" 125 8 125 35 - let%span sfmap103 = "../../../../creusot-contracts/src/logic/fmap.rs" 77 14 77 55 - let%span sfmap104 = "../../../../creusot-contracts/src/logic/fmap.rs" 78 14 78 84 + let%span sfmap37 = "../../../../creusot-contracts/src/logic/fmap.rs" 133 8 133 35 + let%span sghost38 = "../../../../creusot-contracts/src/ghost.rs" 85 22 85 26 + let%span sghost39 = "../../../../creusot-contracts/src/ghost.rs" 85 4 85 48 + let%span sghost40 = "../../../../creusot-contracts/src/ghost.rs" 84 14 84 36 + let%span sfmap41 = "../../../../creusot-contracts/src/logic/fmap.rs" 414 29 414 33 + let%span sfmap42 = "../../../../creusot-contracts/src/logic/fmap.rs" 414 35 414 38 + let%span sfmap43 = "../../../../creusot-contracts/src/logic/fmap.rs" 414 43 414 48 + let%span sfmap44 = "../../../../creusot-contracts/src/logic/fmap.rs" 414 4 416 17 + let%span sfmap45 = "../../../../creusot-contracts/src/logic/fmap.rs" 412 14 412 49 + let%span sfmap46 = "../../../../creusot-contracts/src/logic/fmap.rs" 413 14 413 40 + let%span sghost47 = "../../../../creusot-contracts/src/ghost.rs" 69 14 69 18 + let%span sghost48 = "../../../../creusot-contracts/src/ghost.rs" 69 4 69 36 + let%span sghost49 = "../../../../creusot-contracts/src/ghost.rs" 68 14 68 35 + let%span sfmap50 = "../../../../creusot-contracts/src/logic/fmap.rs" 266 22 266 26 + let%span sfmap51 = "../../../../creusot-contracts/src/logic/fmap.rs" 265 14 265 34 + let%span sfmap52 = "../../../../creusot-contracts/src/logic/fmap.rs" 117 9 117 31 + let%span sghost_map53 = "ghost_map.rs" 12 44 12 45 + let%span sfmap54 = "../../../../creusot-contracts/src/logic/fmap.rs" 349 30 349 34 + let%span sfmap55 = "../../../../creusot-contracts/src/logic/fmap.rs" 349 36 349 39 + let%span sfmap56 = "../../../../creusot-contracts/src/logic/fmap.rs" 349 4 349 62 + let%span sfmap57 = "../../../../creusot-contracts/src/logic/fmap.rs" 337 4 346 11 + let%span sfmap58 = "../../../../creusot-contracts/src/logic/fmap.rs" 347 14 347 89 + let%span sfmap59 = "../../../../creusot-contracts/src/logic/fmap.rs" 348 14 348 44 + let%span sghost_map60 = "ghost_map.rs" 26 54 26 55 + let%span sfmap61 = "../../../../creusot-contracts/src/logic/fmap.rs" 386 32 386 36 + let%span sfmap62 = "../../../../creusot-contracts/src/logic/fmap.rs" 386 38 386 41 + let%span sfmap63 = "../../../../creusot-contracts/src/logic/fmap.rs" 386 4 386 77 + let%span sfmap64 = "../../../../creusot-contracts/src/logic/fmap.rs" 377 4 385 7 + let%span sghost_map65 = "ghost_map.rs" 34 45 34 46 + let%span sfmap66 = "../../../../creusot-contracts/src/logic/fmap.rs" 453 29 453 33 + let%span sfmap67 = "../../../../creusot-contracts/src/logic/fmap.rs" 453 35 453 38 + let%span sfmap68 = "../../../../creusot-contracts/src/logic/fmap.rs" 453 4 455 17 + let%span sfmap69 = "../../../../creusot-contracts/src/logic/fmap.rs" 451 14 451 43 + let%span sfmap70 = "../../../../creusot-contracts/src/logic/fmap.rs" 452 14 452 41 + let%span sghost_map71 = "ghost_map.rs" 35 44 35 45 + let%span sghost_map72 = "ghost_map.rs" 36 45 36 46 + let%span sfmap73 = "../../../../creusot-contracts/src/logic/fmap.rs" 93 8 96 9 + let%span sghost_map74 = "ghost_map.rs" 42 44 42 45 + let%span sfmap75 = "../../../../creusot-contracts/src/logic/fmap.rs" 286 27 286 31 + let%span sfmap76 = "../../../../creusot-contracts/src/logic/fmap.rs" 286 33 286 36 + let%span sfmap77 = "../../../../creusot-contracts/src/logic/fmap.rs" 285 14 285 43 + let%span sghost_map78 = "ghost_map.rs" 43 44 43 45 + let%span sghost_map79 = "ghost_map.rs" 44 44 44 45 + let%span sghost_map80 = "ghost_map.rs" 49 34 49 35 + let%span sfmap81 = "../../../../creusot-contracts/src/logic/fmap.rs" 315 22 315 26 + let%span sfmap82 = "../../../../creusot-contracts/src/logic/fmap.rs" 315 28 315 31 + let%span sfmap83 = "../../../../creusot-contracts/src/logic/fmap.rs" 315 4 315 50 + let%span sfmap84 = "../../../../creusot-contracts/src/logic/fmap.rs" 307 4 314 11 + let%span sghost_map85 = "ghost_map.rs" 50 34 50 35 + let%span sghost_map86 = "ghost_map.rs" 51 34 51 35 + let%span sghost87 = "../../../../creusot-contracts/src/ghost.rs" 185 15 185 16 + let%span sghost88 = "../../../../creusot-contracts/src/ghost.rs" 185 4 185 28 + let%span sghost89 = "../../../../creusot-contracts/src/ghost.rs" 183 14 183 28 + let%span sfmap90 = "../../../../creusot-contracts/src/logic/fmap.rs" 140 8 140 34 + let%span sfmap91 = "../../../../creusot-contracts/src/logic/fmap.rs" 104 8 104 26 + let%span sfmap92 = "../../../../creusot-contracts/src/logic/fmap.rs" 67 14 67 71 + let%span sfmap93 = "../../../../creusot-contracts/src/logic/fmap.rs" 68 14 68 61 + let%span sfmap94 = "../../../../creusot-contracts/src/logic/fmap.rs" 69 14 69 66 + let%span sresolve95 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sfmap96 = "../../../../creusot-contracts/src/logic/fmap.rs" 49 14 49 25 + let%span sfmap97 = "../../../../creusot-contracts/src/logic/fmap.rs" 125 8 125 35 + let%span sfmap98 = "../../../../creusot-contracts/src/logic/fmap.rs" 77 14 77 55 + let%span sfmap99 = "../../../../creusot-contracts/src/logic/fmap.rs" 78 14 78 84 + let%span sfmap100 = "../../../../creusot-contracts/src/logic/fmap.rs" 40 14 40 31 + let%span sfmap101 = "../../../../creusot-contracts/src/logic/fmap.rs" 41 14 41 49 + let%span sfmap102 = "../../../../creusot-contracts/src/logic/fmap.rs" 215 14 215 38 + let%span sfmap103 = "../../../../creusot-contracts/src/logic/fmap.rs" 216 14 216 83 + let%span sfmap104 = "../../../../creusot-contracts/src/logic/fmap.rs" 218 8 218 35 let%span sfmap105 = "../../../../creusot-contracts/src/logic/fmap.rs" 59 14 59 86 let%span sutil106 = "../../../../creusot-contracts/src/util.rs" 21 14 21 30 let%span sutil107 = "../../../../creusot-contracts/src/util.rs" 55 11 55 21 @@ -125,7 +125,7 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] function len'0 (self : t_FMap'0) : int - axiom len'0_spec : forall self : t_FMap'0 . [%#sfmap101] len'0 self >= 0 + axiom len'0_spec : forall self : t_FMap'0 . [%#sfmap96] len'0 self >= 0 use creusot.int.Int32 @@ -144,33 +144,33 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] function empty'0 (_1 : ()) : t_FMap'0 - axiom empty'0_spec : forall _1 : () . ([%#sfmap91] len'0 (empty'0 _1) = 0) - && ([%#sfmap92] view'0 (empty'0 _1) = Const.const (C_None'3)) + axiom empty'0_spec : forall _1 : () . ([%#sfmap100] len'0 (empty'0 _1) = 0) + && ([%#sfmap101] view'0 (empty'0 _1) = Const.const (C_None'3)) use map.Map function get_unsized'0 [@inline:trivial] (self : t_FMap'0) (k : Int32.t) : t_Option'3 = - [%#sfmap96] Map.get (view'0 self) k + [%#sfmap91] Map.get (view'0 self) k function ext_eq'0 (self : t_FMap'0) (other : t_FMap'0) : bool = - [%#sfmap95] view'0 self = view'0 other + [%#sfmap104] view'0 self = view'0 other - axiom ext_eq'0_spec : forall self : t_FMap'0, other : t_FMap'0 . ([%#sfmap93] ext_eq'0 self other -> self = other) - && ([%#sfmap94] (forall k : Int32.t . get_unsized'0 self k = get_unsized'0 other k) -> ext_eq'0 self other) + axiom ext_eq'0_spec : forall self : t_FMap'0, other : t_FMap'0 . ([%#sfmap102] ext_eq'0 self other -> self = other) + && ([%#sfmap103] (forall k : Int32.t . get_unsized'0 self k = get_unsized'0 other k) -> ext_eq'0 self other) function is_empty'0 (self : t_FMap'0) : bool = - [%#sfmap37] ext_eq'0 self (empty'0 ()) + [%#sfmap90] ext_eq'0 self (empty'0 ()) let rec new'0 (_1:()) (return' (ret:t_GhostBox'0))= any - [ return' (result:t_GhostBox'0)-> {[%#sfmap1] inv'0 result} - {[%#sfmap2] is_empty'0 (inner_logic'0 result)} + [ return' (result:t_GhostBox'0)-> {[%#sfmap34] inv'0 result} + {[%#sfmap35] is_empty'0 (inner_logic'0 result)} (! return' {result}) ] - use creusot.prelude.MutBorrow - function contains'0 [@inline:trivial] (self : t_FMap'0) (k : Int32.t) : bool = - [%#sfmap38] get_unsized'0 self k <> C_None'3 + [%#sfmap37] get_unsized'0 self k <> C_None'3 + + use creusot.prelude.MutBorrow predicate inv'1 (_1 : MutBorrow.t (t_GhostBox'0)) @@ -180,10 +180,10 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] axiom inv_axiom'2 [@rewrite] : forall x : MutBorrow.t (t_FMap'0) [inv'2 x] . inv'2 x = true - let rec deref_mut'0 (self:MutBorrow.t (t_GhostBox'0)) (return' (ret:MutBorrow.t (t_FMap'0)))= {[@expl:deref_mut 'self' type invariant] [%#sghost39] inv'1 self} + let rec deref_mut'0 (self:MutBorrow.t (t_GhostBox'0)) (return' (ret:MutBorrow.t (t_FMap'0)))= {[@expl:deref_mut 'self' type invariant] [%#sghost38] inv'1 self} any - [ return' (result:MutBorrow.t (t_FMap'0))-> {[%#sghost40] inv'2 result} - {[%#sghost41] result + [ return' (result:MutBorrow.t (t_FMap'0))-> {[%#sghost39] inv'2 result} + {[%#sghost40] result = MutBorrow.borrow_logic (self.current).t_GhostBox__0'0 (self.final).t_GhostBox__0'0 (MutBorrow.inherit_id (MutBorrow.get_id self) 1)} (! return' {result}) ] @@ -208,32 +208,32 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] function insert'0 (self : t_FMap'0) (k : Int32.t) (v : Int32.t) : t_FMap'0 - axiom insert'0_spec : forall self : t_FMap'0, k : Int32.t, v : Int32.t . ([%#sfmap97] view'0 (insert'0 self k v) + axiom insert'0_spec : forall self : t_FMap'0, k : Int32.t, v : Int32.t . ([%#sfmap92] view'0 (insert'0 self k v) = Map.set (view'0 self) k (C_Some'3 (make_sized'0 v))) - && ([%#sfmap98] contains'0 self k -> len'0 (insert'0 self k v) = len'0 self) - && ([%#sfmap99] not contains'0 self k -> len'0 (insert'0 self k v) = len'0 self + 1) + && ([%#sfmap93] contains'0 self k -> len'0 (insert'0 self k v) = len'0 self) + && ([%#sfmap94] not contains'0 self k -> len'0 (insert'0 self k v) = len'0 self + 1) function get'0 [@inline:trivial] (self : t_FMap'0) (k : Int32.t) : t_Option'0 = - [%#sfmap74] match get_unsized'0 self k with + [%#sfmap73] match get_unsized'0 self k with | C_None'3 -> C_None'1 | C_Some'3 x -> C_Some'1 x end - let rec insert_ghost'0 (self:MutBorrow.t (t_FMap'0)) (key:Int32.t) (value:Int32.t) (return' (ret:t_Option'0))= {[@expl:insert_ghost 'self' type invariant] [%#sfmap42] inv'2 self} - {[@expl:insert_ghost 'key' type invariant] [%#sfmap43] inv'3 key} - {[@expl:insert_ghost 'value' type invariant] [%#sfmap44] inv'3 value} + let rec insert_ghost'0 (self:MutBorrow.t (t_FMap'0)) (key:Int32.t) (value:Int32.t) (return' (ret:t_Option'0))= {[@expl:insert_ghost 'self' type invariant] [%#sfmap41] inv'2 self} + {[@expl:insert_ghost 'key' type invariant] [%#sfmap42] inv'3 key} + {[@expl:insert_ghost 'value' type invariant] [%#sfmap43] inv'3 value} any - [ return' (result:t_Option'0)-> {[%#sfmap45] inv'4 result} - {[%#sfmap46] self.final = insert'0 self.current key value} - {[%#sfmap47] result = get'0 self.current key} + [ return' (result:t_Option'0)-> {[%#sfmap44] inv'4 result} + {[%#sfmap45] self.final = insert'0 self.current key value} + {[%#sfmap46] result = get'0 self.current key} (! return' {result}) ] - predicate resolve'3 (self : MutBorrow.t (t_FMap'0)) = - [%#sresolve100] self.final = self.current + predicate resolve'2 (self : MutBorrow.t (t_FMap'0)) = + [%#sresolve95] self.final = self.current predicate resolve'0 (_1 : MutBorrow.t (t_FMap'0)) = - resolve'3 _1 + resolve'2 _1 predicate inv'5 (_1 : t_GhostBox'0) @@ -243,15 +243,15 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] axiom inv_axiom'6 [@rewrite] : forall x : t_FMap'0 [inv'6 x] . inv'6 x = true - let rec deref'0 (self:t_GhostBox'0) (return' (ret:t_FMap'0))= {[@expl:deref 'self' type invariant] [%#sghost48] inv'5 self} + let rec deref'0 (self:t_GhostBox'0) (return' (ret:t_FMap'0))= {[@expl:deref 'self' type invariant] [%#sghost47] inv'5 self} any - [ return' (result:t_FMap'0)-> {[%#sghost49] inv'6 result} - {[%#sghost50] self.t_GhostBox__0'0 = result} + [ return' (result:t_FMap'0)-> {[%#sghost48] inv'6 result} + {[%#sghost49] self.t_GhostBox__0'0 = result} (! return' {result}) ] - let rec len_ghost'0 (self:t_FMap'0) (return' (ret:int))= {[@expl:len_ghost 'self' type invariant] [%#sfmap51] inv'6 self} - any [ return' (result:int)-> {[%#sfmap52] result = len'0 self} (! return' {result}) ] + let rec len_ghost'0 (self:t_FMap'0) (return' (ret:int))= {[@expl:len_ghost 'self' type invariant] [%#sfmap50] inv'6 self} + any [ return' (result:int)-> {[%#sfmap51] result = len'0 self} (! return' {result}) ] function unwrap'0 (op : t_Option'3) : Int32.t @@ -259,15 +259,15 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] -> ([%#sutil108] C_Some'3 (unwrap'0 op) = op) function lookup_unsized'0 [@inline:trivial] (self : t_FMap'0) (k : Int32.t) : Int32.t = - [%#sfmap102] unwrap'0 (get_unsized'0 self k) + [%#sfmap97] unwrap'0 (get_unsized'0 self k) function lookup'0 [@inline:trivial] (self : t_FMap'0) (k : Int32.t) : Int32.t = - [%#sfmap53] lookup_unsized'0 self k + [%#sfmap52] lookup_unsized'0 self k use creusot.prelude.Intrinsic - let rec promoted10__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0[@coma:extspec] (return' (ret:Int32.t))= bb0 - [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_map54] (1 : Int32.t) ] s1 | s1 = return' {_0} ] ] + let rec promoted10__ghost_map'0 (return' (ret:Int32.t))= bb0 + [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_map53] (1 : Int32.t) ] s1 | s1 = return' {_0} ] ] [ & _0 : Int32.t = Intrinsic.any_l () ] [ return' (result:Int32.t)-> return' {result} ] predicate inv'7 (_1 : Int32.t) @@ -282,11 +282,11 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] axiom inv_axiom'8 [@rewrite] : forall x : t_Option'1 [inv'8 x] . inv'8 x = true - let rec get_mut_ghost'0 (self:MutBorrow.t (t_FMap'0)) (key:Int32.t) (return' (ret:t_Option'1))= {[@expl:get_mut_ghost 'self' type invariant] [%#sfmap55] inv'2 self} - {[@expl:get_mut_ghost 'key' type invariant] [%#sfmap56] inv'7 key} + let rec get_mut_ghost'0 (self:MutBorrow.t (t_FMap'0)) (key:Int32.t) (return' (ret:t_Option'1))= {[@expl:get_mut_ghost 'self' type invariant] [%#sfmap54] inv'2 self} + {[@expl:get_mut_ghost 'key' type invariant] [%#sfmap55] inv'7 key} any - [ return' (result:t_Option'1)-> {[%#sfmap57] inv'8 result} - {[%#sfmap58] if contains'0 self.current key then + [ return' (result:t_Option'1)-> {[%#sfmap56] inv'8 result} + {[%#sfmap57] if contains'0 self.current key then match result with | C_None'0 -> false | C_Some'0 r -> contains'0 self.final key @@ -295,16 +295,16 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] else result = C_None'0 /\ self.current = self.final } - {[%#sfmap59] forall k : Int32.t . k <> key -> get_unsized'0 self.current k = get_unsized'0 self.final k} - {[%#sfmap60] len'0 self.current = len'0 self.final} + {[%#sfmap58] forall k : Int32.t . k <> key -> get_unsized'0 self.current k = get_unsized'0 self.final k} + {[%#sfmap59] len'0 self.current = len'0 self.final} (! return' {result}) ] - predicate resolve'4 (self : MutBorrow.t Int32.t) = - [%#sresolve100] self.final = self.current + predicate resolve'3 (self : MutBorrow.t Int32.t) = + [%#sresolve95] self.final = self.current predicate resolve'1 (_1 : MutBorrow.t Int32.t) = - resolve'4 _1 + resolve'3 _1 let rec v_Some'0 (input:t_Option'1) (ret (field_0:MutBorrow.t Int32.t))= any [ good (field_0:MutBorrow.t Int32.t)-> {C_Some'0 field_0 = input} (! ret {field_0}) @@ -313,8 +313,8 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] any) ] - let rec promoted9__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0[@coma:extspec] (return' (ret:Int32.t))= bb0 - [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_map61] (1 : Int32.t) ] s1 | s1 = return' {_0} ] ] + let rec promoted9__ghost_map'0 (return' (ret:Int32.t))= bb0 + [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_map60] (1 : Int32.t) ] s1 | s1 = return' {_0} ] ] [ & _0 : Int32.t = Intrinsic.any_l () ] [ return' (result:Int32.t)-> return' {result} ] predicate inv'9 (_1 : (t_Option'1, MutBorrow.t (t_FMap'0))) @@ -323,15 +323,15 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] function remove'0 (self : t_FMap'0) (k : Int32.t) : t_FMap'0 - axiom remove'0_spec : forall self : t_FMap'0, k : Int32.t . ([%#sfmap103] view'0 (remove'0 self k) + axiom remove'0_spec : forall self : t_FMap'0, k : Int32.t . ([%#sfmap98] view'0 (remove'0 self k) = Map.set (view'0 self) k (C_None'3)) - && ([%#sfmap104] len'0 (remove'0 self k) = (if contains'0 self k then len'0 self - 1 else len'0 self)) + && ([%#sfmap99] len'0 (remove'0 self k) = (if contains'0 self k then len'0 self - 1 else len'0 self)) - let rec split_mut_ghost'0 (self:MutBorrow.t (t_FMap'0)) (key:Int32.t) (return' (ret:(t_Option'1, MutBorrow.t (t_FMap'0))))= {[@expl:split_mut_ghost 'self' type invariant] [%#sfmap62] inv'2 self} - {[@expl:split_mut_ghost 'key' type invariant] [%#sfmap63] inv'7 key} + let rec split_mut_ghost'0 (self:MutBorrow.t (t_FMap'0)) (key:Int32.t) (return' (ret:(t_Option'1, MutBorrow.t (t_FMap'0))))= {[@expl:split_mut_ghost 'self' type invariant] [%#sfmap61] inv'2 self} + {[@expl:split_mut_ghost 'key' type invariant] [%#sfmap62] inv'7 key} any - [ return' (result:(t_Option'1, MutBorrow.t (t_FMap'0)))-> {[%#sfmap64] inv'9 result} - {[%#sfmap65] if contains'0 self.current key then + [ return' (result:(t_Option'1, MutBorrow.t (t_FMap'0)))-> {[%#sfmap63] inv'9 result} + {[%#sfmap64] if contains'0 self.current key then (let (_, a) = result in a).current = remove'0 self.current key /\ match let (a, _) = result in a with | C_None'0 -> false @@ -344,45 +344,45 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] (! return' {result}) ] - let rec promoted8__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0[@coma:extspec] (return' (ret:Int32.t))= bb0 - [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_map66] (3 : Int32.t) ] s1 | s1 = return' {_0} ] ] + let rec promoted8__ghost_map'0 (return' (ret:Int32.t))= bb0 + [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_map65] (3 : Int32.t) ] s1 | s1 = return' {_0} ] ] [ & _0 : Int32.t = Intrinsic.any_l () ] [ return' (result:Int32.t)-> return' {result} ] - let rec remove_ghost'0 (self:MutBorrow.t (t_FMap'0)) (key:Int32.t) (return' (ret:t_Option'0))= {[@expl:remove_ghost 'self' type invariant] [%#sfmap67] inv'2 self} - {[@expl:remove_ghost 'key' type invariant] [%#sfmap68] inv'7 key} + let rec remove_ghost'0 (self:MutBorrow.t (t_FMap'0)) (key:Int32.t) (return' (ret:t_Option'0))= {[@expl:remove_ghost 'self' type invariant] [%#sfmap66] inv'2 self} + {[@expl:remove_ghost 'key' type invariant] [%#sfmap67] inv'7 key} any - [ return' (result:t_Option'0)-> {[%#sfmap69] inv'4 result} - {[%#sfmap70] self.final = remove'0 self.current key} - {[%#sfmap71] result = get'0 self.current key} + [ return' (result:t_Option'0)-> {[%#sfmap68] inv'4 result} + {[%#sfmap69] self.final = remove'0 self.current key} + {[%#sfmap70] result = get'0 self.current key} (! return' {result}) ] - let rec promoted7__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0[@coma:extspec] (return' (ret:Int32.t))= bb0 - [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_map72] (2 : Int32.t) ] s1 | s1 = return' {_0} ] ] + let rec promoted7__ghost_map'0 (return' (ret:Int32.t))= bb0 + [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_map71] (2 : Int32.t) ] s1 | s1 = return' {_0} ] ] [ & _0 : Int32.t = Intrinsic.any_l () ] [ return' (result:Int32.t)-> return' {result} ] - let rec promoted6__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0[@coma:extspec] (return' (ret:Int32.t))= bb0 - [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_map73] (2 : Int32.t) ] s1 | s1 = return' {_0} ] ] + let rec promoted6__ghost_map'0 (return' (ret:Int32.t))= bb0 + [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_map72] (2 : Int32.t) ] s1 | s1 = return' {_0} ] ] [ & _0 : Int32.t = Intrinsic.any_l () ] [ return' (result:Int32.t)-> return' {result} ] - let rec promoted5__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0[@coma:extspec] (return' (ret:Int32.t))= bb0 - [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_map75] (1 : Int32.t) ] s1 | s1 = return' {_0} ] ] + let rec promoted5__ghost_map'0 (return' (ret:Int32.t))= bb0 + [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_map74] (1 : Int32.t) ] s1 | s1 = return' {_0} ] ] [ & _0 : Int32.t = Intrinsic.any_l () ] [ return' (result:Int32.t)-> return' {result} ] - let rec contains_ghost'0 (self:t_FMap'0) (key:Int32.t) (return' (ret:bool))= {[@expl:contains_ghost 'self' type invariant] [%#sfmap76] inv'6 self} - {[@expl:contains_ghost 'key' type invariant] [%#sfmap77] inv'7 key} - any [ return' (result:bool)-> {[%#sfmap78] result = contains'0 self key} (! return' {result}) ] + let rec contains_ghost'0 (self:t_FMap'0) (key:Int32.t) (return' (ret:bool))= {[@expl:contains_ghost 'self' type invariant] [%#sfmap75] inv'6 self} + {[@expl:contains_ghost 'key' type invariant] [%#sfmap76] inv'7 key} + any [ return' (result:bool)-> {[%#sfmap77] result = contains'0 self key} (! return' {result}) ] - let rec promoted4__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0[@coma:extspec] (return' (ret:Int32.t))= bb0 - [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_map79] (2 : Int32.t) ] s1 | s1 = return' {_0} ] ] + let rec promoted4__ghost_map'0 (return' (ret:Int32.t))= bb0 + [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_map78] (2 : Int32.t) ] s1 | s1 = return' {_0} ] ] [ & _0 : Int32.t = Intrinsic.any_l () ] [ return' (result:Int32.t)-> return' {result} ] - let rec promoted3__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0[@coma:extspec] (return' (ret:Int32.t))= bb0 - [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_map80] (3 : Int32.t) ] s1 | s1 = return' {_0} ] ] + let rec promoted3__ghost_map'0 (return' (ret:Int32.t))= bb0 + [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_map79] (3 : Int32.t) ] s1 | s1 = return' {_0} ] ] [ & _0 : Int32.t = Intrinsic.any_l () ] [ return' (result:Int32.t)-> return' {result} ] - let rec promoted2__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0[@coma:extspec] (return' (ret:Int32.t))= bb0 - [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_map81] (1 : Int32.t) ] s1 | s1 = return' {_0} ] ] + let rec promoted2__ghost_map'0 (return' (ret:Int32.t))= bb0 + [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_map80] (1 : Int32.t) ] s1 | s1 = return' {_0} ] ] [ & _0 : Int32.t = Intrinsic.any_l () ] [ return' (result:Int32.t)-> return' {result} ] type t_Option'2 = @@ -393,11 +393,11 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] axiom inv_axiom'10 [@rewrite] : forall x : t_Option'2 [inv'10 x] . inv'10 x = true - let rec get_ghost'0 (self:t_FMap'0) (key:Int32.t) (return' (ret:t_Option'2))= {[@expl:get_ghost 'self' type invariant] [%#sfmap82] inv'6 self} - {[@expl:get_ghost 'key' type invariant] [%#sfmap83] inv'7 key} + let rec get_ghost'0 (self:t_FMap'0) (key:Int32.t) (return' (ret:t_Option'2))= {[@expl:get_ghost 'self' type invariant] [%#sfmap81] inv'6 self} + {[@expl:get_ghost 'key' type invariant] [%#sfmap82] inv'7 key} any - [ return' (result:t_Option'2)-> {[%#sfmap84] inv'10 result} - {[%#sfmap85] if contains'0 self key then + [ return' (result:t_Option'2)-> {[%#sfmap83] inv'10 result} + {[%#sfmap84] if contains'0 self key then match result with | C_None'2 -> false | C_Some'2 r -> lookup_unsized'0 self key = r @@ -408,26 +408,14 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] (! return' {result}) ] - let rec promoted1__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0[@coma:extspec] (return' (ret:Int32.t))= bb0 - [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_map86] (2 : Int32.t) ] s1 | s1 = return' {_0} ] ] + let rec promoted1__ghost_map'0 (return' (ret:Int32.t))= bb0 + [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_map85] (2 : Int32.t) ] s1 | s1 = return' {_0} ] ] [ & _0 : Int32.t = Intrinsic.any_l () ] [ return' (result:Int32.t)-> return' {result} ] - let rec promoted0__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0[@coma:extspec] (return' (ret:Int32.t))= bb0 - [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_map87] (3 : Int32.t) ] s1 | s1 = return' {_0} ] ] + let rec promoted0__ghost_map'0 (return' (ret:Int32.t))= bb0 + [ bb0 = s0 [ s0 = [ &_0 <- [%#sghost_map86] (3 : Int32.t) ] s1 | s1 = return' {_0} ] ] [ & _0 : Int32.t = Intrinsic.any_l () ] [ return' (result:Int32.t)-> return' {result} ] - type closure0'1 = - { field_0'0: MutBorrow.t (t_GhostBox'0) } - - predicate resolve'6 (self : MutBorrow.t (t_GhostBox'0)) = - [%#sresolve100] self.final = self.current - - predicate resolve'5 (_1 : MutBorrow.t (t_GhostBox'0)) = - resolve'6 _1 - - predicate resolve'2 (_1 : closure0'1) = - resolve'5 _1.field_0'0 - predicate inv'11 (_1 : ()) axiom inv_axiom'11 [@rewrite] : forall x : () [inv'11 x] . inv'11 x = true @@ -439,385 +427,347 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] axiom inv_axiom'12 [@rewrite] : forall x : t_GhostBox'1 [inv'12 x] . inv'12 x = true - let rec new'1 (x:()) (return' (ret:t_GhostBox'1))= {[@expl:new 'x' type invariant] [%#sghost88] inv'11 x} + let rec new'1 (x:()) (return' (ret:t_GhostBox'1))= {[@expl:new 'x' type invariant] [%#sghost87] inv'11 x} any - [ return' (result:t_GhostBox'1)-> {[%#sghost89] inv'12 result} - {[%#sghost90] result.t_GhostBox__0'1 = x} + [ return' (result:t_GhostBox'1)-> {[%#sghost88] inv'12 result} + {[%#sghost89] result.t_GhostBox__0'1 = x} (! return' {result}) ] - let rec closure0'0[#"ghost_map.rs" 6 4 55 5] [@coma:extspec] (_1:closure0'1) (return' (ret:t_GhostBox'1))= bb0 - [ bb0 = s0 - [ s0 = {[@expl:assertion] [%#sghost_map3] forall k : Int32.t . not contains'0 (inner_logic'0 (_1.field_0'0).current) k} - s1 - | s1 = MutBorrow.borrow_mut {(_1.field_0'0).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_8 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s2) - | s2 = deref_mut'0 {_8} (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_7 <- _ret' ] s3) - | s3 = bb1 ] - + meta "compute_max_steps" 1000000 + + let rec ghost_map'0[#"ghost_map.rs" 4 0 4 18] (_1:()) (return' (ret:()))= (! bb0 + [ bb0 = s0 [ s0 = new'0 {[%#sghost_map0] ()} (fun (_ret':t_GhostBox'0) -> [ &map <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} - (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_6 <- _ret' ] [ &_7 <- { _7 with current = _ret'.final } ] s1) - | s1 = insert_ghost'0 {_6} {[%#sghost_map4] (1 : Int32.t)} {[%#sghost_map5] (21 : Int32.t)} - (fun (_ret':t_Option'0) -> [ &_5 <- _ret' ] s2) - | s2 = bb2 ] + [ s0 = {[@expl:assertion] [%#sghost_map1] forall k : Int32.t . not contains'0 (inner_logic'0 map) k} s1 + | s1 = MutBorrow.borrow_mut {map} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_9 <- _ret' ] [ &map <- _ret'.final ] s2) + | s2 = deref_mut'0 {_9} (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_8 <- _ret' ] s3) + | s3 = bb2 ] | bb2 = s0 - [ s0 = -{resolve'0 _7}- s1 - | s1 = deref'0 {(_1.field_0'0).current} (fun (_ret':t_FMap'0) -> [ &_11 <- _ret' ] s2) + [ s0 = MutBorrow.borrow_final {_8.current} {MutBorrow.get_id _8} + (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_7 <- _ret' ] [ &_8 <- { _8 with current = _ret'.final } ] s1) + | s1 = insert_ghost'0 {_7} {[%#sghost_map2] (1 : Int32.t)} {[%#sghost_map3] (21 : Int32.t)} + (fun (_ret':t_Option'0) -> [ &_6 <- _ret' ] s2) | s2 = bb3 ] - | bb3 = s0 [ s0 = len_ghost'0 {_11} (fun (_ret':int) -> [ &length1 <- _ret' ] s1) | s1 = bb4 ] - | bb4 = s0 - [ s0 = {[@expl:assertion] [%#sghost_map6] lookup'0 (inner_logic'0 (_1.field_0'0).current) (1 : Int32.t) - = (21 : Int32.t)} - s1 - | s1 = {[@expl:assertion] [%#sghost_map7] length1 = 1} s2 - | s2 = MutBorrow.borrow_mut {(_1.field_0'0).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_21 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s3) - | s3 = deref_mut'0 {_21} (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_20 <- _ret' ] s4) - | s4 = bb5 ] + | bb3 = s0 + [ s0 = -{resolve'0 _8}- s1 | s1 = deref'0 {map} (fun (_ret':t_FMap'0) -> [ &_12 <- _ret' ] s2) | s2 = bb4 ] + | bb4 = s0 [ s0 = len_ghost'0 {_12} (fun (_ret':int) -> [ &length1 <- _ret' ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = MutBorrow.borrow_final {_20.current} {MutBorrow.get_id _20} - (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_19 <- _ret' ] [ &_20 <- { _20 with current = _ret'.final } ] s1) - | s1 = promoted10__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0 (fun (pr10:Int32.t) -> [ &_163 <- pr10 ] s2) - | s2 = [ &_23 <- _163 ] s3 - | s3 = get_mut_ghost'0 {_19} {_23} (fun (_ret':t_Option'1) -> [ &_18 <- _ret' ] s4) + [ s0 = {[@expl:assertion] [%#sghost_map4] lookup'0 (inner_logic'0 map) (1 : Int32.t) = (21 : Int32.t)} s1 + | s1 = {[@expl:assertion] [%#sghost_map5] length1 = 1} s2 + | s2 = MutBorrow.borrow_mut {map} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_22 <- _ret' ] [ &map <- _ret'.final ] s3) + | s3 = deref_mut'0 {_22} (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_21 <- _ret' ] s4) | s4 = bb6 ] - | bb6 = any [ br0 -> {_18 = C_None'0 } (! bb9) | br1 (x0:MutBorrow.t Int32.t)-> {_18 = C_Some'0 x0} (! bb7) ] - | bb9 = s0 - [ s0 = -{match _18 with + | bb6 = s0 + [ s0 = MutBorrow.borrow_final {_21.current} {MutBorrow.get_id _21} + (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_20 <- _ret' ] [ &_21 <- { _21 with current = _ret'.final } ] s1) + | s1 = promoted10__ghost_map'0 (fun (pr10:Int32.t) -> [ &_164 <- pr10 ] s2) + | s2 = [ &_24 <- _164 ] s3 + | s3 = get_mut_ghost'0 {_20} {_24} (fun (_ret':t_Option'1) -> [ &_19 <- _ret' ] s4) + | s4 = bb7 ] + + | bb7 = any [ br0 -> {_19 = C_None'0 } (! bb10) | br1 (x0:MutBorrow.t Int32.t)-> {_19 = C_Some'0 x0} (! bb8) ] + | bb10 = s0 + [ s0 = -{match _19 with | C_Some'0 x'0 -> resolve'1 x'0 | _ -> true end}- s1 - | s1 = -{resolve'0 _20}- s2 - | s2 = bb10 ] + | s1 = -{resolve'0 _21}- s2 + | s2 = bb11 ] - | bb7 = bb8 - | bb8 = s0 - [ s0 = v_Some'0 {_18} (fun (r0'0:MutBorrow.t Int32.t) -> [ &x <- r0'0 ] s1) - | s1 = [ &x <- { x with current = ([%#sghost_map8] (43 : Int32.t)) } ] s2 + | bb8 = bb9 + | bb9 = s0 + [ s0 = v_Some'0 {_19} (fun (r0'0:MutBorrow.t Int32.t) -> [ &x <- r0'0 ] s1) + | s1 = [ &x <- { x with current = ([%#sghost_map6] (43 : Int32.t)) } ] s2 | s2 = -{resolve'1 x}- s3 - | s3 = -{resolve'0 _20}- s4 - | s4 = bb10 ] - - | bb10 = s0 - [ s0 = {[@expl:assertion] [%#sghost_map9] lookup'0 (inner_logic'0 (_1.field_0'0).current) (1 : Int32.t) - = (43 : Int32.t)} - s1 - | s1 = MutBorrow.borrow_mut {(_1.field_0'0).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_32 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s2) - | s2 = deref_mut'0 {_32} (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_31 <- _ret' ] s3) - | s3 = bb11 ] + | s3 = -{resolve'0 _21}- s4 + | s4 = bb11 ] | bb11 = s0 - [ s0 = MutBorrow.borrow_final {_31.current} {MutBorrow.get_id _31} - (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_30 <- _ret' ] [ &_31 <- { _31 with current = _ret'.final } ] s1) - | s1 = insert_ghost'0 {_30} {[%#sghost_map10] (2 : Int32.t)} {[%#sghost_map11] (50 : Int32.t)} - (fun (_ret':t_Option'0) -> [ &inserted_none <- _ret' ] s2) - | s2 = bb12 ] + [ s0 = {[@expl:assertion] [%#sghost_map7] lookup'0 (inner_logic'0 map) (1 : Int32.t) = (43 : Int32.t)} s1 + | s1 = MutBorrow.borrow_mut {map} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_33 <- _ret' ] [ &map <- _ret'.final ] s2) + | s2 = deref_mut'0 {_33} (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_32 <- _ret' ] s3) + | s3 = bb12 ] | bb12 = s0 - [ s0 = -{resolve'0 _31}- s1 - | s1 = MutBorrow.borrow_mut {(_1.field_0'0).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_36 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s2) - | s2 = deref_mut'0 {_36} (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_35 <- _ret' ] s3) - | s3 = bb13 ] + [ s0 = MutBorrow.borrow_final {_32.current} {MutBorrow.get_id _32} + (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_31 <- _ret' ] [ &_32 <- { _32 with current = _ret'.final } ] s1) + | s1 = insert_ghost'0 {_31} {[%#sghost_map8] (2 : Int32.t)} {[%#sghost_map9] (50 : Int32.t)} + (fun (_ret':t_Option'0) -> [ &inserted_none <- _ret' ] s2) + | s2 = bb13 ] | bb13 = s0 - [ s0 = MutBorrow.borrow_final {_35.current} {MutBorrow.get_id _35} - (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_34 <- _ret' ] [ &_35 <- { _35 with current = _ret'.final } ] s1) - | s1 = insert_ghost'0 {_34} {[%#sghost_map12] (2 : Int32.t)} {[%#sghost_map13] (100 : Int32.t)} - (fun (_ret':t_Option'0) -> [ &inserted_some <- _ret' ] s2) - | s2 = bb14 ] + [ s0 = -{resolve'0 _32}- s1 + | s1 = MutBorrow.borrow_mut {map} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_37 <- _ret' ] [ &map <- _ret'.final ] s2) + | s2 = deref_mut'0 {_37} (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_36 <- _ret' ] s3) + | s3 = bb14 ] | bb14 = s0 - [ s0 = -{resolve'0 _35}- s1 - | s1 = deref'0 {(_1.field_0'0).current} (fun (_ret':t_FMap'0) -> [ &_39 <- _ret' ] s2) + [ s0 = MutBorrow.borrow_final {_36.current} {MutBorrow.get_id _36} + (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_35 <- _ret' ] [ &_36 <- { _36 with current = _ret'.final } ] s1) + | s1 = insert_ghost'0 {_35} {[%#sghost_map10] (2 : Int32.t)} {[%#sghost_map11] (100 : Int32.t)} + (fun (_ret':t_Option'0) -> [ &inserted_some <- _ret' ] s2) | s2 = bb15 ] - | bb15 = s0 [ s0 = len_ghost'0 {_39} (fun (_ret':int) -> [ &length2 <- _ret' ] s1) | s1 = bb16 ] - | bb16 = s0 - [ s0 = {[@expl:assertion] [%#sghost_map14] inserted_none = C_None'1} s1 - | s1 = {[@expl:assertion] [%#sghost_map15] inserted_some = C_Some'1 (50 : Int32.t)} s2 - | s2 = {[@expl:assertion] [%#sghost_map16] length2 = 2} s3 - | s3 = {[@expl:assertion] [%#sghost_map17] lookup'0 (inner_logic'0 (_1.field_0'0).current) (2 : Int32.t) - = (100 : Int32.t)} - s4 - | s4 = {[@expl:assertion] [%#sghost_map18] lookup'0 (inner_logic'0 (_1.field_0'0).current) (1 : Int32.t) - = (43 : Int32.t)} - s5 - | s5 = MutBorrow.borrow_mut {(_1.field_0'0).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_55 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s6) - | s6 = deref_mut'0 {_55} (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_54 <- _ret' ] s7) - | s7 = bb17 ] + | bb15 = s0 + [ s0 = -{resolve'0 _36}- s1 | s1 = deref'0 {map} (fun (_ret':t_FMap'0) -> [ &_40 <- _ret' ] s2) | s2 = bb16 ] + | bb16 = s0 [ s0 = len_ghost'0 {_40} (fun (_ret':int) -> [ &length2 <- _ret' ] s1) | s1 = bb17 ] | bb17 = s0 - [ s0 = MutBorrow.borrow_final {_54.current} {MutBorrow.get_id _54} - (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_53 <- _ret' ] [ &_54 <- { _54 with current = _ret'.final } ] s1) - | s1 = promoted9__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0 (fun (pr9:Int32.t) -> [ &_162 <- pr9 ] s2) - | s2 = [ &_57 <- _162 ] s3 - | s3 = split_mut_ghost'0 {_53} {_57} (fun (_ret':(t_Option'1, MutBorrow.t (t_FMap'0))) -> [ &_52 <- _ret' ] s4) - | s4 = bb18 ] - - | bb18 = any - [ br0 -> {(let (r'0, _) = _52 in r'0) = C_None'0 } (! bb23) - | br1 (x0:MutBorrow.t Int32.t)-> {(let (r'0, _) = _52 in r'0) = C_Some'0 x0} (! bb19) ] - - | bb23 = s0 - [ s0 = -{match _52 with + [ s0 = {[@expl:assertion] [%#sghost_map12] inserted_none = C_None'1} s1 + | s1 = {[@expl:assertion] [%#sghost_map13] inserted_some = C_Some'1 (50 : Int32.t)} s2 + | s2 = {[@expl:assertion] [%#sghost_map14] length2 = 2} s3 + | s3 = {[@expl:assertion] [%#sghost_map15] lookup'0 (inner_logic'0 map) (2 : Int32.t) = (100 : Int32.t)} s4 + | s4 = {[@expl:assertion] [%#sghost_map16] lookup'0 (inner_logic'0 map) (1 : Int32.t) = (43 : Int32.t)} s5 + | s5 = MutBorrow.borrow_mut {map} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_56 <- _ret' ] [ &map <- _ret'.final ] s6) + | s6 = deref_mut'0 {_56} (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_55 <- _ret' ] s7) + | s7 = bb18 ] + + | bb18 = s0 + [ s0 = MutBorrow.borrow_final {_55.current} {MutBorrow.get_id _55} + (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_54 <- _ret' ] [ &_55 <- { _55 with current = _ret'.final } ] s1) + | s1 = promoted9__ghost_map'0 (fun (pr9:Int32.t) -> [ &_163 <- pr9 ] s2) + | s2 = [ &_58 <- _163 ] s3 + | s3 = split_mut_ghost'0 {_54} {_58} (fun (_ret':(t_Option'1, MutBorrow.t (t_FMap'0))) -> [ &_53 <- _ret' ] s4) + | s4 = bb19 ] + + | bb19 = any + [ br0 -> {(let (r'0, _) = _53 in r'0) = C_None'0 } (! bb24) + | br1 (x0:MutBorrow.t Int32.t)-> {(let (r'0, _) = _53 in r'0) = C_Some'0 x0} (! bb20) ] + + | bb24 = s0 + [ s0 = -{match _53 with | (_, x'0) -> resolve'0 x'0 | _ -> true end}- s1 - | s1 = -{match _52 with + | s1 = -{match _53 with | (C_Some'0 x'1, _) -> resolve'1 x'1 | _ -> true end}- s2 - | s2 = -{resolve'0 _54}- s3 - | s3 = bb24 ] - - | bb19 = bb20 - | bb20 = s0 - [ s0 = v_Some'0 {let (r'0, _) = _52 in r'0} (fun (r0'0:MutBorrow.t Int32.t) -> [ &x1 <- r0'0 ] s1) - | s1 = [ &map2 <- let (_, r'1) = _52 in r'1 ] s2 - | s2 = [ &x1 <- { x1 with current = ([%#sghost_map19] (42 : Int32.t)) } ] s3 + | s2 = -{resolve'0 _55}- s3 + | s3 = bb25 ] + + | bb20 = bb21 + | bb21 = s0 + [ s0 = v_Some'0 {let (r'0, _) = _53 in r'0} (fun (r0'0:MutBorrow.t Int32.t) -> [ &x1 <- r0'0 ] s1) + | s1 = [ &map2 <- let (_, r'1) = _53 in r'1 ] s2 + | s2 = [ &x1 <- { x1 with current = ([%#sghost_map17] (42 : Int32.t)) } ] s3 | s3 = -{resolve'1 x1}- s4 | s4 = MutBorrow.borrow_mut {map2.current} (fun (_ret':MutBorrow.t (t_FMap'0)) -> - [ &_63 <- _ret' ] + [ &_64 <- _ret' ] [ &map2 <- { map2 with current = _ret'.final } ] s5) - | s5 = insert_ghost'0 {_63} {[%#sghost_map20] (2 : Int32.t)} {[%#sghost_map21] (200 : Int32.t)} - (fun (_ret':t_Option'0) -> [ &_62 <- _ret' ] s6) - | s6 = bb21 ] + | s5 = insert_ghost'0 {_64} {[%#sghost_map18] (2 : Int32.t)} {[%#sghost_map19] (200 : Int32.t)} + (fun (_ret':t_Option'0) -> [ &_63 <- _ret' ] s6) + | s6 = bb22 ] - | bb21 = s0 + | bb22 = s0 [ s0 = MutBorrow.borrow_final {map2.current} {MutBorrow.get_id map2} (fun (_ret':MutBorrow.t (t_FMap'0)) -> - [ &_65 <- _ret' ] + [ &_66 <- _ret' ] [ &map2 <- { map2 with current = _ret'.final } ] s1) - | s1 = insert_ghost'0 {_65} {[%#sghost_map22] (1 : Int32.t)} {[%#sghost_map23] (56 : Int32.t)} - (fun (_ret':t_Option'0) -> [ &_64 <- _ret' ] s2) - | s2 = bb22 ] - - | bb22 = s0 [ s0 = -{resolve'0 map2}- s1 | s1 = -{resolve'0 _54}- s2 | s2 = bb24 ] - | bb24 = s0 - [ s0 = {[@expl:assertion] [%#sghost_map24] lookup'0 (inner_logic'0 (_1.field_0'0).current) (1 : Int32.t) - = (42 : Int32.t)} - s1 - | s1 = {[@expl:assertion] [%#sghost_map25] lookup'0 (inner_logic'0 (_1.field_0'0).current) (2 : Int32.t) - = (200 : Int32.t)} - s2 - | s2 = MutBorrow.borrow_mut {(_1.field_0'0).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_73 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s3) - | s3 = deref_mut'0 {_73} (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_72 <- _ret' ] s4) - | s4 = bb25 ] + | s1 = insert_ghost'0 {_66} {[%#sghost_map20] (1 : Int32.t)} {[%#sghost_map21] (56 : Int32.t)} + (fun (_ret':t_Option'0) -> [ &_65 <- _ret' ] s2) + | s2 = bb23 ] + | bb23 = s0 [ s0 = -{resolve'0 map2}- s1 | s1 = -{resolve'0 _55}- s2 | s2 = bb25 ] | bb25 = s0 - [ s0 = MutBorrow.borrow_final {_72.current} {MutBorrow.get_id _72} - (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_71 <- _ret' ] [ &_72 <- { _72 with current = _ret'.final } ] s1) - | s1 = promoted8__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0 (fun (pr8:Int32.t) -> [ &_161 <- pr8 ] s2) - | s2 = [ &_75 <- _161 ] s3 - | s3 = remove_ghost'0 {_71} {_75} (fun (_ret':t_Option'0) -> [ &remove_none1 <- _ret' ] s4) + [ s0 = {[@expl:assertion] [%#sghost_map22] lookup'0 (inner_logic'0 map) (1 : Int32.t) = (42 : Int32.t)} s1 + | s1 = {[@expl:assertion] [%#sghost_map23] lookup'0 (inner_logic'0 map) (2 : Int32.t) = (200 : Int32.t)} s2 + | s2 = MutBorrow.borrow_mut {map} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_74 <- _ret' ] [ &map <- _ret'.final ] s3) + | s3 = deref_mut'0 {_74} (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_73 <- _ret' ] s4) | s4 = bb26 ] | bb26 = s0 - [ s0 = -{resolve'0 _72}- s1 - | s1 = MutBorrow.borrow_mut {(_1.field_0'0).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_80 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s2) - | s2 = deref_mut'0 {_80} (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_79 <- _ret' ] s3) - | s3 = bb27 ] + [ s0 = MutBorrow.borrow_final {_73.current} {MutBorrow.get_id _73} + (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_72 <- _ret' ] [ &_73 <- { _73 with current = _ret'.final } ] s1) + | s1 = promoted8__ghost_map'0 (fun (pr8:Int32.t) -> [ &_162 <- pr8 ] s2) + | s2 = [ &_76 <- _162 ] s3 + | s3 = remove_ghost'0 {_72} {_76} (fun (_ret':t_Option'0) -> [ &remove_none1 <- _ret' ] s4) + | s4 = bb27 ] | bb27 = s0 - [ s0 = MutBorrow.borrow_final {_79.current} {MutBorrow.get_id _79} - (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_78 <- _ret' ] [ &_79 <- { _79 with current = _ret'.final } ] s1) - | s1 = promoted7__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0 (fun (pr7:Int32.t) -> [ &_160 <- pr7 ] s2) - | s2 = [ &_82 <- _160 ] s3 - | s3 = remove_ghost'0 {_78} {_82} (fun (_ret':t_Option'0) -> [ &remove_some <- _ret' ] s4) - | s4 = bb28 ] + [ s0 = -{resolve'0 _73}- s1 + | s1 = MutBorrow.borrow_mut {map} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_81 <- _ret' ] [ &map <- _ret'.final ] s2) + | s2 = deref_mut'0 {_81} (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_80 <- _ret' ] s3) + | s3 = bb28 ] | bb28 = s0 - [ s0 = -{resolve'0 _79}- s1 - | s1 = MutBorrow.borrow_final {(_1.field_0'0).current} {MutBorrow.get_id _1.field_0'0} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_87 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s2) - | s2 = deref_mut'0 {_87} (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_86 <- _ret' ] s3) - | s3 = bb29 ] + [ s0 = MutBorrow.borrow_final {_80.current} {MutBorrow.get_id _80} + (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_79 <- _ret' ] [ &_80 <- { _80 with current = _ret'.final } ] s1) + | s1 = promoted7__ghost_map'0 (fun (pr7:Int32.t) -> [ &_161 <- pr7 ] s2) + | s2 = [ &_83 <- _161 ] s3 + | s3 = remove_ghost'0 {_79} {_83} (fun (_ret':t_Option'0) -> [ &remove_some <- _ret' ] s4) + | s4 = bb29 ] | bb29 = s0 - [ s0 = MutBorrow.borrow_final {_86.current} {MutBorrow.get_id _86} - (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_85 <- _ret' ] [ &_86 <- { _86 with current = _ret'.final } ] s1) - | s1 = promoted6__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0 (fun (pr6:Int32.t) -> [ &_159 <- pr6 ] s2) - | s2 = [ &_89 <- _159 ] s3 - | s3 = remove_ghost'0 {_85} {_89} (fun (_ret':t_Option'0) -> [ &remove_none2 <- _ret' ] s4) - | s4 = bb30 ] + [ s0 = -{resolve'0 _80}- s1 + | s1 = MutBorrow.borrow_mut {map} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_88 <- _ret' ] [ &map <- _ret'.final ] s2) + | s2 = deref_mut'0 {_88} (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_87 <- _ret' ] s3) + | s3 = bb30 ] | bb30 = s0 - [ s0 = -{resolve'0 _86}- s1 - | s1 = {[@expl:assertion] [%#sghost_map26] remove_none1 = C_None'1} s2 - | s2 = {[@expl:assertion] [%#sghost_map27] remove_some = C_Some'1 (200 : Int32.t)} s3 - | s3 = {[@expl:assertion] [%#sghost_map28] remove_none2 = C_None'1} s4 - | s4 = {[@expl:assertion] [%#sghost_map29] get'0 (inner_logic'0 (_1.field_0'0).current) (2 : Int32.t) = C_None'1} - s5 - | s5 = deref'0 {(_1.field_0'0).current} (fun (_ret':t_FMap'0) -> [ &_101 <- _ret' ] s6) - | s6 = bb31 ] + [ s0 = MutBorrow.borrow_final {_87.current} {MutBorrow.get_id _87} + (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_86 <- _ret' ] [ &_87 <- { _87 with current = _ret'.final } ] s1) + | s1 = promoted6__ghost_map'0 (fun (pr6:Int32.t) -> [ &_160 <- pr6 ] s2) + | s2 = [ &_90 <- _160 ] s3 + | s3 = remove_ghost'0 {_86} {_90} (fun (_ret':t_Option'0) -> [ &remove_none2 <- _ret' ] s4) + | s4 = bb31 ] | bb31 = s0 - [ s0 = promoted5__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0 (fun (pr5:Int32.t) -> [ &_158 <- pr5 ] s1) - | s1 = [ &_104 <- _158 ] s2 - | s2 = contains_ghost'0 {_101} {_104} (fun (_ret':bool) -> [ &contains1 <- _ret' ] s3) - | s3 = bb32 ] - - | bb32 = s0 [ s0 = deref'0 {(_1.field_0'0).current} (fun (_ret':t_FMap'0) -> [ &_108 <- _ret' ] s1) | s1 = bb33 ] - | bb33 = s0 - [ s0 = promoted4__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0 (fun (pr4:Int32.t) -> [ &_157 <- pr4 ] s1) - | s1 = [ &_111 <- _157 ] s2 - | s2 = contains_ghost'0 {_108} {_111} (fun (_ret':bool) -> [ &contains2 <- _ret' ] s3) - | s3 = bb34 ] - - | bb34 = s0 [ s0 = deref'0 {(_1.field_0'0).current} (fun (_ret':t_FMap'0) -> [ &_115 <- _ret' ] s1) | s1 = bb35 ] - | bb35 = s0 - [ s0 = promoted3__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0 (fun (pr3:Int32.t) -> [ &_156 <- pr3 ] s1) - | s1 = [ &_118 <- _156 ] s2 - | s2 = contains_ghost'0 {_115} {_118} (fun (_ret':bool) -> [ &contains3 <- _ret' ] s3) - | s3 = bb36 ] - + [ s0 = -{resolve'0 _87}- s1 + | s1 = {[@expl:assertion] [%#sghost_map24] remove_none1 = C_None'1} s2 + | s2 = {[@expl:assertion] [%#sghost_map25] remove_some = C_Some'1 (200 : Int32.t)} s3 + | s3 = {[@expl:assertion] [%#sghost_map26] remove_none2 = C_None'1} s4 + | s4 = {[@expl:assertion] [%#sghost_map27] get'0 (inner_logic'0 map) (2 : Int32.t) = C_None'1} s5 + | s5 = deref'0 {map} (fun (_ret':t_FMap'0) -> [ &_102 <- _ret' ] s6) + | s6 = bb32 ] + + | bb32 = s0 + [ s0 = promoted5__ghost_map'0 (fun (pr5:Int32.t) -> [ &_159 <- pr5 ] s1) + | s1 = [ &_105 <- _159 ] s2 + | s2 = contains_ghost'0 {_102} {_105} (fun (_ret':bool) -> [ &contains1 <- _ret' ] s3) + | s3 = bb33 ] + + | bb33 = s0 [ s0 = deref'0 {map} (fun (_ret':t_FMap'0) -> [ &_109 <- _ret' ] s1) | s1 = bb34 ] + | bb34 = s0 + [ s0 = promoted4__ghost_map'0 (fun (pr4:Int32.t) -> [ &_158 <- pr4 ] s1) + | s1 = [ &_112 <- _158 ] s2 + | s2 = contains_ghost'0 {_109} {_112} (fun (_ret':bool) -> [ &contains2 <- _ret' ] s3) + | s3 = bb35 ] + + | bb35 = s0 [ s0 = deref'0 {map} (fun (_ret':t_FMap'0) -> [ &_116 <- _ret' ] s1) | s1 = bb36 ] | bb36 = s0 - [ s0 = {[@expl:assertion] [%#sghost_map30] contains1} s1 - | s1 = {[@expl:assertion] [%#sghost_map31] not contains2} s2 - | s2 = {[@expl:assertion] [%#sghost_map32] not contains3} s3 - | s3 = deref'0 {(_1.field_0'0).current} (fun (_ret':t_FMap'0) -> [ &_128 <- _ret' ] s4) - | s4 = bb37 ] + [ s0 = promoted3__ghost_map'0 (fun (pr3:Int32.t) -> [ &_157 <- pr3 ] s1) + | s1 = [ &_119 <- _157 ] s2 + | s2 = contains_ghost'0 {_116} {_119} (fun (_ret':bool) -> [ &contains3 <- _ret' ] s3) + | s3 = bb37 ] | bb37 = s0 - [ s0 = promoted2__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0 (fun (pr2:Int32.t) -> [ &_155 <- pr2 ] s1) - | s1 = [ &_131 <- _155 ] s2 - | s2 = get_ghost'0 {_128} {_131} (fun (_ret':t_Option'2) -> [ &get1 <- _ret' ] s3) - | s3 = bb38 ] - - | bb38 = s0 [ s0 = deref'0 {(_1.field_0'0).current} (fun (_ret':t_FMap'0) -> [ &_135 <- _ret' ] s1) | s1 = bb39 ] - | bb39 = s0 - [ s0 = promoted1__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0 (fun (pr1:Int32.t) -> [ &_154 <- pr1 ] s1) - | s1 = [ &_138 <- _154 ] s2 - | s2 = get_ghost'0 {_135} {_138} (fun (_ret':t_Option'2) -> [ &get2 <- _ret' ] s3) - | s3 = bb40 ] - - | bb40 = s0 [ s0 = deref'0 {(_1.field_0'0).current} (fun (_ret':t_FMap'0) -> [ &_142 <- _ret' ] s1) | s1 = bb41 ] - | bb41 = s0 - [ s0 = promoted0__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0 (fun (pr0:Int32.t) -> [ &_153 <- pr0 ] s1) - | s1 = [ &_145 <- _153 ] s2 - | s2 = get_ghost'0 {_142} {_145} (fun (_ret':t_Option'2) -> [ &get3 <- _ret' ] s3) - | s3 = bb42 ] - + [ s0 = {[@expl:assertion] [%#sghost_map28] contains1} s1 + | s1 = {[@expl:assertion] [%#sghost_map29] not contains2} s2 + | s2 = {[@expl:assertion] [%#sghost_map30] not contains3} s3 + | s3 = deref'0 {map} (fun (_ret':t_FMap'0) -> [ &_129 <- _ret' ] s4) + | s4 = bb38 ] + + | bb38 = s0 + [ s0 = promoted2__ghost_map'0 (fun (pr2:Int32.t) -> [ &_156 <- pr2 ] s1) + | s1 = [ &_132 <- _156 ] s2 + | s2 = get_ghost'0 {_129} {_132} (fun (_ret':t_Option'2) -> [ &get1 <- _ret' ] s3) + | s3 = bb39 ] + + | bb39 = s0 [ s0 = deref'0 {map} (fun (_ret':t_FMap'0) -> [ &_136 <- _ret' ] s1) | s1 = bb40 ] + | bb40 = s0 + [ s0 = promoted1__ghost_map'0 (fun (pr1:Int32.t) -> [ &_155 <- pr1 ] s1) + | s1 = [ &_139 <- _155 ] s2 + | s2 = get_ghost'0 {_136} {_139} (fun (_ret':t_Option'2) -> [ &get2 <- _ret' ] s3) + | s3 = bb41 ] + + | bb41 = s0 [ s0 = deref'0 {map} (fun (_ret':t_FMap'0) -> [ &_143 <- _ret' ] s1) | s1 = bb42 ] | bb42 = s0 - [ s0 = -{resolve'2 _1}- s1 - | s1 = {[@expl:assertion] [%#sghost_map33] get1 = C_Some'2 (42 : Int32.t)} s2 - | s2 = {[@expl:assertion] [%#sghost_map34] get2 = C_None'2} s3 - | s3 = {[@expl:assertion] [%#sghost_map35] get3 = C_None'2} s4 - | s4 = new'1 {_2} (fun (_ret':t_GhostBox'1) -> [ &_0 <- _ret' ] s5) - | s5 = bb43 ] - - | bb43 = return' {_0} ] - - [ & _0 : t_GhostBox'1 = Intrinsic.any_l () - | & _1 : closure0'1 = _1 - | & _2 : () = Intrinsic.any_l () - | & _5 : t_Option'0 = Intrinsic.any_l () - | & _6 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () + [ s0 = promoted0__ghost_map'0 (fun (pr0:Int32.t) -> [ &_154 <- pr0 ] s1) + | s1 = [ &_146 <- _154 ] s2 + | s2 = get_ghost'0 {_143} {_146} (fun (_ret':t_Option'2) -> [ &get3 <- _ret' ] s3) + | s3 = bb43 ] + + | bb43 = s0 + [ s0 = {[@expl:assertion] [%#sghost_map31] get1 = C_Some'2 (42 : Int32.t)} s1 + | s1 = {[@expl:assertion] [%#sghost_map32] get2 = C_None'2} s2 + | s2 = {[@expl:assertion] [%#sghost_map33] get3 = C_None'2} s3 + | s3 = new'1 {_3} (fun (_ret':t_GhostBox'1) -> [ &_2 <- _ret' ] s4) + | s4 = bb44 ] + + | bb44 = bb45 + | bb45 = bb46 + | bb46 = return' {_0} ] + ) + [ & _0 : () = Intrinsic.any_l () + | & map : t_GhostBox'0 = Intrinsic.any_l () + | & _2 : t_GhostBox'1 = Intrinsic.any_l () + | & _3 : () = Intrinsic.any_l () + | & _6 : t_Option'0 = Intrinsic.any_l () | & _7 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () - | & _8 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & _8 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () + | & _9 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () | & length1 : int = Intrinsic.any_l () - | & _11 : t_FMap'0 = Intrinsic.any_l () - | & _18 : t_Option'1 = Intrinsic.any_l () - | & _19 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () + | & _12 : t_FMap'0 = Intrinsic.any_l () + | & _19 : t_Option'1 = Intrinsic.any_l () | & _20 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () - | & _21 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & _23 : Int32.t = Intrinsic.any_l () + | & _21 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () + | & _22 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & _24 : Int32.t = Intrinsic.any_l () | & x : MutBorrow.t Int32.t = Intrinsic.any_l () | & inserted_none : t_Option'0 = Intrinsic.any_l () - | & _30 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () | & _31 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () - | & _32 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & _32 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () + | & _33 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () | & inserted_some : t_Option'0 = Intrinsic.any_l () - | & _34 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () | & _35 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () - | & _36 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & _36 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () + | & _37 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () | & length2 : int = Intrinsic.any_l () - | & _39 : t_FMap'0 = Intrinsic.any_l () - | & _52 : (t_Option'1, MutBorrow.t (t_FMap'0)) = Intrinsic.any_l () - | & _53 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () + | & _40 : t_FMap'0 = Intrinsic.any_l () + | & _53 : (t_Option'1, MutBorrow.t (t_FMap'0)) = Intrinsic.any_l () | & _54 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () - | & _55 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & _57 : Int32.t = Intrinsic.any_l () + | & _55 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () + | & _56 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & _58 : Int32.t = Intrinsic.any_l () | & x1 : MutBorrow.t Int32.t = Intrinsic.any_l () | & map2 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () - | & _62 : t_Option'0 = Intrinsic.any_l () - | & _63 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () - | & _64 : t_Option'0 = Intrinsic.any_l () - | & _65 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () + | & _63 : t_Option'0 = Intrinsic.any_l () + | & _64 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () + | & _65 : t_Option'0 = Intrinsic.any_l () + | & _66 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () | & remove_none1 : t_Option'0 = Intrinsic.any_l () - | & _71 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () | & _72 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () - | & _73 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & _75 : Int32.t = Intrinsic.any_l () + | & _73 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () + | & _74 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & _76 : Int32.t = Intrinsic.any_l () | & remove_some : t_Option'0 = Intrinsic.any_l () - | & _78 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () | & _79 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () - | & _80 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & _82 : Int32.t = Intrinsic.any_l () + | & _80 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () + | & _81 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & _83 : Int32.t = Intrinsic.any_l () | & remove_none2 : t_Option'0 = Intrinsic.any_l () - | & _85 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () | & _86 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () - | & _87 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & _89 : Int32.t = Intrinsic.any_l () + | & _87 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () + | & _88 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & _90 : Int32.t = Intrinsic.any_l () | & contains1 : bool = Intrinsic.any_l () - | & _101 : t_FMap'0 = Intrinsic.any_l () - | & _104 : Int32.t = Intrinsic.any_l () + | & _102 : t_FMap'0 = Intrinsic.any_l () + | & _105 : Int32.t = Intrinsic.any_l () | & contains2 : bool = Intrinsic.any_l () - | & _108 : t_FMap'0 = Intrinsic.any_l () - | & _111 : Int32.t = Intrinsic.any_l () + | & _109 : t_FMap'0 = Intrinsic.any_l () + | & _112 : Int32.t = Intrinsic.any_l () | & contains3 : bool = Intrinsic.any_l () - | & _115 : t_FMap'0 = Intrinsic.any_l () - | & _118 : Int32.t = Intrinsic.any_l () + | & _116 : t_FMap'0 = Intrinsic.any_l () + | & _119 : Int32.t = Intrinsic.any_l () | & get1 : t_Option'2 = Intrinsic.any_l () - | & _128 : t_FMap'0 = Intrinsic.any_l () - | & _131 : Int32.t = Intrinsic.any_l () + | & _129 : t_FMap'0 = Intrinsic.any_l () + | & _132 : Int32.t = Intrinsic.any_l () | & get2 : t_Option'2 = Intrinsic.any_l () - | & _135 : t_FMap'0 = Intrinsic.any_l () - | & _138 : Int32.t = Intrinsic.any_l () + | & _136 : t_FMap'0 = Intrinsic.any_l () + | & _139 : Int32.t = Intrinsic.any_l () | & get3 : t_Option'2 = Intrinsic.any_l () - | & _142 : t_FMap'0 = Intrinsic.any_l () - | & _145 : Int32.t = Intrinsic.any_l () - | & _153 : Int32.t = Intrinsic.any_l () + | & _143 : t_FMap'0 = Intrinsic.any_l () + | & _146 : Int32.t = Intrinsic.any_l () | & _154 : Int32.t = Intrinsic.any_l () | & _155 : Int32.t = Intrinsic.any_l () | & _156 : Int32.t = Intrinsic.any_l () @@ -827,29 +777,7 @@ module M_ghost_map__ghost_map [#"ghost_map.rs" 4 0 4 18] | & _160 : Int32.t = Intrinsic.any_l () | & _161 : Int32.t = Intrinsic.any_l () | & _162 : Int32.t = Intrinsic.any_l () - | & _163 : Int32.t = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'1)-> return' {result} ] - - meta "compute_max_steps" 1000000 - - let rec ghost_map'0[#"ghost_map.rs" 4 0 4 18] (_1:()) (return' (ret:()))= (! bb0 - [ bb0 = s0 [ s0 = new'0 {[%#sghost_map0] ()} (fun (_ret':t_GhostBox'0) -> [ &map <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 - [ s0 = MutBorrow.borrow_mut {map} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_4 <- _ret' ] [ &map <- _ret'.final ] s1) - | s1 = [ &_3 <- { field_0'0 = _4 } ] s2 - | s2 = closure0'0 {_3} (fun (_ret':t_GhostBox'1) -> [ &_2 <- _ret' ] s3) - | s3 = bb2 ] - - | bb2 = bb3 - | bb3 = bb4 - | bb4 = return' {_0} ] - ) - [ & _0 : () = Intrinsic.any_l () - | & map : t_GhostBox'0 = Intrinsic.any_l () - | & _2 : t_GhostBox'1 = Intrinsic.any_l () - | & _3 : closure0'1 = Intrinsic.any_l () - | & _4 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & _5 : () = Intrinsic.any_l () ] + | & _163 : Int32.t = Intrinsic.any_l () + | & _164 : Int32.t = Intrinsic.any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/ghost/ghost_map/proof.json b/creusot/tests/should_succeed/ghost/ghost_map/proof.json index f53e669d81..65e6a61c97 100644 --- a/creusot/tests/should_succeed/ghost/ghost_map/proof.json +++ b/creusot/tests/should_succeed/ghost/ghost_map/proof.json @@ -7,61 +7,27 @@ ], "proofs": { "M_ghost_map__ghost_map": { - "vc_closure0'0": { "prover": "cvc5@1.0.5", "time": 0.031 }, "vc_contains_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.034 }, - "vc_deref'0": { "prover": "cvc5@1.0.5", "time": 0.057 }, - "vc_deref_mut'0": { "prover": "cvc5@1.0.5", "time": 0.046 }, + "vc_deref'0": { "prover": "cvc5@1.0.5", "time": 0.019 }, + "vc_deref_mut'0": { "prover": "cvc5@1.0.5", "time": 0.02 }, "vc_get_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.029 }, "vc_get_mut_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.042 }, "vc_ghost_map'0": { "prover": "z3@4.12.4", "time": 0.077 }, - "vc_insert_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.059 }, - "vc_len_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.043 }, + "vc_insert_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.02 }, + "vc_len_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.02 }, "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.037 }, "vc_new'1": { "prover": "cvc5@1.0.5", "time": 0.029 }, - "vc_promoted0__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0": { - "prover": "cvc5@1.0.5", - "time": 0.019 - }, - "vc_promoted10__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0": { - "prover": "cvc5@1.0.5", - "time": 0.03 - }, - "vc_promoted1__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0": { - "prover": "cvc5@1.0.5", - "time": 0.034 - }, - "vc_promoted2__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0": { - "prover": "cvc5@1.0.5", - "time": 0.016 - }, - "vc_promoted3__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0": { - "prover": "cvc5@1.0.5", - "time": 0.016 - }, - "vc_promoted4__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0": { - "prover": "cvc5@1.0.5", - "time": 0.016 - }, - "vc_promoted5__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0": { - "prover": "cvc5@1.0.5", - "time": 0.023 - }, - "vc_promoted6__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0": { - "prover": "cvc5@1.0.5", - "time": 0.025 - }, - "vc_promoted7__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0": { - "prover": "cvc5@1.0.5", - "time": 0.019 - }, - "vc_promoted8__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0": { - "prover": "cvc5@1.0.5", - "time": 0.025 - }, - "vc_promoted9__ghost_mapqy58zqy58zqy123zclosureqy35z0qy125z'0": { - "prover": "cvc5@1.0.5", - "time": 0.017 - }, + "vc_promoted0__ghost_map'0": { "prover": "cvc5@1.0.5", "time": 0.028 }, + "vc_promoted10__ghost_map'0": { "prover": "cvc5@1.0.5", "time": 0.032 }, + "vc_promoted1__ghost_map'0": { "prover": "cvc5@1.0.5", "time": 0.021 }, + "vc_promoted2__ghost_map'0": { "prover": "cvc5@1.0.5", "time": 0.023 }, + "vc_promoted3__ghost_map'0": { "prover": "cvc5@1.0.5", "time": 0.023 }, + "vc_promoted4__ghost_map'0": { "prover": "cvc5@1.0.5", "time": 0.024 }, + "vc_promoted5__ghost_map'0": { "prover": "cvc5@1.0.5", "time": 0.029 }, + "vc_promoted6__ghost_map'0": { "prover": "cvc5@1.0.5", "time": 0.018 }, + "vc_promoted7__ghost_map'0": { "prover": "cvc5@1.0.5", "time": 0.031 }, + "vc_promoted8__ghost_map'0": { "prover": "cvc5@1.0.5", "time": 0.023 }, + "vc_promoted9__ghost_map'0": { "prover": "cvc5@1.0.5", "time": 0.019 }, "vc_remove_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.022 }, "vc_split_mut_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.018 }, "vc_v_Some'0": { "prover": "cvc5@1.0.5", "time": 0.019 } diff --git a/creusot/tests/should_succeed/ghost/ghost_set.coma b/creusot/tests/should_succeed/ghost/ghost_set.coma index e6bed0f4cd..1b4fc6c304 100644 --- a/creusot/tests/should_succeed/ghost/ghost_set.coma +++ b/creusot/tests/should_succeed/ghost/ghost_set.coma @@ -1,25 +1,25 @@ module M_ghost_set__ghost_map [#"ghost_set.rs" 4 0 4 18] let%span sghost_set0 = "ghost_set.rs" 5 18 5 36 - let%span sfset1 = "../../../../creusot-contracts/src/logic/fset.rs" 317 4 317 34 - let%span sfset2 = "../../../../creusot-contracts/src/logic/fset.rs" 315 14 315 31 - let%span sghost_set3 = "ghost_set.rs" 7 22 7 53 - let%span sghost_set4 = "ghost_set.rs" 8 25 8 26 - let%span sghost_set5 = "ghost_set.rs" 10 22 10 63 - let%span sghost_set6 = "ghost_set.rs" 11 22 11 34 - let%span sghost_set7 = "ghost_set.rs" 12 28 12 29 - let%span sghost_set8 = "ghost_set.rs" 12 31 12 32 - let%span sghost_set9 = "ghost_set.rs" 12 34 12 35 - let%span sghost_set10 = "ghost_set.rs" 14 45 14 46 - let%span sghost_set11 = "ghost_set.rs" 15 46 15 47 - let%span sghost_set12 = "ghost_set.rs" 17 22 17 54 - let%span sghost_set13 = "ghost_set.rs" 18 22 18 34 - let%span sghost_set14 = "ghost_set.rs" 19 22 19 62 - let%span sghost_set15 = "ghost_set.rs" 24 22 24 69 - let%span sghost_set16 = "ghost_set.rs" 25 22 25 41 - let%span sghost_set17 = "ghost_set.rs" 26 22 26 36 - let%span sghost_set18 = "ghost_set.rs" 31 22 31 31 - let%span sghost_set19 = "ghost_set.rs" 32 22 32 32 - let%span sghost_set20 = "ghost_set.rs" 33 22 33 32 + let%span sghost_set1 = "ghost_set.rs" 7 22 7 53 + let%span sghost_set2 = "ghost_set.rs" 8 25 8 26 + let%span sghost_set3 = "ghost_set.rs" 10 22 10 63 + let%span sghost_set4 = "ghost_set.rs" 11 22 11 34 + let%span sghost_set5 = "ghost_set.rs" 12 28 12 29 + let%span sghost_set6 = "ghost_set.rs" 12 31 12 32 + let%span sghost_set7 = "ghost_set.rs" 12 34 12 35 + let%span sghost_set8 = "ghost_set.rs" 14 45 14 46 + let%span sghost_set9 = "ghost_set.rs" 15 46 15 47 + let%span sghost_set10 = "ghost_set.rs" 17 22 17 54 + let%span sghost_set11 = "ghost_set.rs" 18 22 18 34 + let%span sghost_set12 = "ghost_set.rs" 19 22 19 62 + let%span sghost_set13 = "ghost_set.rs" 24 22 24 69 + let%span sghost_set14 = "ghost_set.rs" 25 22 25 41 + let%span sghost_set15 = "ghost_set.rs" 26 22 26 36 + let%span sghost_set16 = "ghost_set.rs" 31 22 31 31 + let%span sghost_set17 = "ghost_set.rs" 32 22 32 32 + let%span sghost_set18 = "ghost_set.rs" 33 22 33 32 + let%span sfset19 = "../../../../creusot-contracts/src/logic/fset.rs" 317 4 317 34 + let%span sfset20 = "../../../../creusot-contracts/src/logic/fset.rs" 315 14 315 31 let%span sghost21 = "../../../../creusot-contracts/src/ghost.rs" 228 9 228 15 let%span sfset22 = "../../../../creusot-contracts/src/logic/fset.rs" 47 8 47 26 let%span sghost23 = "../../../../creusot-contracts/src/ghost.rs" 85 22 85 26 @@ -65,18 +65,18 @@ module M_ghost_set__ghost_map [#"ghost_set.rs" 4 0 4 18] use set.Fset let rec new'0 (_1:()) (return' (ret:t_GhostBox'0))= any - [ return' (result:t_GhostBox'0)-> {[%#sfset1] inv'0 result} - {[%#sfset2] Fset.is_empty (inner_logic'0 result)} + [ return' (result:t_GhostBox'0)-> {[%#sfset19] inv'0 result} + {[%#sfset20] Fset.is_empty (inner_logic'0 result)} (! return' {result}) ] - use creusot.prelude.MutBorrow - use set.Fset predicate contains'0 [@inline:trivial] (self : Fset.fset Int32.t) (e : Int32.t) = [%#sfset22] Fset.mem e self + use creusot.prelude.MutBorrow + predicate inv'1 (_1 : MutBorrow.t (t_GhostBox'0)) axiom inv_axiom'1 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'0) [inv'1 x] . inv'1 x = true @@ -110,11 +110,11 @@ module M_ghost_set__ghost_map [#"ghost_set.rs" 4 0 4 18] (! return' {result}) ] - predicate resolve'2 (self : MutBorrow.t (Fset.fset Int32.t)) = + predicate resolve'1 (self : MutBorrow.t (Fset.fset Int32.t)) = [%#sresolve46] self.final = self.current predicate resolve'0 (_1 : MutBorrow.t (Fset.fset Int32.t)) = - resolve'2 _1 + resolve'1 _1 predicate inv'4 (_1 : t_GhostBox'0) @@ -157,18 +157,6 @@ module M_ghost_set__ghost_map [#"ghost_set.rs" 4 0 4 18] {[@expl:contains_ghost 'value' type invariant] [%#sfset40] inv'6 value} any [ return' (result:bool)-> {[%#sfset41] result = contains'0 self value} (! return' {result}) ] - type closure0'1 = - { field_0'0: MutBorrow.t (t_GhostBox'0) } - - predicate resolve'4 (self : MutBorrow.t (t_GhostBox'0)) = - [%#sresolve46] self.final = self.current - - predicate resolve'3 (_1 : MutBorrow.t (t_GhostBox'0)) = - resolve'4 _1 - - predicate resolve'1 (_1 : closure0'1) = - resolve'3 _1.field_0'0 - predicate inv'7 (_1 : ()) axiom inv_axiom'7 [@rewrite] : forall x : () [inv'7 x] . inv'7 x = true @@ -189,260 +177,218 @@ module M_ghost_set__ghost_map [#"ghost_set.rs" 4 0 4 18] use creusot.prelude.Intrinsic - let rec closure0'0[#"ghost_set.rs" 6 4 34 5] [@coma:extspec] (_1:closure0'1) (return' (ret:t_GhostBox'1))= bb0 - [ bb0 = s0 - [ s0 = {[@expl:assertion] [%#sghost_set3] forall k : Int32.t . not contains'0 (inner_logic'0 (_1.field_0'0).current) k} - s1 - | s1 = MutBorrow.borrow_mut {(_1.field_0'0).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_8 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s2) - | s2 = deref_mut'0 {_8} (fun (_ret':MutBorrow.t (Fset.fset Int32.t)) -> [ &_7 <- _ret' ] s3) - | s3 = bb1 ] - + meta "compute_max_steps" 1000000 + + let rec ghost_map'0[#"ghost_set.rs" 4 0 4 18] (_1:()) (return' (ret:()))= (! bb0 + [ bb0 = s0 [ s0 = new'0 {[%#sghost_set0] ()} (fun (_ret':t_GhostBox'0) -> [ &set <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} - (fun (_ret':MutBorrow.t (Fset.fset Int32.t)) -> - [ &_6 <- _ret' ] - [ &_7 <- { _7 with current = _ret'.final } ] - s1) - | s1 = insert_ghost'0 {_6} {[%#sghost_set4] (1 : Int32.t)} (fun (_ret':bool) -> [ &_5 <- _ret' ] s2) - | s2 = bb2 ] + [ s0 = {[@expl:assertion] [%#sghost_set1] forall k : Int32.t . not contains'0 (inner_logic'0 set) k} s1 + | s1 = MutBorrow.borrow_mut {set} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_9 <- _ret' ] [ &set <- _ret'.final ] s2) + | s2 = deref_mut'0 {_9} (fun (_ret':MutBorrow.t (Fset.fset Int32.t)) -> [ &_8 <- _ret' ] s3) + | s3 = bb2 ] | bb2 = s0 - [ s0 = -{resolve'0 _7}- s1 - | s1 = deref'0 {(_1.field_0'0).current} (fun (_ret':Fset.fset Int32.t) -> [ &_11 <- _ret' ] s2) + [ s0 = MutBorrow.borrow_final {_8.current} {MutBorrow.get_id _8} + (fun (_ret':MutBorrow.t (Fset.fset Int32.t)) -> + [ &_7 <- _ret' ] + [ &_8 <- { _8 with current = _ret'.final } ] + s1) + | s1 = insert_ghost'0 {_7} {[%#sghost_set2] (1 : Int32.t)} (fun (_ret':bool) -> [ &_6 <- _ret' ] s2) | s2 = bb3 ] - | bb3 = s0 [ s0 = len_ghost'0 {_11} (fun (_ret':int) -> [ &length1 <- _ret' ] s1) | s1 = bb4 ] - | bb4 = s0 - [ s0 = {[@expl:assertion] [%#sghost_set5] contains'0 (inner_logic'0 (_1.field_0'0).current) (1 : Int32.t) - /\ not contains'0 (inner_logic'0 (_1.field_0'0).current) (2 : Int32.t)} + | bb3 = s0 + [ s0 = -{resolve'0 _8}- s1 + | s1 = deref'0 {set} (fun (_ret':Fset.fset Int32.t) -> [ &_12 <- _ret' ] s2) + | s2 = bb4 ] + + | bb4 = s0 [ s0 = len_ghost'0 {_12} (fun (_ret':int) -> [ &length1 <- _ret' ] s1) | s1 = bb5 ] + | bb5 = s0 + [ s0 = {[@expl:assertion] [%#sghost_set3] contains'0 (inner_logic'0 set) (1 : Int32.t) + /\ not contains'0 (inner_logic'0 set) (2 : Int32.t)} s1 - | s1 = {[@expl:assertion] [%#sghost_set6] length1 = 1} s2 + | s1 = {[@expl:assertion] [%#sghost_set4] length1 = 1} s2 | s2 = - [ &_20 <- (([%#sghost_set7] (1 : Int32.t)), ([%#sghost_set8] (2 : Int32.t)), ([%#sghost_set9] (3 : Int32.t))) ] + [ &_21 <- (([%#sghost_set5] (1 : Int32.t)), ([%#sghost_set6] (2 : Int32.t)), ([%#sghost_set7] (3 : Int32.t))) ] s3 - | s3 = [ &x1 <- let (r'0, _, _) = _20 in r'0 ] s4 - | s4 = [ &x2 <- let (_, r'1, _) = _20 in r'1 ] s5 - | s5 = [ &x3 <- let (_, _, r'2) = _20 in r'2 ] s6 - | s6 = MutBorrow.borrow_mut {(_1.field_0'0).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_24 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s7) - | s7 = deref_mut'0 {_24} (fun (_ret':MutBorrow.t (Fset.fset Int32.t)) -> [ &_23 <- _ret' ] s8) - | s8 = bb5 ] + | s3 = [ &x1 <- let (r'0, _, _) = _21 in r'0 ] s4 + | s4 = [ &x2 <- let (_, r'1, _) = _21 in r'1 ] s5 + | s5 = [ &x3 <- let (_, _, r'2) = _21 in r'2 ] s6 + | s6 = MutBorrow.borrow_mut {set} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_25 <- _ret' ] [ &set <- _ret'.final ] s7) + | s7 = deref_mut'0 {_25} (fun (_ret':MutBorrow.t (Fset.fset Int32.t)) -> [ &_24 <- _ret' ] s8) + | s8 = bb6 ] - | bb5 = s0 - [ s0 = MutBorrow.borrow_final {_23.current} {MutBorrow.get_id _23} + | bb6 = s0 + [ s0 = MutBorrow.borrow_final {_24.current} {MutBorrow.get_id _24} (fun (_ret':MutBorrow.t (Fset.fset Int32.t)) -> - [ &_22 <- _ret' ] - [ &_23 <- { _23 with current = _ret'.final } ] + [ &_23 <- _ret' ] + [ &_24 <- { _24 with current = _ret'.final } ] s1) - | s1 = insert_ghost'0 {_22} {[%#sghost_set10] (2 : Int32.t)} (fun (_ret':bool) -> [ &inserted_true <- _ret' ] s2) - | s2 = bb6 ] - - | bb6 = s0 - [ s0 = -{resolve'0 _23}- s1 - | s1 = MutBorrow.borrow_mut {(_1.field_0'0).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_28 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s2) - | s2 = deref_mut'0 {_28} (fun (_ret':MutBorrow.t (Fset.fset Int32.t)) -> [ &_27 <- _ret' ] s3) - | s3 = bb7 ] + | s1 = insert_ghost'0 {_23} {[%#sghost_set8] (2 : Int32.t)} (fun (_ret':bool) -> [ &inserted_true <- _ret' ] s2) + | s2 = bb7 ] | bb7 = s0 - [ s0 = MutBorrow.borrow_final {_27.current} {MutBorrow.get_id _27} - (fun (_ret':MutBorrow.t (Fset.fset Int32.t)) -> - [ &_26 <- _ret' ] - [ &_27 <- { _27 with current = _ret'.final } ] - s1) - | s1 = insert_ghost'0 {_26} {[%#sghost_set11] (2 : Int32.t)} - (fun (_ret':bool) -> [ &inserted_false <- _ret' ] s2) - | s2 = bb8 ] + [ s0 = -{resolve'0 _24}- s1 + | s1 = MutBorrow.borrow_mut {set} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_29 <- _ret' ] [ &set <- _ret'.final ] s2) + | s2 = deref_mut'0 {_29} (fun (_ret':MutBorrow.t (Fset.fset Int32.t)) -> [ &_28 <- _ret' ] s3) + | s3 = bb8 ] | bb8 = s0 - [ s0 = -{resolve'0 _27}- s1 - | s1 = deref'0 {(_1.field_0'0).current} (fun (_ret':Fset.fset Int32.t) -> [ &_31 <- _ret' ] s2) + [ s0 = MutBorrow.borrow_final {_28.current} {MutBorrow.get_id _28} + (fun (_ret':MutBorrow.t (Fset.fset Int32.t)) -> + [ &_27 <- _ret' ] + [ &_28 <- { _28 with current = _ret'.final } ] + s1) + | s1 = insert_ghost'0 {_27} {[%#sghost_set9] (2 : Int32.t)} (fun (_ret':bool) -> [ &inserted_false <- _ret' ] s2) | s2 = bb9 ] - | bb9 = s0 [ s0 = len_ghost'0 {_31} (fun (_ret':int) -> [ &length2 <- _ret' ] s1) | s1 = bb10 ] - | bb10 = s0 - [ s0 = {[@expl:assertion] [%#sghost_set12] inserted_true /\ not inserted_false} s1 - | s1 = {[@expl:assertion] [%#sghost_set13] length2 = 2} s2 - | s2 = {[@expl:assertion] [%#sghost_set14] contains'0 (inner_logic'0 (_1.field_0'0).current) (1 : Int32.t) - /\ contains'0 (inner_logic'0 (_1.field_0'0).current) (2 : Int32.t)} - s3 - | s3 = MutBorrow.borrow_mut {(_1.field_0'0).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_42 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s4) - | s4 = deref_mut'0 {_42} (fun (_ret':MutBorrow.t (Fset.fset Int32.t)) -> [ &_41 <- _ret' ] s5) - | s5 = bb11 ] + | bb9 = s0 + [ s0 = -{resolve'0 _28}- s1 + | s1 = deref'0 {set} (fun (_ret':Fset.fset Int32.t) -> [ &_32 <- _ret' ] s2) + | s2 = bb10 ] + | bb10 = s0 [ s0 = len_ghost'0 {_32} (fun (_ret':int) -> [ &length2 <- _ret' ] s1) | s1 = bb11 ] | bb11 = s0 - [ s0 = MutBorrow.borrow_final {_41.current} {MutBorrow.get_id _41} - (fun (_ret':MutBorrow.t (Fset.fset Int32.t)) -> - [ &_40 <- _ret' ] - [ &_41 <- { _41 with current = _ret'.final } ] - s1) - | s1 = [ &_44 <- x3 ] s2 - | s2 = remove_ghost'0 {_40} {_44} (fun (_ret':bool) -> [ &remove_false1 <- _ret' ] s3) - | s3 = bb12 ] + [ s0 = {[@expl:assertion] [%#sghost_set10] inserted_true /\ not inserted_false} s1 + | s1 = {[@expl:assertion] [%#sghost_set11] length2 = 2} s2 + | s2 = {[@expl:assertion] [%#sghost_set12] contains'0 (inner_logic'0 set) (1 : Int32.t) + /\ contains'0 (inner_logic'0 set) (2 : Int32.t)} + s3 + | s3 = MutBorrow.borrow_mut {set} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_43 <- _ret' ] [ &set <- _ret'.final ] s4) + | s4 = deref_mut'0 {_43} (fun (_ret':MutBorrow.t (Fset.fset Int32.t)) -> [ &_42 <- _ret' ] s5) + | s5 = bb12 ] | bb12 = s0 - [ s0 = -{resolve'0 _41}- s1 - | s1 = MutBorrow.borrow_mut {(_1.field_0'0).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_48 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s2) - | s2 = deref_mut'0 {_48} (fun (_ret':MutBorrow.t (Fset.fset Int32.t)) -> [ &_47 <- _ret' ] s3) + [ s0 = MutBorrow.borrow_final {_42.current} {MutBorrow.get_id _42} + (fun (_ret':MutBorrow.t (Fset.fset Int32.t)) -> + [ &_41 <- _ret' ] + [ &_42 <- { _42 with current = _ret'.final } ] + s1) + | s1 = [ &_45 <- x3 ] s2 + | s2 = remove_ghost'0 {_41} {_45} (fun (_ret':bool) -> [ &remove_false1 <- _ret' ] s3) | s3 = bb13 ] | bb13 = s0 - [ s0 = MutBorrow.borrow_final {_47.current} {MutBorrow.get_id _47} - (fun (_ret':MutBorrow.t (Fset.fset Int32.t)) -> - [ &_46 <- _ret' ] - [ &_47 <- { _47 with current = _ret'.final } ] - s1) - | s1 = [ &_50 <- x2 ] s2 - | s2 = remove_ghost'0 {_46} {_50} (fun (_ret':bool) -> [ &remove_true <- _ret' ] s3) + [ s0 = -{resolve'0 _42}- s1 + | s1 = MutBorrow.borrow_mut {set} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_49 <- _ret' ] [ &set <- _ret'.final ] s2) + | s2 = deref_mut'0 {_49} (fun (_ret':MutBorrow.t (Fset.fset Int32.t)) -> [ &_48 <- _ret' ] s3) | s3 = bb14 ] | bb14 = s0 - [ s0 = -{resolve'0 _47}- s1 - | s1 = MutBorrow.borrow_final {(_1.field_0'0).current} {MutBorrow.get_id _1.field_0'0} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_54 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s2) - | s2 = deref_mut'0 {_54} (fun (_ret':MutBorrow.t (Fset.fset Int32.t)) -> [ &_53 <- _ret' ] s3) + [ s0 = MutBorrow.borrow_final {_48.current} {MutBorrow.get_id _48} + (fun (_ret':MutBorrow.t (Fset.fset Int32.t)) -> + [ &_47 <- _ret' ] + [ &_48 <- { _48 with current = _ret'.final } ] + s1) + | s1 = [ &_51 <- x2 ] s2 + | s2 = remove_ghost'0 {_47} {_51} (fun (_ret':bool) -> [ &remove_true <- _ret' ] s3) | s3 = bb15 ] | bb15 = s0 - [ s0 = MutBorrow.borrow_final {_53.current} {MutBorrow.get_id _53} - (fun (_ret':MutBorrow.t (Fset.fset Int32.t)) -> - [ &_52 <- _ret' ] - [ &_53 <- { _53 with current = _ret'.final } ] - s1) - | s1 = [ &_56 <- x2 ] s2 - | s2 = remove_ghost'0 {_52} {_56} (fun (_ret':bool) -> [ &remove_false2 <- _ret' ] s3) + [ s0 = -{resolve'0 _48}- s1 + | s1 = MutBorrow.borrow_mut {set} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_55 <- _ret' ] [ &set <- _ret'.final ] s2) + | s2 = deref_mut'0 {_55} (fun (_ret':MutBorrow.t (Fset.fset Int32.t)) -> [ &_54 <- _ret' ] s3) | s3 = bb16 ] | bb16 = s0 - [ s0 = -{resolve'0 _53}- s1 - | s1 = {[@expl:assertion] [%#sghost_set15] not remove_false1 /\ remove_true /\ not remove_false2} s2 - | s2 = {[@expl:assertion] [%#sghost_set16] not contains'0 (inner_logic'0 (_1.field_0'0).current) (2 : Int32.t)} s3 - | s3 = {[@expl:assertion] [%#sghost_set17] Fset.cardinal (inner_logic'0 (_1.field_0'0).current) = 1} s4 - | s4 = deref'0 {(_1.field_0'0).current} (fun (_ret':Fset.fset Int32.t) -> [ &_65 <- _ret' ] s5) - | s5 = bb17 ] + [ s0 = MutBorrow.borrow_final {_54.current} {MutBorrow.get_id _54} + (fun (_ret':MutBorrow.t (Fset.fset Int32.t)) -> + [ &_53 <- _ret' ] + [ &_54 <- { _54 with current = _ret'.final } ] + s1) + | s1 = [ &_57 <- x2 ] s2 + | s2 = remove_ghost'0 {_53} {_57} (fun (_ret':bool) -> [ &remove_false2 <- _ret' ] s3) + | s3 = bb17 ] | bb17 = s0 - [ s0 = [ &_68 <- x1 ] s1 - | s1 = contains_ghost'0 {_65} {_68} (fun (_ret':bool) -> [ &contains1 <- _ret' ] s2) - | s2 = bb18 ] + [ s0 = -{resolve'0 _54}- s1 + | s1 = {[@expl:assertion] [%#sghost_set13] not remove_false1 /\ remove_true /\ not remove_false2} s2 + | s2 = {[@expl:assertion] [%#sghost_set14] not contains'0 (inner_logic'0 set) (2 : Int32.t)} s3 + | s3 = {[@expl:assertion] [%#sghost_set15] Fset.cardinal (inner_logic'0 set) = 1} s4 + | s4 = deref'0 {set} (fun (_ret':Fset.fset Int32.t) -> [ &_66 <- _ret' ] s5) + | s5 = bb18 ] | bb18 = s0 - [ s0 = deref'0 {(_1.field_0'0).current} (fun (_ret':Fset.fset Int32.t) -> [ &_71 <- _ret' ] s1) | s1 = bb19 ] - - | bb19 = s0 - [ s0 = [ &_74 <- x2 ] s1 - | s1 = contains_ghost'0 {_71} {_74} (fun (_ret':bool) -> [ &contains2 <- _ret' ] s2) - | s2 = bb20 ] + [ s0 = [ &_69 <- x1 ] s1 + | s1 = contains_ghost'0 {_66} {_69} (fun (_ret':bool) -> [ &contains1 <- _ret' ] s2) + | s2 = bb19 ] + | bb19 = s0 [ s0 = deref'0 {set} (fun (_ret':Fset.fset Int32.t) -> [ &_72 <- _ret' ] s1) | s1 = bb20 ] | bb20 = s0 - [ s0 = deref'0 {(_1.field_0'0).current} (fun (_ret':Fset.fset Int32.t) -> [ &_77 <- _ret' ] s1) | s1 = bb21 ] - - | bb21 = s0 - [ s0 = [ &_80 <- x3 ] s1 - | s1 = contains_ghost'0 {_77} {_80} (fun (_ret':bool) -> [ &contains3 <- _ret' ] s2) - | s2 = bb22 ] + [ s0 = [ &_75 <- x2 ] s1 + | s1 = contains_ghost'0 {_72} {_75} (fun (_ret':bool) -> [ &contains2 <- _ret' ] s2) + | s2 = bb21 ] + | bb21 = s0 [ s0 = deref'0 {set} (fun (_ret':Fset.fset Int32.t) -> [ &_78 <- _ret' ] s1) | s1 = bb22 ] | bb22 = s0 - [ s0 = -{resolve'1 _1}- s1 - | s1 = {[@expl:assertion] [%#sghost_set18] contains1} s2 - | s2 = {[@expl:assertion] [%#sghost_set19] not contains2} s3 - | s3 = {[@expl:assertion] [%#sghost_set20] not contains3} s4 - | s4 = new'1 {_2} (fun (_ret':t_GhostBox'1) -> [ &_0 <- _ret' ] s5) - | s5 = bb23 ] + [ s0 = [ &_81 <- x3 ] s1 + | s1 = contains_ghost'0 {_78} {_81} (fun (_ret':bool) -> [ &contains3 <- _ret' ] s2) + | s2 = bb23 ] - | bb23 = return' {_0} ] + | bb23 = s0 + [ s0 = {[@expl:assertion] [%#sghost_set16] contains1} s1 + | s1 = {[@expl:assertion] [%#sghost_set17] not contains2} s2 + | s2 = {[@expl:assertion] [%#sghost_set18] not contains3} s3 + | s3 = new'1 {_3} (fun (_ret':t_GhostBox'1) -> [ &_2 <- _ret' ] s4) + | s4 = bb24 ] - [ & _0 : t_GhostBox'1 = Intrinsic.any_l () - | & _1 : closure0'1 = _1 - | & _2 : () = Intrinsic.any_l () - | & _5 : bool = Intrinsic.any_l () - | & _6 : MutBorrow.t (Fset.fset Int32.t) = Intrinsic.any_l () + | bb24 = bb25 + | bb25 = bb26 + | bb26 = return' {_0} ] + ) + [ & _0 : () = Intrinsic.any_l () + | & set : t_GhostBox'0 = Intrinsic.any_l () + | & _2 : t_GhostBox'1 = Intrinsic.any_l () + | & _3 : () = Intrinsic.any_l () + | & _6 : bool = Intrinsic.any_l () | & _7 : MutBorrow.t (Fset.fset Int32.t) = Intrinsic.any_l () - | & _8 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & _8 : MutBorrow.t (Fset.fset Int32.t) = Intrinsic.any_l () + | & _9 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () | & length1 : int = Intrinsic.any_l () - | & _11 : Fset.fset Int32.t = Intrinsic.any_l () + | & _12 : Fset.fset Int32.t = Intrinsic.any_l () | & x1 : Int32.t = Intrinsic.any_l () | & x2 : Int32.t = Intrinsic.any_l () | & x3 : Int32.t = Intrinsic.any_l () - | & _20 : (Int32.t, Int32.t, Int32.t) = Intrinsic.any_l () + | & _21 : (Int32.t, Int32.t, Int32.t) = Intrinsic.any_l () | & inserted_true : bool = Intrinsic.any_l () - | & _22 : MutBorrow.t (Fset.fset Int32.t) = Intrinsic.any_l () | & _23 : MutBorrow.t (Fset.fset Int32.t) = Intrinsic.any_l () - | & _24 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & _24 : MutBorrow.t (Fset.fset Int32.t) = Intrinsic.any_l () + | & _25 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () | & inserted_false : bool = Intrinsic.any_l () - | & _26 : MutBorrow.t (Fset.fset Int32.t) = Intrinsic.any_l () | & _27 : MutBorrow.t (Fset.fset Int32.t) = Intrinsic.any_l () - | & _28 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & _28 : MutBorrow.t (Fset.fset Int32.t) = Intrinsic.any_l () + | & _29 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () | & length2 : int = Intrinsic.any_l () - | & _31 : Fset.fset Int32.t = Intrinsic.any_l () + | & _32 : Fset.fset Int32.t = Intrinsic.any_l () | & remove_false1 : bool = Intrinsic.any_l () - | & _40 : MutBorrow.t (Fset.fset Int32.t) = Intrinsic.any_l () | & _41 : MutBorrow.t (Fset.fset Int32.t) = Intrinsic.any_l () - | & _42 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & _44 : Int32.t = Intrinsic.any_l () + | & _42 : MutBorrow.t (Fset.fset Int32.t) = Intrinsic.any_l () + | & _43 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & _45 : Int32.t = Intrinsic.any_l () | & remove_true : bool = Intrinsic.any_l () - | & _46 : MutBorrow.t (Fset.fset Int32.t) = Intrinsic.any_l () | & _47 : MutBorrow.t (Fset.fset Int32.t) = Intrinsic.any_l () - | & _48 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & _50 : Int32.t = Intrinsic.any_l () + | & _48 : MutBorrow.t (Fset.fset Int32.t) = Intrinsic.any_l () + | & _49 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & _51 : Int32.t = Intrinsic.any_l () | & remove_false2 : bool = Intrinsic.any_l () - | & _52 : MutBorrow.t (Fset.fset Int32.t) = Intrinsic.any_l () | & _53 : MutBorrow.t (Fset.fset Int32.t) = Intrinsic.any_l () - | & _54 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & _56 : Int32.t = Intrinsic.any_l () + | & _54 : MutBorrow.t (Fset.fset Int32.t) = Intrinsic.any_l () + | & _55 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & _57 : Int32.t = Intrinsic.any_l () | & contains1 : bool = Intrinsic.any_l () - | & _65 : Fset.fset Int32.t = Intrinsic.any_l () - | & _68 : Int32.t = Intrinsic.any_l () + | & _66 : Fset.fset Int32.t = Intrinsic.any_l () + | & _69 : Int32.t = Intrinsic.any_l () | & contains2 : bool = Intrinsic.any_l () - | & _71 : Fset.fset Int32.t = Intrinsic.any_l () - | & _74 : Int32.t = Intrinsic.any_l () + | & _72 : Fset.fset Int32.t = Intrinsic.any_l () + | & _75 : Int32.t = Intrinsic.any_l () | & contains3 : bool = Intrinsic.any_l () - | & _77 : Fset.fset Int32.t = Intrinsic.any_l () - | & _80 : Int32.t = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'1)-> return' {result} ] - - meta "compute_max_steps" 1000000 - - let rec ghost_map'0[#"ghost_set.rs" 4 0 4 18] (_1:()) (return' (ret:()))= (! bb0 - [ bb0 = s0 [ s0 = new'0 {[%#sghost_set0] ()} (fun (_ret':t_GhostBox'0) -> [ &set <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 - [ s0 = MutBorrow.borrow_mut {set} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_4 <- _ret' ] [ &set <- _ret'.final ] s1) - | s1 = [ &_3 <- { field_0'0 = _4 } ] s2 - | s2 = closure0'0 {_3} (fun (_ret':t_GhostBox'1) -> [ &_2 <- _ret' ] s3) - | s3 = bb2 ] - - | bb2 = bb3 - | bb3 = bb4 - | bb4 = return' {_0} ] - ) - [ & _0 : () = Intrinsic.any_l () - | & set : t_GhostBox'0 = Intrinsic.any_l () - | & _2 : t_GhostBox'1 = Intrinsic.any_l () - | & _3 : closure0'1 = Intrinsic.any_l () - | & _4 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & _5 : () = Intrinsic.any_l () ] + | & _78 : Fset.fset Int32.t = Intrinsic.any_l () + | & _81 : Int32.t = Intrinsic.any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/ghost/ghost_set/proof.json b/creusot/tests/should_succeed/ghost/ghost_set/proof.json index ec6b9bef3c..ac0aebe6ae 100644 --- a/creusot/tests/should_succeed/ghost/ghost_set/proof.json +++ b/creusot/tests/should_succeed/ghost/ghost_set/proof.json @@ -7,14 +7,13 @@ ], "proofs": { "M_ghost_set__ghost_map": { - "vc_closure0'0": { "prover": "cvc5@1.0.5", "time": 0.026 }, "vc_contains_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.042 }, - "vc_deref'0": { "prover": "cvc5@1.0.5", "time": 0.065 }, - "vc_deref_mut'0": { "prover": "cvc5@1.0.5", "time": 0.078 }, + "vc_deref'0": { "prover": "cvc5@1.0.5", "time": 0.026 }, + "vc_deref_mut'0": { "prover": "cvc5@1.0.5", "time": 0.024 }, "vc_ghost_map'0": { "prover": "cvc5@1.0.5", "time": 0.151 }, "vc_insert_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.074 }, "vc_len_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.064 }, - "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.057 }, + "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.023 }, "vc_new'1": { "prover": "cvc5@1.0.5", "time": 0.013 }, "vc_remove_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.039 } } diff --git a/creusot/tests/should_succeed/ghost/ghost_vec.coma b/creusot/tests/should_succeed/ghost/ghost_vec.coma index aef35c28df..6937e322fe 100644 --- a/creusot/tests/should_succeed/ghost/ghost_vec.coma +++ b/creusot/tests/should_succeed/ghost/ghost_vec.coma @@ -1,37 +1,37 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] let%span sghost_vec0 = "ghost_vec.rs" 5 16 5 26 let%span sghost_vec1 = "ghost_vec.rs" 6 18 6 49 - let%span sghost_vec2 = "ghost_vec.rs" 40 16 40 26 - let%span sseq3 = "../../../../creusot-contracts/src/logic/seq.rs" 431 4 431 34 - let%span sseq4 = "../../../../creusot-contracts/src/logic/seq.rs" 429 14 429 36 - let%span sghost5 = "../../../../creusot-contracts/src/ghost.rs" 228 9 228 15 - let%span sseq6 = "../../../../creusot-contracts/src/logic/seq.rs" 80 4 80 12 - let%span sghost_vec7 = "ghost_vec.rs" 8 26 8 28 - let%span sghost_vec8 = "ghost_vec.rs" 9 22 9 35 - let%span sghost_vec9 = "ghost_vec.rs" 10 22 10 34 - let%span sghost_vec10 = "ghost_vec.rs" 12 26 12 28 - let%span sghost_vec11 = "ghost_vec.rs" 13 26 13 28 - let%span sghost_vec12 = "ghost_vec.rs" 15 22 15 30 - let%span sghost_vec13 = "ghost_vec.rs" 16 22 16 69 - let%span sghost_vec14 = "ghost_vec.rs" 18 31 18 35 - let%span sghost_vec15 = "ghost_vec.rs" 19 31 19 35 - let%span sghost_vec16 = "ghost_vec.rs" 20 22 20 42 - let%span sghost_vec17 = "ghost_vec.rs" 21 22 21 34 - let%span sghost_vec18 = "ghost_vec.rs" 23 41 23 45 - let%span sghost_vec19 = "ghost_vec.rs" 24 17 24 19 - let%span sghost_vec20 = "ghost_vec.rs" 26 22 26 35 - let%span sghost_vec21 = "ghost_vec.rs" 33 22 33 41 - let%span sghost_vec22 = "ghost_vec.rs" 34 22 34 41 - let%span sghost_vec23 = "ghost_vec.rs" 35 22 35 41 - let%span sghost_vec24 = "ghost_vec.rs" 36 22 36 34 - let%span sghost_vec25 = "ghost_vec.rs" 37 22 37 34 - let%span sghost_vec26 = "ghost_vec.rs" 42 27 42 28 - let%span sghost_vec27 = "ghost_vec.rs" 43 27 43 28 - let%span sghost_vec28 = "ghost_vec.rs" 44 27 44 28 - let%span sghost_vec29 = "ghost_vec.rs" 49 22 49 40 - let%span sghost_vec30 = "ghost_vec.rs" 50 22 50 40 - let%span sghost_vec31 = "ghost_vec.rs" 51 22 51 40 - let%span sghost_vec32 = "ghost_vec.rs" 52 22 52 34 + let%span sghost_vec2 = "ghost_vec.rs" 8 26 8 28 + let%span sghost_vec3 = "ghost_vec.rs" 9 22 9 35 + let%span sghost_vec4 = "ghost_vec.rs" 10 22 10 34 + let%span sghost_vec5 = "ghost_vec.rs" 12 26 12 28 + let%span sghost_vec6 = "ghost_vec.rs" 13 26 13 28 + let%span sghost_vec7 = "ghost_vec.rs" 15 22 15 30 + let%span sghost_vec8 = "ghost_vec.rs" 16 22 16 69 + let%span sghost_vec9 = "ghost_vec.rs" 18 31 18 35 + let%span sghost_vec10 = "ghost_vec.rs" 19 31 19 35 + let%span sghost_vec11 = "ghost_vec.rs" 20 22 20 42 + let%span sghost_vec12 = "ghost_vec.rs" 21 22 21 34 + let%span sghost_vec13 = "ghost_vec.rs" 23 41 23 45 + let%span sghost_vec14 = "ghost_vec.rs" 24 17 24 19 + let%span sghost_vec15 = "ghost_vec.rs" 26 22 26 35 + let%span sghost_vec16 = "ghost_vec.rs" 33 22 33 41 + let%span sghost_vec17 = "ghost_vec.rs" 34 22 34 41 + let%span sghost_vec18 = "ghost_vec.rs" 35 22 35 41 + let%span sghost_vec19 = "ghost_vec.rs" 36 22 36 34 + let%span sghost_vec20 = "ghost_vec.rs" 37 22 37 34 + let%span sghost_vec21 = "ghost_vec.rs" 40 16 40 26 + let%span sghost_vec22 = "ghost_vec.rs" 42 27 42 28 + let%span sghost_vec23 = "ghost_vec.rs" 43 27 43 28 + let%span sghost_vec24 = "ghost_vec.rs" 44 27 44 28 + let%span sghost_vec25 = "ghost_vec.rs" 49 22 49 40 + let%span sghost_vec26 = "ghost_vec.rs" 50 22 50 40 + let%span sghost_vec27 = "ghost_vec.rs" 51 22 51 40 + let%span sghost_vec28 = "ghost_vec.rs" 52 22 52 34 + let%span sseq29 = "../../../../creusot-contracts/src/logic/seq.rs" 431 4 431 34 + let%span sseq30 = "../../../../creusot-contracts/src/logic/seq.rs" 429 14 429 36 + let%span sghost31 = "../../../../creusot-contracts/src/ghost.rs" 228 9 228 15 + let%span sseq32 = "../../../../creusot-contracts/src/logic/seq.rs" 80 4 80 12 let%span sghost33 = "../../../../creusot-contracts/src/ghost.rs" 85 22 85 26 let%span sghost34 = "../../../../creusot-contracts/src/ghost.rs" 85 4 85 48 let%span sghost35 = "../../../../creusot-contracts/src/ghost.rs" 84 14 84 36 @@ -82,19 +82,19 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'0 [inv'0 x] . inv'0 x = true function inner_logic'0 (self : t_GhostBox'0) : Seq.seq Int32.t = - [%#sghost5] self.t_GhostBox__0'0 + [%#sghost31] self.t_GhostBox__0'0 use seq.Seq let rec new'0 (_1:()) (return' (ret:t_GhostBox'0))= any - [ return' (result:t_GhostBox'0)-> {[%#sseq3] inv'0 result} - {[%#sseq4] inner_logic'0 result = (Seq.empty : Seq.seq Int32.t)} + [ return' (result:t_GhostBox'0)-> {[%#sseq29] inv'0 result} + {[%#sseq30] inner_logic'0 result = (Seq.empty : Seq.seq Int32.t)} (! return' {result}) ] - type t_Option'0 = + type t_Option'2 = | C_None'0 - | C_Some'0 Int32.t + | C_Some'2 Int32.t use mach.int.Int @@ -102,8 +102,8 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] use seq.Seq - function get'0 (self : Seq.seq Int32.t) (ix : int) : t_Option'0 = - [%#sseq6] if 0 <= ix /\ ix < Seq.length self then C_Some'0 (Seq.get self ix) else C_None'0 + function get'0 (self : Seq.seq Int32.t) (ix : int) : t_Option'2 = + [%#sseq32] if 0 <= ix /\ ix < Seq.length self then C_Some'2 (Seq.get self ix) else C_None'0 use creusot.prelude.MutBorrow @@ -133,11 +133,11 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] {[@expl:push_back_ghost 'x' type invariant] [%#sseq37] inv'3 x} any [ return' (result:())-> {[%#sseq38] self.final = Seq.snoc self.current x} (! return' {result}) ] - predicate resolve'4 (self : MutBorrow.t (Seq.seq Int32.t)) = + predicate resolve'2 (self : MutBorrow.t (Seq.seq Int32.t)) = [%#sresolve68] self.final = self.current predicate resolve'0 (_1 : MutBorrow.t (Seq.seq Int32.t)) = - resolve'4 _1 + resolve'2 _1 predicate inv'4 (_1 : t_GhostBox'0) @@ -159,658 +159,551 @@ module M_ghost_vec__ghost_vec [#"ghost_vec.rs" 4 0 4 18] use creusot.int.Int128 - type t_GhostBox'2 = - { t_GhostBox__0'2: int } + type t_GhostBox'1 = + { t_GhostBox__0'1: int } - function inner_logic'1 (self : t_GhostBox'2) : int = - [%#sghost5] self.t_GhostBox__0'2 + function inner_logic'1 (self : t_GhostBox'1) : int = + [%#sghost31] self.t_GhostBox__0'1 use creusot.int.Int128 - let rec new'1 (value:Int128.t) (return' (ret:t_GhostBox'2))= any - [ return' (result:t_GhostBox'2)-> {[%#sint44] inner_logic'1 result = Int128.to_int value} (! return' {result}) ] + let rec new'1 (value:Int128.t) (return' (ret:t_GhostBox'1))= any + [ return' (result:t_GhostBox'1)-> {[%#sint44] inner_logic'1 result = Int128.to_int value} (! return' {result}) ] - predicate inv'6 (_1 : t_GhostBox'2) + predicate inv'6 (_1 : t_GhostBox'1) - axiom inv_axiom'6 [@rewrite] : forall x : t_GhostBox'2 [inv'6 x] . inv'6 x = true + axiom inv_axiom'6 [@rewrite] : forall x : t_GhostBox'1 [inv'6 x] . inv'6 x = true predicate inv'7 (_1 : int) axiom inv_axiom'7 [@rewrite] : forall x : int [inv'7 x] . inv'7 x = true - let rec into_inner'0 (self:t_GhostBox'2) (return' (ret:int))= {[@expl:into_inner 'self' type invariant] [%#sghost45] inv'6 self} + let rec into_inner'0 (self:t_GhostBox'1) (return' (ret:int))= {[@expl:into_inner 'self' type invariant] [%#sghost45] inv'6 self} any [ return' (result:int)-> {[%#sghost46] inv'7 result} - {[%#sghost47] result = self.t_GhostBox__0'2} + {[%#sghost47] result = self.t_GhostBox__0'1} (! return' {result}) ] - type t_Option'1 = + type t_Option'0 = | C_None'1 - | C_Some'1 Int32.t + | C_Some'0 Int32.t - predicate inv'8 (_1 : t_Option'1) + predicate inv'8 (_1 : t_Option'0) - axiom inv_axiom'8 [@rewrite] : forall x : t_Option'1 [inv'8 x] . inv'8 x = true + axiom inv_axiom'8 [@rewrite] : forall x : t_Option'0 [inv'8 x] . inv'8 x = true - let rec get_ghost'0 (self:Seq.seq Int32.t) (index:int) (return' (ret:t_Option'1))= {[@expl:get_ghost 'self' type invariant] [%#sseq48] inv'5 self} + let rec get_ghost'0 (self:Seq.seq Int32.t) (index:int) (return' (ret:t_Option'0))= {[@expl:get_ghost 'self' type invariant] [%#sseq48] inv'5 self} any - [ return' (result:t_Option'1)-> {[%#sseq49] inv'8 result} + [ return' (result:t_Option'0)-> {[%#sseq49] inv'8 result} {[%#sseq50] match get'0 self index with | C_None'0 -> result = C_None'1 - | C_Some'0 v -> result = C_Some'1 v + | C_Some'2 v -> result = C_Some'0 v end} (! return' {result}) ] - type t_Option'2 = + type t_Option'1 = | C_None'2 - | C_Some'2 (MutBorrow.t Int32.t) + | C_Some'1 (MutBorrow.t Int32.t) - predicate inv'9 (_1 : t_Option'2) + predicate inv'9 (_1 : t_Option'1) - axiom inv_axiom'9 [@rewrite] : forall x : t_Option'2 [inv'9 x] . inv'9 x = true + axiom inv_axiom'9 [@rewrite] : forall x : t_Option'1 [inv'9 x] . inv'9 x = true - let rec get_mut_ghost'0 (self:MutBorrow.t (Seq.seq Int32.t)) (index:int) (return' (ret:t_Option'2))= {[@expl:get_mut_ghost 'self' type invariant] [%#sseq51] inv'2 self} + let rec get_mut_ghost'0 (self:MutBorrow.t (Seq.seq Int32.t)) (index:int) (return' (ret:t_Option'1))= {[@expl:get_mut_ghost 'self' type invariant] [%#sseq51] inv'2 self} any - [ return' (result:t_Option'2)-> {[%#sseq52] inv'9 result} + [ return' (result:t_Option'1)-> {[%#sseq52] inv'9 result} {[%#sseq53] match result with | C_None'2 -> get'0 self.current index = C_None'0 /\ self.current = self.final - | C_Some'2 r -> get'0 self.current index = C_Some'0 (r.current) /\ r.final = Seq.get self.final index + | C_Some'1 r -> get'0 self.current index = C_Some'2 (r.current) /\ r.final = Seq.get self.final index end} {[%#sseq54] forall i : int . i <> index -> get'0 self.current index = get'0 self.final index} {[%#sseq55] Seq.length self.current = Seq.length self.final} (! return' {result}) ] - predicate resolve'5 (self : MutBorrow.t Int32.t) = + predicate resolve'3 (self : MutBorrow.t Int32.t) = [%#sresolve68] self.final = self.current predicate resolve'1 (_1 : MutBorrow.t Int32.t) = - resolve'5 _1 + resolve'3 _1 - let rec v_Some'0 (input:t_Option'2) (ret (field_0:MutBorrow.t Int32.t))= any - [ good (field_0:MutBorrow.t Int32.t)-> {C_Some'2 field_0 = input} (! ret {field_0}) - | bad -> {forall field_0 : MutBorrow.t Int32.t [C_Some'2 field_0 : t_Option'2] . C_Some'2 field_0 <> input} + let rec v_Some'0 (input:t_Option'1) (ret (field_0:MutBorrow.t Int32.t))= any + [ good (field_0:MutBorrow.t Int32.t)-> {C_Some'1 field_0 = input} (! ret {field_0}) + | bad -> {forall field_0 : MutBorrow.t Int32.t [C_Some'1 field_0 : t_Option'1] . C_Some'1 field_0 <> input} (! {false} any) ] - predicate inv'10 (_1 : t_Option'0) + predicate inv'10 (_1 : t_Option'2) - axiom inv_axiom'10 [@rewrite] : forall x : t_Option'0 [inv'10 x] . inv'10 x = true + axiom inv_axiom'10 [@rewrite] : forall x : t_Option'2 [inv'10 x] . inv'10 x = true - let rec pop_back_ghost'0 (self:MutBorrow.t (Seq.seq Int32.t)) (return' (ret:t_Option'0))= {[@expl:pop_back_ghost 'self' type invariant] [%#sseq56] inv'2 self} + let rec pop_back_ghost'0 (self:MutBorrow.t (Seq.seq Int32.t)) (return' (ret:t_Option'2))= {[@expl:pop_back_ghost 'self' type invariant] [%#sseq56] inv'2 self} any - [ return' (result:t_Option'0)-> {[%#sseq57] inv'10 result} + [ return' (result:t_Option'2)-> {[%#sseq57] inv'10 result} {[%#sseq58] match result with | C_None'0 -> self.current = (Seq.empty : Seq.seq Int32.t) /\ self.current = self.final - | C_Some'0 r -> self.current = Seq.snoc self.final r + | C_Some'2 r -> self.current = Seq.snoc self.final r end} (! return' {result}) ] - type closure1'1 = - { field_0'0: MutBorrow.t (t_GhostBox'0) } + predicate inv'11 (_1 : ()) - predicate resolve'7 (self : MutBorrow.t (t_GhostBox'0)) = - [%#sresolve68] self.final = self.current + axiom inv_axiom'11 [@rewrite] : forall x : () [inv'11 x] . inv'11 x = true - predicate resolve'6 (_1 : MutBorrow.t (t_GhostBox'0)) = - resolve'7 _1 + type t_GhostBox'2 = + { t_GhostBox__0'2: () } - predicate resolve'2 (_1 : closure1'1) = - resolve'6 _1.field_0'0 + predicate inv'12 (_1 : t_GhostBox'2) - predicate inv'11 (_1 : ()) + axiom inv_axiom'12 [@rewrite] : forall x : t_GhostBox'2 [inv'12 x] . inv'12 x = true - axiom inv_axiom'11 [@rewrite] : forall x : () [inv'11 x] . inv'11 x = true + let rec new'2 (x:()) (return' (ret:t_GhostBox'2))= {[@expl:new 'x' type invariant] [%#sghost59] inv'11 x} + any + [ return' (result:t_GhostBox'2)-> {[%#sghost60] inv'12 result} + {[%#sghost61] result.t_GhostBox__0'2 = x} + (! return' {result}) ] - type t_GhostBox'1 = - { t_GhostBox__0'1: () } - predicate inv'12 (_1 : t_GhostBox'1) + use seq.Seq - axiom inv_axiom'12 [@rewrite] : forall x : t_GhostBox'1 [inv'12 x] . inv'12 x = true + function push_front'0 [@inline:trivial] (self : Seq.seq Int32.t) (x : Int32.t) : Seq.seq Int32.t = + [%#sseq69] Seq.cons x self + + let rec push_front_ghost'0 (self:MutBorrow.t (Seq.seq Int32.t)) (x:Int32.t) (return' (ret:()))= {[@expl:push_front_ghost 'self' type invariant] [%#sseq62] inv'2 self} + {[@expl:push_front_ghost 'x' type invariant] [%#sseq63] inv'3 x} + any [ return' (result:())-> {[%#sseq64] self.final = push_front'0 self.current x} (! return' {result}) ] - let rec new'2 (x:()) (return' (ret:t_GhostBox'1))= {[@expl:new 'x' type invariant] [%#sghost59] inv'11 x} + let rec pop_front_ghost'0 (self:MutBorrow.t (Seq.seq Int32.t)) (return' (ret:t_Option'2))= {[@expl:pop_front_ghost 'self' type invariant] [%#sseq65] inv'2 self} any - [ return' (result:t_GhostBox'1)-> {[%#sghost60] inv'12 result} - {[%#sghost61] result.t_GhostBox__0'1 = x} + [ return' (result:t_Option'2)-> {[%#sseq66] inv'10 result} + {[%#sseq67] match result with + | C_None'0 -> self.current = (Seq.empty : Seq.seq Int32.t) /\ self.current = self.final + | C_Some'2 r -> self.current = push_front'0 self.final r + end} (! return' {result}) ] use creusot.prelude.Intrinsic - let rec closure1'0[#"ghost_vec.rs" 7 4 38 5] [@coma:extspec] (_1:closure1'1) (return' (ret:t_GhostBox'1))= bb0 - [ bb0 = s0 - [ s0 = MutBorrow.borrow_mut {(_1.field_0'0).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_6 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s1) - | s1 = deref_mut'0 {_6} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_5 <- _ret' ] s2) - | s2 = bb1 ] - + meta "compute_max_steps" 1000000 + + let rec ghost_vec'0[#"ghost_vec.rs" 4 0 4 18] (_1:()) (return' (ret:()))= (! bb0 + [ bb0 = s0 [ s0 = new'0 {[%#sghost_vec0] ()} (fun (_ret':t_GhostBox'0) -> [ &v <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} - (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> - [ &_4 <- _ret' ] - [ &_5 <- { _5 with current = _ret'.final } ] - s1) - | s1 = push_back_ghost'0 {_4} {[%#sghost_vec7] (21 : Int32.t)} (fun (_ret':()) -> [ &_3 <- _ret' ] s2) - | s2 = bb2 ] + [ s0 = {[@expl:assertion] [%#sghost_vec1] forall i : int . get'0 (inner_logic'0 v) i = C_None'0} s1 + | s1 = MutBorrow.borrow_mut {v} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_9 <- _ret' ] [ &v <- _ret'.final ] s2) + | s2 = deref_mut'0 {_9} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_8 <- _ret' ] s3) + | s3 = bb2 ] | bb2 = s0 - [ s0 = -{resolve'0 _5}- s1 - | s1 = {[@expl:assertion] [%#sghost_vec8] Seq.get (inner_logic'0 (_1.field_0'0).current) 0 = (21 : Int32.t)} s2 - | s2 = {[@expl:assertion] [%#sghost_vec9] Seq.length (inner_logic'0 (_1.field_0'0).current) = 1} s3 - | s3 = MutBorrow.borrow_mut {(_1.field_0'0).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_14 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s4) - | s4 = deref_mut'0 {_14} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_13 <- _ret' ] s5) - | s5 = bb3 ] - - | bb3 = s0 - [ s0 = MutBorrow.borrow_final {_13.current} {MutBorrow.get_id _13} + [ s0 = MutBorrow.borrow_final {_8.current} {MutBorrow.get_id _8} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> - [ &_12 <- _ret' ] - [ &_13 <- { _13 with current = _ret'.final } ] + [ &_7 <- _ret' ] + [ &_8 <- { _8 with current = _ret'.final } ] s1) - | s1 = push_back_ghost'0 {_12} {[%#sghost_vec10] (10 : Int32.t)} (fun (_ret':()) -> [ &_11 <- _ret' ] s2) - | s2 = bb4 ] + | s1 = push_back_ghost'0 {_7} {[%#sghost_vec2] (21 : Int32.t)} (fun (_ret':()) -> [ &_6 <- _ret' ] s2) + | s2 = bb3 ] - | bb4 = s0 - [ s0 = -{resolve'0 _13}- s1 - | s1 = MutBorrow.borrow_mut {(_1.field_0'0).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_18 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s2) - | s2 = deref_mut'0 {_18} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_17 <- _ret' ] s3) - | s3 = bb5 ] + | bb3 = s0 + [ s0 = -{resolve'0 _8}- s1 + | s1 = {[@expl:assertion] [%#sghost_vec3] Seq.get (inner_logic'0 v) 0 = (21 : Int32.t)} s2 + | s2 = {[@expl:assertion] [%#sghost_vec4] Seq.length (inner_logic'0 v) = 1} s3 + | s3 = MutBorrow.borrow_mut {v} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_17 <- _ret' ] [ &v <- _ret'.final ] s4) + | s4 = deref_mut'0 {_17} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_16 <- _ret' ] s5) + | s5 = bb4 ] - | bb5 = s0 - [ s0 = MutBorrow.borrow_final {_17.current} {MutBorrow.get_id _17} + | bb4 = s0 + [ s0 = MutBorrow.borrow_final {_16.current} {MutBorrow.get_id _16} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> - [ &_16 <- _ret' ] - [ &_17 <- { _17 with current = _ret'.final } ] + [ &_15 <- _ret' ] + [ &_16 <- { _16 with current = _ret'.final } ] s1) - | s1 = push_back_ghost'0 {_16} {[%#sghost_vec11] (30 : Int32.t)} (fun (_ret':()) -> [ &_15 <- _ret' ] s2) - | s2 = bb6 ] + | s1 = push_back_ghost'0 {_15} {[%#sghost_vec5] (10 : Int32.t)} (fun (_ret':()) -> [ &_14 <- _ret' ] s2) + | s2 = bb5 ] + + | bb5 = s0 + [ s0 = -{resolve'0 _16}- s1 + | s1 = MutBorrow.borrow_mut {v} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_21 <- _ret' ] [ &v <- _ret'.final ] s2) + | s2 = deref_mut'0 {_21} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_20 <- _ret' ] s3) + | s3 = bb6 ] | bb6 = s0 - [ s0 = -{resolve'0 _17}- s1 - | s1 = deref'0 {(_1.field_0'0).current} (fun (_ret':Seq.seq Int32.t) -> [ &_21 <- _ret' ] s2) + [ s0 = MutBorrow.borrow_final {_20.current} {MutBorrow.get_id _20} + (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> + [ &_19 <- _ret' ] + [ &_20 <- { _20 with current = _ret'.final } ] + s1) + | s1 = push_back_ghost'0 {_19} {[%#sghost_vec6] (30 : Int32.t)} (fun (_ret':()) -> [ &_18 <- _ret' ] s2) | s2 = bb7 ] - | bb7 = s0 [ s0 = len_ghost'0 {_21} (fun (_ret':int) -> [ &len <- _ret' ] s1) | s1 = bb8 ] - | bb8 = s0 - [ s0 = {[@expl:assertion] [%#sghost_vec12] len = 3} s1 - | s1 = {[@expl:assertion] [%#sghost_vec13] Seq.get (inner_logic'0 (_1.field_0'0).current) 0 = (21 : Int32.t) - /\ Seq.get (inner_logic'0 (_1.field_0'0).current) 1 = (10 : Int32.t) - /\ Seq.get (inner_logic'0 (_1.field_0'0).current) 2 = (30 : Int32.t)} - s2 - | s2 = deref'0 {(_1.field_0'0).current} (fun (_ret':Seq.seq Int32.t) -> [ &_29 <- _ret' ] s3) - | s3 = bb9 ] + | bb7 = s0 + [ s0 = -{resolve'0 _20}- s1 | s1 = deref'0 {v} (fun (_ret':Seq.seq Int32.t) -> [ &_24 <- _ret' ] s2) | s2 = bb8 ] + | bb8 = s0 [ s0 = len_ghost'0 {_24} (fun (_ret':int) -> [ &len <- _ret' ] s1) | s1 = bb9 ] | bb9 = s0 - [ s0 = new'1 {[%#sghost_vec14] (1 : Int128.t)} (fun (_ret':t_GhostBox'2) -> [ &_32 <- _ret' ] s1) | s1 = bb10 ] - - | bb10 = s0 [ s0 = into_inner'0 {_32} (fun (_ret':int) -> [ &_31 <- _ret' ] s1) | s1 = bb11 ] - | bb11 = s0 [ s0 = get_ghost'0 {_29} {_31} (fun (_ret':t_Option'1) -> [ &get1 <- _ret' ] s1) | s1 = bb12 ] - | bb12 = s0 - [ s0 = deref'0 {(_1.field_0'0).current} (fun (_ret':Seq.seq Int32.t) -> [ &_35 <- _ret' ] s1) | s1 = bb13 ] - - | bb13 = s0 - [ s0 = new'1 {[%#sghost_vec15] (3 : Int128.t)} (fun (_ret':t_GhostBox'2) -> [ &_38 <- _ret' ] s1) | s1 = bb14 ] - - | bb14 = s0 [ s0 = into_inner'0 {_38} (fun (_ret':int) -> [ &_37 <- _ret' ] s1) | s1 = bb15 ] - | bb15 = s0 [ s0 = get_ghost'0 {_35} {_37} (fun (_ret':t_Option'1) -> [ &get2 <- _ret' ] s1) | s1 = bb16 ] - | bb16 = s0 - [ s0 = {[@expl:assertion] [%#sghost_vec16] get1 = C_Some'1 (10 : Int32.t)} s1 - | s1 = {[@expl:assertion] [%#sghost_vec17] get2 = C_None'1} s2 - | s2 = MutBorrow.borrow_mut {(_1.field_0'0).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_47 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s3) - | s3 = deref_mut'0 {_47} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_46 <- _ret' ] s4) - | s4 = bb17 ] + [ s0 = {[@expl:assertion] [%#sghost_vec7] len = 3} s1 + | s1 = {[@expl:assertion] [%#sghost_vec8] Seq.get (inner_logic'0 v) 0 = (21 : Int32.t) + /\ Seq.get (inner_logic'0 v) 1 = (10 : Int32.t) /\ Seq.get (inner_logic'0 v) 2 = (30 : Int32.t)} + s2 + | s2 = deref'0 {v} (fun (_ret':Seq.seq Int32.t) -> [ &_32 <- _ret' ] s3) + | s3 = bb10 ] + + | bb10 = s0 + [ s0 = new'1 {[%#sghost_vec9] (1 : Int128.t)} (fun (_ret':t_GhostBox'1) -> [ &_35 <- _ret' ] s1) | s1 = bb11 ] + + | bb11 = s0 [ s0 = into_inner'0 {_35} (fun (_ret':int) -> [ &_34 <- _ret' ] s1) | s1 = bb12 ] + | bb12 = s0 [ s0 = get_ghost'0 {_32} {_34} (fun (_ret':t_Option'0) -> [ &get1 <- _ret' ] s1) | s1 = bb13 ] + | bb13 = s0 [ s0 = deref'0 {v} (fun (_ret':Seq.seq Int32.t) -> [ &_38 <- _ret' ] s1) | s1 = bb14 ] + | bb14 = s0 + [ s0 = new'1 {[%#sghost_vec10] (3 : Int128.t)} (fun (_ret':t_GhostBox'1) -> [ &_41 <- _ret' ] s1) | s1 = bb15 ] + | bb15 = s0 [ s0 = into_inner'0 {_41} (fun (_ret':int) -> [ &_40 <- _ret' ] s1) | s1 = bb16 ] + | bb16 = s0 [ s0 = get_ghost'0 {_38} {_40} (fun (_ret':t_Option'0) -> [ &get2 <- _ret' ] s1) | s1 = bb17 ] | bb17 = s0 - [ s0 = MutBorrow.borrow_final {_46.current} {MutBorrow.get_id _46} + [ s0 = {[@expl:assertion] [%#sghost_vec11] get1 = C_Some'0 (10 : Int32.t)} s1 + | s1 = {[@expl:assertion] [%#sghost_vec12] get2 = C_None'1} s2 + | s2 = MutBorrow.borrow_mut {v} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_50 <- _ret' ] [ &v <- _ret'.final ] s3) + | s3 = deref_mut'0 {_50} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_49 <- _ret' ] s4) + | s4 = bb18 ] + + | bb18 = s0 + [ s0 = MutBorrow.borrow_final {_49.current} {MutBorrow.get_id _49} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> - [ &_45 <- _ret' ] - [ &_46 <- { _46 with current = _ret'.final } ] + [ &_48 <- _ret' ] + [ &_49 <- { _49 with current = _ret'.final } ] s1) - | s1 = new'1 {[%#sghost_vec18] (0 : Int128.t)} (fun (_ret':t_GhostBox'2) -> [ &_49 <- _ret' ] s2) - | s2 = bb18 ] + | s1 = new'1 {[%#sghost_vec13] (0 : Int128.t)} (fun (_ret':t_GhostBox'1) -> [ &_52 <- _ret' ] s2) + | s2 = bb19 ] - | bb18 = s0 [ s0 = into_inner'0 {_49} (fun (_ret':int) -> [ &_48 <- _ret' ] s1) | s1 = bb19 ] - | bb19 = s0 [ s0 = get_mut_ghost'0 {_45} {_48} (fun (_ret':t_Option'2) -> [ &_44 <- _ret' ] s1) | s1 = bb20 ] - | bb20 = any [ br0 -> {_44 = C_None'2 } (! bb23) | br1 (x0:MutBorrow.t Int32.t)-> {_44 = C_Some'2 x0} (! bb21) ] - | bb23 = s0 - [ s0 = -{match _44 with - | C_Some'2 x'0 -> resolve'1 x'0 + | bb19 = s0 [ s0 = into_inner'0 {_52} (fun (_ret':int) -> [ &_51 <- _ret' ] s1) | s1 = bb20 ] + | bb20 = s0 [ s0 = get_mut_ghost'0 {_48} {_51} (fun (_ret':t_Option'1) -> [ &_47 <- _ret' ] s1) | s1 = bb21 ] + | bb21 = any [ br0 -> {_47 = C_None'2 } (! bb24) | br1 (x0:MutBorrow.t Int32.t)-> {_47 = C_Some'1 x0} (! bb22) ] + | bb24 = s0 + [ s0 = -{match _47 with + | C_Some'1 x'0 -> resolve'1 x'0 | _ -> true end}- s1 - | s1 = -{resolve'0 _46}- s2 - | s2 = bb24 ] + | s1 = -{resolve'0 _49}- s2 + | s2 = bb25 ] - | bb21 = bb22 - | bb22 = s0 - [ s0 = v_Some'0 {_44} (fun (r0'0:MutBorrow.t Int32.t) -> [ &x <- r0'0 ] s1) - | s1 = [ &x <- { x with current = ([%#sghost_vec19] (42 : Int32.t)) } ] s2 + | bb22 = bb23 + | bb23 = s0 + [ s0 = v_Some'0 {_47} (fun (r0'0:MutBorrow.t Int32.t) -> [ &x <- r0'0 ] s1) + | s1 = [ &x <- { x with current = ([%#sghost_vec14] (42 : Int32.t)) } ] s2 | s2 = -{resolve'1 x}- s3 - | s3 = -{resolve'0 _46}- s4 - | s4 = bb24 ] - - | bb24 = s0 - [ s0 = {[@expl:assertion] [%#sghost_vec20] Seq.get (inner_logic'0 (_1.field_0'0).current) 0 = (42 : Int32.t)} s1 - | s1 = MutBorrow.borrow_mut {(_1.field_0'0).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_57 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s2) - | s2 = deref_mut'0 {_57} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_56 <- _ret' ] s3) - | s3 = bb25 ] + | s3 = -{resolve'0 _49}- s4 + | s4 = bb25 ] | bb25 = s0 - [ s0 = MutBorrow.borrow_final {_56.current} {MutBorrow.get_id _56} - (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> - [ &_55 <- _ret' ] - [ &_56 <- { _56 with current = _ret'.final } ] - s1) - | s1 = pop_back_ghost'0 {_55} (fun (_ret':t_Option'0) -> [ &pop1 <- _ret' ] s2) - | s2 = bb26 ] + [ s0 = {[@expl:assertion] [%#sghost_vec15] Seq.get (inner_logic'0 v) 0 = (42 : Int32.t)} s1 + | s1 = MutBorrow.borrow_mut {v} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_60 <- _ret' ] [ &v <- _ret'.final ] s2) + | s2 = deref_mut'0 {_60} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_59 <- _ret' ] s3) + | s3 = bb26 ] | bb26 = s0 - [ s0 = -{resolve'0 _56}- s1 - | s1 = MutBorrow.borrow_mut {(_1.field_0'0).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_61 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s2) - | s2 = deref_mut'0 {_61} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_60 <- _ret' ] s3) - | s3 = bb27 ] - - | bb27 = s0 - [ s0 = MutBorrow.borrow_final {_60.current} {MutBorrow.get_id _60} + [ s0 = MutBorrow.borrow_final {_59.current} {MutBorrow.get_id _59} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> - [ &_59 <- _ret' ] - [ &_60 <- { _60 with current = _ret'.final } ] + [ &_58 <- _ret' ] + [ &_59 <- { _59 with current = _ret'.final } ] s1) - | s1 = pop_back_ghost'0 {_59} (fun (_ret':t_Option'0) -> [ &pop2 <- _ret' ] s2) - | s2 = bb28 ] + | s1 = pop_back_ghost'0 {_58} (fun (_ret':t_Option'2) -> [ &pop1 <- _ret' ] s2) + | s2 = bb27 ] - | bb28 = s0 - [ s0 = -{resolve'0 _60}- s1 - | s1 = MutBorrow.borrow_mut {(_1.field_0'0).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_65 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s2) - | s2 = deref_mut'0 {_65} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_64 <- _ret' ] s3) - | s3 = bb29 ] + | bb27 = s0 + [ s0 = -{resolve'0 _59}- s1 + | s1 = MutBorrow.borrow_mut {v} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_64 <- _ret' ] [ &v <- _ret'.final ] s2) + | s2 = deref_mut'0 {_64} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_63 <- _ret' ] s3) + | s3 = bb28 ] - | bb29 = s0 - [ s0 = MutBorrow.borrow_final {_64.current} {MutBorrow.get_id _64} + | bb28 = s0 + [ s0 = MutBorrow.borrow_final {_63.current} {MutBorrow.get_id _63} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> - [ &_63 <- _ret' ] - [ &_64 <- { _64 with current = _ret'.final } ] + [ &_62 <- _ret' ] + [ &_63 <- { _63 with current = _ret'.final } ] s1) - | s1 = pop_back_ghost'0 {_63} (fun (_ret':t_Option'0) -> [ &pop3 <- _ret' ] s2) - | s2 = bb30 ] + | s1 = pop_back_ghost'0 {_62} (fun (_ret':t_Option'2) -> [ &pop2 <- _ret' ] s2) + | s2 = bb29 ] - | bb30 = s0 - [ s0 = -{resolve'0 _64}- s1 - | s1 = MutBorrow.borrow_mut {(_1.field_0'0).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_69 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s2) - | s2 = deref_mut'0 {_69} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_68 <- _ret' ] s3) - | s3 = bb31 ] + | bb29 = s0 + [ s0 = -{resolve'0 _63}- s1 + | s1 = MutBorrow.borrow_mut {v} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_68 <- _ret' ] [ &v <- _ret'.final ] s2) + | s2 = deref_mut'0 {_68} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_67 <- _ret' ] s3) + | s3 = bb30 ] - | bb31 = s0 - [ s0 = MutBorrow.borrow_final {_68.current} {MutBorrow.get_id _68} + | bb30 = s0 + [ s0 = MutBorrow.borrow_final {_67.current} {MutBorrow.get_id _67} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> - [ &_67 <- _ret' ] - [ &_68 <- { _68 with current = _ret'.final } ] + [ &_66 <- _ret' ] + [ &_67 <- { _67 with current = _ret'.final } ] s1) - | s1 = pop_back_ghost'0 {_67} (fun (_ret':t_Option'0) -> [ &pop4 <- _ret' ] s2) - | s2 = bb32 ] + | s1 = pop_back_ghost'0 {_66} (fun (_ret':t_Option'2) -> [ &pop3 <- _ret' ] s2) + | s2 = bb31 ] - | bb32 = s0 - [ s0 = -{resolve'0 _68}- s1 - | s1 = MutBorrow.borrow_final {(_1.field_0'0).current} {MutBorrow.get_id _1.field_0'0} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_73 <- _ret' ] - [ &_1 <- { field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s2) - | s2 = deref_mut'0 {_73} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_72 <- _ret' ] s3) - | s3 = bb33 ] + | bb31 = s0 + [ s0 = -{resolve'0 _67}- s1 + | s1 = MutBorrow.borrow_mut {v} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_72 <- _ret' ] [ &v <- _ret'.final ] s2) + | s2 = deref_mut'0 {_72} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_71 <- _ret' ] s3) + | s3 = bb32 ] - | bb33 = s0 - [ s0 = MutBorrow.borrow_final {_72.current} {MutBorrow.get_id _72} + | bb32 = s0 + [ s0 = MutBorrow.borrow_final {_71.current} {MutBorrow.get_id _71} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> - [ &_71 <- _ret' ] - [ &_72 <- { _72 with current = _ret'.final } ] + [ &_70 <- _ret' ] + [ &_71 <- { _71 with current = _ret'.final } ] s1) - | s1 = pop_back_ghost'0 {_71} (fun (_ret':t_Option'0) -> [ &pop5 <- _ret' ] s2) - | s2 = bb34 ] + | s1 = pop_back_ghost'0 {_70} (fun (_ret':t_Option'2) -> [ &pop4 <- _ret' ] s2) + | s2 = bb33 ] + + | bb33 = s0 + [ s0 = -{resolve'0 _71}- s1 + | s1 = MutBorrow.borrow_mut {v} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_76 <- _ret' ] [ &v <- _ret'.final ] s2) + | s2 = deref_mut'0 {_76} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_75 <- _ret' ] s3) + | s3 = bb34 ] | bb34 = s0 - [ s0 = -{resolve'0 _72}- s1 - | s1 = -{resolve'2 _1}- s2 - | s2 = {[@expl:assertion] [%#sghost_vec21] pop1 = C_Some'0 (30 : Int32.t)} s3 - | s3 = {[@expl:assertion] [%#sghost_vec22] pop2 = C_Some'0 (10 : Int32.t)} s4 - | s4 = {[@expl:assertion] [%#sghost_vec23] pop3 = C_Some'0 (42 : Int32.t)} s5 - | s5 = {[@expl:assertion] [%#sghost_vec24] pop4 = C_None'0} s6 - | s6 = {[@expl:assertion] [%#sghost_vec25] pop5 = C_None'0} s7 - | s7 = new'2 {_2} (fun (_ret':t_GhostBox'1) -> [ &_0 <- _ret' ] s8) - | s8 = bb35 ] - - | bb35 = return' {_0} ] - - [ & _0 : t_GhostBox'1 = Intrinsic.any_l () - | & _1 : closure1'1 = _1 - | & _2 : () = Intrinsic.any_l () - | & _3 : () = Intrinsic.any_l () - | & _4 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _5 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _6 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & _11 : () = Intrinsic.any_l () - | & _12 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _13 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _14 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & _15 : () = Intrinsic.any_l () - | & _16 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _17 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _18 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & len : int = Intrinsic.any_l () - | & _21 : Seq.seq Int32.t = Intrinsic.any_l () - | & get1 : t_Option'1 = Intrinsic.any_l () - | & _29 : Seq.seq Int32.t = Intrinsic.any_l () - | & _31 : int = Intrinsic.any_l () - | & _32 : t_GhostBox'2 = Intrinsic.any_l () - | & get2 : t_Option'1 = Intrinsic.any_l () - | & _35 : Seq.seq Int32.t = Intrinsic.any_l () - | & _37 : int = Intrinsic.any_l () - | & _38 : t_GhostBox'2 = Intrinsic.any_l () - | & _44 : t_Option'2 = Intrinsic.any_l () - | & _45 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _46 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _47 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & _48 : int = Intrinsic.any_l () - | & _49 : t_GhostBox'2 = Intrinsic.any_l () - | & x : MutBorrow.t Int32.t = Intrinsic.any_l () - | & pop1 : t_Option'0 = Intrinsic.any_l () - | & _55 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _56 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _57 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & pop2 : t_Option'0 = Intrinsic.any_l () - | & _59 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _60 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _61 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & pop3 : t_Option'0 = Intrinsic.any_l () - | & _63 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _64 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _65 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & pop4 : t_Option'0 = Intrinsic.any_l () - | & _67 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _68 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _69 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & pop5 : t_Option'0 = Intrinsic.any_l () - | & _71 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _72 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _73 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'1)-> return' {result} ] - - use seq.Seq - - function push_front'0 [@inline:trivial] (self : Seq.seq Int32.t) (x : Int32.t) : Seq.seq Int32.t = - [%#sseq69] Seq.cons x self - - let rec push_front_ghost'0 (self:MutBorrow.t (Seq.seq Int32.t)) (x:Int32.t) (return' (ret:()))= {[@expl:push_front_ghost 'self' type invariant] [%#sseq62] inv'2 self} - {[@expl:push_front_ghost 'x' type invariant] [%#sseq63] inv'3 x} - any [ return' (result:())-> {[%#sseq64] self.final = push_front'0 self.current x} (! return' {result}) ] - - let rec pop_front_ghost'0 (self:MutBorrow.t (Seq.seq Int32.t)) (return' (ret:t_Option'0))= {[@expl:pop_front_ghost 'self' type invariant] [%#sseq65] inv'2 self} - any - [ return' (result:t_Option'0)-> {[%#sseq66] inv'10 result} - {[%#sseq67] match result with - | C_None'0 -> self.current = (Seq.empty : Seq.seq Int32.t) /\ self.current = self.final - | C_Some'0 r -> self.current = push_front'0 self.final r - end} - (! return' {result}) ] - - - type closure2'1 = - { field_0'1: MutBorrow.t (t_GhostBox'0) } - - predicate resolve'3 (_1 : closure2'1) = - resolve'6 _1.field_0'1 - - let rec closure2'0[#"ghost_vec.rs" 41 4 53 5] [@coma:extspec] (_1:closure2'1) (return' (ret:t_GhostBox'1))= bb0 - [ bb0 = s0 - [ s0 = MutBorrow.borrow_mut {(_1.field_0'1).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_6 <- _ret' ] - [ &_1 <- { field_0'1 = { _1.field_0'1 with current = _ret'.final } } ] + [ s0 = MutBorrow.borrow_final {_75.current} {MutBorrow.get_id _75} + (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> + [ &_74 <- _ret' ] + [ &_75 <- { _75 with current = _ret'.final } ] s1) - | s1 = deref_mut'0 {_6} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_5 <- _ret' ] s2) - | s2 = bb1 ] + | s1 = pop_back_ghost'0 {_74} (fun (_ret':t_Option'2) -> [ &pop5 <- _ret' ] s2) + | s2 = bb35 ] + + | bb35 = s0 + [ s0 = -{resolve'0 _75}- s1 + | s1 = {[@expl:assertion] [%#sghost_vec16] pop1 = C_Some'2 (30 : Int32.t)} s2 + | s2 = {[@expl:assertion] [%#sghost_vec17] pop2 = C_Some'2 (10 : Int32.t)} s3 + | s3 = {[@expl:assertion] [%#sghost_vec18] pop3 = C_Some'2 (42 : Int32.t)} s4 + | s4 = {[@expl:assertion] [%#sghost_vec19] pop4 = C_None'0} s5 + | s5 = {[@expl:assertion] [%#sghost_vec20] pop5 = C_None'0} s6 + | s6 = new'2 {_5} (fun (_ret':t_GhostBox'2) -> [ &_4 <- _ret' ] s7) + | s7 = bb36 ] + + | bb36 = bb37 + | bb37 = s0 [ s0 = new'0 {[%#sghost_vec21] ()} (fun (_ret':t_GhostBox'0) -> [ &v1 <- _ret' ] s1) | s1 = bb38 ] + | bb38 = s0 + [ s0 = MutBorrow.borrow_mut {v1} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_93 <- _ret' ] [ &v1 <- _ret'.final ] s1) + | s1 = deref_mut'0 {_93} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_92 <- _ret' ] s2) + | s2 = bb39 ] - | bb1 = s0 - [ s0 = MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} + | bb39 = s0 + [ s0 = MutBorrow.borrow_final {_92.current} {MutBorrow.get_id _92} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> - [ &_4 <- _ret' ] - [ &_5 <- { _5 with current = _ret'.final } ] + [ &_91 <- _ret' ] + [ &_92 <- { _92 with current = _ret'.final } ] s1) - | s1 = push_front_ghost'0 {_4} {[%#sghost_vec26] (1 : Int32.t)} (fun (_ret':()) -> [ &_3 <- _ret' ] s2) - | s2 = bb2 ] - - | bb2 = s0 - [ s0 = -{resolve'0 _5}- s1 - | s1 = MutBorrow.borrow_mut {(_1.field_0'1).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_10 <- _ret' ] - [ &_1 <- { field_0'1 = { _1.field_0'1 with current = _ret'.final } } ] - s2) - | s2 = deref_mut'0 {_10} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_9 <- _ret' ] s3) - | s3 = bb3 ] - - | bb3 = s0 - [ s0 = MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} + | s1 = push_front_ghost'0 {_91} {[%#sghost_vec22] (1 : Int32.t)} (fun (_ret':()) -> [ &_90 <- _ret' ] s2) + | s2 = bb40 ] + + | bb40 = s0 + [ s0 = -{resolve'0 _92}- s1 + | s1 = MutBorrow.borrow_mut {v1} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_97 <- _ret' ] [ &v1 <- _ret'.final ] s2) + | s2 = deref_mut'0 {_97} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_96 <- _ret' ] s3) + | s3 = bb41 ] + + | bb41 = s0 + [ s0 = MutBorrow.borrow_final {_96.current} {MutBorrow.get_id _96} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> - [ &_8 <- _ret' ] - [ &_9 <- { _9 with current = _ret'.final } ] + [ &_95 <- _ret' ] + [ &_96 <- { _96 with current = _ret'.final } ] s1) - | s1 = push_front_ghost'0 {_8} {[%#sghost_vec27] (2 : Int32.t)} (fun (_ret':()) -> [ &_7 <- _ret' ] s2) - | s2 = bb4 ] - - | bb4 = s0 - [ s0 = -{resolve'0 _9}- s1 - | s1 = MutBorrow.borrow_mut {(_1.field_0'1).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_14 <- _ret' ] - [ &_1 <- { field_0'1 = { _1.field_0'1 with current = _ret'.final } } ] - s2) - | s2 = deref_mut'0 {_14} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_13 <- _ret' ] s3) - | s3 = bb5 ] - - | bb5 = s0 - [ s0 = MutBorrow.borrow_final {_13.current} {MutBorrow.get_id _13} + | s1 = push_front_ghost'0 {_95} {[%#sghost_vec23] (2 : Int32.t)} (fun (_ret':()) -> [ &_94 <- _ret' ] s2) + | s2 = bb42 ] + + | bb42 = s0 + [ s0 = -{resolve'0 _96}- s1 + | s1 = MutBorrow.borrow_mut {v1} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_101 <- _ret' ] [ &v1 <- _ret'.final ] s2) + | s2 = deref_mut'0 {_101} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_100 <- _ret' ] s3) + | s3 = bb43 ] + + | bb43 = s0 + [ s0 = MutBorrow.borrow_final {_100.current} {MutBorrow.get_id _100} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> - [ &_12 <- _ret' ] - [ &_13 <- { _13 with current = _ret'.final } ] + [ &_99 <- _ret' ] + [ &_100 <- { _100 with current = _ret'.final } ] s1) - | s1 = push_front_ghost'0 {_12} {[%#sghost_vec28] (3 : Int32.t)} (fun (_ret':()) -> [ &_11 <- _ret' ] s2) - | s2 = bb6 ] - - | bb6 = s0 - [ s0 = -{resolve'0 _13}- s1 - | s1 = MutBorrow.borrow_mut {(_1.field_0'1).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_18 <- _ret' ] - [ &_1 <- { field_0'1 = { _1.field_0'1 with current = _ret'.final } } ] - s2) - | s2 = deref_mut'0 {_18} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_17 <- _ret' ] s3) - | s3 = bb7 ] - - | bb7 = s0 - [ s0 = MutBorrow.borrow_final {_17.current} {MutBorrow.get_id _17} + | s1 = push_front_ghost'0 {_99} {[%#sghost_vec24] (3 : Int32.t)} (fun (_ret':()) -> [ &_98 <- _ret' ] s2) + | s2 = bb44 ] + + | bb44 = s0 + [ s0 = -{resolve'0 _100}- s1 + | s1 = MutBorrow.borrow_mut {v1} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_105 <- _ret' ] [ &v1 <- _ret'.final ] s2) + | s2 = deref_mut'0 {_105} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_104 <- _ret' ] s3) + | s3 = bb45 ] + + | bb45 = s0 + [ s0 = MutBorrow.borrow_final {_104.current} {MutBorrow.get_id _104} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> - [ &_16 <- _ret' ] - [ &_17 <- { _17 with current = _ret'.final } ] + [ &_103 <- _ret' ] + [ &_104 <- { _104 with current = _ret'.final } ] s1) - | s1 = pop_front_ghost'0 {_16} (fun (_ret':t_Option'0) -> [ &pop1 <- _ret' ] s2) - | s2 = bb8 ] - - | bb8 = s0 - [ s0 = -{resolve'0 _17}- s1 - | s1 = MutBorrow.borrow_mut {(_1.field_0'1).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_22 <- _ret' ] - [ &_1 <- { field_0'1 = { _1.field_0'1 with current = _ret'.final } } ] - s2) - | s2 = deref_mut'0 {_22} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_21 <- _ret' ] s3) - | s3 = bb9 ] - - | bb9 = s0 - [ s0 = MutBorrow.borrow_final {_21.current} {MutBorrow.get_id _21} + | s1 = pop_front_ghost'0 {_103} (fun (_ret':t_Option'2) -> [ &pop11 <- _ret' ] s2) + | s2 = bb46 ] + + | bb46 = s0 + [ s0 = -{resolve'0 _104}- s1 + | s1 = MutBorrow.borrow_mut {v1} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_109 <- _ret' ] [ &v1 <- _ret'.final ] s2) + | s2 = deref_mut'0 {_109} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_108 <- _ret' ] s3) + | s3 = bb47 ] + + | bb47 = s0 + [ s0 = MutBorrow.borrow_final {_108.current} {MutBorrow.get_id _108} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> - [ &_20 <- _ret' ] - [ &_21 <- { _21 with current = _ret'.final } ] + [ &_107 <- _ret' ] + [ &_108 <- { _108 with current = _ret'.final } ] s1) - | s1 = pop_front_ghost'0 {_20} (fun (_ret':t_Option'0) -> [ &pop2 <- _ret' ] s2) - | s2 = bb10 ] - - | bb10 = s0 - [ s0 = -{resolve'0 _21}- s1 - | s1 = MutBorrow.borrow_mut {(_1.field_0'1).current} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_26 <- _ret' ] - [ &_1 <- { field_0'1 = { _1.field_0'1 with current = _ret'.final } } ] - s2) - | s2 = deref_mut'0 {_26} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_25 <- _ret' ] s3) - | s3 = bb11 ] - - | bb11 = s0 - [ s0 = MutBorrow.borrow_final {_25.current} {MutBorrow.get_id _25} + | s1 = pop_front_ghost'0 {_107} (fun (_ret':t_Option'2) -> [ &pop21 <- _ret' ] s2) + | s2 = bb48 ] + + | bb48 = s0 + [ s0 = -{resolve'0 _108}- s1 + | s1 = MutBorrow.borrow_mut {v1} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_113 <- _ret' ] [ &v1 <- _ret'.final ] s2) + | s2 = deref_mut'0 {_113} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_112 <- _ret' ] s3) + | s3 = bb49 ] + + | bb49 = s0 + [ s0 = MutBorrow.borrow_final {_112.current} {MutBorrow.get_id _112} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> - [ &_24 <- _ret' ] - [ &_25 <- { _25 with current = _ret'.final } ] + [ &_111 <- _ret' ] + [ &_112 <- { _112 with current = _ret'.final } ] s1) - | s1 = pop_front_ghost'0 {_24} (fun (_ret':t_Option'0) -> [ &pop3 <- _ret' ] s2) - | s2 = bb12 ] - - | bb12 = s0 - [ s0 = -{resolve'0 _25}- s1 - | s1 = MutBorrow.borrow_final {(_1.field_0'1).current} {MutBorrow.get_id _1.field_0'1} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_30 <- _ret' ] - [ &_1 <- { field_0'1 = { _1.field_0'1 with current = _ret'.final } } ] - s2) - | s2 = deref_mut'0 {_30} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_29 <- _ret' ] s3) - | s3 = bb13 ] - - | bb13 = s0 - [ s0 = MutBorrow.borrow_final {_29.current} {MutBorrow.get_id _29} + | s1 = pop_front_ghost'0 {_111} (fun (_ret':t_Option'2) -> [ &pop31 <- _ret' ] s2) + | s2 = bb50 ] + + | bb50 = s0 + [ s0 = -{resolve'0 _112}- s1 + | s1 = MutBorrow.borrow_mut {v1} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_117 <- _ret' ] [ &v1 <- _ret'.final ] s2) + | s2 = deref_mut'0 {_117} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> [ &_116 <- _ret' ] s3) + | s3 = bb51 ] + + | bb51 = s0 + [ s0 = MutBorrow.borrow_final {_116.current} {MutBorrow.get_id _116} (fun (_ret':MutBorrow.t (Seq.seq Int32.t)) -> - [ &_28 <- _ret' ] - [ &_29 <- { _29 with current = _ret'.final } ] + [ &_115 <- _ret' ] + [ &_116 <- { _116 with current = _ret'.final } ] s1) - | s1 = pop_front_ghost'0 {_28} (fun (_ret':t_Option'0) -> [ &pop4 <- _ret' ] s2) - | s2 = bb14 ] - - | bb14 = s0 - [ s0 = -{resolve'0 _29}- s1 - | s1 = -{resolve'3 _1}- s2 - | s2 = {[@expl:assertion] [%#sghost_vec29] pop1 = C_Some'0 (3 : Int32.t)} s3 - | s3 = {[@expl:assertion] [%#sghost_vec30] pop2 = C_Some'0 (2 : Int32.t)} s4 - | s4 = {[@expl:assertion] [%#sghost_vec31] pop3 = C_Some'0 (1 : Int32.t)} s5 - | s5 = {[@expl:assertion] [%#sghost_vec32] pop4 = C_None'0} s6 - | s6 = new'2 {_2} (fun (_ret':t_GhostBox'1) -> [ &_0 <- _ret' ] s7) - | s7 = bb15 ] - - | bb15 = return' {_0} ] - - [ & _0 : t_GhostBox'1 = Intrinsic.any_l () - | & _1 : closure2'1 = _1 - | & _2 : () = Intrinsic.any_l () - | & _3 : () = Intrinsic.any_l () - | & _4 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _5 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _6 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & _7 : () = Intrinsic.any_l () - | & _8 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _9 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _10 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & _11 : () = Intrinsic.any_l () - | & _12 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _13 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _14 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & pop1 : t_Option'0 = Intrinsic.any_l () - | & _16 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _17 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _18 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & pop2 : t_Option'0 = Intrinsic.any_l () - | & _20 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _21 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _22 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & pop3 : t_Option'0 = Intrinsic.any_l () - | & _24 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _25 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _26 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & pop4 : t_Option'0 = Intrinsic.any_l () - | & _28 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _29 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () - | & _30 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'1)-> return' {result} ] - - meta "compute_max_steps" 1000000 - - let rec ghost_vec'0[#"ghost_vec.rs" 4 0 4 18] (_1:()) (return' (ret:()))= (! bb0 - [ bb0 = s0 [ s0 = new'0 {[%#sghost_vec0] ()} (fun (_ret':t_GhostBox'0) -> [ &v <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 - [ s0 = {[@expl:assertion] [%#sghost_vec1] forall i : int . get'0 (inner_logic'0 v) i = C_None'0} s1 - | s1 = MutBorrow.borrow_mut {v} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_6 <- _ret' ] [ &v <- _ret'.final ] s2) - | s2 = [ &_5 <- { field_0'0 = _6 } ] s3 - | s3 = closure1'0 {_5} (fun (_ret':t_GhostBox'1) -> [ &_4 <- _ret' ] s4) - | s4 = bb2 ] - - | bb2 = bb3 - | bb3 = s0 [ s0 = new'0 {[%#sghost_vec2] ()} (fun (_ret':t_GhostBox'0) -> [ &v1 <- _ret' ] s1) | s1 = bb4 ] - | bb4 = s0 - [ s0 = MutBorrow.borrow_mut {v1} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_11 <- _ret' ] [ &v1 <- _ret'.final ] s1) - | s1 = [ &_10 <- { field_0'1 = _11 } ] s2 - | s2 = closure2'0 {_10} (fun (_ret':t_GhostBox'1) -> [ &_9 <- _ret' ] s3) - | s3 = bb5 ] - - | bb5 = bb6 - | bb6 = bb7 - | bb7 = bb8 - | bb8 = return' {_0} ] + | s1 = pop_front_ghost'0 {_115} (fun (_ret':t_Option'2) -> [ &pop41 <- _ret' ] s2) + | s2 = bb52 ] + + | bb52 = s0 + [ s0 = -{resolve'0 _116}- s1 + | s1 = {[@expl:assertion] [%#sghost_vec25] pop11 = C_Some'2 (3 : Int32.t)} s2 + | s2 = {[@expl:assertion] [%#sghost_vec26] pop21 = C_Some'2 (2 : Int32.t)} s3 + | s3 = {[@expl:assertion] [%#sghost_vec27] pop31 = C_Some'2 (1 : Int32.t)} s4 + | s4 = {[@expl:assertion] [%#sghost_vec28] pop41 = C_None'0} s5 + | s5 = new'2 {_89} (fun (_ret':t_GhostBox'2) -> [ &_88 <- _ret' ] s6) + | s6 = bb53 ] + + | bb53 = bb54 + | bb54 = bb55 + | bb55 = bb56 + | bb56 = return' {_0} ] ) [ & _0 : () = Intrinsic.any_l () | & v : t_GhostBox'0 = Intrinsic.any_l () - | & _4 : t_GhostBox'1 = Intrinsic.any_l () - | & _5 : closure1'1 = Intrinsic.any_l () - | & _6 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & _7 : () = Intrinsic.any_l () + | & _4 : t_GhostBox'2 = Intrinsic.any_l () + | & _5 : () = Intrinsic.any_l () + | & _6 : () = Intrinsic.any_l () + | & _7 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _8 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _9 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & _14 : () = Intrinsic.any_l () + | & _15 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _16 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _17 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & _18 : () = Intrinsic.any_l () + | & _19 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _20 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _21 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & len : int = Intrinsic.any_l () + | & _24 : Seq.seq Int32.t = Intrinsic.any_l () + | & get1 : t_Option'0 = Intrinsic.any_l () + | & _32 : Seq.seq Int32.t = Intrinsic.any_l () + | & _34 : int = Intrinsic.any_l () + | & _35 : t_GhostBox'1 = Intrinsic.any_l () + | & get2 : t_Option'0 = Intrinsic.any_l () + | & _38 : Seq.seq Int32.t = Intrinsic.any_l () + | & _40 : int = Intrinsic.any_l () + | & _41 : t_GhostBox'1 = Intrinsic.any_l () + | & _47 : t_Option'1 = Intrinsic.any_l () + | & _48 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _49 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _50 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & _51 : int = Intrinsic.any_l () + | & _52 : t_GhostBox'1 = Intrinsic.any_l () + | & x : MutBorrow.t Int32.t = Intrinsic.any_l () + | & pop1 : t_Option'2 = Intrinsic.any_l () + | & _58 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _59 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _60 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & pop2 : t_Option'2 = Intrinsic.any_l () + | & _62 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _63 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _64 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & pop3 : t_Option'2 = Intrinsic.any_l () + | & _66 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _67 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _68 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & pop4 : t_Option'2 = Intrinsic.any_l () + | & _70 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _71 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _72 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & pop5 : t_Option'2 = Intrinsic.any_l () + | & _74 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _75 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _76 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () | & v1 : t_GhostBox'0 = Intrinsic.any_l () - | & _9 : t_GhostBox'1 = Intrinsic.any_l () - | & _10 : closure2'1 = Intrinsic.any_l () - | & _11 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & _12 : () = Intrinsic.any_l () ] + | & _88 : t_GhostBox'2 = Intrinsic.any_l () + | & _89 : () = Intrinsic.any_l () + | & _90 : () = Intrinsic.any_l () + | & _91 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _92 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _93 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & _94 : () = Intrinsic.any_l () + | & _95 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _96 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _97 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & _98 : () = Intrinsic.any_l () + | & _99 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _100 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _101 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & pop11 : t_Option'2 = Intrinsic.any_l () + | & _103 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _104 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _105 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & pop21 : t_Option'2 = Intrinsic.any_l () + | & _107 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _108 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _109 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & pop31 : t_Option'2 = Intrinsic.any_l () + | & _111 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _112 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _113 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () + | & pop41 : t_Option'2 = Intrinsic.any_l () + | & _115 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _116 : MutBorrow.t (Seq.seq Int32.t) = Intrinsic.any_l () + | & _117 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/ghost/ghost_vec/proof.json b/creusot/tests/should_succeed/ghost/ghost_vec/proof.json index ff80e83536..330b7f2194 100644 --- a/creusot/tests/should_succeed/ghost/ghost_vec/proof.json +++ b/creusot/tests/should_succeed/ghost/ghost_vec/proof.json @@ -7,13 +7,11 @@ ], "proofs": { "M_ghost_vec__ghost_vec": { - "vc_closure1'0": { "prover": "cvc5@1.0.5", "time": 0.043 }, - "vc_closure2'0": { "prover": "cvc5@1.0.5", "time": 0.026 }, "vc_deref'0": { "prover": "cvc5@1.0.5", "time": 0.062 }, "vc_deref_mut'0": { "prover": "cvc5@1.0.5", "time": 0.044 }, "vc_get_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.04 }, "vc_get_mut_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.03 }, - "vc_ghost_vec'0": { "prover": "cvc4@1.8", "time": 0.513 }, + "vc_ghost_vec'0": { "prover": "cvc5@1.0.5", "time": 0.368 }, "vc_into_inner'0": { "prover": "cvc5@1.0.5", "time": 0.036 }, "vc_len_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.058 }, "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.043 }, @@ -21,7 +19,7 @@ "vc_new'2": { "prover": "cvc5@1.0.5", "time": 0.043 }, "vc_pop_back_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.027 }, "vc_pop_front_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.027 }, - "vc_push_back_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.059 }, + "vc_push_back_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.024 }, "vc_push_front_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.03 }, "vc_v_Some'0": { "prover": "cvc5@1.0.5", "time": 0.04 } } diff --git a/creusot/tests/should_succeed/ghost/integers.coma b/creusot/tests/should_succeed/ghost/integers.coma index f5cd125965..691c874ec1 100644 --- a/creusot/tests/should_succeed/ghost/integers.coma +++ b/creusot/tests/should_succeed/ghost/integers.coma @@ -58,21 +58,6 @@ module M_integers__in_ghost_block [#"integers.rs" 4 0 4 23] (! return' {result}) ] - use creusot.prelude.Intrinsic - - let rec closure0'0[#"integers.rs" 5 12 5 24] [@coma:extspec] (_1:()) (return' (ret:t_GhostBox'0))= bb0 - [ bb0 = s0 - [ s0 = new'0 {[%#sintegers0] (1 : Int128.t)} (fun (_ret':t_GhostBox'0) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] - - | bb1 = s0 [ s0 = into_inner'0 {_3} (fun (_ret':int) -> [ &_2 <- _ret' ] s1) | s1 = bb2 ] - | bb2 = s0 [ s0 = new'1 {_2} (fun (_ret':t_GhostBox'0) -> [ &_0 <- _ret' ] s1) | s1 = bb3 ] - | bb3 = return' {_0} ] - - [ & _0 : t_GhostBox'0 = Intrinsic.any_l () - | & _2 : int = Intrinsic.any_l () - | & _3 : t_GhostBox'0 = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'0)-> return' {result} ] - predicate inv'2 (_1 : t_GhostBox'0) axiom inv_axiom'2 [@rewrite] : forall x : t_GhostBox'0 [inv'2 x] . inv'2 x = true @@ -116,105 +101,81 @@ module M_integers__in_ghost_block [#"integers.rs" 4 0 4 23] (! return' {result}) ] - type closure1'1 = - { field_0'0: t_GhostBox'0 } - - let rec closure1'0[#"integers.rs" 6 4 11 5] [@coma:extspec] (_1:closure1'1) (return' (ret:t_GhostBox'1))= bb0 - [ bb0 = s0 - [ s0 = new'0 {[%#sintegers1] (2 : Int128.t)} (fun (_ret':t_GhostBox'0) -> [ &_4 <- _ret' ] s1) | s1 = bb1 ] - - | bb1 = s0 [ s0 = into_inner'0 {_4} (fun (_ret':int) -> [ &y <- _ret' ] s1) | s1 = bb2 ] - | bb2 = s0 [ s0 = deref'0 {_1.field_0'0} (fun (_ret':int) -> [ &_7 <- _ret' ] s1) | s1 = bb3 ] - | bb3 = s0 [ s0 = add'0 {_7} {y} (fun (_ret':int) -> [ &z <- _ret' ] s1) | s1 = bb4 ] - | bb4 = s0 - [ s0 = new'0 {[%#sintegers2] (3 : Int128.t)} (fun (_ret':t_GhostBox'0) -> [ &_13 <- _ret' ] s1) | s1 = bb5 ] - - | bb5 = s0 [ s0 = into_inner'0 {_13} (fun (_ret':int) -> [ &_12 <- _ret' ] s1) | s1 = bb6 ] - | bb6 = s0 [ s0 = mul'0 {z} {_12} (fun (_ret':int) -> [ &w <- _ret' ] s1) | s1 = bb7 ] - | bb7 = s0 - [ s0 = {[@expl:assertion] [%#sintegers3] w = 9} s1 - | s1 = new'2 {_2} (fun (_ret':t_GhostBox'1) -> [ &_0 <- _ret' ] s2) - | s2 = bb8 ] - - | bb8 = return' {_0} ] - - [ & _0 : t_GhostBox'1 = Intrinsic.any_l () - | & _1 : closure1'1 = _1 - | & _2 : () = Intrinsic.any_l () - | & y : int = Intrinsic.any_l () - | & _4 : t_GhostBox'0 = Intrinsic.any_l () - | & z : int = Intrinsic.any_l () - | & _7 : int = Intrinsic.any_l () - | & w : int = Intrinsic.any_l () - | & _12 : int = Intrinsic.any_l () - | & _13 : t_GhostBox'0 = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'1)-> return' {result} ] - let rec ghost_function'0 (x:int) (y:int) (z:int) (return' (ret:int))= any [ return' (result:int)-> {[%#sintegers20] result = x + Int.mod y z} (! return' {result}) ] - let rec closure2'0[#"integers.rs" 13 4 16 5] [@coma:extspec] (_1:()) (return' (ret:t_GhostBox'1))= bb0 + use creusot.prelude.Intrinsic + + meta "compute_max_steps" 1000000 + + let rec in_ghost_block'0[#"integers.rs" 4 0 4 23] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = new'0 {[%#sintegers4] (4 : Int128.t)} (fun (_ret':t_GhostBox'0) -> [ &_5 <- _ret' ] s1) | s1 = bb1 ] - - | bb1 = s0 [ s0 = into_inner'0 {_5} (fun (_ret':int) -> [ &_4 <- _ret' ] s1) | s1 = bb2 ] - | bb2 = s0 - [ s0 = new'0 {[%#sintegers5] (13 : Int128.t)} (fun (_ret':t_GhostBox'0) -> [ &_7 <- _ret' ] s1) | s1 = bb3 ] + [ s0 = new'0 {[%#sintegers0] (1 : Int128.t)} (fun (_ret':t_GhostBox'0) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] - | bb3 = s0 [ s0 = into_inner'0 {_7} (fun (_ret':int) -> [ &_6 <- _ret' ] s1) | s1 = bb4 ] - | bb4 = s0 - [ s0 = new'0 {[%#sintegers6] (5 : Int128.t)} (fun (_ret':t_GhostBox'0) -> [ &_9 <- _ret' ] s1) | s1 = bb5 ] + | bb1 = s0 [ s0 = into_inner'0 {_3} (fun (_ret':int) -> [ &_2 <- _ret' ] s1) | s1 = bb2 ] + | bb2 = s0 [ s0 = new'1 {_2} (fun (_ret':t_GhostBox'0) -> [ &x <- _ret' ] s1) | s1 = bb3 ] + | bb3 = s0 + [ s0 = new'0 {[%#sintegers1] (2 : Int128.t)} (fun (_ret':t_GhostBox'0) -> [ &_7 <- _ret' ] s1) | s1 = bb4 ] - | bb5 = s0 [ s0 = into_inner'0 {_9} (fun (_ret':int) -> [ &_8 <- _ret' ] s1) | s1 = bb6 ] - | bb6 = s0 [ s0 = ghost_function'0 {_4} {_6} {_8} (fun (_ret':int) -> [ &x <- _ret' ] s1) | s1 = bb7 ] + | bb4 = s0 [ s0 = into_inner'0 {_7} (fun (_ret':int) -> [ &y <- _ret' ] s1) | s1 = bb5 ] + | bb5 = s0 [ s0 = deref'0 {x} (fun (_ret':int) -> [ &_10 <- _ret' ] s1) | s1 = bb6 ] + | bb6 = s0 [ s0 = add'0 {_10} {y} (fun (_ret':int) -> [ &z <- _ret' ] s1) | s1 = bb7 ] | bb7 = s0 - [ s0 = {[@expl:assertion] [%#sintegers7] x = 7} s1 - | s1 = new'2 {_2} (fun (_ret':t_GhostBox'1) -> [ &_0 <- _ret' ] s2) - | s2 = bb8 ] + [ s0 = new'0 {[%#sintegers2] (3 : Int128.t)} (fun (_ret':t_GhostBox'0) -> [ &_16 <- _ret' ] s1) | s1 = bb8 ] - | bb8 = return' {_0} ] + | bb8 = s0 [ s0 = into_inner'0 {_16} (fun (_ret':int) -> [ &_15 <- _ret' ] s1) | s1 = bb9 ] + | bb9 = s0 [ s0 = mul'0 {z} {_15} (fun (_ret':int) -> [ &w <- _ret' ] s1) | s1 = bb10 ] + | bb10 = s0 + [ s0 = {[@expl:assertion] [%#sintegers3] w = 9} s1 + | s1 = new'2 {_5} (fun (_ret':t_GhostBox'1) -> [ &_4 <- _ret' ] s2) + | s2 = bb11 ] - [ & _0 : t_GhostBox'1 = Intrinsic.any_l () - | & _2 : () = Intrinsic.any_l () - | & x : int = Intrinsic.any_l () - | & _4 : int = Intrinsic.any_l () - | & _5 : t_GhostBox'0 = Intrinsic.any_l () - | & _6 : int = Intrinsic.any_l () - | & _7 : t_GhostBox'0 = Intrinsic.any_l () - | & _8 : int = Intrinsic.any_l () - | & _9 : t_GhostBox'0 = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'1)-> return' {result} ] - - meta "compute_max_steps" 1000000 - - let rec in_ghost_block'0[#"integers.rs" 4 0 4 23] (_1:()) (return' (ret:()))= (! bb0 - [ bb0 = s0 - [ s0 = [ &_2 <- () ] s1 | s1 = closure0'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &x <- _ret' ] s2) | s2 = bb1 ] + | bb11 = bb12 + | bb12 = s0 + [ s0 = new'0 {[%#sintegers4] (4 : Int128.t)} (fun (_ret':t_GhostBox'0) -> [ &_23 <- _ret' ] s1) | s1 = bb13 ] - | bb1 = s0 - [ s0 = [ &_5 <- { field_0'0 = x } ] s1 - | s1 = closure1'0 {_5} (fun (_ret':t_GhostBox'1) -> [ &_4 <- _ret' ] s2) - | s2 = bb2 ] + | bb13 = s0 [ s0 = into_inner'0 {_23} (fun (_ret':int) -> [ &_22 <- _ret' ] s1) | s1 = bb14 ] + | bb14 = s0 + [ s0 = new'0 {[%#sintegers5] (13 : Int128.t)} (fun (_ret':t_GhostBox'0) -> [ &_25 <- _ret' ] s1) | s1 = bb15 ] - | bb2 = bb3 - | bb3 = s0 - [ s0 = [ &_9 <- () ] s1 | s1 = closure2'0 {_9} (fun (_ret':t_GhostBox'1) -> [ &_8 <- _ret' ] s2) | s2 = bb4 ] + | bb15 = s0 [ s0 = into_inner'0 {_25} (fun (_ret':int) -> [ &_24 <- _ret' ] s1) | s1 = bb16 ] + | bb16 = s0 + [ s0 = new'0 {[%#sintegers6] (5 : Int128.t)} (fun (_ret':t_GhostBox'0) -> [ &_27 <- _ret' ] s1) | s1 = bb17 ] + + | bb17 = s0 [ s0 = into_inner'0 {_27} (fun (_ret':int) -> [ &_26 <- _ret' ] s1) | s1 = bb18 ] + | bb18 = s0 [ s0 = ghost_function'0 {_22} {_24} {_26} (fun (_ret':int) -> [ &x1 <- _ret' ] s1) | s1 = bb19 ] + | bb19 = s0 + [ s0 = {[@expl:assertion] [%#sintegers7] x1 = 7} s1 + | s1 = new'2 {_20} (fun (_ret':t_GhostBox'1) -> [ &_19 <- _ret' ] s2) + | s2 = bb20 ] - | bb4 = bb5 - | bb5 = bb6 - | bb6 = return' {_0} ] + | bb20 = bb21 + | bb21 = bb22 + | bb22 = return' {_0} ] ) [ & _0 : () = Intrinsic.any_l () | & x : t_GhostBox'0 = Intrinsic.any_l () - | & _2 : () = Intrinsic.any_l () - | & _3 : () = Intrinsic.any_l () + | & _2 : int = Intrinsic.any_l () + | & _3 : t_GhostBox'0 = Intrinsic.any_l () | & _4 : t_GhostBox'1 = Intrinsic.any_l () - | & _5 : closure1'1 = Intrinsic.any_l () - | & _7 : () = Intrinsic.any_l () - | & _8 : t_GhostBox'1 = Intrinsic.any_l () - | & _9 : () = Intrinsic.any_l () - | & _10 : () = Intrinsic.any_l () ] + | & _5 : () = Intrinsic.any_l () + | & y : int = Intrinsic.any_l () + | & _7 : t_GhostBox'0 = Intrinsic.any_l () + | & z : int = Intrinsic.any_l () + | & _10 : int = Intrinsic.any_l () + | & w : int = Intrinsic.any_l () + | & _15 : int = Intrinsic.any_l () + | & _16 : t_GhostBox'0 = Intrinsic.any_l () + | & _19 : t_GhostBox'1 = Intrinsic.any_l () + | & _20 : () = Intrinsic.any_l () + | & x1 : int = Intrinsic.any_l () + | & _22 : int = Intrinsic.any_l () + | & _23 : t_GhostBox'0 = Intrinsic.any_l () + | & _24 : int = Intrinsic.any_l () + | & _25 : t_GhostBox'0 = Intrinsic.any_l () + | & _26 : int = Intrinsic.any_l () + | & _27 : t_GhostBox'0 = Intrinsic.any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_integers__ghost_function [#"integers.rs" 21 0 21 52] diff --git a/creusot/tests/should_succeed/ghost/integers/proof.json b/creusot/tests/should_succeed/ghost/integers/proof.json index 8fe7282c30..749a038b4d 100644 --- a/creusot/tests/should_succeed/ghost/integers/proof.json +++ b/creusot/tests/should_succeed/ghost/integers/proof.json @@ -12,16 +12,13 @@ "vc_rem'0": { "prover": "cvc5@1.0.5", "time": 0.016 } }, "M_integers__in_ghost_block": { - "vc_add'0": { "prover": "cvc5@1.0.5", "time": 0.062 }, - "vc_closure0'0": { "prover": "cvc5@1.0.5", "time": 0.054 }, - "vc_closure1'0": { "prover": "cvc5@1.0.5", "time": 0.032 }, - "vc_closure2'0": { "prover": "cvc5@1.0.5", "time": 0.031 }, - "vc_deref'0": { "prover": "cvc5@1.0.5", "time": 0.047 }, + "vc_add'0": { "prover": "cvc5@1.0.5", "time": 0.017 }, + "vc_deref'0": { "prover": "cvc5@1.0.5", "time": 0.023 }, "vc_ghost_function'0": { "prover": "cvc5@1.0.5", "time": 0.028 }, "vc_in_ghost_block'0": { "prover": "cvc5@1.0.5", "time": 0.046 }, "vc_into_inner'0": { "prover": "cvc5@1.0.5", "time": 0.066 }, "vc_mul'0": { "prover": "cvc5@1.0.5", "time": 0.034 }, - "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.061 }, + "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.023 }, "vc_new'1": { "prover": "cvc5@1.0.5", "time": 0.059 }, "vc_new'2": { "prover": "cvc5@1.0.5", "time": 0.031 } } diff --git a/creusot/tests/should_succeed/ghost/snapshot_in_ghost.coma b/creusot/tests/should_succeed/ghost/snapshot_in_ghost.coma index dd45e7cba5..0a8d7670a4 100644 --- a/creusot/tests/should_succeed/ghost/snapshot_in_ghost.coma +++ b/creusot/tests/should_succeed/ghost/snapshot_in_ghost.coma @@ -31,33 +31,22 @@ module M_snapshot_in_ghost__foo [#"snapshot_in_ghost.rs" 5 0 5 12] use creusot.prelude.Snapshot - let rec closure0'0[#"snapshot_in_ghost.rs" 6 4 9 5] [@coma:extspec] (_1:()) (return' (ret:t_GhostBox'0))= bb0 + meta "compute_max_steps" 1000000 + + let rec foo'0[#"snapshot_in_ghost.rs" 5 0 5 12] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#ssnapshot_in_ghost0] Snapshot.new 1 ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = {[@expl:assertion] [%#ssnapshot_in_ghost1] Snapshot.inner x = 1} s1 - | s1 = new'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_0 <- _ret' ] s2) + | s1 = new'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_1 <- _ret' ] s2) | s2 = bb2 ] - | bb2 = return' {_0} ] - - [ & _0 : t_GhostBox'0 = Intrinsic.any_l () - | & _2 : () = Intrinsic.any_l () - | & x : Snapshot.snap_ty (int) = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'0)-> return' {result} ] - - meta "compute_max_steps" 1000000 - - let rec foo'0[#"snapshot_in_ghost.rs" 5 0 5 12] (_1:()) (return' (ret:()))= (! bb0 - [ bb0 = s0 - [ s0 = [ &_2 <- () ] s1 | s1 = closure0'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_1 <- _ret' ] s2) | s2 = bb1 ] - - | bb1 = bb2 - | bb2 = return' {_0} ] + | bb2 = bb3 + | bb3 = return' {_0} ] ) [ & _0 : () = Intrinsic.any_l () | & _1 : t_GhostBox'0 = Intrinsic.any_l () | & _2 : () = Intrinsic.any_l () - | & _3 : () = Intrinsic.any_l () ] + | & x : Snapshot.snap_ty (int) = Intrinsic.any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_snapshot_in_ghost__is_pure [#"snapshot_in_ghost.rs" 14 0 14 16] diff --git a/creusot/tests/should_succeed/ghost/snapshot_in_ghost/proof.json b/creusot/tests/should_succeed/ghost/snapshot_in_ghost/proof.json index 79d6bafe8b..8ff6a601ab 100644 --- a/creusot/tests/should_succeed/ghost/snapshot_in_ghost/proof.json +++ b/creusot/tests/should_succeed/ghost/snapshot_in_ghost/proof.json @@ -6,13 +6,16 @@ { "prover": "cvc4@1.8", "size": 45, "time": 0.426 } ], "proofs": { + "M_snapshot_in_ghost__bar": { + "vc_bar'0": { "prover": "cvc5@1.0.5", "time": 0.018 }, + "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.021 } + }, "M_snapshot_in_ghost__foo": { - "vc_closure0'0": { "prover": "cvc5@1.0.5", "time": 0.019 }, - "vc_foo'0": { "prover": "cvc5@1.0.5", "time": 0.01 }, + "vc_foo'0": { "prover": "cvc5@1.0.5", "time": 0.027 }, "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.005 } }, "M_snapshot_in_ghost__is_pure": { - "vc_is_pure'0": { "prover": "cvc5@1.0.5", "time": 0.004 } + "vc_is_pure'0": { "prover": "cvc5@1.0.5", "time": 0.02 } } } } diff --git a/creusot/tests/should_succeed/ghost/typing.coma b/creusot/tests/should_succeed/ghost/typing.coma index dfa8de2c72..274c957b66 100644 --- a/creusot/tests/should_succeed/ghost/typing.coma +++ b/creusot/tests/should_succeed/ghost/typing.coma @@ -1,22 +1,22 @@ module M_typing__ghost_enter_ghost [#"typing.rs" 14 0 14 26] - let%span styping0 = "typing.rs" 25 18 25 30 - let%span styping1 = "typing.rs" 26 18 26 29 - let%span styping2 = "typing.rs" 15 32 15 33 - let%span styping3 = "typing.rs" 16 32 16 33 - let%span styping4 = "typing.rs" 17 35 17 36 - let%span styping5 = "typing.rs" 22 25 22 26 - let%span sghost6 = "../../../../creusot-contracts/src/ghost.rs" 99 4 99 12 - let%span sghost7 = "../../../../creusot-contracts/src/ghost.rs" 185 15 185 16 - let%span sghost8 = "../../../../creusot-contracts/src/ghost.rs" 185 4 185 28 - let%span sghost9 = "../../../../creusot-contracts/src/ghost.rs" 183 14 183 28 - let%span sghost10 = "../../../../creusot-contracts/src/ghost.rs" 69 14 69 18 - let%span sghost11 = "../../../../creusot-contracts/src/ghost.rs" 69 4 69 36 - let%span sghost12 = "../../../../creusot-contracts/src/ghost.rs" 68 14 68 35 - let%span sghost13 = "../../../../creusot-contracts/src/ghost.rs" 85 22 85 26 - let%span sghost14 = "../../../../creusot-contracts/src/ghost.rs" 85 4 85 48 - let%span sghost15 = "../../../../creusot-contracts/src/ghost.rs" 84 14 84 36 - let%span sboxed16 = "../../../../creusot-contracts/src/std/boxed.rs" 22 8 22 22 - let%span sresolve17 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span styping0 = "typing.rs" 15 32 15 33 + let%span styping1 = "typing.rs" 16 32 16 33 + let%span styping2 = "typing.rs" 17 35 17 36 + let%span styping3 = "typing.rs" 22 25 22 26 + let%span styping4 = "typing.rs" 25 18 25 30 + let%span styping5 = "typing.rs" 26 18 26 29 + let%span sghost6 = "../../../../creusot-contracts/src/ghost.rs" 185 15 185 16 + let%span sghost7 = "../../../../creusot-contracts/src/ghost.rs" 185 4 185 28 + let%span sghost8 = "../../../../creusot-contracts/src/ghost.rs" 183 14 183 28 + let%span sghost9 = "../../../../creusot-contracts/src/ghost.rs" 69 14 69 18 + let%span sghost10 = "../../../../creusot-contracts/src/ghost.rs" 69 4 69 36 + let%span sghost11 = "../../../../creusot-contracts/src/ghost.rs" 68 14 68 35 + let%span sghost12 = "../../../../creusot-contracts/src/ghost.rs" 85 22 85 26 + let%span sghost13 = "../../../../creusot-contracts/src/ghost.rs" 85 4 85 48 + let%span sghost14 = "../../../../creusot-contracts/src/ghost.rs" 84 14 84 36 + let%span sghost15 = "../../../../creusot-contracts/src/ghost.rs" 99 4 99 12 + let%span sresolve16 = "../../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sboxed17 = "../../../../creusot-contracts/src/std/boxed.rs" 22 8 22 22 let%span styping18 = "typing.rs" 10 20 10 27 use creusot.int.Int32 @@ -35,50 +35,13 @@ module M_typing__ghost_enter_ghost [#"typing.rs" 14 0 14 26] axiom inv_axiom'1 [@rewrite] : forall x : t_GhostBox'0 [inv'1 x] . inv'1 x = true - let rec new'0 (x:t_NonCopy'0) (return' (ret:t_GhostBox'0))= {[@expl:new 'x' type invariant] [%#sghost7] inv'0 x} + let rec new'0 (x:t_NonCopy'0) (return' (ret:t_GhostBox'0))= {[@expl:new 'x' type invariant] [%#sghost6] inv'0 x} any - [ return' (result:t_GhostBox'0)-> {[%#sghost8] inv'1 result} - {[%#sghost9] result.t_GhostBox__0'0 = x} + [ return' (result:t_GhostBox'0)-> {[%#sghost7] inv'1 result} + {[%#sghost8] result.t_GhostBox__0'0 = x} (! return' {result}) ] - use creusot.prelude.Intrinsic - - let rec closure0'0[#"typing.rs" 15 17 15 35] [@coma:extspec] (_1:()) (return' (ret:t_GhostBox'0))= bb0 - [ bb0 = s0 - [ s0 = [ &_2 <- { t_NonCopy__0'0 = ([%#styping2] (1 : Int32.t)) } ] s1 - | s1 = new'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_0 <- _ret' ] s2) - | s2 = bb1 ] - - | bb1 = return' {_0} ] - [ & _0 : t_GhostBox'0 = Intrinsic.any_l () | & _2 : t_NonCopy'0 = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'0)-> return' {result} ] - - - let rec closure1'0[#"typing.rs" 16 17 16 35] [@coma:extspec] (_1:()) (return' (ret:t_GhostBox'0))= bb0 - [ bb0 = s0 - [ s0 = [ &_2 <- { t_NonCopy__0'0 = ([%#styping3] (2 : Int32.t)) } ] s1 - | s1 = new'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_0 <- _ret' ] s2) - | s2 = bb1 ] - - | bb1 = return' {_0} ] - [ & _0 : t_GhostBox'0 = Intrinsic.any_l () | & _2 : t_NonCopy'0 = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'0)-> return' {result} ] - - - let rec closure2'0[#"typing.rs" 17 20 17 38] [@coma:extspec] (_1:()) (return' (ret:t_GhostBox'0))= bb0 - [ bb0 = s0 - [ s0 = [ &_2 <- { t_NonCopy__0'0 = ([%#styping4] (3 : Int32.t)) } ] s1 - | s1 = new'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_0 <- _ret' ] s2) - | s2 = bb1 ] - - | bb1 = return' {_0} ] - [ & _0 : t_GhostBox'0 = Intrinsic.any_l () | & _2 : t_NonCopy'0 = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'0)-> return' {result} ] - - - use creusot.prelude.MutBorrow - predicate inv'2 (_1 : t_GhostBox'0) axiom inv_axiom'2 [@rewrite] : forall x : t_GhostBox'0 [inv'2 x] . inv'2 x = true @@ -87,13 +50,15 @@ module M_typing__ghost_enter_ghost [#"typing.rs" 14 0 14 26] axiom inv_axiom'3 [@rewrite] : forall x : t_NonCopy'0 [inv'3 x] . inv'3 x = true - let rec deref'0 (self:t_GhostBox'0) (return' (ret:t_NonCopy'0))= {[@expl:deref 'self' type invariant] [%#sghost10] inv'2 self} + let rec deref'0 (self:t_GhostBox'0) (return' (ret:t_NonCopy'0))= {[@expl:deref 'self' type invariant] [%#sghost9] inv'2 self} any - [ return' (result:t_NonCopy'0)-> {[%#sghost11] inv'3 result} - {[%#sghost12] self.t_GhostBox__0'0 = result} + [ return' (result:t_NonCopy'0)-> {[%#sghost10] inv'3 result} + {[%#sghost11] self.t_GhostBox__0'0 = result} (! return' {result}) ] + use creusot.prelude.MutBorrow + predicate inv'4 (_1 : MutBorrow.t (t_GhostBox'0)) axiom inv_axiom'4 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'0) [inv'4 x] . inv'4 x = true @@ -102,31 +67,19 @@ module M_typing__ghost_enter_ghost [#"typing.rs" 14 0 14 26] axiom inv_axiom'5 [@rewrite] : forall x : MutBorrow.t (t_NonCopy'0) [inv'5 x] . inv'5 x = true - let rec deref_mut'0 (self:MutBorrow.t (t_GhostBox'0)) (return' (ret:MutBorrow.t (t_NonCopy'0)))= {[@expl:deref_mut 'self' type invariant] [%#sghost13] inv'4 self} + let rec deref_mut'0 (self:MutBorrow.t (t_GhostBox'0)) (return' (ret:MutBorrow.t (t_NonCopy'0)))= {[@expl:deref_mut 'self' type invariant] [%#sghost12] inv'4 self} any - [ return' (result:MutBorrow.t (t_NonCopy'0))-> {[%#sghost14] inv'5 result} - {[%#sghost15] result + [ return' (result:MutBorrow.t (t_NonCopy'0))-> {[%#sghost13] inv'5 result} + {[%#sghost14] result = MutBorrow.borrow_logic (self.current).t_GhostBox__0'0 (self.final).t_GhostBox__0'0 (MutBorrow.inherit_id (MutBorrow.get_id self) 1)} (! return' {result}) ] - predicate resolve'2 (self : MutBorrow.t (t_NonCopy'0)) = - [%#sresolve17] self.final = self.current + predicate resolve'1 (self : MutBorrow.t (t_NonCopy'0)) = + [%#sresolve16] self.final = self.current predicate resolve'0 (_1 : MutBorrow.t (t_NonCopy'0)) = - resolve'2 _1 - - type closure3'1 = - { field_0'0: t_GhostBox'0; field_1'0: MutBorrow.t (t_GhostBox'0); field_2'0: t_GhostBox'0 } - - predicate resolve'4 (self : MutBorrow.t (t_GhostBox'0)) = - [%#sresolve17] self.final = self.current - - predicate resolve'3 (_1 : MutBorrow.t (t_GhostBox'0)) = - resolve'4 _1 - - predicate resolve'1 (_1 : closure3'1) = - resolve'3 _1.field_1'0 + resolve'1 _1 predicate inv'6 (_1 : ()) @@ -139,99 +92,79 @@ module M_typing__ghost_enter_ghost [#"typing.rs" 14 0 14 26] axiom inv_axiom'7 [@rewrite] : forall x : t_GhostBox'1 [inv'7 x] . inv'7 x = true - let rec new'1 (x:()) (return' (ret:t_GhostBox'1))= {[@expl:new 'x' type invariant] [%#sghost7] inv'6 x} + let rec new'1 (x:()) (return' (ret:t_GhostBox'1))= {[@expl:new 'x' type invariant] [%#sghost6] inv'6 x} any - [ return' (result:t_GhostBox'1)-> {[%#sghost8] inv'7 result} - {[%#sghost9] result.t_GhostBox__0'1 = x} + [ return' (result:t_GhostBox'1)-> {[%#sghost7] inv'7 result} + {[%#sghost8] result.t_GhostBox__0'1 = x} (! return' {result}) ] - let rec closure3'0[#"typing.rs" 19 4 23 5] [@coma:extspec] (_1:closure3'1) (return' (ret:t_GhostBox'1))= bb0 - [ bb0 = s0 [ s0 = deref'0 {_1.field_0'0} (fun (_ret':t_NonCopy'0) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 - [ s0 = [ &_5 <- { t_NonCopy__0'0 = ([%#styping5] (4 : Int32.t)) } ] s1 - | s1 = MutBorrow.borrow_final {(_1.field_1'0).current} {MutBorrow.get_id _1.field_1'0} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> - [ &_7 <- _ret' ] - [ &_1 <- { _1 with field_1'0 = { _1.field_1'0 with current = _ret'.final } } ] - s2) - | s2 = deref_mut'0 {_7} (fun (_ret':MutBorrow.t (t_NonCopy'0)) -> [ &_6 <- _ret' ] s3) - | s3 = bb2 ] - - | bb2 = s0 - [ s0 = [ &_6 <- { _6 with current = _5 } ] s1 - | s1 = -{resolve'0 _6}- s2 - | s2 = -{resolve'1 _1}- s3 - | s3 = new'1 {_2} (fun (_ret':t_GhostBox'1) -> [ &_0 <- _ret' ] s4) - | s4 = bb3 ] - - | bb3 = return' {_0} ] - - [ & _0 : t_GhostBox'1 = Intrinsic.any_l () - | & _1 : closure3'1 = _1 - | & _2 : () = Intrinsic.any_l () - | & _3 : t_NonCopy'0 = Intrinsic.any_l () - | & _5 : t_NonCopy'0 = Intrinsic.any_l () - | & _6 : MutBorrow.t (t_NonCopy'0) = Intrinsic.any_l () - | & _7 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'1)-> return' {result} ] - use creusot.int.Int32 function view'2 [#"typing.rs" 9 4 9 33] (self : t_NonCopy'0) : int = [%#styping18] Int32.to_int self.t_NonCopy__0'0 function view'1 (self : t_NonCopy'0) : int = - [%#sboxed16] view'2 self + [%#sboxed17] view'2 self function view'0 (self : t_GhostBox'0) : int = - [%#sghost6] view'1 self.t_GhostBox__0'0 + [%#sghost15] view'1 self.t_GhostBox__0'0 + + use creusot.prelude.Intrinsic meta "compute_max_steps" 1000000 let rec ghost_enter_ghost'0[#"typing.rs" 14 0 14 26] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 - [ s0 = [ &_2 <- () ] s1 - | s1 = closure0'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &g_move <- _ret' ] s2) + [ s0 = [ &_2 <- { t_NonCopy__0'0 = ([%#styping0] (1 : Int32.t)) } ] s1 + | s1 = new'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &g_move <- _ret' ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = [ &_5 <- () ] s1 - | s1 = closure1'0 {_5} (fun (_ret':t_GhostBox'0) -> [ &g_read <- _ret' ] s2) + [ s0 = [ &_4 <- { t_NonCopy__0'0 = ([%#styping1] (2 : Int32.t)) } ] s1 + | s1 = new'0 {_4} (fun (_ret':t_GhostBox'0) -> [ &g_read <- _ret' ] s2) | s2 = bb2 ] | bb2 = s0 - [ s0 = [ &_8 <- () ] s1 | s1 = closure2'0 {_8} (fun (_ret':t_GhostBox'0) -> [ &g_mut <- _ret' ] s2) | s2 = bb3 ] + [ s0 = [ &_6 <- { t_NonCopy__0'0 = ([%#styping2] (3 : Int32.t)) } ] s1 + | s1 = new'0 {_6} (fun (_ret':t_GhostBox'0) -> [ &g_mut <- _ret' ] s2) + | s2 = bb3 ] + + | bb3 = s0 [ s0 = deref'0 {g_read} (fun (_ret':t_NonCopy'0) -> [ &_9 <- _ret' ] s1) | s1 = bb4 ] + | bb4 = s0 + [ s0 = [ &_11 <- { t_NonCopy__0'0 = ([%#styping3] (4 : Int32.t)) } ] s1 + | s1 = MutBorrow.borrow_mut {g_mut} + (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_13 <- _ret' ] [ &g_mut <- _ret'.final ] s2) + | s2 = deref_mut'0 {_13} (fun (_ret':MutBorrow.t (t_NonCopy'0)) -> [ &_12 <- _ret' ] s3) + | s3 = bb5 ] - | bb3 = s0 - [ s0 = MutBorrow.borrow_mut {g_mut} - (fun (_ret':MutBorrow.t (t_GhostBox'0)) -> [ &_13 <- _ret' ] [ &g_mut <- _ret'.final ] s1) - | s1 = [ &_11 <- { field_0'0 = g_read; field_1'0 = _13; field_2'0 = g_move } ] s2 - | s2 = closure3'0 {_11} (fun (_ret':t_GhostBox'1) -> [ &_10 <- _ret' ] s3) - | s3 = bb4 ] + | bb5 = s0 + [ s0 = [ &_12 <- { _12 with current = _11 } ] s1 + | s1 = -{resolve'0 _12}- s2 + | s2 = new'1 {_8} (fun (_ret':t_GhostBox'1) -> [ &_7 <- _ret' ] s3) + | s3 = bb6 ] - | bb4 = bb5 - | bb5 = s0 [ s0 = {[@expl:assertion] [%#styping0] view'0 g_read = 2} s1 | s1 = bb6 ] - | bb6 = s0 [ s0 = {[@expl:assertion] [%#styping1] view'0 g_mut = 4} s1 | s1 = bb7 ] - | bb7 = bb8 - | bb8 = bb9 + | bb6 = bb7 + | bb7 = s0 [ s0 = {[@expl:assertion] [%#styping4] view'0 g_read = 2} s1 | s1 = bb8 ] + | bb8 = s0 [ s0 = {[@expl:assertion] [%#styping5] view'0 g_mut = 4} s1 | s1 = bb9 ] | bb9 = bb10 - | bb10 = return' {_0} ] + | bb10 = bb11 + | bb11 = bb12 + | bb12 = return' {_0} ] ) [ & _0 : () = Intrinsic.any_l () | & g_move : t_GhostBox'0 = Intrinsic.any_l () - | & _2 : () = Intrinsic.any_l () - | & _3 : () = Intrinsic.any_l () + | & _2 : t_NonCopy'0 = Intrinsic.any_l () | & g_read : t_GhostBox'0 = Intrinsic.any_l () - | & _5 : () = Intrinsic.any_l () - | & _6 : () = Intrinsic.any_l () + | & _4 : t_NonCopy'0 = Intrinsic.any_l () | & g_mut : t_GhostBox'0 = Intrinsic.any_l () + | & _6 : t_NonCopy'0 = Intrinsic.any_l () + | & _7 : t_GhostBox'1 = Intrinsic.any_l () | & _8 : () = Intrinsic.any_l () - | & _9 : () = Intrinsic.any_l () - | & _10 : t_GhostBox'1 = Intrinsic.any_l () - | & _11 : closure3'1 = Intrinsic.any_l () - | & _13 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () - | & _15 : () = Intrinsic.any_l () ] + | & _9 : t_NonCopy'0 = Intrinsic.any_l () + | & _11 : t_NonCopy'0 = Intrinsic.any_l () + | & _12 : MutBorrow.t (t_NonCopy'0) = Intrinsic.any_l () + | & _13 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () ] [ return' (result:())-> (! return' {result}) ] end module M_typing__copy_enter_ghost [#"typing.rs" 29 0 29 25] @@ -264,38 +197,20 @@ module M_typing__copy_enter_ghost [#"typing.rs" 29 0 29 25] (! return' {result}) ] - use creusot.prelude.Intrinsic - - type closure0'1 = - { field_0'0: Int32.t; field_1'0: (); field_2'0: (Int32.t, Int32.t) } - - let rec closure0'0[#"typing.rs" 34 4 38 5] [@coma:extspec] (_1:closure0'1) (return' (ret:t_GhostBox'0))= bb0 - [ bb0 = s0 - [ s0 = [ &_x <- _1.field_0'0 ] s1 - | s1 = [ &_pair <- _1.field_2'0 ] s2 - | s2 = new'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_0 <- _ret' ] s3) - | s3 = bb1 ] - - | bb1 = return' {_0} ] - - [ & _0 : t_GhostBox'0 = Intrinsic.any_l () - | & _1 : closure0'1 = _1 - | & _2 : () = Intrinsic.any_l () - | & _x : Int32.t = Intrinsic.any_l () - | & _pair : (Int32.t, Int32.t) = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'0)-> return' {result} ] - use creusot.int.Int32 + use creusot.prelude.Intrinsic + meta "compute_max_steps" 1000000 let rec copy_enter_ghost'0[#"typing.rs" 29 0 29 25] (_1:()) (return' (ret:()))= (! bb0 [ bb0 = s0 [ s0 = [ &x <- [%#styping0] (2 : Int32.t) ] s1 | s1 = [ &pair <- (([%#styping1] (6 : Int32.t)), ([%#styping2] (42 : Int32.t))) ] s2 - | s2 = [ &_5 <- { field_0'0 = x; field_1'0 = unit; field_2'0 = pair } ] s3 - | s3 = closure0'0 {_5} (fun (_ret':t_GhostBox'0) -> [ &_4 <- _ret' ] s4) - | s4 = bb1 ] + | s2 = [ &_x <- x ] s3 + | s3 = [ &_pair <- pair ] s4 + | s4 = new'0 {_5} (fun (_ret':t_GhostBox'0) -> [ &_4 <- _ret' ] s5) + | s5 = bb1 ] | bb1 = bb2 | bb2 = s0 @@ -308,10 +223,10 @@ module M_typing__copy_enter_ghost [#"typing.rs" 29 0 29 25] ) [ & _0 : () = Intrinsic.any_l () | & x : Int32.t = Intrinsic.any_l () - | & unit : () = Intrinsic.any_l () | & pair : (Int32.t, Int32.t) = Intrinsic.any_l () | & _4 : t_GhostBox'0 = Intrinsic.any_l () - | & _5 : closure0'1 = Intrinsic.any_l () - | & _9 : () = Intrinsic.any_l () ] + | & _5 : () = Intrinsic.any_l () + | & _x : Int32.t = Intrinsic.any_l () + | & _pair : (Int32.t, Int32.t) = Intrinsic.any_l () ] [ return' (result:())-> (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/ghost/typing/proof.json b/creusot/tests/should_succeed/ghost/typing/proof.json index 7cb4f6a16c..5211d1a384 100644 --- a/creusot/tests/should_succeed/ghost/typing/proof.json +++ b/creusot/tests/should_succeed/ghost/typing/proof.json @@ -7,20 +7,15 @@ ], "proofs": { "M_typing__copy_enter_ghost": { - "vc_closure0'0": { "prover": "cvc5@1.0.5", "time": 0.025 }, "vc_copy_enter_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.02 }, - "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.061 } + "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.03 } }, "M_typing__ghost_enter_ghost": { - "vc_closure0'0": { "prover": "cvc5@1.0.5", "time": 0.061 }, - "vc_closure1'0": { "prover": "cvc5@1.0.5", "time": 0.062 }, - "vc_closure2'0": { "prover": "cvc5@1.0.5", "time": 0.056 }, - "vc_closure3'0": { "prover": "cvc5@1.0.5", "time": 0.034 }, - "vc_deref'0": { "prover": "cvc5@1.0.5", "time": 0.053 }, + "vc_deref'0": { "prover": "cvc5@1.0.5", "time": 0.021 }, "vc_deref_mut'0": { "prover": "cvc5@1.0.5", "time": 0.045 }, "vc_ghost_enter_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.048 }, "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.049 }, - "vc_new'1": { "prover": "cvc5@1.0.5", "time": 0.049 } + "vc_new'1": { "prover": "cvc5@1.0.5", "time": 0.019 } } } } diff --git a/creusot/tests/should_succeed/linked_list.coma b/creusot/tests/should_succeed/linked_list.coma index f7b772d250..aaa3d6dc76 100644 --- a/creusot/tests/should_succeed/linked_list.coma +++ b/creusot/tests/should_succeed/linked_list.coma @@ -196,61 +196,60 @@ module M_linked_list__qyi10858349784728989480__push_back [#"linked_list.rs" 77 4 let%span sghost9 = "../../../creusot-contracts/src/ghost.rs" 141 27 141 31 let%span sghost10 = "../../../creusot-contracts/src/ghost.rs" 141 4 141 52 let%span sghost11 = "../../../creusot-contracts/src/ghost.rs" 140 14 140 39 - let%span slinked_list12 = "linked_list.rs" 89 16 92 17 - let%span sptr_own13 = "../../../creusot-contracts/src/ptr_own.rs" 83 34 83 37 - let%span sptr_own14 = "../../../creusot-contracts/src/ptr_own.rs" 78 15 78 31 - let%span sptr_own15 = "../../../creusot-contracts/src/ptr_own.rs" 83 4 83 74 - let%span sptr_own16 = "../../../creusot-contracts/src/ptr_own.rs" 79 14 79 35 - let%span sptr_own17 = "../../../creusot-contracts/src/ptr_own.rs" 81 14 81 53 - let%span sptr_own18 = "../../../creusot-contracts/src/ptr_own.rs" 82 14 82 52 - let%span slinked_list19 = "linked_list.rs" 48 12 48 74 - let%span sptr20 = "../../../creusot-contracts/src/std/ptr.rs" 80 14 80 48 - let%span sptr21 = "../../../creusot-contracts/src/std/ptr.rs" 82 8 82 30 - let%span sghost22 = "../../../creusot-contracts/src/ghost.rs" 228 9 228 15 - let%span sghost23 = "../../../creusot-contracts/src/ghost.rs" 85 22 85 26 - let%span sghost24 = "../../../creusot-contracts/src/ghost.rs" 85 4 85 48 - let%span sghost25 = "../../../creusot-contracts/src/ghost.rs" 84 14 84 36 - let%span sghost26 = "../../../creusot-contracts/src/ghost.rs" 210 22 210 26 - let%span sghost27 = "../../../creusot-contracts/src/ghost.rs" 210 4 210 32 - let%span sghost28 = "../../../creusot-contracts/src/ghost.rs" 208 14 208 31 - let%span sseq29 = "../../../creusot-contracts/src/logic/seq.rs" 498 32 498 36 - let%span sseq30 = "../../../creusot-contracts/src/logic/seq.rs" 498 38 498 39 - let%span sseq31 = "../../../creusot-contracts/src/logic/seq.rs" 497 14 497 40 - let%span sghost32 = "../../../creusot-contracts/src/ghost.rs" 185 15 185 16 - let%span sghost33 = "../../../creusot-contracts/src/ghost.rs" 185 4 185 28 - let%span sghost34 = "../../../creusot-contracts/src/ghost.rs" 183 14 183 28 - let%span sghost35 = "../../../creusot-contracts/src/ghost.rs" 108 4 108 27 - let%span sresolve36 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sghost37 = "../../../creusot-contracts/src/ghost.rs" 69 14 69 18 - let%span sghost38 = "../../../creusot-contracts/src/ghost.rs" 69 4 69 36 - let%span sghost39 = "../../../creusot-contracts/src/ghost.rs" 68 14 68 35 - let%span sseq40 = "../../../creusot-contracts/src/logic/seq.rs" 455 22 455 26 - let%span sseq41 = "../../../creusot-contracts/src/logic/seq.rs" 454 14 454 34 - let%span slinked_list42 = "linked_list.rs" 56 10 56 25 - let%span sseq43 = "../../../creusot-contracts/src/logic/seq.rs" 557 30 557 34 - let%span sseq44 = "../../../creusot-contracts/src/logic/seq.rs" 557 4 557 65 - let%span sseq45 = "../../../creusot-contracts/src/logic/seq.rs" 551 14 554 5 - let%span sseq46 = "../../../creusot-contracts/src/logic/seq.rs" 555 14 555 84 - let%span sseq47 = "../../../creusot-contracts/src/logic/seq.rs" 556 14 556 44 - let%span soption48 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 + let%span sghost12 = "../../../creusot-contracts/src/ghost.rs" 85 22 85 26 + let%span sghost13 = "../../../creusot-contracts/src/ghost.rs" 85 4 85 48 + let%span sghost14 = "../../../creusot-contracts/src/ghost.rs" 84 14 84 36 + let%span sghost15 = "../../../creusot-contracts/src/ghost.rs" 210 22 210 26 + let%span sghost16 = "../../../creusot-contracts/src/ghost.rs" 210 4 210 32 + let%span sghost17 = "../../../creusot-contracts/src/ghost.rs" 208 14 208 31 + let%span sseq18 = "../../../creusot-contracts/src/logic/seq.rs" 498 32 498 36 + let%span sseq19 = "../../../creusot-contracts/src/logic/seq.rs" 498 38 498 39 + let%span sseq20 = "../../../creusot-contracts/src/logic/seq.rs" 497 14 497 40 + let%span sghost21 = "../../../creusot-contracts/src/ghost.rs" 185 15 185 16 + let%span sghost22 = "../../../creusot-contracts/src/ghost.rs" 185 4 185 28 + let%span sghost23 = "../../../creusot-contracts/src/ghost.rs" 183 14 183 28 + let%span sghost24 = "../../../creusot-contracts/src/ghost.rs" 69 14 69 18 + let%span sghost25 = "../../../creusot-contracts/src/ghost.rs" 69 4 69 36 + let%span sghost26 = "../../../creusot-contracts/src/ghost.rs" 68 14 68 35 + let%span sseq27 = "../../../creusot-contracts/src/logic/seq.rs" 455 22 455 26 + let%span sseq28 = "../../../creusot-contracts/src/logic/seq.rs" 454 14 454 34 + let%span slinked_list29 = "linked_list.rs" 56 10 56 25 + let%span sseq30 = "../../../creusot-contracts/src/logic/seq.rs" 557 30 557 34 + let%span sseq31 = "../../../creusot-contracts/src/logic/seq.rs" 557 4 557 65 + let%span sseq32 = "../../../creusot-contracts/src/logic/seq.rs" 551 14 554 5 + let%span sseq33 = "../../../creusot-contracts/src/logic/seq.rs" 555 14 555 84 + let%span sseq34 = "../../../creusot-contracts/src/logic/seq.rs" 556 14 556 44 + let%span soption35 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 + let%span sptr_own36 = "../../../creusot-contracts/src/ptr_own.rs" 83 34 83 37 + let%span sptr_own37 = "../../../creusot-contracts/src/ptr_own.rs" 78 15 78 31 + let%span sptr_own38 = "../../../creusot-contracts/src/ptr_own.rs" 83 4 83 74 + let%span sptr_own39 = "../../../creusot-contracts/src/ptr_own.rs" 79 14 79 35 + let%span sptr_own40 = "../../../creusot-contracts/src/ptr_own.rs" 81 14 81 53 + let%span sptr_own41 = "../../../creusot-contracts/src/ptr_own.rs" 82 14 82 52 + let%span slinked_list42 = "linked_list.rs" 48 12 48 74 + let%span sptr43 = "../../../creusot-contracts/src/std/ptr.rs" 80 14 80 48 + let%span sptr44 = "../../../creusot-contracts/src/std/ptr.rs" 82 8 82 30 + let%span sghost45 = "../../../creusot-contracts/src/ghost.rs" 228 9 228 15 + let%span sresolve46 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sghost47 = "../../../creusot-contracts/src/ghost.rs" 108 4 108 27 + let%span sseq48 = "../../../creusot-contracts/src/logic/seq.rs" 80 4 80 12 let%span slinked_list49 = "linked_list.rs" 67 4 67 41 - let%span sresolve50 = "../../../creusot-contracts/src/resolve.rs" 68 8 68 23 + let%span sseq50 = "../../../creusot-contracts/src/logic/seq.rs" 633 20 633 95 let%span sinvariant51 = "../../../creusot-contracts/src/invariant.rs" 35 20 35 44 - let%span sseq52 = "../../../creusot-contracts/src/logic/seq.rs" 80 4 80 12 - let%span sboxed53 = "../../../creusot-contracts/src/std/boxed.rs" 33 8 33 18 - let%span sseq54 = "../../../creusot-contracts/src/logic/seq.rs" 633 20 633 95 - let%span sptr_own55 = "../../../creusot-contracts/src/ptr_own.rs" 44 20 44 66 - let%span sinvariant56 = "../../../creusot-contracts/src/invariant.rs" 25 8 25 18 - let%span slinked_list57 = "linked_list.rs" 26 12 36 69 + let%span sresolve52 = "../../../creusot-contracts/src/resolve.rs" 68 8 68 23 + let%span sptr_own53 = "../../../creusot-contracts/src/ptr_own.rs" 44 20 44 66 + let%span sboxed54 = "../../../creusot-contracts/src/std/boxed.rs" 33 8 33 18 + let%span sinvariant55 = "../../../creusot-contracts/src/invariant.rs" 25 8 25 18 + let%span slinked_list56 = "linked_list.rs" 26 12 36 69 use creusot.prelude.Opaque function addr_logic'0 (self : Opaque.ptr) : int function is_null_logic'0 (self : Opaque.ptr) : bool = - [%#sptr21] addr_logic'0 self = 0 + [%#sptr44] addr_logic'0 self = 0 - axiom is_null_logic'0_spec : forall self : Opaque.ptr . [%#sptr20] is_null_logic'0 self = (addr_logic'0 self = 0) + axiom is_null_logic'0_spec : forall self : Opaque.ptr . [%#sptr43] is_null_logic'0 self = (addr_logic'0 self = 0) let rec null'0 (_1:()) (return' (ret:Opaque.ptr))= any [ return' (result:Opaque.ptr)-> {[%#sptr4] is_null_logic'0 result} (! return' {result}) ] @@ -261,21 +260,21 @@ module M_linked_list__qyi10858349784728989480__push_back [#"linked_list.rs" 77 4 type t_Cell'0 = { t_Cell__v'0: t_T'0; t_Cell__next'0: Opaque.ptr } - predicate inv'5 (_1 : t_T'0) + predicate inv'10 (_1 : t_T'0) - predicate inv'29 (_1 : t_Cell'0) + predicate inv'27 (_1 : t_Cell'0) - axiom inv_axiom'28 [@rewrite] : forall x : t_Cell'0 [inv'29 x] . inv'29 x + axiom inv_axiom'26 [@rewrite] : forall x : t_Cell'0 [inv'27 x] . inv'27 x = match x with - | {t_Cell__v'0 = v ; t_Cell__next'0 = next} -> inv'5 v + | {t_Cell__v'0 = v ; t_Cell__next'0 = next} -> inv'10 v end - predicate invariant'2 (self : t_Cell'0) = - [%#sboxed53] inv'29 self + predicate invariant'7 (self : t_Cell'0) = + [%#sboxed54] inv'27 self - predicate inv'6 (_1 : t_Cell'0) + predicate inv'11 (_1 : t_Cell'0) - axiom inv_axiom'5 [@rewrite] : forall x : t_Cell'0 [inv'6 x] . inv'6 x = invariant'2 x + axiom inv_axiom'10 [@rewrite] : forall x : t_Cell'0 [inv'11 x] . inv'11 x = invariant'7 x type t_PtrOwn'0 @@ -286,38 +285,38 @@ module M_linked_list__qyi10858349784728989480__push_back [#"linked_list.rs" 77 4 function val'0 (self : t_PtrOwn'0) : t_Cell'0 - predicate invariant'7 (self : t_PtrOwn'0) = - [%#sptr_own55] not is_null_logic'0 (ptr'0 self) /\ inv'6 (val'0 self) + predicate invariant'3 (self : t_PtrOwn'0) = + [%#sptr_own53] not is_null_logic'0 (ptr'0 self) /\ inv'11 (val'0 self) - predicate inv'13 (_1 : t_PtrOwn'0) + predicate inv'6 (_1 : t_PtrOwn'0) - axiom inv_axiom'12 [@rewrite] : forall x : t_PtrOwn'0 [inv'13 x] . inv'13 x = invariant'7 x + axiom inv_axiom'6 [@rewrite] : forall x : t_PtrOwn'0 [inv'6 x] . inv'6 x = invariant'3 x - predicate invariant'12 (self : t_PtrOwn'0) = - [%#sboxed53] inv'13 self + predicate invariant'15 (self : t_PtrOwn'0) = + [%#sboxed54] inv'6 self - predicate inv'22 (_1 : t_PtrOwn'0) + predicate inv'24 (_1 : t_PtrOwn'0) - axiom inv_axiom'21 [@rewrite] : forall x : t_PtrOwn'0 [inv'22 x] . inv'22 x = invariant'12 x + axiom inv_axiom'23 [@rewrite] : forall x : t_PtrOwn'0 [inv'24 x] . inv'24 x = invariant'15 x - predicate inv'3 (_1 : t_GhostBox'0) + predicate inv'5 (_1 : t_GhostBox'0) - axiom inv_axiom'3 [@rewrite] : forall x : t_GhostBox'0 [inv'3 x] . inv'3 x + axiom inv_axiom'5 [@rewrite] : forall x : t_GhostBox'0 [inv'5 x] . inv'5 x = match x with - | {t_GhostBox__0'0 = a_0} -> inv'22 a_0 + | {t_GhostBox__0'0 = a_0} -> inv'24 a_0 end - predicate inv'7 (_1 : (Opaque.ptr, t_GhostBox'0)) + predicate inv'12 (_1 : (Opaque.ptr, t_GhostBox'0)) - axiom inv_axiom'6 [@rewrite] : forall x : (Opaque.ptr, t_GhostBox'0) [inv'7 x] . inv'7 x - = (let (x0, x1) = x in inv'3 x1) + axiom inv_axiom'11 [@rewrite] : forall x : (Opaque.ptr, t_GhostBox'0) [inv'12 x] . inv'12 x + = (let (x0, x1) = x in inv'5 x1) function inner_logic'0 (self : t_GhostBox'0) : t_PtrOwn'0 = - [%#sghost22] self.t_GhostBox__0'0 + [%#sghost45] self.t_GhostBox__0'0 - let rec from_box'0 (val':t_Cell'0) (return' (ret:(Opaque.ptr, t_GhostBox'0)))= {[@expl:from_box 'val' type invariant] [%#sptr_own5] inv'6 val'} + let rec from_box'0 (val':t_Cell'0) (return' (ret:(Opaque.ptr, t_GhostBox'0)))= {[@expl:from_box 'val' type invariant] [%#sptr_own5] inv'11 val'} any - [ return' (result:(Opaque.ptr, t_GhostBox'0))-> {[%#sptr_own6] inv'7 result} + [ return' (result:(Opaque.ptr, t_GhostBox'0))-> {[%#sptr_own6] inv'12 result} {[%#sptr_own7] ptr'0 (inner_logic'0 (let (_, a) = result in a)) = (let (a, _) = result in a) /\ val'0 (inner_logic'0 (let (_, a) = result in a)) = val'} (! return' {result}) ] @@ -343,59 +342,59 @@ module M_linked_list__qyi10858349784728989480__push_back [#"linked_list.rs" 77 4 use seq.Seq - predicate invariant'4 (self : Seq.seq (t_PtrOwn'0)) = - [%#sseq54] forall i : int . 0 <= i /\ i < Seq.length self -> inv'22 (Seq.get self i) + predicate invariant'0 (self : Seq.seq (t_PtrOwn'0)) = + [%#sseq50] forall i : int . 0 <= i /\ i < Seq.length self -> inv'24 (Seq.get self i) - predicate inv'9 (_1 : Seq.seq (t_PtrOwn'0)) + predicate inv'2 (_1 : Seq.seq (t_PtrOwn'0)) - axiom inv_axiom'8 [@rewrite] : forall x : Seq.seq (t_PtrOwn'0) [inv'9 x] . inv'9 x = invariant'4 x + axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq (t_PtrOwn'0) [inv'2 x] . inv'2 x = invariant'0 x - predicate invariant'10 (self : Seq.seq (t_PtrOwn'0)) = - [%#sboxed53] inv'9 self + predicate invariant'13 (self : Seq.seq (t_PtrOwn'0)) = + [%#sboxed54] inv'2 self - predicate inv'18 (_1 : Seq.seq (t_PtrOwn'0)) + predicate inv'22 (_1 : Seq.seq (t_PtrOwn'0)) - axiom inv_axiom'17 [@rewrite] : forall x : Seq.seq (t_PtrOwn'0) [inv'18 x] . inv'18 x = invariant'10 x + axiom inv_axiom'21 [@rewrite] : forall x : Seq.seq (t_PtrOwn'0) [inv'22 x] . inv'22 x = invariant'13 x predicate inv'0 (_1 : t_GhostBox'1) axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'1 [inv'0 x] . inv'0 x = match x with - | {t_GhostBox__0'1 = a_0} -> inv'18 a_0 + | {t_GhostBox__0'1 = a_0} -> inv'22 a_0 end - predicate invariant'3 (self : MutBorrow.t (t_GhostBox'1)) = + predicate invariant'8 (self : MutBorrow.t (t_GhostBox'1)) = [%#sinvariant51] inv'0 self.current /\ inv'0 self.final - predicate inv'8 (_1 : MutBorrow.t (t_GhostBox'1)) + predicate inv'13 (_1 : MutBorrow.t (t_GhostBox'1)) - axiom inv_axiom'7 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'1) [inv'8 x] . inv'8 x = invariant'3 x + axiom inv_axiom'12 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'1) [inv'13 x] . inv'13 x = invariant'8 x type t_GhostBox'2 = { t_GhostBox__0'2: MutBorrow.t (Seq.seq (t_PtrOwn'0)) } - predicate invariant'8 (self : MutBorrow.t (Seq.seq (t_PtrOwn'0))) = - [%#sinvariant51] inv'9 self.current /\ inv'9 self.final + predicate invariant'4 (self : MutBorrow.t (Seq.seq (t_PtrOwn'0))) = + [%#sinvariant51] inv'2 self.current /\ inv'2 self.final - predicate inv'14 (_1 : MutBorrow.t (Seq.seq (t_PtrOwn'0))) + predicate inv'7 (_1 : MutBorrow.t (Seq.seq (t_PtrOwn'0))) - axiom inv_axiom'13 [@rewrite] : forall x : MutBorrow.t (Seq.seq (t_PtrOwn'0)) [inv'14 x] . inv'14 x = invariant'8 x + axiom inv_axiom'7 [@rewrite] : forall x : MutBorrow.t (Seq.seq (t_PtrOwn'0)) [inv'7 x] . inv'7 x = invariant'4 x - predicate invariant'11 (self : MutBorrow.t (Seq.seq (t_PtrOwn'0))) = - [%#sboxed53] inv'14 self + predicate invariant'14 (self : MutBorrow.t (Seq.seq (t_PtrOwn'0))) = + [%#sboxed54] inv'7 self - predicate inv'19 (_1 : MutBorrow.t (Seq.seq (t_PtrOwn'0))) + predicate inv'23 (_1 : MutBorrow.t (Seq.seq (t_PtrOwn'0))) - axiom inv_axiom'18 [@rewrite] : forall x : MutBorrow.t (Seq.seq (t_PtrOwn'0)) [inv'19 x] . inv'19 x = invariant'11 x + axiom inv_axiom'22 [@rewrite] : forall x : MutBorrow.t (Seq.seq (t_PtrOwn'0)) [inv'23 x] . inv'23 x = invariant'14 x predicate inv'1 (_1 : t_GhostBox'2) axiom inv_axiom'1 [@rewrite] : forall x : t_GhostBox'2 [inv'1 x] . inv'1 x = match x with - | {t_GhostBox__0'2 = a_0} -> inv'19 a_0 + | {t_GhostBox__0'2 = a_0} -> inv'23 a_0 end - let rec borrow_mut'0 (self:MutBorrow.t (t_GhostBox'1)) (return' (ret:t_GhostBox'2))= {[@expl:borrow_mut 'self' type invariant] [%#sghost9] inv'8 self} + let rec borrow_mut'0 (self:MutBorrow.t (t_GhostBox'1)) (return' (ret:t_GhostBox'2))= {[@expl:borrow_mut 'self' type invariant] [%#sghost9] inv'13 self} any [ return' (result:t_GhostBox'2)-> {[%#sghost10] inv'1 result} {[%#sghost11] result.t_GhostBox__0'2 @@ -403,158 +402,72 @@ module M_linked_list__qyi10858349784728989480__push_back [#"linked_list.rs" 77 4 (! return' {result}) ] - predicate invariant'6 (self : MutBorrow.t (t_GhostBox'2)) = + predicate invariant'9 (self : MutBorrow.t (t_GhostBox'2)) = [%#sinvariant51] inv'1 self.current /\ inv'1 self.final - predicate inv'11 (_1 : MutBorrow.t (t_GhostBox'2)) + predicate inv'14 (_1 : MutBorrow.t (t_GhostBox'2)) - axiom inv_axiom'10 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'2) [inv'11 x] . inv'11 x = invariant'6 x + axiom inv_axiom'13 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'2) [inv'14 x] . inv'14 x = invariant'9 x - predicate invariant'5 (self : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))) = - [%#sinvariant51] inv'14 self.current /\ inv'14 self.final + predicate invariant'1 (self : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))) = + [%#sinvariant51] inv'7 self.current /\ inv'7 self.final - predicate inv'10 (_1 : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))) + predicate inv'3 (_1 : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))) - axiom inv_axiom'9 [@rewrite] : forall x : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0))) [inv'10 x] . inv'10 x - = invariant'5 x + axiom inv_axiom'3 [@rewrite] : forall x : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0))) [inv'3 x] . inv'3 x + = invariant'1 x - let rec deref_mut'0 (self:MutBorrow.t (t_GhostBox'2)) (return' (ret:MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))))= {[@expl:deref_mut 'self' type invariant] [%#sghost23] inv'11 self} + let rec deref_mut'0 (self:MutBorrow.t (t_GhostBox'2)) (return' (ret:MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))))= {[@expl:deref_mut 'self' type invariant] [%#sghost12] inv'14 self} any - [ return' (result:MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0))))-> {[%#sghost24] inv'10 result} - {[%#sghost25] result + [ return' (result:MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0))))-> {[%#sghost13] inv'3 result} + {[%#sghost14] result = MutBorrow.borrow_logic (self.current).t_GhostBox__0'2 (self.final).t_GhostBox__0'2 (MutBorrow.inherit_id (MutBorrow.get_id self) 1)} (! return' {result}) ] - let rec into_inner'0 (self:t_GhostBox'0) (return' (ret:t_PtrOwn'0))= {[@expl:into_inner 'self' type invariant] [%#sghost26] inv'3 self} + let rec into_inner'0 (self:t_GhostBox'0) (return' (ret:t_PtrOwn'0))= {[@expl:into_inner 'self' type invariant] [%#sghost15] inv'5 self} any - [ return' (result:t_PtrOwn'0)-> {[%#sghost27] inv'13 result} - {[%#sghost28] result = self.t_GhostBox__0'0} + [ return' (result:t_PtrOwn'0)-> {[%#sghost16] inv'6 result} + {[%#sghost17] result = self.t_GhostBox__0'0} (! return' {result}) ] use seq.Seq - let rec push_back_ghost'0 (self:MutBorrow.t (Seq.seq (t_PtrOwn'0))) (x:t_PtrOwn'0) (return' (ret:()))= {[@expl:push_back_ghost 'self' type invariant] [%#sseq29] inv'14 self} - {[@expl:push_back_ghost 'x' type invariant] [%#sseq30] inv'13 x} - any [ return' (result:())-> {[%#sseq31] self.final = Seq.snoc self.current x} (! return' {result}) ] - - predicate resolve'12 (self : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))) = - [%#sresolve36] self.final = self.current - - predicate resolve'4 (_1 : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))) = - resolve'12 _1 - - predicate resolve'13 (self : MutBorrow.t (t_GhostBox'2)) = - [%#sresolve36] self.final = self.current + let rec push_back_ghost'0 (self:MutBorrow.t (Seq.seq (t_PtrOwn'0))) (x:t_PtrOwn'0) (return' (ret:()))= {[@expl:push_back_ghost 'self' type invariant] [%#sseq18] inv'7 self} + {[@expl:push_back_ghost 'x' type invariant] [%#sseq19] inv'6 x} + any [ return' (result:())-> {[%#sseq20] self.final = Seq.snoc self.current x} (! return' {result}) ] - predicate resolve'5 (_1 : MutBorrow.t (t_GhostBox'2)) = - resolve'13 _1 - - predicate inv'20 (_1 : ()) - - axiom inv_axiom'19 [@rewrite] : forall x : () [inv'20 x] . inv'20 x = true - - type t_GhostBox'3 = - { t_GhostBox__0'3: () } + predicate resolve'7 (self : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))) = + [%#sresolve46] self.final = self.current - predicate inv'21 (_1 : t_GhostBox'3) - - axiom inv_axiom'20 [@rewrite] : forall x : t_GhostBox'3 [inv'21 x] . inv'21 x = true - - let rec new'0 (x:()) (return' (ret:t_GhostBox'3))= {[@expl:new 'x' type invariant] [%#sghost32] inv'20 x} - any - [ return' (result:t_GhostBox'3)-> {[%#sghost33] inv'21 result} - {[%#sghost34] result.t_GhostBox__0'3 = x} - (! return' {result}) ] - - - use creusot.prelude.Intrinsic - - type closure1'1 = - { field_0'0: MutBorrow.t (t_GhostBox'2); field_1'0: t_GhostBox'0 } - - predicate inv'12 (_1 : closure1'1) - - axiom inv_axiom'11 [@rewrite] : forall x : closure1'1 [inv'12 x] . inv'12 x - = (let {field_0'0 = x0 ; field_1'0 = x1} = x in inv'11 x0 /\ inv'3 x1) - - let rec closure1'0[#"linked_list.rs" 84 12 84 65] [@coma:extspec] (_1:closure1'1) (return' (ret:t_GhostBox'3))= bb0 - [ bb0 = s0 - [ s0 = {inv'1 (_1.field_0'0).current} - MutBorrow.borrow_final {(_1.field_0'0).current} {MutBorrow.get_id _1.field_0'0} - (fun (_ret':MutBorrow.t (t_GhostBox'2)) -> - [ &_5 <- _ret' ] - -{inv'1 _ret'.final}- - [ &_1 <- { _1 with field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s1) - | s1 = deref_mut'0 {_5} (fun (_ret':MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))) -> [ &_4 <- _ret' ] s2) - | s2 = bb1 ] - - | bb1 = s0 - [ s0 = {inv'9 (_4.current).current} - MutBorrow.borrow_mut {(_4.current).current} - (fun (_ret':MutBorrow.t (Seq.seq (t_PtrOwn'0))) -> - [ &_3 <- _ret' ] - -{inv'9 _ret'.final}- - [ &_4 <- { _4 with current = { _4.current with current = _ret'.final } } ] - s1) - | s1 = into_inner'0 {_1.field_1'0} (fun (_ret':t_PtrOwn'0) -> [ &_6 <- _ret' ] s2) - | s2 = bb2 ] - - | bb2 = s0 [ s0 = push_back_ghost'0 {_3} {_6} (fun (_ret':()) -> [ &_2 <- _ret' ] s1) | s1 = bb3 ] - | bb3 = s0 - [ s0 = {[@expl:type invariant] inv'10 _4} s1 - | s1 = -{resolve'4 _4}- s2 - | s2 = {[@expl:type invariant] match _1 with - | {field_0'0 = x'2} -> inv'11 x'2 - | _ -> true - end} - s3 - | s3 = -{match _1 with - | {field_0'0 = x'3} -> resolve'5 x'3 - | _ -> true - end}- - s4 - | s4 = new'0 {_2} (fun (_ret':t_GhostBox'3) -> [ &_0 <- _ret' ] s5) - | s5 = bb4 ] - - | bb4 = bb5 - | bb5 = return' {_0} ] - - [ & _0 : t_GhostBox'3 = Intrinsic.any_l () - | & _1 : closure1'1 = _1 - | & _2 : () = Intrinsic.any_l () - | & _3 : MutBorrow.t (Seq.seq (t_PtrOwn'0)) = Intrinsic.any_l () - | & _4 : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0))) = Intrinsic.any_l () - | & _5 : MutBorrow.t (t_GhostBox'2) = Intrinsic.any_l () - | & _6 : t_PtrOwn'0 = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'3)-> return' {result} ] + predicate resolve'0 (_1 : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))) = + resolve'7 _1 - predicate resolve'16 (self : MutBorrow.t (Seq.seq (t_PtrOwn'0))) = - [%#sresolve36] self.final = self.current + predicate resolve'11 (self : MutBorrow.t (Seq.seq (t_PtrOwn'0))) = + [%#sresolve46] self.final = self.current - predicate resolve'9 (_1 : MutBorrow.t (Seq.seq (t_PtrOwn'0))) = - resolve'16 _1 + predicate resolve'4 (_1 : MutBorrow.t (Seq.seq (t_PtrOwn'0))) = + resolve'11 _1 predicate resolve'14 (self : MutBorrow.t (Seq.seq (t_PtrOwn'0))) = - [%#sresolve50] resolve'9 self + [%#sresolve52] resolve'4 self - predicate resolve'6 (self : t_GhostBox'2) = - [%#sghost35] resolve'14 self.t_GhostBox__0'2 + predicate resolve'8 (self : t_GhostBox'2) = + [%#sghost47] resolve'14 self.t_GhostBox__0'2 - predicate resolve'0 (_1 : t_GhostBox'2) = - resolve'6 _1 + predicate resolve'1 (_1 : t_GhostBox'2) = + resolve'8 _1 function inner_logic'2 (self : t_GhostBox'1) : Seq.seq (t_PtrOwn'0) = - [%#sghost22] self.t_GhostBox__0'1 + [%#sghost45] self.t_GhostBox__0'1 use seq.Seq use seq.Seq predicate invariant'16 [#"linked_list.rs" 24 4 24 30] (self : t_List'0) = - [%#slinked_list57] inner_logic'2 self.t_List__seq'0 = (Seq.empty : Seq.seq (t_PtrOwn'0)) + [%#slinked_list56] inner_logic'2 self.t_List__seq'0 = (Seq.empty : Seq.seq (t_PtrOwn'0)) /\ is_null_logic'0 self.t_List__first'0 /\ is_null_logic'0 self.t_List__last'0 \/ Seq.length (inner_logic'2 self.t_List__seq'0) > 0 /\ self.t_List__first'0 = ptr'0 (Seq.get (inner_logic'2 self.t_List__seq'0) 0) @@ -566,78 +479,96 @@ module M_linked_list__qyi10858349784728989480__push_back [#"linked_list.rs" 77 4 /\ is_null_logic'0 (val'0 (Seq.get (inner_logic'2 self.t_List__seq'0) (Seq.length (inner_logic'2 self.t_List__seq'0) - 1))).t_Cell__next'0 - predicate inv'27 (_1 : t_List'0) + predicate inv'25 (_1 : t_List'0) - axiom inv_axiom'26 [@rewrite] : forall x : t_List'0 [inv'27 x] . inv'27 x + axiom inv_axiom'24 [@rewrite] : forall x : t_List'0 [inv'25 x] . inv'25 x = (invariant'16 x /\ match x with | {t_List__first'0 = first ; t_List__last'0 = last ; t_List__seq'0 = seq} -> inv'0 seq end) - predicate invariant'0 (self : MutBorrow.t (t_List'0)) = - [%#sinvariant51] inv'27 self.current /\ inv'27 self.final + predicate invariant'2 (self : MutBorrow.t (t_List'0)) = + [%#sinvariant51] inv'25 self.current /\ inv'25 self.final - predicate inv'2 (_1 : MutBorrow.t (t_List'0)) + predicate inv'4 (_1 : MutBorrow.t (t_List'0)) - axiom inv_axiom'2 [@rewrite] : forall x : MutBorrow.t (t_List'0) [inv'2 x] . inv'2 x = invariant'0 x + axiom inv_axiom'4 [@rewrite] : forall x : MutBorrow.t (t_List'0) [inv'4 x] . inv'4 x = invariant'2 x - predicate resolve'7 (self : MutBorrow.t (t_List'0)) = - [%#sresolve36] self.final = self.current + predicate resolve'9 (self : MutBorrow.t (t_List'0)) = + [%#sresolve46] self.final = self.current - predicate resolve'1 (_1 : MutBorrow.t (t_List'0)) = - resolve'7 _1 + predicate resolve'2 (_1 : MutBorrow.t (t_List'0)) = + resolve'9 _1 + + predicate inv'15 (_1 : ()) + + axiom inv_axiom'14 [@rewrite] : forall x : () [inv'15 x] . inv'15 x = true + + type t_GhostBox'3 = + { t_GhostBox__0'3: () } + + predicate inv'16 (_1 : t_GhostBox'3) + + axiom inv_axiom'15 [@rewrite] : forall x : t_GhostBox'3 [inv'16 x] . inv'16 x = true - predicate resolve'18 (_1 : t_PtrOwn'0) = + let rec new'0 (x:()) (return' (ret:t_GhostBox'3))= {[@expl:new 'x' type invariant] [%#sghost21] inv'15 x} + any + [ return' (result:t_GhostBox'3)-> {[%#sghost22] inv'16 result} + {[%#sghost23] result.t_GhostBox__0'3 = x} + (! return' {result}) ] + + + predicate resolve'16 (_1 : t_PtrOwn'0) = true predicate resolve'15 (self : t_PtrOwn'0) = - [%#sresolve50] resolve'18 self + [%#sresolve52] resolve'16 self - predicate resolve'8 (self : t_GhostBox'0) = - [%#sghost35] resolve'15 self.t_GhostBox__0'0 + predicate resolve'10 (self : t_GhostBox'0) = + [%#sghost47] resolve'15 self.t_GhostBox__0'0 - predicate resolve'2 (_1 : t_GhostBox'0) = - resolve'8 _1 + predicate resolve'3 (_1 : t_GhostBox'0) = + resolve'10 _1 - predicate invariant'13 (self : t_GhostBox'2) = - [%#sinvariant56] inv'1 self + predicate invariant'10 (self : t_GhostBox'2) = + [%#sinvariant55] inv'1 self - predicate inv'23 (_1 : t_GhostBox'2) + predicate inv'17 (_1 : t_GhostBox'2) - axiom inv_axiom'22 [@rewrite] : forall x : t_GhostBox'2 [inv'23 x] . inv'23 x = invariant'13 x + axiom inv_axiom'16 [@rewrite] : forall x : t_GhostBox'2 [inv'17 x] . inv'17 x = invariant'10 x - predicate invariant'14 (self : MutBorrow.t (Seq.seq (t_PtrOwn'0))) = - [%#sinvariant56] inv'14 self + predicate invariant'11 (self : MutBorrow.t (Seq.seq (t_PtrOwn'0))) = + [%#sinvariant55] inv'7 self - predicate inv'24 (_1 : MutBorrow.t (Seq.seq (t_PtrOwn'0))) + predicate inv'18 (_1 : MutBorrow.t (Seq.seq (t_PtrOwn'0))) - axiom inv_axiom'23 [@rewrite] : forall x : MutBorrow.t (Seq.seq (t_PtrOwn'0)) [inv'24 x] . inv'24 x = invariant'14 x + axiom inv_axiom'17 [@rewrite] : forall x : MutBorrow.t (Seq.seq (t_PtrOwn'0)) [inv'18 x] . inv'18 x = invariant'11 x - let rec deref'0 (self:t_GhostBox'2) (return' (ret:MutBorrow.t (Seq.seq (t_PtrOwn'0))))= {[@expl:deref 'self' type invariant] [%#sghost37] inv'23 self} + let rec deref'0 (self:t_GhostBox'2) (return' (ret:MutBorrow.t (Seq.seq (t_PtrOwn'0))))= {[@expl:deref 'self' type invariant] [%#sghost24] inv'17 self} any - [ return' (result:MutBorrow.t (Seq.seq (t_PtrOwn'0)))-> {[%#sghost38] inv'24 result} - {[%#sghost39] self.t_GhostBox__0'2 = result} + [ return' (result:MutBorrow.t (Seq.seq (t_PtrOwn'0)))-> {[%#sghost25] inv'18 result} + {[%#sghost26] self.t_GhostBox__0'2 = result} (! return' {result}) ] - predicate invariant'15 (self : Seq.seq (t_PtrOwn'0)) = - [%#sinvariant56] inv'9 self + predicate invariant'12 (self : Seq.seq (t_PtrOwn'0)) = + [%#sinvariant55] inv'2 self - predicate inv'25 (_1 : Seq.seq (t_PtrOwn'0)) + predicate inv'19 (_1 : Seq.seq (t_PtrOwn'0)) - axiom inv_axiom'24 [@rewrite] : forall x : Seq.seq (t_PtrOwn'0) [inv'25 x] . inv'25 x = invariant'15 x + axiom inv_axiom'18 [@rewrite] : forall x : Seq.seq (t_PtrOwn'0) [inv'19 x] . inv'19 x = invariant'12 x - let rec len_ghost'0 (self:Seq.seq (t_PtrOwn'0)) (return' (ret:int))= {[@expl:len_ghost 'self' type invariant] [%#sseq40] inv'25 self} - any [ return' (result:int)-> {[%#sseq41] result = Seq.length self} (! return' {result}) ] + let rec len_ghost'0 (self:Seq.seq (t_PtrOwn'0)) (return' (ret:int))= {[@expl:len_ghost 'self' type invariant] [%#sseq27] inv'19 self} + any [ return' (result:int)-> {[%#sseq28] result = Seq.length self} (! return' {result}) ] let rec minus_one'0 (x:int) (return' (ret:int))= any - [ return' (result:int)-> {[%#slinked_list42] result = x - 1} (! return' {result}) ] + [ return' (result:int)-> {[%#slinked_list29] result = x - 1} (! return' {result}) ] - let rec into_inner'1 (self:t_GhostBox'2) (return' (ret:MutBorrow.t (Seq.seq (t_PtrOwn'0))))= {[@expl:into_inner 'self' type invariant] [%#sghost26] inv'1 self} + let rec into_inner'1 (self:t_GhostBox'2) (return' (ret:MutBorrow.t (Seq.seq (t_PtrOwn'0))))= {[@expl:into_inner 'self' type invariant] [%#sghost15] inv'1 self} any - [ return' (result:MutBorrow.t (Seq.seq (t_PtrOwn'0)))-> {[%#sghost27] inv'14 result} - {[%#sghost28] result = self.t_GhostBox__0'2} + [ return' (result:MutBorrow.t (Seq.seq (t_PtrOwn'0)))-> {[%#sghost16] inv'7 result} + {[%#sghost17] result = self.t_GhostBox__0'2} (! return' {result}) ] @@ -645,19 +576,19 @@ module M_linked_list__qyi10858349784728989480__push_back [#"linked_list.rs" 77 4 | C_None'0 | C_Some'0 (MutBorrow.t (t_PtrOwn'0)) - predicate invariant'9 (self : MutBorrow.t (t_PtrOwn'0)) = - [%#sinvariant51] inv'13 self.current /\ inv'13 self.final + predicate invariant'5 (self : MutBorrow.t (t_PtrOwn'0)) = + [%#sinvariant51] inv'6 self.current /\ inv'6 self.final - predicate inv'15 (_1 : MutBorrow.t (t_PtrOwn'0)) + predicate inv'8 (_1 : MutBorrow.t (t_PtrOwn'0)) - axiom inv_axiom'14 [@rewrite] : forall x : MutBorrow.t (t_PtrOwn'0) [inv'15 x] . inv'15 x = invariant'9 x + axiom inv_axiom'8 [@rewrite] : forall x : MutBorrow.t (t_PtrOwn'0) [inv'8 x] . inv'8 x = invariant'5 x - predicate inv'26 (_1 : t_Option'0) + predicate inv'20 (_1 : t_Option'0) - axiom inv_axiom'25 [@rewrite] : forall x : t_Option'0 [inv'26 x] . inv'26 x + axiom inv_axiom'19 [@rewrite] : forall x : t_Option'0 [inv'20 x] . inv'20 x = match x with | C_None'0 -> true - | C_Some'0 a_0 -> inv'15 a_0 + | C_Some'0 a_0 -> inv'8 a_0 end type t_Option'1 = @@ -665,25 +596,25 @@ module M_linked_list__qyi10858349784728989480__push_back [#"linked_list.rs" 77 4 | C_Some'1 (t_PtrOwn'0) function get'0 (self : Seq.seq (t_PtrOwn'0)) (ix : int) : t_Option'1 = - [%#sseq52] if 0 <= ix /\ ix < Seq.length self then C_Some'1 (Seq.get self ix) else C_None'1 + [%#sseq48] if 0 <= ix /\ ix < Seq.length self then C_Some'1 (Seq.get self ix) else C_None'1 - let rec get_mut_ghost'0 (self:MutBorrow.t (Seq.seq (t_PtrOwn'0))) (index:int) (return' (ret:t_Option'0))= {[@expl:get_mut_ghost 'self' type invariant] [%#sseq43] inv'14 self} + let rec get_mut_ghost'0 (self:MutBorrow.t (Seq.seq (t_PtrOwn'0))) (index:int) (return' (ret:t_Option'0))= {[@expl:get_mut_ghost 'self' type invariant] [%#sseq30] inv'7 self} any - [ return' (result:t_Option'0)-> {[%#sseq44] inv'26 result} - {[%#sseq45] match result with + [ return' (result:t_Option'0)-> {[%#sseq31] inv'20 result} + {[%#sseq32] match result with | C_None'0 -> get'0 self.current index = C_None'1 /\ self.current = self.final | C_Some'0 r -> get'0 self.current index = C_Some'1 (r.current) /\ r.final = Seq.get self.final index end} - {[%#sseq46] forall i : int . i <> index -> get'0 self.current index = get'0 self.final index} - {[%#sseq47] Seq.length self.current = Seq.length self.final} + {[%#sseq33] forall i : int . i <> index -> get'0 self.current index = get'0 self.final index} + {[%#sseq34] Seq.length self.current = Seq.length self.final} (! return' {result}) ] - let rec unwrap'0 (self:t_Option'0) (return' (ret:MutBorrow.t (t_PtrOwn'0)))= {[@expl:unwrap 'self' type invariant] inv'26 self} - {[@expl:unwrap requires] [%#soption48] self <> C_None'0} + let rec unwrap'0 (self:t_Option'0) (return' (ret:MutBorrow.t (t_PtrOwn'0)))= {[@expl:unwrap 'self' type invariant] inv'20 self} + {[@expl:unwrap requires] [%#soption35] self <> C_None'0} any - [ return' (result:MutBorrow.t (t_PtrOwn'0))-> {inv'15 result} - {[%#soption48] C_Some'0 result = self} + [ return' (result:MutBorrow.t (t_PtrOwn'0))-> {inv'8 result} + {[%#soption35] C_Some'0 result = self} (! return' {result}) ] @@ -691,119 +622,59 @@ module M_linked_list__qyi10858349784728989480__push_back [#"linked_list.rs" 77 4 { t_GhostBox__0'4: MutBorrow.t (t_PtrOwn'0) } predicate invariant'17 (self : MutBorrow.t (t_PtrOwn'0)) = - [%#sboxed53] inv'15 self + [%#sboxed54] inv'8 self - predicate inv'28 (_1 : MutBorrow.t (t_PtrOwn'0)) + predicate inv'26 (_1 : MutBorrow.t (t_PtrOwn'0)) - axiom inv_axiom'27 [@rewrite] : forall x : MutBorrow.t (t_PtrOwn'0) [inv'28 x] . inv'28 x = invariant'17 x + axiom inv_axiom'25 [@rewrite] : forall x : MutBorrow.t (t_PtrOwn'0) [inv'26 x] . inv'26 x = invariant'17 x - predicate inv'17 (_1 : t_GhostBox'4) + predicate inv'21 (_1 : t_GhostBox'4) - axiom inv_axiom'16 [@rewrite] : forall x : t_GhostBox'4 [inv'17 x] . inv'17 x + axiom inv_axiom'20 [@rewrite] : forall x : t_GhostBox'4 [inv'21 x] . inv'21 x = match x with - | {t_GhostBox__0'4 = a_0} -> inv'28 a_0 + | {t_GhostBox__0'4 = a_0} -> inv'26 a_0 end - let rec new'1 (x:MutBorrow.t (t_PtrOwn'0)) (return' (ret:t_GhostBox'4))= {[@expl:new 'x' type invariant] [%#sghost32] inv'15 x} + let rec new'1 (x:MutBorrow.t (t_PtrOwn'0)) (return' (ret:t_GhostBox'4))= {[@expl:new 'x' type invariant] [%#sghost21] inv'8 x} any - [ return' (result:t_GhostBox'4)-> {[%#sghost33] inv'17 result} - {[%#sghost34] result.t_GhostBox__0'4 = x} + [ return' (result:t_GhostBox'4)-> {[%#sghost22] inv'21 result} + {[%#sghost23] result.t_GhostBox__0'4 = x} (! return' {result}) ] - predicate resolve'17 (self : MutBorrow.t (t_PtrOwn'0)) = - [%#sresolve36] self.final = self.current - - predicate resolve'10 (_1 : MutBorrow.t (t_PtrOwn'0)) = - resolve'17 _1 - - type closure2'1 = - { field_0'1: t_GhostBox'2 } - - predicate inv'16 (_1 : closure2'1) - - axiom inv_axiom'15 [@rewrite] : forall x : closure2'1 [inv'16 x] . inv'16 x = (let {field_0'1 = x0} = x in inv'1 x0) - - let rec closure2'0[#"linked_list.rs" 89 16 92 17] [@coma:extspec] (_1:closure2'1) (return' (ret:t_GhostBox'4))= bb0 - [ bb0 = s0 - [ s0 = deref'0 {_1.field_0'1} (fun (_ret':MutBorrow.t (Seq.seq (t_PtrOwn'0))) -> [ &_7 <- _ret' ] s1) - | s1 = bb1 ] - - | bb1 = s0 [ s0 = len_ghost'0 {_7.current} (fun (_ret':int) -> [ &_5 <- _ret' ] s1) | s1 = bb2 ] - | bb2 = s0 [ s0 = minus_one'0 {_5} (fun (_ret':int) -> [ &off <- _ret' ] s1) | s1 = bb3 ] - | bb3 = s0 - [ s0 = into_inner'1 {_1.field_0'1} (fun (_ret':MutBorrow.t (Seq.seq (t_PtrOwn'0))) -> [ &_11 <- _ret' ] s1) - | s1 = bb4 ] - - | bb4 = s0 - [ s0 = {inv'9 _11.current} - MutBorrow.borrow_final {_11.current} {MutBorrow.get_id _11} - (fun (_ret':MutBorrow.t (Seq.seq (t_PtrOwn'0))) -> - [ &_10 <- _ret' ] - -{inv'9 _ret'.final}- - [ &_11 <- { _11 with current = _ret'.final } ] - s1) - | s1 = get_mut_ghost'0 {_10} {off} (fun (_ret':t_Option'0) -> [ &_9 <- _ret' ] s2) - | s2 = bb5 ] - - | bb5 = s0 [ s0 = unwrap'0 {_9} (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> [ &_3 <- _ret' ] s1) | s1 = bb6 ] - | bb6 = s0 - [ s0 = {inv'13 _3.current} - MutBorrow.borrow_final {_3.current} {MutBorrow.get_id _3} - (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> - [ &_2 <- _ret' ] - -{inv'13 _ret'.final}- - [ &_3 <- { _3 with current = _ret'.final } ] - s1) - | s1 = new'1 {_2} (fun (_ret':t_GhostBox'4) -> [ &_0 <- _ret' ] s2) - | s2 = bb7 ] - - | bb7 = s0 - [ s0 = {[@expl:type invariant] inv'14 _11} s1 - | s1 = -{resolve'9 _11}- s2 - | s2 = {[@expl:type invariant] inv'15 _3} s3 - | s3 = -{resolve'10 _3}- s4 - | s4 = bb8 ] - - | bb8 = return' {_0} ] - - [ & _0 : t_GhostBox'4 = Intrinsic.any_l () - | & _1 : closure2'1 = _1 - | & _2 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () - | & _3 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () - | & off : int = Intrinsic.any_l () - | & _5 : int = Intrinsic.any_l () - | & _7 : MutBorrow.t (Seq.seq (t_PtrOwn'0)) = Intrinsic.any_l () - | & _9 : t_Option'0 = Intrinsic.any_l () - | & _10 : MutBorrow.t (Seq.seq (t_PtrOwn'0)) = Intrinsic.any_l () - | & _11 : MutBorrow.t (Seq.seq (t_PtrOwn'0)) = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'4)-> return' {result} ] - function inner_logic'1 (self : t_GhostBox'4) : MutBorrow.t (t_PtrOwn'0) = - [%#sghost22] self.t_GhostBox__0'4 + [%#sghost45] self.t_GhostBox__0'4 - predicate invariant'1 (self : MutBorrow.t (t_Cell'0)) = - [%#sinvariant51] inv'29 self.current /\ inv'29 self.final + predicate invariant'6 (self : MutBorrow.t (t_Cell'0)) = + [%#sinvariant51] inv'27 self.current /\ inv'27 self.final - predicate inv'4 (_1 : MutBorrow.t (t_Cell'0)) + predicate inv'9 (_1 : MutBorrow.t (t_Cell'0)) - axiom inv_axiom'4 [@rewrite] : forall x : MutBorrow.t (t_Cell'0) [inv'4 x] . inv'4 x = invariant'1 x + axiom inv_axiom'9 [@rewrite] : forall x : MutBorrow.t (t_Cell'0) [inv'9 x] . inv'9 x = invariant'6 x - let rec as_mut'0 (ptr:Opaque.ptr) (own:t_GhostBox'4) (return' (ret:MutBorrow.t (t_Cell'0)))= {[@expl:as_mut 'own' type invariant] [%#sptr_own13] inv'17 own} - {[@expl:as_mut requires] [%#sptr_own14] ptr = ptr'0 (inner_logic'1 own).current} + let rec as_mut'0 (ptr:Opaque.ptr) (own:t_GhostBox'4) (return' (ret:MutBorrow.t (t_Cell'0)))= {[@expl:as_mut 'own' type invariant] [%#sptr_own36] inv'21 own} + {[@expl:as_mut requires] [%#sptr_own37] ptr = ptr'0 (inner_logic'1 own).current} any - [ return' (result:MutBorrow.t (t_Cell'0))-> {[%#sptr_own15] inv'4 result} - {[%#sptr_own16] result.current = val'0 (inner_logic'1 own).current} - {[%#sptr_own17] ptr'0 (inner_logic'1 own).final = ptr'0 (inner_logic'1 own).current} - {[%#sptr_own18] val'0 (inner_logic'1 own).final = result.final} + [ return' (result:MutBorrow.t (t_Cell'0))-> {[%#sptr_own38] inv'9 result} + {[%#sptr_own39] result.current = val'0 (inner_logic'1 own).current} + {[%#sptr_own40] ptr'0 (inner_logic'1 own).final = ptr'0 (inner_logic'1 own).current} + {[%#sptr_own41] val'0 (inner_logic'1 own).final = result.final} (! return' {result}) ] - predicate resolve'11 (self : MutBorrow.t (t_Cell'0)) = - [%#sresolve36] self.final = self.current + predicate resolve'12 (self : MutBorrow.t (t_PtrOwn'0)) = + [%#sresolve46] self.final = self.current - predicate resolve'3 (_1 : MutBorrow.t (t_Cell'0)) = - resolve'11 _1 + predicate resolve'5 (_1 : MutBorrow.t (t_PtrOwn'0)) = + resolve'12 _1 + + predicate resolve'13 (self : MutBorrow.t (t_Cell'0)) = + [%#sresolve46] self.final = self.current + + predicate resolve'6 (_1 : MutBorrow.t (t_Cell'0)) = + resolve'13 _1 + + use creusot.prelude.Intrinsic use seq.Seq @@ -823,14 +694,14 @@ module M_linked_list__qyi10858349784728989480__push_back [#"linked_list.rs" 77 4 [%#slinked_list49] Seq.create (Seq.length s) (Mapping.from_fn (fun (i : int) -> Map.get f (Seq.get s i))) function view'0 [#"linked_list.rs" 46 4 46 33] (self : t_List'0) : Seq.seq t_T'0 = - [%#slinked_list19] seq_map'0 (inner_logic'2 self.t_List__seq'0) (Mapping.from_fn (fun (ptr_own : t_PtrOwn'0) -> (val'0 ptr_own).t_Cell__v'0)) + [%#slinked_list42] seq_map'0 (inner_logic'2 self.t_List__seq'0) (Mapping.from_fn (fun (ptr_own : t_PtrOwn'0) -> (val'0 ptr_own).t_Cell__v'0)) use seq.Seq meta "compute_max_steps" 1000000 - let rec push_back'0[#"linked_list.rs" 77 4 77 37] (self:MutBorrow.t (t_List'0)) (x:t_T'0) (return' (ret:()))= {[@expl:push_back 'self' type invariant] [%#slinked_list1] inv'2 self} - {[@expl:push_back 'x' type invariant] [%#slinked_list2] inv'5 x} + let rec push_back'0[#"linked_list.rs" 77 4 77 37] (self:MutBorrow.t (t_List'0)) (x:t_T'0) (return' (ret:()))= {[@expl:push_back 'self' type invariant] [%#slinked_list1] inv'4 self} + {[@expl:push_back 'x' type invariant] [%#slinked_list2] inv'10 x} (! bb0 [ bb0 = bb1 | bb1 = s0 [ s0 = null'0 {[%#slinked_list0] ()} (fun (_ret':Opaque.ptr) -> [ &_7 <- _ret' ] s1) | s1 = bb2 ] @@ -845,7 +716,7 @@ module M_linked_list__qyi10858349784728989480__push_back [#"linked_list.rs" 77 4 | bb6 = s0 [ s0 = is_null'0 {(self.current).t_List__last'0} (fun (_ret':bool) -> [ &_12 <- _ret' ] s1) | s1 = bb7 ] - | bb7 = any [ br0 -> {_12 = false} (! bb13) | br1 -> {_12} (! bb8) ] + | bb7 = any [ br0 -> {_12 = false} (! bb16) | br1 -> {_12} (! bb8) ] | bb8 = s0 [ s0 = [ &self <- { self with current = { self.current with t_List__first'0 = cell_ptr } } ] s1 | s1 = [ &self <- { self with current = { self.current with t_List__last'0 = cell_ptr } } ] s2 @@ -866,63 +737,117 @@ module M_linked_list__qyi10858349784728989480__push_back [#"linked_list.rs" 77 4 [ s0 = {inv'1 seq} MutBorrow.borrow_mut {seq} (fun (_ret':MutBorrow.t (t_GhostBox'2)) -> - [ &_20 <- _ret' ] + [ &_22 <- _ret' ] -{inv'1 _ret'.final}- [ &seq <- _ret'.final ] s1) - | s1 = [ &_19 <- { field_0'0 = _20; field_1'0 = cell_own } ] s2 - | s2 = closure1'0 {_19} (fun (_ret':t_GhostBox'3) -> [ &_18 <- _ret' ] s3) - | s3 = bb10 ] + | s1 = deref_mut'0 {_22} (fun (_ret':MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))) -> [ &_21 <- _ret' ] s2) + | s2 = bb10 ] | bb10 = s0 - [ s0 = {[@expl:type invariant] inv'1 seq} s1 - | s1 = -{resolve'0 seq}- s2 - | s2 = {[@expl:type invariant] inv'2 self} s3 - | s3 = -{resolve'1 self}- s4 - | s4 = bb11 ] + [ s0 = {inv'2 (_21.current).current} + MutBorrow.borrow_mut {(_21.current).current} + (fun (_ret':MutBorrow.t (Seq.seq (t_PtrOwn'0))) -> + [ &_20 <- _ret' ] + -{inv'2 _ret'.final}- + [ &_21 <- { _21 with current = { _21.current with current = _ret'.final } } ] + s1) + | s1 = into_inner'0 {cell_own} (fun (_ret':t_PtrOwn'0) -> [ &_23 <- _ret' ] s2) + | s2 = bb11 ] + + | bb11 = s0 [ s0 = push_back_ghost'0 {_20} {_23} (fun (_ret':()) -> [ &_19 <- _ret' ] s1) | s1 = bb12 ] + | bb12 = s0 + [ s0 = {[@expl:type invariant] inv'3 _21} s1 + | s1 = -{resolve'0 _21}- s2 + | s2 = {[@expl:type invariant] inv'1 seq} s3 + | s3 = -{resolve'1 seq}- s4 + | s4 = {[@expl:type invariant] inv'4 self} s5 + | s5 = -{resolve'2 self}- s6 + | s6 = new'0 {_19} (fun (_ret':t_GhostBox'3) -> [ &_18 <- _ret' ] s7) + | s7 = bb13 ] - | bb11 = bb12 - | bb12 = bb18 - | bb13 = s0 - [ s0 = {[@expl:type invariant] inv'3 cell_own} s1 - | s1 = -{resolve'2 cell_own}- s2 + | bb13 = bb14 + | bb14 = bb15 + | bb15 = bb27 + | bb16 = s0 + [ s0 = {[@expl:type invariant] inv'5 cell_own} s1 + | s1 = -{resolve'3 cell_own}- s2 | s2 = {inv'0 (self.current).t_List__seq'0} MutBorrow.borrow_final {(self.current).t_List__seq'0} {MutBorrow.inherit_id (MutBorrow.get_id self) 3} (fun (_ret':MutBorrow.t (t_GhostBox'1)) -> - [ &_23 <- _ret' ] + [ &_26 <- _ret' ] -{inv'0 _ret'.final}- [ &self <- { self with current = { self.current with t_List__seq'0 = _ret'.final } } ] s3) - | s3 = borrow_mut'0 {_23} (fun (_ret':t_GhostBox'2) -> [ &seq1 <- _ret' ] s4) - | s4 = bb14 ] + | s3 = borrow_mut'0 {_26} (fun (_ret':t_GhostBox'2) -> [ &seq1 <- _ret' ] s4) + | s4 = bb17 ] + + | bb17 = s0 + [ s0 = deref'0 {seq1} (fun (_ret':MutBorrow.t (Seq.seq (t_PtrOwn'0))) -> [ &_35 <- _ret' ] s1) | s1 = bb18 ] - | bb14 = s0 - [ s0 = [ &_27 <- { field_0'1 = seq1 } ] s1 - | s1 = closure2'0 {_27} (fun (_ret':t_GhostBox'4) -> [ &_26 <- _ret' ] s2) - | s2 = bb15 ] + | bb18 = s0 [ s0 = len_ghost'0 {_35.current} (fun (_ret':int) -> [ &_33 <- _ret' ] s1) | s1 = bb19 ] + | bb19 = s0 [ s0 = minus_one'0 {_33} (fun (_ret':int) -> [ &off <- _ret' ] s1) | s1 = bb20 ] + | bb20 = s0 + [ s0 = into_inner'1 {seq1} (fun (_ret':MutBorrow.t (Seq.seq (t_PtrOwn'0))) -> [ &_40 <- _ret' ] s1) | s1 = bb21 ] - | bb15 = s0 - [ s0 = as_mut'0 {(self.current).t_List__last'0} {_26} + | bb21 = s0 + [ s0 = {inv'2 _40.current} + MutBorrow.borrow_final {_40.current} {MutBorrow.get_id _40} + (fun (_ret':MutBorrow.t (Seq.seq (t_PtrOwn'0))) -> + [ &_39 <- _ret' ] + -{inv'2 _ret'.final}- + [ &_40 <- { _40 with current = _ret'.final } ] + s1) + | s1 = get_mut_ghost'0 {_39} {off} (fun (_ret':t_Option'0) -> [ &_38 <- _ret' ] s2) + | s2 = bb22 ] + + | bb22 = s0 [ s0 = unwrap'0 {_38} (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> [ &_37 <- _ret' ] s1) | s1 = bb23 ] + | bb23 = s0 + [ s0 = {inv'6 _37.current} + MutBorrow.borrow_final {_37.current} {MutBorrow.get_id _37} + (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> + [ &_31 <- _ret' ] + -{inv'6 _ret'.final}- + [ &_37 <- { _37 with current = _ret'.final } ] + s1) + | s1 = {inv'6 _31.current} + MutBorrow.borrow_final {_31.current} {MutBorrow.get_id _31} + (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> + [ &_30 <- _ret' ] + -{inv'6 _ret'.final}- + [ &_31 <- { _31 with current = _ret'.final } ] + s2) + | s2 = new'1 {_30} (fun (_ret':t_GhostBox'4) -> [ &_29 <- _ret' ] s3) + | s3 = bb24 ] + + | bb24 = s0 + [ s0 = as_mut'0 {(self.current).t_List__last'0} {_29} (fun (_ret':MutBorrow.t (t_Cell'0)) -> [ &cell_last <- _ret' ] s1) - | s1 = bb16 ] + | s1 = bb25 ] - | bb16 = s0 - [ s0 = [ &cell_last <- { cell_last with current = { cell_last.current with t_Cell__next'0 = cell_ptr } } ] s1 - | s1 = {[@expl:type invariant] inv'4 cell_last} s2 - | s2 = -{resolve'3 cell_last}- s3 - | s3 = [ &self <- { self with current = { self.current with t_List__last'0 = cell_ptr } } ] s4 - | s4 = {[@expl:type invariant] inv'2 self} s5 - | s5 = -{resolve'1 self}- s6 - | s6 = bb17 ] + | bb25 = s0 + [ s0 = {[@expl:type invariant] inv'7 _40} s1 + | s1 = -{resolve'4 _40}- s2 + | s2 = {[@expl:type invariant] inv'8 _37} s3 + | s3 = -{resolve'5 _37}- s4 + | s4 = {[@expl:type invariant] inv'8 _31} s5 + | s5 = -{resolve'5 _31}- s6 + | s6 = [ &cell_last <- { cell_last with current = { cell_last.current with t_Cell__next'0 = cell_ptr } } ] s7 + | s7 = {[@expl:type invariant] inv'9 cell_last} s8 + | s8 = -{resolve'6 cell_last}- s9 + | s9 = [ &self <- { self with current = { self.current with t_List__last'0 = cell_ptr } } ] s10 + | s10 = {[@expl:type invariant] inv'4 self} s11 + | s11 = -{resolve'2 self}- s12 + | s12 = bb26 ] - | bb17 = bb18 - | bb18 = bb19 - | bb19 = bb20 - | bb20 = bb21 - | bb21 = return' {_0} ] + | bb26 = bb27 + | bb27 = bb28 + | bb28 = bb29 + | bb29 = bb30 + | bb30 = return' {_0} ] ) [ & _0 : () = Intrinsic.any_l () | & self : MutBorrow.t (t_List'0) = self @@ -937,15 +862,24 @@ module M_linked_list__qyi10858349784728989480__push_back [#"linked_list.rs" 77 4 | & seq : t_GhostBox'2 = Intrinsic.any_l () | & _17 : MutBorrow.t (t_GhostBox'1) = Intrinsic.any_l () | & _18 : t_GhostBox'3 = Intrinsic.any_l () - | & _19 : closure1'1 = Intrinsic.any_l () - | & _20 : MutBorrow.t (t_GhostBox'2) = Intrinsic.any_l () - | & _21 : () = Intrinsic.any_l () + | & _19 : () = Intrinsic.any_l () + | & _20 : MutBorrow.t (Seq.seq (t_PtrOwn'0)) = Intrinsic.any_l () + | & _21 : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0))) = Intrinsic.any_l () + | & _22 : MutBorrow.t (t_GhostBox'2) = Intrinsic.any_l () + | & _23 : t_PtrOwn'0 = Intrinsic.any_l () | & seq1 : t_GhostBox'2 = Intrinsic.any_l () - | & _23 : MutBorrow.t (t_GhostBox'1) = Intrinsic.any_l () + | & _26 : MutBorrow.t (t_GhostBox'1) = Intrinsic.any_l () | & cell_last : MutBorrow.t (t_Cell'0) = Intrinsic.any_l () - | & _26 : t_GhostBox'4 = Intrinsic.any_l () - | & _27 : closure2'1 = Intrinsic.any_l () - | & _28 : () = Intrinsic.any_l () ] + | & _29 : t_GhostBox'4 = Intrinsic.any_l () + | & _30 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () + | & _31 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () + | & off : int = Intrinsic.any_l () + | & _33 : int = Intrinsic.any_l () + | & _35 : MutBorrow.t (Seq.seq (t_PtrOwn'0)) = Intrinsic.any_l () + | & _37 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () + | & _38 : t_Option'0 = Intrinsic.any_l () + | & _39 : MutBorrow.t (Seq.seq (t_PtrOwn'0)) = Intrinsic.any_l () + | & _40 : MutBorrow.t (Seq.seq (t_PtrOwn'0)) = Intrinsic.any_l () ] [ return' (result:())-> {[@expl:push_back ensures] [%#slinked_list3] view'0 self.final = Seq.snoc (view'0 self.current) x} @@ -963,31 +897,31 @@ module M_linked_list__qyi10858349784728989480__push_front [#"linked_list.rs" 100 let%span sghost7 = "../../../creusot-contracts/src/ghost.rs" 141 27 141 31 let%span sghost8 = "../../../creusot-contracts/src/ghost.rs" 141 4 141 52 let%span sghost9 = "../../../creusot-contracts/src/ghost.rs" 140 14 140 39 - let%span slinked_list10 = "linked_list.rs" 48 12 48 74 - let%span sseq11 = "../../../creusot-contracts/src/logic/seq.rs" 251 8 251 27 - let%span sghost12 = "../../../creusot-contracts/src/ghost.rs" 228 9 228 15 - let%span sptr13 = "../../../creusot-contracts/src/std/ptr.rs" 80 14 80 48 - let%span sptr14 = "../../../creusot-contracts/src/std/ptr.rs" 82 8 82 30 - let%span sghost15 = "../../../creusot-contracts/src/ghost.rs" 85 22 85 26 - let%span sghost16 = "../../../creusot-contracts/src/ghost.rs" 85 4 85 48 - let%span sghost17 = "../../../creusot-contracts/src/ghost.rs" 84 14 84 36 - let%span sghost18 = "../../../creusot-contracts/src/ghost.rs" 210 22 210 26 - let%span sghost19 = "../../../creusot-contracts/src/ghost.rs" 210 4 210 32 - let%span sghost20 = "../../../creusot-contracts/src/ghost.rs" 208 14 208 31 - let%span sseq21 = "../../../creusot-contracts/src/logic/seq.rs" 476 33 476 37 - let%span sseq22 = "../../../creusot-contracts/src/logic/seq.rs" 476 39 476 40 - let%span sseq23 = "../../../creusot-contracts/src/logic/seq.rs" 475 14 475 41 - let%span sghost24 = "../../../creusot-contracts/src/ghost.rs" 185 15 185 16 - let%span sghost25 = "../../../creusot-contracts/src/ghost.rs" 185 4 185 28 - let%span sghost26 = "../../../creusot-contracts/src/ghost.rs" 183 14 183 28 - let%span sghost27 = "../../../creusot-contracts/src/ghost.rs" 108 4 108 27 - let%span sresolve28 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sghost10 = "../../../creusot-contracts/src/ghost.rs" 85 22 85 26 + let%span sghost11 = "../../../creusot-contracts/src/ghost.rs" 85 4 85 48 + let%span sghost12 = "../../../creusot-contracts/src/ghost.rs" 84 14 84 36 + let%span sghost13 = "../../../creusot-contracts/src/ghost.rs" 210 22 210 26 + let%span sghost14 = "../../../creusot-contracts/src/ghost.rs" 210 4 210 32 + let%span sghost15 = "../../../creusot-contracts/src/ghost.rs" 208 14 208 31 + let%span sseq16 = "../../../creusot-contracts/src/logic/seq.rs" 476 33 476 37 + let%span sseq17 = "../../../creusot-contracts/src/logic/seq.rs" 476 39 476 40 + let%span sseq18 = "../../../creusot-contracts/src/logic/seq.rs" 475 14 475 41 + let%span sghost19 = "../../../creusot-contracts/src/ghost.rs" 185 15 185 16 + let%span sghost20 = "../../../creusot-contracts/src/ghost.rs" 185 4 185 28 + let%span sghost21 = "../../../creusot-contracts/src/ghost.rs" 183 14 183 28 + let%span slinked_list22 = "linked_list.rs" 48 12 48 74 + let%span sseq23 = "../../../creusot-contracts/src/logic/seq.rs" 251 8 251 27 + let%span sghost24 = "../../../creusot-contracts/src/ghost.rs" 228 9 228 15 + let%span sptr25 = "../../../creusot-contracts/src/std/ptr.rs" 80 14 80 48 + let%span sptr26 = "../../../creusot-contracts/src/std/ptr.rs" 82 8 82 30 + let%span sresolve27 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sghost28 = "../../../creusot-contracts/src/ghost.rs" 108 4 108 27 let%span slinked_list29 = "linked_list.rs" 67 4 67 41 - let%span sresolve30 = "../../../creusot-contracts/src/resolve.rs" 68 8 68 23 + let%span sseq30 = "../../../creusot-contracts/src/logic/seq.rs" 633 20 633 95 let%span sinvariant31 = "../../../creusot-contracts/src/invariant.rs" 35 20 35 44 - let%span sseq32 = "../../../creusot-contracts/src/logic/seq.rs" 633 20 633 95 - let%span sboxed33 = "../../../creusot-contracts/src/std/boxed.rs" 33 8 33 18 - let%span sptr_own34 = "../../../creusot-contracts/src/ptr_own.rs" 44 20 44 66 + let%span sresolve32 = "../../../creusot-contracts/src/resolve.rs" 68 8 68 23 + let%span sptr_own33 = "../../../creusot-contracts/src/ptr_own.rs" 44 20 44 66 + let%span sboxed34 = "../../../creusot-contracts/src/std/boxed.rs" 33 8 33 18 let%span slinked_list35 = "linked_list.rs" 26 12 36 69 use creusot.prelude.Opaque @@ -1007,13 +941,13 @@ module M_linked_list__qyi10858349784728989480__push_front [#"linked_list.rs" 100 type t_Cell'0 = { t_Cell__v'0: t_T'0; t_Cell__next'0: Opaque.ptr } - predicate inv'3 (_1 : t_T'0) + predicate inv'5 (_1 : t_T'0) - predicate inv'4 (_1 : t_Cell'0) + predicate inv'6 (_1 : t_Cell'0) - axiom inv_axiom'3 [@rewrite] : forall x : t_Cell'0 [inv'4 x] . inv'4 x + axiom inv_axiom'5 [@rewrite] : forall x : t_Cell'0 [inv'6 x] . inv'6 x = match x with - | {t_Cell__v'0 = v ; t_Cell__next'0 = next} -> inv'3 v + | {t_Cell__v'0 = v ; t_Cell__next'0 = next} -> inv'5 v end type t_GhostBox'0 = @@ -1024,51 +958,51 @@ module M_linked_list__qyi10858349784728989480__push_front [#"linked_list.rs" 100 function addr_logic'0 (self : Opaque.ptr) : int function is_null_logic'0 (self : Opaque.ptr) : bool = - [%#sptr14] addr_logic'0 self = 0 + [%#sptr26] addr_logic'0 self = 0 - axiom is_null_logic'0_spec : forall self : Opaque.ptr . [%#sptr13] is_null_logic'0 self = (addr_logic'0 self = 0) + axiom is_null_logic'0_spec : forall self : Opaque.ptr . [%#sptr25] is_null_logic'0 self = (addr_logic'0 self = 0) function val'0 (self : t_PtrOwn'0) : t_Cell'0 predicate invariant'11 (self : t_Cell'0) = - [%#sboxed33] inv'4 self + [%#sboxed34] inv'6 self - predicate inv'20 (_1 : t_Cell'0) + predicate inv'19 (_1 : t_Cell'0) - axiom inv_axiom'19 [@rewrite] : forall x : t_Cell'0 [inv'20 x] . inv'20 x = invariant'11 x + axiom inv_axiom'18 [@rewrite] : forall x : t_Cell'0 [inv'19 x] . inv'19 x = invariant'11 x - predicate invariant'7 (self : t_PtrOwn'0) = - [%#sptr_own34] not is_null_logic'0 (ptr'0 self) /\ inv'20 (val'0 self) + predicate invariant'5 (self : t_PtrOwn'0) = + [%#sptr_own33] not is_null_logic'0 (ptr'0 self) /\ inv'19 (val'0 self) - predicate inv'14 (_1 : t_PtrOwn'0) + predicate inv'11 (_1 : t_PtrOwn'0) - axiom inv_axiom'13 [@rewrite] : forall x : t_PtrOwn'0 [inv'14 x] . inv'14 x = invariant'7 x + axiom inv_axiom'10 [@rewrite] : forall x : t_PtrOwn'0 [inv'11 x] . inv'11 x = invariant'5 x - predicate invariant'10 (self : t_PtrOwn'0) = - [%#sboxed33] inv'14 self + predicate invariant'9 (self : t_PtrOwn'0) = + [%#sboxed34] inv'11 self - predicate inv'19 (_1 : t_PtrOwn'0) + predicate inv'17 (_1 : t_PtrOwn'0) - axiom inv_axiom'18 [@rewrite] : forall x : t_PtrOwn'0 [inv'19 x] . inv'19 x = invariant'10 x + axiom inv_axiom'16 [@rewrite] : forall x : t_PtrOwn'0 [inv'17 x] . inv'17 x = invariant'9 x - predicate inv'13 (_1 : t_GhostBox'0) + predicate inv'10 (_1 : t_GhostBox'0) - axiom inv_axiom'12 [@rewrite] : forall x : t_GhostBox'0 [inv'13 x] . inv'13 x + axiom inv_axiom'9 [@rewrite] : forall x : t_GhostBox'0 [inv'10 x] . inv'10 x = match x with - | {t_GhostBox__0'0 = a_0} -> inv'19 a_0 + | {t_GhostBox__0'0 = a_0} -> inv'17 a_0 end - predicate inv'5 (_1 : (Opaque.ptr, t_GhostBox'0)) + predicate inv'7 (_1 : (Opaque.ptr, t_GhostBox'0)) - axiom inv_axiom'4 [@rewrite] : forall x : (Opaque.ptr, t_GhostBox'0) [inv'5 x] . inv'5 x - = (let (x0, x1) = x in inv'13 x1) + axiom inv_axiom'6 [@rewrite] : forall x : (Opaque.ptr, t_GhostBox'0) [inv'7 x] . inv'7 x + = (let (x0, x1) = x in inv'10 x1) function inner_logic'0 (self : t_GhostBox'0) : t_PtrOwn'0 = - [%#sghost12] self.t_GhostBox__0'0 + [%#sghost24] self.t_GhostBox__0'0 - let rec new'0 (v:t_Cell'0) (return' (ret:(Opaque.ptr, t_GhostBox'0)))= {[@expl:new 'v' type invariant] [%#sptr_own3] inv'4 v} + let rec new'0 (v:t_Cell'0) (return' (ret:(Opaque.ptr, t_GhostBox'0)))= {[@expl:new 'v' type invariant] [%#sptr_own3] inv'6 v} any - [ return' (result:(Opaque.ptr, t_GhostBox'0))-> {[%#sptr_own4] inv'5 result} + [ return' (result:(Opaque.ptr, t_GhostBox'0))-> {[%#sptr_own4] inv'7 result} {[%#sptr_own5] ptr'0 (inner_logic'0 (let (_, a) = result in a)) = (let (a, _) = result in a) /\ val'0 (inner_logic'0 (let (_, a) = result in a)) = v} (! return' {result}) ] @@ -1086,59 +1020,59 @@ module M_linked_list__qyi10858349784728989480__push_front [#"linked_list.rs" 100 use seq.Seq - predicate invariant'2 (self : Seq.seq (t_PtrOwn'0)) = - [%#sseq32] forall i : int . 0 <= i /\ i < Seq.length self -> inv'19 (Seq.get self i) + predicate invariant'0 (self : Seq.seq (t_PtrOwn'0)) = + [%#sseq30] forall i : int . 0 <= i /\ i < Seq.length self -> inv'17 (Seq.get self i) - predicate inv'7 (_1 : Seq.seq (t_PtrOwn'0)) + predicate inv'2 (_1 : Seq.seq (t_PtrOwn'0)) - axiom inv_axiom'6 [@rewrite] : forall x : Seq.seq (t_PtrOwn'0) [inv'7 x] . inv'7 x = invariant'2 x + axiom inv_axiom'2 [@rewrite] : forall x : Seq.seq (t_PtrOwn'0) [inv'2 x] . inv'2 x = invariant'0 x - predicate invariant'5 (self : Seq.seq (t_PtrOwn'0)) = - [%#sboxed33] inv'7 self + predicate invariant'7 (self : Seq.seq (t_PtrOwn'0)) = + [%#sboxed34] inv'2 self - predicate inv'11 (_1 : Seq.seq (t_PtrOwn'0)) + predicate inv'15 (_1 : Seq.seq (t_PtrOwn'0)) - axiom inv_axiom'10 [@rewrite] : forall x : Seq.seq (t_PtrOwn'0) [inv'11 x] . inv'11 x = invariant'5 x + axiom inv_axiom'14 [@rewrite] : forall x : Seq.seq (t_PtrOwn'0) [inv'15 x] . inv'15 x = invariant'7 x predicate inv'0 (_1 : t_GhostBox'1) axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'1 [inv'0 x] . inv'0 x = match x with - | {t_GhostBox__0'1 = a_0} -> inv'11 a_0 + | {t_GhostBox__0'1 = a_0} -> inv'15 a_0 end - predicate invariant'1 (self : MutBorrow.t (t_GhostBox'1)) = + predicate invariant'3 (self : MutBorrow.t (t_GhostBox'1)) = [%#sinvariant31] inv'0 self.current /\ inv'0 self.final - predicate inv'6 (_1 : MutBorrow.t (t_GhostBox'1)) + predicate inv'8 (_1 : MutBorrow.t (t_GhostBox'1)) - axiom inv_axiom'5 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'1) [inv'6 x] . inv'6 x = invariant'1 x + axiom inv_axiom'7 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'1) [inv'8 x] . inv'8 x = invariant'3 x type t_GhostBox'2 = { t_GhostBox__0'2: MutBorrow.t (Seq.seq (t_PtrOwn'0)) } - predicate invariant'8 (self : MutBorrow.t (Seq.seq (t_PtrOwn'0))) = - [%#sinvariant31] inv'7 self.current /\ inv'7 self.final - - predicate inv'15 (_1 : MutBorrow.t (Seq.seq (t_PtrOwn'0))) - - axiom inv_axiom'14 [@rewrite] : forall x : MutBorrow.t (Seq.seq (t_PtrOwn'0)) [inv'15 x] . inv'15 x = invariant'8 x - predicate invariant'6 (self : MutBorrow.t (Seq.seq (t_PtrOwn'0))) = - [%#sboxed33] inv'15 self + [%#sinvariant31] inv'2 self.current /\ inv'2 self.final predicate inv'12 (_1 : MutBorrow.t (Seq.seq (t_PtrOwn'0))) axiom inv_axiom'11 [@rewrite] : forall x : MutBorrow.t (Seq.seq (t_PtrOwn'0)) [inv'12 x] . inv'12 x = invariant'6 x + predicate invariant'8 (self : MutBorrow.t (Seq.seq (t_PtrOwn'0))) = + [%#sboxed34] inv'12 self + + predicate inv'16 (_1 : MutBorrow.t (Seq.seq (t_PtrOwn'0))) + + axiom inv_axiom'15 [@rewrite] : forall x : MutBorrow.t (Seq.seq (t_PtrOwn'0)) [inv'16 x] . inv'16 x = invariant'8 x + predicate inv'1 (_1 : t_GhostBox'2) axiom inv_axiom'1 [@rewrite] : forall x : t_GhostBox'2 [inv'1 x] . inv'1 x = match x with - | {t_GhostBox__0'2 = a_0} -> inv'12 a_0 + | {t_GhostBox__0'2 = a_0} -> inv'16 a_0 end - let rec borrow_mut'0 (self:MutBorrow.t (t_GhostBox'1)) (return' (ret:t_GhostBox'2))= {[@expl:borrow_mut 'self' type invariant] [%#sghost7] inv'6 self} + let rec borrow_mut'0 (self:MutBorrow.t (t_GhostBox'1)) (return' (ret:t_GhostBox'2))= {[@expl:borrow_mut 'self' type invariant] [%#sghost7] inv'8 self} any [ return' (result:t_GhostBox'2)-> {[%#sghost8] inv'1 result} {[%#sghost9] result.t_GhostBox__0'2 @@ -1153,153 +1087,67 @@ module M_linked_list__qyi10858349784728989480__push_front [#"linked_list.rs" 100 axiom inv_axiom'8 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'2) [inv'9 x] . inv'9 x = invariant'4 x - predicate invariant'3 (self : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))) = - [%#sinvariant31] inv'15 self.current /\ inv'15 self.final + predicate invariant'1 (self : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))) = + [%#sinvariant31] inv'12 self.current /\ inv'12 self.final - predicate inv'8 (_1 : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))) + predicate inv'3 (_1 : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))) - axiom inv_axiom'7 [@rewrite] : forall x : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0))) [inv'8 x] . inv'8 x - = invariant'3 x + axiom inv_axiom'3 [@rewrite] : forall x : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0))) [inv'3 x] . inv'3 x + = invariant'1 x - let rec deref_mut'0 (self:MutBorrow.t (t_GhostBox'2)) (return' (ret:MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))))= {[@expl:deref_mut 'self' type invariant] [%#sghost15] inv'9 self} + let rec deref_mut'0 (self:MutBorrow.t (t_GhostBox'2)) (return' (ret:MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))))= {[@expl:deref_mut 'self' type invariant] [%#sghost10] inv'9 self} any - [ return' (result:MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0))))-> {[%#sghost16] inv'8 result} - {[%#sghost17] result + [ return' (result:MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0))))-> {[%#sghost11] inv'3 result} + {[%#sghost12] result = MutBorrow.borrow_logic (self.current).t_GhostBox__0'2 (self.final).t_GhostBox__0'2 (MutBorrow.inherit_id (MutBorrow.get_id self) 1)} (! return' {result}) ] - let rec into_inner'0 (self:t_GhostBox'0) (return' (ret:t_PtrOwn'0))= {[@expl:into_inner 'self' type invariant] [%#sghost18] inv'13 self} + let rec into_inner'0 (self:t_GhostBox'0) (return' (ret:t_PtrOwn'0))= {[@expl:into_inner 'self' type invariant] [%#sghost13] inv'10 self} any - [ return' (result:t_PtrOwn'0)-> {[%#sghost19] inv'14 result} - {[%#sghost20] result = self.t_GhostBox__0'0} + [ return' (result:t_PtrOwn'0)-> {[%#sghost14] inv'11 result} + {[%#sghost15] result = self.t_GhostBox__0'0} (! return' {result}) ] use seq.Seq function push_front'2 [@inline:trivial] (self : Seq.seq (t_PtrOwn'0)) (x : t_PtrOwn'0) : Seq.seq (t_PtrOwn'0) = - [%#sseq11] Seq.cons x self - - let rec push_front_ghost'0 (self:MutBorrow.t (Seq.seq (t_PtrOwn'0))) (x:t_PtrOwn'0) (return' (ret:()))= {[@expl:push_front_ghost 'self' type invariant] [%#sseq21] inv'15 self} - {[@expl:push_front_ghost 'x' type invariant] [%#sseq22] inv'14 x} - any [ return' (result:())-> {[%#sseq23] self.final = push_front'2 self.current x} (! return' {result}) ] + [%#sseq23] Seq.cons x self - predicate resolve'6 (self : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))) = - [%#sresolve28] self.final = self.current + let rec push_front_ghost'0 (self:MutBorrow.t (Seq.seq (t_PtrOwn'0))) (x:t_PtrOwn'0) (return' (ret:()))= {[@expl:push_front_ghost 'self' type invariant] [%#sseq16] inv'12 self} + {[@expl:push_front_ghost 'x' type invariant] [%#sseq17] inv'11 x} + any [ return' (result:())-> {[%#sseq18] self.final = push_front'2 self.current x} (! return' {result}) ] - predicate resolve'2 (_1 : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))) = - resolve'6 _1 + predicate resolve'3 (self : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))) = + [%#sresolve27] self.final = self.current - predicate resolve'7 (self : MutBorrow.t (t_GhostBox'2)) = - [%#sresolve28] self.final = self.current + predicate resolve'0 (_1 : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))) = + resolve'3 _1 - predicate resolve'3 (_1 : MutBorrow.t (t_GhostBox'2)) = - resolve'7 _1 - - predicate inv'16 (_1 : ()) - - axiom inv_axiom'15 [@rewrite] : forall x : () [inv'16 x] . inv'16 x = true - - type t_GhostBox'3 = - { t_GhostBox__0'3: () } - - predicate inv'17 (_1 : t_GhostBox'3) - - axiom inv_axiom'16 [@rewrite] : forall x : t_GhostBox'3 [inv'17 x] . inv'17 x = true - - let rec new'1 (x:()) (return' (ret:t_GhostBox'3))= {[@expl:new 'x' type invariant] [%#sghost24] inv'16 x} - any - [ return' (result:t_GhostBox'3)-> {[%#sghost25] inv'17 result} - {[%#sghost26] result.t_GhostBox__0'3 = x} - (! return' {result}) ] - - - use creusot.prelude.Intrinsic - - type closure1'1 = - { field_0'0: MutBorrow.t (t_GhostBox'2); field_1'0: t_GhostBox'0 } - - predicate inv'10 (_1 : closure1'1) - - axiom inv_axiom'9 [@rewrite] : forall x : closure1'1 [inv'10 x] . inv'10 x - = (let {field_0'0 = x0 ; field_1'0 = x1} = x in inv'9 x0 /\ inv'13 x1) + predicate resolve'8 (self : MutBorrow.t (Seq.seq (t_PtrOwn'0))) = + [%#sresolve27] self.final = self.current - let rec closure1'0[#"linked_list.rs" 107 8 107 62] [@coma:extspec] (_1:closure1'1) (return' (ret:t_GhostBox'3))= bb0 - [ bb0 = s0 - [ s0 = {inv'1 (_1.field_0'0).current} - MutBorrow.borrow_final {(_1.field_0'0).current} {MutBorrow.get_id _1.field_0'0} - (fun (_ret':MutBorrow.t (t_GhostBox'2)) -> - [ &_5 <- _ret' ] - -{inv'1 _ret'.final}- - [ &_1 <- { _1 with field_0'0 = { _1.field_0'0 with current = _ret'.final } } ] - s1) - | s1 = deref_mut'0 {_5} (fun (_ret':MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))) -> [ &_4 <- _ret' ] s2) - | s2 = bb1 ] - - | bb1 = s0 - [ s0 = {inv'7 (_4.current).current} - MutBorrow.borrow_mut {(_4.current).current} - (fun (_ret':MutBorrow.t (Seq.seq (t_PtrOwn'0))) -> - [ &_3 <- _ret' ] - -{inv'7 _ret'.final}- - [ &_4 <- { _4 with current = { _4.current with current = _ret'.final } } ] - s1) - | s1 = into_inner'0 {_1.field_1'0} (fun (_ret':t_PtrOwn'0) -> [ &_6 <- _ret' ] s2) - | s2 = bb2 ] - - | bb2 = s0 [ s0 = push_front_ghost'0 {_3} {_6} (fun (_ret':()) -> [ &_2 <- _ret' ] s1) | s1 = bb3 ] - | bb3 = s0 - [ s0 = {[@expl:type invariant] inv'8 _4} s1 - | s1 = -{resolve'2 _4}- s2 - | s2 = {[@expl:type invariant] match _1 with - | {field_0'0 = x'2} -> inv'9 x'2 - | _ -> true - end} - s3 - | s3 = -{match _1 with - | {field_0'0 = x'3} -> resolve'3 x'3 - | _ -> true - end}- - s4 - | s4 = new'1 {_2} (fun (_ret':t_GhostBox'3) -> [ &_0 <- _ret' ] s5) - | s5 = bb4 ] - - | bb4 = bb5 - | bb5 = return' {_0} ] - - [ & _0 : t_GhostBox'3 = Intrinsic.any_l () - | & _1 : closure1'1 = _1 - | & _2 : () = Intrinsic.any_l () - | & _3 : MutBorrow.t (Seq.seq (t_PtrOwn'0)) = Intrinsic.any_l () - | & _4 : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0))) = Intrinsic.any_l () - | & _5 : MutBorrow.t (t_GhostBox'2) = Intrinsic.any_l () - | & _6 : t_PtrOwn'0 = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'3)-> return' {result} ] - - predicate resolve'10 (self : MutBorrow.t (Seq.seq (t_PtrOwn'0))) = - [%#sresolve28] self.final = self.current - - predicate resolve'9 (_1 : MutBorrow.t (Seq.seq (t_PtrOwn'0))) = - resolve'10 _1 + predicate resolve'7 (_1 : MutBorrow.t (Seq.seq (t_PtrOwn'0))) = + resolve'8 _1 - predicate resolve'8 (self : MutBorrow.t (Seq.seq (t_PtrOwn'0))) = - [%#sresolve30] resolve'9 self + predicate resolve'6 (self : MutBorrow.t (Seq.seq (t_PtrOwn'0))) = + [%#sresolve32] resolve'7 self predicate resolve'4 (self : t_GhostBox'2) = - [%#sghost27] resolve'8 self.t_GhostBox__0'2 + [%#sghost28] resolve'6 self.t_GhostBox__0'2 - predicate resolve'0 (_1 : t_GhostBox'2) = + predicate resolve'1 (_1 : t_GhostBox'2) = resolve'4 _1 function inner_logic'1 (self : t_GhostBox'1) : Seq.seq (t_PtrOwn'0) = - [%#sghost12] self.t_GhostBox__0'1 + [%#sghost24] self.t_GhostBox__0'1 use seq.Seq use seq.Seq - predicate invariant'9 [#"linked_list.rs" 24 4 24 30] (self : t_List'0) = + predicate invariant'10 [#"linked_list.rs" 24 4 24 30] (self : t_List'0) = [%#slinked_list35] inner_logic'1 self.t_List__seq'0 = (Seq.empty : Seq.seq (t_PtrOwn'0)) /\ is_null_logic'0 self.t_List__first'0 /\ is_null_logic'0 self.t_List__last'0 \/ Seq.length (inner_logic'1 self.t_List__seq'0) > 0 @@ -1315,24 +1163,44 @@ module M_linked_list__qyi10858349784728989480__push_front [#"linked_list.rs" 100 predicate inv'18 (_1 : t_List'0) axiom inv_axiom'17 [@rewrite] : forall x : t_List'0 [inv'18 x] . inv'18 x - = (invariant'9 x + = (invariant'10 x /\ match x with | {t_List__first'0 = first ; t_List__last'0 = last ; t_List__seq'0 = seq} -> inv'0 seq end) - predicate invariant'0 (self : MutBorrow.t (t_List'0)) = + predicate invariant'2 (self : MutBorrow.t (t_List'0)) = [%#sinvariant31] inv'18 self.current /\ inv'18 self.final - predicate inv'2 (_1 : MutBorrow.t (t_List'0)) + predicate inv'4 (_1 : MutBorrow.t (t_List'0)) - axiom inv_axiom'2 [@rewrite] : forall x : MutBorrow.t (t_List'0) [inv'2 x] . inv'2 x = invariant'0 x + axiom inv_axiom'4 [@rewrite] : forall x : MutBorrow.t (t_List'0) [inv'4 x] . inv'4 x = invariant'2 x predicate resolve'5 (self : MutBorrow.t (t_List'0)) = - [%#sresolve28] self.final = self.current + [%#sresolve27] self.final = self.current - predicate resolve'1 (_1 : MutBorrow.t (t_List'0)) = + predicate resolve'2 (_1 : MutBorrow.t (t_List'0)) = resolve'5 _1 + predicate inv'13 (_1 : ()) + + axiom inv_axiom'12 [@rewrite] : forall x : () [inv'13 x] . inv'13 x = true + + type t_GhostBox'3 = + { t_GhostBox__0'3: () } + + predicate inv'14 (_1 : t_GhostBox'3) + + axiom inv_axiom'13 [@rewrite] : forall x : t_GhostBox'3 [inv'14 x] . inv'14 x = true + + let rec new'1 (x:()) (return' (ret:t_GhostBox'3))= {[@expl:new 'x' type invariant] [%#sghost19] inv'13 x} + any + [ return' (result:t_GhostBox'3)-> {[%#sghost20] inv'14 result} + {[%#sghost21] result.t_GhostBox__0'3 = x} + (! return' {result}) ] + + + use creusot.prelude.Intrinsic + use seq.Seq use creusot.prelude.Mapping @@ -1351,17 +1219,17 @@ module M_linked_list__qyi10858349784728989480__push_front [#"linked_list.rs" 100 [%#slinked_list29] Seq.create (Seq.length s) (Mapping.from_fn (fun (i : int) -> Map.get f (Seq.get s i))) function view'0 [#"linked_list.rs" 46 4 46 33] (self : t_List'0) : Seq.seq t_T'0 = - [%#slinked_list10] seq_map'0 (inner_logic'1 self.t_List__seq'0) (Mapping.from_fn (fun (ptr_own : t_PtrOwn'0) -> (val'0 ptr_own).t_Cell__v'0)) + [%#slinked_list22] seq_map'0 (inner_logic'1 self.t_List__seq'0) (Mapping.from_fn (fun (ptr_own : t_PtrOwn'0) -> (val'0 ptr_own).t_Cell__v'0)) use seq.Seq function push_front'1 [@inline:trivial] (self : Seq.seq t_T'0) (x : t_T'0) : Seq.seq t_T'0 = - [%#sseq11] Seq.cons x self + [%#sseq23] Seq.cons x self meta "compute_max_steps" 1000000 - let rec push_front'0[#"linked_list.rs" 100 4 100 38] (self:MutBorrow.t (t_List'0)) (x:t_T'0) (return' (ret:()))= {[@expl:push_front 'self' type invariant] [%#slinked_list0] inv'2 self} - {[@expl:push_front 'x' type invariant] [%#slinked_list1] inv'3 x} + let rec push_front'0[#"linked_list.rs" 100 4 100 38] (self:MutBorrow.t (t_List'0)) (x:t_T'0) (return' (ret:()))= {[@expl:push_front 'self' type invariant] [%#slinked_list0] inv'4 self} + {[@expl:push_front 'x' type invariant] [%#slinked_list1] inv'5 x} (! bb0 [ bb0 = bb1 | bb1 = s0 [ s0 = [ &_7 <- { t_Cell__v'0 = x; t_Cell__next'0 = (self.current).t_List__first'0 } ] s1 | s1 = bb2 ] @@ -1399,25 +1267,40 @@ module M_linked_list__qyi10858349784728989480__push_front [#"linked_list.rs" 100 [ s0 = {inv'1 seq} MutBorrow.borrow_mut {seq} (fun (_ret':MutBorrow.t (t_GhostBox'2)) -> - [ &_19 <- _ret' ] + [ &_21 <- _ret' ] -{inv'1 _ret'.final}- [ &seq <- _ret'.final ] s1) - | s1 = [ &_18 <- { field_0'0 = _19; field_1'0 = cell_own } ] s2 - | s2 = closure1'0 {_18} (fun (_ret':t_GhostBox'3) -> [ &_17 <- _ret' ] s3) - | s3 = bb10 ] + | s1 = deref_mut'0 {_21} (fun (_ret':MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0)))) -> [ &_20 <- _ret' ] s2) + | s2 = bb10 ] | bb10 = s0 - [ s0 = {[@expl:type invariant] inv'1 seq} s1 - | s1 = -{resolve'0 seq}- s2 - | s2 = {[@expl:type invariant] inv'2 self} s3 - | s3 = -{resolve'1 self}- s4 - | s4 = bb11 ] + [ s0 = {inv'2 (_20.current).current} + MutBorrow.borrow_mut {(_20.current).current} + (fun (_ret':MutBorrow.t (Seq.seq (t_PtrOwn'0))) -> + [ &_19 <- _ret' ] + -{inv'2 _ret'.final}- + [ &_20 <- { _20 with current = { _20.current with current = _ret'.final } } ] + s1) + | s1 = into_inner'0 {cell_own} (fun (_ret':t_PtrOwn'0) -> [ &_22 <- _ret' ] s2) + | s2 = bb11 ] + + | bb11 = s0 [ s0 = push_front_ghost'0 {_19} {_22} (fun (_ret':()) -> [ &_18 <- _ret' ] s1) | s1 = bb12 ] + | bb12 = s0 + [ s0 = {[@expl:type invariant] inv'3 _20} s1 + | s1 = -{resolve'0 _20}- s2 + | s2 = {[@expl:type invariant] inv'1 seq} s3 + | s3 = -{resolve'1 seq}- s4 + | s4 = {[@expl:type invariant] inv'4 self} s5 + | s5 = -{resolve'2 self}- s6 + | s6 = new'1 {_18} (fun (_ret':t_GhostBox'3) -> [ &_17 <- _ret' ] s7) + | s7 = bb13 ] - | bb11 = bb12 - | bb12 = bb13 | bb13 = bb14 - | bb14 = return' {_0} ] + | bb14 = bb15 + | bb15 = bb16 + | bb16 = bb17 + | bb17 = return' {_0} ] ) [ & _0 : () = Intrinsic.any_l () | & self : MutBorrow.t (t_List'0) = self @@ -1430,9 +1313,11 @@ module M_linked_list__qyi10858349784728989480__push_front [#"linked_list.rs" 100 | & seq : t_GhostBox'2 = Intrinsic.any_l () | & _16 : MutBorrow.t (t_GhostBox'1) = Intrinsic.any_l () | & _17 : t_GhostBox'3 = Intrinsic.any_l () - | & _18 : closure1'1 = Intrinsic.any_l () - | & _19 : MutBorrow.t (t_GhostBox'2) = Intrinsic.any_l () - | & _20 : () = Intrinsic.any_l () ] + | & _18 : () = Intrinsic.any_l () + | & _19 : MutBorrow.t (Seq.seq (t_PtrOwn'0)) = Intrinsic.any_l () + | & _20 : MutBorrow.t (MutBorrow.t (Seq.seq (t_PtrOwn'0))) = Intrinsic.any_l () + | & _21 : MutBorrow.t (t_GhostBox'2) = Intrinsic.any_l () + | & _22 : t_PtrOwn'0 = Intrinsic.any_l () ] [ return' (result:())-> {[@expl:push_front ensures] [%#slinked_list2] view'0 self.final = push_front'1 (view'0 self.current) x} diff --git a/creusot/tests/should_succeed/linked_list/proof.json b/creusot/tests/should_succeed/linked_list/proof.json index d9730e1977..310d299426 100644 --- a/creusot/tests/should_succeed/linked_list/proof.json +++ b/creusot/tests/should_succeed/linked_list/proof.json @@ -8,24 +8,22 @@ "proofs": { "M_linked_list__qyi10858349784728989480__new": { "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.023 }, - "vc_new'1": { "prover": "cvc5@1.0.5", "time": 0.005 }, + "vc_new'1": { "prover": "cvc5@1.0.5", "time": 0.023 }, "vc_null'0": { "prover": "cvc5@1.0.5", "time": 0.011 } }, "M_linked_list__qyi10858349784728989480__push_back": { "vc_as_mut'0": { "prover": "cvc5@1.0.5", "time": 0.012 }, "vc_borrow_mut'0": { "prover": "cvc5@1.0.5", "time": 0.015 }, - "vc_closure1'0": { "prover": "cvc5@1.0.5", "time": 0.012 }, - "vc_closure2'0": { "prover": "cvc5@1.0.5", "time": 0.014 }, - "vc_deref'0": { "prover": "cvc5@1.0.5", "time": 0.007 }, + "vc_deref'0": { "prover": "cvc5@1.0.5", "time": 0.028 }, "vc_deref_mut'0": { "prover": "cvc5@1.0.5", "time": 0.011 }, "vc_from_box'0": { "prover": "cvc5@1.0.5", "time": 0.012 }, "vc_get_mut_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.012 }, "vc_into_inner'0": { "prover": "cvc5@1.0.5", "time": 0.011 }, "vc_into_inner'1": { "prover": "cvc5@1.0.5", "time": 0.016 }, "vc_is_null'0": { "prover": "cvc5@1.0.5", "time": 0.011 }, - "vc_len_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.013 }, + "vc_len_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.026 }, "vc_minus_one'0": { "prover": "cvc5@1.0.5", "time": 0.012 }, - "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.013 }, + "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.029 }, "vc_new'1": { "prover": "cvc5@1.0.5", "time": 0.027 }, "vc_null'0": { "prover": "cvc5@1.0.5", "time": 0.011 }, "vc_push_back'0": { @@ -37,34 +35,34 @@ { "prover": "cvc5@1.0.5", "time": 0.055 }, { "prover": "cvc5@1.0.5", "time": 0.026 }, { "prover": "cvc5@1.0.5", "time": 0.06 }, - { "prover": "cvc5@1.0.5", "time": 0.028 }, + { "prover": "cvc5@1.0.5", "time": 0.014 }, { "prover": "cvc5@1.0.5", "time": 0.056 }, { "prover": "cvc5@1.0.5", "time": 0.056 }, { "prover": "cvc5@1.0.5", "time": 0.023 }, { "prover": "cvc5@1.0.5", "time": 0.06 }, { "prover": "cvc5@1.0.5", "time": 0.059 }, - { "prover": "cvc5@1.0.5", "time": 0.055 }, + { "prover": "cvc5@1.0.5", "time": 0.021 }, { "prover": "cvc5@1.0.5", "time": 0.052 }, - { "prover": "cvc5@1.0.5", "time": 0.061 }, + { "prover": "cvc5@1.0.5", "time": 0.019 }, { "prover": "cvc5@1.0.5", "time": 0.032 }, { "prover": "cvc5@1.0.5", "time": 0.066 }, { "prover": "cvc5@1.0.5", "time": 0.079 }, - { "prover": "z3@4.12.4", "time": 0.073 }, + { "prover": "z3@4.12.4", "time": 0.019 }, { "prover": "cvc5@1.0.5", "time": 0.104 }, { "prover": "cvc5@1.0.5", "time": 0.046 }, { "prover": "z3@4.12.4", "time": 0.025 }, { "prover": "cvc5@1.0.5", "time": 0.028 }, - { "prover": "cvc5@1.0.5", "time": 0.009 }, - { "prover": "cvc5@1.0.5", "time": 0.057 }, + { "prover": "cvc5@1.0.5", "time": 0.038 }, + { "prover": "cvc5@1.0.5", "time": 0.013 }, { "prover": "cvc5@1.0.5", "time": 0.053 }, - { "prover": "cvc5@1.0.5", "time": 0.024 }, + { "prover": "cvc5@1.0.5", "time": 0.054 }, { "prover": "cvc5@1.0.5", "time": 0.05 }, { "prover": "cvc5@1.0.5", "time": 0.031 }, - { "prover": "cvc5@1.0.5", "time": 0.055 }, + { "prover": "cvc5@1.0.5", "time": 0.016 }, { "prover": "cvc5@1.0.5", "time": 0.063 }, { "prover": "cvc5@1.0.5", "time": 0.033 }, - { "prover": "cvc5@1.0.5", "time": 0.023 }, - { "prover": "cvc5@1.0.5", "time": 0.203 }, + { "prover": "cvc5@1.0.5", "time": 0.113 }, + { "prover": "cvc5@1.0.5", "time": 0.029 }, { "prover": "cvc5@1.0.5", "time": 0.231 } ] }, @@ -73,12 +71,11 @@ }, "M_linked_list__qyi10858349784728989480__push_front": { "vc_borrow_mut'0": { "prover": "cvc5@1.0.5", "time": 0.011 }, - "vc_closure1'0": { "prover": "cvc5@1.0.5", "time": 0.012 }, - "vc_deref_mut'0": { "prover": "cvc5@1.0.5", "time": 0.008 }, + "vc_deref_mut'0": { "prover": "cvc5@1.0.5", "time": 0.02 }, "vc_into_inner'0": { "prover": "cvc5@1.0.5", "time": 0.011 }, - "vc_is_null'0": { "prover": "cvc5@1.0.5", "time": 0.009 }, - "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.01 }, - "vc_new'1": { "prover": "cvc5@1.0.5", "time": 0.006 }, + "vc_is_null'0": { "prover": "cvc5@1.0.5", "time": 0.021 }, + "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.021 }, + "vc_new'1": { "prover": "cvc5@1.0.5", "time": 0.02 }, "vc_push_front'0": { "prover": "z3@4.12.4", "time": 0.071 }, "vc_push_front_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.012 } }, diff --git a/creusot/tests/should_succeed/syntax/int_suffix.coma b/creusot/tests/should_succeed/syntax/int_suffix.coma index 6ab10bf5cb..b705d8d38b 100644 --- a/creusot/tests/should_succeed/syntax/int_suffix.coma +++ b/creusot/tests/should_succeed/syntax/int_suffix.coma @@ -1,14 +1,14 @@ module M_int_suffix__foo [#"int_suffix.rs" 5 0 5 29] - let%span sint_suffix0 = "int_suffix.rs" 4 10 4 25 - let%span sint_suffix1 = "int_suffix.rs" 6 11 6 15 - let%span sghost2 = "../../../../creusot-contracts/src/ghost.rs" 228 9 228 15 - let%span sint3 = "../../../../creusot-contracts/src/logic/int.rs" 56 14 56 31 - let%span sghost4 = "../../../../creusot-contracts/src/ghost.rs" 210 22 210 26 - let%span sghost5 = "../../../../creusot-contracts/src/ghost.rs" 210 4 210 32 - let%span sghost6 = "../../../../creusot-contracts/src/ghost.rs" 208 14 208 31 - let%span sghost7 = "../../../../creusot-contracts/src/ghost.rs" 185 15 185 16 - let%span sghost8 = "../../../../creusot-contracts/src/ghost.rs" 185 4 185 28 - let%span sghost9 = "../../../../creusot-contracts/src/ghost.rs" 183 14 183 28 + let%span sint_suffix0 = "int_suffix.rs" 6 11 6 15 + let%span sint_suffix1 = "int_suffix.rs" 4 10 4 25 + let%span sint2 = "../../../../creusot-contracts/src/logic/int.rs" 56 14 56 31 + let%span sghost3 = "../../../../creusot-contracts/src/ghost.rs" 210 22 210 26 + let%span sghost4 = "../../../../creusot-contracts/src/ghost.rs" 210 4 210 32 + let%span sghost5 = "../../../../creusot-contracts/src/ghost.rs" 208 14 208 31 + let%span sghost6 = "../../../../creusot-contracts/src/ghost.rs" 185 15 185 16 + let%span sghost7 = "../../../../creusot-contracts/src/ghost.rs" 185 4 185 28 + let%span sghost8 = "../../../../creusot-contracts/src/ghost.rs" 183 14 183 28 + let%span sghost9 = "../../../../creusot-contracts/src/ghost.rs" 228 9 228 15 use creusot.int.Int128 @@ -16,12 +16,12 @@ module M_int_suffix__foo [#"int_suffix.rs" 5 0 5 29] { t_GhostBox__0'0: int } function inner_logic'0 (self : t_GhostBox'0) : int = - [%#sghost2] self.t_GhostBox__0'0 + [%#sghost9] self.t_GhostBox__0'0 use creusot.int.Int128 let rec new'0 (value:Int128.t) (return' (ret:t_GhostBox'0))= any - [ return' (result:t_GhostBox'0)-> {[%#sint3] inner_logic'0 result = Int128.to_int value} (! return' {result}) ] + [ return' (result:t_GhostBox'0)-> {[%#sint2] inner_logic'0 result = Int128.to_int value} (! return' {result}) ] predicate inv'0 (_1 : t_GhostBox'0) @@ -32,44 +32,37 @@ module M_int_suffix__foo [#"int_suffix.rs" 5 0 5 29] axiom inv_axiom'1 [@rewrite] : forall x : int [inv'1 x] . inv'1 x = true - let rec into_inner'0 (self:t_GhostBox'0) (return' (ret:int))= {[@expl:into_inner 'self' type invariant] [%#sghost4] inv'0 self} + let rec into_inner'0 (self:t_GhostBox'0) (return' (ret:int))= {[@expl:into_inner 'self' type invariant] [%#sghost3] inv'0 self} any - [ return' (result:int)-> {[%#sghost5] inv'1 result} - {[%#sghost6] result = self.t_GhostBox__0'0} + [ return' (result:int)-> {[%#sghost4] inv'1 result} + {[%#sghost5] result = self.t_GhostBox__0'0} (! return' {result}) ] - let rec new'1 (x:int) (return' (ret:t_GhostBox'0))= {[@expl:new 'x' type invariant] [%#sghost7] inv'1 x} + let rec new'1 (x:int) (return' (ret:t_GhostBox'0))= {[@expl:new 'x' type invariant] [%#sghost6] inv'1 x} any - [ return' (result:t_GhostBox'0)-> {[%#sghost8] inv'0 result} - {[%#sghost9] result.t_GhostBox__0'0 = x} + [ return' (result:t_GhostBox'0)-> {[%#sghost7] inv'0 result} + {[%#sghost8] result.t_GhostBox__0'0 = x} (! return' {result}) ] use creusot.prelude.Intrinsic - let rec closure1'0[#"int_suffix.rs" 6 4 6 16] [@coma:extspec] (_1:()) (return' (ret:t_GhostBox'0))= bb0 + meta "compute_max_steps" 1000000 + + let rec foo'0[#"int_suffix.rs" 5 0 5 29] (_1:()) (return' (ret:t_GhostBox'0))= (! bb0 [ bb0 = s0 - [ s0 = new'0 {[%#sint_suffix1] (1 : Int128.t)} (fun (_ret':t_GhostBox'0) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] + [ s0 = new'0 {[%#sint_suffix0] (1 : Int128.t)} (fun (_ret':t_GhostBox'0) -> [ &_3 <- _ret' ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = into_inner'0 {_3} (fun (_ret':int) -> [ &_2 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = new'1 {_2} (fun (_ret':t_GhostBox'0) -> [ &_0 <- _ret' ] s1) | s1 = bb3 ] | bb3 = return' {_0} ] - + ) [ & _0 : t_GhostBox'0 = Intrinsic.any_l () | & _2 : int = Intrinsic.any_l () | & _3 : t_GhostBox'0 = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'0)-> return' {result} ] - - meta "compute_max_steps" 1000000 - - let rec foo'0[#"int_suffix.rs" 5 0 5 29] (_1:()) (return' (ret:t_GhostBox'0))= (! bb0 - [ bb0 = s0 - [ s0 = [ &_2 <- () ] s1 | s1 = closure1'0 {_2} (fun (_ret':t_GhostBox'0) -> [ &_0 <- _ret' ] s2) | s2 = bb1 ] - | bb1 = return' {_0} ] - ) [ & _0 : t_GhostBox'0 = Intrinsic.any_l () | & _2 : () = Intrinsic.any_l () | & _3 : () = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'0)-> {[@expl:foo ensures] [%#sint_suffix0] inner_logic'0 result = 1} + [ return' (result:t_GhostBox'0)-> {[@expl:foo ensures] [%#sint_suffix1] inner_logic'0 result = 1} (! return' {result}) ] end diff --git a/creusot/tests/should_succeed/syntax/int_suffix/proof.json b/creusot/tests/should_succeed/syntax/int_suffix/proof.json index a690a2bf96..3db4ede751 100644 --- a/creusot/tests/should_succeed/syntax/int_suffix/proof.json +++ b/creusot/tests/should_succeed/syntax/int_suffix/proof.json @@ -7,10 +7,9 @@ ], "proofs": { "M_int_suffix__foo": { - "vc_closure1'0": { "prover": "cvc5@1.0.5", "time": 0.054 }, "vc_foo'0": { "prover": "cvc5@1.0.5", "time": 0.023 }, "vc_into_inner'0": { "prover": "cvc5@1.0.5", "time": 0.059 }, - "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.06 }, + "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.023 }, "vc_new'1": { "prover": "cvc5@1.0.5", "time": 0.059 } } } diff --git a/creusot/tests/should_succeed/union_find.coma b/creusot/tests/should_succeed/union_find.coma index 40cba505b1..82fbf5b922 100644 --- a/creusot/tests/should_succeed/union_find.coma +++ b/creusot/tests/should_succeed/union_find.coma @@ -1336,70 +1336,70 @@ module M_union_find__implementation__qyi1944850640244667852__make [#"union_find. let%span sghost15 = "../../../creusot-contracts/src/ghost.rs" 141 27 141 31 let%span sghost16 = "../../../creusot-contracts/src/ghost.rs" 141 4 141 52 let%span sghost17 = "../../../creusot-contracts/src/ghost.rs" 140 14 140 39 - let%span sfset18 = "../../../creusot-contracts/src/logic/fset.rs" 66 8 66 26 - let%span sunion_find19 = "union_find.rs" 134 19 134 28 - let%span sunion_find20 = "union_find.rs" 135 18 135 150 - let%span sunion_find21 = "union_find.rs" 132 8 132 16 - let%span sfset22 = "../../../creusot-contracts/src/logic/fset.rs" 47 8 47 26 - let%span sunion_find23 = "union_find.rs" 146 19 146 28 - let%span sunion_find24 = "union_find.rs" 147 18 147 98 - let%span sunion_find25 = "union_find.rs" 144 8 144 16 - let%span sunion_find26 = "union_find.rs" 155 19 155 28 - let%span sunion_find27 = "union_find.rs" 156 18 156 106 - let%span sunion_find28 = "union_find.rs" 153 8 153 16 - let%span sghost29 = "../../../creusot-contracts/src/ghost.rs" 228 9 228 15 - let%span sghost30 = "../../../creusot-contracts/src/ghost.rs" 210 22 210 26 - let%span sghost31 = "../../../creusot-contracts/src/ghost.rs" 210 4 210 32 - let%span sghost32 = "../../../creusot-contracts/src/ghost.rs" 208 14 208 31 - let%span sghost33 = "../../../creusot-contracts/src/ghost.rs" 85 22 85 26 - let%span sghost34 = "../../../creusot-contracts/src/ghost.rs" 85 4 85 48 - let%span sghost35 = "../../../creusot-contracts/src/ghost.rs" 84 14 84 36 - let%span sunion_find36 = "union_find.rs" 31 18 31 46 - let%span sfmap37 = "../../../creusot-contracts/src/logic/fmap.rs" 349 30 349 34 - let%span sfmap38 = "../../../creusot-contracts/src/logic/fmap.rs" 349 36 349 39 - let%span sfmap39 = "../../../creusot-contracts/src/logic/fmap.rs" 349 4 349 62 - let%span sfmap40 = "../../../creusot-contracts/src/logic/fmap.rs" 337 4 346 11 - let%span sfmap41 = "../../../creusot-contracts/src/logic/fmap.rs" 347 14 347 89 - let%span sfmap42 = "../../../creusot-contracts/src/logic/fmap.rs" 348 14 348 44 - let%span sptr_own43 = "../../../creusot-contracts/src/ptr_own.rs" 108 26 108 30 - let%span sptr_own44 = "../../../creusot-contracts/src/ptr_own.rs" 108 48 108 52 - let%span sptr_own45 = "../../../creusot-contracts/src/ptr_own.rs" 105 14 105 64 - let%span sptr_own46 = "../../../creusot-contracts/src/ptr_own.rs" 106 14 106 28 - let%span sfmap47 = "../../../creusot-contracts/src/logic/fmap.rs" 414 29 414 33 - let%span sfmap48 = "../../../creusot-contracts/src/logic/fmap.rs" 414 35 414 38 - let%span sfmap49 = "../../../creusot-contracts/src/logic/fmap.rs" 414 43 414 48 - let%span sfmap50 = "../../../creusot-contracts/src/logic/fmap.rs" 414 4 416 17 - let%span sfmap51 = "../../../creusot-contracts/src/logic/fmap.rs" 412 14 412 49 - let%span sfmap52 = "../../../creusot-contracts/src/logic/fmap.rs" 413 14 413 40 - let%span sghost53 = "../../../creusot-contracts/src/ghost.rs" 185 15 185 16 - let%span sghost54 = "../../../creusot-contracts/src/ghost.rs" 185 4 185 28 - let%span sghost55 = "../../../creusot-contracts/src/ghost.rs" 183 14 183 28 - let%span sghost56 = "../../../creusot-contracts/src/ghost.rs" 108 4 108 27 - let%span sresolve57 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sunion_find58 = "union_find.rs" 22 8 22 16 - let%span smapping59 = "../../../creusot-contracts/src/logic/mapping.rs" 60 8 60 19 - let%span sfmap60 = "../../../creusot-contracts/src/logic/fmap.rs" 133 8 133 35 - let%span sfmap61 = "../../../creusot-contracts/src/logic/fmap.rs" 125 8 125 35 - let%span sfmap62 = "../../../creusot-contracts/src/logic/fmap.rs" 104 8 104 26 - let%span sfmap63 = "../../../creusot-contracts/src/logic/fmap.rs" 49 14 49 25 - let%span sfmap64 = "../../../creusot-contracts/src/logic/fmap.rs" 67 14 67 71 - let%span sfmap65 = "../../../creusot-contracts/src/logic/fmap.rs" 68 14 68 61 - let%span sfmap66 = "../../../creusot-contracts/src/logic/fmap.rs" 69 14 69 66 - let%span sfmap67 = "../../../creusot-contracts/src/logic/fmap.rs" 93 8 96 9 - let%span sresolve68 = "../../../creusot-contracts/src/resolve.rs" 82 8 85 9 - let%span sresolve69 = "../../../creusot-contracts/src/resolve.rs" 68 8 68 23 - let%span sinvariant70 = "../../../creusot-contracts/src/invariant.rs" 35 20 35 44 - let%span sfmap71 = "../../../creusot-contracts/src/logic/fmap.rs" 490 20 490 91 - let%span sutil72 = "../../../creusot-contracts/src/util.rs" 55 11 55 21 - let%span sutil73 = "../../../creusot-contracts/src/util.rs" 56 10 56 28 - let%span sfmap74 = "../../../creusot-contracts/src/logic/fmap.rs" 59 14 59 86 - let%span sptr_own75 = "../../../creusot-contracts/src/ptr_own.rs" 44 20 44 66 - let%span sutil76 = "../../../creusot-contracts/src/util.rs" 21 14 21 30 - let%span sunion_find77 = "union_find.rs" 81 8 81 20 - let%span sboxed78 = "../../../creusot-contracts/src/std/boxed.rs" 33 8 33 18 - let%span sptr79 = "../../../creusot-contracts/src/std/ptr.rs" 80 14 80 48 - let%span sptr80 = "../../../creusot-contracts/src/std/ptr.rs" 82 8 82 30 - let%span sinvariant81 = "../../../creusot-contracts/src/invariant.rs" 25 8 25 18 + let%span sghost18 = "../../../creusot-contracts/src/ghost.rs" 210 22 210 26 + let%span sghost19 = "../../../creusot-contracts/src/ghost.rs" 210 4 210 32 + let%span sghost20 = "../../../creusot-contracts/src/ghost.rs" 208 14 208 31 + let%span sghost21 = "../../../creusot-contracts/src/ghost.rs" 85 22 85 26 + let%span sghost22 = "../../../creusot-contracts/src/ghost.rs" 85 4 85 48 + let%span sghost23 = "../../../creusot-contracts/src/ghost.rs" 84 14 84 36 + let%span sunion_find24 = "union_find.rs" 31 18 31 46 + let%span sfmap25 = "../../../creusot-contracts/src/logic/fmap.rs" 349 30 349 34 + let%span sfmap26 = "../../../creusot-contracts/src/logic/fmap.rs" 349 36 349 39 + let%span sfmap27 = "../../../creusot-contracts/src/logic/fmap.rs" 349 4 349 62 + let%span sfmap28 = "../../../creusot-contracts/src/logic/fmap.rs" 337 4 346 11 + let%span sfmap29 = "../../../creusot-contracts/src/logic/fmap.rs" 347 14 347 89 + let%span sfmap30 = "../../../creusot-contracts/src/logic/fmap.rs" 348 14 348 44 + let%span sptr_own31 = "../../../creusot-contracts/src/ptr_own.rs" 108 26 108 30 + let%span sptr_own32 = "../../../creusot-contracts/src/ptr_own.rs" 108 48 108 52 + let%span sptr_own33 = "../../../creusot-contracts/src/ptr_own.rs" 105 14 105 64 + let%span sptr_own34 = "../../../creusot-contracts/src/ptr_own.rs" 106 14 106 28 + let%span sfmap35 = "../../../creusot-contracts/src/logic/fmap.rs" 414 29 414 33 + let%span sfmap36 = "../../../creusot-contracts/src/logic/fmap.rs" 414 35 414 38 + let%span sfmap37 = "../../../creusot-contracts/src/logic/fmap.rs" 414 43 414 48 + let%span sfmap38 = "../../../creusot-contracts/src/logic/fmap.rs" 414 4 416 17 + let%span sfmap39 = "../../../creusot-contracts/src/logic/fmap.rs" 412 14 412 49 + let%span sfmap40 = "../../../creusot-contracts/src/logic/fmap.rs" 413 14 413 40 + let%span sghost41 = "../../../creusot-contracts/src/ghost.rs" 185 15 185 16 + let%span sghost42 = "../../../creusot-contracts/src/ghost.rs" 185 4 185 28 + let%span sghost43 = "../../../creusot-contracts/src/ghost.rs" 183 14 183 28 + let%span sfset44 = "../../../creusot-contracts/src/logic/fset.rs" 66 8 66 26 + let%span sunion_find45 = "union_find.rs" 134 19 134 28 + let%span sunion_find46 = "union_find.rs" 135 18 135 150 + let%span sunion_find47 = "union_find.rs" 132 8 132 16 + let%span sfset48 = "../../../creusot-contracts/src/logic/fset.rs" 47 8 47 26 + let%span sunion_find49 = "union_find.rs" 146 19 146 28 + let%span sunion_find50 = "union_find.rs" 147 18 147 98 + let%span sunion_find51 = "union_find.rs" 144 8 144 16 + let%span sunion_find52 = "union_find.rs" 155 19 155 28 + let%span sunion_find53 = "union_find.rs" 156 18 156 106 + let%span sunion_find54 = "union_find.rs" 153 8 153 16 + let%span sghost55 = "../../../creusot-contracts/src/ghost.rs" 228 9 228 15 + let%span sunion_find56 = "union_find.rs" 22 8 22 16 + let%span sfmap57 = "../../../creusot-contracts/src/logic/fmap.rs" 133 8 133 35 + let%span sfmap58 = "../../../creusot-contracts/src/logic/fmap.rs" 125 8 125 35 + let%span sfmap59 = "../../../creusot-contracts/src/logic/fmap.rs" 104 8 104 26 + let%span sfmap60 = "../../../creusot-contracts/src/logic/fmap.rs" 49 14 49 25 + let%span sresolve61 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sfmap62 = "../../../creusot-contracts/src/logic/fmap.rs" 67 14 67 71 + let%span sfmap63 = "../../../creusot-contracts/src/logic/fmap.rs" 68 14 68 61 + let%span sfmap64 = "../../../creusot-contracts/src/logic/fmap.rs" 69 14 69 66 + let%span sfmap65 = "../../../creusot-contracts/src/logic/fmap.rs" 93 8 96 9 + let%span sresolve66 = "../../../creusot-contracts/src/resolve.rs" 82 8 85 9 + let%span sghost67 = "../../../creusot-contracts/src/ghost.rs" 108 4 108 27 + let%span smapping68 = "../../../creusot-contracts/src/logic/mapping.rs" 60 8 60 19 + let%span sfmap69 = "../../../creusot-contracts/src/logic/fmap.rs" 490 20 490 91 + let%span sutil70 = "../../../creusot-contracts/src/util.rs" 55 11 55 21 + let%span sutil71 = "../../../creusot-contracts/src/util.rs" 56 10 56 28 + let%span sfmap72 = "../../../creusot-contracts/src/logic/fmap.rs" 59 14 59 86 + let%span sptr_own73 = "../../../creusot-contracts/src/ptr_own.rs" 44 20 44 66 + let%span sinvariant74 = "../../../creusot-contracts/src/invariant.rs" 35 20 35 44 + let%span sutil75 = "../../../creusot-contracts/src/util.rs" 21 14 21 30 + let%span sresolve76 = "../../../creusot-contracts/src/resolve.rs" 68 8 68 23 + let%span sptr77 = "../../../creusot-contracts/src/std/ptr.rs" 80 14 80 48 + let%span sptr78 = "../../../creusot-contracts/src/std/ptr.rs" 82 8 82 30 + let%span sinvariant79 = "../../../creusot-contracts/src/invariant.rs" 25 8 25 18 + let%span sunion_find80 = "union_find.rs" 81 8 81 20 + let%span sboxed81 = "../../../creusot-contracts/src/std/boxed.rs" 33 8 33 18 let%span sunion_find82 = "union_find.rs" 126 8 126 16 let%span sfmap83 = "../../../creusot-contracts/src/logic/fmap.rs" 229 8 229 24 let%span sfmap84 = "../../../creusot-contracts/src/logic/fmap.rs" 117 9 117 31 @@ -1419,13 +1419,13 @@ module M_union_find__implementation__qyi1944850640244667852__make [#"union_find. | C_Root'0 UInt64.t t_T'0 | C_Link'0 (t_Element'0) - predicate inv'3 (_1 : t_T'0) + predicate inv'8 (_1 : t_T'0) - predicate inv'4 (_1 : t_Content'0) + predicate inv'9 (_1 : t_Content'0) - axiom inv_axiom'3 [@rewrite] : forall x : t_Content'0 [inv'4 x] . inv'4 x + axiom inv_axiom'8 [@rewrite] : forall x : t_Content'0 [inv'9 x] . inv'9 x = match x with - | C_Root'0 rank value -> inv'3 value + | C_Root'0 rank value -> inv'8 value | C_Link'0 a_0 -> true end @@ -1439,51 +1439,51 @@ module M_union_find__implementation__qyi1944850640244667852__make [#"union_find. function addr_logic'0 (self : Opaque.ptr) : int function is_null_logic'0 (self : Opaque.ptr) : bool = - [%#sptr80] addr_logic'0 self = 0 + [%#sptr78] addr_logic'0 self = 0 - axiom is_null_logic'0_spec : forall self : Opaque.ptr . [%#sptr79] is_null_logic'0 self = (addr_logic'0 self = 0) + axiom is_null_logic'0_spec : forall self : Opaque.ptr . [%#sptr77] is_null_logic'0 self = (addr_logic'0 self = 0) function val'0 (self : t_PtrOwn'0) : t_Content'0 predicate invariant'13 (self : t_Content'0) = - [%#sboxed78] inv'4 self + [%#sboxed81] inv'9 self - predicate inv'26 (_1 : t_Content'0) + predicate inv'25 (_1 : t_Content'0) - axiom inv_axiom'25 [@rewrite] : forall x : t_Content'0 [inv'26 x] . inv'26 x = invariant'13 x + axiom inv_axiom'24 [@rewrite] : forall x : t_Content'0 [inv'25 x] . inv'25 x = invariant'13 x - predicate invariant'3 (self : t_PtrOwn'0) = - [%#sptr_own75] not is_null_logic'0 (ptr'0 self) /\ inv'26 (val'0 self) + predicate invariant'1 (self : t_PtrOwn'0) = + [%#sptr_own73] not is_null_logic'0 (ptr'0 self) /\ inv'25 (val'0 self) - predicate inv'8 (_1 : t_PtrOwn'0) + predicate inv'3 (_1 : t_PtrOwn'0) - axiom inv_axiom'7 [@rewrite] : forall x : t_PtrOwn'0 [inv'8 x] . inv'8 x = invariant'3 x + axiom inv_axiom'3 [@rewrite] : forall x : t_PtrOwn'0 [inv'3 x] . inv'3 x = invariant'1 x predicate invariant'12 (self : t_PtrOwn'0) = - [%#sboxed78] inv'8 self + [%#sboxed81] inv'3 self - predicate inv'25 (_1 : t_PtrOwn'0) + predicate inv'24 (_1 : t_PtrOwn'0) - axiom inv_axiom'24 [@rewrite] : forall x : t_PtrOwn'0 [inv'25 x] . inv'25 x = invariant'12 x + axiom inv_axiom'23 [@rewrite] : forall x : t_PtrOwn'0 [inv'24 x] . inv'24 x = invariant'12 x - predicate inv'17 (_1 : t_GhostBox'0) + predicate inv'12 (_1 : t_GhostBox'0) - axiom inv_axiom'16 [@rewrite] : forall x : t_GhostBox'0 [inv'17 x] . inv'17 x + axiom inv_axiom'11 [@rewrite] : forall x : t_GhostBox'0 [inv'12 x] . inv'12 x = match x with - | {t_GhostBox__0'0 = a_0} -> inv'25 a_0 + | {t_GhostBox__0'0 = a_0} -> inv'24 a_0 end - predicate inv'5 (_1 : (Opaque.ptr, t_GhostBox'0)) + predicate inv'10 (_1 : (Opaque.ptr, t_GhostBox'0)) - axiom inv_axiom'4 [@rewrite] : forall x : (Opaque.ptr, t_GhostBox'0) [inv'5 x] . inv'5 x - = (let (x0, x1) = x in inv'17 x1) + axiom inv_axiom'9 [@rewrite] : forall x : (Opaque.ptr, t_GhostBox'0) [inv'10 x] . inv'10 x + = (let (x0, x1) = x in inv'12 x1) function inner_logic'0 (self : t_GhostBox'0) : t_PtrOwn'0 = - [%#sghost29] self.t_GhostBox__0'0 + [%#sghost55] self.t_GhostBox__0'0 - let rec new'0 (v:t_Content'0) (return' (ret:(Opaque.ptr, t_GhostBox'0)))= {[@expl:new 'v' type invariant] [%#sptr_own12] inv'4 v} + let rec new'0 (v:t_Content'0) (return' (ret:(Opaque.ptr, t_GhostBox'0)))= {[@expl:new 'v' type invariant] [%#sptr_own12] inv'9 v} any - [ return' (result:(Opaque.ptr, t_GhostBox'0))-> {[%#sptr_own13] inv'5 result} + [ return' (result:(Opaque.ptr, t_GhostBox'0))-> {[%#sptr_own13] inv'10 result} {[%#sptr_own14] ptr'0 (inner_logic'0 (let (_, a) = result in a)) = (let (a, _) = result in a) /\ val'0 (inner_logic'0 (let (_, a) = result in a)) = v} (! return' {result}) ] @@ -1506,48 +1506,48 @@ module M_union_find__implementation__qyi1944850640244667852__make [#"union_find. function view'0 (self : t_FMap'0) : Map.map (Snapshot.snap_ty (int)) (t_Option'2) - axiom view'0_spec : forall self : t_FMap'0 . [%#sfmap74] forall m1 : t_FMap'0, m2 : t_FMap'0 . m1 <> m2 + axiom view'0_spec : forall self : t_FMap'0 . [%#sfmap72] forall m1 : t_FMap'0, m2 : t_FMap'0 . m1 <> m2 -> view'0 m1 <> view'0 m2 use map.Map function get_unsized'0 [@inline:trivial] (self : t_FMap'0) (k : Snapshot.snap_ty (int)) : t_Option'2 = - [%#sfmap62] Map.get (view'0 self) k + [%#sfmap59] Map.get (view'0 self) k function contains'1 [@inline:trivial] (self : t_FMap'0) (k : Snapshot.snap_ty (int)) : bool = - [%#sfmap60] get_unsized'0 self k <> C_None'2 + [%#sfmap57] get_unsized'0 self k <> C_None'2 - predicate inv'22 (_1 : Snapshot.snap_ty (int)) + predicate inv'18 (_1 : Snapshot.snap_ty (int)) - axiom inv_axiom'21 [@rewrite] : forall x : Snapshot.snap_ty (int) [inv'22 x] . inv'22 x = true + axiom inv_axiom'17 [@rewrite] : forall x : Snapshot.snap_ty (int) [inv'18 x] . inv'18 x = true function unwrap'0 (op : t_Option'2) : t_PtrOwn'0 - axiom unwrap'0_spec : forall op : t_Option'2 . ([%#sutil72] op <> C_None'2) - -> ([%#sutil73] C_Some'2 (unwrap'0 op) = op) + axiom unwrap'0_spec : forall op : t_Option'2 . ([%#sutil70] op <> C_None'2) + -> ([%#sutil71] C_Some'2 (unwrap'0 op) = op) function lookup_unsized'0 [@inline:trivial] (self : t_FMap'0) (k : Snapshot.snap_ty (int)) : t_PtrOwn'0 = - [%#sfmap61] unwrap'0 (get_unsized'0 self k) + [%#sfmap58] unwrap'0 (get_unsized'0 self k) - predicate invariant'2 (self : t_FMap'0) = - [%#sfmap71] forall k : Snapshot.snap_ty (int) . contains'1 self k -> inv'22 k /\ inv'25 (lookup_unsized'0 self k) + predicate invariant'0 (self : t_FMap'0) = + [%#sfmap69] forall k : Snapshot.snap_ty (int) . contains'1 self k -> inv'18 k /\ inv'24 (lookup_unsized'0 self k) - predicate inv'7 (_1 : t_FMap'0) + predicate inv'2 (_1 : t_FMap'0) - axiom inv_axiom'6 [@rewrite] : forall x : t_FMap'0 [inv'7 x] . inv'7 x = invariant'2 x + axiom inv_axiom'2 [@rewrite] : forall x : t_FMap'0 [inv'2 x] . inv'2 x = invariant'0 x - predicate invariant'8 (self : t_FMap'0) = - [%#sboxed78] inv'7 self + predicate invariant'10 (self : t_FMap'0) = + [%#sboxed81] inv'2 self - predicate inv'15 (_1 : t_FMap'0) + predicate inv'22 (_1 : t_FMap'0) - axiom inv_axiom'14 [@rewrite] : forall x : t_FMap'0 [inv'15 x] . inv'15 x = invariant'8 x + axiom inv_axiom'21 [@rewrite] : forall x : t_FMap'0 [inv'22 x] . inv'22 x = invariant'10 x predicate inv'0 (_1 : t_GhostBox'1) axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'1 [inv'0 x] . inv'0 x = match x with - | {t_GhostBox__0'1 = a_0} -> inv'15 a_0 + | {t_GhostBox__0'1 = a_0} -> inv'22 a_0 end use set.Fset @@ -1574,38 +1574,38 @@ module M_union_find__implementation__qyi1944850640244667852__make [#"union_find. t_UnionFind__root_of'0: Snapshot.snap_ty (Map.map (t_Element'0) (t_Element'0)); t_UnionFind__max_depth'0: Snapshot.snap_ty (int) } - predicate invariant'1 (self : MutBorrow.t (t_GhostBox'1)) = - [%#sinvariant70] inv'0 self.current /\ inv'0 self.final + predicate invariant'5 (self : MutBorrow.t (t_GhostBox'1)) = + [%#sinvariant74] inv'0 self.current /\ inv'0 self.final - predicate inv'6 (_1 : MutBorrow.t (t_GhostBox'1)) + predicate inv'11 (_1 : MutBorrow.t (t_GhostBox'1)) - axiom inv_axiom'5 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'1) [inv'6 x] . inv'6 x = invariant'1 x + axiom inv_axiom'10 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'1) [inv'11 x] . inv'11 x = invariant'5 x type t_GhostBox'2 = { t_GhostBox__0'2: MutBorrow.t (t_FMap'0) } - predicate invariant'10 (self : MutBorrow.t (t_FMap'0)) = - [%#sinvariant70] inv'7 self.current /\ inv'7 self.final + predicate invariant'7 (self : MutBorrow.t (t_FMap'0)) = + [%#sinvariant74] inv'2 self.current /\ inv'2 self.final - predicate inv'18 (_1 : MutBorrow.t (t_FMap'0)) + predicate inv'14 (_1 : MutBorrow.t (t_FMap'0)) - axiom inv_axiom'17 [@rewrite] : forall x : MutBorrow.t (t_FMap'0) [inv'18 x] . inv'18 x = invariant'10 x + axiom inv_axiom'13 [@rewrite] : forall x : MutBorrow.t (t_FMap'0) [inv'14 x] . inv'14 x = invariant'7 x - predicate invariant'9 (self : MutBorrow.t (t_FMap'0)) = - [%#sboxed78] inv'18 self + predicate invariant'11 (self : MutBorrow.t (t_FMap'0)) = + [%#sboxed81] inv'14 self - predicate inv'16 (_1 : MutBorrow.t (t_FMap'0)) + predicate inv'23 (_1 : MutBorrow.t (t_FMap'0)) - axiom inv_axiom'15 [@rewrite] : forall x : MutBorrow.t (t_FMap'0) [inv'16 x] . inv'16 x = invariant'9 x + axiom inv_axiom'22 [@rewrite] : forall x : MutBorrow.t (t_FMap'0) [inv'23 x] . inv'23 x = invariant'11 x predicate inv'1 (_1 : t_GhostBox'2) axiom inv_axiom'1 [@rewrite] : forall x : t_GhostBox'2 [inv'1 x] . inv'1 x = match x with - | {t_GhostBox__0'2 = a_0} -> inv'16 a_0 + | {t_GhostBox__0'2 = a_0} -> inv'23 a_0 end - let rec borrow_mut'0 (self:MutBorrow.t (t_GhostBox'1)) (return' (ret:t_GhostBox'2))= {[@expl:borrow_mut 'self' type invariant] [%#sghost15] inv'6 self} + let rec borrow_mut'0 (self:MutBorrow.t (t_GhostBox'1)) (return' (ret:t_GhostBox'2))= {[@expl:borrow_mut 'self' type invariant] [%#sghost15] inv'11 self} any [ return' (result:t_GhostBox'2)-> {[%#sghost16] inv'1 result} {[%#sghost17] result.t_GhostBox__0'2 @@ -1613,31 +1613,31 @@ module M_union_find__implementation__qyi1944850640244667852__make [#"union_find. (! return' {result}) ] - let rec into_inner'0 (self:t_GhostBox'0) (return' (ret:t_PtrOwn'0))= {[@expl:into_inner 'self' type invariant] [%#sghost30] inv'17 self} + let rec into_inner'0 (self:t_GhostBox'0) (return' (ret:t_PtrOwn'0))= {[@expl:into_inner 'self' type invariant] [%#sghost18] inv'12 self} any - [ return' (result:t_PtrOwn'0)-> {[%#sghost31] inv'8 result} - {[%#sghost32] result = self.t_GhostBox__0'0} + [ return' (result:t_PtrOwn'0)-> {[%#sghost19] inv'3 result} + {[%#sghost20] result = self.t_GhostBox__0'0} (! return' {result}) ] predicate invariant'6 (self : MutBorrow.t (t_GhostBox'2)) = - [%#sinvariant70] inv'1 self.current /\ inv'1 self.final + [%#sinvariant74] inv'1 self.current /\ inv'1 self.final - predicate inv'12 (_1 : MutBorrow.t (t_GhostBox'2)) + predicate inv'13 (_1 : MutBorrow.t (t_GhostBox'2)) - axiom inv_axiom'11 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'2) [inv'12 x] . inv'12 x = invariant'6 x + axiom inv_axiom'12 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'2) [inv'13 x] . inv'13 x = invariant'6 x - predicate invariant'5 (self : MutBorrow.t (MutBorrow.t (t_FMap'0))) = - [%#sinvariant70] inv'18 self.current /\ inv'18 self.final + predicate invariant'3 (self : MutBorrow.t (MutBorrow.t (t_FMap'0))) = + [%#sinvariant74] inv'14 self.current /\ inv'14 self.final - predicate inv'10 (_1 : MutBorrow.t (MutBorrow.t (t_FMap'0))) + predicate inv'5 (_1 : MutBorrow.t (MutBorrow.t (t_FMap'0))) - axiom inv_axiom'9 [@rewrite] : forall x : MutBorrow.t (MutBorrow.t (t_FMap'0)) [inv'10 x] . inv'10 x = invariant'5 x + axiom inv_axiom'5 [@rewrite] : forall x : MutBorrow.t (MutBorrow.t (t_FMap'0)) [inv'5 x] . inv'5 x = invariant'3 x - let rec deref_mut'0 (self:MutBorrow.t (t_GhostBox'2)) (return' (ret:MutBorrow.t (MutBorrow.t (t_FMap'0))))= {[@expl:deref_mut 'self' type invariant] [%#sghost33] inv'12 self} + let rec deref_mut'0 (self:MutBorrow.t (t_GhostBox'2)) (return' (ret:MutBorrow.t (MutBorrow.t (t_FMap'0))))= {[@expl:deref_mut 'self' type invariant] [%#sghost21] inv'13 self} any - [ return' (result:MutBorrow.t (MutBorrow.t (t_FMap'0)))-> {[%#sghost34] inv'10 result} - {[%#sghost35] result + [ return' (result:MutBorrow.t (MutBorrow.t (t_FMap'0)))-> {[%#sghost22] inv'5 result} + {[%#sghost23] result = MutBorrow.borrow_logic (self.current).t_GhostBox__0'2 (self.final).t_GhostBox__0'2 (MutBorrow.inherit_id (MutBorrow.get_id self) 1)} (! return' {result}) ] @@ -1645,47 +1645,47 @@ module M_union_find__implementation__qyi1944850640244667852__make [#"union_find. use creusot.prelude.Snapshot function deep_model'0 [#"union_find.rs" 24 8 24 34] (self : t_Element'0) : int = - [%#sunion_find58] addr_logic'0 self.t_Element__0'0 + [%#sunion_find56] addr_logic'0 self.t_Element__0'0 let rec addr'0 (self:t_Element'0) (return' (ret:Snapshot.snap_ty (int)))= any - [ return' (result:Snapshot.snap_ty (int))-> {[%#sunion_find36] Snapshot.inner result = deep_model'0 self} + [ return' (result:Snapshot.snap_ty (int))-> {[%#sunion_find24] Snapshot.inner result = deep_model'0 self} (! return' {result}) ] - predicate inv'19 (_1 : Snapshot.snap_ty (int)) + predicate inv'15 (_1 : Snapshot.snap_ty (int)) - axiom inv_axiom'18 [@rewrite] : forall x : Snapshot.snap_ty (int) [inv'19 x] . inv'19 x = true + axiom inv_axiom'14 [@rewrite] : forall x : Snapshot.snap_ty (int) [inv'15 x] . inv'15 x = true type t_Option'0 = | C_None'0 | C_Some'0 (MutBorrow.t (t_PtrOwn'0)) - predicate invariant'4 (self : MutBorrow.t (t_PtrOwn'0)) = - [%#sinvariant70] inv'8 self.current /\ inv'8 self.final + predicate invariant'2 (self : MutBorrow.t (t_PtrOwn'0)) = + [%#sinvariant74] inv'3 self.current /\ inv'3 self.final - predicate inv'9 (_1 : MutBorrow.t (t_PtrOwn'0)) + predicate inv'4 (_1 : MutBorrow.t (t_PtrOwn'0)) - axiom inv_axiom'8 [@rewrite] : forall x : MutBorrow.t (t_PtrOwn'0) [inv'9 x] . inv'9 x = invariant'4 x + axiom inv_axiom'4 [@rewrite] : forall x : MutBorrow.t (t_PtrOwn'0) [inv'4 x] . inv'4 x = invariant'2 x - predicate inv'20 (_1 : t_Option'0) + predicate inv'16 (_1 : t_Option'0) - axiom inv_axiom'19 [@rewrite] : forall x : t_Option'0 [inv'20 x] . inv'20 x + axiom inv_axiom'15 [@rewrite] : forall x : t_Option'0 [inv'16 x] . inv'16 x = match x with | C_None'0 -> true - | C_Some'0 a_0 -> inv'9 a_0 + | C_Some'0 a_0 -> inv'4 a_0 end use mach.int.Int function len'0 (self : t_FMap'0) : int - axiom len'0_spec : forall self : t_FMap'0 . [%#sfmap63] len'0 self >= 0 + axiom len'0_spec : forall self : t_FMap'0 . [%#sfmap60] len'0 self >= 0 - let rec get_mut_ghost'0 (self:MutBorrow.t (t_FMap'0)) (key:Snapshot.snap_ty (int)) (return' (ret:t_Option'0))= {[@expl:get_mut_ghost 'self' type invariant] [%#sfmap37] inv'18 self} - {[@expl:get_mut_ghost 'key' type invariant] [%#sfmap38] inv'19 key} + let rec get_mut_ghost'0 (self:MutBorrow.t (t_FMap'0)) (key:Snapshot.snap_ty (int)) (return' (ret:t_Option'0))= {[@expl:get_mut_ghost 'self' type invariant] [%#sfmap25] inv'14 self} + {[@expl:get_mut_ghost 'key' type invariant] [%#sfmap26] inv'15 key} any - [ return' (result:t_Option'0)-> {[%#sfmap39] inv'20 result} - {[%#sfmap40] if contains'1 self.current key then + [ return' (result:t_Option'0)-> {[%#sfmap27] inv'16 result} + {[%#sfmap28] if contains'1 self.current key then match result with | C_None'0 -> false | C_Some'0 r -> contains'1 self.final key @@ -1694,9 +1694,9 @@ module M_union_find__implementation__qyi1944850640244667852__make [#"union_find. else result = C_None'0 /\ self.current = self.final } - {[%#sfmap41] forall k : Snapshot.snap_ty (int) . k <> key + {[%#sfmap29] forall k : Snapshot.snap_ty (int) . k <> key -> get_unsized'0 self.current k = get_unsized'0 self.final k} - {[%#sfmap42] len'0 self.current = len'0 self.final} + {[%#sfmap30] len'0 self.current = len'0 self.final} (! return' {result}) ] @@ -1707,261 +1707,125 @@ module M_union_find__implementation__qyi1944850640244667852__make [#"union_find. any) ] - predicate invariant'11 (self : t_PtrOwn'0) = - [%#sinvariant81] inv'8 self + predicate invariant'8 (self : t_PtrOwn'0) = + [%#sinvariant79] inv'3 self - predicate inv'21 (_1 : t_PtrOwn'0) + predicate inv'17 (_1 : t_PtrOwn'0) - axiom inv_axiom'20 [@rewrite] : forall x : t_PtrOwn'0 [inv'21 x] . inv'21 x = invariant'11 x + axiom inv_axiom'16 [@rewrite] : forall x : t_PtrOwn'0 [inv'17 x] . inv'17 x = invariant'8 x - let rec disjoint_lemma'0 (own1:MutBorrow.t (t_PtrOwn'0)) (own2:t_PtrOwn'0) (return' (ret:()))= {[@expl:disjoint_lemma 'own1' type invariant] [%#sptr_own43] inv'9 own1} - {[@expl:disjoint_lemma 'own2' type invariant] [%#sptr_own44] inv'21 own2} + let rec disjoint_lemma'0 (own1:MutBorrow.t (t_PtrOwn'0)) (own2:t_PtrOwn'0) (return' (ret:()))= {[@expl:disjoint_lemma 'own1' type invariant] [%#sptr_own31] inv'4 own1} + {[@expl:disjoint_lemma 'own2' type invariant] [%#sptr_own32] inv'17 own2} any - [ return' (result:())-> {[%#sptr_own45] addr_logic'0 (ptr'0 own1.current) <> addr_logic'0 (ptr'0 own2)} - {[%#sptr_own46] own1.current = own1.final} + [ return' (result:())-> {[%#sptr_own33] addr_logic'0 (ptr'0 own1.current) <> addr_logic'0 (ptr'0 own2)} + {[%#sptr_own34] own1.current = own1.final} (! return' {result}) ] - predicate resolve'8 (self : MutBorrow.t (t_PtrOwn'0)) = - [%#sresolve57] self.final = self.current + predicate resolve'5 (self : MutBorrow.t (t_PtrOwn'0)) = + [%#sresolve61] self.final = self.current - predicate resolve'2 (_1 : MutBorrow.t (t_PtrOwn'0)) = - resolve'8 _1 + predicate resolve'0 (_1 : MutBorrow.t (t_PtrOwn'0)) = + resolve'5 _1 - predicate resolve'9 (self : MutBorrow.t (MutBorrow.t (t_FMap'0))) = - [%#sresolve57] self.final = self.current + predicate resolve'6 (self : MutBorrow.t (MutBorrow.t (t_FMap'0))) = + [%#sresolve61] self.final = self.current - predicate resolve'3 (_1 : MutBorrow.t (MutBorrow.t (t_FMap'0))) = - resolve'9 _1 + predicate resolve'1 (_1 : MutBorrow.t (MutBorrow.t (t_FMap'0))) = + resolve'6 _1 type t_Option'1 = | C_None'1 | C_Some'1 (t_PtrOwn'0) - predicate inv'11 (_1 : t_Option'1) + predicate inv'6 (_1 : t_Option'1) - axiom inv_axiom'10 [@rewrite] : forall x : t_Option'1 [inv'11 x] . inv'11 x + axiom inv_axiom'6 [@rewrite] : forall x : t_Option'1 [inv'6 x] . inv'6 x = match x with | C_None'1 -> true - | C_Some'1 a_0 -> inv'8 a_0 + | C_Some'1 a_0 -> inv'3 a_0 end function make_sized'0 (self : t_PtrOwn'0) : t_PtrOwn'0 - axiom make_sized'0_spec : forall self : t_PtrOwn'0 . [%#sutil76] make_sized'0 self = self + axiom make_sized'0_spec : forall self : t_PtrOwn'0 . [%#sutil75] make_sized'0 self = self use map.Map function insert'1 (self : t_FMap'0) (k : Snapshot.snap_ty (int)) (v : t_PtrOwn'0) : t_FMap'0 - axiom insert'1_spec : forall self : t_FMap'0, k : Snapshot.snap_ty (int), v : t_PtrOwn'0 . ([%#sfmap64] view'0 (insert'1 self k v) + axiom insert'1_spec : forall self : t_FMap'0, k : Snapshot.snap_ty (int), v : t_PtrOwn'0 . ([%#sfmap62] view'0 (insert'1 self k v) = Map.set (view'0 self) k (C_Some'2 (make_sized'0 v))) - && ([%#sfmap65] contains'1 self k -> len'0 (insert'1 self k v) = len'0 self) - && ([%#sfmap66] not contains'1 self k -> len'0 (insert'1 self k v) = len'0 self + 1) + && ([%#sfmap63] contains'1 self k -> len'0 (insert'1 self k v) = len'0 self) + && ([%#sfmap64] not contains'1 self k -> len'0 (insert'1 self k v) = len'0 self + 1) function get'0 [@inline:trivial] (self : t_FMap'0) (k : Snapshot.snap_ty (int)) : t_Option'1 = - [%#sfmap67] match get_unsized'0 self k with + [%#sfmap65] match get_unsized'0 self k with | C_None'2 -> C_None'1 | C_Some'2 x -> C_Some'1 x end - let rec insert_ghost'0 (self:MutBorrow.t (t_FMap'0)) (key:Snapshot.snap_ty (int)) (value:t_PtrOwn'0) (return' (ret:t_Option'1))= {[@expl:insert_ghost 'self' type invariant] [%#sfmap47] inv'18 self} - {[@expl:insert_ghost 'key' type invariant] [%#sfmap48] inv'22 key} - {[@expl:insert_ghost 'value' type invariant] [%#sfmap49] inv'8 value} + let rec insert_ghost'0 (self:MutBorrow.t (t_FMap'0)) (key:Snapshot.snap_ty (int)) (value:t_PtrOwn'0) (return' (ret:t_Option'1))= {[@expl:insert_ghost 'self' type invariant] [%#sfmap35] inv'14 self} + {[@expl:insert_ghost 'key' type invariant] [%#sfmap36] inv'18 key} + {[@expl:insert_ghost 'value' type invariant] [%#sfmap37] inv'3 value} any - [ return' (result:t_Option'1)-> {[%#sfmap50] inv'11 result} - {[%#sfmap51] self.final = insert'1 self.current key value} - {[%#sfmap52] result = get'0 self.current key} + [ return' (result:t_Option'1)-> {[%#sfmap38] inv'6 result} + {[%#sfmap39] self.final = insert'1 self.current key value} + {[%#sfmap40] result = get'0 self.current key} (! return' {result}) ] - predicate resolve'13 (_1 : t_PtrOwn'0) = + predicate resolve'10 (_1 : t_PtrOwn'0) = true - predicate resolve'10 (self : t_Option'1) = - [%#sresolve68] match self with - | C_Some'1 x -> resolve'13 x + predicate resolve'7 (self : t_Option'1) = + [%#sresolve66] match self with + | C_Some'1 x -> resolve'10 x | C_None'1 -> true end - predicate resolve'4 (_1 : t_Option'1) = - resolve'10 _1 + predicate resolve'2 (_1 : t_Option'1) = + resolve'7 _1 - predicate resolve'11 (self : MutBorrow.t (t_GhostBox'2)) = - [%#sresolve57] self.final = self.current + predicate resolve'13 (self : MutBorrow.t (t_FMap'0)) = + [%#sresolve61] self.final = self.current - predicate resolve'5 (_1 : MutBorrow.t (t_GhostBox'2)) = - resolve'11 _1 + predicate resolve'12 (_1 : MutBorrow.t (t_FMap'0)) = + resolve'13 _1 + + predicate resolve'11 (self : MutBorrow.t (t_FMap'0)) = + [%#sresolve76] resolve'12 self + + predicate resolve'8 (self : t_GhostBox'2) = + [%#sghost67] resolve'11 self.t_GhostBox__0'2 - predicate inv'23 (_1 : ()) + predicate resolve'3 (_1 : t_GhostBox'2) = + resolve'8 _1 + + predicate inv'19 (_1 : ()) - axiom inv_axiom'22 [@rewrite] : forall x : () [inv'23 x] . inv'23 x = true + axiom inv_axiom'18 [@rewrite] : forall x : () [inv'19 x] . inv'19 x = true type t_GhostBox'3 = { t_GhostBox__0'3: () } - predicate inv'24 (_1 : t_GhostBox'3) + predicate inv'20 (_1 : t_GhostBox'3) - axiom inv_axiom'23 [@rewrite] : forall x : t_GhostBox'3 [inv'24 x] . inv'24 x = true + axiom inv_axiom'19 [@rewrite] : forall x : t_GhostBox'3 [inv'20 x] . inv'20 x = true - let rec new'1 (x:()) (return' (ret:t_GhostBox'3))= {[@expl:new 'x' type invariant] [%#sghost53] inv'23 x} + let rec new'1 (x:()) (return' (ret:t_GhostBox'3))= {[@expl:new 'x' type invariant] [%#sghost41] inv'19 x} any - [ return' (result:t_GhostBox'3)-> {[%#sghost54] inv'24 result} - {[%#sghost55] result.t_GhostBox__0'3 = x} + [ return' (result:t_GhostBox'3)-> {[%#sghost42] inv'20 result} + {[%#sghost43] result.t_GhostBox__0'3 = x} (! return' {result}) ] - use creusot.prelude.Intrinsic - - type closure5'1 = - { field_0'0: t_GhostBox'0; field_1'0: MutBorrow.t (t_GhostBox'2); field_2'0: t_Element'0 } - - predicate inv'13 (_1 : closure5'1) - - axiom inv_axiom'12 [@rewrite] : forall x : closure5'1 [inv'13 x] . inv'13 x - = (let {field_0'0 = x0 ; field_1'0 = x1 ; field_2'0 = x2} = x in inv'17 x0 /\ inv'12 x1) - - let rec closure5'0[#"union_find.rs" 181 12 188 13] [@coma:extspec] (_1:closure5'1) (return' (ret:t_GhostBox'3))= bb0 - [ bb0 = s0 [ s0 = into_inner'0 {_1.field_0'0} (fun (_ret':t_PtrOwn'0) -> [ &perm <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 - [ s0 = {inv'1 (_1.field_1'0).current} - MutBorrow.borrow_mut {(_1.field_1'0).current} - (fun (_ret':MutBorrow.t (t_GhostBox'2)) -> - [ &_9 <- _ret' ] - -{inv'1 _ret'.final}- - [ &_1 <- { _1 with field_1'0 = { _1.field_1'0 with current = _ret'.final } } ] - s1) - | s1 = deref_mut'0 {_9} (fun (_ret':MutBorrow.t (MutBorrow.t (t_FMap'0))) -> [ &_8 <- _ret' ] s2) - | s2 = bb2 ] - - | bb2 = s0 - [ s0 = {inv'7 (_8.current).current} - MutBorrow.borrow_mut {(_8.current).current} - (fun (_ret':MutBorrow.t (t_FMap'0)) -> - [ &_7 <- _ret' ] - -{inv'7 _ret'.final}- - [ &_8 <- { _8 with current = { _8.current with current = _ret'.final } } ] - s1) - | s1 = addr'0 {_1.field_2'0} (fun (_ret':Snapshot.snap_ty (int)) -> [ &_12 <- _ret' ] s2) - | s2 = bb3 ] - - | bb3 = s0 - [ s0 = [ &_11 <- _12 ] s1 - | s1 = get_mut_ghost'0 {_7} {_11} (fun (_ret':t_Option'0) -> [ &_6 <- _ret' ] s2) - | s2 = bb4 ] - - | bb4 = any [ br0 -> {_6 = C_None'0 } (! bb6) | br1 (x0:MutBorrow.t (t_PtrOwn'0))-> {_6 = C_Some'0 x0} (! bb7) ] - | bb7 = s0 - [ s0 = v_Some'0 {_6} (fun (r0'0:MutBorrow.t (t_PtrOwn'0)) -> [ &other_perm <- r0'0 ] s1) - | s1 = {inv'8 other_perm.current} - MutBorrow.borrow_final {other_perm.current} {MutBorrow.get_id other_perm} - (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> - [ &_16 <- _ret' ] - -{inv'8 _ret'.final}- - [ &other_perm <- { other_perm with current = _ret'.final } ] - s2) - | s2 = [ &_18 <- perm ] s3 - | s3 = disjoint_lemma'0 {_16} {_18} (fun (_ret':()) -> [ &_5 <- _ret' ] s4) - | s4 = bb9 ] - - | bb9 = s0 - [ s0 = {[@expl:type invariant] inv'9 other_perm} s1 - | s1 = -{resolve'2 other_perm}- s2 - | s2 = {[@expl:type invariant] inv'10 _8} s3 - | s3 = -{resolve'3 _8}- s4 - | s4 = bb10 ] - - | bb6 = bb8 - | bb8 = s0 [ s0 = {[@expl:type invariant] inv'10 _8} s1 | s1 = -{resolve'3 _8}- s2 | s2 = bb10 ] - | bb10 = s0 - [ s0 = {inv'1 (_1.field_1'0).current} - MutBorrow.borrow_final {(_1.field_1'0).current} {MutBorrow.get_id _1.field_1'0} - (fun (_ret':MutBorrow.t (t_GhostBox'2)) -> - [ &_22 <- _ret' ] - -{inv'1 _ret'.final}- - [ &_1 <- { _1 with field_1'0 = { _1.field_1'0 with current = _ret'.final } } ] - s1) - | s1 = deref_mut'0 {_22} (fun (_ret':MutBorrow.t (MutBorrow.t (t_FMap'0))) -> [ &_21 <- _ret' ] s2) - | s2 = bb11 ] - - | bb11 = s0 - [ s0 = {inv'7 (_21.current).current} - MutBorrow.borrow_mut {(_21.current).current} - (fun (_ret':MutBorrow.t (t_FMap'0)) -> - [ &_20 <- _ret' ] - -{inv'7 _ret'.final}- - [ &_21 <- { _21 with current = { _21.current with current = _ret'.final } } ] - s1) - | s1 = addr'0 {_1.field_2'0} (fun (_ret':Snapshot.snap_ty (int)) -> [ &_23 <- _ret' ] s2) - | s2 = bb12 ] - - | bb12 = s0 - [ s0 = insert_ghost'0 {_20} {_23} {perm} (fun (_ret':t_Option'1) -> [ &_19 <- _ret' ] s1) - | s1 = {[@expl:type invariant] inv'11 _19} s2 - | s2 = -{resolve'4 _19}- s3 - | s3 = bb13 ] - - | bb13 = s0 - [ s0 = {[@expl:type invariant] inv'10 _21} s1 - | s1 = -{resolve'3 _21}- s2 - | s2 = {[@expl:type invariant] match _1 with - | {field_1'0 = x'2} -> inv'12 x'2 - | _ -> true - end} - s3 - | s3 = -{match _1 with - | {field_1'0 = x'3} -> resolve'5 x'3 - | _ -> true - end}- - s4 - | s4 = new'1 {_2} (fun (_ret':t_GhostBox'3) -> [ &_0 <- _ret' ] s5) - | s5 = bb14 ] - - | bb14 = bb15 - | bb15 = return' {_0} ] - - [ & _0 : t_GhostBox'3 = Intrinsic.any_l () - | & _1 : closure5'1 = _1 - | & _2 : () = Intrinsic.any_l () - | & perm : t_PtrOwn'0 = Intrinsic.any_l () - | & _5 : () = Intrinsic.any_l () - | & _6 : t_Option'0 = Intrinsic.any_l () - | & _7 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () - | & _8 : MutBorrow.t (MutBorrow.t (t_FMap'0)) = Intrinsic.any_l () - | & _9 : MutBorrow.t (t_GhostBox'2) = Intrinsic.any_l () - | & _11 : Snapshot.snap_ty (int) = Intrinsic.any_l () - | & _12 : Snapshot.snap_ty (int) = Intrinsic.any_l () - | & other_perm : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () - | & _16 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () - | & _18 : t_PtrOwn'0 = Intrinsic.any_l () - | & _19 : t_Option'1 = Intrinsic.any_l () - | & _20 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () - | & _21 : MutBorrow.t (MutBorrow.t (t_FMap'0)) = Intrinsic.any_l () - | & _22 : MutBorrow.t (t_GhostBox'2) = Intrinsic.any_l () - | & _23 : Snapshot.snap_ty (int) = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'3)-> return' {result} ] - - predicate resolve'15 (self : MutBorrow.t (t_FMap'0)) = - [%#sresolve57] self.final = self.current - - predicate resolve'14 (_1 : MutBorrow.t (t_FMap'0)) = - resolve'15 _1 - - predicate resolve'12 (self : MutBorrow.t (t_FMap'0)) = - [%#sresolve69] resolve'14 self - - predicate resolve'6 (self : t_GhostBox'2) = - [%#sghost56] resolve'12 self.t_GhostBox__0'2 - - predicate resolve'0 (_1 : t_GhostBox'2) = - resolve'6 _1 - use creusot.prelude.Snapshot use set.Fset function insert'0 [@inline:trivial] (self : Fset.fset (t_Element'0)) (e : t_Element'0) : Fset.fset (t_Element'0) = - [%#sfset18] Fset.add e self + [%#sfset44] Fset.add e self use creusot.prelude.Snapshot @@ -1988,10 +1852,10 @@ module M_union_find__implementation__qyi1944850640244667852__make [#"union_find. use set.Fset predicate contains'0 [@inline:trivial] (self : Fset.fset (t_Element'0)) (e : t_Element'0) = - [%#sfset22] Fset.mem e self + [%#sfset48] Fset.mem e self function inner_logic'1 (self : t_GhostBox'1) : t_FMap'0 = - [%#sghost29] self.t_GhostBox__0'1 + [%#sghost55] self.t_GhostBox__0'1 use creusot.prelude.Snapshot @@ -2007,20 +1871,20 @@ module M_union_find__implementation__qyi1944850640244667852__make [#"union_find. use map.Map function index_logic'1 (self : Map.map (t_Element'0) t_T'0) (a : t_Element'0) : t_T'0 = - [%#smapping59] Map.get self a + [%#smapping68] Map.get self a use map.Map function index_logic'0 (self : Map.map (t_Element'0) (t_Element'0)) (a : t_Element'0) : t_Element'0 = - [%#smapping59] Map.get self a + [%#smapping68] Map.get self a use map.Map function index_logic'2 (self : Map.map (t_Element'0) (int)) (a : t_Element'0) : int = - [%#smapping59] Map.get self a + [%#smapping68] Map.get self a - predicate invariant'7 [@inline:trivial] [#"union_find.rs" 84 8 84 34] (self : t_UnionFind'0) = - [%#sunion_find77] let domain = self.t_UnionFind__domain'0 in (forall e1 : t_Element'0, e2 : t_Element'0 . contains'0 (Snapshot.inner domain) e1 + predicate invariant'9 [@inline:trivial] [#"union_find.rs" 84 8 84 34] (self : t_UnionFind'0) = + [%#sunion_find80] let domain = self.t_UnionFind__domain'0 in (forall e1 : t_Element'0, e2 : t_Element'0 . contains'0 (Snapshot.inner domain) e1 /\ contains'0 (Snapshot.inner domain) e2 /\ deep_model'0 e1 = deep_model'0 e2 -> e1 = e2) /\ (forall e : t_Element'0 . contains'0 (Snapshot.inner domain) e -> contains'1 (inner_logic'1 self.t_UnionFind__map'0) (Snapshot.new (deep_model'0 e))) @@ -2058,54 +1922,56 @@ module M_union_find__implementation__qyi1944850640244667852__make [#"union_find. | C_Link'0 _ -> false end) - predicate inv'14 (_1 : t_UnionFind'0) + predicate inv'21 (_1 : t_UnionFind'0) - axiom inv_axiom'13 [@rewrite] : forall x : t_UnionFind'0 [inv'14 x] . inv'14 x - = (invariant'7 x + axiom inv_axiom'20 [@rewrite] : forall x : t_UnionFind'0 [inv'21 x] . inv'21 x + = (invariant'9 x /\ match x with | {t_UnionFind__domain'0 = domain ; t_UnionFind__map'0 = map ; t_UnionFind__values'0 = values ; t_UnionFind__distance'0 = distance ; t_UnionFind__root_of'0 = root_of ; t_UnionFind__max_depth'0 = max_depth} -> inv'0 map end) - predicate invariant'0 (self : MutBorrow.t (t_UnionFind'0)) = - [%#sinvariant70] inv'14 self.current /\ inv'14 self.final + predicate invariant'4 (self : MutBorrow.t (t_UnionFind'0)) = + [%#sinvariant74] inv'21 self.current /\ inv'21 self.final - predicate inv'2 (_1 : MutBorrow.t (t_UnionFind'0)) + predicate inv'7 (_1 : MutBorrow.t (t_UnionFind'0)) - axiom inv_axiom'2 [@rewrite] : forall x : MutBorrow.t (t_UnionFind'0) [inv'2 x] . inv'2 x = invariant'0 x + axiom inv_axiom'7 [@rewrite] : forall x : MutBorrow.t (t_UnionFind'0) [inv'7 x] . inv'7 x = invariant'4 x - predicate resolve'7 (self : MutBorrow.t (t_UnionFind'0)) = - [%#sresolve57] self.final = self.current + predicate resolve'9 (self : MutBorrow.t (t_UnionFind'0)) = + [%#sresolve61] self.final = self.current - predicate resolve'1 (_1 : MutBorrow.t (t_UnionFind'0)) = - resolve'7 _1 + predicate resolve'4 (_1 : MutBorrow.t (t_UnionFind'0)) = + resolve'9 _1 + + use creusot.prelude.Intrinsic use creusot.prelude.Snapshot function domain'0 [#"union_find.rs" 136 8 136 47] (self : t_UnionFind'0) : Fset.fset (t_Element'0) = - [%#sunion_find21] Snapshot.inner self.t_UnionFind__domain'0 + [%#sunion_find47] Snapshot.inner self.t_UnionFind__domain'0 - axiom domain'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find19] inv'14 self) - -> ([%#sunion_find20] forall e1 : t_Element'0, e2 : t_Element'0 . contains'0 (domain'0 self) e1 + axiom domain'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find45] inv'21 self) + -> ([%#sunion_find46] forall e1 : t_Element'0, e2 : t_Element'0 . contains'0 (domain'0 self) e1 /\ contains'0 (domain'0 self) e2 /\ deep_model'0 e1 = deep_model'0 e2 -> e1 = e2) function root_of'0 [#"union_find.rs" 148 8 148 63] (self : t_UnionFind'0) : Map.map (t_Element'0) (t_Element'0) = - [%#sunion_find25] Snapshot.inner self.t_UnionFind__root_of'0 + [%#sunion_find51] Snapshot.inner self.t_UnionFind__root_of'0 - axiom root_of'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find23] inv'14 self) - -> ([%#sunion_find24] forall e : t_Element'0 . contains'0 (Snapshot.inner self.t_UnionFind__domain'0) e + axiom root_of'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find49] inv'21 self) + -> ([%#sunion_find50] forall e : t_Element'0 . contains'0 (Snapshot.inner self.t_UnionFind__domain'0) e -> index_logic'0 (root_of'0 self) e = index_logic'0 (root_of'0 self) (index_logic'0 (root_of'0 self) e)) function values'0 [#"union_find.rs" 157 8 157 53] (self : t_UnionFind'0) : Map.map (t_Element'0) t_T'0 = - [%#sunion_find28] Snapshot.inner self.t_UnionFind__values'0 + [%#sunion_find54] Snapshot.inner self.t_UnionFind__values'0 - axiom values'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find26] inv'14 self) - -> ([%#sunion_find27] forall e : t_Element'0 . contains'0 (Snapshot.inner self.t_UnionFind__domain'0) e + axiom values'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find52] inv'21 self) + -> ([%#sunion_find53] forall e : t_Element'0 . contains'0 (Snapshot.inner self.t_UnionFind__domain'0) e -> index_logic'1 (values'0 self) e = index_logic'1 (values'0 self) (index_logic'0 (root_of'0 self) e)) meta "compute_max_steps" 1000000 - let rec make'0[#"union_find.rs" 176 8 176 54] (self:MutBorrow.t (t_UnionFind'0)) (value:t_T'0) (return' (ret:t_Element'0))= {[@expl:make 'self' type invariant] [%#sunion_find6] inv'2 self} - {[@expl:make 'value' type invariant] [%#sunion_find7] inv'3 value} + let rec make'0[#"union_find.rs" 176 8 176 54] (self:MutBorrow.t (t_UnionFind'0)) (value:t_T'0) (return' (ret:t_Element'0))= {[@expl:make 'self' type invariant] [%#sunion_find6] inv'7 self} + {[@expl:make 'value' type invariant] [%#sunion_find7] inv'8 value} (! bb0 [ bb0 = bb1 | bb1 = s0 [ s0 = [ &value_snap <- [%#sunion_find0] Snapshot.new value ] s1 | s1 = bb2 ] @@ -2129,60 +1995,137 @@ module M_union_find__implementation__qyi1944850640244667852__make [#"union_find. | s2 = borrow_mut'0 {_17} (fun (_ret':t_GhostBox'2) -> [ &map <- _ret' ] s3) | s3 = bb6 ] - | bb6 = s0 + | bb6 = s0 [ s0 = into_inner'0 {perm} (fun (_ret':t_PtrOwn'0) -> [ &perm1 <- _ret' ] s1) | s1 = bb7 ] + | bb7 = s0 [ s0 = {inv'1 map} MutBorrow.borrow_mut {map} (fun (_ret':MutBorrow.t (t_GhostBox'2)) -> - [ &_20 <- _ret' ] + [ &_26 <- _ret' ] -{inv'1 _ret'.final}- [ &map <- _ret'.final ] s1) - | s1 = [ &_19 <- { field_0'0 = perm; field_1'0 = _20; field_2'0 = element } ] s2 - | s2 = closure5'0 {_19} (fun (_ret':t_GhostBox'3) -> [ &_18 <- _ret' ] s3) - | s3 = bb7 ] + | s1 = deref_mut'0 {_26} (fun (_ret':MutBorrow.t (MutBorrow.t (t_FMap'0))) -> [ &_25 <- _ret' ] s2) + | s2 = bb8 ] - | bb7 = s0 [ s0 = {[@expl:type invariant] inv'1 map} s1 | s1 = -{resolve'0 map}- s2 | s2 = bb8 ] | bb8 = s0 + [ s0 = {inv'2 (_25.current).current} + MutBorrow.borrow_mut {(_25.current).current} + (fun (_ret':MutBorrow.t (t_FMap'0)) -> + [ &_24 <- _ret' ] + -{inv'2 _ret'.final}- + [ &_25 <- { _25 with current = { _25.current with current = _ret'.final } } ] + s1) + | s1 = addr'0 {element} (fun (_ret':Snapshot.snap_ty (int)) -> [ &_29 <- _ret' ] s2) + | s2 = bb9 ] + + | bb9 = s0 + [ s0 = [ &_28 <- _29 ] s1 + | s1 = get_mut_ghost'0 {_24} {_28} (fun (_ret':t_Option'0) -> [ &_23 <- _ret' ] s2) + | s2 = bb10 ] + + | bb10 = any + [ br0 -> {_23 = C_None'0 } (! bb12) | br1 (x0:MutBorrow.t (t_PtrOwn'0))-> {_23 = C_Some'0 x0} (! bb13) ] + + | bb13 = s0 + [ s0 = v_Some'0 {_23} (fun (r0'0:MutBorrow.t (t_PtrOwn'0)) -> [ &other_perm <- r0'0 ] s1) + | s1 = {inv'3 other_perm.current} + MutBorrow.borrow_final {other_perm.current} {MutBorrow.get_id other_perm} + (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> + [ &_33 <- _ret' ] + -{inv'3 _ret'.final}- + [ &other_perm <- { other_perm with current = _ret'.final } ] + s2) + | s2 = [ &_35 <- perm1 ] s3 + | s3 = disjoint_lemma'0 {_33} {_35} (fun (_ret':()) -> [ &_22 <- _ret' ] s4) + | s4 = bb15 ] + + | bb15 = s0 + [ s0 = {[@expl:type invariant] inv'4 other_perm} s1 + | s1 = -{resolve'0 other_perm}- s2 + | s2 = {[@expl:type invariant] inv'5 _25} s3 + | s3 = -{resolve'1 _25}- s4 + | s4 = bb16 ] + + | bb12 = bb14 + | bb14 = s0 [ s0 = {[@expl:type invariant] inv'5 _25} s1 | s1 = -{resolve'1 _25}- s2 | s2 = bb16 ] + | bb16 = s0 + [ s0 = {inv'1 map} + MutBorrow.borrow_mut {map} + (fun (_ret':MutBorrow.t (t_GhostBox'2)) -> + [ &_39 <- _ret' ] + -{inv'1 _ret'.final}- + [ &map <- _ret'.final ] + s1) + | s1 = deref_mut'0 {_39} (fun (_ret':MutBorrow.t (MutBorrow.t (t_FMap'0))) -> [ &_38 <- _ret' ] s2) + | s2 = bb17 ] + + | bb17 = s0 + [ s0 = {inv'2 (_38.current).current} + MutBorrow.borrow_mut {(_38.current).current} + (fun (_ret':MutBorrow.t (t_FMap'0)) -> + [ &_37 <- _ret' ] + -{inv'2 _ret'.final}- + [ &_38 <- { _38 with current = { _38.current with current = _ret'.final } } ] + s1) + | s1 = addr'0 {element} (fun (_ret':Snapshot.snap_ty (int)) -> [ &_40 <- _ret' ] s2) + | s2 = bb18 ] + + | bb18 = s0 + [ s0 = insert_ghost'0 {_37} {_40} {perm1} (fun (_ret':t_Option'1) -> [ &_36 <- _ret' ] s1) + | s1 = {[@expl:type invariant] inv'6 _36} s2 + | s2 = -{resolve'2 _36}- s3 + | s3 = bb19 ] + + | bb19 = s0 + [ s0 = {[@expl:type invariant] inv'5 _38} s1 + | s1 = -{resolve'1 _38}- s2 + | s2 = {[@expl:type invariant] inv'1 map} s3 + | s3 = -{resolve'3 map}- s4 + | s4 = new'1 {_19} (fun (_ret':t_GhostBox'3) -> [ &_18 <- _ret' ] s5) + | s5 = bb20 ] + + | bb20 = bb21 + | bb21 = s0 [ s0 = - [ &_23 <- [%#sunion_find2] Snapshot.new (insert'0 (Snapshot.inner (self.current).t_UnionFind__domain'0) element) ] + [ &_43 <- [%#sunion_find2] Snapshot.new (insert'0 (Snapshot.inner (self.current).t_UnionFind__domain'0) element) ] s1 - | s1 = bb9 ] + | s1 = bb22 ] - | bb9 = s0 - [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__domain'0 = _23 } } ] s1 + | bb22 = s0 + [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__domain'0 = _43 } } ] s1 | s1 = - [ &_25 <- [%#sunion_find3] Snapshot.new (Map.set (Snapshot.inner (self.current).t_UnionFind__values'0) element (Snapshot.inner value_snap)) ] + [ &_45 <- [%#sunion_find3] Snapshot.new (Map.set (Snapshot.inner (self.current).t_UnionFind__values'0) element (Snapshot.inner value_snap)) ] s2 - | s2 = bb10 ] + | s2 = bb23 ] - | bb10 = s0 - [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__values'0 = _25 } } ] s1 + | bb23 = s0 + [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__values'0 = _45 } } ] s1 | s1 = - [ &_27 <- [%#sunion_find4] Snapshot.new (Map.set (Snapshot.inner (self.current).t_UnionFind__distance'0) element 0) ] + [ &_47 <- [%#sunion_find4] Snapshot.new (Map.set (Snapshot.inner (self.current).t_UnionFind__distance'0) element 0) ] s2 - | s2 = bb11 ] + | s2 = bb24 ] - | bb11 = s0 - [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__distance'0 = _27 } } ] s1 + | bb24 = s0 + [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__distance'0 = _47 } } ] s1 | s1 = - [ &_29 <- [%#sunion_find5] Snapshot.new (Map.set (Snapshot.inner (self.current).t_UnionFind__root_of'0) element element) ] + [ &_49 <- [%#sunion_find5] Snapshot.new (Map.set (Snapshot.inner (self.current).t_UnionFind__root_of'0) element element) ] s2 - | s2 = bb12 ] + | s2 = bb25 ] - | bb12 = s0 - [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__root_of'0 = _29 } } ] s1 - | s1 = {[@expl:type invariant] inv'2 self} s2 - | s2 = -{resolve'1 self}- s3 + | bb25 = s0 + [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__root_of'0 = _49 } } ] s1 + | s1 = {[@expl:type invariant] inv'7 self} s2 + | s2 = -{resolve'4 self}- s3 | s3 = [ &_0 <- element ] s4 - | s4 = bb13 ] + | s4 = bb26 ] - | bb13 = bb14 - | bb14 = bb15 - | bb15 = return' {_0} ] + | bb26 = bb27 + | bb27 = bb28 + | bb28 = return' {_0} ] ) [ & _0 : t_Element'0 = Intrinsic.any_l () | & self : MutBorrow.t (t_UnionFind'0) = self @@ -2196,13 +2139,27 @@ module M_union_find__implementation__qyi1944850640244667852__make [#"union_find. | & map : t_GhostBox'2 = Intrinsic.any_l () | & _17 : MutBorrow.t (t_GhostBox'1) = Intrinsic.any_l () | & _18 : t_GhostBox'3 = Intrinsic.any_l () - | & _19 : closure5'1 = Intrinsic.any_l () - | & _20 : MutBorrow.t (t_GhostBox'2) = Intrinsic.any_l () + | & _19 : () = Intrinsic.any_l () + | & perm1 : t_PtrOwn'0 = Intrinsic.any_l () | & _22 : () = Intrinsic.any_l () - | & _23 : Snapshot.snap_ty (Fset.fset (t_Element'0)) = Intrinsic.any_l () - | & _25 : Snapshot.snap_ty (Map.map (t_Element'0) t_T'0) = Intrinsic.any_l () - | & _27 : Snapshot.snap_ty (Map.map (t_Element'0) (int)) = Intrinsic.any_l () - | & _29 : Snapshot.snap_ty (Map.map (t_Element'0) (t_Element'0)) = Intrinsic.any_l () ] + | & _23 : t_Option'0 = Intrinsic.any_l () + | & _24 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () + | & _25 : MutBorrow.t (MutBorrow.t (t_FMap'0)) = Intrinsic.any_l () + | & _26 : MutBorrow.t (t_GhostBox'2) = Intrinsic.any_l () + | & _28 : Snapshot.snap_ty (int) = Intrinsic.any_l () + | & _29 : Snapshot.snap_ty (int) = Intrinsic.any_l () + | & other_perm : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () + | & _33 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () + | & _35 : t_PtrOwn'0 = Intrinsic.any_l () + | & _36 : t_Option'1 = Intrinsic.any_l () + | & _37 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () + | & _38 : MutBorrow.t (MutBorrow.t (t_FMap'0)) = Intrinsic.any_l () + | & _39 : MutBorrow.t (t_GhostBox'2) = Intrinsic.any_l () + | & _40 : Snapshot.snap_ty (int) = Intrinsic.any_l () + | & _43 : Snapshot.snap_ty (Fset.fset (t_Element'0)) = Intrinsic.any_l () + | & _45 : Snapshot.snap_ty (Map.map (t_Element'0) t_T'0) = Intrinsic.any_l () + | & _47 : Snapshot.snap_ty (Map.map (t_Element'0) (int)) = Intrinsic.any_l () + | & _49 : Snapshot.snap_ty (Map.map (t_Element'0) (t_Element'0)) = Intrinsic.any_l () ] [ return' (result:t_Element'0)-> {[@expl:make ensures #0] [%#sunion_find8] not contains'0 (domain'0 self.current) result} {[@expl:make ensures #1] [%#sunion_find9] domain'0 self.final = insert'0 (domain'0 self.current) result} @@ -2221,77 +2178,75 @@ module M_union_find__implementation__qyi1944850640244667852__find_inner [#"union let%span sghost6 = "../../../creusot-contracts/src/ghost.rs" 127 19 127 23 let%span sghost7 = "../../../creusot-contracts/src/ghost.rs" 127 4 127 40 let%span sghost8 = "../../../creusot-contracts/src/ghost.rs" 126 14 126 35 - let%span sunion_find9 = "union_find.rs" 205 23 205 67 - let%span sptr_own10 = "../../../creusot-contracts/src/ptr_own.rs" 71 34 71 37 - let%span sptr_own11 = "../../../creusot-contracts/src/ptr_own.rs" 68 15 68 31 - let%span sptr_own12 = "../../../creusot-contracts/src/ptr_own.rs" 71 4 71 66 - let%span sptr_own13 = "../../../creusot-contracts/src/ptr_own.rs" 69 14 69 35 - let%span sghost14 = "../../../creusot-contracts/src/ghost.rs" 141 27 141 31 - let%span sghost15 = "../../../creusot-contracts/src/ghost.rs" 141 4 141 52 - let%span sghost16 = "../../../creusot-contracts/src/ghost.rs" 140 14 140 39 - let%span sunion_find17 = "union_find.rs" 213 35 213 83 - let%span sptr_own18 = "../../../creusot-contracts/src/ptr_own.rs" 83 34 83 37 - let%span sptr_own19 = "../../../creusot-contracts/src/ptr_own.rs" 78 15 78 31 - let%span sptr_own20 = "../../../creusot-contracts/src/ptr_own.rs" 83 4 83 74 - let%span sptr_own21 = "../../../creusot-contracts/src/ptr_own.rs" 79 14 79 35 - let%span sptr_own22 = "../../../creusot-contracts/src/ptr_own.rs" 81 14 81 53 - let%span sptr_own23 = "../../../creusot-contracts/src/ptr_own.rs" 82 14 82 52 - let%span sunion_find24 = "union_find.rs" 134 19 134 28 - let%span sunion_find25 = "union_find.rs" 135 18 135 150 - let%span sunion_find26 = "union_find.rs" 132 8 132 16 - let%span sfset27 = "../../../creusot-contracts/src/logic/fset.rs" 47 8 47 26 - let%span sunion_find28 = "union_find.rs" 146 19 146 28 - let%span sunion_find29 = "union_find.rs" 147 18 147 98 - let%span sunion_find30 = "union_find.rs" 144 8 144 16 - let%span smapping31 = "../../../creusot-contracts/src/logic/mapping.rs" 60 8 60 19 - let%span sunion_find32 = "union_find.rs" 166 16 168 52 - let%span sghost33 = "../../../creusot-contracts/src/ghost.rs" 69 14 69 18 - let%span sghost34 = "../../../creusot-contracts/src/ghost.rs" 69 4 69 36 - let%span sghost35 = "../../../creusot-contracts/src/ghost.rs" 68 14 68 35 - let%span sunion_find36 = "union_find.rs" 31 18 31 46 - let%span sfmap37 = "../../../creusot-contracts/src/logic/fmap.rs" 315 22 315 26 - let%span sfmap38 = "../../../creusot-contracts/src/logic/fmap.rs" 315 28 315 31 - let%span sfmap39 = "../../../creusot-contracts/src/logic/fmap.rs" 315 4 315 50 - let%span sfmap40 = "../../../creusot-contracts/src/logic/fmap.rs" 307 4 314 11 - let%span soption41 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span sghost42 = "../../../creusot-contracts/src/ghost.rs" 185 15 185 16 - let%span sghost43 = "../../../creusot-contracts/src/ghost.rs" 185 4 185 28 - let%span sghost44 = "../../../creusot-contracts/src/ghost.rs" 183 14 183 28 - let%span sghost45 = "../../../creusot-contracts/src/ghost.rs" 108 4 108 27 - let%span sghost46 = "../../../creusot-contracts/src/ghost.rs" 228 9 228 15 - let%span sghost47 = "../../../creusot-contracts/src/ghost.rs" 85 22 85 26 - let%span sghost48 = "../../../creusot-contracts/src/ghost.rs" 85 4 85 48 - let%span sghost49 = "../../../creusot-contracts/src/ghost.rs" 84 14 84 36 - let%span sfmap50 = "../../../creusot-contracts/src/logic/fmap.rs" 349 30 349 34 - let%span sfmap51 = "../../../creusot-contracts/src/logic/fmap.rs" 349 36 349 39 - let%span sfmap52 = "../../../creusot-contracts/src/logic/fmap.rs" 349 4 349 62 - let%span sfmap53 = "../../../creusot-contracts/src/logic/fmap.rs" 337 4 346 11 - let%span sfmap54 = "../../../creusot-contracts/src/logic/fmap.rs" 347 14 347 89 - let%span sfmap55 = "../../../creusot-contracts/src/logic/fmap.rs" 348 14 348 44 - let%span sresolve56 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sunion_find57 = "union_find.rs" 22 8 22 16 - let%span sunion_find58 = "union_find.rs" 155 19 155 28 - let%span sunion_find59 = "union_find.rs" 156 18 156 106 - let%span sunion_find60 = "union_find.rs" 153 8 153 16 - let%span sfmap61 = "../../../creusot-contracts/src/logic/fmap.rs" 133 8 133 35 - let%span sfmap62 = "../../../creusot-contracts/src/logic/fmap.rs" 125 8 125 35 + let%span sghost9 = "../../../creusot-contracts/src/ghost.rs" 69 14 69 18 + let%span sghost10 = "../../../creusot-contracts/src/ghost.rs" 69 4 69 36 + let%span sghost11 = "../../../creusot-contracts/src/ghost.rs" 68 14 68 35 + let%span sunion_find12 = "union_find.rs" 31 18 31 46 + let%span sfmap13 = "../../../creusot-contracts/src/logic/fmap.rs" 315 22 315 26 + let%span sfmap14 = "../../../creusot-contracts/src/logic/fmap.rs" 315 28 315 31 + let%span sfmap15 = "../../../creusot-contracts/src/logic/fmap.rs" 315 4 315 50 + let%span sfmap16 = "../../../creusot-contracts/src/logic/fmap.rs" 307 4 314 11 + let%span soption17 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 + let%span sghost18 = "../../../creusot-contracts/src/ghost.rs" 185 15 185 16 + let%span sghost19 = "../../../creusot-contracts/src/ghost.rs" 185 4 185 28 + let%span sghost20 = "../../../creusot-contracts/src/ghost.rs" 183 14 183 28 + let%span sptr_own21 = "../../../creusot-contracts/src/ptr_own.rs" 71 34 71 37 + let%span sptr_own22 = "../../../creusot-contracts/src/ptr_own.rs" 68 15 68 31 + let%span sptr_own23 = "../../../creusot-contracts/src/ptr_own.rs" 71 4 71 66 + let%span sptr_own24 = "../../../creusot-contracts/src/ptr_own.rs" 69 14 69 35 + let%span sghost25 = "../../../creusot-contracts/src/ghost.rs" 141 27 141 31 + let%span sghost26 = "../../../creusot-contracts/src/ghost.rs" 141 4 141 52 + let%span sghost27 = "../../../creusot-contracts/src/ghost.rs" 140 14 140 39 + let%span sghost28 = "../../../creusot-contracts/src/ghost.rs" 85 22 85 26 + let%span sghost29 = "../../../creusot-contracts/src/ghost.rs" 85 4 85 48 + let%span sghost30 = "../../../creusot-contracts/src/ghost.rs" 84 14 84 36 + let%span sfmap31 = "../../../creusot-contracts/src/logic/fmap.rs" 349 30 349 34 + let%span sfmap32 = "../../../creusot-contracts/src/logic/fmap.rs" 349 36 349 39 + let%span sfmap33 = "../../../creusot-contracts/src/logic/fmap.rs" 349 4 349 62 + let%span sfmap34 = "../../../creusot-contracts/src/logic/fmap.rs" 337 4 346 11 + let%span sfmap35 = "../../../creusot-contracts/src/logic/fmap.rs" 347 14 347 89 + let%span sfmap36 = "../../../creusot-contracts/src/logic/fmap.rs" 348 14 348 44 + let%span sptr_own37 = "../../../creusot-contracts/src/ptr_own.rs" 83 34 83 37 + let%span sptr_own38 = "../../../creusot-contracts/src/ptr_own.rs" 78 15 78 31 + let%span sptr_own39 = "../../../creusot-contracts/src/ptr_own.rs" 83 4 83 74 + let%span sptr_own40 = "../../../creusot-contracts/src/ptr_own.rs" 79 14 79 35 + let%span sptr_own41 = "../../../creusot-contracts/src/ptr_own.rs" 81 14 81 53 + let%span sptr_own42 = "../../../creusot-contracts/src/ptr_own.rs" 82 14 82 52 + let%span sunion_find43 = "union_find.rs" 134 19 134 28 + let%span sunion_find44 = "union_find.rs" 135 18 135 150 + let%span sunion_find45 = "union_find.rs" 132 8 132 16 + let%span sfset46 = "../../../creusot-contracts/src/logic/fset.rs" 47 8 47 26 + let%span sunion_find47 = "union_find.rs" 146 19 146 28 + let%span sunion_find48 = "union_find.rs" 147 18 147 98 + let%span sunion_find49 = "union_find.rs" 144 8 144 16 + let%span smapping50 = "../../../creusot-contracts/src/logic/mapping.rs" 60 8 60 19 + let%span sunion_find51 = "union_find.rs" 166 16 168 52 + let%span sghost52 = "../../../creusot-contracts/src/ghost.rs" 108 4 108 27 + let%span sunion_find53 = "union_find.rs" 22 8 22 16 + let%span sfmap54 = "../../../creusot-contracts/src/logic/fmap.rs" 133 8 133 35 + let%span sfmap55 = "../../../creusot-contracts/src/logic/fmap.rs" 125 8 125 35 + let%span sghost56 = "../../../creusot-contracts/src/ghost.rs" 228 9 228 15 + let%span sfmap57 = "../../../creusot-contracts/src/logic/fmap.rs" 104 8 104 26 + let%span sfmap58 = "../../../creusot-contracts/src/logic/fmap.rs" 49 14 49 25 + let%span sresolve59 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sunion_find60 = "union_find.rs" 155 19 155 28 + let%span sunion_find61 = "union_find.rs" 156 18 156 106 + let%span sunion_find62 = "union_find.rs" 153 8 153 16 let%span sresolve63 = "../../../creusot-contracts/src/resolve.rs" 68 8 68 23 - let%span sunion_find64 = "union_find.rs" 81 8 81 20 - let%span sfmap65 = "../../../creusot-contracts/src/logic/fmap.rs" 104 8 104 26 - let%span sfmap66 = "../../../creusot-contracts/src/logic/fmap.rs" 49 14 49 25 - let%span sinvariant67 = "../../../creusot-contracts/src/invariant.rs" 35 20 35 44 - let%span sinvariant68 = "../../../creusot-contracts/src/invariant.rs" 25 8 25 18 - let%span sutil69 = "../../../creusot-contracts/src/util.rs" 55 11 55 21 - let%span sutil70 = "../../../creusot-contracts/src/util.rs" 56 10 56 28 - let%span sunion_find71 = "union_find.rs" 126 8 126 16 - let%span sfmap72 = "../../../creusot-contracts/src/logic/fmap.rs" 490 20 490 91 - let%span sfmap73 = "../../../creusot-contracts/src/logic/fmap.rs" 59 14 59 86 - let%span sptr_own74 = "../../../creusot-contracts/src/ptr_own.rs" 44 20 44 66 + let%span sutil64 = "../../../creusot-contracts/src/util.rs" 55 11 55 21 + let%span sutil65 = "../../../creusot-contracts/src/util.rs" 56 10 56 28 + let%span sunion_find66 = "union_find.rs" 81 8 81 20 + let%span sfmap67 = "../../../creusot-contracts/src/logic/fmap.rs" 490 20 490 91 + let%span sfmap68 = "../../../creusot-contracts/src/logic/fmap.rs" 59 14 59 86 + let%span sptr_own69 = "../../../creusot-contracts/src/ptr_own.rs" 44 20 44 66 + let%span sinvariant70 = "../../../creusot-contracts/src/invariant.rs" 35 20 35 44 + let%span sinvariant71 = "../../../creusot-contracts/src/invariant.rs" 25 8 25 18 + let%span sunion_find72 = "union_find.rs" 126 8 126 16 + let%span sptr73 = "../../../creusot-contracts/src/std/ptr.rs" 80 14 80 48 + let%span sptr74 = "../../../creusot-contracts/src/std/ptr.rs" 82 8 82 30 let%span sboxed75 = "../../../creusot-contracts/src/std/boxed.rs" 33 8 33 18 let%span sfmap76 = "../../../creusot-contracts/src/logic/fmap.rs" 229 8 229 24 - let%span sptr77 = "../../../creusot-contracts/src/std/ptr.rs" 80 14 80 48 - let%span sptr78 = "../../../creusot-contracts/src/std/ptr.rs" 82 8 82 30 - let%span sfmap79 = "../../../creusot-contracts/src/logic/fmap.rs" 117 9 117 31 + let%span sfmap77 = "../../../creusot-contracts/src/logic/fmap.rs" 117 9 117 31 use creusot.prelude.Opaque @@ -2341,37 +2296,37 @@ module M_union_find__implementation__qyi1944850640244667852__find_inner [#"union function view'0 (self : t_FMap'0) : Map.map (Snapshot.snap_ty (int)) (t_Option'2) - axiom view'0_spec : forall self : t_FMap'0 . [%#sfmap73] forall m1 : t_FMap'0, m2 : t_FMap'0 . m1 <> m2 + axiom view'0_spec : forall self : t_FMap'0 . [%#sfmap68] forall m1 : t_FMap'0, m2 : t_FMap'0 . m1 <> m2 -> view'0 m1 <> view'0 m2 use map.Map function get_unsized'0 [@inline:trivial] (self : t_FMap'0) (k : Snapshot.snap_ty (int)) : t_Option'2 = - [%#sfmap65] Map.get (view'0 self) k + [%#sfmap57] Map.get (view'0 self) k function contains'1 [@inline:trivial] (self : t_FMap'0) (k : Snapshot.snap_ty (int)) : bool = - [%#sfmap61] get_unsized'0 self k <> C_None'2 + [%#sfmap54] get_unsized'0 self k <> C_None'2 - predicate inv'33 (_1 : Snapshot.snap_ty (int)) + predicate inv'30 (_1 : Snapshot.snap_ty (int)) - axiom inv_axiom'32 [@rewrite] : forall x : Snapshot.snap_ty (int) [inv'33 x] . inv'33 x = true + axiom inv_axiom'29 [@rewrite] : forall x : Snapshot.snap_ty (int) [inv'30 x] . inv'30 x = true function unwrap'2 (op : t_Option'2) : t_PtrOwn'0 - axiom unwrap'2_spec : forall op : t_Option'2 . ([%#sutil69] op <> C_None'2) - -> ([%#sutil70] C_Some'2 (unwrap'2 op) = op) + axiom unwrap'2_spec : forall op : t_Option'2 . ([%#sutil64] op <> C_None'2) + -> ([%#sutil65] C_Some'2 (unwrap'2 op) = op) function lookup_unsized'0 [@inline:trivial] (self : t_FMap'0) (k : Snapshot.snap_ty (int)) : t_PtrOwn'0 = - [%#sfmap62] unwrap'2 (get_unsized'0 self k) + [%#sfmap55] unwrap'2 (get_unsized'0 self k) function ptr'0 (self : t_PtrOwn'0) : Opaque.ptr function addr_logic'0 (self : Opaque.ptr) : int function is_null_logic'0 (self : Opaque.ptr) : bool = - [%#sptr78] addr_logic'0 self = 0 + [%#sptr74] addr_logic'0 self = 0 - axiom is_null_logic'0_spec : forall self : Opaque.ptr . [%#sptr77] is_null_logic'0 self = (addr_logic'0 self = 0) + axiom is_null_logic'0_spec : forall self : Opaque.ptr . [%#sptr73] is_null_logic'0 self = (addr_logic'0 self = 0) use creusot.int.UInt64 @@ -2381,155 +2336,167 @@ module M_union_find__implementation__qyi1944850640244667852__find_inner [#"union function val'0 (self : t_PtrOwn'0) : t_Content'0 - predicate inv'30 (_1 : t_T'0) + predicate inv'28 (_1 : t_T'0) - predicate inv'4 (_1 : t_Content'0) + predicate inv'8 (_1 : t_Content'0) - axiom inv_axiom'4 [@rewrite] : forall x : t_Content'0 [inv'4 x] . inv'4 x + axiom inv_axiom'8 [@rewrite] : forall x : t_Content'0 [inv'8 x] . inv'8 x = match x with - | C_Root'0 rank value -> inv'30 value + | C_Root'0 rank value -> inv'28 value | C_Link'0 a_0 -> true end - predicate invariant'22 (self : t_Content'0) = - [%#sboxed75] inv'4 self + predicate invariant'21 (self : t_Content'0) = + [%#sboxed75] inv'8 self - predicate inv'35 (_1 : t_Content'0) + predicate inv'32 (_1 : t_Content'0) - axiom inv_axiom'34 [@rewrite] : forall x : t_Content'0 [inv'35 x] . inv'35 x = invariant'22 x + axiom inv_axiom'31 [@rewrite] : forall x : t_Content'0 [inv'32 x] . inv'32 x = invariant'21 x - predicate invariant'7 (self : t_PtrOwn'0) = - [%#sptr_own74] not is_null_logic'0 (ptr'0 self) /\ inv'35 (val'0 self) + predicate invariant'2 (self : t_PtrOwn'0) = + [%#sptr_own69] not is_null_logic'0 (ptr'0 self) /\ inv'32 (val'0 self) - predicate inv'13 (_1 : t_PtrOwn'0) + predicate inv'5 (_1 : t_PtrOwn'0) - axiom inv_axiom'13 [@rewrite] : forall x : t_PtrOwn'0 [inv'13 x] . inv'13 x = invariant'7 x + axiom inv_axiom'5 [@rewrite] : forall x : t_PtrOwn'0 [inv'5 x] . inv'5 x = invariant'2 x - predicate invariant'21 (self : t_PtrOwn'0) = - [%#sboxed75] inv'13 self + predicate invariant'20 (self : t_PtrOwn'0) = + [%#sboxed75] inv'5 self - predicate inv'34 (_1 : t_PtrOwn'0) + predicate inv'31 (_1 : t_PtrOwn'0) - axiom inv_axiom'33 [@rewrite] : forall x : t_PtrOwn'0 [inv'34 x] . inv'34 x = invariant'21 x + axiom inv_axiom'30 [@rewrite] : forall x : t_PtrOwn'0 [inv'31 x] . inv'31 x = invariant'20 x - predicate invariant'6 (self : t_FMap'0) = - [%#sfmap72] forall k : Snapshot.snap_ty (int) . contains'1 self k -> inv'33 k /\ inv'34 (lookup_unsized'0 self k) + predicate invariant'1 (self : t_FMap'0) = + [%#sfmap67] forall k : Snapshot.snap_ty (int) . contains'1 self k -> inv'30 k /\ inv'31 (lookup_unsized'0 self k) - predicate inv'12 (_1 : t_FMap'0) + predicate inv'4 (_1 : t_FMap'0) - axiom inv_axiom'12 [@rewrite] : forall x : t_FMap'0 [inv'12 x] . inv'12 x = invariant'6 x + axiom inv_axiom'4 [@rewrite] : forall x : t_FMap'0 [inv'4 x] . inv'4 x = invariant'1 x - predicate invariant'15 (self : t_FMap'0) = - [%#sboxed75] inv'12 self + predicate invariant'17 (self : t_FMap'0) = + [%#sboxed75] inv'4 self - predicate inv'25 (_1 : t_FMap'0) + predicate inv'26 (_1 : t_FMap'0) - axiom inv_axiom'25 [@rewrite] : forall x : t_FMap'0 [inv'25 x] . inv'25 x = invariant'15 x + axiom inv_axiom'26 [@rewrite] : forall x : t_FMap'0 [inv'26 x] . inv'26 x = invariant'17 x predicate inv'2 (_1 : t_GhostBox'2) axiom inv_axiom'2 [@rewrite] : forall x : t_GhostBox'2 [inv'2 x] . inv'2 x = match x with - | {t_GhostBox__0'1 = a_0} -> inv'25 a_0 + | {t_GhostBox__0'1 = a_0} -> inv'26 a_0 end - predicate invariant'3 (self : t_GhostBox'2) = - [%#sinvariant68] inv'2 self + predicate invariant'7 (self : t_GhostBox'2) = + [%#sinvariant71] inv'2 self - predicate inv'7 (_1 : t_GhostBox'2) + predicate inv'11 (_1 : t_GhostBox'2) - axiom inv_axiom'7 [@rewrite] : forall x : t_GhostBox'2 [inv'7 x] . inv'7 x = invariant'3 x + axiom inv_axiom'11 [@rewrite] : forall x : t_GhostBox'2 [inv'11 x] . inv'11 x = invariant'7 x type t_GhostBox'0 = { t_GhostBox__0'0: t_FMap'0 } - predicate invariant'12 (self : t_FMap'0) = - [%#sinvariant68] inv'12 self + predicate invariant'10 (self : t_FMap'0) = + [%#sinvariant71] inv'4 self - predicate inv'20 (_1 : t_FMap'0) + predicate inv'14 (_1 : t_FMap'0) - axiom inv_axiom'20 [@rewrite] : forall x : t_FMap'0 [inv'20 x] . inv'20 x = invariant'12 x + axiom inv_axiom'14 [@rewrite] : forall x : t_FMap'0 [inv'14 x] . inv'14 x = invariant'10 x - predicate invariant'14 (self : t_FMap'0) = - [%#sboxed75] inv'20 self + predicate invariant'16 (self : t_FMap'0) = + [%#sboxed75] inv'14 self - predicate inv'24 (_1 : t_FMap'0) + predicate inv'25 (_1 : t_FMap'0) - axiom inv_axiom'24 [@rewrite] : forall x : t_FMap'0 [inv'24 x] . inv'24 x = invariant'14 x + axiom inv_axiom'25 [@rewrite] : forall x : t_FMap'0 [inv'25 x] . inv'25 x = invariant'16 x predicate inv'0 (_1 : t_GhostBox'0) axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'0 [inv'0 x] . inv'0 x = match x with - | {t_GhostBox__0'0 = a_0} -> inv'24 a_0 + | {t_GhostBox__0'0 = a_0} -> inv'25 a_0 end - let rec borrow'0 (self:t_GhostBox'2) (return' (ret:t_GhostBox'0))= {[@expl:borrow 'self' type invariant] [%#sghost6] inv'7 self} + let rec borrow'0 (self:t_GhostBox'2) (return' (ret:t_GhostBox'0))= {[@expl:borrow 'self' type invariant] [%#sghost6] inv'11 self} any [ return' (result:t_GhostBox'0)-> {[%#sghost7] inv'0 result} {[%#sghost8] result.t_GhostBox__0'0 = self.t_GhostBox__0'1} (! return' {result}) ] - predicate invariant'10 (self : t_GhostBox'0) = - [%#sinvariant68] inv'0 self + predicate invariant'8 (self : t_GhostBox'0) = + [%#sinvariant71] inv'0 self - predicate inv'18 (_1 : t_GhostBox'0) + predicate inv'12 (_1 : t_GhostBox'0) - axiom inv_axiom'18 [@rewrite] : forall x : t_GhostBox'0 [inv'18 x] . inv'18 x = invariant'10 x + axiom inv_axiom'12 [@rewrite] : forall x : t_GhostBox'0 [inv'12 x] . inv'12 x = invariant'8 x - predicate invariant'11 (self : t_FMap'0) = - [%#sinvariant68] inv'20 self + predicate invariant'9 (self : t_FMap'0) = + [%#sinvariant71] inv'14 self - predicate inv'19 (_1 : t_FMap'0) + predicate inv'13 (_1 : t_FMap'0) - axiom inv_axiom'19 [@rewrite] : forall x : t_FMap'0 [inv'19 x] . inv'19 x = invariant'11 x + axiom inv_axiom'13 [@rewrite] : forall x : t_FMap'0 [inv'13 x] . inv'13 x = invariant'9 x - let rec deref'0 (self:t_GhostBox'0) (return' (ret:t_FMap'0))= {[@expl:deref 'self' type invariant] [%#sghost33] inv'18 self} + let rec deref'0 (self:t_GhostBox'0) (return' (ret:t_FMap'0))= {[@expl:deref 'self' type invariant] [%#sghost9] inv'12 self} any - [ return' (result:t_FMap'0)-> {[%#sghost34] inv'19 result} - {[%#sghost35] self.t_GhostBox__0'0 = result} + [ return' (result:t_FMap'0)-> {[%#sghost10] inv'13 result} + {[%#sghost11] self.t_GhostBox__0'0 = result} (! return' {result}) ] + predicate resolve'14 (_1 : t_FMap'0) = + true + + predicate resolve'12 (self : t_FMap'0) = + [%#sresolve63] resolve'14 self + + predicate resolve'6 (self : t_GhostBox'0) = + [%#sghost52] resolve'12 self.t_GhostBox__0'0 + + predicate resolve'0 (_1 : t_GhostBox'0) = + resolve'6 _1 + use creusot.prelude.Snapshot function deep_model'0 [#"union_find.rs" 24 8 24 34] (self : t_Element'0) : int = - [%#sunion_find57] addr_logic'0 self.t_Element__0'0 + [%#sunion_find53] addr_logic'0 self.t_Element__0'0 let rec addr'0 (self:t_Element'0) (return' (ret:Snapshot.snap_ty (int)))= any - [ return' (result:Snapshot.snap_ty (int))-> {[%#sunion_find36] Snapshot.inner result = deep_model'0 self} + [ return' (result:Snapshot.snap_ty (int))-> {[%#sunion_find12] Snapshot.inner result = deep_model'0 self} (! return' {result}) ] - predicate inv'21 (_1 : Snapshot.snap_ty (int)) + predicate inv'15 (_1 : Snapshot.snap_ty (int)) - axiom inv_axiom'21 [@rewrite] : forall x : Snapshot.snap_ty (int) [inv'21 x] . inv'21 x = true + axiom inv_axiom'15 [@rewrite] : forall x : Snapshot.snap_ty (int) [inv'15 x] . inv'15 x = true type t_Option'0 = | C_None'0 | C_Some'0 (t_PtrOwn'0) - predicate invariant'13 (self : t_PtrOwn'0) = - [%#sinvariant68] inv'13 self + predicate invariant'11 (self : t_PtrOwn'0) = + [%#sinvariant71] inv'5 self - predicate inv'23 (_1 : t_PtrOwn'0) + predicate inv'17 (_1 : t_PtrOwn'0) - axiom inv_axiom'23 [@rewrite] : forall x : t_PtrOwn'0 [inv'23 x] . inv'23 x = invariant'13 x + axiom inv_axiom'17 [@rewrite] : forall x : t_PtrOwn'0 [inv'17 x] . inv'17 x = invariant'11 x - predicate inv'22 (_1 : t_Option'0) + predicate inv'16 (_1 : t_Option'0) - axiom inv_axiom'22 [@rewrite] : forall x : t_Option'0 [inv'22 x] . inv'22 x + axiom inv_axiom'16 [@rewrite] : forall x : t_Option'0 [inv'16 x] . inv'16 x = match x with | C_None'0 -> true - | C_Some'0 a_0 -> inv'23 a_0 + | C_Some'0 a_0 -> inv'17 a_0 end - let rec get_ghost'0 (self:t_FMap'0) (key:Snapshot.snap_ty (int)) (return' (ret:t_Option'0))= {[@expl:get_ghost 'self' type invariant] [%#sfmap37] inv'20 self} - {[@expl:get_ghost 'key' type invariant] [%#sfmap38] inv'21 key} + let rec get_ghost'0 (self:t_FMap'0) (key:Snapshot.snap_ty (int)) (return' (ret:t_Option'0))= {[@expl:get_ghost 'self' type invariant] [%#sfmap13] inv'14 self} + {[@expl:get_ghost 'key' type invariant] [%#sfmap14] inv'15 key} any - [ return' (result:t_Option'0)-> {[%#sfmap39] inv'22 result} - {[%#sfmap40] if contains'1 self key then + [ return' (result:t_Option'0)-> {[%#sfmap15] inv'16 result} + {[%#sfmap16] if contains'1 self key then match result with | C_None'0 -> false | C_Some'0 r -> lookup_unsized'0 self key = r @@ -2540,92 +2507,49 @@ module M_union_find__implementation__qyi1944850640244667852__find_inner [#"union (! return' {result}) ] - let rec unwrap'0 (self:t_Option'0) (return' (ret:t_PtrOwn'0))= {[@expl:unwrap 'self' type invariant] inv'22 self} - {[@expl:unwrap requires] [%#soption41] self <> C_None'0} - any [ return' (result:t_PtrOwn'0)-> {inv'23 result} {[%#soption41] C_Some'0 result = self} (! return' {result}) ] + let rec unwrap'0 (self:t_Option'0) (return' (ret:t_PtrOwn'0))= {[@expl:unwrap 'self' type invariant] inv'16 self} + {[@expl:unwrap requires] [%#soption17] self <> C_None'0} + any [ return' (result:t_PtrOwn'0)-> {inv'17 result} {[%#soption17] C_Some'0 result = self} (! return' {result}) ] type t_GhostBox'1 = { t_GhostBox__0'2: t_PtrOwn'0 } predicate invariant'19 (self : t_PtrOwn'0) = - [%#sboxed75] inv'23 self + [%#sboxed75] inv'17 self - predicate inv'31 (_1 : t_PtrOwn'0) + predicate inv'29 (_1 : t_PtrOwn'0) - axiom inv_axiom'30 [@rewrite] : forall x : t_PtrOwn'0 [inv'31 x] . inv'31 x = invariant'19 x + axiom inv_axiom'28 [@rewrite] : forall x : t_PtrOwn'0 [inv'29 x] . inv'29 x = invariant'19 x - predicate inv'9 (_1 : t_GhostBox'1) + predicate inv'18 (_1 : t_GhostBox'1) - axiom inv_axiom'9 [@rewrite] : forall x : t_GhostBox'1 [inv'9 x] . inv'9 x + axiom inv_axiom'18 [@rewrite] : forall x : t_GhostBox'1 [inv'18 x] . inv'18 x = match x with - | {t_GhostBox__0'2 = a_0} -> inv'31 a_0 + | {t_GhostBox__0'2 = a_0} -> inv'29 a_0 end - let rec new'0 (x:t_PtrOwn'0) (return' (ret:t_GhostBox'1))= {[@expl:new 'x' type invariant] [%#sghost42] inv'23 x} + let rec new'0 (x:t_PtrOwn'0) (return' (ret:t_GhostBox'1))= {[@expl:new 'x' type invariant] [%#sghost18] inv'17 x} any - [ return' (result:t_GhostBox'1)-> {[%#sghost43] inv'9 result} - {[%#sghost44] result.t_GhostBox__0'2 = x} + [ return' (result:t_GhostBox'1)-> {[%#sghost19] inv'18 result} + {[%#sghost20] result.t_GhostBox__0'2 = x} (! return' {result}) ] - use creusot.prelude.Intrinsic - - type closure5'1 = - { field_0'0: t_GhostBox'0; field_1'0: t_Element'0 } - - predicate inv'8 (_1 : closure5'1) - - axiom inv_axiom'8 [@rewrite] : forall x : closure5'1 [inv'8 x] . inv'8 x - = (let {field_0'0 = x0 ; field_1'0 = x1} = x in inv'18 x0) - - let rec closure5'0[#"union_find.rs" 205 23 205 67] [@coma:extspec] (_1:closure5'1) (return' (ret:t_GhostBox'1))= bb0 - [ bb0 = s0 [ s0 = deref'0 {_1.field_0'0} (fun (_ret':t_FMap'0) -> [ &_5 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = addr'0 {_1.field_1'0} (fun (_ret':Snapshot.snap_ty (int)) -> [ &_9 <- _ret' ] s1) | s1 = bb2 ] - | bb2 = s0 - [ s0 = [ &_8 <- _9 ] s1 - | s1 = get_ghost'0 {_5} {_8} (fun (_ret':t_Option'0) -> [ &_3 <- _ret' ] s2) - | s2 = bb3 ] - - | bb3 = s0 [ s0 = unwrap'0 {_3} (fun (_ret':t_PtrOwn'0) -> [ &_2 <- _ret' ] s1) | s1 = bb4 ] - | bb4 = s0 [ s0 = new'0 {_2} (fun (_ret':t_GhostBox'1) -> [ &_0 <- _ret' ] s1) | s1 = bb5 ] - | bb5 = return' {_0} ] - - [ & _0 : t_GhostBox'1 = Intrinsic.any_l () - | & _1 : closure5'1 = _1 - | & _2 : t_PtrOwn'0 = Intrinsic.any_l () - | & _3 : t_Option'0 = Intrinsic.any_l () - | & _5 : t_FMap'0 = Intrinsic.any_l () - | & _8 : Snapshot.snap_ty (int) = Intrinsic.any_l () - | & _9 : Snapshot.snap_ty (int) = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'1)-> return' {result} ] - - predicate resolve'16 (_1 : t_FMap'0) = - true - - predicate resolve'11 (self : t_FMap'0) = - [%#sresolve63] resolve'16 self - - predicate resolve'4 (self : t_GhostBox'0) = - [%#sghost45] resolve'11 self.t_GhostBox__0'0 - - predicate resolve'0 (_1 : t_GhostBox'0) = - resolve'4 _1 - function inner_logic'0 (self : t_GhostBox'1) : t_PtrOwn'0 = - [%#sghost46] self.t_GhostBox__0'2 + [%#sghost56] self.t_GhostBox__0'2 - predicate invariant'4 (self : t_Content'0) = - [%#sinvariant68] inv'4 self + predicate invariant'12 (self : t_Content'0) = + [%#sinvariant71] inv'8 self - predicate inv'10 (_1 : t_Content'0) + predicate inv'19 (_1 : t_Content'0) - axiom inv_axiom'10 [@rewrite] : forall x : t_Content'0 [inv'10 x] . inv'10 x = invariant'4 x + axiom inv_axiom'19 [@rewrite] : forall x : t_Content'0 [inv'19 x] . inv'19 x = invariant'12 x - let rec as_ref'0 (ptr:Opaque.ptr) (own:t_GhostBox'1) (return' (ret:t_Content'0))= {[@expl:as_ref 'own' type invariant] [%#sptr_own10] inv'9 own} - {[@expl:as_ref requires] [%#sptr_own11] ptr = ptr'0 (inner_logic'0 own)} + let rec as_ref'0 (ptr:Opaque.ptr) (own:t_GhostBox'1) (return' (ret:t_Content'0))= {[@expl:as_ref 'own' type invariant] [%#sptr_own21] inv'18 own} + {[@expl:as_ref requires] [%#sptr_own22] ptr = ptr'0 (inner_logic'0 own)} any - [ return' (result:t_Content'0)-> {[%#sptr_own12] inv'10 result} - {[%#sptr_own13] result = val'0 (inner_logic'0 own)} + [ return' (result:t_Content'0)-> {[%#sptr_own23] inv'19 result} + {[%#sptr_own24] result = val'0 (inner_logic'0 own)} (! return' {result}) ] @@ -2643,47 +2567,47 @@ module M_union_find__implementation__qyi1944850640244667852__find_inner [#"union use set.Fset predicate contains'0 [@inline:trivial] (self : Fset.fset (t_Element'0)) (e : t_Element'0) = - [%#sfset27] Fset.mem e self + [%#sfset46] Fset.mem e self function inner_logic'2 (self : t_GhostBox'2) : t_FMap'0 = - [%#sghost46] self.t_GhostBox__0'1 + [%#sghost56] self.t_GhostBox__0'1 use creusot.prelude.Snapshot function lookup'0 [@inline:trivial] (self : t_FMap'0) (k : Snapshot.snap_ty (int)) : t_PtrOwn'0 = - [%#sfmap79] lookup_unsized'0 self k + [%#sfmap77] lookup_unsized'0 self k function index_logic'3 [@inline:trivial] (self : t_FMap'0) (key : Snapshot.snap_ty (int)) : t_PtrOwn'0 = [%#sfmap76] lookup'0 self key function get_perm'0 [#"union_find.rs" 127 8 127 62] (self : t_UnionFind'0) (e : t_Element'0) : t_PtrOwn'0 = - [%#sunion_find71] index_logic'3 (inner_logic'2 self.t_UnionFind__map'0) (Snapshot.new (deep_model'0 e)) + [%#sunion_find72] index_logic'3 (inner_logic'2 self.t_UnionFind__map'0) (Snapshot.new (deep_model'0 e)) use creusot.prelude.Snapshot use map.Map function index_logic'2 (self : Map.map (t_Element'0) t_T'0) (a : t_Element'0) : t_T'0 = - [%#smapping31] Map.get self a + [%#smapping50] Map.get self a use creusot.prelude.Snapshot use map.Map function index_logic'0 (self : Map.map (t_Element'0) (t_Element'0)) (a : t_Element'0) : t_Element'0 = - [%#smapping31] Map.get self a + [%#smapping50] Map.get self a use creusot.prelude.Snapshot use map.Map function index_logic'1 (self : Map.map (t_Element'0) (int)) (a : t_Element'0) : int = - [%#smapping31] Map.get self a + [%#smapping50] Map.get self a use mach.int.Int predicate invariant'0 [@inline:trivial] [#"union_find.rs" 84 8 84 34] (self : t_UnionFind'0) = - [%#sunion_find64] let domain = self.t_UnionFind__domain'0 in (forall e1 : t_Element'0, e2 : t_Element'0 . contains'0 (Snapshot.inner domain) e1 + [%#sunion_find66] let domain = self.t_UnionFind__domain'0 in (forall e1 : t_Element'0, e2 : t_Element'0 . contains'0 (Snapshot.inner domain) e1 /\ contains'0 (Snapshot.inner domain) e2 /\ deep_model'0 e1 = deep_model'0 e2 -> e1 = e2) /\ (forall e : t_Element'0 . contains'0 (Snapshot.inner domain) e -> contains'1 (inner_logic'2 self.t_UnionFind__map'0) (Snapshot.new (deep_model'0 e))) @@ -2729,63 +2653,63 @@ module M_union_find__implementation__qyi1944850640244667852__find_inner [#"union | {t_UnionFind__domain'0 = domain ; t_UnionFind__map'0 = map ; t_UnionFind__values'0 = values ; t_UnionFind__distance'0 = distance ; t_UnionFind__root_of'0 = root_of ; t_UnionFind__max_depth'0 = max_depth} -> inv'2 map end) - predicate invariant'5 (self : MutBorrow.t (t_GhostBox'2)) = - [%#sinvariant67] inv'2 self.current /\ inv'2 self.final + predicate invariant'13 (self : MutBorrow.t (t_GhostBox'2)) = + [%#sinvariant70] inv'2 self.current /\ inv'2 self.final - predicate inv'11 (_1 : MutBorrow.t (t_GhostBox'2)) + predicate inv'20 (_1 : MutBorrow.t (t_GhostBox'2)) - axiom inv_axiom'11 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'2) [inv'11 x] . inv'11 x = invariant'5 x + axiom inv_axiom'20 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'2) [inv'20 x] . inv'20 x = invariant'13 x type t_GhostBox'3 = { t_GhostBox__0'3: MutBorrow.t (t_FMap'0) } - predicate invariant'18 (self : MutBorrow.t (t_FMap'0)) = - [%#sinvariant67] inv'12 self.current /\ inv'12 self.final + predicate invariant'15 (self : MutBorrow.t (t_FMap'0)) = + [%#sinvariant70] inv'4 self.current /\ inv'4 self.final - predicate inv'28 (_1 : MutBorrow.t (t_FMap'0)) + predicate inv'22 (_1 : MutBorrow.t (t_FMap'0)) - axiom inv_axiom'28 [@rewrite] : forall x : MutBorrow.t (t_FMap'0) [inv'28 x] . inv'28 x = invariant'18 x + axiom inv_axiom'22 [@rewrite] : forall x : MutBorrow.t (t_FMap'0) [inv'22 x] . inv'22 x = invariant'15 x - predicate invariant'16 (self : MutBorrow.t (t_FMap'0)) = - [%#sboxed75] inv'28 self + predicate invariant'18 (self : MutBorrow.t (t_FMap'0)) = + [%#sboxed75] inv'22 self - predicate inv'26 (_1 : MutBorrow.t (t_FMap'0)) + predicate inv'27 (_1 : MutBorrow.t (t_FMap'0)) - axiom inv_axiom'26 [@rewrite] : forall x : MutBorrow.t (t_FMap'0) [inv'26 x] . inv'26 x = invariant'16 x + axiom inv_axiom'27 [@rewrite] : forall x : MutBorrow.t (t_FMap'0) [inv'27 x] . inv'27 x = invariant'18 x predicate inv'3 (_1 : t_GhostBox'3) axiom inv_axiom'3 [@rewrite] : forall x : t_GhostBox'3 [inv'3 x] . inv'3 x = match x with - | {t_GhostBox__0'3 = a_0} -> inv'26 a_0 + | {t_GhostBox__0'3 = a_0} -> inv'27 a_0 end - let rec borrow_mut'0 (self:MutBorrow.t (t_GhostBox'2)) (return' (ret:t_GhostBox'3))= {[@expl:borrow_mut 'self' type invariant] [%#sghost14] inv'11 self} + let rec borrow_mut'0 (self:MutBorrow.t (t_GhostBox'2)) (return' (ret:t_GhostBox'3))= {[@expl:borrow_mut 'self' type invariant] [%#sghost25] inv'20 self} any - [ return' (result:t_GhostBox'3)-> {[%#sghost15] inv'3 result} - {[%#sghost16] result.t_GhostBox__0'3 + [ return' (result:t_GhostBox'3)-> {[%#sghost26] inv'3 result} + {[%#sghost27] result.t_GhostBox__0'3 = MutBorrow.borrow_logic (self.current).t_GhostBox__0'1 (self.final).t_GhostBox__0'1 (MutBorrow.inherit_id (MutBorrow.get_id self) 1)} (! return' {result}) ] - predicate invariant'17 (self : MutBorrow.t (t_GhostBox'3)) = - [%#sinvariant67] inv'3 self.current /\ inv'3 self.final + predicate invariant'14 (self : MutBorrow.t (t_GhostBox'3)) = + [%#sinvariant70] inv'3 self.current /\ inv'3 self.final - predicate inv'27 (_1 : MutBorrow.t (t_GhostBox'3)) + predicate inv'21 (_1 : MutBorrow.t (t_GhostBox'3)) - axiom inv_axiom'27 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'3) [inv'27 x] . inv'27 x = invariant'17 x + axiom inv_axiom'21 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'3) [inv'21 x] . inv'21 x = invariant'14 x - predicate invariant'8 (self : MutBorrow.t (MutBorrow.t (t_FMap'0))) = - [%#sinvariant67] inv'28 self.current /\ inv'28 self.final + predicate invariant'3 (self : MutBorrow.t (MutBorrow.t (t_FMap'0))) = + [%#sinvariant70] inv'22 self.current /\ inv'22 self.final - predicate inv'14 (_1 : MutBorrow.t (MutBorrow.t (t_FMap'0))) + predicate inv'6 (_1 : MutBorrow.t (MutBorrow.t (t_FMap'0))) - axiom inv_axiom'14 [@rewrite] : forall x : MutBorrow.t (MutBorrow.t (t_FMap'0)) [inv'14 x] . inv'14 x = invariant'8 x + axiom inv_axiom'6 [@rewrite] : forall x : MutBorrow.t (MutBorrow.t (t_FMap'0)) [inv'6 x] . inv'6 x = invariant'3 x - let rec deref_mut'0 (self:MutBorrow.t (t_GhostBox'3)) (return' (ret:MutBorrow.t (MutBorrow.t (t_FMap'0))))= {[@expl:deref_mut 'self' type invariant] [%#sghost47] inv'27 self} + let rec deref_mut'0 (self:MutBorrow.t (t_GhostBox'3)) (return' (ret:MutBorrow.t (MutBorrow.t (t_FMap'0))))= {[@expl:deref_mut 'self' type invariant] [%#sghost28] inv'21 self} any - [ return' (result:MutBorrow.t (MutBorrow.t (t_FMap'0)))-> {[%#sghost48] inv'14 result} - {[%#sghost49] result + [ return' (result:MutBorrow.t (MutBorrow.t (t_FMap'0)))-> {[%#sghost29] inv'6 result} + {[%#sghost30] result = MutBorrow.borrow_logic (self.current).t_GhostBox__0'3 (self.final).t_GhostBox__0'3 (MutBorrow.inherit_id (MutBorrow.get_id self) 1)} (! return' {result}) ] @@ -2794,30 +2718,30 @@ module M_union_find__implementation__qyi1944850640244667852__find_inner [#"union | C_None'1 | C_Some'1 (MutBorrow.t (t_PtrOwn'0)) - predicate invariant'9 (self : MutBorrow.t (t_PtrOwn'0)) = - [%#sinvariant67] inv'13 self.current /\ inv'13 self.final + predicate invariant'4 (self : MutBorrow.t (t_PtrOwn'0)) = + [%#sinvariant70] inv'5 self.current /\ inv'5 self.final - predicate inv'15 (_1 : MutBorrow.t (t_PtrOwn'0)) + predicate inv'7 (_1 : MutBorrow.t (t_PtrOwn'0)) - axiom inv_axiom'15 [@rewrite] : forall x : MutBorrow.t (t_PtrOwn'0) [inv'15 x] . inv'15 x = invariant'9 x + axiom inv_axiom'7 [@rewrite] : forall x : MutBorrow.t (t_PtrOwn'0) [inv'7 x] . inv'7 x = invariant'4 x - predicate inv'29 (_1 : t_Option'1) + predicate inv'23 (_1 : t_Option'1) - axiom inv_axiom'29 [@rewrite] : forall x : t_Option'1 [inv'29 x] . inv'29 x + axiom inv_axiom'23 [@rewrite] : forall x : t_Option'1 [inv'23 x] . inv'23 x = match x with | C_None'1 -> true - | C_Some'1 a_0 -> inv'15 a_0 + | C_Some'1 a_0 -> inv'7 a_0 end function len'0 (self : t_FMap'0) : int - axiom len'0_spec : forall self : t_FMap'0 . [%#sfmap66] len'0 self >= 0 + axiom len'0_spec : forall self : t_FMap'0 . [%#sfmap58] len'0 self >= 0 - let rec get_mut_ghost'0 (self:MutBorrow.t (t_FMap'0)) (key:Snapshot.snap_ty (int)) (return' (ret:t_Option'1))= {[@expl:get_mut_ghost 'self' type invariant] [%#sfmap50] inv'28 self} - {[@expl:get_mut_ghost 'key' type invariant] [%#sfmap51] inv'21 key} + let rec get_mut_ghost'0 (self:MutBorrow.t (t_FMap'0)) (key:Snapshot.snap_ty (int)) (return' (ret:t_Option'1))= {[@expl:get_mut_ghost 'self' type invariant] [%#sfmap31] inv'22 self} + {[@expl:get_mut_ghost 'key' type invariant] [%#sfmap32] inv'15 key} any - [ return' (result:t_Option'1)-> {[%#sfmap52] inv'29 result} - {[%#sfmap53] if contains'1 self.current key then + [ return' (result:t_Option'1)-> {[%#sfmap33] inv'23 result} + {[%#sfmap34] if contains'1 self.current key then match result with | C_None'1 -> false | C_Some'1 r -> contains'1 self.final key @@ -2826,330 +2750,298 @@ module M_union_find__implementation__qyi1944850640244667852__find_inner [#"union else result = C_None'1 /\ self.current = self.final } - {[%#sfmap54] forall k : Snapshot.snap_ty (int) . k <> key + {[%#sfmap35] forall k : Snapshot.snap_ty (int) . k <> key -> get_unsized'0 self.current k = get_unsized'0 self.final k} - {[%#sfmap55] len'0 self.current = len'0 self.final} + {[%#sfmap36] len'0 self.current = len'0 self.final} (! return' {result}) ] - let rec unwrap'1 (self:t_Option'1) (return' (ret:MutBorrow.t (t_PtrOwn'0)))= {[@expl:unwrap 'self' type invariant] inv'29 self} - {[@expl:unwrap requires] [%#soption41] self <> C_None'1} + let rec unwrap'1 (self:t_Option'1) (return' (ret:MutBorrow.t (t_PtrOwn'0)))= {[@expl:unwrap 'self' type invariant] inv'23 self} + {[@expl:unwrap requires] [%#soption17] self <> C_None'1} any - [ return' (result:MutBorrow.t (t_PtrOwn'0))-> {inv'15 result} - {[%#soption41] C_Some'1 result = self} + [ return' (result:MutBorrow.t (t_PtrOwn'0))-> {inv'7 result} + {[%#soption17] C_Some'1 result = self} (! return' {result}) ] type t_GhostBox'4 = { t_GhostBox__0'4: MutBorrow.t (t_PtrOwn'0) } - predicate invariant'20 (self : MutBorrow.t (t_PtrOwn'0)) = - [%#sboxed75] inv'15 self + predicate invariant'22 (self : MutBorrow.t (t_PtrOwn'0)) = + [%#sboxed75] inv'7 self - predicate inv'32 (_1 : MutBorrow.t (t_PtrOwn'0)) + predicate inv'33 (_1 : MutBorrow.t (t_PtrOwn'0)) - axiom inv_axiom'31 [@rewrite] : forall x : MutBorrow.t (t_PtrOwn'0) [inv'32 x] . inv'32 x = invariant'20 x + axiom inv_axiom'32 [@rewrite] : forall x : MutBorrow.t (t_PtrOwn'0) [inv'33 x] . inv'33 x = invariant'22 x - predicate inv'17 (_1 : t_GhostBox'4) + predicate inv'24 (_1 : t_GhostBox'4) - axiom inv_axiom'17 [@rewrite] : forall x : t_GhostBox'4 [inv'17 x] . inv'17 x + axiom inv_axiom'24 [@rewrite] : forall x : t_GhostBox'4 [inv'24 x] . inv'24 x = match x with - | {t_GhostBox__0'4 = a_0} -> inv'32 a_0 + | {t_GhostBox__0'4 = a_0} -> inv'33 a_0 end - let rec new'1 (x:MutBorrow.t (t_PtrOwn'0)) (return' (ret:t_GhostBox'4))= {[@expl:new 'x' type invariant] [%#sghost42] inv'15 x} + let rec new'1 (x:MutBorrow.t (t_PtrOwn'0)) (return' (ret:t_GhostBox'4))= {[@expl:new 'x' type invariant] [%#sghost18] inv'7 x} any - [ return' (result:t_GhostBox'4)-> {[%#sghost43] inv'17 result} - {[%#sghost44] result.t_GhostBox__0'4 = x} + [ return' (result:t_GhostBox'4)-> {[%#sghost19] inv'24 result} + {[%#sghost20] result.t_GhostBox__0'4 = x} (! return' {result}) ] - predicate resolve'12 (self : MutBorrow.t (MutBorrow.t (t_FMap'0))) = - [%#sresolve56] self.final = self.current - - predicate resolve'5 (_1 : MutBorrow.t (MutBorrow.t (t_FMap'0))) = - resolve'12 _1 + predicate resolve'7 (self : MutBorrow.t (MutBorrow.t (t_FMap'0))) = + [%#sresolve59] self.final = self.current - predicate resolve'13 (self : MutBorrow.t (t_PtrOwn'0)) = - [%#sresolve56] self.final = self.current - - predicate resolve'6 (_1 : MutBorrow.t (t_PtrOwn'0)) = - resolve'13 _1 - - type closure6'1 = - { field_0'1: MutBorrow.t (t_GhostBox'3); field_1'1: t_Element'0 } - - predicate inv'16 (_1 : closure6'1) - - axiom inv_axiom'16 [@rewrite] : forall x : closure6'1 [inv'16 x] . inv'16 x - = (let {field_0'1 = x0 ; field_1'1 = x1} = x in inv'27 x0) - - predicate resolve'17 (self : MutBorrow.t (t_GhostBox'3)) = - [%#sresolve56] self.final = self.current - - predicate resolve'14 (_1 : MutBorrow.t (t_GhostBox'3)) = - resolve'17 _1 + predicate resolve'1 (_1 : MutBorrow.t (MutBorrow.t (t_FMap'0))) = + resolve'7 _1 - predicate resolve'7 (_1 : closure6'1) = - resolve'14 _1.field_0'1 + predicate resolve'8 (self : MutBorrow.t (t_PtrOwn'0)) = + [%#sresolve59] self.final = self.current - let rec closure6'0[#"union_find.rs" 213 35 213 83] [@coma:extspec] (_1:closure6'1) (return' (ret:t_GhostBox'4))= bb0 - [ bb0 = s0 - [ s0 = {inv'3 (_1.field_0'1).current} - MutBorrow.borrow_final {(_1.field_0'1).current} {MutBorrow.get_id _1.field_0'1} - (fun (_ret':MutBorrow.t (t_GhostBox'3)) -> - [ &_7 <- _ret' ] - -{inv'3 _ret'.final}- - [ &_1 <- { _1 with field_0'1 = { _1.field_0'1 with current = _ret'.final } } ] - s1) - | s1 = deref_mut'0 {_7} (fun (_ret':MutBorrow.t (MutBorrow.t (t_FMap'0))) -> [ &_6 <- _ret' ] s2) - | s2 = bb1 ] - - | bb1 = s0 - [ s0 = {inv'12 (_6.current).current} - MutBorrow.borrow_mut {(_6.current).current} - (fun (_ret':MutBorrow.t (t_FMap'0)) -> - [ &_5 <- _ret' ] - -{inv'12 _ret'.final}- - [ &_6 <- { _6 with current = { _6.current with current = _ret'.final } } ] - s1) - | s1 = addr'0 {_1.field_1'1} (fun (_ret':Snapshot.snap_ty (int)) -> [ &_10 <- _ret' ] s2) - | s2 = bb2 ] - - | bb2 = s0 - [ s0 = [ &_9 <- _10 ] s1 - | s1 = get_mut_ghost'0 {_5} {_9} (fun (_ret':t_Option'1) -> [ &_4 <- _ret' ] s2) - | s2 = bb3 ] - - | bb3 = s0 [ s0 = unwrap'1 {_4} (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> [ &_3 <- _ret' ] s1) | s1 = bb4 ] - | bb4 = s0 - [ s0 = {inv'13 _3.current} - MutBorrow.borrow_final {_3.current} {MutBorrow.get_id _3} - (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> - [ &_2 <- _ret' ] - -{inv'13 _ret'.final}- - [ &_3 <- { _3 with current = _ret'.final } ] - s1) - | s1 = new'1 {_2} (fun (_ret':t_GhostBox'4) -> [ &_0 <- _ret' ] s2) - | s2 = bb5 ] - - | bb5 = s0 - [ s0 = {[@expl:type invariant] inv'14 _6} s1 - | s1 = -{resolve'5 _6}- s2 - | s2 = {[@expl:type invariant] inv'15 _3} s3 - | s3 = -{resolve'6 _3}- s4 - | s4 = {[@expl:type invariant] inv'16 _1} s5 - | s5 = -{resolve'7 _1}- s6 - | s6 = return' {_0} ] - ] - - [ & _0 : t_GhostBox'4 = Intrinsic.any_l () - | & _1 : closure6'1 = _1 - | & _2 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () - | & _3 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () - | & _4 : t_Option'1 = Intrinsic.any_l () - | & _5 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () - | & _6 : MutBorrow.t (MutBorrow.t (t_FMap'0)) = Intrinsic.any_l () - | & _7 : MutBorrow.t (t_GhostBox'3) = Intrinsic.any_l () - | & _9 : Snapshot.snap_ty (int) = Intrinsic.any_l () - | & _10 : Snapshot.snap_ty (int) = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'4)-> return' {result} ] + predicate resolve'2 (_1 : MutBorrow.t (t_PtrOwn'0)) = + resolve'8 _1 function inner_logic'1 (self : t_GhostBox'4) : MutBorrow.t (t_PtrOwn'0) = - [%#sghost46] self.t_GhostBox__0'4 + [%#sghost56] self.t_GhostBox__0'4 - predicate invariant'1 (self : MutBorrow.t (t_Content'0)) = - [%#sinvariant67] inv'4 self.current /\ inv'4 self.final + predicate invariant'5 (self : MutBorrow.t (t_Content'0)) = + [%#sinvariant70] inv'8 self.current /\ inv'8 self.final - predicate inv'5 (_1 : MutBorrow.t (t_Content'0)) + predicate inv'9 (_1 : MutBorrow.t (t_Content'0)) - axiom inv_axiom'5 [@rewrite] : forall x : MutBorrow.t (t_Content'0) [inv'5 x] . inv'5 x = invariant'1 x + axiom inv_axiom'9 [@rewrite] : forall x : MutBorrow.t (t_Content'0) [inv'9 x] . inv'9 x = invariant'5 x - let rec as_mut'0 (ptr:Opaque.ptr) (own:t_GhostBox'4) (return' (ret:MutBorrow.t (t_Content'0)))= {[@expl:as_mut 'own' type invariant] [%#sptr_own18] inv'17 own} - {[@expl:as_mut requires] [%#sptr_own19] ptr = ptr'0 (inner_logic'1 own).current} + let rec as_mut'0 (ptr:Opaque.ptr) (own:t_GhostBox'4) (return' (ret:MutBorrow.t (t_Content'0)))= {[@expl:as_mut 'own' type invariant] [%#sptr_own37] inv'24 own} + {[@expl:as_mut requires] [%#sptr_own38] ptr = ptr'0 (inner_logic'1 own).current} any - [ return' (result:MutBorrow.t (t_Content'0))-> {[%#sptr_own20] inv'5 result} - {[%#sptr_own21] result.current = val'0 (inner_logic'1 own).current} - {[%#sptr_own22] ptr'0 (inner_logic'1 own).final = ptr'0 (inner_logic'1 own).current} - {[%#sptr_own23] val'0 (inner_logic'1 own).final = result.final} + [ return' (result:MutBorrow.t (t_Content'0))-> {[%#sptr_own39] inv'9 result} + {[%#sptr_own40] result.current = val'0 (inner_logic'1 own).current} + {[%#sptr_own41] ptr'0 (inner_logic'1 own).final = ptr'0 (inner_logic'1 own).current} + {[%#sptr_own42] val'0 (inner_logic'1 own).final = result.final} (! return' {result}) ] - predicate resolve'8 (self : MutBorrow.t (t_Content'0)) = - [%#sresolve56] self.final = self.current + predicate resolve'9 (self : MutBorrow.t (t_Content'0)) = + [%#sresolve59] self.final = self.current - predicate resolve'1 (_1 : MutBorrow.t (t_Content'0)) = - resolve'8 _1 + predicate resolve'3 (_1 : MutBorrow.t (t_Content'0)) = + resolve'9 _1 - predicate resolve'19 (self : MutBorrow.t (t_FMap'0)) = - [%#sresolve56] self.final = self.current + predicate resolve'16 (self : MutBorrow.t (t_FMap'0)) = + [%#sresolve59] self.final = self.current - predicate resolve'18 (_1 : MutBorrow.t (t_FMap'0)) = - resolve'19 _1 + predicate resolve'15 (_1 : MutBorrow.t (t_FMap'0)) = + resolve'16 _1 - predicate resolve'15 (self : MutBorrow.t (t_FMap'0)) = - [%#sresolve63] resolve'18 self + predicate resolve'13 (self : MutBorrow.t (t_FMap'0)) = + [%#sresolve63] resolve'15 self - predicate resolve'9 (self : t_GhostBox'3) = - [%#sghost45] resolve'15 self.t_GhostBox__0'3 + predicate resolve'10 (self : t_GhostBox'3) = + [%#sghost52] resolve'13 self.t_GhostBox__0'3 - predicate resolve'2 (_1 : t_GhostBox'3) = - resolve'9 _1 + predicate resolve'4 (_1 : t_GhostBox'3) = + resolve'10 _1 - predicate invariant'2 (self : MutBorrow.t (t_UnionFind'0)) = - [%#sinvariant67] inv'1 self.current /\ inv'1 self.final + predicate invariant'6 (self : MutBorrow.t (t_UnionFind'0)) = + [%#sinvariant70] inv'1 self.current /\ inv'1 self.final - predicate inv'6 (_1 : MutBorrow.t (t_UnionFind'0)) + predicate inv'10 (_1 : MutBorrow.t (t_UnionFind'0)) - axiom inv_axiom'6 [@rewrite] : forall x : MutBorrow.t (t_UnionFind'0) [inv'6 x] . inv'6 x = invariant'2 x + axiom inv_axiom'10 [@rewrite] : forall x : MutBorrow.t (t_UnionFind'0) [inv'10 x] . inv'10 x = invariant'6 x - predicate resolve'10 (self : MutBorrow.t (t_UnionFind'0)) = - [%#sresolve56] self.final = self.current + predicate resolve'11 (self : MutBorrow.t (t_UnionFind'0)) = + [%#sresolve59] self.final = self.current - predicate resolve'3 (_1 : MutBorrow.t (t_UnionFind'0)) = - resolve'10 _1 + predicate resolve'5 (_1 : MutBorrow.t (t_UnionFind'0)) = + resolve'11 _1 + + use creusot.prelude.Intrinsic function domain'0 [#"union_find.rs" 136 8 136 47] (self : t_UnionFind'0) : Fset.fset (t_Element'0) = - [%#sunion_find26] Snapshot.inner self.t_UnionFind__domain'0 + [%#sunion_find45] Snapshot.inner self.t_UnionFind__domain'0 - axiom domain'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find24] inv'1 self) - -> ([%#sunion_find25] forall e1 : t_Element'0, e2 : t_Element'0 . contains'0 (domain'0 self) e1 + axiom domain'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find43] inv'1 self) + -> ([%#sunion_find44] forall e1 : t_Element'0, e2 : t_Element'0 . contains'0 (domain'0 self) e1 /\ contains'0 (domain'0 self) e2 /\ deep_model'0 e1 = deep_model'0 e2 -> e1 = e2) function root_of'0 [#"union_find.rs" 148 8 148 63] (self : t_UnionFind'0) : Map.map (t_Element'0) (t_Element'0) = - [%#sunion_find30] Snapshot.inner self.t_UnionFind__root_of'0 + [%#sunion_find49] Snapshot.inner self.t_UnionFind__root_of'0 - axiom root_of'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find28] inv'1 self) - -> ([%#sunion_find29] forall e : t_Element'0 . contains'0 (Snapshot.inner self.t_UnionFind__domain'0) e + axiom root_of'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find47] inv'1 self) + -> ([%#sunion_find48] forall e : t_Element'0 . contains'0 (Snapshot.inner self.t_UnionFind__domain'0) e -> index_logic'0 (root_of'0 self) e = index_logic'0 (root_of'0 self) (index_logic'0 (root_of'0 self) e)) function values'0 [#"union_find.rs" 157 8 157 53] (self : t_UnionFind'0) : Map.map (t_Element'0) t_T'0 = - [%#sunion_find60] Snapshot.inner self.t_UnionFind__values'0 + [%#sunion_find62] Snapshot.inner self.t_UnionFind__values'0 - axiom values'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find58] inv'1 self) - -> ([%#sunion_find59] forall e : t_Element'0 . contains'0 (Snapshot.inner self.t_UnionFind__domain'0) e + axiom values'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find60] inv'1 self) + -> ([%#sunion_find61] forall e : t_Element'0 . contains'0 (Snapshot.inner self.t_UnionFind__domain'0) e -> index_logic'2 (values'0 self) e = index_logic'2 (values'0 self) (index_logic'0 (root_of'0 self) e)) predicate unchanged'0 [#"union_find.rs" 164 8 164 43] (self : MutBorrow.t (t_UnionFind'0)) = - [%#sunion_find32] domain'0 self.current = domain'0 self.final + [%#sunion_find51] domain'0 self.current = domain'0 self.final /\ root_of'0 self.current = root_of'0 self.final /\ values'0 self.current = values'0 self.final meta "compute_max_steps" 1000000 - let rec find_inner'0[#"union_find.rs" 203 8 203 64] (self:MutBorrow.t (t_UnionFind'0)) (elem:t_Element'0) (return' (ret:t_Element'0))= {[@expl:find_inner 'self' type invariant] [%#sunion_find0] inv'6 self} + let rec find_inner'0[#"union_find.rs" 203 8 203 64] (self:MutBorrow.t (t_UnionFind'0)) (elem:t_Element'0) (return' (ret:t_Element'0))= {[@expl:find_inner 'self' type invariant] [%#sunion_find0] inv'10 self} {[@expl:find_inner requires] [%#sunion_find1] contains'0 (domain'0 self.current) elem} (! bb0 [ bb0 = s0 [ s0 = borrow'0 {(self.current).t_UnionFind__map'0} (fun (_ret':t_GhostBox'0) -> [ &map <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 - [ s0 = [ &_11 <- { field_0'0 = map; field_1'0 = elem } ] s1 - | s1 = closure5'0 {_11} (fun (_ret':t_GhostBox'1) -> [ &perm <- _ret' ] s2) - | s2 = bb2 ] - + | bb1 = s0 [ s0 = deref'0 {map} (fun (_ret':t_FMap'0) -> [ &_14 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = {[@expl:type invariant] inv'0 map} s1 | s1 = -{resolve'0 map}- s2 - | s2 = as_ref'0 {elem.t_Element__0'0} {perm} (fun (_ret':t_Content'0) -> [ &value <- _ret' ] s3) + | s2 = addr'0 {elem} (fun (_ret':Snapshot.snap_ty (int)) -> [ &_18 <- _ret' ] s3) | s3 = bb3 ] - | bb3 = any - [ br0 (x0:UInt64.t) (x1:t_T'0)-> {value = C_Root'0 x0 x1} (! bb5) - | br1 (x0:t_Element'0)-> {value = C_Link'0 x0} (! bb6) ] + | bb3 = s0 + [ s0 = [ &_17 <- _18 ] s1 + | s1 = get_ghost'0 {_14} {_17} (fun (_ret':t_Option'0) -> [ &_12 <- _ret' ] s2) + | s2 = bb4 ] + | bb4 = s0 [ s0 = unwrap'0 {_12} (fun (_ret':t_PtrOwn'0) -> [ &_11 <- _ret' ] s1) | s1 = bb5 ] + | bb5 = s0 [ s0 = new'0 {_11} (fun (_ret':t_GhostBox'1) -> [ &perm <- _ret' ] s1) | s1 = bb6 ] | bb6 = s0 + [ s0 = as_ref'0 {elem.t_Element__0'0} {perm} (fun (_ret':t_Content'0) -> [ &value <- _ret' ] s1) | s1 = bb7 ] + + | bb7 = any + [ br0 (x0:UInt64.t) (x1:t_T'0)-> {value = C_Root'0 x0 x1} (! bb9) + | br1 (x0:t_Element'0)-> {value = C_Link'0 x0} (! bb10) ] + + | bb10 = s0 [ s0 = v_Link'0 {value} (fun (r0'0:t_Element'0) -> [ &e <- r0'0 ] s1) | s1 = {inv'1 self.current} MutBorrow.borrow_mut {self.current} (fun (_ret':MutBorrow.t (t_UnionFind'0)) -> - [ &_21 <- _ret' ] + [ &_26 <- _ret' ] -{inv'1 _ret'.final}- [ &self <- { self with current = _ret'.final } ] s2) - | s2 = find_inner'0 {_21} {e} (fun (_ret':t_Element'0) -> [ &root <- _ret' ] s3) - | s3 = bb8 ] + | s2 = find_inner'0 {_26} {e} (fun (_ret':t_Element'0) -> [ &root <- _ret' ] s3) + | s3 = bb12 ] - | bb8 = s0 + | bb12 = s0 [ s0 = {inv'2 (self.current).t_UnionFind__map'0} MutBorrow.borrow_final {(self.current).t_UnionFind__map'0} {MutBorrow.inherit_id (MutBorrow.get_id self) 2} (fun (_ret':MutBorrow.t (t_GhostBox'2)) -> - [ &_24 <- _ret' ] + [ &_29 <- _ret' ] -{inv'2 _ret'.final}- [ &self <- { self with current = { self.current with t_UnionFind__map'0 = _ret'.final } } ] s1) - | s1 = borrow_mut'0 {_24} (fun (_ret':t_GhostBox'3) -> [ &map1 <- _ret' ] s2) - | s2 = bb9 ] + | s1 = borrow_mut'0 {_29} (fun (_ret':t_GhostBox'3) -> [ &map1 <- _ret' ] s2) + | s2 = bb13 ] - | bb9 = s0 + | bb13 = s0 [ s0 = {inv'3 map1} MutBorrow.borrow_mut {map1} (fun (_ret':MutBorrow.t (t_GhostBox'3)) -> - [ &_27 <- _ret' ] + [ &_36 <- _ret' ] -{inv'3 _ret'.final}- [ &map1 <- _ret'.final ] s1) - | s1 = [ &_26 <- { field_0'1 = _27; field_1'1 = elem } ] s2 - | s2 = closure6'0 {_26} (fun (_ret':t_GhostBox'4) -> [ &mut_perm <- _ret' ] s3) - | s3 = bb10 ] + | s1 = deref_mut'0 {_36} (fun (_ret':MutBorrow.t (MutBorrow.t (t_FMap'0))) -> [ &_35 <- _ret' ] s2) + | s2 = bb14 ] - | bb10 = s0 - [ s0 = [ &_30 <- C_Link'0 root ] s1 - | s1 = as_mut'0 {elem.t_Element__0'0} {mut_perm} (fun (_ret':MutBorrow.t (t_Content'0)) -> [ &_32 <- _ret' ] s2) - | s2 = bb11 ] + | bb14 = s0 + [ s0 = {inv'4 (_35.current).current} + MutBorrow.borrow_mut {(_35.current).current} + (fun (_ret':MutBorrow.t (t_FMap'0)) -> + [ &_34 <- _ret' ] + -{inv'4 _ret'.final}- + [ &_35 <- { _35 with current = { _35.current with current = _ret'.final } } ] + s1) + | s1 = addr'0 {elem} (fun (_ret':Snapshot.snap_ty (int)) -> [ &_39 <- _ret' ] s2) + | s2 = bb15 ] - | bb11 = bb12 - | bb12 = s0 - [ s0 = {[@expl:type invariant] match _32 with - | {current = x'0} -> inv'4 x'0 + | bb15 = s0 + [ s0 = [ &_38 <- _39 ] s1 + | s1 = get_mut_ghost'0 {_34} {_38} (fun (_ret':t_Option'1) -> [ &_33 <- _ret' ] s2) + | s2 = bb16 ] + + | bb16 = s0 [ s0 = unwrap'1 {_33} (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> [ &_32 <- _ret' ] s1) | s1 = bb17 ] + | bb17 = s0 + [ s0 = {inv'5 _32.current} + MutBorrow.borrow_final {_32.current} {MutBorrow.get_id _32} + (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> + [ &_31 <- _ret' ] + -{inv'5 _ret'.final}- + [ &_32 <- { _32 with current = _ret'.final } ] + s1) + | s1 = new'1 {_31} (fun (_ret':t_GhostBox'4) -> [ &mut_perm <- _ret' ] s2) + | s2 = bb18 ] + + | bb18 = s0 + [ s0 = {[@expl:type invariant] inv'6 _35} s1 + | s1 = -{resolve'1 _35}- s2 + | s2 = {[@expl:type invariant] inv'7 _32} s3 + | s3 = -{resolve'2 _32}- s4 + | s4 = [ &_41 <- C_Link'0 root ] s5 + | s5 = as_mut'0 {elem.t_Element__0'0} {mut_perm} (fun (_ret':MutBorrow.t (t_Content'0)) -> [ &_43 <- _ret' ] s6) + | s6 = bb19 ] + + | bb19 = bb20 + | bb20 = s0 + [ s0 = {[@expl:type invariant] match _43 with + | {current = x'0} -> inv'8 x'0 | _ -> true end} s1 - | s1 = [ &_32 <- { _32 with current = _30 } ] s2 - | s2 = {[@expl:type invariant] inv'5 _32} s3 - | s3 = -{resolve'1 _32}- s4 + | s1 = [ &_43 <- { _43 with current = _41 } ] s2 + | s2 = {[@expl:type invariant] inv'9 _43} s3 + | s3 = -{resolve'3 _43}- s4 | s4 = {[@expl:type invariant] inv'3 map1} s5 - | s5 = -{resolve'2 map1}- s6 - | s6 = {[@expl:type invariant] inv'6 self} s7 - | s7 = -{resolve'3 self}- s8 - | s8 = bb14 ] - - | bb14 = s0 [ s0 = [ &_0 <- root ] s1 | s1 = bb15 ] - | bb15 = bb16 - | bb16 = bb17 - | bb5 = bb7 - | bb7 = s0 - [ s0 = {[@expl:type invariant] inv'6 self} s1 - | s1 = -{resolve'3 self}- s2 + | s5 = -{resolve'4 map1}- s6 + | s6 = {[@expl:type invariant] inv'10 self} s7 + | s7 = -{resolve'5 self}- s8 + | s8 = bb22 ] + + | bb22 = s0 [ s0 = [ &_0 <- root ] s1 | s1 = bb23 ] + | bb23 = bb24 + | bb24 = bb25 + | bb9 = bb11 + | bb11 = s0 + [ s0 = {[@expl:type invariant] inv'10 self} s1 + | s1 = -{resolve'5 self}- s2 | s2 = [ &_0 <- elem ] s3 - | s3 = bb17 ] + | s3 = bb25 ] - | bb17 = bb18 - | bb18 = bb19 - | bb19 = return' {_0} ] + | bb25 = bb26 + | bb26 = bb27 + | bb27 = return' {_0} ] ) [ & _0 : t_Element'0 = Intrinsic.any_l () | & self : MutBorrow.t (t_UnionFind'0) = self | & elem : t_Element'0 = elem | & map : t_GhostBox'0 = Intrinsic.any_l () | & perm : t_GhostBox'1 = Intrinsic.any_l () - | & _11 : closure5'1 = Intrinsic.any_l () - | & _14 : () = Intrinsic.any_l () + | & _11 : t_PtrOwn'0 = Intrinsic.any_l () + | & _12 : t_Option'0 = Intrinsic.any_l () + | & _14 : t_FMap'0 = Intrinsic.any_l () + | & _17 : Snapshot.snap_ty (int) = Intrinsic.any_l () + | & _18 : Snapshot.snap_ty (int) = Intrinsic.any_l () | & value : t_Content'0 = Intrinsic.any_l () | & e : t_Element'0 = Intrinsic.any_l () | & root : t_Element'0 = Intrinsic.any_l () - | & _21 : MutBorrow.t (t_UnionFind'0) = Intrinsic.any_l () + | & _26 : MutBorrow.t (t_UnionFind'0) = Intrinsic.any_l () | & map1 : t_GhostBox'3 = Intrinsic.any_l () - | & _24 : MutBorrow.t (t_GhostBox'2) = Intrinsic.any_l () + | & _29 : MutBorrow.t (t_GhostBox'2) = Intrinsic.any_l () | & mut_perm : t_GhostBox'4 = Intrinsic.any_l () - | & _26 : closure6'1 = Intrinsic.any_l () - | & _27 : MutBorrow.t (t_GhostBox'3) = Intrinsic.any_l () - | & _29 : () = Intrinsic.any_l () - | & _30 : t_Content'0 = Intrinsic.any_l () - | & _32 : MutBorrow.t (t_Content'0) = Intrinsic.any_l () ] + | & _31 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () + | & _32 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () + | & _33 : t_Option'1 = Intrinsic.any_l () + | & _34 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () + | & _35 : MutBorrow.t (MutBorrow.t (t_FMap'0)) = Intrinsic.any_l () + | & _36 : MutBorrow.t (t_GhostBox'3) = Intrinsic.any_l () + | & _38 : Snapshot.snap_ty (int) = Intrinsic.any_l () + | & _39 : Snapshot.snap_ty (int) = Intrinsic.any_l () + | & _41 : t_Content'0 = Intrinsic.any_l () + | & _43 : MutBorrow.t (t_Content'0) = Intrinsic.any_l () ] [ return' (result:t_Element'0)-> {[@expl:find_inner ensures #0] [%#sunion_find2] result = index_logic'0 (root_of'0 self.current) elem} @@ -3531,54 +3423,53 @@ module M_union_find__implementation__qyi1944850640244667852__get [#"union_find.r let%span sghost5 = "../../../creusot-contracts/src/ghost.rs" 127 19 127 23 let%span sghost6 = "../../../creusot-contracts/src/ghost.rs" 127 4 127 40 let%span sghost7 = "../../../creusot-contracts/src/ghost.rs" 126 14 126 35 - let%span sunion_find8 = "union_find.rs" 236 23 236 67 - let%span sptr_own9 = "../../../creusot-contracts/src/ptr_own.rs" 71 34 71 37 - let%span sptr_own10 = "../../../creusot-contracts/src/ptr_own.rs" 68 15 68 31 - let%span sptr_own11 = "../../../creusot-contracts/src/ptr_own.rs" 71 4 71 66 - let%span sptr_own12 = "../../../creusot-contracts/src/ptr_own.rs" 69 14 69 35 - let%span sunion_find13 = "union_find.rs" 134 19 134 28 - let%span sunion_find14 = "union_find.rs" 135 18 135 150 - let%span sunion_find15 = "union_find.rs" 132 8 132 16 - let%span sfset16 = "../../../creusot-contracts/src/logic/fset.rs" 47 8 47 26 - let%span sunion_find17 = "union_find.rs" 146 19 146 28 - let%span sunion_find18 = "union_find.rs" 147 18 147 98 - let%span sunion_find19 = "union_find.rs" 144 8 144 16 - let%span smapping20 = "../../../creusot-contracts/src/logic/mapping.rs" 60 8 60 19 - let%span sunion_find21 = "union_find.rs" 155 19 155 28 - let%span sunion_find22 = "union_find.rs" 156 18 156 106 - let%span sunion_find23 = "union_find.rs" 153 8 153 16 - let%span sghost24 = "../../../creusot-contracts/src/ghost.rs" 69 14 69 18 - let%span sghost25 = "../../../creusot-contracts/src/ghost.rs" 69 4 69 36 - let%span sghost26 = "../../../creusot-contracts/src/ghost.rs" 68 14 68 35 - let%span sunion_find27 = "union_find.rs" 31 18 31 46 - let%span sfmap28 = "../../../creusot-contracts/src/logic/fmap.rs" 315 22 315 26 - let%span sfmap29 = "../../../creusot-contracts/src/logic/fmap.rs" 315 28 315 31 - let%span sfmap30 = "../../../creusot-contracts/src/logic/fmap.rs" 315 4 315 50 - let%span sfmap31 = "../../../creusot-contracts/src/logic/fmap.rs" 307 4 314 11 - let%span soption32 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span sghost33 = "../../../creusot-contracts/src/ghost.rs" 185 15 185 16 - let%span sghost34 = "../../../creusot-contracts/src/ghost.rs" 185 4 185 28 - let%span sghost35 = "../../../creusot-contracts/src/ghost.rs" 183 14 183 28 - let%span sghost36 = "../../../creusot-contracts/src/ghost.rs" 108 4 108 27 - let%span sghost37 = "../../../creusot-contracts/src/ghost.rs" 228 9 228 15 - let%span sunion_find38 = "union_find.rs" 22 8 22 16 - let%span sfmap39 = "../../../creusot-contracts/src/logic/fmap.rs" 133 8 133 35 - let%span sfmap40 = "../../../creusot-contracts/src/logic/fmap.rs" 125 8 125 35 - let%span sresolve41 = "../../../creusot-contracts/src/resolve.rs" 68 8 68 23 - let%span sinvariant42 = "../../../creusot-contracts/src/invariant.rs" 25 8 25 18 - let%span sfmap43 = "../../../creusot-contracts/src/logic/fmap.rs" 104 8 104 26 - let%span sutil44 = "../../../creusot-contracts/src/util.rs" 55 11 55 21 - let%span sutil45 = "../../../creusot-contracts/src/util.rs" 56 10 56 28 + let%span sghost8 = "../../../creusot-contracts/src/ghost.rs" 69 14 69 18 + let%span sghost9 = "../../../creusot-contracts/src/ghost.rs" 69 4 69 36 + let%span sghost10 = "../../../creusot-contracts/src/ghost.rs" 68 14 68 35 + let%span sunion_find11 = "union_find.rs" 31 18 31 46 + let%span sfmap12 = "../../../creusot-contracts/src/logic/fmap.rs" 315 22 315 26 + let%span sfmap13 = "../../../creusot-contracts/src/logic/fmap.rs" 315 28 315 31 + let%span sfmap14 = "../../../creusot-contracts/src/logic/fmap.rs" 315 4 315 50 + let%span sfmap15 = "../../../creusot-contracts/src/logic/fmap.rs" 307 4 314 11 + let%span soption16 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 + let%span sghost17 = "../../../creusot-contracts/src/ghost.rs" 185 15 185 16 + let%span sghost18 = "../../../creusot-contracts/src/ghost.rs" 185 4 185 28 + let%span sghost19 = "../../../creusot-contracts/src/ghost.rs" 183 14 183 28 + let%span sptr_own20 = "../../../creusot-contracts/src/ptr_own.rs" 71 34 71 37 + let%span sptr_own21 = "../../../creusot-contracts/src/ptr_own.rs" 68 15 68 31 + let%span sptr_own22 = "../../../creusot-contracts/src/ptr_own.rs" 71 4 71 66 + let%span sptr_own23 = "../../../creusot-contracts/src/ptr_own.rs" 69 14 69 35 + let%span sunion_find24 = "union_find.rs" 134 19 134 28 + let%span sunion_find25 = "union_find.rs" 135 18 135 150 + let%span sunion_find26 = "union_find.rs" 132 8 132 16 + let%span sfset27 = "../../../creusot-contracts/src/logic/fset.rs" 47 8 47 26 + let%span sunion_find28 = "union_find.rs" 146 19 146 28 + let%span sunion_find29 = "union_find.rs" 147 18 147 98 + let%span sunion_find30 = "union_find.rs" 144 8 144 16 + let%span smapping31 = "../../../creusot-contracts/src/logic/mapping.rs" 60 8 60 19 + let%span sunion_find32 = "union_find.rs" 155 19 155 28 + let%span sunion_find33 = "union_find.rs" 156 18 156 106 + let%span sunion_find34 = "union_find.rs" 153 8 153 16 + let%span sghost35 = "../../../creusot-contracts/src/ghost.rs" 108 4 108 27 + let%span sunion_find36 = "union_find.rs" 22 8 22 16 + let%span sfmap37 = "../../../creusot-contracts/src/logic/fmap.rs" 133 8 133 35 + let%span sfmap38 = "../../../creusot-contracts/src/logic/fmap.rs" 125 8 125 35 + let%span sghost39 = "../../../creusot-contracts/src/ghost.rs" 228 9 228 15 + let%span sresolve40 = "../../../creusot-contracts/src/resolve.rs" 68 8 68 23 + let%span sfmap41 = "../../../creusot-contracts/src/logic/fmap.rs" 104 8 104 26 + let%span sutil42 = "../../../creusot-contracts/src/util.rs" 55 11 55 21 + let%span sutil43 = "../../../creusot-contracts/src/util.rs" 56 10 56 28 + let%span sinvariant44 = "../../../creusot-contracts/src/invariant.rs" 25 8 25 18 + let%span sfmap45 = "../../../creusot-contracts/src/logic/fmap.rs" 59 14 59 86 let%span sunion_find46 = "union_find.rs" 81 8 81 20 - let%span sfmap47 = "../../../creusot-contracts/src/logic/fmap.rs" 59 14 59 86 - let%span sboxed48 = "../../../creusot-contracts/src/std/boxed.rs" 33 8 33 18 - let%span sunion_find49 = "union_find.rs" 126 8 126 16 - let%span sfmap50 = "../../../creusot-contracts/src/logic/fmap.rs" 229 8 229 24 - let%span sfmap51 = "../../../creusot-contracts/src/logic/fmap.rs" 117 9 117 31 - let%span sfmap52 = "../../../creusot-contracts/src/logic/fmap.rs" 490 20 490 91 - let%span sptr_own53 = "../../../creusot-contracts/src/ptr_own.rs" 44 20 44 66 - let%span sptr54 = "../../../creusot-contracts/src/std/ptr.rs" 80 14 80 48 - let%span sptr55 = "../../../creusot-contracts/src/std/ptr.rs" 82 8 82 30 + let%span sboxed47 = "../../../creusot-contracts/src/std/boxed.rs" 33 8 33 18 + let%span sunion_find48 = "union_find.rs" 126 8 126 16 + let%span sfmap49 = "../../../creusot-contracts/src/logic/fmap.rs" 229 8 229 24 + let%span sfmap50 = "../../../creusot-contracts/src/logic/fmap.rs" 490 20 490 91 + let%span sptr_own51 = "../../../creusot-contracts/src/ptr_own.rs" 44 20 44 66 + let%span sfmap52 = "../../../creusot-contracts/src/logic/fmap.rs" 117 9 117 31 + let%span sptr53 = "../../../creusot-contracts/src/std/ptr.rs" 80 14 80 48 + let%span sptr54 = "../../../creusot-contracts/src/std/ptr.rs" 82 8 82 30 use creusot.prelude.Opaque @@ -3628,37 +3519,37 @@ module M_union_find__implementation__qyi1944850640244667852__get [#"union_find.r function view'0 (self : t_FMap'0) : Map.map (Snapshot.snap_ty (int)) (t_Option'1) - axiom view'0_spec : forall self : t_FMap'0 . [%#sfmap47] forall m1 : t_FMap'0, m2 : t_FMap'0 . m1 <> m2 + axiom view'0_spec : forall self : t_FMap'0 . [%#sfmap45] forall m1 : t_FMap'0, m2 : t_FMap'0 . m1 <> m2 -> view'0 m1 <> view'0 m2 use map.Map function get_unsized'0 [@inline:trivial] (self : t_FMap'0) (k : Snapshot.snap_ty (int)) : t_Option'1 = - [%#sfmap43] Map.get (view'0 self) k + [%#sfmap41] Map.get (view'0 self) k function contains'1 [@inline:trivial] (self : t_FMap'0) (k : Snapshot.snap_ty (int)) : bool = - [%#sfmap39] get_unsized'0 self k <> C_None'1 + [%#sfmap37] get_unsized'0 self k <> C_None'1 - predicate inv'22 (_1 : Snapshot.snap_ty (int)) + predicate inv'21 (_1 : Snapshot.snap_ty (int)) - axiom inv_axiom'21 [@rewrite] : forall x : Snapshot.snap_ty (int) [inv'22 x] . inv'22 x = true + axiom inv_axiom'20 [@rewrite] : forall x : Snapshot.snap_ty (int) [inv'21 x] . inv'21 x = true function unwrap'1 (op : t_Option'1) : t_PtrOwn'0 - axiom unwrap'1_spec : forall op : t_Option'1 . ([%#sutil44] op <> C_None'1) - -> ([%#sutil45] C_Some'1 (unwrap'1 op) = op) + axiom unwrap'1_spec : forall op : t_Option'1 . ([%#sutil42] op <> C_None'1) + -> ([%#sutil43] C_Some'1 (unwrap'1 op) = op) function lookup_unsized'0 [@inline:trivial] (self : t_FMap'0) (k : Snapshot.snap_ty (int)) : t_PtrOwn'0 = - [%#sfmap40] unwrap'1 (get_unsized'0 self k) + [%#sfmap38] unwrap'1 (get_unsized'0 self k) function ptr'0 (self : t_PtrOwn'0) : Opaque.ptr function addr_logic'0 (self : Opaque.ptr) : int function is_null_logic'0 (self : Opaque.ptr) : bool = - [%#sptr55] addr_logic'0 self = 0 + [%#sptr54] addr_logic'0 self = 0 - axiom is_null_logic'0_spec : forall self : Opaque.ptr . [%#sptr54] is_null_logic'0 self = (addr_logic'0 self = 0) + axiom is_null_logic'0_spec : forall self : Opaque.ptr . [%#sptr53] is_null_logic'0 self = (addr_logic'0 self = 0) use creusot.int.UInt64 @@ -3668,60 +3559,60 @@ module M_union_find__implementation__qyi1944850640244667852__get [#"union_find.r function val'0 (self : t_PtrOwn'0) : t_Content'0 - predicate inv'17 (_1 : t_T'0) + predicate inv'16 (_1 : t_T'0) - predicate inv'18 (_1 : t_Content'0) + predicate inv'19 (_1 : t_Content'0) - axiom inv_axiom'17 [@rewrite] : forall x : t_Content'0 [inv'18 x] . inv'18 x + axiom inv_axiom'18 [@rewrite] : forall x : t_Content'0 [inv'19 x] . inv'19 x = match x with - | C_Root'0 rank value -> inv'17 value + | C_Root'0 rank value -> inv'16 value | C_Link'0 a_0 -> true end predicate invariant'15 (self : t_Content'0) = - [%#sboxed48] inv'18 self + [%#sboxed47] inv'19 self - predicate inv'24 (_1 : t_Content'0) + predicate inv'23 (_1 : t_Content'0) - axiom inv_axiom'23 [@rewrite] : forall x : t_Content'0 [inv'24 x] . inv'24 x = invariant'15 x + axiom inv_axiom'22 [@rewrite] : forall x : t_Content'0 [inv'23 x] . inv'23 x = invariant'15 x predicate invariant'12 (self : t_PtrOwn'0) = - [%#sptr_own53] not is_null_logic'0 (ptr'0 self) /\ inv'24 (val'0 self) + [%#sptr_own51] not is_null_logic'0 (ptr'0 self) /\ inv'23 (val'0 self) - predicate inv'20 (_1 : t_PtrOwn'0) + predicate inv'18 (_1 : t_PtrOwn'0) - axiom inv_axiom'19 [@rewrite] : forall x : t_PtrOwn'0 [inv'20 x] . inv'20 x = invariant'12 x + axiom inv_axiom'17 [@rewrite] : forall x : t_PtrOwn'0 [inv'18 x] . inv'18 x = invariant'12 x predicate invariant'14 (self : t_PtrOwn'0) = - [%#sboxed48] inv'20 self + [%#sboxed47] inv'18 self - predicate inv'23 (_1 : t_PtrOwn'0) + predicate inv'22 (_1 : t_PtrOwn'0) - axiom inv_axiom'22 [@rewrite] : forall x : t_PtrOwn'0 [inv'23 x] . inv'23 x = invariant'14 x + axiom inv_axiom'21 [@rewrite] : forall x : t_PtrOwn'0 [inv'22 x] . inv'22 x = invariant'14 x predicate invariant'11 (self : t_FMap'0) = - [%#sfmap52] forall k : Snapshot.snap_ty (int) . contains'1 self k -> inv'22 k /\ inv'23 (lookup_unsized'0 self k) + [%#sfmap50] forall k : Snapshot.snap_ty (int) . contains'1 self k -> inv'21 k /\ inv'22 (lookup_unsized'0 self k) - predicate inv'19 (_1 : t_FMap'0) + predicate inv'17 (_1 : t_FMap'0) - axiom inv_axiom'18 [@rewrite] : forall x : t_FMap'0 [inv'19 x] . inv'19 x = invariant'11 x + axiom inv_axiom'16 [@rewrite] : forall x : t_FMap'0 [inv'17 x] . inv'17 x = invariant'11 x predicate invariant'13 (self : t_FMap'0) = - [%#sboxed48] inv'19 self + [%#sboxed47] inv'17 self - predicate inv'21 (_1 : t_FMap'0) + predicate inv'20 (_1 : t_FMap'0) - axiom inv_axiom'20 [@rewrite] : forall x : t_FMap'0 [inv'21 x] . inv'21 x = invariant'13 x + axiom inv_axiom'19 [@rewrite] : forall x : t_FMap'0 [inv'20 x] . inv'20 x = invariant'13 x - predicate inv'16 (_1 : t_GhostBox'2) + predicate inv'15 (_1 : t_GhostBox'2) - axiom inv_axiom'16 [@rewrite] : forall x : t_GhostBox'2 [inv'16 x] . inv'16 x + axiom inv_axiom'15 [@rewrite] : forall x : t_GhostBox'2 [inv'15 x] . inv'15 x = match x with - | {t_GhostBox__0'1 = a_0} -> inv'21 a_0 + | {t_GhostBox__0'1 = a_0} -> inv'20 a_0 end predicate invariant'2 (self : t_GhostBox'2) = - [%#sinvariant42] inv'16 self + [%#sinvariant44] inv'15 self predicate inv'3 (_1 : t_GhostBox'2) @@ -3730,25 +3621,25 @@ module M_union_find__implementation__qyi1944850640244667852__get [#"union_find.r type t_GhostBox'0 = { t_GhostBox__0'0: t_FMap'0 } - predicate invariant'7 (self : t_FMap'0) = - [%#sinvariant42] inv'19 self + predicate invariant'5 (self : t_FMap'0) = + [%#sinvariant44] inv'17 self - predicate inv'10 (_1 : t_FMap'0) + predicate inv'6 (_1 : t_FMap'0) - axiom inv_axiom'10 [@rewrite] : forall x : t_FMap'0 [inv'10 x] . inv'10 x = invariant'7 x + axiom inv_axiom'6 [@rewrite] : forall x : t_FMap'0 [inv'6 x] . inv'6 x = invariant'5 x predicate invariant'9 (self : t_FMap'0) = - [%#sboxed48] inv'10 self + [%#sboxed47] inv'6 self - predicate inv'14 (_1 : t_FMap'0) + predicate inv'13 (_1 : t_FMap'0) - axiom inv_axiom'14 [@rewrite] : forall x : t_FMap'0 [inv'14 x] . inv'14 x = invariant'9 x + axiom inv_axiom'13 [@rewrite] : forall x : t_FMap'0 [inv'13 x] . inv'13 x = invariant'9 x predicate inv'0 (_1 : t_GhostBox'0) axiom inv_axiom'0 [@rewrite] : forall x : t_GhostBox'0 [inv'0 x] . inv'0 x = match x with - | {t_GhostBox__0'0 = a_0} -> inv'14 a_0 + | {t_GhostBox__0'0 = a_0} -> inv'13 a_0 end let rec borrow'0 (self:t_GhostBox'2) (return' (ret:t_GhostBox'0))= {[@expl:borrow 'self' type invariant] [%#sghost5] inv'3 self} @@ -3758,65 +3649,77 @@ module M_union_find__implementation__qyi1944850640244667852__get [#"union_find.r (! return' {result}) ] - predicate invariant'5 (self : t_GhostBox'0) = - [%#sinvariant42] inv'0 self + predicate invariant'3 (self : t_GhostBox'0) = + [%#sinvariant44] inv'0 self - predicate inv'8 (_1 : t_GhostBox'0) + predicate inv'4 (_1 : t_GhostBox'0) - axiom inv_axiom'8 [@rewrite] : forall x : t_GhostBox'0 [inv'8 x] . inv'8 x = invariant'5 x + axiom inv_axiom'4 [@rewrite] : forall x : t_GhostBox'0 [inv'4 x] . inv'4 x = invariant'3 x - predicate invariant'6 (self : t_FMap'0) = - [%#sinvariant42] inv'10 self + predicate invariant'4 (self : t_FMap'0) = + [%#sinvariant44] inv'6 self - predicate inv'9 (_1 : t_FMap'0) + predicate inv'5 (_1 : t_FMap'0) - axiom inv_axiom'9 [@rewrite] : forall x : t_FMap'0 [inv'9 x] . inv'9 x = invariant'6 x + axiom inv_axiom'5 [@rewrite] : forall x : t_FMap'0 [inv'5 x] . inv'5 x = invariant'4 x - let rec deref'0 (self:t_GhostBox'0) (return' (ret:t_FMap'0))= {[@expl:deref 'self' type invariant] [%#sghost24] inv'8 self} + let rec deref'0 (self:t_GhostBox'0) (return' (ret:t_FMap'0))= {[@expl:deref 'self' type invariant] [%#sghost8] inv'4 self} any - [ return' (result:t_FMap'0)-> {[%#sghost25] inv'9 result} - {[%#sghost26] self.t_GhostBox__0'0 = result} + [ return' (result:t_FMap'0)-> {[%#sghost9] inv'5 result} + {[%#sghost10] self.t_GhostBox__0'0 = result} (! return' {result}) ] + predicate resolve'3 (_1 : t_FMap'0) = + true + + predicate resolve'2 (self : t_FMap'0) = + [%#sresolve40] resolve'3 self + + predicate resolve'1 (self : t_GhostBox'0) = + [%#sghost35] resolve'2 self.t_GhostBox__0'0 + + predicate resolve'0 (_1 : t_GhostBox'0) = + resolve'1 _1 + use creusot.prelude.Snapshot function deep_model'0 [#"union_find.rs" 24 8 24 34] (self : t_Element'0) : int = - [%#sunion_find38] addr_logic'0 self.t_Element__0'0 + [%#sunion_find36] addr_logic'0 self.t_Element__0'0 let rec addr'0 (self:t_Element'0) (return' (ret:Snapshot.snap_ty (int)))= any - [ return' (result:Snapshot.snap_ty (int))-> {[%#sunion_find27] Snapshot.inner result = deep_model'0 self} + [ return' (result:Snapshot.snap_ty (int))-> {[%#sunion_find11] Snapshot.inner result = deep_model'0 self} (! return' {result}) ] - predicate inv'11 (_1 : Snapshot.snap_ty (int)) + predicate inv'7 (_1 : Snapshot.snap_ty (int)) - axiom inv_axiom'11 [@rewrite] : forall x : Snapshot.snap_ty (int) [inv'11 x] . inv'11 x = true + axiom inv_axiom'7 [@rewrite] : forall x : Snapshot.snap_ty (int) [inv'7 x] . inv'7 x = true type t_Option'0 = | C_None'0 | C_Some'0 (t_PtrOwn'0) - predicate invariant'8 (self : t_PtrOwn'0) = - [%#sinvariant42] inv'20 self + predicate invariant'6 (self : t_PtrOwn'0) = + [%#sinvariant44] inv'18 self - predicate inv'13 (_1 : t_PtrOwn'0) + predicate inv'9 (_1 : t_PtrOwn'0) - axiom inv_axiom'13 [@rewrite] : forall x : t_PtrOwn'0 [inv'13 x] . inv'13 x = invariant'8 x + axiom inv_axiom'9 [@rewrite] : forall x : t_PtrOwn'0 [inv'9 x] . inv'9 x = invariant'6 x - predicate inv'12 (_1 : t_Option'0) + predicate inv'8 (_1 : t_Option'0) - axiom inv_axiom'12 [@rewrite] : forall x : t_Option'0 [inv'12 x] . inv'12 x + axiom inv_axiom'8 [@rewrite] : forall x : t_Option'0 [inv'8 x] . inv'8 x = match x with | C_None'0 -> true - | C_Some'0 a_0 -> inv'13 a_0 + | C_Some'0 a_0 -> inv'9 a_0 end - let rec get_ghost'0 (self:t_FMap'0) (key:Snapshot.snap_ty (int)) (return' (ret:t_Option'0))= {[@expl:get_ghost 'self' type invariant] [%#sfmap28] inv'10 self} - {[@expl:get_ghost 'key' type invariant] [%#sfmap29] inv'11 key} + let rec get_ghost'0 (self:t_FMap'0) (key:Snapshot.snap_ty (int)) (return' (ret:t_Option'0))= {[@expl:get_ghost 'self' type invariant] [%#sfmap12] inv'6 self} + {[@expl:get_ghost 'key' type invariant] [%#sfmap13] inv'7 key} any - [ return' (result:t_Option'0)-> {[%#sfmap30] inv'12 result} - {[%#sfmap31] if contains'1 self key then + [ return' (result:t_Option'0)-> {[%#sfmap14] inv'8 result} + {[%#sfmap15] if contains'1 self key then match result with | C_None'0 -> false | C_Some'0 r -> lookup_unsized'0 self key = r @@ -3827,92 +3730,49 @@ module M_union_find__implementation__qyi1944850640244667852__get [#"union_find.r (! return' {result}) ] - let rec unwrap'0 (self:t_Option'0) (return' (ret:t_PtrOwn'0))= {[@expl:unwrap 'self' type invariant] inv'12 self} - {[@expl:unwrap requires] [%#soption32] self <> C_None'0} - any [ return' (result:t_PtrOwn'0)-> {inv'13 result} {[%#soption32] C_Some'0 result = self} (! return' {result}) ] - - type t_GhostBox'1 = - { t_GhostBox__0'2: t_PtrOwn'0 } - - predicate invariant'10 (self : t_PtrOwn'0) = - [%#sboxed48] inv'13 self - - predicate inv'15 (_1 : t_PtrOwn'0) - - axiom inv_axiom'15 [@rewrite] : forall x : t_PtrOwn'0 [inv'15 x] . inv'15 x = invariant'10 x - - predicate inv'5 (_1 : t_GhostBox'1) - - axiom inv_axiom'5 [@rewrite] : forall x : t_GhostBox'1 [inv'5 x] . inv'5 x - = match x with - | {t_GhostBox__0'2 = a_0} -> inv'15 a_0 - end - - let rec new'0 (x:t_PtrOwn'0) (return' (ret:t_GhostBox'1))= {[@expl:new 'x' type invariant] [%#sghost33] inv'13 x} - any - [ return' (result:t_GhostBox'1)-> {[%#sghost34] inv'5 result} - {[%#sghost35] result.t_GhostBox__0'2 = x} - (! return' {result}) ] - - - use creusot.prelude.Intrinsic + let rec unwrap'0 (self:t_Option'0) (return' (ret:t_PtrOwn'0))= {[@expl:unwrap 'self' type invariant] inv'8 self} + {[@expl:unwrap requires] [%#soption16] self <> C_None'0} + any [ return' (result:t_PtrOwn'0)-> {inv'9 result} {[%#soption16] C_Some'0 result = self} (! return' {result}) ] - type closure3'1 = - { field_0'0: t_GhostBox'0; field_1'0: t_Element'0 } + type t_GhostBox'1 = + { t_GhostBox__0'2: t_PtrOwn'0 } - predicate inv'4 (_1 : closure3'1) + predicate invariant'10 (self : t_PtrOwn'0) = + [%#sboxed47] inv'9 self - axiom inv_axiom'4 [@rewrite] : forall x : closure3'1 [inv'4 x] . inv'4 x - = (let {field_0'0 = x0 ; field_1'0 = x1} = x in inv'8 x0) + predicate inv'14 (_1 : t_PtrOwn'0) - let rec closure3'0[#"union_find.rs" 236 23 236 67] [@coma:extspec] (_1:closure3'1) (return' (ret:t_GhostBox'1))= bb0 - [ bb0 = s0 [ s0 = deref'0 {_1.field_0'0} (fun (_ret':t_FMap'0) -> [ &_5 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = addr'0 {_1.field_1'0} (fun (_ret':Snapshot.snap_ty (int)) -> [ &_9 <- _ret' ] s1) | s1 = bb2 ] - | bb2 = s0 - [ s0 = [ &_8 <- _9 ] s1 - | s1 = get_ghost'0 {_5} {_8} (fun (_ret':t_Option'0) -> [ &_3 <- _ret' ] s2) - | s2 = bb3 ] - - | bb3 = s0 [ s0 = unwrap'0 {_3} (fun (_ret':t_PtrOwn'0) -> [ &_2 <- _ret' ] s1) | s1 = bb4 ] - | bb4 = s0 [ s0 = new'0 {_2} (fun (_ret':t_GhostBox'1) -> [ &_0 <- _ret' ] s1) | s1 = bb5 ] - | bb5 = return' {_0} ] - - [ & _0 : t_GhostBox'1 = Intrinsic.any_l () - | & _1 : closure3'1 = _1 - | & _2 : t_PtrOwn'0 = Intrinsic.any_l () - | & _3 : t_Option'0 = Intrinsic.any_l () - | & _5 : t_FMap'0 = Intrinsic.any_l () - | & _8 : Snapshot.snap_ty (int) = Intrinsic.any_l () - | & _9 : Snapshot.snap_ty (int) = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'1)-> return' {result} ] + axiom inv_axiom'14 [@rewrite] : forall x : t_PtrOwn'0 [inv'14 x] . inv'14 x = invariant'10 x - predicate resolve'3 (_1 : t_FMap'0) = - true + predicate inv'10 (_1 : t_GhostBox'1) - predicate resolve'2 (self : t_FMap'0) = - [%#sresolve41] resolve'3 self + axiom inv_axiom'10 [@rewrite] : forall x : t_GhostBox'1 [inv'10 x] . inv'10 x + = match x with + | {t_GhostBox__0'2 = a_0} -> inv'14 a_0 + end - predicate resolve'1 (self : t_GhostBox'0) = - [%#sghost36] resolve'2 self.t_GhostBox__0'0 + let rec new'0 (x:t_PtrOwn'0) (return' (ret:t_GhostBox'1))= {[@expl:new 'x' type invariant] [%#sghost17] inv'9 x} + any + [ return' (result:t_GhostBox'1)-> {[%#sghost18] inv'10 result} + {[%#sghost19] result.t_GhostBox__0'2 = x} + (! return' {result}) ] - predicate resolve'0 (_1 : t_GhostBox'0) = - resolve'1 _1 function inner_logic'0 (self : t_GhostBox'1) : t_PtrOwn'0 = - [%#sghost37] self.t_GhostBox__0'2 + [%#sghost39] self.t_GhostBox__0'2 - predicate invariant'3 (self : t_Content'0) = - [%#sinvariant42] inv'18 self + predicate invariant'7 (self : t_Content'0) = + [%#sinvariant44] inv'19 self - predicate inv'6 (_1 : t_Content'0) + predicate inv'11 (_1 : t_Content'0) - axiom inv_axiom'6 [@rewrite] : forall x : t_Content'0 [inv'6 x] . inv'6 x = invariant'3 x + axiom inv_axiom'11 [@rewrite] : forall x : t_Content'0 [inv'11 x] . inv'11 x = invariant'7 x - let rec as_ref'0 (ptr:Opaque.ptr) (own:t_GhostBox'1) (return' (ret:t_Content'0))= {[@expl:as_ref 'own' type invariant] [%#sptr_own9] inv'5 own} - {[@expl:as_ref requires] [%#sptr_own10] ptr = ptr'0 (inner_logic'0 own)} + let rec as_ref'0 (ptr:Opaque.ptr) (own:t_GhostBox'1) (return' (ret:t_Content'0))= {[@expl:as_ref 'own' type invariant] [%#sptr_own20] inv'10 own} + {[@expl:as_ref requires] [%#sptr_own21] ptr = ptr'0 (inner_logic'0 own)} any - [ return' (result:t_Content'0)-> {[%#sptr_own11] inv'6 result} - {[%#sptr_own12] result = val'0 (inner_logic'0 own)} + [ return' (result:t_Content'0)-> {[%#sptr_own22] inv'11 result} + {[%#sptr_own23] result = val'0 (inner_logic'0 own)} (! return' {result}) ] @@ -3923,51 +3783,53 @@ module M_union_find__implementation__qyi1944850640244667852__get [#"union_find.r any) ] + use creusot.prelude.Intrinsic + use creusot.prelude.Snapshot use set.Fset predicate contains'0 [@inline:trivial] (self : Fset.fset (t_Element'0)) (e : t_Element'0) = - [%#sfset16] Fset.mem e self + [%#sfset27] Fset.mem e self function inner_logic'1 (self : t_GhostBox'2) : t_FMap'0 = - [%#sghost37] self.t_GhostBox__0'1 + [%#sghost39] self.t_GhostBox__0'1 use creusot.prelude.Snapshot function lookup'0 [@inline:trivial] (self : t_FMap'0) (k : Snapshot.snap_ty (int)) : t_PtrOwn'0 = - [%#sfmap51] lookup_unsized'0 self k + [%#sfmap52] lookup_unsized'0 self k function index_logic'3 [@inline:trivial] (self : t_FMap'0) (key : Snapshot.snap_ty (int)) : t_PtrOwn'0 = - [%#sfmap50] lookup'0 self key + [%#sfmap49] lookup'0 self key function get_perm'0 [#"union_find.rs" 127 8 127 62] (self : t_UnionFind'0) (e : t_Element'0) : t_PtrOwn'0 = - [%#sunion_find49] index_logic'3 (inner_logic'1 self.t_UnionFind__map'0) (Snapshot.new (deep_model'0 e)) + [%#sunion_find48] index_logic'3 (inner_logic'1 self.t_UnionFind__map'0) (Snapshot.new (deep_model'0 e)) use creusot.prelude.Snapshot use map.Map function index_logic'1 (self : Map.map (t_Element'0) t_T'0) (a : t_Element'0) : t_T'0 = - [%#smapping20] Map.get self a + [%#smapping31] Map.get self a use creusot.prelude.Snapshot use map.Map function index_logic'0 (self : Map.map (t_Element'0) (t_Element'0)) (a : t_Element'0) : t_Element'0 = - [%#smapping20] Map.get self a + [%#smapping31] Map.get self a use creusot.prelude.Snapshot use map.Map function index_logic'2 (self : Map.map (t_Element'0) (int)) (a : t_Element'0) : int = - [%#smapping20] Map.get self a + [%#smapping31] Map.get self a use mach.int.Int - predicate invariant'4 [@inline:trivial] [#"union_find.rs" 84 8 84 34] (self : t_UnionFind'0) = + predicate invariant'8 [@inline:trivial] [#"union_find.rs" 84 8 84 34] (self : t_UnionFind'0) = [%#sunion_find46] let domain = self.t_UnionFind__domain'0 in (forall e1 : t_Element'0, e2 : t_Element'0 . contains'0 (Snapshot.inner domain) e1 /\ contains'0 (Snapshot.inner domain) e2 /\ deep_model'0 e1 = deep_model'0 e2 -> e1 = e2) /\ (forall e : t_Element'0 . contains'0 (Snapshot.inner domain) e @@ -4006,47 +3868,47 @@ module M_union_find__implementation__qyi1944850640244667852__get [#"union_find.r | C_Link'0 _ -> false end) - predicate inv'7 (_1 : t_UnionFind'0) + predicate inv'12 (_1 : t_UnionFind'0) - axiom inv_axiom'7 [@rewrite] : forall x : t_UnionFind'0 [inv'7 x] . inv'7 x - = (invariant'4 x + axiom inv_axiom'12 [@rewrite] : forall x : t_UnionFind'0 [inv'12 x] . inv'12 x + = (invariant'8 x /\ match x with - | {t_UnionFind__domain'0 = domain ; t_UnionFind__map'0 = map ; t_UnionFind__values'0 = values ; t_UnionFind__distance'0 = distance ; t_UnionFind__root_of'0 = root_of ; t_UnionFind__max_depth'0 = max_depth} -> inv'16 map + | {t_UnionFind__domain'0 = domain ; t_UnionFind__map'0 = map ; t_UnionFind__values'0 = values ; t_UnionFind__distance'0 = distance ; t_UnionFind__root_of'0 = root_of ; t_UnionFind__max_depth'0 = max_depth} -> inv'15 map end) predicate invariant'0 (self : t_UnionFind'0) = - [%#sinvariant42] inv'7 self + [%#sinvariant44] inv'12 self predicate inv'1 (_1 : t_UnionFind'0) axiom inv_axiom'1 [@rewrite] : forall x : t_UnionFind'0 [inv'1 x] . inv'1 x = invariant'0 x function domain'0 [#"union_find.rs" 136 8 136 47] (self : t_UnionFind'0) : Fset.fset (t_Element'0) = - [%#sunion_find15] Snapshot.inner self.t_UnionFind__domain'0 + [%#sunion_find26] Snapshot.inner self.t_UnionFind__domain'0 - axiom domain'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find13] inv'7 self) - -> ([%#sunion_find14] forall e1 : t_Element'0, e2 : t_Element'0 . contains'0 (domain'0 self) e1 + axiom domain'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find24] inv'12 self) + -> ([%#sunion_find25] forall e1 : t_Element'0, e2 : t_Element'0 . contains'0 (domain'0 self) e1 /\ contains'0 (domain'0 self) e2 /\ deep_model'0 e1 = deep_model'0 e2 -> e1 = e2) function root_of'0 [#"union_find.rs" 148 8 148 63] (self : t_UnionFind'0) : Map.map (t_Element'0) (t_Element'0) = - [%#sunion_find19] Snapshot.inner self.t_UnionFind__root_of'0 + [%#sunion_find30] Snapshot.inner self.t_UnionFind__root_of'0 - axiom root_of'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find17] inv'7 self) - -> ([%#sunion_find18] forall e : t_Element'0 . contains'0 (Snapshot.inner self.t_UnionFind__domain'0) e + axiom root_of'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find28] inv'12 self) + -> ([%#sunion_find29] forall e : t_Element'0 . contains'0 (Snapshot.inner self.t_UnionFind__domain'0) e -> index_logic'0 (root_of'0 self) e = index_logic'0 (root_of'0 self) (index_logic'0 (root_of'0 self) e)) predicate invariant'1 (self : t_T'0) = - [%#sinvariant42] inv'17 self + [%#sinvariant44] inv'16 self predicate inv'2 (_1 : t_T'0) axiom inv_axiom'2 [@rewrite] : forall x : t_T'0 [inv'2 x] . inv'2 x = invariant'1 x function values'0 [#"union_find.rs" 157 8 157 53] (self : t_UnionFind'0) : Map.map (t_Element'0) t_T'0 = - [%#sunion_find23] Snapshot.inner self.t_UnionFind__values'0 + [%#sunion_find34] Snapshot.inner self.t_UnionFind__values'0 - axiom values'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find21] inv'7 self) - -> ([%#sunion_find22] forall e : t_Element'0 . contains'0 (Snapshot.inner self.t_UnionFind__domain'0) e + axiom values'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find32] inv'12 self) + -> ([%#sunion_find33] forall e : t_Element'0 . contains'0 (Snapshot.inner self.t_UnionFind__domain'0) e -> index_logic'1 (values'0 self) e = index_logic'1 (values'0 self) (index_logic'0 (root_of'0 self) e)) meta "compute_max_steps" 1000000 @@ -4058,40 +3920,49 @@ module M_union_find__implementation__qyi1944850640244667852__get [#"union_find.r [ bb0 = s0 [ s0 = borrow'0 {self.t_UnionFind__map'0} (fun (_ret':t_GhostBox'0) -> [ &map <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 - [ s0 = [ &_9 <- { field_0'0 = map; field_1'0 = elem } ] s1 - | s1 = closure3'0 {_9} (fun (_ret':t_GhostBox'1) -> [ &perm <- _ret' ] s2) - | s2 = bb2 ] - + | bb1 = s0 [ s0 = deref'0 {map} (fun (_ret':t_FMap'0) -> [ &_12 <- _ret' ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = {[@expl:type invariant] inv'0 map} s1 | s1 = -{resolve'0 map}- s2 - | s2 = as_ref'0 {elem.t_Element__0'0} {perm} (fun (_ret':t_Content'0) -> [ &_13 <- _ret' ] s3) + | s2 = addr'0 {elem} (fun (_ret':Snapshot.snap_ty (int)) -> [ &_16 <- _ret' ] s3) | s3 = bb3 ] - | bb3 = any - [ br0 (x0:UInt64.t) (x1:t_T'0)-> {_13 = C_Root'0 x0 x1} (! bb5) - | br1 (x0:t_Element'0)-> {_13 = C_Link'0 x0} (! bb4) ] + | bb3 = s0 + [ s0 = [ &_15 <- _16 ] s1 + | s1 = get_ghost'0 {_12} {_15} (fun (_ret':t_Option'0) -> [ &_10 <- _ret' ] s2) + | s2 = bb4 ] - | bb4 = bb7 - | bb7 = bb7 [ bb7 = (! bb8) [ bb8 = bb7 ] ] - | bb5 = bb6 + | bb4 = s0 [ s0 = unwrap'0 {_10} (fun (_ret':t_PtrOwn'0) -> [ &_9 <- _ret' ] s1) | s1 = bb5 ] + | bb5 = s0 [ s0 = new'0 {_9} (fun (_ret':t_GhostBox'1) -> [ &perm <- _ret' ] s1) | s1 = bb6 ] | bb6 = s0 - [ s0 = v_Root'0 {_13} (fun (rrank'0:UInt64.t) (rvalue'0:t_T'0) -> [ &value <- rvalue'0 ] s1) - | s1 = [ &_0 <- value ] s2 - | s2 = bb9 ] + [ s0 = as_ref'0 {elem.t_Element__0'0} {perm} (fun (_ret':t_Content'0) -> [ &_18 <- _ret' ] s1) | s1 = bb7 ] + + | bb7 = any + [ br0 (x0:UInt64.t) (x1:t_T'0)-> {_18 = C_Root'0 x0 x1} (! bb9) + | br1 (x0:t_Element'0)-> {_18 = C_Link'0 x0} (! bb8) ] + | bb8 = bb11 + | bb11 = bb11 [ bb11 = (! bb12) [ bb12 = bb11 ] ] | bb9 = bb10 - | bb10 = return' {_0} ] + | bb10 = s0 + [ s0 = v_Root'0 {_18} (fun (rrank'0:UInt64.t) (rvalue'0:t_T'0) -> [ &value <- rvalue'0 ] s1) + | s1 = [ &_0 <- value ] s2 + | s2 = bb13 ] + + | bb13 = bb14 + | bb14 = return' {_0} ] ) [ & _0 : t_T'0 = Intrinsic.any_l () | & self : t_UnionFind'0 = self | & elem : t_Element'0 = elem | & map : t_GhostBox'0 = Intrinsic.any_l () | & perm : t_GhostBox'1 = Intrinsic.any_l () - | & _9 : closure3'1 = Intrinsic.any_l () - | & _12 : () = Intrinsic.any_l () - | & _13 : t_Content'0 = Intrinsic.any_l () + | & _9 : t_PtrOwn'0 = Intrinsic.any_l () + | & _10 : t_Option'0 = Intrinsic.any_l () + | & _12 : t_FMap'0 = Intrinsic.any_l () + | & _15 : Snapshot.snap_ty (int) = Intrinsic.any_l () + | & _16 : Snapshot.snap_ty (int) = Intrinsic.any_l () + | & _18 : t_Content'0 = Intrinsic.any_l () | & value : t_T'0 = Intrinsic.any_l () ] [ return' (result:t_T'0)-> {[@expl:get result type invariant] [%#sunion_find3] inv'2 result} @@ -4507,80 +4378,75 @@ module M_union_find__implementation__qyi1944850640244667852__link [#"union_find. let%span sghost20 = "../../../creusot-contracts/src/ghost.rs" 141 27 141 31 let%span sghost21 = "../../../creusot-contracts/src/ghost.rs" 141 4 141 52 let%span sghost22 = "../../../creusot-contracts/src/ghost.rs" 140 14 140 39 - let%span sunion_find23 = "union_find.rs" 290 25 290 66 - let%span sunion_find24 = "union_find.rs" 291 25 291 66 - let%span sptr_own25 = "../../../creusot-contracts/src/ptr_own.rs" 71 34 71 37 - let%span sptr_own26 = "../../../creusot-contracts/src/ptr_own.rs" 68 15 68 31 - let%span sptr_own27 = "../../../creusot-contracts/src/ptr_own.rs" 71 4 71 66 - let%span sptr_own28 = "../../../creusot-contracts/src/ptr_own.rs" 69 14 69 35 - let%span sunion_find29 = "union_find.rs" 299 33 299 78 - let%span sptr_own30 = "../../../creusot-contracts/src/ptr_own.rs" 83 34 83 37 - let%span sptr_own31 = "../../../creusot-contracts/src/ptr_own.rs" 78 15 78 31 - let%span sptr_own32 = "../../../creusot-contracts/src/ptr_own.rs" 83 4 83 74 - let%span sptr_own33 = "../../../creusot-contracts/src/ptr_own.rs" 79 14 79 35 - let%span sptr_own34 = "../../../creusot-contracts/src/ptr_own.rs" 81 14 81 53 - let%span sptr_own35 = "../../../creusot-contracts/src/ptr_own.rs" 82 14 82 52 - let%span smapping36 = "../../../creusot-contracts/src/logic/mapping.rs" 60 8 60 19 - let%span sunion_find37 = "union_find.rs" 320 33 320 78 - let%span sunion_find38 = "union_find.rs" 323 37 323 82 - let%span sunion_find39 = "union_find.rs" 74 15 74 19 - let%span sunion_find40 = "union_find.rs" 75 14 75 32 - let%span sunion_find41 = "union_find.rs" 134 19 134 28 - let%span sunion_find42 = "union_find.rs" 135 18 135 150 - let%span sunion_find43 = "union_find.rs" 132 8 132 16 - let%span sfset44 = "../../../creusot-contracts/src/logic/fset.rs" 47 8 47 26 - let%span sunion_find45 = "union_find.rs" 146 19 146 28 - let%span sunion_find46 = "union_find.rs" 147 18 147 98 - let%span sunion_find47 = "union_find.rs" 144 8 144 16 - let%span sunion_find48 = "union_find.rs" 260 12 260 50 - let%span sunion_find49 = "union_find.rs" 155 19 155 28 - let%span sunion_find50 = "union_find.rs" 156 18 156 106 - let%span sunion_find51 = "union_find.rs" 153 8 153 16 - let%span smodel52 = "../../../creusot-contracts/src/model.rs" 45 8 45 28 - let%span sresolve53 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 - let%span sghost54 = "../../../creusot-contracts/src/ghost.rs" 69 14 69 18 - let%span sghost55 = "../../../creusot-contracts/src/ghost.rs" 69 4 69 36 - let%span sghost56 = "../../../creusot-contracts/src/ghost.rs" 68 14 68 35 - let%span sunion_find57 = "union_find.rs" 31 18 31 46 - let%span sfmap58 = "../../../creusot-contracts/src/logic/fmap.rs" 315 22 315 26 - let%span sfmap59 = "../../../creusot-contracts/src/logic/fmap.rs" 315 28 315 31 - let%span sfmap60 = "../../../creusot-contracts/src/logic/fmap.rs" 315 4 315 50 - let%span sfmap61 = "../../../creusot-contracts/src/logic/fmap.rs" 307 4 314 11 - let%span soption62 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 - let%span sghost63 = "../../../creusot-contracts/src/ghost.rs" 185 15 185 16 - let%span sghost64 = "../../../creusot-contracts/src/ghost.rs" 185 4 185 28 - let%span sghost65 = "../../../creusot-contracts/src/ghost.rs" 183 14 183 28 - let%span sghost66 = "../../../creusot-contracts/src/ghost.rs" 228 9 228 15 - let%span sghost67 = "../../../creusot-contracts/src/ghost.rs" 108 4 108 27 - let%span sghost68 = "../../../creusot-contracts/src/ghost.rs" 85 22 85 26 - let%span sghost69 = "../../../creusot-contracts/src/ghost.rs" 85 4 85 48 - let%span sghost70 = "../../../creusot-contracts/src/ghost.rs" 84 14 84 36 - let%span sfmap71 = "../../../creusot-contracts/src/logic/fmap.rs" 349 30 349 34 - let%span sfmap72 = "../../../creusot-contracts/src/logic/fmap.rs" 349 36 349 39 - let%span sfmap73 = "../../../creusot-contracts/src/logic/fmap.rs" 349 4 349 62 - let%span sfmap74 = "../../../creusot-contracts/src/logic/fmap.rs" 337 4 346 11 - let%span sfmap75 = "../../../creusot-contracts/src/logic/fmap.rs" 347 14 347 89 - let%span sfmap76 = "../../../creusot-contracts/src/logic/fmap.rs" 348 14 348 44 - let%span sunion_find77 = "union_find.rs" 22 8 22 16 - let%span sinvariant78 = "../../../creusot-contracts/src/invariant.rs" 35 20 35 44 - let%span sfmap79 = "../../../creusot-contracts/src/logic/fmap.rs" 133 8 133 35 - let%span sfmap80 = "../../../creusot-contracts/src/logic/fmap.rs" 125 8 125 35 - let%span sresolve81 = "../../../creusot-contracts/src/resolve.rs" 68 8 68 23 - let%span sfmap82 = "../../../creusot-contracts/src/logic/fmap.rs" 104 8 104 26 - let%span sfmap83 = "../../../creusot-contracts/src/logic/fmap.rs" 49 14 49 25 - let%span sutil84 = "../../../creusot-contracts/src/util.rs" 55 11 55 21 - let%span sutil85 = "../../../creusot-contracts/src/util.rs" 56 10 56 28 - let%span sinvariant86 = "../../../creusot-contracts/src/invariant.rs" 25 8 25 18 - let%span sfmap87 = "../../../creusot-contracts/src/logic/fmap.rs" 490 20 490 91 - let%span sfmap88 = "../../../creusot-contracts/src/logic/fmap.rs" 59 14 59 86 - let%span sptr_own89 = "../../../creusot-contracts/src/ptr_own.rs" 44 20 44 66 - let%span sunion_find90 = "union_find.rs" 81 8 81 20 - let%span sboxed91 = "../../../creusot-contracts/src/std/boxed.rs" 33 8 33 18 - let%span sptr92 = "../../../creusot-contracts/src/std/ptr.rs" 80 14 80 48 - let%span sptr93 = "../../../creusot-contracts/src/std/ptr.rs" 82 8 82 30 - let%span sunion_find94 = "union_find.rs" 126 8 126 16 - let%span sfmap95 = "../../../creusot-contracts/src/logic/fmap.rs" 229 8 229 24 - let%span sfmap96 = "../../../creusot-contracts/src/logic/fmap.rs" 117 9 117 31 + let%span sghost23 = "../../../creusot-contracts/src/ghost.rs" 69 14 69 18 + let%span sghost24 = "../../../creusot-contracts/src/ghost.rs" 69 4 69 36 + let%span sghost25 = "../../../creusot-contracts/src/ghost.rs" 68 14 68 35 + let%span sunion_find26 = "union_find.rs" 31 18 31 46 + let%span sfmap27 = "../../../creusot-contracts/src/logic/fmap.rs" 315 22 315 26 + let%span sfmap28 = "../../../creusot-contracts/src/logic/fmap.rs" 315 28 315 31 + let%span sfmap29 = "../../../creusot-contracts/src/logic/fmap.rs" 315 4 315 50 + let%span sfmap30 = "../../../creusot-contracts/src/logic/fmap.rs" 307 4 314 11 + let%span soption31 = "../../../creusot-contracts/src/std/option.rs" 31 0 423 1 + let%span sghost32 = "../../../creusot-contracts/src/ghost.rs" 185 15 185 16 + let%span sghost33 = "../../../creusot-contracts/src/ghost.rs" 185 4 185 28 + let%span sghost34 = "../../../creusot-contracts/src/ghost.rs" 183 14 183 28 + let%span sptr_own35 = "../../../creusot-contracts/src/ptr_own.rs" 71 34 71 37 + let%span sptr_own36 = "../../../creusot-contracts/src/ptr_own.rs" 68 15 68 31 + let%span sptr_own37 = "../../../creusot-contracts/src/ptr_own.rs" 71 4 71 66 + let%span sptr_own38 = "../../../creusot-contracts/src/ptr_own.rs" 69 14 69 35 + let%span sghost39 = "../../../creusot-contracts/src/ghost.rs" 85 22 85 26 + let%span sghost40 = "../../../creusot-contracts/src/ghost.rs" 85 4 85 48 + let%span sghost41 = "../../../creusot-contracts/src/ghost.rs" 84 14 84 36 + let%span sfmap42 = "../../../creusot-contracts/src/logic/fmap.rs" 349 30 349 34 + let%span sfmap43 = "../../../creusot-contracts/src/logic/fmap.rs" 349 36 349 39 + let%span sfmap44 = "../../../creusot-contracts/src/logic/fmap.rs" 349 4 349 62 + let%span sfmap45 = "../../../creusot-contracts/src/logic/fmap.rs" 337 4 346 11 + let%span sfmap46 = "../../../creusot-contracts/src/logic/fmap.rs" 347 14 347 89 + let%span sfmap47 = "../../../creusot-contracts/src/logic/fmap.rs" 348 14 348 44 + let%span sptr_own48 = "../../../creusot-contracts/src/ptr_own.rs" 83 34 83 37 + let%span sptr_own49 = "../../../creusot-contracts/src/ptr_own.rs" 78 15 78 31 + let%span sptr_own50 = "../../../creusot-contracts/src/ptr_own.rs" 83 4 83 74 + let%span sptr_own51 = "../../../creusot-contracts/src/ptr_own.rs" 79 14 79 35 + let%span sptr_own52 = "../../../creusot-contracts/src/ptr_own.rs" 81 14 81 53 + let%span sptr_own53 = "../../../creusot-contracts/src/ptr_own.rs" 82 14 82 52 + let%span smapping54 = "../../../creusot-contracts/src/logic/mapping.rs" 60 8 60 19 + let%span sunion_find55 = "union_find.rs" 74 15 74 19 + let%span sunion_find56 = "union_find.rs" 75 14 75 32 + let%span sunion_find57 = "union_find.rs" 134 19 134 28 + let%span sunion_find58 = "union_find.rs" 135 18 135 150 + let%span sunion_find59 = "union_find.rs" 132 8 132 16 + let%span sfset60 = "../../../creusot-contracts/src/logic/fset.rs" 47 8 47 26 + let%span sunion_find61 = "union_find.rs" 146 19 146 28 + let%span sunion_find62 = "union_find.rs" 147 18 147 98 + let%span sunion_find63 = "union_find.rs" 144 8 144 16 + let%span sunion_find64 = "union_find.rs" 260 12 260 50 + let%span sunion_find65 = "union_find.rs" 155 19 155 28 + let%span sunion_find66 = "union_find.rs" 156 18 156 106 + let%span sunion_find67 = "union_find.rs" 153 8 153 16 + let%span smodel68 = "../../../creusot-contracts/src/model.rs" 45 8 45 28 + let%span sresolve69 = "../../../creusot-contracts/src/resolve.rs" 54 20 54 34 + let%span sunion_find70 = "union_find.rs" 22 8 22 16 + let%span sfmap71 = "../../../creusot-contracts/src/logic/fmap.rs" 133 8 133 35 + let%span sfmap72 = "../../../creusot-contracts/src/logic/fmap.rs" 125 8 125 35 + let%span sghost73 = "../../../creusot-contracts/src/ghost.rs" 228 9 228 15 + let%span sghost74 = "../../../creusot-contracts/src/ghost.rs" 108 4 108 27 + let%span sfmap75 = "../../../creusot-contracts/src/logic/fmap.rs" 104 8 104 26 + let%span sfmap76 = "../../../creusot-contracts/src/logic/fmap.rs" 49 14 49 25 + let%span sinvariant77 = "../../../creusot-contracts/src/invariant.rs" 35 20 35 44 + let%span sutil78 = "../../../creusot-contracts/src/util.rs" 55 11 55 21 + let%span sutil79 = "../../../creusot-contracts/src/util.rs" 56 10 56 28 + let%span sresolve80 = "../../../creusot-contracts/src/resolve.rs" 68 8 68 23 + let%span sfmap81 = "../../../creusot-contracts/src/logic/fmap.rs" 490 20 490 91 + let%span sfmap82 = "../../../creusot-contracts/src/logic/fmap.rs" 59 14 59 86 + let%span sptr_own83 = "../../../creusot-contracts/src/ptr_own.rs" 44 20 44 66 + let%span sinvariant84 = "../../../creusot-contracts/src/invariant.rs" 25 8 25 18 + let%span sptr85 = "../../../creusot-contracts/src/std/ptr.rs" 80 14 80 48 + let%span sptr86 = "../../../creusot-contracts/src/std/ptr.rs" 82 8 82 30 + let%span sunion_find87 = "union_find.rs" 81 8 81 20 + let%span sboxed88 = "../../../creusot-contracts/src/std/boxed.rs" 33 8 33 18 + let%span sunion_find89 = "union_find.rs" 126 8 126 16 + let%span sfmap90 = "../../../creusot-contracts/src/logic/fmap.rs" 229 8 229 24 + let%span sfmap91 = "../../../creusot-contracts/src/logic/fmap.rs" 117 9 117 31 use creusot.prelude.Opaque @@ -4590,10 +4456,10 @@ module M_union_find__implementation__qyi1944850640244667852__link [#"union_find. function addr_logic'0 (self : Opaque.ptr) : int function deep_model'1 [#"union_find.rs" 24 8 24 34] (self : t_Element'0) : int = - [%#sunion_find77] addr_logic'0 self.t_Element__0'0 + [%#sunion_find70] addr_logic'0 self.t_Element__0'0 function deep_model'0 (self : t_Element'0) : int = - [%#smodel52] deep_model'1 self + [%#smodel68] deep_model'1 self let rec eq'0 (self:t_Element'0) (other:t_Element'0) (return' (ret:bool))= any [ return' (result:bool)-> {[%#sunion_find19] result = (deep_model'0 self = deep_model'0 other)} @@ -4640,10 +4506,10 @@ module M_union_find__implementation__qyi1944850640244667852__link [#"union_find. use set.Fset predicate contains'0 [@inline:trivial] (self : Fset.fset (t_Element'0)) (e : t_Element'0) = - [%#sfset44] Fset.mem e self + [%#sfset60] Fset.mem e self function inner_logic'2 (self : t_GhostBox'0) : t_FMap'0 = - [%#sghost66] self.t_GhostBox__0'0 + [%#sghost73] self.t_GhostBox__0'0 use creusot.prelude.Snapshot @@ -4657,33 +4523,33 @@ module M_union_find__implementation__qyi1944850640244667852__link [#"union_find. function view'0 (self : t_FMap'0) : Map.map (Snapshot.snap_ty (int)) (t_Option'2) - axiom view'0_spec : forall self : t_FMap'0 . [%#sfmap88] forall m1 : t_FMap'0, m2 : t_FMap'0 . m1 <> m2 + axiom view'0_spec : forall self : t_FMap'0 . [%#sfmap82] forall m1 : t_FMap'0, m2 : t_FMap'0 . m1 <> m2 -> view'0 m1 <> view'0 m2 use map.Map function get_unsized'0 [@inline:trivial] (self : t_FMap'0) (k : Snapshot.snap_ty (int)) : t_Option'2 = - [%#sfmap82] Map.get (view'0 self) k + [%#sfmap75] Map.get (view'0 self) k function contains'1 [@inline:trivial] (self : t_FMap'0) (k : Snapshot.snap_ty (int)) : bool = - [%#sfmap79] get_unsized'0 self k <> C_None'2 + [%#sfmap71] get_unsized'0 self k <> C_None'2 function unwrap'2 (op : t_Option'2) : t_PtrOwn'0 - axiom unwrap'2_spec : forall op : t_Option'2 . ([%#sutil84] op <> C_None'2) - -> ([%#sutil85] C_Some'2 (unwrap'2 op) = op) + axiom unwrap'2_spec : forall op : t_Option'2 . ([%#sutil78] op <> C_None'2) + -> ([%#sutil79] C_Some'2 (unwrap'2 op) = op) function lookup_unsized'0 [@inline:trivial] (self : t_FMap'0) (k : Snapshot.snap_ty (int)) : t_PtrOwn'0 = - [%#sfmap80] unwrap'2 (get_unsized'0 self k) + [%#sfmap72] unwrap'2 (get_unsized'0 self k) function lookup'0 [@inline:trivial] (self : t_FMap'0) (k : Snapshot.snap_ty (int)) : t_PtrOwn'0 = - [%#sfmap96] lookup_unsized'0 self k + [%#sfmap91] lookup_unsized'0 self k function index_logic'3 [@inline:trivial] (self : t_FMap'0) (key : Snapshot.snap_ty (int)) : t_PtrOwn'0 = - [%#sfmap95] lookup'0 self key + [%#sfmap90] lookup'0 self key function get_perm'0 [#"union_find.rs" 127 8 127 62] (self : t_UnionFind'0) (e : t_Element'0) : t_PtrOwn'0 = - [%#sunion_find94] index_logic'3 (inner_logic'2 self.t_UnionFind__map'0) (Snapshot.new (deep_model'1 e)) + [%#sunion_find89] index_logic'3 (inner_logic'2 self.t_UnionFind__map'0) (Snapshot.new (deep_model'1 e)) function ptr'0 (self : t_PtrOwn'0) : Opaque.ptr @@ -4692,14 +4558,14 @@ module M_union_find__implementation__qyi1944850640244667852__link [#"union_find. use map.Map function index_logic'1 (self : Map.map (t_Element'0) t_T'0) (a : t_Element'0) : t_T'0 = - [%#smapping36] Map.get self a + [%#smapping54] Map.get self a use creusot.prelude.Snapshot use map.Map function index_logic'0 (self : Map.map (t_Element'0) (t_Element'0)) (a : t_Element'0) : t_Element'0 = - [%#smapping36] Map.get self a + [%#smapping54] Map.get self a use creusot.int.UInt64 @@ -4714,14 +4580,14 @@ module M_union_find__implementation__qyi1944850640244667852__link [#"union_find. use map.Map function index_logic'2 (self : Map.map (t_Element'0) (int)) (a : t_Element'0) : int = - [%#smapping36] Map.get self a + [%#smapping54] Map.get self a use mach.int.Int use creusot.prelude.Snapshot - predicate invariant'8 [@inline:trivial] [#"union_find.rs" 84 8 84 34] (self : t_UnionFind'0) = - [%#sunion_find90] let domain = self.t_UnionFind__domain'0 in (forall e1 : t_Element'0, e2 : t_Element'0 . contains'0 (Snapshot.inner domain) e1 + predicate invariant'14 [@inline:trivial] [#"union_find.rs" 84 8 84 34] (self : t_UnionFind'0) = + [%#sunion_find87] let domain = self.t_UnionFind__domain'0 in (forall e1 : t_Element'0, e2 : t_Element'0 . contains'0 (Snapshot.inner domain) e1 /\ contains'0 (Snapshot.inner domain) e2 /\ deep_model'1 e1 = deep_model'1 e2 -> e1 = e2) /\ (forall e : t_Element'0 . contains'0 (Snapshot.inner domain) e -> contains'1 (inner_logic'2 self.t_UnionFind__map'0) (Snapshot.new (deep_model'1 e))) @@ -4759,120 +4625,120 @@ module M_union_find__implementation__qyi1944850640244667852__link [#"union_find. | C_Link'0 _ -> false end) - predicate inv'33 (_1 : Snapshot.snap_ty (int)) + predicate inv'27 (_1 : Snapshot.snap_ty (int)) - axiom inv_axiom'32 [@rewrite] : forall x : Snapshot.snap_ty (int) [inv'33 x] . inv'33 x = true + axiom inv_axiom'26 [@rewrite] : forall x : Snapshot.snap_ty (int) [inv'27 x] . inv'27 x = true function is_null_logic'0 (self : Opaque.ptr) : bool = - [%#sptr93] addr_logic'0 self = 0 + [%#sptr86] addr_logic'0 self = 0 - axiom is_null_logic'0_spec : forall self : Opaque.ptr . [%#sptr92] is_null_logic'0 self = (addr_logic'0 self = 0) + axiom is_null_logic'0_spec : forall self : Opaque.ptr . [%#sptr85] is_null_logic'0 self = (addr_logic'0 self = 0) - predicate inv'31 (_1 : t_T'0) + predicate inv'26 (_1 : t_T'0) - predicate inv'4 (_1 : t_Content'0) + predicate inv'8 (_1 : t_Content'0) - axiom inv_axiom'4 [@rewrite] : forall x : t_Content'0 [inv'4 x] . inv'4 x + axiom inv_axiom'8 [@rewrite] : forall x : t_Content'0 [inv'8 x] . inv'8 x = match x with - | C_Root'0 rank value -> inv'31 value + | C_Root'0 rank value -> inv'26 value | C_Link'0 a_0 -> true end - predicate invariant'20 (self : t_Content'0) = - [%#sboxed91] inv'4 self + predicate invariant'19 (self : t_Content'0) = + [%#sboxed88] inv'8 self - predicate inv'35 (_1 : t_Content'0) + predicate inv'29 (_1 : t_Content'0) - axiom inv_axiom'34 [@rewrite] : forall x : t_Content'0 [inv'35 x] . inv'35 x = invariant'20 x + axiom inv_axiom'28 [@rewrite] : forall x : t_Content'0 [inv'29 x] . inv'29 x = invariant'19 x - predicate invariant'5 (self : t_PtrOwn'0) = - [%#sptr_own89] not is_null_logic'0 (ptr'0 self) /\ inv'35 (val'0 self) + predicate invariant'2 (self : t_PtrOwn'0) = + [%#sptr_own83] not is_null_logic'0 (ptr'0 self) /\ inv'29 (val'0 self) - predicate inv'11 (_1 : t_PtrOwn'0) + predicate inv'5 (_1 : t_PtrOwn'0) - axiom inv_axiom'11 [@rewrite] : forall x : t_PtrOwn'0 [inv'11 x] . inv'11 x = invariant'5 x + axiom inv_axiom'5 [@rewrite] : forall x : t_PtrOwn'0 [inv'5 x] . inv'5 x = invariant'2 x - predicate invariant'19 (self : t_PtrOwn'0) = - [%#sboxed91] inv'11 self + predicate invariant'18 (self : t_PtrOwn'0) = + [%#sboxed88] inv'5 self - predicate inv'34 (_1 : t_PtrOwn'0) + predicate inv'28 (_1 : t_PtrOwn'0) - axiom inv_axiom'33 [@rewrite] : forall x : t_PtrOwn'0 [inv'34 x] . inv'34 x = invariant'19 x + axiom inv_axiom'27 [@rewrite] : forall x : t_PtrOwn'0 [inv'28 x] . inv'28 x = invariant'18 x - predicate invariant'4 (self : t_FMap'0) = - [%#sfmap87] forall k : Snapshot.snap_ty (int) . contains'1 self k -> inv'33 k /\ inv'34 (lookup_unsized'0 self k) + predicate invariant'1 (self : t_FMap'0) = + [%#sfmap81] forall k : Snapshot.snap_ty (int) . contains'1 self k -> inv'27 k /\ inv'28 (lookup_unsized'0 self k) - predicate inv'10 (_1 : t_FMap'0) + predicate inv'4 (_1 : t_FMap'0) - axiom inv_axiom'10 [@rewrite] : forall x : t_FMap'0 [inv'10 x] . inv'10 x = invariant'4 x + axiom inv_axiom'4 [@rewrite] : forall x : t_FMap'0 [inv'4 x] . inv'4 x = invariant'1 x - predicate invariant'9 (self : t_FMap'0) = - [%#sboxed91] inv'10 self + predicate invariant'15 (self : t_FMap'0) = + [%#sboxed88] inv'4 self - predicate inv'19 (_1 : t_FMap'0) + predicate inv'23 (_1 : t_FMap'0) - axiom inv_axiom'19 [@rewrite] : forall x : t_FMap'0 [inv'19 x] . inv'19 x = invariant'9 x + axiom inv_axiom'23 [@rewrite] : forall x : t_FMap'0 [inv'23 x] . inv'23 x = invariant'15 x predicate inv'1 (_1 : t_GhostBox'0) axiom inv_axiom'1 [@rewrite] : forall x : t_GhostBox'0 [inv'1 x] . inv'1 x = match x with - | {t_GhostBox__0'0 = a_0} -> inv'19 a_0 + | {t_GhostBox__0'0 = a_0} -> inv'23 a_0 end - predicate inv'18 (_1 : t_UnionFind'0) + predicate inv'22 (_1 : t_UnionFind'0) - axiom inv_axiom'18 [@rewrite] : forall x : t_UnionFind'0 [inv'18 x] . inv'18 x - = (invariant'8 x + axiom inv_axiom'22 [@rewrite] : forall x : t_UnionFind'0 [inv'22 x] . inv'22 x + = (invariant'14 x /\ match x with | {t_UnionFind__domain'0 = domain ; t_UnionFind__map'0 = map ; t_UnionFind__values'0 = values ; t_UnionFind__distance'0 = distance ; t_UnionFind__root_of'0 = root_of ; t_UnionFind__max_depth'0 = max_depth} -> inv'1 map end) predicate invariant'0 (self : MutBorrow.t (t_UnionFind'0)) = - [%#sinvariant78] inv'18 self.current /\ inv'18 self.final + [%#sinvariant77] inv'22 self.current /\ inv'22 self.final predicate inv'0 (_1 : MutBorrow.t (t_UnionFind'0)) axiom inv_axiom'0 [@rewrite] : forall x : MutBorrow.t (t_UnionFind'0) [inv'0 x] . inv'0 x = invariant'0 x - predicate resolve'5 (self : MutBorrow.t (t_UnionFind'0)) = - [%#sresolve53] self.final = self.current + predicate resolve'7 (self : MutBorrow.t (t_UnionFind'0)) = + [%#sresolve69] self.final = self.current predicate resolve'0 (_1 : MutBorrow.t (t_UnionFind'0)) = - resolve'5 _1 + resolve'7 _1 - predicate invariant'2 (self : MutBorrow.t (t_GhostBox'0)) = - [%#sinvariant78] inv'1 self.current /\ inv'1 self.final + predicate invariant'6 (self : MutBorrow.t (t_GhostBox'0)) = + [%#sinvariant77] inv'1 self.current /\ inv'1 self.final - predicate inv'6 (_1 : MutBorrow.t (t_GhostBox'0)) + predicate inv'10 (_1 : MutBorrow.t (t_GhostBox'0)) - axiom inv_axiom'6 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'0) [inv'6 x] . inv'6 x = invariant'2 x + axiom inv_axiom'10 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'0) [inv'10 x] . inv'10 x = invariant'6 x type t_GhostBox'1 = { t_GhostBox__0'1: MutBorrow.t (t_FMap'0) } - predicate invariant'17 (self : MutBorrow.t (t_FMap'0)) = - [%#sinvariant78] inv'10 self.current /\ inv'10 self.final + predicate invariant'13 (self : MutBorrow.t (t_FMap'0)) = + [%#sinvariant77] inv'4 self.current /\ inv'4 self.final - predicate inv'29 (_1 : MutBorrow.t (t_FMap'0)) + predicate inv'19 (_1 : MutBorrow.t (t_FMap'0)) - axiom inv_axiom'29 [@rewrite] : forall x : MutBorrow.t (t_FMap'0) [inv'29 x] . inv'29 x = invariant'17 x + axiom inv_axiom'19 [@rewrite] : forall x : MutBorrow.t (t_FMap'0) [inv'19 x] . inv'19 x = invariant'13 x - predicate invariant'15 (self : MutBorrow.t (t_FMap'0)) = - [%#sboxed91] inv'29 self + predicate invariant'17 (self : MutBorrow.t (t_FMap'0)) = + [%#sboxed88] inv'19 self - predicate inv'27 (_1 : MutBorrow.t (t_FMap'0)) + predicate inv'25 (_1 : MutBorrow.t (t_FMap'0)) - axiom inv_axiom'27 [@rewrite] : forall x : MutBorrow.t (t_FMap'0) [inv'27 x] . inv'27 x = invariant'15 x + axiom inv_axiom'25 [@rewrite] : forall x : MutBorrow.t (t_FMap'0) [inv'25 x] . inv'25 x = invariant'17 x predicate inv'3 (_1 : t_GhostBox'1) axiom inv_axiom'3 [@rewrite] : forall x : t_GhostBox'1 [inv'3 x] . inv'3 x = match x with - | {t_GhostBox__0'1 = a_0} -> inv'27 a_0 + | {t_GhostBox__0'1 = a_0} -> inv'25 a_0 end - let rec borrow_mut'0 (self:MutBorrow.t (t_GhostBox'0)) (return' (ret:t_GhostBox'1))= {[@expl:borrow_mut 'self' type invariant] [%#sghost20] inv'6 self} + let rec borrow_mut'0 (self:MutBorrow.t (t_GhostBox'0)) (return' (ret:t_GhostBox'1))= {[@expl:borrow_mut 'self' type invariant] [%#sghost20] inv'10 self} any [ return' (result:t_GhostBox'1)-> {[%#sghost21] inv'3 result} {[%#sghost22] result.t_GhostBox__0'1 @@ -4880,67 +4746,67 @@ module M_union_find__implementation__qyi1944850640244667852__link [#"union_find. (! return' {result}) ] - predicate invariant'10 (self : t_GhostBox'1) = - [%#sinvariant86] inv'3 self + predicate invariant'7 (self : t_GhostBox'1) = + [%#sinvariant84] inv'3 self - predicate inv'20 (_1 : t_GhostBox'1) + predicate inv'11 (_1 : t_GhostBox'1) - axiom inv_axiom'20 [@rewrite] : forall x : t_GhostBox'1 [inv'20 x] . inv'20 x = invariant'10 x + axiom inv_axiom'11 [@rewrite] : forall x : t_GhostBox'1 [inv'11 x] . inv'11 x = invariant'7 x - predicate invariant'11 (self : MutBorrow.t (t_FMap'0)) = - [%#sinvariant86] inv'29 self + predicate invariant'8 (self : MutBorrow.t (t_FMap'0)) = + [%#sinvariant84] inv'19 self - predicate inv'21 (_1 : MutBorrow.t (t_FMap'0)) + predicate inv'12 (_1 : MutBorrow.t (t_FMap'0)) - axiom inv_axiom'21 [@rewrite] : forall x : MutBorrow.t (t_FMap'0) [inv'21 x] . inv'21 x = invariant'11 x + axiom inv_axiom'12 [@rewrite] : forall x : MutBorrow.t (t_FMap'0) [inv'12 x] . inv'12 x = invariant'8 x - let rec deref'0 (self:t_GhostBox'1) (return' (ret:MutBorrow.t (t_FMap'0)))= {[@expl:deref 'self' type invariant] [%#sghost54] inv'20 self} + let rec deref'0 (self:t_GhostBox'1) (return' (ret:MutBorrow.t (t_FMap'0)))= {[@expl:deref 'self' type invariant] [%#sghost23] inv'11 self} any - [ return' (result:MutBorrow.t (t_FMap'0))-> {[%#sghost55] inv'21 result} - {[%#sghost56] self.t_GhostBox__0'1 = result} + [ return' (result:MutBorrow.t (t_FMap'0))-> {[%#sghost24] inv'12 result} + {[%#sghost25] self.t_GhostBox__0'1 = result} (! return' {result}) ] let rec addr'0 (self:t_Element'0) (return' (ret:Snapshot.snap_ty (int)))= any - [ return' (result:Snapshot.snap_ty (int))-> {[%#sunion_find57] Snapshot.inner result = deep_model'1 self} + [ return' (result:Snapshot.snap_ty (int))-> {[%#sunion_find26] Snapshot.inner result = deep_model'1 self} (! return' {result}) ] - predicate invariant'12 (self : t_FMap'0) = - [%#sinvariant86] inv'10 self + predicate invariant'9 (self : t_FMap'0) = + [%#sinvariant84] inv'4 self - predicate inv'22 (_1 : t_FMap'0) + predicate inv'13 (_1 : t_FMap'0) - axiom inv_axiom'22 [@rewrite] : forall x : t_FMap'0 [inv'22 x] . inv'22 x = invariant'12 x + axiom inv_axiom'13 [@rewrite] : forall x : t_FMap'0 [inv'13 x] . inv'13 x = invariant'9 x - predicate inv'23 (_1 : Snapshot.snap_ty (int)) + predicate inv'14 (_1 : Snapshot.snap_ty (int)) - axiom inv_axiom'23 [@rewrite] : forall x : Snapshot.snap_ty (int) [inv'23 x] . inv'23 x = true + axiom inv_axiom'14 [@rewrite] : forall x : Snapshot.snap_ty (int) [inv'14 x] . inv'14 x = true type t_Option'0 = | C_None'0 | C_Some'0 (t_PtrOwn'0) - predicate invariant'13 (self : t_PtrOwn'0) = - [%#sinvariant86] inv'11 self + predicate invariant'10 (self : t_PtrOwn'0) = + [%#sinvariant84] inv'5 self - predicate inv'25 (_1 : t_PtrOwn'0) + predicate inv'16 (_1 : t_PtrOwn'0) - axiom inv_axiom'25 [@rewrite] : forall x : t_PtrOwn'0 [inv'25 x] . inv'25 x = invariant'13 x + axiom inv_axiom'16 [@rewrite] : forall x : t_PtrOwn'0 [inv'16 x] . inv'16 x = invariant'10 x - predicate inv'24 (_1 : t_Option'0) + predicate inv'15 (_1 : t_Option'0) - axiom inv_axiom'24 [@rewrite] : forall x : t_Option'0 [inv'24 x] . inv'24 x + axiom inv_axiom'15 [@rewrite] : forall x : t_Option'0 [inv'15 x] . inv'15 x = match x with | C_None'0 -> true - | C_Some'0 a_0 -> inv'25 a_0 + | C_Some'0 a_0 -> inv'16 a_0 end - let rec get_ghost'0 (self:t_FMap'0) (key:Snapshot.snap_ty (int)) (return' (ret:t_Option'0))= {[@expl:get_ghost 'self' type invariant] [%#sfmap58] inv'22 self} - {[@expl:get_ghost 'key' type invariant] [%#sfmap59] inv'23 key} + let rec get_ghost'0 (self:t_FMap'0) (key:Snapshot.snap_ty (int)) (return' (ret:t_Option'0))= {[@expl:get_ghost 'self' type invariant] [%#sfmap27] inv'13 self} + {[@expl:get_ghost 'key' type invariant] [%#sfmap28] inv'14 key} any - [ return' (result:t_Option'0)-> {[%#sfmap60] inv'24 result} - {[%#sfmap61] if contains'1 self key then + [ return' (result:t_Option'0)-> {[%#sfmap29] inv'15 result} + {[%#sfmap30] if contains'1 self key then match result with | C_None'0 -> false | C_Some'0 r -> lookup_unsized'0 self key = r @@ -4951,138 +4817,78 @@ module M_union_find__implementation__qyi1944850640244667852__link [#"union_find. (! return' {result}) ] - let rec unwrap'0 (self:t_Option'0) (return' (ret:t_PtrOwn'0))= {[@expl:unwrap 'self' type invariant] inv'24 self} - {[@expl:unwrap requires] [%#soption62] self <> C_None'0} - any [ return' (result:t_PtrOwn'0)-> {inv'25 result} {[%#soption62] C_Some'0 result = self} (! return' {result}) ] + let rec unwrap'0 (self:t_Option'0) (return' (ret:t_PtrOwn'0))= {[@expl:unwrap 'self' type invariant] inv'15 self} + {[@expl:unwrap requires] [%#soption31] self <> C_None'0} + any [ return' (result:t_PtrOwn'0)-> {inv'16 result} {[%#soption31] C_Some'0 result = self} (! return' {result}) ] type t_GhostBox'2 = { t_GhostBox__0'2: t_PtrOwn'0 } - predicate invariant'14 (self : t_PtrOwn'0) = - [%#sboxed91] inv'25 self + predicate invariant'16 (self : t_PtrOwn'0) = + [%#sboxed88] inv'16 self - predicate inv'26 (_1 : t_PtrOwn'0) + predicate inv'24 (_1 : t_PtrOwn'0) - axiom inv_axiom'26 [@rewrite] : forall x : t_PtrOwn'0 [inv'26 x] . inv'26 x = invariant'14 x + axiom inv_axiom'24 [@rewrite] : forall x : t_PtrOwn'0 [inv'24 x] . inv'24 x = invariant'16 x predicate inv'2 (_1 : t_GhostBox'2) axiom inv_axiom'2 [@rewrite] : forall x : t_GhostBox'2 [inv'2 x] . inv'2 x = match x with - | {t_GhostBox__0'2 = a_0} -> inv'26 a_0 + | {t_GhostBox__0'2 = a_0} -> inv'24 a_0 end - let rec new'0 (x:t_PtrOwn'0) (return' (ret:t_GhostBox'2))= {[@expl:new 'x' type invariant] [%#sghost63] inv'25 x} + let rec new'0 (x:t_PtrOwn'0) (return' (ret:t_GhostBox'2))= {[@expl:new 'x' type invariant] [%#sghost32] inv'16 x} any - [ return' (result:t_GhostBox'2)-> {[%#sghost64] inv'2 result} - {[%#sghost65] result.t_GhostBox__0'2 = x} + [ return' (result:t_GhostBox'2)-> {[%#sghost33] inv'2 result} + {[%#sghost34] result.t_GhostBox__0'2 = x} (! return' {result}) ] - use creusot.prelude.Intrinsic - - type closure9'1 = - { field_0'0: t_GhostBox'1; field_1'0: t_Element'0 } - - predicate inv'7 (_1 : closure9'1) - - axiom inv_axiom'7 [@rewrite] : forall x : closure9'1 [inv'7 x] . inv'7 x - = (let {field_0'0 = x0 ; field_1'0 = x1} = x in inv'20 x0) - - let rec closure9'0[#"union_find.rs" 290 25 290 66] [@coma:extspec] (_1:closure9'1) (return' (ret:t_GhostBox'2))= bb0 - [ bb0 = s0 [ s0 = deref'0 {_1.field_0'0} (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_5 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = addr'0 {_1.field_1'0} (fun (_ret':Snapshot.snap_ty (int)) -> [ &_9 <- _ret' ] s1) | s1 = bb2 ] - | bb2 = s0 - [ s0 = [ &_8 <- _9 ] s1 - | s1 = get_ghost'0 {_5.current} {_8} (fun (_ret':t_Option'0) -> [ &_3 <- _ret' ] s2) - | s2 = bb3 ] - - | bb3 = s0 [ s0 = unwrap'0 {_3} (fun (_ret':t_PtrOwn'0) -> [ &_2 <- _ret' ] s1) | s1 = bb4 ] - | bb4 = s0 [ s0 = new'0 {_2} (fun (_ret':t_GhostBox'2) -> [ &_0 <- _ret' ] s1) | s1 = bb5 ] - | bb5 = return' {_0} ] - - [ & _0 : t_GhostBox'2 = Intrinsic.any_l () - | & _1 : closure9'1 = _1 - | & _2 : t_PtrOwn'0 = Intrinsic.any_l () - | & _3 : t_Option'0 = Intrinsic.any_l () - | & _5 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () - | & _8 : Snapshot.snap_ty (int) = Intrinsic.any_l () - | & _9 : Snapshot.snap_ty (int) = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'2)-> return' {result} ] - - type closure10'1 = - { field_0'1: t_GhostBox'1; field_1'1: t_Element'0 } - - predicate inv'8 (_1 : closure10'1) - - axiom inv_axiom'8 [@rewrite] : forall x : closure10'1 [inv'8 x] . inv'8 x - = (let {field_0'1 = x0 ; field_1'1 = x1} = x in inv'20 x0) - - let rec closure10'0[#"union_find.rs" 291 25 291 66] [@coma:extspec] (_1:closure10'1) (return' (ret:t_GhostBox'2))= bb0 - [ bb0 = s0 [ s0 = deref'0 {_1.field_0'1} (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_5 <- _ret' ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = addr'0 {_1.field_1'1} (fun (_ret':Snapshot.snap_ty (int)) -> [ &_9 <- _ret' ] s1) | s1 = bb2 ] - | bb2 = s0 - [ s0 = [ &_8 <- _9 ] s1 - | s1 = get_ghost'0 {_5.current} {_8} (fun (_ret':t_Option'0) -> [ &_3 <- _ret' ] s2) - | s2 = bb3 ] - - | bb3 = s0 [ s0 = unwrap'0 {_3} (fun (_ret':t_PtrOwn'0) -> [ &_2 <- _ret' ] s1) | s1 = bb4 ] - | bb4 = s0 [ s0 = new'0 {_2} (fun (_ret':t_GhostBox'2) -> [ &_0 <- _ret' ] s1) | s1 = bb5 ] - | bb5 = return' {_0} ] - - [ & _0 : t_GhostBox'2 = Intrinsic.any_l () - | & _1 : closure10'1 = _1 - | & _2 : t_PtrOwn'0 = Intrinsic.any_l () - | & _3 : t_Option'0 = Intrinsic.any_l () - | & _5 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () - | & _8 : Snapshot.snap_ty (int) = Intrinsic.any_l () - | & _9 : Snapshot.snap_ty (int) = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'2)-> return' {result} ] - function inner_logic'0 (self : t_GhostBox'2) : t_PtrOwn'0 = - [%#sghost66] self.t_GhostBox__0'2 + [%#sghost73] self.t_GhostBox__0'2 - predicate invariant'3 (self : t_Content'0) = - [%#sinvariant86] inv'4 self + predicate invariant'11 (self : t_Content'0) = + [%#sinvariant84] inv'8 self - predicate inv'9 (_1 : t_Content'0) + predicate inv'17 (_1 : t_Content'0) - axiom inv_axiom'9 [@rewrite] : forall x : t_Content'0 [inv'9 x] . inv'9 x = invariant'3 x + axiom inv_axiom'17 [@rewrite] : forall x : t_Content'0 [inv'17 x] . inv'17 x = invariant'11 x - let rec as_ref'0 (ptr:Opaque.ptr) (own:t_GhostBox'2) (return' (ret:t_Content'0))= {[@expl:as_ref 'own' type invariant] [%#sptr_own25] inv'2 own} - {[@expl:as_ref requires] [%#sptr_own26] ptr = ptr'0 (inner_logic'0 own)} + let rec as_ref'0 (ptr:Opaque.ptr) (own:t_GhostBox'2) (return' (ret:t_Content'0))= {[@expl:as_ref 'own' type invariant] [%#sptr_own35] inv'2 own} + {[@expl:as_ref requires] [%#sptr_own36] ptr = ptr'0 (inner_logic'0 own)} any - [ return' (result:t_Content'0)-> {[%#sptr_own27] inv'9 result} - {[%#sptr_own28] result = val'0 (inner_logic'0 own)} + [ return' (result:t_Content'0)-> {[%#sptr_own37] inv'17 result} + {[%#sptr_own38] result = val'0 (inner_logic'0 own)} (! return' {result}) ] - predicate resolve'20 (_1 : t_PtrOwn'0) = + predicate resolve'16 (_1 : t_PtrOwn'0) = true - predicate resolve'15 (self : t_PtrOwn'0) = - [%#sresolve81] resolve'20 self + predicate resolve'14 (self : t_PtrOwn'0) = + [%#sresolve80] resolve'16 self - predicate resolve'6 (self : t_GhostBox'2) = - [%#sghost67] resolve'15 self.t_GhostBox__0'2 + predicate resolve'8 (self : t_GhostBox'2) = + [%#sghost74] resolve'14 self.t_GhostBox__0'2 predicate resolve'1 (_1 : t_GhostBox'2) = - resolve'6 _1 + resolve'8 _1 - predicate resolve'23 (self : MutBorrow.t (t_FMap'0)) = - [%#sresolve53] self.final = self.current + predicate resolve'18 (self : MutBorrow.t (t_FMap'0)) = + [%#sresolve69] self.final = self.current - predicate resolve'21 (_1 : MutBorrow.t (t_FMap'0)) = - resolve'23 _1 + predicate resolve'17 (_1 : MutBorrow.t (t_FMap'0)) = + resolve'18 _1 - predicate resolve'16 (self : MutBorrow.t (t_FMap'0)) = - [%#sresolve81] resolve'21 self + predicate resolve'15 (self : MutBorrow.t (t_FMap'0)) = + [%#sresolve80] resolve'17 self - predicate resolve'7 (self : t_GhostBox'1) = - [%#sghost67] resolve'16 self.t_GhostBox__0'1 + predicate resolve'9 (self : t_GhostBox'1) = + [%#sghost74] resolve'15 self.t_GhostBox__0'1 predicate resolve'2 (_1 : t_GhostBox'1) = - resolve'7 _1 + resolve'9 _1 let rec v_Root'0 (input:t_Content'0) (ret (rank:UInt64.t) (value:t_T'0))= any [ good (rank:UInt64.t) (value:t_T'0)-> {C_Root'0 rank value = input} (! ret {rank} {value}) @@ -5091,24 +4897,24 @@ module M_union_find__implementation__qyi1944850640244667852__link [#"union_find. any) ] - predicate invariant'16 (self : MutBorrow.t (t_GhostBox'1)) = - [%#sinvariant78] inv'3 self.current /\ inv'3 self.final + predicate invariant'12 (self : MutBorrow.t (t_GhostBox'1)) = + [%#sinvariant77] inv'3 self.current /\ inv'3 self.final - predicate inv'28 (_1 : MutBorrow.t (t_GhostBox'1)) + predicate inv'18 (_1 : MutBorrow.t (t_GhostBox'1)) - axiom inv_axiom'28 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'1) [inv'28 x] . inv'28 x = invariant'16 x + axiom inv_axiom'18 [@rewrite] : forall x : MutBorrow.t (t_GhostBox'1) [inv'18 x] . inv'18 x = invariant'12 x - predicate invariant'6 (self : MutBorrow.t (MutBorrow.t (t_FMap'0))) = - [%#sinvariant78] inv'29 self.current /\ inv'29 self.final + predicate invariant'3 (self : MutBorrow.t (MutBorrow.t (t_FMap'0))) = + [%#sinvariant77] inv'19 self.current /\ inv'19 self.final - predicate inv'12 (_1 : MutBorrow.t (MutBorrow.t (t_FMap'0))) + predicate inv'6 (_1 : MutBorrow.t (MutBorrow.t (t_FMap'0))) - axiom inv_axiom'12 [@rewrite] : forall x : MutBorrow.t (MutBorrow.t (t_FMap'0)) [inv'12 x] . inv'12 x = invariant'6 x + axiom inv_axiom'6 [@rewrite] : forall x : MutBorrow.t (MutBorrow.t (t_FMap'0)) [inv'6 x] . inv'6 x = invariant'3 x - let rec deref_mut'0 (self:MutBorrow.t (t_GhostBox'1)) (return' (ret:MutBorrow.t (MutBorrow.t (t_FMap'0))))= {[@expl:deref_mut 'self' type invariant] [%#sghost68] inv'28 self} + let rec deref_mut'0 (self:MutBorrow.t (t_GhostBox'1)) (return' (ret:MutBorrow.t (MutBorrow.t (t_FMap'0))))= {[@expl:deref_mut 'self' type invariant] [%#sghost39] inv'18 self} any - [ return' (result:MutBorrow.t (MutBorrow.t (t_FMap'0)))-> {[%#sghost69] inv'12 result} - {[%#sghost70] result + [ return' (result:MutBorrow.t (MutBorrow.t (t_FMap'0)))-> {[%#sghost40] inv'6 result} + {[%#sghost41] result = MutBorrow.borrow_logic (self.current).t_GhostBox__0'1 (self.final).t_GhostBox__0'1 (MutBorrow.inherit_id (MutBorrow.get_id self) 1)} (! return' {result}) ] @@ -5117,30 +4923,30 @@ module M_union_find__implementation__qyi1944850640244667852__link [#"union_find. | C_None'1 | C_Some'1 (MutBorrow.t (t_PtrOwn'0)) - predicate invariant'7 (self : MutBorrow.t (t_PtrOwn'0)) = - [%#sinvariant78] inv'11 self.current /\ inv'11 self.final + predicate invariant'4 (self : MutBorrow.t (t_PtrOwn'0)) = + [%#sinvariant77] inv'5 self.current /\ inv'5 self.final - predicate inv'13 (_1 : MutBorrow.t (t_PtrOwn'0)) + predicate inv'7 (_1 : MutBorrow.t (t_PtrOwn'0)) - axiom inv_axiom'13 [@rewrite] : forall x : MutBorrow.t (t_PtrOwn'0) [inv'13 x] . inv'13 x = invariant'7 x + axiom inv_axiom'7 [@rewrite] : forall x : MutBorrow.t (t_PtrOwn'0) [inv'7 x] . inv'7 x = invariant'4 x - predicate inv'30 (_1 : t_Option'1) + predicate inv'20 (_1 : t_Option'1) - axiom inv_axiom'30 [@rewrite] : forall x : t_Option'1 [inv'30 x] . inv'30 x + axiom inv_axiom'20 [@rewrite] : forall x : t_Option'1 [inv'20 x] . inv'20 x = match x with | C_None'1 -> true - | C_Some'1 a_0 -> inv'13 a_0 + | C_Some'1 a_0 -> inv'7 a_0 end function len'0 (self : t_FMap'0) : int - axiom len'0_spec : forall self : t_FMap'0 . [%#sfmap83] len'0 self >= 0 + axiom len'0_spec : forall self : t_FMap'0 . [%#sfmap76] len'0 self >= 0 - let rec get_mut_ghost'0 (self:MutBorrow.t (t_FMap'0)) (key:Snapshot.snap_ty (int)) (return' (ret:t_Option'1))= {[@expl:get_mut_ghost 'self' type invariant] [%#sfmap71] inv'29 self} - {[@expl:get_mut_ghost 'key' type invariant] [%#sfmap72] inv'23 key} + let rec get_mut_ghost'0 (self:MutBorrow.t (t_FMap'0)) (key:Snapshot.snap_ty (int)) (return' (ret:t_Option'1))= {[@expl:get_mut_ghost 'self' type invariant] [%#sfmap42] inv'19 self} + {[@expl:get_mut_ghost 'key' type invariant] [%#sfmap43] inv'14 key} any - [ return' (result:t_Option'1)-> {[%#sfmap73] inv'30 result} - {[%#sfmap74] if contains'1 self.current key then + [ return' (result:t_Option'1)-> {[%#sfmap44] inv'20 result} + {[%#sfmap45] if contains'1 self.current key then match result with | C_None'1 -> false | C_Some'1 r -> contains'1 self.final key @@ -5149,160 +4955,81 @@ module M_union_find__implementation__qyi1944850640244667852__link [#"union_find. else result = C_None'1 /\ self.current = self.final } - {[%#sfmap75] forall k : Snapshot.snap_ty (int) . k <> key + {[%#sfmap46] forall k : Snapshot.snap_ty (int) . k <> key -> get_unsized'0 self.current k = get_unsized'0 self.final k} - {[%#sfmap76] len'0 self.current = len'0 self.final} + {[%#sfmap47] len'0 self.current = len'0 self.final} (! return' {result}) ] - let rec unwrap'1 (self:t_Option'1) (return' (ret:MutBorrow.t (t_PtrOwn'0)))= {[@expl:unwrap 'self' type invariant] inv'30 self} - {[@expl:unwrap requires] [%#soption62] self <> C_None'1} + let rec unwrap'1 (self:t_Option'1) (return' (ret:MutBorrow.t (t_PtrOwn'0)))= {[@expl:unwrap 'self' type invariant] inv'20 self} + {[@expl:unwrap requires] [%#soption31] self <> C_None'1} any - [ return' (result:MutBorrow.t (t_PtrOwn'0))-> {inv'13 result} - {[%#soption62] C_Some'1 result = self} + [ return' (result:MutBorrow.t (t_PtrOwn'0))-> {inv'7 result} + {[%#soption31] C_Some'1 result = self} (! return' {result}) ] type t_GhostBox'3 = { t_GhostBox__0'3: MutBorrow.t (t_PtrOwn'0) } - predicate invariant'18 (self : MutBorrow.t (t_PtrOwn'0)) = - [%#sboxed91] inv'13 self + predicate invariant'20 (self : MutBorrow.t (t_PtrOwn'0)) = + [%#sboxed88] inv'7 self - predicate inv'32 (_1 : MutBorrow.t (t_PtrOwn'0)) + predicate inv'30 (_1 : MutBorrow.t (t_PtrOwn'0)) - axiom inv_axiom'31 [@rewrite] : forall x : MutBorrow.t (t_PtrOwn'0) [inv'32 x] . inv'32 x = invariant'18 x + axiom inv_axiom'29 [@rewrite] : forall x : MutBorrow.t (t_PtrOwn'0) [inv'30 x] . inv'30 x = invariant'20 x - predicate inv'15 (_1 : t_GhostBox'3) + predicate inv'21 (_1 : t_GhostBox'3) - axiom inv_axiom'15 [@rewrite] : forall x : t_GhostBox'3 [inv'15 x] . inv'15 x + axiom inv_axiom'21 [@rewrite] : forall x : t_GhostBox'3 [inv'21 x] . inv'21 x = match x with - | {t_GhostBox__0'3 = a_0} -> inv'32 a_0 + | {t_GhostBox__0'3 = a_0} -> inv'30 a_0 end - let rec new'1 (x:MutBorrow.t (t_PtrOwn'0)) (return' (ret:t_GhostBox'3))= {[@expl:new 'x' type invariant] [%#sghost63] inv'13 x} + let rec new'1 (x:MutBorrow.t (t_PtrOwn'0)) (return' (ret:t_GhostBox'3))= {[@expl:new 'x' type invariant] [%#sghost32] inv'7 x} any - [ return' (result:t_GhostBox'3)-> {[%#sghost64] inv'15 result} - {[%#sghost65] result.t_GhostBox__0'3 = x} + [ return' (result:t_GhostBox'3)-> {[%#sghost33] inv'21 result} + {[%#sghost34] result.t_GhostBox__0'3 = x} (! return' {result}) ] - predicate resolve'17 (self : MutBorrow.t (MutBorrow.t (t_FMap'0))) = - [%#sresolve53] self.final = self.current - - predicate resolve'8 (_1 : MutBorrow.t (MutBorrow.t (t_FMap'0))) = - resolve'17 _1 + predicate resolve'10 (self : MutBorrow.t (MutBorrow.t (t_FMap'0))) = + [%#sresolve69] self.final = self.current - predicate resolve'18 (self : MutBorrow.t (t_PtrOwn'0)) = - [%#sresolve53] self.final = self.current - - predicate resolve'9 (_1 : MutBorrow.t (t_PtrOwn'0)) = - resolve'18 _1 - - type closure11'1 = - { field_0'2: MutBorrow.t (t_GhostBox'1); field_1'2: t_Element'0 } - - predicate inv'14 (_1 : closure11'1) - - axiom inv_axiom'14 [@rewrite] : forall x : closure11'1 [inv'14 x] . inv'14 x - = (let {field_0'2 = x0 ; field_1'2 = x1} = x in inv'28 x0) - - predicate resolve'22 (self : MutBorrow.t (t_GhostBox'1)) = - [%#sresolve53] self.final = self.current - - predicate resolve'19 (_1 : MutBorrow.t (t_GhostBox'1)) = - resolve'22 _1 + predicate resolve'3 (_1 : MutBorrow.t (MutBorrow.t (t_FMap'0))) = + resolve'10 _1 - predicate resolve'10 (_1 : closure11'1) = - resolve'19 _1.field_0'2 + predicate resolve'11 (self : MutBorrow.t (t_PtrOwn'0)) = + [%#sresolve69] self.final = self.current - let rec closure11'0[#"union_find.rs" 299 33 299 78] [@coma:extspec] (_1:closure11'1) (return' (ret:t_GhostBox'3))= bb0 - [ bb0 = s0 - [ s0 = {inv'3 (_1.field_0'2).current} - MutBorrow.borrow_final {(_1.field_0'2).current} {MutBorrow.get_id _1.field_0'2} - (fun (_ret':MutBorrow.t (t_GhostBox'1)) -> - [ &_7 <- _ret' ] - -{inv'3 _ret'.final}- - [ &_1 <- { _1 with field_0'2 = { _1.field_0'2 with current = _ret'.final } } ] - s1) - | s1 = deref_mut'0 {_7} (fun (_ret':MutBorrow.t (MutBorrow.t (t_FMap'0))) -> [ &_6 <- _ret' ] s2) - | s2 = bb1 ] - - | bb1 = s0 - [ s0 = {inv'10 (_6.current).current} - MutBorrow.borrow_mut {(_6.current).current} - (fun (_ret':MutBorrow.t (t_FMap'0)) -> - [ &_5 <- _ret' ] - -{inv'10 _ret'.final}- - [ &_6 <- { _6 with current = { _6.current with current = _ret'.final } } ] - s1) - | s1 = addr'0 {_1.field_1'2} (fun (_ret':Snapshot.snap_ty (int)) -> [ &_10 <- _ret' ] s2) - | s2 = bb2 ] - - | bb2 = s0 - [ s0 = [ &_9 <- _10 ] s1 - | s1 = get_mut_ghost'0 {_5} {_9} (fun (_ret':t_Option'1) -> [ &_4 <- _ret' ] s2) - | s2 = bb3 ] - - | bb3 = s0 [ s0 = unwrap'1 {_4} (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> [ &_3 <- _ret' ] s1) | s1 = bb4 ] - | bb4 = s0 - [ s0 = {inv'11 _3.current} - MutBorrow.borrow_final {_3.current} {MutBorrow.get_id _3} - (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> - [ &_2 <- _ret' ] - -{inv'11 _ret'.final}- - [ &_3 <- { _3 with current = _ret'.final } ] - s1) - | s1 = new'1 {_2} (fun (_ret':t_GhostBox'3) -> [ &_0 <- _ret' ] s2) - | s2 = bb5 ] - - | bb5 = s0 - [ s0 = {[@expl:type invariant] inv'12 _6} s1 - | s1 = -{resolve'8 _6}- s2 - | s2 = {[@expl:type invariant] inv'13 _3} s3 - | s3 = -{resolve'9 _3}- s4 - | s4 = {[@expl:type invariant] inv'14 _1} s5 - | s5 = -{resolve'10 _1}- s6 - | s6 = return' {_0} ] - ] - - [ & _0 : t_GhostBox'3 = Intrinsic.any_l () - | & _1 : closure11'1 = _1 - | & _2 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () - | & _3 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () - | & _4 : t_Option'1 = Intrinsic.any_l () - | & _5 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () - | & _6 : MutBorrow.t (MutBorrow.t (t_FMap'0)) = Intrinsic.any_l () - | & _7 : MutBorrow.t (t_GhostBox'1) = Intrinsic.any_l () - | & _9 : Snapshot.snap_ty (int) = Intrinsic.any_l () - | & _10 : Snapshot.snap_ty (int) = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'3)-> return' {result} ] + predicate resolve'4 (_1 : MutBorrow.t (t_PtrOwn'0)) = + resolve'11 _1 function inner_logic'1 (self : t_GhostBox'3) : MutBorrow.t (t_PtrOwn'0) = - [%#sghost66] self.t_GhostBox__0'3 + [%#sghost73] self.t_GhostBox__0'3 - predicate invariant'1 (self : MutBorrow.t (t_Content'0)) = - [%#sinvariant78] inv'4 self.current /\ inv'4 self.final + predicate invariant'5 (self : MutBorrow.t (t_Content'0)) = + [%#sinvariant77] inv'8 self.current /\ inv'8 self.final - predicate inv'5 (_1 : MutBorrow.t (t_Content'0)) + predicate inv'9 (_1 : MutBorrow.t (t_Content'0)) - axiom inv_axiom'5 [@rewrite] : forall x : MutBorrow.t (t_Content'0) [inv'5 x] . inv'5 x = invariant'1 x + axiom inv_axiom'9 [@rewrite] : forall x : MutBorrow.t (t_Content'0) [inv'9 x] . inv'9 x = invariant'5 x - let rec as_mut'0 (ptr:Opaque.ptr) (own:t_GhostBox'3) (return' (ret:MutBorrow.t (t_Content'0)))= {[@expl:as_mut 'own' type invariant] [%#sptr_own30] inv'15 own} - {[@expl:as_mut requires] [%#sptr_own31] ptr = ptr'0 (inner_logic'1 own).current} + let rec as_mut'0 (ptr:Opaque.ptr) (own:t_GhostBox'3) (return' (ret:MutBorrow.t (t_Content'0)))= {[@expl:as_mut 'own' type invariant] [%#sptr_own48] inv'21 own} + {[@expl:as_mut requires] [%#sptr_own49] ptr = ptr'0 (inner_logic'1 own).current} any - [ return' (result:MutBorrow.t (t_Content'0))-> {[%#sptr_own32] inv'5 result} - {[%#sptr_own33] result.current = val'0 (inner_logic'1 own).current} - {[%#sptr_own34] ptr'0 (inner_logic'1 own).final = ptr'0 (inner_logic'1 own).current} - {[%#sptr_own35] val'0 (inner_logic'1 own).final = result.final} + [ return' (result:MutBorrow.t (t_Content'0))-> {[%#sptr_own50] inv'9 result} + {[%#sptr_own51] result.current = val'0 (inner_logic'1 own).current} + {[%#sptr_own52] ptr'0 (inner_logic'1 own).final = ptr'0 (inner_logic'1 own).current} + {[%#sptr_own53] val'0 (inner_logic'1 own).final = result.final} (! return' {result}) ] - predicate resolve'11 (self : MutBorrow.t (t_Content'0)) = - [%#sresolve53] self.final = self.current + predicate resolve'12 (self : MutBorrow.t (t_Content'0)) = + [%#sresolve69] self.final = self.current - predicate resolve'3 (_1 : MutBorrow.t (t_Content'0)) = - resolve'11 _1 + predicate resolve'5 (_1 : MutBorrow.t (t_Content'0)) = + resolve'12 _1 use creusot.prelude.Mapping @@ -5318,192 +5045,48 @@ module M_union_find__implementation__qyi1944850640244667852__link [#"union_find. use creusot.prelude.Snapshot - type closure16'1 = - { field_0'3: MutBorrow.t (t_GhostBox'1); field_1'3: t_Element'0 } - - predicate inv'16 (_1 : closure16'1) - - axiom inv_axiom'16 [@rewrite] : forall x : closure16'1 [inv'16 x] . inv'16 x - = (let {field_0'3 = x0 ; field_1'3 = x1} = x in inv'28 x0) - - predicate resolve'12 (_1 : closure16'1) = - resolve'19 _1.field_0'3 - - let rec closure16'0[#"union_find.rs" 320 33 320 78] [@coma:extspec] (_1:closure16'1) (return' (ret:t_GhostBox'3))= bb0 - [ bb0 = s0 - [ s0 = {inv'3 (_1.field_0'3).current} - MutBorrow.borrow_final {(_1.field_0'3).current} {MutBorrow.get_id _1.field_0'3} - (fun (_ret':MutBorrow.t (t_GhostBox'1)) -> - [ &_7 <- _ret' ] - -{inv'3 _ret'.final}- - [ &_1 <- { _1 with field_0'3 = { _1.field_0'3 with current = _ret'.final } } ] - s1) - | s1 = deref_mut'0 {_7} (fun (_ret':MutBorrow.t (MutBorrow.t (t_FMap'0))) -> [ &_6 <- _ret' ] s2) - | s2 = bb1 ] - - | bb1 = s0 - [ s0 = {inv'10 (_6.current).current} - MutBorrow.borrow_mut {(_6.current).current} - (fun (_ret':MutBorrow.t (t_FMap'0)) -> - [ &_5 <- _ret' ] - -{inv'10 _ret'.final}- - [ &_6 <- { _6 with current = { _6.current with current = _ret'.final } } ] - s1) - | s1 = addr'0 {_1.field_1'3} (fun (_ret':Snapshot.snap_ty (int)) -> [ &_10 <- _ret' ] s2) - | s2 = bb2 ] - - | bb2 = s0 - [ s0 = [ &_9 <- _10 ] s1 - | s1 = get_mut_ghost'0 {_5} {_9} (fun (_ret':t_Option'1) -> [ &_4 <- _ret' ] s2) - | s2 = bb3 ] - - | bb3 = s0 [ s0 = unwrap'1 {_4} (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> [ &_3 <- _ret' ] s1) | s1 = bb4 ] - | bb4 = s0 - [ s0 = {inv'11 _3.current} - MutBorrow.borrow_final {_3.current} {MutBorrow.get_id _3} - (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> - [ &_2 <- _ret' ] - -{inv'11 _ret'.final}- - [ &_3 <- { _3 with current = _ret'.final } ] - s1) - | s1 = new'1 {_2} (fun (_ret':t_GhostBox'3) -> [ &_0 <- _ret' ] s2) - | s2 = bb5 ] - - | bb5 = s0 - [ s0 = {[@expl:type invariant] inv'12 _6} s1 - | s1 = -{resolve'8 _6}- s2 - | s2 = {[@expl:type invariant] inv'13 _3} s3 - | s3 = -{resolve'9 _3}- s4 - | s4 = {[@expl:type invariant] inv'16 _1} s5 - | s5 = -{resolve'12 _1}- s6 - | s6 = return' {_0} ] - ] - - [ & _0 : t_GhostBox'3 = Intrinsic.any_l () - | & _1 : closure16'1 = _1 - | & _2 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () - | & _3 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () - | & _4 : t_Option'1 = Intrinsic.any_l () - | & _5 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () - | & _6 : MutBorrow.t (MutBorrow.t (t_FMap'0)) = Intrinsic.any_l () - | & _7 : MutBorrow.t (t_GhostBox'1) = Intrinsic.any_l () - | & _9 : Snapshot.snap_ty (int) = Intrinsic.any_l () - | & _10 : Snapshot.snap_ty (int) = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'3)-> return' {result} ] - - type closure17'1 = - { field_0'4: MutBorrow.t (t_GhostBox'1); field_1'4: t_Element'0 } - - predicate inv'17 (_1 : closure17'1) - - axiom inv_axiom'17 [@rewrite] : forall x : closure17'1 [inv'17 x] . inv'17 x - = (let {field_0'4 = x0 ; field_1'4 = x1} = x in inv'28 x0) - - predicate resolve'13 (_1 : closure17'1) = - resolve'19 _1.field_0'4 - - let rec closure17'0[#"union_find.rs" 323 37 323 82] [@coma:extspec] (_1:closure17'1) (return' (ret:t_GhostBox'3))= bb0 - [ bb0 = s0 - [ s0 = {inv'3 (_1.field_0'4).current} - MutBorrow.borrow_final {(_1.field_0'4).current} {MutBorrow.get_id _1.field_0'4} - (fun (_ret':MutBorrow.t (t_GhostBox'1)) -> - [ &_7 <- _ret' ] - -{inv'3 _ret'.final}- - [ &_1 <- { _1 with field_0'4 = { _1.field_0'4 with current = _ret'.final } } ] - s1) - | s1 = deref_mut'0 {_7} (fun (_ret':MutBorrow.t (MutBorrow.t (t_FMap'0))) -> [ &_6 <- _ret' ] s2) - | s2 = bb1 ] - - | bb1 = s0 - [ s0 = {inv'10 (_6.current).current} - MutBorrow.borrow_mut {(_6.current).current} - (fun (_ret':MutBorrow.t (t_FMap'0)) -> - [ &_5 <- _ret' ] - -{inv'10 _ret'.final}- - [ &_6 <- { _6 with current = { _6.current with current = _ret'.final } } ] - s1) - | s1 = addr'0 {_1.field_1'4} (fun (_ret':Snapshot.snap_ty (int)) -> [ &_10 <- _ret' ] s2) - | s2 = bb2 ] - - | bb2 = s0 - [ s0 = [ &_9 <- _10 ] s1 - | s1 = get_mut_ghost'0 {_5} {_9} (fun (_ret':t_Option'1) -> [ &_4 <- _ret' ] s2) - | s2 = bb3 ] - - | bb3 = s0 [ s0 = unwrap'1 {_4} (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> [ &_3 <- _ret' ] s1) | s1 = bb4 ] - | bb4 = s0 - [ s0 = {inv'11 _3.current} - MutBorrow.borrow_final {_3.current} {MutBorrow.get_id _3} - (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> - [ &_2 <- _ret' ] - -{inv'11 _ret'.final}- - [ &_3 <- { _3 with current = _ret'.final } ] - s1) - | s1 = new'1 {_2} (fun (_ret':t_GhostBox'3) -> [ &_0 <- _ret' ] s2) - | s2 = bb5 ] - - | bb5 = s0 - [ s0 = {[@expl:type invariant] inv'12 _6} s1 - | s1 = -{resolve'8 _6}- s2 - | s2 = {[@expl:type invariant] inv'13 _3} s3 - | s3 = -{resolve'9 _3}- s4 - | s4 = {[@expl:type invariant] inv'17 _1} s5 - | s5 = -{resolve'13 _1}- s6 - | s6 = return' {_0} ] - ] - - [ & _0 : t_GhostBox'3 = Intrinsic.any_l () - | & _1 : closure17'1 = _1 - | & _2 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () - | & _3 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () - | & _4 : t_Option'1 = Intrinsic.any_l () - | & _5 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () - | & _6 : MutBorrow.t (MutBorrow.t (t_FMap'0)) = Intrinsic.any_l () - | & _7 : MutBorrow.t (t_GhostBox'1) = Intrinsic.any_l () - | & _9 : Snapshot.snap_ty (int) = Intrinsic.any_l () - | & _10 : Snapshot.snap_ty (int) = Intrinsic.any_l () ] - [ return' (result:t_GhostBox'3)-> return' {result} ] - use creusot.int.UInt64 - let rec add_no_overflow'0 (x:UInt64.t) (y:UInt64.t) (return' (ret:UInt64.t))= {[@expl:add_no_overflow requires] [%#sunion_find39] true} + let rec add_no_overflow'0 (x:UInt64.t) (y:UInt64.t) (return' (ret:UInt64.t))= {[@expl:add_no_overflow requires] [%#sunion_find55] true} any - [ return' (result:UInt64.t)-> {[%#sunion_find40] UInt64.t'int result = UInt64.t'int x + UInt64.t'int y} + [ return' (result:UInt64.t)-> {[%#sunion_find56] UInt64.t'int result = UInt64.t'int x + UInt64.t'int y} (! return' {result}) ] - predicate resolve'14 (self : MutBorrow.t UInt64.t) = - [%#sresolve53] self.final = self.current + predicate resolve'13 (self : MutBorrow.t UInt64.t) = + [%#sresolve69] self.final = self.current - predicate resolve'4 (_1 : MutBorrow.t UInt64.t) = - resolve'14 _1 + predicate resolve'6 (_1 : MutBorrow.t UInt64.t) = + resolve'13 _1 use creusot.prelude.Mapping use creusot.prelude.Mapping + use creusot.prelude.Intrinsic + function domain'0 [#"union_find.rs" 136 8 136 47] (self : t_UnionFind'0) : Fset.fset (t_Element'0) = - [%#sunion_find43] Snapshot.inner self.t_UnionFind__domain'0 + [%#sunion_find59] Snapshot.inner self.t_UnionFind__domain'0 - axiom domain'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find41] inv'18 self) - -> ([%#sunion_find42] forall e1 : t_Element'0, e2 : t_Element'0 . contains'0 (domain'0 self) e1 + axiom domain'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find57] inv'22 self) + -> ([%#sunion_find58] forall e1 : t_Element'0, e2 : t_Element'0 . contains'0 (domain'0 self) e1 /\ contains'0 (domain'0 self) e2 /\ deep_model'1 e1 = deep_model'1 e2 -> e1 = e2) function root_of'0 [#"union_find.rs" 148 8 148 63] (self : t_UnionFind'0) : Map.map (t_Element'0) (t_Element'0) = - [%#sunion_find47] Snapshot.inner self.t_UnionFind__root_of'0 + [%#sunion_find63] Snapshot.inner self.t_UnionFind__root_of'0 - axiom root_of'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find45] inv'18 self) - -> ([%#sunion_find46] forall e : t_Element'0 . contains'0 (Snapshot.inner self.t_UnionFind__domain'0) e + axiom root_of'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find61] inv'22 self) + -> ([%#sunion_find62] forall e : t_Element'0 . contains'0 (Snapshot.inner self.t_UnionFind__domain'0) e -> index_logic'0 (root_of'0 self) e = index_logic'0 (root_of'0 self) (index_logic'0 (root_of'0 self) e)) predicate equiv_log'0 [#"union_find.rs" 259 8 259 68] (self : t_UnionFind'0) (x : t_Element'0) (y : t_Element'0) = - [%#sunion_find48] index_logic'0 (root_of'0 self) x = index_logic'0 (root_of'0 self) y + [%#sunion_find64] index_logic'0 (root_of'0 self) x = index_logic'0 (root_of'0 self) y function values'0 [#"union_find.rs" 157 8 157 53] (self : t_UnionFind'0) : Map.map (t_Element'0) t_T'0 = - [%#sunion_find51] Snapshot.inner self.t_UnionFind__values'0 + [%#sunion_find67] Snapshot.inner self.t_UnionFind__values'0 - axiom values'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find49] inv'18 self) - -> ([%#sunion_find50] forall e : t_Element'0 . contains'0 (Snapshot.inner self.t_UnionFind__domain'0) e + axiom values'0_spec : forall self : t_UnionFind'0 . ([%#sunion_find65] inv'22 self) + -> ([%#sunion_find66] forall e : t_Element'0 . contains'0 (Snapshot.inner self.t_UnionFind__domain'0) e -> index_logic'1 (values'0 self) e = index_logic'1 (values'0 self) (index_logic'0 (root_of'0 self) e)) meta "compute_max_steps" 1000000 @@ -5517,7 +5100,7 @@ module M_union_find__implementation__qyi1944850640244667852__link [#"union_find. [ bb0 = s0 [ s0 = eq'0 {x} {y} (fun (_ret':bool) -> [ &_14 <- _ret' ] s1) | s1 = bb1 ] | bb1 = any [ br0 -> {_14 = false} (! bb3) | br1 -> {_14} (! bb2) ] | bb2 = s0 - [ s0 = {[@expl:type invariant] inv'0 self} s1 | s1 = -{resolve'0 self}- s2 | s2 = [ &_0 <- x ] s3 | s3 = bb52 ] + [ s0 = {[@expl:type invariant] inv'0 self} s1 | s1 = -{resolve'0 self}- s2 | s2 = [ &_0 <- x ] s3 | s3 = bb72 ] | bb3 = s0 [ s0 = {inv'1 (self.current).t_UnionFind__map'0} @@ -5533,24 +5116,32 @@ module M_union_find__implementation__qyi1944850640244667852__link [#"union_find. | s1 = borrow_mut'0 {_19} (fun (_ret':t_GhostBox'1) -> [ &map <- _ret' ] s2) | s2 = bb4 ] - | bb4 = s0 - [ s0 = [ &_21 <- { field_0'0 = map; field_1'0 = x } ] s1 - | s1 = closure9'0 {_21} (fun (_ret':t_GhostBox'2) -> [ &perm_x <- _ret' ] s2) - | s2 = bb5 ] - - | bb5 = s0 - [ s0 = [ &_26 <- { field_0'1 = map; field_1'1 = y } ] s1 - | s1 = closure10'0 {_26} (fun (_ret':t_GhostBox'2) -> [ &perm_y <- _ret' ] s2) - | s2 = bb6 ] - + | bb4 = s0 [ s0 = deref'0 {map} (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_24 <- _ret' ] s1) | s1 = bb5 ] + | bb5 = s0 [ s0 = addr'0 {x} (fun (_ret':Snapshot.snap_ty (int)) -> [ &_28 <- _ret' ] s1) | s1 = bb6 ] | bb6 = s0 - [ s0 = as_ref'0 {x.t_Element__0'0} {perm_x} (fun (_ret':t_Content'0) -> [ &_33 <- _ret' ] s1) | s1 = bb7 ] + [ s0 = [ &_27 <- _28 ] s1 + | s1 = get_ghost'0 {_24.current} {_27} (fun (_ret':t_Option'0) -> [ &_22 <- _ret' ] s2) + | s2 = bb7 ] + + | bb7 = s0 [ s0 = unwrap'0 {_22} (fun (_ret':t_PtrOwn'0) -> [ &_21 <- _ret' ] s1) | s1 = bb8 ] + | bb8 = s0 [ s0 = new'0 {_21} (fun (_ret':t_GhostBox'2) -> [ &perm_x <- _ret' ] s1) | s1 = bb9 ] + | bb9 = s0 [ s0 = deref'0 {map} (fun (_ret':MutBorrow.t (t_FMap'0)) -> [ &_34 <- _ret' ] s1) | s1 = bb10 ] + | bb10 = s0 [ s0 = addr'0 {y} (fun (_ret':Snapshot.snap_ty (int)) -> [ &_38 <- _ret' ] s1) | s1 = bb11 ] + | bb11 = s0 + [ s0 = [ &_37 <- _38 ] s1 + | s1 = get_ghost'0 {_34.current} {_37} (fun (_ret':t_Option'0) -> [ &_32 <- _ret' ] s2) + | s2 = bb12 ] - | bb7 = any - [ br0 (x0:UInt64.t) (x1:t_T'0)-> {_33 = C_Root'0 x0 x1} (! bb8) - | br1 (x0:t_Element'0)-> {_33 = C_Link'0 x0} (! bb10) ] + | bb12 = s0 [ s0 = unwrap'0 {_32} (fun (_ret':t_PtrOwn'0) -> [ &_31 <- _ret' ] s1) | s1 = bb13 ] + | bb13 = s0 [ s0 = new'0 {_31} (fun (_ret':t_GhostBox'2) -> [ &perm_y <- _ret' ] s1) | s1 = bb14 ] + | bb14 = s0 + [ s0 = as_ref'0 {x.t_Element__0'0} {perm_x} (fun (_ret':t_Content'0) -> [ &_43 <- _ret' ] s1) | s1 = bb15 ] - | bb10 = s0 + | bb15 = any + [ br0 (x0:UInt64.t) (x1:t_T'0)-> {_43 = C_Root'0 x0 x1} (! bb16) + | br1 (x0:t_Element'0)-> {_43 = C_Link'0 x0} (! bb18) ] + + | bb18 = s0 [ s0 = {[@expl:type invariant] inv'2 perm_y} s1 | s1 = -{resolve'1 perm_y}- s2 | s2 = {[@expl:type invariant] inv'3 map} s3 @@ -5559,65 +5150,96 @@ module M_union_find__implementation__qyi1944850640244667852__link [#"union_find. | s5 = -{resolve'0 self}- s6 | s6 = {false} any ] - | bb8 = bb9 - | bb9 = s0 - [ s0 = v_Root'0 {_33} (fun (rrank'0:UInt64.t) (rvalue'0:t_T'0) -> [ &rx <- rrank'0 ] s1) - | s1 = v_Root'0 {_33} (fun (rrank'1:UInt64.t) (rvalue'1:t_T'0) -> [ &vx <- rvalue'1 ] s2) - | s2 = as_ref'0 {y.t_Element__0'0} {perm_y} (fun (_ret':t_Content'0) -> [ &_40 <- _ret' ] s3) - | s3 = bb11 ] + | bb16 = bb17 + | bb17 = s0 + [ s0 = v_Root'0 {_43} (fun (rrank'0:UInt64.t) (rvalue'0:t_T'0) -> [ &rx <- rrank'0 ] s1) + | s1 = v_Root'0 {_43} (fun (rrank'1:UInt64.t) (rvalue'1:t_T'0) -> [ &vx <- rvalue'1 ] s2) + | s2 = as_ref'0 {y.t_Element__0'0} {perm_y} (fun (_ret':t_Content'0) -> [ &_50 <- _ret' ] s3) + | s3 = bb19 ] - | bb11 = any - [ br0 (x0:UInt64.t) (x1:t_T'0)-> {_40 = C_Root'0 x0 x1} (! bb12) - | br1 (x0:t_Element'0)-> {_40 = C_Link'0 x0} (! bb14) ] + | bb19 = any + [ br0 (x0:UInt64.t) (x1:t_T'0)-> {_50 = C_Root'0 x0 x1} (! bb20) + | br1 (x0:t_Element'0)-> {_50 = C_Link'0 x0} (! bb22) ] - | bb14 = s0 + | bb22 = s0 [ s0 = {[@expl:type invariant] inv'3 map} s1 | s1 = -{resolve'2 map}- s2 | s2 = {[@expl:type invariant] inv'0 self} s3 | s3 = -{resolve'0 self}- s4 | s4 = {false} any ] - | bb12 = bb13 - | bb13 = s0 - [ s0 = v_Root'0 {_40} (fun (rrank'0:UInt64.t) (rvalue'0:t_T'0) -> [ &ry <- rrank'0 ] s1) - | s1 = v_Root'0 {_40} (fun (rrank'1:UInt64.t) (rvalue'1:t_T'0) -> [ &vy <- rvalue'1 ] s2) - | s2 = UInt64.lt {rx} {ry} (fun (_ret':bool) -> [ &_44 <- _ret' ] s3) - | s3 = any [ br0 -> {_44 = false} (! bb26) | br1 -> {_44} (! bb15) ] ] + | bb20 = bb21 + | bb21 = s0 + [ s0 = v_Root'0 {_50} (fun (rrank'0:UInt64.t) (rvalue'0:t_T'0) -> [ &ry <- rrank'0 ] s1) + | s1 = v_Root'0 {_50} (fun (rrank'1:UInt64.t) (rvalue'1:t_T'0) -> [ &vy <- rvalue'1 ] s2) + | s2 = UInt64.lt {rx} {ry} (fun (_ret':bool) -> [ &_54 <- _ret' ] s3) + | s3 = any [ br0 -> {_54 = false} (! bb38) | br1 -> {_54} (! bb23) ] ] - | bb15 = s0 + | bb23 = s0 [ s0 = {inv'3 map} MutBorrow.borrow_mut {map} (fun (_ret':MutBorrow.t (t_GhostBox'1)) -> - [ &_49 <- _ret' ] + [ &_63 <- _ret' ] -{inv'3 _ret'.final}- [ &map <- _ret'.final ] s1) - | s1 = [ &_48 <- { field_0'2 = _49; field_1'2 = x } ] s2 - | s2 = closure11'0 {_48} (fun (_ret':t_GhostBox'3) -> [ &perm_mut_x <- _ret' ] s3) - | s3 = bb16 ] + | s1 = deref_mut'0 {_63} (fun (_ret':MutBorrow.t (MutBorrow.t (t_FMap'0))) -> [ &_62 <- _ret' ] s2) + | s2 = bb24 ] - | bb16 = s0 - [ s0 = [ &_52 <- C_Link'0 y ] s1 - | s1 = as_mut'0 {x.t_Element__0'0} {perm_mut_x} (fun (_ret':MutBorrow.t (t_Content'0)) -> [ &_54 <- _ret' ] s2) - | s2 = bb17 ] + | bb24 = s0 + [ s0 = {inv'4 (_62.current).current} + MutBorrow.borrow_mut {(_62.current).current} + (fun (_ret':MutBorrow.t (t_FMap'0)) -> + [ &_61 <- _ret' ] + -{inv'4 _ret'.final}- + [ &_62 <- { _62 with current = { _62.current with current = _ret'.final } } ] + s1) + | s1 = addr'0 {x} (fun (_ret':Snapshot.snap_ty (int)) -> [ &_66 <- _ret' ] s2) + | s2 = bb25 ] - | bb17 = bb18 - | bb18 = s0 - [ s0 = {[@expl:type invariant] match _54 with - | {current = x'0} -> inv'4 x'0 + | bb25 = s0 + [ s0 = [ &_65 <- _66 ] s1 + | s1 = get_mut_ghost'0 {_61} {_65} (fun (_ret':t_Option'1) -> [ &_60 <- _ret' ] s2) + | s2 = bb26 ] + + | bb26 = s0 [ s0 = unwrap'1 {_60} (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> [ &_59 <- _ret' ] s1) | s1 = bb27 ] + | bb27 = s0 + [ s0 = {inv'5 _59.current} + MutBorrow.borrow_final {_59.current} {MutBorrow.get_id _59} + (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> + [ &_58 <- _ret' ] + -{inv'5 _ret'.final}- + [ &_59 <- { _59 with current = _ret'.final } ] + s1) + | s1 = new'1 {_58} (fun (_ret':t_GhostBox'3) -> [ &perm_mut_x <- _ret' ] s2) + | s2 = bb28 ] + + | bb28 = s0 + [ s0 = {[@expl:type invariant] inv'6 _62} s1 + | s1 = -{resolve'3 _62}- s2 + | s2 = {[@expl:type invariant] inv'7 _59} s3 + | s3 = -{resolve'4 _59}- s4 + | s4 = [ &_68 <- C_Link'0 y ] s5 + | s5 = as_mut'0 {x.t_Element__0'0} {perm_mut_x} (fun (_ret':MutBorrow.t (t_Content'0)) -> [ &_70 <- _ret' ] s6) + | s6 = bb29 ] + + | bb29 = bb30 + | bb30 = s0 + [ s0 = {[@expl:type invariant] match _70 with + | {current = x'0} -> inv'8 x'0 | _ -> true end} s1 - | s1 = [ &_54 <- { _54 with current = _52 } ] s2 - | s2 = {[@expl:type invariant] inv'5 _54} s3 - | s3 = -{resolve'3 _54}- s4 + | s1 = [ &_70 <- { _70 with current = _68 } ] s2 + | s2 = {[@expl:type invariant] inv'9 _70} s3 + | s3 = -{resolve'5 _70}- s4 | s4 = {[@expl:type invariant] inv'3 map} s5 | s5 = -{resolve'2 map}- s6 - | s6 = bb20 ] + | s6 = bb32 ] - | bb20 = s0 + | bb32 = s0 [ s0 = - [ &_57 <- [%#sunion_find0] Snapshot.new (Mapping.from_fn (fun (z : t_Element'0) -> if index_logic'0 (Snapshot.inner (self.current).t_UnionFind__root_of'0) z + [ &_73 <- [%#sunion_find0] Snapshot.new (Mapping.from_fn (fun (z : t_Element'0) -> if index_logic'0 (Snapshot.inner (self.current).t_UnionFind__root_of'0) z = x then y else @@ -5625,12 +5247,12 @@ module M_union_find__implementation__qyi1944850640244667852__link [#"union_find. )) ] s1 - | s1 = bb21 ] + | s1 = bb33 ] - | bb21 = s0 - [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__root_of'0 = _57 } } ] s1 + | bb33 = s0 + [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__root_of'0 = _73 } } ] s1 | s1 = - [ &_59 <- [%#sunion_find1] Snapshot.new (Mapping.from_fn (fun (z : t_Element'0) -> if index_logic'0 (Snapshot.inner (self.current).t_UnionFind__root_of'0) z + [ &_75 <- [%#sunion_find1] Snapshot.new (Mapping.from_fn (fun (z : t_Element'0) -> if index_logic'0 (Snapshot.inner (self.current).t_UnionFind__root_of'0) z = y then vy else @@ -5638,117 +5260,179 @@ module M_union_find__implementation__qyi1944850640244667852__link [#"union_find. )) ] s2 - | s2 = bb22 ] + | s2 = bb34 ] - | bb22 = s0 - [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__values'0 = _59 } } ] s1 - | s1 = [ &_61 <- [%#sunion_find2] Snapshot.new (Snapshot.inner (self.current).t_UnionFind__max_depth'0 + 1) ] s2 - | s2 = bb23 ] + | bb34 = s0 + [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__values'0 = _75 } } ] s1 + | s1 = [ &_77 <- [%#sunion_find2] Snapshot.new (Snapshot.inner (self.current).t_UnionFind__max_depth'0 + 1) ] s2 + | s2 = bb35 ] - | bb23 = s0 - [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__max_depth'0 = _61 } } ] s1 + | bb35 = s0 + [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__max_depth'0 = _77 } } ] s1 | s1 = - [ &_63 <- [%#sunion_find3] Snapshot.new (Map.set (Snapshot.inner (self.current).t_UnionFind__distance'0) y (1 + [ &_79 <- [%#sunion_find3] Snapshot.new (Map.set (Snapshot.inner (self.current).t_UnionFind__distance'0) y (1 + MinMax.max (index_logic'2 (Snapshot.inner (self.current).t_UnionFind__distance'0) x) (index_logic'2 (Snapshot.inner (self.current).t_UnionFind__distance'0) y))) ] s2 - | s2 = bb24 ] + | s2 = bb36 ] - | bb24 = s0 - [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__distance'0 = _63 } } ] s1 + | bb36 = s0 + [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__distance'0 = _79 } } ] s1 | s1 = {[@expl:type invariant] inv'0 self} s2 | s2 = -{resolve'0 self}- s3 | s3 = [ &_0 <- y ] s4 - | s4 = bb25 ] + | s4 = bb37 ] - | bb25 = bb48 - | bb26 = s0 + | bb37 = bb68 + | bb38 = s0 [ s0 = {inv'3 map} MutBorrow.borrow_mut {map} (fun (_ret':MutBorrow.t (t_GhostBox'1)) -> - [ &_67 <- _ret' ] + [ &_87 <- _ret' ] -{inv'3 _ret'.final}- [ &map <- _ret'.final ] s1) - | s1 = [ &_66 <- { field_0'3 = _67; field_1'3 = y } ] s2 - | s2 = closure16'0 {_66} (fun (_ret':t_GhostBox'3) -> [ &perm_mut_y <- _ret' ] s3) - | s3 = bb27 ] + | s1 = deref_mut'0 {_87} (fun (_ret':MutBorrow.t (MutBorrow.t (t_FMap'0))) -> [ &_86 <- _ret' ] s2) + | s2 = bb39 ] - | bb27 = s0 - [ s0 = [ &_70 <- C_Link'0 x ] s1 - | s1 = as_mut'0 {y.t_Element__0'0} {perm_mut_y} (fun (_ret':MutBorrow.t (t_Content'0)) -> [ &_72 <- _ret' ] s2) - | s2 = bb28 ] + | bb39 = s0 + [ s0 = {inv'4 (_86.current).current} + MutBorrow.borrow_mut {(_86.current).current} + (fun (_ret':MutBorrow.t (t_FMap'0)) -> + [ &_85 <- _ret' ] + -{inv'4 _ret'.final}- + [ &_86 <- { _86 with current = { _86.current with current = _ret'.final } } ] + s1) + | s1 = addr'0 {y} (fun (_ret':Snapshot.snap_ty (int)) -> [ &_90 <- _ret' ] s2) + | s2 = bb40 ] + + | bb40 = s0 + [ s0 = [ &_89 <- _90 ] s1 + | s1 = get_mut_ghost'0 {_85} {_89} (fun (_ret':t_Option'1) -> [ &_84 <- _ret' ] s2) + | s2 = bb41 ] - | bb28 = bb29 - | bb29 = s0 - [ s0 = {[@expl:type invariant] match _72 with - | {current = x'0} -> inv'4 x'0 + | bb41 = s0 [ s0 = unwrap'1 {_84} (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> [ &_83 <- _ret' ] s1) | s1 = bb42 ] + | bb42 = s0 + [ s0 = {inv'5 _83.current} + MutBorrow.borrow_final {_83.current} {MutBorrow.get_id _83} + (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> + [ &_82 <- _ret' ] + -{inv'5 _ret'.final}- + [ &_83 <- { _83 with current = _ret'.final } ] + s1) + | s1 = new'1 {_82} (fun (_ret':t_GhostBox'3) -> [ &perm_mut_y <- _ret' ] s2) + | s2 = bb43 ] + + | bb43 = s0 + [ s0 = {[@expl:type invariant] inv'6 _86} s1 + | s1 = -{resolve'3 _86}- s2 + | s2 = {[@expl:type invariant] inv'7 _83} s3 + | s3 = -{resolve'4 _83}- s4 + | s4 = [ &_92 <- C_Link'0 x ] s5 + | s5 = as_mut'0 {y.t_Element__0'0} {perm_mut_y} (fun (_ret':MutBorrow.t (t_Content'0)) -> [ &_94 <- _ret' ] s6) + | s6 = bb44 ] + + | bb44 = bb45 + | bb45 = s0 + [ s0 = {[@expl:type invariant] match _94 with + | {current = x'0} -> inv'8 x'0 | _ -> true end} s1 - | s1 = [ &_72 <- { _72 with current = _70 } ] s2 - | s2 = {[@expl:type invariant] inv'5 _72} s3 - | s3 = -{resolve'3 _72}- s4 - | s4 = bb31 ] + | s1 = [ &_94 <- { _94 with current = _92 } ] s2 + | s2 = {[@expl:type invariant] inv'9 _94} s3 + | s3 = -{resolve'5 _94}- s4 + | s4 = bb47 ] - | bb31 = s0 - [ s0 = UInt64.eq {rx} {ry} (fun (_ret':bool) -> [ &_76 <- _ret' ] s1) - | s1 = any [ br0 -> {_76 = false} (! bb41) | br1 -> {_76} (! bb32) ] ] + | bb47 = s0 + [ s0 = UInt64.eq {rx} {ry} (fun (_ret':bool) -> [ &_98 <- _ret' ] s1) + | s1 = any [ br0 -> {_98 = false} (! bb61) | br1 -> {_98} (! bb48) ] ] - | bb32 = s0 + | bb48 = s0 [ s0 = {inv'3 map} MutBorrow.borrow_mut {map} (fun (_ret':MutBorrow.t (t_GhostBox'1)) -> - [ &_81 <- _ret' ] + [ &_107 <- _ret' ] -{inv'3 _ret'.final}- [ &map <- _ret'.final ] s1) - | s1 = [ &_80 <- { field_0'4 = _81; field_1'4 = x } ] s2 - | s2 = closure17'0 {_80} (fun (_ret':t_GhostBox'3) -> [ &perm_mut_x1 <- _ret' ] s3) - | s3 = bb33 ] + | s1 = deref_mut'0 {_107} (fun (_ret':MutBorrow.t (MutBorrow.t (t_FMap'0))) -> [ &_106 <- _ret' ] s2) + | s2 = bb49 ] - | bb33 = s0 - [ s0 = as_mut'0 {x.t_Element__0'0} {perm_mut_x1} (fun (_ret':MutBorrow.t (t_Content'0)) -> [ &_84 <- _ret' ] s1) - | s1 = bb34 ] - - | bb34 = any - [ br0 (x0:UInt64.t) (x1:t_T'0)-> {_84.current = C_Root'0 x0 x1} (! bb36) - | br1 (x0:t_Element'0)-> {_84.current = C_Link'0 x0} (! bb35) ] - - | bb35 = s0 - [ s0 = {[@expl:type invariant] inv'5 _84} s1 - | s1 = -{resolve'3 _84}- s2 + | bb49 = s0 + [ s0 = {inv'4 (_106.current).current} + MutBorrow.borrow_mut {(_106.current).current} + (fun (_ret':MutBorrow.t (t_FMap'0)) -> + [ &_105 <- _ret' ] + -{inv'4 _ret'.final}- + [ &_106 <- { _106 with current = { _106.current with current = _ret'.final } } ] + s1) + | s1 = addr'0 {x} (fun (_ret':Snapshot.snap_ty (int)) -> [ &_110 <- _ret' ] s2) + | s2 = bb50 ] + + | bb50 = s0 + [ s0 = [ &_109 <- _110 ] s1 + | s1 = get_mut_ghost'0 {_105} {_109} (fun (_ret':t_Option'1) -> [ &_104 <- _ret' ] s2) + | s2 = bb51 ] + + | bb51 = s0 [ s0 = unwrap'1 {_104} (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> [ &_103 <- _ret' ] s1) | s1 = bb52 ] + | bb52 = s0 + [ s0 = {inv'5 _103.current} + MutBorrow.borrow_final {_103.current} {MutBorrow.get_id _103} + (fun (_ret':MutBorrow.t (t_PtrOwn'0)) -> + [ &_102 <- _ret' ] + -{inv'5 _ret'.final}- + [ &_103 <- { _103 with current = _ret'.final } ] + s1) + | s1 = new'1 {_102} (fun (_ret':t_GhostBox'3) -> [ &perm_mut_x1 <- _ret' ] s2) + | s2 = bb53 ] + + | bb53 = s0 + [ s0 = {[@expl:type invariant] inv'6 _106} s1 + | s1 = -{resolve'3 _106}- s2 + | s2 = {[@expl:type invariant] inv'7 _103} s3 + | s3 = -{resolve'4 _103}- s4 + | s4 = as_mut'0 {x.t_Element__0'0} {perm_mut_x1} (fun (_ret':MutBorrow.t (t_Content'0)) -> [ &_112 <- _ret' ] s5) + | s5 = bb54 ] + + | bb54 = any + [ br0 (x0:UInt64.t) (x1:t_T'0)-> {_112.current = C_Root'0 x0 x1} (! bb56) + | br1 (x0:t_Element'0)-> {_112.current = C_Link'0 x0} (! bb55) ] + + | bb55 = s0 + [ s0 = {[@expl:type invariant] inv'9 _112} s1 + | s1 = -{resolve'5 _112}- s2 | s2 = {[@expl:type invariant] inv'3 map} s3 | s3 = -{resolve'2 map}- s4 - | s4 = bb39 ] + | s4 = bb59 ] - | bb36 = bb37 - | bb37 = s0 - [ s0 = v_Root'0 {_84.current} + | bb56 = bb57 + | bb57 = s0 + [ s0 = v_Root'0 {_112.current} (fun (rrank'0:UInt64.t) (rvalue'0:t_T'0) -> - MutBorrow.borrow_final {rrank'0} {MutBorrow.inherit_id (MutBorrow.get_id _84) 1} + MutBorrow.borrow_final {rrank'0} {MutBorrow.inherit_id (MutBorrow.get_id _112) 1} (fun (_ret':MutBorrow.t UInt64.t) -> [ &rank <- _ret' ] - [ &_84 <- { _84 with current = C_Root'0 _ret'.final rvalue'0 } ] + [ &_112 <- { _112 with current = C_Root'0 _ret'.final rvalue'0 } ] s1)) - | s1 = add_no_overflow'0 {rx} {[%#sunion_find4] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_89 <- _ret' ] s2) - | s2 = bb38 ] - - | bb38 = s0 - [ s0 = [ &rank <- { rank with current = _89 } ] s1 - | s1 = -{resolve'4 rank}- s2 - | s2 = {[@expl:type invariant] inv'5 _84} s3 - | s3 = -{resolve'3 _84}- s4 + | s1 = add_no_overflow'0 {rx} {[%#sunion_find4] (1 : UInt64.t)} (fun (_ret':UInt64.t) -> [ &_117 <- _ret' ] s2) + | s2 = bb58 ] + + | bb58 = s0 + [ s0 = [ &rank <- { rank with current = _117 } ] s1 + | s1 = -{resolve'6 rank}- s2 + | s2 = {[@expl:type invariant] inv'9 _112} s3 + | s3 = -{resolve'5 _112}- s4 | s4 = {[@expl:type invariant] inv'3 map} s5 | s5 = -{resolve'2 map}- s6 - | s6 = bb39 ] + | s6 = bb59 ] - | bb39 = bb40 - | bb40 = bb42 - | bb41 = s0 [ s0 = {[@expl:type invariant] inv'3 map} s1 | s1 = -{resolve'2 map}- s2 | s2 = bb42 ] - | bb42 = s0 + | bb59 = bb60 + | bb60 = bb62 + | bb61 = s0 [ s0 = {[@expl:type invariant] inv'3 map} s1 | s1 = -{resolve'2 map}- s2 | s2 = bb62 ] + | bb62 = s0 [ s0 = - [ &_91 <- [%#sunion_find5] Snapshot.new (Mapping.from_fn (fun (z : t_Element'0) -> if index_logic'0 (Snapshot.inner (self.current).t_UnionFind__root_of'0) z + [ &_119 <- [%#sunion_find5] Snapshot.new (Mapping.from_fn (fun (z : t_Element'0) -> if index_logic'0 (Snapshot.inner (self.current).t_UnionFind__root_of'0) z = y then x else @@ -5756,12 +5440,12 @@ module M_union_find__implementation__qyi1944850640244667852__link [#"union_find. )) ] s1 - | s1 = bb43 ] + | s1 = bb63 ] - | bb43 = s0 - [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__root_of'0 = _91 } } ] s1 + | bb63 = s0 + [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__root_of'0 = _119 } } ] s1 | s1 = - [ &_93 <- [%#sunion_find6] Snapshot.new (Mapping.from_fn (fun (z : t_Element'0) -> if index_logic'0 (Snapshot.inner (self.current).t_UnionFind__root_of'0) z + [ &_121 <- [%#sunion_find6] Snapshot.new (Mapping.from_fn (fun (z : t_Element'0) -> if index_logic'0 (Snapshot.inner (self.current).t_UnionFind__root_of'0) z = x then vx else @@ -5769,35 +5453,35 @@ module M_union_find__implementation__qyi1944850640244667852__link [#"union_find. )) ] s2 - | s2 = bb44 ] + | s2 = bb64 ] - | bb44 = s0 - [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__values'0 = _93 } } ] s1 - | s1 = [ &_95 <- [%#sunion_find7] Snapshot.new (Snapshot.inner (self.current).t_UnionFind__max_depth'0 + 1) ] s2 - | s2 = bb45 ] + | bb64 = s0 + [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__values'0 = _121 } } ] s1 + | s1 = [ &_123 <- [%#sunion_find7] Snapshot.new (Snapshot.inner (self.current).t_UnionFind__max_depth'0 + 1) ] s2 + | s2 = bb65 ] - | bb45 = s0 - [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__max_depth'0 = _95 } } ] s1 + | bb65 = s0 + [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__max_depth'0 = _123 } } ] s1 | s1 = - [ &_97 <- [%#sunion_find8] Snapshot.new (Map.set (Snapshot.inner (self.current).t_UnionFind__distance'0) x (1 + [ &_125 <- [%#sunion_find8] Snapshot.new (Map.set (Snapshot.inner (self.current).t_UnionFind__distance'0) x (1 + MinMax.max (index_logic'2 (Snapshot.inner (self.current).t_UnionFind__distance'0) x) (index_logic'2 (Snapshot.inner (self.current).t_UnionFind__distance'0) y))) ] s2 - | s2 = bb46 ] + | s2 = bb66 ] - | bb46 = s0 - [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__distance'0 = _97 } } ] s1 + | bb66 = s0 + [ s0 = [ &self <- { self with current = { self.current with t_UnionFind__distance'0 = _125 } } ] s1 | s1 = {[@expl:type invariant] inv'0 self} s2 | s2 = -{resolve'0 self}- s3 | s3 = [ &_0 <- x ] s4 - | s4 = bb47 ] - - | bb47 = bb48 - | bb48 = bb49 - | bb49 = bb50 - | bb50 = bb51 - | bb51 = bb52 - | bb52 = return' {_0} ] + | s4 = bb67 ] + + | bb67 = bb68 + | bb68 = bb69 + | bb69 = bb70 + | bb70 = bb71 + | bb71 = bb72 + | bb72 = return' {_0} ] ) [ & _0 : t_Element'0 = Intrinsic.any_l () | & self : MutBorrow.t (t_UnionFind'0) = self @@ -5807,46 +5491,67 @@ module M_union_find__implementation__qyi1944850640244667852__link [#"union_find. | & map : t_GhostBox'1 = Intrinsic.any_l () | & _19 : MutBorrow.t (t_GhostBox'0) = Intrinsic.any_l () | & perm_x : t_GhostBox'2 = Intrinsic.any_l () - | & _21 : closure9'1 = Intrinsic.any_l () - | & _24 : () = Intrinsic.any_l () + | & _21 : t_PtrOwn'0 = Intrinsic.any_l () + | & _22 : t_Option'0 = Intrinsic.any_l () + | & _24 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () + | & _27 : Snapshot.snap_ty (int) = Intrinsic.any_l () + | & _28 : Snapshot.snap_ty (int) = Intrinsic.any_l () | & perm_y : t_GhostBox'2 = Intrinsic.any_l () - | & _26 : closure10'1 = Intrinsic.any_l () - | & _29 : () = Intrinsic.any_l () + | & _31 : t_PtrOwn'0 = Intrinsic.any_l () + | & _32 : t_Option'0 = Intrinsic.any_l () + | & _34 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () + | & _37 : Snapshot.snap_ty (int) = Intrinsic.any_l () + | & _38 : Snapshot.snap_ty (int) = Intrinsic.any_l () | & rx : UInt64.t = Intrinsic.any_l () | & vx : t_T'0 = Intrinsic.any_l () - | & _33 : t_Content'0 = Intrinsic.any_l () + | & _43 : t_Content'0 = Intrinsic.any_l () | & ry : UInt64.t = Intrinsic.any_l () | & vy : t_T'0 = Intrinsic.any_l () - | & _40 : t_Content'0 = Intrinsic.any_l () - | & _44 : bool = Intrinsic.any_l () + | & _50 : t_Content'0 = Intrinsic.any_l () + | & _54 : bool = Intrinsic.any_l () | & perm_mut_x : t_GhostBox'3 = Intrinsic.any_l () - | & _48 : closure11'1 = Intrinsic.any_l () - | & _49 : MutBorrow.t (t_GhostBox'1) = Intrinsic.any_l () - | & _51 : () = Intrinsic.any_l () - | & _52 : t_Content'0 = Intrinsic.any_l () - | & _54 : MutBorrow.t (t_Content'0) = Intrinsic.any_l () - | & _57 : Snapshot.snap_ty (Map.map (t_Element'0) (t_Element'0)) = Intrinsic.any_l () - | & _59 : Snapshot.snap_ty (Map.map (t_Element'0) t_T'0) = Intrinsic.any_l () - | & _61 : Snapshot.snap_ty (int) = Intrinsic.any_l () - | & _63 : Snapshot.snap_ty (Map.map (t_Element'0) (int)) = Intrinsic.any_l () + | & _58 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () + | & _59 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () + | & _60 : t_Option'1 = Intrinsic.any_l () + | & _61 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () + | & _62 : MutBorrow.t (MutBorrow.t (t_FMap'0)) = Intrinsic.any_l () + | & _63 : MutBorrow.t (t_GhostBox'1) = Intrinsic.any_l () + | & _65 : Snapshot.snap_ty (int) = Intrinsic.any_l () + | & _66 : Snapshot.snap_ty (int) = Intrinsic.any_l () + | & _68 : t_Content'0 = Intrinsic.any_l () + | & _70 : MutBorrow.t (t_Content'0) = Intrinsic.any_l () + | & _73 : Snapshot.snap_ty (Map.map (t_Element'0) (t_Element'0)) = Intrinsic.any_l () + | & _75 : Snapshot.snap_ty (Map.map (t_Element'0) t_T'0) = Intrinsic.any_l () + | & _77 : Snapshot.snap_ty (int) = Intrinsic.any_l () + | & _79 : Snapshot.snap_ty (Map.map (t_Element'0) (int)) = Intrinsic.any_l () | & perm_mut_y : t_GhostBox'3 = Intrinsic.any_l () - | & _66 : closure16'1 = Intrinsic.any_l () - | & _67 : MutBorrow.t (t_GhostBox'1) = Intrinsic.any_l () - | & _69 : () = Intrinsic.any_l () - | & _70 : t_Content'0 = Intrinsic.any_l () - | & _72 : MutBorrow.t (t_Content'0) = Intrinsic.any_l () - | & _76 : bool = Intrinsic.any_l () + | & _82 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () + | & _83 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () + | & _84 : t_Option'1 = Intrinsic.any_l () + | & _85 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () + | & _86 : MutBorrow.t (MutBorrow.t (t_FMap'0)) = Intrinsic.any_l () + | & _87 : MutBorrow.t (t_GhostBox'1) = Intrinsic.any_l () + | & _89 : Snapshot.snap_ty (int) = Intrinsic.any_l () + | & _90 : Snapshot.snap_ty (int) = Intrinsic.any_l () + | & _92 : t_Content'0 = Intrinsic.any_l () + | & _94 : MutBorrow.t (t_Content'0) = Intrinsic.any_l () + | & _98 : bool = Intrinsic.any_l () | & perm_mut_x1 : t_GhostBox'3 = Intrinsic.any_l () - | & _80 : closure17'1 = Intrinsic.any_l () - | & _81 : MutBorrow.t (t_GhostBox'1) = Intrinsic.any_l () - | & _83 : () = Intrinsic.any_l () - | & _84 : MutBorrow.t (t_Content'0) = Intrinsic.any_l () + | & _102 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () + | & _103 : MutBorrow.t (t_PtrOwn'0) = Intrinsic.any_l () + | & _104 : t_Option'1 = Intrinsic.any_l () + | & _105 : MutBorrow.t (t_FMap'0) = Intrinsic.any_l () + | & _106 : MutBorrow.t (MutBorrow.t (t_FMap'0)) = Intrinsic.any_l () + | & _107 : MutBorrow.t (t_GhostBox'1) = Intrinsic.any_l () + | & _109 : Snapshot.snap_ty (int) = Intrinsic.any_l () + | & _110 : Snapshot.snap_ty (int) = Intrinsic.any_l () + | & _112 : MutBorrow.t (t_Content'0) = Intrinsic.any_l () | & rank : MutBorrow.t UInt64.t = Intrinsic.any_l () - | & _89 : UInt64.t = Intrinsic.any_l () - | & _91 : Snapshot.snap_ty (Map.map (t_Element'0) (t_Element'0)) = Intrinsic.any_l () - | & _93 : Snapshot.snap_ty (Map.map (t_Element'0) t_T'0) = Intrinsic.any_l () - | & _95 : Snapshot.snap_ty (int) = Intrinsic.any_l () - | & _97 : Snapshot.snap_ty (Map.map (t_Element'0) (int)) = Intrinsic.any_l () ] + | & _117 : UInt64.t = Intrinsic.any_l () + | & _119 : Snapshot.snap_ty (Map.map (t_Element'0) (t_Element'0)) = Intrinsic.any_l () + | & _121 : Snapshot.snap_ty (Map.map (t_Element'0) t_T'0) = Intrinsic.any_l () + | & _123 : Snapshot.snap_ty (int) = Intrinsic.any_l () + | & _125 : Snapshot.snap_ty (Map.map (t_Element'0) (int)) = Intrinsic.any_l () ] [ return' (result:t_Element'0)-> {[@expl:link ensures #0] [%#sunion_find14] domain'0 self.final = domain'0 self.current} diff --git a/creusot/tests/should_succeed/union_find/proof.json b/creusot/tests/should_succeed/union_find/proof.json index dbd8b754e8..f7fd14c225 100644 --- a/creusot/tests/should_succeed/union_find/proof.json +++ b/creusot/tests/should_succeed/union_find/proof.json @@ -10,9 +10,9 @@ "vc_example'0": { "prover": "alt-ergo@2.6.0", "time": 0.207 }, "vc_find'0": { "prover": "cvc5@1.0.5", "time": 0.041 }, "vc_get'0": { "prover": "cvc5@1.0.5", "time": 0.041 }, - "vc_make'0": { "prover": "cvc5@1.0.5", "time": 0.04 }, + "vc_make'0": { "prover": "cvc5@1.0.5", "time": 0.019 }, "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.022 }, - "vc_union'0": { "prover": "cvc5@1.0.5", "time": 0.018 } + "vc_union'0": { "prover": "cvc5@1.0.5", "time": 0.036 } }, "M_union_find__example_addrs_eq": { "vc_eq'0": { "prover": "cvc5@1.0.5", "time": 0.017 }, @@ -663,50 +663,46 @@ "vc_as_ref'0": { "prover": "cvc5@1.0.5", "time": 0.022 }, "vc_borrow'0": { "prover": "cvc5@1.0.5", "time": 0.016 }, "vc_borrow_mut'0": { "prover": "cvc5@1.0.5", "time": 0.038 }, - "vc_closure5'0": { "prover": "cvc5@1.0.5", "time": 0.02 }, - "vc_closure6'0": { "prover": "cvc5@1.0.5", "time": 0.021 }, "vc_deref'0": { "prover": "cvc5@1.0.5", "time": 0.03 }, "vc_deref_mut'0": { "prover": "cvc5@1.0.5", "time": 0.019 }, "vc_find_inner'0": { "tactic": "split_vc", "children": [ - { "prover": "cvc5@1.0.5", "time": 0.136 }, - { "prover": "cvc5@1.0.5", "time": 0.059 }, + { "prover": "cvc5@1.0.5", "time": 0.1 }, + { "prover": "cvc5@1.0.5", "time": 0.051 }, + { "prover": "cvc5@1.0.5", "time": 0.041 }, + { "prover": "cvc5@1.0.5", "time": 0.055 }, + { "prover": "cvc5@1.0.5", "time": 0.048 }, + { "prover": "cvc5@1.0.5", "time": 0.035 }, + { "prover": "cvc5@1.0.5", "time": 0.112 }, { "prover": "cvc5@1.0.5", "time": 0.052 }, - { "prover": "cvc5@1.0.5", "time": 0.066 }, - { "prover": "cvc5@1.0.5", "time": 0.042 }, - { "prover": "cvc5@1.0.5", "time": 0.155 }, + { "prover": "cvc5@1.0.5", "time": 0.032 }, + { "prover": "cvc5@1.0.5", "time": 0.139 }, { "prover": "cvc5@1.0.5", "time": 0.043 }, - { "prover": "cvc5@1.0.5", "time": 0.039 }, - { "prover": "cvc5@1.0.5", "time": 0.041 }, - { "prover": "cvc5@1.0.5", "time": 0.136 }, - { "prover": "cvc5@1.0.5", "time": 0.041 }, - { "prover": "cvc5@1.0.5", "time": 0.17 }, + { "prover": "cvc5@1.0.5", "time": 0.204 }, + { "prover": "cvc5@1.0.5", "time": 0.103 }, + { "prover": "cvc5@1.0.5", "time": 0.056 }, + { "prover": "cvc5@1.0.5", "time": 0.034 }, + { "prover": "cvc5@1.0.5", "time": 0.151 }, + { "prover": "cvc5@1.0.5", "time": 0.11 }, + { "prover": "cvc5@1.0.5", "time": 0.171 }, { "prover": "cvc5@1.0.5", "time": 0.103 }, - { "prover": "cvc5@1.0.5", "time": 0.072 }, - { "prover": "cvc5@1.0.5", "time": 0.045 }, - { "prover": "cvc5@1.0.5", "time": 0.122 }, - { "prover": "cvc5@1.0.5", "time": 0.111 }, - { "prover": "cvc5@1.0.5", "time": 0.205 }, { "prover": "cvc5@1.0.5", "time": 0.109 }, - { "prover": "cvc5@1.0.5", "time": 0.14 }, + { "prover": "cvc5@1.0.5", "time": 0.049 }, + { "prover": "cvc5@1.0.5", "time": 0.105 }, + { "prover": "cvc5@1.0.5", "time": 0.125 }, + { "prover": "cvc5@1.0.5", "time": 0.078 }, + { "prover": "cvc5@1.0.5", "time": 0.066 }, + { "prover": "cvc5@1.0.5", "time": 0.061 }, + { "prover": "cvc5@1.0.5", "time": 0.126 }, + { "prover": "cvc5@1.0.5", "time": 0.172 }, + { "prover": "cvc5@1.0.5", "time": 0.13 }, + { "prover": "cvc5@1.0.5", "time": 0.168 }, + { "prover": "cvc5@1.0.5", "time": 0.124 }, { "prover": "cvc5@1.0.5", "time": 0.039 }, - { "prover": "cvc5@1.0.5", "time": 0.044 }, + { "prover": "cvc5@1.0.5", "time": 0.32 }, + { "prover": "cvc5@1.0.5", "time": 0.098 }, { "prover": "cvc5@1.0.5", "time": 0.139 }, - { "prover": "cvc5@1.0.5", "time": 0.134 }, - { "prover": "cvc5@1.0.5", "time": 0.136 }, - { "prover": "cvc5@1.0.5", "time": 0.055 }, - { "prover": "cvc5@1.0.5", "time": 0.043 }, - { "prover": "cvc5@1.0.5", "time": 0.201 }, - { "prover": "cvc5@1.0.5", "time": 0.205 }, - { "prover": "cvc5@1.0.5", "time": 0.151 }, - { "prover": "cvc5@1.0.5", "time": 0.172 }, - { "prover": "cvc5@1.0.5", "time": 0.154 }, - { "prover": "cvc5@1.0.5", "time": 0.171 }, - { "prover": "cvc5@1.0.5", "time": 0.043 }, - { "prover": "cvc5@1.0.5", "time": 0.234 }, - { "prover": "cvc5@1.0.5", "time": 0.167 }, - { "prover": "cvc5@1.0.5", "time": 0.161 }, { "prover": "cvc5@1.0.5", "time": 0.039 }, { "tactic": "split_vc", @@ -717,52 +713,69 @@ { "tactic": "split_vc", "children": [ - { "prover": "cvc5@1.0.5", "time": 0.283 }, - { "prover": "cvc5@1.0.5", "time": 0.328 }, - { "prover": "cvc4@1.8", "time": 0.386 }, - { "prover": "cvc5@1.0.5", "time": 0.278 }, - { "prover": "cvc5@1.0.5", "time": 0.277 }, - { "prover": "cvc5@1.0.5", "time": 0.32 }, - { "prover": "cvc4@1.8", "time": 0.419 }, - { "prover": "alt-ergo@2.6.0", "time": 0.417 }, - { "prover": "alt-ergo@2.6.0", "time": 0.456 }, - { "prover": "cvc4@1.8", "time": 0.479 }, - { "prover": "cvc4@1.8", "time": 0.485 }, - { "prover": "cvc4@1.8", "time": 0.289 }, - { "prover": "cvc5@1.0.5", "time": 0.237 }, - { "prover": "cvc4@1.8", "time": 0.164 }, - { "prover": "cvc4@1.8", "time": 0.31 }, - { "prover": "cvc4@1.8", "time": 0.397 }, - { "prover": "z3@4.12.4", "time": 0.066 }, - { "prover": "z3@4.12.4", "time": 0.085 }, - { "prover": "cvc5@1.0.5", "time": 0.202 }, - { "prover": "cvc4@1.8", "time": 0.179 }, + { "prover": "cvc5@1.0.5", "time": 0.149 }, { "prover": "z3@4.12.4", "time": 0.068 }, - { "prover": "cvc5@1.0.5", "time": 0.183 }, - { "prover": "cvc5@1.0.5", "time": 0.183 }, - { "prover": "cvc4@1.8", "time": 0.236 }, - { "prover": "z3@4.12.4", "time": 0.052 }, - { "prover": "z3@4.12.4", "time": 0.057 }, - { "prover": "z3@4.12.4", "time": 0.066 }, - { "prover": "cvc4@1.8", "time": 0.582 }, - { "prover": "cvc4@1.8", "time": 0.278 }, - { "prover": "alt-ergo@2.6.0", "time": 0.432 }, - { "prover": "cvc4@1.8", "time": 0.315 }, - { "prover": "cvc4@1.8", "time": 0.387 }, - { "prover": "cvc4@1.8", "time": 0.525 }, - { "prover": "cvc4@1.8", "time": 0.184 }, - { "prover": "cvc4@1.8", "time": 0.256 } + { "prover": "cvc5@1.0.5", "time": 0.338 }, + { "prover": "cvc5@1.0.5", "time": 0.143 }, + { "prover": "cvc4@1.8", "time": 0.179 }, + { "prover": "cvc4@1.8", "time": 0.149 }, + { "prover": "cvc4@1.8", "time": 0.295 }, + { "prover": "cvc5@1.0.5", "time": 0.421 }, + { "prover": "alt-ergo@2.6.0", "time": 0.341 }, + { "prover": "cvc5@1.0.5", "time": 0.351 }, + { "prover": "cvc5@1.0.5", "time": 0.265 }, + { "prover": "cvc5@1.0.5", "time": 0.364 }, + { "prover": "cvc5@1.0.5", "time": 0.101 }, + { "prover": "z3@4.12.4", "time": 0.039 }, + { "prover": "z3@4.12.4", "time": 0.043 }, + { "prover": "cvc4@1.8", "time": 0.161 }, + { "prover": "z3@4.12.4", "time": 0.037 }, + { "prover": "z3@4.12.4", "time": 0.042 }, + { "prover": "cvc5@1.0.5", "time": 0.121 }, + { "prover": "z3@4.12.4", "time": 0.042 }, + { "prover": "z3@4.12.4", "time": 0.035 }, + { "prover": "cvc5@1.0.5", "time": 0.111 }, + { "prover": "cvc4@1.8", "time": 0.093 }, + { "prover": "z3@4.12.4", "time": 0.038 }, + { "prover": "z3@4.12.4", "time": 0.049 }, + { "prover": "z3@4.12.4", "time": 0.048 }, + { "prover": "z3@4.12.4", "time": 0.051 }, + { "prover": "z3@4.12.4", "time": 0.055 }, + { "prover": "z3@4.12.4", "time": 0.045 }, + { "prover": "alt-ergo@2.6.0", "time": 0.442 }, + { "prover": "cvc4@1.8", "time": 0.142 }, + { "prover": "z3@4.12.4", "time": 0.049 }, + { "prover": "z3@4.12.4", "time": 0.062 }, + { "prover": "z3@4.12.4", "time": 0.048 }, + { "prover": "z3@4.12.4", "time": 0.037 } ] } ] } ] }, - { "prover": "cvc5@1.0.5", "time": 0.347 }, - { "prover": "cvc5@1.0.5", "time": 0.156 }, - { "prover": "cvc5@1.0.5", "time": 0.071 }, - { "prover": "cvc5@1.0.5", "time": 0.341 }, - { "prover": "cvc5@1.0.5", "time": 0.065 } + { "prover": "cvc5@1.0.5", "time": 0.346 }, + { + "tactic": "split_vc", + "children": [ + { + "tactic": "compute_in_goal", + "children": [ + { + "tactic": "split_vc", + "children": [ + { "prover": "cvc5@1.0.5", "time": 0.144 }, + { "prover": "cvc5@1.0.5", "time": 0.144 }, + { "prover": "cvc4@1.8", "time": 0.11 } + ] + } + ] + } + ] + }, + { "prover": "cvc5@1.0.5", "time": 0.057 }, + { "prover": "cvc5@1.0.5", "time": 0.262 }, + { "prover": "cvc5@1.0.5", "time": 0.047 } ] }, "vc_get_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.023 }, @@ -777,7 +790,6 @@ "vc_addr'0": { "prover": "cvc5@1.0.5", "time": 0.028 }, "vc_as_ref'0": { "prover": "cvc5@1.0.5", "time": 0.036 }, "vc_borrow'0": { "prover": "cvc5@1.0.5", "time": 0.016 }, - "vc_closure3'0": { "prover": "cvc5@1.0.5", "time": 0.02 }, "vc_deref'0": { "prover": "cvc5@1.0.5", "time": 0.03 }, "vc_get'0": { "prover": "cvc5@1.0.5", "time": 0.121 }, "vc_get_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.028 }, @@ -791,11 +803,6 @@ "vc_as_mut'0": { "prover": "cvc5@1.0.5", "time": 0.029 }, "vc_as_ref'0": { "prover": "cvc5@1.0.5", "time": 0.044 }, "vc_borrow_mut'0": { "prover": "cvc5@1.0.5", "time": 0.028 }, - "vc_closure10'0": { "prover": "cvc5@1.0.5", "time": 0.038 }, - "vc_closure11'0": { "prover": "cvc5@1.0.5", "time": 0.017 }, - "vc_closure16'0": { "prover": "cvc5@1.0.5", "time": 0.021 }, - "vc_closure17'0": { "prover": "cvc5@1.0.5", "time": 0.022 }, - "vc_closure9'0": { "prover": "cvc5@1.0.5", "time": 0.036 }, "vc_deref'0": { "prover": "cvc5@1.0.5", "time": 0.028 }, "vc_deref_mut'0": { "prover": "cvc5@1.0.5", "time": 0.02 }, "vc_eq'0": { "prover": "cvc5@1.0.5", "time": 0.014 }, @@ -804,42 +811,40 @@ "vc_link'0": { "tactic": "split_vc", "children": [ - { "prover": "cvc5@1.0.5", "time": 0.128 }, - { "prover": "cvc5@1.0.5", "time": 0.122 }, - { "prover": "cvc5@1.0.5", "time": 0.069 }, - { "prover": "cvc5@1.0.5", "time": 0.133 }, - { "prover": "cvc5@1.0.5", "time": 0.073 }, + { "prover": "cvc5@1.0.5", "time": 0.086 }, + { "prover": "cvc5@1.0.5", "time": 0.071 }, + { "prover": "cvc5@1.0.5", "time": 0.045 }, + { "prover": "cvc5@1.0.5", "time": 0.087 }, { "prover": "cvc5@1.0.5", "time": 0.042 }, - { "prover": "cvc5@1.0.5", "time": 0.177 }, - { "prover": "cvc5@1.0.5", "time": 0.044 }, - { "prover": "cvc5@1.0.5", "time": 0.073 }, - { "prover": "cvc5@1.0.5", "time": 0.11 }, - { "prover": "cvc5@1.0.5", "time": 0.075 }, + { "prover": "cvc5@1.0.5", "time": 0.026 }, + { "prover": "cvc5@1.0.5", "time": 0.112 }, { "prover": "cvc5@1.0.5", "time": 0.036 }, - { "prover": "cvc5@1.0.5", "time": 0.153 }, - { "prover": "cvc5@1.0.5", "time": 0.044 }, - { "prover": "cvc5@1.0.5", "time": 0.035 }, - { "prover": "cvc5@1.0.5", "time": 0.201 }, - { "prover": "cvc5@1.0.5", "time": 0.038 }, - { "prover": "cvc5@1.0.5", "time": 0.201 }, - { "prover": "cvc5@1.0.5", "time": 0.068 }, - { "prover": "cvc5@1.0.5", "time": 0.04 }, - { "prover": "cvc5@1.0.5", "time": 0.123 }, - { "prover": "cvc5@1.0.5", "time": 0.104 }, - { "prover": "cvc5@1.0.5", "time": 0.124 }, - { "prover": "cvc5@1.0.5", "time": 0.075 }, { "prover": "cvc5@1.0.5", "time": 0.045 }, - { "prover": "cvc5@1.0.5", "time": 0.119 }, - { "prover": "cvc5@1.0.5", "time": 0.142 }, - { "prover": "cvc5@1.0.5", "time": 0.14 }, - { "prover": "cvc5@1.0.5", "time": 0.149 }, - { "prover": "cvc5@1.0.5", "time": 0.127 }, - { "prover": "cvc5@1.0.5", "time": 0.156 }, - { "prover": "cvc5@1.0.5", "time": 0.041 }, - { "prover": "cvc5@1.0.5", "time": 0.213 }, - { "prover": "cvc5@1.0.5", "time": 0.158 }, - { "prover": "cvc5@1.0.5", "time": 0.167 }, - { "prover": "cvc5@1.0.5", "time": 0.034 }, + { "prover": "cvc5@1.0.5", "time": 0.077 }, + { "prover": "cvc5@1.0.5", "time": 0.052 }, + { "prover": "cvc5@1.0.5", "time": 0.028 }, + { "prover": "cvc5@1.0.5", "time": 0.105 }, + { "prover": "cvc5@1.0.5", "time": 0.032 }, + { "prover": "cvc5@1.0.5", "time": 0.029 }, + { "prover": "cvc5@1.0.5", "time": 0.117 }, + { "prover": "cvc5@1.0.5", "time": 0.029 }, + { "prover": "cvc5@1.0.5", "time": 0.129 }, + { "prover": "cvc5@1.0.5", "time": 0.033 }, + { "prover": "cvc5@1.0.5", "time": 0.085 }, + { "prover": "cvc5@1.0.5", "time": 0.08 }, + { "prover": "cvc5@1.0.5", "time": 0.078 }, + { "prover": "cvc5@1.0.5", "time": 0.051 }, + { "prover": "cvc5@1.0.5", "time": 0.028 }, + { "prover": "cvc5@1.0.5", "time": 0.114 }, + { "prover": "cvc5@1.0.5", "time": 0.09 }, + { "prover": "cvc5@1.0.5", "time": 0.081 }, + { "prover": "cvc5@1.0.5", "time": 0.087 }, + { "prover": "cvc5@1.0.5", "time": 0.084 }, + { "prover": "cvc5@1.0.5", "time": 0.047 }, + { "prover": "cvc5@1.0.5", "time": 0.148 }, + { "prover": "cvc5@1.0.5", "time": 0.122 }, + { "prover": "cvc5@1.0.5", "time": 0.108 }, + { "prover": "cvc5@1.0.5", "time": 0.05 }, { "tactic": "split_vc", "children": [ @@ -849,87 +854,62 @@ { "tactic": "split_vc", "children": [ - { "prover": "cvc5@1.0.5", "time": 0.161 }, - { "prover": "cvc5@1.0.5", "time": 0.33 }, - { "prover": "cvc5@1.0.5", "time": 0.389 }, - { "prover": "cvc5@1.0.5", "time": 0.214 }, - { "prover": "cvc5@1.0.5", "time": 0.269 }, - { "prover": "cvc5@1.0.5", "time": 0.282 }, - { "prover": "cvc5@1.0.5", "time": 0.312 }, - { "prover": "cvc4@1.8", "time": 0.379 }, - { "prover": "alt-ergo@2.6.0", "time": 0.555 }, - { "prover": "alt-ergo@2.6.0", "time": 0.444 }, - { "prover": "alt-ergo@2.6.0", "time": 0.444 }, - { "prover": "cvc5@1.0.5", "time": 0.508 }, - { "prover": "cvc5@1.0.5", "time": 0.23 }, - { "prover": "alt-ergo@2.6.0", "time": 0.133 }, - { "prover": "z3@4.12.4", "time": 0.847 }, - { "prover": "alt-ergo@2.6.0", "time": 0.33 }, - { "prover": "z3@4.12.4", "time": 0.065 }, - { "prover": "cvc4@1.8", "time": 0.416 }, - { "prover": "cvc5@1.0.5", "time": 0.168 }, - { "prover": "cvc5@1.0.5", "time": 0.192 }, + { "prover": "cvc5@1.0.5", "time": 0.112 }, + { "prover": "cvc5@1.0.5", "time": 0.172 }, + { "prover": "cvc4@1.8", "time": 0.18 }, + { "prover": "cvc5@1.0.5", "time": 0.151 }, + { "prover": "cvc5@1.0.5", "time": 0.182 }, + { "prover": "cvc4@1.8", "time": 0.201 }, + { "prover": "cvc4@1.8", "time": 0.16 }, + { "prover": "cvc4@1.8", "time": 0.166 }, + { "prover": "cvc5@1.0.5", "time": 0.471 }, + { "prover": "cvc5@1.0.5", "time": 0.315 }, + { "prover": "cvc5@1.0.5", "time": 0.443 }, + { "prover": "cvc5@1.0.5", "time": 0.433 }, + { "prover": "cvc5@1.0.5", "time": 0.127 }, + { "prover": "alt-ergo@2.6.0", "time": 0.125 }, + { "prover": "alt-ergo@2.6.0", "time": 0.179 }, + { "prover": "alt-ergo@2.6.0", "time": 0.213 }, + { "prover": "z3@4.12.4", "time": 0.043 }, + { "prover": "z3@4.12.4", "time": 0.046 }, + { "prover": "cvc5@1.0.5", "time": 0.101 }, + { "prover": "cvc5@1.0.5", "time": 0.194 }, + { "prover": "cvc4@1.8", "time": 0.16 }, + { "prover": "cvc5@1.0.5", "time": 0.129 }, + { "prover": "cvc5@1.0.5", "time": 0.1 }, + { "prover": "cvc5@1.0.5", "time": 0.163 }, + { "prover": "cvc4@1.8", "time": 0.151 }, + { "prover": "z3@4.12.4", "time": 0.054 }, + { "prover": "z3@4.12.4", "time": 0.046 }, + { "prover": "z3@4.12.4", "time": 0.057 }, + { "prover": "z3@4.12.4", "time": 0.047 }, + { "prover": "alt-ergo@2.6.0", "time": 0.129 }, + { "prover": "cvc5@1.0.5", "time": 0.135 }, { "prover": "z3@4.12.4", "time": 0.044 }, - { "prover": "cvc5@1.0.5", "time": 0.121 }, - { "prover": "cvc5@1.0.5", "time": 0.247 }, - { "prover": "cvc5@1.0.5", "time": 0.367 }, - { "prover": "cvc4@1.8", "time": 0.266 }, - { "prover": "z3@4.12.4", "time": 0.075 }, - { "prover": "cvc4@1.8", "time": 0.292 }, - { "prover": "cvc4@1.8", "time": 0.277 }, - { "prover": "z3@4.12.4", "time": 0.061 }, - { "prover": "alt-ergo@2.6.0", "time": 0.128 }, - { "prover": "cvc5@1.0.5", "time": 0.219 }, - { "prover": "cvc5@1.0.5", "time": 0.413 }, - { "prover": "cvc5@1.0.5", "time": 0.425 }, - { "prover": "cvc4@1.8", "time": 0.336 }, - { "prover": "cvc5@1.0.5", "time": 0.221 } + { "prover": "z3@4.12.4", "time": 0.04 }, + { "prover": "z3@4.12.4", "time": 0.069 }, + { "prover": "z3@4.12.4", "time": 0.052 } ] } ] } ] }, - { "prover": "cvc5@1.0.5", "time": 0.201 }, - { "prover": "z3@4.12.4", "time": 0.022 }, - { "prover": "cvc5@1.0.5", "time": 0.235 }, - { "prover": "cvc4@1.8", "time": 0.176 }, - { "prover": "cvc5@1.0.5", "time": 0.26 }, + { "prover": "cvc5@1.0.5", "time": 0.138 }, { "tactic": "split_vc", "children": [ { "tactic": "compute_in_goal", - "children": [ - { - "tactic": "split_vc", - "children": [ - { "prover": "cvc4@1.8", "time": 0.389 }, - { "prover": "z3@4.12.4", "time": 0.046 }, - { "prover": "z3@4.12.4", "time": 0.048 }, - { "prover": "z3@4.12.4", "time": 0.053 } - ] - } - ] + "children": [ { "prover": "cvc5@1.0.5", "time": 0.049 } ] } ] }, - { "prover": "cvc5@1.0.5", "time": 0.045 }, - { "prover": "cvc5@1.0.5", "time": 0.165 }, - { "prover": "z3@4.12.4", "time": 0.045 }, - { "prover": "cvc4@1.8", "time": 0.123 }, - { "prover": "alt-ergo@2.6.0", "time": 0.067 }, - { "prover": "cvc5@1.0.5", "time": 0.048 }, - { "prover": "cvc5@1.0.5", "time": 0.178 }, - { "prover": "cvc5@1.0.5", "time": 0.181 }, - { "prover": "cvc5@1.0.5", "time": 0.198 }, - { "prover": "cvc5@1.0.5", "time": 0.225 }, - { "prover": "cvc5@1.0.5", "time": 0.183 }, - { "prover": "cvc5@1.0.5", "time": 0.21 }, - { "prover": "cvc5@1.0.5", "time": 0.048 }, - { "prover": "cvc5@1.0.5", "time": 0.278 }, - { "prover": "cvc5@1.0.5", "time": 0.361 }, - { "prover": "cvc5@1.0.5", "time": 0.043 }, + { "prover": "cvc5@1.0.5", "time": 0.141 }, + { "prover": "cvc5@1.0.5", "time": 0.161 }, + { "prover": "cvc5@1.0.5", "time": 0.162 }, + { "prover": "cvc4@1.8", "time": 0.046 }, + { "prover": "cvc5@1.0.5", "time": 0.104 }, { "tactic": "split_vc", "children": [ @@ -939,54 +919,26 @@ { "tactic": "split_vc", "children": [ - { "prover": "cvc5@1.0.5", "time": 0.277 }, - { "prover": "cvc5@1.0.5", "time": 0.381 }, - { "prover": "cvc4@1.8", "time": 0.421 }, - { "prover": "cvc5@1.0.5", "time": 0.358 }, - { "prover": "cvc5@1.0.5", "time": 0.256 }, - { "prover": "cvc5@1.0.5", "time": 0.367 }, - { "prover": "cvc5@1.0.5", "time": 0.411 }, - { "prover": "cvc4@1.8", "time": 0.456 }, - { "prover": "cvc4@1.8", "time": 0.472 }, - { "prover": "cvc5@1.0.5", "time": 0.442 }, - { "prover": "cvc5@1.0.5", "time": 0.829 }, - { "prover": "cvc5@1.0.5", "time": 0.46 }, - { "prover": "cvc5@1.0.5", "time": 0.4 }, - { "prover": "z3@4.12.4", "time": 0.887 }, - { "prover": "cvc4@1.8", "time": 0.451 }, - { "prover": "cvc4@1.8", "time": 0.376 }, - { "prover": "cvc4@1.8", "time": 0.523 }, - { "prover": "z3@4.12.4", "time": 0.05 }, - { "prover": "cvc5@1.0.5", "time": 0.228 }, - { "prover": "cvc5@1.0.5", "time": 0.326 }, - { "prover": "cvc5@1.0.5", "time": 0.344 }, - { "prover": "cvc5@1.0.5", "time": 0.212 }, - { "prover": "cvc5@1.0.5", "time": 0.236 }, - { "prover": "cvc5@1.0.5", "time": 0.335 }, - { "prover": "cvc5@1.0.5", "time": 0.438 }, - { "prover": "cvc4@1.8", "time": 0.276 }, - { "prover": "cvc4@1.8", "time": 0.418 }, - { "prover": "cvc4@1.8", "time": 0.361 }, - { "prover": "cvc4@1.8", "time": 0.415 }, - { "prover": "alt-ergo@2.6.0", "time": 0.347 }, - { "prover": "cvc5@1.0.5", "time": 0.287 }, - { "prover": "cvc4@1.8", "time": 0.463 }, - { "prover": "cvc4@1.8", "time": 0.374 }, - { "prover": "cvc4@1.8", "time": 0.196 }, - { "prover": "cvc5@1.0.5", "time": 0.256 } + { "prover": "cvc4@1.8", "time": 0.176 }, + { "prover": "z3@4.12.4", "time": 0.074 } ] } ] } ] }, - { "prover": "cvc5@1.0.5", "time": 0.265 }, - { "prover": "cvc5@1.0.5", "time": 0.048 }, - { "prover": "cvc5@1.0.5", "time": 0.309 }, - { "prover": "cvc5@1.0.5", "time": 0.331 }, - { "prover": "cvc4@1.8", "time": 0.38 }, - { "prover": "z3@4.12.4", "time": 0.025 }, - { "prover": "cvc5@1.0.5", "time": 0.05 }, + { "prover": "cvc5@1.0.5", "time": 0.104 }, + { "prover": "cvc5@1.0.5", "time": 0.051 }, + { "prover": "z3@4.12.4", "time": 0.027 }, + { "prover": "cvc4@1.8", "time": 0.099 }, + { "prover": "alt-ergo@2.6.0", "time": 0.096 }, + { "prover": "cvc5@1.0.5", "time": 0.129 }, + { "prover": "cvc5@1.0.5", "time": 0.134 }, + { "prover": "cvc5@1.0.5", "time": 0.129 }, + { "prover": "cvc5@1.0.5", "time": 0.03 }, + { "prover": "cvc5@1.0.5", "time": 0.18 }, + { "prover": "cvc5@1.0.5", "time": 0.231 }, + { "prover": "cvc5@1.0.5", "time": 0.04 }, { "tactic": "split_vc", "children": [ @@ -996,120 +948,166 @@ { "tactic": "split_vc", "children": [ + { "prover": "cvc4@1.8", "time": 0.141 }, + { "prover": "cvc4@1.8", "time": 0.165 }, + { "prover": "alt-ergo@2.6.0", "time": 0.317 }, + { "prover": "cvc5@1.0.5", "time": 0.179 }, + { "prover": "alt-ergo@2.6.0", "time": 0.189 }, + { "prover": "cvc5@1.0.5", "time": 0.332 }, + { "prover": "cvc4@1.8", "time": 0.207 }, + { "prover": "cvc4@1.8", "time": 0.319 }, + { "prover": "cvc5@1.0.5", "time": 0.513 }, + { "prover": "cvc5@1.0.5", "time": 0.378 }, + { "prover": "cvc5@1.0.5", "time": 0.41 }, + { "prover": "cvc5@1.0.5", "time": 0.414 }, + { "prover": "cvc4@1.8", "time": 0.14 }, + { "prover": "alt-ergo@2.6.0", "time": 0.207 }, + { "prover": "cvc5@1.0.5", "time": 0.263 }, + { "prover": "cvc4@1.8", "time": 0.243 }, + { "prover": "z3@4.12.4", "time": 0.043 }, + { "prover": "z3@4.12.4", "time": 0.047 }, + { "prover": "cvc5@1.0.5", "time": 0.167 }, + { "prover": "cvc4@1.8", "time": 0.159 }, + { "prover": "cvc4@1.8", "time": 0.177 }, + { "prover": "cvc4@1.8", "time": 0.097 }, + { "prover": "cvc5@1.0.5", "time": 0.139 }, + { "prover": "z3@4.12.4", "time": 0.041 }, + { "prover": "z3@4.12.4", "time": 0.05 }, { "prover": "z3@4.12.4", "time": 0.047 }, - { "prover": "cvc5@1.0.5", "time": 0.207 }, - { "prover": "cvc5@1.0.5", "time": 0.219 }, - { "prover": "cvc5@1.0.5", "time": 0.226 } + { "prover": "z3@4.12.4", "time": 0.048 }, + { "prover": "cvc4@1.8", "time": 0.175 }, + { "prover": "z3@4.12.4", "time": 0.048 }, + { "prover": "alt-ergo@2.6.0", "time": 0.222 }, + { "prover": "cvc5@1.0.5", "time": 0.189 }, + { "prover": "z3@4.12.4", "time": 0.048 }, + { "prover": "z3@4.12.4", "time": 0.047 }, + { "prover": "z3@4.12.4", "time": 0.049 }, + { "prover": "cvc5@1.0.5", "time": 0.193 } ] } ] } ] }, - { "prover": "cvc5@1.0.5", "time": 0.237 }, - { "prover": "cvc5@1.0.5", "time": 0.24 }, - { "prover": "z3@4.12.4", "time": 0.024 }, - { "prover": "cvc5@1.0.5", "time": 0.261 }, - { "prover": "cvc5@1.0.5", "time": 0.272 }, - { "prover": "cvc5@1.0.5", "time": 0.251 }, - { "prover": "cvc5@1.0.5", "time": 0.043 }, + { "prover": "cvc5@1.0.5", "time": 0.16 }, + { "prover": "cvc5@1.0.5", "time": 0.029 }, + { "prover": "cvc5@1.0.5", "time": 0.184 }, + { + "tactic": "split_vc", + "children": [ + { + "tactic": "compute_in_goal", + "children": [ { "prover": "cvc5@1.0.5", "time": 0.195 } ] + }, + { "prover": "cvc4@1.8", "time": 0.131 } + ] + }, + { "prover": "cvc5@1.0.5", "time": 0.195 }, { "prover": "cvc5@1.0.5", "time": 0.043 }, - { "prover": "cvc5@1.0.5", "time": 0.128 }, - { "prover": "cvc5@1.0.5", "time": 0.135 }, - { "prover": "cvc5@1.0.5", "time": 0.134 }, - { "prover": "cvc5@1.0.5", "time": 0.066 }, - { "prover": "cvc5@1.0.5", "time": 0.044 }, - { "prover": "cvc5@1.0.5", "time": 0.139 }, - { "prover": "cvc5@1.0.5", "time": 0.123 }, - { "prover": "cvc5@1.0.5", "time": 0.121 }, - { "prover": "cvc5@1.0.5", "time": 0.127 }, - { "prover": "cvc5@1.0.5", "time": 0.123 }, - { "prover": "cvc5@1.0.5", "time": 0.157 }, - { "prover": "cvc5@1.0.5", "time": 0.038 }, - { "prover": "cvc5@1.0.5", "time": 0.232 }, - { "prover": "cvc5@1.0.5", "time": 0.159 }, - { "prover": "cvc5@1.0.5", "time": 0.171 }, - { "prover": "cvc5@1.0.5", "time": 0.046 }, + { "prover": "cvc5@1.0.5", "time": 0.029 }, + { "prover": "cvc5@1.0.5", "time": 0.035 }, + { "prover": "cvc4@1.8", "time": 0.102 }, + { "prover": "z3@4.12.4", "time": 0.055 }, + { "prover": "cvc5@1.0.5", "time": 0.032 }, { "tactic": "split_vc", "children": [ { "tactic": "compute_in_goal", - "children": [ - { - "tactic": "split_vc", - "children": [ - { "prover": "cvc5@1.0.5", "time": 0.191 }, - { "prover": "cvc5@1.0.5", "time": 0.374 }, - { "prover": "cvc5@1.0.5", "time": 0.417 }, - { "prover": "cvc5@1.0.5", "time": 0.255 }, - { "prover": "cvc5@1.0.5", "time": 0.261 }, - { "prover": "cvc5@1.0.5", "time": 0.391 }, - { "prover": "cvc5@1.0.5", "time": 0.432 }, - { "prover": "cvc4@1.8", "time": 0.242 }, - { "prover": "cvc5@1.0.5", "time": 0.809 }, - { "prover": "cvc5@1.0.5", "time": 0.427 }, - { "prover": "cvc5@1.0.5", "time": 0.451 }, - { "prover": "cvc5@1.0.5", "time": 0.478 }, - { "prover": "cvc5@1.0.5", "time": 0.215 }, - { "prover": "cvc5@1.0.5", "time": 0.358 }, - { "prover": "cvc5@1.0.5", "time": 0.358 }, - { "prover": "cvc5@1.0.5", "time": 0.424 }, - { "prover": "cvc5@1.0.5", "time": 0.364 }, - { "prover": "cvc5@1.0.5", "time": 0.395 }, - { "prover": "cvc5@1.0.5", "time": 0.177 }, - { "prover": "cvc5@1.0.5", "time": 0.271 }, - { "prover": "cvc5@1.0.5", "time": 0.261 }, - { "prover": "cvc5@1.0.5", "time": 0.162 }, - { "prover": "cvc5@1.0.5", "time": 0.182 }, - { "prover": "cvc5@1.0.5", "time": 0.26 }, - { "prover": "cvc5@1.0.5", "time": 0.297 }, - { "prover": "cvc4@1.8", "time": 0.256 }, - { "prover": "cvc4@1.8", "time": 0.266 }, - { "prover": "cvc4@1.8", "time": 0.373 }, - { "prover": "cvc4@1.8", "time": 0.344 }, - { "prover": "alt-ergo@2.6.0", "time": 0.205 }, - { "prover": "cvc5@1.0.5", "time": 0.215 }, - { "prover": "cvc5@1.0.5", "time": 0.412 }, - { "prover": "cvc5@1.0.5", "time": 0.417 }, - { "prover": "cvc4@1.8", "time": 0.361 }, - { "prover": "cvc5@1.0.5", "time": 0.224 } - ] - } - ] + "children": [ { "prover": "cvc5@1.0.5", "time": 0.143 } ] } ] }, - { "prover": "cvc5@1.0.5", "time": 0.203 }, - { "prover": "cvc5@1.0.5", "time": 0.042 }, - { "prover": "cvc5@1.0.5", "time": 0.241 }, - { "prover": "cvc5@1.0.5", "time": 0.237 }, - { "prover": "cvc5@1.0.5", "time": 0.251 }, - { "prover": "cvc5@1.0.5", "time": 0.07 }, - { "prover": "cvc5@1.0.5", "time": 0.074 }, - { "prover": "cvc5@1.0.5", "time": 0.043 }, - { "prover": "cvc5@1.0.5", "time": 0.139 }, + { "prover": "cvc5@1.0.5", "time": 0.162 }, + { "prover": "cvc5@1.0.5", "time": 0.156 }, + { "prover": "z3@4.12.4", "time": 0.015 }, + { "prover": "cvc5@1.0.5", "time": 0.073 }, + { "prover": "cvc5@1.0.5", "time": 0.077 }, + { "prover": "cvc5@1.0.5", "time": 0.072 }, + { "prover": "cvc5@1.0.5", "time": 0.055 }, + { "prover": "cvc5@1.0.5", "time": 0.025 }, + { "prover": "cvc5@1.0.5", "time": 0.083 }, + { "prover": "cvc5@1.0.5", "time": 0.082 }, + { "prover": "cvc5@1.0.5", "time": 0.103 }, + { "prover": "cvc5@1.0.5", "time": 0.096 }, + { "prover": "cvc5@1.0.5", "time": 0.091 }, + { "prover": "cvc5@1.0.5", "time": 0.03 }, + { "prover": "cvc5@1.0.5", "time": 0.13 }, + { "prover": "cvc5@1.0.5", "time": 0.098 }, + { "prover": "cvc5@1.0.5", "time": 0.095 }, + { "prover": "cvc5@1.0.5", "time": 0.025 }, { "tactic": "split_vc", "children": [ { "tactic": "compute_in_goal", - "children": [ { "prover": "cvc5@1.0.5", "time": 0.17 } ] + "children": [ + { + "tactic": "split_vc", + "children": [ + { "prover": "cvc5@1.0.5", "time": 0.13 }, + { "prover": "cvc5@1.0.5", "time": 0.164 }, + { "prover": "cvc4@1.8", "time": 0.152 }, + { "prover": "cvc5@1.0.5", "time": 0.173 }, + { "prover": "cvc5@1.0.5", "time": 0.169 }, + { "prover": "cvc5@1.0.5", "time": 0.179 }, + { "prover": "cvc4@1.8", "time": 0.206 }, + { "prover": "cvc4@1.8", "time": 0.217 }, + { "prover": "cvc5@1.0.5", "time": 0.52 }, + { "prover": "cvc5@1.0.5", "time": 0.304 }, + { "prover": "cvc5@1.0.5", "time": 0.353 }, + { "prover": "cvc5@1.0.5", "time": 0.329 }, + { "prover": "cvc5@1.0.5", "time": 0.134 }, + { "prover": "cvc5@1.0.5", "time": 0.218 }, + { "prover": "alt-ergo@2.6.0", "time": 0.104 }, + { "prover": "z3@4.12.4", "time": 0.347 }, + { "prover": "cvc4@1.8", "time": 0.184 }, + { "prover": "z3@4.12.4", "time": 0.046 }, + { "prover": "cvc5@1.0.5", "time": 0.098 }, + { "prover": "z3@4.12.4", "time": 0.043 }, + { "prover": "cvc5@1.0.5", "time": 0.187 }, + { "prover": "cvc5@1.0.5", "time": 0.113 }, + { "prover": "cvc5@1.0.5", "time": 0.105 }, + { "prover": "cvc4@1.8", "time": 0.145 }, + { "prover": "cvc5@1.0.5", "time": 0.193 }, + { "prover": "z3@4.12.4", "time": 0.037 }, + { "prover": "cvc4@1.8", "time": 0.179 }, + { "prover": "z3@4.12.4", "time": 0.057 }, + { "prover": "z3@4.12.4", "time": 0.048 }, + { "prover": "alt-ergo@2.6.0", "time": 0.128 }, + { "prover": "cvc5@1.0.5", "time": 0.128 }, + { "prover": "z3@4.12.4", "time": 0.041 }, + { "prover": "z3@4.12.4", "time": 0.04 }, + { "prover": "cvc4@1.8", "time": 0.151 }, + { "prover": "cvc5@1.0.5", "time": 0.154 } + ] + } + ] } ] }, - { "prover": "cvc5@1.0.5", "time": 0.076 }, - { "prover": "cvc5@1.0.5", "time": 0.075 }, - { "prover": "cvc5@1.0.5", "time": 0.044 }, - { "prover": "cvc5@1.0.5", "time": 0.043 }, + { "prover": "cvc5@1.0.5", "time": 0.112 }, + { "prover": "cvc5@1.0.5", "time": 0.038 }, + { "prover": "cvc5@1.0.5", "time": 0.158 }, + { "prover": "cvc5@1.0.5", "time": 0.136 }, { "prover": "cvc5@1.0.5", "time": 0.14 }, - { "prover": "cvc5@1.0.5", "time": 0.194 }, - { "prover": "cvc5@1.0.5", "time": 0.04 }, - { "prover": "cvc5@1.0.5", "time": 0.134 }, + { "prover": "cvc5@1.0.5", "time": 0.05 }, { "prover": "cvc5@1.0.5", "time": 0.043 }, - { "prover": "cvc5@1.0.5", "time": 0.071 }, - { "prover": "cvc5@1.0.5", "time": 0.143 }, - { "prover": "cvc5@1.0.5", "time": 0.141 } + { "prover": "cvc5@1.0.5", "time": 0.03 }, + { "prover": "cvc5@1.0.5", "time": 0.077 }, + { "prover": "cvc5@1.0.5", "time": 0.116 }, + { "prover": "cvc5@1.0.5", "time": 0.05 }, + { "prover": "cvc5@1.0.5", "time": 0.042 }, + { "prover": "cvc5@1.0.5", "time": 0.032 }, + { "prover": "cvc5@1.0.5", "time": 0.03 }, + { "prover": "cvc5@1.0.5", "time": 0.078 }, + { "prover": "cvc5@1.0.5", "time": 0.106 }, + { "prover": "cvc5@1.0.5", "time": 0.028 }, + { "prover": "cvc5@1.0.5", "time": 0.075 }, + { "prover": "cvc5@1.0.5", "time": 0.025 }, + { "prover": "cvc5@1.0.5", "time": 0.05 }, + { "prover": "cvc5@1.0.5", "time": 0.084 }, + { "prover": "cvc5@1.0.5", "time": 0.082 } ] }, "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.028 }, @@ -1121,7 +1119,6 @@ "M_union_find__implementation__qyi1944850640244667852__make": { "vc_addr'0": { "prover": "cvc5@1.0.5", "time": 0.017 }, "vc_borrow_mut'0": { "prover": "cvc5@1.0.5", "time": 0.016 }, - "vc_closure5'0": { "prover": "cvc5@1.0.5", "time": 0.033 }, "vc_deref_mut'0": { "prover": "cvc5@1.0.5", "time": 0.024 }, "vc_disjoint_lemma'0": { "prover": "cvc5@1.0.5", "time": 0.02 }, "vc_get_mut_ghost'0": { "prover": "cvc5@1.0.5", "time": 0.025 }, @@ -1130,34 +1127,32 @@ "vc_make'0": { "tactic": "split_vc", "children": [ - { "prover": "cvc5@1.0.5", "time": 0.056 }, - { "prover": "cvc5@1.0.5", "time": 0.113 }, - { "prover": "cvc5@1.0.5", "time": 0.091 }, - { "prover": "cvc5@1.0.5", "time": 0.034 }, - { "prover": "cvc5@1.0.5", "time": 0.054 }, - { "prover": "cvc5@1.0.5", "time": 0.034 }, - { "prover": "cvc5@1.0.5", "time": 0.098 }, - { "prover": "cvc5@1.0.5", "time": 0.09 }, - { "prover": "cvc5@1.0.5", "time": 0.093 }, - { "prover": "cvc5@1.0.5", "time": 0.054 }, - { "prover": "cvc5@1.0.5", "time": 0.052 }, - { "prover": "cvc5@1.0.5", "time": 0.101 }, - { "prover": "cvc5@1.0.5", "time": 0.103 }, { "prover": "cvc5@1.0.5", "time": 0.057 }, - { "prover": "cvc5@1.0.5", "time": 0.062 }, - { "prover": "cvc5@1.0.5", "time": 0.089 }, - { "prover": "cvc5@1.0.5", "time": 0.044 }, - { "prover": "cvc5@1.0.5", "time": 0.048 }, - { "prover": "cvc5@1.0.5", "time": 0.104 }, - { "prover": "cvc5@1.0.5", "time": 0.061 }, - { "prover": "cvc5@1.0.5", "time": 0.096 }, - { "prover": "cvc5@1.0.5", "time": 0.05 }, - { "prover": "cvc5@1.0.5", "time": 0.055 }, - { "prover": "cvc5@1.0.5", "time": 0.038 }, - { "prover": "cvc5@1.0.5", "time": 0.131 }, - { "prover": "cvc5@1.0.5", "time": 0.13 }, + { "prover": "cvc5@1.0.5", "time": 0.092 }, + { "prover": "cvc5@1.0.5", "time": 0.082 }, { "prover": "cvc5@1.0.5", "time": 0.067 }, + { "prover": "cvc5@1.0.5", "time": 0.031 }, + { "prover": "cvc5@1.0.5", "time": 0.073 }, + { "prover": "cvc5@1.0.5", "time": 0.076 }, + { "prover": "cvc5@1.0.5", "time": 0.071 }, + { "prover": "cvc5@1.0.5", "time": 0.044 }, { "prover": "cvc5@1.0.5", "time": 0.039 }, + { "prover": "cvc5@1.0.5", "time": 0.098 }, + { "prover": "cvc5@1.0.5", "time": 0.094 }, + { "prover": "cvc5@1.0.5", "time": 0.044 }, + { "prover": "cvc5@1.0.5", "time": 0.08 }, + { "prover": "cvc5@1.0.5", "time": 0.079 }, + { "prover": "cvc5@1.0.5", "time": 0.044 }, + { "prover": "cvc5@1.0.5", "time": 0.05 }, + { "prover": "cvc5@1.0.5", "time": 0.08 }, + { "prover": "cvc5@1.0.5", "time": 0.046 }, + { "prover": "cvc5@1.0.5", "time": 0.093 }, + { "prover": "cvc5@1.0.5", "time": 0.053 }, + { "prover": "cvc5@1.0.5", "time": 0.041 }, + { "prover": "cvc5@1.0.5", "time": 0.033 }, + { "prover": "cvc5@1.0.5", "time": 0.107 }, + { "prover": "cvc5@1.0.5", "time": 0.031 }, + { "prover": "cvc5@1.0.5", "time": 0.083 }, { "tactic": "split_vc", "children": [ @@ -1167,41 +1162,40 @@ { "tactic": "split_vc", "children": [ - { "prover": "cvc5@1.0.5", "time": 0.249 }, - { "prover": "cvc5@1.0.5", "time": 0.237 }, - { "prover": "cvc5@1.0.5", "time": 0.329 }, - { "prover": "cvc5@1.0.5", "time": 0.25 }, - { "prover": "cvc5@1.0.5", "time": 0.159 }, - { "prover": "cvc5@1.0.5", "time": 0.255 }, - { "prover": "cvc5@1.0.5", "time": 0.397 }, - { "prover": "cvc4@1.8", "time": 0.232 }, - { "prover": "cvc5@1.0.5", "time": 0.471 }, - { "prover": "cvc5@1.0.5", "time": 0.397 }, - { "prover": "cvc5@1.0.5", "time": 0.412 }, - { "prover": "cvc5@1.0.5", "time": 0.338 }, - { "prover": "cvc5@1.0.5", "time": 0.153 }, - { "prover": "cvc5@1.0.5", "time": 0.341 }, - { "prover": "cvc5@1.0.5", "time": 0.412 }, - { "prover": "cvc5@1.0.5", "time": 0.326 }, - { "prover": "cvc5@1.0.5", "time": 0.217 }, - { "prover": "cvc5@1.0.5", "time": 0.21 }, - { "prover": "cvc5@1.0.5", "time": 0.144 }, - { "prover": "cvc5@1.0.5", "time": 0.202 }, - { "prover": "cvc5@1.0.5", "time": 0.274 }, - { "prover": "cvc5@1.0.5", "time": 0.175 }, - { "prover": "cvc5@1.0.5", "time": 0.149 }, - { "prover": "cvc5@1.0.5", "time": 0.206 }, - { "prover": "cvc5@1.0.5", "time": 0.336 }, - { "prover": "cvc5@1.0.5", "time": 0.337 }, - { "prover": "cvc5@1.0.5", "time": 0.346 }, - { "prover": "cvc5@1.0.5", "time": 0.322 }, - { "prover": "cvc5@1.0.5", "time": 0.307 }, - { "prover": "cvc5@1.0.5", "time": 0.48 }, - { "prover": "cvc5@1.0.5", "time": 0.222 }, - { "prover": "cvc5@1.0.5", "time": 0.393 }, - { "prover": "cvc5@1.0.5", "time": 0.274 }, - { "prover": "cvc5@1.0.5", "time": 0.449 }, - { "prover": "cvc5@1.0.5", "time": 0.222 } + { "prover": "cvc5@1.0.5", "time": 0.166 }, + { "prover": "cvc5@1.0.5", "time": 0.167 }, + { "prover": "cvc4@1.8", "time": 0.152 }, + { "prover": "cvc5@1.0.5", "time": 0.168 }, + { "prover": "cvc5@1.0.5", "time": 0.111 }, + { "prover": "cvc5@1.0.5", "time": 0.181 }, + { "prover": "cvc4@1.8", "time": 0.147 }, + { "prover": "cvc4@1.8", "time": 0.175 }, + { "prover": "cvc4@1.8", "time": 0.178 }, + { "prover": "cvc4@1.8", "time": 0.167 }, + { "prover": "cvc4@1.8", "time": 0.154 }, + { "prover": "cvc5@1.0.5", "time": 0.351 }, + { "prover": "cvc5@1.0.5", "time": 0.139 }, + { "prover": "z3@4.12.4", "time": 0.054 }, + { "prover": "z3@4.12.4", "time": 0.071 }, + { "prover": "cvc5@1.0.5", "time": 0.286 }, + { "prover": "cvc5@1.0.5", "time": 0.054 }, + { "prover": "cvc5@1.0.5", "time": 0.119 }, + { "prover": "cvc5@1.0.5", "time": 0.161 }, + { "prover": "cvc4@1.8", "time": 0.187 }, + { "prover": "cvc5@1.0.5", "time": 0.123 }, + { "prover": "cvc5@1.0.5", "time": 0.118 }, + { "prover": "cvc5@1.0.5", "time": 0.156 }, + { "prover": "cvc4@1.8", "time": 0.179 }, + { "prover": "cvc5@1.0.5", "time": 0.19 }, + { "prover": "z3@4.12.4", "time": 0.066 }, + { "prover": "z3@4.12.4", "time": 0.045 }, + { "prover": "z3@4.12.4", "time": 0.043 }, + { "prover": "alt-ergo@2.6.0", "time": 0.108 }, + { "prover": "cvc4@1.8", "time": 0.152 }, + { "prover": "z3@4.12.4", "time": 0.057 }, + { "prover": "z3@4.12.4", "time": 0.05 }, + { "prover": "cvc5@1.0.5", "time": 0.188 }, + { "prover": "cvc4@1.8", "time": 0.169 } ] } ] @@ -1212,63 +1206,62 @@ { "tactic": "split_vc", "children": [ - { "prover": "cvc4@1.8", "time": 0.295 }, - { "prover": "cvc5@1.0.5", "time": 0.375 }, - { "prover": "cvc4@1.8", "time": 0.186 }, - { "prover": "cvc5@1.0.5", "time": 0.308 }, - { "prover": "cvc5@1.0.5", "time": 0.124 }, - { "prover": "cvc5@1.0.5", "time": 0.387 }, - { "prover": "alt-ergo@2.6.0", "time": 0.397 }, - { "prover": "cvc4@1.8", "time": 0.403 }, - { "prover": "cvc4@1.8", "time": 0.376 }, - { "prover": "cvc4@1.8", "time": 0.211 }, - { "prover": "cvc4@1.8", "time": 0.39 }, - { "prover": "cvc5@1.0.5", "time": 0.468 }, - { "prover": "cvc5@1.0.5", "time": 0.172 }, - { "prover": "cvc4@1.8", "time": 0.317 }, - { "prover": "cvc4@1.8", "time": 0.351 }, - { "prover": "cvc4@1.8", "time": 0.374 }, - { "prover": "cvc5@1.0.5", "time": 0.27 }, - { "prover": "cvc5@1.0.5", "time": 0.26 }, + { "prover": "alt-ergo@2.6.0", "time": 0.182 }, + { "prover": "alt-ergo@2.6.0", "time": 0.165 }, + { "prover": "cvc4@1.8", "time": 0.286 }, + { "prover": "cvc5@1.0.5", "time": 0.458 }, + { "prover": "cvc5@1.0.5", "time": 0.156 }, + { "prover": "z3@4.12.4", "time": 0.056 }, + { "prover": "cvc5@1.0.5", "time": 0.508 }, + { "prover": "cvc5@1.0.5", "time": 0.377 }, + { "prover": "cvc4@1.8", "time": 0.418 }, + { "prover": "cvc4@1.8", "time": 0.203 }, + { "prover": "cvc5@1.0.5", "time": 0.43 }, + { "prover": "cvc5@1.0.5", "time": 0.29 }, + { "prover": "cvc5@1.0.5", "time": 0.136 }, + { "prover": "z3@4.12.4", "time": 0.051 }, + { "prover": "z3@4.12.4", "time": 0.075 }, + { "prover": "cvc4@1.8", "time": 0.32 }, + { "prover": "cvc5@1.0.5", "time": 0.06 }, { "prover": "cvc5@1.0.5", "time": 0.16 }, - { "prover": "cvc5@1.0.5", "time": 0.225 }, - { "prover": "cvc5@1.0.5", "time": 0.24 }, - { "prover": "cvc5@1.0.5", "time": 0.162 }, - { "prover": "cvc5@1.0.5", "time": 0.155 }, - { "prover": "cvc5@1.0.5", "time": 0.209 }, - { "prover": "cvc5@1.0.5", "time": 0.346 }, - { "prover": "cvc5@1.0.5", "time": 0.374 }, - { "prover": "cvc5@1.0.5", "time": 0.39 }, - { "prover": "cvc5@1.0.5", "time": 0.491 }, - { "prover": "cvc5@1.0.5", "time": 0.339 }, - { "prover": "cvc5@1.0.5", "time": 0.363 }, - { "prover": "cvc5@1.0.5", "time": 0.204 }, - { "prover": "cvc5@1.0.5", "time": 0.422 }, - { "prover": "cvc4@1.8", "time": 0.22 }, - { "prover": "cvc5@1.0.5", "time": 0.416 }, - { "prover": "cvc5@1.0.5", "time": 0.167 } + { "prover": "cvc5@1.0.5", "time": 0.192 }, + { "prover": "z3@4.12.4", "time": 0.046 }, + { "prover": "cvc5@1.0.5", "time": 0.129 }, + { "prover": "cvc5@1.0.5", "time": 0.19 }, + { "prover": "z3@4.12.4", "time": 0.045 }, + { "prover": "z3@4.12.4", "time": 0.065 }, + { "prover": "z3@4.12.4", "time": 0.045 }, + { "prover": "z3@4.12.4", "time": 0.049 }, + { "prover": "z3@4.12.4", "time": 0.046 }, + { "prover": "z3@4.12.4", "time": 0.06 }, + { "prover": "alt-ergo@2.6.0", "time": 0.159 }, + { "prover": "cvc5@1.0.5", "time": 0.165 }, + { "prover": "z3@4.12.4", "time": 0.04 }, + { "prover": "z3@4.12.4", "time": 0.066 }, + { "prover": "z3@4.12.4", "time": 0.046 }, + { "prover": "cvc5@1.0.5", "time": 0.144 } ] } ] } ] }, - { "prover": "cvc5@1.0.5", "time": 0.278 }, - { "prover": "cvc5@1.0.5", "time": 0.181 }, - { "prover": "cvc5@1.0.5", "time": 0.132 }, + { "prover": "cvc5@1.0.5", "time": 0.198 }, { "tactic": "split_vc", "children": [ { "tactic": "compute_in_goal", - "children": [ { "prover": "cvc5@1.0.5", "time": 0.066 } ] + "children": [ { "prover": "cvc5@1.0.5", "time": 0.125 } ] }, { "tactic": "compute_in_goal", - "children": [ { "prover": "cvc5@1.0.5", "time": 0.076 } ] + "children": [ { "prover": "cvc5@1.0.5", "time": 0.166 } ] } ] - } + }, + { "prover": "cvc5@1.0.5", "time": 0.086 }, + { "prover": "cvc5@1.0.5", "time": 0.101 } ] }, "vc_new'0": { "prover": "cvc5@1.0.5", "time": 0.022 }, @@ -1277,7 +1270,7 @@ }, "M_union_find__implementation__qyi1944850640244667852__new": { "vc_new'0": { "prover": "cvc4@1.8", "time": 0.054 }, - "vc_new'1": { "prover": "cvc5@1.0.5", "time": 0.046 } + "vc_new'1": { "prover": "cvc5@1.0.5", "time": 0.02 } }, "M_union_find__implementation__qyi1944850640244667852__root_of": { "vc_root_of'0": { "prover": "cvc5@1.0.5", "time": 0.04 }